From a21f65742926df0e73d0296ef6bf98fec8900160 Mon Sep 17 00:00:00 2001 From: Nim Wijetunga Date: Wed, 16 Nov 2022 06:13:55 -0800 Subject: [PATCH] Add Encryption Code Probes for BlobGranule (#8779) * add code probes * address pr comments * address pr comments * Trigger Build * fix --- fdbclient/BlobGranuleFiles.cpp | 3 ++- fdbclient/FileBackupAgent.actor.cpp | 2 +- fdbserver/BlobWorker.actor.cpp | 33 +++++++++++++++++++++++------ fdbserver/storageserver.actor.cpp | 6 ++++-- 4 files changed, 33 insertions(+), 11 deletions(-) diff --git a/fdbclient/BlobGranuleFiles.cpp b/fdbclient/BlobGranuleFiles.cpp index ec01a6d17d..b0a1331d10 100644 --- a/fdbclient/BlobGranuleFiles.cpp +++ b/fdbclient/BlobGranuleFiles.cpp @@ -357,7 +357,7 @@ struct IndexBlockRef { // Compressing indexBlock will need offset recalculation (circular depedency). IndexBlock size is bounded by // number of chunks and sizeof(KeyPrefix), 'not' compressing IndexBlock shouldn't cause significant file // size bloat. - + CODE_PROBE(true, "encrypting index block"); ASSERT(cipherKeysCtx.present()); encrypt(cipherKeysCtx.get(), arena); } else { @@ -497,6 +497,7 @@ struct IndexBlobGranuleFileChunkRef { } if (cipherKeysCtx.present()) { + CODE_PROBE(true, "encrypting granule chunk"); IndexBlobGranuleFileChunkRef::encrypt(cipherKeysCtx.get(), chunkRef, arena); } diff --git a/fdbclient/FileBackupAgent.actor.cpp b/fdbclient/FileBackupAgent.actor.cpp index b5e10f4a48..5d1b672b0f 100644 --- a/fdbclient/FileBackupAgent.actor.cpp +++ b/fdbclient/FileBackupAgent.actor.cpp @@ -1152,7 +1152,7 @@ ACTOR Future>> decodeRangeFileBlock(Reference< wait(EncryptedRangeFileWriter::decrypt(cx.get(), header, dataPayloadStart, dataLen, &results.arena())); reader = StringRefReader(decryptedData, restore_corrupted_data()); state Optional>> tenantCache; - if (g_network && g_simulator->isSimulated()) { + if (g_network && g_network->isSimulated()) { tenantCache = makeReference>(cx.get(), TenantEntryCacheRefreshMode::WATCH); wait(tenantCache.get()->init()); } diff --git a/fdbserver/BlobWorker.actor.cpp b/fdbserver/BlobWorker.actor.cpp index 5586a1b0a1..ebef71082b 100644 --- a/fdbserver/BlobWorker.actor.cpp +++ b/fdbserver/BlobWorker.actor.cpp @@ -1281,9 +1281,14 @@ ACTOR Future compactFromBlob(Reference bwData, ASSERT(snapshotVersion < version); state Optional snapCipherKeysCtx; + if (g_network && g_network->isSimulated() && + isEncryptionOpSupported(EncryptOperationType::BLOB_GRANULE_ENCRYPTION) && + !snapshotF.cipherKeysMeta.present()) { + ASSERT(false); + } if (snapshotF.cipherKeysMeta.present()) { - ASSERT(bwData->isEncryptionEnabled); - + ASSERT(isEncryptionOpSupported(EncryptOperationType::BLOB_GRANULE_ENCRYPTION)); + CODE_PROBE(true, "fetching cipher keys for blob snapshot file"); BlobGranuleCipherKeysCtx keysCtx = wait(getGranuleCipherKeysFromKeysMeta(bwData, snapshotF.cipherKeysMeta.get(), &filenameArena)); snapCipherKeysCtx = std::move(keysCtx); @@ -1309,9 +1314,15 @@ ACTOR Future compactFromBlob(Reference bwData, deltaF = files.deltaFiles[deltaIdx]; + if (g_network && g_network->isSimulated() && + isEncryptionOpSupported(EncryptOperationType::BLOB_GRANULE_ENCRYPTION) && + !deltaF.cipherKeysMeta.present()) { + ASSERT(false); + } + if (deltaF.cipherKeysMeta.present()) { ASSERT(isEncryptionOpSupported(EncryptOperationType::BLOB_GRANULE_ENCRYPTION)); - + CODE_PROBE(true, "fetching cipher keys for delta file"); BlobGranuleCipherKeysCtx keysCtx = wait(getGranuleCipherKeysFromKeysMeta(bwData, deltaF.cipherKeysMeta.get(), &filenameArena)); deltaCipherKeysCtx = std::move(keysCtx); @@ -3768,10 +3779,14 @@ ACTOR Future doBlobGranuleFileRequest(Reference bwData, Bl .detail("Encrypted", encrypted); } + if (g_network && g_network->isSimulated() && + isEncryptionOpSupported(EncryptOperationType::BLOB_GRANULE_ENCRYPTION) && !encrypted) { + ASSERT(false); + } if (encrypted) { - ASSERT(bwData->isEncryptionEnabled); + ASSERT(isEncryptionOpSupported(EncryptOperationType::BLOB_GRANULE_ENCRYPTION)); ASSERT(!chunk.snapshotFile.get().cipherKeysCtx.present()); - + CODE_PROBE(true, "fetching cipher keys from meta ref for snapshot file"); snapCipherKeysCtx = getGranuleCipherKeysFromKeysMetaRef( bwData, chunk.snapshotFile.get().cipherKeysMetaRef.get(), &rep.arena); } @@ -3786,10 +3801,14 @@ ACTOR Future doBlobGranuleFileRequest(Reference bwData, Bl .detail("Encrypted", encrypted); } + if (g_network && g_network->isSimulated() && + isEncryptionOpSupported(EncryptOperationType::BLOB_GRANULE_ENCRYPTION) && !encrypted) { + ASSERT(false); + } if (encrypted) { - ASSERT(bwData->isEncryptionEnabled); + ASSERT(isEncryptionOpSupported(EncryptOperationType::BLOB_GRANULE_ENCRYPTION)); ASSERT(!chunk.deltaFiles[deltaIdx].cipherKeysCtx.present()); - + CODE_PROBE(true, "fetching cipher keys from meta ref for delta files"); deltaCipherKeysCtxs.emplace( deltaIdx, getGranuleCipherKeysFromKeysMetaRef( diff --git a/fdbserver/storageserver.actor.cpp b/fdbserver/storageserver.actor.cpp index 152535d66a..a7153856be 100644 --- a/fdbserver/storageserver.actor.cpp +++ b/fdbserver/storageserver.actor.cpp @@ -8836,7 +8836,8 @@ ACTOR Future update(StorageServer* data, bool* pReceivedUpdate) { } else { MutationRef msg; cloneReader >> msg; - if (isEncryptionOpSupported(EncryptOperationType::TLOG_ENCRYPTION) && !msg.isEncrypted() && + if (g_network && g_network->isSimulated() && + isEncryptionOpSupported(EncryptOperationType::TLOG_ENCRYPTION) && !msg.isEncrypted() && !(isSingleKeyMutation((MutationRef::Type)msg.type) && (backupLogKeys.contains(msg.param1) || (applyLogKeys.contains(msg.param1))))) { ASSERT(false); @@ -8994,7 +8995,8 @@ ACTOR Future update(StorageServer* data, bool* pReceivedUpdate) { } else { MutationRef msg; rd >> msg; - if (isEncryptionOpSupported(EncryptOperationType::TLOG_ENCRYPTION) && !msg.isEncrypted() && + if (g_network && g_network->isSimulated() && + isEncryptionOpSupported(EncryptOperationType::TLOG_ENCRYPTION) && !msg.isEncrypted() && !(isSingleKeyMutation((MutationRef::Type)msg.type) && (backupLogKeys.contains(msg.param1) || (applyLogKeys.contains(msg.param1))))) { ASSERT(false);