RxRPC: Allow key payloads to be passed in XDR form

Allow add_key() and KEYCTL_INSTANTIATE to accept key payloads in XDR form as described by openafs-1.4.10/src/auth/afs_token.xg. This provides a way of passing kaserver, Kerberos 4, Kerberos 5 and GSSAPI keys from userspace, and allows for future expansion. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: David Howells <dhowells@redhat.com> 2009-09-13 21:17:35 -0400
committer: David S. Miller <davem@davemloft.net> 2009-09-15 05:44:23 -0400
commit: 339412841d7620f93fea805fbd7469f08186f458 (patch)
tree: e2d385d76e3b9361671411442c5253417f95d5a6 /net/rxrpc/rxkad.c
parent: 8b815477f382f96deefbe5bd4404fa7b31cf5dcf (diff)
1 files changed, 21 insertions, 20 deletions
diff --git a/net/rxrpc/rxkad.c b/net/rxrpc/rxkad.c
index acec76292c01..713ac593e2e9 100644
--- a/net/rxrpc/rxkad.c
+++ b/net/rxrpc/rxkad.c
@@ -18,6 +18,7 @@
 #include <linux/ctype.h>
 #include <net/sock.h>
 #include <net/af_rxrpc.h>
+#include <keys/rxrpc-type.h>
 #define rxrpc_debug rxkad_debug
 #include "ar-internal.h"
@@ -59,14 +60,14 @@ static DEFINE_MUTEX(rxkad_ci_mutex);
 */
 static int rxkad_init_connection_security(struct rxrpc_connection *conn)
 {
-        struct rxrpc_key_payload *payload;
        struct crypto_blkcipher *ci;
+        struct rxrpc_key_token *token;
        int ret;
        _enter("{%d},{%x}", conn->debug_id, key_serial(conn->key));
-        payload = conn->key->payload.data;
+        token = conn->key->payload.data;
-        conn->security_ix = payload->k.security_index;
+        conn->security_ix = token->security_index;
        ci = crypto_alloc_blkcipher("pcbc(fcrypt)", 0, CRYPTO_ALG_ASYNC);
        if (IS_ERR(ci)) {
@@ -75,8 +76,8 @@ static int rxkad_init_connection_security(struct rxrpc_connection *conn)
                goto error;
        }
-        if (crypto_blkcipher_setkey(ci, payload->k.session_key,
+        if (crypto_blkcipher_setkey(ci, token->kad->session_key,
-                                    sizeof(payload->k.session_key)) < 0)
+                                    sizeof(token->kad->session_key)) < 0)
                BUG();
        switch (conn->security_level) {
@@ -110,7 +111,7 @@ error:
 */
 static void rxkad_prime_packet_security(struct rxrpc_connection *conn)
 {
-        struct rxrpc_key_payload *payload;
+        struct rxrpc_key_token *token;
        struct blkcipher_desc desc;
        struct scatterlist sg[2];
        struct rxrpc_crypt iv;
@@ -123,8 +124,8 @@ static void rxkad_prime_packet_security(struct rxrpc_connection *conn)
        if (!conn->key)
                return;
-        payload = conn->key->payload.data;
+        token = conn->key->payload.data;
-        memcpy(&iv, payload->k.session_key, sizeof(iv));
+        memcpy(&iv, token->kad->session_key, sizeof(iv));
        desc.tfm = conn->cipher;
        desc.info = iv.x;
@@ -197,7 +198,7 @@ static int rxkad_secure_packet_encrypt(const struct rxrpc_call *call,
                                        u32 data_size,
                                        void *sechdr)
 {
-        const struct rxrpc_key_payload *payload;
+        const struct rxrpc_key_token *token;
        struct rxkad_level2_hdr rxkhdr
                __attribute__((aligned(8))); /* must be all on one page */
        struct rxrpc_skb_priv *sp;
@@ -219,8 +220,8 @@ static int rxkad_secure_packet_encrypt(const struct rxrpc_call *call,
        rxkhdr.checksum = 0;
        /* encrypt from the session key */
-        payload = call->conn->key->payload.data;
+        token = call->conn->key->payload.data;
-        memcpy(&iv, payload->k.session_key, sizeof(iv));
+        memcpy(&iv, token->kad->session_key, sizeof(iv));
        desc.tfm = call->conn->cipher;
        desc.info = iv.x;
        desc.flags = 0;
@@ -400,7 +401,7 @@ static int rxkad_verify_packet_encrypt(const struct rxrpc_call *call,
                                       struct sk_buff *skb,
                                       u32 *_abort_code)
 {
-        const struct rxrpc_key_payload *payload;
+        const struct rxrpc_key_token *token;
        struct rxkad_level2_hdr sechdr;
        struct rxrpc_skb_priv *sp;
        struct blkcipher_desc desc;
@@ -431,8 +432,8 @@ static int rxkad_verify_packet_encrypt(const struct rxrpc_call *call,
        skb_to_sgvec(skb, sg, 0, skb->len);
        /* decrypt from the session key */
-        payload = call->conn->key->payload.data;
+        token = call->conn->key->payload.data;
-        memcpy(&iv, payload->k.session_key, sizeof(iv));
+        memcpy(&iv, token->kad->session_key, sizeof(iv));
        desc.tfm = call->conn->cipher;
        desc.info = iv.x;
        desc.flags = 0;
@@ -737,7 +738,7 @@ static int rxkad_respond_to_challenge(struct rxrpc_connection *conn,
                                      struct sk_buff *skb,
                                      u32 *_abort_code)
 {
-        const struct rxrpc_key_payload *payload;
+        const struct rxrpc_key_token *token;
        struct rxkad_challenge challenge;
        struct rxkad_response resp
                __attribute__((aligned(8))); /* must be aligned for crypto */
@@ -778,7 +779,7 @@ static int rxkad_respond_to_challenge(struct rxrpc_connection *conn,
        if (conn->security_level < min_level)
                goto protocol_error;
-        payload = conn->key->payload.data;
+        token = conn->key->payload.data;
        /* build the response packet */
        memset(&resp, 0, sizeof(resp));
@@ -797,13 +798,13 @@ static int rxkad_respond_to_challenge(struct rxrpc_connection *conn,
                (conn->channels[3] ? conn->channels[3]->call_id : 0);
        resp.encrypted.inc_nonce = htonl(nonce + 1);
        resp.encrypted.level = htonl(conn->security_level);
-        resp.kvno = htonl(payload->k.kvno);
+        resp.kvno = htonl(token->kad->kvno);
-        resp.ticket_len = htonl(payload->k.ticket_len);
+        resp.ticket_len = htonl(token->kad->ticket_len);
        /* calculate the response checksum and then do the encryption */
        rxkad_calc_response_checksum(&resp);
-        rxkad_encrypt_response(conn, &resp, &payload->k);
+        rxkad_encrypt_response(conn, &resp, token->kad);
-        return rxkad_send_response(conn, &sp->hdr, &resp, &payload->k);
+        return rxkad_send_response(conn, &sp->hdr, &resp, token->kad);
 protocol_error:
        *_abort_code = abort_code;
author	David Howells <dhowells@redhat.com>	2009-09-13 21:17:35 -0400
committer	David S. Miller <davem@davemloft.net>	2009-09-15 05:44:23 -0400
commit	339412841d7620f93fea805fbd7469f08186f458 (patch)
tree	e2d385d76e3b9361671411442c5253417f95d5a6 /net/rxrpc/rxkad.c
parent	8b815477f382f96deefbe5bd4404fa7b31cf5dcf (diff)