Bacula-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Bacula-users] PATCH: add AES-ECB support to Bacula

2010-04-07 06:57:39
Subject: [Bacula-users] PATCH: add AES-ECB support to Bacula
From: Craig Ringer <craig AT postnewspapers.com DOT au>
To: bacula-users <bacula-users AT lists.sourceforge DOT net>
Date: Wed, 07 Apr 2010 18:52:40 +0800 
Bacula currently only uses the AES CBC cypher mode. This cypher can't be
effectively parallelized because block n+1 depends on block n.

The AES ECB mode was developed to address that limitation. Support for
it is built into OpenSSL 0.9.8 . This trivial patch adds appropriate
entries in the public crypto.h enum for cyphers so that the AES ECB mode
may be requested by the fd, and translates this into OpenSSL cypher
settings in crypto.c .

OpenSSL doesn't automatically do ECB encryption in parallel. However,
unlike the currently used CBC mode, it's possible to do.

Right now, this patch gains you little or nothing. It also costs little
or nothing, and probably shouldn't actually be applied at present. I'm
putting it up here to keep it and the notes about crypto in the archives
in case I don't have any luck following it up with an actually parallel
implementation and others are looking into it later.

The next step is to try to spawn worker threads to encrypt chunks in
parallel. Hopefully this will be possible with OpenSSL...

--
Craig Ringer

diff --git a/bacula/src/lib/crypto.c b/bacula/src/lib/crypto.c
index fb52c25..077b8d2 100644
--- a/bacula/src/lib/crypto.c
+++ b/bacula/src/lib/crypto.c
@@ -1022,6 +1022,11 @@ CRYPTO_SESSION *crypto_session_new (crypto_cipher_t 
cipher, alist *pubkeys)
       cs->cryptoData->contentEncryptionAlgorithm = 
OBJ_nid2obj(NID_aes_128_cbc);
       ec = EVP_aes_128_cbc();
       break;
+   case CRYPTO_CIPHER_AES_128_ECB:
+      /* AES 128 bit ECB */
+      cs->cryptoData->contentEncryptionAlgorithm = 
OBJ_nid2obj(NID_aes_128_ecb);
+      ec = EVP_aes_128_ecb();
+      break;
 #ifndef HAVE_OPENSSL_EXPORT_LIBRARY
    case CRYPTO_CIPHER_AES_192_CBC:
       /* AES 192 bit CBC */
@@ -1033,6 +1038,11 @@ CRYPTO_SESSION *crypto_session_new (crypto_cipher_t 
cipher, alist *pubkeys)
       cs->cryptoData->contentEncryptionAlgorithm = 
OBJ_nid2obj(NID_aes_256_cbc);
       ec = EVP_aes_256_cbc();
       break;
+   case CRYPTO_CIPHER_AES_256_ECB:
+      /* AES 256 bit ECB */
+      cs->cryptoData->contentEncryptionAlgorithm = 
OBJ_nid2obj(NID_aes_256_ecb);
+      ec = EVP_aes_256_ecb();
+      break;
 #endif
    case CRYPTO_CIPHER_BLOWFISH_CBC:
       /* Blowfish CBC */
diff --git a/bacula/src/lib/crypto.h b/bacula/src/lib/crypto.h
index cb935bd..dc3171f 100644
--- a/bacula/src/lib/crypto.h
+++ b/bacula/src/lib/crypto.h
@@ -82,7 +82,9 @@ typedef enum {
    CRYPTO_CIPHER_AES_128_CBC,
    CRYPTO_CIPHER_AES_192_CBC,
    CRYPTO_CIPHER_AES_256_CBC,
-   CRYPTO_CIPHER_BLOWFISH_CBC
+   CRYPTO_CIPHER_BLOWFISH_CBC,
+   CRYPTO_CIPHER_AES_128_ECB,
+   CRYPTO_CIPHER_AES_256_ECB
 } crypto_cipher_t;
 
 /* Crypto API Errors */

------------------------------------------------------------------------------
Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Bacula-users] Automatic restores BACULA, bitbyte
Next by Date:  Re: [Bacula-users] VirtualFull mysql query blocks other jobs for a long time, Graham Keeling
Previous by Thread:  Re: [Bacula-users] Possibility of parallelising encryption?, Craig Ringer
Next by Thread:  Re: [Bacula-users] PATCH: add AES-ECB support to Bacula, Matija Nalis
Indexes:  [Date] [Thread] [Top] [All Lists]