Key Map Implementation - Replacing TDE Forks (#113)

* The patch implements on disk "key map and data" structure. It replaces
the old "tde" fork architecture.

This new architecture implements a two file pair with:
(1) Map File
(2) Key Data File

Both files contain a header that contains the name of the master key that
was to encrypt the data keys and a file version. The file version is set
to PG_TDE_FILEMAGIC at the moment and it can be used to differiate between
different file format versions in case we change the structure later on.

The map file is a list of relNumber, flags and key index.
- relNumber is the Oid of the associated relation.
- Flags define if the map entry is free or in use.
- Key index points to the starting position of the key in the key data file.

The flags play a pivotal role in avoiding the file to grow infinitely. When
a relation is either deleted or a transaction is aborted, the entry map entry
is marked as MAP_ENTRY_FREE. Any next transaction requiring to store its
relation key will pick the first entry with flag set to MAP_ENTRY_FREE.

The key data file is simply a list of keys. No flags are needed as the validity
is identified by the map file. Writing to the file is performed using FileWrite
function. This avoids any locking in the key data file.

Pending:
- Implementation of key rotation
- Locking of file during key rotation or map entry
- Review of fflush calls
- Review of the WAL

* Refactoring based on the Zsolt's comments on the PR.

Moving the key encryption/decryption functions to the enc_tuple file and
renaming the files according to the functionality.

* Adding the XLOG handling for internal key during relation creation
and when redo-ing the log.

Also, updated the handling of master key to accomodate versioning.

* Updating the comment as it is no longer valid.

* Updated:
- getMasterKey function argument types to bool from int
- Before xlog redo, the decrypted key is added to the key cache.

Makefile.in

@@ -16,7 +16,7 @@ multi_insert \
 trigger_on_view
 TAP_TESTS = 1
 
-OBJS = src/encryption/enc_tuple.o \
+OBJS = src/encryption/enc_tde.o \
 src/encryption/enc_aes.o \
 src/access/pg_tde_io.o \
 src/access/pg_tdeam_visibility.o \

meson.build

@@ -18,7 +18,7 @@ pg_tde_sources = files(
         'src/access/pg_tde_visibilitymap.c',
         'src/access/pg_tde_ddl.c',
 
-        'src/encryption/enc_tuple.c',
+        'src/encryption/enc_tde.c',
         'src/encryption/enc_aes.c',
 
         'src/keyring/keyring_config.c',

pg_tde--1.0.sql

@@ -13,6 +13,11 @@ RETURNS boolean
 AS $$ SELECT amname = 'pg_tde' FROM pg_class INNER JOIN pg_am ON pg_am.oid = pg_class.relam WHERE relname = table_name $$
 LANGUAGE SQL;
 
+CREATE FUNCTION pg_tde_rotate_key(key_name VARCHAR)
+RETURNS boolean
+AS 'MODULE_PATHNAME'
+LANGUAGE C;
+
 -- Access method
 CREATE ACCESS METHOD pg_tde TYPE TABLE HANDLER pg_tdeam_handler;
 COMMENT ON ACCESS METHOD pg_tde IS 'pg_tde table access method';

src/access/pg_tde_ddl.c

@@ -45,7 +45,7 @@ static void
             rel->rd_rel->relkind == RELKIND_MATVIEW) &&
             (subId == 0) && is_pg_tde_rel(rel))
             {
-                pg_tde_delete_key_fork(rel);
+                pg_tde_delete_key_map_entry(&rel->rd_locator);
             }
         relation_close(rel, AccessShareLock);
     }

src/access/pg_tde_io.c

@@ -20,7 +20,7 @@
 #include "access/pg_tdeam.h"
 #include "access/pg_tde_io.h"
 #include "access/pg_tde_visibilitymap.h"
-#include "encryption/enc_tuple.h"
+#include "encryption/enc_tde.h"
 
 #include "access/htup_details.h"
 #include "storage/bufmgr.h"

src/access/pg_tde_prune.c

@@ -16,7 +16,7 @@
 
 #include "postgres.h"
 
-#include "encryption/enc_tuple.h"
+#include "encryption/enc_tde.h"
 
 #include "access/pg_tdeam.h"
 #include "access/pg_tdeam_xlog.h"

src/access/pg_tde_rewrite.c

@@ -110,7 +110,7 @@
 #include "access/pg_tdeam_xlog.h"
 #include "access/pg_tdetoast.h"
 #include "access/pg_tde_rewrite.h"
-#include "encryption/enc_tuple.h"
+#include "encryption/enc_tde.h"
 
 #include "access/transam.h"
 #include "access/xact.h"