// interface.
std::size_t CryptoKeyHandler::encrypt(
+ CephContext *cct,
const CryptoKeyHandler::in_slice_t& in,
const CryptoKeyHandler::out_slice_t& out) const
{
ceph::bufferlist ciphertext;
std::string error;
- const int ret = encrypt(plaintext, ciphertext, &error);
+ const int ret = encrypt(cct, plaintext, ciphertext, &error);
if (ret != 0 || !error.empty()) {
throw std::runtime_error(std::move(error));
}
}
std::size_t CryptoKeyHandler::decrypt(
+ CephContext *cct,
const CryptoKeyHandler::in_slice_t& in,
const CryptoKeyHandler::out_slice_t& out) const
{
ceph::bufferlist plaintext;
std::string error;
- const int ret = decrypt(ciphertext, plaintext, &error);
+ const int ret = decrypt(cct, ciphertext, plaintext, &error);
if (ret != 0 || !error.empty()) {
throw std::runtime_error(std::move(error));
}
using CryptoKeyHandler::encrypt;
using CryptoKeyHandler::decrypt;
- int encrypt(const bufferlist& in,
+ int encrypt(CephContext *cct, const bufferlist& in,
bufferlist& out, std::string *error) const override {
out = in;
return 0;
}
- int decrypt(const bufferlist& in,
+ int decrypt(CephContext *cct, const bufferlist& in,
bufferlist& out, std::string *error) const override {
out = in;
return 0;
return 0;
}
- int encrypt(const ceph::bufferlist& in,
+ int encrypt(CephContext *cct, const ceph::bufferlist& in,
ceph::bufferlist& out,
std::string* /* unused */) const override {
// we need to take into account the PKCS#7 padding. There *always* will
return 0;
}
- int decrypt(const ceph::bufferlist& in,
+ int decrypt(CephContext *cct, const ceph::bufferlist& in,
ceph::bufferlist& out,
std::string* /* unused */) const override {
// PKCS#7 padding enlarges even empty plain-text to take 16 bytes.
return 0;
}
- std::size_t encrypt(const in_slice_t& in,
+ std::size_t encrypt(CephContext *cct, const in_slice_t& in,
const out_slice_t& out) const override {
if (out.buf == nullptr) {
// 16 + p2align(10, 16) -> 16
return main_encrypt_size + tail_encrypt_size;
}
- std::size_t decrypt(const in_slice_t& in,
+ std::size_t decrypt(CephContext *cct, const in_slice_t& in,
const out_slice_t& out) const override {
if (in.length % AES_BLOCK_LEN != 0 || in.length < AES_BLOCK_LEN) {
throw std::runtime_error("input not aligned to AES_BLOCK_LEN");
virtual ~CryptoKeyHandler() {}
- virtual int encrypt(const ceph::buffer::list& in,
+ virtual int encrypt(CephContext *cct,
+ const ceph::buffer::list& in,
ceph::buffer::list& out, std::string *error) const = 0;
- virtual int decrypt(const ceph::buffer::list& in,
+ virtual int decrypt(CephContext *cct,
+ const ceph::buffer::list& in,
ceph::buffer::list& out, std::string *error) const = 0;
// TODO: provide nullptr in the out::buf to get/estimate size requirements?
// Or maybe dedicated methods?
- virtual std::size_t encrypt(const in_slice_t& in,
+ virtual std::size_t encrypt(CephContext *cct,
+ const in_slice_t& in,
const out_slice_t& out) const;
- virtual std::size_t decrypt(const in_slice_t& in,
+ virtual std::size_t decrypt(CephContext *cct,
+ const in_slice_t& in,
const out_slice_t& out) const;
sha256_digest_t hmac_sha256(const ceph::bufferlist& in) const;
ceph::buffer::list& out,
std::string *error) const {
ceph_assert(ckh); // Bad key?
- return ckh->encrypt(in, out, error);
+ return ckh->encrypt(cct, in, out, error);
}
int decrypt(CephContext *cct, const ceph::buffer::list& in,
ceph::buffer::list& out,
std::string *error) const {
ceph_assert(ckh); // Bad key?
- return ckh->decrypt(in, out, error);
+ return ckh->decrypt(cct, in, out, error);
}
using in_slice_t = CryptoKeyHandler::in_slice_t;
using out_slice_t = CryptoKeyHandler::out_slice_t;
- std::size_t encrypt(CephContext*, const in_slice_t& in,
+ std::size_t encrypt(CephContext *cct, const in_slice_t& in,
const out_slice_t& out) {
ceph_assert(ckh);
- return ckh->encrypt(in, out);
+ return ckh->encrypt(cct, in, out);
}
- std::size_t decrypt(CephContext*, const in_slice_t& in,
+ std::size_t decrypt(CephContext *cct, const in_slice_t& in,
const out_slice_t& out) {
ceph_assert(ckh);
- return ckh->encrypt(in, out);
+ return ckh->encrypt(cct, in, out);
}
sha256_digest_t hmac_sha256(CephContext*, const ceph::buffer::list& in) {
buffer::list en_input, dec_output;
en_input = buffer::list::static_from_string(decodedSessionToken);
- ret = keyhandler->decrypt(en_input, dec_output, &error);
+ ret = keyhandler->decrypt(cct, en_input, dec_output, &error);
if (ret < 0) {
ldpp_dout(dpp, 0) << "ERROR: Decryption failed: " << error << dendl;
return -EPERM;
buffer::list input, enc_output;
encode(token, input);
- if (ret = keyhandler->encrypt(input, enc_output, &error); ret < 0) {
+ if (ret = keyhandler->encrypt(cct, input, enc_output, &error); ret < 0) {
ldpp_dout(dpp, 0) << "ERROR: Encrypting session token returned an error !" << dendl;
return ret;
}
projects / ceph-ci.git / commitdiff