| blob | 2763e3e48db44d19bd1b76824238d5ca620b6688 |
1 /*
2 * COPYRIGHT (c) 2008
3 * The Regents of the University of Michigan
4 * ALL RIGHTS RESERVED
5 *
6 * Permission is granted to use, copy, create derivative works
7 * and redistribute this software and such derivative works
8 * for any purpose, so long as the name of The University of
9 * Michigan is not used in any advertising or publicity
10 * pertaining to the use of distribution of this software
11 * without specific, written prior authorization. If the
12 * above copyright notice or any other identification of the
13 * University of Michigan is included in any copy of any
14 * portion of this software, then the disclaimer below must
15 * also be included.
16 *
17 * THIS SOFTWARE IS PROVIDED AS IS, WITHOUT REPRESENTATION
18 * FROM THE UNIVERSITY OF MICHIGAN AS TO ITS FITNESS FOR ANY
19 * PURPOSE, AND WITHOUT WARRANTY BY THE UNIVERSITY OF
20 * MICHIGAN OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING
21 * WITHOUT LIMITATION THE IMPLIED WARRANTIES OF
22 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE
23 * REGENTS OF THE UNIVERSITY OF MICHIGAN SHALL NOT BE LIABLE
24 * FOR ANY DAMAGES, INCLUDING SPECIAL, INDIRECT, INCIDENTAL, OR
25 * CONSEQUENTIAL DAMAGES, WITH RESPECT TO ANY CLAIM ARISING
26 * OUT OF OR IN CONNECTION WITH THE USE OF THE SOFTWARE, EVEN
27 * IF IT HAS BEEN OR IS HEREAFTER ADVISED OF THE POSSIBILITY OF
28 * SUCH DAMAGES.
29 */
31 #include <linux/types.h>
32 #include <linux/jiffies.h>
33 #include <linux/sunrpc/gss_krb5.h>
34 #include <linux/random.h>
35 #include <linux/pagemap.h>
36 #include <linux/crypto.h>
38 #ifdef RPC_DEBUG
39 # define RPCDBG_FACILITY RPCDBG_AUTH
40 #endif
44 {
46 }
50 {
57 else
63 }
67 {
69 u8 pad;
93 out:
94 /* XXX: NOTE: we do not adjust the page lengths--they represent
95 * a range of data in the real filesystem page cache, and we need
96 * to know that range so the xdr code can properly place read data.
97 * However adjusting the head length, as we do above, is harmless.
98 * In the case of a request that fits into a single page, the server
99 * also uses length and head length together to determine the original
100 * start of the request to copy the request for deferal; so it's
101 * easier on the server if we adjust head and tail length in tandem.
102 * It's not really a problem that we don't fool with the page and
103 * tail lengths, though--at worst badly formed xdr might lead the
104 * server to attempt to parse the padding.
105 * XXX: Document all these weird requirements for gss mechanism
106 * wrap/unwrap functions. */
111 else
114 }
116 void
118 {
122 /* rfc1964 claims this should be "random". But all that's really
123 * necessary is that it be unique. And not even that is necessary in
124 * our case since our "gssapi" implementation exists only to support
125 * rpcsec_gss, so we know that the only buffers we will ever encrypt
126 * already begin with a unique sequence number. Just to hedge my bets
127 * I'll make a half-hearted attempt at something unique, but ensuring
128 * uniqueness would mean worrying about atomicity and rollover, and I
129 * don't care enough. */
131 /* initialize to random value */
135 }
140 /* fall through */
146 }
147 }
149 /* Assumptions: the head and tail of inbuf are ours to play with.
150 * The pages, however, may be real pages in the page cache and we replace
151 * them with scratch pages from **pages before writing to them. */
152 /* XXX: obviously the above should be documentation of wrap interface,
153 * and shouldn't be in this kerberos-specific file. */
155 /* XXX factor out common code with seal/unseal. */
157 static u32
160 {
166 s32 now;
169 u32 seq_send;
187 /* shift data to make room for header. */
190 /* XXX Would be cleverer to encrypt while copying. */
194 GSS_KRB5_TOK_HDR_LEN +
198 /* ptr now at header described in rfc 1964, section 1.2.1: */
212 else
215 /* XXXJBF: UGH!: */
229 /* XXX would probably be more efficient to compute checksum
230 * and encrypt at the same time: */
239 CRYPTO_ALG_ASYNC);
254 }
257 }
259 static u32
261 {
267 s32 now;
269 s32 seqnum;
290 /* XXX sanity-check bodysize?? */
292 /* get the sign and seal algorithms */
305 /*
306 * Data starts after token header and checksum. ptr points
307 * to the beginning of the token header
308 */
312 /*
313 * Need plaintext seqnum to derive encryption key for arcfour-hmac
314 */
328 CRYPTO_ALG_ASYNC);
341 }
345 else
356 /* it got through unscathed. Make sure the context is unexpired */
363 /* do sequencing checks */
365 /* Copy the data back to the right position. XXX: Would probably be
366 * better to copy and encrypt at the same time. */
370 conflen;
381 }
383 /*
384 * We cannot currently handle tokens with rotated data. We need a
385 * generalized routine to rotate the data in place. It is anticipated
386 * that we won't encounter rotated data in the general case.
387 */
388 static u32
390 {
399 }
401 static u32
404 {
407 s32 now;
411 u32 err;
418 /* make room for gss token header */
422 /* construct gss token header */
431 /* We always do confidentiality in wrap tokens */
440 /* "inner" token header always uses 0 for RRC */
454 }
456 static u32
458 {
459 s32 now;
460 u64 seqnum;
488 }
502 }
509 /*
510 * Retrieve the decrypted gss token header and verify
511 * it against the original
512 */
519 }
524 }
526 /* do sequencing checks */
528 /* it got through unscathed. Make sure the context is unexpired */
533 /*
534 * Move the head data back to the right position in xdr_buf.
535 * We ignore any "ec" data since it might be in the head or
536 * the tail, and we really don't need to deal with it.
537 * Note that buf->head[0].iov_len may indicate the available
538 * head buffer space rather than that actually occupied.
539 */
549 }
551 u32
554 {
567 }
568 }
570 u32
572 {
585 }
586 }