2 * linux/net/sunrpc/gss_krb5_crypto.c
4 * Copyright (c) 2000 The Regents of the University of Michigan.
7 * Andy Adamson <andros@umich.edu>
8 * Bruce Fields <bfields@umich.edu>
12 * Copyright (C) 1998 by the FundsXpress, INC.
14 * All rights reserved.
16 * Export of this software from the United States of America may require
17 * a specific license from the United States Government. It is the
18 * responsibility of any person or organization contemplating export to
19 * obtain such a license before exporting.
21 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
22 * distribute this software and its documentation for any purpose and
23 * without fee is hereby granted, provided that the above copyright
24 * notice appear in all copies and that both that copyright notice and
25 * this permission notice appear in supporting documentation, and that
26 * the name of FundsXpress. not be used in advertising or publicity pertaining
27 * to distribution of the software without specific, written prior
28 * permission. FundsXpress makes no representations about the suitability of
29 * this software for any purpose. It is provided "as is" without express
30 * or implied warranty.
32 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
33 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
34 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
37 #include <linux/err.h>
38 #include <linux/types.h>
40 #include <linux/scatterlist.h>
41 #include <linux/crypto.h>
42 #include <linux/highmem.h>
43 #include <linux/pagemap.h>
44 #include <linux/sunrpc/gss_krb5.h>
45 #include <linux/sunrpc/xdr.h>
48 # define RPCDBG_FACILITY RPCDBG_AUTH
53 struct crypto_blkcipher
*tfm
,
60 struct scatterlist sg
[1];
61 u8 local_iv
[16] = {0};
62 struct blkcipher_desc desc
= { .tfm
= tfm
, .info
= local_iv
};
64 if (length
% crypto_blkcipher_blocksize(tfm
) != 0)
67 if (crypto_blkcipher_ivsize(tfm
) > 16) {
68 dprintk("RPC: gss_k5encrypt: tfm iv size too large %d\n",
69 crypto_blkcipher_ivsize(tfm
));
74 memcpy(local_iv
, iv
, crypto_blkcipher_ivsize(tfm
));
76 memcpy(out
, in
, length
);
77 sg_init_one(sg
, out
, length
);
79 ret
= crypto_blkcipher_encrypt_iv(&desc
, sg
, sg
, length
);
81 dprintk("RPC: krb5_encrypt returns %d\n", ret
);
87 struct crypto_blkcipher
*tfm
,
94 struct scatterlist sg
[1];
95 u8 local_iv
[16] = {0};
96 struct blkcipher_desc desc
= { .tfm
= tfm
, .info
= local_iv
};
98 if (length
% crypto_blkcipher_blocksize(tfm
) != 0)
101 if (crypto_blkcipher_ivsize(tfm
) > 16) {
102 dprintk("RPC: gss_k5decrypt: tfm iv size too large %d\n",
103 crypto_blkcipher_ivsize(tfm
));
107 memcpy(local_iv
,iv
, crypto_blkcipher_ivsize(tfm
));
109 memcpy(out
, in
, length
);
110 sg_init_one(sg
, out
, length
);
112 ret
= crypto_blkcipher_decrypt_iv(&desc
, sg
, sg
, length
);
114 dprintk("RPC: gss_k5decrypt returns %d\n",ret
);
119 checksummer(struct scatterlist
*sg
, void *data
)
121 struct hash_desc
*desc
= data
;
123 return crypto_hash_update(desc
, sg
, sg
->length
);
126 /* checksum the plaintext data and hdrlen bytes of the token header */
128 make_checksum(char *cksumname
, char *header
, int hdrlen
, struct xdr_buf
*body
,
129 int body_offset
, struct xdr_netobj
*cksum
)
131 struct hash_desc desc
; /* XXX add to ctx? */
132 struct scatterlist sg
[1];
135 desc
.tfm
= crypto_alloc_hash(cksumname
, 0, CRYPTO_ALG_ASYNC
);
136 if (IS_ERR(desc
.tfm
))
137 return GSS_S_FAILURE
;
138 cksum
->len
= crypto_hash_digestsize(desc
.tfm
);
139 desc
.flags
= CRYPTO_TFM_REQ_MAY_SLEEP
;
141 err
= crypto_hash_init(&desc
);
144 sg_init_one(sg
, header
, hdrlen
);
145 err
= crypto_hash_update(&desc
, sg
, hdrlen
);
148 err
= xdr_process_buf(body
, body_offset
, body
->len
- body_offset
,
152 err
= crypto_hash_final(&desc
, cksum
->data
);
155 crypto_free_hash(desc
.tfm
);
156 return err
? GSS_S_FAILURE
: 0;
159 struct encryptor_desc
{
160 u8 iv
[8]; /* XXX hard-coded blocksize */
161 struct blkcipher_desc desc
;
163 struct xdr_buf
*outbuf
;
165 struct scatterlist infrags
[4];
166 struct scatterlist outfrags
[4];
172 encryptor(struct scatterlist
*sg
, void *data
)
174 struct encryptor_desc
*desc
= data
;
175 struct xdr_buf
*outbuf
= desc
->outbuf
;
176 struct page
*in_page
;
177 int thislen
= desc
->fraglen
+ sg
->length
;
181 /* Worst case is 4 fragments: head, end of page 1, start
182 * of page 2, tail. Anything more is a bug. */
183 BUG_ON(desc
->fragno
> 3);
185 page_pos
= desc
->pos
- outbuf
->head
[0].iov_len
;
186 if (page_pos
>= 0 && page_pos
< outbuf
->page_len
) {
187 /* pages are not in place: */
188 int i
= (page_pos
+ outbuf
->page_base
) >> PAGE_CACHE_SHIFT
;
189 in_page
= desc
->pages
[i
];
191 in_page
= sg_page(sg
);
193 sg_set_page(&desc
->infrags
[desc
->fragno
], in_page
, sg
->length
,
195 sg_set_page(&desc
->outfrags
[desc
->fragno
], sg_page(sg
), sg
->length
,
198 desc
->fraglen
+= sg
->length
;
199 desc
->pos
+= sg
->length
;
201 fraglen
= thislen
& 7; /* XXX hardcoded blocksize */
207 sg_mark_end(&desc
->infrags
[desc
->fragno
- 1]);
208 sg_mark_end(&desc
->outfrags
[desc
->fragno
- 1]);
210 ret
= crypto_blkcipher_encrypt_iv(&desc
->desc
, desc
->outfrags
,
211 desc
->infrags
, thislen
);
215 sg_init_table(desc
->infrags
, 4);
216 sg_init_table(desc
->outfrags
, 4);
219 sg_set_page(&desc
->outfrags
[0], sg_page(sg
), fraglen
,
220 sg
->offset
+ sg
->length
- fraglen
);
221 desc
->infrags
[0] = desc
->outfrags
[0];
222 sg_assign_page(&desc
->infrags
[0], in_page
);
224 desc
->fraglen
= fraglen
;
233 gss_encrypt_xdr_buf(struct crypto_blkcipher
*tfm
, struct xdr_buf
*buf
,
234 int offset
, struct page
**pages
)
237 struct encryptor_desc desc
;
239 BUG_ON((buf
->len
- offset
) % crypto_blkcipher_blocksize(tfm
) != 0);
241 memset(desc
.iv
, 0, sizeof(desc
.iv
));
243 desc
.desc
.info
= desc
.iv
;
251 sg_init_table(desc
.infrags
, 4);
252 sg_init_table(desc
.outfrags
, 4);
254 ret
= xdr_process_buf(buf
, offset
, buf
->len
- offset
, encryptor
, &desc
);
258 struct decryptor_desc
{
259 u8 iv
[8]; /* XXX hard-coded blocksize */
260 struct blkcipher_desc desc
;
261 struct scatterlist frags
[4];
267 decryptor(struct scatterlist
*sg
, void *data
)
269 struct decryptor_desc
*desc
= data
;
270 int thislen
= desc
->fraglen
+ sg
->length
;
273 /* Worst case is 4 fragments: head, end of page 1, start
274 * of page 2, tail. Anything more is a bug. */
275 BUG_ON(desc
->fragno
> 3);
276 sg_set_page(&desc
->frags
[desc
->fragno
], sg_page(sg
), sg
->length
,
279 desc
->fraglen
+= sg
->length
;
281 fraglen
= thislen
& 7; /* XXX hardcoded blocksize */
287 sg_mark_end(&desc
->frags
[desc
->fragno
- 1]);
289 ret
= crypto_blkcipher_decrypt_iv(&desc
->desc
, desc
->frags
,
290 desc
->frags
, thislen
);
294 sg_init_table(desc
->frags
, 4);
297 sg_set_page(&desc
->frags
[0], sg_page(sg
), fraglen
,
298 sg
->offset
+ sg
->length
- fraglen
);
300 desc
->fraglen
= fraglen
;
309 gss_decrypt_xdr_buf(struct crypto_blkcipher
*tfm
, struct xdr_buf
*buf
,
312 struct decryptor_desc desc
;
315 BUG_ON((buf
->len
- offset
) % crypto_blkcipher_blocksize(tfm
) != 0);
317 memset(desc
.iv
, 0, sizeof(desc
.iv
));
319 desc
.desc
.info
= desc
.iv
;
324 sg_init_table(desc
.frags
, 4);
326 return xdr_process_buf(buf
, offset
, buf
->len
- offset
, decryptor
, &desc
);