From caf65b063ef43c2c51f0a476a01a6e23fdfa7fa9 Mon Sep 17 00:00:00 2001 From: Ricardo Dias Date: Fri, 16 Nov 2018 17:17:03 +0000 Subject: [PATCH] cephx: add sign bufferlist method Signed-off-by: Ricardo Dias --- src/auth/AuthSessionHandler.h | 11 ++++++---- src/auth/cephx/CephxSessionHandler.cc | 30 +++++++++++++++++++++++---- src/auth/cephx/CephxSessionHandler.h | 10 +++++---- 3 files changed, 39 insertions(+), 12 deletions(-) diff --git a/src/auth/AuthSessionHandler.h b/src/auth/AuthSessionHandler.h index 6689f03052a09..8c58aaa89efbb 100644 --- a/src/auth/AuthSessionHandler.h +++ b/src/auth/AuthSessionHandler.h @@ -1,4 +1,4 @@ -// -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*- +// -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*- // vim: ts=8 sw=2 smarttab /* * Ceph - scalable distributed file system @@ -7,9 +7,9 @@ * * This is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public - * License version 2.1, as published by the Free Software + * License version 2.1, as published by the Free Software * Foundation. See file COPYING. - * + * */ @@ -35,7 +35,7 @@ protected: public: explicit AuthSessionHandler(CephContext *cct_) : cct(cct_), protocol(CEPH_AUTH_UNKNOWN) {} - AuthSessionHandler(CephContext *cct_, int protocol_, CryptoKey key_) : cct(cct_), + AuthSessionHandler(CephContext *cct_, int protocol_, CryptoKey key_) : cct(cct_), protocol(protocol_), key(key_) {} virtual ~AuthSessionHandler() { } @@ -44,6 +44,9 @@ public: virtual int check_message_signature(Message *message) = 0; virtual int encrypt_message(Message *message) = 0; virtual int decrypt_message(Message *message) = 0; + virtual int sign_bufferlist(bufferlist &in, bufferlist &out) { + return 0; + }; int get_protocol() {return protocol;} CryptoKey get_key() {return key;} diff --git a/src/auth/cephx/CephxSessionHandler.cc b/src/auth/cephx/CephxSessionHandler.cc index 802b93cda52de..f931ac4447a59 100644 --- a/src/auth/cephx/CephxSessionHandler.cc +++ b/src/auth/cephx/CephxSessionHandler.cc @@ -1,4 +1,4 @@ -// -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*- +// -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*- // vim: ts=8 sw=2 smarttab /* * Ceph - scalable distributed file system @@ -7,9 +7,9 @@ * * This is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public - * License version 2.1, as published by the Free Software + * License version 2.1, as published by the Free Software * Foundation. See file COPYING. - * + * */ #include "CephxSessionHandler.h" @@ -21,7 +21,7 @@ #include "common/config.h" #include "include/ceph_features.h" #include "msg/Message.h" - + #define dout_subsys ceph_subsys_auth int CephxSessionHandler::_calc_signature(Message *m, uint64_t *psig) @@ -181,3 +181,25 @@ int CephxSessionHandler::check_message_signature(Message *m) return 0; } +int CephxSessionHandler::sign_bufferlist(bufferlist &in, bufferlist &out) +{ + char exp_buf[CryptoKey::get_max_outbuf_size(in.length())]; + + try { + const CryptoKey::in_slice_t sin{in.length(), + reinterpret_cast(in.c_str())}; + const CryptoKey::out_slice_t sout{ + sizeof(exp_buf), + reinterpret_cast(&exp_buf)}; + key.encrypt(cct, sin, sout); + } + catch (std::exception &e) { + lderr(cct) << __func__ << " failed to encrypt signature block" << dendl; + return -1; + } + + + out.append(exp_buf, sizeof(exp_buf)); + + return 0; +} diff --git a/src/auth/cephx/CephxSessionHandler.h b/src/auth/cephx/CephxSessionHandler.h index 6a19630bffecb..35930f34676a8 100644 --- a/src/auth/cephx/CephxSessionHandler.h +++ b/src/auth/cephx/CephxSessionHandler.h @@ -1,4 +1,4 @@ -// -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*- +// -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*- // vim: ts=8 sw=2 smarttab /* * Ceph - scalable distributed file system @@ -7,9 +7,9 @@ * * This is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public - * License version 2.1, as published by the Free Software + * License version 2.1, as published by the Free Software * Foundation. See file COPYING. - * + * */ @@ -27,7 +27,7 @@ public: : AuthSessionHandler(cct_, CEPH_AUTH_CEPHX, session_key), features(features) {} ~CephxSessionHandler() override {} - + bool no_security() override { return false; } @@ -37,6 +37,8 @@ public: int sign_message(Message *m) override; int check_message_signature(Message *m) override ; + int sign_bufferlist(bufferlist &in, bufferlist &out) override; + // Cephx does not currently encrypt messages, so just return 0 if called. PLR int encrypt_message(Message *m) override { -- 2.39.5