From: Ilya Dryomov <idryomov@gmail.com>
To: ceph-devel@vger.kernel.org
Subject: [PATCH 07/15] libceph: switch ceph_x_encrypt() to ceph_crypt()
Date: Mon, 12 Dec 2016 21:48:52 +0100 [thread overview]
Message-ID: <1481575740-1834-8-git-send-email-idryomov@gmail.com> (raw)
In-Reply-To: <1481575740-1834-1-git-send-email-idryomov@gmail.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
---
net/ceph/auth_x.c | 71 +++++++++++++++++++++++++++++--------------------------
1 file changed, 37 insertions(+), 34 deletions(-)
diff --git a/net/ceph/auth_x.c b/net/ceph/auth_x.c
index 78c1675b0df7..a13ce443073b 100644
--- a/net/ceph/auth_x.c
+++ b/net/ceph/auth_x.c
@@ -49,22 +49,24 @@ static int ceph_x_encrypt_buflen(int ilen)
return ceph_x_encrypt_offset() + ilen + 16;
}
-static int ceph_x_encrypt(struct ceph_crypto_key *secret,
- void *ibuf, int ilen, void *obuf, size_t olen)
+static int ceph_x_encrypt(struct ceph_crypto_key *secret, void *buf,
+ int buf_len, int plaintext_len)
{
- struct ceph_x_encrypt_header head = {
- .struct_v = 1,
- .magic = cpu_to_le64(CEPHX_ENC_MAGIC)
- };
- size_t len = olen - sizeof(u32);
+ struct ceph_x_encrypt_header *hdr = buf + sizeof(u32);
+ int ciphertext_len;
int ret;
- ret = ceph_encrypt2(secret, obuf + sizeof(u32), &len,
- &head, sizeof(head), ibuf, ilen);
+ hdr->struct_v = 1;
+ hdr->magic = cpu_to_le64(CEPHX_ENC_MAGIC);
+
+ ret = ceph_crypt(secret, true, buf + sizeof(u32), buf_len - sizeof(u32),
+ plaintext_len + sizeof(struct ceph_x_encrypt_header),
+ &ciphertext_len);
if (ret)
return ret;
- ceph_encode_32(&obuf, len);
- return len + sizeof(u32);
+
+ ceph_encode_32(&buf, ciphertext_len);
+ return sizeof(u32) + ciphertext_len;
}
static int ceph_x_decrypt(struct ceph_crypto_key *secret,
@@ -296,7 +298,7 @@ static int ceph_x_build_authorizer(struct ceph_auth_client *ac,
{
int maxlen;
struct ceph_x_authorize_a *msg_a;
- struct ceph_x_authorize_b msg_b;
+ struct ceph_x_authorize_b *msg_b;
void *p, *end;
int ret;
int ticket_blob_len =
@@ -311,7 +313,7 @@ static int ceph_x_build_authorizer(struct ceph_auth_client *ac,
goto out_au;
maxlen = sizeof(*msg_a) + ticket_blob_len +
- ceph_x_encrypt_buflen(sizeof(msg_b));
+ ceph_x_encrypt_buflen(sizeof(*msg_b));
dout(" need len %d\n", maxlen);
if (au->buf && au->buf->alloc_len < maxlen) {
ceph_buffer_put(au->buf);
@@ -345,11 +347,11 @@ static int ceph_x_build_authorizer(struct ceph_auth_client *ac,
p += ticket_blob_len;
end = au->buf->vec.iov_base + au->buf->vec.iov_len;
+ msg_b = p + ceph_x_encrypt_offset();
+ msg_b->struct_v = 1;
get_random_bytes(&au->nonce, sizeof(au->nonce));
- msg_b.struct_v = 1;
- msg_b.nonce = cpu_to_le64(au->nonce);
- ret = ceph_x_encrypt(&au->session_key, &msg_b, sizeof(msg_b),
- p, end - p);
+ msg_b->nonce = cpu_to_le64(au->nonce);
+ ret = ceph_x_encrypt(&au->session_key, p, end - p, sizeof(*msg_b));
if (ret < 0)
goto out_au;
@@ -455,8 +457,9 @@ static int ceph_x_build_request(struct ceph_auth_client *ac,
if (need & CEPH_ENTITY_TYPE_AUTH) {
struct ceph_x_authenticate *auth = (void *)(head + 1);
void *p = auth + 1;
- struct ceph_x_challenge_blob tmp;
- char tmp_enc[40];
+ void *enc_buf = xi->auth_authorizer.enc_buf;
+ struct ceph_x_challenge_blob *blob = enc_buf +
+ ceph_x_encrypt_offset();
u64 *u;
if (p > end)
@@ -467,16 +470,16 @@ static int ceph_x_build_request(struct ceph_auth_client *ac,
/* encrypt and hash */
get_random_bytes(&auth->client_challenge, sizeof(u64));
- tmp.client_challenge = auth->client_challenge;
- tmp.server_challenge = cpu_to_le64(xi->server_challenge);
- ret = ceph_x_encrypt(&xi->secret, &tmp, sizeof(tmp),
- tmp_enc, sizeof(tmp_enc));
+ blob->client_challenge = auth->client_challenge;
+ blob->server_challenge = cpu_to_le64(xi->server_challenge);
+ ret = ceph_x_encrypt(&xi->secret, enc_buf, CEPHX_AU_ENC_BUF_LEN,
+ sizeof(*blob));
if (ret < 0)
return ret;
auth->struct_v = 1;
auth->key = 0;
- for (u = (u64 *)tmp_enc; u + 1 <= (u64 *)(tmp_enc + ret); u++)
+ for (u = (u64 *)enc_buf; u + 1 <= (u64 *)(enc_buf + ret); u++)
auth->key ^= *(__le64 *)u;
dout(" server_challenge %llx client_challenge %llx key %llx\n",
xi->server_challenge, le64_to_cpu(auth->client_challenge),
@@ -710,27 +713,27 @@ static void ceph_x_invalidate_authorizer(struct ceph_auth_client *ac,
static int calc_signature(struct ceph_x_authorizer *au, struct ceph_msg *msg,
__le64 *psig)
{
- char tmp_enc[40];
+ void *enc_buf = au->enc_buf;
struct {
__le32 len;
__le32 header_crc;
__le32 front_crc;
__le32 middle_crc;
__le32 data_crc;
- } __packed sigblock;
+ } __packed *sigblock = enc_buf + ceph_x_encrypt_offset();
int ret;
- sigblock.len = cpu_to_le32(4*sizeof(u32));
- sigblock.header_crc = msg->hdr.crc;
- sigblock.front_crc = msg->footer.front_crc;
- sigblock.middle_crc = msg->footer.middle_crc;
- sigblock.data_crc = msg->footer.data_crc;
- ret = ceph_x_encrypt(&au->session_key, &sigblock, sizeof(sigblock),
- tmp_enc, sizeof(tmp_enc));
+ sigblock->len = cpu_to_le32(4*sizeof(u32));
+ sigblock->header_crc = msg->hdr.crc;
+ sigblock->front_crc = msg->footer.front_crc;
+ sigblock->middle_crc = msg->footer.middle_crc;
+ sigblock->data_crc = msg->footer.data_crc;
+ ret = ceph_x_encrypt(&au->session_key, enc_buf, CEPHX_AU_ENC_BUF_LEN,
+ sizeof(*sigblock));
if (ret < 0)
return ret;
- *psig = *(__le64 *)(tmp_enc + sizeof(u32));
+ *psig = *(__le64 *)(enc_buf + sizeof(u32));
return 0;
}
--
2.4.3
next prev parent reply other threads:[~2016-12-12 20:50 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-12-12 20:48 [PATCH 00/15] wip-crypto Ilya Dryomov
2016-12-12 20:48 ` [PATCH 01/15] libceph: ceph_x_encrypt_buflen() takes in_len Ilya Dryomov
2016-12-12 20:48 ` [PATCH 02/15] libceph: old_key in process_one_ticket() is redundant Ilya Dryomov
2016-12-12 20:48 ` [PATCH 03/15] libceph: introduce ceph_x_encrypt_offset() Ilya Dryomov
2016-12-12 20:48 ` [PATCH 04/15] libceph: introduce ceph_crypt() for in-place en/decryption Ilya Dryomov
2016-12-12 21:11 ` Sage Weil
2016-12-12 21:15 ` Ilya Dryomov
2016-12-12 20:48 ` [PATCH 05/15] libceph: rename and align ceph_x_authorizer::reply_buf Ilya Dryomov
2016-12-12 20:48 ` [PATCH 06/15] libceph: tweak calcu_signature() a little Ilya Dryomov
2016-12-12 20:48 ` Ilya Dryomov [this message]
2016-12-12 20:48 ` [PATCH 08/15] libceph: switch ceph_x_decrypt() to ceph_crypt() Ilya Dryomov
2016-12-12 20:48 ` [PATCH 09/15] libceph: remove now unused ceph_*{en,de}crypt*() functions Ilya Dryomov
2016-12-12 20:48 ` [PATCH 10/15] libceph: uninline ceph_crypto_key_destroy() Ilya Dryomov
2016-12-12 20:48 ` [PATCH 11/15] libceph: stop allocating a new cipher on every crypto request Ilya Dryomov
2016-12-12 20:48 ` [PATCH 12/15] libceph: no need for GFP_NOFS in ceph_monc_init() Ilya Dryomov
2016-12-12 20:48 ` [PATCH 13/15] libceph: verify authorize reply on connect Ilya Dryomov
2016-12-12 20:48 ` [PATCH 14/15] libceph: drop len argument of *verify_authorizer_reply() Ilya Dryomov
2016-12-12 20:49 ` [PATCH 15/15] libceph: no need to drop con->mutex for ->get_authorizer() Ilya Dryomov
2016-12-12 22:04 ` [PATCH 00/15] wip-crypto Sage Weil
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1481575740-1834-8-git-send-email-idryomov@gmail.com \
--to=idryomov@gmail.com \
--cc=ceph-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.