@@ -29,42 +29,88 @@ int CephxSessionHandler::_calc_signature(Message *m, uint64_t *psig)
2929 const ceph_msg_header& header = m->get_header ();
3030 const ceph_msg_footer& footer = m->get_footer ();
3131
32- // optimized signature calculation
33- // - avoid temporary allocated buffers from encode_encrypt[_enc_bl]
34- // - skip the leading 4 byte wrapper from encode_encrypt
35- struct {
36- __u8 v;
37- __le64 magic;
38- __le32 len;
39- __le32 header_crc;
40- __le32 front_crc;
41- __le32 middle_crc;
42- __le32 data_crc;
43- } __attribute__ ((packed)) sigblock = {
44- 1 , mswab (AUTH_ENC_MAGIC), mswab<uint32_t >(4 *4 ),
45- mswab<uint32_t >(header.crc ), mswab<uint32_t >(footer.front_crc ),
46- mswab<uint32_t >(footer.middle_crc ), mswab<uint32_t >(footer.data_crc )
47- };
48-
49- char exp_buf[CryptoKey::get_max_outbuf_size (sizeof (sigblock ))];
50-
51- try {
52- const CryptoKey::in_slice_t in {
53- sizeof (sigblock ),
54- reinterpret_cast <const unsigned char *>(&sigblock )
32+ if (!HAVE_FEATURE (features, CEPHX_V2)) {
33+ // legacy pre-mimic behavior for compatibility
34+
35+ // optimized signature calculation
36+ // - avoid temporary allocated buffers from encode_encrypt[_enc_bl]
37+ // - skip the leading 4 byte wrapper from encode_encrypt
38+ struct {
39+ __u8 v;
40+ __le64 magic;
41+ __le32 len;
42+ __le32 header_crc;
43+ __le32 front_crc;
44+ __le32 middle_crc;
45+ __le32 data_crc;
46+ } __attribute__ ((packed)) sigblock = {
47+ 1 , mswab (AUTH_ENC_MAGIC), mswab<uint32_t >(4 *4 ),
48+ mswab<uint32_t >(header.crc ), mswab<uint32_t >(footer.front_crc ),
49+ mswab<uint32_t >(footer.middle_crc ), mswab<uint32_t >(footer.data_crc )
5550 };
56- const CryptoKey::out_slice_t out {
57- sizeof (exp_buf),
58- reinterpret_cast <unsigned char *>(&exp_buf)
51+
52+ char exp_buf[CryptoKey::get_max_outbuf_size (sizeof (sigblock ))];
53+
54+ try {
55+ const CryptoKey::in_slice_t in {
56+ sizeof (sigblock ),
57+ reinterpret_cast <const unsigned char *>(&sigblock )
58+ };
59+ const CryptoKey::out_slice_t out {
60+ sizeof (exp_buf),
61+ reinterpret_cast <unsigned char *>(&exp_buf)
62+ };
63+ key.encrypt (cct, in, out);
64+ } catch (std::exception & e) {
65+ lderr (cct) << __func__ << " failed to encrypt signature block" << dendl;
66+ return -1 ;
67+ }
68+
69+ *psig = *reinterpret_cast <__le64*>(exp_buf);
70+ } else {
71+ // newer mimic+ signatures
72+ struct {
73+ __le32 header_crc;
74+ __le32 front_crc;
75+ __le32 front_len;
76+ __le32 middle_crc;
77+ __le32 middle_len;
78+ __le32 data_crc;
79+ __le32 data_len;
80+ __le32 seq_lower_word;
81+ } __attribute__ ((packed)) sigblock = {
82+ mswab<uint32_t >(header.crc ),
83+ mswab<uint32_t >(footer.front_crc ),
84+ mswab<uint32_t >(header.front_len ),
85+ mswab<uint32_t >(footer.middle_crc ),
86+ mswab<uint32_t >(header.middle_len ),
87+ mswab<uint32_t >(footer.data_crc ),
88+ mswab<uint32_t >(header.data_len ),
89+ mswab<uint32_t >(header.seq )
5990 };
6091
61- key.encrypt (cct, in, out);
62- } catch (std::exception & e) {
63- lderr (cct) << __func__ << " failed to encrypt signature block" << dendl;
64- return -1 ;
65- }
92+ char exp_buf[CryptoKey::get_max_outbuf_size (sizeof (sigblock ))];
93+
94+ try {
95+ const CryptoKey::in_slice_t in {
96+ sizeof (sigblock ),
97+ reinterpret_cast <const unsigned char *>(&sigblock )
98+ };
99+ const CryptoKey::out_slice_t out {
100+ sizeof (exp_buf),
101+ reinterpret_cast <unsigned char *>(&exp_buf)
102+ };
103+ key.encrypt (cct, in, out);
104+ } catch (std::exception & e) {
105+ lderr (cct) << __func__ << " failed to encrypt signature block" << dendl;
106+ return -1 ;
107+ }
66108
67- *psig = *reinterpret_cast <__le64*>(exp_buf);
109+ struct enc {
110+ __le64 a, b, c, d;
111+ } *penc = reinterpret_cast <enc*>(exp_buf);
112+ *psig = penc->a ^ penc->b ^ penc->c ^ penc->d ;
113+ }
68114
69115 ldout (cct, 10 ) << __func__ << " seq " << m->get_seq ()
70116 << " front_crc_ = " << footer.front_crc
0 commit comments