Remove full tuple encryption (#4)

Leaving tuple data (attributes) only encryption
percona · Aug 21, 2023 · 7317998 · 7317998
1 parent 70a1a0c
commit 7317998
Show file tree

Hide file tree

Showing 7 changed files with 7 additions and 102 deletions.
diff --git a/src/access/pg_tde_io.c b/src/access/pg_tde_io.c
@@ -81,13 +81,8 @@ pg_tde_RelationPutHeapTuple(Relation relation,
 	{
 		ItemId		itemId = PageGetItemId(pageHeader, offnum);
 		HeapTupleHeader item = (HeapTupleHeader) PageGetItem(pageHeader, itemId);
-		HeapTupleHeaderData decrypted;
-		// TODO: why re-feth the tuple?
-		// TODO: len. partial, we only need t_ctid
-		// tableOid?
-		PGTdeDecryptTupHeaderTo(tuple->t_tableOid, BufferGetBlockNumber(buffer), pageHeader, item, &decrypted);
 
-		item->t_ctid = tuple->t_self; // TODO: access & modify & reencrypt decrypted
+		item->t_ctid = tuple->t_self;
 	}
 }
 

diff --git a/src/access/pg_tde_prune.c b/src/access/pg_tde_prune.c
@@ -341,9 +341,6 @@ pg_tde_page_prune(Relation relation, Buffer buffer,
 		htup = (HeapTupleHeader) PageGetItem(page, itemid);
 		tup.t_data = htup;
 		tup.t_len = ItemIdGetLength(itemid);
-		PGTdeDecryptTupFull(page, &tup);
-		// TODO: tableOid?
-
 		ItemPointerSet(&(tup.t_self), blockno, offnum);
 
 		/*
@@ -617,8 +614,6 @@ heap_prune_chain(Buffer buffer, OffsetNumber rootoffnum, PruneState *prstate)
 	{
 		Assert(prstate->htsv[rootoffnum] != -1);
 		htup = (HeapTupleHeader) PageGetItem(dp, rootlp);
-		// TODO: min len, tableOid
-		PGTdeDecryptTupFull(dp, htup);
 
 		if (HeapTupleHeaderIsHeapOnly(htup))
 		{
@@ -710,8 +705,6 @@ heap_prune_chain(Buffer buffer, OffsetNumber rootoffnum, PruneState *prstate)
 		Assert(ItemIdIsNormal(lp));
 		Assert(prstate->htsv[offnum] != -1);
 		htup = (HeapTupleHeader) PageGetItem(dp, lp);
-		// TODO: min len, tableOid
-		PGTdeDecryptTupFull(dp, htup);
 
 		/*
 		 * Check the tuple XMIN against prior XMAX, if any
@@ -954,8 +947,6 @@ pg_tde_page_prune_execute(Buffer buffer,
 			Assert(ItemIdHasStorage(fromlp) && ItemIdIsNormal(fromlp));
 
 			htup = (HeapTupleHeader) PageGetItem(page, fromlp);
-			// TODO: min len, tableOid
-			PGTdeDecryptTupFull(page, htup);
 			Assert(!HeapTupleHeaderIsHeapOnly(htup));
 		}
 		else
@@ -984,8 +975,6 @@ pg_tde_page_prune_execute(Buffer buffer,
 		tolp = PageGetItemId(page, tooff);
 		Assert(ItemIdHasStorage(tolp) && ItemIdIsNormal(tolp));
 		htup = (HeapTupleHeader) PageGetItem(page, tolp);
-		// TODO: min len, tableOid
-		PGTdeDecryptTupFull(page, htup);
 		Assert(HeapTupleHeaderIsHeapOnly(htup));
 #endif
 
@@ -1012,8 +1001,6 @@ pg_tde_page_prune_execute(Buffer buffer,
 		{
 			Assert(ItemIdIsNormal(lp));
 			htup = (HeapTupleHeader) PageGetItem(page, lp);
-			// TODO: min len, tableOid
-			PGTdeDecryptTupFull(page, htup);
 			Assert(!HeapTupleHeaderIsHeapOnly(htup));
 		}
 		else
@@ -1102,8 +1089,6 @@ page_verify_redirects(Page page)
 		Assert(ItemIdIsNormal(targitem));
 		Assert(ItemIdHasStorage(targitem));
 		htup = (HeapTupleHeader) PageGetItem(page, targitem);
-		// TODO: min len, tableOid
-		PGTdeDecryptTupFull(page, htup);
 		Assert(HeapTupleHeaderIsHeapOnly(htup));
 	}
 #endif
@@ -1149,8 +1134,6 @@ pg_tde_get_root_tuples(Page page, OffsetNumber *root_offsets)
 		if (ItemIdIsNormal(lp))
 		{
 			htup = (HeapTupleHeader) PageGetItem(page, lp);
-			// TODO: min len, tableOid
-			PGTdeDecryptTupFull(page, htup);
 
 			/*
 			 * Check if this tuple is part of a HOT-chain rooted at some other
@@ -1211,8 +1194,6 @@ pg_tde_get_root_tuples(Page page, OffsetNumber *root_offsets)
 				break;
 
 			htup = (HeapTupleHeader) PageGetItem(page, lp);
-			// TODO: min len, tableOid
-			PGTdeDecryptTupFull(page, htup);
 
 			if (TransactionIdIsValid(priorXmax) &&
 				!TransactionIdEquals(priorXmax, HeapTupleHeaderGetXmin(htup)))

diff --git a/src/access/pg_tde_vacuumlazy.c b/src/access/pg_tde_vacuumlazy.c
@@ -1655,7 +1655,6 @@ lazy_scan_prune(LVRelState *vacrel,
 		tuple.t_data = (HeapTupleHeader) PageGetItem(page, itemid);
 		tuple.t_len = ItemIdGetLength(itemid);
 		tuple.t_tableOid = RelationGetRelid(rel);
-		PGTdeDecryptTupFull(blkno, page, &tuple);
 
 		/*
 		 * DEAD tuples are almost always pruned into LP_DEAD line pointers by
@@ -2058,7 +2057,6 @@ lazy_scan_noprune(LVRelState *vacrel,
 		tuple.t_data = (HeapTupleHeader) PageGetItem(page, itemid);
 		tuple.t_len = ItemIdGetLength(itemid);
 		tuple.t_tableOid = RelationGetRelid(vacrel->rel);
-		PGTdeDecryptTupFull(blkno, page, &tuple);
 
 		switch (HeapTupleSatisfiesVacuum(&tuple, vacrel->cutoffs.OldestXmin,
 										 buf))
@@ -3292,7 +3290,6 @@ pg_tde_page_is_all_visible(LVRelState *vacrel, Buffer buf,
 		tuple.t_data = (HeapTupleHeader) PageGetItem(page, itemid);
 		tuple.t_len = ItemIdGetLength(itemid);
 		tuple.t_tableOid = RelationGetRelid(vacrel->rel);
-		PGTdeDecryptTupFull(blockno, page, &tuple);
 
 		switch (HeapTupleSatisfiesVacuum(&tuple, vacrel->cutoffs.OldestXmin,
 										 buf))

diff --git a/src/access/pg_tdeam.c b/src/access/pg_tdeam.c
@@ -468,7 +468,6 @@ pg_tde_getpage(TableScanDesc sscan, BlockNumber block)
 		loctup.t_tableOid = RelationGetRelid(scan->rs_base.rs_rd);
 		loctup.t_data = (HeapTupleHeader) PageGetItem(page, lpp);
 		loctup.t_len = ItemIdGetLength(lpp);
-		PGTdeDecryptTupFull(block, page, &loctup);
 		ItemPointerSet(&(loctup.t_self), block, lineoff);
 
 		if (all_visible)
@@ -788,8 +787,6 @@ pg_tde_gettup(HeapScanDesc scan,
 
 			tuple->t_data = (HeapTupleHeader) PageGetItem(page, lpp);
 			tuple->t_len = ItemIdGetLength(lpp);
-			// needed? tuple->t_tableOid = RelationGetRelid(scan->rs_base.rs_rd);
-			PGTdeDecryptTupFull(block, page, tuple);
 			ItemPointerSet(&(tuple->t_self), block, lineoff);
 
 			visible = HeapTupleSatisfiesVisibility(tuple,
@@ -910,8 +907,6 @@ pg_tde_gettup_pagemode(HeapScanDesc scan,
 
 			tuple->t_data = (HeapTupleHeader) PageGetItem(page, lpp);
 			tuple->t_len = ItemIdGetLength(lpp);
-			// t_tableOid?
-			PGTdeDecryptTupFull(block, page, tuple);
 			ItemPointerSet(&(tuple->t_self), block, lineoff);
 
 			/* skip any tuples that don't match the scan key */
@@ -1421,7 +1416,6 @@ pg_tde_fetch(Relation relation,
 	tuple->t_data = (HeapTupleHeader) PageGetItem(page, lp);
 	tuple->t_len = ItemIdGetLength(lp);
 	tuple->t_tableOid = RelationGetRelid(relation);
-	PGTdeDecryptTupFull(BufferGetBlockNumber(buffer), page, tuple);
 
 	/*
 	 * check tuple visibility, then release lock
@@ -1542,7 +1536,6 @@ pg_tde_hot_search_buffer(ItemPointer tid, Relation relation, Buffer buffer,
 		heapTuple->t_data = (HeapTupleHeader) PageGetItem(page, lp);
 		heapTuple->t_len = ItemIdGetLength(lp);
 		heapTuple->t_tableOid = RelationGetRelid(relation);
-		PGTdeDecryptTupFull(blkno, page, heapTuple);
 		ItemPointerSet(&heapTuple->t_self, blkno, offnum);
 
 		/*
@@ -1700,7 +1693,6 @@ pg_tde_get_latest_tid(TableScanDesc sscan,
 		tp.t_data = (HeapTupleHeader) PageGetItem(page, lp);
 		tp.t_len = ItemIdGetLength(lp);
 		tp.t_tableOid = RelationGetRelid(relation);
-		PGTdeDecryptTupFull(BufferGetBlockNumber(buffer), page, &tp);
 
 		/*
 		 * After following a t_ctid link, we might arrive at an unrelated
@@ -2578,7 +2570,6 @@ pg_tde_delete(Relation relation, ItemPointer tid,
 	tp.t_tableOid = RelationGetRelid(relation);
 	tp.t_data = (HeapTupleHeader) PageGetItem(page, lp);
 	tp.t_len = ItemIdGetLength(lp);
-	PGTdeDecryptTupFull(block, page, &tp);
 	tp.t_self = *tid;
 
 l1:
@@ -3102,7 +3093,6 @@ pg_tde_update(Relation relation, ItemPointer otid, HeapTuple newtup,
 	oldtup.t_tableOid = RelationGetRelid(relation);
 	oldtup.t_data = (HeapTupleHeader) PageGetItem(page, lp);
 	oldtup.t_len = ItemIdGetLength(lp);
-	PGTdeDecryptTupFull(block, page, &oldtup);
 	oldtup.t_self = *otid;
 
 	/* the new tuple is ready, except for this: */
@@ -4188,7 +4178,6 @@ pg_tde_lock_tuple(Relation relation, HeapTuple tuple,
 	tuple->t_data = (HeapTupleHeader) PageGetItem(page, lp);
 	tuple->t_len = ItemIdGetLength(lp);
 	tuple->t_tableOid = RelationGetRelid(relation);
-	PGTdeDecryptTupFull(block, page, tuple);
 
 l3:
 	result = HeapTupleSatisfiesUpdate(tuple, cid, *buffer);
@@ -5663,7 +5652,6 @@ pg_tde_finish_speculative(Relation relation, ItemPointer tid)
 	OffsetNumber offnum;
 	ItemId		lp = NULL;
 	HeapTupleHeader htup;
-	HeapTupleHeaderData decrypted;
 
 	buffer = ReadBuffer(relation, ItemPointerGetBlockNumber(tid));
 	LockBuffer(buffer, BUFFER_LOCK_EXCLUSIVE);
@@ -5677,15 +5665,10 @@ pg_tde_finish_speculative(Relation relation, ItemPointer tid)
 		elog(ERROR, "invalid lp");
 
 	htup = (HeapTupleHeader) PageGetItem(page, lp);
-	// decryption/reencryption: only the header part? we only need t_ctid field
 
 	/* NO EREPORT(ERROR) from here till changes are logged */
 	START_CRIT_SECTION();
 
-	// TODO: in reality 4 bytes would be enough (t_ctid)
-	PGTdeDecryptTupHeaderTo(relation->rd_locator.spcOid, BufferGetBlockNumber(buffer), page, htup, &decrypted);
-	// TODO: htup should point to decrypted, and backup old pointer somewhere
-
 	Assert(HeapTupleHeaderIsSpeculative(htup));
 
 	MarkBufferDirty(buffer);
@@ -5696,9 +5679,6 @@ pg_tde_finish_speculative(Relation relation, ItemPointer tid)
 	 */
 	htup->t_ctid = *tid;
 
-	// TODO: in reality 4 bytes would be enough (t_ctid)
-	PGTdeEncryptTupHeaderTo(relation->rd_locator.spcOid, BufferGetBlockNumber(buffer), page, &decrypted, htup);
-
 	/* XLOG stuff */
 	if (RelationNeedsWAL(relation))
 	{
@@ -5782,7 +5762,6 @@ pg_tde_abort_speculative(Relation relation, ItemPointer tid)
 	tp.t_tableOid = RelationGetRelid(relation);
 	tp.t_data = (HeapTupleHeader) PageGetItem(page, lp);
 	tp.t_len = ItemIdGetLength(lp);
-	PGTdeDecryptTupFull(block, page, &tp);
 	tp.t_self = *tid;
 
 	/*
@@ -6716,11 +6695,8 @@ pg_tde_freeze_execute_prepared(Relation rel, Buffer buffer,
 		HeapTupleFreeze *frz = tuples + i;
 		ItemId		itemid = PageGetItemId(page, frz->offset);
 		HeapTupleHeader htup;
-		HeapTupleHeaderData decryptedHeader;
 
 		htup = (HeapTupleHeader) PageGetItem(page, itemid);
-		// TODO: Decryption/encryption here
-		PGTdeDecryptTupHeaderTo(rel->rd_locator.spcOid, BufferGetBlockNumber(buffer), page, htup, &decryptedHeader);
 
 		/* Deliberately avoid relying on tuple hint bits here */
 		if (frz->checkflags & HEAP_FREEZE_CHECK_XMIN_COMMITTED)

diff --git a/src/access/pg_tdeam_handler.c b/src/access/pg_tdeam_handler.c
@@ -1077,7 +1077,6 @@ pg_tdeam_scan_analyze_next_tuple(TableScanDesc scan, TransactionId OldestXmin,
 		targtuple->t_tableOid = RelationGetRelid(scan->rs_rd);
 		targtuple->t_data = (HeapTupleHeader) PageGetItem(targpage, itemid);
 		targtuple->t_len = ItemIdGetLength(itemid);
-		PGTdeDecryptTupFull(BufferGetBlockNumber(hscan->rs_cbuf), targpage, targtuple);
 
 		switch (HeapTupleSatisfiesVacuum(targtuple, OldestXmin,
 										 hscan->rs_cbuf))
@@ -2221,7 +2220,6 @@ pg_tdeam_scan_bitmap_next_block(TableScanDesc scan,
 			loctup.t_data = (HeapTupleHeader) PageGetItem(page, lp);
 			loctup.t_len = ItemIdGetLength(lp);
 			loctup.t_tableOid = scan->rs_rd->rd_id;
-			PGTdeDecryptTupFull(block, page, &loctup);
 			ItemPointerSet(&loctup.t_self, block, offnum);
 			valid = HeapTupleSatisfiesVisibility(&loctup, snapshot, buffer);
 			if (valid)
@@ -2267,7 +2265,6 @@ pg_tdeam_scan_bitmap_next_tuple(TableScanDesc scan,
 	hscan->rs_ctup.t_data = (HeapTupleHeader) PageGetItem(page, lp);
 	hscan->rs_ctup.t_len = ItemIdGetLength(lp);
 	hscan->rs_ctup.t_tableOid = scan->rs_rd->rd_id;
-	PGTdeDecryptTupFull(BufferGetBlockNumber(hscan->rs_cbuf), page, &hscan->rs_ctup);
 	ItemPointerSet(&hscan->rs_ctup.t_self, hscan->rs_cblock, targoffset);
 
 	pgstat_count_pg_tde_fetch(scan->rs_rd);
@@ -2408,8 +2405,6 @@ pg_tdeam_scan_sample_next_tuple(TableScanDesc scan, SampleScanState *scanstate,
 
 			tuple->t_data = (HeapTupleHeader) PageGetItem(page, itemid);
 			tuple->t_len = ItemIdGetLength(itemid);
-			// tableOid?
-			PGTdeDecryptTupFull(BufferGetBlockNumber(hscan->rs_cbuf), page, tuple);
 			ItemPointerSet(&(tuple->t_self), blockno, tupoffset);
 
 

diff --git a/src/encryption/enc_tuple.c b/src/encryption/enc_tuple.c
@@ -1,6 +1,5 @@
 #include "access/pg_tde_defines.h"
 #define ENCRYPTION_DEBUG 1
-#define FULL_TUPLE_ENCRYPTION 0
 
 #include "postgres.h"
 
@@ -92,33 +91,9 @@ static void PGTdeDecryptTupInternal2(BlockNumber bn, Page page, HeapTuple tuple,
 	}
 }
 
-void PGTdeDecryptTupHeaderTo(Oid tableOid, BlockNumber bn, Page page, HeapTupleHeader in, HeapTupleHeader out)
+static void PGTdeDecryptTupData(BlockNumber bn, Page page, HeapTuple tuple) 
 {
-#if FULL_TUPLE_ENCRYPTION
-	PGTdeDecryptTupInternal(tableOid, bn, page, t_data, (char*)in, (char*)out, 0, sizeof(HeapTupleHeader));
-#endif
-}
-
-void PGTdeDecryptTupFull(BlockNumber bn, Page page, HeapTuple tuple) 
-{
-#if FULL_TUPLE_ENCRYPTION
-	PGTdeDecryptTupInternal2(bn, page, tuple, 0, tuple->t_len, true);
-#endif
-}
-
-static void PGTdeDecryptTupDataOnly(BlockNumber bn, Page page, HeapTuple tuple) 
-{
-#if !FULL_TUPLE_ENCRYPTION
 	PGTdeDecryptTupInternal2(bn, page, tuple, sizeof(HeapTupleHeaderData), tuple->t_len, true);
-#endif
-}
-
-
-void PGTdeEncryptTupHeaderTo(Oid tableOid, BlockNumber bn, char* page, HeapTupleHeader in, HeapTupleHeader out) 
-{
-#if FULL_TUPLE_ENCRYPTION
-	PGTdeEncryptTupInternal(tableOid, bn, page, (char*)t_data, (char*)out 0, 0);
-#endif
 }
 
 OffsetNumber
@@ -138,37 +113,30 @@ PGTdePageAddItemExtended(Oid oid,
 
 	char* toAddr = ((char*)phdr) + phdr->pd_upper;
 
-#if FULL_TUPLE_ENCRYPTION
-	PGTdeEncryptTupInternal(oid, bn, page, item, toAddr, 0, size);
-#else
+
 	PGTdeEncryptTupInternal(oid, bn, page, item, toAddr, headerSize, size);
-#endif
 
 	return off;
 }
 
 TupleTableSlot *
 PGTdeExecStoreBufferHeapTuple(HeapTuple tuple, TupleTableSlot *slot, Buffer buffer)
 {
-#if !FULL_TUPLE_ENCRYPTION
 	Page pageHeader;
 
 	pageHeader = BufferGetPage(buffer);
-	PGTdeDecryptTupDataOnly(BufferGetBlockNumber(buffer), pageHeader, tuple);
-#endif
+	PGTdeDecryptTupData(BufferGetBlockNumber(buffer), pageHeader, tuple);
 
 	return  ExecStoreBufferHeapTuple(tuple, slot, buffer);
 }
 
 TupleTableSlot *
 PGTdeExecStorePinnedBufferHeapTuple(HeapTuple tuple, TupleTableSlot *slot, Buffer buffer)
 {
-#if !FULL_TUPLE_ENCRYPTION
 	Page pageHeader;
 
 	pageHeader = BufferGetPage(buffer);
-	PGTdeDecryptTupDataOnly(BufferGetBlockNumber(buffer), pageHeader, tuple);
-#endif 
+	PGTdeDecryptTupData(BufferGetBlockNumber(buffer), pageHeader, tuple);
 
 	return  ExecStorePinnedBufferHeapTuple(tuple, slot, buffer);
 }
diff --git a/src/encryption/enc_tuple.h b/src/encryption/enc_tuple.h
@@ -4,22 +4,15 @@
 #include "storage/bufpage.h"
 #include "executor/tuptable.h"
 
-// Used by both data only and full tuple encryption
+/* A wrapper to encrypt a tuple before adding it to the buffer */
 OffsetNumber
 PGTdePageAddItemExtended(Oid oid, BlockNumber bn, Page page,
 					Item item,
 					Size size,
 					OffsetNumber offsetNumber,
 					int flags);
 
-// These 3 functions are only used with full tuple encryption, including headers
-// Without FULL_TUPLE_ENCRYPTION = 1, they default to NOP
-void PGTdeDecryptTupFull(BlockNumber bn, Page page, HeapTuple tuple);
-void PGTdeDecryptTupHeaderTo(Oid tableOid, BlockNumber bn, Page page, HeapTupleHeader in, HeapTupleHeader out);
-void PGTdeEncryptTupHeaderTo(Oid tableOid, BlockNumber bn, char* page, HeapTupleHeader in, HeapTupleHeader out);
-
-
-// These 2 are only used by data only encryption
+/* Wrapper functions for reading decrypted tuple into a given slot */
 TupleTableSlot *
 PGTdeExecStoreBufferHeapTuple(HeapTuple tuple, TupleTableSlot *slot, Buffer buffer);
 TupleTableSlot *