[SCTP]: Enable the sending of the AUTH chunk.

SCTP-AUTH, Section 6.2: Endpoints MUST send all requested chunks authenticated where this has been requested by the peer. The other chunks MAY be sent authenticated or not. If endpoint pair shared keys are used, one of them MUST be selected for authentication. To send chunks in an authenticated way, the sender MUST include these chunks after an AUTH chunk. This means that a sender MUST bundle chunks in order to authenticate them. If the endpoint has no endpoint pair shared key for the peer, it MUST use Shared Key Identifier 0 with an empty endpoint pair shared key. If there are multiple endpoint shared keys the sender selects one and uses the corresponding Shared Key Identifier Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Vlad Yasevich <vladislav.yasevich@hp.com> 2007-09-16 22:32:45 -0400
committer: David S. Miller <davem@sunset.davemloft.net> 2007-10-10 19:51:31 -0400
commit: 4cd57c8078fae0a4b1bf421191e94626d0cba92a (patch)
tree: e17a54c65a7859b6283a341e0124d200da64ee3a /net/sctp/sm_make_chunk.c
parent: 730fc3d05cd4ba4c9ce2de91f3d43349e95dbbf5 (diff)
1 files changed, 39 insertions, 0 deletions
diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c
index 4c02875786ac..fa2ba543183d 100644
--- a/net/sctp/sm_make_chunk.c
+++ b/net/sctp/sm_make_chunk.c
@@ -1111,6 +1111,41 @@ nodata:
        return retval;
 }
+struct sctp_chunk *sctp_make_auth(const struct sctp_association *asoc)
+{
+        struct sctp_chunk *retval;
+        struct sctp_hmac *hmac_desc;
+        struct sctp_authhdr auth_hdr;
+        __u8 *hmac;
+        /* Get the first hmac that the peer told us to use */
+        hmac_desc = sctp_auth_asoc_get_hmac(asoc);
+        if (unlikely(!hmac_desc))
+                return NULL;
+        retval = sctp_make_chunk(asoc, SCTP_CID_AUTH, 0,
+                        hmac_desc->hmac_len + sizeof(sctp_authhdr_t));
+        if (!retval)
+                return NULL;
+        auth_hdr.hmac_id = htons(hmac_desc->hmac_id);
+        auth_hdr.shkey_id = htons(asoc->active_key_id);
+        retval->subh.auth_hdr = sctp_addto_chunk(retval, sizeof(sctp_authhdr_t),
+                                                &auth_hdr);
+        hmac = skb_put(retval->skb, hmac_desc->hmac_len);
+        memset(hmac, 0, hmac_desc->hmac_len);
+        /* Adjust the chunk header to include the empty MAC */
+        retval->chunk_hdr->length =
+                htons(ntohs(retval->chunk_hdr->length) + hmac_desc->hmac_len);
+        retval->chunk_end = skb_tail_pointer(retval->skb);
+        return retval;
+}
 /********************************************************************
 * 2nd Level Abstractions
 ********************************************************************/
@@ -1225,6 +1260,10 @@ struct sctp_chunk *sctp_make_chunk(const struct sctp_association *asoc,
        retval->chunk_hdr = chunk_hdr;
        retval->chunk_end = ((__u8 *)chunk_hdr) + sizeof(struct sctp_chunkhdr);
+        /* Determine if the chunk needs to be authenticated */
+        if (sctp_auth_send_cid(type, asoc))
+                retval->auth = 1;
        /* Set the skb to the belonging sock for accounting.  */
        skb->sk = sk;
author	Vlad Yasevich <vladislav.yasevich@hp.com>	2007-09-16 22:32:45 -0400
committer	David S. Miller <davem@sunset.davemloft.net>	2007-10-10 19:51:31 -0400
commit	4cd57c8078fae0a4b1bf421191e94626d0cba92a (patch)
tree	e17a54c65a7859b6283a341e0124d200da64ee3a /net/sctp/sm_make_chunk.c
parent	730fc3d05cd4ba4c9ce2de91f3d43349e95dbbf5 (diff)

diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c index 4c02875786ac..fa2ba543183d 100644 --- a/net/sctp/sm_make_chunk.c +++ b/net/sctp/sm_make_chunk.c
@@ -1111,6 +1111,41 @@ nodata:
1111	return retval;	1111	return retval;
1112	}	1112	}
1113		1113
		1114	struct sctp_chunk sctp_make_auth(const struct sctp_association asoc)
		1115	{
		1116	struct sctp_chunk *retval;
		1117	struct sctp_hmac *hmac_desc;
		1118	struct sctp_authhdr auth_hdr;
		1119	__u8 *hmac;
		1120
		1121	/* Get the first hmac that the peer told us to use */
		1122	hmac_desc = sctp_auth_asoc_get_hmac(asoc);
		1123	if (unlikely(!hmac_desc))
		1124	return NULL;
		1125
		1126	retval = sctp_make_chunk(asoc, SCTP_CID_AUTH, 0,
		1127	hmac_desc->hmac_len + sizeof(sctp_authhdr_t));
		1128	if (!retval)
		1129	return NULL;
		1130
		1131	auth_hdr.hmac_id = htons(hmac_desc->hmac_id);
		1132	auth_hdr.shkey_id = htons(asoc->active_key_id);
		1133
		1134	retval->subh.auth_hdr = sctp_addto_chunk(retval, sizeof(sctp_authhdr_t),
		1135	&auth_hdr);
		1136
		1137	hmac = skb_put(retval->skb, hmac_desc->hmac_len);
		1138	memset(hmac, 0, hmac_desc->hmac_len);
		1139
		1140	/* Adjust the chunk header to include the empty MAC */
		1141	retval->chunk_hdr->length =
		1142	htons(ntohs(retval->chunk_hdr->length) + hmac_desc->hmac_len);
		1143	retval->chunk_end = skb_tail_pointer(retval->skb);
		1144
		1145	return retval;
		1146	}
		1147
		1148
1114	/********************************************************************	1149	/********************************************************************
1115	* 2nd Level Abstractions	1150	* 2nd Level Abstractions
1116	********************************************************************/	1151	********************************************************************/
@@ -1225,6 +1260,10 @@ struct sctp_chunk sctp_make_chunk(const struct sctp_association asoc,
1225	retval->chunk_hdr = chunk_hdr;	1260	retval->chunk_hdr = chunk_hdr;
1226	retval->chunk_end = ((__u8 *)chunk_hdr) + sizeof(struct sctp_chunkhdr);	1261	retval->chunk_end = ((__u8 *)chunk_hdr) + sizeof(struct sctp_chunkhdr);
1227		1262
		1263	/* Determine if the chunk needs to be authenticated */
		1264	if (sctp_auth_send_cid(type, asoc))
		1265	retval->auth = 1;
		1266
1228	/* Set the skb to the belonging sock for accounting. */	1267	/* Set the skb to the belonging sock for accounting. */
1229	skb->sk = sk;	1268	skb->sk = sk;
1230		1269