auth.c 25 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981
  1. // SPDX-License-Identifier: GPL-2.0-or-later
  2. /* SCTP kernel implementation
  3. * (C) Copyright 2007 Hewlett-Packard Development Company, L.P.
  4. *
  5. * This file is part of the SCTP kernel implementation
  6. *
  7. * Please send any bug reports or fixes you make to the
  8. * email address(es):
  9. * lksctp developers <linux-sctp@vger.kernel.org>
  10. *
  11. * Written or modified by:
  12. * Vlad Yasevich <vladislav.yasevich@hp.com>
  13. */
  14. #include <crypto/sha1.h>
  15. #include <crypto/sha2.h>
  16. #include <linux/slab.h>
  17. #include <linux/types.h>
  18. #include <net/sctp/sctp.h>
  19. #include <net/sctp/auth.h>
  20. static const struct sctp_hmac sctp_hmac_list[SCTP_AUTH_NUM_HMACS] = {
  21. {
  22. /* id 0 is reserved. as all 0 */
  23. .hmac_id = SCTP_AUTH_HMAC_ID_RESERVED_0,
  24. },
  25. {
  26. .hmac_id = SCTP_AUTH_HMAC_ID_SHA1,
  27. .hmac_len = SHA1_DIGEST_SIZE,
  28. },
  29. {
  30. /* id 2 is reserved as well */
  31. .hmac_id = SCTP_AUTH_HMAC_ID_RESERVED_2,
  32. },
  33. {
  34. .hmac_id = SCTP_AUTH_HMAC_ID_SHA256,
  35. .hmac_len = SHA256_DIGEST_SIZE,
  36. }
  37. };
  38. static bool sctp_hmac_supported(__u16 hmac_id)
  39. {
  40. return hmac_id < ARRAY_SIZE(sctp_hmac_list) &&
  41. sctp_hmac_list[hmac_id].hmac_len != 0;
  42. }
  43. void sctp_auth_key_put(struct sctp_auth_bytes *key)
  44. {
  45. if (!key)
  46. return;
  47. if (refcount_dec_and_test(&key->refcnt)) {
  48. kfree_sensitive(key);
  49. SCTP_DBG_OBJCNT_DEC(keys);
  50. }
  51. }
  52. /* Create a new key structure of a given length */
  53. static struct sctp_auth_bytes *sctp_auth_create_key(__u32 key_len, gfp_t gfp)
  54. {
  55. struct sctp_auth_bytes *key;
  56. /* Verify that we are not going to overflow INT_MAX */
  57. if (key_len > (INT_MAX - sizeof(struct sctp_auth_bytes)))
  58. return NULL;
  59. /* Allocate the shared key */
  60. key = kmalloc(sizeof(struct sctp_auth_bytes) + key_len, gfp);
  61. if (!key)
  62. return NULL;
  63. key->len = key_len;
  64. refcount_set(&key->refcnt, 1);
  65. SCTP_DBG_OBJCNT_INC(keys);
  66. return key;
  67. }
  68. /* Create a new shared key container with a give key id */
  69. struct sctp_shared_key *sctp_auth_shkey_create(__u16 key_id, gfp_t gfp)
  70. {
  71. struct sctp_shared_key *new;
  72. /* Allocate the shared key container */
  73. new = kzalloc_obj(struct sctp_shared_key, gfp);
  74. if (!new)
  75. return NULL;
  76. INIT_LIST_HEAD(&new->key_list);
  77. refcount_set(&new->refcnt, 1);
  78. new->key_id = key_id;
  79. return new;
  80. }
  81. /* Free the shared key structure */
  82. static void sctp_auth_shkey_destroy(struct sctp_shared_key *sh_key)
  83. {
  84. BUG_ON(!list_empty(&sh_key->key_list));
  85. sctp_auth_key_put(sh_key->key);
  86. sh_key->key = NULL;
  87. kfree(sh_key);
  88. }
  89. void sctp_auth_shkey_release(struct sctp_shared_key *sh_key)
  90. {
  91. if (refcount_dec_and_test(&sh_key->refcnt))
  92. sctp_auth_shkey_destroy(sh_key);
  93. }
  94. void sctp_auth_shkey_hold(struct sctp_shared_key *sh_key)
  95. {
  96. refcount_inc(&sh_key->refcnt);
  97. }
  98. /* Destroy the entire key list. This is done during the
  99. * associon and endpoint free process.
  100. */
  101. void sctp_auth_destroy_keys(struct list_head *keys)
  102. {
  103. struct sctp_shared_key *ep_key;
  104. struct sctp_shared_key *tmp;
  105. if (list_empty(keys))
  106. return;
  107. key_for_each_safe(ep_key, tmp, keys) {
  108. list_del_init(&ep_key->key_list);
  109. sctp_auth_shkey_release(ep_key);
  110. }
  111. }
  112. /* Compare two byte vectors as numbers. Return values
  113. * are:
  114. * 0 - vectors are equal
  115. * < 0 - vector 1 is smaller than vector2
  116. * > 0 - vector 1 is greater than vector2
  117. *
  118. * Algorithm is:
  119. * This is performed by selecting the numerically smaller key vector...
  120. * If the key vectors are equal as numbers but differ in length ...
  121. * the shorter vector is considered smaller
  122. *
  123. * Examples (with small values):
  124. * 000123456789 > 123456789 (first number is longer)
  125. * 000123456789 < 234567891 (second number is larger numerically)
  126. * 123456789 > 2345678 (first number is both larger & longer)
  127. */
  128. static int sctp_auth_compare_vectors(struct sctp_auth_bytes *vector1,
  129. struct sctp_auth_bytes *vector2)
  130. {
  131. int diff;
  132. int i;
  133. const __u8 *longer;
  134. diff = vector1->len - vector2->len;
  135. if (diff) {
  136. longer = (diff > 0) ? vector1->data : vector2->data;
  137. /* Check to see if the longer number is
  138. * lead-zero padded. If it is not, it
  139. * is automatically larger numerically.
  140. */
  141. for (i = 0; i < abs(diff); i++) {
  142. if (longer[i] != 0)
  143. return diff;
  144. }
  145. }
  146. /* lengths are the same, compare numbers */
  147. return memcmp(vector1->data, vector2->data, vector1->len);
  148. }
  149. /*
  150. * Create a key vector as described in SCTP-AUTH, Section 6.1
  151. * The RANDOM parameter, the CHUNKS parameter and the HMAC-ALGO
  152. * parameter sent by each endpoint are concatenated as byte vectors.
  153. * These parameters include the parameter type, parameter length, and
  154. * the parameter value, but padding is omitted; all padding MUST be
  155. * removed from this concatenation before proceeding with further
  156. * computation of keys. Parameters which were not sent are simply
  157. * omitted from the concatenation process. The resulting two vectors
  158. * are called the two key vectors.
  159. */
  160. static struct sctp_auth_bytes *sctp_auth_make_key_vector(
  161. struct sctp_random_param *random,
  162. struct sctp_chunks_param *chunks,
  163. struct sctp_hmac_algo_param *hmacs,
  164. gfp_t gfp)
  165. {
  166. struct sctp_auth_bytes *new;
  167. __u32 len;
  168. __u32 offset = 0;
  169. __u16 random_len, hmacs_len, chunks_len = 0;
  170. random_len = ntohs(random->param_hdr.length);
  171. hmacs_len = ntohs(hmacs->param_hdr.length);
  172. if (chunks)
  173. chunks_len = ntohs(chunks->param_hdr.length);
  174. len = random_len + hmacs_len + chunks_len;
  175. new = sctp_auth_create_key(len, gfp);
  176. if (!new)
  177. return NULL;
  178. memcpy(new->data, random, random_len);
  179. offset += random_len;
  180. if (chunks) {
  181. memcpy(new->data + offset, chunks, chunks_len);
  182. offset += chunks_len;
  183. }
  184. memcpy(new->data + offset, hmacs, hmacs_len);
  185. return new;
  186. }
  187. /* Make a key vector based on our local parameters */
  188. static struct sctp_auth_bytes *sctp_auth_make_local_vector(
  189. const struct sctp_association *asoc,
  190. gfp_t gfp)
  191. {
  192. return sctp_auth_make_key_vector(
  193. (struct sctp_random_param *)asoc->c.auth_random,
  194. (struct sctp_chunks_param *)asoc->c.auth_chunks,
  195. (struct sctp_hmac_algo_param *)asoc->c.auth_hmacs, gfp);
  196. }
  197. /* Make a key vector based on peer's parameters */
  198. static struct sctp_auth_bytes *sctp_auth_make_peer_vector(
  199. const struct sctp_association *asoc,
  200. gfp_t gfp)
  201. {
  202. return sctp_auth_make_key_vector(asoc->peer.peer_random,
  203. asoc->peer.peer_chunks,
  204. asoc->peer.peer_hmacs,
  205. gfp);
  206. }
  207. /* Set the value of the association shared key base on the parameters
  208. * given. The algorithm is:
  209. * From the endpoint pair shared keys and the key vectors the
  210. * association shared keys are computed. This is performed by selecting
  211. * the numerically smaller key vector and concatenating it to the
  212. * endpoint pair shared key, and then concatenating the numerically
  213. * larger key vector to that. The result of the concatenation is the
  214. * association shared key.
  215. */
  216. static struct sctp_auth_bytes *sctp_auth_asoc_set_secret(
  217. struct sctp_shared_key *ep_key,
  218. struct sctp_auth_bytes *first_vector,
  219. struct sctp_auth_bytes *last_vector,
  220. gfp_t gfp)
  221. {
  222. struct sctp_auth_bytes *secret;
  223. __u32 offset = 0;
  224. __u32 auth_len;
  225. auth_len = first_vector->len + last_vector->len;
  226. if (ep_key->key)
  227. auth_len += ep_key->key->len;
  228. secret = sctp_auth_create_key(auth_len, gfp);
  229. if (!secret)
  230. return NULL;
  231. if (ep_key->key) {
  232. memcpy(secret->data, ep_key->key->data, ep_key->key->len);
  233. offset += ep_key->key->len;
  234. }
  235. memcpy(secret->data + offset, first_vector->data, first_vector->len);
  236. offset += first_vector->len;
  237. memcpy(secret->data + offset, last_vector->data, last_vector->len);
  238. return secret;
  239. }
  240. /* Create an association shared key. Follow the algorithm
  241. * described in SCTP-AUTH, Section 6.1
  242. */
  243. static struct sctp_auth_bytes *sctp_auth_asoc_create_secret(
  244. const struct sctp_association *asoc,
  245. struct sctp_shared_key *ep_key,
  246. gfp_t gfp)
  247. {
  248. struct sctp_auth_bytes *local_key_vector;
  249. struct sctp_auth_bytes *peer_key_vector;
  250. struct sctp_auth_bytes *first_vector,
  251. *last_vector;
  252. struct sctp_auth_bytes *secret = NULL;
  253. int cmp;
  254. /* Now we need to build the key vectors
  255. * SCTP-AUTH , Section 6.1
  256. * The RANDOM parameter, the CHUNKS parameter and the HMAC-ALGO
  257. * parameter sent by each endpoint are concatenated as byte vectors.
  258. * These parameters include the parameter type, parameter length, and
  259. * the parameter value, but padding is omitted; all padding MUST be
  260. * removed from this concatenation before proceeding with further
  261. * computation of keys. Parameters which were not sent are simply
  262. * omitted from the concatenation process. The resulting two vectors
  263. * are called the two key vectors.
  264. */
  265. local_key_vector = sctp_auth_make_local_vector(asoc, gfp);
  266. peer_key_vector = sctp_auth_make_peer_vector(asoc, gfp);
  267. if (!peer_key_vector || !local_key_vector)
  268. goto out;
  269. /* Figure out the order in which the key_vectors will be
  270. * added to the endpoint shared key.
  271. * SCTP-AUTH, Section 6.1:
  272. * This is performed by selecting the numerically smaller key
  273. * vector and concatenating it to the endpoint pair shared
  274. * key, and then concatenating the numerically larger key
  275. * vector to that. If the key vectors are equal as numbers
  276. * but differ in length, then the concatenation order is the
  277. * endpoint shared key, followed by the shorter key vector,
  278. * followed by the longer key vector. Otherwise, the key
  279. * vectors are identical, and may be concatenated to the
  280. * endpoint pair key in any order.
  281. */
  282. cmp = sctp_auth_compare_vectors(local_key_vector,
  283. peer_key_vector);
  284. if (cmp < 0) {
  285. first_vector = local_key_vector;
  286. last_vector = peer_key_vector;
  287. } else {
  288. first_vector = peer_key_vector;
  289. last_vector = local_key_vector;
  290. }
  291. secret = sctp_auth_asoc_set_secret(ep_key, first_vector, last_vector,
  292. gfp);
  293. out:
  294. sctp_auth_key_put(local_key_vector);
  295. sctp_auth_key_put(peer_key_vector);
  296. return secret;
  297. }
  298. /*
  299. * Populate the association overlay list with the list
  300. * from the endpoint.
  301. */
  302. int sctp_auth_asoc_copy_shkeys(const struct sctp_endpoint *ep,
  303. struct sctp_association *asoc,
  304. gfp_t gfp)
  305. {
  306. struct sctp_shared_key *sh_key;
  307. struct sctp_shared_key *new;
  308. BUG_ON(!list_empty(&asoc->endpoint_shared_keys));
  309. key_for_each(sh_key, &ep->endpoint_shared_keys) {
  310. new = sctp_auth_shkey_create(sh_key->key_id, gfp);
  311. if (!new)
  312. goto nomem;
  313. new->key = sh_key->key;
  314. sctp_auth_key_hold(new->key);
  315. list_add(&new->key_list, &asoc->endpoint_shared_keys);
  316. }
  317. return 0;
  318. nomem:
  319. sctp_auth_destroy_keys(&asoc->endpoint_shared_keys);
  320. return -ENOMEM;
  321. }
  322. /* Public interface to create the association shared key.
  323. * See code above for the algorithm.
  324. */
  325. int sctp_auth_asoc_init_active_key(struct sctp_association *asoc, gfp_t gfp)
  326. {
  327. struct sctp_auth_bytes *secret;
  328. struct sctp_shared_key *ep_key;
  329. struct sctp_chunk *chunk;
  330. /* If we don't support AUTH, or peer is not capable
  331. * we don't need to do anything.
  332. */
  333. if (!asoc->peer.auth_capable)
  334. return 0;
  335. /* If the key_id is non-zero and we couldn't find an
  336. * endpoint pair shared key, we can't compute the
  337. * secret.
  338. * For key_id 0, endpoint pair shared key is a NULL key.
  339. */
  340. ep_key = sctp_auth_get_shkey(asoc, asoc->active_key_id);
  341. BUG_ON(!ep_key);
  342. secret = sctp_auth_asoc_create_secret(asoc, ep_key, gfp);
  343. if (!secret)
  344. return -ENOMEM;
  345. sctp_auth_key_put(asoc->asoc_shared_key);
  346. asoc->asoc_shared_key = secret;
  347. asoc->shkey = ep_key;
  348. /* Update send queue in case any chunk already in there now
  349. * needs authenticating
  350. */
  351. list_for_each_entry(chunk, &asoc->outqueue.out_chunk_list, list) {
  352. if (sctp_auth_send_cid(chunk->chunk_hdr->type, asoc)) {
  353. chunk->auth = 1;
  354. if (!chunk->shkey) {
  355. chunk->shkey = asoc->shkey;
  356. sctp_auth_shkey_hold(chunk->shkey);
  357. }
  358. }
  359. }
  360. return 0;
  361. }
  362. /* Find the endpoint pair shared key based on the key_id */
  363. struct sctp_shared_key *sctp_auth_get_shkey(
  364. const struct sctp_association *asoc,
  365. __u16 key_id)
  366. {
  367. struct sctp_shared_key *key;
  368. /* First search associations set of endpoint pair shared keys */
  369. key_for_each(key, &asoc->endpoint_shared_keys) {
  370. if (key->key_id == key_id) {
  371. if (!key->deactivated)
  372. return key;
  373. break;
  374. }
  375. }
  376. return NULL;
  377. }
  378. const struct sctp_hmac *sctp_auth_get_hmac(__u16 hmac_id)
  379. {
  380. return &sctp_hmac_list[hmac_id];
  381. }
  382. /* Get an hmac description information that we can use to build
  383. * the AUTH chunk
  384. */
  385. const struct sctp_hmac *
  386. sctp_auth_asoc_get_hmac(const struct sctp_association *asoc)
  387. {
  388. struct sctp_hmac_algo_param *hmacs;
  389. __u16 n_elt;
  390. __u16 id = 0;
  391. int i;
  392. /* If we have a default entry, use it */
  393. if (asoc->default_hmac_id)
  394. return &sctp_hmac_list[asoc->default_hmac_id];
  395. /* Since we do not have a default entry, find the first entry
  396. * we support and return that. Do not cache that id.
  397. */
  398. hmacs = asoc->peer.peer_hmacs;
  399. if (!hmacs)
  400. return NULL;
  401. n_elt = (ntohs(hmacs->param_hdr.length) -
  402. sizeof(struct sctp_paramhdr)) >> 1;
  403. for (i = 0; i < n_elt; i++) {
  404. id = ntohs(hmacs->hmac_ids[i]);
  405. if (sctp_hmac_supported(id))
  406. return &sctp_hmac_list[id];
  407. }
  408. return NULL;
  409. }
  410. static int __sctp_auth_find_hmacid(__be16 *hmacs, int n_elts, __be16 hmac_id)
  411. {
  412. int found = 0;
  413. int i;
  414. for (i = 0; i < n_elts; i++) {
  415. if (hmac_id == hmacs[i]) {
  416. found = 1;
  417. break;
  418. }
  419. }
  420. return found;
  421. }
  422. /* See if the HMAC_ID is one that we claim as supported */
  423. int sctp_auth_asoc_verify_hmac_id(const struct sctp_association *asoc,
  424. __be16 hmac_id)
  425. {
  426. struct sctp_hmac_algo_param *hmacs;
  427. __u16 n_elt;
  428. if (!asoc)
  429. return 0;
  430. hmacs = (struct sctp_hmac_algo_param *)asoc->c.auth_hmacs;
  431. n_elt = (ntohs(hmacs->param_hdr.length) -
  432. sizeof(struct sctp_paramhdr)) >> 1;
  433. return __sctp_auth_find_hmacid(hmacs->hmac_ids, n_elt, hmac_id);
  434. }
  435. /* Cache the default HMAC id. This to follow this text from SCTP-AUTH:
  436. * Section 6.1:
  437. * The receiver of a HMAC-ALGO parameter SHOULD use the first listed
  438. * algorithm it supports.
  439. */
  440. void sctp_auth_asoc_set_default_hmac(struct sctp_association *asoc,
  441. struct sctp_hmac_algo_param *hmacs)
  442. {
  443. __u16 id;
  444. int i;
  445. int n_params;
  446. /* if the default id is already set, use it */
  447. if (asoc->default_hmac_id)
  448. return;
  449. n_params = (ntohs(hmacs->param_hdr.length) -
  450. sizeof(struct sctp_paramhdr)) >> 1;
  451. for (i = 0; i < n_params; i++) {
  452. id = ntohs(hmacs->hmac_ids[i]);
  453. if (sctp_hmac_supported(id)) {
  454. asoc->default_hmac_id = id;
  455. break;
  456. }
  457. }
  458. }
  459. /* Check to see if the given chunk is supposed to be authenticated */
  460. static int __sctp_auth_cid(enum sctp_cid chunk, struct sctp_chunks_param *param)
  461. {
  462. unsigned short len;
  463. int found = 0;
  464. int i;
  465. if (!param || param->param_hdr.length == 0)
  466. return 0;
  467. len = ntohs(param->param_hdr.length) - sizeof(struct sctp_paramhdr);
  468. /* SCTP-AUTH, Section 3.2
  469. * The chunk types for INIT, INIT-ACK, SHUTDOWN-COMPLETE and AUTH
  470. * chunks MUST NOT be listed in the CHUNKS parameter. However, if
  471. * a CHUNKS parameter is received then the types for INIT, INIT-ACK,
  472. * SHUTDOWN-COMPLETE and AUTH chunks MUST be ignored.
  473. */
  474. for (i = 0; !found && i < len; i++) {
  475. switch (param->chunks[i]) {
  476. case SCTP_CID_INIT:
  477. case SCTP_CID_INIT_ACK:
  478. case SCTP_CID_SHUTDOWN_COMPLETE:
  479. case SCTP_CID_AUTH:
  480. break;
  481. default:
  482. if (param->chunks[i] == chunk)
  483. found = 1;
  484. break;
  485. }
  486. }
  487. return found;
  488. }
  489. /* Check if peer requested that this chunk is authenticated */
  490. int sctp_auth_send_cid(enum sctp_cid chunk, const struct sctp_association *asoc)
  491. {
  492. if (!asoc)
  493. return 0;
  494. if (!asoc->peer.auth_capable)
  495. return 0;
  496. return __sctp_auth_cid(chunk, asoc->peer.peer_chunks);
  497. }
  498. /* Check if we requested that peer authenticate this chunk. */
  499. int sctp_auth_recv_cid(enum sctp_cid chunk, const struct sctp_association *asoc)
  500. {
  501. if (!asoc)
  502. return 0;
  503. if (!asoc->peer.auth_capable)
  504. return 0;
  505. return __sctp_auth_cid(chunk,
  506. (struct sctp_chunks_param *)asoc->c.auth_chunks);
  507. }
  508. /* SCTP-AUTH: Section 6.2:
  509. * The sender MUST calculate the MAC as described in RFC2104 [2] using
  510. * the hash function H as described by the MAC Identifier and the shared
  511. * association key K based on the endpoint pair shared key described by
  512. * the shared key identifier. The 'data' used for the computation of
  513. * the AUTH-chunk is given by the AUTH chunk with its HMAC field set to
  514. * zero (as shown in Figure 6) followed by all chunks that are placed
  515. * after the AUTH chunk in the SCTP packet.
  516. */
  517. void sctp_auth_calculate_hmac(const struct sctp_association *asoc,
  518. struct sk_buff *skb, struct sctp_auth_chunk *auth,
  519. struct sctp_shared_key *ep_key, gfp_t gfp)
  520. {
  521. struct sctp_auth_bytes *asoc_key;
  522. __u16 key_id, hmac_id;
  523. int free_key = 0;
  524. size_t data_len;
  525. __u8 *digest;
  526. /* Extract the info we need:
  527. * - hmac id
  528. * - key id
  529. */
  530. key_id = ntohs(auth->auth_hdr.shkey_id);
  531. hmac_id = ntohs(auth->auth_hdr.hmac_id);
  532. if (key_id == asoc->active_key_id)
  533. asoc_key = asoc->asoc_shared_key;
  534. else {
  535. /* ep_key can't be NULL here */
  536. asoc_key = sctp_auth_asoc_create_secret(asoc, ep_key, gfp);
  537. if (!asoc_key)
  538. return;
  539. free_key = 1;
  540. }
  541. data_len = skb_tail_pointer(skb) - (unsigned char *)auth;
  542. digest = (u8 *)(&auth->auth_hdr + 1);
  543. if (hmac_id == SCTP_AUTH_HMAC_ID_SHA1) {
  544. hmac_sha1_usingrawkey(asoc_key->data, asoc_key->len,
  545. (const u8 *)auth, data_len, digest);
  546. } else {
  547. WARN_ON_ONCE(hmac_id != SCTP_AUTH_HMAC_ID_SHA256);
  548. hmac_sha256_usingrawkey(asoc_key->data, asoc_key->len,
  549. (const u8 *)auth, data_len, digest);
  550. }
  551. if (free_key)
  552. sctp_auth_key_put(asoc_key);
  553. }
  554. /* API Helpers */
  555. /* Add a chunk to the endpoint authenticated chunk list */
  556. int sctp_auth_ep_add_chunkid(struct sctp_endpoint *ep, __u8 chunk_id)
  557. {
  558. struct sctp_chunks_param *p = ep->auth_chunk_list;
  559. __u16 nchunks;
  560. __u16 param_len;
  561. /* If this chunk is already specified, we are done */
  562. if (__sctp_auth_cid(chunk_id, p))
  563. return 0;
  564. /* Check if we can add this chunk to the array */
  565. param_len = ntohs(p->param_hdr.length);
  566. nchunks = param_len - sizeof(struct sctp_paramhdr);
  567. if (nchunks == SCTP_NUM_CHUNK_TYPES)
  568. return -EINVAL;
  569. p->chunks[nchunks] = chunk_id;
  570. p->param_hdr.length = htons(param_len + 1);
  571. return 0;
  572. }
  573. /* Add hmac identifires to the endpoint list of supported hmac ids */
  574. int sctp_auth_ep_set_hmacs(struct sctp_endpoint *ep,
  575. struct sctp_hmacalgo *hmacs)
  576. {
  577. int has_sha1 = 0;
  578. __u16 id;
  579. int i;
  580. /* Scan the list looking for unsupported id. Also make sure that
  581. * SHA1 is specified.
  582. */
  583. for (i = 0; i < hmacs->shmac_num_idents; i++) {
  584. id = hmacs->shmac_idents[i];
  585. if (!sctp_hmac_supported(id))
  586. return -EOPNOTSUPP;
  587. if (SCTP_AUTH_HMAC_ID_SHA1 == id)
  588. has_sha1 = 1;
  589. }
  590. if (!has_sha1)
  591. return -EINVAL;
  592. for (i = 0; i < hmacs->shmac_num_idents; i++)
  593. ep->auth_hmacs_list->hmac_ids[i] =
  594. htons(hmacs->shmac_idents[i]);
  595. ep->auth_hmacs_list->param_hdr.length =
  596. htons(sizeof(struct sctp_paramhdr) +
  597. hmacs->shmac_num_idents * sizeof(__u16));
  598. return 0;
  599. }
  600. /* Set a new shared key on either endpoint or association. If the
  601. * key with a same ID already exists, replace the key (remove the
  602. * old key and add a new one).
  603. */
  604. int sctp_auth_set_key(struct sctp_endpoint *ep,
  605. struct sctp_association *asoc,
  606. struct sctp_authkey *auth_key)
  607. {
  608. struct sctp_shared_key *cur_key, *shkey;
  609. struct sctp_auth_bytes *key;
  610. struct list_head *sh_keys;
  611. int replace = 0;
  612. /* Try to find the given key id to see if
  613. * we are doing a replace, or adding a new key
  614. */
  615. if (asoc) {
  616. if (!asoc->peer.auth_capable)
  617. return -EACCES;
  618. sh_keys = &asoc->endpoint_shared_keys;
  619. } else {
  620. if (!ep->auth_enable)
  621. return -EACCES;
  622. sh_keys = &ep->endpoint_shared_keys;
  623. }
  624. key_for_each(shkey, sh_keys) {
  625. if (shkey->key_id == auth_key->sca_keynumber) {
  626. replace = 1;
  627. break;
  628. }
  629. }
  630. cur_key = sctp_auth_shkey_create(auth_key->sca_keynumber, GFP_KERNEL);
  631. if (!cur_key)
  632. return -ENOMEM;
  633. /* Create a new key data based on the info passed in */
  634. key = sctp_auth_create_key(auth_key->sca_keylength, GFP_KERNEL);
  635. if (!key) {
  636. kfree(cur_key);
  637. return -ENOMEM;
  638. }
  639. memcpy(key->data, &auth_key->sca_key[0], auth_key->sca_keylength);
  640. cur_key->key = key;
  641. if (!replace) {
  642. list_add(&cur_key->key_list, sh_keys);
  643. return 0;
  644. }
  645. list_del_init(&shkey->key_list);
  646. list_add(&cur_key->key_list, sh_keys);
  647. if (asoc && asoc->active_key_id == auth_key->sca_keynumber &&
  648. sctp_auth_asoc_init_active_key(asoc, GFP_KERNEL)) {
  649. list_del_init(&cur_key->key_list);
  650. sctp_auth_shkey_release(cur_key);
  651. list_add(&shkey->key_list, sh_keys);
  652. return -ENOMEM;
  653. }
  654. sctp_auth_shkey_release(shkey);
  655. return 0;
  656. }
  657. int sctp_auth_set_active_key(struct sctp_endpoint *ep,
  658. struct sctp_association *asoc,
  659. __u16 key_id)
  660. {
  661. struct sctp_shared_key *key;
  662. struct list_head *sh_keys;
  663. int found = 0;
  664. /* The key identifier MUST correst to an existing key */
  665. if (asoc) {
  666. if (!asoc->peer.auth_capable)
  667. return -EACCES;
  668. sh_keys = &asoc->endpoint_shared_keys;
  669. } else {
  670. if (!ep->auth_enable)
  671. return -EACCES;
  672. sh_keys = &ep->endpoint_shared_keys;
  673. }
  674. key_for_each(key, sh_keys) {
  675. if (key->key_id == key_id) {
  676. found = 1;
  677. break;
  678. }
  679. }
  680. if (!found || key->deactivated)
  681. return -EINVAL;
  682. if (asoc) {
  683. __u16 active_key_id = asoc->active_key_id;
  684. asoc->active_key_id = key_id;
  685. if (sctp_auth_asoc_init_active_key(asoc, GFP_KERNEL)) {
  686. asoc->active_key_id = active_key_id;
  687. return -ENOMEM;
  688. }
  689. } else
  690. ep->active_key_id = key_id;
  691. return 0;
  692. }
  693. int sctp_auth_del_key_id(struct sctp_endpoint *ep,
  694. struct sctp_association *asoc,
  695. __u16 key_id)
  696. {
  697. struct sctp_shared_key *key;
  698. struct list_head *sh_keys;
  699. int found = 0;
  700. /* The key identifier MUST NOT be the current active key
  701. * The key identifier MUST correst to an existing key
  702. */
  703. if (asoc) {
  704. if (!asoc->peer.auth_capable)
  705. return -EACCES;
  706. if (asoc->active_key_id == key_id)
  707. return -EINVAL;
  708. sh_keys = &asoc->endpoint_shared_keys;
  709. } else {
  710. if (!ep->auth_enable)
  711. return -EACCES;
  712. if (ep->active_key_id == key_id)
  713. return -EINVAL;
  714. sh_keys = &ep->endpoint_shared_keys;
  715. }
  716. key_for_each(key, sh_keys) {
  717. if (key->key_id == key_id) {
  718. found = 1;
  719. break;
  720. }
  721. }
  722. if (!found)
  723. return -EINVAL;
  724. /* Delete the shared key */
  725. list_del_init(&key->key_list);
  726. sctp_auth_shkey_release(key);
  727. return 0;
  728. }
  729. int sctp_auth_deact_key_id(struct sctp_endpoint *ep,
  730. struct sctp_association *asoc, __u16 key_id)
  731. {
  732. struct sctp_shared_key *key;
  733. struct list_head *sh_keys;
  734. int found = 0;
  735. /* The key identifier MUST NOT be the current active key
  736. * The key identifier MUST correst to an existing key
  737. */
  738. if (asoc) {
  739. if (!asoc->peer.auth_capable)
  740. return -EACCES;
  741. if (asoc->active_key_id == key_id)
  742. return -EINVAL;
  743. sh_keys = &asoc->endpoint_shared_keys;
  744. } else {
  745. if (!ep->auth_enable)
  746. return -EACCES;
  747. if (ep->active_key_id == key_id)
  748. return -EINVAL;
  749. sh_keys = &ep->endpoint_shared_keys;
  750. }
  751. key_for_each(key, sh_keys) {
  752. if (key->key_id == key_id) {
  753. found = 1;
  754. break;
  755. }
  756. }
  757. if (!found)
  758. return -EINVAL;
  759. /* refcnt == 1 and !list_empty mean it's not being used anywhere
  760. * and deactivated will be set, so it's time to notify userland
  761. * that this shkey can be freed.
  762. */
  763. if (asoc && !list_empty(&key->key_list) &&
  764. refcount_read(&key->refcnt) == 1) {
  765. struct sctp_ulpevent *ev;
  766. ev = sctp_ulpevent_make_authkey(asoc, key->key_id,
  767. SCTP_AUTH_FREE_KEY, GFP_KERNEL);
  768. if (ev)
  769. asoc->stream.si->enqueue_event(&asoc->ulpq, ev);
  770. }
  771. key->deactivated = 1;
  772. return 0;
  773. }
  774. int sctp_auth_init(struct sctp_endpoint *ep, gfp_t gfp)
  775. {
  776. /* Allocate space for HMACS and CHUNKS authentication
  777. * variables. There are arrays that we encode directly
  778. * into parameters to make the rest of the operations easier.
  779. */
  780. if (!ep->auth_hmacs_list) {
  781. struct sctp_hmac_algo_param *auth_hmacs;
  782. auth_hmacs = kzalloc_flex(*auth_hmacs, hmac_ids,
  783. SCTP_AUTH_NUM_HMACS, gfp);
  784. if (!auth_hmacs)
  785. goto nomem;
  786. /* Initialize the HMACS parameter.
  787. * SCTP-AUTH: Section 3.3
  788. * Every endpoint supporting SCTP chunk authentication MUST
  789. * support the HMAC based on the SHA-1 algorithm.
  790. */
  791. auth_hmacs->param_hdr.type = SCTP_PARAM_HMAC_ALGO;
  792. auth_hmacs->param_hdr.length =
  793. htons(sizeof(struct sctp_paramhdr) + 2);
  794. auth_hmacs->hmac_ids[0] = htons(SCTP_AUTH_HMAC_ID_SHA1);
  795. ep->auth_hmacs_list = auth_hmacs;
  796. }
  797. if (!ep->auth_chunk_list) {
  798. struct sctp_chunks_param *auth_chunks;
  799. auth_chunks = kzalloc(sizeof(*auth_chunks) +
  800. SCTP_NUM_CHUNK_TYPES, gfp);
  801. if (!auth_chunks)
  802. goto nomem;
  803. /* Initialize the CHUNKS parameter */
  804. auth_chunks->param_hdr.type = SCTP_PARAM_CHUNKS;
  805. auth_chunks->param_hdr.length =
  806. htons(sizeof(struct sctp_paramhdr));
  807. ep->auth_chunk_list = auth_chunks;
  808. }
  809. return 0;
  810. nomem:
  811. /* Free all allocations */
  812. kfree(ep->auth_hmacs_list);
  813. kfree(ep->auth_chunk_list);
  814. ep->auth_hmacs_list = NULL;
  815. ep->auth_chunk_list = NULL;
  816. return -ENOMEM;
  817. }
  818. void sctp_auth_free(struct sctp_endpoint *ep)
  819. {
  820. kfree(ep->auth_hmacs_list);
  821. kfree(ep->auth_chunk_list);
  822. ep->auth_hmacs_list = NULL;
  823. ep->auth_chunk_list = NULL;
  824. }