cache.h

Go to the documentation of this file.

/*
 * Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved.
 *
 * Licensed under the Apache License, Version 2.0 (the "License"). You may not use
 * this file except in compliance with the License. A copy of the License is
 * located at
 *
 *     http://aws.amazon.com/apache2.0/
 *
 * or in the "license" file accompanying this file. This file is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
 * implied. See the License for the specific language governing permissions and
 * limitations under the License.
 */
 
#ifndef AWS_CRYPTOSDK_CACHE_H
#define AWS_CRYPTOSDK_CACHE_H
 
#include <aws/common/clock.h>
 
#include <aws/cryptosdk/exports.h>
#include <aws/cryptosdk/materials.h>
#include <aws/cryptosdk/vtable.h>
 
AWS_EXTERN_C_BEGIN

 
#define AWS_CRYPTOSDK_CACHE_MAX_LIMIT_MESSAGES ((uint64_t)1 << 32)

#ifdef AWS_CRYPTOSDK_DOXYGEN
struct aws_cryptosdk_materials_cache;
#else
struct aws_cryptosdk_materials_cache {
    struct aws_atomic_var refcount;
    const struct aws_cryptosdk_materials_cache_vt *vt;
};
#endif
 
#ifndef AWS_CRYPTOSDK_DOXYGEN

struct aws_cryptosdk_materials_cache_entry;
 
struct aws_cryptosdk_cache_usage_stats {
    uint64_t bytes_encrypted, messages_encrypted;
};
 
AWS_CRYPTOSDK_STATIC_INLINE
void aws_cryptosdk_materials_cache_base_init(
    struct aws_cryptosdk_materials_cache *cache, const struct aws_cryptosdk_materials_cache_vt *vt) {
    cache->vt = vt;
    aws_atomic_init_int(&cache->refcount, 1);
}
 
struct aws_cryptosdk_materials_cache_vt {
    size_t vt_size;

    const char *name;

 
    int (*find_entry)(
        struct aws_cryptosdk_materials_cache *cache,
        struct aws_cryptosdk_materials_cache_entry **entry,
        bool *is_encrypt,
        const struct aws_byte_buf *cache_id);

    int (*update_usage_stats)(
        struct aws_cryptosdk_materials_cache *cache,
        struct aws_cryptosdk_materials_cache_entry *entry,
        struct aws_cryptosdk_cache_usage_stats *usage_stats);

    int (*get_enc_materials)(
        struct aws_cryptosdk_materials_cache *cache,
        struct aws_allocator *allocator,
        struct aws_cryptosdk_enc_materials **materials,
        struct aws_hash_table *enc_ctx,
        struct aws_cryptosdk_materials_cache_entry *entry);

    int (*get_dec_materials)(
        const struct aws_cryptosdk_materials_cache *cache,
        struct aws_allocator *allocator,
        struct aws_cryptosdk_dec_materials **materials,
        const struct aws_cryptosdk_materials_cache_entry *entry);

    void (*put_entry_for_encrypt)(
        struct aws_cryptosdk_materials_cache *cache,
        struct aws_cryptosdk_materials_cache_entry **entry,
        const struct aws_cryptosdk_enc_materials *enc_materials,
        struct aws_cryptosdk_cache_usage_stats initial_usage,
        const struct aws_hash_table *enc_ctx,
        const struct aws_byte_buf *cache_id);

    void (*put_entry_for_decrypt)(
        struct aws_cryptosdk_materials_cache *cache,
        struct aws_cryptosdk_materials_cache_entry **entry,
        const struct aws_cryptosdk_dec_materials *dec_materials,
        const struct aws_byte_buf *cache_id);

    void (*destroy)(struct aws_cryptosdk_materials_cache *cache);
 
    size_t (*entry_count)(const struct aws_cryptosdk_materials_cache *cache);

    void (*entry_release)(
        struct aws_cryptosdk_materials_cache *cache,
        struct aws_cryptosdk_materials_cache_entry *entry,
        bool invalidate);

    uint64_t (*entry_get_creation_time)(
        const struct aws_cryptosdk_materials_cache *cache, const struct aws_cryptosdk_materials_cache_entry *entry);

    void (*entry_ttl_hint)(
        struct aws_cryptosdk_materials_cache *cache,
        struct aws_cryptosdk_materials_cache_entry *entry,
        uint64_t exp_time);

    void (*clear)(struct aws_cryptosdk_materials_cache *cache);
};
 
AWS_CRYPTOSDK_STATIC_INLINE
int aws_cryptosdk_materials_cache_find_entry(
    struct aws_cryptosdk_materials_cache *cache,
    struct aws_cryptosdk_materials_cache_entry **entry,
    bool *is_encrypt,
    const struct aws_byte_buf *cache_id) {
    int (*find_entry)(
        struct aws_cryptosdk_materials_cache * cache,
        struct aws_cryptosdk_materials_cache_entry * *entry,
        bool *is_encrypt,
        const struct aws_byte_buf *cache_id) = AWS_CRYPTOSDK_PRIVATE_VT_GET_NULL(cache->vt, find_entry);
 
    *entry = NULL;
    if (find_entry) {
        return find_entry(cache, entry, is_encrypt, cache_id);
    }
 
    return AWS_OP_SUCCESS;
}
 
AWS_CRYPTOSDK_STATIC_INLINE
int aws_cryptosdk_materials_cache_update_usage_stats(
    struct aws_cryptosdk_materials_cache *cache,
    struct aws_cryptosdk_materials_cache_entry *entry,
    struct aws_cryptosdk_cache_usage_stats *usage_stats) {
    int (*update_usage_stats)(
        struct aws_cryptosdk_materials_cache * cache,
        struct aws_cryptosdk_materials_cache_entry * entry,
        struct aws_cryptosdk_cache_usage_stats * usage_stats) =
        AWS_CRYPTOSDK_PRIVATE_VT_GET_NULL(cache->vt, update_usage_stats);
 
    if (!update_usage_stats) {
        return aws_raise_error(AWS_ERROR_UNSUPPORTED_OPERATION);
    }
 
    return update_usage_stats(cache, entry, usage_stats);
}
 
AWS_CRYPTOSDK_STATIC_INLINE
int aws_cryptosdk_materials_cache_get_enc_materials(
    struct aws_cryptosdk_materials_cache *cache,
    struct aws_allocator *allocator,
    struct aws_cryptosdk_enc_materials **materials,
    struct aws_hash_table *enc_ctx,
    struct aws_cryptosdk_materials_cache_entry *entry) {
    int (*get_enc_materials)(
        struct aws_cryptosdk_materials_cache * cache,
        struct aws_allocator * allocator,
        struct aws_cryptosdk_enc_materials * *materials,
        struct aws_hash_table * enc_ctx,
        struct aws_cryptosdk_materials_cache_entry * entry) =
        AWS_CRYPTOSDK_PRIVATE_VT_GET_NULL(cache->vt, get_enc_materials);
 
    *materials = NULL;
    if (!get_enc_materials) {
        return aws_raise_error(AWS_ERROR_UNSUPPORTED_OPERATION);
    }
 
    return get_enc_materials(cache, allocator, materials, enc_ctx, entry);
}
 
AWS_CRYPTOSDK_STATIC_INLINE
int aws_cryptosdk_materials_cache_get_dec_materials(
    const struct aws_cryptosdk_materials_cache *cache,
    struct aws_allocator *allocator,
    struct aws_cryptosdk_dec_materials **materials,
    const struct aws_cryptosdk_materials_cache_entry *entry) {
    int (*get_dec_materials)(
        const struct aws_cryptosdk_materials_cache *cache,
        struct aws_allocator *allocator,
        struct aws_cryptosdk_dec_materials **materials,
        const struct aws_cryptosdk_materials_cache_entry *entry) =
        AWS_CRYPTOSDK_PRIVATE_VT_GET_NULL(cache->vt, get_dec_materials);
 
    *materials = NULL;
    if (!get_dec_materials) {
        return aws_raise_error(AWS_ERROR_UNSUPPORTED_OPERATION);
    }
 
    return get_dec_materials(cache, allocator, materials, entry);
}
 
AWS_CRYPTOSDK_STATIC_INLINE
void aws_cryptosdk_materials_cache_put_entry_for_encrypt(
    struct aws_cryptosdk_materials_cache *cache,
    struct aws_cryptosdk_materials_cache_entry **entry,
    const struct aws_cryptosdk_enc_materials *enc_materials,
    struct aws_cryptosdk_cache_usage_stats initial_usage,
    const struct aws_hash_table *enc_ctx,
    const struct aws_byte_buf *cache_id) {
    void (*put_entry_for_encrypt)(
        struct aws_cryptosdk_materials_cache * cache,
        struct aws_cryptosdk_materials_cache_entry * *entry,
        const struct aws_cryptosdk_enc_materials *enc_materials,
        struct aws_cryptosdk_cache_usage_stats initial_usage,
        const struct aws_hash_table *enc_ctx,
        const struct aws_byte_buf *cache_id) = AWS_CRYPTOSDK_PRIVATE_VT_GET_NULL(cache->vt, put_entry_for_encrypt);
 
    *entry = NULL;
    if (put_entry_for_encrypt) {
        put_entry_for_encrypt(cache, entry, enc_materials, initial_usage, enc_ctx, cache_id);
    }
}
 
AWS_CRYPTOSDK_STATIC_INLINE
void aws_cryptosdk_materials_cache_put_entry_for_decrypt(
    struct aws_cryptosdk_materials_cache *cache,
    struct aws_cryptosdk_materials_cache_entry **entry,
    const struct aws_cryptosdk_dec_materials *dec_materials,
    const struct aws_byte_buf *cache_id) {
    void (*put_entry_for_decrypt)(
        struct aws_cryptosdk_materials_cache * cache,
        struct aws_cryptosdk_materials_cache_entry * *entry,
        const struct aws_cryptosdk_dec_materials *dec_materials,
        const struct aws_byte_buf *cache_id) = AWS_CRYPTOSDK_PRIVATE_VT_GET_NULL(cache->vt, put_entry_for_decrypt);
 
    *entry = NULL;
    if (put_entry_for_decrypt) {
        put_entry_for_decrypt(cache, entry, dec_materials, cache_id);
    }
}
 
AWS_CRYPTOSDK_STATIC_INLINE
void aws_cryptosdk_materials_cache_entry_release(
    struct aws_cryptosdk_materials_cache *cache, struct aws_cryptosdk_materials_cache_entry *entry, bool invalidate) {
    void (*entry_release)(
        struct aws_cryptosdk_materials_cache * cache,
        struct aws_cryptosdk_materials_cache_entry * entry,
        bool invalidate) = AWS_CRYPTOSDK_PRIVATE_VT_GET_NULL(cache->vt, entry_release);
 
    if (entry_release) {
        entry_release(cache, entry, invalidate);
    }
}
 
AWS_CRYPTOSDK_STATIC_INLINE
uint64_t aws_cryptosdk_materials_cache_entry_get_creation_time(
    const struct aws_cryptosdk_materials_cache *cache, const struct aws_cryptosdk_materials_cache_entry *entry) {
    uint64_t (*entry_get_creation_time)(
        const struct aws_cryptosdk_materials_cache *cache, const struct aws_cryptosdk_materials_cache_entry *entry) =
        AWS_CRYPTOSDK_PRIVATE_VT_GET_NULL(cache->vt, entry_get_creation_time);
 
    if (entry_get_creation_time) {
        return entry_get_creation_time(cache, entry);
    } else {
        return 0;
    }
}
 
AWS_CRYPTOSDK_STATIC_INLINE
void aws_cryptosdk_materials_cache_entry_ttl_hint(
    struct aws_cryptosdk_materials_cache *cache, struct aws_cryptosdk_materials_cache_entry *entry, uint64_t exp_time) {
    void (*entry_ttl_hint)(
        struct aws_cryptosdk_materials_cache * cache,
        struct aws_cryptosdk_materials_cache_entry * entry,
        uint64_t exp_time) = AWS_CRYPTOSDK_PRIVATE_VT_GET_NULL(cache->vt, entry_ttl_hint);
 
    if (entry_ttl_hint) {
        entry_ttl_hint(cache, entry, exp_time);
    }
}
 
#endif  // AWS_CRYPTOSDK_DOXYGEN (unstable APIs excluded from docs)

AWS_CRYPTOSDK_API
struct aws_cryptosdk_materials_cache *aws_cryptosdk_materials_cache_local_new(
    struct aws_allocator *alloc, size_t capacity);

AWS_CRYPTOSDK_STATIC_INLINE
size_t aws_cryptosdk_materials_cache_entry_count(const struct aws_cryptosdk_materials_cache *cache) {
    size_t (*entry_count)(const struct aws_cryptosdk_materials_cache *cache) =
        AWS_CRYPTOSDK_PRIVATE_VT_GET_NULL(cache->vt, entry_count);
 
    if (!entry_count) {
        return SIZE_MAX;
    }
 
    return entry_count(cache);
}

AWS_CRYPTOSDK_STATIC_INLINE
void aws_cryptosdk_materials_cache_clear(struct aws_cryptosdk_materials_cache *cache) {
    void (*clear)(struct aws_cryptosdk_materials_cache * cache) = AWS_CRYPTOSDK_PRIVATE_VT_GET_NULL(cache->vt, clear);
 
    if (clear) {
        clear(cache);
    }
}

AWS_CRYPTOSDK_STATIC_INLINE struct aws_cryptosdk_materials_cache *aws_cryptosdk_materials_cache_retain(
    struct aws_cryptosdk_materials_cache *materials_cache) {
    aws_cryptosdk_private_refcount_up(&materials_cache->refcount);
    return materials_cache;
}

AWS_CRYPTOSDK_STATIC_INLINE void aws_cryptosdk_materials_cache_release(
    struct aws_cryptosdk_materials_cache *materials_cache) {
    if (materials_cache && aws_cryptosdk_private_refcount_down(&materials_cache->refcount)) {
        void (*destroy)(struct aws_cryptosdk_materials_cache * cache) =
            AWS_CRYPTOSDK_PRIVATE_VT_GET_NULL(materials_cache->vt, destroy);
 
        if (!destroy) {
            abort();
        }
 
        destroy(materials_cache);
    }
}

AWS_CRYPTOSDK_API
struct aws_cryptosdk_cmm *aws_cryptosdk_caching_cmm_new_from_cmm(
    struct aws_allocator *alloc,
    struct aws_cryptosdk_materials_cache *materials_cache,
    struct aws_cryptosdk_cmm *upstream,
    const struct aws_byte_buf *partition_id,
    uint64_t cache_limit_ttl,
    enum aws_timestamp_unit cache_limit_ttl_units);

AWS_CRYPTOSDK_API
struct aws_cryptosdk_cmm *aws_cryptosdk_caching_cmm_new_from_keyring(
    struct aws_allocator *alloc,
    struct aws_cryptosdk_materials_cache *materials_cache,
    struct aws_cryptosdk_keyring *keyring,
    const struct aws_byte_buf *partition_id,
    uint64_t cache_limit_ttl,
    enum aws_timestamp_unit cache_limit_ttl_units);

AWS_CRYPTOSDK_API
int aws_cryptosdk_caching_cmm_set_ttl(struct aws_cryptosdk_cmm *cmm, uint64_t ttl, enum aws_timestamp_unit ttl_units);

AWS_CRYPTOSDK_API
int aws_cryptosdk_caching_cmm_set_limit_bytes(struct aws_cryptosdk_cmm *cmm, uint64_t limit_bytes);

AWS_CRYPTOSDK_API
int aws_cryptosdk_caching_cmm_set_limit_messages(struct aws_cryptosdk_cmm *cmm, uint64_t limit_messages);
 
AWS_EXTERN_C_END
  // doxygen group caching
 
#endif