git.oblomov.eu Git - linux-2.6/blob - net/ipv4/ah4.c

   1 #include <linux/module.h>
   2 #include <net/ip.h>
   3 #include <net/xfrm.h>
   4 #include <net/ah.h>
   5 #include <linux/crypto.h>
   6 #include <linux/pfkeyv2.h>
   7 #include <net/icmp.h>
   8 #include <net/protocol.h>
   9 #include <asm/scatterlist.h>
  10
  11
  12 /* Clear mutable options and find final destination to substitute
  13  * into IP header for icv calculation. Options are already checked
  14  * for validity, so paranoia is not required. */
  15
  16 static int ip_clear_mutable_options(struct iphdr *iph, u32 *daddr)
  17 {
  18         unsigned char * optptr = (unsigned char*)(iph+1);
  19         int  l = iph->ihl*4 - sizeof(struct iphdr);
  20         int  optlen;
  21
  22         while (l > 0) {
  23                 switch (*optptr) {
  24                 case IPOPT_END:
  25                         return 0;
  26                 case IPOPT_NOOP:
  27                         l--;
  28                         optptr++;
  29                         continue;
  30                 }
  31                 optlen = optptr[1];
  32                 if (optlen<2 || optlen>l)
  33                         return -EINVAL;
  34                 switch (*optptr) {
  35                 case IPOPT_SEC:
  36                 case 0x85:      /* Some "Extended Security" crap. */
  37                 case 0x86:      /* Another "Commercial Security" crap. */
  38                 case IPOPT_RA:
  39                 case 0x80|21:   /* RFC1770 */
  40                         break;
  41                 case IPOPT_LSRR:
  42                 case IPOPT_SSRR:
  43                         if (optlen < 6)
  44                                 return -EINVAL;
  45                         memcpy(daddr, optptr+optlen-4, 4);
  46                         /* Fall through */
  47                 default:
  48                         memset(optptr+2, 0, optlen-2);
  49                 }
  50                 l -= optlen;
  51                 optptr += optlen;
  52         }
  53         return 0;
  54 }
  55
  56 static int ah_output(struct xfrm_state *x, struct sk_buff *skb)
  57 {
  58         int err;
  59         struct iphdr *iph, *top_iph;
  60         struct ip_auth_hdr *ah;
  61         struct ah_data *ahp;
  62         union {
  63                 struct iphdr    iph;
  64                 char            buf[60];
  65         } tmp_iph;
  66
  67         top_iph = skb->nh.iph;
  68         iph = &tmp_iph.iph;
  69
  70         iph->tos = top_iph->tos;
  71         iph->ttl = top_iph->ttl;
  72         iph->frag_off = top_iph->frag_off;
  73
  74         if (top_iph->ihl != 5) {
  75                 iph->daddr = top_iph->daddr;
  76                 memcpy(iph+1, top_iph+1, top_iph->ihl*4 - sizeof(struct iphdr));
  77                 err = ip_clear_mutable_options(top_iph, &top_iph->daddr);
  78                 if (err)
  79                         goto error;
  80         }
  81
  82         ah = (struct ip_auth_hdr *)((char *)top_iph+top_iph->ihl*4);
  83         ah->nexthdr = top_iph->protocol;
  84
  85         top_iph->tos = 0;
  86         top_iph->tot_len = htons(skb->len);
  87         top_iph->frag_off = 0;
  88         top_iph->ttl = 0;
  89         top_iph->protocol = IPPROTO_AH;
  90         top_iph->check = 0;
  91
  92         ahp = x->data;
  93         ah->hdrlen  = (XFRM_ALIGN8(sizeof(struct ip_auth_hdr) +
  94                                    ahp->icv_trunc_len) >> 2) - 2;
  95
  96         ah->reserved = 0;
  97         ah->spi = x->id.spi;
  98         ah->seq_no = htonl(++x->replay.oseq);
  99         xfrm_aevent_doreplay(x);
 100         ahp->icv(ahp, skb, ah->auth_data);
 101
 102         top_iph->tos = iph->tos;
 103         top_iph->ttl = iph->ttl;
 104         top_iph->frag_off = iph->frag_off;
 105         if (top_iph->ihl != 5) {
 106                 top_iph->daddr = iph->daddr;
 107                 memcpy(top_iph+1, iph+1, top_iph->ihl*4 - sizeof(struct iphdr));
 108         }
 109
 110         ip_send_check(top_iph);
 111
 112         err = 0;
 113
 114 error:
 115         return err;
 116 }
 117
 118 static int ah_input(struct xfrm_state *x, struct sk_buff *skb)
 119 {
 120         int ah_hlen;
 121         int ihl;
 122         struct iphdr *iph;
 123         struct ip_auth_hdr *ah;
 124         struct ah_data *ahp;
 125         char work_buf[60];
 126
 127         if (!pskb_may_pull(skb, sizeof(struct ip_auth_hdr)))
 128                 goto out;
 129
 130         ah = (struct ip_auth_hdr*)skb->data;
 131         ahp = x->data;
 132         ah_hlen = (ah->hdrlen + 2) << 2;
 133
 134         if (ah_hlen != XFRM_ALIGN8(sizeof(struct ip_auth_hdr) + ahp->icv_full_len) &&
 135             ah_hlen != XFRM_ALIGN8(sizeof(struct ip_auth_hdr) + ahp->icv_trunc_len))
 136                 goto out;
 137
 138         if (!pskb_may_pull(skb, ah_hlen))
 139                 goto out;
 140
 141         /* We are going to _remove_ AH header to keep sockets happy,
 142          * so... Later this can change. */
 143         if (skb_cloned(skb) &&
 144             pskb_expand_head(skb, 0, 0, GFP_ATOMIC))
 145                 goto out;
 146
 147         skb->ip_summed = CHECKSUM_NONE;
 148
 149         ah = (struct ip_auth_hdr*)skb->data;
 150         iph = skb->nh.iph;
 151
 152         ihl = skb->data - skb->nh.raw;
 153         memcpy(work_buf, iph, ihl);
 154
 155         iph->ttl = 0;
 156         iph->tos = 0;
 157         iph->frag_off = 0;
 158         iph->check = 0;
 159         if (ihl > sizeof(*iph)) {
 160                 u32 dummy;
 161                 if (ip_clear_mutable_options(iph, &dummy))
 162                         goto out;
 163         }
 164         {
 165                 u8 auth_data[MAX_AH_AUTH_LEN];
 166
 167                 memcpy(auth_data, ah->auth_data, ahp->icv_trunc_len);
 168                 skb_push(skb, ihl);
 169                 ahp->icv(ahp, skb, ah->auth_data);
 170                 if (memcmp(ah->auth_data, auth_data, ahp->icv_trunc_len)) {
 171                         x->stats.integrity_failed++;
 172                         goto out;
 173                 }
 174         }
 175         ((struct iphdr*)work_buf)->protocol = ah->nexthdr;
 176         skb->h.raw = memcpy(skb->nh.raw += ah_hlen, work_buf, ihl);
 177         __skb_pull(skb, ah_hlen + ihl);
 178
 179         return 0;
 180
 181 out:
 182         return -EINVAL;
 183 }
 184
 185 static void ah4_err(struct sk_buff *skb, u32 info)
 186 {
 187         struct iphdr *iph = (struct iphdr*)skb->data;
 188         struct ip_auth_hdr *ah = (struct ip_auth_hdr*)(skb->data+(iph->ihl<<2));
 189         struct xfrm_state *x;
 190
 191         if (skb->h.icmph->type != ICMP_DEST_UNREACH ||
 192             skb->h.icmph->code != ICMP_FRAG_NEEDED)
 193                 return;
 194
 195         x = xfrm_state_lookup((xfrm_address_t *)&iph->daddr, ah->spi, IPPROTO_AH, AF_INET);
 196         if (!x)
 197                 return;
 198         printk(KERN_DEBUG "pmtu discovery on SA AH/%08x/%08x\n",
 199                ntohl(ah->spi), ntohl(iph->daddr));
 200         xfrm_state_put(x);
 201 }
 202
 203 static int ah_init_state(struct xfrm_state *x)
 204 {
 205         struct ah_data *ahp = NULL;
 206         struct xfrm_algo_desc *aalg_desc;
 207
 208         if (!x->aalg)
 209                 goto error;
 210
 211         /* null auth can use a zero length key */
 212         if (x->aalg->alg_key_len > 512)
 213                 goto error;
 214
 215         if (x->encap)
 216                 goto error;
 217
 218         ahp = kzalloc(sizeof(*ahp), GFP_KERNEL);
 219         if (ahp == NULL)
 220                 return -ENOMEM;
 221
 222         ahp->key = x->aalg->alg_key;
 223         ahp->key_len = (x->aalg->alg_key_len+7)/8;
 224         ahp->tfm = crypto_alloc_tfm(x->aalg->alg_name, 0);
 225         if (!ahp->tfm)
 226                 goto error;
 227         ahp->icv = ah_hmac_digest;
 228
 229         /*
 230          * Lookup the algorithm description maintained by xfrm_algo,
 231          * verify crypto transform properties, and store information
 232          * we need for AH processing.  This lookup cannot fail here
 233          * after a successful crypto_alloc_tfm().
 234          */
 235         aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name, 0);
 236         BUG_ON(!aalg_desc);
 237
 238         if (aalg_desc->uinfo.auth.icv_fullbits/8 !=
 239             crypto_tfm_alg_digestsize(ahp->tfm)) {
 240                 printk(KERN_INFO "AH: %s digestsize %u != %hu\n",
 241                        x->aalg->alg_name, crypto_tfm_alg_digestsize(ahp->tfm),
 242                        aalg_desc->uinfo.auth.icv_fullbits/8);
 243                 goto error;
 244         }
 245
 246         ahp->icv_full_len = aalg_desc->uinfo.auth.icv_fullbits/8;
 247         ahp->icv_trunc_len = aalg_desc->uinfo.auth.icv_truncbits/8;
 248
 249         BUG_ON(ahp->icv_trunc_len > MAX_AH_AUTH_LEN);
 250
 251         ahp->work_icv = kmalloc(ahp->icv_full_len, GFP_KERNEL);
 252         if (!ahp->work_icv)
 253                 goto error;
 254
 255         x->props.header_len = XFRM_ALIGN8(sizeof(struct ip_auth_hdr) + ahp->icv_trunc_len);
 256         if (x->props.mode)
 257                 x->props.header_len += sizeof(struct iphdr);
 258         x->data = ahp;
 259
 260         return 0;
 261
 262 error:
 263         if (ahp) {
 264                 kfree(ahp->work_icv);
 265                 crypto_free_tfm(ahp->tfm);
 266                 kfree(ahp);
 267         }
 268         return -EINVAL;
 269 }
 270
 271 static void ah_destroy(struct xfrm_state *x)
 272 {
 273         struct ah_data *ahp = x->data;
 274
 275         if (!ahp)
 276                 return;
 277
 278         kfree(ahp->work_icv);
 279         ahp->work_icv = NULL;
 280         crypto_free_tfm(ahp->tfm);
 281         ahp->tfm = NULL;
 282         kfree(ahp);
 283 }
 284
 285
 286 static struct xfrm_type ah_type =
 287 {
 288         .description    = "AH4",
 289         .owner          = THIS_MODULE,
 290         .proto          = IPPROTO_AH,
 291         .init_state     = ah_init_state,
 292         .destructor     = ah_destroy,
 293         .input          = ah_input,
 294         .output         = ah_output
 295 };
 296
 297 static struct net_protocol ah4_protocol = {
 298         .handler        =       xfrm4_rcv,
 299         .err_handler    =       ah4_err,
 300         .no_policy      =       1,
 301 };
 302
 303 static int __init ah4_init(void)
 304 {
 305         if (xfrm_register_type(&ah_type, AF_INET) < 0) {
 306                 printk(KERN_INFO "ip ah init: can't add xfrm type\n");
 307                 return -EAGAIN;
 308         }
 309         if (inet_add_protocol(&ah4_protocol, IPPROTO_AH) < 0) {
 310                 printk(KERN_INFO "ip ah init: can't add protocol\n");
 311                 xfrm_unregister_type(&ah_type, AF_INET);
 312                 return -EAGAIN;
 313         }
 314         return 0;
 315 }
 316
 317 static void __exit ah4_fini(void)
 318 {
 319         if (inet_del_protocol(&ah4_protocol, IPPROTO_AH) < 0)
 320                 printk(KERN_INFO "ip ah close: can't remove protocol\n");
 321         if (xfrm_unregister_type(&ah_type, AF_INET) < 0)
 322                 printk(KERN_INFO "ip ah close: can't remove xfrm type\n");
 323 }
 324
 325 module_init(ah4_init);
 326 module_exit(ah4_fini);
 327 MODULE_LICENSE("GPL");