xref: /linux/net/rxrpc/security.c (revision 42f229c3) 
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /* RxRPC security handling
3  *
4  * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
5  * Written by David Howells (dhowells@redhat.com)
6  */
7 
8 #include <linux/module.h>
9 #include <linux/net.h>
10 #include <linux/skbuff.h>
11 #include <linux/udp.h>
12 #include <linux/crypto.h>
13 #include <net/sock.h>
14 #include <net/af_rxrpc.h>
15 #include <keys/rxrpc-type.h>
16 #include "ar-internal.h"
17 
18 static const struct rxrpc_security *rxrpc_security_types[] = {
19 	[RXRPC_SECURITY_NONE]	= &rxrpc_no_security,
20 #ifdef CONFIG_RXKAD
21 	[RXRPC_SECURITY_RXKAD]	= &rxkad,
22 #endif
23 };
24 
rxrpc_init_security(void)25 int __init rxrpc_init_security(void)
26 {
27 	int i, ret;
28 
29 	for (i = 0; i < ARRAY_SIZE(rxrpc_security_types); i++) {
30 		if (rxrpc_security_types[i]) {
31 			ret = rxrpc_security_types[i]->init();
32 			if (ret < 0)
33 				goto failed;
34 		}
35 	}
36 
37 	return 0;
38 
39 failed:
40 	for (i--; i >= 0; i--)
41 		if (rxrpc_security_types[i])
42 			rxrpc_security_types[i]->exit();
43 	return ret;
44 }
45 
rxrpc_exit_security(void)46 void rxrpc_exit_security(void)
47 {
48 	int i;
49 
50 	for (i = 0; i < ARRAY_SIZE(rxrpc_security_types); i++)
51 		if (rxrpc_security_types[i])
52 			rxrpc_security_types[i]->exit();
53 }
54 
55 /*
56  * look up an rxrpc security module
57  */
rxrpc_security_lookup(u8 security_index)58 const struct rxrpc_security *rxrpc_security_lookup(u8 security_index)
59 {
60 	if (security_index >= ARRAY_SIZE(rxrpc_security_types))
61 		return NULL;
62 	return rxrpc_security_types[security_index];
63 }
64 
65 /*
66  * Initialise the security on a client call.
67  */
rxrpc_init_client_call_security(struct rxrpc_call * call)68 int rxrpc_init_client_call_security(struct rxrpc_call *call)
69 {
70 	const struct rxrpc_security *sec = &rxrpc_no_security;
71 	struct rxrpc_key_token *token;
72 	struct key *key = call->key;
73 	int ret;
74 
75 	if (!key)
76 		goto found;
77 
78 	ret = key_validate(key);
79 	if (ret < 0)
80 		return ret;
81 
82 	for (token = key->payload.data[0]; token; token = token->next) {
83 		sec = rxrpc_security_lookup(token->security_index);
84 		if (sec)
85 			goto found;
86 	}
87 	return -EKEYREJECTED;
88 
89 found:
90 	call->security = sec;
91 	call->security_ix = sec->security_index;
92 	return 0;
93 }
94 
95 /*
96  * initialise the security on a client connection
97  */
rxrpc_init_client_conn_security(struct rxrpc_connection * conn)98 int rxrpc_init_client_conn_security(struct rxrpc_connection *conn)
99 {
100 	struct rxrpc_key_token *token;
101 	struct key *key = conn->key;
102 	int ret = 0;
103 
104 	_enter("{%d},{%x}", conn->debug_id, key_serial(key));
105 
106 	for (token = key->payload.data[0]; token; token = token->next) {
107 		if (token->security_index == conn->security->security_index)
108 			goto found;
109 	}
110 	return -EKEYREJECTED;
111 
112 found:
113 	mutex_lock(&conn->security_lock);
114 	if (conn->state == RXRPC_CONN_CLIENT_UNSECURED) {
115 		ret = conn->security->init_connection_security(conn, token);
116 		if (ret == 0) {
117 			spin_lock(&conn->state_lock);
118 			if (conn->state == RXRPC_CONN_CLIENT_UNSECURED)
119 				conn->state = RXRPC_CONN_CLIENT;
120 			spin_unlock(&conn->state_lock);
121 		}
122 	}
123 	mutex_unlock(&conn->security_lock);
124 	return ret;
125 }
126 
127 /*
128  * Set the ops a server connection.
129  */
rxrpc_get_incoming_security(struct rxrpc_sock * rx,struct sk_buff * skb)130 const struct rxrpc_security *rxrpc_get_incoming_security(struct rxrpc_sock *rx,
131 							 struct sk_buff *skb)
132 {
133 	const struct rxrpc_security *sec;
134 	struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
135 
136 	_enter("");
137 
138 	sec = rxrpc_security_lookup(sp->hdr.securityIndex);
139 	if (!sec) {
140 		rxrpc_direct_abort(skb, rxrpc_abort_unsupported_security,
141 				   RX_INVALID_OPERATION, -EKEYREJECTED);
142 		return NULL;
143 	}
144 
145 	if (sp->hdr.securityIndex != RXRPC_SECURITY_NONE &&
146 	    !rx->securities) {
147 		rxrpc_direct_abort(skb, rxrpc_abort_no_service_key,
148 				   sec->no_key_abort, -EKEYREJECTED);
149 		return NULL;
150 	}
151 
152 	return sec;
153 }
154 
155 /*
156  * Find the security key for a server connection.
157  */
rxrpc_look_up_server_security(struct rxrpc_connection * conn,struct sk_buff * skb,u32 kvno,u32 enctype)158 struct key *rxrpc_look_up_server_security(struct rxrpc_connection *conn,
159 					  struct sk_buff *skb,
160 					  u32 kvno, u32 enctype)
161 {
162 	struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
163 	struct rxrpc_sock *rx;
164 	struct key *key = ERR_PTR(-EKEYREJECTED);
165 	key_ref_t kref = NULL;
166 	char kdesc[5 + 1 + 3 + 1 + 12 + 1 + 12 + 1];
167 	int ret;
168 
169 	_enter("");
170 
171 	if (enctype)
172 		sprintf(kdesc, "%u:%u:%u:%u",
173 			sp->hdr.serviceId, sp->hdr.securityIndex, kvno, enctype);
174 	else if (kvno)
175 		sprintf(kdesc, "%u:%u:%u",
176 			sp->hdr.serviceId, sp->hdr.securityIndex, kvno);
177 	else
178 		sprintf(kdesc, "%u:%u",
179 			sp->hdr.serviceId, sp->hdr.securityIndex);
180 
181 	read_lock(&conn->local->services_lock);
182 
183 	rx = conn->local->service;
184 	if (!rx)
185 		goto out;
186 
187 	/* look through the service's keyring */
188 	kref = keyring_search(make_key_ref(rx->securities, 1UL),
189 			      &key_type_rxrpc_s, kdesc, true);
190 	if (IS_ERR(kref)) {
191 		key = ERR_CAST(kref);
192 		goto out;
193 	}
194 
195 	key = key_ref_to_ptr(kref);
196 
197 	ret = key_validate(key);
198 	if (ret < 0) {
199 		key_put(key);
200 		key = ERR_PTR(ret);
201 		goto out;
202 	}
203 
204 out:
205 	read_unlock(&conn->local->services_lock);
206 	return key;
207 }
208