1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 2001-2008, by Cisco Systems, Inc. All rights reserved. 5 * Copyright (c) 2008-2012, by Randall Stewart. All rights reserved. 6 * Copyright (c) 2008-2012, by Michael Tuexen. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions are met: 10 * 11 * a) Redistributions of source code must retain the above copyright notice, 12 * this list of conditions and the following disclaimer. 13 * 14 * b) Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in 16 * the documentation and/or other materials provided with the distribution. 17 * 18 * c) Neither the name of Cisco Systems, Inc. nor the names of its 19 * contributors may be used to endorse or promote products derived 20 * from this software without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 23 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, 24 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 26 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 27 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 28 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 29 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 30 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 31 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF 32 * THE POSSIBILITY OF SUCH DAMAGE. 33 */ 34 35 #ifndef _NETINET_SCTP_AUTH_H_ 36 #define _NETINET_SCTP_AUTH_H_ 37 38 #include <netinet/sctp_os.h> 39 40 /* digest lengths */ 41 #define SCTP_AUTH_DIGEST_LEN_SHA1 20 42 #define SCTP_AUTH_DIGEST_LEN_SHA256 32 43 #define SCTP_AUTH_DIGEST_LEN_MAX SCTP_AUTH_DIGEST_LEN_SHA256 44 45 /* random sizes */ 46 #define SCTP_AUTH_RANDOM_SIZE_DEFAULT 32 47 #define SCTP_AUTH_RANDOM_SIZE_REQUIRED 32 48 49 /* union of all supported HMAC algorithm contexts */ 50 typedef union sctp_hash_context { 51 SCTP_SHA1_CTX sha1; 52 SCTP_SHA256_CTX sha256; 53 } sctp_hash_context_t; 54 55 typedef struct sctp_key { 56 uint32_t keylen; 57 uint8_t key[]; 58 } sctp_key_t; 59 60 typedef struct sctp_shared_key { 61 LIST_ENTRY(sctp_shared_key) next; 62 sctp_key_t *key; /* key text */ 63 uint32_t refcount; /* reference count */ 64 uint16_t keyid; /* shared key ID */ 65 uint8_t deactivated; /* key is deactivated */ 66 } sctp_sharedkey_t; 67 68 LIST_HEAD(sctp_keyhead, sctp_shared_key); 69 70 /* authentication chunks list */ 71 typedef struct sctp_auth_chklist { 72 uint8_t chunks[256]; 73 uint8_t num_chunks; 74 } sctp_auth_chklist_t; 75 76 /* hmac algos supported list */ 77 typedef struct sctp_hmaclist { 78 uint16_t max_algo; /* max algorithms allocated */ 79 uint16_t num_algo; /* num algorithms used */ 80 uint16_t hmac[]; 81 } sctp_hmaclist_t; 82 83 /* authentication info */ 84 typedef struct sctp_authinformation { 85 sctp_key_t *random; /* local random key (concatenated) */ 86 uint32_t random_len; /* local random number length for param */ 87 sctp_key_t *peer_random; /* peer's random key (concatenated) */ 88 sctp_key_t *assoc_key; /* cached concatenated send key */ 89 sctp_key_t *recv_key; /* cached concatenated recv key */ 90 uint16_t active_keyid; /* active send keyid */ 91 uint16_t assoc_keyid; /* current send keyid (cached) */ 92 uint16_t recv_keyid; /* last recv keyid (cached) */ 93 } sctp_authinfo_t; 94 95 /* 96 * Macros 97 */ 98 #define sctp_auth_is_required_chunk(chunk, list) ((list == NULL) ? (0) : (list->chunks[chunk] != 0)) 99 100 /* 101 * function prototypes 102 */ 103 104 /* socket option api functions */ 105 extern sctp_auth_chklist_t *sctp_alloc_chunklist(void); 106 extern void sctp_free_chunklist(sctp_auth_chklist_t *chklist); 107 extern void sctp_clear_chunklist(sctp_auth_chklist_t *chklist); 108 extern sctp_auth_chklist_t *sctp_copy_chunklist(sctp_auth_chklist_t *chklist); 109 extern int sctp_auth_add_chunk(uint8_t chunk, sctp_auth_chklist_t *list); 110 extern int sctp_auth_delete_chunk(uint8_t chunk, sctp_auth_chklist_t *list); 111 extern size_t sctp_auth_get_chklist_size(const sctp_auth_chklist_t *list); 112 extern int 113 sctp_serialize_auth_chunks(const sctp_auth_chklist_t *list, 114 uint8_t *ptr); 115 extern int 116 sctp_pack_auth_chunks(const sctp_auth_chklist_t *list, 117 uint8_t *ptr); 118 extern int 119 sctp_unpack_auth_chunks(const uint8_t *ptr, uint8_t num_chunks, 120 sctp_auth_chklist_t *list); 121 122 /* key handling */ 123 extern sctp_key_t *sctp_alloc_key(uint32_t keylen); 124 extern void sctp_free_key(sctp_key_t *key); 125 extern void sctp_print_key(sctp_key_t *key, const char *str); 126 extern void sctp_show_key(sctp_key_t *key, const char *str); 127 extern sctp_key_t *sctp_generate_random_key(uint32_t keylen); 128 extern sctp_key_t *sctp_set_key(uint8_t *key, uint32_t keylen); 129 extern sctp_key_t * 130 sctp_compute_hashkey(sctp_key_t *key1, sctp_key_t *key2, 131 sctp_key_t *shared); 132 133 /* shared key handling */ 134 extern sctp_sharedkey_t *sctp_alloc_sharedkey(void); 135 extern void sctp_free_sharedkey(sctp_sharedkey_t *skey); 136 extern sctp_sharedkey_t * 137 sctp_find_sharedkey(struct sctp_keyhead *shared_keys, 138 uint16_t key_id); 139 extern int 140 sctp_insert_sharedkey(struct sctp_keyhead *shared_keys, 141 sctp_sharedkey_t *new_skey); 142 extern int 143 sctp_copy_skeylist(const struct sctp_keyhead *src, 144 struct sctp_keyhead *dest); 145 146 /* ref counts on shared keys, by key id */ 147 extern void sctp_auth_key_acquire(struct sctp_tcb *stcb, uint16_t keyid); 148 extern void 149 sctp_auth_key_release(struct sctp_tcb *stcb, uint16_t keyid, 150 int so_locked); 151 152 /* hmac list handling */ 153 extern sctp_hmaclist_t *sctp_alloc_hmaclist(uint16_t num_hmacs); 154 extern void sctp_free_hmaclist(sctp_hmaclist_t *list); 155 extern int sctp_auth_add_hmacid(sctp_hmaclist_t *list, uint16_t hmac_id); 156 extern sctp_hmaclist_t *sctp_copy_hmaclist(sctp_hmaclist_t *list); 157 extern sctp_hmaclist_t *sctp_default_supported_hmaclist(void); 158 extern uint16_t 159 sctp_negotiate_hmacid(sctp_hmaclist_t *peer, 160 sctp_hmaclist_t *local); 161 extern int sctp_serialize_hmaclist(sctp_hmaclist_t *list, uint8_t *ptr); 162 extern int 163 sctp_verify_hmac_param(struct sctp_auth_hmac_algo *hmacs, 164 uint32_t num_hmacs); 165 166 extern sctp_authinfo_t *sctp_alloc_authinfo(void); 167 extern void sctp_free_authinfo(sctp_authinfo_t *authinfo); 168 169 /* keyed-HMAC functions */ 170 extern uint32_t sctp_get_auth_chunk_len(uint16_t hmac_algo); 171 extern uint32_t sctp_get_hmac_digest_len(uint16_t hmac_algo); 172 extern uint32_t 173 sctp_hmac(uint16_t hmac_algo, uint8_t *key, uint32_t keylen, 174 uint8_t *text, uint32_t textlen, uint8_t *digest); 175 extern uint32_t 176 sctp_compute_hmac(uint16_t hmac_algo, sctp_key_t *key, 177 uint8_t *text, uint32_t textlen, uint8_t *digest); 178 extern int sctp_auth_is_supported_hmac(sctp_hmaclist_t *list, uint16_t id); 179 180 /* mbuf versions */ 181 extern uint32_t 182 sctp_hmac_m(uint16_t hmac_algo, uint8_t *key, uint32_t keylen, 183 struct mbuf *m, uint32_t m_offset, uint8_t *digest, uint32_t trailer); 184 extern uint32_t 185 sctp_compute_hmac_m(uint16_t hmac_algo, sctp_key_t *key, 186 struct mbuf *m, uint32_t m_offset, uint8_t *digest); 187 188 /* 189 * authentication routines 190 */ 191 extern void sctp_clear_cachedkeys(struct sctp_tcb *stcb, uint16_t keyid); 192 extern void sctp_clear_cachedkeys_ep(struct sctp_inpcb *inp, uint16_t keyid); 193 extern int sctp_delete_sharedkey(struct sctp_tcb *stcb, uint16_t keyid); 194 extern int sctp_delete_sharedkey_ep(struct sctp_inpcb *inp, uint16_t keyid); 195 extern int sctp_auth_setactivekey(struct sctp_tcb *stcb, uint16_t keyid); 196 extern int sctp_auth_setactivekey_ep(struct sctp_inpcb *inp, uint16_t keyid); 197 extern int sctp_deact_sharedkey(struct sctp_tcb *stcb, uint16_t keyid); 198 extern int sctp_deact_sharedkey_ep(struct sctp_inpcb *inp, uint16_t keyid); 199 200 extern void 201 sctp_auth_get_cookie_params(struct sctp_tcb *stcb, struct mbuf *m, 202 uint32_t offset, uint32_t length); 203 extern void 204 sctp_fill_hmac_digest_m(struct mbuf *m, uint32_t auth_offset, 205 struct sctp_auth_chunk *auth, struct sctp_tcb *stcb, uint16_t key_id); 206 extern struct mbuf * 207 sctp_add_auth_chunk(struct mbuf *m, struct mbuf **m_end, 208 struct sctp_auth_chunk **auth_ret, uint32_t *offset, 209 struct sctp_tcb *stcb, uint8_t chunk); 210 extern int 211 sctp_handle_auth(struct sctp_tcb *stcb, struct sctp_auth_chunk *ch, 212 struct mbuf *m, uint32_t offset); 213 extern void 214 sctp_notify_authentication(struct sctp_tcb *stcb, 215 uint32_t indication, uint16_t keyid, uint16_t alt_keyid, int so_locked); 216 extern int 217 sctp_validate_init_auth_params(struct mbuf *m, int offset, 218 int limit); 219 extern void 220 sctp_initialize_auth_params(struct sctp_inpcb *inp, 221 struct sctp_tcb *stcb); 222 223 /* test functions */ 224 #endif /* __SCTP_AUTH_H__ */ 225