net/ipv4/ah4.c

   1 #include <linux/config.h>
   2 #include <linux/module.h>
   3 #include <net/ip.h>
   4 #include <net/xfrm.h>
   5 #include <net/ah.h>
   6 #include <linux/crypto.h>
   7 #include <linux/pfkeyv2.h>
   8 #include <net/icmp.h>
   9 #include <net/protocol.h>
  10 #include <asm/scatterlist.h>
  11
  12
  13 /* Clear mutable options and find final destination to substitute
  14  * into IP header for icv calculation. Options are already checked
  15  * for validity, so paranoia is not required. */
  16
  17 static int ip_clear_mutable_options(struct iphdr *iph, u32 *daddr)
  18 {
  19         unsigned char * optptr = (unsigned char*)(iph+1);
  20         int  l = iph->ihl*4 - sizeof(struct iphdr);
  21         int  optlen;
  22
  23         while (l > 0) {
  24                 switch (*optptr) {
  25                 case IPOPT_END:
  26                         return 0;
  27                 case IPOPT_NOOP:
  28                         l--;
  29                         optptr++;
  30                         continue;
  31                 }
  32                 optlen = optptr[1];
  33                 if (optlen<2 || optlen>l)
  34                         return -EINVAL;
  35                 switch (*optptr) {
  36                 case IPOPT_SEC:
  37                 case 0x85:      /* Some "Extended Security" crap. */
  38                 case 0x86:      /* Another "Commercial Security" crap. */
  39                 case IPOPT_RA:
  40                 case 0x80|21:   /* RFC1770 */
  41                         break;
  42                 case IPOPT_LSRR:
  43                 case IPOPT_SSRR:
  44                         if (optlen < 6)
  45                                 return -EINVAL;
  46                         memcpy(daddr, optptr+optlen-4, 4);
  47                         /* Fall through */
  48                 default:
  49                         memset(optptr+2, 0, optlen-2);
  50                 }
  51                 l -= optlen;
  52                 optptr += optlen;
  53         }
  54         return 0;
  55 }
  56
  57 static int ah_output(struct xfrm_state *x, struct sk_buff *skb)
  58 {
  59         int err;
  60         struct iphdr *iph, *top_iph;
  61         struct ip_auth_hdr *ah;
  62         struct ah_data *ahp;
  63         union {
  64                 struct iphdr    iph;
  65                 char            buf[60];
  66         } tmp_iph;
  67
  68         top_iph = skb->nh.iph;
  69         iph = &tmp_iph.iph;
  70
  71         iph->tos = top_iph->tos;
  72         iph->ttl = top_iph->ttl;
  73         iph->frag_off = top_iph->frag_off;
  74
  75         if (top_iph->ihl != 5) {
  76                 iph->daddr = top_iph->daddr;
  77                 memcpy(iph+1, top_iph+1, top_iph->ihl*4 - sizeof(struct iphdr));
  78                 err = ip_clear_mutable_options(top_iph, &top_iph->daddr);
  79                 if (err)
  80                         goto error;
  81         }
  82
  83         ah = (struct ip_auth_hdr *)((char *)top_iph+top_iph->ihl*4);
  84         ah->nexthdr = top_iph->protocol;
  85
  86         top_iph->tos = 0;
  87         top_iph->tot_len = htons(skb->len);
  88         top_iph->frag_off = 0;
  89         top_iph->ttl = 0;
  90         top_iph->protocol = IPPROTO_AH;
  91         top_iph->check = 0;
  92
  93         ahp = x->data;
  94         ah->hdrlen  = (XFRM_ALIGN8(sizeof(struct ip_auth_hdr) +
  95                                    ahp->icv_trunc_len) >> 2) - 2;
  96
  97         ah->reserved = 0;
  98         ah->spi = x->id.spi;
  99         ah->seq_no = htonl(++x->replay.oseq);
 100         xfrm_aevent_doreplay(x);
 101         ahp->icv(ahp, skb, ah->auth_data);
 102
 103         top_iph->tos = iph->tos;
 104         top_iph->ttl = iph->ttl;
 105         top_iph->frag_off = iph->frag_off;
 106         if (top_iph->ihl != 5) {
 107                 top_iph->daddr = iph->daddr;
 108                 memcpy(top_iph+1, iph+1, top_iph->ihl*4 - sizeof(struct iphdr));
 109         }
 110
 111         ip_send_check(top_iph);
 112
 113         err = 0;
 114
 115 error:
 116         return err;
 117 }
 118
 119 static int ah_input(struct xfrm_state *x, struct sk_buff *skb)
 120 {
 121         int ah_hlen;
 122         int ihl;
 123         struct iphdr *iph;
 124         struct ip_auth_hdr *ah;
 125         struct ah_data *ahp;
 126         char work_buf[60];
 127
 128         if (!pskb_may_pull(skb, sizeof(struct ip_auth_hdr)))
 129                 goto out;
 130
 131         ah = (struct ip_auth_hdr*)skb->data;
 132         ahp = x->data;
 133         ah_hlen = (ah->hdrlen + 2) << 2;
 134
 135         if (ah_hlen != XFRM_ALIGN8(sizeof(struct ip_auth_hdr) + ahp->icv_full_len) &&
 136             ah_hlen != XFRM_ALIGN8(sizeof(struct ip_auth_hdr) + ahp->icv_trunc_len))
 137                 goto out;
 138
 139         if (!pskb_may_pull(skb, ah_hlen))
 140                 goto out;
 141
 142         /* We are going to _remove_ AH header to keep sockets happy,
 143          * so... Later this can change. */
 144         if (skb_cloned(skb) &&
 145             pskb_expand_head(skb, 0, 0, GFP_ATOMIC))
 146                 goto out;
 147
 148         skb->ip_summed = CHECKSUM_NONE;
 149
 150         ah = (struct ip_auth_hdr*)skb->data;
 151         iph = skb->nh.iph;
 152
 153         ihl = skb->data - skb->nh.raw;
 154         memcpy(work_buf, iph, ihl);
 155
 156         iph->ttl = 0;
 157         iph->tos = 0;
 158         iph->frag_off = 0;
 159         iph->check = 0;
 160         if (ihl > sizeof(*iph)) {
 161                 u32 dummy;
 162                 if (ip_clear_mutable_options(iph, &dummy))
 163                         goto out;
 164         }
 165         {
 166                 u8 auth_data[MAX_AH_AUTH_LEN];
 167
 168                 memcpy(auth_data, ah->auth_data, ahp->icv_trunc_len);
 169                 skb_push(skb, ihl);
 170                 ahp->icv(ahp, skb, ah->auth_data);
 171                 if (memcmp(ah->auth_data, auth_data, ahp->icv_trunc_len)) {
 172                         x->stats.integrity_failed++;
 173                         goto out;
 174                 }
 175         }
 176         ((struct iphdr*)work_buf)->protocol = ah->nexthdr;
 177         skb->h.raw = memcpy(skb->nh.raw += ah_hlen, work_buf, ihl);
 178         __skb_pull(skb, ah_hlen + ihl);
 179
 180         return 0;
 181
 182 out:
 183         return -EINVAL;
 184 }
 185
 186 static void ah4_err(struct sk_buff *skb, u32 info)
 187 {
 188         struct iphdr *iph = (struct iphdr*)skb->data;
 189         struct ip_auth_hdr *ah = (struct ip_auth_hdr*)(skb->data+(iph->ihl<<2));
 190         struct xfrm_state *x;
 191
 192         if (skb->h.icmph->type != ICMP_DEST_UNREACH ||
 193             skb->h.icmph->code != ICMP_FRAG_NEEDED)
 194                 return;
 195
 196         x = xfrm_state_lookup((xfrm_address_t *)&iph->daddr, ah->spi, IPPROTO_AH, AF_INET);
 197         if (!x)
 198                 return;
 199         printk(KERN_DEBUG "pmtu discovery on SA AH/%08x/%08x\n",
 200                ntohl(ah->spi), ntohl(iph->daddr));
 201         xfrm_state_put(x);
 202 }
 203
 204 static int ah_init_state(struct xfrm_state *x)
 205 {
 206         struct ah_data *ahp = NULL;
 207         struct xfrm_algo_desc *aalg_desc;
 208
 209         if (!x->aalg)
 210                 goto error;
 211
 212         /* null auth can use a zero length key */
 213         if (x->aalg->alg_key_len > 512)
 214                 goto error;
 215
 216         if (x->encap)
 217                 goto error;
 218
 219         ahp = kmalloc(sizeof(*ahp), GFP_KERNEL);
 220         if (ahp == NULL)
 221                 return -ENOMEM;
 222
 223         memset(ahp, 0, sizeof(*ahp));
 224
 225         ahp->key = x->aalg->alg_key;
 226         ahp->key_len = (x->aalg->alg_key_len+7)/8;
 227         ahp->tfm = crypto_alloc_tfm(x->aalg->alg_name, 0);
 228         if (!ahp->tfm)
 229                 goto error;
 230         ahp->icv = ah_hmac_digest;
 231
 232         /*
 233          * Lookup the algorithm description maintained by xfrm_algo,
 234          * verify crypto transform properties, and store information
 235          * we need for AH processing.  This lookup cannot fail here
 236          * after a successful crypto_alloc_tfm().
 237          */
 238         aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name, 0);
 239         BUG_ON(!aalg_desc);
 240
 241         if (aalg_desc->uinfo.auth.icv_fullbits/8 !=
 242             crypto_tfm_alg_digestsize(ahp->tfm)) {
 243                 printk(KERN_INFO "AH: %s digestsize %u != %hu\n",
 244                        x->aalg->alg_name, crypto_tfm_alg_digestsize(ahp->tfm),
 245                        aalg_desc->uinfo.auth.icv_fullbits/8);
 246                 goto error;
 247         }
 248
 249         ahp->icv_full_len = aalg_desc->uinfo.auth.icv_fullbits/8;
 250         ahp->icv_trunc_len = aalg_desc->uinfo.auth.icv_truncbits/8;
 251
 252         BUG_ON(ahp->icv_trunc_len > MAX_AH_AUTH_LEN);
 253
 254         ahp->work_icv = kmalloc(ahp->icv_full_len, GFP_KERNEL);
 255         if (!ahp->work_icv)
 256                 goto error;
 257
 258         x->props.header_len = XFRM_ALIGN8(sizeof(struct ip_auth_hdr) + ahp->icv_trunc_len);
 259         if (x->props.mode)
 260                 x->props.header_len += sizeof(struct iphdr);
 261         x->data = ahp;
 262
 263         return 0;
 264
 265 error:
 266         if (ahp) {
 267                 kfree(ahp->work_icv);
 268                 crypto_free_tfm(ahp->tfm);
 269                 kfree(ahp);
 270         }
 271         return -EINVAL;
 272 }
 273
 274 static void ah_destroy(struct xfrm_state *x)
 275 {
 276         struct ah_data *ahp = x->data;
 277
 278         if (!ahp)
 279                 return;
 280
 281         kfree(ahp->work_icv);
 282         ahp->work_icv = NULL;
 283         crypto_free_tfm(ahp->tfm);
 284         ahp->tfm = NULL;
 285         kfree(ahp);
 286 }
 287
 288
 289 static struct xfrm_type ah_type =
 290 {
 291         .description    = "AH4",
 292         .owner          = THIS_MODULE,
 293         .proto          = IPPROTO_AH,
 294         .init_state     = ah_init_state,
 295         .destructor     = ah_destroy,
 296         .input          = ah_input,
 297         .output         = ah_output
 298 };
 299
 300 static struct net_protocol ah4_protocol = {
 301         .handler        =       xfrm4_rcv,
 302         .err_handler    =       ah4_err,
 303         .no_policy      =       1,
 304 };
 305
 306 static int __init ah4_init(void)
 307 {
 308         if (xfrm_register_type(&ah_type, AF_INET) < 0) {
 309                 printk(KERN_INFO "ip ah init: can't add xfrm type\n");
 310                 return -EAGAIN;
 311         }
 312         if (inet_add_protocol(&ah4_protocol, IPPROTO_AH) < 0) {
 313                 printk(KERN_INFO "ip ah init: can't add protocol\n");
 314                 xfrm_unregister_type(&ah_type, AF_INET);
 315                 return -EAGAIN;
 316         }
 317         return 0;
 318 }
 319
 320 static void __exit ah4_fini(void)
 321 {
 322         if (inet_del_protocol(&ah4_protocol, IPPROTO_AH) < 0)
 323                 printk(KERN_INFO "ip ah close: can't remove protocol\n");
 324         if (xfrm_unregister_type(&ah_type, AF_INET) < 0)
 325                 printk(KERN_INFO "ip ah close: can't remove xfrm type\n");
 326 }
 327
 328 module_init(ah4_init);
 329 module_exit(ah4_fini);
 330 MODULE_LICENSE("GPL");