diff options
Diffstat (limited to '')
-rw-r--r-- | src/crypto/openssl/CMakeLists.txt | 10 | ||||
-rw-r--r-- | src/crypto/openssl/openssl_crypto_accel.cc | 49 | ||||
-rw-r--r-- | src/crypto/openssl/openssl_crypto_accel.h | 32 | ||||
-rw-r--r-- | src/crypto/openssl/openssl_crypto_plugin.cc | 32 | ||||
-rw-r--r-- | src/crypto/openssl/openssl_crypto_plugin.h | 36 |
5 files changed, 159 insertions, 0 deletions
diff --git a/src/crypto/openssl/CMakeLists.txt b/src/crypto/openssl/CMakeLists.txt new file mode 100644 index 00000000..62324357 --- /dev/null +++ b/src/crypto/openssl/CMakeLists.txt @@ -0,0 +1,10 @@ +## openssl + +set(openssl_crypto_plugin_srcs + openssl_crypto_accel.cc + openssl_crypto_plugin.cc) + +add_library(ceph_crypto_openssl SHARED ${openssl_crypto_plugin_srcs}) +target_link_libraries(ceph_crypto_openssl PRIVATE crypto) +add_dependencies(crypto_plugins ceph_crypto_openssl) +install(TARGETS ceph_crypto_openssl DESTINATION ${crypto_plugin_dir}) diff --git a/src/crypto/openssl/openssl_crypto_accel.cc b/src/crypto/openssl/openssl_crypto_accel.cc new file mode 100644 index 00000000..156a2771 --- /dev/null +++ b/src/crypto/openssl/openssl_crypto_accel.cc @@ -0,0 +1,49 @@ +/* + * Ceph - scalable distributed file system + * + * Copyright (C) 2017 Intel Corporation + * + * Author: Qiaowei Ren <qiaowei.ren@intel.com> + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + */ + +#include "crypto/openssl/openssl_crypto_accel.h" +#include <openssl/aes.h> + +bool OpenSSLCryptoAccel::cbc_encrypt(unsigned char* out, const unsigned char* in, size_t size, + const unsigned char (&iv)[AES_256_IVSIZE], + const unsigned char (&key)[AES_256_KEYSIZE]) +{ + if ((size % AES_256_IVSIZE) != 0) { + return false; + } + + AES_KEY aes_key; + if (AES_set_encrypt_key(const_cast<unsigned char*>(&key[0]), 256, &aes_key) < 0) + return false; + + AES_cbc_encrypt(const_cast<unsigned char*>(in), out, size, &aes_key, + const_cast<unsigned char*>(&iv[0]), AES_ENCRYPT); + return true; +} +bool OpenSSLCryptoAccel::cbc_decrypt(unsigned char* out, const unsigned char* in, size_t size, + const unsigned char (&iv)[AES_256_IVSIZE], + const unsigned char (&key)[AES_256_KEYSIZE]) +{ + if ((size % AES_256_IVSIZE) != 0) { + return false; + } + + AES_KEY aes_key; + if (AES_set_decrypt_key(const_cast<unsigned char*>(&key[0]), 256, &aes_key) < 0) + return false; + + AES_cbc_encrypt(const_cast<unsigned char*>(in), out, size, &aes_key, + const_cast<unsigned char*>(&iv[0]), AES_DECRYPT); + return true; +} diff --git a/src/crypto/openssl/openssl_crypto_accel.h b/src/crypto/openssl/openssl_crypto_accel.h new file mode 100644 index 00000000..ad90cbec --- /dev/null +++ b/src/crypto/openssl/openssl_crypto_accel.h @@ -0,0 +1,32 @@ +/* + * Ceph - scalable distributed file system + * + * Copyright (C) 2017 Intel Corporation + * + * Author: Qiaowei Ren <qiaowei.ren@intel.com> + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + */ + +#ifndef OPENSSL_CRYPTO_ACCEL_H +#define OPENSSL_CRYPTO_ACCEL_H + +#include "crypto/crypto_accel.h" + +class OpenSSLCryptoAccel : public CryptoAccel { + public: + OpenSSLCryptoAccel() {} + virtual ~OpenSSLCryptoAccel() {} + + bool cbc_encrypt(unsigned char* out, const unsigned char* in, size_t size, + const unsigned char (&iv)[AES_256_IVSIZE], + const unsigned char (&key)[AES_256_KEYSIZE]) override; + bool cbc_decrypt(unsigned char* out, const unsigned char* in, size_t size, + const unsigned char (&iv)[AES_256_IVSIZE], + const unsigned char (&key)[AES_256_KEYSIZE]) override; +}; +#endif diff --git a/src/crypto/openssl/openssl_crypto_plugin.cc b/src/crypto/openssl/openssl_crypto_plugin.cc new file mode 100644 index 00000000..a3ac5994 --- /dev/null +++ b/src/crypto/openssl/openssl_crypto_plugin.cc @@ -0,0 +1,32 @@ +/* + * Ceph - scalable distributed file system + * + * Copyright (C) 2017 Intel Corporation + * + * Author: Qiaowei Ren <qiaowei.ren@intel.com> + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + */ + + +#include "crypto/openssl/openssl_crypto_plugin.h" + +#include "ceph_ver.h" + +const char *__ceph_plugin_version() +{ + return CEPH_GIT_NICE_VER; +} + +int __ceph_plugin_init(CephContext *cct, + const std::string& type, + const std::string& name) +{ + PluginRegistry *instance = cct->get_plugin_registry(); + + return instance->add(type, name, new OpenSSLCryptoPlugin(cct)); +} diff --git a/src/crypto/openssl/openssl_crypto_plugin.h b/src/crypto/openssl/openssl_crypto_plugin.h new file mode 100644 index 00000000..cbf72746 --- /dev/null +++ b/src/crypto/openssl/openssl_crypto_plugin.h @@ -0,0 +1,36 @@ +/* + * Ceph - scalable distributed file system + * + * Copyright (C) 2017 Intel Corporation + * + * Author: Qiaowei Ren <qiaowei.ren@intel.com> + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + */ + +#ifndef ISAL_CRYPTO_PLUGIN_H +#define ISAL_CRYPTO_PLUGIN_H + +#include "crypto/crypto_plugin.h" +#include "crypto/openssl/openssl_crypto_accel.h" + + +class OpenSSLCryptoPlugin : public CryptoPlugin { + + CryptoAccelRef cryptoaccel; +public: + explicit OpenSSLCryptoPlugin(CephContext* cct) : CryptoPlugin(cct) + {} + int factory(CryptoAccelRef *cs, ostream *ss) override { + if (cryptoaccel == nullptr) + cryptoaccel = CryptoAccelRef(new OpenSSLCryptoAccel); + + *cs = cryptoaccel; + return 0; + } +}; +#endif |