net/ipv4/ah4.c

   1 #include <linux/config.h>
   2 #include <linux/module.h>
   3 #include <net/ip.h>
   4 #include <net/xfrm.h>
   5 #include <net/ah.h>
   6 #include <linux/crypto.h>
   7 #include <linux/pfkeyv2.h>
   8 #include <net/icmp.h>
   9 #include <net/protocol.h>
  10 #include <asm/scatterlist.h>
  11
  12
  13 /* Clear mutable options and find final destination to substitute
  14  * into IP header for icv calculation. Options are already checked
  15  * for validity, so paranoia is not required. */
  16
  17 static int ip_clear_mutable_options(struct iphdr *iph, u32 *daddr)
  18 {
  19         unsigned char * optptr = (unsigned char*)(iph+1);
  20         int  l = iph->ihl*4 - sizeof(struct iphdr);
  21         int  optlen;
  22
  23         while (l > 0) {
  24                 switch (*optptr) {
  25                 case IPOPT_END:
  26                         return 0;
  27                 case IPOPT_NOOP:
  28                         l--;
  29                         optptr++;
  30                         continue;
  31                 }
  32                 optlen = optptr[1];
  33                 if (optlen<2 || optlen>l)
  34                         return -EINVAL;
  35                 switch (*optptr) {
  36                 case IPOPT_SEC:
  37                 case 0x85:      /* Some "Extended Security" crap. */
  38                 case 0x86:      /* Another "Commercial Security" crap. */
  39                 case IPOPT_RA:
  40                 case 0x80|21:   /* RFC1770 */
  41                         break;
  42                 case IPOPT_LSRR:
  43                 case IPOPT_SSRR:
  44                         if (optlen < 6)
  45                                 return -EINVAL;
  46                         memcpy(daddr, optptr+optlen-4, 4);
  47                         /* Fall through */
  48                 default:
  49                         memset(optptr+2, 0, optlen-2);
  50                 }
  51                 l -= optlen;
  52                 optptr += optlen;
  53         }
  54         return 0;
  55 }
  56
  57 static int ah_output(struct xfrm_state *x, struct sk_buff *skb)
  58 {
  59         int err;
  60         struct iphdr *iph, *top_iph;
  61         struct ip_auth_hdr *ah;
  62         struct ah_data *ahp;
  63         union {
  64                 struct iphdr    iph;
  65                 char            buf[60];
  66         } tmp_iph;
  67
  68         top_iph = skb->nh.iph;
  69         iph = &tmp_iph.iph;
  70
  71         iph->tos = top_iph->tos;
  72         iph->ttl = top_iph->ttl;
  73         iph->frag_off = top_iph->frag_off;
  74
  75         if (top_iph->ihl != 5) {
  76                 iph->daddr = top_iph->daddr;
  77                 memcpy(iph+1, top_iph+1, top_iph->ihl*4 - sizeof(struct iphdr));
  78                 err = ip_clear_mutable_options(top_iph, &top_iph->daddr);
  79                 if (err)
  80                         goto error;
  81         }
  82
  83         ah = (struct ip_auth_hdr *)((char *)top_iph+top_iph->ihl*4);
  84         ah->nexthdr = top_iph->protocol;
  85
  86         top_iph->tos = 0;
  87         top_iph->tot_len = htons(skb->len);
  88         top_iph->frag_off = 0;
  89         top_iph->ttl = 0;
  90         top_iph->protocol = IPPROTO_AH;
  91         top_iph->check = 0;
  92
  93         ahp = x->data;
  94         ah->hdrlen  = (XFRM_ALIGN8(sizeof(struct ip_auth_hdr) +
  95                                    ahp->icv_trunc_len) >> 2) - 2;
  96
  97         ah->reserved = 0;
  98         ah->spi = x->id.spi;
  99         ah->seq_no = htonl(++x->replay.oseq);
 100         xfrm_aevent_doreplay(x);
 101         ahp->icv(ahp, skb, ah->auth_data);
 102
 103         top_iph->tos = iph->tos;
 104         top_iph->ttl = iph->ttl;
 105         top_iph->frag_off = iph->frag_off;
 106         if (top_iph->ihl != 5) {
 107                 top_iph->daddr = iph->daddr;
 108                 memcpy(top_iph+1, iph+1, top_iph->ihl*4 - sizeof(struct iphdr));
 109         }
 110
 111         ip_send_check(top_iph);
 112
 113         err = 0;
 114
 115 error:
 116         return err;
 117 }
 118
 119 static int ah_input(struct xfrm_state *x, struct sk_buff *skb)
 120 {
 121         int ah_hlen;
 122         struct iphdr *iph;
 123         struct ip_auth_hdr *ah;
 124         struct ah_data *ahp;
 125         char work_buf[60];
 126
 127         if (!pskb_may_pull(skb, sizeof(struct ip_auth_hdr)))
 128                 goto out;
 129
 130         ah = (struct ip_auth_hdr*)skb->data;
 131         ahp = x->data;
 132         ah_hlen = (ah->hdrlen + 2) << 2;
 133
 134         if (ah_hlen != XFRM_ALIGN8(sizeof(struct ip_auth_hdr) + ahp->icv_full_len) &&
 135             ah_hlen != XFRM_ALIGN8(sizeof(struct ip_auth_hdr) + ahp->icv_trunc_len))
 136                 goto out;
 137
 138         if (!pskb_may_pull(skb, ah_hlen))
 139                 goto out;
 140
 141         /* We are going to _remove_ AH header to keep sockets happy,
 142          * so... Later this can change. */
 143         if (skb_cloned(skb) &&
 144             pskb_expand_head(skb, 0, 0, GFP_ATOMIC))
 145                 goto out;
 146
 147         skb->ip_summed = CHECKSUM_NONE;
 148
 149         ah = (struct ip_auth_hdr*)skb->data;
 150         iph = skb->nh.iph;
 151
 152         memcpy(work_buf, iph, iph->ihl*4);
 153
 154         iph->ttl = 0;
 155         iph->tos = 0;
 156         iph->frag_off = 0;
 157         iph->check = 0;
 158         if (iph->ihl != 5) {
 159                 u32 dummy;
 160                 if (ip_clear_mutable_options(iph, &dummy))
 161                         goto out;
 162         }
 163         {
 164                 u8 auth_data[MAX_AH_AUTH_LEN];
 165
 166                 memcpy(auth_data, ah->auth_data, ahp->icv_trunc_len);
 167                 skb_push(skb, skb->data - skb->nh.raw);
 168                 ahp->icv(ahp, skb, ah->auth_data);
 169                 if (memcmp(ah->auth_data, auth_data, ahp->icv_trunc_len)) {
 170                         x->stats.integrity_failed++;
 171                         goto out;
 172                 }
 173         }
 174         ((struct iphdr*)work_buf)->protocol = ah->nexthdr;
 175         skb->nh.raw = skb_pull(skb, ah_hlen);
 176         memcpy(skb->nh.raw, work_buf, iph->ihl*4);
 177         skb->nh.iph->tot_len = htons(skb->len);
 178         skb_pull(skb, skb->nh.iph->ihl*4);
 179         skb->h.raw = skb->data;
 180
 181         return 0;
 182
 183 out:
 184         return -EINVAL;
 185 }
 186
 187 static void ah4_err(struct sk_buff *skb, u32 info)
 188 {
 189         struct iphdr *iph = (struct iphdr*)skb->data;
 190         struct ip_auth_hdr *ah = (struct ip_auth_hdr*)(skb->data+(iph->ihl<<2));
 191         struct xfrm_state *x;
 192
 193         if (skb->h.icmph->type != ICMP_DEST_UNREACH ||
 194             skb->h.icmph->code != ICMP_FRAG_NEEDED)
 195                 return;
 196
 197         x = xfrm_state_lookup((xfrm_address_t *)&iph->daddr, ah->spi, IPPROTO_AH, AF_INET);
 198         if (!x)
 199                 return;
 200         printk(KERN_DEBUG "pmtu discovery on SA AH/%08x/%08x\n",
 201                ntohl(ah->spi), ntohl(iph->daddr));
 202         xfrm_state_put(x);
 203 }
 204
 205 static int ah_init_state(struct xfrm_state *x)
 206 {
 207         struct ah_data *ahp = NULL;
 208         struct xfrm_algo_desc *aalg_desc;
 209
 210         if (!x->aalg)
 211                 goto error;
 212
 213         /* null auth can use a zero length key */
 214         if (x->aalg->alg_key_len > 512)
 215                 goto error;
 216
 217         if (x->encap)
 218                 goto error;
 219
 220         ahp = kmalloc(sizeof(*ahp), GFP_KERNEL);
 221         if (ahp == NULL)
 222                 return -ENOMEM;
 223
 224         memset(ahp, 0, sizeof(*ahp));
 225
 226         ahp->key = x->aalg->alg_key;
 227         ahp->key_len = (x->aalg->alg_key_len+7)/8;
 228         ahp->tfm = crypto_alloc_tfm(x->aalg->alg_name, 0);
 229         if (!ahp->tfm)
 230                 goto error;
 231         ahp->icv = ah_hmac_digest;
 232
 233         /*
 234          * Lookup the algorithm description maintained by xfrm_algo,
 235          * verify crypto transform properties, and store information
 236          * we need for AH processing.  This lookup cannot fail here
 237          * after a successful crypto_alloc_tfm().
 238          */
 239         aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name, 0);
 240         BUG_ON(!aalg_desc);
 241
 242         if (aalg_desc->uinfo.auth.icv_fullbits/8 !=
 243             crypto_tfm_alg_digestsize(ahp->tfm)) {
 244                 printk(KERN_INFO "AH: %s digestsize %u != %hu\n",
 245                        x->aalg->alg_name, crypto_tfm_alg_digestsize(ahp->tfm),
 246                        aalg_desc->uinfo.auth.icv_fullbits/8);
 247                 goto error;
 248         }
 249
 250         ahp->icv_full_len = aalg_desc->uinfo.auth.icv_fullbits/8;
 251         ahp->icv_trunc_len = aalg_desc->uinfo.auth.icv_truncbits/8;
 252
 253         BUG_ON(ahp->icv_trunc_len > MAX_AH_AUTH_LEN);
 254
 255         ahp->work_icv = kmalloc(ahp->icv_full_len, GFP_KERNEL);
 256         if (!ahp->work_icv)
 257                 goto error;
 258
 259         x->props.header_len = XFRM_ALIGN8(sizeof(struct ip_auth_hdr) + ahp->icv_trunc_len);
 260         if (x->props.mode)
 261                 x->props.header_len += sizeof(struct iphdr);
 262         x->data = ahp;
 263
 264         return 0;
 265
 266 error:
 267         if (ahp) {
 268                 kfree(ahp->work_icv);
 269                 crypto_free_tfm(ahp->tfm);
 270                 kfree(ahp);
 271         }
 272         return -EINVAL;
 273 }
 274
 275 static void ah_destroy(struct xfrm_state *x)
 276 {
 277         struct ah_data *ahp = x->data;
 278
 279         if (!ahp)
 280                 return;
 281
 282         kfree(ahp->work_icv);
 283         ahp->work_icv = NULL;
 284         crypto_free_tfm(ahp->tfm);
 285         ahp->tfm = NULL;
 286         kfree(ahp);
 287 }
 288
 289
 290 static struct xfrm_type ah_type =
 291 {
 292         .description    = "AH4",
 293         .owner          = THIS_MODULE,
 294         .proto          = IPPROTO_AH,
 295         .init_state     = ah_init_state,
 296         .destructor     = ah_destroy,
 297         .input          = ah_input,
 298         .output         = ah_output
 299 };
 300
 301 static struct net_protocol ah4_protocol = {
 302         .handler        =       xfrm4_rcv,
 303         .err_handler    =       ah4_err,
 304         .no_policy      =       1,
 305 };
 306
 307 static int __init ah4_init(void)
 308 {
 309         if (xfrm_register_type(&ah_type, AF_INET) < 0) {
 310                 printk(KERN_INFO "ip ah init: can't add xfrm type\n");
 311                 return -EAGAIN;
 312         }
 313         if (inet_add_protocol(&ah4_protocol, IPPROTO_AH) < 0) {
 314                 printk(KERN_INFO "ip ah init: can't add protocol\n");
 315                 xfrm_unregister_type(&ah_type, AF_INET);
 316                 return -EAGAIN;
 317         }
 318         return 0;
 319 }
 320
 321 static void __exit ah4_fini(void)
 322 {
 323         if (inet_del_protocol(&ah4_protocol, IPPROTO_AH) < 0)
 324                 printk(KERN_INFO "ip ah close: can't remove protocol\n");
 325         if (xfrm_unregister_type(&ah_type, AF_INET) < 0)
 326                 printk(KERN_INFO "ip ah close: can't remove xfrm type\n");
 327 }
 328
 329 module_init(ah4_init);
 330 module_exit(ah4_fini);
 331 MODULE_LICENSE("GPL");