summaryrefslogtreecommitdiffstats
path: root/net/sctp/auth.c
diff options
context:
space:
mode:
authorXin Long <lucien.xin@gmail.com>2018-03-14 12:05:32 +0100
committerDavid S. Miller <davem@davemloft.net>2018-03-14 18:48:27 +0100
commit601590ec155aadf5daa17a6f63a06d1bba5b5ce9 (patch)
treeaae57064566efa950941a511a38f9bd0de166076 /net/sctp/auth.c
parentsctp: add support for SCTP AUTH Information for sendmsg (diff)
downloadlinux-601590ec155aadf5daa17a6f63a06d1bba5b5ce9.tar.xz
linux-601590ec155aadf5daa17a6f63a06d1bba5b5ce9.zip
sctp: add sockopt SCTP_AUTH_DEACTIVATE_KEY
This patch is to add sockopt SCTP_AUTH_DEACTIVATE_KEY, as described in section 8.3.4 of RFC6458. This set option indicates that the application will no longer send user messages using the indicated key identifier. Note that RFC requires that only deactivated keys that are no longer used by an association can be deleted, but for the backward compatibility, it is not to check deactivated when deleting or replacing one sh_key. Signed-off-by: Xin Long <lucien.xin@gmail.com> Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/sctp/auth.c')
-rw-r--r--net/sctp/auth.c46
1 files changed, 43 insertions, 3 deletions
diff --git a/net/sctp/auth.c b/net/sctp/auth.c
index e5214fd7f650..a073123fc485 100644
--- a/net/sctp/auth.c
+++ b/net/sctp/auth.c
@@ -449,8 +449,11 @@ struct sctp_shared_key *sctp_auth_get_shkey(
/* First search associations set of endpoint pair shared keys */
key_for_each(key, &asoc->endpoint_shared_keys) {
- if (key->key_id == key_id)
- return key;
+ if (key->key_id == key_id) {
+ if (!key->deactivated)
+ return key;
+ break;
+ }
}
return NULL;
@@ -905,7 +908,7 @@ int sctp_auth_set_active_key(struct sctp_endpoint *ep,
}
}
- if (!found)
+ if (!found || key->deactivated)
return -EINVAL;
if (asoc) {
@@ -956,3 +959,40 @@ int sctp_auth_del_key_id(struct sctp_endpoint *ep,
return 0;
}
+
+int sctp_auth_deact_key_id(struct sctp_endpoint *ep,
+ struct sctp_association *asoc, __u16 key_id)
+{
+ struct sctp_shared_key *key;
+ struct list_head *sh_keys;
+ int found = 0;
+
+ /* The key identifier MUST NOT be the current active key
+ * The key identifier MUST correst to an existing key
+ */
+ if (asoc) {
+ if (asoc->active_key_id == key_id)
+ return -EINVAL;
+
+ sh_keys = &asoc->endpoint_shared_keys;
+ } else {
+ if (ep->active_key_id == key_id)
+ return -EINVAL;
+
+ sh_keys = &ep->endpoint_shared_keys;
+ }
+
+ key_for_each(key, sh_keys) {
+ if (key->key_id == key_id) {
+ found = 1;
+ break;
+ }
+ }
+
+ if (!found)
+ return -EINVAL;
+
+ key->deactivated = 1;
+
+ return 0;
+}