Thomas Gleixner | 2874c5f | 2019-05-27 08:55:01 +0200 | [diff] [blame] | 1 | // SPDX-License-Identifier: GPL-2.0-or-later |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 2 | /* Kerberos-based RxRPC security |
| 3 | * |
| 4 | * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved. |
| 5 | * Written by David Howells (dhowells@redhat.com) |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 6 | */ |
| 7 | |
Joe Perches | 9b6d539 | 2016-06-02 12:08:52 -0700 | [diff] [blame] | 8 | #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt |
| 9 | |
Herbert Xu | 1afe593 | 2016-01-24 21:19:01 +0800 | [diff] [blame] | 10 | #include <crypto/skcipher.h> |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 11 | #include <linux/module.h> |
| 12 | #include <linux/net.h> |
| 13 | #include <linux/skbuff.h> |
| 14 | #include <linux/udp.h> |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 15 | #include <linux/scatterlist.h> |
| 16 | #include <linux/ctype.h> |
Tejun Heo | 5a0e3ad | 2010-03-24 17:04:11 +0900 | [diff] [blame] | 17 | #include <linux/slab.h> |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 18 | #include <net/sock.h> |
| 19 | #include <net/af_rxrpc.h> |
David Howells | 3394128 | 2009-09-14 01:17:35 +0000 | [diff] [blame] | 20 | #include <keys/rxrpc-type.h> |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 21 | #include "ar-internal.h" |
| 22 | |
| 23 | #define RXKAD_VERSION 2 |
| 24 | #define MAXKRB5TICKETLEN 1024 |
| 25 | #define RXKAD_TKT_TYPE_KERBEROS_V5 256 |
| 26 | #define ANAME_SZ 40 /* size of authentication name */ |
| 27 | #define INST_SZ 40 /* size of principal's instance */ |
| 28 | #define REALM_SZ 40 /* size of principal's auth domain */ |
| 29 | #define SNAME_SZ 40 /* size of service name */ |
| 30 | |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 31 | struct rxkad_level1_hdr { |
| 32 | __be32 data_size; /* true data size (excluding padding) */ |
| 33 | }; |
| 34 | |
| 35 | struct rxkad_level2_hdr { |
| 36 | __be32 data_size; /* true data size (excluding padding) */ |
| 37 | __be32 checksum; /* decrypted data checksum */ |
| 38 | }; |
| 39 | |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 40 | /* |
| 41 | * this holds a pinned cipher so that keventd doesn't get called by the cipher |
| 42 | * alloc routine, but since we have it to hand, we use it to decrypt RESPONSE |
| 43 | * packets |
| 44 | */ |
Kees Cook | 69d826f | 2018-09-18 19:10:47 -0700 | [diff] [blame] | 45 | static struct crypto_sync_skcipher *rxkad_ci; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 46 | static DEFINE_MUTEX(rxkad_ci_mutex); |
| 47 | |
| 48 | /* |
| 49 | * initialise connection security |
| 50 | */ |
| 51 | static int rxkad_init_connection_security(struct rxrpc_connection *conn) |
| 52 | { |
Kees Cook | 69d826f | 2018-09-18 19:10:47 -0700 | [diff] [blame] | 53 | struct crypto_sync_skcipher *ci; |
David Howells | 3394128 | 2009-09-14 01:17:35 +0000 | [diff] [blame] | 54 | struct rxrpc_key_token *token; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 55 | int ret; |
| 56 | |
David Howells | 19ffa01 | 2016-04-04 14:00:36 +0100 | [diff] [blame] | 57 | _enter("{%d},{%x}", conn->debug_id, key_serial(conn->params.key)); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 58 | |
David Howells | 19ffa01 | 2016-04-04 14:00:36 +0100 | [diff] [blame] | 59 | token = conn->params.key->payload.data[0]; |
David Howells | 3394128 | 2009-09-14 01:17:35 +0000 | [diff] [blame] | 60 | conn->security_ix = token->security_index; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 61 | |
Kees Cook | 69d826f | 2018-09-18 19:10:47 -0700 | [diff] [blame] | 62 | ci = crypto_alloc_sync_skcipher("pcbc(fcrypt)", 0, 0); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 63 | if (IS_ERR(ci)) { |
| 64 | _debug("no cipher"); |
| 65 | ret = PTR_ERR(ci); |
| 66 | goto error; |
| 67 | } |
| 68 | |
Kees Cook | 69d826f | 2018-09-18 19:10:47 -0700 | [diff] [blame] | 69 | if (crypto_sync_skcipher_setkey(ci, token->kad->session_key, |
Herbert Xu | 1afe593 | 2016-01-24 21:19:01 +0800 | [diff] [blame] | 70 | sizeof(token->kad->session_key)) < 0) |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 71 | BUG(); |
| 72 | |
David Howells | 19ffa01 | 2016-04-04 14:00:36 +0100 | [diff] [blame] | 73 | switch (conn->params.security_level) { |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 74 | case RXRPC_SECURITY_PLAIN: |
| 75 | break; |
| 76 | case RXRPC_SECURITY_AUTH: |
| 77 | conn->size_align = 8; |
| 78 | conn->security_size = sizeof(struct rxkad_level1_hdr); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 79 | break; |
| 80 | case RXRPC_SECURITY_ENCRYPT: |
| 81 | conn->size_align = 8; |
| 82 | conn->security_size = sizeof(struct rxkad_level2_hdr); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 83 | break; |
| 84 | default: |
| 85 | ret = -EKEYREJECTED; |
| 86 | goto error; |
| 87 | } |
| 88 | |
| 89 | conn->cipher = ci; |
| 90 | ret = 0; |
| 91 | error: |
| 92 | _leave(" = %d", ret); |
| 93 | return ret; |
| 94 | } |
| 95 | |
| 96 | /* |
| 97 | * prime the encryption state with the invariant parts of a connection's |
| 98 | * description |
| 99 | */ |
Herbert Xu | a263629 | 2016-06-26 14:55:24 -0700 | [diff] [blame] | 100 | static int rxkad_prime_packet_security(struct rxrpc_connection *conn) |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 101 | { |
David Howells | 3394128 | 2009-09-14 01:17:35 +0000 | [diff] [blame] | 102 | struct rxrpc_key_token *token; |
Kees Cook | 69d826f | 2018-09-18 19:10:47 -0700 | [diff] [blame] | 103 | SYNC_SKCIPHER_REQUEST_ON_STACK(req, conn->cipher); |
Herbert Xu | a263629 | 2016-06-26 14:55:24 -0700 | [diff] [blame] | 104 | struct scatterlist sg; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 105 | struct rxrpc_crypt iv; |
Herbert Xu | a263629 | 2016-06-26 14:55:24 -0700 | [diff] [blame] | 106 | __be32 *tmpbuf; |
| 107 | size_t tmpsize = 4 * sizeof(__be32); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 108 | |
| 109 | _enter(""); |
| 110 | |
David Howells | 19ffa01 | 2016-04-04 14:00:36 +0100 | [diff] [blame] | 111 | if (!conn->params.key) |
Herbert Xu | a263629 | 2016-06-26 14:55:24 -0700 | [diff] [blame] | 112 | return 0; |
| 113 | |
| 114 | tmpbuf = kmalloc(tmpsize, GFP_KERNEL); |
| 115 | if (!tmpbuf) |
| 116 | return -ENOMEM; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 117 | |
David Howells | 19ffa01 | 2016-04-04 14:00:36 +0100 | [diff] [blame] | 118 | token = conn->params.key->payload.data[0]; |
David Howells | 3394128 | 2009-09-14 01:17:35 +0000 | [diff] [blame] | 119 | memcpy(&iv, token->kad->session_key, sizeof(iv)); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 120 | |
Herbert Xu | a263629 | 2016-06-26 14:55:24 -0700 | [diff] [blame] | 121 | tmpbuf[0] = htonl(conn->proto.epoch); |
| 122 | tmpbuf[1] = htonl(conn->proto.cid); |
| 123 | tmpbuf[2] = 0; |
| 124 | tmpbuf[3] = htonl(conn->security_ix); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 125 | |
Herbert Xu | a263629 | 2016-06-26 14:55:24 -0700 | [diff] [blame] | 126 | sg_init_one(&sg, tmpbuf, tmpsize); |
Kees Cook | 69d826f | 2018-09-18 19:10:47 -0700 | [diff] [blame] | 127 | skcipher_request_set_sync_tfm(req, conn->cipher); |
Herbert Xu | 1afe593 | 2016-01-24 21:19:01 +0800 | [diff] [blame] | 128 | skcipher_request_set_callback(req, 0, NULL, NULL); |
Herbert Xu | a263629 | 2016-06-26 14:55:24 -0700 | [diff] [blame] | 129 | skcipher_request_set_crypt(req, &sg, &sg, tmpsize, iv.x); |
Herbert Xu | 1afe593 | 2016-01-24 21:19:01 +0800 | [diff] [blame] | 130 | crypto_skcipher_encrypt(req); |
| 131 | skcipher_request_zero(req); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 132 | |
Herbert Xu | a263629 | 2016-06-26 14:55:24 -0700 | [diff] [blame] | 133 | memcpy(&conn->csum_iv, tmpbuf + 2, sizeof(conn->csum_iv)); |
| 134 | kfree(tmpbuf); |
| 135 | _leave(" = 0"); |
| 136 | return 0; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 137 | } |
| 138 | |
| 139 | /* |
| 140 | * partially encrypt a packet (level 1 security) |
| 141 | */ |
| 142 | static int rxkad_secure_packet_auth(const struct rxrpc_call *call, |
| 143 | struct sk_buff *skb, |
| 144 | u32 data_size, |
Kees Cook | 54424d3 | 2018-08-03 10:15:25 +0100 | [diff] [blame] | 145 | void *sechdr, |
| 146 | struct skcipher_request *req) |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 147 | { |
David Howells | fb46f6e | 2017-04-06 10:12:00 +0100 | [diff] [blame] | 148 | struct rxrpc_skb_priv *sp = rxrpc_skb(skb); |
Herbert Xu | a263629 | 2016-06-26 14:55:24 -0700 | [diff] [blame] | 149 | struct rxkad_level1_hdr hdr; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 150 | struct rxrpc_crypt iv; |
Herbert Xu | a263629 | 2016-06-26 14:55:24 -0700 | [diff] [blame] | 151 | struct scatterlist sg; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 152 | u16 check; |
| 153 | |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 154 | _enter(""); |
| 155 | |
David Howells | 5a924b8 | 2016-09-22 00:29:31 +0100 | [diff] [blame] | 156 | check = sp->hdr.seq ^ call->call_id; |
David Howells | 0d12f8a | 2016-03-04 15:53:46 +0000 | [diff] [blame] | 157 | data_size |= (u32)check << 16; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 158 | |
Herbert Xu | a263629 | 2016-06-26 14:55:24 -0700 | [diff] [blame] | 159 | hdr.data_size = htonl(data_size); |
| 160 | memcpy(sechdr, &hdr, sizeof(hdr)); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 161 | |
| 162 | /* start the encryption afresh */ |
| 163 | memset(&iv, 0, sizeof(iv)); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 164 | |
Herbert Xu | a263629 | 2016-06-26 14:55:24 -0700 | [diff] [blame] | 165 | sg_init_one(&sg, sechdr, 8); |
Kees Cook | 69d826f | 2018-09-18 19:10:47 -0700 | [diff] [blame] | 166 | skcipher_request_set_sync_tfm(req, call->conn->cipher); |
Herbert Xu | 1afe593 | 2016-01-24 21:19:01 +0800 | [diff] [blame] | 167 | skcipher_request_set_callback(req, 0, NULL, NULL); |
Herbert Xu | a263629 | 2016-06-26 14:55:24 -0700 | [diff] [blame] | 168 | skcipher_request_set_crypt(req, &sg, &sg, 8, iv.x); |
Herbert Xu | 1afe593 | 2016-01-24 21:19:01 +0800 | [diff] [blame] | 169 | crypto_skcipher_encrypt(req); |
| 170 | skcipher_request_zero(req); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 171 | |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 172 | _leave(" = 0"); |
| 173 | return 0; |
| 174 | } |
| 175 | |
| 176 | /* |
| 177 | * wholly encrypt a packet (level 2 security) |
| 178 | */ |
| 179 | static int rxkad_secure_packet_encrypt(const struct rxrpc_call *call, |
David Howells | b4f1342 | 2016-03-04 15:56:19 +0000 | [diff] [blame] | 180 | struct sk_buff *skb, |
| 181 | u32 data_size, |
Kees Cook | 54424d3 | 2018-08-03 10:15:25 +0100 | [diff] [blame] | 182 | void *sechdr, |
| 183 | struct skcipher_request *req) |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 184 | { |
David Howells | 3394128 | 2009-09-14 01:17:35 +0000 | [diff] [blame] | 185 | const struct rxrpc_key_token *token; |
Herbert Xu | a263629 | 2016-06-26 14:55:24 -0700 | [diff] [blame] | 186 | struct rxkad_level2_hdr rxkhdr; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 187 | struct rxrpc_skb_priv *sp; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 188 | struct rxrpc_crypt iv; |
| 189 | struct scatterlist sg[16]; |
Eric Dumazet | 95c9617 | 2012-04-15 05:58:06 +0000 | [diff] [blame] | 190 | unsigned int len; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 191 | u16 check; |
Herbert Xu | 1afe593 | 2016-01-24 21:19:01 +0800 | [diff] [blame] | 192 | int err; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 193 | |
| 194 | sp = rxrpc_skb(skb); |
| 195 | |
| 196 | _enter(""); |
| 197 | |
David Howells | 5a924b8 | 2016-09-22 00:29:31 +0100 | [diff] [blame] | 198 | check = sp->hdr.seq ^ call->call_id; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 199 | |
David Howells | 0d12f8a | 2016-03-04 15:53:46 +0000 | [diff] [blame] | 200 | rxkhdr.data_size = htonl(data_size | (u32)check << 16); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 201 | rxkhdr.checksum = 0; |
Herbert Xu | a263629 | 2016-06-26 14:55:24 -0700 | [diff] [blame] | 202 | memcpy(sechdr, &rxkhdr, sizeof(rxkhdr)); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 203 | |
| 204 | /* encrypt from the session key */ |
David Howells | 19ffa01 | 2016-04-04 14:00:36 +0100 | [diff] [blame] | 205 | token = call->conn->params.key->payload.data[0]; |
David Howells | 3394128 | 2009-09-14 01:17:35 +0000 | [diff] [blame] | 206 | memcpy(&iv, token->kad->session_key, sizeof(iv)); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 207 | |
Herbert Xu | 68e3f5d | 2007-10-27 00:52:07 -0700 | [diff] [blame] | 208 | sg_init_one(&sg[0], sechdr, sizeof(rxkhdr)); |
Kees Cook | 69d826f | 2018-09-18 19:10:47 -0700 | [diff] [blame] | 209 | skcipher_request_set_sync_tfm(req, call->conn->cipher); |
Herbert Xu | 1afe593 | 2016-01-24 21:19:01 +0800 | [diff] [blame] | 210 | skcipher_request_set_callback(req, 0, NULL, NULL); |
Herbert Xu | a263629 | 2016-06-26 14:55:24 -0700 | [diff] [blame] | 211 | skcipher_request_set_crypt(req, &sg[0], &sg[0], sizeof(rxkhdr), iv.x); |
Herbert Xu | 1afe593 | 2016-01-24 21:19:01 +0800 | [diff] [blame] | 212 | crypto_skcipher_encrypt(req); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 213 | |
| 214 | /* we want to encrypt the skbuff in-place */ |
David Howells | d0d5c0c | 2019-08-27 10:13:46 +0100 | [diff] [blame] | 215 | err = -EMSGSIZE; |
| 216 | if (skb_shinfo(skb)->nr_frags > 16) |
Herbert Xu | 1afe593 | 2016-01-24 21:19:01 +0800 | [diff] [blame] | 217 | goto out; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 218 | |
| 219 | len = data_size + call->conn->size_align - 1; |
| 220 | len &= ~(call->conn->size_align - 1); |
| 221 | |
David Howells | d0d5c0c | 2019-08-27 10:13:46 +0100 | [diff] [blame] | 222 | sg_init_table(sg, ARRAY_SIZE(sg)); |
Jason A. Donenfeld | 89a5ea9 | 2017-06-04 04:16:24 +0200 | [diff] [blame] | 223 | err = skb_to_sgvec(skb, sg, 0, len); |
| 224 | if (unlikely(err < 0)) |
| 225 | goto out; |
Herbert Xu | 1afe593 | 2016-01-24 21:19:01 +0800 | [diff] [blame] | 226 | skcipher_request_set_crypt(req, sg, sg, len, iv.x); |
Herbert Xu | 1afe593 | 2016-01-24 21:19:01 +0800 | [diff] [blame] | 227 | crypto_skcipher_encrypt(req); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 228 | |
| 229 | _leave(" = 0"); |
Herbert Xu | 1afe593 | 2016-01-24 21:19:01 +0800 | [diff] [blame] | 230 | err = 0; |
| 231 | |
| 232 | out: |
| 233 | skcipher_request_zero(req); |
| 234 | return err; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 235 | } |
| 236 | |
| 237 | /* |
| 238 | * checksum an RxRPC packet header |
| 239 | */ |
Herbert Xu | a263629 | 2016-06-26 14:55:24 -0700 | [diff] [blame] | 240 | static int rxkad_secure_packet(struct rxrpc_call *call, |
David Howells | b4f1342 | 2016-03-04 15:56:19 +0000 | [diff] [blame] | 241 | struct sk_buff *skb, |
| 242 | size_t data_size, |
| 243 | void *sechdr) |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 244 | { |
| 245 | struct rxrpc_skb_priv *sp; |
Kees Cook | 69d826f | 2018-09-18 19:10:47 -0700 | [diff] [blame] | 246 | SYNC_SKCIPHER_REQUEST_ON_STACK(req, call->conn->cipher); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 247 | struct rxrpc_crypt iv; |
Herbert Xu | a263629 | 2016-06-26 14:55:24 -0700 | [diff] [blame] | 248 | struct scatterlist sg; |
David Howells | 0d12f8a | 2016-03-04 15:53:46 +0000 | [diff] [blame] | 249 | u32 x, y; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 250 | int ret; |
| 251 | |
| 252 | sp = rxrpc_skb(skb); |
| 253 | |
| 254 | _enter("{%d{%x}},{#%u},%zu,", |
David Howells | 19ffa01 | 2016-04-04 14:00:36 +0100 | [diff] [blame] | 255 | call->debug_id, key_serial(call->conn->params.key), |
| 256 | sp->hdr.seq, data_size); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 257 | |
| 258 | if (!call->conn->cipher) |
| 259 | return 0; |
| 260 | |
David Howells | 19ffa01 | 2016-04-04 14:00:36 +0100 | [diff] [blame] | 261 | ret = key_validate(call->conn->params.key); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 262 | if (ret < 0) |
| 263 | return ret; |
| 264 | |
| 265 | /* continue encrypting from where we left off */ |
| 266 | memcpy(&iv, call->conn->csum_iv.x, sizeof(iv)); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 267 | |
| 268 | /* calculate the security checksum */ |
David Howells | 01a90a4 | 2016-08-23 15:27:24 +0100 | [diff] [blame] | 269 | x = (call->cid & RXRPC_CHANNELMASK) << (32 - RXRPC_CIDSHIFT); |
David Howells | 0d12f8a | 2016-03-04 15:53:46 +0000 | [diff] [blame] | 270 | x |= sp->hdr.seq & 0x3fffffff; |
David Howells | 5a924b8 | 2016-09-22 00:29:31 +0100 | [diff] [blame] | 271 | call->crypto_buf[0] = htonl(call->call_id); |
Herbert Xu | a263629 | 2016-06-26 14:55:24 -0700 | [diff] [blame] | 272 | call->crypto_buf[1] = htonl(x); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 273 | |
Herbert Xu | a263629 | 2016-06-26 14:55:24 -0700 | [diff] [blame] | 274 | sg_init_one(&sg, call->crypto_buf, 8); |
Kees Cook | 69d826f | 2018-09-18 19:10:47 -0700 | [diff] [blame] | 275 | skcipher_request_set_sync_tfm(req, call->conn->cipher); |
Herbert Xu | 1afe593 | 2016-01-24 21:19:01 +0800 | [diff] [blame] | 276 | skcipher_request_set_callback(req, 0, NULL, NULL); |
Herbert Xu | a263629 | 2016-06-26 14:55:24 -0700 | [diff] [blame] | 277 | skcipher_request_set_crypt(req, &sg, &sg, 8, iv.x); |
Herbert Xu | 1afe593 | 2016-01-24 21:19:01 +0800 | [diff] [blame] | 278 | crypto_skcipher_encrypt(req); |
| 279 | skcipher_request_zero(req); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 280 | |
Herbert Xu | a263629 | 2016-06-26 14:55:24 -0700 | [diff] [blame] | 281 | y = ntohl(call->crypto_buf[1]); |
Al Viro | 91e916c | 2008-03-29 03:08:38 +0000 | [diff] [blame] | 282 | y = (y >> 16) & 0xffff; |
| 283 | if (y == 0) |
| 284 | y = 1; /* zero checksums are not permitted */ |
David Howells | 0d12f8a | 2016-03-04 15:53:46 +0000 | [diff] [blame] | 285 | sp->hdr.cksum = y; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 286 | |
David Howells | 19ffa01 | 2016-04-04 14:00:36 +0100 | [diff] [blame] | 287 | switch (call->conn->params.security_level) { |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 288 | case RXRPC_SECURITY_PLAIN: |
| 289 | ret = 0; |
| 290 | break; |
| 291 | case RXRPC_SECURITY_AUTH: |
Kees Cook | 54424d3 | 2018-08-03 10:15:25 +0100 | [diff] [blame] | 292 | ret = rxkad_secure_packet_auth(call, skb, data_size, sechdr, |
| 293 | req); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 294 | break; |
| 295 | case RXRPC_SECURITY_ENCRYPT: |
| 296 | ret = rxkad_secure_packet_encrypt(call, skb, data_size, |
Kees Cook | 54424d3 | 2018-08-03 10:15:25 +0100 | [diff] [blame] | 297 | sechdr, req); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 298 | break; |
| 299 | default: |
| 300 | ret = -EPERM; |
| 301 | break; |
| 302 | } |
| 303 | |
Al Viro | 91e916c | 2008-03-29 03:08:38 +0000 | [diff] [blame] | 304 | _leave(" = %d [set %hx]", ret, y); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 305 | return ret; |
| 306 | } |
| 307 | |
| 308 | /* |
| 309 | * decrypt partial encryption on a packet (level 1 security) |
| 310 | */ |
David Howells | 5a42976 | 2016-09-06 22:19:51 +0100 | [diff] [blame] | 311 | static int rxkad_verify_packet_1(struct rxrpc_call *call, struct sk_buff *skb, |
David Howells | 248f219 | 2016-09-08 11:10:12 +0100 | [diff] [blame] | 312 | unsigned int offset, unsigned int len, |
Kees Cook | 54424d3 | 2018-08-03 10:15:25 +0100 | [diff] [blame] | 313 | rxrpc_seq_t seq, |
| 314 | struct skcipher_request *req) |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 315 | { |
| 316 | struct rxkad_level1_hdr sechdr; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 317 | struct rxrpc_crypt iv; |
Herbert Xu | 68e3f5d | 2007-10-27 00:52:07 -0700 | [diff] [blame] | 318 | struct scatterlist sg[16]; |
David Howells | fb46f6e | 2017-04-06 10:12:00 +0100 | [diff] [blame] | 319 | bool aborted; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 320 | u32 data_size, buf; |
| 321 | u16 check; |
David Howells | d0d5c0c | 2019-08-27 10:13:46 +0100 | [diff] [blame] | 322 | int ret; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 323 | |
| 324 | _enter(""); |
| 325 | |
David Howells | 248f219 | 2016-09-08 11:10:12 +0100 | [diff] [blame] | 326 | if (len < 8) { |
David Howells | fb46f6e | 2017-04-06 10:12:00 +0100 | [diff] [blame] | 327 | aborted = rxrpc_abort_eproto(call, skb, "rxkad_1_hdr", "V1H", |
| 328 | RXKADSEALEDINCON); |
David Howells | 5a42976 | 2016-09-06 22:19:51 +0100 | [diff] [blame] | 329 | goto protocol_error; |
| 330 | } |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 331 | |
David Howells | 248f219 | 2016-09-08 11:10:12 +0100 | [diff] [blame] | 332 | /* Decrypt the skbuff in-place. TODO: We really want to decrypt |
| 333 | * directly into the target buffer. |
| 334 | */ |
David Howells | d0d5c0c | 2019-08-27 10:13:46 +0100 | [diff] [blame] | 335 | sg_init_table(sg, ARRAY_SIZE(sg)); |
Jason A. Donenfeld | 89a5ea9 | 2017-06-04 04:16:24 +0200 | [diff] [blame] | 336 | ret = skb_to_sgvec(skb, sg, offset, 8); |
| 337 | if (unlikely(ret < 0)) |
| 338 | return ret; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 339 | |
| 340 | /* start the decryption afresh */ |
| 341 | memset(&iv, 0, sizeof(iv)); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 342 | |
Kees Cook | 69d826f | 2018-09-18 19:10:47 -0700 | [diff] [blame] | 343 | skcipher_request_set_sync_tfm(req, call->conn->cipher); |
Herbert Xu | 1afe593 | 2016-01-24 21:19:01 +0800 | [diff] [blame] | 344 | skcipher_request_set_callback(req, 0, NULL, NULL); |
| 345 | skcipher_request_set_crypt(req, sg, sg, 8, iv.x); |
Herbert Xu | 1afe593 | 2016-01-24 21:19:01 +0800 | [diff] [blame] | 346 | crypto_skcipher_decrypt(req); |
| 347 | skcipher_request_zero(req); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 348 | |
David Howells | 5a42976 | 2016-09-06 22:19:51 +0100 | [diff] [blame] | 349 | /* Extract the decrypted packet length */ |
David Howells | 248f219 | 2016-09-08 11:10:12 +0100 | [diff] [blame] | 350 | if (skb_copy_bits(skb, offset, &sechdr, sizeof(sechdr)) < 0) { |
David Howells | fb46f6e | 2017-04-06 10:12:00 +0100 | [diff] [blame] | 351 | aborted = rxrpc_abort_eproto(call, skb, "rxkad_1_len", "XV1", |
| 352 | RXKADDATALEN); |
David Howells | 5a42976 | 2016-09-06 22:19:51 +0100 | [diff] [blame] | 353 | goto protocol_error; |
| 354 | } |
David Howells | 248f219 | 2016-09-08 11:10:12 +0100 | [diff] [blame] | 355 | offset += sizeof(sechdr); |
| 356 | len -= sizeof(sechdr); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 357 | |
| 358 | buf = ntohl(sechdr.data_size); |
| 359 | data_size = buf & 0xffff; |
| 360 | |
| 361 | check = buf >> 16; |
David Howells | 5a42976 | 2016-09-06 22:19:51 +0100 | [diff] [blame] | 362 | check ^= seq ^ call->call_id; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 363 | check &= 0xffff; |
| 364 | if (check != 0) { |
David Howells | fb46f6e | 2017-04-06 10:12:00 +0100 | [diff] [blame] | 365 | aborted = rxrpc_abort_eproto(call, skb, "rxkad_1_check", "V1C", |
| 366 | RXKADSEALEDINCON); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 367 | goto protocol_error; |
| 368 | } |
| 369 | |
David Howells | 248f219 | 2016-09-08 11:10:12 +0100 | [diff] [blame] | 370 | if (data_size > len) { |
David Howells | fb46f6e | 2017-04-06 10:12:00 +0100 | [diff] [blame] | 371 | aborted = rxrpc_abort_eproto(call, skb, "rxkad_1_datalen", "V1L", |
| 372 | RXKADDATALEN); |
David Howells | 5a42976 | 2016-09-06 22:19:51 +0100 | [diff] [blame] | 373 | goto protocol_error; |
| 374 | } |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 375 | |
| 376 | _leave(" = 0 [dlen=%x]", data_size); |
| 377 | return 0; |
| 378 | |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 379 | protocol_error: |
David Howells | fb46f6e | 2017-04-06 10:12:00 +0100 | [diff] [blame] | 380 | if (aborted) |
| 381 | rxrpc_send_abort_packet(call); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 382 | return -EPROTO; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 383 | } |
| 384 | |
| 385 | /* |
| 386 | * wholly decrypt a packet (level 2 security) |
| 387 | */ |
David Howells | 5a42976 | 2016-09-06 22:19:51 +0100 | [diff] [blame] | 388 | static int rxkad_verify_packet_2(struct rxrpc_call *call, struct sk_buff *skb, |
David Howells | 248f219 | 2016-09-08 11:10:12 +0100 | [diff] [blame] | 389 | unsigned int offset, unsigned int len, |
Kees Cook | 54424d3 | 2018-08-03 10:15:25 +0100 | [diff] [blame] | 390 | rxrpc_seq_t seq, |
| 391 | struct skcipher_request *req) |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 392 | { |
David Howells | 3394128 | 2009-09-14 01:17:35 +0000 | [diff] [blame] | 393 | const struct rxrpc_key_token *token; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 394 | struct rxkad_level2_hdr sechdr; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 395 | struct rxrpc_crypt iv; |
| 396 | struct scatterlist _sg[4], *sg; |
David Howells | fb46f6e | 2017-04-06 10:12:00 +0100 | [diff] [blame] | 397 | bool aborted; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 398 | u32 data_size, buf; |
| 399 | u16 check; |
Jason A. Donenfeld | 89a5ea9 | 2017-06-04 04:16:24 +0200 | [diff] [blame] | 400 | int nsg, ret; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 401 | |
| 402 | _enter(",{%d}", skb->len); |
| 403 | |
David Howells | 248f219 | 2016-09-08 11:10:12 +0100 | [diff] [blame] | 404 | if (len < 8) { |
David Howells | fb46f6e | 2017-04-06 10:12:00 +0100 | [diff] [blame] | 405 | aborted = rxrpc_abort_eproto(call, skb, "rxkad_2_hdr", "V2H", |
| 406 | RXKADSEALEDINCON); |
David Howells | 5a42976 | 2016-09-06 22:19:51 +0100 | [diff] [blame] | 407 | goto protocol_error; |
| 408 | } |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 409 | |
David Howells | 248f219 | 2016-09-08 11:10:12 +0100 | [diff] [blame] | 410 | /* Decrypt the skbuff in-place. TODO: We really want to decrypt |
| 411 | * directly into the target buffer. |
| 412 | */ |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 413 | sg = _sg; |
David Howells | d0d5c0c | 2019-08-27 10:13:46 +0100 | [diff] [blame] | 414 | nsg = skb_shinfo(skb)->nr_frags; |
| 415 | if (nsg <= 4) { |
| 416 | nsg = 4; |
| 417 | } else { |
Kees Cook | 6da2ec5 | 2018-06-12 13:55:00 -0700 | [diff] [blame] | 418 | sg = kmalloc_array(nsg, sizeof(*sg), GFP_NOIO); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 419 | if (!sg) |
| 420 | goto nomem; |
| 421 | } |
| 422 | |
Herbert Xu | 68e3f5d | 2007-10-27 00:52:07 -0700 | [diff] [blame] | 423 | sg_init_table(sg, nsg); |
Jason A. Donenfeld | 89a5ea9 | 2017-06-04 04:16:24 +0200 | [diff] [blame] | 424 | ret = skb_to_sgvec(skb, sg, offset, len); |
| 425 | if (unlikely(ret < 0)) { |
| 426 | if (sg != _sg) |
| 427 | kfree(sg); |
| 428 | return ret; |
| 429 | } |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 430 | |
| 431 | /* decrypt from the session key */ |
David Howells | 19ffa01 | 2016-04-04 14:00:36 +0100 | [diff] [blame] | 432 | token = call->conn->params.key->payload.data[0]; |
David Howells | 3394128 | 2009-09-14 01:17:35 +0000 | [diff] [blame] | 433 | memcpy(&iv, token->kad->session_key, sizeof(iv)); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 434 | |
Kees Cook | 69d826f | 2018-09-18 19:10:47 -0700 | [diff] [blame] | 435 | skcipher_request_set_sync_tfm(req, call->conn->cipher); |
Herbert Xu | 1afe593 | 2016-01-24 21:19:01 +0800 | [diff] [blame] | 436 | skcipher_request_set_callback(req, 0, NULL, NULL); |
David Howells | 248f219 | 2016-09-08 11:10:12 +0100 | [diff] [blame] | 437 | skcipher_request_set_crypt(req, sg, sg, len, iv.x); |
Herbert Xu | 1afe593 | 2016-01-24 21:19:01 +0800 | [diff] [blame] | 438 | crypto_skcipher_decrypt(req); |
| 439 | skcipher_request_zero(req); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 440 | if (sg != _sg) |
| 441 | kfree(sg); |
| 442 | |
David Howells | 5a42976 | 2016-09-06 22:19:51 +0100 | [diff] [blame] | 443 | /* Extract the decrypted packet length */ |
David Howells | 248f219 | 2016-09-08 11:10:12 +0100 | [diff] [blame] | 444 | if (skb_copy_bits(skb, offset, &sechdr, sizeof(sechdr)) < 0) { |
David Howells | fb46f6e | 2017-04-06 10:12:00 +0100 | [diff] [blame] | 445 | aborted = rxrpc_abort_eproto(call, skb, "rxkad_2_len", "XV2", |
| 446 | RXKADDATALEN); |
David Howells | 5a42976 | 2016-09-06 22:19:51 +0100 | [diff] [blame] | 447 | goto protocol_error; |
| 448 | } |
David Howells | 248f219 | 2016-09-08 11:10:12 +0100 | [diff] [blame] | 449 | offset += sizeof(sechdr); |
| 450 | len -= sizeof(sechdr); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 451 | |
| 452 | buf = ntohl(sechdr.data_size); |
| 453 | data_size = buf & 0xffff; |
| 454 | |
| 455 | check = buf >> 16; |
David Howells | 5a42976 | 2016-09-06 22:19:51 +0100 | [diff] [blame] | 456 | check ^= seq ^ call->call_id; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 457 | check &= 0xffff; |
| 458 | if (check != 0) { |
David Howells | fb46f6e | 2017-04-06 10:12:00 +0100 | [diff] [blame] | 459 | aborted = rxrpc_abort_eproto(call, skb, "rxkad_2_check", "V2C", |
| 460 | RXKADSEALEDINCON); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 461 | goto protocol_error; |
| 462 | } |
| 463 | |
David Howells | 248f219 | 2016-09-08 11:10:12 +0100 | [diff] [blame] | 464 | if (data_size > len) { |
David Howells | fb46f6e | 2017-04-06 10:12:00 +0100 | [diff] [blame] | 465 | aborted = rxrpc_abort_eproto(call, skb, "rxkad_2_datalen", "V2L", |
| 466 | RXKADDATALEN); |
David Howells | 5a42976 | 2016-09-06 22:19:51 +0100 | [diff] [blame] | 467 | goto protocol_error; |
| 468 | } |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 469 | |
| 470 | _leave(" = 0 [dlen=%x]", data_size); |
| 471 | return 0; |
| 472 | |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 473 | protocol_error: |
David Howells | fb46f6e | 2017-04-06 10:12:00 +0100 | [diff] [blame] | 474 | if (aborted) |
| 475 | rxrpc_send_abort_packet(call); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 476 | return -EPROTO; |
| 477 | |
| 478 | nomem: |
| 479 | _leave(" = -ENOMEM"); |
| 480 | return -ENOMEM; |
| 481 | } |
| 482 | |
| 483 | /* |
David Howells | 5a42976 | 2016-09-06 22:19:51 +0100 | [diff] [blame] | 484 | * Verify the security on a received packet or subpacket (if part of a |
| 485 | * jumbo packet). |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 486 | */ |
David Howells | 5a42976 | 2016-09-06 22:19:51 +0100 | [diff] [blame] | 487 | static int rxkad_verify_packet(struct rxrpc_call *call, struct sk_buff *skb, |
David Howells | 248f219 | 2016-09-08 11:10:12 +0100 | [diff] [blame] | 488 | unsigned int offset, unsigned int len, |
David Howells | 5a42976 | 2016-09-06 22:19:51 +0100 | [diff] [blame] | 489 | rxrpc_seq_t seq, u16 expected_cksum) |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 490 | { |
Kees Cook | 69d826f | 2018-09-18 19:10:47 -0700 | [diff] [blame] | 491 | SYNC_SKCIPHER_REQUEST_ON_STACK(req, call->conn->cipher); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 492 | struct rxrpc_crypt iv; |
Herbert Xu | a263629 | 2016-06-26 14:55:24 -0700 | [diff] [blame] | 493 | struct scatterlist sg; |
David Howells | fb46f6e | 2017-04-06 10:12:00 +0100 | [diff] [blame] | 494 | bool aborted; |
David Howells | 0d12f8a | 2016-03-04 15:53:46 +0000 | [diff] [blame] | 495 | u16 cksum; |
| 496 | u32 x, y; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 497 | |
| 498 | _enter("{%d{%x}},{#%u}", |
David Howells | 5a42976 | 2016-09-06 22:19:51 +0100 | [diff] [blame] | 499 | call->debug_id, key_serial(call->conn->params.key), seq); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 500 | |
| 501 | if (!call->conn->cipher) |
| 502 | return 0; |
| 503 | |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 504 | /* continue encrypting from where we left off */ |
| 505 | memcpy(&iv, call->conn->csum_iv.x, sizeof(iv)); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 506 | |
| 507 | /* validate the security checksum */ |
David Howells | 01a90a4 | 2016-08-23 15:27:24 +0100 | [diff] [blame] | 508 | x = (call->cid & RXRPC_CHANNELMASK) << (32 - RXRPC_CIDSHIFT); |
David Howells | 5a42976 | 2016-09-06 22:19:51 +0100 | [diff] [blame] | 509 | x |= seq & 0x3fffffff; |
Herbert Xu | a263629 | 2016-06-26 14:55:24 -0700 | [diff] [blame] | 510 | call->crypto_buf[0] = htonl(call->call_id); |
| 511 | call->crypto_buf[1] = htonl(x); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 512 | |
Herbert Xu | a263629 | 2016-06-26 14:55:24 -0700 | [diff] [blame] | 513 | sg_init_one(&sg, call->crypto_buf, 8); |
Kees Cook | 69d826f | 2018-09-18 19:10:47 -0700 | [diff] [blame] | 514 | skcipher_request_set_sync_tfm(req, call->conn->cipher); |
Herbert Xu | 1afe593 | 2016-01-24 21:19:01 +0800 | [diff] [blame] | 515 | skcipher_request_set_callback(req, 0, NULL, NULL); |
Herbert Xu | a263629 | 2016-06-26 14:55:24 -0700 | [diff] [blame] | 516 | skcipher_request_set_crypt(req, &sg, &sg, 8, iv.x); |
Herbert Xu | 1afe593 | 2016-01-24 21:19:01 +0800 | [diff] [blame] | 517 | crypto_skcipher_encrypt(req); |
| 518 | skcipher_request_zero(req); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 519 | |
Herbert Xu | a263629 | 2016-06-26 14:55:24 -0700 | [diff] [blame] | 520 | y = ntohl(call->crypto_buf[1]); |
David Howells | 0d12f8a | 2016-03-04 15:53:46 +0000 | [diff] [blame] | 521 | cksum = (y >> 16) & 0xffff; |
| 522 | if (cksum == 0) |
| 523 | cksum = 1; /* zero checksums are not permitted */ |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 524 | |
David Howells | 5a42976 | 2016-09-06 22:19:51 +0100 | [diff] [blame] | 525 | if (cksum != expected_cksum) { |
David Howells | fb46f6e | 2017-04-06 10:12:00 +0100 | [diff] [blame] | 526 | aborted = rxrpc_abort_eproto(call, skb, "rxkad_csum", "VCK", |
| 527 | RXKADSEALEDINCON); |
| 528 | goto protocol_error; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 529 | } |
| 530 | |
David Howells | 19ffa01 | 2016-04-04 14:00:36 +0100 | [diff] [blame] | 531 | switch (call->conn->params.security_level) { |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 532 | case RXRPC_SECURITY_PLAIN: |
David Howells | 5a42976 | 2016-09-06 22:19:51 +0100 | [diff] [blame] | 533 | return 0; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 534 | case RXRPC_SECURITY_AUTH: |
Kees Cook | 54424d3 | 2018-08-03 10:15:25 +0100 | [diff] [blame] | 535 | return rxkad_verify_packet_1(call, skb, offset, len, seq, req); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 536 | case RXRPC_SECURITY_ENCRYPT: |
Kees Cook | 54424d3 | 2018-08-03 10:15:25 +0100 | [diff] [blame] | 537 | return rxkad_verify_packet_2(call, skb, offset, len, seq, req); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 538 | default: |
David Howells | 5a42976 | 2016-09-06 22:19:51 +0100 | [diff] [blame] | 539 | return -ENOANO; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 540 | } |
David Howells | fb46f6e | 2017-04-06 10:12:00 +0100 | [diff] [blame] | 541 | |
| 542 | protocol_error: |
| 543 | if (aborted) |
| 544 | rxrpc_send_abort_packet(call); |
| 545 | return -EPROTO; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 546 | } |
| 547 | |
| 548 | /* |
David Howells | 248f219 | 2016-09-08 11:10:12 +0100 | [diff] [blame] | 549 | * Locate the data contained in a packet that was partially encrypted. |
| 550 | */ |
| 551 | static void rxkad_locate_data_1(struct rxrpc_call *call, struct sk_buff *skb, |
| 552 | unsigned int *_offset, unsigned int *_len) |
| 553 | { |
| 554 | struct rxkad_level1_hdr sechdr; |
| 555 | |
| 556 | if (skb_copy_bits(skb, *_offset, &sechdr, sizeof(sechdr)) < 0) |
| 557 | BUG(); |
| 558 | *_offset += sizeof(sechdr); |
| 559 | *_len = ntohl(sechdr.data_size) & 0xffff; |
| 560 | } |
| 561 | |
| 562 | /* |
| 563 | * Locate the data contained in a packet that was completely encrypted. |
| 564 | */ |
| 565 | static void rxkad_locate_data_2(struct rxrpc_call *call, struct sk_buff *skb, |
| 566 | unsigned int *_offset, unsigned int *_len) |
| 567 | { |
| 568 | struct rxkad_level2_hdr sechdr; |
| 569 | |
| 570 | if (skb_copy_bits(skb, *_offset, &sechdr, sizeof(sechdr)) < 0) |
| 571 | BUG(); |
| 572 | *_offset += sizeof(sechdr); |
| 573 | *_len = ntohl(sechdr.data_size) & 0xffff; |
| 574 | } |
| 575 | |
| 576 | /* |
| 577 | * Locate the data contained in an already decrypted packet. |
| 578 | */ |
| 579 | static void rxkad_locate_data(struct rxrpc_call *call, struct sk_buff *skb, |
| 580 | unsigned int *_offset, unsigned int *_len) |
| 581 | { |
| 582 | switch (call->conn->params.security_level) { |
| 583 | case RXRPC_SECURITY_AUTH: |
| 584 | rxkad_locate_data_1(call, skb, _offset, _len); |
| 585 | return; |
| 586 | case RXRPC_SECURITY_ENCRYPT: |
| 587 | rxkad_locate_data_2(call, skb, _offset, _len); |
| 588 | return; |
| 589 | default: |
| 590 | return; |
| 591 | } |
| 592 | } |
| 593 | |
| 594 | /* |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 595 | * issue a challenge |
| 596 | */ |
| 597 | static int rxkad_issue_challenge(struct rxrpc_connection *conn) |
| 598 | { |
| 599 | struct rxkad_challenge challenge; |
David Howells | 0d12f8a | 2016-03-04 15:53:46 +0000 | [diff] [blame] | 600 | struct rxrpc_wire_header whdr; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 601 | struct msghdr msg; |
| 602 | struct kvec iov[2]; |
| 603 | size_t len; |
David Howells | 0d12f8a | 2016-03-04 15:53:46 +0000 | [diff] [blame] | 604 | u32 serial; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 605 | int ret; |
| 606 | |
David Howells | 19ffa01 | 2016-04-04 14:00:36 +0100 | [diff] [blame] | 607 | _enter("{%d,%x}", conn->debug_id, key_serial(conn->params.key)); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 608 | |
David Howells | 19ffa01 | 2016-04-04 14:00:36 +0100 | [diff] [blame] | 609 | ret = key_validate(conn->params.key); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 610 | if (ret < 0) |
| 611 | return ret; |
| 612 | |
| 613 | get_random_bytes(&conn->security_nonce, sizeof(conn->security_nonce)); |
| 614 | |
| 615 | challenge.version = htonl(2); |
| 616 | challenge.nonce = htonl(conn->security_nonce); |
| 617 | challenge.min_level = htonl(0); |
| 618 | challenge.__padding = 0; |
| 619 | |
David Howells | 7b674e3 | 2017-08-29 10:18:37 +0100 | [diff] [blame] | 620 | msg.msg_name = &conn->params.peer->srx.transport; |
| 621 | msg.msg_namelen = conn->params.peer->srx.transport_len; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 622 | msg.msg_control = NULL; |
| 623 | msg.msg_controllen = 0; |
| 624 | msg.msg_flags = 0; |
| 625 | |
David Howells | 19ffa01 | 2016-04-04 14:00:36 +0100 | [diff] [blame] | 626 | whdr.epoch = htonl(conn->proto.epoch); |
| 627 | whdr.cid = htonl(conn->proto.cid); |
David Howells | 0d12f8a | 2016-03-04 15:53:46 +0000 | [diff] [blame] | 628 | whdr.callNumber = 0; |
| 629 | whdr.seq = 0; |
| 630 | whdr.type = RXRPC_PACKET_TYPE_CHALLENGE; |
| 631 | whdr.flags = conn->out_clientflag; |
| 632 | whdr.userStatus = 0; |
| 633 | whdr.securityIndex = conn->security_ix; |
| 634 | whdr._rsvd = 0; |
David Howells | 68d6d1a | 2017-06-05 14:30:49 +0100 | [diff] [blame] | 635 | whdr.serviceId = htons(conn->service_id); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 636 | |
David Howells | 0d12f8a | 2016-03-04 15:53:46 +0000 | [diff] [blame] | 637 | iov[0].iov_base = &whdr; |
| 638 | iov[0].iov_len = sizeof(whdr); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 639 | iov[1].iov_base = &challenge; |
| 640 | iov[1].iov_len = sizeof(challenge); |
| 641 | |
| 642 | len = iov[0].iov_len + iov[1].iov_len; |
| 643 | |
David Howells | 0d12f8a | 2016-03-04 15:53:46 +0000 | [diff] [blame] | 644 | serial = atomic_inc_return(&conn->serial); |
| 645 | whdr.serial = htonl(serial); |
| 646 | _proto("Tx CHALLENGE %%%u", serial); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 647 | |
David Howells | 85f3227 | 2016-04-04 14:00:36 +0100 | [diff] [blame] | 648 | ret = kernel_sendmsg(conn->params.local->socket, &msg, iov, 2, len); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 649 | if (ret < 0) { |
David Howells | 6b47fe1 | 2018-05-10 23:26:01 +0100 | [diff] [blame] | 650 | trace_rxrpc_tx_fail(conn->debug_id, serial, ret, |
David Howells | 4764c0d | 2018-07-23 17:18:37 +0100 | [diff] [blame] | 651 | rxrpc_tx_point_rxkad_challenge); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 652 | return -EAGAIN; |
| 653 | } |
| 654 | |
David Howells | 330bdcf | 2018-08-08 11:30:02 +0100 | [diff] [blame] | 655 | conn->params.peer->last_tx_at = ktime_get_seconds(); |
David Howells | 4764c0d | 2018-07-23 17:18:37 +0100 | [diff] [blame] | 656 | trace_rxrpc_tx_packet(conn->debug_id, &whdr, |
| 657 | rxrpc_tx_point_rxkad_challenge); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 658 | _leave(" = 0"); |
| 659 | return 0; |
| 660 | } |
| 661 | |
| 662 | /* |
| 663 | * send a Kerberos security response |
| 664 | */ |
| 665 | static int rxkad_send_response(struct rxrpc_connection *conn, |
David Howells | 0d12f8a | 2016-03-04 15:53:46 +0000 | [diff] [blame] | 666 | struct rxrpc_host_header *hdr, |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 667 | struct rxkad_response *resp, |
| 668 | const struct rxkad_key *s2) |
| 669 | { |
David Howells | 0d12f8a | 2016-03-04 15:53:46 +0000 | [diff] [blame] | 670 | struct rxrpc_wire_header whdr; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 671 | struct msghdr msg; |
| 672 | struct kvec iov[3]; |
| 673 | size_t len; |
David Howells | 0d12f8a | 2016-03-04 15:53:46 +0000 | [diff] [blame] | 674 | u32 serial; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 675 | int ret; |
| 676 | |
| 677 | _enter(""); |
| 678 | |
David Howells | 7b674e3 | 2017-08-29 10:18:37 +0100 | [diff] [blame] | 679 | msg.msg_name = &conn->params.peer->srx.transport; |
| 680 | msg.msg_namelen = conn->params.peer->srx.transport_len; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 681 | msg.msg_control = NULL; |
| 682 | msg.msg_controllen = 0; |
| 683 | msg.msg_flags = 0; |
| 684 | |
David Howells | 0d12f8a | 2016-03-04 15:53:46 +0000 | [diff] [blame] | 685 | memset(&whdr, 0, sizeof(whdr)); |
| 686 | whdr.epoch = htonl(hdr->epoch); |
| 687 | whdr.cid = htonl(hdr->cid); |
| 688 | whdr.type = RXRPC_PACKET_TYPE_RESPONSE; |
| 689 | whdr.flags = conn->out_clientflag; |
| 690 | whdr.securityIndex = hdr->securityIndex; |
| 691 | whdr.serviceId = htons(hdr->serviceId); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 692 | |
David Howells | 0d12f8a | 2016-03-04 15:53:46 +0000 | [diff] [blame] | 693 | iov[0].iov_base = &whdr; |
| 694 | iov[0].iov_len = sizeof(whdr); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 695 | iov[1].iov_base = resp; |
| 696 | iov[1].iov_len = sizeof(*resp); |
David Howells | 0d12f8a | 2016-03-04 15:53:46 +0000 | [diff] [blame] | 697 | iov[2].iov_base = (void *)s2->ticket; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 698 | iov[2].iov_len = s2->ticket_len; |
| 699 | |
| 700 | len = iov[0].iov_len + iov[1].iov_len + iov[2].iov_len; |
| 701 | |
David Howells | 0d12f8a | 2016-03-04 15:53:46 +0000 | [diff] [blame] | 702 | serial = atomic_inc_return(&conn->serial); |
| 703 | whdr.serial = htonl(serial); |
| 704 | _proto("Tx RESPONSE %%%u", serial); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 705 | |
David Howells | 85f3227 | 2016-04-04 14:00:36 +0100 | [diff] [blame] | 706 | ret = kernel_sendmsg(conn->params.local->socket, &msg, iov, 3, len); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 707 | if (ret < 0) { |
David Howells | 6b47fe1 | 2018-05-10 23:26:01 +0100 | [diff] [blame] | 708 | trace_rxrpc_tx_fail(conn->debug_id, serial, ret, |
David Howells | 4764c0d | 2018-07-23 17:18:37 +0100 | [diff] [blame] | 709 | rxrpc_tx_point_rxkad_response); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 710 | return -EAGAIN; |
| 711 | } |
| 712 | |
David Howells | 330bdcf | 2018-08-08 11:30:02 +0100 | [diff] [blame] | 713 | conn->params.peer->last_tx_at = ktime_get_seconds(); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 714 | _leave(" = 0"); |
| 715 | return 0; |
| 716 | } |
| 717 | |
| 718 | /* |
| 719 | * calculate the response checksum |
| 720 | */ |
| 721 | static void rxkad_calc_response_checksum(struct rxkad_response *response) |
| 722 | { |
| 723 | u32 csum = 1000003; |
| 724 | int loop; |
| 725 | u8 *p = (u8 *) response; |
| 726 | |
| 727 | for (loop = sizeof(*response); loop > 0; loop--) |
| 728 | csum = csum * 0x10204081 + *p++; |
| 729 | |
| 730 | response->encrypted.checksum = htonl(csum); |
| 731 | } |
| 732 | |
| 733 | /* |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 734 | * encrypt the response packet |
| 735 | */ |
| 736 | static void rxkad_encrypt_response(struct rxrpc_connection *conn, |
| 737 | struct rxkad_response *resp, |
| 738 | const struct rxkad_key *s2) |
| 739 | { |
Kees Cook | 69d826f | 2018-09-18 19:10:47 -0700 | [diff] [blame] | 740 | SYNC_SKCIPHER_REQUEST_ON_STACK(req, conn->cipher); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 741 | struct rxrpc_crypt iv; |
Herbert Xu | a263629 | 2016-06-26 14:55:24 -0700 | [diff] [blame] | 742 | struct scatterlist sg[1]; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 743 | |
| 744 | /* continue encrypting from where we left off */ |
| 745 | memcpy(&iv, s2->session_key, sizeof(iv)); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 746 | |
Herbert Xu | a263629 | 2016-06-26 14:55:24 -0700 | [diff] [blame] | 747 | sg_init_table(sg, 1); |
| 748 | sg_set_buf(sg, &resp->encrypted, sizeof(resp->encrypted)); |
Kees Cook | 69d826f | 2018-09-18 19:10:47 -0700 | [diff] [blame] | 749 | skcipher_request_set_sync_tfm(req, conn->cipher); |
Herbert Xu | 1afe593 | 2016-01-24 21:19:01 +0800 | [diff] [blame] | 750 | skcipher_request_set_callback(req, 0, NULL, NULL); |
| 751 | skcipher_request_set_crypt(req, sg, sg, sizeof(resp->encrypted), iv.x); |
Herbert Xu | 1afe593 | 2016-01-24 21:19:01 +0800 | [diff] [blame] | 752 | crypto_skcipher_encrypt(req); |
| 753 | skcipher_request_zero(req); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 754 | } |
| 755 | |
| 756 | /* |
| 757 | * respond to a challenge packet |
| 758 | */ |
| 759 | static int rxkad_respond_to_challenge(struct rxrpc_connection *conn, |
| 760 | struct sk_buff *skb, |
| 761 | u32 *_abort_code) |
| 762 | { |
David Howells | 3394128 | 2009-09-14 01:17:35 +0000 | [diff] [blame] | 763 | const struct rxrpc_key_token *token; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 764 | struct rxkad_challenge challenge; |
David Howells | 8c2f826 | 2018-02-08 15:59:07 +0000 | [diff] [blame] | 765 | struct rxkad_response *resp; |
David Howells | 248f219 | 2016-09-08 11:10:12 +0100 | [diff] [blame] | 766 | struct rxrpc_skb_priv *sp = rxrpc_skb(skb); |
David Howells | fb46f6e | 2017-04-06 10:12:00 +0100 | [diff] [blame] | 767 | const char *eproto; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 768 | u32 version, nonce, min_level, abort_code; |
| 769 | int ret; |
| 770 | |
David Howells | 19ffa01 | 2016-04-04 14:00:36 +0100 | [diff] [blame] | 771 | _enter("{%d,%x}", conn->debug_id, key_serial(conn->params.key)); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 772 | |
David Howells | fb46f6e | 2017-04-06 10:12:00 +0100 | [diff] [blame] | 773 | eproto = tracepoint_string("chall_no_key"); |
David Howells | ef68622 | 2017-04-06 10:11:59 +0100 | [diff] [blame] | 774 | abort_code = RX_PROTOCOL_ERROR; |
| 775 | if (!conn->params.key) |
| 776 | goto protocol_error; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 777 | |
David Howells | ef68622 | 2017-04-06 10:11:59 +0100 | [diff] [blame] | 778 | abort_code = RXKADEXPIRED; |
David Howells | 19ffa01 | 2016-04-04 14:00:36 +0100 | [diff] [blame] | 779 | ret = key_validate(conn->params.key); |
David Howells | ef68622 | 2017-04-06 10:11:59 +0100 | [diff] [blame] | 780 | if (ret < 0) |
| 781 | goto other_error; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 782 | |
David Howells | fb46f6e | 2017-04-06 10:12:00 +0100 | [diff] [blame] | 783 | eproto = tracepoint_string("chall_short"); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 784 | abort_code = RXKADPACKETSHORT; |
David Howells | 775e5b7 | 2016-09-30 13:26:03 +0100 | [diff] [blame] | 785 | if (skb_copy_bits(skb, sizeof(struct rxrpc_wire_header), |
| 786 | &challenge, sizeof(challenge)) < 0) |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 787 | goto protocol_error; |
| 788 | |
| 789 | version = ntohl(challenge.version); |
| 790 | nonce = ntohl(challenge.nonce); |
| 791 | min_level = ntohl(challenge.min_level); |
| 792 | |
| 793 | _proto("Rx CHALLENGE %%%u { v=%u n=%u ml=%u }", |
David Howells | 0d12f8a | 2016-03-04 15:53:46 +0000 | [diff] [blame] | 794 | sp->hdr.serial, version, nonce, min_level); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 795 | |
David Howells | fb46f6e | 2017-04-06 10:12:00 +0100 | [diff] [blame] | 796 | eproto = tracepoint_string("chall_ver"); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 797 | abort_code = RXKADINCONSISTENCY; |
| 798 | if (version != RXKAD_VERSION) |
| 799 | goto protocol_error; |
| 800 | |
| 801 | abort_code = RXKADLEVELFAIL; |
David Howells | ef68622 | 2017-04-06 10:11:59 +0100 | [diff] [blame] | 802 | ret = -EACCES; |
David Howells | 19ffa01 | 2016-04-04 14:00:36 +0100 | [diff] [blame] | 803 | if (conn->params.security_level < min_level) |
David Howells | ef68622 | 2017-04-06 10:11:59 +0100 | [diff] [blame] | 804 | goto other_error; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 805 | |
David Howells | 19ffa01 | 2016-04-04 14:00:36 +0100 | [diff] [blame] | 806 | token = conn->params.key->payload.data[0]; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 807 | |
| 808 | /* build the response packet */ |
David Howells | 8c2f826 | 2018-02-08 15:59:07 +0000 | [diff] [blame] | 809 | resp = kzalloc(sizeof(struct rxkad_response), GFP_NOFS); |
| 810 | if (!resp) |
| 811 | return -ENOMEM; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 812 | |
David Howells | 8c2f826 | 2018-02-08 15:59:07 +0000 | [diff] [blame] | 813 | resp->version = htonl(RXKAD_VERSION); |
| 814 | resp->encrypted.epoch = htonl(conn->proto.epoch); |
| 815 | resp->encrypted.cid = htonl(conn->proto.cid); |
| 816 | resp->encrypted.securityIndex = htonl(conn->security_ix); |
| 817 | resp->encrypted.inc_nonce = htonl(nonce + 1); |
| 818 | resp->encrypted.level = htonl(conn->params.security_level); |
| 819 | resp->kvno = htonl(token->kad->kvno); |
| 820 | resp->ticket_len = htonl(token->kad->ticket_len); |
| 821 | resp->encrypted.call_id[0] = htonl(conn->channels[0].call_counter); |
| 822 | resp->encrypted.call_id[1] = htonl(conn->channels[1].call_counter); |
| 823 | resp->encrypted.call_id[2] = htonl(conn->channels[2].call_counter); |
| 824 | resp->encrypted.call_id[3] = htonl(conn->channels[3].call_counter); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 825 | |
| 826 | /* calculate the response checksum and then do the encryption */ |
David Howells | 8c2f826 | 2018-02-08 15:59:07 +0000 | [diff] [blame] | 827 | rxkad_calc_response_checksum(resp); |
| 828 | rxkad_encrypt_response(conn, resp, token->kad); |
| 829 | ret = rxkad_send_response(conn, &sp->hdr, resp, token->kad); |
| 830 | kfree(resp); |
| 831 | return ret; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 832 | |
| 833 | protocol_error: |
David Howells | fb46f6e | 2017-04-06 10:12:00 +0100 | [diff] [blame] | 834 | trace_rxrpc_rx_eproto(NULL, sp->hdr.serial, eproto); |
David Howells | ef68622 | 2017-04-06 10:11:59 +0100 | [diff] [blame] | 835 | ret = -EPROTO; |
| 836 | other_error: |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 837 | *_abort_code = abort_code; |
David Howells | ef68622 | 2017-04-06 10:11:59 +0100 | [diff] [blame] | 838 | return ret; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 839 | } |
| 840 | |
| 841 | /* |
| 842 | * decrypt the kerberos IV ticket in the response |
| 843 | */ |
| 844 | static int rxkad_decrypt_ticket(struct rxrpc_connection *conn, |
David Howells | fb46f6e | 2017-04-06 10:12:00 +0100 | [diff] [blame] | 845 | struct sk_buff *skb, |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 846 | void *ticket, size_t ticket_len, |
| 847 | struct rxrpc_crypt *_session_key, |
Baolin Wang | 10674a0 | 2017-08-29 10:15:40 +0100 | [diff] [blame] | 848 | time64_t *_expiry, |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 849 | u32 *_abort_code) |
| 850 | { |
Herbert Xu | 1afe593 | 2016-01-24 21:19:01 +0800 | [diff] [blame] | 851 | struct skcipher_request *req; |
David Howells | fb46f6e | 2017-04-06 10:12:00 +0100 | [diff] [blame] | 852 | struct rxrpc_skb_priv *sp = rxrpc_skb(skb); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 853 | struct rxrpc_crypt iv, key; |
Herbert Xu | 68e3f5d | 2007-10-27 00:52:07 -0700 | [diff] [blame] | 854 | struct scatterlist sg[1]; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 855 | struct in_addr addr; |
Eric Dumazet | 95c9617 | 2012-04-15 05:58:06 +0000 | [diff] [blame] | 856 | unsigned int life; |
David Howells | fb46f6e | 2017-04-06 10:12:00 +0100 | [diff] [blame] | 857 | const char *eproto; |
Baolin Wang | 10674a0 | 2017-08-29 10:15:40 +0100 | [diff] [blame] | 858 | time64_t issue, now; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 859 | bool little_endian; |
| 860 | int ret; |
David Howells | fb46f6e | 2017-04-06 10:12:00 +0100 | [diff] [blame] | 861 | u32 abort_code; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 862 | u8 *p, *q, *name, *end; |
| 863 | |
| 864 | _enter("{%d},{%x}", conn->debug_id, key_serial(conn->server_key)); |
| 865 | |
| 866 | *_expiry = 0; |
| 867 | |
| 868 | ret = key_validate(conn->server_key); |
| 869 | if (ret < 0) { |
| 870 | switch (ret) { |
| 871 | case -EKEYEXPIRED: |
David Howells | fb46f6e | 2017-04-06 10:12:00 +0100 | [diff] [blame] | 872 | abort_code = RXKADEXPIRED; |
David Howells | ef68622 | 2017-04-06 10:11:59 +0100 | [diff] [blame] | 873 | goto other_error; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 874 | default: |
David Howells | fb46f6e | 2017-04-06 10:12:00 +0100 | [diff] [blame] | 875 | abort_code = RXKADNOAUTH; |
David Howells | ef68622 | 2017-04-06 10:11:59 +0100 | [diff] [blame] | 876 | goto other_error; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 877 | } |
| 878 | } |
| 879 | |
David Howells | 146aa8b | 2015-10-21 14:04:48 +0100 | [diff] [blame] | 880 | ASSERT(conn->server_key->payload.data[0] != NULL); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 881 | ASSERTCMP((unsigned long) ticket & 7UL, ==, 0); |
| 882 | |
David Howells | 146aa8b | 2015-10-21 14:04:48 +0100 | [diff] [blame] | 883 | memcpy(&iv, &conn->server_key->payload.data[2], sizeof(iv)); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 884 | |
David Howells | ef68622 | 2017-04-06 10:11:59 +0100 | [diff] [blame] | 885 | ret = -ENOMEM; |
Herbert Xu | 1afe593 | 2016-01-24 21:19:01 +0800 | [diff] [blame] | 886 | req = skcipher_request_alloc(conn->server_key->payload.data[0], |
| 887 | GFP_NOFS); |
David Howells | ef68622 | 2017-04-06 10:11:59 +0100 | [diff] [blame] | 888 | if (!req) |
| 889 | goto temporary_error; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 890 | |
Herbert Xu | 68e3f5d | 2007-10-27 00:52:07 -0700 | [diff] [blame] | 891 | sg_init_one(&sg[0], ticket, ticket_len); |
Herbert Xu | 1afe593 | 2016-01-24 21:19:01 +0800 | [diff] [blame] | 892 | skcipher_request_set_callback(req, 0, NULL, NULL); |
| 893 | skcipher_request_set_crypt(req, sg, sg, ticket_len, iv.x); |
Herbert Xu | 1afe593 | 2016-01-24 21:19:01 +0800 | [diff] [blame] | 894 | crypto_skcipher_decrypt(req); |
| 895 | skcipher_request_free(req); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 896 | |
| 897 | p = ticket; |
| 898 | end = p + ticket_len; |
| 899 | |
David Howells | fb46f6e | 2017-04-06 10:12:00 +0100 | [diff] [blame] | 900 | #define Z(field) \ |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 901 | ({ \ |
| 902 | u8 *__str = p; \ |
David Howells | fb46f6e | 2017-04-06 10:12:00 +0100 | [diff] [blame] | 903 | eproto = tracepoint_string("rxkad_bad_"#field); \ |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 904 | q = memchr(p, 0, end - p); \ |
David Howells | fb46f6e | 2017-04-06 10:12:00 +0100 | [diff] [blame] | 905 | if (!q || q - p > (field##_SZ)) \ |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 906 | goto bad_ticket; \ |
| 907 | for (; p < q; p++) \ |
| 908 | if (!isprint(*p)) \ |
| 909 | goto bad_ticket; \ |
| 910 | p++; \ |
| 911 | __str; \ |
| 912 | }) |
| 913 | |
| 914 | /* extract the ticket flags */ |
| 915 | _debug("KIV FLAGS: %x", *p); |
| 916 | little_endian = *p & 1; |
| 917 | p++; |
| 918 | |
| 919 | /* extract the authentication name */ |
David Howells | fb46f6e | 2017-04-06 10:12:00 +0100 | [diff] [blame] | 920 | name = Z(ANAME); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 921 | _debug("KIV ANAME: %s", name); |
| 922 | |
| 923 | /* extract the principal's instance */ |
David Howells | fb46f6e | 2017-04-06 10:12:00 +0100 | [diff] [blame] | 924 | name = Z(INST); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 925 | _debug("KIV INST : %s", name); |
| 926 | |
| 927 | /* extract the principal's authentication domain */ |
David Howells | fb46f6e | 2017-04-06 10:12:00 +0100 | [diff] [blame] | 928 | name = Z(REALM); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 929 | _debug("KIV REALM: %s", name); |
| 930 | |
David Howells | fb46f6e | 2017-04-06 10:12:00 +0100 | [diff] [blame] | 931 | eproto = tracepoint_string("rxkad_bad_len"); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 932 | if (end - p < 4 + 8 + 4 + 2) |
| 933 | goto bad_ticket; |
| 934 | |
| 935 | /* get the IPv4 address of the entity that requested the ticket */ |
| 936 | memcpy(&addr, p, sizeof(addr)); |
| 937 | p += 4; |
Harvey Harrison | 21454aa | 2008-10-31 00:54:56 -0700 | [diff] [blame] | 938 | _debug("KIV ADDR : %pI4", &addr); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 939 | |
| 940 | /* get the session key from the ticket */ |
| 941 | memcpy(&key, p, sizeof(key)); |
| 942 | p += 8; |
| 943 | _debug("KIV KEY : %08x %08x", ntohl(key.n[0]), ntohl(key.n[1])); |
| 944 | memcpy(_session_key, &key, sizeof(key)); |
| 945 | |
| 946 | /* get the ticket's lifetime */ |
| 947 | life = *p++ * 5 * 60; |
| 948 | _debug("KIV LIFE : %u", life); |
| 949 | |
| 950 | /* get the issue time of the ticket */ |
| 951 | if (little_endian) { |
| 952 | __le32 stamp; |
| 953 | memcpy(&stamp, p, 4); |
Baolin Wang | 10674a0 | 2017-08-29 10:15:40 +0100 | [diff] [blame] | 954 | issue = rxrpc_u32_to_time64(le32_to_cpu(stamp)); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 955 | } else { |
| 956 | __be32 stamp; |
| 957 | memcpy(&stamp, p, 4); |
Baolin Wang | 10674a0 | 2017-08-29 10:15:40 +0100 | [diff] [blame] | 958 | issue = rxrpc_u32_to_time64(be32_to_cpu(stamp)); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 959 | } |
| 960 | p += 4; |
Baolin Wang | 10674a0 | 2017-08-29 10:15:40 +0100 | [diff] [blame] | 961 | now = ktime_get_real_seconds(); |
| 962 | _debug("KIV ISSUE: %llx [%llx]", issue, now); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 963 | |
| 964 | /* check the ticket is in date */ |
| 965 | if (issue > now) { |
David Howells | fb46f6e | 2017-04-06 10:12:00 +0100 | [diff] [blame] | 966 | abort_code = RXKADNOAUTH; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 967 | ret = -EKEYREJECTED; |
David Howells | ef68622 | 2017-04-06 10:11:59 +0100 | [diff] [blame] | 968 | goto other_error; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 969 | } |
| 970 | |
| 971 | if (issue < now - life) { |
David Howells | fb46f6e | 2017-04-06 10:12:00 +0100 | [diff] [blame] | 972 | abort_code = RXKADEXPIRED; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 973 | ret = -EKEYEXPIRED; |
David Howells | ef68622 | 2017-04-06 10:11:59 +0100 | [diff] [blame] | 974 | goto other_error; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 975 | } |
| 976 | |
| 977 | *_expiry = issue + life; |
| 978 | |
| 979 | /* get the service name */ |
David Howells | fb46f6e | 2017-04-06 10:12:00 +0100 | [diff] [blame] | 980 | name = Z(SNAME); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 981 | _debug("KIV SNAME: %s", name); |
| 982 | |
| 983 | /* get the service instance name */ |
David Howells | fb46f6e | 2017-04-06 10:12:00 +0100 | [diff] [blame] | 984 | name = Z(INST); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 985 | _debug("KIV SINST: %s", name); |
David Howells | ef68622 | 2017-04-06 10:11:59 +0100 | [diff] [blame] | 986 | return 0; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 987 | |
| 988 | bad_ticket: |
David Howells | fb46f6e | 2017-04-06 10:12:00 +0100 | [diff] [blame] | 989 | trace_rxrpc_rx_eproto(NULL, sp->hdr.serial, eproto); |
| 990 | abort_code = RXKADBADTICKET; |
David Howells | ef68622 | 2017-04-06 10:11:59 +0100 | [diff] [blame] | 991 | ret = -EPROTO; |
| 992 | other_error: |
David Howells | fb46f6e | 2017-04-06 10:12:00 +0100 | [diff] [blame] | 993 | *_abort_code = abort_code; |
David Howells | ef68622 | 2017-04-06 10:11:59 +0100 | [diff] [blame] | 994 | return ret; |
| 995 | temporary_error: |
| 996 | return ret; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 997 | } |
| 998 | |
| 999 | /* |
| 1000 | * decrypt the response packet |
| 1001 | */ |
| 1002 | static void rxkad_decrypt_response(struct rxrpc_connection *conn, |
| 1003 | struct rxkad_response *resp, |
| 1004 | const struct rxrpc_crypt *session_key) |
| 1005 | { |
Kees Cook | 69d826f | 2018-09-18 19:10:47 -0700 | [diff] [blame] | 1006 | SYNC_SKCIPHER_REQUEST_ON_STACK(req, rxkad_ci); |
Herbert Xu | a263629 | 2016-06-26 14:55:24 -0700 | [diff] [blame] | 1007 | struct scatterlist sg[1]; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 1008 | struct rxrpc_crypt iv; |
| 1009 | |
| 1010 | _enter(",,%08x%08x", |
| 1011 | ntohl(session_key->n[0]), ntohl(session_key->n[1])); |
| 1012 | |
| 1013 | ASSERT(rxkad_ci != NULL); |
| 1014 | |
| 1015 | mutex_lock(&rxkad_ci_mutex); |
Kees Cook | 69d826f | 2018-09-18 19:10:47 -0700 | [diff] [blame] | 1016 | if (crypto_sync_skcipher_setkey(rxkad_ci, session_key->x, |
Herbert Xu | 1afe593 | 2016-01-24 21:19:01 +0800 | [diff] [blame] | 1017 | sizeof(*session_key)) < 0) |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 1018 | BUG(); |
| 1019 | |
| 1020 | memcpy(&iv, session_key, sizeof(iv)); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 1021 | |
Herbert Xu | a263629 | 2016-06-26 14:55:24 -0700 | [diff] [blame] | 1022 | sg_init_table(sg, 1); |
| 1023 | sg_set_buf(sg, &resp->encrypted, sizeof(resp->encrypted)); |
Kees Cook | 69d826f | 2018-09-18 19:10:47 -0700 | [diff] [blame] | 1024 | skcipher_request_set_sync_tfm(req, rxkad_ci); |
Herbert Xu | 1afe593 | 2016-01-24 21:19:01 +0800 | [diff] [blame] | 1025 | skcipher_request_set_callback(req, 0, NULL, NULL); |
| 1026 | skcipher_request_set_crypt(req, sg, sg, sizeof(resp->encrypted), iv.x); |
Herbert Xu | 1afe593 | 2016-01-24 21:19:01 +0800 | [diff] [blame] | 1027 | crypto_skcipher_decrypt(req); |
| 1028 | skcipher_request_zero(req); |
| 1029 | |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 1030 | mutex_unlock(&rxkad_ci_mutex); |
| 1031 | |
| 1032 | _leave(""); |
| 1033 | } |
| 1034 | |
| 1035 | /* |
| 1036 | * verify a response |
| 1037 | */ |
| 1038 | static int rxkad_verify_response(struct rxrpc_connection *conn, |
| 1039 | struct sk_buff *skb, |
| 1040 | u32 *_abort_code) |
| 1041 | { |
David Howells | 8c2f826 | 2018-02-08 15:59:07 +0000 | [diff] [blame] | 1042 | struct rxkad_response *response; |
David Howells | 248f219 | 2016-09-08 11:10:12 +0100 | [diff] [blame] | 1043 | struct rxrpc_skb_priv *sp = rxrpc_skb(skb); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 1044 | struct rxrpc_crypt session_key; |
David Howells | fb46f6e | 2017-04-06 10:12:00 +0100 | [diff] [blame] | 1045 | const char *eproto; |
Baolin Wang | 10674a0 | 2017-08-29 10:15:40 +0100 | [diff] [blame] | 1046 | time64_t expiry; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 1047 | void *ticket; |
Al Viro | 91e916c | 2008-03-29 03:08:38 +0000 | [diff] [blame] | 1048 | u32 abort_code, version, kvno, ticket_len, level; |
| 1049 | __be32 csum; |
David Howells | a1399f8 | 2016-06-27 14:39:44 +0100 | [diff] [blame] | 1050 | int ret, i; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 1051 | |
| 1052 | _enter("{%d,%x}", conn->debug_id, key_serial(conn->server_key)); |
| 1053 | |
David Howells | 8c2f826 | 2018-02-08 15:59:07 +0000 | [diff] [blame] | 1054 | ret = -ENOMEM; |
| 1055 | response = kzalloc(sizeof(struct rxkad_response), GFP_NOFS); |
| 1056 | if (!response) |
| 1057 | goto temporary_error; |
| 1058 | |
David Howells | fb46f6e | 2017-04-06 10:12:00 +0100 | [diff] [blame] | 1059 | eproto = tracepoint_string("rxkad_rsp_short"); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 1060 | abort_code = RXKADPACKETSHORT; |
David Howells | 775e5b7 | 2016-09-30 13:26:03 +0100 | [diff] [blame] | 1061 | if (skb_copy_bits(skb, sizeof(struct rxrpc_wire_header), |
David Howells | 8c2f826 | 2018-02-08 15:59:07 +0000 | [diff] [blame] | 1062 | response, sizeof(*response)) < 0) |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 1063 | goto protocol_error; |
David Howells | 8c2f826 | 2018-02-08 15:59:07 +0000 | [diff] [blame] | 1064 | if (!pskb_pull(skb, sizeof(*response))) |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 1065 | BUG(); |
| 1066 | |
David Howells | 8c2f826 | 2018-02-08 15:59:07 +0000 | [diff] [blame] | 1067 | version = ntohl(response->version); |
| 1068 | ticket_len = ntohl(response->ticket_len); |
| 1069 | kvno = ntohl(response->kvno); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 1070 | _proto("Rx RESPONSE %%%u { v=%u kv=%u tl=%u }", |
David Howells | 0d12f8a | 2016-03-04 15:53:46 +0000 | [diff] [blame] | 1071 | sp->hdr.serial, version, kvno, ticket_len); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 1072 | |
David Howells | fb46f6e | 2017-04-06 10:12:00 +0100 | [diff] [blame] | 1073 | eproto = tracepoint_string("rxkad_rsp_ver"); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 1074 | abort_code = RXKADINCONSISTENCY; |
| 1075 | if (version != RXKAD_VERSION) |
David Howells | 4aa9cb3 | 2007-12-07 04:31:47 -0800 | [diff] [blame] | 1076 | goto protocol_error; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 1077 | |
David Howells | fb46f6e | 2017-04-06 10:12:00 +0100 | [diff] [blame] | 1078 | eproto = tracepoint_string("rxkad_rsp_tktlen"); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 1079 | abort_code = RXKADTICKETLEN; |
| 1080 | if (ticket_len < 4 || ticket_len > MAXKRB5TICKETLEN) |
| 1081 | goto protocol_error; |
| 1082 | |
David Howells | fb46f6e | 2017-04-06 10:12:00 +0100 | [diff] [blame] | 1083 | eproto = tracepoint_string("rxkad_rsp_unkkey"); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 1084 | abort_code = RXKADUNKNOWNKEY; |
| 1085 | if (kvno >= RXKAD_TKT_TYPE_KERBEROS_V5) |
| 1086 | goto protocol_error; |
| 1087 | |
| 1088 | /* extract the kerberos ticket and decrypt and decode it */ |
David Howells | ef68622 | 2017-04-06 10:11:59 +0100 | [diff] [blame] | 1089 | ret = -ENOMEM; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 1090 | ticket = kmalloc(ticket_len, GFP_NOFS); |
| 1091 | if (!ticket) |
David Howells | ef68622 | 2017-04-06 10:11:59 +0100 | [diff] [blame] | 1092 | goto temporary_error; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 1093 | |
David Howells | fb46f6e | 2017-04-06 10:12:00 +0100 | [diff] [blame] | 1094 | eproto = tracepoint_string("rxkad_tkt_short"); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 1095 | abort_code = RXKADPACKETSHORT; |
David Howells | 775e5b7 | 2016-09-30 13:26:03 +0100 | [diff] [blame] | 1096 | if (skb_copy_bits(skb, sizeof(struct rxrpc_wire_header), |
| 1097 | ticket, ticket_len) < 0) |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 1098 | goto protocol_error_free; |
| 1099 | |
David Howells | fb46f6e | 2017-04-06 10:12:00 +0100 | [diff] [blame] | 1100 | ret = rxkad_decrypt_ticket(conn, skb, ticket, ticket_len, &session_key, |
David Howells | ef68622 | 2017-04-06 10:11:59 +0100 | [diff] [blame] | 1101 | &expiry, _abort_code); |
| 1102 | if (ret < 0) |
David Howells | 8c2f826 | 2018-02-08 15:59:07 +0000 | [diff] [blame] | 1103 | goto temporary_error_free_resp; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 1104 | |
| 1105 | /* use the session key from inside the ticket to decrypt the |
| 1106 | * response */ |
David Howells | 8c2f826 | 2018-02-08 15:59:07 +0000 | [diff] [blame] | 1107 | rxkad_decrypt_response(conn, response, &session_key); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 1108 | |
David Howells | fb46f6e | 2017-04-06 10:12:00 +0100 | [diff] [blame] | 1109 | eproto = tracepoint_string("rxkad_rsp_param"); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 1110 | abort_code = RXKADSEALEDINCON; |
David Howells | 8c2f826 | 2018-02-08 15:59:07 +0000 | [diff] [blame] | 1111 | if (ntohl(response->encrypted.epoch) != conn->proto.epoch) |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 1112 | goto protocol_error_free; |
David Howells | 8c2f826 | 2018-02-08 15:59:07 +0000 | [diff] [blame] | 1113 | if (ntohl(response->encrypted.cid) != conn->proto.cid) |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 1114 | goto protocol_error_free; |
David Howells | 8c2f826 | 2018-02-08 15:59:07 +0000 | [diff] [blame] | 1115 | if (ntohl(response->encrypted.securityIndex) != conn->security_ix) |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 1116 | goto protocol_error_free; |
David Howells | 8c2f826 | 2018-02-08 15:59:07 +0000 | [diff] [blame] | 1117 | csum = response->encrypted.checksum; |
| 1118 | response->encrypted.checksum = 0; |
| 1119 | rxkad_calc_response_checksum(response); |
David Howells | fb46f6e | 2017-04-06 10:12:00 +0100 | [diff] [blame] | 1120 | eproto = tracepoint_string("rxkad_rsp_csum"); |
David Howells | 8c2f826 | 2018-02-08 15:59:07 +0000 | [diff] [blame] | 1121 | if (response->encrypted.checksum != csum) |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 1122 | goto protocol_error_free; |
| 1123 | |
David Howells | a1399f8 | 2016-06-27 14:39:44 +0100 | [diff] [blame] | 1124 | spin_lock(&conn->channel_lock); |
| 1125 | for (i = 0; i < RXRPC_MAXCALLS; i++) { |
| 1126 | struct rxrpc_call *call; |
David Howells | 8c2f826 | 2018-02-08 15:59:07 +0000 | [diff] [blame] | 1127 | u32 call_id = ntohl(response->encrypted.call_id[i]); |
David Howells | a1399f8 | 2016-06-27 14:39:44 +0100 | [diff] [blame] | 1128 | |
David Howells | fb46f6e | 2017-04-06 10:12:00 +0100 | [diff] [blame] | 1129 | eproto = tracepoint_string("rxkad_rsp_callid"); |
David Howells | a1399f8 | 2016-06-27 14:39:44 +0100 | [diff] [blame] | 1130 | if (call_id > INT_MAX) |
| 1131 | goto protocol_error_unlock; |
| 1132 | |
David Howells | fb46f6e | 2017-04-06 10:12:00 +0100 | [diff] [blame] | 1133 | eproto = tracepoint_string("rxkad_rsp_callctr"); |
David Howells | a1399f8 | 2016-06-27 14:39:44 +0100 | [diff] [blame] | 1134 | if (call_id < conn->channels[i].call_counter) |
| 1135 | goto protocol_error_unlock; |
David Howells | fb46f6e | 2017-04-06 10:12:00 +0100 | [diff] [blame] | 1136 | |
| 1137 | eproto = tracepoint_string("rxkad_rsp_callst"); |
David Howells | a1399f8 | 2016-06-27 14:39:44 +0100 | [diff] [blame] | 1138 | if (call_id > conn->channels[i].call_counter) { |
| 1139 | call = rcu_dereference_protected( |
| 1140 | conn->channels[i].call, |
| 1141 | lockdep_is_held(&conn->channel_lock)); |
| 1142 | if (call && call->state < RXRPC_CALL_COMPLETE) |
| 1143 | goto protocol_error_unlock; |
| 1144 | conn->channels[i].call_counter = call_id; |
| 1145 | } |
| 1146 | } |
| 1147 | spin_unlock(&conn->channel_lock); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 1148 | |
David Howells | fb46f6e | 2017-04-06 10:12:00 +0100 | [diff] [blame] | 1149 | eproto = tracepoint_string("rxkad_rsp_seq"); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 1150 | abort_code = RXKADOUTOFSEQUENCE; |
David Howells | 8c2f826 | 2018-02-08 15:59:07 +0000 | [diff] [blame] | 1151 | if (ntohl(response->encrypted.inc_nonce) != conn->security_nonce + 1) |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 1152 | goto protocol_error_free; |
| 1153 | |
David Howells | fb46f6e | 2017-04-06 10:12:00 +0100 | [diff] [blame] | 1154 | eproto = tracepoint_string("rxkad_rsp_level"); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 1155 | abort_code = RXKADLEVELFAIL; |
David Howells | 8c2f826 | 2018-02-08 15:59:07 +0000 | [diff] [blame] | 1156 | level = ntohl(response->encrypted.level); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 1157 | if (level > RXRPC_SECURITY_ENCRYPT) |
| 1158 | goto protocol_error_free; |
David Howells | 19ffa01 | 2016-04-04 14:00:36 +0100 | [diff] [blame] | 1159 | conn->params.security_level = level; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 1160 | |
| 1161 | /* create a key to hold the security data and expiration time - after |
| 1162 | * this the connection security can be handled in exactly the same way |
| 1163 | * as for a client connection */ |
| 1164 | ret = rxrpc_get_server_data_key(conn, &session_key, expiry, kvno); |
David Howells | ef68622 | 2017-04-06 10:11:59 +0100 | [diff] [blame] | 1165 | if (ret < 0) |
David Howells | 8c2f826 | 2018-02-08 15:59:07 +0000 | [diff] [blame] | 1166 | goto temporary_error_free_ticket; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 1167 | |
| 1168 | kfree(ticket); |
David Howells | 8c2f826 | 2018-02-08 15:59:07 +0000 | [diff] [blame] | 1169 | kfree(response); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 1170 | _leave(" = 0"); |
| 1171 | return 0; |
| 1172 | |
David Howells | a1399f8 | 2016-06-27 14:39:44 +0100 | [diff] [blame] | 1173 | protocol_error_unlock: |
| 1174 | spin_unlock(&conn->channel_lock); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 1175 | protocol_error_free: |
| 1176 | kfree(ticket); |
| 1177 | protocol_error: |
David Howells | 8c2f826 | 2018-02-08 15:59:07 +0000 | [diff] [blame] | 1178 | kfree(response); |
David Howells | fb46f6e | 2017-04-06 10:12:00 +0100 | [diff] [blame] | 1179 | trace_rxrpc_rx_eproto(NULL, sp->hdr.serial, eproto); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 1180 | *_abort_code = abort_code; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 1181 | return -EPROTO; |
David Howells | ef68622 | 2017-04-06 10:11:59 +0100 | [diff] [blame] | 1182 | |
David Howells | 8c2f826 | 2018-02-08 15:59:07 +0000 | [diff] [blame] | 1183 | temporary_error_free_ticket: |
David Howells | ef68622 | 2017-04-06 10:11:59 +0100 | [diff] [blame] | 1184 | kfree(ticket); |
David Howells | 8c2f826 | 2018-02-08 15:59:07 +0000 | [diff] [blame] | 1185 | temporary_error_free_resp: |
| 1186 | kfree(response); |
David Howells | ef68622 | 2017-04-06 10:11:59 +0100 | [diff] [blame] | 1187 | temporary_error: |
| 1188 | /* Ignore the response packet if we got a temporary error such as |
| 1189 | * ENOMEM. We just want to send the challenge again. Note that we |
| 1190 | * also come out this way if the ticket decryption fails. |
| 1191 | */ |
| 1192 | return ret; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 1193 | } |
| 1194 | |
| 1195 | /* |
| 1196 | * clear the connection security |
| 1197 | */ |
| 1198 | static void rxkad_clear(struct rxrpc_connection *conn) |
| 1199 | { |
| 1200 | _enter(""); |
| 1201 | |
| 1202 | if (conn->cipher) |
Kees Cook | 69d826f | 2018-09-18 19:10:47 -0700 | [diff] [blame] | 1203 | crypto_free_sync_skcipher(conn->cipher); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 1204 | } |
| 1205 | |
| 1206 | /* |
David Howells | 648af7f | 2016-04-07 17:23:51 +0100 | [diff] [blame] | 1207 | * Initialise the rxkad security service. |
| 1208 | */ |
| 1209 | static int rxkad_init(void) |
| 1210 | { |
| 1211 | /* pin the cipher we need so that the crypto layer doesn't invoke |
| 1212 | * keventd to go get it */ |
Kees Cook | 69d826f | 2018-09-18 19:10:47 -0700 | [diff] [blame] | 1213 | rxkad_ci = crypto_alloc_sync_skcipher("pcbc(fcrypt)", 0, 0); |
Wu Fengguang | fa54cc7 | 2016-06-05 07:17:19 +0800 | [diff] [blame] | 1214 | return PTR_ERR_OR_ZERO(rxkad_ci); |
David Howells | 648af7f | 2016-04-07 17:23:51 +0100 | [diff] [blame] | 1215 | } |
| 1216 | |
| 1217 | /* |
| 1218 | * Clean up the rxkad security service. |
| 1219 | */ |
| 1220 | static void rxkad_exit(void) |
| 1221 | { |
| 1222 | if (rxkad_ci) |
Kees Cook | 69d826f | 2018-09-18 19:10:47 -0700 | [diff] [blame] | 1223 | crypto_free_sync_skcipher(rxkad_ci); |
David Howells | 648af7f | 2016-04-07 17:23:51 +0100 | [diff] [blame] | 1224 | } |
| 1225 | |
| 1226 | /* |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 1227 | * RxRPC Kerberos-based security |
| 1228 | */ |
David Howells | 648af7f | 2016-04-07 17:23:51 +0100 | [diff] [blame] | 1229 | const struct rxrpc_security rxkad = { |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 1230 | .name = "rxkad", |
David Howells | 8b81547 | 2009-09-14 01:17:30 +0000 | [diff] [blame] | 1231 | .security_index = RXRPC_SECURITY_RXKAD, |
David Howells | 648af7f | 2016-04-07 17:23:51 +0100 | [diff] [blame] | 1232 | .init = rxkad_init, |
| 1233 | .exit = rxkad_exit, |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 1234 | .init_connection_security = rxkad_init_connection_security, |
| 1235 | .prime_packet_security = rxkad_prime_packet_security, |
| 1236 | .secure_packet = rxkad_secure_packet, |
| 1237 | .verify_packet = rxkad_verify_packet, |
David Howells | 248f219 | 2016-09-08 11:10:12 +0100 | [diff] [blame] | 1238 | .locate_data = rxkad_locate_data, |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 1239 | .issue_challenge = rxkad_issue_challenge, |
| 1240 | .respond_to_challenge = rxkad_respond_to_challenge, |
| 1241 | .verify_response = rxkad_verify_response, |
| 1242 | .clear = rxkad_clear, |
| 1243 | }; |