rxgk.c 34 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380
  1. // SPDX-License-Identifier: GPL-2.0-or-later
  2. /* GSSAPI-based RxRPC security
  3. *
  4. * Copyright (C) 2025 Red Hat, Inc. All Rights Reserved.
  5. * Written by David Howells (dhowells@redhat.com)
  6. */
  7. #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
  8. #include <linux/net.h>
  9. #include <linux/skbuff.h>
  10. #include <linux/slab.h>
  11. #include <linux/key-type.h>
  12. #include "ar-internal.h"
  13. #include "rxgk_common.h"
  14. /*
  15. * Parse the information from a server key
  16. */
  17. static int rxgk_preparse_server_key(struct key_preparsed_payload *prep)
  18. {
  19. const struct krb5_enctype *krb5;
  20. struct krb5_buffer *server_key = (void *)&prep->payload.data[2];
  21. unsigned int service, sec_class, kvno, enctype;
  22. int n = 0;
  23. _enter("%zu", prep->datalen);
  24. if (sscanf(prep->orig_description, "%u:%u:%u:%u%n",
  25. &service, &sec_class, &kvno, &enctype, &n) != 4)
  26. return -EINVAL;
  27. if (prep->orig_description[n])
  28. return -EINVAL;
  29. krb5 = crypto_krb5_find_enctype(enctype);
  30. if (!krb5)
  31. return -ENOPKG;
  32. prep->payload.data[0] = (struct krb5_enctype *)krb5;
  33. if (prep->datalen != krb5->key_len)
  34. return -EKEYREJECTED;
  35. server_key->len = prep->datalen;
  36. server_key->data = kmemdup(prep->data, prep->datalen, GFP_KERNEL);
  37. if (!server_key->data)
  38. return -ENOMEM;
  39. _leave(" = 0");
  40. return 0;
  41. }
  42. static void rxgk_free_server_key(union key_payload *payload)
  43. {
  44. struct krb5_buffer *server_key = (void *)&payload->data[2];
  45. kfree_sensitive(server_key->data);
  46. }
  47. static void rxgk_free_preparse_server_key(struct key_preparsed_payload *prep)
  48. {
  49. rxgk_free_server_key(&prep->payload);
  50. }
  51. static void rxgk_destroy_server_key(struct key *key)
  52. {
  53. rxgk_free_server_key(&key->payload);
  54. }
  55. static void rxgk_describe_server_key(const struct key *key, struct seq_file *m)
  56. {
  57. const struct krb5_enctype *krb5 = key->payload.data[0];
  58. if (krb5)
  59. seq_printf(m, ": %s", krb5->name);
  60. }
  61. /*
  62. * Handle rekeying the connection when we see our limits overrun or when the
  63. * far side decided to rekey.
  64. *
  65. * Returns a ref on the context if successful or -ESTALE if the key is out of
  66. * date.
  67. */
  68. static struct rxgk_context *rxgk_rekey(struct rxrpc_connection *conn,
  69. const u16 *specific_key_number)
  70. {
  71. struct rxgk_context *gk, *dead = NULL;
  72. unsigned int key_number, current_key, mask = ARRAY_SIZE(conn->rxgk.keys) - 1;
  73. bool crank = false;
  74. _enter("%d", specific_key_number ? *specific_key_number : -1);
  75. mutex_lock(&conn->security_lock);
  76. current_key = conn->rxgk.key_number;
  77. if (!specific_key_number) {
  78. key_number = current_key;
  79. } else {
  80. if (*specific_key_number == (u16)current_key)
  81. key_number = current_key;
  82. else if (*specific_key_number == (u16)(current_key - 1))
  83. key_number = current_key - 1;
  84. else if (*specific_key_number == (u16)(current_key + 1))
  85. goto crank_window;
  86. else
  87. goto bad_key;
  88. }
  89. gk = conn->rxgk.keys[key_number & mask];
  90. if (!gk)
  91. goto generate_key;
  92. if (!specific_key_number &&
  93. test_bit(RXGK_TK_NEEDS_REKEY, &gk->flags))
  94. goto crank_window;
  95. grab:
  96. refcount_inc(&gk->usage);
  97. mutex_unlock(&conn->security_lock);
  98. rxgk_put(dead);
  99. return gk;
  100. crank_window:
  101. trace_rxrpc_rxgk_rekey(conn, current_key,
  102. specific_key_number ? *specific_key_number : -1);
  103. if (current_key == UINT_MAX)
  104. goto bad_key;
  105. if (current_key + 1 == UINT_MAX)
  106. set_bit(RXRPC_CONN_DONT_REUSE, &conn->flags);
  107. key_number = current_key + 1;
  108. if (WARN_ON(conn->rxgk.keys[key_number & mask]))
  109. goto bad_key;
  110. crank = true;
  111. generate_key:
  112. gk = conn->rxgk.keys[current_key & mask];
  113. gk = rxgk_generate_transport_key(conn, gk->key, key_number, GFP_NOFS);
  114. if (IS_ERR(gk)) {
  115. mutex_unlock(&conn->security_lock);
  116. return gk;
  117. }
  118. write_lock(&conn->security_use_lock);
  119. if (crank) {
  120. current_key++;
  121. conn->rxgk.key_number = current_key;
  122. dead = conn->rxgk.keys[(current_key - 2) & mask];
  123. conn->rxgk.keys[(current_key - 2) & mask] = NULL;
  124. }
  125. conn->rxgk.keys[current_key & mask] = gk;
  126. write_unlock(&conn->security_use_lock);
  127. goto grab;
  128. bad_key:
  129. mutex_unlock(&conn->security_lock);
  130. return ERR_PTR(-ESTALE);
  131. }
  132. /*
  133. * Get the specified keying context.
  134. *
  135. * Returns a ref on the context if successful or -ESTALE if the key is out of
  136. * date.
  137. */
  138. static struct rxgk_context *rxgk_get_key(struct rxrpc_connection *conn,
  139. const u16 *specific_key_number)
  140. {
  141. struct rxgk_context *gk;
  142. unsigned int key_number, current_key, mask = ARRAY_SIZE(conn->rxgk.keys) - 1;
  143. _enter("{%u},%d",
  144. conn->rxgk.key_number, specific_key_number ? *specific_key_number : -1);
  145. read_lock(&conn->security_use_lock);
  146. current_key = conn->rxgk.key_number;
  147. if (!specific_key_number) {
  148. key_number = current_key;
  149. } else {
  150. /* Only the bottom 16 bits of the key number are exposed in the
  151. * header, so we try and keep the upper 16 bits in step. The
  152. * whole 32 bits are used to generate the TK.
  153. */
  154. if (*specific_key_number == (u16)current_key)
  155. key_number = current_key;
  156. else if (*specific_key_number == (u16)(current_key - 1))
  157. key_number = current_key - 1;
  158. else if (*specific_key_number == (u16)(current_key + 1))
  159. goto rekey;
  160. else
  161. goto bad_key;
  162. }
  163. gk = conn->rxgk.keys[key_number & mask];
  164. if (!gk)
  165. goto slow_path;
  166. if (!specific_key_number &&
  167. key_number < UINT_MAX) {
  168. if (time_after(jiffies, gk->expiry) ||
  169. gk->bytes_remaining < 0) {
  170. set_bit(RXGK_TK_NEEDS_REKEY, &gk->flags);
  171. goto slow_path;
  172. }
  173. if (test_bit(RXGK_TK_NEEDS_REKEY, &gk->flags))
  174. goto slow_path;
  175. }
  176. refcount_inc(&gk->usage);
  177. read_unlock(&conn->security_use_lock);
  178. return gk;
  179. rekey:
  180. _debug("rekey");
  181. if (current_key == UINT_MAX)
  182. goto bad_key;
  183. gk = conn->rxgk.keys[current_key & mask];
  184. if (gk)
  185. set_bit(RXGK_TK_NEEDS_REKEY, &gk->flags);
  186. slow_path:
  187. read_unlock(&conn->security_use_lock);
  188. return rxgk_rekey(conn, specific_key_number);
  189. bad_key:
  190. read_unlock(&conn->security_use_lock);
  191. return ERR_PTR(-ESTALE);
  192. }
  193. /*
  194. * initialise connection security
  195. */
  196. static int rxgk_init_connection_security(struct rxrpc_connection *conn,
  197. struct rxrpc_key_token *token)
  198. {
  199. struct rxgk_context *gk;
  200. int ret;
  201. _enter("{%d,%u},{%x}",
  202. conn->debug_id, conn->rxgk.key_number, key_serial(conn->key));
  203. conn->security_ix = token->security_index;
  204. conn->security_level = token->rxgk->level;
  205. if (rxrpc_conn_is_client(conn)) {
  206. conn->rxgk.start_time = ktime_get();
  207. do_div(conn->rxgk.start_time, 100);
  208. }
  209. gk = rxgk_generate_transport_key(conn, token->rxgk, conn->rxgk.key_number,
  210. GFP_NOFS);
  211. if (IS_ERR(gk))
  212. return PTR_ERR(gk);
  213. conn->rxgk.enctype = gk->krb5->etype;
  214. conn->rxgk.keys[gk->key_number & 3] = gk;
  215. switch (conn->security_level) {
  216. case RXRPC_SECURITY_PLAIN:
  217. case RXRPC_SECURITY_AUTH:
  218. case RXRPC_SECURITY_ENCRYPT:
  219. break;
  220. default:
  221. ret = -EKEYREJECTED;
  222. goto error;
  223. }
  224. ret = 0;
  225. error:
  226. _leave(" = %d", ret);
  227. return ret;
  228. }
  229. /*
  230. * Clean up the crypto on a call.
  231. */
  232. static void rxgk_free_call_crypto(struct rxrpc_call *call)
  233. {
  234. }
  235. /*
  236. * Work out how much data we can put in a packet.
  237. */
  238. static struct rxrpc_txbuf *rxgk_alloc_txbuf(struct rxrpc_call *call, size_t remain, gfp_t gfp)
  239. {
  240. enum krb5_crypto_mode mode;
  241. struct rxgk_context *gk;
  242. struct rxrpc_txbuf *txb;
  243. size_t shdr, alloc, limit, part, offset, gap;
  244. switch (call->conn->security_level) {
  245. default:
  246. alloc = umin(remain, RXRPC_JUMBO_DATALEN);
  247. return rxrpc_alloc_data_txbuf(call, alloc, 1, gfp);
  248. case RXRPC_SECURITY_AUTH:
  249. shdr = 0;
  250. mode = KRB5_CHECKSUM_MODE;
  251. break;
  252. case RXRPC_SECURITY_ENCRYPT:
  253. shdr = sizeof(struct rxgk_header);
  254. mode = KRB5_ENCRYPT_MODE;
  255. break;
  256. }
  257. gk = rxgk_get_key(call->conn, NULL);
  258. if (IS_ERR(gk))
  259. return NULL;
  260. /* Work out the maximum amount of data that will fit. */
  261. alloc = RXRPC_JUMBO_DATALEN;
  262. limit = crypto_krb5_how_much_data(gk->krb5, mode, &alloc, &offset);
  263. if (remain < limit - shdr) {
  264. part = remain;
  265. alloc = crypto_krb5_how_much_buffer(gk->krb5, mode,
  266. shdr + part, &offset);
  267. gap = 0;
  268. } else {
  269. part = limit - shdr;
  270. gap = RXRPC_JUMBO_DATALEN - alloc;
  271. alloc = RXRPC_JUMBO_DATALEN;
  272. }
  273. rxgk_put(gk);
  274. txb = rxrpc_alloc_data_txbuf(call, alloc, 16, gfp);
  275. if (!txb)
  276. return NULL;
  277. txb->crypto_header = offset;
  278. txb->sec_header = shdr;
  279. txb->offset += offset + shdr;
  280. txb->space = part;
  281. /* Clear excess space in the packet */
  282. if (gap)
  283. memset(txb->data + alloc - gap, 0, gap);
  284. return txb;
  285. }
  286. /*
  287. * Integrity mode (sign a packet - level 1 security)
  288. */
  289. static int rxgk_secure_packet_integrity(const struct rxrpc_call *call,
  290. struct rxgk_context *gk,
  291. struct rxrpc_txbuf *txb)
  292. {
  293. struct rxgk_header *hdr;
  294. struct scatterlist sg[1];
  295. struct krb5_buffer metadata;
  296. int ret = -ENOMEM;
  297. _enter("");
  298. hdr = kzalloc_obj(*hdr, GFP_NOFS);
  299. if (!hdr)
  300. goto error_gk;
  301. hdr->epoch = htonl(call->conn->proto.epoch);
  302. hdr->cid = htonl(call->cid);
  303. hdr->call_number = htonl(call->call_id);
  304. hdr->seq = htonl(txb->seq);
  305. hdr->sec_index = htonl(call->security_ix);
  306. hdr->data_len = htonl(txb->len);
  307. metadata.len = sizeof(*hdr);
  308. metadata.data = hdr;
  309. sg_init_table(sg, 1);
  310. sg_set_buf(&sg[0], txb->data, txb->alloc_size);
  311. ret = crypto_krb5_get_mic(gk->krb5, gk->tx_Kc, &metadata,
  312. sg, 1, txb->alloc_size,
  313. txb->crypto_header, txb->sec_header + txb->len);
  314. if (ret >= 0) {
  315. txb->pkt_len = ret;
  316. if (txb->alloc_size == RXRPC_JUMBO_DATALEN)
  317. txb->jumboable = true;
  318. gk->bytes_remaining -= ret;
  319. }
  320. kfree(hdr);
  321. error_gk:
  322. rxgk_put(gk);
  323. _leave(" = %d", ret);
  324. return ret;
  325. }
  326. /*
  327. * wholly encrypt a packet (level 2 security)
  328. */
  329. static int rxgk_secure_packet_encrypted(const struct rxrpc_call *call,
  330. struct rxgk_context *gk,
  331. struct rxrpc_txbuf *txb)
  332. {
  333. struct rxgk_header *hdr;
  334. struct scatterlist sg[1];
  335. int ret;
  336. _enter("%x", txb->len);
  337. /* Insert the header into the buffer. */
  338. hdr = txb->data + txb->crypto_header;
  339. hdr->epoch = htonl(call->conn->proto.epoch);
  340. hdr->cid = htonl(call->cid);
  341. hdr->call_number = htonl(call->call_id);
  342. hdr->seq = htonl(txb->seq);
  343. hdr->sec_index = htonl(call->security_ix);
  344. hdr->data_len = htonl(txb->len);
  345. sg_init_table(sg, 1);
  346. sg_set_buf(&sg[0], txb->data, txb->alloc_size);
  347. ret = crypto_krb5_encrypt(gk->krb5, gk->tx_enc,
  348. sg, 1, txb->alloc_size,
  349. txb->crypto_header, txb->sec_header + txb->len,
  350. false);
  351. if (ret >= 0) {
  352. txb->pkt_len = ret;
  353. if (txb->alloc_size == RXRPC_JUMBO_DATALEN)
  354. txb->jumboable = true;
  355. gk->bytes_remaining -= ret;
  356. }
  357. rxgk_put(gk);
  358. _leave(" = %d", ret);
  359. return ret;
  360. }
  361. /*
  362. * checksum an RxRPC packet header
  363. */
  364. static int rxgk_secure_packet(struct rxrpc_call *call, struct rxrpc_txbuf *txb)
  365. {
  366. struct rxgk_context *gk;
  367. int ret;
  368. _enter("{%d{%x}},{#%u},%u,",
  369. call->debug_id, key_serial(call->conn->key), txb->seq, txb->len);
  370. gk = rxgk_get_key(call->conn, NULL);
  371. if (IS_ERR(gk))
  372. return PTR_ERR(gk) == -ESTALE ? -EKEYREJECTED : PTR_ERR(gk);
  373. ret = key_validate(call->conn->key);
  374. if (ret < 0) {
  375. rxgk_put(gk);
  376. return ret;
  377. }
  378. call->security_enctype = gk->krb5->etype;
  379. txb->cksum = htons(gk->key_number);
  380. switch (call->conn->security_level) {
  381. case RXRPC_SECURITY_PLAIN:
  382. rxgk_put(gk);
  383. txb->pkt_len = txb->len;
  384. return 0;
  385. case RXRPC_SECURITY_AUTH:
  386. return rxgk_secure_packet_integrity(call, gk, txb);
  387. case RXRPC_SECURITY_ENCRYPT:
  388. return rxgk_secure_packet_encrypted(call, gk, txb);
  389. default:
  390. rxgk_put(gk);
  391. return -EPERM;
  392. }
  393. }
  394. /*
  395. * Integrity mode (check the signature on a packet - level 1 security)
  396. */
  397. static int rxgk_verify_packet_integrity(struct rxrpc_call *call,
  398. struct rxgk_context *gk,
  399. struct sk_buff *skb)
  400. {
  401. struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
  402. struct rxgk_header *hdr;
  403. struct krb5_buffer metadata;
  404. unsigned int offset = sp->offset, len = sp->len;
  405. size_t data_offset = 0, data_len = len;
  406. u32 ac = 0;
  407. int ret = -ENOMEM;
  408. _enter("");
  409. crypto_krb5_where_is_the_data(gk->krb5, KRB5_CHECKSUM_MODE,
  410. &data_offset, &data_len);
  411. hdr = kzalloc_obj(*hdr, GFP_NOFS);
  412. if (!hdr)
  413. goto put_gk;
  414. hdr->epoch = htonl(call->conn->proto.epoch);
  415. hdr->cid = htonl(call->cid);
  416. hdr->call_number = htonl(call->call_id);
  417. hdr->seq = htonl(sp->hdr.seq);
  418. hdr->sec_index = htonl(call->security_ix);
  419. hdr->data_len = htonl(data_len);
  420. metadata.len = sizeof(*hdr);
  421. metadata.data = hdr;
  422. ret = rxgk_verify_mic_skb(gk->krb5, gk->rx_Kc, &metadata,
  423. skb, &offset, &len, &ac);
  424. kfree(hdr);
  425. if (ret < 0) {
  426. if (ret != -ENOMEM)
  427. rxrpc_abort_eproto(call, skb, ac,
  428. rxgk_abort_1_verify_mic_eproto);
  429. } else {
  430. sp->offset = offset;
  431. sp->len = len;
  432. }
  433. put_gk:
  434. rxgk_put(gk);
  435. _leave(" = %d", ret);
  436. return ret;
  437. }
  438. /*
  439. * Decrypt an encrypted packet (level 2 security).
  440. */
  441. static int rxgk_verify_packet_encrypted(struct rxrpc_call *call,
  442. struct rxgk_context *gk,
  443. struct sk_buff *skb)
  444. {
  445. struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
  446. struct rxgk_header hdr;
  447. unsigned int offset = sp->offset, len = sp->len;
  448. int ret;
  449. u32 ac = 0;
  450. _enter("");
  451. ret = rxgk_decrypt_skb(gk->krb5, gk->rx_enc, skb, &offset, &len, &ac);
  452. if (ret < 0) {
  453. if (ret != -ENOMEM)
  454. rxrpc_abort_eproto(call, skb, ac, rxgk_abort_2_decrypt_eproto);
  455. goto error;
  456. }
  457. if (len < sizeof(hdr)) {
  458. ret = rxrpc_abort_eproto(call, skb, RXGK_PACKETSHORT,
  459. rxgk_abort_2_short_header);
  460. goto error;
  461. }
  462. /* Extract the header from the skb */
  463. ret = skb_copy_bits(skb, offset, &hdr, sizeof(hdr));
  464. if (ret < 0) {
  465. ret = rxrpc_abort_eproto(call, skb, RXGK_PACKETSHORT,
  466. rxgk_abort_2_short_encdata);
  467. goto error;
  468. }
  469. offset += sizeof(hdr);
  470. len -= sizeof(hdr);
  471. if (ntohl(hdr.epoch) != call->conn->proto.epoch ||
  472. ntohl(hdr.cid) != call->cid ||
  473. ntohl(hdr.call_number) != call->call_id ||
  474. ntohl(hdr.seq) != sp->hdr.seq ||
  475. ntohl(hdr.sec_index) != call->security_ix ||
  476. ntohl(hdr.data_len) > len) {
  477. ret = rxrpc_abort_eproto(call, skb, RXGK_SEALEDINCON,
  478. rxgk_abort_2_short_data);
  479. goto error;
  480. }
  481. sp->offset = offset;
  482. sp->len = ntohl(hdr.data_len);
  483. ret = 0;
  484. error:
  485. rxgk_put(gk);
  486. _leave(" = %d", ret);
  487. return ret;
  488. }
  489. /*
  490. * Verify the security on a received packet or subpacket (if part of a
  491. * jumbo packet).
  492. */
  493. static int rxgk_verify_packet(struct rxrpc_call *call, struct sk_buff *skb)
  494. {
  495. struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
  496. struct rxgk_context *gk;
  497. u16 key_number = sp->hdr.cksum;
  498. _enter("{%d{%x}},{#%u}",
  499. call->debug_id, key_serial(call->conn->key), sp->hdr.seq);
  500. gk = rxgk_get_key(call->conn, &key_number);
  501. if (IS_ERR(gk)) {
  502. switch (PTR_ERR(gk)) {
  503. case -ESTALE:
  504. return rxrpc_abort_eproto(call, skb, RXGK_BADKEYNO,
  505. rxgk_abort_bad_key_number);
  506. default:
  507. return PTR_ERR(gk);
  508. }
  509. }
  510. call->security_enctype = gk->krb5->etype;
  511. switch (call->conn->security_level) {
  512. case RXRPC_SECURITY_PLAIN:
  513. rxgk_put(gk);
  514. return 0;
  515. case RXRPC_SECURITY_AUTH:
  516. return rxgk_verify_packet_integrity(call, gk, skb);
  517. case RXRPC_SECURITY_ENCRYPT:
  518. return rxgk_verify_packet_encrypted(call, gk, skb);
  519. default:
  520. rxgk_put(gk);
  521. return -ENOANO;
  522. }
  523. }
  524. /*
  525. * Allocate memory to hold a challenge or a response packet. We're not running
  526. * in the io_thread, so we can't use ->tx_alloc.
  527. */
  528. static struct page *rxgk_alloc_packet(size_t total_len)
  529. {
  530. gfp_t gfp = GFP_NOFS;
  531. int order;
  532. order = get_order(total_len);
  533. if (order > 0)
  534. gfp |= __GFP_COMP;
  535. return alloc_pages(gfp, order);
  536. }
  537. /*
  538. * Issue a challenge.
  539. */
  540. static int rxgk_issue_challenge(struct rxrpc_connection *conn)
  541. {
  542. struct rxrpc_wire_header *whdr;
  543. struct bio_vec bvec[1];
  544. struct msghdr msg;
  545. struct page *page;
  546. size_t len = sizeof(*whdr) + sizeof(conn->rxgk.nonce);
  547. u32 serial;
  548. int ret;
  549. _enter("{%d}", conn->debug_id);
  550. get_random_bytes(&conn->rxgk.nonce, sizeof(conn->rxgk.nonce));
  551. /* We can't use conn->tx_alloc without a lock */
  552. page = rxgk_alloc_packet(sizeof(*whdr) + sizeof(conn->rxgk.nonce));
  553. if (!page)
  554. return -ENOMEM;
  555. bvec_set_page(&bvec[0], page, len, 0);
  556. iov_iter_bvec(&msg.msg_iter, WRITE, bvec, 1, len);
  557. msg.msg_name = &conn->peer->srx.transport;
  558. msg.msg_namelen = conn->peer->srx.transport_len;
  559. msg.msg_control = NULL;
  560. msg.msg_controllen = 0;
  561. msg.msg_flags = MSG_SPLICE_PAGES;
  562. whdr = page_address(page);
  563. whdr->epoch = htonl(conn->proto.epoch);
  564. whdr->cid = htonl(conn->proto.cid);
  565. whdr->callNumber = 0;
  566. whdr->seq = 0;
  567. whdr->type = RXRPC_PACKET_TYPE_CHALLENGE;
  568. whdr->flags = conn->out_clientflag;
  569. whdr->userStatus = 0;
  570. whdr->securityIndex = conn->security_ix;
  571. whdr->_rsvd = 0;
  572. whdr->serviceId = htons(conn->service_id);
  573. memcpy(whdr + 1, conn->rxgk.nonce, sizeof(conn->rxgk.nonce));
  574. serial = rxrpc_get_next_serials(conn, 1);
  575. whdr->serial = htonl(serial);
  576. trace_rxrpc_tx_challenge(conn, serial, 0, *(u32 *)&conn->rxgk.nonce);
  577. ret = do_udp_sendmsg(conn->local->socket, &msg, len);
  578. if (ret > 0)
  579. rxrpc_peer_mark_tx(conn->peer);
  580. __free_page(page);
  581. if (ret < 0) {
  582. trace_rxrpc_tx_fail(conn->debug_id, serial, ret,
  583. rxrpc_tx_point_rxgk_challenge);
  584. return -EAGAIN;
  585. }
  586. trace_rxrpc_tx_packet(conn->debug_id, whdr,
  587. rxrpc_tx_point_rxgk_challenge);
  588. _leave(" = 0");
  589. return 0;
  590. }
  591. /*
  592. * Validate a challenge packet.
  593. */
  594. static bool rxgk_validate_challenge(struct rxrpc_connection *conn,
  595. struct sk_buff *skb)
  596. {
  597. struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
  598. u8 nonce[20];
  599. if (!conn->key) {
  600. rxrpc_abort_conn(conn, skb, RX_PROTOCOL_ERROR, -EPROTO,
  601. rxgk_abort_chall_no_key);
  602. return false;
  603. }
  604. if (key_validate(conn->key) < 0) {
  605. rxrpc_abort_conn(conn, skb, RXGK_EXPIRED, -EPROTO,
  606. rxgk_abort_chall_key_expired);
  607. return false;
  608. }
  609. if (skb_copy_bits(skb, sizeof(struct rxrpc_wire_header),
  610. nonce, sizeof(nonce)) < 0) {
  611. rxrpc_abort_conn(conn, skb, RXGK_PACKETSHORT, -EPROTO,
  612. rxgk_abort_chall_short);
  613. return false;
  614. }
  615. trace_rxrpc_rx_challenge(conn, sp->hdr.serial, 0, *(u32 *)nonce, 0);
  616. return true;
  617. }
  618. /**
  619. * rxgk_kernel_query_challenge - Query RxGK-specific challenge parameters
  620. * @challenge: The challenge packet to query
  621. *
  622. * Return: The Kerberos 5 encoding type for the challenged connection.
  623. */
  624. u32 rxgk_kernel_query_challenge(struct sk_buff *challenge)
  625. {
  626. struct rxrpc_skb_priv *sp = rxrpc_skb(challenge);
  627. return sp->chall.conn->rxgk.enctype;
  628. }
  629. EXPORT_SYMBOL(rxgk_kernel_query_challenge);
  630. /*
  631. * Fill out the control message to pass to userspace to inform about the
  632. * challenge.
  633. */
  634. static int rxgk_challenge_to_recvmsg(struct rxrpc_connection *conn,
  635. struct sk_buff *challenge,
  636. struct msghdr *msg)
  637. {
  638. struct rxgk_challenge chall;
  639. chall.base.service_id = conn->service_id;
  640. chall.base.security_index = conn->security_ix;
  641. chall.enctype = conn->rxgk.enctype;
  642. return put_cmsg(msg, SOL_RXRPC, RXRPC_CHALLENGED, sizeof(chall), &chall);
  643. }
  644. /*
  645. * Insert the requisite amount of XDR padding for the length given.
  646. */
  647. static int rxgk_pad_out(struct sk_buff *response, size_t len, size_t offset)
  648. {
  649. __be32 zero = 0;
  650. size_t pad = xdr_round_up(len) - len;
  651. int ret;
  652. if (!pad)
  653. return 0;
  654. ret = skb_store_bits(response, offset, &zero, pad);
  655. if (ret < 0)
  656. return ret;
  657. return pad;
  658. }
  659. /*
  660. * Insert the header into the response.
  661. */
  662. static noinline ssize_t rxgk_insert_response_header(struct rxrpc_connection *conn,
  663. struct rxgk_context *gk,
  664. struct sk_buff *response,
  665. size_t offset)
  666. {
  667. struct rxrpc_skb_priv *rsp = rxrpc_skb(response);
  668. struct {
  669. struct rxrpc_wire_header whdr;
  670. __be32 start_time_msw;
  671. __be32 start_time_lsw;
  672. __be32 ticket_len;
  673. } h;
  674. int ret;
  675. rsp->resp.kvno = gk->key_number;
  676. rsp->resp.version = gk->krb5->etype;
  677. h.whdr.epoch = htonl(conn->proto.epoch);
  678. h.whdr.cid = htonl(conn->proto.cid);
  679. h.whdr.callNumber = 0;
  680. h.whdr.serial = 0;
  681. h.whdr.seq = 0;
  682. h.whdr.type = RXRPC_PACKET_TYPE_RESPONSE;
  683. h.whdr.flags = conn->out_clientflag;
  684. h.whdr.userStatus = 0;
  685. h.whdr.securityIndex = conn->security_ix;
  686. h.whdr.cksum = htons(gk->key_number);
  687. h.whdr.serviceId = htons(conn->service_id);
  688. h.start_time_msw = htonl(upper_32_bits(conn->rxgk.start_time));
  689. h.start_time_lsw = htonl(lower_32_bits(conn->rxgk.start_time));
  690. h.ticket_len = htonl(gk->key->ticket.len);
  691. ret = skb_store_bits(response, offset, &h, sizeof(h));
  692. return ret < 0 ? ret : sizeof(h);
  693. }
  694. /*
  695. * Construct the authenticator to go in the response packet
  696. *
  697. * struct RXGK_Authenticator {
  698. * opaque nonce[20];
  699. * opaque appdata<>;
  700. * RXGK_Level level;
  701. * unsigned int epoch;
  702. * unsigned int cid;
  703. * unsigned int call_numbers<>;
  704. * };
  705. */
  706. static ssize_t rxgk_construct_authenticator(struct rxrpc_connection *conn,
  707. struct sk_buff *challenge,
  708. const struct krb5_buffer *appdata,
  709. struct sk_buff *response,
  710. size_t offset)
  711. {
  712. struct {
  713. u8 nonce[20];
  714. __be32 appdata_len;
  715. } a;
  716. struct {
  717. __be32 level;
  718. __be32 epoch;
  719. __be32 cid;
  720. __be32 call_numbers_count;
  721. __be32 call_numbers[4];
  722. } b;
  723. int ret;
  724. ret = skb_copy_bits(challenge, sizeof(struct rxrpc_wire_header),
  725. a.nonce, sizeof(a.nonce));
  726. if (ret < 0)
  727. return -EPROTO;
  728. a.appdata_len = htonl(appdata->len);
  729. ret = skb_store_bits(response, offset, &a, sizeof(a));
  730. if (ret < 0)
  731. return ret;
  732. offset += sizeof(a);
  733. if (appdata->len) {
  734. ret = skb_store_bits(response, offset, appdata->data, appdata->len);
  735. if (ret < 0)
  736. return ret;
  737. offset += appdata->len;
  738. ret = rxgk_pad_out(response, appdata->len, offset);
  739. if (ret < 0)
  740. return ret;
  741. offset += ret;
  742. }
  743. b.level = htonl(conn->security_level);
  744. b.epoch = htonl(conn->proto.epoch);
  745. b.cid = htonl(conn->proto.cid);
  746. b.call_numbers_count = htonl(4);
  747. b.call_numbers[0] = htonl(conn->channels[0].call_counter);
  748. b.call_numbers[1] = htonl(conn->channels[1].call_counter);
  749. b.call_numbers[2] = htonl(conn->channels[2].call_counter);
  750. b.call_numbers[3] = htonl(conn->channels[3].call_counter);
  751. ret = skb_store_bits(response, offset, &b, sizeof(b));
  752. if (ret < 0)
  753. return ret;
  754. return sizeof(a) + xdr_round_up(appdata->len) + sizeof(b);
  755. }
  756. static ssize_t rxgk_encrypt_authenticator(struct rxrpc_connection *conn,
  757. struct rxgk_context *gk,
  758. struct sk_buff *response,
  759. size_t offset,
  760. size_t alloc_len,
  761. size_t auth_offset,
  762. size_t auth_len)
  763. {
  764. struct scatterlist sg[16];
  765. int nr_sg;
  766. sg_init_table(sg, ARRAY_SIZE(sg));
  767. nr_sg = skb_to_sgvec(response, sg, offset, alloc_len);
  768. if (unlikely(nr_sg < 0))
  769. return nr_sg;
  770. return crypto_krb5_encrypt(gk->krb5, gk->resp_enc, sg, nr_sg, alloc_len,
  771. auth_offset, auth_len, false);
  772. }
  773. /*
  774. * Construct the response.
  775. *
  776. * struct RXGK_Response {
  777. * rxgkTime start_time;
  778. * RXGK_Data token;
  779. * opaque authenticator<RXGK_MAXAUTHENTICATOR>
  780. * };
  781. */
  782. static int rxgk_construct_response(struct rxrpc_connection *conn,
  783. struct sk_buff *challenge,
  784. struct krb5_buffer *appdata)
  785. {
  786. struct rxrpc_skb_priv *csp, *rsp;
  787. struct rxgk_context *gk;
  788. struct sk_buff *response;
  789. size_t len, auth_len, authx_len, offset, auth_offset, authx_offset;
  790. __be32 tmp;
  791. int ret;
  792. gk = rxgk_get_key(conn, NULL);
  793. if (IS_ERR(gk))
  794. return PTR_ERR(gk);
  795. auth_len = 20 + (4 + appdata->len) + 12 + (1 + 4) * 4;
  796. authx_len = crypto_krb5_how_much_buffer(gk->krb5, KRB5_ENCRYPT_MODE,
  797. auth_len, &auth_offset);
  798. len = sizeof(struct rxrpc_wire_header) +
  799. 8 + (4 + xdr_round_up(gk->key->ticket.len)) + (4 + authx_len);
  800. response = alloc_skb_with_frags(0, len, 0, &ret, GFP_NOFS);
  801. if (!response)
  802. goto error;
  803. rxrpc_new_skb(response, rxrpc_skb_new_response_rxgk);
  804. response->len = len;
  805. response->data_len = len;
  806. ret = rxgk_insert_response_header(conn, gk, response, 0);
  807. if (ret < 0)
  808. goto error;
  809. offset = ret;
  810. ret = skb_store_bits(response, offset, gk->key->ticket.data, gk->key->ticket.len);
  811. if (ret < 0)
  812. goto error;
  813. offset += gk->key->ticket.len;
  814. ret = rxgk_pad_out(response, gk->key->ticket.len, offset);
  815. if (ret < 0)
  816. goto error;
  817. authx_offset = offset + ret + 4; /* Leave a gap for the length. */
  818. ret = rxgk_construct_authenticator(conn, challenge, appdata, response,
  819. authx_offset + auth_offset);
  820. if (ret < 0)
  821. goto error;
  822. auth_len = ret;
  823. ret = rxgk_encrypt_authenticator(conn, gk, response,
  824. authx_offset, authx_len,
  825. auth_offset, auth_len);
  826. if (ret < 0)
  827. goto error;
  828. authx_len = ret;
  829. tmp = htonl(authx_len);
  830. ret = skb_store_bits(response, authx_offset - 4, &tmp, 4);
  831. if (ret < 0)
  832. goto error;
  833. ret = rxgk_pad_out(response, authx_len, authx_offset + authx_len);
  834. if (ret < 0)
  835. goto error;
  836. len = authx_offset + authx_len + ret;
  837. if (len != response->len) {
  838. response->len = len;
  839. response->data_len = len;
  840. }
  841. csp = rxrpc_skb(challenge);
  842. rsp = rxrpc_skb(response);
  843. rsp->resp.len = len;
  844. rsp->resp.challenge_serial = csp->hdr.serial;
  845. rxrpc_post_response(conn, response);
  846. response = NULL;
  847. ret = 0;
  848. error:
  849. rxrpc_free_skb(response, rxrpc_skb_put_response);
  850. rxgk_put(gk);
  851. _leave(" = %d", ret);
  852. return ret;
  853. }
  854. /*
  855. * Respond to a challenge packet.
  856. */
  857. static int rxgk_respond_to_challenge(struct rxrpc_connection *conn,
  858. struct sk_buff *challenge,
  859. struct krb5_buffer *appdata)
  860. {
  861. _enter("{%d,%x}", conn->debug_id, key_serial(conn->key));
  862. if (key_validate(conn->key) < 0)
  863. return rxrpc_abort_conn(conn, NULL, RXGK_EXPIRED, -EPROTO,
  864. rxgk_abort_chall_key_expired);
  865. return rxgk_construct_response(conn, challenge, appdata);
  866. }
  867. static int rxgk_respond_to_challenge_no_appdata(struct rxrpc_connection *conn,
  868. struct sk_buff *challenge)
  869. {
  870. struct krb5_buffer appdata = {};
  871. return rxgk_respond_to_challenge(conn, challenge, &appdata);
  872. }
  873. /**
  874. * rxgk_kernel_respond_to_challenge - Respond to a challenge with appdata
  875. * @challenge: The challenge to respond to
  876. * @appdata: The application data to include in the RESPONSE authenticator
  877. *
  878. * Allow a kernel application to respond to a CHALLENGE with application data
  879. * to be included in the RxGK RESPONSE Authenticator.
  880. *
  881. * Return: %0 if successful and a negative error code otherwise.
  882. */
  883. int rxgk_kernel_respond_to_challenge(struct sk_buff *challenge,
  884. struct krb5_buffer *appdata)
  885. {
  886. struct rxrpc_skb_priv *csp = rxrpc_skb(challenge);
  887. return rxgk_respond_to_challenge(csp->chall.conn, challenge, appdata);
  888. }
  889. EXPORT_SYMBOL(rxgk_kernel_respond_to_challenge);
  890. /*
  891. * Parse sendmsg() control message and respond to challenge. We need to see if
  892. * there's an appdata to fish out.
  893. */
  894. static int rxgk_sendmsg_respond_to_challenge(struct sk_buff *challenge,
  895. struct msghdr *msg)
  896. {
  897. struct krb5_buffer appdata = {};
  898. struct cmsghdr *cmsg;
  899. for_each_cmsghdr(cmsg, msg) {
  900. if (cmsg->cmsg_level != SOL_RXRPC ||
  901. cmsg->cmsg_type != RXRPC_RESP_RXGK_APPDATA)
  902. continue;
  903. if (appdata.data)
  904. return -EINVAL;
  905. appdata.data = CMSG_DATA(cmsg);
  906. appdata.len = cmsg->cmsg_len - sizeof(struct cmsghdr);
  907. }
  908. return rxgk_kernel_respond_to_challenge(challenge, &appdata);
  909. }
  910. /*
  911. * Verify the authenticator.
  912. *
  913. * struct RXGK_Authenticator {
  914. * opaque nonce[20];
  915. * opaque appdata<>;
  916. * RXGK_Level level;
  917. * unsigned int epoch;
  918. * unsigned int cid;
  919. * unsigned int call_numbers<>;
  920. * };
  921. */
  922. static int rxgk_do_verify_authenticator(struct rxrpc_connection *conn,
  923. const struct krb5_enctype *krb5,
  924. struct sk_buff *skb,
  925. __be32 *p, __be32 *end)
  926. {
  927. u32 app_len, call_count, level, epoch, cid, i;
  928. _enter("");
  929. if ((end - p) * sizeof(__be32) < 24)
  930. return rxrpc_abort_conn(conn, skb, RXGK_NOTAUTH, -EPROTO,
  931. rxgk_abort_resp_short_auth);
  932. if (memcmp(p, conn->rxgk.nonce, 20) != 0)
  933. return rxrpc_abort_conn(conn, skb, RXGK_NOTAUTH, -EPROTO,
  934. rxgk_abort_resp_bad_nonce);
  935. p += 20 / sizeof(__be32);
  936. app_len = ntohl(*p++);
  937. if (app_len > (end - p) * sizeof(__be32))
  938. return rxrpc_abort_conn(conn, skb, RXGK_NOTAUTH, -EPROTO,
  939. rxgk_abort_resp_short_applen);
  940. p += xdr_round_up(app_len) / sizeof(__be32);
  941. if (end - p < 4)
  942. return rxrpc_abort_conn(conn, skb, RXGK_NOTAUTH, -EPROTO,
  943. rxgk_abort_resp_short_auth);
  944. level = ntohl(*p++);
  945. epoch = ntohl(*p++);
  946. cid = ntohl(*p++);
  947. call_count = ntohl(*p++);
  948. if (level != conn->security_level ||
  949. epoch != conn->proto.epoch ||
  950. cid != conn->proto.cid ||
  951. call_count > 4)
  952. return rxrpc_abort_conn(conn, skb, RXGK_NOTAUTH, -EPROTO,
  953. rxgk_abort_resp_bad_param);
  954. if (end - p < call_count)
  955. return rxrpc_abort_conn(conn, skb, RXGK_NOTAUTH, -EPROTO,
  956. rxgk_abort_resp_short_call_list);
  957. for (i = 0; i < call_count; i++) {
  958. u32 call_id = ntohl(*p++);
  959. if (call_id > INT_MAX)
  960. return rxrpc_abort_conn(conn, skb, RXGK_NOTAUTH, -EPROTO,
  961. rxgk_abort_resp_bad_callid);
  962. if (call_id < conn->channels[i].call_counter)
  963. return rxrpc_abort_conn(conn, skb, RXGK_NOTAUTH, -EPROTO,
  964. rxgk_abort_resp_call_ctr);
  965. if (call_id > conn->channels[i].call_counter) {
  966. if (conn->channels[i].call)
  967. return rxrpc_abort_conn(conn, skb, RXGK_NOTAUTH, -EPROTO,
  968. rxgk_abort_resp_call_state);
  969. conn->channels[i].call_counter = call_id;
  970. }
  971. }
  972. _leave(" = 0");
  973. return 0;
  974. }
  975. /*
  976. * Extract the authenticator and verify it.
  977. */
  978. static int rxgk_verify_authenticator(struct rxrpc_connection *conn,
  979. const struct krb5_enctype *krb5,
  980. struct sk_buff *skb,
  981. unsigned int auth_offset, unsigned int auth_len)
  982. {
  983. void *auth;
  984. __be32 *p;
  985. int ret;
  986. auth = kmalloc(auth_len, GFP_NOFS);
  987. if (!auth)
  988. return -ENOMEM;
  989. ret = skb_copy_bits(skb, auth_offset, auth, auth_len);
  990. if (ret < 0) {
  991. ret = rxrpc_abort_conn(conn, skb, RXGK_NOTAUTH, -EPROTO,
  992. rxgk_abort_resp_short_auth);
  993. goto error;
  994. }
  995. p = auth;
  996. ret = rxgk_do_verify_authenticator(conn, krb5, skb, p,
  997. p + auth_len / sizeof(*p));
  998. error:
  999. kfree(auth);
  1000. return ret;
  1001. }
  1002. /*
  1003. * Verify a response.
  1004. *
  1005. * struct RXGK_Response {
  1006. * rxgkTime start_time;
  1007. * RXGK_Data token;
  1008. * opaque authenticator<RXGK_MAXAUTHENTICATOR>
  1009. * };
  1010. */
  1011. static int rxgk_verify_response(struct rxrpc_connection *conn,
  1012. struct sk_buff *skb)
  1013. {
  1014. const struct krb5_enctype *krb5;
  1015. struct rxrpc_key_token *token;
  1016. struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
  1017. struct rxgk_response rhdr;
  1018. struct rxgk_context *gk;
  1019. struct key *key = NULL;
  1020. unsigned int offset = sizeof(struct rxrpc_wire_header);
  1021. unsigned int len = skb->len - sizeof(struct rxrpc_wire_header);
  1022. unsigned int token_offset, token_len;
  1023. unsigned int auth_offset, auth_len;
  1024. __be32 xauth_len;
  1025. int ret, ec;
  1026. _enter("{%d}", conn->debug_id);
  1027. /* Parse the RXGK_Response object */
  1028. if (sizeof(rhdr) + sizeof(__be32) > len)
  1029. goto short_packet;
  1030. if (skb_copy_bits(skb, offset, &rhdr, sizeof(rhdr)) < 0)
  1031. goto short_packet;
  1032. offset += sizeof(rhdr);
  1033. len -= sizeof(rhdr);
  1034. token_offset = offset;
  1035. token_len = ntohl(rhdr.token_len);
  1036. if (token_len > len ||
  1037. xdr_round_up(token_len) + sizeof(__be32) > len)
  1038. goto short_packet;
  1039. trace_rxrpc_rx_response(conn, sp->hdr.serial, 0, sp->hdr.cksum, token_len);
  1040. offset += xdr_round_up(token_len);
  1041. len -= xdr_round_up(token_len);
  1042. if (skb_copy_bits(skb, offset, &xauth_len, sizeof(xauth_len)) < 0)
  1043. goto short_packet;
  1044. offset += sizeof(xauth_len);
  1045. len -= sizeof(xauth_len);
  1046. auth_offset = offset;
  1047. auth_len = ntohl(xauth_len);
  1048. if (auth_len > len)
  1049. goto short_packet;
  1050. if (auth_len & 3)
  1051. goto inconsistent;
  1052. if (auth_len < 20 + 9 * 4)
  1053. goto auth_too_short;
  1054. /* We need to extract and decrypt the token and instantiate a session
  1055. * key for it. This bit, however, is application-specific. If
  1056. * possible, we use a default parser, but we might end up bumping this
  1057. * to the app to deal with - which might mean a round trip to
  1058. * userspace.
  1059. */
  1060. ret = rxgk_extract_token(conn, skb, token_offset, token_len, &key);
  1061. if (ret < 0)
  1062. goto out;
  1063. /* We now have a key instantiated from the decrypted ticket. We can
  1064. * pass this to the application so that they can parse the ticket
  1065. * content and we can use the session key it contains to derive the
  1066. * keys we need.
  1067. *
  1068. * Note that we have to switch enctype at this point as the enctype of
  1069. * the ticket doesn't necessarily match that of the transport.
  1070. */
  1071. token = key->payload.data[0];
  1072. conn->security_level = token->rxgk->level;
  1073. conn->rxgk.start_time = __be64_to_cpu(rhdr.start_time);
  1074. gk = rxgk_generate_transport_key(conn, token->rxgk, sp->hdr.cksum, GFP_NOFS);
  1075. if (IS_ERR(gk)) {
  1076. ret = PTR_ERR(gk);
  1077. goto cant_get_token;
  1078. }
  1079. krb5 = gk->krb5;
  1080. trace_rxrpc_rx_response(conn, sp->hdr.serial, krb5->etype, sp->hdr.cksum, token_len);
  1081. /* Decrypt, parse and verify the authenticator. */
  1082. ret = rxgk_decrypt_skb(krb5, gk->resp_enc, skb,
  1083. &auth_offset, &auth_len, &ec);
  1084. if (ret < 0) {
  1085. rxrpc_abort_conn(conn, skb, RXGK_SEALEDINCON, ret,
  1086. rxgk_abort_resp_auth_dec);
  1087. goto out_gk;
  1088. }
  1089. ret = rxgk_verify_authenticator(conn, krb5, skb, auth_offset, auth_len);
  1090. if (ret < 0)
  1091. goto out_gk;
  1092. conn->key = key;
  1093. key = NULL;
  1094. ret = 0;
  1095. out_gk:
  1096. rxgk_put(gk);
  1097. out:
  1098. key_put(key);
  1099. _leave(" = %d", ret);
  1100. return ret;
  1101. inconsistent:
  1102. ret = rxrpc_abort_conn(conn, skb, RXGK_INCONSISTENCY, -EPROTO,
  1103. rxgk_abort_resp_xdr_align);
  1104. goto out;
  1105. auth_too_short:
  1106. ret = rxrpc_abort_conn(conn, skb, RXGK_PACKETSHORT, -EPROTO,
  1107. rxgk_abort_resp_short_auth);
  1108. goto out;
  1109. short_packet:
  1110. ret = rxrpc_abort_conn(conn, skb, RXGK_PACKETSHORT, -EPROTO,
  1111. rxgk_abort_resp_short_packet);
  1112. goto out;
  1113. cant_get_token:
  1114. switch (ret) {
  1115. case -ENOMEM:
  1116. goto temporary_error;
  1117. case -EINVAL:
  1118. ret = rxrpc_abort_conn(conn, skb, RXGK_NOTAUTH, -EKEYREJECTED,
  1119. rxgk_abort_resp_internal_error);
  1120. goto out;
  1121. case -ENOPKG:
  1122. ret = rxrpc_abort_conn(conn, skb, KRB5_PROG_KEYTYPE_NOSUPP,
  1123. -EKEYREJECTED, rxgk_abort_resp_nopkg);
  1124. goto out;
  1125. }
  1126. temporary_error:
  1127. /* Ignore the response packet if we got a temporary error such as
  1128. * ENOMEM. We just want to send the challenge again. Note that we
  1129. * also come out this way if the ticket decryption fails.
  1130. */
  1131. goto out;
  1132. }
  1133. /*
  1134. * clear the connection security
  1135. */
  1136. static void rxgk_clear(struct rxrpc_connection *conn)
  1137. {
  1138. int i;
  1139. for (i = 0; i < ARRAY_SIZE(conn->rxgk.keys); i++)
  1140. rxgk_put(conn->rxgk.keys[i]);
  1141. }
  1142. /*
  1143. * Initialise the RxGK security service.
  1144. */
  1145. static int rxgk_init(void)
  1146. {
  1147. return 0;
  1148. }
  1149. /*
  1150. * Clean up the RxGK security service.
  1151. */
  1152. static void rxgk_exit(void)
  1153. {
  1154. }
  1155. /*
  1156. * RxRPC YFS GSSAPI-based security
  1157. */
  1158. const struct rxrpc_security rxgk_yfs = {
  1159. .name = "yfs-rxgk",
  1160. .security_index = RXRPC_SECURITY_YFS_RXGK,
  1161. .no_key_abort = RXGK_NOTAUTH,
  1162. .init = rxgk_init,
  1163. .exit = rxgk_exit,
  1164. .preparse_server_key = rxgk_preparse_server_key,
  1165. .free_preparse_server_key = rxgk_free_preparse_server_key,
  1166. .destroy_server_key = rxgk_destroy_server_key,
  1167. .describe_server_key = rxgk_describe_server_key,
  1168. .init_connection_security = rxgk_init_connection_security,
  1169. .alloc_txbuf = rxgk_alloc_txbuf,
  1170. .secure_packet = rxgk_secure_packet,
  1171. .verify_packet = rxgk_verify_packet,
  1172. .free_call_crypto = rxgk_free_call_crypto,
  1173. .issue_challenge = rxgk_issue_challenge,
  1174. .validate_challenge = rxgk_validate_challenge,
  1175. .challenge_to_recvmsg = rxgk_challenge_to_recvmsg,
  1176. .sendmsg_respond_to_challenge = rxgk_sendmsg_respond_to_challenge,
  1177. .respond_to_challenge = rxgk_respond_to_challenge_no_appdata,
  1178. .verify_response = rxgk_verify_response,
  1179. .clear = rxgk_clear,
  1180. .default_decode_ticket = rxgk_yfs_decode_ticket,
  1181. };