tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork

Configure Feed

Select the types of activity you want to include in your feed.

kernel / net / rxrpc / ar-key.c
at v3.0-rc4 1220 lines 29 kB view raw
1/* RxRPC key management 2 * 3 * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version 9 * 2 of the License, or (at your option) any later version. 10 * 11 * RxRPC keys should have a description of describing their purpose: 12 * "afs@CAMBRIDGE.REDHAT.COM> 13 */ 14 15#include <linux/module.h> 16#include <linux/net.h> 17#include <linux/skbuff.h> 18#include <linux/key-type.h> 19#include <linux/crypto.h> 20#include <linux/ctype.h> 21#include <linux/slab.h> 22#include <net/sock.h> 23#include <net/af_rxrpc.h> 24#include <keys/rxrpc-type.h> 25#include <keys/user-type.h> 26#include "ar-internal.h" 27 28static int rxrpc_vet_description_s(const char *); 29static int rxrpc_instantiate(struct key *, const void *, size_t); 30static int rxrpc_instantiate_s(struct key *, const void *, size_t); 31static void rxrpc_destroy(struct key *); 32static void rxrpc_destroy_s(struct key *); 33static void rxrpc_describe(const struct key *, struct seq_file *); 34static long rxrpc_read(const struct key *, char __user *, size_t); 35 36/* 37 * rxrpc defined keys take an arbitrary string as the description and an 38 * arbitrary blob of data as the payload 39 */ 40struct key_type key_type_rxrpc = { 41 .name = "rxrpc", 42 .instantiate = rxrpc_instantiate, 43 .match = user_match, 44 .destroy = rxrpc_destroy, 45 .describe = rxrpc_describe, 46 .read = rxrpc_read, 47}; 48EXPORT_SYMBOL(key_type_rxrpc); 49 50/* 51 * rxrpc server defined keys take "<serviceId>:<securityIndex>" as the 52 * description and an 8-byte decryption key as the payload 53 */ 54struct key_type key_type_rxrpc_s = { 55 .name = "rxrpc_s", 56 .vet_description = rxrpc_vet_description_s, 57 .instantiate = rxrpc_instantiate_s, 58 .match = user_match, 59 .destroy = rxrpc_destroy_s, 60 .describe = rxrpc_describe, 61}; 62 63/* 64 * Vet the description for an RxRPC server key 65 */ 66static int rxrpc_vet_description_s(const char *desc) 67{ 68 unsigned long num; 69 char *p; 70 71 num = simple_strtoul(desc, &p, 10); 72 if (*p != ':' || num > 65535) 73 return -EINVAL; 74 num = simple_strtoul(p + 1, &p, 10); 75 if (*p || num < 1 || num > 255) 76 return -EINVAL; 77 return 0; 78} 79 80/* 81 * parse an RxKAD type XDR format token 82 * - the caller guarantees we have at least 4 words 83 */ 84static int rxrpc_instantiate_xdr_rxkad(struct key *key, const __be32 *xdr, 85 unsigned toklen) 86{ 87 struct rxrpc_key_token *token, **pptoken; 88 size_t plen; 89 u32 tktlen; 90 int ret; 91 92 _enter(",{%x,%x,%x,%x},%u", 93 ntohl(xdr[0]), ntohl(xdr[1]), ntohl(xdr[2]), ntohl(xdr[3]), 94 toklen); 95 96 if (toklen <= 8 * 4) 97 return -EKEYREJECTED; 98 tktlen = ntohl(xdr[7]); 99 _debug("tktlen: %x", tktlen); 100 if (tktlen > AFSTOKEN_RK_TIX_MAX) 101 return -EKEYREJECTED; 102 if (8 * 4 + tktlen != toklen) 103 return -EKEYREJECTED; 104 105 plen = sizeof(*token) + sizeof(*token->kad) + tktlen; 106 ret = key_payload_reserve(key, key->datalen + plen); 107 if (ret < 0) 108 return ret; 109 110 plen -= sizeof(*token); 111 token = kzalloc(sizeof(*token), GFP_KERNEL); 112 if (!token) 113 return -ENOMEM; 114 115 token->kad = kzalloc(plen, GFP_KERNEL); 116 if (!token->kad) { 117 kfree(token); 118 return -ENOMEM; 119 } 120 121 token->security_index = RXRPC_SECURITY_RXKAD; 122 token->kad->ticket_len = tktlen; 123 token->kad->vice_id = ntohl(xdr[0]); 124 token->kad->kvno = ntohl(xdr[1]); 125 token->kad->start = ntohl(xdr[4]); 126 token->kad->expiry = ntohl(xdr[5]); 127 token->kad->primary_flag = ntohl(xdr[6]); 128 memcpy(&token->kad->session_key, &xdr[2], 8); 129 memcpy(&token->kad->ticket, &xdr[8], tktlen); 130 131 _debug("SCIX: %u", token->security_index); 132 _debug("TLEN: %u", token->kad->ticket_len); 133 _debug("EXPY: %x", token->kad->expiry); 134 _debug("KVNO: %u", token->kad->kvno); 135 _debug("PRIM: %u", token->kad->primary_flag); 136 _debug("SKEY: %02x%02x%02x%02x%02x%02x%02x%02x", 137 token->kad->session_key[0], token->kad->session_key[1], 138 token->kad->session_key[2], token->kad->session_key[3], 139 token->kad->session_key[4], token->kad->session_key[5], 140 token->kad->session_key[6], token->kad->session_key[7]); 141 if (token->kad->ticket_len >= 8) 142 _debug("TCKT: %02x%02x%02x%02x%02x%02x%02x%02x", 143 token->kad->ticket[0], token->kad->ticket[1], 144 token->kad->ticket[2], token->kad->ticket[3], 145 token->kad->ticket[4], token->kad->ticket[5], 146 token->kad->ticket[6], token->kad->ticket[7]); 147 148 /* count the number of tokens attached */ 149 key->type_data.x[0]++; 150 151 /* attach the data */ 152 for (pptoken = (struct rxrpc_key_token **)&key->payload.data; 153 *pptoken; 154 pptoken = &(*pptoken)->next) 155 continue; 156 *pptoken = token; 157 if (token->kad->expiry < key->expiry) 158 key->expiry = token->kad->expiry; 159 160 _leave(" = 0"); 161 return 0; 162} 163 164static void rxrpc_free_krb5_principal(struct krb5_principal *princ) 165{ 166 int loop; 167 168 if (princ->name_parts) { 169 for (loop = princ->n_name_parts - 1; loop >= 0; loop--) 170 kfree(princ->name_parts[loop]); 171 kfree(princ->name_parts); 172 } 173 kfree(princ->realm); 174} 175 176static void rxrpc_free_krb5_tagged(struct krb5_tagged_data *td) 177{ 178 kfree(td->data); 179} 180 181/* 182 * free up an RxK5 token 183 */ 184static void rxrpc_rxk5_free(struct rxk5_key *rxk5) 185{ 186 int loop; 187 188 rxrpc_free_krb5_principal(&rxk5->client); 189 rxrpc_free_krb5_principal(&rxk5->server); 190 rxrpc_free_krb5_tagged(&rxk5->session); 191 192 if (rxk5->addresses) { 193 for (loop = rxk5->n_addresses - 1; loop >= 0; loop--) 194 rxrpc_free_krb5_tagged(&rxk5->addresses[loop]); 195 kfree(rxk5->addresses); 196 } 197 if (rxk5->authdata) { 198 for (loop = rxk5->n_authdata - 1; loop >= 0; loop--) 199 rxrpc_free_krb5_tagged(&rxk5->authdata[loop]); 200 kfree(rxk5->authdata); 201 } 202 203 kfree(rxk5->ticket); 204 kfree(rxk5->ticket2); 205 kfree(rxk5); 206} 207 208/* 209 * extract a krb5 principal 210 */ 211static int rxrpc_krb5_decode_principal(struct krb5_principal *princ, 212 const __be32 **_xdr, 213 unsigned *_toklen) 214{ 215 const __be32 *xdr = *_xdr; 216 unsigned toklen = *_toklen, n_parts, loop, tmp; 217 218 /* there must be at least one name, and at least #names+1 length 219 * words */ 220 if (toklen <= 12) 221 return -EINVAL; 222 223 _enter(",{%x,%x,%x},%u", 224 ntohl(xdr[0]), ntohl(xdr[1]), ntohl(xdr[2]), toklen); 225 226 n_parts = ntohl(*xdr++); 227 toklen -= 4; 228 if (n_parts <= 0 || n_parts > AFSTOKEN_K5_COMPONENTS_MAX) 229 return -EINVAL; 230 princ->n_name_parts = n_parts; 231 232 if (toklen <= (n_parts + 1) * 4) 233 return -EINVAL; 234 235 princ->name_parts = kcalloc(sizeof(char *), n_parts, GFP_KERNEL); 236 if (!princ->name_parts) 237 return -ENOMEM; 238 239 for (loop = 0; loop < n_parts; loop++) { 240 if (toklen < 4) 241 return -EINVAL; 242 tmp = ntohl(*xdr++); 243 toklen -= 4; 244 if (tmp <= 0 || tmp > AFSTOKEN_STRING_MAX) 245 return -EINVAL; 246 if (tmp > toklen) 247 return -EINVAL; 248 princ->name_parts[loop] = kmalloc(tmp + 1, GFP_KERNEL); 249 if (!princ->name_parts[loop]) 250 return -ENOMEM; 251 memcpy(princ->name_parts[loop], xdr, tmp); 252 princ->name_parts[loop][tmp] = 0; 253 tmp = (tmp + 3) & ~3; 254 toklen -= tmp; 255 xdr += tmp >> 2; 256 } 257 258 if (toklen < 4) 259 return -EINVAL; 260 tmp = ntohl(*xdr++); 261 toklen -= 4; 262 if (tmp <= 0 || tmp > AFSTOKEN_K5_REALM_MAX) 263 return -EINVAL; 264 if (tmp > toklen) 265 return -EINVAL; 266 princ->realm = kmalloc(tmp + 1, GFP_KERNEL); 267 if (!princ->realm) 268 return -ENOMEM; 269 memcpy(princ->realm, xdr, tmp); 270 princ->realm[tmp] = 0; 271 tmp = (tmp + 3) & ~3; 272 toklen -= tmp; 273 xdr += tmp >> 2; 274 275 _debug("%s/...@%s", princ->name_parts[0], princ->realm); 276 277 *_xdr = xdr; 278 *_toklen = toklen; 279 _leave(" = 0 [toklen=%u]", toklen); 280 return 0; 281} 282 283/* 284 * extract a piece of krb5 tagged data 285 */ 286static int rxrpc_krb5_decode_tagged_data(struct krb5_tagged_data *td, 287 size_t max_data_size, 288 const __be32 **_xdr, 289 unsigned *_toklen) 290{ 291 const __be32 *xdr = *_xdr; 292 unsigned toklen = *_toklen, len; 293 294 /* there must be at least one tag and one length word */ 295 if (toklen <= 8) 296 return -EINVAL; 297 298 _enter(",%zu,{%x,%x},%u", 299 max_data_size, ntohl(xdr[0]), ntohl(xdr[1]), toklen); 300 301 td->tag = ntohl(*xdr++); 302 len = ntohl(*xdr++); 303 toklen -= 8; 304 if (len > max_data_size) 305 return -EINVAL; 306 td->data_len = len; 307 308 if (len > 0) { 309 td->data = kmalloc(len, GFP_KERNEL); 310 if (!td->data) 311 return -ENOMEM; 312 memcpy(td->data, xdr, len); 313 len = (len + 3) & ~3; 314 toklen -= len; 315 xdr += len >> 2; 316 } 317 318 _debug("tag %x len %x", td->tag, td->data_len); 319 320 *_xdr = xdr; 321 *_toklen = toklen; 322 _leave(" = 0 [toklen=%u]", toklen); 323 return 0; 324} 325 326/* 327 * extract an array of tagged data 328 */ 329static int rxrpc_krb5_decode_tagged_array(struct krb5_tagged_data **_td, 330 u8 *_n_elem, 331 u8 max_n_elem, 332 size_t max_elem_size, 333 const __be32 **_xdr, 334 unsigned *_toklen) 335{ 336 struct krb5_tagged_data *td; 337 const __be32 *xdr = *_xdr; 338 unsigned toklen = *_toklen, n_elem, loop; 339 int ret; 340 341 /* there must be at least one count */ 342 if (toklen < 4) 343 return -EINVAL; 344 345 _enter(",,%u,%zu,{%x},%u", 346 max_n_elem, max_elem_size, ntohl(xdr[0]), toklen); 347 348 n_elem = ntohl(*xdr++); 349 toklen -= 4; 350 if (n_elem < 0 || n_elem > max_n_elem) 351 return -EINVAL; 352 *_n_elem = n_elem; 353 if (n_elem > 0) { 354 if (toklen <= (n_elem + 1) * 4) 355 return -EINVAL; 356 357 _debug("n_elem %d", n_elem); 358 359 td = kcalloc(sizeof(struct krb5_tagged_data), n_elem, 360 GFP_KERNEL); 361 if (!td) 362 return -ENOMEM; 363 *_td = td; 364 365 for (loop = 0; loop < n_elem; loop++) { 366 ret = rxrpc_krb5_decode_tagged_data(&td[loop], 367 max_elem_size, 368 &xdr, &toklen); 369 if (ret < 0) 370 return ret; 371 } 372 } 373 374 *_xdr = xdr; 375 *_toklen = toklen; 376 _leave(" = 0 [toklen=%u]", toklen); 377 return 0; 378} 379 380/* 381 * extract a krb5 ticket 382 */ 383static int rxrpc_krb5_decode_ticket(u8 **_ticket, u16 *_tktlen, 384 const __be32 **_xdr, unsigned *_toklen) 385{ 386 const __be32 *xdr = *_xdr; 387 unsigned toklen = *_toklen, len; 388 389 /* there must be at least one length word */ 390 if (toklen <= 4) 391 return -EINVAL; 392 393 _enter(",{%x},%u", ntohl(xdr[0]), toklen); 394 395 len = ntohl(*xdr++); 396 toklen -= 4; 397 if (len > AFSTOKEN_K5_TIX_MAX) 398 return -EINVAL; 399 *_tktlen = len; 400 401 _debug("ticket len %u", len); 402 403 if (len > 0) { 404 *_ticket = kmalloc(len, GFP_KERNEL); 405 if (!*_ticket) 406 return -ENOMEM; 407 memcpy(*_ticket, xdr, len); 408 len = (len + 3) & ~3; 409 toklen -= len; 410 xdr += len >> 2; 411 } 412 413 *_xdr = xdr; 414 *_toklen = toklen; 415 _leave(" = 0 [toklen=%u]", toklen); 416 return 0; 417} 418 419/* 420 * parse an RxK5 type XDR format token 421 * - the caller guarantees we have at least 4 words 422 */ 423static int rxrpc_instantiate_xdr_rxk5(struct key *key, const __be32 *xdr, 424 unsigned toklen) 425{ 426 struct rxrpc_key_token *token, **pptoken; 427 struct rxk5_key *rxk5; 428 const __be32 *end_xdr = xdr + (toklen >> 2); 429 int ret; 430 431 _enter(",{%x,%x,%x,%x},%u", 432 ntohl(xdr[0]), ntohl(xdr[1]), ntohl(xdr[2]), ntohl(xdr[3]), 433 toklen); 434 435 /* reserve some payload space for this subkey - the length of the token 436 * is a reasonable approximation */ 437 ret = key_payload_reserve(key, key->datalen + toklen); 438 if (ret < 0) 439 return ret; 440 441 token = kzalloc(sizeof(*token), GFP_KERNEL); 442 if (!token) 443 return -ENOMEM; 444 445 rxk5 = kzalloc(sizeof(*rxk5), GFP_KERNEL); 446 if (!rxk5) { 447 kfree(token); 448 return -ENOMEM; 449 } 450 451 token->security_index = RXRPC_SECURITY_RXK5; 452 token->k5 = rxk5; 453 454 /* extract the principals */ 455 ret = rxrpc_krb5_decode_principal(&rxk5->client, &xdr, &toklen); 456 if (ret < 0) 457 goto error; 458 ret = rxrpc_krb5_decode_principal(&rxk5->server, &xdr, &toklen); 459 if (ret < 0) 460 goto error; 461 462 /* extract the session key and the encoding type (the tag field -> 463 * ENCTYPE_xxx) */ 464 ret = rxrpc_krb5_decode_tagged_data(&rxk5->session, AFSTOKEN_DATA_MAX, 465 &xdr, &toklen); 466 if (ret < 0) 467 goto error; 468 469 if (toklen < 4 * 8 + 2 * 4) 470 goto inval; 471 rxk5->authtime = be64_to_cpup((const __be64 *) xdr); 472 xdr += 2; 473 rxk5->starttime = be64_to_cpup((const __be64 *) xdr); 474 xdr += 2; 475 rxk5->endtime = be64_to_cpup((const __be64 *) xdr); 476 xdr += 2; 477 rxk5->renew_till = be64_to_cpup((const __be64 *) xdr); 478 xdr += 2; 479 rxk5->is_skey = ntohl(*xdr++); 480 rxk5->flags = ntohl(*xdr++); 481 toklen -= 4 * 8 + 2 * 4; 482 483 _debug("times: a=%llx s=%llx e=%llx rt=%llx", 484 rxk5->authtime, rxk5->starttime, rxk5->endtime, 485 rxk5->renew_till); 486 _debug("is_skey=%x flags=%x", rxk5->is_skey, rxk5->flags); 487 488 /* extract the permitted client addresses */ 489 ret = rxrpc_krb5_decode_tagged_array(&rxk5->addresses, 490 &rxk5->n_addresses, 491 AFSTOKEN_K5_ADDRESSES_MAX, 492 AFSTOKEN_DATA_MAX, 493 &xdr, &toklen); 494 if (ret < 0) 495 goto error; 496 497 ASSERTCMP((end_xdr - xdr) << 2, ==, toklen); 498 499 /* extract the tickets */ 500 ret = rxrpc_krb5_decode_ticket(&rxk5->ticket, &rxk5->ticket_len, 501 &xdr, &toklen); 502 if (ret < 0) 503 goto error; 504 ret = rxrpc_krb5_decode_ticket(&rxk5->ticket2, &rxk5->ticket2_len, 505 &xdr, &toklen); 506 if (ret < 0) 507 goto error; 508 509 ASSERTCMP((end_xdr - xdr) << 2, ==, toklen); 510 511 /* extract the typed auth data */ 512 ret = rxrpc_krb5_decode_tagged_array(&rxk5->authdata, 513 &rxk5->n_authdata, 514 AFSTOKEN_K5_AUTHDATA_MAX, 515 AFSTOKEN_BDATALN_MAX, 516 &xdr, &toklen); 517 if (ret < 0) 518 goto error; 519 520 ASSERTCMP((end_xdr - xdr) << 2, ==, toklen); 521 522 if (toklen != 0) 523 goto inval; 524 525 /* attach the payload to the key */ 526 for (pptoken = (struct rxrpc_key_token **)&key->payload.data; 527 *pptoken; 528 pptoken = &(*pptoken)->next) 529 continue; 530 *pptoken = token; 531 if (token->kad->expiry < key->expiry) 532 key->expiry = token->kad->expiry; 533 534 _leave(" = 0"); 535 return 0; 536 537inval: 538 ret = -EINVAL; 539error: 540 rxrpc_rxk5_free(rxk5); 541 kfree(token); 542 _leave(" = %d", ret); 543 return ret; 544} 545 546/* 547 * attempt to parse the data as the XDR format 548 * - the caller guarantees we have more than 7 words 549 */ 550static int rxrpc_instantiate_xdr(struct key *key, const void *data, size_t datalen) 551{ 552 const __be32 *xdr = data, *token; 553 const char *cp; 554 unsigned len, tmp, loop, ntoken, toklen, sec_ix; 555 int ret; 556 557 _enter(",{%x,%x,%x,%x},%zu", 558 ntohl(xdr[0]), ntohl(xdr[1]), ntohl(xdr[2]), ntohl(xdr[3]), 559 datalen); 560 561 if (datalen > AFSTOKEN_LENGTH_MAX) 562 goto not_xdr; 563 564 /* XDR is an array of __be32's */ 565 if (datalen & 3) 566 goto not_xdr; 567 568 /* the flags should be 0 (the setpag bit must be handled by 569 * userspace) */ 570 if (ntohl(*xdr++) != 0) 571 goto not_xdr; 572 datalen -= 4; 573 574 /* check the cell name */ 575 len = ntohl(*xdr++); 576 if (len < 1 || len > AFSTOKEN_CELL_MAX) 577 goto not_xdr; 578 datalen -= 4; 579 tmp = (len + 3) & ~3; 580 if (tmp > datalen) 581 goto not_xdr; 582 583 cp = (const char *) xdr; 584 for (loop = 0; loop < len; loop++) 585 if (!isprint(cp[loop])) 586 goto not_xdr; 587 if (len < tmp) 588 for (; loop < tmp; loop++) 589 if (cp[loop]) 590 goto not_xdr; 591 _debug("cellname: [%u/%u] '%*.*s'", 592 len, tmp, len, len, (const char *) xdr); 593 datalen -= tmp; 594 xdr += tmp >> 2; 595 596 /* get the token count */ 597 if (datalen < 12) 598 goto not_xdr; 599 ntoken = ntohl(*xdr++); 600 datalen -= 4; 601 _debug("ntoken: %x", ntoken); 602 if (ntoken < 1 || ntoken > AFSTOKEN_MAX) 603 goto not_xdr; 604 605 /* check each token wrapper */ 606 token = xdr; 607 loop = ntoken; 608 do { 609 if (datalen < 8) 610 goto not_xdr; 611 toklen = ntohl(*xdr++); 612 sec_ix = ntohl(*xdr); 613 datalen -= 4; 614 _debug("token: [%x/%zx] %x", toklen, datalen, sec_ix); 615 if (toklen < 20 || toklen > datalen) 616 goto not_xdr; 617 datalen -= (toklen + 3) & ~3; 618 xdr += (toklen + 3) >> 2; 619 620 } while (--loop > 0); 621 622 _debug("remainder: %zu", datalen); 623 if (datalen != 0) 624 goto not_xdr; 625 626 /* okay: we're going to assume it's valid XDR format 627 * - we ignore the cellname, relying on the key to be correctly named 628 */ 629 do { 630 xdr = token; 631 toklen = ntohl(*xdr++); 632 token = xdr + ((toklen + 3) >> 2); 633 sec_ix = ntohl(*xdr++); 634 toklen -= 4; 635 636 _debug("TOKEN type=%u [%p-%p]", sec_ix, xdr, token); 637 638 switch (sec_ix) { 639 case RXRPC_SECURITY_RXKAD: 640 ret = rxrpc_instantiate_xdr_rxkad(key, xdr, toklen); 641 if (ret != 0) 642 goto error; 643 break; 644 645 case RXRPC_SECURITY_RXK5: 646 ret = rxrpc_instantiate_xdr_rxk5(key, xdr, toklen); 647 if (ret != 0) 648 goto error; 649 break; 650 651 default: 652 ret = -EPROTONOSUPPORT; 653 goto error; 654 } 655 656 } while (--ntoken > 0); 657 658 _leave(" = 0"); 659 return 0; 660 661not_xdr: 662 _leave(" = -EPROTO"); 663 return -EPROTO; 664error: 665 _leave(" = %d", ret); 666 return ret; 667} 668 669/* 670 * instantiate an rxrpc defined key 671 * data should be of the form: 672 * OFFSET LEN CONTENT 673 * 0 4 key interface version number 674 * 4 2 security index (type) 675 * 6 2 ticket length 676 * 8 4 key expiry time (time_t) 677 * 12 4 kvno 678 * 16 8 session key 679 * 24 [len] ticket 680 * 681 * if no data is provided, then a no-security key is made 682 */ 683static int rxrpc_instantiate(struct key *key, const void *data, size_t datalen) 684{ 685 const struct rxrpc_key_data_v1 *v1; 686 struct rxrpc_key_token *token, **pp; 687 size_t plen; 688 u32 kver; 689 int ret; 690 691 _enter("{%x},,%zu", key_serial(key), datalen); 692 693 /* handle a no-security key */ 694 if (!data && datalen == 0) 695 return 0; 696 697 /* determine if the XDR payload format is being used */ 698 if (datalen > 7 * 4) { 699 ret = rxrpc_instantiate_xdr(key, data, datalen); 700 if (ret != -EPROTO) 701 return ret; 702 } 703 704 /* get the key interface version number */ 705 ret = -EINVAL; 706 if (datalen <= 4 || !data) 707 goto error; 708 memcpy(&kver, data, sizeof(kver)); 709 data += sizeof(kver); 710 datalen -= sizeof(kver); 711 712 _debug("KEY I/F VERSION: %u", kver); 713 714 ret = -EKEYREJECTED; 715 if (kver != 1) 716 goto error; 717 718 /* deal with a version 1 key */ 719 ret = -EINVAL; 720 if (datalen < sizeof(*v1)) 721 goto error; 722 723 v1 = data; 724 if (datalen != sizeof(*v1) + v1->ticket_length) 725 goto error; 726 727 _debug("SCIX: %u", v1->security_index); 728 _debug("TLEN: %u", v1->ticket_length); 729 _debug("EXPY: %x", v1->expiry); 730 _debug("KVNO: %u", v1->kvno); 731 _debug("SKEY: %02x%02x%02x%02x%02x%02x%02x%02x", 732 v1->session_key[0], v1->session_key[1], 733 v1->session_key[2], v1->session_key[3], 734 v1->session_key[4], v1->session_key[5], 735 v1->session_key[6], v1->session_key[7]); 736 if (v1->ticket_length >= 8) 737 _debug("TCKT: %02x%02x%02x%02x%02x%02x%02x%02x", 738 v1->ticket[0], v1->ticket[1], 739 v1->ticket[2], v1->ticket[3], 740 v1->ticket[4], v1->ticket[5], 741 v1->ticket[6], v1->ticket[7]); 742 743 ret = -EPROTONOSUPPORT; 744 if (v1->security_index != RXRPC_SECURITY_RXKAD) 745 goto error; 746 747 plen = sizeof(*token->kad) + v1->ticket_length; 748 ret = key_payload_reserve(key, plen + sizeof(*token)); 749 if (ret < 0) 750 goto error; 751 752 ret = -ENOMEM; 753 token = kzalloc(sizeof(*token), GFP_KERNEL); 754 if (!token) 755 goto error; 756 token->kad = kzalloc(plen, GFP_KERNEL); 757 if (!token->kad) 758 goto error_free; 759 760 token->security_index = RXRPC_SECURITY_RXKAD; 761 token->kad->ticket_len = v1->ticket_length; 762 token->kad->expiry = v1->expiry; 763 token->kad->kvno = v1->kvno; 764 memcpy(&token->kad->session_key, &v1->session_key, 8); 765 memcpy(&token->kad->ticket, v1->ticket, v1->ticket_length); 766 767 /* attach the data */ 768 key->type_data.x[0]++; 769 770 pp = (struct rxrpc_key_token **)&key->payload.data; 771 while (*pp) 772 pp = &(*pp)->next; 773 *pp = token; 774 if (token->kad->expiry < key->expiry) 775 key->expiry = token->kad->expiry; 776 token = NULL; 777 ret = 0; 778 779error_free: 780 kfree(token); 781error: 782 return ret; 783} 784 785/* 786 * instantiate a server secret key 787 * data should be a pointer to the 8-byte secret key 788 */ 789static int rxrpc_instantiate_s(struct key *key, const void *data, 790 size_t datalen) 791{ 792 struct crypto_blkcipher *ci; 793 794 _enter("{%x},,%zu", key_serial(key), datalen); 795 796 if (datalen != 8) 797 return -EINVAL; 798 799 memcpy(&key->type_data, data, 8); 800 801 ci = crypto_alloc_blkcipher("pcbc(des)", 0, CRYPTO_ALG_ASYNC); 802 if (IS_ERR(ci)) { 803 _leave(" = %ld", PTR_ERR(ci)); 804 return PTR_ERR(ci); 805 } 806 807 if (crypto_blkcipher_setkey(ci, data, 8) < 0) 808 BUG(); 809 810 key->payload.data = ci; 811 _leave(" = 0"); 812 return 0; 813} 814 815/* 816 * dispose of the data dangling from the corpse of a rxrpc key 817 */ 818static void rxrpc_destroy(struct key *key) 819{ 820 struct rxrpc_key_token *token; 821 822 while ((token = key->payload.data)) { 823 key->payload.data = token->next; 824 switch (token->security_index) { 825 case RXRPC_SECURITY_RXKAD: 826 kfree(token->kad); 827 break; 828 case RXRPC_SECURITY_RXK5: 829 if (token->k5) 830 rxrpc_rxk5_free(token->k5); 831 break; 832 default: 833 printk(KERN_ERR "Unknown token type %x on rxrpc key\n", 834 token->security_index); 835 BUG(); 836 } 837 838 kfree(token); 839 } 840} 841 842/* 843 * dispose of the data dangling from the corpse of a rxrpc key 844 */ 845static void rxrpc_destroy_s(struct key *key) 846{ 847 if (key->payload.data) { 848 crypto_free_blkcipher(key->payload.data); 849 key->payload.data = NULL; 850 } 851} 852 853/* 854 * describe the rxrpc key 855 */ 856static void rxrpc_describe(const struct key *key, struct seq_file *m) 857{ 858 seq_puts(m, key->description); 859} 860 861/* 862 * grab the security key for a socket 863 */ 864int rxrpc_request_key(struct rxrpc_sock *rx, char __user *optval, int optlen) 865{ 866 struct key *key; 867 char *description; 868 869 _enter(""); 870 871 if (optlen <= 0 || optlen > PAGE_SIZE - 1) 872 return -EINVAL; 873 874 description = kmalloc(optlen + 1, GFP_KERNEL); 875 if (!description) 876 return -ENOMEM; 877 878 if (copy_from_user(description, optval, optlen)) { 879 kfree(description); 880 return -EFAULT; 881 } 882 description[optlen] = 0; 883 884 key = request_key(&key_type_rxrpc, description, NULL); 885 if (IS_ERR(key)) { 886 kfree(description); 887 _leave(" = %ld", PTR_ERR(key)); 888 return PTR_ERR(key); 889 } 890 891 rx->key = key; 892 kfree(description); 893 _leave(" = 0 [key %x]", key->serial); 894 return 0; 895} 896 897/* 898 * grab the security keyring for a server socket 899 */ 900int rxrpc_server_keyring(struct rxrpc_sock *rx, char __user *optval, 901 int optlen) 902{ 903 struct key *key; 904 char *description; 905 906 _enter(""); 907 908 if (optlen <= 0 || optlen > PAGE_SIZE - 1) 909 return -EINVAL; 910 911 description = kmalloc(optlen + 1, GFP_KERNEL); 912 if (!description) 913 return -ENOMEM; 914 915 if (copy_from_user(description, optval, optlen)) { 916 kfree(description); 917 return -EFAULT; 918 } 919 description[optlen] = 0; 920 921 key = request_key(&key_type_keyring, description, NULL); 922 if (IS_ERR(key)) { 923 kfree(description); 924 _leave(" = %ld", PTR_ERR(key)); 925 return PTR_ERR(key); 926 } 927 928 rx->securities = key; 929 kfree(description); 930 _leave(" = 0 [key %x]", key->serial); 931 return 0; 932} 933 934/* 935 * generate a server data key 936 */ 937int rxrpc_get_server_data_key(struct rxrpc_connection *conn, 938 const void *session_key, 939 time_t expiry, 940 u32 kvno) 941{ 942 const struct cred *cred = current_cred(); 943 struct key *key; 944 int ret; 945 946 struct { 947 u32 kver; 948 struct rxrpc_key_data_v1 v1; 949 } data; 950 951 _enter(""); 952 953 key = key_alloc(&key_type_rxrpc, "x", 0, 0, cred, 0, 954 KEY_ALLOC_NOT_IN_QUOTA); 955 if (IS_ERR(key)) { 956 _leave(" = -ENOMEM [alloc %ld]", PTR_ERR(key)); 957 return -ENOMEM; 958 } 959 960 _debug("key %d", key_serial(key)); 961 962 data.kver = 1; 963 data.v1.security_index = RXRPC_SECURITY_RXKAD; 964 data.v1.ticket_length = 0; 965 data.v1.expiry = expiry; 966 data.v1.kvno = 0; 967 968 memcpy(&data.v1.session_key, session_key, sizeof(data.v1.session_key)); 969 970 ret = key_instantiate_and_link(key, &data, sizeof(data), NULL, NULL); 971 if (ret < 0) 972 goto error; 973 974 conn->key = key; 975 _leave(" = 0 [%d]", key_serial(key)); 976 return 0; 977 978error: 979 key_revoke(key); 980 key_put(key); 981 _leave(" = -ENOMEM [ins %d]", ret); 982 return -ENOMEM; 983} 984EXPORT_SYMBOL(rxrpc_get_server_data_key); 985 986/** 987 * rxrpc_get_null_key - Generate a null RxRPC key 988 * @keyname: The name to give the key. 989 * 990 * Generate a null RxRPC key that can be used to indicate anonymous security is 991 * required for a particular domain. 992 */ 993struct key *rxrpc_get_null_key(const char *keyname) 994{ 995 const struct cred *cred = current_cred(); 996 struct key *key; 997 int ret; 998 999 key = key_alloc(&key_type_rxrpc, keyname, 0, 0, cred, 1000 KEY_POS_SEARCH, KEY_ALLOC_NOT_IN_QUOTA); 1001 if (IS_ERR(key)) 1002 return key; 1003 1004 ret = key_instantiate_and_link(key, NULL, 0, NULL, NULL); 1005 if (ret < 0) { 1006 key_revoke(key); 1007 key_put(key); 1008 return ERR_PTR(ret); 1009 } 1010 1011 return key; 1012} 1013EXPORT_SYMBOL(rxrpc_get_null_key); 1014 1015/* 1016 * read the contents of an rxrpc key 1017 * - this returns the result in XDR form 1018 */ 1019static long rxrpc_read(const struct key *key, 1020 char __user *buffer, size_t buflen) 1021{ 1022 const struct rxrpc_key_token *token; 1023 const struct krb5_principal *princ; 1024 size_t size; 1025 __be32 __user *xdr, *oldxdr; 1026 u32 cnlen, toksize, ntoks, tok, zero; 1027 u16 toksizes[AFSTOKEN_MAX]; 1028 int loop; 1029 1030 _enter(""); 1031 1032 /* we don't know what form we should return non-AFS keys in */ 1033 if (memcmp(key->description, "afs@", 4) != 0) 1034 return -EOPNOTSUPP; 1035 cnlen = strlen(key->description + 4); 1036 1037#define RND(X) (((X) + 3) & ~3) 1038 1039 /* AFS keys we return in XDR form, so we need to work out the size of 1040 * the XDR */ 1041 size = 2 * 4; /* flags, cellname len */ 1042 size += RND(cnlen); /* cellname */ 1043 size += 1 * 4; /* token count */ 1044 1045 ntoks = 0; 1046 for (token = key->payload.data; token; token = token->next) { 1047 toksize = 4; /* sec index */ 1048 1049 switch (token->security_index) { 1050 case RXRPC_SECURITY_RXKAD: 1051 toksize += 8 * 4; /* viceid, kvno, key*2, begin, 1052 * end, primary, tktlen */ 1053 toksize += RND(token->kad->ticket_len); 1054 break; 1055 1056 case RXRPC_SECURITY_RXK5: 1057 princ = &token->k5->client; 1058 toksize += 4 + princ->n_name_parts * 4; 1059 for (loop = 0; loop < princ->n_name_parts; loop++) 1060 toksize += RND(strlen(princ->name_parts[loop])); 1061 toksize += 4 + RND(strlen(princ->realm)); 1062 1063 princ = &token->k5->server; 1064 toksize += 4 + princ->n_name_parts * 4; 1065 for (loop = 0; loop < princ->n_name_parts; loop++) 1066 toksize += RND(strlen(princ->name_parts[loop])); 1067 toksize += 4 + RND(strlen(princ->realm)); 1068 1069 toksize += 8 + RND(token->k5->session.data_len); 1070 1071 toksize += 4 * 8 + 2 * 4; 1072 1073 toksize += 4 + token->k5->n_addresses * 8; 1074 for (loop = 0; loop < token->k5->n_addresses; loop++) 1075 toksize += RND(token->k5->addresses[loop].data_len); 1076 1077 toksize += 4 + RND(token->k5->ticket_len); 1078 toksize += 4 + RND(token->k5->ticket2_len); 1079 1080 toksize += 4 + token->k5->n_authdata * 8; 1081 for (loop = 0; loop < token->k5->n_authdata; loop++) 1082 toksize += RND(token->k5->authdata[loop].data_len); 1083 break; 1084 1085 default: /* we have a ticket we can't encode */ 1086 BUG(); 1087 continue; 1088 } 1089 1090 _debug("token[%u]: toksize=%u", ntoks, toksize); 1091 ASSERTCMP(toksize, <=, AFSTOKEN_LENGTH_MAX); 1092 1093 toksizes[ntoks++] = toksize; 1094 size += toksize + 4; /* each token has a length word */ 1095 } 1096 1097#undef RND 1098 1099 if (!buffer || buflen < size) 1100 return size; 1101 1102 xdr = (__be32 __user *) buffer; 1103 zero = 0; 1104#define ENCODE(x) \ 1105 do { \ 1106 __be32 y = htonl(x); \ 1107 if (put_user(y, xdr++) < 0) \ 1108 goto fault; \ 1109 } while(0) 1110#define ENCODE_DATA(l, s) \ 1111 do { \ 1112 u32 _l = (l); \ 1113 ENCODE(l); \ 1114 if (copy_to_user(xdr, (s), _l) != 0) \ 1115 goto fault; \ 1116 if (_l & 3 && \ 1117 copy_to_user((u8 *)xdr + _l, &zero, 4 - (_l & 3)) != 0) \ 1118 goto fault; \ 1119 xdr += (_l + 3) >> 2; \ 1120 } while(0) 1121#define ENCODE64(x) \ 1122 do { \ 1123 __be64 y = cpu_to_be64(x); \ 1124 if (copy_to_user(xdr, &y, 8) != 0) \ 1125 goto fault; \ 1126 xdr += 8 >> 2; \ 1127 } while(0) 1128#define ENCODE_STR(s) \ 1129 do { \ 1130 const char *_s = (s); \ 1131 ENCODE_DATA(strlen(_s), _s); \ 1132 } while(0) 1133 1134 ENCODE(0); /* flags */ 1135 ENCODE_DATA(cnlen, key->description + 4); /* cellname */ 1136 ENCODE(ntoks); 1137 1138 tok = 0; 1139 for (token = key->payload.data; token; token = token->next) { 1140 toksize = toksizes[tok++]; 1141 ENCODE(toksize); 1142 oldxdr = xdr; 1143 ENCODE(token->security_index); 1144 1145 switch (token->security_index) { 1146 case RXRPC_SECURITY_RXKAD: 1147 ENCODE(token->kad->vice_id); 1148 ENCODE(token->kad->kvno); 1149 ENCODE_DATA(8, token->kad->session_key); 1150 ENCODE(token->kad->start); 1151 ENCODE(token->kad->expiry); 1152 ENCODE(token->kad->primary_flag); 1153 ENCODE_DATA(token->kad->ticket_len, token->kad->ticket); 1154 break; 1155 1156 case RXRPC_SECURITY_RXK5: 1157 princ = &token->k5->client; 1158 ENCODE(princ->n_name_parts); 1159 for (loop = 0; loop < princ->n_name_parts; loop++) 1160 ENCODE_STR(princ->name_parts[loop]); 1161 ENCODE_STR(princ->realm); 1162 1163 princ = &token->k5->server; 1164 ENCODE(princ->n_name_parts); 1165 for (loop = 0; loop < princ->n_name_parts; loop++) 1166 ENCODE_STR(princ->name_parts[loop]); 1167 ENCODE_STR(princ->realm); 1168 1169 ENCODE(token->k5->session.tag); 1170 ENCODE_DATA(token->k5->session.data_len, 1171 token->k5->session.data); 1172 1173 ENCODE64(token->k5->authtime); 1174 ENCODE64(token->k5->starttime); 1175 ENCODE64(token->k5->endtime); 1176 ENCODE64(token->k5->renew_till); 1177 ENCODE(token->k5->is_skey); 1178 ENCODE(token->k5->flags); 1179 1180 ENCODE(token->k5->n_addresses); 1181 for (loop = 0; loop < token->k5->n_addresses; loop++) { 1182 ENCODE(token->k5->addresses[loop].tag); 1183 ENCODE_DATA(token->k5->addresses[loop].data_len, 1184 token->k5->addresses[loop].data); 1185 } 1186 1187 ENCODE_DATA(token->k5->ticket_len, token->k5->ticket); 1188 ENCODE_DATA(token->k5->ticket2_len, token->k5->ticket2); 1189 1190 ENCODE(token->k5->n_authdata); 1191 for (loop = 0; loop < token->k5->n_authdata; loop++) { 1192 ENCODE(token->k5->authdata[loop].tag); 1193 ENCODE_DATA(token->k5->authdata[loop].data_len, 1194 token->k5->authdata[loop].data); 1195 } 1196 break; 1197 1198 default: 1199 BUG(); 1200 break; 1201 } 1202 1203 ASSERTCMP((unsigned long)xdr - (unsigned long)oldxdr, ==, 1204 toksize); 1205 } 1206 1207#undef ENCODE_STR 1208#undef ENCODE_DATA 1209#undef ENCODE64 1210#undef ENCODE 1211 1212 ASSERTCMP(tok, ==, ntoks); 1213 ASSERTCMP((char __user *) xdr - buffer, ==, size); 1214 _leave(" = %zu", size); 1215 return size; 1216 1217fault: 1218 _leave(" = -EFAULT"); 1219 return -EFAULT; 1220}