342 static int encrypt_authorizer(struct ceph_x_authorizer *au,  in encrypt_authorizer()  argument
350 	msg_a = au->buf->vec.iov_base;  in encrypt_authorizer()
351 	WARN_ON(msg_a->ticket_blob.secret_id != cpu_to_le64(au->secret_id));  in encrypt_authorizer()
353 	end = au->buf->vec.iov_base + au->buf->vec.iov_len;  in encrypt_authorizer()
355 	msg_b = p + ceph_x_encrypt_offset(&au->session_key);  in encrypt_authorizer()
357 	msg_b->nonce = cpu_to_le64(au->nonce);  in encrypt_authorizer()
367 	ret = ceph_x_encrypt(&au->session_key,  in encrypt_authorizer()
378 		au->buf->vec.iov_len = p - au->buf->vec.iov_base;  in encrypt_authorizer()
384 static void ceph_x_authorizer_cleanup(struct ceph_x_authorizer *au)  in ceph_x_authorizer_cleanup()  argument
386 	ceph_crypto_key_destroy(&au->session_key);  in ceph_x_authorizer_cleanup()
387 	if (au->buf) {  in ceph_x_authorizer_cleanup()
388 		ceph_buffer_put(au->buf);  in ceph_x_authorizer_cleanup()
389 		au->buf = NULL;  in ceph_x_authorizer_cleanup()
395 				   struct ceph_x_authorizer *au)  in ceph_x_build_authorizer()  argument
405 	     ceph_entity_type_name(th->service), au);  in ceph_x_build_authorizer()
407 	ceph_crypto_key_destroy(&au->session_key);  in ceph_x_build_authorizer()
408 	ret = ceph_crypto_key_clone(&au->session_key, &th->session_key);  in ceph_x_build_authorizer()
412 	ret = ceph_crypto_key_prepare(&au->session_key, authorizer_key_usages,  in ceph_x_build_authorizer()
418 		ceph_x_encrypt_buflen(&au->session_key, sizeof(*msg_b));  in ceph_x_build_authorizer()
420 	if (au->buf && au->buf->alloc_len < maxlen) {  in ceph_x_build_authorizer()
421 		ceph_buffer_put(au->buf);  in ceph_x_build_authorizer()
422 		au->buf = NULL;  in ceph_x_build_authorizer()
424 	if (!au->buf) {  in ceph_x_build_authorizer()
425 		au->buf = ceph_buffer_new(maxlen, GFP_NOFS);  in ceph_x_build_authorizer()
426 		if (!au->buf) {  in ceph_x_build_authorizer()
431 	au->service = th->service;  in ceph_x_build_authorizer()
433 	au->secret_id = th->secret_id;  in ceph_x_build_authorizer()
435 	msg_a = au->buf->vec.iov_base;  in ceph_x_build_authorizer()
449 	get_random_bytes(&au->nonce, sizeof(au->nonce));  in ceph_x_build_authorizer()
450 	ret = encrypt_authorizer(au, NULL);  in ceph_x_build_authorizer()
456 	dout(" built authorizer nonce %llx len %d\n", au->nonce,  in ceph_x_build_authorizer()
457 	     (int)au->buf->vec.iov_len);  in ceph_x_build_authorizer()
461 	ceph_x_authorizer_cleanup(au);  in ceph_x_build_authorizer()
793 	struct ceph_x_authorizer *au = (void *)a;  in ceph_x_destroy_authorizer()  local
795 	ceph_x_authorizer_cleanup(au);  in ceph_x_destroy_authorizer()
796 	kfree(au);  in ceph_x_destroy_authorizer()
803 	struct ceph_x_authorizer *au;  in ceph_x_create_authorizer()  local
811 	au = kzalloc_obj(*au, GFP_NOFS);  in ceph_x_create_authorizer()
812 	if (!au)  in ceph_x_create_authorizer()
815 	au->base.destroy = ceph_x_destroy_authorizer;  in ceph_x_create_authorizer()
817 	ret = ceph_x_build_authorizer(ac, th, au);  in ceph_x_create_authorizer()
819 		kfree(au);  in ceph_x_create_authorizer()
823 	auth->authorizer = (struct ceph_authorizer *) au;  in ceph_x_create_authorizer()
824 	auth->authorizer_buf = au->buf->vec.iov_base;  in ceph_x_create_authorizer()
825 	auth->authorizer_buf_len = au->buf->vec.iov_len;  in ceph_x_create_authorizer()
826 	auth->authorizer_reply_buf = au->enc_buf;  in ceph_x_create_authorizer()
838 	struct ceph_x_authorizer *au;  in ceph_x_update_authorizer()  local
845 	au = (struct ceph_x_authorizer *)auth->authorizer;  in ceph_x_update_authorizer()
846 	if (au->secret_id < th->secret_id) {  in ceph_x_update_authorizer()
848 		     au->service, au->secret_id, th->secret_id);  in ceph_x_update_authorizer()
849 		return ceph_x_build_authorizer(ac, th, au);  in ceph_x_update_authorizer()
888 	struct ceph_x_authorizer *au = (void *)a;  in ceph_x_add_authorizer_challenge()  local
892 	ret = decrypt_authorizer_challenge(&au->session_key, challenge,  in ceph_x_add_authorizer_challenge()
899 	ret = encrypt_authorizer(au, &server_challenge);  in ceph_x_add_authorizer_challenge()
949 	struct ceph_x_authorizer *au = (void *)a;  in ceph_x_verify_authorizer_reply()  local
954 		memcpy(session_key, au->session_key.key, au->session_key.len);  in ceph_x_verify_authorizer_reply()
955 		*session_key_len = au->session_key.len;  in ceph_x_verify_authorizer_reply()
958 	ret = decrypt_authorizer_reply(&au->session_key, &reply,  in ceph_x_verify_authorizer_reply()
964 	if (nonce_plus_one != au->nonce + 1) {  in ceph_x_verify_authorizer_reply()
1030 static int calc_signature(struct ceph_x_authorizer *au, struct ceph_msg *msg,  in calc_signature()  argument
1033 	void *enc_buf = au->enc_buf;  in calc_signature()
1044 				       ceph_x_encrypt_offset(&au->session_key);  in calc_signature()
1052 		ret = ceph_x_encrypt(&au->session_key, 0 /* dummy */,  in calc_signature()
1074 		if (au->session_key.type == CEPH_CRYPTO_AES) {  in calc_signature()
1092 		if (au->session_key.type == CEPH_CRYPTO_AES) {  in calc_signature()
1095 			ret = ceph_crypt(&au->session_key, 0 /* dummy */,  in calc_signature()
1101 			ceph_hmac_sha256(&au->session_key, sigblock,  in calc_signature()