]>
git.proxmox.com Git - ceph.git/blob - ceph/src/auth/Crypto.h
1 // -*- mode:C; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
2 // vim: ts=8 sw=2 smarttab
4 * Ceph - scalable distributed file system
6 * Copyright (C) 2004-2009 Sage Weil <sage@newdream.net>
8 * This is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public
10 * License version 2.1, as published by the Free Software
11 * Foundation. See file COPYING.
15 #ifndef CEPH_AUTH_CRYPTO_H
16 #define CEPH_AUTH_CRYPTO_H
18 #include "include/types.h"
19 #include "include/utime.h"
20 #include "include/buffer.h"
25 class CryptoKeyContext
;
26 namespace ceph
{ class Formatter
; }
29 * Random byte stream generator suitable for cryptographic use
34 CryptoRandom(); // throws on failure
37 /// copy up to 256 random bytes into the given buffer. throws on failure
38 void get_bytes(char *buf
, int len
);
42 * some per-key context that is specific to a particular crypto backend
44 class CryptoKeyHandler
{
46 // The maximum size of a single block for all descendants of the class.
47 static constexpr std::size_t MAX_BLOCK_SIZE
{16};
49 // A descendant pick-ups one from these and passes it to the ctor template.
50 typedef std::integral_constant
<std::size_t, 0> BLOCK_SIZE_0B
;
51 typedef std::integral_constant
<std::size_t, 16> BLOCK_SIZE_16B
;
54 const std::size_t length
;
55 const unsigned char* const buf
;
59 const std::size_t max_length
;
60 unsigned char* const buf
;
63 ceph::bufferptr secret
;
65 template <class BlockSizeT
>
66 CryptoKeyHandler(BlockSizeT
) {
67 static_assert(BlockSizeT::value
<= MAX_BLOCK_SIZE
);
70 virtual ~CryptoKeyHandler() {}
72 virtual int encrypt(const bufferlist
& in
,
73 bufferlist
& out
, std::string
*error
) const = 0;
74 virtual int decrypt(const bufferlist
& in
,
75 bufferlist
& out
, std::string
*error
) const = 0;
77 // TODO: provide nullptr in the out::buf to get/estimate size requirements?
78 // Or maybe dedicated methods?
79 virtual std::size_t encrypt(const in_slice_t
& in
,
80 const out_slice_t
& out
) const;
81 virtual std::size_t decrypt(const in_slice_t
& in
,
82 const out_slice_t
& out
) const;
84 sha256_digest_t
hmac_sha256(const ceph::bufferlist
& in
) const;
88 * match encoding of struct ceph_secret
94 bufferptr secret
; // must set this via set_secret()!
96 // cache a pointer to the implementation-specific key handler, so we
97 // don't have to create it for every crypto operation.
98 mutable std::shared_ptr
<CryptoKeyHandler
> ckh
;
100 int _set_secret(int type
, const bufferptr
& s
);
103 CryptoKey() : type(0) { }
104 CryptoKey(int t
, utime_t c
, bufferptr
& s
)
111 void encode(bufferlist
& bl
) const;
112 void decode(bufferlist::const_iterator
& bl
);
114 int get_type() const { return type
; }
115 utime_t
get_created() const { return created
; }
116 void print(std::ostream
& out
) const;
118 int set_secret(int type
, const bufferptr
& s
, utime_t created
);
119 const bufferptr
& get_secret() { return secret
; }
120 const bufferptr
& get_secret() const { return secret
; }
122 bool empty() const { return ckh
.get() == nullptr; }
124 void encode_base64(string
& s
) const {
132 string
encode_base64() const {
137 void decode_base64(const string
& s
) {
142 auto p
= std::cbegin(bl
);
146 void encode_formatted(string label
, Formatter
*f
, bufferlist
&bl
);
147 void encode_plaintext(bufferlist
&bl
);
150 int create(CephContext
*cct
, int type
);
151 int encrypt(CephContext
*cct
, const bufferlist
& in
, bufferlist
& out
,
152 std::string
*error
) const {
153 ceph_assert(ckh
); // Bad key?
154 return ckh
->encrypt(in
, out
, error
);
156 int decrypt(CephContext
*cct
, const bufferlist
& in
, bufferlist
& out
,
157 std::string
*error
) const {
158 ceph_assert(ckh
); // Bad key?
159 return ckh
->decrypt(in
, out
, error
);
162 using in_slice_t
= CryptoKeyHandler::in_slice_t
;
163 using out_slice_t
= CryptoKeyHandler::out_slice_t
;
165 std::size_t encrypt(CephContext
*, const in_slice_t
& in
,
166 const out_slice_t
& out
) {
168 return ckh
->encrypt(in
, out
);
170 std::size_t decrypt(CephContext
*, const in_slice_t
& in
,
171 const out_slice_t
& out
) {
173 return ckh
->encrypt(in
, out
);
176 sha256_digest_t
hmac_sha256(CephContext
*, const ceph::bufferlist
& in
) {
178 return ckh
->hmac_sha256(in
);
181 static constexpr std::size_t get_max_outbuf_size(std::size_t want_size
) {
182 return want_size
+ CryptoKeyHandler::MAX_BLOCK_SIZE
;
185 void to_str(std::string
& s
) const;
187 WRITE_CLASS_ENCODER(CryptoKey
)
189 static inline ostream
& operator<<(ostream
& out
, const CryptoKey
& k
)
197 * Driver for a particular algorithm
199 * To use these functions, you need to call ceph::crypto::init(), see
200 * common/ceph_crypto.h. common_init_finish does this for you.
202 class CryptoHandler
{
204 virtual ~CryptoHandler() {}
205 virtual int get_type() const = 0;
206 virtual int create(CryptoRandom
*random
, bufferptr
& secret
) = 0;
207 virtual int validate_secret(const bufferptr
& secret
) = 0;
208 virtual CryptoKeyHandler
*get_key_handler(const bufferptr
& secret
,
211 static CryptoHandler
*create(int type
);