tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

libceph: factor out encrypt_authorizer()

Will be used for encrypting both the initial and updated authorizers.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Reviewed-by: Sage Weil <sage@redhat.com>

Ilya Dryomov 149cac4a c571fe24

+36 -13
+36 -13
net/ceph/auth_x.c
··· 290 290 return -EINVAL; 291 291 } 292 292 293 + /* 294 + * Encode and encrypt the second part (ceph_x_authorize_b) of the 295 + * authorizer. The first part (ceph_x_authorize_a) should already be 296 + * encoded. 297 + */ 298 + static int encrypt_authorizer(struct ceph_x_authorizer *au) 299 + { 300 + struct ceph_x_authorize_a *msg_a; 301 + struct ceph_x_authorize_b *msg_b; 302 + void *p, *end; 303 + int ret; 304 + 305 + msg_a = au->buf->vec.iov_base; 306 + WARN_ON(msg_a->ticket_blob.secret_id != cpu_to_le64(au->secret_id)); 307 + p = (void *)(msg_a + 1) + le32_to_cpu(msg_a->ticket_blob.blob_len); 308 + end = au->buf->vec.iov_base + au->buf->vec.iov_len; 309 + 310 + msg_b = p + ceph_x_encrypt_offset(); 311 + msg_b->struct_v = 1; 312 + msg_b->nonce = cpu_to_le64(au->nonce); 313 + 314 + ret = ceph_x_encrypt(&au->session_key, p, end - p, sizeof(*msg_b)); 315 + if (ret < 0) 316 + return ret; 317 + 318 + p += ret; 319 + WARN_ON(p > end); 320 + au->buf->vec.iov_len = p - au->buf->vec.iov_base; 321 + 322 + return 0; 323 + } 324 + 293 325 static void ceph_x_authorizer_cleanup(struct ceph_x_authorizer *au) 294 326 { 295 327 ceph_crypto_key_destroy(&au->session_key); ··· 338 306 int maxlen; 339 307 struct ceph_x_authorize_a *msg_a; 340 308 struct ceph_x_authorize_b *msg_b; 341 - void *p, *end; 342 309 int ret; 343 310 int ticket_blob_len = 344 311 (th->ticket_blob ? th->ticket_blob->vec.iov_len : 0); ··· 381 350 dout(" th %p secret_id %lld %lld\n", th, th->secret_id, 382 351 le64_to_cpu(msg_a->ticket_blob.secret_id)); 383 352 384 - p = msg_a + 1; 385 - p += ticket_blob_len; 386 - end = au->buf->vec.iov_base + au->buf->vec.iov_len; 387 - 388 - msg_b = p + ceph_x_encrypt_offset(); 389 - msg_b->struct_v = 1; 390 353 get_random_bytes(&au->nonce, sizeof(au->nonce)); 391 - msg_b->nonce = cpu_to_le64(au->nonce); 392 - ret = ceph_x_encrypt(&au->session_key, p, end - p, sizeof(*msg_b)); 393 - if (ret < 0) 354 + ret = encrypt_authorizer(au); 355 + if (ret) { 356 + pr_err("failed to encrypt authorizer: %d", ret); 394 357 goto out_au; 358 + } 395 359 396 - p += ret; 397 - WARN_ON(p > end); 398 - au->buf->vec.iov_len = p - au->buf->vec.iov_base; 399 360 dout(" built authorizer nonce %llx len %d\n", au->nonce, 400 361 (int)au->buf->vec.iov_len); 401 362 return 0;