forked from mysql/mysql-server
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmy_aes_openssl.cc
226 lines (188 loc) · 6.56 KB
/
my_aes_openssl.cc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
/* Copyright (c) 2015, 2016 Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
#include <my_global.h>
#include <m_string.h>
#include <my_aes.h>
#include "my_aes_impl.h"
#include <openssl/aes.h>
#include <openssl/evp.h>
#include <openssl/err.h>
#include <openssl/bio.h>
/*
xplugin needs BIO_new_bio_pair, but the server does not.
Add an explicit dependency here, so that it is available when loading
the plugin.
*/
int dummy_function_needed_by_xplugin()
{
BIO *bio1;
BIO *bio2;
return BIO_new_bio_pair(&bio1, 42U, &bio2, 42U);
}
/* keep in sync with enum my_aes_opmode in my_aes.h */
const char *my_aes_opmode_names[]=
{
"aes-128-ecb",
"aes-192-ecb",
"aes-256-ecb",
"aes-128-cbc",
"aes-192-cbc",
"aes-256-cbc",
"aes-128-cfb1",
"aes-192-cfb1",
"aes-256-cfb1",
"aes-128-cfb8",
"aes-192-cfb8",
"aes-256-cfb8",
"aes-128-cfb128",
"aes-192-cfb128",
"aes-256-cfb128",
"aes-128-ofb",
"aes-192-ofb",
"aes-256-ofb",
NULL /* needed for the type enumeration */
};
/* keep in sync with enum my_aes_opmode in my_aes.h */
static uint my_aes_opmode_key_sizes_impl[]=
{
128 /* aes-128-ecb */,
192 /* aes-192-ecb */,
256 /* aes-256-ecb */,
128 /* aes-128-cbc */,
192 /* aes-192-cbc */,
256 /* aes-256-cbc */,
128 /* aes-128-cfb1 */,
192 /* aes-192-cfb1 */,
256 /* aes-256-cfb1 */,
128 /* aes-128-cfb8 */,
192 /* aes-192-cfb8 */,
256 /* aes-256-cfb8 */,
128 /* aes-128-cfb128 */,
192 /* aes-192-cfb128 */,
256 /* aes-256-cfb128 */,
128 /* aes-128-ofb */,
192 /* aes-192-ofb */,
256 /* aes-256-ofb */
};
uint *my_aes_opmode_key_sizes= my_aes_opmode_key_sizes_impl;
static const EVP_CIPHER *
aes_evp_type(const my_aes_opmode mode)
{
switch (mode)
{
case my_aes_128_ecb: return EVP_aes_128_ecb();
case my_aes_128_cbc: return EVP_aes_128_cbc();
case my_aes_128_cfb1: return EVP_aes_128_cfb1();
case my_aes_128_cfb8: return EVP_aes_128_cfb8();
case my_aes_128_cfb128: return EVP_aes_128_cfb128();
case my_aes_128_ofb: return EVP_aes_128_ofb();
case my_aes_192_ecb: return EVP_aes_192_ecb();
case my_aes_192_cbc: return EVP_aes_192_cbc();
case my_aes_192_cfb1: return EVP_aes_192_cfb1();
case my_aes_192_cfb8: return EVP_aes_192_cfb8();
case my_aes_192_cfb128: return EVP_aes_192_cfb128();
case my_aes_192_ofb: return EVP_aes_192_ofb();
case my_aes_256_ecb: return EVP_aes_256_ecb();
case my_aes_256_cbc: return EVP_aes_256_cbc();
case my_aes_256_cfb1: return EVP_aes_256_cfb1();
case my_aes_256_cfb8: return EVP_aes_256_cfb8();
case my_aes_256_cfb128: return EVP_aes_256_cfb128();
case my_aes_256_ofb: return EVP_aes_256_ofb();
default: return NULL;
}
}
int my_aes_encrypt(const unsigned char *source, uint32 source_length,
unsigned char *dest,
const unsigned char *key, uint32 key_length,
enum my_aes_opmode mode, const unsigned char *iv,
bool padding)
{
EVP_CIPHER_CTX ctx;
const EVP_CIPHER *cipher= aes_evp_type(mode);
int u_len, f_len;
/* The real key to be used for encryption */
unsigned char rkey[MAX_AES_KEY_LENGTH / 8];
my_aes_create_key(key, key_length, rkey, mode);
if (!cipher || (EVP_CIPHER_iv_length(cipher) > 0 && !iv))
return MY_AES_BAD_DATA;
if (!EVP_EncryptInit(&ctx, cipher, rkey, iv))
goto aes_error; /* Error */
if (!EVP_CIPHER_CTX_set_padding(&ctx, padding))
goto aes_error; /* Error */
if (!EVP_EncryptUpdate(&ctx, dest, &u_len, source, source_length))
goto aes_error; /* Error */
if (!EVP_EncryptFinal(&ctx, dest + u_len, &f_len))
goto aes_error; /* Error */
EVP_CIPHER_CTX_cleanup(&ctx);
return u_len + f_len;
aes_error:
/* need to explicitly clean up the error if we want to ignore it */
ERR_clear_error();
EVP_CIPHER_CTX_cleanup(&ctx);
return MY_AES_BAD_DATA;
}
int my_aes_decrypt(const unsigned char *source, uint32 source_length,
unsigned char *dest,
const unsigned char *key, uint32 key_length,
enum my_aes_opmode mode, const unsigned char *iv,
bool padding)
{
EVP_CIPHER_CTX ctx;
const EVP_CIPHER *cipher= aes_evp_type(mode);
int u_len, f_len;
/* The real key to be used for decryption */
unsigned char rkey[MAX_AES_KEY_LENGTH / 8];
my_aes_create_key(key, key_length, rkey, mode);
if (!cipher || (EVP_CIPHER_iv_length(cipher) > 0 && !iv))
return MY_AES_BAD_DATA;
EVP_CIPHER_CTX_init(&ctx);
if (!EVP_DecryptInit(&ctx, aes_evp_type(mode), rkey, iv))
goto aes_error; /* Error */
if (!EVP_CIPHER_CTX_set_padding(&ctx, padding))
goto aes_error; /* Error */
if (!EVP_DecryptUpdate(&ctx, dest, &u_len, source, source_length))
goto aes_error; /* Error */
if (!EVP_DecryptFinal_ex(&ctx, dest + u_len, &f_len))
goto aes_error; /* Error */
EVP_CIPHER_CTX_cleanup(&ctx);
return u_len + f_len;
aes_error:
/* need to explicitly clean up the error if we want to ignore it */
ERR_clear_error();
EVP_CIPHER_CTX_cleanup(&ctx);
return MY_AES_BAD_DATA;
}
int my_aes_get_size(uint32 source_length, my_aes_opmode opmode)
{
const EVP_CIPHER *cipher= aes_evp_type(opmode);
size_t block_size;
block_size= EVP_CIPHER_block_size(cipher);
return block_size > 1 ?
block_size * (source_length / block_size) + block_size :
source_length;
}
/**
Return true if the AES cipher and block mode requires an IV
SYNOPSIS
my_aes_needs_iv()
@param mode encryption mode
@retval TRUE IV needed
@retval FALSE IV not needed
*/
my_bool my_aes_needs_iv(my_aes_opmode opmode)
{
const EVP_CIPHER *cipher= aes_evp_type(opmode);
int iv_length;
iv_length= EVP_CIPHER_iv_length(cipher);
DBUG_ASSERT(iv_length == 0 || iv_length == MY_AES_IV_SIZE);
return iv_length != 0 ? TRUE : FALSE;
}