2 * Copyright (c) 2001-2008, by Cisco Systems, Inc. All rights reserved.
3 * Copyright (c) 2008-2012, by Randall Stewart. All rights reserved.
4 * Copyright (c) 2008-2012, by Michael Tuexen. All rights reserved.
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions are met:
9 * a) Redistributions of source code must retain the above copyright notice,
10 * this list of conditions and the following disclaimer.
12 * b) Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the distribution.
16 * c) Neither the name of Cisco Systems, Inc. nor the names of its
17 * contributors may be used to endorse or promote products derived
18 * from this software without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
22 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
24 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
30 * THE POSSIBILITY OF SUCH DAMAGE.
33 #include <sys/cdefs.h>
34 __FBSDID("$FreeBSD$");
36 #ifndef _NETINET_SCTP_AUTH_H_
37 #define _NETINET_SCTP_AUTH_H_
39 #include <netinet/sctp_os.h>
42 #define SCTP_AUTH_DIGEST_LEN_SHA1 20
43 #define SCTP_AUTH_DIGEST_LEN_SHA256 32
44 #define SCTP_AUTH_DIGEST_LEN_MAX SCTP_AUTH_DIGEST_LEN_SHA256
47 #define SCTP_AUTH_RANDOM_SIZE_DEFAULT 32
48 #define SCTP_AUTH_RANDOM_SIZE_REQUIRED 32
50 /* union of all supported HMAC algorithm contexts */
51 typedef union sctp_hash_context
{
53 SCTP_SHA256_CTX sha256
;
54 } sctp_hash_context_t
;
56 typedef struct sctp_key
{
61 typedef struct sctp_shared_key
{
62 LIST_ENTRY(sctp_shared_key
) next
;
63 sctp_key_t
*key
; /* key text */
64 uint32_t refcount
; /* reference count */
65 uint16_t keyid
; /* shared key ID */
66 uint8_t deactivated
; /* key is deactivated */
69 LIST_HEAD(sctp_keyhead
, sctp_shared_key
);
71 /* authentication chunks list */
72 typedef struct sctp_auth_chklist
{
75 } sctp_auth_chklist_t
;
77 /* hmac algos supported list */
78 typedef struct sctp_hmaclist
{
79 uint16_t max_algo
; /* max algorithms allocated */
80 uint16_t num_algo
; /* num algorithms used */
84 /* authentication info */
85 typedef struct sctp_authinformation
{
86 sctp_key_t
*random
; /* local random key (concatenated) */
87 uint32_t random_len
; /* local random number length for param */
88 sctp_key_t
*peer_random
;/* peer's random key (concatenated) */
89 sctp_key_t
*assoc_key
; /* cached concatenated send key */
90 sctp_key_t
*recv_key
; /* cached concatenated recv key */
91 uint16_t active_keyid
; /* active send keyid */
92 uint16_t assoc_keyid
; /* current send keyid (cached) */
93 uint16_t recv_keyid
; /* last recv keyid (cached) */
101 #define sctp_auth_is_required_chunk(chunk, list) ((list == NULL) ? (0) : (list->chunks[chunk] != 0))
104 * function prototypes
107 /* socket option api functions */
108 extern sctp_auth_chklist_t
*sctp_alloc_chunklist(void);
109 extern void sctp_free_chunklist(sctp_auth_chklist_t
* chklist
);
110 extern void sctp_clear_chunklist(sctp_auth_chklist_t
* chklist
);
111 extern sctp_auth_chklist_t
*sctp_copy_chunklist(sctp_auth_chklist_t
* chklist
);
112 extern int sctp_auth_add_chunk(uint8_t chunk
, sctp_auth_chklist_t
* list
);
113 extern int sctp_auth_delete_chunk(uint8_t chunk
, sctp_auth_chklist_t
* list
);
114 extern size_t sctp_auth_get_chklist_size(const sctp_auth_chklist_t
* list
);
116 sctp_serialize_auth_chunks(const sctp_auth_chklist_t
* list
,
119 sctp_pack_auth_chunks(const sctp_auth_chklist_t
* list
,
122 sctp_unpack_auth_chunks(const uint8_t * ptr
, uint8_t num_chunks
,
123 sctp_auth_chklist_t
* list
);
126 extern sctp_key_t
*sctp_alloc_key(uint32_t keylen
);
127 extern void sctp_free_key(sctp_key_t
* key
);
128 extern void sctp_print_key(sctp_key_t
* key
, const char *str
);
129 extern void sctp_show_key(sctp_key_t
* key
, const char *str
);
130 extern sctp_key_t
*sctp_generate_random_key(uint32_t keylen
);
131 extern sctp_key_t
*sctp_set_key(uint8_t * key
, uint32_t keylen
);
133 sctp_compute_hashkey(sctp_key_t
* key1
, sctp_key_t
* key2
,
134 sctp_key_t
* shared
);
136 /* shared key handling */
137 extern sctp_sharedkey_t
*sctp_alloc_sharedkey(void);
138 extern void sctp_free_sharedkey(sctp_sharedkey_t
* skey
);
139 extern sctp_sharedkey_t
*
140 sctp_find_sharedkey(struct sctp_keyhead
*shared_keys
,
143 sctp_insert_sharedkey(struct sctp_keyhead
*shared_keys
,
144 sctp_sharedkey_t
* new_skey
);
146 sctp_copy_skeylist(const struct sctp_keyhead
*src
,
147 struct sctp_keyhead
*dest
);
149 /* ref counts on shared keys, by key id */
150 extern void sctp_auth_key_acquire(struct sctp_tcb
*stcb
, uint16_t keyid
);
152 sctp_auth_key_release(struct sctp_tcb
*stcb
, uint16_t keyid
,
156 /* hmac list handling */
157 extern sctp_hmaclist_t
*sctp_alloc_hmaclist(uint16_t num_hmacs
);
158 extern void sctp_free_hmaclist(sctp_hmaclist_t
* list
);
159 extern int sctp_auth_add_hmacid(sctp_hmaclist_t
* list
, uint16_t hmac_id
);
160 extern sctp_hmaclist_t
*sctp_copy_hmaclist(sctp_hmaclist_t
* list
);
161 extern sctp_hmaclist_t
*sctp_default_supported_hmaclist(void);
163 sctp_negotiate_hmacid(sctp_hmaclist_t
* peer
,
164 sctp_hmaclist_t
* local
);
165 extern int sctp_serialize_hmaclist(sctp_hmaclist_t
* list
, uint8_t * ptr
);
167 sctp_verify_hmac_param(struct sctp_auth_hmac_algo
*hmacs
,
170 extern sctp_authinfo_t
*sctp_alloc_authinfo(void);
171 extern void sctp_free_authinfo(sctp_authinfo_t
* authinfo
);
173 /* keyed-HMAC functions */
174 extern uint32_t sctp_get_auth_chunk_len(uint16_t hmac_algo
);
175 extern uint32_t sctp_get_hmac_digest_len(uint16_t hmac_algo
);
177 sctp_hmac(uint16_t hmac_algo
, uint8_t * key
, uint32_t keylen
,
178 uint8_t * text
, uint32_t textlen
, uint8_t * digest
);
180 sctp_verify_hmac(uint16_t hmac_algo
, uint8_t * key
, uint32_t keylen
,
181 uint8_t * text
, uint32_t textlen
, uint8_t * digest
, uint32_t digestlen
);
183 sctp_compute_hmac(uint16_t hmac_algo
, sctp_key_t
* key
,
184 uint8_t * text
, uint32_t textlen
, uint8_t * digest
);
185 extern int sctp_auth_is_supported_hmac(sctp_hmaclist_t
* list
, uint16_t id
);
189 sctp_hmac_m(uint16_t hmac_algo
, uint8_t * key
, uint32_t keylen
,
190 struct mbuf
*m
, uint32_t m_offset
, uint8_t * digest
, uint32_t trailer
);
192 sctp_compute_hmac_m(uint16_t hmac_algo
, sctp_key_t
* key
,
193 struct mbuf
*m
, uint32_t m_offset
, uint8_t * digest
);
196 * authentication routines
198 extern void sctp_clear_cachedkeys(struct sctp_tcb
*stcb
, uint16_t keyid
);
199 extern void sctp_clear_cachedkeys_ep(struct sctp_inpcb
*inp
, uint16_t keyid
);
200 extern int sctp_delete_sharedkey(struct sctp_tcb
*stcb
, uint16_t keyid
);
201 extern int sctp_delete_sharedkey_ep(struct sctp_inpcb
*inp
, uint16_t keyid
);
202 extern int sctp_auth_setactivekey(struct sctp_tcb
*stcb
, uint16_t keyid
);
203 extern int sctp_auth_setactivekey_ep(struct sctp_inpcb
*inp
, uint16_t keyid
);
204 extern int sctp_deact_sharedkey(struct sctp_tcb
*stcb
, uint16_t keyid
);
205 extern int sctp_deact_sharedkey_ep(struct sctp_inpcb
*inp
, uint16_t keyid
);
208 sctp_auth_get_cookie_params(struct sctp_tcb
*stcb
, struct mbuf
*m
,
209 uint32_t offset
, uint32_t length
);
211 sctp_fill_hmac_digest_m(struct mbuf
*m
, uint32_t auth_offset
,
212 struct sctp_auth_chunk
*auth
, struct sctp_tcb
*stcb
, uint16_t key_id
);
214 sctp_add_auth_chunk(struct mbuf
*m
, struct mbuf
**m_end
,
215 struct sctp_auth_chunk
**auth_ret
, uint32_t * offset
,
216 struct sctp_tcb
*stcb
, uint8_t chunk
);
218 sctp_handle_auth(struct sctp_tcb
*stcb
, struct sctp_auth_chunk
*ch
,
219 struct mbuf
*m
, uint32_t offset
);
221 sctp_notify_authentication(struct sctp_tcb
*stcb
,
222 uint32_t indication
, uint16_t keyid
, uint16_t alt_keyid
, int so_locked
);
224 sctp_validate_init_auth_params(struct mbuf
*m
, int offset
,
227 sctp_initialize_auth_params(struct sctp_inpcb
*inp
,
228 struct sctp_tcb
*stcb
);
231 #endif /* __SCTP_AUTH_H__ */