diff options
| author | Sergei Golubchik <serg@mariadb.org> | 2015-03-25 09:47:26 +0100 |
|---|---|---|
| committer | Sergei Golubchik <serg@mariadb.org> | 2015-04-05 13:14:38 +0200 |
| commit | 3bbe2057da977b3197e19ceede87b4e79b542b59 (patch) | |
| tree | fae50622ea44dd2357235227fcdbc3e7abf512a0 /mysys_ssl/my_crypt.cc | |
| parent | 2f8d101f9eb5193a8a1d5ab5cc8e52d7b52007a4 (diff) | |
| download | mariadb-git-3bbe2057da977b3197e19ceede87b4e79b542b59.tar.gz | |
yassl support
Diffstat (limited to 'mysys_ssl/my_crypt.cc')
| -rw-r--r-- | mysys_ssl/my_crypt.cc | 93 |
1 files changed, 63 insertions, 30 deletions
diff --git a/mysys_ssl/my_crypt.cc b/mysys_ssl/my_crypt.cc index 2b9bfedb08c..c5db08e331d 100644 --- a/mysys_ssl/my_crypt.cc +++ b/mysys_ssl/my_crypt.cc @@ -15,49 +15,84 @@ along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ -/* - TODO: add support for YASSL -*/ - #include <my_global.h> #include <my_crypt.h> -#ifdef HAVE_EncryptAes128Ctr +// TODO +// different key lengths + +#ifdef HAVE_YASSL +#include "aes.hpp" + +typedef TaoCrypt::CipherDir Dir; +static const Dir CRYPT_ENCRYPT = TaoCrypt::ENCRYPTION; +static const Dir CRYPT_DECRYPT = TaoCrypt::DECRYPTION; + +typedef TaoCrypt::Mode CipherMode; +static inline CipherMode EVP_aes_128_ecb() { return TaoCrypt::ECB; } +static inline CipherMode EVP_aes_128_cbc() { return TaoCrypt::CBC; } + +typedef TaoCrypt::byte KeyByte; +#else #include <openssl/evp.h> #include <openssl/aes.h> -static const int CRYPT_ENCRYPT = 1; -static const int CRYPT_DECRYPT = 0; +typedef int Dir; +static const Dir CRYPT_ENCRYPT = 1; +static const Dir CRYPT_DECRYPT = 0; -C_MODE_START +typedef const EVP_CIPHER *CipherMode; +struct MyCTX : EVP_CIPHER_CTX { + MyCTX() { EVP_CIPHER_CTX_init(this); } + ~MyCTX() { EVP_CIPHER_CTX_cleanup(this); } +}; + +typedef uchar KeyByte; +#endif -static int do_crypt(const EVP_CIPHER *cipher, int encrypt, +static int do_crypt(CipherMode cipher, Dir dir, const uchar* source, uint32 source_length, uchar* dest, uint32* dest_length, - const uchar* key, uint8 key_length, - const uchar* iv, uint8 iv_length, int no_padding) + const KeyByte *key, uint8 key_length, + const KeyByte *iv, uint8 iv_length, int no_padding) { - int res= AES_OPENSSL_ERROR, fin; int tail= no_padding ? source_length % MY_AES_BLOCK_SIZE : 0; + DBUG_ASSERT(source_length - tail >= MY_AES_BLOCK_SIZE); + +#ifdef HAVE_YASSL + TaoCrypt::AES ctx(dir, cipher); - EVP_CIPHER_CTX ctx; - EVP_CIPHER_CTX_init(&ctx); - if (!EVP_CipherInit_ex(&ctx, cipher, NULL, key, iv, encrypt)) - goto err; + ctx.SetKey(key, key_length); + if (iv) + { + ctx.SetIV(iv); + DBUG_ASSERT(TaoCrypt::AES::BLOCK_SIZE == iv_length); + } + DBUG_ASSERT(TaoCrypt::AES::BLOCK_SIZE == MY_AES_BLOCK_SIZE); + + ctx.Process(dest, source, source_length - tail); + *dest_length= source_length; +#else // HAVE_OPENSSL + int fin; + struct MyCTX ctx; + if (!EVP_CipherInit_ex(&ctx, cipher, NULL, key, iv, dir)) + return AES_OPENSSL_ERROR; EVP_CIPHER_CTX_set_padding(&ctx, !no_padding); DBUG_ASSERT(EVP_CIPHER_CTX_key_length(&ctx) == key_length); - DBUG_ASSERT(EVP_CIPHER_CTX_iv_length(&ctx) == iv_length || !EVP_CIPHER_CTX_iv_length(&ctx)); + DBUG_ASSERT(EVP_CIPHER_CTX_iv_length(&ctx) == iv_length); DBUG_ASSERT(EVP_CIPHER_CTX_block_size(&ctx) == MY_AES_BLOCK_SIZE || !no_padding); if (!EVP_CipherUpdate(&ctx, dest, (int*)dest_length, source, source_length - tail)) - goto err; + return AES_OPENSSL_ERROR; if (!EVP_CipherFinal_ex(&ctx, dest + *dest_length, &fin)) - goto err; + return AES_OPENSSL_ERROR; *dest_length += fin; +#endif + if (tail) { /* @@ -66,25 +101,24 @@ static int do_crypt(const EVP_CIPHER *cipher, int encrypt, What we do here, we XOR the tail with the previous encrypted block. */ - DBUG_ASSERT(source_length - tail == *dest_length); - DBUG_ASSERT(source_length - tail > MY_AES_BLOCK_SIZE); const uchar *s= source + source_length - tail; const uchar *e= source + source_length; uchar *d= dest + source_length - tail; - const uchar *m= (encrypt ? d : s) - MY_AES_BLOCK_SIZE; + const uchar *m= (dir == CRYPT_ENCRYPT ? d : s) - MY_AES_BLOCK_SIZE; while (s < e) *d++ = *s++ ^ *m++; *dest_length= source_length; } - res= AES_OK; -err: - EVP_CIPHER_CTX_cleanup(&ctx); - return res; + return AES_OK; } +C_MODE_START + /* CTR is a stream cypher mode, it needs no special padding code */ +#ifdef HAVE_EncryptAes128Ctr + int my_aes_encrypt_ctr(const uchar* source, uint32 source_length, uchar* dest, uint32* dest_length, const uchar* key, uint8 key_length, @@ -106,6 +140,7 @@ int my_aes_decrypt_ctr(const uchar* source, uint32 source_length, dest, dest_length, key, key_length, iv, iv_length, 0); } +#endif /* HAVE_EncryptAes128Ctr */ int my_aes_encrypt_ecb(const uchar* source, uint32 source_length, uchar* dest, uint32* dest_length, @@ -114,7 +149,7 @@ int my_aes_encrypt_ecb(const uchar* source, uint32 source_length, uint no_padding) { return do_crypt(EVP_aes_128_ecb(), CRYPT_ENCRYPT, source, source_length, - dest, dest_length, key, key_length, iv, iv_length, no_padding); + dest, dest_length, key, key_length, 0, 0, no_padding); } int my_aes_decrypt_ecb(const uchar* source, uint32 source_length, @@ -124,7 +159,7 @@ int my_aes_decrypt_ecb(const uchar* source, uint32 source_length, uint no_padding) { return do_crypt(EVP_aes_128_ecb(), CRYPT_DECRYPT, source, source_length, - dest, dest_length, key, key_length, iv, iv_length, no_padding); + dest, dest_length, key, key_length, 0, 0, no_padding); } int my_aes_encrypt_cbc(const uchar* source, uint32 source_length, @@ -149,8 +184,6 @@ int my_aes_decrypt_cbc(const uchar* source, uint32 source_length, C_MODE_END -#endif /* HAVE_EncryptAes128Ctr */ - #if defined(HAVE_YASSL) #include <random.hpp> |