netwerk/sctp/src/netinet/sctp_auth.h@6474c204b198 (annotated)
netwerk/sctp/src/netinet/sctp_auth.h
Wed, 31 Dec 2014 06:09:35 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 31 Dec 2014 06:09:35 +0100
- changeset 0
- 6474c204b198
- permissions
- -rwxr-xr-x
Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.
| michael@0 | 1 | /*- |
| michael@0 | 2 | * Copyright (c) 2001-2008, by Cisco Systems, Inc. All rights reserved. |
| michael@0 | 3 | * Copyright (c) 2008-2012, by Randall Stewart. All rights reserved. |
| michael@0 | 4 | * Copyright (c) 2008-2012, by Michael Tuexen. All rights reserved. |
| michael@0 | 5 | * |
| michael@0 | 6 | * Redistribution and use in source and binary forms, with or without |
| michael@0 | 7 | * modification, are permitted provided that the following conditions are met: |
| michael@0 | 8 | * |
| michael@0 | 9 | * a) Redistributions of source code must retain the above copyright notice, |
| michael@0 | 10 | * this list of conditions and the following disclaimer. |
| michael@0 | 11 | * |
| michael@0 | 12 | * b) Redistributions in binary form must reproduce the above copyright |
| michael@0 | 13 | * notice, this list of conditions and the following disclaimer in |
| michael@0 | 14 | * the documentation and/or other materials provided with the distribution. |
| michael@0 | 15 | * |
| michael@0 | 16 | * c) Neither the name of Cisco Systems, Inc. nor the names of its |
| michael@0 | 17 | * contributors may be used to endorse or promote products derived |
| michael@0 | 18 | * from this software without specific prior written permission. |
| michael@0 | 19 | * |
| michael@0 | 20 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
| michael@0 | 21 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, |
| michael@0 | 22 | * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
| michael@0 | 23 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE |
| michael@0 | 24 | * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR |
| michael@0 | 25 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
| michael@0 | 26 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS |
| michael@0 | 27 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN |
| michael@0 | 28 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
| michael@0 | 29 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF |
| michael@0 | 30 | * THE POSSIBILITY OF SUCH DAMAGE. |
| michael@0 | 31 | */ |
| michael@0 | 32 | |
| michael@0 | 33 | #ifdef __FreeBSD__ |
| michael@0 | 34 | #include <sys/cdefs.h> |
| michael@0 | 35 | __FBSDID("$FreeBSD: head/sys/netinet/sctp_auth.h 257804 2013-11-07 18:50:11Z tuexen $"); |
| michael@0 | 36 | #endif |
| michael@0 | 37 | |
| michael@0 | 38 | #ifndef _NETINET_SCTP_AUTH_H_ |
| michael@0 | 39 | #define _NETINET_SCTP_AUTH_H_ |
| michael@0 | 40 | |
| michael@0 | 41 | #include <netinet/sctp_os.h> |
| michael@0 | 42 | |
| michael@0 | 43 | /* digest lengths */ |
| michael@0 | 44 | #define SCTP_AUTH_DIGEST_LEN_SHA1 20 |
| michael@0 | 45 | #define SCTP_AUTH_DIGEST_LEN_SHA256 32 |
| michael@0 | 46 | #define SCTP_AUTH_DIGEST_LEN_MAX SCTP_AUTH_DIGEST_LEN_SHA256 |
| michael@0 | 47 | |
| michael@0 | 48 | /* random sizes */ |
| michael@0 | 49 | #define SCTP_AUTH_RANDOM_SIZE_DEFAULT 32 |
| michael@0 | 50 | #define SCTP_AUTH_RANDOM_SIZE_REQUIRED 32 |
| michael@0 | 51 | |
| michael@0 | 52 | /* union of all supported HMAC algorithm contexts */ |
| michael@0 | 53 | typedef union sctp_hash_context { |
| michael@0 | 54 | SCTP_SHA1_CTX sha1; |
| michael@0 | 55 | #if defined(SCTP_SUPPORT_HMAC_SHA256) |
| michael@0 | 56 | SCTP_SHA256_CTX sha256; |
| michael@0 | 57 | #endif |
| michael@0 | 58 | } sctp_hash_context_t; |
| michael@0 | 59 | |
| michael@0 | 60 | typedef struct sctp_key { |
| michael@0 | 61 | uint32_t keylen; |
| michael@0 | 62 | uint8_t key[]; |
| michael@0 | 63 | } sctp_key_t; |
| michael@0 | 64 | |
| michael@0 | 65 | typedef struct sctp_shared_key { |
| michael@0 | 66 | LIST_ENTRY(sctp_shared_key) next; |
| michael@0 | 67 | sctp_key_t *key; /* key text */ |
| michael@0 | 68 | uint32_t refcount; /* reference count */ |
| michael@0 | 69 | uint16_t keyid; /* shared key ID */ |
| michael@0 | 70 | uint8_t deactivated; /* key is deactivated */ |
| michael@0 | 71 | } sctp_sharedkey_t; |
| michael@0 | 72 | |
| michael@0 | 73 | LIST_HEAD(sctp_keyhead, sctp_shared_key); |
| michael@0 | 74 | |
| michael@0 | 75 | /* authentication chunks list */ |
| michael@0 | 76 | typedef struct sctp_auth_chklist { |
| michael@0 | 77 | uint8_t chunks[256]; |
| michael@0 | 78 | uint8_t num_chunks; |
| michael@0 | 79 | } sctp_auth_chklist_t; |
| michael@0 | 80 | |
| michael@0 | 81 | /* hmac algos supported list */ |
| michael@0 | 82 | typedef struct sctp_hmaclist { |
| michael@0 | 83 | uint16_t max_algo; /* max algorithms allocated */ |
| michael@0 | 84 | uint16_t num_algo; /* num algorithms used */ |
| michael@0 | 85 | uint16_t hmac[]; |
| michael@0 | 86 | } sctp_hmaclist_t; |
| michael@0 | 87 | |
| michael@0 | 88 | /* authentication info */ |
| michael@0 | 89 | typedef struct sctp_authinformation { |
| michael@0 | 90 | sctp_key_t *random; /* local random key (concatenated) */ |
| michael@0 | 91 | uint32_t random_len; /* local random number length for param */ |
| michael@0 | 92 | sctp_key_t *peer_random;/* peer's random key (concatenated) */ |
| michael@0 | 93 | sctp_key_t *assoc_key; /* cached concatenated send key */ |
| michael@0 | 94 | sctp_key_t *recv_key; /* cached concatenated recv key */ |
| michael@0 | 95 | uint16_t active_keyid; /* active send keyid */ |
| michael@0 | 96 | uint16_t assoc_keyid; /* current send keyid (cached) */ |
| michael@0 | 97 | uint16_t recv_keyid; /* last recv keyid (cached) */ |
| michael@0 | 98 | } sctp_authinfo_t; |
| michael@0 | 99 | |
| michael@0 | 100 | |
| michael@0 | 101 | |
| michael@0 | 102 | /* |
| michael@0 | 103 | * Macros |
| michael@0 | 104 | */ |
| michael@0 | 105 | #define sctp_auth_is_required_chunk(chunk, list) ((list == NULL) ? (0) : (list->chunks[chunk] != 0)) |
| michael@0 | 106 | |
| michael@0 | 107 | /* |
| michael@0 | 108 | * function prototypes |
| michael@0 | 109 | */ |
| michael@0 | 110 | |
| michael@0 | 111 | /* socket option api functions */ |
| michael@0 | 112 | extern sctp_auth_chklist_t *sctp_alloc_chunklist(void); |
| michael@0 | 113 | extern void sctp_free_chunklist(sctp_auth_chklist_t *chklist); |
| michael@0 | 114 | extern void sctp_clear_chunklist(sctp_auth_chklist_t *chklist); |
| michael@0 | 115 | extern sctp_auth_chklist_t *sctp_copy_chunklist(sctp_auth_chklist_t *chklist); |
| michael@0 | 116 | extern int sctp_auth_add_chunk(uint8_t chunk, sctp_auth_chklist_t *list); |
| michael@0 | 117 | extern int sctp_auth_delete_chunk(uint8_t chunk, sctp_auth_chklist_t *list); |
| michael@0 | 118 | extern size_t sctp_auth_get_chklist_size(const sctp_auth_chklist_t *list); |
| michael@0 | 119 | extern void sctp_auth_set_default_chunks(sctp_auth_chklist_t *list); |
| michael@0 | 120 | extern int sctp_serialize_auth_chunks(const sctp_auth_chklist_t *list, |
| michael@0 | 121 | uint8_t *ptr); |
| michael@0 | 122 | extern int sctp_pack_auth_chunks(const sctp_auth_chklist_t *list, |
| michael@0 | 123 | uint8_t *ptr); |
| michael@0 | 124 | extern int sctp_unpack_auth_chunks(const uint8_t *ptr, uint8_t num_chunks, |
| michael@0 | 125 | sctp_auth_chklist_t *list); |
| michael@0 | 126 | |
| michael@0 | 127 | /* key handling */ |
| michael@0 | 128 | extern sctp_key_t *sctp_alloc_key(uint32_t keylen); |
| michael@0 | 129 | extern void sctp_free_key(sctp_key_t *key); |
| michael@0 | 130 | extern void sctp_print_key(sctp_key_t *key, const char *str); |
| michael@0 | 131 | extern void sctp_show_key(sctp_key_t *key, const char *str); |
| michael@0 | 132 | extern sctp_key_t *sctp_generate_random_key(uint32_t keylen); |
| michael@0 | 133 | extern sctp_key_t *sctp_set_key(uint8_t *key, uint32_t keylen); |
| michael@0 | 134 | extern sctp_key_t *sctp_compute_hashkey(sctp_key_t *key1, sctp_key_t *key2, |
| michael@0 | 135 | sctp_key_t *shared); |
| michael@0 | 136 | |
| michael@0 | 137 | /* shared key handling */ |
| michael@0 | 138 | extern sctp_sharedkey_t *sctp_alloc_sharedkey(void); |
| michael@0 | 139 | extern void sctp_free_sharedkey(sctp_sharedkey_t *skey); |
| michael@0 | 140 | extern sctp_sharedkey_t *sctp_find_sharedkey(struct sctp_keyhead *shared_keys, |
| michael@0 | 141 | uint16_t key_id); |
| michael@0 | 142 | extern int sctp_insert_sharedkey(struct sctp_keyhead *shared_keys, |
| michael@0 | 143 | sctp_sharedkey_t *new_skey); |
| michael@0 | 144 | extern int sctp_copy_skeylist(const struct sctp_keyhead *src, |
| michael@0 | 145 | struct sctp_keyhead *dest); |
| michael@0 | 146 | /* ref counts on shared keys, by key id */ |
| michael@0 | 147 | extern void sctp_auth_key_acquire(struct sctp_tcb *stcb, uint16_t keyid); |
| michael@0 | 148 | extern void sctp_auth_key_release(struct sctp_tcb *stcb, uint16_t keyid, |
| michael@0 | 149 | int so_locked); |
| michael@0 | 150 | |
| michael@0 | 151 | |
| michael@0 | 152 | /* hmac list handling */ |
| michael@0 | 153 | extern sctp_hmaclist_t *sctp_alloc_hmaclist(uint8_t num_hmacs); |
| michael@0 | 154 | extern void sctp_free_hmaclist(sctp_hmaclist_t *list); |
| michael@0 | 155 | extern int sctp_auth_add_hmacid(sctp_hmaclist_t *list, uint16_t hmac_id); |
| michael@0 | 156 | extern sctp_hmaclist_t *sctp_copy_hmaclist(sctp_hmaclist_t *list); |
| michael@0 | 157 | extern sctp_hmaclist_t *sctp_default_supported_hmaclist(void); |
| michael@0 | 158 | extern uint16_t sctp_negotiate_hmacid(sctp_hmaclist_t *peer, |
| michael@0 | 159 | sctp_hmaclist_t *local); |
| michael@0 | 160 | extern int sctp_serialize_hmaclist(sctp_hmaclist_t *list, uint8_t *ptr); |
| michael@0 | 161 | extern int sctp_verify_hmac_param(struct sctp_auth_hmac_algo *hmacs, |
| michael@0 | 162 | uint32_t num_hmacs); |
| michael@0 | 163 | |
| michael@0 | 164 | extern sctp_authinfo_t *sctp_alloc_authinfo(void); |
| michael@0 | 165 | extern void sctp_free_authinfo(sctp_authinfo_t *authinfo); |
| michael@0 | 166 | |
| michael@0 | 167 | /* keyed-HMAC functions */ |
| michael@0 | 168 | extern uint32_t sctp_get_auth_chunk_len(uint16_t hmac_algo); |
| michael@0 | 169 | extern uint32_t sctp_get_hmac_digest_len(uint16_t hmac_algo); |
| michael@0 | 170 | extern uint32_t sctp_hmac(uint16_t hmac_algo, uint8_t *key, uint32_t keylen, |
| michael@0 | 171 | uint8_t *text, uint32_t textlen, uint8_t *digest); |
| michael@0 | 172 | extern int sctp_verify_hmac(uint16_t hmac_algo, uint8_t *key, uint32_t keylen, |
| michael@0 | 173 | uint8_t *text, uint32_t textlen, uint8_t *digest, uint32_t digestlen); |
| michael@0 | 174 | extern uint32_t sctp_compute_hmac(uint16_t hmac_algo, sctp_key_t *key, |
| michael@0 | 175 | uint8_t *text, uint32_t textlen, uint8_t *digest); |
| michael@0 | 176 | extern int sctp_auth_is_supported_hmac(sctp_hmaclist_t *list, uint16_t id); |
| michael@0 | 177 | |
| michael@0 | 178 | /* mbuf versions */ |
| michael@0 | 179 | extern uint32_t sctp_hmac_m(uint16_t hmac_algo, uint8_t *key, uint32_t keylen, |
| michael@0 | 180 | struct mbuf *m, uint32_t m_offset, uint8_t *digest, uint32_t trailer); |
| michael@0 | 181 | extern uint32_t sctp_compute_hmac_m(uint16_t hmac_algo, sctp_key_t *key, |
| michael@0 | 182 | struct mbuf *m, uint32_t m_offset, uint8_t *digest); |
| michael@0 | 183 | |
| michael@0 | 184 | /* |
| michael@0 | 185 | * authentication routines |
| michael@0 | 186 | */ |
| michael@0 | 187 | extern void sctp_clear_cachedkeys(struct sctp_tcb *stcb, uint16_t keyid); |
| michael@0 | 188 | extern void sctp_clear_cachedkeys_ep(struct sctp_inpcb *inp, uint16_t keyid); |
| michael@0 | 189 | extern int sctp_delete_sharedkey(struct sctp_tcb *stcb, uint16_t keyid); |
| michael@0 | 190 | extern int sctp_delete_sharedkey_ep(struct sctp_inpcb *inp, uint16_t keyid); |
| michael@0 | 191 | extern int sctp_auth_setactivekey(struct sctp_tcb *stcb, uint16_t keyid); |
| michael@0 | 192 | extern int sctp_auth_setactivekey_ep(struct sctp_inpcb *inp, uint16_t keyid); |
| michael@0 | 193 | extern int sctp_deact_sharedkey(struct sctp_tcb *stcb, uint16_t keyid); |
| michael@0 | 194 | extern int sctp_deact_sharedkey_ep(struct sctp_inpcb *inp, uint16_t keyid); |
| michael@0 | 195 | |
| michael@0 | 196 | extern void sctp_auth_get_cookie_params(struct sctp_tcb *stcb, struct mbuf *m, |
| michael@0 | 197 | uint32_t offset, uint32_t length); |
| michael@0 | 198 | extern void sctp_fill_hmac_digest_m(struct mbuf *m, uint32_t auth_offset, |
| michael@0 | 199 | struct sctp_auth_chunk *auth, struct sctp_tcb *stcb, uint16_t key_id); |
| michael@0 | 200 | extern struct mbuf *sctp_add_auth_chunk(struct mbuf *m, struct mbuf **m_end, |
| michael@0 | 201 | struct sctp_auth_chunk **auth_ret, uint32_t *offset, |
| michael@0 | 202 | struct sctp_tcb *stcb, uint8_t chunk); |
| michael@0 | 203 | extern int sctp_handle_auth(struct sctp_tcb *stcb, struct sctp_auth_chunk *ch, |
| michael@0 | 204 | struct mbuf *m, uint32_t offset); |
| michael@0 | 205 | extern void sctp_notify_authentication(struct sctp_tcb *stcb, |
| michael@0 | 206 | uint32_t indication, uint16_t keyid, uint16_t alt_keyid, int so_locked); |
| michael@0 | 207 | extern int sctp_validate_init_auth_params(struct mbuf *m, int offset, |
| michael@0 | 208 | int limit); |
| michael@0 | 209 | extern void sctp_initialize_auth_params(struct sctp_inpcb *inp, |
| michael@0 | 210 | struct sctp_tcb *stcb); |
| michael@0 | 211 | |
| michael@0 | 212 | /* test functions */ |
| michael@0 | 213 | #ifdef SCTP_HMAC_TEST |
| michael@0 | 214 | extern void sctp_test_hmac_sha1(void); |
| michael@0 | 215 | extern void sctp_test_authkey(void); |
| michael@0 | 216 | #endif |
| michael@0 | 217 | #endif /* __SCTP_AUTH_H__ */ |
