int validate_secret(const bufferptr& secret) override {
return 0;
}
- CryptoKeyHandler *get_key_handler(const bufferptr& secret, string& error) override {
+ CryptoKeyHandler *get_key_handler_ext(const bufferptr& secret, uint32_t usage, string& error) override {
return new CryptoNoneKeyHandler;
}
};
}
int create(CryptoRandom *random, bufferptr& secret) override;
int validate_secret(const bufferptr& secret) override;
- CryptoKeyHandler *get_key_handler(const bufferptr& secret, string& error) override;
+ CryptoKeyHandler *get_key_handler_ext(const bufferptr& secret, uint32_t usage /* unused */, string& error) override;
};
// when we say AES, we mean AES-128
return 0;
}
-CryptoKeyHandler *CryptoAES::get_key_handler(const bufferptr& secret,
- string& error)
+CryptoKeyHandler *CryptoAES::get_key_handler_ext(const bufferptr& secret,
+ uint32_t usage,
+ string& error)
{
CryptoAESKeyHandler *ckh = new CryptoAESKeyHandler;
ostringstream oss;
}
int create(CryptoRandom *random, bufferptr& secret) override;
int validate_secret(const bufferptr& secret) override;
- CryptoKeyHandler *get_key_handler(const bufferptr& secret, string& error) override;
+ CryptoKeyHandler *get_key_handler_ext(const bufferptr& secret, uint32_t usage, string& error) override;
};
static constexpr const std::size_t AES256KRB5_KEY_LEN{32};
using CryptoKeyHandler::encrypt;
using CryptoKeyHandler::decrypt;
- int init(const ceph::bufferptr& s, ostringstream& err) {
+ int init(const ceph::bufferptr& s, uint32_t usage, ostringstream& err) {
cipher = EVP_CIPHER_fetch(NULL, "AES-256-CBC-CTS", NULL);
secret = s;
- int r = calc_kx(secret, 0x2 /* usage */,
+ int r = calc_kx(secret, usage,
0x55 /* Ki type */,
AES256KRB5_HASH_LEN /* 192 bit */,
ki,
}
ki_raw = reinterpret_cast<const unsigned char *>(ki.c_str()); /* needed so that we can use ki in const methods */
- r = calc_kx(secret, 0x2 /* usage */,
+ r = calc_kx(secret, usage,
0xAA /* Ke type */,
32 /* 256 bit */,
ke,
return 0;
}
-CryptoKeyHandler *CryptoAES256KRB5::get_key_handler(const bufferptr& secret,
- string& error)
+CryptoKeyHandler *CryptoAES256KRB5::get_key_handler_ext(const bufferptr& secret,
+ uint32_t usage,
+ string& error)
{
CryptoAES256KRB5KeyHandler *ckh = new CryptoAES256KRB5KeyHandler;
ostringstream oss;
- if (ckh->init(secret, oss) < 0) {
+ if (ckh->init(secret, usage, oss) < 0) {
error = oss.str();
delete ckh;
return NULL;
virtual int get_type() const = 0;
virtual int create(CryptoRandom *random, ceph::buffer::ptr& secret) = 0;
virtual int validate_secret(const ceph::buffer::ptr& secret) = 0;
+ virtual CryptoKeyHandler *get_key_handler_ext(const ceph::buffer::ptr& secret,
+ uint32_t usage,
+ std::string& error) = 0;
+
virtual CryptoKeyHandler *get_key_handler(const ceph::buffer::ptr& secret,
- std::string& error) = 0;
+ std::string& error) {
+ return get_key_handler_ext(secret, 0, error);
+ }
static CryptoHandler *create(int type);
};
bufferlist cipher;
std::string error;
- CryptoKeyHandler *kh = h->get_key_handler(secret, error);
+ CryptoKeyHandler *kh = h->get_key_handler_ext(secret, 2, error);
int r = kh->encrypt_ext(g_ceph_context, plaintext, &confounder, cipher, &error);
ASSERT_EQ(r, 0);
ASSERT_EQ(error, "");
std::string error;
bufferlist plaintext;
- CryptoKeyHandler *kh = h->get_key_handler(secret, error);
+ CryptoKeyHandler *kh = h->get_key_handler_ext(secret, 2, error);
int r = kh->decrypt(g_ceph_context, cipher, plaintext, &error);
ASSERT_EQ(r, 0);
ASSERT_EQ(error, "");
projects / ceph-ci.git / commitdiff