1
/* SCTP kernel implementation
2
 * (C) Copyright 2007 Hewlett-Packard Development Company, L.P.
3
 *
4
 * This file is part of the SCTP kernel implementation
5
 *
6
 * This SCTP implementation is free software;
7
 * you can redistribute it and/or modify it under the terms of
8
 * the GNU General Public License as published by
9
 * the Free Software Foundation; either version 2, or (at your option)
10
 * any later version.
11
 *
12
 * This SCTP implementation is distributed in the hope that it
13
 * will be useful, but WITHOUT ANY WARRANTY; without even the implied
14
 *                 ************************
15
 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
16
 * See the GNU General Public License for more details.
17
 *
18
 * You should have received a copy of the GNU General Public License
19
 * along with GNU CC; see the file COPYING.  If not, write to
20
 * the Free Software Foundation, 59 Temple Place - Suite 330,
21
 * Boston, MA 02111-1307, USA.
22
 *
23
 * Please send any bug reports or fixes you make to the
24
 * email address(es):
25
 *    lksctp developers <[email protected]>
26
 *
27
 * Or submit a bug report through the following website:
28
 *    http://www.sf.net/projects/lksctp
29
 *
30
 * Written or modified by:
31
 *   Vlad Yasevich     <[email protected]>
32
 *
33
 * Any bugs reported given to us we will try to fix... any fixes shared will
34
 * be incorporated into the next SCTP release.
35
 */
36

37
#include <linux/slab.h>
38
#include <linux/types.h>
39
#include <linux/crypto.h>
40
#include <linux/scatterlist.h>
41
#include <net/sctp/sctp.h>
42
#include <net/sctp/auth.h>
43

44
static struct sctp_hmac sctp_hmac_list[SCTP_AUTH_NUM_HMACS] = {
45
	{
46
		/* id 0 is reserved.  as all 0 */
47
		.hmac_id = SCTP_AUTH_HMAC_ID_RESERVED_0,
48
	},
49
	{
50
		.hmac_id = SCTP_AUTH_HMAC_ID_SHA1,
51
		.hmac_name="hmac(sha1)",
52
		.hmac_len = SCTP_SHA1_SIG_SIZE,
53
	},
54
	{
55
		/* id 2 is reserved as well */
56
		.hmac_id = SCTP_AUTH_HMAC_ID_RESERVED_2,
57
	},
58
#if defined (CONFIG_CRYPTO_SHA256) || defined (CONFIG_CRYPTO_SHA256_MODULE)
59
	{
60
		.hmac_id = SCTP_AUTH_HMAC_ID_SHA256,
61
		.hmac_name="hmac(sha256)",
62
		.hmac_len = SCTP_SHA256_SIG_SIZE,
63
	}
64
#endif
65
};
66

67

68
void sctp_auth_key_put(struct sctp_auth_bytes *key)
69
{
70
	if (!key)
71
		return;
72

73
	if (atomic_dec_and_test(&key->refcnt)) {
74
		kfree(key);
75
		SCTP_DBG_OBJCNT_DEC(keys);
76
	}
77
}
78

79
/* Create a new key structure of a given length */
80
static struct sctp_auth_bytes *sctp_auth_create_key(__u32 key_len, gfp_t gfp)
81
{
82
	struct sctp_auth_bytes *key;
83

84
	/* Verify that we are not going to overflow INT_MAX */
85
	if ((INT_MAX - key_len) < sizeof(struct sctp_auth_bytes))
86
		return NULL;
87

88
	/* Allocate the shared key */
89
	key = kmalloc(sizeof(struct sctp_auth_bytes) + key_len, gfp);
90
	if (!key)
91
		return NULL;
92

93
	key->len = key_len;
94
	atomic_set(&key->refcnt, 1);
95
	SCTP_DBG_OBJCNT_INC(keys);
96

97
	return key;
98
}
99

100
/* Create a new shared key container with a give key id */
101
struct sctp_shared_key *sctp_auth_shkey_create(__u16 key_id, gfp_t gfp)
102
{
103
	struct sctp_shared_key *new;
104

105
	/* Allocate the shared key container */
106
	new = kzalloc(sizeof(struct sctp_shared_key), gfp);
107
	if (!new)
108
		return NULL;
109

110
	INIT_LIST_HEAD(&new->key_list);
111
	new->key_id = key_id;
112

113
	return new;
114
}
115

116
/* Free the shared key structure */
117
static void sctp_auth_shkey_free(struct sctp_shared_key *sh_key)
118
{
119
	BUG_ON(!list_empty(&sh_key->key_list));
120
	sctp_auth_key_put(sh_key->key);
121
	sh_key->key = NULL;
122
	kfree(sh_key);
123
}
124

125
/* Destroy the entire key list.  This is done during the
126
 * associon and endpoint free process.
127
 */
128
void sctp_auth_destroy_keys(struct list_head *keys)
129
{
130
	struct sctp_shared_key *ep_key;
131
	struct sctp_shared_key *tmp;
132

133
	if (list_empty(keys))
134
		return;
135

136
	key_for_each_safe(ep_key, tmp, keys) {
137
		list_del_init(&ep_key->key_list);
138
		sctp_auth_shkey_free(ep_key);
139
	}
140
}
141

142
/* Compare two byte vectors as numbers.  Return values
143
 * are:
144
 * 	  0 - vectors are equal
145
 * 	< 0 - vector 1 is smaller than vector2
146
 * 	> 0 - vector 1 is greater than vector2
147
 *
148
 * Algorithm is:
149
 * 	This is performed by selecting the numerically smaller key vector...
150
 *	If the key vectors are equal as numbers but differ in length ...
151
 *	the shorter vector is considered smaller
152
 *
153
 * Examples (with small values):
154
 * 	000123456789 > 123456789 (first number is longer)
155
 * 	000123456789 < 234567891 (second number is larger numerically)
156
 * 	123456789 > 2345678 	 (first number is both larger & longer)
157
 */
158
static int sctp_auth_compare_vectors(struct sctp_auth_bytes *vector1,
159
			      struct sctp_auth_bytes *vector2)
160
{
161
	int diff;
162
	int i;
163
	const __u8 *longer;
164

165
	diff = vector1->len - vector2->len;
166
	if (diff) {
167
		longer = (diff > 0) ? vector1->data : vector2->data;
168

169
		/* Check to see if the longer number is
170
		 * lead-zero padded.  If it is not, it
171
		 * is automatically larger numerically.
172
		 */
173
		for (i = 0; i < abs(diff); i++ ) {
174
			if (longer[i] != 0)
175
				return diff;
176
		}
177
	}
178

179
	/* lengths are the same, compare numbers */
180
	return memcmp(vector1->data, vector2->data, vector1->len);
181
}
182

183
/*
184
 * Create a key vector as described in SCTP-AUTH, Section 6.1
185
 *    The RANDOM parameter, the CHUNKS parameter and the HMAC-ALGO
186
 *    parameter sent by each endpoint are concatenated as byte vectors.
187
 *    These parameters include the parameter type, parameter length, and
188
 *    the parameter value, but padding is omitted; all padding MUST be
189
 *    removed from this concatenation before proceeding with further
190
 *    computation of keys.  Parameters which were not sent are simply
191
 *    omitted from the concatenation process.  The resulting two vectors
192
 *    are called the two key vectors.
193
 */
194
static struct sctp_auth_bytes *sctp_auth_make_key_vector(
195
			sctp_random_param_t *random,
196
			sctp_chunks_param_t *chunks,
197
			sctp_hmac_algo_param_t *hmacs,
198
			gfp_t gfp)
199
{
200
	struct sctp_auth_bytes *new;
201
	__u32	len;
202
	__u32	offset = 0;
203

204
	len = ntohs(random->param_hdr.length) + ntohs(hmacs->param_hdr.length);
205
        if (chunks)
206
		len += ntohs(chunks->param_hdr.length);
207

208
	new = kmalloc(sizeof(struct sctp_auth_bytes) + len, gfp);
209
	if (!new)
210
		return NULL;
211

212
	new->len = len;
213

214
	memcpy(new->data, random, ntohs(random->param_hdr.length));
215
	offset += ntohs(random->param_hdr.length);
216

217
	if (chunks) {
218
		memcpy(new->data + offset, chunks,
219
			ntohs(chunks->param_hdr.length));
220
		offset += ntohs(chunks->param_hdr.length);
221
	}
222

223
	memcpy(new->data + offset, hmacs, ntohs(hmacs->param_hdr.length));
224

225
	return new;
226
}
227

228

229
/* Make a key vector based on our local parameters */
230
static struct sctp_auth_bytes *sctp_auth_make_local_vector(
231
				    const struct sctp_association *asoc,
232
				    gfp_t gfp)
233
{
234
	return sctp_auth_make_key_vector(
235
				    (sctp_random_param_t*)asoc->c.auth_random,
236
				    (sctp_chunks_param_t*)asoc->c.auth_chunks,
237
				    (sctp_hmac_algo_param_t*)asoc->c.auth_hmacs,
238
				    gfp);
239
}
240

241
/* Make a key vector based on peer's parameters */
242
static struct sctp_auth_bytes *sctp_auth_make_peer_vector(
243
				    const struct sctp_association *asoc,
244
				    gfp_t gfp)
245
{
246
	return sctp_auth_make_key_vector(asoc->peer.peer_random,
247
					 asoc->peer.peer_chunks,
248
					 asoc->peer.peer_hmacs,
249
					 gfp);
250
}
251

252

253
/* Set the value of the association shared key base on the parameters
254
 * given.  The algorithm is:
255
 *    From the endpoint pair shared keys and the key vectors the
256
 *    association shared keys are computed.  This is performed by selecting
257
 *    the numerically smaller key vector and concatenating it to the
258
 *    endpoint pair shared key, and then concatenating the numerically
259
 *    larger key vector to that.  The result of the concatenation is the
260
 *    association shared key.
261
 */
262
static struct sctp_auth_bytes *sctp_auth_asoc_set_secret(
263
			struct sctp_shared_key *ep_key,
264
			struct sctp_auth_bytes *first_vector,
265
			struct sctp_auth_bytes *last_vector,
266
			gfp_t gfp)
267
{
268
	struct sctp_auth_bytes *secret;
269
	__u32 offset = 0;
270
	__u32 auth_len;
271

272
	auth_len = first_vector->len + last_vector->len;
273
	if (ep_key->key)
274
		auth_len += ep_key->key->len;
275

276
	secret = sctp_auth_create_key(auth_len, gfp);
277
	if (!secret)
278
		return NULL;
279

280
	if (ep_key->key) {
281
		memcpy(secret->data, ep_key->key->data, ep_key->key->len);
282
		offset += ep_key->key->len;
283
	}
284

285
	memcpy(secret->data + offset, first_vector->data, first_vector->len);
286
	offset += first_vector->len;
287

288
	memcpy(secret->data + offset, last_vector->data, last_vector->len);
289

290
	return secret;
291
}
292

293
/* Create an association shared key.  Follow the algorithm
294
 * described in SCTP-AUTH, Section 6.1
295
 */
296
static struct sctp_auth_bytes *sctp_auth_asoc_create_secret(
297
				 const struct sctp_association *asoc,
298
				 struct sctp_shared_key *ep_key,
299
				 gfp_t gfp)
300
{
301
	struct sctp_auth_bytes *local_key_vector;
302
	struct sctp_auth_bytes *peer_key_vector;
303
	struct sctp_auth_bytes	*first_vector,
304
				*last_vector;
305
	struct sctp_auth_bytes	*secret = NULL;
306
	int	cmp;
307

308

309
	/* Now we need to build the key vectors
310
	 * SCTP-AUTH , Section 6.1
311
	 *    The RANDOM parameter, the CHUNKS parameter and the HMAC-ALGO
312
	 *    parameter sent by each endpoint are concatenated as byte vectors.
313
	 *    These parameters include the parameter type, parameter length, and
314
	 *    the parameter value, but padding is omitted; all padding MUST be
315
	 *    removed from this concatenation before proceeding with further
316
	 *    computation of keys.  Parameters which were not sent are simply
317
	 *    omitted from the concatenation process.  The resulting two vectors
318
	 *    are called the two key vectors.
319
	 */
320

321
	local_key_vector = sctp_auth_make_local_vector(asoc, gfp);
322
	peer_key_vector = sctp_auth_make_peer_vector(asoc, gfp);
323

324
	if (!peer_key_vector || !local_key_vector)
325
		goto out;
326

327
	/* Figure out the order in which the key_vectors will be
328
	 * added to the endpoint shared key.
329
	 * SCTP-AUTH, Section 6.1:
330
	 *   This is performed by selecting the numerically smaller key
331
	 *   vector and concatenating it to the endpoint pair shared
332
	 *   key, and then concatenating the numerically larger key
333
	 *   vector to that.  If the key vectors are equal as numbers
334
	 *   but differ in length, then the concatenation order is the
335
	 *   endpoint shared key, followed by the shorter key vector,
336
	 *   followed by the longer key vector.  Otherwise, the key
337
	 *   vectors are identical, and may be concatenated to the
338
	 *   endpoint pair key in any order.
339
	 */
340
	cmp = sctp_auth_compare_vectors(local_key_vector,
341
					peer_key_vector);
342
	if (cmp < 0) {
343
		first_vector = local_key_vector;
344
		last_vector = peer_key_vector;
345
	} else {
346
		first_vector = peer_key_vector;
347
		last_vector = local_key_vector;
348
	}
349

350
	secret = sctp_auth_asoc_set_secret(ep_key, first_vector, last_vector,
351
					    gfp);
352
out:
353
	kfree(local_key_vector);
354
	kfree(peer_key_vector);
355

356
	return secret;
357
}
358

359
/*
360
 * Populate the association overlay list with the list
361
 * from the endpoint.
362
 */
363
int sctp_auth_asoc_copy_shkeys(const struct sctp_endpoint *ep,
364
				struct sctp_association *asoc,
365
				gfp_t gfp)
366
{
367
	struct sctp_shared_key *sh_key;
368
	struct sctp_shared_key *new;
369

370
	BUG_ON(!list_empty(&asoc->endpoint_shared_keys));
371

372
	key_for_each(sh_key, &ep->endpoint_shared_keys) {
373
		new = sctp_auth_shkey_create(sh_key->key_id, gfp);
374
		if (!new)
375
			goto nomem;
376

377
		new->key = sh_key->key;
378
		sctp_auth_key_hold(new->key);
379
		list_add(&new->key_list, &asoc->endpoint_shared_keys);
380
	}
381

382
	return 0;
383

384
nomem:
385
	sctp_auth_destroy_keys(&asoc->endpoint_shared_keys);
386
	return -ENOMEM;
387
}
388

389

390
/* Public interface to creat the association shared key.
391
 * See code above for the algorithm.
392
 */
393
int sctp_auth_asoc_init_active_key(struct sctp_association *asoc, gfp_t gfp)
394
{
395
	struct sctp_auth_bytes	*secret;
396
	struct sctp_shared_key *ep_key;
397

398
	/* If we don't support AUTH, or peer is not capable
399
	 * we don't need to do anything.
400
	 */
401
	if (!sctp_auth_enable || !asoc->peer.auth_capable)
402
		return 0;
403

404
	/* If the key_id is non-zero and we couldn't find an
405
	 * endpoint pair shared key, we can't compute the
406
	 * secret.
407
	 * For key_id 0, endpoint pair shared key is a NULL key.
408
	 */
409
	ep_key = sctp_auth_get_shkey(asoc, asoc->active_key_id);
410
	BUG_ON(!ep_key);
411

412
	secret = sctp_auth_asoc_create_secret(asoc, ep_key, gfp);
413
	if (!secret)
414
		return -ENOMEM;
415

416
	sctp_auth_key_put(asoc->asoc_shared_key);
417
	asoc->asoc_shared_key = secret;
418

419
	return 0;
420
}
421

422

423
/* Find the endpoint pair shared key based on the key_id */
424
struct sctp_shared_key *sctp_auth_get_shkey(
425
				const struct sctp_association *asoc,
426
				__u16 key_id)
427
{
428
	struct sctp_shared_key *key;
429

430
	/* First search associations set of endpoint pair shared keys */
431
	key_for_each(key, &asoc->endpoint_shared_keys) {
432
		if (key->key_id == key_id)
433
			return key;
434
	}
435

436
	return NULL;
437
}
438

439
/*
440
 * Initialize all the possible digest transforms that we can use.  Right now
441
 * now, the supported digests are SHA1 and SHA256.  We do this here once
442
 * because of the restrictiong that transforms may only be allocated in
443
 * user context.  This forces us to pre-allocated all possible transforms
444
 * at the endpoint init time.
445
 */
446
int sctp_auth_init_hmacs(struct sctp_endpoint *ep, gfp_t gfp)
447
{
448
	struct crypto_hash *tfm = NULL;
449
	__u16   id;
450

451
	/* if the transforms are already allocted, we are done */
452
	if (!sctp_auth_enable) {
453
		ep->auth_hmacs = NULL;
454
		return 0;
455
	}
456

457
	if (ep->auth_hmacs)
458
		return 0;
459

460
	/* Allocated the array of pointers to transorms */
461
	ep->auth_hmacs = kzalloc(
462
			    sizeof(struct crypto_hash *) * SCTP_AUTH_NUM_HMACS,
463
			    gfp);
464
	if (!ep->auth_hmacs)
465
		return -ENOMEM;
466

467
	for (id = 0; id < SCTP_AUTH_NUM_HMACS; id++) {
468

469
		/* See is we support the id.  Supported IDs have name and
470
		 * length fields set, so that we can allocated and use
471
		 * them.  We can safely just check for name, for without the
472
		 * name, we can't allocate the TFM.
473
		 */
474
		if (!sctp_hmac_list[id].hmac_name)
475
			continue;
476

477
		/* If this TFM has been allocated, we are all set */
478
		if (ep->auth_hmacs[id])
479
			continue;
480

481
		/* Allocate the ID */
482
		tfm = crypto_alloc_hash(sctp_hmac_list[id].hmac_name, 0,
483
					CRYPTO_ALG_ASYNC);
484
		if (IS_ERR(tfm))
485
			goto out_err;
486

487
		ep->auth_hmacs[id] = tfm;
488
	}
489

490
	return 0;
491

492
out_err:
493
	/* Clean up any successful allocations */
494
	sctp_auth_destroy_hmacs(ep->auth_hmacs);
495
	return -ENOMEM;
496
}
497

498
/* Destroy the hmac tfm array */
499
void sctp_auth_destroy_hmacs(struct crypto_hash *auth_hmacs[])
500
{
501
	int i;
502

503
	if (!auth_hmacs)
504
		return;
505

506
	for (i = 0; i < SCTP_AUTH_NUM_HMACS; i++)
507
	{
508
		if (auth_hmacs[i])
509
			crypto_free_hash(auth_hmacs[i]);
510
	}
511
	kfree(auth_hmacs);
512
}
513

514

515
struct sctp_hmac *sctp_auth_get_hmac(__u16 hmac_id)
516
{
517
	return &sctp_hmac_list[hmac_id];
518
}
519

520
/* Get an hmac description information that we can use to build
521
 * the AUTH chunk
522
 */
523
struct sctp_hmac *sctp_auth_asoc_get_hmac(const struct sctp_association *asoc)
524
{
525
	struct sctp_hmac_algo_param *hmacs;
526
	__u16 n_elt;
527
	__u16 id = 0;
528
	int i;
529

530
	/* If we have a default entry, use it */
531
	if (asoc->default_hmac_id)
532
		return &sctp_hmac_list[asoc->default_hmac_id];
533

534
	/* Since we do not have a default entry, find the first entry
535
	 * we support and return that.  Do not cache that id.
536
	 */
537
	hmacs = asoc->peer.peer_hmacs;
538
	if (!hmacs)
539
		return NULL;
540

541
	n_elt = (ntohs(hmacs->param_hdr.length) - sizeof(sctp_paramhdr_t)) >> 1;
542
	for (i = 0; i < n_elt; i++) {
543
		id = ntohs(hmacs->hmac_ids[i]);
544

545
		/* Check the id is in the supported range */
546
		if (id > SCTP_AUTH_HMAC_ID_MAX) {
547
			id = 0;
548
			continue;
549
		}
550

551
		/* See is we support the id.  Supported IDs have name and
552
		 * length fields set, so that we can allocated and use
553
		 * them.  We can safely just check for name, for without the
554
		 * name, we can't allocate the TFM.
555
		 */
556
		if (!sctp_hmac_list[id].hmac_name) {
557
			id = 0;
558
			continue;
559
		}
560

561
		break;
562
	}
563

564
	if (id == 0)
565
		return NULL;
566

567
	return &sctp_hmac_list[id];
568
}
569

570
static int __sctp_auth_find_hmacid(__be16 *hmacs, int n_elts, __be16 hmac_id)
571
{
572
	int  found = 0;
573
	int  i;
574

575
	for (i = 0; i < n_elts; i++) {
576
		if (hmac_id == hmacs[i]) {
577
			found = 1;
578
			break;
579
		}
580
	}
581

582
	return found;
583
}
584

585
/* See if the HMAC_ID is one that we claim as supported */
586
int sctp_auth_asoc_verify_hmac_id(const struct sctp_association *asoc,
587
				    __be16 hmac_id)
588
{
589
	struct sctp_hmac_algo_param *hmacs;
590
	__u16 n_elt;
591

592
	if (!asoc)
593
		return 0;
594

595
	hmacs = (struct sctp_hmac_algo_param *)asoc->c.auth_hmacs;
596
	n_elt = (ntohs(hmacs->param_hdr.length) - sizeof(sctp_paramhdr_t)) >> 1;
597

598
	return __sctp_auth_find_hmacid(hmacs->hmac_ids, n_elt, hmac_id);
599
}
600

601

602
/* Cache the default HMAC id.  This to follow this text from SCTP-AUTH:
603
 * Section 6.1:
604
 *   The receiver of a HMAC-ALGO parameter SHOULD use the first listed
605
 *   algorithm it supports.
606
 */
607
void sctp_auth_asoc_set_default_hmac(struct sctp_association *asoc,
608
				     struct sctp_hmac_algo_param *hmacs)
609
{
610
	struct sctp_endpoint *ep;
611
	__u16   id;
612
	int	i;
613
	int	n_params;
614

615
	/* if the default id is already set, use it */
616
	if (asoc->default_hmac_id)
617
		return;
618

619
	n_params = (ntohs(hmacs->param_hdr.length)
620
				- sizeof(sctp_paramhdr_t)) >> 1;
621
	ep = asoc->ep;
622
	for (i = 0; i < n_params; i++) {
623
		id = ntohs(hmacs->hmac_ids[i]);
624

625
		/* Check the id is in the supported range */
626
		if (id > SCTP_AUTH_HMAC_ID_MAX)
627
			continue;
628

629
		/* If this TFM has been allocated, use this id */
630
		if (ep->auth_hmacs[id]) {
631
			asoc->default_hmac_id = id;
632
			break;
633
		}
634
	}
635
}
636

637

638
/* Check to see if the given chunk is supposed to be authenticated */
639
static int __sctp_auth_cid(sctp_cid_t chunk, struct sctp_chunks_param *param)
640
{
641
	unsigned short len;
642
	int found = 0;
643
	int i;
644

645
	if (!param || param->param_hdr.length == 0)
646
		return 0;
647

648
	len = ntohs(param->param_hdr.length) - sizeof(sctp_paramhdr_t);
649

650
	/* SCTP-AUTH, Section 3.2
651
	 *    The chunk types for INIT, INIT-ACK, SHUTDOWN-COMPLETE and AUTH
652
	 *    chunks MUST NOT be listed in the CHUNKS parameter.  However, if
653
	 *    a CHUNKS parameter is received then the types for INIT, INIT-ACK,
654
	 *    SHUTDOWN-COMPLETE and AUTH chunks MUST be ignored.
655
	 */
656
	for (i = 0; !found && i < len; i++) {
657
		switch (param->chunks[i]) {
658
		    case SCTP_CID_INIT:
659
		    case SCTP_CID_INIT_ACK:
660
		    case SCTP_CID_SHUTDOWN_COMPLETE:
661
		    case SCTP_CID_AUTH:
662
			break;
663

664
		    default:
665
			if (param->chunks[i] == chunk)
666
			    found = 1;
667
			break;
668
		}
669
	}
670

671
	return found;
672
}
673

674
/* Check if peer requested that this chunk is authenticated */
675
int sctp_auth_send_cid(sctp_cid_t chunk, const struct sctp_association *asoc)
676
{
677
	if (!sctp_auth_enable || !asoc || !asoc->peer.auth_capable)
678
		return 0;
679

680
	return __sctp_auth_cid(chunk, asoc->peer.peer_chunks);
681
}
682

683
/* Check if we requested that peer authenticate this chunk. */
684
int sctp_auth_recv_cid(sctp_cid_t chunk, const struct sctp_association *asoc)
685
{
686
	if (!sctp_auth_enable || !asoc)
687
		return 0;
688

689
	return __sctp_auth_cid(chunk,
690
			      (struct sctp_chunks_param *)asoc->c.auth_chunks);
691
}
692

693
/* SCTP-AUTH: Section 6.2:
694
 *    The sender MUST calculate the MAC as described in RFC2104 [2] using
695
 *    the hash function H as described by the MAC Identifier and the shared
696
 *    association key K based on the endpoint pair shared key described by
697
 *    the shared key identifier.  The 'data' used for the computation of
698
 *    the AUTH-chunk is given by the AUTH chunk with its HMAC field set to
699
 *    zero (as shown in Figure 6) followed by all chunks that are placed
700
 *    after the AUTH chunk in the SCTP packet.
701
 */
702
void sctp_auth_calculate_hmac(const struct sctp_association *asoc,
703
			      struct sk_buff *skb,
704
			      struct sctp_auth_chunk *auth,
705
			      gfp_t gfp)
706
{
707
	struct scatterlist sg;
708
	struct hash_desc desc;
709
	struct sctp_auth_bytes *asoc_key;
710
	__u16 key_id, hmac_id;
711
	__u8 *digest;
712
	unsigned char *end;
713
	int free_key = 0;
714

715
	/* Extract the info we need:
716
	 * - hmac id
717
	 * - key id
718
	 */
719
	key_id = ntohs(auth->auth_hdr.shkey_id);
720
	hmac_id = ntohs(auth->auth_hdr.hmac_id);
721

722
	if (key_id == asoc->active_key_id)
723
		asoc_key = asoc->asoc_shared_key;
724
	else {
725
		struct sctp_shared_key *ep_key;
726

727
		ep_key = sctp_auth_get_shkey(asoc, key_id);
728
		if (!ep_key)
729
			return;
730

731
		asoc_key = sctp_auth_asoc_create_secret(asoc, ep_key, gfp);
732
		if (!asoc_key)
733
			return;
734

735
		free_key = 1;
736
	}
737

738
	/* set up scatter list */
739
	end = skb_tail_pointer(skb);
740
	sg_init_one(&sg, auth, end - (unsigned char *)auth);
741

742
	desc.tfm = asoc->ep->auth_hmacs[hmac_id];
743
	desc.flags = 0;
744

745
	digest = auth->auth_hdr.hmac;
746
	if (crypto_hash_setkey(desc.tfm, &asoc_key->data[0], asoc_key->len))
747
		goto free;
748

749
	crypto_hash_digest(&desc, &sg, sg.length, digest);
750

751
free:
752
	if (free_key)
753
		sctp_auth_key_put(asoc_key);
754
}
755

756
/* API Helpers */
757

758
/* Add a chunk to the endpoint authenticated chunk list */
759
int sctp_auth_ep_add_chunkid(struct sctp_endpoint *ep, __u8 chunk_id)
760
{
761
	struct sctp_chunks_param *p = ep->auth_chunk_list;
762
	__u16 nchunks;
763
	__u16 param_len;
764

765
	/* If this chunk is already specified, we are done */
766
	if (__sctp_auth_cid(chunk_id, p))
767
		return 0;
768

769
	/* Check if we can add this chunk to the array */
770
	param_len = ntohs(p->param_hdr.length);
771
	nchunks = param_len - sizeof(sctp_paramhdr_t);
772
	if (nchunks == SCTP_NUM_CHUNK_TYPES)
773
		return -EINVAL;
774

775
	p->chunks[nchunks] = chunk_id;
776
	p->param_hdr.length = htons(param_len + 1);
777
	return 0;
778
}
779

780
/* Add hmac identifires to the endpoint list of supported hmac ids */
781
int sctp_auth_ep_set_hmacs(struct sctp_endpoint *ep,
782
			   struct sctp_hmacalgo *hmacs)
783
{
784
	int has_sha1 = 0;
785
	__u16 id;
786
	int i;
787

788
	/* Scan the list looking for unsupported id.  Also make sure that
789
	 * SHA1 is specified.
790
	 */
791
	for (i = 0; i < hmacs->shmac_num_idents; i++) {
792
		id = hmacs->shmac_idents[i];
793

794
		if (id > SCTP_AUTH_HMAC_ID_MAX)
795
			return -EOPNOTSUPP;
796

797
		if (SCTP_AUTH_HMAC_ID_SHA1 == id)
798
			has_sha1 = 1;
799

800
		if (!sctp_hmac_list[id].hmac_name)
801
			return -EOPNOTSUPP;
802
	}
803

804
	if (!has_sha1)
805
		return -EINVAL;
806

807
	memcpy(ep->auth_hmacs_list->hmac_ids, &hmacs->shmac_idents[0],
808
		hmacs->shmac_num_idents * sizeof(__u16));
809
	ep->auth_hmacs_list->param_hdr.length = htons(sizeof(sctp_paramhdr_t) +
810
				hmacs->shmac_num_idents * sizeof(__u16));
811
	return 0;
812
}
813

814
/* Set a new shared key on either endpoint or association.  If the
815
 * the key with a same ID already exists, replace the key (remove the
816
 * old key and add a new one).
817
 */
818
int sctp_auth_set_key(struct sctp_endpoint *ep,
819
		      struct sctp_association *asoc,
820
		      struct sctp_authkey *auth_key)
821
{
822
	struct sctp_shared_key *cur_key = NULL;
823
	struct sctp_auth_bytes *key;
824
	struct list_head *sh_keys;
825
	int replace = 0;
826

827
	/* Try to find the given key id to see if
828
	 * we are doing a replace, or adding a new key
829
	 */
830
	if (asoc)
831
		sh_keys = &asoc->endpoint_shared_keys;
832
	else
833
		sh_keys = &ep->endpoint_shared_keys;
834

835
	key_for_each(cur_key, sh_keys) {
836
		if (cur_key->key_id == auth_key->sca_keynumber) {
837
			replace = 1;
838
			break;
839
		}
840
	}
841

842
	/* If we are not replacing a key id, we need to allocate
843
	 * a shared key.
844
	 */
845
	if (!replace) {
846
		cur_key = sctp_auth_shkey_create(auth_key->sca_keynumber,
847
						 GFP_KERNEL);
848
		if (!cur_key)
849
			return -ENOMEM;
850
	}
851

852
	/* Create a new key data based on the info passed in */
853
	key = sctp_auth_create_key(auth_key->sca_keylength, GFP_KERNEL);
854
	if (!key)
855
		goto nomem;
856

857
	memcpy(key->data, &auth_key->sca_key[0], auth_key->sca_keylength);
858

859
	/* If we are replacing, remove the old keys data from the
860
	 * key id.  If we are adding new key id, add it to the
861
	 * list.
862
	 */
863
	if (replace)
864
		sctp_auth_key_put(cur_key->key);
865
	else
866
		list_add(&cur_key->key_list, sh_keys);
867

868
	cur_key->key = key;
869
	sctp_auth_key_hold(key);
870

871
	return 0;
872
nomem:
873
	if (!replace)
874
		sctp_auth_shkey_free(cur_key);
875

876
	return -ENOMEM;
877
}
878

879
int sctp_auth_set_active_key(struct sctp_endpoint *ep,
880
			     struct sctp_association *asoc,
881
			     __u16  key_id)
882
{
883
	struct sctp_shared_key *key;
884
	struct list_head *sh_keys;
885
	int found = 0;
886

887
	/* The key identifier MUST correst to an existing key */
888
	if (asoc)
889
		sh_keys = &asoc->endpoint_shared_keys;
890
	else
891
		sh_keys = &ep->endpoint_shared_keys;
892

893
	key_for_each(key, sh_keys) {
894
		if (key->key_id == key_id) {
895
			found = 1;
896
			break;
897
		}
898
	}
899

900
	if (!found)
901
		return -EINVAL;
902

903
	if (asoc) {
904
		asoc->active_key_id = key_id;
905
		sctp_auth_asoc_init_active_key(asoc, GFP_KERNEL);
906
	} else
907
		ep->active_key_id = key_id;
908

909
	return 0;
910
}
911

912
int sctp_auth_del_key_id(struct sctp_endpoint *ep,
913
			 struct sctp_association *asoc,
914
			 __u16  key_id)
915
{
916
	struct sctp_shared_key *key;
917
	struct list_head *sh_keys;
918
	int found = 0;
919

920
	/* The key identifier MUST NOT be the current active key
921
	 * The key identifier MUST correst to an existing key
922
	 */
923
	if (asoc) {
924
		if (asoc->active_key_id == key_id)
925
			return -EINVAL;
926

927
		sh_keys = &asoc->endpoint_shared_keys;
928
	} else {
929
		if (ep->active_key_id == key_id)
930
			return -EINVAL;
931

932
		sh_keys = &ep->endpoint_shared_keys;
933
	}
934

935
	key_for_each(key, sh_keys) {
936
		if (key->key_id == key_id) {
937
			found = 1;
938
			break;
939
		}
940
	}
941

942
	if (!found)
943
		return -EINVAL;
944

945
	/* Delete the shared key */
946
	list_del_init(&key->key_list);
947
	sctp_auth_shkey_free(key);
948

949
	return 0;
950
}
951

952