From 95e5c5c228d2f88a395cc2d32d2f72c31fec4037 Mon Sep 17 00:00:00 2001 From: Yehuda Sadeh Date: Mon, 17 Mar 2025 03:57:21 -0400 Subject: [PATCH] auth: add usage param to crypto handler Allow different usage for crypto handler users. Currently being used in the crypto unitest to match the test vectors. Signed-off-by: Yehuda Sadeh (cherry picked from commit 1330335661604e50468c8a0adc8fc73a2ab79b49) --- src/auth/Crypto.cc | 24 +++++++++++++----------- src/auth/Crypto.h | 8 +++++++- src/test/crypto.cc | 4 ++-- 3 files changed, 22 insertions(+), 14 deletions(-) diff --git a/src/auth/Crypto.cc b/src/auth/Crypto.cc index cd1cc41920b..373021806ed 100644 --- a/src/auth/Crypto.cc +++ b/src/auth/Crypto.cc @@ -255,7 +255,7 @@ public: int validate_secret(const bufferptr& secret) override { return 0; } - CryptoKeyHandler *get_key_handler(const bufferptr& secret, string& error) override { + CryptoKeyHandler *get_key_handler_ext(const bufferptr& secret, uint32_t usage, string& error) override { return new CryptoNoneKeyHandler; } }; @@ -273,7 +273,7 @@ public: } int create(CryptoRandom *random, bufferptr& secret) override; int validate_secret(const bufferptr& secret) override; - CryptoKeyHandler *get_key_handler(const bufferptr& secret, string& error) override; + CryptoKeyHandler *get_key_handler_ext(const bufferptr& secret, uint32_t usage /* unused */, string& error) override; }; // when we say AES, we mean AES-128 @@ -477,8 +477,9 @@ int CryptoAES::validate_secret(const bufferptr& secret) return 0; } -CryptoKeyHandler *CryptoAES::get_key_handler(const bufferptr& secret, - string& error) +CryptoKeyHandler *CryptoAES::get_key_handler_ext(const bufferptr& secret, + uint32_t usage, + string& error) { CryptoAESKeyHandler *ckh = new CryptoAESKeyHandler; ostringstream oss; @@ -505,7 +506,7 @@ public: } int create(CryptoRandom *random, bufferptr& secret) override; int validate_secret(const bufferptr& secret) override; - CryptoKeyHandler *get_key_handler(const bufferptr& secret, string& error) override; + CryptoKeyHandler *get_key_handler_ext(const bufferptr& secret, uint32_t usage, string& error) override; }; static constexpr const std::size_t AES256KRB5_KEY_LEN{32}; @@ -717,11 +718,11 @@ public: using CryptoKeyHandler::encrypt; using CryptoKeyHandler::decrypt; - int init(const ceph::bufferptr& s, ostringstream& err) { + int init(const ceph::bufferptr& s, uint32_t usage, ostringstream& err) { cipher = EVP_CIPHER_fetch(NULL, "AES-256-CBC-CTS", NULL); secret = s; - int r = calc_kx(secret, 0x2 /* usage */, + int r = calc_kx(secret, usage, 0x55 /* Ki type */, AES256KRB5_HASH_LEN /* 192 bit */, ki, @@ -731,7 +732,7 @@ public: } ki_raw = reinterpret_cast(ki.c_str()); /* needed so that we can use ki in const methods */ - r = calc_kx(secret, 0x2 /* usage */, + r = calc_kx(secret, usage, 0xAA /* Ke type */, 32 /* 256 bit */, ke, @@ -902,12 +903,13 @@ int CryptoAES256KRB5::validate_secret(const bufferptr& secret) return 0; } -CryptoKeyHandler *CryptoAES256KRB5::get_key_handler(const bufferptr& secret, - string& error) +CryptoKeyHandler *CryptoAES256KRB5::get_key_handler_ext(const bufferptr& secret, + uint32_t usage, + string& error) { CryptoAES256KRB5KeyHandler *ckh = new CryptoAES256KRB5KeyHandler; ostringstream oss; - if (ckh->init(secret, oss) < 0) { + if (ckh->init(secret, usage, oss) < 0) { error = oss.str(); delete ckh; return NULL; diff --git a/src/auth/Crypto.h b/src/auth/Crypto.h index 1c62125e016..c771d6a94a2 100644 --- a/src/auth/Crypto.h +++ b/src/auth/Crypto.h @@ -227,8 +227,14 @@ public: virtual int get_type() const = 0; virtual int create(CryptoRandom *random, ceph::buffer::ptr& secret) = 0; virtual int validate_secret(const ceph::buffer::ptr& secret) = 0; + virtual CryptoKeyHandler *get_key_handler_ext(const ceph::buffer::ptr& secret, + uint32_t usage, + std::string& error) = 0; + virtual CryptoKeyHandler *get_key_handler(const ceph::buffer::ptr& secret, - std::string& error) = 0; + std::string& error) { + return get_key_handler_ext(secret, 0, error); + } static CryptoHandler *create(int type); }; diff --git a/src/test/crypto.cc b/src/test/crypto.cc index 7cb67ef6a8f..14fb46b1d71 100644 --- a/src/test/crypto.cc +++ b/src/test/crypto.cc @@ -376,7 +376,7 @@ TEST(AES256KRB5, Encrypt) { bufferlist cipher; std::string error; - CryptoKeyHandler *kh = h->get_key_handler(secret, error); + CryptoKeyHandler *kh = h->get_key_handler_ext(secret, 2, error); int r = kh->encrypt_ext(g_ceph_context, plaintext, &confounder, cipher, &error); ASSERT_EQ(r, 0); ASSERT_EQ(error, ""); @@ -423,7 +423,7 @@ TEST(AES256KRB5, Decrypt) { std::string error; bufferlist plaintext; - CryptoKeyHandler *kh = h->get_key_handler(secret, error); + CryptoKeyHandler *kh = h->get_key_handler_ext(secret, 2, error); int r = kh->decrypt(g_ceph_context, cipher, plaintext, &error); ASSERT_EQ(r, 0); ASSERT_EQ(error, ""); -- 2.39.5