1 /* SPDX-License-Identifier: GPL-2.0 or BSD-3-Clause */
2 /*
3  * SunRPC GSS Kerberos 5 mechanism internal definitions
4  *
5  * Copyright (c) 2022 Oracle and/or its affiliates.
6  */
7 
8 #ifndef _NET_SUNRPC_AUTH_GSS_KRB5_INTERNAL_H
9 #define _NET_SUNRPC_AUTH_GSS_KRB5_INTERNAL_H
10 
11 /*
12  * The RFCs often specify payload lengths in bits. This helper
13  * converts a specified bit-length to the number of octets/bytes.
14  */
15 #define BITS2OCTETS(x)	((x) / 8)
16 
17 struct krb5_ctx;
18 
19 struct gss_krb5_enctype {
20 	const u32		etype;		/* encryption (key) type */
21 	const u32		ctype;		/* checksum type */
22 	const char		*name;		/* "friendly" name */
23 	const char		*encrypt_name;	/* crypto encrypt name */
24 	const char		*aux_cipher;	/* aux encrypt cipher name */
25 	const char		*cksum_name;	/* crypto checksum name */
26 	const u16		signalg;	/* signing algorithm */
27 	const u16		sealalg;	/* sealing algorithm */
28 	const u32		cksumlength;	/* checksum length */
29 	const u32		keyed_cksum;	/* is it a keyed cksum? */
30 	const u32		keybytes;	/* raw key len, in bytes */
31 	const u32		keylength;	/* protocol key length, in octets */
32 	const u32		Kc_length;	/* checksum subkey length, in octets */
33 	const u32		Ke_length;	/* encryption subkey length, in octets */
34 	const u32		Ki_length;	/* integrity subkey length, in octets */
35 
36 	int (*import_ctx)(struct krb5_ctx *ctx, gfp_t gfp_mask);
37 	int (*derive_key)(const struct gss_krb5_enctype *gk5e,
38 			  const struct xdr_netobj *in,
39 			  struct xdr_netobj *out,
40 			  const struct xdr_netobj *label,
41 			  gfp_t gfp_mask);
42 	u32 (*encrypt)(struct krb5_ctx *kctx, u32 offset,
43 		       struct xdr_buf *buf, struct page **pages);
44 	u32 (*decrypt)(struct krb5_ctx *kctx, u32 offset, u32 len,
45 		       struct xdr_buf *buf, u32 *headskip, u32 *tailskip);
46 	u32 (*get_mic)(struct krb5_ctx *kctx, struct xdr_buf *text,
47 		       struct xdr_netobj *token);
48 	u32 (*verify_mic)(struct krb5_ctx *kctx, struct xdr_buf *message_buffer,
49 			  struct xdr_netobj *read_token);
50 	u32 (*wrap)(struct krb5_ctx *kctx, int offset,
51 		    struct xdr_buf *buf, struct page **pages);
52 	u32 (*unwrap)(struct krb5_ctx *kctx, int offset, int len,
53 		      struct xdr_buf *buf, unsigned int *slack,
54 		      unsigned int *align);
55 };
56 
57 /* krb5_ctx flags definitions */
58 #define KRB5_CTX_FLAG_INITIATOR         0x00000001
59 #define KRB5_CTX_FLAG_ACCEPTOR_SUBKEY   0x00000004
60 
61 struct krb5_ctx {
62 	int			initiate; /* 1 = initiating, 0 = accepting */
63 	u32			enctype;
64 	u32			flags;
65 	const struct gss_krb5_enctype *gk5e; /* enctype-specific info */
66 	struct crypto_sync_skcipher *enc;
67 	struct crypto_sync_skcipher *seq;
68 	struct crypto_sync_skcipher *acceptor_enc;
69 	struct crypto_sync_skcipher *initiator_enc;
70 	struct crypto_sync_skcipher *acceptor_enc_aux;
71 	struct crypto_sync_skcipher *initiator_enc_aux;
72 	struct crypto_ahash	*acceptor_sign;
73 	struct crypto_ahash	*initiator_sign;
74 	struct crypto_ahash	*initiator_integ;
75 	struct crypto_ahash	*acceptor_integ;
76 	u8			Ksess[GSS_KRB5_MAX_KEYLEN]; /* session key */
77 	u8			cksum[GSS_KRB5_MAX_KEYLEN];
78 	atomic_t		seq_send;
79 	atomic64_t		seq_send64;
80 	time64_t		endtime;
81 	struct xdr_netobj	mech_used;
82 };
83 
84 /*
85  * GSS Kerberos 5 mechanism Per-Message calls.
86  */
87 
88 u32 gss_krb5_get_mic_v1(struct krb5_ctx *ctx, struct xdr_buf *text,
89 			struct xdr_netobj *token);
90 u32 gss_krb5_get_mic_v2(struct krb5_ctx *ctx, struct xdr_buf *text,
91 			struct xdr_netobj *token);
92 
93 u32 gss_krb5_verify_mic_v1(struct krb5_ctx *ctx, struct xdr_buf *message_buffer,
94 			   struct xdr_netobj *read_token);
95 u32 gss_krb5_verify_mic_v2(struct krb5_ctx *ctx, struct xdr_buf *message_buffer,
96 			   struct xdr_netobj *read_token);
97 
98 u32 gss_krb5_wrap_v1(struct krb5_ctx *kctx, int offset,
99 		     struct xdr_buf *buf, struct page **pages);
100 u32 gss_krb5_wrap_v2(struct krb5_ctx *kctx, int offset,
101 		     struct xdr_buf *buf, struct page **pages);
102 
103 u32 gss_krb5_unwrap_v1(struct krb5_ctx *kctx, int offset, int len,
104 		       struct xdr_buf *buf, unsigned int *slack,
105 		       unsigned int *align);
106 u32 gss_krb5_unwrap_v2(struct krb5_ctx *kctx, int offset, int len,
107 		       struct xdr_buf *buf, unsigned int *slack,
108 		       unsigned int *align);
109 
110 /*
111  * Implementation internal functions
112  */
113 
114 /* Key Derivation Functions */
115 
116 int krb5_derive_key_v1(const struct gss_krb5_enctype *gk5e,
117 		       const struct xdr_netobj *inkey,
118 		       struct xdr_netobj *outkey,
119 		       const struct xdr_netobj *label,
120 		       gfp_t gfp_mask);
121 
122 int krb5_derive_key_v2(const struct gss_krb5_enctype *gk5e,
123 		       const struct xdr_netobj *inkey,
124 		       struct xdr_netobj *outkey,
125 		       const struct xdr_netobj *label,
126 		       gfp_t gfp_mask);
127 
128 int krb5_kdf_hmac_sha2(const struct gss_krb5_enctype *gk5e,
129 		       const struct xdr_netobj *inkey,
130 		       struct xdr_netobj *outkey,
131 		       const struct xdr_netobj *in_constant,
132 		       gfp_t gfp_mask);
133 
134 int krb5_kdf_feedback_cmac(const struct gss_krb5_enctype *gk5e,
135 			   const struct xdr_netobj *inkey,
136 			   struct xdr_netobj *outkey,
137 			   const struct xdr_netobj *in_constant,
138 			   gfp_t gfp_mask);
139 
140 /**
141  * krb5_derive_key - Derive a subkey from a protocol key
142  * @kctx: Kerberos 5 context
143  * @inkey: base protocol key
144  * @outkey: OUT: derived key
145  * @usage: key usage value
146  * @seed: key usage seed (one octet)
147  * @gfp_mask: memory allocation control flags
148  *
149  * Caller sets @outkey->len to the desired length of the derived key.
150  *
151  * On success, returns 0 and fills in @outkey. A negative errno value
152  * is returned on failure.
153  */
154 static inline int krb5_derive_key(struct krb5_ctx *kctx,
155 				  const struct xdr_netobj *inkey,
156 				  struct xdr_netobj *outkey,
157 				  u32 usage, u8 seed, gfp_t gfp_mask)
158 {
159 	const struct gss_krb5_enctype *gk5e = kctx->gk5e;
160 	u8 label_data[GSS_KRB5_K5CLENGTH];
161 	struct xdr_netobj label = {
162 		.len	= sizeof(label_data),
163 		.data	= label_data,
164 	};
165 	__be32 *p = (__be32 *)label_data;
166 
167 	*p = cpu_to_be32(usage);
168 	label_data[4] = seed;
169 	return gk5e->derive_key(gk5e, inkey, outkey, &label, gfp_mask);
170 }
171 
172 s32 krb5_make_seq_num(struct krb5_ctx *kctx, struct crypto_sync_skcipher *key,
173 		      int direction, u32 seqnum, unsigned char *cksum,
174 		      unsigned char *buf);
175 
176 s32 krb5_get_seq_num(struct krb5_ctx *kctx, unsigned char *cksum,
177 		     unsigned char *buf, int *direction, u32 *seqnum);
178 
179 void krb5_make_confounder(u8 *p, int conflen);
180 
181 u32 make_checksum(struct krb5_ctx *kctx, char *header, int hdrlen,
182 		  struct xdr_buf *body, int body_offset, u8 *cksumkey,
183 		  unsigned int usage, struct xdr_netobj *cksumout);
184 
185 u32 gss_krb5_checksum(struct crypto_ahash *tfm, char *header, int hdrlen,
186 		      const struct xdr_buf *body, int body_offset,
187 		      struct xdr_netobj *cksumout);
188 
189 u32 krb5_encrypt(struct crypto_sync_skcipher *key, void *iv, void *in,
190 		 void *out, int length);
191 
192 u32 krb5_decrypt(struct crypto_sync_skcipher *key, void *iv, void *in,
193 		 void *out, int length);
194 
195 int xdr_extend_head(struct xdr_buf *buf, unsigned int base,
196 		    unsigned int shiftlen);
197 
198 int gss_encrypt_xdr_buf(struct crypto_sync_skcipher *tfm,
199 			struct xdr_buf *outbuf, int offset,
200 			struct page **pages);
201 
202 int gss_decrypt_xdr_buf(struct crypto_sync_skcipher *tfm,
203 			struct xdr_buf *inbuf, int offset);
204 
205 u32 gss_krb5_aes_encrypt(struct krb5_ctx *kctx, u32 offset,
206 			 struct xdr_buf *buf, struct page **pages);
207 
208 u32 gss_krb5_aes_decrypt(struct krb5_ctx *kctx, u32 offset, u32 len,
209 			 struct xdr_buf *buf, u32 *plainoffset, u32 *plainlen);
210 
211 u32 krb5_etm_encrypt(struct krb5_ctx *kctx, u32 offset, struct xdr_buf *buf,
212 		     struct page **pages);
213 
214 u32 krb5_etm_decrypt(struct krb5_ctx *kctx, u32 offset, u32 len,
215 		     struct xdr_buf *buf, u32 *headskip, u32 *tailskip);
216 
217 #if IS_ENABLED(CONFIG_KUNIT)
218 void krb5_nfold(u32 inbits, const u8 *in, u32 outbits, u8 *out);
219 const struct gss_krb5_enctype *gss_krb5_lookup_enctype(u32 etype);
220 int krb5_cbc_cts_encrypt(struct crypto_sync_skcipher *cts_tfm,
221 			 struct crypto_sync_skcipher *cbc_tfm, u32 offset,
222 			 struct xdr_buf *buf, struct page **pages,
223 			 u8 *iv, unsigned int ivsize);
224 int krb5_cbc_cts_decrypt(struct crypto_sync_skcipher *cts_tfm,
225 			 struct crypto_sync_skcipher *cbc_tfm,
226 			 u32 offset, struct xdr_buf *buf);
227 u32 krb5_etm_checksum(struct crypto_sync_skcipher *cipher,
228 		      struct crypto_ahash *tfm, const struct xdr_buf *body,
229 		      int body_offset, struct xdr_netobj *cksumout);
230 #endif
231 
232 #endif /* _NET_SUNRPC_AUTH_GSS_KRB5_INTERNAL_H */
233