[PATCH net-next 00/23] rxrpc: Fixes and preparation for RxGK

From: David Howells
Date: Thu Oct 01 2020 - 10:56:52 EST



Here are some fixes for problems encountered whilst writing the RxGK
security class (this will allow AF_RXRPC to use GSSAPI-negotiated tokens
and better crypto). The RxGK security class is not included in this
patchset.

Firstly, there's a keyrings patch to provide the original key description,
as provided to add_key(), to the preparser so that it can interpret the
content on that basis. Unfortunately, the rxrpc_s key type wasn't written
to interpret its payload as anything other than a string of bytes
comprising a key, but for RxGK, more information is required as multiple
Kerberos enctypes are supported.

Secondly, there's a bunch of rxrpc fixes:

(1) Fix bundle refcounting for exclusive connections.

(2) Fix the xdr encoding of the contents read from an rxrpc key.

(3) Fix a BUG() for a unsupported encoding type.

(4) Fix missing _bh lock annotations.

(5) Fix the loss of deferred final ACKs on socket shutdown.

(6) Fix acceptance handling for an incoming call where the incoming call
is encrypted.

(7) The server token keyring isn't network namespaced - it belongs to the
server, so there's no need.

(8) The default data packet size alignment should be 1, not 4. It only
needs to be something other than 1 if there are crypto requirements.

Thirdly, there are some preparatory changes:

(1) Remove the rxk5 security class key support. This class never went
anywhere and is now defunct. RxGK should be used instead.

(2) Support multiple tokens in a single key, provided they're loaded in a
single add_key() operation:

- Make preparatory moves to allow the choice of class to be made
higher up the stack.
- Fix some bugs in the XDR parsing.
- Display contained token types in /proc/keys

(3) Split the server key (rxrpc_s-type) into its own file. It has nothing
in common with the session key (rxrpc-type).

(4) Tidy up the connection security bits:

- The prime_packet_security() op is redundant.

- Don't retain the server key in the connection. It's only used once
in a service connection's life when the ticket gets decrypted. Look
it up on demand.

- Hand server key parsing off to the security class.

- Don't reserve the security header in the transmit data buffer, but
rather just add to the offset. RxGK has a more complicated
structure than rxkad.

- Organise the connection security into a union, thereby allowing
other security classes to add bits in the same space.

- Allow a security trailer to be reserved. RxGK may put the checksum
after the data.

- Allow a security class to give more information on a server key in
/proc/keys (such as the enctype).

- Don't use pskb_pull() in rxkad, but rather just add to the offset
when extracting data.

(5) Don't leak key material from server session keys back to userspace.

The patches are tagged here:

git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git
rxrpc-next-20201010

and can also be found on this branch:

http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/log/?h=rxrpc-next

David
---
David Howells (22):
keys: Provide the original description to the key preparser
rxrpc: Fix bundle counting for exclusive connections
rxrpc: Downgrade the BUG() for unsupported token type in rxrpc_read()
rxrpc: Fix some missing _bh annotations on locking conn->state_lock
rxrpc: Fix loss of final ack on shutdown
rxrpc: Fix accept on a connection that need securing
rxrpc: The server keyring isn't network-namespaced
rxrpc: Change basic data packet size alignment to 1
rxrpc: Remove the rxk5 security class as it's now defunct
rxrpc: List the held token types in the key description in /proc/keys
rxrpc: Allow for a security trailer in a packet
rxrpc: Merge prime_packet_security into init_connection_security
rxrpc: Support keys with multiple authentication tokens
rxrpc: Don't retain the server key in the connection
rxrpc: Split the server key type (rxrpc_s) into its own file
rxrpc: Hand server key parsing off to the security class
rxrpc: Don't reserve security header in Tx DATA skbuff
rxrpc: Organise connection security to use a union
rxrpc: Don't leak the service-side session key to userspace
rxrpc: Allow security classes to give more info on server keys
rxrpc: Make the parsing of xdr payloads more coherent
rxrpc: rxkad: Don't use pskb_pull() to advance through the response packet

Marc Dionne (1):
rxrpc: Fix rxkad token xdr encoding


include/keys/rxrpc-type.h | 56 +---
include/uapi/linux/rxrpc.h | 2 +-
net/rxrpc/Makefile | 1 +
net/rxrpc/ar-internal.h | 65 ++--
net/rxrpc/call_accept.c | 277 +++-------------
net/rxrpc/call_object.c | 5 +-
net/rxrpc/conn_client.c | 14 +-
net/rxrpc/conn_event.c | 22 +-
net/rxrpc/conn_object.c | 3 +-
net/rxrpc/conn_service.c | 2 -
net/rxrpc/insecure.c | 15 +-
net/rxrpc/key.c | 642 +++----------------------------------
net/rxrpc/recvmsg.c | 36 +--
net/rxrpc/rxkad.c | 197 ++++++++----
net/rxrpc/security.c | 98 ++++--
net/rxrpc/sendmsg.c | 49 ++-
net/rxrpc/server_key.c | 143 +++++++++
17 files changed, 513 insertions(+), 1114 deletions(-)
create mode 100644 net/rxrpc/server_key.c