Provide a default block cipher implementation using AES. #8943
Conversation
build_tools/build_detect_platform
Outdated
| #include <cstdint> | ||
| #include <emmintrin.h> | ||
| int main() { | ||
| const auto x = _mm_set_epi32(0, 0, 0, 0); |
There was a problem hiding this comment.
I would just roll this into the test for enabling IPPCP and don't bother with a HAVE_SSE2 flag. Unnecessary complexity IMHO.
There was a problem hiding this comment.
@pdillinger that is true. Now fixed.
mulugetam
force-pushed
the
aes-encryption
branch
3 times, most recently
from
44ba35c
to
9a05662
Compare
There was a problem hiding this comment.
We don't like adding code to the base checkout without basic build and unit test coverage, with CircleCI and gtest. Can you add to db_encryption_test? Or perhaps make this the canonical configuration for environment variable ENCRYPTED_ENV=1 (when IPPCP enabled at compile time)? Can add this to CircleCI build-linux-encrypted-env.
include/rocksdb/ippcp_aes_provider.h
Outdated
| // | ||
| // Note: a prefix size of 4096 (4K) is chosen for optimal performance. | ||
| // | ||
| class IppAESCTRProvider : public EncryptionProvider { |
There was a problem hiding this comment.
Also override GetMarker()?
include/rocksdb/ippcp_aes_provider.h
Outdated
| virtual ~IppAESCTRProvider(); | ||
|
|
||
| private: | ||
| #ifdef IPPCP |
There was a problem hiding this comment.
Pretty much except for ROCKSDB_LITE, we need to avoid custom ifdefs in public headers. We cannot rely on client code being compiled with our macro definitions used for compiling RocksDB.
|
Wish list item: good error message if attempting to use sst_dump or ldb or DB::Open on an encrypted DB without appropriate encrypted env. |
Can we have a separate patch for this? A good error message is required even for the trivial encryption provider (ROT13) that currently exists and we need to carefully think on how to use the EncryptionProvider::GetMarker(). |
I have added IPPCP encryption provider as the canonical encryption provider for test when ENCRYPTED_ENV is set to 1 and IPPCP is detected at compile time. I have also run db_encryption_test and it passes. |
Summary: - supports AES-128, AES-192, and AES-256. - uses the CTR mode of operation. - is based on the Intel® crypto library (https://github.com/intel/ipp-crypto)
mulugetam
force-pushed
the
aes-encryption
branch
from
6f26e32
to
e637dca
Compare
|
I saw this pull request is pending for one year, are you plan to merge it in the master? If not, what's the roadmap for support encryption/decryption as part of code base? |
|
The latest version of this PR, implemented as a RocksDB plugin, is available here. |
RocksDB currently has no default block cipher that users can readily use, this patch addresses that. The PR is the latest version of the PR described here. The code has been refactored to make use of the new Encryption API based on object registration. The block cipher used is the AES block cipher with CTR mode of operation.
Summary: