Implement log encryption using native AES utilities
Summary:
This differential:
- Refactors our native AES crypto API so that it can work both with std::vector<std::uint8_t>& and rust::Slice<std::uint8_t>.
- Uses AES crypto API to encrypt log files.
- Introduces additional encryption key to encrypt log files. This key lifecycle is tightly coupled with encryption key lifecycle used to encrypt latest compaction.
Why new encryption key? Cutting SQLCipher encryption key in half to make it 32 bytes is incorrect - keys should be created from each other using KDF. In order to correctly use KDF to create 32 byte key for logs from 64 byte SQLCipher key we would have to:
- Implement creation of master key that is not used to encrypt anything.
- Dig into native crypto API to expose to common C++ some KDF (SHA256 could be fine).
- Refactor SQLCipher encryption key to be derived from master key.
- Derive logs encryption key from master key.
For now it is too much work we don't have cycles for so we are just creating brand new 32 key and make sure its lifecycle is strictly coupled with SQLCipher encryption key.
It was discussed with Yiannis.
Test Plan: Same as for parent differential but this time ensure that logs don't have any human-readable content (not attachments - they remain unencrypted)
Reviewers: michal, kamil
Reviewed By: michal, kamil
Subscribers: ashoat, tomek
Differential Revision: https://phab.comm.dev/D10838