auth.c 27 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089
  1. // SPDX-License-Identifier: GPL-2.0-or-later
  2. /* SCTP kernel implementation
  3. * (C) Copyright 2007 Hewlett-Packard Development Company, L.P.
  4. *
  5. * This file is part of the SCTP kernel implementation
  6. *
  7. * Please send any bug reports or fixes you make to the
  8. * email address(es):
  9. * lksctp developers <[email protected]>
  10. *
  11. * Written or modified by:
  12. * Vlad Yasevich <[email protected]>
  13. */
  14. #include <crypto/hash.h>
  15. #include <linux/slab.h>
  16. #include <linux/types.h>
  17. #include <linux/scatterlist.h>
  18. #include <net/sctp/sctp.h>
  19. #include <net/sctp/auth.h>
  20. static struct sctp_hmac sctp_hmac_list[SCTP_AUTH_NUM_HMACS] = {
  21. {
  22. /* id 0 is reserved. as all 0 */
  23. .hmac_id = SCTP_AUTH_HMAC_ID_RESERVED_0,
  24. },
  25. {
  26. .hmac_id = SCTP_AUTH_HMAC_ID_SHA1,
  27. .hmac_name = "hmac(sha1)",
  28. .hmac_len = SCTP_SHA1_SIG_SIZE,
  29. },
  30. {
  31. /* id 2 is reserved as well */
  32. .hmac_id = SCTP_AUTH_HMAC_ID_RESERVED_2,
  33. },
  34. #if IS_ENABLED(CONFIG_CRYPTO_SHA256)
  35. {
  36. .hmac_id = SCTP_AUTH_HMAC_ID_SHA256,
  37. .hmac_name = "hmac(sha256)",
  38. .hmac_len = SCTP_SHA256_SIG_SIZE,
  39. }
  40. #endif
  41. };
  42. void sctp_auth_key_put(struct sctp_auth_bytes *key)
  43. {
  44. if (!key)
  45. return;
  46. if (refcount_dec_and_test(&key->refcnt)) {
  47. kfree_sensitive(key);
  48. SCTP_DBG_OBJCNT_DEC(keys);
  49. }
  50. }
  51. /* Create a new key structure of a given length */
  52. static struct sctp_auth_bytes *sctp_auth_create_key(__u32 key_len, gfp_t gfp)
  53. {
  54. struct sctp_auth_bytes *key;
  55. /* Verify that we are not going to overflow INT_MAX */
  56. if (key_len > (INT_MAX - sizeof(struct sctp_auth_bytes)))
  57. return NULL;
  58. /* Allocate the shared key */
  59. key = kmalloc(sizeof(struct sctp_auth_bytes) + key_len, gfp);
  60. if (!key)
  61. return NULL;
  62. key->len = key_len;
  63. refcount_set(&key->refcnt, 1);
  64. SCTP_DBG_OBJCNT_INC(keys);
  65. return key;
  66. }
  67. /* Create a new shared key container with a give key id */
  68. struct sctp_shared_key *sctp_auth_shkey_create(__u16 key_id, gfp_t gfp)
  69. {
  70. struct sctp_shared_key *new;
  71. /* Allocate the shared key container */
  72. new = kzalloc(sizeof(struct sctp_shared_key), gfp);
  73. if (!new)
  74. return NULL;
  75. INIT_LIST_HEAD(&new->key_list);
  76. refcount_set(&new->refcnt, 1);
  77. new->key_id = key_id;
  78. return new;
  79. }
  80. /* Free the shared key structure */
  81. static void sctp_auth_shkey_destroy(struct sctp_shared_key *sh_key)
  82. {
  83. BUG_ON(!list_empty(&sh_key->key_list));
  84. sctp_auth_key_put(sh_key->key);
  85. sh_key->key = NULL;
  86. kfree(sh_key);
  87. }
  88. void sctp_auth_shkey_release(struct sctp_shared_key *sh_key)
  89. {
  90. if (refcount_dec_and_test(&sh_key->refcnt))
  91. sctp_auth_shkey_destroy(sh_key);
  92. }
  93. void sctp_auth_shkey_hold(struct sctp_shared_key *sh_key)
  94. {
  95. refcount_inc(&sh_key->refcnt);
  96. }
  97. /* Destroy the entire key list. This is done during the
  98. * associon and endpoint free process.
  99. */
  100. void sctp_auth_destroy_keys(struct list_head *keys)
  101. {
  102. struct sctp_shared_key *ep_key;
  103. struct sctp_shared_key *tmp;
  104. if (list_empty(keys))
  105. return;
  106. key_for_each_safe(ep_key, tmp, keys) {
  107. list_del_init(&ep_key->key_list);
  108. sctp_auth_shkey_release(ep_key);
  109. }
  110. }
  111. /* Compare two byte vectors as numbers. Return values
  112. * are:
  113. * 0 - vectors are equal
  114. * < 0 - vector 1 is smaller than vector2
  115. * > 0 - vector 1 is greater than vector2
  116. *
  117. * Algorithm is:
  118. * This is performed by selecting the numerically smaller key vector...
  119. * If the key vectors are equal as numbers but differ in length ...
  120. * the shorter vector is considered smaller
  121. *
  122. * Examples (with small values):
  123. * 000123456789 > 123456789 (first number is longer)
  124. * 000123456789 < 234567891 (second number is larger numerically)
  125. * 123456789 > 2345678 (first number is both larger & longer)
  126. */
  127. static int sctp_auth_compare_vectors(struct sctp_auth_bytes *vector1,
  128. struct sctp_auth_bytes *vector2)
  129. {
  130. int diff;
  131. int i;
  132. const __u8 *longer;
  133. diff = vector1->len - vector2->len;
  134. if (diff) {
  135. longer = (diff > 0) ? vector1->data : vector2->data;
  136. /* Check to see if the longer number is
  137. * lead-zero padded. If it is not, it
  138. * is automatically larger numerically.
  139. */
  140. for (i = 0; i < abs(diff); i++) {
  141. if (longer[i] != 0)
  142. return diff;
  143. }
  144. }
  145. /* lengths are the same, compare numbers */
  146. return memcmp(vector1->data, vector2->data, vector1->len);
  147. }
  148. /*
  149. * Create a key vector as described in SCTP-AUTH, Section 6.1
  150. * The RANDOM parameter, the CHUNKS parameter and the HMAC-ALGO
  151. * parameter sent by each endpoint are concatenated as byte vectors.
  152. * These parameters include the parameter type, parameter length, and
  153. * the parameter value, but padding is omitted; all padding MUST be
  154. * removed from this concatenation before proceeding with further
  155. * computation of keys. Parameters which were not sent are simply
  156. * omitted from the concatenation process. The resulting two vectors
  157. * are called the two key vectors.
  158. */
  159. static struct sctp_auth_bytes *sctp_auth_make_key_vector(
  160. struct sctp_random_param *random,
  161. struct sctp_chunks_param *chunks,
  162. struct sctp_hmac_algo_param *hmacs,
  163. gfp_t gfp)
  164. {
  165. struct sctp_auth_bytes *new;
  166. __u32 len;
  167. __u32 offset = 0;
  168. __u16 random_len, hmacs_len, chunks_len = 0;
  169. random_len = ntohs(random->param_hdr.length);
  170. hmacs_len = ntohs(hmacs->param_hdr.length);
  171. if (chunks)
  172. chunks_len = ntohs(chunks->param_hdr.length);
  173. len = random_len + hmacs_len + chunks_len;
  174. new = sctp_auth_create_key(len, gfp);
  175. if (!new)
  176. return NULL;
  177. memcpy(new->data, random, random_len);
  178. offset += random_len;
  179. if (chunks) {
  180. memcpy(new->data + offset, chunks, chunks_len);
  181. offset += chunks_len;
  182. }
  183. memcpy(new->data + offset, hmacs, hmacs_len);
  184. return new;
  185. }
  186. /* Make a key vector based on our local parameters */
  187. static struct sctp_auth_bytes *sctp_auth_make_local_vector(
  188. const struct sctp_association *asoc,
  189. gfp_t gfp)
  190. {
  191. return sctp_auth_make_key_vector(
  192. (struct sctp_random_param *)asoc->c.auth_random,
  193. (struct sctp_chunks_param *)asoc->c.auth_chunks,
  194. (struct sctp_hmac_algo_param *)asoc->c.auth_hmacs, gfp);
  195. }
  196. /* Make a key vector based on peer's parameters */
  197. static struct sctp_auth_bytes *sctp_auth_make_peer_vector(
  198. const struct sctp_association *asoc,
  199. gfp_t gfp)
  200. {
  201. return sctp_auth_make_key_vector(asoc->peer.peer_random,
  202. asoc->peer.peer_chunks,
  203. asoc->peer.peer_hmacs,
  204. gfp);
  205. }
  206. /* Set the value of the association shared key base on the parameters
  207. * given. The algorithm is:
  208. * From the endpoint pair shared keys and the key vectors the
  209. * association shared keys are computed. This is performed by selecting
  210. * the numerically smaller key vector and concatenating it to the
  211. * endpoint pair shared key, and then concatenating the numerically
  212. * larger key vector to that. The result of the concatenation is the
  213. * association shared key.
  214. */
  215. static struct sctp_auth_bytes *sctp_auth_asoc_set_secret(
  216. struct sctp_shared_key *ep_key,
  217. struct sctp_auth_bytes *first_vector,
  218. struct sctp_auth_bytes *last_vector,
  219. gfp_t gfp)
  220. {
  221. struct sctp_auth_bytes *secret;
  222. __u32 offset = 0;
  223. __u32 auth_len;
  224. auth_len = first_vector->len + last_vector->len;
  225. if (ep_key->key)
  226. auth_len += ep_key->key->len;
  227. secret = sctp_auth_create_key(auth_len, gfp);
  228. if (!secret)
  229. return NULL;
  230. if (ep_key->key) {
  231. memcpy(secret->data, ep_key->key->data, ep_key->key->len);
  232. offset += ep_key->key->len;
  233. }
  234. memcpy(secret->data + offset, first_vector->data, first_vector->len);
  235. offset += first_vector->len;
  236. memcpy(secret->data + offset, last_vector->data, last_vector->len);
  237. return secret;
  238. }
  239. /* Create an association shared key. Follow the algorithm
  240. * described in SCTP-AUTH, Section 6.1
  241. */
  242. static struct sctp_auth_bytes *sctp_auth_asoc_create_secret(
  243. const struct sctp_association *asoc,
  244. struct sctp_shared_key *ep_key,
  245. gfp_t gfp)
  246. {
  247. struct sctp_auth_bytes *local_key_vector;
  248. struct sctp_auth_bytes *peer_key_vector;
  249. struct sctp_auth_bytes *first_vector,
  250. *last_vector;
  251. struct sctp_auth_bytes *secret = NULL;
  252. int cmp;
  253. /* Now we need to build the key vectors
  254. * SCTP-AUTH , Section 6.1
  255. * The RANDOM parameter, the CHUNKS parameter and the HMAC-ALGO
  256. * parameter sent by each endpoint are concatenated as byte vectors.
  257. * These parameters include the parameter type, parameter length, and
  258. * the parameter value, but padding is omitted; all padding MUST be
  259. * removed from this concatenation before proceeding with further
  260. * computation of keys. Parameters which were not sent are simply
  261. * omitted from the concatenation process. The resulting two vectors
  262. * are called the two key vectors.
  263. */
  264. local_key_vector = sctp_auth_make_local_vector(asoc, gfp);
  265. peer_key_vector = sctp_auth_make_peer_vector(asoc, gfp);
  266. if (!peer_key_vector || !local_key_vector)
  267. goto out;
  268. /* Figure out the order in which the key_vectors will be
  269. * added to the endpoint shared key.
  270. * SCTP-AUTH, Section 6.1:
  271. * This is performed by selecting the numerically smaller key
  272. * vector and concatenating it to the endpoint pair shared
  273. * key, and then concatenating the numerically larger key
  274. * vector to that. If the key vectors are equal as numbers
  275. * but differ in length, then the concatenation order is the
  276. * endpoint shared key, followed by the shorter key vector,
  277. * followed by the longer key vector. Otherwise, the key
  278. * vectors are identical, and may be concatenated to the
  279. * endpoint pair key in any order.
  280. */
  281. cmp = sctp_auth_compare_vectors(local_key_vector,
  282. peer_key_vector);
  283. if (cmp < 0) {
  284. first_vector = local_key_vector;
  285. last_vector = peer_key_vector;
  286. } else {
  287. first_vector = peer_key_vector;
  288. last_vector = local_key_vector;
  289. }
  290. secret = sctp_auth_asoc_set_secret(ep_key, first_vector, last_vector,
  291. gfp);
  292. out:
  293. sctp_auth_key_put(local_key_vector);
  294. sctp_auth_key_put(peer_key_vector);
  295. return secret;
  296. }
  297. /*
  298. * Populate the association overlay list with the list
  299. * from the endpoint.
  300. */
  301. int sctp_auth_asoc_copy_shkeys(const struct sctp_endpoint *ep,
  302. struct sctp_association *asoc,
  303. gfp_t gfp)
  304. {
  305. struct sctp_shared_key *sh_key;
  306. struct sctp_shared_key *new;
  307. BUG_ON(!list_empty(&asoc->endpoint_shared_keys));
  308. key_for_each(sh_key, &ep->endpoint_shared_keys) {
  309. new = sctp_auth_shkey_create(sh_key->key_id, gfp);
  310. if (!new)
  311. goto nomem;
  312. new->key = sh_key->key;
  313. sctp_auth_key_hold(new->key);
  314. list_add(&new->key_list, &asoc->endpoint_shared_keys);
  315. }
  316. return 0;
  317. nomem:
  318. sctp_auth_destroy_keys(&asoc->endpoint_shared_keys);
  319. return -ENOMEM;
  320. }
  321. /* Public interface to create the association shared key.
  322. * See code above for the algorithm.
  323. */
  324. int sctp_auth_asoc_init_active_key(struct sctp_association *asoc, gfp_t gfp)
  325. {
  326. struct sctp_auth_bytes *secret;
  327. struct sctp_shared_key *ep_key;
  328. struct sctp_chunk *chunk;
  329. /* If we don't support AUTH, or peer is not capable
  330. * we don't need to do anything.
  331. */
  332. if (!asoc->peer.auth_capable)
  333. return 0;
  334. /* If the key_id is non-zero and we couldn't find an
  335. * endpoint pair shared key, we can't compute the
  336. * secret.
  337. * For key_id 0, endpoint pair shared key is a NULL key.
  338. */
  339. ep_key = sctp_auth_get_shkey(asoc, asoc->active_key_id);
  340. BUG_ON(!ep_key);
  341. secret = sctp_auth_asoc_create_secret(asoc, ep_key, gfp);
  342. if (!secret)
  343. return -ENOMEM;
  344. sctp_auth_key_put(asoc->asoc_shared_key);
  345. asoc->asoc_shared_key = secret;
  346. asoc->shkey = ep_key;
  347. /* Update send queue in case any chunk already in there now
  348. * needs authenticating
  349. */
  350. list_for_each_entry(chunk, &asoc->outqueue.out_chunk_list, list) {
  351. if (sctp_auth_send_cid(chunk->chunk_hdr->type, asoc)) {
  352. chunk->auth = 1;
  353. if (!chunk->shkey) {
  354. chunk->shkey = asoc->shkey;
  355. sctp_auth_shkey_hold(chunk->shkey);
  356. }
  357. }
  358. }
  359. return 0;
  360. }
  361. /* Find the endpoint pair shared key based on the key_id */
  362. struct sctp_shared_key *sctp_auth_get_shkey(
  363. const struct sctp_association *asoc,
  364. __u16 key_id)
  365. {
  366. struct sctp_shared_key *key;
  367. /* First search associations set of endpoint pair shared keys */
  368. key_for_each(key, &asoc->endpoint_shared_keys) {
  369. if (key->key_id == key_id) {
  370. if (!key->deactivated)
  371. return key;
  372. break;
  373. }
  374. }
  375. return NULL;
  376. }
  377. /*
  378. * Initialize all the possible digest transforms that we can use. Right
  379. * now, the supported digests are SHA1 and SHA256. We do this here once
  380. * because of the restrictiong that transforms may only be allocated in
  381. * user context. This forces us to pre-allocated all possible transforms
  382. * at the endpoint init time.
  383. */
  384. int sctp_auth_init_hmacs(struct sctp_endpoint *ep, gfp_t gfp)
  385. {
  386. struct crypto_shash *tfm = NULL;
  387. __u16 id;
  388. /* If the transforms are already allocated, we are done */
  389. if (ep->auth_hmacs)
  390. return 0;
  391. /* Allocated the array of pointers to transorms */
  392. ep->auth_hmacs = kcalloc(SCTP_AUTH_NUM_HMACS,
  393. sizeof(struct crypto_shash *),
  394. gfp);
  395. if (!ep->auth_hmacs)
  396. return -ENOMEM;
  397. for (id = 0; id < SCTP_AUTH_NUM_HMACS; id++) {
  398. /* See is we support the id. Supported IDs have name and
  399. * length fields set, so that we can allocated and use
  400. * them. We can safely just check for name, for without the
  401. * name, we can't allocate the TFM.
  402. */
  403. if (!sctp_hmac_list[id].hmac_name)
  404. continue;
  405. /* If this TFM has been allocated, we are all set */
  406. if (ep->auth_hmacs[id])
  407. continue;
  408. /* Allocate the ID */
  409. tfm = crypto_alloc_shash(sctp_hmac_list[id].hmac_name, 0, 0);
  410. if (IS_ERR(tfm))
  411. goto out_err;
  412. ep->auth_hmacs[id] = tfm;
  413. }
  414. return 0;
  415. out_err:
  416. /* Clean up any successful allocations */
  417. sctp_auth_destroy_hmacs(ep->auth_hmacs);
  418. ep->auth_hmacs = NULL;
  419. return -ENOMEM;
  420. }
  421. /* Destroy the hmac tfm array */
  422. void sctp_auth_destroy_hmacs(struct crypto_shash *auth_hmacs[])
  423. {
  424. int i;
  425. if (!auth_hmacs)
  426. return;
  427. for (i = 0; i < SCTP_AUTH_NUM_HMACS; i++) {
  428. crypto_free_shash(auth_hmacs[i]);
  429. }
  430. kfree(auth_hmacs);
  431. }
  432. struct sctp_hmac *sctp_auth_get_hmac(__u16 hmac_id)
  433. {
  434. return &sctp_hmac_list[hmac_id];
  435. }
  436. /* Get an hmac description information that we can use to build
  437. * the AUTH chunk
  438. */
  439. struct sctp_hmac *sctp_auth_asoc_get_hmac(const struct sctp_association *asoc)
  440. {
  441. struct sctp_hmac_algo_param *hmacs;
  442. __u16 n_elt;
  443. __u16 id = 0;
  444. int i;
  445. /* If we have a default entry, use it */
  446. if (asoc->default_hmac_id)
  447. return &sctp_hmac_list[asoc->default_hmac_id];
  448. /* Since we do not have a default entry, find the first entry
  449. * we support and return that. Do not cache that id.
  450. */
  451. hmacs = asoc->peer.peer_hmacs;
  452. if (!hmacs)
  453. return NULL;
  454. n_elt = (ntohs(hmacs->param_hdr.length) -
  455. sizeof(struct sctp_paramhdr)) >> 1;
  456. for (i = 0; i < n_elt; i++) {
  457. id = ntohs(hmacs->hmac_ids[i]);
  458. /* Check the id is in the supported range. And
  459. * see if we support the id. Supported IDs have name and
  460. * length fields set, so that we can allocate and use
  461. * them. We can safely just check for name, for without the
  462. * name, we can't allocate the TFM.
  463. */
  464. if (id > SCTP_AUTH_HMAC_ID_MAX ||
  465. !sctp_hmac_list[id].hmac_name) {
  466. id = 0;
  467. continue;
  468. }
  469. break;
  470. }
  471. if (id == 0)
  472. return NULL;
  473. return &sctp_hmac_list[id];
  474. }
  475. static int __sctp_auth_find_hmacid(__be16 *hmacs, int n_elts, __be16 hmac_id)
  476. {
  477. int found = 0;
  478. int i;
  479. for (i = 0; i < n_elts; i++) {
  480. if (hmac_id == hmacs[i]) {
  481. found = 1;
  482. break;
  483. }
  484. }
  485. return found;
  486. }
  487. /* See if the HMAC_ID is one that we claim as supported */
  488. int sctp_auth_asoc_verify_hmac_id(const struct sctp_association *asoc,
  489. __be16 hmac_id)
  490. {
  491. struct sctp_hmac_algo_param *hmacs;
  492. __u16 n_elt;
  493. if (!asoc)
  494. return 0;
  495. hmacs = (struct sctp_hmac_algo_param *)asoc->c.auth_hmacs;
  496. n_elt = (ntohs(hmacs->param_hdr.length) -
  497. sizeof(struct sctp_paramhdr)) >> 1;
  498. return __sctp_auth_find_hmacid(hmacs->hmac_ids, n_elt, hmac_id);
  499. }
  500. /* Cache the default HMAC id. This to follow this text from SCTP-AUTH:
  501. * Section 6.1:
  502. * The receiver of a HMAC-ALGO parameter SHOULD use the first listed
  503. * algorithm it supports.
  504. */
  505. void sctp_auth_asoc_set_default_hmac(struct sctp_association *asoc,
  506. struct sctp_hmac_algo_param *hmacs)
  507. {
  508. struct sctp_endpoint *ep;
  509. __u16 id;
  510. int i;
  511. int n_params;
  512. /* if the default id is already set, use it */
  513. if (asoc->default_hmac_id)
  514. return;
  515. n_params = (ntohs(hmacs->param_hdr.length) -
  516. sizeof(struct sctp_paramhdr)) >> 1;
  517. ep = asoc->ep;
  518. for (i = 0; i < n_params; i++) {
  519. id = ntohs(hmacs->hmac_ids[i]);
  520. /* Check the id is in the supported range */
  521. if (id > SCTP_AUTH_HMAC_ID_MAX)
  522. continue;
  523. /* If this TFM has been allocated, use this id */
  524. if (ep->auth_hmacs[id]) {
  525. asoc->default_hmac_id = id;
  526. break;
  527. }
  528. }
  529. }
  530. /* Check to see if the given chunk is supposed to be authenticated */
  531. static int __sctp_auth_cid(enum sctp_cid chunk, struct sctp_chunks_param *param)
  532. {
  533. unsigned short len;
  534. int found = 0;
  535. int i;
  536. if (!param || param->param_hdr.length == 0)
  537. return 0;
  538. len = ntohs(param->param_hdr.length) - sizeof(struct sctp_paramhdr);
  539. /* SCTP-AUTH, Section 3.2
  540. * The chunk types for INIT, INIT-ACK, SHUTDOWN-COMPLETE and AUTH
  541. * chunks MUST NOT be listed in the CHUNKS parameter. However, if
  542. * a CHUNKS parameter is received then the types for INIT, INIT-ACK,
  543. * SHUTDOWN-COMPLETE and AUTH chunks MUST be ignored.
  544. */
  545. for (i = 0; !found && i < len; i++) {
  546. switch (param->chunks[i]) {
  547. case SCTP_CID_INIT:
  548. case SCTP_CID_INIT_ACK:
  549. case SCTP_CID_SHUTDOWN_COMPLETE:
  550. case SCTP_CID_AUTH:
  551. break;
  552. default:
  553. if (param->chunks[i] == chunk)
  554. found = 1;
  555. break;
  556. }
  557. }
  558. return found;
  559. }
  560. /* Check if peer requested that this chunk is authenticated */
  561. int sctp_auth_send_cid(enum sctp_cid chunk, const struct sctp_association *asoc)
  562. {
  563. if (!asoc)
  564. return 0;
  565. if (!asoc->peer.auth_capable)
  566. return 0;
  567. return __sctp_auth_cid(chunk, asoc->peer.peer_chunks);
  568. }
  569. /* Check if we requested that peer authenticate this chunk. */
  570. int sctp_auth_recv_cid(enum sctp_cid chunk, const struct sctp_association *asoc)
  571. {
  572. if (!asoc)
  573. return 0;
  574. if (!asoc->peer.auth_capable)
  575. return 0;
  576. return __sctp_auth_cid(chunk,
  577. (struct sctp_chunks_param *)asoc->c.auth_chunks);
  578. }
  579. /* SCTP-AUTH: Section 6.2:
  580. * The sender MUST calculate the MAC as described in RFC2104 [2] using
  581. * the hash function H as described by the MAC Identifier and the shared
  582. * association key K based on the endpoint pair shared key described by
  583. * the shared key identifier. The 'data' used for the computation of
  584. * the AUTH-chunk is given by the AUTH chunk with its HMAC field set to
  585. * zero (as shown in Figure 6) followed by all chunks that are placed
  586. * after the AUTH chunk in the SCTP packet.
  587. */
  588. void sctp_auth_calculate_hmac(const struct sctp_association *asoc,
  589. struct sk_buff *skb, struct sctp_auth_chunk *auth,
  590. struct sctp_shared_key *ep_key, gfp_t gfp)
  591. {
  592. struct sctp_auth_bytes *asoc_key;
  593. struct crypto_shash *tfm;
  594. __u16 key_id, hmac_id;
  595. unsigned char *end;
  596. int free_key = 0;
  597. __u8 *digest;
  598. /* Extract the info we need:
  599. * - hmac id
  600. * - key id
  601. */
  602. key_id = ntohs(auth->auth_hdr.shkey_id);
  603. hmac_id = ntohs(auth->auth_hdr.hmac_id);
  604. if (key_id == asoc->active_key_id)
  605. asoc_key = asoc->asoc_shared_key;
  606. else {
  607. /* ep_key can't be NULL here */
  608. asoc_key = sctp_auth_asoc_create_secret(asoc, ep_key, gfp);
  609. if (!asoc_key)
  610. return;
  611. free_key = 1;
  612. }
  613. /* set up scatter list */
  614. end = skb_tail_pointer(skb);
  615. tfm = asoc->ep->auth_hmacs[hmac_id];
  616. digest = auth->auth_hdr.hmac;
  617. if (crypto_shash_setkey(tfm, &asoc_key->data[0], asoc_key->len))
  618. goto free;
  619. crypto_shash_tfm_digest(tfm, (u8 *)auth, end - (unsigned char *)auth,
  620. digest);
  621. free:
  622. if (free_key)
  623. sctp_auth_key_put(asoc_key);
  624. }
  625. /* API Helpers */
  626. /* Add a chunk to the endpoint authenticated chunk list */
  627. int sctp_auth_ep_add_chunkid(struct sctp_endpoint *ep, __u8 chunk_id)
  628. {
  629. struct sctp_chunks_param *p = ep->auth_chunk_list;
  630. __u16 nchunks;
  631. __u16 param_len;
  632. /* If this chunk is already specified, we are done */
  633. if (__sctp_auth_cid(chunk_id, p))
  634. return 0;
  635. /* Check if we can add this chunk to the array */
  636. param_len = ntohs(p->param_hdr.length);
  637. nchunks = param_len - sizeof(struct sctp_paramhdr);
  638. if (nchunks == SCTP_NUM_CHUNK_TYPES)
  639. return -EINVAL;
  640. p->chunks[nchunks] = chunk_id;
  641. p->param_hdr.length = htons(param_len + 1);
  642. return 0;
  643. }
  644. /* Add hmac identifires to the endpoint list of supported hmac ids */
  645. int sctp_auth_ep_set_hmacs(struct sctp_endpoint *ep,
  646. struct sctp_hmacalgo *hmacs)
  647. {
  648. int has_sha1 = 0;
  649. __u16 id;
  650. int i;
  651. /* Scan the list looking for unsupported id. Also make sure that
  652. * SHA1 is specified.
  653. */
  654. for (i = 0; i < hmacs->shmac_num_idents; i++) {
  655. id = hmacs->shmac_idents[i];
  656. if (id > SCTP_AUTH_HMAC_ID_MAX)
  657. return -EOPNOTSUPP;
  658. if (SCTP_AUTH_HMAC_ID_SHA1 == id)
  659. has_sha1 = 1;
  660. if (!sctp_hmac_list[id].hmac_name)
  661. return -EOPNOTSUPP;
  662. }
  663. if (!has_sha1)
  664. return -EINVAL;
  665. for (i = 0; i < hmacs->shmac_num_idents; i++)
  666. ep->auth_hmacs_list->hmac_ids[i] =
  667. htons(hmacs->shmac_idents[i]);
  668. ep->auth_hmacs_list->param_hdr.length =
  669. htons(sizeof(struct sctp_paramhdr) +
  670. hmacs->shmac_num_idents * sizeof(__u16));
  671. return 0;
  672. }
  673. /* Set a new shared key on either endpoint or association. If the
  674. * key with a same ID already exists, replace the key (remove the
  675. * old key and add a new one).
  676. */
  677. int sctp_auth_set_key(struct sctp_endpoint *ep,
  678. struct sctp_association *asoc,
  679. struct sctp_authkey *auth_key)
  680. {
  681. struct sctp_shared_key *cur_key, *shkey;
  682. struct sctp_auth_bytes *key;
  683. struct list_head *sh_keys;
  684. int replace = 0;
  685. /* Try to find the given key id to see if
  686. * we are doing a replace, or adding a new key
  687. */
  688. if (asoc) {
  689. if (!asoc->peer.auth_capable)
  690. return -EACCES;
  691. sh_keys = &asoc->endpoint_shared_keys;
  692. } else {
  693. if (!ep->auth_enable)
  694. return -EACCES;
  695. sh_keys = &ep->endpoint_shared_keys;
  696. }
  697. key_for_each(shkey, sh_keys) {
  698. if (shkey->key_id == auth_key->sca_keynumber) {
  699. replace = 1;
  700. break;
  701. }
  702. }
  703. cur_key = sctp_auth_shkey_create(auth_key->sca_keynumber, GFP_KERNEL);
  704. if (!cur_key)
  705. return -ENOMEM;
  706. /* Create a new key data based on the info passed in */
  707. key = sctp_auth_create_key(auth_key->sca_keylength, GFP_KERNEL);
  708. if (!key) {
  709. kfree(cur_key);
  710. return -ENOMEM;
  711. }
  712. memcpy(key->data, &auth_key->sca_key[0], auth_key->sca_keylength);
  713. cur_key->key = key;
  714. if (!replace) {
  715. list_add(&cur_key->key_list, sh_keys);
  716. return 0;
  717. }
  718. list_del_init(&shkey->key_list);
  719. list_add(&cur_key->key_list, sh_keys);
  720. if (asoc && asoc->active_key_id == auth_key->sca_keynumber &&
  721. sctp_auth_asoc_init_active_key(asoc, GFP_KERNEL)) {
  722. list_del_init(&cur_key->key_list);
  723. sctp_auth_shkey_release(cur_key);
  724. list_add(&shkey->key_list, sh_keys);
  725. return -ENOMEM;
  726. }
  727. sctp_auth_shkey_release(shkey);
  728. return 0;
  729. }
  730. int sctp_auth_set_active_key(struct sctp_endpoint *ep,
  731. struct sctp_association *asoc,
  732. __u16 key_id)
  733. {
  734. struct sctp_shared_key *key;
  735. struct list_head *sh_keys;
  736. int found = 0;
  737. /* The key identifier MUST correst to an existing key */
  738. if (asoc) {
  739. if (!asoc->peer.auth_capable)
  740. return -EACCES;
  741. sh_keys = &asoc->endpoint_shared_keys;
  742. } else {
  743. if (!ep->auth_enable)
  744. return -EACCES;
  745. sh_keys = &ep->endpoint_shared_keys;
  746. }
  747. key_for_each(key, sh_keys) {
  748. if (key->key_id == key_id) {
  749. found = 1;
  750. break;
  751. }
  752. }
  753. if (!found || key->deactivated)
  754. return -EINVAL;
  755. if (asoc) {
  756. __u16 active_key_id = asoc->active_key_id;
  757. asoc->active_key_id = key_id;
  758. if (sctp_auth_asoc_init_active_key(asoc, GFP_KERNEL)) {
  759. asoc->active_key_id = active_key_id;
  760. return -ENOMEM;
  761. }
  762. } else
  763. ep->active_key_id = key_id;
  764. return 0;
  765. }
  766. int sctp_auth_del_key_id(struct sctp_endpoint *ep,
  767. struct sctp_association *asoc,
  768. __u16 key_id)
  769. {
  770. struct sctp_shared_key *key;
  771. struct list_head *sh_keys;
  772. int found = 0;
  773. /* The key identifier MUST NOT be the current active key
  774. * The key identifier MUST correst to an existing key
  775. */
  776. if (asoc) {
  777. if (!asoc->peer.auth_capable)
  778. return -EACCES;
  779. if (asoc->active_key_id == key_id)
  780. return -EINVAL;
  781. sh_keys = &asoc->endpoint_shared_keys;
  782. } else {
  783. if (!ep->auth_enable)
  784. return -EACCES;
  785. if (ep->active_key_id == key_id)
  786. return -EINVAL;
  787. sh_keys = &ep->endpoint_shared_keys;
  788. }
  789. key_for_each(key, sh_keys) {
  790. if (key->key_id == key_id) {
  791. found = 1;
  792. break;
  793. }
  794. }
  795. if (!found)
  796. return -EINVAL;
  797. /* Delete the shared key */
  798. list_del_init(&key->key_list);
  799. sctp_auth_shkey_release(key);
  800. return 0;
  801. }
  802. int sctp_auth_deact_key_id(struct sctp_endpoint *ep,
  803. struct sctp_association *asoc, __u16 key_id)
  804. {
  805. struct sctp_shared_key *key;
  806. struct list_head *sh_keys;
  807. int found = 0;
  808. /* The key identifier MUST NOT be the current active key
  809. * The key identifier MUST correst to an existing key
  810. */
  811. if (asoc) {
  812. if (!asoc->peer.auth_capable)
  813. return -EACCES;
  814. if (asoc->active_key_id == key_id)
  815. return -EINVAL;
  816. sh_keys = &asoc->endpoint_shared_keys;
  817. } else {
  818. if (!ep->auth_enable)
  819. return -EACCES;
  820. if (ep->active_key_id == key_id)
  821. return -EINVAL;
  822. sh_keys = &ep->endpoint_shared_keys;
  823. }
  824. key_for_each(key, sh_keys) {
  825. if (key->key_id == key_id) {
  826. found = 1;
  827. break;
  828. }
  829. }
  830. if (!found)
  831. return -EINVAL;
  832. /* refcnt == 1 and !list_empty mean it's not being used anywhere
  833. * and deactivated will be set, so it's time to notify userland
  834. * that this shkey can be freed.
  835. */
  836. if (asoc && !list_empty(&key->key_list) &&
  837. refcount_read(&key->refcnt) == 1) {
  838. struct sctp_ulpevent *ev;
  839. ev = sctp_ulpevent_make_authkey(asoc, key->key_id,
  840. SCTP_AUTH_FREE_KEY, GFP_KERNEL);
  841. if (ev)
  842. asoc->stream.si->enqueue_event(&asoc->ulpq, ev);
  843. }
  844. key->deactivated = 1;
  845. return 0;
  846. }
  847. int sctp_auth_init(struct sctp_endpoint *ep, gfp_t gfp)
  848. {
  849. int err = -ENOMEM;
  850. /* Allocate space for HMACS and CHUNKS authentication
  851. * variables. There are arrays that we encode directly
  852. * into parameters to make the rest of the operations easier.
  853. */
  854. if (!ep->auth_hmacs_list) {
  855. struct sctp_hmac_algo_param *auth_hmacs;
  856. auth_hmacs = kzalloc(struct_size(auth_hmacs, hmac_ids,
  857. SCTP_AUTH_NUM_HMACS), gfp);
  858. if (!auth_hmacs)
  859. goto nomem;
  860. /* Initialize the HMACS parameter.
  861. * SCTP-AUTH: Section 3.3
  862. * Every endpoint supporting SCTP chunk authentication MUST
  863. * support the HMAC based on the SHA-1 algorithm.
  864. */
  865. auth_hmacs->param_hdr.type = SCTP_PARAM_HMAC_ALGO;
  866. auth_hmacs->param_hdr.length =
  867. htons(sizeof(struct sctp_paramhdr) + 2);
  868. auth_hmacs->hmac_ids[0] = htons(SCTP_AUTH_HMAC_ID_SHA1);
  869. ep->auth_hmacs_list = auth_hmacs;
  870. }
  871. if (!ep->auth_chunk_list) {
  872. struct sctp_chunks_param *auth_chunks;
  873. auth_chunks = kzalloc(sizeof(*auth_chunks) +
  874. SCTP_NUM_CHUNK_TYPES, gfp);
  875. if (!auth_chunks)
  876. goto nomem;
  877. /* Initialize the CHUNKS parameter */
  878. auth_chunks->param_hdr.type = SCTP_PARAM_CHUNKS;
  879. auth_chunks->param_hdr.length =
  880. htons(sizeof(struct sctp_paramhdr));
  881. ep->auth_chunk_list = auth_chunks;
  882. }
  883. /* Allocate and initialize transorms arrays for supported
  884. * HMACs.
  885. */
  886. err = sctp_auth_init_hmacs(ep, gfp);
  887. if (err)
  888. goto nomem;
  889. return 0;
  890. nomem:
  891. /* Free all allocations */
  892. kfree(ep->auth_hmacs_list);
  893. kfree(ep->auth_chunk_list);
  894. ep->auth_hmacs_list = NULL;
  895. ep->auth_chunk_list = NULL;
  896. return err;
  897. }
  898. void sctp_auth_free(struct sctp_endpoint *ep)
  899. {
  900. kfree(ep->auth_hmacs_list);
  901. kfree(ep->auth_chunk_list);
  902. ep->auth_hmacs_list = NULL;
  903. ep->auth_chunk_list = NULL;
  904. sctp_auth_destroy_hmacs(ep->auth_hmacs);
  905. ep->auth_hmacs = NULL;
  906. }