xref: /kernel/linux/linux-5.10/net/ceph/auth_x.c

299 static int encrypt_authorizer(struct ceph_x_authorizer *au,
307 	msg_a = au->buf->vec.iov_base;
308 	WARN_ON(msg_a->ticket_blob.secret_id != cpu_to_le64(au->secret_id));
310 	end = au->buf->vec.iov_base + au->buf->vec.iov_len;
314 	msg_b->nonce = cpu_to_le64(au->nonce);
324 	ret = ceph_x_encrypt(&au->session_key, p, end - p, sizeof(*msg_b));
333 		au->buf->vec.iov_len = p - au->buf->vec.iov_base;
339 static void ceph_x_authorizer_cleanup(struct ceph_x_authorizer *au)
341 	ceph_crypto_key_destroy(&au->session_key);
342 	if (au->buf) {
343 		ceph_buffer_put(au->buf);
344 		au->buf = NULL;
350 				   struct ceph_x_authorizer *au)
360 	     ceph_entity_type_name(th->service), au);
362 	ceph_crypto_key_destroy(&au->session_key);
363 	ret = ceph_crypto_key_clone(&au->session_key, &th->session_key);
370 	if (au->buf && au->buf->alloc_len < maxlen) {
371 		ceph_buffer_put(au->buf);
372 		au->buf = NULL;
374 	if (!au->buf) {
375 		au->buf = ceph_buffer_new(maxlen, GFP_NOFS);
376 		if (!au->buf) {
381 	au->service = th->service;
382 	au->secret_id = th->secret_id;
384 	msg_a = au->buf->vec.iov_base;
398 	get_random_bytes(&au->nonce, sizeof(au->nonce));
399 	ret = encrypt_authorizer(au, NULL);
405 	dout(" built authorizer nonce %llx len %d\n", au->nonce,
406 	     (int)au->buf->vec.iov_len);
410 	ceph_x_authorizer_cleanup(au);
620 	struct ceph_x_authorizer *au = (void *)a;
622 	ceph_x_authorizer_cleanup(au);
623 	kfree(au);
630 	struct ceph_x_authorizer *au;
638 	au = kzalloc(sizeof(*au), GFP_NOFS);
639 	if (!au)
642 	au->base.destroy = ceph_x_destroy_authorizer;
644 	ret = ceph_x_build_authorizer(ac, th, au);
646 		kfree(au);
650 	auth->authorizer = (struct ceph_authorizer *) au;
651 	auth->authorizer_buf = au->buf->vec.iov_base;
652 	auth->authorizer_buf_len = au->buf->vec.iov_len;
653 	auth->authorizer_reply_buf = au->enc_buf;
665 	struct ceph_x_authorizer *au;
672 	au = (struct ceph_x_authorizer *)auth->authorizer;
673 	if (au->secret_id < th->secret_id) {
675 		     au->service, au->secret_id, th->secret_id);
676 		return ceph_x_build_authorizer(ac, th, au);
681 static int decrypt_authorize_challenge(struct ceph_x_authorizer *au,
691 	ret = __ceph_x_decrypt(&au->session_key, challenge_buf,
709 	struct ceph_x_authorizer *au = (void *)a;
713 	ret = decrypt_authorize_challenge(au, challenge_buf, challenge_buf_len,
720 	ret = encrypt_authorizer(au, &server_challenge);
732 	struct ceph_x_authorizer *au = (void *)a;
733 	void *p = au->enc_buf;
737 	ret = ceph_x_decrypt(&au->session_key, &p, p + CEPHX_AU_ENC_BUF_LEN);
745 	if (au->nonce + 1 != le64_to_cpu(reply->nonce_plus_one))
750 	     au->nonce, le64_to_cpu(reply->nonce_plus_one), ret);
805 static int calc_signature(struct ceph_x_authorizer *au, struct ceph_msg *msg,
808 	void *enc_buf = au->enc_buf;
826 		ret = ceph_x_encrypt(&au->session_key, enc_buf,
858 		ret = ceph_crypt(&au->session_key, true, enc_buf,

Indexes created Thu Nov 07 10:32:03 CST 2024