diff options
| author | Daniel Borkmann <dborkman@redhat.com> | 2013-02-12 00:15:33 -0500 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2013-02-12 16:05:11 -0500 |
| commit | 570617e79c3ab31ce426efe9024af84efca862eb (patch) | |
| tree | 7bafb469fa57e9fe475ae720ba83e24a1467d233 | |
| parent | 0790bbb68f9d483348c1d65381f3dd92602bfd05 (diff) | |
net: sctp: remove unused multiple cookie keys
Vlad says: The whole multiple cookie keys code is completely unused
and has been all this time. Noone uses anything other then the
secret_key[0] since there is no changeover support anywhere.
Thus, for now clean up its left-over fragments.
Cc: Neil Horman <nhorman@tuxdriver.com>
Cc: Vlad Yasevich <vyasevic@redhat.com>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Acked-by: Vlad Yasevich <vyasevich@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
| -rw-r--r-- | include/net/sctp/constants.h | 2 | ||||
| -rw-r--r-- | include/net/sctp/structs.h | 5 | ||||
| -rw-r--r-- | net/sctp/endpointola.c | 9 | ||||
| -rw-r--r-- | net/sctp/sm_make_chunk.c | 31 |
4 files changed, 11 insertions, 36 deletions
diff --git a/include/net/sctp/constants.h b/include/net/sctp/constants.h index c29707d654c0..a7dd5c50df79 100644 --- a/include/net/sctp/constants.h +++ b/include/net/sctp/constants.h | |||
| @@ -303,7 +303,7 @@ enum { SCTP_MAX_GABS = 16 }; | |||
| 303 | * to which we will raise the P-MTU. | 303 | * to which we will raise the P-MTU. |
| 304 | */ | 304 | */ |
| 305 | #define SCTP_DEFAULT_MINSEGMENT 512 /* MTU size ... if no mtu disc */ | 305 | #define SCTP_DEFAULT_MINSEGMENT 512 /* MTU size ... if no mtu disc */ |
| 306 | #define SCTP_HOW_MANY_SECRETS 2 /* How many secrets I keep */ | 306 | |
| 307 | #define SCTP_SECRET_SIZE 32 /* Number of octets in a 256 bits. */ | 307 | #define SCTP_SECRET_SIZE 32 /* Number of octets in a 256 bits. */ |
| 308 | 308 | ||
| 309 | #define SCTP_SIGNATURE_SIZE 20 /* size of a SLA-1 signature */ | 309 | #define SCTP_SIGNATURE_SIZE 20 /* size of a SLA-1 signature */ |
diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h index fdeb85a970fc..0e0f9d2322e3 100644 --- a/include/net/sctp/structs.h +++ b/include/net/sctp/structs.h | |||
| @@ -1236,10 +1236,7 @@ struct sctp_endpoint { | |||
| 1236 | * Discussion in [RFC1750] can be helpful in | 1236 | * Discussion in [RFC1750] can be helpful in |
| 1237 | * selection of the key. | 1237 | * selection of the key. |
| 1238 | */ | 1238 | */ |
| 1239 | __u8 secret_key[SCTP_HOW_MANY_SECRETS][SCTP_SECRET_SIZE]; | 1239 | __u8 secret_key[SCTP_SECRET_SIZE]; |
| 1240 | int current_key; | ||
| 1241 | int last_key; | ||
| 1242 | int key_changed_at; | ||
| 1243 | 1240 | ||
| 1244 | /* digest: This is a digest of the sctp cookie. This field is | 1241 | /* digest: This is a digest of the sctp cookie. This field is |
| 1245 | * only used on the receive path when we try to validate | 1242 | * only used on the receive path when we try to validate |
diff --git a/net/sctp/endpointola.c b/net/sctp/endpointola.c index 1a9c5fb77310..73aad3d16a45 100644 --- a/net/sctp/endpointola.c +++ b/net/sctp/endpointola.c | |||
| @@ -151,9 +151,7 @@ static struct sctp_endpoint *sctp_endpoint_init(struct sctp_endpoint *ep, | |||
| 151 | ep->rcvbuf_policy = net->sctp.rcvbuf_policy; | 151 | ep->rcvbuf_policy = net->sctp.rcvbuf_policy; |
| 152 | 152 | ||
| 153 | /* Initialize the secret key used with cookie. */ | 153 | /* Initialize the secret key used with cookie. */ |
| 154 | get_random_bytes(&ep->secret_key[0], SCTP_SECRET_SIZE); | 154 | get_random_bytes(ep->secret_key, sizeof(ep->secret_key)); |
| 155 | ep->last_key = ep->current_key = 0; | ||
| 156 | ep->key_changed_at = jiffies; | ||
| 157 | 155 | ||
| 158 | /* SCTP-AUTH extensions*/ | 156 | /* SCTP-AUTH extensions*/ |
| 159 | INIT_LIST_HEAD(&ep->endpoint_shared_keys); | 157 | INIT_LIST_HEAD(&ep->endpoint_shared_keys); |
| @@ -249,8 +247,6 @@ void sctp_endpoint_free(struct sctp_endpoint *ep) | |||
| 249 | /* Final destructor for endpoint. */ | 247 | /* Final destructor for endpoint. */ |
| 250 | static void sctp_endpoint_destroy(struct sctp_endpoint *ep) | 248 | static void sctp_endpoint_destroy(struct sctp_endpoint *ep) |
| 251 | { | 249 | { |
| 252 | int i; | ||
| 253 | |||
| 254 | SCTP_ASSERT(ep->base.dead, "Endpoint is not dead", return); | 250 | SCTP_ASSERT(ep->base.dead, "Endpoint is not dead", return); |
| 255 | 251 | ||
| 256 | /* Free up the HMAC transform. */ | 252 | /* Free up the HMAC transform. */ |
| @@ -273,8 +269,7 @@ static void sctp_endpoint_destroy(struct sctp_endpoint *ep) | |||
| 273 | sctp_inq_free(&ep->base.inqueue); | 269 | sctp_inq_free(&ep->base.inqueue); |
| 274 | sctp_bind_addr_free(&ep->base.bind_addr); | 270 | sctp_bind_addr_free(&ep->base.bind_addr); |
| 275 | 271 | ||
| 276 | for (i = 0; i < SCTP_HOW_MANY_SECRETS; ++i) | 272 | memset(ep->secret_key, 0, sizeof(ep->secret_key)); |
| 277 | memset(&ep->secret_key[i], 0, SCTP_SECRET_SIZE); | ||
| 278 | 273 | ||
| 279 | /* Remove and free the port */ | 274 | /* Remove and free the port */ |
| 280 | if (sctp_sk(ep->base.sk)->bind_hash) | 275 | if (sctp_sk(ep->base.sk)->bind_hash) |
diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c index e1c5fc2be6b8..a193f3bc8144 100644 --- a/net/sctp/sm_make_chunk.c +++ b/net/sctp/sm_make_chunk.c | |||
| @@ -1589,8 +1589,6 @@ static sctp_cookie_param_t *sctp_pack_cookie(const struct sctp_endpoint *ep, | |||
| 1589 | struct sctp_signed_cookie *cookie; | 1589 | struct sctp_signed_cookie *cookie; |
| 1590 | struct scatterlist sg; | 1590 | struct scatterlist sg; |
| 1591 | int headersize, bodysize; | 1591 | int headersize, bodysize; |
| 1592 | unsigned int keylen; | ||
| 1593 | char *key; | ||
| 1594 | 1592 | ||
| 1595 | /* Header size is static data prior to the actual cookie, including | 1593 | /* Header size is static data prior to the actual cookie, including |
| 1596 | * any padding. | 1594 | * any padding. |
| @@ -1650,12 +1648,11 @@ static sctp_cookie_param_t *sctp_pack_cookie(const struct sctp_endpoint *ep, | |||
| 1650 | 1648 | ||
| 1651 | /* Sign the message. */ | 1649 | /* Sign the message. */ |
| 1652 | sg_init_one(&sg, &cookie->c, bodysize); | 1650 | sg_init_one(&sg, &cookie->c, bodysize); |
| 1653 | keylen = SCTP_SECRET_SIZE; | ||
| 1654 | key = (char *)ep->secret_key[ep->current_key]; | ||
| 1655 | desc.tfm = sctp_sk(ep->base.sk)->hmac; | 1651 | desc.tfm = sctp_sk(ep->base.sk)->hmac; |
| 1656 | desc.flags = 0; | 1652 | desc.flags = 0; |
| 1657 | 1653 | ||
| 1658 | if (crypto_hash_setkey(desc.tfm, key, keylen) || | 1654 | if (crypto_hash_setkey(desc.tfm, ep->secret_key, |
| 1655 | sizeof(ep->secret_key)) || | ||
| 1659 | crypto_hash_digest(&desc, &sg, bodysize, cookie->signature)) | 1656 | crypto_hash_digest(&desc, &sg, bodysize, cookie->signature)) |
| 1660 | goto free_cookie; | 1657 | goto free_cookie; |
| 1661 | } | 1658 | } |
| @@ -1682,8 +1679,7 @@ struct sctp_association *sctp_unpack_cookie( | |||
| 1682 | int headersize, bodysize, fixed_size; | 1679 | int headersize, bodysize, fixed_size; |
| 1683 | __u8 *digest = ep->digest; | 1680 | __u8 *digest = ep->digest; |
| 1684 | struct scatterlist sg; | 1681 | struct scatterlist sg; |
| 1685 | unsigned int keylen, len; | 1682 | unsigned int len; |
| 1686 | char *key; | ||
| 1687 | sctp_scope_t scope; | 1683 | sctp_scope_t scope; |
| 1688 | struct sk_buff *skb = chunk->skb; | 1684 | struct sk_buff *skb = chunk->skb; |
| 1689 | struct timeval tv; | 1685 | struct timeval tv; |
| @@ -1718,34 +1714,21 @@ struct sctp_association *sctp_unpack_cookie( | |||
| 1718 | goto no_hmac; | 1714 | goto no_hmac; |
| 1719 | 1715 | ||
| 1720 | /* Check the signature. */ | 1716 | /* Check the signature. */ |
| 1721 | keylen = SCTP_SECRET_SIZE; | ||
| 1722 | sg_init_one(&sg, bear_cookie, bodysize); | 1717 | sg_init_one(&sg, bear_cookie, bodysize); |
| 1723 | key = (char *)ep->secret_key[ep->current_key]; | ||
| 1724 | desc.tfm = sctp_sk(ep->base.sk)->hmac; | 1718 | desc.tfm = sctp_sk(ep->base.sk)->hmac; |
| 1725 | desc.flags = 0; | 1719 | desc.flags = 0; |
| 1726 | 1720 | ||
| 1727 | memset(digest, 0x00, SCTP_SIGNATURE_SIZE); | 1721 | memset(digest, 0x00, SCTP_SIGNATURE_SIZE); |
| 1728 | if (crypto_hash_setkey(desc.tfm, key, keylen) || | 1722 | if (crypto_hash_setkey(desc.tfm, ep->secret_key, |
| 1723 | sizeof(ep->secret_key)) || | ||
| 1729 | crypto_hash_digest(&desc, &sg, bodysize, digest)) { | 1724 | crypto_hash_digest(&desc, &sg, bodysize, digest)) { |
| 1730 | *error = -SCTP_IERROR_NOMEM; | 1725 | *error = -SCTP_IERROR_NOMEM; |
| 1731 | goto fail; | 1726 | goto fail; |
| 1732 | } | 1727 | } |
| 1733 | 1728 | ||
| 1734 | if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) { | 1729 | if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) { |
| 1735 | /* Try the previous key. */ | 1730 | *error = -SCTP_IERROR_BAD_SIG; |
| 1736 | key = (char *)ep->secret_key[ep->last_key]; | 1731 | goto fail; |
| 1737 | memset(digest, 0x00, SCTP_SIGNATURE_SIZE); | ||
| 1738 | if (crypto_hash_setkey(desc.tfm, key, keylen) || | ||
| 1739 | crypto_hash_digest(&desc, &sg, bodysize, digest)) { | ||
| 1740 | *error = -SCTP_IERROR_NOMEM; | ||
| 1741 | goto fail; | ||
| 1742 | } | ||
| 1743 | |||
| 1744 | if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) { | ||
| 1745 | /* Yikes! Still bad signature! */ | ||
| 1746 | *error = -SCTP_IERROR_BAD_SIG; | ||
| 1747 | goto fail; | ||
| 1748 | } | ||
| 1749 | } | 1732 | } |
| 1750 | 1733 | ||
| 1751 | no_hmac: | 1734 | no_hmac: |
