gs_probackup备份恢复支持指定带hmac算法类型,以及部分代码优化
This commit is contained in:
耶梦加得
@ -2935,7 +2935,7 @@ static void compress_encrypt_directory()
|
||||
char enc_file[MAXPGPATH] = {0};
|
||||
unsigned char hmac_buffer[MAX_HMAC_LEN + 1] = {0};
|
||||
unsigned char enc_buffer[MAX_ENCRYPT_LEN + 1] = {0};
|
||||
unsigned char out_buffer[MAX_ENCRYPT_LEN + 1] = {0};
|
||||
unsigned char out_buffer[MAX_CRYPTO_MODULE_LEN + 1] = {0};
|
||||
char errmsg[MAX_ERRMSG_LEN] = {0};
|
||||
int algo;
|
||||
|
||||
@ -2970,15 +2970,20 @@ static void compress_encrypt_directory()
|
||||
return;
|
||||
}
|
||||
|
||||
CryptoModuleParamsCheck(gen_key, encrypt_dev_params, encrypt_mode, encrypt_key, encrypt_salt);
|
||||
CryptoModuleParamsCheck(gen_key, encrypt_dev_params, encrypt_mode, encrypt_key, encrypt_salt, &key_type);
|
||||
|
||||
initCryptoSession(&crypto_module_session);
|
||||
|
||||
algo = transform_type(encrypt_mode);
|
||||
|
||||
if (gen_key) {
|
||||
if (key_type == KEY_TYPE_PLAINTEXT) {
|
||||
elog(ERROR, "forbid to generate plaint key\n");
|
||||
}
|
||||
key = (char*)malloc(KEY_MAX_LEN);
|
||||
ret = crypto_create_symm_key_use(crypto_module_session, (ModuleSymmKeyAlgo)algo, (unsigned char*)key, (size_t*)&key_len);
|
||||
if (ret != 1) {
|
||||
pg_free(key);
|
||||
crypto_get_errmsg_use(NULL, errmsg);
|
||||
clearCrypto(crypto_module_session, crypto_module_keyctx, crypto_hmac_keyctx);
|
||||
elog(ERROR, "crypto module gen key error, errmsg:%s\n", errmsg);
|
||||
@ -2986,53 +2991,62 @@ static void compress_encrypt_directory()
|
||||
} else {
|
||||
key = SEC_decodeBase64(encrypt_key, &key_len);
|
||||
if (NULL == key) {
|
||||
pg_free(encrypt_key);
|
||||
clearCrypto(crypto_module_session, crypto_module_keyctx, crypto_hmac_keyctx);
|
||||
elog(ERROR, "crypto module decode key error, please check --with-key.\n");
|
||||
}
|
||||
}
|
||||
|
||||
encrypt_key = SEC_encodeBase64(key, (GS_UINT32)key_len);
|
||||
if (NULL == encrypt_key) {
|
||||
clearCrypto(crypto_module_session, crypto_module_keyctx, crypto_hmac_keyctx);
|
||||
elog(ERROR, "crypto module encode key error.\n");
|
||||
pg_free(encrypt_key);
|
||||
if (key_type != KEY_TYPE_PLAINTEXT) {
|
||||
encrypt_key = SEC_encodeBase64(key, (GS_UINT32)key_len);
|
||||
if (NULL == encrypt_key) {
|
||||
pg_free(encrypt_key);
|
||||
pg_free(key);
|
||||
clearCrypto(crypto_module_session, crypto_module_keyctx, crypto_hmac_keyctx);
|
||||
elog(ERROR, "crypto module encode key error.\n");
|
||||
}
|
||||
|
||||
elog(INFO, "crypto module encrypt with key: %s , salt: %s \n", encrypt_key, encrypt_salt);
|
||||
}
|
||||
|
||||
elog(INFO, "crypto module encrypt with key: %s , salt: %s \n", encrypt_key, encrypt_salt);
|
||||
|
||||
ret = crypto_ctx_init_use(crypto_module_session, &crypto_module_keyctx, (ModuleSymmKeyAlgo)algo, 1, (unsigned char*)key, key_len);
|
||||
if (ret != 1)
|
||||
{
|
||||
pg_free(encrypt_key);
|
||||
pg_free(key);
|
||||
crypto_get_errmsg_use(NULL, errmsg);
|
||||
clearCrypto(crypto_module_session, crypto_module_keyctx, crypto_hmac_keyctx);
|
||||
elog(ERROR, "crypto keyctx init error, errmsg:%s\n", errmsg);
|
||||
}
|
||||
|
||||
algo = getHmacType((ModuleSymmKeyAlgo)algo);
|
||||
|
||||
ret = crypto_hmac_init_use(crypto_module_session, &crypto_hmac_keyctx, (ModuleSymmKeyAlgo)algo, (unsigned char*)key, key_len);
|
||||
if (ret != 1)
|
||||
{
|
||||
crypto_get_errmsg_use(NULL, errmsg);
|
||||
clearCrypto(crypto_module_session, crypto_module_keyctx, crypto_hmac_keyctx);
|
||||
elog(ERROR, "crypto hmac keyctx init error, errmsg:%s\n", errmsg);
|
||||
algo = transform_hmac_type(encrypt_mode);
|
||||
if (algo != MODULE_ALGO_MAX) {
|
||||
ret = crypto_hmac_init_use(crypto_module_session, &crypto_hmac_keyctx, (ModuleSymmKeyAlgo)algo, (unsigned char*)key, key_len);
|
||||
if (ret != 1)
|
||||
{
|
||||
pg_free(encrypt_key);
|
||||
pg_free(key);
|
||||
crypto_get_errmsg_use(NULL, errmsg);
|
||||
clearCrypto(crypto_module_session, crypto_module_keyctx, crypto_hmac_keyctx);
|
||||
elog(ERROR, "crypto hmac keyctx init error, errmsg:%s\n", errmsg);
|
||||
}
|
||||
}
|
||||
|
||||
fseek(backup_tar_fd,0,SEEK_END);
|
||||
fseek(backup_tar_fd, 0, SEEK_END);
|
||||
backup_tar_length = ftell(backup_tar_fd);
|
||||
fseek(backup_tar_fd,0,SEEK_SET);
|
||||
fseek(backup_tar_fd, 0, SEEK_SET);
|
||||
|
||||
while(backup_tar_pos < backup_tar_length)
|
||||
{
|
||||
ret = memset_s(enc_buffer, MAX_ENCRYPT_LEN + 1, '\0', MAX_ENCRYPT_LEN + 1);
|
||||
securec_check(ret, "\0", "\0");
|
||||
|
||||
if ((backup_tar_length - backup_tar_pos) > MAX_ENCRYPT_LEN) {
|
||||
ret = memset_s(enc_buffer, MAX_ENCRYPT_LEN + 1, '\0', MAX_ENCRYPT_LEN + 1);
|
||||
securec_check(ret, "\0", "\0");
|
||||
fread(enc_buffer,MAX_ENCRYPT_LEN,1,backup_tar_fd);
|
||||
fread(enc_buffer, MAX_ENCRYPT_LEN, 1, backup_tar_fd);
|
||||
backup_tar_pos += MAX_ENCRYPT_LEN;
|
||||
enc_buffer_len = MAX_ENCRYPT_LEN;
|
||||
} else {
|
||||
ret = memset_s(enc_buffer, MAX_ENCRYPT_LEN + 1, '\0', MAX_ENCRYPT_LEN + 1);
|
||||
securec_check(ret, "\0", "\0");
|
||||
fread(enc_buffer,(backup_tar_length - backup_tar_pos),1,backup_tar_fd);
|
||||
fread(enc_buffer, (backup_tar_length - backup_tar_pos), 1, backup_tar_fd);
|
||||
enc_buffer_len = backup_tar_length - backup_tar_pos;
|
||||
backup_tar_pos = backup_tar_length;
|
||||
}
|
||||
@ -3043,26 +3057,36 @@ static void compress_encrypt_directory()
|
||||
ret = memset_s(hmac_buffer, MAX_HMAC_LEN + 1, '\0', MAX_HMAC_LEN + 1);
|
||||
securec_check(ret, "\0", "\0");
|
||||
|
||||
ret = crypto_hmac_use(crypto_hmac_keyctx, (unsigned char*)enc_buffer, enc_buffer_len, hmac_buffer, (size_t*)&hmac_len);
|
||||
if (ret != 1) {
|
||||
clearCrypto(crypto_module_session, crypto_module_keyctx, crypto_hmac_keyctx);
|
||||
elog(ERROR, ("failed to calculate hmac\n"));
|
||||
if (algo != MODULE_ALGO_MAX){
|
||||
ret = crypto_hmac_use(crypto_hmac_keyctx, (unsigned char*)enc_buffer, enc_buffer_len, hmac_buffer, (size_t*)&hmac_len);
|
||||
if (ret != 1) {
|
||||
pg_free(encrypt_key);
|
||||
pg_free(key);
|
||||
clearCrypto(crypto_module_session, crypto_module_keyctx, crypto_hmac_keyctx);
|
||||
elog(ERROR, ("failed to calculate hmac\n"));
|
||||
}
|
||||
}
|
||||
|
||||
ret = crypto_encrypt_decrypt_use(crypto_module_keyctx, 1, (unsigned char*)enc_buffer, enc_buffer_len,
|
||||
(unsigned char*)encrypt_salt, MAX_IV_LEN, out_buffer, (size_t*)&out_buffer_len, NULL);
|
||||
if (ret != 1) {
|
||||
pg_free(encrypt_key);
|
||||
pg_free(key);
|
||||
clearCrypto(crypto_module_session, crypto_module_keyctx, crypto_hmac_keyctx);
|
||||
elog(ERROR, ("failed to encrypt backup file\n"));
|
||||
}
|
||||
|
||||
fwrite(out_buffer, 1, out_buffer_len, enc_backup_fd);
|
||||
fwrite(hmac_buffer, 1, hmac_len, enc_backup_fd);
|
||||
if (algo != MODULE_ALGO_MAX) {
|
||||
fwrite(hmac_buffer, 1, hmac_len, enc_backup_fd);
|
||||
}
|
||||
}
|
||||
|
||||
fclose(backup_tar_fd);
|
||||
fclose(enc_backup_fd);
|
||||
clearCrypto(crypto_module_session, crypto_module_keyctx, crypto_hmac_keyctx);
|
||||
pg_free(encrypt_key);
|
||||
pg_free(key);
|
||||
|
||||
rc = sprintf_s(sys_cmd, MAXPGPATH, "rm %s %s.tar -rf", current.root_dir, current.root_dir);
|
||||
securec_check_ss_c(rc, "\0", "\0");
|
||||
|
||||
@ -2879,13 +2879,10 @@ char* relpathbackend(RelFileNode rnode, BackendId backend, ForkNumber forknum)
|
||||
static void uncompress_decrypt_directory(const char *instance_name_str)
|
||||
{
|
||||
errno_t rc;
|
||||
|
||||
bool res = false;
|
||||
DIR *data_dir = NULL;
|
||||
struct dirent *data_ent = NULL;
|
||||
uint key_len = 0;
|
||||
uint hmac_len = MAX_HMAC_LEN;
|
||||
uint key_idx_uint = 0;
|
||||
uint dec_buffer_len = 0;
|
||||
uint out_buffer_len = MAX_CRYPTO_MODULE_LEN;
|
||||
long int enc_file_pos = 0;
|
||||
@ -2906,18 +2903,13 @@ static void uncompress_decrypt_directory(const char *instance_name_str)
|
||||
return;
|
||||
}
|
||||
|
||||
CryptoModuleParamsCheck(gen_key, encrypt_dev_params, encrypt_mode, encrypt_key, encrypt_salt);
|
||||
CryptoModuleParamsCheck(gen_key, encrypt_dev_params, encrypt_mode, encrypt_key, encrypt_salt, &key_type);
|
||||
|
||||
initCryptoSession(&crypto_module_session);
|
||||
|
||||
algo = transform_type(encrypt_mode);
|
||||
if (gen_key) {
|
||||
rc = crypto_create_symm_key_use(crypto_module_session, (ModuleSymmKeyAlgo)algo, (unsigned char*)key, (size_t*)&key_len);
|
||||
if (rc != 1) {
|
||||
crypto_get_errmsg_use(NULL, errmsg);
|
||||
clearCrypto(crypto_module_session, crypto_module_keyctx, crypto_hmac_keyctx);
|
||||
elog(ERROR, "crypto module gen key error, errmsg:%s\n", errmsg);
|
||||
}
|
||||
elog(ERROR, "only backup can use --gen-key command.");
|
||||
} else {
|
||||
key = SEC_decodeBase64(encrypt_key, &key_len);
|
||||
if (NULL == key) {
|
||||
@ -2928,17 +2920,20 @@ static void uncompress_decrypt_directory(const char *instance_name_str)
|
||||
|
||||
rc = crypto_ctx_init_use(crypto_module_session, &crypto_module_keyctx, (ModuleSymmKeyAlgo)algo, 0, (unsigned char*)key, key_len);
|
||||
if (rc != 1) {
|
||||
pg_free(key);
|
||||
crypto_get_errmsg_use(NULL, errmsg);
|
||||
clearCrypto(crypto_module_session, crypto_module_keyctx, crypto_hmac_keyctx);
|
||||
elog(ERROR, "crypto keyctx init error, errmsg:%s\n", errmsg);
|
||||
}
|
||||
|
||||
algo = getHmacType((ModuleSymmKeyAlgo)algo);
|
||||
rc = crypto_hmac_init_use(crypto_module_session, &crypto_hmac_keyctx, (ModuleSymmKeyAlgo)algo, (unsigned char*)key, key_len);
|
||||
if (rc != 1) {
|
||||
crypto_get_errmsg_use(NULL, errmsg);
|
||||
clearCrypto(crypto_module_session, crypto_module_keyctx, crypto_hmac_keyctx);
|
||||
elog(ERROR, "crypto keyctx init error, errmsg:%s\n", errmsg);
|
||||
algo = transform_hmac_type(encrypt_mode);
|
||||
if (algo != MODULE_ALGO_MAX) {
|
||||
rc = crypto_hmac_init_use(crypto_module_session, &crypto_hmac_keyctx, (ModuleSymmKeyAlgo)algo, (unsigned char*)key, key_len);
|
||||
if (rc != 1) {
|
||||
crypto_get_errmsg_use(NULL, errmsg);
|
||||
clearCrypto(crypto_module_session, crypto_module_keyctx, crypto_hmac_keyctx);
|
||||
elog(ERROR, "crypto keyctx init error, errmsg:%s\n", errmsg);
|
||||
}
|
||||
}
|
||||
|
||||
rc = sprintf_s(backup_instance_path, MAXPGPATH, "%s/%s/%s",
|
||||
@ -2947,6 +2942,8 @@ static void uncompress_decrypt_directory(const char *instance_name_str)
|
||||
|
||||
data_dir = fio_opendir(backup_instance_path, FIO_BACKUP_HOST);
|
||||
if (data_dir == NULL) {
|
||||
pg_free(key);
|
||||
clearCrypto(crypto_module_session, crypto_module_keyctx, crypto_hmac_keyctx);
|
||||
elog(ERROR, "cannot open directory \"%s\": %s", backup_instance_path, strerror(errno));
|
||||
return;
|
||||
}
|
||||
@ -2959,6 +2956,7 @@ static void uncompress_decrypt_directory(const char *instance_name_str)
|
||||
|
||||
FILE* enc_backup_fd = fopen(enc_backup_file,"rb");
|
||||
if(NULL == enc_backup_fd) {
|
||||
pg_free(key);
|
||||
clearCrypto(crypto_module_session, crypto_module_keyctx, crypto_hmac_keyctx);
|
||||
elog(ERROR, ("failed to create or open encrypt backup file."));
|
||||
return;
|
||||
@ -2976,47 +2974,78 @@ static void uncompress_decrypt_directory(const char *instance_name_str)
|
||||
|
||||
FILE* dec_file_fd = fopen(dec_backup_file,"wb");
|
||||
|
||||
while(enc_file_pos < enc_file_len)
|
||||
if (algo == MODULE_ALGO_MAX)
|
||||
{
|
||||
memset_s(dec_buffer, MAX_CRYPTO_MODULE_LEN, 0, MAX_CRYPTO_MODULE_LEN);
|
||||
memset_s(out_buffer, MAX_CRYPTO_MODULE_LEN, 0, MAX_CRYPTO_MODULE_LEN);
|
||||
while(enc_file_pos < enc_file_len)
|
||||
{
|
||||
memset_s(dec_buffer, MAX_CRYPTO_MODULE_LEN, 0, MAX_CRYPTO_MODULE_LEN);
|
||||
memset_s(out_buffer, MAX_CRYPTO_MODULE_LEN, 0, MAX_CRYPTO_MODULE_LEN);
|
||||
|
||||
if(enc_file_pos + MAX_CRYPTO_MODULE_LEN + MAX_HMAC_LEN < enc_file_len) {
|
||||
fread(dec_buffer, 1, MAX_CRYPTO_MODULE_LEN, enc_backup_fd);
|
||||
fread(hmac_read_buffer, 1, MAX_HMAC_LEN, enc_backup_fd);
|
||||
dec_buffer_len = MAX_CRYPTO_MODULE_LEN;
|
||||
enc_file_pos += (MAX_CRYPTO_MODULE_LEN + MAX_HMAC_LEN);
|
||||
} else {
|
||||
fread(dec_buffer, 1, enc_file_len - (enc_file_pos + MAX_HMAC_LEN), enc_backup_fd);
|
||||
fread(hmac_read_buffer, 1, MAX_HMAC_LEN, enc_backup_fd);
|
||||
dec_buffer_len = enc_file_len - (enc_file_pos + MAX_HMAC_LEN);
|
||||
enc_file_pos = enc_file_len;
|
||||
if(enc_file_pos + MAX_CRYPTO_MODULE_LEN < enc_file_len) {
|
||||
fread(dec_buffer, 1, MAX_CRYPTO_MODULE_LEN, enc_backup_fd);
|
||||
dec_buffer_len = MAX_CRYPTO_MODULE_LEN;
|
||||
enc_file_pos += MAX_CRYPTO_MODULE_LEN;
|
||||
} else {
|
||||
fread(dec_buffer, 1, enc_file_len - enc_file_pos, enc_backup_fd);
|
||||
dec_buffer_len = enc_file_len - enc_file_pos;
|
||||
enc_file_pos = enc_file_len;
|
||||
}
|
||||
|
||||
rc = crypto_encrypt_decrypt_use(crypto_module_keyctx, 0, (unsigned char*)dec_buffer, dec_buffer_len,
|
||||
(unsigned char*)encrypt_salt, MAX_IV_LEN, (unsigned char*)out_buffer, (size_t*)&out_buffer_len, NULL);
|
||||
if(rc != 1) {
|
||||
crypto_get_errmsg_use(NULL, errmsg);
|
||||
pg_free(key);
|
||||
clearCrypto(crypto_module_session, crypto_module_keyctx, crypto_hmac_keyctx);
|
||||
elog(ERROR, ("failed to decrypt enc_backup_file, errmsg: %s"), errmsg);
|
||||
}
|
||||
fwrite(out_buffer, 1, out_buffer_len, dec_file_fd);
|
||||
}
|
||||
} else {
|
||||
while(enc_file_pos < enc_file_len)
|
||||
{
|
||||
memset_s(dec_buffer, MAX_CRYPTO_MODULE_LEN, 0, MAX_CRYPTO_MODULE_LEN);
|
||||
memset_s(out_buffer, MAX_CRYPTO_MODULE_LEN, 0, MAX_CRYPTO_MODULE_LEN);
|
||||
|
||||
rc = crypto_encrypt_decrypt_use(crypto_module_keyctx, 0, (unsigned char*)dec_buffer, dec_buffer_len,
|
||||
(unsigned char*)encrypt_salt, MAX_IV_LEN, (unsigned char*)out_buffer, (size_t*)&out_buffer_len, NULL);
|
||||
if(rc != 1) {
|
||||
crypto_get_errmsg_use(NULL, errmsg);
|
||||
clearCrypto(crypto_module_session, crypto_module_keyctx, crypto_hmac_keyctx);
|
||||
elog(ERROR, ("failed to decrypt enc_backup_file, errmsg: %s"), errmsg);
|
||||
if(enc_file_pos + MAX_CRYPTO_MODULE_LEN + MAX_HMAC_LEN < enc_file_len) {
|
||||
fread(dec_buffer, 1, MAX_CRYPTO_MODULE_LEN, enc_backup_fd);
|
||||
fread(hmac_read_buffer, 1, MAX_HMAC_LEN, enc_backup_fd);
|
||||
dec_buffer_len = MAX_CRYPTO_MODULE_LEN;
|
||||
enc_file_pos += (MAX_CRYPTO_MODULE_LEN + MAX_HMAC_LEN);
|
||||
} else {
|
||||
fread(dec_buffer, 1, enc_file_len - (enc_file_pos + MAX_HMAC_LEN), enc_backup_fd);
|
||||
fread(hmac_read_buffer, 1, MAX_HMAC_LEN, enc_backup_fd);
|
||||
dec_buffer_len = enc_file_len - (enc_file_pos + MAX_HMAC_LEN);
|
||||
enc_file_pos = enc_file_len;
|
||||
}
|
||||
|
||||
rc = crypto_encrypt_decrypt_use(crypto_module_keyctx, 0, (unsigned char*)dec_buffer, dec_buffer_len,
|
||||
(unsigned char*)encrypt_salt, MAX_IV_LEN, (unsigned char*)out_buffer, (size_t*)&out_buffer_len, NULL);
|
||||
if(rc != 1) {
|
||||
pg_free(key);
|
||||
crypto_get_errmsg_use(NULL, errmsg);
|
||||
clearCrypto(crypto_module_session, crypto_module_keyctx, crypto_hmac_keyctx);
|
||||
elog(ERROR, ("failed to decrypt enc_backup_file, errmsg: %s"), errmsg);
|
||||
}
|
||||
|
||||
rc = crypto_hmac_use(crypto_hmac_keyctx, (unsigned char*)out_buffer, out_buffer_len, hmac_cal_buffer, (size_t*)&hmac_len);
|
||||
if(rc != 1) {
|
||||
pg_free(key);
|
||||
crypto_get_errmsg_use(NULL, errmsg);
|
||||
clearCrypto(crypto_module_session, crypto_module_keyctx, crypto_hmac_keyctx);
|
||||
elog(ERROR, ("failed to calculate hmac, errmsg: %s"), errmsg);
|
||||
}
|
||||
|
||||
if (strncmp((char*)hmac_cal_buffer, (char*)hmac_read_buffer, (size_t)hmac_len) != 0) {
|
||||
pg_free(key);
|
||||
elog(ERROR, ("hmac verify failed\n"));
|
||||
}
|
||||
|
||||
fwrite(out_buffer, 1, out_buffer_len, dec_file_fd);
|
||||
}
|
||||
|
||||
rc = crypto_hmac_use(crypto_hmac_keyctx, (unsigned char*)out_buffer, out_buffer_len, hmac_cal_buffer, (size_t*)&hmac_len);
|
||||
if(rc != 1) {
|
||||
crypto_get_errmsg_use(NULL, errmsg);
|
||||
clearCrypto(crypto_module_session, crypto_module_keyctx, crypto_hmac_keyctx);
|
||||
elog(ERROR, ("failed to calculate hmac, errmsg: %s"), errmsg);
|
||||
}
|
||||
|
||||
if (strncmp((char*)hmac_cal_buffer, (char*)hmac_read_buffer, (size_t)hmac_len) != 0) {
|
||||
elog(ERROR, ("hmac verify failed\n"));
|
||||
}
|
||||
|
||||
fwrite(out_buffer, 1, out_buffer_len, dec_file_fd);
|
||||
}
|
||||
fclose(dec_file_fd);
|
||||
fclose(enc_backup_fd);
|
||||
|
||||
clearCrypto(crypto_module_session, crypto_module_keyctx, crypto_hmac_keyctx);
|
||||
|
||||
rc = sprintf_s(sys_cmd, MAXPGPATH, "tar -xPf %s/%s.tar", backup_instance_path, data_ent->d_name);
|
||||
@ -3046,6 +3075,7 @@ static void uncompress_decrypt_directory(const char *instance_name_str)
|
||||
fio_closedir(data_dir);
|
||||
data_dir = NULL;
|
||||
}
|
||||
pg_free(key);
|
||||
}
|
||||
|
||||
/*
|
||||
|
||||
@ -103,21 +103,21 @@ void unload_crypto_module()
|
||||
|
||||
int transform_type(const char* type)
|
||||
{
|
||||
if (strcmp(type, "AES128_CBC") == 0) {
|
||||
if (strcmp(type, "AES128_CBC") == 0 || strcmp(type, "AES128_CBC_HMAC_SHA256") == 0) {
|
||||
return MODULE_AES_128_CBC;
|
||||
} else if (strcmp(type, "AES128_CTR") == 0) {
|
||||
} else if (strcmp(type, "AES128_CTR") == 0 || strcmp(type, "AES128_CTR_HMAC_SHA256") == 0) {
|
||||
return MODULE_AES_128_CTR;
|
||||
} else if (strcmp(type, "AES128_GCM") == 0) {
|
||||
} else if (strcmp(type, "AES128_GCM") == 0 || strcmp(type, "AES128_GCM_HMAC_SHA256") == 0) {
|
||||
return MODULE_AES_128_GCM;
|
||||
} else if (strcmp(type, "AES256_CBC") == 0) {
|
||||
} else if (strcmp(type, "AES256_CBC") == 0 || strcmp(type, "AES256_CBC_HMAC_SHA256") == 0) {
|
||||
return MODULE_AES_256_CBC;
|
||||
} else if (strcmp(type, "AES256_CTR") == 0) {
|
||||
} else if (strcmp(type, "AES256_CTR") == 0 || strcmp(type, "AES256_CTR_HMAC_SHA256") == 0) {
|
||||
return MODULE_AES_256_CTR;
|
||||
} else if (strcmp(type, "AES256_GCM") == 0) {
|
||||
} else if (strcmp(type, "AES256_GCM") == 0 || strcmp(type, "AES256_GCM_HMAC_SHA256") == 0) {
|
||||
return MODULE_AES_256_GCM;
|
||||
} else if (strcmp(type, "SM4_CBC") == 0) {
|
||||
} else if (strcmp(type, "SM4_CBC") == 0 || strcmp(type, "SM4_CBC_HMAC_SM3") == 0) {
|
||||
return MODULE_SM4_CBC;
|
||||
} else if (strcmp(type, "SM4_CTR") == 0) {
|
||||
} else if (strcmp(type, "SM4_CTR") == 0 || strcmp(type, "SM4_CTR_HMAC_SM3") == 0) {
|
||||
return MODULE_SM4_CTR;
|
||||
}
|
||||
|
||||
@ -136,7 +136,24 @@ int getHmacType(ModuleSymmKeyAlgo algo)
|
||||
return MODULE_ALGO_MAX;
|
||||
}
|
||||
|
||||
void initCryptoModule(char* crypto_module_params, const char* encrypt_mode)
|
||||
int transform_hmac_type(const char* type)
|
||||
{
|
||||
if (strcmp(type, "AES128_CBC_HMAC_SHA256") == 0
|
||||
|| strcmp(type, "AES128_CTR_HMAC_SHA256") == 0
|
||||
|| strcmp(type, "AES128_GCM_HMAC_SHA256") == 0
|
||||
|| strcmp(type, "AES256_CBC_HMAC_SHA256") == 0
|
||||
|| strcmp(type, "AES256_CTR_HMAC_SHA256") == 0
|
||||
|| strcmp(type, "AES256_GCM_HMAC_SHA256") == 0) {
|
||||
return MODULE_HMAC_SHA256;
|
||||
} else if (strcmp(type, "SM4_CBC_HMAC_SM3") == 0
|
||||
|| strcmp(type, "SM4_CTR_HMAC_SM3") == 0) {
|
||||
return MODULE_HMAC_SM3;
|
||||
}
|
||||
|
||||
return MODULE_ALGO_MAX;
|
||||
}
|
||||
|
||||
void initCryptoModule(char* crypto_module_params, const char* encrypt_mode, int* key_type)
|
||||
{
|
||||
int ret = 1;
|
||||
SupportedFeature supportedfeature;
|
||||
@ -161,6 +178,7 @@ void initCryptoModule(char* crypto_module_params, const char* encrypt_mode)
|
||||
exit(1);
|
||||
}
|
||||
|
||||
*key_type = supportedfeature.key_type;
|
||||
}
|
||||
|
||||
void initCryptoSession(void** crypto_module_session)
|
||||
@ -209,10 +227,8 @@ void clearCrypto(void* crypto_module_session, void* crypto_module_keyctx, void*
|
||||
unload_crypto_module();
|
||||
}
|
||||
|
||||
void CryptoModuleParamsCheck(bool gen_key, char* params, const char* module_encrypt_mode, const char* module_encrypt_key, const char* module_encrypt_salt)
|
||||
void CryptoModuleParamsCheck(bool gen_key, char* params, const char* module_encrypt_mode, const char* module_encrypt_key, const char* module_encrypt_salt, int* key_type)
|
||||
{
|
||||
errno_t rc = 0;
|
||||
|
||||
if (!load_crypto_module_lib()) {
|
||||
fprintf(stderr, ("load crypto module lib failed\n"));
|
||||
exit(1);
|
||||
@ -222,7 +238,7 @@ void CryptoModuleParamsCheck(bool gen_key, char* params, const char* module_encr
|
||||
fprintf(stderr, ("encrypt mode and crypto module params cannot be NULL\n"));
|
||||
exit(1);
|
||||
} else {
|
||||
initCryptoModule(params, module_encrypt_mode);
|
||||
initCryptoModule(params, module_encrypt_mode, key_type);
|
||||
}
|
||||
|
||||
if (gen_key && NULL != module_encrypt_key) {
|
||||
|
||||
@ -73,14 +73,15 @@ extern crypto_hmac_type crypto_hmac_use;
|
||||
|
||||
extern int transform_type(const char* type);
|
||||
extern int getHmacType(ModuleSymmKeyAlgo algo);
|
||||
extern int transform_hmac_type(const char* type);
|
||||
extern bool load_crypto_module_lib();
|
||||
extern void unload_crypto_module();
|
||||
extern void initCryptoModule(char* crypto_module_params, const char* encrypt_mode);
|
||||
extern void initCryptoModule(char* crypto_module_params, const char* encrypt_mode, int* key_type);
|
||||
extern void initCryptoSession(void** crypto_module_session);
|
||||
extern void releaseCryptoSession(void* crypto_module_session);
|
||||
extern void releaseCryptoCtx(void* crypto_module_keyctx);
|
||||
extern void clearCrypto(void* crypto_module_session, void* crypto_module_keyctx, void* crypto_hmac_keyctx);
|
||||
extern void CryptoModuleParamsCheck(bool gen_key, char* params, const char* module_encrypt_mode, const char* module_encrypt_key, const char* module_encrypt_salt);
|
||||
extern void CryptoModuleParamsCheck(bool gen_key, char* params, const char* module_encrypt_mode, const char* module_encrypt_key, const char* module_encrypt_salt, int* key_type);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
|
||||
@ -154,6 +154,7 @@ static ProbackupSubcmd backup_subcmd = NO_CMD;
|
||||
|
||||
/* encrypt options */
|
||||
bool gen_key = false;
|
||||
int key_type = KEY_TYPE_INVALID;
|
||||
char* encrypt_mode = NULL;
|
||||
char* encrypt_key = NULL;
|
||||
char* encrypt_salt = NULL;
|
||||
|
||||
@ -82,6 +82,7 @@ extern bool specify_extdir;
|
||||
extern bool specify_tbsdir;
|
||||
|
||||
extern bool gen_key;
|
||||
extern int key_type;
|
||||
extern char* encrypt_mode ;
|
||||
extern char* encrypt_key ;
|
||||
extern char* encrypt_salt;
|
||||
|
||||
Reference in New Issue
Block a user