Improve memory safety (#8069)
* Move arena members to the end of serializer calls See https://github.com/apple/foundationdb/tree/main/flow#flatbuffersobjectserializer for why this is necessary. * Fix a heap-use-after-free Previously memory owned by EncryptKeyProxyData::baseCipherDomainIdKeyIdCache was borrowed by a call to EncryptKeyProxyData::insertIntoBaseDomainIdCache where it was invalidated and then used. Now EncryptKeyProxyData::insertIntoBaseDomainIdCache takes shared ownership by taking a Standalone. And also rename some types to end in Ref to follow the flow conventions described here: https://github.com/apple/foundationdb/tree/main/flow#arenas
This commit is contained in:
parent
58abda7d15
commit
475ed4b1dc
|
@ -124,7 +124,7 @@ struct ConfigTransactionCommitRequest {
|
|||
|
||||
template <class Ar>
|
||||
void serialize(Ar& ar) {
|
||||
serializer(ar, arena, generation, mutations, annotation, reply);
|
||||
serializer(ar, generation, mutations, annotation, reply, arena);
|
||||
}
|
||||
};
|
||||
|
||||
|
|
|
@ -144,7 +144,7 @@ struct EKPGetBaseCipherKeysRequestInfo {
|
|||
EncryptCipherBaseKeyId baseCipherId;
|
||||
// Encryption domain name - ancillairy metadata information, an encryption key should be uniquely identified by
|
||||
// {domainId, cipherBaseId} tuple
|
||||
EncryptCipherDomainName domainName;
|
||||
EncryptCipherDomainNameRef domainName;
|
||||
|
||||
EKPGetBaseCipherKeysRequestInfo()
|
||||
: domainId(ENCRYPT_INVALID_DOMAIN_ID), baseCipherId(ENCRYPT_INVALID_CIPHER_KEY_ID) {}
|
||||
|
@ -176,7 +176,7 @@ struct EKPGetBaseCipherKeysByIdsRequest {
|
|||
|
||||
template <class Ar>
|
||||
void serialize(Ar& ar) {
|
||||
serializer(ar, arena, baseCipherInfos, debugId, reply);
|
||||
serializer(ar, baseCipherInfos, debugId, reply, arena);
|
||||
}
|
||||
};
|
||||
|
||||
|
@ -193,7 +193,7 @@ struct EKPGetLatestBaseCipherKeysReply {
|
|||
|
||||
template <class Ar>
|
||||
void serialize(Ar& ar) {
|
||||
serializer(ar, arena, baseCipherDetails, numHits, error);
|
||||
serializer(ar, baseCipherDetails, numHits, error, arena);
|
||||
}
|
||||
};
|
||||
|
||||
|
@ -203,7 +203,7 @@ struct EKPGetLatestCipherKeysRequestInfo {
|
|||
EncryptCipherDomainId domainId;
|
||||
// Encryption domain name - ancillairy metadata information, an encryption key should be uniquely identified by
|
||||
// {domainId, cipherBaseId} tuple
|
||||
EncryptCipherDomainName domainName;
|
||||
EncryptCipherDomainNameRef domainName;
|
||||
|
||||
EKPGetLatestCipherKeysRequestInfo() : domainId(ENCRYPT_INVALID_DOMAIN_ID) {}
|
||||
EKPGetLatestCipherKeysRequestInfo(const EncryptCipherDomainId dId, StringRef name, Arena& arena)
|
||||
|
@ -239,7 +239,7 @@ struct EKPGetLatestBaseCipherKeysRequest {
|
|||
|
||||
template <class Ar>
|
||||
void serialize(Ar& ar) {
|
||||
serializer(ar, arena, encryptDomainInfos, debugId, reply);
|
||||
serializer(ar, encryptDomainInfos, debugId, reply, arena);
|
||||
}
|
||||
};
|
||||
|
||||
|
|
|
@ -88,7 +88,7 @@ Future<EKPGetLatestBaseCipherKeysReply> getUncachedLatestEncryptCipherKeys(Refer
|
|||
ACTOR template <class T>
|
||||
Future<std::unordered_map<EncryptCipherDomainId, Reference<BlobCipherKey>>> getLatestEncryptCipherKeys(
|
||||
Reference<AsyncVar<T> const> db,
|
||||
std::unordered_map<EncryptCipherDomainId, EncryptCipherDomainName> domains) {
|
||||
std::unordered_map<EncryptCipherDomainId, EncryptCipherDomainNameRef> domains) {
|
||||
state Reference<BlobCipherKeyCache> cipherKeyCache = BlobCipherKeyCache::getInstance();
|
||||
state std::unordered_map<EncryptCipherDomainId, Reference<BlobCipherKey>> cipherKeys;
|
||||
state EKPGetLatestBaseCipherKeysRequest request;
|
||||
|
@ -253,8 +253,8 @@ struct TextAndHeaderCipherKeys {
|
|||
ACTOR template <class T>
|
||||
Future<TextAndHeaderCipherKeys> getLatestEncryptCipherKeysForDomain(Reference<AsyncVar<T> const> db,
|
||||
EncryptCipherDomainId domainId,
|
||||
EncryptCipherDomainName domainName) {
|
||||
std::unordered_map<EncryptCipherDomainId, EncryptCipherDomainName> domains;
|
||||
EncryptCipherDomainNameRef domainName) {
|
||||
std::unordered_map<EncryptCipherDomainId, EncryptCipherDomainNameRef> domains;
|
||||
domains[domainId] = domainName;
|
||||
domains[ENCRYPT_HEADER_DOMAIN_ID] = FDB_DEFAULT_ENCRYPT_DOMAIN_NAME;
|
||||
std::unordered_map<EncryptCipherDomainId, Reference<BlobCipherKey>> cipherKeys =
|
||||
|
|
|
@ -357,7 +357,7 @@ ACTOR Future<BlobGranuleCipherKeysCtx> getLatestGranuleCipherKeys(Reference<Blob
|
|||
|
||||
ASSERT(tenantData.isValid());
|
||||
|
||||
std::unordered_map<EncryptCipherDomainId, EncryptCipherDomainName> domains;
|
||||
std::unordered_map<EncryptCipherDomainId, EncryptCipherDomainNameRef> domains;
|
||||
domains.emplace(tenantData->entry.id, StringRef(*arena, tenantData->name));
|
||||
std::unordered_map<EncryptCipherDomainId, Reference<BlobCipherKey>> domainKeyMap =
|
||||
wait(getLatestEncryptCipherKeys(bwData->dbInfo, domains));
|
||||
|
|
|
@ -917,11 +917,11 @@ ACTOR Future<Void> getResolution(CommitBatchContext* self) {
|
|||
// Fetch cipher keys if needed.
|
||||
state Future<std::unordered_map<EncryptCipherDomainId, Reference<BlobCipherKey>>> getCipherKeys;
|
||||
if (pProxyCommitData->isEncryptionEnabled) {
|
||||
static std::unordered_map<EncryptCipherDomainId, EncryptCipherDomainName> defaultDomains = {
|
||||
static std::unordered_map<EncryptCipherDomainId, EncryptCipherDomainNameRef> defaultDomains = {
|
||||
{ SYSTEM_KEYSPACE_ENCRYPT_DOMAIN_ID, FDB_DEFAULT_ENCRYPT_DOMAIN_NAME },
|
||||
{ ENCRYPT_HEADER_DOMAIN_ID, FDB_DEFAULT_ENCRYPT_DOMAIN_NAME }
|
||||
};
|
||||
std::unordered_map<EncryptCipherDomainId, EncryptCipherDomainName> encryptDomains = defaultDomains;
|
||||
std::unordered_map<EncryptCipherDomainId, EncryptCipherDomainNameRef> encryptDomains = defaultDomains;
|
||||
for (int t = 0; t < trs.size(); t++) {
|
||||
TenantInfo const& tenantInfo = trs[t].tenantInfo;
|
||||
int64_t tenantId = tenantInfo.tenantId;
|
||||
|
|
|
@ -141,7 +141,7 @@ CipherKeyValidityTS getCipherKeyValidityTS(Optional<int64_t> refreshInterval, Op
|
|||
|
||||
struct EncryptBaseCipherKey {
|
||||
EncryptCipherDomainId domainId;
|
||||
Standalone<EncryptCipherDomainName> domainName;
|
||||
Standalone<EncryptCipherDomainNameRef> domainName;
|
||||
EncryptCipherBaseKeyId baseCipherId;
|
||||
Standalone<StringRef> baseCipherKey;
|
||||
// Timestamp after which the cached CipherKey is eligible for KMS refresh
|
||||
|
@ -159,13 +159,13 @@ struct EncryptBaseCipherKey {
|
|||
|
||||
EncryptBaseCipherKey() : domainId(0), baseCipherId(0), baseCipherKey(StringRef()), refreshAt(0), expireAt(0) {}
|
||||
explicit EncryptBaseCipherKey(EncryptCipherDomainId dId,
|
||||
EncryptCipherDomainName dName,
|
||||
Standalone<EncryptCipherDomainNameRef> dName,
|
||||
EncryptCipherBaseKeyId cipherId,
|
||||
StringRef cipherKey,
|
||||
Standalone<StringRef> cipherKey,
|
||||
int64_t refAtTS,
|
||||
int64_t expAtTS)
|
||||
: domainId(dId), domainName(Standalone<StringRef>(dName)), baseCipherId(cipherId),
|
||||
baseCipherKey(Standalone<StringRef>(cipherKey)), refreshAt(refAtTS), expireAt(expAtTS) {}
|
||||
: domainId(dId), domainName(dName), baseCipherId(cipherId), baseCipherKey(cipherKey), refreshAt(refAtTS),
|
||||
expireAt(expAtTS) {}
|
||||
|
||||
bool isValid() const {
|
||||
int64_t currTS = (int64_t)now();
|
||||
|
@ -244,9 +244,9 @@ public:
|
|||
}
|
||||
|
||||
void insertIntoBaseDomainIdCache(const EncryptCipherDomainId domainId,
|
||||
EncryptCipherDomainName domainName,
|
||||
Standalone<EncryptCipherDomainNameRef> domainName,
|
||||
const EncryptCipherBaseKeyId baseCipherId,
|
||||
StringRef baseCipherKey,
|
||||
Standalone<StringRef> baseCipherKey,
|
||||
int64_t refreshAtTS,
|
||||
int64_t expireAtTS) {
|
||||
// Entries in domainId cache are eligible for periodic refreshes to support 'limiting lifetime of encryption
|
||||
|
@ -263,9 +263,9 @@ public:
|
|||
}
|
||||
|
||||
void insertIntoBaseCipherIdCache(const EncryptCipherDomainId domainId,
|
||||
EncryptCipherDomainName domainName,
|
||||
Standalone<EncryptCipherDomainNameRef> domainName,
|
||||
const EncryptCipherBaseKeyId baseCipherId,
|
||||
const StringRef baseCipherKey,
|
||||
const Standalone<StringRef> baseCipherKey,
|
||||
int64_t refreshAtTS,
|
||||
int64_t expireAtTS) {
|
||||
// Given an cipherKey is immutable, it is OK to NOT expire cached information.
|
||||
|
|
|
@ -276,7 +276,7 @@ ACTOR Future<Void> discoverKmsUrls(Reference<RESTKmsConnectorCtx> ctx, bool refr
|
|||
void parseKmsResponse(Reference<RESTKmsConnectorCtx> ctx,
|
||||
Reference<HTTP::Response> resp,
|
||||
Arena* arena,
|
||||
VectorRef<EncryptCipherKeyDetails>* outCipherKeyDetails) {
|
||||
VectorRef<EncryptCipherKeyDetailsRef>* outCipherKeyDetails) {
|
||||
// Acceptable response payload json format:
|
||||
//
|
||||
// response_json_payload {
|
||||
|
@ -542,7 +542,7 @@ ACTOR
|
|||
Future<Void> fetchEncryptionKeys_impl(Reference<RESTKmsConnectorCtx> ctx,
|
||||
StringRef requestBodyRef,
|
||||
Arena* arena,
|
||||
VectorRef<EncryptCipherKeyDetails>* outCipherKeyDetails) {
|
||||
VectorRef<EncryptCipherKeyDetailsRef>* outCipherKeyDetails) {
|
||||
state Reference<HTTP::Response> resp;
|
||||
|
||||
// Follow 2-phase scheme:
|
||||
|
@ -1096,15 +1096,15 @@ void validateKmsUrls(Reference<RESTKmsConnectorCtx> ctx) {
|
|||
ASSERT_EQ(urlCtx->url.compare(KMS_URL_NAME_TEST), 0);
|
||||
}
|
||||
|
||||
void testGetEncryptKeysByKeyIdsRequestBody(Reference<RESTKmsConnectorCtx> ctx, Arena arena) {
|
||||
void testGetEncryptKeysByKeyIdsRequestBody(Reference<RESTKmsConnectorCtx> ctx, Arena& arena) {
|
||||
KmsConnLookupEKsByKeyIdsReq req;
|
||||
std::unordered_map<EncryptCipherBaseKeyId, EncryptCipherDomainId> keyMap;
|
||||
const int nKeys = deterministicRandom()->randomInt(7, 8);
|
||||
for (int i = 1; i < nKeys; i++) {
|
||||
EncryptCipherDomainId domainId = getRandomDomainId();
|
||||
EncryptCipherDomainName domainName = domainId < 0
|
||||
? StringRef(arena, std::string(FDB_DEFAULT_ENCRYPT_DOMAIN_NAME))
|
||||
: StringRef(arena, std::to_string(domainId));
|
||||
EncryptCipherDomainNameRef domainName = domainId < 0
|
||||
? StringRef(arena, std::string(FDB_DEFAULT_ENCRYPT_DOMAIN_NAME))
|
||||
: StringRef(arena, std::to_string(domainId));
|
||||
req.encryptKeyInfos.emplace_back_deep(req.arena, domainId, i, domainName);
|
||||
keyMap[i] = domainId;
|
||||
}
|
||||
|
@ -1121,7 +1121,7 @@ void testGetEncryptKeysByKeyIdsRequestBody(Reference<RESTKmsConnectorCtx> ctx, A
|
|||
getFakeKmsResponse(requestBodyRef, true, httpResp);
|
||||
TraceEvent("FetchKeysByKeyIds", ctx->uid).setMaxFieldLength(100000).detail("HttpRespStr", httpResp->content);
|
||||
|
||||
VectorRef<EncryptCipherKeyDetails> cipherDetails;
|
||||
VectorRef<EncryptCipherKeyDetailsRef> cipherDetails;
|
||||
parseKmsResponse(ctx, httpResp, &arena, &cipherDetails);
|
||||
ASSERT_EQ(cipherDetails.size(), keyMap.size());
|
||||
for (const auto& detail : cipherDetails) {
|
||||
|
@ -1135,16 +1135,16 @@ void testGetEncryptKeysByKeyIdsRequestBody(Reference<RESTKmsConnectorCtx> ctx, A
|
|||
}
|
||||
}
|
||||
|
||||
void testGetEncryptKeysByDomainIdsRequestBody(Reference<RESTKmsConnectorCtx> ctx, Arena arena) {
|
||||
void testGetEncryptKeysByDomainIdsRequestBody(Reference<RESTKmsConnectorCtx> ctx, Arena& arena) {
|
||||
KmsConnLookupEKsByDomainIdsReq req;
|
||||
std::unordered_map<EncryptCipherDomainId, KmsConnLookupDomainIdsReqInfo> domainInfoMap;
|
||||
std::unordered_map<EncryptCipherDomainId, KmsConnLookupDomainIdsReqInfoRef> domainInfoMap;
|
||||
const int nKeys = deterministicRandom()->randomInt(7, 25);
|
||||
for (int i = 1; i < nKeys; i++) {
|
||||
EncryptCipherDomainId domainId = getRandomDomainId();
|
||||
EncryptCipherDomainName domainName = domainId < 0
|
||||
? StringRef(arena, std::string(FDB_DEFAULT_ENCRYPT_DOMAIN_NAME))
|
||||
: StringRef(arena, std::to_string(domainId));
|
||||
KmsConnLookupDomainIdsReqInfo reqInfo(req.arena, domainId, domainName);
|
||||
EncryptCipherDomainNameRef domainName = domainId < 0
|
||||
? StringRef(arena, std::string(FDB_DEFAULT_ENCRYPT_DOMAIN_NAME))
|
||||
: StringRef(arena, std::to_string(domainId));
|
||||
KmsConnLookupDomainIdsReqInfoRef reqInfo(req.arena, domainId, domainName);
|
||||
if (domainInfoMap.insert({ domainId, reqInfo }).second) {
|
||||
req.encryptDomainInfos.push_back(req.arena, reqInfo);
|
||||
}
|
||||
|
@ -1159,7 +1159,7 @@ void testGetEncryptKeysByDomainIdsRequestBody(Reference<RESTKmsConnectorCtx> ctx
|
|||
getFakeKmsResponse(jsonReqRef, false, httpResp);
|
||||
TraceEvent("FetchKeysByDomainIds", ctx->uid).detail("HttpRespStr", httpResp->content);
|
||||
|
||||
VectorRef<EncryptCipherKeyDetails> cipherDetails;
|
||||
VectorRef<EncryptCipherKeyDetailsRef> cipherDetails;
|
||||
parseKmsResponse(ctx, httpResp, &arena, &cipherDetails);
|
||||
ASSERT_EQ(domainInfoMap.size(), cipherDetails.size());
|
||||
for (const auto& detail : cipherDetails) {
|
||||
|
@ -1174,7 +1174,7 @@ void testGetEncryptKeysByDomainIdsRequestBody(Reference<RESTKmsConnectorCtx> ctx
|
|||
|
||||
void testMissingCipherDetailsTag(Reference<RESTKmsConnectorCtx> ctx) {
|
||||
Arena arena;
|
||||
VectorRef<EncryptCipherKeyDetails> cipherDetails;
|
||||
VectorRef<EncryptCipherKeyDetailsRef> cipherDetails;
|
||||
|
||||
rapidjson::Document doc;
|
||||
doc.SetObject();
|
||||
|
@ -1201,7 +1201,7 @@ void testMissingCipherDetailsTag(Reference<RESTKmsConnectorCtx> ctx) {
|
|||
|
||||
void testMalformedCipherDetails(Reference<RESTKmsConnectorCtx> ctx) {
|
||||
Arena arena;
|
||||
VectorRef<EncryptCipherKeyDetails> cipherDetails;
|
||||
VectorRef<EncryptCipherKeyDetailsRef> cipherDetails;
|
||||
|
||||
rapidjson::Document doc;
|
||||
doc.SetObject();
|
||||
|
@ -1228,7 +1228,7 @@ void testMalformedCipherDetails(Reference<RESTKmsConnectorCtx> ctx) {
|
|||
|
||||
void testMalfromedCipherDetailObj(Reference<RESTKmsConnectorCtx> ctx) {
|
||||
Arena arena;
|
||||
VectorRef<EncryptCipherKeyDetails> cipherDetails;
|
||||
VectorRef<EncryptCipherKeyDetailsRef> cipherDetails;
|
||||
|
||||
rapidjson::Document doc;
|
||||
doc.SetObject();
|
||||
|
@ -1260,7 +1260,7 @@ void testMalfromedCipherDetailObj(Reference<RESTKmsConnectorCtx> ctx) {
|
|||
|
||||
void testKMSErrorResponse(Reference<RESTKmsConnectorCtx> ctx) {
|
||||
Arena arena;
|
||||
VectorRef<EncryptCipherKeyDetails> cipherDetails;
|
||||
VectorRef<EncryptCipherKeyDetailsRef> cipherDetails;
|
||||
|
||||
rapidjson::Document doc;
|
||||
doc.SetObject();
|
||||
|
|
|
@ -295,7 +295,7 @@ ACTOR Future<Void> testRunWorkload(KmsConnectorInterface inf, uint32_t nEncrypti
|
|||
for (i = 0; i < maxDomainIds; i++) {
|
||||
// domainIdsReq.encryptDomainIds.push_back(i);
|
||||
EncryptCipherDomainId domainId = i;
|
||||
EncryptCipherDomainName domainName = StringRef(domainIdsReq.arena, std::to_string(domainId));
|
||||
EncryptCipherDomainNameRef domainName = StringRef(domainIdsReq.arena, std::to_string(domainId));
|
||||
domainIdsReq.encryptDomainInfos.emplace_back(domainIdsReq.arena, i, domainName);
|
||||
}
|
||||
KmsConnLookupEKsByDomainIdsRep domainIdsRep = wait(inf.ekLookupByDomainIds.getReply(domainIdsReq));
|
||||
|
|
|
@ -216,7 +216,7 @@ public:
|
|||
Future<EncryptionKey> getSecrets(const EncryptionKeyRef& key) override { return getSecrets(this, key); }
|
||||
|
||||
ACTOR static Future<EncryptionKey> getByRange(TenantAwareEncryptionKeyProvider* self, KeyRef begin, KeyRef end) {
|
||||
EncryptCipherDomainName domainName;
|
||||
EncryptCipherDomainNameRef domainName;
|
||||
EncryptCipherDomainId domainId = self->getEncryptionDomainId(begin, end, &domainName);
|
||||
TextAndHeaderCipherKeys cipherKeys = wait(getLatestEncryptCipherKeysForDomain(self->db, domainId, domainName));
|
||||
EncryptionKey s;
|
||||
|
@ -236,7 +236,7 @@ public:
|
|||
private:
|
||||
EncryptCipherDomainId getEncryptionDomainId(const KeyRef& begin,
|
||||
const KeyRef& end,
|
||||
EncryptCipherDomainName* domainName) {
|
||||
EncryptCipherDomainNameRef* domainName) {
|
||||
int64_t domainId = SYSTEM_KEYSPACE_ENCRYPT_DOMAIN_ID;
|
||||
int64_t beginTenantId = getTenant(begin, true /*inclusive*/);
|
||||
int64_t endTenantId = getTenant(end, false /*inclusive*/);
|
||||
|
|
|
@ -67,7 +67,7 @@ struct KmsConnectorInterface {
|
|||
}
|
||||
};
|
||||
|
||||
struct EncryptCipherKeyDetails {
|
||||
struct EncryptCipherKeyDetailsRef {
|
||||
constexpr static FileIdentifier file_identifier = 1227025;
|
||||
EncryptCipherDomainId encryptDomainId;
|
||||
EncryptCipherBaseKeyId encryptKeyId;
|
||||
|
@ -75,33 +75,33 @@ struct EncryptCipherKeyDetails {
|
|||
Optional<int64_t> refreshAfterSec;
|
||||
Optional<int64_t> expireAfterSec;
|
||||
|
||||
EncryptCipherKeyDetails() {}
|
||||
explicit EncryptCipherKeyDetails(Arena& arena,
|
||||
EncryptCipherDomainId dId,
|
||||
EncryptCipherBaseKeyId keyId,
|
||||
StringRef key)
|
||||
EncryptCipherKeyDetailsRef() {}
|
||||
explicit EncryptCipherKeyDetailsRef(Arena& arena,
|
||||
EncryptCipherDomainId dId,
|
||||
EncryptCipherBaseKeyId keyId,
|
||||
StringRef key)
|
||||
: encryptDomainId(dId), encryptKeyId(keyId), encryptKey(StringRef(arena, key)),
|
||||
refreshAfterSec(Optional<int64_t>()), expireAfterSec(Optional<int64_t>()) {}
|
||||
explicit EncryptCipherKeyDetails(EncryptCipherDomainId dId, EncryptCipherBaseKeyId keyId, StringRef key)
|
||||
explicit EncryptCipherKeyDetailsRef(EncryptCipherDomainId dId, EncryptCipherBaseKeyId keyId, StringRef key)
|
||||
: encryptDomainId(dId), encryptKeyId(keyId), encryptKey(key), refreshAfterSec(Optional<int64_t>()),
|
||||
expireAfterSec(Optional<int64_t>()) {}
|
||||
explicit EncryptCipherKeyDetails(Arena& arena,
|
||||
EncryptCipherDomainId dId,
|
||||
EncryptCipherBaseKeyId keyId,
|
||||
StringRef key,
|
||||
Optional<int64_t> refAfterSec,
|
||||
Optional<int64_t> expAfterSec)
|
||||
explicit EncryptCipherKeyDetailsRef(Arena& arena,
|
||||
EncryptCipherDomainId dId,
|
||||
EncryptCipherBaseKeyId keyId,
|
||||
StringRef key,
|
||||
Optional<int64_t> refAfterSec,
|
||||
Optional<int64_t> expAfterSec)
|
||||
: encryptDomainId(dId), encryptKeyId(keyId), encryptKey(StringRef(arena, key)), refreshAfterSec(refAfterSec),
|
||||
expireAfterSec(expAfterSec) {}
|
||||
explicit EncryptCipherKeyDetails(EncryptCipherDomainId dId,
|
||||
EncryptCipherBaseKeyId keyId,
|
||||
StringRef key,
|
||||
Optional<int64_t> refAfterSec,
|
||||
Optional<int64_t> expAfterSec)
|
||||
explicit EncryptCipherKeyDetailsRef(EncryptCipherDomainId dId,
|
||||
EncryptCipherBaseKeyId keyId,
|
||||
StringRef key,
|
||||
Optional<int64_t> refAfterSec,
|
||||
Optional<int64_t> expAfterSec)
|
||||
: encryptDomainId(dId), encryptKeyId(keyId), encryptKey(key), refreshAfterSec(refAfterSec),
|
||||
expireAfterSec(expAfterSec) {}
|
||||
|
||||
bool operator==(const EncryptCipherKeyDetails& toCompare) {
|
||||
bool operator==(const EncryptCipherKeyDetailsRef& toCompare) {
|
||||
return encryptDomainId == toCompare.encryptDomainId && encryptKeyId == toCompare.encryptKeyId &&
|
||||
encryptKey.compare(toCompare.encryptKey) == 0;
|
||||
}
|
||||
|
@ -115,30 +115,31 @@ struct EncryptCipherKeyDetails {
|
|||
struct KmsConnLookupEKsByKeyIdsRep {
|
||||
constexpr static FileIdentifier file_identifier = 2313778;
|
||||
Arena arena;
|
||||
VectorRef<EncryptCipherKeyDetails> cipherKeyDetails;
|
||||
VectorRef<EncryptCipherKeyDetailsRef> cipherKeyDetails;
|
||||
|
||||
KmsConnLookupEKsByKeyIdsRep() {}
|
||||
|
||||
template <class Ar>
|
||||
void serialize(Ar& ar) {
|
||||
serializer(ar, arena, cipherKeyDetails);
|
||||
serializer(ar, cipherKeyDetails, arena);
|
||||
}
|
||||
};
|
||||
|
||||
struct KmsConnLookupKeyIdsReqInfo {
|
||||
struct KmsConnLookupKeyIdsReqInfoRef {
|
||||
constexpr static FileIdentifier file_identifier = 3092256;
|
||||
EncryptCipherDomainId domainId;
|
||||
EncryptCipherBaseKeyId baseCipherId;
|
||||
EncryptCipherDomainName domainName;
|
||||
EncryptCipherDomainNameRef domainName;
|
||||
|
||||
KmsConnLookupKeyIdsReqInfo() : domainId(ENCRYPT_INVALID_DOMAIN_ID), baseCipherId(ENCRYPT_INVALID_CIPHER_KEY_ID) {}
|
||||
explicit KmsConnLookupKeyIdsReqInfo(Arena& arena,
|
||||
const EncryptCipherDomainId dId,
|
||||
const EncryptCipherBaseKeyId bCId,
|
||||
StringRef name)
|
||||
KmsConnLookupKeyIdsReqInfoRef()
|
||||
: domainId(ENCRYPT_INVALID_DOMAIN_ID), baseCipherId(ENCRYPT_INVALID_CIPHER_KEY_ID) {}
|
||||
explicit KmsConnLookupKeyIdsReqInfoRef(Arena& arena,
|
||||
const EncryptCipherDomainId dId,
|
||||
const EncryptCipherBaseKeyId bCId,
|
||||
StringRef name)
|
||||
: domainId(dId), baseCipherId(bCId), domainName(StringRef(arena, name)) {}
|
||||
|
||||
bool operator==(const KmsConnLookupKeyIdsReqInfo& info) const {
|
||||
bool operator==(const KmsConnLookupKeyIdsReqInfoRef& info) const {
|
||||
return domainId == info.domainId && baseCipherId == info.baseCipherId &&
|
||||
(domainName.compare(info.domainName) == 0);
|
||||
}
|
||||
|
@ -152,45 +153,45 @@ struct KmsConnLookupKeyIdsReqInfo {
|
|||
struct KmsConnLookupEKsByKeyIdsReq {
|
||||
constexpr static FileIdentifier file_identifier = 6913396;
|
||||
Arena arena;
|
||||
VectorRef<KmsConnLookupKeyIdsReqInfo> encryptKeyInfos;
|
||||
VectorRef<KmsConnLookupKeyIdsReqInfoRef> encryptKeyInfos;
|
||||
Optional<UID> debugId;
|
||||
ReplyPromise<KmsConnLookupEKsByKeyIdsRep> reply;
|
||||
|
||||
KmsConnLookupEKsByKeyIdsReq() {}
|
||||
explicit KmsConnLookupEKsByKeyIdsReq(VectorRef<KmsConnLookupKeyIdsReqInfo> keyInfos, Optional<UID> dbgId)
|
||||
explicit KmsConnLookupEKsByKeyIdsReq(VectorRef<KmsConnLookupKeyIdsReqInfoRef> keyInfos, Optional<UID> dbgId)
|
||||
: encryptKeyInfos(keyInfos), debugId(dbgId) {}
|
||||
|
||||
template <class Ar>
|
||||
void serialize(Ar& ar) {
|
||||
serializer(ar, arena, encryptKeyInfos, debugId, reply);
|
||||
serializer(ar, encryptKeyInfos, debugId, reply, arena);
|
||||
}
|
||||
};
|
||||
|
||||
struct KmsConnLookupEKsByDomainIdsRep {
|
||||
constexpr static FileIdentifier file_identifier = 3009025;
|
||||
Arena arena;
|
||||
VectorRef<EncryptCipherKeyDetails> cipherKeyDetails;
|
||||
VectorRef<EncryptCipherKeyDetailsRef> cipherKeyDetails;
|
||||
|
||||
KmsConnLookupEKsByDomainIdsRep() {}
|
||||
|
||||
template <class Ar>
|
||||
void serialize(Ar& ar) {
|
||||
serializer(ar, arena, cipherKeyDetails);
|
||||
serializer(ar, cipherKeyDetails, arena);
|
||||
}
|
||||
};
|
||||
|
||||
struct KmsConnLookupDomainIdsReqInfo {
|
||||
struct KmsConnLookupDomainIdsReqInfoRef {
|
||||
constexpr static FileIdentifier file_identifier = 8980149;
|
||||
EncryptCipherDomainId domainId;
|
||||
EncryptCipherDomainName domainName;
|
||||
EncryptCipherDomainNameRef domainName;
|
||||
|
||||
KmsConnLookupDomainIdsReqInfo() : domainId(ENCRYPT_INVALID_DOMAIN_ID) {}
|
||||
explicit KmsConnLookupDomainIdsReqInfo(Arena& arena, const EncryptCipherDomainId dId, StringRef name)
|
||||
KmsConnLookupDomainIdsReqInfoRef() : domainId(ENCRYPT_INVALID_DOMAIN_ID) {}
|
||||
explicit KmsConnLookupDomainIdsReqInfoRef(Arena& arena, const EncryptCipherDomainId dId, StringRef name)
|
||||
: domainId(dId), domainName(StringRef(arena, name)) {}
|
||||
explicit KmsConnLookupDomainIdsReqInfo(const EncryptCipherDomainId dId, StringRef name)
|
||||
explicit KmsConnLookupDomainIdsReqInfoRef(const EncryptCipherDomainId dId, StringRef name)
|
||||
: domainId(dId), domainName(name) {}
|
||||
|
||||
bool operator==(const KmsConnLookupDomainIdsReqInfo& info) const {
|
||||
bool operator==(const KmsConnLookupDomainIdsReqInfoRef& info) const {
|
||||
return domainId == info.domainId && (domainName.compare(info.domainName) == 0);
|
||||
}
|
||||
|
||||
|
@ -203,17 +204,17 @@ struct KmsConnLookupDomainIdsReqInfo {
|
|||
struct KmsConnLookupEKsByDomainIdsReq {
|
||||
constexpr static FileIdentifier file_identifier = 9918682;
|
||||
Arena arena;
|
||||
VectorRef<KmsConnLookupDomainIdsReqInfo> encryptDomainInfos;
|
||||
VectorRef<KmsConnLookupDomainIdsReqInfoRef> encryptDomainInfos;
|
||||
Optional<UID> debugId;
|
||||
ReplyPromise<KmsConnLookupEKsByDomainIdsRep> reply;
|
||||
|
||||
KmsConnLookupEKsByDomainIdsReq() {}
|
||||
explicit KmsConnLookupEKsByDomainIdsReq(VectorRef<KmsConnLookupDomainIdsReqInfo>& infos, Optional<UID> dbgId)
|
||||
explicit KmsConnLookupEKsByDomainIdsReq(VectorRef<KmsConnLookupDomainIdsReqInfoRef>& infos, Optional<UID> dbgId)
|
||||
: encryptDomainInfos(infos), debugId(dbgId) {}
|
||||
|
||||
template <class Ar>
|
||||
void serialize(Ar& ar) {
|
||||
serializer(ar, arena, encryptDomainInfos, debugId, reply);
|
||||
serializer(ar, encryptDomainInfos, debugId, reply, arena);
|
||||
}
|
||||
};
|
||||
|
||||
|
|
|
@ -98,7 +98,7 @@ struct SimGetEncryptKeysByKeyIdsReply {
|
|||
|
||||
template <class Ar>
|
||||
void serialize(Ar& ar) {
|
||||
serializer(ar, arena, encryptKeyDetails);
|
||||
serializer(ar, encryptKeyDetails, arena);
|
||||
}
|
||||
};
|
||||
|
||||
|
@ -127,7 +127,7 @@ struct SimGetEncryptKeyByDomainIdReply {
|
|||
|
||||
template <class Ar>
|
||||
void serialize(Ar& ar) {
|
||||
serializer(ar, arena, encryptKeyDetails);
|
||||
serializer(ar, encryptKeyDetails, arena);
|
||||
}
|
||||
};
|
||||
|
||||
|
|
|
@ -189,7 +189,7 @@ struct TLogPeekReply {
|
|||
|
||||
template <class Ar>
|
||||
void serialize(Ar& ar) {
|
||||
serializer(ar, arena, messages, end, popped, maxKnownVersion, minKnownCommittedVersion, begin, onlySpilled);
|
||||
serializer(ar, messages, end, popped, maxKnownVersion, minKnownCommittedVersion, begin, onlySpilled, arena);
|
||||
}
|
||||
};
|
||||
|
||||
|
|
|
@ -41,7 +41,7 @@
|
|||
const std::string FDB_DEFAULT_ENCRYPT_DOMAIN_NAME = "FdbDefaultEncryptDomain";
|
||||
|
||||
using EncryptCipherDomainId = int64_t;
|
||||
using EncryptCipherDomainName = StringRef;
|
||||
using EncryptCipherDomainNameRef = StringRef;
|
||||
using EncryptCipherBaseKeyId = uint64_t;
|
||||
using EncryptCipherRandomSalt = uint64_t;
|
||||
|
||||
|
|
Loading…
Reference in New Issue