aboutsummaryrefslogtreecommitdiffstats
path: root/net/sctp/sm_make_chunk.c
diff options
context:
space:
mode:
authorVlad Yasevich <vladislav.yasevich@hp.com>2007-09-16 22:32:45 -0400
committerDavid S. Miller <davem@sunset.davemloft.net>2007-10-10 19:51:31 -0400
commit4cd57c8078fae0a4b1bf421191e94626d0cba92a (patch)
treee17a54c65a7859b6283a341e0124d200da64ee3a /net/sctp/sm_make_chunk.c
parent730fc3d05cd4ba4c9ce2de91f3d43349e95dbbf5 (diff)
[SCTP]: Enable the sending of the AUTH chunk.
SCTP-AUTH, Section 6.2: Endpoints MUST send all requested chunks authenticated where this has been requested by the peer. The other chunks MAY be sent authenticated or not. If endpoint pair shared keys are used, one of them MUST be selected for authentication. To send chunks in an authenticated way, the sender MUST include these chunks after an AUTH chunk. This means that a sender MUST bundle chunks in order to authenticate them. If the endpoint has no endpoint pair shared key for the peer, it MUST use Shared Key Identifier 0 with an empty endpoint pair shared key. If there are multiple endpoint shared keys the sender selects one and uses the corresponding Shared Key Identifier Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/sctp/sm_make_chunk.c')
-rw-r--r--net/sctp/sm_make_chunk.c39
1 files changed, 39 insertions, 0 deletions
diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c
index 4c02875786ac..fa2ba543183d 100644
--- a/net/sctp/sm_make_chunk.c
+++ b/net/sctp/sm_make_chunk.c
@@ -1111,6 +1111,41 @@ nodata:
1111 return retval; 1111 return retval;
1112} 1112}
1113 1113
1114struct sctp_chunk *sctp_make_auth(const struct sctp_association *asoc)
1115{
1116 struct sctp_chunk *retval;
1117 struct sctp_hmac *hmac_desc;
1118 struct sctp_authhdr auth_hdr;
1119 __u8 *hmac;
1120
1121 /* Get the first hmac that the peer told us to use */
1122 hmac_desc = sctp_auth_asoc_get_hmac(asoc);
1123 if (unlikely(!hmac_desc))
1124 return NULL;
1125
1126 retval = sctp_make_chunk(asoc, SCTP_CID_AUTH, 0,
1127 hmac_desc->hmac_len + sizeof(sctp_authhdr_t));
1128 if (!retval)
1129 return NULL;
1130
1131 auth_hdr.hmac_id = htons(hmac_desc->hmac_id);
1132 auth_hdr.shkey_id = htons(asoc->active_key_id);
1133
1134 retval->subh.auth_hdr = sctp_addto_chunk(retval, sizeof(sctp_authhdr_t),
1135 &auth_hdr);
1136
1137 hmac = skb_put(retval->skb, hmac_desc->hmac_len);
1138 memset(hmac, 0, hmac_desc->hmac_len);
1139
1140 /* Adjust the chunk header to include the empty MAC */
1141 retval->chunk_hdr->length =
1142 htons(ntohs(retval->chunk_hdr->length) + hmac_desc->hmac_len);
1143 retval->chunk_end = skb_tail_pointer(retval->skb);
1144
1145 return retval;
1146}
1147
1148
1114/******************************************************************** 1149/********************************************************************
1115 * 2nd Level Abstractions 1150 * 2nd Level Abstractions
1116 ********************************************************************/ 1151 ********************************************************************/
@@ -1225,6 +1260,10 @@ struct sctp_chunk *sctp_make_chunk(const struct sctp_association *asoc,
1225 retval->chunk_hdr = chunk_hdr; 1260 retval->chunk_hdr = chunk_hdr;
1226 retval->chunk_end = ((__u8 *)chunk_hdr) + sizeof(struct sctp_chunkhdr); 1261 retval->chunk_end = ((__u8 *)chunk_hdr) + sizeof(struct sctp_chunkhdr);
1227 1262
1263 /* Determine if the chunk needs to be authenticated */
1264 if (sctp_auth_send_cid(type, asoc))
1265 retval->auth = 1;
1266
1228 /* Set the skb to the belonging sock for accounting. */ 1267 /* Set the skb to the belonging sock for accounting. */
1229 skb->sk = sk; 1268 skb->sk = sk;
1230 1269