]>
git.proxmox.com Git - mirror_ubuntu-hirsute-kernel.git/blob - net/sunrpc/auth_gss/gss_krb5_wrap.c
1 #include <linux/types.h>
2 #include <linux/jiffies.h>
3 #include <linux/sunrpc/gss_krb5.h>
4 #include <linux/random.h>
5 #include <linux/pagemap.h>
6 #include <linux/crypto.h>
9 # define RPCDBG_FACILITY RPCDBG_AUTH
13 gss_krb5_padding(int blocksize
, int length
)
15 /* Most of the code is block-size independent but currently we
17 BUG_ON(blocksize
!= 8);
18 return 8 - (length
& 7);
22 gss_krb5_add_padding(struct xdr_buf
*buf
, int offset
, int blocksize
)
24 int padding
= gss_krb5_padding(blocksize
, buf
->len
- offset
);
28 if (buf
->page_len
|| buf
->tail
[0].iov_len
)
32 p
= iov
->iov_base
+ iov
->iov_len
;
33 iov
->iov_len
+= padding
;
35 memset(p
, padding
, padding
);
39 gss_krb5_remove_padding(struct xdr_buf
*buf
, int blocksize
)
43 size_t len
= buf
->len
;
45 if (len
<= buf
->head
[0].iov_len
) {
46 pad
= *(u8
*)(buf
->head
[0].iov_base
+ len
- 1);
47 if (pad
> buf
->head
[0].iov_len
)
49 buf
->head
[0].iov_len
-= pad
;
52 len
-= buf
->head
[0].iov_len
;
53 if (len
<= buf
->page_len
) {
54 unsigned int last
= (buf
->page_base
+ len
- 1)
56 unsigned int offset
= (buf
->page_base
+ len
- 1)
57 & (PAGE_CACHE_SIZE
- 1);
58 ptr
= kmap_atomic(buf
->pages
[last
], KM_USER0
);
59 pad
= *(ptr
+ offset
);
60 kunmap_atomic(ptr
, KM_USER0
);
64 BUG_ON(len
> buf
->tail
[0].iov_len
);
65 pad
= *(u8
*)(buf
->tail
[0].iov_base
+ len
- 1);
67 /* XXX: NOTE: we do not adjust the page lengths--they represent
68 * a range of data in the real filesystem page cache, and we need
69 * to know that range so the xdr code can properly place read data.
70 * However adjusting the head length, as we do above, is harmless.
71 * In the case of a request that fits into a single page, the server
72 * also uses length and head length together to determine the original
73 * start of the request to copy the request for deferal; so it's
74 * easier on the server if we adjust head and tail length in tandem.
75 * It's not really a problem that we don't fool with the page and
76 * tail lengths, though--at worst badly formed xdr might lead the
77 * server to attempt to parse the padding.
78 * XXX: Document all these weird requirements for gss mechanism
79 * wrap/unwrap functions. */
90 make_confounder(char *p
, u32 conflen
)
95 /* rfc1964 claims this should be "random". But all that's really
96 * necessary is that it be unique. And not even that is necessary in
97 * our case since our "gssapi" implementation exists only to support
98 * rpcsec_gss, so we know that the only buffers we will ever encrypt
99 * already begin with a unique sequence number. Just to hedge my bets
100 * I'll make a half-hearted attempt at something unique, but ensuring
101 * uniqueness would mean worrying about atomicity and rollover, and I
102 * don't care enough. */
104 /* initialize to random value */
107 i
= (i
<< 32) | random32();
122 /* Assumptions: the head and tail of inbuf are ours to play with.
123 * The pages, however, may be real pages in the page cache and we replace
124 * them with scratch pages from **pages before writing to them. */
125 /* XXX: obviously the above should be documentation of wrap interface,
126 * and shouldn't be in this kerberos-specific file. */
128 /* XXX factor out common code with seal/unseal. */
131 gss_wrap_kerberos(struct gss_ctx
*ctx
, int offset
,
132 struct xdr_buf
*buf
, struct page
**pages
)
134 struct krb5_ctx
*kctx
= ctx
->internal_ctx_id
;
136 struct xdr_netobj md5cksum
= {.len
= 0, .data
= cksumdata
};
137 int blocksize
= 0, plainlen
;
138 unsigned char *ptr
, *msg_start
;
141 struct page
**tmp_pages
;
144 dprintk("RPC: gss_wrap_kerberos\n");
148 blocksize
= crypto_blkcipher_blocksize(kctx
->enc
);
149 gss_krb5_add_padding(buf
, offset
, blocksize
);
150 BUG_ON((buf
->len
- offset
) % blocksize
);
151 plainlen
= blocksize
+ buf
->len
- offset
;
153 headlen
= g_token_size(&kctx
->mech_used
, 24 + plainlen
) -
156 ptr
= buf
->head
[0].iov_base
+ offset
;
157 /* shift data to make room for header. */
158 /* XXX Would be cleverer to encrypt while copying. */
159 /* XXX bounds checking, slack, etc. */
160 memmove(ptr
+ headlen
, ptr
, buf
->head
[0].iov_len
- offset
);
161 buf
->head
[0].iov_len
+= headlen
;
163 BUG_ON((buf
->len
- offset
- headlen
) % blocksize
);
165 g_make_token_header(&kctx
->mech_used
,
166 GSS_KRB5_TOK_HDR_LEN
+ 8 + plainlen
, &ptr
);
169 /* ptr now at header described in rfc 1964, section 1.2.1: */
170 ptr
[0] = (unsigned char) ((KG_TOK_WRAP_MSG
>> 8) & 0xff);
171 ptr
[1] = (unsigned char) (KG_TOK_WRAP_MSG
& 0xff);
173 msg_start
= ptr
+ 24;
175 *(__be16
*)(ptr
+ 2) = htons(SGN_ALG_DES_MAC_MD5
);
176 memset(ptr
+ 4, 0xff, 4);
177 *(__be16
*)(ptr
+ 4) = htons(SEAL_ALG_DES
);
179 make_confounder(msg_start
, blocksize
);
182 tmp_pages
= buf
->pages
;
184 if (make_checksum("md5", ptr
, 8, buf
,
185 offset
+ headlen
- blocksize
, &md5cksum
))
186 return GSS_S_FAILURE
;
187 buf
->pages
= tmp_pages
;
189 if (krb5_encrypt(kctx
->seq
, NULL
, md5cksum
.data
,
190 md5cksum
.data
, md5cksum
.len
))
191 return GSS_S_FAILURE
;
192 memcpy(ptr
+ GSS_KRB5_TOK_HDR_LEN
, md5cksum
.data
+ md5cksum
.len
- 8, 8);
194 spin_lock(&krb5_seq_lock
);
195 seq_send
= kctx
->seq_send
++;
196 spin_unlock(&krb5_seq_lock
);
198 /* XXX would probably be more efficient to compute checksum
199 * and encrypt at the same time: */
200 if ((krb5_make_seq_num(kctx
->seq
, kctx
->initiate
? 0 : 0xff,
201 seq_send
, ptr
+ GSS_KRB5_TOK_HDR_LEN
, ptr
+ 8)))
202 return GSS_S_FAILURE
;
204 if (gss_encrypt_xdr_buf(kctx
->enc
, buf
, offset
+ headlen
- blocksize
,
206 return GSS_S_FAILURE
;
208 return (kctx
->endtime
< now
) ? GSS_S_CONTEXT_EXPIRED
: GSS_S_COMPLETE
;
212 gss_unwrap_kerberos(struct gss_ctx
*ctx
, int offset
, struct xdr_buf
*buf
)
214 struct krb5_ctx
*kctx
= ctx
->internal_ctx_id
;
218 struct xdr_netobj md5cksum
= {.len
= 0, .data
= cksumdata
};
224 void *data_start
, *orig_start
;
228 dprintk("RPC: gss_unwrap_kerberos\n");
230 ptr
= (u8
*)buf
->head
[0].iov_base
+ offset
;
231 if (g_verify_token_header(&kctx
->mech_used
, &bodysize
, &ptr
,
233 return GSS_S_DEFECTIVE_TOKEN
;
235 if ((ptr
[0] != ((KG_TOK_WRAP_MSG
>> 8) & 0xff)) ||
236 (ptr
[1] != (KG_TOK_WRAP_MSG
& 0xff)))
237 return GSS_S_DEFECTIVE_TOKEN
;
239 /* XXX sanity-check bodysize?? */
241 /* get the sign and seal algorithms */
243 signalg
= ptr
[2] + (ptr
[3] << 8);
244 if (signalg
!= SGN_ALG_DES_MAC_MD5
)
245 return GSS_S_DEFECTIVE_TOKEN
;
247 sealalg
= ptr
[4] + (ptr
[5] << 8);
248 if (sealalg
!= SEAL_ALG_DES
)
249 return GSS_S_DEFECTIVE_TOKEN
;
251 if ((ptr
[6] != 0xff) || (ptr
[7] != 0xff))
252 return GSS_S_DEFECTIVE_TOKEN
;
254 if (gss_decrypt_xdr_buf(kctx
->enc
, buf
,
255 ptr
+ GSS_KRB5_TOK_HDR_LEN
+ 8 - (unsigned char *)buf
->head
[0].iov_base
))
256 return GSS_S_DEFECTIVE_TOKEN
;
258 if (make_checksum("md5", ptr
, 8, buf
,
259 ptr
+ GSS_KRB5_TOK_HDR_LEN
+ 8 - (unsigned char *)buf
->head
[0].iov_base
, &md5cksum
))
260 return GSS_S_FAILURE
;
262 if (krb5_encrypt(kctx
->seq
, NULL
, md5cksum
.data
,
263 md5cksum
.data
, md5cksum
.len
))
264 return GSS_S_FAILURE
;
266 if (memcmp(md5cksum
.data
+ 8, ptr
+ GSS_KRB5_TOK_HDR_LEN
, 8))
267 return GSS_S_BAD_SIG
;
269 /* it got through unscathed. Make sure the context is unexpired */
273 if (now
> kctx
->endtime
)
274 return GSS_S_CONTEXT_EXPIRED
;
276 /* do sequencing checks */
278 if (krb5_get_seq_num(kctx
->seq
, ptr
+ GSS_KRB5_TOK_HDR_LEN
, ptr
+ 8,
279 &direction
, &seqnum
))
280 return GSS_S_BAD_SIG
;
282 if ((kctx
->initiate
&& direction
!= 0xff) ||
283 (!kctx
->initiate
&& direction
!= 0))
284 return GSS_S_BAD_SIG
;
286 /* Copy the data back to the right position. XXX: Would probably be
287 * better to copy and encrypt at the same time. */
289 blocksize
= crypto_blkcipher_blocksize(kctx
->enc
);
290 data_start
= ptr
+ GSS_KRB5_TOK_HDR_LEN
+ 8 + blocksize
;
291 orig_start
= buf
->head
[0].iov_base
+ offset
;
292 data_len
= (buf
->head
[0].iov_base
+ buf
->head
[0].iov_len
) - data_start
;
293 memmove(orig_start
, data_start
, data_len
);
294 buf
->head
[0].iov_len
-= (data_start
- orig_start
);
295 buf
->len
-= (data_start
- orig_start
);
297 if (gss_krb5_remove_padding(buf
, blocksize
))
298 return GSS_S_DEFECTIVE_TOKEN
;
300 return GSS_S_COMPLETE
;