From 602cd736e26cfaf7f5e8451c458e79885134779e Mon Sep 17 00:00:00 2001 From: Andreas Karlsson Date: Thu, 7 Aug 2025 13:22:04 +0200 Subject: [PATCH] Split key type enum into two to make code less confusing Also rename enum variants for consistency plus renumber the types for the WAL keys which is fine since this file is newly introduced which makes breaking backwards compatibility not an issue. --- contrib/pg_tde/src/access/pg_tde_tdemap.c | 24 ++++++++++++------- contrib/pg_tde/src/access/pg_tde_xlog_keys.c | 10 ++++---- contrib/pg_tde/src/access/pg_tde_xlog_smgr.c | 16 ++++++------- .../pg_tde/src/include/access/pg_tde_tdemap.h | 9 ------- .../src/include/access/pg_tde_xlog_keys.h | 9 ++++++- 5 files changed, 36 insertions(+), 32 deletions(-) diff --git a/contrib/pg_tde/src/access/pg_tde_tdemap.c b/contrib/pg_tde/src/access/pg_tde_tdemap.c index 60102c5da56..ed01210adcc 100644 --- a/contrib/pg_tde/src/access/pg_tde_tdemap.c +++ b/contrib/pg_tde/src/access/pg_tde_tdemap.c @@ -44,6 +44,12 @@ #define MAP_ENTRY_SIZE sizeof(TDEMapEntry) #define TDE_FILE_HEADER_SIZE sizeof(TDEFileHeader) +typedef enum +{ + MAP_ENTRY_TYPE_EMPTY = 0, + MAP_ENTRY_TYPE_KEY = 1, +} TDEMapEntryType; + typedef struct TDEFileHeader { int32 file_version; @@ -224,10 +230,10 @@ pg_tde_free_key_map_entry(const RelFileLocator rlocator) if (!pg_tde_read_one_map_entry(map_fd, &map_entry, &curr_pos)) break; - if (map_entry.type == TDE_KEY_TYPE_SMGR && map_entry.spcOid == rlocator.spcOid && map_entry.relNumber == rlocator.relNumber) + if (map_entry.type == MAP_ENTRY_TYPE_KEY && map_entry.spcOid == rlocator.spcOid && map_entry.relNumber == rlocator.relNumber) { TDEMapEntry empty_map_entry = { - .type = MAP_ENTRY_EMPTY, + .type = MAP_ENTRY_TYPE_EMPTY, }; pg_tde_write_one_map_entry(map_fd, &empty_map_entry, &prev_pos, db_map_path); @@ -303,7 +309,7 @@ pg_tde_perform_rotate_key(TDEPrincipalKey *principal_key, TDEPrincipalKey *new_p if (!pg_tde_read_one_map_entry(old_fd, &read_map_entry, &old_curr_pos)) break; - if (read_map_entry.type == MAP_ENTRY_EMPTY) + if (read_map_entry.type == MAP_ENTRY_TYPE_EMPTY) continue; rloc.spcOid = read_map_entry.spcOid; @@ -422,7 +428,7 @@ pg_tde_initialize_map_entry(TDEMapEntry *map_entry, const TDEPrincipalKey *princ { map_entry->spcOid = rlocator->spcOid; map_entry->relNumber = rlocator->relNumber; - map_entry->type = TDE_KEY_TYPE_SMGR; + map_entry->type = MAP_ENTRY_TYPE_KEY; map_entry->enc_key = *rel_key_data; /* @@ -510,7 +516,7 @@ pg_tde_write_key_map_entry(const RelFileLocator *rlocator, const InternalKey *re break; } - if (read_map_entry.type == MAP_ENTRY_EMPTY) + if (read_map_entry.type == MAP_ENTRY_TYPE_EMPTY) { curr_pos = prev_pos; break; @@ -529,8 +535,8 @@ pg_tde_write_key_map_entry(const RelFileLocator *rlocator, const InternalKey *re /* * Returns true if we find a valid match; e.g. type is not set to - * MAP_ENTRY_EMPTY and the relNumber and spcOid matches the one provided in - * rlocator. + * MAP_ENTRY_TYPE_EMPTY and the relNumber and spcOid matches the one provided + * in rlocator. */ static bool pg_tde_find_map_entry(const RelFileLocator *rlocator, char *db_map_path, TDEMapEntry *map_entry) @@ -545,7 +551,7 @@ pg_tde_find_map_entry(const RelFileLocator *rlocator, char *db_map_path, TDEMapE while (pg_tde_read_one_map_entry(map_fd, map_entry, &curr_pos)) { - if (map_entry->type == TDE_KEY_TYPE_SMGR && map_entry->spcOid == rlocator->spcOid && map_entry->relNumber == rlocator->relNumber) + if (map_entry->type == MAP_ENTRY_TYPE_KEY && map_entry->spcOid == rlocator->spcOid && map_entry->relNumber == rlocator->relNumber) { found = true; break; @@ -584,7 +590,7 @@ pg_tde_count_encryption_keys(Oid dbOid) while (pg_tde_read_one_map_entry(map_fd, &map_entry, &curr_pos)) { - if (map_entry.type == TDE_KEY_TYPE_SMGR) + if (map_entry.type == MAP_ENTRY_TYPE_KEY) count++; } diff --git a/contrib/pg_tde/src/access/pg_tde_xlog_keys.c b/contrib/pg_tde/src/access/pg_tde_xlog_keys.c index d2a74be0f55..2af45c0f363 100644 --- a/contrib/pg_tde/src/access/pg_tde_xlog_keys.c +++ b/contrib/pg_tde/src/access/pg_tde_xlog_keys.c @@ -114,7 +114,7 @@ pg_tde_wal_last_key_set_location(WalLocation loc) if (wal_location_cmp(prev_entry.enc_key.wal_start, loc) >= 0) { - prev_entry.enc_key.type = TDE_KEY_TYPE_WAL_INVALID; + prev_entry.enc_key.type = WAL_KEY_TYPE_INVALID; if (pg_pwrite(fd, &prev_entry, sizeof(WalKeyFileEntry), prev_key_pos) != sizeof(WalKeyFileEntry)) { @@ -145,7 +145,7 @@ pg_tde_wal_last_key_set_location(WalLocation loc) * with the actual lsn by the first WAL write. */ void -pg_tde_create_wal_key(WalEncryptionKey *rel_key_data, TDEMapEntryType entry_type) +pg_tde_create_wal_key(WalEncryptionKey *rel_key_data, WalEncryptionKeyType entry_type) { TDEPrincipalKey *principal_key; @@ -159,7 +159,7 @@ pg_tde_create_wal_key(WalEncryptionKey *rel_key_data, TDEMapEntryType entry_type errhint("Use pg_tde_set_server_key_using_global_key_provider() to configure one.")); } - /* TODO: no need in generating key if TDE_KEY_TYPE_WAL_UNENCRYPTED */ + /* TODO: no need in generating key if WAL_KEY_TYPE_UNENCRYPTED */ rel_key_data->type = entry_type; rel_key_data->wal_start.lsn = InvalidXLogRecPtr; rel_key_data->wal_start.tli = 0; @@ -302,8 +302,8 @@ pg_tde_fetch_wal_keys(WalLocation start) * Skip new (just created but not updated by write) and invalid keys */ if (wal_location_valid(entry.enc_key.wal_start) && - (entry.enc_key.type == TDE_KEY_TYPE_WAL_UNENCRYPTED || - entry.enc_key.type == TDE_KEY_TYPE_WAL_ENCRYPTED) && + (entry.enc_key.type == WAL_KEY_TYPE_UNENCRYPTED || + entry.enc_key.type == WAL_KEY_TYPE_ENCRYPTED) && wal_location_cmp(entry.enc_key.wal_start, start) >= 0) { WalEncryptionKey *rel_key_data = pg_tde_decrypt_wal_key(principal_key, &entry); diff --git a/contrib/pg_tde/src/access/pg_tde_xlog_smgr.c b/contrib/pg_tde/src/access/pg_tde_xlog_smgr.c index cbffeeff458..aca076423a6 100644 --- a/contrib/pg_tde/src/access/pg_tde_xlog_smgr.c +++ b/contrib/pg_tde/src/access/pg_tde_xlog_smgr.c @@ -44,7 +44,7 @@ static void *EncryptionCryptCtx = NULL; /* TODO: can be swapped out to the disk */ static WalEncryptionKey EncryptionKey = { - .type = MAP_ENTRY_EMPTY, + .type = WAL_KEY_TYPE_INVALID, .wal_start = {.tli = 0,.lsn = InvalidXLogRecPtr}, }; @@ -234,11 +234,11 @@ TDEXLogSmgrInitWrite(bool encrypt_xlog) */ if (encrypt_xlog) { - pg_tde_create_wal_key(&EncryptionKey, TDE_KEY_TYPE_WAL_ENCRYPTED); + pg_tde_create_wal_key(&EncryptionKey, WAL_KEY_TYPE_ENCRYPTED); } - else if (key && key->type == TDE_KEY_TYPE_WAL_ENCRYPTED) + else if (key && key->type == WAL_KEY_TYPE_ENCRYPTED) { - pg_tde_create_wal_key(&EncryptionKey, TDE_KEY_TYPE_WAL_UNENCRYPTED); + pg_tde_create_wal_key(&EncryptionKey, WAL_KEY_TYPE_UNENCRYPTED); } else if (key) { @@ -304,7 +304,7 @@ tdeheap_xlog_seg_write(int fd, const void *buf, size_t count, off_t offset, * * This func called with WALWriteLock held, so no need in any extra sync. */ - if (EncryptionKey.type != MAP_ENTRY_EMPTY && TDEXLogGetEncKeyLsn() == 0) + if (EncryptionKey.type != WAL_KEY_TYPE_INVALID && TDEXLogGetEncKeyLsn() == 0) { WalLocation loc = {.tli = tli}; @@ -315,7 +315,7 @@ tdeheap_xlog_seg_write(int fd, const void *buf, size_t count, off_t offset, TDEXLogSetEncKeyLocation(EncryptionKey.wal_start); } - if (EncryptionKey.type == TDE_KEY_TYPE_WAL_ENCRYPTED) + if (EncryptionKey.type == WAL_KEY_TYPE_ENCRYPTED) return TDEXLogWriteEncryptedPages(fd, buf, count, offset, tli, segno); else return pg_pwrite(fd, buf, count, offset); @@ -389,11 +389,11 @@ tdeheap_xlog_seg_read(int fd, void *buf, size_t count, off_t offset, elog(DEBUG1, "WAL key %u_%X/%X - %u_%X/%X, encrypted: %s", curr_key->start.tli, LSN_FORMAT_ARGS(curr_key->start.lsn), curr_key->end.tli, LSN_FORMAT_ARGS(curr_key->end.lsn), - curr_key->key.type == TDE_KEY_TYPE_WAL_ENCRYPTED ? "yes" : "no"); + curr_key->key.type == WAL_KEY_TYPE_ENCRYPTED ? "yes" : "no"); #endif if (wal_location_valid(curr_key->key.wal_start) && - curr_key->key.type == TDE_KEY_TYPE_WAL_ENCRYPTED) + curr_key->key.type == WAL_KEY_TYPE_ENCRYPTED) { /* * Check if the key's range overlaps with the buffer's and decypt diff --git a/contrib/pg_tde/src/include/access/pg_tde_tdemap.h b/contrib/pg_tde/src/include/access/pg_tde_tdemap.h index 8c8781380d7..1cf39990eac 100644 --- a/contrib/pg_tde/src/include/access/pg_tde_tdemap.h +++ b/contrib/pg_tde/src/include/access/pg_tde_tdemap.h @@ -6,15 +6,6 @@ #include "catalog/tde_principal_key.h" #include "common/pg_tde_utils.h" -typedef enum -{ - MAP_ENTRY_EMPTY = 0, - TDE_KEY_TYPE_SMGR = 1, - TDE_KEY_TYPE_WAL_UNENCRYPTED = 2, - TDE_KEY_TYPE_WAL_ENCRYPTED = 3, - TDE_KEY_TYPE_WAL_INVALID = 4, -} TDEMapEntryType; - #define INTERNAL_KEY_LEN 16 #define INTERNAL_KEY_IV_LEN 16 diff --git a/contrib/pg_tde/src/include/access/pg_tde_xlog_keys.h b/contrib/pg_tde/src/include/access/pg_tde_xlog_keys.h index 68835ac11e8..6c92f81ec4a 100644 --- a/contrib/pg_tde/src/include/access/pg_tde_xlog_keys.h +++ b/contrib/pg_tde/src/include/access/pg_tde_xlog_keys.h @@ -6,6 +6,13 @@ #include "access/pg_tde_tdemap.h" #include "catalog/tde_principal_key.h" +typedef enum +{ + WAL_KEY_TYPE_INVALID = 0, + WAL_KEY_TYPE_UNENCRYPTED = 1, + WAL_KEY_TYPE_ENCRYPTED = 2, +} WalEncryptionKeyType; + typedef struct WalLocation { XLogRecPtr lsn; @@ -65,7 +72,7 @@ typedef struct WALKeyCacheRec } WALKeyCacheRec; extern int pg_tde_count_wal_keys_in_file(void); -extern void pg_tde_create_wal_key(WalEncryptionKey *rel_key_data, TDEMapEntryType entry_type); +extern void pg_tde_create_wal_key(WalEncryptionKey *rel_key_data, WalEncryptionKeyType entry_type); extern void pg_tde_delete_server_key(void); extern WALKeyCacheRec *pg_tde_fetch_wal_keys(WalLocation start); extern WALKeyCacheRec *pg_tde_get_last_wal_key(void);