From 2ea143711430cb76c55479fdfbf7ba02d1fd80fb Mon Sep 17 00:00:00 2001
From: Marcus Watts <mwatts@redhat.com>
Date: Mon, 7 Dec 2020 17:53:05 -0500
Subject: [PATCH] rgw/kms/vault - define attribute to store encryption context

For rgw sse:kms use, the aws s3 standard provides an attribute
to store the base-64 encoded canonical json "encryption context".
This should be used to vary the per-object keys used for the
actual object encryption.

Fixes: http://tracker.ceph.com/issues/48746
Signed-off-by: Marcus Watts <mwatts@redhat.com>
---
 src/rgw/rgw_common.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/rgw/rgw_common.h b/src/rgw/rgw_common.h
index 81308f655cc6e..ae7083710bc66 100644
--- a/src/rgw/rgw_common.h
+++ b/src/rgw/rgw_common.h
@@ -140,6 +140,7 @@ using ceph::crypto::MD5;
 #define RGW_ATTR_CRYPT_KEYMD5   RGW_ATTR_CRYPT_PREFIX "keymd5"
 #define RGW_ATTR_CRYPT_KEYID    RGW_ATTR_CRYPT_PREFIX "keyid"
 #define RGW_ATTR_CRYPT_KEYSEL   RGW_ATTR_CRYPT_PREFIX "keysel"
+#define RGW_ATTR_CRYPT_CONTEXT  RGW_ATTR_CRYPT_PREFIX "context"
 
 
 #define RGW_FORMAT_PLAIN        0
-- 
2.39.5