1// SPDX-License-Identifier: GPL-2.0-or-later
  2/* RxRPC security handling
  3 *
  4 * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
  5 * Written by David Howells (dhowells@redhat.com)
 
 
 
 
 
  6 */
  7
  8#include <linux/module.h>
  9#include <linux/net.h>
 10#include <linux/skbuff.h>
 11#include <linux/udp.h>
 12#include <linux/crypto.h>
 13#include <net/sock.h>
 14#include <net/af_rxrpc.h>
 15#include <keys/rxrpc-type.h>
 16#include "ar-internal.h"
 17
 18static const struct rxrpc_security *rxrpc_security_types[] = {
 19	[RXRPC_SECURITY_NONE]	= &rxrpc_no_security,
 20#ifdef CONFIG_RXKAD
 21	[RXRPC_SECURITY_RXKAD]	= &rxkad,
 22#endif
 23};
 24
 25int __init rxrpc_init_security(void)
 26{
 27	int i, ret;
 28
 29	for (i = 0; i < ARRAY_SIZE(rxrpc_security_types); i++) {
 30		if (rxrpc_security_types[i]) {
 31			ret = rxrpc_security_types[i]->init();
 32			if (ret < 0)
 33				goto failed;
 34		}
 35	}
 36
 37	return 0;
 38
 39failed:
 40	for (i--; i >= 0; i--)
 41		if (rxrpc_security_types[i])
 42			rxrpc_security_types[i]->exit();
 43	return ret;
 44}
 45
 46void rxrpc_exit_security(void)
 47{
 48	int i;
 49
 50	for (i = 0; i < ARRAY_SIZE(rxrpc_security_types); i++)
 51		if (rxrpc_security_types[i])
 52			rxrpc_security_types[i]->exit();
 53}
 54
 55/*
 56 * look up an rxrpc security module
 57 */
 58const struct rxrpc_security *rxrpc_security_lookup(u8 security_index)
 59{
 60	if (security_index >= ARRAY_SIZE(rxrpc_security_types))
 61		return NULL;
 62	return rxrpc_security_types[security_index];
 63}
 64
 65/*
 66 * Initialise the security on a client call.
 67 */
 68int rxrpc_init_client_call_security(struct rxrpc_call *call)
 69{
 70	const struct rxrpc_security *sec = &rxrpc_no_security;
 71	struct rxrpc_key_token *token;
 72	struct key *key = call->key;
 73	int ret;
 74
 
 
 75	if (!key)
 76		goto found;
 77
 78	ret = key_validate(key);
 79	if (ret < 0)
 80		return ret;
 81
 82	for (token = key->payload.data[0]; token; token = token->next) {
 83		sec = rxrpc_security_lookup(token->security_index);
 84		if (sec)
 85			goto found;
 86	}
 87	return -EKEYREJECTED;
 88
 89found:
 90	call->security = sec;
 91	call->security_ix = sec->security_index;
 92	return 0;
 93}
 94
 95/*
 96 * initialise the security on a client connection
 97 */
 98int rxrpc_init_client_conn_security(struct rxrpc_connection *conn)
 99{
100	struct rxrpc_key_token *token;
101	struct key *key = conn->key;
102	int ret = 0;
103
104	_enter("{%d},{%x}", conn->debug_id, key_serial(key));
105
106	for (token = key->payload.data[0]; token; token = token->next) {
107		if (token->security_index == conn->security->security_index)
108			goto found;
109	}
110	return -EKEYREJECTED;
111
112found:
113	mutex_lock(&conn->security_lock);
114	if (conn->state == RXRPC_CONN_CLIENT_UNSECURED) {
115		ret = conn->security->init_connection_security(conn, token);
116		if (ret == 0) {
117			spin_lock(&conn->state_lock);
118			if (conn->state == RXRPC_CONN_CLIENT_UNSECURED)
119				conn->state = RXRPC_CONN_CLIENT;
120			spin_unlock(&conn->state_lock);
121		}
122	}
123	mutex_unlock(&conn->security_lock);
124	return ret;
125}
126
127/*
128 * Set the ops a server connection.
129 */
130const struct rxrpc_security *rxrpc_get_incoming_security(struct rxrpc_sock *rx,
131							 struct sk_buff *skb)
132{
133	const struct rxrpc_security *sec;
134	struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
 
 
 
 
135
136	_enter("");
137
138	sec = rxrpc_security_lookup(sp->hdr.securityIndex);
 
 
139	if (!sec) {
140		rxrpc_direct_abort(skb, rxrpc_abort_unsupported_security,
141				   RX_INVALID_OPERATION, -EKEYREJECTED);
142		return NULL;
143	}
144
145	if (sp->hdr.securityIndex != RXRPC_SECURITY_NONE &&
146	    !rx->securities) {
147		rxrpc_direct_abort(skb, rxrpc_abort_no_service_key,
148				   sec->no_key_abort, -EKEYREJECTED);
149		return NULL;
 
 
 
 
 
 
 
 
 
 
 
 
 
150	}
151
152	return sec;
153}
154
155/*
156 * Find the security key for a server connection.
157 */
158struct key *rxrpc_look_up_server_security(struct rxrpc_connection *conn,
159					  struct sk_buff *skb,
160					  u32 kvno, u32 enctype)
161{
162	struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
163	struct rxrpc_sock *rx;
164	struct key *key = ERR_PTR(-EKEYREJECTED);
165	key_ref_t kref = NULL;
166	char kdesc[5 + 1 + 3 + 1 + 12 + 1 + 12 + 1];
167	int ret;
168
169	_enter("");
170
171	if (enctype)
172		sprintf(kdesc, "%u:%u:%u:%u",
173			sp->hdr.serviceId, sp->hdr.securityIndex, kvno, enctype);
174	else if (kvno)
175		sprintf(kdesc, "%u:%u:%u",
176			sp->hdr.serviceId, sp->hdr.securityIndex, kvno);
177	else
178		sprintf(kdesc, "%u:%u",
179			sp->hdr.serviceId, sp->hdr.securityIndex);
180
181	read_lock(&conn->local->services_lock);
182
183	rx = conn->local->service;
184	if (!rx)
185		goto out;
186
187	/* look through the service's keyring */
188	kref = keyring_search(make_key_ref(rx->securities, 1UL),
189			      &key_type_rxrpc_s, kdesc, true);
190	if (IS_ERR(kref)) {
191		key = ERR_CAST(kref);
192		goto out;
 
193	}
194
195	key = key_ref_to_ptr(kref);
 
196
197	ret = key_validate(key);
198	if (ret < 0) {
199		key_put(key);
200		key = ERR_PTR(ret);
201		goto out;
202	}
203
204out:
205	read_unlock(&conn->local->services_lock);
206	return key;
207}

 
  1/* RxRPC security handling
  2 *
  3 * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
  4 * Written by David Howells (dhowells@redhat.com)
  5 *
  6 * This program is free software; you can redistribute it and/or
  7 * modify it under the terms of the GNU General Public License
  8 * as published by the Free Software Foundation; either version
  9 * 2 of the License, or (at your option) any later version.
 10 */
 11
 12#include <linux/module.h>
 13#include <linux/net.h>
 14#include <linux/skbuff.h>
 15#include <linux/udp.h>
 16#include <linux/crypto.h>
 17#include <net/sock.h>
 18#include <net/af_rxrpc.h>
 19#include <keys/rxrpc-type.h>
 20#include "ar-internal.h"
 21
 22static const struct rxrpc_security *rxrpc_security_types[] = {
 23	[RXRPC_SECURITY_NONE]	= &rxrpc_no_security,
 24#ifdef CONFIG_RXKAD
 25	[RXRPC_SECURITY_RXKAD]	= &rxkad,
 26#endif
 27};
 28
 29int __init rxrpc_init_security(void)
 30{
 31	int i, ret;
 32
 33	for (i = 0; i < ARRAY_SIZE(rxrpc_security_types); i++) {
 34		if (rxrpc_security_types[i]) {
 35			ret = rxrpc_security_types[i]->init();
 36			if (ret < 0)
 37				goto failed;
 38		}
 39	}
 40
 41	return 0;
 42
 43failed:
 44	for (i--; i >= 0; i--)
 45		if (rxrpc_security_types[i])
 46			rxrpc_security_types[i]->exit();
 47	return ret;
 48}
 49
 50void rxrpc_exit_security(void)
 51{
 52	int i;
 53
 54	for (i = 0; i < ARRAY_SIZE(rxrpc_security_types); i++)
 55		if (rxrpc_security_types[i])
 56			rxrpc_security_types[i]->exit();
 57}
 58
 59/*
 60 * look up an rxrpc security module
 61 */
 62static const struct rxrpc_security *rxrpc_security_lookup(u8 security_index)
 63{
 64	if (security_index >= ARRAY_SIZE(rxrpc_security_types))
 65		return NULL;
 66	return rxrpc_security_types[security_index];
 67}
 68
 69/*
 70 * initialise the security on a client connection
 71 */
 72int rxrpc_init_client_conn_security(struct rxrpc_connection *conn)
 73{
 74	const struct rxrpc_security *sec;
 75	struct rxrpc_key_token *token;
 76	struct key *key = conn->params.key;
 77	int ret;
 78
 79	_enter("{%d},{%x}", conn->debug_id, key_serial(key));
 80
 81	if (!key)
 82		return 0;
 83
 84	ret = key_validate(key);
 85	if (ret < 0)
 86		return ret;
 87
 88	token = key->payload.data[0];
 89	if (!token)
 90		return -EKEYREJECTED;
 91
 92	sec = rxrpc_security_lookup(token->security_index);
 93	if (!sec)
 94		return -EKEYREJECTED;
 95	conn->security = sec;
 
 
 
 
 
 
 
 
 
 
 
 
 
 96
 97	ret = conn->security->init_connection_security(conn);
 98	if (ret < 0) {
 99		conn->security = &rxrpc_no_security;
100		return ret;
 
101	}
 
102
103	_leave(" = 0");
104	return 0;
 
 
 
 
 
 
 
 
 
 
 
105}
106
107/*
108 * initialise the security on a server connection
109 */
110int rxrpc_init_server_conn_security(struct rxrpc_connection *conn)
 
111{
112	const struct rxrpc_security *sec;
113	struct rxrpc_local *local = conn->params.local;
114	struct rxrpc_sock *rx;
115	struct key *key;
116	key_ref_t kref;
117	char kdesc[5 + 1 + 3 + 1];
118
119	_enter("");
120
121	sprintf(kdesc, "%u:%u", conn->service_id, conn->security_ix);
122
123	sec = rxrpc_security_lookup(conn->security_ix);
124	if (!sec) {
125		_leave(" = -ENOKEY [lookup]");
126		return -ENOKEY;
 
127	}
128
129	/* find the service */
130	read_lock(&local->services_lock);
131	rx = rcu_dereference_protected(local->service,
132				       lockdep_is_held(&local->services_lock));
133	if (rx && (rx->srx.srx_service == conn->service_id ||
134		   rx->second_service == conn->service_id))
135		goto found_service;
136
137	/* the service appears to have died */
138	read_unlock(&local->services_lock);
139	_leave(" = -ENOENT");
140	return -ENOENT;
141
142found_service:
143	if (!rx->securities) {
144		read_unlock(&local->services_lock);
145		_leave(" = -ENOKEY");
146		return -ENOKEY;
147	}
148
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
149	/* look through the service's keyring */
150	kref = keyring_search(make_key_ref(rx->securities, 1UL),
151			      &key_type_rxrpc_s, kdesc);
152	if (IS_ERR(kref)) {
153		read_unlock(&local->services_lock);
154		_leave(" = %ld [search]", PTR_ERR(kref));
155		return PTR_ERR(kref);
156	}
157
158	key = key_ref_to_ptr(kref);
159	read_unlock(&local->services_lock);
160
161	conn->server_key = key;
162	conn->security = sec;
 
 
 
 
163
164	_leave(" = 0");
165	return 0;
 
166}