1 /* -*- mode: c; c-basic-offset: 8; indent-tabs-mode: nil; -*-
2 * vim:expandtab:shiftwidth=8:tabstop=8:
4 * Modifications for Lustre
5 * Copyright 2004, Cluster File Systems, Inc.
7 * Author: Eric Mei <ericm@clusterfs.com>
11 * linux/net/sunrpc/gss_krb5_crypto.c
13 * Copyright (c) 2000 The Regents of the University of Michigan.
14 * All rights reserved.
16 * Andy Adamson <andros@umich.edu>
17 * Bruce Fields <bfields@umich.edu>
21 * Copyright (C) 1998 by the FundsXpress, INC.
23 * All rights reserved.
25 * Export of this software from the United States of America may require
26 * a specific license from the United States Government. It is the
27 * responsibility of any person or organization contemplating export to
28 * obtain such a license before exporting.
30 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
31 * distribute this software and its documentation for any purpose and
32 * without fee is hereby granted, provided that the above copyright
33 * notice appear in all copies and that both that copyright notice and
34 * this permission notice appear in supporting documentation, and that
35 * the name of FundsXpress. not be used in advertising or publicity pertaining
36 * to distribution of the software without specific, written prior
37 * permission. FundsXpress makes no representations about the suitability of
38 * this software for any purpose. It is provided "as is" without express
39 * or implied warranty.
41 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
42 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
43 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
47 # define EXPORT_SYMTAB
49 #define DEBUG_SUBSYSTEM S_SEC
51 #include <linux/init.h>
52 #include <linux/module.h>
53 #include <linux/slab.h>
54 #include <linux/crypto.h>
56 #include <liblustre.h>
57 //#include "../kcrypto/libcrypto.h"
60 #include <libcfs/kp30.h>
61 #include <linux/obd.h>
62 #include <linux/obd_class.h>
63 #include <linux/obd_support.h>
64 #include <linux/lustre_idl.h>
65 #include <linux/lustre_net.h>
66 #include <linux/lustre_import.h>
67 #include <linux/lustre_sec.h>
70 #include "gss_internal.h"
75 krb5_encrypt(struct crypto_tfm *tfm,
83 struct scatterlist sg[1];
84 __u8 local_iv[16] = {0};
86 if (length % crypto_tfm_alg_blocksize(tfm) != 0)
89 if (crypto_tfm_alg_ivsize(tfm) > 16) {
90 CERROR("tfm iv size to large %d\n", crypto_tfm_alg_ivsize(tfm));
95 memcpy(local_iv, iv, crypto_tfm_alg_ivsize(tfm));
97 memcpy(out, in, length);
98 sg[0].page = virt_to_page(out);
99 sg[0].offset = offset_in_page(out);
100 sg[0].length = length;
102 ret = crypto_cipher_encrypt_iv(tfm, sg, sg, length, local_iv);
109 //EXPORT_SYMBOL(krb5_encrypt);
112 krb5_decrypt(struct crypto_tfm *tfm,
120 struct scatterlist sg[1];
121 __u8 local_iv[16] = {0};
123 if (length % crypto_tfm_alg_blocksize(tfm) != 0)
126 if (crypto_tfm_alg_ivsize(tfm) > 16) {
127 CERROR("tfm iv size to large %d\n", crypto_tfm_alg_ivsize(tfm));
131 memcpy(local_iv,iv, crypto_tfm_alg_ivsize(tfm));
133 memcpy(out, in, length);
134 sg[0].page = virt_to_page(out);
135 sg[0].offset = offset_in_page(out);
136 sg[0].length = length;
138 ret = crypto_cipher_decrypt_iv(tfm, sg, sg, length, local_iv);
145 //EXPORT_SYMBOL(krb5_decrypt);
149 buf_to_sg(struct scatterlist *sg, char *ptr, int len)
151 sg->page = virt_to_page(ptr);
152 sg->offset = offset_in_page(ptr);
156 /* checksum the plaintext data and hdrlen bytes of the token header */
158 make_checksum(__s32 cksumtype,
159 char *header, int hdrlen,
164 struct crypto_tfm *tfm = NULL; /* XXX add to ctx? */
165 struct scatterlist sg[1];
166 __u32 code = GSS_S_FAILURE;
169 case CKSUMTYPE_RSA_MD5:
173 CERROR("unsupported checksum %d", cksumtype);
176 if (!(tfm = crypto_alloc_tfm(cksumname, 0)))
178 cksum->len = crypto_tfm_alg_digestsize(tfm);
179 OBD_ALLOC(cksum->data, cksum->len);
183 crypto_digest_init(tfm);
184 buf_to_sg(sg, header, hdrlen);
185 crypto_digest_update(tfm, sg, 1);
187 buf_to_sg(sg, body->data, body->len);
188 crypto_digest_update(tfm, sg, 1);
191 crypto_digest_final(tfm, cksum->data);
195 crypto_free_tfm(tfm);
199 //EXPORT_SYMBOL(make_checksum);
202 void obj_to_scatter_list(rawobj_t *obj, struct scatterlist *list,
205 __u8 *ptr = obj->data;
206 __u32 size = obj->len;
210 LASSERT(index++ < listlen);
211 list->page = virt_to_page(ptr);
212 list->offset = (int) ptr & (~PAGE_MASK);
213 list->length = (list->offset + size) > PAGE_SIZE ?
214 (PAGE_SIZE - list->offset) : size;
216 size -= list->length;
222 int gss_encrypt_rawobj(struct crypto_tfm *tfm,
223 rawobj_t *inobj, rawobj_t *outobj,
228 struct scatterlist *src_list, *dst_list;
229 __u8 local_iv[16] = {0};
233 LASSERT(outobj->len >= inobj->len);
235 list_len = ((inobj->len + PAGE_SIZE - 1) >> PAGE_SHIFT) + 1;
236 OBD_ALLOC(src_list, sizeof(*src_list) * list_len * 2);
238 CERROR("can't alloc %d\n", sizeof(*src_list) * list_len * 2);
241 dst_list = src_list + list_len;
243 obj_to_scatter_list(inobj, src_list, list_len);
244 obj_to_scatter_list(outobj, dst_list, list_len);
247 rc = crypto_cipher_encrypt_iv(tfm, dst_list, src_list,
248 inobj->len, local_iv);
250 rc = crypto_cipher_decrypt_iv(tfm, dst_list, src_list,
251 inobj->len, local_iv);
254 CERROR("encrypt error %u\n", rc);
258 outobj->len = inobj->len;
261 OBD_FREE(src_list, sizeof(*src_list) * list_len * 2);