8000 Proof-of-concept: Protect decrypted relation keys by AndersAstrand · Pull Request #446 · percona/postgres · GitHub
[go: up one dir, main page]

Skip to content

Proof-of-concept: Protect decrypted relation keys #446

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
wants to merge 2 commits into
base: TDE_REL_17_STABLE
Choose a base branch
from
Draft
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
fixup! DO NOT MERGE Protect decrypted relation keys
  • Loading branch information
AndersAstrand committed Jun 21, 2025
commit baf9640f91b6ee6c85d64de8c92827a7b59110ae
57 changes: 28 additions & 29 deletions contrib/pg_tde/src/smgr/pg_tde_smgr.c
Original file line number Diff line number Diff line change
Expand Up @@ -172,48 +172,47 @@ tde_smgr_get_decrypted_key(TDESMgrRelation *tdereln)
DecryptedTdeKey *decrypted_key;
TDEPrincipalKey *principal_key;

LWLockAcquire(tde_lwlock_enc_keys(), LW_SHARED);

if (tdereln->encryption_status == RELATION_KEY_NOT_AVAILABLE)
for (int i = 0; i < 2; i++)
{
EncryptedTdeKey *encrypted_key = tde_smgr_get_key(&tdereln->reln.smgr_rlocator);
if (tdereln->encryption_status == RELATION_KEY_NOT_AVAILABLE)
{
EncryptedTdeKey *encrypted_key = tde_smgr_get_key(&tdereln->reln.smgr_rlocator);

tdereln->relKey = *encrypted_key;
tdereln->encryption_status = RELATION_KEY_AVAILABLE;
pfree(encrypted_key);
}
tdereln->relKey = *encrypted_key;
tdereln->encryption_status = RELATION_KEY_AVAILABLE;
pfree(encrypted_key);
}

principal_key = GetPrincipalKey(tdereln->reln.smgr_rlocator.locator.dbOid, LW_SHARED);
if (principal_key == NULL)
ereport(ERROR,
errmsg("principal key not configured"),
errhint("create one using pg_tde_set_key before using encrypted tables"));
LWLockAcquire(tde_lwlock_enc_keys(), LW_SHARED);

decrypted_key = tde_keys_decrypt_key(&tdereln->relKey,
principal_key->keyData,
(uint8 *) &tdereln->reln.smgr_rlocator.locator,
sizeof(RelFileLocator));
principal_key = GetPrincipalKey(tdereln->reln.smgr_rlocator.locator.dbOid, LW_SHARED);
if (principal_key == NULL)
ereport(ERROR,
errmsg("principal key not configured"),
errhint("create one using pg_tde_set_key before using encrypted tables"));

LWLockRelease(tde_lwlock_enc_keys());
decrypted_key = tde_keys_decrypt_key(&tdereln->relKey,
principal_key->keyData,
(uint8 *) &tdereln->reln.smgr_rlocator.locator,
sizeof(RelFileLocator));

LWLockRelease(tde_lwlock_enc_keys());

if (!decrypted_key)
{
/*
* If the principal key has been rotated we need to load the encrypted
* key from file again.
*/
tdereln->encryption_status = RELATION_KEY_NOT_AVAILABLE;
decrypted_key = tde_smgr_get_decrypted_key(tdereln);
if (decrypted_key)
return decrypted_key;
else
tdereln->encryption_status = RELATION_KEY_NOT_AVAILABLE;

if (!decrypted_key)
{
/* The problem was not a rotated principal key apparently. */
ereport(ERROR,
errmsg("Failed to decrypt key, incorrect principal key or corrupted key file"));
}
}

return decrypted_key;
/* The problem was not a rotated principal key apparently. */
ereport(ERROR,
errmsg("Failed to decrypt key, incorrect principal key or corrupted key file"));

}

static void
Expand Down
0