1
// SPDX-License-Identifier: GPL-2.0-only
2
/*
3
 * Establish a TLS session for a kernel socket consumer
4
 * using the tlshd user space handler.
5
 *
6
 * Author: Chuck Lever <[email protected]>
7
 *
8
 * Copyright (c) 2021-2023, Oracle and/or its affiliates.
9
 */
10

11
#include <linux/types.h>
12
#include <linux/socket.h>
13
#include <linux/kernel.h>
14
#include <linux/module.h>
15
#include <linux/slab.h>
16
#include <linux/key.h>
17

18
#include <net/sock.h>
19
#include <net/handshake.h>
20
#include <net/genetlink.h>
21
#include <net/tls_prot.h>
22

23
#include <uapi/linux/keyctl.h>
24
#include <uapi/linux/handshake.h>
25
#include "handshake.h"
26

27
struct tls_handshake_req {
28
	void			(*th_consumer_done)(void *data, int status,
29
						    key_serial_t peerid);
30
	void			*th_consumer_data;
31

32
	int			th_type;
33
	unsigned int		th_timeout_ms;
34
	int			th_auth_mode;
35
	const char		*th_peername;
36
	key_serial_t		th_keyring;
37
	key_serial_t		th_certificate;
38
	key_serial_t		th_privkey;
39

40
	unsigned int		th_num_peerids;
41
	key_serial_t		th_peerid[5];
42
};
43

44
static struct tls_handshake_req *
45
tls_handshake_req_init(struct handshake_req *req,
46
		       const struct tls_handshake_args *args)
47
{
48
	struct tls_handshake_req *treq = handshake_req_private(req);
49

50
	treq->th_timeout_ms = args->ta_timeout_ms;
51
	treq->th_consumer_done = args->ta_done;
52
	treq->th_consumer_data = args->ta_data;
53
	treq->th_peername = args->ta_peername;
54
	treq->th_keyring = args->ta_keyring;
55
	treq->th_num_peerids = 0;
56
	treq->th_certificate = TLS_NO_CERT;
57
	treq->th_privkey = TLS_NO_PRIVKEY;
58
	return treq;
59
}
60

61
static void tls_handshake_remote_peerids(struct tls_handshake_req *treq,
62
					 struct genl_info *info)
63
{
64
	struct nlattr *head = nlmsg_attrdata(info->nlhdr, GENL_HDRLEN);
65
	int rem, len = nlmsg_attrlen(info->nlhdr, GENL_HDRLEN);
66
	struct nlattr *nla;
67
	unsigned int i;
68

69
	i = 0;
70
	nla_for_each_attr(nla, head, len, rem) {
71
		if (nla_type(nla) == HANDSHAKE_A_DONE_REMOTE_AUTH)
72
			i++;
73
	}
74
	if (!i)
75
		return;
76
	treq->th_num_peerids = min_t(unsigned int, i,
77
				     ARRAY_SIZE(treq->th_peerid));
78

79
	i = 0;
80
	nla_for_each_attr(nla, head, len, rem) {
81
		if (nla_type(nla) == HANDSHAKE_A_DONE_REMOTE_AUTH)
82
			treq->th_peerid[i++] = nla_get_u32(nla);
83
		if (i >= treq->th_num_peerids)
84
			break;
85
	}
86
}
87

88
/**
89
 * tls_handshake_done - callback to handle a CMD_DONE request
90
 * @req: socket on which the handshake was performed
91
 * @status: session status code
92
 * @info: full results of session establishment
93
 *
94
 */
95
static void tls_handshake_done(struct handshake_req *req,
96
			       unsigned int status, struct genl_info *info)
97
{
98
	struct tls_handshake_req *treq = handshake_req_private(req);
99

100
	treq->th_peerid[0] = TLS_NO_PEERID;
101
	if (info)
102
		tls_handshake_remote_peerids(treq, info);
103

104
	if (!status)
105
		set_bit(HANDSHAKE_F_REQ_SESSION, &req->hr_flags);
106

107
	treq->th_consumer_done(treq->th_consumer_data, -status,
108
			       treq->th_peerid[0]);
109
}
110

111
#if IS_ENABLED(CONFIG_KEYS)
112
static int tls_handshake_private_keyring(struct tls_handshake_req *treq)
113
{
114
	key_ref_t process_keyring_ref, keyring_ref;
115
	int ret;
116

117
	if (treq->th_keyring == TLS_NO_KEYRING)
118
		return 0;
119

120
	process_keyring_ref = lookup_user_key(KEY_SPEC_PROCESS_KEYRING,
121
					      KEY_LOOKUP_CREATE,
122
					      KEY_NEED_WRITE);
123
	if (IS_ERR(process_keyring_ref)) {
124
		ret = PTR_ERR(process_keyring_ref);
125
		goto out;
126
	}
127

128
	keyring_ref = lookup_user_key(treq->th_keyring, KEY_LOOKUP_CREATE,
129
				      KEY_NEED_LINK);
130
	if (IS_ERR(keyring_ref)) {
131
		ret = PTR_ERR(keyring_ref);
132
		goto out_put_key;
133
	}
134

135
	ret = key_link(key_ref_to_ptr(process_keyring_ref),
136
		       key_ref_to_ptr(keyring_ref));
137

138
	key_ref_put(keyring_ref);
139
out_put_key:
140
	key_ref_put(process_keyring_ref);
141
out:
142
	return ret;
143
}
144
#else
145
static int tls_handshake_private_keyring(struct tls_handshake_req *treq)
146
{
147
	return 0;
148
}
149
#endif
150

151
static int tls_handshake_put_peer_identity(struct sk_buff *msg,
152
					   struct tls_handshake_req *treq)
153
{
154
	unsigned int i;
155

156
	for (i = 0; i < treq->th_num_peerids; i++)
157
		if (nla_put_u32(msg, HANDSHAKE_A_ACCEPT_PEER_IDENTITY,
158
				treq->th_peerid[i]) < 0)
159
			return -EMSGSIZE;
160
	return 0;
161
}
162

163
static int tls_handshake_put_certificate(struct sk_buff *msg,
164
					 struct tls_handshake_req *treq)
165
{
166
	struct nlattr *entry_attr;
167

168
	if (treq->th_certificate == TLS_NO_CERT &&
169
	    treq->th_privkey == TLS_NO_PRIVKEY)
170
		return 0;
171

172
	entry_attr = nla_nest_start(msg, HANDSHAKE_A_ACCEPT_CERTIFICATE);
173
	if (!entry_attr)
174
		return -EMSGSIZE;
175

176
	if (nla_put_s32(msg, HANDSHAKE_A_X509_CERT,
177
			treq->th_certificate) ||
178
	    nla_put_s32(msg, HANDSHAKE_A_X509_PRIVKEY,
179
			treq->th_privkey)) {
180
		nla_nest_cancel(msg, entry_attr);
181
		return -EMSGSIZE;
182
	}
183

184
	nla_nest_end(msg, entry_attr);
185
	return 0;
186
}
187

188
/**
189
 * tls_handshake_accept - callback to construct a CMD_ACCEPT response
190
 * @req: handshake parameters to return
191
 * @info: generic netlink message context
192
 * @fd: file descriptor to be returned
193
 *
194
 * Returns zero on success, or a negative errno on failure.
195
 */
196
static int tls_handshake_accept(struct handshake_req *req,
197
				struct genl_info *info, int fd)
198
{
199
	struct tls_handshake_req *treq = handshake_req_private(req);
200
	struct nlmsghdr *hdr;
201
	struct sk_buff *msg;
202
	int ret;
203

204
	ret = tls_handshake_private_keyring(treq);
205
	if (ret < 0)
206
		goto out;
207

208
	ret = -ENOMEM;
209
	msg = genlmsg_new(GENLMSG_DEFAULT_SIZE, GFP_KERNEL);
210
	if (!msg)
211
		goto out;
212
	hdr = handshake_genl_put(msg, info);
213
	if (!hdr)
214
		goto out_cancel;
215

216
	ret = nla_put_s32(msg, HANDSHAKE_A_ACCEPT_SOCKFD, fd);
217
	if (ret < 0)
218
		goto out_cancel;
219
	ret = nla_put_u32(msg, HANDSHAKE_A_ACCEPT_MESSAGE_TYPE, treq->th_type);
220
	if (ret < 0)
221
		goto out_cancel;
222
	if (treq->th_peername) {
223
		ret = nla_put_string(msg, HANDSHAKE_A_ACCEPT_PEERNAME,
224
				     treq->th_peername);
225
		if (ret < 0)
226
			goto out_cancel;
227
	}
228
	if (treq->th_timeout_ms) {
229
		ret = nla_put_u32(msg, HANDSHAKE_A_ACCEPT_TIMEOUT, treq->th_timeout_ms);
230
		if (ret < 0)
231
			goto out_cancel;
232
	}
233
	if (treq->th_keyring) {
234
		ret = nla_put_u32(msg, HANDSHAKE_A_ACCEPT_KEYRING,
235
				  treq->th_keyring);
236
		if (ret < 0)
237
			goto out_cancel;
238
	}
239

240
	ret = nla_put_u32(msg, HANDSHAKE_A_ACCEPT_AUTH_MODE,
241
			  treq->th_auth_mode);
242
	if (ret < 0)
243
		goto out_cancel;
244
	switch (treq->th_auth_mode) {
245
	case HANDSHAKE_AUTH_PSK:
246
		ret = tls_handshake_put_peer_identity(msg, treq);
247
		if (ret < 0)
248
			goto out_cancel;
249
		break;
250
	case HANDSHAKE_AUTH_X509:
251
		ret = tls_handshake_put_certificate(msg, treq);
252
		if (ret < 0)
253
			goto out_cancel;
254
		break;
255
	}
256

257
	genlmsg_end(msg, hdr);
258
	return genlmsg_reply(msg, info);
259

260
out_cancel:
261
	genlmsg_cancel(msg, hdr);
262
	nlmsg_free(msg);
263
out:
264
	return ret;
265
}
266

267
static const struct handshake_proto tls_handshake_proto = {
268
	.hp_handler_class	= HANDSHAKE_HANDLER_CLASS_TLSHD,
269
	.hp_privsize		= sizeof(struct tls_handshake_req),
270
	.hp_flags		= BIT(HANDSHAKE_F_PROTO_NOTIFY),
271

272
	.hp_accept		= tls_handshake_accept,
273
	.hp_done		= tls_handshake_done,
274
};
275

276
/**
277
 * tls_client_hello_anon - request an anonymous TLS handshake on a socket
278
 * @args: socket and handshake parameters for this request
279
 * @flags: memory allocation control flags
280
 *
281
 * Return values:
282
 *   %0: Handshake request enqueue; ->done will be called when complete
283
 *   %-ESRCH: No user agent is available
284
 *   %-ENOMEM: Memory allocation failed
285
 */
286
int tls_client_hello_anon(const struct tls_handshake_args *args, gfp_t flags)
287
{
288
	struct tls_handshake_req *treq;
289
	struct handshake_req *req;
290

291
	req = handshake_req_alloc(&tls_handshake_proto, flags);
292
	if (!req)
293
		return -ENOMEM;
294
	treq = tls_handshake_req_init(req, args);
295
	treq->th_type = HANDSHAKE_MSG_TYPE_CLIENTHELLO;
296
	treq->th_auth_mode = HANDSHAKE_AUTH_UNAUTH;
297

298
	return handshake_req_submit(args->ta_sock, req, flags);
299
}
300
EXPORT_SYMBOL(tls_client_hello_anon);
301

302
/**
303
 * tls_client_hello_x509 - request an x.509-based TLS handshake on a socket
304
 * @args: socket and handshake parameters for this request
305
 * @flags: memory allocation control flags
306
 *
307
 * Return values:
308
 *   %0: Handshake request enqueue; ->done will be called when complete
309
 *   %-ESRCH: No user agent is available
310
 *   %-ENOMEM: Memory allocation failed
311
 */
312
int tls_client_hello_x509(const struct tls_handshake_args *args, gfp_t flags)
313
{
314
	struct tls_handshake_req *treq;
315
	struct handshake_req *req;
316

317
	req = handshake_req_alloc(&tls_handshake_proto, flags);
318
	if (!req)
319
		return -ENOMEM;
320
	treq = tls_handshake_req_init(req, args);
321
	treq->th_type = HANDSHAKE_MSG_TYPE_CLIENTHELLO;
322
	treq->th_auth_mode = HANDSHAKE_AUTH_X509;
323
	treq->th_certificate = args->ta_my_cert;
324
	treq->th_privkey = args->ta_my_privkey;
325

326
	return handshake_req_submit(args->ta_sock, req, flags);
327
}
328
EXPORT_SYMBOL(tls_client_hello_x509);
329

330
/**
331
 * tls_client_hello_psk - request a PSK-based TLS handshake on a socket
332
 * @args: socket and handshake parameters for this request
333
 * @flags: memory allocation control flags
334
 *
335
 * Return values:
336
 *   %0: Handshake request enqueue; ->done will be called when complete
337
 *   %-EINVAL: Wrong number of local peer IDs
338
 *   %-ESRCH: No user agent is available
339
 *   %-ENOMEM: Memory allocation failed
340
 */
341
int tls_client_hello_psk(const struct tls_handshake_args *args, gfp_t flags)
342
{
343
	struct tls_handshake_req *treq;
344
	struct handshake_req *req;
345
	unsigned int i;
346

347
	if (!args->ta_num_peerids ||
348
	    args->ta_num_peerids > ARRAY_SIZE(treq->th_peerid))
349
		return -EINVAL;
350

351
	req = handshake_req_alloc(&tls_handshake_proto, flags);
352
	if (!req)
353
		return -ENOMEM;
354
	treq = tls_handshake_req_init(req, args);
355
	treq->th_type = HANDSHAKE_MSG_TYPE_CLIENTHELLO;
356
	treq->th_auth_mode = HANDSHAKE_AUTH_PSK;
357
	treq->th_num_peerids = args->ta_num_peerids;
358
	for (i = 0; i < args->ta_num_peerids; i++)
359
		treq->th_peerid[i] = args->ta_my_peerids[i];
360

361
	return handshake_req_submit(args->ta_sock, req, flags);
362
}
363
EXPORT_SYMBOL(tls_client_hello_psk);
364

365
/**
366
 * tls_server_hello_x509 - request a server TLS handshake on a socket
367
 * @args: socket and handshake parameters for this request
368
 * @flags: memory allocation control flags
369
 *
370
 * Return values:
371
 *   %0: Handshake request enqueue; ->done will be called when complete
372
 *   %-ESRCH: No user agent is available
373
 *   %-ENOMEM: Memory allocation failed
374
 */
375
int tls_server_hello_x509(const struct tls_handshake_args *args, gfp_t flags)
376
{
377
	struct tls_handshake_req *treq;
378
	struct handshake_req *req;
379

380
	req = handshake_req_alloc(&tls_handshake_proto, flags);
381
	if (!req)
382
		return -ENOMEM;
383
	treq = tls_handshake_req_init(req, args);
384
	treq->th_type = HANDSHAKE_MSG_TYPE_SERVERHELLO;
385
	treq->th_auth_mode = HANDSHAKE_AUTH_X509;
386
	treq->th_certificate = args->ta_my_cert;
387
	treq->th_privkey = args->ta_my_privkey;
388

389
	return handshake_req_submit(args->ta_sock, req, flags);
390
}
391
EXPORT_SYMBOL(tls_server_hello_x509);
392

393
/**
394
 * tls_server_hello_psk - request a server TLS handshake on a socket
395
 * @args: socket and handshake parameters for this request
396
 * @flags: memory allocation control flags
397
 *
398
 * Return values:
399
 *   %0: Handshake request enqueue; ->done will be called when complete
400
 *   %-ESRCH: No user agent is available
401
 *   %-ENOMEM: Memory allocation failed
402
 */
403
int tls_server_hello_psk(const struct tls_handshake_args *args, gfp_t flags)
404
{
405
	struct tls_handshake_req *treq;
406
	struct handshake_req *req;
407

408
	req = handshake_req_alloc(&tls_handshake_proto, flags);
409
	if (!req)
410
		return -ENOMEM;
411
	treq = tls_handshake_req_init(req, args);
412
	treq->th_type = HANDSHAKE_MSG_TYPE_SERVERHELLO;
413
	treq->th_auth_mode = HANDSHAKE_AUTH_PSK;
414
	treq->th_num_peerids = 1;
415
	treq->th_peerid[0] = args->ta_my_peerids[0];
416

417
	return handshake_req_submit(args->ta_sock, req, flags);
418
}
419
EXPORT_SYMBOL(tls_server_hello_psk);
420

421
/**
422
 * tls_handshake_cancel - cancel a pending handshake
423
 * @sk: socket on which there is an ongoing handshake
424
 *
425
 * Request cancellation races with request completion. To determine
426
 * who won, callers examine the return value from this function.
427
 *
428
 * Return values:
429
 *   %true - Uncompleted handshake request was canceled
430
 *   %false - Handshake request already completed or not found
431
 */
432
bool tls_handshake_cancel(struct sock *sk)
433
{
434
	return handshake_req_cancel(sk);
435
}
436
EXPORT_SYMBOL(tls_handshake_cancel);
437

438
/**
439
 * tls_handshake_close - send a Closure alert
440
 * @sock: an open socket
441
 *
442
 */
443
void tls_handshake_close(struct socket *sock)
444
{
445
	struct handshake_req *req;
446

447
	req = handshake_req_hash_lookup(sock->sk);
448
	if (!req)
449
		return;
450
	if (!test_and_clear_bit(HANDSHAKE_F_REQ_SESSION, &req->hr_flags))
451
		return;
452
	tls_alert_send(sock, TLS_ALERT_LEVEL_WARNING,
453
		       TLS_ALERT_DESC_CLOSE_NOTIFY);
454
}
455
EXPORT_SYMBOL(tls_handshake_close);
456

457