Home Explore Help
Register Sign In
phyus
/
linux-vybrid_public
8
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

[SCTP]: Implement SCTP-AUTH initializations.

The patch initializes AUTH related members of the generic SCTP
structures and provides a way to enable/disable auth extension.

Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Vlad Yasevich 17 years ago
parent
1f485649f5
commit
a29a5bd4f5
5 changed files with 133 additions and 0 deletions
Unified View Show Diff Stats
  1. 34 0
      net/sctp/associola.c
  2. 83 0
      net/sctp/endpointola.c
  3. 4 0
      net/sctp/output.c
  4. 3 0
      net/sctp/protocol.c
  5. 9 0
      net/sctp/sysctl.c

+ 34 - 0
net/sctp/associola.c
View File 

@@ -74,6 +74,8 @@ static struct sctp_association *sctp_association_init(struct sctp_association *a
 
 {
 
 {
 
 	struct sctp_sock *sp;
 
 	struct sctp_sock *sp;
 
 	int i;
 
 	int i;
 
+	sctp_paramhdr_t *p;
 
+	int err;
 
 
 
 	/* Retrieve the SCTP per socket area.  */
 
 	/* Retrieve the SCTP per socket area.  */
 
 	sp = sctp_sk((struct sock *)sk);
 
 	sp = sctp_sk((struct sock *)sk);
 
@@ -298,6 +300,30 @@ static struct sctp_association *sctp_association_init(struct sctp_association *a
 
 	asoc->default_timetolive = sp->default_timetolive;
 
 	asoc->default_timetolive = sp->default_timetolive;
 
 	asoc->default_rcv_context = sp->default_rcv_context;
 
 	asoc->default_rcv_context = sp->default_rcv_context;
 
 
 
+	/* AUTH related initializations */
 
+	INIT_LIST_HEAD(&asoc->endpoint_shared_keys);
 
+	err = sctp_auth_asoc_copy_shkeys(ep, asoc, gfp);
 
+	if (err)
 
+		goto fail_init;
 
+
 
+	asoc->active_key_id = ep->active_key_id;
 
+	asoc->asoc_shared_key = NULL;
 
+
 
+	asoc->default_hmac_id = 0;
 
+	/* Save the hmacs and chunks list into this association */
 
+	if (ep->auth_hmacs_list)
 
+		memcpy(asoc->c.auth_hmacs, ep->auth_hmacs_list,
 
+			ntohs(ep->auth_hmacs_list->param_hdr.length));
 
+	if (ep->auth_chunk_list)
 
+		memcpy(asoc->c.auth_chunks, ep->auth_chunk_list,
 
+			ntohs(ep->auth_chunk_list->param_hdr.length));
 
+
 
+	/* Get the AUTH random number for this association */
 
+	p = (sctp_paramhdr_t *)asoc->c.auth_random;
 
+	p->type = SCTP_PARAM_RANDOM;
 
+	p->length = htons(sizeof(sctp_paramhdr_t) + SCTP_AUTH_RANDOM_LENGTH);
 
+	get_random_bytes(p+1, SCTP_AUTH_RANDOM_LENGTH);
 
+
 
 	return asoc;
 
 	return asoc;
 
 
 
 fail_init:
 
 fail_init:
 
@@ -407,6 +433,12 @@ void sctp_association_free(struct sctp_association *asoc)
 
 	if (asoc->addip_last_asconf)
 
 	if (asoc->addip_last_asconf)
 
 		sctp_chunk_free(asoc->addip_last_asconf);
 
 		sctp_chunk_free(asoc->addip_last_asconf);
 
 
 
+	/* AUTH - Free the endpoint shared keys */
 
+	sctp_auth_destroy_keys(&asoc->endpoint_shared_keys);
 
+
 
+	/* AUTH - Free the association shared key */
 
+	sctp_auth_key_put(asoc->asoc_shared_key);
 
+
 
 	sctp_association_put(asoc);
 
 	sctp_association_put(asoc);
 
 }
 
 }
 
 
 
@@ -1112,6 +1144,8 @@ void sctp_assoc_update(struct sctp_association *asoc,
 
 			sctp_assoc_set_id(asoc, GFP_ATOMIC);
 
 			sctp_assoc_set_id(asoc, GFP_ATOMIC);
 
 		}
 
 		}
 
 	}
 
 	}
 
+
 
+	/* SCTP-AUTH: XXX something needs to be done here*/
 
 }
 
 }
 
 
 
 /* Update the retran path for sending a retransmitted packet.
 
 /* Update the retran path for sending a retransmitted packet.

+ 83 - 0
net/sctp/endpointola.c
View File 

@@ -69,12 +69,56 @@ static struct sctp_endpoint *sctp_endpoint_init(struct sctp_endpoint *ep,
 
 						struct sock *sk,
 
 						struct sock *sk,
 
 						gfp_t gfp)
 
 						gfp_t gfp)
 
 {
 
 {
 
+	struct sctp_hmac_algo_param *auth_hmacs = NULL;
 
+	struct sctp_chunks_param *auth_chunks = NULL;
 
+	struct sctp_shared_key *null_key;
 
+	int err;
 
+
 
 	memset(ep, 0, sizeof(struct sctp_endpoint));
 
 	memset(ep, 0, sizeof(struct sctp_endpoint));
 
 
 
 	ep->digest = kzalloc(SCTP_SIGNATURE_SIZE, gfp);
 
 	ep->digest = kzalloc(SCTP_SIGNATURE_SIZE, gfp);
 
 	if (!ep->digest)
 
 	if (!ep->digest)
 
 		return NULL;
 
 		return NULL;
 
 
 
+	if (sctp_auth_enable) {
 
+		/* Allocate space for HMACS and CHUNKS authentication
 
+		 * variables.  There are arrays that we encode directly
 
+		 * into parameters to make the rest of the operations easier.
 
+		 */
 
+		auth_hmacs = kzalloc(sizeof(sctp_hmac_algo_param_t) +
 
+				sizeof(__u16) * SCTP_AUTH_NUM_HMACS, gfp);
 
+		if (!auth_hmacs)
 
+			goto nomem;
 
+
 
+		auth_chunks = kzalloc(sizeof(sctp_chunks_param_t) +
 
+					SCTP_NUM_CHUNK_TYPES, gfp);
 
+		if (!auth_chunks)
 
+			goto nomem;
 
+
 
+		/* Initialize the HMACS parameter.
 
+		 * SCTP-AUTH: Section 3.3
 
+		 *    Every endpoint supporting SCTP chunk authentication MUST
 
+		 *    support the HMAC based on the SHA-1 algorithm.
 
+		 */
 
+		auth_hmacs->param_hdr.type = SCTP_PARAM_HMAC_ALGO;
 
+		auth_hmacs->param_hdr.length =
 
+					htons(sizeof(sctp_paramhdr_t) + 2);
 
+		auth_hmacs->hmac_ids[0] = htons(SCTP_AUTH_HMAC_ID_SHA1);
 
+
 
+		/* Initialize the CHUNKS parameter */
 
+		auth_chunks->param_hdr.type = SCTP_PARAM_CHUNKS;
 
+
 
+		/* If the Add-IP functionality is enabled, we must
 
+		 * authenticate, ASCONF and ASCONF-ACK chunks
 
+		 */
 
+		if (sctp_addip_enable) {
 
+			auth_chunks->chunks[0] = SCTP_CID_ASCONF;
 
+			auth_chunks->chunks[1] = SCTP_CID_ASCONF_ACK;
 
+			auth_chunks->param_hdr.length =
 
+					htons(sizeof(sctp_paramhdr_t) + 2);
 
+		}
 
+	}
 
+
 
 	/* Initialize the base structure. */
 
 	/* Initialize the base structure. */
 
 	/* What type of endpoint are we?  */
 
 	/* What type of endpoint are we?  */
 
 	ep->base.type = SCTP_EP_TYPE_SOCKET;
 
 	ep->base.type = SCTP_EP_TYPE_SOCKET;
 
@@ -114,7 +158,36 @@ static struct sctp_endpoint *sctp_endpoint_init(struct sctp_endpoint *ep,
 
 	ep->last_key = ep->current_key = 0;
 
 	ep->last_key = ep->current_key = 0;
 
 	ep->key_changed_at = jiffies;
 
 	ep->key_changed_at = jiffies;
 
 
 
+	/* SCTP-AUTH extensions*/
 
+	INIT_LIST_HEAD(&ep->endpoint_shared_keys);
 
+	null_key = sctp_auth_shkey_create(0, GFP_KERNEL);
 
+	if (!null_key)
 
+		goto nomem;
 
+
 
+	list_add(&null_key->key_list, &ep->endpoint_shared_keys);
 
+
 
+	/* Allocate and initialize transorms arrays for suported HMACs. */
 
+	err = sctp_auth_init_hmacs(ep, gfp);
 
+	if (err)
 
+		goto nomem_hmacs;
 
+
 
+	/* Add the null key to the endpoint shared keys list and
 
+	 * set the hmcas and chunks pointers.
 
+	 */
 
+	ep->auth_hmacs_list = auth_hmacs;
 
+	ep->auth_chunk_list = auth_chunks;
 
+
 
 	return ep;
 
 	return ep;
 
+
 
+nomem_hmacs:
 
+	sctp_auth_destroy_keys(&ep->endpoint_shared_keys);
 
+nomem:
 
+	/* Free all allocations */
 
+	kfree(auth_hmacs);
 
+	kfree(auth_chunks);
 
+	kfree(ep->digest);
 
+	return NULL;
 
+
 
 }
 
 }
 
 
 
 /* Create a sctp_endpoint with all that boring stuff initialized.
 
 /* Create a sctp_endpoint with all that boring stuff initialized.
 
@@ -187,6 +260,16 @@ static void sctp_endpoint_destroy(struct sctp_endpoint *ep)
 
 	/* Free the digest buffer */
 
 	/* Free the digest buffer */
 
 	kfree(ep->digest);
 
 	kfree(ep->digest);
 
 
 
+	/* SCTP-AUTH: Free up AUTH releated data such as shared keys
 
+	 * chunks and hmacs arrays that were allocated
 
+	 */
 
+	sctp_auth_destroy_keys(&ep->endpoint_shared_keys);
 
+	kfree(ep->auth_hmacs_list);
 
+	kfree(ep->auth_chunk_list);
 
+
 
+	/* AUTH - Free any allocated HMAC transform containers */
 
+	sctp_auth_destroy_hmacs(ep->auth_hmacs);
 
+
 
 	/* Cleanup. */
 
 	/* Cleanup. */
 
 	sctp_inq_free(&ep->base.inqueue);
 
 	sctp_inq_free(&ep->base.inqueue);
 
 	sctp_bind_addr_free(&ep->base.bind_addr);
 
 	sctp_bind_addr_free(&ep->base.bind_addr);

+ 4 - 0
net/sctp/output.c
View File 

@@ -79,7 +79,9 @@ struct sctp_packet *sctp_packet_config(struct sctp_packet *packet,
 
 	packet->vtag = vtag;
 
 	packet->vtag = vtag;
 
 	packet->has_cookie_echo = 0;
 
 	packet->has_cookie_echo = 0;
 
 	packet->has_sack = 0;
 
 	packet->has_sack = 0;
 
+	packet->has_auth = 0;
 
 	packet->ipfragok = 0;
 
 	packet->ipfragok = 0;
 
+	packet->auth = NULL;
 
 
 
 	if (ecn_capable && sctp_packet_empty(packet)) {
 
 	if (ecn_capable && sctp_packet_empty(packet)) {
 
 		chunk = sctp_get_ecne_prepend(packet->transport->asoc);
 
 		chunk = sctp_get_ecne_prepend(packet->transport->asoc);
 
@@ -121,8 +123,10 @@ struct sctp_packet *sctp_packet_init(struct sctp_packet *packet,
 
 	packet->vtag = 0;
 
 	packet->vtag = 0;
 
 	packet->has_cookie_echo = 0;
 
 	packet->has_cookie_echo = 0;
 
 	packet->has_sack = 0;
 
 	packet->has_sack = 0;
 
+	packet->has_auth = 0;
 
 	packet->ipfragok = 0;
 
 	packet->ipfragok = 0;
 
 	packet->malloced = 0;
 
 	packet->malloced = 0;
 
+	packet->auth = NULL;
 
 	return packet;
 
 	return packet;
 
 }
 
 }

+ 3 - 0
net/sctp/protocol.c
View File 

@@ -1185,6 +1185,9 @@ SCTP_STATIC __init int sctp_init(void)
 
 	/* Enable PR-SCTP by default. */
 
 	/* Enable PR-SCTP by default. */
 
 	sctp_prsctp_enable = 1;
 
 	sctp_prsctp_enable = 1;
 
 
 
+	/* Disable AUTH by default. */
 
+	sctp_auth_enable = 0;
 
+
 
 	sctp_sysctl_register();
 
 	sctp_sysctl_register();
 
 
 
 	INIT_LIST_HEAD(&sctp_address_families);
 
 	INIT_LIST_HEAD(&sctp_address_families);

+ 9 - 0
net/sctp/sysctl.c
View File 

@@ -254,6 +254,15 @@ static ctl_table sctp_table[] = {
 
 		.mode		= 0644,
 
 		.mode		= 0644,
 
 		.proc_handler	= &proc_dointvec,
 
 		.proc_handler	= &proc_dointvec,
 
 	},
 
 	},
 
+	{
 
+		.ctl_name	= CTL_UNNUMBERED,
 
+		.procname	= "auth_enable",
 
+		.data		= &sctp_auth_enable,
 
+		.maxlen		= sizeof(int),
 
+		.mode		= 0644,
 
+		.proc_handler	= &proc_dointvec,
 
+		.strategy	= &sysctl_intvec
 
+	},
 
 	{ .ctl_name = 0 }
 
 	{ .ctl_name = 0 }
 
 };
 
 };