From: Radoslaw Zarzynski Date: Thu, 7 Feb 2019 21:32:41 +0000 (+0100) Subject: msg/async: SignedEncryptedFrame uses ceph::crypto::onwire. X-Git-Tag: v14.1.1~157^2~44 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=7769de741a14f907805805eebb263299ea020499;p=ceph.git msg/async: SignedEncryptedFrame uses ceph::crypto::onwire. Signed-off-by: Radoslaw Zarzynski --- diff --git a/src/msg/async/ProtocolV2.cc b/src/msg/async/ProtocolV2.cc index cdc1ef65851..ce4e116e20c 100644 --- a/src/msg/async/ProtocolV2.cc +++ b/src/msg/async/ProtocolV2.cc @@ -277,16 +277,49 @@ template struct SignedEncryptedFrame : public PayloadFrame { SignedEncryptedFrame(ProtocolV2 &protocol, const Args &... args) : PayloadFrame(args...) { +#if 0 ceph::bufferlist trans_bl; this->payload.splice(8, this->payload.length() - 8, &trans_bl); protocol.authencrypt_payload(trans_bl); this->payload.claim_append(trans_bl); + +#else + ceph_assert(protocol.session_stream_handlers.tx); + + protocol.session_stream_handlers.tx->reset_tx_handler({ + 8, this->payload.length() - 8, + }); + + // NOTE: this is just for the makeshift commits + ceph::bufferlist trans_bl; + this->payload.splice(8, this->payload.length() - 8, &trans_bl); + std::swap(trans_bl, this->payload); + + this->preamble_filler = protocol.session_stream_handlers.tx->reserve(8); + + protocol.session_stream_handlers.tx->authenticated_encrypt_update( + std::move(this->payload)); + this->payload = \ + protocol.session_stream_handlers.tx->authenticated_encrypt_final(); +#endif } SignedEncryptedFrame(ProtocolV2 &protocol, char *payload, uint32_t length) : PayloadFrame() { +#if 0 protocol.authdecrypt_payload(payload, length); this->decode_frame(payload, length); +#else + protocol.session_stream_handlers.rx->reset_rx_handler(); + + ceph::bufferlist bl; + bl.push_back(buffer::create_static(length, payload)); + + ceph::bufferlist plain_bl = \ + protocol.session_stream_handlers.rx->authenticated_decrypt_update_final( + std::move(bl), 8); + this->decode_frame(plain_bl.c_str(), plain_bl.length()); +#endif } }; @@ -1705,7 +1738,7 @@ CtPtr ProtocolV2::read_message_data() { // the message payload ldout(cct, 1) << __func__ << " reading message payload extra bytes left=" << next_payload_len << dendl; - ceph_assert(session_security.rx && session_security.tx && + ceph_assert(session_stream_handlers.rx && session_stream_handlers.tx && auth_meta->is_mode_secure()); extra.push_back(buffer::create(next_payload_len)); return READB(next_payload_len, extra.c_str(), handle_message_extra_bytes); @@ -2099,8 +2132,8 @@ CtPtr ProtocolV2::handle_auth_done(char *payload, uint32_t length) { return _fault(); } auth_meta->con_mode = auth_done.con_mode(); - session_security = - AuthStreamHandler::create_stream_handler_pair(cct, auth_meta); + session_stream_handlers = \ + ceph::crypto::onwire::rxtx_t::create_handler_pair(cct, *auth_meta, false); if (!server_cookie) { ceph_assert(connect_seq == 0); @@ -2424,9 +2457,9 @@ CtPtr ProtocolV2::_handle_auth_request(bufferlist& auth_payload, bool more) if (r == 1) { INTERCEPT(10); - session_security = - AuthStreamHandler::create_stream_handler_pair(cct, auth_meta); - std::swap(session_security.rx, session_security.tx); + ceph_assert(auth_meta); + session_stream_handlers = \ + ceph::crypto::onwire::rxtx_t::create_handler_pair(cct, *auth_meta, true); AuthDoneFrame auth_done(connection->peer_global_id, auth_meta->con_mode, reply); return WRITE(auth_done.get_buffer(), "auth done", read_frame); @@ -2836,6 +2869,7 @@ CtPtr ProtocolV2::reuse_connection(AsyncConnectionRef existing, exproto->reconnecting = reconnecting; exproto->replacing = true; std::swap(exproto->session_security, session_security); + std::swap(exproto->session_stream_handlers, session_stream_handlers); exproto->auth_meta = auth_meta; existing->state_offset = 0; // avoid previous thread modify event diff --git a/src/msg/async/ProtocolV2.h b/src/msg/async/ProtocolV2.h index 059cc28e085..92f64fa7b60 100644 --- a/src/msg/async/ProtocolV2.h +++ b/src/msg/async/ProtocolV2.h @@ -5,6 +5,7 @@ #define _MSG_ASYNC_PROTOCOL_V2_ #include "Protocol.h" +#include "crypto_onwire.h" class ProtocolV2 : public Protocol { private: @@ -68,6 +69,8 @@ public: ACK }; + // TODO: move into auth_meta? + ceph::crypto::onwire::rxtx_t session_stream_handlers; private: enum class AuthFlag : uint64_t { ENCRYPTED = 1, SIGNED = 2 };