Support AES256 at-rest encryption in Files
Summary:
Ref T11140. This makes encryption actually work:
- Provide a new configuation option, keyring, for specifying encryption keys.
- One key may be marked as default. This activates AES256 encryption for Files.
- Add bin/files generate-key. This is helps when generating valid encryption keys.
- Add bin/files encode. This changes the storage encoding of a file, and helps test encodings and migrate existing data.
- Add bin/files cycle. This re-encodes the block key with a new master key, if your master key leaks or you're just paraonid.
- Document all these options and behaviors.
Test Plan:
- Configured a bad keyring, hit a bunch of different errors.
- Used bin/files generate-key to try to generate bad keys, got appropriate errors ("raw doesn't support keys", etc).
- Used bin/files generate-key to generate an AES256 key.
- Put the new AES256 key into the keyring, without default.
- Uploaded a new file, verified it still uploaded as raw data (no default key yet).
- Used bin/files encode to change a file to ROT13 and back to raw. Verified old data got deleted and new data got stored properly.
- Used bin/files encode --key ... to explicitly convert a file to AES256 with my non-default key.
- Forced a re-encode of an AES256 file, verified the old data was deleted and a new key and IV were generated.
- Used bin/files cycle to try to cycle raw/rot13 files, got errors.
- Used bin/files cycle to cycle AES256 files. Verified metadata changed but file data did not. Verified file data was still decryptable with metadata.
- Ran bin/files cycle --all.
- Ran encode and cycle on chunked files, saw commands fail properly. These commands operate on the underlying data blocks, not the chunk metadata.
- Set key to default, uploaded a file, saw it stored as AES256.
- Read documentation.
Reviewers: chad
Reviewed By: chad
Maniphest Tasks: T11140
Differential Revision: https://secure.phabricator.com/D16127