ar-key.c 29 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251
  1. /* RxRPC key management
  2. *
  3. * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
  4. * Written by David Howells (dhowells@redhat.com)
  5. *
  6. * This program is free software; you can redistribute it and/or
  7. * modify it under the terms of the GNU General Public License
  8. * as published by the Free Software Foundation; either version
  9. * 2 of the License, or (at your option) any later version.
  10. *
  11. * RxRPC keys should have a description of describing their purpose:
  12. * "afs@CAMBRIDGE.REDHAT.COM>
  13. */
  14. #include <linux/module.h>
  15. #include <linux/net.h>
  16. #include <linux/skbuff.h>
  17. #include <linux/key-type.h>
  18. #include <linux/crypto.h>
  19. #include <linux/ctype.h>
  20. #include <linux/slab.h>
  21. #include <net/sock.h>
  22. #include <net/af_rxrpc.h>
  23. #include <keys/rxrpc-type.h>
  24. #include <keys/user-type.h>
  25. #include "ar-internal.h"
  26. static int rxrpc_vet_description_s(const char *);
  27. static int rxrpc_preparse(struct key_preparsed_payload *);
  28. static int rxrpc_preparse_s(struct key_preparsed_payload *);
  29. static void rxrpc_free_preparse(struct key_preparsed_payload *);
  30. static void rxrpc_free_preparse_s(struct key_preparsed_payload *);
  31. static void rxrpc_destroy(struct key *);
  32. static void rxrpc_destroy_s(struct key *);
  33. static void rxrpc_describe(const struct key *, struct seq_file *);
  34. static long rxrpc_read(const struct key *, char __user *, size_t);
  35. /*
  36. * rxrpc defined keys take an arbitrary string as the description and an
  37. * arbitrary blob of data as the payload
  38. */
  39. struct key_type key_type_rxrpc = {
  40. .name = "rxrpc",
  41. .preparse = rxrpc_preparse,
  42. .free_preparse = rxrpc_free_preparse,
  43. .instantiate = generic_key_instantiate,
  44. .destroy = rxrpc_destroy,
  45. .describe = rxrpc_describe,
  46. .read = rxrpc_read,
  47. };
  48. EXPORT_SYMBOL(key_type_rxrpc);
  49. /*
  50. * rxrpc server defined keys take "<serviceId>:<securityIndex>" as the
  51. * description and an 8-byte decryption key as the payload
  52. */
  53. struct key_type key_type_rxrpc_s = {
  54. .name = "rxrpc_s",
  55. .vet_description = rxrpc_vet_description_s,
  56. .preparse = rxrpc_preparse_s,
  57. .free_preparse = rxrpc_free_preparse_s,
  58. .instantiate = generic_key_instantiate,
  59. .destroy = rxrpc_destroy_s,
  60. .describe = rxrpc_describe,
  61. };
  62. /*
  63. * Vet the description for an RxRPC server key
  64. */
  65. static int rxrpc_vet_description_s(const char *desc)
  66. {
  67. unsigned long num;
  68. char *p;
  69. num = simple_strtoul(desc, &p, 10);
  70. if (*p != ':' || num > 65535)
  71. return -EINVAL;
  72. num = simple_strtoul(p + 1, &p, 10);
  73. if (*p || num < 1 || num > 255)
  74. return -EINVAL;
  75. return 0;
  76. }
  77. /*
  78. * parse an RxKAD type XDR format token
  79. * - the caller guarantees we have at least 4 words
  80. */
  81. static int rxrpc_preparse_xdr_rxkad(struct key_preparsed_payload *prep,
  82. size_t datalen,
  83. const __be32 *xdr, unsigned int toklen)
  84. {
  85. struct rxrpc_key_token *token, **pptoken;
  86. size_t plen;
  87. u32 tktlen;
  88. _enter(",{%x,%x,%x,%x},%u",
  89. ntohl(xdr[0]), ntohl(xdr[1]), ntohl(xdr[2]), ntohl(xdr[3]),
  90. toklen);
  91. if (toklen <= 8 * 4)
  92. return -EKEYREJECTED;
  93. tktlen = ntohl(xdr[7]);
  94. _debug("tktlen: %x", tktlen);
  95. if (tktlen > AFSTOKEN_RK_TIX_MAX)
  96. return -EKEYREJECTED;
  97. if (toklen < 8 * 4 + tktlen)
  98. return -EKEYREJECTED;
  99. plen = sizeof(*token) + sizeof(*token->kad) + tktlen;
  100. prep->quotalen = datalen + plen;
  101. plen -= sizeof(*token);
  102. token = kzalloc(sizeof(*token), GFP_KERNEL);
  103. if (!token)
  104. return -ENOMEM;
  105. token->kad = kzalloc(plen, GFP_KERNEL);
  106. if (!token->kad) {
  107. kfree(token);
  108. return -ENOMEM;
  109. }
  110. token->security_index = RXRPC_SECURITY_RXKAD;
  111. token->kad->ticket_len = tktlen;
  112. token->kad->vice_id = ntohl(xdr[0]);
  113. token->kad->kvno = ntohl(xdr[1]);
  114. token->kad->start = ntohl(xdr[4]);
  115. token->kad->expiry = ntohl(xdr[5]);
  116. token->kad->primary_flag = ntohl(xdr[6]);
  117. memcpy(&token->kad->session_key, &xdr[2], 8);
  118. memcpy(&token->kad->ticket, &xdr[8], tktlen);
  119. _debug("SCIX: %u", token->security_index);
  120. _debug("TLEN: %u", token->kad->ticket_len);
  121. _debug("EXPY: %x", token->kad->expiry);
  122. _debug("KVNO: %u", token->kad->kvno);
  123. _debug("PRIM: %u", token->kad->primary_flag);
  124. _debug("SKEY: %02x%02x%02x%02x%02x%02x%02x%02x",
  125. token->kad->session_key[0], token->kad->session_key[1],
  126. token->kad->session_key[2], token->kad->session_key[3],
  127. token->kad->session_key[4], token->kad->session_key[5],
  128. token->kad->session_key[6], token->kad->session_key[7]);
  129. if (token->kad->ticket_len >= 8)
  130. _debug("TCKT: %02x%02x%02x%02x%02x%02x%02x%02x",
  131. token->kad->ticket[0], token->kad->ticket[1],
  132. token->kad->ticket[2], token->kad->ticket[3],
  133. token->kad->ticket[4], token->kad->ticket[5],
  134. token->kad->ticket[6], token->kad->ticket[7]);
  135. /* count the number of tokens attached */
  136. prep->payload.data[1] = (void *)((unsigned long)prep->payload.data[1] + 1);
  137. /* attach the data */
  138. for (pptoken = (struct rxrpc_key_token **)&prep->payload.data[0];
  139. *pptoken;
  140. pptoken = &(*pptoken)->next)
  141. continue;
  142. *pptoken = token;
  143. if (token->kad->expiry < prep->expiry)
  144. prep->expiry = token->kad->expiry;
  145. _leave(" = 0");
  146. return 0;
  147. }
  148. static void rxrpc_free_krb5_principal(struct krb5_principal *princ)
  149. {
  150. int loop;
  151. if (princ->name_parts) {
  152. for (loop = princ->n_name_parts - 1; loop >= 0; loop--)
  153. kfree(princ->name_parts[loop]);
  154. kfree(princ->name_parts);
  155. }
  156. kfree(princ->realm);
  157. }
  158. static void rxrpc_free_krb5_tagged(struct krb5_tagged_data *td)
  159. {
  160. kfree(td->data);
  161. }
  162. /*
  163. * free up an RxK5 token
  164. */
  165. static void rxrpc_rxk5_free(struct rxk5_key *rxk5)
  166. {
  167. int loop;
  168. rxrpc_free_krb5_principal(&rxk5->client);
  169. rxrpc_free_krb5_principal(&rxk5->server);
  170. rxrpc_free_krb5_tagged(&rxk5->session);
  171. if (rxk5->addresses) {
  172. for (loop = rxk5->n_addresses - 1; loop >= 0; loop--)
  173. rxrpc_free_krb5_tagged(&rxk5->addresses[loop]);
  174. kfree(rxk5->addresses);
  175. }
  176. if (rxk5->authdata) {
  177. for (loop = rxk5->n_authdata - 1; loop >= 0; loop--)
  178. rxrpc_free_krb5_tagged(&rxk5->authdata[loop]);
  179. kfree(rxk5->authdata);
  180. }
  181. kfree(rxk5->ticket);
  182. kfree(rxk5->ticket2);
  183. kfree(rxk5);
  184. }
  185. /*
  186. * extract a krb5 principal
  187. */
  188. static int rxrpc_krb5_decode_principal(struct krb5_principal *princ,
  189. const __be32 **_xdr,
  190. unsigned int *_toklen)
  191. {
  192. const __be32 *xdr = *_xdr;
  193. unsigned int toklen = *_toklen, n_parts, loop, tmp, paddedlen;
  194. /* there must be at least one name, and at least #names+1 length
  195. * words */
  196. if (toklen <= 12)
  197. return -EINVAL;
  198. _enter(",{%x,%x,%x},%u",
  199. ntohl(xdr[0]), ntohl(xdr[1]), ntohl(xdr[2]), toklen);
  200. n_parts = ntohl(*xdr++);
  201. toklen -= 4;
  202. if (n_parts <= 0 || n_parts > AFSTOKEN_K5_COMPONENTS_MAX)
  203. return -EINVAL;
  204. princ->n_name_parts = n_parts;
  205. if (toklen <= (n_parts + 1) * 4)
  206. return -EINVAL;
  207. princ->name_parts = kcalloc(n_parts, sizeof(char *), GFP_KERNEL);
  208. if (!princ->name_parts)
  209. return -ENOMEM;
  210. for (loop = 0; loop < n_parts; loop++) {
  211. if (toklen < 4)
  212. return -EINVAL;
  213. tmp = ntohl(*xdr++);
  214. toklen -= 4;
  215. if (tmp <= 0 || tmp > AFSTOKEN_STRING_MAX)
  216. return -EINVAL;
  217. paddedlen = (tmp + 3) & ~3;
  218. if (paddedlen > toklen)
  219. return -EINVAL;
  220. princ->name_parts[loop] = kmalloc(tmp + 1, GFP_KERNEL);
  221. if (!princ->name_parts[loop])
  222. return -ENOMEM;
  223. memcpy(princ->name_parts[loop], xdr, tmp);
  224. princ->name_parts[loop][tmp] = 0;
  225. toklen -= paddedlen;
  226. xdr += paddedlen >> 2;
  227. }
  228. if (toklen < 4)
  229. return -EINVAL;
  230. tmp = ntohl(*xdr++);
  231. toklen -= 4;
  232. if (tmp <= 0 || tmp > AFSTOKEN_K5_REALM_MAX)
  233. return -EINVAL;
  234. paddedlen = (tmp + 3) & ~3;
  235. if (paddedlen > toklen)
  236. return -EINVAL;
  237. princ->realm = kmalloc(tmp + 1, GFP_KERNEL);
  238. if (!princ->realm)
  239. return -ENOMEM;
  240. memcpy(princ->realm, xdr, tmp);
  241. princ->realm[tmp] = 0;
  242. toklen -= paddedlen;
  243. xdr += paddedlen >> 2;
  244. _debug("%s/...@%s", princ->name_parts[0], princ->realm);
  245. *_xdr = xdr;
  246. *_toklen = toklen;
  247. _leave(" = 0 [toklen=%u]", toklen);
  248. return 0;
  249. }
  250. /*
  251. * extract a piece of krb5 tagged data
  252. */
  253. static int rxrpc_krb5_decode_tagged_data(struct krb5_tagged_data *td,
  254. size_t max_data_size,
  255. const __be32 **_xdr,
  256. unsigned int *_toklen)
  257. {
  258. const __be32 *xdr = *_xdr;
  259. unsigned int toklen = *_toklen, len, paddedlen;
  260. /* there must be at least one tag and one length word */
  261. if (toklen <= 8)
  262. return -EINVAL;
  263. _enter(",%zu,{%x,%x},%u",
  264. max_data_size, ntohl(xdr[0]), ntohl(xdr[1]), toklen);
  265. td->tag = ntohl(*xdr++);
  266. len = ntohl(*xdr++);
  267. toklen -= 8;
  268. if (len > max_data_size)
  269. return -EINVAL;
  270. paddedlen = (len + 3) & ~3;
  271. if (paddedlen > toklen)
  272. return -EINVAL;
  273. td->data_len = len;
  274. if (len > 0) {
  275. td->data = kmemdup(xdr, len, GFP_KERNEL);
  276. if (!td->data)
  277. return -ENOMEM;
  278. toklen -= paddedlen;
  279. xdr += paddedlen >> 2;
  280. }
  281. _debug("tag %x len %x", td->tag, td->data_len);
  282. *_xdr = xdr;
  283. *_toklen = toklen;
  284. _leave(" = 0 [toklen=%u]", toklen);
  285. return 0;
  286. }
  287. /*
  288. * extract an array of tagged data
  289. */
  290. static int rxrpc_krb5_decode_tagged_array(struct krb5_tagged_data **_td,
  291. u8 *_n_elem,
  292. u8 max_n_elem,
  293. size_t max_elem_size,
  294. const __be32 **_xdr,
  295. unsigned int *_toklen)
  296. {
  297. struct krb5_tagged_data *td;
  298. const __be32 *xdr = *_xdr;
  299. unsigned int toklen = *_toklen, n_elem, loop;
  300. int ret;
  301. /* there must be at least one count */
  302. if (toklen < 4)
  303. return -EINVAL;
  304. _enter(",,%u,%zu,{%x},%u",
  305. max_n_elem, max_elem_size, ntohl(xdr[0]), toklen);
  306. n_elem = ntohl(*xdr++);
  307. toklen -= 4;
  308. if (n_elem > max_n_elem)
  309. return -EINVAL;
  310. *_n_elem = n_elem;
  311. if (n_elem > 0) {
  312. if (toklen <= (n_elem + 1) * 4)
  313. return -EINVAL;
  314. _debug("n_elem %d", n_elem);
  315. td = kcalloc(n_elem, sizeof(struct krb5_tagged_data),
  316. GFP_KERNEL);
  317. if (!td)
  318. return -ENOMEM;
  319. *_td = td;
  320. for (loop = 0; loop < n_elem; loop++) {
  321. ret = rxrpc_krb5_decode_tagged_data(&td[loop],
  322. max_elem_size,
  323. &xdr, &toklen);
  324. if (ret < 0)
  325. return ret;
  326. }
  327. }
  328. *_xdr = xdr;
  329. *_toklen = toklen;
  330. _leave(" = 0 [toklen=%u]", toklen);
  331. return 0;
  332. }
  333. /*
  334. * extract a krb5 ticket
  335. */
  336. static int rxrpc_krb5_decode_ticket(u8 **_ticket, u16 *_tktlen,
  337. const __be32 **_xdr, unsigned int *_toklen)
  338. {
  339. const __be32 *xdr = *_xdr;
  340. unsigned int toklen = *_toklen, len, paddedlen;
  341. /* there must be at least one length word */
  342. if (toklen <= 4)
  343. return -EINVAL;
  344. _enter(",{%x},%u", ntohl(xdr[0]), toklen);
  345. len = ntohl(*xdr++);
  346. toklen -= 4;
  347. if (len > AFSTOKEN_K5_TIX_MAX)
  348. return -EINVAL;
  349. paddedlen = (len + 3) & ~3;
  350. if (paddedlen > toklen)
  351. return -EINVAL;
  352. *_tktlen = len;
  353. _debug("ticket len %u", len);
  354. if (len > 0) {
  355. *_ticket = kmemdup(xdr, len, GFP_KERNEL);
  356. if (!*_ticket)
  357. return -ENOMEM;
  358. toklen -= paddedlen;
  359. xdr += paddedlen >> 2;
  360. }
  361. *_xdr = xdr;
  362. *_toklen = toklen;
  363. _leave(" = 0 [toklen=%u]", toklen);
  364. return 0;
  365. }
  366. /*
  367. * parse an RxK5 type XDR format token
  368. * - the caller guarantees we have at least 4 words
  369. */
  370. static int rxrpc_preparse_xdr_rxk5(struct key_preparsed_payload *prep,
  371. size_t datalen,
  372. const __be32 *xdr, unsigned int toklen)
  373. {
  374. struct rxrpc_key_token *token, **pptoken;
  375. struct rxk5_key *rxk5;
  376. const __be32 *end_xdr = xdr + (toklen >> 2);
  377. int ret;
  378. _enter(",{%x,%x,%x,%x},%u",
  379. ntohl(xdr[0]), ntohl(xdr[1]), ntohl(xdr[2]), ntohl(xdr[3]),
  380. toklen);
  381. /* reserve some payload space for this subkey - the length of the token
  382. * is a reasonable approximation */
  383. prep->quotalen = datalen + toklen;
  384. token = kzalloc(sizeof(*token), GFP_KERNEL);
  385. if (!token)
  386. return -ENOMEM;
  387. rxk5 = kzalloc(sizeof(*rxk5), GFP_KERNEL);
  388. if (!rxk5) {
  389. kfree(token);
  390. return -ENOMEM;
  391. }
  392. token->security_index = RXRPC_SECURITY_RXK5;
  393. token->k5 = rxk5;
  394. /* extract the principals */
  395. ret = rxrpc_krb5_decode_principal(&rxk5->client, &xdr, &toklen);
  396. if (ret < 0)
  397. goto error;
  398. ret = rxrpc_krb5_decode_principal(&rxk5->server, &xdr, &toklen);
  399. if (ret < 0)
  400. goto error;
  401. /* extract the session key and the encoding type (the tag field ->
  402. * ENCTYPE_xxx) */
  403. ret = rxrpc_krb5_decode_tagged_data(&rxk5->session, AFSTOKEN_DATA_MAX,
  404. &xdr, &toklen);
  405. if (ret < 0)
  406. goto error;
  407. if (toklen < 4 * 8 + 2 * 4)
  408. goto inval;
  409. rxk5->authtime = be64_to_cpup((const __be64 *) xdr);
  410. xdr += 2;
  411. rxk5->starttime = be64_to_cpup((const __be64 *) xdr);
  412. xdr += 2;
  413. rxk5->endtime = be64_to_cpup((const __be64 *) xdr);
  414. xdr += 2;
  415. rxk5->renew_till = be64_to_cpup((const __be64 *) xdr);
  416. xdr += 2;
  417. rxk5->is_skey = ntohl(*xdr++);
  418. rxk5->flags = ntohl(*xdr++);
  419. toklen -= 4 * 8 + 2 * 4;
  420. _debug("times: a=%llx s=%llx e=%llx rt=%llx",
  421. rxk5->authtime, rxk5->starttime, rxk5->endtime,
  422. rxk5->renew_till);
  423. _debug("is_skey=%x flags=%x", rxk5->is_skey, rxk5->flags);
  424. /* extract the permitted client addresses */
  425. ret = rxrpc_krb5_decode_tagged_array(&rxk5->addresses,
  426. &rxk5->n_addresses,
  427. AFSTOKEN_K5_ADDRESSES_MAX,
  428. AFSTOKEN_DATA_MAX,
  429. &xdr, &toklen);
  430. if (ret < 0)
  431. goto error;
  432. ASSERTCMP((end_xdr - xdr) << 2, ==, toklen);
  433. /* extract the tickets */
  434. ret = rxrpc_krb5_decode_ticket(&rxk5->ticket, &rxk5->ticket_len,
  435. &xdr, &toklen);
  436. if (ret < 0)
  437. goto error;
  438. ret = rxrpc_krb5_decode_ticket(&rxk5->ticket2, &rxk5->ticket2_len,
  439. &xdr, &toklen);
  440. if (ret < 0)
  441. goto error;
  442. ASSERTCMP((end_xdr - xdr) << 2, ==, toklen);
  443. /* extract the typed auth data */
  444. ret = rxrpc_krb5_decode_tagged_array(&rxk5->authdata,
  445. &rxk5->n_authdata,
  446. AFSTOKEN_K5_AUTHDATA_MAX,
  447. AFSTOKEN_BDATALN_MAX,
  448. &xdr, &toklen);
  449. if (ret < 0)
  450. goto error;
  451. ASSERTCMP((end_xdr - xdr) << 2, ==, toklen);
  452. if (toklen != 0)
  453. goto inval;
  454. /* attach the payload */
  455. for (pptoken = (struct rxrpc_key_token **)&prep->payload.data[0];
  456. *pptoken;
  457. pptoken = &(*pptoken)->next)
  458. continue;
  459. *pptoken = token;
  460. if (token->kad->expiry < prep->expiry)
  461. prep->expiry = token->kad->expiry;
  462. _leave(" = 0");
  463. return 0;
  464. inval:
  465. ret = -EINVAL;
  466. error:
  467. rxrpc_rxk5_free(rxk5);
  468. kfree(token);
  469. _leave(" = %d", ret);
  470. return ret;
  471. }
  472. /*
  473. * attempt to parse the data as the XDR format
  474. * - the caller guarantees we have more than 7 words
  475. */
  476. static int rxrpc_preparse_xdr(struct key_preparsed_payload *prep)
  477. {
  478. const __be32 *xdr = prep->data, *token;
  479. const char *cp;
  480. unsigned int len, paddedlen, loop, ntoken, toklen, sec_ix;
  481. size_t datalen = prep->datalen;
  482. int ret;
  483. _enter(",{%x,%x,%x,%x},%zu",
  484. ntohl(xdr[0]), ntohl(xdr[1]), ntohl(xdr[2]), ntohl(xdr[3]),
  485. prep->datalen);
  486. if (datalen > AFSTOKEN_LENGTH_MAX)
  487. goto not_xdr;
  488. /* XDR is an array of __be32's */
  489. if (datalen & 3)
  490. goto not_xdr;
  491. /* the flags should be 0 (the setpag bit must be handled by
  492. * userspace) */
  493. if (ntohl(*xdr++) != 0)
  494. goto not_xdr;
  495. datalen -= 4;
  496. /* check the cell name */
  497. len = ntohl(*xdr++);
  498. if (len < 1 || len > AFSTOKEN_CELL_MAX)
  499. goto not_xdr;
  500. datalen -= 4;
  501. paddedlen = (len + 3) & ~3;
  502. if (paddedlen > datalen)
  503. goto not_xdr;
  504. cp = (const char *) xdr;
  505. for (loop = 0; loop < len; loop++)
  506. if (!isprint(cp[loop]))
  507. goto not_xdr;
  508. for (; loop < paddedlen; loop++)
  509. if (cp[loop])
  510. goto not_xdr;
  511. _debug("cellname: [%u/%u] '%*.*s'",
  512. len, paddedlen, len, len, (const char *) xdr);
  513. datalen -= paddedlen;
  514. xdr += paddedlen >> 2;
  515. /* get the token count */
  516. if (datalen < 12)
  517. goto not_xdr;
  518. ntoken = ntohl(*xdr++);
  519. datalen -= 4;
  520. _debug("ntoken: %x", ntoken);
  521. if (ntoken < 1 || ntoken > AFSTOKEN_MAX)
  522. goto not_xdr;
  523. /* check each token wrapper */
  524. token = xdr;
  525. loop = ntoken;
  526. do {
  527. if (datalen < 8)
  528. goto not_xdr;
  529. toklen = ntohl(*xdr++);
  530. sec_ix = ntohl(*xdr);
  531. datalen -= 4;
  532. _debug("token: [%x/%zx] %x", toklen, datalen, sec_ix);
  533. paddedlen = (toklen + 3) & ~3;
  534. if (toklen < 20 || toklen > datalen || paddedlen > datalen)
  535. goto not_xdr;
  536. datalen -= paddedlen;
  537. xdr += paddedlen >> 2;
  538. } while (--loop > 0);
  539. _debug("remainder: %zu", datalen);
  540. if (datalen != 0)
  541. goto not_xdr;
  542. /* okay: we're going to assume it's valid XDR format
  543. * - we ignore the cellname, relying on the key to be correctly named
  544. */
  545. do {
  546. xdr = token;
  547. toklen = ntohl(*xdr++);
  548. token = xdr + ((toklen + 3) >> 2);
  549. sec_ix = ntohl(*xdr++);
  550. toklen -= 4;
  551. _debug("TOKEN type=%u [%p-%p]", sec_ix, xdr, token);
  552. switch (sec_ix) {
  553. case RXRPC_SECURITY_RXKAD:
  554. ret = rxrpc_preparse_xdr_rxkad(prep, datalen, xdr, toklen);
  555. if (ret != 0)
  556. goto error;
  557. break;
  558. case RXRPC_SECURITY_RXK5:
  559. ret = rxrpc_preparse_xdr_rxk5(prep, datalen, xdr, toklen);
  560. if (ret != 0)
  561. goto error;
  562. break;
  563. default:
  564. ret = -EPROTONOSUPPORT;
  565. goto error;
  566. }
  567. } while (--ntoken > 0);
  568. _leave(" = 0");
  569. return 0;
  570. not_xdr:
  571. _leave(" = -EPROTO");
  572. return -EPROTO;
  573. error:
  574. _leave(" = %d", ret);
  575. return ret;
  576. }
  577. /*
  578. * Preparse an rxrpc defined key.
  579. *
  580. * Data should be of the form:
  581. * OFFSET LEN CONTENT
  582. * 0 4 key interface version number
  583. * 4 2 security index (type)
  584. * 6 2 ticket length
  585. * 8 4 key expiry time (time_t)
  586. * 12 4 kvno
  587. * 16 8 session key
  588. * 24 [len] ticket
  589. *
  590. * if no data is provided, then a no-security key is made
  591. */
  592. static int rxrpc_preparse(struct key_preparsed_payload *prep)
  593. {
  594. const struct rxrpc_key_data_v1 *v1;
  595. struct rxrpc_key_token *token, **pp;
  596. size_t plen;
  597. u32 kver;
  598. int ret;
  599. _enter("%zu", prep->datalen);
  600. /* handle a no-security key */
  601. if (!prep->data && prep->datalen == 0)
  602. return 0;
  603. /* determine if the XDR payload format is being used */
  604. if (prep->datalen > 7 * 4) {
  605. ret = rxrpc_preparse_xdr(prep);
  606. if (ret != -EPROTO)
  607. return ret;
  608. }
  609. /* get the key interface version number */
  610. ret = -EINVAL;
  611. if (prep->datalen <= 4 || !prep->data)
  612. goto error;
  613. memcpy(&kver, prep->data, sizeof(kver));
  614. prep->data += sizeof(kver);
  615. prep->datalen -= sizeof(kver);
  616. _debug("KEY I/F VERSION: %u", kver);
  617. ret = -EKEYREJECTED;
  618. if (kver != 1)
  619. goto error;
  620. /* deal with a version 1 key */
  621. ret = -EINVAL;
  622. if (prep->datalen < sizeof(*v1))
  623. goto error;
  624. v1 = prep->data;
  625. if (prep->datalen != sizeof(*v1) + v1->ticket_length)
  626. goto error;
  627. _debug("SCIX: %u", v1->security_index);
  628. _debug("TLEN: %u", v1->ticket_length);
  629. _debug("EXPY: %x", v1->expiry);
  630. _debug("KVNO: %u", v1->kvno);
  631. _debug("SKEY: %02x%02x%02x%02x%02x%02x%02x%02x",
  632. v1->session_key[0], v1->session_key[1],
  633. v1->session_key[2], v1->session_key[3],
  634. v1->session_key[4], v1->session_key[5],
  635. v1->session_key[6], v1->session_key[7]);
  636. if (v1->ticket_length >= 8)
  637. _debug("TCKT: %02x%02x%02x%02x%02x%02x%02x%02x",
  638. v1->ticket[0], v1->ticket[1],
  639. v1->ticket[2], v1->ticket[3],
  640. v1->ticket[4], v1->ticket[5],
  641. v1->ticket[6], v1->ticket[7]);
  642. ret = -EPROTONOSUPPORT;
  643. if (v1->security_index != RXRPC_SECURITY_RXKAD)
  644. goto error;
  645. plen = sizeof(*token->kad) + v1->ticket_length;
  646. prep->quotalen = plen + sizeof(*token);
  647. ret = -ENOMEM;
  648. token = kzalloc(sizeof(*token), GFP_KERNEL);
  649. if (!token)
  650. goto error;
  651. token->kad = kzalloc(plen, GFP_KERNEL);
  652. if (!token->kad)
  653. goto error_free;
  654. token->security_index = RXRPC_SECURITY_RXKAD;
  655. token->kad->ticket_len = v1->ticket_length;
  656. token->kad->expiry = v1->expiry;
  657. token->kad->kvno = v1->kvno;
  658. memcpy(&token->kad->session_key, &v1->session_key, 8);
  659. memcpy(&token->kad->ticket, v1->ticket, v1->ticket_length);
  660. /* count the number of tokens attached */
  661. prep->payload.data[1] = (void *)((unsigned long)prep->payload.data[1] + 1);
  662. /* attach the data */
  663. pp = (struct rxrpc_key_token **)&prep->payload.data[0];
  664. while (*pp)
  665. pp = &(*pp)->next;
  666. *pp = token;
  667. if (token->kad->expiry < prep->expiry)
  668. prep->expiry = token->kad->expiry;
  669. token = NULL;
  670. ret = 0;
  671. error_free:
  672. kfree(token);
  673. error:
  674. return ret;
  675. }
  676. /*
  677. * Free token list.
  678. */
  679. static void rxrpc_free_token_list(struct rxrpc_key_token *token)
  680. {
  681. struct rxrpc_key_token *next;
  682. for (; token; token = next) {
  683. next = token->next;
  684. switch (token->security_index) {
  685. case RXRPC_SECURITY_RXKAD:
  686. kfree(token->kad);
  687. break;
  688. case RXRPC_SECURITY_RXK5:
  689. if (token->k5)
  690. rxrpc_rxk5_free(token->k5);
  691. break;
  692. default:
  693. printk(KERN_ERR "Unknown token type %x on rxrpc key\n",
  694. token->security_index);
  695. BUG();
  696. }
  697. kfree(token);
  698. }
  699. }
  700. /*
  701. * Clean up preparse data.
  702. */
  703. static void rxrpc_free_preparse(struct key_preparsed_payload *prep)
  704. {
  705. rxrpc_free_token_list(prep->payload.data[0]);
  706. }
  707. /*
  708. * Preparse a server secret key.
  709. *
  710. * The data should be the 8-byte secret key.
  711. */
  712. static int rxrpc_preparse_s(struct key_preparsed_payload *prep)
  713. {
  714. struct crypto_blkcipher *ci;
  715. _enter("%zu", prep->datalen);
  716. if (prep->datalen != 8)
  717. return -EINVAL;
  718. memcpy(&prep->payload.data[2], prep->data, 8);
  719. ci = crypto_alloc_blkcipher("pcbc(des)", 0, CRYPTO_ALG_ASYNC);
  720. if (IS_ERR(ci)) {
  721. _leave(" = %ld", PTR_ERR(ci));
  722. return PTR_ERR(ci);
  723. }
  724. if (crypto_blkcipher_setkey(ci, prep->data, 8) < 0)
  725. BUG();
  726. prep->payload.data[0] = ci;
  727. _leave(" = 0");
  728. return 0;
  729. }
  730. /*
  731. * Clean up preparse data.
  732. */
  733. static void rxrpc_free_preparse_s(struct key_preparsed_payload *prep)
  734. {
  735. if (prep->payload.data[0])
  736. crypto_free_blkcipher(prep->payload.data[0]);
  737. }
  738. /*
  739. * dispose of the data dangling from the corpse of a rxrpc key
  740. */
  741. static void rxrpc_destroy(struct key *key)
  742. {
  743. rxrpc_free_token_list(key->payload.data[0]);
  744. }
  745. /*
  746. * dispose of the data dangling from the corpse of a rxrpc key
  747. */
  748. static void rxrpc_destroy_s(struct key *key)
  749. {
  750. if (key->payload.data[0]) {
  751. crypto_free_blkcipher(key->payload.data[0]);
  752. key->payload.data[0] = NULL;
  753. }
  754. }
  755. /*
  756. * describe the rxrpc key
  757. */
  758. static void rxrpc_describe(const struct key *key, struct seq_file *m)
  759. {
  760. seq_puts(m, key->description);
  761. }
  762. /*
  763. * grab the security key for a socket
  764. */
  765. int rxrpc_request_key(struct rxrpc_sock *rx, char __user *optval, int optlen)
  766. {
  767. struct key *key;
  768. char *description;
  769. _enter("");
  770. if (optlen <= 0 || optlen > PAGE_SIZE - 1)
  771. return -EINVAL;
  772. description = kmalloc(optlen + 1, GFP_KERNEL);
  773. if (!description)
  774. return -ENOMEM;
  775. if (copy_from_user(description, optval, optlen)) {
  776. kfree(description);
  777. return -EFAULT;
  778. }
  779. description[optlen] = 0;
  780. key = request_key(&key_type_rxrpc, description, NULL);
  781. if (IS_ERR(key)) {
  782. kfree(description);
  783. _leave(" = %ld", PTR_ERR(key));
  784. return PTR_ERR(key);
  785. }
  786. rx->key = key;
  787. kfree(description);
  788. _leave(" = 0 [key %x]", key->serial);
  789. return 0;
  790. }
  791. /*
  792. * grab the security keyring for a server socket
  793. */
  794. int rxrpc_server_keyring(struct rxrpc_sock *rx, char __user *optval,
  795. int optlen)
  796. {
  797. struct key *key;
  798. char *description;
  799. _enter("");
  800. if (optlen <= 0 || optlen > PAGE_SIZE - 1)
  801. return -EINVAL;
  802. description = kmalloc(optlen + 1, GFP_KERNEL);
  803. if (!description)
  804. return -ENOMEM;
  805. if (copy_from_user(description, optval, optlen)) {
  806. kfree(description);
  807. return -EFAULT;
  808. }
  809. description[optlen] = 0;
  810. key = request_key(&key_type_keyring, description, NULL);
  811. if (IS_ERR(key)) {
  812. kfree(description);
  813. _leave(" = %ld", PTR_ERR(key));
  814. return PTR_ERR(key);
  815. }
  816. rx->securities = key;
  817. kfree(description);
  818. _leave(" = 0 [key %x]", key->serial);
  819. return 0;
  820. }
  821. /*
  822. * generate a server data key
  823. */
  824. int rxrpc_get_server_data_key(struct rxrpc_connection *conn,
  825. const void *session_key,
  826. time_t expiry,
  827. u32 kvno)
  828. {
  829. const struct cred *cred = current_cred();
  830. struct key *key;
  831. int ret;
  832. struct {
  833. u32 kver;
  834. struct rxrpc_key_data_v1 v1;
  835. } data;
  836. _enter("");
  837. key = key_alloc(&key_type_rxrpc, "x",
  838. GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, cred, 0,
  839. KEY_ALLOC_NOT_IN_QUOTA);
  840. if (IS_ERR(key)) {
  841. _leave(" = -ENOMEM [alloc %ld]", PTR_ERR(key));
  842. return -ENOMEM;
  843. }
  844. _debug("key %d", key_serial(key));
  845. data.kver = 1;
  846. data.v1.security_index = RXRPC_SECURITY_RXKAD;
  847. data.v1.ticket_length = 0;
  848. data.v1.expiry = expiry;
  849. data.v1.kvno = 0;
  850. memcpy(&data.v1.session_key, session_key, sizeof(data.v1.session_key));
  851. ret = key_instantiate_and_link(key, &data, sizeof(data), NULL, NULL);
  852. if (ret < 0)
  853. goto error;
  854. conn->key = key;
  855. _leave(" = 0 [%d]", key_serial(key));
  856. return 0;
  857. error:
  858. key_revoke(key);
  859. key_put(key);
  860. _leave(" = -ENOMEM [ins %d]", ret);
  861. return -ENOMEM;
  862. }
  863. EXPORT_SYMBOL(rxrpc_get_server_data_key);
  864. /**
  865. * rxrpc_get_null_key - Generate a null RxRPC key
  866. * @keyname: The name to give the key.
  867. *
  868. * Generate a null RxRPC key that can be used to indicate anonymous security is
  869. * required for a particular domain.
  870. */
  871. struct key *rxrpc_get_null_key(const char *keyname)
  872. {
  873. const struct cred *cred = current_cred();
  874. struct key *key;
  875. int ret;
  876. key = key_alloc(&key_type_rxrpc, keyname,
  877. GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, cred,
  878. KEY_POS_SEARCH, KEY_ALLOC_NOT_IN_QUOTA);
  879. if (IS_ERR(key))
  880. return key;
  881. ret = key_instantiate_and_link(key, NULL, 0, NULL, NULL);
  882. if (ret < 0) {
  883. key_revoke(key);
  884. key_put(key);
  885. return ERR_PTR(ret);
  886. }
  887. return key;
  888. }
  889. EXPORT_SYMBOL(rxrpc_get_null_key);
  890. /*
  891. * read the contents of an rxrpc key
  892. * - this returns the result in XDR form
  893. */
  894. static long rxrpc_read(const struct key *key,
  895. char __user *buffer, size_t buflen)
  896. {
  897. const struct rxrpc_key_token *token;
  898. const struct krb5_principal *princ;
  899. size_t size;
  900. __be32 __user *xdr, *oldxdr;
  901. u32 cnlen, toksize, ntoks, tok, zero;
  902. u16 toksizes[AFSTOKEN_MAX];
  903. int loop;
  904. _enter("");
  905. /* we don't know what form we should return non-AFS keys in */
  906. if (memcmp(key->description, "afs@", 4) != 0)
  907. return -EOPNOTSUPP;
  908. cnlen = strlen(key->description + 4);
  909. #define RND(X) (((X) + 3) & ~3)
  910. /* AFS keys we return in XDR form, so we need to work out the size of
  911. * the XDR */
  912. size = 2 * 4; /* flags, cellname len */
  913. size += RND(cnlen); /* cellname */
  914. size += 1 * 4; /* token count */
  915. ntoks = 0;
  916. for (token = key->payload.data[0]; token; token = token->next) {
  917. toksize = 4; /* sec index */
  918. switch (token->security_index) {
  919. case RXRPC_SECURITY_RXKAD:
  920. toksize += 8 * 4; /* viceid, kvno, key*2, begin,
  921. * end, primary, tktlen */
  922. toksize += RND(token->kad->ticket_len);
  923. break;
  924. case RXRPC_SECURITY_RXK5:
  925. princ = &token->k5->client;
  926. toksize += 4 + princ->n_name_parts * 4;
  927. for (loop = 0; loop < princ->n_name_parts; loop++)
  928. toksize += RND(strlen(princ->name_parts[loop]));
  929. toksize += 4 + RND(strlen(princ->realm));
  930. princ = &token->k5->server;
  931. toksize += 4 + princ->n_name_parts * 4;
  932. for (loop = 0; loop < princ->n_name_parts; loop++)
  933. toksize += RND(strlen(princ->name_parts[loop]));
  934. toksize += 4 + RND(strlen(princ->realm));
  935. toksize += 8 + RND(token->k5->session.data_len);
  936. toksize += 4 * 8 + 2 * 4;
  937. toksize += 4 + token->k5->n_addresses * 8;
  938. for (loop = 0; loop < token->k5->n_addresses; loop++)
  939. toksize += RND(token->k5->addresses[loop].data_len);
  940. toksize += 4 + RND(token->k5->ticket_len);
  941. toksize += 4 + RND(token->k5->ticket2_len);
  942. toksize += 4 + token->k5->n_authdata * 8;
  943. for (loop = 0; loop < token->k5->n_authdata; loop++)
  944. toksize += RND(token->k5->authdata[loop].data_len);
  945. break;
  946. default: /* we have a ticket we can't encode */
  947. BUG();
  948. continue;
  949. }
  950. _debug("token[%u]: toksize=%u", ntoks, toksize);
  951. ASSERTCMP(toksize, <=, AFSTOKEN_LENGTH_MAX);
  952. toksizes[ntoks++] = toksize;
  953. size += toksize + 4; /* each token has a length word */
  954. }
  955. #undef RND
  956. if (!buffer || buflen < size)
  957. return size;
  958. xdr = (__be32 __user *) buffer;
  959. zero = 0;
  960. #define ENCODE(x) \
  961. do { \
  962. __be32 y = htonl(x); \
  963. if (put_user(y, xdr++) < 0) \
  964. goto fault; \
  965. } while(0)
  966. #define ENCODE_DATA(l, s) \
  967. do { \
  968. u32 _l = (l); \
  969. ENCODE(l); \
  970. if (copy_to_user(xdr, (s), _l) != 0) \
  971. goto fault; \
  972. if (_l & 3 && \
  973. copy_to_user((u8 __user *)xdr + _l, &zero, 4 - (_l & 3)) != 0) \
  974. goto fault; \
  975. xdr += (_l + 3) >> 2; \
  976. } while(0)
  977. #define ENCODE64(x) \
  978. do { \
  979. __be64 y = cpu_to_be64(x); \
  980. if (copy_to_user(xdr, &y, 8) != 0) \
  981. goto fault; \
  982. xdr += 8 >> 2; \
  983. } while(0)
  984. #define ENCODE_STR(s) \
  985. do { \
  986. const char *_s = (s); \
  987. ENCODE_DATA(strlen(_s), _s); \
  988. } while(0)
  989. ENCODE(0); /* flags */
  990. ENCODE_DATA(cnlen, key->description + 4); /* cellname */
  991. ENCODE(ntoks);
  992. tok = 0;
  993. for (token = key->payload.data[0]; token; token = token->next) {
  994. toksize = toksizes[tok++];
  995. ENCODE(toksize);
  996. oldxdr = xdr;
  997. ENCODE(token->security_index);
  998. switch (token->security_index) {
  999. case RXRPC_SECURITY_RXKAD:
  1000. ENCODE(token->kad->vice_id);
  1001. ENCODE(token->kad->kvno);
  1002. ENCODE_DATA(8, token->kad->session_key);
  1003. ENCODE(token->kad->start);
  1004. ENCODE(token->kad->expiry);
  1005. ENCODE(token->kad->primary_flag);
  1006. ENCODE_DATA(token->kad->ticket_len, token->kad->ticket);
  1007. break;
  1008. case RXRPC_SECURITY_RXK5:
  1009. princ = &token->k5->client;
  1010. ENCODE(princ->n_name_parts);
  1011. for (loop = 0; loop < princ->n_name_parts; loop++)
  1012. ENCODE_STR(princ->name_parts[loop]);
  1013. ENCODE_STR(princ->realm);
  1014. princ = &token->k5->server;
  1015. ENCODE(princ->n_name_parts);
  1016. for (loop = 0; loop < princ->n_name_parts; loop++)
  1017. ENCODE_STR(princ->name_parts[loop]);
  1018. ENCODE_STR(princ->realm);
  1019. ENCODE(token->k5->session.tag);
  1020. ENCODE_DATA(token->k5->session.data_len,
  1021. token->k5->session.data);
  1022. ENCODE64(token->k5->authtime);
  1023. ENCODE64(token->k5->starttime);
  1024. ENCODE64(token->k5->endtime);
  1025. ENCODE64(token->k5->renew_till);
  1026. ENCODE(token->k5->is_skey);
  1027. ENCODE(token->k5->flags);
  1028. ENCODE(token->k5->n_addresses);
  1029. for (loop = 0; loop < token->k5->n_addresses; loop++) {
  1030. ENCODE(token->k5->addresses[loop].tag);
  1031. ENCODE_DATA(token->k5->addresses[loop].data_len,
  1032. token->k5->addresses[loop].data);
  1033. }
  1034. ENCODE_DATA(token->k5->ticket_len, token->k5->ticket);
  1035. ENCODE_DATA(token->k5->ticket2_len, token->k5->ticket2);
  1036. ENCODE(token->k5->n_authdata);
  1037. for (loop = 0; loop < token->k5->n_authdata; loop++) {
  1038. ENCODE(token->k5->authdata[loop].tag);
  1039. ENCODE_DATA(token->k5->authdata[loop].data_len,
  1040. token->k5->authdata[loop].data);
  1041. }
  1042. break;
  1043. default:
  1044. BUG();
  1045. break;
  1046. }
  1047. ASSERTCMP((unsigned long)xdr - (unsigned long)oldxdr, ==,
  1048. toksize);
  1049. }
  1050. #undef ENCODE_STR
  1051. #undef ENCODE_DATA
  1052. #undef ENCODE64
  1053. #undef ENCODE
  1054. ASSERTCMP(tok, ==, ntoks);
  1055. ASSERTCMP((char __user *) xdr - buffer, ==, size);
  1056. _leave(" = %zu", size);
  1057. return size;
  1058. fault:
  1059. _leave(" = -EFAULT");
  1060. return -EFAULT;
  1061. }