cephx: sign messages using hmac_sha256

if key type is newer than the original AES, calculate message
hash by using HMAC-SHA256.
We cannot use plain aes256k like we do with the aes key because
of the confounder. The other option would be to inject a
confounder, but that would weaken the cipher.

Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
(cherry picked from commit ba6bb55c7c977e9858e242e74d848273617c221b)

diff --git a/src/auth/cephx/CephxSessionHandler.cc b/src/auth/cephx/CephxSessionHandler.cc
index 1c0ad4e63539e74b585cf7ee159d3789924ef90d..f4c1af6e591455ab008aad9058e6491a2ef415ab 100644 (file)
--- a/src/auth/cephx/CephxSessionHandler.cc
+++ b/src/auth/cephx/CephxSessionHandler.cc
@@ -101,27 +101,47 @@ int CephxSessionHandler::_calc_signature(Message *m, uint64_t *psig)
       ceph_le32(header.seq)
     };
 
-    char exp_buf[CryptoKey::get_max_outbuf_size(sizeof(sigblock))];
-
-    try {
-      const CryptoKey::in_slice_t in {
-       sizeof(sigblock),
-       reinterpret_cast<const unsigned char*>(&sigblock)
-      };
-      const CryptoKey::out_slice_t out {
-       sizeof(exp_buf),
-       reinterpret_cast<unsigned char*>(&exp_buf)
-      };
-      key.encrypt(cct, in, out);
-    } catch (std::exception& e) {
-      lderr(cct) << __func__ << " failed to encrypt signature block" << dendl;
-      return -1;
+    if (key.get_type() <= CEPH_CRYPTO_AES) {
+      char exp_buf[CryptoKey::get_max_outbuf_size(sizeof(sigblock))];
+
+      try {
+        const CryptoKey::in_slice_t in {
+          sizeof(sigblock),
+            reinterpret_cast<const unsigned char*>(&sigblock)
+        };
+        const CryptoKey::out_slice_t out {
+          sizeof(exp_buf),
+            reinterpret_cast<unsigned char*>(&exp_buf)
+        };
+        key.encrypt(cct, in, out);
+      } catch (std::exception& e) {
+        lderr(cct) << __func__ << " failed to encrypt signature block" << dendl;
+        return -1;
+      }
+
+      struct enc {
+        ceph_le64 a, b, c, d;
+      } *penc = reinterpret_cast<enc*>(exp_buf);
+      *psig = penc->a ^ penc->b ^ penc->c ^ penc->d;
+    } else {
+      sha256_digest_t exp_buf;
+
+      try {
+        const CryptoKey::in_slice_t in {
+          sizeof(sigblock),
+            reinterpret_cast<const unsigned char*>(&sigblock)
+        };
+        exp_buf = key.hmac_sha256(cct, in);
+      } catch (std::exception& e) {
+        lderr(cct) << __func__ << " failed to encrypt signature block" << dendl;
+        return -1;
+      }
+
+      struct enc {
+        ceph_le64 a, b, c, d;
+      } *penc = reinterpret_cast<enc*>(&exp_buf);
+      *psig = penc->a ^ penc->b ^ penc->c ^ penc->d;
     }
-
-    struct enc {
-      ceph_le64 a, b, c, d;
-    } *penc = reinterpret_cast<enc*>(exp_buf);
-    *psig = penc->a ^ penc->b ^ penc->c ^ penc->d;
   }
 
   ldout(cct, 10) << __func__ << " seq " << m->get_seq()