From: Ricardo Dias <rdias@suse.com>
Date: Tue, 20 Nov 2018 16:34:47 +0000 (+0000)
Subject: cephx: added encrypt/decrypt bufferlist method to session handler
X-Git-Tag: v14.1.0~271^2~44
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=6ec5c9c11754b996aa2ad26c9254f100abdbd64d;p=ceph.git

cephx: added encrypt/decrypt bufferlist method to session handler

Signed-off-by: Ricardo Dias <rdias@suse.com>
---

diff --git a/src/auth/AuthSessionHandler.h b/src/auth/AuthSessionHandler.h
index 8c58aaa89efb..65e593c4d2ff 100644
--- a/src/auth/AuthSessionHandler.h
+++ b/src/auth/AuthSessionHandler.h
@@ -44,9 +44,16 @@ public:
   virtual int check_message_signature(Message *message) = 0;
   virtual int encrypt_message(Message *message) = 0;
   virtual int decrypt_message(Message *message) = 0;
+
   virtual int sign_bufferlist(bufferlist &in, bufferlist &out) {
     return 0;
   };
+  virtual int encrypt_bufferlist(bufferlist &in, bufferlist &out) {
+    return 0;
+  }
+  virtual int decrypt_bufferlist(bufferlist &in, bufferlist &out) {
+    return 0;
+  }
 
   int get_protocol() {return protocol;}
   CryptoKey get_key() {return key;}
diff --git a/src/auth/cephx/CephxSessionHandler.cc b/src/auth/cephx/CephxSessionHandler.cc
index f931ac4447a5..d40682f11bf0 100644
--- a/src/auth/cephx/CephxSessionHandler.cc
+++ b/src/auth/cephx/CephxSessionHandler.cc
@@ -203,3 +203,25 @@ int CephxSessionHandler::sign_bufferlist(bufferlist &in, bufferlist &out)
 
   return 0;
 }
+
+int CephxSessionHandler::encrypt_bufferlist(bufferlist &in, bufferlist &out) {
+  std::string error;
+  try {
+    key.encrypt(cct, in, out, &error);
+  } catch (std::exception &e) {
+    lderr(cct) << __func__ << " failed to encrypt buffer: " << error << dendl;
+    return -1;
+  }
+  return 0;
+}
+
+int CephxSessionHandler::decrypt_bufferlist(bufferlist &in, bufferlist &out) {
+  std::string error;
+  try {
+    key.decrypt(cct, in, out, &error);
+  } catch (std::exception &e) {
+    lderr(cct) << __func__ << " failed to decrypt buffer: " << error << dendl;
+    return -1;
+  }
+  return 0;
+}
diff --git a/src/auth/cephx/CephxSessionHandler.h b/src/auth/cephx/CephxSessionHandler.h
index 35930f34676a..5e37e1656728 100644
--- a/src/auth/cephx/CephxSessionHandler.h
+++ b/src/auth/cephx/CephxSessionHandler.h
@@ -38,6 +38,8 @@ public:
   int check_message_signature(Message *m) override ;
 
   int sign_bufferlist(bufferlist &in, bufferlist &out) override;
+  int encrypt_bufferlist(bufferlist &in, bufferlist &out) override;
+  int decrypt_bufferlist(bufferlist &in, bufferlist &out) override;
 
   // Cephx does not currently encrypt messages, so just return 0 if called.  PLR