projects / linux-2.6-block.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
Merge tag 'pm-6.16-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
[linux-2.6-block.git] / net / rxrpc / rxkad.c
... / ...
CommitLineData
1// SPDX-License-Identifier: GPL-2.0-or-later
2/* Kerberos-based RxRPC security
3 *
4 * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
5 * Written by David Howells (dhowells@redhat.com)
6 */
7
8#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
9
10#include <crypto/skcipher.h>
11#include <linux/module.h>
12#include <linux/net.h>
13#include <linux/skbuff.h>
14#include <linux/udp.h>
15#include <linux/scatterlist.h>
16#include <linux/ctype.h>
17#include <linux/slab.h>
18#include <linux/key-type.h>
19#include <net/sock.h>
20#include <net/af_rxrpc.h>
21#include <keys/rxrpc-type.h>
22#include "ar-internal.h"
23
24#define RXKAD_VERSION 2
25#define MAXKRB5TICKETLEN 1024
26#define RXKAD_TKT_TYPE_KERBEROS_V5 256
27#define ANAME_SZ 40 /* size of authentication name */
28#define INST_SZ 40 /* size of principal's instance */
29#define REALM_SZ 40 /* size of principal's auth domain */
30#define SNAME_SZ 40 /* size of service name */
31#define RXKAD_ALIGN 8
32
33struct rxkad_level1_hdr {
34 __be32 data_size; /* true data size (excluding padding) */
35};
36
37struct rxkad_level2_hdr {
38 __be32 data_size; /* true data size (excluding padding) */
39 __be32 checksum; /* decrypted data checksum */
40};
41
42static int rxkad_prime_packet_security(struct rxrpc_connection *conn,
43 struct crypto_sync_skcipher *ci);
44
45/*
46 * this holds a pinned cipher so that keventd doesn't get called by the cipher
47 * alloc routine, but since we have it to hand, we use it to decrypt RESPONSE
48 * packets
49 */
50static struct crypto_sync_skcipher *rxkad_ci;
51static struct skcipher_request *rxkad_ci_req;
52static DEFINE_MUTEX(rxkad_ci_mutex);
53
54/*
55 * Parse the information from a server key
56 *
57 * The data should be the 8-byte secret key.
58 */
59static int rxkad_preparse_server_key(struct key_preparsed_payload *prep)
60{
61 struct crypto_skcipher *ci;
62
63 if (prep->datalen != 8)
64 return -EINVAL;
65
66 memcpy(&prep->payload.data[2], prep->data, 8);
67
68 ci = crypto_alloc_skcipher("pcbc(des)", 0, CRYPTO_ALG_ASYNC);
69 if (IS_ERR(ci)) {
70 _leave(" = %ld", PTR_ERR(ci));
71 return PTR_ERR(ci);
72 }
73
74 if (crypto_skcipher_setkey(ci, prep->data, 8) < 0)
75 BUG();
76
77 prep->payload.data[0] = ci;
78 _leave(" = 0");
79 return 0;
80}
81
82static void rxkad_free_preparse_server_key(struct key_preparsed_payload *prep)
83{
84
85 if (prep->payload.data[0])
86 crypto_free_skcipher(prep->payload.data[0]);
87}
88
89static void rxkad_destroy_server_key(struct key *key)
90{
91 if (key->payload.data[0]) {
92 crypto_free_skcipher(key->payload.data[0]);
93 key->payload.data[0] = NULL;
94 }
95}
96
97/*
98 * initialise connection security
99 */
100static int rxkad_init_connection_security(struct rxrpc_connection *conn,
101 struct rxrpc_key_token *token)
102{
103 struct crypto_sync_skcipher *ci;
104 int ret;
105
106 _enter("{%d},{%x}", conn->debug_id, key_serial(conn->key));
107
108 conn->security_ix = token->security_index;
109
110 ci = crypto_alloc_sync_skcipher("pcbc(fcrypt)", 0, 0);
111 if (IS_ERR(ci)) {
112 _debug("no cipher");
113 ret = PTR_ERR(ci);
114 goto error;
115 }
116
117 if (crypto_sync_skcipher_setkey(ci, token->kad->session_key,
118 sizeof(token->kad->session_key)) < 0)
119 BUG();
120
121 switch (conn->security_level) {
122 case RXRPC_SECURITY_PLAIN:
123 case RXRPC_SECURITY_AUTH:
124 case RXRPC_SECURITY_ENCRYPT:
125 break;
126 default:
127 ret = -EKEYREJECTED;
128 goto error;
129 }
130
131 ret = rxkad_prime_packet_security(conn, ci);
132 if (ret < 0)
133 goto error_ci;
134
135 conn->rxkad.cipher = ci;
136 return 0;
137
138error_ci:
139 crypto_free_sync_skcipher(ci);
140error:
141 _leave(" = %d", ret);
142 return ret;
143}
144
145/*
146 * Work out how much data we can put in a packet.
147 */
148static struct rxrpc_txbuf *rxkad_alloc_txbuf(struct rxrpc_call *call, size_t remain, gfp_t gfp)
149{
150 struct rxrpc_txbuf *txb;
151 size_t shdr, alloc, limit, part;
152
153 remain = umin(remain, 65535 - sizeof(struct rxrpc_wire_header));
154
155 switch (call->conn->security_level) {
156 default:
157 alloc = umin(remain, RXRPC_JUMBO_DATALEN);
158 return rxrpc_alloc_data_txbuf(call, alloc, 1, gfp);
159 case RXRPC_SECURITY_AUTH:
160 shdr = sizeof(struct rxkad_level1_hdr);
161 break;
162 case RXRPC_SECURITY_ENCRYPT:
163 shdr = sizeof(struct rxkad_level2_hdr);
164 break;
165 }
166
167 limit = round_down(RXRPC_JUMBO_DATALEN, RXKAD_ALIGN) - shdr;
168 if (remain < limit) {
169 part = remain;
170 alloc = round_up(shdr + part, RXKAD_ALIGN);
171 } else {
172 part = limit;
173 alloc = RXRPC_JUMBO_DATALEN;
174 }
175
176 txb = rxrpc_alloc_data_txbuf(call, alloc, RXKAD_ALIGN, gfp);
177 if (!txb)
178 return NULL;
179
180 txb->crypto_header = 0;
181 txb->sec_header = shdr;
182 txb->offset += shdr;
183 txb->space = part;
184 return txb;
185}
186
187/*
188 * prime the encryption state with the invariant parts of a connection's
189 * description
190 */
191static int rxkad_prime_packet_security(struct rxrpc_connection *conn,
192 struct crypto_sync_skcipher *ci)
193{
194 struct skcipher_request *req;
195 struct rxrpc_key_token *token;
196 struct scatterlist sg;
197 struct rxrpc_crypt iv;
198 __be32 *tmpbuf;
199 size_t tmpsize = 4 * sizeof(__be32);
200
201 _enter("");
202
203 if (!conn->key)
204 return 0;
205
206 tmpbuf = kmalloc(tmpsize, GFP_KERNEL);
207 if (!tmpbuf)
208 return -ENOMEM;
209
210 req = skcipher_request_alloc(&ci->base, GFP_NOFS);
211 if (!req) {
212 kfree(tmpbuf);
213 return -ENOMEM;
214 }
215
216 token = conn->key->payload.data[0];
217 memcpy(&iv, token->kad->session_key, sizeof(iv));
218
219 tmpbuf[0] = htonl(conn->proto.epoch);
220 tmpbuf[1] = htonl(conn->proto.cid);
221 tmpbuf[2] = 0;
222 tmpbuf[3] = htonl(conn->security_ix);
223
224 sg_init_one(&sg, tmpbuf, tmpsize);
225 skcipher_request_set_sync_tfm(req, ci);
226 skcipher_request_set_callback(req, 0, NULL, NULL);
227 skcipher_request_set_crypt(req, &sg, &sg, tmpsize, iv.x);
228 crypto_skcipher_encrypt(req);
229 skcipher_request_free(req);
230
231 memcpy(&conn->rxkad.csum_iv, tmpbuf + 2, sizeof(conn->rxkad.csum_iv));
232 kfree(tmpbuf);
233 _leave(" = 0");
234 return 0;
235}
236
237/*
238 * Allocate and prepare the crypto request on a call. For any particular call,
239 * this is called serially for the packets, so no lock should be necessary.
240 */
241static struct skcipher_request *rxkad_get_call_crypto(struct rxrpc_call *call)
242{
243 struct crypto_skcipher *tfm = &call->conn->rxkad.cipher->base;
244
245 return skcipher_request_alloc(tfm, GFP_NOFS);
246}
247
248/*
249 * Clean up the crypto on a call.
250 */
251static void rxkad_free_call_crypto(struct rxrpc_call *call)
252{
253}
254
255/*
256 * partially encrypt a packet (level 1 security)
257 */
258static int rxkad_secure_packet_auth(const struct rxrpc_call *call,
259 struct rxrpc_txbuf *txb,
260 struct skcipher_request *req)
261{
262 struct rxkad_level1_hdr *hdr = txb->data;
263 struct rxrpc_crypt iv;
264 struct scatterlist sg;
265 size_t pad;
266 u16 check;
267
268 _enter("");
269
270 check = txb->seq ^ call->call_id;
271 hdr->data_size = htonl((u32)check << 16 | txb->len);
272
273 txb->pkt_len = sizeof(struct rxkad_level1_hdr) + txb->len;
274 pad = txb->pkt_len;
275 pad = RXKAD_ALIGN - pad;
276 pad &= RXKAD_ALIGN - 1;
277 if (pad) {
278 memset(txb->data + txb->offset, 0, pad);
279 txb->pkt_len += pad;
280 }
281
282 /* start the encryption afresh */
283 memset(&iv, 0, sizeof(iv));
284
285 sg_init_one(&sg, hdr, 8);
286 skcipher_request_set_sync_tfm(req, call->conn->rxkad.cipher);
287 skcipher_request_set_callback(req, 0, NULL, NULL);
288 skcipher_request_set_crypt(req, &sg, &sg, 8, iv.x);
289 crypto_skcipher_encrypt(req);
290 skcipher_request_zero(req);
291
292 _leave(" = 0");
293 return 0;
294}
295
296/*
297 * wholly encrypt a packet (level 2 security)
298 */
299static int rxkad_secure_packet_encrypt(const struct rxrpc_call *call,
300 struct rxrpc_txbuf *txb,
301 struct skcipher_request *req)
302{
303 const struct rxrpc_key_token *token;
304 struct rxkad_level2_hdr *rxkhdr = txb->data;
305 struct rxrpc_crypt iv;
306 struct scatterlist sg;
307 size_t content, pad;
308 u16 check;
309 int ret;
310
311 _enter("");
312
313 check = txb->seq ^ call->call_id;
314
315 rxkhdr->data_size = htonl(txb->len | (u32)check << 16);
316 rxkhdr->checksum = 0;
317
318 content = sizeof(struct rxkad_level2_hdr) + txb->len;
319 txb->pkt_len = round_up(content, RXKAD_ALIGN);
320 pad = txb->pkt_len - content;
321 if (pad)
322 memset(txb->data + txb->offset, 0, pad);
323
324 /* encrypt from the session key */
325 token = call->conn->key->payload.data[0];
326 memcpy(&iv, token->kad->session_key, sizeof(iv));
327
328 sg_init_one(&sg, rxkhdr, txb->pkt_len);
329 skcipher_request_set_sync_tfm(req, call->conn->rxkad.cipher);
330 skcipher_request_set_callback(req, 0, NULL, NULL);
331 skcipher_request_set_crypt(req, &sg, &sg, txb->pkt_len, iv.x);
332 ret = crypto_skcipher_encrypt(req);
333 skcipher_request_zero(req);
334 return ret;
335}
336
337/*
338 * checksum an RxRPC packet header
339 */
340static int rxkad_secure_packet(struct rxrpc_call *call, struct rxrpc_txbuf *txb)
341{
342 struct skcipher_request *req;
343 struct rxrpc_crypt iv;
344 struct scatterlist sg;
345 union {
346 __be32 buf[2];
347 } crypto __aligned(8);
348 u32 x, y;
349 int ret;
350
351 _enter("{%d{%x}},{#%u},%u,",
352 call->debug_id, key_serial(call->conn->key),
353 txb->seq, txb->len);
354
355 if (!call->conn->rxkad.cipher)
356 return 0;
357
358 ret = key_validate(call->conn->key);
359 if (ret < 0)
360 return ret;
361
362 req = rxkad_get_call_crypto(call);
363 if (!req)
364 return -ENOMEM;
365
366 /* continue encrypting from where we left off */
367 memcpy(&iv, call->conn->rxkad.csum_iv.x, sizeof(iv));
368
369 /* calculate the security checksum */
370 x = (call->cid & RXRPC_CHANNELMASK) << (32 - RXRPC_CIDSHIFT);
371 x |= txb->seq & 0x3fffffff;
372 crypto.buf[0] = htonl(call->call_id);
373 crypto.buf[1] = htonl(x);
374
375 sg_init_one(&sg, crypto.buf, 8);
376 skcipher_request_set_sync_tfm(req, call->conn->rxkad.cipher);
377 skcipher_request_set_callback(req, 0, NULL, NULL);
378 skcipher_request_set_crypt(req, &sg, &sg, 8, iv.x);
379 crypto_skcipher_encrypt(req);
380 skcipher_request_zero(req);
381
382 y = ntohl(crypto.buf[1]);
383 y = (y >> 16) & 0xffff;
384 if (y == 0)
385 y = 1; /* zero checksums are not permitted */
386 txb->cksum = htons(y);
387
388 switch (call->conn->security_level) {
389 case RXRPC_SECURITY_PLAIN:
390 txb->pkt_len = txb->len;
391 ret = 0;
392 break;
393 case RXRPC_SECURITY_AUTH:
394 ret = rxkad_secure_packet_auth(call, txb, req);
395 if (txb->alloc_size == RXRPC_JUMBO_DATALEN)
396 txb->jumboable = true;
397 break;
398 case RXRPC_SECURITY_ENCRYPT:
399 ret = rxkad_secure_packet_encrypt(call, txb, req);
400 if (txb->alloc_size == RXRPC_JUMBO_DATALEN)
401 txb->jumboable = true;
402 break;
403 default:
404 ret = -EPERM;
405 break;
406 }
407
408 /* Clear excess space in the packet */
409 if (txb->pkt_len < txb->alloc_size) {
410 size_t gap = txb->alloc_size - txb->pkt_len;
411 void *p = txb->data;
412
413 memset(p + txb->pkt_len, 0, gap);
414 }
415
416 skcipher_request_free(req);
417 _leave(" = %d [set %x]", ret, y);
418 return ret;
419}
420
421/*
422 * decrypt partial encryption on a packet (level 1 security)
423 */
424static int rxkad_verify_packet_1(struct rxrpc_call *call, struct sk_buff *skb,
425 rxrpc_seq_t seq,
426 struct skcipher_request *req)
427{
428 struct rxkad_level1_hdr sechdr;
429 struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
430 struct rxrpc_crypt iv;
431 struct scatterlist sg[16];
432 u32 data_size, buf;
433 u16 check;
434 int ret;
435
436 _enter("");
437
438 if (sp->len < 8)
439 return rxrpc_abort_eproto(call, skb, RXKADSEALEDINCON,
440 rxkad_abort_1_short_header);
441
442 /* Decrypt the skbuff in-place. TODO: We really want to decrypt
443 * directly into the target buffer.
444 */
445 sg_init_table(sg, ARRAY_SIZE(sg));
446 ret = skb_to_sgvec(skb, sg, sp->offset, 8);
447 if (unlikely(ret < 0))
448 return ret;
449
450 /* start the decryption afresh */
451 memset(&iv, 0, sizeof(iv));
452
453 skcipher_request_set_sync_tfm(req, call->conn->rxkad.cipher);
454 skcipher_request_set_callback(req, 0, NULL, NULL);
455 skcipher_request_set_crypt(req, sg, sg, 8, iv.x);
456 crypto_skcipher_decrypt(req);
457 skcipher_request_zero(req);
458
459 /* Extract the decrypted packet length */
460 if (skb_copy_bits(skb, sp->offset, &sechdr, sizeof(sechdr)) < 0)
461 return rxrpc_abort_eproto(call, skb, RXKADDATALEN,
462 rxkad_abort_1_short_encdata);
463 sp->offset += sizeof(sechdr);
464 sp->len -= sizeof(sechdr);
465
466 buf = ntohl(sechdr.data_size);
467 data_size = buf & 0xffff;
468
469 check = buf >> 16;
470 check ^= seq ^ call->call_id;
471 check &= 0xffff;
472 if (check != 0)
473 return rxrpc_abort_eproto(call, skb, RXKADSEALEDINCON,
474 rxkad_abort_1_short_check);
475 if (data_size > sp->len)
476 return rxrpc_abort_eproto(call, skb, RXKADDATALEN,
477 rxkad_abort_1_short_data);
478 sp->len = data_size;
479
480 _leave(" = 0 [dlen=%x]", data_size);
481 return 0;
482}
483
484/*
485 * wholly decrypt a packet (level 2 security)
486 */
487static int rxkad_verify_packet_2(struct rxrpc_call *call, struct sk_buff *skb,
488 rxrpc_seq_t seq,
489 struct skcipher_request *req)
490{
491 const struct rxrpc_key_token *token;
492 struct rxkad_level2_hdr sechdr;
493 struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
494 struct rxrpc_crypt iv;
495 struct scatterlist _sg[4], *sg;
496 u32 data_size, buf;
497 u16 check;
498 int nsg, ret;
499
500 _enter(",{%d}", sp->len);
501
502 if (sp->len < 8)
503 return rxrpc_abort_eproto(call, skb, RXKADSEALEDINCON,
504 rxkad_abort_2_short_header);
505
506 /* Decrypt the skbuff in-place. TODO: We really want to decrypt
507 * directly into the target buffer.
508 */
509 sg = _sg;
510 nsg = skb_shinfo(skb)->nr_frags + 1;
511 if (nsg <= 4) {
512 nsg = 4;
513 } else {
514 sg = kmalloc_array(nsg, sizeof(*sg), GFP_NOIO);
515 if (!sg)
516 return -ENOMEM;
517 }
518
519 sg_init_table(sg, nsg);
520 ret = skb_to_sgvec(skb, sg, sp->offset, sp->len);
521 if (unlikely(ret < 0)) {
522 if (sg != _sg)
523 kfree(sg);
524 return ret;
525 }
526
527 /* decrypt from the session key */
528 token = call->conn->key->payload.data[0];
529 memcpy(&iv, token->kad->session_key, sizeof(iv));
530
531 skcipher_request_set_sync_tfm(req, call->conn->rxkad.cipher);
532 skcipher_request_set_callback(req, 0, NULL, NULL);
533 skcipher_request_set_crypt(req, sg, sg, sp->len, iv.x);
534 crypto_skcipher_decrypt(req);
535 skcipher_request_zero(req);
536 if (sg != _sg)
537 kfree(sg);
538
539 /* Extract the decrypted packet length */
540 if (skb_copy_bits(skb, sp->offset, &sechdr, sizeof(sechdr)) < 0)
541 return rxrpc_abort_eproto(call, skb, RXKADDATALEN,
542 rxkad_abort_2_short_len);
543 sp->offset += sizeof(sechdr);
544 sp->len -= sizeof(sechdr);
545
546 buf = ntohl(sechdr.data_size);
547 data_size = buf & 0xffff;
548
549 check = buf >> 16;
550 check ^= seq ^ call->call_id;
551 check &= 0xffff;
552 if (check != 0)
553 return rxrpc_abort_eproto(call, skb, RXKADSEALEDINCON,
554 rxkad_abort_2_short_check);
555
556 if (data_size > sp->len)
557 return rxrpc_abort_eproto(call, skb, RXKADDATALEN,
558 rxkad_abort_2_short_data);
559
560 sp->len = data_size;
561 _leave(" = 0 [dlen=%x]", data_size);
562 return 0;
563}
564
565/*
566 * Verify the security on a received packet and the subpackets therein.
567 */
568static int rxkad_verify_packet(struct rxrpc_call *call, struct sk_buff *skb)
569{
570 struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
571 struct skcipher_request *req;
572 struct rxrpc_crypt iv;
573 struct scatterlist sg;
574 union {
575 __be32 buf[2];
576 } crypto __aligned(8);
577 rxrpc_seq_t seq = sp->hdr.seq;
578 int ret;
579 u16 cksum;
580 u32 x, y;
581
582 _enter("{%d{%x}},{#%u}",
583 call->debug_id, key_serial(call->conn->key), seq);
584
585 if (!call->conn->rxkad.cipher)
586 return 0;
587
588 req = rxkad_get_call_crypto(call);
589 if (!req)
590 return -ENOMEM;
591
592 /* continue encrypting from where we left off */
593 memcpy(&iv, call->conn->rxkad.csum_iv.x, sizeof(iv));
594
595 /* validate the security checksum */
596 x = (call->cid & RXRPC_CHANNELMASK) << (32 - RXRPC_CIDSHIFT);
597 x |= seq & 0x3fffffff;
598 crypto.buf[0] = htonl(call->call_id);
599 crypto.buf[1] = htonl(x);
600
601 sg_init_one(&sg, crypto.buf, 8);
602 skcipher_request_set_sync_tfm(req, call->conn->rxkad.cipher);
603 skcipher_request_set_callback(req, 0, NULL, NULL);
604 skcipher_request_set_crypt(req, &sg, &sg, 8, iv.x);
605 crypto_skcipher_encrypt(req);
606 skcipher_request_zero(req);
607
608 y = ntohl(crypto.buf[1]);
609 cksum = (y >> 16) & 0xffff;
610 if (cksum == 0)
611 cksum = 1; /* zero checksums are not permitted */
612
613 if (cksum != sp->hdr.cksum) {
614 ret = rxrpc_abort_eproto(call, skb, RXKADSEALEDINCON,
615 rxkad_abort_bad_checksum);
616 goto out;
617 }
618
619 switch (call->conn->security_level) {
620 case RXRPC_SECURITY_PLAIN:
621 ret = 0;
622 break;
623 case RXRPC_SECURITY_AUTH:
624 ret = rxkad_verify_packet_1(call, skb, seq, req);
625 break;
626 case RXRPC_SECURITY_ENCRYPT:
627 ret = rxkad_verify_packet_2(call, skb, seq, req);
628 break;
629 default:
630 ret = -ENOANO;
631 break;
632 }
633
634out:
635 skcipher_request_free(req);
636 return ret;
637}
638
639/*
640 * issue a challenge
641 */
642static int rxkad_issue_challenge(struct rxrpc_connection *conn)
643{
644 struct rxkad_challenge challenge;
645 struct rxrpc_wire_header whdr;
646 struct msghdr msg;
647 struct kvec iov[2];
648 size_t len;
649 u32 serial;
650 int ret;
651
652 _enter("{%d}", conn->debug_id);
653
654 get_random_bytes(&conn->rxkad.nonce, sizeof(conn->rxkad.nonce));
655
656 challenge.version = htonl(2);
657 challenge.nonce = htonl(conn->rxkad.nonce);
658 challenge.min_level = htonl(0);
659 challenge.__padding = 0;
660
661 msg.msg_name = &conn->peer->srx.transport;
662 msg.msg_namelen = conn->peer->srx.transport_len;
663 msg.msg_control = NULL;
664 msg.msg_controllen = 0;
665 msg.msg_flags = 0;
666
667 whdr.epoch = htonl(conn->proto.epoch);
668 whdr.cid = htonl(conn->proto.cid);
669 whdr.callNumber = 0;
670 whdr.seq = 0;
671 whdr.type = RXRPC_PACKET_TYPE_CHALLENGE;
672 whdr.flags = conn->out_clientflag;
673 whdr.userStatus = 0;
674 whdr.securityIndex = conn->security_ix;
675 whdr._rsvd = 0;
676 whdr.serviceId = htons(conn->service_id);
677
678 iov[0].iov_base = &whdr;
679 iov[0].iov_len = sizeof(whdr);
680 iov[1].iov_base = &challenge;
681 iov[1].iov_len = sizeof(challenge);
682
683 len = iov[0].iov_len + iov[1].iov_len;
684
685 serial = rxrpc_get_next_serial(conn);
686 whdr.serial = htonl(serial);
687
688 trace_rxrpc_tx_challenge(conn, serial, 0, conn->rxkad.nonce);
689
690 ret = kernel_sendmsg(conn->local->socket, &msg, iov, 2, len);
691 if (ret < 0) {
692 trace_rxrpc_tx_fail(conn->debug_id, serial, ret,
693 rxrpc_tx_point_rxkad_challenge);
694 return -EAGAIN;
695 }
696
697 conn->peer->last_tx_at = ktime_get_seconds();
698 trace_rxrpc_tx_packet(conn->debug_id, &whdr,
699 rxrpc_tx_point_rxkad_challenge);
700 _leave(" = 0");
701 return 0;
702}
703
704/*
705 * calculate the response checksum
706 */
707static void rxkad_calc_response_checksum(struct rxkad_response *response)
708{
709 u32 csum = 1000003;
710 int loop;
711 u8 *p = (u8 *) response;
712
713 for (loop = sizeof(*response); loop > 0; loop--)
714 csum = csum * 0x10204081 + *p++;
715
716 response->encrypted.checksum = htonl(csum);
717}
718
719/*
720 * encrypt the response packet
721 */
722static int rxkad_encrypt_response(struct rxrpc_connection *conn,
723 struct sk_buff *response,
724 const struct rxkad_key *s2)
725{
726 struct skcipher_request *req;
727 struct rxrpc_crypt iv;
728 struct scatterlist sg[1];
729 size_t encsize = sizeof(((struct rxkad_response *)0)->encrypted);
730 int ret;
731
732 sg_init_table(sg, ARRAY_SIZE(sg));
733 ret = skb_to_sgvec(response, sg,
734 sizeof(struct rxrpc_wire_header) +
735 offsetof(struct rxkad_response, encrypted), encsize);
736 if (ret < 0)
737 return ret;
738
739 req = skcipher_request_alloc(&conn->rxkad.cipher->base, GFP_NOFS);
740 if (!req)
741 return -ENOMEM;
742
743 /* continue encrypting from where we left off */
744 memcpy(&iv, s2->session_key, sizeof(iv));
745
746 skcipher_request_set_sync_tfm(req, conn->rxkad.cipher);
747 skcipher_request_set_callback(req, 0, NULL, NULL);
748 skcipher_request_set_crypt(req, sg, sg, encsize, iv.x);
749 ret = crypto_skcipher_encrypt(req);
750 skcipher_request_free(req);
751 return ret;
752}
753
754/*
755 * Validate a challenge packet.
756 */
757static bool rxkad_validate_challenge(struct rxrpc_connection *conn,
758 struct sk_buff *skb)
759{
760 struct rxkad_challenge challenge;
761 struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
762 u32 version, min_level;
763 int ret;
764
765 _enter("{%d,%x}", conn->debug_id, key_serial(conn->key));
766
767 if (!conn->key) {
768 rxrpc_abort_conn(conn, skb, RX_PROTOCOL_ERROR, -EPROTO,
769 rxkad_abort_chall_no_key);
770 return false;
771 }
772
773 ret = key_validate(conn->key);
774 if (ret < 0) {
775 rxrpc_abort_conn(conn, skb, RXKADEXPIRED, ret,
776 rxkad_abort_chall_key_expired);
777 return false;
778 }
779
780 if (skb_copy_bits(skb, sizeof(struct rxrpc_wire_header),
781 &challenge, sizeof(challenge)) < 0) {
782 rxrpc_abort_conn(conn, skb, RXKADPACKETSHORT, -EPROTO,
783 rxkad_abort_chall_short);
784 return false;
785 }
786
787 version = ntohl(challenge.version);
788 sp->chall.rxkad_nonce = ntohl(challenge.nonce);
789 min_level = ntohl(challenge.min_level);
790
791 trace_rxrpc_rx_challenge(conn, sp->hdr.serial, version,
792 sp->chall.rxkad_nonce, min_level);
793
794 if (version != RXKAD_VERSION) {
795 rxrpc_abort_conn(conn, skb, RXKADINCONSISTENCY, -EPROTO,
796 rxkad_abort_chall_version);
797 return false;
798 }
799
800 if (conn->security_level < min_level) {
801 rxrpc_abort_conn(conn, skb, RXKADLEVELFAIL, -EACCES,
802 rxkad_abort_chall_level);
803 return false;
804 }
805 return true;
806}
807
808/*
809 * Insert the header into the response.
810 */
811static noinline
812int rxkad_insert_response_header(struct rxrpc_connection *conn,
813 const struct rxrpc_key_token *token,
814 struct sk_buff *challenge,
815 struct sk_buff *response,
816 size_t *offset)
817{
818 struct rxrpc_skb_priv *csp = rxrpc_skb(challenge);
819 struct {
820 struct rxrpc_wire_header whdr;
821 struct rxkad_response resp;
822 } h;
823 int ret;
824
825 h.whdr.epoch = htonl(conn->proto.epoch);
826 h.whdr.cid = htonl(conn->proto.cid);
827 h.whdr.callNumber = 0;
828 h.whdr.serial = 0;
829 h.whdr.seq = 0;
830 h.whdr.type = RXRPC_PACKET_TYPE_RESPONSE;
831 h.whdr.flags = conn->out_clientflag;
832 h.whdr.userStatus = 0;
833 h.whdr.securityIndex = conn->security_ix;
834 h.whdr.cksum = 0;
835 h.whdr.serviceId = htons(conn->service_id);
836 h.resp.version = htonl(RXKAD_VERSION);
837 h.resp.__pad = 0;
838 h.resp.encrypted.epoch = htonl(conn->proto.epoch);
839 h.resp.encrypted.cid = htonl(conn->proto.cid);
840 h.resp.encrypted.checksum = 0;
841 h.resp.encrypted.securityIndex = htonl(conn->security_ix);
842 h.resp.encrypted.call_id[0] = htonl(conn->channels[0].call_counter);
843 h.resp.encrypted.call_id[1] = htonl(conn->channels[1].call_counter);
844 h.resp.encrypted.call_id[2] = htonl(conn->channels[2].call_counter);
845 h.resp.encrypted.call_id[3] = htonl(conn->channels[3].call_counter);
846 h.resp.encrypted.inc_nonce = htonl(csp->chall.rxkad_nonce + 1);
847 h.resp.encrypted.level = htonl(conn->security_level);
848 h.resp.kvno = htonl(token->kad->kvno);
849 h.resp.ticket_len = htonl(token->kad->ticket_len);
850
851 rxkad_calc_response_checksum(&h.resp);
852
853 ret = skb_store_bits(response, *offset, &h, sizeof(h));
854 *offset += sizeof(h);
855 return ret;
856}
857
858/*
859 * respond to a challenge packet
860 */
861static int rxkad_respond_to_challenge(struct rxrpc_connection *conn,
862 struct sk_buff *challenge)
863{
864 const struct rxrpc_key_token *token;
865 struct rxrpc_skb_priv *csp, *rsp;
866 struct sk_buff *response;
867 size_t len, offset = 0;
868 int ret = -EPROTO;
869
870 _enter("{%d,%x}", conn->debug_id, key_serial(conn->key));
871
872 ret = key_validate(conn->key);
873 if (ret < 0)
874 return rxrpc_abort_conn(conn, challenge, RXKADEXPIRED, ret,
875 rxkad_abort_chall_key_expired);
876
877 token = conn->key->payload.data[0];
878
879 /* build the response packet */
880 len = sizeof(struct rxrpc_wire_header) +
881 sizeof(struct rxkad_response) +
882 token->kad->ticket_len;
883
884 response = alloc_skb_with_frags(0, len, 0, &ret, GFP_NOFS);
885 if (!response)
886 goto error;
887 rxrpc_new_skb(response, rxrpc_skb_new_response_rxkad);
888 response->len = len;
889 response->data_len = len;
890
891 offset = 0;
892 ret = rxkad_insert_response_header(conn, token, challenge, response,
893 &offset);
894 if (ret < 0)
895 goto error;
896
897 ret = rxkad_encrypt_response(conn, response, token->kad);
898 if (ret < 0)
899 goto error;
900
901 ret = skb_store_bits(response, offset, token->kad->ticket,
902 token->kad->ticket_len);
903 if (ret < 0)
904 goto error;
905
906 csp = rxrpc_skb(challenge);
907 rsp = rxrpc_skb(response);
908 rsp->resp.len = len;
909 rsp->resp.challenge_serial = csp->hdr.serial;
910 rxrpc_post_response(conn, response);
911 response = NULL;
912 ret = 0;
913
914error:
915 rxrpc_free_skb(response, rxrpc_skb_put_response);
916 return ret;
917}
918
919/*
920 * RxKAD does automatic response only as there's nothing to manage that isn't
921 * already in the key.
922 */
923static int rxkad_sendmsg_respond_to_challenge(struct sk_buff *challenge,
924 struct msghdr *msg)
925{
926 return -EINVAL;
927}
928
929/**
930 * rxkad_kernel_respond_to_challenge - Respond to a challenge with appdata
931 * @challenge: The challenge to respond to
932 *
933 * Allow a kernel application to respond to a CHALLENGE.
934 *
935 * Return: %0 if successful and a negative error code otherwise.
936 */
937int rxkad_kernel_respond_to_challenge(struct sk_buff *challenge)
938{
939 struct rxrpc_skb_priv *csp = rxrpc_skb(challenge);
940
941 return rxkad_respond_to_challenge(csp->chall.conn, challenge);
942}
943EXPORT_SYMBOL(rxkad_kernel_respond_to_challenge);
944
945/*
946 * decrypt the kerberos IV ticket in the response
947 */
948static int rxkad_decrypt_ticket(struct rxrpc_connection *conn,
949 struct key *server_key,
950 struct sk_buff *skb,
951 void *ticket, size_t ticket_len,
952 struct rxrpc_crypt *_session_key,
953 time64_t *_expiry)
954{
955 struct skcipher_request *req;
956 struct rxrpc_crypt iv, key;
957 struct scatterlist sg[1];
958 struct in_addr addr;
959 unsigned int life;
960 time64_t issue, now;
961 bool little_endian;
962 u8 *p, *q, *name, *end;
963
964 _enter("{%d},{%x}", conn->debug_id, key_serial(server_key));
965
966 *_expiry = 0;
967
968 ASSERT(server_key->payload.data[0] != NULL);
969 ASSERTCMP((unsigned long) ticket & 7UL, ==, 0);
970
971 memcpy(&iv, &server_key->payload.data[2], sizeof(iv));
972
973 req = skcipher_request_alloc(server_key->payload.data[0], GFP_NOFS);
974 if (!req)
975 return -ENOMEM;
976
977 sg_init_one(&sg[0], ticket, ticket_len);
978 skcipher_request_set_callback(req, 0, NULL, NULL);
979 skcipher_request_set_crypt(req, sg, sg, ticket_len, iv.x);
980 crypto_skcipher_decrypt(req);
981 skcipher_request_free(req);
982
983 p = ticket;
984 end = p + ticket_len;
985
986#define Z(field, fieldl) \
987 ({ \
988 u8 *__str = p; \
989 q = memchr(p, 0, end - p); \
990 if (!q || q - p > field##_SZ) \
991 return rxrpc_abort_conn( \
992 conn, skb, RXKADBADTICKET, -EPROTO, \
993 rxkad_abort_resp_tkt_##fieldl); \
994 for (; p < q; p++) \
995 if (!isprint(*p)) \
996 return rxrpc_abort_conn( \
997 conn, skb, RXKADBADTICKET, -EPROTO, \
998 rxkad_abort_resp_tkt_##fieldl); \
999 p++; \
1000 __str; \
1001 })
1002
1003 /* extract the ticket flags */
1004 _debug("KIV FLAGS: %x", *p);
1005 little_endian = *p & 1;
1006 p++;
1007
1008 /* extract the authentication name */
1009 name = Z(ANAME, aname);
1010 _debug("KIV ANAME: %s", name);
1011
1012 /* extract the principal's instance */
1013 name = Z(INST, inst);
1014 _debug("KIV INST : %s", name);
1015
1016 /* extract the principal's authentication domain */
1017 name = Z(REALM, realm);
1018 _debug("KIV REALM: %s", name);
1019
1020 if (end - p < 4 + 8 + 4 + 2)
1021 return rxrpc_abort_conn(conn, skb, RXKADBADTICKET, -EPROTO,
1022 rxkad_abort_resp_tkt_short);
1023
1024 /* get the IPv4 address of the entity that requested the ticket */
1025 memcpy(&addr, p, sizeof(addr));
1026 p += 4;
1027 _debug("KIV ADDR : %pI4", &addr);
1028
1029 /* get the session key from the ticket */
1030 memcpy(&key, p, sizeof(key));
1031 p += 8;
1032 _debug("KIV KEY : %08x %08x", ntohl(key.n[0]), ntohl(key.n[1]));
1033 memcpy(_session_key, &key, sizeof(key));
1034
1035 /* get the ticket's lifetime */
1036 life = *p++ * 5 * 60;
1037 _debug("KIV LIFE : %u", life);
1038
1039 /* get the issue time of the ticket */
1040 if (little_endian) {
1041 __le32 stamp;
1042 memcpy(&stamp, p, 4);
1043 issue = rxrpc_u32_to_time64(le32_to_cpu(stamp));
1044 } else {
1045 __be32 stamp;
1046 memcpy(&stamp, p, 4);
1047 issue = rxrpc_u32_to_time64(be32_to_cpu(stamp));
1048 }
1049 p += 4;
1050 now = ktime_get_real_seconds();
1051 _debug("KIV ISSUE: %llx [%llx]", issue, now);
1052
1053 /* check the ticket is in date */
1054 if (issue > now)
1055 return rxrpc_abort_conn(conn, skb, RXKADNOAUTH, -EKEYREJECTED,
1056 rxkad_abort_resp_tkt_future);
1057 if (issue < now - life)
1058 return rxrpc_abort_conn(conn, skb, RXKADEXPIRED, -EKEYEXPIRED,
1059 rxkad_abort_resp_tkt_expired);
1060
1061 *_expiry = issue + life;
1062
1063 /* get the service name */
1064 name = Z(SNAME, sname);
1065 _debug("KIV SNAME: %s", name);
1066
1067 /* get the service instance name */
1068 name = Z(INST, sinst);
1069 _debug("KIV SINST: %s", name);
1070 return 0;
1071}
1072
1073/*
1074 * decrypt the response packet
1075 */
1076static void rxkad_decrypt_response(struct rxrpc_connection *conn,
1077 struct rxkad_response *resp,
1078 const struct rxrpc_crypt *session_key)
1079{
1080 struct skcipher_request *req = rxkad_ci_req;
1081 struct scatterlist sg[1];
1082 struct rxrpc_crypt iv;
1083
1084 _enter(",,%08x%08x",
1085 ntohl(session_key->n[0]), ntohl(session_key->n[1]));
1086
1087 mutex_lock(&rxkad_ci_mutex);
1088 if (crypto_sync_skcipher_setkey(rxkad_ci, session_key->x,
1089 sizeof(*session_key)) < 0)
1090 BUG();
1091
1092 memcpy(&iv, session_key, sizeof(iv));
1093
1094 sg_init_table(sg, 1);
1095 sg_set_buf(sg, &resp->encrypted, sizeof(resp->encrypted));
1096 skcipher_request_set_sync_tfm(req, rxkad_ci);
1097 skcipher_request_set_callback(req, 0, NULL, NULL);
1098 skcipher_request_set_crypt(req, sg, sg, sizeof(resp->encrypted), iv.x);
1099 crypto_skcipher_decrypt(req);
1100 skcipher_request_zero(req);
1101
1102 mutex_unlock(&rxkad_ci_mutex);
1103
1104 _leave("");
1105}
1106
1107/*
1108 * verify a response
1109 */
1110static int rxkad_verify_response(struct rxrpc_connection *conn,
1111 struct sk_buff *skb)
1112{
1113 struct rxkad_response *response;
1114 struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
1115 struct rxrpc_crypt session_key;
1116 struct key *server_key;
1117 time64_t expiry;
1118 void *ticket;
1119 u32 version, kvno, ticket_len, level;
1120 __be32 csum;
1121 int ret, i;
1122
1123 _enter("{%d}", conn->debug_id);
1124
1125 server_key = rxrpc_look_up_server_security(conn, skb, 0, 0);
1126 if (IS_ERR(server_key)) {
1127 ret = PTR_ERR(server_key);
1128 switch (ret) {
1129 case -ENOKEY:
1130 return rxrpc_abort_conn(conn, skb, RXKADUNKNOWNKEY, ret,
1131 rxkad_abort_resp_nokey);
1132 case -EKEYEXPIRED:
1133 return rxrpc_abort_conn(conn, skb, RXKADEXPIRED, ret,
1134 rxkad_abort_resp_key_expired);
1135 default:
1136 return rxrpc_abort_conn(conn, skb, RXKADNOAUTH, ret,
1137 rxkad_abort_resp_key_rejected);
1138 }
1139 }
1140
1141 ret = -ENOMEM;
1142 response = kzalloc(sizeof(struct rxkad_response), GFP_NOFS);
1143 if (!response)
1144 goto temporary_error;
1145
1146 if (skb_copy_bits(skb, sizeof(struct rxrpc_wire_header),
1147 response, sizeof(*response)) < 0) {
1148 rxrpc_abort_conn(conn, skb, RXKADPACKETSHORT, -EPROTO,
1149 rxkad_abort_resp_short);
1150 goto protocol_error;
1151 }
1152
1153 version = ntohl(response->version);
1154 ticket_len = ntohl(response->ticket_len);
1155 kvno = ntohl(response->kvno);
1156
1157 trace_rxrpc_rx_response(conn, sp->hdr.serial, version, kvno, ticket_len);
1158
1159 if (version != RXKAD_VERSION) {
1160 rxrpc_abort_conn(conn, skb, RXKADINCONSISTENCY, -EPROTO,
1161 rxkad_abort_resp_version);
1162 goto protocol_error;
1163 }
1164
1165 if (ticket_len < 4 || ticket_len > MAXKRB5TICKETLEN) {
1166 rxrpc_abort_conn(conn, skb, RXKADTICKETLEN, -EPROTO,
1167 rxkad_abort_resp_tkt_len);
1168 goto protocol_error;
1169 }
1170
1171 if (kvno >= RXKAD_TKT_TYPE_KERBEROS_V5) {
1172 rxrpc_abort_conn(conn, skb, RXKADUNKNOWNKEY, -EPROTO,
1173 rxkad_abort_resp_unknown_tkt);
1174 goto protocol_error;
1175 }
1176
1177 /* extract the kerberos ticket and decrypt and decode it */
1178 ret = -ENOMEM;
1179 ticket = kmalloc(ticket_len, GFP_NOFS);
1180 if (!ticket)
1181 goto temporary_error_free_resp;
1182
1183 if (skb_copy_bits(skb, sizeof(struct rxrpc_wire_header) + sizeof(*response),
1184 ticket, ticket_len) < 0) {
1185 rxrpc_abort_conn(conn, skb, RXKADPACKETSHORT, -EPROTO,
1186 rxkad_abort_resp_short_tkt);
1187 goto protocol_error;
1188 }
1189
1190 ret = rxkad_decrypt_ticket(conn, server_key, skb, ticket, ticket_len,
1191 &session_key, &expiry);
1192 if (ret < 0)
1193 goto temporary_error_free_ticket;
1194
1195 /* use the session key from inside the ticket to decrypt the
1196 * response */
1197 rxkad_decrypt_response(conn, response, &session_key);
1198
1199 if (ntohl(response->encrypted.epoch) != conn->proto.epoch ||
1200 ntohl(response->encrypted.cid) != conn->proto.cid ||
1201 ntohl(response->encrypted.securityIndex) != conn->security_ix) {
1202 rxrpc_abort_conn(conn, skb, RXKADSEALEDINCON, -EPROTO,
1203 rxkad_abort_resp_bad_param);
1204 goto protocol_error_free;
1205 }
1206
1207 csum = response->encrypted.checksum;
1208 response->encrypted.checksum = 0;
1209 rxkad_calc_response_checksum(response);
1210 if (response->encrypted.checksum != csum) {
1211 rxrpc_abort_conn(conn, skb, RXKADSEALEDINCON, -EPROTO,
1212 rxkad_abort_resp_bad_checksum);
1213 goto protocol_error_free;
1214 }
1215
1216 for (i = 0; i < RXRPC_MAXCALLS; i++) {
1217 u32 call_id = ntohl(response->encrypted.call_id[i]);
1218 u32 counter = READ_ONCE(conn->channels[i].call_counter);
1219
1220 if (call_id > INT_MAX) {
1221 rxrpc_abort_conn(conn, skb, RXKADSEALEDINCON, -EPROTO,
1222 rxkad_abort_resp_bad_callid);
1223 goto protocol_error_free;
1224 }
1225
1226 if (call_id < counter) {
1227 rxrpc_abort_conn(conn, skb, RXKADSEALEDINCON, -EPROTO,
1228 rxkad_abort_resp_call_ctr);
1229 goto protocol_error_free;
1230 }
1231
1232 if (call_id > counter) {
1233 if (conn->channels[i].call) {
1234 rxrpc_abort_conn(conn, skb, RXKADSEALEDINCON, -EPROTO,
1235 rxkad_abort_resp_call_state);
1236 goto protocol_error_free;
1237 }
1238 conn->channels[i].call_counter = call_id;
1239 }
1240 }
1241
1242 if (ntohl(response->encrypted.inc_nonce) != conn->rxkad.nonce + 1) {
1243 rxrpc_abort_conn(conn, skb, RXKADOUTOFSEQUENCE, -EPROTO,
1244 rxkad_abort_resp_ooseq);
1245 goto protocol_error_free;
1246 }
1247
1248 level = ntohl(response->encrypted.level);
1249 if (level > RXRPC_SECURITY_ENCRYPT) {
1250 rxrpc_abort_conn(conn, skb, RXKADLEVELFAIL, -EPROTO,
1251 rxkad_abort_resp_level);
1252 goto protocol_error_free;
1253 }
1254 conn->security_level = level;
1255
1256 /* create a key to hold the security data and expiration time - after
1257 * this the connection security can be handled in exactly the same way
1258 * as for a client connection */
1259 ret = rxrpc_get_server_data_key(conn, &session_key, expiry, kvno);
1260 if (ret < 0)
1261 goto temporary_error_free_ticket;
1262
1263 kfree(ticket);
1264 kfree(response);
1265 _leave(" = 0");
1266 return 0;
1267
1268protocol_error_free:
1269 kfree(ticket);
1270protocol_error:
1271 kfree(response);
1272 key_put(server_key);
1273 return -EPROTO;
1274
1275temporary_error_free_ticket:
1276 kfree(ticket);
1277temporary_error_free_resp:
1278 kfree(response);
1279temporary_error:
1280 /* Ignore the response packet if we got a temporary error such as
1281 * ENOMEM. We just want to send the challenge again. Note that we
1282 * also come out this way if the ticket decryption fails.
1283 */
1284 key_put(server_key);
1285 return ret;
1286}
1287
1288/*
1289 * clear the connection security
1290 */
1291static void rxkad_clear(struct rxrpc_connection *conn)
1292{
1293 _enter("");
1294
1295 if (conn->rxkad.cipher)
1296 crypto_free_sync_skcipher(conn->rxkad.cipher);
1297}
1298
1299/*
1300 * Initialise the rxkad security service.
1301 */
1302static int rxkad_init(void)
1303{
1304 struct crypto_sync_skcipher *tfm;
1305 struct skcipher_request *req;
1306
1307 /* pin the cipher we need so that the crypto layer doesn't invoke
1308 * keventd to go get it */
1309 tfm = crypto_alloc_sync_skcipher("pcbc(fcrypt)", 0, 0);
1310 if (IS_ERR(tfm))
1311 return PTR_ERR(tfm);
1312
1313 req = skcipher_request_alloc(&tfm->base, GFP_KERNEL);
1314 if (!req)
1315 goto nomem_tfm;
1316
1317 rxkad_ci_req = req;
1318 rxkad_ci = tfm;
1319 return 0;
1320
1321nomem_tfm:
1322 crypto_free_sync_skcipher(tfm);
1323 return -ENOMEM;
1324}
1325
1326/*
1327 * Clean up the rxkad security service.
1328 */
1329static void rxkad_exit(void)
1330{
1331 crypto_free_sync_skcipher(rxkad_ci);
1332 skcipher_request_free(rxkad_ci_req);
1333}
1334
1335/*
1336 * RxRPC Kerberos-based security
1337 */
1338const struct rxrpc_security rxkad = {
1339 .name = "rxkad",
1340 .security_index = RXRPC_SECURITY_RXKAD,
1341 .no_key_abort = RXKADUNKNOWNKEY,
1342 .init = rxkad_init,
1343 .exit = rxkad_exit,
1344 .preparse_server_key = rxkad_preparse_server_key,
1345 .free_preparse_server_key = rxkad_free_preparse_server_key,
1346 .destroy_server_key = rxkad_destroy_server_key,
1347 .init_connection_security = rxkad_init_connection_security,
1348 .alloc_txbuf = rxkad_alloc_txbuf,
1349 .secure_packet = rxkad_secure_packet,
1350 .verify_packet = rxkad_verify_packet,
1351 .free_call_crypto = rxkad_free_call_crypto,
1352 .issue_challenge = rxkad_issue_challenge,
1353 .validate_challenge = rxkad_validate_challenge,
1354 .sendmsg_respond_to_challenge = rxkad_sendmsg_respond_to_challenge,
1355 .respond_to_challenge = rxkad_respond_to_challenge,
1356 .verify_response = rxkad_verify_response,
1357 .clear = rxkad_clear,
1358};
Linux 6.x block layer and io_uring tree(s)