+++ /dev/null
-// -*- mode:C; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
-// vim: ts=8 sw=2 smarttab
-/*
- * Ceph - scalable distributed file system
- *
- * Copyright (C) 2004-2009 Sage Weil <sage@newdream.net>
- *
- * This is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License version 2.1, as published by the Free Software
- * Foundation. See file COPYING.
- *
- */
-
-#ifndef CEPH_AUTH_CRYPTO_H
-#define CEPH_AUTH_CRYPTO_H
-
-#include "include/types.h"
-#include "include/utime.h"
-#include "include/memory.h"
-#include "include/buffer.h"
-
-#include <string>
-
-class CephContext;
-class CryptoKeyContext;
-namespace ceph { class Formatter; }
-
-
-/*
- * some per-key context that is specific to a particular crypto backend
- */
-class CryptoKeyHandler {
-public:
- bufferptr secret;
-
- virtual ~CryptoKeyHandler() {}
-
- virtual int encrypt(const bufferlist& in,
- bufferlist& out, std::string *error) const = 0;
- virtual int decrypt(const bufferlist& in,
- bufferlist& out, std::string *error) const = 0;
-};
-
-/*
- * match encoding of struct ceph_secret
- */
-class CryptoKey {
-protected:
- __u16 type;
- utime_t created;
- bufferptr secret; // must set this via set_secret()!
-
- // cache a pointer to the implementation-specific key handler, so we
- // don't have to create it for every crypto operation.
- mutable ceph::shared_ptr<CryptoKeyHandler> ckh;
-
- int _set_secret(int type, const bufferptr& s);
-
-public:
- CryptoKey() : type(0) { }
- CryptoKey(int t, utime_t c, bufferptr& s)
- : created(c) {
- _set_secret(t, s);
- }
- ~CryptoKey() {
- }
-
- void encode(bufferlist& bl) const;
- void decode(bufferlist::iterator& bl);
-
- int get_type() const { return type; }
- utime_t get_created() const { return created; }
- void print(std::ostream& out) const;
-
- int set_secret(int type, const bufferptr& s, utime_t created);
- const bufferptr& get_secret() { return secret; }
- const bufferptr& get_secret() const { return secret; }
-
- void encode_base64(string& s) const {
- bufferlist bl;
- encode(bl);
- bufferlist e;
- bl.encode_base64(e);
- e.append('\0');
- s = e.c_str();
- }
- string encode_base64() const {
- string s;
- encode_base64(s);
- return s;
- }
- void decode_base64(const string& s) {
- bufferlist e;
- e.append(s);
- bufferlist bl;
- bl.decode_base64(e);
- bufferlist::iterator p = bl.begin();
- decode(p);
- }
-
- void encode_formatted(string label, Formatter *f, bufferlist &bl);
- void encode_plaintext(bufferlist &bl);
-
- // --
- int create(CephContext *cct, int type);
- int encrypt(CephContext *cct, const bufferlist& in, bufferlist& out,
- std::string *error) const {
- assert(ckh); // Bad key?
- return ckh->encrypt(in, out, error);
- }
- int decrypt(CephContext *cct, const bufferlist& in, bufferlist& out,
- std::string *error) const {
- assert(ckh); // Bad key?
- return ckh->decrypt(in, out, error);
- }
-
- void to_str(std::string& s) const;
-};
-WRITE_CLASS_ENCODER(CryptoKey)
-
-static inline ostream& operator<<(ostream& out, const CryptoKey& k)
-{
- k.print(out);
- return out;
-}
-
-
-/*
- * Driver for a particular algorithm
- *
- * To use these functions, you need to call ceph::crypto::init(), see
- * common/ceph_crypto.h. common_init_finish does this for you.
- */
-class CryptoHandler {
-public:
- virtual ~CryptoHandler() {}
- virtual int get_type() const = 0;
- virtual int create(bufferptr& secret) = 0;
- virtual int validate_secret(const bufferptr& secret) = 0;
- virtual CryptoKeyHandler *get_key_handler(const bufferptr& secret,
- string& error) = 0;
-
- static CryptoHandler *create(int type);
-};
-
-extern int get_random_bytes(char *buf, int len);
-extern uint64_t get_random(uint64_t min_val, uint64_t max_val);
-
-#endif