From: Yehuda Sadeh Date: Mon, 17 Mar 2025 07:57:21 +0000 (-0400) Subject: auth: add usage param to crypto handler X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=1437cb7623a88a2be9e95976c1627aa58896eee6;p=ceph-ci.git auth: add usage param to crypto handler Allow different usage for crypto handler users. Currently being used in the crypto unitest to match the test vectors. Signed-off-by: Yehuda Sadeh --- diff --git a/src/auth/Crypto.cc b/src/auth/Crypto.cc index 4cd328b97ae..cf8c318f89f 100644 --- a/src/auth/Crypto.cc +++ b/src/auth/Crypto.cc @@ -256,7 +256,7 @@ public: int validate_secret(const bufferptr& secret) override { return 0; } - CryptoKeyHandler *get_key_handler(const bufferptr& secret, string& error) override { + CryptoKeyHandler *get_key_handler_ext(const bufferptr& secret, uint32_t usage, string& error) override { return new CryptoNoneKeyHandler; } }; @@ -274,7 +274,7 @@ public: } int create(CryptoRandom *random, bufferptr& secret) override; int validate_secret(const bufferptr& secret) override; - CryptoKeyHandler *get_key_handler(const bufferptr& secret, string& error) override; + CryptoKeyHandler *get_key_handler_ext(const bufferptr& secret, uint32_t usage /* unused */, string& error) override; }; // when we say AES, we mean AES-128 @@ -478,8 +478,9 @@ int CryptoAES::validate_secret(const bufferptr& secret) return 0; } -CryptoKeyHandler *CryptoAES::get_key_handler(const bufferptr& secret, - string& error) +CryptoKeyHandler *CryptoAES::get_key_handler_ext(const bufferptr& secret, + uint32_t usage, + string& error) { CryptoAESKeyHandler *ckh = new CryptoAESKeyHandler; ostringstream oss; @@ -506,7 +507,7 @@ public: } int create(CryptoRandom *random, bufferptr& secret) override; int validate_secret(const bufferptr& secret) override; - CryptoKeyHandler *get_key_handler(const bufferptr& secret, string& error) override; + CryptoKeyHandler *get_key_handler_ext(const bufferptr& secret, uint32_t usage, string& error) override; }; static constexpr const std::size_t AES256KRB5_KEY_LEN{32}; @@ -718,11 +719,11 @@ public: using CryptoKeyHandler::encrypt; using CryptoKeyHandler::decrypt; - int init(const ceph::bufferptr& s, ostringstream& err) { + int init(const ceph::bufferptr& s, uint32_t usage, ostringstream& err) { cipher = EVP_CIPHER_fetch(NULL, "AES-256-CBC-CTS", NULL); secret = s; - int r = calc_kx(secret, 0x2 /* usage */, + int r = calc_kx(secret, usage, 0x55 /* Ki type */, AES256KRB5_HASH_LEN /* 192 bit */, ki, @@ -732,7 +733,7 @@ public: } ki_raw = reinterpret_cast(ki.c_str()); /* needed so that we can use ki in const methods */ - r = calc_kx(secret, 0x2 /* usage */, + r = calc_kx(secret, usage, 0xAA /* Ke type */, 32 /* 256 bit */, ke, @@ -903,12 +904,13 @@ int CryptoAES256KRB5::validate_secret(const bufferptr& secret) return 0; } -CryptoKeyHandler *CryptoAES256KRB5::get_key_handler(const bufferptr& secret, - string& error) +CryptoKeyHandler *CryptoAES256KRB5::get_key_handler_ext(const bufferptr& secret, + uint32_t usage, + string& error) { CryptoAES256KRB5KeyHandler *ckh = new CryptoAES256KRB5KeyHandler; ostringstream oss; - if (ckh->init(secret, oss) < 0) { + if (ckh->init(secret, usage, oss) < 0) { error = oss.str(); delete ckh; return NULL; diff --git a/src/auth/Crypto.h b/src/auth/Crypto.h index 5d98774f622..7bd708d3597 100644 --- a/src/auth/Crypto.h +++ b/src/auth/Crypto.h @@ -227,8 +227,14 @@ public: virtual int get_type() const = 0; virtual int create(CryptoRandom *random, ceph::buffer::ptr& secret) = 0; virtual int validate_secret(const ceph::buffer::ptr& secret) = 0; + virtual CryptoKeyHandler *get_key_handler_ext(const ceph::buffer::ptr& secret, + uint32_t usage, + std::string& error) = 0; + virtual CryptoKeyHandler *get_key_handler(const ceph::buffer::ptr& secret, - std::string& error) = 0; + std::string& error) { + return get_key_handler_ext(secret, 0, error); + } static CryptoHandler *create(int type); }; diff --git a/src/test/crypto.cc b/src/test/crypto.cc index 6ff91293511..a814b5e106c 100644 --- a/src/test/crypto.cc +++ b/src/test/crypto.cc @@ -377,7 +377,7 @@ TEST(AES256KRB5, Encrypt) { bufferlist cipher; std::string error; - CryptoKeyHandler *kh = h->get_key_handler(secret, error); + CryptoKeyHandler *kh = h->get_key_handler_ext(secret, 2, error); int r = kh->encrypt_ext(g_ceph_context, plaintext, &confounder, cipher, &error); ASSERT_EQ(r, 0); ASSERT_EQ(error, ""); @@ -424,7 +424,7 @@ TEST(AES256KRB5, Decrypt) { std::string error; bufferlist plaintext; - CryptoKeyHandler *kh = h->get_key_handler(secret, error); + CryptoKeyHandler *kh = h->get_key_handler_ext(secret, 2, error); int r = kh->decrypt(g_ceph_context, cipher, plaintext, &error); ASSERT_EQ(r, 0); ASSERT_EQ(error, "");