xfrm: Don't allow esn with disabled anti replay detection

Message ID	20110510054305.GC8013@secunet.com
State	Accepted, archived
Delegated to:	David Miller
Headers	show Return-Path: <netdev-owner@vger.kernel.org> Date: Tue, 10 May 2011 07:43:05 +0200 From: Steffen Klassert <steffen.klassert@secunet.com> To: David Miller <davem@davemloft.net>, Herbert Xu <herbert@gondor.apana.org.au> Cc: netdev@vger.kernel.org Subject: [PATCH] xfrm: Don't allow esn with disabled anti replay detection Message-ID: <20110510054305.GC8013@secunet.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.20 (2009-06-14) Sender: netdev-owner@vger.kernel.org Precedence: bulk

Message ID

20110510054305.GC8013@secunet.com

State

Accepted, archived

Delegated to:

David Miller

Headers

Date: Tue, 10 May 2011 07:43:05 +0200
From: Steffen Klassert <steffen.klassert@secunet.com>
To: David Miller <davem@davemloft.net>,
	Herbert Xu <herbert@gondor.apana.org.au>
Cc: netdev@vger.kernel.org
Subject: [PATCH] xfrm: Don't allow esn with disabled anti replay detection
Message-ID: <20110510054305.GC8013@secunet.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.20 (2009-06-14)
Sender: netdev-owner@vger.kernel.org
Precedence: bulk

Commit Message

Steffen Klassert May 10, 2011, 5:43 a.m. UTC

Unlike the standard case, disabled anti replay detection needs some
nontrivial extra treatment on ESN. RFC 4303 states:

Note: If a receiver chooses to not enable anti-replay for an SA, then
the receiver SHOULD NOT negotiate ESN in an SA management protocol.
Use of ESN creates a need for the receiver to manage the anti-replay
window (in order to determine the correct value for the high-order
bits of the ESN, which are employed in the ICV computation), which is
generally contrary to the notion of disabling anti-replay for an SA.

So return an error if an ESN state with disabled anti replay detection
is inserted for now and add the extra treatment later if we need it.

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
---
 net/xfrm/xfrm_replay.c |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

Comments

David Miller May 10, 2011, 7:28 p.m. UTC | #1

From: Steffen Klassert <steffen.klassert@secunet.com>
Date: Tue, 10 May 2011 07:43:05 +0200

> Unlike the standard case, disabled anti replay detection needs some
> nontrivial extra treatment on ESN. RFC 4303 states:
> 
> Note: If a receiver chooses to not enable anti-replay for an SA, then
> the receiver SHOULD NOT negotiate ESN in an SA management protocol.
> Use of ESN creates a need for the receiver to manage the anti-replay
> window (in order to determine the correct value for the high-order
> bits of the ESN, which are employed in the ICV computation), which is
> generally contrary to the notion of disabling anti-replay for an SA.
> 
> So return an error if an ESN state with disabled anti replay detection
> is inserted for now and add the extra treatment later if we need it.
> 
> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>

Also applied, thanks for fixing these bugs!
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff --git a/net/xfrm/xfrm_replay.c b/net/xfrm/xfrm_replay.c
index e8a7814..47f1b86 100644
--- a/net/xfrm/xfrm_replay.c
+++ b/net/xfrm/xfrm_replay.c
@@ -535,6 +535,9 @@  int xfrm_init_replay(struct xfrm_state *x)
 		    replay_esn->bmp_len * sizeof(__u32) * 8)
 			return -EINVAL;
 
+	if ((x->props.flags & XFRM_STATE_ESN) && replay_esn->replay_window == 0)
+		return -EINVAL;
+
 	if ((x->props.flags & XFRM_STATE_ESN) && x->replay_esn)
 		x->repl = &xfrm_replay_esn;
 	else

xfrm: Don't allow esn with disabled anti replay detection

Commit Message

Comments

Patch