]>
git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/blob - net/rxrpc/ar-security.c
1 /* RxRPC security handling
3 * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
12 #include <linux/module.h>
13 #include <linux/net.h>
14 #include <linux/skbuff.h>
15 #include <linux/udp.h>
16 #include <linux/crypto.h>
18 #include <net/af_rxrpc.h>
19 #include <keys/rxrpc-type.h>
20 #include "ar-internal.h"
22 static LIST_HEAD(rxrpc_security_methods
);
23 static DECLARE_RWSEM(rxrpc_security_sem
);
25 static const struct rxrpc_security
*rxrpc_security_types
[] = {
27 [RXRPC_SECURITY_RXKAD
] = &rxkad
,
31 int __init
rxrpc_init_security(void)
35 for (i
= 0; i
< ARRAY_SIZE(rxrpc_security_types
); i
++) {
36 if (rxrpc_security_types
[i
]) {
37 ret
= rxrpc_security_types
[i
]->init();
46 for (i
--; i
>= 0; i
--)
47 if (rxrpc_security_types
[i
])
48 rxrpc_security_types
[i
]->exit();
52 void rxrpc_exit_security(void)
56 for (i
= 0; i
< ARRAY_SIZE(rxrpc_security_types
); i
++)
57 if (rxrpc_security_types
[i
])
58 rxrpc_security_types
[i
]->exit();
62 * look up an rxrpc security module
64 static const struct rxrpc_security
*rxrpc_security_lookup(u8 security_index
)
66 if (security_index
>= ARRAY_SIZE(rxrpc_security_types
))
68 return rxrpc_security_types
[security_index
];
72 * initialise the security on a client connection
74 int rxrpc_init_client_conn_security(struct rxrpc_connection
*conn
)
76 const struct rxrpc_security
*sec
;
77 struct rxrpc_key_token
*token
;
78 struct key
*key
= conn
->key
;
81 _enter("{%d},{%x}", conn
->debug_id
, key_serial(key
));
86 ret
= key_validate(key
);
90 token
= key
->payload
.data
[0];
94 sec
= rxrpc_security_lookup(token
->security_index
);
99 ret
= conn
->security
->init_connection_security(conn
);
101 conn
->security
= NULL
;
110 * initialise the security on a server connection
112 int rxrpc_init_server_conn_security(struct rxrpc_connection
*conn
)
114 const struct rxrpc_security
*sec
;
115 struct rxrpc_local
*local
= conn
->trans
->local
;
116 struct rxrpc_sock
*rx
;
119 char kdesc
[5 + 1 + 3 + 1];
123 sprintf(kdesc
, "%u:%u", conn
->service_id
, conn
->security_ix
);
125 sec
= rxrpc_security_lookup(conn
->security_ix
);
127 _leave(" = -ENOKEY [lookup]");
131 /* find the service */
132 read_lock_bh(&local
->services_lock
);
133 list_for_each_entry(rx
, &local
->services
, listen_link
) {
134 if (rx
->srx
.srx_service
== conn
->service_id
)
138 /* the service appears to have died */
139 read_unlock_bh(&local
->services_lock
);
140 _leave(" = -ENOENT");
144 if (!rx
->securities
) {
145 read_unlock_bh(&local
->services_lock
);
146 _leave(" = -ENOKEY");
150 /* look through the service's keyring */
151 kref
= keyring_search(make_key_ref(rx
->securities
, 1UL),
152 &key_type_rxrpc_s
, kdesc
);
154 read_unlock_bh(&local
->services_lock
);
155 _leave(" = %ld [search]", PTR_ERR(kref
));
156 return PTR_ERR(kref
);
159 key
= key_ref_to_ptr(kref
);
160 read_unlock_bh(&local
->services_lock
);
162 conn
->server_key
= key
;
163 conn
->security
= sec
;
170 * secure a packet prior to transmission
172 int rxrpc_secure_packet(const struct rxrpc_call
*call
,
177 if (call
->conn
->security
)
178 return call
->conn
->security
->secure_packet(
179 call
, skb
, data_size
, sechdr
);
184 * secure a packet prior to transmission
186 int rxrpc_verify_packet(const struct rxrpc_call
*call
, struct sk_buff
*skb
,
189 if (call
->conn
->security
)
190 return call
->conn
->security
->verify_packet(
191 call
, skb
, _abort_code
);
196 * clear connection security
198 void rxrpc_clear_conn_security(struct rxrpc_connection
*conn
)
200 _enter("{%d}", conn
->debug_id
);
203 conn
->security
->clear(conn
);
206 key_put(conn
->server_key
);