rxrpc: Add the security index for yfs-rxgk

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Add the security index and abort codes for the YFS variant of rxgk.

Signed-off-by: David Howells <dhowells@redhat.com>
Link: https://patch.msgid.link/20250411095303.2316168-6-dhowells@redhat.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

authored by

David Howells and committed by

Jakub Kicinski 11 months ago 01af6426 5800b1cf

+63

3 changed files

expand all

afs

misc.c

include

crypto

krb5.h

uapi

linux

rxrpc.h

+27

fs/afs/misc.c

··· 8 8 #include <linux/kernel.h> 9 9 #include <linux/module.h> 10 10 #include <linux/errno.h> 11 + #include <crypto/krb5.h> 11 12 #include "internal.h" 12 13 #include "afs_fs.h" 13 14 #include "protocol_uae.h" ··· 103 102 case RXKADSEALEDINCON: return -EKEYREJECTED; 104 103 case RXKADDATALEN: return -EKEYREJECTED; 105 104 case RXKADILLEGALLEVEL: return -EKEYREJECTED; 105 + 106 + case RXGK_INCONSISTENCY: return -EPROTO; 107 + case RXGK_PACKETSHORT: return -EPROTO; 108 + case RXGK_BADCHALLENGE: return -EPROTO; 109 + case RXGK_SEALEDINCON: return -EKEYREJECTED; 110 + case RXGK_NOTAUTH: return -EKEYREJECTED; 111 + case RXGK_EXPIRED: return -EKEYEXPIRED; 112 + case RXGK_BADLEVEL: return -EKEYREJECTED; 113 + case RXGK_BADKEYNO: return -EKEYREJECTED; 114 + case RXGK_NOTRXGK: return -EKEYREJECTED; 115 + case RXGK_UNSUPPORTED: return -EKEYREJECTED; 116 + case RXGK_GSSERROR: return -EKEYREJECTED; 117 + #ifdef RXGK_BADETYPE 118 + case RXGK_BADETYPE: return -ENOPKG; 119 + #endif 120 + #ifdef RXGK_BADTOKEN 121 + case RXGK_BADTOKEN: return -EKEYREJECTED; 122 + #endif 123 + #ifdef RXGK_BADETYPE 124 + case RXGK_DATALEN: return -EPROTO; 125 + #endif 126 + #ifdef RXGK_BADQOP 127 + case RXGK_BADQOP: return -EKEYREJECTED; 128 + #endif 129 + 130 + case KRB5_PROG_KEYTYPE_NOSUPP: return -ENOPKG; 106 131 107 132 case RXGEN_OPCODE: return -ENOTSUPP; 108 133

include/crypto/krb5.h

··· 64 64 #define KEY_USAGE_SEED_INTEGRITY (0x55) 65 65 66 66 /* 67 + * Standard Kerberos error codes. 68 + */ 69 + #define KRB5_PROG_KEYTYPE_NOSUPP -1765328233 70 + 71 + /* 67 72 * Mode of operation. 68 73 */ 69 74 enum krb5_crypto_mode {

+31

include/uapi/linux/rxrpc.h

··· 80 80 #define RXRPC_SECURITY_RXKAD 2 /* kaserver or kerberos 4 */ 81 81 #define RXRPC_SECURITY_RXGK 4 /* gssapi-based */ 82 82 #define RXRPC_SECURITY_RXK5 5 /* kerberos 5 */ 83 + #define RXRPC_SECURITY_YFS_RXGK 6 /* YFS gssapi-based */ 83 84 84 85 /* 85 86 * RxRPC-level abort codes ··· 125 124 #define RXKADSEALEDINCON 19270410 /* sealed data inconsistent */ 126 125 #define RXKADDATALEN 19270411 /* user data too long */ 127 126 #define RXKADILLEGALLEVEL 19270412 /* caller not authorised to use encrypted conns */ 127 + 128 + /* 129 + * RxGK GSSAPI security abort codes. 130 + */ 131 + #if 0 /* Original standard abort codes (used by OpenAFS) */ 132 + #define RXGK_INCONSISTENCY 1233242880 /* Security module structure inconsistent */ 133 + #define RXGK_PACKETSHORT 1233242881 /* Packet too short for security challenge */ 134 + #define RXGK_BADCHALLENGE 1233242882 /* Invalid security challenge */ 135 + #define RXGK_BADETYPE 1233242883 /* Invalid or impermissible encryption type */ 136 + #define RXGK_BADLEVEL 1233242884 /* Invalid or impermissible security level */ 137 + #define RXGK_BADKEYNO 1233242885 /* Key version number not found */ 138 + #define RXGK_EXPIRED 1233242886 /* Token has expired */ 139 + #define RXGK_NOTAUTH 1233242887 /* Caller not authorized */ 140 + #define RXGK_BAD_TOKEN 1233242888 /* Security object was passed a bad token */ 141 + #define RXGK_SEALED_INCON 1233242889 /* Sealed data inconsistent */ 142 + #define RXGK_DATA_LEN 1233242890 /* User data too long */ 143 + #define RXGK_BAD_QOP 1233242891 /* Inadequate quality of protection available */ 144 + #else /* Revised standard abort codes (used by YFS) */ 145 + #define RXGK_INCONSISTENCY 1233242880 /* Security module structure inconsistent */ 146 + #define RXGK_PACKETSHORT 1233242881 /* Packet too short for security challenge */ 147 + #define RXGK_BADCHALLENGE 1233242882 /* Security challenge/response failed */ 148 + #define RXGK_SEALEDINCON 1233242883 /* Sealed data is inconsistent */ 149 + #define RXGK_NOTAUTH 1233242884 /* Caller not authorised */ 150 + #define RXGK_EXPIRED 1233242885 /* Authentication expired */ 151 + #define RXGK_BADLEVEL 1233242886 /* Unsupported or not permitted security level */ 152 + #define RXGK_BADKEYNO 1233242887 /* Bad transport key number */ 153 + #define RXGK_NOTRXGK 1233242888 /* Security layer is not rxgk */ 154 + #define RXGK_UNSUPPORTED 1233242889 /* Endpoint does not support rxgk */ 155 + #define RXGK_GSSERROR 1233242890 /* GSSAPI mechanism error */ 156 + #endif 128 157 129 158 /* 130 159 * Challenge information in the RXRPC_CHALLENGED control message.