3 files changed, 110 insertions, 0 deletions
diff --git a/include/net/sctp/auth.h b/include/net/sctp/auth.h
index 10c8010552ff..4945954a16af 100644
--- a/include/net/sctp/auth.h
+++ b/include/net/sctp/auth.h
@@ -43,6 +43,7 @@
 struct sctp_endpoint;
 struct sctp_association;
 struct sctp_authkey;
+struct sctp_hmacalgo;
 /*
 * Define a generic struct that will hold all the info
@@ -109,4 +110,19 @@ int sctp_auth_recv_cid(sctp_cid_t chunk, const struct sctp_association *asoc);
 void sctp_auth_calculate_hmac(const struct sctp_association *asoc,
                            struct sk_buff *skb,
                            struct sctp_auth_chunk *auth, gfp_t gfp);
+/* API Helpers */
+int sctp_auth_ep_add_chunkid(struct sctp_endpoint *ep, __u8 chunk_id);
+int sctp_auth_ep_set_hmacs(struct sctp_endpoint *ep,
+                            struct sctp_hmacalgo *hmacs);
+int sctp_auth_set_key(struct sctp_endpoint *ep,
+                      struct sctp_association *asoc,
+                      struct sctp_authkey *auth_key);
+int sctp_auth_set_active_key(struct sctp_endpoint *ep,
+                      struct sctp_association *asoc,
+                      __u16 key_id);
+int sctp_auth_del_key_id(struct sctp_endpoint *ep,
+                      struct sctp_association *asoc,
+                      __u16 key_id);
 #endif
diff --git a/include/net/sctp/ulpevent.h b/include/net/sctp/ulpevent.h
index de88ed5b0ba6..922a151eb93c 100644
--- a/include/net/sctp/ulpevent.h
+++ b/include/net/sctp/ulpevent.h
@@ -128,6 +128,10 @@ struct sctp_ulpevent *sctp_ulpevent_make_rcvmsg(struct sctp_association *asoc,
        struct sctp_chunk *chunk,
        gfp_t gfp);
+struct sctp_ulpevent *sctp_ulpevent_make_authkey(
+        const struct sctp_association *asoc, __u16 key_id,
+        __u32 indication, gfp_t gfp);
 void sctp_ulpevent_read_sndrcvinfo(const struct sctp_ulpevent *event,
        struct msghdr *);
 __u16 sctp_ulpevent_get_notification_type(const struct sctp_ulpevent *event);
diff --git a/include/net/sctp/user.h b/include/net/sctp/user.h
index 6d2b57758cca..00848b641f59 100644
--- a/include/net/sctp/user.h
+++ b/include/net/sctp/user.h
@@ -103,6 +103,21 @@ enum sctp_optname {
 #define SCTP_PARTIAL_DELIVERY_POINT SCTP_PARTIAL_DELIVERY_POINT
        SCTP_MAX_BURST,         /* Set/Get max burst */
 #define SCTP_MAX_BURST SCTP_MAX_BURST
+        SCTP_AUTH_CHUNK,        /* Set only: add a chunk type to authenticat */
+#define SCTP_AUTH_CHUNK SCTP_AUTH_CHUNK
+        SCTP_HMAC_IDENT,
+#define SCTP_HMAC_IDENT SCTP_HMAC_IDENT
+        SCTP_AUTH_KEY,
+#define SCTP_AUTH_KEY SCTP_AUTH_KEY
+        SCTP_AUTH_ACTIVE_KEY,
+#define SCTP_AUTH_ACTIVE_KEY SCTP_AUTH_ACTIVE_KEY
+        SCTP_AUTH_DELETE_KEY,
+#define SCTP_AUTH_DELETE_KEY SCTP_AUTH_DELETE_KEY
+        SCTP_PEER_AUTH_CHUNKS,          /* Read only */
+#define SCTP_PEER_AUTH_CHUNKS SCTP_PEER_AUTH_CHUNKS
+        SCTP_LOCAL_AUTH_CHUNKS,         /* Read only */
+#define SCTP_LOCAL_AUTH_CHUNKS SCTP_LOCAL_AUTH_CHUNKS
        /* Internal Socket Options. Some of the sctp library functions are 
         * implemented using these socket options.
@@ -370,6 +385,19 @@ struct sctp_pdapi_event {
 enum { SCTP_PARTIAL_DELIVERY_ABORTED=0, };
+struct sctp_authkey_event {
+        __u16 auth_type;
+        __u16 auth_flags;
+        __u32 auth_length;
+        __u16 auth_keynumber;
+        __u16 auth_altkeynumber;
+        __u32 auth_indication;
+        sctp_assoc_t auth_assoc_id;
+};
+enum { SCTP_AUTH_NEWKEY = 0, };
 /*
 * Described in Section 7.3
 *   Ancillary Data and Notification Interest Options
@@ -405,6 +433,7 @@ union sctp_notification {
        struct sctp_shutdown_event sn_shutdown_event;
        struct sctp_adaptation_event sn_adaptation_event;
        struct sctp_pdapi_event sn_pdapi_event;
+        struct sctp_authkey_event sn_authkey_event;
 };
 /* Section 5.3.1
@@ -421,6 +450,7 @@ enum sctp_sn_type {
        SCTP_SHUTDOWN_EVENT,
        SCTP_PARTIAL_DELIVERY_EVENT,
        SCTP_ADAPTATION_INDICATION,
+        SCTP_AUTHENTICATION_EVENT,
 };
 /* Notification error codes used to fill up the error fields in some
@@ -539,6 +569,54 @@ struct sctp_paddrparams {
        __u32                   spp_flags;
 } __attribute__((packed, aligned(4)));
+/*
+ * 7.1.18.  Add a chunk that must be authenticated (SCTP_AUTH_CHUNK)
+ *
+ * This set option adds a chunk type that the user is requesting to be
+ * received only in an authenticated way.  Changes to the list of chunks
+ * will only effect future associations on the socket.
+ */
+struct sctp_authchunk {
+        __u8            sauth_chunk;
+};
+/*
+ * 7.1.19.  Get or set the list of supported HMAC Identifiers (SCTP_HMAC_IDENT)
+ *
+ * This option gets or sets the list of HMAC algorithms that the local
+ * endpoint requires the peer to use.
+*/
+struct sctp_hmacalgo {
+        __u16           shmac_num_idents;
+        __u16           shmac_idents[];
+};
+/*
+ * 7.1.20.  Set a shared key (SCTP_AUTH_KEY)
+ *
+ * This option will set a shared secret key which is used to build an
+ * association shared key.
+ */
+struct sctp_authkey {
+        sctp_assoc_t    sca_assoc_id;
+        __u16           sca_keynumber;
+        __u16           sca_keylen;
+        __u8            sca_key[];
+};
+/*
+ * 7.1.21.  Get or set the active shared key (SCTP_AUTH_ACTIVE_KEY)
+ *
+ * This option will get or set the active shared key to be used to build
+ * the association shared key.
+ */
+struct sctp_authkeyid {
+        sctp_assoc_t    scact_assoc_id;
+        __u16           scact_keynumber;
+};
 /* 7.1.23. Delayed Ack Timer (SCTP_DELAYED_ACK_TIME)
 *
 *   This options will get or set the delayed ack timer.  The time is set
@@ -608,6 +686,18 @@ struct sctp_status {
 };
 /*
+ * 7.2.3.  Get the list of chunks the peer requires to be authenticated
+ *         (SCTP_PEER_AUTH_CHUNKS)
+ *
+ * This option gets a list of chunks for a specified association that
+ * the peer requires to be received authenticated only.
+ */
+struct sctp_authchunks {
+        sctp_assoc_t            gauth_assoc_id;
+        uint8_t                 gauth_chunks[];
+};
+/*
 * 8.3, 8.5 get all peer/local addresses in an association.
 * This parameter struct is used by SCTP_GET_PEER_ADDRS and 
 * SCTP_GET_LOCAL_ADDRS socket options used internally to implement

diff --git a/include/net/sctp/auth.h b/include/net/sctp/auth.h index 10c8010552ff..4945954a16af 100644 --- a/include/net/sctp/auth.h +++ b/include/net/sctp/auth.h
@@ -43,6 +43,7 @@
43	struct sctp_endpoint;	43	struct sctp_endpoint;
44	struct sctp_association;	44	struct sctp_association;
45	struct sctp_authkey;	45	struct sctp_authkey;
		46	struct sctp_hmacalgo;
46		47
47	/*	48	/*
48	* Define a generic struct that will hold all the info	49	* Define a generic struct that will hold all the info
@@ -109,4 +110,19 @@ int sctp_auth_recv_cid(sctp_cid_t chunk, const struct sctp_association *asoc);
109	void sctp_auth_calculate_hmac(const struct sctp_association *asoc,	110	void sctp_auth_calculate_hmac(const struct sctp_association *asoc,
110	struct sk_buff *skb,	111	struct sk_buff *skb,
111	struct sctp_auth_chunk *auth, gfp_t gfp);	112	struct sctp_auth_chunk *auth, gfp_t gfp);
		113
		114	/* API Helpers */
		115	int sctp_auth_ep_add_chunkid(struct sctp_endpoint *ep, __u8 chunk_id);
		116	int sctp_auth_ep_set_hmacs(struct sctp_endpoint *ep,
		117	struct sctp_hmacalgo *hmacs);
		118	int sctp_auth_set_key(struct sctp_endpoint *ep,
		119	struct sctp_association *asoc,
		120	struct sctp_authkey *auth_key);
		121	int sctp_auth_set_active_key(struct sctp_endpoint *ep,
		122	struct sctp_association *asoc,
		123	__u16 key_id);
		124	int sctp_auth_del_key_id(struct sctp_endpoint *ep,
		125	struct sctp_association *asoc,
		126	__u16 key_id);
		127
112	#endif	128	#endif


diff --git a/include/net/sctp/ulpevent.h b/include/net/sctp/ulpevent.h index de88ed5b0ba6..922a151eb93c 100644 --- a/include/net/sctp/ulpevent.h +++ b/include/net/sctp/ulpevent.h
@@ -128,6 +128,10 @@ struct sctp_ulpevent sctp_ulpevent_make_rcvmsg(struct sctp_association asoc,
128	struct sctp_chunk *chunk,	128	struct sctp_chunk *chunk,
129	gfp_t gfp);	129	gfp_t gfp);
130		130
		131	struct sctp_ulpevent *sctp_ulpevent_make_authkey(
		132	const struct sctp_association *asoc, __u16 key_id,
		133	__u32 indication, gfp_t gfp);
		134
131	void sctp_ulpevent_read_sndrcvinfo(const struct sctp_ulpevent *event,	135	void sctp_ulpevent_read_sndrcvinfo(const struct sctp_ulpevent *event,
132	struct msghdr *);	136	struct msghdr *);
133	__u16 sctp_ulpevent_get_notification_type(const struct sctp_ulpevent *event);	137	__u16 sctp_ulpevent_get_notification_type(const struct sctp_ulpevent *event);


diff --git a/include/net/sctp/user.h b/include/net/sctp/user.h index 6d2b57758cca..00848b641f59 100644 --- a/include/net/sctp/user.h +++ b/include/net/sctp/user.h
@@ -103,6 +103,21 @@ enum sctp_optname {
103	#define SCTP_PARTIAL_DELIVERY_POINT SCTP_PARTIAL_DELIVERY_POINT	103	#define SCTP_PARTIAL_DELIVERY_POINT SCTP_PARTIAL_DELIVERY_POINT
104	SCTP_MAX_BURST, /* Set/Get max burst */	104	SCTP_MAX_BURST, /* Set/Get max burst */
105	#define SCTP_MAX_BURST SCTP_MAX_BURST	105	#define SCTP_MAX_BURST SCTP_MAX_BURST
		106	SCTP_AUTH_CHUNK, /* Set only: add a chunk type to authenticat */
		107	#define SCTP_AUTH_CHUNK SCTP_AUTH_CHUNK
		108	SCTP_HMAC_IDENT,
		109	#define SCTP_HMAC_IDENT SCTP_HMAC_IDENT
		110	SCTP_AUTH_KEY,
		111	#define SCTP_AUTH_KEY SCTP_AUTH_KEY
		112	SCTP_AUTH_ACTIVE_KEY,
		113	#define SCTP_AUTH_ACTIVE_KEY SCTP_AUTH_ACTIVE_KEY
		114	SCTP_AUTH_DELETE_KEY,
		115	#define SCTP_AUTH_DELETE_KEY SCTP_AUTH_DELETE_KEY
		116	SCTP_PEER_AUTH_CHUNKS, /* Read only */
		117	#define SCTP_PEER_AUTH_CHUNKS SCTP_PEER_AUTH_CHUNKS
		118	SCTP_LOCAL_AUTH_CHUNKS, /* Read only */
		119	#define SCTP_LOCAL_AUTH_CHUNKS SCTP_LOCAL_AUTH_CHUNKS
		120
106		121
107	/* Internal Socket Options. Some of the sctp library functions are	122	/* Internal Socket Options. Some of the sctp library functions are
108	* implemented using these socket options.	123	* implemented using these socket options.
@@ -370,6 +385,19 @@ struct sctp_pdapi_event {
370		385
371	enum { SCTP_PARTIAL_DELIVERY_ABORTED=0, };	386	enum { SCTP_PARTIAL_DELIVERY_ABORTED=0, };
372		387
		388	struct sctp_authkey_event {
		389	__u16 auth_type;
		390	__u16 auth_flags;
		391	__u32 auth_length;
		392	__u16 auth_keynumber;
		393	__u16 auth_altkeynumber;
		394	__u32 auth_indication;
		395	sctp_assoc_t auth_assoc_id;
		396	};
		397
		398	enum { SCTP_AUTH_NEWKEY = 0, };
		399
		400
373	/*	401	/*
374	* Described in Section 7.3	402	* Described in Section 7.3
375	* Ancillary Data and Notification Interest Options	403	* Ancillary Data and Notification Interest Options
@@ -405,6 +433,7 @@ union sctp_notification {
405	struct sctp_shutdown_event sn_shutdown_event;	433	struct sctp_shutdown_event sn_shutdown_event;
406	struct sctp_adaptation_event sn_adaptation_event;	434	struct sctp_adaptation_event sn_adaptation_event;
407	struct sctp_pdapi_event sn_pdapi_event;	435	struct sctp_pdapi_event sn_pdapi_event;
		436	struct sctp_authkey_event sn_authkey_event;
408	};	437	};
409		438
410	/* Section 5.3.1	439	/* Section 5.3.1
@@ -421,6 +450,7 @@ enum sctp_sn_type {
421	SCTP_SHUTDOWN_EVENT,	450	SCTP_SHUTDOWN_EVENT,
422	SCTP_PARTIAL_DELIVERY_EVENT,	451	SCTP_PARTIAL_DELIVERY_EVENT,
423	SCTP_ADAPTATION_INDICATION,	452	SCTP_ADAPTATION_INDICATION,
		453	SCTP_AUTHENTICATION_EVENT,
424	};	454	};
425		455
426	/* Notification error codes used to fill up the error fields in some	456	/* Notification error codes used to fill up the error fields in some
@@ -539,6 +569,54 @@ struct sctp_paddrparams {
539	__u32 spp_flags;	569	__u32 spp_flags;
540	} __attribute__((packed, aligned(4)));	570	} __attribute__((packed, aligned(4)));
541		571
		572	/*
		573	* 7.1.18. Add a chunk that must be authenticated (SCTP_AUTH_CHUNK)
		574	*
		575	* This set option adds a chunk type that the user is requesting to be
		576	* received only in an authenticated way. Changes to the list of chunks
		577	* will only effect future associations on the socket.
		578	*/
		579	struct sctp_authchunk {
		580	__u8 sauth_chunk;
		581	};
		582
		583	/*
		584	* 7.1.19. Get or set the list of supported HMAC Identifiers (SCTP_HMAC_IDENT)
		585	*
		586	* This option gets or sets the list of HMAC algorithms that the local
		587	* endpoint requires the peer to use.
		588	*/
		589	struct sctp_hmacalgo {
		590	__u16 shmac_num_idents;
		591	__u16 shmac_idents[];
		592	};
		593
		594	/*
		595	* 7.1.20. Set a shared key (SCTP_AUTH_KEY)
		596	*
		597	* This option will set a shared secret key which is used to build an
		598	* association shared key.
		599	*/
		600	struct sctp_authkey {
		601	sctp_assoc_t sca_assoc_id;
		602	__u16 sca_keynumber;
		603	__u16 sca_keylen;
		604	__u8 sca_key[];
		605	};
		606
		607	/*
		608	* 7.1.21. Get or set the active shared key (SCTP_AUTH_ACTIVE_KEY)
		609	*
		610	* This option will get or set the active shared key to be used to build
		611	* the association shared key.
		612	*/
		613
		614	struct sctp_authkeyid {
		615	sctp_assoc_t scact_assoc_id;
		616	__u16 scact_keynumber;
		617	};
		618
		619
542	/* 7.1.23. Delayed Ack Timer (SCTP_DELAYED_ACK_TIME)	620	/* 7.1.23. Delayed Ack Timer (SCTP_DELAYED_ACK_TIME)
543	*	621	*
544	* This options will get or set the delayed ack timer. The time is set	622	* This options will get or set the delayed ack timer. The time is set
@@ -608,6 +686,18 @@ struct sctp_status {
608	};	686	};
609		687
610	/*	688	/*
		689	* 7.2.3. Get the list of chunks the peer requires to be authenticated
		690	* (SCTP_PEER_AUTH_CHUNKS)
		691	*
		692	* This option gets a list of chunks for a specified association that
		693	* the peer requires to be received authenticated only.
		694	*/
		695	struct sctp_authchunks {
		696	sctp_assoc_t gauth_assoc_id;
		697	uint8_t gauth_chunks[];
		698	};
		699
		700	/*
611	* 8.3, 8.5 get all peer/local addresses in an association.	701	* 8.3, 8.5 get all peer/local addresses in an association.
612	* This parameter struct is used by SCTP_GET_PEER_ADDRS and	702	* This parameter struct is used by SCTP_GET_PEER_ADDRS and
613	* SCTP_GET_LOCAL_ADDRS socket options used internally to implement	703	* SCTP_GET_LOCAL_ADDRS socket options used internally to implement