diff options
author | Varun Ravichandran <varun.ravichandran@mongodb.com> | 2021-01-08 02:18:10 +0000 |
---|---|---|
committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2021-01-20 19:28:03 +0000 |
commit | 45a54bbac81ff1146f307afb2d04c94c694a1163 (patch) | |
tree | 7aae292c66cab6bedf43d89d6db7f07122788cce /src/mongo/db/storage/encryption_hooks.h | |
parent | 6308db5c83a3e95f4532c63df8b635b8090036ae (diff) | |
download | mongo-45a54bbac81ff1146f307afb2d04c94c694a1163.tar.gz |
SERVER-50644, SERVER-50479: Add resumable index build support for ESE by using persistent key for Sorter temp file encryption
Diffstat (limited to 'src/mongo/db/storage/encryption_hooks.h')
-rw-r--r-- | src/mongo/db/storage/encryption_hooks.h | 27 |
1 files changed, 21 insertions, 6 deletions
diff --git a/src/mongo/db/storage/encryption_hooks.h b/src/mongo/db/storage/encryption_hooks.h index f5a5db60923..c2c372d6533 100644 --- a/src/mongo/db/storage/encryption_hooks.h +++ b/src/mongo/db/storage/encryption_hooks.h @@ -84,16 +84,31 @@ public: virtual boost::filesystem::path getProtectedPathSuffix(); /** - * Transform temp data to non-readable form before writing it to disk. + * Transform temporary data that has been spilled to disk into non-readable form. If dbName + * is specified, the database key corresponding to dbName will be used to encrypt the data. + * This key is persistent across process restarts. Otherwise, an ephemeral key that is only + * consistent for the duration of the process will be generated and used for encryption. */ - virtual Status protectTmpData( - const uint8_t* in, size_t inLen, uint8_t* out, size_t outLen, size_t* resultLen); + virtual Status protectTmpData(const uint8_t* in, + size_t inLen, + uint8_t* out, + size_t outLen, + size_t* resultLen, + boost::optional<std::string> dbName); /** - * Tranforms temp data back to readable form, after reading from disk. + * Transform temporary data that has been spilled to disk back into readable form. If dbName + * is specified, the database key corresponding to dbName will be used to decrypt the data. + * This key is persistent across process restarts, so decryption will be successful even if a + * restart had occurred after encryption. Otherwise, an ephemeral key that can only decrypt data + * encrypted earlier in the current process's lifetime will be used. */ - virtual Status unprotectTmpData( - const uint8_t* in, size_t inLen, uint8_t* out, size_t outLen, size_t* resultLen); + virtual Status unprotectTmpData(const uint8_t* in, + size_t inLen, + uint8_t* out, + size_t outLen, + size_t* resultLen, + boost::optional<std::string> dbName); /** * Inform the encryption storage system to prepare its data such that its files can be copied |