sctp: Use shash (5821c769) · Commits · EulixOS / Software / Kernel

include/net/sctp/auth.h

+2 −2

Original line number	Diff line number	Diff line
		@@ -31,12 +31,12 @@
		#define __sctp_auth_h__

		#include <linux/list.h>
		#include <linux/crypto.h>

		struct sctp_endpoint;
		struct sctp_association;
		struct sctp_authkey;
		struct sctp_hmacalgo;
		struct crypto_shash;

		/*
		* Define a generic struct that will hold all the info
		@@ -90,7 +90,7 @@ int sctp_auth_asoc_copy_shkeys(const struct sctp_endpoint *ep,
		struct sctp_association *asoc,
		gfp_t gfp);
		int sctp_auth_init_hmacs(struct sctp_endpoint *ep, gfp_t gfp);
		void sctp_auth_destroy_hmacs(struct crypto_hash *auth_hmacs[]);
		void sctp_auth_destroy_hmacs(struct crypto_shash *auth_hmacs[]);
		struct sctp_hmac *sctp_auth_get_hmac(__u16 hmac_id);
		struct sctp_hmac sctp_auth_asoc_get_hmac(const struct sctp_association asoc);
		void sctp_auth_asoc_set_default_hmac(struct sctp_association *asoc,

include/net/sctp/structs.h

+3 −3

Original line number	Diff line number	Diff line
		@@ -82,7 +82,7 @@ struct sctp_bind_addr;
		struct sctp_ulpq;
		struct sctp_ep_common;
		struct sctp_ssnmap;
		struct crypto_hash;
		struct crypto_shash;


		#include <net/sctp/tsnmap.h>
		@@ -166,7 +166,7 @@ struct sctp_sock {
		struct sctp_pf *pf;

		/* Access to HMAC transform. */
		struct crypto_hash *hmac;
		struct crypto_shash *hmac;
		char *sctp_hmac_alg;

		/* What is our base endpointer? */
		@@ -1235,7 +1235,7 @@ struct sctp_endpoint {
		/* SCTP AUTH: array of the HMACs that will be allocated
		* we need this per association so that we don't serialize
		*/
		struct crypto_hash **auth_hmacs;
		struct crypto_shash **auth_hmacs;

		/* SCTP-AUTH: hmacs for the endpoint encoded into parameter */
		struct sctp_hmac_algo_param *auth_hmacs_list;

net/sctp/auth.c

+19 −17

Original line number	Diff line number	Diff line
		@@ -27,9 +27,9 @@
		* Vlad Yasevich <vladislav.yasevich@hp.com>
		*/

		#include <crypto/hash.h>
		#include <linux/slab.h>
		#include <linux/types.h>
		#include <linux/crypto.h>
		#include <linux/scatterlist.h>
		#include <net/sctp/sctp.h>
		#include <net/sctp/auth.h>
		@@ -448,7 +448,7 @@ struct sctp_shared_key *sctp_auth_get_shkey(
		*/
		int sctp_auth_init_hmacs(struct sctp_endpoint *ep, gfp_t gfp)
		{
		struct crypto_hash *tfm = NULL;
		struct crypto_shash *tfm = NULL;
		__u16 id;

		/* If AUTH extension is disabled, we are done */
		@@ -462,9 +462,8 @@ int sctp_auth_init_hmacs(struct sctp_endpoint *ep, gfp_t gfp)
		return 0;

		/* Allocated the array of pointers to transorms */
		ep->auth_hmacs = kzalloc(
		sizeof(struct crypto_hash ) SCTP_AUTH_NUM_HMACS,
		gfp);
		ep->auth_hmacs = kzalloc(sizeof(struct crypto_shash )
		SCTP_AUTH_NUM_HMACS, gfp);
		if (!ep->auth_hmacs)
		return -ENOMEM;

		@@ -483,8 +482,7 @@ int sctp_auth_init_hmacs(struct sctp_endpoint *ep, gfp_t gfp)
		continue;

		/* Allocate the ID */
		tfm = crypto_alloc_hash(sctp_hmac_list[id].hmac_name, 0,
		CRYPTO_ALG_ASYNC);
		tfm = crypto_alloc_shash(sctp_hmac_list[id].hmac_name, 0, 0);
		if (IS_ERR(tfm))
		goto out_err;

		@@ -500,7 +498,7 @@ int sctp_auth_init_hmacs(struct sctp_endpoint *ep, gfp_t gfp)
		}

		/* Destroy the hmac tfm array */
		void sctp_auth_destroy_hmacs(struct crypto_hash *auth_hmacs[])
		void sctp_auth_destroy_hmacs(struct crypto_shash *auth_hmacs[])
		{
		int i;

		@@ -508,8 +506,7 @@ void sctp_auth_destroy_hmacs(struct crypto_hash *auth_hmacs[])
		return;

		for (i = 0; i < SCTP_AUTH_NUM_HMACS; i++) {
		if (auth_hmacs[i])
		crypto_free_hash(auth_hmacs[i]);
		crypto_free_shash(auth_hmacs[i]);
		}
		kfree(auth_hmacs);
		}
		@@ -709,8 +706,7 @@ void sctp_auth_calculate_hmac(const struct sctp_association *asoc,
		struct sctp_auth_chunk *auth,
		gfp_t gfp)
		{
		struct scatterlist sg;
		struct hash_desc desc;
		struct crypto_shash *tfm;
		struct sctp_auth_bytes *asoc_key;
		__u16 key_id, hmac_id;
		__u8 *digest;
		@@ -742,16 +738,22 @@ void sctp_auth_calculate_hmac(const struct sctp_association *asoc,

		/* set up scatter list */
		end = skb_tail_pointer(skb);
		sg_init_one(&sg, auth, end - (unsigned char *)auth);

		desc.tfm = asoc->ep->auth_hmacs[hmac_id];
		desc.flags = 0;
		tfm = asoc->ep->auth_hmacs[hmac_id];

		digest = auth->auth_hdr.hmac;
		if (crypto_hash_setkey(desc.tfm, &asoc_key->data[0], asoc_key->len))
		if (crypto_shash_setkey(tfm, &asoc_key->data[0], asoc_key->len))
		goto free;

		crypto_hash_digest(&desc, &sg, sg.length, digest);
		{
		SHASH_DESC_ON_STACK(desc, tfm);

		desc->tfm = tfm;
		desc->flags = 0;
		crypto_shash_digest(desc, (u8 *)auth,
		end - (unsigned char *)auth, digest);
		shash_desc_zero(desc);
		}

		free:
		if (free_key)

net/sctp/endpointola.c

+0 −1

Original line number	Diff line number	Diff line
		@@ -42,7 +42,6 @@
		#include <linux/slab.h>
		#include <linux/in.h>
		#include <linux/random.h> /* get_random_bytes() */
		#include <linux/crypto.h>
		#include <net/sock.h>
		#include <net/ipv6.h>
		#include <net/sctp/sctp.h>

net/sctp/sm_make_chunk.c

+29 −22

Original line number	Diff line number	Diff line
		@@ -45,6 +45,7 @@

		#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt

		#include <crypto/hash.h>
		#include <linux/types.h>
		#include <linux/kernel.h>
		#include <linux/ip.h>
		@@ -52,7 +53,6 @@
		#include <linux/net.h>
		#include <linux/inet.h>
		#include <linux/scatterlist.h>
		#include <linux/crypto.h>
		#include <linux/slab.h>
		#include <net/sock.h>

		@@ -1606,7 +1606,6 @@ static sctp_cookie_param_t sctp_pack_cookie(const struct sctp_endpoint ep,
		{
		sctp_cookie_param_t *retval;
		struct sctp_signed_cookie *cookie;
		struct scatterlist sg;
		int headersize, bodysize;

		/* Header size is static data prior to the actual cookie, including
		@@ -1663,16 +1662,19 @@ static sctp_cookie_param_t sctp_pack_cookie(const struct sctp_endpoint ep,
		ntohs(init_chunk->chunk_hdr->length), raw_addrs, addrs_len);

		if (sctp_sk(ep->base.sk)->hmac) {
		struct hash_desc desc;
		SHASH_DESC_ON_STACK(desc, sctp_sk(ep->base.sk)->hmac);
		int err;

		/* Sign the message. */
		sg_init_one(&sg, &cookie->c, bodysize);
		desc.tfm = sctp_sk(ep->base.sk)->hmac;
		desc.flags = 0;

		if (crypto_hash_setkey(desc.tfm, ep->secret_key,
		sizeof(ep->secret_key)) \|\|
		crypto_hash_digest(&desc, &sg, bodysize, cookie->signature))
		desc->tfm = sctp_sk(ep->base.sk)->hmac;
		desc->flags = 0;

		err = crypto_shash_setkey(desc->tfm, ep->secret_key,
		sizeof(ep->secret_key)) ?:
		crypto_shash_digest(desc, (u8 *)&cookie->c, bodysize,
		cookie->signature);
		shash_desc_zero(desc);
		if (err)
		goto free_cookie;
		}

		@@ -1697,12 +1699,10 @@ struct sctp_association *sctp_unpack_cookie(
		struct sctp_cookie *bear_cookie;
		int headersize, bodysize, fixed_size;
		__u8 *digest = ep->digest;
		struct scatterlist sg;
		unsigned int len;
		sctp_scope_t scope;
		struct sk_buff *skb = chunk->skb;
		ktime_t kt;
		struct hash_desc desc;

		/* Header size is static data prior to the actual cookie, including
		* any padding.
		@@ -1733,17 +1733,24 @@ struct sctp_association *sctp_unpack_cookie(
		goto no_hmac;

		/* Check the signature. */
		sg_init_one(&sg, bear_cookie, bodysize);
		desc.tfm = sctp_sk(ep->base.sk)->hmac;
		desc.flags = 0;

		memset(digest, 0x00, SCTP_SIGNATURE_SIZE);
		if (crypto_hash_setkey(desc.tfm, ep->secret_key,
		sizeof(ep->secret_key)) \|\|
		crypto_hash_digest(&desc, &sg, bodysize, digest)) {
		{
		SHASH_DESC_ON_STACK(desc, sctp_sk(ep->base.sk)->hmac);
		int err;

		desc->tfm = sctp_sk(ep->base.sk)->hmac;
		desc->flags = 0;

		err = crypto_shash_setkey(desc->tfm, ep->secret_key,
		sizeof(ep->secret_key)) ?:
		crypto_shash_digest(desc, (u8 *)bear_cookie, bodysize,
		digest);
		shash_desc_zero(desc);

		if (err) {
		*error = -SCTP_IERROR_NOMEM;
		goto fail;
		}
		}

		if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) {
		*error = -SCTP_IERROR_BAD_SIG;