Skip to content

feat: Add cache encryption implementation for Storage #1280

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 10 commits into
base: main
Choose a base branch
from
Open

feat: Add cache encryption implementation for Storage #1280

wants to merge 10 commits into from

Conversation

ChoHee15
Copy link

@ChoHee15 ChoHee15 commented Aug 9, 2025

Description

This PR implements a new encrypt component for Storage, providing an optional encryption feature. This solution will enhance the security of the data stored locally.

Related Issue

dragonflyoss/design#9

Motivation and Context

dragonflyoss/dragonfly#4026

Screenshots (if appropriate)

@ChoHee15 ChoHee15 marked this pull request as draft August 9, 2025 07:55
@ChoHee15 ChoHee15 marked this pull request as ready for review August 9, 2025 08:03
@ChoHee15
Copy link
Author

ChoHee15 commented Aug 9, 2025

@LunaWhispers Please review

@LunaWhispers LunaWhispers requested review from LunaWhispers and removed request for xujihui1985, yxxhero, gaius-qi, CormickKneey and chlins August 9, 2025 13:21
@dragonflyoss dragonflyoss locked and limited conversation to collaborators Aug 25, 2025
@dragonflyoss dragonflyoss unlocked this conversation Aug 25, 2025
@LunaWhispers LunaWhispers added the enhancement New feature or request label Aug 25, 2025
LunaWhispers
LunaWhispers reviewed Aug 25, 2025
View reviewed changes
LunaWhispers
LunaWhispers reviewed Aug 25, 2025
View reviewed changes
@LunaWhispers LunaWhispers added this to the v2.4.0 milestone Sep 1, 2025
LunaWhispers
LunaWhispers reviewed Sep 18, 2025
View reviewed changes
@ChoHee15
feat: peer cache encryption
0e073e6 
Signed-off-by: chohee <[email protected]>
@ChoHee15
feat: add Task encryption
ceee92f 
Signed-off-by: chohee <[email protected]>
@ChoHee15
chore: clean up and normalize log output
2f48794 
Signed-off-by: chohee <[email protected]>
@ChoHee15
refactor: use task_id to derive key instead of constructing nonce
468b850 
- Now the pieces of one task use the same key and nonce
- Key is derived from (the primary key, task_id), so every task uses different key
- EncryptReader will seek corresponding offset to encrypt piece plaintext
- When export encrypted files, we can decrypt whole file stream instead of decrypting every single piece

Signed-off-by: chohee <[email protected]>
@ChoHee15
chore: remove panic
c68de9d 
Signed-off-by: chohee <[email protected]>
@ChoHee15 ChoHee15 changed the title [WIP] feat: Add cache encryption implementation for Storage feat: Add cache encryption implementation for Storage Sep 26, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@LunaWhispers LunaWhispers LunaWhispers left review comments

At least 2 approving reviews are required to merge this pull request.

Assignees

@ChoHee15 ChoHee15

Labels
enhancement New feature or request
Projects
None yet
Milestone
v2.4.0
Development

Successfully merging this pull request may close these issues.
2 participants
@ChoHee15 @LunaWhispers