Navigation Menu

Skip to content

Commit

Permalink
auth: optimize crypto++ key context
Browse files Browse the repository at this point in the history 
The cbc appears to be stateful, but the key is not.

Signed-off-by: Sage Weil <sage@redhat.com>
(cherry picked from commit 7762f18)
  • Loading branch information
@liewegas @jdurgin
liewegas authored and jdurgin committed Jan 8, 2016
1 parent f11718d commit 224bb39
Showing 1 changed file with 23 additions and 13 deletions.
36 changes: 23 additions & 13 deletions src/auth/Crypto.cc
View file
Expand Up @@ -117,21 +117,35 @@ class CryptoAES : public CryptoHandler {

class CryptoAESKeyHandler : public CryptoKeyHandler {
public:
CryptoPP::AES::Encryption *enc_key;
CryptoPP::AES::Decryption *dec_key;

CryptoAESKeyHandler()
: enc_key(NULL),
dec_key(NULL) {}
~CryptoAESKeyHandler() {
delete enc_key;
delete dec_key;
}

int init(const bufferptr& s, ostringstream& err) {
secret = s;

enc_key = new CryptoPP::AES::Encryption(
(byte*)secret.c_str(), CryptoPP::AES::DEFAULT_KEYLENGTH);
dec_key = new CryptoPP::AES::Decryption(
(byte*)secret.c_str(), CryptoPP::AES::DEFAULT_KEYLENGTH);

return 0;
}

void encrypt(const bufferlist& in,
bufferlist& out, std::string &error) const {
const unsigned char *key = (const unsigned char *)secret.c_str();

string ciphertext;
CryptoPP::AES::Encryption aesEncryption(key, CryptoPP::AES::DEFAULT_KEYLENGTH);
CryptoPP::CBC_Mode_ExternalCipher::Encryption cbcEncryption(
aesEncryption, (const byte*)CEPH_AES_IV);
CryptoPP::StringSink *sink = new CryptoPP::StringSink(ciphertext);
CryptoPP::StreamTransformationFilter stfEncryptor(cbcEncryption, sink);
CryptoPP::CBC_Mode_ExternalCipher::Encryption cbc(
*enc_key, (const byte*)CEPH_AES_IV);
CryptoPP::StreamTransformationFilter stfEncryptor(cbc, sink);

for (std::list<bufferptr>::const_iterator it = in.buffers().begin();
it != in.buffers().end(); ++it) {
Expand All @@ -151,15 +165,11 @@ class CryptoAESKeyHandler : public CryptoKeyHandler {

void decrypt(const bufferlist& in,
bufferlist& out, std::string &error) const {
const unsigned char *key = (const unsigned char *)secret.c_str();

CryptoPP::AES::Decryption aesDecryption(key, CryptoPP::AES::DEFAULT_KEYLENGTH);
CryptoPP::CBC_Mode_ExternalCipher::Decryption cbcDecryption(
aesDecryption, (const byte*)CEPH_AES_IV );

string decryptedtext;
CryptoPP::StringSink *sink = new CryptoPP::StringSink(decryptedtext);
CryptoPP::StreamTransformationFilter stfDecryptor(cbcDecryption, sink);
CryptoPP::CBC_Mode_ExternalCipher::Decryption cbc(
*dec_key, (const byte*)CEPH_AES_IV );
CryptoPP::StreamTransformationFilter stfDecryptor(cbc, sink);
for (std::list<bufferptr>::const_iterator it = in.buffers().begin();
it != in.buffers().end(); ++it) {
const unsigned char *in_buf = (const unsigned char *)it->c_str();
Expand Down

0 comments on commit 224bb39

Please sign in to comment.