key.c 21 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892
  1. // SPDX-License-Identifier: GPL-2.0-or-later
  2. /* RxRPC key management
  3. *
  4. * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
  5. * Written by David Howells (dhowells@redhat.com)
  6. *
  7. * RxRPC keys should have a description of describing their purpose:
  8. * "afs@example.com"
  9. */
  10. #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
  11. #include <crypto/skcipher.h>
  12. #include <linux/module.h>
  13. #include <linux/net.h>
  14. #include <linux/overflow.h>
  15. #include <linux/skbuff.h>
  16. #include <linux/key-type.h>
  17. #include <linux/ctype.h>
  18. #include <linux/slab.h>
  19. #include <net/sock.h>
  20. #include <net/af_rxrpc.h>
  21. #include <keys/rxrpc-type.h>
  22. #include <keys/user-type.h>
  23. #include "ar-internal.h"
  24. static int rxrpc_preparse(struct key_preparsed_payload *);
  25. static void rxrpc_free_preparse(struct key_preparsed_payload *);
  26. static void rxrpc_destroy(struct key *);
  27. static void rxrpc_describe(const struct key *, struct seq_file *);
  28. static long rxrpc_read(const struct key *, char *, size_t);
  29. /*
  30. * rxrpc defined keys take an arbitrary string as the description and an
  31. * arbitrary blob of data as the payload
  32. */
  33. struct key_type key_type_rxrpc = {
  34. .name = "rxrpc",
  35. .flags = KEY_TYPE_NET_DOMAIN,
  36. .preparse = rxrpc_preparse,
  37. .free_preparse = rxrpc_free_preparse,
  38. .instantiate = generic_key_instantiate,
  39. .destroy = rxrpc_destroy,
  40. .describe = rxrpc_describe,
  41. .read = rxrpc_read,
  42. };
  43. EXPORT_SYMBOL(key_type_rxrpc);
  44. /*
  45. * parse an RxKAD type XDR format token
  46. * - the caller guarantees we have at least 4 words
  47. */
  48. static int rxrpc_preparse_xdr_rxkad(struct key_preparsed_payload *prep,
  49. size_t datalen,
  50. const __be32 *xdr, unsigned int toklen)
  51. {
  52. struct rxrpc_key_token *token, **pptoken;
  53. time64_t expiry;
  54. size_t plen;
  55. u32 tktlen;
  56. _enter(",{%x,%x,%x,%x},%u",
  57. ntohl(xdr[0]), ntohl(xdr[1]), ntohl(xdr[2]), ntohl(xdr[3]),
  58. toklen);
  59. if (toklen <= 8 * 4)
  60. return -EKEYREJECTED;
  61. tktlen = ntohl(xdr[7]);
  62. _debug("tktlen: %x", tktlen);
  63. if (tktlen > AFSTOKEN_RK_TIX_MAX)
  64. return -EKEYREJECTED;
  65. if (toklen < 8 * 4 + tktlen)
  66. return -EKEYREJECTED;
  67. plen = sizeof(*token) + sizeof(*token->kad) + tktlen;
  68. prep->quotalen += datalen + plen;
  69. plen -= sizeof(*token);
  70. token = kzalloc_obj(*token);
  71. if (!token)
  72. return -ENOMEM;
  73. token->kad = kzalloc(plen, GFP_KERNEL);
  74. if (!token->kad) {
  75. kfree(token);
  76. return -ENOMEM;
  77. }
  78. token->security_index = RXRPC_SECURITY_RXKAD;
  79. token->kad->ticket_len = tktlen;
  80. token->kad->vice_id = ntohl(xdr[0]);
  81. token->kad->kvno = ntohl(xdr[1]);
  82. token->kad->start = ntohl(xdr[4]);
  83. token->kad->expiry = ntohl(xdr[5]);
  84. token->kad->primary_flag = ntohl(xdr[6]);
  85. memcpy(&token->kad->session_key, &xdr[2], 8);
  86. memcpy(&token->kad->ticket, &xdr[8], tktlen);
  87. _debug("SCIX: %u", token->security_index);
  88. _debug("TLEN: %u", token->kad->ticket_len);
  89. _debug("EXPY: %x", token->kad->expiry);
  90. _debug("KVNO: %u", token->kad->kvno);
  91. _debug("PRIM: %u", token->kad->primary_flag);
  92. _debug("SKEY: %02x%02x%02x%02x%02x%02x%02x%02x",
  93. token->kad->session_key[0], token->kad->session_key[1],
  94. token->kad->session_key[2], token->kad->session_key[3],
  95. token->kad->session_key[4], token->kad->session_key[5],
  96. token->kad->session_key[6], token->kad->session_key[7]);
  97. if (token->kad->ticket_len >= 8)
  98. _debug("TCKT: %02x%02x%02x%02x%02x%02x%02x%02x",
  99. token->kad->ticket[0], token->kad->ticket[1],
  100. token->kad->ticket[2], token->kad->ticket[3],
  101. token->kad->ticket[4], token->kad->ticket[5],
  102. token->kad->ticket[6], token->kad->ticket[7]);
  103. /* count the number of tokens attached */
  104. prep->payload.data[1] = (void *)((unsigned long)prep->payload.data[1] + 1);
  105. /* attach the data */
  106. for (pptoken = (struct rxrpc_key_token **)&prep->payload.data[0];
  107. *pptoken;
  108. pptoken = &(*pptoken)->next)
  109. continue;
  110. *pptoken = token;
  111. expiry = rxrpc_u32_to_time64(token->kad->expiry);
  112. if (expiry < prep->expiry)
  113. prep->expiry = expiry;
  114. _leave(" = 0");
  115. return 0;
  116. }
  117. static u64 xdr_dec64(const __be32 *xdr)
  118. {
  119. return (u64)ntohl(xdr[0]) << 32 | (u64)ntohl(xdr[1]);
  120. }
  121. static time64_t rxrpc_s64_to_time64(s64 time_in_100ns)
  122. {
  123. bool neg = false;
  124. u64 tmp = time_in_100ns;
  125. if (time_in_100ns < 0) {
  126. tmp = -time_in_100ns;
  127. neg = true;
  128. }
  129. do_div(tmp, 10000000);
  130. return neg ? -tmp : tmp;
  131. }
  132. /*
  133. * Parse a YFS-RxGK type XDR format token
  134. * - the caller guarantees we have at least 4 words
  135. *
  136. * struct token_rxgk {
  137. * opr_time begintime;
  138. * opr_time endtime;
  139. * afs_int64 level;
  140. * afs_int64 lifetime;
  141. * afs_int64 bytelife;
  142. * afs_int64 enctype;
  143. * opaque key<>;
  144. * opaque ticket<>;
  145. * };
  146. */
  147. static int rxrpc_preparse_xdr_yfs_rxgk(struct key_preparsed_payload *prep,
  148. size_t datalen,
  149. const __be32 *xdr, unsigned int toklen)
  150. {
  151. struct rxrpc_key_token *token, **pptoken;
  152. time64_t expiry;
  153. size_t plen;
  154. const __be32 *ticket, *key;
  155. s64 tmp;
  156. size_t raw_keylen, raw_tktlen, keylen, tktlen;
  157. _enter(",{%x,%x,%x,%x},%x",
  158. ntohl(xdr[0]), ntohl(xdr[1]), ntohl(xdr[2]), ntohl(xdr[3]),
  159. toklen);
  160. if (6 * 2 + 2 > toklen / 4)
  161. goto reject;
  162. key = xdr + (6 * 2 + 1);
  163. raw_keylen = ntohl(key[-1]);
  164. _debug("keylen: %zx", raw_keylen);
  165. if (raw_keylen > AFSTOKEN_GK_KEY_MAX)
  166. goto reject;
  167. keylen = round_up(raw_keylen, 4);
  168. if ((6 * 2 + 2) * 4 + keylen > toklen)
  169. goto reject;
  170. ticket = xdr + (6 * 2 + 1 + (keylen / 4) + 1);
  171. raw_tktlen = ntohl(ticket[-1]);
  172. _debug("tktlen: %zx", raw_tktlen);
  173. if (raw_tktlen > AFSTOKEN_GK_TOKEN_MAX)
  174. goto reject;
  175. tktlen = round_up(raw_tktlen, 4);
  176. if ((6 * 2 + 2) * 4 + keylen + tktlen != toklen) {
  177. kleave(" = -EKEYREJECTED [%zx!=%x, %zx,%zx]",
  178. (6 * 2 + 2) * 4 + keylen + tktlen, toklen,
  179. keylen, tktlen);
  180. goto reject;
  181. }
  182. plen = sizeof(*token) + sizeof(*token->rxgk) + tktlen + keylen;
  183. prep->quotalen += datalen + plen;
  184. plen -= sizeof(*token);
  185. token = kzalloc_obj(*token);
  186. if (!token)
  187. goto nomem;
  188. token->rxgk = kzalloc(struct_size_t(struct rxgk_key, _key, raw_keylen), GFP_KERNEL);
  189. if (!token->rxgk)
  190. goto nomem_token;
  191. token->security_index = RXRPC_SECURITY_YFS_RXGK;
  192. token->rxgk->begintime = xdr_dec64(xdr + 0 * 2);
  193. token->rxgk->endtime = xdr_dec64(xdr + 1 * 2);
  194. token->rxgk->level = tmp = xdr_dec64(xdr + 2 * 2);
  195. if (tmp < -1LL || tmp > RXRPC_SECURITY_ENCRYPT)
  196. goto reject_token;
  197. token->rxgk->lifetime = xdr_dec64(xdr + 3 * 2);
  198. token->rxgk->bytelife = xdr_dec64(xdr + 4 * 2);
  199. token->rxgk->enctype = tmp = xdr_dec64(xdr + 5 * 2);
  200. if (tmp < 0 || tmp > UINT_MAX)
  201. goto reject_token;
  202. token->rxgk->key.len = raw_keylen;
  203. token->rxgk->key.data = token->rxgk->_key;
  204. token->rxgk->ticket.len = raw_tktlen;
  205. if (token->rxgk->endtime != 0) {
  206. expiry = rxrpc_s64_to_time64(token->rxgk->endtime);
  207. if (expiry < 0)
  208. goto expired;
  209. if (expiry < prep->expiry)
  210. prep->expiry = expiry;
  211. }
  212. memcpy(token->rxgk->key.data, key, token->rxgk->key.len);
  213. /* Pad the ticket so that we can use it directly in XDR */
  214. token->rxgk->ticket.data = kzalloc(tktlen, GFP_KERNEL);
  215. if (!token->rxgk->ticket.data)
  216. goto nomem_yrxgk;
  217. memcpy(token->rxgk->ticket.data, ticket, token->rxgk->ticket.len);
  218. _debug("SCIX: %u", token->security_index);
  219. _debug("EXPY: %llx", token->rxgk->endtime);
  220. _debug("LIFE: %llx", token->rxgk->lifetime);
  221. _debug("BYTE: %llx", token->rxgk->bytelife);
  222. _debug("ENC : %u", token->rxgk->enctype);
  223. _debug("LEVL: %u", token->rxgk->level);
  224. _debug("KLEN: %u", token->rxgk->key.len);
  225. _debug("TLEN: %u", token->rxgk->ticket.len);
  226. _debug("KEY0: %*phN", token->rxgk->key.len, token->rxgk->key.data);
  227. _debug("TICK: %*phN",
  228. min_t(u32, token->rxgk->ticket.len, 32), token->rxgk->ticket.data);
  229. /* count the number of tokens attached */
  230. prep->payload.data[1] = (void *)((unsigned long)prep->payload.data[1] + 1);
  231. /* attach the data */
  232. for (pptoken = (struct rxrpc_key_token **)&prep->payload.data[0];
  233. *pptoken;
  234. pptoken = &(*pptoken)->next)
  235. continue;
  236. *pptoken = token;
  237. _leave(" = 0");
  238. return 0;
  239. nomem_yrxgk:
  240. kfree(token->rxgk);
  241. nomem_token:
  242. kfree(token);
  243. nomem:
  244. return -ENOMEM;
  245. reject_token:
  246. kfree(token->rxgk);
  247. kfree(token);
  248. reject:
  249. return -EKEYREJECTED;
  250. expired:
  251. kfree(token->rxgk);
  252. kfree(token);
  253. return -EKEYEXPIRED;
  254. }
  255. /*
  256. * attempt to parse the data as the XDR format
  257. * - the caller guarantees we have more than 7 words
  258. */
  259. static int rxrpc_preparse_xdr(struct key_preparsed_payload *prep)
  260. {
  261. const __be32 *xdr = prep->data, *token, *p;
  262. const char *cp;
  263. unsigned int len, paddedlen, loop, ntoken, toklen, sec_ix;
  264. size_t datalen = prep->datalen;
  265. int ret, ret2;
  266. _enter(",{%x,%x,%x,%x},%zu",
  267. ntohl(xdr[0]), ntohl(xdr[1]), ntohl(xdr[2]), ntohl(xdr[3]),
  268. prep->datalen);
  269. if (datalen > AFSTOKEN_LENGTH_MAX)
  270. goto not_xdr;
  271. /* XDR is an array of __be32's */
  272. if (datalen & 3)
  273. goto not_xdr;
  274. /* the flags should be 0 (the setpag bit must be handled by
  275. * userspace) */
  276. if (ntohl(*xdr++) != 0)
  277. goto not_xdr;
  278. datalen -= 4;
  279. /* check the cell name */
  280. len = ntohl(*xdr++);
  281. if (len < 1 || len > AFSTOKEN_CELL_MAX)
  282. goto not_xdr;
  283. datalen -= 4;
  284. paddedlen = (len + 3) & ~3;
  285. if (paddedlen > datalen)
  286. goto not_xdr;
  287. cp = (const char *) xdr;
  288. for (loop = 0; loop < len; loop++)
  289. if (!isprint(cp[loop]))
  290. goto not_xdr;
  291. for (; loop < paddedlen; loop++)
  292. if (cp[loop])
  293. goto not_xdr;
  294. _debug("cellname: [%u/%u] '%*.*s'",
  295. len, paddedlen, len, len, (const char *) xdr);
  296. datalen -= paddedlen;
  297. xdr += paddedlen >> 2;
  298. /* get the token count */
  299. if (datalen < 12)
  300. goto not_xdr;
  301. ntoken = ntohl(*xdr++);
  302. datalen -= 4;
  303. _debug("ntoken: %x", ntoken);
  304. if (ntoken < 1 || ntoken > AFSTOKEN_MAX)
  305. goto not_xdr;
  306. /* check each token wrapper */
  307. p = xdr;
  308. loop = ntoken;
  309. do {
  310. if (datalen < 8)
  311. goto not_xdr;
  312. toklen = ntohl(*p++);
  313. sec_ix = ntohl(*p);
  314. datalen -= 4;
  315. _debug("token: [%x/%zx] %x", toklen, datalen, sec_ix);
  316. paddedlen = (toklen + 3) & ~3;
  317. if (toklen < 20 || toklen > datalen || paddedlen > datalen)
  318. goto not_xdr;
  319. datalen -= paddedlen;
  320. p += paddedlen >> 2;
  321. } while (--loop > 0);
  322. _debug("remainder: %zu", datalen);
  323. if (datalen != 0)
  324. goto not_xdr;
  325. /* okay: we're going to assume it's valid XDR format
  326. * - we ignore the cellname, relying on the key to be correctly named
  327. */
  328. ret = -EPROTONOSUPPORT;
  329. do {
  330. toklen = ntohl(*xdr++);
  331. token = xdr;
  332. xdr += (toklen + 3) / 4;
  333. sec_ix = ntohl(*token++);
  334. toklen -= 4;
  335. _debug("TOKEN type=%x len=%x", sec_ix, toklen);
  336. switch (sec_ix) {
  337. case RXRPC_SECURITY_RXKAD:
  338. ret2 = rxrpc_preparse_xdr_rxkad(prep, datalen, token, toklen);
  339. break;
  340. case RXRPC_SECURITY_YFS_RXGK:
  341. ret2 = rxrpc_preparse_xdr_yfs_rxgk(prep, datalen, token, toklen);
  342. break;
  343. default:
  344. ret2 = -EPROTONOSUPPORT;
  345. break;
  346. }
  347. switch (ret2) {
  348. case 0:
  349. ret = 0;
  350. break;
  351. case -EPROTONOSUPPORT:
  352. break;
  353. case -ENOPKG:
  354. if (ret != 0)
  355. ret = -ENOPKG;
  356. break;
  357. default:
  358. ret = ret2;
  359. goto error;
  360. }
  361. } while (--ntoken > 0);
  362. error:
  363. _leave(" = %d", ret);
  364. return ret;
  365. not_xdr:
  366. _leave(" = -EPROTO");
  367. return -EPROTO;
  368. }
  369. /*
  370. * Preparse an rxrpc defined key.
  371. *
  372. * Data should be of the form:
  373. * OFFSET LEN CONTENT
  374. * 0 4 key interface version number
  375. * 4 2 security index (type)
  376. * 6 2 ticket length
  377. * 8 4 key expiry time (time_t)
  378. * 12 4 kvno
  379. * 16 8 session key
  380. * 24 [len] ticket
  381. *
  382. * if no data is provided, then a no-security key is made
  383. */
  384. static int rxrpc_preparse(struct key_preparsed_payload *prep)
  385. {
  386. const struct rxrpc_key_data_v1 *v1;
  387. struct rxrpc_key_token *token, **pp;
  388. time64_t expiry;
  389. size_t plen;
  390. u32 kver;
  391. int ret;
  392. _enter("%zu", prep->datalen);
  393. /* handle a no-security key */
  394. if (!prep->data && prep->datalen == 0)
  395. return 0;
  396. /* determine if the XDR payload format is being used */
  397. if (prep->datalen > 7 * 4) {
  398. ret = rxrpc_preparse_xdr(prep);
  399. if (ret != -EPROTO)
  400. return ret;
  401. }
  402. /* get the key interface version number */
  403. ret = -EINVAL;
  404. if (prep->datalen <= 4 || !prep->data)
  405. goto error;
  406. memcpy(&kver, prep->data, sizeof(kver));
  407. prep->data += sizeof(kver);
  408. prep->datalen -= sizeof(kver);
  409. prep->quotalen = 0;
  410. _debug("KEY I/F VERSION: %u", kver);
  411. ret = -EKEYREJECTED;
  412. if (kver != 1)
  413. goto error;
  414. /* deal with a version 1 key */
  415. ret = -EINVAL;
  416. if (prep->datalen < sizeof(*v1))
  417. goto error;
  418. v1 = prep->data;
  419. if (prep->datalen != sizeof(*v1) + v1->ticket_length)
  420. goto error;
  421. _debug("SCIX: %u", v1->security_index);
  422. _debug("TLEN: %u", v1->ticket_length);
  423. _debug("EXPY: %x", v1->expiry);
  424. _debug("KVNO: %u", v1->kvno);
  425. _debug("SKEY: %02x%02x%02x%02x%02x%02x%02x%02x",
  426. v1->session_key[0], v1->session_key[1],
  427. v1->session_key[2], v1->session_key[3],
  428. v1->session_key[4], v1->session_key[5],
  429. v1->session_key[6], v1->session_key[7]);
  430. if (v1->ticket_length >= 8)
  431. _debug("TCKT: %02x%02x%02x%02x%02x%02x%02x%02x",
  432. v1->ticket[0], v1->ticket[1],
  433. v1->ticket[2], v1->ticket[3],
  434. v1->ticket[4], v1->ticket[5],
  435. v1->ticket[6], v1->ticket[7]);
  436. ret = -EPROTONOSUPPORT;
  437. if (v1->security_index != RXRPC_SECURITY_RXKAD)
  438. goto error;
  439. plen = sizeof(*token->kad) + v1->ticket_length;
  440. prep->quotalen += plen + sizeof(*token);
  441. ret = -ENOMEM;
  442. token = kzalloc_obj(*token);
  443. if (!token)
  444. goto error;
  445. token->kad = kzalloc(plen, GFP_KERNEL);
  446. if (!token->kad)
  447. goto error_free;
  448. token->security_index = RXRPC_SECURITY_RXKAD;
  449. token->kad->ticket_len = v1->ticket_length;
  450. token->kad->expiry = v1->expiry;
  451. token->kad->kvno = v1->kvno;
  452. memcpy(&token->kad->session_key, &v1->session_key, 8);
  453. memcpy(&token->kad->ticket, v1->ticket, v1->ticket_length);
  454. /* count the number of tokens attached */
  455. prep->payload.data[1] = (void *)((unsigned long)prep->payload.data[1] + 1);
  456. /* attach the data */
  457. pp = (struct rxrpc_key_token **)&prep->payload.data[0];
  458. while (*pp)
  459. pp = &(*pp)->next;
  460. *pp = token;
  461. expiry = rxrpc_u32_to_time64(token->kad->expiry);
  462. if (expiry < prep->expiry)
  463. prep->expiry = expiry;
  464. token = NULL;
  465. ret = 0;
  466. error_free:
  467. kfree(token);
  468. error:
  469. return ret;
  470. }
  471. /*
  472. * Free token list.
  473. */
  474. static void rxrpc_free_token_list(struct rxrpc_key_token *token)
  475. {
  476. struct rxrpc_key_token *next;
  477. for (; token; token = next) {
  478. next = token->next;
  479. switch (token->security_index) {
  480. case RXRPC_SECURITY_RXKAD:
  481. kfree(token->kad);
  482. break;
  483. case RXRPC_SECURITY_YFS_RXGK:
  484. kfree(token->rxgk->ticket.data);
  485. kfree(token->rxgk);
  486. break;
  487. default:
  488. pr_err("Unknown token type %x on rxrpc key\n",
  489. token->security_index);
  490. BUG();
  491. }
  492. kfree(token);
  493. }
  494. }
  495. /*
  496. * Clean up preparse data.
  497. */
  498. static void rxrpc_free_preparse(struct key_preparsed_payload *prep)
  499. {
  500. rxrpc_free_token_list(prep->payload.data[0]);
  501. }
  502. /*
  503. * dispose of the data dangling from the corpse of a rxrpc key
  504. */
  505. static void rxrpc_destroy(struct key *key)
  506. {
  507. rxrpc_free_token_list(key->payload.data[0]);
  508. }
  509. /*
  510. * describe the rxrpc key
  511. */
  512. static void rxrpc_describe(const struct key *key, struct seq_file *m)
  513. {
  514. const struct rxrpc_key_token *token;
  515. const char *sep = ": ";
  516. seq_puts(m, key->description);
  517. for (token = key->payload.data[0]; token; token = token->next) {
  518. seq_puts(m, sep);
  519. switch (token->security_index) {
  520. case RXRPC_SECURITY_RXKAD:
  521. seq_puts(m, "ka");
  522. break;
  523. case RXRPC_SECURITY_YFS_RXGK:
  524. seq_puts(m, "ygk");
  525. break;
  526. default: /* we have a ticket we can't encode */
  527. seq_printf(m, "%u", token->security_index);
  528. break;
  529. }
  530. sep = " ";
  531. }
  532. }
  533. /*
  534. * grab the security key for a socket
  535. */
  536. int rxrpc_request_key(struct rxrpc_sock *rx, sockptr_t optval, int optlen)
  537. {
  538. struct key *key;
  539. char *description;
  540. _enter("");
  541. if (optlen <= 0 || optlen > PAGE_SIZE - 1 || rx->key)
  542. return -EINVAL;
  543. description = memdup_sockptr_nul(optval, optlen);
  544. if (IS_ERR(description))
  545. return PTR_ERR(description);
  546. key = request_key_net(&key_type_rxrpc, description, sock_net(&rx->sk), NULL);
  547. if (IS_ERR(key)) {
  548. kfree(description);
  549. _leave(" = %ld", PTR_ERR(key));
  550. return PTR_ERR(key);
  551. }
  552. rx->key = key;
  553. kfree(description);
  554. _leave(" = 0 [key %x]", key->serial);
  555. return 0;
  556. }
  557. /*
  558. * generate a server data key
  559. */
  560. int rxrpc_get_server_data_key(struct rxrpc_connection *conn,
  561. const void *session_key,
  562. time64_t expiry,
  563. u32 kvno)
  564. {
  565. const struct cred *cred = current_cred();
  566. struct key *key;
  567. int ret;
  568. struct {
  569. u32 kver;
  570. struct rxrpc_key_data_v1 v1;
  571. } data;
  572. _enter("");
  573. key = key_alloc(&key_type_rxrpc, "x",
  574. GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, cred, 0,
  575. KEY_ALLOC_NOT_IN_QUOTA, NULL);
  576. if (IS_ERR(key)) {
  577. _leave(" = -ENOMEM [alloc %ld]", PTR_ERR(key));
  578. return -ENOMEM;
  579. }
  580. _debug("key %d", key_serial(key));
  581. data.kver = 1;
  582. data.v1.security_index = RXRPC_SECURITY_RXKAD;
  583. data.v1.ticket_length = 0;
  584. data.v1.expiry = rxrpc_time64_to_u32(expiry);
  585. data.v1.kvno = 0;
  586. memcpy(&data.v1.session_key, session_key, sizeof(data.v1.session_key));
  587. ret = key_instantiate_and_link(key, &data, sizeof(data), NULL, NULL);
  588. if (ret < 0)
  589. goto error;
  590. conn->key = key;
  591. _leave(" = 0 [%d]", key_serial(key));
  592. return 0;
  593. error:
  594. key_revoke(key);
  595. key_put(key);
  596. _leave(" = -ENOMEM [ins %d]", ret);
  597. return -ENOMEM;
  598. }
  599. EXPORT_SYMBOL(rxrpc_get_server_data_key);
  600. /**
  601. * rxrpc_get_null_key - Generate a null RxRPC key
  602. * @keyname: The name to give the key.
  603. *
  604. * Generate a null RxRPC key that can be used to indicate anonymous security is
  605. * required for a particular domain.
  606. *
  607. * Return: The new key or a negative error code.
  608. */
  609. struct key *rxrpc_get_null_key(const char *keyname)
  610. {
  611. const struct cred *cred = current_cred();
  612. struct key *key;
  613. int ret;
  614. key = key_alloc(&key_type_rxrpc, keyname,
  615. GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, cred,
  616. KEY_POS_SEARCH, KEY_ALLOC_NOT_IN_QUOTA, NULL);
  617. if (IS_ERR(key))
  618. return key;
  619. ret = key_instantiate_and_link(key, NULL, 0, NULL, NULL);
  620. if (ret < 0) {
  621. key_revoke(key);
  622. key_put(key);
  623. return ERR_PTR(ret);
  624. }
  625. return key;
  626. }
  627. EXPORT_SYMBOL(rxrpc_get_null_key);
  628. /*
  629. * read the contents of an rxrpc key
  630. * - this returns the result in XDR form
  631. */
  632. static long rxrpc_read(const struct key *key,
  633. char *buffer, size_t buflen)
  634. {
  635. const struct rxrpc_key_token *token;
  636. size_t size;
  637. __be32 *xdr, *oldxdr;
  638. u32 cnlen, toksize, ntoks, tok, zero;
  639. u16 toksizes[AFSTOKEN_MAX];
  640. _enter("");
  641. /* we don't know what form we should return non-AFS keys in */
  642. if (memcmp(key->description, "afs@", 4) != 0)
  643. return -EOPNOTSUPP;
  644. cnlen = strlen(key->description + 4);
  645. #define RND(X) (((X) + 3) & ~3)
  646. /* AFS keys we return in XDR form, so we need to work out the size of
  647. * the XDR */
  648. size = 2 * 4; /* flags, cellname len */
  649. size += RND(cnlen); /* cellname */
  650. size += 1 * 4; /* token count */
  651. ntoks = 0;
  652. for (token = key->payload.data[0]; token; token = token->next) {
  653. toksize = 4; /* sec index */
  654. switch (token->security_index) {
  655. case RXRPC_SECURITY_RXKAD:
  656. toksize += 8 * 4; /* viceid, kvno, key*2, begin,
  657. * end, primary, tktlen */
  658. if (!token->no_leak_key)
  659. toksize += RND(token->kad->ticket_len);
  660. break;
  661. case RXRPC_SECURITY_YFS_RXGK:
  662. toksize += 6 * 8 + 2 * 4;
  663. if (!token->no_leak_key)
  664. toksize += RND(token->rxgk->key.len);
  665. toksize += RND(token->rxgk->ticket.len);
  666. break;
  667. default: /* we have a ticket we can't encode */
  668. pr_err("Unsupported key token type (%u)\n",
  669. token->security_index);
  670. return -ENOPKG;
  671. }
  672. _debug("token[%u]: toksize=%u", ntoks, toksize);
  673. if (WARN_ON(toksize > AFSTOKEN_LENGTH_MAX))
  674. return -EIO;
  675. toksizes[ntoks++] = toksize;
  676. size += toksize + 4; /* each token has a length word */
  677. }
  678. #undef RND
  679. if (!buffer || buflen < size)
  680. return size;
  681. xdr = (__be32 *)buffer;
  682. zero = 0;
  683. #define ENCODE(x) \
  684. do { \
  685. *xdr++ = htonl(x); \
  686. } while(0)
  687. #define ENCODE_DATA(l, s) \
  688. do { \
  689. u32 _l = (l); \
  690. ENCODE(l); \
  691. memcpy(xdr, (s), _l); \
  692. if (_l & 3) \
  693. memcpy((u8 *)xdr + _l, &zero, 4 - (_l & 3)); \
  694. xdr += (_l + 3) >> 2; \
  695. } while(0)
  696. #define ENCODE_BYTES(l, s) \
  697. do { \
  698. u32 _l = (l); \
  699. memcpy(xdr, (s), _l); \
  700. if (_l & 3) \
  701. memcpy((u8 *)xdr + _l, &zero, 4 - (_l & 3)); \
  702. xdr += (_l + 3) >> 2; \
  703. } while(0)
  704. #define ENCODE64(x) \
  705. do { \
  706. __be64 y = cpu_to_be64(x); \
  707. memcpy(xdr, &y, 8); \
  708. xdr += 8 >> 2; \
  709. } while(0)
  710. #define ENCODE_STR(s) \
  711. do { \
  712. const char *_s = (s); \
  713. ENCODE_DATA(strlen(_s), _s); \
  714. } while(0)
  715. ENCODE(0); /* flags */
  716. ENCODE_DATA(cnlen, key->description + 4); /* cellname */
  717. ENCODE(ntoks);
  718. tok = 0;
  719. for (token = key->payload.data[0]; token; token = token->next) {
  720. toksize = toksizes[tok++];
  721. ENCODE(toksize);
  722. oldxdr = xdr;
  723. ENCODE(token->security_index);
  724. switch (token->security_index) {
  725. case RXRPC_SECURITY_RXKAD:
  726. ENCODE(token->kad->vice_id);
  727. ENCODE(token->kad->kvno);
  728. ENCODE_BYTES(8, token->kad->session_key);
  729. ENCODE(token->kad->start);
  730. ENCODE(token->kad->expiry);
  731. ENCODE(token->kad->primary_flag);
  732. if (token->no_leak_key)
  733. ENCODE(0);
  734. else
  735. ENCODE_DATA(token->kad->ticket_len, token->kad->ticket);
  736. break;
  737. case RXRPC_SECURITY_YFS_RXGK:
  738. ENCODE64(token->rxgk->begintime);
  739. ENCODE64(token->rxgk->endtime);
  740. ENCODE64(token->rxgk->level);
  741. ENCODE64(token->rxgk->lifetime);
  742. ENCODE64(token->rxgk->bytelife);
  743. ENCODE64(token->rxgk->enctype);
  744. if (token->no_leak_key)
  745. ENCODE(0);
  746. else
  747. ENCODE_DATA(token->rxgk->key.len, token->rxgk->key.data);
  748. ENCODE_DATA(token->rxgk->ticket.len, token->rxgk->ticket.data);
  749. break;
  750. default:
  751. pr_err("Unsupported key token type (%u)\n",
  752. token->security_index);
  753. return -ENOPKG;
  754. }
  755. if (WARN_ON((unsigned long)xdr - (unsigned long)oldxdr !=
  756. toksize))
  757. return -EIO;
  758. }
  759. #undef ENCODE_STR
  760. #undef ENCODE_DATA
  761. #undef ENCODE64
  762. #undef ENCODE
  763. if (WARN_ON(tok != ntoks))
  764. return -EIO;
  765. if (WARN_ON((unsigned long)xdr - (unsigned long)buffer != size))
  766. return -EIO;
  767. _leave(" = %zu", size);
  768. return size;
  769. }