diff options
| author | J. Bruce Fields <bfields@fieldses.org> | 2005-10-13 16:55:13 -0400 |
|---|---|---|
| committer | Trond Myklebust <Trond.Myklebust@netapp.com> | 2005-10-19 02:19:46 -0400 |
| commit | 14ae162c24d985593d5b19437d7f3d8fd0062b59 (patch) | |
| tree | 750fbc08e6a6e0cb00bfad7c871144a757ac43de /net/sunrpc/auth_gss/gss_krb5_crypto.c | |
| parent | bfa91516b57483fc9c81d8d90325fd2c3c16ac48 (diff) | |
RPCSEC_GSS: Add support for privacy to krb5 rpcsec_gss mechanism.
Add support for privacy to the krb5 rpcsec_gss mechanism.
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Diffstat (limited to 'net/sunrpc/auth_gss/gss_krb5_crypto.c')
| -rw-r--r-- | net/sunrpc/auth_gss/gss_krb5_crypto.c | 156 |
1 files changed, 154 insertions, 2 deletions
diff --git a/net/sunrpc/auth_gss/gss_krb5_crypto.c b/net/sunrpc/auth_gss/gss_krb5_crypto.c index 2baf93f8b8f5..3f3d5437f02d 100644 --- a/net/sunrpc/auth_gss/gss_krb5_crypto.c +++ b/net/sunrpc/auth_gss/gss_krb5_crypto.c | |||
| @@ -218,7 +218,7 @@ checksummer(struct scatterlist *sg, void *data) | |||
| 218 | /* checksum the plaintext data and hdrlen bytes of the token header */ | 218 | /* checksum the plaintext data and hdrlen bytes of the token header */ |
| 219 | s32 | 219 | s32 |
| 220 | make_checksum(s32 cksumtype, char *header, int hdrlen, struct xdr_buf *body, | 220 | make_checksum(s32 cksumtype, char *header, int hdrlen, struct xdr_buf *body, |
| 221 | struct xdr_netobj *cksum) | 221 | int body_offset, struct xdr_netobj *cksum) |
| 222 | { | 222 | { |
| 223 | char *cksumname; | 223 | char *cksumname; |
| 224 | struct crypto_tfm *tfm = NULL; /* XXX add to ctx? */ | 224 | struct crypto_tfm *tfm = NULL; /* XXX add to ctx? */ |
| @@ -243,7 +243,8 @@ make_checksum(s32 cksumtype, char *header, int hdrlen, struct xdr_buf *body, | |||
| 243 | crypto_digest_init(tfm); | 243 | crypto_digest_init(tfm); |
| 244 | buf_to_sg(sg, header, hdrlen); | 244 | buf_to_sg(sg, header, hdrlen); |
| 245 | crypto_digest_update(tfm, sg, 1); | 245 | crypto_digest_update(tfm, sg, 1); |
| 246 | process_xdr_buf(body, 0, body->len, checksummer, tfm); | 246 | process_xdr_buf(body, body_offset, body->len - body_offset, |
| 247 | checksummer, tfm); | ||
| 247 | crypto_digest_final(tfm, cksum->data); | 248 | crypto_digest_final(tfm, cksum->data); |
| 248 | code = 0; | 249 | code = 0; |
| 249 | out: | 250 | out: |
| @@ -252,3 +253,154 @@ out: | |||
| 252 | } | 253 | } |
| 253 | 254 | ||
| 254 | EXPORT_SYMBOL(make_checksum); | 255 | EXPORT_SYMBOL(make_checksum); |
| 256 | |||
| 257 | struct encryptor_desc { | ||
| 258 | u8 iv[8]; /* XXX hard-coded blocksize */ | ||
| 259 | struct crypto_tfm *tfm; | ||
| 260 | int pos; | ||
| 261 | struct xdr_buf *outbuf; | ||
| 262 | struct page **pages; | ||
| 263 | struct scatterlist infrags[4]; | ||
| 264 | struct scatterlist outfrags[4]; | ||
| 265 | int fragno; | ||
| 266 | int fraglen; | ||
| 267 | }; | ||
| 268 | |||
| 269 | static int | ||
| 270 | encryptor(struct scatterlist *sg, void *data) | ||
| 271 | { | ||
| 272 | struct encryptor_desc *desc = data; | ||
| 273 | struct xdr_buf *outbuf = desc->outbuf; | ||
| 274 | struct page *in_page; | ||
| 275 | int thislen = desc->fraglen + sg->length; | ||
| 276 | int fraglen, ret; | ||
| 277 | int page_pos; | ||
| 278 | |||
| 279 | /* Worst case is 4 fragments: head, end of page 1, start | ||
| 280 | * of page 2, tail. Anything more is a bug. */ | ||
| 281 | BUG_ON(desc->fragno > 3); | ||
| 282 | desc->infrags[desc->fragno] = *sg; | ||
| 283 | desc->outfrags[desc->fragno] = *sg; | ||
| 284 | |||
| 285 | page_pos = desc->pos - outbuf->head[0].iov_len; | ||
| 286 | if (page_pos >= 0 && page_pos < outbuf->page_len) { | ||
| 287 | /* pages are not in place: */ | ||
| 288 | int i = (page_pos + outbuf->page_base) >> PAGE_CACHE_SHIFT; | ||
| 289 | in_page = desc->pages[i]; | ||
| 290 | } else { | ||
| 291 | in_page = sg->page; | ||
| 292 | } | ||
| 293 | desc->infrags[desc->fragno].page = in_page; | ||
| 294 | desc->fragno++; | ||
| 295 | desc->fraglen += sg->length; | ||
| 296 | desc->pos += sg->length; | ||
| 297 | |||
| 298 | fraglen = thislen & 7; /* XXX hardcoded blocksize */ | ||
| 299 | thislen -= fraglen; | ||
| 300 | |||
| 301 | if (thislen == 0) | ||
| 302 | return 0; | ||
| 303 | |||
| 304 | ret = crypto_cipher_encrypt_iv(desc->tfm, desc->outfrags, desc->infrags, | ||
| 305 | thislen, desc->iv); | ||
| 306 | if (ret) | ||
| 307 | return ret; | ||
| 308 | if (fraglen) { | ||
| 309 | desc->outfrags[0].page = sg->page; | ||
| 310 | desc->outfrags[0].offset = sg->offset + sg->length - fraglen; | ||
| 311 | desc->outfrags[0].length = fraglen; | ||
| 312 | desc->infrags[0] = desc->outfrags[0]; | ||
| 313 | desc->infrags[0].page = in_page; | ||
| 314 | desc->fragno = 1; | ||
| 315 | desc->fraglen = fraglen; | ||
| 316 | } else { | ||
| 317 | desc->fragno = 0; | ||
| 318 | desc->fraglen = 0; | ||
| 319 | } | ||
| 320 | return 0; | ||
| 321 | } | ||
| 322 | |||
| 323 | int | ||
| 324 | gss_encrypt_xdr_buf(struct crypto_tfm *tfm, struct xdr_buf *buf, int offset, | ||
| 325 | struct page **pages) | ||
| 326 | { | ||
| 327 | int ret; | ||
| 328 | struct encryptor_desc desc; | ||
| 329 | |||
| 330 | BUG_ON((buf->len - offset) % crypto_tfm_alg_blocksize(tfm) != 0); | ||
| 331 | |||
| 332 | memset(desc.iv, 0, sizeof(desc.iv)); | ||
| 333 | desc.tfm = tfm; | ||
| 334 | desc.pos = offset; | ||
| 335 | desc.outbuf = buf; | ||
| 336 | desc.pages = pages; | ||
| 337 | desc.fragno = 0; | ||
| 338 | desc.fraglen = 0; | ||
| 339 | |||
| 340 | ret = process_xdr_buf(buf, offset, buf->len - offset, encryptor, &desc); | ||
| 341 | return ret; | ||
| 342 | } | ||
| 343 | |||
| 344 | EXPORT_SYMBOL(gss_encrypt_xdr_buf); | ||
| 345 | |||
| 346 | struct decryptor_desc { | ||
| 347 | u8 iv[8]; /* XXX hard-coded blocksize */ | ||
| 348 | struct crypto_tfm *tfm; | ||
| 349 | struct scatterlist frags[4]; | ||
| 350 | int fragno; | ||
| 351 | int fraglen; | ||
| 352 | }; | ||
| 353 | |||
| 354 | static int | ||
| 355 | decryptor(struct scatterlist *sg, void *data) | ||
| 356 | { | ||
| 357 | struct decryptor_desc *desc = data; | ||
| 358 | int thislen = desc->fraglen + sg->length; | ||
| 359 | int fraglen, ret; | ||
| 360 | |||
| 361 | /* Worst case is 4 fragments: head, end of page 1, start | ||
| 362 | * of page 2, tail. Anything more is a bug. */ | ||
| 363 | BUG_ON(desc->fragno > 3); | ||
| 364 | desc->frags[desc->fragno] = *sg; | ||
| 365 | desc->fragno++; | ||
| 366 | desc->fraglen += sg->length; | ||
| 367 | |||
| 368 | fraglen = thislen & 7; /* XXX hardcoded blocksize */ | ||
| 369 | thislen -= fraglen; | ||
| 370 | |||
| 371 | if (thislen == 0) | ||
| 372 | return 0; | ||
| 373 | |||
| 374 | ret = crypto_cipher_decrypt_iv(desc->tfm, desc->frags, desc->frags, | ||
| 375 | thislen, desc->iv); | ||
| 376 | if (ret) | ||
| 377 | return ret; | ||
| 378 | if (fraglen) { | ||
| 379 | desc->frags[0].page = sg->page; | ||
| 380 | desc->frags[0].offset = sg->offset + sg->length - fraglen; | ||
| 381 | desc->frags[0].length = fraglen; | ||
| 382 | desc->fragno = 1; | ||
| 383 | desc->fraglen = fraglen; | ||
| 384 | } else { | ||
| 385 | desc->fragno = 0; | ||
| 386 | desc->fraglen = 0; | ||
| 387 | } | ||
| 388 | return 0; | ||
| 389 | } | ||
| 390 | |||
| 391 | int | ||
| 392 | gss_decrypt_xdr_buf(struct crypto_tfm *tfm, struct xdr_buf *buf, int offset) | ||
| 393 | { | ||
| 394 | struct decryptor_desc desc; | ||
| 395 | |||
| 396 | /* XXXJBF: */ | ||
| 397 | BUG_ON((buf->len - offset) % crypto_tfm_alg_blocksize(tfm) != 0); | ||
| 398 | |||
| 399 | memset(desc.iv, 0, sizeof(desc.iv)); | ||
| 400 | desc.tfm = tfm; | ||
| 401 | desc.fragno = 0; | ||
| 402 | desc.fraglen = 0; | ||
| 403 | return process_xdr_buf(buf, offset, buf->len - offset, decryptor, &desc); | ||
| 404 | } | ||
| 405 | |||
| 406 | EXPORT_SYMBOL(gss_decrypt_xdr_buf); | ||