From: Yehuda Sadeh Date: Wed, 28 May 2025 19:50:15 +0000 (-0400) Subject: auth: create slice api for calculating hmac_sha256 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=14dfe059fd5b1bc0aeacdfeab0aee9b6bd82ae20;p=ceph-ci.git auth: create slice api for calculating hmac_sha256 Signed-off-by: Yehuda Sadeh --- diff --git a/src/auth/Crypto.cc b/src/auth/Crypto.cc index 1c45ecb734d..cfb90feae9b 100644 --- a/src/auth/Crypto.cc +++ b/src/auth/Crypto.cc @@ -230,6 +230,19 @@ sha256_digest_t CryptoKeyHandler::hmac_sha256( return ret; } +sha256_digest_t CryptoKeyHandler::hmac_sha256( + const in_slice_t& in) const +{ + TOPNSPC::crypto::HMACSHA256 hmac((const unsigned char*)secret.c_str(), secret.length()); + + hmac.Update(in.buf, in.length); + + sha256_digest_t ret; + hmac.Final(ret.v); + + return ret; +} + // --------------------------------------------------- class CryptoNoneKeyHandler : public CryptoKeyHandler { diff --git a/src/auth/Crypto.h b/src/auth/Crypto.h index 3f7d7ebe491..4665a0044f1 100644 --- a/src/auth/Crypto.h +++ b/src/auth/Crypto.h @@ -104,6 +104,7 @@ public: const in_slice_t& in, const out_slice_t& out) const; + sha256_digest_t hmac_sha256(const in_slice_t& in) const; sha256_digest_t hmac_sha256(const ceph::bufferlist& in) const; }; @@ -210,6 +211,11 @@ public: return ckh->hmac_sha256(in); } + sha256_digest_t hmac_sha256(CephContext *cct, const in_slice_t& in) const { + ceph_assert(ckh); + return ckh->hmac_sha256(in); + } + static constexpr std::size_t get_max_outbuf_size(std::size_t want_size) { return want_size + CryptoKeyHandler::MAX_BLOCK_SIZE; } diff --git a/src/test/crypto.cc b/src/test/crypto.cc index f49edd36ab4..bb286de3054 100644 --- a/src/test/crypto.cc +++ b/src/test/crypto.cc @@ -589,6 +589,58 @@ TEST(AES256KRB5, DecryptNoBl) { } } +TEST(AES256KRB5, HMAC_SHA256) { + auto h = g_ceph_context->get_crypto_manager()->get_handler(CEPH_CRYPTO_AES256KRB5); + + unsigned char secret_s[] = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, + 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff }; + bufferptr secret((const char *)secret_s, sizeof(secret_s)); + std::string plaintext = "blablabla"; + + std::string error; + + std::unique_ptr kh(h->get_key_handler(secret, error)); + + bufferlist bl; + bl.append((const char *)plaintext.c_str(), plaintext.size()); + auto hash = kh->hmac_sha256(bl); + + dump_buf("HMAC_SHA256:", (const unsigned char *)&hash, sizeof(hash)); + + unsigned char expected_s[] = { 0x42, 0xc7, 0x02, 0x7e, 0x8b, 0xe0, 0x6d, 0xca, + 0x2c, 0x0b, 0x44, 0x43, 0x73, 0xfe, 0xfd, 0xbe, + 0xac, 0x5b, 0x40, 0x34, 0xec, 0xa4, 0x4a, 0x69, + 0xde, 0x3a, 0x29, 0x16, 0x34, 0xed, 0x8d, 0xf9 }; + + + ASSERT_EQ(0, memcmp(expected_s, (const char *)&hash, sizeof(hash))); +} + +TEST(AES256KRB5, HMAC_SHA256_NoBl) { + auto h = g_ceph_context->get_crypto_manager()->get_handler(CEPH_CRYPTO_AES256KRB5); + + unsigned char secret_s[] = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, + 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff }; + bufferptr secret((const char *)secret_s, sizeof(secret_s)); + std::string plaintext = "testing1234blablabla"; + + std::string error; + + std::unique_ptr kh(h->get_key_handler(secret, error)); + + CryptoKey::in_slice_t plaintext_slice { plaintext.size(), (const unsigned char *)plaintext.c_str() }; + auto hash = kh->hmac_sha256(plaintext_slice); + + dump_buf("HMAC_SHA256:", (const unsigned char *)&hash, sizeof(hash)); + + unsigned char expected_s[] = { 0x4b, 0xd3, 0xac, 0x39, 0x4a, 0xcc, 0x97, 0x06, + 0xdd, 0x09, 0xe6, 0x5c, 0x68, 0xad, 0xd4, 0xcf, + 0x09, 0x2c, 0xcd, 0xa1, 0xe7, 0x99, 0xe3, 0x5c, + 0x52, 0x73, 0x85, 0xbd, 0x79, 0x73, 0xc6, 0x98 }; + + ASSERT_EQ(0, memcmp(expected_s, (const char *)&hash, sizeof(hash))); +} + static void aes256krb5_loop(const std::size_t text_size) { cipher_loop(text_size, CEPH_CRYPTO_AES256KRB5, 32); }