From 871cd3bae4b5399a26155e67a693cd0d437d8c38 Mon Sep 17 00:00:00 2001 From: Yehuda Sadeh Date: Wed, 28 May 2025 15:50:15 -0400 Subject: [PATCH] auth: create slice api for calculating hmac_sha256 Signed-off-by: Yehuda Sadeh (cherry picked from commit dfffd730268e35bd357277963a0dc98ceae947f5) --- src/auth/Crypto.cc | 13 ++++++++++++ src/auth/Crypto.h | 6 ++++++ src/test/crypto.cc | 52 ++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 71 insertions(+) diff --git a/src/auth/Crypto.cc b/src/auth/Crypto.cc index 8f50279ed35..f9fd54c6324 100644 --- a/src/auth/Crypto.cc +++ b/src/auth/Crypto.cc @@ -229,6 +229,19 @@ sha256_digest_t CryptoKeyHandler::hmac_sha256( return ret; } +sha256_digest_t CryptoKeyHandler::hmac_sha256( + const in_slice_t& in) const +{ + TOPNSPC::crypto::HMACSHA256 hmac((const unsigned char*)secret.c_str(), secret.length()); + + hmac.Update(in.buf, in.length); + + sha256_digest_t ret; + hmac.Final(ret.v); + + return ret; +} + // --------------------------------------------------- class CryptoNoneKeyHandler : public CryptoKeyHandler { diff --git a/src/auth/Crypto.h b/src/auth/Crypto.h index 2a1731046c5..57b7cc3a32e 100644 --- a/src/auth/Crypto.h +++ b/src/auth/Crypto.h @@ -104,6 +104,7 @@ public: const in_slice_t& in, const out_slice_t& out) const; + sha256_digest_t hmac_sha256(const in_slice_t& in) const; sha256_digest_t hmac_sha256(const ceph::bufferlist& in) const; }; @@ -210,6 +211,11 @@ public: return ckh->hmac_sha256(in); } + sha256_digest_t hmac_sha256(CephContext *cct, const in_slice_t& in) const { + ceph_assert(ckh); + return ckh->hmac_sha256(in); + } + static constexpr std::size_t get_max_outbuf_size(std::size_t want_size) { return want_size + CryptoKeyHandler::MAX_BLOCK_SIZE; } diff --git a/src/test/crypto.cc b/src/test/crypto.cc index 72ef5f73f43..f712905c3d6 100644 --- a/src/test/crypto.cc +++ b/src/test/crypto.cc @@ -588,6 +588,58 @@ TEST(AES256KRB5, DecryptNoBl) { } } +TEST(AES256KRB5, HMAC_SHA256) { + auto h = g_ceph_context->get_crypto_manager()->get_handler(CEPH_CRYPTO_AES256KRB5); + + unsigned char secret_s[] = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, + 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff }; + bufferptr secret((const char *)secret_s, sizeof(secret_s)); + std::string plaintext = "blablabla"; + + std::string error; + + std::unique_ptr kh(h->get_key_handler(secret, error)); + + bufferlist bl; + bl.append((const char *)plaintext.c_str(), plaintext.size()); + auto hash = kh->hmac_sha256(bl); + + dump_buf("HMAC_SHA256:", (const unsigned char *)&hash, sizeof(hash)); + + unsigned char expected_s[] = { 0x42, 0xc7, 0x02, 0x7e, 0x8b, 0xe0, 0x6d, 0xca, + 0x2c, 0x0b, 0x44, 0x43, 0x73, 0xfe, 0xfd, 0xbe, + 0xac, 0x5b, 0x40, 0x34, 0xec, 0xa4, 0x4a, 0x69, + 0xde, 0x3a, 0x29, 0x16, 0x34, 0xed, 0x8d, 0xf9 }; + + + ASSERT_EQ(0, memcmp(expected_s, (const char *)&hash, sizeof(hash))); +} + +TEST(AES256KRB5, HMAC_SHA256_NoBl) { + auto h = g_ceph_context->get_crypto_manager()->get_handler(CEPH_CRYPTO_AES256KRB5); + + unsigned char secret_s[] = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, + 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff }; + bufferptr secret((const char *)secret_s, sizeof(secret_s)); + std::string plaintext = "testing1234blablabla"; + + std::string error; + + std::unique_ptr kh(h->get_key_handler(secret, error)); + + CryptoKey::in_slice_t plaintext_slice { plaintext.size(), (const unsigned char *)plaintext.c_str() }; + auto hash = kh->hmac_sha256(plaintext_slice); + + dump_buf("HMAC_SHA256:", (const unsigned char *)&hash, sizeof(hash)); + + unsigned char expected_s[] = { 0x4b, 0xd3, 0xac, 0x39, 0x4a, 0xcc, 0x97, 0x06, + 0xdd, 0x09, 0xe6, 0x5c, 0x68, 0xad, 0xd4, 0xcf, + 0x09, 0x2c, 0xcd, 0xa1, 0xe7, 0x99, 0xe3, 0x5c, + 0x52, 0x73, 0x85, 0xbd, 0x79, 0x73, 0xc6, 0x98 }; + + ASSERT_EQ(0, memcmp(expected_s, (const char *)&hash, sizeof(hash))); +} + static void aes256krb5_loop(const std::size_t text_size) { cipher_loop(text_size, CEPH_CRYPTO_AES256KRB5, 32); } -- 2.39.5