From 1cf877a97880bec5402b5cda1d8090ca4b97a02c Mon Sep 17 00:00:00 2001 From: anwleung Date: Sat, 27 Jan 2007 08:29:59 +0000 Subject: [PATCH] Added some of the initial keys git-svn-id: https://ceph.svn.sf.net/svnroot/ceph@1042 29311d96-e01e-0410-9327-a35deaab8ce9 --- branches/aleung/security1/ceph/config.cc | 8 +++----- branches/aleung/security1/ceph/config.h | 2 +- branches/aleung/security1/ceph/fakesyn.cc | 19 +++++++++++++++++++ branches/aleung/security1/ceph/osd/OSD.cc | 4 ++++ branches/aleung/security1/ceph/osd/OSD.h | 9 +++++++-- branches/aleung/security1/ceph/osd/OSDMap.h | 13 +++++++++++++ 6 files changed, 47 insertions(+), 8 deletions(-) diff --git a/branches/aleung/security1/ceph/config.cc b/branches/aleung/security1/ceph/config.cc index 853cec55bb38f..f8479c1101186 100644 --- a/branches/aleung/security1/ceph/config.cc +++ b/branches/aleung/security1/ceph/config.cc @@ -294,7 +294,7 @@ md_config_t g_conf = { fakeclient_op_close: 200, //security (all principals) - secure_io: 1, + secure_io: true, sign_scheme: 0, /* 0=esign, 1=RSA */ hash_scheme: 0, /* 0=sha-1, 1=sha-256, 2=sha-512, 3 = md5 */ @@ -689,10 +689,8 @@ void parse_config_options(std::vector& args) g_conf.tick = atoi(args[++i]); // security flag to turn off security - else if (strcmp(args[i], "--no_sec") == 0) { - g_conf.secure_io = 0; - i++; - } + else if (strcmp(args[i], "--no_sec") == 0) + g_conf.secure_io = false; else if (strcmp(args[i], "--file_layout_ssize") == 0) g_OSD_FileLayout.stripe_size = atoi(args[++i]); diff --git a/branches/aleung/security1/ceph/config.h b/branches/aleung/security1/ceph/config.h index 362894a7fe987..504aa0bc33db1 100644 --- a/branches/aleung/security1/ceph/config.h +++ b/branches/aleung/security1/ceph/config.h @@ -279,7 +279,7 @@ struct md_config_t { int fakeclient_op_close; // security (all princiapls) - int secure_io; + bool secure_io; int sign_scheme; int hash_scheme; int crypt_scheme; diff --git a/branches/aleung/security1/ceph/fakesyn.cc b/branches/aleung/security1/ceph/fakesyn.cc index 312ad8b345ef8..74e5cd6f6a8c0 100644 --- a/branches/aleung/security1/ceph/fakesyn.cc +++ b/branches/aleung/security1/ceph/fakesyn.cc @@ -31,6 +31,10 @@ using namespace std; #include "common/Timer.h" +// crypto library +#include "crypto/CryptoLib.h" +using namespace CryptoLib; + #define NUMMDS g_conf.num_mds #define NUMOSD g_conf.num_osd #define NUMCLIENT g_conf.num_client @@ -69,6 +73,21 @@ int main(int argc, char **argv) g_clock.tare(); + + if (g_conf.secure_io) { + cout << "Testing crypto library" << endl; + + const byte* myMsg = (const byte*)"hash me"; + byte digestBuf[SHA1DIGESTSIZE]; + byte hexBuf[2*SHA1DIGESTSIZE]; + + sha1(myMsg,digestBuf,strlen((const char*)myMsg)); + toHex(digestBuf, hexBuf, SHA1DIGESTSIZE, + 2*SHA1DIGESTSIZE); + + cerr << "SHA1 of " << myMsg << " is " << + string((const char*)hexBuf,2*SHA1DIGESTSIZE) << endl; + } MonMap *monmap = new MonMap(g_conf.num_mon); diff --git a/branches/aleung/security1/ceph/osd/OSD.cc b/branches/aleung/security1/ceph/osd/OSD.cc index 67e84746229b0..cd43e3e1e4ebd 100644 --- a/branches/aleung/security1/ceph/osd/OSD.cc +++ b/branches/aleung/security1/ceph/osd/OSD.cc @@ -110,6 +110,10 @@ OSD::OSD(int id, Messenger *m, MonMap *mm, char *dev) osdmap = 0; boot_epoch = 0; + // create public/private keys + myPrivKey = esignPrivKey("crypto/esig1536.dat"); + myPubKey = esignPubKey(myPrivKey); + last_tid = 0; num_pulling = 0; diff --git a/branches/aleung/security1/ceph/osd/OSD.h b/branches/aleung/security1/ceph/osd/OSD.h index ae5dba7a8e01a..975aa84558599 100644 --- a/branches/aleung/security1/ceph/osd/OSD.h +++ b/branches/aleung/security1/ceph/osd/OSD.h @@ -32,10 +32,11 @@ using namespace __gnu_cxx; #include "messages/MOSDOp.h" +#include"crypto/CryptoLib.h" +using namespace CryptoLib; + class Messenger; class Message; - - class OSD : public Dispatcher { @@ -59,6 +60,10 @@ public: Messenger *messenger; int whoami; + // public/private key + esignPriv myPrivKey; + esignPub myPubKey; + static const int STATE_BOOTING = 1; static const int STATE_ACTIVE = 2; static const int STATE_STOPPING = 3; diff --git a/branches/aleung/security1/ceph/osd/OSDMap.h b/branches/aleung/security1/ceph/osd/OSDMap.h index 2c00eea9cdbdc..85ffbedc50810 100644 --- a/branches/aleung/security1/ceph/osd/OSDMap.h +++ b/branches/aleung/security1/ceph/osd/OSDMap.h @@ -35,6 +35,9 @@ using namespace crush; #include using namespace std; +#include"crypto/CryptoLib.h" +using namespace CryptoLib; + /* * some system constants @@ -74,6 +77,8 @@ public: list new_out; map new_overload; // updated overload value list old_overload; // no longer overload + map added_osd_keys; // new public keys + list removed_osd_keys; // public keys to remove void encode(bufferlist& bl) { bl.append((char*)&epoch, sizeof(epoch)); @@ -84,6 +89,8 @@ public: ::_encode(new_in, bl); ::_encode(new_out, bl); ::_encode(new_overload, bl); + //::_encode(added_osd_keys, bl); + //::_encode(removed_osd_keys, bl); } void decode(bufferlist& bl, int& off) { bl.copy(off, sizeof(epoch), (char*)&epoch); @@ -97,6 +104,8 @@ public: ::_decode(new_in, bl, off); ::_decode(new_out, bl, off); ::_decode(new_overload, bl, off); + //::_decode(added_osd_keys, bl, off); + //::_decode(removed_osd_keys, bl, off); } Incremental(epoch_t e=0) : epoch(e), mon_epoch(0) {} @@ -114,6 +123,7 @@ private: set out_osds; // list of unmapped disks map overload_osds; map osd_inst; + map osd_keys; //all public keys public: Crush crush; // hierarchical map @@ -145,6 +155,7 @@ private: const set& get_down_osds() { return down_osds; } const set& get_out_osds() { return out_osds; } const map& get_overload_osds() { return overload_osds; } + const map& get_keys() { return osd_keys; } bool is_down(int osd) { return down_osds.count(osd); } bool is_up(int osd) { return !is_down(osd); } @@ -233,6 +244,7 @@ private: _encode(out_osds, blist); _encode(overload_osds, blist); _encode(osd_inst, blist); + //_encode(osd_keys, blist); crush._encode(blist); } @@ -253,6 +265,7 @@ private: _decode(out_osds, blist, off); _decode(overload_osds, blist, off); _decode(osd_inst, blist, off); + //_decode(osd_keys, blist, off); crush._decode(blist, off); } -- 2.39.5