server_key.c source code [linux/net/rxrpc/server_key.c]

1	// SPDX-License-Identifier: GPL-2.0-or-later
2	/ RxRPC key management*
3	*
4	* Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
5	* Written by David Howells (dhowells@redhat.com)
6	*
7	* RxRPC keys should have a description of describing their purpose:
8	* "afs@CAMBRIDGE.REDHAT.COM>
9	*/
10
11	#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
12
13	#include <crypto/skcipher.h>
14	#include <linux/module.h>
15	#include <linux/net.h>
16	#include <linux/skbuff.h>
17	#include <linux/key-type.h>
18	#include <linux/ctype.h>
19	#include <linux/slab.h>
20	#include <net/sock.h>
21	#include <net/af_rxrpc.h>
22	#include <keys/rxrpc-type.h>
23	#include <keys/user-type.h>
24	#include "ar-internal.h"
25
26	static int rxrpc_vet_description_s(const char *);
27	static int rxrpc_preparse_s(struct key_preparsed_payload *);
28	static void rxrpc_free_preparse_s(struct key_preparsed_payload *);
29	static void rxrpc_destroy_s(struct key *);
30	static void rxrpc_describe_s(const struct key , struct* seq_file *);
31
32	/*
33	* rxrpc server keys take "<serviceId>:<securityIndex>[:<sec-specific>]" as the
34	* description and the key material as the payload.
35	*/
36	struct key_type key_type_rxrpc_s = {
37	.name = "rxrpc_s",
38	.flags = KEY_TYPE_NET_DOMAIN,
39	.vet_description = rxrpc_vet_description_s,
40	.preparse = rxrpc_preparse_s,
41	.free_preparse = rxrpc_free_preparse_s,
42	.instantiate = generic_key_instantiate,
43	.destroy = rxrpc_destroy_s,
44	.describe = rxrpc_describe_s,
45	};
46
47	/*
48	* Vet the description for an RxRPC server key.
49	*/
50	static int rxrpc_vet_description_s(const char *desc)
51	{
52	unsigned long service, sec_class;
53	char *p;
54
55	service = simple_strtoul(desc, &p, `10`);
56	if (*p != `':'` \|\| service > `65535`)
57	return -EINVAL;
58	sec_class = simple_strtoul(p + `1`, &p, `10`);
59	if ((p && p != `':'`) \|\| sec_class < `1` \|\| sec_class > `255`)
60	return -EINVAL;
61	return `0`;
62	}
63
64	/*
65	* Preparse a server secret key.
66	*/
67	static int rxrpc_preparse_s(struct key_preparsed_payload *prep)
68	{
69	const struct rxrpc_security *sec;
70	unsigned int service, sec_class;
71	int n;
72
73	_enter("%zu", prep->datalen);
74
75	if (!prep->orig_description)
76	return -EINVAL;
77
78	if (sscanf(prep->orig_description, "%u:%u%n", &service, &sec_class, &n) != `2`)
79	return -EINVAL;
80
81	sec = rxrpc_security_lookup(sec_class);
82	if (!sec)
83	return -ENOPKG;
84
85	prep->payload.data[`1`] = (struct rxrpc_security *)sec;
86
87	if (!sec->preparse_server_key)
88	return -EINVAL;
89
90	return sec->preparse_server_key(prep);
91	}
92
93	static void rxrpc_free_preparse_s(struct key_preparsed_payload *prep)
94	{
95	const struct rxrpc_security *sec = prep->payload.data[`1`];
96
97	if (sec && sec->free_preparse_server_key)
98	sec->free_preparse_server_key(prep);
99	}
100
101	static void rxrpc_destroy_s(struct key *key)
102	{
103	const struct rxrpc_security *sec = key->payload.data[`1`];
104
105	if (sec && sec->destroy_server_key)
106	sec->destroy_server_key(key);
107	}
108
109	static void rxrpc_describe_s(const struct key key, struct* seq_file *m)
110	{
111	const struct rxrpc_security *sec = key->payload.data[`1`];
112
113	seq_puts(m, s: key->description);
114	if (sec && sec->describe_server_key)
115	sec->describe_server_key(key, m);
116	}
117
118	/*
119	* grab the security keyring for a server socket
120	*/
121	int rxrpc_server_keyring(struct rxrpc_sock rx, sockptr_t optval, int* optlen)
122	{
123	struct key *key;
124	char *description;
125
126	_enter("");
127
128	if (optlen <= `0` \|\| optlen > PAGE_SIZE - `1`)
129	return -EINVAL;
130
131	description = memdup_sockptr_nul(optval, optlen);
132	if (IS_ERR(ptr: description))
133	return PTR_ERR(ptr: description);
134
135	key = request_key(type: &key_type_keyring, description, NULL);
136	if (IS_ERR(ptr: key)) {
137	kfree(objp: description);
138	_leave(" = %ld", PTR_ERR(key));
139	return PTR_ERR(ptr: key);
140	}
141
142	rx->securities = key;
143	kfree(objp: description);
144	_leave(" = 0 [key %x]", key->serial);
145	return `0`;
146	}
147
148	/**
149	* rxrpc_sock_set_security_keyring - Set the security keyring for a kernel service
150	* @sk: The socket to set the keyring on
151	* @keyring: The keyring to set
152	*
153	* Set the server security keyring on an rxrpc socket. This is used to provide
154	* the encryption keys for a kernel service.
155	*
156	* Return: %0 if successful and a negative error code otherwise.
157	*/
158	int rxrpc_sock_set_security_keyring(struct sock sk, struct* key *keyring)
159	{
160	struct rxrpc_sock *rx = rxrpc_sk(sk);
161	int ret = `0`;
162
163	lock_sock(sk);
164	if (rx->securities)
165	ret = -EINVAL;
166	else if (rx->sk.sk_state != RXRPC_UNBOUND)
167	ret = -EISCONN;
168	else
169	rx->securities = key_get(key: keyring);
170	release_sock(sk);
171	return ret;
172	}
173	EXPORT_SYMBOL(rxrpc_sock_set_security_keyring);
174
175	/**
176	* rxrpc_sock_set_manage_response - Set the manage-response flag for a kernel service
177	* @sk: The socket to set the keyring on
178	* @set: True to set, false to clear the flag
179	*
180	* Set the flag on an rxrpc socket to say that the caller wants to manage the
181	* RESPONSE packet and the user-defined data it may contain. Setting this
182	* means that recvmsg() will return messages with RXRPC_CHALLENGED in the
183	* control message buffer containing information about the challenge.
184	*
185	* The user should respond to the challenge by passing RXRPC_RESPOND or
186	* RXRPC_RESPOND_ABORT control messages with sendmsg() to the same call.
187	* Supplementary control messages, such as RXRPC_RESP_RXGK_APPDATA, may be
188	* included to indicate the parts the user wants to supply.
189	*
190	* The server will be passed the response data with a RXRPC_RESPONDED control
191	* message when it gets the first data from each call.
192	*
193	* Note that this is only honoured by security classes that need auxiliary data
194	* (e.g. RxGK). Those that don't offer the facility (e.g. RxKAD) respond
195	* without consulting userspace.
196	*
197	* Return: The previous setting.
198	*/
199	int rxrpc_sock_set_manage_response(struct sock *sk, bool set)
200	{
201	struct rxrpc_sock *rx = rxrpc_sk(sk);
202	int ret;
203
204	lock_sock(sk);
205	ret = !!test_bit(RXRPC_SOCK_MANAGE_RESPONSE, &rx->flags);
206	if (set)
207	set_bit(RXRPC_SOCK_MANAGE_RESPONSE, addr: &rx->flags);
208	else
209	clear_bit(RXRPC_SOCK_MANAGE_RESPONSE, addr: &rx->flags);
210	release_sock(sk);
211	return ret;
212	}
213	EXPORT_SYMBOL(rxrpc_sock_set_manage_response);
214

source code of linux/net/rxrpc/server_key.c