1 /* RxRPC key management 2 * 3 * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version 9 * 2 of the License, or (at your option) any later version. 10 * 11 * RxRPC keys should have a description of describing their purpose: 12 * "afs@CAMBRIDGE.REDHAT.COM> 13 */ 14 15 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 16 17 #include <crypto/skcipher.h> 18 #include <linux/module.h> 19 #include <linux/net.h> 20 #include <linux/skbuff.h> 21 #include <linux/key-type.h> 22 #include <linux/ctype.h> 23 #include <linux/slab.h> 24 #include <net/sock.h> 25 #include <net/af_rxrpc.h> 26 #include <keys/rxrpc-type.h> 27 #include <keys/user-type.h> 28 #include "ar-internal.h" 29 30 static int rxrpc_vet_description_s(const char *); 31 static int rxrpc_preparse(struct key_preparsed_payload *); 32 static int rxrpc_preparse_s(struct key_preparsed_payload *); 33 static void rxrpc_free_preparse(struct key_preparsed_payload *); 34 static void rxrpc_free_preparse_s(struct key_preparsed_payload *); 35 static void rxrpc_destroy(struct key *); 36 static void rxrpc_destroy_s(struct key *); 37 static void rxrpc_describe(const struct key *, struct seq_file *); 38 static long rxrpc_read(const struct key *, char __user *, size_t); 39 40 /* 41 * rxrpc defined keys take an arbitrary string as the description and an 42 * arbitrary blob of data as the payload 43 */ 44 struct key_type key_type_rxrpc = { 45 .name = "rxrpc", 46 .preparse = rxrpc_preparse, 47 .free_preparse = rxrpc_free_preparse, 48 .instantiate = generic_key_instantiate, 49 .destroy = rxrpc_destroy, 50 .describe = rxrpc_describe, 51 .read = rxrpc_read, 52 }; 53 EXPORT_SYMBOL(key_type_rxrpc); 54 55 /* 56 * rxrpc server defined keys take "<serviceId>:<securityIndex>" as the 57 * description and an 8-byte decryption key as the payload 58 */ 59 struct key_type key_type_rxrpc_s = { 60 .name = "rxrpc_s", 61 .vet_description = rxrpc_vet_description_s, 62 .preparse = rxrpc_preparse_s, 63 .free_preparse = rxrpc_free_preparse_s, 64 .instantiate = generic_key_instantiate, 65 .destroy = rxrpc_destroy_s, 66 .describe = rxrpc_describe, 67 }; 68 69 /* 70 * Vet the description for an RxRPC server key 71 */ 72 static int rxrpc_vet_description_s(const char *desc) 73 { 74 unsigned long num; 75 char *p; 76 77 num = simple_strtoul(desc, &p, 10); 78 if (*p != ':' || num > 65535) 79 return -EINVAL; 80 num = simple_strtoul(p + 1, &p, 10); 81 if (*p || num < 1 || num > 255) 82 return -EINVAL; 83 return 0; 84 } 85 86 /* 87 * parse an RxKAD type XDR format token 88 * - the caller guarantees we have at least 4 words 89 */ 90 static int rxrpc_preparse_xdr_rxkad(struct key_preparsed_payload *prep, 91 size_t datalen, 92 const __be32 *xdr, unsigned int toklen) 93 { 94 struct rxrpc_key_token *token, **pptoken; 95 size_t plen; 96 u32 tktlen; 97 98 _enter(",{%x,%x,%x,%x},%u", 99 ntohl(xdr[0]), ntohl(xdr[1]), ntohl(xdr[2]), ntohl(xdr[3]), 100 toklen); 101 102 if (toklen <= 8 * 4) 103 return -EKEYREJECTED; 104 tktlen = ntohl(xdr[7]); 105 _debug("tktlen: %x", tktlen); 106 if (tktlen > AFSTOKEN_RK_TIX_MAX) 107 return -EKEYREJECTED; 108 if (toklen < 8 * 4 + tktlen) 109 return -EKEYREJECTED; 110 111 plen = sizeof(*token) + sizeof(*token->kad) + tktlen; 112 prep->quotalen = datalen + plen; 113 114 plen -= sizeof(*token); 115 token = kzalloc(sizeof(*token), GFP_KERNEL); 116 if (!token) 117 return -ENOMEM; 118 119 token->kad = kzalloc(plen, GFP_KERNEL); 120 if (!token->kad) { 121 kfree(token); 122 return -ENOMEM; 123 } 124 125 token->security_index = RXRPC_SECURITY_RXKAD; 126 token->kad->ticket_len = tktlen; 127 token->kad->vice_id = ntohl(xdr[0]); 128 token->kad->kvno = ntohl(xdr[1]); 129 token->kad->start = ntohl(xdr[4]); 130 token->kad->expiry = ntohl(xdr[5]); 131 token->kad->primary_flag = ntohl(xdr[6]); 132 memcpy(&token->kad->session_key, &xdr[2], 8); 133 memcpy(&token->kad->ticket, &xdr[8], tktlen); 134 135 _debug("SCIX: %u", token->security_index); 136 _debug("TLEN: %u", token->kad->ticket_len); 137 _debug("EXPY: %x", token->kad->expiry); 138 _debug("KVNO: %u", token->kad->kvno); 139 _debug("PRIM: %u", token->kad->primary_flag); 140 _debug("SKEY: %02x%02x%02x%02x%02x%02x%02x%02x", 141 token->kad->session_key[0], token->kad->session_key[1], 142 token->kad->session_key[2], token->kad->session_key[3], 143 token->kad->session_key[4], token->kad->session_key[5], 144 token->kad->session_key[6], token->kad->session_key[7]); 145 if (token->kad->ticket_len >= 8) 146 _debug("TCKT: %02x%02x%02x%02x%02x%02x%02x%02x", 147 token->kad->ticket[0], token->kad->ticket[1], 148 token->kad->ticket[2], token->kad->ticket[3], 149 token->kad->ticket[4], token->kad->ticket[5], 150 token->kad->ticket[6], token->kad->ticket[7]); 151 152 /* count the number of tokens attached */ 153 prep->payload.data[1] = (void *)((unsigned long)prep->payload.data[1] + 1); 154 155 /* attach the data */ 156 for (pptoken = (struct rxrpc_key_token **)&prep->payload.data[0]; 157 *pptoken; 158 pptoken = &(*pptoken)->next) 159 continue; 160 *pptoken = token; 161 if (token->kad->expiry < prep->expiry) 162 prep->expiry = token->kad->expiry; 163 164 _leave(" = 0"); 165 return 0; 166 } 167 168 static void rxrpc_free_krb5_principal(struct krb5_principal *princ) 169 { 170 int loop; 171 172 if (princ->name_parts) { 173 for (loop = princ->n_name_parts - 1; loop >= 0; loop--) 174 kfree(princ->name_parts[loop]); 175 kfree(princ->name_parts); 176 } 177 kfree(princ->realm); 178 } 179 180 static void rxrpc_free_krb5_tagged(struct krb5_tagged_data *td) 181 { 182 kfree(td->data); 183 } 184 185 /* 186 * free up an RxK5 token 187 */ 188 static void rxrpc_rxk5_free(struct rxk5_key *rxk5) 189 { 190 int loop; 191 192 rxrpc_free_krb5_principal(&rxk5->client); 193 rxrpc_free_krb5_principal(&rxk5->server); 194 rxrpc_free_krb5_tagged(&rxk5->session); 195 196 if (rxk5->addresses) { 197 for (loop = rxk5->n_addresses - 1; loop >= 0; loop--) 198 rxrpc_free_krb5_tagged(&rxk5->addresses[loop]); 199 kfree(rxk5->addresses); 200 } 201 if (rxk5->authdata) { 202 for (loop = rxk5->n_authdata - 1; loop >= 0; loop--) 203 rxrpc_free_krb5_tagged(&rxk5->authdata[loop]); 204 kfree(rxk5->authdata); 205 } 206 207 kfree(rxk5->ticket); 208 kfree(rxk5->ticket2); 209 kfree(rxk5); 210 } 211 212 /* 213 * extract a krb5 principal 214 */ 215 static int rxrpc_krb5_decode_principal(struct krb5_principal *princ, 216 const __be32 **_xdr, 217 unsigned int *_toklen) 218 { 219 const __be32 *xdr = *_xdr; 220 unsigned int toklen = *_toklen, n_parts, loop, tmp, paddedlen; 221 222 /* there must be at least one name, and at least #names+1 length 223 * words */ 224 if (toklen <= 12) 225 return -EINVAL; 226 227 _enter(",{%x,%x,%x},%u", 228 ntohl(xdr[0]), ntohl(xdr[1]), ntohl(xdr[2]), toklen); 229 230 n_parts = ntohl(*xdr++); 231 toklen -= 4; 232 if (n_parts <= 0 || n_parts > AFSTOKEN_K5_COMPONENTS_MAX) 233 return -EINVAL; 234 princ->n_name_parts = n_parts; 235 236 if (toklen <= (n_parts + 1) * 4) 237 return -EINVAL; 238 239 princ->name_parts = kcalloc(n_parts, sizeof(char *), GFP_KERNEL); 240 if (!princ->name_parts) 241 return -ENOMEM; 242 243 for (loop = 0; loop < n_parts; loop++) { 244 if (toklen < 4) 245 return -EINVAL; 246 tmp = ntohl(*xdr++); 247 toklen -= 4; 248 if (tmp <= 0 || tmp > AFSTOKEN_STRING_MAX) 249 return -EINVAL; 250 paddedlen = (tmp + 3) & ~3; 251 if (paddedlen > toklen) 252 return -EINVAL; 253 princ->name_parts[loop] = kmalloc(tmp + 1, GFP_KERNEL); 254 if (!princ->name_parts[loop]) 255 return -ENOMEM; 256 memcpy(princ->name_parts[loop], xdr, tmp); 257 princ->name_parts[loop][tmp] = 0; 258 toklen -= paddedlen; 259 xdr += paddedlen >> 2; 260 } 261 262 if (toklen < 4) 263 return -EINVAL; 264 tmp = ntohl(*xdr++); 265 toklen -= 4; 266 if (tmp <= 0 || tmp > AFSTOKEN_K5_REALM_MAX) 267 return -EINVAL; 268 paddedlen = (tmp + 3) & ~3; 269 if (paddedlen > toklen) 270 return -EINVAL; 271 princ->realm = kmalloc(tmp + 1, GFP_KERNEL); 272 if (!princ->realm) 273 return -ENOMEM; 274 memcpy(princ->realm, xdr, tmp); 275 princ->realm[tmp] = 0; 276 toklen -= paddedlen; 277 xdr += paddedlen >> 2; 278 279 _debug("%s/...@%s", princ->name_parts[0], princ->realm); 280 281 *_xdr = xdr; 282 *_toklen = toklen; 283 _leave(" = 0 [toklen=%u]", toklen); 284 return 0; 285 } 286 287 /* 288 * extract a piece of krb5 tagged data 289 */ 290 static int rxrpc_krb5_decode_tagged_data(struct krb5_tagged_data *td, 291 size_t max_data_size, 292 const __be32 **_xdr, 293 unsigned int *_toklen) 294 { 295 const __be32 *xdr = *_xdr; 296 unsigned int toklen = *_toklen, len, paddedlen; 297 298 /* there must be at least one tag and one length word */ 299 if (toklen <= 8) 300 return -EINVAL; 301 302 _enter(",%zu,{%x,%x},%u", 303 max_data_size, ntohl(xdr[0]), ntohl(xdr[1]), toklen); 304 305 td->tag = ntohl(*xdr++); 306 len = ntohl(*xdr++); 307 toklen -= 8; 308 if (len > max_data_size) 309 return -EINVAL; 310 paddedlen = (len + 3) & ~3; 311 if (paddedlen > toklen) 312 return -EINVAL; 313 td->data_len = len; 314 315 if (len > 0) { 316 td->data = kmemdup(xdr, len, GFP_KERNEL); 317 if (!td->data) 318 return -ENOMEM; 319 toklen -= paddedlen; 320 xdr += paddedlen >> 2; 321 } 322 323 _debug("tag %x len %x", td->tag, td->data_len); 324 325 *_xdr = xdr; 326 *_toklen = toklen; 327 _leave(" = 0 [toklen=%u]", toklen); 328 return 0; 329 } 330 331 /* 332 * extract an array of tagged data 333 */ 334 static int rxrpc_krb5_decode_tagged_array(struct krb5_tagged_data **_td, 335 u8 *_n_elem, 336 u8 max_n_elem, 337 size_t max_elem_size, 338 const __be32 **_xdr, 339 unsigned int *_toklen) 340 { 341 struct krb5_tagged_data *td; 342 const __be32 *xdr = *_xdr; 343 unsigned int toklen = *_toklen, n_elem, loop; 344 int ret; 345 346 /* there must be at least one count */ 347 if (toklen < 4) 348 return -EINVAL; 349 350 _enter(",,%u,%zu,{%x},%u", 351 max_n_elem, max_elem_size, ntohl(xdr[0]), toklen); 352 353 n_elem = ntohl(*xdr++); 354 toklen -= 4; 355 if (n_elem > max_n_elem) 356 return -EINVAL; 357 *_n_elem = n_elem; 358 if (n_elem > 0) { 359 if (toklen <= (n_elem + 1) * 4) 360 return -EINVAL; 361 362 _debug("n_elem %d", n_elem); 363 364 td = kcalloc(n_elem, sizeof(struct krb5_tagged_data), 365 GFP_KERNEL); 366 if (!td) 367 return -ENOMEM; 368 *_td = td; 369 370 for (loop = 0; loop < n_elem; loop++) { 371 ret = rxrpc_krb5_decode_tagged_data(&td[loop], 372 max_elem_size, 373 &xdr, &toklen); 374 if (ret < 0) 375 return ret; 376 } 377 } 378 379 *_xdr = xdr; 380 *_toklen = toklen; 381 _leave(" = 0 [toklen=%u]", toklen); 382 return 0; 383 } 384 385 /* 386 * extract a krb5 ticket 387 */ 388 static int rxrpc_krb5_decode_ticket(u8 **_ticket, u16 *_tktlen, 389 const __be32 **_xdr, unsigned int *_toklen) 390 { 391 const __be32 *xdr = *_xdr; 392 unsigned int toklen = *_toklen, len, paddedlen; 393 394 /* there must be at least one length word */ 395 if (toklen <= 4) 396 return -EINVAL; 397 398 _enter(",{%x},%u", ntohl(xdr[0]), toklen); 399 400 len = ntohl(*xdr++); 401 toklen -= 4; 402 if (len > AFSTOKEN_K5_TIX_MAX) 403 return -EINVAL; 404 paddedlen = (len + 3) & ~3; 405 if (paddedlen > toklen) 406 return -EINVAL; 407 *_tktlen = len; 408 409 _debug("ticket len %u", len); 410 411 if (len > 0) { 412 *_ticket = kmemdup(xdr, len, GFP_KERNEL); 413 if (!*_ticket) 414 return -ENOMEM; 415 toklen -= paddedlen; 416 xdr += paddedlen >> 2; 417 } 418 419 *_xdr = xdr; 420 *_toklen = toklen; 421 _leave(" = 0 [toklen=%u]", toklen); 422 return 0; 423 } 424 425 /* 426 * parse an RxK5 type XDR format token 427 * - the caller guarantees we have at least 4 words 428 */ 429 static int rxrpc_preparse_xdr_rxk5(struct key_preparsed_payload *prep, 430 size_t datalen, 431 const __be32 *xdr, unsigned int toklen) 432 { 433 struct rxrpc_key_token *token, **pptoken; 434 struct rxk5_key *rxk5; 435 const __be32 *end_xdr = xdr + (toklen >> 2); 436 int ret; 437 438 _enter(",{%x,%x,%x,%x},%u", 439 ntohl(xdr[0]), ntohl(xdr[1]), ntohl(xdr[2]), ntohl(xdr[3]), 440 toklen); 441 442 /* reserve some payload space for this subkey - the length of the token 443 * is a reasonable approximation */ 444 prep->quotalen = datalen + toklen; 445 446 token = kzalloc(sizeof(*token), GFP_KERNEL); 447 if (!token) 448 return -ENOMEM; 449 450 rxk5 = kzalloc(sizeof(*rxk5), GFP_KERNEL); 451 if (!rxk5) { 452 kfree(token); 453 return -ENOMEM; 454 } 455 456 token->security_index = RXRPC_SECURITY_RXK5; 457 token->k5 = rxk5; 458 459 /* extract the principals */ 460 ret = rxrpc_krb5_decode_principal(&rxk5->client, &xdr, &toklen); 461 if (ret < 0) 462 goto error; 463 ret = rxrpc_krb5_decode_principal(&rxk5->server, &xdr, &toklen); 464 if (ret < 0) 465 goto error; 466 467 /* extract the session key and the encoding type (the tag field -> 468 * ENCTYPE_xxx) */ 469 ret = rxrpc_krb5_decode_tagged_data(&rxk5->session, AFSTOKEN_DATA_MAX, 470 &xdr, &toklen); 471 if (ret < 0) 472 goto error; 473 474 if (toklen < 4 * 8 + 2 * 4) 475 goto inval; 476 rxk5->authtime = be64_to_cpup((const __be64 *) xdr); 477 xdr += 2; 478 rxk5->starttime = be64_to_cpup((const __be64 *) xdr); 479 xdr += 2; 480 rxk5->endtime = be64_to_cpup((const __be64 *) xdr); 481 xdr += 2; 482 rxk5->renew_till = be64_to_cpup((const __be64 *) xdr); 483 xdr += 2; 484 rxk5->is_skey = ntohl(*xdr++); 485 rxk5->flags = ntohl(*xdr++); 486 toklen -= 4 * 8 + 2 * 4; 487 488 _debug("times: a=%llx s=%llx e=%llx rt=%llx", 489 rxk5->authtime, rxk5->starttime, rxk5->endtime, 490 rxk5->renew_till); 491 _debug("is_skey=%x flags=%x", rxk5->is_skey, rxk5->flags); 492 493 /* extract the permitted client addresses */ 494 ret = rxrpc_krb5_decode_tagged_array(&rxk5->addresses, 495 &rxk5->n_addresses, 496 AFSTOKEN_K5_ADDRESSES_MAX, 497 AFSTOKEN_DATA_MAX, 498 &xdr, &toklen); 499 if (ret < 0) 500 goto error; 501 502 ASSERTCMP((end_xdr - xdr) << 2, ==, toklen); 503 504 /* extract the tickets */ 505 ret = rxrpc_krb5_decode_ticket(&rxk5->ticket, &rxk5->ticket_len, 506 &xdr, &toklen); 507 if (ret < 0) 508 goto error; 509 ret = rxrpc_krb5_decode_ticket(&rxk5->ticket2, &rxk5->ticket2_len, 510 &xdr, &toklen); 511 if (ret < 0) 512 goto error; 513 514 ASSERTCMP((end_xdr - xdr) << 2, ==, toklen); 515 516 /* extract the typed auth data */ 517 ret = rxrpc_krb5_decode_tagged_array(&rxk5->authdata, 518 &rxk5->n_authdata, 519 AFSTOKEN_K5_AUTHDATA_MAX, 520 AFSTOKEN_BDATALN_MAX, 521 &xdr, &toklen); 522 if (ret < 0) 523 goto error; 524 525 ASSERTCMP((end_xdr - xdr) << 2, ==, toklen); 526 527 if (toklen != 0) 528 goto inval; 529 530 /* attach the payload */ 531 for (pptoken = (struct rxrpc_key_token **)&prep->payload.data[0]; 532 *pptoken; 533 pptoken = &(*pptoken)->next) 534 continue; 535 *pptoken = token; 536 if (token->kad->expiry < prep->expiry) 537 prep->expiry = token->kad->expiry; 538 539 _leave(" = 0"); 540 return 0; 541 542 inval: 543 ret = -EINVAL; 544 error: 545 rxrpc_rxk5_free(rxk5); 546 kfree(token); 547 _leave(" = %d", ret); 548 return ret; 549 } 550 551 /* 552 * attempt to parse the data as the XDR format 553 * - the caller guarantees we have more than 7 words 554 */ 555 static int rxrpc_preparse_xdr(struct key_preparsed_payload *prep) 556 { 557 const __be32 *xdr = prep->data, *token; 558 const char *cp; 559 unsigned int len, paddedlen, loop, ntoken, toklen, sec_ix; 560 size_t datalen = prep->datalen; 561 int ret; 562 563 _enter(",{%x,%x,%x,%x},%zu", 564 ntohl(xdr[0]), ntohl(xdr[1]), ntohl(xdr[2]), ntohl(xdr[3]), 565 prep->datalen); 566 567 if (datalen > AFSTOKEN_LENGTH_MAX) 568 goto not_xdr; 569 570 /* XDR is an array of __be32's */ 571 if (datalen & 3) 572 goto not_xdr; 573 574 /* the flags should be 0 (the setpag bit must be handled by 575 * userspace) */ 576 if (ntohl(*xdr++) != 0) 577 goto not_xdr; 578 datalen -= 4; 579 580 /* check the cell name */ 581 len = ntohl(*xdr++); 582 if (len < 1 || len > AFSTOKEN_CELL_MAX) 583 goto not_xdr; 584 datalen -= 4; 585 paddedlen = (len + 3) & ~3; 586 if (paddedlen > datalen) 587 goto not_xdr; 588 589 cp = (const char *) xdr; 590 for (loop = 0; loop < len; loop++) 591 if (!isprint(cp[loop])) 592 goto not_xdr; 593 for (; loop < paddedlen; loop++) 594 if (cp[loop]) 595 goto not_xdr; 596 _debug("cellname: [%u/%u] '%*.*s'", 597 len, paddedlen, len, len, (const char *) xdr); 598 datalen -= paddedlen; 599 xdr += paddedlen >> 2; 600 601 /* get the token count */ 602 if (datalen < 12) 603 goto not_xdr; 604 ntoken = ntohl(*xdr++); 605 datalen -= 4; 606 _debug("ntoken: %x", ntoken); 607 if (ntoken < 1 || ntoken > AFSTOKEN_MAX) 608 goto not_xdr; 609 610 /* check each token wrapper */ 611 token = xdr; 612 loop = ntoken; 613 do { 614 if (datalen < 8) 615 goto not_xdr; 616 toklen = ntohl(*xdr++); 617 sec_ix = ntohl(*xdr); 618 datalen -= 4; 619 _debug("token: [%x/%zx] %x", toklen, datalen, sec_ix); 620 paddedlen = (toklen + 3) & ~3; 621 if (toklen < 20 || toklen > datalen || paddedlen > datalen) 622 goto not_xdr; 623 datalen -= paddedlen; 624 xdr += paddedlen >> 2; 625 626 } while (--loop > 0); 627 628 _debug("remainder: %zu", datalen); 629 if (datalen != 0) 630 goto not_xdr; 631 632 /* okay: we're going to assume it's valid XDR format 633 * - we ignore the cellname, relying on the key to be correctly named 634 */ 635 do { 636 xdr = token; 637 toklen = ntohl(*xdr++); 638 token = xdr + ((toklen + 3) >> 2); 639 sec_ix = ntohl(*xdr++); 640 toklen -= 4; 641 642 _debug("TOKEN type=%u [%p-%p]", sec_ix, xdr, token); 643 644 switch (sec_ix) { 645 case RXRPC_SECURITY_RXKAD: 646 ret = rxrpc_preparse_xdr_rxkad(prep, datalen, xdr, toklen); 647 if (ret != 0) 648 goto error; 649 break; 650 651 case RXRPC_SECURITY_RXK5: 652 ret = rxrpc_preparse_xdr_rxk5(prep, datalen, xdr, toklen); 653 if (ret != 0) 654 goto error; 655 break; 656 657 default: 658 ret = -EPROTONOSUPPORT; 659 goto error; 660 } 661 662 } while (--ntoken > 0); 663 664 _leave(" = 0"); 665 return 0; 666 667 not_xdr: 668 _leave(" = -EPROTO"); 669 return -EPROTO; 670 error: 671 _leave(" = %d", ret); 672 return ret; 673 } 674 675 /* 676 * Preparse an rxrpc defined key. 677 * 678 * Data should be of the form: 679 * OFFSET LEN CONTENT 680 * 0 4 key interface version number 681 * 4 2 security index (type) 682 * 6 2 ticket length 683 * 8 4 key expiry time (time_t) 684 * 12 4 kvno 685 * 16 8 session key 686 * 24 [len] ticket 687 * 688 * if no data is provided, then a no-security key is made 689 */ 690 static int rxrpc_preparse(struct key_preparsed_payload *prep) 691 { 692 const struct rxrpc_key_data_v1 *v1; 693 struct rxrpc_key_token *token, **pp; 694 size_t plen; 695 u32 kver; 696 int ret; 697 698 _enter("%zu", prep->datalen); 699 700 /* handle a no-security key */ 701 if (!prep->data && prep->datalen == 0) 702 return 0; 703 704 /* determine if the XDR payload format is being used */ 705 if (prep->datalen > 7 * 4) { 706 ret = rxrpc_preparse_xdr(prep); 707 if (ret != -EPROTO) 708 return ret; 709 } 710 711 /* get the key interface version number */ 712 ret = -EINVAL; 713 if (prep->datalen <= 4 || !prep->data) 714 goto error; 715 memcpy(&kver, prep->data, sizeof(kver)); 716 prep->data += sizeof(kver); 717 prep->datalen -= sizeof(kver); 718 719 _debug("KEY I/F VERSION: %u", kver); 720 721 ret = -EKEYREJECTED; 722 if (kver != 1) 723 goto error; 724 725 /* deal with a version 1 key */ 726 ret = -EINVAL; 727 if (prep->datalen < sizeof(*v1)) 728 goto error; 729 730 v1 = prep->data; 731 if (prep->datalen != sizeof(*v1) + v1->ticket_length) 732 goto error; 733 734 _debug("SCIX: %u", v1->security_index); 735 _debug("TLEN: %u", v1->ticket_length); 736 _debug("EXPY: %x", v1->expiry); 737 _debug("KVNO: %u", v1->kvno); 738 _debug("SKEY: %02x%02x%02x%02x%02x%02x%02x%02x", 739 v1->session_key[0], v1->session_key[1], 740 v1->session_key[2], v1->session_key[3], 741 v1->session_key[4], v1->session_key[5], 742 v1->session_key[6], v1->session_key[7]); 743 if (v1->ticket_length >= 8) 744 _debug("TCKT: %02x%02x%02x%02x%02x%02x%02x%02x", 745 v1->ticket[0], v1->ticket[1], 746 v1->ticket[2], v1->ticket[3], 747 v1->ticket[4], v1->ticket[5], 748 v1->ticket[6], v1->ticket[7]); 749 750 ret = -EPROTONOSUPPORT; 751 if (v1->security_index != RXRPC_SECURITY_RXKAD) 752 goto error; 753 754 plen = sizeof(*token->kad) + v1->ticket_length; 755 prep->quotalen = plen + sizeof(*token); 756 757 ret = -ENOMEM; 758 token = kzalloc(sizeof(*token), GFP_KERNEL); 759 if (!token) 760 goto error; 761 token->kad = kzalloc(plen, GFP_KERNEL); 762 if (!token->kad) 763 goto error_free; 764 765 token->security_index = RXRPC_SECURITY_RXKAD; 766 token->kad->ticket_len = v1->ticket_length; 767 token->kad->expiry = v1->expiry; 768 token->kad->kvno = v1->kvno; 769 memcpy(&token->kad->session_key, &v1->session_key, 8); 770 memcpy(&token->kad->ticket, v1->ticket, v1->ticket_length); 771 772 /* count the number of tokens attached */ 773 prep->payload.data[1] = (void *)((unsigned long)prep->payload.data[1] + 1); 774 775 /* attach the data */ 776 pp = (struct rxrpc_key_token **)&prep->payload.data[0]; 777 while (*pp) 778 pp = &(*pp)->next; 779 *pp = token; 780 if (token->kad->expiry < prep->expiry) 781 prep->expiry = token->kad->expiry; 782 token = NULL; 783 ret = 0; 784 785 error_free: 786 kfree(token); 787 error: 788 return ret; 789 } 790 791 /* 792 * Free token list. 793 */ 794 static void rxrpc_free_token_list(struct rxrpc_key_token *token) 795 { 796 struct rxrpc_key_token *next; 797 798 for (; token; token = next) { 799 next = token->next; 800 switch (token->security_index) { 801 case RXRPC_SECURITY_RXKAD: 802 kfree(token->kad); 803 break; 804 case RXRPC_SECURITY_RXK5: 805 if (token->k5) 806 rxrpc_rxk5_free(token->k5); 807 break; 808 default: 809 pr_err("Unknown token type %x on rxrpc key\n", 810 token->security_index); 811 BUG(); 812 } 813 814 kfree(token); 815 } 816 } 817 818 /* 819 * Clean up preparse data. 820 */ 821 static void rxrpc_free_preparse(struct key_preparsed_payload *prep) 822 { 823 rxrpc_free_token_list(prep->payload.data[0]); 824 } 825 826 /* 827 * Preparse a server secret key. 828 * 829 * The data should be the 8-byte secret key. 830 */ 831 static int rxrpc_preparse_s(struct key_preparsed_payload *prep) 832 { 833 struct crypto_skcipher *ci; 834 835 _enter("%zu", prep->datalen); 836 837 if (prep->datalen != 8) 838 return -EINVAL; 839 840 memcpy(&prep->payload.data[2], prep->data, 8); 841 842 ci = crypto_alloc_skcipher("pcbc(des)", 0, CRYPTO_ALG_ASYNC); 843 if (IS_ERR(ci)) { 844 _leave(" = %ld", PTR_ERR(ci)); 845 return PTR_ERR(ci); 846 } 847 848 if (crypto_skcipher_setkey(ci, prep->data, 8) < 0) 849 BUG(); 850 851 prep->payload.data[0] = ci; 852 _leave(" = 0"); 853 return 0; 854 } 855 856 /* 857 * Clean up preparse data. 858 */ 859 static void rxrpc_free_preparse_s(struct key_preparsed_payload *prep) 860 { 861 if (prep->payload.data[0]) 862 crypto_free_skcipher(prep->payload.data[0]); 863 } 864 865 /* 866 * dispose of the data dangling from the corpse of a rxrpc key 867 */ 868 static void rxrpc_destroy(struct key *key) 869 { 870 rxrpc_free_token_list(key->payload.data[0]); 871 } 872 873 /* 874 * dispose of the data dangling from the corpse of a rxrpc key 875 */ 876 static void rxrpc_destroy_s(struct key *key) 877 { 878 if (key->payload.data[0]) { 879 crypto_free_skcipher(key->payload.data[0]); 880 key->payload.data[0] = NULL; 881 } 882 } 883 884 /* 885 * describe the rxrpc key 886 */ 887 static void rxrpc_describe(const struct key *key, struct seq_file *m) 888 { 889 seq_puts(m, key->description); 890 } 891 892 /* 893 * grab the security key for a socket 894 */ 895 int rxrpc_request_key(struct rxrpc_sock *rx, char __user *optval, int optlen) 896 { 897 struct key *key; 898 char *description; 899 900 _enter(""); 901 902 if (optlen <= 0 || optlen > PAGE_SIZE - 1) 903 return -EINVAL; 904 905 description = memdup_user_nul(optval, optlen); 906 if (IS_ERR(description)) 907 return PTR_ERR(description); 908 909 key = request_key(&key_type_rxrpc, description, NULL); 910 if (IS_ERR(key)) { 911 kfree(description); 912 _leave(" = %ld", PTR_ERR(key)); 913 return PTR_ERR(key); 914 } 915 916 rx->key = key; 917 kfree(description); 918 _leave(" = 0 [key %x]", key->serial); 919 return 0; 920 } 921 922 /* 923 * grab the security keyring for a server socket 924 */ 925 int rxrpc_server_keyring(struct rxrpc_sock *rx, char __user *optval, 926 int optlen) 927 { 928 struct key *key; 929 char *description; 930 931 _enter(""); 932 933 if (optlen <= 0 || optlen > PAGE_SIZE - 1) 934 return -EINVAL; 935 936 description = memdup_user_nul(optval, optlen); 937 if (IS_ERR(description)) 938 return PTR_ERR(description); 939 940 key = request_key(&key_type_keyring, description, NULL); 941 if (IS_ERR(key)) { 942 kfree(description); 943 _leave(" = %ld", PTR_ERR(key)); 944 return PTR_ERR(key); 945 } 946 947 rx->securities = key; 948 kfree(description); 949 _leave(" = 0 [key %x]", key->serial); 950 return 0; 951 } 952 953 /* 954 * generate a server data key 955 */ 956 int rxrpc_get_server_data_key(struct rxrpc_connection *conn, 957 const void *session_key, 958 time_t expiry, 959 u32 kvno) 960 { 961 const struct cred *cred = current_cred(); 962 struct key *key; 963 int ret; 964 965 struct { 966 u32 kver; 967 struct rxrpc_key_data_v1 v1; 968 } data; 969 970 _enter(""); 971 972 key = key_alloc(&key_type_rxrpc, "x", 973 GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, cred, 0, 974 KEY_ALLOC_NOT_IN_QUOTA, NULL); 975 if (IS_ERR(key)) { 976 _leave(" = -ENOMEM [alloc %ld]", PTR_ERR(key)); 977 return -ENOMEM; 978 } 979 980 _debug("key %d", key_serial(key)); 981 982 data.kver = 1; 983 data.v1.security_index = RXRPC_SECURITY_RXKAD; 984 data.v1.ticket_length = 0; 985 data.v1.expiry = expiry; 986 data.v1.kvno = 0; 987 988 memcpy(&data.v1.session_key, session_key, sizeof(data.v1.session_key)); 989 990 ret = key_instantiate_and_link(key, &data, sizeof(data), NULL, NULL); 991 if (ret < 0) 992 goto error; 993 994 conn->params.key = key; 995 _leave(" = 0 [%d]", key_serial(key)); 996 return 0; 997 998 error: 999 key_revoke(key); 1000 key_put(key); 1001 _leave(" = -ENOMEM [ins %d]", ret); 1002 return -ENOMEM; 1003 } 1004 EXPORT_SYMBOL(rxrpc_get_server_data_key); 1005 1006 /** 1007 * rxrpc_get_null_key - Generate a null RxRPC key 1008 * @keyname: The name to give the key. 1009 * 1010 * Generate a null RxRPC key that can be used to indicate anonymous security is 1011 * required for a particular domain. 1012 */ 1013 struct key *rxrpc_get_null_key(const char *keyname) 1014 { 1015 const struct cred *cred = current_cred(); 1016 struct key *key; 1017 int ret; 1018 1019 key = key_alloc(&key_type_rxrpc, keyname, 1020 GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, cred, 1021 KEY_POS_SEARCH, KEY_ALLOC_NOT_IN_QUOTA, NULL); 1022 if (IS_ERR(key)) 1023 return key; 1024 1025 ret = key_instantiate_and_link(key, NULL, 0, NULL, NULL); 1026 if (ret < 0) { 1027 key_revoke(key); 1028 key_put(key); 1029 return ERR_PTR(ret); 1030 } 1031 1032 return key; 1033 } 1034 EXPORT_SYMBOL(rxrpc_get_null_key); 1035 1036 /* 1037 * read the contents of an rxrpc key 1038 * - this returns the result in XDR form 1039 */ 1040 static long rxrpc_read(const struct key *key, 1041 char __user *buffer, size_t buflen) 1042 { 1043 const struct rxrpc_key_token *token; 1044 const struct krb5_principal *princ; 1045 size_t size; 1046 __be32 __user *xdr, *oldxdr; 1047 u32 cnlen, toksize, ntoks, tok, zero; 1048 u16 toksizes[AFSTOKEN_MAX]; 1049 int loop; 1050 1051 _enter(""); 1052 1053 /* we don't know what form we should return non-AFS keys in */ 1054 if (memcmp(key->description, "afs@", 4) != 0) 1055 return -EOPNOTSUPP; 1056 cnlen = strlen(key->description + 4); 1057 1058 #define RND(X) (((X) + 3) & ~3) 1059 1060 /* AFS keys we return in XDR form, so we need to work out the size of 1061 * the XDR */ 1062 size = 2 * 4; /* flags, cellname len */ 1063 size += RND(cnlen); /* cellname */ 1064 size += 1 * 4; /* token count */ 1065 1066 ntoks = 0; 1067 for (token = key->payload.data[0]; token; token = token->next) { 1068 toksize = 4; /* sec index */ 1069 1070 switch (token->security_index) { 1071 case RXRPC_SECURITY_RXKAD: 1072 toksize += 9 * 4; /* viceid, kvno, key*2 + len, begin, 1073 * end, primary, tktlen */ 1074 toksize += RND(token->kad->ticket_len); 1075 break; 1076 1077 case RXRPC_SECURITY_RXK5: 1078 princ = &token->k5->client; 1079 toksize += 4 + princ->n_name_parts * 4; 1080 for (loop = 0; loop < princ->n_name_parts; loop++) 1081 toksize += RND(strlen(princ->name_parts[loop])); 1082 toksize += 4 + RND(strlen(princ->realm)); 1083 1084 princ = &token->k5->server; 1085 toksize += 4 + princ->n_name_parts * 4; 1086 for (loop = 0; loop < princ->n_name_parts; loop++) 1087 toksize += RND(strlen(princ->name_parts[loop])); 1088 toksize += 4 + RND(strlen(princ->realm)); 1089 1090 toksize += 8 + RND(token->k5->session.data_len); 1091 1092 toksize += 4 * 8 + 2 * 4; 1093 1094 toksize += 4 + token->k5->n_addresses * 8; 1095 for (loop = 0; loop < token->k5->n_addresses; loop++) 1096 toksize += RND(token->k5->addresses[loop].data_len); 1097 1098 toksize += 4 + RND(token->k5->ticket_len); 1099 toksize += 4 + RND(token->k5->ticket2_len); 1100 1101 toksize += 4 + token->k5->n_authdata * 8; 1102 for (loop = 0; loop < token->k5->n_authdata; loop++) 1103 toksize += RND(token->k5->authdata[loop].data_len); 1104 break; 1105 1106 default: /* we have a ticket we can't encode */ 1107 BUG(); 1108 continue; 1109 } 1110 1111 _debug("token[%u]: toksize=%u", ntoks, toksize); 1112 ASSERTCMP(toksize, <=, AFSTOKEN_LENGTH_MAX); 1113 1114 toksizes[ntoks++] = toksize; 1115 size += toksize + 4; /* each token has a length word */ 1116 } 1117 1118 #undef RND 1119 1120 if (!buffer || buflen < size) 1121 return size; 1122 1123 xdr = (__be32 __user *) buffer; 1124 zero = 0; 1125 #define ENCODE(x) \ 1126 do { \ 1127 __be32 y = htonl(x); \ 1128 if (put_user(y, xdr++) < 0) \ 1129 goto fault; \ 1130 } while(0) 1131 #define ENCODE_DATA(l, s) \ 1132 do { \ 1133 u32 _l = (l); \ 1134 ENCODE(l); \ 1135 if (copy_to_user(xdr, (s), _l) != 0) \ 1136 goto fault; \ 1137 if (_l & 3 && \ 1138 copy_to_user((u8 __user *)xdr + _l, &zero, 4 - (_l & 3)) != 0) \ 1139 goto fault; \ 1140 xdr += (_l + 3) >> 2; \ 1141 } while(0) 1142 #define ENCODE64(x) \ 1143 do { \ 1144 __be64 y = cpu_to_be64(x); \ 1145 if (copy_to_user(xdr, &y, 8) != 0) \ 1146 goto fault; \ 1147 xdr += 8 >> 2; \ 1148 } while(0) 1149 #define ENCODE_STR(s) \ 1150 do { \ 1151 const char *_s = (s); \ 1152 ENCODE_DATA(strlen(_s), _s); \ 1153 } while(0) 1154 1155 ENCODE(0); /* flags */ 1156 ENCODE_DATA(cnlen, key->description + 4); /* cellname */ 1157 ENCODE(ntoks); 1158 1159 tok = 0; 1160 for (token = key->payload.data[0]; token; token = token->next) { 1161 toksize = toksizes[tok++]; 1162 ENCODE(toksize); 1163 oldxdr = xdr; 1164 ENCODE(token->security_index); 1165 1166 switch (token->security_index) { 1167 case RXRPC_SECURITY_RXKAD: 1168 ENCODE(token->kad->vice_id); 1169 ENCODE(token->kad->kvno); 1170 ENCODE_DATA(8, token->kad->session_key); 1171 ENCODE(token->kad->start); 1172 ENCODE(token->kad->expiry); 1173 ENCODE(token->kad->primary_flag); 1174 ENCODE_DATA(token->kad->ticket_len, token->kad->ticket); 1175 break; 1176 1177 case RXRPC_SECURITY_RXK5: 1178 princ = &token->k5->client; 1179 ENCODE(princ->n_name_parts); 1180 for (loop = 0; loop < princ->n_name_parts; loop++) 1181 ENCODE_STR(princ->name_parts[loop]); 1182 ENCODE_STR(princ->realm); 1183 1184 princ = &token->k5->server; 1185 ENCODE(princ->n_name_parts); 1186 for (loop = 0; loop < princ->n_name_parts; loop++) 1187 ENCODE_STR(princ->name_parts[loop]); 1188 ENCODE_STR(princ->realm); 1189 1190 ENCODE(token->k5->session.tag); 1191 ENCODE_DATA(token->k5->session.data_len, 1192 token->k5->session.data); 1193 1194 ENCODE64(token->k5->authtime); 1195 ENCODE64(token->k5->starttime); 1196 ENCODE64(token->k5->endtime); 1197 ENCODE64(token->k5->renew_till); 1198 ENCODE(token->k5->is_skey); 1199 ENCODE(token->k5->flags); 1200 1201 ENCODE(token->k5->n_addresses); 1202 for (loop = 0; loop < token->k5->n_addresses; loop++) { 1203 ENCODE(token->k5->addresses[loop].tag); 1204 ENCODE_DATA(token->k5->addresses[loop].data_len, 1205 token->k5->addresses[loop].data); 1206 } 1207 1208 ENCODE_DATA(token->k5->ticket_len, token->k5->ticket); 1209 ENCODE_DATA(token->k5->ticket2_len, token->k5->ticket2); 1210 1211 ENCODE(token->k5->n_authdata); 1212 for (loop = 0; loop < token->k5->n_authdata; loop++) { 1213 ENCODE(token->k5->authdata[loop].tag); 1214 ENCODE_DATA(token->k5->authdata[loop].data_len, 1215 token->k5->authdata[loop].data); 1216 } 1217 break; 1218 1219 default: 1220 BUG(); 1221 break; 1222 } 1223 1224 ASSERTCMP((unsigned long)xdr - (unsigned long)oldxdr, ==, 1225 toksize); 1226 } 1227 1228 #undef ENCODE_STR 1229 #undef ENCODE_DATA 1230 #undef ENCODE64 1231 #undef ENCODE 1232 1233 ASSERTCMP(tok, ==, ntoks); 1234 ASSERTCMP((char __user *) xdr - buffer, ==, size); 1235 _leave(" = %zu", size); 1236 return size; 1237 1238 fault: 1239 _leave(" = -EFAULT"); 1240 return -EFAULT; 1241 } 1242