David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 1 | /* RxRPC key management |
| 2 | * |
| 3 | * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved. |
| 4 | * Written by David Howells (dhowells@redhat.com) |
| 5 | * |
| 6 | * This program is free software; you can redistribute it and/or |
| 7 | * modify it under the terms of the GNU General Public License |
| 8 | * as published by the Free Software Foundation; either version |
| 9 | * 2 of the License, or (at your option) any later version. |
| 10 | * |
| 11 | * RxRPC keys should have a description of describing their purpose: |
| 12 | * "afs@CAMBRIDGE.REDHAT.COM> |
| 13 | */ |
| 14 | |
| 15 | #include <linux/module.h> |
| 16 | #include <linux/net.h> |
| 17 | #include <linux/skbuff.h> |
David Howells | 76181c1 | 2007-10-16 23:29:46 -0700 | [diff] [blame] | 18 | #include <linux/key-type.h> |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 19 | #include <linux/crypto.h> |
David Howells | 3394128 | 2009-09-14 01:17:35 +0000 | [diff] [blame^] | 20 | #include <linux/ctype.h> |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 21 | #include <net/sock.h> |
| 22 | #include <net/af_rxrpc.h> |
| 23 | #include <keys/rxrpc-type.h> |
| 24 | #include <keys/user-type.h> |
| 25 | #include "ar-internal.h" |
| 26 | |
| 27 | static int rxrpc_instantiate(struct key *, const void *, size_t); |
| 28 | static int rxrpc_instantiate_s(struct key *, const void *, size_t); |
| 29 | static void rxrpc_destroy(struct key *); |
| 30 | static void rxrpc_destroy_s(struct key *); |
| 31 | static void rxrpc_describe(const struct key *, struct seq_file *); |
| 32 | |
| 33 | /* |
| 34 | * rxrpc defined keys take an arbitrary string as the description and an |
| 35 | * arbitrary blob of data as the payload |
| 36 | */ |
| 37 | struct key_type key_type_rxrpc = { |
| 38 | .name = "rxrpc", |
| 39 | .instantiate = rxrpc_instantiate, |
| 40 | .match = user_match, |
| 41 | .destroy = rxrpc_destroy, |
| 42 | .describe = rxrpc_describe, |
| 43 | }; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 44 | EXPORT_SYMBOL(key_type_rxrpc); |
| 45 | |
| 46 | /* |
| 47 | * rxrpc server defined keys take "<serviceId>:<securityIndex>" as the |
| 48 | * description and an 8-byte decryption key as the payload |
| 49 | */ |
| 50 | struct key_type key_type_rxrpc_s = { |
| 51 | .name = "rxrpc_s", |
| 52 | .instantiate = rxrpc_instantiate_s, |
| 53 | .match = user_match, |
| 54 | .destroy = rxrpc_destroy_s, |
| 55 | .describe = rxrpc_describe, |
| 56 | }; |
| 57 | |
| 58 | /* |
David Howells | 3394128 | 2009-09-14 01:17:35 +0000 | [diff] [blame^] | 59 | * parse an RxKAD type XDR format token |
| 60 | * - the caller guarantees we have at least 4 words |
| 61 | */ |
| 62 | static int rxrpc_instantiate_xdr_rxkad(struct key *key, const __be32 *xdr, |
| 63 | unsigned toklen) |
| 64 | { |
| 65 | struct rxrpc_key_token *token; |
| 66 | size_t plen; |
| 67 | u32 tktlen; |
| 68 | int ret; |
| 69 | |
| 70 | _enter(",{%x,%x,%x,%x},%u", |
| 71 | ntohl(xdr[0]), ntohl(xdr[1]), ntohl(xdr[2]), ntohl(xdr[3]), |
| 72 | toklen); |
| 73 | |
| 74 | if (toklen <= 8 * 4) |
| 75 | return -EKEYREJECTED; |
| 76 | tktlen = ntohl(xdr[7]); |
| 77 | _debug("tktlen: %x", tktlen); |
| 78 | if (tktlen > AFSTOKEN_RK_TIX_MAX) |
| 79 | return -EKEYREJECTED; |
| 80 | if (8 * 4 + tktlen != toklen) |
| 81 | return -EKEYREJECTED; |
| 82 | |
| 83 | plen = sizeof(*token) + sizeof(*token->kad) + tktlen; |
| 84 | ret = key_payload_reserve(key, key->datalen + plen); |
| 85 | if (ret < 0) |
| 86 | return ret; |
| 87 | |
| 88 | plen -= sizeof(*token); |
| 89 | token = kmalloc(sizeof(*token), GFP_KERNEL); |
| 90 | if (!token) |
| 91 | return -ENOMEM; |
| 92 | |
| 93 | token->kad = kmalloc(plen, GFP_KERNEL); |
| 94 | if (!token->kad) { |
| 95 | kfree(token); |
| 96 | return -ENOMEM; |
| 97 | } |
| 98 | |
| 99 | token->security_index = RXRPC_SECURITY_RXKAD; |
| 100 | token->kad->ticket_len = tktlen; |
| 101 | token->kad->vice_id = ntohl(xdr[0]); |
| 102 | token->kad->kvno = ntohl(xdr[1]); |
| 103 | token->kad->start = ntohl(xdr[4]); |
| 104 | token->kad->expiry = ntohl(xdr[5]); |
| 105 | token->kad->primary_flag = ntohl(xdr[6]); |
| 106 | memcpy(&token->kad->session_key, &xdr[2], 8); |
| 107 | memcpy(&token->kad->ticket, &xdr[8], tktlen); |
| 108 | |
| 109 | _debug("SCIX: %u", token->security_index); |
| 110 | _debug("TLEN: %u", token->kad->ticket_len); |
| 111 | _debug("EXPY: %x", token->kad->expiry); |
| 112 | _debug("KVNO: %u", token->kad->kvno); |
| 113 | _debug("PRIM: %u", token->kad->primary_flag); |
| 114 | _debug("SKEY: %02x%02x%02x%02x%02x%02x%02x%02x", |
| 115 | token->kad->session_key[0], token->kad->session_key[1], |
| 116 | token->kad->session_key[2], token->kad->session_key[3], |
| 117 | token->kad->session_key[4], token->kad->session_key[5], |
| 118 | token->kad->session_key[6], token->kad->session_key[7]); |
| 119 | if (token->kad->ticket_len >= 8) |
| 120 | _debug("TCKT: %02x%02x%02x%02x%02x%02x%02x%02x", |
| 121 | token->kad->ticket[0], token->kad->ticket[1], |
| 122 | token->kad->ticket[2], token->kad->ticket[3], |
| 123 | token->kad->ticket[4], token->kad->ticket[5], |
| 124 | token->kad->ticket[6], token->kad->ticket[7]); |
| 125 | |
| 126 | /* count the number of tokens attached */ |
| 127 | key->type_data.x[0]++; |
| 128 | |
| 129 | /* attach the data */ |
| 130 | token->next = key->payload.data; |
| 131 | key->payload.data = token; |
| 132 | if (token->kad->expiry < key->expiry) |
| 133 | key->expiry = token->kad->expiry; |
| 134 | |
| 135 | _leave(" = 0"); |
| 136 | return 0; |
| 137 | } |
| 138 | |
| 139 | /* |
| 140 | * attempt to parse the data as the XDR format |
| 141 | * - the caller guarantees we have more than 7 words |
| 142 | */ |
| 143 | static int rxrpc_instantiate_xdr(struct key *key, const void *data, size_t datalen) |
| 144 | { |
| 145 | const __be32 *xdr = data, *token; |
| 146 | const char *cp; |
| 147 | unsigned len, tmp, loop, ntoken, toklen, sec_ix; |
| 148 | int ret; |
| 149 | |
| 150 | _enter(",{%x,%x,%x,%x},%zu", |
| 151 | ntohl(xdr[0]), ntohl(xdr[1]), ntohl(xdr[2]), ntohl(xdr[3]), |
| 152 | datalen); |
| 153 | |
| 154 | if (datalen > AFSTOKEN_LENGTH_MAX) |
| 155 | goto not_xdr; |
| 156 | |
| 157 | /* XDR is an array of __be32's */ |
| 158 | if (datalen & 3) |
| 159 | goto not_xdr; |
| 160 | |
| 161 | /* the flags should be 0 (the setpag bit must be handled by |
| 162 | * userspace) */ |
| 163 | if (ntohl(*xdr++) != 0) |
| 164 | goto not_xdr; |
| 165 | datalen -= 4; |
| 166 | |
| 167 | /* check the cell name */ |
| 168 | len = ntohl(*xdr++); |
| 169 | if (len < 1 || len > AFSTOKEN_CELL_MAX) |
| 170 | goto not_xdr; |
| 171 | datalen -= 4; |
| 172 | tmp = (len + 3) & ~3; |
| 173 | if (tmp > datalen) |
| 174 | goto not_xdr; |
| 175 | |
| 176 | cp = (const char *) xdr; |
| 177 | for (loop = 0; loop < len; loop++) |
| 178 | if (!isprint(cp[loop])) |
| 179 | goto not_xdr; |
| 180 | if (len < tmp) |
| 181 | for (; loop < tmp; loop++) |
| 182 | if (cp[loop]) |
| 183 | goto not_xdr; |
| 184 | _debug("cellname: [%u/%u] '%*.*s'", |
| 185 | len, tmp, len, len, (const char *) xdr); |
| 186 | datalen -= tmp; |
| 187 | xdr += tmp >> 2; |
| 188 | |
| 189 | /* get the token count */ |
| 190 | if (datalen < 12) |
| 191 | goto not_xdr; |
| 192 | ntoken = ntohl(*xdr++); |
| 193 | datalen -= 4; |
| 194 | _debug("ntoken: %x", ntoken); |
| 195 | if (ntoken < 1 || ntoken > AFSTOKEN_MAX) |
| 196 | goto not_xdr; |
| 197 | |
| 198 | /* check each token wrapper */ |
| 199 | token = xdr; |
| 200 | loop = ntoken; |
| 201 | do { |
| 202 | if (datalen < 8) |
| 203 | goto not_xdr; |
| 204 | toklen = ntohl(*xdr++); |
| 205 | sec_ix = ntohl(*xdr); |
| 206 | datalen -= 4; |
| 207 | _debug("token: [%x/%zx] %x", toklen, datalen, sec_ix); |
| 208 | if (toklen < 20 || toklen > datalen) |
| 209 | goto not_xdr; |
| 210 | datalen -= (toklen + 3) & ~3; |
| 211 | xdr += (toklen + 3) >> 2; |
| 212 | |
| 213 | } while (--loop > 0); |
| 214 | |
| 215 | _debug("remainder: %zu", datalen); |
| 216 | if (datalen != 0) |
| 217 | goto not_xdr; |
| 218 | |
| 219 | /* okay: we're going to assume it's valid XDR format |
| 220 | * - we ignore the cellname, relying on the key to be correctly named |
| 221 | */ |
| 222 | do { |
| 223 | xdr = token; |
| 224 | toklen = ntohl(*xdr++); |
| 225 | token = xdr + ((toklen + 3) >> 2); |
| 226 | sec_ix = ntohl(*xdr++); |
| 227 | toklen -= 4; |
| 228 | |
| 229 | switch (sec_ix) { |
| 230 | case RXRPC_SECURITY_RXKAD: |
| 231 | ret = rxrpc_instantiate_xdr_rxkad(key, xdr, toklen); |
| 232 | if (ret != 0) |
| 233 | goto error; |
| 234 | break; |
| 235 | |
| 236 | default: |
| 237 | ret = -EPROTONOSUPPORT; |
| 238 | goto error; |
| 239 | } |
| 240 | |
| 241 | } while (--ntoken > 0); |
| 242 | |
| 243 | _leave(" = 0"); |
| 244 | return 0; |
| 245 | |
| 246 | not_xdr: |
| 247 | _leave(" = -EPROTO"); |
| 248 | return -EPROTO; |
| 249 | error: |
| 250 | _leave(" = %d", ret); |
| 251 | return ret; |
| 252 | } |
| 253 | |
| 254 | /* |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 255 | * instantiate an rxrpc defined key |
| 256 | * data should be of the form: |
| 257 | * OFFSET LEN CONTENT |
| 258 | * 0 4 key interface version number |
| 259 | * 4 2 security index (type) |
| 260 | * 6 2 ticket length |
| 261 | * 8 4 key expiry time (time_t) |
| 262 | * 12 4 kvno |
| 263 | * 16 8 session key |
| 264 | * 24 [len] ticket |
| 265 | * |
| 266 | * if no data is provided, then a no-security key is made |
| 267 | */ |
| 268 | static int rxrpc_instantiate(struct key *key, const void *data, size_t datalen) |
| 269 | { |
David Howells | 3394128 | 2009-09-14 01:17:35 +0000 | [diff] [blame^] | 270 | const struct rxrpc_key_data_v1 *v1; |
| 271 | struct rxrpc_key_token *token, **pp; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 272 | size_t plen; |
| 273 | u32 kver; |
| 274 | int ret; |
| 275 | |
| 276 | _enter("{%x},,%zu", key_serial(key), datalen); |
| 277 | |
| 278 | /* handle a no-security key */ |
| 279 | if (!data && datalen == 0) |
| 280 | return 0; |
| 281 | |
David Howells | 3394128 | 2009-09-14 01:17:35 +0000 | [diff] [blame^] | 282 | /* determine if the XDR payload format is being used */ |
| 283 | if (datalen > 7 * 4) { |
| 284 | ret = rxrpc_instantiate_xdr(key, data, datalen); |
| 285 | if (ret != -EPROTO) |
| 286 | return ret; |
| 287 | } |
| 288 | |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 289 | /* get the key interface version number */ |
| 290 | ret = -EINVAL; |
| 291 | if (datalen <= 4 || !data) |
| 292 | goto error; |
| 293 | memcpy(&kver, data, sizeof(kver)); |
| 294 | data += sizeof(kver); |
| 295 | datalen -= sizeof(kver); |
| 296 | |
| 297 | _debug("KEY I/F VERSION: %u", kver); |
| 298 | |
| 299 | ret = -EKEYREJECTED; |
| 300 | if (kver != 1) |
| 301 | goto error; |
| 302 | |
| 303 | /* deal with a version 1 key */ |
| 304 | ret = -EINVAL; |
David Howells | 3394128 | 2009-09-14 01:17:35 +0000 | [diff] [blame^] | 305 | if (datalen < sizeof(*v1)) |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 306 | goto error; |
| 307 | |
David Howells | 3394128 | 2009-09-14 01:17:35 +0000 | [diff] [blame^] | 308 | v1 = data; |
| 309 | if (datalen != sizeof(*v1) + v1->ticket_length) |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 310 | goto error; |
| 311 | |
David Howells | 3394128 | 2009-09-14 01:17:35 +0000 | [diff] [blame^] | 312 | _debug("SCIX: %u", v1->security_index); |
| 313 | _debug("TLEN: %u", v1->ticket_length); |
| 314 | _debug("EXPY: %x", v1->expiry); |
| 315 | _debug("KVNO: %u", v1->kvno); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 316 | _debug("SKEY: %02x%02x%02x%02x%02x%02x%02x%02x", |
David Howells | 3394128 | 2009-09-14 01:17:35 +0000 | [diff] [blame^] | 317 | v1->session_key[0], v1->session_key[1], |
| 318 | v1->session_key[2], v1->session_key[3], |
| 319 | v1->session_key[4], v1->session_key[5], |
| 320 | v1->session_key[6], v1->session_key[7]); |
| 321 | if (v1->ticket_length >= 8) |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 322 | _debug("TCKT: %02x%02x%02x%02x%02x%02x%02x%02x", |
David Howells | 3394128 | 2009-09-14 01:17:35 +0000 | [diff] [blame^] | 323 | v1->ticket[0], v1->ticket[1], |
| 324 | v1->ticket[2], v1->ticket[3], |
| 325 | v1->ticket[4], v1->ticket[5], |
| 326 | v1->ticket[6], v1->ticket[7]); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 327 | |
| 328 | ret = -EPROTONOSUPPORT; |
David Howells | 3394128 | 2009-09-14 01:17:35 +0000 | [diff] [blame^] | 329 | if (v1->security_index != RXRPC_SECURITY_RXKAD) |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 330 | goto error; |
| 331 | |
David Howells | 3394128 | 2009-09-14 01:17:35 +0000 | [diff] [blame^] | 332 | plen = sizeof(*token->kad) + v1->ticket_length; |
| 333 | ret = key_payload_reserve(key, plen + sizeof(*token)); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 334 | if (ret < 0) |
| 335 | goto error; |
| 336 | |
| 337 | ret = -ENOMEM; |
David Howells | 3394128 | 2009-09-14 01:17:35 +0000 | [diff] [blame^] | 338 | token = kmalloc(sizeof(*token), GFP_KERNEL); |
| 339 | if (!token) |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 340 | goto error; |
David Howells | 3394128 | 2009-09-14 01:17:35 +0000 | [diff] [blame^] | 341 | token->kad = kmalloc(plen, GFP_KERNEL); |
| 342 | if (!token->kad) |
| 343 | goto error_free; |
| 344 | |
| 345 | token->security_index = RXRPC_SECURITY_RXKAD; |
| 346 | token->kad->ticket_len = v1->ticket_length; |
| 347 | token->kad->expiry = v1->expiry; |
| 348 | token->kad->kvno = v1->kvno; |
| 349 | memcpy(&token->kad->session_key, &v1->session_key, 8); |
| 350 | memcpy(&token->kad->ticket, v1->ticket, v1->ticket_length); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 351 | |
| 352 | /* attach the data */ |
David Howells | 3394128 | 2009-09-14 01:17:35 +0000 | [diff] [blame^] | 353 | key->type_data.x[0]++; |
| 354 | |
| 355 | pp = (struct rxrpc_key_token **)&key->payload.data; |
| 356 | while (*pp) |
| 357 | pp = &(*pp)->next; |
| 358 | *pp = token; |
| 359 | if (token->kad->expiry < key->expiry) |
| 360 | key->expiry = token->kad->expiry; |
| 361 | token = NULL; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 362 | ret = 0; |
| 363 | |
David Howells | 3394128 | 2009-09-14 01:17:35 +0000 | [diff] [blame^] | 364 | error_free: |
| 365 | kfree(token); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 366 | error: |
| 367 | return ret; |
| 368 | } |
| 369 | |
| 370 | /* |
| 371 | * instantiate a server secret key |
| 372 | * data should be a pointer to the 8-byte secret key |
| 373 | */ |
| 374 | static int rxrpc_instantiate_s(struct key *key, const void *data, |
| 375 | size_t datalen) |
| 376 | { |
| 377 | struct crypto_blkcipher *ci; |
| 378 | |
| 379 | _enter("{%x},,%zu", key_serial(key), datalen); |
| 380 | |
| 381 | if (datalen != 8) |
| 382 | return -EINVAL; |
| 383 | |
| 384 | memcpy(&key->type_data, data, 8); |
| 385 | |
| 386 | ci = crypto_alloc_blkcipher("pcbc(des)", 0, CRYPTO_ALG_ASYNC); |
| 387 | if (IS_ERR(ci)) { |
| 388 | _leave(" = %ld", PTR_ERR(ci)); |
| 389 | return PTR_ERR(ci); |
| 390 | } |
| 391 | |
| 392 | if (crypto_blkcipher_setkey(ci, data, 8) < 0) |
| 393 | BUG(); |
| 394 | |
| 395 | key->payload.data = ci; |
| 396 | _leave(" = 0"); |
| 397 | return 0; |
| 398 | } |
| 399 | |
| 400 | /* |
| 401 | * dispose of the data dangling from the corpse of a rxrpc key |
| 402 | */ |
| 403 | static void rxrpc_destroy(struct key *key) |
| 404 | { |
David Howells | 3394128 | 2009-09-14 01:17:35 +0000 | [diff] [blame^] | 405 | struct rxrpc_key_token *token; |
| 406 | |
| 407 | while ((token = key->payload.data)) { |
| 408 | key->payload.data = token->next; |
| 409 | switch (token->security_index) { |
| 410 | case RXRPC_SECURITY_RXKAD: |
| 411 | kfree(token->kad); |
| 412 | break; |
| 413 | default: |
| 414 | printk(KERN_ERR "Unknown token type %x on rxrpc key\n", |
| 415 | token->security_index); |
| 416 | BUG(); |
| 417 | } |
| 418 | |
| 419 | kfree(token); |
| 420 | } |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 421 | } |
| 422 | |
| 423 | /* |
| 424 | * dispose of the data dangling from the corpse of a rxrpc key |
| 425 | */ |
| 426 | static void rxrpc_destroy_s(struct key *key) |
| 427 | { |
| 428 | if (key->payload.data) { |
| 429 | crypto_free_blkcipher(key->payload.data); |
| 430 | key->payload.data = NULL; |
| 431 | } |
| 432 | } |
| 433 | |
| 434 | /* |
| 435 | * describe the rxrpc key |
| 436 | */ |
| 437 | static void rxrpc_describe(const struct key *key, struct seq_file *m) |
| 438 | { |
| 439 | seq_puts(m, key->description); |
| 440 | } |
| 441 | |
| 442 | /* |
| 443 | * grab the security key for a socket |
| 444 | */ |
| 445 | int rxrpc_request_key(struct rxrpc_sock *rx, char __user *optval, int optlen) |
| 446 | { |
| 447 | struct key *key; |
| 448 | char *description; |
| 449 | |
| 450 | _enter(""); |
| 451 | |
| 452 | if (optlen <= 0 || optlen > PAGE_SIZE - 1) |
| 453 | return -EINVAL; |
| 454 | |
| 455 | description = kmalloc(optlen + 1, GFP_KERNEL); |
| 456 | if (!description) |
| 457 | return -ENOMEM; |
| 458 | |
| 459 | if (copy_from_user(description, optval, optlen)) { |
| 460 | kfree(description); |
| 461 | return -EFAULT; |
| 462 | } |
| 463 | description[optlen] = 0; |
| 464 | |
| 465 | key = request_key(&key_type_rxrpc, description, NULL); |
| 466 | if (IS_ERR(key)) { |
| 467 | kfree(description); |
| 468 | _leave(" = %ld", PTR_ERR(key)); |
| 469 | return PTR_ERR(key); |
| 470 | } |
| 471 | |
| 472 | rx->key = key; |
| 473 | kfree(description); |
| 474 | _leave(" = 0 [key %x]", key->serial); |
| 475 | return 0; |
| 476 | } |
| 477 | |
| 478 | /* |
| 479 | * grab the security keyring for a server socket |
| 480 | */ |
| 481 | int rxrpc_server_keyring(struct rxrpc_sock *rx, char __user *optval, |
| 482 | int optlen) |
| 483 | { |
| 484 | struct key *key; |
| 485 | char *description; |
| 486 | |
| 487 | _enter(""); |
| 488 | |
| 489 | if (optlen <= 0 || optlen > PAGE_SIZE - 1) |
| 490 | return -EINVAL; |
| 491 | |
| 492 | description = kmalloc(optlen + 1, GFP_KERNEL); |
| 493 | if (!description) |
| 494 | return -ENOMEM; |
| 495 | |
| 496 | if (copy_from_user(description, optval, optlen)) { |
| 497 | kfree(description); |
| 498 | return -EFAULT; |
| 499 | } |
| 500 | description[optlen] = 0; |
| 501 | |
| 502 | key = request_key(&key_type_keyring, description, NULL); |
| 503 | if (IS_ERR(key)) { |
| 504 | kfree(description); |
| 505 | _leave(" = %ld", PTR_ERR(key)); |
| 506 | return PTR_ERR(key); |
| 507 | } |
| 508 | |
| 509 | rx->securities = key; |
| 510 | kfree(description); |
| 511 | _leave(" = 0 [key %x]", key->serial); |
| 512 | return 0; |
| 513 | } |
| 514 | |
| 515 | /* |
| 516 | * generate a server data key |
| 517 | */ |
| 518 | int rxrpc_get_server_data_key(struct rxrpc_connection *conn, |
| 519 | const void *session_key, |
| 520 | time_t expiry, |
| 521 | u32 kvno) |
| 522 | { |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 523 | const struct cred *cred = current_cred(); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 524 | struct key *key; |
| 525 | int ret; |
| 526 | |
| 527 | struct { |
| 528 | u32 kver; |
David Howells | 3394128 | 2009-09-14 01:17:35 +0000 | [diff] [blame^] | 529 | struct rxrpc_key_data_v1 v1; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 530 | } data; |
| 531 | |
| 532 | _enter(""); |
| 533 | |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 534 | key = key_alloc(&key_type_rxrpc, "x", 0, 0, cred, 0, |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 535 | KEY_ALLOC_NOT_IN_QUOTA); |
| 536 | if (IS_ERR(key)) { |
| 537 | _leave(" = -ENOMEM [alloc %ld]", PTR_ERR(key)); |
| 538 | return -ENOMEM; |
| 539 | } |
| 540 | |
| 541 | _debug("key %d", key_serial(key)); |
| 542 | |
| 543 | data.kver = 1; |
David Howells | 3394128 | 2009-09-14 01:17:35 +0000 | [diff] [blame^] | 544 | data.v1.security_index = RXRPC_SECURITY_RXKAD; |
| 545 | data.v1.ticket_length = 0; |
| 546 | data.v1.expiry = expiry; |
| 547 | data.v1.kvno = 0; |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 548 | |
David Howells | 3394128 | 2009-09-14 01:17:35 +0000 | [diff] [blame^] | 549 | memcpy(&data.v1.session_key, session_key, sizeof(data.v1.session_key)); |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 550 | |
| 551 | ret = key_instantiate_and_link(key, &data, sizeof(data), NULL, NULL); |
| 552 | if (ret < 0) |
| 553 | goto error; |
| 554 | |
| 555 | conn->key = key; |
| 556 | _leave(" = 0 [%d]", key_serial(key)); |
| 557 | return 0; |
| 558 | |
| 559 | error: |
| 560 | key_revoke(key); |
| 561 | key_put(key); |
| 562 | _leave(" = -ENOMEM [ins %d]", ret); |
| 563 | return -ENOMEM; |
| 564 | } |
David Howells | 17926a7 | 2007-04-26 15:48:28 -0700 | [diff] [blame] | 565 | EXPORT_SYMBOL(rxrpc_get_server_data_key); |
David Howells | 76181c1 | 2007-10-16 23:29:46 -0700 | [diff] [blame] | 566 | |
| 567 | /** |
| 568 | * rxrpc_get_null_key - Generate a null RxRPC key |
| 569 | * @keyname: The name to give the key. |
| 570 | * |
| 571 | * Generate a null RxRPC key that can be used to indicate anonymous security is |
| 572 | * required for a particular domain. |
| 573 | */ |
| 574 | struct key *rxrpc_get_null_key(const char *keyname) |
| 575 | { |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 576 | const struct cred *cred = current_cred(); |
David Howells | 76181c1 | 2007-10-16 23:29:46 -0700 | [diff] [blame] | 577 | struct key *key; |
| 578 | int ret; |
| 579 | |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 580 | key = key_alloc(&key_type_rxrpc, keyname, 0, 0, cred, |
David Howells | 76181c1 | 2007-10-16 23:29:46 -0700 | [diff] [blame] | 581 | KEY_POS_SEARCH, KEY_ALLOC_NOT_IN_QUOTA); |
| 582 | if (IS_ERR(key)) |
| 583 | return key; |
| 584 | |
| 585 | ret = key_instantiate_and_link(key, NULL, 0, NULL, NULL); |
| 586 | if (ret < 0) { |
| 587 | key_revoke(key); |
| 588 | key_put(key); |
| 589 | return ERR_PTR(ret); |
| 590 | } |
| 591 | |
| 592 | return key; |
| 593 | } |
| 594 | EXPORT_SYMBOL(rxrpc_get_null_key); |