1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /* Kerberos-based RxRPC security
3 *
4 * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
5 * Written by David Howells (dhowells@redhat.com)
6 */
7
8 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
9
10 #include <crypto/skcipher.h>
11 #include <linux/module.h>
12 #include <linux/net.h>
13 #include <linux/skbuff.h>
14 #include <linux/udp.h>
15 #include <linux/scatterlist.h>
16 #include <linux/ctype.h>
17 #include <linux/slab.h>
18 #include <linux/key-type.h>
19 #include <net/sock.h>
20 #include <net/af_rxrpc.h>
21 #include <keys/rxrpc-type.h>
22 #include "ar-internal.h"
23
24 #define RXKAD_VERSION 2
25 #define MAXKRB5TICKETLEN 1024
26 #define RXKAD_TKT_TYPE_KERBEROS_V5 256
27 #define ANAME_SZ 40 /* size of authentication name */
28 #define INST_SZ 40 /* size of principal's instance */
29 #define REALM_SZ 40 /* size of principal's auth domain */
30 #define SNAME_SZ 40 /* size of service name */
31 #define RXKAD_ALIGN 8
32
33 struct rxkad_level1_hdr {
34 __be32 data_size; /* true data size (excluding padding) */
35 };
36
37 struct rxkad_level2_hdr {
38 __be32 data_size; /* true data size (excluding padding) */
39 __be32 checksum; /* decrypted data checksum */
40 };
41
42 static int rxkad_prime_packet_security(struct rxrpc_connection *conn,
43 struct crypto_sync_skcipher *ci);
44
45 /*
46 * this holds a pinned cipher so that keventd doesn't get called by the cipher
47 * alloc routine, but since we have it to hand, we use it to decrypt RESPONSE
48 * packets
49 */
50 static struct crypto_sync_skcipher *rxkad_ci;
51 static struct skcipher_request *rxkad_ci_req;
52 static DEFINE_MUTEX(rxkad_ci_mutex);
53
54 /*
55 * Parse the information from a server key
56 *
57 * The data should be the 8-byte secret key.
58 */
rxkad_preparse_server_key(struct key_preparsed_payload * prep)59 static int rxkad_preparse_server_key(struct key_preparsed_payload *prep)
60 {
61 struct crypto_skcipher *ci;
62
63 if (prep->datalen != 8)
64 return -EINVAL;
65
66 memcpy(&prep->payload.data[2], prep->data, 8);
67
68 ci = crypto_alloc_skcipher("pcbc(des)", 0, CRYPTO_ALG_ASYNC);
69 if (IS_ERR(ci)) {
70 _leave(" = %ld", PTR_ERR(ci));
71 return PTR_ERR(ci);
72 }
73
74 if (crypto_skcipher_setkey(ci, prep->data, 8) < 0)
75 BUG();
76
77 prep->payload.data[0] = ci;
78 _leave(" = 0");
79 return 0;
80 }
81
rxkad_free_preparse_server_key(struct key_preparsed_payload * prep)82 static void rxkad_free_preparse_server_key(struct key_preparsed_payload *prep)
83 {
84
85 if (prep->payload.data[0])
86 crypto_free_skcipher(prep->payload.data[0]);
87 }
88
rxkad_destroy_server_key(struct key * key)89 static void rxkad_destroy_server_key(struct key *key)
90 {
91 if (key->payload.data[0]) {
92 crypto_free_skcipher(key->payload.data[0]);
93 key->payload.data[0] = NULL;
94 }
95 }
96
97 /*
98 * initialise connection security
99 */
rxkad_init_connection_security(struct rxrpc_connection * conn,struct rxrpc_key_token * token)100 static int rxkad_init_connection_security(struct rxrpc_connection *conn,
101 struct rxrpc_key_token *token)
102 {
103 struct crypto_sync_skcipher *ci;
104 int ret;
105
106 _enter("{%d},{%x}", conn->debug_id, key_serial(conn->key));
107
108 conn->security_ix = token->security_index;
109
110 ci = crypto_alloc_sync_skcipher("pcbc(fcrypt)", 0, 0);
111 if (IS_ERR(ci)) {
112 _debug("no cipher");
113 ret = PTR_ERR(ci);
114 goto error;
115 }
116
117 if (crypto_sync_skcipher_setkey(ci, token->kad->session_key,
118 sizeof(token->kad->session_key)) < 0)
119 BUG();
120
121 switch (conn->security_level) {
122 case RXRPC_SECURITY_PLAIN:
123 case RXRPC_SECURITY_AUTH:
124 case RXRPC_SECURITY_ENCRYPT:
125 break;
126 default:
127 ret = -EKEYREJECTED;
128 goto error;
129 }
130
131 ret = rxkad_prime_packet_security(conn, ci);
132 if (ret < 0)
133 goto error_ci;
134
135 conn->rxkad.cipher = ci;
136 return 0;
137
138 error_ci:
139 crypto_free_sync_skcipher(ci);
140 error:
141 _leave(" = %d", ret);
142 return ret;
143 }
144
145 /*
146 * Work out how much data we can put in a packet.
147 */
rxkad_alloc_txbuf(struct rxrpc_call * call,size_t remain,gfp_t gfp)148 static struct rxrpc_txbuf *rxkad_alloc_txbuf(struct rxrpc_call *call, size_t remain, gfp_t gfp)
149 {
150 struct rxrpc_txbuf *txb;
151 size_t shdr, alloc, limit, part;
152
153 remain = umin(remain, 65535 - sizeof(struct rxrpc_wire_header));
154
155 switch (call->conn->security_level) {
156 default:
157 alloc = umin(remain, RXRPC_JUMBO_DATALEN);
158 return rxrpc_alloc_data_txbuf(call, alloc, 1, gfp);
159 case RXRPC_SECURITY_AUTH:
160 shdr = sizeof(struct rxkad_level1_hdr);
161 break;
162 case RXRPC_SECURITY_ENCRYPT:
163 shdr = sizeof(struct rxkad_level2_hdr);
164 break;
165 }
166
167 limit = round_down(RXRPC_JUMBO_DATALEN, RXKAD_ALIGN) - shdr;
168 if (remain < limit) {
169 part = remain;
170 alloc = round_up(shdr + part, RXKAD_ALIGN);
171 } else {
172 part = limit;
173 alloc = RXRPC_JUMBO_DATALEN;
174 }
175
176 txb = rxrpc_alloc_data_txbuf(call, alloc, RXKAD_ALIGN, gfp);
177 if (!txb)
178 return NULL;
179
180 txb->offset += shdr;
181 txb->space = part;
182 return txb;
183 }
184
185 /*
186 * prime the encryption state with the invariant parts of a connection's
187 * description
188 */
rxkad_prime_packet_security(struct rxrpc_connection * conn,struct crypto_sync_skcipher * ci)189 static int rxkad_prime_packet_security(struct rxrpc_connection *conn,
190 struct crypto_sync_skcipher *ci)
191 {
192 struct skcipher_request *req;
193 struct rxrpc_key_token *token;
194 struct scatterlist sg;
195 struct rxrpc_crypt iv;
196 __be32 *tmpbuf;
197 size_t tmpsize = 4 * sizeof(__be32);
198
199 _enter("");
200
201 if (!conn->key)
202 return 0;
203
204 tmpbuf = kmalloc(tmpsize, GFP_KERNEL);
205 if (!tmpbuf)
206 return -ENOMEM;
207
208 req = skcipher_request_alloc(&ci->base, GFP_NOFS);
209 if (!req) {
210 kfree(tmpbuf);
211 return -ENOMEM;
212 }
213
214 token = conn->key->payload.data[0];
215 memcpy(&iv, token->kad->session_key, sizeof(iv));
216
217 tmpbuf[0] = htonl(conn->proto.epoch);
218 tmpbuf[1] = htonl(conn->proto.cid);
219 tmpbuf[2] = 0;
220 tmpbuf[3] = htonl(conn->security_ix);
221
222 sg_init_one(&sg, tmpbuf, tmpsize);
223 skcipher_request_set_sync_tfm(req, ci);
224 skcipher_request_set_callback(req, 0, NULL, NULL);
225 skcipher_request_set_crypt(req, &sg, &sg, tmpsize, iv.x);
226 crypto_skcipher_encrypt(req);
227 skcipher_request_free(req);
228
229 memcpy(&conn->rxkad.csum_iv, tmpbuf + 2, sizeof(conn->rxkad.csum_iv));
230 kfree(tmpbuf);
231 _leave(" = 0");
232 return 0;
233 }
234
235 /*
236 * Allocate and prepare the crypto request on a call. For any particular call,
237 * this is called serially for the packets, so no lock should be necessary.
238 */
rxkad_get_call_crypto(struct rxrpc_call * call)239 static struct skcipher_request *rxkad_get_call_crypto(struct rxrpc_call *call)
240 {
241 struct crypto_skcipher *tfm = &call->conn->rxkad.cipher->base;
242
243 return skcipher_request_alloc(tfm, GFP_NOFS);
244 }
245
246 /*
247 * Clean up the crypto on a call.
248 */
rxkad_free_call_crypto(struct rxrpc_call * call)249 static void rxkad_free_call_crypto(struct rxrpc_call *call)
250 {
251 }
252
253 /*
254 * partially encrypt a packet (level 1 security)
255 */
rxkad_secure_packet_auth(const struct rxrpc_call * call,struct rxrpc_txbuf * txb,struct skcipher_request * req)256 static int rxkad_secure_packet_auth(const struct rxrpc_call *call,
257 struct rxrpc_txbuf *txb,
258 struct skcipher_request *req)
259 {
260 struct rxkad_level1_hdr *hdr = txb->data;
261 struct rxrpc_crypt iv;
262 struct scatterlist sg;
263 size_t pad;
264 u16 check;
265
266 _enter("");
267
268 check = txb->seq ^ call->call_id;
269 hdr->data_size = htonl((u32)check << 16 | txb->len);
270
271 txb->pkt_len = sizeof(struct rxkad_level1_hdr) + txb->len;
272 pad = txb->pkt_len;
273 pad = RXKAD_ALIGN - pad;
274 pad &= RXKAD_ALIGN - 1;
275 if (pad) {
276 memset(txb->data + txb->offset, 0, pad);
277 txb->pkt_len += pad;
278 }
279
280 /* start the encryption afresh */
281 memset(&iv, 0, sizeof(iv));
282
283 sg_init_one(&sg, hdr, 8);
284 skcipher_request_set_sync_tfm(req, call->conn->rxkad.cipher);
285 skcipher_request_set_callback(req, 0, NULL, NULL);
286 skcipher_request_set_crypt(req, &sg, &sg, 8, iv.x);
287 crypto_skcipher_encrypt(req);
288 skcipher_request_zero(req);
289
290 _leave(" = 0");
291 return 0;
292 }
293
294 /*
295 * wholly encrypt a packet (level 2 security)
296 */
rxkad_secure_packet_encrypt(const struct rxrpc_call * call,struct rxrpc_txbuf * txb,struct skcipher_request * req)297 static int rxkad_secure_packet_encrypt(const struct rxrpc_call *call,
298 struct rxrpc_txbuf *txb,
299 struct skcipher_request *req)
300 {
301 const struct rxrpc_key_token *token;
302 struct rxkad_level2_hdr *rxkhdr = txb->data;
303 struct rxrpc_crypt iv;
304 struct scatterlist sg;
305 size_t content, pad;
306 u16 check;
307 int ret;
308
309 _enter("");
310
311 check = txb->seq ^ call->call_id;
312
313 rxkhdr->data_size = htonl(txb->len | (u32)check << 16);
314 rxkhdr->checksum = 0;
315
316 content = sizeof(struct rxkad_level2_hdr) + txb->len;
317 txb->pkt_len = round_up(content, RXKAD_ALIGN);
318 pad = txb->pkt_len - content;
319 if (pad)
320 memset(txb->data + txb->offset, 0, pad);
321
322 /* encrypt from the session key */
323 token = call->conn->key->payload.data[0];
324 memcpy(&iv, token->kad->session_key, sizeof(iv));
325
326 sg_init_one(&sg, rxkhdr, txb->pkt_len);
327 skcipher_request_set_sync_tfm(req, call->conn->rxkad.cipher);
328 skcipher_request_set_callback(req, 0, NULL, NULL);
329 skcipher_request_set_crypt(req, &sg, &sg, txb->pkt_len, iv.x);
330 ret = crypto_skcipher_encrypt(req);
331 skcipher_request_zero(req);
332 return ret;
333 }
334
335 /*
336 * checksum an RxRPC packet header
337 */
rxkad_secure_packet(struct rxrpc_call * call,struct rxrpc_txbuf * txb)338 static int rxkad_secure_packet(struct rxrpc_call *call, struct rxrpc_txbuf *txb)
339 {
340 struct skcipher_request *req;
341 struct rxrpc_crypt iv;
342 struct scatterlist sg;
343 union {
344 __be32 buf[2];
345 } crypto __aligned(8);
346 u32 x, y;
347 int ret;
348
349 _enter("{%d{%x}},{#%u},%u,",
350 call->debug_id, key_serial(call->conn->key),
351 txb->seq, txb->len);
352
353 if (!call->conn->rxkad.cipher)
354 return 0;
355
356 ret = key_validate(call->conn->key);
357 if (ret < 0)
358 return ret;
359
360 req = rxkad_get_call_crypto(call);
361 if (!req)
362 return -ENOMEM;
363
364 /* continue encrypting from where we left off */
365 memcpy(&iv, call->conn->rxkad.csum_iv.x, sizeof(iv));
366
367 /* calculate the security checksum */
368 x = (call->cid & RXRPC_CHANNELMASK) << (32 - RXRPC_CIDSHIFT);
369 x |= txb->seq & 0x3fffffff;
370 crypto.buf[0] = htonl(call->call_id);
371 crypto.buf[1] = htonl(x);
372
373 sg_init_one(&sg, crypto.buf, 8);
374 skcipher_request_set_sync_tfm(req, call->conn->rxkad.cipher);
375 skcipher_request_set_callback(req, 0, NULL, NULL);
376 skcipher_request_set_crypt(req, &sg, &sg, 8, iv.x);
377 crypto_skcipher_encrypt(req);
378 skcipher_request_zero(req);
379
380 y = ntohl(crypto.buf[1]);
381 y = (y >> 16) & 0xffff;
382 if (y == 0)
383 y = 1; /* zero checksums are not permitted */
384 txb->cksum = htons(y);
385
386 switch (call->conn->security_level) {
387 case RXRPC_SECURITY_PLAIN:
388 txb->pkt_len = txb->len;
389 ret = 0;
390 break;
391 case RXRPC_SECURITY_AUTH:
392 ret = rxkad_secure_packet_auth(call, txb, req);
393 if (txb->alloc_size == RXRPC_JUMBO_DATALEN)
394 txb->jumboable = true;
395 break;
396 case RXRPC_SECURITY_ENCRYPT:
397 ret = rxkad_secure_packet_encrypt(call, txb, req);
398 if (txb->alloc_size == RXRPC_JUMBO_DATALEN)
399 txb->jumboable = true;
400 break;
401 default:
402 ret = -EPERM;
403 break;
404 }
405
406 /* Clear excess space in the packet */
407 if (txb->pkt_len < txb->alloc_size) {
408 size_t gap = txb->alloc_size - txb->pkt_len;
409 void *p = txb->data;
410
411 memset(p + txb->pkt_len, 0, gap);
412 }
413
414 skcipher_request_free(req);
415 _leave(" = %d [set %x]", ret, y);
416 return ret;
417 }
418
419 /*
420 * decrypt partial encryption on a packet (level 1 security)
421 */
rxkad_verify_packet_1(struct rxrpc_call * call,struct sk_buff * skb,rxrpc_seq_t seq,struct skcipher_request * req)422 static int rxkad_verify_packet_1(struct rxrpc_call *call, struct sk_buff *skb,
423 rxrpc_seq_t seq,
424 struct skcipher_request *req)
425 {
426 struct rxkad_level1_hdr sechdr;
427 struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
428 struct rxrpc_crypt iv;
429 struct scatterlist sg[16];
430 u32 data_size, buf;
431 u16 check;
432 int ret;
433
434 _enter("");
435
436 if (sp->len < 8)
437 return rxrpc_abort_eproto(call, skb, RXKADSEALEDINCON,
438 rxkad_abort_1_short_header);
439
440 /* Decrypt the skbuff in-place. TODO: We really want to decrypt
441 * directly into the target buffer.
442 */
443 sg_init_table(sg, ARRAY_SIZE(sg));
444 ret = skb_to_sgvec(skb, sg, sp->offset, 8);
445 if (unlikely(ret < 0))
446 return ret;
447
448 /* start the decryption afresh */
449 memset(&iv, 0, sizeof(iv));
450
451 skcipher_request_set_sync_tfm(req, call->conn->rxkad.cipher);
452 skcipher_request_set_callback(req, 0, NULL, NULL);
453 skcipher_request_set_crypt(req, sg, sg, 8, iv.x);
454 crypto_skcipher_decrypt(req);
455 skcipher_request_zero(req);
456
457 /* Extract the decrypted packet length */
458 if (skb_copy_bits(skb, sp->offset, &sechdr, sizeof(sechdr)) < 0)
459 return rxrpc_abort_eproto(call, skb, RXKADDATALEN,
460 rxkad_abort_1_short_encdata);
461 sp->offset += sizeof(sechdr);
462 sp->len -= sizeof(sechdr);
463
464 buf = ntohl(sechdr.data_size);
465 data_size = buf & 0xffff;
466
467 check = buf >> 16;
468 check ^= seq ^ call->call_id;
469 check &= 0xffff;
470 if (check != 0)
471 return rxrpc_abort_eproto(call, skb, RXKADSEALEDINCON,
472 rxkad_abort_1_short_check);
473 if (data_size > sp->len)
474 return rxrpc_abort_eproto(call, skb, RXKADDATALEN,
475 rxkad_abort_1_short_data);
476 sp->len = data_size;
477
478 _leave(" = 0 [dlen=%x]", data_size);
479 return 0;
480 }
481
482 /*
483 * wholly decrypt a packet (level 2 security)
484 */
rxkad_verify_packet_2(struct rxrpc_call * call,struct sk_buff * skb,rxrpc_seq_t seq,struct skcipher_request * req)485 static int rxkad_verify_packet_2(struct rxrpc_call *call, struct sk_buff *skb,
486 rxrpc_seq_t seq,
487 struct skcipher_request *req)
488 {
489 const struct rxrpc_key_token *token;
490 struct rxkad_level2_hdr sechdr;
491 struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
492 struct rxrpc_crypt iv;
493 struct scatterlist _sg[4], *sg;
494 u32 data_size, buf;
495 u16 check;
496 int nsg, ret;
497
498 _enter(",{%d}", sp->len);
499
500 if (sp->len < 8)
501 return rxrpc_abort_eproto(call, skb, RXKADSEALEDINCON,
502 rxkad_abort_2_short_header);
503
504 /* Decrypt the skbuff in-place. TODO: We really want to decrypt
505 * directly into the target buffer.
506 */
507 sg = _sg;
508 nsg = skb_shinfo(skb)->nr_frags + 1;
509 if (nsg <= 4) {
510 nsg = 4;
511 } else {
512 sg = kmalloc_array(nsg, sizeof(*sg), GFP_NOIO);
513 if (!sg)
514 return -ENOMEM;
515 }
516
517 sg_init_table(sg, nsg);
518 ret = skb_to_sgvec(skb, sg, sp->offset, sp->len);
519 if (unlikely(ret < 0)) {
520 if (sg != _sg)
521 kfree(sg);
522 return ret;
523 }
524
525 /* decrypt from the session key */
526 token = call->conn->key->payload.data[0];
527 memcpy(&iv, token->kad->session_key, sizeof(iv));
528
529 skcipher_request_set_sync_tfm(req, call->conn->rxkad.cipher);
530 skcipher_request_set_callback(req, 0, NULL, NULL);
531 skcipher_request_set_crypt(req, sg, sg, sp->len, iv.x);
532 crypto_skcipher_decrypt(req);
533 skcipher_request_zero(req);
534 if (sg != _sg)
535 kfree(sg);
536
537 /* Extract the decrypted packet length */
538 if (skb_copy_bits(skb, sp->offset, &sechdr, sizeof(sechdr)) < 0)
539 return rxrpc_abort_eproto(call, skb, RXKADDATALEN,
540 rxkad_abort_2_short_len);
541 sp->offset += sizeof(sechdr);
542 sp->len -= sizeof(sechdr);
543
544 buf = ntohl(sechdr.data_size);
545 data_size = buf & 0xffff;
546
547 check = buf >> 16;
548 check ^= seq ^ call->call_id;
549 check &= 0xffff;
550 if (check != 0)
551 return rxrpc_abort_eproto(call, skb, RXKADSEALEDINCON,
552 rxkad_abort_2_short_check);
553
554 if (data_size > sp->len)
555 return rxrpc_abort_eproto(call, skb, RXKADDATALEN,
556 rxkad_abort_2_short_data);
557
558 sp->len = data_size;
559 _leave(" = 0 [dlen=%x]", data_size);
560 return 0;
561 }
562
563 /*
564 * Verify the security on a received packet and the subpackets therein.
565 */
rxkad_verify_packet(struct rxrpc_call * call,struct sk_buff * skb)566 static int rxkad_verify_packet(struct rxrpc_call *call, struct sk_buff *skb)
567 {
568 struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
569 struct skcipher_request *req;
570 struct rxrpc_crypt iv;
571 struct scatterlist sg;
572 union {
573 __be32 buf[2];
574 } crypto __aligned(8);
575 rxrpc_seq_t seq = sp->hdr.seq;
576 int ret;
577 u16 cksum;
578 u32 x, y;
579
580 _enter("{%d{%x}},{#%u}",
581 call->debug_id, key_serial(call->conn->key), seq);
582
583 if (!call->conn->rxkad.cipher)
584 return 0;
585
586 req = rxkad_get_call_crypto(call);
587 if (!req)
588 return -ENOMEM;
589
590 /* continue encrypting from where we left off */
591 memcpy(&iv, call->conn->rxkad.csum_iv.x, sizeof(iv));
592
593 /* validate the security checksum */
594 x = (call->cid & RXRPC_CHANNELMASK) << (32 - RXRPC_CIDSHIFT);
595 x |= seq & 0x3fffffff;
596 crypto.buf[0] = htonl(call->call_id);
597 crypto.buf[1] = htonl(x);
598
599 sg_init_one(&sg, crypto.buf, 8);
600 skcipher_request_set_sync_tfm(req, call->conn->rxkad.cipher);
601 skcipher_request_set_callback(req, 0, NULL, NULL);
602 skcipher_request_set_crypt(req, &sg, &sg, 8, iv.x);
603 crypto_skcipher_encrypt(req);
604 skcipher_request_zero(req);
605
606 y = ntohl(crypto.buf[1]);
607 cksum = (y >> 16) & 0xffff;
608 if (cksum == 0)
609 cksum = 1; /* zero checksums are not permitted */
610
611 if (cksum != sp->hdr.cksum) {
612 ret = rxrpc_abort_eproto(call, skb, RXKADSEALEDINCON,
613 rxkad_abort_bad_checksum);
614 goto out;
615 }
616
617 switch (call->conn->security_level) {
618 case RXRPC_SECURITY_PLAIN:
619 ret = 0;
620 break;
621 case RXRPC_SECURITY_AUTH:
622 ret = rxkad_verify_packet_1(call, skb, seq, req);
623 break;
624 case RXRPC_SECURITY_ENCRYPT:
625 ret = rxkad_verify_packet_2(call, skb, seq, req);
626 break;
627 default:
628 ret = -ENOANO;
629 break;
630 }
631
632 out:
633 skcipher_request_free(req);
634 return ret;
635 }
636
637 /*
638 * issue a challenge
639 */
rxkad_issue_challenge(struct rxrpc_connection * conn)640 static int rxkad_issue_challenge(struct rxrpc_connection *conn)
641 {
642 struct rxkad_challenge challenge;
643 struct rxrpc_wire_header whdr;
644 struct msghdr msg;
645 struct kvec iov[2];
646 size_t len;
647 u32 serial;
648 int ret;
649
650 _enter("{%d}", conn->debug_id);
651
652 get_random_bytes(&conn->rxkad.nonce, sizeof(conn->rxkad.nonce));
653
654 challenge.version = htonl(2);
655 challenge.nonce = htonl(conn->rxkad.nonce);
656 challenge.min_level = htonl(0);
657 challenge.__padding = 0;
658
659 msg.msg_name = &conn->peer->srx.transport;
660 msg.msg_namelen = conn->peer->srx.transport_len;
661 msg.msg_control = NULL;
662 msg.msg_controllen = 0;
663 msg.msg_flags = 0;
664
665 whdr.epoch = htonl(conn->proto.epoch);
666 whdr.cid = htonl(conn->proto.cid);
667 whdr.callNumber = 0;
668 whdr.seq = 0;
669 whdr.type = RXRPC_PACKET_TYPE_CHALLENGE;
670 whdr.flags = conn->out_clientflag;
671 whdr.userStatus = 0;
672 whdr.securityIndex = conn->security_ix;
673 whdr._rsvd = 0;
674 whdr.serviceId = htons(conn->service_id);
675
676 iov[0].iov_base = &whdr;
677 iov[0].iov_len = sizeof(whdr);
678 iov[1].iov_base = &challenge;
679 iov[1].iov_len = sizeof(challenge);
680
681 len = iov[0].iov_len + iov[1].iov_len;
682
683 serial = rxrpc_get_next_serial(conn);
684 whdr.serial = htonl(serial);
685
686 ret = kernel_sendmsg(conn->local->socket, &msg, iov, 2, len);
687 if (ret < 0) {
688 trace_rxrpc_tx_fail(conn->debug_id, serial, ret,
689 rxrpc_tx_point_rxkad_challenge);
690 return -EAGAIN;
691 }
692
693 conn->peer->last_tx_at = ktime_get_seconds();
694 trace_rxrpc_tx_packet(conn->debug_id, &whdr,
695 rxrpc_tx_point_rxkad_challenge);
696 _leave(" = 0");
697 return 0;
698 }
699
700 /*
701 * send a Kerberos security response
702 */
rxkad_send_response(struct rxrpc_connection * conn,struct rxrpc_host_header * hdr,struct rxkad_response * resp,const struct rxkad_key * s2)703 static int rxkad_send_response(struct rxrpc_connection *conn,
704 struct rxrpc_host_header *hdr,
705 struct rxkad_response *resp,
706 const struct rxkad_key *s2)
707 {
708 struct rxrpc_wire_header whdr;
709 struct msghdr msg;
710 struct kvec iov[3];
711 size_t len;
712 u32 serial;
713 int ret;
714
715 _enter("");
716
717 msg.msg_name = &conn->peer->srx.transport;
718 msg.msg_namelen = conn->peer->srx.transport_len;
719 msg.msg_control = NULL;
720 msg.msg_controllen = 0;
721 msg.msg_flags = 0;
722
723 memset(&whdr, 0, sizeof(whdr));
724 whdr.epoch = htonl(hdr->epoch);
725 whdr.cid = htonl(hdr->cid);
726 whdr.type = RXRPC_PACKET_TYPE_RESPONSE;
727 whdr.flags = conn->out_clientflag;
728 whdr.securityIndex = hdr->securityIndex;
729 whdr.serviceId = htons(hdr->serviceId);
730
731 iov[0].iov_base = &whdr;
732 iov[0].iov_len = sizeof(whdr);
733 iov[1].iov_base = resp;
734 iov[1].iov_len = sizeof(*resp);
735 iov[2].iov_base = (void *)s2->ticket;
736 iov[2].iov_len = s2->ticket_len;
737
738 len = iov[0].iov_len + iov[1].iov_len + iov[2].iov_len;
739
740 serial = rxrpc_get_next_serial(conn);
741 whdr.serial = htonl(serial);
742
743 rxrpc_local_dont_fragment(conn->local, false);
744 ret = kernel_sendmsg(conn->local->socket, &msg, iov, 3, len);
745 if (ret < 0) {
746 trace_rxrpc_tx_fail(conn->debug_id, serial, ret,
747 rxrpc_tx_point_rxkad_response);
748 return -EAGAIN;
749 }
750
751 conn->peer->last_tx_at = ktime_get_seconds();
752 _leave(" = 0");
753 return 0;
754 }
755
756 /*
757 * calculate the response checksum
758 */
rxkad_calc_response_checksum(struct rxkad_response * response)759 static void rxkad_calc_response_checksum(struct rxkad_response *response)
760 {
761 u32 csum = 1000003;
762 int loop;
763 u8 *p = (u8 *) response;
764
765 for (loop = sizeof(*response); loop > 0; loop--)
766 csum = csum * 0x10204081 + *p++;
767
768 response->encrypted.checksum = htonl(csum);
769 }
770
771 /*
772 * encrypt the response packet
773 */
rxkad_encrypt_response(struct rxrpc_connection * conn,struct rxkad_response * resp,const struct rxkad_key * s2)774 static int rxkad_encrypt_response(struct rxrpc_connection *conn,
775 struct rxkad_response *resp,
776 const struct rxkad_key *s2)
777 {
778 struct skcipher_request *req;
779 struct rxrpc_crypt iv;
780 struct scatterlist sg[1];
781
782 req = skcipher_request_alloc(&conn->rxkad.cipher->base, GFP_NOFS);
783 if (!req)
784 return -ENOMEM;
785
786 /* continue encrypting from where we left off */
787 memcpy(&iv, s2->session_key, sizeof(iv));
788
789 sg_init_table(sg, 1);
790 sg_set_buf(sg, &resp->encrypted, sizeof(resp->encrypted));
791 skcipher_request_set_sync_tfm(req, conn->rxkad.cipher);
792 skcipher_request_set_callback(req, 0, NULL, NULL);
793 skcipher_request_set_crypt(req, sg, sg, sizeof(resp->encrypted), iv.x);
794 crypto_skcipher_encrypt(req);
795 skcipher_request_free(req);
796 return 0;
797 }
798
799 /*
800 * respond to a challenge packet
801 */
rxkad_respond_to_challenge(struct rxrpc_connection * conn,struct sk_buff * skb)802 static int rxkad_respond_to_challenge(struct rxrpc_connection *conn,
803 struct sk_buff *skb)
804 {
805 const struct rxrpc_key_token *token;
806 struct rxkad_challenge challenge;
807 struct rxkad_response *resp;
808 struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
809 u32 version, nonce, min_level;
810 int ret = -EPROTO;
811
812 _enter("{%d,%x}", conn->debug_id, key_serial(conn->key));
813
814 if (!conn->key)
815 return rxrpc_abort_conn(conn, skb, RX_PROTOCOL_ERROR, -EPROTO,
816 rxkad_abort_chall_no_key);
817
818 ret = key_validate(conn->key);
819 if (ret < 0)
820 return rxrpc_abort_conn(conn, skb, RXKADEXPIRED, ret,
821 rxkad_abort_chall_key_expired);
822
823 if (skb_copy_bits(skb, sizeof(struct rxrpc_wire_header),
824 &challenge, sizeof(challenge)) < 0)
825 return rxrpc_abort_conn(conn, skb, RXKADPACKETSHORT, -EPROTO,
826 rxkad_abort_chall_short);
827
828 version = ntohl(challenge.version);
829 nonce = ntohl(challenge.nonce);
830 min_level = ntohl(challenge.min_level);
831
832 trace_rxrpc_rx_challenge(conn, sp->hdr.serial, version, nonce, min_level);
833
834 if (version != RXKAD_VERSION)
835 return rxrpc_abort_conn(conn, skb, RXKADINCONSISTENCY, -EPROTO,
836 rxkad_abort_chall_version);
837
838 if (conn->security_level < min_level)
839 return rxrpc_abort_conn(conn, skb, RXKADLEVELFAIL, -EACCES,
840 rxkad_abort_chall_level);
841
842 token = conn->key->payload.data[0];
843
844 /* build the response packet */
845 resp = kzalloc(sizeof(struct rxkad_response), GFP_NOFS);
846 if (!resp)
847 return -ENOMEM;
848
849 resp->version = htonl(RXKAD_VERSION);
850 resp->encrypted.epoch = htonl(conn->proto.epoch);
851 resp->encrypted.cid = htonl(conn->proto.cid);
852 resp->encrypted.securityIndex = htonl(conn->security_ix);
853 resp->encrypted.inc_nonce = htonl(nonce + 1);
854 resp->encrypted.level = htonl(conn->security_level);
855 resp->kvno = htonl(token->kad->kvno);
856 resp->ticket_len = htonl(token->kad->ticket_len);
857 resp->encrypted.call_id[0] = htonl(conn->channels[0].call_counter);
858 resp->encrypted.call_id[1] = htonl(conn->channels[1].call_counter);
859 resp->encrypted.call_id[2] = htonl(conn->channels[2].call_counter);
860 resp->encrypted.call_id[3] = htonl(conn->channels[3].call_counter);
861
862 /* calculate the response checksum and then do the encryption */
863 rxkad_calc_response_checksum(resp);
864 ret = rxkad_encrypt_response(conn, resp, token->kad);
865 if (ret == 0)
866 ret = rxkad_send_response(conn, &sp->hdr, resp, token->kad);
867 kfree(resp);
868 return ret;
869 }
870
871 /*
872 * decrypt the kerberos IV ticket in the response
873 */
rxkad_decrypt_ticket(struct rxrpc_connection * conn,struct key * server_key,struct sk_buff * skb,void * ticket,size_t ticket_len,struct rxrpc_crypt * _session_key,time64_t * _expiry)874 static int rxkad_decrypt_ticket(struct rxrpc_connection *conn,
875 struct key *server_key,
876 struct sk_buff *skb,
877 void *ticket, size_t ticket_len,
878 struct rxrpc_crypt *_session_key,
879 time64_t *_expiry)
880 {
881 struct skcipher_request *req;
882 struct rxrpc_crypt iv, key;
883 struct scatterlist sg[1];
884 struct in_addr addr;
885 unsigned int life;
886 time64_t issue, now;
887 bool little_endian;
888 u8 *p, *q, *name, *end;
889
890 _enter("{%d},{%x}", conn->debug_id, key_serial(server_key));
891
892 *_expiry = 0;
893
894 ASSERT(server_key->payload.data[0] != NULL);
895 ASSERTCMP((unsigned long) ticket & 7UL, ==, 0);
896
897 memcpy(&iv, &server_key->payload.data[2], sizeof(iv));
898
899 req = skcipher_request_alloc(server_key->payload.data[0], GFP_NOFS);
900 if (!req)
901 return -ENOMEM;
902
903 sg_init_one(&sg[0], ticket, ticket_len);
904 skcipher_request_set_callback(req, 0, NULL, NULL);
905 skcipher_request_set_crypt(req, sg, sg, ticket_len, iv.x);
906 crypto_skcipher_decrypt(req);
907 skcipher_request_free(req);
908
909 p = ticket;
910 end = p + ticket_len;
911
912 #define Z(field, fieldl) \
913 ({ \
914 u8 *__str = p; \
915 q = memchr(p, 0, end - p); \
916 if (!q || q - p > field##_SZ) \
917 return rxrpc_abort_conn( \
918 conn, skb, RXKADBADTICKET, -EPROTO, \
919 rxkad_abort_resp_tkt_##fieldl); \
920 for (; p < q; p++) \
921 if (!isprint(*p)) \
922 return rxrpc_abort_conn( \
923 conn, skb, RXKADBADTICKET, -EPROTO, \
924 rxkad_abort_resp_tkt_##fieldl); \
925 p++; \
926 __str; \
927 })
928
929 /* extract the ticket flags */
930 _debug("KIV FLAGS: %x", *p);
931 little_endian = *p & 1;
932 p++;
933
934 /* extract the authentication name */
935 name = Z(ANAME, aname);
936 _debug("KIV ANAME: %s", name);
937
938 /* extract the principal's instance */
939 name = Z(INST, inst);
940 _debug("KIV INST : %s", name);
941
942 /* extract the principal's authentication domain */
943 name = Z(REALM, realm);
944 _debug("KIV REALM: %s", name);
945
946 if (end - p < 4 + 8 + 4 + 2)
947 return rxrpc_abort_conn(conn, skb, RXKADBADTICKET, -EPROTO,
948 rxkad_abort_resp_tkt_short);
949
950 /* get the IPv4 address of the entity that requested the ticket */
951 memcpy(&addr, p, sizeof(addr));
952 p += 4;
953 _debug("KIV ADDR : %pI4", &addr);
954
955 /* get the session key from the ticket */
956 memcpy(&key, p, sizeof(key));
957 p += 8;
958 _debug("KIV KEY : %08x %08x", ntohl(key.n[0]), ntohl(key.n[1]));
959 memcpy(_session_key, &key, sizeof(key));
960
961 /* get the ticket's lifetime */
962 life = *p++ * 5 * 60;
963 _debug("KIV LIFE : %u", life);
964
965 /* get the issue time of the ticket */
966 if (little_endian) {
967 __le32 stamp;
968 memcpy(&stamp, p, 4);
969 issue = rxrpc_u32_to_time64(le32_to_cpu(stamp));
970 } else {
971 __be32 stamp;
972 memcpy(&stamp, p, 4);
973 issue = rxrpc_u32_to_time64(be32_to_cpu(stamp));
974 }
975 p += 4;
976 now = ktime_get_real_seconds();
977 _debug("KIV ISSUE: %llx [%llx]", issue, now);
978
979 /* check the ticket is in date */
980 if (issue > now)
981 return rxrpc_abort_conn(conn, skb, RXKADNOAUTH, -EKEYREJECTED,
982 rxkad_abort_resp_tkt_future);
983 if (issue < now - life)
984 return rxrpc_abort_conn(conn, skb, RXKADEXPIRED, -EKEYEXPIRED,
985 rxkad_abort_resp_tkt_expired);
986
987 *_expiry = issue + life;
988
989 /* get the service name */
990 name = Z(SNAME, sname);
991 _debug("KIV SNAME: %s", name);
992
993 /* get the service instance name */
994 name = Z(INST, sinst);
995 _debug("KIV SINST: %s", name);
996 return 0;
997 }
998
999 /*
1000 * decrypt the response packet
1001 */
rxkad_decrypt_response(struct rxrpc_connection * conn,struct rxkad_response * resp,const struct rxrpc_crypt * session_key)1002 static void rxkad_decrypt_response(struct rxrpc_connection *conn,
1003 struct rxkad_response *resp,
1004 const struct rxrpc_crypt *session_key)
1005 {
1006 struct skcipher_request *req = rxkad_ci_req;
1007 struct scatterlist sg[1];
1008 struct rxrpc_crypt iv;
1009
1010 _enter(",,%08x%08x",
1011 ntohl(session_key->n[0]), ntohl(session_key->n[1]));
1012
1013 mutex_lock(&rxkad_ci_mutex);
1014 if (crypto_sync_skcipher_setkey(rxkad_ci, session_key->x,
1015 sizeof(*session_key)) < 0)
1016 BUG();
1017
1018 memcpy(&iv, session_key, sizeof(iv));
1019
1020 sg_init_table(sg, 1);
1021 sg_set_buf(sg, &resp->encrypted, sizeof(resp->encrypted));
1022 skcipher_request_set_sync_tfm(req, rxkad_ci);
1023 skcipher_request_set_callback(req, 0, NULL, NULL);
1024 skcipher_request_set_crypt(req, sg, sg, sizeof(resp->encrypted), iv.x);
1025 crypto_skcipher_decrypt(req);
1026 skcipher_request_zero(req);
1027
1028 mutex_unlock(&rxkad_ci_mutex);
1029
1030 _leave("");
1031 }
1032
1033 /*
1034 * verify a response
1035 */
rxkad_verify_response(struct rxrpc_connection * conn,struct sk_buff * skb)1036 static int rxkad_verify_response(struct rxrpc_connection *conn,
1037 struct sk_buff *skb)
1038 {
1039 struct rxkad_response *response;
1040 struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
1041 struct rxrpc_crypt session_key;
1042 struct key *server_key;
1043 time64_t expiry;
1044 void *ticket;
1045 u32 version, kvno, ticket_len, level;
1046 __be32 csum;
1047 int ret, i;
1048
1049 _enter("{%d}", conn->debug_id);
1050
1051 server_key = rxrpc_look_up_server_security(conn, skb, 0, 0);
1052 if (IS_ERR(server_key)) {
1053 ret = PTR_ERR(server_key);
1054 switch (ret) {
1055 case -ENOKEY:
1056 return rxrpc_abort_conn(conn, skb, RXKADUNKNOWNKEY, ret,
1057 rxkad_abort_resp_nokey);
1058 case -EKEYEXPIRED:
1059 return rxrpc_abort_conn(conn, skb, RXKADEXPIRED, ret,
1060 rxkad_abort_resp_key_expired);
1061 default:
1062 return rxrpc_abort_conn(conn, skb, RXKADNOAUTH, ret,
1063 rxkad_abort_resp_key_rejected);
1064 }
1065 }
1066
1067 ret = -ENOMEM;
1068 response = kzalloc(sizeof(struct rxkad_response), GFP_NOFS);
1069 if (!response)
1070 goto temporary_error;
1071
1072 if (skb_copy_bits(skb, sizeof(struct rxrpc_wire_header),
1073 response, sizeof(*response)) < 0) {
1074 rxrpc_abort_conn(conn, skb, RXKADPACKETSHORT, -EPROTO,
1075 rxkad_abort_resp_short);
1076 goto protocol_error;
1077 }
1078
1079 version = ntohl(response->version);
1080 ticket_len = ntohl(response->ticket_len);
1081 kvno = ntohl(response->kvno);
1082
1083 trace_rxrpc_rx_response(conn, sp->hdr.serial, version, kvno, ticket_len);
1084
1085 if (version != RXKAD_VERSION) {
1086 rxrpc_abort_conn(conn, skb, RXKADINCONSISTENCY, -EPROTO,
1087 rxkad_abort_resp_version);
1088 goto protocol_error;
1089 }
1090
1091 if (ticket_len < 4 || ticket_len > MAXKRB5TICKETLEN) {
1092 rxrpc_abort_conn(conn, skb, RXKADTICKETLEN, -EPROTO,
1093 rxkad_abort_resp_tkt_len);
1094 goto protocol_error;
1095 }
1096
1097 if (kvno >= RXKAD_TKT_TYPE_KERBEROS_V5) {
1098 rxrpc_abort_conn(conn, skb, RXKADUNKNOWNKEY, -EPROTO,
1099 rxkad_abort_resp_unknown_tkt);
1100 goto protocol_error;
1101 }
1102
1103 /* extract the kerberos ticket and decrypt and decode it */
1104 ret = -ENOMEM;
1105 ticket = kmalloc(ticket_len, GFP_NOFS);
1106 if (!ticket)
1107 goto temporary_error_free_resp;
1108
1109 if (skb_copy_bits(skb, sizeof(struct rxrpc_wire_header) + sizeof(*response),
1110 ticket, ticket_len) < 0) {
1111 rxrpc_abort_conn(conn, skb, RXKADPACKETSHORT, -EPROTO,
1112 rxkad_abort_resp_short_tkt);
1113 goto protocol_error;
1114 }
1115
1116 ret = rxkad_decrypt_ticket(conn, server_key, skb, ticket, ticket_len,
1117 &session_key, &expiry);
1118 if (ret < 0)
1119 goto temporary_error_free_ticket;
1120
1121 /* use the session key from inside the ticket to decrypt the
1122 * response */
1123 rxkad_decrypt_response(conn, response, &session_key);
1124
1125 if (ntohl(response->encrypted.epoch) != conn->proto.epoch ||
1126 ntohl(response->encrypted.cid) != conn->proto.cid ||
1127 ntohl(response->encrypted.securityIndex) != conn->security_ix) {
1128 rxrpc_abort_conn(conn, skb, RXKADSEALEDINCON, -EPROTO,
1129 rxkad_abort_resp_bad_param);
1130 goto protocol_error_free;
1131 }
1132
1133 csum = response->encrypted.checksum;
1134 response->encrypted.checksum = 0;
1135 rxkad_calc_response_checksum(response);
1136 if (response->encrypted.checksum != csum) {
1137 rxrpc_abort_conn(conn, skb, RXKADSEALEDINCON, -EPROTO,
1138 rxkad_abort_resp_bad_checksum);
1139 goto protocol_error_free;
1140 }
1141
1142 for (i = 0; i < RXRPC_MAXCALLS; i++) {
1143 u32 call_id = ntohl(response->encrypted.call_id[i]);
1144 u32 counter = READ_ONCE(conn->channels[i].call_counter);
1145
1146 if (call_id > INT_MAX) {
1147 rxrpc_abort_conn(conn, skb, RXKADSEALEDINCON, -EPROTO,
1148 rxkad_abort_resp_bad_callid);
1149 goto protocol_error_free;
1150 }
1151
1152 if (call_id < counter) {
1153 rxrpc_abort_conn(conn, skb, RXKADSEALEDINCON, -EPROTO,
1154 rxkad_abort_resp_call_ctr);
1155 goto protocol_error_free;
1156 }
1157
1158 if (call_id > counter) {
1159 if (conn->channels[i].call) {
1160 rxrpc_abort_conn(conn, skb, RXKADSEALEDINCON, -EPROTO,
1161 rxkad_abort_resp_call_state);
1162 goto protocol_error_free;
1163 }
1164 conn->channels[i].call_counter = call_id;
1165 }
1166 }
1167
1168 if (ntohl(response->encrypted.inc_nonce) != conn->rxkad.nonce + 1) {
1169 rxrpc_abort_conn(conn, skb, RXKADOUTOFSEQUENCE, -EPROTO,
1170 rxkad_abort_resp_ooseq);
1171 goto protocol_error_free;
1172 }
1173
1174 level = ntohl(response->encrypted.level);
1175 if (level > RXRPC_SECURITY_ENCRYPT) {
1176 rxrpc_abort_conn(conn, skb, RXKADLEVELFAIL, -EPROTO,
1177 rxkad_abort_resp_level);
1178 goto protocol_error_free;
1179 }
1180 conn->security_level = level;
1181
1182 /* create a key to hold the security data and expiration time - after
1183 * this the connection security can be handled in exactly the same way
1184 * as for a client connection */
1185 ret = rxrpc_get_server_data_key(conn, &session_key, expiry, kvno);
1186 if (ret < 0)
1187 goto temporary_error_free_ticket;
1188
1189 kfree(ticket);
1190 kfree(response);
1191 _leave(" = 0");
1192 return 0;
1193
1194 protocol_error_free:
1195 kfree(ticket);
1196 protocol_error:
1197 kfree(response);
1198 key_put(server_key);
1199 return -EPROTO;
1200
1201 temporary_error_free_ticket:
1202 kfree(ticket);
1203 temporary_error_free_resp:
1204 kfree(response);
1205 temporary_error:
1206 /* Ignore the response packet if we got a temporary error such as
1207 * ENOMEM. We just want to send the challenge again. Note that we
1208 * also come out this way if the ticket decryption fails.
1209 */
1210 key_put(server_key);
1211 return ret;
1212 }
1213
1214 /*
1215 * clear the connection security
1216 */
rxkad_clear(struct rxrpc_connection * conn)1217 static void rxkad_clear(struct rxrpc_connection *conn)
1218 {
1219 _enter("");
1220
1221 if (conn->rxkad.cipher)
1222 crypto_free_sync_skcipher(conn->rxkad.cipher);
1223 }
1224
1225 /*
1226 * Initialise the rxkad security service.
1227 */
rxkad_init(void)1228 static int rxkad_init(void)
1229 {
1230 struct crypto_sync_skcipher *tfm;
1231 struct skcipher_request *req;
1232
1233 /* pin the cipher we need so that the crypto layer doesn't invoke
1234 * keventd to go get it */
1235 tfm = crypto_alloc_sync_skcipher("pcbc(fcrypt)", 0, 0);
1236 if (IS_ERR(tfm))
1237 return PTR_ERR(tfm);
1238
1239 req = skcipher_request_alloc(&tfm->base, GFP_KERNEL);
1240 if (!req)
1241 goto nomem_tfm;
1242
1243 rxkad_ci_req = req;
1244 rxkad_ci = tfm;
1245 return 0;
1246
1247 nomem_tfm:
1248 crypto_free_sync_skcipher(tfm);
1249 return -ENOMEM;
1250 }
1251
1252 /*
1253 * Clean up the rxkad security service.
1254 */
rxkad_exit(void)1255 static void rxkad_exit(void)
1256 {
1257 crypto_free_sync_skcipher(rxkad_ci);
1258 skcipher_request_free(rxkad_ci_req);
1259 }
1260
1261 /*
1262 * RxRPC Kerberos-based security
1263 */
1264 const struct rxrpc_security rxkad = {
1265 .name = "rxkad",
1266 .security_index = RXRPC_SECURITY_RXKAD,
1267 .no_key_abort = RXKADUNKNOWNKEY,
1268 .init = rxkad_init,
1269 .exit = rxkad_exit,
1270 .preparse_server_key = rxkad_preparse_server_key,
1271 .free_preparse_server_key = rxkad_free_preparse_server_key,
1272 .destroy_server_key = rxkad_destroy_server_key,
1273 .init_connection_security = rxkad_init_connection_security,
1274 .alloc_txbuf = rxkad_alloc_txbuf,
1275 .secure_packet = rxkad_secure_packet,
1276 .verify_packet = rxkad_verify_packet,
1277 .free_call_crypto = rxkad_free_call_crypto,
1278 .issue_challenge = rxkad_issue_challenge,
1279 .respond_to_challenge = rxkad_respond_to_challenge,
1280 .verify_response = rxkad_verify_response,
1281 .clear = rxkad_clear,
1282 };
1283