msg/async, v2: authenticated onwire encryption and new preamble format

src/auth/Auth.h

@@ -170,10 +170,10 @@ struct AuthConnectionMeta {
 
   int con_mode = 0;  ///< negotiated mode
 
-  bool is_mode_crc() {
+  bool is_mode_crc() const {
     return con_mode == CEPH_CON_MODE_CRC;
   }
-  bool is_mode_secure() {
+  bool is_mode_secure() const {
     return con_mode == CEPH_CON_MODE_SECURE;
   }
 

src/auth/AuthSessionHandler.cc

@@ -21,13 +21,13 @@
 #include "none/AuthNoneSessionHandler.h"
 #include "unknown/AuthUnknownSessionHandler.h"
 
+#include "common/ceph_crypto.h"
 #define dout_subsys ceph_subsys_auth
 
 
 AuthSessionHandler *get_auth_session_handler(
   CephContext *cct, int protocol,
   const CryptoKey& key,
-  const std::string& connection_secret,
   uint64_t features)
 {
 
@@ -41,16 +41,17 @@ AuthSessionHandler *get_auth_session_handler(
     if (key.get_type() == CEPH_CRYPTO_NONE) {
       return nullptr;
     }
-    return new CephxSessionHandler(cct, key, connection_secret, features);
+    return new CephxSessionHandler(cct, key, features);
   case CEPH_AUTH_NONE:
-    return new AuthNoneSessionHandler(cct, key, connection_secret);
+    return new AuthNoneSessionHandler();
   case CEPH_AUTH_UNKNOWN:
-    return new AuthUnknownSessionHandler(cct, key, connection_secret);
+    return new AuthUnknownSessionHandler();
 #ifdef HAVE_GSSAPI
   case CEPH_AUTH_GSS: 
-    return new KrbSessionHandler(cct, key, connection_secret);
+    return new KrbSessionHandler();
 #endif
   default:
     return nullptr;
   }
 }
+

src/auth/AuthSessionHandler.h

@@ -27,49 +27,25 @@ class CephContext;
 class Message;
 
 struct AuthSessionHandler {
-protected:
-  CephContext *cct;
-  int protocol;
-  CryptoKey key;                  // per mon authentication
-  std::string connection_secret;  // per connection
-
-public:
-  explicit AuthSessionHandler(CephContext *cct_) : cct(cct_), protocol(CEPH_AUTH_UNKNOWN) {}
-
-  AuthSessionHandler(CephContext *cct_, int protocol_,
-		     const CryptoKey& key_,
-		     const std::string& cs_)
-    : cct(cct_),
-      protocol(protocol_),
-      key(key_),
-      connection_secret(cs_) {}
-  virtual ~AuthSessionHandler() { }
-
-  virtual bool no_security() = 0;
+  virtual ~AuthSessionHandler() = default;
   virtual int sign_message(Message *message) = 0;
   virtual int check_message_signature(Message *message) = 0;
-  virtual int encrypt_message(Message *message) = 0;
-  virtual int decrypt_message(Message *message) = 0;
+};
 
-  virtual int sign_bufferlist(bufferlist &in, bufferlist &out) {
-    return 0;
-  };
-  virtual int encrypt_bufferlist(bufferlist &in, bufferlist &out) {
+struct DummyAuthSessionHandler : AuthSessionHandler {
+  int sign_message(Message*) final {
     return 0;
   }
-  virtual int decrypt_bufferlist(bufferlist &in, bufferlist &out) {
+  int check_message_signature(Message*) final {
     return 0;
   }
-
-  int get_protocol() {return protocol;}
-  CryptoKey get_key() {return key;}
-
 };
 
+struct DecryptionError : public std::exception {};
+
 extern AuthSessionHandler *get_auth_session_handler(
   CephContext *cct, int protocol,
   const CryptoKey& key,
-  const std::string& connection_secret,
   uint64_t features);
 
 #endif

src/auth/cephx/CephxSessionHandler.cc

@@ -180,50 +180,3 @@ int CephxSessionHandler::check_message_signature(Message *m)
 
   return 0;
 }
-
-int CephxSessionHandler::sign_bufferlist(bufferlist &in, bufferlist &out)
-{
-  char exp_buf[CryptoKey::get_max_outbuf_size(in.length())];
-
-  try {
-    const CryptoKey::in_slice_t sin{in.length(),
-        reinterpret_cast<const unsigned char *>(in.c_str())};
-    const CryptoKey::out_slice_t sout{
-        sizeof(exp_buf),
-        reinterpret_cast<unsigned char *>(&exp_buf)};
-    key.encrypt(cct, sin, sout);
-  }
-  catch (std::exception &e) {
-    lderr(cct) << __func__ << " failed to encrypt signature block" << dendl;
-    return -1;
-  }
-
-
-  out.append(exp_buf, sizeof(exp_buf));
-
-  return 0;
-}
-
-int CephxSessionHandler::encrypt_bufferlist(bufferlist &in, bufferlist &out) {
-  std::string error;
-  try {
-#warning fixme key
-    key.encrypt(cct, in, out, &error);
-  } catch (std::exception &e) {
-    lderr(cct) << __func__ << " failed to encrypt buffer: " << error << dendl;
-    return -1;
-  }
-  return 0;
-}
-
-int CephxSessionHandler::decrypt_bufferlist(bufferlist &in, bufferlist &out) {
-  std::string error;
-  try {
-#warning fixme key
-    key.decrypt(cct, in, out, &error);
-  } catch (std::exception &e) {
-    lderr(cct) << __func__ << " failed to decrypt buffer: " << error << dendl;
-    return -1;
-  }
-  return 0;
-}

src/auth/cephx/CephxSessionHandler.h

@@ -20,39 +20,25 @@ class CephContext;
 class Message;
 
 class CephxSessionHandler  : public AuthSessionHandler {
+  CephContext *cct;
+  int protocol;
+  CryptoKey key;                // per mon authentication
   uint64_t features;
 
+  int _calc_signature(Message *m, uint64_t *psig);
+
 public:
-  CephxSessionHandler(CephContext *cct_,
+  CephxSessionHandler(CephContext *cct,
 		      const CryptoKey& session_key,
-		      const std::string& connection_secret,
-		      uint64_t features)
-    : AuthSessionHandler(cct_, CEPH_AUTH_CEPHX, session_key, connection_secret),
-      features(features) {}
-  ~CephxSessionHandler() override {}
-
-  bool no_security() override {
-    return false;
+		      const uint64_t features)
+    : cct(cct),
+      protocol(CEPH_AUTH_CEPHX),
+      key(session_key),
+      features(features) {
   }
-
-  int _calc_signature(Message *m, uint64_t *psig);
+  ~CephxSessionHandler() override = default;
 
   int sign_message(Message *m) override;
   int check_message_signature(Message *m) override ;
-
-  int sign_bufferlist(bufferlist &in, bufferlist &out) override;
-  int encrypt_bufferlist(bufferlist &in, bufferlist &out) override;
-  int decrypt_bufferlist(bufferlist &in, bufferlist &out) override;
-
-  // Cephx does not currently encrypt messages, so just return 0 if called.  PLR
-
-  int encrypt_message(Message *m) override {
-    return 0;
-  }
-
-  int decrypt_message(Message *m) override {
-    return 0;
-  }
-
 };
 

src/auth/krb/KrbSessionHandler.hpp

@@ -29,27 +29,7 @@
 
 #define dout_subsys ceph_subsys_auth
 
-
-class CephContext;
-class Message;
-
-class KrbSessionHandler : public AuthSessionHandler {
-
-  public:
-    KrbSessionHandler(CephContext* ceph_ctx,
-		      const CryptoKey& session_key,
-		      const std::string& connection_secret) :
-      AuthSessionHandler(ceph_ctx, CEPH_AUTH_GSS, session_key,
-			 connection_secret) { }
-    ~KrbSessionHandler() override = default; 
-
-    bool no_security() override { return true; }
-    int sign_message(Message* msg) override { return 0; }
-    int check_message_signature(Message* msg) override { return 0; }
-    int encrypt_message(Message* msg) override { return 0; }
-    int decrypt_message(Message* msg) override { return 0; }
-
-  private:
+struct KrbSessionHandler : DummyAuthSessionHandler {
 };
 
 #endif    //-- KRB_SESSION_HANDLER_HPP

src/auth/none/AuthNoneSessionHandler.h

@@ -13,40 +13,7 @@
  */
 
 #include "auth/AuthSessionHandler.h"
-#include "msg/Message.h"
-
-class CephContext;
-
-class AuthNoneSessionHandler  : public AuthSessionHandler {
-public:
-  AuthNoneSessionHandler(CephContext *cct_,
-			 const CryptoKey& session_key,
-			 const std::string& connection_secret)
-    : AuthSessionHandler(cct_, CEPH_AUTH_NONE, session_key, connection_secret) {}
-  ~AuthNoneSessionHandler() override {}
-
-  bool no_security() override {
-    return true;
-  }
-
-  // The None suite neither signs nor encrypts messages, so these functions just return success.
-  // Since nothing was signed or encrypted, don't increment the stats.  PLR
-
-  int sign_message(Message *m) override {
-    return 0;
-  }
-
-  int check_message_signature(Message *m) override {
-    return 0;
-  }
-
-  int encrypt_message(Message *m) override {
-    return 0;
-  }
-
-  int decrypt_message(Message *m) override {
-    return 0;
-  }
 
+struct AuthNoneSessionHandler : DummyAuthSessionHandler {
 };
 

src/auth/unknown/AuthUnknownSessionHandler.h

@@ -13,43 +13,7 @@
  */
 
 #include "auth/AuthSessionHandler.h"
-#include "msg/Message.h"
-
-#define dout_subsys ceph_subsys_auth
-
-class CephContext;
-
-class AuthUnknownSessionHandler  : public AuthSessionHandler {
-public:
-  AuthUnknownSessionHandler(CephContext *cct_,
-			    const CryptoKey& session_key,
-			    const std::string& connection_secret)
-    : AuthSessionHandler(cct_, CEPH_AUTH_UNKNOWN,
-			 session_key, connection_secret) {}
-  ~AuthUnknownSessionHandler() override {}
-
-  bool no_security() override {
-    return true;
-  }
-
-  // The Unknown suite neither signs nor encrypts messages, so these functions just return success.
-  // Since nothing was signed or encrypted, don't increment the stats.  PLR
-
-  int sign_message(Message *m) override {
-    return 0;
-  }
-
-  int check_message_signature(Message *m) override {
-    return 0;
-  }
-
-  int encrypt_message(Message *m) override {
-    return 0;
-  }
-
-  int decrypt_message(Message *m) override {
-    return 0;
-  }
 
+struct AuthUnknownSessionHandler : DummyAuthSessionHandler {
 };
 

src/common/ceph_strings.cc

@@ -17,6 +17,16 @@ const char *ceph_entity_type_name(int type)
 	}
 }
 
+const char *ceph_con_mode_name(int con_mode)
+{
+	switch (con_mode) {
+	case CEPH_CON_MODE_UNKNOWN: return "unknown";
+	case CEPH_CON_MODE_CRC: return "crc";
+	case CEPH_CON_MODE_SECURE: return "secure";
+	default: return "???";
+	}
+}
+
 const char *ceph_osd_op_name(int op)
 {
 	switch (op) {

src/crimson/net/SocketConnection.cc

@@ -710,14 +710,10 @@ SocketConnection::handle_connect_reply(msgr_tag_t tag)
         h.backoff = 0ms;
         set_features(h.reply.features & h.connect.features);
         if (h.authorizer) {
-          std::string connection_secret;  // this is not used here, we just need
-                                        // to make get_auth_session_handler
-                                        // call happy
           session_security.reset(
               get_auth_session_handler(nullptr,
                                        h.authorizer->protocol,
                                        h.authorizer->session_key,
-                                       connection_secret,
                                        features));
         }
         h.authorizer.reset();

src/include/buffer.h

@@ -883,9 +883,12 @@ inline namespace v14_2_0 {
       contiguous_filler(char* const pos) : pos(pos) {}
 
     public:
+      void advance(const unsigned len) {
+	pos += len;
+      }
       void copy_in(const unsigned len, const char* const src) {
 	memcpy(pos, src, len);
-	pos += len;
+	advance(len);
       }
       char* c_str() {
         return pos;

src/include/ceph_fs.h

@@ -78,6 +78,8 @@ struct ceph_dir_layout {
 #define CEPH_CON_MODE_CRC     0x1
 #define CEPH_CON_MODE_SECURE  0x2
 
+extern const char *ceph_con_mode_name(int con_mode);
+
 /*  For options with "_", like: GSS_GSS
     which means: Mode/Protocol to validate "authentication_authorization",
     where:

src/include/inline_memory.h

@@ -70,7 +70,10 @@ void *maybe_inline_memcpy(void *dest, const void *src, size_t l,
 
 #if defined(__GNUC__) && defined(__x86_64__)
 
+namespace ceph {
 typedef unsigned uint128_t __attribute__ ((mode (TI)));
+}
+using ceph::uint128_t;
 
 static inline bool mem_is_zero(const char *data, size_t len)
   __attribute__((always_inline));