/Users/deen/code/yugabyte-db/src/yb/encryption/encrypted_file.cc

Source (jump to first uncovered line)
// Copyright (c) YugaByte, Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
// in compliance with the License.  You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software distributed under the License
// is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
// or implied.  See the License for the specific language governing permissions and limitations
// under the License.
//

#include "yb/encryption/encrypted_file.h"

#include "yb/encryption/cipher_stream.h"
#include "yb/encryption/cipher_stream_fwd.h"
#include "yb/encryption/header_manager.h"
#include "yb/encryption/encryption_util.h"

#include "yb/util/env.h"
#include "yb/util/cast.h"
#include "yb/util/flag_tags.h"

DEFINE_bool(encryption_counter_overflow_read_path_workaround, true,
            "Enable a read-path workaround for the encryption counter overflow bug #3707. "
            "This is enabled by default and could be disabled to reproduce the bug in testing.");
TAG_FLAG(encryption_counter_overflow_read_path_workaround, advanced);
TAG_FLAG(encryption_counter_overflow_read_path_workaround, hidden);

namespace yb {
namespace encryption {

Status EncryptedRandomAccessFile::Create(
    std::unique_ptr<RandomAccessFile>* result, HeaderManager* header_manager,
    std::unique_ptr<RandomAccessFile> underlying) {
  return CreateRandomAccessFile<EncryptedRandomAccessFile, uint8_t>(
      result, header_manager, std::move(underlying));
}

Status EncryptedRandomAccessFile::ReadInternal(
    uint64_t offset,
    size_t n,
    Slice* result,
    char* scratch,
    EncryptionOverflowWorkaround counter_overflow_workaround) const {
  if (!scratch) {
    return STATUS(InvalidArgument, "scratch argument is null.");
  }
  uint8_t* buf = static_cast<uint8_t*>(EncryptionBuffer::Get()->GetBuffer(n));
  RETURN_NOT_OK(RandomAccessFileWrapper::Read(offset + header_size_, n, result, buf));
  RETURN_NOT_OK(stream_->Decrypt(offset, *result, scratch, counter_overflow_workaround));
  *result = Slice(scratch, result->size());
  return Status::OK();
}

Status EncryptedRandomAccessFile::Read(
    uint64_t offset, size_t n, Slice* result, uint8_t* scratch) const {
  return ReadInternal(offset, n, result, to_char_ptr(scratch),
                      EncryptionOverflowWorkaround::kFalse);
}

Status EncryptedRandomAccessFile::ReadAndValidate(
    uint64_t offset, size_t n, Slice* result, char* scratch, const ReadValidator& validator) {
  if (!FLAGS_encryption_counter_overflow_read_path_workaround ||
      stream_->UseOpensslCompatibleCounterOverflow()) {
    RETURN_NOT_OK(ReadInternal(offset, n, result, scratch, EncryptionOverflowWorkaround::kFalse));
    return validator.Validate(*result);
  }

  Status status_without_workaround;
  for (auto counter_overflow_workaround : EncryptionOverflowWorkaround::kValues) {
    RETURN_NOT_OK(ReadInternal(offset, n, result, scratch, counter_overflow_workaround));

    Status validation_status = validator.Validate(*result);
    if (!counter_overflow_workaround) {
      status_without_workaround = validation_status;
    }

    if (validation_status.ok()) {
      if (counter_overflow_workaround) {
        num_overflow_workarounds_.fetch_add(1, std::memory_order_relaxed);
      }
      return Status::OK();
    }
  }
  return status_without_workaround;
}

Result<uint64_t> EncryptedRandomAccessFile::Size() const {
  return VERIFY_RESULT(RandomAccessFileWrapper::Size()) - header_size_;
}

} // namespace encryption
} // namespace yb

Line	Count	Source (jump to first uncovered line)
1		// Copyright (c) YugaByte, Inc.
2		//
3		// Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
4		// in compliance with the License. You may obtain a copy of the License at
5		//
6		// http://www.apache.org/licenses/LICENSE-2.0
7		//
8		// Unless required by applicable law or agreed to in writing, software distributed under the License
9		// is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
10		// or implied. See the License for the specific language governing permissions and limitations
11		// under the License.
12		//
13
14		#include "yb/encryption/encrypted_file.h"
15
16		#include "yb/encryption/cipher_stream.h"
17		#include "yb/encryption/cipher_stream_fwd.h"
18		#include "yb/encryption/header_manager.h"
19		#include "yb/encryption/encryption_util.h"
20
21		#include "yb/util/env.h"
22		#include "yb/util/cast.h"
23		#include "yb/util/flag_tags.h"
24
25		DEFINE_bool(encryption_counter_overflow_read_path_workaround, true,
26		"Enable a read-path workaround for the encryption counter overflow bug #3707. "
27		"This is enabled by default and could be disabled to reproduce the bug in testing.");
28		TAG_FLAG(encryption_counter_overflow_read_path_workaround, advanced);
29		TAG_FLAG(encryption_counter_overflow_read_path_workaround, hidden);
30
31		namespace yb {
32		namespace encryption {
33
34		Status EncryptedRandomAccessFile::Create(
35		std::unique_ptr<RandomAccessFile>* result, HeaderManager* header_manager,
36	539k	std::unique_ptr<RandomAccessFile> underlying) {
37	539k	return CreateRandomAccessFile<EncryptedRandomAccessFile, uint8_t>(
38	539k	result, header_manager, std::move(underlying));
39	539k	}
40
41		Status EncryptedRandomAccessFile::ReadInternal(
42		uint64_t offset,
43		size_t n,
44		Slice* result,
45		char* scratch,
46	100k	EncryptionOverflowWorkaround counter_overflow_workaround) const {
47	100k	if (!scratch) {
48	0	return STATUS(InvalidArgument, "scratch argument is null.");
49	0	}
50	100k	uint8_t* buf = static_cast<uint8_t*>(EncryptionBuffer::Get()->GetBuffer(n));
51	100k	RETURN_NOT_OK(RandomAccessFileWrapper::Read(offset + header_size_, n, result, buf));
52	100k	RETURN_NOT_OK(stream_->Decrypt(offset, *result, scratch, counter_overflow_workaround));
53	100k	*result = Slice(scratch, result->size());
54	100k	return Status::OK();
55	100k	}
56
57		Status EncryptedRandomAccessFile::Read(
58	22	uint64_t offset, size_t n, Slice* result, uint8_t* scratch) const {
59	22	return ReadInternal(offset, n, result, to_char_ptr(scratch),
60	22	EncryptionOverflowWorkaround::kFalse);
61	22	}
62
63		Status EncryptedRandomAccessFile::ReadAndValidate(
64	100k	uint64_t offset, size_t n, Slice* result, char* scratch, const ReadValidator& validator) {
65	100k	if (!FLAGS_encryption_counter_overflow_read_path_workaround \|\|
66	100k	stream_->UseOpensslCompatibleCounterOverflow()) {
67	50.1k	RETURN_NOT_OK(ReadInternal(offset, n, result, scratch, EncryptionOverflowWorkaround::kFalse));
68	50.1k	return validator.Validate(*result);
69	50.1k	}
70
71	50.1k	Status status_without_workaround;
72	50.1k	for (auto counter_overflow_workaround : EncryptionOverflowWorkaround::kValues) {
73	50.1k	RETURN_NOT_OK(ReadInternal(offset, n, result, scratch, counter_overflow_workaround));
74
75	50.1k	Status validation_status = validator.Validate(*result);
76	50.1k	if (!counter_overflow_workaround) {
77	50.1k	status_without_workaround = validation_status;
78	50.1k	}
79
80	50.1k	if (validation_status.ok()) {
81	50.1k	if (counter_overflow_workaround) {
82	24	num_overflow_workarounds_.fetch_add(1, std::memory_order_relaxed);
83	24	}
84	50.1k	return Status::OK();
85	50.1k	}
86	50.1k	}
87	0	return status_without_workaround;
88	50.1k	}
89
90	4	Result<uint64_t> EncryptedRandomAccessFile::Size() const {
91	4	return VERIFY_RESULT(RandomAccessFileWrapper::Size()) - header_size_;
92	4	}
93
94		} // namespace encryption
95		} // namespace yb

YugabyteDB (2.13.1.0-b60, 21121d69985fbf76aa6958d8f04a9bfa936293b5)

Coverage Report

Created: 2022-03-22 16:43