git-server-git.apps.pok.os.sepia.ceph.com Git

rgw: replace GCM nonce with salt-based key derivation

Move randomness from the GCM IV into key derivation. Each object
now gets a 32-byte random salt stored in RGW_ATTR_CRYPT_SALT, fed
into HMAC-SHA256 alongside bucket_id and object name to produce a
unique per-object key. The GCM IV is a deterministic counter from
the chunk position, which is safe because the key never repeats.

All GCM modes (SSE-C, SSE-KMS, SSE-S3, RGW-AUTO) now go through
derive_object_key() before any encrypt or decrypt operation.

Rename AES_GCM_NONCE_SIZE to AES_GCM_IV_SIZE across CryptoAccel
backends (isa-l, openssl, qat) to reflect what it actually is.

Signed-off-by: Matthew N. Heler <matthew.heler@hotmail.com>

author	Matthew N. Heler <matthew.heler@hotmail.com>
	Thu, 19 Mar 2026 01:46:26 +0000 (20:46 -0500)
committer	Matthew N. Heler <matthew.heler@hotmail.com>
	Wed, 20 May 2026 18:31:02 +0000 (13:31 -0500)
commit	5e7a78180dfdab09112b85ad6480a3594f2bf5e2
tree	0db8e958691eeafc47281a7f36c5a9f4eb2f5a6b	tree \| snapshot
parent	d651201a90b147c58448ac4b7ffe216d07b1fed6	commit \| diff

src/crypto/crypto_accel.h		diff \| blob \| history
src/crypto/isa-l/isal_crypto_accel.cc		diff \| blob \| history
src/crypto/isa-l/isal_crypto_accel.h		diff \| blob \| history
src/crypto/openssl/openssl_crypto_accel.cc		diff \| blob \| history
src/crypto/openssl/openssl_crypto_accel.h		diff \| blob \| history
src/crypto/qat/qat_crypto_accel.h		diff \| blob \| history
src/rgw/driver/rados/rgw_rados.cc		diff \| blob \| history
src/rgw/rgw_common.h		diff \| blob \| history
src/rgw/rgw_crypt.cc		diff \| blob \| history
src/rgw/rgw_crypt.h		diff \| blob \| history
src/test/rgw/test_rgw_crypto.cc		diff \| blob \| history