1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* Kerberos-based RxRPC security 3 * 4 * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved. 5 * Written by David Howells (dhowells@redhat.com) 6 */ 7 8 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 9 10 #include <crypto/skcipher.h> 11 #include <linux/module.h> 12 #include <linux/net.h> 13 #include <linux/skbuff.h> 14 #include <linux/udp.h> 15 #include <linux/scatterlist.h> 16 #include <linux/ctype.h> 17 #include <linux/slab.h> 18 #include <linux/key-type.h> 19 #include <net/sock.h> 20 #include <net/af_rxrpc.h> 21 #include <keys/rxrpc-type.h> 22 #include "ar-internal.h" 23 24 #define RXKAD_VERSION 2 25 #define MAXKRB5TICKETLEN 1024 26 #define RXKAD_TKT_TYPE_KERBEROS_V5 256 27 #define ANAME_SZ 40 /* size of authentication name */ 28 #define INST_SZ 40 /* size of principal's instance */ 29 #define REALM_SZ 40 /* size of principal's auth domain */ 30 #define SNAME_SZ 40 /* size of service name */ 31 32 struct rxkad_level1_hdr { 33 __be32 data_size; /* true data size (excluding padding) */ 34 }; 35 36 struct rxkad_level2_hdr { 37 __be32 data_size; /* true data size (excluding padding) */ 38 __be32 checksum; /* decrypted data checksum */ 39 }; 40 41 static int rxkad_prime_packet_security(struct rxrpc_connection *conn, 42 struct crypto_sync_skcipher *ci); 43 44 /* 45 * this holds a pinned cipher so that keventd doesn't get called by the cipher 46 * alloc routine, but since we have it to hand, we use it to decrypt RESPONSE 47 * packets 48 */ 49 static struct crypto_sync_skcipher *rxkad_ci; 50 static struct skcipher_request *rxkad_ci_req; 51 static DEFINE_MUTEX(rxkad_ci_mutex); 52 53 /* 54 * Parse the information from a server key 55 * 56 * The data should be the 8-byte secret key. 57 */ 58 static int rxkad_preparse_server_key(struct key_preparsed_payload *prep) 59 { 60 struct crypto_skcipher *ci; 61 62 if (prep->datalen != 8) 63 return -EINVAL; 64 65 memcpy(&prep->payload.data[2], prep->data, 8); 66 67 ci = crypto_alloc_skcipher("pcbc(des)", 0, CRYPTO_ALG_ASYNC); 68 if (IS_ERR(ci)) { 69 _leave(" = %ld", PTR_ERR(ci)); 70 return PTR_ERR(ci); 71 } 72 73 if (crypto_skcipher_setkey(ci, prep->data, 8) < 0) 74 BUG(); 75 76 prep->payload.data[0] = ci; 77 _leave(" = 0"); 78 return 0; 79 } 80 81 static void rxkad_free_preparse_server_key(struct key_preparsed_payload *prep) 82 { 83 84 if (prep->payload.data[0]) 85 crypto_free_skcipher(prep->payload.data[0]); 86 } 87 88 static void rxkad_destroy_server_key(struct key *key) 89 { 90 if (key->payload.data[0]) { 91 crypto_free_skcipher(key->payload.data[0]); 92 key->payload.data[0] = NULL; 93 } 94 } 95 96 /* 97 * initialise connection security 98 */ 99 static int rxkad_init_connection_security(struct rxrpc_connection *conn, 100 struct rxrpc_key_token *token) 101 { 102 struct crypto_sync_skcipher *ci; 103 int ret; 104 105 _enter("{%d},{%x}", conn->debug_id, key_serial(conn->params.key)); 106 107 conn->security_ix = token->security_index; 108 109 ci = crypto_alloc_sync_skcipher("pcbc(fcrypt)", 0, 0); 110 if (IS_ERR(ci)) { 111 _debug("no cipher"); 112 ret = PTR_ERR(ci); 113 goto error; 114 } 115 116 if (crypto_sync_skcipher_setkey(ci, token->kad->session_key, 117 sizeof(token->kad->session_key)) < 0) 118 BUG(); 119 120 switch (conn->params.security_level) { 121 case RXRPC_SECURITY_PLAIN: 122 break; 123 case RXRPC_SECURITY_AUTH: 124 conn->size_align = 8; 125 conn->security_size = sizeof(struct rxkad_level1_hdr); 126 break; 127 case RXRPC_SECURITY_ENCRYPT: 128 conn->size_align = 8; 129 conn->security_size = sizeof(struct rxkad_level2_hdr); 130 break; 131 default: 132 ret = -EKEYREJECTED; 133 goto error; 134 } 135 136 ret = rxkad_prime_packet_security(conn, ci); 137 if (ret < 0) 138 goto error_ci; 139 140 conn->rxkad.cipher = ci; 141 return 0; 142 143 error_ci: 144 crypto_free_sync_skcipher(ci); 145 error: 146 _leave(" = %d", ret); 147 return ret; 148 } 149 150 /* 151 * prime the encryption state with the invariant parts of a connection's 152 * description 153 */ 154 static int rxkad_prime_packet_security(struct rxrpc_connection *conn, 155 struct crypto_sync_skcipher *ci) 156 { 157 struct skcipher_request *req; 158 struct rxrpc_key_token *token; 159 struct scatterlist sg; 160 struct rxrpc_crypt iv; 161 __be32 *tmpbuf; 162 size_t tmpsize = 4 * sizeof(__be32); 163 164 _enter(""); 165 166 if (!conn->params.key) 167 return 0; 168 169 tmpbuf = kmalloc(tmpsize, GFP_KERNEL); 170 if (!tmpbuf) 171 return -ENOMEM; 172 173 req = skcipher_request_alloc(&ci->base, GFP_NOFS); 174 if (!req) { 175 kfree(tmpbuf); 176 return -ENOMEM; 177 } 178 179 token = conn->params.key->payload.data[0]; 180 memcpy(&iv, token->kad->session_key, sizeof(iv)); 181 182 tmpbuf[0] = htonl(conn->proto.epoch); 183 tmpbuf[1] = htonl(conn->proto.cid); 184 tmpbuf[2] = 0; 185 tmpbuf[3] = htonl(conn->security_ix); 186 187 sg_init_one(&sg, tmpbuf, tmpsize); 188 skcipher_request_set_sync_tfm(req, ci); 189 skcipher_request_set_callback(req, 0, NULL, NULL); 190 skcipher_request_set_crypt(req, &sg, &sg, tmpsize, iv.x); 191 crypto_skcipher_encrypt(req); 192 skcipher_request_free(req); 193 194 memcpy(&conn->rxkad.csum_iv, tmpbuf + 2, sizeof(conn->rxkad.csum_iv)); 195 kfree(tmpbuf); 196 _leave(" = 0"); 197 return 0; 198 } 199 200 /* 201 * Allocate and prepare the crypto request on a call. For any particular call, 202 * this is called serially for the packets, so no lock should be necessary. 203 */ 204 static struct skcipher_request *rxkad_get_call_crypto(struct rxrpc_call *call) 205 { 206 struct crypto_skcipher *tfm = &call->conn->rxkad.cipher->base; 207 struct skcipher_request *cipher_req = call->cipher_req; 208 209 if (!cipher_req) { 210 cipher_req = skcipher_request_alloc(tfm, GFP_NOFS); 211 if (!cipher_req) 212 return NULL; 213 call->cipher_req = cipher_req; 214 } 215 216 return cipher_req; 217 } 218 219 /* 220 * Clean up the crypto on a call. 221 */ 222 static void rxkad_free_call_crypto(struct rxrpc_call *call) 223 { 224 if (call->cipher_req) 225 skcipher_request_free(call->cipher_req); 226 call->cipher_req = NULL; 227 } 228 229 /* 230 * partially encrypt a packet (level 1 security) 231 */ 232 static int rxkad_secure_packet_auth(const struct rxrpc_call *call, 233 struct sk_buff *skb, u32 data_size, 234 struct skcipher_request *req) 235 { 236 struct rxrpc_skb_priv *sp = rxrpc_skb(skb); 237 struct rxkad_level1_hdr hdr; 238 struct rxrpc_crypt iv; 239 struct scatterlist sg; 240 u16 check; 241 242 _enter(""); 243 244 check = sp->hdr.seq ^ call->call_id; 245 data_size |= (u32)check << 16; 246 247 hdr.data_size = htonl(data_size); 248 memcpy(skb->head, &hdr, sizeof(hdr)); 249 250 /* start the encryption afresh */ 251 memset(&iv, 0, sizeof(iv)); 252 253 sg_init_one(&sg, skb->head, 8); 254 skcipher_request_set_sync_tfm(req, call->conn->rxkad.cipher); 255 skcipher_request_set_callback(req, 0, NULL, NULL); 256 skcipher_request_set_crypt(req, &sg, &sg, 8, iv.x); 257 crypto_skcipher_encrypt(req); 258 skcipher_request_zero(req); 259 260 _leave(" = 0"); 261 return 0; 262 } 263 264 /* 265 * wholly encrypt a packet (level 2 security) 266 */ 267 static int rxkad_secure_packet_encrypt(const struct rxrpc_call *call, 268 struct sk_buff *skb, 269 u32 data_size, 270 struct skcipher_request *req) 271 { 272 const struct rxrpc_key_token *token; 273 struct rxkad_level2_hdr rxkhdr; 274 struct rxrpc_skb_priv *sp; 275 struct rxrpc_crypt iv; 276 struct scatterlist sg[16]; 277 unsigned int len; 278 u16 check; 279 int err; 280 281 sp = rxrpc_skb(skb); 282 283 _enter(""); 284 285 check = sp->hdr.seq ^ call->call_id; 286 287 rxkhdr.data_size = htonl(data_size | (u32)check << 16); 288 rxkhdr.checksum = 0; 289 memcpy(skb->head, &rxkhdr, sizeof(rxkhdr)); 290 291 /* encrypt from the session key */ 292 token = call->conn->params.key->payload.data[0]; 293 memcpy(&iv, token->kad->session_key, sizeof(iv)); 294 295 sg_init_one(&sg[0], skb->head, sizeof(rxkhdr)); 296 skcipher_request_set_sync_tfm(req, call->conn->rxkad.cipher); 297 skcipher_request_set_callback(req, 0, NULL, NULL); 298 skcipher_request_set_crypt(req, &sg[0], &sg[0], sizeof(rxkhdr), iv.x); 299 crypto_skcipher_encrypt(req); 300 301 /* we want to encrypt the skbuff in-place */ 302 err = -EMSGSIZE; 303 if (skb_shinfo(skb)->nr_frags > 16) 304 goto out; 305 306 len = data_size + call->conn->size_align - 1; 307 len &= ~(call->conn->size_align - 1); 308 309 sg_init_table(sg, ARRAY_SIZE(sg)); 310 err = skb_to_sgvec(skb, sg, 8, len); 311 if (unlikely(err < 0)) 312 goto out; 313 skcipher_request_set_crypt(req, sg, sg, len, iv.x); 314 crypto_skcipher_encrypt(req); 315 316 _leave(" = 0"); 317 err = 0; 318 319 out: 320 skcipher_request_zero(req); 321 return err; 322 } 323 324 /* 325 * checksum an RxRPC packet header 326 */ 327 static int rxkad_secure_packet(struct rxrpc_call *call, 328 struct sk_buff *skb, 329 size_t data_size) 330 { 331 struct rxrpc_skb_priv *sp; 332 struct skcipher_request *req; 333 struct rxrpc_crypt iv; 334 struct scatterlist sg; 335 u32 x, y; 336 int ret; 337 338 sp = rxrpc_skb(skb); 339 340 _enter("{%d{%x}},{#%u},%zu,", 341 call->debug_id, key_serial(call->conn->params.key), 342 sp->hdr.seq, data_size); 343 344 if (!call->conn->rxkad.cipher) 345 return 0; 346 347 ret = key_validate(call->conn->params.key); 348 if (ret < 0) 349 return ret; 350 351 req = rxkad_get_call_crypto(call); 352 if (!req) 353 return -ENOMEM; 354 355 /* continue encrypting from where we left off */ 356 memcpy(&iv, call->conn->rxkad.csum_iv.x, sizeof(iv)); 357 358 /* calculate the security checksum */ 359 x = (call->cid & RXRPC_CHANNELMASK) << (32 - RXRPC_CIDSHIFT); 360 x |= sp->hdr.seq & 0x3fffffff; 361 call->crypto_buf[0] = htonl(call->call_id); 362 call->crypto_buf[1] = htonl(x); 363 364 sg_init_one(&sg, call->crypto_buf, 8); 365 skcipher_request_set_sync_tfm(req, call->conn->rxkad.cipher); 366 skcipher_request_set_callback(req, 0, NULL, NULL); 367 skcipher_request_set_crypt(req, &sg, &sg, 8, iv.x); 368 crypto_skcipher_encrypt(req); 369 skcipher_request_zero(req); 370 371 y = ntohl(call->crypto_buf[1]); 372 y = (y >> 16) & 0xffff; 373 if (y == 0) 374 y = 1; /* zero checksums are not permitted */ 375 sp->hdr.cksum = y; 376 377 switch (call->conn->params.security_level) { 378 case RXRPC_SECURITY_PLAIN: 379 ret = 0; 380 break; 381 case RXRPC_SECURITY_AUTH: 382 ret = rxkad_secure_packet_auth(call, skb, data_size, req); 383 break; 384 case RXRPC_SECURITY_ENCRYPT: 385 ret = rxkad_secure_packet_encrypt(call, skb, data_size, req); 386 break; 387 default: 388 ret = -EPERM; 389 break; 390 } 391 392 _leave(" = %d [set %hx]", ret, y); 393 return ret; 394 } 395 396 /* 397 * decrypt partial encryption on a packet (level 1 security) 398 */ 399 static int rxkad_verify_packet_1(struct rxrpc_call *call, struct sk_buff *skb, 400 unsigned int offset, unsigned int len, 401 rxrpc_seq_t seq, 402 struct skcipher_request *req) 403 { 404 struct rxkad_level1_hdr sechdr; 405 struct rxrpc_crypt iv; 406 struct scatterlist sg[16]; 407 bool aborted; 408 u32 data_size, buf; 409 u16 check; 410 int ret; 411 412 _enter(""); 413 414 if (len < 8) { 415 aborted = rxrpc_abort_eproto(call, skb, "rxkad_1_hdr", "V1H", 416 RXKADSEALEDINCON); 417 goto protocol_error; 418 } 419 420 /* Decrypt the skbuff in-place. TODO: We really want to decrypt 421 * directly into the target buffer. 422 */ 423 sg_init_table(sg, ARRAY_SIZE(sg)); 424 ret = skb_to_sgvec(skb, sg, offset, 8); 425 if (unlikely(ret < 0)) 426 return ret; 427 428 /* start the decryption afresh */ 429 memset(&iv, 0, sizeof(iv)); 430 431 skcipher_request_set_sync_tfm(req, call->conn->rxkad.cipher); 432 skcipher_request_set_callback(req, 0, NULL, NULL); 433 skcipher_request_set_crypt(req, sg, sg, 8, iv.x); 434 crypto_skcipher_decrypt(req); 435 skcipher_request_zero(req); 436 437 /* Extract the decrypted packet length */ 438 if (skb_copy_bits(skb, offset, &sechdr, sizeof(sechdr)) < 0) { 439 aborted = rxrpc_abort_eproto(call, skb, "rxkad_1_len", "XV1", 440 RXKADDATALEN); 441 goto protocol_error; 442 } 443 offset += sizeof(sechdr); 444 len -= sizeof(sechdr); 445 446 buf = ntohl(sechdr.data_size); 447 data_size = buf & 0xffff; 448 449 check = buf >> 16; 450 check ^= seq ^ call->call_id; 451 check &= 0xffff; 452 if (check != 0) { 453 aborted = rxrpc_abort_eproto(call, skb, "rxkad_1_check", "V1C", 454 RXKADSEALEDINCON); 455 goto protocol_error; 456 } 457 458 if (data_size > len) { 459 aborted = rxrpc_abort_eproto(call, skb, "rxkad_1_datalen", "V1L", 460 RXKADDATALEN); 461 goto protocol_error; 462 } 463 464 _leave(" = 0 [dlen=%x]", data_size); 465 return 0; 466 467 protocol_error: 468 if (aborted) 469 rxrpc_send_abort_packet(call); 470 return -EPROTO; 471 } 472 473 /* 474 * wholly decrypt a packet (level 2 security) 475 */ 476 static int rxkad_verify_packet_2(struct rxrpc_call *call, struct sk_buff *skb, 477 unsigned int offset, unsigned int len, 478 rxrpc_seq_t seq, 479 struct skcipher_request *req) 480 { 481 const struct rxrpc_key_token *token; 482 struct rxkad_level2_hdr sechdr; 483 struct rxrpc_crypt iv; 484 struct scatterlist _sg[4], *sg; 485 bool aborted; 486 u32 data_size, buf; 487 u16 check; 488 int nsg, ret; 489 490 _enter(",{%d}", skb->len); 491 492 if (len < 8) { 493 aborted = rxrpc_abort_eproto(call, skb, "rxkad_2_hdr", "V2H", 494 RXKADSEALEDINCON); 495 goto protocol_error; 496 } 497 498 /* Decrypt the skbuff in-place. TODO: We really want to decrypt 499 * directly into the target buffer. 500 */ 501 sg = _sg; 502 nsg = skb_shinfo(skb)->nr_frags; 503 if (nsg <= 4) { 504 nsg = 4; 505 } else { 506 sg = kmalloc_array(nsg, sizeof(*sg), GFP_NOIO); 507 if (!sg) 508 goto nomem; 509 } 510 511 sg_init_table(sg, nsg); 512 ret = skb_to_sgvec(skb, sg, offset, len); 513 if (unlikely(ret < 0)) { 514 if (sg != _sg) 515 kfree(sg); 516 return ret; 517 } 518 519 /* decrypt from the session key */ 520 token = call->conn->params.key->payload.data[0]; 521 memcpy(&iv, token->kad->session_key, sizeof(iv)); 522 523 skcipher_request_set_sync_tfm(req, call->conn->rxkad.cipher); 524 skcipher_request_set_callback(req, 0, NULL, NULL); 525 skcipher_request_set_crypt(req, sg, sg, len, iv.x); 526 crypto_skcipher_decrypt(req); 527 skcipher_request_zero(req); 528 if (sg != _sg) 529 kfree(sg); 530 531 /* Extract the decrypted packet length */ 532 if (skb_copy_bits(skb, offset, &sechdr, sizeof(sechdr)) < 0) { 533 aborted = rxrpc_abort_eproto(call, skb, "rxkad_2_len", "XV2", 534 RXKADDATALEN); 535 goto protocol_error; 536 } 537 offset += sizeof(sechdr); 538 len -= sizeof(sechdr); 539 540 buf = ntohl(sechdr.data_size); 541 data_size = buf & 0xffff; 542 543 check = buf >> 16; 544 check ^= seq ^ call->call_id; 545 check &= 0xffff; 546 if (check != 0) { 547 aborted = rxrpc_abort_eproto(call, skb, "rxkad_2_check", "V2C", 548 RXKADSEALEDINCON); 549 goto protocol_error; 550 } 551 552 if (data_size > len) { 553 aborted = rxrpc_abort_eproto(call, skb, "rxkad_2_datalen", "V2L", 554 RXKADDATALEN); 555 goto protocol_error; 556 } 557 558 _leave(" = 0 [dlen=%x]", data_size); 559 return 0; 560 561 protocol_error: 562 if (aborted) 563 rxrpc_send_abort_packet(call); 564 return -EPROTO; 565 566 nomem: 567 _leave(" = -ENOMEM"); 568 return -ENOMEM; 569 } 570 571 /* 572 * Verify the security on a received packet or subpacket (if part of a 573 * jumbo packet). 574 */ 575 static int rxkad_verify_packet(struct rxrpc_call *call, struct sk_buff *skb, 576 unsigned int offset, unsigned int len, 577 rxrpc_seq_t seq, u16 expected_cksum) 578 { 579 struct skcipher_request *req; 580 struct rxrpc_crypt iv; 581 struct scatterlist sg; 582 bool aborted; 583 u16 cksum; 584 u32 x, y; 585 586 _enter("{%d{%x}},{#%u}", 587 call->debug_id, key_serial(call->conn->params.key), seq); 588 589 if (!call->conn->rxkad.cipher) 590 return 0; 591 592 req = rxkad_get_call_crypto(call); 593 if (!req) 594 return -ENOMEM; 595 596 /* continue encrypting from where we left off */ 597 memcpy(&iv, call->conn->rxkad.csum_iv.x, sizeof(iv)); 598 599 /* validate the security checksum */ 600 x = (call->cid & RXRPC_CHANNELMASK) << (32 - RXRPC_CIDSHIFT); 601 x |= seq & 0x3fffffff; 602 call->crypto_buf[0] = htonl(call->call_id); 603 call->crypto_buf[1] = htonl(x); 604 605 sg_init_one(&sg, call->crypto_buf, 8); 606 skcipher_request_set_sync_tfm(req, call->conn->rxkad.cipher); 607 skcipher_request_set_callback(req, 0, NULL, NULL); 608 skcipher_request_set_crypt(req, &sg, &sg, 8, iv.x); 609 crypto_skcipher_encrypt(req); 610 skcipher_request_zero(req); 611 612 y = ntohl(call->crypto_buf[1]); 613 cksum = (y >> 16) & 0xffff; 614 if (cksum == 0) 615 cksum = 1; /* zero checksums are not permitted */ 616 617 if (cksum != expected_cksum) { 618 aborted = rxrpc_abort_eproto(call, skb, "rxkad_csum", "VCK", 619 RXKADSEALEDINCON); 620 goto protocol_error; 621 } 622 623 switch (call->conn->params.security_level) { 624 case RXRPC_SECURITY_PLAIN: 625 return 0; 626 case RXRPC_SECURITY_AUTH: 627 return rxkad_verify_packet_1(call, skb, offset, len, seq, req); 628 case RXRPC_SECURITY_ENCRYPT: 629 return rxkad_verify_packet_2(call, skb, offset, len, seq, req); 630 default: 631 return -ENOANO; 632 } 633 634 protocol_error: 635 if (aborted) 636 rxrpc_send_abort_packet(call); 637 return -EPROTO; 638 } 639 640 /* 641 * Locate the data contained in a packet that was partially encrypted. 642 */ 643 static void rxkad_locate_data_1(struct rxrpc_call *call, struct sk_buff *skb, 644 unsigned int *_offset, unsigned int *_len) 645 { 646 struct rxkad_level1_hdr sechdr; 647 648 if (skb_copy_bits(skb, *_offset, &sechdr, sizeof(sechdr)) < 0) 649 BUG(); 650 *_offset += sizeof(sechdr); 651 *_len = ntohl(sechdr.data_size) & 0xffff; 652 } 653 654 /* 655 * Locate the data contained in a packet that was completely encrypted. 656 */ 657 static void rxkad_locate_data_2(struct rxrpc_call *call, struct sk_buff *skb, 658 unsigned int *_offset, unsigned int *_len) 659 { 660 struct rxkad_level2_hdr sechdr; 661 662 if (skb_copy_bits(skb, *_offset, &sechdr, sizeof(sechdr)) < 0) 663 BUG(); 664 *_offset += sizeof(sechdr); 665 *_len = ntohl(sechdr.data_size) & 0xffff; 666 } 667 668 /* 669 * Locate the data contained in an already decrypted packet. 670 */ 671 static void rxkad_locate_data(struct rxrpc_call *call, struct sk_buff *skb, 672 unsigned int *_offset, unsigned int *_len) 673 { 674 switch (call->conn->params.security_level) { 675 case RXRPC_SECURITY_AUTH: 676 rxkad_locate_data_1(call, skb, _offset, _len); 677 return; 678 case RXRPC_SECURITY_ENCRYPT: 679 rxkad_locate_data_2(call, skb, _offset, _len); 680 return; 681 default: 682 return; 683 } 684 } 685 686 /* 687 * issue a challenge 688 */ 689 static int rxkad_issue_challenge(struct rxrpc_connection *conn) 690 { 691 struct rxkad_challenge challenge; 692 struct rxrpc_wire_header whdr; 693 struct msghdr msg; 694 struct kvec iov[2]; 695 size_t len; 696 u32 serial; 697 int ret; 698 699 _enter("{%d}", conn->debug_id); 700 701 get_random_bytes(&conn->rxkad.nonce, sizeof(conn->rxkad.nonce)); 702 703 challenge.version = htonl(2); 704 challenge.nonce = htonl(conn->rxkad.nonce); 705 challenge.min_level = htonl(0); 706 challenge.__padding = 0; 707 708 msg.msg_name = &conn->params.peer->srx.transport; 709 msg.msg_namelen = conn->params.peer->srx.transport_len; 710 msg.msg_control = NULL; 711 msg.msg_controllen = 0; 712 msg.msg_flags = 0; 713 714 whdr.epoch = htonl(conn->proto.epoch); 715 whdr.cid = htonl(conn->proto.cid); 716 whdr.callNumber = 0; 717 whdr.seq = 0; 718 whdr.type = RXRPC_PACKET_TYPE_CHALLENGE; 719 whdr.flags = conn->out_clientflag; 720 whdr.userStatus = 0; 721 whdr.securityIndex = conn->security_ix; 722 whdr._rsvd = 0; 723 whdr.serviceId = htons(conn->service_id); 724 725 iov[0].iov_base = &whdr; 726 iov[0].iov_len = sizeof(whdr); 727 iov[1].iov_base = &challenge; 728 iov[1].iov_len = sizeof(challenge); 729 730 len = iov[0].iov_len + iov[1].iov_len; 731 732 serial = atomic_inc_return(&conn->serial); 733 whdr.serial = htonl(serial); 734 _proto("Tx CHALLENGE %%%u", serial); 735 736 ret = kernel_sendmsg(conn->params.local->socket, &msg, iov, 2, len); 737 if (ret < 0) { 738 trace_rxrpc_tx_fail(conn->debug_id, serial, ret, 739 rxrpc_tx_point_rxkad_challenge); 740 return -EAGAIN; 741 } 742 743 conn->params.peer->last_tx_at = ktime_get_seconds(); 744 trace_rxrpc_tx_packet(conn->debug_id, &whdr, 745 rxrpc_tx_point_rxkad_challenge); 746 _leave(" = 0"); 747 return 0; 748 } 749 750 /* 751 * send a Kerberos security response 752 */ 753 static int rxkad_send_response(struct rxrpc_connection *conn, 754 struct rxrpc_host_header *hdr, 755 struct rxkad_response *resp, 756 const struct rxkad_key *s2) 757 { 758 struct rxrpc_wire_header whdr; 759 struct msghdr msg; 760 struct kvec iov[3]; 761 size_t len; 762 u32 serial; 763 int ret; 764 765 _enter(""); 766 767 msg.msg_name = &conn->params.peer->srx.transport; 768 msg.msg_namelen = conn->params.peer->srx.transport_len; 769 msg.msg_control = NULL; 770 msg.msg_controllen = 0; 771 msg.msg_flags = 0; 772 773 memset(&whdr, 0, sizeof(whdr)); 774 whdr.epoch = htonl(hdr->epoch); 775 whdr.cid = htonl(hdr->cid); 776 whdr.type = RXRPC_PACKET_TYPE_RESPONSE; 777 whdr.flags = conn->out_clientflag; 778 whdr.securityIndex = hdr->securityIndex; 779 whdr.serviceId = htons(hdr->serviceId); 780 781 iov[0].iov_base = &whdr; 782 iov[0].iov_len = sizeof(whdr); 783 iov[1].iov_base = resp; 784 iov[1].iov_len = sizeof(*resp); 785 iov[2].iov_base = (void *)s2->ticket; 786 iov[2].iov_len = s2->ticket_len; 787 788 len = iov[0].iov_len + iov[1].iov_len + iov[2].iov_len; 789 790 serial = atomic_inc_return(&conn->serial); 791 whdr.serial = htonl(serial); 792 _proto("Tx RESPONSE %%%u", serial); 793 794 ret = kernel_sendmsg(conn->params.local->socket, &msg, iov, 3, len); 795 if (ret < 0) { 796 trace_rxrpc_tx_fail(conn->debug_id, serial, ret, 797 rxrpc_tx_point_rxkad_response); 798 return -EAGAIN; 799 } 800 801 conn->params.peer->last_tx_at = ktime_get_seconds(); 802 _leave(" = 0"); 803 return 0; 804 } 805 806 /* 807 * calculate the response checksum 808 */ 809 static void rxkad_calc_response_checksum(struct rxkad_response *response) 810 { 811 u32 csum = 1000003; 812 int loop; 813 u8 *p = (u8 *) response; 814 815 for (loop = sizeof(*response); loop > 0; loop--) 816 csum = csum * 0x10204081 + *p++; 817 818 response->encrypted.checksum = htonl(csum); 819 } 820 821 /* 822 * encrypt the response packet 823 */ 824 static int rxkad_encrypt_response(struct rxrpc_connection *conn, 825 struct rxkad_response *resp, 826 const struct rxkad_key *s2) 827 { 828 struct skcipher_request *req; 829 struct rxrpc_crypt iv; 830 struct scatterlist sg[1]; 831 832 req = skcipher_request_alloc(&conn->rxkad.cipher->base, GFP_NOFS); 833 if (!req) 834 return -ENOMEM; 835 836 /* continue encrypting from where we left off */ 837 memcpy(&iv, s2->session_key, sizeof(iv)); 838 839 sg_init_table(sg, 1); 840 sg_set_buf(sg, &resp->encrypted, sizeof(resp->encrypted)); 841 skcipher_request_set_sync_tfm(req, conn->rxkad.cipher); 842 skcipher_request_set_callback(req, 0, NULL, NULL); 843 skcipher_request_set_crypt(req, sg, sg, sizeof(resp->encrypted), iv.x); 844 crypto_skcipher_encrypt(req); 845 skcipher_request_free(req); 846 return 0; 847 } 848 849 /* 850 * respond to a challenge packet 851 */ 852 static int rxkad_respond_to_challenge(struct rxrpc_connection *conn, 853 struct sk_buff *skb, 854 u32 *_abort_code) 855 { 856 const struct rxrpc_key_token *token; 857 struct rxkad_challenge challenge; 858 struct rxkad_response *resp; 859 struct rxrpc_skb_priv *sp = rxrpc_skb(skb); 860 const char *eproto; 861 u32 version, nonce, min_level, abort_code; 862 int ret; 863 864 _enter("{%d,%x}", conn->debug_id, key_serial(conn->params.key)); 865 866 eproto = tracepoint_string("chall_no_key"); 867 abort_code = RX_PROTOCOL_ERROR; 868 if (!conn->params.key) 869 goto protocol_error; 870 871 abort_code = RXKADEXPIRED; 872 ret = key_validate(conn->params.key); 873 if (ret < 0) 874 goto other_error; 875 876 eproto = tracepoint_string("chall_short"); 877 abort_code = RXKADPACKETSHORT; 878 if (skb_copy_bits(skb, sizeof(struct rxrpc_wire_header), 879 &challenge, sizeof(challenge)) < 0) 880 goto protocol_error; 881 882 version = ntohl(challenge.version); 883 nonce = ntohl(challenge.nonce); 884 min_level = ntohl(challenge.min_level); 885 886 _proto("Rx CHALLENGE %%%u { v=%u n=%u ml=%u }", 887 sp->hdr.serial, version, nonce, min_level); 888 889 eproto = tracepoint_string("chall_ver"); 890 abort_code = RXKADINCONSISTENCY; 891 if (version != RXKAD_VERSION) 892 goto protocol_error; 893 894 abort_code = RXKADLEVELFAIL; 895 ret = -EACCES; 896 if (conn->params.security_level < min_level) 897 goto other_error; 898 899 token = conn->params.key->payload.data[0]; 900 901 /* build the response packet */ 902 resp = kzalloc(sizeof(struct rxkad_response), GFP_NOFS); 903 if (!resp) 904 return -ENOMEM; 905 906 resp->version = htonl(RXKAD_VERSION); 907 resp->encrypted.epoch = htonl(conn->proto.epoch); 908 resp->encrypted.cid = htonl(conn->proto.cid); 909 resp->encrypted.securityIndex = htonl(conn->security_ix); 910 resp->encrypted.inc_nonce = htonl(nonce + 1); 911 resp->encrypted.level = htonl(conn->params.security_level); 912 resp->kvno = htonl(token->kad->kvno); 913 resp->ticket_len = htonl(token->kad->ticket_len); 914 resp->encrypted.call_id[0] = htonl(conn->channels[0].call_counter); 915 resp->encrypted.call_id[1] = htonl(conn->channels[1].call_counter); 916 resp->encrypted.call_id[2] = htonl(conn->channels[2].call_counter); 917 resp->encrypted.call_id[3] = htonl(conn->channels[3].call_counter); 918 919 /* calculate the response checksum and then do the encryption */ 920 rxkad_calc_response_checksum(resp); 921 ret = rxkad_encrypt_response(conn, resp, token->kad); 922 if (ret == 0) 923 ret = rxkad_send_response(conn, &sp->hdr, resp, token->kad); 924 kfree(resp); 925 return ret; 926 927 protocol_error: 928 trace_rxrpc_rx_eproto(NULL, sp->hdr.serial, eproto); 929 ret = -EPROTO; 930 other_error: 931 *_abort_code = abort_code; 932 return ret; 933 } 934 935 /* 936 * decrypt the kerberos IV ticket in the response 937 */ 938 static int rxkad_decrypt_ticket(struct rxrpc_connection *conn, 939 struct key *server_key, 940 struct sk_buff *skb, 941 void *ticket, size_t ticket_len, 942 struct rxrpc_crypt *_session_key, 943 time64_t *_expiry, 944 u32 *_abort_code) 945 { 946 struct skcipher_request *req; 947 struct rxrpc_skb_priv *sp = rxrpc_skb(skb); 948 struct rxrpc_crypt iv, key; 949 struct scatterlist sg[1]; 950 struct in_addr addr; 951 unsigned int life; 952 const char *eproto; 953 time64_t issue, now; 954 bool little_endian; 955 int ret; 956 u32 abort_code; 957 u8 *p, *q, *name, *end; 958 959 _enter("{%d},{%x}", conn->debug_id, key_serial(server_key)); 960 961 *_expiry = 0; 962 963 ASSERT(server_key->payload.data[0] != NULL); 964 ASSERTCMP((unsigned long) ticket & 7UL, ==, 0); 965 966 memcpy(&iv, &server_key->payload.data[2], sizeof(iv)); 967 968 ret = -ENOMEM; 969 req = skcipher_request_alloc(server_key->payload.data[0], GFP_NOFS); 970 if (!req) 971 goto temporary_error; 972 973 sg_init_one(&sg[0], ticket, ticket_len); 974 skcipher_request_set_callback(req, 0, NULL, NULL); 975 skcipher_request_set_crypt(req, sg, sg, ticket_len, iv.x); 976 crypto_skcipher_decrypt(req); 977 skcipher_request_free(req); 978 979 p = ticket; 980 end = p + ticket_len; 981 982 #define Z(field) \ 983 ({ \ 984 u8 *__str = p; \ 985 eproto = tracepoint_string("rxkad_bad_"#field); \ 986 q = memchr(p, 0, end - p); \ 987 if (!q || q - p > (field##_SZ)) \ 988 goto bad_ticket; \ 989 for (; p < q; p++) \ 990 if (!isprint(*p)) \ 991 goto bad_ticket; \ 992 p++; \ 993 __str; \ 994 }) 995 996 /* extract the ticket flags */ 997 _debug("KIV FLAGS: %x", *p); 998 little_endian = *p & 1; 999 p++; 1000 1001 /* extract the authentication name */ 1002 name = Z(ANAME); 1003 _debug("KIV ANAME: %s", name); 1004 1005 /* extract the principal's instance */ 1006 name = Z(INST); 1007 _debug("KIV INST : %s", name); 1008 1009 /* extract the principal's authentication domain */ 1010 name = Z(REALM); 1011 _debug("KIV REALM: %s", name); 1012 1013 eproto = tracepoint_string("rxkad_bad_len"); 1014 if (end - p < 4 + 8 + 4 + 2) 1015 goto bad_ticket; 1016 1017 /* get the IPv4 address of the entity that requested the ticket */ 1018 memcpy(&addr, p, sizeof(addr)); 1019 p += 4; 1020 _debug("KIV ADDR : %pI4", &addr); 1021 1022 /* get the session key from the ticket */ 1023 memcpy(&key, p, sizeof(key)); 1024 p += 8; 1025 _debug("KIV KEY : %08x %08x", ntohl(key.n[0]), ntohl(key.n[1])); 1026 memcpy(_session_key, &key, sizeof(key)); 1027 1028 /* get the ticket's lifetime */ 1029 life = *p++ * 5 * 60; 1030 _debug("KIV LIFE : %u", life); 1031 1032 /* get the issue time of the ticket */ 1033 if (little_endian) { 1034 __le32 stamp; 1035 memcpy(&stamp, p, 4); 1036 issue = rxrpc_u32_to_time64(le32_to_cpu(stamp)); 1037 } else { 1038 __be32 stamp; 1039 memcpy(&stamp, p, 4); 1040 issue = rxrpc_u32_to_time64(be32_to_cpu(stamp)); 1041 } 1042 p += 4; 1043 now = ktime_get_real_seconds(); 1044 _debug("KIV ISSUE: %llx [%llx]", issue, now); 1045 1046 /* check the ticket is in date */ 1047 if (issue > now) { 1048 abort_code = RXKADNOAUTH; 1049 ret = -EKEYREJECTED; 1050 goto other_error; 1051 } 1052 1053 if (issue < now - life) { 1054 abort_code = RXKADEXPIRED; 1055 ret = -EKEYEXPIRED; 1056 goto other_error; 1057 } 1058 1059 *_expiry = issue + life; 1060 1061 /* get the service name */ 1062 name = Z(SNAME); 1063 _debug("KIV SNAME: %s", name); 1064 1065 /* get the service instance name */ 1066 name = Z(INST); 1067 _debug("KIV SINST: %s", name); 1068 return 0; 1069 1070 bad_ticket: 1071 trace_rxrpc_rx_eproto(NULL, sp->hdr.serial, eproto); 1072 abort_code = RXKADBADTICKET; 1073 ret = -EPROTO; 1074 other_error: 1075 *_abort_code = abort_code; 1076 return ret; 1077 temporary_error: 1078 return ret; 1079 } 1080 1081 /* 1082 * decrypt the response packet 1083 */ 1084 static void rxkad_decrypt_response(struct rxrpc_connection *conn, 1085 struct rxkad_response *resp, 1086 const struct rxrpc_crypt *session_key) 1087 { 1088 struct skcipher_request *req = rxkad_ci_req; 1089 struct scatterlist sg[1]; 1090 struct rxrpc_crypt iv; 1091 1092 _enter(",,%08x%08x", 1093 ntohl(session_key->n[0]), ntohl(session_key->n[1])); 1094 1095 mutex_lock(&rxkad_ci_mutex); 1096 if (crypto_sync_skcipher_setkey(rxkad_ci, session_key->x, 1097 sizeof(*session_key)) < 0) 1098 BUG(); 1099 1100 memcpy(&iv, session_key, sizeof(iv)); 1101 1102 sg_init_table(sg, 1); 1103 sg_set_buf(sg, &resp->encrypted, sizeof(resp->encrypted)); 1104 skcipher_request_set_sync_tfm(req, rxkad_ci); 1105 skcipher_request_set_callback(req, 0, NULL, NULL); 1106 skcipher_request_set_crypt(req, sg, sg, sizeof(resp->encrypted), iv.x); 1107 crypto_skcipher_decrypt(req); 1108 skcipher_request_zero(req); 1109 1110 mutex_unlock(&rxkad_ci_mutex); 1111 1112 _leave(""); 1113 } 1114 1115 /* 1116 * verify a response 1117 */ 1118 static int rxkad_verify_response(struct rxrpc_connection *conn, 1119 struct sk_buff *skb, 1120 u32 *_abort_code) 1121 { 1122 struct rxkad_response *response; 1123 struct rxrpc_skb_priv *sp = rxrpc_skb(skb); 1124 struct rxrpc_crypt session_key; 1125 struct key *server_key; 1126 const char *eproto; 1127 time64_t expiry; 1128 void *ticket; 1129 u32 abort_code, version, kvno, ticket_len, level; 1130 __be32 csum; 1131 int ret, i; 1132 1133 _enter("{%d}", conn->debug_id); 1134 1135 server_key = rxrpc_look_up_server_security(conn, skb, 0, 0); 1136 if (IS_ERR(server_key)) { 1137 switch (PTR_ERR(server_key)) { 1138 case -ENOKEY: 1139 abort_code = RXKADUNKNOWNKEY; 1140 break; 1141 case -EKEYEXPIRED: 1142 abort_code = RXKADEXPIRED; 1143 break; 1144 default: 1145 abort_code = RXKADNOAUTH; 1146 break; 1147 } 1148 trace_rxrpc_abort(0, "SVK", 1149 sp->hdr.cid, sp->hdr.callNumber, sp->hdr.seq, 1150 abort_code, PTR_ERR(server_key)); 1151 *_abort_code = abort_code; 1152 return -EPROTO; 1153 } 1154 1155 ret = -ENOMEM; 1156 response = kzalloc(sizeof(struct rxkad_response), GFP_NOFS); 1157 if (!response) 1158 goto temporary_error; 1159 1160 eproto = tracepoint_string("rxkad_rsp_short"); 1161 abort_code = RXKADPACKETSHORT; 1162 if (skb_copy_bits(skb, sizeof(struct rxrpc_wire_header), 1163 response, sizeof(*response)) < 0) 1164 goto protocol_error; 1165 if (!pskb_pull(skb, sizeof(*response))) 1166 BUG(); 1167 1168 version = ntohl(response->version); 1169 ticket_len = ntohl(response->ticket_len); 1170 kvno = ntohl(response->kvno); 1171 _proto("Rx RESPONSE %%%u { v=%u kv=%u tl=%u }", 1172 sp->hdr.serial, version, kvno, ticket_len); 1173 1174 eproto = tracepoint_string("rxkad_rsp_ver"); 1175 abort_code = RXKADINCONSISTENCY; 1176 if (version != RXKAD_VERSION) 1177 goto protocol_error; 1178 1179 eproto = tracepoint_string("rxkad_rsp_tktlen"); 1180 abort_code = RXKADTICKETLEN; 1181 if (ticket_len < 4 || ticket_len > MAXKRB5TICKETLEN) 1182 goto protocol_error; 1183 1184 eproto = tracepoint_string("rxkad_rsp_unkkey"); 1185 abort_code = RXKADUNKNOWNKEY; 1186 if (kvno >= RXKAD_TKT_TYPE_KERBEROS_V5) 1187 goto protocol_error; 1188 1189 /* extract the kerberos ticket and decrypt and decode it */ 1190 ret = -ENOMEM; 1191 ticket = kmalloc(ticket_len, GFP_NOFS); 1192 if (!ticket) 1193 goto temporary_error_free_resp; 1194 1195 eproto = tracepoint_string("rxkad_tkt_short"); 1196 abort_code = RXKADPACKETSHORT; 1197 if (skb_copy_bits(skb, sizeof(struct rxrpc_wire_header), 1198 ticket, ticket_len) < 0) 1199 goto protocol_error_free; 1200 1201 ret = rxkad_decrypt_ticket(conn, server_key, skb, ticket, ticket_len, 1202 &session_key, &expiry, _abort_code); 1203 if (ret < 0) 1204 goto temporary_error_free_ticket; 1205 1206 /* use the session key from inside the ticket to decrypt the 1207 * response */ 1208 rxkad_decrypt_response(conn, response, &session_key); 1209 1210 eproto = tracepoint_string("rxkad_rsp_param"); 1211 abort_code = RXKADSEALEDINCON; 1212 if (ntohl(response->encrypted.epoch) != conn->proto.epoch) 1213 goto protocol_error_free; 1214 if (ntohl(response->encrypted.cid) != conn->proto.cid) 1215 goto protocol_error_free; 1216 if (ntohl(response->encrypted.securityIndex) != conn->security_ix) 1217 goto protocol_error_free; 1218 csum = response->encrypted.checksum; 1219 response->encrypted.checksum = 0; 1220 rxkad_calc_response_checksum(response); 1221 eproto = tracepoint_string("rxkad_rsp_csum"); 1222 if (response->encrypted.checksum != csum) 1223 goto protocol_error_free; 1224 1225 spin_lock(&conn->bundle->channel_lock); 1226 for (i = 0; i < RXRPC_MAXCALLS; i++) { 1227 struct rxrpc_call *call; 1228 u32 call_id = ntohl(response->encrypted.call_id[i]); 1229 1230 eproto = tracepoint_string("rxkad_rsp_callid"); 1231 if (call_id > INT_MAX) 1232 goto protocol_error_unlock; 1233 1234 eproto = tracepoint_string("rxkad_rsp_callctr"); 1235 if (call_id < conn->channels[i].call_counter) 1236 goto protocol_error_unlock; 1237 1238 eproto = tracepoint_string("rxkad_rsp_callst"); 1239 if (call_id > conn->channels[i].call_counter) { 1240 call = rcu_dereference_protected( 1241 conn->channels[i].call, 1242 lockdep_is_held(&conn->bundle->channel_lock)); 1243 if (call && call->state < RXRPC_CALL_COMPLETE) 1244 goto protocol_error_unlock; 1245 conn->channels[i].call_counter = call_id; 1246 } 1247 } 1248 spin_unlock(&conn->bundle->channel_lock); 1249 1250 eproto = tracepoint_string("rxkad_rsp_seq"); 1251 abort_code = RXKADOUTOFSEQUENCE; 1252 if (ntohl(response->encrypted.inc_nonce) != conn->rxkad.nonce + 1) 1253 goto protocol_error_free; 1254 1255 eproto = tracepoint_string("rxkad_rsp_level"); 1256 abort_code = RXKADLEVELFAIL; 1257 level = ntohl(response->encrypted.level); 1258 if (level > RXRPC_SECURITY_ENCRYPT) 1259 goto protocol_error_free; 1260 conn->params.security_level = level; 1261 1262 /* create a key to hold the security data and expiration time - after 1263 * this the connection security can be handled in exactly the same way 1264 * as for a client connection */ 1265 ret = rxrpc_get_server_data_key(conn, &session_key, expiry, kvno); 1266 if (ret < 0) 1267 goto temporary_error_free_ticket; 1268 1269 kfree(ticket); 1270 kfree(response); 1271 _leave(" = 0"); 1272 return 0; 1273 1274 protocol_error_unlock: 1275 spin_unlock(&conn->bundle->channel_lock); 1276 protocol_error_free: 1277 kfree(ticket); 1278 protocol_error: 1279 kfree(response); 1280 trace_rxrpc_rx_eproto(NULL, sp->hdr.serial, eproto); 1281 key_put(server_key); 1282 *_abort_code = abort_code; 1283 return -EPROTO; 1284 1285 temporary_error_free_ticket: 1286 kfree(ticket); 1287 temporary_error_free_resp: 1288 kfree(response); 1289 temporary_error: 1290 /* Ignore the response packet if we got a temporary error such as 1291 * ENOMEM. We just want to send the challenge again. Note that we 1292 * also come out this way if the ticket decryption fails. 1293 */ 1294 key_put(server_key); 1295 return ret; 1296 } 1297 1298 /* 1299 * clear the connection security 1300 */ 1301 static void rxkad_clear(struct rxrpc_connection *conn) 1302 { 1303 _enter(""); 1304 1305 if (conn->rxkad.cipher) 1306 crypto_free_sync_skcipher(conn->rxkad.cipher); 1307 } 1308 1309 /* 1310 * Initialise the rxkad security service. 1311 */ 1312 static int rxkad_init(void) 1313 { 1314 struct crypto_sync_skcipher *tfm; 1315 struct skcipher_request *req; 1316 1317 /* pin the cipher we need so that the crypto layer doesn't invoke 1318 * keventd to go get it */ 1319 tfm = crypto_alloc_sync_skcipher("pcbc(fcrypt)", 0, 0); 1320 if (IS_ERR(tfm)) 1321 return PTR_ERR(tfm); 1322 1323 req = skcipher_request_alloc(&tfm->base, GFP_KERNEL); 1324 if (!req) 1325 goto nomem_tfm; 1326 1327 rxkad_ci_req = req; 1328 rxkad_ci = tfm; 1329 return 0; 1330 1331 nomem_tfm: 1332 crypto_free_sync_skcipher(tfm); 1333 return -ENOMEM; 1334 } 1335 1336 /* 1337 * Clean up the rxkad security service. 1338 */ 1339 static void rxkad_exit(void) 1340 { 1341 crypto_free_sync_skcipher(rxkad_ci); 1342 skcipher_request_free(rxkad_ci_req); 1343 } 1344 1345 /* 1346 * RxRPC Kerberos-based security 1347 */ 1348 const struct rxrpc_security rxkad = { 1349 .name = "rxkad", 1350 .security_index = RXRPC_SECURITY_RXKAD, 1351 .no_key_abort = RXKADUNKNOWNKEY, 1352 .init = rxkad_init, 1353 .exit = rxkad_exit, 1354 .preparse_server_key = rxkad_preparse_server_key, 1355 .free_preparse_server_key = rxkad_free_preparse_server_key, 1356 .destroy_server_key = rxkad_destroy_server_key, 1357 .init_connection_security = rxkad_init_connection_security, 1358 .secure_packet = rxkad_secure_packet, 1359 .verify_packet = rxkad_verify_packet, 1360 .free_call_crypto = rxkad_free_call_crypto, 1361 .locate_data = rxkad_locate_data, 1362 .issue_challenge = rxkad_issue_challenge, 1363 .respond_to_challenge = rxkad_respond_to_challenge, 1364 .verify_response = rxkad_verify_response, 1365 .clear = rxkad_clear, 1366 }; 1367