Commit | Line | Data |
---|---|---|
1da177e4 LT |
1 | /* |
2 | * linux/net/sunrpc/gss_spkm3_mech.c | |
3 | * | |
4 | * Copyright (c) 2003 The Regents of the University of Michigan. | |
5 | * All rights reserved. | |
6 | * | |
7 | * Andy Adamson <andros@umich.edu> | |
8 | * J. Bruce Fields <bfields@umich.edu> | |
9 | * | |
10 | * Redistribution and use in source and binary forms, with or without | |
11 | * modification, are permitted provided that the following conditions | |
12 | * are met: | |
13 | * | |
14 | * 1. Redistributions of source code must retain the above copyright | |
15 | * notice, this list of conditions and the following disclaimer. | |
16 | * 2. Redistributions in binary form must reproduce the above copyright | |
17 | * notice, this list of conditions and the following disclaimer in the | |
18 | * documentation and/or other materials provided with the distribution. | |
19 | * 3. Neither the name of the University nor the names of its | |
20 | * contributors may be used to endorse or promote products derived | |
21 | * from this software without specific prior written permission. | |
22 | * | |
23 | * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED | |
24 | * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF | |
25 | * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | |
26 | * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | |
27 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR | |
28 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | |
29 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR | |
30 | * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF | |
31 | * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | |
32 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS | |
33 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
34 | * | |
35 | */ | |
36 | ||
37 | #include <linux/module.h> | |
38 | #include <linux/init.h> | |
39 | #include <linux/types.h> | |
40 | #include <linux/slab.h> | |
41 | #include <linux/sunrpc/auth.h> | |
42 | #include <linux/in.h> | |
43 | #include <linux/sunrpc/svcauth_gss.h> | |
44 | #include <linux/sunrpc/gss_spkm3.h> | |
45 | #include <linux/sunrpc/xdr.h> | |
46 | #include <linux/crypto.h> | |
47 | ||
48 | #ifdef RPC_DEBUG | |
49 | # define RPCDBG_FACILITY RPCDBG_AUTH | |
50 | #endif | |
51 | ||
52 | static const void * | |
53 | simple_get_bytes(const void *p, const void *end, void *res, int len) | |
54 | { | |
55 | const void *q = (const void *)((const char *)p + len); | |
56 | if (unlikely(q > end || q < p)) | |
57 | return ERR_PTR(-EFAULT); | |
58 | memcpy(res, p, len); | |
59 | return q; | |
60 | } | |
61 | ||
62 | static const void * | |
63 | simple_get_netobj(const void *p, const void *end, struct xdr_netobj *res) | |
64 | { | |
65 | const void *q; | |
66 | unsigned int len; | |
67 | p = simple_get_bytes(p, end, &len, sizeof(len)); | |
68 | if (IS_ERR(p)) | |
69 | return p; | |
70 | res->len = len; | |
71 | if (len == 0) { | |
72 | res->data = NULL; | |
73 | return p; | |
74 | } | |
75 | q = (const void *)((const char *)p + len); | |
76 | if (unlikely(q > end || q < p)) | |
77 | return ERR_PTR(-EFAULT); | |
78 | res->data = kmalloc(len, GFP_KERNEL); | |
79 | if (unlikely(res->data == NULL)) | |
80 | return ERR_PTR(-ENOMEM); | |
81 | memcpy(res->data, p, len); | |
82 | return q; | |
83 | } | |
84 | ||
85 | static inline const void * | |
86 | get_key(const void *p, const void *end, struct crypto_tfm **res, int *resalg) | |
87 | { | |
88 | struct xdr_netobj key = { 0 }; | |
89 | int alg_mode,setkey = 0; | |
90 | char *alg_name; | |
91 | ||
92 | p = simple_get_bytes(p, end, resalg, sizeof(*resalg)); | |
93 | if (IS_ERR(p)) | |
94 | goto out_err; | |
95 | p = simple_get_netobj(p, end, &key); | |
96 | if (IS_ERR(p)) | |
97 | goto out_err; | |
98 | ||
99 | switch (*resalg) { | |
100 | case NID_des_cbc: | |
101 | alg_name = "des"; | |
102 | alg_mode = CRYPTO_TFM_MODE_CBC; | |
103 | setkey = 1; | |
104 | break; | |
0e19c1ea BF |
105 | case NID_cast5_cbc: |
106 | /* XXXX here in name only, not used */ | |
107 | alg_name = "cast5"; | |
108 | alg_mode = CRYPTO_TFM_MODE_CBC; | |
109 | setkey = 0; /* XXX will need to set to 1 */ | |
110 | break; | |
1da177e4 LT |
111 | case NID_md5: |
112 | if (key.len == 0) { | |
113 | dprintk("RPC: SPKM3 get_key: NID_md5 zero Key length\n"); | |
114 | } | |
115 | alg_name = "md5"; | |
116 | alg_mode = 0; | |
117 | setkey = 0; | |
118 | break; | |
119 | default: | |
42181d4b | 120 | dprintk("gss_spkm3_mech: unsupported algorithm %d\n", *resalg); |
1da177e4 LT |
121 | goto out_err_free_key; |
122 | } | |
42181d4b BF |
123 | if (!(*res = crypto_alloc_tfm(alg_name, alg_mode))) { |
124 | printk("gss_spkm3_mech: unable to initialize crypto algorthm %s\n", alg_name); | |
1da177e4 | 125 | goto out_err_free_key; |
42181d4b | 126 | } |
1da177e4 | 127 | if (setkey) { |
42181d4b BF |
128 | if (crypto_cipher_setkey(*res, key.data, key.len)) { |
129 | printk("gss_spkm3_mech: error setting key for crypto algorthm %s\n", alg_name); | |
1da177e4 | 130 | goto out_err_free_tfm; |
42181d4b | 131 | } |
1da177e4 LT |
132 | } |
133 | ||
134 | if(key.len > 0) | |
135 | kfree(key.data); | |
136 | return p; | |
137 | ||
138 | out_err_free_tfm: | |
139 | crypto_free_tfm(*res); | |
140 | out_err_free_key: | |
141 | if(key.len > 0) | |
142 | kfree(key.data); | |
143 | p = ERR_PTR(-EINVAL); | |
144 | out_err: | |
145 | return p; | |
146 | } | |
147 | ||
148 | static int | |
149 | gss_import_sec_context_spkm3(const void *p, size_t len, | |
150 | struct gss_ctx *ctx_id) | |
151 | { | |
152 | const void *end = (const void *)((const char *)p + len); | |
153 | struct spkm3_ctx *ctx; | |
154 | ||
155 | if (!(ctx = kmalloc(sizeof(*ctx), GFP_KERNEL))) | |
156 | goto out_err; | |
157 | memset(ctx, 0, sizeof(*ctx)); | |
158 | ||
159 | p = simple_get_netobj(p, end, &ctx->ctx_id); | |
160 | if (IS_ERR(p)) | |
161 | goto out_err_free_ctx; | |
162 | ||
163 | p = simple_get_bytes(p, end, &ctx->qop, sizeof(ctx->qop)); | |
164 | if (IS_ERR(p)) | |
165 | goto out_err_free_ctx_id; | |
166 | ||
167 | p = simple_get_netobj(p, end, &ctx->mech_used); | |
168 | if (IS_ERR(p)) | |
169 | goto out_err_free_mech; | |
170 | ||
171 | p = simple_get_bytes(p, end, &ctx->ret_flags, sizeof(ctx->ret_flags)); | |
172 | if (IS_ERR(p)) | |
173 | goto out_err_free_mech; | |
174 | ||
175 | p = simple_get_bytes(p, end, &ctx->req_flags, sizeof(ctx->req_flags)); | |
176 | if (IS_ERR(p)) | |
177 | goto out_err_free_mech; | |
178 | ||
179 | p = simple_get_netobj(p, end, &ctx->share_key); | |
180 | if (IS_ERR(p)) | |
181 | goto out_err_free_s_key; | |
182 | ||
183 | p = get_key(p, end, &ctx->derived_conf_key, &ctx->conf_alg); | |
184 | if (IS_ERR(p)) | |
185 | goto out_err_free_s_key; | |
186 | ||
187 | p = get_key(p, end, &ctx->derived_integ_key, &ctx->intg_alg); | |
188 | if (IS_ERR(p)) | |
189 | goto out_err_free_key1; | |
190 | ||
191 | p = simple_get_bytes(p, end, &ctx->keyestb_alg, sizeof(ctx->keyestb_alg)); | |
192 | if (IS_ERR(p)) | |
193 | goto out_err_free_key2; | |
194 | ||
195 | p = simple_get_bytes(p, end, &ctx->owf_alg, sizeof(ctx->owf_alg)); | |
196 | if (IS_ERR(p)) | |
197 | goto out_err_free_key2; | |
198 | ||
199 | if (p != end) | |
200 | goto out_err_free_key2; | |
201 | ||
202 | ctx_id->internal_ctx_id = ctx; | |
203 | ||
d6e05edc | 204 | dprintk("Successfully imported new spkm context.\n"); |
1da177e4 LT |
205 | return 0; |
206 | ||
207 | out_err_free_key2: | |
208 | crypto_free_tfm(ctx->derived_integ_key); | |
209 | out_err_free_key1: | |
210 | crypto_free_tfm(ctx->derived_conf_key); | |
211 | out_err_free_s_key: | |
212 | kfree(ctx->share_key.data); | |
213 | out_err_free_mech: | |
214 | kfree(ctx->mech_used.data); | |
215 | out_err_free_ctx_id: | |
216 | kfree(ctx->ctx_id.data); | |
217 | out_err_free_ctx: | |
218 | kfree(ctx); | |
219 | out_err: | |
220 | return PTR_ERR(p); | |
221 | } | |
222 | ||
223 | static void | |
224 | gss_delete_sec_context_spkm3(void *internal_ctx) { | |
225 | struct spkm3_ctx *sctx = internal_ctx; | |
226 | ||
573dbd95 JJ |
227 | crypto_free_tfm(sctx->derived_integ_key); |
228 | crypto_free_tfm(sctx->derived_conf_key); | |
229 | kfree(sctx->share_key.data); | |
230 | kfree(sctx->mech_used.data); | |
1da177e4 LT |
231 | kfree(sctx); |
232 | } | |
233 | ||
234 | static u32 | |
235 | gss_verify_mic_spkm3(struct gss_ctx *ctx, | |
236 | struct xdr_buf *signbuf, | |
00fd6e14 BF |
237 | struct xdr_netobj *checksum) |
238 | { | |
1da177e4 | 239 | u32 maj_stat = 0; |
1da177e4 LT |
240 | struct spkm3_ctx *sctx = ctx->internal_ctx_id; |
241 | ||
242 | dprintk("RPC: gss_verify_mic_spkm3 calling spkm3_read_token\n"); | |
00fd6e14 | 243 | maj_stat = spkm3_read_token(sctx, checksum, signbuf, SPKM_MIC_TOK); |
1da177e4 LT |
244 | |
245 | dprintk("RPC: gss_verify_mic_spkm3 returning %d\n", maj_stat); | |
246 | return maj_stat; | |
247 | } | |
248 | ||
249 | static u32 | |
250 | gss_get_mic_spkm3(struct gss_ctx *ctx, | |
1da177e4 | 251 | struct xdr_buf *message_buffer, |
00fd6e14 BF |
252 | struct xdr_netobj *message_token) |
253 | { | |
1da177e4 LT |
254 | u32 err = 0; |
255 | struct spkm3_ctx *sctx = ctx->internal_ctx_id; | |
256 | ||
257 | dprintk("RPC: gss_get_mic_spkm3\n"); | |
258 | ||
00fd6e14 | 259 | err = spkm3_make_token(sctx, message_buffer, |
1da177e4 LT |
260 | message_token, SPKM_MIC_TOK); |
261 | return err; | |
262 | } | |
263 | ||
264 | static struct gss_api_ops gss_spkm3_ops = { | |
265 | .gss_import_sec_context = gss_import_sec_context_spkm3, | |
266 | .gss_get_mic = gss_get_mic_spkm3, | |
267 | .gss_verify_mic = gss_verify_mic_spkm3, | |
268 | .gss_delete_sec_context = gss_delete_sec_context_spkm3, | |
269 | }; | |
270 | ||
271 | static struct pf_desc gss_spkm3_pfs[] = { | |
00fd6e14 BF |
272 | {RPC_AUTH_GSS_SPKM, RPC_GSS_SVC_NONE, "spkm3"}, |
273 | {RPC_AUTH_GSS_SPKMI, RPC_GSS_SVC_INTEGRITY, "spkm3i"}, | |
1da177e4 LT |
274 | }; |
275 | ||
276 | static struct gss_api_mech gss_spkm3_mech = { | |
277 | .gm_name = "spkm3", | |
278 | .gm_owner = THIS_MODULE, | |
279 | .gm_ops = &gss_spkm3_ops, | |
280 | .gm_pf_num = ARRAY_SIZE(gss_spkm3_pfs), | |
281 | .gm_pfs = gss_spkm3_pfs, | |
282 | }; | |
283 | ||
284 | static int __init init_spkm3_module(void) | |
285 | { | |
286 | int status; | |
287 | ||
288 | status = gss_mech_register(&gss_spkm3_mech); | |
289 | if (status) | |
290 | printk("Failed to register spkm3 gss mechanism!\n"); | |
291 | return 0; | |
292 | } | |
293 | ||
294 | static void __exit cleanup_spkm3_module(void) | |
295 | { | |
296 | gss_mech_unregister(&gss_spkm3_mech); | |
297 | } | |
298 | ||
299 | MODULE_LICENSE("GPL"); | |
300 | module_init(init_spkm3_module); | |
301 | module_exit(cleanup_spkm3_module); |