« back to all changes in this revision
Viewing changes to src/xbcrypt.c
- browse files at revision 520
- compare with another revision
- download diff
- download tarball
- view history from revision 520
- Committer: Alexey Kopytov
- Date: 2013-03-18 12:00:49 UTC
- mfrom: (516.1.1 xb-2.1-encrypted_stream)
- Revision ID: akopytov@gmail.com-20130318120049-r71tx1ckhvk1jsts
MergedĀ lp:~gl-az/percona-xtrabackup/BT-23557-2.1-encrypted_stream.
- files added:
- src/ds_archive.c
- files renamed:
- src/ds_stream.c => src/ds_xbstream.c
- src/ds_stream.h => src/ds_xbstream.h
- files modified:
- innobackupex
added
removed
src/xbcrypt.c
1
/******************************************************
2
Copyright (c) 2011 Percona Ireland Ltd.
3
4
The xbcrypt utility: decrypt files in the XBCRYPT format.
5
6
This program is free software; you can redistribute it and/or modify
7
it under the terms of the GNU General Public License as published by
8
the Free Software Foundation; version 2 of the License.
9
10
This program is distributed in the hope that it will be useful,
11
but WITHOUT ANY WARRANTY; without even the implied warranty of
12
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
GNU General Public License for more details.
14
15
You should have received a copy of the GNU General Public License
16
along with this program; if not, write to the Free Software
17
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18
19
*******************************************************/
20
21
#include <my_base.h>
22
#include <my_getopt.h>
23
#include "common.h"
24
#include "xbcrypt.h"
25
#include <gcrypt.h>
26
27
GCRY_THREAD_OPTION_PTHREAD_IMPL;
28
29
#define XBCRYPT_VERSION "1.0"
30
31
typedef enum {
32
RUN_MODE_NONE,
33
RUN_MODE_ENCRYPT,
34
RUN_MODE_DECRYPT
35
} run_mode_t;
36
37
const char *xbcrypt_encrypt_algo_names[] =
38
{ "NONE", "AES128", "AES192", "AES256", NullS};
39
TYPELIB xbcrypt_encrypt_algo_typelib=
40
{array_elements(xbcrypt_encrypt_algo_names)-1,"",
41
xbcrypt_encrypt_algo_names, NULL};
42
43
static run_mode_t opt_run_mode = RUN_MODE_ENCRYPT;
44
static char *opt_input_file = NULL;
45
static char *opt_output_file = NULL;
46
static ulong opt_encrypt_algo;
47
static char *opt_encrypt_key_file = NULL;
48
static void *opt_encrypt_key = NULL;
49
static ulonglong opt_encrypt_chunk_size = 0;
50
static my_bool opt_verbose = FALSE;
51
52
static uint encrypt_algos[] = { GCRY_CIPHER_NONE,
53
GCRY_CIPHER_AES128,
54
GCRY_CIPHER_AES192,
55
GCRY_CIPHER_AES256 };
56
static int encrypt_algo = 0;
57
static int encrypt_mode = GCRY_CIPHER_MODE_CTR;
58
static uint encrypt_key_len = 0;
59
static const unsigned char encrypt_iv[] =
60
"Percona Xtrabackup is Awesome!!!";
61
static size_t encrypt_iv_len = 0;
62
63
static struct my_option my_long_options[] =
64
{
65
{"help", '?', "Display this help and exit.",
66
0, 0, 0, GET_NO_ARG, NO_ARG, 0, 0, 0, 0, 0, 0},
67
68
{"decrypt", 'd', "Decrypt data input to output.",
69
0, 0, 0,
70
GET_NO_ARG, NO_ARG, 0, 0, 0, 0, 0, 0},
71
72
{"input", 'i', "Optional input file. If not specified, input"
73
" will be read from standard input.",
74
&opt_input_file, &opt_input_file, 0,
75
GET_STR_ALLOC, REQUIRED_ARG, 0, 0, 0, 0, 0, 0},
76
77
{"output", 'o', "Optional output file. If not specified, output"
78
" will be written to standard output.",
79
&opt_output_file, &opt_output_file, 0,
80
GET_STR_ALLOC, REQUIRED_ARG, 0, 0, 0, 0, 0, 0},
81
82
{"encrypt-algo", 'a', "Encryption algorithm.",
83
&opt_encrypt_algo, &opt_encrypt_algo, &xbcrypt_encrypt_algo_typelib,
84
GET_ENUM, REQUIRED_ARG, 0, 0, 0, 0, 0, 0},
85
86
{"encrypt-key", 'k', "Encryption key.",
87
&opt_encrypt_key, &opt_encrypt_key, 0,
88
GET_STR_ALLOC, REQUIRED_ARG, 0, 0, 0, 0, 0, 0},
89
90
{"encrypt-key-file", 'f', "File which contains encryption key.",
91
&opt_encrypt_key_file, &opt_encrypt_key_file, 0,
92
GET_STR_ALLOC, REQUIRED_ARG, 0, 0, 0, 0, 0, 0},
93
94
{"encrypt-chunk-size", 's', "Size of working buffer for encryption in"
95
" bytes. The default value is 64K.",
96
&opt_encrypt_chunk_size, &opt_encrypt_chunk_size, 0,
97
GET_ULL, REQUIRED_ARG, (1 << 16), 1024, ULONGLONG_MAX, 0, 0, 0},
98
99
{"verbose", 'v', "Display verbose status output.",
100
&opt_verbose, &opt_verbose,
101
0, GET_BOOL, NO_ARG, 0, 0, 0, 0, 0, 0},
102
{0, 0, 0, 0, 0, 0, GET_NO_ARG, NO_ARG, 0, 0, 0, 0, 0, 0}
103
};
104
105
static
106
int
107
get_options(int *argc, char ***argv);
108
109
static
110
my_bool
111
get_one_option(int optid, const struct my_option *opt __attribute__((unused)),
112
char *argument __attribute__((unused)));
113
114
static
115
void
116
print_version(void);
117
118
static
119
void
120
usage(void);
121
122
static
123
int
124
mode_decrypt(File filein, File fileout);
125
126
static
127
int
128
mode_encrypt(File filein, File fileout);
129
130
int
131
main(int argc, char **argv)
132
{
133
gcry_error_t gcry_error;
134
File filein = 0;
135
File fileout = 0;
136
137
MY_INIT(argv[0]);
138
139
if (get_options(&argc, &argv)) {
140
goto err;
141
}
142
143
/* Acording to gcrypt docs (and my testing), setting up the threading
144
callbacks must be done first, so, lets give it a shot */
145
gcry_error = gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
146
if (gcry_error) {
147
msg("%s: unable to set libgcrypt thread cbs - "
148
"%s : %s\n", my_progname,
149
gcry_strsource(gcry_error),
150
gcry_strerror(gcry_error));
151
return 1;
152
}
153
154
/* Version check should be the very first call because it
155
makes sure that important subsystems are intialized. */
156
if (!gcry_control(GCRYCTL_ANY_INITIALIZATION_P)) {
157
const char *gcrypt_version;
158
gcrypt_version = gcry_check_version(NULL);
159
/* No other library has already initialized libgcrypt. */
160
if (!gcrypt_version) {
161
msg("%s: failed to initialize libgcrypt\n",
162
my_progname);
163
return 1;
164
} else if (opt_verbose) {
165
msg("%s: using gcrypt %s\n", my_progname,
166
gcrypt_version);
167
}
168
}
169
gcry_control(GCRYCTL_DISABLE_SECMEM, 0);
170
gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
171
172
/* Determine the algorithm */
173
encrypt_algo = encrypt_algos[opt_encrypt_algo];
174
175
/* Set up the iv length */
176
encrypt_iv_len = gcry_cipher_get_algo_blklen(encrypt_algo);
177
178
/* Now set up the key */
179
if (opt_encrypt_key == NULL && opt_encrypt_key_file == NULL) {
180
msg("%s: no encryption key or key file specified.\n",
181
my_progname);
182
return 1;
183
} else if (opt_encrypt_key && opt_encrypt_key_file) {
184
msg("%s: both encryption key and key file specified.\n",
185
my_progname);
186
return 1;
187
} else if (opt_encrypt_key_file) {
188
if (!xb_crypt_read_key_file(opt_encrypt_key_file,
189
&opt_encrypt_key,
190
&encrypt_key_len)) {
191
msg("%s: unable to read encryption key file \"%s\".\n",
192
opt_encrypt_key_file, my_progname);
193
return 1;
194
}
195
} else {
196
encrypt_key_len = strlen(opt_encrypt_key);
197
}
198
199
if (opt_input_file) {
200
MY_STAT mystat;
201
202
if (opt_verbose)
203
msg("%s: input file \"%s\".\n", my_progname,
204
opt_input_file);
205
206
if (my_stat(opt_input_file, &mystat, MYF(MY_WME)) == NULL) {
207
goto err;
208
}
209
if (!MY_S_ISREG(mystat.st_mode)) {
210
msg("%s: \"%s\" is not a regular file, exiting.\n",
211
my_progname, opt_input_file);
212
goto err;
213
}
214
if ((filein = my_open(opt_input_file, O_RDONLY, MYF(MY_WME)))
215
< 0) {
216
msg("%s: failed to open \"%s\".\n", my_progname,
217
opt_input_file);
218
goto err;
219
}
220
} else {
221
if (opt_verbose)
222
msg("%s: input from standard input.\n", my_progname);
223
filein = fileno(stdin);
224
}
225
226
if (opt_output_file) {
227
if (opt_verbose)
228
msg("%s: output file \"%s\".\n", my_progname,
229
opt_output_file);
230
231
if ((fileout = my_create(opt_output_file, 0,
232
O_WRONLY|O_BINARY|O_EXCL|O_NOFOLLOW,
233
MYF(MY_WME))) < 0) {
234
msg("%s: failed to create output file \"%s\".\n",
235
my_progname, opt_output_file);
236
goto err;
237
}
238
} else {
239
if (opt_verbose)
240
msg("%s: output to standard output.\n", my_progname);
241
fileout = fileno(stdout);
242
}
243
244
if (opt_run_mode == RUN_MODE_DECRYPT
245
&& mode_decrypt(filein, fileout)) {
246
goto err;
247
} else if (opt_run_mode == RUN_MODE_ENCRYPT
248
&& mode_encrypt(filein, fileout)) {
249
goto err;
250
}
251
252
if (opt_input_file && filein) {
253
my_close(filein, MYF(MY_WME));
254
}
255
if (opt_output_file && fileout) {
256
my_close(fileout, MYF(MY_WME));
257
}
258
259
my_cleanup_options(my_long_options);
260
261
my_end(0);
262
263
return EXIT_SUCCESS;
264
err:
265
if (opt_input_file && filein) {
266
my_close(filein, MYF(MY_WME));
267
}
268
if (opt_output_file && fileout) {
269
my_close(fileout, MYF(MY_WME));
270
}
271
272
my_cleanup_options(my_long_options);
273
274
my_end(0);
275
276
exit(EXIT_FAILURE);
277
278
}
279
280
281
static
282
ssize_t
283
my_xb_crypt_read_callback(void *userdata, void *buf, size_t len)
284
{
285
File* file = (File *) userdata;
286
return my_read(*file, buf, len, MYF(MY_WME));
287
}
288
289
static
290
int
291
mode_decrypt(File filein, File fileout)
292
{
293
xb_rcrypt_t *xbcrypt_file = NULL;
294
void *chunkbuf = NULL;
295
size_t chunksize;
296
size_t originalsize;
297
void *decryptbuf = NULL;
298
size_t decryptbufsize = 0;
299
ulonglong ttlchunksread = 0;
300
ulonglong ttlbytesread = 0;
301
xb_rcrypt_result_t result;
302
gcry_cipher_hd_t cipher_handle;
303
gcry_error_t gcry_error;
304
305
if (encrypt_algo != GCRY_CIPHER_NONE) {
306
gcry_error = gcry_cipher_open(&cipher_handle,
307
encrypt_algo,
308
encrypt_mode, 0);
309
if (gcry_error) {
310
msg("%s:decrypt: unable to open libgcrypt"
311
" cipher - %s : %s\n", my_progname,
312
gcry_strsource(gcry_error),
313
gcry_strerror(gcry_error));
314
return 1;
315
}
316
317
gcry_error = gcry_cipher_setkey(cipher_handle,
318
opt_encrypt_key,
319
encrypt_key_len);
320
if (gcry_error) {
321
msg("%s:decrypt: unable to set libgcrypt cipher"
322
"key - %s : %s\n", my_progname,
323
gcry_strsource(gcry_error),
324
gcry_strerror(gcry_error));
325
goto err;
326
}
327
}
328
329
/* Initialize the xb_crypt format reader */
330
xbcrypt_file = xb_crypt_read_open(&filein, my_xb_crypt_read_callback);
331
if (xbcrypt_file == NULL) {
332
msg("%s:decrypt: xb_crypt_read_open() failed.\n", my_progname);
333
goto err;
334
}
335
336
/* Walk the encrypted chunks, decrypting them and writing out */
337
while ((result = xb_crypt_read_chunk(xbcrypt_file, &chunkbuf,
338
&originalsize, &chunksize))
339
== XB_CRYPT_READ_CHUNK) {
340
341
if (encrypt_algo != GCRY_CIPHER_NONE) {
342
gcry_error = gcry_cipher_reset(cipher_handle);
343
if (gcry_error) {
344
msg("%s:decrypt: unable to reset libgcrypt"
345
" cipher - %s : %s\n", my_progname,
346
gcry_strsource(gcry_error),
347
gcry_strerror(gcry_error));
348
goto err;
349
}
350
351
gcry_error = gcry_cipher_setiv(cipher_handle,
352
encrypt_iv,
353
encrypt_iv_len);
354
if (gcry_error) {
355
msg("%s:decrypt: unable to set cipher iv - "
356
"%s : %s\n", my_progname,
357
gcry_strsource(gcry_error),
358
gcry_strerror(gcry_error));
359
continue;
360
}
361
362
if (decryptbufsize < originalsize) {
363
if (decryptbufsize) {
364
decryptbuf = my_realloc(decryptbuf,
365
originalsize,
366
MYF(MY_WME));
367
decryptbufsize = originalsize;
368
} else {
369
decryptbuf = my_malloc(originalsize,
370
MYF(MY_WME));
371
decryptbufsize = originalsize;
372
}
373
}
374
375
/* Try to decrypt it */
376
gcry_error = gcry_cipher_decrypt(cipher_handle,
377
decryptbuf,
378
originalsize,
379
chunkbuf,
380
chunksize);
381
if (gcry_error) {
382
msg("%s:decrypt: unable to decrypt chunk - "
383
"%s : %s\n", my_progname,
384
gcry_strsource(gcry_error),
385
gcry_strerror(gcry_error));
386
gcry_cipher_close(cipher_handle);
387
goto err;
388
}
389
390
} else {
391
decryptbuf = chunkbuf;
392
}
393
394
/* Write it out */
395
if (my_write(fileout, decryptbuf, originalsize,
396
MYF(MY_WME | MY_NABP))) {
397
msg("%s:decrypt: unable to write output chunk.\n",
398
my_progname);
399
goto err;
400
}
401
ttlchunksread++;
402
ttlbytesread += chunksize;
403
if (opt_verbose)
404
msg("%s:decrypt: %llu chunks read, %llu bytes read\n.",
405
my_progname, ttlchunksread, ttlbytesread);
406
}
407
408
xb_crypt_read_close(xbcrypt_file);
409
410
if (encrypt_algo != GCRY_CIPHER_NONE)
411
gcry_cipher_close(cipher_handle);
412
413
if (decryptbuf && decryptbufsize)
414
MY_FREE(decryptbuf);
415
416
if (opt_verbose)
417
msg("\n%s:decrypt: done\n", my_progname);
418
419
return 0;
420
err:
421
if (xbcrypt_file)
422
xb_crypt_read_close(xbcrypt_file);
423
424
if (encrypt_algo != GCRY_CIPHER_NONE)
425
gcry_cipher_close(cipher_handle);
426
427
if (decryptbuf && decryptbufsize)
428
MY_FREE(decryptbuf);
429
430
return 1;
431
}
432
433
static
434
ssize_t
435
my_xb_crypt_write_callback(void *userdata, const void *buf, size_t len)
436
{
437
File* file = (File *) userdata;
438
439
ssize_t ret = my_write(*file, buf, len, MYF(MY_WME));
440
posix_fadvise(*file, 0, 0, POSIX_FADV_DONTNEED);
441
return ret;
442
}
443
444
static
445
int
446
mode_encrypt(File filein, File fileout)
447
{
448
size_t bytesread;
449
size_t chunkbuflen;
450
void *chunkbuf = NULL;
451
size_t encryptbuflen = 0;
452
size_t encryptedlen = 0;
453
void *encryptbuf = NULL;
454
ulonglong ttlchunkswritten = 0;
455
ulonglong ttlbyteswritten = 0;
456
xb_wcrypt_t *xbcrypt_file = NULL;
457
gcry_cipher_hd_t cipher_handle;
458
gcry_error_t gcry_error;
459
460
if (encrypt_algo != GCRY_CIPHER_NONE) {
461
gcry_error = gcry_cipher_open(&cipher_handle,
462
encrypt_algo,
463
encrypt_mode, 0);
464
if (gcry_error) {
465
msg("%s:encrypt: unable to open libgcrypt cipher - "
466
"%s : %s\n", my_progname,
467
gcry_strsource(gcry_error),
468
gcry_strerror(gcry_error));
469
return 1;
470
}
471
472
gcry_error = gcry_cipher_setkey(cipher_handle,
473
opt_encrypt_key,
474
encrypt_key_len);
475
if (gcry_error) {
476
msg("%s:encrypt: unable to set libgcrypt cipher key - "
477
"%s : %s\n", my_progname,
478
gcry_strsource(gcry_error),
479
gcry_strerror(gcry_error));
480
goto err;
481
}
482
}
483
484
posix_fadvise(filein, 0, 0, POSIX_FADV_SEQUENTIAL);
485
486
xbcrypt_file = xb_crypt_write_open(&fileout,
487
my_xb_crypt_write_callback);
488
if (xbcrypt_file == NULL) {
489
msg("%s:encrypt: xb_crypt_write_open() failed.\n",
490
my_progname);
491
goto err;
492
}
493
494
/* now read in data in chunk size, encryptand write out */
495
chunkbuflen = opt_encrypt_chunk_size;
496
chunkbuf = my_malloc(chunkbuflen, MYF(MY_FAE));
497
while ((bytesread = my_read(filein, chunkbuf, chunkbuflen,
498
MYF(MY_WME))) > 0) {
499
500
if (encrypt_algo != GCRY_CIPHER_NONE) {
501
gcry_error = gcry_cipher_reset(cipher_handle);
502
503
if (gcry_error) {
504
msg("%s:encrypt: unable to reset cipher - "
505
"%s : %s\n", my_progname,
506
gcry_strsource(gcry_error),
507
gcry_strerror(gcry_error));
508
goto err;
509
}
510
gcry_error = gcry_cipher_setiv(cipher_handle,
511
encrypt_iv,
512
encrypt_iv_len);
513
514
if (gcry_error) {
515
msg("%s:encrypt: unable to set cipher iv - "
516
"%s : %s\n", my_progname,
517
gcry_strsource(gcry_error),
518
gcry_strerror(gcry_error));
519
continue;
520
}
521
522
if (encryptbuflen < bytesread) {
523
if (encryptbuflen) {
524
encryptbuf = my_realloc(encryptbuf,
525
bytesread,
526
MYF(MY_WME));
527
encryptbuflen = bytesread;
528
} else {
529
encryptbuf = my_malloc(bytesread,
530
MYF(MY_WME));
531
encryptbuflen = bytesread;
532
}
533
}
534
535
gcry_error = gcry_cipher_encrypt(cipher_handle,
536
encryptbuf,
537
encryptbuflen,
538
chunkbuf,
539
bytesread);
540
541
encryptedlen = bytesread;
542
543
if (gcry_error) {
544
msg("%s:encrypt: unable to encrypt chunk - "
545
"%s : %s\n", my_progname,
546
gcry_strsource(gcry_error),
547
gcry_strerror(gcry_error));
548
gcry_cipher_close(cipher_handle);
549
goto err;
550
}
551
} else {
552
encryptedlen = bytesread;
553
encryptbuf = chunkbuf;
554
}
555
556
if (xb_crypt_write_chunk(xbcrypt_file, encryptbuf, bytesread, encryptedlen)) {
557
msg("%s:encrypt: abcrypt_write_chunk() failed.\n",
558
my_progname);
559
goto err;
560
}
561
562
ttlchunkswritten++;
563
ttlbyteswritten += encryptedlen;
564
565
if (opt_verbose)
566
msg("%s:encrypt: %llu chunks written, %llu bytes "
567
"written\n.", my_progname, ttlchunkswritten,
568
ttlbyteswritten);
569
}
570
571
MY_FREE(chunkbuf);
572
573
if (encryptbuf && encryptbuflen)
574
MY_FREE(encryptbuf);
575
576
xb_crypt_write_close(xbcrypt_file);
577
578
if (encrypt_algo != GCRY_CIPHER_NONE)
579
gcry_cipher_close(cipher_handle);
580
581
if (opt_verbose)
582
msg("\n%s:encrypt: done\n", my_progname);
583
584
return 0;
585
err:
586
if (chunkbuf)
587
MY_FREE(chunkbuf);
588
589
if (encryptbuf && encryptbuflen)
590
MY_FREE(encryptbuf);
591
592
if (xbcrypt_file)
593
xb_crypt_write_close(xbcrypt_file);
594
595
if (encrypt_algo != GCRY_CIPHER_NONE)
596
gcry_cipher_close(cipher_handle);
597
598
return 1;
599
}
600
601
static
602
int
603
get_options(int *argc, char ***argv)
604
{
605
int ho_error;
606
607
if ((ho_error= handle_options(argc, argv, my_long_options,
608
get_one_option))) {
609
exit(EXIT_FAILURE);
610
}
611
612
return 0;
613
}
614
615
static
616
my_bool
617
get_one_option(int optid, const struct my_option *opt __attribute__((unused)),
618
char *argument __attribute__((unused)))
619
{
620
switch (optid) {
621
case 'd':
622
opt_run_mode = RUN_MODE_DECRYPT;
623
break;
624
case '?':
625
usage();
626
exit(0);
627
}
628
629
return FALSE;
630
}
631
632
static
633
void
634
print_version(void)
635
{
636
printf("%s Ver %s for %s (%s)\n", my_progname, XBCRYPT_VERSION,
637
SYSTEM_TYPE, MACHINE_TYPE);
638
}
639
640
static
641
void
642
usage(void)
643
{
644
print_version();
645
puts("Copyright (C) 2011 Percona Inc.");
646
puts("This software comes with ABSOLUTELY NO WARRANTY. "
647
"This is free software,\nand you are welcome to modify and "
648
"redistribute it under the GPL license.\n");
649
650
puts("Encrypt or decrypt files in the XBCRYPT format.\n");
651
652
puts("Usage: ");
653
printf(" %s [OPTIONS...]"
654
" # read data from specified input, encrypting or decrypting "
655
" and writing the result to the specified output.\n",
656
my_progname);
657
puts("\nOptions:");
658
my_print_help(my_long_options);
659
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.1