xref: /kernel/linux/linux-6.6/net/rxrpc/rxkad.c

42 static int rxkad_prime_packet_security(struct rxrpc_connection *conn,
100 static int rxkad_init_connection_security(struct rxrpc_connection *conn,
106 	_enter("{%d},{%x}", conn->debug_id, key_serial(conn->key));
108 	conn->security_ix = token->security_index;
121 	switch (conn->security_level) {
131 	ret = rxkad_prime_packet_security(conn, ci);
135 	conn->rxkad.cipher = ci;
153 	switch (call->conn->security_level) {
183 static int rxkad_prime_packet_security(struct rxrpc_connection *conn,
195 	if (!conn->key)
208 	token = conn->key->payload.data[0];
211 	tmpbuf[0] = htonl(conn->proto.epoch);
212 	tmpbuf[1] = htonl(conn->proto.cid);
214 	tmpbuf[3] = htonl(conn->security_ix);
223 	memcpy(&conn->rxkad.csum_iv, tmpbuf + 2, sizeof(conn->rxkad.csum_iv));
235 	struct crypto_skcipher *tfm = &call->conn->rxkad.cipher->base;
278 	skcipher_request_set_sync_tfm(req, call->conn->rxkad.cipher);
320 	token = call->conn->key->payload.data[0];
324 	skcipher_request_set_sync_tfm(req, call->conn->rxkad.cipher);
347 	       call->debug_id, key_serial(call->conn->key),
350 	if (!call->conn->rxkad.cipher)
353 	ret = key_validate(call->conn->key);
362 	memcpy(&iv, call->conn->rxkad.csum_iv.x, sizeof(iv));
371 	skcipher_request_set_sync_tfm(req, call->conn->rxkad.cipher);
383 	switch (call->conn->security_level) {
435 	skcipher_request_set_sync_tfm(req, call->conn->rxkad.cipher);
510 	token = call->conn->key->payload.data[0];
513 	skcipher_request_set_sync_tfm(req, call->conn->rxkad.cipher);
565 	       call->debug_id, key_serial(call->conn->key), seq);
567 	if (!call->conn->rxkad.cipher)
575 	memcpy(&iv, call->conn->rxkad.csum_iv.x, sizeof(iv));
584 	skcipher_request_set_sync_tfm(req, call->conn->rxkad.cipher);
601 	switch (call->conn->security_level) {
624 static int rxkad_issue_challenge(struct rxrpc_connection *conn)
634 	_enter("{%d}", conn->debug_id);
636 	get_random_bytes(&conn->rxkad.nonce, sizeof(conn->rxkad.nonce));
639 	challenge.nonce		= htonl(conn->rxkad.nonce);
643 	msg.msg_name	= &conn->peer->srx.transport;
644 	msg.msg_namelen	= conn->peer->srx.transport_len;
649 	whdr.epoch	= htonl(conn->proto.epoch);
650 	whdr.cid	= htonl(conn->proto.cid);
654 	whdr.flags	= conn->out_clientflag;
656 	whdr.securityIndex = conn->security_ix;
658 	whdr.serviceId	= htons(conn->service_id);
667 	serial = rxrpc_get_next_serial(conn);
670 	ret = kernel_sendmsg(conn->local->socket, &msg, iov, 2, len);
672 		trace_rxrpc_tx_fail(conn->debug_id, serial, ret,
677 	conn->peer->last_tx_at = ktime_get_seconds();
678 	trace_rxrpc_tx_packet(conn->debug_id, &whdr,
687 static int rxkad_send_response(struct rxrpc_connection *conn,
701 	msg.msg_name	= &conn->peer->srx.transport;
702 	msg.msg_namelen	= conn->peer->srx.transport_len;
711 	whdr.flags	= conn->out_clientflag;
724 	serial = rxrpc_get_next_serial(conn);
727 	rxrpc_local_dont_fragment(conn->local, false);
728 	ret = kernel_sendmsg(conn->local->socket, &msg, iov, 3, len);
729 	rxrpc_local_dont_fragment(conn->local, true);
731 		trace_rxrpc_tx_fail(conn->debug_id, serial, ret,
736 	conn->peer->last_tx_at = ktime_get_seconds();
759 static int rxkad_encrypt_response(struct rxrpc_connection *conn,
767 	req = skcipher_request_alloc(&conn->rxkad.cipher->base, GFP_NOFS);
776 	skcipher_request_set_sync_tfm(req, conn->rxkad.cipher);
787 static int rxkad_respond_to_challenge(struct rxrpc_connection *conn,
797 	_enter("{%d,%x}", conn->debug_id, key_serial(conn->key));
799 	if (!conn->key)
800 		return rxrpc_abort_conn(conn, skb, RX_PROTOCOL_ERROR, -EPROTO,
803 	ret = key_validate(conn->key);
805 		return rxrpc_abort_conn(conn, skb, RXKADEXPIRED, ret,
810 		return rxrpc_abort_conn(conn, skb, RXKADPACKETSHORT, -EPROTO,
817 	trace_rxrpc_rx_challenge(conn, sp->hdr.serial, version, nonce, min_level);
820 		return rxrpc_abort_conn(conn, skb, RXKADINCONSISTENCY, -EPROTO,
823 	if (conn->security_level < min_level)
824 		return rxrpc_abort_conn(conn, skb, RXKADLEVELFAIL, -EACCES,
827 	token = conn->key->payload.data[0];
835 	resp->encrypted.epoch		= htonl(conn->proto.epoch);
836 	resp->encrypted.cid		= htonl(conn->proto.cid);
837 	resp->encrypted.securityIndex	= htonl(conn->security_ix);
839 	resp->encrypted.level		= htonl(conn->security_level);
842 	resp->encrypted.call_id[0]	= htonl(conn->channels[0].call_counter);
843 	resp->encrypted.call_id[1]	= htonl(conn->channels[1].call_counter);
844 	resp->encrypted.call_id[2]	= htonl(conn->channels[2].call_counter);
845 	resp->encrypted.call_id[3]	= htonl(conn->channels[3].call_counter);
849 	ret = rxkad_encrypt_response(conn, resp, token->kad);
851 		ret = rxkad_send_response(conn, &sp->hdr, resp, token->kad);
859 static int rxkad_decrypt_ticket(struct rxrpc_connection *conn,
875 	_enter("{%d},{%x}", conn->debug_id, key_serial(server_key));
903 				conn, skb, RXKADBADTICKET, -EPROTO,	\
908 					conn, skb, RXKADBADTICKET, -EPROTO, \
932 		return rxrpc_abort_conn(conn, skb, RXKADBADTICKET, -EPROTO,
966 		return rxrpc_abort_conn(conn, skb, RXKADNOAUTH, -EKEYREJECTED,
969 		return rxrpc_abort_conn(conn, skb, RXKADEXPIRED, -EKEYEXPIRED,
987 static void rxkad_decrypt_response(struct rxrpc_connection *conn,
1021 static int rxkad_verify_response(struct rxrpc_connection *conn,
1034 	_enter("{%d}", conn->debug_id);
1036 	server_key = rxrpc_look_up_server_security(conn, skb, 0, 0);
1041 			return rxrpc_abort_conn(conn, skb, RXKADUNKNOWNKEY, ret,
1044 			return rxrpc_abort_conn(conn, skb, RXKADEXPIRED, ret,
1047 			return rxrpc_abort_conn(conn, skb, RXKADNOAUTH, ret,
1059 		rxrpc_abort_conn(conn, skb, RXKADPACKETSHORT, -EPROTO,
1068 	trace_rxrpc_rx_response(conn, sp->hdr.serial, version, kvno, ticket_len);
1071 		rxrpc_abort_conn(conn, skb, RXKADINCONSISTENCY, -EPROTO,
1077 		rxrpc_abort_conn(conn, skb, RXKADTICKETLEN, -EPROTO,
1083 		rxrpc_abort_conn(conn, skb, RXKADUNKNOWNKEY, -EPROTO,
1096 		rxrpc_abort_conn(conn, skb, RXKADPACKETSHORT, -EPROTO,
1101 	ret = rxkad_decrypt_ticket(conn, server_key, skb, ticket, ticket_len,
1108 	rxkad_decrypt_response(conn, response, &session_key);
1110 	if (ntohl(response->encrypted.epoch) != conn->proto.epoch ||
1111 	    ntohl(response->encrypted.cid) != conn->proto.cid ||
1112 	    ntohl(response->encrypted.securityIndex) != conn->security_ix) {
1113 		rxrpc_abort_conn(conn, skb, RXKADSEALEDINCON, -EPROTO,
1122 		rxrpc_abort_conn(conn, skb, RXKADSEALEDINCON, -EPROTO,
1129 		u32 counter = READ_ONCE(conn->channels[i].call_counter);
1132 			rxrpc_abort_conn(conn, skb, RXKADSEALEDINCON, -EPROTO,
1138 			rxrpc_abort_conn(conn, skb, RXKADSEALEDINCON, -EPROTO,
1144 			if (conn->channels[i].call) {
1145 				rxrpc_abort_conn(conn, skb, RXKADSEALEDINCON, -EPROTO,
1149 			conn->channels[i].call_counter = call_id;
1153 	if (ntohl(response->encrypted.inc_nonce) != conn->rxkad.nonce + 1) {
1154 		rxrpc_abort_conn(conn, skb, RXKADOUTOFSEQUENCE, -EPROTO,
1161 		rxrpc_abort_conn(conn, skb, RXKADLEVELFAIL, -EPROTO,
1165 	conn->security_level = level;
1170 	ret = rxrpc_get_server_data_key(conn, &session_key, expiry, kvno);
1202 static void rxkad_clear(struct rxrpc_connection *conn)
1206 	if (conn->rxkad.cipher)
1207 		crypto_free_sync_skcipher(conn->rxkad.cipher);

Indexes created Thu Nov 07 10:32:03 CST 2024