rxrpc: Organise connection security to use a union

	struct list_head	proc_link;	/* link in procfs list */

	struct list_head	link;		/* link in master connection list */

	struct sk_buff_head	rx_queue;	/* received conn-level packets */

	const struct rxrpc_security *security;	/* applied security module */

	union {

		struct {

			struct crypto_sync_skcipher *cipher;	/* encryption handle */

			struct rxrpc_crypt csum_iv;	/* packet checksum base */

			u32	nonce;		/* response re-use preventer */

		} rxkad;

	};

	unsigned long		flags;

	unsigned long		events;

	unsigned long		idle_timestamp;	/* Time at which last became idle */

	int			debug_id;	/* debug ID for printks */

	atomic_t		serial;		/* packet serial number counter */

	unsigned int		hi_serial;	/* highest serial number received */

	u32			security_nonce;	/* response re-use preventer */

	u32			service_id;	/* Service ID, possibly upgraded */

	u8			size_align;	/* data size alignment (for security) */

	u8			security_size;	/* security header size */

	if (ret < 0)

		goto error_ci;

	conn->cipher = ci;

	conn->rxkad.cipher = ci;

	return 0;

error_ci:

	crypto_skcipher_encrypt(req);

	skcipher_request_free(req);

	memcpy(&conn->csum_iv, tmpbuf + 2, sizeof(conn->csum_iv));

	memcpy(&conn->rxkad.csum_iv, tmpbuf + 2, sizeof(conn->rxkad.csum_iv));

	kfree(tmpbuf);

	_leave(" = 0");

	return 0;

 */

static struct skcipher_request *rxkad_get_call_crypto(struct rxrpc_call *call)

{

	struct crypto_skcipher *tfm = &call->conn->cipher->base;

	struct crypto_skcipher *tfm = &call->conn->rxkad.cipher->base;

	struct skcipher_request	*cipher_req = call->cipher_req;

	if (!cipher_req) {

	memset(&iv, 0, sizeof(iv));

	sg_init_one(&sg, skb->head, 8);

	skcipher_request_set_sync_tfm(req, call->conn->cipher);

	skcipher_request_set_sync_tfm(req, call->conn->rxkad.cipher);

	skcipher_request_set_callback(req, 0, NULL, NULL);

	skcipher_request_set_crypt(req, &sg, &sg, 8, iv.x);

	crypto_skcipher_encrypt(req);

	memcpy(&iv, token->kad->session_key, sizeof(iv));

	sg_init_one(&sg[0], skb->head, sizeof(rxkhdr));

	skcipher_request_set_sync_tfm(req, call->conn->cipher);

	skcipher_request_set_sync_tfm(req, call->conn->rxkad.cipher);

	skcipher_request_set_callback(req, 0, NULL, NULL);

	skcipher_request_set_crypt(req, &sg[0], &sg[0], sizeof(rxkhdr), iv.x);

	crypto_skcipher_encrypt(req);

	       call->debug_id, key_serial(call->conn->params.key),

	       sp->hdr.seq, data_size);

	if (!call->conn->cipher)

	if (!call->conn->rxkad.cipher)

		return 0;

	ret = key_validate(call->conn->params.key);

		return -ENOMEM;

	/* continue encrypting from where we left off */

	memcpy(&iv, call->conn->csum_iv.x, sizeof(iv));

	memcpy(&iv, call->conn->rxkad.csum_iv.x, sizeof(iv));

	/* calculate the security checksum */

	x = (call->cid & RXRPC_CHANNELMASK) << (32 - RXRPC_CIDSHIFT);

	call->crypto_buf[1] = htonl(x);

	sg_init_one(&sg, call->crypto_buf, 8);

	skcipher_request_set_sync_tfm(req, call->conn->cipher);

	skcipher_request_set_sync_tfm(req, call->conn->rxkad.cipher);

	skcipher_request_set_callback(req, 0, NULL, NULL);

	skcipher_request_set_crypt(req, &sg, &sg, 8, iv.x);

	crypto_skcipher_encrypt(req);

	/* start the decryption afresh */

	memset(&iv, 0, sizeof(iv));

	skcipher_request_set_sync_tfm(req, call->conn->cipher);

	skcipher_request_set_sync_tfm(req, call->conn->rxkad.cipher);

	skcipher_request_set_callback(req, 0, NULL, NULL);

	skcipher_request_set_crypt(req, sg, sg, 8, iv.x);

	crypto_skcipher_decrypt(req);

	token = call->conn->params.key->payload.data[0];

	memcpy(&iv, token->kad->session_key, sizeof(iv));

	skcipher_request_set_sync_tfm(req, call->conn->cipher);

	skcipher_request_set_sync_tfm(req, call->conn->rxkad.cipher);

	skcipher_request_set_callback(req, 0, NULL, NULL);

	skcipher_request_set_crypt(req, sg, sg, len, iv.x);

	crypto_skcipher_decrypt(req);

	_enter("{%d{%x}},{#%u}",

	       call->debug_id, key_serial(call->conn->params.key), seq);

	if (!call->conn->cipher)

	if (!call->conn->rxkad.cipher)

		return 0;

	req = rxkad_get_call_crypto(call);

		return -ENOMEM;

	/* continue encrypting from where we left off */

	memcpy(&iv, call->conn->csum_iv.x, sizeof(iv));

	memcpy(&iv, call->conn->rxkad.csum_iv.x, sizeof(iv));

	/* validate the security checksum */

	x = (call->cid & RXRPC_CHANNELMASK) << (32 - RXRPC_CIDSHIFT);

	call->crypto_buf[1] = htonl(x);

	sg_init_one(&sg, call->crypto_buf, 8);

	skcipher_request_set_sync_tfm(req, call->conn->cipher);

	skcipher_request_set_sync_tfm(req, call->conn->rxkad.cipher);

	skcipher_request_set_callback(req, 0, NULL, NULL);

	skcipher_request_set_crypt(req, &sg, &sg, 8, iv.x);

	crypto_skcipher_encrypt(req);

	_enter("{%d}", conn->debug_id);

	get_random_bytes(&conn->security_nonce, sizeof(conn->security_nonce));

	get_random_bytes(&conn->rxkad.nonce, sizeof(conn->rxkad.nonce));

	challenge.version	= htonl(2);

	challenge.nonce		= htonl(conn->security_nonce);

	challenge.nonce		= htonl(conn->rxkad.nonce);

	challenge.min_level	= htonl(0);

	challenge.__padding	= 0;

	struct rxrpc_crypt iv;

	struct scatterlist sg[1];

	req = skcipher_request_alloc(&conn->cipher->base, GFP_NOFS);

	req = skcipher_request_alloc(&conn->rxkad.cipher->base, GFP_NOFS);

	if (!req)

		return -ENOMEM;

	sg_init_table(sg, 1);

	sg_set_buf(sg, &resp->encrypted, sizeof(resp->encrypted));

	skcipher_request_set_sync_tfm(req, conn->cipher);

	skcipher_request_set_sync_tfm(req, conn->rxkad.cipher);

	skcipher_request_set_callback(req, 0, NULL, NULL);

	skcipher_request_set_crypt(req, sg, sg, sizeof(resp->encrypted), iv.x);

	crypto_skcipher_encrypt(req);

	eproto = tracepoint_string("rxkad_rsp_seq");

	abort_code = RXKADOUTOFSEQUENCE;

	if (ntohl(response->encrypted.inc_nonce) != conn->security_nonce + 1)

	if (ntohl(response->encrypted.inc_nonce) != conn->rxkad.nonce + 1)

		goto protocol_error_free;

	eproto = tracepoint_string("rxkad_rsp_level");

{

	_enter("");

	if (conn->cipher)

		crypto_free_sync_skcipher(conn->cipher);

	if (conn->rxkad.cipher)

		crypto_free_sync_skcipher(conn->rxkad.cipher);

}

/*