-
Notifications
You must be signed in to change notification settings - Fork 19
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Key Map Implementation - Replacing TDE Forks (#113)
* The patch implements on disk "key map and data" structure. It replaces the old "tde" fork architecture. This new architecture implements a two file pair with: (1) Map File (2) Key Data File Both files contain a header that contains the name of the master key that was to encrypt the data keys and a file version. The file version is set to PG_TDE_FILEMAGIC at the moment and it can be used to differiate between different file format versions in case we change the structure later on. The map file is a list of relNumber, flags and key index. - relNumber is the Oid of the associated relation. - Flags define if the map entry is free or in use. - Key index points to the starting position of the key in the key data file. The flags play a pivotal role in avoiding the file to grow infinitely. When a relation is either deleted or a transaction is aborted, the entry map entry is marked as MAP_ENTRY_FREE. Any next transaction requiring to store its relation key will pick the first entry with flag set to MAP_ENTRY_FREE. The key data file is simply a list of keys. No flags are needed as the validity is identified by the map file. Writing to the file is performed using FileWrite function. This avoids any locking in the key data file. Pending: - Implementation of key rotation - Locking of file during key rotation or map entry - Review of fflush calls - Review of the WAL * Refactoring based on the Zsolt's comments on the PR. Moving the key encryption/decryption functions to the enc_tuple file and renaming the files according to the functionality. * Adding the XLOG handling for internal key during relation creation and when redo-ing the log. Also, updated the handling of master key to accomodate versioning. * Updating the comment as it is no longer valid. * Updated: - getMasterKey function argument types to bool from int - Before xlog redo, the decrypted key is added to the key cache.
- Loading branch information
Hamid Akhtar
authored
Feb 19, 2024
1 parent
798d897
commit 56af84e
Showing
19 changed files
with
890 additions
and
323 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.