msg/async, v2: handle msg authentication failures.

Signed-off-by: Radoslaw Zarzynski <rzarzyns@redhat.com>

diff --git a/src/msg/async/ProtocolV2.cc b/src/msg/async/ProtocolV2.cc
index 48c9aa00992b3993f020292b209f55e868921061..59c6b19351464ede04d30040905f21451a2b2ef3 100644 (file)
--- a/src/msg/async/ProtocolV2.cc
+++ b/src/msg/async/ProtocolV2.cc
@@ -55,7 +55,7 @@ void ProtocolV2::run_continuation(CtPtr continuation) {
     lderr(cct) << __func__ << " failed decoding of frame header: " << e
                << dendl;
     _fault();
-  } catch (const SHA256SignatureError &e) {
+  } catch (const ceph::crypto::onwire::MsgAuthError &e) {
     lderr(cct) << __func__ << " " << e.what() << dendl;
     _fault();
   } catch (const DecryptionError &) {
@@ -1889,8 +1889,14 @@ CtPtr ProtocolV2::handle_message_complete() {
       data = session_stream_handlers.rx->authenticated_decrypt_update(
         std::move(data), segment_t::DEFAULT_ALIGNMENT);
     }
-    session_stream_handlers.rx->authenticated_decrypt_update_final(
-      std::move(extra), segment_t::DEFAULT_ALIGNMENT);
+    try {
+      session_stream_handlers.rx->authenticated_decrypt_update_final(
+       std::move(extra), segment_t::DEFAULT_ALIGNMENT);
+    } catch (ceph::crypto::onwire::MsgAuthError &e) {
+      ldout(cct, 5) << __func__ << " message authentication failed: "
+                   << e.what() << dendl;
+      return _fault();
+    }
   }
 
   Message *message = decode_message(cct, messenger->crcflags, header, footer,

diff --git a/src/msg/async/crypto_onwire.cc b/src/msg/async/crypto_onwire.cc
index 0cd272eae4cd3043631fc2c076f117f5dc2d97e0..0fa35cac409650eb079e598814f28c2ff7ac3d42 100644 (file)
--- a/src/msg/async/crypto_onwire.cc
+++ b/src/msg/async/crypto_onwire.cc
@@ -269,7 +269,7 @@ ceph::bufferlist AES128GCM_OnWireRxHandler::authenticated_decrypt_update_final(
                     << " plainbl.length()=" << plainbl.length()
                     << " final_len=" << final_len
                     << dendl;
-      throw std::runtime_error("EVP_DecryptFinal_ex failed");
+      throw MsgAuthError();
     } else {
       ceph_assert_always(final_len == 0);
       ceph_assert_always(plainbl.length() + final_len + AESGCM_TAG_LEN == cnt_len);

diff --git a/src/msg/async/crypto_onwire.h b/src/msg/async/crypto_onwire.h
index 4917c367522526879ba22cea1e192cb8389ecb0d..bd682e8c71cde49220c0bc3fae2941e7f549adb9 100644 (file)
--- a/src/msg/async/crypto_onwire.h
+++ b/src/msg/async/crypto_onwire.h
@@ -39,6 +39,12 @@ class always_aligned_t {
 
 namespace ceph::crypto::onwire {
 
+struct MsgAuthError : public std::runtime_error {
+  MsgAuthError()
+    : runtime_error("message signature mismatch") {
+  }
+};
+
 struct TxHandler {
   virtual ~TxHandler() = default;
 
@@ -111,7 +117,6 @@ struct rxtx_t {
     bool crossed);
 };
 
-
 } // namespace ceph::crypto::onwire
 
 #endif // CEPH_CRYPTO_ONWIRE_H