diff options
author | Sergei Golubchik <serg@mariadb.org> | 2015-09-04 10:32:52 +0200 |
---|---|---|
committer | Sergei Golubchik <serg@mariadb.org> | 2015-09-04 10:33:50 +0200 |
commit | 66b9a9409c73e298d6ceb668783a7cdd5ee85a69 (patch) | |
tree | be04b2c42d1b858756c5a8ba5355abd961589ec8 /include/my_crypt.h | |
parent | d94a982adbc21d74c0202f1ef64119baeb27c597 (diff) | |
download | mariadb-git-66b9a9409c73e298d6ceb668783a7cdd5ee85a69.tar.gz |
New encryption API. Piece-wise encryption.
Instead of encrypt(src, dst, key, iv) that encrypts all
data in one go, now we have encrypt_init(key,iv),
encrypt_update(src,dst), and encrypt_finish(dst).
This also causes collateral changes in the internal my_crypt.cc
encryption functions and in the encryption service.
There are wrappers to provide the old all-at-once encryption
functionality. But binlog events are often written piecewise,
they'll need the new api.
Diffstat (limited to 'include/my_crypt.h')
-rw-r--r-- | include/my_crypt.h | 82 |
1 files changed, 39 insertions, 43 deletions
diff --git a/include/my_crypt.h b/include/my_crypt.h index 3e6da6aa212..e1e94c9bd9d 100644 --- a/include/my_crypt.h +++ b/include/my_crypt.h @@ -36,58 +36,54 @@ extern "C" { /* The max key length of all supported algorithms */ #define MY_AES_MAX_KEY_LENGTH 32 -#ifdef HAVE_EncryptAes128Ctr - -int my_aes_encrypt_ctr(const uchar* source, uint source_length, - uchar* dest, uint* dest_length, - const uchar* key, uint key_length, - const uchar* iv, uint iv_length); - -#define my_aes_decrypt_ctr my_aes_encrypt_ctr +#define MY_AES_CTX_SIZE 512 +enum my_aes_mode { + MY_AES_ECB, MY_AES_CBC +#ifdef HAVE_EncryptAes128Ctr + , MY_AES_CTR #endif - #ifdef HAVE_EncryptAes128Gcm + , MY_AES_GCM +#endif +}; + +int my_aes_crypt_init(void *ctx, enum my_aes_mode mode, int flags, + const unsigned char* key, unsigned int klen, + const unsigned char* iv, unsigned int ivlen); +int my_aes_crypt_update(void *ctx, const uchar *src, uint slen, + uchar *dst, uint *dlen); +int my_aes_crypt_finish(void *ctx, uchar *dst, uint *dlen); +int my_aes_crypt(enum my_aes_mode mode, int flags, + const uchar *src, uint slen, uchar *dst, uint *dlen, + const uchar *key, uint klen, const uchar *iv, uint ivlen); -int my_aes_encrypt_gcm(const uchar* source, uint source_length, - uchar* dest, uint* dest_length, - const uchar* key, uint key_length, - const uchar* iv, uint iv_length); - -int my_aes_decrypt_gcm(const uchar* source, uint source_length, - uchar* dest, uint* dest_length, - const uchar* key, uint key_length, - const uchar* iv, uint iv_length); +/* + calculate the length of the cyphertext from the length of the plaintext + for different AES encryption modes with padding enabled. + Without padding (ENCRYPTION_FLAG_NOPAD) cyphertext has the same length + as the plaintext +*/ +static inline uint my_aes_get_size(enum my_aes_mode mode __attribute__((unused)), uint source_length) +{ +#ifdef HAVE_EncryptAes128Ctr + if (mode == MY_AES_CTR) + return source_length; +#ifdef HAVE_EncryptAes128Gcm + if (mode == MY_AES_GCM) + return source_length + MY_AES_BLOCK_SIZE; +#endif #endif + return (source_length / MY_AES_BLOCK_SIZE + 1) * MY_AES_BLOCK_SIZE; +} -int my_aes_encrypt_cbc(const uchar* source, uint source_length, - uchar* dest, uint* dest_length, - const uchar* key, uint key_length, - const uchar* iv, uint iv_length, - int no_padding); - -int my_aes_decrypt_cbc(const uchar* source, uint source_length, - uchar* dest, uint* dest_length, - const uchar* key, uint key_length, - const uchar* iv, uint iv_length, - int no_padding); - -int my_aes_encrypt_ecb(const uchar* source, uint source_length, - uchar* dest, uint* dest_length, - const uchar* key, uint key_length, - const uchar* iv, uint iv_length, - int no_padding); - -int my_aes_decrypt_ecb(const uchar* source, uint source_length, - uchar* dest, uint* dest_length, - const uchar* key, uint key_length, - const uchar* iv, uint iv_length, - int no_padding); +static inline uint my_aes_ctx_size(enum my_aes_mode mode __attribute__((unused))) +{ + return MY_AES_CTX_SIZE; +} int my_random_bytes(uchar* buf, int num); -uint my_aes_get_size(uint source_length); - #ifdef __cplusplus } #endif |