SERVER-50644, SERVER-50479: Add resumable index build support for ESE by using persistent key for Sorter temp file encryption

author: Varun Ravichandran <varun.ravichandran@mongodb.com> 2021-01-08 02:18:10 +0000
committer: Evergreen Agent <no-reply@evergreen.mongodb.com> 2021-01-20 19:28:03 +0000
commit: 45a54bbac81ff1146f307afb2d04c94c694a1163 (patch)
tree: 7aae292c66cab6bedf43d89d6db7f07122788cce /src/mongo/db/storage/encryption_hooks.h
parent: 6308db5c83a3e95f4532c63df8b635b8090036ae (diff)
download: mongo-45a54bbac81ff1146f307afb2d04c94c694a1163.tar.gz
1 files changed, 21 insertions, 6 deletions
diff --git a/src/mongo/db/storage/encryption_hooks.h b/src/mongo/db/storage/encryption_hooks.h
index f5a5db60923..c2c372d6533 100644
--- a/src/mongo/db/storage/encryption_hooks.h
+++ b/src/mongo/db/storage/encryption_hooks.h
@@ -84,16 +84,31 @@ public:
     virtual boost::filesystem::path getProtectedPathSuffix();
 
     /**
-     * Transform temp data to non-readable form before writing it to disk.
+     * Transform temporary data that has been spilled to disk into non-readable form. If dbName
+     * is specified, the database key corresponding to dbName will be used to encrypt the data.
+     * This key is persistent across process restarts. Otherwise, an ephemeral key that is only
+     * consistent for the duration of the process will be generated and used for encryption.
      */
-    virtual Status protectTmpData(
-        const uint8_t* in, size_t inLen, uint8_t* out, size_t outLen, size_t* resultLen);
+    virtual Status protectTmpData(const uint8_t* in,
+                                  size_t inLen,
+                                  uint8_t* out,
+                                  size_t outLen,
+                                  size_t* resultLen,
+                                  boost::optional<std::string> dbName);
 
     /**
-     * Tranforms temp data back to readable form, after reading from disk.
+     * Transform temporary data that has been spilled to disk back into readable form. If dbName
+     * is specified, the database key corresponding to dbName will be used to decrypt the data.
+     * This key is persistent across process restarts, so decryption will be successful even if a
+     * restart had occurred after encryption. Otherwise, an ephemeral key that can only decrypt data
+     * encrypted earlier in the current process's lifetime will be used.
      */
-    virtual Status unprotectTmpData(
-        const uint8_t* in, size_t inLen, uint8_t* out, size_t outLen, size_t* resultLen);
+    virtual Status unprotectTmpData(const uint8_t* in,
+                                    size_t inLen,
+                                    uint8_t* out,
+                                    size_t outLen,
+                                    size_t* resultLen,
+                                    boost::optional<std::string> dbName);
 
     /**
      * Inform the encryption storage system to prepare its data such that its files can be copied
author	Varun Ravichandran <varun.ravichandran@mongodb.com>	2021-01-08 02:18:10 +0000
committer	Evergreen Agent <no-reply@evergreen.mongodb.com>	2021-01-20 19:28:03 +0000
commit	45a54bbac81ff1146f307afb2d04c94c694a1163 (patch)
tree	7aae292c66cab6bedf43d89d6db7f07122788cce /src/mongo/db/storage/encryption_hooks.h
parent	6308db5c83a3e95f4532c63df8b635b8090036ae (diff)
download	mongo-45a54bbac81ff1146f307afb2d04c94c694a1163.tar.gz