encryption key for rocksdb env

main
Niko PLP 9 months ago
parent 6226e1fba6
commit 0d82c473f7
  1. 2
      lib/oxigraph/Cargo.toml
  2. 8
      lib/oxigraph/src/storage/backend/mod.rs
  3. 12
      lib/oxigraph/src/storage/backend/oxi_rocksdb.rs

@ -41,7 +41,7 @@ thiserror.workspace = true
[target.'cfg(not(target_family = "wasm"))'.dependencies] [target.'cfg(not(target_family = "wasm"))'.dependencies]
libc = "0.2" libc = "0.2"
rocksdb = {git = "https://git.nextgraph.org/NextGraph/rust-rocksdb.git", branch = "master", features = [ ], optional = true } rocksdb = {git = "https://git.nextgraph.org/NextGraph/rust-rocksdb.git", branch = "master", features = [ ] }
[target.'cfg(all(target_family = "wasm", target_os = "unknown"))'.dependencies] [target.'cfg(all(target_family = "wasm", target_os = "unknown"))'.dependencies]
getrandom.workspace = true getrandom.workspace = true

@ -1,12 +1,12 @@
//! A storage backend //! A storage backend
//! RocksDB is available, if not in memory //! RocksDB is available, if not in memory
#[cfg(any(target_family = "wasm", not(feature = "rocksdb")))] #[cfg(any(target_family = "wasm"))]
pub use fallback::{ColumnFamily, ColumnFamilyDefinition, Db, Iter, Reader, Transaction}; pub use fallback::{ColumnFamily, ColumnFamilyDefinition, Db, Iter, Reader, Transaction};
#[cfg(all(not(target_family = "wasm"), feature = "rocksdb"))] #[cfg(all(not(target_family = "wasm")))]
pub use oxi_rocksdb::{ColumnFamily, ColumnFamilyDefinition, Db, Iter, Reader, Transaction}; pub use oxi_rocksdb::{ColumnFamily, ColumnFamilyDefinition, Db, Iter, Reader, Transaction};
#[cfg(any(target_family = "wasm", not(feature = "rocksdb")))] #[cfg(any(target_family = "wasm"))]
mod fallback; mod fallback;
#[cfg(all(not(target_family = "wasm"), feature = "rocksdb"))] #[cfg(all(not(target_family = "wasm")))]
mod oxi_rocksdb; mod oxi_rocksdb;

@ -28,6 +28,13 @@ use std::sync::{Arc, OnceLock};
use std::thread::{available_parallelism, yield_now}; use std::thread::{available_parallelism, yield_now};
use std::{fmt, io, ptr, slice}; use std::{fmt, io, ptr, slice};
pub fn opt_bytes_to_ptr<T: AsRef<[u8]>>(opt: Option<T>) -> *const c_char {
match opt {
Some(v) => v.as_ref().as_ptr() as *const c_char,
None => ptr::null(),
}
}
macro_rules! ffi_result { macro_rules! ffi_result {
( $($function:ident)::*( $arg1:expr $(, $arg:expr)* $(,)? ) ) => {{ ( $($function:ident)::*( $arg1:expr $(, $arg:expr)* $(,)? ) ) => {{
let mut status = rocksdb_status_t { let mut status = rocksdb_status_t {
@ -440,6 +447,7 @@ impl Db {
fn db_options( fn db_options(
limit_max_open_files: bool, limit_max_open_files: bool,
in_memory: bool, in_memory: bool,
key: Option<[u8; 32]>,
) -> Result<*mut rocksdb_options_t, StorageError> { ) -> Result<*mut rocksdb_options_t, StorageError> {
static ROCKSDB_ENV: OnceLock<UnsafeEnv> = OnceLock::new(); static ROCKSDB_ENV: OnceLock<UnsafeEnv> = OnceLock::new();
static ROCKSDB_MEM_ENV: OnceLock<UnsafeEnv> = OnceLock::new(); static ROCKSDB_MEM_ENV: OnceLock<UnsafeEnv> = OnceLock::new();
@ -487,8 +495,8 @@ impl Db {
}) })
} else { } else {
ROCKSDB_ENV.get_or_init(|| { ROCKSDB_ENV.get_or_init(|| {
let env = rocksdb_create_default_env(); let env = rocksdb_create_encrypted_env(opt_bytes_to_ptr(key.as_ref()));
assert!(!env.is_null(), "rocksdb_create_default_env returned null"); assert!(!env.is_null(), "rocksdb_create_encrypted_env returned null");
UnsafeEnv(env) UnsafeEnv(env)
}) })
} }

Loading…
Cancel
Save