From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id F02C522A59 for ; Mon, 29 Apr 2019 07:07:42 -0400 (EDT) Received: from turing.freelists.org ([127.0.0.1]) by localhost (turing.freelists.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HLffHJhkrPgS for ; Mon, 29 Apr 2019 07:07:42 -0400 (EDT) Received: from smtpng1.m.smailru.net (smtpng1.m.smailru.net [94.100.181.251]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTPS id B020F1FAC1 for ; Mon, 29 Apr 2019 07:07:42 -0400 (EDT) From: Vladislav Shpilevoy Subject: [tarantool-patches] [PATCH v2 0/3] swim encryption preparation Date: Mon, 29 Apr 2019 14:07:36 +0300 Message-Id: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: tarantool-patches-bounce@freelists.org Errors-to: tarantool-patches-bounce@freelists.org Reply-To: tarantool-patches@freelists.org List-Help: List-Unsubscribe: List-software: Ecartis version 1.0.0 List-Id: tarantool-patches List-Subscribe: List-Owner: List-post: List-Archive: To: tarantool-patches@freelists.org Cc: kostja@tarantool.org SWIM needs encryption because it transmits packets affecting cluster state and topology, probably via public networks between datacenters. Tarantool hasn't had normal crypto library with useful C API on board until now. OpenSSL was used, but its API is crazy, and before this patchset it was used in Lua only, via FFI. The patchset moves existing OpenSSL wrappers into a separate library and extends it with pretty API. It is going to be used by SWIM. Branch: http://github.com/tarantool/tarantool/tree/gerold103/crypto-lib Changes in V2: - Added new codec 'None'; - Renamed 'encode/decode' to 'encrypt/decrypt'; - Removed usage of constants from crypto.c. V1: https://www.freelists.org/post/tarantool-patches/PATCH-03-swim-encryption-preparation Vladislav Shpilevoy (3): crypto: move crypto business into a separate library crypto: make exported methods conform code style crypto: implement crypto codec API and AES 128 encryption extra/exports | 13 +- src/CMakeLists.txt | 3 +- src/lib/CMakeLists.txt | 1 + src/lib/core/diag.h | 2 + src/lib/core/exception.cc | 25 ++++ src/lib/core/exception.h | 7 + src/lib/crypto/CMakeLists.txt | 5 + src/lib/crypto/crypto.c | 260 ++++++++++++++++++++++++++++++++++ src/lib/crypto/crypto.h | 142 +++++++++++++++++++ src/lua/crypto.c | 73 ---------- src/lua/crypto.h | 54 ------- src/lua/crypto.lua | 42 +++--- src/main.cc | 3 + test/unit/CMakeLists.txt | 3 + test/unit/crypto.c | 191 +++++++++++++++++++++++++ test/unit/crypto.result | 40 ++++++ 16 files changed, 706 insertions(+), 158 deletions(-) create mode 100644 src/lib/crypto/CMakeLists.txt create mode 100644 src/lib/crypto/crypto.c create mode 100644 src/lib/crypto/crypto.h delete mode 100644 src/lua/crypto.c delete mode 100644 src/lua/crypto.h create mode 100644 test/unit/crypto.c create mode 100644 test/unit/crypto.result -- 2.20.1 (Apple Git-117)