gss_context->internal_ctx_id = skc;
CDEBUG(D_SEC, "successfully imported sk%s context\n",
- privacy ? "pi" : "i");
+ privacy ? " (with privacy)" : "");
return GSS_S_COMPLETE;
static
u32 sk_make_hmac(enum cfs_crypto_hash_alg algo, rawobj_t *key, int msg_count,
rawobj_t *msgs, int iov_count, lnet_kiov_t *iovs,
- rawobj_t *token)
+ rawobj_t *token, digest_hash hash_func)
{
- struct cfs_crypto_hash_desc *desc;
+ struct ahash_request *req;
int rc2, rc;
- desc = cfs_crypto_hash_init(algo, key->data, key->len);
- if (IS_ERR(desc)) {
- rc = PTR_ERR(desc);
+ req = cfs_crypto_hash_init(algo, key->data, key->len);
+ if (IS_ERR(req)) {
+ rc = PTR_ERR(req);
goto out_init_failed;
}
- rc2 = gss_digest_hash(desc, NULL, msg_count, msgs, iov_count, iovs,
- token);
- rc = cfs_crypto_hash_final(desc, key->data, &key->len);
+
+ if (hash_func)
+ rc2 = hash_func(req, NULL, msg_count, msgs, iov_count,
+ iovs);
+ else
+ rc2 = gss_digest_hash(req, NULL, msg_count, msgs, iov_count,
+ iovs);
+
+ rc = cfs_crypto_hash_final(req, token->data, &token->len);
if (!rc && rc2)
rc = rc2;
out_init_failed:
return sk_make_hmac(skc->sc_hmac,
&skc->sc_hmac_key, message_count, messages,
- iov_count, iovs, token);
+ iov_count, iovs, token, gss_context->hash_func);
}
static
u32 sk_verify_hmac(enum cfs_crypto_hash_alg algo, rawobj_t *key,
int message_count, rawobj_t *messages,
int iov_count, lnet_kiov_t *iovs,
- rawobj_t *token)
+ rawobj_t *token, digest_hash hash_func)
{
rawobj_t checksum = RAWOBJ_EMPTY;
__u32 rc = GSS_S_FAILURE;
return rc;
if (sk_make_hmac(algo, key, message_count,
- messages, iov_count, iovs, &checksum)) {
+ messages, iov_count, iovs, &checksum,
+ hash_func)) {
CDEBUG(D_SEC, "Failed to create checksum to validate\n");
goto cleanup;
}
int msgcnt, rawobj_t *msgs, int iovcnt,
lnet_kiov_t *iovs, int iov_bytes, rawobj_t *token)
{
- struct cfs_crypto_hash_desc *desc;
rawobj_t checksum = RAWOBJ_EMPTY;
struct ahash_request *req;
struct scatterlist sg[1];
- int rc = GSS_S_FAILURE;
+ int rc = 0;
struct sg_table sgt;
int bytes;
int i;
OBD_ALLOC_LARGE(checksum.data, checksum.len);
if (!checksum.data)
- return rc;
+ return GSS_S_FAILURE;
- desc = cfs_crypto_hash_init(sc_hmac, key->data, key->len);
- if (IS_ERR(desc))
+ req = cfs_crypto_hash_init(sc_hmac, key->data, key->len);
+ if (IS_ERR(req)) {
+ rc = GSS_S_FAILURE;
goto cleanup;
+ }
- req = (struct ahash_request *) desc;
for (i = 0; i < msgcnt; i++) {
if (!msgs[i].len)
continue;
goto hash_cleanup;
}
- if (memcmp(token->data, checksum.data, checksum.len)) {
- rc = GSS_S_BAD_SIG;
- goto hash_cleanup;
- }
-
- rc = GSS_S_COMPLETE;
-
hash_cleanup:
- cfs_crypto_hash_final(desc, checksum.data, &checksum.len);
+ cfs_crypto_hash_final(req, checksum.data, &checksum.len);
+ if (rc)
+ goto cleanup;
+
+ if (memcmp(token->data, checksum.data, checksum.len))
+ rc = GSS_S_BAD_SIG;
+ else
+ rc = GSS_S_COMPLETE;
cleanup:
OBD_FREE_LARGE(checksum.data, checksum.len);
struct sk_ctx *skc = gss_context->internal_ctx_id;
return sk_verify_hmac(skc->sc_hmac, &skc->sc_hmac_key,
- message_count, messages, iov_count, iovs, token);
+ message_count, messages, iov_count, iovs, token,
+ gss_context->hash_func);
}
static
skw.skw_hmac.data = skw.skw_cipher.data + skw.skw_cipher.len;
skw.skw_hmac.len = sht_bytes;
if (sk_make_hmac(skc->sc_hmac, &skc->sc_hmac_key,
- 3, msgbufs, 0, NULL, &skw.skw_hmac))
+ 3, msgbufs, 0, NULL, &skw.skw_hmac,
+ gss_context->hash_func))
return GSS_S_FAILURE;
token->len = skw.skw_header.len + skw.skw_cipher.len + skw.skw_hmac.len;
msgbufs[1] = *gss_header;
msgbufs[2] = skw.skw_cipher;
rc = sk_verify_hmac(skc->sc_hmac, &skc->sc_hmac_key, 3, msgbufs,
- 0, NULL, &skw.skw_hmac);
+ 0, NULL, &skw.skw_hmac, gss_context->hash_func);
if (rc)
return rc;
blocksize = crypto_blkcipher_blocksize(skc->sc_session_kb.kb_tfm);
for (i = 0; i < desc->bd_iov_count; i++) {
- if (BD_GET_KIOV(desc, i).kiov_offset & blocksize) {
+ if (desc->bd_vec[i].kiov_offset & blocksize) {
CERROR("offset %d not blocksize aligned\n",
- BD_GET_KIOV(desc, i).kiov_offset);
+ desc->bd_vec[i].kiov_offset);
return GSS_S_FAILURE;
}
- BD_GET_ENC_KIOV(desc, i).kiov_offset =
- BD_GET_KIOV(desc, i).kiov_offset;
- BD_GET_ENC_KIOV(desc, i).kiov_len =
- sk_block_mask(BD_GET_KIOV(desc, i).kiov_len, blocksize);
+ desc->bd_enc_vec[i].kiov_offset =
+ desc->bd_vec[i].kiov_offset;
+ desc->bd_enc_vec[i].kiov_len =
+ sk_block_mask(desc->bd_vec[i].kiov_len, blocksize);
}
return GSS_S_COMPLETE;
sg_init_table(&ctxt, 1);
for (i = 0; i < desc->bd_iov_count; i++) {
- sg_set_page(&ptxt, BD_GET_KIOV(desc, i).kiov_page,
- sk_block_mask(BD_GET_KIOV(desc, i).kiov_len,
+ sg_set_page(&ptxt, desc->bd_vec[i].kiov_page,
+ sk_block_mask(desc->bd_vec[i].kiov_len,
blocksize),
- BD_GET_KIOV(desc, i).kiov_offset);
+ desc->bd_vec[i].kiov_offset);
nob += ptxt.length;
- sg_set_page(&ctxt, BD_GET_ENC_KIOV(desc, i).kiov_page,
+ sg_set_page(&ctxt, desc->bd_enc_vec[i].kiov_page,
ptxt.length, ptxt.offset);
- BD_GET_ENC_KIOV(desc, i).kiov_offset = ctxt.offset;
- BD_GET_ENC_KIOV(desc, i).kiov_len = ctxt.length;
+ desc->bd_enc_vec[i].kiov_offset = ctxt.offset;
+ desc->bd_enc_vec[i].kiov_len = ctxt.length;
rc = crypto_blkcipher_encrypt_iv(&cdesc, &ctxt, &ptxt,
ptxt.length);
for (i = 0; i < desc->bd_iov_count && cnob < desc->bd_nob_transferred;
i++) {
- lnet_kiov_t *piov = &BD_GET_KIOV(desc, i);
- lnet_kiov_t *ciov = &BD_GET_ENC_KIOV(desc, i);
+ lnet_kiov_t *piov = &desc->bd_vec[i];
+ lnet_kiov_t *ciov = &desc->bd_enc_vec[i];
if (ciov->kiov_offset % blocksize != 0 ||
ciov->kiov_len % blocksize != 0) {
/* if needed, clear up the rest unused iovs */
if (adj_nob)
while (i < desc->bd_iov_count)
- BD_GET_KIOV(desc, i++).kiov_len = 0;
+ desc->bd_vec[i++].kiov_len = 0;
if (unlikely(cnob != desc->bd_nob_transferred)) {
CERROR("%d cipher text transferred but only %d decrypted\n",
skw.skw_hmac.data = skw.skw_cipher.data + skw.skw_cipher.len;
skw.skw_hmac.len = sht_bytes;
if (sk_make_hmac(skc->sc_hmac, &skc->sc_hmac_key, 1, &skw.skw_cipher,
- desc->bd_iov_count, GET_ENC_KIOV(desc), &skw.skw_hmac))
+ desc->bd_iov_count, desc->bd_enc_vec, &skw.skw_hmac,
+ gss_context->hash_func))
return GSS_S_FAILURE;
return GSS_S_COMPLETE;
rc = sk_verify_bulk_hmac(skc->sc_hmac, &skc->sc_hmac_key, 1,
&skw.skw_cipher, desc->bd_iov_count,
- GET_ENC_KIOV(desc), desc->bd_nob,
+ desc->bd_enc_vec, desc->bd_nob,
&skw.skw_hmac);
if (rc)
return rc;