[SCTP]: Implete SCTP-AUTH parameter processing

Implement processing for the CHUNKS, RANDOM, and HMAC parameters and deal with how this parameters are effected by association restarts. In particular, during unexpeted INIT processing, we need to reply with parameters from the original INIT chunk. Also, after restart, we need to update the old association with new peer parameters and change the association shared keys. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Vlad Yasevich <vladislav.yasevich@hp.com> 2007-09-16 22:32:11 -0400
committer: David S. Miller <davem@sunset.davemloft.net> 2007-10-10 19:51:30 -0400
commit: 730fc3d05cd4ba4c9ce2de91f3d43349e95dbbf5 (patch)
tree: 50a59c6592a7546f9d54364f26dc2a03f5f18345 /net/sctp/sm_statefuns.c
parent: a29a5bd4f5c3e8ba2e89688feab8b01c44f1654f (diff)
1 files changed, 35 insertions, 0 deletions
diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
index ec0328b1cdb1..385486360fe9 100644
--- a/net/sctp/sm_statefuns.c
+++ b/net/sctp/sm_statefuns.c
@@ -549,6 +549,11 @@ sctp_disposition_t sctp_sf_do_5_1C_ack(const struct sctp_endpoint *ep,
        sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
                        SCTP_STATE(SCTP_STATE_COOKIE_ECHOED));
+        /* SCTP-AUTH: genereate the assocition shared keys so that
+         * we can potentially signe the COOKIE-ECHO.
+         */
+        sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_SHKEY, SCTP_NULL());
        /* 5.1 C) "A" shall then send the State Cookie received in the
         * INIT ACK chunk in a COOKIE ECHO chunk, ...
         */
@@ -686,6 +691,14 @@ sctp_disposition_t sctp_sf_do_5_1D_ce(const struct sctp_endpoint *ep,
                               peer_init, GFP_ATOMIC))
                goto nomem_init;
+        /* SCTP-AUTH:  Now that we've populate required fields in
+         * sctp_process_init, set up the assocaition shared keys as
+         * necessary so that we can potentially authenticate the ACK
+         */
+        error = sctp_auth_asoc_init_active_key(new_asoc, GFP_ATOMIC);
+        if (error)
+                goto nomem_init;
        repl = sctp_make_cookie_ack(new_asoc, chunk);
        if (!repl)
                goto nomem_init;
@@ -1247,6 +1260,26 @@ static void sctp_tietags_populate(struct sctp_association *new_asoc,
        new_asoc->c.initial_tsn         = asoc->c.initial_tsn;
 }
+static void sctp_auth_params_populate(struct sctp_association *new_asoc,
+                                    const struct sctp_association *asoc)
+{
+        /* Only perform this if AUTH extension is enabled */
+        if (!sctp_auth_enable)
+                return;
+        /* We need to provide the same parameter information as
+         * was in the original INIT.  This means that we need to copy
+         * the HMACS, CHUNKS, and RANDOM parameter from the original
+         * assocaition.
+         */
+        memcpy(new_asoc->c.auth_random, asoc->c.auth_random,
+                sizeof(asoc->c.auth_random));
+        memcpy(new_asoc->c.auth_hmacs, asoc->c.auth_hmacs,
+                sizeof(asoc->c.auth_hmacs));
+        memcpy(new_asoc->c.auth_chunks, asoc->c.auth_chunks,
+                sizeof(asoc->c.auth_chunks));
+}
 /*
 * Compare vtag/tietag values to determine unexpected COOKIE-ECHO
 * handling action.
@@ -1404,6 +1437,8 @@ static sctp_disposition_t sctp_sf_do_unexpected_init(
        sctp_tietags_populate(new_asoc, asoc);
+        sctp_auth_params_populate(new_asoc, asoc);
        /* B) "Z" shall respond immediately with an INIT ACK chunk.  */
        /* If there are errors need to be reported for unknown parameters,
author	Vlad Yasevich <vladislav.yasevich@hp.com>	2007-09-16 22:32:11 -0400
committer	David S. Miller <davem@sunset.davemloft.net>	2007-10-10 19:51:30 -0400
commit	730fc3d05cd4ba4c9ce2de91f3d43349e95dbbf5 (patch)
tree	50a59c6592a7546f9d54364f26dc2a03f5f18345 /net/sctp/sm_statefuns.c
parent	a29a5bd4f5c3e8ba2e89688feab8b01c44f1654f (diff)

diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c index ec0328b1cdb1..385486360fe9 100644 --- a/net/sctp/sm_statefuns.c +++ b/net/sctp/sm_statefuns.c
@@ -549,6 +549,11 @@ sctp_disposition_t sctp_sf_do_5_1C_ack(const struct sctp_endpoint *ep,
549	sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,	549	sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
550	SCTP_STATE(SCTP_STATE_COOKIE_ECHOED));	550	SCTP_STATE(SCTP_STATE_COOKIE_ECHOED));
551		551
		552	/* SCTP-AUTH: genereate the assocition shared keys so that
		553	* we can potentially signe the COOKIE-ECHO.
		554	*/
		555	sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_SHKEY, SCTP_NULL());
		556
552	/* 5.1 C) "A" shall then send the State Cookie received in the	557	/* 5.1 C) "A" shall then send the State Cookie received in the
553	* INIT ACK chunk in a COOKIE ECHO chunk, ...	558	* INIT ACK chunk in a COOKIE ECHO chunk, ...
554	*/	559	*/
@@ -686,6 +691,14 @@ sctp_disposition_t sctp_sf_do_5_1D_ce(const struct sctp_endpoint *ep,
686	peer_init, GFP_ATOMIC))	691	peer_init, GFP_ATOMIC))
687	goto nomem_init;	692	goto nomem_init;
688		693
		694	/* SCTP-AUTH: Now that we've populate required fields in
		695	* sctp_process_init, set up the assocaition shared keys as
		696	* necessary so that we can potentially authenticate the ACK
		697	*/
		698	error = sctp_auth_asoc_init_active_key(new_asoc, GFP_ATOMIC);
		699	if (error)
		700	goto nomem_init;
		701
689	repl = sctp_make_cookie_ack(new_asoc, chunk);	702	repl = sctp_make_cookie_ack(new_asoc, chunk);
690	if (!repl)	703	if (!repl)
691	goto nomem_init;	704	goto nomem_init;
@@ -1247,6 +1260,26 @@ static void sctp_tietags_populate(struct sctp_association *new_asoc,
1247	new_asoc->c.initial_tsn = asoc->c.initial_tsn;	1260	new_asoc->c.initial_tsn = asoc->c.initial_tsn;
1248	}	1261	}
1249		1262
		1263	static void sctp_auth_params_populate(struct sctp_association *new_asoc,
		1264	const struct sctp_association *asoc)
		1265	{
		1266	/* Only perform this if AUTH extension is enabled */
		1267	if (!sctp_auth_enable)
		1268	return;
		1269
		1270	/* We need to provide the same parameter information as
		1271	* was in the original INIT. This means that we need to copy
		1272	* the HMACS, CHUNKS, and RANDOM parameter from the original
		1273	* assocaition.
		1274	*/
		1275	memcpy(new_asoc->c.auth_random, asoc->c.auth_random,
		1276	sizeof(asoc->c.auth_random));
		1277	memcpy(new_asoc->c.auth_hmacs, asoc->c.auth_hmacs,
		1278	sizeof(asoc->c.auth_hmacs));
		1279	memcpy(new_asoc->c.auth_chunks, asoc->c.auth_chunks,
		1280	sizeof(asoc->c.auth_chunks));
		1281	}
		1282
1250	/*	1283	/*
1251	* Compare vtag/tietag values to determine unexpected COOKIE-ECHO	1284	* Compare vtag/tietag values to determine unexpected COOKIE-ECHO
1252	* handling action.	1285	* handling action.
@@ -1404,6 +1437,8 @@ static sctp_disposition_t sctp_sf_do_unexpected_init(
1404		1437
1405	sctp_tietags_populate(new_asoc, asoc);	1438	sctp_tietags_populate(new_asoc, asoc);
1406		1439
		1440	sctp_auth_params_populate(new_asoc, asoc);
		1441
1407	/* B) "Z" shall respond immediately with an INIT ACK chunk. */	1442	/* B) "Z" shall respond immediately with an INIT ACK chunk. */
1408		1443
1409	/* If there are errors need to be reported for unknown parameters,	1444	/* If there are errors need to be reported for unknown parameters,