Commit 6964629f authored by Chuck Lever's avatar Chuck Lever
Browse files

SUNRPC: Remove krb5_derive_key_v1() 



This function is no longer used.

Reviewed-by: default avatarJeff Layton <jlayton@kernel.org>
Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
parent ec596aaf

net/sunrpc/auth_gss/gss_krb5_internal.h

+0 −6
Original line number Diff line number Diff line
@@ -104,12 +104,6 @@ u32 gss_krb5_unwrap_v2(struct krb5_ctx *kctx, int offset, int len, 


/* Key Derivation Functions */



int krb5_derive_key_v1(const struct gss_krb5_enctype *gk5e,

		       const struct xdr_netobj *inkey,

		       struct xdr_netobj *outkey,

		       const struct xdr_netobj *label,

		       gfp_t gfp_mask);



int krb5_derive_key_v2(const struct gss_krb5_enctype *gk5e,

		       const struct xdr_netobj *inkey,

		       struct xdr_netobj *outkey,

net/sunrpc/auth_gss/gss_krb5_keys.c

+0 −84
Original line number Diff line number Diff line
@@ -222,90 +222,6 @@ static int krb5_DK(const struct gss_krb5_enctype *gk5e, 
	return ret;

}



#define smask(step) ((1<<step)-1)

#define pstep(x, step) (((x)&smask(step))^(((x)>>step)&smask(step)))

#define parity_char(x) pstep(pstep(pstep((x), 4), 2), 1)



static void mit_des_fixup_key_parity(u8 key[8])

{

	int i;

	for (i = 0; i < 8; i++) {

		key[i] &= 0xfe;

		key[i] |= 1^parity_char(key[i]);

	}

}



static int krb5_random_to_key_v1(const struct gss_krb5_enctype *gk5e,

				 struct xdr_netobj *randombits,

				 struct xdr_netobj *key)

{

	int i, ret = -EINVAL;



	if (key->len != 24) {

		dprintk("%s: key->len is %d\n", __func__, key->len);

		goto err_out;

	}

	if (randombits->len != 21) {

		dprintk("%s: randombits->len is %d\n",

			__func__, randombits->len);

		goto err_out;

	}



	/* take the seven bytes, move them around into the top 7 bits of the

	   8 key bytes, then compute the parity bits.  Do this three times. */



	for (i = 0; i < 3; i++) {

		memcpy(key->data + i*8, randombits->data + i*7, 7);

		key->data[i*8+7] = (((key->data[i*8]&1)<<1) |

				    ((key->data[i*8+1]&1)<<2) |

				    ((key->data[i*8+2]&1)<<3) |

				    ((key->data[i*8+3]&1)<<4) |

				    ((key->data[i*8+4]&1)<<5) |

				    ((key->data[i*8+5]&1)<<6) |

				    ((key->data[i*8+6]&1)<<7));



		mit_des_fixup_key_parity(key->data + i*8);

	}

	ret = 0;

err_out:

	return ret;

}



/**

 * krb5_derive_key_v1 - Derive a subkey for an RFC 3961 enctype

 * @gk5e: Kerberos 5 enctype profile

 * @inkey: base protocol key

 * @outkey: OUT: derived key

 * @label: subkey usage label

 * @gfp_mask: memory allocation control flags

 *

 * Caller sets @outkey->len to the desired length of the derived key.

 *

 * On success, returns 0 and fills in @outkey. A negative errno value

 * is returned on failure.

 */

int krb5_derive_key_v1(const struct gss_krb5_enctype *gk5e,

		       const struct xdr_netobj *inkey,

		       struct xdr_netobj *outkey,

		       const struct xdr_netobj *label,

		       gfp_t gfp_mask)

{

	struct xdr_netobj inblock;

	int ret;



	inblock.len = gk5e->keybytes;

	inblock.data = kmalloc(inblock.len, gfp_mask);

	if (!inblock.data)

		return -ENOMEM;



	ret = krb5_DK(gk5e, inkey, inblock.data, label, gfp_mask);

	if (!ret)

		ret = krb5_random_to_key_v1(gk5e, &inblock, outkey);



	kfree_sensitive(inblock.data);

	return ret;

}



/*

 * This is the identity function, with some sanity checking.

 */