From: Trond Myklebust <trond.myklebust@fys.uio.no>
To: steved@redhat.com
Cc: linux-nfs@vger.kernel.org
Subject: Re: [PATCH 01/22] gss_krb5: introduce encryption type framework
Date: Mon, 15 Mar 2010 11:58:53 -0400 [thread overview]
Message-ID: <1268668733.2993.90.camel@localhost.localdomain> (raw)
In-Reply-To: <1268655627-18712-2-git-send-email-steved@redhat.com>
On Mon, 2010-03-15 at 08:20 -0400, steved@redhat.com wrote:
> From: Kevin Coffman <kwc@citi.umich.edu>
>
> Make the client and server code consistent regarding the extra buffer
> space made available for the auth code when wrapping data.
>
> Add some comments/documentation about the available buffer space
> in the xdr_buf head and tail when gss_wrap is called.
>
> Add a compile-time check to make sure we are not exceeding the available
> buffer space.
>
> Add a central function to shift head data.
>
> Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
> Signed-off-by: Steve Dickson <steved@redhat.com>
> ---
> include/linux/sunrpc/gss_krb5.h | 25 ++++++++++++++
> net/sunrpc/auth_gss/auth_gss.c | 14 ++++++--
> net/sunrpc/auth_gss/gss_krb5_crypto.c | 56 +++++++++++++++++++++++++++++++++
> net/sunrpc/auth_gss/gss_krb5_wrap.c | 7 ++--
> net/sunrpc/auth_gss/gss_mech_switch.c | 14 ++++++++
> net/sunrpc/auth_gss/svcauth_gss.c | 15 +++++++++
> 6 files changed, 123 insertions(+), 8 deletions(-)
>
> diff --git a/include/linux/sunrpc/gss_krb5.h b/include/linux/sunrpc/gss_krb5.h
> index e7bbdba..5bb227e 100644
> --- a/include/linux/sunrpc/gss_krb5.h
> +++ b/include/linux/sunrpc/gss_krb5.h
> @@ -40,6 +40,12 @@
> #include <linux/sunrpc/gss_err.h>
> #include <linux/sunrpc/gss_asn1.h>
>
> +/* Maximum checksum function output for the supported crypto algorithms */
> +#define GSS_KRB5_MAX_CKSUM_LEN (20)
> +
> +/* Maximum blocksize for the supported crypto algorithms */
> +#define GSS_KRB5_MAX_BLOCKSIZE (16)
> +
> struct krb5_ctx {
> int initiate; /* 1 = initiating, 0 = accepting */
> struct crypto_blkcipher *enc;
> @@ -113,6 +119,22 @@ enum seal_alg {
> #define ENCTYPE_DES3_CBC_SHA1 0x0010
> #define ENCTYPE_UNKNOWN 0x01ff
>
> +/*
> + * This compile-time check verifies that we will not exceed the
> + * slack space allotted by the client and server auth_gss code
> + * before they call gss_wrap().
> + */
> +#define GSS_KRB5_SLACK_CHECK \
> + BUILD_BUG_ON(GSS_KRB5_TOK_HDR_LEN /* gss token header */ \
> + + GSS_KRB5_MAX_CKSUM_LEN /* gss token checksum */ \
> + + GSS_KRB5_MAX_BLOCKSIZE /* confounder */ \
> + + GSS_KRB5_MAX_BLOCKSIZE /* possible padding */ \
> + + GSS_KRB5_TOK_HDR_LEN /* encrypted hdr in v2 token */\
> + + GSS_KRB5_MAX_CKSUM_LEN /* encryption hmac */ \
> + + 4 + 4 /* RPC verifier */ \
> + + GSS_KRB5_TOK_HDR_LEN \
> + + GSS_KRB5_MAX_CKSUM_LEN > RPC_MAX_AUTH_SIZE)
> +
> s32
> make_checksum(char *, char *header, int hdrlen, struct xdr_buf *body,
> int body_offset, struct xdr_netobj *cksum);
> @@ -157,3 +179,6 @@ s32
> krb5_get_seq_num(struct crypto_blkcipher *key,
> unsigned char *cksum,
> unsigned char *buf, int *direction, u32 *seqnum);
> +
> +int
> +shift_head_data(struct xdr_buf *buf, unsigned int base, unsigned int shiftlen);
> diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c
> index 0cfccc2..a268368 100644
> --- a/net/sunrpc/auth_gss/auth_gss.c
> +++ b/net/sunrpc/auth_gss/auth_gss.c
> @@ -61,7 +61,7 @@ static const struct rpc_credops gss_nullops;
> # define RPCDBG_FACILITY RPCDBG_AUTH
> #endif
>
> -#define GSS_CRED_SLACK 1024
> +#define GSS_CRED_SLACK (RPC_MAX_AUTH_SIZE * 2)
> /* length of a krb5 verifier (48), plus data added before arguments when
> * using integrity (two 4-byte integers): */
> #define GSS_VERF_SLACK 100
> @@ -1317,15 +1317,21 @@ gss_wrap_req_priv(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
> inpages = snd_buf->pages + first;
> snd_buf->pages = rqstp->rq_enc_pages;
> snd_buf->page_base -= first << PAGE_CACHE_SHIFT;
> - /* Give the tail its own page, in case we need extra space in the
> - * head when wrapping: */
> + /*
> + * Give the tail its own page, in case we need extra space in the
> + * head when wrapping:
> + *
> + * call_allocate() allocates twice the slack space required
> + * by the authentication flavor to rq_callsize.
> + * For GSS, slack is GSS_CRED_SLACK.
> + */
I'm all for improving the comments in the code, but could we please make
that a separate patch.
> if (snd_buf->page_len || snd_buf->tail[0].iov_len) {
> tmp = page_address(rqstp->rq_enc_pages[rqstp->rq_enc_pages_num - 1]);
> memcpy(tmp, snd_buf->tail[0].iov_base, snd_buf->tail[0].iov_len);
> snd_buf->tail[0].iov_base = tmp;
> }
> maj_stat = gss_wrap(ctx->gc_gss_ctx, offset, snd_buf, inpages);
> - /* RPC_SLACK_SPACE should prevent this ever happening: */
> + /* slack space should prevent this ever happening: */
> BUG_ON(snd_buf->len > snd_buf->buflen);
> status = -EIO;
> /* We're assuming that when GSS_S_CONTEXT_EXPIRED, the encryption was
> diff --git a/net/sunrpc/auth_gss/gss_krb5_crypto.c b/net/sunrpc/auth_gss/gss_krb5_crypto.c
> index c93fca2..d0f3371 100644
> --- a/net/sunrpc/auth_gss/gss_krb5_crypto.c
> +++ b/net/sunrpc/auth_gss/gss_krb5_crypto.c
> @@ -326,3 +326,59 @@ gss_decrypt_xdr_buf(struct crypto_blkcipher *tfm, struct xdr_buf *buf,
>
> return xdr_process_buf(buf, offset, buf->len - offset, decryptor, &desc);
> }
> +
> +/*
> + * This function makes the assumption that it was ultimately called
> + * from gss_wrap().
> + *
> + * The client auth_gss code moves any existing tail data into a
> + * separate page before calling gss_wrap.
> + * The server svcauth_gss code ensures that both the head and the
> + * tail have slack space of RPC_MAX_AUTH_SIZE before calling gss_wrap.
> + *
> + * Even with that guarantee, this function may be called more than
> + * once in the processing of gss_wrap(). The best we can do is
> + * verify at compile-time (see GSS_KRB5_SLACK_CHECK) that the
> + * largest expected shift will fit within RPC_MAX_AUTH_SIZE.
> + * At run-time we can verify that a single invocation of this
> + * function doesn't attempt to use more the RPC_MAX_AUTH_SIZE.
> + */
> +
> +int
> +shift_head_data(struct xdr_buf *buf, unsigned int base, unsigned int shiftlen)
^^^^^^^^^^^^^^^
This needs a better name in order to avoid polluting the global
namespace. xdr_extend_head(), perhaps?
> +{
> + u8 *p;
> +
> + if (shiftlen == 0)
> + return 0;
> +
> + GSS_KRB5_SLACK_CHECK;
^^^^^^^^^^^^^^^^^^^^^
Why is this a macro?
> + BUG_ON(shiftlen > RPC_MAX_AUTH_SIZE);
> +
> + /*
> + * If there is a tail, and it shares a page with the head,
> + * make sure we don't clobber the tail. This is a just a
> + * defensive check.
> + */
> + if (buf->tail[0].iov_base != NULL) {
> + if ((((long)buf->tail[0].iov_base >> PAGE_CACHE_SHIFT) ==
> + ((long)buf->head[0].iov_base >> PAGE_CACHE_SHIFT)) &&
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
This is just too ugly to live, and is wrong to boot. If
buf->tail[0].iov_len == 0, then buf->tail[0].iov_base isn't even
defined...
> + buf->tail[0].iov_base - buf->head[0].iov_base < shiftlen) {
> + dprintk("%s: collision: head %p:%zu, tail %p:%zu, "
> + "shiftlen %u\n",
> + __func__, buf->head[0].iov_base,
> + buf->head[0].iov_len, buf->tail[0].iov_base,
> + buf->tail[0].iov_len, shiftlen);
> + return 1;
> + }
> + }
> +
> + p = buf->head[0].iov_base + base;
> +
> + memmove(p + shiftlen, p, buf->head[0].iov_len - base);
> +
> + buf->head[0].iov_len += shiftlen;
> + buf->len += shiftlen;
> +
> + return 0;
> +}
> diff --git a/net/sunrpc/auth_gss/gss_krb5_wrap.c b/net/sunrpc/auth_gss/gss_krb5_wrap.c
> index ae8e69b..a0660f5 100644
> --- a/net/sunrpc/auth_gss/gss_krb5_wrap.c
> +++ b/net/sunrpc/auth_gss/gss_krb5_wrap.c
> @@ -144,6 +144,7 @@ gss_wrap_kerberos(struct gss_ctx *ctx, int offset,
>
> dprintk("RPC: gss_wrap_kerberos\n");
>
> + GSS_KRB5_SLACK_CHECK;
....and why do we have a second one here? Since this is a BUILD_BUG,
then surely we can check this just once.
> now = get_seconds();
>
> blocksize = crypto_blkcipher_blocksize(kctx->enc);
> @@ -156,11 +157,9 @@ gss_wrap_kerberos(struct gss_ctx *ctx, int offset,
>
> ptr = buf->head[0].iov_base + offset;
> /* shift data to make room for header. */
> + shift_head_data(buf, offset, headlen);
> +
> /* XXX Would be cleverer to encrypt while copying. */
> - /* XXX bounds checking, slack, etc. */
> - memmove(ptr + headlen, ptr, buf->head[0].iov_len - offset);
> - buf->head[0].iov_len += headlen;
> - buf->len += headlen;
> BUG_ON((buf->len - offset - headlen) % blocksize);
>
> g_make_token_header(&kctx->mech_used,
next prev parent reply other threads:[~2010-03-15 15:58 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-03-15 12:20 [PATCH 00/22] Add new enctypes for gss_krb5 (Round 4) steved
2010-03-15 12:20 ` [PATCH 01/22] gss_krb5: introduce encryption type framework steved
2010-03-15 15:58 ` Trond Myklebust [this message]
[not found] ` <1268668733.2993.90.camel-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
2010-03-16 20:49 ` Steve Dickson
[not found] ` <4B9FEEE0.8040306-AfCzQyP5zfLQT0dZR+AlfA@public.gmane.org>
2010-03-16 21:14 ` Trond Myklebust
[not found] ` <1268774075.3098.56.camel-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
2010-03-16 21:45 ` Kevin Coffman
2010-03-16 21:47 ` Steve Dickson
2010-03-15 12:20 ` [PATCH 02/22] Don't expect blocksize to always be 8 when calculating padding steved
2010-03-15 16:02 ` Trond Myklebust
[not found] ` <1268668930.2993.91.camel-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
2010-03-15 23:38 ` J. Bruce Fields
2010-03-17 11:55 ` Steve Dickson
2010-03-15 12:20 ` [PATCH 03/22] gss_krb5: gss_krb5: split up functions in preparation of adding new enctypes steved
2010-03-15 12:20 ` [PATCH 04/22] gss_krb5: prepare for new context format steved
2010-03-15 12:20 ` [PATCH 05/22] gss_krb5: introduce encryption type framework steved
2010-03-15 16:12 ` Trond Myklebust
2010-03-15 12:20 ` [PATCH 06/22] gss_krb5: add ability to have a keyed checksum (hmac) steved
2010-03-15 12:20 ` [PATCH 07/22] gss_krb5: import functionality to derive keys into the kernel steved
2010-03-15 12:20 ` [PATCH 08/22] gss_krb5: handle new context format from gssd steved
2010-03-15 12:20 ` [PATCH 09/22] gss_krb5: add support for triple-des encryption steved
2010-03-15 12:20 ` [PATCH 10/22] Add new pipefs file indicating which Kerberos enctypes the kernel supports steved
2010-03-15 16:28 ` Trond Myklebust
[not found] ` <1268670503.2993.103.camel-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
2010-03-15 16:36 ` Al Viro
2010-03-15 23:43 ` J. Bruce Fields
2010-03-15 12:20 ` [PATCH 11/22] Update " steved
2010-03-15 12:20 ` [PATCH 12/22] xdr: Add an export for the helper function write_bytes_to_xdr_buf() steved
2010-03-15 16:29 ` Trond Myklebust
2010-03-15 12:20 ` [PATCH 13/22] gss_krb5: add support for new token formats in rfc4121 steved
2010-03-15 16:34 ` Trond Myklebust
2010-03-15 12:20 ` [PATCH 14/22] gss_krb5: add remaining pieces to enable AES encryption support steved
2010-03-15 12:20 ` [PATCH 15/22] gss_krb5: Update pipefs file steved
2010-03-15 12:20 ` [PATCH 16/22] arcfour-hmac support steved
2010-03-15 12:20 ` [PATCH 17/22] Save the raw session key in the context steved
2010-03-15 12:20 ` [PATCH 18/22] More arcfour-hmac support steved
2010-03-15 16:41 ` Trond Myklebust
2010-03-15 12:20 ` [PATCH 19/22] Use confounder length in wrap code steved
2010-03-15 12:20 ` [PATCH 20/22] Add support for rc4-hmac encryption steved
2010-03-15 12:20 ` [PATCH 21/22] Update the pipefs file steved
2010-03-15 12:20 ` [PATCH 22/22] Fixed memory leak in gss_import_v1_context() steved
-- strict thread matches above, loose matches on Subject: below --
2010-04-14 17:36 [PATCH 00/22] Add support for more RPCSEC_GSS/krb5 enctypes Trond Myklebust
2010-04-14 17:36 ` [PATCH 01/22] gss_krb5: Introduce encryption type framework Trond Myklebust
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1268668733.2993.90.camel@localhost.localdomain \
--to=trond.myklebust@fys.uio.no \
--cc=linux-nfs@vger.kernel.org \
--cc=steved@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox