2021-07-11 09:22:30 +00:00
|
|
|
#include <Disks/DiskEncrypted.h>
|
2021-05-18 20:48:16 +00:00
|
|
|
|
|
|
|
|
#if USE_SSL
|
2021-07-11 09:22:30 +00:00
|
|
|
#include <Disks/DiskFactory.h>
|
|
|
|
|
#include <IO/FileEncryptionCommon.h>
|
|
|
|
|
#include <IO/ReadBufferFromEncryptedFile.h>
|
|
|
|
|
#include <IO/WriteBufferFromEncryptedFile.h>
|
2021-07-11 19:26:39 +00:00
|
|
|
#include <boost/algorithm/hex.hpp>
|
2021-05-14 21:52:51 +00:00
|
|
|
|
2021-05-17 16:58:51 +00:00
|
|
|
|
2021-05-13 06:37:05 +00:00
|
|
|
namespace DB
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
namespace ErrorCodes
|
|
|
|
|
{
|
2021-07-11 19:26:39 +00:00
|
|
|
extern const int BAD_ARGUMENTS;
|
2021-05-13 06:37:05 +00:00
|
|
|
extern const int INCORRECT_DISK_INDEX;
|
|
|
|
|
}
|
|
|
|
|
|
2021-07-11 19:26:39 +00:00
|
|
|
namespace
|
|
|
|
|
{
|
|
|
|
|
using DiskEncryptedPtr = std::shared_ptr<DiskEncrypted>;
|
|
|
|
|
using namespace FileEncryption;
|
|
|
|
|
|
2021-07-17 13:35:15 +00:00
|
|
|
constexpr Algorithm DEFAULT_ENCRYPTION_ALGORITHM = Algorithm::AES_128_CTR;
|
|
|
|
|
|
|
|
|
|
String unhexKey(const String & hex)
|
2021-07-11 19:26:39 +00:00
|
|
|
{
|
|
|
|
|
try
|
|
|
|
|
{
|
|
|
|
|
return boost::algorithm::unhex(hex);
|
|
|
|
|
}
|
|
|
|
|
catch (const std::exception &)
|
|
|
|
|
{
|
2021-07-17 13:35:15 +00:00
|
|
|
throw Exception(ErrorCodes::BAD_ARGUMENTS, "Cannot read key_hex, check for valid characters [0-9a-fA-F] and length");
|
2021-07-11 19:26:39 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
struct DiskEncryptedSettings
|
|
|
|
|
{
|
2021-07-17 13:35:15 +00:00
|
|
|
Algorithm encryption_algorithm;
|
2021-07-11 19:26:39 +00:00
|
|
|
String key;
|
|
|
|
|
DiskPtr wrapped_disk;
|
|
|
|
|
String path_on_wrapped_disk;
|
|
|
|
|
|
|
|
|
|
DiskEncryptedSettings(
|
|
|
|
|
const String & disk_name, const Poco::Util::AbstractConfiguration & config, const String & config_prefix, const DisksMap & map)
|
|
|
|
|
{
|
2021-07-17 13:35:15 +00:00
|
|
|
try
|
2021-07-11 19:26:39 +00:00
|
|
|
{
|
2021-07-17 13:35:15 +00:00
|
|
|
encryption_algorithm = DEFAULT_ENCRYPTION_ALGORITHM;
|
|
|
|
|
if (config.has(config_prefix + ".algorithm"))
|
|
|
|
|
parseFromString(encryption_algorithm, config.getString(config_prefix + ".algorithm"));
|
|
|
|
|
|
|
|
|
|
key = config.getString(config_prefix + ".key", "");
|
|
|
|
|
String key_hex = config.getString(config_prefix + ".key_hex", "");
|
|
|
|
|
if (!key.empty() && !key_hex.empty())
|
|
|
|
|
throw Exception(ErrorCodes::BAD_ARGUMENTS, "Both 'key' and 'key_hex' are specified. There should be only one");
|
|
|
|
|
|
|
|
|
|
if (!key_hex.empty())
|
|
|
|
|
{
|
|
|
|
|
assert(key.empty());
|
|
|
|
|
key = unhexKey(key_hex);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
FileEncryption::checkKeySize(encryption_algorithm, key.size());
|
|
|
|
|
|
|
|
|
|
String wrapped_disk_name = config.getString(config_prefix + ".disk", "");
|
|
|
|
|
if (wrapped_disk_name.empty())
|
|
|
|
|
throw Exception(
|
|
|
|
|
ErrorCodes::BAD_ARGUMENTS,
|
|
|
|
|
"Name of the wrapped disk must not be empty. An encrypted disk is a wrapper over another disk");
|
|
|
|
|
|
|
|
|
|
auto wrapped_disk_it = map.find(wrapped_disk_name);
|
|
|
|
|
if (wrapped_disk_it == map.end())
|
|
|
|
|
throw Exception(
|
|
|
|
|
ErrorCodes::BAD_ARGUMENTS,
|
|
|
|
|
"The wrapped disk must have been announced earlier. No disk with name {}",
|
|
|
|
|
wrapped_disk_name);
|
|
|
|
|
wrapped_disk = wrapped_disk_it->second;
|
|
|
|
|
|
|
|
|
|
path_on_wrapped_disk = config.getString(config_prefix + ".path", "");
|
|
|
|
|
}
|
|
|
|
|
catch (Exception & e)
|
|
|
|
|
{
|
|
|
|
|
e.addMessage("Disk " + disk_name);
|
|
|
|
|
throw;
|
2021-07-11 19:26:39 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
bool inline isSameDiskType(const IDisk & one, const IDisk & another)
|
|
|
|
|
{
|
|
|
|
|
return typeid(one) == typeid(another);
|
|
|
|
|
}
|
|
|
|
|
}
|
2021-05-13 06:37:05 +00:00
|
|
|
|
|
|
|
|
class DiskEncryptedReservation : public IReservation
|
|
|
|
|
{
|
|
|
|
|
public:
|
|
|
|
|
DiskEncryptedReservation(DiskEncryptedPtr disk_, std::unique_ptr<IReservation> reservation_)
|
|
|
|
|
: disk(std::move(disk_)), reservation(std::move(reservation_))
|
|
|
|
|
{
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
UInt64 getSize() const override { return reservation->getSize(); }
|
|
|
|
|
|
2021-05-19 22:06:25 +00:00
|
|
|
DiskPtr getDisk(size_t i) const override
|
|
|
|
|
{
|
2021-05-13 06:37:05 +00:00
|
|
|
if (i != 0)
|
|
|
|
|
throw Exception("Can't use i != 0 with single disk reservation", ErrorCodes::INCORRECT_DISK_INDEX);
|
|
|
|
|
return disk;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
Disks getDisks() const override { return {disk}; }
|
|
|
|
|
|
|
|
|
|
void update(UInt64 new_size) override { reservation->update(new_size); }
|
|
|
|
|
|
|
|
|
|
private:
|
|
|
|
|
DiskEncryptedPtr disk;
|
|
|
|
|
std::unique_ptr<IReservation> reservation;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
ReservationPtr DiskEncrypted::reserve(UInt64 bytes)
|
|
|
|
|
{
|
2021-05-14 21:52:51 +00:00
|
|
|
auto reservation = delegate->reserve(bytes);
|
2021-05-13 06:37:05 +00:00
|
|
|
if (!reservation)
|
|
|
|
|
return {};
|
|
|
|
|
return std::make_unique<DiskEncryptedReservation>(std::static_pointer_cast<DiskEncrypted>(shared_from_this()), std::move(reservation));
|
|
|
|
|
}
|
|
|
|
|
|
2021-07-17 13:35:15 +00:00
|
|
|
DiskEncrypted::DiskEncrypted(
|
|
|
|
|
const String & name_,
|
|
|
|
|
DiskPtr wrapped_disk_,
|
|
|
|
|
const String & path_on_wrapped_disk_,
|
|
|
|
|
FileEncryption::Algorithm encryption_algorithm_,
|
|
|
|
|
const String & key_)
|
|
|
|
|
: DiskDecorator(wrapped_disk_), name(name_), disk_path(path_on_wrapped_disk_), encryption_algorithm(encryption_algorithm_), key(key_)
|
2021-07-11 09:22:30 +00:00
|
|
|
{
|
|
|
|
|
initialize();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void DiskEncrypted::initialize()
|
|
|
|
|
{
|
2021-07-11 19:26:39 +00:00
|
|
|
disk_absolute_path = delegate->getPath() + disk_path;
|
|
|
|
|
|
2021-07-11 09:22:30 +00:00
|
|
|
// use wrapped_disk as an EncryptedDisk store
|
|
|
|
|
if (disk_path.empty())
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
if (disk_path.back() != '/')
|
2021-07-11 19:26:39 +00:00
|
|
|
throw Exception("Disk path must ends with '/', but '" + disk_path + "' doesn't.", ErrorCodes::BAD_ARGUMENTS);
|
2021-07-11 09:22:30 +00:00
|
|
|
|
|
|
|
|
delegate->createDirectories(disk_path);
|
|
|
|
|
}
|
|
|
|
|
|
2021-07-11 19:26:39 +00:00
|
|
|
void DiskEncrypted::copy(const String & from_path, const std::shared_ptr<IDisk> & to_disk, const String & to_path)
|
|
|
|
|
{
|
|
|
|
|
/// Check if we can copy the file without deciphering.
|
|
|
|
|
if (isSameDiskType(*this, *to_disk))
|
|
|
|
|
{
|
|
|
|
|
/// Disk type is the same, check if the key is the same too.
|
|
|
|
|
if (auto * to_encrypted_disk = typeid_cast<DiskEncrypted *>(to_disk.get()))
|
|
|
|
|
{
|
2021-07-17 13:35:15 +00:00
|
|
|
if ((encryption_algorithm == to_encrypted_disk->encryption_algorithm) && (key == to_encrypted_disk->key))
|
2021-07-11 19:26:39 +00:00
|
|
|
{
|
|
|
|
|
/// Key is the same so we can simply copy the encrypted file.
|
2021-07-17 13:35:15 +00:00
|
|
|
delegate->copy(wrappedPath(from_path), to_encrypted_disk->delegate, to_encrypted_disk->wrappedPath(to_path));
|
2021-07-11 19:26:39 +00:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Copy the file through buffers with deciphering.
|
|
|
|
|
copyThroughBuffers(from_path, to_disk, to_path);
|
|
|
|
|
}
|
|
|
|
|
|
2021-05-13 06:37:05 +00:00
|
|
|
std::unique_ptr<ReadBufferFromFileBase> DiskEncrypted::readFile(
|
|
|
|
|
const String & path,
|
|
|
|
|
size_t buf_size,
|
|
|
|
|
size_t estimated_size,
|
|
|
|
|
size_t aio_threshold,
|
|
|
|
|
size_t mmap_threshold,
|
2021-05-13 16:21:45 +00:00
|
|
|
MMappedFileCache * mmap_cache) const
|
|
|
|
|
{
|
|
|
|
|
auto wrapped_path = wrappedPath(path);
|
2021-05-14 21:52:51 +00:00
|
|
|
auto buffer = delegate->readFile(wrapped_path, buf_size, estimated_size, aio_threshold, mmap_threshold, mmap_cache);
|
2021-05-16 22:35:20 +00:00
|
|
|
|
2021-07-11 19:26:39 +00:00
|
|
|
InitVector iv;
|
|
|
|
|
iv.read(*buffer);
|
2021-07-17 13:35:15 +00:00
|
|
|
return std::make_unique<ReadBufferFromEncryptedFile>(buf_size, std::move(buffer), encryption_algorithm, key, iv);
|
2021-05-13 06:37:05 +00:00
|
|
|
}
|
|
|
|
|
|
2021-07-11 09:22:30 +00:00
|
|
|
std::unique_ptr<WriteBufferFromFileBase> DiskEncrypted::writeFile(const String & path, size_t buf_size, WriteMode mode)
|
2021-05-13 16:21:45 +00:00
|
|
|
{
|
2021-07-11 19:26:39 +00:00
|
|
|
InitVector iv;
|
|
|
|
|
UInt64 old_file_size = 0;
|
2021-05-13 16:21:45 +00:00
|
|
|
auto wrapped_path = wrappedPath(path);
|
2021-05-16 22:35:20 +00:00
|
|
|
|
2021-05-18 20:02:19 +00:00
|
|
|
if (mode == WriteMode::Append && exists(path) && getFileSize(path))
|
2021-05-17 16:15:21 +00:00
|
|
|
{
|
2021-07-11 19:26:39 +00:00
|
|
|
auto read_buffer = delegate->readFile(wrapped_path, InitVector::kSize);
|
|
|
|
|
iv.read(*read_buffer);
|
|
|
|
|
old_file_size = getFileSize(path);
|
2021-05-14 21:52:51 +00:00
|
|
|
}
|
2021-05-18 20:02:19 +00:00
|
|
|
else
|
2021-07-11 19:26:39 +00:00
|
|
|
iv = InitVector::random();
|
2021-05-16 22:35:20 +00:00
|
|
|
|
2021-05-14 21:52:51 +00:00
|
|
|
auto buffer = delegate->writeFile(wrapped_path, buf_size, mode);
|
2021-07-17 13:35:15 +00:00
|
|
|
return std::make_unique<WriteBufferFromEncryptedFile>(buf_size, std::move(buffer), encryption_algorithm, key, iv, old_file_size);
|
2021-05-14 21:52:51 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
size_t DiskEncrypted::getFileSize(const String & path) const
|
|
|
|
|
{
|
|
|
|
|
auto wrapped_path = wrappedPath(path);
|
|
|
|
|
size_t size = delegate->getFileSize(wrapped_path);
|
2021-07-11 19:26:39 +00:00
|
|
|
return size > InitVector::kSize ? (size - InitVector::kSize) : 0;
|
2021-05-13 06:37:05 +00:00
|
|
|
}
|
|
|
|
|
|
2021-05-13 16:21:45 +00:00
|
|
|
void DiskEncrypted::truncateFile(const String & path, size_t size)
|
|
|
|
|
{
|
|
|
|
|
auto wrapped_path = wrappedPath(path);
|
2021-07-11 19:26:39 +00:00
|
|
|
delegate->truncateFile(wrapped_path, size ? (size + InitVector::kSize) : 0);
|
2021-05-13 06:37:05 +00:00
|
|
|
}
|
|
|
|
|
|
2021-05-13 16:21:45 +00:00
|
|
|
SyncGuardPtr DiskEncrypted::getDirectorySyncGuard(const String & path) const
|
|
|
|
|
{
|
|
|
|
|
auto wrapped_path = wrappedPath(path);
|
2021-05-14 21:52:51 +00:00
|
|
|
return delegate->getDirectorySyncGuard(wrapped_path);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void DiskEncrypted::applyNewSettings(
|
|
|
|
|
const Poco::Util::AbstractConfiguration & config,
|
2021-06-18 05:36:50 +00:00
|
|
|
ContextPtr /*context*/,
|
2021-05-14 21:52:51 +00:00
|
|
|
const String & config_prefix,
|
|
|
|
|
const DisksMap & map)
|
|
|
|
|
{
|
2021-07-11 19:26:39 +00:00
|
|
|
DiskEncryptedSettings settings{name, config, config_prefix, map};
|
|
|
|
|
delegate = settings.wrapped_disk;
|
|
|
|
|
disk_path = settings.path_on_wrapped_disk;
|
2021-07-17 13:35:15 +00:00
|
|
|
encryption_algorithm = settings.encryption_algorithm;
|
|
|
|
|
key = settings.key;
|
2021-05-14 21:52:51 +00:00
|
|
|
initialize();
|
2021-05-13 06:37:05 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void registerDiskEncrypted(DiskFactory & factory)
|
|
|
|
|
{
|
|
|
|
|
auto creator = [](const String & name,
|
|
|
|
|
const Poco::Util::AbstractConfiguration & config,
|
|
|
|
|
const String & config_prefix,
|
2021-06-18 05:36:50 +00:00
|
|
|
ContextPtr /*context*/,
|
2021-07-11 19:26:39 +00:00
|
|
|
const DisksMap & map) -> DiskPtr
|
|
|
|
|
{
|
|
|
|
|
DiskEncryptedSettings settings{name, config, config_prefix, map};
|
2021-07-17 13:35:15 +00:00
|
|
|
return std::make_shared<DiskEncrypted>(
|
|
|
|
|
name, settings.wrapped_disk, settings.path_on_wrapped_disk, settings.encryption_algorithm, settings.key);
|
2021-05-13 06:37:05 +00:00
|
|
|
};
|
|
|
|
|
factory.registerDiskType("encrypted", creator);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
}
|
2021-05-18 20:48:16 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
#endif
|
