mirror of
https://github.com/MariaDB/server.git
synced 2025-08-08 11:22:35 +03:00
yassl support
This commit is contained in:
Sergei Golubchik
@@ -17,14 +17,15 @@
|
||||
|
||||
// TODO: Add Windows support
|
||||
|
||||
#ifndef MYSYS_MY_CRYPT_H_
|
||||
#define MYSYS_MY_CRYPT_H_
|
||||
#ifndef MY_CRYPT_INCLUDED
|
||||
#define MY_CRYPT_INCLUDED
|
||||
|
||||
#include <my_aes.h>
|
||||
|
||||
#if !defined(HAVE_YASSL) && defined(HAVE_OPENSSL)
|
||||
|
||||
C_MODE_START
|
||||
|
||||
#ifdef HAVE_EncryptAes128Ctr
|
||||
|
||||
Crypt_result my_aes_encrypt_ctr(const uchar* source, uint32 source_length,
|
||||
uchar* dest, uint32* dest_length,
|
||||
const unsigned char* key, uint8 key_length,
|
||||
@@ -37,6 +38,8 @@ Crypt_result my_aes_decrypt_ctr(const uchar* source, uint32 source_length,
|
||||
const unsigned char* iv, uint8 iv_length,
|
||||
uint no_padding);
|
||||
|
||||
#endif
|
||||
|
||||
Crypt_result my_aes_encrypt_cbc(const uchar* source, uint32 source_length,
|
||||
uchar* dest, uint32* dest_length,
|
||||
const unsigned char* key, uint8 key_length,
|
||||
@@ -60,12 +63,9 @@ Crypt_result my_aes_decrypt_ecb(const uchar* source, uint32 source_length,
|
||||
const unsigned char* key, uint8 key_length,
|
||||
const unsigned char* iv, uint8 iv_length,
|
||||
uint no_padding);
|
||||
C_MODE_END
|
||||
|
||||
#endif /* !defined(HAVE_YASSL) && defined(HAVE_OPENSSL) */
|
||||
|
||||
C_MODE_START
|
||||
Crypt_result my_random_bytes(uchar* buf, int num);
|
||||
|
||||
C_MODE_END
|
||||
|
||||
#endif /* MYSYS_MY_CRYPT_H_ */
|
||||
#endif /* MY_CRYPT_INCLUDED */
|
||||
|
||||
@@ -15,49 +15,84 @@
|
||||
along with this program; if not, write to the Free Software
|
||||
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
|
||||
|
||||
/*
|
||||
TODO: add support for YASSL
|
||||
*/
|
||||
|
||||
#include <my_global.h>
|
||||
#include <my_crypt.h>
|
||||
|
||||
#ifdef HAVE_EncryptAes128Ctr
|
||||
// TODO
|
||||
// different key lengths
|
||||
|
||||
#ifdef HAVE_YASSL
|
||||
#include "aes.hpp"
|
||||
|
||||
typedef TaoCrypt::CipherDir Dir;
|
||||
static const Dir CRYPT_ENCRYPT = TaoCrypt::ENCRYPTION;
|
||||
static const Dir CRYPT_DECRYPT = TaoCrypt::DECRYPTION;
|
||||
|
||||
typedef TaoCrypt::Mode CipherMode;
|
||||
static inline CipherMode EVP_aes_128_ecb() { return TaoCrypt::ECB; }
|
||||
static inline CipherMode EVP_aes_128_cbc() { return TaoCrypt::CBC; }
|
||||
|
||||
typedef TaoCrypt::byte KeyByte;
|
||||
|
||||
#else
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/aes.h>
|
||||
|
||||
static const int CRYPT_ENCRYPT = 1;
|
||||
static const int CRYPT_DECRYPT = 0;
|
||||
typedef int Dir;
|
||||
static const Dir CRYPT_ENCRYPT = 1;
|
||||
static const Dir CRYPT_DECRYPT = 0;
|
||||
|
||||
C_MODE_START
|
||||
typedef const EVP_CIPHER *CipherMode;
|
||||
struct MyCTX : EVP_CIPHER_CTX {
|
||||
MyCTX() { EVP_CIPHER_CTX_init(this); }
|
||||
~MyCTX() { EVP_CIPHER_CTX_cleanup(this); }
|
||||
};
|
||||
|
||||
static int do_crypt(const EVP_CIPHER *cipher, int encrypt,
|
||||
typedef uchar KeyByte;
|
||||
#endif
|
||||
|
||||
static int do_crypt(CipherMode cipher, Dir dir,
|
||||
const uchar* source, uint32 source_length,
|
||||
uchar* dest, uint32* dest_length,
|
||||
const uchar* key, uint8 key_length,
|
||||
const uchar* iv, uint8 iv_length, int no_padding)
|
||||
const KeyByte *key, uint8 key_length,
|
||||
const KeyByte *iv, uint8 iv_length, int no_padding)
|
||||
{
|
||||
int res= AES_OPENSSL_ERROR, fin;
|
||||
int tail= no_padding ? source_length % MY_AES_BLOCK_SIZE : 0;
|
||||
DBUG_ASSERT(source_length - tail >= MY_AES_BLOCK_SIZE);
|
||||
|
||||
EVP_CIPHER_CTX ctx;
|
||||
EVP_CIPHER_CTX_init(&ctx);
|
||||
if (!EVP_CipherInit_ex(&ctx, cipher, NULL, key, iv, encrypt))
|
||||
goto err;
|
||||
#ifdef HAVE_YASSL
|
||||
TaoCrypt::AES ctx(dir, cipher);
|
||||
|
||||
ctx.SetKey(key, key_length);
|
||||
if (iv)
|
||||
{
|
||||
ctx.SetIV(iv);
|
||||
DBUG_ASSERT(TaoCrypt::AES::BLOCK_SIZE == iv_length);
|
||||
}
|
||||
DBUG_ASSERT(TaoCrypt::AES::BLOCK_SIZE == MY_AES_BLOCK_SIZE);
|
||||
|
||||
ctx.Process(dest, source, source_length - tail);
|
||||
*dest_length= source_length;
|
||||
#else // HAVE_OPENSSL
|
||||
int fin;
|
||||
struct MyCTX ctx;
|
||||
if (!EVP_CipherInit_ex(&ctx, cipher, NULL, key, iv, dir))
|
||||
return AES_OPENSSL_ERROR;
|
||||
|
||||
EVP_CIPHER_CTX_set_padding(&ctx, !no_padding);
|
||||
|
||||
DBUG_ASSERT(EVP_CIPHER_CTX_key_length(&ctx) == key_length);
|
||||
DBUG_ASSERT(EVP_CIPHER_CTX_iv_length(&ctx) == iv_length || !EVP_CIPHER_CTX_iv_length(&ctx));
|
||||
DBUG_ASSERT(EVP_CIPHER_CTX_iv_length(&ctx) == iv_length);
|
||||
DBUG_ASSERT(EVP_CIPHER_CTX_block_size(&ctx) == MY_AES_BLOCK_SIZE || !no_padding);
|
||||
|
||||
if (!EVP_CipherUpdate(&ctx, dest, (int*)dest_length, source, source_length - tail))
|
||||
goto err;
|
||||
return AES_OPENSSL_ERROR;
|
||||
if (!EVP_CipherFinal_ex(&ctx, dest + *dest_length, &fin))
|
||||
goto err;
|
||||
return AES_OPENSSL_ERROR;
|
||||
*dest_length += fin;
|
||||
|
||||
#endif
|
||||
|
||||
if (tail)
|
||||
{
|
||||
/*
|
||||
@@ -66,25 +101,24 @@ static int do_crypt(const EVP_CIPHER *cipher, int encrypt,
|
||||
What we do here, we XOR the tail with the previous encrypted block.
|
||||
*/
|
||||
|
||||
DBUG_ASSERT(source_length - tail == *dest_length);
|
||||
DBUG_ASSERT(source_length - tail > MY_AES_BLOCK_SIZE);
|
||||
const uchar *s= source + source_length - tail;
|
||||
const uchar *e= source + source_length;
|
||||
uchar *d= dest + source_length - tail;
|
||||
const uchar *m= (encrypt ? d : s) - MY_AES_BLOCK_SIZE;
|
||||
const uchar *m= (dir == CRYPT_ENCRYPT ? d : s) - MY_AES_BLOCK_SIZE;
|
||||
while (s < e)
|
||||
*d++ = *s++ ^ *m++;
|
||||
*dest_length= source_length;
|
||||
}
|
||||
|
||||
res= AES_OK;
|
||||
err:
|
||||
EVP_CIPHER_CTX_cleanup(&ctx);
|
||||
return res;
|
||||
return AES_OK;
|
||||
}
|
||||
|
||||
C_MODE_START
|
||||
|
||||
/* CTR is a stream cypher mode, it needs no special padding code */
|
||||
|
||||
#ifdef HAVE_EncryptAes128Ctr
|
||||
|
||||
int my_aes_encrypt_ctr(const uchar* source, uint32 source_length,
|
||||
uchar* dest, uint32* dest_length,
|
||||
const uchar* key, uint8 key_length,
|
||||
@@ -106,6 +140,7 @@ int my_aes_decrypt_ctr(const uchar* source, uint32 source_length,
|
||||
dest, dest_length, key, key_length, iv, iv_length, 0);
|
||||
}
|
||||
|
||||
#endif /* HAVE_EncryptAes128Ctr */
|
||||
|
||||
int my_aes_encrypt_ecb(const uchar* source, uint32 source_length,
|
||||
uchar* dest, uint32* dest_length,
|
||||
@@ -114,7 +149,7 @@ int my_aes_encrypt_ecb(const uchar* source, uint32 source_length,
|
||||
uint no_padding)
|
||||
{
|
||||
return do_crypt(EVP_aes_128_ecb(), CRYPT_ENCRYPT, source, source_length,
|
||||
dest, dest_length, key, key_length, iv, iv_length, no_padding);
|
||||
dest, dest_length, key, key_length, 0, 0, no_padding);
|
||||
}
|
||||
|
||||
int my_aes_decrypt_ecb(const uchar* source, uint32 source_length,
|
||||
@@ -124,7 +159,7 @@ int my_aes_decrypt_ecb(const uchar* source, uint32 source_length,
|
||||
uint no_padding)
|
||||
{
|
||||
return do_crypt(EVP_aes_128_ecb(), CRYPT_DECRYPT, source, source_length,
|
||||
dest, dest_length, key, key_length, iv, iv_length, no_padding);
|
||||
dest, dest_length, key, key_length, 0, 0, no_padding);
|
||||
}
|
||||
|
||||
int my_aes_encrypt_cbc(const uchar* source, uint32 source_length,
|
||||
@@ -149,8 +184,6 @@ int my_aes_decrypt_cbc(const uchar* source, uint32 source_length,
|
||||
|
||||
C_MODE_END
|
||||
|
||||
#endif /* HAVE_EncryptAes128Ctr */
|
||||
|
||||
#if defined(HAVE_YASSL)
|
||||
|
||||
#include <random.hpp>
|
||||
|
||||
Reference in New Issue
Block a user