Skip to content

Commit 8f396cf

Browse files
committed
auth/cephx/CephxSessionHandler: implement CEPHX_V2 calculation mode
Derive the signature from the entire buffer (both cipher blocks). Signed-off-by: Sage Weil <sage@redhat.com>
1 parent d672a7a commit 8f396cf

File tree

1 file changed

+78
-32
lines changed

1 file changed

+78
-32
lines changed

Diff for: src/auth/cephx/CephxSessionHandler.cc

+78-32
Original file line numberDiff line numberDiff line change
@@ -29,42 +29,88 @@ int CephxSessionHandler::_calc_signature(Message *m, uint64_t *psig)
2929
const ceph_msg_header& header = m->get_header();
3030
const ceph_msg_footer& footer = m->get_footer();
3131

32-
// optimized signature calculation
33-
// - avoid temporary allocated buffers from encode_encrypt[_enc_bl]
34-
// - skip the leading 4 byte wrapper from encode_encrypt
35-
struct {
36-
__u8 v;
37-
__le64 magic;
38-
__le32 len;
39-
__le32 header_crc;
40-
__le32 front_crc;
41-
__le32 middle_crc;
42-
__le32 data_crc;
43-
} __attribute__ ((packed)) sigblock = {
44-
1, mswab(AUTH_ENC_MAGIC), mswab<uint32_t>(4*4),
45-
mswab<uint32_t>(header.crc), mswab<uint32_t>(footer.front_crc),
46-
mswab<uint32_t>(footer.middle_crc), mswab<uint32_t>(footer.data_crc)
47-
};
48-
49-
char exp_buf[CryptoKey::get_max_outbuf_size(sizeof(sigblock))];
50-
51-
try {
52-
const CryptoKey::in_slice_t in {
53-
sizeof(sigblock),
54-
reinterpret_cast<const unsigned char*>(&sigblock)
32+
if (!HAVE_FEATURE(features, CEPHX_V2)) {
33+
// legacy pre-mimic behavior for compatibility
34+
35+
// optimized signature calculation
36+
// - avoid temporary allocated buffers from encode_encrypt[_enc_bl]
37+
// - skip the leading 4 byte wrapper from encode_encrypt
38+
struct {
39+
__u8 v;
40+
__le64 magic;
41+
__le32 len;
42+
__le32 header_crc;
43+
__le32 front_crc;
44+
__le32 middle_crc;
45+
__le32 data_crc;
46+
} __attribute__ ((packed)) sigblock = {
47+
1, mswab(AUTH_ENC_MAGIC), mswab<uint32_t>(4*4),
48+
mswab<uint32_t>(header.crc), mswab<uint32_t>(footer.front_crc),
49+
mswab<uint32_t>(footer.middle_crc), mswab<uint32_t>(footer.data_crc)
5550
};
56-
const CryptoKey::out_slice_t out {
57-
sizeof(exp_buf),
58-
reinterpret_cast<unsigned char*>(&exp_buf)
51+
52+
char exp_buf[CryptoKey::get_max_outbuf_size(sizeof(sigblock))];
53+
54+
try {
55+
const CryptoKey::in_slice_t in {
56+
sizeof(sigblock),
57+
reinterpret_cast<const unsigned char*>(&sigblock)
58+
};
59+
const CryptoKey::out_slice_t out {
60+
sizeof(exp_buf),
61+
reinterpret_cast<unsigned char*>(&exp_buf)
62+
};
63+
key.encrypt(cct, in, out);
64+
} catch (std::exception& e) {
65+
lderr(cct) << __func__ << " failed to encrypt signature block" << dendl;
66+
return -1;
67+
}
68+
69+
*psig = *reinterpret_cast<__le64*>(exp_buf);
70+
} else {
71+
// newer mimic+ signatures
72+
struct {
73+
__le32 header_crc;
74+
__le32 front_crc;
75+
__le32 front_len;
76+
__le32 middle_crc;
77+
__le32 middle_len;
78+
__le32 data_crc;
79+
__le32 data_len;
80+
__le32 seq_lower_word;
81+
} __attribute__ ((packed)) sigblock = {
82+
mswab<uint32_t>(header.crc),
83+
mswab<uint32_t>(footer.front_crc),
84+
mswab<uint32_t>(header.front_len),
85+
mswab<uint32_t>(footer.middle_crc),
86+
mswab<uint32_t>(header.middle_len),
87+
mswab<uint32_t>(footer.data_crc),
88+
mswab<uint32_t>(header.data_len),
89+
mswab<uint32_t>(header.seq)
5990
};
6091

61-
key.encrypt(cct, in, out);
62-
} catch (std::exception& e) {
63-
lderr(cct) << __func__ << " failed to encrypt signature block" << dendl;
64-
return -1;
65-
}
92+
char exp_buf[CryptoKey::get_max_outbuf_size(sizeof(sigblock))];
93+
94+
try {
95+
const CryptoKey::in_slice_t in {
96+
sizeof(sigblock),
97+
reinterpret_cast<const unsigned char*>(&sigblock)
98+
};
99+
const CryptoKey::out_slice_t out {
100+
sizeof(exp_buf),
101+
reinterpret_cast<unsigned char*>(&exp_buf)
102+
};
103+
key.encrypt(cct, in, out);
104+
} catch (std::exception& e) {
105+
lderr(cct) << __func__ << " failed to encrypt signature block" << dendl;
106+
return -1;
107+
}
66108

67-
*psig = *reinterpret_cast<__le64*>(exp_buf);
109+
struct enc {
110+
__le64 a, b, c, d;
111+
} *penc = reinterpret_cast<enc*>(exp_buf);
112+
*psig = penc->a ^ penc->b ^ penc->c ^ penc->d;
113+
}
68114

69115
ldout(cct, 10) << __func__ << " seq " << m->get_seq()
70116
<< " front_crc_ = " << footer.front_crc

0 commit comments

Comments
 (0)