Commit d50b8152 authored by Chuck Lever's avatar Chuck Lever
Browse files

SUNRPC: Remove ->encrypt and ->decrypt methods from struct gss_krb5_enctype 



Clean up: ->encrypt is set to only one value. Replace the two
remaining call sites with direct calls to krb5_encrypt().

There have never been any call sites for the ->decrypt() method.

Tested-by: default avatarScott Mayhew <smayhew@redhat.com>
Reviewed-by: default avatarSimo Sorce <simo@redhat.com>
Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
parent dfe9a123

include/linux/sunrpc/gss_krb5.h

+0 −14
Original line number Diff line number Diff line
@@ -69,12 +69,6 @@ struct gss_krb5_enctype { 
	const u32		keyed_cksum;	/* is it a keyed cksum? */

	const u32		keybytes;	/* raw key len, in bytes */

	const u32		keylength;	/* final key len, in bytes */

	u32 (*encrypt) (struct crypto_sync_skcipher *tfm,

			void *iv, void *in, void *out,

			int length);		/* encryption function */

	u32 (*decrypt) (struct crypto_sync_skcipher *tfm,

			void *iv, void *in, void *out,

			int length);		/* decryption function */

	int (*import_ctx)(struct krb5_ctx *ctx, gfp_t gfp_mask);

	u32 (*mk_key) (const struct gss_krb5_enctype *gk5e,

		       struct xdr_netobj *in,
@@ -243,14 +237,6 @@ make_checksum(struct krb5_ctx *kctx, char *header, int hdrlen, 
		struct xdr_buf *body, int body_offset, u8 *cksumkey,

		unsigned int usage, struct xdr_netobj *cksumout);



u32

krb5_encrypt(struct crypto_sync_skcipher *key,

	     void *iv, void *in, void *out, int length);



u32

krb5_decrypt(struct crypto_sync_skcipher *key,

	     void *iv, void *in, void *out, int length); 



int

gss_encrypt_xdr_buf(struct crypto_sync_skcipher *tfm, struct xdr_buf *outbuf,

		    int offset, struct page **pages);

net/sunrpc/auth_gss/gss_krb5_crypto.c

+34 −2
Original line number Diff line number Diff line
@@ -82,6 +82,22 @@ void krb5_make_confounder(u8 *p, int conflen) 
	get_random_bytes(p, conflen);

}



/**

 * krb5_encrypt - simple encryption of an RPCSEC GSS payload

 * @tfm: initialized cipher transform

 * @iv: pointer to an IV

 * @in: plaintext to encrypt

 * @out: OUT: ciphertext

 * @length: length of input and output buffers, in bytes

 *

 * @iv may be NULL to force the use of an all-zero IV.

 * The buffer containing the IV must be as large as the

 * cipher's ivsize.

 *

 * Return values:

 *   %0: @in successfully encrypted into @out

 *   negative errno: @in not encrypted

 */

u32

krb5_encrypt(

	struct crypto_sync_skcipher *tfm,
@@ -121,6 +137,22 @@ krb5_encrypt( 
	return ret;

}



/**

 * krb5_decrypt - simple decryption of an RPCSEC GSS payload

 * @tfm: initialized cipher transform

 * @iv: pointer to an IV

 * @in: ciphertext to decrypt

 * @out: OUT: plaintext

 * @length: length of input and output buffers, in bytes

 *

 * @iv may be NULL to force the use of an all-zero IV.

 * The buffer containing the IV must be as large as the

 * cipher's ivsize.

 *

 * Return values:

 *   %0: @in successfully decrypted into @out

 *   negative errno: @in not decrypted

 */

u32

krb5_decrypt(

     struct crypto_sync_skcipher *tfm,
@@ -234,7 +266,7 @@ make_checksum(struct krb5_ctx *kctx, char *header, int hdrlen, 


	switch (kctx->gk5e->ctype) {

	case CKSUMTYPE_RSA_MD5:

		err = kctx->gk5e->encrypt(kctx->seq, NULL, checksumdata,

		err = krb5_encrypt(kctx->seq, NULL, checksumdata,

				   checksumdata, checksumlen);

		if (err)

			goto out;

net/sunrpc/auth_gss/gss_krb5_internal.h

+6 −0
Original line number Diff line number Diff line
@@ -44,4 +44,10 @@ u32 gss_krb5_checksum(struct crypto_ahash *tfm, char *header, int hdrlen, 
		      const struct xdr_buf *body, int body_offset,

		      struct xdr_netobj *cksumout);



u32 krb5_encrypt(struct crypto_sync_skcipher *key, void *iv, void *in,

		 void *out, int length);



u32 krb5_decrypt(struct crypto_sync_skcipher *key, void *iv, void *in,

		 void *out, int length);



#endif /* _NET_SUNRPC_AUTH_GSS_KRB5_INTERNAL_H */

net/sunrpc/auth_gss/gss_krb5_keys.c

+4 −2
Original line number Diff line number Diff line
@@ -61,6 +61,8 @@ 
#include <linux/sunrpc/xdr.h>

#include <linux/lcm.h>



#include "gss_krb5_internal.h"



#if IS_ENABLED(CONFIG_SUNRPC_DEBUG)

# define RPCDBG_FACILITY        RPCDBG_AUTH

#endif
@@ -195,8 +197,8 @@ u32 krb5_derive_key(const struct gss_krb5_enctype *gk5e, 


	n = 0;

	while (n < keybytes) {

		(*(gk5e->encrypt))(cipher, NULL, inblock.data,

				   outblock.data, inblock.len);

		krb5_encrypt(cipher, NULL, inblock.data, outblock.data,

			     inblock.len);



		if ((keybytes - n) <= outblock.len) {

			memcpy(rawkey + n, outblock.data, (keybytes - n));

net/sunrpc/auth_gss/gss_krb5_mech.c

+0 −8
Original line number Diff line number Diff line
@@ -48,8 +48,6 @@ static const struct gss_krb5_enctype supported_gss_krb5_enctypes[] = { 
	  .name = "des-cbc-crc",

	  .encrypt_name = "cbc(des)",

	  .cksum_name = "md5",

	  .encrypt = krb5_encrypt,

	  .decrypt = krb5_decrypt,

	  .import_ctx = gss_krb5_import_ctx_des,

	  .mk_key = NULL,

	  .get_mic = gss_krb5_get_mic_v1,
@@ -72,8 +70,6 @@ static const struct gss_krb5_enctype supported_gss_krb5_enctypes[] = { 
	  .name = "des3-hmac-sha1",

	  .encrypt_name = "cbc(des3_ede)",

	  .cksum_name = "hmac(sha1)",

	  .encrypt = krb5_encrypt,

	  .decrypt = krb5_decrypt,

	  .import_ctx = gss_krb5_import_ctx_v1,

	  .mk_key = gss_krb5_des3_make_key,

	  .get_mic = gss_krb5_get_mic_v1,
@@ -100,8 +96,6 @@ static const struct gss_krb5_enctype supported_gss_krb5_enctypes[] = { 
	  .encrypt_name = "cts(cbc(aes))",

	  .aux_cipher = "cbc(aes)",

	  .cksum_name = "hmac(sha1)",

	  .encrypt = krb5_encrypt,

	  .decrypt = krb5_decrypt,

	  .import_ctx = gss_krb5_import_ctx_v2,

	  .mk_key = gss_krb5_aes_make_key,

	  .encrypt_v2 = gss_krb5_aes_encrypt,
@@ -129,8 +123,6 @@ static const struct gss_krb5_enctype supported_gss_krb5_enctypes[] = { 
	  .encrypt_name = "cts(cbc(aes))",

	  .aux_cipher = "cbc(aes)",

	  .cksum_name = "hmac(sha1)",

	  .encrypt = krb5_encrypt,

	  .decrypt = krb5_decrypt,

	  .import_ctx = gss_krb5_import_ctx_v2,

	  .mk_key = gss_krb5_aes_make_key,

	  .encrypt_v2 = gss_krb5_aes_encrypt,