This source file includes following definitions.
- krb5_nfold
- krb5_derive_key
- mit_des_fixup_key_parity
- gss_krb5_des3_make_key
- gss_krb5_aes_make_key
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57 #include <crypto/skcipher.h>
58 #include <linux/err.h>
59 #include <linux/types.h>
60 #include <linux/sunrpc/gss_krb5.h>
61 #include <linux/sunrpc/xdr.h>
62 #include <linux/lcm.h>
63
64 #if IS_ENABLED(CONFIG_SUNRPC_DEBUG)
65 # define RPCDBG_FACILITY RPCDBG_AUTH
66 #endif
67
68
69
70
71
72
73 static void krb5_nfold(u32 inbits, const u8 *in,
74 u32 outbits, u8 *out)
75 {
76 unsigned long ulcm;
77 int byte, i, msbit;
78
79
80
81
82 inbits >>= 3;
83 outbits >>= 3;
84
85
86 ulcm = lcm(inbits, outbits);
87
88
89
90 memset(out, 0, outbits);
91 byte = 0;
92
93
94
95 for (i = ulcm-1; i >= 0; i--) {
96
97 msbit = (
98
99
100 ((inbits << 3) - 1)
101
102
103 + (((inbits << 3) + 13) * (i/inbits))
104
105
106 + ((inbits - (i % inbits)) << 3)
107 ) % (inbits << 3);
108
109
110 byte += (((in[((inbits - 1) - (msbit >> 3)) % inbits] << 8)|
111 (in[((inbits) - (msbit >> 3)) % inbits]))
112 >> ((msbit & 7) + 1)) & 0xff;
113
114
115 byte += out[i % outbits];
116 out[i % outbits] = byte & 0xff;
117
118
119 byte >>= 8;
120
121 }
122
123
124 if (byte) {
125 for (i = outbits - 1; i >= 0; i--) {
126
127 byte += out[i];
128 out[i] = byte & 0xff;
129
130
131 byte >>= 8;
132 }
133 }
134 }
135
136
137
138
139
140
141 u32 krb5_derive_key(const struct gss_krb5_enctype *gk5e,
142 const struct xdr_netobj *inkey,
143 struct xdr_netobj *outkey,
144 const struct xdr_netobj *in_constant,
145 gfp_t gfp_mask)
146 {
147 size_t blocksize, keybytes, keylength, n;
148 unsigned char *inblockdata, *outblockdata, *rawkey;
149 struct xdr_netobj inblock, outblock;
150 struct crypto_sync_skcipher *cipher;
151 u32 ret = EINVAL;
152
153 blocksize = gk5e->blocksize;
154 keybytes = gk5e->keybytes;
155 keylength = gk5e->keylength;
156
157 if ((inkey->len != keylength) || (outkey->len != keylength))
158 goto err_return;
159
160 cipher = crypto_alloc_sync_skcipher(gk5e->encrypt_name, 0, 0);
161 if (IS_ERR(cipher))
162 goto err_return;
163 if (crypto_sync_skcipher_setkey(cipher, inkey->data, inkey->len))
164 goto err_return;
165
166
167
168 ret = ENOMEM;
169 inblockdata = kmalloc(blocksize, gfp_mask);
170 if (inblockdata == NULL)
171 goto err_free_cipher;
172
173 outblockdata = kmalloc(blocksize, gfp_mask);
174 if (outblockdata == NULL)
175 goto err_free_in;
176
177 rawkey = kmalloc(keybytes, gfp_mask);
178 if (rawkey == NULL)
179 goto err_free_out;
180
181 inblock.data = (char *) inblockdata;
182 inblock.len = blocksize;
183
184 outblock.data = (char *) outblockdata;
185 outblock.len = blocksize;
186
187
188
189 if (in_constant->len == inblock.len) {
190 memcpy(inblock.data, in_constant->data, inblock.len);
191 } else {
192 krb5_nfold(in_constant->len * 8, in_constant->data,
193 inblock.len * 8, inblock.data);
194 }
195
196
197
198 n = 0;
199 while (n < keybytes) {
200 (*(gk5e->encrypt))(cipher, NULL, inblock.data,
201 outblock.data, inblock.len);
202
203 if ((keybytes - n) <= outblock.len) {
204 memcpy(rawkey + n, outblock.data, (keybytes - n));
205 break;
206 }
207
208 memcpy(rawkey + n, outblock.data, outblock.len);
209 memcpy(inblock.data, outblock.data, outblock.len);
210 n += outblock.len;
211 }
212
213
214
215 inblock.data = (char *) rawkey;
216 inblock.len = keybytes;
217
218 BUG_ON(gk5e->mk_key == NULL);
219 ret = (*(gk5e->mk_key))(gk5e, &inblock, outkey);
220 if (ret) {
221 dprintk("%s: got %d from mk_key function for '%s'\n",
222 __func__, ret, gk5e->encrypt_name);
223 goto err_free_raw;
224 }
225
226
227
228 ret = 0;
229
230 err_free_raw:
231 kzfree(rawkey);
232 err_free_out:
233 kzfree(outblockdata);
234 err_free_in:
235 kzfree(inblockdata);
236 err_free_cipher:
237 crypto_free_sync_skcipher(cipher);
238 err_return:
239 return ret;
240 }
241
242 #define smask(step) ((1<<step)-1)
243 #define pstep(x, step) (((x)&smask(step))^(((x)>>step)&smask(step)))
244 #define parity_char(x) pstep(pstep(pstep((x), 4), 2), 1)
245
246 static void mit_des_fixup_key_parity(u8 key[8])
247 {
248 int i;
249 for (i = 0; i < 8; i++) {
250 key[i] &= 0xfe;
251 key[i] |= 1^parity_char(key[i]);
252 }
253 }
254
255
256
257
258 u32 gss_krb5_des3_make_key(const struct gss_krb5_enctype *gk5e,
259 struct xdr_netobj *randombits,
260 struct xdr_netobj *key)
261 {
262 int i;
263 u32 ret = EINVAL;
264
265 if (key->len != 24) {
266 dprintk("%s: key->len is %d\n", __func__, key->len);
267 goto err_out;
268 }
269 if (randombits->len != 21) {
270 dprintk("%s: randombits->len is %d\n",
271 __func__, randombits->len);
272 goto err_out;
273 }
274
275
276
277
278 for (i = 0; i < 3; i++) {
279 memcpy(key->data + i*8, randombits->data + i*7, 7);
280 key->data[i*8+7] = (((key->data[i*8]&1)<<1) |
281 ((key->data[i*8+1]&1)<<2) |
282 ((key->data[i*8+2]&1)<<3) |
283 ((key->data[i*8+3]&1)<<4) |
284 ((key->data[i*8+4]&1)<<5) |
285 ((key->data[i*8+5]&1)<<6) |
286 ((key->data[i*8+6]&1)<<7));
287
288 mit_des_fixup_key_parity(key->data + i*8);
289 }
290 ret = 0;
291 err_out:
292 return ret;
293 }
294
295
296
297
298 u32 gss_krb5_aes_make_key(const struct gss_krb5_enctype *gk5e,
299 struct xdr_netobj *randombits,
300 struct xdr_netobj *key)
301 {
302 u32 ret = EINVAL;
303
304 if (key->len != 16 && key->len != 32) {
305 dprintk("%s: key->len is %d\n", __func__, key->len);
306 goto err_out;
307 }
308 if (randombits->len != 16 && randombits->len != 32) {
309 dprintk("%s: randombits->len is %d\n",
310 __func__, randombits->len);
311 goto err_out;
312 }
313 if (randombits->len != key->len) {
314 dprintk("%s: randombits->len is %d, key->len is %d\n",
315 __func__, randombits->len, key->len);
316 goto err_out;
317 }
318 memcpy(key->data, randombits->data, key->len);
319 ret = 0;
320 err_out:
321 return ret;
322 }