net/sctp/auth.c

0001 // SPDX-License-Identifier: GPL-2.0-or-later
0002 /* SCTP kernel implementation
0003  * (C) Copyright 2007 Hewlett-Packard Development Company, L.P.
0004  *
0005  * This file is part of the SCTP kernel implementation
0006  *
0007  * Please send any bug reports or fixes you make to the
0008  * email address(es):
0009  *    lksctp developers <linux-sctp@vger.kernel.org>
0010  *
0011  * Written or modified by:
0012  *   Vlad Yasevich     <vladislav.yasevich@hp.com>
0013  */
0014
0015 #include <crypto/hash.h>
0016 #include <linux/slab.h>
0017 #include <linux/types.h>
0018 #include <linux/scatterlist.h>
0019 #include <net/sctp/sctp.h>
0020 #include <net/sctp/auth.h>
0021
0022 static struct sctp_hmac sctp_hmac_list[SCTP_AUTH_NUM_HMACS] = {
0023     {
0024         /* id 0 is reserved.  as all 0 */
0025         .hmac_id = SCTP_AUTH_HMAC_ID_RESERVED_0,
0026     },
0027     {
0028         .hmac_id = SCTP_AUTH_HMAC_ID_SHA1,
0029         .hmac_name = "hmac(sha1)",
0030         .hmac_len = SCTP_SHA1_SIG_SIZE,
0031     },
0032     {
0033         /* id 2 is reserved as well */
0034         .hmac_id = SCTP_AUTH_HMAC_ID_RESERVED_2,
0035     },
0036 #if IS_ENABLED(CONFIG_CRYPTO_SHA256)
0037     {
0038         .hmac_id = SCTP_AUTH_HMAC_ID_SHA256,
0039         .hmac_name = "hmac(sha256)",
0040         .hmac_len = SCTP_SHA256_SIG_SIZE,
0041     }
0042 #endif
0043 };
0044
0045
0046 void sctp_auth_key_put(struct sctp_auth_bytes *key)
0047 {
0048     if (!key)
0049         return;
0050
0051     if (refcount_dec_and_test(&key->refcnt)) {
0052         kfree_sensitive(key);
0053         SCTP_DBG_OBJCNT_DEC(keys);
0054     }
0055 }
0056
0057 /* Create a new key structure of a given length */
0058 static struct sctp_auth_bytes *sctp_auth_create_key(__u32 key_len, gfp_t gfp)
0059 {
0060     struct sctp_auth_bytes *key;
0061
0062     /* Verify that we are not going to overflow INT_MAX */
0063     if (key_len > (INT_MAX - sizeof(struct sctp_auth_bytes)))
0064         return NULL;
0065
0066     /* Allocate the shared key */
0067     key = kmalloc(sizeof(struct sctp_auth_bytes) + key_len, gfp);
0068     if (!key)
0069         return NULL;
0070
0071     key->len = key_len;
0072     refcount_set(&key->refcnt, 1);
0073     SCTP_DBG_OBJCNT_INC(keys);
0074
0075     return key;
0076 }
0077
0078 /* Create a new shared key container with a give key id */
0079 struct sctp_shared_key *sctp_auth_shkey_create(__u16 key_id, gfp_t gfp)
0080 {
0081     struct sctp_shared_key *new;
0082
0083     /* Allocate the shared key container */
0084     new = kzalloc(sizeof(struct sctp_shared_key), gfp);
0085     if (!new)
0086         return NULL;
0087
0088     INIT_LIST_HEAD(&new->key_list);
0089     refcount_set(&new->refcnt, 1);
0090     new->key_id = key_id;
0091
0092     return new;
0093 }
0094
0095 /* Free the shared key structure */
0096 static void sctp_auth_shkey_destroy(struct sctp_shared_key *sh_key)
0097 {
0098     BUG_ON(!list_empty(&sh_key->key_list));
0099     sctp_auth_key_put(sh_key->key);
0100     sh_key->key = NULL;
0101     kfree(sh_key);
0102 }
0103
0104 void sctp_auth_shkey_release(struct sctp_shared_key *sh_key)
0105 {
0106     if (refcount_dec_and_test(&sh_key->refcnt))
0107         sctp_auth_shkey_destroy(sh_key);
0108 }
0109
0110 void sctp_auth_shkey_hold(struct sctp_shared_key *sh_key)
0111 {
0112     refcount_inc(&sh_key->refcnt);
0113 }
0114
0115 /* Destroy the entire key list.  This is done during the
0116  * associon and endpoint free process.
0117  */
0118 void sctp_auth_destroy_keys(struct list_head *keys)
0119 {
0120     struct sctp_shared_key *ep_key;
0121     struct sctp_shared_key *tmp;
0122
0123     if (list_empty(keys))
0124         return;
0125
0126     key_for_each_safe(ep_key, tmp, keys) {
0127         list_del_init(&ep_key->key_list);
0128         sctp_auth_shkey_release(ep_key);
0129     }
0130 }
0131
0132 /* Compare two byte vectors as numbers.  Return values
0133  * are:
0134  *    0 - vectors are equal
0135  *  < 0 - vector 1 is smaller than vector2
0136  *  > 0 - vector 1 is greater than vector2
0137  *
0138  * Algorithm is:
0139  *  This is performed by selecting the numerically smaller key vector...
0140  *  If the key vectors are equal as numbers but differ in length ...
0141  *  the shorter vector is considered smaller
0142  *
0143  * Examples (with small values):
0144  *  000123456789 > 123456789 (first number is longer)
0145  *  000123456789 < 234567891 (second number is larger numerically)
0146  *  123456789 > 2345678      (first number is both larger & longer)
0147  */
0148 static int sctp_auth_compare_vectors(struct sctp_auth_bytes *vector1,
0149                   struct sctp_auth_bytes *vector2)
0150 {
0151     int diff;
0152     int i;
0153     const __u8 *longer;
0154
0155     diff = vector1->len - vector2->len;
0156     if (diff) {
0157         longer = (diff > 0) ? vector1->data : vector2->data;
0158
0159         /* Check to see if the longer number is
0160          * lead-zero padded.  If it is not, it
0161          * is automatically larger numerically.
0162          */
0163         for (i = 0; i < abs(diff); i++) {
0164             if (longer[i] != 0)
0165                 return diff;
0166         }
0167     }
0168
0169     /* lengths are the same, compare numbers */
0170     return memcmp(vector1->data, vector2->data, vector1->len);
0171 }
0172
0173 /*
0174  * Create a key vector as described in SCTP-AUTH, Section 6.1
0175  *    The RANDOM parameter, the CHUNKS parameter and the HMAC-ALGO
0176  *    parameter sent by each endpoint are concatenated as byte vectors.
0177  *    These parameters include the parameter type, parameter length, and
0178  *    the parameter value, but padding is omitted; all padding MUST be
0179  *    removed from this concatenation before proceeding with further
0180  *    computation of keys.  Parameters which were not sent are simply
0181  *    omitted from the concatenation process.  The resulting two vectors
0182  *    are called the two key vectors.
0183  */
0184 static struct sctp_auth_bytes *sctp_auth_make_key_vector(
0185             struct sctp_random_param *random,
0186             struct sctp_chunks_param *chunks,
0187             struct sctp_hmac_algo_param *hmacs,
0188             gfp_t gfp)
0189 {
0190     struct sctp_auth_bytes *new;
0191     __u32   len;
0192     __u32   offset = 0;
0193     __u16   random_len, hmacs_len, chunks_len = 0;
0194
0195     random_len = ntohs(random->param_hdr.length);
0196     hmacs_len = ntohs(hmacs->param_hdr.length);
0197     if (chunks)
0198         chunks_len = ntohs(chunks->param_hdr.length);
0199
0200     len = random_len + hmacs_len + chunks_len;
0201
0202     new = sctp_auth_create_key(len, gfp);
0203     if (!new)
0204         return NULL;
0205
0206     memcpy(new->data, random, random_len);
0207     offset += random_len;
0208
0209     if (chunks) {
0210         memcpy(new->data + offset, chunks, chunks_len);
0211         offset += chunks_len;
0212     }
0213
0214     memcpy(new->data + offset, hmacs, hmacs_len);
0215
0216     return new;
0217 }
0218
0219
0220 /* Make a key vector based on our local parameters */
0221 static struct sctp_auth_bytes *sctp_auth_make_local_vector(
0222                     const struct sctp_association *asoc,
0223                     gfp_t gfp)
0224 {
0225     return sctp_auth_make_key_vector(
0226             (struct sctp_random_param *)asoc->c.auth_random,
0227             (struct sctp_chunks_param *)asoc->c.auth_chunks,
0228             (struct sctp_hmac_algo_param *)asoc->c.auth_hmacs, gfp);
0229 }
0230
0231 /* Make a key vector based on peer's parameters */
0232 static struct sctp_auth_bytes *sctp_auth_make_peer_vector(
0233                     const struct sctp_association *asoc,
0234                     gfp_t gfp)
0235 {
0236     return sctp_auth_make_key_vector(asoc->peer.peer_random,
0237                      asoc->peer.peer_chunks,
0238                      asoc->peer.peer_hmacs,
0239                      gfp);
0240 }
0241
0242
0243 /* Set the value of the association shared key base on the parameters
0244  * given.  The algorithm is:
0245  *    From the endpoint pair shared keys and the key vectors the
0246  *    association shared keys are computed.  This is performed by selecting
0247  *    the numerically smaller key vector and concatenating it to the
0248  *    endpoint pair shared key, and then concatenating the numerically
0249  *    larger key vector to that.  The result of the concatenation is the
0250  *    association shared key.
0251  */
0252 static struct sctp_auth_bytes *sctp_auth_asoc_set_secret(
0253             struct sctp_shared_key *ep_key,
0254             struct sctp_auth_bytes *first_vector,
0255             struct sctp_auth_bytes *last_vector,
0256             gfp_t gfp)
0257 {
0258     struct sctp_auth_bytes *secret;
0259     __u32 offset = 0;
0260     __u32 auth_len;
0261
0262     auth_len = first_vector->len + last_vector->len;
0263     if (ep_key->key)
0264         auth_len += ep_key->key->len;
0265
0266     secret = sctp_auth_create_key(auth_len, gfp);
0267     if (!secret)
0268         return NULL;
0269
0270     if (ep_key->key) {
0271         memcpy(secret->data, ep_key->key->data, ep_key->key->len);
0272         offset += ep_key->key->len;
0273     }
0274
0275     memcpy(secret->data + offset, first_vector->data, first_vector->len);
0276     offset += first_vector->len;
0277
0278     memcpy(secret->data + offset, last_vector->data, last_vector->len);
0279
0280     return secret;
0281 }
0282
0283 /* Create an association shared key.  Follow the algorithm
0284  * described in SCTP-AUTH, Section 6.1
0285  */
0286 static struct sctp_auth_bytes *sctp_auth_asoc_create_secret(
0287                  const struct sctp_association *asoc,
0288                  struct sctp_shared_key *ep_key,
0289                  gfp_t gfp)
0290 {
0291     struct sctp_auth_bytes *local_key_vector;
0292     struct sctp_auth_bytes *peer_key_vector;
0293     struct sctp_auth_bytes  *first_vector,
0294                 *last_vector;
0295     struct sctp_auth_bytes  *secret = NULL;
0296     int cmp;
0297
0298
0299     /* Now we need to build the key vectors
0300      * SCTP-AUTH , Section 6.1
0301      *    The RANDOM parameter, the CHUNKS parameter and the HMAC-ALGO
0302      *    parameter sent by each endpoint are concatenated as byte vectors.
0303      *    These parameters include the parameter type, parameter length, and
0304      *    the parameter value, but padding is omitted; all padding MUST be
0305      *    removed from this concatenation before proceeding with further
0306      *    computation of keys.  Parameters which were not sent are simply
0307      *    omitted from the concatenation process.  The resulting two vectors
0308      *    are called the two key vectors.
0309      */
0310
0311     local_key_vector = sctp_auth_make_local_vector(asoc, gfp);
0312     peer_key_vector = sctp_auth_make_peer_vector(asoc, gfp);
0313
0314     if (!peer_key_vector || !local_key_vector)
0315         goto out;
0316
0317     /* Figure out the order in which the key_vectors will be
0318      * added to the endpoint shared key.
0319      * SCTP-AUTH, Section 6.1:
0320      *   This is performed by selecting the numerically smaller key
0321      *   vector and concatenating it to the endpoint pair shared
0322      *   key, and then concatenating the numerically larger key
0323      *   vector to that.  If the key vectors are equal as numbers
0324      *   but differ in length, then the concatenation order is the
0325      *   endpoint shared key, followed by the shorter key vector,
0326      *   followed by the longer key vector.  Otherwise, the key
0327      *   vectors are identical, and may be concatenated to the
0328      *   endpoint pair key in any order.
0329      */
0330     cmp = sctp_auth_compare_vectors(local_key_vector,
0331                     peer_key_vector);
0332     if (cmp < 0) {
0333         first_vector = local_key_vector;
0334         last_vector = peer_key_vector;
0335     } else {
0336         first_vector = peer_key_vector;
0337         last_vector = local_key_vector;
0338     }
0339
0340     secret = sctp_auth_asoc_set_secret(ep_key, first_vector, last_vector,
0341                         gfp);
0342 out:
0343     sctp_auth_key_put(local_key_vector);
0344     sctp_auth_key_put(peer_key_vector);
0345
0346     return secret;
0347 }
0348
0349 /*
0350  * Populate the association overlay list with the list
0351  * from the endpoint.
0352  */
0353 int sctp_auth_asoc_copy_shkeys(const struct sctp_endpoint *ep,
0354                 struct sctp_association *asoc,
0355                 gfp_t gfp)
0356 {
0357     struct sctp_shared_key *sh_key;
0358     struct sctp_shared_key *new;
0359
0360     BUG_ON(!list_empty(&asoc->endpoint_shared_keys));
0361
0362     key_for_each(sh_key, &ep->endpoint_shared_keys) {
0363         new = sctp_auth_shkey_create(sh_key->key_id, gfp);
0364         if (!new)
0365             goto nomem;
0366
0367         new->key = sh_key->key;
0368         sctp_auth_key_hold(new->key);
0369         list_add(&new->key_list, &asoc->endpoint_shared_keys);
0370     }
0371
0372     return 0;
0373
0374 nomem:
0375     sctp_auth_destroy_keys(&asoc->endpoint_shared_keys);
0376     return -ENOMEM;
0377 }
0378
0379
0380 /* Public interface to create the association shared key.
0381  * See code above for the algorithm.
0382  */
0383 int sctp_auth_asoc_init_active_key(struct sctp_association *asoc, gfp_t gfp)
0384 {
0385     struct sctp_auth_bytes  *secret;
0386     struct sctp_shared_key *ep_key;
0387     struct sctp_chunk *chunk;
0388
0389     /* If we don't support AUTH, or peer is not capable
0390      * we don't need to do anything.
0391      */
0392     if (!asoc->peer.auth_capable)
0393         return 0;
0394
0395     /* If the key_id is non-zero and we couldn't find an
0396      * endpoint pair shared key, we can't compute the
0397      * secret.
0398      * For key_id 0, endpoint pair shared key is a NULL key.
0399      */
0400     ep_key = sctp_auth_get_shkey(asoc, asoc->active_key_id);
0401     BUG_ON(!ep_key);
0402
0403     secret = sctp_auth_asoc_create_secret(asoc, ep_key, gfp);
0404     if (!secret)
0405         return -ENOMEM;
0406
0407     sctp_auth_key_put(asoc->asoc_shared_key);
0408     asoc->asoc_shared_key = secret;
0409     asoc->shkey = ep_key;
0410
0411     /* Update send queue in case any chunk already in there now
0412      * needs authenticating
0413      */
0414     list_for_each_entry(chunk, &asoc->outqueue.out_chunk_list, list) {
0415         if (sctp_auth_send_cid(chunk->chunk_hdr->type, asoc)) {
0416             chunk->auth = 1;
0417             if (!chunk->shkey) {
0418                 chunk->shkey = asoc->shkey;
0419                 sctp_auth_shkey_hold(chunk->shkey);
0420             }
0421         }
0422     }
0423
0424     return 0;
0425 }
0426
0427
0428 /* Find the endpoint pair shared key based on the key_id */
0429 struct sctp_shared_key *sctp_auth_get_shkey(
0430                 const struct sctp_association *asoc,
0431                 __u16 key_id)
0432 {
0433     struct sctp_shared_key *key;
0434
0435     /* First search associations set of endpoint pair shared keys */
0436     key_for_each(key, &asoc->endpoint_shared_keys) {
0437         if (key->key_id == key_id) {
0438             if (!key->deactivated)
0439                 return key;
0440             break;
0441         }
0442     }
0443
0444     return NULL;
0445 }
0446
0447 /*
0448  * Initialize all the possible digest transforms that we can use.  Right
0449  * now, the supported digests are SHA1 and SHA256.  We do this here once
0450  * because of the restrictiong that transforms may only be allocated in
0451  * user context.  This forces us to pre-allocated all possible transforms
0452  * at the endpoint init time.
0453  */
0454 int sctp_auth_init_hmacs(struct sctp_endpoint *ep, gfp_t gfp)
0455 {
0456     struct crypto_shash *tfm = NULL;
0457     __u16   id;
0458
0459     /* If the transforms are already allocated, we are done */
0460     if (ep->auth_hmacs)
0461         return 0;
0462
0463     /* Allocated the array of pointers to transorms */
0464     ep->auth_hmacs = kcalloc(SCTP_AUTH_NUM_HMACS,
0465                  sizeof(struct crypto_shash *),
0466                  gfp);
0467     if (!ep->auth_hmacs)
0468         return -ENOMEM;
0469
0470     for (id = 0; id < SCTP_AUTH_NUM_HMACS; id++) {
0471
0472         /* See is we support the id.  Supported IDs have name and
0473          * length fields set, so that we can allocated and use
0474          * them.  We can safely just check for name, for without the
0475          * name, we can't allocate the TFM.
0476          */
0477         if (!sctp_hmac_list[id].hmac_name)
0478             continue;
0479
0480         /* If this TFM has been allocated, we are all set */
0481         if (ep->auth_hmacs[id])
0482             continue;
0483
0484         /* Allocate the ID */
0485         tfm = crypto_alloc_shash(sctp_hmac_list[id].hmac_name, 0, 0);
0486         if (IS_ERR(tfm))
0487             goto out_err;
0488
0489         ep->auth_hmacs[id] = tfm;
0490     }
0491
0492     return 0;
0493
0494 out_err:
0495     /* Clean up any successful allocations */
0496     sctp_auth_destroy_hmacs(ep->auth_hmacs);
0497     ep->auth_hmacs = NULL;
0498     return -ENOMEM;
0499 }
0500
0501 /* Destroy the hmac tfm array */
0502 void sctp_auth_destroy_hmacs(struct crypto_shash *auth_hmacs[])
0503 {
0504     int i;
0505
0506     if (!auth_hmacs)
0507         return;
0508
0509     for (i = 0; i < SCTP_AUTH_NUM_HMACS; i++) {
0510         crypto_free_shash(auth_hmacs[i]);
0511     }
0512     kfree(auth_hmacs);
0513 }
0514
0515
0516 struct sctp_hmac *sctp_auth_get_hmac(__u16 hmac_id)
0517 {
0518     return &sctp_hmac_list[hmac_id];
0519 }
0520
0521 /* Get an hmac description information that we can use to build
0522  * the AUTH chunk
0523  */
0524 struct sctp_hmac *sctp_auth_asoc_get_hmac(const struct sctp_association *asoc)
0525 {
0526     struct sctp_hmac_algo_param *hmacs;
0527     __u16 n_elt;
0528     __u16 id = 0;
0529     int i;
0530
0531     /* If we have a default entry, use it */
0532     if (asoc->default_hmac_id)
0533         return &sctp_hmac_list[asoc->default_hmac_id];
0534
0535     /* Since we do not have a default entry, find the first entry
0536      * we support and return that.  Do not cache that id.
0537      */
0538     hmacs = asoc->peer.peer_hmacs;
0539     if (!hmacs)
0540         return NULL;
0541
0542     n_elt = (ntohs(hmacs->param_hdr.length) -
0543          sizeof(struct sctp_paramhdr)) >> 1;
0544     for (i = 0; i < n_elt; i++) {
0545         id = ntohs(hmacs->hmac_ids[i]);
0546
0547         /* Check the id is in the supported range. And
0548          * see if we support the id.  Supported IDs have name and
0549          * length fields set, so that we can allocate and use
0550          * them.  We can safely just check for name, for without the
0551          * name, we can't allocate the TFM.
0552          */
0553         if (id > SCTP_AUTH_HMAC_ID_MAX ||
0554             !sctp_hmac_list[id].hmac_name) {
0555             id = 0;
0556             continue;
0557         }
0558
0559         break;
0560     }
0561
0562     if (id == 0)
0563         return NULL;
0564
0565     return &sctp_hmac_list[id];
0566 }
0567
0568 static int __sctp_auth_find_hmacid(__be16 *hmacs, int n_elts, __be16 hmac_id)
0569 {
0570     int  found = 0;
0571     int  i;
0572
0573     for (i = 0; i < n_elts; i++) {
0574         if (hmac_id == hmacs[i]) {
0575             found = 1;
0576             break;
0577         }
0578     }
0579
0580     return found;
0581 }
0582
0583 /* See if the HMAC_ID is one that we claim as supported */
0584 int sctp_auth_asoc_verify_hmac_id(const struct sctp_association *asoc,
0585                     __be16 hmac_id)
0586 {
0587     struct sctp_hmac_algo_param *hmacs;
0588     __u16 n_elt;
0589
0590     if (!asoc)
0591         return 0;
0592
0593     hmacs = (struct sctp_hmac_algo_param *)asoc->c.auth_hmacs;
0594     n_elt = (ntohs(hmacs->param_hdr.length) -
0595          sizeof(struct sctp_paramhdr)) >> 1;
0596
0597     return __sctp_auth_find_hmacid(hmacs->hmac_ids, n_elt, hmac_id);
0598 }
0599
0600
0601 /* Cache the default HMAC id.  This to follow this text from SCTP-AUTH:
0602  * Section 6.1:
0603  *   The receiver of a HMAC-ALGO parameter SHOULD use the first listed
0604  *   algorithm it supports.
0605  */
0606 void sctp_auth_asoc_set_default_hmac(struct sctp_association *asoc,
0607                      struct sctp_hmac_algo_param *hmacs)
0608 {
0609     struct sctp_endpoint *ep;
0610     __u16   id;
0611     int i;
0612     int n_params;
0613
0614     /* if the default id is already set, use it */
0615     if (asoc->default_hmac_id)
0616         return;
0617
0618     n_params = (ntohs(hmacs->param_hdr.length) -
0619             sizeof(struct sctp_paramhdr)) >> 1;
0620     ep = asoc->ep;
0621     for (i = 0; i < n_params; i++) {
0622         id = ntohs(hmacs->hmac_ids[i]);
0623
0624         /* Check the id is in the supported range */
0625         if (id > SCTP_AUTH_HMAC_ID_MAX)
0626             continue;
0627
0628         /* If this TFM has been allocated, use this id */
0629         if (ep->auth_hmacs[id]) {
0630             asoc->default_hmac_id = id;
0631             break;
0632         }
0633     }
0634 }
0635
0636
0637 /* Check to see if the given chunk is supposed to be authenticated */
0638 static int __sctp_auth_cid(enum sctp_cid chunk, struct sctp_chunks_param *param)
0639 {
0640     unsigned short len;
0641     int found = 0;
0642     int i;
0643
0644     if (!param || param->param_hdr.length == 0)
0645         return 0;
0646
0647     len = ntohs(param->param_hdr.length) - sizeof(struct sctp_paramhdr);
0648
0649     /* SCTP-AUTH, Section 3.2
0650      *    The chunk types for INIT, INIT-ACK, SHUTDOWN-COMPLETE and AUTH
0651      *    chunks MUST NOT be listed in the CHUNKS parameter.  However, if
0652      *    a CHUNKS parameter is received then the types for INIT, INIT-ACK,
0653      *    SHUTDOWN-COMPLETE and AUTH chunks MUST be ignored.
0654      */
0655     for (i = 0; !found && i < len; i++) {
0656         switch (param->chunks[i]) {
0657         case SCTP_CID_INIT:
0658         case SCTP_CID_INIT_ACK:
0659         case SCTP_CID_SHUTDOWN_COMPLETE:
0660         case SCTP_CID_AUTH:
0661             break;
0662
0663         default:
0664             if (param->chunks[i] == chunk)
0665                 found = 1;
0666             break;
0667         }
0668     }
0669
0670     return found;
0671 }
0672
0673 /* Check if peer requested that this chunk is authenticated */
0674 int sctp_auth_send_cid(enum sctp_cid chunk, const struct sctp_association *asoc)
0675 {
0676     if (!asoc)
0677         return 0;
0678
0679     if (!asoc->peer.auth_capable)
0680         return 0;
0681
0682     return __sctp_auth_cid(chunk, asoc->peer.peer_chunks);
0683 }
0684
0685 /* Check if we requested that peer authenticate this chunk. */
0686 int sctp_auth_recv_cid(enum sctp_cid chunk, const struct sctp_association *asoc)
0687 {
0688     if (!asoc)
0689         return 0;
0690
0691     if (!asoc->peer.auth_capable)
0692         return 0;
0693
0694     return __sctp_auth_cid(chunk,
0695                   (struct sctp_chunks_param *)asoc->c.auth_chunks);
0696 }
0697
0698 /* SCTP-AUTH: Section 6.2:
0699  *    The sender MUST calculate the MAC as described in RFC2104 [2] using
0700  *    the hash function H as described by the MAC Identifier and the shared
0701  *    association key K based on the endpoint pair shared key described by
0702  *    the shared key identifier.  The 'data' used for the computation of
0703  *    the AUTH-chunk is given by the AUTH chunk with its HMAC field set to
0704  *    zero (as shown in Figure 6) followed by all chunks that are placed
0705  *    after the AUTH chunk in the SCTP packet.
0706  */
0707 void sctp_auth_calculate_hmac(const struct sctp_association *asoc,
0708                   struct sk_buff *skb, struct sctp_auth_chunk *auth,
0709                   struct sctp_shared_key *ep_key, gfp_t gfp)
0710 {
0711     struct sctp_auth_bytes *asoc_key;
0712     struct crypto_shash *tfm;
0713     __u16 key_id, hmac_id;
0714     unsigned char *end;
0715     int free_key = 0;
0716     __u8 *digest;
0717
0718     /* Extract the info we need:
0719      * - hmac id
0720      * - key id
0721      */
0722     key_id = ntohs(auth->auth_hdr.shkey_id);
0723     hmac_id = ntohs(auth->auth_hdr.hmac_id);
0724
0725     if (key_id == asoc->active_key_id)
0726         asoc_key = asoc->asoc_shared_key;
0727     else {
0728         /* ep_key can't be NULL here */
0729         asoc_key = sctp_auth_asoc_create_secret(asoc, ep_key, gfp);
0730         if (!asoc_key)
0731             return;
0732
0733         free_key = 1;
0734     }
0735
0736     /* set up scatter list */
0737     end = skb_tail_pointer(skb);
0738
0739     tfm = asoc->ep->auth_hmacs[hmac_id];
0740
0741     digest = auth->auth_hdr.hmac;
0742     if (crypto_shash_setkey(tfm, &asoc_key->data[0], asoc_key->len))
0743         goto free;
0744
0745     crypto_shash_tfm_digest(tfm, (u8 *)auth, end - (unsigned char *)auth,
0746                 digest);
0747
0748 free:
0749     if (free_key)
0750         sctp_auth_key_put(asoc_key);
0751 }
0752
0753 /* API Helpers */
0754
0755 /* Add a chunk to the endpoint authenticated chunk list */
0756 int sctp_auth_ep_add_chunkid(struct sctp_endpoint *ep, __u8 chunk_id)
0757 {
0758     struct sctp_chunks_param *p = ep->auth_chunk_list;
0759     __u16 nchunks;
0760     __u16 param_len;
0761
0762     /* If this chunk is already specified, we are done */
0763     if (__sctp_auth_cid(chunk_id, p))
0764         return 0;
0765
0766     /* Check if we can add this chunk to the array */
0767     param_len = ntohs(p->param_hdr.length);
0768     nchunks = param_len - sizeof(struct sctp_paramhdr);
0769     if (nchunks == SCTP_NUM_CHUNK_TYPES)
0770         return -EINVAL;
0771
0772     p->chunks[nchunks] = chunk_id;
0773     p->param_hdr.length = htons(param_len + 1);
0774     return 0;
0775 }
0776
0777 /* Add hmac identifires to the endpoint list of supported hmac ids */
0778 int sctp_auth_ep_set_hmacs(struct sctp_endpoint *ep,
0779                struct sctp_hmacalgo *hmacs)
0780 {
0781     int has_sha1 = 0;
0782     __u16 id;
0783     int i;
0784
0785     /* Scan the list looking for unsupported id.  Also make sure that
0786      * SHA1 is specified.
0787      */
0788     for (i = 0; i < hmacs->shmac_num_idents; i++) {
0789         id = hmacs->shmac_idents[i];
0790
0791         if (id > SCTP_AUTH_HMAC_ID_MAX)
0792             return -EOPNOTSUPP;
0793
0794         if (SCTP_AUTH_HMAC_ID_SHA1 == id)
0795             has_sha1 = 1;
0796
0797         if (!sctp_hmac_list[id].hmac_name)
0798             return -EOPNOTSUPP;
0799     }
0800
0801     if (!has_sha1)
0802         return -EINVAL;
0803
0804     for (i = 0; i < hmacs->shmac_num_idents; i++)
0805         ep->auth_hmacs_list->hmac_ids[i] =
0806                 htons(hmacs->shmac_idents[i]);
0807     ep->auth_hmacs_list->param_hdr.length =
0808             htons(sizeof(struct sctp_paramhdr) +
0809             hmacs->shmac_num_idents * sizeof(__u16));
0810     return 0;
0811 }
0812
0813 /* Set a new shared key on either endpoint or association.  If the
0814  * key with a same ID already exists, replace the key (remove the
0815  * old key and add a new one).
0816  */
0817 int sctp_auth_set_key(struct sctp_endpoint *ep,
0818               struct sctp_association *asoc,
0819               struct sctp_authkey *auth_key)
0820 {
0821     struct sctp_shared_key *cur_key, *shkey;
0822     struct sctp_auth_bytes *key;
0823     struct list_head *sh_keys;
0824     int replace = 0;
0825
0826     /* Try to find the given key id to see if
0827      * we are doing a replace, or adding a new key
0828      */
0829     if (asoc) {
0830         if (!asoc->peer.auth_capable)
0831             return -EACCES;
0832         sh_keys = &asoc->endpoint_shared_keys;
0833     } else {
0834         if (!ep->auth_enable)
0835             return -EACCES;
0836         sh_keys = &ep->endpoint_shared_keys;
0837     }
0838
0839     key_for_each(shkey, sh_keys) {
0840         if (shkey->key_id == auth_key->sca_keynumber) {
0841             replace = 1;
0842             break;
0843         }
0844     }
0845
0846     cur_key = sctp_auth_shkey_create(auth_key->sca_keynumber, GFP_KERNEL);
0847     if (!cur_key)
0848         return -ENOMEM;
0849
0850     /* Create a new key data based on the info passed in */
0851     key = sctp_auth_create_key(auth_key->sca_keylength, GFP_KERNEL);
0852     if (!key) {
0853         kfree(cur_key);
0854         return -ENOMEM;
0855     }
0856
0857     memcpy(key->data, &auth_key->sca_key[0], auth_key->sca_keylength);
0858     cur_key->key = key;
0859
0860     if (!replace) {
0861         list_add(&cur_key->key_list, sh_keys);
0862         return 0;
0863     }
0864
0865     list_del_init(&shkey->key_list);
0866     sctp_auth_shkey_release(shkey);
0867     list_add(&cur_key->key_list, sh_keys);
0868
0869     if (asoc && asoc->active_key_id == auth_key->sca_keynumber)
0870         sctp_auth_asoc_init_active_key(asoc, GFP_KERNEL);
0871
0872     return 0;
0873 }
0874
0875 int sctp_auth_set_active_key(struct sctp_endpoint *ep,
0876                  struct sctp_association *asoc,
0877                  __u16  key_id)
0878 {
0879     struct sctp_shared_key *key;
0880     struct list_head *sh_keys;
0881     int found = 0;
0882
0883     /* The key identifier MUST correst to an existing key */
0884     if (asoc) {
0885         if (!asoc->peer.auth_capable)
0886             return -EACCES;
0887         sh_keys = &asoc->endpoint_shared_keys;
0888     } else {
0889         if (!ep->auth_enable)
0890             return -EACCES;
0891         sh_keys = &ep->endpoint_shared_keys;
0892     }
0893
0894     key_for_each(key, sh_keys) {
0895         if (key->key_id == key_id) {
0896             found = 1;
0897             break;
0898         }
0899     }
0900
0901     if (!found || key->deactivated)
0902         return -EINVAL;
0903
0904     if (asoc) {
0905         asoc->active_key_id = key_id;
0906         sctp_auth_asoc_init_active_key(asoc, GFP_KERNEL);
0907     } else
0908         ep->active_key_id = key_id;
0909
0910     return 0;
0911 }
0912
0913 int sctp_auth_del_key_id(struct sctp_endpoint *ep,
0914              struct sctp_association *asoc,
0915              __u16  key_id)
0916 {
0917     struct sctp_shared_key *key;
0918     struct list_head *sh_keys;
0919     int found = 0;
0920
0921     /* The key identifier MUST NOT be the current active key
0922      * The key identifier MUST correst to an existing key
0923      */
0924     if (asoc) {
0925         if (!asoc->peer.auth_capable)
0926             return -EACCES;
0927         if (asoc->active_key_id == key_id)
0928             return -EINVAL;
0929
0930         sh_keys = &asoc->endpoint_shared_keys;
0931     } else {
0932         if (!ep->auth_enable)
0933             return -EACCES;
0934         if (ep->active_key_id == key_id)
0935             return -EINVAL;
0936
0937         sh_keys = &ep->endpoint_shared_keys;
0938     }
0939
0940     key_for_each(key, sh_keys) {
0941         if (key->key_id == key_id) {
0942             found = 1;
0943             break;
0944         }
0945     }
0946
0947     if (!found)
0948         return -EINVAL;
0949
0950     /* Delete the shared key */
0951     list_del_init(&key->key_list);
0952     sctp_auth_shkey_release(key);
0953
0954     return 0;
0955 }
0956
0957 int sctp_auth_deact_key_id(struct sctp_endpoint *ep,
0958                struct sctp_association *asoc, __u16  key_id)
0959 {
0960     struct sctp_shared_key *key;
0961     struct list_head *sh_keys;
0962     int found = 0;
0963
0964     /* The key identifier MUST NOT be the current active key
0965      * The key identifier MUST correst to an existing key
0966      */
0967     if (asoc) {
0968         if (!asoc->peer.auth_capable)
0969             return -EACCES;
0970         if (asoc->active_key_id == key_id)
0971             return -EINVAL;
0972
0973         sh_keys = &asoc->endpoint_shared_keys;
0974     } else {
0975         if (!ep->auth_enable)
0976             return -EACCES;
0977         if (ep->active_key_id == key_id)
0978             return -EINVAL;
0979
0980         sh_keys = &ep->endpoint_shared_keys;
0981     }
0982
0983     key_for_each(key, sh_keys) {
0984         if (key->key_id == key_id) {
0985             found = 1;
0986             break;
0987         }
0988     }
0989
0990     if (!found)
0991         return -EINVAL;
0992
0993     /* refcnt == 1 and !list_empty mean it's not being used anywhere
0994      * and deactivated will be set, so it's time to notify userland
0995      * that this shkey can be freed.
0996      */
0997     if (asoc && !list_empty(&key->key_list) &&
0998         refcount_read(&key->refcnt) == 1) {
0999         struct sctp_ulpevent *ev;
1000
1001         ev = sctp_ulpevent_make_authkey(asoc, key->key_id,
1002                         SCTP_AUTH_FREE_KEY, GFP_KERNEL);
1003         if (ev)
1004             asoc->stream.si->enqueue_event(&asoc->ulpq, ev);
1005     }
1006
1007     key->deactivated = 1;
1008
1009     return 0;
1010 }
1011
1012 int sctp_auth_init(struct sctp_endpoint *ep, gfp_t gfp)
1013 {
1014     int err = -ENOMEM;
1015
1016     /* Allocate space for HMACS and CHUNKS authentication
1017      * variables.  There are arrays that we encode directly
1018      * into parameters to make the rest of the operations easier.
1019      */
1020     if (!ep->auth_hmacs_list) {
1021         struct sctp_hmac_algo_param *auth_hmacs;
1022
1023         auth_hmacs = kzalloc(struct_size(auth_hmacs, hmac_ids,
1024                          SCTP_AUTH_NUM_HMACS), gfp);
1025         if (!auth_hmacs)
1026             goto nomem;
1027         /* Initialize the HMACS parameter.
1028          * SCTP-AUTH: Section 3.3
1029          *    Every endpoint supporting SCTP chunk authentication MUST
1030          *    support the HMAC based on the SHA-1 algorithm.
1031          */
1032         auth_hmacs->param_hdr.type = SCTP_PARAM_HMAC_ALGO;
1033         auth_hmacs->param_hdr.length =
1034                 htons(sizeof(struct sctp_paramhdr) + 2);
1035         auth_hmacs->hmac_ids[0] = htons(SCTP_AUTH_HMAC_ID_SHA1);
1036         ep->auth_hmacs_list = auth_hmacs;
1037     }
1038
1039     if (!ep->auth_chunk_list) {
1040         struct sctp_chunks_param *auth_chunks;
1041
1042         auth_chunks = kzalloc(sizeof(*auth_chunks) +
1043                       SCTP_NUM_CHUNK_TYPES, gfp);
1044         if (!auth_chunks)
1045             goto nomem;
1046         /* Initialize the CHUNKS parameter */
1047         auth_chunks->param_hdr.type = SCTP_PARAM_CHUNKS;
1048         auth_chunks->param_hdr.length =
1049                 htons(sizeof(struct sctp_paramhdr));
1050         ep->auth_chunk_list = auth_chunks;
1051     }
1052
1053     /* Allocate and initialize transorms arrays for supported
1054      * HMACs.
1055      */
1056     err = sctp_auth_init_hmacs(ep, gfp);
1057     if (err)
1058         goto nomem;
1059
1060     return 0;
1061
1062 nomem:
1063     /* Free all allocations */
1064     kfree(ep->auth_hmacs_list);
1065     kfree(ep->auth_chunk_list);
1066     ep->auth_hmacs_list = NULL;
1067     ep->auth_chunk_list = NULL;
1068     return err;
1069 }
1070
1071 void sctp_auth_free(struct sctp_endpoint *ep)
1072 {
1073     kfree(ep->auth_hmacs_list);
1074     kfree(ep->auth_chunk_list);
1075     ep->auth_hmacs_list = NULL;
1076     ep->auth_chunk_list = NULL;
1077     sctp_auth_destroy_hmacs(ep->auth_hmacs);
1078     ep->auth_hmacs = NULL;
1079 }