use key derivation procedure for all encryption algorithms

6a3932fd · Sergei Golubchik · ef5b4889 · 6a3932fd · 6a3932fd
Commit 6a3932fd authored Mar 31, 2015 by Sergei Golubchik
Show whitespace changes
Inline Side-by-side

Showing with 76 additions and 126 deletions

storage/innobase/fil/fil0crypt.cc storage/innobase/fil/fil0crypt.cc +38 -63

storage/xtradb/fil/fil0crypt.cc storage/xtradb/fil/fil0crypt.cc +38 -63

No files found.
--- a/storage/innobase/fil/fil0crypt.cc
+++ b/storage/innobase/fil/fil0crypt.cc
@@ -240,9 +240,6 @@ fil_crypt_get_key(byte *dst, uint* key_length,
 			ut_error;
 		}

-	// do ctr key initialization
-	if (current_aes_dynamic_method == MY_AES_ALGORITHM_CTR)
-	{
 	/* Now compute L by encrypting IV using this key. Note
 	that we use random IV from crypt data. */
 	const unsigned char* src = crypt_data->iv;
@@ -251,12 +248,8 @@ fil_crypt_get_key(byte *dst, uint* key_length,
 	uint32 buflen = page_encrypted ? *key_length : sizeof(crypt_data->keys[0].key);

 	// call ecb explicit
-		my_aes_encrypt_dynamic_type func = get_aes_encrypt_func(MY_AES_ALGORITHM_ECB);
-		int rc = (*func)(src, srclen,
-			buf, &buflen,
-			(unsigned char*)keybuf, *key_length,
-			NULL, 0,
-			1);
+	rc = my_aes_encrypt_ecb(src, srclen, buf, &buflen,
+		(unsigned char*)keybuf, *key_length, NULL, 0, 1);

 	if (rc != AES_OK) {
 		ib_logf(IB_LOG_LEVEL_FATAL,
@@ -279,10 +272,6 @@ fil_crypt_get_key(byte *dst, uint* key_length,
 	// set the key size to the aes block size because this encrypted data is the key
 	*key_length = MY_AES_BLOCK_SIZE;
 	memcpy(dst, buf, buflen);
-	} else {
-		// otherwise keybuf contains the right key
-		memcpy(dst, keybuf, *key_length);
-	}

 	mutex_exit(&crypt_data->mutex);
 }
@@ -664,19 +653,12 @@ fil_space_encrypt(ulint space, ulint offset, lsn_t lsn,
 	/* Load the iv or counter (depending to the encryption algorithm used) */
 	unsigned char iv[MY_AES_BLOCK_SIZE];

-	if (current_aes_dynamic_method == MY_AES_ALGORITHM_CTR) {
 	// create counter block (C)
 	mach_write_to_4(iv + 0, space);
 	ulint space_offset = mach_read_from_4(
 		src_frame + FIL_PAGE_OFFSET);
 	mach_write_to_4(iv + 4, space_offset);
 	mach_write_to_8(iv + 8, lsn);
-	} else {
-		// Get random IV from crypt_data
-		mutex_enter(&crypt_data->mutex);
-		memcpy(iv, crypt_data->iv, crypt_data->iv_length);
-		mutex_exit(&crypt_data->mutex);
-	}

 	ibool page_compressed = (mach_read_from_2(src_frame+FIL_PAGE_TYPE) == FIL_PAGE_PAGE_COMPRESSED);
 	ibool page_encrypted  = fil_space_is_page_encrypted(space);
@@ -858,18 +840,11 @@ fil_space_decrypt(fil_space_crypt_t* crypt_data,
 	// get the iv
 	unsigned char iv[MY_AES_BLOCK_SIZE];

-	if (current_aes_dynamic_method == MY_AES_ALGORITHM_CTR) {
 	// create counter block

 	mach_write_to_4(iv + 0, space);
 	mach_write_to_4(iv + 4, offset);
 	mach_write_to_8(iv + 8, lsn);
-	} else {
-		// Get random IV from crypt_data
-		mutex_enter(&crypt_data->mutex);
-		memcpy(iv, crypt_data->iv, crypt_data->iv_length);
-		mutex_exit(&crypt_data->mutex);
-	}

 	const byte* src = src_frame + FIL_PAGE_DATA;
 	byte* dst = dst_frame + FIL_PAGE_DATA;

--- a/storage/xtradb/fil/fil0crypt.cc
+++ b/storage/xtradb/fil/fil0crypt.cc
@@ -240,9 +240,6 @@ fil_crypt_get_key(byte *dst, uint* key_length,
 		ut_error;
 	}

-	// do ctr key initialization
-	if (current_aes_dynamic_method == MY_AES_ALGORITHM_CTR)
-	{
 	/* Now compute L by encrypting IV using this key. Note
 	that we use random IV from crypt data. */
 	const unsigned char* src = crypt_data->iv;
@@ -251,12 +248,8 @@ fil_crypt_get_key(byte *dst, uint* key_length,
 	uint32 buflen = page_encrypted ? *key_length : sizeof(crypt_data->keys[0].key);

 	// call ecb explicit
-		my_aes_encrypt_dynamic_type func = get_aes_encrypt_func(MY_AES_ALGORITHM_ECB);
-		int rc = (*func)(src, srclen,
-			buf, &buflen,
-			(unsigned char*)keybuf, *key_length,
-			NULL, 0,
-			1);
+	rc = my_aes_encrypt_ecb(src, srclen, buf, &buflen,
+		(unsigned char*)keybuf, *key_length, NULL, 0, 1);

 	if (rc != AES_OK) {
 		ib_logf(IB_LOG_LEVEL_FATAL,
@@ -279,10 +272,6 @@ fil_crypt_get_key(byte *dst, uint* key_length,
 	// set the key size to the aes block size because this encrypted data is the key
 	*key_length = MY_AES_BLOCK_SIZE;
 	memcpy(dst, buf, buflen);
-	} else {
-		// otherwise keybuf contains the right key
-		memcpy(dst, keybuf, *key_length);
-	}

 	mutex_exit(&crypt_data->mutex);
 }
@@ -664,19 +653,12 @@ fil_space_encrypt(ulint space, ulint offset, lsn_t lsn,
 	/* Load the iv or counter (depending to the encryption algorithm used) */
 	unsigned char iv[MY_AES_BLOCK_SIZE];

-	if (current_aes_dynamic_method == MY_AES_ALGORITHM_CTR) {
 	// create counter block (C)
 	mach_write_to_4(iv + 0, space);
 	ulint space_offset = mach_read_from_4(
 		src_frame + FIL_PAGE_OFFSET);
 	mach_write_to_4(iv + 4, space_offset);
 	mach_write_to_8(iv + 8, lsn);
-	} else {
-		// Get random IV from crypt_data
-		mutex_enter(&crypt_data->mutex);
-		memcpy(iv, crypt_data->iv, crypt_data->iv_length);
-		mutex_exit(&crypt_data->mutex);
-	}

 	ibool page_compressed = (mach_read_from_2(src_frame+FIL_PAGE_TYPE) == FIL_PAGE_PAGE_COMPRESSED);
 	ibool page_encrypted  = fil_space_is_page_encrypted(space);
@@ -858,18 +840,11 @@ fil_space_decrypt(fil_space_crypt_t* crypt_data,
 	// get the iv
 	unsigned char iv[MY_AES_BLOCK_SIZE];

-	if (current_aes_dynamic_method == MY_AES_ALGORITHM_CTR) {
 	// create counter block

 	mach_write_to_4(iv + 0, space);
 	mach_write_to_4(iv + 4, offset);
 	mach_write_to_8(iv + 8, lsn);
-	} else {
-		// Get random IV from crypt_data
-		mutex_enter(&crypt_data->mutex);
-		memcpy(iv, crypt_data->iv, crypt_data->iv_length);
-		mutex_exit(&crypt_data->mutex);
-	}

 	const byte* src = src_frame + FIL_PAGE_DATA;
 	byte* dst = dst_frame + FIL_PAGE_DATA;