xref: /net/ceph/auth_x.c

62 	int ret;  in ceph_x_encrypt()  local
67 	ret = ceph_crypt(secret, true, buf + sizeof(u32), buf_len - sizeof(u32),  in ceph_x_encrypt()
70 	if (ret)  in ceph_x_encrypt()
71 		return ret;  in ceph_x_encrypt()
82 	int ret;  in __ceph_x_decrypt()  local
84 	ret = ceph_crypt(secret, false, p, ciphertext_len, ciphertext_len,  in __ceph_x_decrypt()
86 	if (ret)  in __ceph_x_decrypt()
87 		return ret;  in __ceph_x_decrypt()
100 	int ret;  in ceph_x_decrypt()  local
105 	ret = __ceph_x_decrypt(secret, *p, ciphertext_len);  in ceph_x_decrypt()
106 	if (ret < 0)  in ceph_x_decrypt()
107 		return ret;  in ceph_x_decrypt()
110 	return ret;  in ceph_x_decrypt()
178 	int ret;  in process_one_ticket()  local
191 		ret = PTR_ERR(th);  in process_one_ticket()
197 	ret = ceph_x_decrypt(secret, p, end);  in process_one_ticket()
198 	if (ret < 0)  in process_one_ticket()
200 	dout(" decrypted %d bytes\n", ret);  in process_one_ticket()
201 	dend = dp + ret;  in process_one_ticket()
207 	ret = ceph_crypto_key_decode(&new_session_key, &dp, dend);  in process_one_ticket()
208 	if (ret)  in process_one_ticket()
224 		ret = ceph_x_decrypt(&th->session_key, p, end);  in process_one_ticket()
225 		if (ret < 0)  in process_one_ticket()
227 		dout(" encrypted ticket, decrypted %d bytes\n", ret);  in process_one_ticket()
229 		tpend = tp + ret;  in process_one_ticket()
243 	ret = ceph_decode_buffer(&new_ticket_blob, ptp, tpend);  in process_one_ticket()
244 	if (ret)  in process_one_ticket()
264 	ret = -EINVAL;  in process_one_ticket()
267 	return ret;  in process_one_ticket()
276 	int ret;  in ceph_x_proc_ticket_reply()  local
286 		ret = process_one_ticket(ac, secret, p, end);  in ceph_x_proc_ticket_reply()
287 		if (ret)  in ceph_x_proc_ticket_reply()
288 			return ret;  in ceph_x_proc_ticket_reply()
308 	int ret;  in encrypt_authorizer()  local
327 	ret = ceph_x_encrypt(&au->session_key, p, end - p, sizeof(*msg_b));  in encrypt_authorizer()
328 	if (ret < 0)  in encrypt_authorizer()
329 		return ret;  in encrypt_authorizer()
331 	p += ret;  in encrypt_authorizer()
358 	int ret;  in ceph_x_build_authorizer()  local
366 	ret = ceph_crypto_key_clone(&au->session_key, &th->session_key);  in ceph_x_build_authorizer()
367 	if (ret)  in ceph_x_build_authorizer()
380 			ret = -ENOMEM;  in ceph_x_build_authorizer()
403 	ret = encrypt_authorizer(au, NULL);  in ceph_x_build_authorizer()
404 	if (ret) {  in ceph_x_build_authorizer()
405 		pr_err("failed to encrypt authorizer: %d", ret);  in ceph_x_build_authorizer()
415 	return ret;  in ceph_x_build_authorizer()
495 	int ret;  in ceph_x_build_request()  local
524 		ret = ceph_x_encrypt(&xi->secret, enc_buf, CEPHX_AU_ENC_BUF_LEN,  in ceph_x_build_request()
526 		if (ret < 0)  in ceph_x_build_request()
527 			return ret;  in ceph_x_build_request()
531 		for (u = (u64 *)enc_buf; u + 1 <= (u64 *)(enc_buf + ret); u++)  in ceph_x_build_request()
538 		ret = ceph_x_encode_ticket(th, &p, end);  in ceph_x_build_request()
539 		if (ret < 0)  in ceph_x_build_request()
540 			return ret;  in ceph_x_build_request()
551 		ret = ceph_x_build_authorizer(ac, th, &xi->auth_authorizer);  in ceph_x_build_request()
552 		if (ret)  in ceph_x_build_request()
553 			return ret;  in ceph_x_build_request()
609 	int ret;  in handle_auth_session_key()  local
612 	ret = ceph_x_proc_ticket_reply(ac, &xi->secret, p, end);  in handle_auth_session_key()
613 	if (ret)  in handle_auth_session_key()
614 		return ret;  in handle_auth_session_key()
637 		ret = ceph_x_decrypt(&th->session_key, p, *p + len);  in handle_auth_session_key()
638 		if (ret < 0)  in handle_auth_session_key()
639 			return ret;  in handle_auth_session_key()
641 		dout("%s decrypted %d bytes\n", __func__, ret);  in handle_auth_session_key()
642 		dend = dp + ret;  in handle_auth_session_key()
644 		ret = decode_con_secret(&dp, dend, con_secret, con_secret_len);  in handle_auth_session_key()
645 		if (ret)  in handle_auth_session_key()
646 			return ret;  in handle_auth_session_key()
653 		ret = ceph_x_proc_ticket_reply(ac, &th->session_key,  in handle_auth_session_key()
655 		if (ret)  in handle_auth_session_key()
656 			return ret;  in handle_auth_session_key()
676 	int ret;  in ceph_x_handle_reply()  local
699 		ret = handle_auth_session_key(ac, global_id, &p, end,  in ceph_x_handle_reply()
710 		ret = ceph_x_proc_ticket_reply(ac, &th->session_key, &p, end);  in ceph_x_handle_reply()
716 	if (ret)  in ceph_x_handle_reply()
717 		return ret;  in ceph_x_handle_reply()
740 	int ret;  in ceph_x_create_authorizer()  local
752 	ret = ceph_x_build_authorizer(ac, th, au);  in ceph_x_create_authorizer()
753 	if (ret) {  in ceph_x_create_authorizer()
755 		return ret;  in ceph_x_create_authorizer()
797 	int ret;  in decrypt_authorizer_challenge()  local
800 	ret = __ceph_x_decrypt(secret, challenge, challenge_len);  in decrypt_authorizer_challenge()
801 	if (ret < 0)  in decrypt_authorizer_challenge()
802 		return ret;  in decrypt_authorizer_challenge()
804 	dout("%s decrypted %d bytes\n", __func__, ret);  in decrypt_authorizer_challenge()
806 	dend = dp + ret;  in decrypt_authorizer_challenge()
823 	int ret;  in ceph_x_add_authorizer_challenge()  local
825 	ret = decrypt_authorizer_challenge(&au->session_key, challenge,  in ceph_x_add_authorizer_challenge()
827 	if (ret) {  in ceph_x_add_authorizer_challenge()
828 		pr_err("failed to decrypt authorize challenge: %d", ret);  in ceph_x_add_authorizer_challenge()
829 		return ret;  in ceph_x_add_authorizer_challenge()
832 	ret = encrypt_authorizer(au, &server_challenge);  in ceph_x_add_authorizer_challenge()
833 	if (ret) {  in ceph_x_add_authorizer_challenge()
834 		pr_err("failed to encrypt authorizer w/ challenge: %d", ret);  in ceph_x_add_authorizer_challenge()
835 		return ret;  in ceph_x_add_authorizer_challenge()
850 	int ret;  in decrypt_authorizer_reply()  local
853 	ret = ceph_x_decrypt(secret, p, end);  in decrypt_authorizer_reply()
854 	if (ret < 0)  in decrypt_authorizer_reply()
855 		return ret;  in decrypt_authorizer_reply()
857 	dout("%s decrypted %d bytes\n", __func__, ret);  in decrypt_authorizer_reply()
858 	dend = dp + ret;  in decrypt_authorizer_reply()
864 		ret = decode_con_secret(&dp, dend, con_secret, con_secret_len);  in decrypt_authorizer_reply()
865 		if (ret)  in decrypt_authorizer_reply()
866 			return ret;  in decrypt_authorizer_reply()
883 	int ret;  in ceph_x_verify_authorizer_reply()  local
890 	ret = decrypt_authorizer_reply(&au->session_key, &reply,  in ceph_x_verify_authorizer_reply()
893 	if (ret)  in ceph_x_verify_authorizer_reply()
894 		return ret;  in ceph_x_verify_authorizer_reply()
966 	int ret;  in calc_signature()  local
983 		ret = ceph_x_encrypt(&au->session_key, enc_buf,  in calc_signature()
985 		if (ret < 0)  in calc_signature()
986 			return ret;  in calc_signature()
1015 		ret = ceph_crypt(&au->session_key, true, enc_buf,  in calc_signature()
1018 		if (ret)  in calc_signature()
1019 			return ret;  in calc_signature()
1031 	int ret;  in ceph_x_sign_message()  local
1036 	ret = calc_signature((struct ceph_x_authorizer *)auth->authorizer,  in ceph_x_sign_message()
1038 	if (ret)  in ceph_x_sign_message()
1039 		return ret;  in ceph_x_sign_message()
1050 	int ret;  in ceph_x_check_message_signature()  local
1055 	ret = calc_signature((struct ceph_x_authorizer *)auth->authorizer,  in ceph_x_check_message_signature()
1057 	if (ret)  in ceph_x_check_message_signature()
1058 		return ret;  in ceph_x_check_message_signature()
1090 	int ret;  in ceph_x_init()  local
1093 	ret = -ENOMEM;  in ceph_x_init()
1098 	ret = -EINVAL;  in ceph_x_init()
1104 	ret = ceph_crypto_key_clone(&xi->secret, ac->key);  in ceph_x_init()
1105 	if (ret < 0) {  in ceph_x_init()
1106 		pr_err("cannot clone key: %d\n", ret);  in ceph_x_init()
1121 	return ret;  in ceph_x_init()

Last Index update Fri Aug 22 10:33:58 CST 2025