Also move the encryption handlers out of the ceph_context.
Handlers are now returned as a shared_ptr, to support the
creation of new handlers with different params (such as
the usage param).
Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
}
}
+CryptoManager::CryptoManager(CephContext *_cct) : cct(_cct) {
+ crypto_none.reset(CryptoHandler::create(CEPH_CRYPTO_NONE));
+ crypto_aes.reset(CryptoHandler::create(CEPH_CRYPTO_AES));
+ crypto_aes256krb5.reset(CryptoHandler::create(CEPH_CRYPTO_AES256KRB5));
+
+ supported_crypto_types = { CEPH_CRYPTO_NONE, CEPH_CRYPTO_AES, CEPH_CRYPTO_AES256KRB5 };
+}
+
+std::shared_ptr<CryptoHandler> CryptoManager::get_handler(int type)
+{
+ switch (type) {
+ case CEPH_CRYPTO_NONE:
+ return crypto_none;
+ case CEPH_CRYPTO_AES:
+ return crypto_aes;
+ case CEPH_CRYPTO_AES256KRB5:
+ return crypto_aes256krb5;
+ default:
+ break;
+ };
+ return nullptr;
+}
+
+int CryptoManager::get_key_type(const std::string& s)
+{
+ auto l = s;
+ std::transform(l.begin(), l.end(), l.begin(), ::tolower);
+ if (l == "aes") {
+ return CEPH_CRYPTO_AES;
+ }
+ if (l == "aes256k") {
+ return CEPH_CRYPTO_AES256KRB5;
+ }
+ if (l == "none") {
+ return CEPH_CRYPTO_NONE;
+ }
+ return -ENOENT;
+}
+
+bool CryptoManager::crypto_type_supported(int type) const
+{
+ return supported_crypto_types.find(type) != supported_crypto_types.end();
+}
+
#pragma clang diagnostic pop
#pragma GCC diagnostic pop
};
+class CryptoManager {
+ CephContext *cct;
+ std::shared_ptr<CryptoHandler> crypto_none;
+ std::shared_ptr<CryptoHandler> crypto_aes;
+ std::shared_ptr<CryptoHandler> crypto_aes256krb5;
+
+ std::set<int> supported_crypto_types;
+public:
+ CryptoManager(CephContext *_cct);
+
+ const std::set<int>& get_supported_crypto_types() const {
+ return supported_crypto_types;
+ }
+
+ static int get_key_type(const std::string& s);
+ bool crypto_type_supported(int type) const;
+
+ std::shared_ptr<CryptoHandler> get_handler(int type);
+};
+
+
#endif
bool KeyServer::generate_secret(CryptoKey& secret)
{
bufferptr bp;
- CryptoHandler *crypto = cct->get_crypto_handler(CEPH_CRYPTO_AES);
+ auto crypto = cct->get_crypto_manager()->get_handler(CEPH_CRYPTO_AES);
if (!crypto)
return false;
_perf_counters_collection(NULL),
_perf_counters_conf_obs(NULL),
_heartbeat_map(NULL),
- _crypto_none(NULL),
- _crypto_aes(NULL),
- _crypto_aes256krb5(NULL),
_plugin_registry(NULL),
#ifdef CEPH_DEBUG_MUTEX
_lockdep_obs(NULL),
_admin_socket->register_command("log dump", _admin_hook, "dump recent log entries to log file");
_admin_socket->register_command("log reopen", _admin_hook, "reopen log file");
- _crypto_none = CryptoHandler::create(CEPH_CRYPTO_NONE);
- _crypto_aes = CryptoHandler::create(CEPH_CRYPTO_AES);
- _crypto_aes256krb5 = CryptoHandler::create(CEPH_CRYPTO_AES256KRB5);
_crypto_random.reset(new CryptoRandom());
+ _crypto_mgr.reset(new CryptoManager(this));
lookup_or_create_singleton_object<MempoolObs>("mempool_obs", false, this);
}
delete _log;
_log = NULL;
- delete _crypto_none;
- delete _crypto_aes;
- delete _crypto_aes256krb5;
+ _crypto_mgr.reset();
if (_crypto_inited > 0) {
ceph_assert(_crypto_inited == 1); // or else someone explicitly did
// init but not shutdown
return _admin_socket;
}
-CryptoHandler *CephContext::get_crypto_handler(int type)
-{
- switch (type) {
- case CEPH_CRYPTO_NONE:
- return _crypto_none;
- case CEPH_CRYPTO_AES:
- return _crypto_aes;
- case CEPH_CRYPTO_AES256KRB5:
- return _crypto_aes256krb5;
- default:
- return NULL;
- }
-}
-
void CephContext::notify_pre_fork()
{
{
class AdminSocket;
class AdminSocketHook;
class CryptoHandler;
+class CryptoManager;
class CryptoRandom;
class MonMap;
/**
* get a crypto handler
*/
- CryptoHandler *get_crypto_handler(int type);
+ CryptoManager *get_crypto_manager() {
+ return _crypto_mgr.get();
+ }
CryptoRandom* random() const { return _crypto_random.get(); }
std::vector<ForkWatcher*> _fork_watchers;
// crypto
- CryptoHandler *_crypto_none;
- CryptoHandler *_crypto_aes;
- CryptoHandler *_crypto_aes256krb5;
std::unique_ptr<CryptoRandom> _crypto_random;
+ std::unique_ptr<CryptoManager> _crypto_mgr;
// experimental
CephContextObs *_cct_obs;
return -EINVAL;
}
- auto* cryptohandler = cct->get_crypto_handler(CEPH_CRYPTO_AES);
+ auto cryptohandler = cct->get_crypto_manager()->get_handler(CEPH_CRYPTO_AES);
if (! cryptohandler) {
return -EINVAL;
}
expiration = ceph::to_iso_8601(exp);
//Session Token - Encrypt using AES
- auto* cryptohandler = cct->get_crypto_handler(CEPH_CRYPTO_AES);
+ auto cryptohandler = cct->get_crypto_manager()->get_handler(CEPH_CRYPTO_AES);
if (! cryptohandler) {
ldpp_dout(dpp, 0) << "ERROR: No AES crypto handler found !" << dendl;
return -EINVAL;
map<string,bufferlist> caps;
std::string fn;
+ int key_type = CEPH_CRYPTO_AES;
+
if (args.empty()) {
cerr << argv[0] << ": -h or --help for usage" << std::endl;
exit(1);
create_keyring = true;
} else if (ceph_argparse_witharg(args, i, &val, "--import-keyring", (char*)NULL)) {
import_keyring = val;
+ } else if (ceph_argparse_witharg(args, i, &val, "--key-type", (char*)NULL)) {
+ auto cm = cct->get_crypto_manager();
+ key_type = cm->get_key_type(val);
+ if (key_type < 0) {
+ cerr << "invalid key type: " << val << std::endl;
+ exit(1);
+ }
+ if (!cm->crypto_type_supported(key_type)) {
+ cerr << "unsupported key type: " << val << std::endl;
+ exit(1);
+ }
} else if (ceph_argparse_witharg(args, i, &val, "--mode", (char*)NULL)) {
std::string err;
mode = strict_strtoll(val.c_str(), 8, &err);
if (gen_print_key) {
CryptoKey key;
- key.create(g_ceph_context, CEPH_CRYPTO_AES);
+ key.create(g_ceph_context, key_type);
cout << key << std::endl;
return 0;
}
}
if (gen_key) {
EntityAuth eauth;
- eauth.key.create(g_ceph_context, CEPH_CRYPTO_AES);
+ eauth.key.create(g_ceph_context, key_type);
keyring.add(ename, eauth);
modified = true;
}
projects / ceph-ci.git / commitdiff