auth: work in progress

2025-01-01 08:32:24 +00:00 · 2009-08-19 14:02:49 -07:00 · 2009-08-19 14:02:49 -07:00 · 2d4556fd59
commit 2d4556fd59
parent 414e47d91a
4 changed files with 197 additions and 1 deletions
--- a/src/Makefile.am
+++ b/src/Makefile.am
@ -269,6 +269,7 @@ libcommon_a_SOURCES = \
 libcommon_files = \
 	auth/ExportControl.cc \
 	auth/AuthManager.cc \
+	auth/CryptoTools.cc \
 	common/LogClient.cc \
 	msg/Message.cc \
 	common/Logger.cc \
--- a/src/auth/AuthManager.cc
+++ b/src/auth/AuthManager.cc
@ -3,7 +3,7 @@
 /*
 * Ceph - scalable distributed file system
 *
- * Copyright (C) 2004-2006 Sage Weil <sage@newdream.net>
+ * Copyright (C) 2004-2009 Sage Weil <sage@newdream.net>
 *
 * This is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
--- a/src/auth/AuthTypes.h
+++ b/src/auth/AuthTypes.h
@ -0,0 +1,79 @@
+// -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*- 
+// vim: ts=8 sw=2 smarttab
+/*
+ * Ceph - scalable distributed file system
+ *
+ * Copyright (C) 2004-2009 Sage Weil <sage@newdream.net>
+ *
+ * This is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License version 2.1, as published by the Free Software 
+ * Foundation.  See file COPYING.
+ * 
+ */
+
+#ifndef __AUTHTYPES_H
+#define __AUTHTYPES_H
+
+#include "config.h"
+
+
+class EntitySecret {
+protected:
+  bufferlist secret;
+
+public:
+  void encode(bufferlist& bl) const {
+    ::encode(secret, bl);
+  }
+  void decode(bufferlist::iterator& bl) {
+    ::decode(secret, bl);
+  }
+
+  bufferlist& get_secret() { return secret; }
+};
+WRITE_CLASS_ENCODER(EntitySecret);
+
+class ServiceSecret : public EntitySecret {
+  utime_t created;
+
+public:
+  void encode(bufferlist& bl) const {
+    ::encode(secret, bl);
+    ::encode(created, bl);
+  }
+  void decode(bufferlist::iterator& bl) {
+    ::decode(secret, bl);
+    ::decode(created, bl);
+  }
+};
+WRITE_CLASS_ENCODER(ServiceSecret);
+
+struct EntityName {
+  uint32_t entity_type;
+  string name;
+
+  void encode(bufferlist& bl) const {
+    ::encode(entity_type, bl);
+    ::encode(name, bl);
+  }
+  void decode(bufferlist::iterator& bl) {
+    ::decode(entity_type, bl);
+    ::decode(name, bl);
+  }
+};
+WRITE_CLASS_ENCODER(EntityName);
+
+struct SessionKey {
+  bufferlist key;
+
+  void encode(bufferlist& bl) const {
+    ::encode(key, bl);
+  }
+  void decode(bufferlist::iterator& bl) {
+    ::decode(key, bl);
+  }
+};
+WRITE_CLASS_ENCODER(SessionKey);
+
+#endif
--- a/src/auth/CryptoTools.cc
+++ b/src/auth/CryptoTools.cc
@ -0,0 +1,116 @@
+// vim: ts=8 sw=2 smarttab
+/*
+ * Ceph - scalable distributed file system
+ *
+ * Copyright (C) 2004-2009 Sage Weil <sage@newdream.net>
+ *
+ * This is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License version 2.1, as published by the Free Software 
+ * Foundation.  See file COPYING.
+ * 
+ */
+
+#include "AuthTypes.h"
+#include "openssl/evp.h"
+
+#define CRYPTO_STUPID   0x0
+#define CRYPTO_AES      0x1
+
+
+class CryptoHandler {
+public:
+  virtual bool encrypt(EntitySecret& secret, bufferlist& in, bufferlist& out) = 0;
+  virtual bool decrypt(EntitySecret& secret, bufferlist& in, bufferlist& out) = 0;
+};
+
+class CryptoStupid : public CryptoHandler {
+public:
+  CryptoStupid() {}
+  ~CryptoStupid() {}
+  bool encrypt(EntitySecret& secret, bufferlist& in, bufferlist& out);
+  bool decrypt(EntitySecret& secret, bufferlist& in, bufferlist& out);
+};
+
+bool CryptoStupid::encrypt(EntitySecret& secret, bufferlist& in, bufferlist& out)
+{
+  bufferlist sec_bl = secret.get_secret();
+  const char *sec = sec_bl.c_str();
+  int sec_len = sec_bl.length();
+
+  int in_len = in.length();
+  bufferptr outptr(in_len);
+  out.append(outptr);
+  const char *inbuf = in.c_str();
+  char *outbuf = outptr.c_str();
+
+  for (int i=0; i<in_len; i++) {
+    outbuf[i] = inbuf[i] ^ sec[i % sec_len];
+  }
+
+  return true;
+}
+
+bool CryptoStupid::decrypt(EntitySecret& secret, bufferlist& in, bufferlist& out)
+{
+  return encrypt(secret, in, out);
+}
+
+#define AES_KEY_LEN     16
+
+class CryptoAES : public CryptoHandler {
+public:
+  CryptoStupid() {}
+  ~CryptoStupid() {}
+  bool encrypt(EntitySecret& secret, bufferlist& in, bufferlist& out);
+  bool decrypt(EntitySecret& secret, bufferlist& in, bufferlist& out);
+};
+
+static const unsigned char *aes_iv = "cephsageyudagreg";
+
+bool CryptoStupid::encrypt(EntitySecret& secret, bufferlist& in, bufferlist& out)
+{
+  bufferlist sec_bl = secret.get_secret();
+  int outlen, tmplen;
+  bufferptr outptr(outlen);
+
+  if (sec_bl.length() < AES_KEY_LEN)
+    return false;
+
+  const char *key = sec_bl.c_str();
+  char intext[] = "12345678901234567890123456789012";
+  EVP_CIPHER_CTX ctx;
+  FILE *out;
+  EVP_CIPHER_CTX_init(&ctx);
+  EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, aes_iv);
+
+  if(!EVP_EncryptUpdate(&ctx, outbuf, &outlen, intext, strlen(intext))) {
+    dout(0) << "EVP_EncryptUpdate error" << dendl;
+    return false;
+  }
+  if(!EVP_EncryptFinal_ex(&ctx, outbuf + outlen, &tmplen)) {
+    dout(0) << "EVP_EncryptFinal error" << dendl;
+    return false;
+  }
+
+  return true;
+}
+
+static CryptoStupid crypto_stupid;
+
+
+class CryptoManager {
+public:
+  CryptoHandler *get_crypto(int type);
+};
+
+
+CryptoHandler *CryptoManager::get_crypto(int type)
+{
+  switch (type) {
+    case CRYPTO_STUPID:
+      return &crypto_stupid;
+    default:
+      return NULL;
+  }
+}