1 files changed, 35 insertions, 0 deletions
diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
index ec0328b1cdb1..385486360fe9 100644
--- a/net/sctp/sm_statefuns.c
+++ b/net/sctp/sm_statefuns.c
@@ -549,6 +549,11 @@ sctp_disposition_t sctp_sf_do_5_1C_ack(const struct sctp_endpoint *ep,
        sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
                        SCTP_STATE(SCTP_STATE_COOKIE_ECHOED));
+        /* SCTP-AUTH: genereate the assocition shared keys so that
+         * we can potentially signe the COOKIE-ECHO.
+         */
+        sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_SHKEY, SCTP_NULL());
        /* 5.1 C) "A" shall then send the State Cookie received in the
         * INIT ACK chunk in a COOKIE ECHO chunk, ...
         */
@@ -686,6 +691,14 @@ sctp_disposition_t sctp_sf_do_5_1D_ce(const struct sctp_endpoint *ep,
                               peer_init, GFP_ATOMIC))
                goto nomem_init;
+        /* SCTP-AUTH:  Now that we've populate required fields in
+         * sctp_process_init, set up the assocaition shared keys as
+         * necessary so that we can potentially authenticate the ACK
+         */
+        error = sctp_auth_asoc_init_active_key(new_asoc, GFP_ATOMIC);
+        if (error)
+                goto nomem_init;
        repl = sctp_make_cookie_ack(new_asoc, chunk);
        if (!repl)
                goto nomem_init;
@@ -1247,6 +1260,26 @@ static void sctp_tietags_populate(struct sctp_association *new_asoc,
        new_asoc->c.initial_tsn         = asoc->c.initial_tsn;
 }
+static void sctp_auth_params_populate(struct sctp_association *new_asoc,
+                                    const struct sctp_association *asoc)
+{
+        /* Only perform this if AUTH extension is enabled */
+        if (!sctp_auth_enable)
+                return;
+        /* We need to provide the same parameter information as
+         * was in the original INIT.  This means that we need to copy
+         * the HMACS, CHUNKS, and RANDOM parameter from the original
+         * assocaition.
+         */
+        memcpy(new_asoc->c.auth_random, asoc->c.auth_random,
+                sizeof(asoc->c.auth_random));
+        memcpy(new_asoc->c.auth_hmacs, asoc->c.auth_hmacs,
+                sizeof(asoc->c.auth_hmacs));
+        memcpy(new_asoc->c.auth_chunks, asoc->c.auth_chunks,
+                sizeof(asoc->c.auth_chunks));
+}
 /*
 * Compare vtag/tietag values to determine unexpected COOKIE-ECHO
 * handling action.
@@ -1404,6 +1437,8 @@ static sctp_disposition_t sctp_sf_do_unexpected_init(
        sctp_tietags_populate(new_asoc, asoc);
+        sctp_auth_params_populate(new_asoc, asoc);
        /* B) "Z" shall respond immediately with an INIT ACK chunk.  */
        /* If there are errors need to be reported for unknown parameters,

diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c index ec0328b1cdb1..385486360fe9 100644 --- a/net/sctp/sm_statefuns.c +++ b/net/sctp/sm_statefuns.c
@@ -549,6 +549,11 @@ sctp_disposition_t sctp_sf_do_5_1C_ack(const struct sctp_endpoint *ep,
549	sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,	549	sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
550	SCTP_STATE(SCTP_STATE_COOKIE_ECHOED));	550	SCTP_STATE(SCTP_STATE_COOKIE_ECHOED));
551		551
		552	/* SCTP-AUTH: genereate the assocition shared keys so that
		553	* we can potentially signe the COOKIE-ECHO.
		554	*/
		555	sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_SHKEY, SCTP_NULL());
		556
552	/* 5.1 C) "A" shall then send the State Cookie received in the	557	/* 5.1 C) "A" shall then send the State Cookie received in the
553	* INIT ACK chunk in a COOKIE ECHO chunk, ...	558	* INIT ACK chunk in a COOKIE ECHO chunk, ...
554	*/	559	*/
@@ -686,6 +691,14 @@ sctp_disposition_t sctp_sf_do_5_1D_ce(const struct sctp_endpoint *ep,
686	peer_init, GFP_ATOMIC))	691	peer_init, GFP_ATOMIC))
687	goto nomem_init;	692	goto nomem_init;
688		693
		694	/* SCTP-AUTH: Now that we've populate required fields in
		695	* sctp_process_init, set up the assocaition shared keys as
		696	* necessary so that we can potentially authenticate the ACK
		697	*/
		698	error = sctp_auth_asoc_init_active_key(new_asoc, GFP_ATOMIC);
		699	if (error)
		700	goto nomem_init;
		701
689	repl = sctp_make_cookie_ack(new_asoc, chunk);	702	repl = sctp_make_cookie_ack(new_asoc, chunk);
690	if (!repl)	703	if (!repl)
691	goto nomem_init;	704	goto nomem_init;
@@ -1247,6 +1260,26 @@ static void sctp_tietags_populate(struct sctp_association *new_asoc,
1247	new_asoc->c.initial_tsn = asoc->c.initial_tsn;	1260	new_asoc->c.initial_tsn = asoc->c.initial_tsn;
1248	}	1261	}
1249		1262
		1263	static void sctp_auth_params_populate(struct sctp_association *new_asoc,
		1264	const struct sctp_association *asoc)
		1265	{
		1266	/* Only perform this if AUTH extension is enabled */
		1267	if (!sctp_auth_enable)
		1268	return;
		1269
		1270	/* We need to provide the same parameter information as
		1271	* was in the original INIT. This means that we need to copy
		1272	* the HMACS, CHUNKS, and RANDOM parameter from the original
		1273	* assocaition.
		1274	*/
		1275	memcpy(new_asoc->c.auth_random, asoc->c.auth_random,
		1276	sizeof(asoc->c.auth_random));
		1277	memcpy(new_asoc->c.auth_hmacs, asoc->c.auth_hmacs,
		1278	sizeof(asoc->c.auth_hmacs));
		1279	memcpy(new_asoc->c.auth_chunks, asoc->c.auth_chunks,
		1280	sizeof(asoc->c.auth_chunks));
		1281	}
		1282
1250	/*	1283	/*
1251	* Compare vtag/tietag values to determine unexpected COOKIE-ECHO	1284	* Compare vtag/tietag values to determine unexpected COOKIE-ECHO
1252	* handling action.	1285	* handling action.
@@ -1404,6 +1437,8 @@ static sctp_disposition_t sctp_sf_do_unexpected_init(
1404		1437
1405	sctp_tietags_populate(new_asoc, asoc);	1438	sctp_tietags_populate(new_asoc, asoc);
1406		1439
		1440	sctp_auth_params_populate(new_asoc, asoc);
		1441
1407	/* B) "Z" shall respond immediately with an INIT ACK chunk. */	1442	/* B) "Z" shall respond immediately with an INIT ACK chunk. */
1408		1443
1409	/* If there are errors need to be reported for unknown parameters,	1444	/* If there are errors need to be reported for unknown parameters,