302 static int encrypt_authorizer(struct ceph_x_authorizer *au,  in encrypt_authorizer()  argument
310 	msg_a = au->buf->vec.iov_base;  in encrypt_authorizer()
311 	WARN_ON(msg_a->ticket_blob.secret_id != cpu_to_le64(au->secret_id));  in encrypt_authorizer()
313 	end = au->buf->vec.iov_base + au->buf->vec.iov_len;  in encrypt_authorizer()
317 	msg_b->nonce = cpu_to_le64(au->nonce);  in encrypt_authorizer()
327 	ret = ceph_x_encrypt(&au->session_key, p, end - p, sizeof(*msg_b));  in encrypt_authorizer()
336 		au->buf->vec.iov_len = p - au->buf->vec.iov_base;  in encrypt_authorizer()
342 static void ceph_x_authorizer_cleanup(struct ceph_x_authorizer *au)  in ceph_x_authorizer_cleanup()  argument
344 	ceph_crypto_key_destroy(&au->session_key);  in ceph_x_authorizer_cleanup()
345 	if (au->buf) {  in ceph_x_authorizer_cleanup()
346 		ceph_buffer_put(au->buf);  in ceph_x_authorizer_cleanup()
347 		au->buf = NULL;  in ceph_x_authorizer_cleanup()
353 				   struct ceph_x_authorizer *au)  in ceph_x_build_authorizer()  argument
363 	     ceph_entity_type_name(th->service), au);  in ceph_x_build_authorizer()
365 	ceph_crypto_key_destroy(&au->session_key);  in ceph_x_build_authorizer()
366 	ret = ceph_crypto_key_clone(&au->session_key, &th->session_key);  in ceph_x_build_authorizer()
373 	if (au->buf && au->buf->alloc_len < maxlen) {  in ceph_x_build_authorizer()
374 		ceph_buffer_put(au->buf);  in ceph_x_build_authorizer()
375 		au->buf = NULL;  in ceph_x_build_authorizer()
377 	if (!au->buf) {  in ceph_x_build_authorizer()
378 		au->buf = ceph_buffer_new(maxlen, GFP_NOFS);  in ceph_x_build_authorizer()
379 		if (!au->buf) {  in ceph_x_build_authorizer()
384 	au->service = th->service;  in ceph_x_build_authorizer()
386 	au->secret_id = th->secret_id;  in ceph_x_build_authorizer()
388 	msg_a = au->buf->vec.iov_base;  in ceph_x_build_authorizer()
402 	get_random_bytes(&au->nonce, sizeof(au->nonce));  in ceph_x_build_authorizer()
403 	ret = encrypt_authorizer(au, NULL);  in ceph_x_build_authorizer()
409 	dout(" built authorizer nonce %llx len %d\n", au->nonce,  in ceph_x_build_authorizer()
410 	     (int)au->buf->vec.iov_len);  in ceph_x_build_authorizer()
414 	ceph_x_authorizer_cleanup(au);  in ceph_x_build_authorizer()
728 	struct ceph_x_authorizer *au = (void *)a;  in ceph_x_destroy_authorizer()  local
730 	ceph_x_authorizer_cleanup(au);  in ceph_x_destroy_authorizer()
731 	kfree(au);  in ceph_x_destroy_authorizer()
738 	struct ceph_x_authorizer *au;  in ceph_x_create_authorizer()  local
746 	au = kzalloc(sizeof(*au), GFP_NOFS);  in ceph_x_create_authorizer()
747 	if (!au)  in ceph_x_create_authorizer()
750 	au->base.destroy = ceph_x_destroy_authorizer;  in ceph_x_create_authorizer()
752 	ret = ceph_x_build_authorizer(ac, th, au);  in ceph_x_create_authorizer()
754 		kfree(au);  in ceph_x_create_authorizer()
758 	auth->authorizer = (struct ceph_authorizer *) au;  in ceph_x_create_authorizer()
759 	auth->authorizer_buf = au->buf->vec.iov_base;  in ceph_x_create_authorizer()
760 	auth->authorizer_buf_len = au->buf->vec.iov_len;  in ceph_x_create_authorizer()
761 	auth->authorizer_reply_buf = au->enc_buf;  in ceph_x_create_authorizer()
773 	struct ceph_x_authorizer *au;  in ceph_x_update_authorizer()  local
780 	au = (struct ceph_x_authorizer *)auth->authorizer;  in ceph_x_update_authorizer()
781 	if (au->secret_id < th->secret_id) {  in ceph_x_update_authorizer()
783 		     au->service, au->secret_id, th->secret_id);  in ceph_x_update_authorizer()
784 		return ceph_x_build_authorizer(ac, th, au);  in ceph_x_update_authorizer()
821 	struct ceph_x_authorizer *au = (void *)a;  in ceph_x_add_authorizer_challenge()  local
825 	ret = decrypt_authorizer_challenge(&au->session_key, challenge,  in ceph_x_add_authorizer_challenge()
832 	ret = encrypt_authorizer(au, &server_challenge);  in ceph_x_add_authorizer_challenge()
881 	struct ceph_x_authorizer *au = (void *)a;  in ceph_x_verify_authorizer_reply()  local
886 		memcpy(session_key, au->session_key.key, au->session_key.len);  in ceph_x_verify_authorizer_reply()
887 		*session_key_len = au->session_key.len;  in ceph_x_verify_authorizer_reply()
890 	ret = decrypt_authorizer_reply(&au->session_key, &reply,  in ceph_x_verify_authorizer_reply()
896 	if (nonce_plus_one != au->nonce + 1) {  in ceph_x_verify_authorizer_reply()
962 static int calc_signature(struct ceph_x_authorizer *au, struct ceph_msg *msg,  in calc_signature()  argument
965 	void *enc_buf = au->enc_buf;  in calc_signature()
983 		ret = ceph_x_encrypt(&au->session_key, enc_buf,  in calc_signature()
1015 		ret = ceph_crypt(&au->session_key, true, enc_buf,  in calc_signature()