Commit | Line | Data |
---|---|---|
60c778b2 | 1 | /* SCTP kernel implementation |
1f485649 VY |
2 | * (C) Copyright 2007 Hewlett-Packard Development Company, L.P. |
3 | * | |
60c778b2 | 4 | * This file is part of the SCTP kernel implementation |
1f485649 | 5 | * |
60c778b2 | 6 | * This SCTP implementation is free software; |
1f485649 VY |
7 | * you can redistribute it and/or modify it under the terms of |
8 | * the GNU General Public License as published by | |
9 | * the Free Software Foundation; either version 2, or (at your option) | |
10 | * any later version. | |
11 | * | |
60c778b2 | 12 | * This SCTP implementation is distributed in the hope that it |
1f485649 VY |
13 | * will be useful, but WITHOUT ANY WARRANTY; without even the implied |
14 | * ************************ | |
15 | * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | |
16 | * See the GNU General Public License for more details. | |
17 | * | |
18 | * You should have received a copy of the GNU General Public License | |
19 | * along with GNU CC; see the file COPYING. If not, write to | |
20 | * the Free Software Foundation, 59 Temple Place - Suite 330, | |
21 | * Boston, MA 02111-1307, USA. | |
22 | * | |
23 | * Please send any bug reports or fixes you make to the | |
24 | * email address(es): | |
25 | * lksctp developers <lksctp-developers@lists.sourceforge.net> | |
26 | * | |
27 | * Or submit a bug report through the following website: | |
28 | * http://www.sf.net/projects/lksctp | |
29 | * | |
30 | * Written or modified by: | |
31 | * Vlad Yasevich <vladislav.yasevich@hp.com> | |
32 | * | |
33 | * Any bugs reported given to us we will try to fix... any fixes shared will | |
34 | * be incorporated into the next SCTP release. | |
35 | */ | |
36 | ||
5a0e3ad6 | 37 | #include <linux/slab.h> |
1f485649 VY |
38 | #include <linux/types.h> |
39 | #include <linux/crypto.h> | |
40 | #include <linux/scatterlist.h> | |
41 | #include <net/sctp/sctp.h> | |
42 | #include <net/sctp/auth.h> | |
43 | ||
44 | static struct sctp_hmac sctp_hmac_list[SCTP_AUTH_NUM_HMACS] = { | |
45 | { | |
46 | /* id 0 is reserved. as all 0 */ | |
47 | .hmac_id = SCTP_AUTH_HMAC_ID_RESERVED_0, | |
48 | }, | |
49 | { | |
50 | .hmac_id = SCTP_AUTH_HMAC_ID_SHA1, | |
51 | .hmac_name="hmac(sha1)", | |
52 | .hmac_len = SCTP_SHA1_SIG_SIZE, | |
53 | }, | |
54 | { | |
55 | /* id 2 is reserved as well */ | |
56 | .hmac_id = SCTP_AUTH_HMAC_ID_RESERVED_2, | |
57 | }, | |
b7e0fe9f | 58 | #if defined (CONFIG_CRYPTO_SHA256) || defined (CONFIG_CRYPTO_SHA256_MODULE) |
1f485649 VY |
59 | { |
60 | .hmac_id = SCTP_AUTH_HMAC_ID_SHA256, | |
61 | .hmac_name="hmac(sha256)", | |
62 | .hmac_len = SCTP_SHA256_SIG_SIZE, | |
63 | } | |
b7e0fe9f | 64 | #endif |
1f485649 VY |
65 | }; |
66 | ||
67 | ||
68 | void sctp_auth_key_put(struct sctp_auth_bytes *key) | |
69 | { | |
70 | if (!key) | |
71 | return; | |
72 | ||
73 | if (atomic_dec_and_test(&key->refcnt)) { | |
74 | kfree(key); | |
75 | SCTP_DBG_OBJCNT_DEC(keys); | |
76 | } | |
77 | } | |
78 | ||
79 | /* Create a new key structure of a given length */ | |
80 | static struct sctp_auth_bytes *sctp_auth_create_key(__u32 key_len, gfp_t gfp) | |
81 | { | |
82 | struct sctp_auth_bytes *key; | |
83 | ||
30c2235c | 84 | /* Verify that we are not going to overflow INT_MAX */ |
c89304b8 | 85 | if (key_len > (INT_MAX - sizeof(struct sctp_auth_bytes))) |
30c2235c VY |
86 | return NULL; |
87 | ||
1f485649 VY |
88 | /* Allocate the shared key */ |
89 | key = kmalloc(sizeof(struct sctp_auth_bytes) + key_len, gfp); | |
90 | if (!key) | |
91 | return NULL; | |
92 | ||
93 | key->len = key_len; | |
94 | atomic_set(&key->refcnt, 1); | |
95 | SCTP_DBG_OBJCNT_INC(keys); | |
96 | ||
97 | return key; | |
98 | } | |
99 | ||
100 | /* Create a new shared key container with a give key id */ | |
101 | struct sctp_shared_key *sctp_auth_shkey_create(__u16 key_id, gfp_t gfp) | |
102 | { | |
103 | struct sctp_shared_key *new; | |
104 | ||
105 | /* Allocate the shared key container */ | |
106 | new = kzalloc(sizeof(struct sctp_shared_key), gfp); | |
107 | if (!new) | |
108 | return NULL; | |
109 | ||
110 | INIT_LIST_HEAD(&new->key_list); | |
111 | new->key_id = key_id; | |
112 | ||
113 | return new; | |
114 | } | |
115 | ||
25985edc | 116 | /* Free the shared key structure */ |
8ad7c62b | 117 | static void sctp_auth_shkey_free(struct sctp_shared_key *sh_key) |
1f485649 VY |
118 | { |
119 | BUG_ON(!list_empty(&sh_key->key_list)); | |
120 | sctp_auth_key_put(sh_key->key); | |
121 | sh_key->key = NULL; | |
122 | kfree(sh_key); | |
123 | } | |
124 | ||
25985edc | 125 | /* Destroy the entire key list. This is done during the |
1f485649 VY |
126 | * associon and endpoint free process. |
127 | */ | |
128 | void sctp_auth_destroy_keys(struct list_head *keys) | |
129 | { | |
130 | struct sctp_shared_key *ep_key; | |
131 | struct sctp_shared_key *tmp; | |
132 | ||
133 | if (list_empty(keys)) | |
134 | return; | |
135 | ||
136 | key_for_each_safe(ep_key, tmp, keys) { | |
137 | list_del_init(&ep_key->key_list); | |
138 | sctp_auth_shkey_free(ep_key); | |
139 | } | |
140 | } | |
141 | ||
142 | /* Compare two byte vectors as numbers. Return values | |
143 | * are: | |
144 | * 0 - vectors are equal | |
025dfdaf FS |
145 | * < 0 - vector 1 is smaller than vector2 |
146 | * > 0 - vector 1 is greater than vector2 | |
1f485649 VY |
147 | * |
148 | * Algorithm is: | |
149 | * This is performed by selecting the numerically smaller key vector... | |
150 | * If the key vectors are equal as numbers but differ in length ... | |
151 | * the shorter vector is considered smaller | |
152 | * | |
153 | * Examples (with small values): | |
154 | * 000123456789 > 123456789 (first number is longer) | |
155 | * 000123456789 < 234567891 (second number is larger numerically) | |
156 | * 123456789 > 2345678 (first number is both larger & longer) | |
157 | */ | |
158 | static int sctp_auth_compare_vectors(struct sctp_auth_bytes *vector1, | |
159 | struct sctp_auth_bytes *vector2) | |
160 | { | |
161 | int diff; | |
162 | int i; | |
163 | const __u8 *longer; | |
164 | ||
165 | diff = vector1->len - vector2->len; | |
166 | if (diff) { | |
167 | longer = (diff > 0) ? vector1->data : vector2->data; | |
168 | ||
169 | /* Check to see if the longer number is | |
170 | * lead-zero padded. If it is not, it | |
171 | * is automatically larger numerically. | |
172 | */ | |
173 | for (i = 0; i < abs(diff); i++ ) { | |
174 | if (longer[i] != 0) | |
175 | return diff; | |
176 | } | |
177 | } | |
178 | ||
179 | /* lengths are the same, compare numbers */ | |
180 | return memcmp(vector1->data, vector2->data, vector1->len); | |
181 | } | |
182 | ||
183 | /* | |
184 | * Create a key vector as described in SCTP-AUTH, Section 6.1 | |
185 | * The RANDOM parameter, the CHUNKS parameter and the HMAC-ALGO | |
186 | * parameter sent by each endpoint are concatenated as byte vectors. | |
187 | * These parameters include the parameter type, parameter length, and | |
188 | * the parameter value, but padding is omitted; all padding MUST be | |
189 | * removed from this concatenation before proceeding with further | |
190 | * computation of keys. Parameters which were not sent are simply | |
191 | * omitted from the concatenation process. The resulting two vectors | |
192 | * are called the two key vectors. | |
193 | */ | |
194 | static struct sctp_auth_bytes *sctp_auth_make_key_vector( | |
195 | sctp_random_param_t *random, | |
196 | sctp_chunks_param_t *chunks, | |
197 | sctp_hmac_algo_param_t *hmacs, | |
198 | gfp_t gfp) | |
199 | { | |
200 | struct sctp_auth_bytes *new; | |
201 | __u32 len; | |
202 | __u32 offset = 0; | |
241448c2 | 203 | __u16 random_len, hmacs_len, chunks_len = 0; |
1f485649 | 204 | |
241448c2 DB |
205 | random_len = ntohs(random->param_hdr.length); |
206 | hmacs_len = ntohs(hmacs->param_hdr.length); | |
207 | if (chunks) | |
208 | chunks_len = ntohs(chunks->param_hdr.length); | |
209 | ||
210 | len = random_len + hmacs_len + chunks_len; | |
1f485649 VY |
211 | |
212 | new = kmalloc(sizeof(struct sctp_auth_bytes) + len, gfp); | |
213 | if (!new) | |
214 | return NULL; | |
215 | ||
216 | new->len = len; | |
217 | ||
241448c2 DB |
218 | memcpy(new->data, random, random_len); |
219 | offset += random_len; | |
1f485649 VY |
220 | |
221 | if (chunks) { | |
241448c2 DB |
222 | memcpy(new->data + offset, chunks, chunks_len); |
223 | offset += chunks_len; | |
1f485649 VY |
224 | } |
225 | ||
241448c2 | 226 | memcpy(new->data + offset, hmacs, hmacs_len); |
1f485649 VY |
227 | |
228 | return new; | |
229 | } | |
230 | ||
231 | ||
232 | /* Make a key vector based on our local parameters */ | |
8ad7c62b | 233 | static struct sctp_auth_bytes *sctp_auth_make_local_vector( |
1f485649 VY |
234 | const struct sctp_association *asoc, |
235 | gfp_t gfp) | |
236 | { | |
237 | return sctp_auth_make_key_vector( | |
238 | (sctp_random_param_t*)asoc->c.auth_random, | |
239 | (sctp_chunks_param_t*)asoc->c.auth_chunks, | |
240 | (sctp_hmac_algo_param_t*)asoc->c.auth_hmacs, | |
241 | gfp); | |
242 | } | |
243 | ||
244 | /* Make a key vector based on peer's parameters */ | |
8ad7c62b | 245 | static struct sctp_auth_bytes *sctp_auth_make_peer_vector( |
1f485649 VY |
246 | const struct sctp_association *asoc, |
247 | gfp_t gfp) | |
248 | { | |
249 | return sctp_auth_make_key_vector(asoc->peer.peer_random, | |
250 | asoc->peer.peer_chunks, | |
251 | asoc->peer.peer_hmacs, | |
252 | gfp); | |
253 | } | |
254 | ||
255 | ||
256 | /* Set the value of the association shared key base on the parameters | |
257 | * given. The algorithm is: | |
258 | * From the endpoint pair shared keys and the key vectors the | |
259 | * association shared keys are computed. This is performed by selecting | |
260 | * the numerically smaller key vector and concatenating it to the | |
261 | * endpoint pair shared key, and then concatenating the numerically | |
262 | * larger key vector to that. The result of the concatenation is the | |
263 | * association shared key. | |
264 | */ | |
265 | static struct sctp_auth_bytes *sctp_auth_asoc_set_secret( | |
266 | struct sctp_shared_key *ep_key, | |
267 | struct sctp_auth_bytes *first_vector, | |
268 | struct sctp_auth_bytes *last_vector, | |
269 | gfp_t gfp) | |
270 | { | |
271 | struct sctp_auth_bytes *secret; | |
272 | __u32 offset = 0; | |
273 | __u32 auth_len; | |
274 | ||
275 | auth_len = first_vector->len + last_vector->len; | |
276 | if (ep_key->key) | |
277 | auth_len += ep_key->key->len; | |
278 | ||
279 | secret = sctp_auth_create_key(auth_len, gfp); | |
280 | if (!secret) | |
281 | return NULL; | |
282 | ||
283 | if (ep_key->key) { | |
284 | memcpy(secret->data, ep_key->key->data, ep_key->key->len); | |
285 | offset += ep_key->key->len; | |
286 | } | |
287 | ||
288 | memcpy(secret->data + offset, first_vector->data, first_vector->len); | |
289 | offset += first_vector->len; | |
290 | ||
291 | memcpy(secret->data + offset, last_vector->data, last_vector->len); | |
292 | ||
293 | return secret; | |
294 | } | |
295 | ||
296 | /* Create an association shared key. Follow the algorithm | |
297 | * described in SCTP-AUTH, Section 6.1 | |
298 | */ | |
299 | static struct sctp_auth_bytes *sctp_auth_asoc_create_secret( | |
300 | const struct sctp_association *asoc, | |
301 | struct sctp_shared_key *ep_key, | |
302 | gfp_t gfp) | |
303 | { | |
304 | struct sctp_auth_bytes *local_key_vector; | |
305 | struct sctp_auth_bytes *peer_key_vector; | |
306 | struct sctp_auth_bytes *first_vector, | |
307 | *last_vector; | |
308 | struct sctp_auth_bytes *secret = NULL; | |
309 | int cmp; | |
310 | ||
311 | ||
312 | /* Now we need to build the key vectors | |
313 | * SCTP-AUTH , Section 6.1 | |
314 | * The RANDOM parameter, the CHUNKS parameter and the HMAC-ALGO | |
315 | * parameter sent by each endpoint are concatenated as byte vectors. | |
316 | * These parameters include the parameter type, parameter length, and | |
317 | * the parameter value, but padding is omitted; all padding MUST be | |
318 | * removed from this concatenation before proceeding with further | |
319 | * computation of keys. Parameters which were not sent are simply | |
320 | * omitted from the concatenation process. The resulting two vectors | |
321 | * are called the two key vectors. | |
322 | */ | |
323 | ||
324 | local_key_vector = sctp_auth_make_local_vector(asoc, gfp); | |
325 | peer_key_vector = sctp_auth_make_peer_vector(asoc, gfp); | |
326 | ||
327 | if (!peer_key_vector || !local_key_vector) | |
328 | goto out; | |
329 | ||
25985edc | 330 | /* Figure out the order in which the key_vectors will be |
1f485649 VY |
331 | * added to the endpoint shared key. |
332 | * SCTP-AUTH, Section 6.1: | |
333 | * This is performed by selecting the numerically smaller key | |
334 | * vector and concatenating it to the endpoint pair shared | |
335 | * key, and then concatenating the numerically larger key | |
336 | * vector to that. If the key vectors are equal as numbers | |
337 | * but differ in length, then the concatenation order is the | |
338 | * endpoint shared key, followed by the shorter key vector, | |
339 | * followed by the longer key vector. Otherwise, the key | |
340 | * vectors are identical, and may be concatenated to the | |
341 | * endpoint pair key in any order. | |
342 | */ | |
343 | cmp = sctp_auth_compare_vectors(local_key_vector, | |
344 | peer_key_vector); | |
345 | if (cmp < 0) { | |
346 | first_vector = local_key_vector; | |
347 | last_vector = peer_key_vector; | |
348 | } else { | |
349 | first_vector = peer_key_vector; | |
350 | last_vector = local_key_vector; | |
351 | } | |
352 | ||
353 | secret = sctp_auth_asoc_set_secret(ep_key, first_vector, last_vector, | |
354 | gfp); | |
355 | out: | |
356 | kfree(local_key_vector); | |
357 | kfree(peer_key_vector); | |
358 | ||
359 | return secret; | |
360 | } | |
361 | ||
362 | /* | |
363 | * Populate the association overlay list with the list | |
364 | * from the endpoint. | |
365 | */ | |
366 | int sctp_auth_asoc_copy_shkeys(const struct sctp_endpoint *ep, | |
367 | struct sctp_association *asoc, | |
368 | gfp_t gfp) | |
369 | { | |
370 | struct sctp_shared_key *sh_key; | |
371 | struct sctp_shared_key *new; | |
372 | ||
373 | BUG_ON(!list_empty(&asoc->endpoint_shared_keys)); | |
374 | ||
375 | key_for_each(sh_key, &ep->endpoint_shared_keys) { | |
376 | new = sctp_auth_shkey_create(sh_key->key_id, gfp); | |
377 | if (!new) | |
378 | goto nomem; | |
379 | ||
380 | new->key = sh_key->key; | |
381 | sctp_auth_key_hold(new->key); | |
382 | list_add(&new->key_list, &asoc->endpoint_shared_keys); | |
383 | } | |
384 | ||
385 | return 0; | |
386 | ||
387 | nomem: | |
388 | sctp_auth_destroy_keys(&asoc->endpoint_shared_keys); | |
389 | return -ENOMEM; | |
390 | } | |
391 | ||
392 | ||
393 | /* Public interface to creat the association shared key. | |
394 | * See code above for the algorithm. | |
395 | */ | |
396 | int sctp_auth_asoc_init_active_key(struct sctp_association *asoc, gfp_t gfp) | |
397 | { | |
e1fc3b14 | 398 | struct net *net = sock_net(asoc->base.sk); |
1f485649 VY |
399 | struct sctp_auth_bytes *secret; |
400 | struct sctp_shared_key *ep_key; | |
401 | ||
402 | /* If we don't support AUTH, or peer is not capable | |
403 | * we don't need to do anything. | |
404 | */ | |
e1fc3b14 | 405 | if (!net->sctp.auth_enable || !asoc->peer.auth_capable) |
1f485649 VY |
406 | return 0; |
407 | ||
408 | /* If the key_id is non-zero and we couldn't find an | |
409 | * endpoint pair shared key, we can't compute the | |
410 | * secret. | |
411 | * For key_id 0, endpoint pair shared key is a NULL key. | |
412 | */ | |
413 | ep_key = sctp_auth_get_shkey(asoc, asoc->active_key_id); | |
414 | BUG_ON(!ep_key); | |
415 | ||
416 | secret = sctp_auth_asoc_create_secret(asoc, ep_key, gfp); | |
417 | if (!secret) | |
418 | return -ENOMEM; | |
419 | ||
420 | sctp_auth_key_put(asoc->asoc_shared_key); | |
421 | asoc->asoc_shared_key = secret; | |
422 | ||
423 | return 0; | |
424 | } | |
425 | ||
426 | ||
427 | /* Find the endpoint pair shared key based on the key_id */ | |
428 | struct sctp_shared_key *sctp_auth_get_shkey( | |
429 | const struct sctp_association *asoc, | |
430 | __u16 key_id) | |
431 | { | |
7cc08b55 | 432 | struct sctp_shared_key *key; |
1f485649 VY |
433 | |
434 | /* First search associations set of endpoint pair shared keys */ | |
435 | key_for_each(key, &asoc->endpoint_shared_keys) { | |
436 | if (key->key_id == key_id) | |
7cc08b55 | 437 | return key; |
1f485649 VY |
438 | } |
439 | ||
7cc08b55 | 440 | return NULL; |
1f485649 VY |
441 | } |
442 | ||
443 | /* | |
444 | * Initialize all the possible digest transforms that we can use. Right now | |
445 | * now, the supported digests are SHA1 and SHA256. We do this here once | |
446 | * because of the restrictiong that transforms may only be allocated in | |
447 | * user context. This forces us to pre-allocated all possible transforms | |
448 | * at the endpoint init time. | |
449 | */ | |
450 | int sctp_auth_init_hmacs(struct sctp_endpoint *ep, gfp_t gfp) | |
451 | { | |
e1fc3b14 | 452 | struct net *net = sock_net(ep->base.sk); |
1f485649 VY |
453 | struct crypto_hash *tfm = NULL; |
454 | __u16 id; | |
455 | ||
456 | /* if the transforms are already allocted, we are done */ | |
e1fc3b14 | 457 | if (!net->sctp.auth_enable) { |
1f485649 VY |
458 | ep->auth_hmacs = NULL; |
459 | return 0; | |
460 | } | |
461 | ||
462 | if (ep->auth_hmacs) | |
463 | return 0; | |
464 | ||
465 | /* Allocated the array of pointers to transorms */ | |
466 | ep->auth_hmacs = kzalloc( | |
467 | sizeof(struct crypto_hash *) * SCTP_AUTH_NUM_HMACS, | |
468 | gfp); | |
469 | if (!ep->auth_hmacs) | |
470 | return -ENOMEM; | |
471 | ||
472 | for (id = 0; id < SCTP_AUTH_NUM_HMACS; id++) { | |
473 | ||
474 | /* See is we support the id. Supported IDs have name and | |
475 | * length fields set, so that we can allocated and use | |
476 | * them. We can safely just check for name, for without the | |
477 | * name, we can't allocate the TFM. | |
478 | */ | |
479 | if (!sctp_hmac_list[id].hmac_name) | |
480 | continue; | |
481 | ||
482 | /* If this TFM has been allocated, we are all set */ | |
483 | if (ep->auth_hmacs[id]) | |
484 | continue; | |
485 | ||
486 | /* Allocate the ID */ | |
487 | tfm = crypto_alloc_hash(sctp_hmac_list[id].hmac_name, 0, | |
488 | CRYPTO_ALG_ASYNC); | |
489 | if (IS_ERR(tfm)) | |
490 | goto out_err; | |
491 | ||
492 | ep->auth_hmacs[id] = tfm; | |
493 | } | |
494 | ||
495 | return 0; | |
496 | ||
497 | out_err: | |
73ac36ea | 498 | /* Clean up any successful allocations */ |
1f485649 VY |
499 | sctp_auth_destroy_hmacs(ep->auth_hmacs); |
500 | return -ENOMEM; | |
501 | } | |
502 | ||
503 | /* Destroy the hmac tfm array */ | |
504 | void sctp_auth_destroy_hmacs(struct crypto_hash *auth_hmacs[]) | |
505 | { | |
506 | int i; | |
507 | ||
508 | if (!auth_hmacs) | |
509 | return; | |
510 | ||
511 | for (i = 0; i < SCTP_AUTH_NUM_HMACS; i++) | |
512 | { | |
513 | if (auth_hmacs[i]) | |
514 | crypto_free_hash(auth_hmacs[i]); | |
515 | } | |
516 | kfree(auth_hmacs); | |
517 | } | |
518 | ||
519 | ||
520 | struct sctp_hmac *sctp_auth_get_hmac(__u16 hmac_id) | |
521 | { | |
522 | return &sctp_hmac_list[hmac_id]; | |
523 | } | |
524 | ||
525 | /* Get an hmac description information that we can use to build | |
526 | * the AUTH chunk | |
527 | */ | |
528 | struct sctp_hmac *sctp_auth_asoc_get_hmac(const struct sctp_association *asoc) | |
529 | { | |
530 | struct sctp_hmac_algo_param *hmacs; | |
531 | __u16 n_elt; | |
532 | __u16 id = 0; | |
533 | int i; | |
534 | ||
535 | /* If we have a default entry, use it */ | |
536 | if (asoc->default_hmac_id) | |
537 | return &sctp_hmac_list[asoc->default_hmac_id]; | |
538 | ||
539 | /* Since we do not have a default entry, find the first entry | |
540 | * we support and return that. Do not cache that id. | |
541 | */ | |
542 | hmacs = asoc->peer.peer_hmacs; | |
543 | if (!hmacs) | |
544 | return NULL; | |
545 | ||
546 | n_elt = (ntohs(hmacs->param_hdr.length) - sizeof(sctp_paramhdr_t)) >> 1; | |
547 | for (i = 0; i < n_elt; i++) { | |
548 | id = ntohs(hmacs->hmac_ids[i]); | |
549 | ||
550 | /* Check the id is in the supported range */ | |
51e97a12 DR |
551 | if (id > SCTP_AUTH_HMAC_ID_MAX) { |
552 | id = 0; | |
1f485649 | 553 | continue; |
51e97a12 | 554 | } |
1f485649 VY |
555 | |
556 | /* See is we support the id. Supported IDs have name and | |
557 | * length fields set, so that we can allocated and use | |
558 | * them. We can safely just check for name, for without the | |
559 | * name, we can't allocate the TFM. | |
560 | */ | |
51e97a12 DR |
561 | if (!sctp_hmac_list[id].hmac_name) { |
562 | id = 0; | |
1f485649 | 563 | continue; |
51e97a12 | 564 | } |
1f485649 VY |
565 | |
566 | break; | |
567 | } | |
568 | ||
569 | if (id == 0) | |
570 | return NULL; | |
571 | ||
572 | return &sctp_hmac_list[id]; | |
573 | } | |
574 | ||
d06f6082 | 575 | static int __sctp_auth_find_hmacid(__be16 *hmacs, int n_elts, __be16 hmac_id) |
1f485649 VY |
576 | { |
577 | int found = 0; | |
578 | int i; | |
579 | ||
580 | for (i = 0; i < n_elts; i++) { | |
581 | if (hmac_id == hmacs[i]) { | |
582 | found = 1; | |
583 | break; | |
584 | } | |
585 | } | |
586 | ||
587 | return found; | |
588 | } | |
589 | ||
590 | /* See if the HMAC_ID is one that we claim as supported */ | |
591 | int sctp_auth_asoc_verify_hmac_id(const struct sctp_association *asoc, | |
d06f6082 | 592 | __be16 hmac_id) |
1f485649 VY |
593 | { |
594 | struct sctp_hmac_algo_param *hmacs; | |
595 | __u16 n_elt; | |
596 | ||
597 | if (!asoc) | |
598 | return 0; | |
599 | ||
600 | hmacs = (struct sctp_hmac_algo_param *)asoc->c.auth_hmacs; | |
601 | n_elt = (ntohs(hmacs->param_hdr.length) - sizeof(sctp_paramhdr_t)) >> 1; | |
602 | ||
603 | return __sctp_auth_find_hmacid(hmacs->hmac_ids, n_elt, hmac_id); | |
604 | } | |
605 | ||
606 | ||
607 | /* Cache the default HMAC id. This to follow this text from SCTP-AUTH: | |
608 | * Section 6.1: | |
609 | * The receiver of a HMAC-ALGO parameter SHOULD use the first listed | |
610 | * algorithm it supports. | |
611 | */ | |
612 | void sctp_auth_asoc_set_default_hmac(struct sctp_association *asoc, | |
613 | struct sctp_hmac_algo_param *hmacs) | |
614 | { | |
615 | struct sctp_endpoint *ep; | |
616 | __u16 id; | |
617 | int i; | |
618 | int n_params; | |
619 | ||
620 | /* if the default id is already set, use it */ | |
621 | if (asoc->default_hmac_id) | |
622 | return; | |
623 | ||
624 | n_params = (ntohs(hmacs->param_hdr.length) | |
625 | - sizeof(sctp_paramhdr_t)) >> 1; | |
626 | ep = asoc->ep; | |
627 | for (i = 0; i < n_params; i++) { | |
628 | id = ntohs(hmacs->hmac_ids[i]); | |
629 | ||
630 | /* Check the id is in the supported range */ | |
631 | if (id > SCTP_AUTH_HMAC_ID_MAX) | |
632 | continue; | |
633 | ||
634 | /* If this TFM has been allocated, use this id */ | |
635 | if (ep->auth_hmacs[id]) { | |
636 | asoc->default_hmac_id = id; | |
637 | break; | |
638 | } | |
639 | } | |
640 | } | |
641 | ||
642 | ||
643 | /* Check to see if the given chunk is supposed to be authenticated */ | |
644 | static int __sctp_auth_cid(sctp_cid_t chunk, struct sctp_chunks_param *param) | |
645 | { | |
646 | unsigned short len; | |
647 | int found = 0; | |
648 | int i; | |
649 | ||
555d3d5d | 650 | if (!param || param->param_hdr.length == 0) |
1f485649 VY |
651 | return 0; |
652 | ||
653 | len = ntohs(param->param_hdr.length) - sizeof(sctp_paramhdr_t); | |
654 | ||
655 | /* SCTP-AUTH, Section 3.2 | |
656 | * The chunk types for INIT, INIT-ACK, SHUTDOWN-COMPLETE and AUTH | |
657 | * chunks MUST NOT be listed in the CHUNKS parameter. However, if | |
658 | * a CHUNKS parameter is received then the types for INIT, INIT-ACK, | |
659 | * SHUTDOWN-COMPLETE and AUTH chunks MUST be ignored. | |
660 | */ | |
661 | for (i = 0; !found && i < len; i++) { | |
662 | switch (param->chunks[i]) { | |
663 | case SCTP_CID_INIT: | |
664 | case SCTP_CID_INIT_ACK: | |
665 | case SCTP_CID_SHUTDOWN_COMPLETE: | |
666 | case SCTP_CID_AUTH: | |
667 | break; | |
668 | ||
669 | default: | |
670 | if (param->chunks[i] == chunk) | |
671 | found = 1; | |
672 | break; | |
673 | } | |
674 | } | |
675 | ||
676 | return found; | |
677 | } | |
678 | ||
679 | /* Check if peer requested that this chunk is authenticated */ | |
680 | int sctp_auth_send_cid(sctp_cid_t chunk, const struct sctp_association *asoc) | |
681 | { | |
e1fc3b14 EB |
682 | struct net *net; |
683 | if (!asoc) | |
684 | return 0; | |
685 | ||
686 | net = sock_net(asoc->base.sk); | |
687 | if (!net->sctp.auth_enable || !asoc->peer.auth_capable) | |
1f485649 VY |
688 | return 0; |
689 | ||
690 | return __sctp_auth_cid(chunk, asoc->peer.peer_chunks); | |
691 | } | |
692 | ||
693 | /* Check if we requested that peer authenticate this chunk. */ | |
694 | int sctp_auth_recv_cid(sctp_cid_t chunk, const struct sctp_association *asoc) | |
695 | { | |
e1fc3b14 EB |
696 | struct net *net; |
697 | if (!asoc) | |
698 | return 0; | |
699 | ||
700 | net = sock_net(asoc->base.sk); | |
02644a17 | 701 | if (!net->sctp.auth_enable) |
1f485649 VY |
702 | return 0; |
703 | ||
704 | return __sctp_auth_cid(chunk, | |
705 | (struct sctp_chunks_param *)asoc->c.auth_chunks); | |
706 | } | |
707 | ||
708 | /* SCTP-AUTH: Section 6.2: | |
709 | * The sender MUST calculate the MAC as described in RFC2104 [2] using | |
710 | * the hash function H as described by the MAC Identifier and the shared | |
711 | * association key K based on the endpoint pair shared key described by | |
712 | * the shared key identifier. The 'data' used for the computation of | |
713 | * the AUTH-chunk is given by the AUTH chunk with its HMAC field set to | |
714 | * zero (as shown in Figure 6) followed by all chunks that are placed | |
715 | * after the AUTH chunk in the SCTP packet. | |
716 | */ | |
717 | void sctp_auth_calculate_hmac(const struct sctp_association *asoc, | |
718 | struct sk_buff *skb, | |
719 | struct sctp_auth_chunk *auth, | |
720 | gfp_t gfp) | |
721 | { | |
722 | struct scatterlist sg; | |
723 | struct hash_desc desc; | |
724 | struct sctp_auth_bytes *asoc_key; | |
725 | __u16 key_id, hmac_id; | |
726 | __u8 *digest; | |
727 | unsigned char *end; | |
728 | int free_key = 0; | |
729 | ||
730 | /* Extract the info we need: | |
731 | * - hmac id | |
732 | * - key id | |
733 | */ | |
734 | key_id = ntohs(auth->auth_hdr.shkey_id); | |
735 | hmac_id = ntohs(auth->auth_hdr.hmac_id); | |
736 | ||
737 | if (key_id == asoc->active_key_id) | |
738 | asoc_key = asoc->asoc_shared_key; | |
739 | else { | |
740 | struct sctp_shared_key *ep_key; | |
741 | ||
742 | ep_key = sctp_auth_get_shkey(asoc, key_id); | |
743 | if (!ep_key) | |
744 | return; | |
745 | ||
746 | asoc_key = sctp_auth_asoc_create_secret(asoc, ep_key, gfp); | |
747 | if (!asoc_key) | |
748 | return; | |
749 | ||
750 | free_key = 1; | |
751 | } | |
752 | ||
753 | /* set up scatter list */ | |
754 | end = skb_tail_pointer(skb); | |
68e3f5dd | 755 | sg_init_one(&sg, auth, end - (unsigned char *)auth); |
1f485649 VY |
756 | |
757 | desc.tfm = asoc->ep->auth_hmacs[hmac_id]; | |
758 | desc.flags = 0; | |
759 | ||
760 | digest = auth->auth_hdr.hmac; | |
761 | if (crypto_hash_setkey(desc.tfm, &asoc_key->data[0], asoc_key->len)) | |
762 | goto free; | |
763 | ||
764 | crypto_hash_digest(&desc, &sg, sg.length, digest); | |
765 | ||
766 | free: | |
767 | if (free_key) | |
768 | sctp_auth_key_put(asoc_key); | |
769 | } | |
65b07e5d VY |
770 | |
771 | /* API Helpers */ | |
772 | ||
773 | /* Add a chunk to the endpoint authenticated chunk list */ | |
774 | int sctp_auth_ep_add_chunkid(struct sctp_endpoint *ep, __u8 chunk_id) | |
775 | { | |
776 | struct sctp_chunks_param *p = ep->auth_chunk_list; | |
777 | __u16 nchunks; | |
778 | __u16 param_len; | |
779 | ||
780 | /* If this chunk is already specified, we are done */ | |
781 | if (__sctp_auth_cid(chunk_id, p)) | |
782 | return 0; | |
783 | ||
784 | /* Check if we can add this chunk to the array */ | |
785 | param_len = ntohs(p->param_hdr.length); | |
786 | nchunks = param_len - sizeof(sctp_paramhdr_t); | |
787 | if (nchunks == SCTP_NUM_CHUNK_TYPES) | |
788 | return -EINVAL; | |
789 | ||
790 | p->chunks[nchunks] = chunk_id; | |
791 | p->param_hdr.length = htons(param_len + 1); | |
792 | return 0; | |
793 | } | |
794 | ||
795 | /* Add hmac identifires to the endpoint list of supported hmac ids */ | |
796 | int sctp_auth_ep_set_hmacs(struct sctp_endpoint *ep, | |
797 | struct sctp_hmacalgo *hmacs) | |
798 | { | |
799 | int has_sha1 = 0; | |
800 | __u16 id; | |
801 | int i; | |
802 | ||
803 | /* Scan the list looking for unsupported id. Also make sure that | |
804 | * SHA1 is specified. | |
805 | */ | |
806 | for (i = 0; i < hmacs->shmac_num_idents; i++) { | |
807 | id = hmacs->shmac_idents[i]; | |
808 | ||
d9724055 VY |
809 | if (id > SCTP_AUTH_HMAC_ID_MAX) |
810 | return -EOPNOTSUPP; | |
811 | ||
65b07e5d VY |
812 | if (SCTP_AUTH_HMAC_ID_SHA1 == id) |
813 | has_sha1 = 1; | |
814 | ||
815 | if (!sctp_hmac_list[id].hmac_name) | |
816 | return -EOPNOTSUPP; | |
817 | } | |
818 | ||
819 | if (!has_sha1) | |
820 | return -EINVAL; | |
821 | ||
822 | memcpy(ep->auth_hmacs_list->hmac_ids, &hmacs->shmac_idents[0], | |
823 | hmacs->shmac_num_idents * sizeof(__u16)); | |
824 | ep->auth_hmacs_list->param_hdr.length = htons(sizeof(sctp_paramhdr_t) + | |
825 | hmacs->shmac_num_idents * sizeof(__u16)); | |
826 | return 0; | |
827 | } | |
828 | ||
829 | /* Set a new shared key on either endpoint or association. If the | |
830 | * the key with a same ID already exists, replace the key (remove the | |
831 | * old key and add a new one). | |
832 | */ | |
833 | int sctp_auth_set_key(struct sctp_endpoint *ep, | |
834 | struct sctp_association *asoc, | |
835 | struct sctp_authkey *auth_key) | |
836 | { | |
837 | struct sctp_shared_key *cur_key = NULL; | |
838 | struct sctp_auth_bytes *key; | |
839 | struct list_head *sh_keys; | |
840 | int replace = 0; | |
841 | ||
842 | /* Try to find the given key id to see if | |
843 | * we are doing a replace, or adding a new key | |
844 | */ | |
845 | if (asoc) | |
846 | sh_keys = &asoc->endpoint_shared_keys; | |
847 | else | |
848 | sh_keys = &ep->endpoint_shared_keys; | |
849 | ||
850 | key_for_each(cur_key, sh_keys) { | |
851 | if (cur_key->key_id == auth_key->sca_keynumber) { | |
852 | replace = 1; | |
853 | break; | |
854 | } | |
855 | } | |
856 | ||
857 | /* If we are not replacing a key id, we need to allocate | |
858 | * a shared key. | |
859 | */ | |
860 | if (!replace) { | |
861 | cur_key = sctp_auth_shkey_create(auth_key->sca_keynumber, | |
862 | GFP_KERNEL); | |
863 | if (!cur_key) | |
864 | return -ENOMEM; | |
865 | } | |
866 | ||
867 | /* Create a new key data based on the info passed in */ | |
7e8616d8 | 868 | key = sctp_auth_create_key(auth_key->sca_keylength, GFP_KERNEL); |
65b07e5d VY |
869 | if (!key) |
870 | goto nomem; | |
871 | ||
7e8616d8 | 872 | memcpy(key->data, &auth_key->sca_key[0], auth_key->sca_keylength); |
65b07e5d VY |
873 | |
874 | /* If we are replacing, remove the old keys data from the | |
875 | * key id. If we are adding new key id, add it to the | |
876 | * list. | |
877 | */ | |
878 | if (replace) | |
879 | sctp_auth_key_put(cur_key->key); | |
880 | else | |
881 | list_add(&cur_key->key_list, sh_keys); | |
882 | ||
883 | cur_key->key = key; | |
884 | sctp_auth_key_hold(key); | |
885 | ||
886 | return 0; | |
887 | nomem: | |
888 | if (!replace) | |
889 | sctp_auth_shkey_free(cur_key); | |
890 | ||
891 | return -ENOMEM; | |
892 | } | |
893 | ||
894 | int sctp_auth_set_active_key(struct sctp_endpoint *ep, | |
895 | struct sctp_association *asoc, | |
896 | __u16 key_id) | |
897 | { | |
898 | struct sctp_shared_key *key; | |
899 | struct list_head *sh_keys; | |
900 | int found = 0; | |
901 | ||
902 | /* The key identifier MUST correst to an existing key */ | |
903 | if (asoc) | |
904 | sh_keys = &asoc->endpoint_shared_keys; | |
905 | else | |
906 | sh_keys = &ep->endpoint_shared_keys; | |
907 | ||
908 | key_for_each(key, sh_keys) { | |
909 | if (key->key_id == key_id) { | |
910 | found = 1; | |
911 | break; | |
912 | } | |
913 | } | |
914 | ||
915 | if (!found) | |
916 | return -EINVAL; | |
917 | ||
918 | if (asoc) { | |
919 | asoc->active_key_id = key_id; | |
920 | sctp_auth_asoc_init_active_key(asoc, GFP_KERNEL); | |
921 | } else | |
922 | ep->active_key_id = key_id; | |
923 | ||
924 | return 0; | |
925 | } | |
926 | ||
927 | int sctp_auth_del_key_id(struct sctp_endpoint *ep, | |
928 | struct sctp_association *asoc, | |
929 | __u16 key_id) | |
930 | { | |
931 | struct sctp_shared_key *key; | |
932 | struct list_head *sh_keys; | |
933 | int found = 0; | |
934 | ||
935 | /* The key identifier MUST NOT be the current active key | |
936 | * The key identifier MUST correst to an existing key | |
937 | */ | |
938 | if (asoc) { | |
939 | if (asoc->active_key_id == key_id) | |
940 | return -EINVAL; | |
941 | ||
942 | sh_keys = &asoc->endpoint_shared_keys; | |
943 | } else { | |
944 | if (ep->active_key_id == key_id) | |
945 | return -EINVAL; | |
946 | ||
947 | sh_keys = &ep->endpoint_shared_keys; | |
948 | } | |
949 | ||
950 | key_for_each(key, sh_keys) { | |
951 | if (key->key_id == key_id) { | |
952 | found = 1; | |
953 | break; | |
954 | } | |
955 | } | |
956 | ||
957 | if (!found) | |
958 | return -EINVAL; | |
959 | ||
960 | /* Delete the shared key */ | |
961 | list_del_init(&key->key_list); | |
962 | sctp_auth_shkey_free(key); | |
963 | ||
964 | return 0; | |
965 | } |