]>
Commit | Line | Data |
---|---|---|
7c673cae FG |
1 | // -*- mode:C; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*- |
2 | // vim: ts=8 sw=2 smarttab | |
3 | /* | |
4 | * Ceph - scalable distributed file system | |
5 | * | |
6 | * Copyright (C) 2004-2009 Sage Weil <sage@newdream.net> | |
7 | * | |
8 | * This is free software; you can redistribute it and/or | |
9 | * modify it under the terms of the GNU Lesser General Public | |
10 | * License version 2.1, as published by the Free Software | |
11 | * Foundation. See file COPYING. | |
12 | * | |
13 | */ | |
14 | ||
15 | #ifndef CEPH_AUTH_CRYPTO_H | |
16 | #define CEPH_AUTH_CRYPTO_H | |
17 | ||
18 | #include "include/types.h" | |
19 | #include "include/utime.h" | |
20 | #include "include/memory.h" | |
21 | #include "include/buffer.h" | |
22 | ||
23 | #include <string> | |
24 | ||
25 | class CephContext; | |
26 | class CryptoKeyContext; | |
27 | namespace ceph { class Formatter; } | |
28 | ||
29 | ||
30 | /* | |
31 | * some per-key context that is specific to a particular crypto backend | |
32 | */ | |
33 | class CryptoKeyHandler { | |
34 | public: | |
35 | bufferptr secret; | |
36 | ||
37 | virtual ~CryptoKeyHandler() {} | |
38 | ||
39 | virtual int encrypt(const bufferlist& in, | |
40 | bufferlist& out, std::string *error) const = 0; | |
41 | virtual int decrypt(const bufferlist& in, | |
42 | bufferlist& out, std::string *error) const = 0; | |
43 | }; | |
44 | ||
45 | /* | |
46 | * match encoding of struct ceph_secret | |
47 | */ | |
48 | class CryptoKey { | |
49 | protected: | |
50 | __u16 type; | |
51 | utime_t created; | |
52 | bufferptr secret; // must set this via set_secret()! | |
53 | ||
54 | // cache a pointer to the implementation-specific key handler, so we | |
55 | // don't have to create it for every crypto operation. | |
56 | mutable ceph::shared_ptr<CryptoKeyHandler> ckh; | |
57 | ||
58 | int _set_secret(int type, const bufferptr& s); | |
59 | ||
60 | public: | |
61 | CryptoKey() : type(0) { } | |
62 | CryptoKey(int t, utime_t c, bufferptr& s) | |
63 | : created(c) { | |
64 | _set_secret(t, s); | |
65 | } | |
66 | ~CryptoKey() { | |
67 | } | |
68 | ||
69 | void encode(bufferlist& bl) const; | |
70 | void decode(bufferlist::iterator& bl); | |
71 | ||
72 | int get_type() const { return type; } | |
73 | utime_t get_created() const { return created; } | |
74 | void print(std::ostream& out) const; | |
75 | ||
76 | int set_secret(int type, const bufferptr& s, utime_t created); | |
77 | const bufferptr& get_secret() { return secret; } | |
78 | const bufferptr& get_secret() const { return secret; } | |
79 | ||
80 | void encode_base64(string& s) const { | |
81 | bufferlist bl; | |
82 | encode(bl); | |
83 | bufferlist e; | |
84 | bl.encode_base64(e); | |
85 | e.append('\0'); | |
86 | s = e.c_str(); | |
87 | } | |
88 | string encode_base64() const { | |
89 | string s; | |
90 | encode_base64(s); | |
91 | return s; | |
92 | } | |
93 | void decode_base64(const string& s) { | |
94 | bufferlist e; | |
95 | e.append(s); | |
96 | bufferlist bl; | |
97 | bl.decode_base64(e); | |
98 | bufferlist::iterator p = bl.begin(); | |
99 | decode(p); | |
100 | } | |
101 | ||
102 | void encode_formatted(string label, Formatter *f, bufferlist &bl); | |
103 | void encode_plaintext(bufferlist &bl); | |
104 | ||
105 | // -- | |
106 | int create(CephContext *cct, int type); | |
107 | int encrypt(CephContext *cct, const bufferlist& in, bufferlist& out, | |
108 | std::string *error) const { | |
109 | assert(ckh); // Bad key? | |
110 | return ckh->encrypt(in, out, error); | |
111 | } | |
112 | int decrypt(CephContext *cct, const bufferlist& in, bufferlist& out, | |
113 | std::string *error) const { | |
114 | assert(ckh); // Bad key? | |
115 | return ckh->decrypt(in, out, error); | |
116 | } | |
117 | ||
118 | void to_str(std::string& s) const; | |
119 | }; | |
120 | WRITE_CLASS_ENCODER(CryptoKey) | |
121 | ||
122 | static inline ostream& operator<<(ostream& out, const CryptoKey& k) | |
123 | { | |
124 | k.print(out); | |
125 | return out; | |
126 | } | |
127 | ||
128 | ||
129 | /* | |
130 | * Driver for a particular algorithm | |
131 | * | |
132 | * To use these functions, you need to call ceph::crypto::init(), see | |
133 | * common/ceph_crypto.h. common_init_finish does this for you. | |
134 | */ | |
135 | class CryptoHandler { | |
136 | public: | |
137 | virtual ~CryptoHandler() {} | |
138 | virtual int get_type() const = 0; | |
139 | virtual int create(bufferptr& secret) = 0; | |
140 | virtual int validate_secret(const bufferptr& secret) = 0; | |
141 | virtual CryptoKeyHandler *get_key_handler(const bufferptr& secret, | |
142 | string& error) = 0; | |
143 | ||
144 | static CryptoHandler *create(int type); | |
145 | }; | |
146 | ||
147 | extern int get_random_bytes(char *buf, int len); | |
148 | extern uint64_t get_random(uint64_t min_val, uint64_t max_val); | |
149 | ||
150 | #endif |