rgw/kms/vault - define attribute to store encryption context

For rgw sse:kms use, the aws s3 standard provides an attribute
to store the base-64 encoded canonical json "encryption context".
This should be used to vary the per-object keys used for the
actual object encryption.

Fixes: http://tracker.ceph.com/issues/48746
Signed-off-by: Marcus Watts <mwatts@redhat.com>
(cherry picked from commit 2ea143711430cb76c55479fdfbf7ba02d1fd80fb)

diff --git a/src/rgw/rgw_common.h b/src/rgw/rgw_common.h
index 4a96a86492760044275e060034a0266b8b4d731c..23fdfaae39fbd77799ab39545b52d1d664642974 100644 (file)
--- a/src/rgw/rgw_common.h
+++ b/src/rgw/rgw_common.h
@@ -140,6 +140,7 @@ using ceph::crypto::MD5;
 #define RGW_ATTR_CRYPT_KEYMD5   RGW_ATTR_CRYPT_PREFIX "keymd5"
 #define RGW_ATTR_CRYPT_KEYID    RGW_ATTR_CRYPT_PREFIX "keyid"
 #define RGW_ATTR_CRYPT_KEYSEL   RGW_ATTR_CRYPT_PREFIX "keysel"
+#define RGW_ATTR_CRYPT_CONTEXT  RGW_ATTR_CRYPT_PREFIX "context"
 
 
 #define RGW_FORMAT_PLAIN        0