return 0;
}
- int res = 0;
std::unique_ptr<BlockCrypt> block_crypt;
- res = rgw_s3_prepare_decrypt(s, attrs, &block_crypt, crypt_http_responses);
- if (res == 0) {
- if (block_crypt != nullptr) {
- auto f = std::make_unique<RGWGetObj_BlockDecrypt>(s, s->cct, cb, std::move(block_crypt), s->yield);
- if (manifest_bl != nullptr) {
- res = f->read_manifest(this, *manifest_bl);
- if (res == 0) {
- *filter = std::move(f);
- }
- }
- }
+ int res = rgw_s3_prepare_decrypt(s, attrs, &block_crypt, crypt_http_responses);
+ if (res < 0) {
+ return res;
}
- return res;
+ if (block_crypt == nullptr) {
+ return 0;
+ }
+
+ // in case of a multipart upload, we need to know the part lengths to
+ // correctly decrypt across part boundaries
+ std::vector<size_t> parts_len;
+ res = RGWGetObj_BlockDecrypt::read_manifest_parts(this, *manifest_bl,
+ parts_len);
+ if (res < 0) {
+ return res;
+ }
+
+ *filter = std::make_unique<RGWGetObj_BlockDecrypt>(
+ s, s->cct, cb, std::move(block_crypt),
+ std::move(parts_len), s->yield);
+ return 0;
}
int RGWGetObj_ObjStore_S3::verify_requester(const rgw::auth::StrategyRegistry& auth_registry, optional_yield y)
{
{
std::map<std::string, std::string> crypt_http_responses_unused;
- int res = 0;
std::unique_ptr<BlockCrypt> block_crypt;
- res = rgw_s3_prepare_decrypt(s, attrs, &block_crypt, crypt_http_responses_unused);
- if (res == 0) {
- if (block_crypt != nullptr) {
- auto f = std::unique_ptr<RGWGetObj_BlockDecrypt>(new RGWGetObj_BlockDecrypt(s, s->cct, cb, std::move(block_crypt), s->yield));
- if (f != nullptr) {
- if (manifest_bl != nullptr) {
- res = f->read_manifest(this, *manifest_bl);
- if (res == 0) {
- *filter = std::move(f);
- }
- }
- }
- }
+ int res = rgw_s3_prepare_decrypt(s, attrs, &block_crypt, crypt_http_responses_unused);
+ if (res < 0) {
+ return res;
}
- return res;
+ if (block_crypt == nullptr) {
+ return 0;
+ }
+
+ // in case of a multipart upload, we need to know the part lengths to
+ // correctly decrypt across part boundaries
+ std::vector<size_t> parts_len;
+ res = RGWGetObj_BlockDecrypt::read_manifest_parts(this, *manifest_bl,
+ parts_len);
+ if (res < 0) {
+ return res;
+ }
+
+ *filter = std::make_unique<RGWGetObj_BlockDecrypt>(
+ s, s->cct, cb, std::move(block_crypt),
+ std::move(parts_len), s->yield);
+ return 0;
}
int RGWPutObj_ObjStore_S3::get_encrypt_filter(
ut_get_sink get_sink;
auto cbc = AES_256_CBC_create(&no_dpp, g_ceph_context, &key[0], 32);
ASSERT_NE(cbc.get(), nullptr);
- RGWGetObj_BlockDecrypt decrypt(&no_dpp, g_ceph_context, &get_sink, std::move(cbc), null_yield);
+ RGWGetObj_BlockDecrypt decrypt(&no_dpp, g_ceph_context, &get_sink, std::move(cbc), {}, null_yield);
//random ranges
off_t begin = (r/3)*r*(r+13)*(r+23)*(r+53)*(r+71) % test_range;
ut_get_sink get_sink;
auto cbc = AES_256_CBC_create(&no_dpp, g_ceph_context, &key[0], 32);
ASSERT_NE(cbc.get(), nullptr);
- RGWGetObj_BlockDecrypt decrypt(&no_dpp, g_ceph_context, &get_sink, std::move(cbc), null_yield);
+ RGWGetObj_BlockDecrypt decrypt(&no_dpp, g_ceph_context, &get_sink, std::move(cbc), {}, null_yield);
//random
off_t begin = (r/3)*r*(r+13)*(r+23)*(r+53)*(r+71) % test_range;
ut_get_sink get_sink;
auto nonecrypt = std::unique_ptr<BlockCrypt>(new BlockCryptNone);
RGWGetObj_BlockDecrypt decrypt(&no_dpp, g_ceph_context, &get_sink,
- std::move(nonecrypt), null_yield);
+ std::move(nonecrypt), {}, null_yield);
ASSERT_EQ(fixup_range(&decrypt,0,0), range_t(0,255));
ASSERT_EQ(fixup_range(&decrypt,1,256), range_t(0,511));
ASSERT_EQ(fixup_range(&decrypt,0,255), range_t(0,255));
ASSERT_EQ(fixup_range(&decrypt,513,1024), range_t(512,1024+255));
}
-using parts_len_t = std::vector<size_t>;
-
-class TestRGWGetObj_BlockDecrypt : public RGWGetObj_BlockDecrypt {
- using RGWGetObj_BlockDecrypt::RGWGetObj_BlockDecrypt;
-public:
- void set_parts_len(parts_len_t&& other) {
- parts_len = std::move(other);
- }
-};
-
std::vector<size_t> create_mp_parts(size_t obj_size, size_t mp_part_len){
std::vector<size_t> parts_len;
size_t part_size;
ut_get_sink get_sink;
auto nonecrypt = std::make_unique<BlockCryptNone>(4096);
- TestRGWGetObj_BlockDecrypt decrypt(&no_dpp, g_ceph_context, &get_sink,
- std::move(nonecrypt), null_yield);
- decrypt.set_parts_len(create_mp_parts(obj_size, part_size));
+ RGWGetObj_BlockDecrypt decrypt(&no_dpp, g_ceph_context, &get_sink,
+ std::move(nonecrypt),
+ create_mp_parts(obj_size, part_size),
+ null_yield);
ASSERT_EQ(fixup_range(&decrypt,0,0), range_t(0,4095));
ASSERT_EQ(fixup_range(&decrypt,1,4096), range_t(0,8191));
ASSERT_EQ(fixup_range(&decrypt,0,4095), range_t(0,4095));
{
const NoDoutPrefix no_dpp(g_ceph_context, dout_subsys);
+ const size_t na_obj_size = obj_size + 1;
+
ut_get_sink get_sink;
auto nonecrypt = std::make_unique<BlockCryptNone>(4096);
- TestRGWGetObj_BlockDecrypt decrypt(&no_dpp, g_ceph_context, &get_sink,
- std::move(nonecrypt), null_yield);
- auto na_obj_size = obj_size + 1;
- decrypt.set_parts_len(create_mp_parts(na_obj_size, part_size));
+ RGWGetObj_BlockDecrypt decrypt(&no_dpp, g_ceph_context, &get_sink,
+ std::move(nonecrypt),
+ create_mp_parts(na_obj_size, part_size),
+ null_yield);
// these should be unaffected here
ASSERT_EQ(fixup_range(&decrypt, 0, part_size - 2), range_t(0, part_size -1));
{
const NoDoutPrefix no_dpp(g_ceph_context, dout_subsys);
+ const size_t na_part_size = part_size + 1;
+
ut_get_sink get_sink;
auto nonecrypt = std::make_unique<BlockCryptNone>(4096);
- TestRGWGetObj_BlockDecrypt decrypt(&no_dpp, g_ceph_context, &get_sink,
- std::move(nonecrypt), null_yield);
- auto na_part_size = part_size + 1;
- decrypt.set_parts_len(create_mp_parts(obj_size, na_part_size));
+ RGWGetObj_BlockDecrypt decrypt(&no_dpp, g_ceph_context, &get_sink,
+ std::move(nonecrypt),
+ create_mp_parts(obj_size, na_part_size),
+ null_yield);
// na_part_size -2, ie. part_size -1 is aligned to 4095 boundary
ASSERT_EQ(fixup_range(&decrypt, 0, na_part_size - 2), range_t(0, na_part_size -2));
{
const NoDoutPrefix no_dpp(g_ceph_context, dout_subsys);
+ const size_t na_part_size = part_size + 1;
+ const size_t na_obj_size = obj_size + 7; // (6*(5MiB + 1) + 1) for the last 1B overflow
+
ut_get_sink get_sink;
auto nonecrypt = std::make_unique<BlockCryptNone>(4096);
- TestRGWGetObj_BlockDecrypt decrypt(&no_dpp, g_ceph_context, &get_sink,
- std::move(nonecrypt), null_yield);
- auto na_part_size = part_size + 1;
- auto na_obj_size = obj_size + 7; // (6*(5MiB + 1) + 1) for the last 1B overflow
- decrypt.set_parts_len(create_mp_parts(na_obj_size, na_part_size));
+ RGWGetObj_BlockDecrypt decrypt(&no_dpp, g_ceph_context, &get_sink,
+ std::move(nonecrypt),
+ create_mp_parts(na_obj_size, na_part_size),
+ null_yield);
// na_part_size -2, ie. part_size -1 is aligned to 4095 boundary
ASSERT_EQ(fixup_range(&decrypt, 0, na_part_size - 2), range_t(0, na_part_size -2));
ut_get_sink get_sink;
auto nonecrypt = std::make_unique<BlockCryptNone>(4096);
- TestRGWGetObj_BlockDecrypt decrypt(&no_dpp, g_ceph_context, &get_sink,
- std::move(nonecrypt), null_yield);
+ RGWGetObj_BlockDecrypt decrypt(&no_dpp, g_ceph_context, &get_sink,
+ std::move(nonecrypt),
+ create_mp_parts(obj_size, part_size),
+ null_yield);
- decrypt.set_parts_len(create_mp_parts(obj_size, part_size));
// the ranges below would be mostly unreachable in current code as rgw
// would've returned a 411 before reaching, but we're just doing this to make
ut_get_sink get_sink;
RGWGetObj_BlockDecrypt decrypt(&no_dpp, g_ceph_context, &get_sink,
AES_256_CBC_create(&no_dpp, g_ceph_context, &key[0], 32),
- null_yield);
+ {}, null_yield);
off_t bl_ofs = 0;
off_t bl_end = test_size - 1;
projects / ceph-ci.git / commitdiff