net/rxrpc/rxgk_kdf.c

Source file repositories/reference/linux-study-clean/net/rxrpc/rxgk_kdf.c

File Facts

System
Linux kernel
Corpus path
net/rxrpc/rxgk_kdf.c
Extension
.c
Size
7095 bytes
Lines
289
Domain
Networking Core
Bucket
Sockets, Protocols, Packet Path, And Network Policy
Inferred role
Networking Core: implementation source
Status
source implementation candidate

Why This File Exists

Networking stack implementation surface: socket APIs, protocol dispatch, packet flow, routing, filtering, and network namespaces.

Dependency Surface

Detected Declarations

Annotated Snippet

crypto_aead_authsize(gk->resp_enc) != krb5->cksum_len) {
		pr_notice("algo inconsistent with krb5 table %u!=%u or %u!=%u\n",
			  crypto_aead_blocksize(gk->resp_enc), krb5->block_len,
			  crypto_aead_authsize(gk->resp_enc), krb5->cksum_len);
		ret = -EINVAL;
		goto out;
	}

	if (service) {
		switch (conn->security_level) {
		case RXRPC_SECURITY_AUTH:
			shash = crypto_krb5_prepare_checksum(
				krb5, &TK, RXGK_SERVER_MIC_PACKET, gfp);
			if (IS_ERR(shash))
				goto hash_error;
			gk->tx_Kc = shash;
			shash = crypto_krb5_prepare_checksum(
				krb5, &TK, RXGK_CLIENT_MIC_PACKET, gfp);
			if (IS_ERR(shash))
				goto hash_error;
			gk->rx_Kc = shash;
			break;
		case RXRPC_SECURITY_ENCRYPT:
			aead = crypto_krb5_prepare_encryption(
				krb5, &TK, RXGK_SERVER_ENC_PACKET, gfp);
			if (IS_ERR(aead))
				goto aead_error;
			gk->tx_enc = aead;
			aead = crypto_krb5_prepare_encryption(
				krb5, &TK, RXGK_CLIENT_ENC_PACKET, gfp);
			if (IS_ERR(aead))
				goto aead_error;
			gk->rx_enc = aead;
			break;
		}
	} else {
		switch (conn->security_level) {
		case RXRPC_SECURITY_AUTH:
			shash = crypto_krb5_prepare_checksum(
				krb5, &TK, RXGK_CLIENT_MIC_PACKET, gfp);
			if (IS_ERR(shash))
				goto hash_error;
			gk->tx_Kc = shash;
			shash = crypto_krb5_prepare_checksum(
				krb5, &TK, RXGK_SERVER_MIC_PACKET, gfp);
			if (IS_ERR(shash))
				goto hash_error;
			gk->rx_Kc = shash;
			break;
		case RXRPC_SECURITY_ENCRYPT:
			aead = crypto_krb5_prepare_encryption(
				krb5, &TK, RXGK_CLIENT_ENC_PACKET, gfp);
			if (IS_ERR(aead))
				goto aead_error;
			gk->tx_enc = aead;
			aead = crypto_krb5_prepare_encryption(
				krb5, &TK, RXGK_SERVER_ENC_PACKET, gfp);
			if (IS_ERR(aead))
				goto aead_error;
			gk->rx_enc = aead;
			break;
		}
	}

	ret = 0;
out:
	kfree_sensitive(buffer);
	return ret;
aead_error:
	ret = PTR_ERR(aead);
	goto out;
hash_error:
	ret = PTR_ERR(shash);
	goto out;
}

/*
 * Derive a transport key for a connection and then derive a bunch of usage
 * keys from it and set up ciphers using them.
 */
struct rxgk_context *rxgk_generate_transport_key(struct rxrpc_connection *conn,
						 const struct rxgk_key *key,
						 unsigned int key_number,
						 gfp_t gfp)
{
	struct rxgk_context *gk;
	unsigned long lifetime;
	int ret = -ENOPKG;

	_enter("");

Annotation

Implementation Notes