auth: add hmac_sha256() to CryptoKey.

Signed-off-by: Radoslaw Zarzynski <rzarzyns@redhat.com>

diff --git a/src/auth/Crypto.cc b/src/auth/Crypto.cc
index bf9270a92e2cbb0364640e69914365d7e4933243..8b355bf1142301c112509334876102f8f79cab66 100644 (file)
--- a/src/auth/Crypto.cc
+++ b/src/auth/Crypto.cc
@@ -131,6 +131,20 @@ std::size_t CryptoKeyHandler::decrypt(
   return todo_len;
 }
 
+sha256_digest_t CryptoKeyHandler::hmac_sha256(
+  const ceph::bufferlist& in) const
+{
+  ceph::crypto::HMACSHA256 hmac((const unsigned char*)secret.c_str(), secret.length());
+
+  for (const auto& bptr : in.buffers()) {
+    hmac.Update((const unsigned char *)bptr.c_str(), bptr.length());
+  }
+  sha256_digest_t ret;
+  hmac.Final(ret.v);
+
+  return ret;
+}
+
 // ---------------------------------------------------
 
 class CryptoNoneKeyHandler : public CryptoKeyHandler {

diff --git a/src/auth/Crypto.h b/src/auth/Crypto.h
index 4cda0830343fb18ab26bb6e837d339da985928b5..46323348bf579a00f96b7fcca00c7c0cfe3e6477 100644 (file)
--- a/src/auth/Crypto.h
+++ b/src/auth/Crypto.h
@@ -80,6 +80,8 @@ public:
                              const out_slice_t& out) const;
   virtual std::size_t decrypt(const in_slice_t& in,
                              const out_slice_t& out) const;
+
+  sha256_digest_t hmac_sha256(const ceph::bufferlist& in) const;
 };
 
 /*
@@ -169,6 +171,11 @@ public:
     return ckh->encrypt(in, out);
   }
 
+  sha256_digest_t hmac_sha256(CephContext*, const ceph::bufferlist& in) {
+    ceph_assert(ckh);
+    return ckh->hmac_sha256(in);
+  }
+
   static constexpr std::size_t get_max_outbuf_size(std::size_t want_size) {
     return want_size + CryptoKeyHandler::MAX_BLOCK_SIZE;
   }