1// SPDX-License-Identifier: GPL-2.0-or-later
  2/* RxRPC security handling
  3 *
  4 * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
  5 * Written by David Howells (dhowells@redhat.com)
 
 
 
 
 
  6 */
  7
  8#include <linux/module.h>
  9#include <linux/net.h>
 10#include <linux/skbuff.h>
 11#include <linux/udp.h>
 12#include <linux/crypto.h>
 13#include <net/sock.h>
 14#include <net/af_rxrpc.h>
 15#include <keys/rxrpc-type.h>
 16#include "ar-internal.h"
 17
 
 
 
 18static const struct rxrpc_security *rxrpc_security_types[] = {
 19	[RXRPC_SECURITY_NONE]	= &rxrpc_no_security,
 20#ifdef CONFIG_RXKAD
 21	[RXRPC_SECURITY_RXKAD]	= &rxkad,
 22#endif
 23};
 24
 25int __init rxrpc_init_security(void)
 26{
 27	int i, ret;
 28
 29	for (i = 0; i < ARRAY_SIZE(rxrpc_security_types); i++) {
 30		if (rxrpc_security_types[i]) {
 31			ret = rxrpc_security_types[i]->init();
 32			if (ret < 0)
 33				goto failed;
 34		}
 35	}
 36
 37	return 0;
 38
 39failed:
 40	for (i--; i >= 0; i--)
 41		if (rxrpc_security_types[i])
 42			rxrpc_security_types[i]->exit();
 43	return ret;
 44}
 45
 46void rxrpc_exit_security(void)
 47{
 48	int i;
 49
 50	for (i = 0; i < ARRAY_SIZE(rxrpc_security_types); i++)
 51		if (rxrpc_security_types[i])
 52			rxrpc_security_types[i]->exit();
 53}
 54
 55/*
 56 * look up an rxrpc security module
 57 */
 58const struct rxrpc_security *rxrpc_security_lookup(u8 security_index)
 59{
 60	if (security_index >= ARRAY_SIZE(rxrpc_security_types))
 61		return NULL;
 62	return rxrpc_security_types[security_index];
 63}
 64
 65/*
 66 * Initialise the security on a client call.
 67 */
 68int rxrpc_init_client_call_security(struct rxrpc_call *call)
 69{
 70	const struct rxrpc_security *sec = &rxrpc_no_security;
 71	struct rxrpc_key_token *token;
 72	struct key *key = call->key;
 73	int ret;
 74
 
 
 75	if (!key)
 76		goto found;
 77
 78	ret = key_validate(key);
 79	if (ret < 0)
 80		return ret;
 81
 82	for (token = key->payload.data[0]; token; token = token->next) {
 83		sec = rxrpc_security_lookup(token->security_index);
 84		if (sec)
 85			goto found;
 86	}
 87	return -EKEYREJECTED;
 88
 89found:
 90	call->security = sec;
 91	call->security_ix = sec->security_index;
 92	return 0;
 93}
 94
 95/*
 96 * initialise the security on a client connection
 97 */
 98int rxrpc_init_client_conn_security(struct rxrpc_connection *conn)
 99{
100	struct rxrpc_key_token *token;
101	struct key *key = conn->key;
102	int ret = 0;
103
104	_enter("{%d},{%x}", conn->debug_id, key_serial(key));
105
106	for (token = key->payload.data[0]; token; token = token->next) {
107		if (token->security_index == conn->security->security_index)
108			goto found;
109	}
110	return -EKEYREJECTED;
111
112found:
113	mutex_lock(&conn->security_lock);
114	if (conn->state == RXRPC_CONN_CLIENT_UNSECURED) {
115		ret = conn->security->init_connection_security(conn, token);
116		if (ret == 0) {
117			spin_lock(&conn->state_lock);
118			if (conn->state == RXRPC_CONN_CLIENT_UNSECURED)
119				conn->state = RXRPC_CONN_CLIENT;
120			spin_unlock(&conn->state_lock);
121		}
122	}
123	mutex_unlock(&conn->security_lock);
124	return ret;
125}
126
127/*
128 * Set the ops a server connection.
129 */
130const struct rxrpc_security *rxrpc_get_incoming_security(struct rxrpc_sock *rx,
131							 struct sk_buff *skb)
132{
133	const struct rxrpc_security *sec;
134	struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
 
 
 
 
135
136	_enter("");
137
138	sec = rxrpc_security_lookup(sp->hdr.securityIndex);
 
 
139	if (!sec) {
140		rxrpc_direct_abort(skb, rxrpc_abort_unsupported_security,
141				   RX_INVALID_OPERATION, -EKEYREJECTED);
142		return NULL;
143	}
144
145	if (sp->hdr.securityIndex != RXRPC_SECURITY_NONE &&
146	    !rx->securities) {
147		rxrpc_direct_abort(skb, rxrpc_abort_no_service_key,
148				   sec->no_key_abort, -EKEYREJECTED);
149		return NULL;
 
 
 
 
 
 
 
 
 
 
 
 
150	}
151
152	return sec;
153}
154
155/*
156 * Find the security key for a server connection.
157 */
158struct key *rxrpc_look_up_server_security(struct rxrpc_connection *conn,
159					  struct sk_buff *skb,
160					  u32 kvno, u32 enctype)
161{
162	struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
163	struct rxrpc_sock *rx;
164	struct key *key = ERR_PTR(-EKEYREJECTED);
165	key_ref_t kref = NULL;
166	char kdesc[5 + 1 + 3 + 1 + 12 + 1 + 12 + 1];
167	int ret;
168
169	_enter("");
170
171	if (enctype)
172		sprintf(kdesc, "%u:%u:%u:%u",
173			sp->hdr.serviceId, sp->hdr.securityIndex, kvno, enctype);
174	else if (kvno)
175		sprintf(kdesc, "%u:%u:%u",
176			sp->hdr.serviceId, sp->hdr.securityIndex, kvno);
177	else
178		sprintf(kdesc, "%u:%u",
179			sp->hdr.serviceId, sp->hdr.securityIndex);
180
181	read_lock(&conn->local->services_lock);
182
183	rx = conn->local->service;
184	if (!rx)
185		goto out;
186
187	/* look through the service's keyring */
188	kref = keyring_search(make_key_ref(rx->securities, 1UL),
189			      &key_type_rxrpc_s, kdesc, true);
190	if (IS_ERR(kref)) {
191		key = ERR_CAST(kref);
192		goto out;
 
193	}
194
195	key = key_ref_to_ptr(kref);
 
196
197	ret = key_validate(key);
198	if (ret < 0) {
199		key_put(key);
200		key = ERR_PTR(ret);
201		goto out;
202	}
203
204out:
205	read_unlock(&conn->local->services_lock);
206	return key;
207}

 
  1/* RxRPC security handling
  2 *
  3 * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
  4 * Written by David Howells (dhowells@redhat.com)
  5 *
  6 * This program is free software; you can redistribute it and/or
  7 * modify it under the terms of the GNU General Public License
  8 * as published by the Free Software Foundation; either version
  9 * 2 of the License, or (at your option) any later version.
 10 */
 11
 12#include <linux/module.h>
 13#include <linux/net.h>
 14#include <linux/skbuff.h>
 15#include <linux/udp.h>
 16#include <linux/crypto.h>
 17#include <net/sock.h>
 18#include <net/af_rxrpc.h>
 19#include <keys/rxrpc-type.h>
 20#include "ar-internal.h"
 21
 22static LIST_HEAD(rxrpc_security_methods);
 23static DECLARE_RWSEM(rxrpc_security_sem);
 24
 25static const struct rxrpc_security *rxrpc_security_types[] = {
 26	[RXRPC_SECURITY_NONE]	= &rxrpc_no_security,
 27#ifdef CONFIG_RXKAD
 28	[RXRPC_SECURITY_RXKAD]	= &rxkad,
 29#endif
 30};
 31
 32int __init rxrpc_init_security(void)
 33{
 34	int i, ret;
 35
 36	for (i = 0; i < ARRAY_SIZE(rxrpc_security_types); i++) {
 37		if (rxrpc_security_types[i]) {
 38			ret = rxrpc_security_types[i]->init();
 39			if (ret < 0)
 40				goto failed;
 41		}
 42	}
 43
 44	return 0;
 45
 46failed:
 47	for (i--; i >= 0; i--)
 48		if (rxrpc_security_types[i])
 49			rxrpc_security_types[i]->exit();
 50	return ret;
 51}
 52
 53void rxrpc_exit_security(void)
 54{
 55	int i;
 56
 57	for (i = 0; i < ARRAY_SIZE(rxrpc_security_types); i++)
 58		if (rxrpc_security_types[i])
 59			rxrpc_security_types[i]->exit();
 60}
 61
 62/*
 63 * look up an rxrpc security module
 64 */
 65static const struct rxrpc_security *rxrpc_security_lookup(u8 security_index)
 66{
 67	if (security_index >= ARRAY_SIZE(rxrpc_security_types))
 68		return NULL;
 69	return rxrpc_security_types[security_index];
 70}
 71
 72/*
 73 * initialise the security on a client connection
 74 */
 75int rxrpc_init_client_conn_security(struct rxrpc_connection *conn)
 76{
 77	const struct rxrpc_security *sec;
 78	struct rxrpc_key_token *token;
 79	struct key *key = conn->params.key;
 80	int ret;
 81
 82	_enter("{%d},{%x}", conn->debug_id, key_serial(key));
 83
 84	if (!key)
 85		return 0;
 86
 87	ret = key_validate(key);
 88	if (ret < 0)
 89		return ret;
 90
 91	token = key->payload.data[0];
 92	if (!token)
 93		return -EKEYREJECTED;
 94
 95	sec = rxrpc_security_lookup(token->security_index);
 96	if (!sec)
 97		return -EKEYREJECTED;
 98	conn->security = sec;
 
 
 
 
 99
100	ret = conn->security->init_connection_security(conn);
101	if (ret < 0) {
102		conn->security = &rxrpc_no_security;
103		return ret;
 
 
 
 
 
 
 
 
 
 
104	}
 
105
106	_leave(" = 0");
107	return 0;
 
 
 
 
 
 
 
 
 
 
 
108}
109
110/*
111 * initialise the security on a server connection
112 */
113int rxrpc_init_server_conn_security(struct rxrpc_connection *conn)
 
114{
115	const struct rxrpc_security *sec;
116	struct rxrpc_local *local = conn->params.local;
117	struct rxrpc_sock *rx;
118	struct key *key;
119	key_ref_t kref;
120	char kdesc[5 + 1 + 3 + 1];
121
122	_enter("");
123
124	sprintf(kdesc, "%u:%u", conn->params.service_id, conn->security_ix);
125
126	sec = rxrpc_security_lookup(conn->security_ix);
127	if (!sec) {
128		_leave(" = -ENOKEY [lookup]");
129		return -ENOKEY;
 
130	}
131
132	/* find the service */
133	read_lock(&local->services_lock);
134	rx = rcu_dereference_protected(local->service,
135				       lockdep_is_held(&local->services_lock));
136	if (rx && rx->srx.srx_service == conn->params.service_id)
137		goto found_service;
138
139	/* the service appears to have died */
140	read_unlock(&local->services_lock);
141	_leave(" = -ENOENT");
142	return -ENOENT;
143
144found_service:
145	if (!rx->securities) {
146		read_unlock(&local->services_lock);
147		_leave(" = -ENOKEY");
148		return -ENOKEY;
149	}
150
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
151	/* look through the service's keyring */
152	kref = keyring_search(make_key_ref(rx->securities, 1UL),
153			      &key_type_rxrpc_s, kdesc);
154	if (IS_ERR(kref)) {
155		read_unlock(&local->services_lock);
156		_leave(" = %ld [search]", PTR_ERR(kref));
157		return PTR_ERR(kref);
158	}
159
160	key = key_ref_to_ptr(kref);
161	read_unlock(&local->services_lock);
162
163	conn->server_key = key;
164	conn->security = sec;
 
 
 
 
165
166	_leave(" = 0");
167	return 0;
 
168}