Commit | Line | Data |
---|---|---|
47505b8b | 1 | // SPDX-License-Identifier: GPL-2.0-or-later |
60c778b2 | 2 | /* SCTP kernel implementation |
1f485649 VY |
3 | * (C) Copyright 2007 Hewlett-Packard Development Company, L.P. |
4 | * | |
60c778b2 | 5 | * This file is part of the SCTP kernel implementation |
1f485649 | 6 | * |
1f485649 VY |
7 | * Please send any bug reports or fixes you make to the |
8 | * email address(es): | |
91705c61 | 9 | * lksctp developers <linux-sctp@vger.kernel.org> |
1f485649 | 10 | * |
1f485649 VY |
11 | * Written or modified by: |
12 | * Vlad Yasevich <vladislav.yasevich@hp.com> | |
1f485649 VY |
13 | */ |
14 | ||
5821c769 | 15 | #include <crypto/hash.h> |
5a0e3ad6 | 16 | #include <linux/slab.h> |
1f485649 | 17 | #include <linux/types.h> |
1f485649 VY |
18 | #include <linux/scatterlist.h> |
19 | #include <net/sctp/sctp.h> | |
20 | #include <net/sctp/auth.h> | |
21 | ||
22 | static struct sctp_hmac sctp_hmac_list[SCTP_AUTH_NUM_HMACS] = { | |
23 | { | |
24 | /* id 0 is reserved. as all 0 */ | |
25 | .hmac_id = SCTP_AUTH_HMAC_ID_RESERVED_0, | |
26 | }, | |
27 | { | |
28 | .hmac_id = SCTP_AUTH_HMAC_ID_SHA1, | |
cb3f837b | 29 | .hmac_name = "hmac(sha1)", |
1f485649 VY |
30 | .hmac_len = SCTP_SHA1_SIG_SIZE, |
31 | }, | |
32 | { | |
33 | /* id 2 is reserved as well */ | |
34 | .hmac_id = SCTP_AUTH_HMAC_ID_RESERVED_2, | |
35 | }, | |
aebf5de0 | 36 | #if IS_ENABLED(CONFIG_CRYPTO_SHA256) |
1f485649 VY |
37 | { |
38 | .hmac_id = SCTP_AUTH_HMAC_ID_SHA256, | |
cb3f837b | 39 | .hmac_name = "hmac(sha256)", |
1f485649 VY |
40 | .hmac_len = SCTP_SHA256_SIG_SIZE, |
41 | } | |
b7e0fe9f | 42 | #endif |
1f485649 VY |
43 | }; |
44 | ||
45 | ||
46 | void sctp_auth_key_put(struct sctp_auth_bytes *key) | |
47 | { | |
48 | if (!key) | |
49 | return; | |
50 | ||
6871584a | 51 | if (refcount_dec_and_test(&key->refcnt)) { |
586c31f3 | 52 | kzfree(key); |
1f485649 VY |
53 | SCTP_DBG_OBJCNT_DEC(keys); |
54 | } | |
55 | } | |
56 | ||
57 | /* Create a new key structure of a given length */ | |
58 | static struct sctp_auth_bytes *sctp_auth_create_key(__u32 key_len, gfp_t gfp) | |
59 | { | |
60 | struct sctp_auth_bytes *key; | |
61 | ||
30c2235c | 62 | /* Verify that we are not going to overflow INT_MAX */ |
c89304b8 | 63 | if (key_len > (INT_MAX - sizeof(struct sctp_auth_bytes))) |
30c2235c VY |
64 | return NULL; |
65 | ||
1f485649 VY |
66 | /* Allocate the shared key */ |
67 | key = kmalloc(sizeof(struct sctp_auth_bytes) + key_len, gfp); | |
68 | if (!key) | |
69 | return NULL; | |
70 | ||
71 | key->len = key_len; | |
6871584a | 72 | refcount_set(&key->refcnt, 1); |
1f485649 VY |
73 | SCTP_DBG_OBJCNT_INC(keys); |
74 | ||
75 | return key; | |
76 | } | |
77 | ||
78 | /* Create a new shared key container with a give key id */ | |
79 | struct sctp_shared_key *sctp_auth_shkey_create(__u16 key_id, gfp_t gfp) | |
80 | { | |
81 | struct sctp_shared_key *new; | |
82 | ||
83 | /* Allocate the shared key container */ | |
84 | new = kzalloc(sizeof(struct sctp_shared_key), gfp); | |
85 | if (!new) | |
86 | return NULL; | |
87 | ||
88 | INIT_LIST_HEAD(&new->key_list); | |
1b1e0bc9 | 89 | refcount_set(&new->refcnt, 1); |
1f485649 VY |
90 | new->key_id = key_id; |
91 | ||
92 | return new; | |
93 | } | |
94 | ||
25985edc | 95 | /* Free the shared key structure */ |
1b1e0bc9 | 96 | static void sctp_auth_shkey_destroy(struct sctp_shared_key *sh_key) |
1f485649 VY |
97 | { |
98 | BUG_ON(!list_empty(&sh_key->key_list)); | |
99 | sctp_auth_key_put(sh_key->key); | |
100 | sh_key->key = NULL; | |
101 | kfree(sh_key); | |
102 | } | |
103 | ||
1b1e0bc9 XL |
104 | void sctp_auth_shkey_release(struct sctp_shared_key *sh_key) |
105 | { | |
106 | if (refcount_dec_and_test(&sh_key->refcnt)) | |
107 | sctp_auth_shkey_destroy(sh_key); | |
108 | } | |
109 | ||
110 | void sctp_auth_shkey_hold(struct sctp_shared_key *sh_key) | |
111 | { | |
112 | refcount_inc(&sh_key->refcnt); | |
113 | } | |
114 | ||
25985edc | 115 | /* Destroy the entire key list. This is done during the |
1f485649 VY |
116 | * associon and endpoint free process. |
117 | */ | |
118 | void sctp_auth_destroy_keys(struct list_head *keys) | |
119 | { | |
120 | struct sctp_shared_key *ep_key; | |
121 | struct sctp_shared_key *tmp; | |
122 | ||
123 | if (list_empty(keys)) | |
124 | return; | |
125 | ||
126 | key_for_each_safe(ep_key, tmp, keys) { | |
127 | list_del_init(&ep_key->key_list); | |
1b1e0bc9 | 128 | sctp_auth_shkey_release(ep_key); |
1f485649 VY |
129 | } |
130 | } | |
131 | ||
132 | /* Compare two byte vectors as numbers. Return values | |
133 | * are: | |
134 | * 0 - vectors are equal | |
025dfdaf FS |
135 | * < 0 - vector 1 is smaller than vector2 |
136 | * > 0 - vector 1 is greater than vector2 | |
1f485649 VY |
137 | * |
138 | * Algorithm is: | |
139 | * This is performed by selecting the numerically smaller key vector... | |
140 | * If the key vectors are equal as numbers but differ in length ... | |
141 | * the shorter vector is considered smaller | |
142 | * | |
143 | * Examples (with small values): | |
144 | * 000123456789 > 123456789 (first number is longer) | |
145 | * 000123456789 < 234567891 (second number is larger numerically) | |
146 | * 123456789 > 2345678 (first number is both larger & longer) | |
147 | */ | |
148 | static int sctp_auth_compare_vectors(struct sctp_auth_bytes *vector1, | |
149 | struct sctp_auth_bytes *vector2) | |
150 | { | |
151 | int diff; | |
152 | int i; | |
153 | const __u8 *longer; | |
154 | ||
155 | diff = vector1->len - vector2->len; | |
156 | if (diff) { | |
157 | longer = (diff > 0) ? vector1->data : vector2->data; | |
158 | ||
159 | /* Check to see if the longer number is | |
160 | * lead-zero padded. If it is not, it | |
161 | * is automatically larger numerically. | |
162 | */ | |
cb3f837b | 163 | for (i = 0; i < abs(diff); i++) { |
1f485649 VY |
164 | if (longer[i] != 0) |
165 | return diff; | |
166 | } | |
167 | } | |
168 | ||
169 | /* lengths are the same, compare numbers */ | |
170 | return memcmp(vector1->data, vector2->data, vector1->len); | |
171 | } | |
172 | ||
173 | /* | |
174 | * Create a key vector as described in SCTP-AUTH, Section 6.1 | |
175 | * The RANDOM parameter, the CHUNKS parameter and the HMAC-ALGO | |
176 | * parameter sent by each endpoint are concatenated as byte vectors. | |
177 | * These parameters include the parameter type, parameter length, and | |
178 | * the parameter value, but padding is omitted; all padding MUST be | |
179 | * removed from this concatenation before proceeding with further | |
180 | * computation of keys. Parameters which were not sent are simply | |
181 | * omitted from the concatenation process. The resulting two vectors | |
182 | * are called the two key vectors. | |
183 | */ | |
184 | static struct sctp_auth_bytes *sctp_auth_make_key_vector( | |
b02db702 | 185 | struct sctp_random_param *random, |
a762a9d9 | 186 | struct sctp_chunks_param *chunks, |
1474774a | 187 | struct sctp_hmac_algo_param *hmacs, |
1f485649 VY |
188 | gfp_t gfp) |
189 | { | |
190 | struct sctp_auth_bytes *new; | |
191 | __u32 len; | |
192 | __u32 offset = 0; | |
241448c2 | 193 | __u16 random_len, hmacs_len, chunks_len = 0; |
1f485649 | 194 | |
241448c2 DB |
195 | random_len = ntohs(random->param_hdr.length); |
196 | hmacs_len = ntohs(hmacs->param_hdr.length); | |
197 | if (chunks) | |
198 | chunks_len = ntohs(chunks->param_hdr.length); | |
199 | ||
200 | len = random_len + hmacs_len + chunks_len; | |
1f485649 | 201 | |
03536e23 | 202 | new = sctp_auth_create_key(len, gfp); |
1f485649 VY |
203 | if (!new) |
204 | return NULL; | |
205 | ||
241448c2 DB |
206 | memcpy(new->data, random, random_len); |
207 | offset += random_len; | |
1f485649 VY |
208 | |
209 | if (chunks) { | |
241448c2 DB |
210 | memcpy(new->data + offset, chunks, chunks_len); |
211 | offset += chunks_len; | |
1f485649 VY |
212 | } |
213 | ||
241448c2 | 214 | memcpy(new->data + offset, hmacs, hmacs_len); |
1f485649 VY |
215 | |
216 | return new; | |
217 | } | |
218 | ||
219 | ||
220 | /* Make a key vector based on our local parameters */ | |
8ad7c62b | 221 | static struct sctp_auth_bytes *sctp_auth_make_local_vector( |
1f485649 VY |
222 | const struct sctp_association *asoc, |
223 | gfp_t gfp) | |
224 | { | |
225 | return sctp_auth_make_key_vector( | |
b02db702 | 226 | (struct sctp_random_param *)asoc->c.auth_random, |
a762a9d9 | 227 | (struct sctp_chunks_param *)asoc->c.auth_chunks, |
1474774a | 228 | (struct sctp_hmac_algo_param *)asoc->c.auth_hmacs, gfp); |
1f485649 VY |
229 | } |
230 | ||
231 | /* Make a key vector based on peer's parameters */ | |
8ad7c62b | 232 | static struct sctp_auth_bytes *sctp_auth_make_peer_vector( |
1f485649 VY |
233 | const struct sctp_association *asoc, |
234 | gfp_t gfp) | |
235 | { | |
236 | return sctp_auth_make_key_vector(asoc->peer.peer_random, | |
237 | asoc->peer.peer_chunks, | |
238 | asoc->peer.peer_hmacs, | |
239 | gfp); | |
240 | } | |
241 | ||
242 | ||
243 | /* Set the value of the association shared key base on the parameters | |
244 | * given. The algorithm is: | |
245 | * From the endpoint pair shared keys and the key vectors the | |
246 | * association shared keys are computed. This is performed by selecting | |
247 | * the numerically smaller key vector and concatenating it to the | |
248 | * endpoint pair shared key, and then concatenating the numerically | |
249 | * larger key vector to that. The result of the concatenation is the | |
250 | * association shared key. | |
251 | */ | |
252 | static struct sctp_auth_bytes *sctp_auth_asoc_set_secret( | |
253 | struct sctp_shared_key *ep_key, | |
254 | struct sctp_auth_bytes *first_vector, | |
255 | struct sctp_auth_bytes *last_vector, | |
256 | gfp_t gfp) | |
257 | { | |
258 | struct sctp_auth_bytes *secret; | |
259 | __u32 offset = 0; | |
260 | __u32 auth_len; | |
261 | ||
262 | auth_len = first_vector->len + last_vector->len; | |
263 | if (ep_key->key) | |
264 | auth_len += ep_key->key->len; | |
265 | ||
266 | secret = sctp_auth_create_key(auth_len, gfp); | |
267 | if (!secret) | |
268 | return NULL; | |
269 | ||
270 | if (ep_key->key) { | |
271 | memcpy(secret->data, ep_key->key->data, ep_key->key->len); | |
272 | offset += ep_key->key->len; | |
273 | } | |
274 | ||
275 | memcpy(secret->data + offset, first_vector->data, first_vector->len); | |
276 | offset += first_vector->len; | |
277 | ||
278 | memcpy(secret->data + offset, last_vector->data, last_vector->len); | |
279 | ||
280 | return secret; | |
281 | } | |
282 | ||
283 | /* Create an association shared key. Follow the algorithm | |
284 | * described in SCTP-AUTH, Section 6.1 | |
285 | */ | |
286 | static struct sctp_auth_bytes *sctp_auth_asoc_create_secret( | |
287 | const struct sctp_association *asoc, | |
288 | struct sctp_shared_key *ep_key, | |
289 | gfp_t gfp) | |
290 | { | |
291 | struct sctp_auth_bytes *local_key_vector; | |
292 | struct sctp_auth_bytes *peer_key_vector; | |
293 | struct sctp_auth_bytes *first_vector, | |
294 | *last_vector; | |
295 | struct sctp_auth_bytes *secret = NULL; | |
296 | int cmp; | |
297 | ||
298 | ||
299 | /* Now we need to build the key vectors | |
300 | * SCTP-AUTH , Section 6.1 | |
301 | * The RANDOM parameter, the CHUNKS parameter and the HMAC-ALGO | |
302 | * parameter sent by each endpoint are concatenated as byte vectors. | |
303 | * These parameters include the parameter type, parameter length, and | |
304 | * the parameter value, but padding is omitted; all padding MUST be | |
305 | * removed from this concatenation before proceeding with further | |
306 | * computation of keys. Parameters which were not sent are simply | |
307 | * omitted from the concatenation process. The resulting two vectors | |
308 | * are called the two key vectors. | |
309 | */ | |
310 | ||
311 | local_key_vector = sctp_auth_make_local_vector(asoc, gfp); | |
312 | peer_key_vector = sctp_auth_make_peer_vector(asoc, gfp); | |
313 | ||
314 | if (!peer_key_vector || !local_key_vector) | |
315 | goto out; | |
316 | ||
25985edc | 317 | /* Figure out the order in which the key_vectors will be |
1f485649 VY |
318 | * added to the endpoint shared key. |
319 | * SCTP-AUTH, Section 6.1: | |
320 | * This is performed by selecting the numerically smaller key | |
321 | * vector and concatenating it to the endpoint pair shared | |
322 | * key, and then concatenating the numerically larger key | |
323 | * vector to that. If the key vectors are equal as numbers | |
324 | * but differ in length, then the concatenation order is the | |
325 | * endpoint shared key, followed by the shorter key vector, | |
326 | * followed by the longer key vector. Otherwise, the key | |
327 | * vectors are identical, and may be concatenated to the | |
328 | * endpoint pair key in any order. | |
329 | */ | |
330 | cmp = sctp_auth_compare_vectors(local_key_vector, | |
331 | peer_key_vector); | |
332 | if (cmp < 0) { | |
333 | first_vector = local_key_vector; | |
334 | last_vector = peer_key_vector; | |
335 | } else { | |
336 | first_vector = peer_key_vector; | |
337 | last_vector = local_key_vector; | |
338 | } | |
339 | ||
340 | secret = sctp_auth_asoc_set_secret(ep_key, first_vector, last_vector, | |
341 | gfp); | |
342 | out: | |
03536e23 DB |
343 | sctp_auth_key_put(local_key_vector); |
344 | sctp_auth_key_put(peer_key_vector); | |
1f485649 VY |
345 | |
346 | return secret; | |
347 | } | |
348 | ||
349 | /* | |
350 | * Populate the association overlay list with the list | |
351 | * from the endpoint. | |
352 | */ | |
353 | int sctp_auth_asoc_copy_shkeys(const struct sctp_endpoint *ep, | |
354 | struct sctp_association *asoc, | |
355 | gfp_t gfp) | |
356 | { | |
357 | struct sctp_shared_key *sh_key; | |
358 | struct sctp_shared_key *new; | |
359 | ||
360 | BUG_ON(!list_empty(&asoc->endpoint_shared_keys)); | |
361 | ||
362 | key_for_each(sh_key, &ep->endpoint_shared_keys) { | |
363 | new = sctp_auth_shkey_create(sh_key->key_id, gfp); | |
364 | if (!new) | |
365 | goto nomem; | |
366 | ||
367 | new->key = sh_key->key; | |
368 | sctp_auth_key_hold(new->key); | |
369 | list_add(&new->key_list, &asoc->endpoint_shared_keys); | |
370 | } | |
371 | ||
372 | return 0; | |
373 | ||
374 | nomem: | |
375 | sctp_auth_destroy_keys(&asoc->endpoint_shared_keys); | |
376 | return -ENOMEM; | |
377 | } | |
378 | ||
379 | ||
ae36806a | 380 | /* Public interface to create the association shared key. |
1f485649 VY |
381 | * See code above for the algorithm. |
382 | */ | |
383 | int sctp_auth_asoc_init_active_key(struct sctp_association *asoc, gfp_t gfp) | |
384 | { | |
385 | struct sctp_auth_bytes *secret; | |
386 | struct sctp_shared_key *ep_key; | |
ae36806a | 387 | struct sctp_chunk *chunk; |
1f485649 VY |
388 | |
389 | /* If we don't support AUTH, or peer is not capable | |
390 | * we don't need to do anything. | |
391 | */ | |
b14878cc | 392 | if (!asoc->ep->auth_enable || !asoc->peer.auth_capable) |
1f485649 VY |
393 | return 0; |
394 | ||
395 | /* If the key_id is non-zero and we couldn't find an | |
396 | * endpoint pair shared key, we can't compute the | |
397 | * secret. | |
398 | * For key_id 0, endpoint pair shared key is a NULL key. | |
399 | */ | |
400 | ep_key = sctp_auth_get_shkey(asoc, asoc->active_key_id); | |
401 | BUG_ON(!ep_key); | |
402 | ||
403 | secret = sctp_auth_asoc_create_secret(asoc, ep_key, gfp); | |
404 | if (!secret) | |
405 | return -ENOMEM; | |
406 | ||
407 | sctp_auth_key_put(asoc->asoc_shared_key); | |
408 | asoc->asoc_shared_key = secret; | |
1b1e0bc9 | 409 | asoc->shkey = ep_key; |
1f485649 | 410 | |
ae36806a MRL |
411 | /* Update send queue in case any chunk already in there now |
412 | * needs authenticating | |
413 | */ | |
414 | list_for_each_entry(chunk, &asoc->outqueue.out_chunk_list, list) { | |
1b1e0bc9 | 415 | if (sctp_auth_send_cid(chunk->chunk_hdr->type, asoc)) { |
ae36806a | 416 | chunk->auth = 1; |
1b1e0bc9 XL |
417 | if (!chunk->shkey) { |
418 | chunk->shkey = asoc->shkey; | |
419 | sctp_auth_shkey_hold(chunk->shkey); | |
420 | } | |
421 | } | |
ae36806a MRL |
422 | } |
423 | ||
1f485649 VY |
424 | return 0; |
425 | } | |
426 | ||
427 | ||
428 | /* Find the endpoint pair shared key based on the key_id */ | |
429 | struct sctp_shared_key *sctp_auth_get_shkey( | |
430 | const struct sctp_association *asoc, | |
431 | __u16 key_id) | |
432 | { | |
7cc08b55 | 433 | struct sctp_shared_key *key; |
1f485649 VY |
434 | |
435 | /* First search associations set of endpoint pair shared keys */ | |
436 | key_for_each(key, &asoc->endpoint_shared_keys) { | |
601590ec XL |
437 | if (key->key_id == key_id) { |
438 | if (!key->deactivated) | |
439 | return key; | |
440 | break; | |
441 | } | |
1f485649 VY |
442 | } |
443 | ||
7cc08b55 | 444 | return NULL; |
1f485649 VY |
445 | } |
446 | ||
447 | /* | |
448 | * Initialize all the possible digest transforms that we can use. Right now | |
449 | * now, the supported digests are SHA1 and SHA256. We do this here once | |
450 | * because of the restrictiong that transforms may only be allocated in | |
451 | * user context. This forces us to pre-allocated all possible transforms | |
452 | * at the endpoint init time. | |
453 | */ | |
454 | int sctp_auth_init_hmacs(struct sctp_endpoint *ep, gfp_t gfp) | |
455 | { | |
5821c769 | 456 | struct crypto_shash *tfm = NULL; |
1f485649 VY |
457 | __u16 id; |
458 | ||
b14878cc | 459 | /* If the transforms are already allocated, we are done */ |
1f485649 VY |
460 | if (ep->auth_hmacs) |
461 | return 0; | |
462 | ||
463 | /* Allocated the array of pointers to transorms */ | |
6396bb22 KC |
464 | ep->auth_hmacs = kcalloc(SCTP_AUTH_NUM_HMACS, |
465 | sizeof(struct crypto_shash *), | |
466 | gfp); | |
1f485649 VY |
467 | if (!ep->auth_hmacs) |
468 | return -ENOMEM; | |
469 | ||
470 | for (id = 0; id < SCTP_AUTH_NUM_HMACS; id++) { | |
471 | ||
472 | /* See is we support the id. Supported IDs have name and | |
473 | * length fields set, so that we can allocated and use | |
474 | * them. We can safely just check for name, for without the | |
475 | * name, we can't allocate the TFM. | |
476 | */ | |
477 | if (!sctp_hmac_list[id].hmac_name) | |
478 | continue; | |
479 | ||
480 | /* If this TFM has been allocated, we are all set */ | |
481 | if (ep->auth_hmacs[id]) | |
482 | continue; | |
483 | ||
484 | /* Allocate the ID */ | |
5821c769 | 485 | tfm = crypto_alloc_shash(sctp_hmac_list[id].hmac_name, 0, 0); |
1f485649 VY |
486 | if (IS_ERR(tfm)) |
487 | goto out_err; | |
488 | ||
489 | ep->auth_hmacs[id] = tfm; | |
490 | } | |
491 | ||
492 | return 0; | |
493 | ||
494 | out_err: | |
73ac36ea | 495 | /* Clean up any successful allocations */ |
1f485649 VY |
496 | sctp_auth_destroy_hmacs(ep->auth_hmacs); |
497 | return -ENOMEM; | |
498 | } | |
499 | ||
500 | /* Destroy the hmac tfm array */ | |
5821c769 | 501 | void sctp_auth_destroy_hmacs(struct crypto_shash *auth_hmacs[]) |
1f485649 VY |
502 | { |
503 | int i; | |
504 | ||
505 | if (!auth_hmacs) | |
506 | return; | |
507 | ||
8d72651d | 508 | for (i = 0; i < SCTP_AUTH_NUM_HMACS; i++) { |
5821c769 | 509 | crypto_free_shash(auth_hmacs[i]); |
1f485649 VY |
510 | } |
511 | kfree(auth_hmacs); | |
512 | } | |
513 | ||
514 | ||
515 | struct sctp_hmac *sctp_auth_get_hmac(__u16 hmac_id) | |
516 | { | |
517 | return &sctp_hmac_list[hmac_id]; | |
518 | } | |
519 | ||
520 | /* Get an hmac description information that we can use to build | |
521 | * the AUTH chunk | |
522 | */ | |
523 | struct sctp_hmac *sctp_auth_asoc_get_hmac(const struct sctp_association *asoc) | |
524 | { | |
525 | struct sctp_hmac_algo_param *hmacs; | |
526 | __u16 n_elt; | |
527 | __u16 id = 0; | |
528 | int i; | |
529 | ||
530 | /* If we have a default entry, use it */ | |
531 | if (asoc->default_hmac_id) | |
532 | return &sctp_hmac_list[asoc->default_hmac_id]; | |
533 | ||
534 | /* Since we do not have a default entry, find the first entry | |
535 | * we support and return that. Do not cache that id. | |
536 | */ | |
537 | hmacs = asoc->peer.peer_hmacs; | |
538 | if (!hmacs) | |
539 | return NULL; | |
540 | ||
3c918704 XL |
541 | n_elt = (ntohs(hmacs->param_hdr.length) - |
542 | sizeof(struct sctp_paramhdr)) >> 1; | |
1f485649 VY |
543 | for (i = 0; i < n_elt; i++) { |
544 | id = ntohs(hmacs->hmac_ids[i]); | |
545 | ||
747edc0f | 546 | /* Check the id is in the supported range. And |
547 | * see if we support the id. Supported IDs have name and | |
548 | * length fields set, so that we can allocate and use | |
1f485649 VY |
549 | * them. We can safely just check for name, for without the |
550 | * name, we can't allocate the TFM. | |
551 | */ | |
747edc0f | 552 | if (id > SCTP_AUTH_HMAC_ID_MAX || |
553 | !sctp_hmac_list[id].hmac_name) { | |
51e97a12 | 554 | id = 0; |
1f485649 | 555 | continue; |
51e97a12 | 556 | } |
1f485649 VY |
557 | |
558 | break; | |
559 | } | |
560 | ||
561 | if (id == 0) | |
562 | return NULL; | |
563 | ||
564 | return &sctp_hmac_list[id]; | |
565 | } | |
566 | ||
d06f6082 | 567 | static int __sctp_auth_find_hmacid(__be16 *hmacs, int n_elts, __be16 hmac_id) |
1f485649 VY |
568 | { |
569 | int found = 0; | |
570 | int i; | |
571 | ||
572 | for (i = 0; i < n_elts; i++) { | |
573 | if (hmac_id == hmacs[i]) { | |
574 | found = 1; | |
575 | break; | |
576 | } | |
577 | } | |
578 | ||
579 | return found; | |
580 | } | |
581 | ||
582 | /* See if the HMAC_ID is one that we claim as supported */ | |
583 | int sctp_auth_asoc_verify_hmac_id(const struct sctp_association *asoc, | |
d06f6082 | 584 | __be16 hmac_id) |
1f485649 VY |
585 | { |
586 | struct sctp_hmac_algo_param *hmacs; | |
587 | __u16 n_elt; | |
588 | ||
589 | if (!asoc) | |
590 | return 0; | |
591 | ||
592 | hmacs = (struct sctp_hmac_algo_param *)asoc->c.auth_hmacs; | |
3c918704 XL |
593 | n_elt = (ntohs(hmacs->param_hdr.length) - |
594 | sizeof(struct sctp_paramhdr)) >> 1; | |
1f485649 VY |
595 | |
596 | return __sctp_auth_find_hmacid(hmacs->hmac_ids, n_elt, hmac_id); | |
597 | } | |
598 | ||
599 | ||
600 | /* Cache the default HMAC id. This to follow this text from SCTP-AUTH: | |
601 | * Section 6.1: | |
602 | * The receiver of a HMAC-ALGO parameter SHOULD use the first listed | |
603 | * algorithm it supports. | |
604 | */ | |
605 | void sctp_auth_asoc_set_default_hmac(struct sctp_association *asoc, | |
606 | struct sctp_hmac_algo_param *hmacs) | |
607 | { | |
608 | struct sctp_endpoint *ep; | |
609 | __u16 id; | |
610 | int i; | |
611 | int n_params; | |
612 | ||
613 | /* if the default id is already set, use it */ | |
614 | if (asoc->default_hmac_id) | |
615 | return; | |
616 | ||
3c918704 XL |
617 | n_params = (ntohs(hmacs->param_hdr.length) - |
618 | sizeof(struct sctp_paramhdr)) >> 1; | |
1f485649 VY |
619 | ep = asoc->ep; |
620 | for (i = 0; i < n_params; i++) { | |
621 | id = ntohs(hmacs->hmac_ids[i]); | |
622 | ||
623 | /* Check the id is in the supported range */ | |
624 | if (id > SCTP_AUTH_HMAC_ID_MAX) | |
625 | continue; | |
626 | ||
627 | /* If this TFM has been allocated, use this id */ | |
628 | if (ep->auth_hmacs[id]) { | |
629 | asoc->default_hmac_id = id; | |
630 | break; | |
631 | } | |
632 | } | |
633 | } | |
634 | ||
635 | ||
636 | /* Check to see if the given chunk is supposed to be authenticated */ | |
6d85e68f | 637 | static int __sctp_auth_cid(enum sctp_cid chunk, struct sctp_chunks_param *param) |
1f485649 VY |
638 | { |
639 | unsigned short len; | |
640 | int found = 0; | |
641 | int i; | |
642 | ||
555d3d5d | 643 | if (!param || param->param_hdr.length == 0) |
1f485649 VY |
644 | return 0; |
645 | ||
3c918704 | 646 | len = ntohs(param->param_hdr.length) - sizeof(struct sctp_paramhdr); |
1f485649 VY |
647 | |
648 | /* SCTP-AUTH, Section 3.2 | |
649 | * The chunk types for INIT, INIT-ACK, SHUTDOWN-COMPLETE and AUTH | |
650 | * chunks MUST NOT be listed in the CHUNKS parameter. However, if | |
651 | * a CHUNKS parameter is received then the types for INIT, INIT-ACK, | |
652 | * SHUTDOWN-COMPLETE and AUTH chunks MUST be ignored. | |
653 | */ | |
654 | for (i = 0; !found && i < len; i++) { | |
655 | switch (param->chunks[i]) { | |
f7010e61 | 656 | case SCTP_CID_INIT: |
657 | case SCTP_CID_INIT_ACK: | |
658 | case SCTP_CID_SHUTDOWN_COMPLETE: | |
659 | case SCTP_CID_AUTH: | |
1f485649 VY |
660 | break; |
661 | ||
f7010e61 | 662 | default: |
1f485649 | 663 | if (param->chunks[i] == chunk) |
f7010e61 | 664 | found = 1; |
1f485649 VY |
665 | break; |
666 | } | |
667 | } | |
668 | ||
669 | return found; | |
670 | } | |
671 | ||
672 | /* Check if peer requested that this chunk is authenticated */ | |
6d85e68f | 673 | int sctp_auth_send_cid(enum sctp_cid chunk, const struct sctp_association *asoc) |
1f485649 | 674 | { |
e1fc3b14 EB |
675 | if (!asoc) |
676 | return 0; | |
677 | ||
b14878cc | 678 | if (!asoc->ep->auth_enable || !asoc->peer.auth_capable) |
1f485649 VY |
679 | return 0; |
680 | ||
681 | return __sctp_auth_cid(chunk, asoc->peer.peer_chunks); | |
682 | } | |
683 | ||
684 | /* Check if we requested that peer authenticate this chunk. */ | |
6d85e68f | 685 | int sctp_auth_recv_cid(enum sctp_cid chunk, const struct sctp_association *asoc) |
1f485649 | 686 | { |
e1fc3b14 EB |
687 | if (!asoc) |
688 | return 0; | |
689 | ||
b14878cc | 690 | if (!asoc->ep->auth_enable) |
1f485649 VY |
691 | return 0; |
692 | ||
693 | return __sctp_auth_cid(chunk, | |
694 | (struct sctp_chunks_param *)asoc->c.auth_chunks); | |
695 | } | |
696 | ||
697 | /* SCTP-AUTH: Section 6.2: | |
698 | * The sender MUST calculate the MAC as described in RFC2104 [2] using | |
699 | * the hash function H as described by the MAC Identifier and the shared | |
700 | * association key K based on the endpoint pair shared key described by | |
701 | * the shared key identifier. The 'data' used for the computation of | |
702 | * the AUTH-chunk is given by the AUTH chunk with its HMAC field set to | |
703 | * zero (as shown in Figure 6) followed by all chunks that are placed | |
704 | * after the AUTH chunk in the SCTP packet. | |
705 | */ | |
706 | void sctp_auth_calculate_hmac(const struct sctp_association *asoc, | |
1b1e0bc9 XL |
707 | struct sk_buff *skb, struct sctp_auth_chunk *auth, |
708 | struct sctp_shared_key *ep_key, gfp_t gfp) | |
1f485649 | 709 | { |
1f485649 | 710 | struct sctp_auth_bytes *asoc_key; |
1b1e0bc9 | 711 | struct crypto_shash *tfm; |
1f485649 | 712 | __u16 key_id, hmac_id; |
1f485649 VY |
713 | unsigned char *end; |
714 | int free_key = 0; | |
1b1e0bc9 | 715 | __u8 *digest; |
1f485649 VY |
716 | |
717 | /* Extract the info we need: | |
718 | * - hmac id | |
719 | * - key id | |
720 | */ | |
721 | key_id = ntohs(auth->auth_hdr.shkey_id); | |
722 | hmac_id = ntohs(auth->auth_hdr.hmac_id); | |
723 | ||
724 | if (key_id == asoc->active_key_id) | |
725 | asoc_key = asoc->asoc_shared_key; | |
726 | else { | |
1b1e0bc9 | 727 | /* ep_key can't be NULL here */ |
1f485649 VY |
728 | asoc_key = sctp_auth_asoc_create_secret(asoc, ep_key, gfp); |
729 | if (!asoc_key) | |
730 | return; | |
731 | ||
732 | free_key = 1; | |
733 | } | |
734 | ||
735 | /* set up scatter list */ | |
736 | end = skb_tail_pointer(skb); | |
1f485649 | 737 | |
5821c769 | 738 | tfm = asoc->ep->auth_hmacs[hmac_id]; |
1f485649 VY |
739 | |
740 | digest = auth->auth_hdr.hmac; | |
5821c769 | 741 | if (crypto_shash_setkey(tfm, &asoc_key->data[0], asoc_key->len)) |
1f485649 VY |
742 | goto free; |
743 | ||
5821c769 HX |
744 | { |
745 | SHASH_DESC_ON_STACK(desc, tfm); | |
746 | ||
747 | desc->tfm = tfm; | |
5821c769 HX |
748 | crypto_shash_digest(desc, (u8 *)auth, |
749 | end - (unsigned char *)auth, digest); | |
750 | shash_desc_zero(desc); | |
751 | } | |
1f485649 VY |
752 | |
753 | free: | |
754 | if (free_key) | |
755 | sctp_auth_key_put(asoc_key); | |
756 | } | |
65b07e5d VY |
757 | |
758 | /* API Helpers */ | |
759 | ||
760 | /* Add a chunk to the endpoint authenticated chunk list */ | |
761 | int sctp_auth_ep_add_chunkid(struct sctp_endpoint *ep, __u8 chunk_id) | |
762 | { | |
763 | struct sctp_chunks_param *p = ep->auth_chunk_list; | |
764 | __u16 nchunks; | |
765 | __u16 param_len; | |
766 | ||
767 | /* If this chunk is already specified, we are done */ | |
768 | if (__sctp_auth_cid(chunk_id, p)) | |
769 | return 0; | |
770 | ||
771 | /* Check if we can add this chunk to the array */ | |
772 | param_len = ntohs(p->param_hdr.length); | |
3c918704 | 773 | nchunks = param_len - sizeof(struct sctp_paramhdr); |
65b07e5d VY |
774 | if (nchunks == SCTP_NUM_CHUNK_TYPES) |
775 | return -EINVAL; | |
776 | ||
777 | p->chunks[nchunks] = chunk_id; | |
778 | p->param_hdr.length = htons(param_len + 1); | |
779 | return 0; | |
780 | } | |
781 | ||
782 | /* Add hmac identifires to the endpoint list of supported hmac ids */ | |
783 | int sctp_auth_ep_set_hmacs(struct sctp_endpoint *ep, | |
784 | struct sctp_hmacalgo *hmacs) | |
785 | { | |
786 | int has_sha1 = 0; | |
787 | __u16 id; | |
788 | int i; | |
789 | ||
790 | /* Scan the list looking for unsupported id. Also make sure that | |
791 | * SHA1 is specified. | |
792 | */ | |
793 | for (i = 0; i < hmacs->shmac_num_idents; i++) { | |
794 | id = hmacs->shmac_idents[i]; | |
795 | ||
d9724055 VY |
796 | if (id > SCTP_AUTH_HMAC_ID_MAX) |
797 | return -EOPNOTSUPP; | |
798 | ||
65b07e5d VY |
799 | if (SCTP_AUTH_HMAC_ID_SHA1 == id) |
800 | has_sha1 = 1; | |
801 | ||
802 | if (!sctp_hmac_list[id].hmac_name) | |
803 | return -EOPNOTSUPP; | |
804 | } | |
805 | ||
806 | if (!has_sha1) | |
807 | return -EINVAL; | |
808 | ||
ed5a377d | 809 | for (i = 0; i < hmacs->shmac_num_idents; i++) |
3c918704 XL |
810 | ep->auth_hmacs_list->hmac_ids[i] = |
811 | htons(hmacs->shmac_idents[i]); | |
812 | ep->auth_hmacs_list->param_hdr.length = | |
813 | htons(sizeof(struct sctp_paramhdr) + | |
814 | hmacs->shmac_num_idents * sizeof(__u16)); | |
65b07e5d VY |
815 | return 0; |
816 | } | |
817 | ||
818 | /* Set a new shared key on either endpoint or association. If the | |
819 | * the key with a same ID already exists, replace the key (remove the | |
820 | * old key and add a new one). | |
821 | */ | |
822 | int sctp_auth_set_key(struct sctp_endpoint *ep, | |
823 | struct sctp_association *asoc, | |
824 | struct sctp_authkey *auth_key) | |
825 | { | |
1b1e0bc9 | 826 | struct sctp_shared_key *cur_key, *shkey; |
65b07e5d VY |
827 | struct sctp_auth_bytes *key; |
828 | struct list_head *sh_keys; | |
829 | int replace = 0; | |
830 | ||
831 | /* Try to find the given key id to see if | |
832 | * we are doing a replace, or adding a new key | |
833 | */ | |
834 | if (asoc) | |
835 | sh_keys = &asoc->endpoint_shared_keys; | |
836 | else | |
837 | sh_keys = &ep->endpoint_shared_keys; | |
838 | ||
1b1e0bc9 XL |
839 | key_for_each(shkey, sh_keys) { |
840 | if (shkey->key_id == auth_key->sca_keynumber) { | |
65b07e5d VY |
841 | replace = 1; |
842 | break; | |
843 | } | |
844 | } | |
845 | ||
1b1e0bc9 XL |
846 | cur_key = sctp_auth_shkey_create(auth_key->sca_keynumber, GFP_KERNEL); |
847 | if (!cur_key) | |
848 | return -ENOMEM; | |
65b07e5d VY |
849 | |
850 | /* Create a new key data based on the info passed in */ | |
7e8616d8 | 851 | key = sctp_auth_create_key(auth_key->sca_keylength, GFP_KERNEL); |
1b1e0bc9 XL |
852 | if (!key) { |
853 | kfree(cur_key); | |
854 | return -ENOMEM; | |
855 | } | |
65b07e5d | 856 | |
7e8616d8 | 857 | memcpy(key->data, &auth_key->sca_key[0], auth_key->sca_keylength); |
1b1e0bc9 | 858 | cur_key->key = key; |
65b07e5d | 859 | |
1b1e0bc9 XL |
860 | if (replace) { |
861 | list_del_init(&shkey->key_list); | |
862 | sctp_auth_shkey_release(shkey); | |
863 | } | |
864 | list_add(&cur_key->key_list, sh_keys); | |
65b07e5d | 865 | |
65b07e5d | 866 | return 0; |
65b07e5d VY |
867 | } |
868 | ||
869 | int sctp_auth_set_active_key(struct sctp_endpoint *ep, | |
870 | struct sctp_association *asoc, | |
871 | __u16 key_id) | |
872 | { | |
873 | struct sctp_shared_key *key; | |
874 | struct list_head *sh_keys; | |
875 | int found = 0; | |
876 | ||
877 | /* The key identifier MUST correst to an existing key */ | |
878 | if (asoc) | |
879 | sh_keys = &asoc->endpoint_shared_keys; | |
880 | else | |
881 | sh_keys = &ep->endpoint_shared_keys; | |
882 | ||
883 | key_for_each(key, sh_keys) { | |
884 | if (key->key_id == key_id) { | |
885 | found = 1; | |
886 | break; | |
887 | } | |
888 | } | |
889 | ||
601590ec | 890 | if (!found || key->deactivated) |
65b07e5d VY |
891 | return -EINVAL; |
892 | ||
893 | if (asoc) { | |
894 | asoc->active_key_id = key_id; | |
895 | sctp_auth_asoc_init_active_key(asoc, GFP_KERNEL); | |
896 | } else | |
897 | ep->active_key_id = key_id; | |
898 | ||
899 | return 0; | |
900 | } | |
901 | ||
902 | int sctp_auth_del_key_id(struct sctp_endpoint *ep, | |
903 | struct sctp_association *asoc, | |
904 | __u16 key_id) | |
905 | { | |
906 | struct sctp_shared_key *key; | |
907 | struct list_head *sh_keys; | |
908 | int found = 0; | |
909 | ||
910 | /* The key identifier MUST NOT be the current active key | |
911 | * The key identifier MUST correst to an existing key | |
912 | */ | |
913 | if (asoc) { | |
914 | if (asoc->active_key_id == key_id) | |
915 | return -EINVAL; | |
916 | ||
917 | sh_keys = &asoc->endpoint_shared_keys; | |
918 | } else { | |
919 | if (ep->active_key_id == key_id) | |
920 | return -EINVAL; | |
921 | ||
922 | sh_keys = &ep->endpoint_shared_keys; | |
923 | } | |
924 | ||
925 | key_for_each(key, sh_keys) { | |
926 | if (key->key_id == key_id) { | |
927 | found = 1; | |
928 | break; | |
929 | } | |
930 | } | |
931 | ||
932 | if (!found) | |
933 | return -EINVAL; | |
934 | ||
935 | /* Delete the shared key */ | |
936 | list_del_init(&key->key_list); | |
1b1e0bc9 | 937 | sctp_auth_shkey_release(key); |
65b07e5d VY |
938 | |
939 | return 0; | |
940 | } | |
601590ec XL |
941 | |
942 | int sctp_auth_deact_key_id(struct sctp_endpoint *ep, | |
943 | struct sctp_association *asoc, __u16 key_id) | |
944 | { | |
945 | struct sctp_shared_key *key; | |
946 | struct list_head *sh_keys; | |
947 | int found = 0; | |
948 | ||
949 | /* The key identifier MUST NOT be the current active key | |
950 | * The key identifier MUST correst to an existing key | |
951 | */ | |
952 | if (asoc) { | |
953 | if (asoc->active_key_id == key_id) | |
954 | return -EINVAL; | |
955 | ||
956 | sh_keys = &asoc->endpoint_shared_keys; | |
957 | } else { | |
958 | if (ep->active_key_id == key_id) | |
959 | return -EINVAL; | |
960 | ||
961 | sh_keys = &ep->endpoint_shared_keys; | |
962 | } | |
963 | ||
964 | key_for_each(key, sh_keys) { | |
965 | if (key->key_id == key_id) { | |
966 | found = 1; | |
967 | break; | |
968 | } | |
969 | } | |
970 | ||
971 | if (!found) | |
972 | return -EINVAL; | |
973 | ||
ec2e506c XL |
974 | /* refcnt == 1 and !list_empty mean it's not being used anywhere |
975 | * and deactivated will be set, so it's time to notify userland | |
976 | * that this shkey can be freed. | |
977 | */ | |
978 | if (asoc && !list_empty(&key->key_list) && | |
979 | refcount_read(&key->refcnt) == 1) { | |
980 | struct sctp_ulpevent *ev; | |
981 | ||
982 | ev = sctp_ulpevent_make_authkey(asoc, key->key_id, | |
983 | SCTP_AUTH_FREE_KEY, GFP_KERNEL); | |
984 | if (ev) | |
985 | asoc->stream.si->enqueue_event(&asoc->ulpq, ev); | |
986 | } | |
987 | ||
601590ec XL |
988 | key->deactivated = 1; |
989 | ||
990 | return 0; | |
991 | } |