cregit-Linux how code gets into the kernel

Release 4.8 net/rxrpc/rxkad.c

Directory: net/rxrpc
/* Kerberos-based RxRPC security
 *
 * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
 * Written by David Howells (dhowells@redhat.com)
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version
 * 2 of the License, or (at your option) any later version.
 */


#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt

#include <crypto/skcipher.h>
#include <linux/module.h>
#include <linux/net.h>
#include <linux/skbuff.h>
#include <linux/udp.h>
#include <linux/scatterlist.h>
#include <linux/ctype.h>
#include <linux/slab.h>
#include <net/sock.h>
#include <net/af_rxrpc.h>
#include <keys/rxrpc-type.h>
#include "ar-internal.h"


#define RXKAD_VERSION			2

#define MAXKRB5TICKETLEN		1024

#define RXKAD_TKT_TYPE_KERBEROS_V5	256

#define ANAME_SZ			40	
/* size of authentication name */

#define INST_SZ				40	
/* size of principal's instance */

#define REALM_SZ			40	
/* size of principal's auth domain */

#define SNAME_SZ			40	
/* size of service name */


struct rxkad_level1_hdr {
	
__be32	data_size;	/* true data size (excluding padding) */
};


struct rxkad_level2_hdr {
	
__be32	data_size;	/* true data size (excluding padding) */
	
__be32	checksum;	/* decrypted data checksum */
};

/*
 * this holds a pinned cipher so that keventd doesn't get called by the cipher
 * alloc routine, but since we have it to hand, we use it to decrypt RESPONSE
 * packets
 */

static struct crypto_skcipher *rxkad_ci;
static DEFINE_MUTEX(rxkad_ci_mutex);

/*
 * initialise connection security
 */

static int rxkad_init_connection_security(struct rxrpc_connection *conn) { struct crypto_skcipher *ci; struct rxrpc_key_token *token; int ret; _enter("{%d},{%x}", conn->debug_id, key_serial(conn->params.key)); token = conn->params.key->payload.data[0]; conn->security_ix = token->security_index; ci = crypto_alloc_skcipher("pcbc(fcrypt)", 0, CRYPTO_ALG_ASYNC); if (IS_ERR(ci)) { _debug("no cipher"); ret = PTR_ERR(ci); goto error; } if (crypto_skcipher_setkey(ci, token->kad->session_key, sizeof(token->kad->session_key)) < 0) BUG(); switch (conn->params.security_level) { case RXRPC_SECURITY_PLAIN: break; case RXRPC_SECURITY_AUTH: conn->size_align = 8; conn->security_size = sizeof(struct rxkad_level1_hdr); conn->header_size += sizeof(struct rxkad_level1_hdr); break; case RXRPC_SECURITY_ENCRYPT: conn->size_align = 8; conn->security_size = sizeof(struct rxkad_level2_hdr); conn->header_size += sizeof(struct rxkad_level2_hdr); break; default: ret = -EKEYREJECTED; goto error; } conn->cipher = ci; ret = 0; error: _leave(" = %d", ret); return ret; }

Contributors

PersonTokensPropCommitsCommitProp
david howellsdavid howells22998.71%480.00%
herbert xuherbert xu31.29%120.00%
Total232100.00%5100.00%

/* * prime the encryption state with the invariant parts of a connection's * description */
static int rxkad_prime_packet_security(struct rxrpc_connection *conn) { struct rxrpc_key_token *token; SKCIPHER_REQUEST_ON_STACK(req, conn->cipher); struct scatterlist sg; struct rxrpc_crypt iv; __be32 *tmpbuf; size_t tmpsize = 4 * sizeof(__be32); _enter(""); if (!conn->params.key) return 0; tmpbuf = kmalloc(tmpsize, GFP_KERNEL); if (!tmpbuf) return -ENOMEM; token = conn->params.key->payload.data[0]; memcpy(&iv, token->kad->session_key, sizeof(iv)); tmpbuf[0] = htonl(conn->proto.epoch); tmpbuf[1] = htonl(conn->proto.cid); tmpbuf[2] = 0; tmpbuf[3] = htonl(conn->security_ix); sg_init_one(&sg, tmpbuf, tmpsize); skcipher_request_set_tfm(req, conn->cipher); skcipher_request_set_callback(req, 0, NULL, NULL); skcipher_request_set_crypt(req, &sg, &sg, tmpsize, iv.x); crypto_skcipher_encrypt(req); skcipher_request_zero(req); memcpy(&conn->csum_iv, tmpbuf + 2, sizeof(conn->csum_iv)); kfree(tmpbuf); _leave(" = 0"); return 0; }

Contributors

PersonTokensPropCommitsCommitProp
david howellsdavid howells16465.60%562.50%
herbert xuherbert xu8634.40%337.50%
Total250100.00%8100.00%

/* * partially encrypt a packet (level 1 security) */
static int rxkad_secure_packet_auth(const struct rxrpc_call *call, struct sk_buff *skb, u32 data_size, void *sechdr) { struct rxrpc_skb_priv *sp; SKCIPHER_REQUEST_ON_STACK(req, call->conn->cipher); struct rxkad_level1_hdr hdr; struct rxrpc_crypt iv; struct scatterlist sg; u16 check; sp = rxrpc_skb(skb); _enter(""); check = sp->hdr.seq ^ sp->hdr.callNumber; data_size |= (u32)check << 16; hdr.data_size = htonl(data_size); memcpy(sechdr, &hdr, sizeof(hdr)); /* start the encryption afresh */ memset(&iv, 0, sizeof(iv)); sg_init_one(&sg, sechdr, 8); skcipher_request_set_tfm(req, call->conn->cipher); skcipher_request_set_callback(req, 0, NULL, NULL); skcipher_request_set_crypt(req, &sg, &sg, 8, iv.x); crypto_skcipher_encrypt(req); skcipher_request_zero(req); _leave(" = 0"); return 0; }

Contributors

PersonTokensPropCommitsCommitProp
david howellsdavid howells13268.39%125.00%
herbert xuherbert xu6131.61%375.00%
Total193100.00%4100.00%

/* * wholly encrypt a packet (level 2 security) */
static int rxkad_secure_packet_encrypt(const struct rxrpc_call *call, struct sk_buff *skb, u32 data_size, void *sechdr) { const struct rxrpc_key_token *token; struct rxkad_level2_hdr rxkhdr; struct rxrpc_skb_priv *sp; SKCIPHER_REQUEST_ON_STACK(req, call->conn->cipher); struct rxrpc_crypt iv; struct scatterlist sg[16]; struct sk_buff *trailer; unsigned int len; u16 check; int nsg; int err; sp = rxrpc_skb(skb); _enter(""); check = sp->hdr.seq ^ sp->hdr.callNumber; rxkhdr.data_size = htonl(data_size | (u32)check << 16); rxkhdr.checksum = 0; memcpy(sechdr, &rxkhdr, sizeof(rxkhdr)); /* encrypt from the session key */ token = call->conn->params.key->payload.data[0]; memcpy(&iv, token->kad->session_key, sizeof(iv)); sg_init_one(&sg[0], sechdr, sizeof(rxkhdr)); skcipher_request_set_tfm(req, call->conn->cipher); skcipher_request_set_callback(req, 0, NULL, NULL); skcipher_request_set_crypt(req, &sg[0], &sg[0], sizeof(rxkhdr), iv.x); crypto_skcipher_encrypt(req); /* we want to encrypt the skbuff in-place */ nsg = skb_cow_data(skb, 0, &trailer); err = -ENOMEM; if (nsg < 0 || nsg > 16) goto out; len = data_size + call->conn->size_align - 1; len &= ~(call->conn->size_align - 1); sg_init_table(sg, nsg); skb_to_sgvec(skb, sg, 0, len); skcipher_request_set_crypt(req, sg, sg, len, iv.x); crypto_skcipher_encrypt(req); _leave(" = 0"); err = 0; out: skcipher_request_zero(req); return err; }

Contributors

PersonTokensPropCommitsCommitProp
david howellsdavid howells25571.43%444.44%
herbert xuherbert xu9827.45%333.33%
david s. millerdavid s. miller30.84%111.11%
eric dumazeteric dumazet10.28%111.11%
Total357100.00%9100.00%

/* * checksum an RxRPC packet header */
static int rxkad_secure_packet(struct rxrpc_call *call, struct sk_buff *skb, size_t data_size, void *sechdr) { struct rxrpc_skb_priv *sp; SKCIPHER_REQUEST_ON_STACK(req, call->conn->cipher); struct rxrpc_crypt iv; struct scatterlist sg; u32 x, y; int ret; sp = rxrpc_skb(skb); _enter("{%d{%x}},{#%u},%zu,", call->debug_id, key_serial(call->conn->params.key), sp->hdr.seq, data_size); if (!call->conn->cipher) return 0; ret = key_validate(call->conn->params.key); if (ret < 0) return ret; /* continue encrypting from where we left off */ memcpy(&iv, call->conn->csum_iv.x, sizeof(iv)); /* calculate the security checksum */ x = call->channel << (32 - RXRPC_CIDSHIFT); x |= sp->hdr.seq & 0x3fffffff; call->crypto_buf[0] = htonl(sp->hdr.callNumber); call->crypto_buf[1] = htonl(x); sg_init_one(&sg, call->crypto_buf, 8); skcipher_request_set_tfm(req, call->conn->cipher); skcipher_request_set_callback(req, 0, NULL, NULL); skcipher_request_set_crypt(req, &sg, &sg, 8, iv.x); crypto_skcipher_encrypt(req); skcipher_request_zero(req); y = ntohl(call->crypto_buf[1]); y = (y >> 16) & 0xffff; if (y == 0) y = 1; /* zero checksums are not permitted */ sp->hdr.cksum = y; switch (call->conn->params.security_level) { case RXRPC_SECURITY_PLAIN: ret = 0; break; case RXRPC_SECURITY_AUTH: ret = rxkad_secure_packet_auth(call, skb, data_size, sechdr); break; case RXRPC_SECURITY_ENCRYPT: ret = rxkad_secure_packet_encrypt(call, skb, data_size, sechdr); break; default: ret = -EPERM; break; } _leave(" = %d [set %hx]", ret, y); return ret; }

Contributors

PersonTokensPropCommitsCommitProp
david howellsdavid howells29579.73%342.86%
herbert xuherbert xu6517.57%342.86%
al viroal viro102.70%114.29%
Total370100.00%7100.00%

/* * decrypt partial encryption on a packet (level 1 security) */
static int rxkad_verify_packet_auth(const struct rxrpc_call *call, struct sk_buff *skb, u32 *_abort_code) { struct rxkad_level1_hdr sechdr; struct rxrpc_skb_priv *sp; SKCIPHER_REQUEST_ON_STACK(req, call->conn->cipher); struct rxrpc_crypt iv; struct scatterlist sg[16]; struct sk_buff *trailer; u32 data_size, buf; u16 check; int nsg; _enter(""); sp = rxrpc_skb(skb); /* we want to decrypt the skbuff in-place */ nsg = skb_cow_data(skb, 0, &trailer); if (nsg < 0 || nsg > 16) goto nomem; sg_init_table(sg, nsg); skb_to_sgvec(skb, sg, 0, 8); /* start the decryption afresh */ memset(&iv, 0, sizeof(iv)); skcipher_request_set_tfm(req, call->conn->cipher); skcipher_request_set_callback(req, 0, NULL, NULL); skcipher_request_set_crypt(req, sg, sg, 8, iv.x); crypto_skcipher_decrypt(req); skcipher_request_zero(req); /* remove the decrypted packet length */ if (skb_copy_bits(skb, 0, &sechdr, sizeof(sechdr)) < 0) goto datalen_error; if (!skb_pull(skb, sizeof(sechdr))) BUG(); buf = ntohl(sechdr.data_size); data_size = buf & 0xffff; check = buf >> 16; check ^= sp->hdr.seq ^ sp->hdr.callNumber; check &= 0xffff; if (check != 0) { *_abort_code = RXKADSEALEDINCON; goto protocol_error; } /* shorten the packet to remove the padding */ if (data_size > skb->len) goto datalen_error; else if (data_size < skb->len) skb->len = data_size; _leave(" = 0 [dlen=%x]", data_size); return 0; datalen_error: *_abort_code = RXKADDATALEN; protocol_error: _leave(" = -EPROTO"); return -EPROTO; nomem: _leave(" = -ENOMEM"); return -ENOMEM; }

Contributors

PersonTokensPropCommitsCommitProp
david howellsdavid howells28382.03%133.33%
herbert xuherbert xu6217.97%266.67%
Total345100.00%3100.00%

/* * wholly decrypt a packet (level 2 security) */
static int rxkad_verify_packet_encrypt(const struct rxrpc_call *call, struct sk_buff *skb, u32 *_abort_code) { const struct rxrpc_key_token *token; struct rxkad_level2_hdr sechdr; struct rxrpc_skb_priv *sp; SKCIPHER_REQUEST_ON_STACK(req, call->conn->cipher); struct rxrpc_crypt iv; struct scatterlist _sg[4], *sg; struct sk_buff *trailer; u32 data_size, buf; u16 check; int nsg; _enter(",{%d}", skb->len); sp = rxrpc_skb(skb); /* we want to decrypt the skbuff in-place */ nsg = skb_cow_data(skb, 0, &trailer); if (nsg < 0) goto nomem; sg = _sg; if (unlikely(nsg > 4)) { sg = kmalloc(sizeof(*sg) * nsg, GFP_NOIO); if (!sg) goto nomem; } sg_init_table(sg, nsg); skb_to_sgvec(skb, sg, 0, skb->len); /* decrypt from the session key */ token = call->conn->params.key->payload.data[0]; memcpy(&iv, token->kad->session_key, sizeof(iv)); skcipher_request_set_tfm(req, call->conn->cipher); skcipher_request_set_callback(req, 0, NULL, NULL); skcipher_request_set_crypt(req, sg, sg, skb->len, iv.x); crypto_skcipher_decrypt(req); skcipher_request_zero(req); if (sg != _sg) kfree(sg); /* remove the decrypted packet length */ if (skb_copy_bits(skb, 0, &sechdr, sizeof(sechdr)) < 0) goto datalen_error; if (!skb_pull(skb, sizeof(sechdr))) BUG(); buf = ntohl(sechdr.data_size); data_size = buf & 0xffff; check = buf >> 16; check ^= sp->hdr.seq ^ sp->hdr.callNumber; check &= 0xffff; if (check != 0) { *_abort_code = RXKADSEALEDINCON; goto protocol_error; } /* shorten the packet to remove the padding */ if (data_size > skb->len) goto datalen_error; else if (data_size < skb->len) skb->len = data_size; _leave(" = 0 [dlen=%x]", data_size); return 0; datalen_error: *_abort_code = RXKADDATALEN; protocol_error: _leave(" = -EPROTO"); return -EPROTO; nomem: _leave(" = -ENOMEM"); return -ENOMEM; }

Contributors

PersonTokensPropCommitsCommitProp
david howellsdavid howells38088.79%466.67%
herbert xuherbert xu4811.21%233.33%
Total428100.00%6100.00%

/* * verify the security on a received packet */
static int rxkad_verify_packet(struct rxrpc_call *call, struct sk_buff *skb, u32 *_abort_code) { SKCIPHER_REQUEST_ON_STACK(req, call->conn->cipher); struct rxrpc_skb_priv *sp; struct rxrpc_crypt iv; struct scatterlist sg; u16 cksum; u32 x, y; int ret; sp = rxrpc_skb(skb); _enter("{%d{%x}},{#%u}", call->debug_id, key_serial(call->conn->params.key), sp->hdr.seq); if (!call->conn->cipher) return 0; if (sp->hdr.securityIndex != RXRPC_SECURITY_RXKAD) { *_abort_code = RXKADINCONSISTENCY; _leave(" = -EPROTO [not rxkad]"); return -EPROTO; } /* continue encrypting from where we left off */ memcpy(&iv, call->conn->csum_iv.x, sizeof(iv)); /* validate the security checksum */ x = call->channel << (32 - RXRPC_CIDSHIFT); x |= sp->hdr.seq & 0x3fffffff; call->crypto_buf[0] = htonl(call->call_id); call->crypto_buf[1] = htonl(x); sg_init_one(&sg, call->crypto_buf, 8); skcipher_request_set_tfm(req, call->conn->cipher); skcipher_request_set_callback(req, 0, NULL, NULL); skcipher_request_set_crypt(req, &sg, &sg, 8, iv.x); crypto_skcipher_encrypt(req); skcipher_request_zero(req); y = ntohl(call->crypto_buf[1]); cksum = (y >> 16) & 0xffff; if (cksum == 0) cksum = 1; /* zero checksums are not permitted */ if (sp->hdr.cksum != cksum) { *_abort_code = RXKADSEALEDINCON; _leave(" = -EPROTO [csum failed]"); return -EPROTO; } switch (call->conn->params.security_level) { case RXRPC_SECURITY_PLAIN: ret = 0; break; case RXRPC_SECURITY_AUTH: ret = rxkad_verify_packet_auth(call, skb, _abort_code); break; case RXRPC_SECURITY_ENCRYPT: ret = rxkad_verify_packet_encrypt(call, skb, _abort_code); break; default: ret = -ENOANO; break; } _leave(" = %d", ret); return ret; }

Contributors

PersonTokensPropCommitsCommitProp
david howellsdavid howells31682.72%555.56%
herbert xuherbert xu6416.75%333.33%
al viroal viro20.52%111.11%
Total382100.00%9100.00%

/* * issue a challenge */
static int rxkad_issue_challenge(struct rxrpc_connection *conn) { struct rxkad_challenge challenge; struct rxrpc_wire_header whdr; struct msghdr msg; struct kvec iov[2]; size_t len; u32 serial; int ret; _enter("{%d,%x}", conn->debug_id, key_serial(conn->params.key)); ret = key_validate(conn->params.key); if (ret < 0) return ret; get_random_bytes(&conn->security_nonce, sizeof(conn->security_nonce)); challenge.version = htonl(2); challenge.nonce = htonl(conn->security_nonce); challenge.min_level