From: Marcus Watts <mwatts@redhat.com>
Date: Mon, 7 Dec 2020 22:53:05 +0000 (-0500)
Subject: rgw/kms/vault - define attribute to store encryption context
X-Git-Tag: v17.1.0~2697^2~9
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=2ea143711430cb76c55479fdfbf7ba02d1fd80fb;p=ceph.git

rgw/kms/vault - define attribute to store encryption context

For rgw sse:kms use, the aws s3 standard provides an attribute
to store the base-64 encoded canonical json "encryption context".
This should be used to vary the per-object keys used for the
actual object encryption.

Fixes: http://tracker.ceph.com/issues/48746
Signed-off-by: Marcus Watts <mwatts@redhat.com>
---

diff --git a/src/rgw/rgw_common.h b/src/rgw/rgw_common.h
index 81308f655cc6..ae7083710bc6 100644
--- a/src/rgw/rgw_common.h
+++ b/src/rgw/rgw_common.h
@@ -140,6 +140,7 @@ using ceph::crypto::MD5;
 #define RGW_ATTR_CRYPT_KEYMD5   RGW_ATTR_CRYPT_PREFIX "keymd5"
 #define RGW_ATTR_CRYPT_KEYID    RGW_ATTR_CRYPT_PREFIX "keyid"
 #define RGW_ATTR_CRYPT_KEYSEL   RGW_ATTR_CRYPT_PREFIX "keysel"
+#define RGW_ATTR_CRYPT_CONTEXT  RGW_ATTR_CRYPT_PREFIX "context"
 
 
 #define RGW_FORMAT_PLAIN        0