From: Ilya Dryomov Date: Fri, 6 Mar 2020 19:16:45 +0000 (+0100) Subject: msg/async/crypto_onwire: fix endianness of nonce_t X-Git-Tag: v15.2.1~1^2~3 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=dfd1d81cec62e21e21696dc87d4db5f920e51a67;p=ceph.git msg/async/crypto_onwire: fix endianness of nonce_t As a AES-GCM IV, nonce_t is implicitly shared between server and client. Currently, if their endianness doesn't match, they are unable to communicate in secure mode because each gets its own idea of what the next nonce should be after the counter is incremented. Several RFCs state that the nonce counter should be BE, but since we use LE for everything on-disk and on-wire, make it LE. Signed-off-by: Ilya Dryomov Reviewed-by: Radoslaw Zarzynski Reviewed-by: Sage Weil --- diff --git a/src/msg/async/crypto_onwire.cc b/src/msg/async/crypto_onwire.cc index 07e7fe6553c..c39632cbd6e 100644 --- a/src/msg/async/crypto_onwire.cc +++ b/src/msg/async/crypto_onwire.cc @@ -20,8 +20,8 @@ static constexpr const std::size_t AESGCM_TAG_LEN{16}; static constexpr const std::size_t AESGCM_BLOCK_LEN{16}; struct nonce_t { - std::uint32_t random_seq; - std::uint64_t random_rest; + ceph_le32 random_seq; + ceph_le64 random_rest; bool operator==(const nonce_t& rhs) const { return !memcmp(this, &rhs, sizeof(*this)); @@ -99,7 +99,7 @@ void AES128GCM_OnWireTxHandler::reset_tx_handler( buffer.reserve(std::accumulate(std::begin(update_size_sequence), std::end(update_size_sequence), AESGCM_TAG_LEN)); - ++nonce.random_seq; + nonce.random_seq = nonce.random_seq + 1; } void AES128GCM_OnWireTxHandler::authenticated_encrypt_update( @@ -204,7 +204,7 @@ void AES128GCM_OnWireRxHandler::reset_rx_handler() reinterpret_cast(&nonce))) { throw std::runtime_error("EVP_DecryptInit_ex failed"); } - ++nonce.random_seq; + nonce.random_seq = nonce.random_seq + 1; } ceph::bufferlist AES128GCM_OnWireRxHandler::authenticated_decrypt_update(