]>
git.proxmox.com Git - ceph.git/blob - ceph/src/librbd/crypto/openssl/DataCryptor.cc
1 // -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
2 // vim: ts=8 sw=2 smarttab
4 #include "librbd/crypto/openssl/DataCryptor.h"
5 #include <openssl/err.h>
7 #include "include/ceph_assert.h"
8 #include "include/compat.h"
14 int DataCryptor::init(const char* cipher_name
, const unsigned char* key
,
15 uint16_t key_length
) {
17 if (cipher_name
== nullptr) {
18 lderr(m_cct
) << "missing cipher name" << dendl
;
22 lderr(m_cct
) << "missing key" << dendl
;
26 m_cipher
= EVP_get_cipherbyname(cipher_name
);
27 if (m_cipher
== nullptr) {
28 lderr(m_cct
) << "EVP_get_cipherbyname failed. Cipher name: " << cipher_name
34 auto expected_key_length
= EVP_CIPHER_key_length(m_cipher
);
35 if (expected_key_length
!= key_length
) {
36 lderr(m_cct
) << "cipher " << cipher_name
<< " expects key of "
37 << expected_key_length
<< " bytes. got: " << key_length
42 m_key
= new unsigned char[key_length
];
43 memcpy(m_key
, key
, key_length
);
44 m_iv_size
= static_cast<uint32_t>(EVP_CIPHER_iv_length(m_cipher
));
48 DataCryptor::~DataCryptor() {
49 if (m_key
!= nullptr) {
50 ceph_memzero_s(m_key
, EVP_CIPHER_key_length(m_cipher
),
51 EVP_CIPHER_key_length(m_cipher
));
57 uint32_t DataCryptor::get_block_size() const {
58 return EVP_CIPHER_block_size(m_cipher
);
61 uint32_t DataCryptor::get_iv_size() const {
65 const unsigned char* DataCryptor::get_key() const {
69 int DataCryptor::get_key_length() const {
70 return EVP_CIPHER_key_length(m_cipher
);
73 EVP_CIPHER_CTX
* DataCryptor::get_context(CipherMode mode
) {
83 lderr(m_cct
) << "Invalid CipherMode:" << mode
<< dendl
;
87 auto ctx
= EVP_CIPHER_CTX_new();
89 lderr(m_cct
) << "EVP_CIPHER_CTX_new failed" << dendl
;
94 if (1 != EVP_CipherInit_ex(ctx
, m_cipher
, nullptr, m_key
, nullptr, enc
)) {
95 lderr(m_cct
) << "EVP_CipherInit_ex failed" << dendl
;
103 void DataCryptor::return_context(EVP_CIPHER_CTX
* ctx
, CipherMode mode
) {
104 if (ctx
!= nullptr) {
105 EVP_CIPHER_CTX_free(ctx
);
109 int DataCryptor::init_context(EVP_CIPHER_CTX
* ctx
, const unsigned char* iv
,
110 uint32_t iv_length
) const {
111 if (iv_length
!= m_iv_size
) {
112 lderr(m_cct
) << "cipher expects IV of " << m_iv_size
<< " bytes. got: "
113 << iv_length
<< dendl
;
116 if (1 != EVP_CipherInit_ex(ctx
, nullptr, nullptr, nullptr, iv
, -1)) {
117 lderr(m_cct
) << "EVP_CipherInit_ex failed" << dendl
;
124 int DataCryptor::update_context(EVP_CIPHER_CTX
* ctx
, const unsigned char* in
,
125 unsigned char* out
, uint32_t len
) const {
127 if (1 != EVP_CipherUpdate(ctx
, out
, &out_length
, in
, len
)) {
128 lderr(m_cct
) << "EVP_CipherUpdate failed. len=" << len
<< dendl
;
135 void DataCryptor::log_errors() const {
137 auto error
= ERR_get_error();
141 lderr(m_cct
) << "OpenSSL error: " << ERR_error_string(error
, nullptr)
146 } // namespace openssl
147 } // namespace crypto
148 } // namespace librbd