[SCTP]: Use HMAC template and hash interface

				 */

				 */

#if defined (CONFIG_SCTP_HMAC_MD5)

#if defined (CONFIG_SCTP_HMAC_MD5)

#define SCTP_COOKIE_HMAC_ALG "md5"

#define SCTP_COOKIE_HMAC_ALG "hmac(md5)"

#elif defined (CONFIG_SCTP_HMAC_SHA1)

#elif defined (CONFIG_SCTP_HMAC_SHA1)

#define SCTP_COOKIE_HMAC_ALG "sha1"

#define SCTP_COOKIE_HMAC_ALG "hmac(sha1)"

#else

#else

#define SCTP_COOKIE_HMAC_ALG NULL

#define SCTP_COOKIE_HMAC_ALG NULL

#endif

#endif

#endif /* #if defined(CONFIG_IPV6) */

#endif /* #if defined(CONFIG_IPV6) */

/* Some wrappers, in case crypto not available. */

#if defined (CONFIG_CRYPTO_HMAC)

#define sctp_crypto_alloc_tfm crypto_alloc_tfm

#define sctp_crypto_free_tfm crypto_free_tfm

#define sctp_crypto_hmac crypto_hmac

#else

#define sctp_crypto_alloc_tfm(x...) NULL

#define sctp_crypto_free_tfm(x...)

#define sctp_crypto_hmac(x...)

#endif

/* Map an association to an assoc_id. */

/* Map an association to an assoc_id. */

static inline sctp_assoc_t sctp_assoc2id(const struct sctp_association *asoc)

static inline sctp_assoc_t sctp_assoc2id(const struct sctp_association *asoc)

struct sctp_ulpq;

struct sctp_ulpq;

struct sctp_ep_common;

struct sctp_ep_common;

struct sctp_ssnmap;

struct sctp_ssnmap;

struct crypto_hash;

#include <net/sctp/tsnmap.h>

#include <net/sctp/tsnmap.h>

	struct sctp_pf *pf;

	struct sctp_pf *pf;

	/* Access to HMAC transform. */

	/* Access to HMAC transform. */

	struct crypto_tfm *hmac;

	struct crypto_hash *hmac;

	/* What is our base endpointer? */

	/* What is our base endpointer? */

	struct sctp_endpoint *ep;

	struct sctp_endpoint *ep;

	SCTP_ASSERT(ep->base.dead, "Endpoint is not dead", return);

	SCTP_ASSERT(ep->base.dead, "Endpoint is not dead", return);

	/* Free up the HMAC transform. */

	/* Free up the HMAC transform. */

	sctp_crypto_free_tfm(sctp_sk(ep->base.sk)->hmac);

	crypto_free_hash(sctp_sk(ep->base.sk)->hmac);

	/* Cleanup. */

	/* Cleanup. */

	sctp_inq_free(&ep->base.inqueue);

	sctp_inq_free(&ep->base.inqueue);

	retval = kmalloc(*cookie_len, GFP_ATOMIC);

	retval = kmalloc(*cookie_len, GFP_ATOMIC);

	if (!retval) {

	if (!retval)

		*cookie_len = 0;

		goto nodata;

		goto nodata;

	}

	/* Clear this memory since we are sending this data structure

	/* Clear this memory since we are sending this data structure

	 * out on the network.

	 * out on the network.

	       ntohs(init_chunk->chunk_hdr->length), raw_addrs, addrs_len);

	       ntohs(init_chunk->chunk_hdr->length), raw_addrs, addrs_len);

  	if (sctp_sk(ep->base.sk)->hmac) {

  	if (sctp_sk(ep->base.sk)->hmac) {

		struct hash_desc desc;

		/* Sign the message.  */

		/* Sign the message.  */

		sg.page = virt_to_page(&cookie->c);

		sg.page = virt_to_page(&cookie->c);

		sg.offset = (unsigned long)(&cookie->c) % PAGE_SIZE;

		sg.offset = (unsigned long)(&cookie->c) % PAGE_SIZE;

		sg.length = bodysize;

		sg.length = bodysize;

		keylen = SCTP_SECRET_SIZE;

		keylen = SCTP_SECRET_SIZE;

		key = (char *)ep->secret_key[ep->current_key];

		key = (char *)ep->secret_key[ep->current_key];

  		desc.tfm = sctp_sk(ep->base.sk)->hmac;

  		desc.flags = 0;

		sctp_crypto_hmac(sctp_sk(ep->base.sk)->hmac, key, &keylen,

		if (crypto_hash_setkey(desc.tfm, key, keylen) ||

				 &sg, 1, cookie->signature);

		    crypto_hash_digest(&desc, &sg, bodysize, cookie->signature))

			goto free_cookie;

	}

	}

nodata:

	return retval;

	return retval;

free_cookie:

	kfree(retval);

nodata:

	*cookie_len = 0;

	return NULL;

}

}

/* Unpack the cookie from COOKIE ECHO chunk, recreating the association.  */

/* Unpack the cookie from COOKIE ECHO chunk, recreating the association.  */

	sctp_scope_t scope;

	sctp_scope_t scope;

	struct sk_buff *skb = chunk->skb;

	struct sk_buff *skb = chunk->skb;

	struct timeval tv;

	struct timeval tv;

	struct hash_desc desc;

	/* Header size is static data prior to the actual cookie, including

	/* Header size is static data prior to the actual cookie, including

	 * any padding.

	 * any padding.

	sg.offset = (unsigned long)(bear_cookie) % PAGE_SIZE;

	sg.offset = (unsigned long)(bear_cookie) % PAGE_SIZE;

	sg.length = bodysize;

	sg.length = bodysize;

	key = (char *)ep->secret_key[ep->current_key];

	key = (char *)ep->secret_key[ep->current_key];

	desc.tfm = sctp_sk(ep->base.sk)->hmac;

	desc.flags = 0;

	memset(digest, 0x00, SCTP_SIGNATURE_SIZE);

	memset(digest, 0x00, SCTP_SIGNATURE_SIZE);

	sctp_crypto_hmac(sctp_sk(ep->base.sk)->hmac, key, &keylen, &sg,

	if (crypto_hash_setkey(desc.tfm, key, keylen) ||

			 1, digest);

	    crypto_hash_digest(&desc, &sg, bodysize, digest)) {

		*error = -SCTP_IERROR_NOMEM;

		goto fail;

	}

	if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) {

	if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) {

		/* Try the previous key. */

		/* Try the previous key. */

		key = (char *)ep->secret_key[ep->last_key];

		key = (char *)ep->secret_key[ep->last_key];

		memset(digest, 0x00, SCTP_SIGNATURE_SIZE);

		memset(digest, 0x00, SCTP_SIGNATURE_SIZE);

		sctp_crypto_hmac(sctp_sk(ep->base.sk)->hmac, key, &keylen,

		if (crypto_hash_setkey(desc.tfm, key, keylen) ||

				 &sg, 1, digest);

		    crypto_hash_digest(&desc, &sg, bodysize, digest)) {

			*error = -SCTP_IERROR_NOMEM;

			goto fail;

		}

		if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) {

		if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) {

			/* Yikes!  Still bad signature! */

			/* Yikes!  Still bad signature! */