The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/netinet/sctp_auth.c

Version: -  FREEBSD  -  FREEBSD11  -  FREEBSD10  -  FREEBSD9  -  FREEBSD92  -  FREEBSD91  -  FREEBSD90  -  FREEBSD8  -  FREEBSD82  -  FREEBSD81  -  FREEBSD80  -  FREEBSD7  -  FREEBSD74  -  FREEBSD73  -  FREEBSD72  -  FREEBSD71  -  FREEBSD70  -  FREEBSD6  -  FREEBSD64  -  FREEBSD63  -  FREEBSD62  -  FREEBSD61  -  FREEBSD60  -  FREEBSD5  -  FREEBSD55  -  FREEBSD54  -  FREEBSD53  -  FREEBSD52  -  FREEBSD51  -  FREEBSD50  -  FREEBSD4  -  FREEBSD3  -  FREEBSD22  -  linux-2.6  -  linux-2.4.22  -  MK83  -  MK84  -  PLAN9  -  DFBSD  -  NETBSD  -  NETBSD5  -  NETBSD4  -  NETBSD3  -  NETBSD20  -  OPENBSD  -  xnu-517  -  xnu-792  -  xnu-792.6.70  -  xnu-1228  -  xnu-1456.1.26  -  xnu-1699.24.8  -  xnu-2050.18.24  -  OPENSOLARIS  -  minix-3-1-1 
SearchContext: -  none  -  3  -  10 

    1 /*-
    2  * Copyright (c) 2001-2008, by Cisco Systems, Inc. All rights reserved.
    3  *
    4  * Redistribution and use in source and binary forms, with or without
    5  * modification, are permitted provided that the following conditions are met:
    6  *
    7  * a) Redistributions of source code must retain the above copyright notice,
    8  *   this list of conditions and the following disclaimer.
    9  *
   10  * b) Redistributions in binary form must reproduce the above copyright
   11  *    notice, this list of conditions and the following disclaimer in
   12  *   the documentation and/or other materials provided with the distribution.
   13  *
   14  * c) Neither the name of Cisco Systems, Inc. nor the names of its
   15  *    contributors may be used to endorse or promote products derived
   16  *    from this software without specific prior written permission.
   17  *
   18  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
   19  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
   20  * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   21  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
   22  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
   23  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
   24  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
   25  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
   26  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
   27  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
   28  * THE POSSIBILITY OF SUCH DAMAGE.
   29  */
   30 
   31 #include <sys/cdefs.h>
   32 __FBSDID("$FreeBSD: releng/8.2/sys/netinet/sctp_auth.c 214486 2010-10-28 19:15:30Z tuexen $");
   33 
   34 #include <netinet/sctp_os.h>
   35 #include <netinet/sctp.h>
   36 #include <netinet/sctp_header.h>
   37 #include <netinet/sctp_pcb.h>
   38 #include <netinet/sctp_var.h>
   39 #include <netinet/sctp_sysctl.h>
   40 #include <netinet/sctputil.h>
   41 #include <netinet/sctp_indata.h>
   42 #include <netinet/sctp_output.h>
   43 #include <netinet/sctp_auth.h>
   44 
   45 #ifdef SCTP_DEBUG
   46 #define SCTP_AUTH_DEBUG         (SCTP_BASE_SYSCTL(sctp_debug_on) & SCTP_DEBUG_AUTH1)
   47 #define SCTP_AUTH_DEBUG2        (SCTP_BASE_SYSCTL(sctp_debug_on) & SCTP_DEBUG_AUTH2)
   48 #endif                          /* SCTP_DEBUG */
   49 
   50 
   51 void
   52 sctp_clear_chunklist(sctp_auth_chklist_t * chklist)
   53 {
   54         bzero(chklist, sizeof(*chklist));
   55         /* chklist->num_chunks = 0; */
   56 }
   57 
   58 sctp_auth_chklist_t *
   59 sctp_alloc_chunklist(void)
   60 {
   61         sctp_auth_chklist_t *chklist;
   62 
   63         SCTP_MALLOC(chklist, sctp_auth_chklist_t *, sizeof(*chklist),
   64             SCTP_M_AUTH_CL);
   65         if (chklist == NULL) {
   66                 SCTPDBG(SCTP_DEBUG_AUTH1, "sctp_alloc_chunklist: failed to get memory!\n");
   67         } else {
   68                 sctp_clear_chunklist(chklist);
   69         }
   70         return (chklist);
   71 }
   72 
   73 void
   74 sctp_free_chunklist(sctp_auth_chklist_t * list)
   75 {
   76         if (list != NULL)
   77                 SCTP_FREE(list, SCTP_M_AUTH_CL);
   78 }
   79 
   80 sctp_auth_chklist_t *
   81 sctp_copy_chunklist(sctp_auth_chklist_t * list)
   82 {
   83         sctp_auth_chklist_t *new_list;
   84 
   85         if (list == NULL)
   86                 return (NULL);
   87 
   88         /* get a new list */
   89         new_list = sctp_alloc_chunklist();
   90         if (new_list == NULL)
   91                 return (NULL);
   92         /* copy it */
   93         bcopy(list, new_list, sizeof(*new_list));
   94 
   95         return (new_list);
   96 }
   97 
   98 
   99 /*
  100  * add a chunk to the required chunks list
  101  */
  102 int
  103 sctp_auth_add_chunk(uint8_t chunk, sctp_auth_chklist_t * list)
  104 {
  105         if (list == NULL)
  106                 return (-1);
  107 
  108         /* is chunk restricted? */
  109         if ((chunk == SCTP_INITIATION) ||
  110             (chunk == SCTP_INITIATION_ACK) ||
  111             (chunk == SCTP_SHUTDOWN_COMPLETE) ||
  112             (chunk == SCTP_AUTHENTICATION)) {
  113                 return (-1);
  114         }
  115         if (list->chunks[chunk] == 0) {
  116                 list->chunks[chunk] = 1;
  117                 list->num_chunks++;
  118                 SCTPDBG(SCTP_DEBUG_AUTH1,
  119                     "SCTP: added chunk %u (0x%02x) to Auth list\n",
  120                     chunk, chunk);
  121         }
  122         return (0);
  123 }
  124 
  125 /*
  126  * delete a chunk from the required chunks list
  127  */
  128 int
  129 sctp_auth_delete_chunk(uint8_t chunk, sctp_auth_chklist_t * list)
  130 {
  131         if (list == NULL)
  132                 return (-1);
  133 
  134         /* is chunk restricted? */
  135         if ((chunk == SCTP_ASCONF) ||
  136             (chunk == SCTP_ASCONF_ACK)) {
  137                 return (-1);
  138         }
  139         if (list->chunks[chunk] == 1) {
  140                 list->chunks[chunk] = 0;
  141                 list->num_chunks--;
  142                 SCTPDBG(SCTP_DEBUG_AUTH1,
  143                     "SCTP: deleted chunk %u (0x%02x) from Auth list\n",
  144                     chunk, chunk);
  145         }
  146         return (0);
  147 }
  148 
  149 size_t
  150 sctp_auth_get_chklist_size(const sctp_auth_chklist_t * list)
  151 {
  152         if (list == NULL)
  153                 return (0);
  154         else
  155                 return (list->num_chunks);
  156 }
  157 
  158 /*
  159  * set the default list of chunks requiring AUTH
  160  */
  161 void
  162 sctp_auth_set_default_chunks(sctp_auth_chklist_t * list)
  163 {
  164         (void)sctp_auth_add_chunk(SCTP_ASCONF, list);
  165         (void)sctp_auth_add_chunk(SCTP_ASCONF_ACK, list);
  166 }
  167 
  168 /*
  169  * return the current number and list of required chunks caller must
  170  * guarantee ptr has space for up to 256 bytes
  171  */
  172 int
  173 sctp_serialize_auth_chunks(const sctp_auth_chklist_t * list, uint8_t * ptr)
  174 {
  175         int i, count = 0;
  176 
  177         if (list == NULL)
  178                 return (0);
  179 
  180         for (i = 0; i < 256; i++) {
  181                 if (list->chunks[i] != 0) {
  182                         *ptr++ = i;
  183                         count++;
  184                 }
  185         }
  186         return (count);
  187 }
  188 
  189 int
  190 sctp_pack_auth_chunks(const sctp_auth_chklist_t * list, uint8_t * ptr)
  191 {
  192         int i, size = 0;
  193 
  194         if (list == NULL)
  195                 return (0);
  196 
  197         if (list->num_chunks <= 32) {
  198                 /* just list them, one byte each */
  199                 for (i = 0; i < 256; i++) {
  200                         if (list->chunks[i] != 0) {
  201                                 *ptr++ = i;
  202                                 size++;
  203                         }
  204                 }
  205         } else {
  206                 int index, offset;
  207 
  208                 /* pack into a 32 byte bitfield */
  209                 for (i = 0; i < 256; i++) {
  210                         if (list->chunks[i] != 0) {
  211                                 index = i / 8;
  212                                 offset = i % 8;
  213                                 ptr[index] |= (1 << offset);
  214                         }
  215                 }
  216                 size = 32;
  217         }
  218         return (size);
  219 }
  220 
  221 int
  222 sctp_unpack_auth_chunks(const uint8_t * ptr, uint8_t num_chunks,
  223     sctp_auth_chklist_t * list)
  224 {
  225         int i;
  226         int size;
  227 
  228         if (list == NULL)
  229                 return (0);
  230 
  231         if (num_chunks <= 32) {
  232                 /* just pull them, one byte each */
  233                 for (i = 0; i < num_chunks; i++) {
  234                         (void)sctp_auth_add_chunk(*ptr++, list);
  235                 }
  236                 size = num_chunks;
  237         } else {
  238                 int index, offset;
  239 
  240                 /* unpack from a 32 byte bitfield */
  241                 for (index = 0; index < 32; index++) {
  242                         for (offset = 0; offset < 8; offset++) {
  243                                 if (ptr[index] & (1 << offset)) {
  244                                         (void)sctp_auth_add_chunk((index * 8) + offset, list);
  245                                 }
  246                         }
  247                 }
  248                 size = 32;
  249         }
  250         return (size);
  251 }
  252 
  253 
  254 /*
  255  * allocate structure space for a key of length keylen
  256  */
  257 sctp_key_t *
  258 sctp_alloc_key(uint32_t keylen)
  259 {
  260         sctp_key_t *new_key;
  261 
  262         SCTP_MALLOC(new_key, sctp_key_t *, sizeof(*new_key) + keylen,
  263             SCTP_M_AUTH_KY);
  264         if (new_key == NULL) {
  265                 /* out of memory */
  266                 return (NULL);
  267         }
  268         new_key->keylen = keylen;
  269         return (new_key);
  270 }
  271 
  272 void
  273 sctp_free_key(sctp_key_t * key)
  274 {
  275         if (key != NULL)
  276                 SCTP_FREE(key, SCTP_M_AUTH_KY);
  277 }
  278 
  279 void
  280 sctp_print_key(sctp_key_t * key, const char *str)
  281 {
  282         uint32_t i;
  283 
  284         if (key == NULL) {
  285                 printf("%s: [Null key]\n", str);
  286                 return;
  287         }
  288         printf("%s: len %u, ", str, key->keylen);
  289         if (key->keylen) {
  290                 for (i = 0; i < key->keylen; i++)
  291                         printf("%02x", key->key[i]);
  292                 printf("\n");
  293         } else {
  294                 printf("[Null key]\n");
  295         }
  296 }
  297 
  298 void
  299 sctp_show_key(sctp_key_t * key, const char *str)
  300 {
  301         uint32_t i;
  302 
  303         if (key == NULL) {
  304                 printf("%s: [Null key]\n", str);
  305                 return;
  306         }
  307         printf("%s: len %u, ", str, key->keylen);
  308         if (key->keylen) {
  309                 for (i = 0; i < key->keylen; i++)
  310                         printf("%02x", key->key[i]);
  311                 printf("\n");
  312         } else {
  313                 printf("[Null key]\n");
  314         }
  315 }
  316 
  317 static uint32_t
  318 sctp_get_keylen(sctp_key_t * key)
  319 {
  320         if (key != NULL)
  321                 return (key->keylen);
  322         else
  323                 return (0);
  324 }
  325 
  326 /*
  327  * generate a new random key of length 'keylen'
  328  */
  329 sctp_key_t *
  330 sctp_generate_random_key(uint32_t keylen)
  331 {
  332         sctp_key_t *new_key;
  333 
  334         /* validate keylen */
  335         if (keylen > SCTP_AUTH_RANDOM_SIZE_MAX)
  336                 keylen = SCTP_AUTH_RANDOM_SIZE_MAX;
  337 
  338         new_key = sctp_alloc_key(keylen);
  339         if (new_key == NULL) {
  340                 /* out of memory */
  341                 return (NULL);
  342         }
  343         SCTP_READ_RANDOM(new_key->key, keylen);
  344         new_key->keylen = keylen;
  345         return (new_key);
  346 }
  347 
  348 sctp_key_t *
  349 sctp_set_key(uint8_t * key, uint32_t keylen)
  350 {
  351         sctp_key_t *new_key;
  352 
  353         new_key = sctp_alloc_key(keylen);
  354         if (new_key == NULL) {
  355                 /* out of memory */
  356                 return (NULL);
  357         }
  358         bcopy(key, new_key->key, keylen);
  359         return (new_key);
  360 }
  361 
  362 /*-
  363  * given two keys of variable size, compute which key is "larger/smaller"
  364  * returns:  1 if key1 > key2
  365  *          -1 if key1 < key2
  366  *           0 if key1 = key2
  367  */
  368 static int
  369 sctp_compare_key(sctp_key_t * key1, sctp_key_t * key2)
  370 {
  371         uint32_t maxlen;
  372         uint32_t i;
  373         uint32_t key1len, key2len;
  374         uint8_t *key_1, *key_2;
  375         uint8_t temp[SCTP_AUTH_RANDOM_SIZE_MAX];
  376 
  377         /* sanity/length check */
  378         key1len = sctp_get_keylen(key1);
  379         key2len = sctp_get_keylen(key2);
  380         if ((key1len == 0) && (key2len == 0))
  381                 return (0);
  382         else if (key1len == 0)
  383                 return (-1);
  384         else if (key2len == 0)
  385                 return (1);
  386 
  387         if (key1len != key2len) {
  388                 if (key1len >= key2len)
  389                         maxlen = key1len;
  390                 else
  391                         maxlen = key2len;
  392                 bzero(temp, maxlen);
  393                 if (key1len < maxlen) {
  394                         /* prepend zeroes to key1 */
  395                         bcopy(key1->key, temp + (maxlen - key1len), key1len);
  396                         key_1 = temp;
  397                         key_2 = key2->key;
  398                 } else {
  399                         /* prepend zeroes to key2 */
  400                         bcopy(key2->key, temp + (maxlen - key2len), key2len);
  401                         key_1 = key1->key;
  402                         key_2 = temp;
  403                 }
  404         } else {
  405                 maxlen = key1len;
  406                 key_1 = key1->key;
  407                 key_2 = key2->key;
  408         }
  409 
  410         for (i = 0; i < maxlen; i++) {
  411                 if (*key_1 > *key_2)
  412                         return (1);
  413                 else if (*key_1 < *key_2)
  414                         return (-1);
  415                 key_1++;
  416                 key_2++;
  417         }
  418 
  419         /* keys are equal value, so check lengths */
  420         if (key1len == key2len)
  421                 return (0);
  422         else if (key1len < key2len)
  423                 return (-1);
  424         else
  425                 return (1);
  426 }
  427 
  428 /*
  429  * generate the concatenated keying material based on the two keys and the
  430  * shared key (if available). draft-ietf-tsvwg-auth specifies the specific
  431  * order for concatenation
  432  */
  433 sctp_key_t *
  434 sctp_compute_hashkey(sctp_key_t * key1, sctp_key_t * key2, sctp_key_t * shared)
  435 {
  436         uint32_t keylen;
  437         sctp_key_t *new_key;
  438         uint8_t *key_ptr;
  439 
  440         keylen = sctp_get_keylen(key1) + sctp_get_keylen(key2) +
  441             sctp_get_keylen(shared);
  442 
  443         if (keylen > 0) {
  444                 /* get space for the new key */
  445                 new_key = sctp_alloc_key(keylen);
  446                 if (new_key == NULL) {
  447                         /* out of memory */
  448                         return (NULL);
  449                 }
  450                 new_key->keylen = keylen;
  451                 key_ptr = new_key->key;
  452         } else {
  453                 /* all keys empty/null?! */
  454                 return (NULL);
  455         }
  456 
  457         /* concatenate the keys */
  458         if (sctp_compare_key(key1, key2) <= 0) {
  459                 /* key is shared + key1 + key2 */
  460                 if (sctp_get_keylen(shared)) {
  461                         bcopy(shared->key, key_ptr, shared->keylen);
  462                         key_ptr += shared->keylen;
  463                 }
  464                 if (sctp_get_keylen(key1)) {
  465                         bcopy(key1->key, key_ptr, key1->keylen);
  466                         key_ptr += key1->keylen;
  467                 }
  468                 if (sctp_get_keylen(key2)) {
  469                         bcopy(key2->key, key_ptr, key2->keylen);
  470                         key_ptr += key2->keylen;
  471                 }
  472         } else {
  473                 /* key is shared + key2 + key1 */
  474                 if (sctp_get_keylen(shared)) {
  475                         bcopy(shared->key, key_ptr, shared->keylen);
  476                         key_ptr += shared->keylen;
  477                 }
  478                 if (sctp_get_keylen(key2)) {
  479                         bcopy(key2->key, key_ptr, key2->keylen);
  480                         key_ptr += key2->keylen;
  481                 }
  482                 if (sctp_get_keylen(key1)) {
  483                         bcopy(key1->key, key_ptr, key1->keylen);
  484                         key_ptr += key1->keylen;
  485                 }
  486         }
  487         return (new_key);
  488 }
  489 
  490 
  491 sctp_sharedkey_t *
  492 sctp_alloc_sharedkey(void)
  493 {
  494         sctp_sharedkey_t *new_key;
  495 
  496         SCTP_MALLOC(new_key, sctp_sharedkey_t *, sizeof(*new_key),
  497             SCTP_M_AUTH_KY);
  498         if (new_key == NULL) {
  499                 /* out of memory */
  500                 return (NULL);
  501         }
  502         new_key->keyid = 0;
  503         new_key->key = NULL;
  504         new_key->refcount = 1;
  505         new_key->deactivated = 0;
  506         return (new_key);
  507 }
  508 
  509 void
  510 sctp_free_sharedkey(sctp_sharedkey_t * skey)
  511 {
  512         if (skey == NULL)
  513                 return;
  514 
  515         if (SCTP_DECREMENT_AND_CHECK_REFCOUNT(&skey->refcount)) {
  516                 if (skey->key != NULL)
  517                         sctp_free_key(skey->key);
  518                 SCTP_FREE(skey, SCTP_M_AUTH_KY);
  519         }
  520 }
  521 
  522 sctp_sharedkey_t *
  523 sctp_find_sharedkey(struct sctp_keyhead *shared_keys, uint16_t key_id)
  524 {
  525         sctp_sharedkey_t *skey;
  526 
  527         LIST_FOREACH(skey, shared_keys, next) {
  528                 if (skey->keyid == key_id)
  529                         return (skey);
  530         }
  531         return (NULL);
  532 }
  533 
  534 int
  535 sctp_insert_sharedkey(struct sctp_keyhead *shared_keys,
  536     sctp_sharedkey_t * new_skey)
  537 {
  538         sctp_sharedkey_t *skey;
  539 
  540         if ((shared_keys == NULL) || (new_skey == NULL))
  541                 return (EINVAL);
  542 
  543         /* insert into an empty list? */
  544         if (LIST_EMPTY(shared_keys)) {
  545                 LIST_INSERT_HEAD(shared_keys, new_skey, next);
  546                 return (0);
  547         }
  548         /* insert into the existing list, ordered by key id */
  549         LIST_FOREACH(skey, shared_keys, next) {
  550                 if (new_skey->keyid < skey->keyid) {
  551                         /* insert it before here */
  552                         LIST_INSERT_BEFORE(skey, new_skey, next);
  553                         return (0);
  554                 } else if (new_skey->keyid == skey->keyid) {
  555                         /* replace the existing key */
  556                         /* verify this key *can* be replaced */
  557                         if ((skey->deactivated) && (skey->refcount > 1)) {
  558                                 SCTPDBG(SCTP_DEBUG_AUTH1,
  559                                     "can't replace shared key id %u\n",
  560                                     new_skey->keyid);
  561                                 return (EBUSY);
  562                         }
  563                         SCTPDBG(SCTP_DEBUG_AUTH1,
  564                             "replacing shared key id %u\n",
  565                             new_skey->keyid);
  566                         LIST_INSERT_BEFORE(skey, new_skey, next);
  567                         LIST_REMOVE(skey, next);
  568                         sctp_free_sharedkey(skey);
  569                         return (0);
  570                 }
  571                 if (LIST_NEXT(skey, next) == NULL) {
  572                         /* belongs at the end of the list */
  573                         LIST_INSERT_AFTER(skey, new_skey, next);
  574                         return (0);
  575                 }
  576         }
  577         /* shouldn't reach here */
  578         return (0);
  579 }
  580 
  581 void
  582 sctp_auth_key_acquire(struct sctp_tcb *stcb, uint16_t key_id)
  583 {
  584         sctp_sharedkey_t *skey;
  585 
  586         /* find the shared key */
  587         skey = sctp_find_sharedkey(&stcb->asoc.shared_keys, key_id);
  588 
  589         /* bump the ref count */
  590         if (skey) {
  591                 atomic_add_int(&skey->refcount, 1);
  592                 SCTPDBG(SCTP_DEBUG_AUTH2,
  593                     "%s: stcb %p key %u refcount acquire to %d\n",
  594                     __FUNCTION__, stcb, key_id, skey->refcount);
  595         }
  596 }
  597 
  598 void
  599 sctp_auth_key_release(struct sctp_tcb *stcb, uint16_t key_id)
  600 {
  601         sctp_sharedkey_t *skey;
  602 
  603         /* find the shared key */
  604         skey = sctp_find_sharedkey(&stcb->asoc.shared_keys, key_id);
  605 
  606         /* decrement the ref count */
  607         if (skey) {
  608                 sctp_free_sharedkey(skey);
  609                 SCTPDBG(SCTP_DEBUG_AUTH2,
  610                     "%s: stcb %p key %u refcount release to %d\n",
  611                     __FUNCTION__, stcb, key_id, skey->refcount);
  612 
  613                 /* see if a notification should be generated */
  614                 if ((skey->refcount <= 1) && (skey->deactivated)) {
  615                         /* notify ULP that key is no longer used */
  616                         sctp_ulp_notify(SCTP_NOTIFY_AUTH_FREE_KEY, stcb,
  617                             key_id, 0, SCTP_SO_LOCKED);
  618                         SCTPDBG(SCTP_DEBUG_AUTH2,
  619                             "%s: stcb %p key %u no longer used, %d\n",
  620                             __FUNCTION__, stcb, key_id, skey->refcount);
  621                 }
  622         }
  623 }
  624 
  625 static sctp_sharedkey_t *
  626 sctp_copy_sharedkey(const sctp_sharedkey_t * skey)
  627 {
  628         sctp_sharedkey_t *new_skey;
  629 
  630         if (skey == NULL)
  631                 return (NULL);
  632         new_skey = sctp_alloc_sharedkey();
  633         if (new_skey == NULL)
  634                 return (NULL);
  635         if (skey->key != NULL)
  636                 new_skey->key = sctp_set_key(skey->key->key, skey->key->keylen);
  637         else
  638                 new_skey->key = NULL;
  639         new_skey->keyid = skey->keyid;
  640         return (new_skey);
  641 }
  642 
  643 int
  644 sctp_copy_skeylist(const struct sctp_keyhead *src, struct sctp_keyhead *dest)
  645 {
  646         sctp_sharedkey_t *skey, *new_skey;
  647         int count = 0;
  648 
  649         if ((src == NULL) || (dest == NULL))
  650                 return (0);
  651         LIST_FOREACH(skey, src, next) {
  652                 new_skey = sctp_copy_sharedkey(skey);
  653                 if (new_skey != NULL) {
  654                         (void)sctp_insert_sharedkey(dest, new_skey);
  655                         count++;
  656                 }
  657         }
  658         return (count);
  659 }
  660 
  661 
  662 sctp_hmaclist_t *
  663 sctp_alloc_hmaclist(uint8_t num_hmacs)
  664 {
  665         sctp_hmaclist_t *new_list;
  666         int alloc_size;
  667 
  668         alloc_size = sizeof(*new_list) + num_hmacs * sizeof(new_list->hmac[0]);
  669         SCTP_MALLOC(new_list, sctp_hmaclist_t *, alloc_size,
  670             SCTP_M_AUTH_HL);
  671         if (new_list == NULL) {
  672                 /* out of memory */
  673                 return (NULL);
  674         }
  675         new_list->max_algo = num_hmacs;
  676         new_list->num_algo = 0;
  677         return (new_list);
  678 }
  679 
  680 void
  681 sctp_free_hmaclist(sctp_hmaclist_t * list)
  682 {
  683         if (list != NULL) {
  684                 SCTP_FREE(list, SCTP_M_AUTH_HL);
  685                 list = NULL;
  686         }
  687 }
  688 
  689 int
  690 sctp_auth_add_hmacid(sctp_hmaclist_t * list, uint16_t hmac_id)
  691 {
  692         int i;
  693 
  694         if (list == NULL)
  695                 return (-1);
  696         if (list->num_algo == list->max_algo) {
  697                 SCTPDBG(SCTP_DEBUG_AUTH1,
  698                     "SCTP: HMAC id list full, ignoring add %u\n", hmac_id);
  699                 return (-1);
  700         }
  701         if ((hmac_id != SCTP_AUTH_HMAC_ID_SHA1) &&
  702 #ifdef HAVE_SHA224
  703             (hmac_id != SCTP_AUTH_HMAC_ID_SHA224) &&
  704 #endif
  705 #ifdef HAVE_SHA2
  706             (hmac_id != SCTP_AUTH_HMAC_ID_SHA256) &&
  707             (hmac_id != SCTP_AUTH_HMAC_ID_SHA384) &&
  708             (hmac_id != SCTP_AUTH_HMAC_ID_SHA512) &&
  709 #endif
  710             1) {
  711                 return (-1);
  712         }
  713         /* Now is it already in the list */
  714         for (i = 0; i < list->num_algo; i++) {
  715                 if (list->hmac[i] == hmac_id) {
  716                         /* already in list */
  717                         return (-1);
  718                 }
  719         }
  720         SCTPDBG(SCTP_DEBUG_AUTH1, "SCTP: add HMAC id %u to list\n", hmac_id);
  721         list->hmac[list->num_algo++] = hmac_id;
  722         return (0);
  723 }
  724 
  725 sctp_hmaclist_t *
  726 sctp_copy_hmaclist(sctp_hmaclist_t * list)
  727 {
  728         sctp_hmaclist_t *new_list;
  729         int i;
  730 
  731         if (list == NULL)
  732                 return (NULL);
  733         /* get a new list */
  734         new_list = sctp_alloc_hmaclist(list->max_algo);
  735         if (new_list == NULL)
  736                 return (NULL);
  737         /* copy it */
  738         new_list->max_algo = list->max_algo;
  739         new_list->num_algo = list->num_algo;
  740         for (i = 0; i < list->num_algo; i++)
  741                 new_list->hmac[i] = list->hmac[i];
  742         return (new_list);
  743 }
  744 
  745 sctp_hmaclist_t *
  746 sctp_default_supported_hmaclist(void)
  747 {
  748         sctp_hmaclist_t *new_list;
  749 
  750         new_list = sctp_alloc_hmaclist(2);
  751         if (new_list == NULL)
  752                 return (NULL);
  753         (void)sctp_auth_add_hmacid(new_list, SCTP_AUTH_HMAC_ID_SHA1);
  754         (void)sctp_auth_add_hmacid(new_list, SCTP_AUTH_HMAC_ID_SHA256);
  755         return (new_list);
  756 }
  757 
  758 /*-
  759  * HMAC algos are listed in priority/preference order
  760  * find the best HMAC id to use for the peer based on local support
  761  */
  762 uint16_t
  763 sctp_negotiate_hmacid(sctp_hmaclist_t * peer, sctp_hmaclist_t * local)
  764 {
  765         int i, j;
  766 
  767         if ((local == NULL) || (peer == NULL))
  768                 return (SCTP_AUTH_HMAC_ID_RSVD);
  769 
  770         for (i = 0; i < peer->num_algo; i++) {
  771                 for (j = 0; j < local->num_algo; j++) {
  772                         if (peer->hmac[i] == local->hmac[j]) {
  773                                 /* found the "best" one */
  774                                 SCTPDBG(SCTP_DEBUG_AUTH1,
  775                                     "SCTP: negotiated peer HMAC id %u\n",
  776                                     peer->hmac[i]);
  777                                 return (peer->hmac[i]);
  778                         }
  779                 }
  780         }
  781         /* didn't find one! */
  782         return (SCTP_AUTH_HMAC_ID_RSVD);
  783 }
  784 
  785 /*-
  786  * serialize the HMAC algo list and return space used
  787  * caller must guarantee ptr has appropriate space
  788  */
  789 int
  790 sctp_serialize_hmaclist(sctp_hmaclist_t * list, uint8_t * ptr)
  791 {
  792         int i;
  793         uint16_t hmac_id;
  794 
  795         if (list == NULL)
  796                 return (0);
  797 
  798         for (i = 0; i < list->num_algo; i++) {
  799                 hmac_id = htons(list->hmac[i]);
  800                 bcopy(&hmac_id, ptr, sizeof(hmac_id));
  801                 ptr += sizeof(hmac_id);
  802         }
  803         return (list->num_algo * sizeof(hmac_id));
  804 }
  805 
  806 int
  807 sctp_verify_hmac_param(struct sctp_auth_hmac_algo *hmacs, uint32_t num_hmacs)
  808 {
  809         uint32_t i;
  810         uint16_t hmac_id;
  811         uint32_t sha1_supported = 0;
  812 
  813         for (i = 0; i < num_hmacs; i++) {
  814                 hmac_id = ntohs(hmacs->hmac_ids[i]);
  815                 if (hmac_id == SCTP_AUTH_HMAC_ID_SHA1)
  816                         sha1_supported = 1;
  817         }
  818         /* all HMAC id's are supported */
  819         if (sha1_supported == 0)
  820                 return (-1);
  821         else
  822                 return (0);
  823 }
  824 
  825 sctp_authinfo_t *
  826 sctp_alloc_authinfo(void)
  827 {
  828         sctp_authinfo_t *new_authinfo;
  829 
  830         SCTP_MALLOC(new_authinfo, sctp_authinfo_t *, sizeof(*new_authinfo),
  831             SCTP_M_AUTH_IF);
  832 
  833         if (new_authinfo == NULL) {
  834                 /* out of memory */
  835                 return (NULL);
  836         }
  837         bzero(new_authinfo, sizeof(*new_authinfo));
  838         return (new_authinfo);
  839 }
  840 
  841 void
  842 sctp_free_authinfo(sctp_authinfo_t * authinfo)
  843 {
  844         if (authinfo == NULL)
  845                 return;
  846 
  847         if (authinfo->random != NULL)
  848                 sctp_free_key(authinfo->random);
  849         if (authinfo->peer_random != NULL)
  850                 sctp_free_key(authinfo->peer_random);
  851         if (authinfo->assoc_key != NULL)
  852                 sctp_free_key(authinfo->assoc_key);
  853         if (authinfo->recv_key != NULL)
  854                 sctp_free_key(authinfo->recv_key);
  855 
  856         /* We are NOT dynamically allocating authinfo's right now... */
  857         /* SCTP_FREE(authinfo, SCTP_M_AUTH_??); */
  858 }
  859 
  860 
  861 uint32_t
  862 sctp_get_auth_chunk_len(uint16_t hmac_algo)
  863 {
  864         int size;
  865 
  866         size = sizeof(struct sctp_auth_chunk) + sctp_get_hmac_digest_len(hmac_algo);
  867         return (SCTP_SIZE32(size));
  868 }
  869 
  870 uint32_t
  871 sctp_get_hmac_digest_len(uint16_t hmac_algo)
  872 {
  873         switch (hmac_algo) {
  874         case SCTP_AUTH_HMAC_ID_SHA1:
  875                 return (SCTP_AUTH_DIGEST_LEN_SHA1);
  876 #ifdef HAVE_SHA224
  877         case SCTP_AUTH_HMAC_ID_SHA224:
  878                 return (SCTP_AUTH_DIGEST_LEN_SHA224);
  879 #endif
  880 #ifdef HAVE_SHA2
  881         case SCTP_AUTH_HMAC_ID_SHA256:
  882                 return (SCTP_AUTH_DIGEST_LEN_SHA256);
  883         case SCTP_AUTH_HMAC_ID_SHA384:
  884                 return (SCTP_AUTH_DIGEST_LEN_SHA384);
  885         case SCTP_AUTH_HMAC_ID_SHA512:
  886                 return (SCTP_AUTH_DIGEST_LEN_SHA512);
  887 #endif
  888         default:
  889                 /* unknown HMAC algorithm: can't do anything */
  890                 return (0);
  891         }                       /* end switch */
  892 }
  893 
  894 static inline int
  895 sctp_get_hmac_block_len(uint16_t hmac_algo)
  896 {
  897         switch (hmac_algo) {
  898         case SCTP_AUTH_HMAC_ID_SHA1:
  899 #ifdef HAVE_SHA224
  900         case SCTP_AUTH_HMAC_ID_SHA224:
  901 #endif
  902                 return (64);
  903 #ifdef HAVE_SHA2
  904         case SCTP_AUTH_HMAC_ID_SHA256:
  905                 return (64);
  906         case SCTP_AUTH_HMAC_ID_SHA384:
  907         case SCTP_AUTH_HMAC_ID_SHA512:
  908                 return (128);
  909 #endif
  910         case SCTP_AUTH_HMAC_ID_RSVD:
  911         default:
  912                 /* unknown HMAC algorithm: can't do anything */
  913                 return (0);
  914         }                       /* end switch */
  915 }
  916 
  917 static void
  918 sctp_hmac_init(uint16_t hmac_algo, sctp_hash_context_t * ctx)
  919 {
  920         switch (hmac_algo) {
  921         case SCTP_AUTH_HMAC_ID_SHA1:
  922                 SHA1_Init(&ctx->sha1);
  923                 break;
  924 #ifdef HAVE_SHA224
  925         case SCTP_AUTH_HMAC_ID_SHA224:
  926                 break;
  927 #endif
  928 #ifdef HAVE_SHA2
  929         case SCTP_AUTH_HMAC_ID_SHA256:
  930                 SHA256_Init(&ctx->sha256);
  931                 break;
  932         case SCTP_AUTH_HMAC_ID_SHA384:
  933                 SHA384_Init(&ctx->sha384);
  934                 break;
  935         case SCTP_AUTH_HMAC_ID_SHA512:
  936                 SHA512_Init(&ctx->sha512);
  937                 break;
  938 #endif
  939         case SCTP_AUTH_HMAC_ID_RSVD:
  940         default:
  941                 /* unknown HMAC algorithm: can't do anything */
  942                 return;
  943         }                       /* end switch */
  944 }
  945 
  946 static void
  947 sctp_hmac_update(uint16_t hmac_algo, sctp_hash_context_t * ctx,
  948     uint8_t * text, uint32_t textlen)
  949 {
  950         switch (hmac_algo) {
  951         case SCTP_AUTH_HMAC_ID_SHA1:
  952                 SHA1_Update(&ctx->sha1, text, textlen);
  953                 break;
  954 #ifdef HAVE_SHA224
  955         case SCTP_AUTH_HMAC_ID_SHA224:
  956                 break;
  957 #endif
  958 #ifdef HAVE_SHA2
  959         case SCTP_AUTH_HMAC_ID_SHA256:
  960                 SHA256_Update(&ctx->sha256, text, textlen);
  961                 break;
  962         case SCTP_AUTH_HMAC_ID_SHA384:
  963                 SHA384_Update(&ctx->sha384, text, textlen);
  964                 break;
  965         case SCTP_AUTH_HMAC_ID_SHA512:
  966                 SHA512_Update(&ctx->sha512, text, textlen);
  967                 break;
  968 #endif
  969         case SCTP_AUTH_HMAC_ID_RSVD:
  970         default:
  971                 /* unknown HMAC algorithm: can't do anything */
  972                 return;
  973         }                       /* end switch */
  974 }
  975 
  976 static void
  977 sctp_hmac_final(uint16_t hmac_algo, sctp_hash_context_t * ctx,
  978     uint8_t * digest)
  979 {
  980         switch (hmac_algo) {
  981         case SCTP_AUTH_HMAC_ID_SHA1:
  982                 SHA1_Final(digest, &ctx->sha1);
  983                 break;
  984 #ifdef HAVE_SHA224
  985         case SCTP_AUTH_HMAC_ID_SHA224:
  986                 break;
  987 #endif
  988 #ifdef HAVE_SHA2
  989         case SCTP_AUTH_HMAC_ID_SHA256:
  990                 SHA256_Final(digest, &ctx->sha256);
  991                 break;
  992         case SCTP_AUTH_HMAC_ID_SHA384:
  993                 /* SHA384 is truncated SHA512 */
  994                 SHA384_Final(digest, &ctx->sha384);
  995                 break;
  996         case SCTP_AUTH_HMAC_ID_SHA512:
  997                 SHA512_Final(digest, &ctx->sha512);
  998                 break;
  999 #endif
 1000         case SCTP_AUTH_HMAC_ID_RSVD:
 1001         default:
 1002                 /* unknown HMAC algorithm: can't do anything */
 1003                 return;
 1004         }                       /* end switch */
 1005 }
 1006 
 1007 /*-
 1008  * Keyed-Hashing for Message Authentication: FIPS 198 (RFC 2104)
 1009  *
 1010  * Compute the HMAC digest using the desired hash key, text, and HMAC
 1011  * algorithm.  Resulting digest is placed in 'digest' and digest length
 1012  * is returned, if the HMAC was performed.
 1013  *
 1014  * WARNING: it is up to the caller to supply sufficient space to hold the
 1015  * resultant digest.
 1016  */
 1017 uint32_t
 1018 sctp_hmac(uint16_t hmac_algo, uint8_t * key, uint32_t keylen,
 1019     uint8_t * text, uint32_t textlen, uint8_t * digest)
 1020 {
 1021         uint32_t digestlen;
 1022         uint32_t blocklen;
 1023         sctp_hash_context_t ctx;
 1024         uint8_t ipad[128], opad[128];   /* keyed hash inner/outer pads */
 1025         uint8_t temp[SCTP_AUTH_DIGEST_LEN_MAX];
 1026         uint32_t i;
 1027 
 1028         /* sanity check the material and length */
 1029         if ((key == NULL) || (keylen == 0) || (text == NULL) ||
 1030             (textlen == 0) || (digest == NULL)) {
 1031                 /* can't do HMAC with empty key or text or digest store */
 1032                 return (0);
 1033         }
 1034         /* validate the hmac algo and get the digest length */
 1035         digestlen = sctp_get_hmac_digest_len(hmac_algo);
 1036         if (digestlen == 0)
 1037                 return (0);
 1038 
 1039         /* hash the key if it is longer than the hash block size */
 1040         blocklen = sctp_get_hmac_block_len(hmac_algo);
 1041         if (keylen > blocklen) {
 1042                 sctp_hmac_init(hmac_algo, &ctx);
 1043                 sctp_hmac_update(hmac_algo, &ctx, key, keylen);
 1044                 sctp_hmac_final(hmac_algo, &ctx, temp);
 1045                 /* set the hashed key as the key */
 1046                 keylen = digestlen;
 1047                 key = temp;
 1048         }
 1049         /* initialize the inner/outer pads with the key and "append" zeroes */
 1050         bzero(ipad, blocklen);
 1051         bzero(opad, blocklen);
 1052         bcopy(key, ipad, keylen);
 1053         bcopy(key, opad, keylen);
 1054 
 1055         /* XOR the key with ipad and opad values */
 1056         for (i = 0; i < blocklen; i++) {
 1057                 ipad[i] ^= 0x36;
 1058                 opad[i] ^= 0x5c;
 1059         }
 1060 
 1061         /* perform inner hash */
 1062         sctp_hmac_init(hmac_algo, &ctx);
 1063         sctp_hmac_update(hmac_algo, &ctx, ipad, blocklen);
 1064         sctp_hmac_update(hmac_algo, &ctx, text, textlen);
 1065         sctp_hmac_final(hmac_algo, &ctx, temp);
 1066 
 1067         /* perform outer hash */
 1068         sctp_hmac_init(hmac_algo, &ctx);
 1069         sctp_hmac_update(hmac_algo, &ctx, opad, blocklen);
 1070         sctp_hmac_update(hmac_algo, &ctx, temp, digestlen);
 1071         sctp_hmac_final(hmac_algo, &ctx, digest);
 1072 
 1073         return (digestlen);
 1074 }
 1075 
 1076 /* mbuf version */
 1077 uint32_t
 1078 sctp_hmac_m(uint16_t hmac_algo, uint8_t * key, uint32_t keylen,
 1079     struct mbuf *m, uint32_t m_offset, uint8_t * digest, uint32_t trailer)
 1080 {
 1081         uint32_t digestlen;
 1082         uint32_t blocklen;
 1083         sctp_hash_context_t ctx;
 1084         uint8_t ipad[128], opad[128];   /* keyed hash inner/outer pads */
 1085         uint8_t temp[SCTP_AUTH_DIGEST_LEN_MAX];
 1086         uint32_t i;
 1087         struct mbuf *m_tmp;
 1088 
 1089         /* sanity check the material and length */
 1090         if ((key == NULL) || (keylen == 0) || (m == NULL) || (digest == NULL)) {
 1091                 /* can't do HMAC with empty key or text or digest store */
 1092                 return (0);
 1093         }
 1094         /* validate the hmac algo and get the digest length */
 1095         digestlen = sctp_get_hmac_digest_len(hmac_algo);
 1096         if (digestlen == 0)
 1097                 return (0);
 1098 
 1099         /* hash the key if it is longer than the hash block size */
 1100         blocklen = sctp_get_hmac_block_len(hmac_algo);
 1101         if (keylen > blocklen) {
 1102                 sctp_hmac_init(hmac_algo, &ctx);
 1103                 sctp_hmac_update(hmac_algo, &ctx, key, keylen);
 1104                 sctp_hmac_final(hmac_algo, &ctx, temp);
 1105                 /* set the hashed key as the key */
 1106                 keylen = digestlen;
 1107                 key = temp;
 1108         }
 1109         /* initialize the inner/outer pads with the key and "append" zeroes */
 1110         bzero(ipad, blocklen);
 1111         bzero(opad, blocklen);
 1112         bcopy(key, ipad, keylen);
 1113         bcopy(key, opad, keylen);
 1114 
 1115         /* XOR the key with ipad and opad values */
 1116         for (i = 0; i < blocklen; i++) {
 1117                 ipad[i] ^= 0x36;
 1118                 opad[i] ^= 0x5c;
 1119         }
 1120 
 1121         /* perform inner hash */
 1122         sctp_hmac_init(hmac_algo, &ctx);
 1123         sctp_hmac_update(hmac_algo, &ctx, ipad, blocklen);
 1124         /* find the correct starting mbuf and offset (get start of text) */
 1125         m_tmp = m;
 1126         while ((m_tmp != NULL) && (m_offset >= (uint32_t) SCTP_BUF_LEN(m_tmp))) {
 1127                 m_offset -= SCTP_BUF_LEN(m_tmp);
 1128                 m_tmp = SCTP_BUF_NEXT(m_tmp);
 1129         }
 1130         /* now use the rest of the mbuf chain for the text */
 1131         while (m_tmp != NULL) {
 1132                 if ((SCTP_BUF_NEXT(m_tmp) == NULL) && trailer) {
 1133                         sctp_hmac_update(hmac_algo, &ctx, mtod(m_tmp, uint8_t *) + m_offset,
 1134                             SCTP_BUF_LEN(m_tmp) - (trailer + m_offset));
 1135                 } else {
 1136                         sctp_hmac_update(hmac_algo, &ctx, mtod(m_tmp, uint8_t *) + m_offset,
 1137                             SCTP_BUF_LEN(m_tmp) - m_offset);
 1138                 }
 1139 
 1140                 /* clear the offset since it's only for the first mbuf */
 1141                 m_offset = 0;
 1142                 m_tmp = SCTP_BUF_NEXT(m_tmp);
 1143         }
 1144         sctp_hmac_final(hmac_algo, &ctx, temp);
 1145 
 1146         /* perform outer hash */
 1147         sctp_hmac_init(hmac_algo, &ctx);
 1148         sctp_hmac_update(hmac_algo, &ctx, opad, blocklen);
 1149         sctp_hmac_update(hmac_algo, &ctx, temp, digestlen);
 1150         sctp_hmac_final(hmac_algo, &ctx, digest);
 1151 
 1152         return (digestlen);
 1153 }
 1154 
 1155 /*-
 1156  * verify the HMAC digest using the desired hash key, text, and HMAC
 1157  * algorithm.
 1158  * Returns -1 on error, 0 on success.
 1159  */
 1160 int
 1161 sctp_verify_hmac(uint16_t hmac_algo, uint8_t * key, uint32_t keylen,
 1162     uint8_t * text, uint32_t textlen,
 1163     uint8_t * digest, uint32_t digestlen)
 1164 {
 1165         uint32_t len;
 1166         uint8_t temp[SCTP_AUTH_DIGEST_LEN_MAX];
 1167 
 1168         /* sanity check the material and length */
 1169         if ((key == NULL) || (keylen == 0) ||
 1170             (text == NULL) || (textlen == 0) || (digest == NULL)) {
 1171                 /* can't do HMAC with empty key or text or digest */
 1172                 return (-1);
 1173         }
 1174         len = sctp_get_hmac_digest_len(hmac_algo);
 1175         if ((len == 0) || (digestlen != len))
 1176                 return (-1);
 1177 
 1178         /* compute the expected hash */
 1179         if (sctp_hmac(hmac_algo, key, keylen, text, textlen, temp) != len)
 1180                 return (-1);
 1181 
 1182         if (memcmp(digest, temp, digestlen) != 0)
 1183                 return (-1);
 1184         else
 1185                 return (0);
 1186 }
 1187 
 1188 
 1189 /*
 1190  * computes the requested HMAC using a key struct (which may be modified if
 1191  * the keylen exceeds the HMAC block len).
 1192  */
 1193 uint32_t
 1194 sctp_compute_hmac(uint16_t hmac_algo, sctp_key_t * key, uint8_t * text,
 1195     uint32_t textlen, uint8_t * digest)
 1196 {
 1197         uint32_t digestlen;
 1198         uint32_t blocklen;
 1199         sctp_hash_context_t ctx;
 1200         uint8_t temp[SCTP_AUTH_DIGEST_LEN_MAX];
 1201 
 1202         /* sanity check */
 1203         if ((key == NULL) || (text == NULL) || (textlen == 0) ||
 1204             (digest == NULL)) {
 1205                 /* can't do HMAC with empty key or text or digest store */
 1206                 return (0);
 1207         }
 1208         /* validate the hmac algo and get the digest length */
 1209         digestlen = sctp_get_hmac_digest_len(hmac_algo);
 1210         if (digestlen == 0)
 1211                 return (0);
 1212 
 1213         /* hash the key if it is longer than the hash block size */
 1214         blocklen = sctp_get_hmac_block_len(hmac_algo);
 1215         if (key->keylen > blocklen) {
 1216                 sctp_hmac_init(hmac_algo, &ctx);
 1217                 sctp_hmac_update(hmac_algo, &ctx, key->key, key->keylen);
 1218                 sctp_hmac_final(hmac_algo, &ctx, temp);
 1219                 /* save the hashed key as the new key */
 1220                 key->keylen = digestlen;
 1221                 bcopy(temp, key->key, key->keylen);
 1222         }
 1223         return (sctp_hmac(hmac_algo, key->key, key->keylen, text, textlen,
 1224             digest));
 1225 }
 1226 
 1227 /* mbuf version */
 1228 uint32_t
 1229 sctp_compute_hmac_m(uint16_t hmac_algo, sctp_key_t * key, struct mbuf *m,
 1230     uint32_t m_offset, uint8_t * digest)
 1231 {
 1232         uint32_t digestlen;
 1233         uint32_t blocklen;
 1234         sctp_hash_context_t ctx;
 1235         uint8_t temp[SCTP_AUTH_DIGEST_LEN_MAX];
 1236 
 1237         /* sanity check */
 1238         if ((key == NULL) || (m == NULL) || (digest == NULL)) {
 1239                 /* can't do HMAC with empty key or text or digest store */
 1240                 return (0);
 1241         }
 1242         /* validate the hmac algo and get the digest length */
 1243         digestlen = sctp_get_hmac_digest_len(hmac_algo);
 1244         if (digestlen == 0)
 1245                 return (0);
 1246 
 1247         /* hash the key if it is longer than the hash block size */
 1248         blocklen = sctp_get_hmac_block_len(hmac_algo);
 1249         if (key->keylen > blocklen) {
 1250                 sctp_hmac_init(hmac_algo, &ctx);
 1251                 sctp_hmac_update(hmac_algo, &ctx, key->key, key->keylen);
 1252                 sctp_hmac_final(hmac_algo, &ctx, temp);
 1253                 /* save the hashed key as the new key */
 1254                 key->keylen = digestlen;
 1255                 bcopy(temp, key->key, key->keylen);
 1256         }
 1257         return (sctp_hmac_m(hmac_algo, key->key, key->keylen, m, m_offset, digest, 0));
 1258 }
 1259 
 1260 int
 1261 sctp_auth_is_supported_hmac(sctp_hmaclist_t * list, uint16_t id)
 1262 {
 1263         int i;
 1264 
 1265         if ((list == NULL) || (id == SCTP_AUTH_HMAC_ID_RSVD))
 1266                 return (0);
 1267 
 1268         for (i = 0; i < list->num_algo; i++)
 1269                 if (list->hmac[i] == id)
 1270                         return (1);
 1271 
 1272         /* not in the list */
 1273         return (0);
 1274 }
 1275 
 1276 
 1277 /*-
 1278  * clear any cached key(s) if they match the given key id on an association.
 1279  * the cached key(s) will be recomputed and re-cached at next use.
 1280  * ASSUMES TCB_LOCK is already held
 1281  */
 1282 void
 1283 sctp_clear_cachedkeys(struct sctp_tcb *stcb, uint16_t keyid)
 1284 {
 1285         if (stcb == NULL)
 1286                 return;
 1287 
 1288         if (keyid == stcb->asoc.authinfo.assoc_keyid) {
 1289                 sctp_free_key(stcb->asoc.authinfo.assoc_key);
 1290                 stcb->asoc.authinfo.assoc_key = NULL;
 1291         }
 1292         if (keyid == stcb->asoc.authinfo.recv_keyid) {
 1293                 sctp_free_key(stcb->asoc.authinfo.recv_key);
 1294                 stcb->asoc.authinfo.recv_key = NULL;
 1295         }
 1296 }
 1297 
 1298 /*-
 1299  * clear any cached key(s) if they match the given key id for all assocs on
 1300  * an endpoint.
 1301  * ASSUMES INP_WLOCK is already held
 1302  */
 1303 void
 1304 sctp_clear_cachedkeys_ep(struct sctp_inpcb *inp, uint16_t keyid)
 1305 {
 1306         struct sctp_tcb *stcb;
 1307 
 1308         if (inp == NULL)
 1309                 return;
 1310 
 1311         /* clear the cached keys on all assocs on this instance */
 1312         LIST_FOREACH(stcb, &inp->sctp_asoc_list, sctp_tcblist) {
 1313                 SCTP_TCB_LOCK(stcb);
 1314                 sctp_clear_cachedkeys(stcb, keyid);
 1315                 SCTP_TCB_UNLOCK(stcb);
 1316         }
 1317 }
 1318 
 1319 /*-
 1320  * delete a shared key from an association
 1321  * ASSUMES TCB_LOCK is already held
 1322  */
 1323 int
 1324 sctp_delete_sharedkey(struct sctp_tcb *stcb, uint16_t keyid)
 1325 {
 1326         sctp_sharedkey_t *skey;
 1327 
 1328         if (stcb == NULL)
 1329                 return (-1);
 1330 
 1331         /* is the keyid the assoc active sending key */
 1332         if (keyid == stcb->asoc.authinfo.active_keyid)
 1333                 return (-1);
 1334 
 1335         /* does the key exist? */
 1336         skey = sctp_find_sharedkey(&stcb->asoc.shared_keys, keyid);
 1337         if (skey == NULL)
 1338                 return (-1);
 1339 
 1340         /* are there other refcount holders on the key? */
 1341         if (skey->refcount > 1)
 1342                 return (-1);
 1343 
 1344         /* remove it */
 1345         LIST_REMOVE(skey, next);
 1346         sctp_free_sharedkey(skey);      /* frees skey->key as well */
 1347 
 1348         /* clear any cached keys */
 1349         sctp_clear_cachedkeys(stcb, keyid);
 1350         return (0);
 1351 }
 1352 
 1353 /*-
 1354  * deletes a shared key from the endpoint
 1355  * ASSUMES INP_WLOCK is already held
 1356  */
 1357 int
 1358 sctp_delete_sharedkey_ep(struct sctp_inpcb *inp, uint16_t keyid)
 1359 {
 1360         sctp_sharedkey_t *skey;
 1361 
 1362         if (inp == NULL)
 1363                 return (-1);
 1364 
 1365         /* is the keyid the active sending key on the endpoint */
 1366         if (keyid == inp->sctp_ep.default_keyid)
 1367                 return (-1);
 1368 
 1369         /* does the key exist? */
 1370         skey = sctp_find_sharedkey(&inp->sctp_ep.shared_keys, keyid);
 1371         if (skey == NULL)
 1372                 return (-1);
 1373 
 1374         /* endpoint keys are not refcounted */
 1375 
 1376         /* remove it */
 1377         LIST_REMOVE(skey, next);
 1378         sctp_free_sharedkey(skey);      /* frees skey->key as well */
 1379 
 1380         /* clear any cached keys */
 1381         sctp_clear_cachedkeys_ep(inp, keyid);
 1382         return (0);
 1383 }
 1384 
 1385 /*-
 1386  * set the active key on an association
 1387  * ASSUMES TCB_LOCK is already held
 1388  */
 1389 int
 1390 sctp_auth_setactivekey(struct sctp_tcb *stcb, uint16_t keyid)
 1391 {
 1392         sctp_sharedkey_t *skey = NULL;
 1393 
 1394         /* find the key on the assoc */
 1395         skey = sctp_find_sharedkey(&stcb->asoc.shared_keys, keyid);
 1396         if (skey == NULL) {
 1397                 /* that key doesn't exist */
 1398                 return (-1);
 1399         }
 1400         if ((skey->deactivated) && (skey->refcount > 1)) {
 1401                 /* can't reactivate a deactivated key with other refcounts */
 1402                 return (-1);
 1403         }
 1404         /* set the (new) active key */
 1405         stcb->asoc.authinfo.active_keyid = keyid;
 1406         /* reset the deactivated flag */
 1407         skey->deactivated = 0;
 1408 
 1409         return (0);
 1410 }
 1411 
 1412 /*-
 1413  * set the active key on an endpoint
 1414  * ASSUMES INP_WLOCK is already held
 1415  */
 1416 int
 1417 sctp_auth_setactivekey_ep(struct sctp_inpcb *inp, uint16_t keyid)
 1418 {
 1419         sctp_sharedkey_t *skey;
 1420 
 1421         /* find the key */
 1422         skey = sctp_find_sharedkey(&inp->sctp_ep.shared_keys, keyid);
 1423         if (skey == NULL) {
 1424                 /* that key doesn't exist */
 1425                 return (-1);
 1426         }
 1427         inp->sctp_ep.default_keyid = keyid;
 1428         return (0);
 1429 }
 1430 
 1431 /*-
 1432  * deactivates a shared key from the association
 1433  * ASSUMES INP_WLOCK is already held
 1434  */
 1435 int
 1436 sctp_deact_sharedkey(struct sctp_tcb *stcb, uint16_t keyid)
 1437 {
 1438         sctp_sharedkey_t *skey;
 1439 
 1440         if (stcb == NULL)
 1441                 return (-1);
 1442 
 1443         /* is the keyid the assoc active sending key */
 1444         if (keyid == stcb->asoc.authinfo.active_keyid)
 1445                 return (-1);
 1446 
 1447         /* does the key exist? */
 1448         skey = sctp_find_sharedkey(&stcb->asoc.shared_keys, keyid);
 1449         if (skey == NULL)
 1450                 return (-1);
 1451 
 1452         /* are there other refcount holders on the key? */
 1453         if (skey->refcount == 1) {
 1454                 /* no other users, send a notification for this key */
 1455                 sctp_ulp_notify(SCTP_NOTIFY_AUTH_FREE_KEY, stcb, keyid, 0,
 1456                     SCTP_SO_LOCKED);
 1457         }
 1458         /* mark the key as deactivated */
 1459         skey->deactivated = 1;
 1460 
 1461         return (0);
 1462 }
 1463 
 1464 /*-
 1465  * deactivates a shared key from the endpoint
 1466  * ASSUMES INP_WLOCK is already held
 1467  */
 1468 int
 1469 sctp_deact_sharedkey_ep(struct sctp_inpcb *inp, uint16_t keyid)
 1470 {
 1471         sctp_sharedkey_t *skey;
 1472 
 1473         if (inp == NULL)
 1474                 return (-1);
 1475 
 1476         /* is the keyid the active sending key on the endpoint */
 1477         if (keyid == inp->sctp_ep.default_keyid)
 1478                 return (-1);
 1479 
 1480         /* does the key exist? */
 1481         skey = sctp_find_sharedkey(&inp->sctp_ep.shared_keys, keyid);
 1482         if (skey == NULL)
 1483                 return (-1);
 1484 
 1485         /* endpoint keys are not refcounted */
 1486 
 1487         /* remove it */
 1488         LIST_REMOVE(skey, next);
 1489         sctp_free_sharedkey(skey);      /* frees skey->key as well */
 1490 
 1491         return (0);
 1492 }
 1493 
 1494 /*
 1495  * get local authentication parameters from cookie (from INIT-ACK)
 1496  */
 1497 void
 1498 sctp_auth_get_cookie_params(struct sctp_tcb *stcb, struct mbuf *m,
 1499     uint32_t offset, uint32_t length)
 1500 {
 1501         struct sctp_paramhdr *phdr, tmp_param;
 1502         uint16_t plen, ptype;
 1503         uint8_t random_store[SCTP_PARAM_BUFFER_SIZE];
 1504         struct sctp_auth_random *p_random = NULL;
 1505         uint16_t random_len = 0;
 1506         uint8_t hmacs_store[SCTP_PARAM_BUFFER_SIZE];
 1507         struct sctp_auth_hmac_algo *hmacs = NULL;
 1508         uint16_t hmacs_len = 0;
 1509         uint8_t chunks_store[SCTP_PARAM_BUFFER_SIZE];
 1510         struct sctp_auth_chunk_list *chunks = NULL;
 1511         uint16_t num_chunks = 0;
 1512         sctp_key_t *new_key;
 1513         uint32_t keylen;
 1514 
 1515         /* convert to upper bound */
 1516         length += offset;
 1517 
 1518         phdr = (struct sctp_paramhdr *)sctp_m_getptr(m, offset,
 1519             sizeof(struct sctp_paramhdr), (uint8_t *) & tmp_param);
 1520         while (phdr != NULL) {
 1521                 ptype = ntohs(phdr->param_type);
 1522                 plen = ntohs(phdr->param_length);
 1523 
 1524                 if ((plen == 0) || (offset + plen > length))
 1525                         break;
 1526 
 1527                 if (ptype == SCTP_RANDOM) {
 1528                         if (plen > sizeof(random_store))
 1529                                 break;
 1530                         phdr = sctp_get_next_param(m, offset,
 1531                             (struct sctp_paramhdr *)random_store, min(plen, sizeof(random_store)));
 1532                         if (phdr == NULL)
 1533                                 return;
 1534                         /* save the random and length for the key */
 1535                         p_random = (struct sctp_auth_random *)phdr;
 1536                         random_len = plen - sizeof(*p_random);
 1537                 } else if (ptype == SCTP_HMAC_LIST) {
 1538                         int num_hmacs;
 1539                         int i;
 1540 
 1541                         if (plen > sizeof(hmacs_store))
 1542                                 break;
 1543                         phdr = sctp_get_next_param(m, offset,
 1544                             (struct sctp_paramhdr *)hmacs_store, min(plen, sizeof(hmacs_store)));
 1545                         if (phdr == NULL)
 1546                                 return;
 1547                         /* save the hmacs list and num for the key */
 1548                         hmacs = (struct sctp_auth_hmac_algo *)phdr;
 1549                         hmacs_len = plen - sizeof(*hmacs);
 1550                         num_hmacs = hmacs_len / sizeof(hmacs->hmac_ids[0]);
 1551                         if (stcb->asoc.local_hmacs != NULL)
 1552                                 sctp_free_hmaclist(stcb->asoc.local_hmacs);
 1553                         stcb->asoc.local_hmacs = sctp_alloc_hmaclist(num_hmacs);
 1554                         if (stcb->asoc.local_hmacs != NULL) {
 1555                                 for (i = 0; i < num_hmacs; i++) {
 1556                                         (void)sctp_auth_add_hmacid(stcb->asoc.local_hmacs,
 1557                                             ntohs(hmacs->hmac_ids[i]));
 1558                                 }
 1559                         }
 1560                 } else if (ptype == SCTP_CHUNK_LIST) {
 1561                         int i;
 1562 
 1563                         if (plen > sizeof(chunks_store))
 1564                                 break;
 1565                         phdr = sctp_get_next_param(m, offset,
 1566                             (struct sctp_paramhdr *)chunks_store, min(plen, sizeof(chunks_store)));
 1567                         if (phdr == NULL)
 1568                                 return;
 1569                         chunks = (struct sctp_auth_chunk_list *)phdr;
 1570                         num_chunks = plen - sizeof(*chunks);
 1571                         /* save chunks list and num for the key */
 1572                         if (stcb->asoc.local_auth_chunks != NULL)
 1573                                 sctp_clear_chunklist(stcb->asoc.local_auth_chunks);
 1574                         else
 1575                                 stcb->asoc.local_auth_chunks = sctp_alloc_chunklist();
 1576                         for (i = 0; i < num_chunks; i++) {
 1577                                 (void)sctp_auth_add_chunk(chunks->chunk_types[i],
 1578                                     stcb->asoc.local_auth_chunks);
 1579                         }
 1580                 }
 1581                 /* get next parameter */
 1582                 offset += SCTP_SIZE32(plen);
 1583                 if (offset + sizeof(struct sctp_paramhdr) > length)
 1584                         break;
 1585                 phdr = (struct sctp_paramhdr *)sctp_m_getptr(m, offset, sizeof(struct sctp_paramhdr),
 1586                     (uint8_t *) & tmp_param);
 1587         }
 1588         /* concatenate the full random key */
 1589         keylen = sizeof(*p_random) + random_len + sizeof(*hmacs) + hmacs_len;
 1590         if (chunks != NULL) {
 1591                 keylen += sizeof(*chunks) + num_chunks;
 1592         }
 1593         new_key = sctp_alloc_key(keylen);
 1594         if (new_key != NULL) {
 1595                 /* copy in the RANDOM */
 1596                 if (p_random != NULL) {
 1597                         keylen = sizeof(*p_random) + random_len;
 1598                         bcopy(p_random, new_key->key, keylen);
 1599                 }
 1600                 /* append in the AUTH chunks */
 1601                 if (chunks != NULL) {
 1602                         bcopy(chunks, new_key->key + keylen,
 1603                             sizeof(*chunks) + num_chunks);
 1604                         keylen += sizeof(*chunks) + num_chunks;
 1605                 }
 1606                 /* append in the HMACs */
 1607                 if (hmacs != NULL) {
 1608                         bcopy(hmacs, new_key->key + keylen,
 1609                             sizeof(*hmacs) + hmacs_len);
 1610                 }
 1611         }
 1612         if (stcb->asoc.authinfo.random != NULL)
 1613                 sctp_free_key(stcb->asoc.authinfo.random);
 1614         stcb->asoc.authinfo.random = new_key;
 1615         stcb->asoc.authinfo.random_len = random_len;
 1616         sctp_clear_cachedkeys(stcb, stcb->asoc.authinfo.assoc_keyid);
 1617         sctp_clear_cachedkeys(stcb, stcb->asoc.authinfo.recv_keyid);
 1618 
 1619         /* negotiate what HMAC to use for the peer */
 1620         stcb->asoc.peer_hmac_id = sctp_negotiate_hmacid(stcb->asoc.peer_hmacs,
 1621             stcb->asoc.local_hmacs);
 1622 
 1623         /* copy defaults from the endpoint */
 1624         /* FIX ME: put in cookie? */
 1625         stcb->asoc.authinfo.active_keyid = stcb->sctp_ep->sctp_ep.default_keyid;
 1626         /* copy out the shared key list (by reference) from the endpoint */
 1627         (void)sctp_copy_skeylist(&stcb->sctp_ep->sctp_ep.shared_keys,
 1628             &stcb->asoc.shared_keys);
 1629 }
 1630 
 1631 /*
 1632  * compute and fill in the HMAC digest for a packet
 1633  */
 1634 void
 1635 sctp_fill_hmac_digest_m(struct mbuf *m, uint32_t auth_offset,
 1636     struct sctp_auth_chunk *auth, struct sctp_tcb *stcb, uint16_t keyid)
 1637 {
 1638         uint32_t digestlen;
 1639         sctp_sharedkey_t *skey;
 1640         sctp_key_t *key;
 1641 
 1642         if ((stcb == NULL) || (auth == NULL))
 1643                 return;
 1644 
 1645         /* zero the digest + chunk padding */
 1646         digestlen = sctp_get_hmac_digest_len(stcb->asoc.peer_hmac_id);
 1647         bzero(auth->hmac, SCTP_SIZE32(digestlen));
 1648 
 1649         /* is the desired key cached? */
 1650         if ((keyid != stcb->asoc.authinfo.assoc_keyid) ||
 1651             (stcb->asoc.authinfo.assoc_key == NULL)) {
 1652                 if (stcb->asoc.authinfo.assoc_key != NULL) {
 1653                         /* free the old cached key */
 1654                         sctp_free_key(stcb->asoc.authinfo.assoc_key);
 1655                 }
 1656                 skey = sctp_find_sharedkey(&stcb->asoc.shared_keys, keyid);
 1657                 /* the only way skey is NULL is if null key id 0 is used */
 1658                 if (skey != NULL)
 1659                         key = skey->key;
 1660                 else
 1661                         key = NULL;
 1662                 /* compute a new assoc key and cache it */
 1663                 stcb->asoc.authinfo.assoc_key =
 1664                     sctp_compute_hashkey(stcb->asoc.authinfo.random,
 1665                     stcb->asoc.authinfo.peer_random, key);
 1666                 stcb->asoc.authinfo.assoc_keyid = keyid;
 1667                 SCTPDBG(SCTP_DEBUG_AUTH1, "caching key id %u\n",
 1668                     stcb->asoc.authinfo.assoc_keyid);
 1669 #ifdef SCTP_DEBUG
 1670                 if (SCTP_AUTH_DEBUG)
 1671                         sctp_print_key(stcb->asoc.authinfo.assoc_key,
 1672                             "Assoc Key");
 1673 #endif
 1674         }
 1675         /* set in the active key id */
 1676         auth->shared_key_id = htons(keyid);
 1677 
 1678         /* compute and fill in the digest */
 1679         (void)sctp_compute_hmac_m(stcb->asoc.peer_hmac_id, stcb->asoc.authinfo.assoc_key,
 1680             m, auth_offset, auth->hmac);
 1681 }
 1682 
 1683 
 1684 static void
 1685 sctp_bzero_m(struct mbuf *m, uint32_t m_offset, uint32_t size)
 1686 {
 1687         struct mbuf *m_tmp;
 1688         uint8_t *data;
 1689 
 1690         /* sanity check */
 1691         if (m == NULL)
 1692                 return;
 1693 
 1694         /* find the correct starting mbuf and offset (get start position) */
 1695         m_tmp = m;
 1696         while ((m_tmp != NULL) && (m_offset >= (uint32_t) SCTP_BUF_LEN(m_tmp))) {
 1697                 m_offset -= SCTP_BUF_LEN(m_tmp);
 1698                 m_tmp = SCTP_BUF_NEXT(m_tmp);
 1699         }
 1700         /* now use the rest of the mbuf chain */
 1701         while ((m_tmp != NULL) && (size > 0)) {
 1702                 data = mtod(m_tmp, uint8_t *) + m_offset;
 1703                 if (size > (uint32_t) SCTP_BUF_LEN(m_tmp)) {
 1704                         bzero(data, SCTP_BUF_LEN(m_tmp));
 1705                         size -= SCTP_BUF_LEN(m_tmp);
 1706                 } else {
 1707                         bzero(data, size);
 1708                         size = 0;
 1709                 }
 1710                 /* clear the offset since it's only for the first mbuf */
 1711                 m_offset = 0;
 1712                 m_tmp = SCTP_BUF_NEXT(m_tmp);
 1713         }
 1714 }
 1715 
 1716 /*-
 1717  * process the incoming Authentication chunk
 1718  * return codes:
 1719  *   -1 on any authentication error
 1720  *    0 on authentication verification
 1721  */
 1722 int
 1723 sctp_handle_auth(struct sctp_tcb *stcb, struct sctp_auth_chunk *auth,
 1724     struct mbuf *m, uint32_t offset)
 1725 {
 1726         uint16_t chunklen;
 1727         uint16_t shared_key_id;
 1728         uint16_t hmac_id;
 1729         sctp_sharedkey_t *skey;
 1730         uint32_t digestlen;
 1731         uint8_t digest[SCTP_AUTH_DIGEST_LEN_MAX];
 1732         uint8_t computed_digest[SCTP_AUTH_DIGEST_LEN_MAX];
 1733 
 1734         /* auth is checked for NULL by caller */
 1735         chunklen = ntohs(auth->ch.chunk_length);
 1736         if (chunklen < sizeof(*auth)) {
 1737                 SCTP_STAT_INCR(sctps_recvauthfailed);
 1738                 return (-1);
 1739         }
 1740         SCTP_STAT_INCR(sctps_recvauth);
 1741 
 1742         /* get the auth params */
 1743         shared_key_id = ntohs(auth->shared_key_id);
 1744         hmac_id = ntohs(auth->hmac_id);
 1745         SCTPDBG(SCTP_DEBUG_AUTH1,
 1746             "SCTP AUTH Chunk: shared key %u, HMAC id %u\n",
 1747             shared_key_id, hmac_id);
 1748 
 1749         /* is the indicated HMAC supported? */
 1750         if (!sctp_auth_is_supported_hmac(stcb->asoc.local_hmacs, hmac_id)) {
 1751                 struct mbuf *m_err;
 1752                 struct sctp_auth_invalid_hmac *err;
 1753 
 1754                 SCTP_STAT_INCR(sctps_recvivalhmacid);
 1755                 SCTPDBG(SCTP_DEBUG_AUTH1,
 1756                     "SCTP Auth: unsupported HMAC id %u\n",
 1757                     hmac_id);
 1758                 /*
 1759                  * report this in an Error Chunk: Unsupported HMAC
 1760                  * Identifier
 1761                  */
 1762                 m_err = sctp_get_mbuf_for_msg(sizeof(*err), 0, M_DONTWAIT,
 1763                     1, MT_HEADER);
 1764                 if (m_err != NULL) {
 1765                         /* pre-reserve some space */
 1766                         SCTP_BUF_RESV_UF(m_err, sizeof(struct sctp_chunkhdr));
 1767                         /* fill in the error */
 1768                         err = mtod(m_err, struct sctp_auth_invalid_hmac *);
 1769                         bzero(err, sizeof(*err));
 1770                         err->ph.param_type = htons(SCTP_CAUSE_UNSUPPORTED_HMACID);
 1771                         err->ph.param_length = htons(sizeof(*err));
 1772                         err->hmac_id = ntohs(hmac_id);
 1773                         SCTP_BUF_LEN(m_err) = sizeof(*err);
 1774                         /* queue it */
 1775                         sctp_queue_op_err(stcb, m_err);
 1776                 }
 1777                 return (-1);
 1778         }
 1779         /* get the indicated shared key, if available */
 1780         if ((stcb->asoc.authinfo.recv_key == NULL) ||
 1781             (stcb->asoc.authinfo.recv_keyid != shared_key_id)) {
 1782                 /* find the shared key on the assoc first */
 1783                 skey = sctp_find_sharedkey(&stcb->asoc.shared_keys,
 1784                     shared_key_id);
 1785                 /* if the shared key isn't found, discard the chunk */
 1786                 if (skey == NULL) {
 1787                         SCTP_STAT_INCR(sctps_recvivalkeyid);
 1788                         SCTPDBG(SCTP_DEBUG_AUTH1,
 1789                             "SCTP Auth: unknown key id %u\n",
 1790                             shared_key_id);
 1791                         return (-1);
 1792                 }
 1793                 /* generate a notification if this is a new key id */
 1794                 if (stcb->asoc.authinfo.recv_keyid != shared_key_id)
 1795                         /*
 1796                          * sctp_ulp_notify(SCTP_NOTIFY_AUTH_NEW_KEY, stcb,
 1797                          * shared_key_id, (void
 1798                          * *)stcb->asoc.authinfo.recv_keyid);
 1799                          */
 1800                         sctp_notify_authentication(stcb, SCTP_AUTH_NEWKEY,
 1801                             shared_key_id, stcb->asoc.authinfo.recv_keyid,
 1802                             SCTP_SO_NOT_LOCKED);
 1803                 /* compute a new recv assoc key and cache it */
 1804                 if (stcb->asoc.authinfo.recv_key != NULL)
 1805                         sctp_free_key(stcb->asoc.authinfo.recv_key);
 1806                 stcb->asoc.authinfo.recv_key =
 1807                     sctp_compute_hashkey(stcb->asoc.authinfo.random,
 1808                     stcb->asoc.authinfo.peer_random, skey->key);
 1809                 stcb->asoc.authinfo.recv_keyid = shared_key_id;
 1810 #ifdef SCTP_DEBUG
 1811                 if (SCTP_AUTH_DEBUG)
 1812                         sctp_print_key(stcb->asoc.authinfo.recv_key, "Recv Key");
 1813 #endif
 1814         }
 1815         /* validate the digest length */
 1816         digestlen = sctp_get_hmac_digest_len(hmac_id);
 1817         if (chunklen < (sizeof(*auth) + digestlen)) {
 1818                 /* invalid digest length */
 1819                 SCTP_STAT_INCR(sctps_recvauthfailed);
 1820                 SCTPDBG(SCTP_DEBUG_AUTH1,
 1821                     "SCTP Auth: chunk too short for HMAC\n");
 1822                 return (-1);
 1823         }
 1824         /* save a copy of the digest, zero the pseudo header, and validate */
 1825         bcopy(auth->hmac, digest, digestlen);
 1826         sctp_bzero_m(m, offset + sizeof(*auth), SCTP_SIZE32(digestlen));
 1827         (void)sctp_compute_hmac_m(hmac_id, stcb->asoc.authinfo.recv_key,
 1828             m, offset, computed_digest);
 1829 
 1830         /* compare the computed digest with the one in the AUTH chunk */
 1831         if (memcmp(digest, computed_digest, digestlen) != 0) {
 1832                 SCTP_STAT_INCR(sctps_recvauthfailed);
 1833                 SCTPDBG(SCTP_DEBUG_AUTH1,
 1834                     "SCTP Auth: HMAC digest check failed\n");
 1835                 return (-1);
 1836         }
 1837         return (0);
 1838 }
 1839 
 1840 /*
 1841  * Generate NOTIFICATION
 1842  */
 1843 void
 1844 sctp_notify_authentication(struct sctp_tcb *stcb, uint32_t indication,
 1845     uint16_t keyid, uint16_t alt_keyid, int so_locked
 1846 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING)
 1847     SCTP_UNUSED
 1848 #endif
 1849 )
 1850 {
 1851         struct mbuf *m_notify;
 1852         struct sctp_authkey_event *auth;
 1853         struct sctp_queued_to_read *control;
 1854 
 1855         if ((stcb == NULL) ||
 1856             (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) ||
 1857             (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) ||
 1858             (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET)
 1859             ) {
 1860                 /* If the socket is gone we are out of here */
 1861                 return;
 1862         }
 1863         if (sctp_is_feature_off(stcb->sctp_ep, SCTP_PCB_FLAGS_AUTHEVNT))
 1864                 /* event not enabled */
 1865                 return;
 1866 
 1867         m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_authkey_event),
 1868             0, M_DONTWAIT, 1, MT_HEADER);
 1869         if (m_notify == NULL)
 1870                 /* no space left */
 1871                 return;
 1872 
 1873         SCTP_BUF_LEN(m_notify) = 0;
 1874         auth = mtod(m_notify, struct sctp_authkey_event *);
 1875         auth->auth_type = SCTP_AUTHENTICATION_EVENT;
 1876         auth->auth_flags = 0;
 1877         auth->auth_length = sizeof(*auth);
 1878         auth->auth_keynumber = keyid;
 1879         auth->auth_altkeynumber = alt_keyid;
 1880         auth->auth_indication = indication;
 1881         auth->auth_assoc_id = sctp_get_associd(stcb);
 1882 
 1883         SCTP_BUF_LEN(m_notify) = sizeof(*auth);
 1884         SCTP_BUF_NEXT(m_notify) = NULL;
 1885 
 1886         /* append to socket */
 1887         control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination,
 1888             0, 0, 0, 0, 0, 0, m_notify);
 1889         if (control == NULL) {
 1890                 /* no memory */
 1891                 sctp_m_freem(m_notify);
 1892                 return;
 1893         }
 1894         control->spec_flags = M_NOTIFICATION;
 1895         control->length = SCTP_BUF_LEN(m_notify);
 1896         /* not that we need this */
 1897         control->tail_mbuf = m_notify;
 1898         sctp_add_to_readq(stcb->sctp_ep, stcb, control,
 1899             &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_NOT_HELD, so_locked);
 1900 }
 1901 
 1902 
 1903 /*-
 1904  * validates the AUTHentication related parameters in an INIT/INIT-ACK
 1905  * Note: currently only used for INIT as INIT-ACK is handled inline
 1906  * with sctp_load_addresses_from_init()
 1907  */
 1908 int
 1909 sctp_validate_init_auth_params(struct mbuf *m, int offset, int limit)
 1910 {
 1911         struct sctp_paramhdr *phdr, parm_buf;
 1912         uint16_t ptype, plen;
 1913         int peer_supports_asconf = 0;
 1914         int peer_supports_auth = 0;
 1915         int got_random = 0, got_hmacs = 0, got_chklist = 0;
 1916         uint8_t saw_asconf = 0;
 1917         uint8_t saw_asconf_ack = 0;
 1918 
 1919         /* go through each of the params. */
 1920         phdr = sctp_get_next_param(m, offset, &parm_buf, sizeof(parm_buf));
 1921         while (phdr) {
 1922                 ptype = ntohs(phdr->param_type);
 1923                 plen = ntohs(phdr->param_length);
 1924 
 1925                 if (offset + plen > limit) {
 1926                         break;
 1927                 }
 1928                 if (plen < sizeof(struct sctp_paramhdr)) {
 1929                         break;
 1930                 }
 1931                 if (ptype == SCTP_SUPPORTED_CHUNK_EXT) {
 1932                         /* A supported extension chunk */
 1933                         struct sctp_supported_chunk_types_param *pr_supported;
 1934                         uint8_t local_store[SCTP_PARAM_BUFFER_SIZE];
 1935                         int num_ent, i;
 1936 
 1937                         phdr = sctp_get_next_param(m, offset,
 1938                             (struct sctp_paramhdr *)&local_store, min(plen, sizeof(local_store)));
 1939                         if (phdr == NULL) {
 1940                                 return (-1);
 1941                         }
 1942                         pr_supported = (struct sctp_supported_chunk_types_param *)phdr;
 1943                         num_ent = plen - sizeof(struct sctp_paramhdr);
 1944                         for (i = 0; i < num_ent; i++) {
 1945                                 switch (pr_supported->chunk_types[i]) {
 1946                                 case SCTP_ASCONF:
 1947                                 case SCTP_ASCONF_ACK:
 1948                                         peer_supports_asconf = 1;
 1949                                         break;
 1950                                 case SCTP_AUTHENTICATION:
 1951                                         peer_supports_auth = 1;
 1952                                         break;
 1953                                 default:
 1954                                         /* one we don't care about */
 1955                                         break;
 1956                                 }
 1957                         }
 1958                 } else if (ptype == SCTP_RANDOM) {
 1959                         got_random = 1;
 1960                         /* enforce the random length */
 1961                         if (plen != (sizeof(struct sctp_auth_random) +
 1962                             SCTP_AUTH_RANDOM_SIZE_REQUIRED)) {
 1963                                 SCTPDBG(SCTP_DEBUG_AUTH1,
 1964                                     "SCTP: invalid RANDOM len\n");
 1965                                 return (-1);
 1966                         }
 1967                 } else if (ptype == SCTP_HMAC_LIST) {
 1968                         uint8_t store[SCTP_PARAM_BUFFER_SIZE];
 1969                         struct sctp_auth_hmac_algo *hmacs;
 1970                         int num_hmacs;
 1971 
 1972                         if (plen > sizeof(store))
 1973                                 break;
 1974                         phdr = sctp_get_next_param(m, offset,
 1975                             (struct sctp_paramhdr *)store, min(plen, sizeof(store)));
 1976                         if (phdr == NULL)
 1977                                 return (-1);
 1978                         hmacs = (struct sctp_auth_hmac_algo *)phdr;
 1979                         num_hmacs = (plen - sizeof(*hmacs)) /
 1980                             sizeof(hmacs->hmac_ids[0]);
 1981                         /* validate the hmac list */
 1982                         if (sctp_verify_hmac_param(hmacs, num_hmacs)) {
 1983                                 SCTPDBG(SCTP_DEBUG_AUTH1,
 1984                                     "SCTP: invalid HMAC param\n");
 1985                                 return (-1);
 1986                         }
 1987                         got_hmacs = 1;
 1988                 } else if (ptype == SCTP_CHUNK_LIST) {
 1989                         int i, num_chunks;
 1990                         uint8_t chunks_store[SCTP_SMALL_CHUNK_STORE];
 1991 
 1992                         /* did the peer send a non-empty chunk list? */
 1993                         struct sctp_auth_chunk_list *chunks = NULL;
 1994 
 1995                         phdr = sctp_get_next_param(m, offset,
 1996                             (struct sctp_paramhdr *)chunks_store,
 1997                             min(plen, sizeof(chunks_store)));
 1998                         if (phdr == NULL)
 1999                                 return (-1);
 2000 
 2001                         /*-
 2002                          * Flip through the list and mark that the
 2003                          * peer supports asconf/asconf_ack.
 2004                          */
 2005                         chunks = (struct sctp_auth_chunk_list *)phdr;
 2006                         num_chunks = plen - sizeof(*chunks);
 2007                         for (i = 0; i < num_chunks; i++) {
 2008                                 /* record asconf/asconf-ack if listed */
 2009                                 if (chunks->chunk_types[i] == SCTP_ASCONF)
 2010                                         saw_asconf = 1;
 2011                                 if (chunks->chunk_types[i] == SCTP_ASCONF_ACK)
 2012                                         saw_asconf_ack = 1;
 2013 
 2014                         }
 2015                         if (num_chunks)
 2016                                 got_chklist = 1;
 2017                 }
 2018                 offset += SCTP_SIZE32(plen);
 2019                 if (offset >= limit) {
 2020                         break;
 2021                 }
 2022                 phdr = sctp_get_next_param(m, offset, &parm_buf,
 2023                     sizeof(parm_buf));
 2024         }
 2025         /* validate authentication required parameters */
 2026         if (got_random && got_hmacs) {
 2027                 peer_supports_auth = 1;
 2028         } else {
 2029                 peer_supports_auth = 0;
 2030         }
 2031         if (!peer_supports_auth && got_chklist) {
 2032                 SCTPDBG(SCTP_DEBUG_AUTH1,
 2033                     "SCTP: peer sent chunk list w/o AUTH\n");
 2034                 return (-1);
 2035         }
 2036         if (!SCTP_BASE_SYSCTL(sctp_asconf_auth_nochk) && peer_supports_asconf &&
 2037             !peer_supports_auth) {
 2038                 SCTPDBG(SCTP_DEBUG_AUTH1,
 2039                     "SCTP: peer supports ASCONF but not AUTH\n");
 2040                 return (-1);
 2041         } else if ((peer_supports_asconf) && (peer_supports_auth) &&
 2042             ((saw_asconf == 0) || (saw_asconf_ack == 0))) {
 2043                 return (-2);
 2044         }
 2045         return (0);
 2046 }
 2047 
 2048 void
 2049 sctp_initialize_auth_params(struct sctp_inpcb *inp, struct sctp_tcb *stcb)
 2050 {
 2051         uint16_t chunks_len = 0;
 2052         uint16_t hmacs_len = 0;
 2053         uint16_t random_len = SCTP_AUTH_RANDOM_SIZE_DEFAULT;
 2054         sctp_key_t *new_key;
 2055         uint16_t keylen;
 2056 
 2057         /* initialize hmac list from endpoint */
 2058         stcb->asoc.local_hmacs = sctp_copy_hmaclist(inp->sctp_ep.local_hmacs);
 2059         if (stcb->asoc.local_hmacs != NULL) {
 2060                 hmacs_len = stcb->asoc.local_hmacs->num_algo *
 2061                     sizeof(stcb->asoc.local_hmacs->hmac[0]);
 2062         }
 2063         /* initialize auth chunks list from endpoint */
 2064         stcb->asoc.local_auth_chunks =
 2065             sctp_copy_chunklist(inp->sctp_ep.local_auth_chunks);
 2066         if (stcb->asoc.local_auth_chunks != NULL) {
 2067                 int i;
 2068 
 2069                 for (i = 0; i < 256; i++) {
 2070                         if (stcb->asoc.local_auth_chunks->chunks[i])
 2071                                 chunks_len++;
 2072                 }
 2073         }
 2074         /* copy defaults from the endpoint */
 2075         stcb->asoc.authinfo.active_keyid = inp->sctp_ep.default_keyid;
 2076 
 2077         /* copy out the shared key list (by reference) from the endpoint */
 2078         (void)sctp_copy_skeylist(&inp->sctp_ep.shared_keys,
 2079             &stcb->asoc.shared_keys);
 2080 
 2081         /* now set the concatenated key (random + chunks + hmacs) */
 2082         /* key includes parameter headers */
 2083         keylen = (3 * sizeof(struct sctp_paramhdr)) + random_len + chunks_len +
 2084             hmacs_len;
 2085         new_key = sctp_alloc_key(keylen);
 2086         if (new_key != NULL) {
 2087                 struct sctp_paramhdr *ph;
 2088                 int plen;
 2089 
 2090                 /* generate and copy in the RANDOM */
 2091                 ph = (struct sctp_paramhdr *)new_key->key;
 2092                 ph->param_type = htons(SCTP_RANDOM);
 2093                 plen = sizeof(*ph) + random_len;
 2094                 ph->param_length = htons(plen);
 2095                 SCTP_READ_RANDOM(new_key->key + sizeof(*ph), random_len);
 2096                 keylen = plen;
 2097 
 2098                 /* append in the AUTH chunks */
 2099                 /* NOTE: currently we always have chunks to list */
 2100                 ph = (struct sctp_paramhdr *)(new_key->key + keylen);
 2101                 ph->param_type = htons(SCTP_CHUNK_LIST);
 2102                 plen = sizeof(*ph) + chunks_len;
 2103                 ph->param_length = htons(plen);
 2104                 keylen += sizeof(*ph);
 2105                 if (stcb->asoc.local_auth_chunks) {
 2106                         int i;
 2107 
 2108                         for (i = 0; i < 256; i++) {
 2109                                 if (stcb->asoc.local_auth_chunks->chunks[i])
 2110                                         new_key->key[keylen++] = i;
 2111                         }
 2112                 }
 2113                 /* append in the HMACs */
 2114                 ph = (struct sctp_paramhdr *)(new_key->key + keylen);
 2115                 ph->param_type = htons(SCTP_HMAC_LIST);
 2116                 plen = sizeof(*ph) + hmacs_len;
 2117                 ph->param_length = htons(plen);
 2118                 keylen += sizeof(*ph);
 2119                 (void)sctp_serialize_hmaclist(stcb->asoc.local_hmacs,
 2120                     new_key->key + keylen);
 2121         }
 2122         if (stcb->asoc.authinfo.random != NULL)
 2123                 sctp_free_key(stcb->asoc.authinfo.random);
 2124         stcb->asoc.authinfo.random = new_key;
 2125         stcb->asoc.authinfo.random_len = random_len;
 2126 }

Cache object: 10d429d92d158b3896d81d7d8687814c


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.