1 /*- 2 * Copyright (c) 2001-2008, by Cisco Systems, Inc. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions are met: 6 * 7 * a) Redistributions of source code must retain the above copyright notice, 8 * this list of conditions and the following disclaimer. 9 * 10 * b) Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in 12 * the documentation and/or other materials provided with the distribution. 13 * 14 * c) Neither the name of Cisco Systems, Inc. nor the names of its 15 * contributors may be used to endorse or promote products derived 16 * from this software without specific prior written permission. 17 * 18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, 20 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 22 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 23 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 24 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 25 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 26 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 27 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF 28 * THE POSSIBILITY OF SUCH DAMAGE. 29 */ 30 31 #include <sys/cdefs.h> 32 __FBSDID("$FreeBSD$"); 33 34 #include <netinet/sctp_os.h> 35 #include <netinet/sctp.h> 36 #include <netinet/sctp_header.h> 37 #include <netinet/sctp_pcb.h> 38 #include <netinet/sctp_var.h> 39 #include <netinet/sctp_sysctl.h> 40 #include <netinet/sctputil.h> 41 #include <netinet/sctp_indata.h> 42 #include <netinet/sctp_output.h> 43 #include <netinet/sctp_auth.h> 44 45 #ifdef SCTP_DEBUG 46 #define SCTP_AUTH_DEBUG (SCTP_BASE_SYSCTL(sctp_debug_on) & SCTP_DEBUG_AUTH1) 47 #define SCTP_AUTH_DEBUG2 (SCTP_BASE_SYSCTL(sctp_debug_on) & SCTP_DEBUG_AUTH2) 48 #endif /* SCTP_DEBUG */ 49 50 51 void 52 sctp_clear_chunklist(sctp_auth_chklist_t * chklist) 53 { 54 bzero(chklist, sizeof(*chklist)); 55 /* chklist->num_chunks = 0; */ 56 } 57 58 sctp_auth_chklist_t * 59 sctp_alloc_chunklist(void) 60 { 61 sctp_auth_chklist_t *chklist; 62 63 SCTP_MALLOC(chklist, sctp_auth_chklist_t *, sizeof(*chklist), 64 SCTP_M_AUTH_CL); 65 if (chklist == NULL) { 66 SCTPDBG(SCTP_DEBUG_AUTH1, "sctp_alloc_chunklist: failed to get memory!\n"); 67 } else { 68 sctp_clear_chunklist(chklist); 69 } 70 return (chklist); 71 } 72 73 void 74 sctp_free_chunklist(sctp_auth_chklist_t * list) 75 { 76 if (list != NULL) 77 SCTP_FREE(list, SCTP_M_AUTH_CL); 78 } 79 80 sctp_auth_chklist_t * 81 sctp_copy_chunklist(sctp_auth_chklist_t * list) 82 { 83 sctp_auth_chklist_t *new_list; 84 85 if (list == NULL) 86 return (NULL); 87 88 /* get a new list */ 89 new_list = sctp_alloc_chunklist(); 90 if (new_list == NULL) 91 return (NULL); 92 /* copy it */ 93 bcopy(list, new_list, sizeof(*new_list)); 94 95 return (new_list); 96 } 97 98 99 /* 100 * add a chunk to the required chunks list 101 */ 102 int 103 sctp_auth_add_chunk(uint8_t chunk, sctp_auth_chklist_t * list) 104 { 105 if (list == NULL) 106 return (-1); 107 108 /* is chunk restricted? */ 109 if ((chunk == SCTP_INITIATION) || 110 (chunk == SCTP_INITIATION_ACK) || 111 (chunk == SCTP_SHUTDOWN_COMPLETE) || 112 (chunk == SCTP_AUTHENTICATION)) { 113 return (-1); 114 } 115 if (list->chunks[chunk] == 0) { 116 list->chunks[chunk] = 1; 117 list->num_chunks++; 118 SCTPDBG(SCTP_DEBUG_AUTH1, 119 "SCTP: added chunk %u (0x%02x) to Auth list\n", 120 chunk, chunk); 121 } 122 return (0); 123 } 124 125 /* 126 * delete a chunk from the required chunks list 127 */ 128 int 129 sctp_auth_delete_chunk(uint8_t chunk, sctp_auth_chklist_t * list) 130 { 131 if (list == NULL) 132 return (-1); 133 134 /* is chunk restricted? */ 135 if ((chunk == SCTP_ASCONF) || 136 (chunk == SCTP_ASCONF_ACK)) { 137 return (-1); 138 } 139 if (list->chunks[chunk] == 1) { 140 list->chunks[chunk] = 0; 141 list->num_chunks--; 142 SCTPDBG(SCTP_DEBUG_AUTH1, 143 "SCTP: deleted chunk %u (0x%02x) from Auth list\n", 144 chunk, chunk); 145 } 146 return (0); 147 } 148 149 size_t 150 sctp_auth_get_chklist_size(const sctp_auth_chklist_t * list) 151 { 152 if (list == NULL) 153 return (0); 154 else 155 return (list->num_chunks); 156 } 157 158 /* 159 * set the default list of chunks requiring AUTH 160 */ 161 void 162 sctp_auth_set_default_chunks(sctp_auth_chklist_t * list) 163 { 164 (void)sctp_auth_add_chunk(SCTP_ASCONF, list); 165 (void)sctp_auth_add_chunk(SCTP_ASCONF_ACK, list); 166 } 167 168 /* 169 * return the current number and list of required chunks caller must 170 * guarantee ptr has space for up to 256 bytes 171 */ 172 int 173 sctp_serialize_auth_chunks(const sctp_auth_chklist_t * list, uint8_t * ptr) 174 { 175 int i, count = 0; 176 177 if (list == NULL) 178 return (0); 179 180 for (i = 0; i < 256; i++) { 181 if (list->chunks[i] != 0) { 182 *ptr++ = i; 183 count++; 184 } 185 } 186 return (count); 187 } 188 189 int 190 sctp_pack_auth_chunks(const sctp_auth_chklist_t * list, uint8_t * ptr) 191 { 192 int i, size = 0; 193 194 if (list == NULL) 195 return (0); 196 197 if (list->num_chunks <= 32) { 198 /* just list them, one byte each */ 199 for (i = 0; i < 256; i++) { 200 if (list->chunks[i] != 0) { 201 *ptr++ = i; 202 size++; 203 } 204 } 205 } else { 206 int index, offset; 207 208 /* pack into a 32 byte bitfield */ 209 for (i = 0; i < 256; i++) { 210 if (list->chunks[i] != 0) { 211 index = i / 8; 212 offset = i % 8; 213 ptr[index] |= (1 << offset); 214 } 215 } 216 size = 32; 217 } 218 return (size); 219 } 220 221 int 222 sctp_unpack_auth_chunks(const uint8_t * ptr, uint8_t num_chunks, 223 sctp_auth_chklist_t * list) 224 { 225 int i; 226 int size; 227 228 if (list == NULL) 229 return (0); 230 231 if (num_chunks <= 32) { 232 /* just pull them, one byte each */ 233 for (i = 0; i < num_chunks; i++) { 234 (void)sctp_auth_add_chunk(*ptr++, list); 235 } 236 size = num_chunks; 237 } else { 238 int index, offset; 239 240 /* unpack from a 32 byte bitfield */ 241 for (index = 0; index < 32; index++) { 242 for (offset = 0; offset < 8; offset++) { 243 if (ptr[index] & (1 << offset)) { 244 (void)sctp_auth_add_chunk((index * 8) + offset, list); 245 } 246 } 247 } 248 size = 32; 249 } 250 return (size); 251 } 252 253 254 /* 255 * allocate structure space for a key of length keylen 256 */ 257 sctp_key_t * 258 sctp_alloc_key(uint32_t keylen) 259 { 260 sctp_key_t *new_key; 261 262 SCTP_MALLOC(new_key, sctp_key_t *, sizeof(*new_key) + keylen, 263 SCTP_M_AUTH_KY); 264 if (new_key == NULL) { 265 /* out of memory */ 266 return (NULL); 267 } 268 new_key->keylen = keylen; 269 return (new_key); 270 } 271 272 void 273 sctp_free_key(sctp_key_t * key) 274 { 275 if (key != NULL) 276 SCTP_FREE(key, SCTP_M_AUTH_KY); 277 } 278 279 void 280 sctp_print_key(sctp_key_t * key, const char *str) 281 { 282 uint32_t i; 283 284 if (key == NULL) { 285 printf("%s: [Null key]\n", str); 286 return; 287 } 288 printf("%s: len %u, ", str, key->keylen); 289 if (key->keylen) { 290 for (i = 0; i < key->keylen; i++) 291 printf("%02x", key->key[i]); 292 printf("\n"); 293 } else { 294 printf("[Null key]\n"); 295 } 296 } 297 298 void 299 sctp_show_key(sctp_key_t * key, const char *str) 300 { 301 uint32_t i; 302 303 if (key == NULL) { 304 printf("%s: [Null key]\n", str); 305 return; 306 } 307 printf("%s: len %u, ", str, key->keylen); 308 if (key->keylen) { 309 for (i = 0; i < key->keylen; i++) 310 printf("%02x", key->key[i]); 311 printf("\n"); 312 } else { 313 printf("[Null key]\n"); 314 } 315 } 316 317 static uint32_t 318 sctp_get_keylen(sctp_key_t * key) 319 { 320 if (key != NULL) 321 return (key->keylen); 322 else 323 return (0); 324 } 325 326 /* 327 * generate a new random key of length 'keylen' 328 */ 329 sctp_key_t * 330 sctp_generate_random_key(uint32_t keylen) 331 { 332 sctp_key_t *new_key; 333 334 /* validate keylen */ 335 if (keylen > SCTP_AUTH_RANDOM_SIZE_MAX) 336 keylen = SCTP_AUTH_RANDOM_SIZE_MAX; 337 338 new_key = sctp_alloc_key(keylen); 339 if (new_key == NULL) { 340 /* out of memory */ 341 return (NULL); 342 } 343 SCTP_READ_RANDOM(new_key->key, keylen); 344 new_key->keylen = keylen; 345 return (new_key); 346 } 347 348 sctp_key_t * 349 sctp_set_key(uint8_t * key, uint32_t keylen) 350 { 351 sctp_key_t *new_key; 352 353 new_key = sctp_alloc_key(keylen); 354 if (new_key == NULL) { 355 /* out of memory */ 356 return (NULL); 357 } 358 bcopy(key, new_key->key, keylen); 359 return (new_key); 360 } 361 362 /*- 363 * given two keys of variable size, compute which key is "larger/smaller" 364 * returns: 1 if key1 > key2 365 * -1 if key1 < key2 366 * 0 if key1 = key2 367 */ 368 static int 369 sctp_compare_key(sctp_key_t * key1, sctp_key_t * key2) 370 { 371 uint32_t maxlen; 372 uint32_t i; 373 uint32_t key1len, key2len; 374 uint8_t *key_1, *key_2; 375 uint8_t temp[SCTP_AUTH_RANDOM_SIZE_MAX]; 376 377 /* sanity/length check */ 378 key1len = sctp_get_keylen(key1); 379 key2len = sctp_get_keylen(key2); 380 if ((key1len == 0) && (key2len == 0)) 381 return (0); 382 else if (key1len == 0) 383 return (-1); 384 else if (key2len == 0) 385 return (1); 386 387 if (key1len != key2len) { 388 if (key1len >= key2len) 389 maxlen = key1len; 390 else 391 maxlen = key2len; 392 bzero(temp, maxlen); 393 if (key1len < maxlen) { 394 /* prepend zeroes to key1 */ 395 bcopy(key1->key, temp + (maxlen - key1len), key1len); 396 key_1 = temp; 397 key_2 = key2->key; 398 } else { 399 /* prepend zeroes to key2 */ 400 bcopy(key2->key, temp + (maxlen - key2len), key2len); 401 key_1 = key1->key; 402 key_2 = temp; 403 } 404 } else { 405 maxlen = key1len; 406 key_1 = key1->key; 407 key_2 = key2->key; 408 } 409 410 for (i = 0; i < maxlen; i++) { 411 if (*key_1 > *key_2) 412 return (1); 413 else if (*key_1 < *key_2) 414 return (-1); 415 key_1++; 416 key_2++; 417 } 418 419 /* keys are equal value, so check lengths */ 420 if (key1len == key2len) 421 return (0); 422 else if (key1len < key2len) 423 return (-1); 424 else 425 return (1); 426 } 427 428 /* 429 * generate the concatenated keying material based on the two keys and the 430 * shared key (if available). draft-ietf-tsvwg-auth specifies the specific 431 * order for concatenation 432 */ 433 sctp_key_t * 434 sctp_compute_hashkey(sctp_key_t * key1, sctp_key_t * key2, sctp_key_t * shared) 435 { 436 uint32_t keylen; 437 sctp_key_t *new_key; 438 uint8_t *key_ptr; 439 440 keylen = sctp_get_keylen(key1) + sctp_get_keylen(key2) + 441 sctp_get_keylen(shared); 442 443 if (keylen > 0) { 444 /* get space for the new key */ 445 new_key = sctp_alloc_key(keylen); 446 if (new_key == NULL) { 447 /* out of memory */ 448 return (NULL); 449 } 450 new_key->keylen = keylen; 451 key_ptr = new_key->key; 452 } else { 453 /* all keys empty/null?! */ 454 return (NULL); 455 } 456 457 /* concatenate the keys */ 458 if (sctp_compare_key(key1, key2) <= 0) { 459 /* key is shared + key1 + key2 */ 460 if (sctp_get_keylen(shared)) { 461 bcopy(shared->key, key_ptr, shared->keylen); 462 key_ptr += shared->keylen; 463 } 464 if (sctp_get_keylen(key1)) { 465 bcopy(key1->key, key_ptr, key1->keylen); 466 key_ptr += key1->keylen; 467 } 468 if (sctp_get_keylen(key2)) { 469 bcopy(key2->key, key_ptr, key2->keylen); 470 key_ptr += key2->keylen; 471 } 472 } else { 473 /* key is shared + key2 + key1 */ 474 if (sctp_get_keylen(shared)) { 475 bcopy(shared->key, key_ptr, shared->keylen); 476 key_ptr += shared->keylen; 477 } 478 if (sctp_get_keylen(key2)) { 479 bcopy(key2->key, key_ptr, key2->keylen); 480 key_ptr += key2->keylen; 481 } 482 if (sctp_get_keylen(key1)) { 483 bcopy(key1->key, key_ptr, key1->keylen); 484 key_ptr += key1->keylen; 485 } 486 } 487 return (new_key); 488 } 489 490 491 sctp_sharedkey_t * 492 sctp_alloc_sharedkey(void) 493 { 494 sctp_sharedkey_t *new_key; 495 496 SCTP_MALLOC(new_key, sctp_sharedkey_t *, sizeof(*new_key), 497 SCTP_M_AUTH_KY); 498 if (new_key == NULL) { 499 /* out of memory */ 500 return (NULL); 501 } 502 new_key->keyid = 0; 503 new_key->key = NULL; 504 new_key->refcount = 1; 505 new_key->deactivated = 0; 506 return (new_key); 507 } 508 509 void 510 sctp_free_sharedkey(sctp_sharedkey_t * skey) 511 { 512 if (skey == NULL) 513 return; 514 515 if (SCTP_DECREMENT_AND_CHECK_REFCOUNT(&skey->refcount)) { 516 if (skey->key != NULL) 517 sctp_free_key(skey->key); 518 SCTP_FREE(skey, SCTP_M_AUTH_KY); 519 } 520 } 521 522 sctp_sharedkey_t * 523 sctp_find_sharedkey(struct sctp_keyhead *shared_keys, uint16_t key_id) 524 { 525 sctp_sharedkey_t *skey; 526 527 LIST_FOREACH(skey, shared_keys, next) { 528 if (skey->keyid == key_id) 529 return (skey); 530 } 531 return (NULL); 532 } 533 534 int 535 sctp_insert_sharedkey(struct sctp_keyhead *shared_keys, 536 sctp_sharedkey_t * new_skey) 537 { 538 sctp_sharedkey_t *skey; 539 540 if ((shared_keys == NULL) || (new_skey == NULL)) 541 return (EINVAL); 542 543 /* insert into an empty list? */ 544 if (LIST_EMPTY(shared_keys)) { 545 LIST_INSERT_HEAD(shared_keys, new_skey, next); 546 return (0); 547 } 548 /* insert into the existing list, ordered by key id */ 549 LIST_FOREACH(skey, shared_keys, next) { 550 if (new_skey->keyid < skey->keyid) { 551 /* insert it before here */ 552 LIST_INSERT_BEFORE(skey, new_skey, next); 553 return (0); 554 } else if (new_skey->keyid == skey->keyid) { 555 /* replace the existing key */ 556 /* verify this key *can* be replaced */ 557 if ((skey->deactivated) && (skey->refcount > 1)) { 558 SCTPDBG(SCTP_DEBUG_AUTH1, 559 "can't replace shared key id %u\n", 560 new_skey->keyid); 561 return (EBUSY); 562 } 563 SCTPDBG(SCTP_DEBUG_AUTH1, 564 "replacing shared key id %u\n", 565 new_skey->keyid); 566 LIST_INSERT_BEFORE(skey, new_skey, next); 567 LIST_REMOVE(skey, next); 568 sctp_free_sharedkey(skey); 569 return (0); 570 } 571 if (LIST_NEXT(skey, next) == NULL) { 572 /* belongs at the end of the list */ 573 LIST_INSERT_AFTER(skey, new_skey, next); 574 return (0); 575 } 576 } 577 /* shouldn't reach here */ 578 return (0); 579 } 580 581 void 582 sctp_auth_key_acquire(struct sctp_tcb *stcb, uint16_t key_id) 583 { 584 sctp_sharedkey_t *skey; 585 586 /* find the shared key */ 587 skey = sctp_find_sharedkey(&stcb->asoc.shared_keys, key_id); 588 589 /* bump the ref count */ 590 if (skey) { 591 atomic_add_int(&skey->refcount, 1); 592 SCTPDBG(SCTP_DEBUG_AUTH2, 593 "%s: stcb %p key %u refcount acquire to %d\n", 594 __FUNCTION__, stcb, key_id, skey->refcount); 595 } 596 } 597 598 void 599 sctp_auth_key_release(struct sctp_tcb *stcb, uint16_t key_id) 600 { 601 sctp_sharedkey_t *skey; 602 603 /* find the shared key */ 604 skey = sctp_find_sharedkey(&stcb->asoc.shared_keys, key_id); 605 606 /* decrement the ref count */ 607 if (skey) { 608 sctp_free_sharedkey(skey); 609 SCTPDBG(SCTP_DEBUG_AUTH2, 610 "%s: stcb %p key %u refcount release to %d\n", 611 __FUNCTION__, stcb, key_id, skey->refcount); 612 613 /* see if a notification should be generated */ 614 if ((skey->refcount <= 1) && (skey->deactivated)) { 615 /* notify ULP that key is no longer used */ 616 sctp_ulp_notify(SCTP_NOTIFY_AUTH_FREE_KEY, stcb, 617 key_id, 0, SCTP_SO_NOT_LOCKED); 618 SCTPDBG(SCTP_DEBUG_AUTH2, 619 "%s: stcb %p key %u no longer used, %d\n", 620 __FUNCTION__, stcb, key_id, skey->refcount); 621 } 622 } 623 } 624 625 static sctp_sharedkey_t * 626 sctp_copy_sharedkey(const sctp_sharedkey_t * skey) 627 { 628 sctp_sharedkey_t *new_skey; 629 630 if (skey == NULL) 631 return (NULL); 632 new_skey = sctp_alloc_sharedkey(); 633 if (new_skey == NULL) 634 return (NULL); 635 if (skey->key != NULL) 636 new_skey->key = sctp_set_key(skey->key->key, skey->key->keylen); 637 else 638 new_skey->key = NULL; 639 new_skey->keyid = skey->keyid; 640 return (new_skey); 641 } 642 643 int 644 sctp_copy_skeylist(const struct sctp_keyhead *src, struct sctp_keyhead *dest) 645 { 646 sctp_sharedkey_t *skey, *new_skey; 647 int count = 0; 648 649 if ((src == NULL) || (dest == NULL)) 650 return (0); 651 LIST_FOREACH(skey, src, next) { 652 new_skey = sctp_copy_sharedkey(skey); 653 if (new_skey != NULL) { 654 (void)sctp_insert_sharedkey(dest, new_skey); 655 count++; 656 } 657 } 658 return (count); 659 } 660 661 662 sctp_hmaclist_t * 663 sctp_alloc_hmaclist(uint8_t num_hmacs) 664 { 665 sctp_hmaclist_t *new_list; 666 int alloc_size; 667 668 alloc_size = sizeof(*new_list) + num_hmacs * sizeof(new_list->hmac[0]); 669 SCTP_MALLOC(new_list, sctp_hmaclist_t *, alloc_size, 670 SCTP_M_AUTH_HL); 671 if (new_list == NULL) { 672 /* out of memory */ 673 return (NULL); 674 } 675 new_list->max_algo = num_hmacs; 676 new_list->num_algo = 0; 677 return (new_list); 678 } 679 680 void 681 sctp_free_hmaclist(sctp_hmaclist_t * list) 682 { 683 if (list != NULL) { 684 SCTP_FREE(list, SCTP_M_AUTH_HL); 685 list = NULL; 686 } 687 } 688 689 int 690 sctp_auth_add_hmacid(sctp_hmaclist_t * list, uint16_t hmac_id) 691 { 692 int i; 693 694 if (list == NULL) 695 return (-1); 696 if (list->num_algo == list->max_algo) { 697 SCTPDBG(SCTP_DEBUG_AUTH1, 698 "SCTP: HMAC id list full, ignoring add %u\n", hmac_id); 699 return (-1); 700 } 701 if ((hmac_id != SCTP_AUTH_HMAC_ID_SHA1) && 702 #ifdef HAVE_SHA224 703 (hmac_id != SCTP_AUTH_HMAC_ID_SHA224) && 704 #endif 705 #ifdef HAVE_SHA2 706 (hmac_id != SCTP_AUTH_HMAC_ID_SHA256) && 707 (hmac_id != SCTP_AUTH_HMAC_ID_SHA384) && 708 (hmac_id != SCTP_AUTH_HMAC_ID_SHA512) && 709 #endif 710 1) { 711 return (-1); 712 } 713 /* Now is it already in the list */ 714 for (i = 0; i < list->num_algo; i++) { 715 if (list->hmac[i] == hmac_id) { 716 /* already in list */ 717 return (-1); 718 } 719 } 720 SCTPDBG(SCTP_DEBUG_AUTH1, "SCTP: add HMAC id %u to list\n", hmac_id); 721 list->hmac[list->num_algo++] = hmac_id; 722 return (0); 723 } 724 725 sctp_hmaclist_t * 726 sctp_copy_hmaclist(sctp_hmaclist_t * list) 727 { 728 sctp_hmaclist_t *new_list; 729 int i; 730 731 if (list == NULL) 732 return (NULL); 733 /* get a new list */ 734 new_list = sctp_alloc_hmaclist(list->max_algo); 735 if (new_list == NULL) 736 return (NULL); 737 /* copy it */ 738 new_list->max_algo = list->max_algo; 739 new_list->num_algo = list->num_algo; 740 for (i = 0; i < list->num_algo; i++) 741 new_list->hmac[i] = list->hmac[i]; 742 return (new_list); 743 } 744 745 sctp_hmaclist_t * 746 sctp_default_supported_hmaclist(void) 747 { 748 sctp_hmaclist_t *new_list; 749 750 new_list = sctp_alloc_hmaclist(2); 751 if (new_list == NULL) 752 return (NULL); 753 (void)sctp_auth_add_hmacid(new_list, SCTP_AUTH_HMAC_ID_SHA1); 754 (void)sctp_auth_add_hmacid(new_list, SCTP_AUTH_HMAC_ID_SHA256); 755 return (new_list); 756 } 757 758 /*- 759 * HMAC algos are listed in priority/preference order 760 * find the best HMAC id to use for the peer based on local support 761 */ 762 uint16_t 763 sctp_negotiate_hmacid(sctp_hmaclist_t * peer, sctp_hmaclist_t * local) 764 { 765 int i, j; 766 767 if ((local == NULL) || (peer == NULL)) 768 return (SCTP_AUTH_HMAC_ID_RSVD); 769 770 for (i = 0; i < peer->num_algo; i++) { 771 for (j = 0; j < local->num_algo; j++) { 772 if (peer->hmac[i] == local->hmac[j]) { 773 /* found the "best" one */ 774 SCTPDBG(SCTP_DEBUG_AUTH1, 775 "SCTP: negotiated peer HMAC id %u\n", 776 peer->hmac[i]); 777 return (peer->hmac[i]); 778 } 779 } 780 } 781 /* didn't find one! */ 782 return (SCTP_AUTH_HMAC_ID_RSVD); 783 } 784 785 /*- 786 * serialize the HMAC algo list and return space used 787 * caller must guarantee ptr has appropriate space 788 */ 789 int 790 sctp_serialize_hmaclist(sctp_hmaclist_t * list, uint8_t * ptr) 791 { 792 int i; 793 uint16_t hmac_id; 794 795 if (list == NULL) 796 return (0); 797 798 for (i = 0; i < list->num_algo; i++) { 799 hmac_id = htons(list->hmac[i]); 800 bcopy(&hmac_id, ptr, sizeof(hmac_id)); 801 ptr += sizeof(hmac_id); 802 } 803 return (list->num_algo * sizeof(hmac_id)); 804 } 805 806 int 807 sctp_verify_hmac_param(struct sctp_auth_hmac_algo *hmacs, uint32_t num_hmacs) 808 { 809 uint32_t i; 810 uint16_t hmac_id; 811 uint32_t sha1_supported = 0; 812 813 for (i = 0; i < num_hmacs; i++) { 814 hmac_id = ntohs(hmacs->hmac_ids[i]); 815 if (hmac_id == SCTP_AUTH_HMAC_ID_SHA1) 816 sha1_supported = 1; 817 } 818 /* all HMAC id's are supported */ 819 if (sha1_supported == 0) 820 return (-1); 821 else 822 return (0); 823 } 824 825 sctp_authinfo_t * 826 sctp_alloc_authinfo(void) 827 { 828 sctp_authinfo_t *new_authinfo; 829 830 SCTP_MALLOC(new_authinfo, sctp_authinfo_t *, sizeof(*new_authinfo), 831 SCTP_M_AUTH_IF); 832 833 if (new_authinfo == NULL) { 834 /* out of memory */ 835 return (NULL); 836 } 837 bzero(new_authinfo, sizeof(*new_authinfo)); 838 return (new_authinfo); 839 } 840 841 void 842 sctp_free_authinfo(sctp_authinfo_t * authinfo) 843 { 844 if (authinfo == NULL) 845 return; 846 847 if (authinfo->random != NULL) 848 sctp_free_key(authinfo->random); 849 if (authinfo->peer_random != NULL) 850 sctp_free_key(authinfo->peer_random); 851 if (authinfo->assoc_key != NULL) 852 sctp_free_key(authinfo->assoc_key); 853 if (authinfo->recv_key != NULL) 854 sctp_free_key(authinfo->recv_key); 855 856 /* We are NOT dynamically allocating authinfo's right now... */ 857 /* SCTP_FREE(authinfo, SCTP_M_AUTH_??); */ 858 } 859 860 861 uint32_t 862 sctp_get_auth_chunk_len(uint16_t hmac_algo) 863 { 864 int size; 865 866 size = sizeof(struct sctp_auth_chunk) + sctp_get_hmac_digest_len(hmac_algo); 867 return (SCTP_SIZE32(size)); 868 } 869 870 uint32_t 871 sctp_get_hmac_digest_len(uint16_t hmac_algo) 872 { 873 switch (hmac_algo) { 874 case SCTP_AUTH_HMAC_ID_SHA1: 875 return (SCTP_AUTH_DIGEST_LEN_SHA1); 876 #ifdef HAVE_SHA224 877 case SCTP_AUTH_HMAC_ID_SHA224: 878 return (SCTP_AUTH_DIGEST_LEN_SHA224); 879 #endif 880 #ifdef HAVE_SHA2 881 case SCTP_AUTH_HMAC_ID_SHA256: 882 return (SCTP_AUTH_DIGEST_LEN_SHA256); 883 case SCTP_AUTH_HMAC_ID_SHA384: 884 return (SCTP_AUTH_DIGEST_LEN_SHA384); 885 case SCTP_AUTH_HMAC_ID_SHA512: 886 return (SCTP_AUTH_DIGEST_LEN_SHA512); 887 #endif 888 default: 889 /* unknown HMAC algorithm: can't do anything */ 890 return (0); 891 } /* end switch */ 892 } 893 894 static inline int 895 sctp_get_hmac_block_len(uint16_t hmac_algo) 896 { 897 switch (hmac_algo) { 898 case SCTP_AUTH_HMAC_ID_SHA1: 899 #ifdef HAVE_SHA224 900 case SCTP_AUTH_HMAC_ID_SHA224: 901 #endif 902 return (64); 903 #ifdef HAVE_SHA2 904 case SCTP_AUTH_HMAC_ID_SHA256: 905 return (64); 906 case SCTP_AUTH_HMAC_ID_SHA384: 907 case SCTP_AUTH_HMAC_ID_SHA512: 908 return (128); 909 #endif 910 case SCTP_AUTH_HMAC_ID_RSVD: 911 default: 912 /* unknown HMAC algorithm: can't do anything */ 913 return (0); 914 } /* end switch */ 915 } 916 917 static void 918 sctp_hmac_init(uint16_t hmac_algo, sctp_hash_context_t * ctx) 919 { 920 switch (hmac_algo) { 921 case SCTP_AUTH_HMAC_ID_SHA1: 922 SHA1_Init(&ctx->sha1); 923 break; 924 #ifdef HAVE_SHA224 925 case SCTP_AUTH_HMAC_ID_SHA224: 926 break; 927 #endif 928 #ifdef HAVE_SHA2 929 case SCTP_AUTH_HMAC_ID_SHA256: 930 SHA256_Init(&ctx->sha256); 931 break; 932 case SCTP_AUTH_HMAC_ID_SHA384: 933 SHA384_Init(&ctx->sha384); 934 break; 935 case SCTP_AUTH_HMAC_ID_SHA512: 936 SHA512_Init(&ctx->sha512); 937 break; 938 #endif 939 case SCTP_AUTH_HMAC_ID_RSVD: 940 default: 941 /* unknown HMAC algorithm: can't do anything */ 942 return; 943 } /* end switch */ 944 } 945 946 static void 947 sctp_hmac_update(uint16_t hmac_algo, sctp_hash_context_t * ctx, 948 uint8_t * text, uint32_t textlen) 949 { 950 switch (hmac_algo) { 951 case SCTP_AUTH_HMAC_ID_SHA1: 952 SHA1_Update(&ctx->sha1, text, textlen); 953 break; 954 #ifdef HAVE_SHA224 955 case SCTP_AUTH_HMAC_ID_SHA224: 956 break; 957 #endif 958 #ifdef HAVE_SHA2 959 case SCTP_AUTH_HMAC_ID_SHA256: 960 SHA256_Update(&ctx->sha256, text, textlen); 961 break; 962 case SCTP_AUTH_HMAC_ID_SHA384: 963 SHA384_Update(&ctx->sha384, text, textlen); 964 break; 965 case SCTP_AUTH_HMAC_ID_SHA512: 966 SHA512_Update(&ctx->sha512, text, textlen); 967 break; 968 #endif 969 case SCTP_AUTH_HMAC_ID_RSVD: 970 default: 971 /* unknown HMAC algorithm: can't do anything */ 972 return; 973 } /* end switch */ 974 } 975 976 static void 977 sctp_hmac_final(uint16_t hmac_algo, sctp_hash_context_t * ctx, 978 uint8_t * digest) 979 { 980 switch (hmac_algo) { 981 case SCTP_AUTH_HMAC_ID_SHA1: 982 SHA1_Final(digest, &ctx->sha1); 983 break; 984 #ifdef HAVE_SHA224 985 case SCTP_AUTH_HMAC_ID_SHA224: 986 break; 987 #endif 988 #ifdef HAVE_SHA2 989 case SCTP_AUTH_HMAC_ID_SHA256: 990 SHA256_Final(digest, &ctx->sha256); 991 break; 992 case SCTP_AUTH_HMAC_ID_SHA384: 993 /* SHA384 is truncated SHA512 */ 994 SHA384_Final(digest, &ctx->sha384); 995 break; 996 case SCTP_AUTH_HMAC_ID_SHA512: 997 SHA512_Final(digest, &ctx->sha512); 998 break; 999 #endif 1000 case SCTP_AUTH_HMAC_ID_RSVD: 1001 default: 1002 /* unknown HMAC algorithm: can't do anything */ 1003 return; 1004 } /* end switch */ 1005 } 1006 1007 /*- 1008 * Keyed-Hashing for Message Authentication: FIPS 198 (RFC 2104) 1009 * 1010 * Compute the HMAC digest using the desired hash key, text, and HMAC 1011 * algorithm. Resulting digest is placed in 'digest' and digest length 1012 * is returned, if the HMAC was performed. 1013 * 1014 * WARNING: it is up to the caller to supply sufficient space to hold the 1015 * resultant digest. 1016 */ 1017 uint32_t 1018 sctp_hmac(uint16_t hmac_algo, uint8_t * key, uint32_t keylen, 1019 uint8_t * text, uint32_t textlen, uint8_t * digest) 1020 { 1021 uint32_t digestlen; 1022 uint32_t blocklen; 1023 sctp_hash_context_t ctx; 1024 uint8_t ipad[128], opad[128]; /* keyed hash inner/outer pads */ 1025 uint8_t temp[SCTP_AUTH_DIGEST_LEN_MAX]; 1026 uint32_t i; 1027 1028 /* sanity check the material and length */ 1029 if ((key == NULL) || (keylen == 0) || (text == NULL) || 1030 (textlen == 0) || (digest == NULL)) { 1031 /* can't do HMAC with empty key or text or digest store */ 1032 return (0); 1033 } 1034 /* validate the hmac algo and get the digest length */ 1035 digestlen = sctp_get_hmac_digest_len(hmac_algo); 1036 if (digestlen == 0) 1037 return (0); 1038 1039 /* hash the key if it is longer than the hash block size */ 1040 blocklen = sctp_get_hmac_block_len(hmac_algo); 1041 if (keylen > blocklen) { 1042 sctp_hmac_init(hmac_algo, &ctx); 1043 sctp_hmac_update(hmac_algo, &ctx, key, keylen); 1044 sctp_hmac_final(hmac_algo, &ctx, temp); 1045 /* set the hashed key as the key */ 1046 keylen = digestlen; 1047 key = temp; 1048 } 1049 /* initialize the inner/outer pads with the key and "append" zeroes */ 1050 bzero(ipad, blocklen); 1051 bzero(opad, blocklen); 1052 bcopy(key, ipad, keylen); 1053 bcopy(key, opad, keylen); 1054 1055 /* XOR the key with ipad and opad values */ 1056 for (i = 0; i < blocklen; i++) { 1057 ipad[i] ^= 0x36; 1058 opad[i] ^= 0x5c; 1059 } 1060 1061 /* perform inner hash */ 1062 sctp_hmac_init(hmac_algo, &ctx); 1063 sctp_hmac_update(hmac_algo, &ctx, ipad, blocklen); 1064 sctp_hmac_update(hmac_algo, &ctx, text, textlen); 1065 sctp_hmac_final(hmac_algo, &ctx, temp); 1066 1067 /* perform outer hash */ 1068 sctp_hmac_init(hmac_algo, &ctx); 1069 sctp_hmac_update(hmac_algo, &ctx, opad, blocklen); 1070 sctp_hmac_update(hmac_algo, &ctx, temp, digestlen); 1071 sctp_hmac_final(hmac_algo, &ctx, digest); 1072 1073 return (digestlen); 1074 } 1075 1076 /* mbuf version */ 1077 uint32_t 1078 sctp_hmac_m(uint16_t hmac_algo, uint8_t * key, uint32_t keylen, 1079 struct mbuf *m, uint32_t m_offset, uint8_t * digest, uint32_t trailer) 1080 { 1081 uint32_t digestlen; 1082 uint32_t blocklen; 1083 sctp_hash_context_t ctx; 1084 uint8_t ipad[128], opad[128]; /* keyed hash inner/outer pads */ 1085 uint8_t temp[SCTP_AUTH_DIGEST_LEN_MAX]; 1086 uint32_t i; 1087 struct mbuf *m_tmp; 1088 1089 /* sanity check the material and length */ 1090 if ((key == NULL) || (keylen == 0) || (m == NULL) || (digest == NULL)) { 1091 /* can't do HMAC with empty key or text or digest store */ 1092 return (0); 1093 } 1094 /* validate the hmac algo and get the digest length */ 1095 digestlen = sctp_get_hmac_digest_len(hmac_algo); 1096 if (digestlen == 0) 1097 return (0); 1098 1099 /* hash the key if it is longer than the hash block size */ 1100 blocklen = sctp_get_hmac_block_len(hmac_algo); 1101 if (keylen > blocklen) { 1102 sctp_hmac_init(hmac_algo, &ctx); 1103 sctp_hmac_update(hmac_algo, &ctx, key, keylen); 1104 sctp_hmac_final(hmac_algo, &ctx, temp); 1105 /* set the hashed key as the key */ 1106 keylen = digestlen; 1107 key = temp; 1108 } 1109 /* initialize the inner/outer pads with the key and "append" zeroes */ 1110 bzero(ipad, blocklen); 1111 bzero(opad, blocklen); 1112 bcopy(key, ipad, keylen); 1113 bcopy(key, opad, keylen); 1114 1115 /* XOR the key with ipad and opad values */ 1116 for (i = 0; i < blocklen; i++) { 1117 ipad[i] ^= 0x36; 1118 opad[i] ^= 0x5c; 1119 } 1120 1121 /* perform inner hash */ 1122 sctp_hmac_init(hmac_algo, &ctx); 1123 sctp_hmac_update(hmac_algo, &ctx, ipad, blocklen); 1124 /* find the correct starting mbuf and offset (get start of text) */ 1125 m_tmp = m; 1126 while ((m_tmp != NULL) && (m_offset >= (uint32_t) SCTP_BUF_LEN(m_tmp))) { 1127 m_offset -= SCTP_BUF_LEN(m_tmp); 1128 m_tmp = SCTP_BUF_NEXT(m_tmp); 1129 } 1130 /* now use the rest of the mbuf chain for the text */ 1131 while (m_tmp != NULL) { 1132 if ((SCTP_BUF_NEXT(m_tmp) == NULL) && trailer) { 1133 sctp_hmac_update(hmac_algo, &ctx, mtod(m_tmp, uint8_t *) + m_offset, 1134 SCTP_BUF_LEN(m_tmp) - (trailer + m_offset)); 1135 } else { 1136 sctp_hmac_update(hmac_algo, &ctx, mtod(m_tmp, uint8_t *) + m_offset, 1137 SCTP_BUF_LEN(m_tmp) - m_offset); 1138 } 1139 1140 /* clear the offset since it's only for the first mbuf */ 1141 m_offset = 0; 1142 m_tmp = SCTP_BUF_NEXT(m_tmp); 1143 } 1144 sctp_hmac_final(hmac_algo, &ctx, temp); 1145 1146 /* perform outer hash */ 1147 sctp_hmac_init(hmac_algo, &ctx); 1148 sctp_hmac_update(hmac_algo, &ctx, opad, blocklen); 1149 sctp_hmac_update(hmac_algo, &ctx, temp, digestlen); 1150 sctp_hmac_final(hmac_algo, &ctx, digest); 1151 1152 return (digestlen); 1153 } 1154 1155 /*- 1156 * verify the HMAC digest using the desired hash key, text, and HMAC 1157 * algorithm. 1158 * Returns -1 on error, 0 on success. 1159 */ 1160 int 1161 sctp_verify_hmac(uint16_t hmac_algo, uint8_t * key, uint32_t keylen, 1162 uint8_t * text, uint32_t textlen, 1163 uint8_t * digest, uint32_t digestlen) 1164 { 1165 uint32_t len; 1166 uint8_t temp[SCTP_AUTH_DIGEST_LEN_MAX]; 1167 1168 /* sanity check the material and length */ 1169 if ((key == NULL) || (keylen == 0) || 1170 (text == NULL) || (textlen == 0) || (digest == NULL)) { 1171 /* can't do HMAC with empty key or text or digest */ 1172 return (-1); 1173 } 1174 len = sctp_get_hmac_digest_len(hmac_algo); 1175 if ((len == 0) || (digestlen != len)) 1176 return (-1); 1177 1178 /* compute the expected hash */ 1179 if (sctp_hmac(hmac_algo, key, keylen, text, textlen, temp) != len) 1180 return (-1); 1181 1182 if (memcmp(digest, temp, digestlen) != 0) 1183 return (-1); 1184 else 1185 return (0); 1186 } 1187 1188 1189 /* 1190 * computes the requested HMAC using a key struct (which may be modified if 1191 * the keylen exceeds the HMAC block len). 1192 */ 1193 uint32_t 1194 sctp_compute_hmac(uint16_t hmac_algo, sctp_key_t * key, uint8_t * text, 1195 uint32_t textlen, uint8_t * digest) 1196 { 1197 uint32_t digestlen; 1198 uint32_t blocklen; 1199 sctp_hash_context_t ctx; 1200 uint8_t temp[SCTP_AUTH_DIGEST_LEN_MAX]; 1201 1202 /* sanity check */ 1203 if ((key == NULL) || (text == NULL) || (textlen == 0) || 1204 (digest == NULL)) { 1205 /* can't do HMAC with empty key or text or digest store */ 1206 return (0); 1207 } 1208 /* validate the hmac algo and get the digest length */ 1209 digestlen = sctp_get_hmac_digest_len(hmac_algo); 1210 if (digestlen == 0) 1211 return (0); 1212 1213 /* hash the key if it is longer than the hash block size */ 1214 blocklen = sctp_get_hmac_block_len(hmac_algo); 1215 if (key->keylen > blocklen) { 1216 sctp_hmac_init(hmac_algo, &ctx); 1217 sctp_hmac_update(hmac_algo, &ctx, key->key, key->keylen); 1218 sctp_hmac_final(hmac_algo, &ctx, temp); 1219 /* save the hashed key as the new key */ 1220 key->keylen = digestlen; 1221 bcopy(temp, key->key, key->keylen); 1222 } 1223 return (sctp_hmac(hmac_algo, key->key, key->keylen, text, textlen, 1224 digest)); 1225 } 1226 1227 /* mbuf version */ 1228 uint32_t 1229 sctp_compute_hmac_m(uint16_t hmac_algo, sctp_key_t * key, struct mbuf *m, 1230 uint32_t m_offset, uint8_t * digest) 1231 { 1232 uint32_t digestlen; 1233 uint32_t blocklen; 1234 sctp_hash_context_t ctx; 1235 uint8_t temp[SCTP_AUTH_DIGEST_LEN_MAX]; 1236 1237 /* sanity check */ 1238 if ((key == NULL) || (m == NULL) || (digest == NULL)) { 1239 /* can't do HMAC with empty key or text or digest store */ 1240 return (0); 1241 } 1242 /* validate the hmac algo and get the digest length */ 1243 digestlen = sctp_get_hmac_digest_len(hmac_algo); 1244 if (digestlen == 0) 1245 return (0); 1246 1247 /* hash the key if it is longer than the hash block size */ 1248 blocklen = sctp_get_hmac_block_len(hmac_algo); 1249 if (key->keylen > blocklen) { 1250 sctp_hmac_init(hmac_algo, &ctx); 1251 sctp_hmac_update(hmac_algo, &ctx, key->key, key->keylen); 1252 sctp_hmac_final(hmac_algo, &ctx, temp); 1253 /* save the hashed key as the new key */ 1254 key->keylen = digestlen; 1255 bcopy(temp, key->key, key->keylen); 1256 } 1257 return (sctp_hmac_m(hmac_algo, key->key, key->keylen, m, m_offset, digest, 0)); 1258 } 1259 1260 int 1261 sctp_auth_is_supported_hmac(sctp_hmaclist_t * list, uint16_t id) 1262 { 1263 int i; 1264 1265 if ((list == NULL) || (id == SCTP_AUTH_HMAC_ID_RSVD)) 1266 return (0); 1267 1268 for (i = 0; i < list->num_algo; i++) 1269 if (list->hmac[i] == id) 1270 return (1); 1271 1272 /* not in the list */ 1273 return (0); 1274 } 1275 1276 1277 /*- 1278 * clear any cached key(s) if they match the given key id on an association. 1279 * the cached key(s) will be recomputed and re-cached at next use. 1280 * ASSUMES TCB_LOCK is already held 1281 */ 1282 void 1283 sctp_clear_cachedkeys(struct sctp_tcb *stcb, uint16_t keyid) 1284 { 1285 if (stcb == NULL) 1286 return; 1287 1288 if (keyid == stcb->asoc.authinfo.assoc_keyid) { 1289 sctp_free_key(stcb->asoc.authinfo.assoc_key); 1290 stcb->asoc.authinfo.assoc_key = NULL; 1291 } 1292 if (keyid == stcb->asoc.authinfo.recv_keyid) { 1293 sctp_free_key(stcb->asoc.authinfo.recv_key); 1294 stcb->asoc.authinfo.recv_key = NULL; 1295 } 1296 } 1297 1298 /*- 1299 * clear any cached key(s) if they match the given key id for all assocs on 1300 * an endpoint. 1301 * ASSUMES INP_WLOCK is already held 1302 */ 1303 void 1304 sctp_clear_cachedkeys_ep(struct sctp_inpcb *inp, uint16_t keyid) 1305 { 1306 struct sctp_tcb *stcb; 1307 1308 if (inp == NULL) 1309 return; 1310 1311 /* clear the cached keys on all assocs on this instance */ 1312 LIST_FOREACH(stcb, &inp->sctp_asoc_list, sctp_tcblist) { 1313 SCTP_TCB_LOCK(stcb); 1314 sctp_clear_cachedkeys(stcb, keyid); 1315 SCTP_TCB_UNLOCK(stcb); 1316 } 1317 } 1318 1319 /*- 1320 * delete a shared key from an association 1321 * ASSUMES TCB_LOCK is already held 1322 */ 1323 int 1324 sctp_delete_sharedkey(struct sctp_tcb *stcb, uint16_t keyid) 1325 { 1326 sctp_sharedkey_t *skey; 1327 1328 if (stcb == NULL) 1329 return (-1); 1330 1331 /* is the keyid the assoc active sending key */ 1332 if (keyid == stcb->asoc.authinfo.active_keyid) 1333 return (-1); 1334 1335 /* does the key exist? */ 1336 skey = sctp_find_sharedkey(&stcb->asoc.shared_keys, keyid); 1337 if (skey == NULL) 1338 return (-1); 1339 1340 /* are there other refcount holders on the key? */ 1341 if (skey->refcount > 1) 1342 return (-1); 1343 1344 /* remove it */ 1345 LIST_REMOVE(skey, next); 1346 sctp_free_sharedkey(skey); /* frees skey->key as well */ 1347 1348 /* clear any cached keys */ 1349 sctp_clear_cachedkeys(stcb, keyid); 1350 return (0); 1351 } 1352 1353 /*- 1354 * deletes a shared key from the endpoint 1355 * ASSUMES INP_WLOCK is already held 1356 */ 1357 int 1358 sctp_delete_sharedkey_ep(struct sctp_inpcb *inp, uint16_t keyid) 1359 { 1360 sctp_sharedkey_t *skey; 1361 1362 if (inp == NULL) 1363 return (-1); 1364 1365 /* is the keyid the active sending key on the endpoint */ 1366 if (keyid == inp->sctp_ep.default_keyid) 1367 return (-1); 1368 1369 /* does the key exist? */ 1370 skey = sctp_find_sharedkey(&inp->sctp_ep.shared_keys, keyid); 1371 if (skey == NULL) 1372 return (-1); 1373 1374 /* endpoint keys are not refcounted */ 1375 1376 /* remove it */ 1377 LIST_REMOVE(skey, next); 1378 sctp_free_sharedkey(skey); /* frees skey->key as well */ 1379 1380 /* clear any cached keys */ 1381 sctp_clear_cachedkeys_ep(inp, keyid); 1382 return (0); 1383 } 1384 1385 /*- 1386 * set the active key on an association 1387 * ASSUMES TCB_LOCK is already held 1388 */ 1389 int 1390 sctp_auth_setactivekey(struct sctp_tcb *stcb, uint16_t keyid) 1391 { 1392 sctp_sharedkey_t *skey = NULL; 1393 1394 /* find the key on the assoc */ 1395 skey = sctp_find_sharedkey(&stcb->asoc.shared_keys, keyid); 1396 if (skey == NULL) { 1397 /* that key doesn't exist */ 1398 return (-1); 1399 } 1400 if ((skey->deactivated) && (skey->refcount > 1)) { 1401 /* can't reactivate a deactivated key with other refcounts */ 1402 return (-1); 1403 } 1404 /* set the (new) active key */ 1405 stcb->asoc.authinfo.active_keyid = keyid; 1406 /* reset the deactivated flag */ 1407 skey->deactivated = 0; 1408 1409 return (0); 1410 } 1411 1412 /*- 1413 * set the active key on an endpoint 1414 * ASSUMES INP_WLOCK is already held 1415 */ 1416 int 1417 sctp_auth_setactivekey_ep(struct sctp_inpcb *inp, uint16_t keyid) 1418 { 1419 sctp_sharedkey_t *skey; 1420 1421 /* find the key */ 1422 skey = sctp_find_sharedkey(&inp->sctp_ep.shared_keys, keyid); 1423 if (skey == NULL) { 1424 /* that key doesn't exist */ 1425 return (-1); 1426 } 1427 inp->sctp_ep.default_keyid = keyid; 1428 return (0); 1429 } 1430 1431 /*- 1432 * deactivates a shared key from the association 1433 * ASSUMES INP_WLOCK is already held 1434 */ 1435 int 1436 sctp_deact_sharedkey(struct sctp_tcb *stcb, uint16_t keyid) 1437 { 1438 sctp_sharedkey_t *skey; 1439 1440 if (stcb == NULL) 1441 return (-1); 1442 1443 /* is the keyid the assoc active sending key */ 1444 if (keyid == stcb->asoc.authinfo.active_keyid) 1445 return (-1); 1446 1447 /* does the key exist? */ 1448 skey = sctp_find_sharedkey(&stcb->asoc.shared_keys, keyid); 1449 if (skey == NULL) 1450 return (-1); 1451 1452 /* are there other refcount holders on the key? */ 1453 if (skey->refcount == 1) { 1454 /* no other users, send a notification for this key */ 1455 sctp_ulp_notify(SCTP_NOTIFY_AUTH_FREE_KEY, stcb, keyid, 0, 1456 SCTP_SO_LOCKED); 1457 } 1458 /* mark the key as deactivated */ 1459 skey->deactivated = 1; 1460 1461 return (0); 1462 } 1463 1464 /*- 1465 * deactivates a shared key from the endpoint 1466 * ASSUMES INP_WLOCK is already held 1467 */ 1468 int 1469 sctp_deact_sharedkey_ep(struct sctp_inpcb *inp, uint16_t keyid) 1470 { 1471 sctp_sharedkey_t *skey; 1472 1473 if (inp == NULL) 1474 return (-1); 1475 1476 /* is the keyid the active sending key on the endpoint */ 1477 if (keyid == inp->sctp_ep.default_keyid) 1478 return (-1); 1479 1480 /* does the key exist? */ 1481 skey = sctp_find_sharedkey(&inp->sctp_ep.shared_keys, keyid); 1482 if (skey == NULL) 1483 return (-1); 1484 1485 /* endpoint keys are not refcounted */ 1486 1487 /* remove it */ 1488 LIST_REMOVE(skey, next); 1489 sctp_free_sharedkey(skey); /* frees skey->key as well */ 1490 1491 return (0); 1492 } 1493 1494 /* 1495 * get local authentication parameters from cookie (from INIT-ACK) 1496 */ 1497 void 1498 sctp_auth_get_cookie_params(struct sctp_tcb *stcb, struct mbuf *m, 1499 uint32_t offset, uint32_t length) 1500 { 1501 struct sctp_paramhdr *phdr, tmp_param; 1502 uint16_t plen, ptype; 1503 uint8_t random_store[SCTP_PARAM_BUFFER_SIZE]; 1504 struct sctp_auth_random *p_random = NULL; 1505 uint16_t random_len = 0; 1506 uint8_t hmacs_store[SCTP_PARAM_BUFFER_SIZE]; 1507 struct sctp_auth_hmac_algo *hmacs = NULL; 1508 uint16_t hmacs_len = 0; 1509 uint8_t chunks_store[SCTP_PARAM_BUFFER_SIZE]; 1510 struct sctp_auth_chunk_list *chunks = NULL; 1511 uint16_t num_chunks = 0; 1512 sctp_key_t *new_key; 1513 uint32_t keylen; 1514 1515 /* convert to upper bound */ 1516 length += offset; 1517 1518 phdr = (struct sctp_paramhdr *)sctp_m_getptr(m, offset, 1519 sizeof(struct sctp_paramhdr), (uint8_t *) & tmp_param); 1520 while (phdr != NULL) { 1521 ptype = ntohs(phdr->param_type); 1522 plen = ntohs(phdr->param_length); 1523 1524 if ((plen == 0) || (offset + plen > length)) 1525 break; 1526 1527 if (ptype == SCTP_RANDOM) { 1528 if (plen > sizeof(random_store)) 1529 break; 1530 phdr = sctp_get_next_param(m, offset, 1531 (struct sctp_paramhdr *)random_store, min(plen, sizeof(random_store))); 1532 if (phdr == NULL) 1533 return; 1534 /* save the random and length for the key */ 1535 p_random = (struct sctp_auth_random *)phdr; 1536 random_len = plen - sizeof(*p_random); 1537 } else if (ptype == SCTP_HMAC_LIST) { 1538 int num_hmacs; 1539 int i; 1540 1541 if (plen > sizeof(hmacs_store)) 1542 break; 1543 phdr = sctp_get_next_param(m, offset, 1544 (struct sctp_paramhdr *)hmacs_store, min(plen, sizeof(hmacs_store))); 1545 if (phdr == NULL) 1546 return; 1547 /* save the hmacs list and num for the key */ 1548 hmacs = (struct sctp_auth_hmac_algo *)phdr; 1549 hmacs_len = plen - sizeof(*hmacs); 1550 num_hmacs = hmacs_len / sizeof(hmacs->hmac_ids[0]); 1551 if (stcb->asoc.local_hmacs != NULL) 1552 sctp_free_hmaclist(stcb->asoc.local_hmacs); 1553 stcb->asoc.local_hmacs = sctp_alloc_hmaclist(num_hmacs); 1554 if (stcb->asoc.local_hmacs != NULL) { 1555 for (i = 0; i < num_hmacs; i++) { 1556 (void)sctp_auth_add_hmacid(stcb->asoc.local_hmacs, 1557 ntohs(hmacs->hmac_ids[i])); 1558 } 1559 } 1560 } else if (ptype == SCTP_CHUNK_LIST) { 1561 int i; 1562 1563 if (plen > sizeof(chunks_store)) 1564 break; 1565 phdr = sctp_get_next_param(m, offset, 1566 (struct sctp_paramhdr *)chunks_store, min(plen, sizeof(chunks_store))); 1567 if (phdr == NULL) 1568 return; 1569 chunks = (struct sctp_auth_chunk_list *)phdr; 1570 num_chunks = plen - sizeof(*chunks); 1571 /* save chunks list and num for the key */ 1572 if (stcb->asoc.local_auth_chunks != NULL) 1573 sctp_clear_chunklist(stcb->asoc.local_auth_chunks); 1574 else 1575 stcb->asoc.local_auth_chunks = sctp_alloc_chunklist(); 1576 for (i = 0; i < num_chunks; i++) { 1577 (void)sctp_auth_add_chunk(chunks->chunk_types[i], 1578 stcb->asoc.local_auth_chunks); 1579 } 1580 } 1581 /* get next parameter */ 1582 offset += SCTP_SIZE32(plen); 1583 if (offset + sizeof(struct sctp_paramhdr) > length) 1584 break; 1585 phdr = (struct sctp_paramhdr *)sctp_m_getptr(m, offset, sizeof(struct sctp_paramhdr), 1586 (uint8_t *) & tmp_param); 1587 } 1588 /* concatenate the full random key */ 1589 keylen = sizeof(*p_random) + random_len + sizeof(*hmacs) + hmacs_len; 1590 if (chunks != NULL) { 1591 keylen += sizeof(*chunks) + num_chunks; 1592 } 1593 new_key = sctp_alloc_key(keylen); 1594 if (new_key != NULL) { 1595 /* copy in the RANDOM */ 1596 if (p_random != NULL) { 1597 keylen = sizeof(*p_random) + random_len; 1598 bcopy(p_random, new_key->key, keylen); 1599 } 1600 /* append in the AUTH chunks */ 1601 if (chunks != NULL) { 1602 bcopy(chunks, new_key->key + keylen, 1603 sizeof(*chunks) + num_chunks); 1604 keylen += sizeof(*chunks) + num_chunks; 1605 } 1606 /* append in the HMACs */ 1607 if (hmacs != NULL) { 1608 bcopy(hmacs, new_key->key + keylen, 1609 sizeof(*hmacs) + hmacs_len); 1610 } 1611 } 1612 if (stcb->asoc.authinfo.random != NULL) 1613 sctp_free_key(stcb->asoc.authinfo.random); 1614 stcb->asoc.authinfo.random = new_key; 1615 stcb->asoc.authinfo.random_len = random_len; 1616 sctp_clear_cachedkeys(stcb, stcb->asoc.authinfo.assoc_keyid); 1617 sctp_clear_cachedkeys(stcb, stcb->asoc.authinfo.recv_keyid); 1618 1619 /* negotiate what HMAC to use for the peer */ 1620 stcb->asoc.peer_hmac_id = sctp_negotiate_hmacid(stcb->asoc.peer_hmacs, 1621 stcb->asoc.local_hmacs); 1622 1623 /* copy defaults from the endpoint */ 1624 /* FIX ME: put in cookie? */ 1625 stcb->asoc.authinfo.active_keyid = stcb->sctp_ep->sctp_ep.default_keyid; 1626 /* copy out the shared key list (by reference) from the endpoint */ 1627 (void)sctp_copy_skeylist(&stcb->sctp_ep->sctp_ep.shared_keys, 1628 &stcb->asoc.shared_keys); 1629 } 1630 1631 /* 1632 * compute and fill in the HMAC digest for a packet 1633 */ 1634 void 1635 sctp_fill_hmac_digest_m(struct mbuf *m, uint32_t auth_offset, 1636 struct sctp_auth_chunk *auth, struct sctp_tcb *stcb, uint16_t keyid) 1637 { 1638 uint32_t digestlen; 1639 sctp_sharedkey_t *skey; 1640 sctp_key_t *key; 1641 1642 if ((stcb == NULL) || (auth == NULL)) 1643 return; 1644 1645 /* zero the digest + chunk padding */ 1646 digestlen = sctp_get_hmac_digest_len(stcb->asoc.peer_hmac_id); 1647 bzero(auth->hmac, SCTP_SIZE32(digestlen)); 1648 1649 /* is the desired key cached? */ 1650 if ((keyid != stcb->asoc.authinfo.assoc_keyid) || 1651 (stcb->asoc.authinfo.assoc_key == NULL)) { 1652 if (stcb->asoc.authinfo.assoc_key != NULL) { 1653 /* free the old cached key */ 1654 sctp_free_key(stcb->asoc.authinfo.assoc_key); 1655 } 1656 skey = sctp_find_sharedkey(&stcb->asoc.shared_keys, keyid); 1657 /* the only way skey is NULL is if null key id 0 is used */ 1658 if (skey != NULL) 1659 key = skey->key; 1660 else 1661 key = NULL; 1662 /* compute a new assoc key and cache it */ 1663 stcb->asoc.authinfo.assoc_key = 1664 sctp_compute_hashkey(stcb->asoc.authinfo.random, 1665 stcb->asoc.authinfo.peer_random, key); 1666 stcb->asoc.authinfo.assoc_keyid = keyid; 1667 SCTPDBG(SCTP_DEBUG_AUTH1, "caching key id %u\n", 1668 stcb->asoc.authinfo.assoc_keyid); 1669 #ifdef SCTP_DEBUG 1670 if (SCTP_AUTH_DEBUG) 1671 sctp_print_key(stcb->asoc.authinfo.assoc_key, 1672 "Assoc Key"); 1673 #endif 1674 } 1675 /* set in the active key id */ 1676 auth->shared_key_id = htons(keyid); 1677 1678 /* compute and fill in the digest */ 1679 (void)sctp_compute_hmac_m(stcb->asoc.peer_hmac_id, stcb->asoc.authinfo.assoc_key, 1680 m, auth_offset, auth->hmac); 1681 } 1682 1683 1684 static void 1685 sctp_bzero_m(struct mbuf *m, uint32_t m_offset, uint32_t size) 1686 { 1687 struct mbuf *m_tmp; 1688 uint8_t *data; 1689 1690 /* sanity check */ 1691 if (m == NULL) 1692 return; 1693 1694 /* find the correct starting mbuf and offset (get start position) */ 1695 m_tmp = m; 1696 while ((m_tmp != NULL) && (m_offset >= (uint32_t) SCTP_BUF_LEN(m_tmp))) { 1697 m_offset -= SCTP_BUF_LEN(m_tmp); 1698 m_tmp = SCTP_BUF_NEXT(m_tmp); 1699 } 1700 /* now use the rest of the mbuf chain */ 1701 while ((m_tmp != NULL) && (size > 0)) { 1702 data = mtod(m_tmp, uint8_t *) + m_offset; 1703 if (size > (uint32_t) SCTP_BUF_LEN(m_tmp)) { 1704 bzero(data, SCTP_BUF_LEN(m_tmp)); 1705 size -= SCTP_BUF_LEN(m_tmp); 1706 } else { 1707 bzero(data, size); 1708 size = 0; 1709 } 1710 /* clear the offset since it's only for the first mbuf */ 1711 m_offset = 0; 1712 m_tmp = SCTP_BUF_NEXT(m_tmp); 1713 } 1714 } 1715 1716 /*- 1717 * process the incoming Authentication chunk 1718 * return codes: 1719 * -1 on any authentication error 1720 * 0 on authentication verification 1721 */ 1722 int 1723 sctp_handle_auth(struct sctp_tcb *stcb, struct sctp_auth_chunk *auth, 1724 struct mbuf *m, uint32_t offset) 1725 { 1726 uint16_t chunklen; 1727 uint16_t shared_key_id; 1728 uint16_t hmac_id; 1729 sctp_sharedkey_t *skey; 1730 uint32_t digestlen; 1731 uint8_t digest[SCTP_AUTH_DIGEST_LEN_MAX]; 1732 uint8_t computed_digest[SCTP_AUTH_DIGEST_LEN_MAX]; 1733 1734 /* auth is checked for NULL by caller */ 1735 chunklen = ntohs(auth->ch.chunk_length); 1736 if (chunklen < sizeof(*auth)) { 1737 SCTP_STAT_INCR(sctps_recvauthfailed); 1738 return (-1); 1739 } 1740 SCTP_STAT_INCR(sctps_recvauth); 1741 1742 /* get the auth params */ 1743 shared_key_id = ntohs(auth->shared_key_id); 1744 hmac_id = ntohs(auth->hmac_id); 1745 SCTPDBG(SCTP_DEBUG_AUTH1, 1746 "SCTP AUTH Chunk: shared key %u, HMAC id %u\n", 1747 shared_key_id, hmac_id); 1748 1749 /* is the indicated HMAC supported? */ 1750 if (!sctp_auth_is_supported_hmac(stcb->asoc.local_hmacs, hmac_id)) { 1751 struct mbuf *m_err; 1752 struct sctp_auth_invalid_hmac *err; 1753 1754 SCTP_STAT_INCR(sctps_recvivalhmacid); 1755 SCTPDBG(SCTP_DEBUG_AUTH1, 1756 "SCTP Auth: unsupported HMAC id %u\n", 1757 hmac_id); 1758 /* 1759 * report this in an Error Chunk: Unsupported HMAC 1760 * Identifier 1761 */ 1762 m_err = sctp_get_mbuf_for_msg(sizeof(*err), 0, M_DONTWAIT, 1763 1, MT_HEADER); 1764 if (m_err != NULL) { 1765 /* pre-reserve some space */ 1766 SCTP_BUF_RESV_UF(m_err, sizeof(struct sctp_chunkhdr)); 1767 /* fill in the error */ 1768 err = mtod(m_err, struct sctp_auth_invalid_hmac *); 1769 bzero(err, sizeof(*err)); 1770 err->ph.param_type = htons(SCTP_CAUSE_UNSUPPORTED_HMACID); 1771 err->ph.param_length = htons(sizeof(*err)); 1772 err->hmac_id = ntohs(hmac_id); 1773 SCTP_BUF_LEN(m_err) = sizeof(*err); 1774 /* queue it */ 1775 sctp_queue_op_err(stcb, m_err); 1776 } 1777 return (-1); 1778 } 1779 /* get the indicated shared key, if available */ 1780 if ((stcb->asoc.authinfo.recv_key == NULL) || 1781 (stcb->asoc.authinfo.recv_keyid != shared_key_id)) { 1782 /* find the shared key on the assoc first */ 1783 skey = sctp_find_sharedkey(&stcb->asoc.shared_keys, 1784 shared_key_id); 1785 /* if the shared key isn't found, discard the chunk */ 1786 if (skey == NULL) { 1787 SCTP_STAT_INCR(sctps_recvivalkeyid); 1788 SCTPDBG(SCTP_DEBUG_AUTH1, 1789 "SCTP Auth: unknown key id %u\n", 1790 shared_key_id); 1791 return (-1); 1792 } 1793 /* generate a notification if this is a new key id */ 1794 if (stcb->asoc.authinfo.recv_keyid != shared_key_id) 1795 /* 1796 * sctp_ulp_notify(SCTP_NOTIFY_AUTH_NEW_KEY, stcb, 1797 * shared_key_id, (void 1798 * *)stcb->asoc.authinfo.recv_keyid); 1799 */ 1800 sctp_notify_authentication(stcb, SCTP_AUTH_NEWKEY, 1801 shared_key_id, stcb->asoc.authinfo.recv_keyid, 1802 SCTP_SO_NOT_LOCKED); 1803 /* compute a new recv assoc key and cache it */ 1804 if (stcb->asoc.authinfo.recv_key != NULL) 1805 sctp_free_key(stcb->asoc.authinfo.recv_key); 1806 stcb->asoc.authinfo.recv_key = 1807 sctp_compute_hashkey(stcb->asoc.authinfo.random, 1808 stcb->asoc.authinfo.peer_random, skey->key); 1809 stcb->asoc.authinfo.recv_keyid = shared_key_id; 1810 #ifdef SCTP_DEBUG 1811 if (SCTP_AUTH_DEBUG) 1812 sctp_print_key(stcb->asoc.authinfo.recv_key, "Recv Key"); 1813 #endif 1814 } 1815 /* validate the digest length */ 1816 digestlen = sctp_get_hmac_digest_len(hmac_id); 1817 if (chunklen < (sizeof(*auth) + digestlen)) { 1818 /* invalid digest length */ 1819 SCTP_STAT_INCR(sctps_recvauthfailed); 1820 SCTPDBG(SCTP_DEBUG_AUTH1, 1821 "SCTP Auth: chunk too short for HMAC\n"); 1822 return (-1); 1823 } 1824 /* save a copy of the digest, zero the pseudo header, and validate */ 1825 bcopy(auth->hmac, digest, digestlen); 1826 sctp_bzero_m(m, offset + sizeof(*auth), SCTP_SIZE32(digestlen)); 1827 (void)sctp_compute_hmac_m(hmac_id, stcb->asoc.authinfo.recv_key, 1828 m, offset, computed_digest); 1829 1830 /* compare the computed digest with the one in the AUTH chunk */ 1831 if (memcmp(digest, computed_digest, digestlen) != 0) { 1832 SCTP_STAT_INCR(sctps_recvauthfailed); 1833 SCTPDBG(SCTP_DEBUG_AUTH1, 1834 "SCTP Auth: HMAC digest check failed\n"); 1835 return (-1); 1836 } 1837 return (0); 1838 } 1839 1840 /* 1841 * Generate NOTIFICATION 1842 */ 1843 void 1844 sctp_notify_authentication(struct sctp_tcb *stcb, uint32_t indication, 1845 uint16_t keyid, uint16_t alt_keyid, int so_locked 1846 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 1847 SCTP_UNUSED 1848 #endif 1849 ) 1850 { 1851 struct mbuf *m_notify; 1852 struct sctp_authkey_event *auth; 1853 struct sctp_queued_to_read *control; 1854 1855 if ((stcb == NULL) || 1856 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || 1857 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) || 1858 (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) 1859 ) { 1860 /* If the socket is gone we are out of here */ 1861 return; 1862 } 1863 if (sctp_is_feature_off(stcb->sctp_ep, SCTP_PCB_FLAGS_AUTHEVNT)) 1864 /* event not enabled */ 1865 return; 1866 1867 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_authkey_event), 1868 0, M_DONTWAIT, 1, MT_HEADER); 1869 if (m_notify == NULL) 1870 /* no space left */ 1871 return; 1872 1873 SCTP_BUF_LEN(m_notify) = 0; 1874 auth = mtod(m_notify, struct sctp_authkey_event *); 1875 auth->auth_type = SCTP_AUTHENTICATION_EVENT; 1876 auth->auth_flags = 0; 1877 auth->auth_length = sizeof(*auth); 1878 auth->auth_keynumber = keyid; 1879 auth->auth_altkeynumber = alt_keyid; 1880 auth->auth_indication = indication; 1881 auth->auth_assoc_id = sctp_get_associd(stcb); 1882 1883 SCTP_BUF_LEN(m_notify) = sizeof(*auth); 1884 SCTP_BUF_NEXT(m_notify) = NULL; 1885 1886 /* append to socket */ 1887 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 1888 0, 0, 0, 0, 0, 0, m_notify); 1889 if (control == NULL) { 1890 /* no memory */ 1891 sctp_m_freem(m_notify); 1892 return; 1893 } 1894 control->spec_flags = M_NOTIFICATION; 1895 control->length = SCTP_BUF_LEN(m_notify); 1896 /* not that we need this */ 1897 control->tail_mbuf = m_notify; 1898 sctp_add_to_readq(stcb->sctp_ep, stcb, control, 1899 &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_NOT_HELD, so_locked); 1900 } 1901 1902 1903 /*- 1904 * validates the AUTHentication related parameters in an INIT/INIT-ACK 1905 * Note: currently only used for INIT as INIT-ACK is handled inline 1906 * with sctp_load_addresses_from_init() 1907 */ 1908 int 1909 sctp_validate_init_auth_params(struct mbuf *m, int offset, int limit) 1910 { 1911 struct sctp_paramhdr *phdr, parm_buf; 1912 uint16_t ptype, plen; 1913 int peer_supports_asconf = 0; 1914 int peer_supports_auth = 0; 1915 int got_random = 0, got_hmacs = 0, got_chklist = 0; 1916 uint8_t saw_asconf = 0; 1917 uint8_t saw_asconf_ack = 0; 1918 1919 /* go through each of the params. */ 1920 phdr = sctp_get_next_param(m, offset, &parm_buf, sizeof(parm_buf)); 1921 while (phdr) { 1922 ptype = ntohs(phdr->param_type); 1923 plen = ntohs(phdr->param_length); 1924 1925 if (offset + plen > limit) { 1926 break; 1927 } 1928 if (plen < sizeof(struct sctp_paramhdr)) { 1929 break; 1930 } 1931 if (ptype == SCTP_SUPPORTED_CHUNK_EXT) { 1932 /* A supported extension chunk */ 1933 struct sctp_supported_chunk_types_param *pr_supported; 1934 uint8_t local_store[SCTP_PARAM_BUFFER_SIZE]; 1935 int num_ent, i; 1936 1937 phdr = sctp_get_next_param(m, offset, 1938 (struct sctp_paramhdr *)&local_store, min(plen, sizeof(local_store))); 1939 if (phdr == NULL) { 1940 return (-1); 1941 } 1942 pr_supported = (struct sctp_supported_chunk_types_param *)phdr; 1943 num_ent = plen - sizeof(struct sctp_paramhdr); 1944 for (i = 0; i < num_ent; i++) { 1945 switch (pr_supported->chunk_types[i]) { 1946 case SCTP_ASCONF: 1947 case SCTP_ASCONF_ACK: 1948 peer_supports_asconf = 1; 1949 break; 1950 case SCTP_AUTHENTICATION: 1951 peer_supports_auth = 1; 1952 break; 1953 default: 1954 /* one we don't care about */ 1955 break; 1956 } 1957 } 1958 } else if (ptype == SCTP_RANDOM) { 1959 got_random = 1; 1960 /* enforce the random length */ 1961 if (plen != (sizeof(struct sctp_auth_random) + 1962 SCTP_AUTH_RANDOM_SIZE_REQUIRED)) { 1963 SCTPDBG(SCTP_DEBUG_AUTH1, 1964 "SCTP: invalid RANDOM len\n"); 1965 return (-1); 1966 } 1967 } else if (ptype == SCTP_HMAC_LIST) { 1968 uint8_t store[SCTP_PARAM_BUFFER_SIZE]; 1969 struct sctp_auth_hmac_algo *hmacs; 1970 int num_hmacs; 1971 1972 if (plen > sizeof(store)) 1973 break; 1974 phdr = sctp_get_next_param(m, offset, 1975 (struct sctp_paramhdr *)store, min(plen, sizeof(store))); 1976 if (phdr == NULL) 1977 return (-1); 1978 hmacs = (struct sctp_auth_hmac_algo *)phdr; 1979 num_hmacs = (plen - sizeof(*hmacs)) / 1980 sizeof(hmacs->hmac_ids[0]); 1981 /* validate the hmac list */ 1982 if (sctp_verify_hmac_param(hmacs, num_hmacs)) { 1983 SCTPDBG(SCTP_DEBUG_AUTH1, 1984 "SCTP: invalid HMAC param\n"); 1985 return (-1); 1986 } 1987 got_hmacs = 1; 1988 } else if (ptype == SCTP_CHUNK_LIST) { 1989 int i, num_chunks; 1990 uint8_t chunks_store[SCTP_SMALL_CHUNK_STORE]; 1991 1992 /* did the peer send a non-empty chunk list? */ 1993 struct sctp_auth_chunk_list *chunks = NULL; 1994 1995 phdr = sctp_get_next_param(m, offset, 1996 (struct sctp_paramhdr *)chunks_store, 1997 min(plen, sizeof(chunks_store))); 1998 if (phdr == NULL) 1999 return (-1); 2000 2001 /*- 2002 * Flip through the list and mark that the 2003 * peer supports asconf/asconf_ack. 2004 */ 2005 chunks = (struct sctp_auth_chunk_list *)phdr; 2006 num_chunks = plen - sizeof(*chunks); 2007 for (i = 0; i < num_chunks; i++) { 2008 /* record asconf/asconf-ack if listed */ 2009 if (chunks->chunk_types[i] == SCTP_ASCONF) 2010 saw_asconf = 1; 2011 if (chunks->chunk_types[i] == SCTP_ASCONF_ACK) 2012 saw_asconf_ack = 1; 2013 2014 } 2015 if (num_chunks) 2016 got_chklist = 1; 2017 } 2018 offset += SCTP_SIZE32(plen); 2019 if (offset >= limit) { 2020 break; 2021 } 2022 phdr = sctp_get_next_param(m, offset, &parm_buf, 2023 sizeof(parm_buf)); 2024 } 2025 /* validate authentication required parameters */ 2026 if (got_random && got_hmacs) { 2027 peer_supports_auth = 1; 2028 } else { 2029 peer_supports_auth = 0; 2030 } 2031 if (!peer_supports_auth && got_chklist) { 2032 SCTPDBG(SCTP_DEBUG_AUTH1, 2033 "SCTP: peer sent chunk list w/o AUTH\n"); 2034 return (-1); 2035 } 2036 if (!SCTP_BASE_SYSCTL(sctp_asconf_auth_nochk) && peer_supports_asconf && 2037 !peer_supports_auth) { 2038 SCTPDBG(SCTP_DEBUG_AUTH1, 2039 "SCTP: peer supports ASCONF but not AUTH\n"); 2040 return (-1); 2041 } else if ((peer_supports_asconf) && (peer_supports_auth) && 2042 ((saw_asconf == 0) || (saw_asconf_ack == 0))) { 2043 return (-2); 2044 } 2045 return (0); 2046 } 2047 2048 void 2049 sctp_initialize_auth_params(struct sctp_inpcb *inp, struct sctp_tcb *stcb) 2050 { 2051 uint16_t chunks_len = 0; 2052 uint16_t hmacs_len = 0; 2053 uint16_t random_len = SCTP_AUTH_RANDOM_SIZE_DEFAULT; 2054 sctp_key_t *new_key; 2055 uint16_t keylen; 2056 2057 /* initialize hmac list from endpoint */ 2058 stcb->asoc.local_hmacs = sctp_copy_hmaclist(inp->sctp_ep.local_hmacs); 2059 if (stcb->asoc.local_hmacs != NULL) { 2060 hmacs_len = stcb->asoc.local_hmacs->num_algo * 2061 sizeof(stcb->asoc.local_hmacs->hmac[0]); 2062 } 2063 /* initialize auth chunks list from endpoint */ 2064 stcb->asoc.local_auth_chunks = 2065 sctp_copy_chunklist(inp->sctp_ep.local_auth_chunks); 2066 if (stcb->asoc.local_auth_chunks != NULL) { 2067 int i; 2068 2069 for (i = 0; i < 256; i++) { 2070 if (stcb->asoc.local_auth_chunks->chunks[i]) 2071 chunks_len++; 2072 } 2073 } 2074 /* copy defaults from the endpoint */ 2075 stcb->asoc.authinfo.active_keyid = inp->sctp_ep.default_keyid; 2076 2077 /* copy out the shared key list (by reference) from the endpoint */ 2078 (void)sctp_copy_skeylist(&inp->sctp_ep.shared_keys, 2079 &stcb->asoc.shared_keys); 2080 2081 /* now set the concatenated key (random + chunks + hmacs) */ 2082 /* key includes parameter headers */ 2083 keylen = (3 * sizeof(struct sctp_paramhdr)) + random_len + chunks_len + 2084 hmacs_len; 2085 new_key = sctp_alloc_key(keylen); 2086 if (new_key != NULL) { 2087 struct sctp_paramhdr *ph; 2088 int plen; 2089 2090 /* generate and copy in the RANDOM */ 2091 ph = (struct sctp_paramhdr *)new_key->key; 2092 ph->param_type = htons(SCTP_RANDOM); 2093 plen = sizeof(*ph) + random_len; 2094 ph->param_length = htons(plen); 2095 SCTP_READ_RANDOM(new_key->key + sizeof(*ph), random_len); 2096 keylen = plen; 2097 2098 /* append in the AUTH chunks */ 2099 /* NOTE: currently we always have chunks to list */ 2100 ph = (struct sctp_paramhdr *)(new_key->key + keylen); 2101 ph->param_type = htons(SCTP_CHUNK_LIST); 2102 plen = sizeof(*ph) + chunks_len; 2103 ph->param_length = htons(plen); 2104 keylen += sizeof(*ph); 2105 if (stcb->asoc.local_auth_chunks) { 2106 int i; 2107 2108 for (i = 0; i < 256; i++) { 2109 if (stcb->asoc.local_auth_chunks->chunks[i]) 2110 new_key->key[keylen++] = i; 2111 } 2112 } 2113 /* append in the HMACs */ 2114 ph = (struct sctp_paramhdr *)(new_key->key + keylen); 2115 ph->param_type = htons(SCTP_HMAC_LIST); 2116 plen = sizeof(*ph) + hmacs_len; 2117 ph->param_length = htons(plen); 2118 keylen += sizeof(*ph); 2119 (void)sctp_serialize_hmaclist(stcb->asoc.local_hmacs, 2120 new_key->key + keylen); 2121 } 2122 if (stcb->asoc.authinfo.random != NULL) 2123 sctp_free_key(stcb->asoc.authinfo.random); 2124 stcb->asoc.authinfo.random = new_key; 2125 stcb->asoc.authinfo.random_len = random_len; 2126 } 2127