38 #include <linux/types.h>
44 #include <linux/random.h>
49 # define RPCDBG_FACILITY RPCDBG_AUTH
65 if (length % crypto_blkcipher_blocksize(tfm) != 0)
69 dprintk(
"RPC: gss_k5encrypt: tfm iv size too large %d\n",
70 crypto_blkcipher_ivsize(tfm));
75 memcpy(local_iv, iv, crypto_blkcipher_ivsize(tfm));
80 ret = crypto_blkcipher_encrypt_iv(&desc, sg, sg, length);
82 dprintk(
"RPC: krb5_encrypt returns %d\n", ret);
99 if (length % crypto_blkcipher_blocksize(tfm) != 0)
103 dprintk(
"RPC: gss_k5decrypt: tfm iv size too large %d\n",
104 crypto_blkcipher_ivsize(tfm));
108 memcpy(local_iv,iv, crypto_blkcipher_ivsize(tfm));
113 ret = crypto_blkcipher_decrypt_iv(&desc, sg, sg, length);
115 dprintk(
"RPC: gss_k5decrypt returns %d\n",ret);
124 return crypto_hash_update(desc, sg, sg->
length);
128 arcfour_hmac_md5_usage_to_salt(
unsigned int usage,
u8 salt[4])
130 unsigned int ms_usage;
142 salt[0] = (ms_usage >> 0) & 0xff;
143 salt[1] = (ms_usage >> 8) & 0xff;
144 salt[2] = (ms_usage >> 16) & 0xff;
145 salt[3] = (ms_usage >> 24) & 0xff;
152 struct xdr_buf *
body,
int body_offset,
u8 *cksumkey,
153 unsigned int usage,
struct xdr_netobj *cksumout)
163 if (cksumkey ==
NULL)
164 return GSS_S_FAILURE;
166 if (cksumout->len < kctx->
gk5e->cksumlength) {
167 dprintk(
"%s: checksum buffer length, %u, too small for %s\n",
168 __func__, cksumout->len, kctx->
gk5e->name);
169 return GSS_S_FAILURE;
172 if (arcfour_hmac_md5_usage_to_salt(usage, rc4salt)) {
173 dprintk(
"%s: invalid usage value %u\n", __func__, usage);
174 return GSS_S_FAILURE;
179 return GSS_S_FAILURE;
181 hmac_md5 = crypto_alloc_hash(kctx->
gk5e->cksum_name, 0,
183 if (IS_ERR(hmac_md5)) {
184 crypto_free_hash(md5);
185 return GSS_S_FAILURE;
191 err = crypto_hash_init(&
desc);
195 err = crypto_hash_update(&
desc,
sg, 4);
200 err = crypto_hash_update(&
desc,
sg, hdrlen);
207 err = crypto_hash_final(&
desc, checksumdata);
214 err = crypto_hash_init(&
desc);
217 err = crypto_hash_setkey(hmac_md5, cksumkey, kctx->
gk5e->keylength);
222 err = crypto_hash_digest(&
desc,
sg, crypto_hash_digestsize(md5),
227 memcpy(cksumout->data, checksumdata, kctx->
gk5e->cksumlength);
228 cksumout->len = kctx->
gk5e->cksumlength;
230 crypto_free_hash(md5);
231 crypto_free_hash(hmac_md5);
232 return err ? GSS_S_FAILURE : 0;
242 struct xdr_buf *body,
int body_offset,
u8 *cksumkey,
243 unsigned int usage,
struct xdr_netobj *cksumout)
249 unsigned int checksumlen;
252 return make_checksum_hmac_md5(kctx, header, hdrlen,
254 cksumkey, usage, cksumout);
256 if (cksumout->len < kctx->
gk5e->cksumlength) {
257 dprintk(
"%s: checksum buffer length, %u, too small for %s\n",
258 __func__, cksumout->len, kctx->
gk5e->name);
259 return GSS_S_FAILURE;
263 if (IS_ERR(desc.
tfm))
264 return GSS_S_FAILURE;
267 checksumlen = crypto_hash_digestsize(desc.
tfm);
269 if (cksumkey !=
NULL) {
270 err = crypto_hash_setkey(desc.
tfm, cksumkey,
271 kctx->
gk5e->keylength);
276 err = crypto_hash_init(&desc);
280 err = crypto_hash_update(&desc, sg, hdrlen);
287 err = crypto_hash_final(&desc, checksumdata);
291 switch (kctx->
gk5e->ctype) {
293 err = kctx->
gk5e->encrypt(kctx->
seq,
NULL, checksumdata,
294 checksumdata, checksumlen);
298 checksumdata + checksumlen - kctx->
gk5e->cksumlength,
299 kctx->
gk5e->cksumlength);
302 memcpy(cksumout->data, checksumdata, kctx->
gk5e->cksumlength);
308 cksumout->len = kctx->
gk5e->cksumlength;
310 crypto_free_hash(desc.
tfm);
311 return err ? GSS_S_FAILURE : 0;
323 struct xdr_buf *body,
int body_offset,
u8 *cksumkey,
324 unsigned int usage,
struct xdr_netobj *cksumout)
330 unsigned int checksumlen;
332 if (kctx->
gk5e->keyed_cksum == 0) {
333 dprintk(
"%s: expected keyed hash for %s\n",
334 __func__, kctx->
gk5e->name);
335 return GSS_S_FAILURE;
337 if (cksumkey ==
NULL) {
338 dprintk(
"%s: no key supplied for %s\n",
339 __func__, kctx->
gk5e->name);
340 return GSS_S_FAILURE;
343 desc.
tfm = crypto_alloc_hash(kctx->
gk5e->cksum_name, 0,
345 if (IS_ERR(desc.
tfm))
346 return GSS_S_FAILURE;
347 checksumlen = crypto_hash_digestsize(desc.
tfm);
350 err = crypto_hash_setkey(desc.
tfm, cksumkey, kctx->
gk5e->keylength);
354 err = crypto_hash_init(&desc);
361 if (header !=
NULL) {
363 err = crypto_hash_update(&desc, sg, hdrlen);
367 err = crypto_hash_final(&desc, checksumdata);
371 cksumout->len = kctx->
gk5e->cksumlength;
373 switch (kctx->
gk5e->ctype) {
377 memcpy(cksumout->data, checksumdata, kctx->
gk5e->cksumlength);
384 crypto_free_hash(desc.
tfm);
385 return err ? GSS_S_FAILURE : 0;
404 struct xdr_buf *outbuf = desc->
outbuf;
405 struct page *in_page;
414 page_pos = desc->
pos - outbuf->head[0].iov_len;
415 if (page_pos >= 0 && page_pos < outbuf->page_len) {
420 in_page = sg_page(sg);
430 fraglen = thislen & (crypto_blkcipher_blocksize(desc->
desc.tfm) - 1);
439 ret = crypto_blkcipher_encrypt_iv(&desc->
desc, desc->
outfrags,
448 sg_set_page(&desc->
outfrags[0], sg_page(sg), fraglen,
451 sg_assign_page(&desc->
infrags[0], in_page);
468 BUG_ON((buf->len - offset) % crypto_blkcipher_blocksize(tfm) != 0);
483 ret =
xdr_process_buf(buf, offset, buf->len - offset, encryptor, &desc);
510 fraglen = thislen & (crypto_blkcipher_blocksize(desc->
desc.tfm) - 1);
518 ret = crypto_blkcipher_decrypt_iv(&desc->
desc, desc->
frags,
519 desc->
frags, thislen);
526 sg_set_page(&desc->
frags[0], sg_page(sg), fraglen,
544 BUG_ON((buf->len - offset) % crypto_blkcipher_blocksize(tfm) != 0);
555 return xdr_process_buf(buf, offset, buf->len - offset, decryptor, &desc);
584 BUG_ON(shiftlen > RPC_MAX_AUTH_SIZE);
586 p = buf->head[0].iov_base + base;
588 memmove(p + shiftlen, p, buf->head[0].iov_len - base);
590 buf->head[0].iov_len += shiftlen;
591 buf->len += shiftlen;
604 struct page **save_pages;
617 save_pages = buf->
pages;
622 buf->pages = save_pages;
629 ret = crypto_blkcipher_encrypt_iv(&desc, sg, sg, len);
631 ret = crypto_blkcipher_decrypt_iv(&desc, sg, sg, len);
644 struct xdr_buf *buf,
int ec,
struct page **pages)
647 struct xdr_netobj hmac;
652 struct page **save_pages;
669 blocksize = crypto_blkcipher_blocksize(cipher);
674 return GSS_S_FAILURE;
678 if (buf->tail[0].iov_base !=
NULL) {
679 ecptr = buf->tail[0].iov_base + buf->tail[0].iov_len;
681 buf->tail[0].iov_base = buf->head[0].iov_base
682 + buf->head[0].iov_len;
683 buf->tail[0].iov_len = 0;
684 ecptr = buf->tail[0].iov_base;
688 buf->tail[0].iov_len += ec;
692 memcpy(ecptr + ec, buf->head[0].iov_base + offset,
699 hmac.data = buf->tail[0].iov_base + buf->tail[0].iov_len;
708 save_pages = buf->
pages;
713 cksumkey, usage, &hmac);
714 buf->pages = save_pages;
716 return GSS_S_FAILURE;
719 nblocks = (nbytes + blocksize - 1) / blocksize;
722 cbcbytes = (nblocks - 2) * blocksize;
734 desc.
desc.tfm = aux_cipher;
740 cbcbytes, encryptor, &desc);
746 err = gss_krb5_cts_crypt(cipher, buf,
747 offset + GSS_KRB5_TOK_HDR_LEN + cbcbytes,
755 buf->tail[0].iov_len += kctx->
gk5e->cksumlength;
756 buf->len += kctx->
gk5e->cksumlength;
766 u32 *headskip,
u32 *tailskip)
768 struct xdr_buf subbuf;
772 struct xdr_netobj our_hmac_obj;
775 int nblocks, blocksize, cbcbytes;
790 blocksize = crypto_blkcipher_blocksize(cipher);
796 kctx->
gk5e->cksumlength));
798 nblocks = (subbuf.len + blocksize - 1) / blocksize;
802 cbcbytes = (nblocks - 2) * blocksize;
811 desc.
desc.tfm = aux_cipher;
821 ret = gss_krb5_cts_crypt(cipher, &subbuf, cbcbytes, desc.
iv,
NULL, 0);
827 our_hmac_obj.len =
sizeof(our_hmac);
828 our_hmac_obj.data = our_hmac;
831 cksum_key, usage, &our_hmac_obj);
837 pkt_hmac, kctx->
gk5e->cksumlength);
841 if (
memcmp(pkt_hmac, our_hmac, kctx->
gk5e->cksumlength) != 0) {
845 *headskip = kctx->
gk5e->conflen;
846 *tailskip = kctx->
gk5e->cksumlength;
848 if (ret && ret != GSS_S_BAD_SIG)
859 unsigned char *
cksum)
865 u32 zeroconstant = 0;
868 dprintk(
"%s: entered\n", __func__);
872 dprintk(
"%s: error %ld, allocating hash '%s'\n",
873 __func__, PTR_ERR(hmac), kctx->
gk5e->cksum_name);
874 return PTR_ERR(hmac);
880 err = crypto_hash_init(&desc);
885 err = crypto_hash_setkey(hmac, kctx->
Ksess, kctx->
gk5e->keylength);
890 sg_set_buf(sg, &zeroconstant, 4);
892 err = crypto_hash_digest(&desc, sg, 4, Kseq);
897 err = crypto_hash_setkey(hmac, Kseq, kctx->
gk5e->keylength);
901 sg_set_buf(sg, cksum, 8);
903 err = crypto_hash_digest(&desc, sg, 8, Kseq);
907 err = crypto_blkcipher_setkey(cipher, Kseq, kctx->
gk5e->keylength);
914 crypto_free_hash(hmac);
915 dprintk(
"%s: returning %d\n", __func__, err);
931 u8 zeroconstant[4] = {0};
935 dprintk(
"%s: entered, seqnum %u\n", __func__, seqnum);
939 dprintk(
"%s: error %ld, allocating hash '%s'\n",
940 __func__, PTR_ERR(hmac), kctx->
gk5e->cksum_name);
941 return PTR_ERR(hmac);
947 err = crypto_hash_init(&desc);
952 for (i = 0; i < kctx->
gk5e->keylength; i++)
953 Kcrypt[i] = kctx->
Ksess[i] ^ 0xf0;
955 err = crypto_hash_setkey(hmac, Kcrypt, kctx->
gk5e->keylength);
960 sg_set_buf(sg, zeroconstant, 4);
962 err = crypto_hash_digest(&desc, sg, 4, Kcrypt);
967 err = crypto_hash_setkey(hmac, Kcrypt, kctx->
gk5e->keylength);
971 seqnumarray[0] = (
unsigned char) ((seqnum >> 24) & 0xff);
972 seqnumarray[1] = (
unsigned char) ((seqnum >> 16) & 0xff);
973 seqnumarray[2] = (
unsigned char) ((seqnum >> 8) & 0xff);
974 seqnumarray[3] = (
unsigned char) ((seqnum >> 0) & 0xff);
976 sg_set_buf(sg, seqnumarray, 4);
978 err = crypto_hash_digest(&desc, sg, 4, Kcrypt);
982 err = crypto_blkcipher_setkey(cipher, Kcrypt, kctx->
gk5e->keylength);
989 crypto_free_hash(hmac);
990 dprintk(
"%s: returning %d\n", __func__, err);