rxrpc: Split the server key type (rxrpc_s) into its own file

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Split the server private key type (rxrpc_s) out into its own file rather
than mingling it with the authentication/client key type (rxrpc) since they
don't really bear any relation.

Signed-off-by: David Howells <dhowells@redhat.com>

David Howells 5 years ago ca7fb100 ec832bd0

+149 -127

4 changed files

expand all

net

rxrpc

Makefile

ar-internal.h

key.c

server_key.c

net/rxrpc/Makefile

··· 28 28 rtt.o \ 29 29 security.o \ 30 30 sendmsg.o \ 31 + server_key.o \ 31 32 skbuff.o \ 32 33 utils.o 33 34

+7 -2

net/rxrpc/ar-internal.h

··· 906 906 * key.c 907 907 */ 908 908 extern struct key_type key_type_rxrpc; 909 - extern struct key_type key_type_rxrpc_s; 910 909 911 910 int rxrpc_request_key(struct rxrpc_sock *, sockptr_t , int); 912 - int rxrpc_server_keyring(struct rxrpc_sock *, sockptr_t, int); 913 911 int rxrpc_get_server_data_key(struct rxrpc_connection *, const void *, time64_t, 914 912 u32); 915 913 ··· 1061 1063 * sendmsg.c 1062 1064 */ 1063 1065 int rxrpc_do_sendmsg(struct rxrpc_sock *, struct msghdr *, size_t); 1066 + 1067 + /* 1068 + * server_key.c 1069 + */ 1070 + extern struct key_type key_type_rxrpc_s; 1071 + 1072 + int rxrpc_server_keyring(struct rxrpc_sock *, sockptr_t, int); 1064 1073 1065 1074 /* 1066 1075 * skbuff.c

-125

net/rxrpc/key.c

··· 23 23 #include <keys/user-type.h> 24 24 #include "ar-internal.h" 25 25 26 - static int rxrpc_vet_description_s(const char *); 27 26 static int rxrpc_preparse(struct key_preparsed_payload *); 28 - static int rxrpc_preparse_s(struct key_preparsed_payload *); 29 27 static void rxrpc_free_preparse(struct key_preparsed_payload *); 30 - static void rxrpc_free_preparse_s(struct key_preparsed_payload *); 31 28 static void rxrpc_destroy(struct key *); 32 - static void rxrpc_destroy_s(struct key *); 33 29 static void rxrpc_describe(const struct key *, struct seq_file *); 34 - static void rxrpc_describe_s(const struct key *, struct seq_file *); 35 30 static long rxrpc_read(const struct key *, char *, size_t); 36 31 37 32 /* ··· 44 49 .read = rxrpc_read, 45 50 }; 46 51 EXPORT_SYMBOL(key_type_rxrpc); 47 - 48 - /* 49 - * rxrpc server defined keys take "<serviceId>:<securityIndex>" as the 50 - * description and an 8-byte decryption key as the payload 51 - */ 52 - struct key_type key_type_rxrpc_s = { 53 - .name = "rxrpc_s", 54 - .flags = KEY_TYPE_NET_DOMAIN, 55 - .vet_description = rxrpc_vet_description_s, 56 - .preparse = rxrpc_preparse_s, 57 - .free_preparse = rxrpc_free_preparse_s, 58 - .instantiate = generic_key_instantiate, 59 - .destroy = rxrpc_destroy_s, 60 - .describe = rxrpc_describe_s, 61 - }; 62 - 63 - /* 64 - * Vet the description for an RxRPC server key 65 - */ 66 - static int rxrpc_vet_description_s(const char *desc) 67 - { 68 - unsigned long num; 69 - char *p; 70 - 71 - num = simple_strtoul(desc, &p, 10); 72 - if (*p != ':' || num > 65535) 73 - return -EINVAL; 74 - num = simple_strtoul(p + 1, &p, 10); 75 - if (*p || num < 1 || num > 255) 76 - return -EINVAL; 77 - return 0; 78 - } 79 52 80 53 /* 81 54 * parse an RxKAD type XDR format token ··· 397 434 } 398 435 399 436 /* 400 - * Preparse a server secret key. 401 - * 402 - * The data should be the 8-byte secret key. 403 - */ 404 - static int rxrpc_preparse_s(struct key_preparsed_payload *prep) 405 - { 406 - struct crypto_skcipher *ci; 407 - 408 - _enter("%zu", prep->datalen); 409 - 410 - if (prep->datalen != 8) 411 - return -EINVAL; 412 - 413 - memcpy(&prep->payload.data[2], prep->data, 8); 414 - 415 - ci = crypto_alloc_skcipher("pcbc(des)", 0, CRYPTO_ALG_ASYNC); 416 - if (IS_ERR(ci)) { 417 - _leave(" = %ld", PTR_ERR(ci)); 418 - return PTR_ERR(ci); 419 - } 420 - 421 - if (crypto_skcipher_setkey(ci, prep->data, 8) < 0) 422 - BUG(); 423 - 424 - prep->payload.data[0] = ci; 425 - _leave(" = 0"); 426 - return 0; 427 - } 428 - 429 - /* 430 - * Clean up preparse data. 431 - */ 432 - static void rxrpc_free_preparse_s(struct key_preparsed_payload *prep) 433 - { 434 - if (prep->payload.data[0]) 435 - crypto_free_skcipher(prep->payload.data[0]); 436 - } 437 - 438 - /* 439 437 * dispose of the data dangling from the corpse of a rxrpc key 440 438 */ 441 439 static void rxrpc_destroy(struct key *key) 442 440 { 443 441 rxrpc_free_token_list(key->payload.data[0]); 444 - } 445 - 446 - /* 447 - * dispose of the data dangling from the corpse of a rxrpc key 448 - */ 449 - static void rxrpc_destroy_s(struct key *key) 450 - { 451 - if (key->payload.data[0]) { 452 - crypto_free_skcipher(key->payload.data[0]); 453 - key->payload.data[0] = NULL; 454 - } 455 442 } 456 443 457 444 /* ··· 431 518 } 432 519 433 520 /* 434 - * describe the rxrpc server key 435 - */ 436 - static void rxrpc_describe_s(const struct key *key, struct seq_file *m) 437 - { 438 - seq_puts(m, key->description); 439 - } 440 - 441 - /* 442 521 * grab the security key for a socket 443 522 */ 444 523 int rxrpc_request_key(struct rxrpc_sock *rx, sockptr_t optval, int optlen) ··· 455 550 } 456 551 457 552 rx->key = key; 458 - kfree(description); 459 - _leave(" = 0 [key %x]", key->serial); 460 - return 0; 461 - } 462 - 463 - /* 464 - * grab the security keyring for a server socket 465 - */ 466 - int rxrpc_server_keyring(struct rxrpc_sock *rx, sockptr_t optval, int optlen) 467 - { 468 - struct key *key; 469 - char *description; 470 - 471 - _enter(""); 472 - 473 - if (optlen <= 0 || optlen > PAGE_SIZE - 1) 474 - return -EINVAL; 475 - 476 - description = memdup_sockptr_nul(optval, optlen); 477 - if (IS_ERR(description)) 478 - return PTR_ERR(description); 479 - 480 - key = request_key(&key_type_keyring, description, NULL); 481 - if (IS_ERR(key)) { 482 - kfree(description); 483 - _leave(" = %ld", PTR_ERR(key)); 484 - return PTR_ERR(key); 485 - } 486 - 487 - rx->securities = key; 488 553 kfree(description); 489 554 _leave(" = 0 [key %x]", key->serial); 490 555 return 0;

+141

net/rxrpc/server_key.c

··· 1 + // SPDX-License-Identifier: GPL-2.0-or-later 2 + /* RxRPC key management 3 + * 4 + * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved. 5 + * Written by David Howells (dhowells@redhat.com) 6 + * 7 + * RxRPC keys should have a description of describing their purpose: 8 + * "afs@CAMBRIDGE.REDHAT.COM> 9 + */ 10 + 11 + #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 12 + 13 + #include <crypto/skcipher.h> 14 + #include <linux/module.h> 15 + #include <linux/net.h> 16 + #include <linux/skbuff.h> 17 + #include <linux/key-type.h> 18 + #include <linux/ctype.h> 19 + #include <linux/slab.h> 20 + #include <net/sock.h> 21 + #include <net/af_rxrpc.h> 22 + #include <keys/rxrpc-type.h> 23 + #include <keys/user-type.h> 24 + #include "ar-internal.h" 25 + 26 + static int rxrpc_vet_description_s(const char *); 27 + static int rxrpc_preparse_s(struct key_preparsed_payload *); 28 + static void rxrpc_free_preparse_s(struct key_preparsed_payload *); 29 + static void rxrpc_destroy_s(struct key *); 30 + static void rxrpc_describe_s(const struct key *, struct seq_file *); 31 + 32 + /* 33 + * rxrpc server defined keys take "<serviceId>:<securityIndex>" as the 34 + * description and an 8-byte decryption key as the payload 35 + */ 36 + struct key_type key_type_rxrpc_s = { 37 + .name = "rxrpc_s", 38 + .flags = KEY_TYPE_NET_DOMAIN, 39 + .vet_description = rxrpc_vet_description_s, 40 + .preparse = rxrpc_preparse_s, 41 + .free_preparse = rxrpc_free_preparse_s, 42 + .instantiate = generic_key_instantiate, 43 + .destroy = rxrpc_destroy_s, 44 + .describe = rxrpc_describe_s, 45 + }; 46 + 47 + /* 48 + * Vet the description for an RxRPC server key 49 + */ 50 + static int rxrpc_vet_description_s(const char *desc) 51 + { 52 + unsigned long num; 53 + char *p; 54 + 55 + num = simple_strtoul(desc, &p, 10); 56 + if (*p != ':' || num > 65535) 57 + return -EINVAL; 58 + num = simple_strtoul(p + 1, &p, 10); 59 + if (*p || num < 1 || num > 255) 60 + return -EINVAL; 61 + return 0; 62 + } 63 + 64 + /* 65 + * Preparse a server secret key. 66 + * 67 + * The data should be the 8-byte secret key. 68 + */ 69 + static int rxrpc_preparse_s(struct key_preparsed_payload *prep) 70 + { 71 + struct crypto_skcipher *ci; 72 + 73 + _enter("%zu", prep->datalen); 74 + 75 + if (prep->datalen != 8) 76 + return -EINVAL; 77 + 78 + memcpy(&prep->payload.data[2], prep->data, 8); 79 + 80 + ci = crypto_alloc_skcipher("pcbc(des)", 0, CRYPTO_ALG_ASYNC); 81 + if (IS_ERR(ci)) { 82 + _leave(" = %ld", PTR_ERR(ci)); 83 + return PTR_ERR(ci); 84 + } 85 + 86 + if (crypto_skcipher_setkey(ci, prep->data, 8) < 0) 87 + BUG(); 88 + 89 + prep->payload.data[0] = ci; 90 + _leave(" = 0"); 91 + return 0; 92 + } 93 + 94 + static void rxrpc_free_preparse_s(struct key_preparsed_payload *prep) 95 + { 96 + if (prep->payload.data[0]) 97 + crypto_free_skcipher(prep->payload.data[0]); 98 + } 99 + 100 + static void rxrpc_destroy_s(struct key *key) 101 + { 102 + if (key->payload.data[0]) { 103 + crypto_free_skcipher(key->payload.data[0]); 104 + key->payload.data[0] = NULL; 105 + } 106 + } 107 + 108 + static void rxrpc_describe_s(const struct key *key, struct seq_file *m) 109 + { 110 + seq_puts(m, key->description); 111 + } 112 + 113 + /* 114 + * grab the security keyring for a server socket 115 + */ 116 + int rxrpc_server_keyring(struct rxrpc_sock *rx, sockptr_t optval, int optlen) 117 + { 118 + struct key *key; 119 + char *description; 120 + 121 + _enter(""); 122 + 123 + if (optlen <= 0 || optlen > PAGE_SIZE - 1) 124 + return -EINVAL; 125 + 126 + description = memdup_sockptr_nul(optval, optlen); 127 + if (IS_ERR(description)) 128 + return PTR_ERR(description); 129 + 130 + key = request_key(&key_type_keyring, description, NULL); 131 + if (IS_ERR(key)) { 132 + kfree(description); 133 + _leave(" = %ld", PTR_ERR(key)); 134 + return PTR_ERR(key); 135 + } 136 + 137 + rx->securities = key; 138 + kfree(description); 139 + _leave(" = 0 [key %x]", key->serial); 140 + return 0; 141 + }