--- /dev/null
+// -*- mode:C; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
+// vim: ts=8 sw=2 smarttab
+/*
+ * Ceph - scalable distributed file system
+ *
+ * Copyright (C) 2004-2009 Sage Weil <sage@newdream.net>
+ *
+ * This is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License version 2.1, as published by the Free Software
+ * Foundation. See file COPYING.
+ *
+ */
+
+#ifndef CEPH_AUTH_CRYPTO_H
+#define CEPH_AUTH_CRYPTO_H
+
+#include "include/types.h"
+#include "include/utime.h"
+#include "include/memory.h"
+#include "include/buffer.h"
+
+#include <string>
+
+class CephContext;
+class CryptoKeyContext;
+namespace ceph { class Formatter; }
+
+
+/*
+ * some per-key context that is specific to a particular crypto backend
+ */
+class CryptoKeyHandler {
+public:
+ bufferptr secret;
+
+ virtual ~CryptoKeyHandler() {}
+
+ virtual int encrypt(const bufferlist& in,
+ bufferlist& out, std::string *error) const = 0;
+ virtual int decrypt(const bufferlist& in,
+ bufferlist& out, std::string *error) const = 0;
+};
+
+/*
+ * match encoding of struct ceph_secret
+ */
+class CryptoKey {
+protected:
+ __u16 type;
+ utime_t created;
+ bufferptr secret; // must set this via set_secret()!
+
+ // cache a pointer to the implementation-specific key handler, so we
+ // don't have to create it for every crypto operation.
+ mutable ceph::shared_ptr<CryptoKeyHandler> ckh;
+
+ int _set_secret(int type, const bufferptr& s);
+
+public:
+ CryptoKey() : type(0) { }
+ CryptoKey(int t, utime_t c, bufferptr& s)
+ : created(c) {
+ _set_secret(t, s);
+ }
+ ~CryptoKey() {
+ }
+
+ void encode(bufferlist& bl) const;
+ void decode(bufferlist::iterator& bl);
+
+ int get_type() const { return type; }
+ utime_t get_created() const { return created; }
+ void print(std::ostream& out) const;
+
+ int set_secret(int type, const bufferptr& s, utime_t created);
+ const bufferptr& get_secret() { return secret; }
+ const bufferptr& get_secret() const { return secret; }
+
+ void encode_base64(string& s) const {
+ bufferlist bl;
+ encode(bl);
+ bufferlist e;
+ bl.encode_base64(e);
+ e.append('\0');
+ s = e.c_str();
+ }
+ string encode_base64() const {
+ string s;
+ encode_base64(s);
+ return s;
+ }
+ void decode_base64(const string& s) {
+ bufferlist e;
+ e.append(s);
+ bufferlist bl;
+ bl.decode_base64(e);
+ bufferlist::iterator p = bl.begin();
+ decode(p);
+ }
+
+ void encode_formatted(string label, Formatter *f, bufferlist &bl);
+ void encode_plaintext(bufferlist &bl);
+
+ // --
+ int create(CephContext *cct, int type);
+ int encrypt(CephContext *cct, const bufferlist& in, bufferlist& out,
+ std::string *error) const {
+ assert(ckh); // Bad key?
+ return ckh->encrypt(in, out, error);
+ }
+ int decrypt(CephContext *cct, const bufferlist& in, bufferlist& out,
+ std::string *error) const {
+ assert(ckh); // Bad key?
+ return ckh->decrypt(in, out, error);
+ }
+
+ void to_str(std::string& s) const;
+};
+WRITE_CLASS_ENCODER(CryptoKey)
+
+static inline ostream& operator<<(ostream& out, const CryptoKey& k)
+{
+ k.print(out);
+ return out;
+}
+
+
+/*
+ * Driver for a particular algorithm
+ *
+ * To use these functions, you need to call ceph::crypto::init(), see
+ * common/ceph_crypto.h. common_init_finish does this for you.
+ */
+class CryptoHandler {
+public:
+ virtual ~CryptoHandler() {}
+ virtual int get_type() const = 0;
+ virtual int create(bufferptr& secret) = 0;
+ virtual int validate_secret(const bufferptr& secret) = 0;
+ virtual CryptoKeyHandler *get_key_handler(const bufferptr& secret,
+ string& error) = 0;
+
+ static CryptoHandler *create(int type);
+};
+
+extern int get_random_bytes(char *buf, int len);
+extern uint64_t get_random(uint64_t min_val, uint64_t max_val);
+
+#endif