1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /* GSSAPI-based RxRPC security
3 *
4 * Copyright (C) 2025 Red Hat, Inc. All Rights Reserved.
5 * Written by David Howells (dhowells@redhat.com)
6 */
7
8 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
9
10 #include <linux/net.h>
11 #include <linux/skbuff.h>
12 #include <linux/slab.h>
13 #include <linux/key-type.h>
14 #include "ar-internal.h"
15 #include "rxgk_common.h"
16
17 /*
18 * Parse the information from a server key
19 */
rxgk_preparse_server_key(struct key_preparsed_payload * prep)20 static int rxgk_preparse_server_key(struct key_preparsed_payload *prep)
21 {
22 const struct krb5_enctype *krb5;
23 struct krb5_buffer *server_key = (void *)&prep->payload.data[2];
24 unsigned int service, sec_class, kvno, enctype;
25 int n = 0;
26
27 _enter("%zu", prep->datalen);
28
29 if (sscanf(prep->orig_description, "%u:%u:%u:%u%n",
30 &service, &sec_class, &kvno, &enctype, &n) != 4)
31 return -EINVAL;
32
33 if (prep->orig_description[n])
34 return -EINVAL;
35
36 krb5 = crypto_krb5_find_enctype(enctype);
37 if (!krb5)
38 return -ENOPKG;
39
40 prep->payload.data[0] = (struct krb5_enctype *)krb5;
41
42 if (prep->datalen != krb5->key_len)
43 return -EKEYREJECTED;
44
45 server_key->len = prep->datalen;
46 server_key->data = kmemdup(prep->data, prep->datalen, GFP_KERNEL);
47 if (!server_key->data)
48 return -ENOMEM;
49
50 _leave(" = 0");
51 return 0;
52 }
53
rxgk_free_server_key(union key_payload * payload)54 static void rxgk_free_server_key(union key_payload *payload)
55 {
56 struct krb5_buffer *server_key = (void *)&payload->data[2];
57
58 kfree_sensitive(server_key->data);
59 }
60
rxgk_free_preparse_server_key(struct key_preparsed_payload * prep)61 static void rxgk_free_preparse_server_key(struct key_preparsed_payload *prep)
62 {
63 rxgk_free_server_key(&prep->payload);
64 }
65
rxgk_destroy_server_key(struct key * key)66 static void rxgk_destroy_server_key(struct key *key)
67 {
68 rxgk_free_server_key(&key->payload);
69 }
70
rxgk_describe_server_key(const struct key * key,struct seq_file * m)71 static void rxgk_describe_server_key(const struct key *key, struct seq_file *m)
72 {
73 const struct krb5_enctype *krb5 = key->payload.data[0];
74
75 if (krb5)
76 seq_printf(m, ": %s", krb5->name);
77 }
78
79 /*
80 * Handle rekeying the connection when we see our limits overrun or when the
81 * far side decided to rekey.
82 *
83 * Returns a ref on the context if successful or -ESTALE if the key is out of
84 * date.
85 */
rxgk_rekey(struct rxrpc_connection * conn,const u16 * specific_key_number)86 static struct rxgk_context *rxgk_rekey(struct rxrpc_connection *conn,
87 const u16 *specific_key_number)
88 {
89 struct rxgk_context *gk, *dead = NULL;
90 unsigned int key_number, current_key, mask = ARRAY_SIZE(conn->rxgk.keys) - 1;
91 bool crank = false;
92
93 _enter("%d", specific_key_number ? *specific_key_number : -1);
94
95 mutex_lock(&conn->security_lock);
96
97 current_key = conn->rxgk.key_number;
98 if (!specific_key_number) {
99 key_number = current_key;
100 } else {
101 if (*specific_key_number == (u16)current_key)
102 key_number = current_key;
103 else if (*specific_key_number == (u16)(current_key - 1))
104 key_number = current_key - 1;
105 else if (*specific_key_number == (u16)(current_key + 1))
106 goto crank_window;
107 else
108 goto bad_key;
109 }
110
111 gk = conn->rxgk.keys[key_number & mask];
112 if (!gk)
113 goto generate_key;
114 if (!specific_key_number &&
115 test_bit(RXGK_TK_NEEDS_REKEY, &gk->flags))
116 goto crank_window;
117
118 grab:
119 refcount_inc(&gk->usage);
120 mutex_unlock(&conn->security_lock);
121 rxgk_put(dead);
122 return gk;
123
124 crank_window:
125 trace_rxrpc_rxgk_rekey(conn, current_key,
126 specific_key_number ? *specific_key_number : -1);
127 if (current_key == UINT_MAX)
128 goto bad_key;
129 if (current_key + 1 == UINT_MAX)
130 set_bit(RXRPC_CONN_DONT_REUSE, &conn->flags);
131
132 key_number = current_key + 1;
133 if (WARN_ON(conn->rxgk.keys[key_number & mask]))
134 goto bad_key;
135 crank = true;
136
137 generate_key:
138 gk = conn->rxgk.keys[current_key & mask];
139 gk = rxgk_generate_transport_key(conn, gk->key, key_number, GFP_NOFS);
140 if (IS_ERR(gk)) {
141 mutex_unlock(&conn->security_lock);
142 return gk;
143 }
144
145 write_lock(&conn->security_use_lock);
146 if (crank) {
147 current_key++;
148 conn->rxgk.key_number = current_key;
149 dead = conn->rxgk.keys[(current_key - 2) & mask];
150 conn->rxgk.keys[(current_key - 2) & mask] = NULL;
151 }
152 conn->rxgk.keys[current_key & mask] = gk;
153 write_unlock(&conn->security_use_lock);
154 goto grab;
155
156 bad_key:
157 mutex_unlock(&conn->security_lock);
158 return ERR_PTR(-ESTALE);
159 }
160
161 /*
162 * Get the specified keying context.
163 *
164 * Returns a ref on the context if successful or -ESTALE if the key is out of
165 * date.
166 */
rxgk_get_key(struct rxrpc_connection * conn,const u16 * specific_key_number)167 static struct rxgk_context *rxgk_get_key(struct rxrpc_connection *conn,
168 const u16 *specific_key_number)
169 {
170 struct rxgk_context *gk;
171 unsigned int key_number, current_key, mask = ARRAY_SIZE(conn->rxgk.keys) - 1;
172
173 _enter("{%u},%d",
174 conn->rxgk.key_number, specific_key_number ? *specific_key_number : -1);
175
176 read_lock(&conn->security_use_lock);
177
178 current_key = conn->rxgk.key_number;
179 if (!specific_key_number) {
180 key_number = current_key;
181 } else {
182 /* Only the bottom 16 bits of the key number are exposed in the
183 * header, so we try and keep the upper 16 bits in step. The
184 * whole 32 bits are used to generate the TK.
185 */
186 if (*specific_key_number == (u16)current_key)
187 key_number = current_key;
188 else if (*specific_key_number == (u16)(current_key - 1))
189 key_number = current_key - 1;
190 else if (*specific_key_number == (u16)(current_key + 1))
191 goto rekey;
192 else
193 goto bad_key;
194 }
195
196 gk = conn->rxgk.keys[key_number & mask];
197 if (!gk)
198 goto slow_path;
199 if (!specific_key_number &&
200 key_number < UINT_MAX) {
201 if (time_after(jiffies, gk->expiry) ||
202 gk->bytes_remaining < 0) {
203 set_bit(RXGK_TK_NEEDS_REKEY, &gk->flags);
204 goto slow_path;
205 }
206
207 if (test_bit(RXGK_TK_NEEDS_REKEY, &gk->flags))
208 goto slow_path;
209 }
210
211 refcount_inc(&gk->usage);
212 read_unlock(&conn->security_use_lock);
213 return gk;
214
215 rekey:
216 _debug("rekey");
217 if (current_key == UINT_MAX)
218 goto bad_key;
219 gk = conn->rxgk.keys[current_key & mask];
220 if (gk)
221 set_bit(RXGK_TK_NEEDS_REKEY, &gk->flags);
222 slow_path:
223 read_unlock(&conn->security_use_lock);
224 return rxgk_rekey(conn, specific_key_number);
225 bad_key:
226 read_unlock(&conn->security_use_lock);
227 return ERR_PTR(-ESTALE);
228 }
229
230 /*
231 * initialise connection security
232 */
rxgk_init_connection_security(struct rxrpc_connection * conn,struct rxrpc_key_token * token)233 static int rxgk_init_connection_security(struct rxrpc_connection *conn,
234 struct rxrpc_key_token *token)
235 {
236 struct rxgk_context *gk;
237 int ret;
238
239 _enter("{%d,%u},{%x}",
240 conn->debug_id, conn->rxgk.key_number, key_serial(conn->key));
241
242 conn->security_ix = token->security_index;
243 conn->security_level = token->rxgk->level;
244
245 if (rxrpc_conn_is_client(conn)) {
246 conn->rxgk.start_time = ktime_get();
247 do_div(conn->rxgk.start_time, 100);
248 }
249
250 gk = rxgk_generate_transport_key(conn, token->rxgk, conn->rxgk.key_number,
251 GFP_NOFS);
252 if (IS_ERR(gk))
253 return PTR_ERR(gk);
254 conn->rxgk.enctype = gk->krb5->etype;
255 conn->rxgk.keys[gk->key_number & 3] = gk;
256
257 switch (conn->security_level) {
258 case RXRPC_SECURITY_PLAIN:
259 case RXRPC_SECURITY_AUTH:
260 case RXRPC_SECURITY_ENCRYPT:
261 break;
262 default:
263 ret = -EKEYREJECTED;
264 goto error;
265 }
266
267 ret = 0;
268 error:
269 _leave(" = %d", ret);
270 return ret;
271 }
272
273 /*
274 * Clean up the crypto on a call.
275 */
rxgk_free_call_crypto(struct rxrpc_call * call)276 static void rxgk_free_call_crypto(struct rxrpc_call *call)
277 {
278 }
279
280 /*
281 * Work out how much data we can put in a packet.
282 */
rxgk_alloc_txbuf(struct rxrpc_call * call,size_t remain,gfp_t gfp)283 static struct rxrpc_txbuf *rxgk_alloc_txbuf(struct rxrpc_call *call, size_t remain, gfp_t gfp)
284 {
285 enum krb5_crypto_mode mode;
286 struct rxgk_context *gk;
287 struct rxrpc_txbuf *txb;
288 size_t shdr, alloc, limit, part, offset, gap;
289
290 switch (call->conn->security_level) {
291 default:
292 alloc = umin(remain, RXRPC_JUMBO_DATALEN);
293 return rxrpc_alloc_data_txbuf(call, alloc, 1, gfp);
294 case RXRPC_SECURITY_AUTH:
295 shdr = 0;
296 mode = KRB5_CHECKSUM_MODE;
297 break;
298 case RXRPC_SECURITY_ENCRYPT:
299 shdr = sizeof(struct rxgk_header);
300 mode = KRB5_ENCRYPT_MODE;
301 break;
302 }
303
304 gk = rxgk_get_key(call->conn, NULL);
305 if (IS_ERR(gk))
306 return NULL;
307
308 /* Work out the maximum amount of data that will fit. */
309 alloc = RXRPC_JUMBO_DATALEN;
310 limit = crypto_krb5_how_much_data(gk->krb5, mode, &alloc, &offset);
311
312 if (remain < limit - shdr) {
313 part = remain;
314 alloc = crypto_krb5_how_much_buffer(gk->krb5, mode,
315 shdr + part, &offset);
316 gap = 0;
317 } else {
318 part = limit - shdr;
319 gap = RXRPC_JUMBO_DATALEN - alloc;
320 alloc = RXRPC_JUMBO_DATALEN;
321 }
322
323 rxgk_put(gk);
324
325 txb = rxrpc_alloc_data_txbuf(call, alloc, 16, gfp);
326 if (!txb)
327 return NULL;
328
329 txb->crypto_header = offset;
330 txb->sec_header = shdr;
331 txb->offset += offset + shdr;
332 txb->space = part;
333
334 /* Clear excess space in the packet */
335 if (gap)
336 memset(txb->data + alloc - gap, 0, gap);
337 return txb;
338 }
339
340 /*
341 * Integrity mode (sign a packet - level 1 security)
342 */
rxgk_secure_packet_integrity(const struct rxrpc_call * call,struct rxgk_context * gk,struct rxrpc_txbuf * txb)343 static int rxgk_secure_packet_integrity(const struct rxrpc_call *call,
344 struct rxgk_context *gk,
345 struct rxrpc_txbuf *txb)
346 {
347 struct rxgk_header *hdr;
348 struct scatterlist sg[1];
349 struct krb5_buffer metadata;
350 int ret = -ENOMEM;
351
352 _enter("");
353
354 hdr = kzalloc_obj(*hdr, GFP_NOFS);
355 if (!hdr)
356 goto error_gk;
357
358 hdr->epoch = htonl(call->conn->proto.epoch);
359 hdr->cid = htonl(call->cid);
360 hdr->call_number = htonl(call->call_id);
361 hdr->seq = htonl(txb->seq);
362 hdr->sec_index = htonl(call->security_ix);
363 hdr->data_len = htonl(txb->len);
364 metadata.len = sizeof(*hdr);
365 metadata.data = hdr;
366
367 sg_init_table(sg, 1);
368 sg_set_buf(&sg[0], txb->data, txb->alloc_size);
369
370 ret = crypto_krb5_get_mic(gk->krb5, gk->tx_Kc, &metadata,
371 sg, 1, txb->alloc_size,
372 txb->crypto_header, txb->sec_header + txb->len);
373 if (ret >= 0) {
374 txb->pkt_len = ret;
375 if (txb->alloc_size == RXRPC_JUMBO_DATALEN)
376 txb->jumboable = true;
377 gk->bytes_remaining -= ret;
378 }
379 kfree(hdr);
380 error_gk:
381 rxgk_put(gk);
382 _leave(" = %d", ret);
383 return ret;
384 }
385
386 /*
387 * wholly encrypt a packet (level 2 security)
388 */
rxgk_secure_packet_encrypted(const struct rxrpc_call * call,struct rxgk_context * gk,struct rxrpc_txbuf * txb)389 static int rxgk_secure_packet_encrypted(const struct rxrpc_call *call,
390 struct rxgk_context *gk,
391 struct rxrpc_txbuf *txb)
392 {
393 struct rxgk_header *hdr;
394 struct scatterlist sg[1];
395 int ret;
396
397 _enter("%x", txb->len);
398
399 /* Insert the header into the buffer. */
400 hdr = txb->data + txb->crypto_header;
401 hdr->epoch = htonl(call->conn->proto.epoch);
402 hdr->cid = htonl(call->cid);
403 hdr->call_number = htonl(call->call_id);
404 hdr->seq = htonl(txb->seq);
405 hdr->sec_index = htonl(call->security_ix);
406 hdr->data_len = htonl(txb->len);
407
408 sg_init_table(sg, 1);
409 sg_set_buf(&sg[0], txb->data, txb->alloc_size);
410
411 ret = crypto_krb5_encrypt(gk->krb5, gk->tx_enc,
412 sg, 1, txb->alloc_size,
413 txb->crypto_header, txb->sec_header + txb->len,
414 false);
415 if (ret >= 0) {
416 txb->pkt_len = ret;
417 if (txb->alloc_size == RXRPC_JUMBO_DATALEN)
418 txb->jumboable = true;
419 gk->bytes_remaining -= ret;
420 }
421
422 rxgk_put(gk);
423 _leave(" = %d", ret);
424 return ret;
425 }
426
427 /*
428 * checksum an RxRPC packet header
429 */
rxgk_secure_packet(struct rxrpc_call * call,struct rxrpc_txbuf * txb)430 static int rxgk_secure_packet(struct rxrpc_call *call, struct rxrpc_txbuf *txb)
431 {
432 struct rxgk_context *gk;
433 int ret;
434
435 _enter("{%d{%x}},{#%u},%u,",
436 call->debug_id, key_serial(call->conn->key), txb->seq, txb->len);
437
438 gk = rxgk_get_key(call->conn, NULL);
439 if (IS_ERR(gk))
440 return PTR_ERR(gk) == -ESTALE ? -EKEYREJECTED : PTR_ERR(gk);
441
442 ret = key_validate(call->conn->key);
443 if (ret < 0) {
444 rxgk_put(gk);
445 return ret;
446 }
447
448 call->security_enctype = gk->krb5->etype;
449 txb->cksum = htons(gk->key_number);
450
451 switch (call->conn->security_level) {
452 case RXRPC_SECURITY_PLAIN:
453 rxgk_put(gk);
454 txb->pkt_len = txb->len;
455 return 0;
456 case RXRPC_SECURITY_AUTH:
457 return rxgk_secure_packet_integrity(call, gk, txb);
458 case RXRPC_SECURITY_ENCRYPT:
459 return rxgk_secure_packet_encrypted(call, gk, txb);
460 default:
461 rxgk_put(gk);
462 return -EPERM;
463 }
464 }
465
466 /*
467 * Integrity mode (check the signature on a packet - level 1 security)
468 */
rxgk_verify_packet_integrity(struct rxrpc_call * call,struct rxgk_context * gk,struct sk_buff * skb)469 static int rxgk_verify_packet_integrity(struct rxrpc_call *call,
470 struct rxgk_context *gk,
471 struct sk_buff *skb)
472 {
473 struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
474 struct rxgk_header *hdr;
475 struct krb5_buffer metadata;
476 unsigned int len = call->rx_dec_len;
477 size_t data_offset = 0, data_len = len;
478 void *data = call->rx_dec_buffer, *p = data;
479 u32 ac = 0;
480 int ret = -ENOMEM;
481
482 _enter("");
483
484 if (crypto_krb5_where_is_the_data(gk->krb5, KRB5_CHECKSUM_MODE,
485 &data_offset, &data_len) < 0) {
486 ret = rxrpc_abort_eproto(call, skb, RXGK_PACKETSHORT,
487 rxgk_abort_1_short_header);
488 goto put_gk;
489 }
490
491 hdr = kzalloc_obj(*hdr, GFP_NOFS);
492 if (!hdr)
493 goto put_gk;
494
495 hdr->epoch = htonl(call->conn->proto.epoch);
496 hdr->cid = htonl(call->cid);
497 hdr->call_number = htonl(call->call_id);
498 hdr->seq = htonl(sp->hdr.seq);
499 hdr->sec_index = htonl(call->security_ix);
500 hdr->data_len = htonl(data_len);
501
502 metadata.len = sizeof(*hdr);
503 metadata.data = hdr;
504 ret = rxgk_verify_mic(gk->krb5, gk->rx_Kc, &metadata, &p, &len, &ac);
505 kfree(hdr);
506 if (ret < 0) {
507 if (ret != -ENOMEM)
508 rxrpc_abort_eproto(call, skb, ac,
509 rxgk_abort_1_verify_mic_eproto);
510 } else {
511 call->rx_dec_offset = p - data;
512 call->rx_dec_len = len;
513 }
514
515 put_gk:
516 rxgk_put(gk);
517 _leave(" = %d", ret);
518 return ret;
519 }
520
521 /*
522 * Decrypt an encrypted packet (level 2 security).
523 */
rxgk_verify_packet_encrypted(struct rxrpc_call * call,struct rxgk_context * gk,struct sk_buff * skb)524 static int rxgk_verify_packet_encrypted(struct rxrpc_call *call,
525 struct rxgk_context *gk,
526 struct sk_buff *skb)
527 {
528 struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
529 struct rxgk_header *hdr;
530 unsigned int offset = 0, len = call->rx_dec_len;
531 void *data = call->rx_dec_buffer, *p = data;
532 int ret;
533 u32 ac = 0;
534
535 _enter("");
536
537 if (crypto_krb5_check_data_len(gk->krb5, KRB5_ENCRYPT_MODE,
538 len, sizeof(*hdr)) < 0) {
539 ret = rxrpc_abort_eproto(call, skb, RXGK_PACKETSHORT,
540 rxgk_abort_2_short_header);
541 goto error;
542 }
543
544 ret = rxgk_decrypt(gk->krb5, gk->rx_enc, &p, &len, &ac);
545 if (ret < 0) {
546 if (ret != -ENOMEM)
547 rxrpc_abort_eproto(call, skb, ac, rxgk_abort_2_decrypt_eproto);
548 goto error;
549 }
550 offset = p - data;
551
552 if (len < sizeof(*hdr)) {
553 ret = rxrpc_abort_eproto(call, skb, RXGK_PACKETSHORT,
554 rxgk_abort_2_short_header);
555 goto error;
556 }
557
558 /* Extract the header from the skb */
559 hdr = data + offset;
560 offset += sizeof(*hdr);
561 len -= sizeof(*hdr);
562
563 if (ntohl(hdr->epoch) != call->conn->proto.epoch ||
564 ntohl(hdr->cid) != call->cid ||
565 ntohl(hdr->call_number) != call->call_id ||
566 ntohl(hdr->seq) != sp->hdr.seq ||
567 ntohl(hdr->sec_index) != call->security_ix ||
568 ntohl(hdr->data_len) > len) {
569 ret = rxrpc_abort_eproto(call, skb, RXGK_SEALEDINCON,
570 rxgk_abort_2_short_data);
571 goto error;
572 }
573
574 call->rx_dec_offset = offset;
575 call->rx_dec_len = ntohl(hdr->data_len);
576 ret = 0;
577 error:
578 rxgk_put(gk);
579 _leave(" = %d", ret);
580 return ret;
581 }
582
583 /*
584 * Verify the security on a received packet or subpacket (if part of a
585 * jumbo packet).
586 */
rxgk_verify_packet(struct rxrpc_call * call,struct sk_buff * skb)587 static int rxgk_verify_packet(struct rxrpc_call *call, struct sk_buff *skb)
588 {
589 struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
590 struct rxgk_context *gk;
591 u16 key_number = sp->hdr.cksum;
592
593 _enter("{%d{%x}},{#%u}",
594 call->debug_id, key_serial(call->conn->key), sp->hdr.seq);
595
596 gk = rxgk_get_key(call->conn, &key_number);
597 if (IS_ERR(gk)) {
598 switch (PTR_ERR(gk)) {
599 case -ESTALE:
600 return rxrpc_abort_eproto(call, skb, RXGK_BADKEYNO,
601 rxgk_abort_bad_key_number);
602 default:
603 return PTR_ERR(gk);
604 }
605 }
606
607 call->security_enctype = gk->krb5->etype;
608 switch (call->conn->security_level) {
609 case RXRPC_SECURITY_PLAIN:
610 rxgk_put(gk);
611 return 0;
612 case RXRPC_SECURITY_AUTH:
613 return rxgk_verify_packet_integrity(call, gk, skb);
614 case RXRPC_SECURITY_ENCRYPT:
615 return rxgk_verify_packet_encrypted(call, gk, skb);
616 default:
617 rxgk_put(gk);
618 return -ENOANO;
619 }
620 }
621
622 /*
623 * Allocate memory to hold a challenge or a response packet. We're not running
624 * in the io_thread, so we can't use ->tx_alloc.
625 */
rxgk_alloc_packet(size_t total_len)626 static struct page *rxgk_alloc_packet(size_t total_len)
627 {
628 gfp_t gfp = GFP_NOFS;
629 int order;
630
631 order = get_order(total_len);
632 if (order > 0)
633 gfp |= __GFP_COMP;
634 return alloc_pages(gfp, order);
635 }
636
637 /*
638 * Issue a challenge.
639 */
rxgk_issue_challenge(struct rxrpc_connection * conn)640 static int rxgk_issue_challenge(struct rxrpc_connection *conn)
641 {
642 struct rxrpc_wire_header *whdr;
643 struct bio_vec bvec[1];
644 struct msghdr msg;
645 struct page *page;
646 size_t len = sizeof(*whdr) + sizeof(conn->rxgk.nonce);
647 u32 serial;
648 int ret;
649
650 _enter("{%d}", conn->debug_id);
651
652 get_random_bytes(&conn->rxgk.nonce, sizeof(conn->rxgk.nonce));
653
654 /* We can't use conn->tx_alloc without a lock */
655 page = rxgk_alloc_packet(sizeof(*whdr) + sizeof(conn->rxgk.nonce));
656 if (!page)
657 return -ENOMEM;
658
659 bvec_set_page(&bvec[0], page, len, 0);
660 iov_iter_bvec(&msg.msg_iter, WRITE, bvec, 1, len);
661
662 msg.msg_name = &conn->peer->srx.transport;
663 msg.msg_namelen = conn->peer->srx.transport_len;
664 msg.msg_control = NULL;
665 msg.msg_controllen = 0;
666 msg.msg_flags = MSG_SPLICE_PAGES;
667
668 whdr = page_address(page);
669 whdr->epoch = htonl(conn->proto.epoch);
670 whdr->cid = htonl(conn->proto.cid);
671 whdr->callNumber = 0;
672 whdr->seq = 0;
673 whdr->type = RXRPC_PACKET_TYPE_CHALLENGE;
674 whdr->flags = conn->out_clientflag;
675 whdr->userStatus = 0;
676 whdr->securityIndex = conn->security_ix;
677 whdr->_rsvd = 0;
678 whdr->serviceId = htons(conn->service_id);
679
680 memcpy(whdr + 1, conn->rxgk.nonce, sizeof(conn->rxgk.nonce));
681
682 serial = rxrpc_get_next_serials(conn, 1);
683 whdr->serial = htonl(serial);
684
685 trace_rxrpc_tx_challenge(conn, serial, 0, *(u32 *)&conn->rxgk.nonce);
686
687 ret = do_udp_sendmsg(conn->local->socket, &msg, len);
688 if (ret > 0)
689 rxrpc_peer_mark_tx(conn->peer);
690 __free_page(page);
691
692 if (ret < 0) {
693 trace_rxrpc_tx_fail(conn->debug_id, serial, ret,
694 rxrpc_tx_point_rxgk_challenge);
695 return -EAGAIN;
696 }
697
698 trace_rxrpc_tx_packet(conn->debug_id, whdr,
699 rxrpc_tx_point_rxgk_challenge);
700 _leave(" = 0");
701 return 0;
702 }
703
704 /*
705 * Validate a challenge packet.
706 */
rxgk_validate_challenge(struct rxrpc_connection * conn,struct sk_buff * skb)707 static bool rxgk_validate_challenge(struct rxrpc_connection *conn,
708 struct sk_buff *skb)
709 {
710 struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
711 u8 nonce[20];
712
713 if (!conn->key) {
714 rxrpc_abort_conn(conn, skb, RX_PROTOCOL_ERROR, -EPROTO,
715 rxgk_abort_chall_no_key);
716 return false;
717 }
718
719 if (key_validate(conn->key) < 0) {
720 rxrpc_abort_conn(conn, skb, RXGK_EXPIRED, -EPROTO,
721 rxgk_abort_chall_key_expired);
722 return false;
723 }
724
725 if (skb_copy_bits(skb, sizeof(struct rxrpc_wire_header),
726 nonce, sizeof(nonce)) < 0) {
727 rxrpc_abort_conn(conn, skb, RXGK_PACKETSHORT, -EPROTO,
728 rxgk_abort_chall_short);
729 return false;
730 }
731
732 trace_rxrpc_rx_challenge(conn, sp->hdr.serial, 0, *(u32 *)nonce, 0);
733 return true;
734 }
735
736 /**
737 * rxgk_kernel_query_challenge - Query RxGK-specific challenge parameters
738 * @challenge: The challenge packet to query
739 *
740 * Return: The Kerberos 5 encoding type for the challenged connection.
741 */
rxgk_kernel_query_challenge(struct sk_buff * challenge)742 u32 rxgk_kernel_query_challenge(struct sk_buff *challenge)
743 {
744 struct rxrpc_skb_priv *sp = rxrpc_skb(challenge);
745
746 return sp->chall.conn->rxgk.enctype;
747 }
748 EXPORT_SYMBOL(rxgk_kernel_query_challenge);
749
750 /*
751 * Fill out the control message to pass to userspace to inform about the
752 * challenge.
753 */
rxgk_challenge_to_recvmsg(struct rxrpc_connection * conn,struct sk_buff * challenge,struct msghdr * msg)754 static int rxgk_challenge_to_recvmsg(struct rxrpc_connection *conn,
755 struct sk_buff *challenge,
756 struct msghdr *msg)
757 {
758 struct rxgk_challenge chall;
759
760 chall.base.service_id = conn->service_id;
761 chall.base.security_index = conn->security_ix;
762 chall.enctype = conn->rxgk.enctype;
763
764 return put_cmsg(msg, SOL_RXRPC, RXRPC_CHALLENGED, sizeof(chall), &chall);
765 }
766
767 /*
768 * Insert the requisite amount of XDR padding for the length given.
769 */
rxgk_pad_out(struct sk_buff * response,size_t len,size_t offset)770 static int rxgk_pad_out(struct sk_buff *response, size_t len, size_t offset)
771 {
772 __be32 zero = 0;
773 size_t pad = xdr_round_up(len) - len;
774 int ret;
775
776 if (!pad)
777 return 0;
778
779 ret = skb_store_bits(response, offset, &zero, pad);
780 if (ret < 0)
781 return ret;
782 return pad;
783 }
784
785 /*
786 * Insert the header into the response.
787 */
rxgk_insert_response_header(struct rxrpc_connection * conn,struct rxgk_context * gk,struct sk_buff * response,size_t offset)788 static noinline ssize_t rxgk_insert_response_header(struct rxrpc_connection *conn,
789 struct rxgk_context *gk,
790 struct sk_buff *response,
791 size_t offset)
792 {
793 struct rxrpc_skb_priv *rsp = rxrpc_skb(response);
794
795 struct {
796 struct rxrpc_wire_header whdr;
797 __be32 start_time_msw;
798 __be32 start_time_lsw;
799 __be32 ticket_len;
800 } h;
801 int ret;
802
803 rsp->resp.kvno = gk->key_number;
804 rsp->resp.version = gk->krb5->etype;
805
806 h.whdr.epoch = htonl(conn->proto.epoch);
807 h.whdr.cid = htonl(conn->proto.cid);
808 h.whdr.callNumber = 0;
809 h.whdr.serial = 0;
810 h.whdr.seq = 0;
811 h.whdr.type = RXRPC_PACKET_TYPE_RESPONSE;
812 h.whdr.flags = conn->out_clientflag;
813 h.whdr.userStatus = 0;
814 h.whdr.securityIndex = conn->security_ix;
815 h.whdr.cksum = htons(gk->key_number);
816 h.whdr.serviceId = htons(conn->service_id);
817 h.start_time_msw = htonl(upper_32_bits(conn->rxgk.start_time));
818 h.start_time_lsw = htonl(lower_32_bits(conn->rxgk.start_time));
819 h.ticket_len = htonl(gk->key->ticket.len);
820
821 ret = skb_store_bits(response, offset, &h, sizeof(h));
822 return ret < 0 ? ret : sizeof(h);
823 }
824
825 /*
826 * Construct the authenticator to go in the response packet
827 *
828 * struct RXGK_Authenticator {
829 * opaque nonce[20];
830 * opaque appdata<>;
831 * RXGK_Level level;
832 * unsigned int epoch;
833 * unsigned int cid;
834 * unsigned int call_numbers<>;
835 * };
836 */
rxgk_construct_authenticator(struct rxrpc_connection * conn,struct sk_buff * challenge,const struct krb5_buffer * appdata,struct sk_buff * response,size_t offset)837 static ssize_t rxgk_construct_authenticator(struct rxrpc_connection *conn,
838 struct sk_buff *challenge,
839 const struct krb5_buffer *appdata,
840 struct sk_buff *response,
841 size_t offset)
842 {
843 struct {
844 u8 nonce[20];
845 __be32 appdata_len;
846 } a;
847 struct {
848 __be32 level;
849 __be32 epoch;
850 __be32 cid;
851 __be32 call_numbers_count;
852 __be32 call_numbers[4];
853 } b;
854 int ret;
855
856 ret = skb_copy_bits(challenge, sizeof(struct rxrpc_wire_header),
857 a.nonce, sizeof(a.nonce));
858 if (ret < 0)
859 return -EPROTO;
860
861 a.appdata_len = htonl(appdata->len);
862
863 ret = skb_store_bits(response, offset, &a, sizeof(a));
864 if (ret < 0)
865 return ret;
866 offset += sizeof(a);
867
868 if (appdata->len) {
869 ret = skb_store_bits(response, offset, appdata->data, appdata->len);
870 if (ret < 0)
871 return ret;
872 offset += appdata->len;
873
874 ret = rxgk_pad_out(response, appdata->len, offset);
875 if (ret < 0)
876 return ret;
877 offset += ret;
878 }
879
880 b.level = htonl(conn->security_level);
881 b.epoch = htonl(conn->proto.epoch);
882 b.cid = htonl(conn->proto.cid);
883 b.call_numbers_count = htonl(4);
884 b.call_numbers[0] = htonl(conn->channels[0].call_counter);
885 b.call_numbers[1] = htonl(conn->channels[1].call_counter);
886 b.call_numbers[2] = htonl(conn->channels[2].call_counter);
887 b.call_numbers[3] = htonl(conn->channels[3].call_counter);
888
889 ret = skb_store_bits(response, offset, &b, sizeof(b));
890 if (ret < 0)
891 return ret;
892 return sizeof(a) + xdr_round_up(appdata->len) + sizeof(b);
893 }
894
rxgk_encrypt_authenticator(struct rxrpc_connection * conn,struct rxgk_context * gk,struct sk_buff * response,size_t offset,size_t alloc_len,size_t auth_offset,size_t auth_len)895 static ssize_t rxgk_encrypt_authenticator(struct rxrpc_connection *conn,
896 struct rxgk_context *gk,
897 struct sk_buff *response,
898 size_t offset,
899 size_t alloc_len,
900 size_t auth_offset,
901 size_t auth_len)
902 {
903 struct scatterlist sg[16];
904 int nr_sg;
905
906 sg_init_table(sg, ARRAY_SIZE(sg));
907 nr_sg = skb_to_sgvec(response, sg, offset, alloc_len);
908 if (unlikely(nr_sg < 0))
909 return nr_sg;
910 return crypto_krb5_encrypt(gk->krb5, gk->resp_enc, sg, nr_sg, alloc_len,
911 auth_offset, auth_len, false);
912 }
913
914 /*
915 * Construct the response.
916 *
917 * struct RXGK_Response {
918 * rxgkTime start_time;
919 * RXGK_Data token;
920 * opaque authenticator<RXGK_MAXAUTHENTICATOR>
921 * };
922 */
rxgk_construct_response(struct rxrpc_connection * conn,struct sk_buff * challenge,struct krb5_buffer * appdata)923 static int rxgk_construct_response(struct rxrpc_connection *conn,
924 struct sk_buff *challenge,
925 struct krb5_buffer *appdata)
926 {
927 struct rxrpc_skb_priv *csp, *rsp;
928 struct rxgk_context *gk;
929 struct sk_buff *response;
930 size_t len, auth_len, authx_len, offset, auth_offset, authx_offset;
931 __be32 tmp;
932 int ret;
933
934 gk = rxgk_get_key(conn, NULL);
935 if (IS_ERR(gk))
936 return PTR_ERR(gk);
937
938 auth_len = 20 + (4 + appdata->len) + 12 + (1 + 4) * 4;
939 authx_len = crypto_krb5_how_much_buffer(gk->krb5, KRB5_ENCRYPT_MODE,
940 auth_len, &auth_offset);
941 len = sizeof(struct rxrpc_wire_header) +
942 8 + (4 + xdr_round_up(gk->key->ticket.len)) + (4 + authx_len);
943
944 response = alloc_skb_with_frags(0, len, 0, &ret, GFP_NOFS);
945 if (!response)
946 goto error;
947 rxrpc_new_skb(response, rxrpc_skb_new_response_rxgk);
948 response->len = len;
949 response->data_len = len;
950
951 ret = rxgk_insert_response_header(conn, gk, response, 0);
952 if (ret < 0)
953 goto error;
954 offset = ret;
955
956 ret = skb_store_bits(response, offset, gk->key->ticket.data, gk->key->ticket.len);
957 if (ret < 0)
958 goto error;
959 offset += gk->key->ticket.len;
960 ret = rxgk_pad_out(response, gk->key->ticket.len, offset);
961 if (ret < 0)
962 goto error;
963
964 authx_offset = offset + ret + 4; /* Leave a gap for the length. */
965
966 ret = rxgk_construct_authenticator(conn, challenge, appdata, response,
967 authx_offset + auth_offset);
968 if (ret < 0)
969 goto error;
970 auth_len = ret;
971
972 ret = rxgk_encrypt_authenticator(conn, gk, response,
973 authx_offset, authx_len,
974 auth_offset, auth_len);
975 if (ret < 0)
976 goto error;
977 authx_len = ret;
978
979 tmp = htonl(authx_len);
980 ret = skb_store_bits(response, authx_offset - 4, &tmp, 4);
981 if (ret < 0)
982 goto error;
983
984 ret = rxgk_pad_out(response, authx_len, authx_offset + authx_len);
985 if (ret < 0)
986 goto error;
987 len = authx_offset + authx_len + ret;
988
989 if (len != response->len) {
990 response->len = len;
991 response->data_len = len;
992 }
993
994 csp = rxrpc_skb(challenge);
995 rsp = rxrpc_skb(response);
996 rsp->resp.len = len;
997 rsp->resp.challenge_serial = csp->hdr.serial;
998 rxrpc_post_response(conn, response);
999 response = NULL;
1000 ret = 0;
1001
1002 error:
1003 rxrpc_free_skb(response, rxrpc_skb_put_response);
1004 rxgk_put(gk);
1005 _leave(" = %d", ret);
1006 return ret;
1007 }
1008
1009 /*
1010 * Respond to a challenge packet.
1011 */
rxgk_respond_to_challenge(struct rxrpc_connection * conn,struct sk_buff * challenge,struct krb5_buffer * appdata)1012 static int rxgk_respond_to_challenge(struct rxrpc_connection *conn,
1013 struct sk_buff *challenge,
1014 struct krb5_buffer *appdata)
1015 {
1016 _enter("{%d,%x}", conn->debug_id, key_serial(conn->key));
1017
1018 if (key_validate(conn->key) < 0)
1019 return rxrpc_abort_conn(conn, NULL, RXGK_EXPIRED, -EPROTO,
1020 rxgk_abort_chall_key_expired);
1021
1022 return rxgk_construct_response(conn, challenge, appdata);
1023 }
1024
rxgk_respond_to_challenge_no_appdata(struct rxrpc_connection * conn,struct sk_buff * challenge)1025 static int rxgk_respond_to_challenge_no_appdata(struct rxrpc_connection *conn,
1026 struct sk_buff *challenge)
1027 {
1028 struct krb5_buffer appdata = {};
1029
1030 return rxgk_respond_to_challenge(conn, challenge, &appdata);
1031 }
1032
1033 /**
1034 * rxgk_kernel_respond_to_challenge - Respond to a challenge with appdata
1035 * @challenge: The challenge to respond to
1036 * @appdata: The application data to include in the RESPONSE authenticator
1037 *
1038 * Allow a kernel application to respond to a CHALLENGE with application data
1039 * to be included in the RxGK RESPONSE Authenticator.
1040 *
1041 * Return: %0 if successful and a negative error code otherwise.
1042 */
rxgk_kernel_respond_to_challenge(struct sk_buff * challenge,struct krb5_buffer * appdata)1043 int rxgk_kernel_respond_to_challenge(struct sk_buff *challenge,
1044 struct krb5_buffer *appdata)
1045 {
1046 struct rxrpc_skb_priv *csp = rxrpc_skb(challenge);
1047
1048 return rxgk_respond_to_challenge(csp->chall.conn, challenge, appdata);
1049 }
1050 EXPORT_SYMBOL(rxgk_kernel_respond_to_challenge);
1051
1052 /*
1053 * Parse sendmsg() control message and respond to challenge. We need to see if
1054 * there's an appdata to fish out.
1055 */
rxgk_sendmsg_respond_to_challenge(struct sk_buff * challenge,struct msghdr * msg)1056 static int rxgk_sendmsg_respond_to_challenge(struct sk_buff *challenge,
1057 struct msghdr *msg)
1058 {
1059 struct krb5_buffer appdata = {};
1060 struct cmsghdr *cmsg;
1061
1062 for_each_cmsghdr(cmsg, msg) {
1063 if (cmsg->cmsg_level != SOL_RXRPC ||
1064 cmsg->cmsg_type != RXRPC_RESP_RXGK_APPDATA)
1065 continue;
1066 if (appdata.data)
1067 return -EINVAL;
1068 appdata.data = CMSG_DATA(cmsg);
1069 appdata.len = cmsg->cmsg_len - sizeof(struct cmsghdr);
1070 }
1071
1072 return rxgk_kernel_respond_to_challenge(challenge, &appdata);
1073 }
1074
1075 /*
1076 * Verify the authenticator.
1077 *
1078 * struct RXGK_Authenticator {
1079 * opaque nonce[20];
1080 * opaque appdata<>;
1081 * RXGK_Level level;
1082 * unsigned int epoch;
1083 * unsigned int cid;
1084 * unsigned int call_numbers<>;
1085 * };
1086 */
rxgk_verify_authenticator(struct rxrpc_connection * conn,const struct krb5_enctype * krb5,struct sk_buff * skb,void * auth,unsigned int auth_len)1087 static int rxgk_verify_authenticator(struct rxrpc_connection *conn,
1088 const struct krb5_enctype *krb5,
1089 struct sk_buff *skb,
1090 void *auth, unsigned int auth_len)
1091 {
1092 __be32 *p = auth, *end = auth + auth_len;
1093 u32 app_len, call_count, level, epoch, cid, i;
1094
1095 _enter("");
1096
1097 if ((end - p) * sizeof(__be32) < 24)
1098 return rxrpc_abort_conn(conn, skb, RXGK_NOTAUTH, -EPROTO,
1099 rxgk_abort_resp_short_auth);
1100 if (memcmp(p, conn->rxgk.nonce, 20) != 0)
1101 return rxrpc_abort_conn(conn, skb, RXGK_NOTAUTH, -EPROTO,
1102 rxgk_abort_resp_bad_nonce);
1103 p += 20 / sizeof(__be32);
1104
1105 app_len = ntohl(*p++);
1106 if (app_len > (end - p) * sizeof(__be32))
1107 return rxrpc_abort_conn(conn, skb, RXGK_NOTAUTH, -EPROTO,
1108 rxgk_abort_resp_short_applen);
1109
1110 p += xdr_round_up(app_len) / sizeof(__be32);
1111 if (end - p < 4)
1112 return rxrpc_abort_conn(conn, skb, RXGK_NOTAUTH, -EPROTO,
1113 rxgk_abort_resp_short_auth);
1114
1115 level = ntohl(*p++);
1116 epoch = ntohl(*p++);
1117 cid = ntohl(*p++);
1118 call_count = ntohl(*p++);
1119
1120 if (level != conn->security_level ||
1121 epoch != conn->proto.epoch ||
1122 cid != conn->proto.cid ||
1123 call_count > 4)
1124 return rxrpc_abort_conn(conn, skb, RXGK_NOTAUTH, -EPROTO,
1125 rxgk_abort_resp_bad_param);
1126
1127 if (end - p < call_count)
1128 return rxrpc_abort_conn(conn, skb, RXGK_NOTAUTH, -EPROTO,
1129 rxgk_abort_resp_short_call_list);
1130
1131 for (i = 0; i < call_count; i++) {
1132 u32 call_id = ntohl(*p++);
1133
1134 if (call_id > INT_MAX)
1135 return rxrpc_abort_conn(conn, skb, RXGK_NOTAUTH, -EPROTO,
1136 rxgk_abort_resp_bad_callid);
1137
1138 if (call_id < conn->channels[i].call_counter)
1139 return rxrpc_abort_conn(conn, skb, RXGK_NOTAUTH, -EPROTO,
1140 rxgk_abort_resp_call_ctr);
1141
1142 if (call_id > conn->channels[i].call_counter) {
1143 if (conn->channels[i].call)
1144 return rxrpc_abort_conn(conn, skb, RXGK_NOTAUTH, -EPROTO,
1145 rxgk_abort_resp_call_state);
1146
1147 conn->channels[i].call_counter = call_id;
1148 }
1149 }
1150
1151 _leave(" = 0");
1152 return 0;
1153 }
1154
1155 /*
1156 * Verify a response.
1157 *
1158 * struct RXGK_Response {
1159 * rxgkTime start_time;
1160 * RXGK_Data token;
1161 * opaque authenticator<RXGK_MAXAUTHENTICATOR>
1162 * };
1163 */
rxgk_verify_response(struct rxrpc_connection * conn,struct sk_buff * skb,void * buffer,unsigned int len)1164 static int rxgk_verify_response(struct rxrpc_connection *conn,
1165 struct sk_buff *skb,
1166 void *buffer, unsigned int len)
1167 {
1168 const struct krb5_enctype *krb5;
1169 struct rxrpc_key_token *token;
1170 struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
1171 struct rxgk_response *rhdr;
1172 struct rxgk_context *gk;
1173 struct key *key = NULL;
1174 unsigned int resp_token_len, auth_len;
1175 void *resp_token, *auth;
1176 __be32 xauth_len;
1177 int ret, ec;
1178
1179 _enter("{%d}", conn->debug_id);
1180
1181 /* Parse the RXGK_Response object */
1182 if (len < sizeof(*rhdr) + sizeof(__be32))
1183 goto short_packet;
1184 rhdr = buffer;
1185 buffer += sizeof(*rhdr);
1186 len -= sizeof(*rhdr);
1187
1188 resp_token = buffer;
1189 resp_token_len = ntohl(rhdr->token_len);
1190 if (resp_token_len > len ||
1191 xdr_round_up(resp_token_len) + sizeof(__be32) > len)
1192 goto short_packet;
1193
1194 trace_rxrpc_rx_response(conn, sp->hdr.serial, 0, sp->hdr.cksum, resp_token_len);
1195
1196 buffer += xdr_round_up(resp_token_len);
1197 len -= xdr_round_up(resp_token_len);
1198
1199 xauth_len = *(__be32 *)buffer;
1200 buffer += sizeof(xauth_len);
1201 len -= sizeof(xauth_len);
1202
1203 auth = buffer;
1204 auth_len = ntohl(xauth_len);
1205 if (auth_len > len)
1206 goto short_packet;
1207 if (auth_len & 3)
1208 goto inconsistent;
1209 if (auth_len < 20 + 9 * 4)
1210 goto auth_too_short;
1211
1212 /* We need to extract and decrypt the token and instantiate a session
1213 * key for it. This bit, however, is application-specific. If
1214 * possible, we use a default parser, but we might end up bumping this
1215 * to the app to deal with - which might mean a round trip to
1216 * userspace.
1217 */
1218 ret = rxgk_extract_token(conn, skb, resp_token, resp_token_len, &key);
1219 if (ret < 0)
1220 goto out;
1221
1222 /* We now have a key instantiated from the decrypted ticket. We can
1223 * pass this to the application so that they can parse the ticket
1224 * content and we can use the session key it contains to derive the
1225 * keys we need.
1226 *
1227 * Note that we have to switch enctype at this point as the enctype of
1228 * the ticket doesn't necessarily match that of the transport.
1229 */
1230 token = key->payload.data[0];
1231 conn->security_level = token->rxgk->level;
1232 conn->rxgk.start_time = __be64_to_cpu(rhdr->start_time);
1233
1234 gk = rxgk_generate_transport_key(conn, token->rxgk, sp->hdr.cksum, GFP_NOFS);
1235 if (IS_ERR(gk)) {
1236 ret = PTR_ERR(gk);
1237 goto cant_get_token;
1238 }
1239
1240 krb5 = gk->krb5;
1241
1242 trace_rxrpc_rx_response(conn, sp->hdr.serial, krb5->etype, sp->hdr.cksum,
1243 resp_token_len);
1244
1245 /* Decrypt, parse and verify the authenticator. */
1246 ret = rxgk_decrypt(krb5, gk->resp_enc, &auth, &auth_len, &ec);
1247 if (ret < 0) {
1248 rxrpc_abort_conn(conn, skb, RXGK_SEALEDINCON, ret,
1249 rxgk_abort_resp_auth_dec);
1250 goto out_gk;
1251 }
1252
1253 ret = rxgk_verify_authenticator(conn, krb5, skb, auth, auth_len);
1254 if (ret < 0)
1255 goto out_gk;
1256
1257 conn->key = key;
1258 key = NULL;
1259 ret = 0;
1260 out_gk:
1261 rxgk_put(gk);
1262 out:
1263 key_put(key);
1264 _leave(" = %d", ret);
1265 return ret;
1266
1267 inconsistent:
1268 ret = rxrpc_abort_conn(conn, skb, RXGK_INCONSISTENCY, -EPROTO,
1269 rxgk_abort_resp_xdr_align);
1270 goto out;
1271 auth_too_short:
1272 ret = rxrpc_abort_conn(conn, skb, RXGK_PACKETSHORT, -EPROTO,
1273 rxgk_abort_resp_short_auth);
1274 goto out;
1275 short_packet:
1276 ret = rxrpc_abort_conn(conn, skb, RXGK_PACKETSHORT, -EPROTO,
1277 rxgk_abort_resp_short_packet);
1278 goto out;
1279
1280 cant_get_token:
1281 switch (ret) {
1282 case -ENOMEM:
1283 goto temporary_error;
1284 case -EINVAL:
1285 ret = rxrpc_abort_conn(conn, skb, RXGK_NOTAUTH, -EKEYREJECTED,
1286 rxgk_abort_resp_internal_error);
1287 goto out;
1288 case -ENOPKG:
1289 ret = rxrpc_abort_conn(conn, skb, KRB5_PROG_KEYTYPE_NOSUPP,
1290 -EKEYREJECTED, rxgk_abort_resp_nopkg);
1291 goto out;
1292 }
1293
1294 temporary_error:
1295 /* Ignore the response packet if we got a temporary error such as
1296 * ENOMEM. We just want to send the challenge again. Note that we
1297 * also come out this way if the ticket decryption fails.
1298 */
1299 goto out;
1300 }
1301
1302 /*
1303 * clear the connection security
1304 */
rxgk_clear(struct rxrpc_connection * conn)1305 static void rxgk_clear(struct rxrpc_connection *conn)
1306 {
1307 int i;
1308
1309 for (i = 0; i < ARRAY_SIZE(conn->rxgk.keys); i++)
1310 rxgk_put(conn->rxgk.keys[i]);
1311 }
1312
1313 /*
1314 * Initialise the RxGK security service.
1315 */
rxgk_init(void)1316 static int rxgk_init(void)
1317 {
1318 return 0;
1319 }
1320
1321 /*
1322 * Clean up the RxGK security service.
1323 */
rxgk_exit(void)1324 static void rxgk_exit(void)
1325 {
1326 }
1327
1328 /*
1329 * RxRPC YFS GSSAPI-based security
1330 */
1331 const struct rxrpc_security rxgk_yfs = {
1332 .name = "yfs-rxgk",
1333 .security_index = RXRPC_SECURITY_YFS_RXGK,
1334 .no_key_abort = RXGK_NOTAUTH,
1335 .init = rxgk_init,
1336 .exit = rxgk_exit,
1337 .preparse_server_key = rxgk_preparse_server_key,
1338 .free_preparse_server_key = rxgk_free_preparse_server_key,
1339 .destroy_server_key = rxgk_destroy_server_key,
1340 .describe_server_key = rxgk_describe_server_key,
1341 .init_connection_security = rxgk_init_connection_security,
1342 .alloc_txbuf = rxgk_alloc_txbuf,
1343 .secure_packet = rxgk_secure_packet,
1344 .verify_packet = rxgk_verify_packet,
1345 .free_call_crypto = rxgk_free_call_crypto,
1346 .issue_challenge = rxgk_issue_challenge,
1347 .validate_challenge = rxgk_validate_challenge,
1348 .challenge_to_recvmsg = rxgk_challenge_to_recvmsg,
1349 .sendmsg_respond_to_challenge = rxgk_sendmsg_respond_to_challenge,
1350 .respond_to_challenge = rxgk_respond_to_challenge_no_appdata,
1351 .verify_response = rxgk_verify_response,
1352 .clear = rxgk_clear,
1353 .default_decode_ticket = rxgk_yfs_decode_ticket,
1354 };
1355