The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/netinet/sctp_auth.h

Version: -  FREEBSD  -  FREEBSD-13-STABLE  -  FREEBSD-13-0  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  l41  -  OPENBSD  -  linux-2.6  -  MK84  -  PLAN9  -  xnu-8792 
SearchContext: -  none  -  3  -  10 

    1 /*-
    2  * Copyright (c) 2001-2008, by Cisco Systems, Inc. All rights reserved.
    3  *
    4  * Redistribution and use in source and binary forms, with or without
    5  * modification, are permitted provided that the following conditions are met:
    6  *
    7  * a) Redistributions of source code must retain the above copyright notice,
    8  *   this list of conditions and the following disclaimer.
    9  *
   10  * b) Redistributions in binary form must reproduce the above copyright
   11  *    notice, this list of conditions and the following disclaimer in
   12  *   the documentation and/or other materials provided with the distribution.
   13  *
   14  * c) Neither the name of Cisco Systems, Inc. nor the names of its
   15  *    contributors may be used to endorse or promote products derived
   16  *    from this software without specific prior written permission.
   17  *
   18  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
   19  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
   20  * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   21  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
   22  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
   23  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
   24  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
   25  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
   26  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
   27  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
   28  * THE POSSIBILITY OF SUCH DAMAGE.
   29  */
   30 
   31 #include <sys/cdefs.h>
   32 __FBSDID("$FreeBSD: releng/7.3/sys/netinet/sctp_auth.h 188532 2009-02-12 18:50:27Z rrs $");
   33 
   34 #ifndef __SCTP_AUTH_H__
   35 #define __SCTP_AUTH_H__
   36 
   37 
   38 /* digest lengths */
   39 #define SCTP_AUTH_DIGEST_LEN_SHA1       20
   40 #define SCTP_AUTH_DIGEST_LEN_MD5        16
   41 #define SCTP_AUTH_DIGEST_LEN_SHA224     28
   42 #define SCTP_AUTH_DIGEST_LEN_SHA256     32
   43 #define SCTP_AUTH_DIGEST_LEN_SHA384     48
   44 #define SCTP_AUTH_DIGEST_LEN_SHA512     64
   45 #define SCTP_AUTH_DIGEST_LEN_MAX        64
   46 
   47 /* random sizes */
   48 #define SCTP_AUTH_RANDOM_SIZE_DEFAULT   32
   49 #define SCTP_AUTH_RANDOM_SIZE_REQUIRED  32
   50 #define SCTP_AUTH_RANDOM_SIZE_MAX       256
   51 
   52 /* union of all supported HMAC algorithm contexts */
   53 typedef union sctp_hash_context {
   54         SHA1_CTX sha1;
   55         MD5_CTX md5;
   56 #ifdef HAVE_SHA2
   57         SHA256_CTX sha256;
   58         SHA384_CTX sha384;
   59         SHA512_CTX sha512;
   60 #endif
   61 }                 sctp_hash_context_t;
   62 
   63 typedef struct sctp_key {
   64         uint32_t keylen;
   65         uint8_t key[0];
   66 }        sctp_key_t;
   67 
   68 typedef struct sctp_shared_key {
   69         LIST_ENTRY(sctp_shared_key) next;
   70         sctp_key_t *key;        /* key text */
   71         uint32_t refcount;      /* reference count */
   72         uint16_t keyid;         /* shared key ID */
   73         uint8_t deactivated;    /* key is deactivated */
   74 }               sctp_sharedkey_t;
   75 
   76 LIST_HEAD(sctp_keyhead, sctp_shared_key);
   77 
   78 /* authentication chunks list */
   79 typedef struct sctp_auth_chklist {
   80         uint8_t chunks[256];
   81         uint8_t num_chunks;
   82 }                 sctp_auth_chklist_t;
   83 
   84 /* hmac algos supported list */
   85 typedef struct sctp_hmaclist {
   86         uint16_t max_algo;      /* max algorithms allocated */
   87         uint16_t num_algo;      /* num algorithms used */
   88         uint16_t hmac[0];
   89 }             sctp_hmaclist_t;
   90 
   91 /* authentication info */
   92 typedef struct sctp_authinfo {
   93         sctp_key_t *random;     /* local random key (concatenated) */
   94         uint32_t random_len;    /* local random number length for param */
   95         sctp_key_t *peer_random;/* peer's random key (concatenated) */
   96         sctp_key_t *assoc_key;  /* cached concatenated send key */
   97         sctp_key_t *recv_key;   /* cached concatenated recv key */
   98         uint16_t active_keyid;  /* active send keyid */
   99         uint16_t assoc_keyid;   /* current send keyid (cached) */
  100         uint16_t recv_keyid;    /* last recv keyid (cached) */
  101 }             sctp_authinfo_t;
  102 
  103 
  104 
  105 /*
  106  * Macros
  107  */
  108 #define sctp_auth_is_required_chunk(chunk, list) ((list == NULL) ? (0) : (list->chunks[chunk] != 0))
  109 
  110 /*
  111  * function prototypes
  112  */
  113 
  114 /* socket option api functions */
  115 extern sctp_auth_chklist_t *sctp_alloc_chunklist(void);
  116 extern void sctp_free_chunklist(sctp_auth_chklist_t * chklist);
  117 extern void sctp_clear_chunklist(sctp_auth_chklist_t * chklist);
  118 extern sctp_auth_chklist_t *sctp_copy_chunklist(sctp_auth_chklist_t * chklist);
  119 extern int sctp_auth_add_chunk(uint8_t chunk, sctp_auth_chklist_t * list);
  120 extern int sctp_auth_delete_chunk(uint8_t chunk, sctp_auth_chklist_t * list);
  121 extern size_t sctp_auth_get_chklist_size(const sctp_auth_chklist_t * list);
  122 extern void sctp_auth_set_default_chunks(sctp_auth_chklist_t * list);
  123 extern int 
  124 sctp_serialize_auth_chunks(const sctp_auth_chklist_t * list,
  125     uint8_t * ptr);
  126 extern int 
  127 sctp_pack_auth_chunks(const sctp_auth_chklist_t * list,
  128     uint8_t * ptr);
  129 extern int 
  130 sctp_unpack_auth_chunks(const uint8_t * ptr, uint8_t num_chunks,
  131     sctp_auth_chklist_t * list);
  132 
  133 /* key handling */
  134 extern sctp_key_t *sctp_alloc_key(uint32_t keylen);
  135 extern void sctp_free_key(sctp_key_t * key);
  136 extern void sctp_print_key(sctp_key_t * key, const char *str);
  137 extern void sctp_show_key(sctp_key_t * key, const char *str);
  138 extern sctp_key_t *sctp_generate_random_key(uint32_t keylen);
  139 extern sctp_key_t *sctp_set_key(uint8_t * key, uint32_t keylen);
  140 extern sctp_key_t *
  141 sctp_compute_hashkey(sctp_key_t * key1, sctp_key_t * key2,
  142     sctp_key_t * shared);
  143 
  144 /* shared key handling */
  145 extern sctp_sharedkey_t *sctp_alloc_sharedkey(void);
  146 extern void sctp_free_sharedkey(sctp_sharedkey_t * skey);
  147 extern sctp_sharedkey_t *
  148 sctp_find_sharedkey(struct sctp_keyhead *shared_keys,
  149     uint16_t key_id);
  150 extern int 
  151 sctp_insert_sharedkey(struct sctp_keyhead *shared_keys,
  152     sctp_sharedkey_t * new_skey);
  153 extern int 
  154 sctp_copy_skeylist(const struct sctp_keyhead *src,
  155     struct sctp_keyhead *dest);
  156 
  157 /* ref counts on shared keys, by key id */
  158 extern void sctp_auth_key_acquire(struct sctp_tcb *stcb, uint16_t keyid);
  159 extern void sctp_auth_key_release(struct sctp_tcb *stcb, uint16_t keyid);
  160 
  161 
  162 /* hmac list handling */
  163 extern sctp_hmaclist_t *sctp_alloc_hmaclist(uint8_t num_hmacs);
  164 extern void sctp_free_hmaclist(sctp_hmaclist_t * list);
  165 extern int sctp_auth_add_hmacid(sctp_hmaclist_t * list, uint16_t hmac_id);
  166 extern sctp_hmaclist_t *sctp_copy_hmaclist(sctp_hmaclist_t * list);
  167 extern sctp_hmaclist_t *sctp_default_supported_hmaclist(void);
  168 extern uint16_t 
  169 sctp_negotiate_hmacid(sctp_hmaclist_t * peer,
  170     sctp_hmaclist_t * local);
  171 extern int sctp_serialize_hmaclist(sctp_hmaclist_t * list, uint8_t * ptr);
  172 extern int 
  173 sctp_verify_hmac_param(struct sctp_auth_hmac_algo *hmacs,
  174     uint32_t num_hmacs);
  175 
  176 extern sctp_authinfo_t *sctp_alloc_authinfo(void);
  177 extern void sctp_free_authinfo(sctp_authinfo_t * authinfo);
  178 
  179 /* keyed-HMAC functions */
  180 extern uint32_t sctp_get_auth_chunk_len(uint16_t hmac_algo);
  181 extern uint32_t sctp_get_hmac_digest_len(uint16_t hmac_algo);
  182 extern uint32_t 
  183 sctp_hmac(uint16_t hmac_algo, uint8_t * key, uint32_t keylen,
  184     uint8_t * text, uint32_t textlen, uint8_t * digest);
  185 extern int 
  186 sctp_verify_hmac(uint16_t hmac_algo, uint8_t * key, uint32_t keylen,
  187     uint8_t * text, uint32_t textlen, uint8_t * digest, uint32_t digestlen);
  188 extern uint32_t 
  189 sctp_compute_hmac(uint16_t hmac_algo, sctp_key_t * key,
  190     uint8_t * text, uint32_t textlen, uint8_t * digest);
  191 extern int sctp_auth_is_supported_hmac(sctp_hmaclist_t * list, uint16_t id);
  192 
  193 /* mbuf versions */
  194 extern uint32_t 
  195 sctp_hmac_m(uint16_t hmac_algo, uint8_t * key, uint32_t keylen,
  196     struct mbuf *m, uint32_t m_offset, uint8_t * digest, uint32_t trailer);
  197 extern uint32_t 
  198 sctp_compute_hmac_m(uint16_t hmac_algo, sctp_key_t * key,
  199     struct mbuf *m, uint32_t m_offset, uint8_t * digest);
  200 
  201 /*
  202  * authentication routines
  203  */
  204 extern void sctp_clear_cachedkeys(struct sctp_tcb *stcb, uint16_t keyid);
  205 extern void sctp_clear_cachedkeys_ep(struct sctp_inpcb *inp, uint16_t keyid);
  206 extern int sctp_delete_sharedkey(struct sctp_tcb *stcb, uint16_t keyid);
  207 extern int sctp_delete_sharedkey_ep(struct sctp_inpcb *inp, uint16_t keyid);
  208 extern int sctp_auth_setactivekey(struct sctp_tcb *stcb, uint16_t keyid);
  209 extern int sctp_auth_setactivekey_ep(struct sctp_inpcb *inp, uint16_t keyid);
  210 extern int sctp_deact_sharedkey(struct sctp_tcb *stcb, uint16_t keyid);
  211 extern int sctp_deact_sharedkey_ep(struct sctp_inpcb *inp, uint16_t keyid);
  212 
  213 extern void 
  214 sctp_auth_get_cookie_params(struct sctp_tcb *stcb, struct mbuf *m,
  215     uint32_t offset, uint32_t length);
  216 extern void 
  217 sctp_fill_hmac_digest_m(struct mbuf *m, uint32_t auth_offset,
  218     struct sctp_auth_chunk *auth, struct sctp_tcb *stcb, uint16_t key_id);
  219 extern struct mbuf *
  220 sctp_add_auth_chunk(struct mbuf *m, struct mbuf **m_end,
  221     struct sctp_auth_chunk **auth_ret, uint32_t * offset,
  222     struct sctp_tcb *stcb, uint8_t chunk);
  223 extern int 
  224 sctp_handle_auth(struct sctp_tcb *stcb, struct sctp_auth_chunk *ch,
  225     struct mbuf *m, uint32_t offset);
  226 extern void 
  227 sctp_notify_authentication(struct sctp_tcb *stcb,
  228     uint32_t indication, uint16_t keyid, uint16_t alt_keyid, int so_locked);
  229 extern int 
  230 sctp_validate_init_auth_params(struct mbuf *m, int offset,
  231     int limit);
  232 extern void 
  233 sctp_initialize_auth_params(struct sctp_inpcb *inp,
  234     struct sctp_tcb *stcb);
  235 
  236 /* test functions */
  237 extern void sctp_test_hmac_sha1(void);
  238 extern void sctp_test_hmac_md5(void);
  239 extern void sctp_test_authkey(void);
  240 
  241 #endif                          /* __SCTP_AUTH_H__ */

Cache object: 9a9e6aae700f5e82007f2d5a0261a1c9


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.