crimson/net: enable on_wire encryption support

Signed-off-by: Kefu Chai <kchai@redhat.com>

diff --git a/src/crimson/CMakeLists.txt b/src/crimson/CMakeLists.txt
index f5dc80800c1d8dc1f2e3a6471c7ac36c067b4053..4a32540a12f7907c4714dab392fa31c142213db8 100644 (file)
--- a/src/crimson/CMakeLists.txt
+++ b/src/crimson/CMakeLists.txt
@@ -160,6 +160,7 @@ set(crimson_mon_srcs
   mon/MonClient.cc
   ${PROJECT_SOURCE_DIR}/src/mon/MonSub.cc)
 set(crimson_net_srcs
+  ${PROJECT_SOURCE_DIR}/src/msg/async/crypto_onwire.cc
   ${PROJECT_SOURCE_DIR}/src/msg/async/frames_v2.cc
   net/Errors.cc
   net/Messenger.cc

diff --git a/src/crimson/net/ProtocolV2.cc b/src/crimson/net/ProtocolV2.cc
index 0c82edc1564d4a360143c26891b726f61762bc35..828eb5d3be3d384451306d0756ea9d01b8a5b87a 100644 (file)
--- a/src/crimson/net/ProtocolV2.cc
+++ b/src/crimson/net/ProtocolV2.cc
@@ -300,7 +300,6 @@ seastar::future<> ProtocolV2::read_frame_payload()
       });
     }
   ).then([this] {
-    ceph_assert(!session_stream_handlers.rx);
     return read_exactly(rx_frame_asm.get_epilogue_onwire_len());
   }).then([this] (auto bl) {
     logger().trace("{} RECV({}) frame epilogue", conn, bl.size());
@@ -572,9 +571,8 @@ seastar::future<> ProtocolV2::handle_auth_reply()
             abort_in_fault();
           }
           auth_meta->con_mode = auth_done.con_mode();
-          // TODO
-          ceph_assert(!auth_meta->is_mode_secure());
-          session_stream_handlers = { nullptr, nullptr };
+          session_stream_handlers = ceph::crypto::onwire::rxtx_t::create_handler_pair(
+              nullptr, *auth_meta, tx_frame_asm.get_is_rev1(), false);
           return finish_auth();
         });
       default: {
@@ -970,9 +968,8 @@ seastar::future<> ProtocolV2::_handle_auth_request(bufferlist& auth_payload, boo
                    ceph_con_mode_name(auth_meta->con_mode), reply.length());
     return write_frame(auth_done).then([this] {
       ceph_assert(auth_meta);
-      // TODO
-      ceph_assert(!auth_meta->is_mode_secure());
-      session_stream_handlers = { nullptr, nullptr };
+      session_stream_handlers = ceph::crypto::onwire::rxtx_t::create_handler_pair(
+          nullptr, *auth_meta, tx_frame_asm.get_is_rev1(), true);
       return finish_auth();
     });
    }

diff --git a/src/msg/async/crypto_onwire.cc b/src/msg/async/crypto_onwire.cc
index 6a9045dab501a0d45c3afc52dce5ab1549c00773..615820b35ba3015180d16c7c82b83ffbdac79a31 100644 (file)
--- a/src/msg/async/crypto_onwire.cc
+++ b/src/msg/async/crypto_onwire.cc
@@ -68,8 +68,8 @@ public:
   }
 
   ~AES128GCM_OnWireTxHandler() override {
-    ::ceph::crypto::zeroize_for_security(&nonce, sizeof(nonce));
-    ::ceph::crypto::zeroize_for_security(&initial_nonce, sizeof(initial_nonce));
+    ::TOPNSPC::crypto::zeroize_for_security(&nonce, sizeof(nonce));
+    ::TOPNSPC::crypto::zeroize_for_security(&initial_nonce, sizeof(initial_nonce));
   }
 
   void reset_tx_handler(const uint32_t* first, const uint32_t* last) override;
@@ -189,7 +189,7 @@ public:
   }
 
   ~AES128GCM_OnWireRxHandler() override {
-    ::ceph::crypto::zeroize_for_security(&nonce, sizeof(nonce));
+    ::TOPNSPC::crypto::zeroize_for_security(&nonce, sizeof(nonce));
   }
 
   std::uint32_t get_extra_size_at_final() override {