Skip to content
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -47,4 +47,8 @@ public static Cipher borrowCipher(@Nonnull String cipherName) throws GeneralSecu
public static void returnCipher(@Nonnull Cipher cipher) {
MAPPED_POOL.offer(cipher.getAlgorithm(), cipher);
}

public static void invalidateAll() {
MAPPED_POOL.invalidateAll();
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,77 @@
/*
* FixedZeroKeyManager.java
*
* This source file is part of the FoundationDB open source project
*
* Copyright 2015-2025 Apple Inc. and the FoundationDB project authors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

package com.apple.foundationdb.record.provider.common;

import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import java.security.Key;
import java.security.SecureRandom;
import java.util.Random;

/**
* A {@link SerializationKeyManager} that always returns the same fixed {@link Key}.
*/
public class FixedZeroKeyManager implements SerializationKeyManager {
private final Key encryptionKey;
private final String cipherName;
private final SecureRandom secureRandom;

public FixedZeroKeyManager(@Nonnull Key encryptionKey, @Nullable String cipherName, @Nullable SecureRandom secureRandom) {
if (cipherName == null) {
cipherName = CipherPool.DEFAULT_CIPHER;
}
if (secureRandom == null) {
secureRandom = new SecureRandom();
}
this.encryptionKey = encryptionKey;
this.cipherName = cipherName;
this.secureRandom = secureRandom;
}

@Override
public int getSerializationKey() {
return 0;
}

@Override
public Key getKey(int keyNumber) {
if (keyNumber != 0) {
throw new RecordSerializationException("only provide key number 0");
}
return encryptionKey;
}

@Override
public String getCipher(int keyNumber) {
if (keyNumber != 0) {
throw new RecordSerializationException("only provide key number 0");
}
return cipherName;
}

@Override
public Random getRandom(int keyNumber) {
if (keyNumber != 0) {
throw new RecordSerializationException("only provide key number 0");
}
return secureRandom;
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -103,6 +103,13 @@ public int getPoolSize(K key) {
return queue == null ? 0 : queue.size();
}

/**
* Invalidate all entries in the pool.
*/
public void invalidateAll() {
pool.invalidateAll();
}

/**
* Function with Exceptions to provide the pool.
*
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
/*
* TransformedRecordSerializerKeyManager.java
*
* This source file is part of the FoundationDB open source project
*
* Copyright 2015-2018 Apple Inc. and the FoundationDB project authors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

package com.apple.foundationdb.record.provider.common;

import com.apple.foundationdb.annotation.API;

import java.security.Key;
import java.util.Random;

/**
* An interface between encrypting serialization, such as {@link TransformedRecordSerializerJCE}, and a source of keys
* with associated cipher algorithms. Each key is identified by a unique <em>key number</em>, which is persisted in
* the serialization so that the key can be recovered at deserialization time.
*/
@API(API.Status.EXPERIMENTAL)
public interface SerializationKeyManager {
/**
* Get the key number to be used for <em>serializing</em> a record.
* Typically, this would be the <em>latest</em> key.
* @return the key number to use
*/
int getSerializationKey();

/**
* Get the key with the given key number.
* @param keyNumber the unique key identifier
* @return the cipher used with this key
*/
Key getKey(int keyNumber);

/**
* Get the name of the cipher used with the given key number.
* @param keyNumber the unique key identifier
* @return the cipher used with this key
*/
String getCipher(int keyNumber);

/**
* Get a random generator to fill IVs when encrypting.
* Normally this would be a {@link java.security.SecureRandom} and would not depend on the key.
*/
// TODO: Perhaps it would be better to have the KM give out an IvParameterSpec or something?
// Maybe wait until we have another algorithm that's different enough.

Check warning on line 61 in fdb-record-layer-core/src/main/java/com/apple/foundationdb/record/provider/common/SerializationKeyManager.java

View check run for this annotation

fdb.teamscale.io / Teamscale | Findings

fdb-record-layer-core/src/main/java/com/apple/foundationdb/record/provider/common/SerializationKeyManager.java#L60-L61

TODO: Perhaps it would be better to have the KM give out an IvParameterSpec or something? https://fdb.teamscale.io/findings/details/foundationdb-fdb-record-layer?t=FORK_MR%2F3522%2FMMcM%2Fserializer-keys%3AHEAD&id=F124C8DB0B307DD202CAAB668243349E
Random getRandom(int keyNumber);
}
Loading