[Date Prev][Date Next] [Chronological] [Thread] [Top]

LMDB encryption support

To: "OpenLDAP-devel@openldap.org" <OpenLDAP-devel@openldap.org>
Subject: LMDB encryption support
From: Howard Chu <hyc@symas.com>
Date: Thu, 10 Aug 2017 16:55:57 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:56.0) Gecko/20100101 Firefox/56.0 SeaMonkey/2.53a1

I've recently added support for page-level encryption to LMDB 1.x usinguser-supplied callbacks:


/** @brief A callback function used to encrypt/decrypt pages in the env.
 *
 * Encrypt or decrypt the data in src and store the result in dst using the
 * provided key. The result must be the same number of bytes as the input.
 * The input size will always be a multiple of the page size.
 * @param[in] src The input data to be transformed.
 * @param[out] dst Storage for the result.
 * @param[in] key An array of two values: key[0] is the encryption key,
 * and key[1] is the initialization vector.
 * @param[in] encdec 1 to encrypt, 0 to decrypt.
 */

typedef void (MDB_enc_func)(const MDB_val *src, MDB_val *dst, const MDB_val*key, int encdec);


    /** @brief Set encryption on an environment.
     *
     * This must be called before #mdb_env_open().
     * It implicitly sets #MDB_REMAP_CHUNKS on the env.
     * @param[in] env An environment handle returned by #mdb_env_create().
     * @param[in] func An #MDB_enc_func function.
     * @param[in] key An array of two values: key[0] is the encryption key,
     * and key[1] is the initialization vector.
     * @return A non-zero error value on failure and 0 on success.
     */
int mdb_env_set_encrypt(MDB_env *env, MDB_enc_func *func, const MDB_val *key);

I intend to extend this a bit further to support authenticated encryptioninstead, so that each page also yields a signature that can be used to detecttampering or corruption.

One question is whether we should actually make this pluggable like this, orwe should just hardcode support for a specific algorithm and leave it at that.For comparison, BerkeleyDB supported AES128 with HMAC-SHA1 for a 20 byte perpage signature. In some ways it simplifies use if the DB just takes care ofeverything and there's only one hardcoded mechanism. Also, user-suppliedcallback relies on the app developer to know what they're doing with thecrypto code.

From the LMDB maintenance perspective, it's simpler for us not to havehardcoded dependencies on crypto libraries. Also, leaving it pluggable keepsthe door open for 3rd party hardware-accelerated crypto engines. Onecomplication is that if the algorithm is actually user-selectable, we need todynamically adjust DB page layouts to accommodate different nonce/IV andsignature sizes. (Currently MDB_page metadata is a statically definedstructure. A dynamic size element here will make processing slower.)


Thoughts? Hardcode 1 algorithm, or leave it pluggable?

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Follow-Ups:
- Re: LMDB encryption support
  - From: Michael Ströder <michael@stroeder.com>
- Re: LMDB encryption support
  - From: Milosz Tanski <milosz@adfin.com>
- Re: LMDB encryption support
  - From: Timur Kristóf <timur.kristof@gmail.com>
- Re: LMDB encryption support
  - From: Greg Hudson <ghudson@mit.edu>

Prev by Date: Re: ITS#8654 - Option for LDAP client to bind to a local address
Next by Date: Re: LMDB encryption support
Index(es):
- Chronological
- Thread