1 /*- 2 * Copyright (c) 2001-2007, Cisco Systems, Inc. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions are met: 6 * 7 * a) Redistributions of source code must retain the above copyright notice, 8 * this list of conditions and the following disclaimer. 9 * 10 * b) Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in 12 * the documentation and/or other materials provided with the distribution. 13 * 14 * c) Neither the name of Cisco Systems, Inc. nor the names of its 15 * contributors may be used to endorse or promote products derived 16 * from this software without specific prior written permission. 17 * 18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, 20 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 22 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 23 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 24 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 25 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 26 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 27 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF 28 * THE POSSIBILITY OF SUCH DAMAGE. 29 */ 30 31 #include <sys/cdefs.h> 32 __FBSDID("$FreeBSD$"); 33 34 #include <netinet/sctp_os.h> 35 #include <netinet/sctp.h> 36 #include <netinet/sctp_header.h> 37 #include <netinet/sctp_pcb.h> 38 #include <netinet/sctp_var.h> 39 #include <netinet/sctp_sysctl.h> 40 #include <netinet/sctputil.h> 41 #include <netinet/sctp_indata.h> 42 #include <netinet/sctp_output.h> 43 #include <netinet/sctp_auth.h> 44 45 #ifdef SCTP_DEBUG 46 #define SCTP_AUTH_DEBUG (sctp_debug_on & SCTP_DEBUG_AUTH1) 47 #define SCTP_AUTH_DEBUG2 (sctp_debug_on & SCTP_DEBUG_AUTH2) 48 #endif /* SCTP_DEBUG */ 49 50 51 inline void 52 sctp_clear_chunklist(sctp_auth_chklist_t * chklist) 53 { 54 bzero(chklist, sizeof(*chklist)); 55 /* chklist->num_chunks = 0; */ 56 } 57 58 sctp_auth_chklist_t * 59 sctp_alloc_chunklist(void) 60 { 61 sctp_auth_chklist_t *chklist; 62 63 SCTP_MALLOC(chklist, sctp_auth_chklist_t *, sizeof(*chklist), 64 "AUTH chklist"); 65 if (chklist == NULL) { 66 #ifdef SCTP_DEBUG 67 if (sctp_debug_on & SCTP_AUTH_DEBUG) { 68 printf("sctp_alloc_chunklist: failed to get memory!\n"); 69 } 70 #endif /* SCTP_DEBUG */ 71 } else { 72 sctp_clear_chunklist(chklist); 73 } 74 return (chklist); 75 } 76 77 void 78 sctp_free_chunklist(sctp_auth_chklist_t * list) 79 { 80 if (list != NULL) 81 SCTP_FREE(list); 82 } 83 84 sctp_auth_chklist_t * 85 sctp_copy_chunklist(sctp_auth_chklist_t * list) 86 { 87 sctp_auth_chklist_t *new_list; 88 89 if (list == NULL) 90 return (NULL); 91 92 /* get a new list */ 93 new_list = sctp_alloc_chunklist(); 94 if (new_list == NULL) 95 return (NULL); 96 /* copy it */ 97 bcopy(list, new_list, sizeof(*new_list)); 98 99 return (new_list); 100 } 101 102 103 /* 104 * add a chunk to the required chunks list 105 */ 106 int 107 sctp_auth_add_chunk(uint8_t chunk, sctp_auth_chklist_t * list) 108 { 109 if (list == NULL) 110 return (-1); 111 112 /* is chunk restricted? */ 113 if ((chunk == SCTP_INITIATION) || 114 (chunk == SCTP_INITIATION_ACK) || 115 (chunk == SCTP_SHUTDOWN_COMPLETE) || 116 (chunk == SCTP_AUTHENTICATION)) { 117 return (-1); 118 } 119 if (list->chunks[chunk] == 0) { 120 list->chunks[chunk] = 1; 121 list->num_chunks++; 122 #ifdef SCTP_DEBUG 123 if (SCTP_AUTH_DEBUG) 124 printf("SCTP: added chunk %u (0x%02x) to Auth list\n", 125 chunk, chunk); 126 #endif 127 } 128 return (0); 129 } 130 131 /* 132 * delete a chunk from the required chunks list 133 */ 134 int 135 sctp_auth_delete_chunk(uint8_t chunk, sctp_auth_chklist_t * list) 136 { 137 if (list == NULL) 138 return (-1); 139 140 /* is chunk restricted? */ 141 if ((chunk == SCTP_ASCONF) || 142 (chunk == SCTP_ASCONF_ACK)) { 143 return (-1); 144 } 145 if (list->chunks[chunk] == 1) { 146 list->chunks[chunk] = 0; 147 list->num_chunks--; 148 #ifdef SCTP_DEBUG 149 if (SCTP_AUTH_DEBUG) 150 printf("SCTP: deleted chunk %u (0x%02x) from Auth list\n", 151 chunk, chunk); 152 #endif 153 } 154 return (0); 155 } 156 157 inline size_t 158 sctp_auth_get_chklist_size(const sctp_auth_chklist_t * list) 159 { 160 if (list == NULL) 161 return (0); 162 else 163 return (list->num_chunks); 164 } 165 166 /* 167 * set the default list of chunks requiring AUTH 168 */ 169 void 170 sctp_auth_set_default_chunks(sctp_auth_chklist_t * list) 171 { 172 sctp_auth_add_chunk(SCTP_ASCONF, list); 173 sctp_auth_add_chunk(SCTP_ASCONF_ACK, list); 174 } 175 176 /* 177 * return the current number and list of required chunks caller must 178 * guarantee ptr has space for up to 256 bytes 179 */ 180 int 181 sctp_serialize_auth_chunks(const sctp_auth_chklist_t * list, uint8_t * ptr) 182 { 183 int i, count = 0; 184 185 if (list == NULL) 186 return (0); 187 188 for (i = 0; i < 256; i++) { 189 if (list->chunks[i] != 0) { 190 *ptr++ = i; 191 count++; 192 } 193 } 194 return (count); 195 } 196 197 int 198 sctp_pack_auth_chunks(const sctp_auth_chklist_t * list, uint8_t * ptr) 199 { 200 int i, size = 0; 201 202 if (list == NULL) 203 return (0); 204 205 if (list->num_chunks <= 32) { 206 /* just list them, one byte each */ 207 for (i = 0; i < 256; i++) { 208 if (list->chunks[i] != 0) { 209 *ptr++ = i; 210 size++; 211 } 212 } 213 } else { 214 int index, offset; 215 216 /* pack into a 32 byte bitfield */ 217 for (i = 0; i < 256; i++) { 218 if (list->chunks[i] != 0) { 219 index = i / 8; 220 offset = i % 8; 221 ptr[index] |= (1 << offset); 222 } 223 } 224 size = 32; 225 } 226 return (size); 227 } 228 229 int 230 sctp_unpack_auth_chunks(const uint8_t * ptr, uint8_t num_chunks, 231 sctp_auth_chklist_t * list) 232 { 233 int i; 234 int size; 235 236 if (list == NULL) 237 return (0); 238 239 if (num_chunks <= 32) { 240 /* just pull them, one byte each */ 241 for (i = 0; i < num_chunks; i++) { 242 sctp_auth_add_chunk(*ptr++, list); 243 } 244 size = num_chunks; 245 } else { 246 int index, offset; 247 248 /* unpack from a 32 byte bitfield */ 249 for (index = 0; index < 32; index++) { 250 for (offset = 0; offset < 8; offset++) { 251 if (ptr[index] & (1 << offset)) { 252 sctp_auth_add_chunk((index * 8) + offset, list); 253 } 254 } 255 } 256 size = 32; 257 } 258 return (size); 259 } 260 261 262 /* 263 * allocate structure space for a key of length keylen 264 */ 265 sctp_key_t * 266 sctp_alloc_key(uint32_t keylen) 267 { 268 sctp_key_t *new_key; 269 270 SCTP_MALLOC(new_key, sctp_key_t *, sizeof(*new_key) + keylen, 271 "AUTH key"); 272 if (new_key == NULL) { 273 /* out of memory */ 274 return (NULL); 275 } 276 new_key->keylen = keylen; 277 return (new_key); 278 } 279 280 void 281 sctp_free_key(sctp_key_t * key) 282 { 283 if (key != NULL) 284 SCTP_FREE(key); 285 } 286 287 void 288 sctp_print_key(sctp_key_t * key, const char *str) 289 { 290 uint32_t i; 291 292 if (key == NULL) { 293 printf("%s: [Null key]\n", str); 294 return; 295 } 296 printf("%s: len %u, ", str, key->keylen); 297 if (key->keylen) { 298 for (i = 0; i < key->keylen; i++) 299 printf("%02x", key->key[i]); 300 printf("\n"); 301 } else { 302 printf("[Null key]\n"); 303 } 304 } 305 306 void 307 sctp_show_key(sctp_key_t * key, const char *str) 308 { 309 uint32_t i; 310 311 if (key == NULL) { 312 printf("%s: [Null key]\n", str); 313 return; 314 } 315 printf("%s: len %u, ", str, key->keylen); 316 if (key->keylen) { 317 for (i = 0; i < key->keylen; i++) 318 printf("%02x", key->key[i]); 319 printf("\n"); 320 } else { 321 printf("[Null key]\n"); 322 } 323 } 324 325 static inline uint32_t 326 sctp_get_keylen(sctp_key_t * key) 327 { 328 if (key != NULL) 329 return (key->keylen); 330 else 331 return (0); 332 } 333 334 /* 335 * generate a new random key of length 'keylen' 336 */ 337 sctp_key_t * 338 sctp_generate_random_key(uint32_t keylen) 339 { 340 sctp_key_t *new_key; 341 342 /* validate keylen */ 343 if (keylen > SCTP_AUTH_RANDOM_SIZE_MAX) 344 keylen = SCTP_AUTH_RANDOM_SIZE_MAX; 345 346 new_key = sctp_alloc_key(keylen); 347 if (new_key == NULL) { 348 /* out of memory */ 349 return (NULL); 350 } 351 SCTP_READ_RANDOM(new_key->key, keylen); 352 new_key->keylen = keylen; 353 return (new_key); 354 } 355 356 sctp_key_t * 357 sctp_set_key(uint8_t * key, uint32_t keylen) 358 { 359 sctp_key_t *new_key; 360 361 new_key = sctp_alloc_key(keylen); 362 if (new_key == NULL) { 363 /* out of memory */ 364 return (NULL); 365 } 366 bcopy(key, new_key->key, keylen); 367 return (new_key); 368 } 369 370 /* 371 * given two keys of variable size, compute which key is "larger/smaller" 372 * returns: 1 if key1 > key2 -1 if key1 < key2 0 if key1 = key2 373 */ 374 static int 375 sctp_compare_key(sctp_key_t * key1, sctp_key_t * key2) 376 { 377 uint32_t maxlen; 378 uint32_t i; 379 uint32_t key1len, key2len; 380 uint8_t *key_1, *key_2; 381 uint8_t temp[SCTP_AUTH_RANDOM_SIZE_MAX]; 382 383 /* sanity/length check */ 384 key1len = sctp_get_keylen(key1); 385 key2len = sctp_get_keylen(key2); 386 if ((key1len == 0) && (key2len == 0)) 387 return (0); 388 else if (key1len == 0) 389 return (-1); 390 else if (key2len == 0) 391 return (1); 392 393 if (key1len != key2len) { 394 if (key1len >= key2len) 395 maxlen = key1len; 396 else 397 maxlen = key2len; 398 bzero(temp, maxlen); 399 if (key1len < maxlen) { 400 /* prepend zeroes to key1 */ 401 bcopy(key1->key, temp + (maxlen - key1len), key1len); 402 key_1 = temp; 403 key_2 = key2->key; 404 } else { 405 /* prepend zeroes to key2 */ 406 bcopy(key2->key, temp + (maxlen - key2len), key2len); 407 key_1 = key1->key; 408 key_2 = temp; 409 } 410 } else { 411 maxlen = key1len; 412 key_1 = key1->key; 413 key_2 = key2->key; 414 } 415 416 for (i = 0; i < maxlen; i++) { 417 if (*key_1 > *key_2) 418 return (1); 419 else if (*key_1 < *key_2) 420 return (-1); 421 key_1++; 422 key_2++; 423 } 424 425 /* keys are equal value, so check lengths */ 426 if (key1len == key2len) 427 return (0); 428 else if (key1len < key2len) 429 return (-1); 430 else 431 return (1); 432 } 433 434 /* 435 * generate the concatenated keying material based on the two keys and the 436 * shared key (if available). draft-ietf-tsvwg-auth specifies the specific 437 * order for concatenation 438 */ 439 sctp_key_t * 440 sctp_compute_hashkey(sctp_key_t * key1, sctp_key_t * key2, sctp_key_t * shared) 441 { 442 uint32_t keylen; 443 sctp_key_t *new_key; 444 uint8_t *key_ptr; 445 446 keylen = sctp_get_keylen(key1) + sctp_get_keylen(key2) + 447 sctp_get_keylen(shared); 448 449 if (keylen > 0) { 450 /* get space for the new key */ 451 new_key = sctp_alloc_key(keylen); 452 if (new_key == NULL) { 453 /* out of memory */ 454 return (NULL); 455 } 456 new_key->keylen = keylen; 457 key_ptr = new_key->key; 458 } else { 459 /* all keys empty/null?! */ 460 return (NULL); 461 } 462 463 /* concatenate the keys */ 464 if (sctp_compare_key(key1, key2) <= 0) { 465 /* key is key1 + shared + key2 */ 466 if (sctp_get_keylen(key1)) { 467 bcopy(key1->key, key_ptr, key1->keylen); 468 key_ptr += key1->keylen; 469 } 470 if (sctp_get_keylen(shared)) { 471 bcopy(shared->key, key_ptr, shared->keylen); 472 key_ptr += shared->keylen; 473 } 474 if (sctp_get_keylen(key2)) { 475 bcopy(key2->key, key_ptr, key2->keylen); 476 key_ptr += key2->keylen; 477 } 478 } else { 479 /* key is key2 + shared + key1 */ 480 if (sctp_get_keylen(key2)) { 481 bcopy(key2->key, key_ptr, key2->keylen); 482 key_ptr += key2->keylen; 483 } 484 if (sctp_get_keylen(shared)) { 485 bcopy(shared->key, key_ptr, shared->keylen); 486 key_ptr += shared->keylen; 487 } 488 if (sctp_get_keylen(key1)) { 489 bcopy(key1->key, key_ptr, key1->keylen); 490 key_ptr += key1->keylen; 491 } 492 } 493 return (new_key); 494 } 495 496 497 sctp_sharedkey_t * 498 sctp_alloc_sharedkey(void) 499 { 500 sctp_sharedkey_t *new_key; 501 502 SCTP_MALLOC(new_key, sctp_sharedkey_t *, sizeof(*new_key), 503 "AUTH skey"); 504 if (new_key == NULL) { 505 /* out of memory */ 506 return (NULL); 507 } 508 new_key->keyid = 0; 509 new_key->key = NULL; 510 return (new_key); 511 } 512 513 void 514 sctp_free_sharedkey(sctp_sharedkey_t * skey) 515 { 516 if (skey != NULL) { 517 if (skey->key != NULL) 518 sctp_free_key(skey->key); 519 SCTP_FREE(skey); 520 } 521 } 522 523 sctp_sharedkey_t * 524 sctp_find_sharedkey(struct sctp_keyhead *shared_keys, uint16_t key_id) 525 { 526 sctp_sharedkey_t *skey; 527 528 LIST_FOREACH(skey, shared_keys, next) { 529 if (skey->keyid == key_id) 530 return (skey); 531 } 532 return (NULL); 533 } 534 535 void 536 sctp_insert_sharedkey(struct sctp_keyhead *shared_keys, 537 sctp_sharedkey_t * new_skey) 538 { 539 sctp_sharedkey_t *skey; 540 541 if ((shared_keys == NULL) || (new_skey == NULL)) 542 return; 543 544 /* insert into an empty list? */ 545 if (SCTP_LIST_EMPTY(shared_keys)) { 546 LIST_INSERT_HEAD(shared_keys, new_skey, next); 547 return; 548 } 549 /* insert into the existing list, ordered by key id */ 550 LIST_FOREACH(skey, shared_keys, next) { 551 if (new_skey->keyid < skey->keyid) { 552 /* insert it before here */ 553 LIST_INSERT_BEFORE(skey, new_skey, next); 554 return; 555 } else if (new_skey->keyid == skey->keyid) { 556 /* replace the existing key */ 557 #ifdef SCTP_DEBUG 558 if (SCTP_AUTH_DEBUG) 559 printf("replacing shared key id %u\n", new_skey->keyid); 560 #endif 561 LIST_INSERT_BEFORE(skey, new_skey, next); 562 LIST_REMOVE(skey, next); 563 sctp_free_sharedkey(skey); 564 return; 565 } 566 if (LIST_NEXT(skey, next) == NULL) { 567 /* belongs at the end of the list */ 568 LIST_INSERT_AFTER(skey, new_skey, next); 569 return; 570 } 571 } 572 } 573 574 static sctp_sharedkey_t * 575 sctp_copy_sharedkey(const sctp_sharedkey_t * skey) 576 { 577 sctp_sharedkey_t *new_skey; 578 579 if (skey == NULL) 580 return (NULL); 581 new_skey = sctp_alloc_sharedkey(); 582 if (new_skey == NULL) 583 return (NULL); 584 if (skey->key != NULL) 585 new_skey->key = sctp_set_key(skey->key->key, skey->key->keylen); 586 else 587 new_skey->key = NULL; 588 new_skey->keyid = skey->keyid; 589 return (new_skey); 590 } 591 592 int 593 sctp_copy_skeylist(const struct sctp_keyhead *src, struct sctp_keyhead *dest) 594 { 595 sctp_sharedkey_t *skey, *new_skey; 596 int count = 0; 597 598 if ((src == NULL) || (dest == NULL)) 599 return (0); 600 LIST_FOREACH(skey, src, next) { 601 new_skey = sctp_copy_sharedkey(skey); 602 if (new_skey != NULL) { 603 sctp_insert_sharedkey(dest, new_skey); 604 count++; 605 } 606 } 607 return (count); 608 } 609 610 611 sctp_hmaclist_t * 612 sctp_alloc_hmaclist(uint8_t num_hmacs) 613 { 614 sctp_hmaclist_t *new_list; 615 int alloc_size; 616 617 alloc_size = sizeof(*new_list) + num_hmacs * sizeof(new_list->hmac[0]); 618 SCTP_MALLOC(new_list, sctp_hmaclist_t *, alloc_size, 619 "AUTH HMAC list"); 620 if (new_list == NULL) { 621 /* out of memory */ 622 return (NULL); 623 } 624 new_list->max_algo = num_hmacs; 625 new_list->num_algo = 0; 626 return (new_list); 627 } 628 629 void 630 sctp_free_hmaclist(sctp_hmaclist_t * list) 631 { 632 if (list != NULL) { 633 SCTP_FREE(list); 634 list = NULL; 635 } 636 } 637 638 int 639 sctp_auth_add_hmacid(sctp_hmaclist_t * list, uint16_t hmac_id) 640 { 641 if (list == NULL) 642 return (-1); 643 if (list->num_algo == list->max_algo) { 644 #ifdef SCTP_DEBUG 645 if (SCTP_AUTH_DEBUG) 646 printf("SCTP: HMAC id list full, ignoring add %u\n", hmac_id); 647 #endif 648 return (-1); 649 } 650 if ((hmac_id != SCTP_AUTH_HMAC_ID_SHA1) && 651 #ifdef HAVE_SHA224 652 (hmac_id != SCTP_AUTH_HMAC_ID_SHA224) && 653 #endif 654 #ifdef HAVE_SHA2 655 (hmac_id != SCTP_AUTH_HMAC_ID_SHA256) && 656 (hmac_id != SCTP_AUTH_HMAC_ID_SHA384) && 657 (hmac_id != SCTP_AUTH_HMAC_ID_SHA512) && 658 #endif 659 (hmac_id != SCTP_AUTH_HMAC_ID_MD5)) { 660 return (-1); 661 } 662 #ifdef SCTP_DEBUG 663 if (SCTP_AUTH_DEBUG) 664 printf("SCTP: add HMAC id %u to list\n", hmac_id); 665 #endif 666 list->hmac[list->num_algo++] = hmac_id; 667 return (0); 668 } 669 670 sctp_hmaclist_t * 671 sctp_copy_hmaclist(sctp_hmaclist_t * list) 672 { 673 sctp_hmaclist_t *new_list; 674 int i; 675 676 if (list == NULL) 677 return (NULL); 678 /* get a new list */ 679 new_list = sctp_alloc_hmaclist(list->max_algo); 680 if (new_list == NULL) 681 return (NULL); 682 /* copy it */ 683 new_list->max_algo = list->max_algo; 684 new_list->num_algo = list->num_algo; 685 for (i = 0; i < list->num_algo; i++) 686 new_list->hmac[i] = list->hmac[i]; 687 return (new_list); 688 } 689 690 sctp_hmaclist_t * 691 sctp_default_supported_hmaclist(void) 692 { 693 sctp_hmaclist_t *new_list; 694 695 new_list = sctp_alloc_hmaclist(2); 696 if (new_list == NULL) 697 return (NULL); 698 sctp_auth_add_hmacid(new_list, SCTP_AUTH_HMAC_ID_SHA1); 699 sctp_auth_add_hmacid(new_list, SCTP_AUTH_HMAC_ID_SHA256); 700 return (new_list); 701 } 702 703 /* 704 * HMAC algos are listed in priority/preference order find the best HMAC id 705 * to use for the peer based on local support 706 */ 707 uint16_t 708 sctp_negotiate_hmacid(sctp_hmaclist_t * peer, sctp_hmaclist_t * local) 709 { 710 int i, j; 711 712 if ((local == NULL) || (peer == NULL)) 713 return (SCTP_AUTH_HMAC_ID_RSVD); 714 715 for (i = 0; i < peer->num_algo; i++) { 716 for (j = 0; j < local->num_algo; j++) { 717 if (peer->hmac[i] == local->hmac[j]) { 718 #ifndef SCTP_AUTH_DRAFT_04 719 /* "skip" MD5 as it's been deprecated */ 720 if (peer->hmac[i] == SCTP_AUTH_HMAC_ID_MD5) 721 continue; 722 #endif 723 724 /* found the "best" one */ 725 #ifdef SCTP_DEBUG 726 if (SCTP_AUTH_DEBUG) 727 printf("SCTP: negotiated peer HMAC id %u\n", peer->hmac[i]); 728 #endif 729 return (peer->hmac[i]); 730 } 731 } 732 } 733 /* didn't find one! */ 734 return (SCTP_AUTH_HMAC_ID_RSVD); 735 } 736 737 /* 738 * serialize the HMAC algo list and return space used caller must guarantee 739 * ptr has appropriate space 740 */ 741 int 742 sctp_serialize_hmaclist(sctp_hmaclist_t * list, uint8_t * ptr) 743 { 744 int i; 745 uint16_t hmac_id; 746 747 if (list == NULL) 748 return (0); 749 750 for (i = 0; i < list->num_algo; i++) { 751 hmac_id = htons(list->hmac[i]); 752 bcopy(&hmac_id, ptr, sizeof(hmac_id)); 753 ptr += sizeof(hmac_id); 754 } 755 return (list->num_algo * sizeof(hmac_id)); 756 } 757 758 int 759 sctp_verify_hmac_param(struct sctp_auth_hmac_algo *hmacs, uint32_t num_hmacs) 760 { 761 uint32_t i; 762 uint16_t hmac_id; 763 uint32_t sha1_supported = 0; 764 765 for (i = 0; i < num_hmacs; i++) { 766 hmac_id = ntohs(hmacs->hmac_ids[i]); 767 if (hmac_id == SCTP_AUTH_HMAC_ID_SHA1) 768 sha1_supported = 1; 769 } 770 /* all HMAC id's are supported */ 771 if (sha1_supported == 0) 772 return (-1); 773 else 774 return (0); 775 } 776 777 sctp_authinfo_t * 778 sctp_alloc_authinfo(void) 779 { 780 sctp_authinfo_t *new_authinfo; 781 782 SCTP_MALLOC(new_authinfo, sctp_authinfo_t *, sizeof(*new_authinfo), 783 "AUTH info"); 784 if (new_authinfo == NULL) { 785 /* out of memory */ 786 return (NULL); 787 } 788 bzero(&new_authinfo, sizeof(*new_authinfo)); 789 return (new_authinfo); 790 } 791 792 void 793 sctp_free_authinfo(sctp_authinfo_t * authinfo) 794 { 795 if (authinfo == NULL) 796 return; 797 798 if (authinfo->random != NULL) 799 sctp_free_key(authinfo->random); 800 if (authinfo->peer_random != NULL) 801 sctp_free_key(authinfo->peer_random); 802 if (authinfo->assoc_key != NULL) 803 sctp_free_key(authinfo->assoc_key); 804 if (authinfo->recv_key != NULL) 805 sctp_free_key(authinfo->recv_key); 806 807 /* We are NOT dynamically allocating authinfo's right now... */ 808 /* SCTP_FREE(authinfo); */ 809 } 810 811 812 inline uint32_t 813 sctp_get_auth_chunk_len(uint16_t hmac_algo) 814 { 815 int size; 816 817 size = sizeof(struct sctp_auth_chunk) + sctp_get_hmac_digest_len(hmac_algo); 818 return (SCTP_SIZE32(size)); 819 } 820 821 uint32_t 822 sctp_get_hmac_digest_len(uint16_t hmac_algo) 823 { 824 switch (hmac_algo) { 825 case SCTP_AUTH_HMAC_ID_SHA1: 826 return (SCTP_AUTH_DIGEST_LEN_SHA1); 827 case SCTP_AUTH_HMAC_ID_MD5: 828 return (SCTP_AUTH_DIGEST_LEN_MD5); 829 #ifdef HAVE_SHA224 830 case SCTP_AUTH_HMAC_ID_SHA224: 831 return (SCTP_AUTH_DIGEST_LEN_SHA224); 832 #endif 833 #ifdef HAVE_SHA2 834 case SCTP_AUTH_HMAC_ID_SHA256: 835 return (SCTP_AUTH_DIGEST_LEN_SHA256); 836 case SCTP_AUTH_HMAC_ID_SHA384: 837 return (SCTP_AUTH_DIGEST_LEN_SHA384); 838 case SCTP_AUTH_HMAC_ID_SHA512: 839 return (SCTP_AUTH_DIGEST_LEN_SHA512); 840 #endif 841 default: 842 /* unknown HMAC algorithm: can't do anything */ 843 return (0); 844 } /* end switch */ 845 } 846 847 static inline int 848 sctp_get_hmac_block_len(uint16_t hmac_algo) 849 { 850 switch (hmac_algo) { 851 case SCTP_AUTH_HMAC_ID_SHA1: 852 case SCTP_AUTH_HMAC_ID_MD5: 853 #ifdef HAVE_SHA224 854 case SCTP_AUTH_HMAC_ID_SHA224: 855 return (64); 856 #endif 857 #ifdef HAVE_SHA2 858 case SCTP_AUTH_HMAC_ID_SHA256: 859 return (64); 860 case SCTP_AUTH_HMAC_ID_SHA384: 861 case SCTP_AUTH_HMAC_ID_SHA512: 862 return (128); 863 #endif 864 case SCTP_AUTH_HMAC_ID_RSVD: 865 default: 866 /* unknown HMAC algorithm: can't do anything */ 867 return (0); 868 } /* end switch */ 869 } 870 871 static void 872 sctp_hmac_init(uint16_t hmac_algo, sctp_hash_context_t * ctx) 873 { 874 switch (hmac_algo) { 875 case SCTP_AUTH_HMAC_ID_SHA1: 876 SHA1_Init(&ctx->sha1); 877 break; 878 case SCTP_AUTH_HMAC_ID_MD5: 879 MD5_Init(&ctx->md5); 880 break; 881 #ifdef HAVE_SHA224 882 case SCTP_AUTH_HMAC_ID_SHA224: 883 break; 884 #endif 885 #ifdef HAVE_SHA2 886 case SCTP_AUTH_HMAC_ID_SHA256: 887 SHA256_Init(&ctx->sha256); 888 break; 889 case SCTP_AUTH_HMAC_ID_SHA384: 890 SHA384_Init(&ctx->sha384); 891 break; 892 case SCTP_AUTH_HMAC_ID_SHA512: 893 SHA512_Init(&ctx->sha512); 894 break; 895 #endif 896 case SCTP_AUTH_HMAC_ID_RSVD: 897 default: 898 /* unknown HMAC algorithm: can't do anything */ 899 return; 900 } /* end switch */ 901 } 902 903 static void 904 sctp_hmac_update(uint16_t hmac_algo, sctp_hash_context_t * ctx, 905 uint8_t * text, uint32_t textlen) 906 { 907 switch (hmac_algo) { 908 case SCTP_AUTH_HMAC_ID_SHA1: 909 SHA1_Update(&ctx->sha1, text, textlen); 910 break; 911 case SCTP_AUTH_HMAC_ID_MD5: 912 MD5_Update(&ctx->md5, text, textlen); 913 break; 914 #ifdef HAVE_SHA224 915 case SCTP_AUTH_HMAC_ID_SHA224: 916 break; 917 #endif 918 #ifdef HAVE_SHA2 919 case SCTP_AUTH_HMAC_ID_SHA256: 920 SHA256_Update(&ctx->sha256, text, textlen); 921 break; 922 case SCTP_AUTH_HMAC_ID_SHA384: 923 SHA384_Update(&ctx->sha384, text, textlen); 924 break; 925 case SCTP_AUTH_HMAC_ID_SHA512: 926 SHA512_Update(&ctx->sha512, text, textlen); 927 break; 928 #endif 929 case SCTP_AUTH_HMAC_ID_RSVD: 930 default: 931 /* unknown HMAC algorithm: can't do anything */ 932 return; 933 } /* end switch */ 934 } 935 936 static void 937 sctp_hmac_final(uint16_t hmac_algo, sctp_hash_context_t * ctx, 938 uint8_t * digest) 939 { 940 switch (hmac_algo) { 941 case SCTP_AUTH_HMAC_ID_SHA1: 942 SHA1_Final(digest, &ctx->sha1); 943 break; 944 case SCTP_AUTH_HMAC_ID_MD5: 945 MD5_Final(digest, &ctx->md5); 946 break; 947 #ifdef HAVE_SHA224 948 case SCTP_AUTH_HMAC_ID_SHA224: 949 break; 950 #endif 951 #ifdef HAVE_SHA2 952 case SCTP_AUTH_HMAC_ID_SHA256: 953 SHA256_Final(digest, &ctx->sha256); 954 break; 955 case SCTP_AUTH_HMAC_ID_SHA384: 956 /* SHA384 is truncated SHA512 */ 957 SHA384_Final(digest, &ctx->sha384); 958 break; 959 case SCTP_AUTH_HMAC_ID_SHA512: 960 SHA512_Final(digest, &ctx->sha512); 961 break; 962 #endif 963 case SCTP_AUTH_HMAC_ID_RSVD: 964 default: 965 /* unknown HMAC algorithm: can't do anything */ 966 return; 967 } /* end switch */ 968 } 969 970 /* 971 * Keyed-Hashing for Message Authentication: FIPS 198 (RFC 2104) 972 * 973 * Compute the HMAC digest using the desired hash key, text, and HMAC 974 * algorithm. Resulting digest is placed in 'digest' and digest length 975 * is returned, if the HMAC was performed. 976 * 977 * WARNING: it is up to the caller to supply sufficient space to hold the 978 * resultant digest. 979 */ 980 uint32_t 981 sctp_hmac(uint16_t hmac_algo, uint8_t * key, uint32_t keylen, 982 uint8_t * text, uint32_t textlen, uint8_t * digest) 983 { 984 uint32_t digestlen; 985 uint32_t blocklen; 986 sctp_hash_context_t ctx; 987 uint8_t ipad[128], opad[128]; /* keyed hash inner/outer pads */ 988 uint8_t temp[SCTP_AUTH_DIGEST_LEN_MAX]; 989 uint32_t i; 990 991 /* sanity check the material and length */ 992 if ((key == NULL) || (keylen == 0) || (text == NULL) || 993 (textlen == 0) || (digest == NULL)) { 994 /* can't do HMAC with empty key or text or digest store */ 995 return (0); 996 } 997 /* validate the hmac algo and get the digest length */ 998 digestlen = sctp_get_hmac_digest_len(hmac_algo); 999 if (digestlen == 0) 1000 return (0); 1001 1002 /* hash the key if it is longer than the hash block size */ 1003 blocklen = sctp_get_hmac_block_len(hmac_algo); 1004 if (keylen > blocklen) { 1005 sctp_hmac_init(hmac_algo, &ctx); 1006 sctp_hmac_update(hmac_algo, &ctx, key, keylen); 1007 sctp_hmac_final(hmac_algo, &ctx, temp); 1008 /* set the hashed key as the key */ 1009 keylen = digestlen; 1010 key = temp; 1011 } 1012 /* initialize the inner/outer pads with the key and "append" zeroes */ 1013 bzero(ipad, blocklen); 1014 bzero(opad, blocklen); 1015 bcopy(key, ipad, keylen); 1016 bcopy(key, opad, keylen); 1017 1018 /* XOR the key with ipad and opad values */ 1019 for (i = 0; i < blocklen; i++) { 1020 ipad[i] ^= 0x36; 1021 opad[i] ^= 0x5c; 1022 } 1023 1024 /* perform inner hash */ 1025 sctp_hmac_init(hmac_algo, &ctx); 1026 sctp_hmac_update(hmac_algo, &ctx, ipad, blocklen); 1027 sctp_hmac_update(hmac_algo, &ctx, text, textlen); 1028 sctp_hmac_final(hmac_algo, &ctx, temp); 1029 1030 /* perform outer hash */ 1031 sctp_hmac_init(hmac_algo, &ctx); 1032 sctp_hmac_update(hmac_algo, &ctx, opad, blocklen); 1033 sctp_hmac_update(hmac_algo, &ctx, temp, digestlen); 1034 sctp_hmac_final(hmac_algo, &ctx, digest); 1035 1036 return (digestlen); 1037 } 1038 1039 /* mbuf version */ 1040 uint32_t 1041 sctp_hmac_m(uint16_t hmac_algo, uint8_t * key, uint32_t keylen, 1042 struct mbuf *m, uint32_t m_offset, uint8_t * digest) 1043 { 1044 uint32_t digestlen; 1045 uint32_t blocklen; 1046 sctp_hash_context_t ctx; 1047 uint8_t ipad[128], opad[128]; /* keyed hash inner/outer pads */ 1048 uint8_t temp[SCTP_AUTH_DIGEST_LEN_MAX]; 1049 uint32_t i; 1050 struct mbuf *m_tmp; 1051 1052 /* sanity check the material and length */ 1053 if ((key == NULL) || (keylen == 0) || (m == NULL) || (digest == NULL)) { 1054 /* can't do HMAC with empty key or text or digest store */ 1055 return (0); 1056 } 1057 /* validate the hmac algo and get the digest length */ 1058 digestlen = sctp_get_hmac_digest_len(hmac_algo); 1059 if (digestlen == 0) 1060 return (0); 1061 1062 /* hash the key if it is longer than the hash block size */ 1063 blocklen = sctp_get_hmac_block_len(hmac_algo); 1064 if (keylen > blocklen) { 1065 sctp_hmac_init(hmac_algo, &ctx); 1066 sctp_hmac_update(hmac_algo, &ctx, key, keylen); 1067 sctp_hmac_final(hmac_algo, &ctx, temp); 1068 /* set the hashed key as the key */ 1069 keylen = digestlen; 1070 key = temp; 1071 } 1072 /* initialize the inner/outer pads with the key and "append" zeroes */ 1073 bzero(ipad, blocklen); 1074 bzero(opad, blocklen); 1075 bcopy(key, ipad, keylen); 1076 bcopy(key, opad, keylen); 1077 1078 /* XOR the key with ipad and opad values */ 1079 for (i = 0; i < blocklen; i++) { 1080 ipad[i] ^= 0x36; 1081 opad[i] ^= 0x5c; 1082 } 1083 1084 /* perform inner hash */ 1085 sctp_hmac_init(hmac_algo, &ctx); 1086 sctp_hmac_update(hmac_algo, &ctx, ipad, blocklen); 1087 /* find the correct starting mbuf and offset (get start of text) */ 1088 m_tmp = m; 1089 while ((m_tmp != NULL) && (m_offset >= (uint32_t) SCTP_BUF_LEN(m_tmp))) { 1090 m_offset -= SCTP_BUF_LEN(m_tmp); 1091 m_tmp = SCTP_BUF_NEXT(m_tmp); 1092 } 1093 /* now use the rest of the mbuf chain for the text */ 1094 while (m_tmp != NULL) { 1095 sctp_hmac_update(hmac_algo, &ctx, mtod(m_tmp, uint8_t *) + m_offset, 1096 SCTP_BUF_LEN(m_tmp) - m_offset); 1097 1098 /* clear the offset since it's only for the first mbuf */ 1099 m_offset = 0; 1100 m_tmp = SCTP_BUF_NEXT(m_tmp); 1101 } 1102 sctp_hmac_final(hmac_algo, &ctx, temp); 1103 1104 /* perform outer hash */ 1105 sctp_hmac_init(hmac_algo, &ctx); 1106 sctp_hmac_update(hmac_algo, &ctx, opad, blocklen); 1107 sctp_hmac_update(hmac_algo, &ctx, temp, digestlen); 1108 sctp_hmac_final(hmac_algo, &ctx, digest); 1109 1110 return (digestlen); 1111 } 1112 1113 /* 1114 * verify the HMAC digest using the desired hash key, text, and HMAC 1115 * algorithm. Returns -1 on error, 0 on success. 1116 */ 1117 int 1118 sctp_verify_hmac(uint16_t hmac_algo, uint8_t * key, uint32_t keylen, 1119 uint8_t * text, uint32_t textlen, 1120 uint8_t * digest, uint32_t digestlen) 1121 { 1122 uint32_t len; 1123 uint8_t temp[SCTP_AUTH_DIGEST_LEN_MAX]; 1124 1125 /* sanity check the material and length */ 1126 if ((key == NULL) || (keylen == 0) || 1127 (text == NULL) || (textlen == 0) || (digest == NULL)) { 1128 /* can't do HMAC with empty key or text or digest */ 1129 return (-1); 1130 } 1131 len = sctp_get_hmac_digest_len(hmac_algo); 1132 if ((len == 0) || (digestlen != len)) 1133 return (-1); 1134 1135 /* compute the expected hash */ 1136 if (sctp_hmac(hmac_algo, key, keylen, text, textlen, temp) != len) 1137 return (-1); 1138 1139 if (memcmp(digest, temp, digestlen) != 0) 1140 return (-1); 1141 else 1142 return (0); 1143 } 1144 1145 1146 /* 1147 * computes the requested HMAC using a key struct (which may be modified if 1148 * the keylen exceeds the HMAC block len). 1149 */ 1150 uint32_t 1151 sctp_compute_hmac(uint16_t hmac_algo, sctp_key_t * key, uint8_t * text, 1152 uint32_t textlen, uint8_t * digest) 1153 { 1154 uint32_t digestlen; 1155 uint32_t blocklen; 1156 sctp_hash_context_t ctx; 1157 uint8_t temp[SCTP_AUTH_DIGEST_LEN_MAX]; 1158 1159 /* sanity check */ 1160 if ((key == NULL) || (text == NULL) || (textlen == 0) || 1161 (digest == NULL)) { 1162 /* can't do HMAC with empty key or text or digest store */ 1163 return (0); 1164 } 1165 /* validate the hmac algo and get the digest length */ 1166 digestlen = sctp_get_hmac_digest_len(hmac_algo); 1167 if (digestlen == 0) 1168 return (0); 1169 1170 /* hash the key if it is longer than the hash block size */ 1171 blocklen = sctp_get_hmac_block_len(hmac_algo); 1172 if (key->keylen > blocklen) { 1173 sctp_hmac_init(hmac_algo, &ctx); 1174 sctp_hmac_update(hmac_algo, &ctx, key->key, key->keylen); 1175 sctp_hmac_final(hmac_algo, &ctx, temp); 1176 /* save the hashed key as the new key */ 1177 key->keylen = digestlen; 1178 bcopy(temp, key->key, key->keylen); 1179 } 1180 return (sctp_hmac(hmac_algo, key->key, key->keylen, text, textlen, 1181 digest)); 1182 } 1183 1184 /* mbuf version */ 1185 uint32_t 1186 sctp_compute_hmac_m(uint16_t hmac_algo, sctp_key_t * key, struct mbuf *m, 1187 uint32_t m_offset, uint8_t * digest) 1188 { 1189 uint32_t digestlen; 1190 uint32_t blocklen; 1191 sctp_hash_context_t ctx; 1192 uint8_t temp[SCTP_AUTH_DIGEST_LEN_MAX]; 1193 1194 /* sanity check */ 1195 if ((key == NULL) || (m == NULL) || (digest == NULL)) { 1196 /* can't do HMAC with empty key or text or digest store */ 1197 return (0); 1198 } 1199 /* validate the hmac algo and get the digest length */ 1200 digestlen = sctp_get_hmac_digest_len(hmac_algo); 1201 if (digestlen == 0) 1202 return (0); 1203 1204 /* hash the key if it is longer than the hash block size */ 1205 blocklen = sctp_get_hmac_block_len(hmac_algo); 1206 if (key->keylen > blocklen) { 1207 sctp_hmac_init(hmac_algo, &ctx); 1208 sctp_hmac_update(hmac_algo, &ctx, key->key, key->keylen); 1209 sctp_hmac_final(hmac_algo, &ctx, temp); 1210 /* save the hashed key as the new key */ 1211 key->keylen = digestlen; 1212 bcopy(temp, key->key, key->keylen); 1213 } 1214 return (sctp_hmac_m(hmac_algo, key->key, key->keylen, m, m_offset, digest)); 1215 } 1216 1217 int 1218 sctp_auth_is_supported_hmac(sctp_hmaclist_t * list, uint16_t id) 1219 { 1220 int i; 1221 1222 if ((list == NULL) || (id == SCTP_AUTH_HMAC_ID_RSVD)) 1223 return (0); 1224 1225 for (i = 0; i < list->num_algo; i++) 1226 if (list->hmac[i] == id) 1227 return (1); 1228 1229 /* not in the list */ 1230 return (0); 1231 } 1232 1233 1234 /* 1235 * clear any cached key(s) if they match the given key id on an association 1236 * the cached key(s) will be recomputed and re-cached at next use. ASSUMES 1237 * TCB_LOCK is already held 1238 */ 1239 void 1240 sctp_clear_cachedkeys(struct sctp_tcb *stcb, uint16_t keyid) 1241 { 1242 if (stcb == NULL) 1243 return; 1244 1245 if (keyid == stcb->asoc.authinfo.assoc_keyid) { 1246 sctp_free_key(stcb->asoc.authinfo.assoc_key); 1247 stcb->asoc.authinfo.assoc_key = NULL; 1248 } 1249 if (keyid == stcb->asoc.authinfo.recv_keyid) { 1250 sctp_free_key(stcb->asoc.authinfo.recv_key); 1251 stcb->asoc.authinfo.recv_key = NULL; 1252 } 1253 } 1254 1255 /* 1256 * clear any cached key(s) if they match the given key id for all assocs on 1257 * an association ASSUMES INP_WLOCK is already held 1258 */ 1259 void 1260 sctp_clear_cachedkeys_ep(struct sctp_inpcb *inp, uint16_t keyid) 1261 { 1262 struct sctp_tcb *stcb; 1263 1264 if (inp == NULL) 1265 return; 1266 1267 /* clear the cached keys on all assocs on this instance */ 1268 LIST_FOREACH(stcb, &inp->sctp_asoc_list, sctp_tcblist) { 1269 SCTP_TCB_LOCK(stcb); 1270 sctp_clear_cachedkeys(stcb, keyid); 1271 SCTP_TCB_UNLOCK(stcb); 1272 } 1273 } 1274 1275 /* 1276 * delete a shared key from an association ASSUMES TCB_LOCK is already held 1277 */ 1278 int 1279 sctp_delete_sharedkey(struct sctp_tcb *stcb, uint16_t keyid) 1280 { 1281 sctp_sharedkey_t *skey; 1282 1283 if (stcb == NULL) 1284 return (-1); 1285 1286 /* is the keyid the assoc active sending key */ 1287 if (keyid == stcb->asoc.authinfo.assoc_keyid) 1288 return (-1); 1289 1290 /* does the key exist? */ 1291 skey = sctp_find_sharedkey(&stcb->asoc.shared_keys, keyid); 1292 if (skey == NULL) 1293 return (-1); 1294 1295 /* remove it */ 1296 LIST_REMOVE(skey, next); 1297 sctp_free_sharedkey(skey); /* frees skey->key as well */ 1298 1299 /* clear any cached keys */ 1300 sctp_clear_cachedkeys(stcb, keyid); 1301 return (0); 1302 } 1303 1304 /* 1305 * deletes a shared key from the endpoint ASSUMES INP_WLOCK is already held 1306 */ 1307 int 1308 sctp_delete_sharedkey_ep(struct sctp_inpcb *inp, uint16_t keyid) 1309 { 1310 sctp_sharedkey_t *skey; 1311 struct sctp_tcb *stcb; 1312 1313 if (inp == NULL) 1314 return (-1); 1315 1316 /* is the keyid the active sending key on the endpoint or any assoc */ 1317 if (keyid == inp->sctp_ep.default_keyid) 1318 return (-1); 1319 LIST_FOREACH(stcb, &inp->sctp_asoc_list, sctp_tcblist) { 1320 SCTP_TCB_LOCK(stcb); 1321 if (keyid == stcb->asoc.authinfo.assoc_keyid) { 1322 SCTP_TCB_UNLOCK(stcb); 1323 return (-1); 1324 } 1325 SCTP_TCB_UNLOCK(stcb); 1326 } 1327 1328 /* does the key exist? */ 1329 skey = sctp_find_sharedkey(&inp->sctp_ep.shared_keys, keyid); 1330 if (skey == NULL) 1331 return (-1); 1332 1333 /* remove it */ 1334 LIST_REMOVE(skey, next); 1335 sctp_free_sharedkey(skey); /* frees skey->key as well */ 1336 1337 /* clear any cached keys */ 1338 sctp_clear_cachedkeys_ep(inp, keyid); 1339 return (0); 1340 } 1341 1342 /* 1343 * set the active key on an association ASSUME TCB_LOCK is already held 1344 */ 1345 int 1346 sctp_auth_setactivekey(struct sctp_tcb *stcb, uint16_t keyid) 1347 { 1348 sctp_sharedkey_t *skey = NULL; 1349 sctp_key_t *key = NULL; 1350 int using_ep_key = 0; 1351 1352 /* find the key on the assoc */ 1353 skey = sctp_find_sharedkey(&stcb->asoc.shared_keys, keyid); 1354 if (skey == NULL) { 1355 /* if not on the assoc, find the key on the endpoint */ 1356 SCTP_INP_RLOCK(stcb->sctp_ep); 1357 skey = sctp_find_sharedkey(&stcb->sctp_ep->sctp_ep.shared_keys, 1358 keyid); 1359 using_ep_key = 1; 1360 } 1361 if (skey == NULL) { 1362 /* that key doesn't exist */ 1363 if (using_ep_key) 1364 SCTP_INP_RUNLOCK(stcb->sctp_ep); 1365 return (-1); 1366 } 1367 /* get the shared key text */ 1368 key = skey->key; 1369 1370 /* free any existing cached key */ 1371 if (stcb->asoc.authinfo.assoc_key != NULL) 1372 sctp_free_key(stcb->asoc.authinfo.assoc_key); 1373 /* compute a new assoc key and cache it */ 1374 stcb->asoc.authinfo.assoc_key = 1375 sctp_compute_hashkey(stcb->asoc.authinfo.random, 1376 stcb->asoc.authinfo.peer_random, key); 1377 stcb->asoc.authinfo.assoc_keyid = keyid; 1378 #ifdef SCTP_DEBUG 1379 if (SCTP_AUTH_DEBUG) 1380 sctp_print_key(stcb->asoc.authinfo.assoc_key, "Assoc Key"); 1381 #endif 1382 1383 if (using_ep_key) 1384 SCTP_INP_RUNLOCK(stcb->sctp_ep); 1385 return (0); 1386 } 1387 1388 /* 1389 * set the active key on an endpoint ASSUMES INP_WLOCK is already held 1390 */ 1391 int 1392 sctp_auth_setactivekey_ep(struct sctp_inpcb *inp, uint16_t keyid) 1393 { 1394 sctp_sharedkey_t *skey; 1395 1396 /* find the key */ 1397 skey = sctp_find_sharedkey(&inp->sctp_ep.shared_keys, keyid); 1398 if (skey == NULL) { 1399 /* that key doesn't exist */ 1400 return (-1); 1401 } 1402 inp->sctp_ep.default_keyid = keyid; 1403 return (0); 1404 } 1405 1406 /* 1407 * get local authentication parameters from cookie (from INIT-ACK) 1408 */ 1409 void 1410 sctp_auth_get_cookie_params(struct sctp_tcb *stcb, struct mbuf *m, 1411 uint32_t offset, uint32_t length) 1412 { 1413 struct sctp_paramhdr *phdr, tmp_param; 1414 uint16_t plen, ptype; 1415 uint8_t random_store[SCTP_PARAM_BUFFER_SIZE]; 1416 struct sctp_auth_random *p_random = NULL; 1417 uint16_t random_len = 0; 1418 uint8_t hmacs_store[SCTP_PARAM_BUFFER_SIZE]; 1419 struct sctp_auth_hmac_algo *hmacs = NULL; 1420 uint16_t hmacs_len = 0; 1421 uint8_t chunks_store[SCTP_PARAM_BUFFER_SIZE]; 1422 struct sctp_auth_chunk_list *chunks = NULL; 1423 uint16_t num_chunks = 0; 1424 sctp_key_t *new_key; 1425 uint32_t keylen; 1426 1427 /* convert to upper bound */ 1428 length += offset; 1429 1430 phdr = (struct sctp_paramhdr *)sctp_m_getptr(m, offset, 1431 sizeof(struct sctp_paramhdr), (uint8_t *) & tmp_param); 1432 while (phdr != NULL) { 1433 ptype = ntohs(phdr->param_type); 1434 plen = ntohs(phdr->param_length); 1435 1436 if ((plen == 0) || (offset + plen > length)) 1437 break; 1438 1439 if (ptype == SCTP_RANDOM) { 1440 if (plen > sizeof(random_store)) 1441 break; 1442 phdr = sctp_get_next_param(m, offset, 1443 (struct sctp_paramhdr *)random_store, plen); 1444 if (phdr == NULL) 1445 return; 1446 /* save the random and length for the key */ 1447 p_random = (struct sctp_auth_random *)phdr; 1448 random_len = plen - sizeof(*p_random); 1449 } else if (ptype == SCTP_HMAC_LIST) { 1450 int num_hmacs; 1451 int i; 1452 1453 if (plen > sizeof(hmacs_store)) 1454 break; 1455 phdr = sctp_get_next_param(m, offset, 1456 (struct sctp_paramhdr *)hmacs_store, plen); 1457 if (phdr == NULL) 1458 return; 1459 /* save the hmacs list and num for the key */ 1460 hmacs = (struct sctp_auth_hmac_algo *)phdr; 1461 hmacs_len = plen - sizeof(*hmacs); 1462 num_hmacs = hmacs_len / sizeof(hmacs->hmac_ids[0]); 1463 if (stcb->asoc.local_hmacs != NULL) 1464 sctp_free_hmaclist(stcb->asoc.local_hmacs); 1465 stcb->asoc.local_hmacs = sctp_alloc_hmaclist(num_hmacs); 1466 if (stcb->asoc.local_hmacs != NULL) { 1467 for (i = 0; i < num_hmacs; i++) { 1468 sctp_auth_add_hmacid(stcb->asoc.local_hmacs, 1469 ntohs(hmacs->hmac_ids[i])); 1470 } 1471 } 1472 } else if (ptype == SCTP_CHUNK_LIST) { 1473 int i; 1474 1475 if (plen > sizeof(chunks_store)) 1476 break; 1477 phdr = sctp_get_next_param(m, offset, 1478 (struct sctp_paramhdr *)chunks_store, plen); 1479 if (phdr == NULL) 1480 return; 1481 chunks = (struct sctp_auth_chunk_list *)phdr; 1482 num_chunks = plen - sizeof(*chunks); 1483 /* save chunks list and num for the key */ 1484 if (stcb->asoc.local_auth_chunks != NULL) 1485 sctp_clear_chunklist(stcb->asoc.local_auth_chunks); 1486 else 1487 stcb->asoc.local_auth_chunks = sctp_alloc_chunklist(); 1488 for (i = 0; i < num_chunks; i++) { 1489 sctp_auth_add_chunk(chunks->chunk_types[i], 1490 stcb->asoc.local_auth_chunks); 1491 } 1492 } 1493 /* get next parameter */ 1494 offset += SCTP_SIZE32(plen); 1495 if (offset + sizeof(struct sctp_paramhdr) > length) 1496 break; 1497 phdr = (struct sctp_paramhdr *)sctp_m_getptr(m, offset, sizeof(struct sctp_paramhdr), 1498 (uint8_t *) & tmp_param); 1499 } 1500 /* concatenate the full random key */ 1501 #ifdef SCTP_AUTH_DRAFT_04 1502 keylen = random_len; 1503 new_key = sctp_alloc_key(keylen); 1504 if (new_key != NULL) { 1505 /* copy in the RANDOM */ 1506 if (p_random != NULL) 1507 bcopy(p_random->random_data, new_key->key, random_len); 1508 } 1509 #else 1510 keylen = sizeof(*p_random) + random_len + sizeof(*chunks) + num_chunks + 1511 sizeof(*hmacs) + hmacs_len; 1512 new_key = sctp_alloc_key(keylen); 1513 if (new_key != NULL) { 1514 /* copy in the RANDOM */ 1515 if (p_random != NULL) { 1516 keylen = sizeof(*p_random) + random_len; 1517 bcopy(p_random, new_key->key, keylen); 1518 } 1519 /* append in the AUTH chunks */ 1520 if (chunks != NULL) { 1521 bcopy(chunks, new_key->key + keylen, 1522 sizeof(*chunks) + num_chunks); 1523 keylen += sizeof(*chunks) + num_chunks; 1524 } 1525 /* append in the HMACs */ 1526 if (hmacs != NULL) { 1527 bcopy(hmacs, new_key->key + keylen, 1528 sizeof(*hmacs) + hmacs_len); 1529 } 1530 } 1531 #endif 1532 if (stcb->asoc.authinfo.random != NULL) 1533 sctp_free_key(stcb->asoc.authinfo.random); 1534 stcb->asoc.authinfo.random = new_key; 1535 stcb->asoc.authinfo.random_len = random_len; 1536 #ifdef SCTP_AUTH_DRAFT_04 1537 /* don't include the chunks and hmacs for draft -04 */ 1538 stcb->asoc.authinfo.random->keylen = random_len; 1539 #endif 1540 sctp_clear_cachedkeys(stcb, stcb->asoc.authinfo.assoc_keyid); 1541 sctp_clear_cachedkeys(stcb, stcb->asoc.authinfo.recv_keyid); 1542 1543 /* negotiate what HMAC to use for the peer */ 1544 stcb->asoc.peer_hmac_id = sctp_negotiate_hmacid(stcb->asoc.peer_hmacs, 1545 stcb->asoc.local_hmacs); 1546 /* copy defaults from the endpoint */ 1547 /* FIX ME: put in cookie? */ 1548 stcb->asoc.authinfo.assoc_keyid = stcb->sctp_ep->sctp_ep.default_keyid; 1549 } 1550 1551 /* 1552 * compute and fill in the HMAC digest for a packet 1553 */ 1554 void 1555 sctp_fill_hmac_digest_m(struct mbuf *m, uint32_t auth_offset, 1556 struct sctp_auth_chunk *auth, struct sctp_tcb *stcb) 1557 { 1558 uint32_t digestlen; 1559 sctp_sharedkey_t *skey; 1560 sctp_key_t *key; 1561 1562 if ((stcb == NULL) || (auth == NULL)) 1563 return; 1564 1565 /* zero the digest + chunk padding */ 1566 digestlen = sctp_get_hmac_digest_len(stcb->asoc.peer_hmac_id); 1567 bzero(auth->hmac, SCTP_SIZE32(digestlen)); 1568 /* is an assoc key cached? */ 1569 if (stcb->asoc.authinfo.assoc_key == NULL) { 1570 skey = sctp_find_sharedkey(&stcb->asoc.shared_keys, 1571 stcb->asoc.authinfo.assoc_keyid); 1572 if (skey == NULL) { 1573 /* not in the assoc list, so check the endpoint list */ 1574 skey = sctp_find_sharedkey(&stcb->sctp_ep->sctp_ep.shared_keys, 1575 stcb->asoc.authinfo.assoc_keyid); 1576 } 1577 /* the only way skey is NULL is if null key id 0 is used */ 1578 if (skey != NULL) 1579 key = skey->key; 1580 else 1581 key = NULL; 1582 /* compute a new assoc key and cache it */ 1583 stcb->asoc.authinfo.assoc_key = 1584 sctp_compute_hashkey(stcb->asoc.authinfo.random, 1585 stcb->asoc.authinfo.peer_random, key); 1586 #ifdef SCTP_DEBUG 1587 if (SCTP_AUTH_DEBUG) { 1588 printf("caching key id %u\n", 1589 stcb->asoc.authinfo.assoc_keyid); 1590 sctp_print_key(stcb->asoc.authinfo.assoc_key, "Assoc Key"); 1591 } 1592 #endif 1593 } 1594 /* set in the active key id */ 1595 auth->shared_key_id = htons(stcb->asoc.authinfo.assoc_keyid); 1596 1597 /* compute and fill in the digest */ 1598 (void)sctp_compute_hmac_m(stcb->asoc.peer_hmac_id, 1599 stcb->asoc.authinfo.assoc_key, 1600 m, auth_offset, auth->hmac); 1601 } 1602 1603 1604 static void 1605 sctp_bzero_m(struct mbuf *m, uint32_t m_offset, uint32_t size) 1606 { 1607 struct mbuf *m_tmp; 1608 uint8_t *data; 1609 1610 /* sanity check */ 1611 if (m == NULL) 1612 return; 1613 1614 /* find the correct starting mbuf and offset (get start position) */ 1615 m_tmp = m; 1616 while ((m_tmp != NULL) && (m_offset >= (uint32_t) SCTP_BUF_LEN(m_tmp))) { 1617 m_offset -= SCTP_BUF_LEN(m_tmp); 1618 m_tmp = SCTP_BUF_NEXT(m_tmp); 1619 } 1620 /* now use the rest of the mbuf chain */ 1621 while ((m_tmp != NULL) && (size > 0)) { 1622 data = mtod(m_tmp, uint8_t *) + m_offset; 1623 if (size > (uint32_t) SCTP_BUF_LEN(m_tmp)) { 1624 bzero(data, SCTP_BUF_LEN(m_tmp)); 1625 size -= SCTP_BUF_LEN(m_tmp); 1626 } else { 1627 bzero(data, size); 1628 size = 0; 1629 } 1630 /* clear the offset since it's only for the first mbuf */ 1631 m_offset = 0; 1632 m_tmp = SCTP_BUF_NEXT(m_tmp); 1633 } 1634 } 1635 1636 /* 1637 * process the incoming Authentication chunk return codes: -1 on any 1638 * authentication error 0 on authentication verification 1639 */ 1640 int 1641 sctp_handle_auth(struct sctp_tcb *stcb, struct sctp_auth_chunk *auth, 1642 struct mbuf *m, uint32_t offset) 1643 { 1644 uint16_t chunklen; 1645 uint16_t shared_key_id; 1646 uint16_t hmac_id; 1647 sctp_sharedkey_t *skey; 1648 uint32_t digestlen; 1649 uint8_t digest[SCTP_AUTH_DIGEST_LEN_MAX]; 1650 uint8_t computed_digest[SCTP_AUTH_DIGEST_LEN_MAX]; 1651 1652 /* auth is checked for NULL by caller */ 1653 chunklen = ntohs(auth->ch.chunk_length); 1654 if (chunklen < sizeof(*auth)) { 1655 SCTP_STAT_INCR(sctps_recvauthfailed); 1656 return (-1); 1657 } 1658 SCTP_STAT_INCR(sctps_recvauth); 1659 1660 /* get the auth params */ 1661 shared_key_id = ntohs(auth->shared_key_id); 1662 hmac_id = ntohs(auth->hmac_id); 1663 #ifdef SCTP_DEBUG 1664 if (SCTP_AUTH_DEBUG) 1665 printf("SCTP AUTH Chunk: shared key %u, HMAC id %u\n", 1666 shared_key_id, hmac_id); 1667 #endif 1668 1669 /* is the indicated HMAC supported? */ 1670 if (!sctp_auth_is_supported_hmac(stcb->asoc.local_hmacs, hmac_id)) { 1671 struct mbuf *m_err; 1672 struct sctp_auth_invalid_hmac *err; 1673 1674 SCTP_STAT_INCR(sctps_recvivalhmacid); 1675 #ifdef SCTP_DEBUG 1676 if (SCTP_AUTH_DEBUG) 1677 printf("SCTP Auth: unsupported HMAC id %u\n", hmac_id); 1678 #endif 1679 /* 1680 * report this in an Error Chunk: Unsupported HMAC 1681 * Identifier 1682 */ 1683 m_err = sctp_get_mbuf_for_msg(sizeof(*err), 0, M_DONTWAIT, 1, MT_HEADER); 1684 if (m_err != NULL) { 1685 /* pre-reserve some space */ 1686 SCTP_BUF_RESV_UF(m_err, sizeof(struct sctp_chunkhdr)); 1687 /* fill in the error */ 1688 err = mtod(m_err, struct sctp_auth_invalid_hmac *); 1689 bzero(err, sizeof(*err)); 1690 err->ph.param_type = htons(SCTP_CAUSE_UNSUPPORTED_HMACID); 1691 err->ph.param_length = htons(sizeof(*err)); 1692 err->hmac_id = ntohs(hmac_id); 1693 SCTP_BUF_LEN(m_err) = sizeof(*err); 1694 /* queue it */ 1695 sctp_queue_op_err(stcb, m_err); 1696 } 1697 return (-1); 1698 } 1699 /* get the indicated shared key, if available */ 1700 if ((stcb->asoc.authinfo.recv_key == NULL) || 1701 (stcb->asoc.authinfo.recv_keyid != shared_key_id)) { 1702 /* find the shared key on the assoc first */ 1703 skey = sctp_find_sharedkey(&stcb->asoc.shared_keys, shared_key_id); 1704 if (skey == NULL) { 1705 /* if not on the assoc, find it on the endpoint */ 1706 skey = sctp_find_sharedkey(&stcb->sctp_ep->sctp_ep.shared_keys, 1707 shared_key_id); 1708 } 1709 /* if the shared key isn't found, discard the chunk */ 1710 if (skey == NULL) { 1711 SCTP_STAT_INCR(sctps_recvivalkeyid); 1712 #ifdef SCTP_DEBUG 1713 if (SCTP_AUTH_DEBUG) 1714 printf("SCTP Auth: unknown key id %u\n", 1715 shared_key_id); 1716 #endif 1717 return (-1); 1718 } 1719 /* generate a notification if this is a new key id */ 1720 if (stcb->asoc.authinfo.recv_keyid != shared_key_id) 1721 /* 1722 * sctp_ulp_notify(SCTP_NOTIFY_AUTH_NEW_KEY, stcb, 1723 * shared_key_id, (void 1724 * *)stcb->asoc.authinfo.recv_keyid); 1725 */ 1726 sctp_notify_authentication(stcb, SCTP_AUTH_NEWKEY, 1727 shared_key_id, stcb->asoc.authinfo.recv_keyid); 1728 /* compute a new recv assoc key and cache it */ 1729 if (stcb->asoc.authinfo.recv_key != NULL) 1730 sctp_free_key(stcb->asoc.authinfo.recv_key); 1731 stcb->asoc.authinfo.recv_key = 1732 sctp_compute_hashkey(stcb->asoc.authinfo.random, 1733 stcb->asoc.authinfo.peer_random, skey->key); 1734 stcb->asoc.authinfo.recv_keyid = shared_key_id; 1735 #ifdef SCTP_DEBUG 1736 if (SCTP_AUTH_DEBUG) 1737 sctp_print_key(stcb->asoc.authinfo.recv_key, "Recv Key"); 1738 #endif 1739 } 1740 /* validate the digest length */ 1741 digestlen = sctp_get_hmac_digest_len(hmac_id); 1742 if (chunklen < (sizeof(*auth) + digestlen)) { 1743 /* invalid digest length */ 1744 SCTP_STAT_INCR(sctps_recvauthfailed); 1745 #ifdef SCTP_DEBUG 1746 if (SCTP_AUTH_DEBUG) 1747 printf("SCTP Auth: chunk too short for HMAC\n"); 1748 #endif 1749 return (-1); 1750 } 1751 /* save a copy of the digest, zero the pseudo header, and validate */ 1752 bcopy(auth->hmac, digest, digestlen); 1753 sctp_bzero_m(m, offset + sizeof(*auth), SCTP_SIZE32(digestlen)); 1754 (void)sctp_compute_hmac_m(hmac_id, stcb->asoc.authinfo.recv_key, 1755 m, offset, computed_digest); 1756 1757 /* compare the computed digest with the one in the AUTH chunk */ 1758 if (memcmp(digest, computed_digest, digestlen) != 0) { 1759 SCTP_STAT_INCR(sctps_recvauthfailed); 1760 #ifdef SCTP_DEBUG 1761 if (SCTP_AUTH_DEBUG) 1762 printf("SCTP Auth: HMAC digest check failed\n"); 1763 #endif 1764 return (-1); 1765 } 1766 return (0); 1767 } 1768 1769 /* 1770 * Generate NOTIFICATION 1771 */ 1772 void 1773 sctp_notify_authentication(struct sctp_tcb *stcb, uint32_t indication, 1774 uint16_t keyid, uint16_t alt_keyid) 1775 { 1776 struct mbuf *m_notify; 1777 struct sctp_authkey_event *auth; 1778 struct sctp_queued_to_read *control; 1779 1780 if (sctp_is_feature_off(stcb->sctp_ep, SCTP_PCB_FLAGS_AUTHEVNT)) 1781 /* event not enabled */ 1782 return; 1783 1784 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_authkey_event), 1785 0, M_DONTWAIT, 1, MT_HEADER); 1786 if (m_notify == NULL) 1787 /* no space left */ 1788 return; 1789 1790 SCTP_BUF_LEN(m_notify) = 0; 1791 auth = mtod(m_notify, struct sctp_authkey_event *); 1792 auth->auth_type = SCTP_AUTHENTICATION_EVENT; 1793 auth->auth_flags = 0; 1794 auth->auth_length = sizeof(*auth); 1795 auth->auth_keynumber = keyid; 1796 auth->auth_altkeynumber = alt_keyid; 1797 auth->auth_indication = indication; 1798 auth->auth_assoc_id = sctp_get_associd(stcb); 1799 1800 SCTP_BUF_LEN(m_notify) = sizeof(*auth); 1801 SCTP_BUF_NEXT(m_notify) = NULL; 1802 1803 /* append to socket */ 1804 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 1805 0, 0, 0, 0, 0, 0, m_notify); 1806 if (control == NULL) { 1807 /* no memory */ 1808 sctp_m_freem(m_notify); 1809 return; 1810 } 1811 control->spec_flags = M_NOTIFICATION; 1812 control->length = SCTP_BUF_LEN(m_notify); 1813 /* not that we need this */ 1814 control->tail_mbuf = m_notify; 1815 sctp_add_to_readq(stcb->sctp_ep, stcb, control, 1816 &stcb->sctp_socket->so_rcv, 1); 1817 } 1818 1819 1820 /* 1821 * validates the AUTHentication related parameters in an INIT/INIT-ACK 1822 * Note: currently only used for INIT as INIT-ACK is handled inline 1823 * with sctp_load_addresses_from_init() 1824 */ 1825 int 1826 sctp_validate_init_auth_params(struct mbuf *m, int offset, int limit) 1827 { 1828 struct sctp_paramhdr *phdr, parm_buf; 1829 uint16_t ptype, plen; 1830 int peer_supports_asconf = 0; 1831 int peer_supports_auth = 0; 1832 int got_random = 0, got_hmacs = 0, got_chklist = 0; 1833 1834 /* go through each of the params. */ 1835 phdr = sctp_get_next_param(m, offset, &parm_buf, sizeof(parm_buf)); 1836 while (phdr) { 1837 ptype = ntohs(phdr->param_type); 1838 plen = ntohs(phdr->param_length); 1839 1840 if (offset + plen > limit) { 1841 break; 1842 } 1843 if (plen == 0) { 1844 break; 1845 } 1846 if (ptype == SCTP_SUPPORTED_CHUNK_EXT) { 1847 /* A supported extension chunk */ 1848 struct sctp_supported_chunk_types_param *pr_supported; 1849 uint8_t local_store[SCTP_PARAM_BUFFER_SIZE]; 1850 int num_ent, i; 1851 1852 phdr = sctp_get_next_param(m, offset, 1853 (struct sctp_paramhdr *)&local_store, plen); 1854 if (phdr == NULL) { 1855 return (-1); 1856 } 1857 pr_supported = (struct sctp_supported_chunk_types_param *)phdr; 1858 num_ent = plen - sizeof(struct sctp_paramhdr); 1859 for (i = 0; i < num_ent; i++) { 1860 switch (pr_supported->chunk_types[i]) { 1861 case SCTP_ASCONF: 1862 case SCTP_ASCONF_ACK: 1863 peer_supports_asconf = 1; 1864 break; 1865 case SCTP_AUTHENTICATION: 1866 peer_supports_auth = 1; 1867 break; 1868 default: 1869 /* one we don't care about */ 1870 break; 1871 } 1872 } 1873 } else if (ptype == SCTP_RANDOM) { 1874 got_random = 1; 1875 /* enforce the random length */ 1876 if (plen != (sizeof(struct sctp_auth_random) + 1877 SCTP_AUTH_RANDOM_SIZE_REQUIRED)) { 1878 #ifdef SCTP_DEBUG 1879 if (sctp_debug_on & SCTP_DEBUG_AUTH1) 1880 printf("SCTP: invalid RANDOM len\n"); 1881 #endif 1882 return (-1); 1883 } 1884 } else if (ptype == SCTP_HMAC_LIST) { 1885 uint8_t store[SCTP_PARAM_BUFFER_SIZE]; 1886 struct sctp_auth_hmac_algo *hmacs; 1887 int num_hmacs; 1888 1889 if (plen > sizeof(store)) 1890 break; 1891 phdr = sctp_get_next_param(m, offset, 1892 (struct sctp_paramhdr *)store, plen); 1893 if (phdr == NULL) 1894 return (-1); 1895 hmacs = (struct sctp_auth_hmac_algo *)phdr; 1896 num_hmacs = (plen - sizeof(*hmacs)) / 1897 sizeof(hmacs->hmac_ids[0]); 1898 /* validate the hmac list */ 1899 if (sctp_verify_hmac_param(hmacs, num_hmacs)) { 1900 #ifdef SCTP_DEBUG 1901 if (sctp_debug_on & SCTP_DEBUG_AUTH1) 1902 printf("SCTP: invalid HMAC param\n"); 1903 #endif 1904 return (-1); 1905 } 1906 got_hmacs = 1; 1907 } else if (ptype == SCTP_CHUNK_LIST) { 1908 /* did the peer send a non-empty chunk list? */ 1909 if (plen > 0) 1910 got_chklist = 1; 1911 } 1912 offset += SCTP_SIZE32(plen); 1913 if (offset >= limit) { 1914 break; 1915 } 1916 phdr = sctp_get_next_param(m, offset, &parm_buf, 1917 sizeof(parm_buf)); 1918 } 1919 /* validate authentication required parameters */ 1920 if (got_random && got_hmacs) { 1921 peer_supports_auth = 1; 1922 } else { 1923 peer_supports_auth = 0; 1924 } 1925 if (!peer_supports_auth && got_chklist) { 1926 #ifdef SCTP_DEBUG 1927 if (sctp_debug_on & SCTP_DEBUG_AUTH1) 1928 printf("SCTP: peer sent chunk list w/o AUTH\n"); 1929 #endif 1930 return (-1); 1931 } 1932 if (!sctp_asconf_auth_nochk && peer_supports_asconf && 1933 !peer_supports_auth) { 1934 #ifdef SCTP_DEBUG 1935 if (sctp_debug_on & SCTP_DEBUG_AUTH1) 1936 printf("SCTP: peer supports ASCONF but not AUTH\n"); 1937 #endif 1938 return (-1); 1939 } 1940 return (0); 1941 } 1942 1943 void 1944 sctp_initialize_auth_params(struct sctp_inpcb *inp, struct sctp_tcb *stcb) 1945 { 1946 uint16_t chunks_len = 0; 1947 uint16_t hmacs_len = 0; 1948 uint16_t random_len = SCTP_AUTH_RANDOM_SIZE_DEFAULT; 1949 sctp_key_t *new_key; 1950 uint16_t keylen; 1951 1952 /* initialize hmac list from endpoint */ 1953 stcb->asoc.local_hmacs = sctp_copy_hmaclist(inp->sctp_ep.local_hmacs); 1954 if (stcb->asoc.local_hmacs != NULL) { 1955 hmacs_len = stcb->asoc.local_hmacs->num_algo * 1956 sizeof(stcb->asoc.local_hmacs->hmac[0]); 1957 } 1958 /* initialize auth chunks list from endpoint */ 1959 stcb->asoc.local_auth_chunks = 1960 sctp_copy_chunklist(inp->sctp_ep.local_auth_chunks); 1961 if (stcb->asoc.local_auth_chunks != NULL) { 1962 int i; 1963 1964 for (i = 0; i < 256; i++) { 1965 if (stcb->asoc.local_auth_chunks->chunks[i]) 1966 chunks_len++; 1967 } 1968 } 1969 /* copy defaults from the endpoint */ 1970 stcb->asoc.authinfo.assoc_keyid = inp->sctp_ep.default_keyid; 1971 1972 /* now set the concatenated key (random + chunks + hmacs) */ 1973 #ifdef SCTP_AUTH_DRAFT_04 1974 /* don't include the chunks and hmacs for draft -04 */ 1975 keylen = random_len; 1976 new_key = sctp_generate_random_key(keylen); 1977 #else 1978 /* key includes parameter headers */ 1979 keylen = (3 * sizeof(struct sctp_paramhdr)) + random_len + chunks_len + 1980 hmacs_len; 1981 new_key = sctp_alloc_key(keylen); 1982 if (new_key != NULL) { 1983 struct sctp_paramhdr *ph; 1984 int plen; 1985 1986 /* generate and copy in the RANDOM */ 1987 ph = (struct sctp_paramhdr *)new_key->key; 1988 ph->param_type = htons(SCTP_RANDOM); 1989 plen = sizeof(*ph) + random_len; 1990 ph->param_length = htons(plen); 1991 SCTP_READ_RANDOM(new_key->key + sizeof(*ph), random_len); 1992 keylen = plen; 1993 1994 /* append in the AUTH chunks */ 1995 /* NOTE: currently we always have chunks to list */ 1996 ph = (struct sctp_paramhdr *)(new_key->key + keylen); 1997 ph->param_type = htons(SCTP_CHUNK_LIST); 1998 plen = sizeof(*ph) + chunks_len; 1999 ph->param_length = htons(plen); 2000 keylen += sizeof(*ph); 2001 if (stcb->asoc.local_auth_chunks) { 2002 int i; 2003 2004 for (i = 0; i < 256; i++) { 2005 if (stcb->asoc.local_auth_chunks->chunks[i]) 2006 new_key->key[keylen++] = i; 2007 } 2008 } 2009 /* append in the HMACs */ 2010 ph = (struct sctp_paramhdr *)(new_key->key + keylen); 2011 ph->param_type = htons(SCTP_HMAC_LIST); 2012 plen = sizeof(*ph) + hmacs_len; 2013 ph->param_length = htons(plen); 2014 keylen += sizeof(*ph); 2015 sctp_serialize_hmaclist(stcb->asoc.local_hmacs, 2016 new_key->key + keylen); 2017 } 2018 #endif 2019 if (stcb->asoc.authinfo.random != NULL) 2020 sctp_free_key(stcb->asoc.authinfo.random); 2021 stcb->asoc.authinfo.random = new_key; 2022 stcb->asoc.authinfo.random_len = random_len; 2023 } 2024 2025 2026 #ifdef SCTP_HMAC_TEST 2027 /* 2028 * HMAC and key concatenation tests 2029 */ 2030 static void 2031 sctp_print_digest(uint8_t * digest, uint32_t digestlen, const char *str) 2032 { 2033 uint32_t i; 2034 2035 printf("\n%s: 0x", str); 2036 if (digest == NULL) 2037 return; 2038 2039 for (i = 0; i < digestlen; i++) 2040 printf("%02x", digest[i]); 2041 } 2042 2043 static int 2044 sctp_test_hmac(const char *str, uint16_t hmac_id, uint8_t * key, 2045 uint32_t keylen, uint8_t * text, uint32_t textlen, 2046 uint8_t * digest, uint32_t digestlen) 2047 { 2048 uint8_t computed_digest[SCTP_AUTH_DIGEST_LEN_MAX]; 2049 2050 printf("\n%s:", str); 2051 sctp_hmac(hmac_id, key, keylen, text, textlen, computed_digest); 2052 sctp_print_digest(digest, digestlen, "Expected digest"); 2053 sctp_print_digest(computed_digest, digestlen, "Computed digest"); 2054 if (memcmp(digest, computed_digest, digestlen) != 0) { 2055 printf("\nFAILED"); 2056 return (-1); 2057 } else { 2058 printf("\nPASSED"); 2059 return (0); 2060 } 2061 } 2062 2063 2064 /* 2065 * RFC 2202: HMAC-SHA1 test cases 2066 */ 2067 void 2068 sctp_test_hmac_sha1(void) 2069 { 2070 uint8_t *digest; 2071 uint8_t key[128]; 2072 uint32_t keylen; 2073 uint8_t text[128]; 2074 uint32_t textlen; 2075 uint32_t digestlen = 20; 2076 int failed = 0; 2077 2078 /* 2079 * test_case = 1 key = 2080 * 0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b key_len = 20 2081 * data = "Hi There" data_len = 8 digest = 2082 * 0xb617318655057264e28bc0b6fb378c8ef146be00 2083 */ 2084 keylen = 20; 2085 memset(key, 0x0b, keylen); 2086 textlen = 8; 2087 strcpy(text, "Hi There"); 2088 digest = "\xb6\x17\x31\x86\x55\x05\x72\x64\xe2\x8b\xc0\xb6\xfb\x37\x8c\x8e\xf1\x46\xbe\x00"; 2089 if (sctp_test_hmac("SHA1 test case 1", SCTP_AUTH_HMAC_ID_SHA1, key, keylen, 2090 text, textlen, digest, digestlen) < 0) 2091 failed++; 2092 2093 /* 2094 * test_case = 2 key = "Jefe" key_len = 4 data = 2095 * "what do ya want for nothing?" data_len = 28 digest = 2096 * 0xeffcdf6ae5eb2fa2d27416d5f184df9c259a7c79 2097 */ 2098 keylen = 4; 2099 strcpy(key, "Jefe"); 2100 textlen = 28; 2101 strcpy(text, "what do ya want for nothing?"); 2102 digest = "\xef\xfc\xdf\x6a\xe5\xeb\x2f\xa2\xd2\x74\x16\xd5\xf1\x84\xdf\x9c\x25\x9a\x7c\x79"; 2103 if (sctp_test_hmac("SHA1 test case 2", SCTP_AUTH_HMAC_ID_SHA1, key, keylen, 2104 text, textlen, digest, digestlen) < 0) 2105 failed++; 2106 2107 /* 2108 * test_case = 3 key = 2109 * 0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa key_len = 20 2110 * data = 0xdd repeated 50 times data_len = 50 digest 2111 * = 0x125d7342b9ac11cd91a39af48aa17b4f63f175d3 2112 */ 2113 keylen = 20; 2114 memset(key, 0xaa, keylen); 2115 textlen = 50; 2116 memset(text, 0xdd, textlen); 2117 digest = "\x12\x5d\x73\x42\xb9\xac\x11\xcd\x91\xa3\x9a\xf4\x8a\xa1\x7b\x4f\x63\xf1\x75\xd3"; 2118 if (sctp_test_hmac("SHA1 test case 3", SCTP_AUTH_HMAC_ID_SHA1, key, keylen, 2119 text, textlen, digest, digestlen) < 0) 2120 failed++; 2121 2122 /* 2123 * test_case = 4 key = 2124 * 0x0102030405060708090a0b0c0d0e0f10111213141516171819 key_len = 25 2125 * data = 0xcd repeated 50 times data_len = 50 digest 2126 * = 0x4c9007f4026250c6bc8414f9bf50c86c2d7235da 2127 */ 2128 keylen = 25; 2129 memcpy(key, "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19", keylen); 2130 textlen = 50; 2131 memset(text, 0xcd, textlen); 2132 digest = "\x4c\x90\x07\xf4\x02\x62\x50\xc6\xbc\x84\x14\xf9\xbf\x50\xc8\x6c\x2d\x72\x35\xda"; 2133 if (sctp_test_hmac("SHA1 test case 4", SCTP_AUTH_HMAC_ID_SHA1, key, keylen, 2134 text, textlen, digest, digestlen) < 0) 2135 failed++; 2136 2137 /* 2138 * test_case = 5 key = 2139 * 0x0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c key_len = 20 2140 * data = "Test With Truncation" data_len = 20 digest 2141 * = 0x4c1a03424b55e07fe7f27be1d58bb9324a9a5a04 digest-96 = 2142 * 0x4c1a03424b55e07fe7f27be1 2143 */ 2144 keylen = 20; 2145 memset(key, 0x0c, keylen); 2146 textlen = 20; 2147 strcpy(text, "Test With Truncation"); 2148 digest = "\x4c\x1a\x03\x42\x4b\x55\xe0\x7f\xe7\xf2\x7b\xe1\xd5\x8b\xb9\x32\x4a\x9a\x5a\x04"; 2149 if (sctp_test_hmac("SHA1 test case 5", SCTP_AUTH_HMAC_ID_SHA1, key, keylen, 2150 text, textlen, digest, digestlen) < 0) 2151 failed++; 2152 2153 /* 2154 * test_case = 6 key = 0xaa repeated 80 times key_len 2155 * = 80 data = "Test Using Larger Than Block-Size Key - 2156 * Hash Key First" data_len = 54 digest = 2157 * 0xaa4ae5e15272d00e95705637ce8a3b55ed402112 2158 */ 2159 keylen = 80; 2160 memset(key, 0xaa, keylen); 2161 textlen = 54; 2162 strcpy(text, "Test Using Larger Than Block-Size Key - Hash Key First"); 2163 digest = "\xaa\x4a\xe5\xe1\x52\x72\xd0\x0e\x95\x70\x56\x37\xce\x8a\x3b\x55\xed\x40\x21\x12"; 2164 if (sctp_test_hmac("SHA1 test case 6", SCTP_AUTH_HMAC_ID_SHA1, key, keylen, 2165 text, textlen, digest, digestlen) < 0) 2166 failed++; 2167 2168 /* 2169 * test_case = 7 key = 0xaa repeated 80 times key_len 2170 * = 80 data = "Test Using Larger Than Block-Size Key and 2171 * Larger Than One Block-Size Data" data_len = 73 digest = 2172 * 0xe8e99d0f45237d786d6bbaa7965c7808bbff1a91 2173 */ 2174 keylen = 80; 2175 memset(key, 0xaa, keylen); 2176 textlen = 73; 2177 strcpy(text, "Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data"); 2178 digest = "\xe8\xe9\x9d\x0f\x45\x23\x7d\x78\x6d\x6b\xba\xa7\x96\x5c\x78\x08\xbb\xff\x1a\x91"; 2179 if (sctp_test_hmac("SHA1 test case 7", SCTP_AUTH_HMAC_ID_SHA1, key, keylen, 2180 text, textlen, digest, digestlen) < 0) 2181 failed++; 2182 2183 /* done with all tests */ 2184 if (failed) 2185 printf("\nSHA1 test results: %d cases failed", failed); 2186 else 2187 printf("\nSHA1 test results: all test cases passed"); 2188 } 2189 2190 /* 2191 * RFC 2202: HMAC-MD5 test cases 2192 */ 2193 void 2194 sctp_test_hmac_md5(void) 2195 { 2196 uint8_t *digest; 2197 uint8_t key[128]; 2198 uint32_t keylen; 2199 uint8_t text[128]; 2200 uint32_t textlen; 2201 uint32_t digestlen = 16; 2202 int failed = 0; 2203 2204 /* 2205 * test_case = 1 key = 0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b 2206 * key_len = 16 data = "Hi There" data_len = 8 digest = 2207 * 0x9294727a3638bb1c13f48ef8158bfc9d 2208 */ 2209 keylen = 16; 2210 memset(key, 0x0b, keylen); 2211 textlen = 8; 2212 strcpy(text, "Hi There"); 2213 digest = "\x92\x94\x72\x7a\x36\x38\xbb\x1c\x13\xf4\x8e\xf8\x15\x8b\xfc\x9d"; 2214 if (sctp_test_hmac("MD5 test case 1", SCTP_AUTH_HMAC_ID_MD5, key, keylen, 2215 text, textlen, digest, digestlen) < 0) 2216 failed++; 2217 2218 /* 2219 * test_case = 2 key = "Jefe" key_len = 4 data = 2220 * "what do ya want for nothing?" data_len = 28 digest = 2221 * 0x750c783e6ab0b503eaa86e310a5db738 2222 */ 2223 keylen = 4; 2224 strcpy(key, "Jefe"); 2225 textlen = 28; 2226 strcpy(text, "what do ya want for nothing?"); 2227 digest = "\x75\x0c\x78\x3e\x6a\xb0\xb5\x03\xea\xa8\x6e\x31\x0a\x5d\xb7\x38"; 2228 if (sctp_test_hmac("MD5 test case 2", SCTP_AUTH_HMAC_ID_MD5, key, keylen, 2229 text, textlen, digest, digestlen) < 0) 2230 failed++; 2231 2232 /* 2233 * test_case = 3 key = 0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 2234 * key_len = 16 data = 0xdd repeated 50 times data_len = 50 2235 * digest = 0x56be34521d144c88dbb8c733f0e8b3f6 2236 */ 2237 keylen = 16; 2238 memset(key, 0xaa, keylen); 2239 textlen = 50; 2240 memset(text, 0xdd, textlen); 2241 digest = "\x56\xbe\x34\x52\x1d\x14\x4c\x88\xdb\xb8\xc7\x33\xf0\xe8\xb3\xf6"; 2242 if (sctp_test_hmac("MD5 test case 3", SCTP_AUTH_HMAC_ID_MD5, key, keylen, 2243 text, textlen, digest, digestlen) < 0) 2244 failed++; 2245 2246 /* 2247 * test_case = 4 key = 2248 * 0x0102030405060708090a0b0c0d0e0f10111213141516171819 key_len = 25 2249 * data = 0xcd repeated 50 times data_len = 50 digest 2250 * = 0x697eaf0aca3a3aea3a75164746ffaa79 2251 */ 2252 keylen = 25; 2253 memcpy(key, "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19", keylen); 2254 textlen = 50; 2255 memset(text, 0xcd, textlen); 2256 digest = "\x69\x7e\xaf\x0a\xca\x3a\x3a\xea\x3a\x75\x16\x47\x46\xff\xaa\x79"; 2257 if (sctp_test_hmac("MD5 test case 4", SCTP_AUTH_HMAC_ID_MD5, key, keylen, 2258 text, textlen, digest, digestlen) < 0) 2259 failed++; 2260 2261 /* 2262 * test_case = 5 key = 0x0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c 2263 * key_len = 16 data = "Test With Truncation" data_len = 20 2264 * digest = 0x56461ef2342edc00f9bab995690efd4c digest-96 2265 * 0x56461ef2342edc00f9bab995 2266 */ 2267 keylen = 16; 2268 memset(key, 0x0c, keylen); 2269 textlen = 20; 2270 strcpy(text, "Test With Truncation"); 2271 digest = "\x56\x46\x1e\xf2\x34\x2e\xdc\x00\xf9\xba\xb9\x95\x69\x0e\xfd\x4c"; 2272 if (sctp_test_hmac("MD5 test case 5", SCTP_AUTH_HMAC_ID_MD5, key, keylen, 2273 text, textlen, digest, digestlen) < 0) 2274 failed++; 2275 2276 /* 2277 * test_case = 6 key = 0xaa repeated 80 times key_len 2278 * = 80 data = "Test Using Larger Than Block-Size Key - 2279 * Hash Key First" data_len = 54 digest = 2280 * 0x6b1ab7fe4bd7bf8f0b62e6ce61b9d0cd 2281 */ 2282 keylen = 80; 2283 memset(key, 0xaa, keylen); 2284 textlen = 54; 2285 strcpy(text, "Test Using Larger Than Block-Size Key - Hash Key First"); 2286 digest = "\x6b\x1a\xb7\xfe\x4b\xd7\xbf\x8f\x0b\x62\xe6\xce\x61\xb9\xd0\xcd"; 2287 if (sctp_test_hmac("MD5 test case 6", SCTP_AUTH_HMAC_ID_MD5, key, keylen, 2288 text, textlen, digest, digestlen) < 0) 2289 failed++; 2290 2291 /* 2292 * test_case = 7 key = 0xaa repeated 80 times key_len 2293 * = 80 data = "Test Using Larger Than Block-Size Key and 2294 * Larger Than One Block-Size Data" data_len = 73 digest = 2295 * 0x6f630fad67cda0ee1fb1f562db3aa53e 2296 */ 2297 keylen = 80; 2298 memset(key, 0xaa, keylen); 2299 textlen = 73; 2300 strcpy(text, "Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data"); 2301 digest = "\x6f\x63\x0f\xad\x67\xcd\xa0\xee\x1f\xb1\xf5\x62\xdb\x3a\xa5\x3e"; 2302 if (sctp_test_hmac("MD5 test case 7", SCTP_AUTH_HMAC_ID_MD5, key, keylen, 2303 text, textlen, digest, digestlen) < 0) 2304 failed++; 2305 2306 /* done with all tests */ 2307 if (failed) 2308 printf("\nMD5 test results: %d cases failed", failed); 2309 else 2310 printf("\nMD5 test results: all test cases passed"); 2311 } 2312 2313 /* 2314 * test assoc key concatenation 2315 */ 2316 static int 2317 sctp_test_key_concatenation(sctp_key_t * key1, sctp_key_t * key2, 2318 sctp_key_t * expected_key) 2319 { 2320 sctp_key_t *key; 2321 int ret_val; 2322 2323 sctp_show_key(key1, "\nkey1"); 2324 sctp_show_key(key2, "\nkey2"); 2325 key = sctp_compute_hashkey(key1, key2, NULL); 2326 sctp_show_key(expected_key, "\nExpected"); 2327 sctp_show_key(key, "\nComputed"); 2328 if (memcmp(key, expected_key, expected_key->keylen) != 0) { 2329 printf("\nFAILED"); 2330 ret_val = -1; 2331 } else { 2332 printf("\nPASSED"); 2333 ret_val = 0; 2334 } 2335 sctp_free_key(key1); 2336 sctp_free_key(key2); 2337 sctp_free_key(expected_key); 2338 sctp_free_key(key); 2339 return (ret_val); 2340 } 2341 2342 2343 void 2344 sctp_test_authkey(void) 2345 { 2346 sctp_key_t *key1, *key2, *expected_key; 2347 int failed = 0; 2348 2349 /* test case 1 */ 2350 key1 = sctp_set_key("\x01\x01\x01\x01", 4); 2351 key2 = sctp_set_key("\x01\x02\x03\x04", 4); 2352 expected_key = sctp_set_key("\x01\x01\x01\x01\x01\x02\x03\x04", 8); 2353 if (sctp_test_key_concatenation(key1, key2, expected_key) < 0) 2354 failed++; 2355 2356 /* test case 2 */ 2357 key1 = sctp_set_key("\x00\x00\x00\x01", 4); 2358 key2 = sctp_set_key("\x02", 1); 2359 expected_key = sctp_set_key("\x00\x00\x00\x01\x02", 5); 2360 if (sctp_test_key_concatenation(key1, key2, expected_key) < 0) 2361 failed++; 2362 2363 /* test case 3 */ 2364 key1 = sctp_set_key("\x01", 1); 2365 key2 = sctp_set_key("\x00\x00\x00\x02", 4); 2366 expected_key = sctp_set_key("\x01\x00\x00\x00\x02", 5); 2367 if (sctp_test_key_concatenation(key1, key2, expected_key) < 0) 2368 failed++; 2369 2370 /* test case 4 */ 2371 key1 = sctp_set_key("\x00\x00\x00\x01", 4); 2372 key2 = sctp_set_key("\x01", 1); 2373 expected_key = sctp_set_key("\x01\x00\x00\x00\x01", 5); 2374 if (sctp_test_key_concatenation(key1, key2, expected_key) < 0) 2375 failed++; 2376 2377 /* test case 5 */ 2378 key1 = sctp_set_key("\x01", 1); 2379 key2 = sctp_set_key("\x00\x00\x00\x01", 4); 2380 expected_key = sctp_set_key("\x01\x00\x00\x00\x01", 5); 2381 if (sctp_test_key_concatenation(key1, key2, expected_key) < 0) 2382 failed++; 2383 2384 /* test case 6 */ 2385 key1 = sctp_set_key("\x00\x00\x00\x00\x01\x02\x03\x04\x05\x06\x07", 11); 2386 key2 = sctp_set_key("\x00\x00\x00\x00\x01\x02\x03\x04\x05\x06\x08", 11); 2387 expected_key = sctp_set_key("\x00\x00\x00\x00\x01\x02\x03\x04\x05\x06\x07\x00\x00\x00\x00\x01\x02\x03\x04\x05\x06\x08", 22); 2388 if (sctp_test_key_concatenation(key1, key2, expected_key) < 0) 2389 failed++; 2390 2391 /* test case 7 */ 2392 key1 = sctp_set_key("\x00\x00\x00\x00\x01\x02\x03\x04\x05\x06\x08", 11); 2393 key2 = sctp_set_key("\x00\x00\x00\x00\x01\x02\x03\x04\x05\x06\x07", 11); 2394 expected_key = sctp_set_key("\x00\x00\x00\x00\x01\x02\x03\x04\x05\x06\x07\x00\x00\x00\x00\x01\x02\x03\x04\x05\x06\x08", 22); 2395 if (sctp_test_key_concatenation(key1, key2, expected_key) < 0) 2396 failed++; 2397 2398 /* done with all tests */ 2399 if (failed) 2400 printf("\nKey concatenation test results: %d cases failed", failed); 2401 else 2402 printf("\nKey concatenation test results: all test cases passed"); 2403 } 2404 2405 2406 #if defined(STANDALONE_HMAC_TEST) 2407 int 2408 main(void) 2409 { 2410 sctp_test_hmac_sha1(); 2411 sctp_test_hmac_md5(); 2412 sctp_test_authkey(); 2413 } 2414 2415 #endif /* STANDALONE_HMAC_TEST */ 2416 2417 #endif /* SCTP_HMAC_TEST */ 2418