Re: Key management with tests - Mailing list pgsql-hackers

From Bruce Momjian
Subject Re: Key management with tests
Date
Msg-id 20210112193247.GC18178@momjian.us
Whole thread Raw
In response to Re: Key management with tests  (Stephen Frost <sfrost@snowman.net>)
List pgsql-hackers
On Tue, Jan 12, 2021 at 01:57:11PM -0500, Stephen Frost wrote:
> Greetings,
> 
> * Bruce Momjian (bruce@momjian.us) wrote:
> > On Tue, Jan 12, 2021 at 01:44:05PM -0500, Stephen Frost wrote:
> > > * Bruce Momjian (bruce@momjian.us) wrote:
> > > > Well, we have eight unused bits in the IV, so we could just increment
> > > > that for every hint bit change that uses the same LSN, and then force a
> > > > dummy WAL record when that 8-bit counter overflows --- that seems
> > > > simpler than logging hint bits.
> > > 
> > > Sure, as long as we have a place to store that information..  We need to
> > > have the full IV available when we go to decrypt the page.
> > 
> > Oh, yeah, we would need that counter recorded since previously the IV
> > was made up of already-recorded information, i.e., the page LSN and page
> > number.  However, the reason don't WAL-log hint bits always is because
> > we can afford to lose them, but in this case, any counter we need to
> > store will need to be WAL logged since we can't affort to lose that
> > counter value for decryption --- that gets us back to WAL-logging
> > something during hint bit changes.  :-(
> 
> I don't think that's actually the case..?  The hole I'm talking about is
> there exclusively for post-encryption storage of the tag and maybe this
> part of the IV and would be zero'd out in the FPIs that actually go into
> the WAL (which would be encrypted with the WAL key, not the data key).
> All we would need to be confident of is that if the page with the hint
> bit update gets encrypted and written out that the IV counter gets
> incremented and also written out as part of that write.

OK, got it.  I have added this to the wiki:

    https://wiki.postgresql.org/wiki/Transparent_Data_Encryption#Other_requirements
    
    wal_log_hints will be enabled automatically in encryption mode. However,
    more than one hit change between checkpoints does not cause WAL
    activity, which would cause the same LSN to be used for different page
    images. This means we need a page-stored counter, to be used in the four
    unused bytes of the IV. This prevents multiple page writes during the
    same checkpoint interval from using the same IV. Counter changes do not
    need to be WAL logged since we either get the page from the WAL (which
    is only encrypted with the WAL data key), or from disk, which is
    durable. 

-- 
  Bruce Momjian  <bruce@momjian.us>        https://momjian.us
  EnterpriseDB                             https://enterprisedb.com

  The usefulness of a cup is in its emptiness, Bruce Lee




pgsql-hackers by date:

Previous
From: Tomas Vondra
Date:
Subject: Re: COPY FREEZE and setting PD_ALL_VISIBLE/visibility map bits
Next
From: Andres Freund
Date:
Subject: Re: Key management with tests