auth: create slice api for calculating hmac_sha256

Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
(cherry picked from commit dfffd730268e35bd357277963a0dc98ceae947f5)

diff --git a/src/auth/Crypto.cc b/src/auth/Crypto.cc
index 8f50279ed358ad189e0428dc43bada7980b36941..f9fd54c632493c8c532ae7efb6ed3492dc460c78 100644 (file)
--- a/src/auth/Crypto.cc
+++ b/src/auth/Crypto.cc
@@ -229,6 +229,19 @@ sha256_digest_t CryptoKeyHandler::hmac_sha256(
   return ret;
 }
 
+sha256_digest_t CryptoKeyHandler::hmac_sha256(
+  const in_slice_t& in) const
+{
+  TOPNSPC::crypto::HMACSHA256 hmac((const unsigned char*)secret.c_str(), secret.length());
+
+  hmac.Update(in.buf, in.length);
+
+  sha256_digest_t ret;
+  hmac.Final(ret.v);
+
+  return ret;
+}
+
 // ---------------------------------------------------
 
 class CryptoNoneKeyHandler : public CryptoKeyHandler {

diff --git a/src/auth/Crypto.h b/src/auth/Crypto.h
index 2a1731046c58e861ce138e9008eae4335aab2012..57b7cc3a32e85214c5c571cfd1e5b997afdca8e1 100644 (file)
--- a/src/auth/Crypto.h
+++ b/src/auth/Crypto.h
@@ -104,6 +104,7 @@ public:
                               const in_slice_t& in,
                              const out_slice_t& out) const;
 
+  sha256_digest_t hmac_sha256(const in_slice_t& in) const;
   sha256_digest_t hmac_sha256(const ceph::bufferlist& in) const;
 };
 
@@ -210,6 +211,11 @@ public:
     return ckh->hmac_sha256(in);
   }
 
+  sha256_digest_t hmac_sha256(CephContext *cct, const in_slice_t& in) const {
+    ceph_assert(ckh);
+    return ckh->hmac_sha256(in);
+  }
+
   static constexpr std::size_t get_max_outbuf_size(std::size_t want_size) {
     return want_size + CryptoKeyHandler::MAX_BLOCK_SIZE;
   }

diff --git a/src/test/crypto.cc b/src/test/crypto.cc
index 72ef5f73f4320eeea017722e7ac42885196dbd91..f712905c3d644e21683f5d886f3b6c36d6c57084 100644 (file)
--- a/src/test/crypto.cc
+++ b/src/test/crypto.cc
@@ -588,6 +588,58 @@ TEST(AES256KRB5, DecryptNoBl) {
   }
 }
 
+TEST(AES256KRB5, HMAC_SHA256) {
+  auto h = g_ceph_context->get_crypto_manager()->get_handler(CEPH_CRYPTO_AES256KRB5);
+
+  unsigned char secret_s[] = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+                               0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff };
+  bufferptr secret((const char *)secret_s, sizeof(secret_s));
+  std::string plaintext = "blablabla";
+
+  std::string error;
+
+  std::unique_ptr<CryptoKeyHandler> kh(h->get_key_handler(secret, error));
+
+  bufferlist bl;
+  bl.append((const char *)plaintext.c_str(), plaintext.size());
+  auto hash = kh->hmac_sha256(bl);
+
+  dump_buf("HMAC_SHA256:", (const unsigned char *)&hash, sizeof(hash));
+
+  unsigned char expected_s[] = { 0x42, 0xc7, 0x02, 0x7e, 0x8b, 0xe0, 0x6d, 0xca,
+                                 0x2c, 0x0b, 0x44, 0x43, 0x73, 0xfe, 0xfd, 0xbe,
+                                 0xac, 0x5b, 0x40, 0x34, 0xec, 0xa4, 0x4a, 0x69,
+                                 0xde, 0x3a, 0x29, 0x16, 0x34, 0xed, 0x8d, 0xf9 };
+
+
+  ASSERT_EQ(0, memcmp(expected_s, (const char *)&hash, sizeof(hash)));
+}
+
+TEST(AES256KRB5, HMAC_SHA256_NoBl) {
+  auto h = g_ceph_context->get_crypto_manager()->get_handler(CEPH_CRYPTO_AES256KRB5);
+
+  unsigned char secret_s[] = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+                               0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff };
+  bufferptr secret((const char *)secret_s, sizeof(secret_s));
+  std::string plaintext = "testing1234blablabla";
+
+  std::string error;
+
+  std::unique_ptr<CryptoKeyHandler> kh(h->get_key_handler(secret, error));
+
+  CryptoKey::in_slice_t plaintext_slice { plaintext.size(), (const unsigned char *)plaintext.c_str() };
+  auto hash = kh->hmac_sha256(plaintext_slice);
+
+  dump_buf("HMAC_SHA256:", (const unsigned char *)&hash, sizeof(hash));
+
+  unsigned char expected_s[] = { 0x4b, 0xd3, 0xac, 0x39, 0x4a, 0xcc, 0x97, 0x06,
+                                 0xdd, 0x09, 0xe6, 0x5c, 0x68, 0xad, 0xd4, 0xcf,
+                                 0x09, 0x2c, 0xcd, 0xa1, 0xe7, 0x99, 0xe3, 0x5c,
+                                 0x52, 0x73, 0x85, 0xbd, 0x79, 0x73, 0xc6, 0x98 };
+
+  ASSERT_EQ(0, memcmp(expected_s, (const char *)&hash, sizeof(hash)));
+}
+
 static void aes256krb5_loop(const std::size_t text_size) {
   cipher_loop(text_size, CEPH_CRYPTO_AES256KRB5, 32);
 }