Blame - net/rxrpc/key.c - kernel/msm-4.9

blob: 7fc340726d034f2f96cafdfdf33e3123d4f3c8e8 [file] [log] [blame]

David Howells	17926a7	2007-04-26 15:48:28 -0700	[diff] [blame]	1	/* RxRPC key management
				2	*
				3	* Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
				4	* Written by David Howells (dhowells@redhat.com)
				5	*
				6	* This program is free software; you can redistribute it and/or
				7	* modify it under the terms of the GNU General Public License
				8	* as published by the Free Software Foundation; either version
				9	* 2 of the License, or (at your option) any later version.
				10	*
				11	* RxRPC keys should have a description of describing their purpose:
				12	* "afs@CAMBRIDGE.REDHAT.COM>
				13	*/
				14
Joe Perches	9b6d539	2016-06-02 12:08:52 -0700	[diff] [blame]	15	#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
				16
Herbert Xu	1afe593	2016-01-24 21:19:01 +0800	[diff] [blame]	17	#include <crypto/skcipher.h>
David Howells	17926a7	2007-04-26 15:48:28 -0700	[diff] [blame]	18	#include <linux/module.h>
				19	#include <linux/net.h>
				20	#include <linux/skbuff.h>
David Howells	76181c1	2007-10-16 23:29:46 -0700	[diff] [blame]	21	#include <linux/key-type.h>
David Howells	3394128	2009-09-14 01:17:35 +0000	[diff] [blame]	22	#include <linux/ctype.h>
Tejun Heo	5a0e3ad	2010-03-24 17:04:11 +0900	[diff] [blame]	23	#include <linux/slab.h>
David Howells	17926a7	2007-04-26 15:48:28 -0700	[diff] [blame]	24	#include <net/sock.h>
				25	#include <net/af_rxrpc.h>
				26	#include <keys/rxrpc-type.h>
				27	#include <keys/user-type.h>
				28	#include "ar-internal.h"
				29
David Howells	b9fffa3	2011-03-07 15:05:59 +0000	[diff] [blame]	30	static int rxrpc_vet_description_s(const char *);
David Howells	8a7a3eb	2014-07-18 18:56:36 +0100	[diff] [blame]	31	static int rxrpc_preparse(struct key_preparsed_payload *);
				32	static int rxrpc_preparse_s(struct key_preparsed_payload *);
				33	static void rxrpc_free_preparse(struct key_preparsed_payload *);
				34	static void rxrpc_free_preparse_s(struct key_preparsed_payload *);
David Howells	17926a7	2007-04-26 15:48:28 -0700	[diff] [blame]	35	static void rxrpc_destroy(struct key *);
				36	static void rxrpc_destroy_s(struct key *);
				37	static void rxrpc_describe(const struct key , struct seq_file );
David Howells	ed6dd18	2009-09-14 01:17:40 +0000	[diff] [blame]	38	static long rxrpc_read(const struct key , char __user , size_t);
David Howells	17926a7	2007-04-26 15:48:28 -0700	[diff] [blame]	39
				40	/*
				41	* rxrpc defined keys take an arbitrary string as the description and an
				42	* arbitrary blob of data as the payload
				43	*/
				44	struct key_type key_type_rxrpc = {
				45	.name = "rxrpc",
David Howells	8a7a3eb	2014-07-18 18:56:36 +0100	[diff] [blame]	46	.preparse = rxrpc_preparse,
				47	.free_preparse = rxrpc_free_preparse,
				48	.instantiate = generic_key_instantiate,
David Howells	17926a7	2007-04-26 15:48:28 -0700	[diff] [blame]	49	.destroy = rxrpc_destroy,
				50	.describe = rxrpc_describe,
David Howells	ed6dd18	2009-09-14 01:17:40 +0000	[diff] [blame]	51	.read = rxrpc_read,
David Howells	17926a7	2007-04-26 15:48:28 -0700	[diff] [blame]	52	};
David Howells	17926a7	2007-04-26 15:48:28 -0700	[diff] [blame]	53	EXPORT_SYMBOL(key_type_rxrpc);
				54
				55	/*
				56	* rxrpc server defined keys take "<serviceId>:<securityIndex>" as the
				57	* description and an 8-byte decryption key as the payload
				58	*/
				59	struct key_type key_type_rxrpc_s = {
				60	.name = "rxrpc_s",
David Howells	b9fffa3	2011-03-07 15:05:59 +0000	[diff] [blame]	61	.vet_description = rxrpc_vet_description_s,
David Howells	8a7a3eb	2014-07-18 18:56:36 +0100	[diff] [blame]	62	.preparse = rxrpc_preparse_s,
				63	.free_preparse = rxrpc_free_preparse_s,
				64	.instantiate = generic_key_instantiate,
David Howells	17926a7	2007-04-26 15:48:28 -0700	[diff] [blame]	65	.destroy = rxrpc_destroy_s,
				66	.describe = rxrpc_describe,
				67	};
				68
				69	/*
David Howells	b9fffa3	2011-03-07 15:05:59 +0000	[diff] [blame]	70	* Vet the description for an RxRPC server key
				71	*/
				72	static int rxrpc_vet_description_s(const char *desc)
				73	{
				74	unsigned long num;
				75	char *p;
				76
				77	num = simple_strtoul(desc, &p, 10);
				78	if (*p != ':' \|\| num > 65535)
				79	return -EINVAL;
				80	num = simple_strtoul(p + 1, &p, 10);
				81	if (*p \|\| num < 1 \|\| num > 255)
				82	return -EINVAL;
				83	return 0;
				84	}
				85
				86	/*
David Howells	3394128	2009-09-14 01:17:35 +0000	[diff] [blame]	87	* parse an RxKAD type XDR format token
				88	* - the caller guarantees we have at least 4 words
				89	*/
David Howells	8a7a3eb	2014-07-18 18:56:36 +0100	[diff] [blame]	90	static int rxrpc_preparse_xdr_rxkad(struct key_preparsed_payload *prep,
				91	size_t datalen,
				92	const __be32 *xdr, unsigned int toklen)
David Howells	3394128	2009-09-14 01:17:35 +0000	[diff] [blame]	93	{
David Howells	99455153	2009-09-14 01:17:46 +0000	[diff] [blame]	94	struct rxrpc_key_token token, *pptoken;
David Howells	3394128	2009-09-14 01:17:35 +0000	[diff] [blame]	95	size_t plen;
				96	u32 tktlen;
David Howells	3394128	2009-09-14 01:17:35 +0000	[diff] [blame]	97
				98	_enter(",{%x,%x,%x,%x},%u",
				99	ntohl(xdr[0]), ntohl(xdr[1]), ntohl(xdr[2]), ntohl(xdr[3]),
				100	toklen);
				101
				102	if (toklen <= 8 * 4)
				103	return -EKEYREJECTED;
				104	tktlen = ntohl(xdr[7]);
				105	_debug("tktlen: %x", tktlen);
				106	if (tktlen > AFSTOKEN_RK_TIX_MAX)
				107	return -EKEYREJECTED;
Nathaniel W Filardo	fde0133	2014-05-15 15:51:22 +0100	[diff] [blame]	108	if (toklen < 8 * 4 + tktlen)
David Howells	3394128	2009-09-14 01:17:35 +0000	[diff] [blame]	109	return -EKEYREJECTED;
				110
				111	plen = sizeof(token) + sizeof(token->kad) + tktlen;
David Howells	8a7a3eb	2014-07-18 18:56:36 +0100	[diff] [blame]	112	prep->quotalen = datalen + plen;
David Howells	3394128	2009-09-14 01:17:35 +0000	[diff] [blame]	113
				114	plen -= sizeof(*token);
Anton Blanchard	0a93ea2	2011-02-25 15:33:17 +0000	[diff] [blame]	115	token = kzalloc(sizeof(*token), GFP_KERNEL);
David Howells	3394128	2009-09-14 01:17:35 +0000	[diff] [blame]	116	if (!token)
				117	return -ENOMEM;
				118
Anton Blanchard	0a93ea2	2011-02-25 15:33:17 +0000	[diff] [blame]	119	token->kad = kzalloc(plen, GFP_KERNEL);
David Howells	3394128	2009-09-14 01:17:35 +0000	[diff] [blame]	120	if (!token->kad) {
				121	kfree(token);
				122	return -ENOMEM;
				123	}
				124
				125	token->security_index = RXRPC_SECURITY_RXKAD;
				126	token->kad->ticket_len = tktlen;
				127	token->kad->vice_id = ntohl(xdr[0]);
				128	token->kad->kvno = ntohl(xdr[1]);
				129	token->kad->start = ntohl(xdr[4]);
				130	token->kad->expiry = ntohl(xdr[5]);
				131	token->kad->primary_flag = ntohl(xdr[6]);
				132	memcpy(&token->kad->session_key, &xdr[2], 8);
				133	memcpy(&token->kad->ticket, &xdr[8], tktlen);
				134
				135	_debug("SCIX: %u", token->security_index);
				136	_debug("TLEN: %u", token->kad->ticket_len);
				137	_debug("EXPY: %x", token->kad->expiry);
				138	_debug("KVNO: %u", token->kad->kvno);
				139	_debug("PRIM: %u", token->kad->primary_flag);
				140	_debug("SKEY: %02x%02x%02x%02x%02x%02x%02x%02x",
				141	token->kad->session_key[0], token->kad->session_key[1],
				142	token->kad->session_key[2], token->kad->session_key[3],
				143	token->kad->session_key[4], token->kad->session_key[5],
				144	token->kad->session_key[6], token->kad->session_key[7]);
				145	if (token->kad->ticket_len >= 8)
				146	_debug("TCKT: %02x%02x%02x%02x%02x%02x%02x%02x",
				147	token->kad->ticket[0], token->kad->ticket[1],
				148	token->kad->ticket[2], token->kad->ticket[3],
				149	token->kad->ticket[4], token->kad->ticket[5],
				150	token->kad->ticket[6], token->kad->ticket[7]);
				151
				152	/* count the number of tokens attached */
David Howells	146aa8b	2015-10-21 14:04:48 +0100	[diff] [blame]	153	prep->payload.data[1] = (void *)((unsigned long)prep->payload.data[1] + 1);
David Howells	3394128	2009-09-14 01:17:35 +0000	[diff] [blame]	154
				155	/* attach the data */
David Howells	146aa8b	2015-10-21 14:04:48 +0100	[diff] [blame]	156	for (pptoken = (struct rxrpc_key_token **)&prep->payload.data[0];
David Howells	99455153	2009-09-14 01:17:46 +0000	[diff] [blame]	157	*pptoken;
				158	pptoken = &(*pptoken)->next)
				159	continue;
				160	*pptoken = token;
David Howells	8a7a3eb	2014-07-18 18:56:36 +0100	[diff] [blame]	161	if (token->kad->expiry < prep->expiry)
				162	prep->expiry = token->kad->expiry;
David Howells	3394128	2009-09-14 01:17:35 +0000	[diff] [blame]	163
				164	_leave(" = 0");
				165	return 0;
				166	}
				167
David Howells	99455153	2009-09-14 01:17:46 +0000	[diff] [blame]	168	static void rxrpc_free_krb5_principal(struct krb5_principal *princ)
				169	{
				170	int loop;
				171
				172	if (princ->name_parts) {
				173	for (loop = princ->n_name_parts - 1; loop >= 0; loop--)
				174	kfree(princ->name_parts[loop]);
				175	kfree(princ->name_parts);
				176	}
				177	kfree(princ->realm);
				178	}
				179
				180	static void rxrpc_free_krb5_tagged(struct krb5_tagged_data *td)
				181	{
				182	kfree(td->data);
				183	}
				184
				185	/*
				186	* free up an RxK5 token
				187	*/
				188	static void rxrpc_rxk5_free(struct rxk5_key *rxk5)
				189	{
				190	int loop;
				191
				192	rxrpc_free_krb5_principal(&rxk5->client);
				193	rxrpc_free_krb5_principal(&rxk5->server);
				194	rxrpc_free_krb5_tagged(&rxk5->session);
				195
				196	if (rxk5->addresses) {
				197	for (loop = rxk5->n_addresses - 1; loop >= 0; loop--)
				198	rxrpc_free_krb5_tagged(&rxk5->addresses[loop]);
				199	kfree(rxk5->addresses);
				200	}
				201	if (rxk5->authdata) {
				202	for (loop = rxk5->n_authdata - 1; loop >= 0; loop--)
				203	rxrpc_free_krb5_tagged(&rxk5->authdata[loop]);
				204	kfree(rxk5->authdata);
				205	}
				206
				207	kfree(rxk5->ticket);
				208	kfree(rxk5->ticket2);
				209	kfree(rxk5);
				210	}
				211
				212	/*
				213	* extract a krb5 principal
				214	*/
				215	static int rxrpc_krb5_decode_principal(struct krb5_principal *princ,
				216	const __be32 **_xdr,
Eric Dumazet	95c9617	2012-04-15 05:58:06 +0000	[diff] [blame]	217	unsigned int *_toklen)
David Howells	99455153	2009-09-14 01:17:46 +0000	[diff] [blame]	218	{
				219	const __be32 xdr = _xdr;
David Howells	f206038	2017-06-15 00:12:24 +0100	[diff] [blame]	220	unsigned int toklen = *_toklen, n_parts, loop, tmp, paddedlen;
David Howells	99455153	2009-09-14 01:17:46 +0000	[diff] [blame]	221
				222	/* there must be at least one name, and at least #names+1 length
				223	* words */
				224	if (toklen <= 12)
				225	return -EINVAL;
				226
				227	_enter(",{%x,%x,%x},%u",
				228	ntohl(xdr[0]), ntohl(xdr[1]), ntohl(xdr[2]), toklen);
				229
				230	n_parts = ntohl(*xdr++);
				231	toklen -= 4;
				232	if (n_parts <= 0 \|\| n_parts > AFSTOKEN_K5_COMPONENTS_MAX)
				233	return -EINVAL;
				234	princ->n_name_parts = n_parts;
				235
				236	if (toklen <= (n_parts + 1) * 4)
				237	return -EINVAL;
				238
Axel Lin	f65bd5e	2012-02-13 20:19:14 +0000	[diff] [blame]	239	princ->name_parts = kcalloc(n_parts, sizeof(char *), GFP_KERNEL);
David Howells	99455153	2009-09-14 01:17:46 +0000	[diff] [blame]	240	if (!princ->name_parts)
				241	return -ENOMEM;
				242
				243	for (loop = 0; loop < n_parts; loop++) {
				244	if (toklen < 4)
				245	return -EINVAL;
				246	tmp = ntohl(*xdr++);
				247	toklen -= 4;
				248	if (tmp <= 0 \|\| tmp > AFSTOKEN_STRING_MAX)
				249	return -EINVAL;
David Howells	f206038	2017-06-15 00:12:24 +0100	[diff] [blame]	250	paddedlen = (tmp + 3) & ~3;
				251	if (paddedlen > toklen)
David Howells	99455153	2009-09-14 01:17:46 +0000	[diff] [blame]	252	return -EINVAL;
				253	princ->name_parts[loop] = kmalloc(tmp + 1, GFP_KERNEL);
				254	if (!princ->name_parts[loop])
				255	return -ENOMEM;
				256	memcpy(princ->name_parts[loop], xdr, tmp);
				257	princ->name_parts[loop][tmp] = 0;
David Howells	f206038	2017-06-15 00:12:24 +0100	[diff] [blame]	258	toklen -= paddedlen;
				259	xdr += paddedlen >> 2;
David Howells	99455153	2009-09-14 01:17:46 +0000	[diff] [blame]	260	}
				261
				262	if (toklen < 4)
				263	return -EINVAL;
				264	tmp = ntohl(*xdr++);
				265	toklen -= 4;
				266	if (tmp <= 0 \|\| tmp > AFSTOKEN_K5_REALM_MAX)
				267	return -EINVAL;
David Howells	f206038	2017-06-15 00:12:24 +0100	[diff] [blame]	268	paddedlen = (tmp + 3) & ~3;
				269	if (paddedlen > toklen)
David Howells	99455153	2009-09-14 01:17:46 +0000	[diff] [blame]	270	return -EINVAL;
				271	princ->realm = kmalloc(tmp + 1, GFP_KERNEL);
				272	if (!princ->realm)
				273	return -ENOMEM;
				274	memcpy(princ->realm, xdr, tmp);
				275	princ->realm[tmp] = 0;
David Howells	f206038	2017-06-15 00:12:24 +0100	[diff] [blame]	276	toklen -= paddedlen;
				277	xdr += paddedlen >> 2;
David Howells	99455153	2009-09-14 01:17:46 +0000	[diff] [blame]	278
				279	_debug("%s/...@%s", princ->name_parts[0], princ->realm);
				280
				281	*_xdr = xdr;
				282	*_toklen = toklen;
				283	_leave(" = 0 [toklen=%u]", toklen);
				284	return 0;
				285	}
				286
				287	/*
				288	* extract a piece of krb5 tagged data
				289	*/
				290	static int rxrpc_krb5_decode_tagged_data(struct krb5_tagged_data *td,
				291	size_t max_data_size,
				292	const __be32 **_xdr,
Eric Dumazet	95c9617	2012-04-15 05:58:06 +0000	[diff] [blame]	293	unsigned int *_toklen)
David Howells	99455153	2009-09-14 01:17:46 +0000	[diff] [blame]	294	{
				295	const __be32 xdr = _xdr;
David Howells	f206038	2017-06-15 00:12:24 +0100	[diff] [blame]	296	unsigned int toklen = *_toklen, len, paddedlen;
David Howells	99455153	2009-09-14 01:17:46 +0000	[diff] [blame]	297
				298	/* there must be at least one tag and one length word */
				299	if (toklen <= 8)
				300	return -EINVAL;
				301
				302	_enter(",%zu,{%x,%x},%u",
				303	max_data_size, ntohl(xdr[0]), ntohl(xdr[1]), toklen);
				304
				305	td->tag = ntohl(*xdr++);
				306	len = ntohl(*xdr++);
				307	toklen -= 8;
				308	if (len > max_data_size)
				309	return -EINVAL;
David Howells	f206038	2017-06-15 00:12:24 +0100	[diff] [blame]	310	paddedlen = (len + 3) & ~3;
				311	if (paddedlen > toklen)
				312	return -EINVAL;
David Howells	99455153	2009-09-14 01:17:46 +0000	[diff] [blame]	313	td->data_len = len;
				314
				315	if (len > 0) {
Thomas Meyer	65d9d2c	2011-11-17 12:43:40 +0000	[diff] [blame]	316	td->data = kmemdup(xdr, len, GFP_KERNEL);
David Howells	99455153	2009-09-14 01:17:46 +0000	[diff] [blame]	317	if (!td->data)
				318	return -ENOMEM;
David Howells	f206038	2017-06-15 00:12:24 +0100	[diff] [blame]	319	toklen -= paddedlen;
				320	xdr += paddedlen >> 2;
David Howells	99455153	2009-09-14 01:17:46 +0000	[diff] [blame]	321	}
				322
				323	_debug("tag %x len %x", td->tag, td->data_len);
				324
				325	*_xdr = xdr;
				326	*_toklen = toklen;
				327	_leave(" = 0 [toklen=%u]", toklen);
				328	return 0;
				329	}
				330
				331	/*
				332	* extract an array of tagged data
				333	*/
				334	static int rxrpc_krb5_decode_tagged_array(struct krb5_tagged_data **_td,
				335	u8 *_n_elem,
				336	u8 max_n_elem,
				337	size_t max_elem_size,
				338	const __be32 **_xdr,
Eric Dumazet	95c9617	2012-04-15 05:58:06 +0000	[diff] [blame]	339	unsigned int *_toklen)
David Howells	99455153	2009-09-14 01:17:46 +0000	[diff] [blame]	340	{
				341	struct krb5_tagged_data *td;
				342	const __be32 xdr = _xdr;
Eric Dumazet	95c9617	2012-04-15 05:58:06 +0000	[diff] [blame]	343	unsigned int toklen = *_toklen, n_elem, loop;
David Howells	99455153	2009-09-14 01:17:46 +0000	[diff] [blame]	344	int ret;
				345
				346	/* there must be at least one count */
				347	if (toklen < 4)
				348	return -EINVAL;
				349
				350	_enter(",,%u,%zu,{%x},%u",
				351	max_n_elem, max_elem_size, ntohl(xdr[0]), toklen);
				352
				353	n_elem = ntohl(*xdr++);
				354	toklen -= 4;
Andrey Utkin	fa4eff4	2014-07-18 18:31:57 +0300	[diff] [blame]	355	if (n_elem > max_n_elem)
David Howells	99455153	2009-09-14 01:17:46 +0000	[diff] [blame]	356	return -EINVAL;
				357	*_n_elem = n_elem;
				358	if (n_elem > 0) {
				359	if (toklen <= (n_elem + 1) * 4)
				360	return -EINVAL;
				361
				362	_debug("n_elem %d", n_elem);
				363
Axel Lin	f65bd5e	2012-02-13 20:19:14 +0000	[diff] [blame]	364	td = kcalloc(n_elem, sizeof(struct krb5_tagged_data),
David Howells	99455153	2009-09-14 01:17:46 +0000	[diff] [blame]	365	GFP_KERNEL);
				366	if (!td)
				367	return -ENOMEM;
				368	*_td = td;
				369
				370	for (loop = 0; loop < n_elem; loop++) {
				371	ret = rxrpc_krb5_decode_tagged_data(&td[loop],
				372	max_elem_size,
				373	&xdr, &toklen);
				374	if (ret < 0)
				375	return ret;
				376	}
				377	}
				378
				379	*_xdr = xdr;
				380	*_toklen = toklen;
				381	_leave(" = 0 [toklen=%u]", toklen);
				382	return 0;
				383	}
				384
				385	/*
				386	* extract a krb5 ticket
				387	*/
David Howells	4e36a95	2009-09-16 00:01:13 -0700	[diff] [blame]	388	static int rxrpc_krb5_decode_ticket(u8 *_ticket, u16 _tktlen,
Eric Dumazet	95c9617	2012-04-15 05:58:06 +0000	[diff] [blame]	389	const __be32 *_xdr, unsigned int _toklen)
David Howells	99455153	2009-09-14 01:17:46 +0000	[diff] [blame]	390	{
				391	const __be32 xdr = _xdr;
David Howells	f206038	2017-06-15 00:12:24 +0100	[diff] [blame]	392	unsigned int toklen = *_toklen, len, paddedlen;
David Howells	99455153	2009-09-14 01:17:46 +0000	[diff] [blame]	393
				394	/* there must be at least one length word */
				395	if (toklen <= 4)
				396	return -EINVAL;
				397
				398	_enter(",{%x},%u", ntohl(xdr[0]), toklen);
				399
				400	len = ntohl(*xdr++);
				401	toklen -= 4;
				402	if (len > AFSTOKEN_K5_TIX_MAX)
				403	return -EINVAL;
David Howells	f206038	2017-06-15 00:12:24 +0100	[diff] [blame]	404	paddedlen = (len + 3) & ~3;
				405	if (paddedlen > toklen)
				406	return -EINVAL;
David Howells	99455153	2009-09-14 01:17:46 +0000	[diff] [blame]	407	*_tktlen = len;
				408
				409	_debug("ticket len %u", len);
				410
				411	if (len > 0) {
Thomas Meyer	65d9d2c	2011-11-17 12:43:40 +0000	[diff] [blame]	412	*_ticket = kmemdup(xdr, len, GFP_KERNEL);
David Howells	99455153	2009-09-14 01:17:46 +0000	[diff] [blame]	413	if (!*_ticket)
				414	return -ENOMEM;
David Howells	f206038	2017-06-15 00:12:24 +0100	[diff] [blame]	415	toklen -= paddedlen;
				416	xdr += paddedlen >> 2;
David Howells	99455153	2009-09-14 01:17:46 +0000	[diff] [blame]	417	}
				418
				419	*_xdr = xdr;
				420	*_toklen = toklen;
				421	_leave(" = 0 [toklen=%u]", toklen);
				422	return 0;
				423	}
				424
				425	/*
				426	* parse an RxK5 type XDR format token
				427	* - the caller guarantees we have at least 4 words
				428	*/
David Howells	8a7a3eb	2014-07-18 18:56:36 +0100	[diff] [blame]	429	static int rxrpc_preparse_xdr_rxk5(struct key_preparsed_payload *prep,
				430	size_t datalen,
				431	const __be32 *xdr, unsigned int toklen)
David Howells	99455153	2009-09-14 01:17:46 +0000	[diff] [blame]	432	{
				433	struct rxrpc_key_token token, *pptoken;
				434	struct rxk5_key *rxk5;
				435	const __be32 *end_xdr = xdr + (toklen >> 2);
				436	int ret;
				437
				438	_enter(",{%x,%x,%x,%x},%u",
				439	ntohl(xdr[0]), ntohl(xdr[1]), ntohl(xdr[2]), ntohl(xdr[3]),
				440	toklen);
				441
				442	/* reserve some payload space for this subkey - the length of the token
				443	* is a reasonable approximation */
David Howells	8a7a3eb	2014-07-18 18:56:36 +0100	[diff] [blame]	444	prep->quotalen = datalen + toklen;
David Howells	99455153	2009-09-14 01:17:46 +0000	[diff] [blame]	445
				446	token = kzalloc(sizeof(*token), GFP_KERNEL);
				447	if (!token)
				448	return -ENOMEM;
				449
				450	rxk5 = kzalloc(sizeof(*rxk5), GFP_KERNEL);
				451	if (!rxk5) {
				452	kfree(token);
				453	return -ENOMEM;
				454	}
				455
				456	token->security_index = RXRPC_SECURITY_RXK5;
				457	token->k5 = rxk5;
				458
				459	/* extract the principals */
				460	ret = rxrpc_krb5_decode_principal(&rxk5->client, &xdr, &toklen);
				461	if (ret < 0)
				462	goto error;
				463	ret = rxrpc_krb5_decode_principal(&rxk5->server, &xdr, &toklen);
				464	if (ret < 0)
				465	goto error;
				466
				467	/* extract the session key and the encoding type (the tag field ->
				468	* ENCTYPE_xxx) */
				469	ret = rxrpc_krb5_decode_tagged_data(&rxk5->session, AFSTOKEN_DATA_MAX,
				470	&xdr, &toklen);
				471	if (ret < 0)
				472	goto error;
				473
				474	if (toklen < 4 * 8 + 2 * 4)
				475	goto inval;
				476	rxk5->authtime = be64_to_cpup((const __be64 *) xdr);
				477	xdr += 2;
				478	rxk5->starttime = be64_to_cpup((const __be64 *) xdr);
				479	xdr += 2;
				480	rxk5->endtime = be64_to_cpup((const __be64 *) xdr);
				481	xdr += 2;
				482	rxk5->renew_till = be64_to_cpup((const __be64 *) xdr);
				483	xdr += 2;
				484	rxk5->is_skey = ntohl(*xdr++);
				485	rxk5->flags = ntohl(*xdr++);
				486	toklen -= 4 * 8 + 2 * 4;
				487
				488	_debug("times: a=%llx s=%llx e=%llx rt=%llx",
				489	rxk5->authtime, rxk5->starttime, rxk5->endtime,
				490	rxk5->renew_till);
				491	_debug("is_skey=%x flags=%x", rxk5->is_skey, rxk5->flags);
				492
				493	/* extract the permitted client addresses */
				494	ret = rxrpc_krb5_decode_tagged_array(&rxk5->addresses,
				495	&rxk5->n_addresses,
				496	AFSTOKEN_K5_ADDRESSES_MAX,
				497	AFSTOKEN_DATA_MAX,
				498	&xdr, &toklen);
				499	if (ret < 0)
				500	goto error;
				501
				502	ASSERTCMP((end_xdr - xdr) << 2, ==, toklen);
				503
				504	/* extract the tickets */
				505	ret = rxrpc_krb5_decode_ticket(&rxk5->ticket, &rxk5->ticket_len,
				506	&xdr, &toklen);
				507	if (ret < 0)
				508	goto error;
				509	ret = rxrpc_krb5_decode_ticket(&rxk5->ticket2, &rxk5->ticket2_len,
				510	&xdr, &toklen);
				511	if (ret < 0)
				512	goto error;
				513
				514	ASSERTCMP((end_xdr - xdr) << 2, ==, toklen);
				515
				516	/* extract the typed auth data */
				517	ret = rxrpc_krb5_decode_tagged_array(&rxk5->authdata,
				518	&rxk5->n_authdata,
				519	AFSTOKEN_K5_AUTHDATA_MAX,
				520	AFSTOKEN_BDATALN_MAX,
				521	&xdr, &toklen);
				522	if (ret < 0)
				523	goto error;
				524
				525	ASSERTCMP((end_xdr - xdr) << 2, ==, toklen);
				526
				527	if (toklen != 0)
				528	goto inval;
				529
David Howells	8a7a3eb	2014-07-18 18:56:36 +0100	[diff] [blame]	530	/* attach the payload */
David Howells	146aa8b	2015-10-21 14:04:48 +0100	[diff] [blame]	531	for (pptoken = (struct rxrpc_key_token **)&prep->payload.data[0];
David Howells	99455153	2009-09-14 01:17:46 +0000	[diff] [blame]	532	*pptoken;
				533	pptoken = &(*pptoken)->next)
				534	continue;
				535	*pptoken = token;
David Howells	8a7a3eb	2014-07-18 18:56:36 +0100	[diff] [blame]	536	if (token->kad->expiry < prep->expiry)
				537	prep->expiry = token->kad->expiry;
David Howells	99455153	2009-09-14 01:17:46 +0000	[diff] [blame]	538
				539	_leave(" = 0");
				540	return 0;
				541
				542	inval:
				543	ret = -EINVAL;
				544	error:
				545	rxrpc_rxk5_free(rxk5);
				546	kfree(token);
				547	_leave(" = %d", ret);
				548	return ret;
				549	}
				550
David Howells	3394128	2009-09-14 01:17:35 +0000	[diff] [blame]	551	/*
				552	* attempt to parse the data as the XDR format
				553	* - the caller guarantees we have more than 7 words
				554	*/
David Howells	8a7a3eb	2014-07-18 18:56:36 +0100	[diff] [blame]	555	static int rxrpc_preparse_xdr(struct key_preparsed_payload *prep)
David Howells	3394128	2009-09-14 01:17:35 +0000	[diff] [blame]	556	{
David Howells	8a7a3eb	2014-07-18 18:56:36 +0100	[diff] [blame]	557	const __be32 xdr = prep->data, token;
David Howells	3394128	2009-09-14 01:17:35 +0000	[diff] [blame]	558	const char *cp;
David Howells	f206038	2017-06-15 00:12:24 +0100	[diff] [blame]	559	unsigned int len, paddedlen, loop, ntoken, toklen, sec_ix;
David Howells	8a7a3eb	2014-07-18 18:56:36 +0100	[diff] [blame]	560	size_t datalen = prep->datalen;
David Howells	3394128	2009-09-14 01:17:35 +0000	[diff] [blame]	561	int ret;
				562
				563	_enter(",{%x,%x,%x,%x},%zu",
				564	ntohl(xdr[0]), ntohl(xdr[1]), ntohl(xdr[2]), ntohl(xdr[3]),
David Howells	8a7a3eb	2014-07-18 18:56:36 +0100	[diff] [blame]	565	prep->datalen);
David Howells	3394128	2009-09-14 01:17:35 +0000	[diff] [blame]	566
				567	if (datalen > AFSTOKEN_LENGTH_MAX)
				568	goto not_xdr;
				569
				570	/* XDR is an array of __be32's */
				571	if (datalen & 3)
				572	goto not_xdr;
				573
				574	/* the flags should be 0 (the setpag bit must be handled by
				575	* userspace) */
				576	if (ntohl(*xdr++) != 0)
				577	goto not_xdr;
				578	datalen -= 4;
				579
				580	/* check the cell name */
				581	len = ntohl(*xdr++);
				582	if (len < 1 \|\| len > AFSTOKEN_CELL_MAX)
				583	goto not_xdr;
				584	datalen -= 4;
David Howells	f206038	2017-06-15 00:12:24 +0100	[diff] [blame]	585	paddedlen = (len + 3) & ~3;
				586	if (paddedlen > datalen)
David Howells	3394128	2009-09-14 01:17:35 +0000	[diff] [blame]	587	goto not_xdr;
				588
				589	cp = (const char *) xdr;
				590	for (loop = 0; loop < len; loop++)
				591	if (!isprint(cp[loop]))
				592	goto not_xdr;
David Howells	f206038	2017-06-15 00:12:24 +0100	[diff] [blame]	593	for (; loop < paddedlen; loop++)
				594	if (cp[loop])
				595	goto not_xdr;
David Howells	3394128	2009-09-14 01:17:35 +0000	[diff] [blame]	596	_debug("cellname: [%u/%u] '%.s'",
David Howells	f206038	2017-06-15 00:12:24 +0100	[diff] [blame]	597	len, paddedlen, len, len, (const char *) xdr);
				598	datalen -= paddedlen;
				599	xdr += paddedlen >> 2;
David Howells	3394128	2009-09-14 01:17:35 +0000	[diff] [blame]	600
				601	/* get the token count */
				602	if (datalen < 12)
				603	goto not_xdr;
				604	ntoken = ntohl(*xdr++);
				605	datalen -= 4;
				606	_debug("ntoken: %x", ntoken);
				607	if (ntoken < 1 \|\| ntoken > AFSTOKEN_MAX)
				608	goto not_xdr;
				609
				610	/* check each token wrapper */
				611	token = xdr;
				612	loop = ntoken;
				613	do {
				614	if (datalen < 8)
				615	goto not_xdr;
				616	toklen = ntohl(*xdr++);
				617	sec_ix = ntohl(*xdr);
				618	datalen -= 4;
				619	_debug("token: [%x/%zx] %x", toklen, datalen, sec_ix);
David Howells	f206038	2017-06-15 00:12:24 +0100	[diff] [blame]	620	paddedlen = (toklen + 3) & ~3;
				621	if (toklen < 20 \|\| toklen > datalen \|\| paddedlen > datalen)
David Howells	3394128	2009-09-14 01:17:35 +0000	[diff] [blame]	622	goto not_xdr;
David Howells	f206038	2017-06-15 00:12:24 +0100	[diff] [blame]	623	datalen -= paddedlen;
				624	xdr += paddedlen >> 2;
David Howells	3394128	2009-09-14 01:17:35 +0000	[diff] [blame]	625
				626	} while (--loop > 0);
				627
				628	_debug("remainder: %zu", datalen);
				629	if (datalen != 0)
				630	goto not_xdr;
				631
				632	/* okay: we're going to assume it's valid XDR format
				633	* - we ignore the cellname, relying on the key to be correctly named
				634	*/
				635	do {
				636	xdr = token;
				637	toklen = ntohl(*xdr++);
				638	token = xdr + ((toklen + 3) >> 2);
				639	sec_ix = ntohl(*xdr++);
				640	toklen -= 4;
				641
David Howells	99455153	2009-09-14 01:17:46 +0000	[diff] [blame]	642	_debug("TOKEN type=%u [%p-%p]", sec_ix, xdr, token);
				643
David Howells	3394128	2009-09-14 01:17:35 +0000	[diff] [blame]	644	switch (sec_ix) {
				645	case RXRPC_SECURITY_RXKAD:
David Howells	8a7a3eb	2014-07-18 18:56:36 +0100	[diff] [blame]	646	ret = rxrpc_preparse_xdr_rxkad(prep, datalen, xdr, toklen);
David Howells	3394128	2009-09-14 01:17:35 +0000	[diff] [blame]	647	if (ret != 0)
				648	goto error;
				649	break;
				650
David Howells	99455153	2009-09-14 01:17:46 +0000	[diff] [blame]	651	case RXRPC_SECURITY_RXK5:
David Howells	8a7a3eb	2014-07-18 18:56:36 +0100	[diff] [blame]	652	ret = rxrpc_preparse_xdr_rxk5(prep, datalen, xdr, toklen);
David Howells	99455153	2009-09-14 01:17:46 +0000	[diff] [blame]	653	if (ret != 0)
				654	goto error;
				655	break;
				656
David Howells	3394128	2009-09-14 01:17:35 +0000	[diff] [blame]	657	default:
				658	ret = -EPROTONOSUPPORT;
				659	goto error;
				660	}
				661
				662	} while (--ntoken > 0);
				663
				664	_leave(" = 0");
				665	return 0;
				666
				667	not_xdr:
				668	_leave(" = -EPROTO");
				669	return -EPROTO;
				670	error:
				671	_leave(" = %d", ret);
				672	return ret;
				673	}
				674
				675	/*
David Howells	8a7a3eb	2014-07-18 18:56:36 +0100	[diff] [blame]	676	* Preparse an rxrpc defined key.
				677	*
				678	* Data should be of the form:
David Howells	17926a7	2007-04-26 15:48:28 -0700	[diff] [blame]	679	* OFFSET LEN CONTENT
				680	* 0 4 key interface version number
				681	* 4 2 security index (type)
				682	* 6 2 ticket length
				683	* 8 4 key expiry time (time_t)
				684	* 12 4 kvno
				685	* 16 8 session key
				686	* 24 [len] ticket
				687	*
				688	* if no data is provided, then a no-security key is made
				689	*/
David Howells	8a7a3eb	2014-07-18 18:56:36 +0100	[diff] [blame]	690	static int rxrpc_preparse(struct key_preparsed_payload *prep)
David Howells	17926a7	2007-04-26 15:48:28 -0700	[diff] [blame]	691	{
David Howells	3394128	2009-09-14 01:17:35 +0000	[diff] [blame]	692	const struct rxrpc_key_data_v1 *v1;
				693	struct rxrpc_key_token token, *pp;
David Howells	17926a7	2007-04-26 15:48:28 -0700	[diff] [blame]	694	size_t plen;
				695	u32 kver;
				696	int ret;
				697
David Howells	8a7a3eb	2014-07-18 18:56:36 +0100	[diff] [blame]	698	_enter("%zu", prep->datalen);
David Howells	17926a7	2007-04-26 15:48:28 -0700	[diff] [blame]	699
				700	/* handle a no-security key */
David Howells	cf7f601	2012-09-13 13:06:29 +0100	[diff] [blame]	701	if (!prep->data && prep->datalen == 0)
David Howells	17926a7	2007-04-26 15:48:28 -0700	[diff] [blame]	702	return 0;
				703
David Howells	3394128	2009-09-14 01:17:35 +0000	[diff] [blame]	704	/* determine if the XDR payload format is being used */
David Howells	cf7f601	2012-09-13 13:06:29 +0100	[diff] [blame]	705	if (prep->datalen > 7 * 4) {
David Howells	8a7a3eb	2014-07-18 18:56:36 +0100	[diff] [blame]	706	ret = rxrpc_preparse_xdr(prep);
David Howells	3394128	2009-09-14 01:17:35 +0000	[diff] [blame]	707	if (ret != -EPROTO)
				708	return ret;
				709	}
				710
David Howells	17926a7	2007-04-26 15:48:28 -0700	[diff] [blame]	711	/* get the key interface version number */
				712	ret = -EINVAL;
David Howells	cf7f601	2012-09-13 13:06:29 +0100	[diff] [blame]	713	if (prep->datalen <= 4 \|\| !prep->data)
David Howells	17926a7	2007-04-26 15:48:28 -0700	[diff] [blame]	714	goto error;
David Howells	cf7f601	2012-09-13 13:06:29 +0100	[diff] [blame]	715	memcpy(&kver, prep->data, sizeof(kver));
				716	prep->data += sizeof(kver);
				717	prep->datalen -= sizeof(kver);
David Howells	17926a7	2007-04-26 15:48:28 -0700	[diff] [blame]	718
				719	_debug("KEY I/F VERSION: %u", kver);
				720
				721	ret = -EKEYREJECTED;
				722	if (kver != 1)
				723	goto error;
				724
				725	/* deal with a version 1 key */
				726	ret = -EINVAL;
David Howells	cf7f601	2012-09-13 13:06:29 +0100	[diff] [blame]	727	if (prep->datalen < sizeof(*v1))
David Howells	17926a7	2007-04-26 15:48:28 -0700	[diff] [blame]	728	goto error;
				729
David Howells	cf7f601	2012-09-13 13:06:29 +0100	[diff] [blame]	730	v1 = prep->data;
				731	if (prep->datalen != sizeof(*v1) + v1->ticket_length)
David Howells	17926a7	2007-04-26 15:48:28 -0700	[diff] [blame]	732	goto error;
				733
David Howells	3394128	2009-09-14 01:17:35 +0000	[diff] [blame]	734	_debug("SCIX: %u", v1->security_index);
				735	_debug("TLEN: %u", v1->ticket_length);
				736	_debug("EXPY: %x", v1->expiry);
				737	_debug("KVNO: %u", v1->kvno);
David Howells	17926a7	2007-04-26 15:48:28 -0700	[diff] [blame]	738	_debug("SKEY: %02x%02x%02x%02x%02x%02x%02x%02x",
David Howells	3394128	2009-09-14 01:17:35 +0000	[diff] [blame]	739	v1->session_key[0], v1->session_key[1],
				740	v1->session_key[2], v1->session_key[3],
				741	v1->session_key[4], v1->session_key[5],
				742	v1->session_key[6], v1->session_key[7]);
				743	if (v1->ticket_length >= 8)
David Howells	17926a7	2007-04-26 15:48:28 -0700	[diff] [blame]	744	_debug("TCKT: %02x%02x%02x%02x%02x%02x%02x%02x",
David Howells	3394128	2009-09-14 01:17:35 +0000	[diff] [blame]	745	v1->ticket[0], v1->ticket[1],
				746	v1->ticket[2], v1->ticket[3],
				747	v1->ticket[4], v1->ticket[5],
				748	v1->ticket[6], v1->ticket[7]);
David Howells	17926a7	2007-04-26 15:48:28 -0700	[diff] [blame]	749
				750	ret = -EPROTONOSUPPORT;
David Howells	3394128	2009-09-14 01:17:35 +0000	[diff] [blame]	751	if (v1->security_index != RXRPC_SECURITY_RXKAD)
David Howells	17926a7	2007-04-26 15:48:28 -0700	[diff] [blame]	752	goto error;
				753
David Howells	3394128	2009-09-14 01:17:35 +0000	[diff] [blame]	754	plen = sizeof(*token->kad) + v1->ticket_length;
David Howells	8a7a3eb	2014-07-18 18:56:36 +0100	[diff] [blame]	755	prep->quotalen = plen + sizeof(*token);
David Howells	17926a7	2007-04-26 15:48:28 -0700	[diff] [blame]	756
				757	ret = -ENOMEM;
Anton Blanchard	0a93ea2	2011-02-25 15:33:17 +0000	[diff] [blame]	758	token = kzalloc(sizeof(*token), GFP_KERNEL);
David Howells	3394128	2009-09-14 01:17:35 +0000	[diff] [blame]	759	if (!token)
David Howells	17926a7	2007-04-26 15:48:28 -0700	[diff] [blame]	760	goto error;
Anton Blanchard	0a93ea2	2011-02-25 15:33:17 +0000	[diff] [blame]	761	token->kad = kzalloc(plen, GFP_KERNEL);
David Howells	3394128	2009-09-14 01:17:35 +0000	[diff] [blame]	762	if (!token->kad)
				763	goto error_free;
				764
				765	token->security_index = RXRPC_SECURITY_RXKAD;
				766	token->kad->ticket_len = v1->ticket_length;
				767	token->kad->expiry = v1->expiry;
				768	token->kad->kvno = v1->kvno;
				769	memcpy(&token->kad->session_key, &v1->session_key, 8);
				770	memcpy(&token->kad->ticket, v1->ticket, v1->ticket_length);
David Howells	17926a7	2007-04-26 15:48:28 -0700	[diff] [blame]	771
David Howells	8a7a3eb	2014-07-18 18:56:36 +0100	[diff] [blame]	772	/* count the number of tokens attached */
David Howells	146aa8b	2015-10-21 14:04:48 +0100	[diff] [blame]	773	prep->payload.data[1] = (void *)((unsigned long)prep->payload.data[1] + 1);
David Howells	3394128	2009-09-14 01:17:35 +0000	[diff] [blame]	774
David Howells	8a7a3eb	2014-07-18 18:56:36 +0100	[diff] [blame]	775	/* attach the data */
David Howells	146aa8b	2015-10-21 14:04:48 +0100	[diff] [blame]	776	pp = (struct rxrpc_key_token **)&prep->payload.data[0];
David Howells	3394128	2009-09-14 01:17:35 +0000	[diff] [blame]	777	while (*pp)
				778	pp = &(*pp)->next;
				779	*pp = token;
David Howells	8a7a3eb	2014-07-18 18:56:36 +0100	[diff] [blame]	780	if (token->kad->expiry < prep->expiry)
				781	prep->expiry = token->kad->expiry;
David Howells	3394128	2009-09-14 01:17:35 +0000	[diff] [blame]	782	token = NULL;
David Howells	17926a7	2007-04-26 15:48:28 -0700	[diff] [blame]	783	ret = 0;
				784
David Howells	3394128	2009-09-14 01:17:35 +0000	[diff] [blame]	785	error_free:
				786	kfree(token);
David Howells	17926a7	2007-04-26 15:48:28 -0700	[diff] [blame]	787	error:
				788	return ret;
				789	}
				790
				791	/*
David Howells	8a7a3eb	2014-07-18 18:56:36 +0100	[diff] [blame]	792	* Free token list.
David Howells	17926a7	2007-04-26 15:48:28 -0700	[diff] [blame]	793	*/
David Howells	8a7a3eb	2014-07-18 18:56:36 +0100	[diff] [blame]	794	static void rxrpc_free_token_list(struct rxrpc_key_token *token)
David Howells	17926a7	2007-04-26 15:48:28 -0700	[diff] [blame]	795	{
David Howells	8a7a3eb	2014-07-18 18:56:36 +0100	[diff] [blame]	796	struct rxrpc_key_token *next;
David Howells	17926a7	2007-04-26 15:48:28 -0700	[diff] [blame]	797
David Howells	8a7a3eb	2014-07-18 18:56:36 +0100	[diff] [blame]	798	for (; token; token = next) {
				799	next = token->next;
David Howells	3394128	2009-09-14 01:17:35 +0000	[diff] [blame]	800	switch (token->security_index) {
				801	case RXRPC_SECURITY_RXKAD:
				802	kfree(token->kad);
				803	break;
David Howells	99455153	2009-09-14 01:17:46 +0000	[diff] [blame]	804	case RXRPC_SECURITY_RXK5:
				805	if (token->k5)
				806	rxrpc_rxk5_free(token->k5);
				807	break;
David Howells	3394128	2009-09-14 01:17:35 +0000	[diff] [blame]	808	default:
Joe Perches	9b6d539	2016-06-02 12:08:52 -0700	[diff] [blame]	809	pr_err("Unknown token type %x on rxrpc key\n",
David Howells	3394128	2009-09-14 01:17:35 +0000	[diff] [blame]	810	token->security_index);
				811	BUG();
				812	}
				813
				814	kfree(token);
				815	}
David Howells	17926a7	2007-04-26 15:48:28 -0700	[diff] [blame]	816	}
				817
				818	/*
David Howells	8a7a3eb	2014-07-18 18:56:36 +0100	[diff] [blame]	819	* Clean up preparse data.
				820	*/
				821	static void rxrpc_free_preparse(struct key_preparsed_payload *prep)
				822	{
David Howells	146aa8b	2015-10-21 14:04:48 +0100	[diff] [blame]	823	rxrpc_free_token_list(prep->payload.data[0]);
David Howells	8a7a3eb	2014-07-18 18:56:36 +0100	[diff] [blame]	824	}
				825
				826	/*
				827	* Preparse a server secret key.
				828	*
				829	* The data should be the 8-byte secret key.
				830	*/
				831	static int rxrpc_preparse_s(struct key_preparsed_payload *prep)
				832	{
Herbert Xu	1afe593	2016-01-24 21:19:01 +0800	[diff] [blame]	833	struct crypto_skcipher *ci;
David Howells	8a7a3eb	2014-07-18 18:56:36 +0100	[diff] [blame]	834
				835	_enter("%zu", prep->datalen);
				836
				837	if (prep->datalen != 8)
				838	return -EINVAL;
				839
David Howells	146aa8b	2015-10-21 14:04:48 +0100	[diff] [blame]	840	memcpy(&prep->payload.data[2], prep->data, 8);
David Howells	8a7a3eb	2014-07-18 18:56:36 +0100	[diff] [blame]	841
Herbert Xu	1afe593	2016-01-24 21:19:01 +0800	[diff] [blame]	842	ci = crypto_alloc_skcipher("pcbc(des)", 0, CRYPTO_ALG_ASYNC);
David Howells	8a7a3eb	2014-07-18 18:56:36 +0100	[diff] [blame]	843	if (IS_ERR(ci)) {
				844	_leave(" = %ld", PTR_ERR(ci));
				845	return PTR_ERR(ci);
				846	}
				847
Herbert Xu	1afe593	2016-01-24 21:19:01 +0800	[diff] [blame]	848	if (crypto_skcipher_setkey(ci, prep->data, 8) < 0)
David Howells	8a7a3eb	2014-07-18 18:56:36 +0100	[diff] [blame]	849	BUG();
				850
David Howells	146aa8b	2015-10-21 14:04:48 +0100	[diff] [blame]	851	prep->payload.data[0] = ci;
David Howells	8a7a3eb	2014-07-18 18:56:36 +0100	[diff] [blame]	852	_leave(" = 0");
				853	return 0;
				854	}
				855
				856	/*
				857	* Clean up preparse data.
				858	*/
				859	static void rxrpc_free_preparse_s(struct key_preparsed_payload *prep)
				860	{
David Howells	146aa8b	2015-10-21 14:04:48 +0100	[diff] [blame]	861	if (prep->payload.data[0])
Herbert Xu	1afe593	2016-01-24 21:19:01 +0800	[diff] [blame]	862	crypto_free_skcipher(prep->payload.data[0]);
David Howells	8a7a3eb	2014-07-18 18:56:36 +0100	[diff] [blame]	863	}
				864
				865	/*
				866	* dispose of the data dangling from the corpse of a rxrpc key
				867	*/
				868	static void rxrpc_destroy(struct key *key)
				869	{
David Howells	146aa8b	2015-10-21 14:04:48 +0100	[diff] [blame]	870	rxrpc_free_token_list(key->payload.data[0]);
David Howells	8a7a3eb	2014-07-18 18:56:36 +0100	[diff] [blame]	871	}
				872
				873	/*
David Howells	17926a7	2007-04-26 15:48:28 -0700	[diff] [blame]	874	* dispose of the data dangling from the corpse of a rxrpc key
				875	*/
				876	static void rxrpc_destroy_s(struct key *key)
				877	{
David Howells	146aa8b	2015-10-21 14:04:48 +0100	[diff] [blame]	878	if (key->payload.data[0]) {
Herbert Xu	1afe593	2016-01-24 21:19:01 +0800	[diff] [blame]	879	crypto_free_skcipher(key->payload.data[0]);
David Howells	146aa8b	2015-10-21 14:04:48 +0100	[diff] [blame]	880	key->payload.data[0] = NULL;
David Howells	17926a7	2007-04-26 15:48:28 -0700	[diff] [blame]	881	}
				882	}
				883
				884	/*
				885	* describe the rxrpc key
				886	*/
				887	static void rxrpc_describe(const struct key key, struct seq_file m)
				888	{
				889	seq_puts(m, key->description);
				890	}
				891
				892	/*
				893	* grab the security key for a socket
				894	*/
				895	int rxrpc_request_key(struct rxrpc_sock rx, char __user optval, int optlen)
				896	{
				897	struct key *key;
				898	char *description;
				899
				900	_enter("");
				901
				902	if (optlen <= 0 \|\| optlen > PAGE_SIZE - 1)
				903	return -EINVAL;
				904
Al Viro	16e5c1f	2015-12-24 00:06:05 -0500	[diff] [blame]	905	description = memdup_user_nul(optval, optlen);
				906	if (IS_ERR(description))
				907	return PTR_ERR(description);
David Howells	17926a7	2007-04-26 15:48:28 -0700	[diff] [blame]	908
				909	key = request_key(&key_type_rxrpc, description, NULL);
				910	if (IS_ERR(key)) {
				911	kfree(description);
				912	_leave(" = %ld", PTR_ERR(key));
				913	return PTR_ERR(key);
				914	}
				915
				916	rx->key = key;
				917	kfree(description);
				918	_leave(" = 0 [key %x]", key->serial);
				919	return 0;
				920	}
				921
				922	/*
				923	* grab the security keyring for a server socket
				924	*/
				925	int rxrpc_server_keyring(struct rxrpc_sock rx, char __user optval,
				926	int optlen)
				927	{
				928	struct key *key;
				929	char *description;
				930
				931	_enter("");
				932
				933	if (optlen <= 0 \|\| optlen > PAGE_SIZE - 1)
				934	return -EINVAL;
				935
Al Viro	16e5c1f	2015-12-24 00:06:05 -0500	[diff] [blame]	936	description = memdup_user_nul(optval, optlen);
				937	if (IS_ERR(description))
				938	return PTR_ERR(description);
David Howells	17926a7	2007-04-26 15:48:28 -0700	[diff] [blame]	939
				940	key = request_key(&key_type_keyring, description, NULL);
				941	if (IS_ERR(key)) {
				942	kfree(description);
				943	_leave(" = %ld", PTR_ERR(key));
				944	return PTR_ERR(key);
				945	}
				946
				947	rx->securities = key;
				948	kfree(description);
				949	_leave(" = 0 [key %x]", key->serial);
				950	return 0;
				951	}
				952
				953	/*
				954	* generate a server data key
				955	*/
				956	int rxrpc_get_server_data_key(struct rxrpc_connection *conn,
				957	const void *session_key,
				958	time_t expiry,
				959	u32 kvno)
				960	{
David Howells	d84f4f9	2008-11-14 10:39:23 +1100	[diff] [blame]	961	const struct cred *cred = current_cred();
David Howells	17926a7	2007-04-26 15:48:28 -0700	[diff] [blame]	962	struct key *key;
				963	int ret;
				964
				965	struct {
				966	u32 kver;
David Howells	3394128	2009-09-14 01:17:35 +0000	[diff] [blame]	967	struct rxrpc_key_data_v1 v1;
David Howells	17926a7	2007-04-26 15:48:28 -0700	[diff] [blame]	968	} data;
				969
				970	_enter("");
				971
Eric W. Biederman	c608973	2012-05-25 16:37:54 -0600	[diff] [blame]	972	key = key_alloc(&key_type_rxrpc, "x",
				973	GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, cred, 0,
David Howells	5ac7eac	2016-04-06 16:14:24 +0100	[diff] [blame]	974	KEY_ALLOC_NOT_IN_QUOTA, NULL);
David Howells	17926a7	2007-04-26 15:48:28 -0700	[diff] [blame]	975	if (IS_ERR(key)) {
				976	_leave(" = -ENOMEM [alloc %ld]", PTR_ERR(key));
				977	return -ENOMEM;
				978	}
				979
				980	_debug("key %d", key_serial(key));
				981
				982	data.kver = 1;
David Howells	3394128	2009-09-14 01:17:35 +0000	[diff] [blame]	983	data.v1.security_index = RXRPC_SECURITY_RXKAD;
				984	data.v1.ticket_length = 0;
				985	data.v1.expiry = expiry;
				986	data.v1.kvno = 0;
David Howells	17926a7	2007-04-26 15:48:28 -0700	[diff] [blame]	987
David Howells	3394128	2009-09-14 01:17:35 +0000	[diff] [blame]	988	memcpy(&data.v1.session_key, session_key, sizeof(data.v1.session_key));
David Howells	17926a7	2007-04-26 15:48:28 -0700	[diff] [blame]	989
				990	ret = key_instantiate_and_link(key, &data, sizeof(data), NULL, NULL);
				991	if (ret < 0)
				992	goto error;
				993
David Howells	19ffa01	2016-04-04 14:00:36 +0100	[diff] [blame]	994	conn->params.key = key;
David Howells	17926a7	2007-04-26 15:48:28 -0700	[diff] [blame]	995	_leave(" = 0 [%d]", key_serial(key));
				996	return 0;
				997
				998	error:
				999	key_revoke(key);
				1000	key_put(key);
				1001	_leave(" = -ENOMEM [ins %d]", ret);
				1002	return -ENOMEM;
				1003	}
David Howells	17926a7	2007-04-26 15:48:28 -0700	[diff] [blame]	1004	EXPORT_SYMBOL(rxrpc_get_server_data_key);
David Howells	76181c1	2007-10-16 23:29:46 -0700	[diff] [blame]	1005
				1006	/**
				1007	* rxrpc_get_null_key - Generate a null RxRPC key
				1008	* @keyname: The name to give the key.
				1009	*
				1010	* Generate a null RxRPC key that can be used to indicate anonymous security is
				1011	* required for a particular domain.
				1012	*/
				1013	struct key rxrpc_get_null_key(const char keyname)
				1014	{
David Howells	d84f4f9	2008-11-14 10:39:23 +1100	[diff] [blame]	1015	const struct cred *cred = current_cred();
David Howells	76181c1	2007-10-16 23:29:46 -0700	[diff] [blame]	1016	struct key *key;
				1017	int ret;
				1018
Eric W. Biederman	c608973	2012-05-25 16:37:54 -0600	[diff] [blame]	1019	key = key_alloc(&key_type_rxrpc, keyname,
				1020	GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, cred,
David Howells	5ac7eac	2016-04-06 16:14:24 +0100	[diff] [blame]	1021	KEY_POS_SEARCH, KEY_ALLOC_NOT_IN_QUOTA, NULL);
David Howells	76181c1	2007-10-16 23:29:46 -0700	[diff] [blame]	1022	if (IS_ERR(key))
				1023	return key;
				1024
				1025	ret = key_instantiate_and_link(key, NULL, 0, NULL, NULL);
				1026	if (ret < 0) {
				1027	key_revoke(key);
				1028	key_put(key);
				1029	return ERR_PTR(ret);
				1030	}
				1031
				1032	return key;
				1033	}
				1034	EXPORT_SYMBOL(rxrpc_get_null_key);
David Howells	ed6dd18	2009-09-14 01:17:40 +0000	[diff] [blame]	1035
				1036	/*
				1037	* read the contents of an rxrpc key
				1038	* - this returns the result in XDR form
				1039	*/
				1040	static long rxrpc_read(const struct key *key,
				1041	char __user *buffer, size_t buflen)
				1042	{
David Howells	99455153	2009-09-14 01:17:46 +0000	[diff] [blame]	1043	const struct rxrpc_key_token *token;
				1044	const struct krb5_principal *princ;
				1045	size_t size;
				1046	__be32 __user xdr, oldxdr;
				1047	u32 cnlen, toksize, ntoks, tok, zero;
				1048	u16 toksizes[AFSTOKEN_MAX];
				1049	int loop;
David Howells	ed6dd18	2009-09-14 01:17:40 +0000	[diff] [blame]	1050
				1051	_enter("");
				1052
				1053	/* we don't know what form we should return non-AFS keys in */
				1054	if (memcmp(key->description, "afs@", 4) != 0)
				1055	return -EOPNOTSUPP;
				1056	cnlen = strlen(key->description + 4);
				1057
David Howells	99455153	2009-09-14 01:17:46 +0000	[diff] [blame]	1058	#define RND(X) (((X) + 3) & ~3)
				1059
David Howells	ed6dd18	2009-09-14 01:17:40 +0000	[diff] [blame]	1060	/* AFS keys we return in XDR form, so we need to work out the size of
				1061	* the XDR */
				1062	size = 2 * 4; /* flags, cellname len */
David Howells	99455153	2009-09-14 01:17:46 +0000	[diff] [blame]	1063	size += RND(cnlen); /* cellname */
David Howells	ed6dd18	2009-09-14 01:17:40 +0000	[diff] [blame]	1064	size += 1 * 4; /* token count */
				1065
				1066	ntoks = 0;
David Howells	146aa8b	2015-10-21 14:04:48 +0100	[diff] [blame]	1067	for (token = key->payload.data[0]; token; token = token->next) {
David Howells	99455153	2009-09-14 01:17:46 +0000	[diff] [blame]	1068	toksize = 4; /* sec index */
				1069
David Howells	ed6dd18	2009-09-14 01:17:40 +0000	[diff] [blame]	1070	switch (token->security_index) {
				1071	case RXRPC_SECURITY_RXKAD:
David Howells	99455153	2009-09-14 01:17:46 +0000	[diff] [blame]	1072	toksize += 8 * 4; /* viceid, kvno, key*2, begin,
				1073	* end, primary, tktlen */
				1074	toksize += RND(token->kad->ticket_len);
David Howells	ed6dd18	2009-09-14 01:17:40 +0000	[diff] [blame]	1075	break;
				1076
David Howells	99455153	2009-09-14 01:17:46 +0000	[diff] [blame]	1077	case RXRPC_SECURITY_RXK5:
				1078	princ = &token->k5->client;
				1079	toksize += 4 + princ->n_name_parts * 4;
				1080	for (loop = 0; loop < princ->n_name_parts; loop++)
				1081	toksize += RND(strlen(princ->name_parts[loop]));
				1082	toksize += 4 + RND(strlen(princ->realm));
				1083
				1084	princ = &token->k5->server;
				1085	toksize += 4 + princ->n_name_parts * 4;
				1086	for (loop = 0; loop < princ->n_name_parts; loop++)
				1087	toksize += RND(strlen(princ->name_parts[loop]));
				1088	toksize += 4 + RND(strlen(princ->realm));
				1089
				1090	toksize += 8 + RND(token->k5->session.data_len);
				1091
				1092	toksize += 4 * 8 + 2 * 4;
				1093
				1094	toksize += 4 + token->k5->n_addresses * 8;
				1095	for (loop = 0; loop < token->k5->n_addresses; loop++)
				1096	toksize += RND(token->k5->addresses[loop].data_len);
				1097
				1098	toksize += 4 + RND(token->k5->ticket_len);
				1099	toksize += 4 + RND(token->k5->ticket2_len);
				1100
				1101	toksize += 4 + token->k5->n_authdata * 8;
				1102	for (loop = 0; loop < token->k5->n_authdata; loop++)
				1103	toksize += RND(token->k5->authdata[loop].data_len);
David Howells	ed6dd18	2009-09-14 01:17:40 +0000	[diff] [blame]	1104	break;
David Howells	99455153	2009-09-14 01:17:46 +0000	[diff] [blame]	1105
				1106	default: /* we have a ticket we can't encode */
				1107	BUG();
				1108	continue;
David Howells	ed6dd18	2009-09-14 01:17:40 +0000	[diff] [blame]	1109	}
David Howells	99455153	2009-09-14 01:17:46 +0000	[diff] [blame]	1110
				1111	_debug("token[%u]: toksize=%u", ntoks, toksize);
				1112	ASSERTCMP(toksize, <=, AFSTOKEN_LENGTH_MAX);
				1113
				1114	toksizes[ntoks++] = toksize;
				1115	size += toksize + 4; /* each token has a length word */
David Howells	ed6dd18	2009-09-14 01:17:40 +0000	[diff] [blame]	1116	}
				1117
David Howells	99455153	2009-09-14 01:17:46 +0000	[diff] [blame]	1118	#undef RND
				1119
David Howells	ed6dd18	2009-09-14 01:17:40 +0000	[diff] [blame]	1120	if (!buffer \|\| buflen < size)
				1121	return size;
				1122
				1123	xdr = (__be32 __user *) buffer;
				1124	zero = 0;
				1125	#define ENCODE(x) \
				1126	do { \
				1127	__be32 y = htonl(x); \
				1128	if (put_user(y, xdr++) < 0) \
				1129	goto fault; \
				1130	} while(0)
David Howells	99455153	2009-09-14 01:17:46 +0000	[diff] [blame]	1131	#define ENCODE_DATA(l, s) \
				1132	do { \
				1133	u32 _l = (l); \
				1134	ENCODE(l); \
				1135	if (copy_to_user(xdr, (s), _l) != 0) \
				1136	goto fault; \
				1137	if (_l & 3 && \
David Howells	ed3bfdf	2014-09-09 15:19:44 +0100	[diff] [blame]	1138	copy_to_user((u8 __user *)xdr + _l, &zero, 4 - (_l & 3)) != 0) \
David Howells	99455153	2009-09-14 01:17:46 +0000	[diff] [blame]	1139	goto fault; \
				1140	xdr += (_l + 3) >> 2; \
				1141	} while(0)
				1142	#define ENCODE64(x) \
				1143	do { \
				1144	__be64 y = cpu_to_be64(x); \
				1145	if (copy_to_user(xdr, &y, 8) != 0) \
				1146	goto fault; \
				1147	xdr += 8 >> 2; \
				1148	} while(0)
				1149	#define ENCODE_STR(s) \
				1150	do { \
				1151	const char *_s = (s); \
				1152	ENCODE_DATA(strlen(_s), _s); \
				1153	} while(0)
David Howells	ed6dd18	2009-09-14 01:17:40 +0000	[diff] [blame]	1154
David Howells	99455153	2009-09-14 01:17:46 +0000	[diff] [blame]	1155	ENCODE(0); /* flags */
				1156	ENCODE_DATA(cnlen, key->description + 4); /* cellname */
				1157	ENCODE(ntoks);
David Howells	ed6dd18	2009-09-14 01:17:40 +0000	[diff] [blame]	1158
David Howells	99455153	2009-09-14 01:17:46 +0000	[diff] [blame]	1159	tok = 0;
David Howells	146aa8b	2015-10-21 14:04:48 +0100	[diff] [blame]	1160	for (token = key->payload.data[0]; token; token = token->next) {
David Howells	99455153	2009-09-14 01:17:46 +0000	[diff] [blame]	1161	toksize = toksizes[tok++];
				1162	ENCODE(toksize);
				1163	oldxdr = xdr;
				1164	ENCODE(token->security_index);
David Howells	ed6dd18	2009-09-14 01:17:40 +0000	[diff] [blame]	1165
				1166	switch (token->security_index) {
				1167	case RXRPC_SECURITY_RXKAD:
David Howells	ed6dd18	2009-09-14 01:17:40 +0000	[diff] [blame]	1168	ENCODE(token->kad->vice_id);
				1169	ENCODE(token->kad->kvno);
David Howells	99455153	2009-09-14 01:17:46 +0000	[diff] [blame]	1170	ENCODE_DATA(8, token->kad->session_key);
David Howells	ed6dd18	2009-09-14 01:17:40 +0000	[diff] [blame]	1171	ENCODE(token->kad->start);
				1172	ENCODE(token->kad->expiry);
				1173	ENCODE(token->kad->primary_flag);
David Howells	99455153	2009-09-14 01:17:46 +0000	[diff] [blame]	1174	ENCODE_DATA(token->kad->ticket_len, token->kad->ticket);
				1175	break;
				1176
				1177	case RXRPC_SECURITY_RXK5:
				1178	princ = &token->k5->client;
				1179	ENCODE(princ->n_name_parts);
				1180	for (loop = 0; loop < princ->n_name_parts; loop++)
				1181	ENCODE_STR(princ->name_parts[loop]);
				1182	ENCODE_STR(princ->realm);
				1183
				1184	princ = &token->k5->server;
				1185	ENCODE(princ->n_name_parts);
				1186	for (loop = 0; loop < princ->n_name_parts; loop++)
				1187	ENCODE_STR(princ->name_parts[loop]);
				1188	ENCODE_STR(princ->realm);
				1189
				1190	ENCODE(token->k5->session.tag);
				1191	ENCODE_DATA(token->k5->session.data_len,
				1192	token->k5->session.data);
				1193
				1194	ENCODE64(token->k5->authtime);
				1195	ENCODE64(token->k5->starttime);
				1196	ENCODE64(token->k5->endtime);
				1197	ENCODE64(token->k5->renew_till);
				1198	ENCODE(token->k5->is_skey);
				1199	ENCODE(token->k5->flags);
				1200
				1201	ENCODE(token->k5->n_addresses);
				1202	for (loop = 0; loop < token->k5->n_addresses; loop++) {
				1203	ENCODE(token->k5->addresses[loop].tag);
				1204	ENCODE_DATA(token->k5->addresses[loop].data_len,
				1205	token->k5->addresses[loop].data);
				1206	}
				1207
				1208	ENCODE_DATA(token->k5->ticket_len, token->k5->ticket);
				1209	ENCODE_DATA(token->k5->ticket2_len, token->k5->ticket2);
				1210
				1211	ENCODE(token->k5->n_authdata);
				1212	for (loop = 0; loop < token->k5->n_authdata; loop++) {
				1213	ENCODE(token->k5->authdata[loop].tag);
				1214	ENCODE_DATA(token->k5->authdata[loop].data_len,
				1215	token->k5->authdata[loop].data);
				1216	}
David Howells	ed6dd18	2009-09-14 01:17:40 +0000	[diff] [blame]	1217	break;
				1218
				1219	default:
David Howells	99455153	2009-09-14 01:17:46 +0000	[diff] [blame]	1220	BUG();
David Howells	ed6dd18	2009-09-14 01:17:40 +0000	[diff] [blame]	1221	break;
				1222	}
David Howells	99455153	2009-09-14 01:17:46 +0000	[diff] [blame]	1223
				1224	ASSERTCMP((unsigned long)xdr - (unsigned long)oldxdr, ==,
				1225	toksize);
David Howells	ed6dd18	2009-09-14 01:17:40 +0000	[diff] [blame]	1226	}
				1227
David Howells	99455153	2009-09-14 01:17:46 +0000	[diff] [blame]	1228	#undef ENCODE_STR
				1229	#undef ENCODE_DATA
				1230	#undef ENCODE64
David Howells	ed6dd18	2009-09-14 01:17:40 +0000	[diff] [blame]	1231	#undef ENCODE
				1232
David Howells	99455153	2009-09-14 01:17:46 +0000	[diff] [blame]	1233	ASSERTCMP(tok, ==, ntoks);
David Howells	ed6dd18	2009-09-14 01:17:40 +0000	[diff] [blame]	1234	ASSERTCMP((char __user *) xdr - buffer, ==, size);
				1235	_leave(" = %zu", size);
				1236	return size;
				1237
				1238	fault:
				1239	_leave(" = -EFAULT");
				1240	return -EFAULT;
				1241	}