diff options
| author | Vlad Yasevich <vladislav.yasevich@hp.com> | 2007-10-09 04:15:59 -0400 |
|---|---|---|
| committer | David S. Miller <davem@sunset.davemloft.net> | 2007-10-10 19:51:29 -0400 |
| commit | 1f485649f52929d9937b346a920a522a7363e202 (patch) | |
| tree | 663ac69ba7fff641e243306d7aad5b95378e4d6d /include/net/sctp/structs.h | |
| parent | f7b0e93ba1a484700bd1b0e36bdaddaf4eb51b0b (diff) | |
[SCTP]: Implement SCTP-AUTH internals
This patch implements the internals operations of the AUTH, such as
key computation and storage. It also adds necessary variables to
the SCTP data structures.
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/net/sctp/structs.h')
| -rw-r--r-- | include/net/sctp/structs.h | 71 |
1 files changed, 66 insertions, 5 deletions
diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h index b4812a2d3bb0..18b06afacea0 100644 --- a/include/net/sctp/structs.h +++ b/include/net/sctp/structs.h | |||
| @@ -64,6 +64,7 @@ | |||
| 64 | #include <linux/skbuff.h> /* We need sk_buff_head. */ | 64 | #include <linux/skbuff.h> /* We need sk_buff_head. */ |
| 65 | #include <linux/workqueue.h> /* We need tq_struct. */ | 65 | #include <linux/workqueue.h> /* We need tq_struct. */ |
| 66 | #include <linux/sctp.h> /* We need sctp* header structs. */ | 66 | #include <linux/sctp.h> /* We need sctp* header structs. */ |
| 67 | #include <net/sctp/auth.h> /* We need auth specific structs */ | ||
| 67 | 68 | ||
| 68 | /* A convenience structure for handling sockaddr structures. | 69 | /* A convenience structure for handling sockaddr structures. |
| 69 | * We should wean ourselves off this. | 70 | * We should wean ourselves off this. |
| @@ -216,6 +217,9 @@ extern struct sctp_globals { | |||
| 216 | 217 | ||
| 217 | /* Flag to indicate if PR-SCTP is enabled. */ | 218 | /* Flag to indicate if PR-SCTP is enabled. */ |
| 218 | int prsctp_enable; | 219 | int prsctp_enable; |
| 220 | |||
| 221 | /* Flag to idicate if SCTP-AUTH is enabled */ | ||
| 222 | int auth_enable; | ||
| 219 | } sctp_globals; | 223 | } sctp_globals; |
| 220 | 224 | ||
| 221 | #define sctp_rto_initial (sctp_globals.rto_initial) | 225 | #define sctp_rto_initial (sctp_globals.rto_initial) |
| @@ -248,6 +252,7 @@ extern struct sctp_globals { | |||
| 248 | #define sctp_local_addr_lock (sctp_globals.addr_list_lock) | 252 | #define sctp_local_addr_lock (sctp_globals.addr_list_lock) |
| 249 | #define sctp_addip_enable (sctp_globals.addip_enable) | 253 | #define sctp_addip_enable (sctp_globals.addip_enable) |
| 250 | #define sctp_prsctp_enable (sctp_globals.prsctp_enable) | 254 | #define sctp_prsctp_enable (sctp_globals.prsctp_enable) |
| 255 | #define sctp_auth_enable (sctp_globals.auth_enable) | ||
| 251 | 256 | ||
| 252 | /* SCTP Socket type: UDP or TCP style. */ | 257 | /* SCTP Socket type: UDP or TCP style. */ |
| 253 | typedef enum { | 258 | typedef enum { |
| @@ -397,6 +402,9 @@ struct sctp_cookie { | |||
| 397 | 402 | ||
| 398 | __u32 adaptation_ind; | 403 | __u32 adaptation_ind; |
| 399 | 404 | ||
| 405 | __u8 auth_random[sizeof(sctp_paramhdr_t) + SCTP_AUTH_RANDOM_LENGTH]; | ||
| 406 | __u8 auth_hmacs[SCTP_AUTH_NUM_HMACS + 2]; | ||
| 407 | __u8 auth_chunks[sizeof(sctp_paramhdr_t) + SCTP_AUTH_MAX_CHUNKS]; | ||
| 400 | 408 | ||
| 401 | /* This is a shim for my peer's INIT packet, followed by | 409 | /* This is a shim for my peer's INIT packet, followed by |
| 402 | * a copy of the raw address list of the association. | 410 | * a copy of the raw address list of the association. |
| @@ -441,6 +449,9 @@ union sctp_params { | |||
| 441 | union sctp_addr_param *addr; | 449 | union sctp_addr_param *addr; |
| 442 | struct sctp_adaptation_ind_param *aind; | 450 | struct sctp_adaptation_ind_param *aind; |
| 443 | struct sctp_supported_ext_param *ext; | 451 | struct sctp_supported_ext_param *ext; |
| 452 | struct sctp_random_param *random; | ||
| 453 | struct sctp_chunks_param *chunks; | ||
| 454 | struct sctp_hmac_algo_param *hmac_algo; | ||
| 444 | }; | 455 | }; |
| 445 | 456 | ||
| 446 | /* RFC 2960. Section 3.3.5 Heartbeat. | 457 | /* RFC 2960. Section 3.3.5 Heartbeat. |
| @@ -679,6 +690,7 @@ struct sctp_chunk { | |||
| 679 | struct sctp_errhdr *err_hdr; | 690 | struct sctp_errhdr *err_hdr; |
| 680 | struct sctp_addiphdr *addip_hdr; | 691 | struct sctp_addiphdr *addip_hdr; |
| 681 | struct sctp_fwdtsn_hdr *fwdtsn_hdr; | 692 | struct sctp_fwdtsn_hdr *fwdtsn_hdr; |
| 693 | struct sctp_authhdr *auth_hdr; | ||
| 682 | } subh; | 694 | } subh; |
| 683 | 695 | ||
| 684 | __u8 *chunk_end; | 696 | __u8 *chunk_end; |
| @@ -724,6 +736,7 @@ struct sctp_chunk { | |||
| 724 | __s8 fast_retransmit; /* Is this chunk fast retransmitted? */ | 736 | __s8 fast_retransmit; /* Is this chunk fast retransmitted? */ |
| 725 | __u8 tsn_missing_report; /* Data chunk missing counter. */ | 737 | __u8 tsn_missing_report; /* Data chunk missing counter. */ |
| 726 | __u8 data_accepted; /* At least 1 chunk in this packet accepted */ | 738 | __u8 data_accepted; /* At least 1 chunk in this packet accepted */ |
| 739 | __u8 auth; /* IN: was auth'ed | OUT: needs auth */ | ||
| 727 | }; | 740 | }; |
| 728 | 741 | ||
| 729 | void sctp_chunk_hold(struct sctp_chunk *); | 742 | void sctp_chunk_hold(struct sctp_chunk *); |
| @@ -773,16 +786,22 @@ struct sctp_packet { | |||
| 773 | */ | 786 | */ |
| 774 | struct sctp_transport *transport; | 787 | struct sctp_transport *transport; |
| 775 | 788 | ||
| 789 | /* pointer to the auth chunk for this packet */ | ||
| 790 | struct sctp_chunk *auth; | ||
| 791 | |||
| 776 | /* This packet contains a COOKIE-ECHO chunk. */ | 792 | /* This packet contains a COOKIE-ECHO chunk. */ |
| 777 | char has_cookie_echo; | 793 | __u8 has_cookie_echo; |
| 794 | |||
| 795 | /* This packet contains a SACK chunk. */ | ||
| 796 | __u8 has_sack; | ||
| 778 | 797 | ||
| 779 | /* This packet containsa SACK chunk. */ | 798 | /* This packet contains an AUTH chunk */ |
| 780 | char has_sack; | 799 | __u8 has_auth; |
| 781 | 800 | ||
| 782 | /* SCTP cannot fragment this packet. So let ip fragment it. */ | 801 | /* SCTP cannot fragment this packet. So let ip fragment it. */ |
| 783 | char ipfragok; | 802 | __u8 ipfragok; |
| 784 | 803 | ||
| 785 | int malloced; | 804 | __u8 malloced; |
| 786 | }; | 805 | }; |
| 787 | 806 | ||
| 788 | struct sctp_packet *sctp_packet_init(struct sctp_packet *, | 807 | struct sctp_packet *sctp_packet_init(struct sctp_packet *, |
| @@ -1291,6 +1310,21 @@ struct sctp_endpoint { | |||
| 1291 | 1310 | ||
| 1292 | /* rcvbuf acct. policy. */ | 1311 | /* rcvbuf acct. policy. */ |
| 1293 | __u32 rcvbuf_policy; | 1312 | __u32 rcvbuf_policy; |
| 1313 | |||
| 1314 | /* SCTP AUTH: array of the HMACs that will be allocated | ||
| 1315 | * we need this per association so that we don't serialize | ||
| 1316 | */ | ||
| 1317 | struct crypto_hash **auth_hmacs; | ||
| 1318 | |||
| 1319 | /* SCTP-AUTH: hmacs for the endpoint encoded into parameter */ | ||
| 1320 | struct sctp_hmac_algo_param *auth_hmacs_list; | ||
| 1321 | |||
| 1322 | /* SCTP-AUTH: chunks to authenticate encoded into parameter */ | ||
| 1323 | struct sctp_chunks_param *auth_chunk_list; | ||
| 1324 | |||
| 1325 | /* SCTP-AUTH: endpoint shared keys */ | ||
| 1326 | struct list_head endpoint_shared_keys; | ||
| 1327 | __u16 active_key_id; | ||
| 1294 | }; | 1328 | }; |
| 1295 | 1329 | ||
| 1296 | /* Recover the outter endpoint structure. */ | 1330 | /* Recover the outter endpoint structure. */ |
| @@ -1497,6 +1531,7 @@ struct sctp_association { | |||
| 1497 | __u8 hostname_address;/* Peer understands DNS addresses? */ | 1531 | __u8 hostname_address;/* Peer understands DNS addresses? */ |
| 1498 | __u8 asconf_capable; /* Does peer support ADDIP? */ | 1532 | __u8 asconf_capable; /* Does peer support ADDIP? */ |
| 1499 | __u8 prsctp_capable; /* Can peer do PR-SCTP? */ | 1533 | __u8 prsctp_capable; /* Can peer do PR-SCTP? */ |
| 1534 | __u8 auth_capable; /* Is peer doing SCTP-AUTH? */ | ||
| 1500 | 1535 | ||
| 1501 | __u32 adaptation_ind; /* Adaptation Code point. */ | 1536 | __u32 adaptation_ind; /* Adaptation Code point. */ |
| 1502 | 1537 | ||
| @@ -1514,6 +1549,14 @@ struct sctp_association { | |||
| 1514 | * Initial TSN Value minus 1 | 1549 | * Initial TSN Value minus 1 |
| 1515 | */ | 1550 | */ |
| 1516 | __u32 addip_serial; | 1551 | __u32 addip_serial; |
| 1552 | |||
| 1553 | /* SCTP-AUTH: We need to know pears random number, hmac list | ||
| 1554 | * and authenticated chunk list. All that is part of the | ||
| 1555 | * cookie and these are just pointers to those locations | ||
| 1556 | */ | ||
| 1557 | sctp_random_param_t *peer_random; | ||
| 1558 | sctp_chunks_param_t *peer_chunks; | ||
| 1559 | sctp_hmac_algo_param_t *peer_hmacs; | ||
| 1517 | } peer; | 1560 | } peer; |
| 1518 | 1561 | ||
| 1519 | /* State : A state variable indicating what state the | 1562 | /* State : A state variable indicating what state the |
| @@ -1797,6 +1840,24 @@ struct sctp_association { | |||
| 1797 | */ | 1840 | */ |
| 1798 | __u32 addip_serial; | 1841 | __u32 addip_serial; |
| 1799 | 1842 | ||
| 1843 | /* SCTP AUTH: list of the endpoint shared keys. These | ||
| 1844 | * keys are provided out of band by the user applicaton | ||
| 1845 | * and can't change during the lifetime of the association | ||
| 1846 | */ | ||
| 1847 | struct list_head endpoint_shared_keys; | ||
| 1848 | |||
| 1849 | /* SCTP AUTH: | ||
| 1850 | * The current generated assocaition shared key (secret) | ||
| 1851 | */ | ||
| 1852 | struct sctp_auth_bytes *asoc_shared_key; | ||
| 1853 | |||
| 1854 | /* SCTP AUTH: hmac id of the first peer requested algorithm | ||
| 1855 | * that we support. | ||
| 1856 | */ | ||
| 1857 | __u16 default_hmac_id; | ||
| 1858 | |||
| 1859 | __u16 active_key_id; | ||
| 1860 | |||
| 1800 | /* Need to send an ECNE Chunk? */ | 1861 | /* Need to send an ECNE Chunk? */ |
| 1801 | char need_ecne; | 1862 | char need_ecne; |
| 1802 | 1863 | ||