auth: work in progress

diff --git a/src/Makefile.am b/src/Makefile.am
index f479abaf17b85a6585d8f384d13f730ad2218d88..b30eabeaa33123b9776456a6ac98d40630d51a76 100644 (file)
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -269,6 +269,7 @@ libcommon_a_SOURCES = \
 libcommon_files = \
        auth/ExportControl.cc \
        auth/AuthManager.cc \
+       auth/CryptoTools.cc \
        common/LogClient.cc \
        msg/Message.cc \
        common/Logger.cc \

diff --git a/src/auth/AuthManager.cc b/src/auth/AuthManager.cc
index dec3fc2db0cd887a94ca8a0206361fde5c674bdc..d1ea335ea087280790cb2cb17f8154f1099f9701 100644 (file)
--- a/src/auth/AuthManager.cc
+++ b/src/auth/AuthManager.cc
@@ -3,7 +3,7 @@
 /*
  * Ceph - scalable distributed file system
  *
- * Copyright (C) 2004-2006 Sage Weil <sage@newdream.net>
+ * Copyright (C) 2004-2009 Sage Weil <sage@newdream.net>
  *
  * This is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public

diff --git a/src/auth/AuthTypes.h b/src/auth/AuthTypes.h
new file mode 100644 (file)
index 0000000..b64e655
--- /dev/null
+++ b/src/auth/AuthTypes.h
@@ -0,0 +1,79 @@
+// -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*- 
+// vim: ts=8 sw=2 smarttab
+/*
+ * Ceph - scalable distributed file system
+ *
+ * Copyright (C) 2004-2009 Sage Weil <sage@newdream.net>
+ *
+ * This is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License version 2.1, as published by the Free Software 
+ * Foundation.  See file COPYING.
+ * 
+ */
+
+#ifndef __AUTHTYPES_H
+#define __AUTHTYPES_H
+
+#include "config.h"
+
+
+class EntitySecret {
+protected:
+  bufferlist secret;
+
+public:
+  void encode(bufferlist& bl) const {
+    ::encode(secret, bl);
+  }
+  void decode(bufferlist::iterator& bl) {
+    ::decode(secret, bl);
+  }
+
+  bufferlist& get_secret() { return secret; }
+};
+WRITE_CLASS_ENCODER(EntitySecret);
+
+class ServiceSecret : public EntitySecret {
+  utime_t created;
+
+public:
+  void encode(bufferlist& bl) const {
+    ::encode(secret, bl);
+    ::encode(created, bl);
+  }
+  void decode(bufferlist::iterator& bl) {
+    ::decode(secret, bl);
+    ::decode(created, bl);
+  }
+};
+WRITE_CLASS_ENCODER(ServiceSecret);
+
+struct EntityName {
+  uint32_t entity_type;
+  string name;
+
+  void encode(bufferlist& bl) const {
+    ::encode(entity_type, bl);
+    ::encode(name, bl);
+  }
+  void decode(bufferlist::iterator& bl) {
+    ::decode(entity_type, bl);
+    ::decode(name, bl);
+  }
+};
+WRITE_CLASS_ENCODER(EntityName);
+
+struct SessionKey {
+  bufferlist key;
+
+  void encode(bufferlist& bl) const {
+    ::encode(key, bl);
+  }
+  void decode(bufferlist::iterator& bl) {
+    ::decode(key, bl);
+  }
+};
+WRITE_CLASS_ENCODER(SessionKey);
+
+#endif

diff --git a/src/auth/CryptoTools.cc b/src/auth/CryptoTools.cc
new file mode 100644 (file)
index 0000000..9cff30c
--- /dev/null
+++ b/src/auth/CryptoTools.cc
@@ -0,0 +1,116 @@
+// vim: ts=8 sw=2 smarttab
+/*
+ * Ceph - scalable distributed file system
+ *
+ * Copyright (C) 2004-2009 Sage Weil <sage@newdream.net>
+ *
+ * This is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License version 2.1, as published by the Free Software 
+ * Foundation.  See file COPYING.
+ * 
+ */
+
+#include "AuthTypes.h"
+#include "openssl/evp.h"
+
+#define CRYPTO_STUPID   0x0
+#define CRYPTO_AES      0x1
+
+
+class CryptoHandler {
+public:
+  virtual bool encrypt(EntitySecret& secret, bufferlist& in, bufferlist& out) = 0;
+  virtual bool decrypt(EntitySecret& secret, bufferlist& in, bufferlist& out) = 0;
+};
+
+class CryptoStupid : public CryptoHandler {
+public:
+  CryptoStupid() {}
+  ~CryptoStupid() {}
+  bool encrypt(EntitySecret& secret, bufferlist& in, bufferlist& out);
+  bool decrypt(EntitySecret& secret, bufferlist& in, bufferlist& out);
+};
+
+bool CryptoStupid::encrypt(EntitySecret& secret, bufferlist& in, bufferlist& out)
+{
+  bufferlist sec_bl = secret.get_secret();
+  const char *sec = sec_bl.c_str();
+  int sec_len = sec_bl.length();
+
+  int in_len = in.length();
+  bufferptr outptr(in_len);
+  out.append(outptr);
+  const char *inbuf = in.c_str();
+  char *outbuf = outptr.c_str();
+
+  for (int i=0; i<in_len; i++) {
+    outbuf[i] = inbuf[i] ^ sec[i % sec_len];
+  }
+
+  return true;
+}
+
+bool CryptoStupid::decrypt(EntitySecret& secret, bufferlist& in, bufferlist& out)
+{
+  return encrypt(secret, in, out);
+}
+
+#define AES_KEY_LEN     16
+
+class CryptoAES : public CryptoHandler {
+public:
+  CryptoStupid() {}
+  ~CryptoStupid() {}
+  bool encrypt(EntitySecret& secret, bufferlist& in, bufferlist& out);
+  bool decrypt(EntitySecret& secret, bufferlist& in, bufferlist& out);
+};
+
+static const unsigned char *aes_iv = "cephsageyudagreg";
+
+bool CryptoStupid::encrypt(EntitySecret& secret, bufferlist& in, bufferlist& out)
+{
+  bufferlist sec_bl = secret.get_secret();
+  int outlen, tmplen;
+  bufferptr outptr(outlen);
+
+  if (sec_bl.length() < AES_KEY_LEN)
+    return false;
+
+  const char *key = sec_bl.c_str();
+  char intext[] = "12345678901234567890123456789012";
+  EVP_CIPHER_CTX ctx;
+  FILE *out;
+  EVP_CIPHER_CTX_init(&ctx);
+  EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, aes_iv);
+
+  if(!EVP_EncryptUpdate(&ctx, outbuf, &outlen, intext, strlen(intext))) {
+    dout(0) << "EVP_EncryptUpdate error" << dendl;
+    return false;
+  }
+  if(!EVP_EncryptFinal_ex(&ctx, outbuf + outlen, &tmplen)) {
+    dout(0) << "EVP_EncryptFinal error" << dendl;
+    return false;
+  }
+
+  return true;
+}
+
+static CryptoStupid crypto_stupid;
+
+
+class CryptoManager {
+public:
+  CryptoHandler *get_crypto(int type);
+};
+
+
+CryptoHandler *CryptoManager::get_crypto(int type)
+{
+  switch (type) {
+    case CRYPTO_STUPID:
+      return &crypto_stupid;
+    default:
+      return NULL;
+  }
+}