62 static int rxkad_init_connection_security(struct rxrpc_connection *conn)  in rxkad_init_connection_security()  argument
68 	_enter("{%d},{%x}", conn->debug_id, key_serial(conn->key));  in rxkad_init_connection_security()
70 	token = conn->key->payload.data;  in rxkad_init_connection_security()
71 	conn->security_ix = token->security_index;  in rxkad_init_connection_security()
84 	switch (conn->security_level) {  in rxkad_init_connection_security()
88 		conn->size_align = 8;  in rxkad_init_connection_security()
89 		conn->security_size = sizeof(struct rxkad_level1_hdr);  in rxkad_init_connection_security()
90 		conn->header_size += sizeof(struct rxkad_level1_hdr);  in rxkad_init_connection_security()
93 		conn->size_align = 8;  in rxkad_init_connection_security()
94 		conn->security_size = sizeof(struct rxkad_level2_hdr);  in rxkad_init_connection_security()
95 		conn->header_size += sizeof(struct rxkad_level2_hdr);  in rxkad_init_connection_security()
102 	conn->cipher = ci;  in rxkad_init_connection_security()
113 static void rxkad_prime_packet_security(struct rxrpc_connection *conn)  in rxkad_prime_packet_security()  argument
125 	if (!conn->key)  in rxkad_prime_packet_security()
128 	token = conn->key->payload.data;  in rxkad_prime_packet_security()
131 	desc.tfm = conn->cipher;  in rxkad_prime_packet_security()
135 	tmpbuf.x[0] = conn->epoch;  in rxkad_prime_packet_security()
136 	tmpbuf.x[1] = conn->cid;  in rxkad_prime_packet_security()
138 	tmpbuf.x[3] = htonl(conn->security_ix);  in rxkad_prime_packet_security()
144 	memcpy(&conn->csum_iv, &tmpbuf.x[2], sizeof(conn->csum_iv));  in rxkad_prime_packet_security()
145 	ASSERTCMP(conn->csum_iv.n[0], ==, tmpbuf.x[2]);  in rxkad_prime_packet_security()
180 	desc.tfm = call->conn->cipher;  in rxkad_secure_packet_auth()
224 	token = call->conn->key->payload.data;  in rxkad_secure_packet_encrypt()
226 	desc.tfm = call->conn->cipher;  in rxkad_secure_packet_encrypt()
239 	len = data_size + call->conn->size_align - 1;  in rxkad_secure_packet_encrypt()
240 	len &= ~(call->conn->size_align - 1);  in rxkad_secure_packet_encrypt()
272 	       call->debug_id, key_serial(call->conn->key), ntohl(sp->hdr.seq),  in rxkad_secure_packet()
275 	if (!call->conn->cipher)  in rxkad_secure_packet()
278 	ret = key_validate(call->conn->key);  in rxkad_secure_packet()
283 	memcpy(&iv, call->conn->csum_iv.x, sizeof(iv));  in rxkad_secure_packet()
284 	desc.tfm = call->conn->cipher;  in rxkad_secure_packet()
304 	switch (call->conn->security_level) {  in rxkad_secure_packet()
355 	desc.tfm = call->conn->cipher;  in rxkad_verify_packet_auth()
436 	token = call->conn->key->payload.data;  in rxkad_verify_packet_encrypt()
438 	desc.tfm = call->conn->cipher;  in rxkad_verify_packet_encrypt()
505 	       call->debug_id, key_serial(call->conn->key),  in rxkad_verify_packet()
508 	if (!call->conn->cipher)  in rxkad_verify_packet()
518 	memcpy(&iv, call->conn->csum_iv.x, sizeof(iv));  in rxkad_verify_packet()
519 	desc.tfm = call->conn->cipher;  in rxkad_verify_packet()
545 	switch (call->conn->security_level) {  in rxkad_verify_packet()
567 static int rxkad_issue_challenge(struct rxrpc_connection *conn)  in rxkad_issue_challenge()  argument
576 	_enter("{%d,%x}", conn->debug_id, key_serial(conn->key));  in rxkad_issue_challenge()
578 	ret = key_validate(conn->key);  in rxkad_issue_challenge()
582 	get_random_bytes(&conn->security_nonce, sizeof(conn->security_nonce));  in rxkad_issue_challenge()
585 	challenge.nonce		= htonl(conn->security_nonce);  in rxkad_issue_challenge()
589 	msg.msg_name	= &conn->trans->peer->srx.transport.sin;  in rxkad_issue_challenge()
590 	msg.msg_namelen	= sizeof(conn->trans->peer->srx.transport.sin);  in rxkad_issue_challenge()
595 	hdr.epoch	= conn->epoch;  in rxkad_issue_challenge()
596 	hdr.cid		= conn->cid;  in rxkad_issue_challenge()
600 	hdr.flags	= conn->out_clientflag;  in rxkad_issue_challenge()
602 	hdr.securityIndex = conn->security_ix;  in rxkad_issue_challenge()
604 	hdr.serviceId	= conn->service_id;  in rxkad_issue_challenge()
613 	hdr.serial = htonl(atomic_inc_return(&conn->serial));  in rxkad_issue_challenge()
616 	ret = kernel_sendmsg(conn->trans->local->socket, &msg, iov, 2, len);  in rxkad_issue_challenge()
629 static int rxkad_send_response(struct rxrpc_connection *conn,  in rxkad_send_response()  argument
641 	msg.msg_name	= &conn->trans->peer->srx.transport.sin;  in rxkad_send_response()
642 	msg.msg_namelen	= sizeof(conn->trans->peer->srx.transport.sin);  in rxkad_send_response()
647 	hdr->epoch	= conn->epoch;  in rxkad_send_response()
650 	hdr->flags	= conn->out_clientflag;  in rxkad_send_response()
663 	hdr->serial = htonl(atomic_inc_return(&conn->serial));  in rxkad_send_response()
666 	ret = kernel_sendmsg(conn->trans->local->socket, &msg, iov, 3, len);  in rxkad_send_response()
717 static void rxkad_encrypt_response(struct rxrpc_connection *conn,  in rxkad_encrypt_response()  argument
727 	desc.tfm = conn->cipher;  in rxkad_encrypt_response()
738 static int rxkad_respond_to_challenge(struct rxrpc_connection *conn,  in rxkad_respond_to_challenge()  argument
750 	_enter("{%d,%x}", conn->debug_id, key_serial(conn->key));  in rxkad_respond_to_challenge()
752 	if (!conn->key) {  in rxkad_respond_to_challenge()
757 	ret = key_validate(conn->key);  in rxkad_respond_to_challenge()
780 	if (conn->security_level < min_level)  in rxkad_respond_to_challenge()
783 	token = conn->key->payload.data;  in rxkad_respond_to_challenge()
789 	resp.encrypted.epoch = conn->epoch;  in rxkad_respond_to_challenge()
790 	resp.encrypted.cid = conn->cid;  in rxkad_respond_to_challenge()
791 	resp.encrypted.securityIndex = htonl(conn->security_ix);  in rxkad_respond_to_challenge()
793 		(conn->channels[0] ? conn->channels[0]->call_id : 0);  in rxkad_respond_to_challenge()
795 		(conn->channels[1] ? conn->channels[1]->call_id : 0);  in rxkad_respond_to_challenge()
797 		(conn->channels[2] ? conn->channels[2]->call_id : 0);  in rxkad_respond_to_challenge()
799 		(conn->channels[3] ? conn->channels[3]->call_id : 0);  in rxkad_respond_to_challenge()
801 	resp.encrypted.level = htonl(conn->security_level);  in rxkad_respond_to_challenge()
807 	rxkad_encrypt_response(conn, &resp, token->kad);  in rxkad_respond_to_challenge()
808 	return rxkad_send_response(conn, &sp->hdr, &resp, token->kad);  in rxkad_respond_to_challenge()
819 static int rxkad_decrypt_ticket(struct rxrpc_connection *conn,  in rxkad_decrypt_ticket()  argument
835 	_enter("{%d},{%x}", conn->debug_id, key_serial(conn->server_key));  in rxkad_decrypt_ticket()
839 	ret = key_validate(conn->server_key);  in rxkad_decrypt_ticket()
851 	ASSERT(conn->server_key->payload.data != NULL);  in rxkad_decrypt_ticket()
854 	memcpy(&iv, &conn->server_key->type_data, sizeof(iv));  in rxkad_decrypt_ticket()
856 	desc.tfm = conn->server_key->payload.data;  in rxkad_decrypt_ticket()
965 static void rxkad_decrypt_response(struct rxrpc_connection *conn,  in rxkad_decrypt_response()  argument
998 static int rxkad_verify_response(struct rxrpc_connection *conn,  in rxkad_verify_response()  argument
1012 	_enter("{%d,%x}", conn->debug_id, key_serial(conn->server_key));  in rxkad_verify_response()
1048 	ret = rxkad_decrypt_ticket(conn, ticket, ticket_len, &session_key,  in rxkad_verify_response()
1058 	rxkad_decrypt_response(conn, &response, &session_key);  in rxkad_verify_response()
1061 	if (response.encrypted.epoch != conn->epoch)  in rxkad_verify_response()
1063 	if (response.encrypted.cid != conn->cid)  in rxkad_verify_response()
1065 	if (ntohl(response.encrypted.securityIndex) != conn->security_ix)  in rxkad_verify_response()
1080 	if (response.encrypted.inc_nonce != htonl(conn->security_nonce + 1))  in rxkad_verify_response()
1087 	conn->security_level = level;  in rxkad_verify_response()
1092 	ret = rxrpc_get_server_data_key(conn, &session_key, expiry, kvno);  in rxkad_verify_response()
1113 static void rxkad_clear(struct rxrpc_connection *conn)  in rxkad_clear()  argument
1117 	if (conn->cipher)  in rxkad_clear()
1118 		crypto_free_blkcipher(conn->cipher);  in rxkad_clear()