1 files changed, 58 insertions, 0 deletions
diff --git a/net/ceph/auth_x.c b/net/ceph/auth_x.c
index 77f3885c16bc..15845814a0f2 100644
--- a/net/ceph/auth_x.c
+++ b/net/ceph/auth_x.c
@@ -8,6 +8,7 @@
 #include <linux/ceph/decode.h>
 #include <linux/ceph/auth.h>
+#include <linux/ceph/messenger.h>
 #include "crypto.h"
 #include "auth_x.h"
@@ -567,6 +568,8 @@ static int ceph_x_create_authorizer(
        auth->authorizer_buf_len = au->buf->vec.iov_len;
        auth->authorizer_reply_buf = au->reply_buf;
        auth->authorizer_reply_buf_len = sizeof (au->reply_buf);
+        auth->sign_message = ac->ops->sign_message;
+        auth->check_message_signature = ac->ops->check_message_signature;
        return 0;
 }
@@ -667,6 +670,59 @@ static void ceph_x_invalidate_authorizer(struct ceph_auth_client *ac,
                memset(&th->validity, 0, sizeof(th->validity));
 }
+static int calcu_signature(struct ceph_x_authorizer *au,
+                           struct ceph_msg *msg, __le64 *sig)
+{
+        int ret;
+        char tmp_enc[40];
+        __le32 tmp[5] = {
+                16u, msg->hdr.crc, msg->footer.front_crc,
+                msg->footer.middle_crc, msg->footer.data_crc,
+        };
+        ret = ceph_x_encrypt(&au->session_key, &tmp, sizeof(tmp),
+                             tmp_enc, sizeof(tmp_enc));
+        if (ret < 0)
+                return ret;
+        *sig = *(__le64*)(tmp_enc + 4);
+        return 0;
+}
+static int ceph_x_sign_message(struct ceph_auth_handshake *auth,
+                               struct ceph_msg *msg)
+{
+        int ret;
+        if (!auth->authorizer)
+                return 0;
+        ret = calcu_signature((struct ceph_x_authorizer *)auth->authorizer,
+                              msg, &msg->footer.sig);
+        if (ret < 0)
+                return ret;
+        msg->footer.flags |= CEPH_MSG_FOOTER_SIGNED;
+        return 0;
+}
+static int ceph_x_check_message_signature(struct ceph_auth_handshake *auth,
+                                          struct ceph_msg *msg)
+{
+        __le64 sig_check;
+        int ret;
+        if (!auth->authorizer)
+                return 0;
+        ret = calcu_signature((struct ceph_x_authorizer *)auth->authorizer,
+                              msg, &sig_check);
+        if (ret < 0)
+                return ret;
+        if (sig_check == msg->footer.sig)
+                return 0;
+        if (msg->footer.flags & CEPH_MSG_FOOTER_SIGNED)
+                dout("ceph_x_check_message_signature %p has signature %llx "
+                     "expect %llx\n", msg, msg->footer.sig, sig_check);
+        else
+                dout("ceph_x_check_message_signature %p sender did not set "
+                     "CEPH_MSG_FOOTER_SIGNED\n", msg);
+        return -EBADMSG;
+}
 static const struct ceph_auth_client_ops ceph_x_ops = {
        .name = "x",
@@ -681,6 +737,8 @@ static const struct ceph_auth_client_ops ceph_x_ops = {
        .invalidate_authorizer = ceph_x_invalidate_authorizer,
        .reset =  ceph_x_reset,
        .destroy = ceph_x_destroy,
+        .sign_message = ceph_x_sign_message,
+        .check_message_signature = ceph_x_check_message_signature,
 };

diff --git a/net/ceph/auth_x.c b/net/ceph/auth_x.c index 77f3885c16bc..15845814a0f2 100644 --- a/net/ceph/auth_x.c +++ b/net/ceph/auth_x.c
@@ -8,6 +8,7 @@
8		8
9	#include <linux/ceph/decode.h>	9	#include <linux/ceph/decode.h>
10	#include <linux/ceph/auth.h>	10	#include <linux/ceph/auth.h>
		11	#include <linux/ceph/messenger.h>
11		12
12	#include "crypto.h"	13	#include "crypto.h"
13	#include "auth_x.h"	14	#include "auth_x.h"
@@ -567,6 +568,8 @@ static int ceph_x_create_authorizer(
567	auth->authorizer_buf_len = au->buf->vec.iov_len;	568	auth->authorizer_buf_len = au->buf->vec.iov_len;
568	auth->authorizer_reply_buf = au->reply_buf;	569	auth->authorizer_reply_buf = au->reply_buf;
569	auth->authorizer_reply_buf_len = sizeof (au->reply_buf);	570	auth->authorizer_reply_buf_len = sizeof (au->reply_buf);
		571	auth->sign_message = ac->ops->sign_message;
		572	auth->check_message_signature = ac->ops->check_message_signature;
570		573
571	return 0;	574	return 0;
572	}	575	}
@@ -667,6 +670,59 @@ static void ceph_x_invalidate_authorizer(struct ceph_auth_client *ac,
667	memset(&th->validity, 0, sizeof(th->validity));	670	memset(&th->validity, 0, sizeof(th->validity));
668	}	671	}
669		672
		673	static int calcu_signature(struct ceph_x_authorizer *au,
		674	struct ceph_msg msg, __le64 sig)
		675	{
		676	int ret;
		677	char tmp_enc[40];
		678	__le32 tmp[5] = {
		679	16u, msg->hdr.crc, msg->footer.front_crc,
		680	msg->footer.middle_crc, msg->footer.data_crc,
		681	};
		682	ret = ceph_x_encrypt(&au->session_key, &tmp, sizeof(tmp),
		683	tmp_enc, sizeof(tmp_enc));
		684	if (ret < 0)
		685	return ret;
		686	sig = (__le64*)(tmp_enc + 4);
		687	return 0;
		688	}
		689
		690	static int ceph_x_sign_message(struct ceph_auth_handshake *auth,
		691	struct ceph_msg *msg)
		692	{
		693	int ret;
		694	if (!auth->authorizer)
		695	return 0;
		696	ret = calcu_signature((struct ceph_x_authorizer *)auth->authorizer,
		697	msg, &msg->footer.sig);
		698	if (ret < 0)
		699	return ret;
		700	msg->footer.flags \|= CEPH_MSG_FOOTER_SIGNED;
		701	return 0;
		702	}
		703
		704	static int ceph_x_check_message_signature(struct ceph_auth_handshake *auth,
		705	struct ceph_msg *msg)
		706	{
		707	__le64 sig_check;
		708	int ret;
		709
		710	if (!auth->authorizer)
		711	return 0;
		712	ret = calcu_signature((struct ceph_x_authorizer *)auth->authorizer,
		713	msg, &sig_check);
		714	if (ret < 0)
		715	return ret;
		716	if (sig_check == msg->footer.sig)
		717	return 0;
		718	if (msg->footer.flags & CEPH_MSG_FOOTER_SIGNED)
		719	dout("ceph_x_check_message_signature %p has signature %llx "
		720	"expect %llx\n", msg, msg->footer.sig, sig_check);
		721	else
		722	dout("ceph_x_check_message_signature %p sender did not set "
		723	"CEPH_MSG_FOOTER_SIGNED\n", msg);
		724	return -EBADMSG;
		725	}
670		726
671	static const struct ceph_auth_client_ops ceph_x_ops = {	727	static const struct ceph_auth_client_ops ceph_x_ops = {
672	.name = "x",	728	.name = "x",
@@ -681,6 +737,8 @@ static const struct ceph_auth_client_ops ceph_x_ops = {
681	.invalidate_authorizer = ceph_x_invalidate_authorizer,	737	.invalidate_authorizer = ceph_x_invalidate_authorizer,
682	.reset = ceph_x_reset,	738	.reset = ceph_x_reset,
683	.destroy = ceph_x_destroy,	739	.destroy = ceph_x_destroy,
		740	.sign_message = ceph_x_sign_message,
		741	.check_message_signature = ceph_x_check_message_signature,
684	};	742	};
685		743
686		744