mirror of
https://github.com/apple/foundationdb.git
synced 2025-05-15 02:18:39 +08:00
a5d91fe18a
* KmsConnector implementation to support KMS driven CipherKey TTL Description KMS CipherKeys can be of two types: 1. Revocable CipherKeys: having a finite lifetime, after which the CipherKey shouldn't be used by the FDB. 2. Non-revocable CipherKeys: ciphers are not revocable, however, FDB would still want to refresh ciphers to support KMS cipher rotation feature. Patch proposes following change to incorporate support for above defined cipher-key types: 1. Extend KmsConnector response to include optional 'refreshAfter' & 'expireAfter' time intervals. EncryptKeyProxy (EKP) cache would define corresponding absolute refresh & expiry timestamp for a given cipherKey. On an event of transient KMS connectivity outage, a caller of EKP API for a non-revocable key should continue using cached cipherKey until it expires. 2. Simplify KmsConnector API arena handling by using VectorRef to represent component structs and manage associated memory allocation/lifetime. Testing 1. EncryptKeyProxyTest 2. RESTKmsConnectorTest 3. SimKmsConnectorTest * KmsConnector implementation to support KMS driven CipherKey TTL Description diff-1: Set expireTS for baseCipherId indexed cache KMS CipherKeys can be of two types: 1. Revocable CipherKeys: having a finite lifetime, after which the CipherKey shouldn't be used by the FDB. 2. Non-revocable CipherKeys: ciphers are not revocable, however, FDB would still want to refresh ciphers to support KMS cipher rotation feature. Patch proposes following change to incorporate support for above defined cipher-key types: 1. Extend KmsConnector response to include optional 'refreshAfter' & 'expireAfter' time intervals. EncryptKeyProxy (EKP) cache would define corresponding absolute refresh & expiry timestamp for a given cipherKey. On an event of transient KMS connectivity outage, a caller of EKP API for a non-revocable key should continue using cached cipherKey until it expires. 2. Simplify KmsConnector API arena handling by using VectorRef to represent component structs and manage associated memory allocation/lifetime. Testing 1. EncryptKeyProxyTest 2. RESTKmsConnectorTest 3. SimKmsConnectorTest * KmsConnector implementation to support KMS driven CipherKey TTL Description diff-2: Fix Valgrind issues discovered runnign tests diff-1: Set expireTS for baseCipherId indexed cache KMS CipherKeys can be of two types: 1. Revocable CipherKeys: having a finite lifetime, after which the CipherKey shouldn't be used by the FDB. 2. Non-revocable CipherKeys: ciphers are not revocable, however, FDB would still want to refresh ciphers to support KMS cipher rotation feature. Patch proposes following change to incorporate support for above defined cipher-key types: 1. Extend KmsConnector response to include optional 'refreshAfter' & 'expireAfter' time intervals. EncryptKeyProxy (EKP) cache would define corresponding absolute refresh & expiry timestamp for a given cipherKey. On an event of transient KMS connectivity outage, a caller of EKP API for a non-revocable key should continue using cached cipherKey until it expires. 2. Simplify KmsConnector API arena handling by using VectorRef to represent component structs and manage associated memory allocation/lifetime. Testing 1. EncryptKeyProxyTest 2. RESTKmsConnectorTest 3. SimKmsConnectorTest * KmsConnector implementation to support KMS driven CipherKey TTL Description diff-3: Address review comment diff-2: Fix Valgrind issues discovered runnign tests diff-1: Set expireTS for baseCipherId indexed cache KMS CipherKeys can be of two types: 1. Revocable CipherKeys: having a finite lifetime, after which the CipherKey shouldn't be used by the FDB. 2. Non-revocable CipherKeys: ciphers are not revocable, however, FDB would still want to refresh ciphers to support KMS cipher rotation feature. Patch proposes following change to incorporate support for above defined cipher-key types: 1. Extend KmsConnector response to include optional 'refreshAfter' & 'expireAfter' time intervals. EncryptKeyProxy (EKP) cache would define corresponding absolute refresh & expiry timestamp for a given cipherKey. On an event of transient KMS connectivity outage, a caller of EKP API for a non-revocable key should continue using cached cipherKey until it expires. 2. Simplify KmsConnector API arena handling by using VectorRef to represent component structs and manage associated memory allocation/lifetime. Testing 1. EncryptKeyProxyTest 2. RESTKmsConnectorTest 3. SimKmsConnectorTest
53 lines
2.2 KiB
C++
53 lines
2.2 KiB
C++
/*
|
|
* EncryptUtils.cpp
|
|
*
|
|
* This source file is part of the FoundationDB open source project
|
|
*
|
|
* Copyright 2013-2022 Apple Inc. and the FoundationDB project authors
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
#include "flow/EncryptUtils.h"
|
|
#include "flow/Trace.h"
|
|
|
|
#include <boost/format.hpp>
|
|
|
|
std::string getEncryptDbgTraceKey(std::string_view prefix,
|
|
EncryptCipherDomainId domainId,
|
|
StringRef domainName,
|
|
Optional<EncryptCipherBaseKeyId> baseCipherId) {
|
|
// Construct the TraceEvent field key ensuring its uniqueness and compliance to TraceEvent field validator and log
|
|
// parsing tools
|
|
if (baseCipherId.present()) {
|
|
boost::format fmter("%s.%lld.%s.%llu");
|
|
return boost::str(boost::format(fmter % prefix % domainId % domainName.toString() % baseCipherId.get()));
|
|
} else {
|
|
boost::format fmter("%s.%lld.%s");
|
|
return boost::str(boost::format(fmter % prefix % domainId % domainName.toString()));
|
|
}
|
|
}
|
|
|
|
std::string getEncryptDbgTraceKeyWithTS(std::string_view prefix,
|
|
EncryptCipherDomainId domainId,
|
|
StringRef domainName,
|
|
EncryptCipherBaseKeyId baseCipherId,
|
|
int64_t refAfterTS,
|
|
int64_t expAfterTS) {
|
|
// Construct the TraceEvent field key ensuring its uniqueness and compliance to TraceEvent field validator and log
|
|
// parsing tools
|
|
boost::format fmter("%s.%lld.%s.%llu.%lld.%lld");
|
|
return boost::str(
|
|
boost::format(fmter % prefix % domainId % domainName.toString() % baseCipherId % refAfterTS % expAfterTS));
|
|
}
|