net/ipv4/ah4.c

   1 #include <linux/config.h>
   2 #include <linux/module.h>
   3 #include <net/ip.h>
   4 #include <net/xfrm.h>
   5 #include <net/ah.h>
   6 #include <linux/crypto.h>
   7 #include <linux/pfkeyv2.h>
   8 #include <net/icmp.h>
   9 #include <asm/scatterlist.h>
  10
  11
  12 /* Clear mutable options and find final destination to substitute
  13  * into IP header for icv calculation. Options are already checked
  14  * for validity, so paranoia is not required. */
  15
  16 static int ip_clear_mutable_options(struct iphdr *iph, u32 *daddr)
  17 {
  18         unsigned char * optptr = (unsigned char*)(iph+1);
  19         int  l = iph->ihl*4 - sizeof(struct iphdr);
  20         int  optlen;
  21
  22         while (l > 0) {
  23                 switch (*optptr) {
  24                 case IPOPT_END:
  25                         return 0;
  26                 case IPOPT_NOOP:
  27                         l--;
  28                         optptr++;
  29                         continue;
  30                 }
  31                 optlen = optptr[1];
  32                 if (optlen<2 || optlen>l)
  33                         return -EINVAL;
  34                 switch (*optptr) {
  35                 case IPOPT_SEC:
  36                 case 0x85:      /* Some "Extended Security" crap. */
  37                 case 0x86:      /* Another "Commercial Security" crap. */
  38                 case IPOPT_RA:
  39                 case 0x80|21:   /* RFC1770 */
  40                         break;
  41                 case IPOPT_LSRR:
  42                 case IPOPT_SSRR:
  43                         if (optlen < 6)
  44                                 return -EINVAL;
  45                         memcpy(daddr, optptr+optlen-4, 4);
  46                         /* Fall through */
  47                 default:
  48                         memset(optptr+2, 0, optlen-2);
  49                 }
  50                 l -= optlen;
  51                 optptr += optlen;
  52         }
  53         return 0;
  54 }
  55
  56 static int ah_output(struct xfrm_state *x, struct sk_buff *skb)
  57 {
  58         int err;
  59         struct iphdr *iph, *top_iph;
  60         struct ip_auth_hdr *ah;
  61         struct ah_data *ahp;
  62         union {
  63                 struct iphdr    iph;
  64                 char            buf[60];
  65         } tmp_iph;
  66
  67         top_iph = skb->nh.iph;
  68         iph = &tmp_iph.iph;
  69
  70         iph->tos = top_iph->tos;
  71         iph->ttl = top_iph->ttl;
  72         iph->frag_off = top_iph->frag_off;
  73
  74         if (top_iph->ihl != 5) {
  75                 iph->daddr = top_iph->daddr;
  76                 memcpy(iph+1, top_iph+1, top_iph->ihl*4 - sizeof(struct iphdr));
  77                 err = ip_clear_mutable_options(top_iph, &top_iph->daddr);
  78                 if (err)
  79                         goto error;
  80         }
  81
  82         ah = (struct ip_auth_hdr *)((char *)top_iph+top_iph->ihl*4);
  83         ah->nexthdr = top_iph->protocol;
  84
  85         top_iph->tos = 0;
  86         top_iph->tot_len = htons(skb->len);
  87         top_iph->frag_off = 0;
  88         top_iph->ttl = 0;
  89         top_iph->protocol = IPPROTO_AH;
  90         top_iph->check = 0;
  91
  92         ahp = x->data;
  93         ah->hdrlen  = (XFRM_ALIGN8(sizeof(struct ip_auth_hdr) +
  94                                    ahp->icv_trunc_len) >> 2) - 2;
  95
  96         ah->reserved = 0;
  97         ah->spi = x->id.spi;
  98         ah->seq_no = htonl(++x->replay.oseq);
  99         ahp->icv(ahp, skb, ah->auth_data);
 100
 101         top_iph->tos = iph->tos;
 102         top_iph->ttl = iph->ttl;
 103         top_iph->frag_off = iph->frag_off;
 104         if (top_iph->ihl != 5) {
 105                 top_iph->daddr = iph->daddr;
 106                 memcpy(top_iph+1, iph+1, top_iph->ihl*4 - sizeof(struct iphdr));
 107         }
 108
 109         ip_send_check(top_iph);
 110
 111         err = 0;
 112
 113 error:
 114         return err;
 115 }
 116
 117 static int ah_input(struct xfrm_state *x, struct xfrm_decap_state *decap, struct sk_buff *skb)
 118 {
 119         int ah_hlen;
 120         struct iphdr *iph;
 121         struct ip_auth_hdr *ah;
 122         struct ah_data *ahp;
 123         char work_buf[60];
 124
 125         if (!pskb_may_pull(skb, sizeof(struct ip_auth_hdr)))
 126                 goto out;
 127
 128         ah = (struct ip_auth_hdr*)skb->data;
 129         ahp = x->data;
 130         ah_hlen = (ah->hdrlen + 2) << 2;
 131
 132         if (ah_hlen != XFRM_ALIGN8(sizeof(struct ip_auth_hdr) + ahp->icv_full_len) &&
 133             ah_hlen != XFRM_ALIGN8(sizeof(struct ip_auth_hdr) + ahp->icv_trunc_len))
 134                 goto out;
 135
 136         if (!pskb_may_pull(skb, ah_hlen))
 137                 goto out;
 138
 139         /* We are going to _remove_ AH header to keep sockets happy,
 140          * so... Later this can change. */
 141         if (skb_cloned(skb) &&
 142             pskb_expand_head(skb, 0, 0, GFP_ATOMIC))
 143                 goto out;
 144
 145         skb->ip_summed = CHECKSUM_NONE;
 146
 147         ah = (struct ip_auth_hdr*)skb->data;
 148         iph = skb->nh.iph;
 149
 150         memcpy(work_buf, iph, iph->ihl*4);
 151
 152         iph->ttl = 0;
 153         iph->tos = 0;
 154         iph->frag_off = 0;
 155         iph->check = 0;
 156         if (iph->ihl != 5) {
 157                 u32 dummy;
 158                 if (ip_clear_mutable_options(iph, &dummy))
 159                         goto out;
 160         }
 161         {
 162                 u8 auth_data[MAX_AH_AUTH_LEN];
 163
 164                 memcpy(auth_data, ah->auth_data, ahp->icv_trunc_len);
 165                 skb_push(skb, skb->data - skb->nh.raw);
 166                 ahp->icv(ahp, skb, ah->auth_data);
 167                 if (memcmp(ah->auth_data, auth_data, ahp->icv_trunc_len)) {
 168                         x->stats.integrity_failed++;
 169                         goto out;
 170                 }
 171         }
 172         ((struct iphdr*)work_buf)->protocol = ah->nexthdr;
 173         skb->nh.raw = skb_pull(skb, ah_hlen);
 174         memcpy(skb->nh.raw, work_buf, iph->ihl*4);
 175         skb->nh.iph->tot_len = htons(skb->len);
 176         skb_pull(skb, skb->nh.iph->ihl*4);
 177         skb->h.raw = skb->data;
 178
 179         return 0;
 180
 181 out:
 182         return -EINVAL;
 183 }
 184
 185 static void ah4_err(struct sk_buff *skb, u32 info)
 186 {
 187         struct iphdr *iph = (struct iphdr*)skb->data;
 188         struct ip_auth_hdr *ah = (struct ip_auth_hdr*)(skb->data+(iph->ihl<<2));
 189         struct xfrm_state *x;
 190
 191         if (skb->h.icmph->type != ICMP_DEST_UNREACH ||
 192             skb->h.icmph->code != ICMP_FRAG_NEEDED)
 193                 return;
 194
 195         x = xfrm_state_lookup((xfrm_address_t *)&iph->daddr, ah->spi, IPPROTO_AH, AF_INET);
 196         if (!x)
 197                 return;
 198         printk(KERN_DEBUG "pmtu discovery on SA AH/%08x/%08x\n",
 199                ntohl(ah->spi), ntohl(iph->daddr));
 200         xfrm_state_put(x);
 201 }
 202
 203 static int ah_init_state(struct xfrm_state *x)
 204 {
 205         struct ah_data *ahp = NULL;
 206         struct xfrm_algo_desc *aalg_desc;
 207
 208         if (!x->aalg)
 209                 goto error;
 210
 211         /* null auth can use a zero length key */
 212         if (x->aalg->alg_key_len > 512)
 213                 goto error;
 214
 215         if (x->encap)
 216                 goto error;
 217
 218         ahp = kmalloc(sizeof(*ahp), GFP_KERNEL);
 219         if (ahp == NULL)
 220                 return -ENOMEM;
 221
 222         memset(ahp, 0, sizeof(*ahp));
 223
 224         ahp->key = x->aalg->alg_key;
 225         ahp->key_len = (x->aalg->alg_key_len+7)/8;
 226         ahp->tfm = crypto_alloc_tfm(x->aalg->alg_name, 0);
 227         if (!ahp->tfm)
 228                 goto error;
 229         ahp->icv = ah_hmac_digest;
 230
 231         /*
 232          * Lookup the algorithm description maintained by xfrm_algo,
 233          * verify crypto transform properties, and store information
 234          * we need for AH processing.  This lookup cannot fail here
 235          * after a successful crypto_alloc_tfm().
 236          */
 237         aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name, 0);
 238         BUG_ON(!aalg_desc);
 239
 240         if (aalg_desc->uinfo.auth.icv_fullbits/8 !=
 241             crypto_tfm_alg_digestsize(ahp->tfm)) {
 242                 printk(KERN_INFO "AH: %s digestsize %u != %hu\n",
 243                        x->aalg->alg_name, crypto_tfm_alg_digestsize(ahp->tfm),
 244                        aalg_desc->uinfo.auth.icv_fullbits/8);
 245                 goto error;
 246         }
 247
 248         ahp->icv_full_len = aalg_desc->uinfo.auth.icv_fullbits/8;
 249         ahp->icv_trunc_len = aalg_desc->uinfo.auth.icv_truncbits/8;
 250
 251         BUG_ON(ahp->icv_trunc_len > MAX_AH_AUTH_LEN);
 252
 253         ahp->work_icv = kmalloc(ahp->icv_full_len, GFP_KERNEL);
 254         if (!ahp->work_icv)
 255                 goto error;
 256
 257         x->props.header_len = XFRM_ALIGN8(sizeof(struct ip_auth_hdr) + ahp->icv_trunc_len);
 258         if (x->props.mode)
 259                 x->props.header_len += sizeof(struct iphdr);
 260         x->data = ahp;
 261
 262         return 0;
 263
 264 error:
 265         if (ahp) {
 266                 if (ahp->work_icv)
 267                         kfree(ahp->work_icv);
 268                 if (ahp->tfm)
 269                         crypto_free_tfm(ahp->tfm);
 270                 kfree(ahp);
 271         }
 272         return -EINVAL;
 273 }
 274
 275 static void ah_destroy(struct xfrm_state *x)
 276 {
 277         struct ah_data *ahp = x->data;
 278
 279         if (!ahp)
 280                 return;
 281
 282         if (ahp->work_icv) {
 283                 kfree(ahp->work_icv);
 284                 ahp->work_icv = NULL;
 285         }
 286         if (ahp->tfm) {
 287                 crypto_free_tfm(ahp->tfm);
 288                 ahp->tfm = NULL;
 289         }
 290         kfree(ahp);
 291 }
 292
 293
 294 static struct xfrm_type ah_type =
 295 {
 296         .description    = "AH4",
 297         .owner          = THIS_MODULE,
 298         .proto          = IPPROTO_AH,
 299         .init_state     = ah_init_state,
 300         .destructor     = ah_destroy,
 301         .input          = ah_input,
 302         .output         = ah_output
 303 };
 304
 305 static struct net_protocol ah4_protocol = {
 306         .handler        =       xfrm4_rcv,
 307         .err_handler    =       ah4_err,
 308         .no_policy      =       1,
 309 };
 310
 311 static int __init ah4_init(void)
 312 {
 313         if (xfrm_register_type(&ah_type, AF_INET) < 0) {
 314                 printk(KERN_INFO "ip ah init: can't add xfrm type\n");
 315                 return -EAGAIN;
 316         }
 317         if (inet_add_protocol(&ah4_protocol, IPPROTO_AH) < 0) {
 318                 printk(KERN_INFO "ip ah init: can't add protocol\n");
 319                 xfrm_unregister_type(&ah_type, AF_INET);
 320                 return -EAGAIN;
 321         }
 322         return 0;
 323 }
 324
 325 static void __exit ah4_fini(void)
 326 {
 327         if (inet_del_protocol(&ah4_protocol, IPPROTO_AH) < 0)
 328                 printk(KERN_INFO "ip ah close: can't remove protocol\n");
 329         if (xfrm_unregister_type(&ah_type, AF_INET) < 0)
 330                 printk(KERN_INFO "ip ah close: can't remove xfrm type\n");
 331 }
 332
 333 module_init(ah4_init);
 334 module_exit(ah4_fini);
 335 MODULE_LICENSE("GPL");