forked from dgraph-io/badger
-
Notifications
You must be signed in to change notification settings - Fork 0
/
key_registry.go
416 lines (396 loc) · 12.5 KB
/
key_registry.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
/*
* Copyright 2019 Dgraph Labs, Inc. and Contributors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package badger
import (
"bytes"
"crypto/aes"
"crypto/rand"
"encoding/binary"
"hash/crc32"
"io"
"os"
"path/filepath"
"sync"
"time"
"github.com/dgraph-io/badger/pb"
"github.com/dgraph-io/badger/y"
)
const (
// KeyRegistryFileName is the file name for the key registry file.
KeyRegistryFileName = "KEYREGISTRY"
// KeyRegistryRewriteFileName is the file name for the rewrite key registry file.
KeyRegistryRewriteFileName = "REWRITE-KEYREGISTRY"
)
// SanityText is used to check whether the given user provided storage key is valid or not
var sanityText = []byte("Hello Badger")
// KeyRegistry used to maintain all the data keys.
type KeyRegistry struct {
sync.RWMutex
dataKeys map[uint64]*pb.DataKey
lastCreated int64 //lastCreated is the timestamp(seconds) of the last data key generated.
nextKeyID uint64
fp *os.File
opt KeyRegistryOptions
}
type KeyRegistryOptions struct {
Dir string
ReadOnly bool
EncryptionKey []byte
EncryptionKeyRotationDuration time.Duration
}
// newKeyRegistry returns KeyRegistry.
func newKeyRegistry(opt KeyRegistryOptions) *KeyRegistry {
return &KeyRegistry{
dataKeys: make(map[uint64]*pb.DataKey),
nextKeyID: 0,
opt: opt,
}
}
// OpenKeyRegistry opens key registry if it exists, otherwise it'll create key registry
// and returns key registry.
func OpenKeyRegistry(opt KeyRegistryOptions) (*KeyRegistry, error) {
// sanity check the encryption key length.
if len(opt.EncryptionKey) > 0 {
switch len(opt.EncryptionKey) {
default:
return nil, y.Wrapf(ErrInvalidEncryptionKey, "During OpenKeyRegistry")
case 16, 24, 32:
break
}
}
path := filepath.Join(opt.Dir, KeyRegistryFileName)
var flags uint32
if opt.ReadOnly {
flags |= y.ReadOnly
} else {
flags |= y.Sync
}
fp, err := y.OpenExistingFile(path, flags)
// OpenExistingFile just open file.
// So checking whether the file exist or not. If not
// We'll create new keyregistry.
if os.IsNotExist(err) {
// Creating new registry file if not exist.
kr := newKeyRegistry(opt)
if opt.ReadOnly {
return kr, nil
}
// Writing the key registry to the file.
if err := WriteKeyRegistry(kr, opt); err != nil {
return nil, y.Wrapf(err, "Error while writing key registry.")
}
fp, err = y.OpenExistingFile(path, flags)
if err != nil {
return nil, y.Wrapf(err, "Error while opening newly created key registry.")
}
} else if err != nil {
return nil, y.Wrapf(err, "Error while opening key registry.")
}
kr, err := readKeyRegistry(fp, opt)
if err != nil {
// This case happens only if the file is opened properly and
// not able to read.
fp.Close()
return nil, err
}
if opt.ReadOnly {
// We'll close the file in readonly mode.
return kr, fp.Close()
}
kr.fp = fp
return kr, nil
}
// keyRegistryIterator reads all the datakey from the key registry
type keyRegistryIterator struct {
encryptionKey []byte
fp *os.File
// lenCrcBuf contains crc buf and data length to move forward.
lenCrcBuf [8]byte
}
// newKeyRegistryIterator returns iterator which will allow you to iterate
// over the data key of the key registry.
func newKeyRegistryIterator(fp *os.File, encryptionKey []byte) (*keyRegistryIterator, error) {
return &keyRegistryIterator{
encryptionKey: encryptionKey,
fp: fp,
lenCrcBuf: [8]byte{},
}, validRegistry(fp, encryptionKey)
}
// validRegistry checks that given encryption key is valid or not.
func validRegistry(fp *os.File, encryptionKey []byte) error {
iv := make([]byte, aes.BlockSize)
var err error
if _, err = fp.Read(iv); err != nil {
return y.Wrapf(err, "Error while reading IV for key registry.")
}
eSanityText := make([]byte, len(sanityText))
if _, err = fp.Read(eSanityText); err != nil {
return y.Wrapf(err, "Error while reading sanity text.")
}
if len(encryptionKey) > 0 {
// Decrypting sanity text.
if eSanityText, err = y.XORBlock(eSanityText, encryptionKey, iv); err != nil {
return y.Wrapf(err, "During validRegistry")
}
}
// Check the given key is valid or not.
if !bytes.Equal(eSanityText, sanityText) {
return ErrEncryptionKeyMismatch
}
return nil
}
func (kri *keyRegistryIterator) next() (*pb.DataKey, error) {
var err error
// Read crc buf and data length.
if _, err = kri.fp.Read(kri.lenCrcBuf[:]); err != nil {
// EOF means end of the iteration.
if err != io.EOF {
return nil, y.Wrapf(err, "While reading crc in keyRegistryIterator.next")
}
return nil, err
}
l := int64(binary.BigEndian.Uint32(kri.lenCrcBuf[0:4]))
// Read protobuf data.
data := make([]byte, l)
if _, err = kri.fp.Read(data); err != nil {
// EOF means end of the iteration.
if err != io.EOF {
return nil, y.Wrapf(err, "While reading protobuf in keyRegistryIterator.next")
}
return nil, err
}
// Check checksum.
if crc32.Checksum(data, y.CastagnoliCrcTable) != binary.BigEndian.Uint32(kri.lenCrcBuf[4:]) {
return nil, y.Wrapf(y.ErrChecksumMismatch, "Error while checking checksum for data key.")
}
dataKey := &pb.DataKey{}
if err = dataKey.Unmarshal(data); err != nil {
return nil, y.Wrapf(err, "While unmarshal of datakey in keyRegistryIterator.next")
}
if len(kri.encryptionKey) > 0 {
// Decrypt the key if the storage key exists.
if dataKey.Data, err = y.XORBlock(dataKey.Data, kri.encryptionKey, dataKey.Iv); err != nil {
return nil, y.Wrapf(err, "While decrypting datakey in keyRegistryIterator.next")
}
}
return dataKey, nil
}
// readKeyRegistry will read the key registry file and build the key registry struct.
func readKeyRegistry(fp *os.File, opt KeyRegistryOptions) (*KeyRegistry, error) {
itr, err := newKeyRegistryIterator(fp, opt.EncryptionKey)
if err != nil {
return nil, err
}
kr := newKeyRegistry(opt)
var dk *pb.DataKey
dk, err = itr.next()
for err == nil && dk != nil {
if dk.KeyId > kr.nextKeyID {
// Set the maximum key ID for next key ID generation.
kr.nextKeyID = dk.KeyId
}
if dk.CreatedAt > kr.lastCreated {
// Set the last generated key timestamp.
kr.lastCreated = dk.CreatedAt
}
// No need to lock since we are building the initial state.
kr.dataKeys[dk.KeyId] = dk
// Forward the iterator.
dk, err = itr.next()
}
// We read all the key. So, Ignoring this error.
if err == io.EOF {
err = nil
}
return kr, err
}
/*
Structure of Key Registry.
+-------------------+---------------------+--------------------+--------------+------------------+
| IV | Sanity Text | DataKey1 | DataKey2 | ... |
+-------------------+---------------------+--------------------+--------------+------------------+
*/
// WriteKeyRegistry will rewrite the existing key registry file with new one.
// It is okay to give closed key registry. Since, it's using only the datakey.
func WriteKeyRegistry(reg *KeyRegistry, opt KeyRegistryOptions) error {
buf := &bytes.Buffer{}
iv, err := y.GenerateIV()
y.Check(err)
// Encrypt sanity text if the encryption key is presents.
eSanity := sanityText
if len(opt.EncryptionKey) > 0 {
var err error
eSanity, err = y.XORBlock(eSanity, opt.EncryptionKey, iv)
if err != nil {
return y.Wrapf(err, "Error while encrpting sanity text in WriteKeyRegistry")
}
}
y.Check2(buf.Write(iv))
y.Check2(buf.Write(eSanity))
// Write all the datakeys to the buf.
for _, k := range reg.dataKeys {
// Writing the datakey to the given buffer.
if err := storeDataKey(buf, opt.EncryptionKey, k); err != nil {
return y.Wrapf(err, "Error while storing datakey in WriteKeyRegistry")
}
}
tmpPath := filepath.Join(opt.Dir, KeyRegistryRewriteFileName)
// Open temporary file to write the data and do atomic rename.
fp, err := y.OpenTruncFile(tmpPath, true)
if err != nil {
return y.Wrapf(err, "Error while opening tmp file in WriteKeyRegistry")
}
// Write buf to the disk.
if _, err = fp.Write(buf.Bytes()); err != nil {
// close the fd before returning error. We're not using defer
// because, for windows we need to close the fd explicitly before
// renaming.
fp.Close()
return y.Wrapf(err, "Error while writing buf in WriteKeyRegistry")
}
// In Windows the files should be closed before doing a Rename.
if err = fp.Close(); err != nil {
return y.Wrapf(err, "Error while closing tmp file in WriteKeyRegistry")
}
// Rename to the original file.
if err = os.Rename(tmpPath, filepath.Join(opt.Dir, KeyRegistryFileName)); err != nil {
return y.Wrapf(err, "Error while renaming file in WriteKeyRegistry")
}
// Sync Dir.
return syncDir(opt.Dir)
}
// dataKey returns datakey of the given key id.
func (kr *KeyRegistry) dataKey(id uint64) (*pb.DataKey, error) {
kr.RLock()
defer kr.RUnlock()
if id == 0 {
// nil represent plain text.
return nil, nil
}
dk, ok := kr.dataKeys[id]
if !ok {
return nil, y.Wrapf(ErrInvalidDataKeyID, "Error for the KEY ID %d", id)
}
return dk, nil
}
// latestDataKey will give you the latest generated datakey based on the rotation
// period. If the last generated datakey lifetime exceeds the rotation period.
// It'll create new datakey.
func (kr *KeyRegistry) latestDataKey() (*pb.DataKey, error) {
if len(kr.opt.EncryptionKey) == 0 {
// nil is for no encryption.
return nil, nil
}
// validKey return datakey if the last generated key duration less than
// rotation duration.
validKey := func() (*pb.DataKey, bool) {
// Time diffrence from the last generated time.
diff := time.Since(time.Unix(kr.lastCreated, 0))
if diff < kr.opt.EncryptionKeyRotationDuration {
return kr.dataKeys[kr.nextKeyID], true
}
return nil, false
}
kr.RLock()
key, valid := validKey()
kr.RUnlock()
if valid {
// If less than EncryptionKeyRotationDuration, returns the last generated key.
return key, nil
}
kr.Lock()
defer kr.Unlock()
// Key might have generated by another go routine. So,
// checking once again.
key, valid = validKey()
if valid {
return key, nil
}
k := make([]byte, len(kr.opt.EncryptionKey))
iv, err := y.GenerateIV()
if err != nil {
return nil, err
}
_, err = rand.Read(k)
if err != nil {
return nil, err
}
// Otherwise Increment the KeyID and generate new datakey.
kr.nextKeyID++
dk := &pb.DataKey{
KeyId: kr.nextKeyID,
Data: k,
CreatedAt: time.Now().Unix(),
Iv: iv,
}
// Store the datekey.
buf := &bytes.Buffer{}
if err = storeDataKey(buf, kr.opt.EncryptionKey, dk); err != nil {
return nil, err
}
// Persist the datakey to the disk
if _, err = kr.fp.Write(buf.Bytes()); err != nil {
return nil, err
}
// storeDatakey encrypts the datakey So, placing un-encrypted key in the memory.
dk.Data = k
kr.lastCreated = dk.CreatedAt
kr.dataKeys[kr.nextKeyID] = dk
return dk, nil
}
// Close closes the key registry.
func (kr *KeyRegistry) Close() error {
if !kr.opt.ReadOnly {
return kr.fp.Close()
}
return nil
}
// storeDataKey stores datakey in an encrypted format in the given buffer. If storage key preset.
func storeDataKey(buf *bytes.Buffer, storageKey []byte, k *pb.DataKey) error {
// xor will encrypt the IV and xor with the given data.
// It'll used for both encryption and decryption.
xor := func() error {
if len(storageKey) == 0 {
return nil
}
var err error
k.Data, err = y.XORBlock(k.Data, storageKey, k.Iv)
return err
}
// In memory datakey will be plain text so encrypting before storing to the disk.
var err error
if err = xor(); err != nil {
return y.Wrapf(err, "Error while encrypting datakey in storeDataKey")
}
var data []byte
if data, err = k.Marshal(); err != nil {
err = y.Wrapf(err, "Error while marshaling datakey in storeDataKey")
var err2 error
// decrypting the datakey back.
if err2 = xor(); err2 != nil {
return y.Wrapf(err,
y.Wrapf(err2, "Error while decrypting datakey in storeDataKey").Error())
}
return err
}
var lenCrcBuf [8]byte
binary.BigEndian.PutUint32(lenCrcBuf[0:4], uint32(len(data)))
binary.BigEndian.PutUint32(lenCrcBuf[4:8], crc32.Checksum(data, y.CastagnoliCrcTable))
y.Check2(buf.Write(lenCrcBuf[:]))
y.Check2(buf.Write(data))
// Decrypting the datakey back since we're using the pointer.
return xor()
}