299 static int encrypt_authorizer(struct ceph_x_authorizer *au,  in encrypt_authorizer()  argument
307 	msg_a = au->buf->vec.iov_base;  in encrypt_authorizer()
308 	WARN_ON(msg_a->ticket_blob.secret_id != cpu_to_le64(au->secret_id));  in encrypt_authorizer()
310 	end = au->buf->vec.iov_base + au->buf->vec.iov_len;  in encrypt_authorizer()
314 	msg_b->nonce = cpu_to_le64(au->nonce);  in encrypt_authorizer()
324 	ret = ceph_x_encrypt(&au->session_key, p, end - p, sizeof(*msg_b));  in encrypt_authorizer()
333 		au->buf->vec.iov_len = p - au->buf->vec.iov_base;  in encrypt_authorizer()
339 static void ceph_x_authorizer_cleanup(struct ceph_x_authorizer *au)  in ceph_x_authorizer_cleanup()  argument
341 	ceph_crypto_key_destroy(&au->session_key);  in ceph_x_authorizer_cleanup()
342 	if (au->buf) {  in ceph_x_authorizer_cleanup()
343 		ceph_buffer_put(au->buf);  in ceph_x_authorizer_cleanup()
344 		au->buf = NULL;  in ceph_x_authorizer_cleanup()
350 				   struct ceph_x_authorizer *au)  in ceph_x_build_authorizer()  argument
360 	     ceph_entity_type_name(th->service), au);  in ceph_x_build_authorizer()
362 	ceph_crypto_key_destroy(&au->session_key);  in ceph_x_build_authorizer()
363 	ret = ceph_crypto_key_clone(&au->session_key, &th->session_key);  in ceph_x_build_authorizer()
370 	if (au->buf && au->buf->alloc_len < maxlen) {  in ceph_x_build_authorizer()
371 		ceph_buffer_put(au->buf);  in ceph_x_build_authorizer()
372 		au->buf = NULL;  in ceph_x_build_authorizer()
374 	if (!au->buf) {  in ceph_x_build_authorizer()
375 		au->buf = ceph_buffer_new(maxlen, GFP_NOFS);  in ceph_x_build_authorizer()
376 		if (!au->buf) {  in ceph_x_build_authorizer()
381 	au->service = th->service;  in ceph_x_build_authorizer()
382 	au->secret_id = th->secret_id;  in ceph_x_build_authorizer()
384 	msg_a = au->buf->vec.iov_base;  in ceph_x_build_authorizer()
398 	get_random_bytes(&au->nonce, sizeof(au->nonce));  in ceph_x_build_authorizer()
399 	ret = encrypt_authorizer(au, NULL);  in ceph_x_build_authorizer()
405 	dout(" built authorizer nonce %llx len %d\n", au->nonce,  in ceph_x_build_authorizer()
406 	     (int)au->buf->vec.iov_len);  in ceph_x_build_authorizer()
410 	ceph_x_authorizer_cleanup(au);  in ceph_x_build_authorizer()
620 	struct ceph_x_authorizer *au = (void *)a;  in ceph_x_destroy_authorizer()  local
622 	ceph_x_authorizer_cleanup(au);  in ceph_x_destroy_authorizer()
623 	kfree(au);  in ceph_x_destroy_authorizer()
630 	struct ceph_x_authorizer *au;  in ceph_x_create_authorizer()  local
638 	au = kzalloc(sizeof(*au), GFP_NOFS);  in ceph_x_create_authorizer()
639 	if (!au)  in ceph_x_create_authorizer()
642 	au->base.destroy = ceph_x_destroy_authorizer;  in ceph_x_create_authorizer()
644 	ret = ceph_x_build_authorizer(ac, th, au);  in ceph_x_create_authorizer()
646 		kfree(au);  in ceph_x_create_authorizer()
650 	auth->authorizer = (struct ceph_authorizer *) au;  in ceph_x_create_authorizer()
651 	auth->authorizer_buf = au->buf->vec.iov_base;  in ceph_x_create_authorizer()
652 	auth->authorizer_buf_len = au->buf->vec.iov_len;  in ceph_x_create_authorizer()
653 	auth->authorizer_reply_buf = au->enc_buf;  in ceph_x_create_authorizer()
665 	struct ceph_x_authorizer *au;  in ceph_x_update_authorizer()  local
672 	au = (struct ceph_x_authorizer *)auth->authorizer;  in ceph_x_update_authorizer()
673 	if (au->secret_id < th->secret_id) {  in ceph_x_update_authorizer()
675 		     au->service, au->secret_id, th->secret_id);  in ceph_x_update_authorizer()
676 		return ceph_x_build_authorizer(ac, th, au);  in ceph_x_update_authorizer()
681 static int decrypt_authorize_challenge(struct ceph_x_authorizer *au,  in decrypt_authorize_challenge()  argument
691 	ret = __ceph_x_decrypt(&au->session_key, challenge_buf,  in decrypt_authorize_challenge()
709 	struct ceph_x_authorizer *au = (void *)a;  in ceph_x_add_authorizer_challenge()  local
713 	ret = decrypt_authorize_challenge(au, challenge_buf, challenge_buf_len,  in ceph_x_add_authorizer_challenge()
720 	ret = encrypt_authorizer(au, &server_challenge);  in ceph_x_add_authorizer_challenge()
732 	struct ceph_x_authorizer *au = (void *)a;  in ceph_x_verify_authorizer_reply()  local
733 	void *p = au->enc_buf;  in ceph_x_verify_authorizer_reply()
737 	ret = ceph_x_decrypt(&au->session_key, &p, p + CEPHX_AU_ENC_BUF_LEN);  in ceph_x_verify_authorizer_reply()
745 	if (au->nonce + 1 != le64_to_cpu(reply->nonce_plus_one))  in ceph_x_verify_authorizer_reply()
750 	     au->nonce, le64_to_cpu(reply->nonce_plus_one), ret);  in ceph_x_verify_authorizer_reply()
805 static int calc_signature(struct ceph_x_authorizer *au, struct ceph_msg *msg,  in calc_signature()  argument
808 	void *enc_buf = au->enc_buf;  in calc_signature()
826 		ret = ceph_x_encrypt(&au->session_key, enc_buf,  in calc_signature()
858 		ret = ceph_crypt(&au->session_key, true, enc_buf,  in calc_signature()