1 /*- 2 * Copyright (c) 2001-2008, by Cisco Systems, Inc. All rights reserved. 3 * Copyright (c) 2008-2011, by Randall Stewart. All rights reserved. 4 * Copyright (c) 2008-2011, by Michael Tuexen. All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions are met: 8 * 9 * a) Redistributions of source code must retain the above copyright notice, 10 * this list of conditions and the following disclaimer. 11 * 12 * b) Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in 14 * the documentation and/or other materials provided with the distribution. 15 * 16 * c) Neither the name of Cisco Systems, Inc. nor the names of its 17 * contributors may be used to endorse or promote products derived 18 * from this software without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 21 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, 22 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 24 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 25 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 26 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF 30 * THE POSSIBILITY OF SUCH DAMAGE. 31 */ 32 33 #include <sys/cdefs.h> 34 __FBSDID("$FreeBSD$"); 35 36 #include <netinet/sctp_os.h> 37 #include <netinet/sctp.h> 38 #include <netinet/sctp_header.h> 39 #include <netinet/sctp_pcb.h> 40 #include <netinet/sctp_var.h> 41 #include <netinet/sctp_sysctl.h> 42 #include <netinet/sctputil.h> 43 #include <netinet/sctp_indata.h> 44 #include <netinet/sctp_output.h> 45 #include <netinet/sctp_auth.h> 46 47 #ifdef SCTP_DEBUG 48 #define SCTP_AUTH_DEBUG (SCTP_BASE_SYSCTL(sctp_debug_on) & SCTP_DEBUG_AUTH1) 49 #define SCTP_AUTH_DEBUG2 (SCTP_BASE_SYSCTL(sctp_debug_on) & SCTP_DEBUG_AUTH2) 50 #endif /* SCTP_DEBUG */ 51 52 53 void 54 sctp_clear_chunklist(sctp_auth_chklist_t * chklist) 55 { 56 bzero(chklist, sizeof(*chklist)); 57 /* chklist->num_chunks = 0; */ 58 } 59 60 sctp_auth_chklist_t * 61 sctp_alloc_chunklist(void) 62 { 63 sctp_auth_chklist_t *chklist; 64 65 SCTP_MALLOC(chklist, sctp_auth_chklist_t *, sizeof(*chklist), 66 SCTP_M_AUTH_CL); 67 if (chklist == NULL) { 68 SCTPDBG(SCTP_DEBUG_AUTH1, "sctp_alloc_chunklist: failed to get memory!\n"); 69 } else { 70 sctp_clear_chunklist(chklist); 71 } 72 return (chklist); 73 } 74 75 void 76 sctp_free_chunklist(sctp_auth_chklist_t * list) 77 { 78 if (list != NULL) 79 SCTP_FREE(list, SCTP_M_AUTH_CL); 80 } 81 82 sctp_auth_chklist_t * 83 sctp_copy_chunklist(sctp_auth_chklist_t * list) 84 { 85 sctp_auth_chklist_t *new_list; 86 87 if (list == NULL) 88 return (NULL); 89 90 /* get a new list */ 91 new_list = sctp_alloc_chunklist(); 92 if (new_list == NULL) 93 return (NULL); 94 /* copy it */ 95 bcopy(list, new_list, sizeof(*new_list)); 96 97 return (new_list); 98 } 99 100 101 /* 102 * add a chunk to the required chunks list 103 */ 104 int 105 sctp_auth_add_chunk(uint8_t chunk, sctp_auth_chklist_t * list) 106 { 107 if (list == NULL) 108 return (-1); 109 110 /* is chunk restricted? */ 111 if ((chunk == SCTP_INITIATION) || 112 (chunk == SCTP_INITIATION_ACK) || 113 (chunk == SCTP_SHUTDOWN_COMPLETE) || 114 (chunk == SCTP_AUTHENTICATION)) { 115 return (-1); 116 } 117 if (list->chunks[chunk] == 0) { 118 list->chunks[chunk] = 1; 119 list->num_chunks++; 120 SCTPDBG(SCTP_DEBUG_AUTH1, 121 "SCTP: added chunk %u (0x%02x) to Auth list\n", 122 chunk, chunk); 123 } 124 return (0); 125 } 126 127 /* 128 * delete a chunk from the required chunks list 129 */ 130 int 131 sctp_auth_delete_chunk(uint8_t chunk, sctp_auth_chklist_t * list) 132 { 133 if (list == NULL) 134 return (-1); 135 136 /* is chunk restricted? */ 137 if ((chunk == SCTP_ASCONF) || 138 (chunk == SCTP_ASCONF_ACK)) { 139 return (-1); 140 } 141 if (list->chunks[chunk] == 1) { 142 list->chunks[chunk] = 0; 143 list->num_chunks--; 144 SCTPDBG(SCTP_DEBUG_AUTH1, 145 "SCTP: deleted chunk %u (0x%02x) from Auth list\n", 146 chunk, chunk); 147 } 148 return (0); 149 } 150 151 size_t 152 sctp_auth_get_chklist_size(const sctp_auth_chklist_t * list) 153 { 154 if (list == NULL) 155 return (0); 156 else 157 return (list->num_chunks); 158 } 159 160 /* 161 * set the default list of chunks requiring AUTH 162 */ 163 void 164 sctp_auth_set_default_chunks(sctp_auth_chklist_t * list) 165 { 166 (void)sctp_auth_add_chunk(SCTP_ASCONF, list); 167 (void)sctp_auth_add_chunk(SCTP_ASCONF_ACK, list); 168 } 169 170 /* 171 * return the current number and list of required chunks caller must 172 * guarantee ptr has space for up to 256 bytes 173 */ 174 int 175 sctp_serialize_auth_chunks(const sctp_auth_chklist_t * list, uint8_t * ptr) 176 { 177 int i, count = 0; 178 179 if (list == NULL) 180 return (0); 181 182 for (i = 0; i < 256; i++) { 183 if (list->chunks[i] != 0) { 184 *ptr++ = i; 185 count++; 186 } 187 } 188 return (count); 189 } 190 191 int 192 sctp_pack_auth_chunks(const sctp_auth_chklist_t * list, uint8_t * ptr) 193 { 194 int i, size = 0; 195 196 if (list == NULL) 197 return (0); 198 199 if (list->num_chunks <= 32) { 200 /* just list them, one byte each */ 201 for (i = 0; i < 256; i++) { 202 if (list->chunks[i] != 0) { 203 *ptr++ = i; 204 size++; 205 } 206 } 207 } else { 208 int index, offset; 209 210 /* pack into a 32 byte bitfield */ 211 for (i = 0; i < 256; i++) { 212 if (list->chunks[i] != 0) { 213 index = i / 8; 214 offset = i % 8; 215 ptr[index] |= (1 << offset); 216 } 217 } 218 size = 32; 219 } 220 return (size); 221 } 222 223 int 224 sctp_unpack_auth_chunks(const uint8_t * ptr, uint8_t num_chunks, 225 sctp_auth_chklist_t * list) 226 { 227 int i; 228 int size; 229 230 if (list == NULL) 231 return (0); 232 233 if (num_chunks <= 32) { 234 /* just pull them, one byte each */ 235 for (i = 0; i < num_chunks; i++) { 236 (void)sctp_auth_add_chunk(*ptr++, list); 237 } 238 size = num_chunks; 239 } else { 240 int index, offset; 241 242 /* unpack from a 32 byte bitfield */ 243 for (index = 0; index < 32; index++) { 244 for (offset = 0; offset < 8; offset++) { 245 if (ptr[index] & (1 << offset)) { 246 (void)sctp_auth_add_chunk((index * 8) + offset, list); 247 } 248 } 249 } 250 size = 32; 251 } 252 return (size); 253 } 254 255 256 /* 257 * allocate structure space for a key of length keylen 258 */ 259 sctp_key_t * 260 sctp_alloc_key(uint32_t keylen) 261 { 262 sctp_key_t *new_key; 263 264 SCTP_MALLOC(new_key, sctp_key_t *, sizeof(*new_key) + keylen, 265 SCTP_M_AUTH_KY); 266 if (new_key == NULL) { 267 /* out of memory */ 268 return (NULL); 269 } 270 new_key->keylen = keylen; 271 return (new_key); 272 } 273 274 void 275 sctp_free_key(sctp_key_t * key) 276 { 277 if (key != NULL) 278 SCTP_FREE(key, SCTP_M_AUTH_KY); 279 } 280 281 void 282 sctp_print_key(sctp_key_t * key, const char *str) 283 { 284 uint32_t i; 285 286 if (key == NULL) { 287 printf("%s: [Null key]\n", str); 288 return; 289 } 290 printf("%s: len %u, ", str, key->keylen); 291 if (key->keylen) { 292 for (i = 0; i < key->keylen; i++) 293 printf("%02x", key->key[i]); 294 printf("\n"); 295 } else { 296 printf("[Null key]\n"); 297 } 298 } 299 300 void 301 sctp_show_key(sctp_key_t * key, const char *str) 302 { 303 uint32_t i; 304 305 if (key == NULL) { 306 printf("%s: [Null key]\n", str); 307 return; 308 } 309 printf("%s: len %u, ", str, key->keylen); 310 if (key->keylen) { 311 for (i = 0; i < key->keylen; i++) 312 printf("%02x", key->key[i]); 313 printf("\n"); 314 } else { 315 printf("[Null key]\n"); 316 } 317 } 318 319 static uint32_t 320 sctp_get_keylen(sctp_key_t * key) 321 { 322 if (key != NULL) 323 return (key->keylen); 324 else 325 return (0); 326 } 327 328 /* 329 * generate a new random key of length 'keylen' 330 */ 331 sctp_key_t * 332 sctp_generate_random_key(uint32_t keylen) 333 { 334 sctp_key_t *new_key; 335 336 /* validate keylen */ 337 if (keylen > SCTP_AUTH_RANDOM_SIZE_MAX) 338 keylen = SCTP_AUTH_RANDOM_SIZE_MAX; 339 340 new_key = sctp_alloc_key(keylen); 341 if (new_key == NULL) { 342 /* out of memory */ 343 return (NULL); 344 } 345 SCTP_READ_RANDOM(new_key->key, keylen); 346 new_key->keylen = keylen; 347 return (new_key); 348 } 349 350 sctp_key_t * 351 sctp_set_key(uint8_t * key, uint32_t keylen) 352 { 353 sctp_key_t *new_key; 354 355 new_key = sctp_alloc_key(keylen); 356 if (new_key == NULL) { 357 /* out of memory */ 358 return (NULL); 359 } 360 bcopy(key, new_key->key, keylen); 361 return (new_key); 362 } 363 364 /*- 365 * given two keys of variable size, compute which key is "larger/smaller" 366 * returns: 1 if key1 > key2 367 * -1 if key1 < key2 368 * 0 if key1 = key2 369 */ 370 static int 371 sctp_compare_key(sctp_key_t * key1, sctp_key_t * key2) 372 { 373 uint32_t maxlen; 374 uint32_t i; 375 uint32_t key1len, key2len; 376 uint8_t *key_1, *key_2; 377 uint8_t temp[SCTP_AUTH_RANDOM_SIZE_MAX]; 378 379 /* sanity/length check */ 380 key1len = sctp_get_keylen(key1); 381 key2len = sctp_get_keylen(key2); 382 if ((key1len == 0) && (key2len == 0)) 383 return (0); 384 else if (key1len == 0) 385 return (-1); 386 else if (key2len == 0) 387 return (1); 388 389 if (key1len != key2len) { 390 if (key1len >= key2len) 391 maxlen = key1len; 392 else 393 maxlen = key2len; 394 bzero(temp, maxlen); 395 if (key1len < maxlen) { 396 /* prepend zeroes to key1 */ 397 bcopy(key1->key, temp + (maxlen - key1len), key1len); 398 key_1 = temp; 399 key_2 = key2->key; 400 } else { 401 /* prepend zeroes to key2 */ 402 bcopy(key2->key, temp + (maxlen - key2len), key2len); 403 key_1 = key1->key; 404 key_2 = temp; 405 } 406 } else { 407 maxlen = key1len; 408 key_1 = key1->key; 409 key_2 = key2->key; 410 } 411 412 for (i = 0; i < maxlen; i++) { 413 if (*key_1 > *key_2) 414 return (1); 415 else if (*key_1 < *key_2) 416 return (-1); 417 key_1++; 418 key_2++; 419 } 420 421 /* keys are equal value, so check lengths */ 422 if (key1len == key2len) 423 return (0); 424 else if (key1len < key2len) 425 return (-1); 426 else 427 return (1); 428 } 429 430 /* 431 * generate the concatenated keying material based on the two keys and the 432 * shared key (if available). draft-ietf-tsvwg-auth specifies the specific 433 * order for concatenation 434 */ 435 sctp_key_t * 436 sctp_compute_hashkey(sctp_key_t * key1, sctp_key_t * key2, sctp_key_t * shared) 437 { 438 uint32_t keylen; 439 sctp_key_t *new_key; 440 uint8_t *key_ptr; 441 442 keylen = sctp_get_keylen(key1) + sctp_get_keylen(key2) + 443 sctp_get_keylen(shared); 444 445 if (keylen > 0) { 446 /* get space for the new key */ 447 new_key = sctp_alloc_key(keylen); 448 if (new_key == NULL) { 449 /* out of memory */ 450 return (NULL); 451 } 452 new_key->keylen = keylen; 453 key_ptr = new_key->key; 454 } else { 455 /* all keys empty/null?! */ 456 return (NULL); 457 } 458 459 /* concatenate the keys */ 460 if (sctp_compare_key(key1, key2) <= 0) { 461 /* key is shared + key1 + key2 */ 462 if (sctp_get_keylen(shared)) { 463 bcopy(shared->key, key_ptr, shared->keylen); 464 key_ptr += shared->keylen; 465 } 466 if (sctp_get_keylen(key1)) { 467 bcopy(key1->key, key_ptr, key1->keylen); 468 key_ptr += key1->keylen; 469 } 470 if (sctp_get_keylen(key2)) { 471 bcopy(key2->key, key_ptr, key2->keylen); 472 key_ptr += key2->keylen; 473 } 474 } else { 475 /* key is shared + key2 + key1 */ 476 if (sctp_get_keylen(shared)) { 477 bcopy(shared->key, key_ptr, shared->keylen); 478 key_ptr += shared->keylen; 479 } 480 if (sctp_get_keylen(key2)) { 481 bcopy(key2->key, key_ptr, key2->keylen); 482 key_ptr += key2->keylen; 483 } 484 if (sctp_get_keylen(key1)) { 485 bcopy(key1->key, key_ptr, key1->keylen); 486 key_ptr += key1->keylen; 487 } 488 } 489 return (new_key); 490 } 491 492 493 sctp_sharedkey_t * 494 sctp_alloc_sharedkey(void) 495 { 496 sctp_sharedkey_t *new_key; 497 498 SCTP_MALLOC(new_key, sctp_sharedkey_t *, sizeof(*new_key), 499 SCTP_M_AUTH_KY); 500 if (new_key == NULL) { 501 /* out of memory */ 502 return (NULL); 503 } 504 new_key->keyid = 0; 505 new_key->key = NULL; 506 new_key->refcount = 1; 507 new_key->deactivated = 0; 508 return (new_key); 509 } 510 511 void 512 sctp_free_sharedkey(sctp_sharedkey_t * skey) 513 { 514 if (skey == NULL) 515 return; 516 517 if (SCTP_DECREMENT_AND_CHECK_REFCOUNT(&skey->refcount)) { 518 if (skey->key != NULL) 519 sctp_free_key(skey->key); 520 SCTP_FREE(skey, SCTP_M_AUTH_KY); 521 } 522 } 523 524 sctp_sharedkey_t * 525 sctp_find_sharedkey(struct sctp_keyhead *shared_keys, uint16_t key_id) 526 { 527 sctp_sharedkey_t *skey; 528 529 LIST_FOREACH(skey, shared_keys, next) { 530 if (skey->keyid == key_id) 531 return (skey); 532 } 533 return (NULL); 534 } 535 536 int 537 sctp_insert_sharedkey(struct sctp_keyhead *shared_keys, 538 sctp_sharedkey_t * new_skey) 539 { 540 sctp_sharedkey_t *skey; 541 542 if ((shared_keys == NULL) || (new_skey == NULL)) 543 return (EINVAL); 544 545 /* insert into an empty list? */ 546 if (LIST_EMPTY(shared_keys)) { 547 LIST_INSERT_HEAD(shared_keys, new_skey, next); 548 return (0); 549 } 550 /* insert into the existing list, ordered by key id */ 551 LIST_FOREACH(skey, shared_keys, next) { 552 if (new_skey->keyid < skey->keyid) { 553 /* insert it before here */ 554 LIST_INSERT_BEFORE(skey, new_skey, next); 555 return (0); 556 } else if (new_skey->keyid == skey->keyid) { 557 /* replace the existing key */ 558 /* verify this key *can* be replaced */ 559 if ((skey->deactivated) && (skey->refcount > 1)) { 560 SCTPDBG(SCTP_DEBUG_AUTH1, 561 "can't replace shared key id %u\n", 562 new_skey->keyid); 563 return (EBUSY); 564 } 565 SCTPDBG(SCTP_DEBUG_AUTH1, 566 "replacing shared key id %u\n", 567 new_skey->keyid); 568 LIST_INSERT_BEFORE(skey, new_skey, next); 569 LIST_REMOVE(skey, next); 570 sctp_free_sharedkey(skey); 571 return (0); 572 } 573 if (LIST_NEXT(skey, next) == NULL) { 574 /* belongs at the end of the list */ 575 LIST_INSERT_AFTER(skey, new_skey, next); 576 return (0); 577 } 578 } 579 /* shouldn't reach here */ 580 return (0); 581 } 582 583 void 584 sctp_auth_key_acquire(struct sctp_tcb *stcb, uint16_t key_id) 585 { 586 sctp_sharedkey_t *skey; 587 588 /* find the shared key */ 589 skey = sctp_find_sharedkey(&stcb->asoc.shared_keys, key_id); 590 591 /* bump the ref count */ 592 if (skey) { 593 atomic_add_int(&skey->refcount, 1); 594 SCTPDBG(SCTP_DEBUG_AUTH2, 595 "%s: stcb %p key %u refcount acquire to %d\n", 596 __FUNCTION__, stcb, key_id, skey->refcount); 597 } 598 } 599 600 void 601 sctp_auth_key_release(struct sctp_tcb *stcb, uint16_t key_id) 602 { 603 sctp_sharedkey_t *skey; 604 605 /* find the shared key */ 606 skey = sctp_find_sharedkey(&stcb->asoc.shared_keys, key_id); 607 608 /* decrement the ref count */ 609 if (skey) { 610 sctp_free_sharedkey(skey); 611 SCTPDBG(SCTP_DEBUG_AUTH2, 612 "%s: stcb %p key %u refcount release to %d\n", 613 __FUNCTION__, stcb, key_id, skey->refcount); 614 615 /* see if a notification should be generated */ 616 if ((skey->refcount <= 1) && (skey->deactivated)) { 617 /* notify ULP that key is no longer used */ 618 sctp_ulp_notify(SCTP_NOTIFY_AUTH_FREE_KEY, stcb, 619 key_id, 0, SCTP_SO_LOCKED); 620 SCTPDBG(SCTP_DEBUG_AUTH2, 621 "%s: stcb %p key %u no longer used, %d\n", 622 __FUNCTION__, stcb, key_id, skey->refcount); 623 } 624 } 625 } 626 627 static sctp_sharedkey_t * 628 sctp_copy_sharedkey(const sctp_sharedkey_t * skey) 629 { 630 sctp_sharedkey_t *new_skey; 631 632 if (skey == NULL) 633 return (NULL); 634 new_skey = sctp_alloc_sharedkey(); 635 if (new_skey == NULL) 636 return (NULL); 637 if (skey->key != NULL) 638 new_skey->key = sctp_set_key(skey->key->key, skey->key->keylen); 639 else 640 new_skey->key = NULL; 641 new_skey->keyid = skey->keyid; 642 return (new_skey); 643 } 644 645 int 646 sctp_copy_skeylist(const struct sctp_keyhead *src, struct sctp_keyhead *dest) 647 { 648 sctp_sharedkey_t *skey, *new_skey; 649 int count = 0; 650 651 if ((src == NULL) || (dest == NULL)) 652 return (0); 653 LIST_FOREACH(skey, src, next) { 654 new_skey = sctp_copy_sharedkey(skey); 655 if (new_skey != NULL) { 656 (void)sctp_insert_sharedkey(dest, new_skey); 657 count++; 658 } 659 } 660 return (count); 661 } 662 663 664 sctp_hmaclist_t * 665 sctp_alloc_hmaclist(uint8_t num_hmacs) 666 { 667 sctp_hmaclist_t *new_list; 668 int alloc_size; 669 670 alloc_size = sizeof(*new_list) + num_hmacs * sizeof(new_list->hmac[0]); 671 SCTP_MALLOC(new_list, sctp_hmaclist_t *, alloc_size, 672 SCTP_M_AUTH_HL); 673 if (new_list == NULL) { 674 /* out of memory */ 675 return (NULL); 676 } 677 new_list->max_algo = num_hmacs; 678 new_list->num_algo = 0; 679 return (new_list); 680 } 681 682 void 683 sctp_free_hmaclist(sctp_hmaclist_t * list) 684 { 685 if (list != NULL) { 686 SCTP_FREE(list, SCTP_M_AUTH_HL); 687 list = NULL; 688 } 689 } 690 691 int 692 sctp_auth_add_hmacid(sctp_hmaclist_t * list, uint16_t hmac_id) 693 { 694 int i; 695 696 if (list == NULL) 697 return (-1); 698 if (list->num_algo == list->max_algo) { 699 SCTPDBG(SCTP_DEBUG_AUTH1, 700 "SCTP: HMAC id list full, ignoring add %u\n", hmac_id); 701 return (-1); 702 } 703 if ((hmac_id != SCTP_AUTH_HMAC_ID_SHA1) && 704 #ifdef HAVE_SHA224 705 (hmac_id != SCTP_AUTH_HMAC_ID_SHA224) && 706 #endif 707 #ifdef HAVE_SHA2 708 (hmac_id != SCTP_AUTH_HMAC_ID_SHA256) && 709 (hmac_id != SCTP_AUTH_HMAC_ID_SHA384) && 710 (hmac_id != SCTP_AUTH_HMAC_ID_SHA512) && 711 #endif 712 1) { 713 return (-1); 714 } 715 /* Now is it already in the list */ 716 for (i = 0; i < list->num_algo; i++) { 717 if (list->hmac[i] == hmac_id) { 718 /* already in list */ 719 return (-1); 720 } 721 } 722 SCTPDBG(SCTP_DEBUG_AUTH1, "SCTP: add HMAC id %u to list\n", hmac_id); 723 list->hmac[list->num_algo++] = hmac_id; 724 return (0); 725 } 726 727 sctp_hmaclist_t * 728 sctp_copy_hmaclist(sctp_hmaclist_t * list) 729 { 730 sctp_hmaclist_t *new_list; 731 int i; 732 733 if (list == NULL) 734 return (NULL); 735 /* get a new list */ 736 new_list = sctp_alloc_hmaclist(list->max_algo); 737 if (new_list == NULL) 738 return (NULL); 739 /* copy it */ 740 new_list->max_algo = list->max_algo; 741 new_list->num_algo = list->num_algo; 742 for (i = 0; i < list->num_algo; i++) 743 new_list->hmac[i] = list->hmac[i]; 744 return (new_list); 745 } 746 747 sctp_hmaclist_t * 748 sctp_default_supported_hmaclist(void) 749 { 750 sctp_hmaclist_t *new_list; 751 752 new_list = sctp_alloc_hmaclist(2); 753 if (new_list == NULL) 754 return (NULL); 755 (void)sctp_auth_add_hmacid(new_list, SCTP_AUTH_HMAC_ID_SHA1); 756 (void)sctp_auth_add_hmacid(new_list, SCTP_AUTH_HMAC_ID_SHA256); 757 return (new_list); 758 } 759 760 /*- 761 * HMAC algos are listed in priority/preference order 762 * find the best HMAC id to use for the peer based on local support 763 */ 764 uint16_t 765 sctp_negotiate_hmacid(sctp_hmaclist_t * peer, sctp_hmaclist_t * local) 766 { 767 int i, j; 768 769 if ((local == NULL) || (peer == NULL)) 770 return (SCTP_AUTH_HMAC_ID_RSVD); 771 772 for (i = 0; i < peer->num_algo; i++) { 773 for (j = 0; j < local->num_algo; j++) { 774 if (peer->hmac[i] == local->hmac[j]) { 775 /* found the "best" one */ 776 SCTPDBG(SCTP_DEBUG_AUTH1, 777 "SCTP: negotiated peer HMAC id %u\n", 778 peer->hmac[i]); 779 return (peer->hmac[i]); 780 } 781 } 782 } 783 /* didn't find one! */ 784 return (SCTP_AUTH_HMAC_ID_RSVD); 785 } 786 787 /*- 788 * serialize the HMAC algo list and return space used 789 * caller must guarantee ptr has appropriate space 790 */ 791 int 792 sctp_serialize_hmaclist(sctp_hmaclist_t * list, uint8_t * ptr) 793 { 794 int i; 795 uint16_t hmac_id; 796 797 if (list == NULL) 798 return (0); 799 800 for (i = 0; i < list->num_algo; i++) { 801 hmac_id = htons(list->hmac[i]); 802 bcopy(&hmac_id, ptr, sizeof(hmac_id)); 803 ptr += sizeof(hmac_id); 804 } 805 return (list->num_algo * sizeof(hmac_id)); 806 } 807 808 int 809 sctp_verify_hmac_param(struct sctp_auth_hmac_algo *hmacs, uint32_t num_hmacs) 810 { 811 uint32_t i; 812 uint16_t hmac_id; 813 uint32_t sha1_supported = 0; 814 815 for (i = 0; i < num_hmacs; i++) { 816 hmac_id = ntohs(hmacs->hmac_ids[i]); 817 if (hmac_id == SCTP_AUTH_HMAC_ID_SHA1) 818 sha1_supported = 1; 819 } 820 /* all HMAC id's are supported */ 821 if (sha1_supported == 0) 822 return (-1); 823 else 824 return (0); 825 } 826 827 sctp_authinfo_t * 828 sctp_alloc_authinfo(void) 829 { 830 sctp_authinfo_t *new_authinfo; 831 832 SCTP_MALLOC(new_authinfo, sctp_authinfo_t *, sizeof(*new_authinfo), 833 SCTP_M_AUTH_IF); 834 835 if (new_authinfo == NULL) { 836 /* out of memory */ 837 return (NULL); 838 } 839 bzero(new_authinfo, sizeof(*new_authinfo)); 840 return (new_authinfo); 841 } 842 843 void 844 sctp_free_authinfo(sctp_authinfo_t * authinfo) 845 { 846 if (authinfo == NULL) 847 return; 848 849 if (authinfo->random != NULL) 850 sctp_free_key(authinfo->random); 851 if (authinfo->peer_random != NULL) 852 sctp_free_key(authinfo->peer_random); 853 if (authinfo->assoc_key != NULL) 854 sctp_free_key(authinfo->assoc_key); 855 if (authinfo->recv_key != NULL) 856 sctp_free_key(authinfo->recv_key); 857 858 /* We are NOT dynamically allocating authinfo's right now... */ 859 /* SCTP_FREE(authinfo, SCTP_M_AUTH_??); */ 860 } 861 862 863 uint32_t 864 sctp_get_auth_chunk_len(uint16_t hmac_algo) 865 { 866 int size; 867 868 size = sizeof(struct sctp_auth_chunk) + sctp_get_hmac_digest_len(hmac_algo); 869 return (SCTP_SIZE32(size)); 870 } 871 872 uint32_t 873 sctp_get_hmac_digest_len(uint16_t hmac_algo) 874 { 875 switch (hmac_algo) { 876 case SCTP_AUTH_HMAC_ID_SHA1: 877 return (SCTP_AUTH_DIGEST_LEN_SHA1); 878 #ifdef HAVE_SHA224 879 case SCTP_AUTH_HMAC_ID_SHA224: 880 return (SCTP_AUTH_DIGEST_LEN_SHA224); 881 #endif 882 #ifdef HAVE_SHA2 883 case SCTP_AUTH_HMAC_ID_SHA256: 884 return (SCTP_AUTH_DIGEST_LEN_SHA256); 885 case SCTP_AUTH_HMAC_ID_SHA384: 886 return (SCTP_AUTH_DIGEST_LEN_SHA384); 887 case SCTP_AUTH_HMAC_ID_SHA512: 888 return (SCTP_AUTH_DIGEST_LEN_SHA512); 889 #endif 890 default: 891 /* unknown HMAC algorithm: can't do anything */ 892 return (0); 893 } /* end switch */ 894 } 895 896 static inline int 897 sctp_get_hmac_block_len(uint16_t hmac_algo) 898 { 899 switch (hmac_algo) { 900 case SCTP_AUTH_HMAC_ID_SHA1: 901 #ifdef HAVE_SHA224 902 case SCTP_AUTH_HMAC_ID_SHA224: 903 #endif 904 return (64); 905 #ifdef HAVE_SHA2 906 case SCTP_AUTH_HMAC_ID_SHA256: 907 return (64); 908 case SCTP_AUTH_HMAC_ID_SHA384: 909 case SCTP_AUTH_HMAC_ID_SHA512: 910 return (128); 911 #endif 912 case SCTP_AUTH_HMAC_ID_RSVD: 913 default: 914 /* unknown HMAC algorithm: can't do anything */ 915 return (0); 916 } /* end switch */ 917 } 918 919 static void 920 sctp_hmac_init(uint16_t hmac_algo, sctp_hash_context_t * ctx) 921 { 922 switch (hmac_algo) { 923 case SCTP_AUTH_HMAC_ID_SHA1: 924 SHA1_Init(&ctx->sha1); 925 break; 926 #ifdef HAVE_SHA224 927 case SCTP_AUTH_HMAC_ID_SHA224: 928 break; 929 #endif 930 #ifdef HAVE_SHA2 931 case SCTP_AUTH_HMAC_ID_SHA256: 932 SHA256_Init(&ctx->sha256); 933 break; 934 case SCTP_AUTH_HMAC_ID_SHA384: 935 SHA384_Init(&ctx->sha384); 936 break; 937 case SCTP_AUTH_HMAC_ID_SHA512: 938 SHA512_Init(&ctx->sha512); 939 break; 940 #endif 941 case SCTP_AUTH_HMAC_ID_RSVD: 942 default: 943 /* unknown HMAC algorithm: can't do anything */ 944 return; 945 } /* end switch */ 946 } 947 948 static void 949 sctp_hmac_update(uint16_t hmac_algo, sctp_hash_context_t * ctx, 950 uint8_t * text, uint32_t textlen) 951 { 952 switch (hmac_algo) { 953 case SCTP_AUTH_HMAC_ID_SHA1: 954 SHA1_Update(&ctx->sha1, text, textlen); 955 break; 956 #ifdef HAVE_SHA224 957 case SCTP_AUTH_HMAC_ID_SHA224: 958 break; 959 #endif 960 #ifdef HAVE_SHA2 961 case SCTP_AUTH_HMAC_ID_SHA256: 962 SHA256_Update(&ctx->sha256, text, textlen); 963 break; 964 case SCTP_AUTH_HMAC_ID_SHA384: 965 SHA384_Update(&ctx->sha384, text, textlen); 966 break; 967 case SCTP_AUTH_HMAC_ID_SHA512: 968 SHA512_Update(&ctx->sha512, text, textlen); 969 break; 970 #endif 971 case SCTP_AUTH_HMAC_ID_RSVD: 972 default: 973 /* unknown HMAC algorithm: can't do anything */ 974 return; 975 } /* end switch */ 976 } 977 978 static void 979 sctp_hmac_final(uint16_t hmac_algo, sctp_hash_context_t * ctx, 980 uint8_t * digest) 981 { 982 switch (hmac_algo) { 983 case SCTP_AUTH_HMAC_ID_SHA1: 984 SHA1_Final(digest, &ctx->sha1); 985 break; 986 #ifdef HAVE_SHA224 987 case SCTP_AUTH_HMAC_ID_SHA224: 988 break; 989 #endif 990 #ifdef HAVE_SHA2 991 case SCTP_AUTH_HMAC_ID_SHA256: 992 SHA256_Final(digest, &ctx->sha256); 993 break; 994 case SCTP_AUTH_HMAC_ID_SHA384: 995 /* SHA384 is truncated SHA512 */ 996 SHA384_Final(digest, &ctx->sha384); 997 break; 998 case SCTP_AUTH_HMAC_ID_SHA512: 999 SHA512_Final(digest, &ctx->sha512); 1000 break; 1001 #endif 1002 case SCTP_AUTH_HMAC_ID_RSVD: 1003 default: 1004 /* unknown HMAC algorithm: can't do anything */ 1005 return; 1006 } /* end switch */ 1007 } 1008 1009 /*- 1010 * Keyed-Hashing for Message Authentication: FIPS 198 (RFC 2104) 1011 * 1012 * Compute the HMAC digest using the desired hash key, text, and HMAC 1013 * algorithm. Resulting digest is placed in 'digest' and digest length 1014 * is returned, if the HMAC was performed. 1015 * 1016 * WARNING: it is up to the caller to supply sufficient space to hold the 1017 * resultant digest. 1018 */ 1019 uint32_t 1020 sctp_hmac(uint16_t hmac_algo, uint8_t * key, uint32_t keylen, 1021 uint8_t * text, uint32_t textlen, uint8_t * digest) 1022 { 1023 uint32_t digestlen; 1024 uint32_t blocklen; 1025 sctp_hash_context_t ctx; 1026 uint8_t ipad[128], opad[128]; /* keyed hash inner/outer pads */ 1027 uint8_t temp[SCTP_AUTH_DIGEST_LEN_MAX]; 1028 uint32_t i; 1029 1030 /* sanity check the material and length */ 1031 if ((key == NULL) || (keylen == 0) || (text == NULL) || 1032 (textlen == 0) || (digest == NULL)) { 1033 /* can't do HMAC with empty key or text or digest store */ 1034 return (0); 1035 } 1036 /* validate the hmac algo and get the digest length */ 1037 digestlen = sctp_get_hmac_digest_len(hmac_algo); 1038 if (digestlen == 0) 1039 return (0); 1040 1041 /* hash the key if it is longer than the hash block size */ 1042 blocklen = sctp_get_hmac_block_len(hmac_algo); 1043 if (keylen > blocklen) { 1044 sctp_hmac_init(hmac_algo, &ctx); 1045 sctp_hmac_update(hmac_algo, &ctx, key, keylen); 1046 sctp_hmac_final(hmac_algo, &ctx, temp); 1047 /* set the hashed key as the key */ 1048 keylen = digestlen; 1049 key = temp; 1050 } 1051 /* initialize the inner/outer pads with the key and "append" zeroes */ 1052 bzero(ipad, blocklen); 1053 bzero(opad, blocklen); 1054 bcopy(key, ipad, keylen); 1055 bcopy(key, opad, keylen); 1056 1057 /* XOR the key with ipad and opad values */ 1058 for (i = 0; i < blocklen; i++) { 1059 ipad[i] ^= 0x36; 1060 opad[i] ^= 0x5c; 1061 } 1062 1063 /* perform inner hash */ 1064 sctp_hmac_init(hmac_algo, &ctx); 1065 sctp_hmac_update(hmac_algo, &ctx, ipad, blocklen); 1066 sctp_hmac_update(hmac_algo, &ctx, text, textlen); 1067 sctp_hmac_final(hmac_algo, &ctx, temp); 1068 1069 /* perform outer hash */ 1070 sctp_hmac_init(hmac_algo, &ctx); 1071 sctp_hmac_update(hmac_algo, &ctx, opad, blocklen); 1072 sctp_hmac_update(hmac_algo, &ctx, temp, digestlen); 1073 sctp_hmac_final(hmac_algo, &ctx, digest); 1074 1075 return (digestlen); 1076 } 1077 1078 /* mbuf version */ 1079 uint32_t 1080 sctp_hmac_m(uint16_t hmac_algo, uint8_t * key, uint32_t keylen, 1081 struct mbuf *m, uint32_t m_offset, uint8_t * digest, uint32_t trailer) 1082 { 1083 uint32_t digestlen; 1084 uint32_t blocklen; 1085 sctp_hash_context_t ctx; 1086 uint8_t ipad[128], opad[128]; /* keyed hash inner/outer pads */ 1087 uint8_t temp[SCTP_AUTH_DIGEST_LEN_MAX]; 1088 uint32_t i; 1089 struct mbuf *m_tmp; 1090 1091 /* sanity check the material and length */ 1092 if ((key == NULL) || (keylen == 0) || (m == NULL) || (digest == NULL)) { 1093 /* can't do HMAC with empty key or text or digest store */ 1094 return (0); 1095 } 1096 /* validate the hmac algo and get the digest length */ 1097 digestlen = sctp_get_hmac_digest_len(hmac_algo); 1098 if (digestlen == 0) 1099 return (0); 1100 1101 /* hash the key if it is longer than the hash block size */ 1102 blocklen = sctp_get_hmac_block_len(hmac_algo); 1103 if (keylen > blocklen) { 1104 sctp_hmac_init(hmac_algo, &ctx); 1105 sctp_hmac_update(hmac_algo, &ctx, key, keylen); 1106 sctp_hmac_final(hmac_algo, &ctx, temp); 1107 /* set the hashed key as the key */ 1108 keylen = digestlen; 1109 key = temp; 1110 } 1111 /* initialize the inner/outer pads with the key and "append" zeroes */ 1112 bzero(ipad, blocklen); 1113 bzero(opad, blocklen); 1114 bcopy(key, ipad, keylen); 1115 bcopy(key, opad, keylen); 1116 1117 /* XOR the key with ipad and opad values */ 1118 for (i = 0; i < blocklen; i++) { 1119 ipad[i] ^= 0x36; 1120 opad[i] ^= 0x5c; 1121 } 1122 1123 /* perform inner hash */ 1124 sctp_hmac_init(hmac_algo, &ctx); 1125 sctp_hmac_update(hmac_algo, &ctx, ipad, blocklen); 1126 /* find the correct starting mbuf and offset (get start of text) */ 1127 m_tmp = m; 1128 while ((m_tmp != NULL) && (m_offset >= (uint32_t) SCTP_BUF_LEN(m_tmp))) { 1129 m_offset -= SCTP_BUF_LEN(m_tmp); 1130 m_tmp = SCTP_BUF_NEXT(m_tmp); 1131 } 1132 /* now use the rest of the mbuf chain for the text */ 1133 while (m_tmp != NULL) { 1134 if ((SCTP_BUF_NEXT(m_tmp) == NULL) && trailer) { 1135 sctp_hmac_update(hmac_algo, &ctx, mtod(m_tmp, uint8_t *) + m_offset, 1136 SCTP_BUF_LEN(m_tmp) - (trailer + m_offset)); 1137 } else { 1138 sctp_hmac_update(hmac_algo, &ctx, mtod(m_tmp, uint8_t *) + m_offset, 1139 SCTP_BUF_LEN(m_tmp) - m_offset); 1140 } 1141 1142 /* clear the offset since it's only for the first mbuf */ 1143 m_offset = 0; 1144 m_tmp = SCTP_BUF_NEXT(m_tmp); 1145 } 1146 sctp_hmac_final(hmac_algo, &ctx, temp); 1147 1148 /* perform outer hash */ 1149 sctp_hmac_init(hmac_algo, &ctx); 1150 sctp_hmac_update(hmac_algo, &ctx, opad, blocklen); 1151 sctp_hmac_update(hmac_algo, &ctx, temp, digestlen); 1152 sctp_hmac_final(hmac_algo, &ctx, digest); 1153 1154 return (digestlen); 1155 } 1156 1157 /*- 1158 * verify the HMAC digest using the desired hash key, text, and HMAC 1159 * algorithm. 1160 * Returns -1 on error, 0 on success. 1161 */ 1162 int 1163 sctp_verify_hmac(uint16_t hmac_algo, uint8_t * key, uint32_t keylen, 1164 uint8_t * text, uint32_t textlen, 1165 uint8_t * digest, uint32_t digestlen) 1166 { 1167 uint32_t len; 1168 uint8_t temp[SCTP_AUTH_DIGEST_LEN_MAX]; 1169 1170 /* sanity check the material and length */ 1171 if ((key == NULL) || (keylen == 0) || 1172 (text == NULL) || (textlen == 0) || (digest == NULL)) { 1173 /* can't do HMAC with empty key or text or digest */ 1174 return (-1); 1175 } 1176 len = sctp_get_hmac_digest_len(hmac_algo); 1177 if ((len == 0) || (digestlen != len)) 1178 return (-1); 1179 1180 /* compute the expected hash */ 1181 if (sctp_hmac(hmac_algo, key, keylen, text, textlen, temp) != len) 1182 return (-1); 1183 1184 if (memcmp(digest, temp, digestlen) != 0) 1185 return (-1); 1186 else 1187 return (0); 1188 } 1189 1190 1191 /* 1192 * computes the requested HMAC using a key struct (which may be modified if 1193 * the keylen exceeds the HMAC block len). 1194 */ 1195 uint32_t 1196 sctp_compute_hmac(uint16_t hmac_algo, sctp_key_t * key, uint8_t * text, 1197 uint32_t textlen, uint8_t * digest) 1198 { 1199 uint32_t digestlen; 1200 uint32_t blocklen; 1201 sctp_hash_context_t ctx; 1202 uint8_t temp[SCTP_AUTH_DIGEST_LEN_MAX]; 1203 1204 /* sanity check */ 1205 if ((key == NULL) || (text == NULL) || (textlen == 0) || 1206 (digest == NULL)) { 1207 /* can't do HMAC with empty key or text or digest store */ 1208 return (0); 1209 } 1210 /* validate the hmac algo and get the digest length */ 1211 digestlen = sctp_get_hmac_digest_len(hmac_algo); 1212 if (digestlen == 0) 1213 return (0); 1214 1215 /* hash the key if it is longer than the hash block size */ 1216 blocklen = sctp_get_hmac_block_len(hmac_algo); 1217 if (key->keylen > blocklen) { 1218 sctp_hmac_init(hmac_algo, &ctx); 1219 sctp_hmac_update(hmac_algo, &ctx, key->key, key->keylen); 1220 sctp_hmac_final(hmac_algo, &ctx, temp); 1221 /* save the hashed key as the new key */ 1222 key->keylen = digestlen; 1223 bcopy(temp, key->key, key->keylen); 1224 } 1225 return (sctp_hmac(hmac_algo, key->key, key->keylen, text, textlen, 1226 digest)); 1227 } 1228 1229 /* mbuf version */ 1230 uint32_t 1231 sctp_compute_hmac_m(uint16_t hmac_algo, sctp_key_t * key, struct mbuf *m, 1232 uint32_t m_offset, uint8_t * digest) 1233 { 1234 uint32_t digestlen; 1235 uint32_t blocklen; 1236 sctp_hash_context_t ctx; 1237 uint8_t temp[SCTP_AUTH_DIGEST_LEN_MAX]; 1238 1239 /* sanity check */ 1240 if ((key == NULL) || (m == NULL) || (digest == NULL)) { 1241 /* can't do HMAC with empty key or text or digest store */ 1242 return (0); 1243 } 1244 /* validate the hmac algo and get the digest length */ 1245 digestlen = sctp_get_hmac_digest_len(hmac_algo); 1246 if (digestlen == 0) 1247 return (0); 1248 1249 /* hash the key if it is longer than the hash block size */ 1250 blocklen = sctp_get_hmac_block_len(hmac_algo); 1251 if (key->keylen > blocklen) { 1252 sctp_hmac_init(hmac_algo, &ctx); 1253 sctp_hmac_update(hmac_algo, &ctx, key->key, key->keylen); 1254 sctp_hmac_final(hmac_algo, &ctx, temp); 1255 /* save the hashed key as the new key */ 1256 key->keylen = digestlen; 1257 bcopy(temp, key->key, key->keylen); 1258 } 1259 return (sctp_hmac_m(hmac_algo, key->key, key->keylen, m, m_offset, digest, 0)); 1260 } 1261 1262 int 1263 sctp_auth_is_supported_hmac(sctp_hmaclist_t * list, uint16_t id) 1264 { 1265 int i; 1266 1267 if ((list == NULL) || (id == SCTP_AUTH_HMAC_ID_RSVD)) 1268 return (0); 1269 1270 for (i = 0; i < list->num_algo; i++) 1271 if (list->hmac[i] == id) 1272 return (1); 1273 1274 /* not in the list */ 1275 return (0); 1276 } 1277 1278 1279 /*- 1280 * clear any cached key(s) if they match the given key id on an association. 1281 * the cached key(s) will be recomputed and re-cached at next use. 1282 * ASSUMES TCB_LOCK is already held 1283 */ 1284 void 1285 sctp_clear_cachedkeys(struct sctp_tcb *stcb, uint16_t keyid) 1286 { 1287 if (stcb == NULL) 1288 return; 1289 1290 if (keyid == stcb->asoc.authinfo.assoc_keyid) { 1291 sctp_free_key(stcb->asoc.authinfo.assoc_key); 1292 stcb->asoc.authinfo.assoc_key = NULL; 1293 } 1294 if (keyid == stcb->asoc.authinfo.recv_keyid) { 1295 sctp_free_key(stcb->asoc.authinfo.recv_key); 1296 stcb->asoc.authinfo.recv_key = NULL; 1297 } 1298 } 1299 1300 /*- 1301 * clear any cached key(s) if they match the given key id for all assocs on 1302 * an endpoint. 1303 * ASSUMES INP_WLOCK is already held 1304 */ 1305 void 1306 sctp_clear_cachedkeys_ep(struct sctp_inpcb *inp, uint16_t keyid) 1307 { 1308 struct sctp_tcb *stcb; 1309 1310 if (inp == NULL) 1311 return; 1312 1313 /* clear the cached keys on all assocs on this instance */ 1314 LIST_FOREACH(stcb, &inp->sctp_asoc_list, sctp_tcblist) { 1315 SCTP_TCB_LOCK(stcb); 1316 sctp_clear_cachedkeys(stcb, keyid); 1317 SCTP_TCB_UNLOCK(stcb); 1318 } 1319 } 1320 1321 /*- 1322 * delete a shared key from an association 1323 * ASSUMES TCB_LOCK is already held 1324 */ 1325 int 1326 sctp_delete_sharedkey(struct sctp_tcb *stcb, uint16_t keyid) 1327 { 1328 sctp_sharedkey_t *skey; 1329 1330 if (stcb == NULL) 1331 return (-1); 1332 1333 /* is the keyid the assoc active sending key */ 1334 if (keyid == stcb->asoc.authinfo.active_keyid) 1335 return (-1); 1336 1337 /* does the key exist? */ 1338 skey = sctp_find_sharedkey(&stcb->asoc.shared_keys, keyid); 1339 if (skey == NULL) 1340 return (-1); 1341 1342 /* are there other refcount holders on the key? */ 1343 if (skey->refcount > 1) 1344 return (-1); 1345 1346 /* remove it */ 1347 LIST_REMOVE(skey, next); 1348 sctp_free_sharedkey(skey); /* frees skey->key as well */ 1349 1350 /* clear any cached keys */ 1351 sctp_clear_cachedkeys(stcb, keyid); 1352 return (0); 1353 } 1354 1355 /*- 1356 * deletes a shared key from the endpoint 1357 * ASSUMES INP_WLOCK is already held 1358 */ 1359 int 1360 sctp_delete_sharedkey_ep(struct sctp_inpcb *inp, uint16_t keyid) 1361 { 1362 sctp_sharedkey_t *skey; 1363 1364 if (inp == NULL) 1365 return (-1); 1366 1367 /* is the keyid the active sending key on the endpoint */ 1368 if (keyid == inp->sctp_ep.default_keyid) 1369 return (-1); 1370 1371 /* does the key exist? */ 1372 skey = sctp_find_sharedkey(&inp->sctp_ep.shared_keys, keyid); 1373 if (skey == NULL) 1374 return (-1); 1375 1376 /* endpoint keys are not refcounted */ 1377 1378 /* remove it */ 1379 LIST_REMOVE(skey, next); 1380 sctp_free_sharedkey(skey); /* frees skey->key as well */ 1381 1382 /* clear any cached keys */ 1383 sctp_clear_cachedkeys_ep(inp, keyid); 1384 return (0); 1385 } 1386 1387 /*- 1388 * set the active key on an association 1389 * ASSUMES TCB_LOCK is already held 1390 */ 1391 int 1392 sctp_auth_setactivekey(struct sctp_tcb *stcb, uint16_t keyid) 1393 { 1394 sctp_sharedkey_t *skey = NULL; 1395 1396 /* find the key on the assoc */ 1397 skey = sctp_find_sharedkey(&stcb->asoc.shared_keys, keyid); 1398 if (skey == NULL) { 1399 /* that key doesn't exist */ 1400 return (-1); 1401 } 1402 if ((skey->deactivated) && (skey->refcount > 1)) { 1403 /* can't reactivate a deactivated key with other refcounts */ 1404 return (-1); 1405 } 1406 /* set the (new) active key */ 1407 stcb->asoc.authinfo.active_keyid = keyid; 1408 /* reset the deactivated flag */ 1409 skey->deactivated = 0; 1410 1411 return (0); 1412 } 1413 1414 /*- 1415 * set the active key on an endpoint 1416 * ASSUMES INP_WLOCK is already held 1417 */ 1418 int 1419 sctp_auth_setactivekey_ep(struct sctp_inpcb *inp, uint16_t keyid) 1420 { 1421 sctp_sharedkey_t *skey; 1422 1423 /* find the key */ 1424 skey = sctp_find_sharedkey(&inp->sctp_ep.shared_keys, keyid); 1425 if (skey == NULL) { 1426 /* that key doesn't exist */ 1427 return (-1); 1428 } 1429 inp->sctp_ep.default_keyid = keyid; 1430 return (0); 1431 } 1432 1433 /*- 1434 * deactivates a shared key from the association 1435 * ASSUMES INP_WLOCK is already held 1436 */ 1437 int 1438 sctp_deact_sharedkey(struct sctp_tcb *stcb, uint16_t keyid) 1439 { 1440 sctp_sharedkey_t *skey; 1441 1442 if (stcb == NULL) 1443 return (-1); 1444 1445 /* is the keyid the assoc active sending key */ 1446 if (keyid == stcb->asoc.authinfo.active_keyid) 1447 return (-1); 1448 1449 /* does the key exist? */ 1450 skey = sctp_find_sharedkey(&stcb->asoc.shared_keys, keyid); 1451 if (skey == NULL) 1452 return (-1); 1453 1454 /* are there other refcount holders on the key? */ 1455 if (skey->refcount == 1) { 1456 /* no other users, send a notification for this key */ 1457 sctp_ulp_notify(SCTP_NOTIFY_AUTH_FREE_KEY, stcb, keyid, 0, 1458 SCTP_SO_LOCKED); 1459 } 1460 /* mark the key as deactivated */ 1461 skey->deactivated = 1; 1462 1463 return (0); 1464 } 1465 1466 /*- 1467 * deactivates a shared key from the endpoint 1468 * ASSUMES INP_WLOCK is already held 1469 */ 1470 int 1471 sctp_deact_sharedkey_ep(struct sctp_inpcb *inp, uint16_t keyid) 1472 { 1473 sctp_sharedkey_t *skey; 1474 1475 if (inp == NULL) 1476 return (-1); 1477 1478 /* is the keyid the active sending key on the endpoint */ 1479 if (keyid == inp->sctp_ep.default_keyid) 1480 return (-1); 1481 1482 /* does the key exist? */ 1483 skey = sctp_find_sharedkey(&inp->sctp_ep.shared_keys, keyid); 1484 if (skey == NULL) 1485 return (-1); 1486 1487 /* endpoint keys are not refcounted */ 1488 1489 /* remove it */ 1490 LIST_REMOVE(skey, next); 1491 sctp_free_sharedkey(skey); /* frees skey->key as well */ 1492 1493 return (0); 1494 } 1495 1496 /* 1497 * get local authentication parameters from cookie (from INIT-ACK) 1498 */ 1499 void 1500 sctp_auth_get_cookie_params(struct sctp_tcb *stcb, struct mbuf *m, 1501 uint32_t offset, uint32_t length) 1502 { 1503 struct sctp_paramhdr *phdr, tmp_param; 1504 uint16_t plen, ptype; 1505 uint8_t random_store[SCTP_PARAM_BUFFER_SIZE]; 1506 struct sctp_auth_random *p_random = NULL; 1507 uint16_t random_len = 0; 1508 uint8_t hmacs_store[SCTP_PARAM_BUFFER_SIZE]; 1509 struct sctp_auth_hmac_algo *hmacs = NULL; 1510 uint16_t hmacs_len = 0; 1511 uint8_t chunks_store[SCTP_PARAM_BUFFER_SIZE]; 1512 struct sctp_auth_chunk_list *chunks = NULL; 1513 uint16_t num_chunks = 0; 1514 sctp_key_t *new_key; 1515 uint32_t keylen; 1516 1517 /* convert to upper bound */ 1518 length += offset; 1519 1520 phdr = (struct sctp_paramhdr *)sctp_m_getptr(m, offset, 1521 sizeof(struct sctp_paramhdr), (uint8_t *) & tmp_param); 1522 while (phdr != NULL) { 1523 ptype = ntohs(phdr->param_type); 1524 plen = ntohs(phdr->param_length); 1525 1526 if ((plen == 0) || (offset + plen > length)) 1527 break; 1528 1529 if (ptype == SCTP_RANDOM) { 1530 if (plen > sizeof(random_store)) 1531 break; 1532 phdr = sctp_get_next_param(m, offset, 1533 (struct sctp_paramhdr *)random_store, min(plen, sizeof(random_store))); 1534 if (phdr == NULL) 1535 return; 1536 /* save the random and length for the key */ 1537 p_random = (struct sctp_auth_random *)phdr; 1538 random_len = plen - sizeof(*p_random); 1539 } else if (ptype == SCTP_HMAC_LIST) { 1540 int num_hmacs; 1541 int i; 1542 1543 if (plen > sizeof(hmacs_store)) 1544 break; 1545 phdr = sctp_get_next_param(m, offset, 1546 (struct sctp_paramhdr *)hmacs_store, min(plen, sizeof(hmacs_store))); 1547 if (phdr == NULL) 1548 return; 1549 /* save the hmacs list and num for the key */ 1550 hmacs = (struct sctp_auth_hmac_algo *)phdr; 1551 hmacs_len = plen - sizeof(*hmacs); 1552 num_hmacs = hmacs_len / sizeof(hmacs->hmac_ids[0]); 1553 if (stcb->asoc.local_hmacs != NULL) 1554 sctp_free_hmaclist(stcb->asoc.local_hmacs); 1555 stcb->asoc.local_hmacs = sctp_alloc_hmaclist(num_hmacs); 1556 if (stcb->asoc.local_hmacs != NULL) { 1557 for (i = 0; i < num_hmacs; i++) { 1558 (void)sctp_auth_add_hmacid(stcb->asoc.local_hmacs, 1559 ntohs(hmacs->hmac_ids[i])); 1560 } 1561 } 1562 } else if (ptype == SCTP_CHUNK_LIST) { 1563 int i; 1564 1565 if (plen > sizeof(chunks_store)) 1566 break; 1567 phdr = sctp_get_next_param(m, offset, 1568 (struct sctp_paramhdr *)chunks_store, min(plen, sizeof(chunks_store))); 1569 if (phdr == NULL) 1570 return; 1571 chunks = (struct sctp_auth_chunk_list *)phdr; 1572 num_chunks = plen - sizeof(*chunks); 1573 /* save chunks list and num for the key */ 1574 if (stcb->asoc.local_auth_chunks != NULL) 1575 sctp_clear_chunklist(stcb->asoc.local_auth_chunks); 1576 else 1577 stcb->asoc.local_auth_chunks = sctp_alloc_chunklist(); 1578 for (i = 0; i < num_chunks; i++) { 1579 (void)sctp_auth_add_chunk(chunks->chunk_types[i], 1580 stcb->asoc.local_auth_chunks); 1581 } 1582 } 1583 /* get next parameter */ 1584 offset += SCTP_SIZE32(plen); 1585 if (offset + sizeof(struct sctp_paramhdr) > length) 1586 break; 1587 phdr = (struct sctp_paramhdr *)sctp_m_getptr(m, offset, sizeof(struct sctp_paramhdr), 1588 (uint8_t *) & tmp_param); 1589 } 1590 /* concatenate the full random key */ 1591 keylen = sizeof(*p_random) + random_len + sizeof(*hmacs) + hmacs_len; 1592 if (chunks != NULL) { 1593 keylen += sizeof(*chunks) + num_chunks; 1594 } 1595 new_key = sctp_alloc_key(keylen); 1596 if (new_key != NULL) { 1597 /* copy in the RANDOM */ 1598 if (p_random != NULL) { 1599 keylen = sizeof(*p_random) + random_len; 1600 bcopy(p_random, new_key->key, keylen); 1601 } 1602 /* append in the AUTH chunks */ 1603 if (chunks != NULL) { 1604 bcopy(chunks, new_key->key + keylen, 1605 sizeof(*chunks) + num_chunks); 1606 keylen += sizeof(*chunks) + num_chunks; 1607 } 1608 /* append in the HMACs */ 1609 if (hmacs != NULL) { 1610 bcopy(hmacs, new_key->key + keylen, 1611 sizeof(*hmacs) + hmacs_len); 1612 } 1613 } 1614 if (stcb->asoc.authinfo.random != NULL) 1615 sctp_free_key(stcb->asoc.authinfo.random); 1616 stcb->asoc.authinfo.random = new_key; 1617 stcb->asoc.authinfo.random_len = random_len; 1618 sctp_clear_cachedkeys(stcb, stcb->asoc.authinfo.assoc_keyid); 1619 sctp_clear_cachedkeys(stcb, stcb->asoc.authinfo.recv_keyid); 1620 1621 /* negotiate what HMAC to use for the peer */ 1622 stcb->asoc.peer_hmac_id = sctp_negotiate_hmacid(stcb->asoc.peer_hmacs, 1623 stcb->asoc.local_hmacs); 1624 1625 /* copy defaults from the endpoint */ 1626 /* FIX ME: put in cookie? */ 1627 stcb->asoc.authinfo.active_keyid = stcb->sctp_ep->sctp_ep.default_keyid; 1628 /* copy out the shared key list (by reference) from the endpoint */ 1629 (void)sctp_copy_skeylist(&stcb->sctp_ep->sctp_ep.shared_keys, 1630 &stcb->asoc.shared_keys); 1631 } 1632 1633 /* 1634 * compute and fill in the HMAC digest for a packet 1635 */ 1636 void 1637 sctp_fill_hmac_digest_m(struct mbuf *m, uint32_t auth_offset, 1638 struct sctp_auth_chunk *auth, struct sctp_tcb *stcb, uint16_t keyid) 1639 { 1640 uint32_t digestlen; 1641 sctp_sharedkey_t *skey; 1642 sctp_key_t *key; 1643 1644 if ((stcb == NULL) || (auth == NULL)) 1645 return; 1646 1647 /* zero the digest + chunk padding */ 1648 digestlen = sctp_get_hmac_digest_len(stcb->asoc.peer_hmac_id); 1649 bzero(auth->hmac, SCTP_SIZE32(digestlen)); 1650 1651 /* is the desired key cached? */ 1652 if ((keyid != stcb->asoc.authinfo.assoc_keyid) || 1653 (stcb->asoc.authinfo.assoc_key == NULL)) { 1654 if (stcb->asoc.authinfo.assoc_key != NULL) { 1655 /* free the old cached key */ 1656 sctp_free_key(stcb->asoc.authinfo.assoc_key); 1657 } 1658 skey = sctp_find_sharedkey(&stcb->asoc.shared_keys, keyid); 1659 /* the only way skey is NULL is if null key id 0 is used */ 1660 if (skey != NULL) 1661 key = skey->key; 1662 else 1663 key = NULL; 1664 /* compute a new assoc key and cache it */ 1665 stcb->asoc.authinfo.assoc_key = 1666 sctp_compute_hashkey(stcb->asoc.authinfo.random, 1667 stcb->asoc.authinfo.peer_random, key); 1668 stcb->asoc.authinfo.assoc_keyid = keyid; 1669 SCTPDBG(SCTP_DEBUG_AUTH1, "caching key id %u\n", 1670 stcb->asoc.authinfo.assoc_keyid); 1671 #ifdef SCTP_DEBUG 1672 if (SCTP_AUTH_DEBUG) 1673 sctp_print_key(stcb->asoc.authinfo.assoc_key, 1674 "Assoc Key"); 1675 #endif 1676 } 1677 /* set in the active key id */ 1678 auth->shared_key_id = htons(keyid); 1679 1680 /* compute and fill in the digest */ 1681 (void)sctp_compute_hmac_m(stcb->asoc.peer_hmac_id, stcb->asoc.authinfo.assoc_key, 1682 m, auth_offset, auth->hmac); 1683 } 1684 1685 1686 static void 1687 sctp_bzero_m(struct mbuf *m, uint32_t m_offset, uint32_t size) 1688 { 1689 struct mbuf *m_tmp; 1690 uint8_t *data; 1691 1692 /* sanity check */ 1693 if (m == NULL) 1694 return; 1695 1696 /* find the correct starting mbuf and offset (get start position) */ 1697 m_tmp = m; 1698 while ((m_tmp != NULL) && (m_offset >= (uint32_t) SCTP_BUF_LEN(m_tmp))) { 1699 m_offset -= SCTP_BUF_LEN(m_tmp); 1700 m_tmp = SCTP_BUF_NEXT(m_tmp); 1701 } 1702 /* now use the rest of the mbuf chain */ 1703 while ((m_tmp != NULL) && (size > 0)) { 1704 data = mtod(m_tmp, uint8_t *) + m_offset; 1705 if (size > (uint32_t) SCTP_BUF_LEN(m_tmp)) { 1706 bzero(data, SCTP_BUF_LEN(m_tmp)); 1707 size -= SCTP_BUF_LEN(m_tmp); 1708 } else { 1709 bzero(data, size); 1710 size = 0; 1711 } 1712 /* clear the offset since it's only for the first mbuf */ 1713 m_offset = 0; 1714 m_tmp = SCTP_BUF_NEXT(m_tmp); 1715 } 1716 } 1717 1718 /*- 1719 * process the incoming Authentication chunk 1720 * return codes: 1721 * -1 on any authentication error 1722 * 0 on authentication verification 1723 */ 1724 int 1725 sctp_handle_auth(struct sctp_tcb *stcb, struct sctp_auth_chunk *auth, 1726 struct mbuf *m, uint32_t offset) 1727 { 1728 uint16_t chunklen; 1729 uint16_t shared_key_id; 1730 uint16_t hmac_id; 1731 sctp_sharedkey_t *skey; 1732 uint32_t digestlen; 1733 uint8_t digest[SCTP_AUTH_DIGEST_LEN_MAX]; 1734 uint8_t computed_digest[SCTP_AUTH_DIGEST_LEN_MAX]; 1735 1736 /* auth is checked for NULL by caller */ 1737 chunklen = ntohs(auth->ch.chunk_length); 1738 if (chunklen < sizeof(*auth)) { 1739 SCTP_STAT_INCR(sctps_recvauthfailed); 1740 return (-1); 1741 } 1742 SCTP_STAT_INCR(sctps_recvauth); 1743 1744 /* get the auth params */ 1745 shared_key_id = ntohs(auth->shared_key_id); 1746 hmac_id = ntohs(auth->hmac_id); 1747 SCTPDBG(SCTP_DEBUG_AUTH1, 1748 "SCTP AUTH Chunk: shared key %u, HMAC id %u\n", 1749 shared_key_id, hmac_id); 1750 1751 /* is the indicated HMAC supported? */ 1752 if (!sctp_auth_is_supported_hmac(stcb->asoc.local_hmacs, hmac_id)) { 1753 struct mbuf *m_err; 1754 struct sctp_auth_invalid_hmac *err; 1755 1756 SCTP_STAT_INCR(sctps_recvivalhmacid); 1757 SCTPDBG(SCTP_DEBUG_AUTH1, 1758 "SCTP Auth: unsupported HMAC id %u\n", 1759 hmac_id); 1760 /* 1761 * report this in an Error Chunk: Unsupported HMAC 1762 * Identifier 1763 */ 1764 m_err = sctp_get_mbuf_for_msg(sizeof(*err), 0, M_DONTWAIT, 1765 1, MT_HEADER); 1766 if (m_err != NULL) { 1767 /* pre-reserve some space */ 1768 SCTP_BUF_RESV_UF(m_err, sizeof(struct sctp_chunkhdr)); 1769 /* fill in the error */ 1770 err = mtod(m_err, struct sctp_auth_invalid_hmac *); 1771 bzero(err, sizeof(*err)); 1772 err->ph.param_type = htons(SCTP_CAUSE_UNSUPPORTED_HMACID); 1773 err->ph.param_length = htons(sizeof(*err)); 1774 err->hmac_id = ntohs(hmac_id); 1775 SCTP_BUF_LEN(m_err) = sizeof(*err); 1776 /* queue it */ 1777 sctp_queue_op_err(stcb, m_err); 1778 } 1779 return (-1); 1780 } 1781 /* get the indicated shared key, if available */ 1782 if ((stcb->asoc.authinfo.recv_key == NULL) || 1783 (stcb->asoc.authinfo.recv_keyid != shared_key_id)) { 1784 /* find the shared key on the assoc first */ 1785 skey = sctp_find_sharedkey(&stcb->asoc.shared_keys, 1786 shared_key_id); 1787 /* if the shared key isn't found, discard the chunk */ 1788 if (skey == NULL) { 1789 SCTP_STAT_INCR(sctps_recvivalkeyid); 1790 SCTPDBG(SCTP_DEBUG_AUTH1, 1791 "SCTP Auth: unknown key id %u\n", 1792 shared_key_id); 1793 return (-1); 1794 } 1795 /* generate a notification if this is a new key id */ 1796 if (stcb->asoc.authinfo.recv_keyid != shared_key_id) 1797 /* 1798 * sctp_ulp_notify(SCTP_NOTIFY_AUTH_NEW_KEY, stcb, 1799 * shared_key_id, (void 1800 * *)stcb->asoc.authinfo.recv_keyid); 1801 */ 1802 sctp_notify_authentication(stcb, SCTP_AUTH_NEWKEY, 1803 shared_key_id, stcb->asoc.authinfo.recv_keyid, 1804 SCTP_SO_NOT_LOCKED); 1805 /* compute a new recv assoc key and cache it */ 1806 if (stcb->asoc.authinfo.recv_key != NULL) 1807 sctp_free_key(stcb->asoc.authinfo.recv_key); 1808 stcb->asoc.authinfo.recv_key = 1809 sctp_compute_hashkey(stcb->asoc.authinfo.random, 1810 stcb->asoc.authinfo.peer_random, skey->key); 1811 stcb->asoc.authinfo.recv_keyid = shared_key_id; 1812 #ifdef SCTP_DEBUG 1813 if (SCTP_AUTH_DEBUG) 1814 sctp_print_key(stcb->asoc.authinfo.recv_key, "Recv Key"); 1815 #endif 1816 } 1817 /* validate the digest length */ 1818 digestlen = sctp_get_hmac_digest_len(hmac_id); 1819 if (chunklen < (sizeof(*auth) + digestlen)) { 1820 /* invalid digest length */ 1821 SCTP_STAT_INCR(sctps_recvauthfailed); 1822 SCTPDBG(SCTP_DEBUG_AUTH1, 1823 "SCTP Auth: chunk too short for HMAC\n"); 1824 return (-1); 1825 } 1826 /* save a copy of the digest, zero the pseudo header, and validate */ 1827 bcopy(auth->hmac, digest, digestlen); 1828 sctp_bzero_m(m, offset + sizeof(*auth), SCTP_SIZE32(digestlen)); 1829 (void)sctp_compute_hmac_m(hmac_id, stcb->asoc.authinfo.recv_key, 1830 m, offset, computed_digest); 1831 1832 /* compare the computed digest with the one in the AUTH chunk */ 1833 if (memcmp(digest, computed_digest, digestlen) != 0) { 1834 SCTP_STAT_INCR(sctps_recvauthfailed); 1835 SCTPDBG(SCTP_DEBUG_AUTH1, 1836 "SCTP Auth: HMAC digest check failed\n"); 1837 return (-1); 1838 } 1839 return (0); 1840 } 1841 1842 /* 1843 * Generate NOTIFICATION 1844 */ 1845 void 1846 sctp_notify_authentication(struct sctp_tcb *stcb, uint32_t indication, 1847 uint16_t keyid, uint16_t alt_keyid, int so_locked 1848 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 1849 SCTP_UNUSED 1850 #endif 1851 ) 1852 { 1853 struct mbuf *m_notify; 1854 struct sctp_authkey_event *auth; 1855 struct sctp_queued_to_read *control; 1856 1857 if ((stcb == NULL) || 1858 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || 1859 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) || 1860 (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) 1861 ) { 1862 /* If the socket is gone we are out of here */ 1863 return; 1864 } 1865 if (sctp_is_feature_off(stcb->sctp_ep, SCTP_PCB_FLAGS_AUTHEVNT)) 1866 /* event not enabled */ 1867 return; 1868 1869 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_authkey_event), 1870 0, M_DONTWAIT, 1, MT_HEADER); 1871 if (m_notify == NULL) 1872 /* no space left */ 1873 return; 1874 1875 SCTP_BUF_LEN(m_notify) = 0; 1876 auth = mtod(m_notify, struct sctp_authkey_event *); 1877 auth->auth_type = SCTP_AUTHENTICATION_EVENT; 1878 auth->auth_flags = 0; 1879 auth->auth_length = sizeof(*auth); 1880 auth->auth_keynumber = keyid; 1881 auth->auth_altkeynumber = alt_keyid; 1882 auth->auth_indication = indication; 1883 auth->auth_assoc_id = sctp_get_associd(stcb); 1884 1885 SCTP_BUF_LEN(m_notify) = sizeof(*auth); 1886 SCTP_BUF_NEXT(m_notify) = NULL; 1887 1888 /* append to socket */ 1889 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 1890 0, 0, 0, 0, 0, 0, m_notify); 1891 if (control == NULL) { 1892 /* no memory */ 1893 sctp_m_freem(m_notify); 1894 return; 1895 } 1896 control->spec_flags = M_NOTIFICATION; 1897 control->length = SCTP_BUF_LEN(m_notify); 1898 /* not that we need this */ 1899 control->tail_mbuf = m_notify; 1900 sctp_add_to_readq(stcb->sctp_ep, stcb, control, 1901 &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_NOT_HELD, so_locked); 1902 } 1903 1904 1905 /*- 1906 * validates the AUTHentication related parameters in an INIT/INIT-ACK 1907 * Note: currently only used for INIT as INIT-ACK is handled inline 1908 * with sctp_load_addresses_from_init() 1909 */ 1910 int 1911 sctp_validate_init_auth_params(struct mbuf *m, int offset, int limit) 1912 { 1913 struct sctp_paramhdr *phdr, parm_buf; 1914 uint16_t ptype, plen; 1915 int peer_supports_asconf = 0; 1916 int peer_supports_auth = 0; 1917 int got_random = 0, got_hmacs = 0, got_chklist = 0; 1918 uint8_t saw_asconf = 0; 1919 uint8_t saw_asconf_ack = 0; 1920 1921 /* go through each of the params. */ 1922 phdr = sctp_get_next_param(m, offset, &parm_buf, sizeof(parm_buf)); 1923 while (phdr) { 1924 ptype = ntohs(phdr->param_type); 1925 plen = ntohs(phdr->param_length); 1926 1927 if (offset + plen > limit) { 1928 break; 1929 } 1930 if (plen < sizeof(struct sctp_paramhdr)) { 1931 break; 1932 } 1933 if (ptype == SCTP_SUPPORTED_CHUNK_EXT) { 1934 /* A supported extension chunk */ 1935 struct sctp_supported_chunk_types_param *pr_supported; 1936 uint8_t local_store[SCTP_PARAM_BUFFER_SIZE]; 1937 int num_ent, i; 1938 1939 phdr = sctp_get_next_param(m, offset, 1940 (struct sctp_paramhdr *)&local_store, min(plen, sizeof(local_store))); 1941 if (phdr == NULL) { 1942 return (-1); 1943 } 1944 pr_supported = (struct sctp_supported_chunk_types_param *)phdr; 1945 num_ent = plen - sizeof(struct sctp_paramhdr); 1946 for (i = 0; i < num_ent; i++) { 1947 switch (pr_supported->chunk_types[i]) { 1948 case SCTP_ASCONF: 1949 case SCTP_ASCONF_ACK: 1950 peer_supports_asconf = 1; 1951 break; 1952 case SCTP_AUTHENTICATION: 1953 peer_supports_auth = 1; 1954 break; 1955 default: 1956 /* one we don't care about */ 1957 break; 1958 } 1959 } 1960 } else if (ptype == SCTP_RANDOM) { 1961 got_random = 1; 1962 /* enforce the random length */ 1963 if (plen != (sizeof(struct sctp_auth_random) + 1964 SCTP_AUTH_RANDOM_SIZE_REQUIRED)) { 1965 SCTPDBG(SCTP_DEBUG_AUTH1, 1966 "SCTP: invalid RANDOM len\n"); 1967 return (-1); 1968 } 1969 } else if (ptype == SCTP_HMAC_LIST) { 1970 uint8_t store[SCTP_PARAM_BUFFER_SIZE]; 1971 struct sctp_auth_hmac_algo *hmacs; 1972 int num_hmacs; 1973 1974 if (plen > sizeof(store)) 1975 break; 1976 phdr = sctp_get_next_param(m, offset, 1977 (struct sctp_paramhdr *)store, min(plen, sizeof(store))); 1978 if (phdr == NULL) 1979 return (-1); 1980 hmacs = (struct sctp_auth_hmac_algo *)phdr; 1981 num_hmacs = (plen - sizeof(*hmacs)) / 1982 sizeof(hmacs->hmac_ids[0]); 1983 /* validate the hmac list */ 1984 if (sctp_verify_hmac_param(hmacs, num_hmacs)) { 1985 SCTPDBG(SCTP_DEBUG_AUTH1, 1986 "SCTP: invalid HMAC param\n"); 1987 return (-1); 1988 } 1989 got_hmacs = 1; 1990 } else if (ptype == SCTP_CHUNK_LIST) { 1991 int i, num_chunks; 1992 uint8_t chunks_store[SCTP_SMALL_CHUNK_STORE]; 1993 1994 /* did the peer send a non-empty chunk list? */ 1995 struct sctp_auth_chunk_list *chunks = NULL; 1996 1997 phdr = sctp_get_next_param(m, offset, 1998 (struct sctp_paramhdr *)chunks_store, 1999 min(plen, sizeof(chunks_store))); 2000 if (phdr == NULL) 2001 return (-1); 2002 2003 /*- 2004 * Flip through the list and mark that the 2005 * peer supports asconf/asconf_ack. 2006 */ 2007 chunks = (struct sctp_auth_chunk_list *)phdr; 2008 num_chunks = plen - sizeof(*chunks); 2009 for (i = 0; i < num_chunks; i++) { 2010 /* record asconf/asconf-ack if listed */ 2011 if (chunks->chunk_types[i] == SCTP_ASCONF) 2012 saw_asconf = 1; 2013 if (chunks->chunk_types[i] == SCTP_ASCONF_ACK) 2014 saw_asconf_ack = 1; 2015 2016 } 2017 if (num_chunks) 2018 got_chklist = 1; 2019 } 2020 offset += SCTP_SIZE32(plen); 2021 if (offset >= limit) { 2022 break; 2023 } 2024 phdr = sctp_get_next_param(m, offset, &parm_buf, 2025 sizeof(parm_buf)); 2026 } 2027 /* validate authentication required parameters */ 2028 if (got_random && got_hmacs) { 2029 peer_supports_auth = 1; 2030 } else { 2031 peer_supports_auth = 0; 2032 } 2033 if (!peer_supports_auth && got_chklist) { 2034 SCTPDBG(SCTP_DEBUG_AUTH1, 2035 "SCTP: peer sent chunk list w/o AUTH\n"); 2036 return (-1); 2037 } 2038 if (!SCTP_BASE_SYSCTL(sctp_asconf_auth_nochk) && peer_supports_asconf && 2039 !peer_supports_auth) { 2040 SCTPDBG(SCTP_DEBUG_AUTH1, 2041 "SCTP: peer supports ASCONF but not AUTH\n"); 2042 return (-1); 2043 } else if ((peer_supports_asconf) && (peer_supports_auth) && 2044 ((saw_asconf == 0) || (saw_asconf_ack == 0))) { 2045 return (-2); 2046 } 2047 return (0); 2048 } 2049 2050 void 2051 sctp_initialize_auth_params(struct sctp_inpcb *inp, struct sctp_tcb *stcb) 2052 { 2053 uint16_t chunks_len = 0; 2054 uint16_t hmacs_len = 0; 2055 uint16_t random_len = SCTP_AUTH_RANDOM_SIZE_DEFAULT; 2056 sctp_key_t *new_key; 2057 uint16_t keylen; 2058 2059 /* initialize hmac list from endpoint */ 2060 stcb->asoc.local_hmacs = sctp_copy_hmaclist(inp->sctp_ep.local_hmacs); 2061 if (stcb->asoc.local_hmacs != NULL) { 2062 hmacs_len = stcb->asoc.local_hmacs->num_algo * 2063 sizeof(stcb->asoc.local_hmacs->hmac[0]); 2064 } 2065 /* initialize auth chunks list from endpoint */ 2066 stcb->asoc.local_auth_chunks = 2067 sctp_copy_chunklist(inp->sctp_ep.local_auth_chunks); 2068 if (stcb->asoc.local_auth_chunks != NULL) { 2069 int i; 2070 2071 for (i = 0; i < 256; i++) { 2072 if (stcb->asoc.local_auth_chunks->chunks[i]) 2073 chunks_len++; 2074 } 2075 } 2076 /* copy defaults from the endpoint */ 2077 stcb->asoc.authinfo.active_keyid = inp->sctp_ep.default_keyid; 2078 2079 /* copy out the shared key list (by reference) from the endpoint */ 2080 (void)sctp_copy_skeylist(&inp->sctp_ep.shared_keys, 2081 &stcb->asoc.shared_keys); 2082 2083 /* now set the concatenated key (random + chunks + hmacs) */ 2084 /* key includes parameter headers */ 2085 keylen = (3 * sizeof(struct sctp_paramhdr)) + random_len + chunks_len + 2086 hmacs_len; 2087 new_key = sctp_alloc_key(keylen); 2088 if (new_key != NULL) { 2089 struct sctp_paramhdr *ph; 2090 int plen; 2091 2092 /* generate and copy in the RANDOM */ 2093 ph = (struct sctp_paramhdr *)new_key->key; 2094 ph->param_type = htons(SCTP_RANDOM); 2095 plen = sizeof(*ph) + random_len; 2096 ph->param_length = htons(plen); 2097 SCTP_READ_RANDOM(new_key->key + sizeof(*ph), random_len); 2098 keylen = plen; 2099 2100 /* append in the AUTH chunks */ 2101 /* NOTE: currently we always have chunks to list */ 2102 ph = (struct sctp_paramhdr *)(new_key->key + keylen); 2103 ph->param_type = htons(SCTP_CHUNK_LIST); 2104 plen = sizeof(*ph) + chunks_len; 2105 ph->param_length = htons(plen); 2106 keylen += sizeof(*ph); 2107 if (stcb->asoc.local_auth_chunks) { 2108 int i; 2109 2110 for (i = 0; i < 256; i++) { 2111 if (stcb->asoc.local_auth_chunks->chunks[i]) 2112 new_key->key[keylen++] = i; 2113 } 2114 } 2115 /* append in the HMACs */ 2116 ph = (struct sctp_paramhdr *)(new_key->key + keylen); 2117 ph->param_type = htons(SCTP_HMAC_LIST); 2118 plen = sizeof(*ph) + hmacs_len; 2119 ph->param_length = htons(plen); 2120 keylen += sizeof(*ph); 2121 (void)sctp_serialize_hmaclist(stcb->asoc.local_hmacs, 2122 new_key->key + keylen); 2123 } 2124 if (stcb->asoc.authinfo.random != NULL) 2125 sctp_free_key(stcb->asoc.authinfo.random); 2126 stcb->asoc.authinfo.random = new_key; 2127 stcb->asoc.authinfo.random_len = random_len; 2128 } 2129