From 6ec5c9c11754b996aa2ad26c9254f100abdbd64d Mon Sep 17 00:00:00 2001
From: Ricardo Dias <rdias@suse.com>
Date: Tue, 20 Nov 2018 16:34:47 +0000
Subject: [PATCH] cephx: added encrypt/decrypt bufferlist method to session
 handler

Signed-off-by: Ricardo Dias <rdias@suse.com>
---
 src/auth/AuthSessionHandler.h         |  7 +++++++
 src/auth/cephx/CephxSessionHandler.cc | 22 ++++++++++++++++++++++
 src/auth/cephx/CephxSessionHandler.h  |  2 ++
 3 files changed, 31 insertions(+)

diff --git a/src/auth/AuthSessionHandler.h b/src/auth/AuthSessionHandler.h
index 8c58aaa89ef..65e593c4d2f 100644
--- a/src/auth/AuthSessionHandler.h
+++ b/src/auth/AuthSessionHandler.h
@@ -44,9 +44,16 @@ public:
   virtual int check_message_signature(Message *message) = 0;
   virtual int encrypt_message(Message *message) = 0;
   virtual int decrypt_message(Message *message) = 0;
+
   virtual int sign_bufferlist(bufferlist &in, bufferlist &out) {
     return 0;
   };
+  virtual int encrypt_bufferlist(bufferlist &in, bufferlist &out) {
+    return 0;
+  }
+  virtual int decrypt_bufferlist(bufferlist &in, bufferlist &out) {
+    return 0;
+  }
 
   int get_protocol() {return protocol;}
   CryptoKey get_key() {return key;}
diff --git a/src/auth/cephx/CephxSessionHandler.cc b/src/auth/cephx/CephxSessionHandler.cc
index f931ac4447a..d40682f11bf 100644
--- a/src/auth/cephx/CephxSessionHandler.cc
+++ b/src/auth/cephx/CephxSessionHandler.cc
@@ -203,3 +203,25 @@ int CephxSessionHandler::sign_bufferlist(bufferlist &in, bufferlist &out)
 
   return 0;
 }
+
+int CephxSessionHandler::encrypt_bufferlist(bufferlist &in, bufferlist &out) {
+  std::string error;
+  try {
+    key.encrypt(cct, in, out, &error);
+  } catch (std::exception &e) {
+    lderr(cct) << __func__ << " failed to encrypt buffer: " << error << dendl;
+    return -1;
+  }
+  return 0;
+}
+
+int CephxSessionHandler::decrypt_bufferlist(bufferlist &in, bufferlist &out) {
+  std::string error;
+  try {
+    key.decrypt(cct, in, out, &error);
+  } catch (std::exception &e) {
+    lderr(cct) << __func__ << " failed to decrypt buffer: " << error << dendl;
+    return -1;
+  }
+  return 0;
+}
diff --git a/src/auth/cephx/CephxSessionHandler.h b/src/auth/cephx/CephxSessionHandler.h
index 35930f34676..5e37e165672 100644
--- a/src/auth/cephx/CephxSessionHandler.h
+++ b/src/auth/cephx/CephxSessionHandler.h
@@ -38,6 +38,8 @@ public:
   int check_message_signature(Message *m) override ;
 
   int sign_bufferlist(bufferlist &in, bufferlist &out) override;
+  int encrypt_bufferlist(bufferlist &in, bufferlist &out) override;
+  int decrypt_bufferlist(bufferlist &in, bufferlist &out) override;
 
   // Cephx does not currently encrypt messages, so just return 0 if called.  PLR
 
-- 
2.47.3