Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1nHPWM-0004CD-QG for pgsql-hackers@arkaria.postgresql.org; Tue, 08 Feb 2022 12:22:58 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.92) (envelope-from ) id 1nHPWK-0001vl-MK for pgsql-hackers@arkaria.postgresql.org; Tue, 08 Feb 2022 12:22:56 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1nHPWK-0001vb-9l for pgsql-hackers@lists.postgresql.org; Tue, 08 Feb 2022 12:22:56 +0000 Received: from mail-ed1-x52c.google.com ([2a00:1450:4864:20::52c]) by makus.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.92) (envelope-from ) id 1nHPWH-0004xS-3E for pgsql-hackers@lists.postgresql.org; Tue, 08 Feb 2022 12:22:55 +0000 Received: by mail-ed1-x52c.google.com with SMTP id m11so37071206edi.13 for ; Tue, 08 Feb 2022 04:22:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cybertec-at.20210112.gappssmtp.com; s=20210112; h=from:to:subject:mime-version:content-id:content-transfer-encoding :date:message-id; bh=JoReSkuqAKmKklNApNWMKQHx81PoZubKCLRLxqLu/fg=; b=IWkbdJZwIa69lR0i+qG5lqU3LNNA3OXIwCYz/SHXCG8JEOtbFe5WYQyuXwuRyR38eQ HqL+QujSRGRgs9ygpMh1WuI+S0eqBcP2xoSuhjxzoel53BPgVArT2JgksniQsTpNNYgC ttS21RdS4lcAMEkL/Jh7kIIAXPRQOHdzXkyY5ft3dgU27xTa3yfxlWzJI5Sk87lJXLxo GXujRTk4jwTYy0cJ1eezvCjINYsWrsqRttlgScVPQe1h5Guw9T1ds99p/odEIpB1m99s EFpGed+0yDdpINdxGIgTw28Vs1F1a/DbsekBt9EMRKBxAGzowTdhkjUZ/XkvlYa8ptaD 6wDQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:mime-version:content-id :content-transfer-encoding:date:message-id; bh=JoReSkuqAKmKklNApNWMKQHx81PoZubKCLRLxqLu/fg=; b=OHLLGo5gkk4CMk7GhlELRZqPhovGJyO/uu74HCUYu+a4uEUZXeTteqixnADuKivyim 4JjwdyH6BNQ2VmKRZNuq6YR7MPmwM0jY/1BusOf73tGEjmi54O10wmuxZ7YhMyCJaLiN 4QVC8lIIjDweN67m8/O1z/xIMNowHFLN3R3G0Ngy/fIYevk7RZ7Uoe6J+UQiCyETnH7O W5EKK3NVLvKC7M0cThNUtpQCIO7BAwUbcrnxsrdctBpM0VIstqY/MbOd79xofrf5Nul0 iS67pGRB6lcAnyH+oeqJs2pLgIdbh5f4w2cgvzzfonNKb4Qy8ghF+TlHctua/w/KT1C2 rTYA== X-Gm-Message-State: AOAM532Y0H0TZ1qYGEIRlp0Lb1DtVNznHydDDJ+z6Zrl5fmx04fN/qUu icY5oUxE4EW280LC66OB+J1BiPZFpUKfPw== X-Google-Smtp-Source: ABdhPJxPwSytvl/PXZobSVhbz8cz743SoXW6KdV/vhisg2Ke6k2pA718DrK8nre5iksDt8hxrj3x7g== X-Received: by 2002:a05:6402:348b:: with SMTP id v11mr4196504edc.58.1644322968983; Tue, 08 Feb 2022 04:22:48 -0800 (PST) Received: from antos (85-207-121-76.static.bluetone.cz. [85.207.121.76]) by smtp.gmail.com with ESMTPSA id r10sm4809600ejy.148.2022.02.08.04.22.47 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 08 Feb 2022 04:22:48 -0800 (PST) From: Antonin Houska To: pgsql-hackers@lists.postgresql.org Subject: Temporary file access API X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 27.2.50 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <4986.1644323098.1@antos> Content-Transfer-Encoding: quoted-printable Date: Tue, 08 Feb 2022 13:24:58 +0100 Message-ID: <4987.1644323098@antos> List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk Here I'm starting a new thread to discuss a topic that's related to the Transparent Data Encryption (TDE), but could be useful even without that. = The problem has been addressed somehow in the Cybertec TDE fork, and I can pos= t the code here if it helps. However, after reading [1] (and the posts upthread), I've got another idea, so let's try to discuss it first. It makes sense to me if we first implement the buffering (i.e. writing/rea= ding certain amount of data at a time) and make the related functions aware of encryption later: as long as we use a block cipher, we also need to read/w= rite (suitably sized) chunks rather than individual bytes (or arbitrary amounts= of data). (In theory, someone might need encryption but reject buffering, but= I'm not sure if this is a realistic use case.) For the buffering, I imagine a "file stream" object that user creates on t= he top of a file descriptor, such as FileStream *FileStreamCreate(File file, int buffer_size) or FileStream *FileStreamCreateFD(int fd, int buffer_size) and uses functions like int FileStreamWrite(FileStream *stream, char *buffer, int amount) and int FileStreamRead(FileStream *stream, char *buffer, int amount) to write and read data respectively. Besides functions to close the streams explicitly (e.g. FileStreamClose() = / FileStreamFDClose()), we'd need to ensure automatic closing where that hap= pens to the file. For example, if OpenTemporaryFile() was used to obtain the fi= le descriptor, the user expects that the file will be closed and deleted on transaction boundary, so the corresponding stream should be freed automatically as well. To avoid code duplication, buffile.c should use these streams internally a= s well, as it also performs buffering. (Here we'd also need functions to cha= nge reading/writing position.) Once we implement the encryption, we might need add an argument to the FileStreamCreate...() functions that helps to generate an unique IV, but t= he ...Read() / ...Write() functions would stay intact. And possibly one more argument to specify the kind of cipher, in case we support more than one. I think that's enough to start the discussion. Thanks for feedback in adva= nce. [1] https://www.postgresql.org/message-id/CA%2BTgmoYGjN_f%3DFCErX49bzjhNG%= 2BGoctY%2Ba%2BXhNRWCVvDY8U74w%40mail.gmail.com -- = Antonin Houska Web: https://www.cybertec-postgresql.com