1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* RxRPC key management 3 * 4 * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved. 5 * Written by David Howells (dhowells@redhat.com) 6 * 7 * RxRPC keys should have a description of describing their purpose: 8 * "afs@CAMBRIDGE.REDHAT.COM> 9 */ 10 11 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 12 13 #include <crypto/skcipher.h> 14 #include <linux/module.h> 15 #include <linux/net.h> 16 #include <linux/skbuff.h> 17 #include <linux/key-type.h> 18 #include <linux/ctype.h> 19 #include <linux/slab.h> 20 #include <net/sock.h> 21 #include <net/af_rxrpc.h> 22 #include <keys/rxrpc-type.h> 23 #include <keys/user-type.h> 24 #include "ar-internal.h" 25 26 static int rxrpc_vet_description_s(const char *); 27 static int rxrpc_preparse(struct key_preparsed_payload *); 28 static int rxrpc_preparse_s(struct key_preparsed_payload *); 29 static void rxrpc_free_preparse(struct key_preparsed_payload *); 30 static void rxrpc_free_preparse_s(struct key_preparsed_payload *); 31 static void rxrpc_destroy(struct key *); 32 static void rxrpc_destroy_s(struct key *); 33 static void rxrpc_describe(const struct key *, struct seq_file *); 34 static long rxrpc_read(const struct key *, char *, size_t); 35 36 /* 37 * rxrpc defined keys take an arbitrary string as the description and an 38 * arbitrary blob of data as the payload 39 */ 40 struct key_type key_type_rxrpc = { 41 .name = "rxrpc", 42 .flags = KEY_TYPE_NET_DOMAIN, 43 .preparse = rxrpc_preparse, 44 .free_preparse = rxrpc_free_preparse, 45 .instantiate = generic_key_instantiate, 46 .destroy = rxrpc_destroy, 47 .describe = rxrpc_describe, 48 .read = rxrpc_read, 49 }; 50 EXPORT_SYMBOL(key_type_rxrpc); 51 52 /* 53 * rxrpc server defined keys take "<serviceId>:<securityIndex>" as the 54 * description and an 8-byte decryption key as the payload 55 */ 56 struct key_type key_type_rxrpc_s = { 57 .name = "rxrpc_s", 58 .flags = KEY_TYPE_NET_DOMAIN, 59 .vet_description = rxrpc_vet_description_s, 60 .preparse = rxrpc_preparse_s, 61 .free_preparse = rxrpc_free_preparse_s, 62 .instantiate = generic_key_instantiate, 63 .destroy = rxrpc_destroy_s, 64 .describe = rxrpc_describe, 65 }; 66 67 /* 68 * Vet the description for an RxRPC server key 69 */ 70 static int rxrpc_vet_description_s(const char *desc) 71 { 72 unsigned long num; 73 char *p; 74 75 num = simple_strtoul(desc, &p, 10); 76 if (*p != ':' || num > 65535) 77 return -EINVAL; 78 num = simple_strtoul(p + 1, &p, 10); 79 if (*p || num < 1 || num > 255) 80 return -EINVAL; 81 return 0; 82 } 83 84 /* 85 * parse an RxKAD type XDR format token 86 * - the caller guarantees we have at least 4 words 87 */ 88 static int rxrpc_preparse_xdr_rxkad(struct key_preparsed_payload *prep, 89 size_t datalen, 90 const __be32 *xdr, unsigned int toklen) 91 { 92 struct rxrpc_key_token *token, **pptoken; 93 time64_t expiry; 94 size_t plen; 95 u32 tktlen; 96 97 _enter(",{%x,%x,%x,%x},%u", 98 ntohl(xdr[0]), ntohl(xdr[1]), ntohl(xdr[2]), ntohl(xdr[3]), 99 toklen); 100 101 if (toklen <= 8 * 4) 102 return -EKEYREJECTED; 103 tktlen = ntohl(xdr[7]); 104 _debug("tktlen: %x", tktlen); 105 if (tktlen > AFSTOKEN_RK_TIX_MAX) 106 return -EKEYREJECTED; 107 if (toklen < 8 * 4 + tktlen) 108 return -EKEYREJECTED; 109 110 plen = sizeof(*token) + sizeof(*token->kad) + tktlen; 111 prep->quotalen = datalen + plen; 112 113 plen -= sizeof(*token); 114 token = kzalloc(sizeof(*token), GFP_KERNEL); 115 if (!token) 116 return -ENOMEM; 117 118 token->kad = kzalloc(plen, GFP_KERNEL); 119 if (!token->kad) { 120 kfree(token); 121 return -ENOMEM; 122 } 123 124 token->security_index = RXRPC_SECURITY_RXKAD; 125 token->kad->ticket_len = tktlen; 126 token->kad->vice_id = ntohl(xdr[0]); 127 token->kad->kvno = ntohl(xdr[1]); 128 token->kad->start = ntohl(xdr[4]); 129 token->kad->expiry = ntohl(xdr[5]); 130 token->kad->primary_flag = ntohl(xdr[6]); 131 memcpy(&token->kad->session_key, &xdr[2], 8); 132 memcpy(&token->kad->ticket, &xdr[8], tktlen); 133 134 _debug("SCIX: %u", token->security_index); 135 _debug("TLEN: %u", token->kad->ticket_len); 136 _debug("EXPY: %x", token->kad->expiry); 137 _debug("KVNO: %u", token->kad->kvno); 138 _debug("PRIM: %u", token->kad->primary_flag); 139 _debug("SKEY: %02x%02x%02x%02x%02x%02x%02x%02x", 140 token->kad->session_key[0], token->kad->session_key[1], 141 token->kad->session_key[2], token->kad->session_key[3], 142 token->kad->session_key[4], token->kad->session_key[5], 143 token->kad->session_key[6], token->kad->session_key[7]); 144 if (token->kad->ticket_len >= 8) 145 _debug("TCKT: %02x%02x%02x%02x%02x%02x%02x%02x", 146 token->kad->ticket[0], token->kad->ticket[1], 147 token->kad->ticket[2], token->kad->ticket[3], 148 token->kad->ticket[4], token->kad->ticket[5], 149 token->kad->ticket[6], token->kad->ticket[7]); 150 151 /* count the number of tokens attached */ 152 prep->payload.data[1] = (void *)((unsigned long)prep->payload.data[1] + 1); 153 154 /* attach the data */ 155 for (pptoken = (struct rxrpc_key_token **)&prep->payload.data[0]; 156 *pptoken; 157 pptoken = &(*pptoken)->next) 158 continue; 159 *pptoken = token; 160 expiry = rxrpc_u32_to_time64(token->kad->expiry); 161 if (expiry < prep->expiry) 162 prep->expiry = expiry; 163 164 _leave(" = 0"); 165 return 0; 166 } 167 168 static void rxrpc_free_krb5_principal(struct krb5_principal *princ) 169 { 170 int loop; 171 172 if (princ->name_parts) { 173 for (loop = princ->n_name_parts - 1; loop >= 0; loop--) 174 kfree(princ->name_parts[loop]); 175 kfree(princ->name_parts); 176 } 177 kfree(princ->realm); 178 } 179 180 static void rxrpc_free_krb5_tagged(struct krb5_tagged_data *td) 181 { 182 kfree(td->data); 183 } 184 185 /* 186 * free up an RxK5 token 187 */ 188 static void rxrpc_rxk5_free(struct rxk5_key *rxk5) 189 { 190 int loop; 191 192 rxrpc_free_krb5_principal(&rxk5->client); 193 rxrpc_free_krb5_principal(&rxk5->server); 194 rxrpc_free_krb5_tagged(&rxk5->session); 195 196 if (rxk5->addresses) { 197 for (loop = rxk5->n_addresses - 1; loop >= 0; loop--) 198 rxrpc_free_krb5_tagged(&rxk5->addresses[loop]); 199 kfree(rxk5->addresses); 200 } 201 if (rxk5->authdata) { 202 for (loop = rxk5->n_authdata - 1; loop >= 0; loop--) 203 rxrpc_free_krb5_tagged(&rxk5->authdata[loop]); 204 kfree(rxk5->authdata); 205 } 206 207 kfree(rxk5->ticket); 208 kfree(rxk5->ticket2); 209 kfree(rxk5); 210 } 211 212 /* 213 * extract a krb5 principal 214 */ 215 static int rxrpc_krb5_decode_principal(struct krb5_principal *princ, 216 const __be32 **_xdr, 217 unsigned int *_toklen) 218 { 219 const __be32 *xdr = *_xdr; 220 unsigned int toklen = *_toklen, n_parts, loop, tmp, paddedlen; 221 222 /* there must be at least one name, and at least #names+1 length 223 * words */ 224 if (toklen <= 12) 225 return -EINVAL; 226 227 _enter(",{%x,%x,%x},%u", 228 ntohl(xdr[0]), ntohl(xdr[1]), ntohl(xdr[2]), toklen); 229 230 n_parts = ntohl(*xdr++); 231 toklen -= 4; 232 if (n_parts <= 0 || n_parts > AFSTOKEN_K5_COMPONENTS_MAX) 233 return -EINVAL; 234 princ->n_name_parts = n_parts; 235 236 if (toklen <= (n_parts + 1) * 4) 237 return -EINVAL; 238 239 princ->name_parts = kcalloc(n_parts, sizeof(char *), GFP_KERNEL); 240 if (!princ->name_parts) 241 return -ENOMEM; 242 243 for (loop = 0; loop < n_parts; loop++) { 244 if (toklen < 4) 245 return -EINVAL; 246 tmp = ntohl(*xdr++); 247 toklen -= 4; 248 if (tmp <= 0 || tmp > AFSTOKEN_STRING_MAX) 249 return -EINVAL; 250 paddedlen = (tmp + 3) & ~3; 251 if (paddedlen > toklen) 252 return -EINVAL; 253 princ->name_parts[loop] = kmalloc(tmp + 1, GFP_KERNEL); 254 if (!princ->name_parts[loop]) 255 return -ENOMEM; 256 memcpy(princ->name_parts[loop], xdr, tmp); 257 princ->name_parts[loop][tmp] = 0; 258 toklen -= paddedlen; 259 xdr += paddedlen >> 2; 260 } 261 262 if (toklen < 4) 263 return -EINVAL; 264 tmp = ntohl(*xdr++); 265 toklen -= 4; 266 if (tmp <= 0 || tmp > AFSTOKEN_K5_REALM_MAX) 267 return -EINVAL; 268 paddedlen = (tmp + 3) & ~3; 269 if (paddedlen > toklen) 270 return -EINVAL; 271 princ->realm = kmalloc(tmp + 1, GFP_KERNEL); 272 if (!princ->realm) 273 return -ENOMEM; 274 memcpy(princ->realm, xdr, tmp); 275 princ->realm[tmp] = 0; 276 toklen -= paddedlen; 277 xdr += paddedlen >> 2; 278 279 _debug("%s/...@%s", princ->name_parts[0], princ->realm); 280 281 *_xdr = xdr; 282 *_toklen = toklen; 283 _leave(" = 0 [toklen=%u]", toklen); 284 return 0; 285 } 286 287 /* 288 * extract a piece of krb5 tagged data 289 */ 290 static int rxrpc_krb5_decode_tagged_data(struct krb5_tagged_data *td, 291 size_t max_data_size, 292 const __be32 **_xdr, 293 unsigned int *_toklen) 294 { 295 const __be32 *xdr = *_xdr; 296 unsigned int toklen = *_toklen, len, paddedlen; 297 298 /* there must be at least one tag and one length word */ 299 if (toklen <= 8) 300 return -EINVAL; 301 302 _enter(",%zu,{%x,%x},%u", 303 max_data_size, ntohl(xdr[0]), ntohl(xdr[1]), toklen); 304 305 td->tag = ntohl(*xdr++); 306 len = ntohl(*xdr++); 307 toklen -= 8; 308 if (len > max_data_size) 309 return -EINVAL; 310 paddedlen = (len + 3) & ~3; 311 if (paddedlen > toklen) 312 return -EINVAL; 313 td->data_len = len; 314 315 if (len > 0) { 316 td->data = kmemdup(xdr, len, GFP_KERNEL); 317 if (!td->data) 318 return -ENOMEM; 319 toklen -= paddedlen; 320 xdr += paddedlen >> 2; 321 } 322 323 _debug("tag %x len %x", td->tag, td->data_len); 324 325 *_xdr = xdr; 326 *_toklen = toklen; 327 _leave(" = 0 [toklen=%u]", toklen); 328 return 0; 329 } 330 331 /* 332 * extract an array of tagged data 333 */ 334 static int rxrpc_krb5_decode_tagged_array(struct krb5_tagged_data **_td, 335 u8 *_n_elem, 336 u8 max_n_elem, 337 size_t max_elem_size, 338 const __be32 **_xdr, 339 unsigned int *_toklen) 340 { 341 struct krb5_tagged_data *td; 342 const __be32 *xdr = *_xdr; 343 unsigned int toklen = *_toklen, n_elem, loop; 344 int ret; 345 346 /* there must be at least one count */ 347 if (toklen < 4) 348 return -EINVAL; 349 350 _enter(",,%u,%zu,{%x},%u", 351 max_n_elem, max_elem_size, ntohl(xdr[0]), toklen); 352 353 n_elem = ntohl(*xdr++); 354 toklen -= 4; 355 if (n_elem > max_n_elem) 356 return -EINVAL; 357 *_n_elem = n_elem; 358 if (n_elem > 0) { 359 if (toklen <= (n_elem + 1) * 4) 360 return -EINVAL; 361 362 _debug("n_elem %d", n_elem); 363 364 td = kcalloc(n_elem, sizeof(struct krb5_tagged_data), 365 GFP_KERNEL); 366 if (!td) 367 return -ENOMEM; 368 *_td = td; 369 370 for (loop = 0; loop < n_elem; loop++) { 371 ret = rxrpc_krb5_decode_tagged_data(&td[loop], 372 max_elem_size, 373 &xdr, &toklen); 374 if (ret < 0) 375 return ret; 376 } 377 } 378 379 *_xdr = xdr; 380 *_toklen = toklen; 381 _leave(" = 0 [toklen=%u]", toklen); 382 return 0; 383 } 384 385 /* 386 * extract a krb5 ticket 387 */ 388 static int rxrpc_krb5_decode_ticket(u8 **_ticket, u16 *_tktlen, 389 const __be32 **_xdr, unsigned int *_toklen) 390 { 391 const __be32 *xdr = *_xdr; 392 unsigned int toklen = *_toklen, len, paddedlen; 393 394 /* there must be at least one length word */ 395 if (toklen <= 4) 396 return -EINVAL; 397 398 _enter(",{%x},%u", ntohl(xdr[0]), toklen); 399 400 len = ntohl(*xdr++); 401 toklen -= 4; 402 if (len > AFSTOKEN_K5_TIX_MAX) 403 return -EINVAL; 404 paddedlen = (len + 3) & ~3; 405 if (paddedlen > toklen) 406 return -EINVAL; 407 *_tktlen = len; 408 409 _debug("ticket len %u", len); 410 411 if (len > 0) { 412 *_ticket = kmemdup(xdr, len, GFP_KERNEL); 413 if (!*_ticket) 414 return -ENOMEM; 415 toklen -= paddedlen; 416 xdr += paddedlen >> 2; 417 } 418 419 *_xdr = xdr; 420 *_toklen = toklen; 421 _leave(" = 0 [toklen=%u]", toklen); 422 return 0; 423 } 424 425 /* 426 * parse an RxK5 type XDR format token 427 * - the caller guarantees we have at least 4 words 428 */ 429 static int rxrpc_preparse_xdr_rxk5(struct key_preparsed_payload *prep, 430 size_t datalen, 431 const __be32 *xdr, unsigned int toklen) 432 { 433 struct rxrpc_key_token *token, **pptoken; 434 struct rxk5_key *rxk5; 435 const __be32 *end_xdr = xdr + (toklen >> 2); 436 time64_t expiry; 437 int ret; 438 439 _enter(",{%x,%x,%x,%x},%u", 440 ntohl(xdr[0]), ntohl(xdr[1]), ntohl(xdr[2]), ntohl(xdr[3]), 441 toklen); 442 443 /* reserve some payload space for this subkey - the length of the token 444 * is a reasonable approximation */ 445 prep->quotalen = datalen + toklen; 446 447 token = kzalloc(sizeof(*token), GFP_KERNEL); 448 if (!token) 449 return -ENOMEM; 450 451 rxk5 = kzalloc(sizeof(*rxk5), GFP_KERNEL); 452 if (!rxk5) { 453 kfree(token); 454 return -ENOMEM; 455 } 456 457 token->security_index = RXRPC_SECURITY_RXK5; 458 token->k5 = rxk5; 459 460 /* extract the principals */ 461 ret = rxrpc_krb5_decode_principal(&rxk5->client, &xdr, &toklen); 462 if (ret < 0) 463 goto error; 464 ret = rxrpc_krb5_decode_principal(&rxk5->server, &xdr, &toklen); 465 if (ret < 0) 466 goto error; 467 468 /* extract the session key and the encoding type (the tag field -> 469 * ENCTYPE_xxx) */ 470 ret = rxrpc_krb5_decode_tagged_data(&rxk5->session, AFSTOKEN_DATA_MAX, 471 &xdr, &toklen); 472 if (ret < 0) 473 goto error; 474 475 if (toklen < 4 * 8 + 2 * 4) 476 goto inval; 477 rxk5->authtime = be64_to_cpup((const __be64 *) xdr); 478 xdr += 2; 479 rxk5->starttime = be64_to_cpup((const __be64 *) xdr); 480 xdr += 2; 481 rxk5->endtime = be64_to_cpup((const __be64 *) xdr); 482 xdr += 2; 483 rxk5->renew_till = be64_to_cpup((const __be64 *) xdr); 484 xdr += 2; 485 rxk5->is_skey = ntohl(*xdr++); 486 rxk5->flags = ntohl(*xdr++); 487 toklen -= 4 * 8 + 2 * 4; 488 489 _debug("times: a=%llx s=%llx e=%llx rt=%llx", 490 rxk5->authtime, rxk5->starttime, rxk5->endtime, 491 rxk5->renew_till); 492 _debug("is_skey=%x flags=%x", rxk5->is_skey, rxk5->flags); 493 494 /* extract the permitted client addresses */ 495 ret = rxrpc_krb5_decode_tagged_array(&rxk5->addresses, 496 &rxk5->n_addresses, 497 AFSTOKEN_K5_ADDRESSES_MAX, 498 AFSTOKEN_DATA_MAX, 499 &xdr, &toklen); 500 if (ret < 0) 501 goto error; 502 503 ASSERTCMP((end_xdr - xdr) << 2, ==, toklen); 504 505 /* extract the tickets */ 506 ret = rxrpc_krb5_decode_ticket(&rxk5->ticket, &rxk5->ticket_len, 507 &xdr, &toklen); 508 if (ret < 0) 509 goto error; 510 ret = rxrpc_krb5_decode_ticket(&rxk5->ticket2, &rxk5->ticket2_len, 511 &xdr, &toklen); 512 if (ret < 0) 513 goto error; 514 515 ASSERTCMP((end_xdr - xdr) << 2, ==, toklen); 516 517 /* extract the typed auth data */ 518 ret = rxrpc_krb5_decode_tagged_array(&rxk5->authdata, 519 &rxk5->n_authdata, 520 AFSTOKEN_K5_AUTHDATA_MAX, 521 AFSTOKEN_BDATALN_MAX, 522 &xdr, &toklen); 523 if (ret < 0) 524 goto error; 525 526 ASSERTCMP((end_xdr - xdr) << 2, ==, toklen); 527 528 if (toklen != 0) 529 goto inval; 530 531 /* attach the payload */ 532 for (pptoken = (struct rxrpc_key_token **)&prep->payload.data[0]; 533 *pptoken; 534 pptoken = &(*pptoken)->next) 535 continue; 536 *pptoken = token; 537 expiry = rxrpc_u32_to_time64(token->k5->endtime); 538 if (expiry < prep->expiry) 539 prep->expiry = expiry; 540 541 _leave(" = 0"); 542 return 0; 543 544 inval: 545 ret = -EINVAL; 546 error: 547 rxrpc_rxk5_free(rxk5); 548 kfree(token); 549 _leave(" = %d", ret); 550 return ret; 551 } 552 553 /* 554 * attempt to parse the data as the XDR format 555 * - the caller guarantees we have more than 7 words 556 */ 557 static int rxrpc_preparse_xdr(struct key_preparsed_payload *prep) 558 { 559 const __be32 *xdr = prep->data, *token; 560 const char *cp; 561 unsigned int len, paddedlen, loop, ntoken, toklen, sec_ix; 562 size_t datalen = prep->datalen; 563 int ret; 564 565 _enter(",{%x,%x,%x,%x},%zu", 566 ntohl(xdr[0]), ntohl(xdr[1]), ntohl(xdr[2]), ntohl(xdr[3]), 567 prep->datalen); 568 569 if (datalen > AFSTOKEN_LENGTH_MAX) 570 goto not_xdr; 571 572 /* XDR is an array of __be32's */ 573 if (datalen & 3) 574 goto not_xdr; 575 576 /* the flags should be 0 (the setpag bit must be handled by 577 * userspace) */ 578 if (ntohl(*xdr++) != 0) 579 goto not_xdr; 580 datalen -= 4; 581 582 /* check the cell name */ 583 len = ntohl(*xdr++); 584 if (len < 1 || len > AFSTOKEN_CELL_MAX) 585 goto not_xdr; 586 datalen -= 4; 587 paddedlen = (len + 3) & ~3; 588 if (paddedlen > datalen) 589 goto not_xdr; 590 591 cp = (const char *) xdr; 592 for (loop = 0; loop < len; loop++) 593 if (!isprint(cp[loop])) 594 goto not_xdr; 595 for (; loop < paddedlen; loop++) 596 if (cp[loop]) 597 goto not_xdr; 598 _debug("cellname: [%u/%u] '%*.*s'", 599 len, paddedlen, len, len, (const char *) xdr); 600 datalen -= paddedlen; 601 xdr += paddedlen >> 2; 602 603 /* get the token count */ 604 if (datalen < 12) 605 goto not_xdr; 606 ntoken = ntohl(*xdr++); 607 datalen -= 4; 608 _debug("ntoken: %x", ntoken); 609 if (ntoken < 1 || ntoken > AFSTOKEN_MAX) 610 goto not_xdr; 611 612 /* check each token wrapper */ 613 token = xdr; 614 loop = ntoken; 615 do { 616 if (datalen < 8) 617 goto not_xdr; 618 toklen = ntohl(*xdr++); 619 sec_ix = ntohl(*xdr); 620 datalen -= 4; 621 _debug("token: [%x/%zx] %x", toklen, datalen, sec_ix); 622 paddedlen = (toklen + 3) & ~3; 623 if (toklen < 20 || toklen > datalen || paddedlen > datalen) 624 goto not_xdr; 625 datalen -= paddedlen; 626 xdr += paddedlen >> 2; 627 628 } while (--loop > 0); 629 630 _debug("remainder: %zu", datalen); 631 if (datalen != 0) 632 goto not_xdr; 633 634 /* okay: we're going to assume it's valid XDR format 635 * - we ignore the cellname, relying on the key to be correctly named 636 */ 637 do { 638 xdr = token; 639 toklen = ntohl(*xdr++); 640 token = xdr + ((toklen + 3) >> 2); 641 sec_ix = ntohl(*xdr++); 642 toklen -= 4; 643 644 _debug("TOKEN type=%u [%p-%p]", sec_ix, xdr, token); 645 646 switch (sec_ix) { 647 case RXRPC_SECURITY_RXKAD: 648 ret = rxrpc_preparse_xdr_rxkad(prep, datalen, xdr, toklen); 649 if (ret != 0) 650 goto error; 651 break; 652 653 case RXRPC_SECURITY_RXK5: 654 ret = rxrpc_preparse_xdr_rxk5(prep, datalen, xdr, toklen); 655 if (ret != 0) 656 goto error; 657 break; 658 659 default: 660 ret = -EPROTONOSUPPORT; 661 goto error; 662 } 663 664 } while (--ntoken > 0); 665 666 _leave(" = 0"); 667 return 0; 668 669 not_xdr: 670 _leave(" = -EPROTO"); 671 return -EPROTO; 672 error: 673 _leave(" = %d", ret); 674 return ret; 675 } 676 677 /* 678 * Preparse an rxrpc defined key. 679 * 680 * Data should be of the form: 681 * OFFSET LEN CONTENT 682 * 0 4 key interface version number 683 * 4 2 security index (type) 684 * 6 2 ticket length 685 * 8 4 key expiry time (time_t) 686 * 12 4 kvno 687 * 16 8 session key 688 * 24 [len] ticket 689 * 690 * if no data is provided, then a no-security key is made 691 */ 692 static int rxrpc_preparse(struct key_preparsed_payload *prep) 693 { 694 const struct rxrpc_key_data_v1 *v1; 695 struct rxrpc_key_token *token, **pp; 696 time64_t expiry; 697 size_t plen; 698 u32 kver; 699 int ret; 700 701 _enter("%zu", prep->datalen); 702 703 /* handle a no-security key */ 704 if (!prep->data && prep->datalen == 0) 705 return 0; 706 707 /* determine if the XDR payload format is being used */ 708 if (prep->datalen > 7 * 4) { 709 ret = rxrpc_preparse_xdr(prep); 710 if (ret != -EPROTO) 711 return ret; 712 } 713 714 /* get the key interface version number */ 715 ret = -EINVAL; 716 if (prep->datalen <= 4 || !prep->data) 717 goto error; 718 memcpy(&kver, prep->data, sizeof(kver)); 719 prep->data += sizeof(kver); 720 prep->datalen -= sizeof(kver); 721 722 _debug("KEY I/F VERSION: %u", kver); 723 724 ret = -EKEYREJECTED; 725 if (kver != 1) 726 goto error; 727 728 /* deal with a version 1 key */ 729 ret = -EINVAL; 730 if (prep->datalen < sizeof(*v1)) 731 goto error; 732 733 v1 = prep->data; 734 if (prep->datalen != sizeof(*v1) + v1->ticket_length) 735 goto error; 736 737 _debug("SCIX: %u", v1->security_index); 738 _debug("TLEN: %u", v1->ticket_length); 739 _debug("EXPY: %x", v1->expiry); 740 _debug("KVNO: %u", v1->kvno); 741 _debug("SKEY: %02x%02x%02x%02x%02x%02x%02x%02x", 742 v1->session_key[0], v1->session_key[1], 743 v1->session_key[2], v1->session_key[3], 744 v1->session_key[4], v1->session_key[5], 745 v1->session_key[6], v1->session_key[7]); 746 if (v1->ticket_length >= 8) 747 _debug("TCKT: %02x%02x%02x%02x%02x%02x%02x%02x", 748 v1->ticket[0], v1->ticket[1], 749 v1->ticket[2], v1->ticket[3], 750 v1->ticket[4], v1->ticket[5], 751 v1->ticket[6], v1->ticket[7]); 752 753 ret = -EPROTONOSUPPORT; 754 if (v1->security_index != RXRPC_SECURITY_RXKAD) 755 goto error; 756 757 plen = sizeof(*token->kad) + v1->ticket_length; 758 prep->quotalen = plen + sizeof(*token); 759 760 ret = -ENOMEM; 761 token = kzalloc(sizeof(*token), GFP_KERNEL); 762 if (!token) 763 goto error; 764 token->kad = kzalloc(plen, GFP_KERNEL); 765 if (!token->kad) 766 goto error_free; 767 768 token->security_index = RXRPC_SECURITY_RXKAD; 769 token->kad->ticket_len = v1->ticket_length; 770 token->kad->expiry = v1->expiry; 771 token->kad->kvno = v1->kvno; 772 memcpy(&token->kad->session_key, &v1->session_key, 8); 773 memcpy(&token->kad->ticket, v1->ticket, v1->ticket_length); 774 775 /* count the number of tokens attached */ 776 prep->payload.data[1] = (void *)((unsigned long)prep->payload.data[1] + 1); 777 778 /* attach the data */ 779 pp = (struct rxrpc_key_token **)&prep->payload.data[0]; 780 while (*pp) 781 pp = &(*pp)->next; 782 *pp = token; 783 expiry = rxrpc_u32_to_time64(token->kad->expiry); 784 if (expiry < prep->expiry) 785 prep->expiry = expiry; 786 token = NULL; 787 ret = 0; 788 789 error_free: 790 kfree(token); 791 error: 792 return ret; 793 } 794 795 /* 796 * Free token list. 797 */ 798 static void rxrpc_free_token_list(struct rxrpc_key_token *token) 799 { 800 struct rxrpc_key_token *next; 801 802 for (; token; token = next) { 803 next = token->next; 804 switch (token->security_index) { 805 case RXRPC_SECURITY_RXKAD: 806 kfree(token->kad); 807 break; 808 case RXRPC_SECURITY_RXK5: 809 if (token->k5) 810 rxrpc_rxk5_free(token->k5); 811 break; 812 default: 813 pr_err("Unknown token type %x on rxrpc key\n", 814 token->security_index); 815 BUG(); 816 } 817 818 kfree(token); 819 } 820 } 821 822 /* 823 * Clean up preparse data. 824 */ 825 static void rxrpc_free_preparse(struct key_preparsed_payload *prep) 826 { 827 rxrpc_free_token_list(prep->payload.data[0]); 828 } 829 830 /* 831 * Preparse a server secret key. 832 * 833 * The data should be the 8-byte secret key. 834 */ 835 static int rxrpc_preparse_s(struct key_preparsed_payload *prep) 836 { 837 struct crypto_skcipher *ci; 838 839 _enter("%zu", prep->datalen); 840 841 if (prep->datalen != 8) 842 return -EINVAL; 843 844 memcpy(&prep->payload.data[2], prep->data, 8); 845 846 ci = crypto_alloc_skcipher("pcbc(des)", 0, CRYPTO_ALG_ASYNC); 847 if (IS_ERR(ci)) { 848 _leave(" = %ld", PTR_ERR(ci)); 849 return PTR_ERR(ci); 850 } 851 852 if (crypto_skcipher_setkey(ci, prep->data, 8) < 0) 853 BUG(); 854 855 prep->payload.data[0] = ci; 856 _leave(" = 0"); 857 return 0; 858 } 859 860 /* 861 * Clean up preparse data. 862 */ 863 static void rxrpc_free_preparse_s(struct key_preparsed_payload *prep) 864 { 865 if (prep->payload.data[0]) 866 crypto_free_skcipher(prep->payload.data[0]); 867 } 868 869 /* 870 * dispose of the data dangling from the corpse of a rxrpc key 871 */ 872 static void rxrpc_destroy(struct key *key) 873 { 874 rxrpc_free_token_list(key->payload.data[0]); 875 } 876 877 /* 878 * dispose of the data dangling from the corpse of a rxrpc key 879 */ 880 static void rxrpc_destroy_s(struct key *key) 881 { 882 if (key->payload.data[0]) { 883 crypto_free_skcipher(key->payload.data[0]); 884 key->payload.data[0] = NULL; 885 } 886 } 887 888 /* 889 * describe the rxrpc key 890 */ 891 static void rxrpc_describe(const struct key *key, struct seq_file *m) 892 { 893 seq_puts(m, key->description); 894 } 895 896 /* 897 * grab the security key for a socket 898 */ 899 int rxrpc_request_key(struct rxrpc_sock *rx, char __user *optval, int optlen) 900 { 901 struct key *key; 902 char *description; 903 904 _enter(""); 905 906 if (optlen <= 0 || optlen > PAGE_SIZE - 1) 907 return -EINVAL; 908 909 description = memdup_user_nul(optval, optlen); 910 if (IS_ERR(description)) 911 return PTR_ERR(description); 912 913 key = request_key_net(&key_type_rxrpc, description, sock_net(&rx->sk), NULL); 914 if (IS_ERR(key)) { 915 kfree(description); 916 _leave(" = %ld", PTR_ERR(key)); 917 return PTR_ERR(key); 918 } 919 920 rx->key = key; 921 kfree(description); 922 _leave(" = 0 [key %x]", key->serial); 923 return 0; 924 } 925 926 /* 927 * grab the security keyring for a server socket 928 */ 929 int rxrpc_server_keyring(struct rxrpc_sock *rx, char __user *optval, 930 int optlen) 931 { 932 struct key *key; 933 char *description; 934 935 _enter(""); 936 937 if (optlen <= 0 || optlen > PAGE_SIZE - 1) 938 return -EINVAL; 939 940 description = memdup_user_nul(optval, optlen); 941 if (IS_ERR(description)) 942 return PTR_ERR(description); 943 944 key = request_key_net(&key_type_keyring, description, sock_net(&rx->sk), NULL); 945 if (IS_ERR(key)) { 946 kfree(description); 947 _leave(" = %ld", PTR_ERR(key)); 948 return PTR_ERR(key); 949 } 950 951 rx->securities = key; 952 kfree(description); 953 _leave(" = 0 [key %x]", key->serial); 954 return 0; 955 } 956 957 /* 958 * generate a server data key 959 */ 960 int rxrpc_get_server_data_key(struct rxrpc_connection *conn, 961 const void *session_key, 962 time64_t expiry, 963 u32 kvno) 964 { 965 const struct cred *cred = current_cred(); 966 struct key *key; 967 int ret; 968 969 struct { 970 u32 kver; 971 struct rxrpc_key_data_v1 v1; 972 } data; 973 974 _enter(""); 975 976 key = key_alloc(&key_type_rxrpc, "x", 977 GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, cred, 0, 978 KEY_ALLOC_NOT_IN_QUOTA, NULL); 979 if (IS_ERR(key)) { 980 _leave(" = -ENOMEM [alloc %ld]", PTR_ERR(key)); 981 return -ENOMEM; 982 } 983 984 _debug("key %d", key_serial(key)); 985 986 data.kver = 1; 987 data.v1.security_index = RXRPC_SECURITY_RXKAD; 988 data.v1.ticket_length = 0; 989 data.v1.expiry = rxrpc_time64_to_u32(expiry); 990 data.v1.kvno = 0; 991 992 memcpy(&data.v1.session_key, session_key, sizeof(data.v1.session_key)); 993 994 ret = key_instantiate_and_link(key, &data, sizeof(data), NULL, NULL); 995 if (ret < 0) 996 goto error; 997 998 conn->params.key = key; 999 _leave(" = 0 [%d]", key_serial(key)); 1000 return 0; 1001 1002 error: 1003 key_revoke(key); 1004 key_put(key); 1005 _leave(" = -ENOMEM [ins %d]", ret); 1006 return -ENOMEM; 1007 } 1008 EXPORT_SYMBOL(rxrpc_get_server_data_key); 1009 1010 /** 1011 * rxrpc_get_null_key - Generate a null RxRPC key 1012 * @keyname: The name to give the key. 1013 * 1014 * Generate a null RxRPC key that can be used to indicate anonymous security is 1015 * required for a particular domain. 1016 */ 1017 struct key *rxrpc_get_null_key(const char *keyname) 1018 { 1019 const struct cred *cred = current_cred(); 1020 struct key *key; 1021 int ret; 1022 1023 key = key_alloc(&key_type_rxrpc, keyname, 1024 GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, cred, 1025 KEY_POS_SEARCH, KEY_ALLOC_NOT_IN_QUOTA, NULL); 1026 if (IS_ERR(key)) 1027 return key; 1028 1029 ret = key_instantiate_and_link(key, NULL, 0, NULL, NULL); 1030 if (ret < 0) { 1031 key_revoke(key); 1032 key_put(key); 1033 return ERR_PTR(ret); 1034 } 1035 1036 return key; 1037 } 1038 EXPORT_SYMBOL(rxrpc_get_null_key); 1039 1040 /* 1041 * read the contents of an rxrpc key 1042 * - this returns the result in XDR form 1043 */ 1044 static long rxrpc_read(const struct key *key, 1045 char *buffer, size_t buflen) 1046 { 1047 const struct rxrpc_key_token *token; 1048 const struct krb5_principal *princ; 1049 size_t size; 1050 __be32 *xdr, *oldxdr; 1051 u32 cnlen, toksize, ntoks, tok, zero; 1052 u16 toksizes[AFSTOKEN_MAX]; 1053 int loop; 1054 1055 _enter(""); 1056 1057 /* we don't know what form we should return non-AFS keys in */ 1058 if (memcmp(key->description, "afs@", 4) != 0) 1059 return -EOPNOTSUPP; 1060 cnlen = strlen(key->description + 4); 1061 1062 #define RND(X) (((X) + 3) & ~3) 1063 1064 /* AFS keys we return in XDR form, so we need to work out the size of 1065 * the XDR */ 1066 size = 2 * 4; /* flags, cellname len */ 1067 size += RND(cnlen); /* cellname */ 1068 size += 1 * 4; /* token count */ 1069 1070 ntoks = 0; 1071 for (token = key->payload.data[0]; token; token = token->next) { 1072 toksize = 4; /* sec index */ 1073 1074 switch (token->security_index) { 1075 case RXRPC_SECURITY_RXKAD: 1076 toksize += 9 * 4; /* viceid, kvno, key*2 + len, begin, 1077 * end, primary, tktlen */ 1078 toksize += RND(token->kad->ticket_len); 1079 break; 1080 1081 case RXRPC_SECURITY_RXK5: 1082 princ = &token->k5->client; 1083 toksize += 4 + princ->n_name_parts * 4; 1084 for (loop = 0; loop < princ->n_name_parts; loop++) 1085 toksize += RND(strlen(princ->name_parts[loop])); 1086 toksize += 4 + RND(strlen(princ->realm)); 1087 1088 princ = &token->k5->server; 1089 toksize += 4 + princ->n_name_parts * 4; 1090 for (loop = 0; loop < princ->n_name_parts; loop++) 1091 toksize += RND(strlen(princ->name_parts[loop])); 1092 toksize += 4 + RND(strlen(princ->realm)); 1093 1094 toksize += 8 + RND(token->k5->session.data_len); 1095 1096 toksize += 4 * 8 + 2 * 4; 1097 1098 toksize += 4 + token->k5->n_addresses * 8; 1099 for (loop = 0; loop < token->k5->n_addresses; loop++) 1100 toksize += RND(token->k5->addresses[loop].data_len); 1101 1102 toksize += 4 + RND(token->k5->ticket_len); 1103 toksize += 4 + RND(token->k5->ticket2_len); 1104 1105 toksize += 4 + token->k5->n_authdata * 8; 1106 for (loop = 0; loop < token->k5->n_authdata; loop++) 1107 toksize += RND(token->k5->authdata[loop].data_len); 1108 break; 1109 1110 default: /* we have a ticket we can't encode */ 1111 BUG(); 1112 continue; 1113 } 1114 1115 _debug("token[%u]: toksize=%u", ntoks, toksize); 1116 ASSERTCMP(toksize, <=, AFSTOKEN_LENGTH_MAX); 1117 1118 toksizes[ntoks++] = toksize; 1119 size += toksize + 4; /* each token has a length word */ 1120 } 1121 1122 #undef RND 1123 1124 if (!buffer || buflen < size) 1125 return size; 1126 1127 xdr = (__be32 *)buffer; 1128 zero = 0; 1129 #define ENCODE(x) \ 1130 do { \ 1131 *xdr++ = htonl(x); \ 1132 } while(0) 1133 #define ENCODE_DATA(l, s) \ 1134 do { \ 1135 u32 _l = (l); \ 1136 ENCODE(l); \ 1137 memcpy(xdr, (s), _l); \ 1138 if (_l & 3) \ 1139 memcpy((u8 *)xdr + _l, &zero, 4 - (_l & 3)); \ 1140 xdr += (_l + 3) >> 2; \ 1141 } while(0) 1142 #define ENCODE64(x) \ 1143 do { \ 1144 __be64 y = cpu_to_be64(x); \ 1145 memcpy(xdr, &y, 8); \ 1146 xdr += 8 >> 2; \ 1147 } while(0) 1148 #define ENCODE_STR(s) \ 1149 do { \ 1150 const char *_s = (s); \ 1151 ENCODE_DATA(strlen(_s), _s); \ 1152 } while(0) 1153 1154 ENCODE(0); /* flags */ 1155 ENCODE_DATA(cnlen, key->description + 4); /* cellname */ 1156 ENCODE(ntoks); 1157 1158 tok = 0; 1159 for (token = key->payload.data[0]; token; token = token->next) { 1160 toksize = toksizes[tok++]; 1161 ENCODE(toksize); 1162 oldxdr = xdr; 1163 ENCODE(token->security_index); 1164 1165 switch (token->security_index) { 1166 case RXRPC_SECURITY_RXKAD: 1167 ENCODE(token->kad->vice_id); 1168 ENCODE(token->kad->kvno); 1169 ENCODE_DATA(8, token->kad->session_key); 1170 ENCODE(token->kad->start); 1171 ENCODE(token->kad->expiry); 1172 ENCODE(token->kad->primary_flag); 1173 ENCODE_DATA(token->kad->ticket_len, token->kad->ticket); 1174 break; 1175 1176 case RXRPC_SECURITY_RXK5: 1177 princ = &token->k5->client; 1178 ENCODE(princ->n_name_parts); 1179 for (loop = 0; loop < princ->n_name_parts; loop++) 1180 ENCODE_STR(princ->name_parts[loop]); 1181 ENCODE_STR(princ->realm); 1182 1183 princ = &token->k5->server; 1184 ENCODE(princ->n_name_parts); 1185 for (loop = 0; loop < princ->n_name_parts; loop++) 1186 ENCODE_STR(princ->name_parts[loop]); 1187 ENCODE_STR(princ->realm); 1188 1189 ENCODE(token->k5->session.tag); 1190 ENCODE_DATA(token->k5->session.data_len, 1191 token->k5->session.data); 1192 1193 ENCODE64(token->k5->authtime); 1194 ENCODE64(token->k5->starttime); 1195 ENCODE64(token->k5->endtime); 1196 ENCODE64(token->k5->renew_till); 1197 ENCODE(token->k5->is_skey); 1198 ENCODE(token->k5->flags); 1199 1200 ENCODE(token->k5->n_addresses); 1201 for (loop = 0; loop < token->k5->n_addresses; loop++) { 1202 ENCODE(token->k5->addresses[loop].tag); 1203 ENCODE_DATA(token->k5->addresses[loop].data_len, 1204 token->k5->addresses[loop].data); 1205 } 1206 1207 ENCODE_DATA(token->k5->ticket_len, token->k5->ticket); 1208 ENCODE_DATA(token->k5->ticket2_len, token->k5->ticket2); 1209 1210 ENCODE(token->k5->n_authdata); 1211 for (loop = 0; loop < token->k5->n_authdata; loop++) { 1212 ENCODE(token->k5->authdata[loop].tag); 1213 ENCODE_DATA(token->k5->authdata[loop].data_len, 1214 token->k5->authdata[loop].data); 1215 } 1216 break; 1217 1218 default: 1219 BUG(); 1220 break; 1221 } 1222 1223 ASSERTCMP((unsigned long)xdr - (unsigned long)oldxdr, ==, 1224 toksize); 1225 } 1226 1227 #undef ENCODE_STR 1228 #undef ENCODE_DATA 1229 #undef ENCODE64 1230 #undef ENCODE 1231 1232 ASSERTCMP(tok, ==, ntoks); 1233 ASSERTCMP((char __user *) xdr - buffer, ==, size); 1234 _leave(" = %zu", size); 1235 return size; 1236 } 1237