1/* RxRPC key management
   2 *
   3 * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
   4 * Written by David Howells (dhowells@redhat.com)
   5 *
   6 * This program is free software; you can redistribute it and/or
   7 * modify it under the terms of the GNU General Public License
   8 * as published by the Free Software Foundation; either version
   9 * 2 of the License, or (at your option) any later version.
  10 *
  11 * RxRPC keys should have a description of describing their purpose:
  12 *	"afs@CAMBRIDGE.REDHAT.COM>
  13 */
  14
  15#include <crypto/skcipher.h>
  16#include <linux/module.h>
  17#include <linux/net.h>
  18#include <linux/skbuff.h>
  19#include <linux/key-type.h>
  20#include <linux/ctype.h>
  21#include <linux/slab.h>
  22#include <net/sock.h>
  23#include <net/af_rxrpc.h>
  24#include <keys/rxrpc-type.h>
  25#include <keys/user-type.h>
  26#include "ar-internal.h"
  27
  28static int rxrpc_vet_description_s(const char *);
  29static int rxrpc_preparse(struct key_preparsed_payload *);
  30static int rxrpc_preparse_s(struct key_preparsed_payload *);
  31static void rxrpc_free_preparse(struct key_preparsed_payload *);
  32static void rxrpc_free_preparse_s(struct key_preparsed_payload *);
  33static void rxrpc_destroy(struct key *);
  34static void rxrpc_destroy_s(struct key *);
  35static void rxrpc_describe(const struct key *, struct seq_file *);
  36static long rxrpc_read(const struct key *, char __user *, size_t);
  37
  38/*
  39 * rxrpc defined keys take an arbitrary string as the description and an
  40 * arbitrary blob of data as the payload
  41 */
  42struct key_type key_type_rxrpc = {
  43	.name		= "rxrpc",
  44	.preparse	= rxrpc_preparse,
  45	.free_preparse	= rxrpc_free_preparse,
  46	.instantiate	= generic_key_instantiate,
  47	.destroy	= rxrpc_destroy,
  48	.describe	= rxrpc_describe,
  49	.read		= rxrpc_read,
  50};
  51EXPORT_SYMBOL(key_type_rxrpc);
  52
  53/*
  54 * rxrpc server defined keys take "<serviceId>:<securityIndex>" as the
  55 * description and an 8-byte decryption key as the payload
  56 */
  57struct key_type key_type_rxrpc_s = {
  58	.name		= "rxrpc_s",
  59	.vet_description = rxrpc_vet_description_s,
  60	.preparse	= rxrpc_preparse_s,
  61	.free_preparse	= rxrpc_free_preparse_s,
  62	.instantiate	= generic_key_instantiate,
  63	.destroy	= rxrpc_destroy_s,
  64	.describe	= rxrpc_describe,
  65};
  66
  67/*
  68 * Vet the description for an RxRPC server key
  69 */
  70static int rxrpc_vet_description_s(const char *desc)
  71{
  72	unsigned long num;
  73	char *p;
  74
  75	num = simple_strtoul(desc, &p, 10);
  76	if (*p != ':' || num > 65535)
  77		return -EINVAL;
  78	num = simple_strtoul(p + 1, &p, 10);
  79	if (*p || num < 1 || num > 255)
  80		return -EINVAL;
  81	return 0;
  82}
  83
  84/*
  85 * parse an RxKAD type XDR format token
  86 * - the caller guarantees we have at least 4 words
  87 */
  88static int rxrpc_preparse_xdr_rxkad(struct key_preparsed_payload *prep,
  89				    size_t datalen,
  90				    const __be32 *xdr, unsigned int toklen)
  91{
  92	struct rxrpc_key_token *token, **pptoken;
  93	size_t plen;
  94	u32 tktlen;
  95
  96	_enter(",{%x,%x,%x,%x},%u",
  97	       ntohl(xdr[0]), ntohl(xdr[1]), ntohl(xdr[2]), ntohl(xdr[3]),
  98	       toklen);
  99
 100	if (toklen <= 8 * 4)
 101		return -EKEYREJECTED;
 102	tktlen = ntohl(xdr[7]);
 103	_debug("tktlen: %x", tktlen);
 104	if (tktlen > AFSTOKEN_RK_TIX_MAX)
 105		return -EKEYREJECTED;
 106	if (toklen < 8 * 4 + tktlen)
 107		return -EKEYREJECTED;
 108
 109	plen = sizeof(*token) + sizeof(*token->kad) + tktlen;
 110	prep->quotalen = datalen + plen;
 111
 112	plen -= sizeof(*token);
 113	token = kzalloc(sizeof(*token), GFP_KERNEL);
 114	if (!token)
 115		return -ENOMEM;
 116
 117	token->kad = kzalloc(plen, GFP_KERNEL);
 118	if (!token->kad) {
 119		kfree(token);
 120		return -ENOMEM;
 121	}
 122
 123	token->security_index	= RXRPC_SECURITY_RXKAD;
 124	token->kad->ticket_len	= tktlen;
 125	token->kad->vice_id	= ntohl(xdr[0]);
 126	token->kad->kvno	= ntohl(xdr[1]);
 127	token->kad->start	= ntohl(xdr[4]);
 128	token->kad->expiry	= ntohl(xdr[5]);
 129	token->kad->primary_flag = ntohl(xdr[6]);
 130	memcpy(&token->kad->session_key, &xdr[2], 8);
 131	memcpy(&token->kad->ticket, &xdr[8], tktlen);
 132
 133	_debug("SCIX: %u", token->security_index);
 134	_debug("TLEN: %u", token->kad->ticket_len);
 135	_debug("EXPY: %x", token->kad->expiry);
 136	_debug("KVNO: %u", token->kad->kvno);
 137	_debug("PRIM: %u", token->kad->primary_flag);
 138	_debug("SKEY: %02x%02x%02x%02x%02x%02x%02x%02x",
 139	       token->kad->session_key[0], token->kad->session_key[1],
 140	       token->kad->session_key[2], token->kad->session_key[3],
 141	       token->kad->session_key[4], token->kad->session_key[5],
 142	       token->kad->session_key[6], token->kad->session_key[7]);
 143	if (token->kad->ticket_len >= 8)
 144		_debug("TCKT: %02x%02x%02x%02x%02x%02x%02x%02x",
 145		       token->kad->ticket[0], token->kad->ticket[1],
 146		       token->kad->ticket[2], token->kad->ticket[3],
 147		       token->kad->ticket[4], token->kad->ticket[5],
 148		       token->kad->ticket[6], token->kad->ticket[7]);
 149
 150	/* count the number of tokens attached */
 151	prep->payload.data[1] = (void *)((unsigned long)prep->payload.data[1] + 1);
 152
 153	/* attach the data */
 154	for (pptoken = (struct rxrpc_key_token **)&prep->payload.data[0];
 155	     *pptoken;
 156	     pptoken = &(*pptoken)->next)
 157		continue;
 158	*pptoken = token;
 159	if (token->kad->expiry < prep->expiry)
 160		prep->expiry = token->kad->expiry;
 161
 162	_leave(" = 0");
 163	return 0;
 164}
 165
 166static void rxrpc_free_krb5_principal(struct krb5_principal *princ)
 167{
 168	int loop;
 169
 170	if (princ->name_parts) {
 171		for (loop = princ->n_name_parts - 1; loop >= 0; loop--)
 172			kfree(princ->name_parts[loop]);
 173		kfree(princ->name_parts);
 174	}
 175	kfree(princ->realm);
 176}
 177
 178static void rxrpc_free_krb5_tagged(struct krb5_tagged_data *td)
 179{
 180	kfree(td->data);
 181}
 182
 183/*
 184 * free up an RxK5 token
 185 */
 186static void rxrpc_rxk5_free(struct rxk5_key *rxk5)
 187{
 188	int loop;
 189
 190	rxrpc_free_krb5_principal(&rxk5->client);
 191	rxrpc_free_krb5_principal(&rxk5->server);
 192	rxrpc_free_krb5_tagged(&rxk5->session);
 193
 194	if (rxk5->addresses) {
 195		for (loop = rxk5->n_addresses - 1; loop >= 0; loop--)
 196			rxrpc_free_krb5_tagged(&rxk5->addresses[loop]);
 197		kfree(rxk5->addresses);
 198	}
 199	if (rxk5->authdata) {
 200		for (loop = rxk5->n_authdata - 1; loop >= 0; loop--)
 201			rxrpc_free_krb5_tagged(&rxk5->authdata[loop]);
 202		kfree(rxk5->authdata);
 203	}
 204
 205	kfree(rxk5->ticket);
 206	kfree(rxk5->ticket2);
 207	kfree(rxk5);
 208}
 209
 210/*
 211 * extract a krb5 principal
 212 */
 213static int rxrpc_krb5_decode_principal(struct krb5_principal *princ,
 214				       const __be32 **_xdr,
 215				       unsigned int *_toklen)
 216{
 217	const __be32 *xdr = *_xdr;
 218	unsigned int toklen = *_toklen, n_parts, loop, tmp;
 219
 220	/* there must be at least one name, and at least #names+1 length
 221	 * words */
 222	if (toklen <= 12)
 223		return -EINVAL;
 224
 225	_enter(",{%x,%x,%x},%u",
 226	       ntohl(xdr[0]), ntohl(xdr[1]), ntohl(xdr[2]), toklen);
 227
 228	n_parts = ntohl(*xdr++);
 229	toklen -= 4;
 230	if (n_parts <= 0 || n_parts > AFSTOKEN_K5_COMPONENTS_MAX)
 231		return -EINVAL;
 232	princ->n_name_parts = n_parts;
 233
 234	if (toklen <= (n_parts + 1) * 4)
 235		return -EINVAL;
 236
 237	princ->name_parts = kcalloc(n_parts, sizeof(char *), GFP_KERNEL);
 238	if (!princ->name_parts)
 239		return -ENOMEM;
 240
 241	for (loop = 0; loop < n_parts; loop++) {
 242		if (toklen < 4)
 243			return -EINVAL;
 244		tmp = ntohl(*xdr++);
 245		toklen -= 4;
 246		if (tmp <= 0 || tmp > AFSTOKEN_STRING_MAX)
 247			return -EINVAL;
 248		if (tmp > toklen)
 249			return -EINVAL;
 250		princ->name_parts[loop] = kmalloc(tmp + 1, GFP_KERNEL);
 251		if (!princ->name_parts[loop])
 252			return -ENOMEM;
 253		memcpy(princ->name_parts[loop], xdr, tmp);
 254		princ->name_parts[loop][tmp] = 0;
 255		tmp = (tmp + 3) & ~3;
 256		toklen -= tmp;
 257		xdr += tmp >> 2;
 258	}
 259
 260	if (toklen < 4)
 261		return -EINVAL;
 262	tmp = ntohl(*xdr++);
 263	toklen -= 4;
 264	if (tmp <= 0 || tmp > AFSTOKEN_K5_REALM_MAX)
 265		return -EINVAL;
 266	if (tmp > toklen)
 267		return -EINVAL;
 268	princ->realm = kmalloc(tmp + 1, GFP_KERNEL);
 269	if (!princ->realm)
 270		return -ENOMEM;
 271	memcpy(princ->realm, xdr, tmp);
 272	princ->realm[tmp] = 0;
 273	tmp = (tmp + 3) & ~3;
 274	toklen -= tmp;
 275	xdr += tmp >> 2;
 276
 277	_debug("%s/...@%s", princ->name_parts[0], princ->realm);
 278
 279	*_xdr = xdr;
 280	*_toklen = toklen;
 281	_leave(" = 0 [toklen=%u]", toklen);
 282	return 0;
 283}
 284
 285/*
 286 * extract a piece of krb5 tagged data
 287 */
 288static int rxrpc_krb5_decode_tagged_data(struct krb5_tagged_data *td,
 289					 size_t max_data_size,
 290					 const __be32 **_xdr,
 291					 unsigned int *_toklen)
 292{
 293	const __be32 *xdr = *_xdr;
 294	unsigned int toklen = *_toklen, len;
 295
 296	/* there must be at least one tag and one length word */
 297	if (toklen <= 8)
 298		return -EINVAL;
 299
 300	_enter(",%zu,{%x,%x},%u",
 301	       max_data_size, ntohl(xdr[0]), ntohl(xdr[1]), toklen);
 302
 303	td->tag = ntohl(*xdr++);
 304	len = ntohl(*xdr++);
 305	toklen -= 8;
 306	if (len > max_data_size)
 307		return -EINVAL;
 308	td->data_len = len;
 309
 310	if (len > 0) {
 311		td->data = kmemdup(xdr, len, GFP_KERNEL);
 312		if (!td->data)
 313			return -ENOMEM;
 314		len = (len + 3) & ~3;
 315		toklen -= len;
 316		xdr += len >> 2;
 317	}
 318
 319	_debug("tag %x len %x", td->tag, td->data_len);
 320
 321	*_xdr = xdr;
 322	*_toklen = toklen;
 323	_leave(" = 0 [toklen=%u]", toklen);
 324	return 0;
 325}
 326
 327/*
 328 * extract an array of tagged data
 329 */
 330static int rxrpc_krb5_decode_tagged_array(struct krb5_tagged_data **_td,
 331					  u8 *_n_elem,
 332					  u8 max_n_elem,
 333					  size_t max_elem_size,
 334					  const __be32 **_xdr,
 335					  unsigned int *_toklen)
 336{
 337	struct krb5_tagged_data *td;
 338	const __be32 *xdr = *_xdr;
 339	unsigned int toklen = *_toklen, n_elem, loop;
 340	int ret;
 341
 342	/* there must be at least one count */
 343	if (toklen < 4)
 344		return -EINVAL;
 345
 346	_enter(",,%u,%zu,{%x},%u",
 347	       max_n_elem, max_elem_size, ntohl(xdr[0]), toklen);
 348
 349	n_elem = ntohl(*xdr++);
 350	toklen -= 4;
 351	if (n_elem > max_n_elem)
 352		return -EINVAL;
 353	*_n_elem = n_elem;
 354	if (n_elem > 0) {
 355		if (toklen <= (n_elem + 1) * 4)
 356			return -EINVAL;
 357
 358		_debug("n_elem %d", n_elem);
 359
 360		td = kcalloc(n_elem, sizeof(struct krb5_tagged_data),
 361			     GFP_KERNEL);
 362		if (!td)
 363			return -ENOMEM;
 364		*_td = td;
 365
 366		for (loop = 0; loop < n_elem; loop++) {
 367			ret = rxrpc_krb5_decode_tagged_data(&td[loop],
 368							    max_elem_size,
 369							    &xdr, &toklen);
 370			if (ret < 0)
 371				return ret;
 372		}
 373	}
 374
 375	*_xdr = xdr;
 376	*_toklen = toklen;
 377	_leave(" = 0 [toklen=%u]", toklen);
 378	return 0;
 379}
 380
 381/*
 382 * extract a krb5 ticket
 383 */
 384static int rxrpc_krb5_decode_ticket(u8 **_ticket, u16 *_tktlen,
 385				    const __be32 **_xdr, unsigned int *_toklen)
 386{
 387	const __be32 *xdr = *_xdr;
 388	unsigned int toklen = *_toklen, len;
 389
 390	/* there must be at least one length word */
 391	if (toklen <= 4)
 392		return -EINVAL;
 393
 394	_enter(",{%x},%u", ntohl(xdr[0]), toklen);
 395
 396	len = ntohl(*xdr++);
 397	toklen -= 4;
 398	if (len > AFSTOKEN_K5_TIX_MAX)
 399		return -EINVAL;
 400	*_tktlen = len;
 401
 402	_debug("ticket len %u", len);
 403
 404	if (len > 0) {
 405		*_ticket = kmemdup(xdr, len, GFP_KERNEL);
 406		if (!*_ticket)
 407			return -ENOMEM;
 408		len = (len + 3) & ~3;
 409		toklen -= len;
 410		xdr += len >> 2;
 411	}
 412
 413	*_xdr = xdr;
 414	*_toklen = toklen;
 415	_leave(" = 0 [toklen=%u]", toklen);
 416	return 0;
 417}
 418
 419/*
 420 * parse an RxK5 type XDR format token
 421 * - the caller guarantees we have at least 4 words
 422 */
 423static int rxrpc_preparse_xdr_rxk5(struct key_preparsed_payload *prep,
 424				   size_t datalen,
 425				   const __be32 *xdr, unsigned int toklen)
 426{
 427	struct rxrpc_key_token *token, **pptoken;
 428	struct rxk5_key *rxk5;
 429	const __be32 *end_xdr = xdr + (toklen >> 2);
 430	int ret;
 431
 432	_enter(",{%x,%x,%x,%x},%u",
 433	       ntohl(xdr[0]), ntohl(xdr[1]), ntohl(xdr[2]), ntohl(xdr[3]),
 434	       toklen);
 435
 436	/* reserve some payload space for this subkey - the length of the token
 437	 * is a reasonable approximation */
 438	prep->quotalen = datalen + toklen;
 439
 440	token = kzalloc(sizeof(*token), GFP_KERNEL);
 441	if (!token)
 442		return -ENOMEM;
 443
 444	rxk5 = kzalloc(sizeof(*rxk5), GFP_KERNEL);
 445	if (!rxk5) {
 446		kfree(token);
 447		return -ENOMEM;
 448	}
 449
 450	token->security_index = RXRPC_SECURITY_RXK5;
 451	token->k5 = rxk5;
 452
 453	/* extract the principals */
 454	ret = rxrpc_krb5_decode_principal(&rxk5->client, &xdr, &toklen);
 455	if (ret < 0)
 456		goto error;
 457	ret = rxrpc_krb5_decode_principal(&rxk5->server, &xdr, &toklen);
 458	if (ret < 0)
 459		goto error;
 460
 461	/* extract the session key and the encoding type (the tag field ->
 462	 * ENCTYPE_xxx) */
 463	ret = rxrpc_krb5_decode_tagged_data(&rxk5->session, AFSTOKEN_DATA_MAX,
 464					    &xdr, &toklen);
 465	if (ret < 0)
 466		goto error;
 467
 468	if (toklen < 4 * 8 + 2 * 4)
 469		goto inval;
 470	rxk5->authtime	= be64_to_cpup((const __be64 *) xdr);
 471	xdr += 2;
 472	rxk5->starttime	= be64_to_cpup((const __be64 *) xdr);
 473	xdr += 2;
 474	rxk5->endtime	= be64_to_cpup((const __be64 *) xdr);
 475	xdr += 2;
 476	rxk5->renew_till = be64_to_cpup((const __be64 *) xdr);
 477	xdr += 2;
 478	rxk5->is_skey = ntohl(*xdr++);
 479	rxk5->flags = ntohl(*xdr++);
 480	toklen -= 4 * 8 + 2 * 4;
 481
 482	_debug("times: a=%llx s=%llx e=%llx rt=%llx",
 483	       rxk5->authtime, rxk5->starttime, rxk5->endtime,
 484	       rxk5->renew_till);
 485	_debug("is_skey=%x flags=%x", rxk5->is_skey, rxk5->flags);
 486
 487	/* extract the permitted client addresses */
 488	ret = rxrpc_krb5_decode_tagged_array(&rxk5->addresses,
 489					     &rxk5->n_addresses,
 490					     AFSTOKEN_K5_ADDRESSES_MAX,
 491					     AFSTOKEN_DATA_MAX,
 492					     &xdr, &toklen);
 493	if (ret < 0)
 494		goto error;
 495
 496	ASSERTCMP((end_xdr - xdr) << 2, ==, toklen);
 497
 498	/* extract the tickets */
 499	ret = rxrpc_krb5_decode_ticket(&rxk5->ticket, &rxk5->ticket_len,
 500				       &xdr, &toklen);
 501	if (ret < 0)
 502		goto error;
 503	ret = rxrpc_krb5_decode_ticket(&rxk5->ticket2, &rxk5->ticket2_len,
 504				       &xdr, &toklen);
 505	if (ret < 0)
 506		goto error;
 507
 508	ASSERTCMP((end_xdr - xdr) << 2, ==, toklen);
 509
 510	/* extract the typed auth data */
 511	ret = rxrpc_krb5_decode_tagged_array(&rxk5->authdata,
 512					     &rxk5->n_authdata,
 513					     AFSTOKEN_K5_AUTHDATA_MAX,
 514					     AFSTOKEN_BDATALN_MAX,
 515					     &xdr, &toklen);
 516	if (ret < 0)
 517		goto error;
 518
 519	ASSERTCMP((end_xdr - xdr) << 2, ==, toklen);
 520
 521	if (toklen != 0)
 522		goto inval;
 523
 524	/* attach the payload */
 525	for (pptoken = (struct rxrpc_key_token **)&prep->payload.data[0];
 526	     *pptoken;
 527	     pptoken = &(*pptoken)->next)
 528		continue;
 529	*pptoken = token;
 530	if (token->kad->expiry < prep->expiry)
 531		prep->expiry = token->kad->expiry;
 532
 533	_leave(" = 0");
 534	return 0;
 535
 536inval:
 537	ret = -EINVAL;
 538error:
 539	rxrpc_rxk5_free(rxk5);
 540	kfree(token);
 541	_leave(" = %d", ret);
 542	return ret;
 543}
 544
 545/*
 546 * attempt to parse the data as the XDR format
 547 * - the caller guarantees we have more than 7 words
 548 */
 549static int rxrpc_preparse_xdr(struct key_preparsed_payload *prep)
 550{
 551	const __be32 *xdr = prep->data, *token;
 552	const char *cp;
 553	unsigned int len, tmp, loop, ntoken, toklen, sec_ix;
 554	size_t datalen = prep->datalen;
 555	int ret;
 556
 557	_enter(",{%x,%x,%x,%x},%zu",
 558	       ntohl(xdr[0]), ntohl(xdr[1]), ntohl(xdr[2]), ntohl(xdr[3]),
 559	       prep->datalen);
 560
 561	if (datalen > AFSTOKEN_LENGTH_MAX)
 562		goto not_xdr;
 563
 564	/* XDR is an array of __be32's */
 565	if (datalen & 3)
 566		goto not_xdr;
 567
 568	/* the flags should be 0 (the setpag bit must be handled by
 569	 * userspace) */
 570	if (ntohl(*xdr++) != 0)
 571		goto not_xdr;
 572	datalen -= 4;
 573
 574	/* check the cell name */
 575	len = ntohl(*xdr++);
 576	if (len < 1 || len > AFSTOKEN_CELL_MAX)
 577		goto not_xdr;
 578	datalen -= 4;
 579	tmp = (len + 3) & ~3;
 580	if (tmp > datalen)
 581		goto not_xdr;
 582
 583	cp = (const char *) xdr;
 584	for (loop = 0; loop < len; loop++)
 585		if (!isprint(cp[loop]))
 586			goto not_xdr;
 587	if (len < tmp)
 588		for (; loop < tmp; loop++)
 589			if (cp[loop])
 590				goto not_xdr;
 591	_debug("cellname: [%u/%u] '%*.*s'",
 592	       len, tmp, len, len, (const char *) xdr);
 593	datalen -= tmp;
 594	xdr += tmp >> 2;
 595
 596	/* get the token count */
 597	if (datalen < 12)
 598		goto not_xdr;
 599	ntoken = ntohl(*xdr++);
 600	datalen -= 4;
 601	_debug("ntoken: %x", ntoken);
 602	if (ntoken < 1 || ntoken > AFSTOKEN_MAX)
 603		goto not_xdr;
 604
 605	/* check each token wrapper */
 606	token = xdr;
 607	loop = ntoken;
 608	do {
 609		if (datalen < 8)
 610			goto not_xdr;
 611		toklen = ntohl(*xdr++);
 612		sec_ix = ntohl(*xdr);
 613		datalen -= 4;
 614		_debug("token: [%x/%zx] %x", toklen, datalen, sec_ix);
 615		if (toklen < 20 || toklen > datalen)
 616			goto not_xdr;
 617		datalen -= (toklen + 3) & ~3;
 618		xdr += (toklen + 3) >> 2;
 619
 620	} while (--loop > 0);
 621
 622	_debug("remainder: %zu", datalen);
 623	if (datalen != 0)
 624		goto not_xdr;
 625
 626	/* okay: we're going to assume it's valid XDR format
 627	 * - we ignore the cellname, relying on the key to be correctly named
 628	 */
 629	do {
 630		xdr = token;
 631		toklen = ntohl(*xdr++);
 632		token = xdr + ((toklen + 3) >> 2);
 633		sec_ix = ntohl(*xdr++);
 634		toklen -= 4;
 635
 636		_debug("TOKEN type=%u [%p-%p]", sec_ix, xdr, token);
 637
 638		switch (sec_ix) {
 639		case RXRPC_SECURITY_RXKAD:
 640			ret = rxrpc_preparse_xdr_rxkad(prep, datalen, xdr, toklen);
 641			if (ret != 0)
 642				goto error;
 643			break;
 644
 645		case RXRPC_SECURITY_RXK5:
 646			ret = rxrpc_preparse_xdr_rxk5(prep, datalen, xdr, toklen);
 647			if (ret != 0)
 648				goto error;
 649			break;
 650
 651		default:
 652			ret = -EPROTONOSUPPORT;
 653			goto error;
 654		}
 655
 656	} while (--ntoken > 0);
 657
 658	_leave(" = 0");
 659	return 0;
 660
 661not_xdr:
 662	_leave(" = -EPROTO");
 663	return -EPROTO;
 664error:
 665	_leave(" = %d", ret);
 666	return ret;
 667}
 668
 669/*
 670 * Preparse an rxrpc defined key.
 671 *
 672 * Data should be of the form:
 673 *	OFFSET	LEN	CONTENT
 674 *	0	4	key interface version number
 675 *	4	2	security index (type)
 676 *	6	2	ticket length
 677 *	8	4	key expiry time (time_t)
 678 *	12	4	kvno
 679 *	16	8	session key
 680 *	24	[len]	ticket
 681 *
 682 * if no data is provided, then a no-security key is made
 683 */
 684static int rxrpc_preparse(struct key_preparsed_payload *prep)
 685{
 686	const struct rxrpc_key_data_v1 *v1;
 687	struct rxrpc_key_token *token, **pp;
 688	size_t plen;
 689	u32 kver;
 690	int ret;
 691
 692	_enter("%zu", prep->datalen);
 693
 694	/* handle a no-security key */
 695	if (!prep->data && prep->datalen == 0)
 696		return 0;
 697
 698	/* determine if the XDR payload format is being used */
 699	if (prep->datalen > 7 * 4) {
 700		ret = rxrpc_preparse_xdr(prep);
 701		if (ret != -EPROTO)
 702			return ret;
 703	}
 704
 705	/* get the key interface version number */
 706	ret = -EINVAL;
 707	if (prep->datalen <= 4 || !prep->data)
 708		goto error;
 709	memcpy(&kver, prep->data, sizeof(kver));
 710	prep->data += sizeof(kver);
 711	prep->datalen -= sizeof(kver);
 712
 713	_debug("KEY I/F VERSION: %u", kver);
 714
 715	ret = -EKEYREJECTED;
 716	if (kver != 1)
 717		goto error;
 718
 719	/* deal with a version 1 key */
 720	ret = -EINVAL;
 721	if (prep->datalen < sizeof(*v1))
 722		goto error;
 723
 724	v1 = prep->data;
 725	if (prep->datalen != sizeof(*v1) + v1->ticket_length)
 726		goto error;
 727
 728	_debug("SCIX: %u", v1->security_index);
 729	_debug("TLEN: %u", v1->ticket_length);
 730	_debug("EXPY: %x", v1->expiry);
 731	_debug("KVNO: %u", v1->kvno);
 732	_debug("SKEY: %02x%02x%02x%02x%02x%02x%02x%02x",
 733	       v1->session_key[0], v1->session_key[1],
 734	       v1->session_key[2], v1->session_key[3],
 735	       v1->session_key[4], v1->session_key[5],
 736	       v1->session_key[6], v1->session_key[7]);
 737	if (v1->ticket_length >= 8)
 738		_debug("TCKT: %02x%02x%02x%02x%02x%02x%02x%02x",
 739		       v1->ticket[0], v1->ticket[1],
 740		       v1->ticket[2], v1->ticket[3],
 741		       v1->ticket[4], v1->ticket[5],
 742		       v1->ticket[6], v1->ticket[7]);
 743
 744	ret = -EPROTONOSUPPORT;
 745	if (v1->security_index != RXRPC_SECURITY_RXKAD)
 746		goto error;
 747
 748	plen = sizeof(*token->kad) + v1->ticket_length;
 749	prep->quotalen = plen + sizeof(*token);
 750
 751	ret = -ENOMEM;
 752	token = kzalloc(sizeof(*token), GFP_KERNEL);
 753	if (!token)
 754		goto error;
 755	token->kad = kzalloc(plen, GFP_KERNEL);
 756	if (!token->kad)
 757		goto error_free;
 758
 759	token->security_index		= RXRPC_SECURITY_RXKAD;
 760	token->kad->ticket_len		= v1->ticket_length;
 761	token->kad->expiry		= v1->expiry;
 762	token->kad->kvno		= v1->kvno;
 763	memcpy(&token->kad->session_key, &v1->session_key, 8);
 764	memcpy(&token->kad->ticket, v1->ticket, v1->ticket_length);
 765
 766	/* count the number of tokens attached */
 767	prep->payload.data[1] = (void *)((unsigned long)prep->payload.data[1] + 1);
 768
 769	/* attach the data */
 770	pp = (struct rxrpc_key_token **)&prep->payload.data[0];
 771	while (*pp)
 772		pp = &(*pp)->next;
 773	*pp = token;
 774	if (token->kad->expiry < prep->expiry)
 775		prep->expiry = token->kad->expiry;
 776	token = NULL;
 777	ret = 0;
 778
 779error_free:
 780	kfree(token);
 781error:
 782	return ret;
 783}
 784
 785/*
 786 * Free token list.
 787 */
 788static void rxrpc_free_token_list(struct rxrpc_key_token *token)
 789{
 790	struct rxrpc_key_token *next;
 791
 792	for (; token; token = next) {
 793		next = token->next;
 794		switch (token->security_index) {
 795		case RXRPC_SECURITY_RXKAD:
 796			kfree(token->kad);
 797			break;
 798		case RXRPC_SECURITY_RXK5:
 799			if (token->k5)
 800				rxrpc_rxk5_free(token->k5);
 801			break;
 802		default:
 803			printk(KERN_ERR "Unknown token type %x on rxrpc key\n",
 804			       token->security_index);
 805			BUG();
 806		}
 807
 808		kfree(token);
 809	}
 810}
 811
 812/*
 813 * Clean up preparse data.
 814 */
 815static void rxrpc_free_preparse(struct key_preparsed_payload *prep)
 816{
 817	rxrpc_free_token_list(prep->payload.data[0]);
 818}
 819
 820/*
 821 * Preparse a server secret key.
 822 *
 823 * The data should be the 8-byte secret key.
 824 */
 825static int rxrpc_preparse_s(struct key_preparsed_payload *prep)
 826{
 827	struct crypto_skcipher *ci;
 828
 829	_enter("%zu", prep->datalen);
 830
 831	if (prep->datalen != 8)
 832		return -EINVAL;
 833
 834	memcpy(&prep->payload.data[2], prep->data, 8);
 835
 836	ci = crypto_alloc_skcipher("pcbc(des)", 0, CRYPTO_ALG_ASYNC);
 837	if (IS_ERR(ci)) {
 838		_leave(" = %ld", PTR_ERR(ci));
 839		return PTR_ERR(ci);
 840	}
 841
 842	if (crypto_skcipher_setkey(ci, prep->data, 8) < 0)
 843		BUG();
 844
 845	prep->payload.data[0] = ci;
 846	_leave(" = 0");
 847	return 0;
 848}
 849
 850/*
 851 * Clean up preparse data.
 852 */
 853static void rxrpc_free_preparse_s(struct key_preparsed_payload *prep)
 854{
 855	if (prep->payload.data[0])
 856		crypto_free_skcipher(prep->payload.data[0]);
 857}
 858
 859/*
 860 * dispose of the data dangling from the corpse of a rxrpc key
 861 */
 862static void rxrpc_destroy(struct key *key)
 863{
 864	rxrpc_free_token_list(key->payload.data[0]);
 865}
 866
 867/*
 868 * dispose of the data dangling from the corpse of a rxrpc key
 869 */
 870static void rxrpc_destroy_s(struct key *key)
 871{
 872	if (key->payload.data[0]) {
 873		crypto_free_skcipher(key->payload.data[0]);
 874		key->payload.data[0] = NULL;
 875	}
 876}
 877
 878/*
 879 * describe the rxrpc key
 880 */
 881static void rxrpc_describe(const struct key *key, struct seq_file *m)
 882{
 883	seq_puts(m, key->description);
 884}
 885
 886/*
 887 * grab the security key for a socket
 888 */
 889int rxrpc_request_key(struct rxrpc_sock *rx, char __user *optval, int optlen)
 890{
 891	struct key *key;
 892	char *description;
 893
 894	_enter("");
 895
 896	if (optlen <= 0 || optlen > PAGE_SIZE - 1)
 897		return -EINVAL;
 898
 899	description = memdup_user_nul(optval, optlen);
 900	if (IS_ERR(description))
 901		return PTR_ERR(description);
 902
 903	key = request_key(&key_type_rxrpc, description, NULL);
 904	if (IS_ERR(key)) {
 905		kfree(description);
 906		_leave(" = %ld", PTR_ERR(key));
 907		return PTR_ERR(key);
 908	}
 909
 910	rx->key = key;
 911	kfree(description);
 912	_leave(" = 0 [key %x]", key->serial);
 913	return 0;
 914}
 915
 916/*
 917 * grab the security keyring for a server socket
 918 */
 919int rxrpc_server_keyring(struct rxrpc_sock *rx, char __user *optval,
 920			 int optlen)
 921{
 922	struct key *key;
 923	char *description;
 924
 925	_enter("");
 926
 927	if (optlen <= 0 || optlen > PAGE_SIZE - 1)
 928		return -EINVAL;
 929
 930	description = memdup_user_nul(optval, optlen);
 931	if (IS_ERR(description))
 932		return PTR_ERR(description);
 933
 934	key = request_key(&key_type_keyring, description, NULL);
 935	if (IS_ERR(key)) {
 936		kfree(description);
 937		_leave(" = %ld", PTR_ERR(key));
 938		return PTR_ERR(key);
 939	}
 940
 941	rx->securities = key;
 942	kfree(description);
 943	_leave(" = 0 [key %x]", key->serial);
 944	return 0;
 945}
 946
 947/*
 948 * generate a server data key
 949 */
 950int rxrpc_get_server_data_key(struct rxrpc_connection *conn,
 951			      const void *session_key,
 952			      time_t expiry,
 953			      u32 kvno)
 954{
 955	const struct cred *cred = current_cred();
 956	struct key *key;
 957	int ret;
 958
 959	struct {
 960		u32 kver;
 961		struct rxrpc_key_data_v1 v1;
 962	} data;
 963
 964	_enter("");
 965
 966	key = key_alloc(&key_type_rxrpc, "x",
 967			GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, cred, 0,
 968			KEY_ALLOC_NOT_IN_QUOTA);
 969	if (IS_ERR(key)) {
 970		_leave(" = -ENOMEM [alloc %ld]", PTR_ERR(key));
 971		return -ENOMEM;
 972	}
 973
 974	_debug("key %d", key_serial(key));
 975
 976	data.kver = 1;
 977	data.v1.security_index = RXRPC_SECURITY_RXKAD;
 978	data.v1.ticket_length = 0;
 979	data.v1.expiry = expiry;
 980	data.v1.kvno = 0;
 981
 982	memcpy(&data.v1.session_key, session_key, sizeof(data.v1.session_key));
 983
 984	ret = key_instantiate_and_link(key, &data, sizeof(data), NULL, NULL);
 985	if (ret < 0)
 986		goto error;
 987
 988	conn->key = key;
 989	_leave(" = 0 [%d]", key_serial(key));
 990	return 0;
 991
 992error:
 993	key_revoke(key);
 994	key_put(key);
 995	_leave(" = -ENOMEM [ins %d]", ret);
 996	return -ENOMEM;
 997}
 998EXPORT_SYMBOL(rxrpc_get_server_data_key);
 999
1000/**
1001 * rxrpc_get_null_key - Generate a null RxRPC key
1002 * @keyname: The name to give the key.
1003 *
1004 * Generate a null RxRPC key that can be used to indicate anonymous security is
1005 * required for a particular domain.
1006 */
1007struct key *rxrpc_get_null_key(const char *keyname)
1008{
1009	const struct cred *cred = current_cred();
1010	struct key *key;
1011	int ret;
1012
1013	key = key_alloc(&key_type_rxrpc, keyname,
1014			GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, cred,
1015			KEY_POS_SEARCH, KEY_ALLOC_NOT_IN_QUOTA);
1016	if (IS_ERR(key))
1017		return key;
1018
1019	ret = key_instantiate_and_link(key, NULL, 0, NULL, NULL);
1020	if (ret < 0) {
1021		key_revoke(key);
1022		key_put(key);
1023		return ERR_PTR(ret);
1024	}
1025
1026	return key;
1027}
1028EXPORT_SYMBOL(rxrpc_get_null_key);
1029
1030/*
1031 * read the contents of an rxrpc key
1032 * - this returns the result in XDR form
1033 */
1034static long rxrpc_read(const struct key *key,
1035		       char __user *buffer, size_t buflen)
1036{
1037	const struct rxrpc_key_token *token;
1038	const struct krb5_principal *princ;
1039	size_t size;
1040	__be32 __user *xdr, *oldxdr;
1041	u32 cnlen, toksize, ntoks, tok, zero;
1042	u16 toksizes[AFSTOKEN_MAX];
1043	int loop;
1044
1045	_enter("");
1046
1047	/* we don't know what form we should return non-AFS keys in */
1048	if (memcmp(key->description, "afs@", 4) != 0)
1049		return -EOPNOTSUPP;
1050	cnlen = strlen(key->description + 4);
1051
1052#define RND(X) (((X) + 3) & ~3)
1053
1054	/* AFS keys we return in XDR form, so we need to work out the size of
1055	 * the XDR */
1056	size = 2 * 4;	/* flags, cellname len */
1057	size += RND(cnlen);	/* cellname */
1058	size += 1 * 4;	/* token count */
1059
1060	ntoks = 0;
1061	for (token = key->payload.data[0]; token; token = token->next) {
1062		toksize = 4;	/* sec index */
1063
1064		switch (token->security_index) {
1065		case RXRPC_SECURITY_RXKAD:
1066			toksize += 8 * 4;	/* viceid, kvno, key*2, begin,
1067						 * end, primary, tktlen */
1068			toksize += RND(token->kad->ticket_len);
1069			break;
1070
1071		case RXRPC_SECURITY_RXK5:
1072			princ = &token->k5->client;
1073			toksize += 4 + princ->n_name_parts * 4;
1074			for (loop = 0; loop < princ->n_name_parts; loop++)
1075				toksize += RND(strlen(princ->name_parts[loop]));
1076			toksize += 4 + RND(strlen(princ->realm));
1077
1078			princ = &token->k5->server;
1079			toksize += 4 + princ->n_name_parts * 4;
1080			for (loop = 0; loop < princ->n_name_parts; loop++)
1081				toksize += RND(strlen(princ->name_parts[loop]));
1082			toksize += 4 + RND(strlen(princ->realm));
1083
1084			toksize += 8 + RND(token->k5->session.data_len);
1085
1086			toksize += 4 * 8 + 2 * 4;
1087
1088			toksize += 4 + token->k5->n_addresses * 8;
1089			for (loop = 0; loop < token->k5->n_addresses; loop++)
1090				toksize += RND(token->k5->addresses[loop].data_len);
1091
1092			toksize += 4 + RND(token->k5->ticket_len);
1093			toksize += 4 + RND(token->k5->ticket2_len);
1094
1095			toksize += 4 + token->k5->n_authdata * 8;
1096			for (loop = 0; loop < token->k5->n_authdata; loop++)
1097				toksize += RND(token->k5->authdata[loop].data_len);
1098			break;
1099
1100		default: /* we have a ticket we can't encode */
1101			BUG();
1102			continue;
1103		}
1104
1105		_debug("token[%u]: toksize=%u", ntoks, toksize);
1106		ASSERTCMP(toksize, <=, AFSTOKEN_LENGTH_MAX);
1107
1108		toksizes[ntoks++] = toksize;
1109		size += toksize + 4; /* each token has a length word */
1110	}
1111
1112#undef RND
1113
1114	if (!buffer || buflen < size)
1115		return size;
1116
1117	xdr = (__be32 __user *) buffer;
1118	zero = 0;
1119#define ENCODE(x)				\
1120	do {					\
1121		__be32 y = htonl(x);		\
1122		if (put_user(y, xdr++) < 0)	\
1123			goto fault;		\
1124	} while(0)
1125#define ENCODE_DATA(l, s)						\
1126	do {								\
1127		u32 _l = (l);						\
1128		ENCODE(l);						\
1129		if (copy_to_user(xdr, (s), _l) != 0)			\
1130			goto fault;					\
1131		if (_l & 3 &&						\
1132		    copy_to_user((u8 __user *)xdr + _l, &zero, 4 - (_l & 3)) != 0) \
1133			goto fault;					\
1134		xdr += (_l + 3) >> 2;					\
1135	} while(0)
1136#define ENCODE64(x)					\
1137	do {						\
1138		__be64 y = cpu_to_be64(x);		\
1139		if (copy_to_user(xdr, &y, 8) != 0)	\
1140			goto fault;			\
1141		xdr += 8 >> 2;				\
1142	} while(0)
1143#define ENCODE_STR(s)				\
1144	do {					\
1145		const char *_s = (s);		\
1146		ENCODE_DATA(strlen(_s), _s);	\
1147	} while(0)
1148
1149	ENCODE(0);					/* flags */
1150	ENCODE_DATA(cnlen, key->description + 4);	/* cellname */
1151	ENCODE(ntoks);
1152
1153	tok = 0;
1154	for (token = key->payload.data[0]; token; token = token->next) {
1155		toksize = toksizes[tok++];
1156		ENCODE(toksize);
1157		oldxdr = xdr;
1158		ENCODE(token->security_index);
1159
1160		switch (token->security_index) {
1161		case RXRPC_SECURITY_RXKAD:
1162			ENCODE(token->kad->vice_id);
1163			ENCODE(token->kad->kvno);
1164			ENCODE_DATA(8, token->kad->session_key);
1165			ENCODE(token->kad->start);
1166			ENCODE(token->kad->expiry);
1167			ENCODE(token->kad->primary_flag);
1168			ENCODE_DATA(token->kad->ticket_len, token->kad->ticket);
1169			break;
1170
1171		case RXRPC_SECURITY_RXK5:
1172			princ = &token->k5->client;
1173			ENCODE(princ->n_name_parts);
1174			for (loop = 0; loop < princ->n_name_parts; loop++)
1175				ENCODE_STR(princ->name_parts[loop]);
1176			ENCODE_STR(princ->realm);
1177
1178			princ = &token->k5->server;
1179			ENCODE(princ->n_name_parts);
1180			for (loop = 0; loop < princ->n_name_parts; loop++)
1181				ENCODE_STR(princ->name_parts[loop]);
1182			ENCODE_STR(princ->realm);
1183
1184			ENCODE(token->k5->session.tag);
1185			ENCODE_DATA(token->k5->session.data_len,
1186				    token->k5->session.data);
1187
1188			ENCODE64(token->k5->authtime);
1189			ENCODE64(token->k5->starttime);
1190			ENCODE64(token->k5->endtime);
1191			ENCODE64(token->k5->renew_till);
1192			ENCODE(token->k5->is_skey);
1193			ENCODE(token->k5->flags);
1194
1195			ENCODE(token->k5->n_addresses);
1196			for (loop = 0; loop < token->k5->n_addresses; loop++) {
1197				ENCODE(token->k5->addresses[loop].tag);
1198				ENCODE_DATA(token->k5->addresses[loop].data_len,
1199					    token->k5->addresses[loop].data);
1200			}
1201
1202			ENCODE_DATA(token->k5->ticket_len, token->k5->ticket);
1203			ENCODE_DATA(token->k5->ticket2_len, token->k5->ticket2);
1204
1205			ENCODE(token->k5->n_authdata);
1206			for (loop = 0; loop < token->k5->n_authdata; loop++) {
1207				ENCODE(token->k5->authdata[loop].tag);
1208				ENCODE_DATA(token->k5->authdata[loop].data_len,
1209					    token->k5->authdata[loop].data);
1210			}
1211			break;
1212
1213		default:
1214			BUG();
1215			break;
1216		}
1217
1218		ASSERTCMP((unsigned long)xdr - (unsigned long)oldxdr, ==,
1219			  toksize);
1220	}
1221
1222#undef ENCODE_STR
1223#undef ENCODE_DATA
1224#undef ENCODE64
1225#undef ENCODE
1226
1227	ASSERTCMP(tok, ==, ntoks);
1228	ASSERTCMP((char __user *) xdr - buffer, ==, size);
1229	_leave(" = %zu", size);
1230	return size;
1231
1232fault:
1233	_leave(" = -EFAULT");
1234	return -EFAULT;
1235}