2022-05-08 04:18:35 +08:00
|
|
|
/*
|
2022-05-12 04:23:27 +08:00
|
|
|
* EncryptUtils.cpp
|
2022-05-08 04:18:35 +08:00
|
|
|
*
|
|
|
|
|
* This source file is part of the FoundationDB open source project
|
|
|
|
|
*
|
|
|
|
|
* Copyright 2013-2022 Apple Inc. and the FoundationDB project authors
|
|
|
|
|
*
|
|
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
|
* you may not use this file except in compliance with the License.
|
|
|
|
|
* You may obtain a copy of the License at
|
|
|
|
|
*
|
|
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
*
|
|
|
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
|
* See the License for the specific language governing permissions and
|
|
|
|
|
* limitations under the License.
|
|
|
|
|
*/
|
|
|
|
|
|
2022-05-12 04:23:27 +08:00
|
|
|
#include "flow/EncryptUtils.h"
|
|
|
|
|
#include "flow/Trace.h"
|
2022-05-08 04:18:35 +08:00
|
|
|
|
2022-06-30 05:21:05 +08:00
|
|
|
#include <boost/algorithm/string.hpp>
|
2022-05-12 04:23:27 +08:00
|
|
|
#include <boost/format.hpp>
|
2022-05-08 04:18:35 +08:00
|
|
|
|
2022-05-12 04:23:27 +08:00
|
|
|
std::string getEncryptDbgTraceKey(std::string_view prefix,
|
|
|
|
|
EncryptCipherDomainId domainId,
|
2022-06-03 02:55:50 +08:00
|
|
|
StringRef domainName,
|
2022-05-12 04:23:27 +08:00
|
|
|
Optional<EncryptCipherBaseKeyId> baseCipherId) {
|
|
|
|
|
// Construct the TraceEvent field key ensuring its uniqueness and compliance to TraceEvent field validator and log
|
|
|
|
|
// parsing tools
|
2022-06-30 05:21:05 +08:00
|
|
|
std::string dName = domainName.toString();
|
|
|
|
|
// Underscores are invalid in trace event detail name.
|
|
|
|
|
boost::replace_all(dName, "_", "-");
|
2022-05-12 04:23:27 +08:00
|
|
|
if (baseCipherId.present()) {
|
2022-06-03 02:55:50 +08:00
|
|
|
boost::format fmter("%s.%lld.%s.%llu");
|
2022-06-30 05:21:05 +08:00
|
|
|
return boost::str(boost::format(fmter % prefix % domainId % dName % baseCipherId.get()));
|
2022-05-12 04:23:27 +08:00
|
|
|
} else {
|
2022-06-03 02:55:50 +08:00
|
|
|
boost::format fmter("%s.%lld.%s");
|
2022-06-30 05:21:05 +08:00
|
|
|
return boost::str(boost::format(fmter % prefix % domainId % dName));
|
2022-05-12 04:23:27 +08:00
|
|
|
}
|
2022-06-03 02:55:50 +08:00
|
|
|
}
|
KmsConnector implementation to support KMS driven CipherKey TTL (#7334)
* KmsConnector implementation to support KMS driven CipherKey TTL
Description
KMS CipherKeys can be of two types:
1. Revocable CipherKeys: having a finite lifetime, after which the CipherKey
shouldn't be used by the FDB.
2. Non-revocable CipherKeys: ciphers are not revocable, however, FDB would
still want to refresh ciphers to support KMS cipher rotation feature.
Patch proposes following change to incorporate support for above defined cipher-key
types:
1. Extend KmsConnector response to include optional 'refreshAfter' & 'expireAfter'
time intervals. EncryptKeyProxy (EKP) cache would define corresponding absolute refresh &
expiry timestamp for a given cipherKey. On an event of transient KMS connectivity outage,
a caller of EKP API for a non-revocable key should continue using cached cipherKey until
it expires.
2. Simplify KmsConnector API arena handling by using VectorRef to represent component
structs and manage associated memory allocation/lifetime.
Testing
1. EncryptKeyProxyTest
2. RESTKmsConnectorTest
3. SimKmsConnectorTest
* KmsConnector implementation to support KMS driven CipherKey TTL
Description
diff-1: Set expireTS for baseCipherId indexed cache
KMS CipherKeys can be of two types:
1. Revocable CipherKeys: having a finite lifetime, after which the CipherKey
shouldn't be used by the FDB.
2. Non-revocable CipherKeys: ciphers are not revocable, however, FDB would
still want to refresh ciphers to support KMS cipher rotation feature.
Patch proposes following change to incorporate support for above defined cipher-key
types:
1. Extend KmsConnector response to include optional 'refreshAfter' & 'expireAfter'
time intervals. EncryptKeyProxy (EKP) cache would define corresponding absolute refresh &
expiry timestamp for a given cipherKey. On an event of transient KMS connectivity outage,
a caller of EKP API for a non-revocable key should continue using cached cipherKey until
it expires.
2. Simplify KmsConnector API arena handling by using VectorRef to represent component
structs and manage associated memory allocation/lifetime.
Testing
1. EncryptKeyProxyTest
2. RESTKmsConnectorTest
3. SimKmsConnectorTest
* KmsConnector implementation to support KMS driven CipherKey TTL
Description
diff-2: Fix Valgrind issues discovered runnign tests
diff-1: Set expireTS for baseCipherId indexed cache
KMS CipherKeys can be of two types:
1. Revocable CipherKeys: having a finite lifetime, after which the CipherKey
shouldn't be used by the FDB.
2. Non-revocable CipherKeys: ciphers are not revocable, however, FDB would
still want to refresh ciphers to support KMS cipher rotation feature.
Patch proposes following change to incorporate support for above defined cipher-key
types:
1. Extend KmsConnector response to include optional 'refreshAfter' & 'expireAfter'
time intervals. EncryptKeyProxy (EKP) cache would define corresponding absolute refresh &
expiry timestamp for a given cipherKey. On an event of transient KMS connectivity outage,
a caller of EKP API for a non-revocable key should continue using cached cipherKey until
it expires.
2. Simplify KmsConnector API arena handling by using VectorRef to represent component
structs and manage associated memory allocation/lifetime.
Testing
1. EncryptKeyProxyTest
2. RESTKmsConnectorTest
3. SimKmsConnectorTest
* KmsConnector implementation to support KMS driven CipherKey TTL
Description
diff-3: Address review comment
diff-2: Fix Valgrind issues discovered runnign tests
diff-1: Set expireTS for baseCipherId indexed cache
KMS CipherKeys can be of two types:
1. Revocable CipherKeys: having a finite lifetime, after which the CipherKey
shouldn't be used by the FDB.
2. Non-revocable CipherKeys: ciphers are not revocable, however, FDB would
still want to refresh ciphers to support KMS cipher rotation feature.
Patch proposes following change to incorporate support for above defined cipher-key
types:
1. Extend KmsConnector response to include optional 'refreshAfter' & 'expireAfter'
time intervals. EncryptKeyProxy (EKP) cache would define corresponding absolute refresh &
expiry timestamp for a given cipherKey. On an event of transient KMS connectivity outage,
a caller of EKP API for a non-revocable key should continue using cached cipherKey until
it expires.
2. Simplify KmsConnector API arena handling by using VectorRef to represent component
structs and manage associated memory allocation/lifetime.
Testing
1. EncryptKeyProxyTest
2. RESTKmsConnectorTest
3. SimKmsConnectorTest
2022-06-14 04:25:01 +08:00
|
|
|
|
|
|
|
|
std::string getEncryptDbgTraceKeyWithTS(std::string_view prefix,
|
|
|
|
|
EncryptCipherDomainId domainId,
|
|
|
|
|
StringRef domainName,
|
|
|
|
|
EncryptCipherBaseKeyId baseCipherId,
|
|
|
|
|
int64_t refAfterTS,
|
|
|
|
|
int64_t expAfterTS) {
|
|
|
|
|
// Construct the TraceEvent field key ensuring its uniqueness and compliance to TraceEvent field validator and log
|
|
|
|
|
// parsing tools
|
|
|
|
|
boost::format fmter("%s.%lld.%s.%llu.%lld.%lld");
|
|
|
|
|
return boost::str(
|
|
|
|
|
boost::format(fmter % prefix % domainId % domainName.toString() % baseCipherId % refAfterTS % expAfterTS));
|
|
|
|
|
}
|