[submodule "ceph-erasure-code-corpus"]
path = ceph-erasure-code-corpus
url = https://github.com/ceph/ceph-erasure-code-corpus.git
-
[submodule "src/googletest"]
path = src/googletest
url = https://github.com/ceph/googletest
[submodule "src/zstd"]
path = src/zstd
url = https://github.com/facebook/zstd
+[submodule "src/isa-l_crypto"]
+ path = src/isa-l_crypto
+ url = https://github.com/01org/isa-l_crypto
endif(WITH_TESTS)
add_subdirectory(compressor)
+
add_subdirectory(tools)
+add_subdirectory(isa-l_crypto_plugin)
+
if(WITH_TESTS)
+
configure_file(${CMAKE_SOURCE_DIR}/src/ceph-coverage.in
${CMAKE_RUNTIME_OUTPUT_DIRECTORY}/ceph-coverage @ONLY)
--- /dev/null
+Subproject commit 7a7baca8599811141b6c657c8d3c47c12a855066
--- /dev/null
+set(isal_dir ${CMAKE_SOURCE_DIR}/src/isa-l_crypto)
+
+set(isal_crypto_plugin_srcs
+ isal_crypto_accel.cc
+ isal_crypto_plugin.cc
+ ${isal_dir}/aes/cbc_pre.c
+ ${isal_dir}/aes/cbc_multibinary.asm
+ ${isal_dir}/aes/keyexp_128.asm
+ ${isal_dir}/aes/keyexp_192.asm
+ ${isal_dir}/aes/keyexp_256.asm
+ ${isal_dir}/aes/keyexp_multibinary.asm
+ ${isal_dir}/aes/cbc_dec_128_x4_sse.asm
+ ${isal_dir}/aes/cbc_dec_128_x8_avx.asm
+ ${isal_dir}/aes/cbc_dec_192_x4_sse.asm
+ ${isal_dir}/aes/cbc_dec_192_x8_avx.asm
+ ${isal_dir}/aes/cbc_dec_256_x4_sse.asm
+ ${isal_dir}/aes/cbc_dec_256_x8_avx.asm
+ ${isal_dir}/aes/cbc_enc_128_x4_sb.asm
+ ${isal_dir}/aes/cbc_enc_128_x8_sb.asm
+ ${isal_dir}/aes/cbc_enc_192_x4_sb.asm
+ ${isal_dir}/aes/cbc_enc_192_x8_sb.asm
+ ${isal_dir}/aes/cbc_enc_256_x4_sb.asm
+ ${isal_dir}/aes/cbc_enc_256_x8_sb.asm)
+
+add_library(isal_crypto_plugin_objs OBJECT ${isal_crypto_plugin_srcs})
+target_include_directories(isal_crypto_plugin_objs PRIVATE ${isal_dir}/include)
+set(isal_crypto_plugin_dir ${CMAKE_INSTALL_PKGLIBDIR}/crypto)
+
+add_custom_target(crypto_plugins)
+if(HAVE_GOOD_YASM_ELF64)
+add_dependencies(crypto_plugins ceph_crypto_isal)
+endif(HAVE_GOOD_YASM_ELF64)
+
+add_library(ceph_crypto_isal SHARED ${isal_crypto_plugin_srcs})
+target_include_directories(ceph_crypto_isal PRIVATE ${isal_dir}/include)
+add_dependencies(ceph_crypto_isal ${CMAKE_SOURCE_DIR}/src/ceph_ver.h)
+set_target_properties(ceph_crypto_isal PROPERTIES VERSION 1.0.0 SOVERSION 1)
+install(TARGETS ceph_crypto_isal DESTINATION ${isal_crypto_plugin_dir})
--- /dev/null
+/*
+ * Ceph - scalable distributed file system
+ *
+ * Copyright (C) 2016 Mirantis, Inc.
+ *
+ * Author: Adam Kupczyk <akupczyk@mirantis.com>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ */
+
+#ifndef CRYPTO_ACCEL_H
+#define CRYPTO_ACCEL_H
+#include <cstddef>
+#include "include/Context.h"
+
+class CryptoAccel;
+typedef ceph::shared_ptr<CryptoAccel> CryptoAccelRef;
+
+class CryptoAccel {
+ public:
+ CryptoAccel() {}
+ virtual ~CryptoAccel() {}
+
+ static const int AES_256_IVSIZE = 128/8;
+ static const int AES_256_KEYSIZE = 256/8;
+ virtual bool cbc_encrypt(unsigned char* out, const unsigned char* in, size_t size,
+ const unsigned char (&iv)[AES_256_IVSIZE],
+ const unsigned char (&key)[AES_256_KEYSIZE]) = 0;
+ virtual bool cbc_decrypt(unsigned char* out, const unsigned char* in, size_t size,
+ const unsigned char (&iv)[AES_256_IVSIZE],
+ const unsigned char (&key)[AES_256_KEYSIZE]) = 0;
+};
+#endif
--- /dev/null
+/*
+ * Ceph - scalable distributed file system
+ *
+ * Copyright (C) 2016 Mirantis, Inc.
+ *
+ * Author: Adam Kupczyk <akupczyk@mirantis.com>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ */
+
+#ifndef CRYPTO_PLUGIN_H
+#define CRYPTO_PLUGIN_H
+
+// -----------------------------------------------------------------------------
+#include "include/memory.h"
+#include "common/PluginRegistry.h"
+#include "ostream"
+
+#include "../isa-l_crypto_plugin/crypto_accel.h"
+// -----------------------------------------------------------------------------
+
+class CryptoPlugin : public Plugin {
+
+public:
+ explicit CryptoPlugin(CephContext* cct) : Plugin(cct)
+ {}
+ ~CryptoPlugin()
+ {}
+ virtual int factory(CryptoAccelRef *cs,
+ std::ostream *ss) = 0;
+};
+#endif
--- /dev/null
+/*
+ * Ceph - scalable distributed file system
+ *
+ * Copyright (C) 2016 Mirantis, Inc.
+ *
+ * Author: Adam Kupczyk <akupczyk@mirantis.com>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ */
+
+#include "../isa-l_crypto_plugin/isal_crypto_accel.h"
+
+#include <isa-l_crypto/include/aes_cbc.h>
+
+bool ISALCryptoAccel::cbc_encrypt(unsigned char* out, const unsigned char* in, size_t size,
+ const unsigned char (&iv)[AES_256_IVSIZE],
+ const unsigned char (&key)[AES_256_KEYSIZE])
+{
+ if ((size % AES_256_IVSIZE) != 0) {
+ return false;
+ }
+ struct cbc_key_data *keys_blk = (struct cbc_key_data*) memalign(16, sizeof(struct cbc_key_data));
+ aes_cbc_precomp(const_cast<unsigned char*>(&key[0]), AES_256_KEYSIZE, keys_blk);
+ aes_cbc_enc_256(const_cast<unsigned char*>(in),
+ const_cast<unsigned char*>(&iv[0]), keys_blk->enc_keys, out, size);
+ free(keys_blk);
+ return true;
+}
+bool ISALCryptoAccel::cbc_decrypt(unsigned char* out, const unsigned char* in, size_t size,
+ const unsigned char (&iv)[AES_256_IVSIZE],
+ const unsigned char (&key)[AES_256_KEYSIZE])
+{
+ if ((size % AES_256_IVSIZE) != 0) {
+ return false;
+ }
+ struct cbc_key_data *keys_blk = (struct cbc_key_data*) memalign(16, sizeof(struct cbc_key_data));
+ aes_cbc_precomp(const_cast<unsigned char*>(&key[0]), AES_256_KEYSIZE, keys_blk);
+ aes_cbc_dec_256(const_cast<unsigned char*>(in), const_cast<unsigned char*>(&iv[0]), keys_blk->dec_keys, out, size);
+ free(keys_blk);
+ return true;
+}
--- /dev/null
+/*
+ * Ceph - scalable distributed file system
+ *
+ * Copyright (C) 2016 Mirantis, Inc.
+ *
+ * Author: Adam Kupczyk <akupczyk@mirantis.com>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ */
+
+#ifndef ISAL_CRYPTO_ACCEL_H
+#define ISAL_CRYPTO_ACCEL_H
+#include "../isa-l_crypto_plugin/crypto_accel.h"
+
+
+class ISALCryptoAccel : public CryptoAccel {
+ public:
+ ISALCryptoAccel() {}
+ virtual ~ISALCryptoAccel() {}
+
+ bool cbc_encrypt(unsigned char* out, const unsigned char* in, size_t size,
+ const unsigned char (&iv)[AES_256_IVSIZE],
+ const unsigned char (&key)[AES_256_KEYSIZE]) override;
+ bool cbc_decrypt(unsigned char* out, const unsigned char* in, size_t size,
+ const unsigned char (&iv)[AES_256_IVSIZE],
+ const unsigned char (&key)[AES_256_KEYSIZE]) override;
+};
+#endif
--- /dev/null
+/*
+ * Ceph - scalable distributed file system
+ *
+ * Copyright (C) 2016 Mirantis, Inc.
+ *
+ * Author: Adam Kupczyk <akupczykd@mirantis.com>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ */
+
+
+// -----------------------------------------------------------------------------
+#include "../isa-l_crypto_plugin/isal_crypto_plugin.h"
+
+#include "ceph_ver.h"
+// -----------------------------------------------------------------------------
+
+const char *__ceph_plugin_version()
+{
+ return CEPH_GIT_NICE_VER;
+}
+
+int __ceph_plugin_init(CephContext *cct,
+ const std::string& type,
+ const std::string& name)
+{
+ PluginRegistry *instance = cct->get_plugin_registry();
+
+ return instance->add(type, name, new ISALCryptoPlugin(cct));
+}
--- /dev/null
+/*
+ * Ceph - scalable distributed file system
+ *
+ * Copyright (C) 2016 Mirantis, Inc.
+ *
+ * Author: Adam Kupczyk <akupczyk@mirantis.com>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ */
+
+#ifndef ISAL_CRYPTO_PLUGIN_H
+#define ISAL_CRYPTO_PLUGIN_H
+// -----------------------------------------------------------------------------
+#include "../isa-l_crypto_plugin/crypto_plugin.h"
+#include "../isa-l_crypto_plugin/isal_crypto_accel.h"
+// -----------------------------------------------------------------------------
+
+
+class ISALCryptoPlugin : public CryptoPlugin {
+
+ CryptoAccelRef cryptoaccel;
+public:
+
+ explicit ISALCryptoPlugin(CephContext* cct) : CryptoPlugin(cct)
+ {}
+ ~ISALCryptoPlugin()
+ {}
+ virtual int factory(CryptoAccelRef *cs,
+ ostream *ss)
+ {
+ if (cryptoaccel == nullptr)
+ {
+ cryptoaccel = CryptoAccelRef(new ISALCryptoAccel);
+ }
+ *cs = cryptoaccel;
+ return 0;
+ }
+};
+#endif
target_link_libraries(os kv)
add_dependencies(os compressor_plugins)
+add_dependencies(os ceph_crypto_isal)
+
if(HAVE_LIBAIO)
add_executable(ceph-bluestore-tool
#include "include/assert.h"
#include <boost/utility/string_ref.hpp>
#include <rgw/rgw_keystone.h>
+#include "../isa-l_crypto_plugin/crypto_accel.h"
+#include "../isa-l_crypto_plugin/crypto_plugin.h"
#ifdef USE_NSS
# include <nspr.h>
{ 'a', 'e', 's', '2', '5', '6', 'i', 'v', '_', 'c', 't', 'r', '1', '3', '3', '7' };
+CryptoAccelRef get_crypto_accel(CephContext *cct)
+{
+ CryptoAccelRef ca_impl = nullptr;
+ stringstream ss;
+ PluginRegistry *reg = cct->get_plugin_registry();
+ string crypto_accel_type = cct->_conf->async_compressor_type; //fixme
+ crypto_accel_type = "crypto_isal";
+
+ CryptoPlugin *factory = dynamic_cast<CryptoPlugin*>(reg->get_with_load("cryptoaccel", crypto_accel_type));
+ if (factory == nullptr) {
+ lderr(cct) << __func__ << " cannot load crypto accelerator of type " << crypto_accel_type << dendl;
+ return nullptr;
+ }
+ int err = factory->factory(&ca_impl, &ss);
+ if (err)
+ lderr(cct) << __func__ << " factory return error " << err << dendl;
+ return ca_impl;
+}
+
+
/**
* Encryption in CBC mode. Chunked to 4K blocks. offset is used as IV for 4K block.
*/
#ifdef USE_CRYPTOPP
bool cbc_transform(unsigned char* out, const unsigned char* in, size_t size,
- unsigned char iv[AES_256_IVSIZE],
- unsigned char key[AES_256_KEYSIZE],
+ const unsigned char (&iv)[AES_256_IVSIZE],
+ const unsigned char (&key)[AES_256_KEYSIZE],
bool encrypt) {
if (encrypt) {
CBC_Mode< AES >::Encryption e;
#elif defined(USE_NSS)
bool cbc_transform(unsigned char* out, const unsigned char* in, size_t size,
- unsigned char iv[AES_256_IVSIZE],
- unsigned char key[AES_256_KEYSIZE],
+ const unsigned char (&iv)[AES_256_IVSIZE],
+ const unsigned char (&key)[AES_256_KEYSIZE],
bool encrypt) {
bool result = false;
PK11SlotInfo *slot;
slot = PK11_GetBestSlot(CKM_AES_CBC, NULL);
if (slot) {
keyItem.type = siBuffer;
- keyItem.data = key;
+ keyItem.data = const_cast<unsigned char*>(&key[0]);
keyItem.len = AES_256_KEYSIZE;
symkey = PK11_ImportSymKey(slot, CKM_AES_CBC, PK11_OriginUnwrap, CKA_UNWRAP, &keyItem, NULL);
if (symkey) {
#error Must define USE_CRYPTOPP or USE_NSS
#endif
+
+
bool cbc_transform(unsigned char* out, const unsigned char* in, size_t size,
off_t stream_offset,
- unsigned char key[AES_256_KEYSIZE],
+ const unsigned char (&key)[AES_256_KEYSIZE],
bool encrypt) {
+ static CryptoAccelRef crypto_accel = get_crypto_accel(cct);
+ //compressor(Compressor::create(c, c->_conf->async_compressor_type))
bool result = true;
unsigned char iv[AES_256_IVSIZE];
for (size_t offset = 0; result && (offset < size); offset += CHUNK_SIZE) {
+ size_t process_size = offset + CHUNK_SIZE <= size ? CHUNK_SIZE : size - offset;
prepare_iv(iv, stream_offset + offset);
- result = cbc_transform(
- out + offset, in + offset, offset + CHUNK_SIZE <= size ? CHUNK_SIZE : size - offset,
- iv, key, encrypt);
+ if (crypto_accel != nullptr) {
+ if (encrypt) {
+ result = crypto_accel->cbc_encrypt(out + offset, in + offset,
+ process_size, iv, key);
+ } else {
+ result = crypto_accel->cbc_decrypt(out + offset, in + offset,
+ process_size, iv, key);
+ }
+ } else {
+ result = cbc_transform(
+ out + offset, in + offset, process_size,
+ iv, key, encrypt);
+ }
}
return result;
}
unsigned char* buf_raw = reinterpret_cast<unsigned char*>(buf.c_str());
unsigned char* input_raw = reinterpret_cast<unsigned char*>(input.c_str());
unsigned char iv[AES_256_IVSIZE];
-
result = cbc_transform(buf_raw,
input_raw + in_ofs,
aligned_size,
projects / ceph.git / commitdiff