summaryrefslogtreecommitdiffstats
path: root/src/crypto/openssl
diff options
context:
space:
mode:
Diffstat (limited to 'src/crypto/openssl')
-rw-r--r--src/crypto/openssl/CMakeLists.txt14
-rw-r--r--src/crypto/openssl/openssl_crypto_accel.cc104
-rw-r--r--src/crypto/openssl/openssl_crypto_accel.h32
-rw-r--r--src/crypto/openssl/openssl_crypto_plugin.cc32
-rw-r--r--src/crypto/openssl/openssl_crypto_plugin.h36
5 files changed, 218 insertions, 0 deletions
diff --git a/src/crypto/openssl/CMakeLists.txt b/src/crypto/openssl/CMakeLists.txt
new file mode 100644
index 000000000..6ede1567f
--- /dev/null
+++ b/src/crypto/openssl/CMakeLists.txt
@@ -0,0 +1,14 @@
+## openssl
+
+set(openssl_crypto_plugin_srcs
+ openssl_crypto_accel.cc
+ openssl_crypto_plugin.cc)
+
+add_library(ceph_crypto_openssl SHARED ${openssl_crypto_plugin_srcs})
+target_link_libraries(ceph_crypto_openssl
+ PRIVATE OpenSSL::Crypto
+ $<$<PLATFORM_ID:Windows>:ceph-common>)
+target_include_directories(ceph_crypto_openssl PRIVATE ${OPENSSL_INCLUDE_DIR})
+add_dependencies(crypto_plugins ceph_crypto_openssl)
+set_target_properties(ceph_crypto_openssl PROPERTIES INSTALL_RPATH "")
+install(TARGETS ceph_crypto_openssl DESTINATION ${crypto_plugin_dir})
diff --git a/src/crypto/openssl/openssl_crypto_accel.cc b/src/crypto/openssl/openssl_crypto_accel.cc
new file mode 100644
index 000000000..e6ea0fa72
--- /dev/null
+++ b/src/crypto/openssl/openssl_crypto_accel.cc
@@ -0,0 +1,104 @@
+/*
+ * Ceph - scalable distributed file system
+ *
+ * Copyright (C) 2017 Intel Corporation
+ *
+ * Author: Qiaowei Ren <qiaowei.ren@intel.com>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ */
+
+#include "crypto/openssl/openssl_crypto_accel.h"
+#include <openssl/evp.h>
+#include <openssl/engine.h>
+#include "common/debug.h"
+
+// -----------------------------------------------------------------------------
+#define dout_context g_ceph_context
+#define dout_subsys ceph_subsys_crypto
+#undef dout_prefix
+#define dout_prefix _prefix(_dout)
+
+static std::ostream&
+_prefix(std::ostream* _dout)
+{
+ return *_dout << "OpensslCryptoAccel: ";
+}
+// -----------------------------------------------------------------------------
+
+#define EVP_SUCCESS 1
+#define AES_ENCRYPT 1
+#define AES_DECRYPT 0
+
+bool evp_transform(unsigned char* out, const unsigned char* in, size_t size,
+ const unsigned char* iv,
+ const unsigned char* key,
+ ENGINE* engine,
+ const EVP_CIPHER* const type,
+ const int encrypt)
+{
+ using pctx_t = std::unique_ptr<EVP_CIPHER_CTX, decltype(&::EVP_CIPHER_CTX_free)>;
+ pctx_t pctx{ EVP_CIPHER_CTX_new(), EVP_CIPHER_CTX_free };
+
+ if (!pctx) {
+ derr << "failed to create evp cipher context" << dendl;
+ return false;
+ }
+
+ if (EVP_CipherInit_ex(pctx.get(), type, engine, key, iv, encrypt) != EVP_SUCCESS) {
+ derr << "EVP_CipherInit_ex failed" << dendl;
+ return false;
+ }
+
+ if (EVP_CIPHER_CTX_set_padding(pctx.get(), 0) != EVP_SUCCESS) {
+ derr << "failed to disable PKCS padding" << dendl;
+ return false;
+ }
+
+ int len_update = 0;
+ if (EVP_CipherUpdate(pctx.get(), out, &len_update, in, size) != EVP_SUCCESS) {
+ derr << "EVP_CipherUpdate failed" << dendl;
+ return false;
+ }
+
+ int len_final = 0;
+ if (EVP_CipherFinal_ex(pctx.get(), out + len_update, &len_final) != EVP_SUCCESS) {
+ derr << "EVP_CipherFinal_ex failed" << dendl;
+ return false;
+ }
+
+ ceph_assert(len_final == 0);
+ return (len_update + len_final) == static_cast<int>(size);
+}
+
+bool OpenSSLCryptoAccel::cbc_encrypt(unsigned char* out, const unsigned char* in, size_t size,
+ const unsigned char (&iv)[AES_256_IVSIZE],
+ const unsigned char (&key)[AES_256_KEYSIZE])
+{
+ if ((size % AES_256_IVSIZE) != 0) {
+ return false;
+ }
+
+ return evp_transform(out, in, size, const_cast<unsigned char*>(&iv[0]),
+ const_cast<unsigned char*>(&key[0]),
+ nullptr, // Hardware acceleration engine can be used in the future
+ EVP_aes_256_cbc(), AES_ENCRYPT);
+}
+
+bool OpenSSLCryptoAccel::cbc_decrypt(unsigned char* out, const unsigned char* in, size_t size,
+ const unsigned char (&iv)[AES_256_IVSIZE],
+ const unsigned char (&key)[AES_256_KEYSIZE])
+{
+ if ((size % AES_256_IVSIZE) != 0) {
+ return false;
+ }
+
+ return evp_transform(out, in, size, const_cast<unsigned char*>(&iv[0]),
+ const_cast<unsigned char*>(&key[0]),
+ nullptr, // Hardware acceleration engine can be used in the future
+ EVP_aes_256_cbc(), AES_DECRYPT);
+}
diff --git a/src/crypto/openssl/openssl_crypto_accel.h b/src/crypto/openssl/openssl_crypto_accel.h
new file mode 100644
index 000000000..ad90cbece
--- /dev/null
+++ b/src/crypto/openssl/openssl_crypto_accel.h
@@ -0,0 +1,32 @@
+/*
+ * Ceph - scalable distributed file system
+ *
+ * Copyright (C) 2017 Intel Corporation
+ *
+ * Author: Qiaowei Ren <qiaowei.ren@intel.com>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ */
+
+#ifndef OPENSSL_CRYPTO_ACCEL_H
+#define OPENSSL_CRYPTO_ACCEL_H
+
+#include "crypto/crypto_accel.h"
+
+class OpenSSLCryptoAccel : public CryptoAccel {
+ public:
+ OpenSSLCryptoAccel() {}
+ virtual ~OpenSSLCryptoAccel() {}
+
+ bool cbc_encrypt(unsigned char* out, const unsigned char* in, size_t size,
+ const unsigned char (&iv)[AES_256_IVSIZE],
+ const unsigned char (&key)[AES_256_KEYSIZE]) override;
+ bool cbc_decrypt(unsigned char* out, const unsigned char* in, size_t size,
+ const unsigned char (&iv)[AES_256_IVSIZE],
+ const unsigned char (&key)[AES_256_KEYSIZE]) override;
+};
+#endif
diff --git a/src/crypto/openssl/openssl_crypto_plugin.cc b/src/crypto/openssl/openssl_crypto_plugin.cc
new file mode 100644
index 000000000..e6ecea2fd
--- /dev/null
+++ b/src/crypto/openssl/openssl_crypto_plugin.cc
@@ -0,0 +1,32 @@
+/*
+ * Ceph - scalable distributed file system
+ *
+ * Copyright (C) 2017 Intel Corporation
+ *
+ * Author: Qiaowei Ren <qiaowei.ren@intel.com>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ */
+
+
+#include "crypto/openssl/openssl_crypto_plugin.h"
+
+#include "ceph_ver.h"
+
+const char *__ceph_plugin_version()
+{
+ return CEPH_GIT_NICE_VER;
+}
+
+int __ceph_plugin_init(CephContext *cct,
+ const std::string& type,
+ const std::string& name)
+{
+ auto instance = cct->get_plugin_registry();
+
+ return instance->add(type, name, new OpenSSLCryptoPlugin(cct));
+}
diff --git a/src/crypto/openssl/openssl_crypto_plugin.h b/src/crypto/openssl/openssl_crypto_plugin.h
new file mode 100644
index 000000000..408d9ebda
--- /dev/null
+++ b/src/crypto/openssl/openssl_crypto_plugin.h
@@ -0,0 +1,36 @@
+/*
+ * Ceph - scalable distributed file system
+ *
+ * Copyright (C) 2017 Intel Corporation
+ *
+ * Author: Qiaowei Ren <qiaowei.ren@intel.com>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ */
+
+#ifndef ISAL_CRYPTO_PLUGIN_H
+#define ISAL_CRYPTO_PLUGIN_H
+
+#include "crypto/crypto_plugin.h"
+#include "crypto/openssl/openssl_crypto_accel.h"
+
+
+class OpenSSLCryptoPlugin : public CryptoPlugin {
+
+ CryptoAccelRef cryptoaccel;
+public:
+ explicit OpenSSLCryptoPlugin(CephContext* cct) : CryptoPlugin(cct)
+ {}
+ int factory(CryptoAccelRef *cs, std::ostream *ss) override {
+ if (cryptoaccel == nullptr)
+ cryptoaccel = CryptoAccelRef(new OpenSSLCryptoAccel);
+
+ *cs = cryptoaccel;
+ return 0;
+ }
+};
+#endif