Add preamble handler with plaintext cipher stream

marc · marc · commit 2af065be6619 · 2017-11-17T15:23:59.000-05:00
diff --git a/c-deps/libroach/CMakeLists.txt b/c-deps/libroach/CMakeLists.txt
@@ -24,6 +24,7 @@ add_library(roach
   db.cc
   encoding.cc
   eventlistener.cc
+  preamble.cc
   protos/roachpb/data.pb.cc
   protos/roachpb/internal.pb.cc
   protos/roachpb/metadata.pb.cc
diff --git a/c-deps/libroach/db.cc b/c-deps/libroach/db.cc
@@ -35,6 +35,7 @@
 #include "encoding.h"
 #include "eventlistener.h"
 #include "keys.h"
+#include "preamble.h"
 
 extern "C" {
 static void __attribute__((noreturn)) die_missing_symbol(const char* name) {
@@ -89,6 +90,7 @@ struct DBEngine {
 };
 
 struct DBImpl : public DBEngine {
+  std::unique_ptr<PreambleHandler> preamble_handler;
   std::unique_ptr<rocksdb::Env> memenv;
   std::unique_ptr<rocksdb::DB> rep_deleter;
   std::shared_ptr<rocksdb::Cache> block_cache;
@@ -98,8 +100,9 @@ struct DBImpl : public DBEngine {
   // and Env will be deleted when the DBImpl is deleted. It is ok to
   // pass NULL for the Env.
   DBImpl(rocksdb::DB* r, rocksdb::Env* m, std::shared_ptr<rocksdb::Cache> bc,
-    std::shared_ptr<DBEventListener> event_listener)
+    std::shared_ptr<DBEventListener> event_listener, PreambleHandler* preamble)
       : DBEngine(r),
+        preamble_handler(preamble),
         memenv(m),
         rep_deleter(r),
         block_cache(bc),
@@ -1697,14 +1700,22 @@ DBStatus DBOpen(DBEngine **db, DBSlice dir, DBOptions db_opts) {
     options.env = memenv.get();
   }
 
+  PreambleHandler* preamble;
+  if (db_opts.use_preamble) {
+    // The caller makes sure we're not an in-memory DB.
+    assert(dir.len != 0);
+    preamble = new PreambleHandler();
+    options.env = preamble->GetEnv(options.env);
+  }
+
   rocksdb::DB *db_ptr;
   rocksdb::Status status = rocksdb::DB::Open(options, ToString(dir), &db_ptr);
   if (!status.ok()) {
     return ToDBStatus(status);
   }
   *db = new DBImpl(db_ptr, memenv.release(),
       db_opts.cache != nullptr ? db_opts.cache->rep : nullptr,
-      event_listener);
+      event_listener, preamble);
   return kSuccess;
 }
 
diff --git a/c-deps/libroach/preamble.cc b/c-deps/libroach/preamble.cc
@@ -0,0 +1,83 @@
+// Copyright 2017 The Cockroach Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+// implied.  See the License for the specific language governing
+// permissions and limitations under the License.
+
+#include <arpa/inet.h>
+#include "preamble.h"
+#include "protos/storage/preamble.pb.h"
+
+size_t PreambleHandler::GetPrefixLength() {
+  return defaultPreambleLength;
+}
+
+rocksdb::Env* PreambleHandler::GetEnv(rocksdb::Env* base_env) {
+  return rocksdb::NewEncryptedEnv(base_env ? base_env : rocksdb::Env::Default(), this);
+}
+
+rocksdb::Status PreambleHandler::CreateNewPrefix(const std::string& fname, char *prefix, size_t prefixLength) {
+  // Zero-out the prefix.
+  memset(prefix, 0, prefixLength);
+
+  // Create a preamble proto with encryption settings.
+  cockroach::storage::Preamble preamble;
+  // Everything is plaintext for now.
+  preamble.set_encryption_type(cockroach::storage::Plaintext);
+
+  // Check the byte size before encoding.
+  int byte_size = preamble.ByteSize();
+
+  // Determine the serialized length and size of the length prefix.
+  // TODO(mberhault): protobuf encoding is little-endian, so this is a little weird.
+  assert(byte_size < UINT16_MAX);
+  uint16_t message_size = htons(byte_size);
+  auto num_length_bytes = sizeof(message_size);
+
+  if ((byte_size + num_length_bytes) > prefixLength ) {
+    // TODO(mberhault): is NoSpace the right thing? Nothing really fits.
+    return rocksdb::Status::NoSpace("new preamble exceeds max preamble length");
+  }
+
+  // Write length prefix.
+  memcpy(prefix, &message_size, num_length_bytes);
+
+  // Write it to the prefix.
+  if (!preamble.SerializeToArray(prefix + num_length_bytes, byte_size)) {
+    return rocksdb::Status::Corruption("unable to write prefix");
+  }
+
+  return rocksdb::Status::OK();
+}
+
+rocksdb::Status PreambleHandler::CreateCipherStream(const std::string& fname, const rocksdb::EnvOptions& options, rocksdb::Slice &prefix, std::unique_ptr<rocksdb::BlockAccessCipherStream>* result) {
+  // Read length prefix.
+  uint16_t message_size;
+  auto num_length_bytes = sizeof(message_size);
+  memcpy(&message_size, prefix.data(), num_length_bytes);
+
+  // Convert length prefix from network byte order.
+  int byte_size = ntohs(message_size);
+
+  // Parse prefix
+  cockroach::storage::Preamble preamble;
+  if (!preamble.ParseFromArray(prefix.data() + num_length_bytes, byte_size)) {
+    return rocksdb::Status::Corruption("unable to parse prefix");
+  }
+
+  if (preamble.encryption_type() == cockroach::storage::Plaintext) {
+    (*result) = std::unique_ptr<rocksdb::BlockAccessCipherStream>(new PlaintextCipherStream());
+  } else {
+    return rocksdb::Status::NotSupported("unknown encryption type");
+  }
+
+  return rocksdb::Status::OK();
+}
diff --git a/c-deps/libroach/preamble.h b/c-deps/libroach/preamble.h
@@ -0,0 +1,86 @@
+// Copyright 2017 The Cockroach Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+// implied.  See the License for the specific language governing
+// permissions and limitations under the License.
+
+#ifndef ROACHLIB_PREAMBLE_H
+#define ROACHLIB_PREAMBLE_H
+
+#include <rocksdb/env.h>
+#include <rocksdb/env_encryption.h>
+
+// Preamble length.
+// WARNING: changing this will result in incompatible on-disk format.
+// The preamble length must fit in a uint16_t.
+const static size_t defaultPreambleLength = 4096;
+
+class PreambleHandler : rocksdb::EncryptionProvider {
+ public:
+
+  PreambleHandler() {}
+  virtual ~PreambleHandler() {}
+
+  // GetEnv returns an EncryptionEnv wrapped around base_env.
+  rocksdb::Env* GetEnv(rocksdb::Env* base_env);
+
+  // GetPrefixLength returns the preamble length.
+  virtual size_t GetPrefixLength() override;
+
+  // CreateNewPrefix initializes an allocated block of prefix memory  for a new file.
+  virtual rocksdb::Status CreateNewPrefix(const std::string& fname, char *prefix, size_t prefixLength) override;
+
+  // CreateCipherStream creates a block access cipher stream for a file given name and options.
+  virtual rocksdb::Status CreateCipherStream(const std::string& fname, const rocksdb::EnvOptions& options,
+    rocksdb::Slice& prefix, std::unique_ptr<rocksdb::BlockAccessCipherStream>* result) override;
+};
+
+// Blocksize for the plaintext cipher stream.
+// TODO(mberhault): we can pick anything we like. What's good?
+const static size_t plaintextBlockSize = 4096;
+
+// PlaintextCipherStream implements BlockAccessCipherStream with
+// no-op encrypt/decrypt operations.
+class PlaintextCipherStream final : public rocksdb::BlockAccessCipherStream {
+ public:
+  PlaintextCipherStream() {}
+  virtual ~PlaintextCipherStream() {}
+
+  // BlockSize returns the size of each block supported by this cipher stream.
+  virtual size_t BlockSize() override { return plaintextBlockSize; }
+
+  // Encrypt blocks of data. This is a noop.
+  virtual rocksdb::Status Encrypt(uint64_t fileOffset, char *data, size_t dataSize) override {
+    return rocksdb::Status::OK();
+  }
+
+  // Decrypt blocks of data. This is a noop.
+  virtual rocksdb::Status Decrypt(uint64_t fileOffset, char *data, size_t dataSize) override {
+    return rocksdb::Status::OK();
+  }
+ protected:
+  // Allocate scratch space which is passed to EncryptBlock/DecryptBlock.
+  virtual void AllocateScratch(std::string&) override {}
+
+  // Encrypt a block of data at the given block index.
+  // Length of data is equal to BlockSize();
+  virtual rocksdb::Status EncryptBlock(uint64_t blockIndex, char *data, char* scratch) override {
+		return rocksdb::Status::OK();
+  }
+
+  // Decrypt a block of data at the given block index.
+  // Length of data is equal to BlockSize();
+  virtual rocksdb::Status DecryptBlock(uint64_t blockIndex, char *data, char* scratch) override {
+		return rocksdb::Status::OK();
+  }
+};
+
+#endif // ROACHLIB_PREAMBLE_H
