]> git.proxmox.com Git - mirror_ubuntu-eoan-kernel.git/blame - net/rxrpc/rxkad.c
projects / mirror_ubuntu-eoan-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
UBUNTU: Ubuntu-5.3.0-29.31
[mirror_ubuntu-eoan-kernel.git] / net / rxrpc / rxkad.c
CommitLineData
2874c5fd 1// SPDX-License-Identifier: GPL-2.0-or-later
17926a79
DH		 2/* Kerberos-based RxRPC security
3 *
4 * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
5 * Written by David Howells (dhowells@redhat.com)
17926a79
DH		 6 */
7
9b6d5398
JP		 8#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
9
1afe593b 10#include <crypto/skcipher.h>
17926a79
DH		 11#include <linux/module.h>
12#include <linux/net.h>
13#include <linux/skbuff.h>
14#include <linux/udp.h>
17926a79
DH		 15#include <linux/scatterlist.h>
16#include <linux/ctype.h>
5a0e3ad6 17#include <linux/slab.h>
17926a79
DH		 18#include <net/sock.h>
19#include <net/af_rxrpc.h>
33941284 20#include <keys/rxrpc-type.h>
17926a79
DH		 21#include "ar-internal.h"
22
23#define RXKAD_VERSION 2
24#define MAXKRB5TICKETLEN 1024
25#define RXKAD_TKT_TYPE_KERBEROS_V5 256
26#define ANAME_SZ 40 /* size of authentication name */
27#define INST_SZ 40 /* size of principal's instance */
28#define REALM_SZ 40 /* size of principal's auth domain */
29#define SNAME_SZ 40 /* size of service name */
30
17926a79
DH		 31struct rxkad_level1_hdr {
32 __be32 data_size; /* true data size (excluding padding) */
33};
34
35struct rxkad_level2_hdr {
36 __be32 data_size; /* true data size (excluding padding) */
37 __be32 checksum; /* decrypted data checksum */
38};
39
17926a79
DH		 40/*
41 * this holds a pinned cipher so that keventd doesn't get called by the cipher
42 * alloc routine, but since we have it to hand, we use it to decrypt RESPONSE
43 * packets
44 */
69d826fa 45static struct crypto_sync_skcipher *rxkad_ci;
17926a79
DH		 46static DEFINE_MUTEX(rxkad_ci_mutex);
47
48/*
49 * initialise connection security
50 */
51static int rxkad_init_connection_security(struct rxrpc_connection *conn)
52{
69d826fa 53 struct crypto_sync_skcipher *ci;
33941284 54 struct rxrpc_key_token *token;
17926a79
DH		 55 int ret;
56
19ffa01c 57 _enter("{%d},{%x}", conn->debug_id, key_serial(conn->params.key));
17926a79 58
19ffa01c 59 token = conn->params.key->payload.data[0];
33941284 60 conn->security_ix = token->security_index;
17926a79 61
69d826fa 62 ci = crypto_alloc_sync_skcipher("pcbc(fcrypt)", 0, 0);
17926a79
DH		 63 if (IS_ERR(ci)) {
64 _debug("no cipher");
65 ret = PTR_ERR(ci);
66 goto error;
67 }
68
69d826fa 69 if (crypto_sync_skcipher_setkey(ci, token->kad->session_key,
1afe593b 70 sizeof(token->kad->session_key)) < 0)
17926a79
DH		 71 BUG();
72
19ffa01c 73 switch (conn->params.security_level) {
17926a79
DH		 74 case RXRPC_SECURITY_PLAIN:
75 break;
76 case RXRPC_SECURITY_AUTH:
77 conn->size_align = 8;
78 conn->security_size = sizeof(struct rxkad_level1_hdr);
17926a79
DH		 79 break;
80 case RXRPC_SECURITY_ENCRYPT:
81 conn->size_align = 8;
82 conn->security_size = sizeof(struct rxkad_level2_hdr);
17926a79
DH		 83 break;
84 default:
85 ret = -EKEYREJECTED;
86 goto error;
87 }
88
89 conn->cipher = ci;
90 ret = 0;
91error:
92 _leave(" = %d", ret);
93 return ret;
94}
95
96/*
97 * prime the encryption state with the invariant parts of a connection's
98 * description
99 */
a263629d 100static int rxkad_prime_packet_security(struct rxrpc_connection *conn)
17926a79 101{
33941284 102 struct rxrpc_key_token *token;
69d826fa 103 SYNC_SKCIPHER_REQUEST_ON_STACK(req, conn->cipher);
a263629d 104 struct scatterlist sg;
17926a79 105 struct rxrpc_crypt iv;
a263629d
HX		 106 __be32 *tmpbuf;
107 size_t tmpsize = 4 * sizeof(__be32);
17926a79
DH		 108
109 _enter("");
110
19ffa01c 111 if (!conn->params.key)
a263629d
HX		 112 return 0;
113
114 tmpbuf = kmalloc(tmpsize, GFP_KERNEL);
115 if (!tmpbuf)
116 return -ENOMEM;
17926a79 117
19ffa01c 118 token = conn->params.key->payload.data[0];
33941284 119 memcpy(&iv, token->kad->session_key, sizeof(iv));
17926a79 120
a263629d
HX		 121 tmpbuf[0] = htonl(conn->proto.epoch);
122 tmpbuf[1] = htonl(conn->proto.cid);
123 tmpbuf[2] = 0;
124 tmpbuf[3] = htonl(conn->security_ix);
1afe593b 125
a263629d 126 sg_init_one(&sg, tmpbuf, tmpsize);
69d826fa 127 skcipher_request_set_sync_tfm(req, conn->cipher);
1afe593b 128 skcipher_request_set_callback(req, 0, NULL, NULL);
a263629d 129 skcipher_request_set_crypt(req, &sg, &sg, tmpsize, iv.x);
1afe593b
HX		 130 crypto_skcipher_encrypt(req);
131 skcipher_request_zero(req);
17926a79 132
a263629d
HX		 133 memcpy(&conn->csum_iv, tmpbuf + 2, sizeof(conn->csum_iv));
134 kfree(tmpbuf);
135 _leave(" = 0");
136 return 0;
17926a79
DH		 137}
138
139/*
140 * partially encrypt a packet (level 1 security)
141 */
142static int rxkad_secure_packet_auth(const struct rxrpc_call *call,
143 struct sk_buff *skb,
144 u32 data_size,
54424d38
KC		 145 void *sechdr,
146 struct skcipher_request *req)
17926a79 147{
fb46f6ee 148 struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
a263629d 149 struct rxkad_level1_hdr hdr;
17926a79 150 struct rxrpc_crypt iv;
a263629d 151 struct scatterlist sg;
17926a79
DH		 152 u16 check;
153
17926a79
DH		 154 _enter("");
155
5a924b89 156 check = sp->hdr.seq ^ call->call_id;
0d12f8a4 157 data_size |= (u32)check << 16;
17926a79 158
a263629d
HX		 159 hdr.data_size = htonl(data_size);
160 memcpy(sechdr, &hdr, sizeof(hdr));
17926a79
DH		 161
162 /* start the encryption afresh */
163 memset(&iv, 0, sizeof(iv));
17926a79 164
a263629d 165 sg_init_one(&sg, sechdr, 8);
69d826fa 166 skcipher_request_set_sync_tfm(req, call->conn->cipher);
1afe593b 167 skcipher_request_set_callback(req, 0, NULL, NULL);
a263629d 168 skcipher_request_set_crypt(req, &sg, &sg, 8, iv.x);
1afe593b
HX		 169 crypto_skcipher_encrypt(req);
170 skcipher_request_zero(req);
17926a79 171
17926a79
DH		 172 _leave(" = 0");
173 return 0;
174}
175
176/*
177 * wholly encrypt a packet (level 2 security)
178 */
179static int rxkad_secure_packet_encrypt(const struct rxrpc_call *call,
b4f1342f
DH		 180 struct sk_buff *skb,
181 u32 data_size,
54424d38
KC		 182 void *sechdr,
183 struct skcipher_request *req)
17926a79 184{
33941284 185 const struct rxrpc_key_token *token;
a263629d 186 struct rxkad_level2_hdr rxkhdr;
17926a79 187 struct rxrpc_skb_priv *sp;
17926a79
DH		 188 struct rxrpc_crypt iv;
189 struct scatterlist sg[16];
95c96174 190 unsigned int len;
17926a79 191 u16 check;
1afe593b 192 int err;
17926a79
DH		 193
194 sp = rxrpc_skb(skb);
195
196 _enter("");
197
5a924b89 198 check = sp->hdr.seq ^ call->call_id;
17926a79 199
0d12f8a4 200 rxkhdr.data_size = htonl(data_size | (u32)check << 16);
17926a79 201 rxkhdr.checksum = 0;
a263629d 202 memcpy(sechdr, &rxkhdr, sizeof(rxkhdr));
17926a79
DH		 203
204 /* encrypt from the session key */
19ffa01c 205 token = call->conn->params.key->payload.data[0];
33941284 206 memcpy(&iv, token->kad->session_key, sizeof(iv));
17926a79 207
68e3f5dd 208 sg_init_one(&sg[0], sechdr, sizeof(rxkhdr));
69d826fa 209 skcipher_request_set_sync_tfm(req, call->conn->cipher);
1afe593b 210 skcipher_request_set_callback(req, 0, NULL, NULL);
a263629d 211 skcipher_request_set_crypt(req, &sg[0], &sg[0], sizeof(rxkhdr), iv.x);
1afe593b 212 crypto_skcipher_encrypt(req);
17926a79
DH		 213
214 /* we want to encrypt the skbuff in-place */
d0d5c0cd
DH		 215 err = -EMSGSIZE;
216 if (skb_shinfo(skb)->nr_frags > 16)
1afe593b 217 goto out;
17926a79
DH		 218
219 len = data_size + call->conn->size_align - 1;
220 len &= ~(call->conn->size_align - 1);
221
d0d5c0cd 222 sg_init_table(sg, ARRAY_SIZE(sg));
89a5ea99
JD		 223 err = skb_to_sgvec(skb, sg, 0, len);
224 if (unlikely(err < 0))
225 goto out;
1afe593b 226 skcipher_request_set_crypt(req, sg, sg, len, iv.x);
1afe593b 227 crypto_skcipher_encrypt(req);
17926a79
DH		 228
229 _leave(" = 0");
1afe593b
HX		 230 err = 0;
231
232out:
233 skcipher_request_zero(req);
234 return err;
17926a79
DH		 235}
236
237/*
238 * checksum an RxRPC packet header
239 */
a263629d 240static int rxkad_secure_packet(struct rxrpc_call *call,
b4f1342f
DH		 241 struct sk_buff *skb,
242 size_t data_size,
243 void *sechdr)
17926a79
DH		 244{
245 struct rxrpc_skb_priv *sp;
69d826fa 246 SYNC_SKCIPHER_REQUEST_ON_STACK(req, call->conn->cipher);
17926a79 247 struct rxrpc_crypt iv;
a263629d 248 struct scatterlist sg;
0d12f8a4 249 u32 x, y;
17926a79
DH		 250 int ret;
251
252 sp = rxrpc_skb(skb);
253
254 _enter("{%d{%x}},{#%u},%zu,",
19ffa01c
DH		 255 call->debug_id, key_serial(call->conn->params.key),
256 sp->hdr.seq, data_size);
17926a79
DH		 257
258 if (!call->conn->cipher)
259 return 0;
260
19ffa01c 261 ret = key_validate(call->conn->params.key);
17926a79
DH		 262 if (ret < 0)
263 return ret;
264
265 /* continue encrypting from where we left off */
266 memcpy(&iv, call->conn->csum_iv.x, sizeof(iv));
17926a79
DH		 267
268 /* calculate the security checksum */
01a90a45 269 x = (call->cid & RXRPC_CHANNELMASK) << (32 - RXRPC_CIDSHIFT);
0d12f8a4 270 x |= sp->hdr.seq & 0x3fffffff;
5a924b89 271 call->crypto_buf[0] = htonl(call->call_id);
a263629d 272 call->crypto_buf[1] = htonl(x);
1afe593b 273
a263629d 274 sg_init_one(&sg, call->crypto_buf, 8);
69d826fa 275 skcipher_request_set_sync_tfm(req, call->conn->cipher);
1afe593b 276 skcipher_request_set_callback(req, 0, NULL, NULL);
a263629d 277 skcipher_request_set_crypt(req, &sg, &sg, 8, iv.x);
1afe593b
HX		 278 crypto_skcipher_encrypt(req);
279 skcipher_request_zero(req);
17926a79 280
a263629d 281 y = ntohl(call->crypto_buf[1]);
91e916cf
AV		 282 y = (y >> 16) & 0xffff;
283 if (y == 0)
284 y = 1; /* zero checksums are not permitted */
0d12f8a4 285 sp->hdr.cksum = y;
17926a79 286
19ffa01c 287 switch (call->conn->params.security_level) {
17926a79
DH		 288 case RXRPC_SECURITY_PLAIN:
289 ret = 0;
290 break;
291 case RXRPC_SECURITY_AUTH:
54424d38
KC		 292 ret = rxkad_secure_packet_auth(call, skb, data_size, sechdr,
293 req);
17926a79
DH		 294 break;
295 case RXRPC_SECURITY_ENCRYPT:
296 ret = rxkad_secure_packet_encrypt(call, skb, data_size,
54424d38 297 sechdr, req);
17926a79
DH		 298 break;
299 default:
300 ret = -EPERM;
301 break;
302 }
303
91e916cf 304 _leave(" = %d [set %hx]", ret, y);
17926a79
DH		 305 return ret;
306}
307
308/*
309 * decrypt partial encryption on a packet (level 1 security)
310 */
5a42976d 311static int rxkad_verify_packet_1(struct rxrpc_call *call, struct sk_buff *skb,
248f219c 312 unsigned int offset, unsigned int len,
54424d38
KC		 313 rxrpc_seq_t seq,
314 struct skcipher_request *req)
17926a79
DH		 315{
316 struct rxkad_level1_hdr sechdr;
17926a79 317 struct rxrpc_crypt iv;
68e3f5dd 318 struct scatterlist sg[16];
fb46f6ee 319 bool aborted;
17926a79
DH		 320 u32 data_size, buf;
321 u16 check;
d0d5c0cd 322 int ret;
17926a79
DH		 323
324 _enter("");
325
248f219c 326 if (len < 8) {
fb46f6ee
DH		 327 aborted = rxrpc_abort_eproto(call, skb, "rxkad_1_hdr", "V1H",
328 RXKADSEALEDINCON);
5a42976d
DH		 329 goto protocol_error;
330 }
17926a79 331
248f219c
DH		 332 /* Decrypt the skbuff in-place. TODO: We really want to decrypt
333 * directly into the target buffer.
334 */
d0d5c0cd 335 sg_init_table(sg, ARRAY_SIZE(sg));
89a5ea99
JD		 336 ret = skb_to_sgvec(skb, sg, offset, 8);
337 if (unlikely(ret < 0))
338 return ret;
17926a79
DH		 339
340 /* start the decryption afresh */
341 memset(&iv, 0, sizeof(iv));
17926a79 342
69d826fa 343 skcipher_request_set_sync_tfm(req, call->conn->cipher);
1afe593b
HX		 344 skcipher_request_set_callback(req, 0, NULL, NULL);
345 skcipher_request_set_crypt(req, sg, sg, 8, iv.x);
1afe593b
HX		 346 crypto_skcipher_decrypt(req);
347 skcipher_request_zero(req);
17926a79 348
5a42976d 349 /* Extract the decrypted packet length */
248f219c 350 if (skb_copy_bits(skb, offset, &sechdr, sizeof(sechdr)) < 0) {
fb46f6ee
DH		 351 aborted = rxrpc_abort_eproto(call, skb, "rxkad_1_len", "XV1",
352 RXKADDATALEN);
5a42976d
DH		 353 goto protocol_error;
354 }
248f219c
DH		 355 offset += sizeof(sechdr);
356 len -= sizeof(sechdr);
17926a79
DH		 357
358 buf = ntohl(sechdr.data_size);
359 data_size = buf & 0xffff;
360
361 check = buf >> 16;
5a42976d 362 check ^= seq ^ call->call_id;
17926a79
DH		 363 check &= 0xffff;
364 if (check != 0) {
fb46f6ee
DH		 365 aborted = rxrpc_abort_eproto(call, skb, "rxkad_1_check", "V1C",
366 RXKADSEALEDINCON);
17926a79
DH		 367 goto protocol_error;
368 }
369
248f219c 370 if (data_size > len) {
fb46f6ee
DH		 371 aborted = rxrpc_abort_eproto(call, skb, "rxkad_1_datalen", "V1L",
372 RXKADDATALEN);
5a42976d
DH		 373 goto protocol_error;
374 }
17926a79
DH		 375
376 _leave(" = 0 [dlen=%x]", data_size);
377 return 0;
378
17926a79 379protocol_error:
fb46f6ee
DH		 380 if (aborted)
381 rxrpc_send_abort_packet(call);
17926a79 382 return -EPROTO;
17926a79
DH		 383}
384
385/*
386 * wholly decrypt a packet (level 2 security)
387 */
5a42976d 388static int rxkad_verify_packet_2(struct rxrpc_call *call, struct sk_buff *skb,
248f219c 389 unsigned int offset, unsigned int len,
54424d38
KC		 390 rxrpc_seq_t seq,
391 struct skcipher_request *req)
17926a79 392{
33941284 393 const struct rxrpc_key_token *token;
17926a79 394 struct rxkad_level2_hdr sechdr;
17926a79
DH		 395 struct rxrpc_crypt iv;
396 struct scatterlist _sg[4], *sg;
fb46f6ee 397 bool aborted;
17926a79
DH		 398 u32 data_size, buf;
399 u16 check;
89a5ea99 400 int nsg, ret;
17926a79
DH		 401
402 _enter(",{%d}", skb->len);
403
248f219c 404 if (len < 8) {
fb46f6ee
DH		 405 aborted = rxrpc_abort_eproto(call, skb, "rxkad_2_hdr", "V2H",
406 RXKADSEALEDINCON);
5a42976d
DH		 407 goto protocol_error;
408 }
17926a79 409
248f219c
DH		 410 /* Decrypt the skbuff in-place. TODO: We really want to decrypt
411 * directly into the target buffer.
412 */
17926a79 413 sg = _sg;
d0d5c0cd
DH		 414 nsg = skb_shinfo(skb)->nr_frags;
415 if (nsg <= 4) {
416 nsg = 4;
417 } else {
6da2ec56 418 sg = kmalloc_array(nsg, sizeof(*sg), GFP_NOIO);
17926a79
DH		 419 if (!sg)
420 goto nomem;
421 }
422
68e3f5dd 423 sg_init_table(sg, nsg);
89a5ea99
JD		 424 ret = skb_to_sgvec(skb, sg, offset, len);
425 if (unlikely(ret < 0)) {
426 if (sg != _sg)
427 kfree(sg);
428 return ret;
429 }
17926a79
DH		 430
431 /* decrypt from the session key */
19ffa01c 432 token = call->conn->params.key->payload.data[0];
33941284 433 memcpy(&iv, token->kad->session_key, sizeof(iv));
17926a79 434
69d826fa 435 skcipher_request_set_sync_tfm(req, call->conn->cipher);
1afe593b 436 skcipher_request_set_callback(req, 0, NULL, NULL);
248f219c 437 skcipher_request_set_crypt(req, sg, sg, len, iv.x);
1afe593b
HX		 438 crypto_skcipher_decrypt(req);
439 skcipher_request_zero(req);
17926a79
DH		 440 if (sg != _sg)
441 kfree(sg);
442
5a42976d 443 /* Extract the decrypted packet length */
248f219c 444 if (skb_copy_bits(skb, offset, &sechdr, sizeof(sechdr)) < 0) {
fb46f6ee
DH		 445 aborted = rxrpc_abort_eproto(call, skb, "rxkad_2_len", "XV2",
446 RXKADDATALEN);
5a42976d
DH		 447 goto protocol_error;
448 }
248f219c
DH		 449 offset += sizeof(sechdr);
450 len -= sizeof(sechdr);
17926a79
DH		 451
452 buf = ntohl(sechdr.data_size);
453 data_size = buf & 0xffff;
454
455 check = buf >> 16;
5a42976d 456 check ^= seq ^ call->call_id;
17926a79
DH		 457 check &= 0xffff;
458 if (check != 0) {
fb46f6ee
DH		 459 aborted = rxrpc_abort_eproto(call, skb, "rxkad_2_check", "V2C",
460 RXKADSEALEDINCON);
17926a79
DH		 461 goto protocol_error;
462 }
463
248f219c 464 if (data_size > len) {
fb46f6ee
DH		 465 aborted = rxrpc_abort_eproto(call, skb, "rxkad_2_datalen", "V2L",
466 RXKADDATALEN);
5a42976d
DH		 467 goto protocol_error;
468 }
17926a79
DH		 469
470 _leave(" = 0 [dlen=%x]", data_size);
471 return 0;
472
17926a79 473protocol_error:
fb46f6ee
DH		 474 if (aborted)
475 rxrpc_send_abort_packet(call);
17926a79
DH		 476 return -EPROTO;
477
478nomem:
479 _leave(" = -ENOMEM");
480 return -ENOMEM;
481}
482
483/*
5a42976d
DH		 484 * Verify the security on a received packet or subpacket (if part of a
485 * jumbo packet).
17926a79 486 */
5a42976d 487static int rxkad_verify_packet(struct rxrpc_call *call, struct sk_buff *skb,
248f219c 488 unsigned int offset, unsigned int len,
5a42976d 489 rxrpc_seq_t seq, u16 expected_cksum)
17926a79 490{
69d826fa 491 SYNC_SKCIPHER_REQUEST_ON_STACK(req, call->conn->cipher);
17926a79 492 struct rxrpc_crypt iv;
a263629d 493 struct scatterlist sg;
fb46f6ee 494 bool aborted;
0d12f8a4
DH		 495 u16 cksum;
496 u32 x, y;
17926a79
DH		 497
498 _enter("{%d{%x}},{#%u}",
5a42976d 499 call->debug_id, key_serial(call->conn->params.key), seq);
17926a79
DH		 500
501 if (!call->conn->cipher)
502 return 0;
503
17926a79
DH		 504 /* continue encrypting from where we left off */
505 memcpy(&iv, call->conn->csum_iv.x, sizeof(iv));
17926a79
DH		 506
507 /* validate the security checksum */
01a90a45 508 x = (call->cid & RXRPC_CHANNELMASK) << (32 - RXRPC_CIDSHIFT);
5a42976d 509 x |= seq & 0x3fffffff;
a263629d
HX		 510 call->crypto_buf[0] = htonl(call->call_id);
511 call->crypto_buf[1] = htonl(x);
1afe593b 512
a263629d 513 sg_init_one(&sg, call->crypto_buf, 8);
69d826fa 514 skcipher_request_set_sync_tfm(req, call->conn->cipher);
1afe593b 515 skcipher_request_set_callback(req, 0, NULL, NULL);
a263629d 516 skcipher_request_set_crypt(req, &sg, &sg, 8, iv.x);
1afe593b
HX		 517 crypto_skcipher_encrypt(req);
518 skcipher_request_zero(req);
17926a79 519
a263629d 520 y = ntohl(call->crypto_buf[1]);
0d12f8a4
DH		 521 cksum = (y >> 16) & 0xffff;
522 if (cksum == 0)
523 cksum = 1; /* zero checksums are not permitted */
17926a79 524
5a42976d 525 if (cksum != expected_cksum) {
fb46f6ee
DH		 526 aborted = rxrpc_abort_eproto(call, skb, "rxkad_csum", "VCK",
527 RXKADSEALEDINCON);
528 goto protocol_error;
17926a79
DH		 529 }
530
19ffa01c 531 switch (call->conn->params.security_level) {
17926a79 532 case RXRPC_SECURITY_PLAIN:
5a42976d 533 return 0;
17926a79 534 case RXRPC_SECURITY_AUTH:
54424d38 535 return rxkad_verify_packet_1(call, skb, offset, len, seq, req);
17926a79 536 case RXRPC_SECURITY_ENCRYPT:
54424d38 537 return rxkad_verify_packet_2(call, skb, offset, len, seq, req);
17926a79 538 default:
5a42976d 539 return -ENOANO;
17926a79 540 }
fb46f6ee
DH		 541
542protocol_error:
543 if (aborted)
544 rxrpc_send_abort_packet(call);
545 return -EPROTO;
17926a79
DH		 546}
547
248f219c
DH		 548/*
549 * Locate the data contained in a packet that was partially encrypted.
550 */
551static void rxkad_locate_data_1(struct rxrpc_call *call, struct sk_buff *skb,
552 unsigned int *_offset, unsigned int *_len)
553{
554 struct rxkad_level1_hdr sechdr;
555
556 if (skb_copy_bits(skb, *_offset, &sechdr, sizeof(sechdr)) < 0)
557 BUG();
558 *_offset += sizeof(sechdr);
559 *_len = ntohl(sechdr.data_size) & 0xffff;
560}
561
562/*
563 * Locate the data contained in a packet that was completely encrypted.
564 */
565static void rxkad_locate_data_2(struct rxrpc_call *call, struct sk_buff *skb,
566 unsigned int *_offset, unsigned int *_len)
567{
568 struct rxkad_level2_hdr sechdr;
569
570 if (skb_copy_bits(skb, *_offset, &sechdr, sizeof(sechdr)) < 0)
571 BUG();
572 *_offset += sizeof(sechdr);
573 *_len = ntohl(sechdr.data_size) & 0xffff;
574}
575
576/*
577 * Locate the data contained in an already decrypted packet.
578 */
579static void rxkad_locate_data(struct rxrpc_call *call, struct sk_buff *skb,
580 unsigned int *_offset, unsigned int *_len)
581{
582 switch (call->conn->params.security_level) {
583 case RXRPC_SECURITY_AUTH:
584 rxkad_locate_data_1(call, skb, _offset, _len);
585 return;
586 case RXRPC_SECURITY_ENCRYPT:
587 rxkad_locate_data_2(call, skb, _offset, _len);
588 return;
589 default:
590 return;
591 }
592}
593
17926a79
DH		 594/*
595 * issue a challenge
596 */
597static int rxkad_issue_challenge(struct rxrpc_connection *conn)
598{
599 struct rxkad_challenge challenge;
0d12f8a4 600 struct rxrpc_wire_header whdr;
17926a79
DH		 601 struct msghdr msg;
602 struct kvec iov[2];
603 size_t len;
0d12f8a4 604 u32 serial;
17926a79
DH		 605 int ret;
606
19ffa01c 607 _enter("{%d,%x}", conn->debug_id, key_serial(conn->params.key));
17926a79 608
19ffa01c 609 ret = key_validate(conn->params.key);
17926a79
DH		 610 if (ret < 0)
611 return ret;
612
613 get_random_bytes(&conn->security_nonce, sizeof(conn->security_nonce));
614
615 challenge.version = htonl(2);
616 challenge.nonce = htonl(conn->security_nonce);
617 challenge.min_level = htonl(0);
618 challenge.__padding = 0;
619
7b674e39
DH		 620 msg.msg_name = &conn->params.peer->srx.transport;
621 msg.msg_namelen = conn->params.peer->srx.transport_len;
17926a79
DH		 622 msg.msg_control = NULL;
623 msg.msg_controllen = 0;
624 msg.msg_flags = 0;
625
19ffa01c
DH		 626 whdr.epoch = htonl(conn->proto.epoch);
627 whdr.cid = htonl(conn->proto.cid);
0d12f8a4
DH		 628 whdr.callNumber = 0;
629 whdr.seq = 0;
630 whdr.type = RXRPC_PACKET_TYPE_CHALLENGE;
631 whdr.flags = conn->out_clientflag;
632 whdr.userStatus = 0;
633 whdr.securityIndex = conn->security_ix;
634 whdr._rsvd = 0;
68d6d1ae 635 whdr.serviceId = htons(conn->service_id);
0d12f8a4
DH		 636
637 iov[0].iov_base = &whdr;
638 iov[0].iov_len = sizeof(whdr);
17926a79
DH		 639 iov[1].iov_base = &challenge;
640 iov[1].iov_len = sizeof(challenge);
641
642 len = iov[0].iov_len + iov[1].iov_len;
643
0d12f8a4
DH		 644 serial = atomic_inc_return(&conn->serial);
645 whdr.serial = htonl(serial);
646 _proto("Tx CHALLENGE %%%u", serial);
17926a79 647
85f32278 648 ret = kernel_sendmsg(conn->params.local->socket, &msg, iov, 2, len);
17926a79 649 if (ret < 0) {
6b47fe1d 650 trace_rxrpc_tx_fail(conn->debug_id, serial, ret,
4764c0da 651 rxrpc_tx_point_rxkad_challenge);
17926a79
DH		 652 return -EAGAIN;
653 }
654
330bdcfa 655 conn->params.peer->last_tx_at = ktime_get_seconds();
4764c0da
DH		 656 trace_rxrpc_tx_packet(conn->debug_id, &whdr,
657 rxrpc_tx_point_rxkad_challenge);
17926a79
DH		 658 _leave(" = 0");
659 return 0;
660}
661
662/*
663 * send a Kerberos security response
664 */
665static int rxkad_send_response(struct rxrpc_connection *conn,
0d12f8a4 666 struct rxrpc_host_header *hdr,
17926a79
DH		 667 struct rxkad_response *resp,
668 const struct rxkad_key *s2)
669{
0d12f8a4 670 struct rxrpc_wire_header whdr;
17926a79
DH		 671 struct msghdr msg;
672 struct kvec iov[3];
673 size_t len;
0d12f8a4 674 u32 serial;
17926a79
DH		 675 int ret;
676
677 _enter("");
678
7b674e39
DH		 679 msg.msg_name = &conn->params.peer->srx.transport;
680 msg.msg_namelen = conn->params.peer->srx.transport_len;
17926a79
DH		 681 msg.msg_control = NULL;
682 msg.msg_controllen = 0;
683 msg.msg_flags = 0;
684
0d12f8a4
DH		 685 memset(&whdr, 0, sizeof(whdr));
686 whdr.epoch = htonl(hdr->epoch);
687 whdr.cid = htonl(hdr->cid);
688 whdr.type = RXRPC_PACKET_TYPE_RESPONSE;
689 whdr.flags = conn->out_clientflag;
690 whdr.securityIndex = hdr->securityIndex;
691 whdr.serviceId = htons(hdr->serviceId);
17926a79 692
0d12f8a4
DH		 693 iov[0].iov_base = &whdr;
694 iov[0].iov_len = sizeof(whdr);
17926a79
DH		 695 iov[1].iov_base = resp;
696 iov[1].iov_len = sizeof(*resp);
0d12f8a4 697 iov[2].iov_base = (void *)s2->ticket;
17926a79
DH		 698 iov[2].iov_len = s2->ticket_len;
699
700 len = iov[0].iov_len + iov[1].iov_len + iov[2].iov_len;
701
0d12f8a4
DH		 702 serial = atomic_inc_return(&conn->serial);
703 whdr.serial = htonl(serial);
704 _proto("Tx RESPONSE %%%u", serial);
17926a79 705
85f32278 706 ret = kernel_sendmsg(conn->params.local->socket, &msg, iov, 3, len);
17926a79 707 if (ret < 0) {
6b47fe1d 708 trace_rxrpc_tx_fail(conn->debug_id, serial, ret,
4764c0da 709 rxrpc_tx_point_rxkad_response);
17926a79
DH		 710 return -EAGAIN;
711 }
712
330bdcfa 713 conn->params.peer->last_tx_at = ktime_get_seconds();
17926a79
DH		 714 _leave(" = 0");
715 return 0;
716}
717
718/*
719 * calculate the response checksum
720 */
721static void rxkad_calc_response_checksum(struct rxkad_response *response)
722{
723 u32 csum = 1000003;
724 int loop;
725 u8 *p = (u8 *) response;
726
727 for (loop = sizeof(*response); loop > 0; loop--)
728 csum = csum * 0x10204081 + *p++;
729
730 response->encrypted.checksum = htonl(csum);
731}
732
17926a79
DH		 733/*
734 * encrypt the response packet
735 */
736static void rxkad_encrypt_response(struct rxrpc_connection *conn,
737 struct rxkad_response *resp,
738 const struct rxkad_key *s2)
739{
69d826fa 740 SYNC_SKCIPHER_REQUEST_ON_STACK(req, conn->cipher);
17926a79 741 struct rxrpc_crypt iv;
a263629d 742 struct scatterlist sg[1];
17926a79
DH		 743
744 /* continue encrypting from where we left off */
745 memcpy(&iv, s2->session_key, sizeof(iv));
17926a79 746
a263629d
HX		 747 sg_init_table(sg, 1);
748 sg_set_buf(sg, &resp->encrypted, sizeof(resp->encrypted));
69d826fa 749 skcipher_request_set_sync_tfm(req, conn->cipher);
1afe593b
HX		 750 skcipher_request_set_callback(req, 0, NULL, NULL);
751 skcipher_request_set_crypt(req, sg, sg, sizeof(resp->encrypted), iv.x);
1afe593b
HX		 752 crypto_skcipher_encrypt(req);
753 skcipher_request_zero(req);
17926a79
DH		 754}
755
756/*
757 * respond to a challenge packet
758 */
759static int rxkad_respond_to_challenge(struct rxrpc_connection *conn,
760 struct sk_buff *skb,
761 u32 *_abort_code)
762{
33941284 763 const struct rxrpc_key_token *token;
17926a79 764 struct rxkad_challenge challenge;
8c2f826d 765 struct rxkad_response *resp;
248f219c 766 struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
fb46f6ee 767 const char *eproto;
17926a79
DH		 768 u32 version, nonce, min_level, abort_code;
769 int ret;
770
19ffa01c 771 _enter("{%d,%x}", conn->debug_id, key_serial(conn->params.key));
17926a79 772
fb46f6ee 773 eproto = tracepoint_string("chall_no_key");
ef68622d
DH		 774 abort_code = RX_PROTOCOL_ERROR;
775 if (!conn->params.key)
776 goto protocol_error;
17926a79 777
ef68622d 778 abort_code = RXKADEXPIRED;
19ffa01c 779 ret = key_validate(conn->params.key);
ef68622d
DH		 780 if (ret < 0)
781 goto other_error;
17926a79 782
fb46f6ee 783 eproto = tracepoint_string("chall_short");
17926a79 784 abort_code = RXKADPACKETSHORT;
775e5b71
DH		 785 if (skb_copy_bits(skb, sizeof(struct rxrpc_wire_header),
786 &challenge, sizeof(challenge)) < 0)
17926a79
DH		 787 goto protocol_error;
788
789 version = ntohl(challenge.version);
790 nonce = ntohl(challenge.nonce);
791 min_level = ntohl(challenge.min_level);
792
793 _proto("Rx CHALLENGE %%%u { v=%u n=%u ml=%u }",
0d12f8a4 794 sp->hdr.serial, version, nonce, min_level);
17926a79 795
fb46f6ee 796 eproto = tracepoint_string("chall_ver");
17926a79
DH		 797 abort_code = RXKADINCONSISTENCY;
798 if (version != RXKAD_VERSION)
799 goto protocol_error;
800
801 abort_code = RXKADLEVELFAIL;
ef68622d 802 ret = -EACCES;
19ffa01c 803 if (conn->params.security_level < min_level)
ef68622d 804 goto other_error;
17926a79 805
19ffa01c 806 token = conn->params.key->payload.data[0];
17926a79
DH		 807
808 /* build the response packet */
8c2f826d
DH		 809 resp = kzalloc(sizeof(struct rxkad_response), GFP_NOFS);
810 if (!resp)
811 return -ENOMEM;
812
813 resp->version = htonl(RXKAD_VERSION);
814 resp->encrypted.epoch = htonl(conn->proto.epoch);
815 resp->encrypted.cid = htonl(conn->proto.cid);
816 resp->encrypted.securityIndex = htonl(conn->security_ix);
817 resp->encrypted.inc_nonce = htonl(nonce + 1);
818 resp->encrypted.level = htonl(conn->params.security_level);
819 resp->kvno = htonl(token->kad->kvno);
820 resp->ticket_len = htonl(token->kad->ticket_len);
821 resp->encrypted.call_id[0] = htonl(conn->channels[0].call_counter);
822 resp->encrypted.call_id[1] = htonl(conn->channels[1].call_counter);
823 resp->encrypted.call_id[2] = htonl(conn->channels[2].call_counter);
824 resp->encrypted.call_id[3] = htonl(conn->channels[3].call_counter);
17926a79
DH		 825
826 /* calculate the response checksum and then do the encryption */
8c2f826d
DH		 827 rxkad_calc_response_checksum(resp);
828 rxkad_encrypt_response(conn, resp, token->kad);
829 ret = rxkad_send_response(conn, &sp->hdr, resp, token->kad);
830 kfree(resp);
831 return ret;
17926a79
DH		 832
833protocol_error:
fb46f6ee 834 trace_rxrpc_rx_eproto(NULL, sp->hdr.serial, eproto);
ef68622d
DH		 835 ret = -EPROTO;
836other_error:
17926a79 837 *_abort_code = abort_code;
ef68622d 838 return ret;
17926a79
DH		 839}
840
841/*
842 * decrypt the kerberos IV ticket in the response
843 */
844static int rxkad_decrypt_ticket(struct rxrpc_connection *conn,
fb46f6ee 845 struct sk_buff *skb,
17926a79
DH		 846 void *ticket, size_t ticket_len,
847 struct rxrpc_crypt *_session_key,
10674a03 848 time64_t *_expiry,
17926a79
DH		 849 u32 *_abort_code)
850{
1afe593b 851 struct skcipher_request *req;
fb46f6ee 852 struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
17926a79 853 struct rxrpc_crypt iv, key;
68e3f5dd 854 struct scatterlist sg[1];
17926a79 855 struct in_addr addr;
95c96174 856 unsigned int life;
fb46f6ee 857 const char *eproto;
10674a03 858 time64_t issue, now;
17926a79
DH		 859 bool little_endian;
860 int ret;
fb46f6ee 861 u32 abort_code;
17926a79
DH		 862 u8 *p, *q, *name, *end;
863
864 _enter("{%d},{%x}", conn->debug_id, key_serial(conn->server_key));
865
866 *_expiry = 0;
867
868 ret = key_validate(conn->server_key);
869 if (ret < 0) {
870 switch (ret) {
871 case -EKEYEXPIRED:
fb46f6ee 872 abort_code = RXKADEXPIRED;
ef68622d 873 goto other_error;
17926a79 874 default:
fb46f6ee 875 abort_code = RXKADNOAUTH;
ef68622d 876 goto other_error;
17926a79
DH		 877 }
878 }
879
146aa8b1 880 ASSERT(conn->server_key->payload.data[0] != NULL);
17926a79
DH		 881 ASSERTCMP((unsigned long) ticket & 7UL, ==, 0);
882
146aa8b1 883 memcpy(&iv, &conn->server_key->payload.data[2], sizeof(iv));
17926a79 884
ef68622d 885 ret = -ENOMEM;
1afe593b
HX		 886 req = skcipher_request_alloc(conn->server_key->payload.data[0],
887 GFP_NOFS);
ef68622d
DH		 888 if (!req)
889 goto temporary_error;
17926a79 890
68e3f5dd 891 sg_init_one(&sg[0], ticket, ticket_len);
1afe593b
HX		 892 skcipher_request_set_callback(req, 0, NULL, NULL);
893 skcipher_request_set_crypt(req, sg, sg, ticket_len, iv.x);
1afe593b
HX		 894 crypto_skcipher_decrypt(req);
895 skcipher_request_free(req);
17926a79
DH		 896
897 p = ticket;
898 end = p + ticket_len;
899
fb46f6ee 900#define Z(field) \
17926a79
DH		 901 ({ \
902 u8 *__str = p; \
fb46f6ee 903 eproto = tracepoint_string("rxkad_bad_"#field); \
17926a79 904 q = memchr(p, 0, end - p); \
fb46f6ee 905 if (!q || q - p > (field##_SZ)) \
17926a79
DH		 906 goto bad_ticket; \
907 for (; p < q; p++) \
908 if (!isprint(*p)) \
909 goto bad_ticket; \
910 p++; \
911 __str; \
912 })
913
914 /* extract the ticket flags */
915 _debug("KIV FLAGS: %x", *p);
916 little_endian = *p & 1;
917 p++;
918
919 /* extract the authentication name */
fb46f6ee 920 name = Z(ANAME);
17926a79
DH		 921 _debug("KIV ANAME: %s", name);
922
923 /* extract the principal's instance */
fb46f6ee 924 name = Z(INST);
17926a79
DH		 925 _debug("KIV INST : %s", name);
926
927 /* extract the principal's authentication domain */
fb46f6ee 928 name = Z(REALM);
17926a79
DH		 929 _debug("KIV REALM: %s", name);
930
fb46f6ee 931 eproto = tracepoint_string("rxkad_bad_len");
17926a79
DH		 932 if (end - p < 4 + 8 + 4 + 2)
933 goto bad_ticket;
934
935 /* get the IPv4 address of the entity that requested the ticket */
936 memcpy(&addr, p, sizeof(addr));
937 p += 4;
21454aaa 938 _debug("KIV ADDR : %pI4", &addr);
17926a79
DH		 939
940 /* get the session key from the ticket */
941 memcpy(&key, p, sizeof(key));
942 p += 8;
943 _debug("KIV KEY : %08x %08x", ntohl(key.n[0]), ntohl(key.n[1]));
944 memcpy(_session_key, &key, sizeof(key));
945
946 /* get the ticket's lifetime */
947 life = *p++ * 5 * 60;
948 _debug("KIV LIFE : %u", life);
949
950 /* get the issue time of the ticket */
951 if (little_endian) {
952 __le32 stamp;
953 memcpy(&stamp, p, 4);
10674a03 954 issue = rxrpc_u32_to_time64(le32_to_cpu(stamp));
17926a79
DH		 955 } else {
956 __be32 stamp;
957 memcpy(&stamp, p, 4);
10674a03 958 issue = rxrpc_u32_to_time64(be32_to_cpu(stamp));
17926a79
DH		 959 }
960 p += 4;
10674a03
BW		 961 now = ktime_get_real_seconds();
962 _debug("KIV ISSUE: %llx [%llx]", issue, now);
17926a79
DH		 963
964 /* check the ticket is in date */
965 if (issue > now) {
fb46f6ee 966 abort_code = RXKADNOAUTH;
17926a79 967 ret = -EKEYREJECTED;
ef68622d 968 goto other_error;
17926a79
DH		 969 }
970
971 if (issue < now - life) {
fb46f6ee 972 abort_code = RXKADEXPIRED;
17926a79 973 ret = -EKEYEXPIRED;
ef68622d 974 goto other_error;
17926a79
DH		 975 }
976
977 *_expiry = issue + life;
978
979 /* get the service name */
fb46f6ee 980 name = Z(SNAME);
17926a79
DH		 981 _debug("KIV SNAME: %s", name);
982
983 /* get the service instance name */
fb46f6ee 984 name = Z(INST);
17926a79 985 _debug("KIV SINST: %s", name);
ef68622d 986 return 0;
17926a79
DH		 987
988bad_ticket:
fb46f6ee
DH		 989 trace_rxrpc_rx_eproto(NULL, sp->hdr.serial, eproto);
990 abort_code = RXKADBADTICKET;
ef68622d
DH		 991 ret = -EPROTO;
992other_error:
fb46f6ee 993 *_abort_code = abort_code;
ef68622d
DH		 994 return ret;
995temporary_error:
996 return ret;
17926a79
DH		 997}
998
999/*
1000 * decrypt the response packet
1001 */
1002static void rxkad_decrypt_response(struct rxrpc_connection *conn,
1003 struct rxkad_response *resp,
1004 const struct rxrpc_crypt *session_key)
1005{
69d826fa 1006 SYNC_SKCIPHER_REQUEST_ON_STACK(req, rxkad_ci);
a263629d 1007 struct scatterlist sg[1];
17926a79
DH		 1008 struct rxrpc_crypt iv;
1009
1010 _enter(",,%08x%08x",
1011 ntohl(session_key->n[0]), ntohl(session_key->n[1]));
1012
1013 ASSERT(rxkad_ci != NULL);
1014
1015 mutex_lock(&rxkad_ci_mutex);
69d826fa 1016 if (crypto_sync_skcipher_setkey(rxkad_ci, session_key->x,
1afe593b 1017 sizeof(*session_key)) < 0)
17926a79
DH		 1018 BUG();
1019
1020 memcpy(&iv, session_key, sizeof(iv));
17926a79 1021
a263629d
HX		 1022 sg_init_table(sg, 1);
1023 sg_set_buf(sg, &resp->encrypted, sizeof(resp->encrypted));
69d826fa 1024 skcipher_request_set_sync_tfm(req, rxkad_ci);
1afe593b
HX		 1025 skcipher_request_set_callback(req, 0, NULL, NULL);
1026 skcipher_request_set_crypt(req, sg, sg, sizeof(resp->encrypted), iv.x);
1afe593b
HX		 1027 crypto_skcipher_decrypt(req);
1028 skcipher_request_zero(req);
1029
17926a79
DH		 1030 mutex_unlock(&rxkad_ci_mutex);
1031
1032 _leave("");
1033}
1034
1035/*
1036 * verify a response
1037 */
1038static int rxkad_verify_response(struct rxrpc_connection *conn,
1039 struct sk_buff *skb,
1040 u32 *_abort_code)
1041{
8c2f826d 1042 struct rxkad_response *response;
248f219c 1043 struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
17926a79 1044 struct rxrpc_crypt session_key;
fb46f6ee 1045 const char *eproto;
10674a03 1046 time64_t expiry;
17926a79 1047 void *ticket;
91e916cf
AV		 1048 u32 abort_code, version, kvno, ticket_len, level;
1049 __be32 csum;
a1399f8b 1050 int ret, i;
17926a79
DH		 1051
1052 _enter("{%d,%x}", conn->debug_id, key_serial(conn->server_key));
1053
8c2f826d
DH		 1054 ret = -ENOMEM;
1055 response = kzalloc(sizeof(struct rxkad_response), GFP_NOFS);
1056 if (!response)
1057 goto temporary_error;
1058
fb46f6ee 1059 eproto = tracepoint_string("rxkad_rsp_short");
17926a79 1060 abort_code = RXKADPACKETSHORT;
775e5b71 1061 if (skb_copy_bits(skb, sizeof(struct rxrpc_wire_header),
8c2f826d 1062 response, sizeof(*response)) < 0)
17926a79 1063 goto protocol_error;
8c2f826d 1064 if (!pskb_pull(skb, sizeof(*response)))
17926a79
DH		 1065 BUG();
1066
8c2f826d
DH		 1067 version = ntohl(response->version);
1068 ticket_len = ntohl(response->ticket_len);
1069 kvno = ntohl(response->kvno);
17926a79 1070 _proto("Rx RESPONSE %%%u { v=%u kv=%u tl=%u }",
0d12f8a4 1071 sp->hdr.serial, version, kvno, ticket_len);
17926a79 1072
fb46f6ee 1073 eproto = tracepoint_string("rxkad_rsp_ver");
17926a79
DH		 1074 abort_code = RXKADINCONSISTENCY;
1075 if (version != RXKAD_VERSION)
4aa9cb32 1076 goto protocol_error;
17926a79 1077
fb46f6ee 1078 eproto = tracepoint_string("rxkad_rsp_tktlen");
17926a79
DH		 1079 abort_code = RXKADTICKETLEN;
1080 if (ticket_len < 4 || ticket_len > MAXKRB5TICKETLEN)
1081 goto protocol_error;
1082
fb46f6ee 1083 eproto = tracepoint_string("rxkad_rsp_unkkey");
17926a79
DH		 1084 abort_code = RXKADUNKNOWNKEY;
1085 if (kvno >= RXKAD_TKT_TYPE_KERBEROS_V5)
1086 goto protocol_error;
1087
1088 /* extract the kerberos ticket and decrypt and decode it */
ef68622d 1089 ret = -ENOMEM;
17926a79
DH		 1090 ticket = kmalloc(ticket_len, GFP_NOFS);
1091 if (!ticket)
ef68622d 1092 goto temporary_error;
17926a79 1093
fb46f6ee 1094 eproto = tracepoint_string("rxkad_tkt_short");
17926a79 1095 abort_code = RXKADPACKETSHORT;
775e5b71
DH		 1096 if (skb_copy_bits(skb, sizeof(struct rxrpc_wire_header),
1097 ticket, ticket_len) < 0)
17926a79
DH		 1098 goto protocol_error_free;
1099
fb46f6ee 1100 ret = rxkad_decrypt_ticket(conn, skb, ticket, ticket_len, &session_key,
ef68622d
DH		 1101 &expiry, _abort_code);
1102 if (ret < 0)
8c2f826d 1103 goto temporary_error_free_resp;
17926a79
DH		 1104
1105 /* use the session key from inside the ticket to decrypt the
1106 * response */
8c2f826d 1107 rxkad_decrypt_response(conn, response, &session_key);
17926a79 1108
fb46f6ee 1109 eproto = tracepoint_string("rxkad_rsp_param");
17926a79 1110 abort_code = RXKADSEALEDINCON;
8c2f826d 1111 if (ntohl(response->encrypted.epoch) != conn->proto.epoch)
17926a79 1112 goto protocol_error_free;
8c2f826d 1113 if (ntohl(response->encrypted.cid) != conn->proto.cid)
17926a79 1114 goto protocol_error_free;
8c2f826d 1115 if (ntohl(response->encrypted.securityIndex) != conn->security_ix)
17926a79 1116 goto protocol_error_free;
8c2f826d
DH		 1117 csum = response->encrypted.checksum;
1118 response->encrypted.checksum = 0;
1119 rxkad_calc_response_checksum(response);
fb46f6ee 1120 eproto = tracepoint_string("rxkad_rsp_csum");
8c2f826d 1121 if (response->encrypted.checksum != csum)
17926a79
DH		 1122 goto protocol_error_free;
1123
a1399f8b
DH		 1124 spin_lock(&conn->channel_lock);
1125 for (i = 0; i < RXRPC_MAXCALLS; i++) {
1126 struct rxrpc_call *call;
8c2f826d 1127 u32 call_id = ntohl(response->encrypted.call_id[i]);
a1399f8b 1128
fb46f6ee 1129 eproto = tracepoint_string("rxkad_rsp_callid");
a1399f8b
DH		 1130 if (call_id > INT_MAX)
1131 goto protocol_error_unlock;
1132
fb46f6ee 1133 eproto = tracepoint_string("rxkad_rsp_callctr");
a1399f8b
DH		 1134 if (call_id < conn->channels[i].call_counter)
1135 goto protocol_error_unlock;
fb46f6ee
DH		 1136
1137 eproto = tracepoint_string("rxkad_rsp_callst");
a1399f8b
DH		 1138 if (call_id > conn->channels[i].call_counter) {
1139 call = rcu_dereference_protected(
1140 conn->channels[i].call,
1141 lockdep_is_held(&conn->channel_lock));
1142 if (call && call->state < RXRPC_CALL_COMPLETE)
1143 goto protocol_error_unlock;
1144 conn->channels[i].call_counter = call_id;
1145 }
1146 }
1147 spin_unlock(&conn->channel_lock);
17926a79 1148
fb46f6ee 1149 eproto = tracepoint_string("rxkad_rsp_seq");
17926a79 1150 abort_code = RXKADOUTOFSEQUENCE;
8c2f826d 1151 if (ntohl(response->encrypted.inc_nonce) != conn->security_nonce + 1)
17926a79
DH		 1152 goto protocol_error_free;
1153
fb46f6ee 1154 eproto = tracepoint_string("rxkad_rsp_level");
17926a79 1155 abort_code = RXKADLEVELFAIL;
8c2f826d 1156 level = ntohl(response->encrypted.level);
17926a79
DH		 1157 if (level > RXRPC_SECURITY_ENCRYPT)
1158 goto protocol_error_free;
19ffa01c 1159 conn->params.security_level = level;
17926a79
DH		 1160
1161 /* create a key to hold the security data and expiration time - after
1162 * this the connection security can be handled in exactly the same way
1163 * as for a client connection */
1164 ret = rxrpc_get_server_data_key(conn, &session_key, expiry, kvno);
ef68622d 1165 if (ret < 0)
8c2f826d 1166 goto temporary_error_free_ticket;
17926a79
DH		 1167
1168 kfree(ticket);
8c2f826d 1169 kfree(response);
17926a79
DH		 1170 _leave(" = 0");
1171 return 0;
1172
a1399f8b
DH		 1173protocol_error_unlock:
1174 spin_unlock(&conn->channel_lock);
17926a79
DH		 1175protocol_error_free:
1176 kfree(ticket);
1177protocol_error:
8c2f826d 1178 kfree(response);
fb46f6ee 1179 trace_rxrpc_rx_eproto(NULL, sp->hdr.serial, eproto);
17926a79 1180 *_abort_code = abort_code;
17926a79 1181 return -EPROTO;
ef68622d 1182
8c2f826d 1183temporary_error_free_ticket:
ef68622d 1184 kfree(ticket);
8c2f826d
DH		 1185temporary_error_free_resp:
1186 kfree(response);
ef68622d
DH		 1187temporary_error:
1188 /* Ignore the response packet if we got a temporary error such as
1189 * ENOMEM. We just want to send the challenge again. Note that we
1190 * also come out this way if the ticket decryption fails.
1191 */
1192 return ret;
17926a79
DH		 1193}
1194
1195/*
1196 * clear the connection security
1197 */
1198static void rxkad_clear(struct rxrpc_connection *conn)
1199{
1200 _enter("");
1201
1202 if (conn->cipher)
69d826fa 1203 crypto_free_sync_skcipher(conn->cipher);
17926a79
DH		 1204}
1205
648af7fc
DH		 1206/*
1207 * Initialise the rxkad security service.
1208 */
1209static int rxkad_init(void)
1210{
1211 /* pin the cipher we need so that the crypto layer doesn't invoke
1212 * keventd to go get it */
69d826fa 1213 rxkad_ci = crypto_alloc_sync_skcipher("pcbc(fcrypt)", 0, 0);
fa54cc70 1214 return PTR_ERR_OR_ZERO(rxkad_ci);
648af7fc
DH		 1215}
1216
1217/*
1218 * Clean up the rxkad security service.
1219 */
1220static void rxkad_exit(void)
1221{
1222 if (rxkad_ci)
69d826fa 1223 crypto_free_sync_skcipher(rxkad_ci);
648af7fc
DH		 1224}
1225
17926a79
DH		 1226/*
1227 * RxRPC Kerberos-based security
1228 */
648af7fc 1229const struct rxrpc_security rxkad = {
17926a79 1230 .name = "rxkad",
8b815477 1231 .security_index = RXRPC_SECURITY_RXKAD,
648af7fc
DH		 1232 .init = rxkad_init,
1233 .exit = rxkad_exit,
17926a79
DH		 1234 .init_connection_security = rxkad_init_connection_security,
1235 .prime_packet_security = rxkad_prime_packet_security,
1236 .secure_packet = rxkad_secure_packet,
1237 .verify_packet = rxkad_verify_packet,
248f219c 1238 .locate_data = rxkad_locate_data,
17926a79
DH		 1239 .issue_challenge = rxkad_issue_challenge,
1240 .respond_to_challenge = rxkad_respond_to_challenge,
1241 .verify_response = rxkad_verify_response,
1242 .clear = rxkad_clear,
1243};
Ubuntu Eoan Linux kernel mirror