Commit 5b38e821 authored by Jakub Kicinski's avatar Jakub Kicinski
Browse files

Merge branch 'rxrpc-afs-add-afs-gssapi-security-class-to-af_rxrpc-and-kafs' 

David Howells says:

====================
rxrpc, afs: Add AFS GSSAPI security class to AF_RXRPC and kafs

Here's a set of patches to add basic support for the AFS GSSAPI security
class to AF_RXRPC and kafs.  It provides transport security for keys that
match the security index 6 (YFS) for connections to the AFS fileserver and
VL server.

Note that security index 4 (OpenAFS) can also be supported using this, but
it needs more work as it's slightly different.

The patches also provide the ability to secure the callback channel -
connections from the fileserver back to the client that are used to pass
file change notifications, amongst other things.  When challenged by the
fileserver, kafs will generate a token specific to that server and include
it in the RESPONSE packet as the appdata.  The server then extracts this
and uses it to send callback RPC calls back to the client.

It can also be used to provide transport security on the callback channel,
but a further set of patches is required to provide the token and key to
set that up when the client responds to the fileserver's challenge.

This makes use of the previously added crypto-krb5 library that is now
upstream (last commit fc0cf10c).

This series of patches consist of the following parts:

 (0) Update kdoc comments to remove some kdoc builder warnings.

 (1) Push reponding to CHALLENGE packets over to recvmsg() or the kernel
     equivalent so that the application layer can include user-defined
     information in the RESPONSE packet.  In a follow-up patch set, this
     will allow the callback channel to be secured by the AFS filesystem.

 (2) Add the AF_RXRPC RxGK security class that uses a key obtained from the
     AFS GSS security service to do Kerberos 5-based encryption instead of
     pcbc(fcrypt) and pcbc(des).

 (3) Add support for callback channel encryption in kafs.

 (4) Provide the test rxperf server module with some fixed krb5 keys.
====================

Link: https://patch.msgid.link/20250411095303.2316168-1-dhowells@redhat.com


Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parents a4cba7e9 aa219908

Documentation/networking/rxrpc.rst

+15 −0
Original line number Diff line number Diff line
@@ -1172,3 +1172,18 @@ adjusted through sysctls in /proc/net/rxrpc/: 
     header plus exactly 1412 bytes of data.  The terminal packet must contain

     a four byte header plus any amount of data.  In any event, a jumbo packet

     may not exceed rxrpc_rx_mtu in size.





API Function Reference

======================



.. kernel-doc:: net/rxrpc/af_rxrpc.c

.. kernel-doc:: net/rxrpc/call_object.c

.. kernel-doc:: net/rxrpc/key.c

.. kernel-doc:: net/rxrpc/oob.c

.. kernel-doc:: net/rxrpc/peer_object.c

.. kernel-doc:: net/rxrpc/recvmsg.c

.. kernel-doc:: net/rxrpc/rxgk.c

.. kernel-doc:: net/rxrpc/rxkad.c

.. kernel-doc:: net/rxrpc/sendmsg.c

.. kernel-doc:: net/rxrpc/server_key.c

fs/afs/Kconfig

+1 −0
Original line number Diff line number Diff line
@@ -5,6 +5,7 @@ config AFS_FS 
	select AF_RXRPC

	select DNS_RESOLVER

	select NETFS_SUPPORT

	select CRYPTO_KRB5

	help

	  If you say Y here, you will get an experimental Andrew File System

	  driver. It currently only supports unsecured read-only AFS access.

fs/afs/Makefile

+1 −0
Original line number Diff line number Diff line
@@ -8,6 +8,7 @@ kafs-y := \ 
	addr_prefs.o \

	callback.o \

	cell.o \

	cm_security.o \

	cmservice.o \

	dir.o \

	dir_edit.o \

fs/afs/cm_security.c

0 → 100644
+340 −0
Original line number Diff line number Diff line 
// SPDX-License-Identifier: GPL-2.0-or-later

/* Cache manager security.

 *

 * Copyright (C) 2025 Red Hat, Inc. All Rights Reserved.

 * Written by David Howells (dhowells@redhat.com)

 */



#include <linux/slab.h>

#include <crypto/krb5.h>

#include "internal.h"

#include "afs_cm.h"

#include "afs_fs.h"

#include "protocol_yfs.h"

#define RXRPC_TRACE_ONLY_DEFINE_ENUMS

#include <trace/events/rxrpc.h>



#define RXGK_SERVER_ENC_TOKEN 1036U // 0x40c

#define xdr_round_up(x) (round_up((x), sizeof(__be32)))

#define xdr_len_object(x) (4 + round_up((x), sizeof(__be32)))



#ifdef CONFIG_RXGK

static int afs_create_yfs_cm_token(struct sk_buff *challenge,

				   struct afs_server *server);

#endif



/*

 * Respond to an RxGK challenge, adding appdata.

 */

static int afs_respond_to_challenge(struct sk_buff *challenge)

{

#ifdef CONFIG_RXGK

	struct krb5_buffer appdata = {};

	struct afs_server *server;

#endif

	struct rxrpc_peer *peer;

	unsigned long peer_data;

	u16 service_id;

	u8 security_index;



	rxrpc_kernel_query_challenge(challenge, &peer, &peer_data,

				     &service_id, &security_index);



	_enter("%u,%u", service_id, security_index);



	switch (service_id) {

		/* We don't send CM_SERVICE RPCs, so don't expect a challenge

		 * therefrom.

		 */

	case FS_SERVICE:

	case VL_SERVICE:

	case YFS_FS_SERVICE:

	case YFS_VL_SERVICE:

		break;

	default:

		pr_warn("Can't respond to unknown challenge %u:%u",

			service_id, security_index);

		return rxrpc_kernel_reject_challenge(challenge, RX_USER_ABORT, -EPROTO,

						     afs_abort_unsupported_sec_class);

	}



	switch (security_index) {

#ifdef CONFIG_RXKAD

	case RXRPC_SECURITY_RXKAD:

		return rxkad_kernel_respond_to_challenge(challenge);

#endif



#ifdef CONFIG_RXGK

	case RXRPC_SECURITY_RXGK:

		return rxgk_kernel_respond_to_challenge(challenge, &appdata);



	case RXRPC_SECURITY_YFS_RXGK:

		switch (service_id) {

		case FS_SERVICE:

		case YFS_FS_SERVICE:

			server = (struct afs_server *)peer_data;

			if (!server->cm_rxgk_appdata.data) {

				mutex_lock(&server->cm_token_lock);

				if (!server->cm_rxgk_appdata.data)

					afs_create_yfs_cm_token(challenge, server);

				mutex_unlock(&server->cm_token_lock);

			}

			if (server->cm_rxgk_appdata.data)

				appdata = server->cm_rxgk_appdata;

			break;

		}

		return rxgk_kernel_respond_to_challenge(challenge, &appdata);

#endif



	default:

		return rxrpc_kernel_reject_challenge(challenge, RX_USER_ABORT, -EPROTO,

						     afs_abort_unsupported_sec_class);

	}

}



/*

 * Process the OOB message queue, processing challenge packets.

 */

void afs_process_oob_queue(struct work_struct *work)

{

	struct afs_net *net = container_of(work, struct afs_net, rx_oob_work);

	struct sk_buff *oob;

	enum rxrpc_oob_type type;



	while ((oob = rxrpc_kernel_dequeue_oob(net->socket, &type))) {

		switch (type) {

		case RXRPC_OOB_CHALLENGE:

			afs_respond_to_challenge(oob);

			break;

		}

		rxrpc_kernel_free_oob(oob);

	}

}



#ifdef CONFIG_RXGK

/*

 * Create a securities keyring for the cache manager and attach a key to it for

 * the RxGK tokens we want to use to secure the callback connection back from

 * the fileserver.

 */

int afs_create_token_key(struct afs_net *net, struct socket *socket)

{

	const struct krb5_enctype *krb5;

	struct key *ring;

	key_ref_t key;

	char K0[32], *desc;

	int ret;



	ring = keyring_alloc("kafs",

			     GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, current_cred(),

			     KEY_POS_SEARCH | KEY_POS_WRITE |

			     KEY_USR_VIEW | KEY_USR_READ | KEY_USR_SEARCH,

			     KEY_ALLOC_NOT_IN_QUOTA,

			     NULL, NULL);

	if (IS_ERR(ring))

		return PTR_ERR(ring);



	ret = rxrpc_sock_set_security_keyring(socket->sk, ring);

	if (ret < 0)

		goto out;



	ret = -ENOPKG;

	krb5 = crypto_krb5_find_enctype(KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96);

	if (!krb5)

		goto out;



	if (WARN_ON_ONCE(krb5->key_len > sizeof(K0)))

		goto out;



	ret = -ENOMEM;

	desc = kasprintf(GFP_KERNEL, "%u:%u:%u:%u",

			 YFS_CM_SERVICE, RXRPC_SECURITY_YFS_RXGK, 1, krb5->etype);

	if (!desc)

		goto out;



	wait_for_random_bytes();

	get_random_bytes(K0, krb5->key_len);



	key = key_create(make_key_ref(ring, true),

			 "rxrpc_s", desc,

			 K0, krb5->key_len,

			 KEY_POS_VIEW | KEY_POS_READ | KEY_POS_SEARCH | KEY_USR_VIEW,

			 KEY_ALLOC_NOT_IN_QUOTA);

	kfree(desc);

	if (IS_ERR(key)) {

		ret = PTR_ERR(key);

		goto out;

	}



	net->fs_cm_token_key = key_ref_to_ptr(key);

	ret = 0;

out:

	key_put(ring);

	return ret;

}



/*

 * Create an YFS RxGK GSS token to use as a ticket to the specified fileserver.

 */

static int afs_create_yfs_cm_token(struct sk_buff *challenge,

				   struct afs_server *server)

{

	const struct krb5_enctype *conn_krb5, *token_krb5;

	const struct krb5_buffer *token_key;

	struct crypto_aead *aead;

	struct scatterlist sg;

	struct afs_net *net = server->cell->net;

	const struct key *key = net->fs_cm_token_key;

	size_t keysize, uuidsize, authsize, toksize, encsize, contsize, adatasize, offset;

	__be32 caps[1] = {

		[0] = htonl(AFS_CAP_ERROR_TRANSLATION),

	};

	__be32 *xdr;

	void *appdata, *K0, *encbase;

	u32 enctype;

	int ret;



	if (!key)

		return -ENOKEY;



	/* Assume that the fileserver is happy to use the same encoding type as

	 * we were told to use by the token obtained by the user.

	 */

	enctype = rxgk_kernel_query_challenge(challenge);



	conn_krb5 = crypto_krb5_find_enctype(enctype);

	if (!conn_krb5)

		return -ENOPKG;

	token_krb5 = key->payload.data[0];

	token_key = (const struct krb5_buffer *)&key->payload.data[2];



	/* struct rxgk_key {

	 *	afs_uint32	enctype;

	 *	opaque		key<>;

	 * };

	 */

	keysize = 4 + xdr_len_object(conn_krb5->key_len);



	/* struct RXGK_AuthName {

	 *	afs_int32	kind;

	 *	opaque		data<AUTHDATAMAX>;

	 *	opaque		display<AUTHPRINTABLEMAX>;

	 * };

	 */

	uuidsize = sizeof(server->uuid);

	authsize = 4 + xdr_len_object(uuidsize) + xdr_len_object(0);



	/* struct RXGK_Token {

	 *	rxgk_key		K0;

	 *	RXGK_Level		level;

	 *	rxgkTime		starttime;

	 *	afs_int32		lifetime;

	 *	afs_int32		bytelife;

	 *	rxgkTime		expirationtime;

	 *	struct RXGK_AuthName	identities<>;

	 * };

	 */

	toksize = keysize + 8 + 4 + 4 + 8 + xdr_len_object(authsize);



	offset = 0;

	encsize = crypto_krb5_how_much_buffer(token_krb5, KRB5_ENCRYPT_MODE, toksize, &offset);



	/* struct RXGK_TokenContainer {

	 *	afs_int32	kvno;

	 *	afs_int32	enctype;

	 *	opaque		encrypted_token<>;

	 * };

	 */

	contsize = 4 + 4 + xdr_len_object(encsize);



	/* struct YFSAppData {

	 *	opr_uuid	initiatorUuid;

	 *	opr_uuid	acceptorUuid;

	 *	Capabilities	caps;

	 *	afs_int32	enctype;

	 *	opaque		callbackKey<>;

	 *	opaque		callbackToken<>;

	 * };

	 */

	adatasize = 16 + 16 +

		xdr_len_object(sizeof(caps)) +

		4 +

		xdr_len_object(conn_krb5->key_len) +

		xdr_len_object(contsize);



	ret = -ENOMEM;

	appdata = kzalloc(adatasize, GFP_KERNEL);

	if (!appdata)

		goto out;

	xdr = appdata;



	memcpy(xdr, &net->uuid, 16);		/* appdata.initiatorUuid */

	xdr += 16 / 4;

	memcpy(xdr, &server->uuid, 16);		/* appdata.acceptorUuid */

	xdr += 16 / 4;

	*xdr++ = htonl(ARRAY_SIZE(caps));	/* appdata.caps.len */

	memcpy(xdr, &caps, sizeof(caps));	/* appdata.caps */

	xdr += ARRAY_SIZE(caps);

	*xdr++ = htonl(conn_krb5->etype);	/* appdata.enctype */



	*xdr++ = htonl(conn_krb5->key_len);	/* appdata.callbackKey.len */

	K0 = xdr;

	get_random_bytes(K0, conn_krb5->key_len); /* appdata.callbackKey.data */

	xdr += xdr_round_up(conn_krb5->key_len) / 4;



	*xdr++ = htonl(contsize);		/* appdata.callbackToken.len */

	*xdr++ = htonl(1);			/* cont.kvno */

	*xdr++ = htonl(token_krb5->etype);	/* cont.enctype */

	*xdr++ = htonl(encsize);		/* cont.encrypted_token.len */



	encbase = xdr;

	xdr += offset / 4;

	*xdr++ = htonl(conn_krb5->etype);	/* token.K0.enctype */

	*xdr++ = htonl(conn_krb5->key_len);	/* token.K0.key.len */

	memcpy(xdr, K0, conn_krb5->key_len);	/* token.K0.key.data */

	xdr += xdr_round_up(conn_krb5->key_len) / 4;



	*xdr++ = htonl(RXRPC_SECURITY_ENCRYPT);	/* token.level */

	*xdr++ = htonl(0);			/* token.starttime */

	*xdr++ = htonl(0);			/* " */

	*xdr++ = htonl(0);			/* token.lifetime */

	*xdr++ = htonl(0);			/* token.bytelife */

	*xdr++ = htonl(0);			/* token.expirationtime */

	*xdr++ = htonl(0);			/* " */

	*xdr++ = htonl(1);			/* token.identities.count */

	*xdr++ = htonl(0);			/* token.identities[0].kind */

	*xdr++ = htonl(uuidsize);		/* token.identities[0].data.len */

	memcpy(xdr, &server->uuid, uuidsize);

	xdr += xdr_round_up(uuidsize) / 4;

	*xdr++ = htonl(0);			/* token.identities[0].display.len */



	xdr = encbase + xdr_round_up(encsize);



	if ((unsigned long)xdr - (unsigned long)appdata != adatasize)

		pr_err("Appdata size incorrect %lx != %zx\n",

		       (unsigned long)xdr - (unsigned long)appdata, adatasize);



	aead = crypto_krb5_prepare_encryption(token_krb5, token_key, RXGK_SERVER_ENC_TOKEN,

					      GFP_KERNEL);

	if (IS_ERR(aead)) {

		ret = PTR_ERR(aead);

		goto out_token;

	}



	sg_init_one(&sg, encbase, encsize);

	ret = crypto_krb5_encrypt(token_krb5, aead, &sg, 1, encsize, offset, toksize, false);

	if (ret < 0)

		goto out_aead;



	server->cm_rxgk_appdata.len  = adatasize;

	server->cm_rxgk_appdata.data = appdata;

	appdata = NULL;



out_aead:

	crypto_free_aead(aead);

out_token:

	kfree(appdata);

out:

	return ret;

}

#endif /* CONFIG_RXGK */

fs/afs/internal.h

+20 −0
Original line number Diff line number Diff line
@@ -20,6 +20,7 @@ 
#include <linux/uuid.h>

#include <linux/mm_types.h>

#include <linux/dns_resolver.h>

#include <crypto/krb5.h>

#include <net/net_namespace.h>

#include <net/netns/generic.h>

#include <net/sock.h>
@@ -176,8 +177,10 @@ struct afs_call { 
	bool			intr;		/* T if interruptible */

	bool			unmarshalling_error; /* T if an unmarshalling error occurred */

	bool			responded;	/* Got a response from the call (may be abort) */

	u8			security_ix;	/* Security class */

	u16			service_id;	/* Actual service ID (after upgrade) */

	unsigned int		debug_id;	/* Trace ID */

	u32			enctype;	/* Security encoding type */

	u32			operation_ID;	/* operation ID for an incoming call */

	u32			count;		/* count for use in unmarshalling */

	union {					/* place to extract temporary data */
@@ -281,6 +284,7 @@ struct afs_net { 
	struct socket		*socket;

	struct afs_call		*spare_incoming_call;

	struct work_struct	charge_preallocation_work;

	struct work_struct	rx_oob_work;

	struct mutex		socket_mutex;

	atomic_t		nr_outstanding_calls;

	atomic_t		nr_superblocks;
@@ -305,6 +309,7 @@ struct afs_net { 
	struct list_head	fs_probe_slow;	/* List of afs_server to probe at 5m intervals */

	struct hlist_head	fs_proc;	/* procfs servers list */



	struct key		*fs_cm_token_key; /* Key for creating CM tokens */

	struct work_struct	fs_prober;

	struct timer_list	fs_probe_timer;

	atomic_t		servers_outstanding;
@@ -540,6 +545,8 @@ struct afs_server { 
	struct list_head	volumes;	/* RCU list of afs_server_entry objects */

	struct work_struct	destroyer;	/* Work item to try and destroy a server */

	struct timer_list	timer;		/* Management timer */

	struct mutex		cm_token_lock;	/* Lock governing creation of appdata */

	struct krb5_buffer	cm_rxgk_appdata; /* Appdata to be included in RESPONSE packet */

	time64_t		unuse_time;	/* Time at which last unused */

	unsigned long		flags;

#define AFS_SERVER_FL_RESPONDING 0		/* The server is responding */
@@ -1058,6 +1065,19 @@ extern void __net_exit afs_cell_purge(struct afs_net *); 
 */

extern bool afs_cm_incoming_call(struct afs_call *);



/*

 * cm_security.c

 */

void afs_process_oob_queue(struct work_struct *work);

#ifdef CONFIG_RXGK

int afs_create_token_key(struct afs_net *net, struct socket *socket);

#else

static inline int afs_create_token_key(struct afs_net *net, struct socket *socket)

{

	return 0;

}

#endif



/*

 * dir.c

 */