net/sunrpc/auth_gss/gss_krb5_crypto.c
Source file repositories/reference/linux-study-clean/net/sunrpc/auth_gss/gss_krb5_crypto.c
File Facts
- System
- Linux kernel
- Corpus path
net/sunrpc/auth_gss/gss_krb5_crypto.c- Extension
.c- Size
- 9947 bytes
- Lines
- 322
- Domain
- Networking Core
- Bucket
- Sockets, Protocols, Packet Path, And Network Policy
- Inferred role
- Networking Core: implementation source
- Status
- source implementation candidate
Why This File Exists
Networking stack implementation surface: socket APIs, protocol dispatch, packet flow, routing, filtering, and network namespaces.
- Networking stack implementation surface: socket APIs, protocol dispatch, packet flow, routing, filtering, and network namespaces.
- Allocates kernel memory; connect allocation flags and lifetime to context constraints.
- Defines or uses C structs; map object ownership, embedded links, reference counts, and lock ownership.
Dependency Surface
linux/err.hlinux/types.hlinux/mm.hlinux/scatterlist.hlinux/highmem.hlinux/pagemap.hlinux/sunrpc/gss_krb5.hlinux/sunrpc/xdr.hgss_krb5_internal.h
Detected Declarations
function Copyrightfunction gss_krb5_aead_encryptfunction gss_krb5_aead_decryptfunction xdr_buf_to_sg_alloc
Annotated Snippet
while (plen) {
unsigned int n = min_t(unsigned int, plen,
PAGE_SIZE - off);
memcpy_page(buf->pages[i], off, pages[i], off, n);
plen -= n;
i++;
off = 0;
}
}
/* Build scatterlist covering the secured region */
sec_offset = offset + GSS_KRB5_TOK_HDR_LEN;
sec_len = buf->len - sec_offset;
data_len = sec_len - conflen - cksum_len;
nsg = xdr_buf_to_sg_alloc(buf, sec_offset, sec_len,
sg, ARRAY_SIZE(sg),
&sg_overflow, GFP_NOFS);
if (nsg < 0)
return GSS_S_FAILURE;
ret = crypto_krb5_encrypt(krb5, aead, sg, nsg, sec_len,
conflen, data_len, false);
kfree(sg_overflow);
if (ret < 0)
return GSS_S_FAILURE;
return GSS_S_COMPLETE;
}
/**
* gss_krb5_aead_decrypt - Decrypt a wrap token using crypto/krb5
* @kctx: Kerberos context
* @offset: byte offset of the GSS token header in @buf
* @len: total length of the GSS token
* @buf: ciphertext buffer, decrypted in-place
* @headskip: OUT: confounder length, in octets
* @tailskip: OUT: checksum length, in octets
*
* Return values:
* %GSS_S_COMPLETE: Decryption and integrity verification succeeded
* %GSS_S_BAD_SIG: Integrity checksum did not match
* %GSS_S_DEFECTIVE_TOKEN: Token is malformed or truncated
* %GSS_S_FAILURE: Decryption failed
*/
u32
gss_krb5_aead_decrypt(struct krb5_ctx *kctx, u32 offset, u32 len,
struct xdr_buf *buf, u32 *headskip, u32 *tailskip)
{
const struct krb5_enctype *krb5 = kctx->krb5e;
struct crypto_aead *aead = kctx->initiate ?
kctx->acceptor_enc_aead : kctx->initiator_enc_aead;
unsigned int sec_offset, sec_len;
size_t data_offset, data_len;
struct scatterlist sg[XDR_BUF_TO_SG_NENTS];
struct scatterlist *sg_overflow = NULL;
int nsg, ret;
/* Secured region starts after the GSS token header */
sec_offset = offset + GSS_KRB5_TOK_HDR_LEN;
if (len < sec_offset)
return GSS_S_DEFECTIVE_TOKEN;
sec_len = len - sec_offset;
nsg = xdr_buf_to_sg_alloc(buf, sec_offset, sec_len,
sg, ARRAY_SIZE(sg),
&sg_overflow, GFP_NOFS);
if (nsg < 0)
return GSS_S_FAILURE;
data_offset = 0;
data_len = sec_len;
ret = crypto_krb5_decrypt(krb5, aead, sg, nsg,
&data_offset, &data_len);
kfree(sg_overflow);
if (ret < 0)
return gss_krb5_errno_to_status(ret);
*headskip = data_offset;
*tailskip = sec_len - data_offset - data_len;
return GSS_S_COMPLETE;
}
/**
* gss_krb5_mic_build_sg - Build scatterlist for MIC token operations
* @body: xdr_buf containing the message body
* @cksum: pointer to checksum area in the token buffer
* @cksum_len: length of checksum area
* @hdr: pointer to GSS token header
* @sg_head: caller-provided scatterlist array; if more than
Annotation
- Immediate include surface: `linux/err.h`, `linux/types.h`, `linux/mm.h`, `linux/scatterlist.h`, `linux/highmem.h`, `linux/pagemap.h`, `linux/sunrpc/gss_krb5.h`, `linux/sunrpc/xdr.h`.
- Detected declarations: `function Copyright`, `function gss_krb5_aead_encrypt`, `function gss_krb5_aead_decrypt`, `function xdr_buf_to_sg_alloc`.
- Atlas domain: Networking Core / Sockets, Protocols, Packet Path, And Network Policy.
- Implementation status: source implementation candidate.
Implementation Notes
- This generated page is the file-by-file coverage layer; curated subsystem chapters should link here when they synthesize a multi-file control flow.
- Core OS pages should be promoted from atlas-only to deep-reviewed when they explain data structures, invariants, locking, lifecycle, and C implementation snippets.
- Driver-family pages are intentionally pattern-oriented unless they are part of the selected PCIe/NVMe representative device path.