1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* Kerberos-based RxRPC security 3 * 4 * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved. 5 * Written by David Howells (dhowells@redhat.com) 6 */ 7 8 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 9 10 #include <crypto/skcipher.h> 11 #include <linux/module.h> 12 #include <linux/net.h> 13 #include <linux/skbuff.h> 14 #include <linux/udp.h> 15 #include <linux/scatterlist.h> 16 #include <linux/ctype.h> 17 #include <linux/slab.h> 18 #include <linux/key-type.h> 19 #include <net/sock.h> 20 #include <net/af_rxrpc.h> 21 #include <keys/rxrpc-type.h> 22 #include "ar-internal.h" 23 24 #define RXKAD_VERSION 2 25 #define MAXKRB5TICKETLEN 1024 26 #define RXKAD_TKT_TYPE_KERBEROS_V5 256 27 #define ANAME_SZ 40 /* size of authentication name */ 28 #define INST_SZ 40 /* size of principal's instance */ 29 #define REALM_SZ 40 /* size of principal's auth domain */ 30 #define SNAME_SZ 40 /* size of service name */ 31 #define RXKAD_ALIGN 8 32 33 struct rxkad_level1_hdr { 34 __be32 data_size; /* true data size (excluding padding) */ 35 }; 36 37 struct rxkad_level2_hdr { 38 __be32 data_size; /* true data size (excluding padding) */ 39 __be32 checksum; /* decrypted data checksum */ 40 }; 41 42 static int rxkad_prime_packet_security(struct rxrpc_connection *conn, 43 struct crypto_sync_skcipher *ci); 44 45 /* 46 * this holds a pinned cipher so that keventd doesn't get called by the cipher 47 * alloc routine, but since we have it to hand, we use it to decrypt RESPONSE 48 * packets 49 */ 50 static struct crypto_sync_skcipher *rxkad_ci; 51 static struct skcipher_request *rxkad_ci_req; 52 static DEFINE_MUTEX(rxkad_ci_mutex); 53 54 /* 55 * Parse the information from a server key 56 * 57 * The data should be the 8-byte secret key. 58 */ 59 static int rxkad_preparse_server_key(struct key_preparsed_payload *prep) 60 { 61 struct crypto_skcipher *ci; 62 63 if (prep->datalen != 8) 64 return -EINVAL; 65 66 memcpy(&prep->payload.data[2], prep->data, 8); 67 68 ci = crypto_alloc_skcipher("pcbc(des)", 0, CRYPTO_ALG_ASYNC); 69 if (IS_ERR(ci)) { 70 _leave(" = %ld", PTR_ERR(ci)); 71 return PTR_ERR(ci); 72 } 73 74 if (crypto_skcipher_setkey(ci, prep->data, 8) < 0) 75 BUG(); 76 77 prep->payload.data[0] = ci; 78 _leave(" = 0"); 79 return 0; 80 } 81 82 static void rxkad_free_preparse_server_key(struct key_preparsed_payload *prep) 83 { 84 85 if (prep->payload.data[0]) 86 crypto_free_skcipher(prep->payload.data[0]); 87 } 88 89 static void rxkad_destroy_server_key(struct key *key) 90 { 91 if (key->payload.data[0]) { 92 crypto_free_skcipher(key->payload.data[0]); 93 key->payload.data[0] = NULL; 94 } 95 } 96 97 /* 98 * initialise connection security 99 */ 100 static int rxkad_init_connection_security(struct rxrpc_connection *conn, 101 struct rxrpc_key_token *token) 102 { 103 struct crypto_sync_skcipher *ci; 104 int ret; 105 106 _enter("{%d},{%x}", conn->debug_id, key_serial(conn->key)); 107 108 conn->security_ix = token->security_index; 109 110 ci = crypto_alloc_sync_skcipher("pcbc(fcrypt)", 0, 0); 111 if (IS_ERR(ci)) { 112 _debug("no cipher"); 113 ret = PTR_ERR(ci); 114 goto error; 115 } 116 117 if (crypto_sync_skcipher_setkey(ci, token->kad->session_key, 118 sizeof(token->kad->session_key)) < 0) 119 BUG(); 120 121 switch (conn->security_level) { 122 case RXRPC_SECURITY_PLAIN: 123 case RXRPC_SECURITY_AUTH: 124 case RXRPC_SECURITY_ENCRYPT: 125 break; 126 default: 127 ret = -EKEYREJECTED; 128 goto error; 129 } 130 131 ret = rxkad_prime_packet_security(conn, ci); 132 if (ret < 0) 133 goto error_ci; 134 135 conn->rxkad.cipher = ci; 136 return 0; 137 138 error_ci: 139 crypto_free_sync_skcipher(ci); 140 error: 141 _leave(" = %d", ret); 142 return ret; 143 } 144 145 /* 146 * Work out how much data we can put in a packet. 147 */ 148 static struct rxrpc_txbuf *rxkad_alloc_txbuf(struct rxrpc_call *call, size_t remain, gfp_t gfp) 149 { 150 struct rxrpc_txbuf *txb; 151 size_t shdr, alloc, limit, part; 152 153 remain = umin(remain, 65535 - sizeof(struct rxrpc_wire_header)); 154 155 switch (call->conn->security_level) { 156 default: 157 alloc = umin(remain, RXRPC_JUMBO_DATALEN); 158 return rxrpc_alloc_data_txbuf(call, alloc, 1, gfp); 159 case RXRPC_SECURITY_AUTH: 160 shdr = sizeof(struct rxkad_level1_hdr); 161 break; 162 case RXRPC_SECURITY_ENCRYPT: 163 shdr = sizeof(struct rxkad_level2_hdr); 164 break; 165 } 166 167 limit = round_down(RXRPC_JUMBO_DATALEN, RXKAD_ALIGN) - shdr; 168 if (remain < limit) { 169 part = remain; 170 alloc = round_up(shdr + part, RXKAD_ALIGN); 171 } else { 172 part = limit; 173 alloc = RXRPC_JUMBO_DATALEN; 174 } 175 176 txb = rxrpc_alloc_data_txbuf(call, alloc, RXKAD_ALIGN, gfp); 177 if (!txb) 178 return NULL; 179 180 txb->crypto_header = 0; 181 txb->sec_header = shdr; 182 txb->offset += shdr; 183 txb->space = part; 184 return txb; 185 } 186 187 /* 188 * prime the encryption state with the invariant parts of a connection's 189 * description 190 */ 191 static int rxkad_prime_packet_security(struct rxrpc_connection *conn, 192 struct crypto_sync_skcipher *ci) 193 { 194 struct skcipher_request *req; 195 struct rxrpc_key_token *token; 196 struct scatterlist sg; 197 struct rxrpc_crypt iv; 198 __be32 *tmpbuf; 199 size_t tmpsize = 4 * sizeof(__be32); 200 201 _enter(""); 202 203 if (!conn->key) 204 return 0; 205 206 tmpbuf = kmalloc(tmpsize, GFP_KERNEL); 207 if (!tmpbuf) 208 return -ENOMEM; 209 210 req = skcipher_request_alloc(&ci->base, GFP_NOFS); 211 if (!req) { 212 kfree(tmpbuf); 213 return -ENOMEM; 214 } 215 216 token = conn->key->payload.data[0]; 217 memcpy(&iv, token->kad->session_key, sizeof(iv)); 218 219 tmpbuf[0] = htonl(conn->proto.epoch); 220 tmpbuf[1] = htonl(conn->proto.cid); 221 tmpbuf[2] = 0; 222 tmpbuf[3] = htonl(conn->security_ix); 223 224 sg_init_one(&sg, tmpbuf, tmpsize); 225 skcipher_request_set_sync_tfm(req, ci); 226 skcipher_request_set_callback(req, 0, NULL, NULL); 227 skcipher_request_set_crypt(req, &sg, &sg, tmpsize, iv.x); 228 crypto_skcipher_encrypt(req); 229 skcipher_request_free(req); 230 231 memcpy(&conn->rxkad.csum_iv, tmpbuf + 2, sizeof(conn->rxkad.csum_iv)); 232 kfree(tmpbuf); 233 _leave(" = 0"); 234 return 0; 235 } 236 237 /* 238 * Allocate and prepare the crypto request on a call. For any particular call, 239 * this is called serially for the packets, so no lock should be necessary. 240 */ 241 static struct skcipher_request *rxkad_get_call_crypto(struct rxrpc_call *call) 242 { 243 struct crypto_skcipher *tfm = &call->conn->rxkad.cipher->base; 244 245 return skcipher_request_alloc(tfm, GFP_NOFS); 246 } 247 248 /* 249 * Clean up the crypto on a call. 250 */ 251 static void rxkad_free_call_crypto(struct rxrpc_call *call) 252 { 253 } 254 255 /* 256 * partially encrypt a packet (level 1 security) 257 */ 258 static int rxkad_secure_packet_auth(const struct rxrpc_call *call, 259 struct rxrpc_txbuf *txb, 260 struct skcipher_request *req) 261 { 262 struct rxkad_level1_hdr *hdr = txb->data; 263 struct rxrpc_crypt iv; 264 struct scatterlist sg; 265 size_t pad; 266 u16 check; 267 268 _enter(""); 269 270 check = txb->seq ^ call->call_id; 271 hdr->data_size = htonl((u32)check << 16 | txb->len); 272 273 txb->pkt_len = sizeof(struct rxkad_level1_hdr) + txb->len; 274 pad = txb->pkt_len; 275 pad = RXKAD_ALIGN - pad; 276 pad &= RXKAD_ALIGN - 1; 277 if (pad) { 278 memset(txb->data + txb->offset, 0, pad); 279 txb->pkt_len += pad; 280 } 281 282 /* start the encryption afresh */ 283 memset(&iv, 0, sizeof(iv)); 284 285 sg_init_one(&sg, hdr, 8); 286 skcipher_request_set_sync_tfm(req, call->conn->rxkad.cipher); 287 skcipher_request_set_callback(req, 0, NULL, NULL); 288 skcipher_request_set_crypt(req, &sg, &sg, 8, iv.x); 289 crypto_skcipher_encrypt(req); 290 skcipher_request_zero(req); 291 292 _leave(" = 0"); 293 return 0; 294 } 295 296 /* 297 * wholly encrypt a packet (level 2 security) 298 */ 299 static int rxkad_secure_packet_encrypt(const struct rxrpc_call *call, 300 struct rxrpc_txbuf *txb, 301 struct skcipher_request *req) 302 { 303 const struct rxrpc_key_token *token; 304 struct rxkad_level2_hdr *rxkhdr = txb->data; 305 struct rxrpc_crypt iv; 306 struct scatterlist sg; 307 size_t content, pad; 308 u16 check; 309 int ret; 310 311 _enter(""); 312 313 check = txb->seq ^ call->call_id; 314 315 rxkhdr->data_size = htonl(txb->len | (u32)check << 16); 316 rxkhdr->checksum = 0; 317 318 content = sizeof(struct rxkad_level2_hdr) + txb->len; 319 txb->pkt_len = round_up(content, RXKAD_ALIGN); 320 pad = txb->pkt_len - content; 321 if (pad) 322 memset(txb->data + txb->offset, 0, pad); 323 324 /* encrypt from the session key */ 325 token = call->conn->key->payload.data[0]; 326 memcpy(&iv, token->kad->session_key, sizeof(iv)); 327 328 sg_init_one(&sg, rxkhdr, txb->pkt_len); 329 skcipher_request_set_sync_tfm(req, call->conn->rxkad.cipher); 330 skcipher_request_set_callback(req, 0, NULL, NULL); 331 skcipher_request_set_crypt(req, &sg, &sg, txb->pkt_len, iv.x); 332 ret = crypto_skcipher_encrypt(req); 333 skcipher_request_zero(req); 334 return ret; 335 } 336 337 /* 338 * checksum an RxRPC packet header 339 */ 340 static int rxkad_secure_packet(struct rxrpc_call *call, struct rxrpc_txbuf *txb) 341 { 342 struct skcipher_request *req; 343 struct rxrpc_crypt iv; 344 struct scatterlist sg; 345 union { 346 __be32 buf[2]; 347 } crypto __aligned(8); 348 u32 x, y; 349 int ret; 350 351 _enter("{%d{%x}},{#%u},%u,", 352 call->debug_id, key_serial(call->conn->key), 353 txb->seq, txb->len); 354 355 if (!call->conn->rxkad.cipher) 356 return 0; 357 358 ret = key_validate(call->conn->key); 359 if (ret < 0) 360 return ret; 361 362 req = rxkad_get_call_crypto(call); 363 if (!req) 364 return -ENOMEM; 365 366 /* continue encrypting from where we left off */ 367 memcpy(&iv, call->conn->rxkad.csum_iv.x, sizeof(iv)); 368 369 /* calculate the security checksum */ 370 x = (call->cid & RXRPC_CHANNELMASK) << (32 - RXRPC_CIDSHIFT); 371 x |= txb->seq & 0x3fffffff; 372 crypto.buf[0] = htonl(call->call_id); 373 crypto.buf[1] = htonl(x); 374 375 sg_init_one(&sg, crypto.buf, 8); 376 skcipher_request_set_sync_tfm(req, call->conn->rxkad.cipher); 377 skcipher_request_set_callback(req, 0, NULL, NULL); 378 skcipher_request_set_crypt(req, &sg, &sg, 8, iv.x); 379 crypto_skcipher_encrypt(req); 380 skcipher_request_zero(req); 381 382 y = ntohl(crypto.buf[1]); 383 y = (y >> 16) & 0xffff; 384 if (y == 0) 385 y = 1; /* zero checksums are not permitted */ 386 txb->cksum = htons(y); 387 388 switch (call->conn->security_level) { 389 case RXRPC_SECURITY_PLAIN: 390 txb->pkt_len = txb->len; 391 ret = 0; 392 break; 393 case RXRPC_SECURITY_AUTH: 394 ret = rxkad_secure_packet_auth(call, txb, req); 395 if (txb->alloc_size == RXRPC_JUMBO_DATALEN) 396 txb->jumboable = true; 397 break; 398 case RXRPC_SECURITY_ENCRYPT: 399 ret = rxkad_secure_packet_encrypt(call, txb, req); 400 if (txb->alloc_size == RXRPC_JUMBO_DATALEN) 401 txb->jumboable = true; 402 break; 403 default: 404 ret = -EPERM; 405 break; 406 } 407 408 /* Clear excess space in the packet */ 409 if (txb->pkt_len < txb->alloc_size) { 410 size_t gap = txb->alloc_size - txb->pkt_len; 411 void *p = txb->data; 412 413 memset(p + txb->pkt_len, 0, gap); 414 } 415 416 skcipher_request_free(req); 417 _leave(" = %d [set %x]", ret, y); 418 return ret; 419 } 420 421 /* 422 * decrypt partial encryption on a packet (level 1 security) 423 */ 424 static int rxkad_verify_packet_1(struct rxrpc_call *call, struct sk_buff *skb, 425 rxrpc_seq_t seq, 426 struct skcipher_request *req) 427 { 428 struct rxkad_level1_hdr sechdr; 429 struct rxrpc_skb_priv *sp = rxrpc_skb(skb); 430 struct rxrpc_crypt iv; 431 struct scatterlist sg[16]; 432 u32 data_size, buf; 433 u16 check; 434 int ret; 435 436 _enter(""); 437 438 if (sp->len < 8) 439 return rxrpc_abort_eproto(call, skb, RXKADSEALEDINCON, 440 rxkad_abort_1_short_header); 441 442 /* Decrypt the skbuff in-place. TODO: We really want to decrypt 443 * directly into the target buffer. 444 */ 445 sg_init_table(sg, ARRAY_SIZE(sg)); 446 ret = skb_to_sgvec(skb, sg, sp->offset, 8); 447 if (unlikely(ret < 0)) 448 return ret; 449 450 /* start the decryption afresh */ 451 memset(&iv, 0, sizeof(iv)); 452 453 skcipher_request_set_sync_tfm(req, call->conn->rxkad.cipher); 454 skcipher_request_set_callback(req, 0, NULL, NULL); 455 skcipher_request_set_crypt(req, sg, sg, 8, iv.x); 456 crypto_skcipher_decrypt(req); 457 skcipher_request_zero(req); 458 459 /* Extract the decrypted packet length */ 460 if (skb_copy_bits(skb, sp->offset, &sechdr, sizeof(sechdr)) < 0) 461 return rxrpc_abort_eproto(call, skb, RXKADDATALEN, 462 rxkad_abort_1_short_encdata); 463 sp->offset += sizeof(sechdr); 464 sp->len -= sizeof(sechdr); 465 466 buf = ntohl(sechdr.data_size); 467 data_size = buf & 0xffff; 468 469 check = buf >> 16; 470 check ^= seq ^ call->call_id; 471 check &= 0xffff; 472 if (check != 0) 473 return rxrpc_abort_eproto(call, skb, RXKADSEALEDINCON, 474 rxkad_abort_1_short_check); 475 if (data_size > sp->len) 476 return rxrpc_abort_eproto(call, skb, RXKADDATALEN, 477 rxkad_abort_1_short_data); 478 sp->len = data_size; 479 480 _leave(" = 0 [dlen=%x]", data_size); 481 return 0; 482 } 483 484 /* 485 * wholly decrypt a packet (level 2 security) 486 */ 487 static int rxkad_verify_packet_2(struct rxrpc_call *call, struct sk_buff *skb, 488 rxrpc_seq_t seq, 489 struct skcipher_request *req) 490 { 491 const struct rxrpc_key_token *token; 492 struct rxkad_level2_hdr sechdr; 493 struct rxrpc_skb_priv *sp = rxrpc_skb(skb); 494 struct rxrpc_crypt iv; 495 struct scatterlist _sg[4], *sg; 496 u32 data_size, buf; 497 u16 check; 498 int nsg, ret; 499 500 _enter(",{%d}", sp->len); 501 502 if (sp->len < 8) 503 return rxrpc_abort_eproto(call, skb, RXKADSEALEDINCON, 504 rxkad_abort_2_short_header); 505 506 /* Decrypt the skbuff in-place. TODO: We really want to decrypt 507 * directly into the target buffer. 508 */ 509 sg = _sg; 510 nsg = skb_shinfo(skb)->nr_frags + 1; 511 if (nsg <= 4) { 512 nsg = 4; 513 } else { 514 sg = kmalloc_array(nsg, sizeof(*sg), GFP_NOIO); 515 if (!sg) 516 return -ENOMEM; 517 } 518 519 sg_init_table(sg, nsg); 520 ret = skb_to_sgvec(skb, sg, sp->offset, sp->len); 521 if (unlikely(ret < 0)) { 522 if (sg != _sg) 523 kfree(sg); 524 return ret; 525 } 526 527 /* decrypt from the session key */ 528 token = call->conn->key->payload.data[0]; 529 memcpy(&iv, token->kad->session_key, sizeof(iv)); 530 531 skcipher_request_set_sync_tfm(req, call->conn->rxkad.cipher); 532 skcipher_request_set_callback(req, 0, NULL, NULL); 533 skcipher_request_set_crypt(req, sg, sg, sp->len, iv.x); 534 crypto_skcipher_decrypt(req); 535 skcipher_request_zero(req); 536 if (sg != _sg) 537 kfree(sg); 538 539 /* Extract the decrypted packet length */ 540 if (skb_copy_bits(skb, sp->offset, &sechdr, sizeof(sechdr)) < 0) 541 return rxrpc_abort_eproto(call, skb, RXKADDATALEN, 542 rxkad_abort_2_short_len); 543 sp->offset += sizeof(sechdr); 544 sp->len -= sizeof(sechdr); 545 546 buf = ntohl(sechdr.data_size); 547 data_size = buf & 0xffff; 548 549 check = buf >> 16; 550 check ^= seq ^ call->call_id; 551 check &= 0xffff; 552 if (check != 0) 553 return rxrpc_abort_eproto(call, skb, RXKADSEALEDINCON, 554 rxkad_abort_2_short_check); 555 556 if (data_size > sp->len) 557 return rxrpc_abort_eproto(call, skb, RXKADDATALEN, 558 rxkad_abort_2_short_data); 559 560 sp->len = data_size; 561 _leave(" = 0 [dlen=%x]", data_size); 562 return 0; 563 } 564 565 /* 566 * Verify the security on a received packet and the subpackets therein. 567 */ 568 static int rxkad_verify_packet(struct rxrpc_call *call, struct sk_buff *skb) 569 { 570 struct rxrpc_skb_priv *sp = rxrpc_skb(skb); 571 struct skcipher_request *req; 572 struct rxrpc_crypt iv; 573 struct scatterlist sg; 574 union { 575 __be32 buf[2]; 576 } crypto __aligned(8); 577 rxrpc_seq_t seq = sp->hdr.seq; 578 int ret; 579 u16 cksum; 580 u32 x, y; 581 582 _enter("{%d{%x}},{#%u}", 583 call->debug_id, key_serial(call->conn->key), seq); 584 585 if (!call->conn->rxkad.cipher) 586 return 0; 587 588 req = rxkad_get_call_crypto(call); 589 if (!req) 590 return -ENOMEM; 591 592 /* continue encrypting from where we left off */ 593 memcpy(&iv, call->conn->rxkad.csum_iv.x, sizeof(iv)); 594 595 /* validate the security checksum */ 596 x = (call->cid & RXRPC_CHANNELMASK) << (32 - RXRPC_CIDSHIFT); 597 x |= seq & 0x3fffffff; 598 crypto.buf[0] = htonl(call->call_id); 599 crypto.buf[1] = htonl(x); 600 601 sg_init_one(&sg, crypto.buf, 8); 602 skcipher_request_set_sync_tfm(req, call->conn->rxkad.cipher); 603 skcipher_request_set_callback(req, 0, NULL, NULL); 604 skcipher_request_set_crypt(req, &sg, &sg, 8, iv.x); 605 crypto_skcipher_encrypt(req); 606 skcipher_request_zero(req); 607 608 y = ntohl(crypto.buf[1]); 609 cksum = (y >> 16) & 0xffff; 610 if (cksum == 0) 611 cksum = 1; /* zero checksums are not permitted */ 612 613 if (cksum != sp->hdr.cksum) { 614 ret = rxrpc_abort_eproto(call, skb, RXKADSEALEDINCON, 615 rxkad_abort_bad_checksum); 616 goto out; 617 } 618 619 switch (call->conn->security_level) { 620 case RXRPC_SECURITY_PLAIN: 621 ret = 0; 622 break; 623 case RXRPC_SECURITY_AUTH: 624 ret = rxkad_verify_packet_1(call, skb, seq, req); 625 break; 626 case RXRPC_SECURITY_ENCRYPT: 627 ret = rxkad_verify_packet_2(call, skb, seq, req); 628 break; 629 default: 630 ret = -ENOANO; 631 break; 632 } 633 634 out: 635 skcipher_request_free(req); 636 return ret; 637 } 638 639 /* 640 * issue a challenge 641 */ 642 static int rxkad_issue_challenge(struct rxrpc_connection *conn) 643 { 644 struct rxkad_challenge challenge; 645 struct rxrpc_wire_header whdr; 646 struct msghdr msg; 647 struct kvec iov[2]; 648 size_t len; 649 u32 serial; 650 int ret; 651 652 _enter("{%d}", conn->debug_id); 653 654 get_random_bytes(&conn->rxkad.nonce, sizeof(conn->rxkad.nonce)); 655 656 challenge.version = htonl(2); 657 challenge.nonce = htonl(conn->rxkad.nonce); 658 challenge.min_level = htonl(0); 659 challenge.__padding = 0; 660 661 msg.msg_name = &conn->peer->srx.transport; 662 msg.msg_namelen = conn->peer->srx.transport_len; 663 msg.msg_control = NULL; 664 msg.msg_controllen = 0; 665 msg.msg_flags = 0; 666 667 whdr.epoch = htonl(conn->proto.epoch); 668 whdr.cid = htonl(conn->proto.cid); 669 whdr.callNumber = 0; 670 whdr.seq = 0; 671 whdr.type = RXRPC_PACKET_TYPE_CHALLENGE; 672 whdr.flags = conn->out_clientflag; 673 whdr.userStatus = 0; 674 whdr.securityIndex = conn->security_ix; 675 whdr._rsvd = 0; 676 whdr.serviceId = htons(conn->service_id); 677 678 iov[0].iov_base = &whdr; 679 iov[0].iov_len = sizeof(whdr); 680 iov[1].iov_base = &challenge; 681 iov[1].iov_len = sizeof(challenge); 682 683 len = iov[0].iov_len + iov[1].iov_len; 684 685 serial = rxrpc_get_next_serial(conn); 686 whdr.serial = htonl(serial); 687 688 trace_rxrpc_tx_challenge(conn, serial, 0, conn->rxkad.nonce); 689 690 ret = kernel_sendmsg(conn->local->socket, &msg, iov, 2, len); 691 if (ret < 0) { 692 trace_rxrpc_tx_fail(conn->debug_id, serial, ret, 693 rxrpc_tx_point_rxkad_challenge); 694 return -EAGAIN; 695 } 696 697 conn->peer->last_tx_at = ktime_get_seconds(); 698 trace_rxrpc_tx_packet(conn->debug_id, &whdr, 699 rxrpc_tx_point_rxkad_challenge); 700 _leave(" = 0"); 701 return 0; 702 } 703 704 /* 705 * calculate the response checksum 706 */ 707 static void rxkad_calc_response_checksum(struct rxkad_response *response) 708 { 709 u32 csum = 1000003; 710 int loop; 711 u8 *p = (u8 *) response; 712 713 for (loop = sizeof(*response); loop > 0; loop--) 714 csum = csum * 0x10204081 + *p++; 715 716 response->encrypted.checksum = htonl(csum); 717 } 718 719 /* 720 * encrypt the response packet 721 */ 722 static int rxkad_encrypt_response(struct rxrpc_connection *conn, 723 struct sk_buff *response, 724 const struct rxkad_key *s2) 725 { 726 struct skcipher_request *req; 727 struct rxrpc_crypt iv; 728 struct scatterlist sg[1]; 729 size_t encsize = sizeof(((struct rxkad_response *)0)->encrypted); 730 int ret; 731 732 sg_init_table(sg, ARRAY_SIZE(sg)); 733 ret = skb_to_sgvec(response, sg, 734 sizeof(struct rxrpc_wire_header) + 735 offsetof(struct rxkad_response, encrypted), encsize); 736 if (ret < 0) 737 return ret; 738 739 req = skcipher_request_alloc(&conn->rxkad.cipher->base, GFP_NOFS); 740 if (!req) 741 return -ENOMEM; 742 743 /* continue encrypting from where we left off */ 744 memcpy(&iv, s2->session_key, sizeof(iv)); 745 746 skcipher_request_set_sync_tfm(req, conn->rxkad.cipher); 747 skcipher_request_set_callback(req, 0, NULL, NULL); 748 skcipher_request_set_crypt(req, sg, sg, encsize, iv.x); 749 ret = crypto_skcipher_encrypt(req); 750 skcipher_request_free(req); 751 return ret; 752 } 753 754 /* 755 * Validate a challenge packet. 756 */ 757 static bool rxkad_validate_challenge(struct rxrpc_connection *conn, 758 struct sk_buff *skb) 759 { 760 struct rxkad_challenge challenge; 761 struct rxrpc_skb_priv *sp = rxrpc_skb(skb); 762 u32 version, min_level; 763 int ret; 764 765 _enter("{%d,%x}", conn->debug_id, key_serial(conn->key)); 766 767 if (!conn->key) { 768 rxrpc_abort_conn(conn, skb, RX_PROTOCOL_ERROR, -EPROTO, 769 rxkad_abort_chall_no_key); 770 return false; 771 } 772 773 ret = key_validate(conn->key); 774 if (ret < 0) { 775 rxrpc_abort_conn(conn, skb, RXKADEXPIRED, ret, 776 rxkad_abort_chall_key_expired); 777 return false; 778 } 779 780 if (skb_copy_bits(skb, sizeof(struct rxrpc_wire_header), 781 &challenge, sizeof(challenge)) < 0) { 782 rxrpc_abort_conn(conn, skb, RXKADPACKETSHORT, -EPROTO, 783 rxkad_abort_chall_short); 784 return false; 785 } 786 787 version = ntohl(challenge.version); 788 sp->chall.rxkad_nonce = ntohl(challenge.nonce); 789 min_level = ntohl(challenge.min_level); 790 791 trace_rxrpc_rx_challenge(conn, sp->hdr.serial, version, 792 sp->chall.rxkad_nonce, min_level); 793 794 if (version != RXKAD_VERSION) { 795 rxrpc_abort_conn(conn, skb, RXKADINCONSISTENCY, -EPROTO, 796 rxkad_abort_chall_version); 797 return false; 798 } 799 800 if (conn->security_level < min_level) { 801 rxrpc_abort_conn(conn, skb, RXKADLEVELFAIL, -EACCES, 802 rxkad_abort_chall_level); 803 return false; 804 } 805 return true; 806 } 807 808 /* 809 * Insert the header into the response. 810 */ 811 static noinline 812 int rxkad_insert_response_header(struct rxrpc_connection *conn, 813 const struct rxrpc_key_token *token, 814 struct sk_buff *challenge, 815 struct sk_buff *response, 816 size_t *offset) 817 { 818 struct rxrpc_skb_priv *csp = rxrpc_skb(challenge); 819 struct { 820 struct rxrpc_wire_header whdr; 821 struct rxkad_response resp; 822 } h; 823 int ret; 824 825 h.whdr.epoch = htonl(conn->proto.epoch); 826 h.whdr.cid = htonl(conn->proto.cid); 827 h.whdr.callNumber = 0; 828 h.whdr.serial = 0; 829 h.whdr.seq = 0; 830 h.whdr.type = RXRPC_PACKET_TYPE_RESPONSE; 831 h.whdr.flags = conn->out_clientflag; 832 h.whdr.userStatus = 0; 833 h.whdr.securityIndex = conn->security_ix; 834 h.whdr.cksum = 0; 835 h.whdr.serviceId = htons(conn->service_id); 836 h.resp.version = htonl(RXKAD_VERSION); 837 h.resp.__pad = 0; 838 h.resp.encrypted.epoch = htonl(conn->proto.epoch); 839 h.resp.encrypted.cid = htonl(conn->proto.cid); 840 h.resp.encrypted.checksum = 0; 841 h.resp.encrypted.securityIndex = htonl(conn->security_ix); 842 h.resp.encrypted.call_id[0] = htonl(conn->channels[0].call_counter); 843 h.resp.encrypted.call_id[1] = htonl(conn->channels[1].call_counter); 844 h.resp.encrypted.call_id[2] = htonl(conn->channels[2].call_counter); 845 h.resp.encrypted.call_id[3] = htonl(conn->channels[3].call_counter); 846 h.resp.encrypted.inc_nonce = htonl(csp->chall.rxkad_nonce + 1); 847 h.resp.encrypted.level = htonl(conn->security_level); 848 h.resp.kvno = htonl(token->kad->kvno); 849 h.resp.ticket_len = htonl(token->kad->ticket_len); 850 851 rxkad_calc_response_checksum(&h.resp); 852 853 ret = skb_store_bits(response, *offset, &h, sizeof(h)); 854 *offset += sizeof(h); 855 return ret; 856 } 857 858 /* 859 * respond to a challenge packet 860 */ 861 static int rxkad_respond_to_challenge(struct rxrpc_connection *conn, 862 struct sk_buff *challenge) 863 { 864 const struct rxrpc_key_token *token; 865 struct rxrpc_skb_priv *csp, *rsp; 866 struct sk_buff *response; 867 size_t len, offset = 0; 868 int ret = -EPROTO; 869 870 _enter("{%d,%x}", conn->debug_id, key_serial(conn->key)); 871 872 ret = key_validate(conn->key); 873 if (ret < 0) 874 return rxrpc_abort_conn(conn, challenge, RXKADEXPIRED, ret, 875 rxkad_abort_chall_key_expired); 876 877 token = conn->key->payload.data[0]; 878 879 /* build the response packet */ 880 len = sizeof(struct rxrpc_wire_header) + 881 sizeof(struct rxkad_response) + 882 token->kad->ticket_len; 883 884 response = alloc_skb_with_frags(0, len, 0, &ret, GFP_NOFS); 885 if (!response) 886 goto error; 887 rxrpc_new_skb(response, rxrpc_skb_new_response_rxkad); 888 response->len = len; 889 response->data_len = len; 890 891 offset = 0; 892 ret = rxkad_insert_response_header(conn, token, challenge, response, 893 &offset); 894 if (ret < 0) 895 goto error; 896 897 ret = rxkad_encrypt_response(conn, response, token->kad); 898 if (ret < 0) 899 goto error; 900 901 ret = skb_store_bits(response, offset, token->kad->ticket, 902 token->kad->ticket_len); 903 if (ret < 0) 904 goto error; 905 906 csp = rxrpc_skb(challenge); 907 rsp = rxrpc_skb(response); 908 rsp->resp.len = len; 909 rsp->resp.challenge_serial = csp->hdr.serial; 910 rxrpc_post_response(conn, response); 911 response = NULL; 912 ret = 0; 913 914 error: 915 rxrpc_free_skb(response, rxrpc_skb_put_response); 916 return ret; 917 } 918 919 /* 920 * RxKAD does automatic response only as there's nothing to manage that isn't 921 * already in the key. 922 */ 923 static int rxkad_sendmsg_respond_to_challenge(struct sk_buff *challenge, 924 struct msghdr *msg) 925 { 926 return -EINVAL; 927 } 928 929 /** 930 * rxkad_kernel_respond_to_challenge - Respond to a challenge with appdata 931 * @challenge: The challenge to respond to 932 * 933 * Allow a kernel application to respond to a CHALLENGE. 934 * 935 * Return: %0 if successful and a negative error code otherwise. 936 */ 937 int rxkad_kernel_respond_to_challenge(struct sk_buff *challenge) 938 { 939 struct rxrpc_skb_priv *csp = rxrpc_skb(challenge); 940 941 return rxkad_respond_to_challenge(csp->chall.conn, challenge); 942 } 943 EXPORT_SYMBOL(rxkad_kernel_respond_to_challenge); 944 945 /* 946 * decrypt the kerberos IV ticket in the response 947 */ 948 static int rxkad_decrypt_ticket(struct rxrpc_connection *conn, 949 struct key *server_key, 950 struct sk_buff *skb, 951 void *ticket, size_t ticket_len, 952 struct rxrpc_crypt *_session_key, 953 time64_t *_expiry) 954 { 955 struct skcipher_request *req; 956 struct rxrpc_crypt iv, key; 957 struct scatterlist sg[1]; 958 struct in_addr addr; 959 unsigned int life; 960 time64_t issue, now; 961 bool little_endian; 962 u8 *p, *q, *name, *end; 963 964 _enter("{%d},{%x}", conn->debug_id, key_serial(server_key)); 965 966 *_expiry = 0; 967 968 ASSERT(server_key->payload.data[0] != NULL); 969 ASSERTCMP((unsigned long) ticket & 7UL, ==, 0); 970 971 memcpy(&iv, &server_key->payload.data[2], sizeof(iv)); 972 973 req = skcipher_request_alloc(server_key->payload.data[0], GFP_NOFS); 974 if (!req) 975 return -ENOMEM; 976 977 sg_init_one(&sg[0], ticket, ticket_len); 978 skcipher_request_set_callback(req, 0, NULL, NULL); 979 skcipher_request_set_crypt(req, sg, sg, ticket_len, iv.x); 980 crypto_skcipher_decrypt(req); 981 skcipher_request_free(req); 982 983 p = ticket; 984 end = p + ticket_len; 985 986 #define Z(field, fieldl) \ 987 ({ \ 988 u8 *__str = p; \ 989 q = memchr(p, 0, end - p); \ 990 if (!q || q - p > field##_SZ) \ 991 return rxrpc_abort_conn( \ 992 conn, skb, RXKADBADTICKET, -EPROTO, \ 993 rxkad_abort_resp_tkt_##fieldl); \ 994 for (; p < q; p++) \ 995 if (!isprint(*p)) \ 996 return rxrpc_abort_conn( \ 997 conn, skb, RXKADBADTICKET, -EPROTO, \ 998 rxkad_abort_resp_tkt_##fieldl); \ 999 p++; \ 1000 __str; \ 1001 }) 1002 1003 /* extract the ticket flags */ 1004 _debug("KIV FLAGS: %x", *p); 1005 little_endian = *p & 1; 1006 p++; 1007 1008 /* extract the authentication name */ 1009 name = Z(ANAME, aname); 1010 _debug("KIV ANAME: %s", name); 1011 1012 /* extract the principal's instance */ 1013 name = Z(INST, inst); 1014 _debug("KIV INST : %s", name); 1015 1016 /* extract the principal's authentication domain */ 1017 name = Z(REALM, realm); 1018 _debug("KIV REALM: %s", name); 1019 1020 if (end - p < 4 + 8 + 4 + 2) 1021 return rxrpc_abort_conn(conn, skb, RXKADBADTICKET, -EPROTO, 1022 rxkad_abort_resp_tkt_short); 1023 1024 /* get the IPv4 address of the entity that requested the ticket */ 1025 memcpy(&addr, p, sizeof(addr)); 1026 p += 4; 1027 _debug("KIV ADDR : %pI4", &addr); 1028 1029 /* get the session key from the ticket */ 1030 memcpy(&key, p, sizeof(key)); 1031 p += 8; 1032 _debug("KIV KEY : %08x %08x", ntohl(key.n[0]), ntohl(key.n[1])); 1033 memcpy(_session_key, &key, sizeof(key)); 1034 1035 /* get the ticket's lifetime */ 1036 life = *p++ * 5 * 60; 1037 _debug("KIV LIFE : %u", life); 1038 1039 /* get the issue time of the ticket */ 1040 if (little_endian) { 1041 __le32 stamp; 1042 memcpy(&stamp, p, 4); 1043 issue = rxrpc_u32_to_time64(le32_to_cpu(stamp)); 1044 } else { 1045 __be32 stamp; 1046 memcpy(&stamp, p, 4); 1047 issue = rxrpc_u32_to_time64(be32_to_cpu(stamp)); 1048 } 1049 p += 4; 1050 now = ktime_get_real_seconds(); 1051 _debug("KIV ISSUE: %llx [%llx]", issue, now); 1052 1053 /* check the ticket is in date */ 1054 if (issue > now) 1055 return rxrpc_abort_conn(conn, skb, RXKADNOAUTH, -EKEYREJECTED, 1056 rxkad_abort_resp_tkt_future); 1057 if (issue < now - life) 1058 return rxrpc_abort_conn(conn, skb, RXKADEXPIRED, -EKEYEXPIRED, 1059 rxkad_abort_resp_tkt_expired); 1060 1061 *_expiry = issue + life; 1062 1063 /* get the service name */ 1064 name = Z(SNAME, sname); 1065 _debug("KIV SNAME: %s", name); 1066 1067 /* get the service instance name */ 1068 name = Z(INST, sinst); 1069 _debug("KIV SINST: %s", name); 1070 return 0; 1071 } 1072 1073 /* 1074 * decrypt the response packet 1075 */ 1076 static void rxkad_decrypt_response(struct rxrpc_connection *conn, 1077 struct rxkad_response *resp, 1078 const struct rxrpc_crypt *session_key) 1079 { 1080 struct skcipher_request *req = rxkad_ci_req; 1081 struct scatterlist sg[1]; 1082 struct rxrpc_crypt iv; 1083 1084 _enter(",,%08x%08x", 1085 ntohl(session_key->n[0]), ntohl(session_key->n[1])); 1086 1087 mutex_lock(&rxkad_ci_mutex); 1088 if (crypto_sync_skcipher_setkey(rxkad_ci, session_key->x, 1089 sizeof(*session_key)) < 0) 1090 BUG(); 1091 1092 memcpy(&iv, session_key, sizeof(iv)); 1093 1094 sg_init_table(sg, 1); 1095 sg_set_buf(sg, &resp->encrypted, sizeof(resp->encrypted)); 1096 skcipher_request_set_sync_tfm(req, rxkad_ci); 1097 skcipher_request_set_callback(req, 0, NULL, NULL); 1098 skcipher_request_set_crypt(req, sg, sg, sizeof(resp->encrypted), iv.x); 1099 crypto_skcipher_decrypt(req); 1100 skcipher_request_zero(req); 1101 1102 mutex_unlock(&rxkad_ci_mutex); 1103 1104 _leave(""); 1105 } 1106 1107 /* 1108 * verify a response 1109 */ 1110 static int rxkad_verify_response(struct rxrpc_connection *conn, 1111 struct sk_buff *skb) 1112 { 1113 struct rxkad_response *response; 1114 struct rxrpc_skb_priv *sp = rxrpc_skb(skb); 1115 struct rxrpc_crypt session_key; 1116 struct key *server_key; 1117 time64_t expiry; 1118 void *ticket; 1119 u32 version, kvno, ticket_len, level; 1120 __be32 csum; 1121 int ret, i; 1122 1123 _enter("{%d}", conn->debug_id); 1124 1125 server_key = rxrpc_look_up_server_security(conn, skb, 0, 0); 1126 if (IS_ERR(server_key)) { 1127 ret = PTR_ERR(server_key); 1128 switch (ret) { 1129 case -ENOKEY: 1130 return rxrpc_abort_conn(conn, skb, RXKADUNKNOWNKEY, ret, 1131 rxkad_abort_resp_nokey); 1132 case -EKEYEXPIRED: 1133 return rxrpc_abort_conn(conn, skb, RXKADEXPIRED, ret, 1134 rxkad_abort_resp_key_expired); 1135 default: 1136 return rxrpc_abort_conn(conn, skb, RXKADNOAUTH, ret, 1137 rxkad_abort_resp_key_rejected); 1138 } 1139 } 1140 1141 ret = -ENOMEM; 1142 response = kzalloc(sizeof(struct rxkad_response), GFP_NOFS); 1143 if (!response) 1144 goto temporary_error; 1145 1146 if (skb_copy_bits(skb, sizeof(struct rxrpc_wire_header), 1147 response, sizeof(*response)) < 0) { 1148 rxrpc_abort_conn(conn, skb, RXKADPACKETSHORT, -EPROTO, 1149 rxkad_abort_resp_short); 1150 goto protocol_error; 1151 } 1152 1153 version = ntohl(response->version); 1154 ticket_len = ntohl(response->ticket_len); 1155 kvno = ntohl(response->kvno); 1156 1157 trace_rxrpc_rx_response(conn, sp->hdr.serial, version, kvno, ticket_len); 1158 1159 if (version != RXKAD_VERSION) { 1160 rxrpc_abort_conn(conn, skb, RXKADINCONSISTENCY, -EPROTO, 1161 rxkad_abort_resp_version); 1162 goto protocol_error; 1163 } 1164 1165 if (ticket_len < 4 || ticket_len > MAXKRB5TICKETLEN) { 1166 rxrpc_abort_conn(conn, skb, RXKADTICKETLEN, -EPROTO, 1167 rxkad_abort_resp_tkt_len); 1168 goto protocol_error; 1169 } 1170 1171 if (kvno >= RXKAD_TKT_TYPE_KERBEROS_V5) { 1172 rxrpc_abort_conn(conn, skb, RXKADUNKNOWNKEY, -EPROTO, 1173 rxkad_abort_resp_unknown_tkt); 1174 goto protocol_error; 1175 } 1176 1177 /* extract the kerberos ticket and decrypt and decode it */ 1178 ret = -ENOMEM; 1179 ticket = kmalloc(ticket_len, GFP_NOFS); 1180 if (!ticket) 1181 goto temporary_error_free_resp; 1182 1183 if (skb_copy_bits(skb, sizeof(struct rxrpc_wire_header) + sizeof(*response), 1184 ticket, ticket_len) < 0) { 1185 rxrpc_abort_conn(conn, skb, RXKADPACKETSHORT, -EPROTO, 1186 rxkad_abort_resp_short_tkt); 1187 goto protocol_error; 1188 } 1189 1190 ret = rxkad_decrypt_ticket(conn, server_key, skb, ticket, ticket_len, 1191 &session_key, &expiry); 1192 if (ret < 0) 1193 goto temporary_error_free_ticket; 1194 1195 /* use the session key from inside the ticket to decrypt the 1196 * response */ 1197 rxkad_decrypt_response(conn, response, &session_key); 1198 1199 if (ntohl(response->encrypted.epoch) != conn->proto.epoch || 1200 ntohl(response->encrypted.cid) != conn->proto.cid || 1201 ntohl(response->encrypted.securityIndex) != conn->security_ix) { 1202 rxrpc_abort_conn(conn, skb, RXKADSEALEDINCON, -EPROTO, 1203 rxkad_abort_resp_bad_param); 1204 goto protocol_error_free; 1205 } 1206 1207 csum = response->encrypted.checksum; 1208 response->encrypted.checksum = 0; 1209 rxkad_calc_response_checksum(response); 1210 if (response->encrypted.checksum != csum) { 1211 rxrpc_abort_conn(conn, skb, RXKADSEALEDINCON, -EPROTO, 1212 rxkad_abort_resp_bad_checksum); 1213 goto protocol_error_free; 1214 } 1215 1216 for (i = 0; i < RXRPC_MAXCALLS; i++) { 1217 u32 call_id = ntohl(response->encrypted.call_id[i]); 1218 u32 counter = READ_ONCE(conn->channels[i].call_counter); 1219 1220 if (call_id > INT_MAX) { 1221 rxrpc_abort_conn(conn, skb, RXKADSEALEDINCON, -EPROTO, 1222 rxkad_abort_resp_bad_callid); 1223 goto protocol_error_free; 1224 } 1225 1226 if (call_id < counter) { 1227 rxrpc_abort_conn(conn, skb, RXKADSEALEDINCON, -EPROTO, 1228 rxkad_abort_resp_call_ctr); 1229 goto protocol_error_free; 1230 } 1231 1232 if (call_id > counter) { 1233 if (conn->channels[i].call) { 1234 rxrpc_abort_conn(conn, skb, RXKADSEALEDINCON, -EPROTO, 1235 rxkad_abort_resp_call_state); 1236 goto protocol_error_free; 1237 } 1238 conn->channels[i].call_counter = call_id; 1239 } 1240 } 1241 1242 if (ntohl(response->encrypted.inc_nonce) != conn->rxkad.nonce + 1) { 1243 rxrpc_abort_conn(conn, skb, RXKADOUTOFSEQUENCE, -EPROTO, 1244 rxkad_abort_resp_ooseq); 1245 goto protocol_error_free; 1246 } 1247 1248 level = ntohl(response->encrypted.level); 1249 if (level > RXRPC_SECURITY_ENCRYPT) { 1250 rxrpc_abort_conn(conn, skb, RXKADLEVELFAIL, -EPROTO, 1251 rxkad_abort_resp_level); 1252 goto protocol_error_free; 1253 } 1254 conn->security_level = level; 1255 1256 /* create a key to hold the security data and expiration time - after 1257 * this the connection security can be handled in exactly the same way 1258 * as for a client connection */ 1259 ret = rxrpc_get_server_data_key(conn, &session_key, expiry, kvno); 1260 if (ret < 0) 1261 goto temporary_error_free_ticket; 1262 1263 kfree(ticket); 1264 kfree(response); 1265 _leave(" = 0"); 1266 return 0; 1267 1268 protocol_error_free: 1269 kfree(ticket); 1270 protocol_error: 1271 kfree(response); 1272 key_put(server_key); 1273 return -EPROTO; 1274 1275 temporary_error_free_ticket: 1276 kfree(ticket); 1277 temporary_error_free_resp: 1278 kfree(response); 1279 temporary_error: 1280 /* Ignore the response packet if we got a temporary error such as 1281 * ENOMEM. We just want to send the challenge again. Note that we 1282 * also come out this way if the ticket decryption fails. 1283 */ 1284 key_put(server_key); 1285 return ret; 1286 } 1287 1288 /* 1289 * clear the connection security 1290 */ 1291 static void rxkad_clear(struct rxrpc_connection *conn) 1292 { 1293 _enter(""); 1294 1295 if (conn->rxkad.cipher) 1296 crypto_free_sync_skcipher(conn->rxkad.cipher); 1297 } 1298 1299 /* 1300 * Initialise the rxkad security service. 1301 */ 1302 static int rxkad_init(void) 1303 { 1304 struct crypto_sync_skcipher *tfm; 1305 struct skcipher_request *req; 1306 1307 /* pin the cipher we need so that the crypto layer doesn't invoke 1308 * keventd to go get it */ 1309 tfm = crypto_alloc_sync_skcipher("pcbc(fcrypt)", 0, 0); 1310 if (IS_ERR(tfm)) 1311 return PTR_ERR(tfm); 1312 1313 req = skcipher_request_alloc(&tfm->base, GFP_KERNEL); 1314 if (!req) 1315 goto nomem_tfm; 1316 1317 rxkad_ci_req = req; 1318 rxkad_ci = tfm; 1319 return 0; 1320 1321 nomem_tfm: 1322 crypto_free_sync_skcipher(tfm); 1323 return -ENOMEM; 1324 } 1325 1326 /* 1327 * Clean up the rxkad security service. 1328 */ 1329 static void rxkad_exit(void) 1330 { 1331 crypto_free_sync_skcipher(rxkad_ci); 1332 skcipher_request_free(rxkad_ci_req); 1333 } 1334 1335 /* 1336 * RxRPC Kerberos-based security 1337 */ 1338 const struct rxrpc_security rxkad = { 1339 .name = "rxkad", 1340 .security_index = RXRPC_SECURITY_RXKAD, 1341 .no_key_abort = RXKADUNKNOWNKEY, 1342 .init = rxkad_init, 1343 .exit = rxkad_exit, 1344 .preparse_server_key = rxkad_preparse_server_key, 1345 .free_preparse_server_key = rxkad_free_preparse_server_key, 1346 .destroy_server_key = rxkad_destroy_server_key, 1347 .init_connection_security = rxkad_init_connection_security, 1348 .alloc_txbuf = rxkad_alloc_txbuf, 1349 .secure_packet = rxkad_secure_packet, 1350 .verify_packet = rxkad_verify_packet, 1351 .free_call_crypto = rxkad_free_call_crypto, 1352 .issue_challenge = rxkad_issue_challenge, 1353 .validate_challenge = rxkad_validate_challenge, 1354 .sendmsg_respond_to_challenge = rxkad_sendmsg_respond_to_challenge, 1355 .respond_to_challenge = rxkad_respond_to_challenge, 1356 .verify_response = rxkad_verify_response, 1357 .clear = rxkad_clear, 1358 }; 1359