diff options
Diffstat (limited to 'net/rxrpc/rxkad.c')
-rw-r--r-- | net/rxrpc/rxkad.c | 41 |
1 files changed, 21 insertions, 20 deletions
diff --git a/net/rxrpc/rxkad.c b/net/rxrpc/rxkad.c index acec76292c01..713ac593e2e9 100644 --- a/net/rxrpc/rxkad.c +++ b/net/rxrpc/rxkad.c | |||
@@ -18,6 +18,7 @@ | |||
18 | #include <linux/ctype.h> | 18 | #include <linux/ctype.h> |
19 | #include <net/sock.h> | 19 | #include <net/sock.h> |
20 | #include <net/af_rxrpc.h> | 20 | #include <net/af_rxrpc.h> |
21 | #include <keys/rxrpc-type.h> | ||
21 | #define rxrpc_debug rxkad_debug | 22 | #define rxrpc_debug rxkad_debug |
22 | #include "ar-internal.h" | 23 | #include "ar-internal.h" |
23 | 24 | ||
@@ -59,14 +60,14 @@ static DEFINE_MUTEX(rxkad_ci_mutex); | |||
59 | */ | 60 | */ |
60 | static int rxkad_init_connection_security(struct rxrpc_connection *conn) | 61 | static int rxkad_init_connection_security(struct rxrpc_connection *conn) |
61 | { | 62 | { |
62 | struct rxrpc_key_payload *payload; | ||
63 | struct crypto_blkcipher *ci; | 63 | struct crypto_blkcipher *ci; |
64 | struct rxrpc_key_token *token; | ||
64 | int ret; | 65 | int ret; |
65 | 66 | ||
66 | _enter("{%d},{%x}", conn->debug_id, key_serial(conn->key)); | 67 | _enter("{%d},{%x}", conn->debug_id, key_serial(conn->key)); |
67 | 68 | ||
68 | payload = conn->key->payload.data; | 69 | token = conn->key->payload.data; |
69 | conn->security_ix = payload->k.security_index; | 70 | conn->security_ix = token->security_index; |
70 | 71 | ||
71 | ci = crypto_alloc_blkcipher("pcbc(fcrypt)", 0, CRYPTO_ALG_ASYNC); | 72 | ci = crypto_alloc_blkcipher("pcbc(fcrypt)", 0, CRYPTO_ALG_ASYNC); |
72 | if (IS_ERR(ci)) { | 73 | if (IS_ERR(ci)) { |
@@ -75,8 +76,8 @@ static int rxkad_init_connection_security(struct rxrpc_connection *conn) | |||
75 | goto error; | 76 | goto error; |
76 | } | 77 | } |
77 | 78 | ||
78 | if (crypto_blkcipher_setkey(ci, payload->k.session_key, | 79 | if (crypto_blkcipher_setkey(ci, token->kad->session_key, |
79 | sizeof(payload->k.session_key)) < 0) | 80 | sizeof(token->kad->session_key)) < 0) |
80 | BUG(); | 81 | BUG(); |
81 | 82 | ||
82 | switch (conn->security_level) { | 83 | switch (conn->security_level) { |
@@ -110,7 +111,7 @@ error: | |||
110 | */ | 111 | */ |
111 | static void rxkad_prime_packet_security(struct rxrpc_connection *conn) | 112 | static void rxkad_prime_packet_security(struct rxrpc_connection *conn) |
112 | { | 113 | { |
113 | struct rxrpc_key_payload *payload; | 114 | struct rxrpc_key_token *token; |
114 | struct blkcipher_desc desc; | 115 | struct blkcipher_desc desc; |
115 | struct scatterlist sg[2]; | 116 | struct scatterlist sg[2]; |
116 | struct rxrpc_crypt iv; | 117 | struct rxrpc_crypt iv; |
@@ -123,8 +124,8 @@ static void rxkad_prime_packet_security(struct rxrpc_connection *conn) | |||
123 | if (!conn->key) | 124 | if (!conn->key) |
124 | return; | 125 | return; |
125 | 126 | ||
126 | payload = conn->key->payload.data; | 127 | token = conn->key->payload.data; |
127 | memcpy(&iv, payload->k.session_key, sizeof(iv)); | 128 | memcpy(&iv, token->kad->session_key, sizeof(iv)); |
128 | 129 | ||
129 | desc.tfm = conn->cipher; | 130 | desc.tfm = conn->cipher; |
130 | desc.info = iv.x; | 131 | desc.info = iv.x; |
@@ -197,7 +198,7 @@ static int rxkad_secure_packet_encrypt(const struct rxrpc_call *call, | |||
197 | u32 data_size, | 198 | u32 data_size, |
198 | void *sechdr) | 199 | void *sechdr) |
199 | { | 200 | { |
200 | const struct rxrpc_key_payload *payload; | 201 | const struct rxrpc_key_token *token; |
201 | struct rxkad_level2_hdr rxkhdr | 202 | struct rxkad_level2_hdr rxkhdr |
202 | __attribute__((aligned(8))); /* must be all on one page */ | 203 | __attribute__((aligned(8))); /* must be all on one page */ |
203 | struct rxrpc_skb_priv *sp; | 204 | struct rxrpc_skb_priv *sp; |
@@ -219,8 +220,8 @@ static int rxkad_secure_packet_encrypt(const struct rxrpc_call *call, | |||
219 | rxkhdr.checksum = 0; | 220 | rxkhdr.checksum = 0; |
220 | 221 | ||
221 | /* encrypt from the session key */ | 222 | /* encrypt from the session key */ |
222 | payload = call->conn->key->payload.data; | 223 | token = call->conn->key->payload.data; |
223 | memcpy(&iv, payload->k.session_key, sizeof(iv)); | 224 | memcpy(&iv, token->kad->session_key, sizeof(iv)); |
224 | desc.tfm = call->conn->cipher; | 225 | desc.tfm = call->conn->cipher; |
225 | desc.info = iv.x; | 226 | desc.info = iv.x; |
226 | desc.flags = 0; | 227 | desc.flags = 0; |
@@ -400,7 +401,7 @@ static int rxkad_verify_packet_encrypt(const struct rxrpc_call *call, | |||
400 | struct sk_buff *skb, | 401 | struct sk_buff *skb, |
401 | u32 *_abort_code) | 402 | u32 *_abort_code) |
402 | { | 403 | { |
403 | const struct rxrpc_key_payload *payload; | 404 | const struct rxrpc_key_token *token; |
404 | struct rxkad_level2_hdr sechdr; | 405 | struct rxkad_level2_hdr sechdr; |
405 | struct rxrpc_skb_priv *sp; | 406 | struct rxrpc_skb_priv *sp; |
406 | struct blkcipher_desc desc; | 407 | struct blkcipher_desc desc; |
@@ -431,8 +432,8 @@ static int rxkad_verify_packet_encrypt(const struct rxrpc_call *call, | |||
431 | skb_to_sgvec(skb, sg, 0, skb->len); | 432 | skb_to_sgvec(skb, sg, 0, skb->len); |
432 | 433 | ||
433 | /* decrypt from the session key */ | 434 | /* decrypt from the session key */ |
434 | payload = call->conn->key->payload.data; | 435 | token = call->conn->key->payload.data; |
435 | memcpy(&iv, payload->k.session_key, sizeof(iv)); | 436 | memcpy(&iv, token->kad->session_key, sizeof(iv)); |
436 | desc.tfm = call->conn->cipher; | 437 | desc.tfm = call->conn->cipher; |
437 | desc.info = iv.x; | 438 | desc.info = iv.x; |
438 | desc.flags = 0; | 439 | desc.flags = 0; |
@@ -737,7 +738,7 @@ static int rxkad_respond_to_challenge(struct rxrpc_connection *conn, | |||
737 | struct sk_buff *skb, | 738 | struct sk_buff *skb, |
738 | u32 *_abort_code) | 739 | u32 *_abort_code) |
739 | { | 740 | { |
740 | const struct rxrpc_key_payload *payload; | 741 | const struct rxrpc_key_token *token; |
741 | struct rxkad_challenge challenge; | 742 | struct rxkad_challenge challenge; |
742 | struct rxkad_response resp | 743 | struct rxkad_response resp |
743 | __attribute__((aligned(8))); /* must be aligned for crypto */ | 744 | __attribute__((aligned(8))); /* must be aligned for crypto */ |
@@ -778,7 +779,7 @@ static int rxkad_respond_to_challenge(struct rxrpc_connection *conn, | |||
778 | if (conn->security_level < min_level) | 779 | if (conn->security_level < min_level) |
779 | goto protocol_error; | 780 | goto protocol_error; |
780 | 781 | ||
781 | payload = conn->key->payload.data; | 782 | token = conn->key->payload.data; |
782 | 783 | ||
783 | /* build the response packet */ | 784 | /* build the response packet */ |
784 | memset(&resp, 0, sizeof(resp)); | 785 | memset(&resp, 0, sizeof(resp)); |
@@ -797,13 +798,13 @@ static int rxkad_respond_to_challenge(struct rxrpc_connection *conn, | |||
797 | (conn->channels[3] ? conn->channels[3]->call_id : 0); | 798 | (conn->channels[3] ? conn->channels[3]->call_id : 0); |
798 | resp.encrypted.inc_nonce = htonl(nonce + 1); | 799 | resp.encrypted.inc_nonce = htonl(nonce + 1); |
799 | resp.encrypted.level = htonl(conn->security_level); | 800 | resp.encrypted.level = htonl(conn->security_level); |
800 | resp.kvno = htonl(payload->k.kvno); | 801 | resp.kvno = htonl(token->kad->kvno); |
801 | resp.ticket_len = htonl(payload->k.ticket_len); | 802 | resp.ticket_len = htonl(token->kad->ticket_len); |
802 | 803 | ||
803 | /* calculate the response checksum and then do the encryption */ | 804 | /* calculate the response checksum and then do the encryption */ |
804 | rxkad_calc_response_checksum(&resp); | 805 | rxkad_calc_response_checksum(&resp); |
805 | rxkad_encrypt_response(conn, &resp, &payload->k); | 806 | rxkad_encrypt_response(conn, &resp, token->kad); |
806 | return rxkad_send_response(conn, &sp->hdr, &resp, &payload->k); | 807 | return rxkad_send_response(conn, &sp->hdr, &resp, token->kad); |
807 | 808 | ||
808 | protocol_error: | 809 | protocol_error: |
809 | *_abort_code = abort_code; | 810 | *_abort_code = abort_code; |