diff options
Diffstat (limited to 'net/sctp/auth.c')
-rw-r--r-- | net/sctp/auth.c | 745 |
1 files changed, 745 insertions, 0 deletions
diff --git a/net/sctp/auth.c b/net/sctp/auth.c new file mode 100644 index 000000000000..2a29409a38d9 --- /dev/null +++ b/net/sctp/auth.c | |||
@@ -0,0 +1,745 @@ | |||
1 | /* SCTP kernel reference Implementation | ||
2 | * (C) Copyright 2007 Hewlett-Packard Development Company, L.P. | ||
3 | * | ||
4 | * This file is part of the SCTP kernel reference Implementation | ||
5 | * | ||
6 | * The SCTP reference implementation is free software; | ||
7 | * you can redistribute it and/or modify it under the terms of | ||
8 | * the GNU General Public License as published by | ||
9 | * the Free Software Foundation; either version 2, or (at your option) | ||
10 | * any later version. | ||
11 | * | ||
12 | * The SCTP reference implementation is distributed in the hope that it | ||
13 | * will be useful, but WITHOUT ANY WARRANTY; without even the implied | ||
14 | * ************************ | ||
15 | * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | ||
16 | * See the GNU General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU General Public License | ||
19 | * along with GNU CC; see the file COPYING. If not, write to | ||
20 | * the Free Software Foundation, 59 Temple Place - Suite 330, | ||
21 | * Boston, MA 02111-1307, USA. | ||
22 | * | ||
23 | * Please send any bug reports or fixes you make to the | ||
24 | * email address(es): | ||
25 | * lksctp developers <lksctp-developers@lists.sourceforge.net> | ||
26 | * | ||
27 | * Or submit a bug report through the following website: | ||
28 | * http://www.sf.net/projects/lksctp | ||
29 | * | ||
30 | * Written or modified by: | ||
31 | * Vlad Yasevich <vladislav.yasevich@hp.com> | ||
32 | * | ||
33 | * Any bugs reported given to us we will try to fix... any fixes shared will | ||
34 | * be incorporated into the next SCTP release. | ||
35 | */ | ||
36 | |||
37 | #include <linux/types.h> | ||
38 | #include <linux/crypto.h> | ||
39 | #include <linux/scatterlist.h> | ||
40 | #include <net/sctp/sctp.h> | ||
41 | #include <net/sctp/auth.h> | ||
42 | |||
43 | static struct sctp_hmac sctp_hmac_list[SCTP_AUTH_NUM_HMACS] = { | ||
44 | { | ||
45 | /* id 0 is reserved. as all 0 */ | ||
46 | .hmac_id = SCTP_AUTH_HMAC_ID_RESERVED_0, | ||
47 | }, | ||
48 | { | ||
49 | .hmac_id = SCTP_AUTH_HMAC_ID_SHA1, | ||
50 | .hmac_name="hmac(sha1)", | ||
51 | .hmac_len = SCTP_SHA1_SIG_SIZE, | ||
52 | }, | ||
53 | { | ||
54 | /* id 2 is reserved as well */ | ||
55 | .hmac_id = SCTP_AUTH_HMAC_ID_RESERVED_2, | ||
56 | }, | ||
57 | { | ||
58 | .hmac_id = SCTP_AUTH_HMAC_ID_SHA256, | ||
59 | .hmac_name="hmac(sha256)", | ||
60 | .hmac_len = SCTP_SHA256_SIG_SIZE, | ||
61 | } | ||
62 | }; | ||
63 | |||
64 | |||
65 | void sctp_auth_key_put(struct sctp_auth_bytes *key) | ||
66 | { | ||
67 | if (!key) | ||
68 | return; | ||
69 | |||
70 | if (atomic_dec_and_test(&key->refcnt)) { | ||
71 | kfree(key); | ||
72 | SCTP_DBG_OBJCNT_DEC(keys); | ||
73 | } | ||
74 | } | ||
75 | |||
76 | /* Create a new key structure of a given length */ | ||
77 | static struct sctp_auth_bytes *sctp_auth_create_key(__u32 key_len, gfp_t gfp) | ||
78 | { | ||
79 | struct sctp_auth_bytes *key; | ||
80 | |||
81 | /* Allocate the shared key */ | ||
82 | key = kmalloc(sizeof(struct sctp_auth_bytes) + key_len, gfp); | ||
83 | if (!key) | ||
84 | return NULL; | ||
85 | |||
86 | key->len = key_len; | ||
87 | atomic_set(&key->refcnt, 1); | ||
88 | SCTP_DBG_OBJCNT_INC(keys); | ||
89 | |||
90 | return key; | ||
91 | } | ||
92 | |||
93 | /* Create a new shared key container with a give key id */ | ||
94 | struct sctp_shared_key *sctp_auth_shkey_create(__u16 key_id, gfp_t gfp) | ||
95 | { | ||
96 | struct sctp_shared_key *new; | ||
97 | |||
98 | /* Allocate the shared key container */ | ||
99 | new = kzalloc(sizeof(struct sctp_shared_key), gfp); | ||
100 | if (!new) | ||
101 | return NULL; | ||
102 | |||
103 | INIT_LIST_HEAD(&new->key_list); | ||
104 | new->key_id = key_id; | ||
105 | |||
106 | return new; | ||
107 | } | ||
108 | |||
109 | /* Free the shared key stucture */ | ||
110 | void sctp_auth_shkey_free(struct sctp_shared_key *sh_key) | ||
111 | { | ||
112 | BUG_ON(!list_empty(&sh_key->key_list)); | ||
113 | sctp_auth_key_put(sh_key->key); | ||
114 | sh_key->key = NULL; | ||
115 | kfree(sh_key); | ||
116 | } | ||
117 | |||
118 | /* Destory the entire key list. This is done during the | ||
119 | * associon and endpoint free process. | ||
120 | */ | ||
121 | void sctp_auth_destroy_keys(struct list_head *keys) | ||
122 | { | ||
123 | struct sctp_shared_key *ep_key; | ||
124 | struct sctp_shared_key *tmp; | ||
125 | |||
126 | if (list_empty(keys)) | ||
127 | return; | ||
128 | |||
129 | key_for_each_safe(ep_key, tmp, keys) { | ||
130 | list_del_init(&ep_key->key_list); | ||
131 | sctp_auth_shkey_free(ep_key); | ||
132 | } | ||
133 | } | ||
134 | |||
135 | /* Compare two byte vectors as numbers. Return values | ||
136 | * are: | ||
137 | * 0 - vectors are equal | ||
138 | * < 0 - vector 1 is smaller then vector2 | ||
139 | * > 0 - vector 1 is greater then vector2 | ||
140 | * | ||
141 | * Algorithm is: | ||
142 | * This is performed by selecting the numerically smaller key vector... | ||
143 | * If the key vectors are equal as numbers but differ in length ... | ||
144 | * the shorter vector is considered smaller | ||
145 | * | ||
146 | * Examples (with small values): | ||
147 | * 000123456789 > 123456789 (first number is longer) | ||
148 | * 000123456789 < 234567891 (second number is larger numerically) | ||
149 | * 123456789 > 2345678 (first number is both larger & longer) | ||
150 | */ | ||
151 | static int sctp_auth_compare_vectors(struct sctp_auth_bytes *vector1, | ||
152 | struct sctp_auth_bytes *vector2) | ||
153 | { | ||
154 | int diff; | ||
155 | int i; | ||
156 | const __u8 *longer; | ||
157 | |||
158 | diff = vector1->len - vector2->len; | ||
159 | if (diff) { | ||
160 | longer = (diff > 0) ? vector1->data : vector2->data; | ||
161 | |||
162 | /* Check to see if the longer number is | ||
163 | * lead-zero padded. If it is not, it | ||
164 | * is automatically larger numerically. | ||
165 | */ | ||
166 | for (i = 0; i < abs(diff); i++ ) { | ||
167 | if (longer[i] != 0) | ||
168 | return diff; | ||
169 | } | ||
170 | } | ||
171 | |||
172 | /* lengths are the same, compare numbers */ | ||
173 | return memcmp(vector1->data, vector2->data, vector1->len); | ||
174 | } | ||
175 | |||
176 | /* | ||
177 | * Create a key vector as described in SCTP-AUTH, Section 6.1 | ||
178 | * The RANDOM parameter, the CHUNKS parameter and the HMAC-ALGO | ||
179 | * parameter sent by each endpoint are concatenated as byte vectors. | ||
180 | * These parameters include the parameter type, parameter length, and | ||
181 | * the parameter value, but padding is omitted; all padding MUST be | ||
182 | * removed from this concatenation before proceeding with further | ||
183 | * computation of keys. Parameters which were not sent are simply | ||
184 | * omitted from the concatenation process. The resulting two vectors | ||
185 | * are called the two key vectors. | ||
186 | */ | ||
187 | static struct sctp_auth_bytes *sctp_auth_make_key_vector( | ||
188 | sctp_random_param_t *random, | ||
189 | sctp_chunks_param_t *chunks, | ||
190 | sctp_hmac_algo_param_t *hmacs, | ||
191 | gfp_t gfp) | ||
192 | { | ||
193 | struct sctp_auth_bytes *new; | ||
194 | __u32 len; | ||
195 | __u32 offset = 0; | ||
196 | |||
197 | len = ntohs(random->param_hdr.length) + ntohs(hmacs->param_hdr.length); | ||
198 | if (chunks) | ||
199 | len += ntohs(chunks->param_hdr.length); | ||
200 | |||
201 | new = kmalloc(sizeof(struct sctp_auth_bytes) + len, gfp); | ||
202 | if (!new) | ||
203 | return NULL; | ||
204 | |||
205 | new->len = len; | ||
206 | |||
207 | memcpy(new->data, random, ntohs(random->param_hdr.length)); | ||
208 | offset += ntohs(random->param_hdr.length); | ||
209 | |||
210 | if (chunks) { | ||
211 | memcpy(new->data + offset, chunks, | ||
212 | ntohs(chunks->param_hdr.length)); | ||
213 | offset += ntohs(chunks->param_hdr.length); | ||
214 | } | ||
215 | |||
216 | memcpy(new->data + offset, hmacs, ntohs(hmacs->param_hdr.length)); | ||
217 | |||
218 | return new; | ||
219 | } | ||
220 | |||
221 | |||
222 | /* Make a key vector based on our local parameters */ | ||
223 | struct sctp_auth_bytes *sctp_auth_make_local_vector( | ||
224 | const struct sctp_association *asoc, | ||
225 | gfp_t gfp) | ||
226 | { | ||
227 | return sctp_auth_make_key_vector( | ||
228 | (sctp_random_param_t*)asoc->c.auth_random, | ||
229 | (sctp_chunks_param_t*)asoc->c.auth_chunks, | ||
230 | (sctp_hmac_algo_param_t*)asoc->c.auth_hmacs, | ||
231 | gfp); | ||
232 | } | ||
233 | |||
234 | /* Make a key vector based on peer's parameters */ | ||
235 | struct sctp_auth_bytes *sctp_auth_make_peer_vector( | ||
236 | const struct sctp_association *asoc, | ||
237 | gfp_t gfp) | ||
238 | { | ||
239 | return sctp_auth_make_key_vector(asoc->peer.peer_random, | ||
240 | asoc->peer.peer_chunks, | ||
241 | asoc->peer.peer_hmacs, | ||
242 | gfp); | ||
243 | } | ||
244 | |||
245 | |||
246 | /* Set the value of the association shared key base on the parameters | ||
247 | * given. The algorithm is: | ||
248 | * From the endpoint pair shared keys and the key vectors the | ||
249 | * association shared keys are computed. This is performed by selecting | ||
250 | * the numerically smaller key vector and concatenating it to the | ||
251 | * endpoint pair shared key, and then concatenating the numerically | ||
252 | * larger key vector to that. The result of the concatenation is the | ||
253 | * association shared key. | ||
254 | */ | ||
255 | static struct sctp_auth_bytes *sctp_auth_asoc_set_secret( | ||
256 | struct sctp_shared_key *ep_key, | ||
257 | struct sctp_auth_bytes *first_vector, | ||
258 | struct sctp_auth_bytes *last_vector, | ||
259 | gfp_t gfp) | ||
260 | { | ||
261 | struct sctp_auth_bytes *secret; | ||
262 | __u32 offset = 0; | ||
263 | __u32 auth_len; | ||
264 | |||
265 | auth_len = first_vector->len + last_vector->len; | ||
266 | if (ep_key->key) | ||
267 | auth_len += ep_key->key->len; | ||
268 | |||
269 | secret = sctp_auth_create_key(auth_len, gfp); | ||
270 | if (!secret) | ||
271 | return NULL; | ||
272 | |||
273 | if (ep_key->key) { | ||
274 | memcpy(secret->data, ep_key->key->data, ep_key->key->len); | ||
275 | offset += ep_key->key->len; | ||
276 | } | ||
277 | |||
278 | memcpy(secret->data + offset, first_vector->data, first_vector->len); | ||
279 | offset += first_vector->len; | ||
280 | |||
281 | memcpy(secret->data + offset, last_vector->data, last_vector->len); | ||
282 | |||
283 | return secret; | ||
284 | } | ||
285 | |||
286 | /* Create an association shared key. Follow the algorithm | ||
287 | * described in SCTP-AUTH, Section 6.1 | ||
288 | */ | ||
289 | static struct sctp_auth_bytes *sctp_auth_asoc_create_secret( | ||
290 | const struct sctp_association *asoc, | ||
291 | struct sctp_shared_key *ep_key, | ||
292 | gfp_t gfp) | ||
293 | { | ||
294 | struct sctp_auth_bytes *local_key_vector; | ||
295 | struct sctp_auth_bytes *peer_key_vector; | ||
296 | struct sctp_auth_bytes *first_vector, | ||
297 | *last_vector; | ||
298 | struct sctp_auth_bytes *secret = NULL; | ||
299 | int cmp; | ||
300 | |||
301 | |||
302 | /* Now we need to build the key vectors | ||
303 | * SCTP-AUTH , Section 6.1 | ||
304 | * The RANDOM parameter, the CHUNKS parameter and the HMAC-ALGO | ||
305 | * parameter sent by each endpoint are concatenated as byte vectors. | ||
306 | * These parameters include the parameter type, parameter length, and | ||
307 | * the parameter value, but padding is omitted; all padding MUST be | ||
308 | * removed from this concatenation before proceeding with further | ||
309 | * computation of keys. Parameters which were not sent are simply | ||
310 | * omitted from the concatenation process. The resulting two vectors | ||
311 | * are called the two key vectors. | ||
312 | */ | ||
313 | |||
314 | local_key_vector = sctp_auth_make_local_vector(asoc, gfp); | ||
315 | peer_key_vector = sctp_auth_make_peer_vector(asoc, gfp); | ||
316 | |||
317 | if (!peer_key_vector || !local_key_vector) | ||
318 | goto out; | ||
319 | |||
320 | /* Figure out the order in wich the key_vectors will be | ||
321 | * added to the endpoint shared key. | ||
322 | * SCTP-AUTH, Section 6.1: | ||
323 | * This is performed by selecting the numerically smaller key | ||
324 | * vector and concatenating it to the endpoint pair shared | ||
325 | * key, and then concatenating the numerically larger key | ||
326 | * vector to that. If the key vectors are equal as numbers | ||
327 | * but differ in length, then the concatenation order is the | ||
328 | * endpoint shared key, followed by the shorter key vector, | ||
329 | * followed by the longer key vector. Otherwise, the key | ||
330 | * vectors are identical, and may be concatenated to the | ||
331 | * endpoint pair key in any order. | ||
332 | */ | ||
333 | cmp = sctp_auth_compare_vectors(local_key_vector, | ||
334 | peer_key_vector); | ||
335 | if (cmp < 0) { | ||
336 | first_vector = local_key_vector; | ||
337 | last_vector = peer_key_vector; | ||
338 | } else { | ||
339 | first_vector = peer_key_vector; | ||
340 | last_vector = local_key_vector; | ||
341 | } | ||
342 | |||
343 | secret = sctp_auth_asoc_set_secret(ep_key, first_vector, last_vector, | ||
344 | gfp); | ||
345 | out: | ||
346 | kfree(local_key_vector); | ||
347 | kfree(peer_key_vector); | ||
348 | |||
349 | return secret; | ||
350 | } | ||
351 | |||
352 | /* | ||
353 | * Populate the association overlay list with the list | ||
354 | * from the endpoint. | ||
355 | */ | ||
356 | int sctp_auth_asoc_copy_shkeys(const struct sctp_endpoint *ep, | ||
357 | struct sctp_association *asoc, | ||
358 | gfp_t gfp) | ||
359 | { | ||
360 | struct sctp_shared_key *sh_key; | ||
361 | struct sctp_shared_key *new; | ||
362 | |||
363 | BUG_ON(!list_empty(&asoc->endpoint_shared_keys)); | ||
364 | |||
365 | key_for_each(sh_key, &ep->endpoint_shared_keys) { | ||
366 | new = sctp_auth_shkey_create(sh_key->key_id, gfp); | ||
367 | if (!new) | ||
368 | goto nomem; | ||
369 | |||
370 | new->key = sh_key->key; | ||
371 | sctp_auth_key_hold(new->key); | ||
372 | list_add(&new->key_list, &asoc->endpoint_shared_keys); | ||
373 | } | ||
374 | |||
375 | return 0; | ||
376 | |||
377 | nomem: | ||
378 | sctp_auth_destroy_keys(&asoc->endpoint_shared_keys); | ||
379 | return -ENOMEM; | ||
380 | } | ||
381 | |||
382 | |||
383 | /* Public interface to creat the association shared key. | ||
384 | * See code above for the algorithm. | ||
385 | */ | ||
386 | int sctp_auth_asoc_init_active_key(struct sctp_association *asoc, gfp_t gfp) | ||
387 | { | ||
388 | struct sctp_auth_bytes *secret; | ||
389 | struct sctp_shared_key *ep_key; | ||
390 | |||
391 | /* If we don't support AUTH, or peer is not capable | ||
392 | * we don't need to do anything. | ||
393 | */ | ||
394 | if (!sctp_auth_enable || !asoc->peer.auth_capable) | ||
395 | return 0; | ||
396 | |||
397 | /* If the key_id is non-zero and we couldn't find an | ||
398 | * endpoint pair shared key, we can't compute the | ||
399 | * secret. | ||
400 | * For key_id 0, endpoint pair shared key is a NULL key. | ||
401 | */ | ||
402 | ep_key = sctp_auth_get_shkey(asoc, asoc->active_key_id); | ||
403 | BUG_ON(!ep_key); | ||
404 | |||
405 | secret = sctp_auth_asoc_create_secret(asoc, ep_key, gfp); | ||
406 | if (!secret) | ||
407 | return -ENOMEM; | ||
408 | |||
409 | sctp_auth_key_put(asoc->asoc_shared_key); | ||
410 | asoc->asoc_shared_key = secret; | ||
411 | |||
412 | return 0; | ||
413 | } | ||
414 | |||
415 | |||
416 | /* Find the endpoint pair shared key based on the key_id */ | ||
417 | struct sctp_shared_key *sctp_auth_get_shkey( | ||
418 | const struct sctp_association *asoc, | ||
419 | __u16 key_id) | ||
420 | { | ||
421 | struct sctp_shared_key *key = NULL; | ||
422 | |||
423 | /* First search associations set of endpoint pair shared keys */ | ||
424 | key_for_each(key, &asoc->endpoint_shared_keys) { | ||
425 | if (key->key_id == key_id) | ||
426 | break; | ||
427 | } | ||
428 | |||
429 | return key; | ||
430 | } | ||
431 | |||
432 | /* | ||
433 | * Initialize all the possible digest transforms that we can use. Right now | ||
434 | * now, the supported digests are SHA1 and SHA256. We do this here once | ||
435 | * because of the restrictiong that transforms may only be allocated in | ||
436 | * user context. This forces us to pre-allocated all possible transforms | ||
437 | * at the endpoint init time. | ||
438 | */ | ||
439 | int sctp_auth_init_hmacs(struct sctp_endpoint *ep, gfp_t gfp) | ||
440 | { | ||
441 | struct crypto_hash *tfm = NULL; | ||
442 | __u16 id; | ||
443 | |||
444 | /* if the transforms are already allocted, we are done */ | ||
445 | if (!sctp_auth_enable) { | ||
446 | ep->auth_hmacs = NULL; | ||
447 | return 0; | ||
448 | } | ||
449 | |||
450 | if (ep->auth_hmacs) | ||
451 | return 0; | ||
452 | |||
453 | /* Allocated the array of pointers to transorms */ | ||
454 | ep->auth_hmacs = kzalloc( | ||
455 | sizeof(struct crypto_hash *) * SCTP_AUTH_NUM_HMACS, | ||
456 | gfp); | ||
457 | if (!ep->auth_hmacs) | ||
458 | return -ENOMEM; | ||
459 | |||
460 | for (id = 0; id < SCTP_AUTH_NUM_HMACS; id++) { | ||
461 | |||
462 | /* See is we support the id. Supported IDs have name and | ||
463 | * length fields set, so that we can allocated and use | ||
464 | * them. We can safely just check for name, for without the | ||
465 | * name, we can't allocate the TFM. | ||
466 | */ | ||
467 | if (!sctp_hmac_list[id].hmac_name) | ||
468 | continue; | ||
469 | |||
470 | /* If this TFM has been allocated, we are all set */ | ||
471 | if (ep->auth_hmacs[id]) | ||
472 | continue; | ||
473 | |||
474 | /* Allocate the ID */ | ||
475 | tfm = crypto_alloc_hash(sctp_hmac_list[id].hmac_name, 0, | ||
476 | CRYPTO_ALG_ASYNC); | ||
477 | if (IS_ERR(tfm)) | ||
478 | goto out_err; | ||
479 | |||
480 | ep->auth_hmacs[id] = tfm; | ||
481 | } | ||
482 | |||
483 | return 0; | ||
484 | |||
485 | out_err: | ||
486 | /* Clean up any successfull allocations */ | ||
487 | sctp_auth_destroy_hmacs(ep->auth_hmacs); | ||
488 | return -ENOMEM; | ||
489 | } | ||
490 | |||
491 | /* Destroy the hmac tfm array */ | ||
492 | void sctp_auth_destroy_hmacs(struct crypto_hash *auth_hmacs[]) | ||
493 | { | ||
494 | int i; | ||
495 | |||
496 | if (!auth_hmacs) | ||
497 | return; | ||
498 | |||
499 | for (i = 0; i < SCTP_AUTH_NUM_HMACS; i++) | ||
500 | { | ||
501 | if (auth_hmacs[i]) | ||
502 | crypto_free_hash(auth_hmacs[i]); | ||
503 | } | ||
504 | kfree(auth_hmacs); | ||
505 | } | ||
506 | |||
507 | |||
508 | struct sctp_hmac *sctp_auth_get_hmac(__u16 hmac_id) | ||
509 | { | ||
510 | return &sctp_hmac_list[hmac_id]; | ||
511 | } | ||
512 | |||
513 | /* Get an hmac description information that we can use to build | ||
514 | * the AUTH chunk | ||
515 | */ | ||
516 | struct sctp_hmac *sctp_auth_asoc_get_hmac(const struct sctp_association *asoc) | ||
517 | { | ||
518 | struct sctp_hmac_algo_param *hmacs; | ||
519 | __u16 n_elt; | ||
520 | __u16 id = 0; | ||
521 | int i; | ||
522 | |||
523 | /* If we have a default entry, use it */ | ||
524 | if (asoc->default_hmac_id) | ||
525 | return &sctp_hmac_list[asoc->default_hmac_id]; | ||
526 | |||
527 | /* Since we do not have a default entry, find the first entry | ||
528 | * we support and return that. Do not cache that id. | ||
529 | */ | ||
530 | hmacs = asoc->peer.peer_hmacs; | ||
531 | if (!hmacs) | ||
532 | return NULL; | ||
533 | |||
534 | n_elt = (ntohs(hmacs->param_hdr.length) - sizeof(sctp_paramhdr_t)) >> 1; | ||
535 | for (i = 0; i < n_elt; i++) { | ||
536 | id = ntohs(hmacs->hmac_ids[i]); | ||
537 | |||
538 | /* Check the id is in the supported range */ | ||
539 | if (id > SCTP_AUTH_HMAC_ID_MAX) | ||
540 | continue; | ||
541 | |||
542 | /* See is we support the id. Supported IDs have name and | ||
543 | * length fields set, so that we can allocated and use | ||
544 | * them. We can safely just check for name, for without the | ||
545 | * name, we can't allocate the TFM. | ||
546 | */ | ||
547 | if (!sctp_hmac_list[id].hmac_name) | ||
548 | continue; | ||
549 | |||
550 | break; | ||
551 | } | ||
552 | |||
553 | if (id == 0) | ||
554 | return NULL; | ||
555 | |||
556 | return &sctp_hmac_list[id]; | ||
557 | } | ||
558 | |||
559 | static int __sctp_auth_find_hmacid(__u16 *hmacs, int n_elts, __u16 hmac_id) | ||
560 | { | ||
561 | int found = 0; | ||
562 | int i; | ||
563 | |||
564 | for (i = 0; i < n_elts; i++) { | ||
565 | if (hmac_id == hmacs[i]) { | ||
566 | found = 1; | ||
567 | break; | ||
568 | } | ||
569 | } | ||
570 | |||
571 | return found; | ||
572 | } | ||
573 | |||
574 | /* See if the HMAC_ID is one that we claim as supported */ | ||
575 | int sctp_auth_asoc_verify_hmac_id(const struct sctp_association *asoc, | ||
576 | __u16 hmac_id) | ||
577 | { | ||
578 | struct sctp_hmac_algo_param *hmacs; | ||
579 | __u16 n_elt; | ||
580 | |||
581 | if (!asoc) | ||
582 | return 0; | ||
583 | |||
584 | hmacs = (struct sctp_hmac_algo_param *)asoc->c.auth_hmacs; | ||
585 | n_elt = (ntohs(hmacs->param_hdr.length) - sizeof(sctp_paramhdr_t)) >> 1; | ||
586 | |||
587 | return __sctp_auth_find_hmacid(hmacs->hmac_ids, n_elt, hmac_id); | ||
588 | } | ||
589 | |||
590 | |||
591 | /* Cache the default HMAC id. This to follow this text from SCTP-AUTH: | ||
592 | * Section 6.1: | ||
593 | * The receiver of a HMAC-ALGO parameter SHOULD use the first listed | ||
594 | * algorithm it supports. | ||
595 | */ | ||
596 | void sctp_auth_asoc_set_default_hmac(struct sctp_association *asoc, | ||
597 | struct sctp_hmac_algo_param *hmacs) | ||
598 | { | ||
599 | struct sctp_endpoint *ep; | ||
600 | __u16 id; | ||
601 | int i; | ||
602 | int n_params; | ||
603 | |||
604 | /* if the default id is already set, use it */ | ||
605 | if (asoc->default_hmac_id) | ||
606 | return; | ||
607 | |||
608 | n_params = (ntohs(hmacs->param_hdr.length) | ||
609 | - sizeof(sctp_paramhdr_t)) >> 1; | ||
610 | ep = asoc->ep; | ||
611 | for (i = 0; i < n_params; i++) { | ||
612 | id = ntohs(hmacs->hmac_ids[i]); | ||
613 | |||
614 | /* Check the id is in the supported range */ | ||
615 | if (id > SCTP_AUTH_HMAC_ID_MAX) | ||
616 | continue; | ||
617 | |||
618 | /* If this TFM has been allocated, use this id */ | ||
619 | if (ep->auth_hmacs[id]) { | ||
620 | asoc->default_hmac_id = id; | ||
621 | break; | ||
622 | } | ||
623 | } | ||
624 | } | ||
625 | |||
626 | |||
627 | /* Check to see if the given chunk is supposed to be authenticated */ | ||
628 | static int __sctp_auth_cid(sctp_cid_t chunk, struct sctp_chunks_param *param) | ||
629 | { | ||
630 | unsigned short len; | ||
631 | int found = 0; | ||
632 | int i; | ||
633 | |||
634 | if (!param) | ||
635 | return 0; | ||
636 | |||
637 | len = ntohs(param->param_hdr.length) - sizeof(sctp_paramhdr_t); | ||
638 | |||
639 | /* SCTP-AUTH, Section 3.2 | ||
640 | * The chunk types for INIT, INIT-ACK, SHUTDOWN-COMPLETE and AUTH | ||
641 | * chunks MUST NOT be listed in the CHUNKS parameter. However, if | ||
642 | * a CHUNKS parameter is received then the types for INIT, INIT-ACK, | ||
643 | * SHUTDOWN-COMPLETE and AUTH chunks MUST be ignored. | ||
644 | */ | ||
645 | for (i = 0; !found && i < len; i++) { | ||
646 | switch (param->chunks[i]) { | ||
647 | case SCTP_CID_INIT: | ||
648 | case SCTP_CID_INIT_ACK: | ||
649 | case SCTP_CID_SHUTDOWN_COMPLETE: | ||
650 | case SCTP_CID_AUTH: | ||
651 | break; | ||
652 | |||
653 | default: | ||
654 | if (param->chunks[i] == chunk) | ||
655 | found = 1; | ||
656 | break; | ||
657 | } | ||
658 | } | ||
659 | |||
660 | return found; | ||
661 | } | ||
662 | |||
663 | /* Check if peer requested that this chunk is authenticated */ | ||
664 | int sctp_auth_send_cid(sctp_cid_t chunk, const struct sctp_association *asoc) | ||
665 | { | ||
666 | if (!sctp_auth_enable || !asoc || !asoc->peer.auth_capable) | ||
667 | return 0; | ||
668 | |||
669 | return __sctp_auth_cid(chunk, asoc->peer.peer_chunks); | ||
670 | } | ||
671 | |||
672 | /* Check if we requested that peer authenticate this chunk. */ | ||
673 | int sctp_auth_recv_cid(sctp_cid_t chunk, const struct sctp_association *asoc) | ||
674 | { | ||
675 | if (!sctp_auth_enable || !asoc) | ||
676 | return 0; | ||
677 | |||
678 | return __sctp_auth_cid(chunk, | ||
679 | (struct sctp_chunks_param *)asoc->c.auth_chunks); | ||
680 | } | ||
681 | |||
682 | /* SCTP-AUTH: Section 6.2: | ||
683 | * The sender MUST calculate the MAC as described in RFC2104 [2] using | ||
684 | * the hash function H as described by the MAC Identifier and the shared | ||
685 | * association key K based on the endpoint pair shared key described by | ||
686 | * the shared key identifier. The 'data' used for the computation of | ||
687 | * the AUTH-chunk is given by the AUTH chunk with its HMAC field set to | ||
688 | * zero (as shown in Figure 6) followed by all chunks that are placed | ||
689 | * after the AUTH chunk in the SCTP packet. | ||
690 | */ | ||
691 | void sctp_auth_calculate_hmac(const struct sctp_association *asoc, | ||
692 | struct sk_buff *skb, | ||
693 | struct sctp_auth_chunk *auth, | ||
694 | gfp_t gfp) | ||
695 | { | ||
696 | struct scatterlist sg; | ||
697 | struct hash_desc desc; | ||
698 | struct sctp_auth_bytes *asoc_key; | ||
699 | __u16 key_id, hmac_id; | ||
700 | __u8 *digest; | ||
701 | unsigned char *end; | ||
702 | int free_key = 0; | ||
703 | |||
704 | /* Extract the info we need: | ||
705 | * - hmac id | ||
706 | * - key id | ||
707 | */ | ||
708 | key_id = ntohs(auth->auth_hdr.shkey_id); | ||
709 | hmac_id = ntohs(auth->auth_hdr.hmac_id); | ||
710 | |||
711 | if (key_id == asoc->active_key_id) | ||
712 | asoc_key = asoc->asoc_shared_key; | ||
713 | else { | ||
714 | struct sctp_shared_key *ep_key; | ||
715 | |||
716 | ep_key = sctp_auth_get_shkey(asoc, key_id); | ||
717 | if (!ep_key) | ||
718 | return; | ||
719 | |||
720 | asoc_key = sctp_auth_asoc_create_secret(asoc, ep_key, gfp); | ||
721 | if (!asoc_key) | ||
722 | return; | ||
723 | |||
724 | free_key = 1; | ||
725 | } | ||
726 | |||
727 | /* set up scatter list */ | ||
728 | end = skb_tail_pointer(skb); | ||
729 | sg.page = virt_to_page(auth); | ||
730 | sg.offset = (unsigned long)(auth) % PAGE_SIZE; | ||
731 | sg.length = end - (unsigned char *)auth; | ||
732 | |||
733 | desc.tfm = asoc->ep->auth_hmacs[hmac_id]; | ||
734 | desc.flags = 0; | ||
735 | |||
736 | digest = auth->auth_hdr.hmac; | ||
737 | if (crypto_hash_setkey(desc.tfm, &asoc_key->data[0], asoc_key->len)) | ||
738 | goto free; | ||
739 | |||
740 | crypto_hash_digest(&desc, &sg, sg.length, digest); | ||
741 | |||
742 | free: | ||
743 | if (free_key) | ||
744 | sctp_auth_key_put(asoc_key); | ||
745 | } | ||