62 static int rxkad_init_connection_security(struct rxrpc_connection *conn)
68 	_enter("{%d},{%x}", conn->debug_id, key_serial(conn->key));
70 	token = conn->key->payload.data;
71 	conn->security_ix = token->security_index;
84 	switch (conn->security_level) {
88 		conn->size_align = 8;
89 		conn->security_size = sizeof(struct rxkad_level1_hdr);
90 		conn->header_size += sizeof(struct rxkad_level1_hdr);
93 		conn->size_align = 8;
94 		conn->security_size = sizeof(struct rxkad_level2_hdr);
95 		conn->header_size += sizeof(struct rxkad_level2_hdr);
102 	conn->cipher = ci;
113 static void rxkad_prime_packet_security(struct rxrpc_connection *conn)
125 	if (!conn->key)
128 	token = conn->key->payload.data;
131 	desc.tfm = conn->cipher;
135 	tmpbuf.x[0] = conn->epoch;
136 	tmpbuf.x[1] = conn->cid;
138 	tmpbuf.x[3] = htonl(conn->security_ix);
144 	memcpy(&conn->csum_iv, &tmpbuf.x[2], sizeof(conn->csum_iv));
145 	ASSERTCMP(conn->csum_iv.n[0], ==, tmpbuf.x[2]);
180 	desc.tfm = call->conn->cipher;
224 	token = call->conn->key->payload.data;
226 	desc.tfm = call->conn->cipher;
239 	len = data_size + call->conn->size_align - 1;
240 	len &= ~(call->conn->size_align - 1);
272 	       call->debug_id, key_serial(call->conn->key), ntohl(sp->hdr.seq),
275 	if (!call->conn->cipher)
278 	ret = key_validate(call->conn->key);
283 	memcpy(&iv, call->conn->csum_iv.x, sizeof(iv));
284 	desc.tfm = call->conn->cipher;
304 	switch (call->conn->security_level) {
355 	desc.tfm = call->conn->cipher;
436 	token = call->conn->key->payload.data;
438 	desc.tfm = call->conn->cipher;
505 	       call->debug_id, key_serial(call->conn->key),
508 	if (!call->conn->cipher)
518 	memcpy(&iv, call->conn->csum_iv.x, sizeof(iv));
519 	desc.tfm = call->conn->cipher;
545 	switch (call->conn->security_level) {
567 static int rxkad_issue_challenge(struct rxrpc_connection *conn)
576 	_enter("{%d,%x}", conn->debug_id, key_serial(conn->key));
578 	ret = key_validate(conn->key);
582 	get_random_bytes(&conn->security_nonce, sizeof(conn->security_nonce));
585 	challenge.nonce		= htonl(conn->security_nonce);
589 	msg.msg_name	= &conn->trans->peer->srx.transport.sin;
590 	msg.msg_namelen	= sizeof(conn->trans->peer->srx.transport.sin);
595 	hdr.epoch	= conn->epoch;
596 	hdr.cid		= conn->cid;
600 	hdr.flags	= conn->out_clientflag;
602 	hdr.securityIndex = conn->security_ix;
604 	hdr.serviceId	= conn->service_id;
613 	hdr.serial = htonl(atomic_inc_return(&conn->serial));
616 	ret = kernel_sendmsg(conn->trans->local->socket, &msg, iov, 2, len);
629 static int rxkad_send_response(struct rxrpc_connection *conn,
641 	msg.msg_name	= &conn->trans->peer->srx.transport.sin;
642 	msg.msg_namelen	= sizeof(conn->trans->peer->srx.transport.sin);
647 	hdr->epoch	= conn->epoch;
650 	hdr->flags	= conn->out_clientflag;
663 	hdr->serial = htonl(atomic_inc_return(&conn->serial));
666 	ret = kernel_sendmsg(conn->trans->local->socket, &msg, iov, 3, len);
717 static void rxkad_encrypt_response(struct rxrpc_connection *conn,
727 	desc.tfm = conn->cipher;
738 static int rxkad_respond_to_challenge(struct rxrpc_connection *conn,
750 	_enter("{%d,%x}", conn->debug_id, key_serial(conn->key));
752 	if (!conn->key) {
757 	ret = key_validate(conn->key);
780 	if (conn->security_level < min_level)
783 	token = conn->key->payload.data;
789 	resp.encrypted.epoch = conn->epoch;
790 	resp.encrypted.cid = conn->cid;
791 	resp.encrypted.securityIndex = htonl(conn->security_ix);
793 		(conn->channels[0] ? conn->channels[0]->call_id : 0);
795 		(conn->channels[1] ? conn->channels[1]->call_id : 0);
797 		(conn->channels[2] ? conn->channels[2]->call_id : 0);
799 		(conn->channels[3] ? conn->channels[3]->call_id : 0);
801 	resp.encrypted.level = htonl(conn->security_level);
807 	rxkad_encrypt_response(conn, &resp, token->kad);
808 	return rxkad_send_response(conn, &sp->hdr, &resp, token->kad);
819 static int rxkad_decrypt_ticket(struct rxrpc_connection *conn,
835 	_enter("{%d},{%x}", conn->debug_id, key_serial(conn->server_key));
839 	ret = key_validate(conn->server_key);
851 	ASSERT(conn->server_key->payload.data != NULL);
854 	memcpy(&iv, &conn->server_key->type_data, sizeof(iv));
856 	desc.tfm = conn->server_key->payload.data;
965 static void rxkad_decrypt_response(struct rxrpc_connection *conn,
998 static int rxkad_verify_response(struct rxrpc_connection *conn,
1012 	_enter("{%d,%x}", conn->debug_id, key_serial(conn->server_key));
1048 	ret = rxkad_decrypt_ticket(conn, ticket, ticket_len, &session_key,
1058 	rxkad_decrypt_response(conn, &response, &session_key);
1061 	if (response.encrypted.epoch != conn->epoch)
1063 	if (response.encrypted.cid != conn->cid)
1065 	if (ntohl(response.encrypted.securityIndex) != conn->security_ix)
1080 	if (response.encrypted.inc_nonce != htonl(conn->security_nonce + 1))
1087 	conn->security_level = level;
1092 	ret = rxrpc_get_server_data_key(conn, &session_key, expiry, kvno);
1113 static void rxkad_clear(struct rxrpc_connection *conn)
1117 	if (conn->cipher)
1118 		crypto_free_blkcipher(conn->cipher);

Indexes created Mon Jul 15 19:46:26 MDT 2024