Encryption at rest support

[ewoutp]

What

This PR adds support for encrypting data stored by RocksDB when written to disk.

How

It adds an EncryptedEnv override of the Env class with matching overrides for sequential&random access files.
The encryption itself is done through a configurable EncryptionProvider. This class creates is asked to create BlockAccessCipherStream for a file. This is where the actual encryption/decryption is being done.
Currently there is a Counter mode implementation of BlockAccessCipherStream with a ROT13 block cipher (NOTE the ROT13 is for demo purposes only!!).

The Counter operation mode uses an initial counter & random initialization vector (IV).
Both are created randomly for each file and stored in a 4K (default size) block that is prefixed to that file. The EncryptedEnv implementation is such that clients of the Env class do not see this prefix (nor data, nor in filesize).
The largest part of the prefix block is also encrypted, and there is room left for implementation specific settings/values/keys in there.

Testing

To test the encryption, the DBTestBase class has been extended to consider a new environment variable called ENCRYPTED_ENV. If set, the test will setup a encrypted instance of the Env class to use for all tests.
Typically you would run it like this:

ENCRYPTED_ENV=1 make check_some

There is also an added test that checks that some data inserted into the database is or is not "visible" on disk. With ENCRYPTED_ENV active it must not find plain text strings, with ENCRYPTED_ENV unset, it must find the plain text strings.

[facebook-github-bot]

Thank you for your pull request and welcome to our community. We require contributors to sign our Contributor License Agreement, and we don't seem to have you on file. In order for us to review and merge your code, please sign up at https://code.facebook.com/cla. If you are contributing on behalf of someone else (eg your employer), the individual CLA may not be sufficient and your employer may need the corporate CLA signed.

If you have received this in error or have any questions, please contact us at cla@fb.com. Thanks!

[sagar0]

Thanks for your contribution!
Seems like Travis tests failed to kickoff, and there's also a merge conflict; so could you please rebase and submit again?

[facebook-github-bot]

@ewoutp updated the pull request - view changes

[facebook-github-bot]

@ewoutp updated the pull request - view changes

[facebook-github-bot]

@ewoutp updated the pull request - view changes

[facebook-github-bot]

@ewoutp updated the pull request - view changes

[facebook-github-bot]

@ewoutp updated the pull request - view changes

[sagar0]

Travis lite_builds are failing on both linux and mac. Can you please take a look?
Also, I just restarted linux platform_dependent test, as it failed with 'No space left on device' error. (rate_limiter test in Mac platform_dependent test suite has been consistently failing due to unrelated issues. So we can disregard it for now).

[ewoutp]

@sagar0 Shall I just wrap the entire file in #ifndef ROCKSDB_LITE?

[facebook-github-bot]

Thank you for signing our Contributor License Agreement. We can now accept your code for this (and any) Facebook open source project. Thanks!

[facebook-github-bot]

@ewoutp updated the pull request - view changes

[facebook-github-bot]

@ewoutp updated the pull request - view changes

[ewoutp]

Only java_test is failing. Have no clue how that is related.
Any ideas?

[sagar0]

Thanks for fixing the lite build. Java test is a little flaky ... so we don't need to worry about it most of the time (we are working on making it less flaky though). I'll take a look.

[sagar0]

Thanks for the contribution, and making the prior requested changes. This change looks good to me, and is ready to be accepted once the below few nits are fixed.

Could you run a "make format" once to adhere to the formatting rules.

[sagar0]

Would it also be possible to contribute a small example to show how this API can be used? It can be done in a separate pull request, when time permits.

[facebook-github-bot]

@ewoutp updated the pull request - view changes

[ewoutp]

Result of make format

$ make format
Makefile:105: Warning: Compiling in debug mode. Don't use the resulting binary in production
build_tools/format-diff.sh
Nothing needs to be reformatted!

[ewoutp]

As for sample code.

Typically you would implement a class derived from BlockCipher (see ROT13Cipher) and use it as follows:

ROT13BlockCipher rot13Cipher(16);
// ...
DBOptions options;
options.env = NewEncryptedEnv(Env::Default(), new CTREncryptionProvider(rot13Cipher));
// use options for opening/creating databases

[facebook-github-bot]

@ewoutp updated the pull request - view changes

[sagar0]

I am trying to import this PR on to Facebook's internal phabricator to run some tests, but unfortunately the import is failing. I am trying to figure out a way to move forward.

[facebook-github-bot]

@ewoutp updated the pull request - view changes

[sagar0]

@ewoutp Can you please rebase your changes on master?
We are encountering an issue when trying to import this PR onto our internal phabricator for running additional tests, and our workflow does not let us to merge the changes without that step.
I appreciate your patience while we are working through these kinks.

[facebook-github-bot]

@sdwilsh has imported this pull request. If you are a Facebook employee, you can view this diff on Phabricator.

[ewoutp]

@sagar0 looks like it's already merged. If anything is still needed, let me know.

[sagar0]

@ewoutp yeah, I merged it yesterday. @sdwilsh fixed an issue on our side in the import script, and helped in the process.

[vivekpm]

Is this available through RocksDBJNI?