1 /* 2 * linux/net/sunrpc/gss_krb5_crypto.c 3 * 4 * Copyright (c) 2000 The Regents of the University of Michigan. 5 * All rights reserved. 6 * 7 * Andy Adamson <andros@umich.edu> 8 * Bruce Fields <bfields@umich.edu> 9 */ 10 11 /* 12 * Copyright (C) 1998 by the FundsXpress, INC. 13 * 14 * All rights reserved. 15 * 16 * Export of this software from the United States of America may require 17 * a specific license from the United States Government. It is the 18 * responsibility of any person or organization contemplating export to 19 * obtain such a license before exporting. 20 * 21 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 22 * distribute this software and its documentation for any purpose and 23 * without fee is hereby granted, provided that the above copyright 24 * notice appear in all copies and that both that copyright notice and 25 * this permission notice appear in supporting documentation, and that 26 * the name of FundsXpress. not be used in advertising or publicity pertaining 27 * to distribution of the software without specific, written prior 28 * permission. FundsXpress makes no representations about the suitability of 29 * this software for any purpose. It is provided "as is" without express 30 * or implied warranty. 31 * 32 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR 33 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED 34 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. 35 */ 36 37 #include <linux/err.h> 38 #include <linux/types.h> 39 #include <linux/mm.h> 40 #include <linux/slab.h> 41 #include <linux/scatterlist.h> 42 #include <linux/crypto.h> 43 #include <linux/highmem.h> 44 #include <linux/pagemap.h> 45 #include <linux/sunrpc/gss_krb5.h> 46 #include <linux/sunrpc/xdr.h> 47 48 #ifdef RPC_DEBUG 49 # define RPCDBG_FACILITY RPCDBG_AUTH 50 #endif 51 52 u32 53 krb5_encrypt( 54 struct crypto_blkcipher *tfm, 55 void * iv, 56 void * in, 57 void * out, 58 int length) 59 { 60 u32 ret = -EINVAL; 61 struct scatterlist sg[1]; 62 u8 local_iv[16] = {0}; 63 struct blkcipher_desc desc = { .tfm = tfm, .info = local_iv }; 64 65 if (length % crypto_blkcipher_blocksize(tfm) != 0) 66 goto out; 67 68 if (crypto_blkcipher_ivsize(tfm) > 16) { 69 dprintk("RPC: gss_k5encrypt: tfm iv size to large %d\n", 70 crypto_blkcipher_ivsize(tfm)); 71 goto out; 72 } 73 74 if (iv) 75 memcpy(local_iv, iv, crypto_blkcipher_ivsize(tfm)); 76 77 memcpy(out, in, length); 78 sg_set_buf(sg, out, length); 79 80 ret = crypto_blkcipher_encrypt_iv(&desc, sg, sg, length); 81 out: 82 dprintk("RPC: krb5_encrypt returns %d\n", ret); 83 return ret; 84 } 85 86 EXPORT_SYMBOL(krb5_encrypt); 87 88 u32 89 krb5_decrypt( 90 struct crypto_blkcipher *tfm, 91 void * iv, 92 void * in, 93 void * out, 94 int length) 95 { 96 u32 ret = -EINVAL; 97 struct scatterlist sg[1]; 98 u8 local_iv[16] = {0}; 99 struct blkcipher_desc desc = { .tfm = tfm, .info = local_iv }; 100 101 if (length % crypto_blkcipher_blocksize(tfm) != 0) 102 goto out; 103 104 if (crypto_blkcipher_ivsize(tfm) > 16) { 105 dprintk("RPC: gss_k5decrypt: tfm iv size to large %d\n", 106 crypto_blkcipher_ivsize(tfm)); 107 goto out; 108 } 109 if (iv) 110 memcpy(local_iv,iv, crypto_blkcipher_ivsize(tfm)); 111 112 memcpy(out, in, length); 113 sg_set_buf(sg, out, length); 114 115 ret = crypto_blkcipher_decrypt_iv(&desc, sg, sg, length); 116 out: 117 dprintk("RPC: gss_k5decrypt returns %d\n",ret); 118 return ret; 119 } 120 121 EXPORT_SYMBOL(krb5_decrypt); 122 123 static int 124 checksummer(struct scatterlist *sg, void *data) 125 { 126 struct hash_desc *desc = data; 127 128 return crypto_hash_update(desc, sg, sg->length); 129 } 130 131 /* checksum the plaintext data and hdrlen bytes of the token header */ 132 s32 133 make_checksum(char *cksumname, char *header, int hdrlen, struct xdr_buf *body, 134 int body_offset, struct xdr_netobj *cksum) 135 { 136 struct hash_desc desc; /* XXX add to ctx? */ 137 struct scatterlist sg[1]; 138 int err; 139 140 desc.tfm = crypto_alloc_hash(cksumname, 0, CRYPTO_ALG_ASYNC); 141 if (IS_ERR(desc.tfm)) 142 return GSS_S_FAILURE; 143 cksum->len = crypto_hash_digestsize(desc.tfm); 144 desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP; 145 146 err = crypto_hash_init(&desc); 147 if (err) 148 goto out; 149 sg_set_buf(sg, header, hdrlen); 150 err = crypto_hash_update(&desc, sg, hdrlen); 151 if (err) 152 goto out; 153 err = xdr_process_buf(body, body_offset, body->len - body_offset, 154 checksummer, &desc); 155 if (err) 156 goto out; 157 err = crypto_hash_final(&desc, cksum->data); 158 159 out: 160 crypto_free_hash(desc.tfm); 161 return err ? GSS_S_FAILURE : 0; 162 } 163 164 EXPORT_SYMBOL(make_checksum); 165 166 struct encryptor_desc { 167 u8 iv[8]; /* XXX hard-coded blocksize */ 168 struct blkcipher_desc desc; 169 int pos; 170 struct xdr_buf *outbuf; 171 struct page **pages; 172 struct scatterlist infrags[4]; 173 struct scatterlist outfrags[4]; 174 int fragno; 175 int fraglen; 176 }; 177 178 static int 179 encryptor(struct scatterlist *sg, void *data) 180 { 181 struct encryptor_desc *desc = data; 182 struct xdr_buf *outbuf = desc->outbuf; 183 struct page *in_page; 184 int thislen = desc->fraglen + sg->length; 185 int fraglen, ret; 186 int page_pos; 187 188 /* Worst case is 4 fragments: head, end of page 1, start 189 * of page 2, tail. Anything more is a bug. */ 190 BUG_ON(desc->fragno > 3); 191 desc->infrags[desc->fragno] = *sg; 192 desc->outfrags[desc->fragno] = *sg; 193 194 page_pos = desc->pos - outbuf->head[0].iov_len; 195 if (page_pos >= 0 && page_pos < outbuf->page_len) { 196 /* pages are not in place: */ 197 int i = (page_pos + outbuf->page_base) >> PAGE_CACHE_SHIFT; 198 in_page = desc->pages[i]; 199 } else { 200 in_page = sg->page; 201 } 202 desc->infrags[desc->fragno].page = in_page; 203 desc->fragno++; 204 desc->fraglen += sg->length; 205 desc->pos += sg->length; 206 207 fraglen = thislen & 7; /* XXX hardcoded blocksize */ 208 thislen -= fraglen; 209 210 if (thislen == 0) 211 return 0; 212 213 ret = crypto_blkcipher_encrypt_iv(&desc->desc, desc->outfrags, 214 desc->infrags, thislen); 215 if (ret) 216 return ret; 217 if (fraglen) { 218 desc->outfrags[0].page = sg->page; 219 desc->outfrags[0].offset = sg->offset + sg->length - fraglen; 220 desc->outfrags[0].length = fraglen; 221 desc->infrags[0] = desc->outfrags[0]; 222 desc->infrags[0].page = in_page; 223 desc->fragno = 1; 224 desc->fraglen = fraglen; 225 } else { 226 desc->fragno = 0; 227 desc->fraglen = 0; 228 } 229 return 0; 230 } 231 232 int 233 gss_encrypt_xdr_buf(struct crypto_blkcipher *tfm, struct xdr_buf *buf, 234 int offset, struct page **pages) 235 { 236 int ret; 237 struct encryptor_desc desc; 238 239 BUG_ON((buf->len - offset) % crypto_blkcipher_blocksize(tfm) != 0); 240 241 memset(desc.iv, 0, sizeof(desc.iv)); 242 desc.desc.tfm = tfm; 243 desc.desc.info = desc.iv; 244 desc.desc.flags = 0; 245 desc.pos = offset; 246 desc.outbuf = buf; 247 desc.pages = pages; 248 desc.fragno = 0; 249 desc.fraglen = 0; 250 251 ret = xdr_process_buf(buf, offset, buf->len - offset, encryptor, &desc); 252 return ret; 253 } 254 255 EXPORT_SYMBOL(gss_encrypt_xdr_buf); 256 257 struct decryptor_desc { 258 u8 iv[8]; /* XXX hard-coded blocksize */ 259 struct blkcipher_desc desc; 260 struct scatterlist frags[4]; 261 int fragno; 262 int fraglen; 263 }; 264 265 static int 266 decryptor(struct scatterlist *sg, void *data) 267 { 268 struct decryptor_desc *desc = data; 269 int thislen = desc->fraglen + sg->length; 270 int fraglen, ret; 271 272 /* Worst case is 4 fragments: head, end of page 1, start 273 * of page 2, tail. Anything more is a bug. */ 274 BUG_ON(desc->fragno > 3); 275 desc->frags[desc->fragno] = *sg; 276 desc->fragno++; 277 desc->fraglen += sg->length; 278 279 fraglen = thislen & 7; /* XXX hardcoded blocksize */ 280 thislen -= fraglen; 281 282 if (thislen == 0) 283 return 0; 284 285 ret = crypto_blkcipher_decrypt_iv(&desc->desc, desc->frags, 286 desc->frags, thislen); 287 if (ret) 288 return ret; 289 if (fraglen) { 290 desc->frags[0].page = sg->page; 291 desc->frags[0].offset = sg->offset + sg->length - fraglen; 292 desc->frags[0].length = fraglen; 293 desc->fragno = 1; 294 desc->fraglen = fraglen; 295 } else { 296 desc->fragno = 0; 297 desc->fraglen = 0; 298 } 299 return 0; 300 } 301 302 int 303 gss_decrypt_xdr_buf(struct crypto_blkcipher *tfm, struct xdr_buf *buf, 304 int offset) 305 { 306 struct decryptor_desc desc; 307 308 /* XXXJBF: */ 309 BUG_ON((buf->len - offset) % crypto_blkcipher_blocksize(tfm) != 0); 310 311 memset(desc.iv, 0, sizeof(desc.iv)); 312 desc.desc.tfm = tfm; 313 desc.desc.info = desc.iv; 314 desc.desc.flags = 0; 315 desc.fragno = 0; 316 desc.fraglen = 0; 317 return xdr_process_buf(buf, offset, buf->len - offset, decryptor, &desc); 318 } 319 320 EXPORT_SYMBOL(gss_decrypt_xdr_buf); 321