wbtiger
/
foundationdb
mirror of https://github.com/apple/foundationdb.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Improve memory safety (#8069) 

* Move arena members to the end of serializer calls

See
https://github.com/apple/foundationdb/tree/main/flow#flatbuffersobjectserializer
for why this is necessary.

* Fix a heap-use-after-free

Previously memory owned by
EncryptKeyProxyData::baseCipherDomainIdKeyIdCache was borrowed by a call
to EncryptKeyProxyData::insertIntoBaseDomainIdCache where it was
invalidated and then used. Now
EncryptKeyProxyData::insertIntoBaseDomainIdCache takes shared ownership
by taking a Standalone.

And also rename some types to end in Ref to follow the flow conventions
described here: https://github.com/apple/foundationdb/tree/main/flow#arenas
This commit is contained in:
Andrew Noyes 2022-09-01 12:47:03 -07:00 committed by GitHub
parent 58abda7d15
commit 475ed4b1dc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
13 changed files with 90 additions and 89 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
fdbclient/include/fdbclient/ConfigTransactionInterface.h
View File

@ -124,7 +124,7 @@ struct ConfigTransactionCommitRequest {
template <class Ar>
void serialize(Ar& ar) {
serializer(ar, arena, generation, mutations, annotation, reply);
serializer(ar, generation, mutations, annotation, reply, arena);
}
};

10
fdbclient/include/fdbclient/EncryptKeyProxyInterface.h
View File

@ -144,7 +144,7 @@ struct EKPGetBaseCipherKeysRequestInfo {
EncryptCipherBaseKeyId baseCipherId;
// Encryption domain name - ancillairy metadata information, an encryption key should be uniquely identified by
// {domainId, cipherBaseId} tuple
EncryptCipherDomainName domainName;
EncryptCipherDomainNameRef domainName;
EKPGetBaseCipherKeysRequestInfo()
: domainId(ENCRYPT_INVALID_DOMAIN_ID), baseCipherId(ENCRYPT_INVALID_CIPHER_KEY_ID) {}
@ -176,7 +176,7 @@ struct EKPGetBaseCipherKeysByIdsRequest {
template <class Ar>
void serialize(Ar& ar) {
serializer(ar, arena, baseCipherInfos, debugId, reply);
serializer(ar, baseCipherInfos, debugId, reply, arena);
}
};
@ -193,7 +193,7 @@ struct EKPGetLatestBaseCipherKeysReply {
template <class Ar>
void serialize(Ar& ar) {
serializer(ar, arena, baseCipherDetails, numHits, error);
serializer(ar, baseCipherDetails, numHits, error, arena);
}
};
@ -203,7 +203,7 @@ struct EKPGetLatestCipherKeysRequestInfo {
EncryptCipherDomainId domainId;
// Encryption domain name - ancillairy metadata information, an encryption key should be uniquely identified by
// {domainId, cipherBaseId} tuple
EncryptCipherDomainName domainName;
EncryptCipherDomainNameRef domainName;
EKPGetLatestCipherKeysRequestInfo() : domainId(ENCRYPT_INVALID_DOMAIN_ID) {}
EKPGetLatestCipherKeysRequestInfo(const EncryptCipherDomainId dId, StringRef name, Arena& arena)
@ -239,7 +239,7 @@ struct EKPGetLatestBaseCipherKeysRequest {
template <class Ar>
void serialize(Ar& ar) {
serializer(ar, arena, encryptDomainInfos, debugId, reply);
serializer(ar, encryptDomainInfos, debugId, reply, arena);
}
};

6
fdbclient/include/fdbclient/GetEncryptCipherKeys.actor.h
View File

@ -88,7 +88,7 @@ Future<EKPGetLatestBaseCipherKeysReply> getUncachedLatestEncryptCipherKeys(Refer
ACTOR template <class T>
Future<std::unordered_map<EncryptCipherDomainId, Reference<BlobCipherKey>>> getLatestEncryptCipherKeys(
Reference<AsyncVar<T> const> db,
std::unordered_map<EncryptCipherDomainId, EncryptCipherDomainName> domains) {
std::unordered_map<EncryptCipherDomainId, EncryptCipherDomainNameRef> domains) {
state Reference<BlobCipherKeyCache> cipherKeyCache = BlobCipherKeyCache::getInstance();
state std::unordered_map<EncryptCipherDomainId, Reference<BlobCipherKey>> cipherKeys;
state EKPGetLatestBaseCipherKeysRequest request;
@ -253,8 +253,8 @@ struct TextAndHeaderCipherKeys {
ACTOR template <class T>
Future<TextAndHeaderCipherKeys> getLatestEncryptCipherKeysForDomain(Reference<AsyncVar<T> const> db,
EncryptCipherDomainId domainId,
EncryptCipherDomainName domainName) {
std::unordered_map<EncryptCipherDomainId, EncryptCipherDomainName> domains;
EncryptCipherDomainNameRef domainName) {
std::unordered_map<EncryptCipherDomainId, EncryptCipherDomainNameRef> domains;
domains[domainId] = domainName;
domains[ENCRYPT_HEADER_DOMAIN_ID] = FDB_DEFAULT_ENCRYPT_DOMAIN_NAME;
std::unordered_map<EncryptCipherDomainId, Reference<BlobCipherKey>> cipherKeys =

2
fdbserver/BlobWorker.actor.cpp
View File

@ -357,7 +357,7 @@ ACTOR Future<BlobGranuleCipherKeysCtx> getLatestGranuleCipherKeys(Reference<Blob
ASSERT(tenantData.isValid());
std::unordered_map<EncryptCipherDomainId, EncryptCipherDomainName> domains;
std::unordered_map<EncryptCipherDomainId, EncryptCipherDomainNameRef> domains;
domains.emplace(tenantData->entry.id, StringRef(*arena, tenantData->name));
std::unordered_map<EncryptCipherDomainId, Reference<BlobCipherKey>> domainKeyMap =
wait(getLatestEncryptCipherKeys(bwData->dbInfo, domains));

4
fdbserver/CommitProxyServer.actor.cpp
View File

@ -917,11 +917,11 @@ ACTOR Future<Void> getResolution(CommitBatchContext* self) {
// Fetch cipher keys if needed.
state Future<std::unordered_map<EncryptCipherDomainId, Reference<BlobCipherKey>>> getCipherKeys;
if (pProxyCommitData->isEncryptionEnabled) {
static std::unordered_map<EncryptCipherDomainId, EncryptCipherDomainName> defaultDomains = {
static std::unordered_map<EncryptCipherDomainId, EncryptCipherDomainNameRef> defaultDomains = {
{ SYSTEM_KEYSPACE_ENCRYPT_DOMAIN_ID, FDB_DEFAULT_ENCRYPT_DOMAIN_NAME },
{ ENCRYPT_HEADER_DOMAIN_ID, FDB_DEFAULT_ENCRYPT_DOMAIN_NAME }
};
std::unordered_map<EncryptCipherDomainId, EncryptCipherDomainName> encryptDomains = defaultDomains;
std::unordered_map<EncryptCipherDomainId, EncryptCipherDomainNameRef> encryptDomains = defaultDomains;
for (int t = 0; t < trs.size(); t++) {
TenantInfo const& tenantInfo = trs[t].tenantInfo;
int64_t tenantId = tenantInfo.tenantId;

18
fdbserver/EncryptKeyProxy.actor.cpp
View File

@ -141,7 +141,7 @@ CipherKeyValidityTS getCipherKeyValidityTS(Optional<int64_t> refreshInterval, Op
struct EncryptBaseCipherKey {
EncryptCipherDomainId domainId;
Standalone<EncryptCipherDomainName> domainName;
Standalone<EncryptCipherDomainNameRef> domainName;
EncryptCipherBaseKeyId baseCipherId;
Standalone<StringRef> baseCipherKey;
// Timestamp after which the cached CipherKey is eligible for KMS refresh
@ -159,13 +159,13 @@ struct EncryptBaseCipherKey {
EncryptBaseCipherKey() : domainId(0), baseCipherId(0), baseCipherKey(StringRef()), refreshAt(0), expireAt(0) {}
explicit EncryptBaseCipherKey(EncryptCipherDomainId dId,
EncryptCipherDomainName dName,
Standalone<EncryptCipherDomainNameRef> dName,
EncryptCipherBaseKeyId cipherId,
StringRef cipherKey,
Standalone<StringRef> cipherKey,
int64_t refAtTS,
int64_t expAtTS)
: domainId(dId), domainName(Standalone<StringRef>(dName)), baseCipherId(cipherId),
baseCipherKey(Standalone<StringRef>(cipherKey)), refreshAt(refAtTS), expireAt(expAtTS) {}
: domainId(dId), domainName(dName), baseCipherId(cipherId), baseCipherKey(cipherKey), refreshAt(refAtTS),
expireAt(expAtTS) {}
bool isValid() const {
int64_t currTS = (int64_t)now();
@ -244,9 +244,9 @@ public:
}
void insertIntoBaseDomainIdCache(const EncryptCipherDomainId domainId,
EncryptCipherDomainName domainName,
Standalone<EncryptCipherDomainNameRef> domainName,
const EncryptCipherBaseKeyId baseCipherId,
StringRef baseCipherKey,
Standalone<StringRef> baseCipherKey,
int64_t refreshAtTS,
int64_t expireAtTS) {
// Entries in domainId cache are eligible for periodic refreshes to support 'limiting lifetime of encryption
@ -263,9 +263,9 @@ public:
}
void insertIntoBaseCipherIdCache(const EncryptCipherDomainId domainId,
EncryptCipherDomainName domainName,
Standalone<EncryptCipherDomainNameRef> domainName,
const EncryptCipherBaseKeyId baseCipherId,
const StringRef baseCipherKey,
const Standalone<StringRef> baseCipherKey,
int64_t refreshAtTS,
int64_t expireAtTS) {
// Given an cipherKey is immutable, it is OK to NOT expire cached information.

28
fdbserver/RESTKmsConnector.actor.cpp
View File

@ -276,7 +276,7 @@ ACTOR Future<Void> discoverKmsUrls(Reference<RESTKmsConnectorCtx> ctx, bool refr
void parseKmsResponse(Reference<RESTKmsConnectorCtx> ctx,
Reference<HTTP::Response> resp,
Arena* arena,
VectorRef<EncryptCipherKeyDetails>* outCipherKeyDetails) {
VectorRef<EncryptCipherKeyDetailsRef>* outCipherKeyDetails) {
// Acceptable response payload json format:
//
// response_json_payload {
@ -542,7 +542,7 @@ ACTOR
Future<Void> fetchEncryptionKeys_impl(Reference<RESTKmsConnectorCtx> ctx,
StringRef requestBodyRef,
Arena* arena,
VectorRef<EncryptCipherKeyDetails>* outCipherKeyDetails) {
VectorRef<EncryptCipherKeyDetailsRef>* outCipherKeyDetails) {
state Reference<HTTP::Response> resp;
// Follow 2-phase scheme:
@ -1096,13 +1096,13 @@ void validateKmsUrls(Reference<RESTKmsConnectorCtx> ctx) {
ASSERT_EQ(urlCtx->url.compare(KMS_URL_NAME_TEST), 0);
}
void testGetEncryptKeysByKeyIdsRequestBody(Reference<RESTKmsConnectorCtx> ctx, Arena arena) {
void testGetEncryptKeysByKeyIdsRequestBody(Reference<RESTKmsConnectorCtx> ctx, Arena& arena) {
KmsConnLookupEKsByKeyIdsReq req;
std::unordered_map<EncryptCipherBaseKeyId, EncryptCipherDomainId> keyMap;
const int nKeys = deterministicRandom()->randomInt(7, 8);
for (int i = 1; i < nKeys; i++) {
EncryptCipherDomainId domainId = getRandomDomainId();
EncryptCipherDomainName domainName = domainId < 0
EncryptCipherDomainNameRef domainName = domainId < 0
? StringRef(arena, std::string(FDB_DEFAULT_ENCRYPT_DOMAIN_NAME))
: StringRef(arena, std::to_string(domainId));
req.encryptKeyInfos.emplace_back_deep(req.arena, domainId, i, domainName);
@ -1121,7 +1121,7 @@ void testGetEncryptKeysByKeyIdsRequestBody(Reference<RESTKmsConnectorCtx> ctx, A
getFakeKmsResponse(requestBodyRef, true, httpResp);
TraceEvent("FetchKeysByKeyIds", ctx->uid).setMaxFieldLength(100000).detail("HttpRespStr", httpResp->content);
VectorRef<EncryptCipherKeyDetails> cipherDetails;
VectorRef<EncryptCipherKeyDetailsRef> cipherDetails;
parseKmsResponse(ctx, httpResp, &arena, &cipherDetails);
ASSERT_EQ(cipherDetails.size(), keyMap.size());
for (const auto& detail : cipherDetails) {
@ -1135,16 +1135,16 @@ void testGetEncryptKeysByKeyIdsRequestBody(Reference<RESTKmsConnectorCtx> ctx, A
}
}
void testGetEncryptKeysByDomainIdsRequestBody(Reference<RESTKmsConnectorCtx> ctx, Arena arena) {
void testGetEncryptKeysByDomainIdsRequestBody(Reference<RESTKmsConnectorCtx> ctx, Arena& arena) {
KmsConnLookupEKsByDomainIdsReq req;
std::unordered_map<EncryptCipherDomainId, KmsConnLookupDomainIdsReqInfo> domainInfoMap;
std::unordered_map<EncryptCipherDomainId, KmsConnLookupDomainIdsReqInfoRef> domainInfoMap;
const int nKeys = deterministicRandom()->randomInt(7, 25);
for (int i = 1; i < nKeys; i++) {
EncryptCipherDomainId domainId = getRandomDomainId();
EncryptCipherDomainName domainName = domainId < 0
EncryptCipherDomainNameRef domainName = domainId < 0
? StringRef(arena, std::string(FDB_DEFAULT_ENCRYPT_DOMAIN_NAME))
: StringRef(arena, std::to_string(domainId));
KmsConnLookupDomainIdsReqInfo reqInfo(req.arena, domainId, domainName);
KmsConnLookupDomainIdsReqInfoRef reqInfo(req.arena, domainId, domainName);
if (domainInfoMap.insert({ domainId, reqInfo }).second) {
req.encryptDomainInfos.push_back(req.arena, reqInfo);
}
@ -1159,7 +1159,7 @@ void testGetEncryptKeysByDomainIdsRequestBody(Reference<RESTKmsConnectorCtx> ctx
getFakeKmsResponse(jsonReqRef, false, httpResp);
TraceEvent("FetchKeysByDomainIds", ctx->uid).detail("HttpRespStr", httpResp->content);
VectorRef<EncryptCipherKeyDetails> cipherDetails;
VectorRef<EncryptCipherKeyDetailsRef> cipherDetails;
parseKmsResponse(ctx, httpResp, &arena, &cipherDetails);
ASSERT_EQ(domainInfoMap.size(), cipherDetails.size());
for (const auto& detail : cipherDetails) {
@ -1174,7 +1174,7 @@ void testGetEncryptKeysByDomainIdsRequestBody(Reference<RESTKmsConnectorCtx> ctx
void testMissingCipherDetailsTag(Reference<RESTKmsConnectorCtx> ctx) {
Arena arena;
VectorRef<EncryptCipherKeyDetails> cipherDetails;
VectorRef<EncryptCipherKeyDetailsRef> cipherDetails;
rapidjson::Document doc;
doc.SetObject();
@ -1201,7 +1201,7 @@ void testMissingCipherDetailsTag(Reference<RESTKmsConnectorCtx> ctx) {
void testMalformedCipherDetails(Reference<RESTKmsConnectorCtx> ctx) {
Arena arena;
VectorRef<EncryptCipherKeyDetails> cipherDetails;
VectorRef<EncryptCipherKeyDetailsRef> cipherDetails;
rapidjson::Document doc;
doc.SetObject();
@ -1228,7 +1228,7 @@ void testMalformedCipherDetails(Reference<RESTKmsConnectorCtx> ctx) {
void testMalfromedCipherDetailObj(Reference<RESTKmsConnectorCtx> ctx) {
Arena arena;
VectorRef<EncryptCipherKeyDetails> cipherDetails;
VectorRef<EncryptCipherKeyDetailsRef> cipherDetails;
rapidjson::Document doc;
doc.SetObject();
@ -1260,7 +1260,7 @@ void testMalfromedCipherDetailObj(Reference<RESTKmsConnectorCtx> ctx) {
void testKMSErrorResponse(Reference<RESTKmsConnectorCtx> ctx) {
Arena arena;
VectorRef<EncryptCipherKeyDetails> cipherDetails;
VectorRef<EncryptCipherKeyDetailsRef> cipherDetails;
rapidjson::Document doc;
doc.SetObject();

2
fdbserver/SimKmsConnector.actor.cpp
View File

@ -295,7 +295,7 @@ ACTOR Future<Void> testRunWorkload(KmsConnectorInterface inf, uint32_t nEncrypti
for (i = 0; i < maxDomainIds; i++) {
// domainIdsReq.encryptDomainIds.push_back(i);
EncryptCipherDomainId domainId = i;
EncryptCipherDomainName domainName = StringRef(domainIdsReq.arena, std::to_string(domainId));
EncryptCipherDomainNameRef domainName = StringRef(domainIdsReq.arena, std::to_string(domainId));
domainIdsReq.encryptDomainInfos.emplace_back(domainIdsReq.arena, i, domainName);
}
KmsConnLookupEKsByDomainIdsRep domainIdsRep = wait(inf.ekLookupByDomainIds.getReply(domainIdsReq));

4
fdbserver/include/fdbserver/IEncryptionKeyProvider.actor.h
View File

@ -216,7 +216,7 @@ public:
Future<EncryptionKey> getSecrets(const EncryptionKeyRef& key) override { return getSecrets(this, key); }
ACTOR static Future<EncryptionKey> getByRange(TenantAwareEncryptionKeyProvider* self, KeyRef begin, KeyRef end) {
EncryptCipherDomainName domainName;
EncryptCipherDomainNameRef domainName;
EncryptCipherDomainId domainId = self->getEncryptionDomainId(begin, end, &domainName);
TextAndHeaderCipherKeys cipherKeys = wait(getLatestEncryptCipherKeysForDomain(self->db, domainId, domainName));
EncryptionKey s;
@ -236,7 +236,7 @@ public:
private:
EncryptCipherDomainId getEncryptionDomainId(const KeyRef& begin,
const KeyRef& end,
EncryptCipherDomainName* domainName) {
EncryptCipherDomainNameRef* domainName) {
int64_t domainId = SYSTEM_KEYSPACE_ENCRYPT_DOMAIN_ID;
int64_t beginTenantId = getTenant(begin, true /*inclusive*/);
int64_t endTenantId = getTenant(end, false /*inclusive*/);

57
fdbserver/include/fdbserver/KmsConnectorInterface.h
View File

@ -67,7 +67,7 @@ struct KmsConnectorInterface {
}
};
struct EncryptCipherKeyDetails {
struct EncryptCipherKeyDetailsRef {
constexpr static FileIdentifier file_identifier = 1227025;
EncryptCipherDomainId encryptDomainId;
EncryptCipherBaseKeyId encryptKeyId;
@ -75,17 +75,17 @@ struct EncryptCipherKeyDetails {
Optional<int64_t> refreshAfterSec;
Optional<int64_t> expireAfterSec;
EncryptCipherKeyDetails() {}
explicit EncryptCipherKeyDetails(Arena& arena,
EncryptCipherKeyDetailsRef() {}
explicit EncryptCipherKeyDetailsRef(Arena& arena,
EncryptCipherDomainId dId,
EncryptCipherBaseKeyId keyId,
StringRef key)
: encryptDomainId(dId), encryptKeyId(keyId), encryptKey(StringRef(arena, key)),
refreshAfterSec(Optional<int64_t>()), expireAfterSec(Optional<int64_t>()) {}
explicit EncryptCipherKeyDetails(EncryptCipherDomainId dId, EncryptCipherBaseKeyId keyId, StringRef key)
explicit EncryptCipherKeyDetailsRef(EncryptCipherDomainId dId, EncryptCipherBaseKeyId keyId, StringRef key)
: encryptDomainId(dId), encryptKeyId(keyId), encryptKey(key), refreshAfterSec(Optional<int64_t>()),
expireAfterSec(Optional<int64_t>()) {}
explicit EncryptCipherKeyDetails(Arena& arena,
explicit EncryptCipherKeyDetailsRef(Arena& arena,
EncryptCipherDomainId dId,
EncryptCipherBaseKeyId keyId,
StringRef key,
@ -93,7 +93,7 @@ struct EncryptCipherKeyDetails {
Optional<int64_t> expAfterSec)
: encryptDomainId(dId), encryptKeyId(keyId), encryptKey(StringRef(arena, key)), refreshAfterSec(refAfterSec),
expireAfterSec(expAfterSec) {}
explicit EncryptCipherKeyDetails(EncryptCipherDomainId dId,
explicit EncryptCipherKeyDetailsRef(EncryptCipherDomainId dId,
EncryptCipherBaseKeyId keyId,
StringRef key,
Optional<int64_t> refAfterSec,
@ -101,7 +101,7 @@ struct EncryptCipherKeyDetails {
: encryptDomainId(dId), encryptKeyId(keyId), encryptKey(key), refreshAfterSec(refAfterSec),
expireAfterSec(expAfterSec) {}
bool operator==(const EncryptCipherKeyDetails& toCompare) {
bool operator==(const EncryptCipherKeyDetailsRef& toCompare) {
return encryptDomainId == toCompare.encryptDomainId && encryptKeyId == toCompare.encryptKeyId &&
encryptKey.compare(toCompare.encryptKey) == 0;
}
@ -115,30 +115,31 @@ struct EncryptCipherKeyDetails {
struct KmsConnLookupEKsByKeyIdsRep {
constexpr static FileIdentifier file_identifier = 2313778;
Arena arena;
VectorRef<EncryptCipherKeyDetails> cipherKeyDetails;
VectorRef<EncryptCipherKeyDetailsRef> cipherKeyDetails;
KmsConnLookupEKsByKeyIdsRep() {}
template <class Ar>
void serialize(Ar& ar) {
serializer(ar, arena, cipherKeyDetails);
serializer(ar, cipherKeyDetails, arena);
}
};
struct KmsConnLookupKeyIdsReqInfo {
struct KmsConnLookupKeyIdsReqInfoRef {
constexpr static FileIdentifier file_identifier = 3092256;
EncryptCipherDomainId domainId;
EncryptCipherBaseKeyId baseCipherId;
EncryptCipherDomainName domainName;
EncryptCipherDomainNameRef domainName;
KmsConnLookupKeyIdsReqInfo() : domainId(ENCRYPT_INVALID_DOMAIN_ID), baseCipherId(ENCRYPT_INVALID_CIPHER_KEY_ID) {}
explicit KmsConnLookupKeyIdsReqInfo(Arena& arena,
KmsConnLookupKeyIdsReqInfoRef()
: domainId(ENCRYPT_INVALID_DOMAIN_ID), baseCipherId(ENCRYPT_INVALID_CIPHER_KEY_ID) {}
explicit KmsConnLookupKeyIdsReqInfoRef(Arena& arena,
const EncryptCipherDomainId dId,
const EncryptCipherBaseKeyId bCId,
StringRef name)
: domainId(dId), baseCipherId(bCId), domainName(StringRef(arena, name)) {}
bool operator==(const KmsConnLookupKeyIdsReqInfo& info) const {
bool operator==(const KmsConnLookupKeyIdsReqInfoRef& info) const {
return domainId == info.domainId && baseCipherId == info.baseCipherId &&
(domainName.compare(info.domainName) == 0);
}
@ -152,45 +153,45 @@ struct KmsConnLookupKeyIdsReqInfo {
struct KmsConnLookupEKsByKeyIdsReq {
constexpr static FileIdentifier file_identifier = 6913396;
Arena arena;
VectorRef<KmsConnLookupKeyIdsReqInfo> encryptKeyInfos;
VectorRef<KmsConnLookupKeyIdsReqInfoRef> encryptKeyInfos;
Optional<UID> debugId;
ReplyPromise<KmsConnLookupEKsByKeyIdsRep> reply;
KmsConnLookupEKsByKeyIdsReq() {}
explicit KmsConnLookupEKsByKeyIdsReq(VectorRef<KmsConnLookupKeyIdsReqInfo> keyInfos, Optional<UID> dbgId)
explicit KmsConnLookupEKsByKeyIdsReq(VectorRef<KmsConnLookupKeyIdsReqInfoRef> keyInfos, Optional<UID> dbgId)
: encryptKeyInfos(keyInfos), debugId(dbgId) {}
template <class Ar>
void serialize(Ar& ar) {
serializer(ar, arena, encryptKeyInfos, debugId, reply);
serializer(ar, encryptKeyInfos, debugId, reply, arena);
}
};
struct KmsConnLookupEKsByDomainIdsRep {
constexpr static FileIdentifier file_identifier = 3009025;
Arena arena;
VectorRef<EncryptCipherKeyDetails> cipherKeyDetails;
VectorRef<EncryptCipherKeyDetailsRef> cipherKeyDetails;
KmsConnLookupEKsByDomainIdsRep() {}
template <class Ar>
void serialize(Ar& ar) {
serializer(ar, arena, cipherKeyDetails);
serializer(ar, cipherKeyDetails, arena);
}
};
struct KmsConnLookupDomainIdsReqInfo {
struct KmsConnLookupDomainIdsReqInfoRef {
constexpr static FileIdentifier file_identifier = 8980149;
EncryptCipherDomainId domainId;
EncryptCipherDomainName domainName;
EncryptCipherDomainNameRef domainName;
KmsConnLookupDomainIdsReqInfo() : domainId(ENCRYPT_INVALID_DOMAIN_ID) {}
explicit KmsConnLookupDomainIdsReqInfo(Arena& arena, const EncryptCipherDomainId dId, StringRef name)
KmsConnLookupDomainIdsReqInfoRef() : domainId(ENCRYPT_INVALID_DOMAIN_ID) {}
explicit KmsConnLookupDomainIdsReqInfoRef(Arena& arena, const EncryptCipherDomainId dId, StringRef name)
: domainId(dId), domainName(StringRef(arena, name)) {}
explicit KmsConnLookupDomainIdsReqInfo(const EncryptCipherDomainId dId, StringRef name)
explicit KmsConnLookupDomainIdsReqInfoRef(const EncryptCipherDomainId dId, StringRef name)
: domainId(dId), domainName(name) {}
bool operator==(const KmsConnLookupDomainIdsReqInfo& info) const {
bool operator==(const KmsConnLookupDomainIdsReqInfoRef& info) const {
return domainId == info.domainId && (domainName.compare(info.domainName) == 0);
}
@ -203,17 +204,17 @@ struct KmsConnLookupDomainIdsReqInfo {
struct KmsConnLookupEKsByDomainIdsReq {
constexpr static FileIdentifier file_identifier = 9918682;
Arena arena;
VectorRef<KmsConnLookupDomainIdsReqInfo> encryptDomainInfos;
VectorRef<KmsConnLookupDomainIdsReqInfoRef> encryptDomainInfos;
Optional<UID> debugId;
ReplyPromise<KmsConnLookupEKsByDomainIdsRep> reply;
KmsConnLookupEKsByDomainIdsReq() {}
explicit KmsConnLookupEKsByDomainIdsReq(VectorRef<KmsConnLookupDomainIdsReqInfo>& infos, Optional<UID> dbgId)
explicit KmsConnLookupEKsByDomainIdsReq(VectorRef<KmsConnLookupDomainIdsReqInfoRef>& infos, Optional<UID> dbgId)
: encryptDomainInfos(infos), debugId(dbgId) {}
template <class Ar>
void serialize(Ar& ar) {
serializer(ar, arena, encryptDomainInfos, debugId, reply);
serializer(ar, encryptDomainInfos, debugId, reply, arena);
}
};

4
fdbserver/include/fdbserver/SimEncryptKmsProxy.actor.h
View File

@ -98,7 +98,7 @@ struct SimGetEncryptKeysByKeyIdsReply {
template <class Ar>
void serialize(Ar& ar) {
serializer(ar, arena, encryptKeyDetails);
serializer(ar, encryptKeyDetails, arena);
}
};
@ -127,7 +127,7 @@ struct SimGetEncryptKeyByDomainIdReply {
template <class Ar>
void serialize(Ar& ar) {
serializer(ar, arena, encryptKeyDetails);
serializer(ar, encryptKeyDetails, arena);
}
};

2
fdbserver/include/fdbserver/TLogInterface.h
View File

@ -189,7 +189,7 @@ struct TLogPeekReply {
template <class Ar>
void serialize(Ar& ar) {
serializer(ar, arena, messages, end, popped, maxKnownVersion, minKnownCommittedVersion, begin, onlySpilled);
serializer(ar, messages, end, popped, maxKnownVersion, minKnownCommittedVersion, begin, onlySpilled, arena);
}
};

2
flow/include/flow/EncryptUtils.h
View File

@ -41,7 +41,7 @@
const std::string FDB_DEFAULT_ENCRYPT_DOMAIN_NAME = "FdbDefaultEncryptDomain";
using EncryptCipherDomainId = int64_t;
using EncryptCipherDomainName = StringRef;
using EncryptCipherDomainNameRef = StringRef;
using EncryptCipherBaseKeyId = uint64_t;
using EncryptCipherRandomSalt = uint64_t;