diff --git a/fdbclient/BackupContainerAzureBlobStore.actor.cpp b/fdbclient/BackupContainerAzureBlobStore.actor.cpp index 4ee3a7ebf5..6018c4d5cb 100644 --- a/fdbclient/BackupContainerAzureBlobStore.actor.cpp +++ b/fdbclient/BackupContainerAzureBlobStore.actor.cpp @@ -170,9 +170,11 @@ public: } Reference f = makeReference(self->asyncTaskThread, self->containerName, fileName, self->client.get()); +#if ENCRYPTION_ENABLED if (self->usesEncryption()) { f = makeReference(f, false); } +#endif return f; } @@ -183,9 +185,11 @@ public: return Void(); })); auto f = makeReference(self->asyncTaskThread, self->containerName, fileName, self->client.get()); +#if ENCRYPTION_ENABLED if (self->usesEncryption()) { f = makeReference(f, true); } +#endif return makeReference(fileName, f); } diff --git a/fdbclient/BackupContainerFileSystem.actor.cpp b/fdbclient/BackupContainerFileSystem.actor.cpp index a4eb1f6e34..5c6783201e 100644 --- a/fdbclient/BackupContainerFileSystem.actor.cpp +++ b/fdbclient/BackupContainerFileSystem.actor.cpp @@ -1127,6 +1127,7 @@ public: return false; } +#if ENCRYPTION_ENABLED ACTOR static Future createTestEncryptionKeyFile(std::string filename) { state Reference keyFile = wait(IAsyncFileSystem::filesystem()->open( filename, @@ -1163,6 +1164,8 @@ public: StreamCipher::Key::initializeKey(std::move(key)); return Void(); } +#endif // ENCRYPTION_ENABLED + }; // class BackupContainerFileSystemImpl Future> BackupContainerFileSystem::writeLogFile(Version beginVersion, @@ -1477,11 +1480,19 @@ Future BackupContainerFileSystem::encryptionSetupComplete() const { } void BackupContainerFileSystem::setEncryptionKey(Optional const& encryptionKeyFileName) { if (encryptionKeyFileName.present()) { +#if ENCRYPTION_ENABLED encryptionSetupFuture = BackupContainerFileSystemImpl::readEncryptionKey(encryptionKeyFileName.get()); +#else + encryptionSetupFuture = Void(); +#endif } } Future BackupContainerFileSystem::createTestEncryptionKeyFile(std::string const &filename) { +#if ENCRYPTION_ENABLED return BackupContainerFileSystemImpl::createTestEncryptionKeyFile(filename); +#else + return Void(); +#endif } namespace backup_test { diff --git a/fdbclient/BackupContainerS3BlobStore.actor.cpp b/fdbclient/BackupContainerS3BlobStore.actor.cpp index 02112c2f58..232154c7a2 100644 --- a/fdbclient/BackupContainerS3BlobStore.actor.cpp +++ b/fdbclient/BackupContainerS3BlobStore.actor.cpp @@ -171,9 +171,11 @@ std::string BackupContainerS3BlobStore::getURLFormat() { Future> BackupContainerS3BlobStore::readFile(const std::string& path) { Reference f = makeReference(m_bstore, m_bucket, dataPath(path)); +#if ENCRYPTION_ENABLED if (usesEncryption()) { f = makeReference(f, AsyncFileEncrypted::Mode::READ_ONLY); } +#endif f = makeReference(f, m_bstore->knobs.read_block_size, m_bstore->knobs.read_ahead_blocks, @@ -189,9 +191,11 @@ Future> BackupContainerS3BlobStore::listURLs(Reference< Future> BackupContainerS3BlobStore::writeFile(const std::string& path) { Reference f = makeReference(m_bstore, m_bucket, dataPath(path)); +#if ENCRYPTION_ENABLED if (usesEncryption()) { f = makeReference(f, AsyncFileEncrypted::Mode::APPEND_ONLY); } +#endif return Future>(makeReference(path, f)); } diff --git a/fdbrpc/AsyncFileEncrypted.h b/fdbrpc/AsyncFileEncrypted.h index ed5693de29..0d1d407a3d 100644 --- a/fdbrpc/AsyncFileEncrypted.h +++ b/fdbrpc/AsyncFileEncrypted.h @@ -26,6 +26,8 @@ #include "flow/IRandom.h" #include "flow/StreamCipher.h" +#if ENCRYPTION_ENABLED + #include /* @@ -79,3 +81,5 @@ public: void releaseZeroCopy(void* data, int length, int64_t offset) override; int64_t debugFD() const override; }; + +#endif // ENCRYPTION_ENABLED diff --git a/fdbrpc/CMakeLists.txt b/fdbrpc/CMakeLists.txt index 026ca36972..bfecc781f1 100644 --- a/fdbrpc/CMakeLists.txt +++ b/fdbrpc/CMakeLists.txt @@ -1,6 +1,7 @@ set(FDBRPC_SRCS AsyncFileCached.actor.h AsyncFileEIO.actor.h + AsyncFileEncrypted.h AsyncFileKAIO.actor.h AsyncFileNonDurable.actor.h AsyncFileReadAhead.actor.h @@ -36,7 +37,6 @@ set(FDBRPC_SRCS if(WITH_TLS AND NOT WIN32) set(FDBRPC_SRCS ${FDBRPC_SRCS} - AsyncFileEncrypted.h AsyncFileEncrypted.actor.cpp) endif() diff --git a/fdbrpc/Net2FileSystem.cpp b/fdbrpc/Net2FileSystem.cpp index a2a8874bed..56eb336cd6 100644 --- a/fdbrpc/Net2FileSystem.cpp +++ b/fdbrpc/Net2FileSystem.cpp @@ -32,9 +32,7 @@ #include "fdbrpc/AsyncFileCached.actor.h" #include "fdbrpc/AsyncFileEIO.actor.h" -#if (!defined(TLS_DISABLED) && !defined(_WIN32)) #include "fdbrpc/AsyncFileEncrypted.h" -#endif #include "fdbrpc/AsyncFileWinASIO.actor.h" #include "fdbrpc/AsyncFileKAIO.actor.h" #include "flow/AsioReactor.h" @@ -79,14 +77,14 @@ Future> Net2FileSystem::open(const std::string& file static_cast((void*)g_network->global(INetwork::enASIOService))); if (FLOW_KNOBS->PAGE_WRITE_CHECKSUM_HISTORY > 0) f = map(f, [=](Reference r) { return Reference(new AsyncFileWriteChecker(r)); }); -#if (!defined(TLS_DISABLED) && !defined(_WIN32)) +#if ENCRYPTION_ENABLED if (flags & IAsyncFile::OPEN_ENCRYPTED) f = map(f, [flags](Reference r) { auto mode = flags & IAsyncFile::OPEN_READWRITE ? AsyncFileEncrypted::Mode::APPEND_ONLY : AsyncFileEncrypted::Mode::READ_ONLY; return Reference(new AsyncFileEncrypted(r, mode)); }); -#endif +#endif // ENCRYPTION_ENABLED return f; } diff --git a/fdbrpc/sim2.actor.cpp b/fdbrpc/sim2.actor.cpp index 0121cc7451..fe7ded16e5 100644 --- a/fdbrpc/sim2.actor.cpp +++ b/fdbrpc/sim2.actor.cpp @@ -33,9 +33,7 @@ #include "flow/Util.h" #include "fdbrpc/IAsyncFile.h" #include "fdbrpc/AsyncFileCached.actor.h" -#if (!defined(TLS_DISABLED) && !defined(_WIN32)) #include "fdbrpc/AsyncFileEncrypted.h" -#endif #include "fdbrpc/AsyncFileNonDurable.actor.h" #include "flow/crc32c.h" #include "fdbrpc/TraceFileIO.h" @@ -2477,14 +2475,14 @@ Future> Sim2FileSystem::open(const std::string& file f = AsyncFileDetachable::open(f); if (FLOW_KNOBS->PAGE_WRITE_CHECKSUM_HISTORY > 0) f = map(f, [=](Reference r) { return Reference(new AsyncFileWriteChecker(r)); }); -#if (!defined(TLS_DISABLED) && !defined(_WIN32)) +#if ENCRYPTION_ENABLED if (flags & IAsyncFile::OPEN_ENCRYPTED) f = map(f, [flags](Reference r) { auto mode = flags & IAsyncFile::OPEN_READWRITE ? AsyncFileEncrypted::Mode::APPEND_ONLY : AsyncFileEncrypted::Mode::READ_ONLY; return Reference(new AsyncFileEncrypted(r, mode)); }); -#endif +#endif // ENCRYPTION_ENABLED return f; } else return AsyncFileCached::open(filename, flags, mode); diff --git a/flow/CMakeLists.txt b/flow/CMakeLists.txt index bc8763f35f..78d097517f 100644 --- a/flow/CMakeLists.txt +++ b/flow/CMakeLists.txt @@ -53,6 +53,7 @@ set(FLOW_SRCS SignalSafeUnwind.cpp SignalSafeUnwind.h SimpleOpt.h + StreamCipher.h SystemMonitor.cpp SystemMonitor.h TDMetric.actor.h @@ -100,8 +101,7 @@ set(FLOW_SRCS if(WITH_TLS AND NOT WIN32) set(FLOW_SRCS ${FLOW_SRCS} - StreamCipher.cpp - StreamCipher.h) + StreamCipher.cpp) endif() add_library(stacktrace stacktrace.amalgamation.cpp stacktrace.h) diff --git a/flow/StreamCipher.h b/flow/StreamCipher.h index 57c2e0e436..8c35d99da5 100644 --- a/flow/StreamCipher.h +++ b/flow/StreamCipher.h @@ -20,6 +20,14 @@ #pragma once +#if (!defined(TLS_DISABLED) && !defined(_WIN32)) +#define ENCRYPTION_ENABLED 1 +#else +#define ENCRYPTION_ENABLED 0 +#endif + +#if ENCRYPTION_ENABLED + #include "flow/Arena.h" #include "flow/FastRef.h" #include "flow/flow.h" @@ -78,3 +86,5 @@ public: StringRef decrypt(unsigned char const* ciphertext, int len, Arena&); StringRef finish(Arena&); }; + +#endif // ENCRYPTION_ENABLED