Tarantool development patches archive
 help / color / mirror / Atom feed
From: Vladislav Shpilevoy <v.shpilevoy@tarantool.org>
To: tarantool-patches@freelists.org
Cc: kostja@tarantool.org
Subject: [tarantool-patches] [PATCH v2 0/3] swim encryption preparation
Date: Mon, 29 Apr 2019 14:07:36 +0300	[thread overview]
Message-ID: <cover.1556535949.git.v.shpilevoy@tarantool.org> (raw)

SWIM needs encryption because it transmits packets affecting cluster state and
topology, probably via public networks between datacenters. Tarantool hasn't had
normal crypto library with useful C API on board until now. OpenSSL was used,
but its API is crazy, and before this patchset it was used in Lua only, via FFI.

The patchset moves existing OpenSSL wrappers into a separate library and extends
it with pretty API. It is going to be used by SWIM.

Branch: http://github.com/tarantool/tarantool/tree/gerold103/crypto-lib

Changes in V2:
- Added new codec 'None';
- Renamed 'encode/decode' to 'encrypt/decrypt';
- Removed usage of constants from crypto.c.

V1: https://www.freelists.org/post/tarantool-patches/PATCH-03-swim-encryption-preparation

Vladislav Shpilevoy (3):
  crypto: move crypto business into a separate library
  crypto: make exported methods conform code style
  crypto: implement crypto codec API and AES 128 encryption

 extra/exports                 |  13 +-
 src/CMakeLists.txt            |   3 +-
 src/lib/CMakeLists.txt        |   1 +
 src/lib/core/diag.h           |   2 +
 src/lib/core/exception.cc     |  25 ++++
 src/lib/core/exception.h      |   7 +
 src/lib/crypto/CMakeLists.txt |   5 +
 src/lib/crypto/crypto.c       | 260 ++++++++++++++++++++++++++++++++++
 src/lib/crypto/crypto.h       | 142 +++++++++++++++++++
 src/lua/crypto.c              |  73 ----------
 src/lua/crypto.h              |  54 -------
 src/lua/crypto.lua            |  42 +++---
 src/main.cc                   |   3 +
 test/unit/CMakeLists.txt      |   3 +
 test/unit/crypto.c            | 191 +++++++++++++++++++++++++
 test/unit/crypto.result       |  40 ++++++
 16 files changed, 706 insertions(+), 158 deletions(-)
 create mode 100644 src/lib/crypto/CMakeLists.txt
 create mode 100644 src/lib/crypto/crypto.c
 create mode 100644 src/lib/crypto/crypto.h
 delete mode 100644 src/lua/crypto.c
 delete mode 100644 src/lua/crypto.h
 create mode 100644 test/unit/crypto.c
 create mode 100644 test/unit/crypto.result

-- 
2.20.1 (Apple Git-117)

             reply	other threads:[~2019-04-29 11:07 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-04-29 11:07 Vladislav Shpilevoy [this message]
2019-04-29 11:07 ` [tarantool-patches] [PATCH v2 1/3] crypto: move crypto business into a separate library Vladislav Shpilevoy
2019-04-29 11:07 ` [tarantool-patches] [PATCH v2 2/3] crypto: make exported methods conform code style Vladislav Shpilevoy
2019-04-29 12:23   ` [tarantool-patches] " Konstantin Osipov
2019-04-29 11:07 ` [tarantool-patches] [PATCH v2 3/3] crypto: implement crypto codec API and AES 128 encryption Vladislav Shpilevoy
2019-04-29 12:24   ` [tarantool-patches] " Konstantin Osipov
2019-04-29 12:29 ` [tarantool-patches] Re: [PATCH v2 0/3] swim encryption preparation Vladislav Shpilevoy

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=cover.1556535949.git.v.shpilevoy@tarantool.org \
    --to=v.shpilevoy@tarantool.org \
    --cc=kostja@tarantool.org \
    --cc=tarantool-patches@freelists.org \
    --subject='Re: [tarantool-patches] [PATCH v2 0/3] swim encryption preparation' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox