Add encryption to diskqueue

[leehinman]

What does this PR do?

Adds support for AES 128 CTR encryption to disk queue.

Why is it important?

Necessary for endpoint running under elastic-agent

Checklist

• My code follows the style guidelines of this project
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
  - [ ] I have made corresponding change to the default configuration files
• I have added tests that prove my fix is effective or that my feature works
• I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

How to test this PR locally

go test -bench=1M -benchtime 1x -count 10 -timeout 600m -benchmem > results.txt

benchstat results.txt
name               time/op
Async1M-16          22.0s ± 1%
EncryptAsync1M-16   20.5s ± 1%
Sync1M-16           25.2s ± 1%
EncryptSync1M-16    27.5s ± 0%

name               alloc/op
Async1M-16         3.43GB ± 0%
EncryptAsync1M-16  3.43GB ± 0%
Sync1M-16          3.42GB ± 0%
EncryptSync1M-16   3.42GB ± 0%

name               allocs/op
Async1M-16          40.6M ± 0%
EncryptAsync1M-16   40.5M ± 0%
Sync1M-16           39.5M ± 0%
EncryptSync1M-16    40.1M ± 0%

Related issues

• Relates elastic-agent-shipper#33
• Relates improve disk queue performance by coalescing writes #31935
• Relates Add encryption to diskqueue #31949

[elasticmachine]

Pinging @elastic/elastic-agent-data-plane (Team:Elastic-Agent-Data-Plane)

[elasticmachine]

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Start Time: 2022-06-20T22:17:37.742+0000

• Duration: 92 min 12 sec

Test stats 🧪

Test	Results
Failed	0
Passed	22282
Skipped	1937
Total	24219

💚 Flaky test report

Tests succeeded.

🤖 GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

• /package : Generate the packages and run the E2E tests.

• /beats-tester : Run the installation tests with beats-tester.

• run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

[cmacknz]

Benchmarks for this implementation:

name               time/op
Async1M-16          22.0s ± 1%
EncryptAsync1M-16   20.5s ± 1%
Sync1M-16           25.2s ± 1%
EncryptSync1M-16    27.5s ± 0%

name               alloc/op
Async1M-16         3.43GB ± 0%
EncryptAsync1M-16  3.43GB ± 0%
Sync1M-16          3.42GB ± 0%
EncryptSync1M-16   3.42GB ± 0%

name               allocs/op
Async1M-16          40.6M ± 0%
EncryptAsync1M-16   40.5M ± 0%
Sync1M-16           39.5M ± 0%
EncryptSync1M-16    40.1M ± 0%

Compared to the previous implementation: #31949

name           time/op
V1Async1M-16    38.8s ± 2%
V2Async1M-16    37.9s ± 8%
V1Sync1M-16     37.7s ± 1%
V2Sync1M-16     40.3s ± 0%

name           alloc/op
V1Async1M-16   3.47GB ± 0%
V2Async1M-16   3.46GB ± 0%
V1Sync1M-16    3.44GB ± 0%
V2Sync1M-16    3.45GB ± 0%


name           allocs/op
V1Async1M-16    43.4M ± 0%
V2Async1M-16    42.0M ± 0%
V1Sync1M-16     40.5M ± 0%
V2Sync1M-16     41.2M ± 0%

This version seems almost twice as fast ad allocates slightly less. What do you think caused this @leehinman? I want to make sure the improvement isn't a mirage :)

[cmacknz]

go test -bench=1M -benchtime 1x -count 10 -timeout 600m -benchmem Can we make this a mage target or even just a script in the disk queue directory? You've already figured out a reasonable config for running tests and we should save future developers from having to do that themselves.

[cmacknz]

Are there any security concerns with the re-slicing here? Part of the previous ciphertext will potentially hang around at the end of the underlying array.

[leehinman]

No, having ciphertext around is acceptable. We expect Malory to be able to "see" cipher text. Also I would assume anyone that could view memory of the process could also view the segment file which would have the cipher text as well.

[cmacknz]

Any reason not to just make this larger for more future proofing? Probably nobody will notice 1-3 extra bytes in each segment file depending on uint16 or uint32 as the larger size.

[leehinman]

I waffled on this. In the end I picked uint8 because I couldn't think of even 8 options, but we could easily go with uint32, that would match version & count.

[leehinman]

switched to uint32

[leehinman]

This version seems almost twice as fast ad allocates slightly less. What do you think caused this @leehinman? I want to make sure the improvement isn't a mirage :)

So this is because #31935 wasn't merged when the benchmark was run for #39149, that is what accounts for the speed up and drop in allocations.

One thing that is directly comparable between #31935 and this PR is

"1M_10k-16 21.7s ± 0%" is the same test as "Async1M-16 22.0s ± 1%" in this PR. The times are close enough that I would say the changes in this PR that add the options field, and switches to a segmentReader instead of direct io.File, don't change the speed significantly. The allocations are the same between the two.

[leehinman]

go test -bench=1M -benchtime 1x -count 10 -timeout 600m -benchmem Can we make this a mage target or even just a script in the disk queue directory? You've already figured out a reasonable config for running tests and we should save future developers from having to do that themselves.

Short term, I added comment to header of benchmark_test.go about how to run. I'll work with team to see what people want long term.

[cmacknz]

👍

[cmacknz]

Was this supposed to stay?

[cmacknz]

LGTM, wait for @faec to review before merging.

[faec]

looks good, thanks!