[sse-c] Implement SSE-C encryption

1 files changed, 159 insertions, 1 deletions

diff --git a/src/model/s3/object_table.rs b/src/model/s3/object_table.rs
index ebea04bd..7fa4b9e0 100644
--- a/src/model/s3/object_table.rs
+++ b/src/model/s3/object_table.rs
@@ -210,7 +210,165 @@ mod v09 {
 	}
 }
 
-pub use v09::*;
+mod v010 {
+	use garage_util::data::{Hash, Uuid};
+	use serde::{Deserialize, Serialize};
+
+	use super::v09;
+
+	pub use v09::ObjectVersionHeaders;
+
+	/// An object
+	#[derive(PartialEq, Eq, Clone, Debug, Serialize, Deserialize)]
+	pub struct Object {
+		/// The bucket in which the object is stored, used as partition key
+		pub bucket_id: Uuid,
+
+		/// The key at which the object is stored in its bucket, used as sorting key
+		pub key: String,
+
+		/// The list of currenty stored versions of the object
+		pub(super) versions: Vec<ObjectVersion>,
+	}
+
+	/// Informations about a version of an object
+	#[derive(PartialEq, Eq, Clone, Debug, Serialize, Deserialize)]
+	pub struct ObjectVersion {
+		/// Id of the version
+		pub uuid: Uuid,
+		/// Timestamp of when the object was created
+		pub timestamp: u64,
+		/// State of the version
+		pub state: ObjectVersionState,
+	}
+
+	/// State of an object version
+	#[derive(PartialEq, Eq, Clone, Debug, Serialize, Deserialize)]
+	pub enum ObjectVersionState {
+		/// The version is being received
+		Uploading {
+			/// Indicates whether this is a multipart upload
+			multipart: bool,
+			/// Encryption params + headers to be included in the final object
+			encryption: ObjectVersionEncryption,
+		},
+		/// The version is fully received
+		Complete(ObjectVersionData),
+		/// The version uploaded containded errors or the upload was explicitly aborted
+		Aborted,
+	}
+
+	/// Data stored in object version
+	#[derive(PartialEq, Eq, PartialOrd, Ord, Clone, Debug, Serialize, Deserialize)]
+	pub enum ObjectVersionData {
+		/// The object was deleted, this Version is a tombstone to mark it as such
+		DeleteMarker,
+		/// The object is short, it's stored inlined.
+		/// It is never compressed. For encrypted objects, it is encrypted using
+		/// AES256-GCM, like the encrypted headers.
+		Inline(ObjectVersionMeta, #[serde(with = "serde_bytes")] Vec<u8>),
+		/// The object is not short, Hash of first block is stored here, next segments hashes are
+		/// stored in the version table
+		FirstBlock(ObjectVersionMeta, Hash),
+	}
+
+	/// Metadata about the object version
+	#[derive(PartialEq, Eq, PartialOrd, Ord, Clone, Debug, Serialize, Deserialize)]
+	pub struct ObjectVersionMeta {
+		/// Size of the object. If object is encrypted/compressed,
+		/// this is always the size of the unencrypted/uncompressed data
+		pub size: u64,
+		/// etag of the object
+		pub etag: String,
+		/// Encryption params + headers (encrypted or plaintext)
+		pub encryption: ObjectVersionEncryption,
+	}
+
+	/// Encryption information + metadata
+	#[derive(PartialEq, Eq, PartialOrd, Ord, Clone, Debug, Serialize, Deserialize)]
+	pub enum ObjectVersionEncryption {
+		SseC {
+			/// Encrypted serialized ObjectVersionHeaders struct.
+			/// This is never compressed, just encrypted using AES256-GCM.
+			#[serde(with = "serde_bytes")]
+			headers: Vec<u8>,
+			/// Whether data blocks are compressed in addition to being encrypted
+			/// (compression happens before encryption, whereas for non-encrypted
+			/// objects, compression is handled at the level of the block manager)
+			compressed: bool,
+		},
+		Plaintext {
+			/// Plain-text headers
+			headers: ObjectVersionHeaders,
+		},
+	}
+
+	impl garage_util::migrate::Migrate for Object {
+		const VERSION_MARKER: &'static [u8] = b"G010s3ob";
+
+		type Previous = v09::Object;
+
+		fn migrate(old: v09::Object) -> Object {
+			Object {
+				bucket_id: old.bucket_id,
+				key: old.key,
+				versions: old.versions.into_iter().map(migrate_version).collect(),
+			}
+		}
+	}
+
+	fn migrate_version(old: v09::ObjectVersion) -> ObjectVersion {
+		ObjectVersion {
+			uuid: old.uuid,
+			timestamp: old.timestamp,
+			state: match old.state {
+				v09::ObjectVersionState::Uploading { multipart, headers } => {
+					ObjectVersionState::Uploading {
+						multipart,
+						encryption: migrate_headers(headers),
+					}
+				}
+				v09::ObjectVersionState::Complete(d) => {
+					ObjectVersionState::Complete(migrate_data(d))
+				}
+				v09::ObjectVersionState::Aborted => ObjectVersionState::Aborted,
+			},
+		}
+	}
+
+	fn migrate_data(old: v09::ObjectVersionData) -> ObjectVersionData {
+		match old {
+			v09::ObjectVersionData::DeleteMarker => ObjectVersionData::DeleteMarker,
+			v09::ObjectVersionData::Inline(meta, data) => {
+				ObjectVersionData::Inline(migrate_meta(meta), data)
+			}
+			v09::ObjectVersionData::FirstBlock(meta, fb) => {
+				ObjectVersionData::FirstBlock(migrate_meta(meta), fb)
+			}
+		}
+	}
+
+	fn migrate_meta(old: v09::ObjectVersionMeta) -> ObjectVersionMeta {
+		ObjectVersionMeta {
+			size: old.size,
+			etag: old.etag,
+			encryption: migrate_headers(old.headers),
+		}
+	}
+
+	fn migrate_headers(old: v09::ObjectVersionHeaders) -> ObjectVersionEncryption {
+		ObjectVersionEncryption::Plaintext { headers: old }
+	}
+
+	// Since ObjectVersionHeaders can now be serialized independently, for the
+	// purpose of being encrypted, we need it to support migrations on its own
+	// as well.
+	impl garage_util::migrate::InitialFormat for ObjectVersionHeaders {
+		const VERSION_MARKER: &'static [u8] = b"G010s3oh";
+	}
+}
+
+pub use v010::*;
 
 impl Object {
 	/// Initialize an Object struct from parts