fixed a bug in calculation of authenticator. mh_cksum field must be

cleared when calculating authenticator. Reported by Daniel Jungbluth.
kame · Dec 16, 2004 · 102bcbb · 102bcbb
1 parent 018ff8b
commit 102bcbb
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 5 deletions.
diff --git a/kame/kame/shisad/fsm.c b/kame/kame/shisad/fsm.c
@@ -1,4 +1,4 @@
-/*	$KAME: fsm.c,v 1.3 2004/12/16 12:12:28 keiichi Exp $	*/
+/*	$KAME: fsm.c,v 1.4 2004/12/16 12:47:07 keiichi Exp $	*/
 
 /*
  * Copyright (C) 2004 WIDE Project.  All rights reserved.
@@ -2258,6 +2258,7 @@ bul_fsm_back_preprocess(bul, fsmmsg)
 	struct fsm_message *fsmmsg;
 {
 	mip6_kbm_t kbm;
+	u_int16_t cksum;
 	mip6_authenticator_t authenticator;
 	struct ip6_mh_binding_ack *ip6mhba;
 	u_int16_t seqno;
@@ -2320,16 +2321,29 @@ bul_fsm_back_preprocess(bul, fsmmsg)
 	/* 
 	 * Authenticator check if available. BA is protected by IPsec
 	 * when it is from Home Agent (i.e. Home Flag set to
-	 * BUL. Otherwise, all packets SHOULD have authenticato and
+	 * BUL. Otherwise, all packets SHOULD have authenticator and
 	 * nonce indice option. */
 	if (mopt.opt_auth) {
 		/* verify authenticator. */
+		/*
+		 * RFC3775 Section 6.2.7
+		 */
 		mip6_calculate_kbm(&bul->bul_home_token,
-		    &bul->bul_careof_token, &kbm);
-		mip6_calculate_authenticator(&kbm, fsmmsg->fsmm_dst,
+		    (fsmmsg->fsmm_rtaddr != NULL)
+		    ? &bul->bul_careof_token : NULL, &kbm);
+		/*
+		 * clear the checksum field to calculate a correcet
+		 * authenticator.
+		 */
+		cksum = ip6mhba->ip6mhba_hdr.ip6mh_cksum;
+		ip6mhba->ip6mhba_hdr.ip6mh_cksum = 0;
+		mip6_calculate_authenticator(&kbm,
+		    (fsmmsg->fsmm_rtaddr != NULL)
+		    ? fsmmsg->fsmm_rtaddr : fsmmsg->fsmm_dst,
 		    fsmmsg->fsmm_src, (caddr_t)ip6mhba, ip6mhbalen,
 		    ((caddr_t)mopt.opt_auth - (caddr_t)ip6mhba) + 2,
 		    MIP6_AUTHENTICATOR_SIZE, &authenticator);
+		ip6mhba->ip6mhba_hdr.ip6mh_cksum = cksum;
 		if (memcmp((caddr_t)mopt.opt_auth + 2, &authenticator,
 			MIP6_AUTHENTICATOR_SIZE) != 0) {
 			syslog(LOG_ERR,

diff --git a/kame/kame/shisad/mh.c b/kame/kame/shisad/mh.c
@@ -1,4 +1,4 @@
-/*      $KAME: mh.c,v 1.2 2004/12/16 11:58:50 keiichi Exp $  */
+/*      $KAME: mh.c,v 1.3 2004/12/16 12:47:07 keiichi Exp $  */
 /*
  * Copyright (C) 2004 WIDE Project.  All rights reserved.
  *
@@ -630,6 +630,7 @@ receive_bu(src, dst, hoa, rtaddr, bu, mhlen)
 	if (mopt.opt_auth && mopt.opt_nonce) {
 #ifdef MIP_CN
 		int cnnonce = 0;
+		u_int16_t cksum;
 		mip6_authenticator_t authenticator;
 		struct mip6_nonces_info *home_nonces, *careof_nonces;
 
@@ -663,13 +664,15 @@ receive_bu(src, dst, hoa, rtaddr, bu, mhlen)
 		mip6_calculate_kbm(&home_token, (cnnonce) ? &careof_token : NULL, kbm);
 
 		/* Compare Calculated Authentication Data into Authenticator field */ 
+		cksum = bu->ip6mhbu_hdr.ip6mh_cksum;
 		bu->ip6mhbu_hdr.ip6mh_cksum = 0;
 
 		/* Calculate authenticator */
 		mip6_calculate_authenticator(kbm, coa, dst, (caddr_t)bu, mhlen, 
 					     (u_int8_t *)mopt.opt_auth + 
 					     sizeof(struct ip6_mh_opt_auth_data) - (u_int8_t *)bu,
 					     MIP6_AUTHENTICATOR_SIZE, &authenticator);
+		bu->ip6mhbu_hdr.ip6mh_cksum = cksum;
 
 		/* Authentication is failed, silently discard */
 		if (memcmp(&authenticator,