New encryption API. Piece-wise encryption.

Instead of encrypt(src, dst, key, iv) that encrypts all data in one go, now we have encrypt_init(key,iv), encrypt_update(src,dst), and encrypt_finish(dst). This also causes collateral changes in the internal my_crypt.cc encryption functions and in the encryption service. There are wrappers to provide the old all-at-once encryption functionality. But binlog events are often written piecewise, they'll need the new api.
author: Sergei Golubchik <serg@mariadb.org> 2015-09-04 10:32:52 +0200
committer: Sergei Golubchik <serg@mariadb.org> 2015-09-04 10:33:50 +0200
commit: 66b9a9409c73e298d6ceb668783a7cdd5ee85a69 (patch)
tree: be04b2c42d1b858756c5a8ba5355abd961589ec8 /include/my_crypt.h
parent: d94a982adbc21d74c0202f1ef64119baeb27c597 (diff)
download: mariadb-git-66b9a9409c73e298d6ceb668783a7cdd5ee85a69.tar.gz
1 files changed, 39 insertions, 43 deletions
diff --git a/include/my_crypt.h b/include/my_crypt.h
index 3e6da6aa212..e1e94c9bd9d 100644
--- a/include/my_crypt.h
+++ b/include/my_crypt.h
@@ -36,58 +36,54 @@ extern "C" {
 /* The max key length of all supported algorithms */
 #define MY_AES_MAX_KEY_LENGTH 32
 
-#ifdef HAVE_EncryptAes128Ctr
-
-int my_aes_encrypt_ctr(const uchar* source, uint source_length,
-                                uchar* dest, uint* dest_length,
-                                const uchar* key, uint key_length,
-                                const uchar* iv, uint iv_length);
-
-#define my_aes_decrypt_ctr my_aes_encrypt_ctr
+#define MY_AES_CTX_SIZE 512
 
+enum my_aes_mode {
+    MY_AES_ECB, MY_AES_CBC
+#ifdef HAVE_EncryptAes128Ctr
+  , MY_AES_CTR
 #endif
-
 #ifdef HAVE_EncryptAes128Gcm
+  , MY_AES_GCM
+#endif
+};
+
+int my_aes_crypt_init(void *ctx, enum my_aes_mode mode, int flags,
+                      const unsigned char* key, unsigned int klen,
+                      const unsigned char* iv, unsigned int ivlen);
+int my_aes_crypt_update(void *ctx, const uchar *src, uint slen,
+                        uchar *dst, uint *dlen);
+int my_aes_crypt_finish(void *ctx, uchar *dst, uint *dlen);
+int my_aes_crypt(enum my_aes_mode mode, int flags,
+                 const uchar *src, uint slen, uchar *dst, uint *dlen,
+                 const uchar *key, uint klen, const uchar *iv, uint ivlen);
 
-int my_aes_encrypt_gcm(const uchar* source, uint source_length,
-                                uchar* dest, uint* dest_length,
-                                const uchar* key, uint key_length,
-                                const uchar* iv, uint iv_length);
-
-int my_aes_decrypt_gcm(const uchar* source, uint source_length,
-                                uchar* dest, uint* dest_length,
-                                const uchar* key, uint key_length,
-                                const uchar* iv, uint iv_length);
+/*
+  calculate the length of the cyphertext from the length of the plaintext
+  for different AES encryption modes with padding enabled.
+  Without padding (ENCRYPTION_FLAG_NOPAD) cyphertext has the same length
+  as the plaintext
+*/
+static inline uint my_aes_get_size(enum my_aes_mode mode __attribute__((unused)), uint source_length)
+{
+#ifdef HAVE_EncryptAes128Ctr
+  if (mode == MY_AES_CTR)
+    return source_length;
+#ifdef HAVE_EncryptAes128Gcm
+  if (mode == MY_AES_GCM)
+    return source_length + MY_AES_BLOCK_SIZE;
+#endif
 #endif
+  return (source_length / MY_AES_BLOCK_SIZE + 1) * MY_AES_BLOCK_SIZE;
+}
 
-int my_aes_encrypt_cbc(const uchar* source, uint source_length,
-                                uchar* dest, uint* dest_length,
-                                const uchar* key, uint key_length,
-                                const uchar* iv, uint iv_length,
-                                int no_padding);
-
-int my_aes_decrypt_cbc(const uchar* source, uint source_length,
-                                uchar* dest, uint* dest_length,
-                                const uchar* key, uint key_length,
-                                const uchar* iv, uint iv_length,
-                                int no_padding);
-
-int my_aes_encrypt_ecb(const uchar* source, uint source_length,
-                                uchar* dest, uint* dest_length,
-                                const uchar* key, uint key_length,
-                                const uchar* iv, uint iv_length,
-                                int no_padding);
-
-int my_aes_decrypt_ecb(const uchar* source, uint source_length,
-                                uchar* dest, uint* dest_length,
-                                const uchar* key, uint key_length,
-                                const uchar* iv, uint iv_length,
-                                int no_padding);
+static inline uint my_aes_ctx_size(enum my_aes_mode mode __attribute__((unused)))
+{
+  return MY_AES_CTX_SIZE;
+}
 
 int my_random_bytes(uchar* buf, int num);
 
-uint my_aes_get_size(uint source_length);
-
 #ifdef __cplusplus
 }
 #endif
author	Sergei Golubchik <serg@mariadb.org>	2015-09-04 10:32:52 +0200
committer	Sergei Golubchik <serg@mariadb.org>	2015-09-04 10:33:50 +0200
commit	66b9a9409c73e298d6ceb668783a7cdd5ee85a69 (patch)
tree	be04b2c42d1b858756c5a8ba5355abd961589ec8 /include/my_crypt.h
parent	d94a982adbc21d74c0202f1ef64119baeb27c597 (diff)
download	mariadb-git-66b9a9409c73e298d6ceb668783a7cdd5ee85a69.tar.gz