@@ -49,22 +49,24 @@ static int ceph_x_encrypt_buflen(int ilen)
4949 return ceph_x_encrypt_offset () + ilen + 16 ;
5050}
5151
52- static int ceph_x_encrypt (struct ceph_crypto_key * secret ,
53- void * ibuf , int ilen , void * obuf , size_t olen )
52+ static int ceph_x_encrypt (struct ceph_crypto_key * secret , void * buf ,
53+ int buf_len , int plaintext_len )
5454{
55- struct ceph_x_encrypt_header head = {
56- .struct_v = 1 ,
57- .magic = cpu_to_le64 (CEPHX_ENC_MAGIC )
58- };
59- size_t len = olen - sizeof (u32 );
55+ struct ceph_x_encrypt_header * hdr = buf + sizeof (u32 );
56+ int ciphertext_len ;
6057 int ret ;
6158
62- ret = ceph_encrypt2 (secret , obuf + sizeof (u32 ), & len ,
63- & head , sizeof (head ), ibuf , ilen );
59+ hdr -> struct_v = 1 ;
60+ hdr -> magic = cpu_to_le64 (CEPHX_ENC_MAGIC );
61+
62+ ret = ceph_crypt (secret , true, buf + sizeof (u32 ), buf_len - sizeof (u32 ),
63+ plaintext_len + sizeof (struct ceph_x_encrypt_header ),
64+ & ciphertext_len );
6465 if (ret )
6566 return ret ;
66- ceph_encode_32 (& obuf , len );
67- return len + sizeof (u32 );
67+
68+ ceph_encode_32 (& buf , ciphertext_len );
69+ return sizeof (u32 ) + ciphertext_len ;
6870}
6971
7072static int ceph_x_decrypt (struct ceph_crypto_key * secret ,
@@ -296,7 +298,7 @@ static int ceph_x_build_authorizer(struct ceph_auth_client *ac,
296298{
297299 int maxlen ;
298300 struct ceph_x_authorize_a * msg_a ;
299- struct ceph_x_authorize_b msg_b ;
301+ struct ceph_x_authorize_b * msg_b ;
300302 void * p , * end ;
301303 int ret ;
302304 int ticket_blob_len =
@@ -311,7 +313,7 @@ static int ceph_x_build_authorizer(struct ceph_auth_client *ac,
311313 goto out_au ;
312314
313315 maxlen = sizeof (* msg_a ) + ticket_blob_len +
314- ceph_x_encrypt_buflen (sizeof (msg_b ));
316+ ceph_x_encrypt_buflen (sizeof (* msg_b ));
315317 dout (" need len %d\n" , maxlen );
316318 if (au -> buf && au -> buf -> alloc_len < maxlen ) {
317319 ceph_buffer_put (au -> buf );
@@ -345,11 +347,11 @@ static int ceph_x_build_authorizer(struct ceph_auth_client *ac,
345347 p += ticket_blob_len ;
346348 end = au -> buf -> vec .iov_base + au -> buf -> vec .iov_len ;
347349
350+ msg_b = p + ceph_x_encrypt_offset ();
351+ msg_b -> struct_v = 1 ;
348352 get_random_bytes (& au -> nonce , sizeof (au -> nonce ));
349- msg_b .struct_v = 1 ;
350- msg_b .nonce = cpu_to_le64 (au -> nonce );
351- ret = ceph_x_encrypt (& au -> session_key , & msg_b , sizeof (msg_b ),
352- p , end - p );
353+ msg_b -> nonce = cpu_to_le64 (au -> nonce );
354+ ret = ceph_x_encrypt (& au -> session_key , p , end - p , sizeof (* msg_b ));
353355 if (ret < 0 )
354356 goto out_au ;
355357
@@ -455,8 +457,9 @@ static int ceph_x_build_request(struct ceph_auth_client *ac,
455457 if (need & CEPH_ENTITY_TYPE_AUTH ) {
456458 struct ceph_x_authenticate * auth = (void * )(head + 1 );
457459 void * p = auth + 1 ;
458- struct ceph_x_challenge_blob tmp ;
459- char tmp_enc [40 ];
460+ void * enc_buf = xi -> auth_authorizer .enc_buf ;
461+ struct ceph_x_challenge_blob * blob = enc_buf +
462+ ceph_x_encrypt_offset ();
460463 u64 * u ;
461464
462465 if (p > end )
@@ -467,16 +470,16 @@ static int ceph_x_build_request(struct ceph_auth_client *ac,
467470
468471 /* encrypt and hash */
469472 get_random_bytes (& auth -> client_challenge , sizeof (u64 ));
470- tmp . client_challenge = auth -> client_challenge ;
471- tmp . server_challenge = cpu_to_le64 (xi -> server_challenge );
472- ret = ceph_x_encrypt (& xi -> secret , & tmp , sizeof ( tmp ) ,
473- tmp_enc , sizeof (tmp_enc ));
473+ blob -> client_challenge = auth -> client_challenge ;
474+ blob -> server_challenge = cpu_to_le64 (xi -> server_challenge );
475+ ret = ceph_x_encrypt (& xi -> secret , enc_buf , CEPHX_AU_ENC_BUF_LEN ,
476+ sizeof (* blob ));
474477 if (ret < 0 )
475478 return ret ;
476479
477480 auth -> struct_v = 1 ;
478481 auth -> key = 0 ;
479- for (u = (u64 * )tmp_enc ; u + 1 <= (u64 * )(tmp_enc + ret ); u ++ )
482+ for (u = (u64 * )enc_buf ; u + 1 <= (u64 * )(enc_buf + ret ); u ++ )
480483 auth -> key ^= * (__le64 * )u ;
481484 dout (" server_challenge %llx client_challenge %llx key %llx\n" ,
482485 xi -> server_challenge , le64_to_cpu (auth -> client_challenge ),
@@ -710,27 +713,27 @@ static void ceph_x_invalidate_authorizer(struct ceph_auth_client *ac,
710713static int calc_signature (struct ceph_x_authorizer * au , struct ceph_msg * msg ,
711714 __le64 * psig )
712715{
713- char tmp_enc [ 40 ] ;
716+ void * enc_buf = au -> enc_buf ;
714717 struct {
715718 __le32 len ;
716719 __le32 header_crc ;
717720 __le32 front_crc ;
718721 __le32 middle_crc ;
719722 __le32 data_crc ;
720- } __packed sigblock ;
723+ } __packed * sigblock = enc_buf + ceph_x_encrypt_offset () ;
721724 int ret ;
722725
723- sigblock . len = cpu_to_le32 (4 * sizeof (u32 ));
724- sigblock . header_crc = msg -> hdr .crc ;
725- sigblock . front_crc = msg -> footer .front_crc ;
726- sigblock . middle_crc = msg -> footer .middle_crc ;
727- sigblock . data_crc = msg -> footer .data_crc ;
728- ret = ceph_x_encrypt (& au -> session_key , & sigblock , sizeof ( sigblock ) ,
729- tmp_enc , sizeof (tmp_enc ));
726+ sigblock -> len = cpu_to_le32 (4 * sizeof (u32 ));
727+ sigblock -> header_crc = msg -> hdr .crc ;
728+ sigblock -> front_crc = msg -> footer .front_crc ;
729+ sigblock -> middle_crc = msg -> footer .middle_crc ;
730+ sigblock -> data_crc = msg -> footer .data_crc ;
731+ ret = ceph_x_encrypt (& au -> session_key , enc_buf , CEPHX_AU_ENC_BUF_LEN ,
732+ sizeof (* sigblock ));
730733 if (ret < 0 )
731734 return ret ;
732735
733- * psig = * (__le64 * )(tmp_enc + sizeof (u32 ));
736+ * psig = * (__le64 * )(enc_buf + sizeof (u32 ));
734737 return 0 ;
735738}
736739
0 commit comments