summaryrefslogtreecommitdiffstats
path: root/net/sctp/sm_statefuns.c
diff options
context:
space:
mode:
authorVlad Yasevich <vladislav.yasevich@hp.com>2007-09-17 04:32:11 +0200
committerDavid S. Miller <davem@sunset.davemloft.net>2007-10-11 01:51:30 +0200
commit730fc3d05cd4ba4c9ce2de91f3d43349e95dbbf5 (patch)
tree50a59c6592a7546f9d54364f26dc2a03f5f18345 /net/sctp/sm_statefuns.c
parent[SCTP]: Implement SCTP-AUTH initializations. (diff)
downloadlinux-730fc3d05cd4ba4c9ce2de91f3d43349e95dbbf5.tar.xz
linux-730fc3d05cd4ba4c9ce2de91f3d43349e95dbbf5.zip
[SCTP]: Implete SCTP-AUTH parameter processing
Implement processing for the CHUNKS, RANDOM, and HMAC parameters and deal with how this parameters are effected by association restarts. In particular, during unexpeted INIT processing, we need to reply with parameters from the original INIT chunk. Also, after restart, we need to update the old association with new peer parameters and change the association shared keys. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/sctp/sm_statefuns.c')
-rw-r--r--net/sctp/sm_statefuns.c35
1 files changed, 35 insertions, 0 deletions
diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
index ec0328b1cdb1..385486360fe9 100644
--- a/net/sctp/sm_statefuns.c
+++ b/net/sctp/sm_statefuns.c
@@ -549,6 +549,11 @@ sctp_disposition_t sctp_sf_do_5_1C_ack(const struct sctp_endpoint *ep,
sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
SCTP_STATE(SCTP_STATE_COOKIE_ECHOED));
+ /* SCTP-AUTH: genereate the assocition shared keys so that
+ * we can potentially signe the COOKIE-ECHO.
+ */
+ sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_SHKEY, SCTP_NULL());
+
/* 5.1 C) "A" shall then send the State Cookie received in the
* INIT ACK chunk in a COOKIE ECHO chunk, ...
*/
@@ -686,6 +691,14 @@ sctp_disposition_t sctp_sf_do_5_1D_ce(const struct sctp_endpoint *ep,
peer_init, GFP_ATOMIC))
goto nomem_init;
+ /* SCTP-AUTH: Now that we've populate required fields in
+ * sctp_process_init, set up the assocaition shared keys as
+ * necessary so that we can potentially authenticate the ACK
+ */
+ error = sctp_auth_asoc_init_active_key(new_asoc, GFP_ATOMIC);
+ if (error)
+ goto nomem_init;
+
repl = sctp_make_cookie_ack(new_asoc, chunk);
if (!repl)
goto nomem_init;
@@ -1247,6 +1260,26 @@ static void sctp_tietags_populate(struct sctp_association *new_asoc,
new_asoc->c.initial_tsn = asoc->c.initial_tsn;
}
+static void sctp_auth_params_populate(struct sctp_association *new_asoc,
+ const struct sctp_association *asoc)
+{
+ /* Only perform this if AUTH extension is enabled */
+ if (!sctp_auth_enable)
+ return;
+
+ /* We need to provide the same parameter information as
+ * was in the original INIT. This means that we need to copy
+ * the HMACS, CHUNKS, and RANDOM parameter from the original
+ * assocaition.
+ */
+ memcpy(new_asoc->c.auth_random, asoc->c.auth_random,
+ sizeof(asoc->c.auth_random));
+ memcpy(new_asoc->c.auth_hmacs, asoc->c.auth_hmacs,
+ sizeof(asoc->c.auth_hmacs));
+ memcpy(new_asoc->c.auth_chunks, asoc->c.auth_chunks,
+ sizeof(asoc->c.auth_chunks));
+}
+
/*
* Compare vtag/tietag values to determine unexpected COOKIE-ECHO
* handling action.
@@ -1404,6 +1437,8 @@ static sctp_disposition_t sctp_sf_do_unexpected_init(
sctp_tietags_populate(new_asoc, asoc);
+ sctp_auth_params_populate(new_asoc, asoc);
+
/* B) "Z" shall respond immediately with an INIT ACK chunk. */
/* If there are errors need to be reported for unknown parameters,