From: Radoslaw Zarzynski Date: Sun, 17 Feb 2019 01:26:59 +0000 (+0100) Subject: msg/async, v2: bring back the no-encryption ability. X-Git-Tag: v14.1.1~157^2~21 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=e02b2f5c884e635711fa8550cdd228629c4987b1;p=ceph-ci.git msg/async, v2: bring back the no-encryption ability. Signed-off-by: Radoslaw Zarzynski --- diff --git a/src/msg/async/ProtocolV2.cc b/src/msg/async/ProtocolV2.cc index 29ee40c285a..5637812d052 100644 --- a/src/msg/async/ProtocolV2.cc +++ b/src/msg/async/ProtocolV2.cc @@ -368,29 +368,35 @@ struct SignedEncryptedFrame : public PayloadFrame { } SignedEncryptedFrame(ProtocolV2 &protocol, const Args &... args) - : PayloadFrame(args...) { - ceph_assert(protocol.session_stream_handlers.tx); - - protocol.session_stream_handlers.tx->reset_tx_handler({ - this->payload.length() - }); - - auto exp_size = this->payload.length() + 16; + : PayloadFrame(args...) + { // FIXME: plainsize -> ciphersize; for AES-GCM they are equall apart // from auth tag size this->fill_preamble({ - segment_t{ this->payload.length() + 16 - FRAME_PREAMBLE_SIZE, 16 } + segment_t{ this->payload.length() - FRAME_PREAMBLE_SIZE, 16 } }, {}); - protocol.session_stream_handlers.tx->authenticated_encrypt_update( - std::move(this->payload)); - this->payload = \ - protocol.session_stream_handlers.tx->authenticated_encrypt_final(); - ceph_assert(exp_size == this->payload.length()); + if (protocol.session_stream_handlers.tx) { + ceph_assert(protocol.session_stream_handlers.tx); + protocol.session_stream_handlers.tx->reset_tx_handler({ + this->payload.length() + }); + + protocol.session_stream_handlers.tx->authenticated_encrypt_update( + std::move(this->payload)); + this->payload = \ + protocol.session_stream_handlers.tx->authenticated_encrypt_final(); + } } SignedEncryptedFrame(ProtocolV2 &protocol, char *payload, uint32_t length) - : PayloadFrame(do_not_encode_tag_t{}) { + : PayloadFrame(do_not_encode_tag_t{}) + { + if (!protocol.session_stream_handlers.rx) { + this->decode_frame(payload, length); + return; + } + ceph::bufferlist bl; bl.push_back(buffer::create_static(length, payload)); @@ -551,7 +557,7 @@ struct MessageHeaderFrame segment_t{ this->payload.length() - FRAME_PREAMBLE_SIZE, 8 }, segment_t{ front_len, 8 }, segment_t{ middle_len, 8 }, - segment_t{ data_len + 16, segment_t::DEFERRED_ALLOCATION }, + segment_t{ data_len, segment_t::DEFERRED_ALLOCATION }, }, {}); } @@ -1472,6 +1478,13 @@ CtPtr ProtocolV2::handle_read_frame_preamble_main(char *buffer, int r) { next_payload_len += main_preamble.segments[idx].length; } + if (session_stream_handlers.rx) { + rx_segments_todo_rev.front().length += \ + session_stream_handlers.rx->get_extra_size_at_final(); + next_payload_len += \ + session_stream_handlers.rx->get_extra_size_at_final(); + } + // TODO: move this ugliness into dedicated procedure const auto rx_crc = ceph_crc32c(0, reinterpret_cast(&main_preamble), diff --git a/src/msg/async/crypto_onwire.cc b/src/msg/async/crypto_onwire.cc index a664a399129..51b65f02a5f 100644 --- a/src/msg/async/crypto_onwire.cc +++ b/src/msg/async/crypto_onwire.cc @@ -179,6 +179,9 @@ public: memset(&nonce, 0, sizeof(nonce)); } + std::uint32_t get_extra_size_at_final() override { + return AESGCM_TAG_LEN; + } void reset_rx_handler() override; ceph::bufferlist authenticated_decrypt_update( ceph::bufferlist&& ciphertext, diff --git a/src/msg/async/crypto_onwire.h b/src/msg/async/crypto_onwire.h index 64e1db99d24..fd676c5347f 100644 --- a/src/msg/async/crypto_onwire.h +++ b/src/msg/async/crypto_onwire.h @@ -78,6 +78,11 @@ class RxHandler { public: virtual ~RxHandler() = default; + // Transmitter can append extra bytes of ciphertext at the -final step. + // This method return how much was added, and thus let client translate + // plaintext size into ciphertext size to grab from wire. + virtual std::uint32_t get_extra_size_at_final() = 0; + // Instance of RxHandler must be reset before doing any decrypt-update // step. This applies also to situation when decrypt-final was already // called and another round of update-...-update-final will take place.