1/* RxRPC key management 2 * 3 * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version 9 * 2 of the License, or (at your option) any later version. 10 * 11 * RxRPC keys should have a description of describing their purpose: 12 * "afs@CAMBRIDGE.REDHAT.COM> 13 */ 14 15#include <linux/module.h> 16#include <linux/net.h> 17#include <linux/skbuff.h> 18#include <linux/key-type.h> 19#include <linux/crypto.h> 20#include <linux/ctype.h> 21#include <linux/slab.h> 22#include <net/sock.h> 23#include <net/af_rxrpc.h> 24#include <keys/rxrpc-type.h> 25#include <keys/user-type.h> 26#include "ar-internal.h" 27 28static int rxrpc_vet_description_s(const char *); 29static int rxrpc_preparse(struct key_preparsed_payload *); 30static int rxrpc_preparse_s(struct key_preparsed_payload *); 31static void rxrpc_free_preparse(struct key_preparsed_payload *); 32static void rxrpc_free_preparse_s(struct key_preparsed_payload *); 33static void rxrpc_destroy(struct key *); 34static void rxrpc_destroy_s(struct key *); 35static void rxrpc_describe(const struct key *, struct seq_file *); 36static long rxrpc_read(const struct key *, char __user *, size_t); 37 38/* 39 * rxrpc defined keys take an arbitrary string as the description and an 40 * arbitrary blob of data as the payload 41 */ 42struct key_type key_type_rxrpc = { 43 .name = "rxrpc", 44 .preparse = rxrpc_preparse, 45 .free_preparse = rxrpc_free_preparse, 46 .instantiate = generic_key_instantiate, 47 .destroy = rxrpc_destroy, 48 .describe = rxrpc_describe, 49 .read = rxrpc_read, 50}; 51EXPORT_SYMBOL(key_type_rxrpc); 52 53/* 54 * rxrpc server defined keys take "<serviceId>:<securityIndex>" as the 55 * description and an 8-byte decryption key as the payload 56 */ 57struct key_type key_type_rxrpc_s = { 58 .name = "rxrpc_s", 59 .vet_description = rxrpc_vet_description_s, 60 .preparse = rxrpc_preparse_s, 61 .free_preparse = rxrpc_free_preparse_s, 62 .instantiate = generic_key_instantiate, 63 .destroy = rxrpc_destroy_s, 64 .describe = rxrpc_describe, 65}; 66 67/* 68 * Vet the description for an RxRPC server key 69 */ 70static int rxrpc_vet_description_s(const char *desc) 71{ 72 unsigned long num; 73 char *p; 74 75 num = simple_strtoul(desc, &p, 10); 76 if (*p != ':' || num > 65535) 77 return -EINVAL; 78 num = simple_strtoul(p + 1, &p, 10); 79 if (*p || num < 1 || num > 255) 80 return -EINVAL; 81 return 0; 82} 83 84/* 85 * parse an RxKAD type XDR format token 86 * - the caller guarantees we have at least 4 words 87 */ 88static int rxrpc_preparse_xdr_rxkad(struct key_preparsed_payload *prep, 89 size_t datalen, 90 const __be32 *xdr, unsigned int toklen) 91{ 92 struct rxrpc_key_token *token, **pptoken; 93 size_t plen; 94 u32 tktlen; 95 96 _enter(",{%x,%x,%x,%x},%u", 97 ntohl(xdr[0]), ntohl(xdr[1]), ntohl(xdr[2]), ntohl(xdr[3]), 98 toklen); 99 100 if (toklen <= 8 * 4) 101 return -EKEYREJECTED; 102 tktlen = ntohl(xdr[7]); 103 _debug("tktlen: %x", tktlen); 104 if (tktlen > AFSTOKEN_RK_TIX_MAX) 105 return -EKEYREJECTED; 106 if (toklen < 8 * 4 + tktlen) 107 return -EKEYREJECTED; 108 109 plen = sizeof(*token) + sizeof(*token->kad) + tktlen; 110 prep->quotalen = datalen + plen; 111 112 plen -= sizeof(*token); 113 token = kzalloc(sizeof(*token), GFP_KERNEL); 114 if (!token) 115 return -ENOMEM; 116 117 token->kad = kzalloc(plen, GFP_KERNEL); 118 if (!token->kad) { 119 kfree(token); 120 return -ENOMEM; 121 } 122 123 token->security_index = RXRPC_SECURITY_RXKAD; 124 token->kad->ticket_len = tktlen; 125 token->kad->vice_id = ntohl(xdr[0]); 126 token->kad->kvno = ntohl(xdr[1]); 127 token->kad->start = ntohl(xdr[4]); 128 token->kad->expiry = ntohl(xdr[5]); 129 token->kad->primary_flag = ntohl(xdr[6]); 130 memcpy(&token->kad->session_key, &xdr[2], 8); 131 memcpy(&token->kad->ticket, &xdr[8], tktlen); 132 133 _debug("SCIX: %u", token->security_index); 134 _debug("TLEN: %u", token->kad->ticket_len); 135 _debug("EXPY: %x", token->kad->expiry); 136 _debug("KVNO: %u", token->kad->kvno); 137 _debug("PRIM: %u", token->kad->primary_flag); 138 _debug("SKEY: %02x%02x%02x%02x%02x%02x%02x%02x", 139 token->kad->session_key[0], token->kad->session_key[1], 140 token->kad->session_key[2], token->kad->session_key[3], 141 token->kad->session_key[4], token->kad->session_key[5], 142 token->kad->session_key[6], token->kad->session_key[7]); 143 if (token->kad->ticket_len >= 8) 144 _debug("TCKT: %02x%02x%02x%02x%02x%02x%02x%02x", 145 token->kad->ticket[0], token->kad->ticket[1], 146 token->kad->ticket[2], token->kad->ticket[3], 147 token->kad->ticket[4], token->kad->ticket[5], 148 token->kad->ticket[6], token->kad->ticket[7]); 149 150 /* count the number of tokens attached */ 151 prep->payload.data[1] = (void *)((unsigned long)prep->payload.data[1] + 1); 152 153 /* attach the data */ 154 for (pptoken = (struct rxrpc_key_token **)&prep->payload.data[0]; 155 *pptoken; 156 pptoken = &(*pptoken)->next) 157 continue; 158 *pptoken = token; 159 if (token->kad->expiry < prep->expiry) 160 prep->expiry = token->kad->expiry; 161 162 _leave(" = 0"); 163 return 0; 164} 165 166static void rxrpc_free_krb5_principal(struct krb5_principal *princ) 167{ 168 int loop; 169 170 if (princ->name_parts) { 171 for (loop = princ->n_name_parts - 1; loop >= 0; loop--) 172 kfree(princ->name_parts[loop]); 173 kfree(princ->name_parts); 174 } 175 kfree(princ->realm); 176} 177 178static void rxrpc_free_krb5_tagged(struct krb5_tagged_data *td) 179{ 180 kfree(td->data); 181} 182 183/* 184 * free up an RxK5 token 185 */ 186static void rxrpc_rxk5_free(struct rxk5_key *rxk5) 187{ 188 int loop; 189 190 rxrpc_free_krb5_principal(&rxk5->client); 191 rxrpc_free_krb5_principal(&rxk5->server); 192 rxrpc_free_krb5_tagged(&rxk5->session); 193 194 if (rxk5->addresses) { 195 for (loop = rxk5->n_addresses - 1; loop >= 0; loop--) 196 rxrpc_free_krb5_tagged(&rxk5->addresses[loop]); 197 kfree(rxk5->addresses); 198 } 199 if (rxk5->authdata) { 200 for (loop = rxk5->n_authdata - 1; loop >= 0; loop--) 201 rxrpc_free_krb5_tagged(&rxk5->authdata[loop]); 202 kfree(rxk5->authdata); 203 } 204 205 kfree(rxk5->ticket); 206 kfree(rxk5->ticket2); 207 kfree(rxk5); 208} 209 210/* 211 * extract a krb5 principal 212 */ 213static int rxrpc_krb5_decode_principal(struct krb5_principal *princ, 214 const __be32 **_xdr, 215 unsigned int *_toklen) 216{ 217 const __be32 *xdr = *_xdr; 218 unsigned int toklen = *_toklen, n_parts, loop, tmp; 219 220 /* there must be at least one name, and at least #names+1 length 221 * words */ 222 if (toklen <= 12) 223 return -EINVAL; 224 225 _enter(",{%x,%x,%x},%u", 226 ntohl(xdr[0]), ntohl(xdr[1]), ntohl(xdr[2]), toklen); 227 228 n_parts = ntohl(*xdr++); 229 toklen -= 4; 230 if (n_parts <= 0 || n_parts > AFSTOKEN_K5_COMPONENTS_MAX) 231 return -EINVAL; 232 princ->n_name_parts = n_parts; 233 234 if (toklen <= (n_parts + 1) * 4) 235 return -EINVAL; 236 237 princ->name_parts = kcalloc(n_parts, sizeof(char *), GFP_KERNEL); 238 if (!princ->name_parts) 239 return -ENOMEM; 240 241 for (loop = 0; loop < n_parts; loop++) { 242 if (toklen < 4) 243 return -EINVAL; 244 tmp = ntohl(*xdr++); 245 toklen -= 4; 246 if (tmp <= 0 || tmp > AFSTOKEN_STRING_MAX) 247 return -EINVAL; 248 if (tmp > toklen) 249 return -EINVAL; 250 princ->name_parts[loop] = kmalloc(tmp + 1, GFP_KERNEL); 251 if (!princ->name_parts[loop]) 252 return -ENOMEM; 253 memcpy(princ->name_parts[loop], xdr, tmp); 254 princ->name_parts[loop][tmp] = 0; 255 tmp = (tmp + 3) & ~3; 256 toklen -= tmp; 257 xdr += tmp >> 2; 258 } 259 260 if (toklen < 4) 261 return -EINVAL; 262 tmp = ntohl(*xdr++); 263 toklen -= 4; 264 if (tmp <= 0 || tmp > AFSTOKEN_K5_REALM_MAX) 265 return -EINVAL; 266 if (tmp > toklen) 267 return -EINVAL; 268 princ->realm = kmalloc(tmp + 1, GFP_KERNEL); 269 if (!princ->realm) 270 return -ENOMEM; 271 memcpy(princ->realm, xdr, tmp); 272 princ->realm[tmp] = 0; 273 tmp = (tmp + 3) & ~3; 274 toklen -= tmp; 275 xdr += tmp >> 2; 276 277 _debug("%s/...@%s", princ->name_parts[0], princ->realm); 278 279 *_xdr = xdr; 280 *_toklen = toklen; 281 _leave(" = 0 [toklen=%u]", toklen); 282 return 0; 283} 284 285/* 286 * extract a piece of krb5 tagged data 287 */ 288static int rxrpc_krb5_decode_tagged_data(struct krb5_tagged_data *td, 289 size_t max_data_size, 290 const __be32 **_xdr, 291 unsigned int *_toklen) 292{ 293 const __be32 *xdr = *_xdr; 294 unsigned int toklen = *_toklen, len; 295 296 /* there must be at least one tag and one length word */ 297 if (toklen <= 8) 298 return -EINVAL; 299 300 _enter(",%zu,{%x,%x},%u", 301 max_data_size, ntohl(xdr[0]), ntohl(xdr[1]), toklen); 302 303 td->tag = ntohl(*xdr++); 304 len = ntohl(*xdr++); 305 toklen -= 8; 306 if (len > max_data_size) 307 return -EINVAL; 308 td->data_len = len; 309 310 if (len > 0) { 311 td->data = kmemdup(xdr, len, GFP_KERNEL); 312 if (!td->data) 313 return -ENOMEM; 314 len = (len + 3) & ~3; 315 toklen -= len; 316 xdr += len >> 2; 317 } 318 319 _debug("tag %x len %x", td->tag, td->data_len); 320 321 *_xdr = xdr; 322 *_toklen = toklen; 323 _leave(" = 0 [toklen=%u]", toklen); 324 return 0; 325} 326 327/* 328 * extract an array of tagged data 329 */ 330static int rxrpc_krb5_decode_tagged_array(struct krb5_tagged_data **_td, 331 u8 *_n_elem, 332 u8 max_n_elem, 333 size_t max_elem_size, 334 const __be32 **_xdr, 335 unsigned int *_toklen) 336{ 337 struct krb5_tagged_data *td; 338 const __be32 *xdr = *_xdr; 339 unsigned int toklen = *_toklen, n_elem, loop; 340 int ret; 341 342 /* there must be at least one count */ 343 if (toklen < 4) 344 return -EINVAL; 345 346 _enter(",,%u,%zu,{%x},%u", 347 max_n_elem, max_elem_size, ntohl(xdr[0]), toklen); 348 349 n_elem = ntohl(*xdr++); 350 toklen -= 4; 351 if (n_elem > max_n_elem) 352 return -EINVAL; 353 *_n_elem = n_elem; 354 if (n_elem > 0) { 355 if (toklen <= (n_elem + 1) * 4) 356 return -EINVAL; 357 358 _debug("n_elem %d", n_elem); 359 360 td = kcalloc(n_elem, sizeof(struct krb5_tagged_data), 361 GFP_KERNEL); 362 if (!td) 363 return -ENOMEM; 364 *_td = td; 365 366 for (loop = 0; loop < n_elem; loop++) { 367 ret = rxrpc_krb5_decode_tagged_data(&td[loop], 368 max_elem_size, 369 &xdr, &toklen); 370 if (ret < 0) 371 return ret; 372 } 373 } 374 375 *_xdr = xdr; 376 *_toklen = toklen; 377 _leave(" = 0 [toklen=%u]", toklen); 378 return 0; 379} 380 381/* 382 * extract a krb5 ticket 383 */ 384static int rxrpc_krb5_decode_ticket(u8 **_ticket, u16 *_tktlen, 385 const __be32 **_xdr, unsigned int *_toklen) 386{ 387 const __be32 *xdr = *_xdr; 388 unsigned int toklen = *_toklen, len; 389 390 /* there must be at least one length word */ 391 if (toklen <= 4) 392 return -EINVAL; 393 394 _enter(",{%x},%u", ntohl(xdr[0]), toklen); 395 396 len = ntohl(*xdr++); 397 toklen -= 4; 398 if (len > AFSTOKEN_K5_TIX_MAX) 399 return -EINVAL; 400 *_tktlen = len; 401 402 _debug("ticket len %u", len); 403 404 if (len > 0) { 405 *_ticket = kmemdup(xdr, len, GFP_KERNEL); 406 if (!*_ticket) 407 return -ENOMEM; 408 len = (len + 3) & ~3; 409 toklen -= len; 410 xdr += len >> 2; 411 } 412 413 *_xdr = xdr; 414 *_toklen = toklen; 415 _leave(" = 0 [toklen=%u]", toklen); 416 return 0; 417} 418 419/* 420 * parse an RxK5 type XDR format token 421 * - the caller guarantees we have at least 4 words 422 */ 423static int rxrpc_preparse_xdr_rxk5(struct key_preparsed_payload *prep, 424 size_t datalen, 425 const __be32 *xdr, unsigned int toklen) 426{ 427 struct rxrpc_key_token *token, **pptoken; 428 struct rxk5_key *rxk5; 429 const __be32 *end_xdr = xdr + (toklen >> 2); 430 int ret; 431 432 _enter(",{%x,%x,%x,%x},%u", 433 ntohl(xdr[0]), ntohl(xdr[1]), ntohl(xdr[2]), ntohl(xdr[3]), 434 toklen); 435 436 /* reserve some payload space for this subkey - the length of the token 437 * is a reasonable approximation */ 438 prep->quotalen = datalen + toklen; 439 440 token = kzalloc(sizeof(*token), GFP_KERNEL); 441 if (!token) 442 return -ENOMEM; 443 444 rxk5 = kzalloc(sizeof(*rxk5), GFP_KERNEL); 445 if (!rxk5) { 446 kfree(token); 447 return -ENOMEM; 448 } 449 450 token->security_index = RXRPC_SECURITY_RXK5; 451 token->k5 = rxk5; 452 453 /* extract the principals */ 454 ret = rxrpc_krb5_decode_principal(&rxk5->client, &xdr, &toklen); 455 if (ret < 0) 456 goto error; 457 ret = rxrpc_krb5_decode_principal(&rxk5->server, &xdr, &toklen); 458 if (ret < 0) 459 goto error; 460 461 /* extract the session key and the encoding type (the tag field -> 462 * ENCTYPE_xxx) */ 463 ret = rxrpc_krb5_decode_tagged_data(&rxk5->session, AFSTOKEN_DATA_MAX, 464 &xdr, &toklen); 465 if (ret < 0) 466 goto error; 467 468 if (toklen < 4 * 8 + 2 * 4) 469 goto inval; 470 rxk5->authtime = be64_to_cpup((const __be64 *) xdr); 471 xdr += 2; 472 rxk5->starttime = be64_to_cpup((const __be64 *) xdr); 473 xdr += 2; 474 rxk5->endtime = be64_to_cpup((const __be64 *) xdr); 475 xdr += 2; 476 rxk5->renew_till = be64_to_cpup((const __be64 *) xdr); 477 xdr += 2; 478 rxk5->is_skey = ntohl(*xdr++); 479 rxk5->flags = ntohl(*xdr++); 480 toklen -= 4 * 8 + 2 * 4; 481 482 _debug("times: a=%llx s=%llx e=%llx rt=%llx", 483 rxk5->authtime, rxk5->starttime, rxk5->endtime, 484 rxk5->renew_till); 485 _debug("is_skey=%x flags=%x", rxk5->is_skey, rxk5->flags); 486 487 /* extract the permitted client addresses */ 488 ret = rxrpc_krb5_decode_tagged_array(&rxk5->addresses, 489 &rxk5->n_addresses, 490 AFSTOKEN_K5_ADDRESSES_MAX, 491 AFSTOKEN_DATA_MAX, 492 &xdr, &toklen); 493 if (ret < 0) 494 goto error; 495 496 ASSERTCMP((end_xdr - xdr) << 2, ==, toklen); 497 498 /* extract the tickets */ 499 ret = rxrpc_krb5_decode_ticket(&rxk5->ticket, &rxk5->ticket_len, 500 &xdr, &toklen); 501 if (ret < 0) 502 goto error; 503 ret = rxrpc_krb5_decode_ticket(&rxk5->ticket2, &rxk5->ticket2_len, 504 &xdr, &toklen); 505 if (ret < 0) 506 goto error; 507 508 ASSERTCMP((end_xdr - xdr) << 2, ==, toklen); 509 510 /* extract the typed auth data */ 511 ret = rxrpc_krb5_decode_tagged_array(&rxk5->authdata, 512 &rxk5->n_authdata, 513 AFSTOKEN_K5_AUTHDATA_MAX, 514 AFSTOKEN_BDATALN_MAX, 515 &xdr, &toklen); 516 if (ret < 0) 517 goto error; 518 519 ASSERTCMP((end_xdr - xdr) << 2, ==, toklen); 520 521 if (toklen != 0) 522 goto inval; 523 524 /* attach the payload */ 525 for (pptoken = (struct rxrpc_key_token **)&prep->payload.data[0]; 526 *pptoken; 527 pptoken = &(*pptoken)->next) 528 continue; 529 *pptoken = token; 530 if (token->kad->expiry < prep->expiry) 531 prep->expiry = token->kad->expiry; 532 533 _leave(" = 0"); 534 return 0; 535 536inval: 537 ret = -EINVAL; 538error: 539 rxrpc_rxk5_free(rxk5); 540 kfree(token); 541 _leave(" = %d", ret); 542 return ret; 543} 544 545/* 546 * attempt to parse the data as the XDR format 547 * - the caller guarantees we have more than 7 words 548 */ 549static int rxrpc_preparse_xdr(struct key_preparsed_payload *prep) 550{ 551 const __be32 *xdr = prep->data, *token; 552 const char *cp; 553 unsigned int len, tmp, loop, ntoken, toklen, sec_ix; 554 size_t datalen = prep->datalen; 555 int ret; 556 557 _enter(",{%x,%x,%x,%x},%zu", 558 ntohl(xdr[0]), ntohl(xdr[1]), ntohl(xdr[2]), ntohl(xdr[3]), 559 prep->datalen); 560 561 if (datalen > AFSTOKEN_LENGTH_MAX) 562 goto not_xdr; 563 564 /* XDR is an array of __be32's */ 565 if (datalen & 3) 566 goto not_xdr; 567 568 /* the flags should be 0 (the setpag bit must be handled by 569 * userspace) */ 570 if (ntohl(*xdr++) != 0) 571 goto not_xdr; 572 datalen -= 4; 573 574 /* check the cell name */ 575 len = ntohl(*xdr++); 576 if (len < 1 || len > AFSTOKEN_CELL_MAX) 577 goto not_xdr; 578 datalen -= 4; 579 tmp = (len + 3) & ~3; 580 if (tmp > datalen) 581 goto not_xdr; 582 583 cp = (const char *) xdr; 584 for (loop = 0; loop < len; loop++) 585 if (!isprint(cp[loop])) 586 goto not_xdr; 587 if (len < tmp) 588 for (; loop < tmp; loop++) 589 if (cp[loop]) 590 goto not_xdr; 591 _debug("cellname: [%u/%u] '%*.*s'", 592 len, tmp, len, len, (const char *) xdr); 593 datalen -= tmp; 594 xdr += tmp >> 2; 595 596 /* get the token count */ 597 if (datalen < 12) 598 goto not_xdr; 599 ntoken = ntohl(*xdr++); 600 datalen -= 4; 601 _debug("ntoken: %x", ntoken); 602 if (ntoken < 1 || ntoken > AFSTOKEN_MAX) 603 goto not_xdr; 604 605 /* check each token wrapper */ 606 token = xdr; 607 loop = ntoken; 608 do { 609 if (datalen < 8) 610 goto not_xdr; 611 toklen = ntohl(*xdr++); 612 sec_ix = ntohl(*xdr); 613 datalen -= 4; 614 _debug("token: [%x/%zx] %x", toklen, datalen, sec_ix); 615 if (toklen < 20 || toklen > datalen) 616 goto not_xdr; 617 datalen -= (toklen + 3) & ~3; 618 xdr += (toklen + 3) >> 2; 619 620 } while (--loop > 0); 621 622 _debug("remainder: %zu", datalen); 623 if (datalen != 0) 624 goto not_xdr; 625 626 /* okay: we're going to assume it's valid XDR format 627 * - we ignore the cellname, relying on the key to be correctly named 628 */ 629 do { 630 xdr = token; 631 toklen = ntohl(*xdr++); 632 token = xdr + ((toklen + 3) >> 2); 633 sec_ix = ntohl(*xdr++); 634 toklen -= 4; 635 636 _debug("TOKEN type=%u [%p-%p]", sec_ix, xdr, token); 637 638 switch (sec_ix) { 639 case RXRPC_SECURITY_RXKAD: 640 ret = rxrpc_preparse_xdr_rxkad(prep, datalen, xdr, toklen); 641 if (ret != 0) 642 goto error; 643 break; 644 645 case RXRPC_SECURITY_RXK5: 646 ret = rxrpc_preparse_xdr_rxk5(prep, datalen, xdr, toklen); 647 if (ret != 0) 648 goto error; 649 break; 650 651 default: 652 ret = -EPROTONOSUPPORT; 653 goto error; 654 } 655 656 } while (--ntoken > 0); 657 658 _leave(" = 0"); 659 return 0; 660 661not_xdr: 662 _leave(" = -EPROTO"); 663 return -EPROTO; 664error: 665 _leave(" = %d", ret); 666 return ret; 667} 668 669/* 670 * Preparse an rxrpc defined key. 671 * 672 * Data should be of the form: 673 * OFFSET LEN CONTENT 674 * 0 4 key interface version number 675 * 4 2 security index (type) 676 * 6 2 ticket length 677 * 8 4 key expiry time (time_t) 678 * 12 4 kvno 679 * 16 8 session key 680 * 24 [len] ticket 681 * 682 * if no data is provided, then a no-security key is made 683 */ 684static int rxrpc_preparse(struct key_preparsed_payload *prep) 685{ 686 const struct rxrpc_key_data_v1 *v1; 687 struct rxrpc_key_token *token, **pp; 688 size_t plen; 689 u32 kver; 690 int ret; 691 692 _enter("%zu", prep->datalen); 693 694 /* handle a no-security key */ 695 if (!prep->data && prep->datalen == 0) 696 return 0; 697 698 /* determine if the XDR payload format is being used */ 699 if (prep->datalen > 7 * 4) { 700 ret = rxrpc_preparse_xdr(prep); 701 if (ret != -EPROTO) 702 return ret; 703 } 704 705 /* get the key interface version number */ 706 ret = -EINVAL; 707 if (prep->datalen <= 4 || !prep->data) 708 goto error; 709 memcpy(&kver, prep->data, sizeof(kver)); 710 prep->data += sizeof(kver); 711 prep->datalen -= sizeof(kver); 712 713 _debug("KEY I/F VERSION: %u", kver); 714 715 ret = -EKEYREJECTED; 716 if (kver != 1) 717 goto error; 718 719 /* deal with a version 1 key */ 720 ret = -EINVAL; 721 if (prep->datalen < sizeof(*v1)) 722 goto error; 723 724 v1 = prep->data; 725 if (prep->datalen != sizeof(*v1) + v1->ticket_length) 726 goto error; 727 728 _debug("SCIX: %u", v1->security_index); 729 _debug("TLEN: %u", v1->ticket_length); 730 _debug("EXPY: %x", v1->expiry); 731 _debug("KVNO: %u", v1->kvno); 732 _debug("SKEY: %02x%02x%02x%02x%02x%02x%02x%02x", 733 v1->session_key[0], v1->session_key[1], 734 v1->session_key[2], v1->session_key[3], 735 v1->session_key[4], v1->session_key[5], 736 v1->session_key[6], v1->session_key[7]); 737 if (v1->ticket_length >= 8) 738 _debug("TCKT: %02x%02x%02x%02x%02x%02x%02x%02x", 739 v1->ticket[0], v1->ticket[1], 740 v1->ticket[2], v1->ticket[3], 741 v1->ticket[4], v1->ticket[5], 742 v1->ticket[6], v1->ticket[7]); 743 744 ret = -EPROTONOSUPPORT; 745 if (v1->security_index != RXRPC_SECURITY_RXKAD) 746 goto error; 747 748 plen = sizeof(*token->kad) + v1->ticket_length; 749 prep->quotalen = plen + sizeof(*token); 750 751 ret = -ENOMEM; 752 token = kzalloc(sizeof(*token), GFP_KERNEL); 753 if (!token) 754 goto error; 755 token->kad = kzalloc(plen, GFP_KERNEL); 756 if (!token->kad) 757 goto error_free; 758 759 token->security_index = RXRPC_SECURITY_RXKAD; 760 token->kad->ticket_len = v1->ticket_length; 761 token->kad->expiry = v1->expiry; 762 token->kad->kvno = v1->kvno; 763 memcpy(&token->kad->session_key, &v1->session_key, 8); 764 memcpy(&token->kad->ticket, v1->ticket, v1->ticket_length); 765 766 /* count the number of tokens attached */ 767 prep->payload.data[1] = (void *)((unsigned long)prep->payload.data[1] + 1); 768 769 /* attach the data */ 770 pp = (struct rxrpc_key_token **)&prep->payload.data[0]; 771 while (*pp) 772 pp = &(*pp)->next; 773 *pp = token; 774 if (token->kad->expiry < prep->expiry) 775 prep->expiry = token->kad->expiry; 776 token = NULL; 777 ret = 0; 778 779error_free: 780 kfree(token); 781error: 782 return ret; 783} 784 785/* 786 * Free token list. 787 */ 788static void rxrpc_free_token_list(struct rxrpc_key_token *token) 789{ 790 struct rxrpc_key_token *next; 791 792 for (; token; token = next) { 793 next = token->next; 794 switch (token->security_index) { 795 case RXRPC_SECURITY_RXKAD: 796 kfree(token->kad); 797 break; 798 case RXRPC_SECURITY_RXK5: 799 if (token->k5) 800 rxrpc_rxk5_free(token->k5); 801 break; 802 default: 803 printk(KERN_ERR "Unknown token type %x on rxrpc key\n", 804 token->security_index); 805 BUG(); 806 } 807 808 kfree(token); 809 } 810} 811 812/* 813 * Clean up preparse data. 814 */ 815static void rxrpc_free_preparse(struct key_preparsed_payload *prep) 816{ 817 rxrpc_free_token_list(prep->payload.data[0]); 818} 819 820/* 821 * Preparse a server secret key. 822 * 823 * The data should be the 8-byte secret key. 824 */ 825static int rxrpc_preparse_s(struct key_preparsed_payload *prep) 826{ 827 struct crypto_blkcipher *ci; 828 829 _enter("%zu", prep->datalen); 830 831 if (prep->datalen != 8) 832 return -EINVAL; 833 834 memcpy(&prep->payload.data[2], prep->data, 8); 835 836 ci = crypto_alloc_blkcipher("pcbc(des)", 0, CRYPTO_ALG_ASYNC); 837 if (IS_ERR(ci)) { 838 _leave(" = %ld", PTR_ERR(ci)); 839 return PTR_ERR(ci); 840 } 841 842 if (crypto_blkcipher_setkey(ci, prep->data, 8) < 0) 843 BUG(); 844 845 prep->payload.data[0] = ci; 846 _leave(" = 0"); 847 return 0; 848} 849 850/* 851 * Clean up preparse data. 852 */ 853static void rxrpc_free_preparse_s(struct key_preparsed_payload *prep) 854{ 855 if (prep->payload.data[0]) 856 crypto_free_blkcipher(prep->payload.data[0]); 857} 858 859/* 860 * dispose of the data dangling from the corpse of a rxrpc key 861 */ 862static void rxrpc_destroy(struct key *key) 863{ 864 rxrpc_free_token_list(key->payload.data[0]); 865} 866 867/* 868 * dispose of the data dangling from the corpse of a rxrpc key 869 */ 870static void rxrpc_destroy_s(struct key *key) 871{ 872 if (key->payload.data[0]) { 873 crypto_free_blkcipher(key->payload.data[0]); 874 key->payload.data[0] = NULL; 875 } 876} 877 878/* 879 * describe the rxrpc key 880 */ 881static void rxrpc_describe(const struct key *key, struct seq_file *m) 882{ 883 seq_puts(m, key->description); 884} 885 886/* 887 * grab the security key for a socket 888 */ 889int rxrpc_request_key(struct rxrpc_sock *rx, char __user *optval, int optlen) 890{ 891 struct key *key; 892 char *description; 893 894 _enter(""); 895 896 if (optlen <= 0 || optlen > PAGE_SIZE - 1) 897 return -EINVAL; 898 899 description = kmalloc(optlen + 1, GFP_KERNEL); 900 if (!description) 901 return -ENOMEM; 902 903 if (copy_from_user(description, optval, optlen)) { 904 kfree(description); 905 return -EFAULT; 906 } 907 description[optlen] = 0; 908 909 key = request_key(&key_type_rxrpc, description, NULL); 910 if (IS_ERR(key)) { 911 kfree(description); 912 _leave(" = %ld", PTR_ERR(key)); 913 return PTR_ERR(key); 914 } 915 916 rx->key = key; 917 kfree(description); 918 _leave(" = 0 [key %x]", key->serial); 919 return 0; 920} 921 922/* 923 * grab the security keyring for a server socket 924 */ 925int rxrpc_server_keyring(struct rxrpc_sock *rx, char __user *optval, 926 int optlen) 927{ 928 struct key *key; 929 char *description; 930 931 _enter(""); 932 933 if (optlen <= 0 || optlen > PAGE_SIZE - 1) 934 return -EINVAL; 935 936 description = kmalloc(optlen + 1, GFP_KERNEL); 937 if (!description) 938 return -ENOMEM; 939 940 if (copy_from_user(description, optval, optlen)) { 941 kfree(description); 942 return -EFAULT; 943 } 944 description[optlen] = 0; 945 946 key = request_key(&key_type_keyring, description, NULL); 947 if (IS_ERR(key)) { 948 kfree(description); 949 _leave(" = %ld", PTR_ERR(key)); 950 return PTR_ERR(key); 951 } 952 953 rx->securities = key; 954 kfree(description); 955 _leave(" = 0 [key %x]", key->serial); 956 return 0; 957} 958 959/* 960 * generate a server data key 961 */ 962int rxrpc_get_server_data_key(struct rxrpc_connection *conn, 963 const void *session_key, 964 time_t expiry, 965 u32 kvno) 966{ 967 const struct cred *cred = current_cred(); 968 struct key *key; 969 int ret; 970 971 struct { 972 u32 kver; 973 struct rxrpc_key_data_v1 v1; 974 } data; 975 976 _enter(""); 977 978 key = key_alloc(&key_type_rxrpc, "x", 979 GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, cred, 0, 980 KEY_ALLOC_NOT_IN_QUOTA); 981 if (IS_ERR(key)) { 982 _leave(" = -ENOMEM [alloc %ld]", PTR_ERR(key)); 983 return -ENOMEM; 984 } 985 986 _debug("key %d", key_serial(key)); 987 988 data.kver = 1; 989 data.v1.security_index = RXRPC_SECURITY_RXKAD; 990 data.v1.ticket_length = 0; 991 data.v1.expiry = expiry; 992 data.v1.kvno = 0; 993 994 memcpy(&data.v1.session_key, session_key, sizeof(data.v1.session_key)); 995 996 ret = key_instantiate_and_link(key, &data, sizeof(data), NULL, NULL); 997 if (ret < 0) 998 goto error; 999 1000 conn->key = key; 1001 _leave(" = 0 [%d]", key_serial(key)); 1002 return 0; 1003 1004error: 1005 key_revoke(key); 1006 key_put(key); 1007 _leave(" = -ENOMEM [ins %d]", ret); 1008 return -ENOMEM; 1009} 1010EXPORT_SYMBOL(rxrpc_get_server_data_key); 1011 1012/** 1013 * rxrpc_get_null_key - Generate a null RxRPC key 1014 * @keyname: The name to give the key. 1015 * 1016 * Generate a null RxRPC key that can be used to indicate anonymous security is 1017 * required for a particular domain. 1018 */ 1019struct key *rxrpc_get_null_key(const char *keyname) 1020{ 1021 const struct cred *cred = current_cred(); 1022 struct key *key; 1023 int ret; 1024 1025 key = key_alloc(&key_type_rxrpc, keyname, 1026 GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, cred, 1027 KEY_POS_SEARCH, KEY_ALLOC_NOT_IN_QUOTA); 1028 if (IS_ERR(key)) 1029 return key; 1030 1031 ret = key_instantiate_and_link(key, NULL, 0, NULL, NULL); 1032 if (ret < 0) { 1033 key_revoke(key); 1034 key_put(key); 1035 return ERR_PTR(ret); 1036 } 1037 1038 return key; 1039} 1040EXPORT_SYMBOL(rxrpc_get_null_key); 1041 1042/* 1043 * read the contents of an rxrpc key 1044 * - this returns the result in XDR form 1045 */ 1046static long rxrpc_read(const struct key *key, 1047 char __user *buffer, size_t buflen) 1048{ 1049 const struct rxrpc_key_token *token; 1050 const struct krb5_principal *princ; 1051 size_t size; 1052 __be32 __user *xdr, *oldxdr; 1053 u32 cnlen, toksize, ntoks, tok, zero; 1054 u16 toksizes[AFSTOKEN_MAX]; 1055 int loop; 1056 1057 _enter(""); 1058 1059 /* we don't know what form we should return non-AFS keys in */ 1060 if (memcmp(key->description, "afs@", 4) != 0) 1061 return -EOPNOTSUPP; 1062 cnlen = strlen(key->description + 4); 1063 1064#define RND(X) (((X) + 3) & ~3) 1065 1066 /* AFS keys we return in XDR form, so we need to work out the size of 1067 * the XDR */ 1068 size = 2 * 4; /* flags, cellname len */ 1069 size += RND(cnlen); /* cellname */ 1070 size += 1 * 4; /* token count */ 1071 1072 ntoks = 0; 1073 for (token = key->payload.data[0]; token; token = token->next) { 1074 toksize = 4; /* sec index */ 1075 1076 switch (token->security_index) { 1077 case RXRPC_SECURITY_RXKAD: 1078 toksize += 8 * 4; /* viceid, kvno, key*2, begin, 1079 * end, primary, tktlen */ 1080 toksize += RND(token->kad->ticket_len); 1081 break; 1082 1083 case RXRPC_SECURITY_RXK5: 1084 princ = &token->k5->client; 1085 toksize += 4 + princ->n_name_parts * 4; 1086 for (loop = 0; loop < princ->n_name_parts; loop++) 1087 toksize += RND(strlen(princ->name_parts[loop])); 1088 toksize += 4 + RND(strlen(princ->realm)); 1089 1090 princ = &token->k5->server; 1091 toksize += 4 + princ->n_name_parts * 4; 1092 for (loop = 0; loop < princ->n_name_parts; loop++) 1093 toksize += RND(strlen(princ->name_parts[loop])); 1094 toksize += 4 + RND(strlen(princ->realm)); 1095 1096 toksize += 8 + RND(token->k5->session.data_len); 1097 1098 toksize += 4 * 8 + 2 * 4; 1099 1100 toksize += 4 + token->k5->n_addresses * 8; 1101 for (loop = 0; loop < token->k5->n_addresses; loop++) 1102 toksize += RND(token->k5->addresses[loop].data_len); 1103 1104 toksize += 4 + RND(token->k5->ticket_len); 1105 toksize += 4 + RND(token->k5->ticket2_len); 1106 1107 toksize += 4 + token->k5->n_authdata * 8; 1108 for (loop = 0; loop < token->k5->n_authdata; loop++) 1109 toksize += RND(token->k5->authdata[loop].data_len); 1110 break; 1111 1112 default: /* we have a ticket we can't encode */ 1113 BUG(); 1114 continue; 1115 } 1116 1117 _debug("token[%u]: toksize=%u", ntoks, toksize); 1118 ASSERTCMP(toksize, <=, AFSTOKEN_LENGTH_MAX); 1119 1120 toksizes[ntoks++] = toksize; 1121 size += toksize + 4; /* each token has a length word */ 1122 } 1123 1124#undef RND 1125 1126 if (!buffer || buflen < size) 1127 return size; 1128 1129 xdr = (__be32 __user *) buffer; 1130 zero = 0; 1131#define ENCODE(x) \ 1132 do { \ 1133 __be32 y = htonl(x); \ 1134 if (put_user(y, xdr++) < 0) \ 1135 goto fault; \ 1136 } while(0) 1137#define ENCODE_DATA(l, s) \ 1138 do { \ 1139 u32 _l = (l); \ 1140 ENCODE(l); \ 1141 if (copy_to_user(xdr, (s), _l) != 0) \ 1142 goto fault; \ 1143 if (_l & 3 && \ 1144 copy_to_user((u8 __user *)xdr + _l, &zero, 4 - (_l & 3)) != 0) \ 1145 goto fault; \ 1146 xdr += (_l + 3) >> 2; \ 1147 } while(0) 1148#define ENCODE64(x) \ 1149 do { \ 1150 __be64 y = cpu_to_be64(x); \ 1151 if (copy_to_user(xdr, &y, 8) != 0) \ 1152 goto fault; \ 1153 xdr += 8 >> 2; \ 1154 } while(0) 1155#define ENCODE_STR(s) \ 1156 do { \ 1157 const char *_s = (s); \ 1158 ENCODE_DATA(strlen(_s), _s); \ 1159 } while(0) 1160 1161 ENCODE(0); /* flags */ 1162 ENCODE_DATA(cnlen, key->description + 4); /* cellname */ 1163 ENCODE(ntoks); 1164 1165 tok = 0; 1166 for (token = key->payload.data[0]; token; token = token->next) { 1167 toksize = toksizes[tok++]; 1168 ENCODE(toksize); 1169 oldxdr = xdr; 1170 ENCODE(token->security_index); 1171 1172 switch (token->security_index) { 1173 case RXRPC_SECURITY_RXKAD: 1174 ENCODE(token->kad->vice_id); 1175 ENCODE(token->kad->kvno); 1176 ENCODE_DATA(8, token->kad->session_key); 1177 ENCODE(token->kad->start); 1178 ENCODE(token->kad->expiry); 1179 ENCODE(token->kad->primary_flag); 1180 ENCODE_DATA(token->kad->ticket_len, token->kad->ticket); 1181 break; 1182 1183 case RXRPC_SECURITY_RXK5: 1184 princ = &token->k5->client; 1185 ENCODE(princ->n_name_parts); 1186 for (loop = 0; loop < princ->n_name_parts; loop++) 1187 ENCODE_STR(princ->name_parts[loop]); 1188 ENCODE_STR(princ->realm); 1189 1190 princ = &token->k5->server; 1191 ENCODE(princ->n_name_parts); 1192 for (loop = 0; loop < princ->n_name_parts; loop++) 1193 ENCODE_STR(princ->name_parts[loop]); 1194 ENCODE_STR(princ->realm); 1195 1196 ENCODE(token->k5->session.tag); 1197 ENCODE_DATA(token->k5->session.data_len, 1198 token->k5->session.data); 1199 1200 ENCODE64(token->k5->authtime); 1201 ENCODE64(token->k5->starttime); 1202 ENCODE64(token->k5->endtime); 1203 ENCODE64(token->k5->renew_till); 1204 ENCODE(token->k5->is_skey); 1205 ENCODE(token->k5->flags); 1206 1207 ENCODE(token->k5->n_addresses); 1208 for (loop = 0; loop < token->k5->n_addresses; loop++) { 1209 ENCODE(token->k5->addresses[loop].tag); 1210 ENCODE_DATA(token->k5->addresses[loop].data_len, 1211 token->k5->addresses[loop].data); 1212 } 1213 1214 ENCODE_DATA(token->k5->ticket_len, token->k5->ticket); 1215 ENCODE_DATA(token->k5->ticket2_len, token->k5->ticket2); 1216 1217 ENCODE(token->k5->n_authdata); 1218 for (loop = 0; loop < token->k5->n_authdata; loop++) { 1219 ENCODE(token->k5->authdata[loop].tag); 1220 ENCODE_DATA(token->k5->authdata[loop].data_len, 1221 token->k5->authdata[loop].data); 1222 } 1223 break; 1224 1225 default: 1226 BUG(); 1227 break; 1228 } 1229 1230 ASSERTCMP((unsigned long)xdr - (unsigned long)oldxdr, ==, 1231 toksize); 1232 } 1233 1234#undef ENCODE_STR 1235#undef ENCODE_DATA 1236#undef ENCODE64 1237#undef ENCODE 1238 1239 ASSERTCMP(tok, ==, ntoks); 1240 ASSERTCMP((char __user *) xdr - buffer, ==, size); 1241 _leave(" = %zu", size); 1242 return size; 1243 1244fault: 1245 _leave(" = -EFAULT"); 1246 return -EFAULT; 1247} 1248