Blame - net/sunrpc/auth_gss/gss_krb5_wrap.c - kernel/msm-5.4

blob: ad243872f547a6396857bef84daa4bf942270c9f [file] [log] [blame]

J. Bruce Fields	14ae162	2005-10-13 16:55:13 -0400	[diff] [blame]	1	#include <linux/types.h>
				2	#include <linux/slab.h>
				3	#include <linux/jiffies.h>
				4	#include <linux/sunrpc/gss_krb5.h>
				5	#include <linux/random.h>
				6	#include <linux/pagemap.h>
				7	#include <asm/scatterlist.h>
				8	#include <linux/crypto.h>
				9
				10	#ifdef RPC_DEBUG
				11	# define RPCDBG_FACILITY RPCDBG_AUTH
				12	#endif
				13
				14	static inline int
				15	gss_krb5_padding(int blocksize, int length)
				16	{
				17	/* Most of the code is block-size independent but currently we
				18	* use only 8: */
				19	BUG_ON(blocksize != 8);
				20	return 8 - (length & 7);
				21	}
				22
				23	static inline void
				24	gss_krb5_add_padding(struct xdr_buf *buf, int offset, int blocksize)
				25	{
				26	int padding = gss_krb5_padding(blocksize, buf->len - offset);
				27	char *p;
				28	struct kvec *iov;
				29
				30	if (buf->page_len \|\| buf->tail[0].iov_len)
				31	iov = &buf->tail[0];
				32	else
				33	iov = &buf->head[0];
				34	p = iov->iov_base + iov->iov_len;
				35	iov->iov_len += padding;
				36	buf->len += padding;
				37	memset(p, padding, padding);
				38	}
				39
				40	static inline int
				41	gss_krb5_remove_padding(struct xdr_buf *buf, int blocksize)
				42	{
				43	u8 *ptr;
				44	u8 pad;
				45	int len = buf->len;
				46
				47	if (len <= buf->head[0].iov_len) {
				48	pad = (u8 )(buf->head[0].iov_base + len - 1);
				49	if (pad > buf->head[0].iov_len)
				50	return -EINVAL;
				51	buf->head[0].iov_len -= pad;
				52	goto out;
				53	} else
				54	len -= buf->head[0].iov_len;
				55	if (len <= buf->page_len) {
				56	int last = (buf->page_base + len - 1)
				57	>>PAGE_CACHE_SHIFT;
				58	int offset = (buf->page_base + len - 1)
				59	& (PAGE_CACHE_SIZE - 1);
J. Bruce Fields	87d918d	2006-12-04 20:22:32 -0500	[diff] [blame]	60	ptr = kmap_atomic(buf->pages[last], KM_USER0);
J. Bruce Fields	14ae162	2005-10-13 16:55:13 -0400	[diff] [blame]	61	pad = *(ptr + offset);
J. Bruce Fields	87d918d	2006-12-04 20:22:32 -0500	[diff] [blame]	62	kunmap_atomic(ptr, KM_USER0);
J. Bruce Fields	14ae162	2005-10-13 16:55:13 -0400	[diff] [blame]	63	goto out;
				64	} else
				65	len -= buf->page_len;
				66	BUG_ON(len > buf->tail[0].iov_len);
				67	pad = (u8 )(buf->tail[0].iov_base + len - 1);
				68	out:
				69	/* XXX: NOTE: we do not adjust the page lengths--they represent
				70	* a range of data in the real filesystem page cache, and we need
				71	* to know that range so the xdr code can properly place read data.
				72	* However adjusting the head length, as we do above, is harmless.
				73	* In the case of a request that fits into a single page, the server
				74	* also uses length and head length together to determine the original
				75	* start of the request to copy the request for deferal; so it's
				76	* easier on the server if we adjust head and tail length in tandem.
				77	* It's not really a problem that we don't fool with the page and
				78	* tail lengths, though--at worst badly formed xdr might lead the
				79	* server to attempt to parse the padding.
				80	* XXX: Document all these weird requirements for gss mechanism
				81	* wrap/unwrap functions. */
				82	if (pad > blocksize)
				83	return -EINVAL;
				84	if (buf->len > pad)
				85	buf->len -= pad;
				86	else
				87	return -EINVAL;
				88	return 0;
				89	}
				90
				91	static inline void
				92	make_confounder(char *p, int blocksize)
				93	{
				94	static u64 i = 0;
				95	u64 q = (u64 )p;
				96
				97	/* rfc1964 claims this should be "random". But all that's really
				98	* necessary is that it be unique. And not even that is necessary in
				99	* our case since our "gssapi" implementation exists only to support
				100	* rpcsec_gss, so we know that the only buffers we will ever encrypt
				101	* already begin with a unique sequence number. Just to hedge my bets
				102	* I'll make a half-hearted attempt at something unique, but ensuring
				103	* uniqueness would mean worrying about atomicity and rollover, and I
				104	* don't care enough. */
				105
				106	BUG_ON(blocksize != 8);
				107	*q = i++;
				108	}
				109
				110	/* Assumptions: the head and tail of inbuf are ours to play with.
				111	* The pages, however, may be real pages in the page cache and we replace
				112	* them with scratch pages from *pages before writing to them. /
				113	/* XXX: obviously the above should be documentation of wrap interface,
				114	* and shouldn't be in this kerberos-specific file. */
				115
				116	/* XXX factor out common code with seal/unseal. */
				117
				118	u32
J. Bruce Fields	00fd6e1	2005-10-13 16:55:18 -0400	[diff] [blame]	119	gss_wrap_kerberos(struct gss_ctx *ctx, int offset,
J. Bruce Fields	14ae162	2005-10-13 16:55:13 -0400	[diff] [blame]	120	struct xdr_buf buf, struct page *pages)
				121	{
				122	struct krb5_ctx *kctx = ctx->internal_ctx_id;
				123	s32 checksum_type;
J. Bruce Fields	9e57b30	2006-03-20 23:23:11 -0500	[diff] [blame]	124	char cksumdata[16];
				125	struct xdr_netobj md5cksum = {.len = 0, .data = cksumdata};
J. Bruce Fields	14ae162	2005-10-13 16:55:13 -0400	[diff] [blame]	126	int blocksize = 0, plainlen;
				127	unsigned char ptr, krb5_hdr, *msg_start;
				128	s32 now;
				129	int headlen;
				130	struct page **tmp_pages;
J. Bruce Fields	eaa82ed	2006-03-20 23:24:04 -0500	[diff] [blame]	131	u32 seq_send;
J. Bruce Fields	14ae162	2005-10-13 16:55:13 -0400	[diff] [blame]	132
				133	dprintk("RPC: gss_wrap_kerberos\n");
				134
				135	now = get_seconds();
				136
J. Bruce Fields	14ae162	2005-10-13 16:55:13 -0400	[diff] [blame]	137	switch (kctx->signalg) {
				138	case SGN_ALG_DES_MAC_MD5:
				139	checksum_type = CKSUMTYPE_RSA_MD5;
				140	break;
				141	default:
				142	dprintk("RPC: gss_krb5_seal: kctx->signalg %d not"
				143	" supported\n", kctx->signalg);
				144	goto out_err;
				145	}
				146	if (kctx->sealalg != SEAL_ALG_NONE && kctx->sealalg != SEAL_ALG_DES) {
				147	dprintk("RPC: gss_krb5_seal: kctx->sealalg %d not supported\n",
				148	kctx->sealalg);
				149	goto out_err;
				150	}
				151
Herbert Xu	378c669	2006-08-22 20:33:54 +1000	[diff] [blame]	152	blocksize = crypto_blkcipher_blocksize(kctx->enc);
J. Bruce Fields	14ae162	2005-10-13 16:55:13 -0400	[diff] [blame]	153	gss_krb5_add_padding(buf, offset, blocksize);
				154	BUG_ON((buf->len - offset) % blocksize);
				155	plainlen = blocksize + buf->len - offset;
				156
				157	headlen = g_token_size(&kctx->mech_used, 22 + plainlen) -
				158	(buf->len - offset);
				159
				160	ptr = buf->head[0].iov_base + offset;
				161	/* shift data to make room for header. */
				162	/* XXX Would be cleverer to encrypt while copying. */
				163	/* XXX bounds checking, slack, etc. */
				164	memmove(ptr + headlen, ptr, buf->head[0].iov_len - offset);
				165	buf->head[0].iov_len += headlen;
				166	buf->len += headlen;
				167	BUG_ON((buf->len - offset - headlen) % blocksize);
				168
				169	g_make_token_header(&kctx->mech_used, 22 + plainlen, &ptr);
				170
				171
				172	*ptr++ = (unsigned char) ((KG_TOK_WRAP_MSG>>8)&0xff);
				173	*ptr++ = (unsigned char) (KG_TOK_WRAP_MSG&0xff);
				174
				175	/* ptr now at byte 2 of header described in rfc 1964, section 1.2.1: */
				176	krb5_hdr = ptr - 2;
				177	msg_start = krb5_hdr + 24;
				178	/* XXXJBF: */ BUG_ON(buf->head[0].iov_base + offset + headlen != msg_start + blocksize);
				179
Alexey Dobriyan	d8ed029	2006-09-26 22:29:38 -0700	[diff] [blame]	180	(__be16 )(krb5_hdr + 2) = htons(kctx->signalg);
J. Bruce Fields	14ae162	2005-10-13 16:55:13 -0400	[diff] [blame]	181	memset(krb5_hdr + 4, 0xff, 4);
Alexey Dobriyan	d8ed029	2006-09-26 22:29:38 -0700	[diff] [blame]	182	(__be16 )(krb5_hdr + 4) = htons(kctx->sealalg);
J. Bruce Fields	14ae162	2005-10-13 16:55:13 -0400	[diff] [blame]	183
				184	make_confounder(msg_start, blocksize);
				185
				186	/* XXXJBF: UGH!: */
				187	tmp_pages = buf->pages;
				188	buf->pages = pages;
				189	if (make_checksum(checksum_type, krb5_hdr, 8, buf,
				190	offset + headlen - blocksize, &md5cksum))
				191	goto out_err;
				192	buf->pages = tmp_pages;
				193
				194	switch (kctx->signalg) {
				195	case SGN_ALG_DES_MAC_MD5:
				196	if (krb5_encrypt(kctx->seq, NULL, md5cksum.data,
				197	md5cksum.data, md5cksum.len))
				198	goto out_err;
				199	memcpy(krb5_hdr + 16,
				200	md5cksum.data + md5cksum.len - KRB5_CKSUM_LENGTH,
				201	KRB5_CKSUM_LENGTH);
J. Bruce Fields	14ae162	2005-10-13 16:55:13 -0400	[diff] [blame]	202	break;
				203	default:
				204	BUG();
				205	}
				206
J. Bruce Fields	eaa82ed	2006-03-20 23:24:04 -0500	[diff] [blame]	207	spin_lock(&krb5_seq_lock);
				208	seq_send = kctx->seq_send++;
				209	spin_unlock(&krb5_seq_lock);
				210
J. Bruce Fields	14ae162	2005-10-13 16:55:13 -0400	[diff] [blame]	211	/* XXX would probably be more efficient to compute checksum
				212	* and encrypt at the same time: */
				213	if ((krb5_make_seq_num(kctx->seq, kctx->initiate ? 0 : 0xff,
J. Bruce Fields	eaa82ed	2006-03-20 23:24:04 -0500	[diff] [blame]	214	seq_send, krb5_hdr + 16, krb5_hdr + 8)))
J. Bruce Fields	14ae162	2005-10-13 16:55:13 -0400	[diff] [blame]	215	goto out_err;
				216
				217	if (gss_encrypt_xdr_buf(kctx->enc, buf, offset + headlen - blocksize,
				218	pages))
				219	goto out_err;
				220
J. Bruce Fields	14ae162	2005-10-13 16:55:13 -0400	[diff] [blame]	221	return ((kctx->endtime < now) ? GSS_S_CONTEXT_EXPIRED : GSS_S_COMPLETE);
				222	out_err:
J. Bruce Fields	14ae162	2005-10-13 16:55:13 -0400	[diff] [blame]	223	return GSS_S_FAILURE;
				224	}
				225
				226	u32
J. Bruce Fields	00fd6e1	2005-10-13 16:55:18 -0400	[diff] [blame]	227	gss_unwrap_kerberos(struct gss_ctx ctx, int offset, struct xdr_buf buf)
J. Bruce Fields	14ae162	2005-10-13 16:55:13 -0400	[diff] [blame]	228	{
				229	struct krb5_ctx *kctx = ctx->internal_ctx_id;
				230	int signalg;
				231	int sealalg;
				232	s32 checksum_type;
J. Bruce Fields	9e57b30	2006-03-20 23:23:11 -0500	[diff] [blame]	233	char cksumdata[16];
				234	struct xdr_netobj md5cksum = {.len = 0, .data = cksumdata};
J. Bruce Fields	14ae162	2005-10-13 16:55:13 -0400	[diff] [blame]	235	s32 now;
				236	int direction;
				237	s32 seqnum;
				238	unsigned char *ptr;
				239	int bodysize;
				240	u32 ret = GSS_S_DEFECTIVE_TOKEN;
				241	void data_start, orig_start;
				242	int data_len;
				243	int blocksize;
				244
				245	dprintk("RPC: gss_unwrap_kerberos\n");
				246
				247	ptr = (u8 *)buf->head[0].iov_base + offset;
				248	if (g_verify_token_header(&kctx->mech_used, &bodysize, &ptr,
				249	buf->len - offset))
				250	goto out;
				251
				252	if ((*ptr++ != ((KG_TOK_WRAP_MSG>>8)&0xff)) \|\|
				253	(*ptr++ != (KG_TOK_WRAP_MSG &0xff)) )
				254	goto out;
				255
				256	/* XXX sanity-check bodysize?? */
				257
				258	/* get the sign and seal algorithms */
				259
				260	signalg = ptr[0] + (ptr[1] << 8);
				261	sealalg = ptr[2] + (ptr[3] << 8);
				262
				263	/* Sanity checks */
				264
				265	if ((ptr[4] != 0xff) \|\| (ptr[5] != 0xff))
				266	goto out;
				267
				268	if (sealalg == 0xffff)
				269	goto out;
				270
				271	/* in the current spec, there is only one valid seal algorithm per
				272	key type, so a simple comparison is ok */
				273
				274	if (sealalg != kctx->sealalg)
				275	goto out;
				276
				277	/* there are several mappings of seal algorithms to sign algorithms,
				278	but few enough that we can try them all. */
				279
				280	if ((kctx->sealalg == SEAL_ALG_NONE && signalg > 1) \|\|
				281	(kctx->sealalg == SEAL_ALG_1 && signalg != SGN_ALG_3) \|\|
				282	(kctx->sealalg == SEAL_ALG_DES3KD &&
				283	signalg != SGN_ALG_HMAC_SHA1_DES3_KD))
				284	goto out;
				285
				286	if (gss_decrypt_xdr_buf(kctx->enc, buf,
				287	ptr + 22 - (unsigned char *)buf->head[0].iov_base))
				288	goto out;
				289
				290	/* compute the checksum of the message */
				291
				292	/* initialize the the cksum */
				293	switch (signalg) {
				294	case SGN_ALG_DES_MAC_MD5:
				295	checksum_type = CKSUMTYPE_RSA_MD5;
				296	break;
				297	default:
				298	ret = GSS_S_DEFECTIVE_TOKEN;
				299	goto out;
				300	}
				301
				302	switch (signalg) {
				303	case SGN_ALG_DES_MAC_MD5:
				304	ret = make_checksum(checksum_type, ptr - 2, 8, buf,
				305	ptr + 22 - (unsigned char *)buf->head[0].iov_base, &md5cksum);
				306	if (ret)
				307	goto out;
				308
				309	ret = krb5_encrypt(kctx->seq, NULL, md5cksum.data,
				310	md5cksum.data, md5cksum.len);
				311	if (ret)
				312	goto out;
				313
				314	if (memcmp(md5cksum.data + 8, ptr + 14, 8)) {
				315	ret = GSS_S_BAD_SIG;
				316	goto out;
				317	}
				318	break;
				319	default:
				320	ret = GSS_S_DEFECTIVE_TOKEN;
				321	goto out;
				322	}
				323
				324	/* it got through unscathed. Make sure the context is unexpired */
				325
J. Bruce Fields	14ae162	2005-10-13 16:55:13 -0400	[diff] [blame]	326	now = get_seconds();
				327
				328	ret = GSS_S_CONTEXT_EXPIRED;
				329	if (now > kctx->endtime)
				330	goto out;
				331
				332	/* do sequencing checks */
				333
				334	ret = GSS_S_BAD_SIG;
				335	if ((ret = krb5_get_seq_num(kctx->seq, ptr + 14, ptr + 6, &direction,
				336	&seqnum)))
				337	goto out;
				338
				339	if ((kctx->initiate && direction != 0xff) \|\|
				340	(!kctx->initiate && direction != 0))
				341	goto out;
				342
				343	/* Copy the data back to the right position. XXX: Would probably be
				344	* better to copy and encrypt at the same time. */
				345
Herbert Xu	378c669	2006-08-22 20:33:54 +1000	[diff] [blame]	346	blocksize = crypto_blkcipher_blocksize(kctx->enc);
J. Bruce Fields	14ae162	2005-10-13 16:55:13 -0400	[diff] [blame]	347	data_start = ptr + 22 + blocksize;
				348	orig_start = buf->head[0].iov_base + offset;
				349	data_len = (buf->head[0].iov_base + buf->head[0].iov_len) - data_start;
				350	memmove(orig_start, data_start, data_len);
				351	buf->head[0].iov_len -= (data_start - orig_start);
				352	buf->len -= (data_start - orig_start);
				353
				354	ret = GSS_S_DEFECTIVE_TOKEN;
				355	if (gss_krb5_remove_padding(buf, blocksize))
				356	goto out;
				357
				358	ret = GSS_S_COMPLETE;
				359	out:
J. Bruce Fields	14ae162	2005-10-13 16:55:13 -0400	[diff] [blame]	360	return ret;
				361	}