1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /* RxRPC security handling
4 * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
5 * Written by David Howells (dhowells@redhat.com)
8 #include <linux/module.h>
10 #include <linux/skbuff.h>
11 #include <linux/udp.h>
12 #include <linux/crypto.h>
14 #include <net/af_rxrpc.h>
15 #include <keys/rxrpc-type.h>
16 #include "ar-internal.h"
18 static const struct rxrpc_security
*rxrpc_security_types
[] = {
19 [RXRPC_SECURITY_NONE
] = &rxrpc_no_security
,
21 [RXRPC_SECURITY_RXKAD
] = &rxkad
,
25 int __init
rxrpc_init_security(void)
29 for (i
= 0; i
< ARRAY_SIZE(rxrpc_security_types
); i
++) {
30 if (rxrpc_security_types
[i
]) {
31 ret
= rxrpc_security_types
[i
]->init();
40 for (i
--; i
>= 0; i
--)
41 if (rxrpc_security_types
[i
])
42 rxrpc_security_types
[i
]->exit();
46 void rxrpc_exit_security(void)
50 for (i
= 0; i
< ARRAY_SIZE(rxrpc_security_types
); i
++)
51 if (rxrpc_security_types
[i
])
52 rxrpc_security_types
[i
]->exit();
56 * look up an rxrpc security module
58 static const struct rxrpc_security
*rxrpc_security_lookup(u8 security_index
)
60 if (security_index
>= ARRAY_SIZE(rxrpc_security_types
))
62 return rxrpc_security_types
[security_index
];
66 * initialise the security on a client connection
68 int rxrpc_init_client_conn_security(struct rxrpc_connection
*conn
)
70 const struct rxrpc_security
*sec
;
71 struct rxrpc_key_token
*token
;
72 struct key
*key
= conn
->params
.key
;
75 _enter("{%d},{%x}", conn
->debug_id
, key_serial(key
));
80 ret
= key_validate(key
);
84 token
= key
->payload
.data
[0];
88 sec
= rxrpc_security_lookup(token
->security_index
);
93 ret
= conn
->security
->init_connection_security(conn
);
95 conn
->security
= &rxrpc_no_security
;
104 * Find the security key for a server connection.
106 bool rxrpc_look_up_server_security(struct rxrpc_local
*local
, struct rxrpc_sock
*rx
,
107 const struct rxrpc_security
**_sec
,
111 const struct rxrpc_security
*sec
;
112 struct rxrpc_skb_priv
*sp
= rxrpc_skb(skb
);
113 key_ref_t kref
= NULL
;
114 char kdesc
[5 + 1 + 3 + 1];
118 sprintf(kdesc
, "%u:%u", sp
->hdr
.serviceId
, sp
->hdr
.securityIndex
);
120 sec
= rxrpc_security_lookup(sp
->hdr
.securityIndex
);
122 trace_rxrpc_abort(0, "SVS",
123 sp
->hdr
.cid
, sp
->hdr
.callNumber
, sp
->hdr
.seq
,
124 RX_INVALID_OPERATION
, EKEYREJECTED
);
125 skb
->mark
= RXRPC_SKB_MARK_REJECT_ABORT
;
126 skb
->priority
= RX_INVALID_OPERATION
;
130 if (sp
->hdr
.securityIndex
== RXRPC_SECURITY_NONE
)
133 if (!rx
->securities
) {
134 trace_rxrpc_abort(0, "SVR",
135 sp
->hdr
.cid
, sp
->hdr
.callNumber
, sp
->hdr
.seq
,
136 RX_INVALID_OPERATION
, EKEYREJECTED
);
137 skb
->mark
= RXRPC_SKB_MARK_REJECT_ABORT
;
138 skb
->priority
= RX_INVALID_OPERATION
;
142 /* look through the service's keyring */
143 kref
= keyring_search(make_key_ref(rx
->securities
, 1UL),
144 &key_type_rxrpc_s
, kdesc
, true);
146 trace_rxrpc_abort(0, "SVK",
147 sp
->hdr
.cid
, sp
->hdr
.callNumber
, sp
->hdr
.seq
,
148 sec
->no_key_abort
, EKEYREJECTED
);
149 skb
->mark
= RXRPC_SKB_MARK_REJECT_ABORT
;
150 skb
->priority
= sec
->no_key_abort
;
156 *_key
= key_ref_to_ptr(kref
);