]>
git.proxmox.com Git - ceph.git/blob - ceph/src/msg/async/crypto_onwire.h
1 // -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
2 // vim: ts=8 sw=2 smarttab
4 * Ceph - scalable distributed file system
6 * Copyright (C) 2004-2009 Sage Weil <sage@newdream.net>
8 * This is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public
10 * License version 2.1, as published by the Free Software
11 * Foundation. See file COPYING.
16 #ifndef CEPH_CRYPTO_ONWIRE_H
17 #define CEPH_CRYPTO_ONWIRE_H
22 #include "auth/Auth.h"
23 #include "include/buffer.h"
25 namespace ceph::math
{
29 class always_aligned_t
{
32 template <class... Args
>
33 always_aligned_t(Args
&&... args
)
34 : val(std::forward
<Args
>(args
)...) {
38 } // namespace ceph::math
40 namespace ceph::crypto::onwire
{
42 struct MsgAuthError
: public std::runtime_error
{
44 : runtime_error("message signature mismatch") {
48 struct TxHandlerError
: public std::runtime_error
{
49 TxHandlerError(const char* what
)
50 : std::runtime_error(std::string("tx handler error: ") + what
) {}
54 virtual ~TxHandler() = default;
56 virtual std::uint32_t calculate_segment_size(std::uint32_t size
) = 0;
58 // Instance of TxHandler must be reset before doing any encrypt-update
59 // step. This applies also to situation when encrypt-final was already
60 // called and another round of update-...-update-final will take place.
62 // The input parameter informs implementation how the -update sequence
63 // is fragmented and allows to make concious decision about allocation
64 // or reusage of provided memory. One implementation could do in-place
65 // encryption while other might prefer one huge output buffer.
67 // It's undefined what will happen if client doesn't follow the order.
69 // TODO: switch to always_aligned_t
70 virtual void reset_tx_handler(
71 std::initializer_list
<std::uint32_t> update_size_sequence
) = 0;
73 // Perform encryption. Client gives full ownership right to provided
74 // bufferlist. The method MUST NOT be called after _final() if there
75 // was no call to _reset().
76 virtual void authenticated_encrypt_update(
77 const ceph::bufferlist
& plaintext
) = 0;
79 // Generates authentication signature and returns bufferlist crafted
80 // basing on plaintext from preceding call to _update().
81 virtual ceph::bufferlist
authenticated_encrypt_final() = 0;
86 virtual ~RxHandler() = default;
88 // Transmitter can append extra bytes of ciphertext at the -final step.
89 // This method return how much was added, and thus let client translate
90 // plaintext size into ciphertext size to grab from wire.
91 virtual std::uint32_t get_extra_size_at_final() = 0;
93 // Instance of RxHandler must be reset before doing any decrypt-update
94 // step. This applies also to situation when decrypt-final was already
95 // called and another round of update-...-update-final will take place.
96 virtual void reset_rx_handler() = 0;
98 // Perform decryption ciphertext must be ALWAYS aligned to 16 bytes.
99 // TODO: switch to always_aligned_t
100 virtual ceph::bufferlist
authenticated_decrypt_update(
101 ceph::bufferlist
&& ciphertext
,
102 std::uint32_t alignment
) = 0;
104 // Perform decryption of last cipertext's portion and verify signature
105 // for overall decryption sequence.
106 // Throws on integrity/authenticity checks
107 virtual ceph::bufferlist
authenticated_decrypt_update_final(
108 ceph::bufferlist
&& ciphertext
,
109 std::uint32_t alignment
) = 0;
113 //rxtx_t(rxtx_t&& r) : rx(std::move(rx)), tx(std::move(tx)) {}
114 // Each peer can use different handlers.
115 // Hmm, isn't that too much flexbility?
116 std::unique_ptr
<RxHandler
> rx
;
117 std::unique_ptr
<TxHandler
> tx
;
119 static rxtx_t
create_handler_pair(
121 const class AuthConnectionMeta
& auth_meta
,
125 } // namespace ceph::crypto::onwire
127 #endif // CEPH_CRYPTO_ONWIRE_H