tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom
kernel / net / rxrpc / ar-key.c
at v3.14-rc8 1220 lines 29 kB view raw
1/* RxRPC key management 2 * 3 * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version 9 * 2 of the License, or (at your option) any later version. 10 * 11 * RxRPC keys should have a description of describing their purpose: 12 * "afs@CAMBRIDGE.REDHAT.COM> 13 */ 14 15#include <linux/module.h> 16#include <linux/net.h> 17#include <linux/skbuff.h> 18#include <linux/key-type.h> 19#include <linux/crypto.h> 20#include <linux/ctype.h> 21#include <linux/slab.h> 22#include <net/sock.h> 23#include <net/af_rxrpc.h> 24#include <keys/rxrpc-type.h> 25#include <keys/user-type.h> 26#include "ar-internal.h" 27 28static int rxrpc_vet_description_s(const char *); 29static int rxrpc_instantiate(struct key *, struct key_preparsed_payload *); 30static int rxrpc_instantiate_s(struct key *, struct key_preparsed_payload *); 31static void rxrpc_destroy(struct key *); 32static void rxrpc_destroy_s(struct key *); 33static void rxrpc_describe(const struct key *, struct seq_file *); 34static long rxrpc_read(const struct key *, char __user *, size_t); 35 36/* 37 * rxrpc defined keys take an arbitrary string as the description and an 38 * arbitrary blob of data as the payload 39 */ 40struct key_type key_type_rxrpc = { 41 .name = "rxrpc", 42 .instantiate = rxrpc_instantiate, 43 .match = user_match, 44 .destroy = rxrpc_destroy, 45 .describe = rxrpc_describe, 46 .read = rxrpc_read, 47}; 48EXPORT_SYMBOL(key_type_rxrpc); 49 50/* 51 * rxrpc server defined keys take "<serviceId>:<securityIndex>" as the 52 * description and an 8-byte decryption key as the payload 53 */ 54struct key_type key_type_rxrpc_s = { 55 .name = "rxrpc_s", 56 .vet_description = rxrpc_vet_description_s, 57 .instantiate = rxrpc_instantiate_s, 58 .match = user_match, 59 .destroy = rxrpc_destroy_s, 60 .describe = rxrpc_describe, 61}; 62 63/* 64 * Vet the description for an RxRPC server key 65 */ 66static int rxrpc_vet_description_s(const char *desc) 67{ 68 unsigned long num; 69 char *p; 70 71 num = simple_strtoul(desc, &p, 10); 72 if (*p != ':' || num > 65535) 73 return -EINVAL; 74 num = simple_strtoul(p + 1, &p, 10); 75 if (*p || num < 1 || num > 255) 76 return -EINVAL; 77 return 0; 78} 79 80/* 81 * parse an RxKAD type XDR format token 82 * - the caller guarantees we have at least 4 words 83 */ 84static int rxrpc_instantiate_xdr_rxkad(struct key *key, const __be32 *xdr, 85 unsigned int toklen) 86{ 87 struct rxrpc_key_token *token, **pptoken; 88 size_t plen; 89 u32 tktlen; 90 int ret; 91 92 _enter(",{%x,%x,%x,%x},%u", 93 ntohl(xdr[0]), ntohl(xdr[1]), ntohl(xdr[2]), ntohl(xdr[3]), 94 toklen); 95 96 if (toklen <= 8 * 4) 97 return -EKEYREJECTED; 98 tktlen = ntohl(xdr[7]); 99 _debug("tktlen: %x", tktlen); 100 if (tktlen > AFSTOKEN_RK_TIX_MAX) 101 return -EKEYREJECTED; 102 if (8 * 4 + tktlen != toklen) 103 return -EKEYREJECTED; 104 105 plen = sizeof(*token) + sizeof(*token->kad) + tktlen; 106 ret = key_payload_reserve(key, key->datalen + plen); 107 if (ret < 0) 108 return ret; 109 110 plen -= sizeof(*token); 111 token = kzalloc(sizeof(*token), GFP_KERNEL); 112 if (!token) 113 return -ENOMEM; 114 115 token->kad = kzalloc(plen, GFP_KERNEL); 116 if (!token->kad) { 117 kfree(token); 118 return -ENOMEM; 119 } 120 121 token->security_index = RXRPC_SECURITY_RXKAD; 122 token->kad->ticket_len = tktlen; 123 token->kad->vice_id = ntohl(xdr[0]); 124 token->kad->kvno = ntohl(xdr[1]); 125 token->kad->start = ntohl(xdr[4]); 126 token->kad->expiry = ntohl(xdr[5]); 127 token->kad->primary_flag = ntohl(xdr[6]); 128 memcpy(&token->kad->session_key, &xdr[2], 8); 129 memcpy(&token->kad->ticket, &xdr[8], tktlen); 130 131 _debug("SCIX: %u", token->security_index); 132 _debug("TLEN: %u", token->kad->ticket_len); 133 _debug("EXPY: %x", token->kad->expiry); 134 _debug("KVNO: %u", token->kad->kvno); 135 _debug("PRIM: %u", token->kad->primary_flag); 136 _debug("SKEY: %02x%02x%02x%02x%02x%02x%02x%02x", 137 token->kad->session_key[0], token->kad->session_key[1], 138 token->kad->session_key[2], token->kad->session_key[3], 139 token->kad->session_key[4], token->kad->session_key[5], 140 token->kad->session_key[6], token->kad->session_key[7]); 141 if (token->kad->ticket_len >= 8) 142 _debug("TCKT: %02x%02x%02x%02x%02x%02x%02x%02x", 143 token->kad->ticket[0], token->kad->ticket[1], 144 token->kad->ticket[2], token->kad->ticket[3], 145 token->kad->ticket[4], token->kad->ticket[5], 146 token->kad->ticket[6], token->kad->ticket[7]); 147 148 /* count the number of tokens attached */ 149 key->type_data.x[0]++; 150 151 /* attach the data */ 152 for (pptoken = (struct rxrpc_key_token **)&key->payload.data; 153 *pptoken; 154 pptoken = &(*pptoken)->next) 155 continue; 156 *pptoken = token; 157 if (token->kad->expiry < key->expiry) 158 key->expiry = token->kad->expiry; 159 160 _leave(" = 0"); 161 return 0; 162} 163 164static void rxrpc_free_krb5_principal(struct krb5_principal *princ) 165{ 166 int loop; 167 168 if (princ->name_parts) { 169 for (loop = princ->n_name_parts - 1; loop >= 0; loop--) 170 kfree(princ->name_parts[loop]); 171 kfree(princ->name_parts); 172 } 173 kfree(princ->realm); 174} 175 176static void rxrpc_free_krb5_tagged(struct krb5_tagged_data *td) 177{ 178 kfree(td->data); 179} 180 181/* 182 * free up an RxK5 token 183 */ 184static void rxrpc_rxk5_free(struct rxk5_key *rxk5) 185{ 186 int loop; 187 188 rxrpc_free_krb5_principal(&rxk5->client); 189 rxrpc_free_krb5_principal(&rxk5->server); 190 rxrpc_free_krb5_tagged(&rxk5->session); 191 192 if (rxk5->addresses) { 193 for (loop = rxk5->n_addresses - 1; loop >= 0; loop--) 194 rxrpc_free_krb5_tagged(&rxk5->addresses[loop]); 195 kfree(rxk5->addresses); 196 } 197 if (rxk5->authdata) { 198 for (loop = rxk5->n_authdata - 1; loop >= 0; loop--) 199 rxrpc_free_krb5_tagged(&rxk5->authdata[loop]); 200 kfree(rxk5->authdata); 201 } 202 203 kfree(rxk5->ticket); 204 kfree(rxk5->ticket2); 205 kfree(rxk5); 206} 207 208/* 209 * extract a krb5 principal 210 */ 211static int rxrpc_krb5_decode_principal(struct krb5_principal *princ, 212 const __be32 **_xdr, 213 unsigned int *_toklen) 214{ 215 const __be32 *xdr = *_xdr; 216 unsigned int toklen = *_toklen, n_parts, loop, tmp; 217 218 /* there must be at least one name, and at least #names+1 length 219 * words */ 220 if (toklen <= 12) 221 return -EINVAL; 222 223 _enter(",{%x,%x,%x},%u", 224 ntohl(xdr[0]), ntohl(xdr[1]), ntohl(xdr[2]), toklen); 225 226 n_parts = ntohl(*xdr++); 227 toklen -= 4; 228 if (n_parts <= 0 || n_parts > AFSTOKEN_K5_COMPONENTS_MAX) 229 return -EINVAL; 230 princ->n_name_parts = n_parts; 231 232 if (toklen <= (n_parts + 1) * 4) 233 return -EINVAL; 234 235 princ->name_parts = kcalloc(n_parts, sizeof(char *), GFP_KERNEL); 236 if (!princ->name_parts) 237 return -ENOMEM; 238 239 for (loop = 0; loop < n_parts; loop++) { 240 if (toklen < 4) 241 return -EINVAL; 242 tmp = ntohl(*xdr++); 243 toklen -= 4; 244 if (tmp <= 0 || tmp > AFSTOKEN_STRING_MAX) 245 return -EINVAL; 246 if (tmp > toklen) 247 return -EINVAL; 248 princ->name_parts[loop] = kmalloc(tmp + 1, GFP_KERNEL); 249 if (!princ->name_parts[loop]) 250 return -ENOMEM; 251 memcpy(princ->name_parts[loop], xdr, tmp); 252 princ->name_parts[loop][tmp] = 0; 253 tmp = (tmp + 3) & ~3; 254 toklen -= tmp; 255 xdr += tmp >> 2; 256 } 257 258 if (toklen < 4) 259 return -EINVAL; 260 tmp = ntohl(*xdr++); 261 toklen -= 4; 262 if (tmp <= 0 || tmp > AFSTOKEN_K5_REALM_MAX) 263 return -EINVAL; 264 if (tmp > toklen) 265 return -EINVAL; 266 princ->realm = kmalloc(tmp + 1, GFP_KERNEL); 267 if (!princ->realm) 268 return -ENOMEM; 269 memcpy(princ->realm, xdr, tmp); 270 princ->realm[tmp] = 0; 271 tmp = (tmp + 3) & ~3; 272 toklen -= tmp; 273 xdr += tmp >> 2; 274 275 _debug("%s/...@%s", princ->name_parts[0], princ->realm); 276 277 *_xdr = xdr; 278 *_toklen = toklen; 279 _leave(" = 0 [toklen=%u]", toklen); 280 return 0; 281} 282 283/* 284 * extract a piece of krb5 tagged data 285 */ 286static int rxrpc_krb5_decode_tagged_data(struct krb5_tagged_data *td, 287 size_t max_data_size, 288 const __be32 **_xdr, 289 unsigned int *_toklen) 290{ 291 const __be32 *xdr = *_xdr; 292 unsigned int toklen = *_toklen, len; 293 294 /* there must be at least one tag and one length word */ 295 if (toklen <= 8) 296 return -EINVAL; 297 298 _enter(",%zu,{%x,%x},%u", 299 max_data_size, ntohl(xdr[0]), ntohl(xdr[1]), toklen); 300 301 td->tag = ntohl(*xdr++); 302 len = ntohl(*xdr++); 303 toklen -= 8; 304 if (len > max_data_size) 305 return -EINVAL; 306 td->data_len = len; 307 308 if (len > 0) { 309 td->data = kmemdup(xdr, len, GFP_KERNEL); 310 if (!td->data) 311 return -ENOMEM; 312 len = (len + 3) & ~3; 313 toklen -= len; 314 xdr += len >> 2; 315 } 316 317 _debug("tag %x len %x", td->tag, td->data_len); 318 319 *_xdr = xdr; 320 *_toklen = toklen; 321 _leave(" = 0 [toklen=%u]", toklen); 322 return 0; 323} 324 325/* 326 * extract an array of tagged data 327 */ 328static int rxrpc_krb5_decode_tagged_array(struct krb5_tagged_data **_td, 329 u8 *_n_elem, 330 u8 max_n_elem, 331 size_t max_elem_size, 332 const __be32 **_xdr, 333 unsigned int *_toklen) 334{ 335 struct krb5_tagged_data *td; 336 const __be32 *xdr = *_xdr; 337 unsigned int toklen = *_toklen, n_elem, loop; 338 int ret; 339 340 /* there must be at least one count */ 341 if (toklen < 4) 342 return -EINVAL; 343 344 _enter(",,%u,%zu,{%x},%u", 345 max_n_elem, max_elem_size, ntohl(xdr[0]), toklen); 346 347 n_elem = ntohl(*xdr++); 348 toklen -= 4; 349 if (n_elem < 0 || n_elem > max_n_elem) 350 return -EINVAL; 351 *_n_elem = n_elem; 352 if (n_elem > 0) { 353 if (toklen <= (n_elem + 1) * 4) 354 return -EINVAL; 355 356 _debug("n_elem %d", n_elem); 357 358 td = kcalloc(n_elem, sizeof(struct krb5_tagged_data), 359 GFP_KERNEL); 360 if (!td) 361 return -ENOMEM; 362 *_td = td; 363 364 for (loop = 0; loop < n_elem; loop++) { 365 ret = rxrpc_krb5_decode_tagged_data(&td[loop], 366 max_elem_size, 367 &xdr, &toklen); 368 if (ret < 0) 369 return ret; 370 } 371 } 372 373 *_xdr = xdr; 374 *_toklen = toklen; 375 _leave(" = 0 [toklen=%u]", toklen); 376 return 0; 377} 378 379/* 380 * extract a krb5 ticket 381 */ 382static int rxrpc_krb5_decode_ticket(u8 **_ticket, u16 *_tktlen, 383 const __be32 **_xdr, unsigned int *_toklen) 384{ 385 const __be32 *xdr = *_xdr; 386 unsigned int toklen = *_toklen, len; 387 388 /* there must be at least one length word */ 389 if (toklen <= 4) 390 return -EINVAL; 391 392 _enter(",{%x},%u", ntohl(xdr[0]), toklen); 393 394 len = ntohl(*xdr++); 395 toklen -= 4; 396 if (len > AFSTOKEN_K5_TIX_MAX) 397 return -EINVAL; 398 *_tktlen = len; 399 400 _debug("ticket len %u", len); 401 402 if (len > 0) { 403 *_ticket = kmemdup(xdr, len, GFP_KERNEL); 404 if (!*_ticket) 405 return -ENOMEM; 406 len = (len + 3) & ~3; 407 toklen -= len; 408 xdr += len >> 2; 409 } 410 411 *_xdr = xdr; 412 *_toklen = toklen; 413 _leave(" = 0 [toklen=%u]", toklen); 414 return 0; 415} 416 417/* 418 * parse an RxK5 type XDR format token 419 * - the caller guarantees we have at least 4 words 420 */ 421static int rxrpc_instantiate_xdr_rxk5(struct key *key, const __be32 *xdr, 422 unsigned int toklen) 423{ 424 struct rxrpc_key_token *token, **pptoken; 425 struct rxk5_key *rxk5; 426 const __be32 *end_xdr = xdr + (toklen >> 2); 427 int ret; 428 429 _enter(",{%x,%x,%x,%x},%u", 430 ntohl(xdr[0]), ntohl(xdr[1]), ntohl(xdr[2]), ntohl(xdr[3]), 431 toklen); 432 433 /* reserve some payload space for this subkey - the length of the token 434 * is a reasonable approximation */ 435 ret = key_payload_reserve(key, key->datalen + toklen); 436 if (ret < 0) 437 return ret; 438 439 token = kzalloc(sizeof(*token), GFP_KERNEL); 440 if (!token) 441 return -ENOMEM; 442 443 rxk5 = kzalloc(sizeof(*rxk5), GFP_KERNEL); 444 if (!rxk5) { 445 kfree(token); 446 return -ENOMEM; 447 } 448 449 token->security_index = RXRPC_SECURITY_RXK5; 450 token->k5 = rxk5; 451 452 /* extract the principals */ 453 ret = rxrpc_krb5_decode_principal(&rxk5->client, &xdr, &toklen); 454 if (ret < 0) 455 goto error; 456 ret = rxrpc_krb5_decode_principal(&rxk5->server, &xdr, &toklen); 457 if (ret < 0) 458 goto error; 459 460 /* extract the session key and the encoding type (the tag field -> 461 * ENCTYPE_xxx) */ 462 ret = rxrpc_krb5_decode_tagged_data(&rxk5->session, AFSTOKEN_DATA_MAX, 463 &xdr, &toklen); 464 if (ret < 0) 465 goto error; 466 467 if (toklen < 4 * 8 + 2 * 4) 468 goto inval; 469 rxk5->authtime = be64_to_cpup((const __be64 *) xdr); 470 xdr += 2; 471 rxk5->starttime = be64_to_cpup((const __be64 *) xdr); 472 xdr += 2; 473 rxk5->endtime = be64_to_cpup((const __be64 *) xdr); 474 xdr += 2; 475 rxk5->renew_till = be64_to_cpup((const __be64 *) xdr); 476 xdr += 2; 477 rxk5->is_skey = ntohl(*xdr++); 478 rxk5->flags = ntohl(*xdr++); 479 toklen -= 4 * 8 + 2 * 4; 480 481 _debug("times: a=%llx s=%llx e=%llx rt=%llx", 482 rxk5->authtime, rxk5->starttime, rxk5->endtime, 483 rxk5->renew_till); 484 _debug("is_skey=%x flags=%x", rxk5->is_skey, rxk5->flags); 485 486 /* extract the permitted client addresses */ 487 ret = rxrpc_krb5_decode_tagged_array(&rxk5->addresses, 488 &rxk5->n_addresses, 489 AFSTOKEN_K5_ADDRESSES_MAX, 490 AFSTOKEN_DATA_MAX, 491 &xdr, &toklen); 492 if (ret < 0) 493 goto error; 494 495 ASSERTCMP((end_xdr - xdr) << 2, ==, toklen); 496 497 /* extract the tickets */ 498 ret = rxrpc_krb5_decode_ticket(&rxk5->ticket, &rxk5->ticket_len, 499 &xdr, &toklen); 500 if (ret < 0) 501 goto error; 502 ret = rxrpc_krb5_decode_ticket(&rxk5->ticket2, &rxk5->ticket2_len, 503 &xdr, &toklen); 504 if (ret < 0) 505 goto error; 506 507 ASSERTCMP((end_xdr - xdr) << 2, ==, toklen); 508 509 /* extract the typed auth data */ 510 ret = rxrpc_krb5_decode_tagged_array(&rxk5->authdata, 511 &rxk5->n_authdata, 512 AFSTOKEN_K5_AUTHDATA_MAX, 513 AFSTOKEN_BDATALN_MAX, 514 &xdr, &toklen); 515 if (ret < 0) 516 goto error; 517 518 ASSERTCMP((end_xdr - xdr) << 2, ==, toklen); 519 520 if (toklen != 0) 521 goto inval; 522 523 /* attach the payload to the key */ 524 for (pptoken = (struct rxrpc_key_token **)&key->payload.data; 525 *pptoken; 526 pptoken = &(*pptoken)->next) 527 continue; 528 *pptoken = token; 529 if (token->kad->expiry < key->expiry) 530 key->expiry = token->kad->expiry; 531 532 _leave(" = 0"); 533 return 0; 534 535inval: 536 ret = -EINVAL; 537error: 538 rxrpc_rxk5_free(rxk5); 539 kfree(token); 540 _leave(" = %d", ret); 541 return ret; 542} 543 544/* 545 * attempt to parse the data as the XDR format 546 * - the caller guarantees we have more than 7 words 547 */ 548static int rxrpc_instantiate_xdr(struct key *key, const void *data, size_t datalen) 549{ 550 const __be32 *xdr = data, *token; 551 const char *cp; 552 unsigned int len, tmp, loop, ntoken, toklen, sec_ix; 553 int ret; 554 555 _enter(",{%x,%x,%x,%x},%zu", 556 ntohl(xdr[0]), ntohl(xdr[1]), ntohl(xdr[2]), ntohl(xdr[3]), 557 datalen); 558 559 if (datalen > AFSTOKEN_LENGTH_MAX) 560 goto not_xdr; 561 562 /* XDR is an array of __be32's */ 563 if (datalen & 3) 564 goto not_xdr; 565 566 /* the flags should be 0 (the setpag bit must be handled by 567 * userspace) */ 568 if (ntohl(*xdr++) != 0) 569 goto not_xdr; 570 datalen -= 4; 571 572 /* check the cell name */ 573 len = ntohl(*xdr++); 574 if (len < 1 || len > AFSTOKEN_CELL_MAX) 575 goto not_xdr; 576 datalen -= 4; 577 tmp = (len + 3) & ~3; 578 if (tmp > datalen) 579 goto not_xdr; 580 581 cp = (const char *) xdr; 582 for (loop = 0; loop < len; loop++) 583 if (!isprint(cp[loop])) 584 goto not_xdr; 585 if (len < tmp) 586 for (; loop < tmp; loop++) 587 if (cp[loop]) 588 goto not_xdr; 589 _debug("cellname: [%u/%u] '%*.*s'", 590 len, tmp, len, len, (const char *) xdr); 591 datalen -= tmp; 592 xdr += tmp >> 2; 593 594 /* get the token count */ 595 if (datalen < 12) 596 goto not_xdr; 597 ntoken = ntohl(*xdr++); 598 datalen -= 4; 599 _debug("ntoken: %x", ntoken); 600 if (ntoken < 1 || ntoken > AFSTOKEN_MAX) 601 goto not_xdr; 602 603 /* check each token wrapper */ 604 token = xdr; 605 loop = ntoken; 606 do { 607 if (datalen < 8) 608 goto not_xdr; 609 toklen = ntohl(*xdr++); 610 sec_ix = ntohl(*xdr); 611 datalen -= 4; 612 _debug("token: [%x/%zx] %x", toklen, datalen, sec_ix); 613 if (toklen < 20 || toklen > datalen) 614 goto not_xdr; 615 datalen -= (toklen + 3) & ~3; 616 xdr += (toklen + 3) >> 2; 617 618 } while (--loop > 0); 619 620 _debug("remainder: %zu", datalen); 621 if (datalen != 0) 622 goto not_xdr; 623 624 /* okay: we're going to assume it's valid XDR format 625 * - we ignore the cellname, relying on the key to be correctly named 626 */ 627 do { 628 xdr = token; 629 toklen = ntohl(*xdr++); 630 token = xdr + ((toklen + 3) >> 2); 631 sec_ix = ntohl(*xdr++); 632 toklen -= 4; 633 634 _debug("TOKEN type=%u [%p-%p]", sec_ix, xdr, token); 635 636 switch (sec_ix) { 637 case RXRPC_SECURITY_RXKAD: 638 ret = rxrpc_instantiate_xdr_rxkad(key, xdr, toklen); 639 if (ret != 0) 640 goto error; 641 break; 642 643 case RXRPC_SECURITY_RXK5: 644 ret = rxrpc_instantiate_xdr_rxk5(key, xdr, toklen); 645 if (ret != 0) 646 goto error; 647 break; 648 649 default: 650 ret = -EPROTONOSUPPORT; 651 goto error; 652 } 653 654 } while (--ntoken > 0); 655 656 _leave(" = 0"); 657 return 0; 658 659not_xdr: 660 _leave(" = -EPROTO"); 661 return -EPROTO; 662error: 663 _leave(" = %d", ret); 664 return ret; 665} 666 667/* 668 * instantiate an rxrpc defined key 669 * data should be of the form: 670 * OFFSET LEN CONTENT 671 * 0 4 key interface version number 672 * 4 2 security index (type) 673 * 6 2 ticket length 674 * 8 4 key expiry time (time_t) 675 * 12 4 kvno 676 * 16 8 session key 677 * 24 [len] ticket 678 * 679 * if no data is provided, then a no-security key is made 680 */ 681static int rxrpc_instantiate(struct key *key, struct key_preparsed_payload *prep) 682{ 683 const struct rxrpc_key_data_v1 *v1; 684 struct rxrpc_key_token *token, **pp; 685 size_t plen; 686 u32 kver; 687 int ret; 688 689 _enter("{%x},,%zu", key_serial(key), prep->datalen); 690 691 /* handle a no-security key */ 692 if (!prep->data && prep->datalen == 0) 693 return 0; 694 695 /* determine if the XDR payload format is being used */ 696 if (prep->datalen > 7 * 4) { 697 ret = rxrpc_instantiate_xdr(key, prep->data, prep->datalen); 698 if (ret != -EPROTO) 699 return ret; 700 } 701 702 /* get the key interface version number */ 703 ret = -EINVAL; 704 if (prep->datalen <= 4 || !prep->data) 705 goto error; 706 memcpy(&kver, prep->data, sizeof(kver)); 707 prep->data += sizeof(kver); 708 prep->datalen -= sizeof(kver); 709 710 _debug("KEY I/F VERSION: %u", kver); 711 712 ret = -EKEYREJECTED; 713 if (kver != 1) 714 goto error; 715 716 /* deal with a version 1 key */ 717 ret = -EINVAL; 718 if (prep->datalen < sizeof(*v1)) 719 goto error; 720 721 v1 = prep->data; 722 if (prep->datalen != sizeof(*v1) + v1->ticket_length) 723 goto error; 724 725 _debug("SCIX: %u", v1->security_index); 726 _debug("TLEN: %u", v1->ticket_length); 727 _debug("EXPY: %x", v1->expiry); 728 _debug("KVNO: %u", v1->kvno); 729 _debug("SKEY: %02x%02x%02x%02x%02x%02x%02x%02x", 730 v1->session_key[0], v1->session_key[1], 731 v1->session_key[2], v1->session_key[3], 732 v1->session_key[4], v1->session_key[5], 733 v1->session_key[6], v1->session_key[7]); 734 if (v1->ticket_length >= 8) 735 _debug("TCKT: %02x%02x%02x%02x%02x%02x%02x%02x", 736 v1->ticket[0], v1->ticket[1], 737 v1->ticket[2], v1->ticket[3], 738 v1->ticket[4], v1->ticket[5], 739 v1->ticket[6], v1->ticket[7]); 740 741 ret = -EPROTONOSUPPORT; 742 if (v1->security_index != RXRPC_SECURITY_RXKAD) 743 goto error; 744 745 plen = sizeof(*token->kad) + v1->ticket_length; 746 ret = key_payload_reserve(key, plen + sizeof(*token)); 747 if (ret < 0) 748 goto error; 749 750 ret = -ENOMEM; 751 token = kzalloc(sizeof(*token), GFP_KERNEL); 752 if (!token) 753 goto error; 754 token->kad = kzalloc(plen, GFP_KERNEL); 755 if (!token->kad) 756 goto error_free; 757 758 token->security_index = RXRPC_SECURITY_RXKAD; 759 token->kad->ticket_len = v1->ticket_length; 760 token->kad->expiry = v1->expiry; 761 token->kad->kvno = v1->kvno; 762 memcpy(&token->kad->session_key, &v1->session_key, 8); 763 memcpy(&token->kad->ticket, v1->ticket, v1->ticket_length); 764 765 /* attach the data */ 766 key->type_data.x[0]++; 767 768 pp = (struct rxrpc_key_token **)&key->payload.data; 769 while (*pp) 770 pp = &(*pp)->next; 771 *pp = token; 772 if (token->kad->expiry < key->expiry) 773 key->expiry = token->kad->expiry; 774 token = NULL; 775 ret = 0; 776 777error_free: 778 kfree(token); 779error: 780 return ret; 781} 782 783/* 784 * instantiate a server secret key 785 * data should be a pointer to the 8-byte secret key 786 */ 787static int rxrpc_instantiate_s(struct key *key, 788 struct key_preparsed_payload *prep) 789{ 790 struct crypto_blkcipher *ci; 791 792 _enter("{%x},,%zu", key_serial(key), prep->datalen); 793 794 if (prep->datalen != 8) 795 return -EINVAL; 796 797 memcpy(&key->type_data, prep->data, 8); 798 799 ci = crypto_alloc_blkcipher("pcbc(des)", 0, CRYPTO_ALG_ASYNC); 800 if (IS_ERR(ci)) { 801 _leave(" = %ld", PTR_ERR(ci)); 802 return PTR_ERR(ci); 803 } 804 805 if (crypto_blkcipher_setkey(ci, prep->data, 8) < 0) 806 BUG(); 807 808 key->payload.data = ci; 809 _leave(" = 0"); 810 return 0; 811} 812 813/* 814 * dispose of the data dangling from the corpse of a rxrpc key 815 */ 816static void rxrpc_destroy(struct key *key) 817{ 818 struct rxrpc_key_token *token; 819 820 while ((token = key->payload.data)) { 821 key->payload.data = token->next; 822 switch (token->security_index) { 823 case RXRPC_SECURITY_RXKAD: 824 kfree(token->kad); 825 break; 826 case RXRPC_SECURITY_RXK5: 827 if (token->k5) 828 rxrpc_rxk5_free(token->k5); 829 break; 830 default: 831 printk(KERN_ERR "Unknown token type %x on rxrpc key\n", 832 token->security_index); 833 BUG(); 834 } 835 836 kfree(token); 837 } 838} 839 840/* 841 * dispose of the data dangling from the corpse of a rxrpc key 842 */ 843static void rxrpc_destroy_s(struct key *key) 844{ 845 if (key->payload.data) { 846 crypto_free_blkcipher(key->payload.data); 847 key->payload.data = NULL; 848 } 849} 850 851/* 852 * describe the rxrpc key 853 */ 854static void rxrpc_describe(const struct key *key, struct seq_file *m) 855{ 856 seq_puts(m, key->description); 857} 858 859/* 860 * grab the security key for a socket 861 */ 862int rxrpc_request_key(struct rxrpc_sock *rx, char __user *optval, int optlen) 863{ 864 struct key *key; 865 char *description; 866 867 _enter(""); 868 869 if (optlen <= 0 || optlen > PAGE_SIZE - 1) 870 return -EINVAL; 871 872 description = kmalloc(optlen + 1, GFP_KERNEL); 873 if (!description) 874 return -ENOMEM; 875 876 if (copy_from_user(description, optval, optlen)) { 877 kfree(description); 878 return -EFAULT; 879 } 880 description[optlen] = 0; 881 882 key = request_key(&key_type_rxrpc, description, NULL); 883 if (IS_ERR(key)) { 884 kfree(description); 885 _leave(" = %ld", PTR_ERR(key)); 886 return PTR_ERR(key); 887 } 888 889 rx->key = key; 890 kfree(description); 891 _leave(" = 0 [key %x]", key->serial); 892 return 0; 893} 894 895/* 896 * grab the security keyring for a server socket 897 */ 898int rxrpc_server_keyring(struct rxrpc_sock *rx, char __user *optval, 899 int optlen) 900{ 901 struct key *key; 902 char *description; 903 904 _enter(""); 905 906 if (optlen <= 0 || optlen > PAGE_SIZE - 1) 907 return -EINVAL; 908 909 description = kmalloc(optlen + 1, GFP_KERNEL); 910 if (!description) 911 return -ENOMEM; 912 913 if (copy_from_user(description, optval, optlen)) { 914 kfree(description); 915 return -EFAULT; 916 } 917 description[optlen] = 0; 918 919 key = request_key(&key_type_keyring, description, NULL); 920 if (IS_ERR(key)) { 921 kfree(description); 922 _leave(" = %ld", PTR_ERR(key)); 923 return PTR_ERR(key); 924 } 925 926 rx->securities = key; 927 kfree(description); 928 _leave(" = 0 [key %x]", key->serial); 929 return 0; 930} 931 932/* 933 * generate a server data key 934 */ 935int rxrpc_get_server_data_key(struct rxrpc_connection *conn, 936 const void *session_key, 937 time_t expiry, 938 u32 kvno) 939{ 940 const struct cred *cred = current_cred(); 941 struct key *key; 942 int ret; 943 944 struct { 945 u32 kver; 946 struct rxrpc_key_data_v1 v1; 947 } data; 948 949 _enter(""); 950 951 key = key_alloc(&key_type_rxrpc, "x", 952 GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, cred, 0, 953 KEY_ALLOC_NOT_IN_QUOTA); 954 if (IS_ERR(key)) { 955 _leave(" = -ENOMEM [alloc %ld]", PTR_ERR(key)); 956 return -ENOMEM; 957 } 958 959 _debug("key %d", key_serial(key)); 960 961 data.kver = 1; 962 data.v1.security_index = RXRPC_SECURITY_RXKAD; 963 data.v1.ticket_length = 0; 964 data.v1.expiry = expiry; 965 data.v1.kvno = 0; 966 967 memcpy(&data.v1.session_key, session_key, sizeof(data.v1.session_key)); 968 969 ret = key_instantiate_and_link(key, &data, sizeof(data), NULL, NULL); 970 if (ret < 0) 971 goto error; 972 973 conn->key = key; 974 _leave(" = 0 [%d]", key_serial(key)); 975 return 0; 976 977error: 978 key_revoke(key); 979 key_put(key); 980 _leave(" = -ENOMEM [ins %d]", ret); 981 return -ENOMEM; 982} 983EXPORT_SYMBOL(rxrpc_get_server_data_key); 984 985/** 986 * rxrpc_get_null_key - Generate a null RxRPC key 987 * @keyname: The name to give the key. 988 * 989 * Generate a null RxRPC key that can be used to indicate anonymous security is 990 * required for a particular domain. 991 */ 992struct key *rxrpc_get_null_key(const char *keyname) 993{ 994 const struct cred *cred = current_cred(); 995 struct key *key; 996 int ret; 997 998 key = key_alloc(&key_type_rxrpc, keyname, 999 GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, cred, 1000 KEY_POS_SEARCH, KEY_ALLOC_NOT_IN_QUOTA); 1001 if (IS_ERR(key)) 1002 return key; 1003 1004 ret = key_instantiate_and_link(key, NULL, 0, NULL, NULL); 1005 if (ret < 0) { 1006 key_revoke(key); 1007 key_put(key); 1008 return ERR_PTR(ret); 1009 } 1010 1011 return key; 1012} 1013EXPORT_SYMBOL(rxrpc_get_null_key); 1014 1015/* 1016 * read the contents of an rxrpc key 1017 * - this returns the result in XDR form 1018 */ 1019static long rxrpc_read(const struct key *key, 1020 char __user *buffer, size_t buflen) 1021{ 1022 const struct rxrpc_key_token *token; 1023 const struct krb5_principal *princ; 1024 size_t size; 1025 __be32 __user *xdr, *oldxdr; 1026 u32 cnlen, toksize, ntoks, tok, zero; 1027 u16 toksizes[AFSTOKEN_MAX]; 1028 int loop; 1029 1030 _enter(""); 1031 1032 /* we don't know what form we should return non-AFS keys in */ 1033 if (memcmp(key->description, "afs@", 4) != 0) 1034 return -EOPNOTSUPP; 1035 cnlen = strlen(key->description + 4); 1036 1037#define RND(X) (((X) + 3) & ~3) 1038 1039 /* AFS keys we return in XDR form, so we need to work out the size of 1040 * the XDR */ 1041 size = 2 * 4; /* flags, cellname len */ 1042 size += RND(cnlen); /* cellname */ 1043 size += 1 * 4; /* token count */ 1044 1045 ntoks = 0; 1046 for (token = key->payload.data; token; token = token->next) { 1047 toksize = 4; /* sec index */ 1048 1049 switch (token->security_index) { 1050 case RXRPC_SECURITY_RXKAD: 1051 toksize += 8 * 4; /* viceid, kvno, key*2, begin, 1052 * end, primary, tktlen */ 1053 toksize += RND(token->kad->ticket_len); 1054 break; 1055 1056 case RXRPC_SECURITY_RXK5: 1057 princ = &token->k5->client; 1058 toksize += 4 + princ->n_name_parts * 4; 1059 for (loop = 0; loop < princ->n_name_parts; loop++) 1060 toksize += RND(strlen(princ->name_parts[loop])); 1061 toksize += 4 + RND(strlen(princ->realm)); 1062 1063 princ = &token->k5->server; 1064 toksize += 4 + princ->n_name_parts * 4; 1065 for (loop = 0; loop < princ->n_name_parts; loop++) 1066 toksize += RND(strlen(princ->name_parts[loop])); 1067 toksize += 4 + RND(strlen(princ->realm)); 1068 1069 toksize += 8 + RND(token->k5->session.data_len); 1070 1071 toksize += 4 * 8 + 2 * 4; 1072 1073 toksize += 4 + token->k5->n_addresses * 8; 1074 for (loop = 0; loop < token->k5->n_addresses; loop++) 1075 toksize += RND(token->k5->addresses[loop].data_len); 1076 1077 toksize += 4 + RND(token->k5->ticket_len); 1078 toksize += 4 + RND(token->k5->ticket2_len); 1079 1080 toksize += 4 + token->k5->n_authdata * 8; 1081 for (loop = 0; loop < token->k5->n_authdata; loop++) 1082 toksize += RND(token->k5->authdata[loop].data_len); 1083 break; 1084 1085 default: /* we have a ticket we can't encode */ 1086 BUG(); 1087 continue; 1088 } 1089 1090 _debug("token[%u]: toksize=%u", ntoks, toksize); 1091 ASSERTCMP(toksize, <=, AFSTOKEN_LENGTH_MAX); 1092 1093 toksizes[ntoks++] = toksize; 1094 size += toksize + 4; /* each token has a length word */ 1095 } 1096 1097#undef RND 1098 1099 if (!buffer || buflen < size) 1100 return size; 1101 1102 xdr = (__be32 __user *) buffer; 1103 zero = 0; 1104#define ENCODE(x) \ 1105 do { \ 1106 __be32 y = htonl(x); \ 1107 if (put_user(y, xdr++) < 0) \ 1108 goto fault; \ 1109 } while(0) 1110#define ENCODE_DATA(l, s) \ 1111 do { \ 1112 u32 _l = (l); \ 1113 ENCODE(l); \ 1114 if (copy_to_user(xdr, (s), _l) != 0) \ 1115 goto fault; \ 1116 if (_l & 3 && \ 1117 copy_to_user((u8 *)xdr + _l, &zero, 4 - (_l & 3)) != 0) \ 1118 goto fault; \ 1119 xdr += (_l + 3) >> 2; \ 1120 } while(0) 1121#define ENCODE64(x) \ 1122 do { \ 1123 __be64 y = cpu_to_be64(x); \ 1124 if (copy_to_user(xdr, &y, 8) != 0) \ 1125 goto fault; \ 1126 xdr += 8 >> 2; \ 1127 } while(0) 1128#define ENCODE_STR(s) \ 1129 do { \ 1130 const char *_s = (s); \ 1131 ENCODE_DATA(strlen(_s), _s); \ 1132 } while(0) 1133 1134 ENCODE(0); /* flags */ 1135 ENCODE_DATA(cnlen, key->description + 4); /* cellname */ 1136 ENCODE(ntoks); 1137 1138 tok = 0; 1139 for (token = key->payload.data; token; token = token->next) { 1140 toksize = toksizes[tok++]; 1141 ENCODE(toksize); 1142 oldxdr = xdr; 1143 ENCODE(token->security_index); 1144 1145 switch (token->security_index) { 1146 case RXRPC_SECURITY_RXKAD: 1147 ENCODE(token->kad->vice_id); 1148 ENCODE(token->kad->kvno); 1149 ENCODE_DATA(8, token->kad->session_key); 1150 ENCODE(token->kad->start); 1151 ENCODE(token->kad->expiry); 1152 ENCODE(token->kad->primary_flag); 1153 ENCODE_DATA(token->kad->ticket_len, token->kad->ticket); 1154 break; 1155 1156 case RXRPC_SECURITY_RXK5: 1157 princ = &token->k5->client; 1158 ENCODE(princ->n_name_parts); 1159 for (loop = 0; loop < princ->n_name_parts; loop++) 1160 ENCODE_STR(princ->name_parts[loop]); 1161 ENCODE_STR(princ->realm); 1162 1163 princ = &token->k5->server; 1164 ENCODE(princ->n_name_parts); 1165 for (loop = 0; loop < princ->n_name_parts; loop++) 1166 ENCODE_STR(princ->name_parts[loop]); 1167 ENCODE_STR(princ->realm); 1168 1169 ENCODE(token->k5->session.tag); 1170 ENCODE_DATA(token->k5->session.data_len, 1171 token->k5->session.data); 1172 1173 ENCODE64(token->k5->authtime); 1174 ENCODE64(token->k5->starttime); 1175 ENCODE64(token->k5->endtime); 1176 ENCODE64(token->k5->renew_till); 1177 ENCODE(token->k5->is_skey); 1178 ENCODE(token->k5->flags); 1179 1180 ENCODE(token->k5->n_addresses); 1181 for (loop = 0; loop < token->k5->n_addresses; loop++) { 1182 ENCODE(token->k5->addresses[loop].tag); 1183 ENCODE_DATA(token->k5->addresses[loop].data_len, 1184 token->k5->addresses[loop].data); 1185 } 1186 1187 ENCODE_DATA(token->k5->ticket_len, token->k5->ticket); 1188 ENCODE_DATA(token->k5->ticket2_len, token->k5->ticket2); 1189 1190 ENCODE(token->k5->n_authdata); 1191 for (loop = 0; loop < token->k5->n_authdata; loop++) { 1192 ENCODE(token->k5->authdata[loop].tag); 1193 ENCODE_DATA(token->k5->authdata[loop].data_len, 1194 token->k5->authdata[loop].data); 1195 } 1196 break; 1197 1198 default: 1199 BUG(); 1200 break; 1201 } 1202 1203 ASSERTCMP((unsigned long)xdr - (unsigned long)oldxdr, ==, 1204 toksize); 1205 } 1206 1207#undef ENCODE_STR 1208#undef ENCODE_DATA 1209#undef ENCODE64 1210#undef ENCODE 1211 1212 ASSERTCMP(tok, ==, ntoks); 1213 ASSERTCMP((char __user *) xdr - buffer, ==, size); 1214 _leave(" = %zu", size); 1215 return size; 1216 1217fault: 1218 _leave(" = -EFAULT"); 1219 return -EFAULT; 1220}