You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@doris.apache.org by GitBox <gi...@apache.org> on 2018/11/01 14:11:52 UTC

[GitHub] kangpinghuang commented on a change in pull request #264: Update #257: rewrite aes encryption

kangpinghuang commented on a change in pull request #264:  Update #257: rewrite aes encryption
URL: https://github.com/apache/incubator-doris/pull/264#discussion_r230054287
 
 

 ##########
 File path: be/src/util/aes_util.cpp
 ##########
 @@ -0,0 +1,174 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+#include "aes_util.h"
+#include  <cstring>
+#include  <string>
+#include  <memory>
+#include  <iostream>
+
+#include <openssl/aes.h>
+#include <openssl/evp.h>
+#include <openssl/err.h>
+
+#include "exprs/base64.h"
+
+namespace palo {
+
+static const int AES_MAX_KEY_LENGTH = 256;
+
+const EVP_CIPHER* get_evp_type(const AesMode mode) {
+    switch (mode) {
+        case AES_128_ECB:
+            return EVP_aes_128_ecb();
+        case AES_128_CBC:
+            return EVP_aes_128_cbc();
+        case AES_192_ECB:
+            return EVP_aes_192_ecb();
+        case AES_192_CBC:
+            return EVP_aes_192_cbc();
+        case AES_256_ECB:
+            return EVP_aes_256_ecb();
+        case AES_256_CBC:
+            return EVP_aes_256_cbc();
+        default:
+            return NULL;
+    }
+}
+
+static uint aes_mode_key_sizes[]= {
+    128 /* AES_128_ECB */,
+    192 /* AES_192_ECB */,
+    256 /* AES_256_ECB */,
+    128 /* AES_128_CBC */,
+    192 /* AES_192_CBC */,
+    256 /* AES_256_CBC */
+};
+
+static void aes_create_key(const unsigned char* origin_key, uint32_t key_length,
+        uint8_t* encrypt_key, AesMode mode) {
+    const uint key_size= aes_mode_key_sizes[mode] / 8;
+    uint8_t *origin_key_end= ((uint8_t*)origin_key) + key_length; /* origin key boundary*/
+
+    uint8_t *encrypt_key_end; /* encrypt key boundary */
+    encrypt_key_end= encrypt_key + key_size;
+
+    std::memset(encrypt_key, 0, key_size);          /* initialize key  */
+
+    uint8_t *ptr; /* Start of the encrypt key*/
+    uint8_t *origin_ptr; /* Start of the origin key */
+    for (ptr = encrypt_key, origin_ptr = (uint8_t*)origin_key;
+            origin_ptr < origin_key_end; ptr++, origin_ptr++) {
+        if (ptr == encrypt_key_end) {
+            /* loop over origin key until we used all key */
+            ptr = encrypt_key;
+        }
+        *ptr ^= *origin_ptr;
+    }
+}
+
+static int do_encrypt(EVP_CIPHER_CTX* aes_ctx, const EVP_CIPHER* cipher,
+        const unsigned char* source, uint32_t source_length, const unsigned char* encrypt_key,
+        const unsigned char* iv, bool padding, unsigned char* encrypt, int* u_len, int* f_len) {
+    int ret = EVP_EncryptInit(aes_ctx, cipher, encrypt_key, iv);
+    if (!ret) {
+        return ret;
+    }
+    ret = EVP_CIPHER_CTX_set_padding(aes_ctx, padding);
+    if (!ret) {
+        return ret;
+    }
+    ret = EVP_EncryptUpdate(aes_ctx, encrypt, u_len, source, source_length);
+    if (!ret) {
+        return ret;
+    }
+    ret = EVP_EncryptFinal(aes_ctx, encrypt + *u_len, f_len);
+    return ret;
+}
+
+int AesUtil::encrypt(AesMode mode, const unsigned char* source, uint32_t source_length,
+        const unsigned char* key, uint32_t key_length, const unsigned char* iv,
+        bool padding, unsigned char* encrypt) {
+    EVP_CIPHER_CTX aes_ctx;
+    const EVP_CIPHER* cipher= get_evp_type(mode);
+    int u_len, f_len;
+    /* The encrypt key to be used for encryption */
+    unsigned char encrypt_key[AES_MAX_KEY_LENGTH / 8];
+    aes_create_key(key, key_length, encrypt_key, mode);
+    
+    if (!cipher || (EVP_CIPHER_iv_length(cipher) > 0 && !iv)) {
+        return AES_BAD_DATA;
 
 Review comment:
   cipher can not be delete by manually or it will core dump

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@doris.apache.org
For additional commands, e-mail: dev-help@doris.apache.org