1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* RxRPC key management 3 * 4 * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved. 5 * Written by David Howells (dhowells@redhat.com) 6 * 7 * RxRPC keys should have a description of describing their purpose: 8 * "afs@CAMBRIDGE.REDHAT.COM> 9 */ 10 11 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 12 13 #include <crypto/skcipher.h> 14 #include <linux/module.h> 15 #include <linux/net.h> 16 #include <linux/skbuff.h> 17 #include <linux/key-type.h> 18 #include <linux/ctype.h> 19 #include <linux/slab.h> 20 #include <net/sock.h> 21 #include <net/af_rxrpc.h> 22 #include <keys/rxrpc-type.h> 23 #include <keys/user-type.h> 24 #include "ar-internal.h" 25 26 static struct key_acl rxrpc_null_key_acl = { 27 .usage = REFCOUNT_INIT(1), 28 .nr_ace = 1, 29 .aces = { 30 KEY_POSSESSOR_ACE(KEY_ACE_SEARCH | KEY_ACE_READ), 31 } 32 }; 33 34 static int rxrpc_vet_description_s(const char *); 35 static int rxrpc_preparse(struct key_preparsed_payload *); 36 static int rxrpc_preparse_s(struct key_preparsed_payload *); 37 static void rxrpc_free_preparse(struct key_preparsed_payload *); 38 static void rxrpc_free_preparse_s(struct key_preparsed_payload *); 39 static void rxrpc_destroy(struct key *); 40 static void rxrpc_destroy_s(struct key *); 41 static void rxrpc_describe(const struct key *, struct seq_file *); 42 static long rxrpc_read(const struct key *, char __user *, size_t); 43 44 /* 45 * rxrpc defined keys take an arbitrary string as the description and an 46 * arbitrary blob of data as the payload 47 */ 48 struct key_type key_type_rxrpc = { 49 .name = "rxrpc", 50 .flags = KEY_TYPE_NET_DOMAIN, 51 .preparse = rxrpc_preparse, 52 .free_preparse = rxrpc_free_preparse, 53 .instantiate = generic_key_instantiate, 54 .destroy = rxrpc_destroy, 55 .describe = rxrpc_describe, 56 .read = rxrpc_read, 57 }; 58 EXPORT_SYMBOL(key_type_rxrpc); 59 60 /* 61 * rxrpc server defined keys take "<serviceId>:<securityIndex>" as the 62 * description and an 8-byte decryption key as the payload 63 */ 64 struct key_type key_type_rxrpc_s = { 65 .name = "rxrpc_s", 66 .flags = KEY_TYPE_NET_DOMAIN, 67 .vet_description = rxrpc_vet_description_s, 68 .preparse = rxrpc_preparse_s, 69 .free_preparse = rxrpc_free_preparse_s, 70 .instantiate = generic_key_instantiate, 71 .destroy = rxrpc_destroy_s, 72 .describe = rxrpc_describe, 73 }; 74 75 /* 76 * Vet the description for an RxRPC server key 77 */ 78 static int rxrpc_vet_description_s(const char *desc) 79 { 80 unsigned long num; 81 char *p; 82 83 num = simple_strtoul(desc, &p, 10); 84 if (*p != ':' || num > 65535) 85 return -EINVAL; 86 num = simple_strtoul(p + 1, &p, 10); 87 if (*p || num < 1 || num > 255) 88 return -EINVAL; 89 return 0; 90 } 91 92 /* 93 * parse an RxKAD type XDR format token 94 * - the caller guarantees we have at least 4 words 95 */ 96 static int rxrpc_preparse_xdr_rxkad(struct key_preparsed_payload *prep, 97 size_t datalen, 98 const __be32 *xdr, unsigned int toklen) 99 { 100 struct rxrpc_key_token *token, **pptoken; 101 time64_t expiry; 102 size_t plen; 103 u32 tktlen; 104 105 _enter(",{%x,%x,%x,%x},%u", 106 ntohl(xdr[0]), ntohl(xdr[1]), ntohl(xdr[2]), ntohl(xdr[3]), 107 toklen); 108 109 if (toklen <= 8 * 4) 110 return -EKEYREJECTED; 111 tktlen = ntohl(xdr[7]); 112 _debug("tktlen: %x", tktlen); 113 if (tktlen > AFSTOKEN_RK_TIX_MAX) 114 return -EKEYREJECTED; 115 if (toklen < 8 * 4 + tktlen) 116 return -EKEYREJECTED; 117 118 plen = sizeof(*token) + sizeof(*token->kad) + tktlen; 119 prep->quotalen = datalen + plen; 120 121 plen -= sizeof(*token); 122 token = kzalloc(sizeof(*token), GFP_KERNEL); 123 if (!token) 124 return -ENOMEM; 125 126 token->kad = kzalloc(plen, GFP_KERNEL); 127 if (!token->kad) { 128 kfree(token); 129 return -ENOMEM; 130 } 131 132 token->security_index = RXRPC_SECURITY_RXKAD; 133 token->kad->ticket_len = tktlen; 134 token->kad->vice_id = ntohl(xdr[0]); 135 token->kad->kvno = ntohl(xdr[1]); 136 token->kad->start = ntohl(xdr[4]); 137 token->kad->expiry = ntohl(xdr[5]); 138 token->kad->primary_flag = ntohl(xdr[6]); 139 memcpy(&token->kad->session_key, &xdr[2], 8); 140 memcpy(&token->kad->ticket, &xdr[8], tktlen); 141 142 _debug("SCIX: %u", token->security_index); 143 _debug("TLEN: %u", token->kad->ticket_len); 144 _debug("EXPY: %x", token->kad->expiry); 145 _debug("KVNO: %u", token->kad->kvno); 146 _debug("PRIM: %u", token->kad->primary_flag); 147 _debug("SKEY: %02x%02x%02x%02x%02x%02x%02x%02x", 148 token->kad->session_key[0], token->kad->session_key[1], 149 token->kad->session_key[2], token->kad->session_key[3], 150 token->kad->session_key[4], token->kad->session_key[5], 151 token->kad->session_key[6], token->kad->session_key[7]); 152 if (token->kad->ticket_len >= 8) 153 _debug("TCKT: %02x%02x%02x%02x%02x%02x%02x%02x", 154 token->kad->ticket[0], token->kad->ticket[1], 155 token->kad->ticket[2], token->kad->ticket[3], 156 token->kad->ticket[4], token->kad->ticket[5], 157 token->kad->ticket[6], token->kad->ticket[7]); 158 159 /* count the number of tokens attached */ 160 prep->payload.data[1] = (void *)((unsigned long)prep->payload.data[1] + 1); 161 162 /* attach the data */ 163 for (pptoken = (struct rxrpc_key_token **)&prep->payload.data[0]; 164 *pptoken; 165 pptoken = &(*pptoken)->next) 166 continue; 167 *pptoken = token; 168 expiry = rxrpc_u32_to_time64(token->kad->expiry); 169 if (expiry < prep->expiry) 170 prep->expiry = expiry; 171 172 _leave(" = 0"); 173 return 0; 174 } 175 176 static void rxrpc_free_krb5_principal(struct krb5_principal *princ) 177 { 178 int loop; 179 180 if (princ->name_parts) { 181 for (loop = princ->n_name_parts - 1; loop >= 0; loop--) 182 kfree(princ->name_parts[loop]); 183 kfree(princ->name_parts); 184 } 185 kfree(princ->realm); 186 } 187 188 static void rxrpc_free_krb5_tagged(struct krb5_tagged_data *td) 189 { 190 kfree(td->data); 191 } 192 193 /* 194 * free up an RxK5 token 195 */ 196 static void rxrpc_rxk5_free(struct rxk5_key *rxk5) 197 { 198 int loop; 199 200 rxrpc_free_krb5_principal(&rxk5->client); 201 rxrpc_free_krb5_principal(&rxk5->server); 202 rxrpc_free_krb5_tagged(&rxk5->session); 203 204 if (rxk5->addresses) { 205 for (loop = rxk5->n_addresses - 1; loop >= 0; loop--) 206 rxrpc_free_krb5_tagged(&rxk5->addresses[loop]); 207 kfree(rxk5->addresses); 208 } 209 if (rxk5->authdata) { 210 for (loop = rxk5->n_authdata - 1; loop >= 0; loop--) 211 rxrpc_free_krb5_tagged(&rxk5->authdata[loop]); 212 kfree(rxk5->authdata); 213 } 214 215 kfree(rxk5->ticket); 216 kfree(rxk5->ticket2); 217 kfree(rxk5); 218 } 219 220 /* 221 * extract a krb5 principal 222 */ 223 static int rxrpc_krb5_decode_principal(struct krb5_principal *princ, 224 const __be32 **_xdr, 225 unsigned int *_toklen) 226 { 227 const __be32 *xdr = *_xdr; 228 unsigned int toklen = *_toklen, n_parts, loop, tmp, paddedlen; 229 230 /* there must be at least one name, and at least #names+1 length 231 * words */ 232 if (toklen <= 12) 233 return -EINVAL; 234 235 _enter(",{%x,%x,%x},%u", 236 ntohl(xdr[0]), ntohl(xdr[1]), ntohl(xdr[2]), toklen); 237 238 n_parts = ntohl(*xdr++); 239 toklen -= 4; 240 if (n_parts <= 0 || n_parts > AFSTOKEN_K5_COMPONENTS_MAX) 241 return -EINVAL; 242 princ->n_name_parts = n_parts; 243 244 if (toklen <= (n_parts + 1) * 4) 245 return -EINVAL; 246 247 princ->name_parts = kcalloc(n_parts, sizeof(char *), GFP_KERNEL); 248 if (!princ->name_parts) 249 return -ENOMEM; 250 251 for (loop = 0; loop < n_parts; loop++) { 252 if (toklen < 4) 253 return -EINVAL; 254 tmp = ntohl(*xdr++); 255 toklen -= 4; 256 if (tmp <= 0 || tmp > AFSTOKEN_STRING_MAX) 257 return -EINVAL; 258 paddedlen = (tmp + 3) & ~3; 259 if (paddedlen > toklen) 260 return -EINVAL; 261 princ->name_parts[loop] = kmalloc(tmp + 1, GFP_KERNEL); 262 if (!princ->name_parts[loop]) 263 return -ENOMEM; 264 memcpy(princ->name_parts[loop], xdr, tmp); 265 princ->name_parts[loop][tmp] = 0; 266 toklen -= paddedlen; 267 xdr += paddedlen >> 2; 268 } 269 270 if (toklen < 4) 271 return -EINVAL; 272 tmp = ntohl(*xdr++); 273 toklen -= 4; 274 if (tmp <= 0 || tmp > AFSTOKEN_K5_REALM_MAX) 275 return -EINVAL; 276 paddedlen = (tmp + 3) & ~3; 277 if (paddedlen > toklen) 278 return -EINVAL; 279 princ->realm = kmalloc(tmp + 1, GFP_KERNEL); 280 if (!princ->realm) 281 return -ENOMEM; 282 memcpy(princ->realm, xdr, tmp); 283 princ->realm[tmp] = 0; 284 toklen -= paddedlen; 285 xdr += paddedlen >> 2; 286 287 _debug("%s/...@%s", princ->name_parts[0], princ->realm); 288 289 *_xdr = xdr; 290 *_toklen = toklen; 291 _leave(" = 0 [toklen=%u]", toklen); 292 return 0; 293 } 294 295 /* 296 * extract a piece of krb5 tagged data 297 */ 298 static int rxrpc_krb5_decode_tagged_data(struct krb5_tagged_data *td, 299 size_t max_data_size, 300 const __be32 **_xdr, 301 unsigned int *_toklen) 302 { 303 const __be32 *xdr = *_xdr; 304 unsigned int toklen = *_toklen, len, paddedlen; 305 306 /* there must be at least one tag and one length word */ 307 if (toklen <= 8) 308 return -EINVAL; 309 310 _enter(",%zu,{%x,%x},%u", 311 max_data_size, ntohl(xdr[0]), ntohl(xdr[1]), toklen); 312 313 td->tag = ntohl(*xdr++); 314 len = ntohl(*xdr++); 315 toklen -= 8; 316 if (len > max_data_size) 317 return -EINVAL; 318 paddedlen = (len + 3) & ~3; 319 if (paddedlen > toklen) 320 return -EINVAL; 321 td->data_len = len; 322 323 if (len > 0) { 324 td->data = kmemdup(xdr, len, GFP_KERNEL); 325 if (!td->data) 326 return -ENOMEM; 327 toklen -= paddedlen; 328 xdr += paddedlen >> 2; 329 } 330 331 _debug("tag %x len %x", td->tag, td->data_len); 332 333 *_xdr = xdr; 334 *_toklen = toklen; 335 _leave(" = 0 [toklen=%u]", toklen); 336 return 0; 337 } 338 339 /* 340 * extract an array of tagged data 341 */ 342 static int rxrpc_krb5_decode_tagged_array(struct krb5_tagged_data **_td, 343 u8 *_n_elem, 344 u8 max_n_elem, 345 size_t max_elem_size, 346 const __be32 **_xdr, 347 unsigned int *_toklen) 348 { 349 struct krb5_tagged_data *td; 350 const __be32 *xdr = *_xdr; 351 unsigned int toklen = *_toklen, n_elem, loop; 352 int ret; 353 354 /* there must be at least one count */ 355 if (toklen < 4) 356 return -EINVAL; 357 358 _enter(",,%u,%zu,{%x},%u", 359 max_n_elem, max_elem_size, ntohl(xdr[0]), toklen); 360 361 n_elem = ntohl(*xdr++); 362 toklen -= 4; 363 if (n_elem > max_n_elem) 364 return -EINVAL; 365 *_n_elem = n_elem; 366 if (n_elem > 0) { 367 if (toklen <= (n_elem + 1) * 4) 368 return -EINVAL; 369 370 _debug("n_elem %d", n_elem); 371 372 td = kcalloc(n_elem, sizeof(struct krb5_tagged_data), 373 GFP_KERNEL); 374 if (!td) 375 return -ENOMEM; 376 *_td = td; 377 378 for (loop = 0; loop < n_elem; loop++) { 379 ret = rxrpc_krb5_decode_tagged_data(&td[loop], 380 max_elem_size, 381 &xdr, &toklen); 382 if (ret < 0) 383 return ret; 384 } 385 } 386 387 *_xdr = xdr; 388 *_toklen = toklen; 389 _leave(" = 0 [toklen=%u]", toklen); 390 return 0; 391 } 392 393 /* 394 * extract a krb5 ticket 395 */ 396 static int rxrpc_krb5_decode_ticket(u8 **_ticket, u16 *_tktlen, 397 const __be32 **_xdr, unsigned int *_toklen) 398 { 399 const __be32 *xdr = *_xdr; 400 unsigned int toklen = *_toklen, len, paddedlen; 401 402 /* there must be at least one length word */ 403 if (toklen <= 4) 404 return -EINVAL; 405 406 _enter(",{%x},%u", ntohl(xdr[0]), toklen); 407 408 len = ntohl(*xdr++); 409 toklen -= 4; 410 if (len > AFSTOKEN_K5_TIX_MAX) 411 return -EINVAL; 412 paddedlen = (len + 3) & ~3; 413 if (paddedlen > toklen) 414 return -EINVAL; 415 *_tktlen = len; 416 417 _debug("ticket len %u", len); 418 419 if (len > 0) { 420 *_ticket = kmemdup(xdr, len, GFP_KERNEL); 421 if (!*_ticket) 422 return -ENOMEM; 423 toklen -= paddedlen; 424 xdr += paddedlen >> 2; 425 } 426 427 *_xdr = xdr; 428 *_toklen = toklen; 429 _leave(" = 0 [toklen=%u]", toklen); 430 return 0; 431 } 432 433 /* 434 * parse an RxK5 type XDR format token 435 * - the caller guarantees we have at least 4 words 436 */ 437 static int rxrpc_preparse_xdr_rxk5(struct key_preparsed_payload *prep, 438 size_t datalen, 439 const __be32 *xdr, unsigned int toklen) 440 { 441 struct rxrpc_key_token *token, **pptoken; 442 struct rxk5_key *rxk5; 443 const __be32 *end_xdr = xdr + (toklen >> 2); 444 time64_t expiry; 445 int ret; 446 447 _enter(",{%x,%x,%x,%x},%u", 448 ntohl(xdr[0]), ntohl(xdr[1]), ntohl(xdr[2]), ntohl(xdr[3]), 449 toklen); 450 451 /* reserve some payload space for this subkey - the length of the token 452 * is a reasonable approximation */ 453 prep->quotalen = datalen + toklen; 454 455 token = kzalloc(sizeof(*token), GFP_KERNEL); 456 if (!token) 457 return -ENOMEM; 458 459 rxk5 = kzalloc(sizeof(*rxk5), GFP_KERNEL); 460 if (!rxk5) { 461 kfree(token); 462 return -ENOMEM; 463 } 464 465 token->security_index = RXRPC_SECURITY_RXK5; 466 token->k5 = rxk5; 467 468 /* extract the principals */ 469 ret = rxrpc_krb5_decode_principal(&rxk5->client, &xdr, &toklen); 470 if (ret < 0) 471 goto error; 472 ret = rxrpc_krb5_decode_principal(&rxk5->server, &xdr, &toklen); 473 if (ret < 0) 474 goto error; 475 476 /* extract the session key and the encoding type (the tag field -> 477 * ENCTYPE_xxx) */ 478 ret = rxrpc_krb5_decode_tagged_data(&rxk5->session, AFSTOKEN_DATA_MAX, 479 &xdr, &toklen); 480 if (ret < 0) 481 goto error; 482 483 if (toklen < 4 * 8 + 2 * 4) 484 goto inval; 485 rxk5->authtime = be64_to_cpup((const __be64 *) xdr); 486 xdr += 2; 487 rxk5->starttime = be64_to_cpup((const __be64 *) xdr); 488 xdr += 2; 489 rxk5->endtime = be64_to_cpup((const __be64 *) xdr); 490 xdr += 2; 491 rxk5->renew_till = be64_to_cpup((const __be64 *) xdr); 492 xdr += 2; 493 rxk5->is_skey = ntohl(*xdr++); 494 rxk5->flags = ntohl(*xdr++); 495 toklen -= 4 * 8 + 2 * 4; 496 497 _debug("times: a=%llx s=%llx e=%llx rt=%llx", 498 rxk5->authtime, rxk5->starttime, rxk5->endtime, 499 rxk5->renew_till); 500 _debug("is_skey=%x flags=%x", rxk5->is_skey, rxk5->flags); 501 502 /* extract the permitted client addresses */ 503 ret = rxrpc_krb5_decode_tagged_array(&rxk5->addresses, 504 &rxk5->n_addresses, 505 AFSTOKEN_K5_ADDRESSES_MAX, 506 AFSTOKEN_DATA_MAX, 507 &xdr, &toklen); 508 if (ret < 0) 509 goto error; 510 511 ASSERTCMP((end_xdr - xdr) << 2, ==, toklen); 512 513 /* extract the tickets */ 514 ret = rxrpc_krb5_decode_ticket(&rxk5->ticket, &rxk5->ticket_len, 515 &xdr, &toklen); 516 if (ret < 0) 517 goto error; 518 ret = rxrpc_krb5_decode_ticket(&rxk5->ticket2, &rxk5->ticket2_len, 519 &xdr, &toklen); 520 if (ret < 0) 521 goto error; 522 523 ASSERTCMP((end_xdr - xdr) << 2, ==, toklen); 524 525 /* extract the typed auth data */ 526 ret = rxrpc_krb5_decode_tagged_array(&rxk5->authdata, 527 &rxk5->n_authdata, 528 AFSTOKEN_K5_AUTHDATA_MAX, 529 AFSTOKEN_BDATALN_MAX, 530 &xdr, &toklen); 531 if (ret < 0) 532 goto error; 533 534 ASSERTCMP((end_xdr - xdr) << 2, ==, toklen); 535 536 if (toklen != 0) 537 goto inval; 538 539 /* attach the payload */ 540 for (pptoken = (struct rxrpc_key_token **)&prep->payload.data[0]; 541 *pptoken; 542 pptoken = &(*pptoken)->next) 543 continue; 544 *pptoken = token; 545 expiry = rxrpc_u32_to_time64(token->k5->endtime); 546 if (expiry < prep->expiry) 547 prep->expiry = expiry; 548 549 _leave(" = 0"); 550 return 0; 551 552 inval: 553 ret = -EINVAL; 554 error: 555 rxrpc_rxk5_free(rxk5); 556 kfree(token); 557 _leave(" = %d", ret); 558 return ret; 559 } 560 561 /* 562 * attempt to parse the data as the XDR format 563 * - the caller guarantees we have more than 7 words 564 */ 565 static int rxrpc_preparse_xdr(struct key_preparsed_payload *prep) 566 { 567 const __be32 *xdr = prep->data, *token; 568 const char *cp; 569 unsigned int len, paddedlen, loop, ntoken, toklen, sec_ix; 570 size_t datalen = prep->datalen; 571 int ret; 572 573 _enter(",{%x,%x,%x,%x},%zu", 574 ntohl(xdr[0]), ntohl(xdr[1]), ntohl(xdr[2]), ntohl(xdr[3]), 575 prep->datalen); 576 577 if (datalen > AFSTOKEN_LENGTH_MAX) 578 goto not_xdr; 579 580 /* XDR is an array of __be32's */ 581 if (datalen & 3) 582 goto not_xdr; 583 584 /* the flags should be 0 (the setpag bit must be handled by 585 * userspace) */ 586 if (ntohl(*xdr++) != 0) 587 goto not_xdr; 588 datalen -= 4; 589 590 /* check the cell name */ 591 len = ntohl(*xdr++); 592 if (len < 1 || len > AFSTOKEN_CELL_MAX) 593 goto not_xdr; 594 datalen -= 4; 595 paddedlen = (len + 3) & ~3; 596 if (paddedlen > datalen) 597 goto not_xdr; 598 599 cp = (const char *) xdr; 600 for (loop = 0; loop < len; loop++) 601 if (!isprint(cp[loop])) 602 goto not_xdr; 603 for (; loop < paddedlen; loop++) 604 if (cp[loop]) 605 goto not_xdr; 606 _debug("cellname: [%u/%u] '%*.*s'", 607 len, paddedlen, len, len, (const char *) xdr); 608 datalen -= paddedlen; 609 xdr += paddedlen >> 2; 610 611 /* get the token count */ 612 if (datalen < 12) 613 goto not_xdr; 614 ntoken = ntohl(*xdr++); 615 datalen -= 4; 616 _debug("ntoken: %x", ntoken); 617 if (ntoken < 1 || ntoken > AFSTOKEN_MAX) 618 goto not_xdr; 619 620 /* check each token wrapper */ 621 token = xdr; 622 loop = ntoken; 623 do { 624 if (datalen < 8) 625 goto not_xdr; 626 toklen = ntohl(*xdr++); 627 sec_ix = ntohl(*xdr); 628 datalen -= 4; 629 _debug("token: [%x/%zx] %x", toklen, datalen, sec_ix); 630 paddedlen = (toklen + 3) & ~3; 631 if (toklen < 20 || toklen > datalen || paddedlen > datalen) 632 goto not_xdr; 633 datalen -= paddedlen; 634 xdr += paddedlen >> 2; 635 636 } while (--loop > 0); 637 638 _debug("remainder: %zu", datalen); 639 if (datalen != 0) 640 goto not_xdr; 641 642 /* okay: we're going to assume it's valid XDR format 643 * - we ignore the cellname, relying on the key to be correctly named 644 */ 645 do { 646 xdr = token; 647 toklen = ntohl(*xdr++); 648 token = xdr + ((toklen + 3) >> 2); 649 sec_ix = ntohl(*xdr++); 650 toklen -= 4; 651 652 _debug("TOKEN type=%u [%p-%p]", sec_ix, xdr, token); 653 654 switch (sec_ix) { 655 case RXRPC_SECURITY_RXKAD: 656 ret = rxrpc_preparse_xdr_rxkad(prep, datalen, xdr, toklen); 657 if (ret != 0) 658 goto error; 659 break; 660 661 case RXRPC_SECURITY_RXK5: 662 ret = rxrpc_preparse_xdr_rxk5(prep, datalen, xdr, toklen); 663 if (ret != 0) 664 goto error; 665 break; 666 667 default: 668 ret = -EPROTONOSUPPORT; 669 goto error; 670 } 671 672 } while (--ntoken > 0); 673 674 _leave(" = 0"); 675 return 0; 676 677 not_xdr: 678 _leave(" = -EPROTO"); 679 return -EPROTO; 680 error: 681 _leave(" = %d", ret); 682 return ret; 683 } 684 685 /* 686 * Preparse an rxrpc defined key. 687 * 688 * Data should be of the form: 689 * OFFSET LEN CONTENT 690 * 0 4 key interface version number 691 * 4 2 security index (type) 692 * 6 2 ticket length 693 * 8 4 key expiry time (time_t) 694 * 12 4 kvno 695 * 16 8 session key 696 * 24 [len] ticket 697 * 698 * if no data is provided, then a no-security key is made 699 */ 700 static int rxrpc_preparse(struct key_preparsed_payload *prep) 701 { 702 const struct rxrpc_key_data_v1 *v1; 703 struct rxrpc_key_token *token, **pp; 704 time64_t expiry; 705 size_t plen; 706 u32 kver; 707 int ret; 708 709 _enter("%zu", prep->datalen); 710 711 /* handle a no-security key */ 712 if (!prep->data && prep->datalen == 0) 713 return 0; 714 715 /* determine if the XDR payload format is being used */ 716 if (prep->datalen > 7 * 4) { 717 ret = rxrpc_preparse_xdr(prep); 718 if (ret != -EPROTO) 719 return ret; 720 } 721 722 /* get the key interface version number */ 723 ret = -EINVAL; 724 if (prep->datalen <= 4 || !prep->data) 725 goto error; 726 memcpy(&kver, prep->data, sizeof(kver)); 727 prep->data += sizeof(kver); 728 prep->datalen -= sizeof(kver); 729 730 _debug("KEY I/F VERSION: %u", kver); 731 732 ret = -EKEYREJECTED; 733 if (kver != 1) 734 goto error; 735 736 /* deal with a version 1 key */ 737 ret = -EINVAL; 738 if (prep->datalen < sizeof(*v1)) 739 goto error; 740 741 v1 = prep->data; 742 if (prep->datalen != sizeof(*v1) + v1->ticket_length) 743 goto error; 744 745 _debug("SCIX: %u", v1->security_index); 746 _debug("TLEN: %u", v1->ticket_length); 747 _debug("EXPY: %x", v1->expiry); 748 _debug("KVNO: %u", v1->kvno); 749 _debug("SKEY: %02x%02x%02x%02x%02x%02x%02x%02x", 750 v1->session_key[0], v1->session_key[1], 751 v1->session_key[2], v1->session_key[3], 752 v1->session_key[4], v1->session_key[5], 753 v1->session_key[6], v1->session_key[7]); 754 if (v1->ticket_length >= 8) 755 _debug("TCKT: %02x%02x%02x%02x%02x%02x%02x%02x", 756 v1->ticket[0], v1->ticket[1], 757 v1->ticket[2], v1->ticket[3], 758 v1->ticket[4], v1->ticket[5], 759 v1->ticket[6], v1->ticket[7]); 760 761 ret = -EPROTONOSUPPORT; 762 if (v1->security_index != RXRPC_SECURITY_RXKAD) 763 goto error; 764 765 plen = sizeof(*token->kad) + v1->ticket_length; 766 prep->quotalen = plen + sizeof(*token); 767 768 ret = -ENOMEM; 769 token = kzalloc(sizeof(*token), GFP_KERNEL); 770 if (!token) 771 goto error; 772 token->kad = kzalloc(plen, GFP_KERNEL); 773 if (!token->kad) 774 goto error_free; 775 776 token->security_index = RXRPC_SECURITY_RXKAD; 777 token->kad->ticket_len = v1->ticket_length; 778 token->kad->expiry = v1->expiry; 779 token->kad->kvno = v1->kvno; 780 memcpy(&token->kad->session_key, &v1->session_key, 8); 781 memcpy(&token->kad->ticket, v1->ticket, v1->ticket_length); 782 783 /* count the number of tokens attached */ 784 prep->payload.data[1] = (void *)((unsigned long)prep->payload.data[1] + 1); 785 786 /* attach the data */ 787 pp = (struct rxrpc_key_token **)&prep->payload.data[0]; 788 while (*pp) 789 pp = &(*pp)->next; 790 *pp = token; 791 expiry = rxrpc_u32_to_time64(token->kad->expiry); 792 if (expiry < prep->expiry) 793 prep->expiry = expiry; 794 token = NULL; 795 ret = 0; 796 797 error_free: 798 kfree(token); 799 error: 800 return ret; 801 } 802 803 /* 804 * Free token list. 805 */ 806 static void rxrpc_free_token_list(struct rxrpc_key_token *token) 807 { 808 struct rxrpc_key_token *next; 809 810 for (; token; token = next) { 811 next = token->next; 812 switch (token->security_index) { 813 case RXRPC_SECURITY_RXKAD: 814 kfree(token->kad); 815 break; 816 case RXRPC_SECURITY_RXK5: 817 if (token->k5) 818 rxrpc_rxk5_free(token->k5); 819 break; 820 default: 821 pr_err("Unknown token type %x on rxrpc key\n", 822 token->security_index); 823 BUG(); 824 } 825 826 kfree(token); 827 } 828 } 829 830 /* 831 * Clean up preparse data. 832 */ 833 static void rxrpc_free_preparse(struct key_preparsed_payload *prep) 834 { 835 rxrpc_free_token_list(prep->payload.data[0]); 836 } 837 838 /* 839 * Preparse a server secret key. 840 * 841 * The data should be the 8-byte secret key. 842 */ 843 static int rxrpc_preparse_s(struct key_preparsed_payload *prep) 844 { 845 struct crypto_skcipher *ci; 846 847 _enter("%zu", prep->datalen); 848 849 if (prep->datalen != 8) 850 return -EINVAL; 851 852 memcpy(&prep->payload.data[2], prep->data, 8); 853 854 ci = crypto_alloc_skcipher("pcbc(des)", 0, CRYPTO_ALG_ASYNC); 855 if (IS_ERR(ci)) { 856 _leave(" = %ld", PTR_ERR(ci)); 857 return PTR_ERR(ci); 858 } 859 860 if (crypto_skcipher_setkey(ci, prep->data, 8) < 0) 861 BUG(); 862 863 prep->payload.data[0] = ci; 864 _leave(" = 0"); 865 return 0; 866 } 867 868 /* 869 * Clean up preparse data. 870 */ 871 static void rxrpc_free_preparse_s(struct key_preparsed_payload *prep) 872 { 873 if (prep->payload.data[0]) 874 crypto_free_skcipher(prep->payload.data[0]); 875 } 876 877 /* 878 * dispose of the data dangling from the corpse of a rxrpc key 879 */ 880 static void rxrpc_destroy(struct key *key) 881 { 882 rxrpc_free_token_list(key->payload.data[0]); 883 } 884 885 /* 886 * dispose of the data dangling from the corpse of a rxrpc key 887 */ 888 static void rxrpc_destroy_s(struct key *key) 889 { 890 if (key->payload.data[0]) { 891 crypto_free_skcipher(key->payload.data[0]); 892 key->payload.data[0] = NULL; 893 } 894 } 895 896 /* 897 * describe the rxrpc key 898 */ 899 static void rxrpc_describe(const struct key *key, struct seq_file *m) 900 { 901 seq_puts(m, key->description); 902 } 903 904 /* 905 * grab the security key for a socket 906 */ 907 int rxrpc_request_key(struct rxrpc_sock *rx, char __user *optval, int optlen) 908 { 909 struct key *key; 910 char *description; 911 912 _enter(""); 913 914 if (optlen <= 0 || optlen > PAGE_SIZE - 1) 915 return -EINVAL; 916 917 description = memdup_user_nul(optval, optlen); 918 if (IS_ERR(description)) 919 return PTR_ERR(description); 920 921 key = request_key_net(&key_type_rxrpc, description, sock_net(&rx->sk), 922 NULL, NULL); 923 if (IS_ERR(key)) { 924 kfree(description); 925 _leave(" = %ld", PTR_ERR(key)); 926 return PTR_ERR(key); 927 } 928 929 rx->key = key; 930 kfree(description); 931 _leave(" = 0 [key %x]", key->serial); 932 return 0; 933 } 934 935 /* 936 * grab the security keyring for a server socket 937 */ 938 int rxrpc_server_keyring(struct rxrpc_sock *rx, char __user *optval, 939 int optlen) 940 { 941 struct key *key; 942 char *description; 943 944 _enter(""); 945 946 if (optlen <= 0 || optlen > PAGE_SIZE - 1) 947 return -EINVAL; 948 949 description = memdup_user_nul(optval, optlen); 950 if (IS_ERR(description)) 951 return PTR_ERR(description); 952 953 key = request_key_net(&key_type_keyring, description, sock_net(&rx->sk), 954 NULL, NULL); 955 if (IS_ERR(key)) { 956 kfree(description); 957 _leave(" = %ld", PTR_ERR(key)); 958 return PTR_ERR(key); 959 } 960 961 rx->securities = key; 962 kfree(description); 963 _leave(" = 0 [key %x]", key->serial); 964 return 0; 965 } 966 967 /* 968 * generate a server data key 969 */ 970 int rxrpc_get_server_data_key(struct rxrpc_connection *conn, 971 const void *session_key, 972 time64_t expiry, 973 u32 kvno) 974 { 975 const struct cred *cred = current_cred(); 976 struct key *key; 977 int ret; 978 979 struct { 980 u32 kver; 981 struct rxrpc_key_data_v1 v1; 982 } data; 983 984 _enter(""); 985 986 key = key_alloc(&key_type_rxrpc, "x", 987 GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, cred, 988 &internal_key_acl, 989 KEY_ALLOC_NOT_IN_QUOTA, NULL); 990 if (IS_ERR(key)) { 991 _leave(" = -ENOMEM [alloc %ld]", PTR_ERR(key)); 992 return -ENOMEM; 993 } 994 995 _debug("key %d", key_serial(key)); 996 997 data.kver = 1; 998 data.v1.security_index = RXRPC_SECURITY_RXKAD; 999 data.v1.ticket_length = 0; 1000 data.v1.expiry = rxrpc_time64_to_u32(expiry); 1001 data.v1.kvno = 0; 1002 1003 memcpy(&data.v1.session_key, session_key, sizeof(data.v1.session_key)); 1004 1005 ret = key_instantiate_and_link(key, &data, sizeof(data), NULL, NULL); 1006 if (ret < 0) 1007 goto error; 1008 1009 conn->params.key = key; 1010 _leave(" = 0 [%d]", key_serial(key)); 1011 return 0; 1012 1013 error: 1014 key_revoke(key); 1015 key_put(key); 1016 _leave(" = -ENOMEM [ins %d]", ret); 1017 return -ENOMEM; 1018 } 1019 EXPORT_SYMBOL(rxrpc_get_server_data_key); 1020 1021 /** 1022 * rxrpc_get_null_key - Generate a null RxRPC key 1023 * @keyname: The name to give the key. 1024 * 1025 * Generate a null RxRPC key that can be used to indicate anonymous security is 1026 * required for a particular domain. 1027 */ 1028 struct key *rxrpc_get_null_key(const char *keyname) 1029 { 1030 const struct cred *cred = current_cred(); 1031 struct key *key; 1032 int ret; 1033 1034 key = key_alloc(&key_type_rxrpc, keyname, 1035 GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, cred, 1036 &rxrpc_null_key_acl, KEY_ALLOC_NOT_IN_QUOTA, NULL); 1037 if (IS_ERR(key)) 1038 return key; 1039 1040 ret = key_instantiate_and_link(key, NULL, 0, NULL, NULL); 1041 if (ret < 0) { 1042 key_revoke(key); 1043 key_put(key); 1044 return ERR_PTR(ret); 1045 } 1046 1047 return key; 1048 } 1049 EXPORT_SYMBOL(rxrpc_get_null_key); 1050 1051 /* 1052 * read the contents of an rxrpc key 1053 * - this returns the result in XDR form 1054 */ 1055 static long rxrpc_read(const struct key *key, 1056 char __user *buffer, size_t buflen) 1057 { 1058 const struct rxrpc_key_token *token; 1059 const struct krb5_principal *princ; 1060 size_t size; 1061 __be32 __user *xdr, *oldxdr; 1062 u32 cnlen, toksize, ntoks, tok, zero; 1063 u16 toksizes[AFSTOKEN_MAX]; 1064 int loop; 1065 1066 _enter(""); 1067 1068 /* we don't know what form we should return non-AFS keys in */ 1069 if (memcmp(key->description, "afs@", 4) != 0) 1070 return -EOPNOTSUPP; 1071 cnlen = strlen(key->description + 4); 1072 1073 #define RND(X) (((X) + 3) & ~3) 1074 1075 /* AFS keys we return in XDR form, so we need to work out the size of 1076 * the XDR */ 1077 size = 2 * 4; /* flags, cellname len */ 1078 size += RND(cnlen); /* cellname */ 1079 size += 1 * 4; /* token count */ 1080 1081 ntoks = 0; 1082 for (token = key->payload.data[0]; token; token = token->next) { 1083 toksize = 4; /* sec index */ 1084 1085 switch (token->security_index) { 1086 case RXRPC_SECURITY_RXKAD: 1087 toksize += 9 * 4; /* viceid, kvno, key*2 + len, begin, 1088 * end, primary, tktlen */ 1089 toksize += RND(token->kad->ticket_len); 1090 break; 1091 1092 case RXRPC_SECURITY_RXK5: 1093 princ = &token->k5->client; 1094 toksize += 4 + princ->n_name_parts * 4; 1095 for (loop = 0; loop < princ->n_name_parts; loop++) 1096 toksize += RND(strlen(princ->name_parts[loop])); 1097 toksize += 4 + RND(strlen(princ->realm)); 1098 1099 princ = &token->k5->server; 1100 toksize += 4 + princ->n_name_parts * 4; 1101 for (loop = 0; loop < princ->n_name_parts; loop++) 1102 toksize += RND(strlen(princ->name_parts[loop])); 1103 toksize += 4 + RND(strlen(princ->realm)); 1104 1105 toksize += 8 + RND(token->k5->session.data_len); 1106 1107 toksize += 4 * 8 + 2 * 4; 1108 1109 toksize += 4 + token->k5->n_addresses * 8; 1110 for (loop = 0; loop < token->k5->n_addresses; loop++) 1111 toksize += RND(token->k5->addresses[loop].data_len); 1112 1113 toksize += 4 + RND(token->k5->ticket_len); 1114 toksize += 4 + RND(token->k5->ticket2_len); 1115 1116 toksize += 4 + token->k5->n_authdata * 8; 1117 for (loop = 0; loop < token->k5->n_authdata; loop++) 1118 toksize += RND(token->k5->authdata[loop].data_len); 1119 break; 1120 1121 default: /* we have a ticket we can't encode */ 1122 BUG(); 1123 continue; 1124 } 1125 1126 _debug("token[%u]: toksize=%u", ntoks, toksize); 1127 ASSERTCMP(toksize, <=, AFSTOKEN_LENGTH_MAX); 1128 1129 toksizes[ntoks++] = toksize; 1130 size += toksize + 4; /* each token has a length word */ 1131 } 1132 1133 #undef RND 1134 1135 if (!buffer || buflen < size) 1136 return size; 1137 1138 xdr = (__be32 __user *) buffer; 1139 zero = 0; 1140 #define ENCODE(x) \ 1141 do { \ 1142 __be32 y = htonl(x); \ 1143 if (put_user(y, xdr++) < 0) \ 1144 goto fault; \ 1145 } while(0) 1146 #define ENCODE_DATA(l, s) \ 1147 do { \ 1148 u32 _l = (l); \ 1149 ENCODE(l); \ 1150 if (copy_to_user(xdr, (s), _l) != 0) \ 1151 goto fault; \ 1152 if (_l & 3 && \ 1153 copy_to_user((u8 __user *)xdr + _l, &zero, 4 - (_l & 3)) != 0) \ 1154 goto fault; \ 1155 xdr += (_l + 3) >> 2; \ 1156 } while(0) 1157 #define ENCODE64(x) \ 1158 do { \ 1159 __be64 y = cpu_to_be64(x); \ 1160 if (copy_to_user(xdr, &y, 8) != 0) \ 1161 goto fault; \ 1162 xdr += 8 >> 2; \ 1163 } while(0) 1164 #define ENCODE_STR(s) \ 1165 do { \ 1166 const char *_s = (s); \ 1167 ENCODE_DATA(strlen(_s), _s); \ 1168 } while(0) 1169 1170 ENCODE(0); /* flags */ 1171 ENCODE_DATA(cnlen, key->description + 4); /* cellname */ 1172 ENCODE(ntoks); 1173 1174 tok = 0; 1175 for (token = key->payload.data[0]; token; token = token->next) { 1176 toksize = toksizes[tok++]; 1177 ENCODE(toksize); 1178 oldxdr = xdr; 1179 ENCODE(token->security_index); 1180 1181 switch (token->security_index) { 1182 case RXRPC_SECURITY_RXKAD: 1183 ENCODE(token->kad->vice_id); 1184 ENCODE(token->kad->kvno); 1185 ENCODE_DATA(8, token->kad->session_key); 1186 ENCODE(token->kad->start); 1187 ENCODE(token->kad->expiry); 1188 ENCODE(token->kad->primary_flag); 1189 ENCODE_DATA(token->kad->ticket_len, token->kad->ticket); 1190 break; 1191 1192 case RXRPC_SECURITY_RXK5: 1193 princ = &token->k5->client; 1194 ENCODE(princ->n_name_parts); 1195 for (loop = 0; loop < princ->n_name_parts; loop++) 1196 ENCODE_STR(princ->name_parts[loop]); 1197 ENCODE_STR(princ->realm); 1198 1199 princ = &token->k5->server; 1200 ENCODE(princ->n_name_parts); 1201 for (loop = 0; loop < princ->n_name_parts; loop++) 1202 ENCODE_STR(princ->name_parts[loop]); 1203 ENCODE_STR(princ->realm); 1204 1205 ENCODE(token->k5->session.tag); 1206 ENCODE_DATA(token->k5->session.data_len, 1207 token->k5->session.data); 1208 1209 ENCODE64(token->k5->authtime); 1210 ENCODE64(token->k5->starttime); 1211 ENCODE64(token->k5->endtime); 1212 ENCODE64(token->k5->renew_till); 1213 ENCODE(token->k5->is_skey); 1214 ENCODE(token->k5->flags); 1215 1216 ENCODE(token->k5->n_addresses); 1217 for (loop = 0; loop < token->k5->n_addresses; loop++) { 1218 ENCODE(token->k5->addresses[loop].tag); 1219 ENCODE_DATA(token->k5->addresses[loop].data_len, 1220 token->k5->addresses[loop].data); 1221 } 1222 1223 ENCODE_DATA(token->k5->ticket_len, token->k5->ticket); 1224 ENCODE_DATA(token->k5->ticket2_len, token->k5->ticket2); 1225 1226 ENCODE(token->k5->n_authdata); 1227 for (loop = 0; loop < token->k5->n_authdata; loop++) { 1228 ENCODE(token->k5->authdata[loop].tag); 1229 ENCODE_DATA(token->k5->authdata[loop].data_len, 1230 token->k5->authdata[loop].data); 1231 } 1232 break; 1233 1234 default: 1235 BUG(); 1236 break; 1237 } 1238 1239 ASSERTCMP((unsigned long)xdr - (unsigned long)oldxdr, ==, 1240 toksize); 1241 } 1242 1243 #undef ENCODE_STR 1244 #undef ENCODE_DATA 1245 #undef ENCODE64 1246 #undef ENCODE 1247 1248 ASSERTCMP(tok, ==, ntoks); 1249 ASSERTCMP((char __user *) xdr - buffer, ==, size); 1250 _leave(" = %zu", size); 1251 return size; 1252 1253 fault: 1254 _leave(" = -EFAULT"); 1255 return -EFAULT; 1256 } 1257