1berry/MariaDB-server
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

use key derivation procedure for all encryption algorithms

Browse Source
This commit is contained in:
Sergei Golubchik 2015-03-31 19:53:57 +02:00
parent ef5b4889c2
commit 6a3932fdd0
2 changed files with 78 additions and 128 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

103
storage/innobase/fil/fil0crypt.cc
View File

@ -240,50 +240,39 @@ fil_crypt_get_key(byte *dst, uint* key_length,
ut_error; ut_error;
} }
// do ctr key initialization /* Now compute L by encrypting IV using this key. Note
if (current_aes_dynamic_method == MY_AES_ALGORITHM_CTR) that we use random IV from crypt data. */
{ const unsigned char* src = crypt_data->iv;
/* Now compute L by encrypting IV using this key. Note const int srclen = crypt_data->iv_length;
that we use random IV from crypt data. */ unsigned char* buf = page_encrypted ? keybuf : crypt_data->keys[0].key;
const unsigned char* src = crypt_data->iv; uint32 buflen = page_encrypted ? *key_length : sizeof(crypt_data->keys[0].key);
const int srclen = crypt_data->iv_length;
unsigned char* buf = page_encrypted ? keybuf : crypt_data->keys[0].key;
uint32 buflen = page_encrypted ? *key_length : sizeof(crypt_data->keys[0].key);
// call ecb explicit // call ecb explicit
my_aes_encrypt_dynamic_type func = get_aes_encrypt_func(MY_AES_ALGORITHM_ECB); rc = my_aes_encrypt_ecb(src, srclen, buf, &buflen,
int rc = (*func)(src, srclen, (unsigned char*)keybuf, *key_length, NULL, 0, 1);
buf, &buflen,
(unsigned char*)keybuf, *key_length,
NULL, 0,
1);
if (rc != AES_OK) { if (rc != AES_OK) {
ib_logf(IB_LOG_LEVEL_FATAL, ib_logf(IB_LOG_LEVEL_FATAL,
"Unable to encrypt key-block " "Unable to encrypt key-block "
" src: %p srclen: %d buf: %p buflen: %d." " src: %p srclen: %d buf: %p buflen: %d."
" return-code: %d. Can't continue!\n", " return-code: %d. Can't continue!\n",
src, srclen, buf, buflen, rc); src, srclen, buf, buflen, rc);
ut_error; ut_error;
}
if (!page_encrypted) {
crypt_data->keys[0].key_version = version;
crypt_data->key_count++;
if (crypt_data->key_count > array_elements(crypt_data->keys)) {
crypt_data->key_count = array_elements(crypt_data->keys);
}
}
// set the key size to the aes block size because this encrypted data is the key
*key_length = MY_AES_BLOCK_SIZE;
memcpy(dst, buf, buflen);
} else {
// otherwise keybuf contains the right key
memcpy(dst, keybuf, *key_length);
} }
if (!page_encrypted) {
crypt_data->keys[0].key_version = version;
crypt_data->key_count++;
if (crypt_data->key_count > array_elements(crypt_data->keys)) {
crypt_data->key_count = array_elements(crypt_data->keys);
}
}
// set the key size to the aes block size because this encrypted data is the key
*key_length = MY_AES_BLOCK_SIZE;
memcpy(dst, buf, buflen);
mutex_exit(&crypt_data->mutex); mutex_exit(&crypt_data->mutex);
} }
@ -664,19 +653,12 @@ fil_space_encrypt(ulint space, ulint offset, lsn_t lsn,
/* Load the iv or counter (depending to the encryption algorithm used) */ /* Load the iv or counter (depending to the encryption algorithm used) */
unsigned char iv[MY_AES_BLOCK_SIZE]; unsigned char iv[MY_AES_BLOCK_SIZE];
if (current_aes_dynamic_method == MY_AES_ALGORITHM_CTR) { // create counter block (C)
// create counter block (C) mach_write_to_4(iv + 0, space);
mach_write_to_4(iv + 0, space); ulint space_offset = mach_read_from_4(
ulint space_offset = mach_read_from_4( src_frame + FIL_PAGE_OFFSET);
src_frame + FIL_PAGE_OFFSET); mach_write_to_4(iv + 4, space_offset);
mach_write_to_4(iv + 4, space_offset); mach_write_to_8(iv + 8, lsn);
mach_write_to_8(iv + 8, lsn);
} else {
// Get random IV from crypt_data
mutex_enter(&crypt_data->mutex);
memcpy(iv, crypt_data->iv, crypt_data->iv_length);
mutex_exit(&crypt_data->mutex);
}
ibool page_compressed = (mach_read_from_2(src_frame+FIL_PAGE_TYPE) == FIL_PAGE_PAGE_COMPRESSED); ibool page_compressed = (mach_read_from_2(src_frame+FIL_PAGE_TYPE) == FIL_PAGE_PAGE_COMPRESSED);
ibool page_encrypted = fil_space_is_page_encrypted(space); ibool page_encrypted = fil_space_is_page_encrypted(space);
@ -858,18 +840,11 @@ fil_space_decrypt(fil_space_crypt_t* crypt_data,
// get the iv // get the iv
unsigned char iv[MY_AES_BLOCK_SIZE]; unsigned char iv[MY_AES_BLOCK_SIZE];
if (current_aes_dynamic_method == MY_AES_ALGORITHM_CTR) { // create counter block
// create counter block
mach_write_to_4(iv + 0, space); mach_write_to_4(iv + 0, space);
mach_write_to_4(iv + 4, offset); mach_write_to_4(iv + 4, offset);
mach_write_to_8(iv + 8, lsn); mach_write_to_8(iv + 8, lsn);
} else {
// Get random IV from crypt_data
mutex_enter(&crypt_data->mutex);
memcpy(iv, crypt_data->iv, crypt_data->iv_length);
mutex_exit(&crypt_data->mutex);
}
const byte* src = src_frame + FIL_PAGE_DATA; const byte* src = src_frame + FIL_PAGE_DATA;
byte* dst = dst_frame + FIL_PAGE_DATA; byte* dst = dst_frame + FIL_PAGE_DATA;

103
storage/xtradb/fil/fil0crypt.cc
View File

@ -240,50 +240,39 @@ fil_crypt_get_key(byte *dst, uint* key_length,
ut_error; ut_error;
} }
// do ctr key initialization /* Now compute L by encrypting IV using this key. Note
if (current_aes_dynamic_method == MY_AES_ALGORITHM_CTR) that we use random IV from crypt data. */
{ const unsigned char* src = crypt_data->iv;
/* Now compute L by encrypting IV using this key. Note const int srclen = crypt_data->iv_length;
that we use random IV from crypt data. */ unsigned char* buf = page_encrypted ? keybuf : crypt_data->keys[0].key;
const unsigned char* src = crypt_data->iv; uint32 buflen = page_encrypted ? *key_length : sizeof(crypt_data->keys[0].key);
const int srclen = crypt_data->iv_length;
unsigned char* buf = page_encrypted ? keybuf : crypt_data->keys[0].key;
uint32 buflen = page_encrypted ? *key_length : sizeof(crypt_data->keys[0].key);
// call ecb explicit // call ecb explicit
my_aes_encrypt_dynamic_type func = get_aes_encrypt_func(MY_AES_ALGORITHM_ECB); rc = my_aes_encrypt_ecb(src, srclen, buf, &buflen,
int rc = (*func)(src, srclen, (unsigned char*)keybuf, *key_length, NULL, 0, 1);
buf, &buflen,
(unsigned char*)keybuf, *key_length,
NULL, 0,
1);
if (rc != AES_OK) { if (rc != AES_OK) {
ib_logf(IB_LOG_LEVEL_FATAL, ib_logf(IB_LOG_LEVEL_FATAL,
"Unable to encrypt key-block " "Unable to encrypt key-block "
" src: %p srclen: %d buf: %p buflen: %d." " src: %p srclen: %d buf: %p buflen: %d."
" return-code: %d. Can't continue!\n", " return-code: %d. Can't continue!\n",
src, srclen, buf, buflen, rc); src, srclen, buf, buflen, rc);
ut_error; ut_error;
}
if (!page_encrypted) {
crypt_data->keys[0].key_version = version;
crypt_data->key_count++;
if (crypt_data->key_count > array_elements(crypt_data->keys)) {
crypt_data->key_count = array_elements(crypt_data->keys);
}
}
// set the key size to the aes block size because this encrypted data is the key
*key_length = MY_AES_BLOCK_SIZE;
memcpy(dst, buf, buflen);
} else {
// otherwise keybuf contains the right key
memcpy(dst, keybuf, *key_length);
} }
if (!page_encrypted) {
crypt_data->keys[0].key_version = version;
crypt_data->key_count++;
if (crypt_data->key_count > array_elements(crypt_data->keys)) {
crypt_data->key_count = array_elements(crypt_data->keys);
}
}
// set the key size to the aes block size because this encrypted data is the key
*key_length = MY_AES_BLOCK_SIZE;
memcpy(dst, buf, buflen);
mutex_exit(&crypt_data->mutex); mutex_exit(&crypt_data->mutex);
} }
@ -664,19 +653,12 @@ fil_space_encrypt(ulint space, ulint offset, lsn_t lsn,
/* Load the iv or counter (depending to the encryption algorithm used) */ /* Load the iv or counter (depending to the encryption algorithm used) */
unsigned char iv[MY_AES_BLOCK_SIZE]; unsigned char iv[MY_AES_BLOCK_SIZE];
if (current_aes_dynamic_method == MY_AES_ALGORITHM_CTR) { // create counter block (C)
// create counter block (C) mach_write_to_4(iv + 0, space);
mach_write_to_4(iv + 0, space); ulint space_offset = mach_read_from_4(
ulint space_offset = mach_read_from_4( src_frame + FIL_PAGE_OFFSET);
src_frame + FIL_PAGE_OFFSET); mach_write_to_4(iv + 4, space_offset);
mach_write_to_4(iv + 4, space_offset); mach_write_to_8(iv + 8, lsn);
mach_write_to_8(iv + 8, lsn);
} else {
// Get random IV from crypt_data
mutex_enter(&crypt_data->mutex);
memcpy(iv, crypt_data->iv, crypt_data->iv_length);
mutex_exit(&crypt_data->mutex);
}
ibool page_compressed = (mach_read_from_2(src_frame+FIL_PAGE_TYPE) == FIL_PAGE_PAGE_COMPRESSED); ibool page_compressed = (mach_read_from_2(src_frame+FIL_PAGE_TYPE) == FIL_PAGE_PAGE_COMPRESSED);
ibool page_encrypted = fil_space_is_page_encrypted(space); ibool page_encrypted = fil_space_is_page_encrypted(space);
@ -858,18 +840,11 @@ fil_space_decrypt(fil_space_crypt_t* crypt_data,
// get the iv // get the iv
unsigned char iv[MY_AES_BLOCK_SIZE]; unsigned char iv[MY_AES_BLOCK_SIZE];
if (current_aes_dynamic_method == MY_AES_ALGORITHM_CTR) { // create counter block
// create counter block
mach_write_to_4(iv + 0, space); mach_write_to_4(iv + 0, space);
mach_write_to_4(iv + 4, offset); mach_write_to_4(iv + 4, offset);
mach_write_to_8(iv + 8, lsn); mach_write_to_8(iv + 8, lsn);
} else {
// Get random IV from crypt_data
mutex_enter(&crypt_data->mutex);
memcpy(iv, crypt_data->iv, crypt_data->iv_length);
mutex_exit(&crypt_data->mutex);
}
const byte* src = src_frame + FIL_PAGE_DATA; const byte* src = src_frame + FIL_PAGE_DATA;
byte* dst = dst_frame + FIL_PAGE_DATA; byte* dst = dst_frame + FIL_PAGE_DATA;