diff options
author | J. Bruce Fields <bfields@fieldses.org> | 2005-10-13 16:55:13 -0400 |
---|---|---|
committer | Trond Myklebust <Trond.Myklebust@netapp.com> | 2005-10-19 02:19:46 -0400 |
commit | 14ae162c24d985593d5b19437d7f3d8fd0062b59 (patch) | |
tree | 750fbc08e6a6e0cb00bfad7c871144a757ac43de /net/sunrpc/auth_gss | |
parent | bfa91516b57483fc9c81d8d90325fd2c3c16ac48 (diff) |
RPCSEC_GSS: Add support for privacy to krb5 rpcsec_gss mechanism.
Add support for privacy to the krb5 rpcsec_gss mechanism.
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Diffstat (limited to 'net/sunrpc/auth_gss')
-rw-r--r-- | net/sunrpc/auth_gss/Makefile | 2 | ||||
-rw-r--r-- | net/sunrpc/auth_gss/gss_krb5_crypto.c | 156 | ||||
-rw-r--r-- | net/sunrpc/auth_gss/gss_krb5_mech.c | 7 | ||||
-rw-r--r-- | net/sunrpc/auth_gss/gss_krb5_seal.c | 4 | ||||
-rw-r--r-- | net/sunrpc/auth_gss/gss_krb5_unseal.c | 2 | ||||
-rw-r--r-- | net/sunrpc/auth_gss/gss_krb5_wrap.c | 370 |
6 files changed, 535 insertions, 6 deletions
diff --git a/net/sunrpc/auth_gss/Makefile b/net/sunrpc/auth_gss/Makefile index fe1b874084bc..f3431a7e33da 100644 --- a/net/sunrpc/auth_gss/Makefile +++ b/net/sunrpc/auth_gss/Makefile | |||
@@ -10,7 +10,7 @@ auth_rpcgss-objs := auth_gss.o gss_generic_token.o \ | |||
10 | obj-$(CONFIG_RPCSEC_GSS_KRB5) += rpcsec_gss_krb5.o | 10 | obj-$(CONFIG_RPCSEC_GSS_KRB5) += rpcsec_gss_krb5.o |
11 | 11 | ||
12 | rpcsec_gss_krb5-objs := gss_krb5_mech.o gss_krb5_seal.o gss_krb5_unseal.o \ | 12 | rpcsec_gss_krb5-objs := gss_krb5_mech.o gss_krb5_seal.o gss_krb5_unseal.o \ |
13 | gss_krb5_seqnum.o | 13 | gss_krb5_seqnum.o gss_krb5_wrap.o |
14 | 14 | ||
15 | obj-$(CONFIG_RPCSEC_GSS_SPKM3) += rpcsec_gss_spkm3.o | 15 | obj-$(CONFIG_RPCSEC_GSS_SPKM3) += rpcsec_gss_spkm3.o |
16 | 16 | ||
diff --git a/net/sunrpc/auth_gss/gss_krb5_crypto.c b/net/sunrpc/auth_gss/gss_krb5_crypto.c index 2baf93f8b8f5..3f3d5437f02d 100644 --- a/net/sunrpc/auth_gss/gss_krb5_crypto.c +++ b/net/sunrpc/auth_gss/gss_krb5_crypto.c | |||
@@ -218,7 +218,7 @@ checksummer(struct scatterlist *sg, void *data) | |||
218 | /* checksum the plaintext data and hdrlen bytes of the token header */ | 218 | /* checksum the plaintext data and hdrlen bytes of the token header */ |
219 | s32 | 219 | s32 |
220 | make_checksum(s32 cksumtype, char *header, int hdrlen, struct xdr_buf *body, | 220 | make_checksum(s32 cksumtype, char *header, int hdrlen, struct xdr_buf *body, |
221 | struct xdr_netobj *cksum) | 221 | int body_offset, struct xdr_netobj *cksum) |
222 | { | 222 | { |
223 | char *cksumname; | 223 | char *cksumname; |
224 | struct crypto_tfm *tfm = NULL; /* XXX add to ctx? */ | 224 | struct crypto_tfm *tfm = NULL; /* XXX add to ctx? */ |
@@ -243,7 +243,8 @@ make_checksum(s32 cksumtype, char *header, int hdrlen, struct xdr_buf *body, | |||
243 | crypto_digest_init(tfm); | 243 | crypto_digest_init(tfm); |
244 | buf_to_sg(sg, header, hdrlen); | 244 | buf_to_sg(sg, header, hdrlen); |
245 | crypto_digest_update(tfm, sg, 1); | 245 | crypto_digest_update(tfm, sg, 1); |
246 | process_xdr_buf(body, 0, body->len, checksummer, tfm); | 246 | process_xdr_buf(body, body_offset, body->len - body_offset, |
247 | checksummer, tfm); | ||
247 | crypto_digest_final(tfm, cksum->data); | 248 | crypto_digest_final(tfm, cksum->data); |
248 | code = 0; | 249 | code = 0; |
249 | out: | 250 | out: |
@@ -252,3 +253,154 @@ out: | |||
252 | } | 253 | } |
253 | 254 | ||
254 | EXPORT_SYMBOL(make_checksum); | 255 | EXPORT_SYMBOL(make_checksum); |
256 | |||
257 | struct encryptor_desc { | ||
258 | u8 iv[8]; /* XXX hard-coded blocksize */ | ||
259 | struct crypto_tfm *tfm; | ||
260 | int pos; | ||
261 | struct xdr_buf *outbuf; | ||
262 | struct page **pages; | ||
263 | struct scatterlist infrags[4]; | ||
264 | struct scatterlist outfrags[4]; | ||
265 | int fragno; | ||
266 | int fraglen; | ||
267 | }; | ||
268 | |||
269 | static int | ||
270 | encryptor(struct scatterlist *sg, void *data) | ||
271 | { | ||
272 | struct encryptor_desc *desc = data; | ||
273 | struct xdr_buf *outbuf = desc->outbuf; | ||
274 | struct page *in_page; | ||
275 | int thislen = desc->fraglen + sg->length; | ||
276 | int fraglen, ret; | ||
277 | int page_pos; | ||
278 | |||
279 | /* Worst case is 4 fragments: head, end of page 1, start | ||
280 | * of page 2, tail. Anything more is a bug. */ | ||
281 | BUG_ON(desc->fragno > 3); | ||
282 | desc->infrags[desc->fragno] = *sg; | ||
283 | desc->outfrags[desc->fragno] = *sg; | ||
284 | |||
285 | page_pos = desc->pos - outbuf->head[0].iov_len; | ||
286 | if (page_pos >= 0 && page_pos < outbuf->page_len) { | ||
287 | /* pages are not in place: */ | ||
288 | int i = (page_pos + outbuf->page_base) >> PAGE_CACHE_SHIFT; | ||
289 | in_page = desc->pages[i]; | ||
290 | } else { | ||
291 | in_page = sg->page; | ||
292 | } | ||
293 | desc->infrags[desc->fragno].page = in_page; | ||
294 | desc->fragno++; | ||
295 | desc->fraglen += sg->length; | ||
296 | desc->pos += sg->length; | ||
297 | |||
298 | fraglen = thislen & 7; /* XXX hardcoded blocksize */ | ||
299 | thislen -= fraglen; | ||
300 | |||
301 | if (thislen == 0) | ||
302 | return 0; | ||
303 | |||
304 | ret = crypto_cipher_encrypt_iv(desc->tfm, desc->outfrags, desc->infrags, | ||
305 | thislen, desc->iv); | ||
306 | if (ret) | ||
307 | return ret; | ||
308 | if (fraglen) { | ||
309 | desc->outfrags[0].page = sg->page; | ||
310 | desc->outfrags[0].offset = sg->offset + sg->length - fraglen; | ||
311 | desc->outfrags[0].length = fraglen; | ||
312 | desc->infrags[0] = desc->outfrags[0]; | ||
313 | desc->infrags[0].page = in_page; | ||
314 | desc->fragno = 1; | ||
315 | desc->fraglen = fraglen; | ||
316 | } else { | ||
317 | desc->fragno = 0; | ||
318 | desc->fraglen = 0; | ||
319 | } | ||
320 | return 0; | ||
321 | } | ||
322 | |||
323 | int | ||
324 | gss_encrypt_xdr_buf(struct crypto_tfm *tfm, struct xdr_buf *buf, int offset, | ||
325 | struct page **pages) | ||
326 | { | ||
327 | int ret; | ||
328 | struct encryptor_desc desc; | ||
329 | |||
330 | BUG_ON((buf->len - offset) % crypto_tfm_alg_blocksize(tfm) != 0); | ||
331 | |||
332 | memset(desc.iv, 0, sizeof(desc.iv)); | ||
333 | desc.tfm = tfm; | ||
334 | desc.pos = offset; | ||
335 | desc.outbuf = buf; | ||
336 | desc.pages = pages; | ||
337 | desc.fragno = 0; | ||
338 | desc.fraglen = 0; | ||
339 | |||
340 | ret = process_xdr_buf(buf, offset, buf->len - offset, encryptor, &desc); | ||
341 | return ret; | ||
342 | } | ||
343 | |||
344 | EXPORT_SYMBOL(gss_encrypt_xdr_buf); | ||
345 | |||
346 | struct decryptor_desc { | ||
347 | u8 iv[8]; /* XXX hard-coded blocksize */ | ||
348 | struct crypto_tfm *tfm; | ||
349 | struct scatterlist frags[4]; | ||
350 | int fragno; | ||
351 | int fraglen; | ||
352 | }; | ||
353 | |||
354 | static int | ||
355 | decryptor(struct scatterlist *sg, void *data) | ||
356 | { | ||
357 | struct decryptor_desc *desc = data; | ||
358 | int thislen = desc->fraglen + sg->length; | ||
359 | int fraglen, ret; | ||
360 | |||
361 | /* Worst case is 4 fragments: head, end of page 1, start | ||
362 | * of page 2, tail. Anything more is a bug. */ | ||
363 | BUG_ON(desc->fragno > 3); | ||
364 | desc->frags[desc->fragno] = *sg; | ||
365 | desc->fragno++; | ||
366 | desc->fraglen += sg->length; | ||
367 | |||
368 | fraglen = thislen & 7; /* XXX hardcoded blocksize */ | ||
369 | thislen -= fraglen; | ||
370 | |||
371 | if (thislen == 0) | ||
372 | return 0; | ||
373 | |||
374 | ret = crypto_cipher_decrypt_iv(desc->tfm, desc->frags, desc->frags, | ||
375 | thislen, desc->iv); | ||
376 | if (ret) | ||
377 | return ret; | ||
378 | if (fraglen) { | ||
379 | desc->frags[0].page = sg->page; | ||
380 | desc->frags[0].offset = sg->offset + sg->length - fraglen; | ||
381 | desc->frags[0].length = fraglen; | ||
382 | desc->fragno = 1; | ||
383 | desc->fraglen = fraglen; | ||
384 | } else { | ||
385 | desc->fragno = 0; | ||
386 | desc->fraglen = 0; | ||
387 | } | ||
388 | return 0; | ||
389 | } | ||
390 | |||
391 | int | ||
392 | gss_decrypt_xdr_buf(struct crypto_tfm *tfm, struct xdr_buf *buf, int offset) | ||
393 | { | ||
394 | struct decryptor_desc desc; | ||
395 | |||
396 | /* XXXJBF: */ | ||
397 | BUG_ON((buf->len - offset) % crypto_tfm_alg_blocksize(tfm) != 0); | ||
398 | |||
399 | memset(desc.iv, 0, sizeof(desc.iv)); | ||
400 | desc.tfm = tfm; | ||
401 | desc.fragno = 0; | ||
402 | desc.fraglen = 0; | ||
403 | return process_xdr_buf(buf, offset, buf->len - offset, decryptor, &desc); | ||
404 | } | ||
405 | |||
406 | EXPORT_SYMBOL(gss_decrypt_xdr_buf); | ||
diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c b/net/sunrpc/auth_gss/gss_krb5_mech.c index 8b9066fdfda5..37a9ad97ccd4 100644 --- a/net/sunrpc/auth_gss/gss_krb5_mech.c +++ b/net/sunrpc/auth_gss/gss_krb5_mech.c | |||
@@ -226,6 +226,8 @@ static struct gss_api_ops gss_kerberos_ops = { | |||
226 | .gss_import_sec_context = gss_import_sec_context_kerberos, | 226 | .gss_import_sec_context = gss_import_sec_context_kerberos, |
227 | .gss_get_mic = gss_get_mic_kerberos, | 227 | .gss_get_mic = gss_get_mic_kerberos, |
228 | .gss_verify_mic = gss_verify_mic_kerberos, | 228 | .gss_verify_mic = gss_verify_mic_kerberos, |
229 | .gss_wrap = gss_wrap_kerberos, | ||
230 | .gss_unwrap = gss_unwrap_kerberos, | ||
229 | .gss_delete_sec_context = gss_delete_sec_context_kerberos, | 231 | .gss_delete_sec_context = gss_delete_sec_context_kerberos, |
230 | }; | 232 | }; |
231 | 233 | ||
@@ -240,6 +242,11 @@ static struct pf_desc gss_kerberos_pfs[] = { | |||
240 | .service = RPC_GSS_SVC_INTEGRITY, | 242 | .service = RPC_GSS_SVC_INTEGRITY, |
241 | .name = "krb5i", | 243 | .name = "krb5i", |
242 | }, | 244 | }, |
245 | [2] = { | ||
246 | .pseudoflavor = RPC_AUTH_GSS_KRB5P, | ||
247 | .service = RPC_GSS_SVC_PRIVACY, | ||
248 | .name = "krb5p", | ||
249 | }, | ||
243 | }; | 250 | }; |
244 | 251 | ||
245 | static struct gss_api_mech gss_kerberos_mech = { | 252 | static struct gss_api_mech gss_kerberos_mech = { |
diff --git a/net/sunrpc/auth_gss/gss_krb5_seal.c b/net/sunrpc/auth_gss/gss_krb5_seal.c index 2511834e6e52..fb852d9ab06f 100644 --- a/net/sunrpc/auth_gss/gss_krb5_seal.c +++ b/net/sunrpc/auth_gss/gss_krb5_seal.c | |||
@@ -116,8 +116,8 @@ krb5_make_token(struct krb5_ctx *ctx, int qop_req, | |||
116 | *(u16 *)(krb5_hdr + 2) = htons(ctx->signalg); | 116 | *(u16 *)(krb5_hdr + 2) = htons(ctx->signalg); |
117 | memset(krb5_hdr + 4, 0xff, 4); | 117 | memset(krb5_hdr + 4, 0xff, 4); |
118 | 118 | ||
119 | if (make_checksum(checksum_type, krb5_hdr, 8, text, &md5cksum)) | 119 | if (make_checksum(checksum_type, krb5_hdr, 8, text, 0, &md5cksum)) |
120 | goto out_err; | 120 | goto out_err; |
121 | 121 | ||
122 | switch (ctx->signalg) { | 122 | switch (ctx->signalg) { |
123 | case SGN_ALG_DES_MAC_MD5: | 123 | case SGN_ALG_DES_MAC_MD5: |
diff --git a/net/sunrpc/auth_gss/gss_krb5_unseal.c b/net/sunrpc/auth_gss/gss_krb5_unseal.c index 19eba3df6607..c3d6d1bc100c 100644 --- a/net/sunrpc/auth_gss/gss_krb5_unseal.c +++ b/net/sunrpc/auth_gss/gss_krb5_unseal.c | |||
@@ -136,7 +136,7 @@ krb5_read_token(struct krb5_ctx *ctx, | |||
136 | switch (signalg) { | 136 | switch (signalg) { |
137 | case SGN_ALG_DES_MAC_MD5: | 137 | case SGN_ALG_DES_MAC_MD5: |
138 | ret = make_checksum(checksum_type, ptr - 2, 8, | 138 | ret = make_checksum(checksum_type, ptr - 2, 8, |
139 | message_buffer, &md5cksum); | 139 | message_buffer, 0, &md5cksum); |
140 | if (ret) | 140 | if (ret) |
141 | goto out; | 141 | goto out; |
142 | 142 | ||
diff --git a/net/sunrpc/auth_gss/gss_krb5_wrap.c b/net/sunrpc/auth_gss/gss_krb5_wrap.c new file mode 100644 index 000000000000..ddcde6e42b23 --- /dev/null +++ b/net/sunrpc/auth_gss/gss_krb5_wrap.c | |||
@@ -0,0 +1,370 @@ | |||
1 | #include <linux/types.h> | ||
2 | #include <linux/slab.h> | ||
3 | #include <linux/jiffies.h> | ||
4 | #include <linux/sunrpc/gss_krb5.h> | ||
5 | #include <linux/random.h> | ||
6 | #include <linux/pagemap.h> | ||
7 | #include <asm/scatterlist.h> | ||
8 | #include <linux/crypto.h> | ||
9 | |||
10 | #ifdef RPC_DEBUG | ||
11 | # define RPCDBG_FACILITY RPCDBG_AUTH | ||
12 | #endif | ||
13 | |||
14 | static inline int | ||
15 | gss_krb5_padding(int blocksize, int length) | ||
16 | { | ||
17 | /* Most of the code is block-size independent but currently we | ||
18 | * use only 8: */ | ||
19 | BUG_ON(blocksize != 8); | ||
20 | return 8 - (length & 7); | ||
21 | } | ||
22 | |||
23 | static inline void | ||
24 | gss_krb5_add_padding(struct xdr_buf *buf, int offset, int blocksize) | ||
25 | { | ||
26 | int padding = gss_krb5_padding(blocksize, buf->len - offset); | ||
27 | char *p; | ||
28 | struct kvec *iov; | ||
29 | |||
30 | if (buf->page_len || buf->tail[0].iov_len) | ||
31 | iov = &buf->tail[0]; | ||
32 | else | ||
33 | iov = &buf->head[0]; | ||
34 | p = iov->iov_base + iov->iov_len; | ||
35 | iov->iov_len += padding; | ||
36 | buf->len += padding; | ||
37 | memset(p, padding, padding); | ||
38 | } | ||
39 | |||
40 | static inline int | ||
41 | gss_krb5_remove_padding(struct xdr_buf *buf, int blocksize) | ||
42 | { | ||
43 | u8 *ptr; | ||
44 | u8 pad; | ||
45 | int len = buf->len; | ||
46 | |||
47 | if (len <= buf->head[0].iov_len) { | ||
48 | pad = *(u8 *)(buf->head[0].iov_base + len - 1); | ||
49 | if (pad > buf->head[0].iov_len) | ||
50 | return -EINVAL; | ||
51 | buf->head[0].iov_len -= pad; | ||
52 | goto out; | ||
53 | } else | ||
54 | len -= buf->head[0].iov_len; | ||
55 | if (len <= buf->page_len) { | ||
56 | int last = (buf->page_base + len - 1) | ||
57 | >>PAGE_CACHE_SHIFT; | ||
58 | int offset = (buf->page_base + len - 1) | ||
59 | & (PAGE_CACHE_SIZE - 1); | ||
60 | ptr = kmap_atomic(buf->pages[last], KM_SKB_SUNRPC_DATA); | ||
61 | pad = *(ptr + offset); | ||
62 | kunmap_atomic(ptr, KM_SKB_SUNRPC_DATA); | ||
63 | goto out; | ||
64 | } else | ||
65 | len -= buf->page_len; | ||
66 | BUG_ON(len > buf->tail[0].iov_len); | ||
67 | pad = *(u8 *)(buf->tail[0].iov_base + len - 1); | ||
68 | out: | ||
69 | /* XXX: NOTE: we do not adjust the page lengths--they represent | ||
70 | * a range of data in the real filesystem page cache, and we need | ||
71 | * to know that range so the xdr code can properly place read data. | ||
72 | * However adjusting the head length, as we do above, is harmless. | ||
73 | * In the case of a request that fits into a single page, the server | ||
74 | * also uses length and head length together to determine the original | ||
75 | * start of the request to copy the request for deferal; so it's | ||
76 | * easier on the server if we adjust head and tail length in tandem. | ||
77 | * It's not really a problem that we don't fool with the page and | ||
78 | * tail lengths, though--at worst badly formed xdr might lead the | ||
79 | * server to attempt to parse the padding. | ||
80 | * XXX: Document all these weird requirements for gss mechanism | ||
81 | * wrap/unwrap functions. */ | ||
82 | if (pad > blocksize) | ||
83 | return -EINVAL; | ||
84 | if (buf->len > pad) | ||
85 | buf->len -= pad; | ||
86 | else | ||
87 | return -EINVAL; | ||
88 | return 0; | ||
89 | } | ||
90 | |||
91 | static inline void | ||
92 | make_confounder(char *p, int blocksize) | ||
93 | { | ||
94 | static u64 i = 0; | ||
95 | u64 *q = (u64 *)p; | ||
96 | |||
97 | /* rfc1964 claims this should be "random". But all that's really | ||
98 | * necessary is that it be unique. And not even that is necessary in | ||
99 | * our case since our "gssapi" implementation exists only to support | ||
100 | * rpcsec_gss, so we know that the only buffers we will ever encrypt | ||
101 | * already begin with a unique sequence number. Just to hedge my bets | ||
102 | * I'll make a half-hearted attempt at something unique, but ensuring | ||
103 | * uniqueness would mean worrying about atomicity and rollover, and I | ||
104 | * don't care enough. */ | ||
105 | |||
106 | BUG_ON(blocksize != 8); | ||
107 | *q = i++; | ||
108 | } | ||
109 | |||
110 | /* Assumptions: the head and tail of inbuf are ours to play with. | ||
111 | * The pages, however, may be real pages in the page cache and we replace | ||
112 | * them with scratch pages from **pages before writing to them. */ | ||
113 | /* XXX: obviously the above should be documentation of wrap interface, | ||
114 | * and shouldn't be in this kerberos-specific file. */ | ||
115 | |||
116 | /* XXX factor out common code with seal/unseal. */ | ||
117 | |||
118 | u32 | ||
119 | gss_wrap_kerberos(struct gss_ctx *ctx, u32 qop, int offset, | ||
120 | struct xdr_buf *buf, struct page **pages) | ||
121 | { | ||
122 | struct krb5_ctx *kctx = ctx->internal_ctx_id; | ||
123 | s32 checksum_type; | ||
124 | struct xdr_netobj md5cksum = {.len = 0, .data = NULL}; | ||
125 | int blocksize = 0, plainlen; | ||
126 | unsigned char *ptr, *krb5_hdr, *msg_start; | ||
127 | s32 now; | ||
128 | int headlen; | ||
129 | struct page **tmp_pages; | ||
130 | |||
131 | dprintk("RPC: gss_wrap_kerberos\n"); | ||
132 | |||
133 | now = get_seconds(); | ||
134 | |||
135 | if (qop != 0) | ||
136 | goto out_err; | ||
137 | |||
138 | switch (kctx->signalg) { | ||
139 | case SGN_ALG_DES_MAC_MD5: | ||
140 | checksum_type = CKSUMTYPE_RSA_MD5; | ||
141 | break; | ||
142 | default: | ||
143 | dprintk("RPC: gss_krb5_seal: kctx->signalg %d not" | ||
144 | " supported\n", kctx->signalg); | ||
145 | goto out_err; | ||
146 | } | ||
147 | if (kctx->sealalg != SEAL_ALG_NONE && kctx->sealalg != SEAL_ALG_DES) { | ||
148 | dprintk("RPC: gss_krb5_seal: kctx->sealalg %d not supported\n", | ||
149 | kctx->sealalg); | ||
150 | goto out_err; | ||
151 | } | ||
152 | |||
153 | blocksize = crypto_tfm_alg_blocksize(kctx->enc); | ||
154 | gss_krb5_add_padding(buf, offset, blocksize); | ||
155 | BUG_ON((buf->len - offset) % blocksize); | ||
156 | plainlen = blocksize + buf->len - offset; | ||
157 | |||
158 | headlen = g_token_size(&kctx->mech_used, 22 + plainlen) - | ||
159 | (buf->len - offset); | ||
160 | |||
161 | ptr = buf->head[0].iov_base + offset; | ||
162 | /* shift data to make room for header. */ | ||
163 | /* XXX Would be cleverer to encrypt while copying. */ | ||
164 | /* XXX bounds checking, slack, etc. */ | ||
165 | memmove(ptr + headlen, ptr, buf->head[0].iov_len - offset); | ||
166 | buf->head[0].iov_len += headlen; | ||
167 | buf->len += headlen; | ||
168 | BUG_ON((buf->len - offset - headlen) % blocksize); | ||
169 | |||
170 | g_make_token_header(&kctx->mech_used, 22 + plainlen, &ptr); | ||
171 | |||
172 | |||
173 | *ptr++ = (unsigned char) ((KG_TOK_WRAP_MSG>>8)&0xff); | ||
174 | *ptr++ = (unsigned char) (KG_TOK_WRAP_MSG&0xff); | ||
175 | |||
176 | /* ptr now at byte 2 of header described in rfc 1964, section 1.2.1: */ | ||
177 | krb5_hdr = ptr - 2; | ||
178 | msg_start = krb5_hdr + 24; | ||
179 | /* XXXJBF: */ BUG_ON(buf->head[0].iov_base + offset + headlen != msg_start + blocksize); | ||
180 | |||
181 | *(u16 *)(krb5_hdr + 2) = htons(kctx->signalg); | ||
182 | memset(krb5_hdr + 4, 0xff, 4); | ||
183 | *(u16 *)(krb5_hdr + 4) = htons(kctx->sealalg); | ||
184 | |||
185 | make_confounder(msg_start, blocksize); | ||
186 | |||
187 | /* XXXJBF: UGH!: */ | ||
188 | tmp_pages = buf->pages; | ||
189 | buf->pages = pages; | ||
190 | if (make_checksum(checksum_type, krb5_hdr, 8, buf, | ||
191 | offset + headlen - blocksize, &md5cksum)) | ||
192 | goto out_err; | ||
193 | buf->pages = tmp_pages; | ||
194 | |||
195 | switch (kctx->signalg) { | ||
196 | case SGN_ALG_DES_MAC_MD5: | ||
197 | if (krb5_encrypt(kctx->seq, NULL, md5cksum.data, | ||
198 | md5cksum.data, md5cksum.len)) | ||
199 | goto out_err; | ||
200 | memcpy(krb5_hdr + 16, | ||
201 | md5cksum.data + md5cksum.len - KRB5_CKSUM_LENGTH, | ||
202 | KRB5_CKSUM_LENGTH); | ||
203 | |||
204 | dprintk("RPC: make_seal_token: cksum data: \n"); | ||
205 | print_hexl((u32 *) (krb5_hdr + 16), KRB5_CKSUM_LENGTH, 0); | ||
206 | break; | ||
207 | default: | ||
208 | BUG(); | ||
209 | } | ||
210 | |||
211 | kfree(md5cksum.data); | ||
212 | |||
213 | /* XXX would probably be more efficient to compute checksum | ||
214 | * and encrypt at the same time: */ | ||
215 | if ((krb5_make_seq_num(kctx->seq, kctx->initiate ? 0 : 0xff, | ||
216 | kctx->seq_send, krb5_hdr + 16, krb5_hdr + 8))) | ||
217 | goto out_err; | ||
218 | |||
219 | if (gss_encrypt_xdr_buf(kctx->enc, buf, offset + headlen - blocksize, | ||
220 | pages)) | ||
221 | goto out_err; | ||
222 | |||
223 | kctx->seq_send++; | ||
224 | |||
225 | return ((kctx->endtime < now) ? GSS_S_CONTEXT_EXPIRED : GSS_S_COMPLETE); | ||
226 | out_err: | ||
227 | if (md5cksum.data) kfree(md5cksum.data); | ||
228 | return GSS_S_FAILURE; | ||
229 | } | ||
230 | |||
231 | u32 | ||
232 | gss_unwrap_kerberos(struct gss_ctx *ctx, u32 *qop, int offset, | ||
233 | struct xdr_buf *buf) | ||
234 | { | ||
235 | struct krb5_ctx *kctx = ctx->internal_ctx_id; | ||
236 | int signalg; | ||
237 | int sealalg; | ||
238 | s32 checksum_type; | ||
239 | struct xdr_netobj md5cksum = {.len = 0, .data = NULL}; | ||
240 | s32 now; | ||
241 | int direction; | ||
242 | s32 seqnum; | ||
243 | unsigned char *ptr; | ||
244 | int bodysize; | ||
245 | u32 ret = GSS_S_DEFECTIVE_TOKEN; | ||
246 | void *data_start, *orig_start; | ||
247 | int data_len; | ||
248 | int blocksize; | ||
249 | |||
250 | dprintk("RPC: gss_unwrap_kerberos\n"); | ||
251 | |||
252 | ptr = (u8 *)buf->head[0].iov_base + offset; | ||
253 | if (g_verify_token_header(&kctx->mech_used, &bodysize, &ptr, | ||
254 | buf->len - offset)) | ||
255 | goto out; | ||
256 | |||
257 | if ((*ptr++ != ((KG_TOK_WRAP_MSG>>8)&0xff)) || | ||
258 | (*ptr++ != (KG_TOK_WRAP_MSG &0xff)) ) | ||
259 | goto out; | ||
260 | |||
261 | /* XXX sanity-check bodysize?? */ | ||
262 | |||
263 | /* get the sign and seal algorithms */ | ||
264 | |||
265 | signalg = ptr[0] + (ptr[1] << 8); | ||
266 | sealalg = ptr[2] + (ptr[3] << 8); | ||
267 | |||
268 | /* Sanity checks */ | ||
269 | |||
270 | if ((ptr[4] != 0xff) || (ptr[5] != 0xff)) | ||
271 | goto out; | ||
272 | |||
273 | if (sealalg == 0xffff) | ||
274 | goto out; | ||
275 | |||
276 | /* in the current spec, there is only one valid seal algorithm per | ||
277 | key type, so a simple comparison is ok */ | ||
278 | |||
279 | if (sealalg != kctx->sealalg) | ||
280 | goto out; | ||
281 | |||
282 | /* there are several mappings of seal algorithms to sign algorithms, | ||
283 | but few enough that we can try them all. */ | ||
284 | |||
285 | if ((kctx->sealalg == SEAL_ALG_NONE && signalg > 1) || | ||
286 | (kctx->sealalg == SEAL_ALG_1 && signalg != SGN_ALG_3) || | ||
287 | (kctx->sealalg == SEAL_ALG_DES3KD && | ||
288 | signalg != SGN_ALG_HMAC_SHA1_DES3_KD)) | ||
289 | goto out; | ||
290 | |||
291 | if (gss_decrypt_xdr_buf(kctx->enc, buf, | ||
292 | ptr + 22 - (unsigned char *)buf->head[0].iov_base)) | ||
293 | goto out; | ||
294 | |||
295 | /* compute the checksum of the message */ | ||
296 | |||
297 | /* initialize the the cksum */ | ||
298 | switch (signalg) { | ||
299 | case SGN_ALG_DES_MAC_MD5: | ||
300 | checksum_type = CKSUMTYPE_RSA_MD5; | ||
301 | break; | ||
302 | default: | ||
303 | ret = GSS_S_DEFECTIVE_TOKEN; | ||
304 | goto out; | ||
305 | } | ||
306 | |||
307 | switch (signalg) { | ||
308 | case SGN_ALG_DES_MAC_MD5: | ||
309 | ret = make_checksum(checksum_type, ptr - 2, 8, buf, | ||
310 | ptr + 22 - (unsigned char *)buf->head[0].iov_base, &md5cksum); | ||
311 | if (ret) | ||
312 | goto out; | ||
313 | |||
314 | ret = krb5_encrypt(kctx->seq, NULL, md5cksum.data, | ||
315 | md5cksum.data, md5cksum.len); | ||
316 | if (ret) | ||
317 | goto out; | ||
318 | |||
319 | if (memcmp(md5cksum.data + 8, ptr + 14, 8)) { | ||
320 | ret = GSS_S_BAD_SIG; | ||
321 | goto out; | ||
322 | } | ||
323 | break; | ||
324 | default: | ||
325 | ret = GSS_S_DEFECTIVE_TOKEN; | ||
326 | goto out; | ||
327 | } | ||
328 | |||
329 | /* it got through unscathed. Make sure the context is unexpired */ | ||
330 | |||
331 | if (qop) | ||
332 | *qop = GSS_C_QOP_DEFAULT; | ||
333 | |||
334 | now = get_seconds(); | ||
335 | |||
336 | ret = GSS_S_CONTEXT_EXPIRED; | ||
337 | if (now > kctx->endtime) | ||
338 | goto out; | ||
339 | |||
340 | /* do sequencing checks */ | ||
341 | |||
342 | ret = GSS_S_BAD_SIG; | ||
343 | if ((ret = krb5_get_seq_num(kctx->seq, ptr + 14, ptr + 6, &direction, | ||
344 | &seqnum))) | ||
345 | goto out; | ||
346 | |||
347 | if ((kctx->initiate && direction != 0xff) || | ||
348 | (!kctx->initiate && direction != 0)) | ||
349 | goto out; | ||
350 | |||
351 | /* Copy the data back to the right position. XXX: Would probably be | ||
352 | * better to copy and encrypt at the same time. */ | ||
353 | |||
354 | blocksize = crypto_tfm_alg_blocksize(kctx->enc); | ||
355 | data_start = ptr + 22 + blocksize; | ||
356 | orig_start = buf->head[0].iov_base + offset; | ||
357 | data_len = (buf->head[0].iov_base + buf->head[0].iov_len) - data_start; | ||
358 | memmove(orig_start, data_start, data_len); | ||
359 | buf->head[0].iov_len -= (data_start - orig_start); | ||
360 | buf->len -= (data_start - orig_start); | ||
361 | |||
362 | ret = GSS_S_DEFECTIVE_TOKEN; | ||
363 | if (gss_krb5_remove_padding(buf, blocksize)) | ||
364 | goto out; | ||
365 | |||
366 | ret = GSS_S_COMPLETE; | ||
367 | out: | ||
368 | if (md5cksum.data) kfree(md5cksum.data); | ||
369 | return ret; | ||
370 | } | ||