1 /* Blue Sky: File Systems in the Cloud
3 * Copyright (C) 2009 The Regents of the University of California
4 * Written by Michael Vrable <mvrable@cs.ucsd.edu>
18 static int DISABLE_CRYPTO = 1;
20 /* Cryptographic operations. The rest of the BlueSky code merely calls into
21 * the functions in this file, so this is the only point where we interface
22 * with an external cryptographic library. */
24 GCRY_THREAD_OPTION_PTHREAD_IMPL;
26 void bluesky_crypt_init()
28 gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
30 if (gcry_control(GCRYCTL_INITIALIZATION_FINISHED_P))
33 g_print("libgcrypt not yet initialized, initializing...\n");
35 if (!gcry_check_version(GCRYPT_VERSION))
36 g_error("libgcrypt version mismatch\n");
38 gcry_control(GCRYCTL_DISABLE_SECMEM, 0);
39 gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
42 /* Return cryptographically-strong random data. */
43 void bluesky_crypt_random_bytes(guchar *buf, gint len)
45 gcry_randomize(buf, len, GCRY_STRONG_RANDOM);
48 /* Encrypt a data block. */
49 BlueSkyRCStr *bluesky_crypt_encrypt(BlueSkyRCStr *in, const uint8_t *key)
52 bluesky_string_ref(in);
57 gcry_cipher_hd_t handle;
59 status = gcry_cipher_open(&handle, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CBC,
62 g_error("gcrypt error setting up encryption: %s\n",
63 gcry_strerror(status));
66 uint8_t *out = g_malloc0(in->len + CRYPTO_BLOCK_SIZE);
68 gcry_cipher_setkey(handle, key, CRYPTO_KEY_SIZE);
70 g_error("gcrypt error setting key: %s\n",
71 gcry_strerror(status));
74 bluesky_crypt_random_bytes(out, CRYPTO_BLOCK_SIZE);
75 status = gcry_cipher_setiv(handle, out, CRYPTO_BLOCK_SIZE);
77 g_error("gcrypt error setting IV: %s\n",
78 gcry_strerror(status));
81 status = gcry_cipher_encrypt(handle, out + CRYPTO_BLOCK_SIZE, in->len,
84 g_error("gcrypt error encrypting: %s\n",
85 gcry_strerror(status));
88 gcry_cipher_close(handle);
90 return bluesky_string_new(out, in->len + CRYPTO_BLOCK_SIZE);
93 /* Decrypt a data block. */
94 BlueSkyRCStr *bluesky_crypt_decrypt(BlueSkyRCStr *in, const uint8_t *key)
97 bluesky_string_ref(in);
102 gcry_cipher_hd_t handle;
104 g_return_val_if_fail(in->len > CRYPTO_BLOCK_SIZE, NULL);
106 status = gcry_cipher_open(&handle, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CBC,
107 GCRY_CIPHER_CBC_CTS);
109 g_error("gcrypt error setting up encryption: %s\n",
110 gcry_strerror(status));
113 uint8_t *out = g_malloc0(in->len - CRYPTO_BLOCK_SIZE);
115 gcry_cipher_setkey(handle, key, CRYPTO_KEY_SIZE);
117 g_error("gcrypt error setting key: %s\n",
118 gcry_strerror(status));
121 status = gcry_cipher_setiv(handle, in->data, CRYPTO_BLOCK_SIZE);
123 g_error("gcrypt error setting IV: %s\n",
124 gcry_strerror(status));
127 status = gcry_cipher_decrypt(handle, out, in->len - CRYPTO_BLOCK_SIZE,
128 in->data + CRYPTO_BLOCK_SIZE,
129 in->len - CRYPTO_BLOCK_SIZE);
131 g_error("gcrypt error decrypting: %s\n",
132 gcry_strerror(status));
135 gcry_cipher_close(handle);
137 return bluesky_string_new(out, in->len + CRYPTO_BLOCK_SIZE);