git.oblomov.eu Git - linux-2.6/blob - net/ipv4/ah4.c

   1 #include <linux/err.h>
   2 #include <linux/module.h>
   3 #include <net/ip.h>
   4 #include <net/xfrm.h>
   5 #include <net/ah.h>
   6 #include <linux/crypto.h>
   7 #include <linux/pfkeyv2.h>
   8 #include <net/icmp.h>
   9 #include <net/protocol.h>
  10 #include <asm/scatterlist.h>
  11
  12
  13 /* Clear mutable options and find final destination to substitute
  14  * into IP header for icv calculation. Options are already checked
  15  * for validity, so paranoia is not required. */
  16
  17 static int ip_clear_mutable_options(struct iphdr *iph, u32 *daddr)
  18 {
  19         unsigned char * optptr = (unsigned char*)(iph+1);
  20         int  l = iph->ihl*4 - sizeof(struct iphdr);
  21         int  optlen;
  22
  23         while (l > 0) {
  24                 switch (*optptr) {
  25                 case IPOPT_END:
  26                         return 0;
  27                 case IPOPT_NOOP:
  28                         l--;
  29                         optptr++;
  30                         continue;
  31                 }
  32                 optlen = optptr[1];
  33                 if (optlen<2 || optlen>l)
  34                         return -EINVAL;
  35                 switch (*optptr) {
  36                 case IPOPT_SEC:
  37                 case 0x85:      /* Some "Extended Security" crap. */
  38                 case IPOPT_CIPSO:
  39                 case IPOPT_RA:
  40                 case 0x80|21:   /* RFC1770 */
  41                         break;
  42                 case IPOPT_LSRR:
  43                 case IPOPT_SSRR:
  44                         if (optlen < 6)
  45                                 return -EINVAL;
  46                         memcpy(daddr, optptr+optlen-4, 4);
  47                         /* Fall through */
  48                 default:
  49                         memset(optptr+2, 0, optlen-2);
  50                 }
  51                 l -= optlen;
  52                 optptr += optlen;
  53         }
  54         return 0;
  55 }
  56
  57 static int ah_output(struct xfrm_state *x, struct sk_buff *skb)
  58 {
  59         int err;
  60         struct iphdr *iph, *top_iph;
  61         struct ip_auth_hdr *ah;
  62         struct ah_data *ahp;
  63         union {
  64                 struct iphdr    iph;
  65                 char            buf[60];
  66         } tmp_iph;
  67
  68         top_iph = skb->nh.iph;
  69         iph = &tmp_iph.iph;
  70
  71         iph->tos = top_iph->tos;
  72         iph->ttl = top_iph->ttl;
  73         iph->frag_off = top_iph->frag_off;
  74
  75         if (top_iph->ihl != 5) {
  76                 iph->daddr = top_iph->daddr;
  77                 memcpy(iph+1, top_iph+1, top_iph->ihl*4 - sizeof(struct iphdr));
  78                 err = ip_clear_mutable_options(top_iph, &top_iph->daddr);
  79                 if (err)
  80                         goto error;
  81         }
  82
  83         ah = (struct ip_auth_hdr *)((char *)top_iph+top_iph->ihl*4);
  84         ah->nexthdr = top_iph->protocol;
  85
  86         top_iph->tos = 0;
  87         top_iph->tot_len = htons(skb->len);
  88         top_iph->frag_off = 0;
  89         top_iph->ttl = 0;
  90         top_iph->protocol = IPPROTO_AH;
  91         top_iph->check = 0;
  92
  93         ahp = x->data;
  94         ah->hdrlen  = (XFRM_ALIGN8(sizeof(struct ip_auth_hdr) +
  95                                    ahp->icv_trunc_len) >> 2) - 2;
  96
  97         ah->reserved = 0;
  98         ah->spi = x->id.spi;
  99         ah->seq_no = htonl(++x->replay.oseq);
 100         xfrm_aevent_doreplay(x);
 101         err = ah_mac_digest(ahp, skb, ah->auth_data);
 102         if (err)
 103                 goto error;
 104         memcpy(ah->auth_data, ahp->work_icv, ahp->icv_trunc_len);
 105
 106         top_iph->tos = iph->tos;
 107         top_iph->ttl = iph->ttl;
 108         top_iph->frag_off = iph->frag_off;
 109         if (top_iph->ihl != 5) {
 110                 top_iph->daddr = iph->daddr;
 111                 memcpy(top_iph+1, iph+1, top_iph->ihl*4 - sizeof(struct iphdr));
 112         }
 113
 114         ip_send_check(top_iph);
 115
 116         err = 0;
 117
 118 error:
 119         return err;
 120 }
 121
 122 static int ah_input(struct xfrm_state *x, struct sk_buff *skb)
 123 {
 124         int ah_hlen;
 125         int ihl;
 126         int err = -EINVAL;
 127         struct iphdr *iph;
 128         struct ip_auth_hdr *ah;
 129         struct ah_data *ahp;
 130         char work_buf[60];
 131
 132         if (!pskb_may_pull(skb, sizeof(struct ip_auth_hdr)))
 133                 goto out;
 134
 135         ah = (struct ip_auth_hdr*)skb->data;
 136         ahp = x->data;
 137         ah_hlen = (ah->hdrlen + 2) << 2;
 138
 139         if (ah_hlen != XFRM_ALIGN8(sizeof(struct ip_auth_hdr) + ahp->icv_full_len) &&
 140             ah_hlen != XFRM_ALIGN8(sizeof(struct ip_auth_hdr) + ahp->icv_trunc_len))
 141                 goto out;
 142
 143         if (!pskb_may_pull(skb, ah_hlen))
 144                 goto out;
 145
 146         /* We are going to _remove_ AH header to keep sockets happy,
 147          * so... Later this can change. */
 148         if (skb_cloned(skb) &&
 149             pskb_expand_head(skb, 0, 0, GFP_ATOMIC))
 150                 goto out;
 151
 152         skb->ip_summed = CHECKSUM_NONE;
 153
 154         ah = (struct ip_auth_hdr*)skb->data;
 155         iph = skb->nh.iph;
 156
 157         ihl = skb->data - skb->nh.raw;
 158         memcpy(work_buf, iph, ihl);
 159
 160         iph->ttl = 0;
 161         iph->tos = 0;
 162         iph->frag_off = 0;
 163         iph->check = 0;
 164         if (ihl > sizeof(*iph)) {
 165                 u32 dummy;
 166                 if (ip_clear_mutable_options(iph, &dummy))
 167                         goto out;
 168         }
 169         {
 170                 u8 auth_data[MAX_AH_AUTH_LEN];
 171
 172                 memcpy(auth_data, ah->auth_data, ahp->icv_trunc_len);
 173                 skb_push(skb, ihl);
 174                 err = ah_mac_digest(ahp, skb, ah->auth_data);
 175                 if (err)
 176                         goto out;
 177                 err = -EINVAL;
 178                 if (memcmp(ahp->work_icv, auth_data, ahp->icv_trunc_len)) {
 179                         x->stats.integrity_failed++;
 180                         goto out;
 181                 }
 182         }
 183         ((struct iphdr*)work_buf)->protocol = ah->nexthdr;
 184         skb->h.raw = memcpy(skb->nh.raw += ah_hlen, work_buf, ihl);
 185         __skb_pull(skb, ah_hlen + ihl);
 186
 187         return 0;
 188
 189 out:
 190         return err;
 191 }
 192
 193 static void ah4_err(struct sk_buff *skb, u32 info)
 194 {
 195         struct iphdr *iph = (struct iphdr*)skb->data;
 196         struct ip_auth_hdr *ah = (struct ip_auth_hdr*)(skb->data+(iph->ihl<<2));
 197         struct xfrm_state *x;
 198
 199         if (skb->h.icmph->type != ICMP_DEST_UNREACH ||
 200             skb->h.icmph->code != ICMP_FRAG_NEEDED)
 201                 return;
 202
 203         x = xfrm_state_lookup((xfrm_address_t *)&iph->daddr, ah->spi, IPPROTO_AH, AF_INET);
 204         if (!x)
 205                 return;
 206         printk(KERN_DEBUG "pmtu discovery on SA AH/%08x/%08x\n",
 207                ntohl(ah->spi), ntohl(iph->daddr));
 208         xfrm_state_put(x);
 209 }
 210
 211 static int ah_init_state(struct xfrm_state *x)
 212 {
 213         struct ah_data *ahp = NULL;
 214         struct xfrm_algo_desc *aalg_desc;
 215         struct crypto_hash *tfm;
 216
 217         if (!x->aalg)
 218                 goto error;
 219
 220         /* null auth can use a zero length key */
 221         if (x->aalg->alg_key_len > 512)
 222                 goto error;
 223
 224         if (x->encap)
 225                 goto error;
 226
 227         ahp = kzalloc(sizeof(*ahp), GFP_KERNEL);
 228         if (ahp == NULL)
 229                 return -ENOMEM;
 230
 231         ahp->key = x->aalg->alg_key;
 232         ahp->key_len = (x->aalg->alg_key_len+7)/8;
 233         tfm = crypto_alloc_hash(x->aalg->alg_name, 0, CRYPTO_ALG_ASYNC);
 234         if (IS_ERR(tfm))
 235                 goto error;
 236
 237         ahp->tfm = tfm;
 238         if (crypto_hash_setkey(tfm, ahp->key, ahp->key_len))
 239                 goto error;
 240
 241         /*
 242          * Lookup the algorithm description maintained by xfrm_algo,
 243          * verify crypto transform properties, and store information
 244          * we need for AH processing.  This lookup cannot fail here
 245          * after a successful crypto_alloc_hash().
 246          */
 247         aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name, 0);
 248         BUG_ON(!aalg_desc);
 249
 250         if (aalg_desc->uinfo.auth.icv_fullbits/8 !=
 251             crypto_hash_digestsize(tfm)) {
 252                 printk(KERN_INFO "AH: %s digestsize %u != %hu\n",
 253                        x->aalg->alg_name, crypto_hash_digestsize(tfm),
 254                        aalg_desc->uinfo.auth.icv_fullbits/8);
 255                 goto error;
 256         }
 257
 258         ahp->icv_full_len = aalg_desc->uinfo.auth.icv_fullbits/8;
 259         ahp->icv_trunc_len = aalg_desc->uinfo.auth.icv_truncbits/8;
 260
 261         BUG_ON(ahp->icv_trunc_len > MAX_AH_AUTH_LEN);
 262
 263         ahp->work_icv = kmalloc(ahp->icv_full_len, GFP_KERNEL);
 264         if (!ahp->work_icv)
 265                 goto error;
 266
 267         x->props.header_len = XFRM_ALIGN8(sizeof(struct ip_auth_hdr) + ahp->icv_trunc_len);
 268         if (x->props.mode == XFRM_MODE_TUNNEL)
 269                 x->props.header_len += sizeof(struct iphdr);
 270         x->data = ahp;
 271
 272         return 0;
 273
 274 error:
 275         if (ahp) {
 276                 kfree(ahp->work_icv);
 277                 crypto_free_hash(ahp->tfm);
 278                 kfree(ahp);
 279         }
 280         return -EINVAL;
 281 }
 282
 283 static void ah_destroy(struct xfrm_state *x)
 284 {
 285         struct ah_data *ahp = x->data;
 286
 287         if (!ahp)
 288                 return;
 289
 290         kfree(ahp->work_icv);
 291         ahp->work_icv = NULL;
 292         crypto_free_hash(ahp->tfm);
 293         ahp->tfm = NULL;
 294         kfree(ahp);
 295 }
 296
 297
 298 static struct xfrm_type ah_type =
 299 {
 300         .description    = "AH4",
 301         .owner          = THIS_MODULE,
 302         .proto          = IPPROTO_AH,
 303         .init_state     = ah_init_state,
 304         .destructor     = ah_destroy,
 305         .input          = ah_input,
 306         .output         = ah_output
 307 };
 308
 309 static struct net_protocol ah4_protocol = {
 310         .handler        =       xfrm4_rcv,
 311         .err_handler    =       ah4_err,
 312         .no_policy      =       1,
 313 };
 314
 315 static int __init ah4_init(void)
 316 {
 317         if (xfrm_register_type(&ah_type, AF_INET) < 0) {
 318                 printk(KERN_INFO "ip ah init: can't add xfrm type\n");
 319                 return -EAGAIN;
 320         }
 321         if (inet_add_protocol(&ah4_protocol, IPPROTO_AH) < 0) {
 322                 printk(KERN_INFO "ip ah init: can't add protocol\n");
 323                 xfrm_unregister_type(&ah_type, AF_INET);
 324                 return -EAGAIN;
 325         }
 326         return 0;
 327 }
 328
 329 static void __exit ah4_fini(void)
 330 {
 331         if (inet_del_protocol(&ah4_protocol, IPPROTO_AH) < 0)
 332                 printk(KERN_INFO "ip ah close: can't remove protocol\n");
 333         if (xfrm_unregister_type(&ah_type, AF_INET) < 0)
 334                 printk(KERN_INFO "ip ah close: can't remove xfrm type\n");
 335 }
 336
 337 module_init(ah4_init);
 338 module_exit(ah4_fini);
 339 MODULE_LICENSE("GPL");