Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
The patch implements on disk "key map and data" structure. It replaces
the old "tde" fork architecture. This new architecture implements a two file pair with: (1) Map File (2) Key Data File Both files contain a header that contains the name of the master key that was to encrypt the data keys and a file version. The file version is set to PG_TDE_FILEMAGIC at the moment and it can be used to differiate between different file format versions in case we change the structure later on. The map file is a list of relNumber, flags and key index. - relNumber is the Oid of the associated relation. - Flags define if the map entry is free or in use. - Key index points to the starting position of the key in the key data file. The flags play a pivotal role in avoiding the file to grow infinitely. When a relation is either deleted or a transaction is aborted, the entry map entry is marked as MAP_ENTRY_FREE. Any next transaction requiring to store its relation key will pick the first entry with flag set to MAP_ENTRY_FREE. The key data file is simply a list of keys. No flags are needed as the validity is identified by the map file. Writing to the file is performed using FileWrite function. This avoids any locking in the key data file. Pending: - Implementation of key rotation - Locking of file during key rotation or map entry - Review of fflush calls - Review of the WAL
- Loading branch information