1 /* -*- mode: c; c-basic-offset: 8; indent-tabs-mode: nil; -*-
2 * vim:expandtab:shiftwidth=8:tabstop=8:
4 * Modifications for Lustre
5 * Copyright 2004, Cluster File Systems, Inc.
7 * Author: Eric Mei <ericm@clusterfs.com>
11 * linux/net/sunrpc/gss_krb5_crypto.c
13 * Copyright (c) 2000 The Regents of the University of Michigan.
14 * All rights reserved.
16 * Andy Adamson <andros@umich.edu>
17 * Bruce Fields <bfields@umich.edu>
21 * Copyright (C) 1998 by the FundsXpress, INC.
23 * All rights reserved.
25 * Export of this software from the United States of America may require
26 * a specific license from the United States Government. It is the
27 * responsibility of any person or organization contemplating export to
28 * obtain such a license before exporting.
30 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
31 * distribute this software and its documentation for any purpose and
32 * without fee is hereby granted, provided that the above copyright
33 * notice appear in all copies and that both that copyright notice and
34 * this permission notice appear in supporting documentation, and that
35 * the name of FundsXpress. not be used in advertising or publicity pertaining
36 * to distribution of the software without specific, written prior
37 * permission. FundsXpress makes no representations about the suitability of
38 * this software for any purpose. It is provided "as is" without express
39 * or implied warranty.
41 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
42 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
43 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
47 # define EXPORT_SYMTAB
49 #define DEBUG_SUBSYSTEM S_SEC
51 #include <linux/init.h>
52 #include <linux/module.h>
53 #include <linux/slab.h>
54 #include <linux/crypto.h>
56 #include <liblustre.h>
57 #include "../kcrypto/libcrypto.h"
60 #include <libcfs/kp30.h>
61 #include <linux/obd.h>
62 #include <linux/obd_class.h>
63 #include <linux/obd_support.h>
64 #include <linux/lustre_idl.h>
65 #include <linux/lustre_net.h>
66 #include <linux/lustre_import.h>
67 #include <linux/lustre_sec.h>
70 #include "gss_internal.h"
75 krb5_encrypt(struct crypto_tfm *tfm,
82 struct scatterlist sg[1];
83 __u8 local_iv[16] = {0};
85 if (length % crypto_tfm_alg_blocksize(tfm) != 0)
88 if (crypto_tfm_alg_ivsize(tfm) > 16) {
89 CERROR("tfm iv size to large %d\n", crypto_tfm_alg_ivsize(tfm));
94 memcpy(local_iv, iv, crypto_tfm_alg_ivsize(tfm));
96 memcpy(out, in, length);
97 sg[0].page = virt_to_page(out);
98 sg[0].offset = offset_in_page(out);
99 sg[0].length = length;
101 ret = crypto_cipher_encrypt_iv(tfm, sg, sg, length, local_iv);
107 //EXPORT_SYMBOL(krb5_encrypt);
110 krb5_decrypt(struct crypto_tfm *tfm,
117 struct scatterlist sg[1];
118 __u8 local_iv[16] = {0};
120 if (length % crypto_tfm_alg_blocksize(tfm) != 0)
123 if (crypto_tfm_alg_ivsize(tfm) > 16) {
124 CERROR("tfm iv size to large %d\n", crypto_tfm_alg_ivsize(tfm));
128 memcpy(local_iv,iv, crypto_tfm_alg_ivsize(tfm));
130 memcpy(out, in, length);
131 sg[0].page = virt_to_page(out);
132 sg[0].offset = offset_in_page(out);
133 sg[0].length = length;
135 ret = crypto_cipher_decrypt_iv(tfm, sg, sg, length, local_iv);
141 //EXPORT_SYMBOL(krb5_decrypt);
144 buf_to_sg(struct scatterlist *sg, char *ptr, int len)
146 sg->page = virt_to_page(ptr);
147 sg->offset = offset_in_page(ptr);
151 /* checksum the plaintext data and hdrlen bytes of the token header */
153 make_checksum(__s32 cksumtype,
154 char *header, int hdrlen,
159 struct crypto_tfm *tfm = NULL; /* XXX add to ctx? */
160 struct scatterlist sg[1];
161 __u32 code = GSS_S_FAILURE;
164 case CKSUMTYPE_RSA_MD5:
168 CERROR("unsupported checksum %d", cksumtype);
171 if (!(tfm = crypto_alloc_tfm(cksumname, 0)))
173 cksum->len = crypto_tfm_alg_digestsize(tfm);
174 OBD_ALLOC(cksum->data, cksum->len);
178 crypto_digest_init(tfm);
179 buf_to_sg(sg, header, hdrlen);
180 crypto_digest_update(tfm, sg, 1);
182 buf_to_sg(sg, body->data, body->len);
183 crypto_digest_update(tfm, sg, 1);
186 crypto_digest_final(tfm, cksum->data);
190 crypto_free_tfm(tfm);
194 //EXPORT_SYMBOL(make_checksum);
197 void obj_to_scatter_list(rawobj_t *obj, struct scatterlist *list,
200 __u8 *ptr = obj->data;
201 __u32 size = obj->len;
205 LASSERT(index++ < listlen);
206 list->page = virt_to_page(ptr);
207 list->offset = (int) ptr & (~PAGE_MASK);
208 list->length = (list->offset + size) > PAGE_SIZE ?
209 (PAGE_SIZE - list->offset) : size;
211 size -= list->length;
216 int gss_encrypt_rawobj(struct crypto_tfm *tfm,
217 rawobj_t *inobj, rawobj_t *outobj,
220 struct scatterlist *src_list, *dst_list;
221 __u8 local_iv[16] = {0};
226 LASSERT(outobj->len >= inobj->len);
228 list_len = ((inobj->len + PAGE_SIZE - 1) >> PAGE_SHIFT) + 1;
229 OBD_ALLOC(src_list, sizeof(*src_list) * list_len * 2);
231 CERROR("can't alloc %d\n", sizeof(*src_list) * list_len * 2);
234 dst_list = src_list + list_len;
236 obj_to_scatter_list(inobj, src_list, list_len);
237 obj_to_scatter_list(outobj, dst_list, list_len);
240 rc = crypto_cipher_encrypt_iv(tfm, dst_list, src_list,
241 inobj->len, local_iv);
243 rc = crypto_cipher_decrypt_iv(tfm, dst_list, src_list,
244 inobj->len, local_iv);
247 CERROR("encrypt error %u\n", rc);
251 outobj->len = inobj->len;
254 OBD_FREE(src_list, sizeof(*src_list) * list_len * 2);