[common] Refactor Protected Files, part 7 #1908
Conversation
There was a problem hiding this comment.
Reviewed 5 of 5 files at r1, all commit messages.
Reviewable status: all files reviewed, 2 unresolved discussions, not enough approvals from maintainers (2 more required), not enough approvals from different teams (1 more required, approved so far: Intel) (waiting on @dimakuv)
common/src/protected_files/protected_files_format.h line 57 at r1 (raw file):
uint8_t major_version; uint8_t minor_version; pf_nonce_t metadata_key_nonce;
Key nonce? Nonce is unrelated to the key itself, it sounds confusing to me. Maybe "cipher_nonce"?
common/src/protected_files/protected_files_internal.h line 26 at r1 (raw file):
metadata_node_t metadata_node; // plaintext and encrypted metadata from storage (bounce buffer) metadata_encrypted_t metadata_decrypted; // contains file path, size, etc.
Maybe decrypted_metadata? Sounds more natural. But I can also live with the current version if you don't like the proposal.
There was a problem hiding this comment.
Reviewable status: all files reviewed, 2 unresolved discussions, not enough approvals from maintainers (2 more required), not enough approvals from different teams (1 more required, approved so far: Intel) (waiting on @mkow)
common/src/protected_files/protected_files_format.h line 57 at r1 (raw file):
Previously, mkow (Michał Kowalczyk) wrote…
Key nonce? Nonce is unrelated to the key itself, it sounds confusing to me. Maybe "cipher_nonce"?
What I'm trying to convey here is "the nonce with which the key to encrypt the metadata node is derived". I don't think metadata_cipher_nonce conveys this message better.
What about one of the following:
metadata_nonce(a bit vague, but simple and uniform withmetadata_gmac)metadata_nonce_for_key_derivation(super long but very specific)metadata_nonce_derive(same as before, but shorter but more cryptic)
common/src/protected_files/protected_files_internal.h line 26 at r1 (raw file):
Previously, mkow (Michał Kowalczyk) wrote…
Maybe
decrypted_metadata? Sounds more natural. But I can also live with the current version if you don't like the proposal.
I like the current version better, for two reasons. First, metadata_decrypted conveys the meaning better (at least for me): it is the metadata node's contents, but decrypted. Whereas decrypted_metadata sounds to me more vague, as "some metadata which was decrypted".
Second, we have metadata_ prefix to denote everything that relates to the metadata node, not just some other metadata. So I'd like to keep all related-to-metadata-node variables/fields with this prefix.
There was a problem hiding this comment.
Reviewable status: all files reviewed, 1 unresolved discussion, not enough approvals from maintainers (1 more required) (waiting on @dimakuv)
common/src/protected_files/protected_files_format.h line 57 at r1 (raw file):
Previously, dimakuv (Dmitrii Kuvaiskii) wrote…
What I'm trying to convey here is "the nonce with which the key to encrypt the metadata node is derived". I don't think
metadata_cipher_nonceconveys this message better.What about one of the following:
metadata_nonce(a bit vague, but simple and uniform withmetadata_gmac)metadata_nonce_for_key_derivation(super long but very specific)metadata_nonce_derive(same as before, but shorter but more cryptic)
Ah, I see. Ok, let's keep the current name then, I don't like the others.
There was a problem hiding this comment.
Reviewed 5 of 5 files at r1, all commit messages.
Reviewable status: all files reviewed, 2 unresolved discussions, not enough approvals from maintainers (1 more required) (waiting on @dimakuv)
-- commits line 7 at r1:
-> contents
Code quote:
conents
This commit refactors PF code without changing functionality (part 7 in a series of commits). In particular, this commit renames: - "key_id" to a more correct "nonce" - "encrypted_part_plain" to "metadata_decrypted" (i.e. decrypted contents of the encrypted part of the metadata node) - "file" to a more specific "host_file_handle" - "file_metadata" to a more correct "metadata_node" - "root_mht" to a more specific "root_mht_node" Signed-off-by: Dmitrii Kuvaiskii <[email protected]>
dimakuv
force-pushed
the
dimakuv/dimakuv/protected-files-cleanup-new-part7
branch
from
941a6f8 to
c8d77b7
Compare
There was a problem hiding this comment.
Reviewable status: all files reviewed, 1 unresolved discussion (waiting on @kailun-qin)
Previously, kailun-qin (Kailun Qin) wrote…
-> contents
Done.
There was a problem hiding this comment.
Reviewed all commit messages.
Reviewable status:complete! all files reviewed, all discussions resolved
|
Jenkins, retest Jenkins-SGX-22.04 please (very slow node, unrelated) |
There was a problem hiding this comment.
Reviewed all commit messages.
Reviewable status:
Description of the changes
This commit refactors PF code without changing functionality (part 7 in a series of commits). In particular, this commit renames:
This PR supersedes #1894.
How to test this PR?
N/A.
This change is