]>
git.proxmox.com Git - ceph.git/blob - ceph/src/librbd/crypto/openssl/DataCryptor.cc
1 // -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
2 // vim: ts=8 sw=2 smarttab
4 #include "librbd/crypto/openssl/DataCryptor.h"
5 #include <openssl/err.h>
7 #include "include/ceph_assert.h"
8 #include "include/compat.h"
14 int DataCryptor::init(const char* cipher_name
, const unsigned char* key
,
15 uint16_t key_length
) {
16 if (m_key
!= nullptr) {
17 ceph_memzero_s(m_key
, m_key_size
, m_key_size
);
22 if (cipher_name
== nullptr) {
23 lderr(m_cct
) << "missing cipher name" << dendl
;
27 lderr(m_cct
) << "missing key" << dendl
;
31 m_cipher
= EVP_get_cipherbyname(cipher_name
);
32 if (m_cipher
== nullptr) {
33 lderr(m_cct
) << "EVP_get_cipherbyname failed. Cipher name: " << cipher_name
39 auto expected_key_length
= EVP_CIPHER_key_length(m_cipher
);
40 if (expected_key_length
!= key_length
) {
41 lderr(m_cct
) << "cipher " << cipher_name
<< " expects key of "
42 << expected_key_length
<< " bytes. got: " << key_length
47 m_key_size
= key_length
;
48 m_key
= new unsigned char[key_length
];
49 memcpy(m_key
, key
, key_length
);
50 m_iv_size
= static_cast<uint32_t>(EVP_CIPHER_iv_length(m_cipher
));
54 DataCryptor::~DataCryptor() {
55 if (m_key
!= nullptr) {
56 ceph_memzero_s(m_key
, m_key_size
, m_key_size
);
62 uint32_t DataCryptor::get_block_size() const {
63 return EVP_CIPHER_block_size(m_cipher
);
66 uint32_t DataCryptor::get_iv_size() const {
70 const unsigned char* DataCryptor::get_key() const {
74 int DataCryptor::get_key_length() const {
75 return EVP_CIPHER_key_length(m_cipher
);
78 EVP_CIPHER_CTX
* DataCryptor::get_context(CipherMode mode
) {
88 lderr(m_cct
) << "Invalid CipherMode:" << mode
<< dendl
;
92 auto ctx
= EVP_CIPHER_CTX_new();
94 lderr(m_cct
) << "EVP_CIPHER_CTX_new failed" << dendl
;
99 if (1 != EVP_CipherInit_ex(ctx
, m_cipher
, nullptr, m_key
, nullptr, enc
)) {
100 lderr(m_cct
) << "EVP_CipherInit_ex failed" << dendl
;
108 void DataCryptor::return_context(EVP_CIPHER_CTX
* ctx
, CipherMode mode
) {
109 if (ctx
!= nullptr) {
110 EVP_CIPHER_CTX_free(ctx
);
114 int DataCryptor::init_context(EVP_CIPHER_CTX
* ctx
, const unsigned char* iv
,
115 uint32_t iv_length
) const {
116 if (iv_length
!= m_iv_size
) {
117 lderr(m_cct
) << "cipher expects IV of " << m_iv_size
<< " bytes. got: "
118 << iv_length
<< dendl
;
121 if (1 != EVP_CipherInit_ex(ctx
, nullptr, nullptr, nullptr, iv
, -1)) {
122 lderr(m_cct
) << "EVP_CipherInit_ex failed" << dendl
;
129 int DataCryptor::update_context(EVP_CIPHER_CTX
* ctx
, const unsigned char* in
,
130 unsigned char* out
, uint32_t len
) const {
132 if (1 != EVP_CipherUpdate(ctx
, out
, &out_length
, in
, len
)) {
133 lderr(m_cct
) << "EVP_CipherUpdate failed. len=" << len
<< dendl
;
140 void DataCryptor::log_errors() const {
142 auto error
= ERR_get_error();
146 lderr(m_cct
) << "OpenSSL error: " << ERR_error_string(error
, nullptr)
151 } // namespace openssl
152 } // namespace crypto
153 } // namespace librbd