| rxkad.c (75bf465f0bc33e9b776a46d6a1b9b990f5fb7c37) | rxkad.c (d0d5c0cd1e711c98703f3544c1e6fc1372898de5) |
|---|---|
| 1// SPDX-License-Identifier: GPL-2.0-or-later 2/* Kerberos-based RxRPC security 3 * 4 * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved. 5 * Written by David Howells (dhowells@redhat.com) 6 */ 7 8#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt --- 173 unchanged lines hidden (view full) --- 182 void *sechdr, 183 struct skcipher_request *req) 184{ 185 const struct rxrpc_key_token *token; 186 struct rxkad_level2_hdr rxkhdr; 187 struct rxrpc_skb_priv *sp; 188 struct rxrpc_crypt iv; 189 struct scatterlist sg[16]; | 1// SPDX-License-Identifier: GPL-2.0-or-later 2/* Kerberos-based RxRPC security 3 * 4 * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved. 5 * Written by David Howells (dhowells@redhat.com) 6 */ 7 8#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt --- 173 unchanged lines hidden (view full) --- 182 void *sechdr, 183 struct skcipher_request *req) 184{ 185 const struct rxrpc_key_token *token; 186 struct rxkad_level2_hdr rxkhdr; 187 struct rxrpc_skb_priv *sp; 188 struct rxrpc_crypt iv; 189 struct scatterlist sg[16]; |
| 190 struct sk_buff *trailer; | |
| 191 unsigned int len; 192 u16 check; | 190 unsigned int len; 191 u16 check; |
| 193 int nsg; | |
| 194 int err; 195 196 sp = rxrpc_skb(skb); 197 198 _enter(""); 199 200 check = sp->hdr.seq ^ call->call_id; 201 --- 7 unchanged lines hidden (view full) --- 209 210 sg_init_one(&sg[0], sechdr, sizeof(rxkhdr)); 211 skcipher_request_set_sync_tfm(req, call->conn->cipher); 212 skcipher_request_set_callback(req, 0, NULL, NULL); 213 skcipher_request_set_crypt(req, &sg[0], &sg[0], sizeof(rxkhdr), iv.x); 214 crypto_skcipher_encrypt(req); 215 216 /* we want to encrypt the skbuff in-place */ | 192 int err; 193 194 sp = rxrpc_skb(skb); 195 196 _enter(""); 197 198 check = sp->hdr.seq ^ call->call_id; 199 --- 7 unchanged lines hidden (view full) --- 207 208 sg_init_one(&sg[0], sechdr, sizeof(rxkhdr)); 209 skcipher_request_set_sync_tfm(req, call->conn->cipher); 210 skcipher_request_set_callback(req, 0, NULL, NULL); 211 skcipher_request_set_crypt(req, &sg[0], &sg[0], sizeof(rxkhdr), iv.x); 212 crypto_skcipher_encrypt(req); 213 214 /* we want to encrypt the skbuff in-place */ |
| 217 nsg = skb_cow_data(skb, 0, &trailer); 218 err = -ENOMEM; 219 if (nsg < 0 || nsg > 16) | 215 err = -EMSGSIZE; 216 if (skb_shinfo(skb)->nr_frags > 16) |
| 220 goto out; 221 222 len = data_size + call->conn->size_align - 1; 223 len &= ~(call->conn->size_align - 1); 224 | 217 goto out; 218 219 len = data_size + call->conn->size_align - 1; 220 len &= ~(call->conn->size_align - 1); 221 |
| 225 sg_init_table(sg, nsg); | 222 sg_init_table(sg, ARRAY_SIZE(sg)); |
| 226 err = skb_to_sgvec(skb, sg, 0, len); 227 if (unlikely(err < 0)) 228 goto out; 229 skcipher_request_set_crypt(req, sg, sg, len, iv.x); 230 crypto_skcipher_encrypt(req); 231 232 _leave(" = 0"); 233 err = 0; --- 80 unchanged lines hidden (view full) --- 314static int rxkad_verify_packet_1(struct rxrpc_call *call, struct sk_buff *skb, 315 unsigned int offset, unsigned int len, 316 rxrpc_seq_t seq, 317 struct skcipher_request *req) 318{ 319 struct rxkad_level1_hdr sechdr; 320 struct rxrpc_crypt iv; 321 struct scatterlist sg[16]; | 223 err = skb_to_sgvec(skb, sg, 0, len); 224 if (unlikely(err < 0)) 225 goto out; 226 skcipher_request_set_crypt(req, sg, sg, len, iv.x); 227 crypto_skcipher_encrypt(req); 228 229 _leave(" = 0"); 230 err = 0; --- 80 unchanged lines hidden (view full) --- 311static int rxkad_verify_packet_1(struct rxrpc_call *call, struct sk_buff *skb, 312 unsigned int offset, unsigned int len, 313 rxrpc_seq_t seq, 314 struct skcipher_request *req) 315{ 316 struct rxkad_level1_hdr sechdr; 317 struct rxrpc_crypt iv; 318 struct scatterlist sg[16]; |
| 322 struct sk_buff *trailer; | |
| 323 bool aborted; 324 u32 data_size, buf; 325 u16 check; | 319 bool aborted; 320 u32 data_size, buf; 321 u16 check; |
| 326 int nsg, ret; | 322 int ret; |
| 327 328 _enter(""); 329 330 if (len < 8) { 331 aborted = rxrpc_abort_eproto(call, skb, "rxkad_1_hdr", "V1H", 332 RXKADSEALEDINCON); 333 goto protocol_error; 334 } 335 336 /* Decrypt the skbuff in-place. TODO: We really want to decrypt 337 * directly into the target buffer. 338 */ | 323 324 _enter(""); 325 326 if (len < 8) { 327 aborted = rxrpc_abort_eproto(call, skb, "rxkad_1_hdr", "V1H", 328 RXKADSEALEDINCON); 329 goto protocol_error; 330 } 331 332 /* Decrypt the skbuff in-place. TODO: We really want to decrypt 333 * directly into the target buffer. 334 */ |
| 339 nsg = skb_cow_data(skb, 0, &trailer); 340 if (nsg < 0 || nsg > 16) 341 goto nomem; 342 343 sg_init_table(sg, nsg); | 335 sg_init_table(sg, ARRAY_SIZE(sg)); |
| 344 ret = skb_to_sgvec(skb, sg, offset, 8); 345 if (unlikely(ret < 0)) 346 return ret; 347 348 /* start the decryption afresh */ 349 memset(&iv, 0, sizeof(iv)); 350 351 skcipher_request_set_sync_tfm(req, call->conn->cipher); --- 31 unchanged lines hidden (view full) --- 383 384 _leave(" = 0 [dlen=%x]", data_size); 385 return 0; 386 387protocol_error: 388 if (aborted) 389 rxrpc_send_abort_packet(call); 390 return -EPROTO; | 336 ret = skb_to_sgvec(skb, sg, offset, 8); 337 if (unlikely(ret < 0)) 338 return ret; 339 340 /* start the decryption afresh */ 341 memset(&iv, 0, sizeof(iv)); 342 343 skcipher_request_set_sync_tfm(req, call->conn->cipher); --- 31 unchanged lines hidden (view full) --- 375 376 _leave(" = 0 [dlen=%x]", data_size); 377 return 0; 378 379protocol_error: 380 if (aborted) 381 rxrpc_send_abort_packet(call); 382 return -EPROTO; |
| 391 392nomem: 393 _leave(" = -ENOMEM"); 394 return -ENOMEM; | |
| 395} 396 397/* 398 * wholly decrypt a packet (level 2 security) 399 */ 400static int rxkad_verify_packet_2(struct rxrpc_call *call, struct sk_buff *skb, 401 unsigned int offset, unsigned int len, 402 rxrpc_seq_t seq, 403 struct skcipher_request *req) 404{ 405 const struct rxrpc_key_token *token; 406 struct rxkad_level2_hdr sechdr; 407 struct rxrpc_crypt iv; 408 struct scatterlist _sg[4], *sg; | 383} 384 385/* 386 * wholly decrypt a packet (level 2 security) 387 */ 388static int rxkad_verify_packet_2(struct rxrpc_call *call, struct sk_buff *skb, 389 unsigned int offset, unsigned int len, 390 rxrpc_seq_t seq, 391 struct skcipher_request *req) 392{ 393 const struct rxrpc_key_token *token; 394 struct rxkad_level2_hdr sechdr; 395 struct rxrpc_crypt iv; 396 struct scatterlist _sg[4], *sg; |
| 409 struct sk_buff *trailer; | |
| 410 bool aborted; 411 u32 data_size, buf; 412 u16 check; 413 int nsg, ret; 414 415 _enter(",{%d}", skb->len); 416 417 if (len < 8) { 418 aborted = rxrpc_abort_eproto(call, skb, "rxkad_2_hdr", "V2H", 419 RXKADSEALEDINCON); 420 goto protocol_error; 421 } 422 423 /* Decrypt the skbuff in-place. TODO: We really want to decrypt 424 * directly into the target buffer. 425 */ | 397 bool aborted; 398 u32 data_size, buf; 399 u16 check; 400 int nsg, ret; 401 402 _enter(",{%d}", skb->len); 403 404 if (len < 8) { 405 aborted = rxrpc_abort_eproto(call, skb, "rxkad_2_hdr", "V2H", 406 RXKADSEALEDINCON); 407 goto protocol_error; 408 } 409 410 /* Decrypt the skbuff in-place. TODO: We really want to decrypt 411 * directly into the target buffer. 412 */ |
| 426 nsg = skb_cow_data(skb, 0, &trailer); 427 if (nsg < 0) 428 goto nomem; 429 | |
| 430 sg = _sg; | 413 sg = _sg; |
| 431 if (unlikely(nsg > 4)) { | 414 nsg = skb_shinfo(skb)->nr_frags; 415 if (nsg <= 4) { 416 nsg = 4; 417 } else { |
| 432 sg = kmalloc_array(nsg, sizeof(*sg), GFP_NOIO); 433 if (!sg) 434 goto nomem; 435 } 436 437 sg_init_table(sg, nsg); 438 ret = skb_to_sgvec(skb, sg, offset, len); 439 if (unlikely(ret < 0)) { --- 818 unchanged lines hidden --- | 418 sg = kmalloc_array(nsg, sizeof(*sg), GFP_NOIO); 419 if (!sg) 420 goto nomem; 421 } 422 423 sg_init_table(sg, nsg); 424 ret = skb_to_sgvec(skb, sg, offset, len); 425 if (unlikely(ret < 0)) { --- 818 unchanged lines hidden --- |