cockroach: github.com/cockroachdb/cockroach/pkg/ccl/storageccl/engineccl Index | Files | Directories

package engineccl

import "github.com/cockroachdb/cockroach/pkg/ccl/storageccl/engineccl"

Index

Package Files

ctr_stream.go encrypted_fs.go pebble_key_manager.go rocksdb.go rocksdb_jemalloc.go

func VerifyBatchRepr Uses

func VerifyBatchRepr(
    repr []byte, start, end engine.MVCCKey, nowNanos int64,
) (enginepb.MVCCStats, error)

VerifyBatchRepr asserts that all keys in a BatchRepr are between the specified start and end keys and computes the enginepb.MVCCStats for it.

type DataKeyManager Uses

type DataKeyManager struct {
    // contains filtered or unexported fields
}

DataKeyManager manages data keys. Implements PebbleKeyManager. Key rotation does not begin until SetActiveStoreKeyInfo() is called.

func (*DataKeyManager) ActiveKey Uses

func (m *DataKeyManager) ActiveKey(ctx context.Context) (*enginepbccl.SecretKey, error)

ActiveKey implements PebbleKeyManager.ActiveKey.

TODO(sbhola): do rotation via a background activity instead of in this function so that we don't slow down creation of files.

func (*DataKeyManager) GetKey Uses

func (m *DataKeyManager) GetKey(id string) (*enginepbccl.SecretKey, error)

GetKey implements PebbleKeyManager.GetKey.

func (*DataKeyManager) Load Uses

func (m *DataKeyManager) Load(ctx context.Context) error

Load must be called before calling other methods.

func (*DataKeyManager) SetActiveStoreKeyInfo Uses

func (m *DataKeyManager) SetActiveStoreKeyInfo(
    ctx context.Context, storeKeyInfo *enginepbccl.KeyInfo,
) error

SetActiveStoreKeyInfo sets the current active store key. Even though there may be a valid ActiveStoreKeyId in the DataKeysRegistry loaded from file, key rotation does not start until the first call to the following function. Each call to this function will rotate the active data key under the following conditions: - there is no active data key. - the active store key has changed.

This function should not be called for a read only store.

type FileCipherStreamCreator Uses

type FileCipherStreamCreator struct {
    // contains filtered or unexported fields
}

FileCipherStreamCreator wraps the KeyManager interface and provides functions to create a FileStream for either a new file (using the active key provided by the KeyManager) or an existing file (by looking up the key in the KeyManager).

func (*FileCipherStreamCreator) CreateExisting Uses

func (c *FileCipherStreamCreator) CreateExisting(
    settings *enginepbccl.EncryptionSettings,
) (FileStream, error)

CreateExisting creates a FileStream for an existing file by looking up the key described by settings in the key manager.

func (*FileCipherStreamCreator) CreateNew Uses

func (c *FileCipherStreamCreator) CreateNew(
    ctx context.Context,
) (*enginepbccl.EncryptionSettings, FileStream, error)

CreateNew creates a FileStream for a new file using the currently active key. It returns the settings used, so that the caller can record these in a file registry.

type FileStream Uses

type FileStream interface {
    // Encrypt encrypts the data to be written at fileOffset.
    Encrypt(fileOffset int64, data []byte)
    // Decrypt decrypts the data that has been read from fileOffset.
    Decrypt(fileOffset int64, data []byte)
}

FileStream encrypts/decrypts byte slices at arbitrary file offsets.

There are two implementations: a noop filePlainStream and a fileCipherStream that wraps a ctrBlockCipherStream. The ctrBlockCipherStream does AES in counter mode (CTR). CTR allows us to encrypt/decrypt at arbitrary byte offsets in a file (including partial blocks) without caring about what preceded the bytes.

type PebbleKeyManager Uses

type PebbleKeyManager interface {
    // ActiveKey returns the currently active key. If plaintext should be used it can return nil or
    // a key with encryption_type = Plaintext.
    ActiveKey(ctx context.Context) (*enginepbccl.SecretKey, error)

    // GetKey gets the key for the given id. Returns an error if the key was not found.
    GetKey(id string) (*enginepbccl.SecretKey, error)
}

PebbleKeyManager manages encryption keys. There are two implementations. See encrypted_fs.go for high-level context.

type StoreKeyManager Uses

type StoreKeyManager struct {
    // contains filtered or unexported fields
}

StoreKeyManager manages the user-provided keys. Implements PebbleKeyManager.

func (*StoreKeyManager) ActiveKey Uses

func (m *StoreKeyManager) ActiveKey(ctx context.Context) (*enginepbccl.SecretKey, error)

ActiveKey implements PebbleKeyManager.ActiveKey.

func (*StoreKeyManager) GetKey Uses

func (m *StoreKeyManager) GetKey(id string) (*enginepbccl.SecretKey, error)

GetKey implements PebbleKeyManager.GetKey.

func (*StoreKeyManager) Load Uses

func (m *StoreKeyManager) Load(ctx context.Context) error

Load must be called before calling other functions.

Directories

PathSynopsis
enginepbccl

Package engineccl imports 23 packages (graph) and is imported by 22 packages. Updated 2019-11-18. Refresh now. Tools for package owners.