summaryrefslogtreecommitdiff
path: root/mysys_ssl
diff options
context:
space:
mode:
authorSergei Golubchik <serg@mariadb.org>2015-03-31 19:32:35 +0200
committerSergei Golubchik <serg@mariadb.org>2015-04-09 18:42:43 +0200
commitbb1b61b312088ba9f5f2cb606594b6f33c284402 (patch)
treec5b433d19434e194fb82d2407adbbfee759dfd31 /mysys_ssl
parent9ccafffc29526ea30151eb3e62901bfdb77aaf84 (diff)
downloadmariadb-git-bb1b61b312088ba9f5f2cb606594b6f33c284402.tar.gz
encryption plugin controls the encryption
* no --encryption-algorithm option anymore * encrypt/decrypt methods in the encryption plugin * ecnrypt/decrypt methods in the encryption_km service * file_km plugin has --file-key-management-encryption-algorithm * debug_km always uses aes_cbc * example_km changes between aes_cbc and aes_ecb for different key versions
Diffstat (limited to 'mysys_ssl')
-rw-r--r--mysys_ssl/my_aes.cc154
-rw-r--r--mysys_ssl/my_crypt.cc78
2 files changed, 39 insertions, 193 deletions
diff --git a/mysys_ssl/my_aes.cc b/mysys_ssl/my_aes.cc
index 97af3c39381..069d8d74ab2 100644
--- a/mysys_ssl/my_aes.cc
+++ b/mysys_ssl/my_aes.cc
@@ -19,163 +19,9 @@
#include <my_crypt.h>
/**
- Encryption interface that doesn't do anything (for testing)
-
- SYNOPSIS
- my_aes_encrypt_none()
- @param source [in] Pointer to data for encryption
- @param source_length [in] Size of encryption data
- @param dest [out] Buffer to place encrypted data (must be large enough)
- @param dest_length [out] Pointer to size of encrypted data
- @param key [in] Key to be used for encryption
- @param key_length [in] Length of the key. 16, 24 or 32
- @param iv [in] Iv to be used for encryption
- @param iv_length [in] Length of the iv. should be 16.
- @param noPadding [in] unused
- @return
- != 0 error
- 0 no error
-*/
-
-static int my_aes_encrypt_none(const uchar* source, uint32 source_length,
- uchar* dest, uint32* dest_length,
- const unsigned char* key, uint8 key_length,
- const unsigned char* iv, uint8 iv_length,
- uint noPadding)
-{
- memcpy(dest, source, source_length);
- *dest_length= source_length;
- return 0;
-}
-
-
-/**
- Decryption interface that doesn't do anything (for testing)
-
- SYNOPSIS
- my_aes_decrypt_none()
- @param source [in] Pointer to data to decrypt
- @param source_length [in] Size of data
- @param dest [out] Buffer to place decrypted data (must be large enough)
- @param dest_length [out] Pointer to size of decrypted data
- @param key [in] Key to be used for decryption
- @param key_length [in] Length of the key. 16, 24 or 32
- @param iv [in] Iv to be used for encryption
- @param iv_length [in] Length of the iv. should be 16.
- @param noPadding [in] unused
-
- @return
- != 0 error
- 0 no error
-*/
-
-int my_aes_decrypt_none(const uchar* source, uint32 source_length,
- uchar* dest, uint32 *dest_length,
- const unsigned char* key, uint8 key_length,
- const unsigned char* iv, uint8 iv_length,
- uint noPadding)
-{
- memcpy(dest, source, source_length);
- *dest_length= source_length;
- return 0;
-}
-
-/**
Initialize encryption methods
*/
-my_aes_decrypt_dynamic_type my_aes_decrypt_dynamic= my_aes_decrypt_none;
-my_aes_encrypt_dynamic_type my_aes_encrypt_dynamic= my_aes_encrypt_none;
-enum_my_aes_encryption_algorithm current_aes_dynamic_method= MY_AES_ALGORITHM_NONE;
-
-my_bool my_aes_init_dynamic_encrypt(enum_my_aes_encryption_algorithm method)
-{
- switch (method)
- {
- /* used for encrypting tables */
- case MY_AES_ALGORITHM_ECB:
- my_aes_encrypt_dynamic= my_aes_encrypt_ecb;
- my_aes_decrypt_dynamic= my_aes_decrypt_ecb;
- break;
- case MY_AES_ALGORITHM_CBC:
- my_aes_encrypt_dynamic= my_aes_encrypt_cbc;
- my_aes_decrypt_dynamic= my_aes_decrypt_cbc;
- break;
-#ifdef HAVE_EncryptAes128Ctr
- /* encrypt everything, with a set of keys */
- case MY_AES_ALGORITHM_CTR:
- my_aes_encrypt_dynamic= my_aes_encrypt_ctr;
- my_aes_decrypt_dynamic= my_aes_decrypt_ctr;
- break;
-#endif
- /* Simulate encrypting interface */
- case MY_AES_ALGORITHM_NONE:
- my_aes_encrypt_dynamic= my_aes_encrypt_none;
- my_aes_decrypt_dynamic= my_aes_decrypt_none;
- break;
- default:
- return 1;
- }
- current_aes_dynamic_method= method;
- return 0;
-}
-
-my_aes_decrypt_dynamic_type
-get_aes_decrypt_func(enum_my_aes_encryption_algorithm method)
-{
- switch (method)
- {
- /* used for encrypting tables */
- case MY_AES_ALGORITHM_ECB:
- return my_aes_decrypt_ecb;
- break;
- case MY_AES_ALGORITHM_CBC:
- return my_aes_decrypt_cbc;
- break;
-#ifdef HAVE_EncryptAes128Ctr
- /* encrypt everything, with a set of keys */
- case MY_AES_ALGORITHM_CTR:
- return my_aes_decrypt_ctr;
- break;
-#endif
- /* Simulate encrypting interface */
- case MY_AES_ALGORITHM_NONE:
- return my_aes_decrypt_none;
- break;
- default:
- return NULL;
- }
- return NULL;
-}
-
-my_aes_encrypt_dynamic_type
-get_aes_encrypt_func(enum_my_aes_encryption_algorithm method)
-{
- switch (method)
- {
- /* used for encrypting tables */
- case MY_AES_ALGORITHM_ECB:
- return my_aes_encrypt_ecb;
- break;
- case MY_AES_ALGORITHM_CBC:
- return my_aes_encrypt_cbc;
- break;
-#ifdef HAVE_EncryptAes128Ctr
- /* encrypt everything, with a set of keys */
- case MY_AES_ALGORITHM_CTR:
- return my_aes_encrypt_ctr;
- break;
-#endif
- /* Simulate encrypting interface */
- case MY_AES_ALGORITHM_NONE:
- return my_aes_encrypt_none;
- break;
- default:
- return NULL;
- }
- return NULL;
-}
-
/**
Get size of buffer which will be large enough for encrypted data
diff --git a/mysys_ssl/my_crypt.cc b/mysys_ssl/my_crypt.cc
index 60072a5bbaf..1709ae5e5eb 100644
--- a/mysys_ssl/my_crypt.cc
+++ b/mysys_ssl/my_crypt.cc
@@ -26,8 +26,8 @@ static const Dir CRYPT_ENCRYPT = TaoCrypt::ENCRYPTION;
static const Dir CRYPT_DECRYPT = TaoCrypt::DECRYPTION;
typedef TaoCrypt::Mode CipherMode;
-static inline CipherMode aes_ecb(uint8) { return TaoCrypt::ECB; }
-static inline CipherMode aes_cbc(uint8) { return TaoCrypt::CBC; }
+static inline CipherMode aes_ecb(uint) { return TaoCrypt::ECB; }
+static inline CipherMode aes_cbc(uint) { return TaoCrypt::CBC; }
typedef TaoCrypt::byte KeyByte;
@@ -42,7 +42,7 @@ static const Dir CRYPT_DECRYPT = 0;
typedef const EVP_CIPHER *CipherMode;
#define make_aes_dispatcher(mode) \
- static inline CipherMode aes_ ## mode(uint8 key_length) \
+ static inline CipherMode aes_ ## mode(uint key_length) \
{ \
switch (key_length) { \
case 16: return EVP_aes_128_ ## mode(); \
@@ -67,10 +67,10 @@ struct MyCTX : EVP_CIPHER_CTX {
#endif
static int do_crypt(CipherMode cipher, Dir dir,
- const uchar* source, uint32 source_length,
- uchar* dest, uint32* dest_length,
- const KeyByte *key, uint8 key_length,
- const KeyByte *iv, uint8 iv_length, int no_padding)
+ const uchar* source, uint source_length,
+ uchar* dest, uint* dest_length,
+ const KeyByte *key, uint key_length,
+ const KeyByte *iv, uint iv_length, int no_padding)
{
int tail= source_length % MY_AES_BLOCK_SIZE;
@@ -123,8 +123,8 @@ static int do_crypt(CipherMode cipher, Dir dir,
EVP_CIPHER_CTX_set_padding(&ctx, !no_padding);
- DBUG_ASSERT(EVP_CIPHER_CTX_key_length(&ctx) == key_length);
- DBUG_ASSERT(EVP_CIPHER_CTX_iv_length(&ctx) == iv_length);
+ DBUG_ASSERT(EVP_CIPHER_CTX_key_length(&ctx) == (int)key_length);
+ DBUG_ASSERT(EVP_CIPHER_CTX_iv_length(&ctx) == (int)iv_length);
DBUG_ASSERT(EVP_CIPHER_CTX_block_size(&ctx) == MY_AES_BLOCK_SIZE || !no_padding);
/* use built-in OpenSSL padding, if possible */
@@ -164,11 +164,11 @@ C_MODE_START
#ifdef HAVE_EncryptAes128Ctr
-int my_aes_encrypt_ctr(const uchar* source, uint32 source_length,
- uchar* dest, uint32* dest_length,
- const uchar* key, uint8 key_length,
- const uchar* iv, uint8 iv_length,
- uint no_padding)
+int my_aes_encrypt_ctr(const uchar* source, uint source_length,
+ uchar* dest, uint* dest_length,
+ const uchar* key, uint key_length,
+ const uchar* iv, uint iv_length,
+ int no_padding)
{
/* CTR is a stream cipher mode, it needs no special padding code */
return do_crypt(aes_ctr(key_length), CRYPT_ENCRYPT, source, source_length,
@@ -176,11 +176,11 @@ int my_aes_encrypt_ctr(const uchar* source, uint32 source_length,
}
-int my_aes_decrypt_ctr(const uchar* source, uint32 source_length,
- uchar* dest, uint32* dest_length,
- const uchar* key, uint8 key_length,
- const uchar* iv, uint8 iv_length,
- uint no_padding)
+int my_aes_decrypt_ctr(const uchar* source, uint source_length,
+ uchar* dest, uint* dest_length,
+ const uchar* key, uint key_length,
+ const uchar* iv, uint iv_length,
+ int no_padding)
{
return do_crypt(aes_ctr(key_length), CRYPT_DECRYPT, source, source_length,
dest, dest_length, key, key_length, iv, iv_length, 0);
@@ -188,41 +188,41 @@ int my_aes_decrypt_ctr(const uchar* source, uint32 source_length,
#endif /* HAVE_EncryptAes128Ctr */
-int my_aes_encrypt_ecb(const uchar* source, uint32 source_length,
- uchar* dest, uint32* dest_length,
- const uchar* key, uint8 key_length,
- const uchar* iv, uint8 iv_length,
- uint no_padding)
+int my_aes_encrypt_ecb(const uchar* source, uint source_length,
+ uchar* dest, uint* dest_length,
+ const uchar* key, uint key_length,
+ const uchar* iv, uint iv_length,
+ int no_padding)
{
return do_crypt(aes_ecb(key_length), CRYPT_ENCRYPT, source, source_length,
dest, dest_length, key, key_length, 0, 0, no_padding);
}
-int my_aes_decrypt_ecb(const uchar* source, uint32 source_length,
- uchar* dest, uint32* dest_length,
- const uchar* key, uint8 key_length,
- const uchar* iv, uint8 iv_length,
- uint no_padding)
+int my_aes_decrypt_ecb(const uchar* source, uint source_length,
+ uchar* dest, uint* dest_length,
+ const uchar* key, uint key_length,
+ const uchar* iv, uint iv_length,
+ int no_padding)
{
return do_crypt(aes_ecb(key_length), CRYPT_DECRYPT, source, source_length,
dest, dest_length, key, key_length, 0, 0, no_padding);
}
-int my_aes_encrypt_cbc(const uchar* source, uint32 source_length,
- uchar* dest, uint32* dest_length,
- const uchar* key, uint8 key_length,
- const uchar* iv, uint8 iv_length,
- uint no_padding)
+int my_aes_encrypt_cbc(const uchar* source, uint source_length,
+ uchar* dest, uint* dest_length,
+ const uchar* key, uint key_length,
+ const uchar* iv, uint iv_length,
+ int no_padding)
{
return do_crypt(aes_cbc(key_length), CRYPT_ENCRYPT, source, source_length,
dest, dest_length, key, key_length, iv, iv_length, no_padding);
}
-int my_aes_decrypt_cbc(const uchar* source, uint32 source_length,
- uchar* dest, uint32* dest_length,
- const uchar* key, uint8 key_length,
- const uchar* iv, uint8 iv_length,
- uint no_padding)
+int my_aes_decrypt_cbc(const uchar* source, uint source_length,
+ uchar* dest, uint* dest_length,
+ const uchar* key, uint key_length,
+ const uchar* iv, uint iv_length,
+ int no_padding)
{
return do_crypt(aes_cbc(key_length), CRYPT_DECRYPT, source, source_length,
dest, dest_length, key, key_length, iv, iv_length, no_padding);