[SCTP]: API updates to suport SCTP-AUTH extensions.

Add SCTP-AUTH API. The API implemented here was agreed to between implementors at the 9th SCTP Interop. It will be documented in the next revision of the SCTP socket API spec. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Vlad Yasevich <vladislav.yasevich@hp.com> 2007-09-16 22:34:00 -0400
committer: David S. Miller <davem@sunset.davemloft.net> 2007-10-10 19:51:32 -0400
commit: 65b07e5d0d09c77e98050b5f0146ead29e5add32 (patch)
tree: b5c5ac79969401238ce2c01d3999016238b02b93 /net/sctp/auth.c
parent: bbd0d59809f923ea2b540cbd781b32110e249f6e (diff)
1 files changed, 193 insertions, 0 deletions
diff --git a/net/sctp/auth.c b/net/sctp/auth.c
index 2a29409a38d9..781810724714 100644
--- a/net/sctp/auth.c
+++ b/net/sctp/auth.c
@@ -743,3 +743,196 @@ free:
        if (free_key)
                sctp_auth_key_put(asoc_key);
 }
+/* API Helpers */
+/* Add a chunk to the endpoint authenticated chunk list */
+int sctp_auth_ep_add_chunkid(struct sctp_endpoint *ep, __u8 chunk_id)
+{
+        struct sctp_chunks_param *p = ep->auth_chunk_list;
+        __u16 nchunks;
+        __u16 param_len;
+        /* If this chunk is already specified, we are done */
+        if (__sctp_auth_cid(chunk_id, p))
+                return 0;
+        /* Check if we can add this chunk to the array */
+        param_len = ntohs(p->param_hdr.length);
+        nchunks = param_len - sizeof(sctp_paramhdr_t);
+        if (nchunks == SCTP_NUM_CHUNK_TYPES)
+                return -EINVAL;
+        p->chunks[nchunks] = chunk_id;
+        p->param_hdr.length = htons(param_len + 1);
+        return 0;
+}
+/* Add hmac identifires to the endpoint list of supported hmac ids */
+int sctp_auth_ep_set_hmacs(struct sctp_endpoint *ep,
+                           struct sctp_hmacalgo *hmacs)
+{
+        int has_sha1 = 0;
+        __u16 id;
+        int i;
+        /* Scan the list looking for unsupported id.  Also make sure that
+         * SHA1 is specified.
+         */
+        for (i = 0; i < hmacs->shmac_num_idents; i++) {
+                id = hmacs->shmac_idents[i];
+                if (SCTP_AUTH_HMAC_ID_SHA1 == id)
+                        has_sha1 = 1;
+                if (!sctp_hmac_list[id].hmac_name)
+                        return -EOPNOTSUPP;
+        }
+        if (!has_sha1)
+                return -EINVAL;
+        memcpy(ep->auth_hmacs_list->hmac_ids, &hmacs->shmac_idents[0],
+                hmacs->shmac_num_idents * sizeof(__u16));
+        ep->auth_hmacs_list->param_hdr.length = htons(sizeof(sctp_paramhdr_t) +
+                                hmacs->shmac_num_idents * sizeof(__u16));
+        return 0;
+}
+/* Set a new shared key on either endpoint or association.  If the
+ * the key with a same ID already exists, replace the key (remove the
+ * old key and add a new one).
+ */
+int sctp_auth_set_key(struct sctp_endpoint *ep,
+                      struct sctp_association *asoc,
+                      struct sctp_authkey *auth_key)
+{
+        struct sctp_shared_key *cur_key = NULL;
+        struct sctp_auth_bytes *key;
+        struct list_head *sh_keys;
+        int replace = 0;
+        /* Try to find the given key id to see if
+         * we are doing a replace, or adding a new key
+         */
+        if (asoc)
+                sh_keys = &asoc->endpoint_shared_keys;
+        else
+                sh_keys = &ep->endpoint_shared_keys;
+        key_for_each(cur_key, sh_keys) {
+                if (cur_key->key_id == auth_key->sca_keynumber) {
+                        replace = 1;
+                        break;
+                }
+        }
+        /* If we are not replacing a key id, we need to allocate
+         * a shared key.
+         */
+        if (!replace) {
+                cur_key = sctp_auth_shkey_create(auth_key->sca_keynumber,
+                                                 GFP_KERNEL);
+                if (!cur_key)
+                        return -ENOMEM;
+        }
+        /* Create a new key data based on the info passed in */
+        key = sctp_auth_create_key(auth_key->sca_keylen, GFP_KERNEL);
+        if (!key)
+                goto nomem;
+        memcpy(key->data, &auth_key->sca_key[0], auth_key->sca_keylen);
+        /* If we are replacing, remove the old keys data from the
+         * key id.  If we are adding new key id, add it to the
+         * list.
+         */
+        if (replace)
+                sctp_auth_key_put(cur_key->key);
+        else
+                list_add(&cur_key->key_list, sh_keys);
+        cur_key->key = key;
+        sctp_auth_key_hold(key);
+        return 0;
+nomem:
+        if (!replace)
+                sctp_auth_shkey_free(cur_key);
+        return -ENOMEM;
+}
+int sctp_auth_set_active_key(struct sctp_endpoint *ep,
+                             struct sctp_association *asoc,
+                             __u16  key_id)
+{
+        struct sctp_shared_key *key;
+        struct list_head *sh_keys;
+        int found = 0;
+        /* The key identifier MUST correst to an existing key */
+        if (asoc)
+                sh_keys = &asoc->endpoint_shared_keys;
+        else
+                sh_keys = &ep->endpoint_shared_keys;
+        key_for_each(key, sh_keys) {
+                if (key->key_id == key_id) {
+                        found = 1;
+                        break;
+                }
+        }
+        if (!found)
+                return -EINVAL;
+        if (asoc) {
+                asoc->active_key_id = key_id;
+                sctp_auth_asoc_init_active_key(asoc, GFP_KERNEL);
+        } else
+                ep->active_key_id = key_id;
+        return 0;
+}
+int sctp_auth_del_key_id(struct sctp_endpoint *ep,
+                         struct sctp_association *asoc,
+                         __u16  key_id)
+{
+        struct sctp_shared_key *key;
+        struct list_head *sh_keys;
+        int found = 0;
+        /* The key identifier MUST NOT be the current active key
+         * The key identifier MUST correst to an existing key
+         */
+        if (asoc) {
+                if (asoc->active_key_id == key_id)
+                        return -EINVAL;
+                sh_keys = &asoc->endpoint_shared_keys;
+        } else {
+                if (ep->active_key_id == key_id)
+                        return -EINVAL;
+                sh_keys = &ep->endpoint_shared_keys;
+        }
+        key_for_each(key, sh_keys) {
+                if (key->key_id == key_id) {
+                        found = 1;
+                        break;
+                }
+        }
+        if (!found)
+                return -EINVAL;
+        /* Delete the shared key */
+        list_del_init(&key->key_list);
+        sctp_auth_shkey_free(key);
+        return 0;
+}
author	Vlad Yasevich <vladislav.yasevich@hp.com>	2007-09-16 22:34:00 -0400
committer	David S. Miller <davem@sunset.davemloft.net>	2007-10-10 19:51:32 -0400
commit	65b07e5d0d09c77e98050b5f0146ead29e5add32 (patch)
tree	b5c5ac79969401238ce2c01d3999016238b02b93 /net/sctp/auth.c
parent	bbd0d59809f923ea2b540cbd781b32110e249f6e (diff)

diff --git a/net/sctp/auth.c b/net/sctp/auth.c index 2a29409a38d9..781810724714 100644 --- a/net/sctp/auth.c +++ b/net/sctp/auth.c
@@ -743,3 +743,196 @@ free:
743	if (free_key)	743	if (free_key)
744	sctp_auth_key_put(asoc_key);	744	sctp_auth_key_put(asoc_key);
745	}	745	}
		746
		747	/* API Helpers */
		748
		749	/* Add a chunk to the endpoint authenticated chunk list */
		750	int sctp_auth_ep_add_chunkid(struct sctp_endpoint *ep, __u8 chunk_id)
		751	{
		752	struct sctp_chunks_param *p = ep->auth_chunk_list;
		753	__u16 nchunks;
		754	__u16 param_len;
		755
		756	/* If this chunk is already specified, we are done */
		757	if (__sctp_auth_cid(chunk_id, p))
		758	return 0;
		759
		760	/* Check if we can add this chunk to the array */
		761	param_len = ntohs(p->param_hdr.length);
		762	nchunks = param_len - sizeof(sctp_paramhdr_t);
		763	if (nchunks == SCTP_NUM_CHUNK_TYPES)
		764	return -EINVAL;
		765
		766	p->chunks[nchunks] = chunk_id;
		767	p->param_hdr.length = htons(param_len + 1);
		768	return 0;
		769	}
		770
		771	/* Add hmac identifires to the endpoint list of supported hmac ids */
		772	int sctp_auth_ep_set_hmacs(struct sctp_endpoint *ep,
		773	struct sctp_hmacalgo *hmacs)
		774	{
		775	int has_sha1 = 0;
		776	__u16 id;
		777	int i;
		778
		779	/* Scan the list looking for unsupported id. Also make sure that
		780	* SHA1 is specified.
		781	*/
		782	for (i = 0; i < hmacs->shmac_num_idents; i++) {
		783	id = hmacs->shmac_idents[i];
		784
		785	if (SCTP_AUTH_HMAC_ID_SHA1 == id)
		786	has_sha1 = 1;
		787
		788	if (!sctp_hmac_list[id].hmac_name)
		789	return -EOPNOTSUPP;
		790	}
		791
		792	if (!has_sha1)
		793	return -EINVAL;
		794
		795	memcpy(ep->auth_hmacs_list->hmac_ids, &hmacs->shmac_idents[0],
		796	hmacs->shmac_num_idents * sizeof(__u16));
		797	ep->auth_hmacs_list->param_hdr.length = htons(sizeof(sctp_paramhdr_t) +
		798	hmacs->shmac_num_idents * sizeof(__u16));
		799	return 0;
		800	}
		801
		802	/* Set a new shared key on either endpoint or association. If the
		803	* the key with a same ID already exists, replace the key (remove the
		804	* old key and add a new one).
		805	*/
		806	int sctp_auth_set_key(struct sctp_endpoint *ep,
		807	struct sctp_association *asoc,
		808	struct sctp_authkey *auth_key)
		809	{
		810	struct sctp_shared_key *cur_key = NULL;
		811	struct sctp_auth_bytes *key;
		812	struct list_head *sh_keys;
		813	int replace = 0;
		814
		815	/* Try to find the given key id to see if
		816	* we are doing a replace, or adding a new key
		817	*/
		818	if (asoc)
		819	sh_keys = &asoc->endpoint_shared_keys;
		820	else
		821	sh_keys = &ep->endpoint_shared_keys;
		822
		823	key_for_each(cur_key, sh_keys) {
		824	if (cur_key->key_id == auth_key->sca_keynumber) {
		825	replace = 1;
		826	break;
		827	}
		828	}
		829
		830	/* If we are not replacing a key id, we need to allocate
		831	* a shared key.
		832	*/
		833	if (!replace) {
		834	cur_key = sctp_auth_shkey_create(auth_key->sca_keynumber,
		835	GFP_KERNEL);
		836	if (!cur_key)
		837	return -ENOMEM;
		838	}
		839
		840	/* Create a new key data based on the info passed in */
		841	key = sctp_auth_create_key(auth_key->sca_keylen, GFP_KERNEL);
		842	if (!key)
		843	goto nomem;
		844
		845	memcpy(key->data, &auth_key->sca_key[0], auth_key->sca_keylen);
		846
		847	/* If we are replacing, remove the old keys data from the
		848	* key id. If we are adding new key id, add it to the
		849	* list.
		850	*/
		851	if (replace)
		852	sctp_auth_key_put(cur_key->key);
		853	else
		854	list_add(&cur_key->key_list, sh_keys);
		855
		856	cur_key->key = key;
		857	sctp_auth_key_hold(key);
		858
		859	return 0;
		860	nomem:
		861	if (!replace)
		862	sctp_auth_shkey_free(cur_key);
		863
		864	return -ENOMEM;
		865	}
		866
		867	int sctp_auth_set_active_key(struct sctp_endpoint *ep,
		868	struct sctp_association *asoc,
		869	__u16 key_id)
		870	{
		871	struct sctp_shared_key *key;
		872	struct list_head *sh_keys;
		873	int found = 0;
		874
		875	/* The key identifier MUST correst to an existing key */
		876	if (asoc)
		877	sh_keys = &asoc->endpoint_shared_keys;
		878	else
		879	sh_keys = &ep->endpoint_shared_keys;
		880
		881	key_for_each(key, sh_keys) {
		882	if (key->key_id == key_id) {
		883	found = 1;
		884	break;
		885	}
		886	}
		887
		888	if (!found)
		889	return -EINVAL;
		890
		891	if (asoc) {
		892	asoc->active_key_id = key_id;
		893	sctp_auth_asoc_init_active_key(asoc, GFP_KERNEL);
		894	} else
		895	ep->active_key_id = key_id;
		896
		897	return 0;
		898	}
		899
		900	int sctp_auth_del_key_id(struct sctp_endpoint *ep,
		901	struct sctp_association *asoc,
		902	__u16 key_id)
		903	{
		904	struct sctp_shared_key *key;
		905	struct list_head *sh_keys;
		906	int found = 0;
		907
		908	/* The key identifier MUST NOT be the current active key
		909	* The key identifier MUST correst to an existing key
		910	*/
		911	if (asoc) {
		912	if (asoc->active_key_id == key_id)
		913	return -EINVAL;
		914
		915	sh_keys = &asoc->endpoint_shared_keys;
		916	} else {
		917	if (ep->active_key_id == key_id)
		918	return -EINVAL;
		919
		920	sh_keys = &ep->endpoint_shared_keys;
		921	}
		922
		923	key_for_each(key, sh_keys) {
		924	if (key->key_id == key_id) {
		925	found = 1;
		926	break;
		927	}
		928	}
		929
		930	if (!found)
		931	return -EINVAL;
		932
		933	/* Delete the shared key */
		934	list_del_init(&key->key_list);
		935	sctp_auth_shkey_free(key);
		936
		937	return 0;
		938	}