Gitiles
Code Review Sign In
realtimeroboticsgroup.org / RealtimeRoboticsGroup / test / 4cb043ceb7900e54ee5d2e26d829456be46c2bb6 / . / usrsctplib / netinet / sctp_auth.h
blob: b24f5141e81bcfe695bf17fc8d8ea14b436463f3 [file] [log] [blame]
James Kuszmaul4cb043c2021-01-17 11:25:51 -0800[diff] [blame^]1/*-
2 * Copyright (c) 2001-2008, by Cisco Systems, Inc. All rights reserved.
3 * Copyright (c) 2008-2012, by Randall Stewart. All rights reserved.
4 * Copyright (c) 2008-2012, by Michael Tuexen. All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions are met:
8 *
9 * a) Redistributions of source code must retain the above copyright notice,
10 * this list of conditions and the following disclaimer.
11 *
12 * b) Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the distribution.
15 *
16 * c) Neither the name of Cisco Systems, Inc. nor the names of its
17 * contributors may be used to endorse or promote products derived
18 * from this software without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
22 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
24 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
30 * THE POSSIBILITY OF SUCH DAMAGE.
31 */
32
33#ifdef __FreeBSD__
34#include <sys/cdefs.h>
35__FBSDID("$FreeBSD: head/sys/netinet/sctp_auth.h 310590 2016-12-26 11:06:41Z tuexen $");
36#endif
37
38#ifndef _NETINET_SCTP_AUTH_H_
39#define _NETINET_SCTP_AUTH_H_
40
41#include <netinet/sctp_os.h>
42
43/* digest lengths */
44#define SCTP_AUTH_DIGEST_LEN_SHA1 20
45#define SCTP_AUTH_DIGEST_LEN_SHA256 32
46#define SCTP_AUTH_DIGEST_LEN_MAX SCTP_AUTH_DIGEST_LEN_SHA256
47
48/* random sizes */
49#define SCTP_AUTH_RANDOM_SIZE_DEFAULT 32
50#define SCTP_AUTH_RANDOM_SIZE_REQUIRED 32
51
52/* union of all supported HMAC algorithm contexts */
53typedef union sctp_hash_context {
54 SCTP_SHA1_CTX sha1;
55#if defined(SCTP_SUPPORT_HMAC_SHA256)
56 SCTP_SHA256_CTX sha256;
57#endif
58} sctp_hash_context_t;
59
60typedef struct sctp_key {
61 uint32_t keylen;
62 uint8_t key[];
63} sctp_key_t;
64
65typedef struct sctp_shared_key {
66 LIST_ENTRY(sctp_shared_key) next;
67 sctp_key_t *key; /* key text */
68 uint32_t refcount; /* reference count */
69 uint16_t keyid; /* shared key ID */
70 uint8_t deactivated; /* key is deactivated */
71} sctp_sharedkey_t;
72
73LIST_HEAD(sctp_keyhead, sctp_shared_key);
74
75/* authentication chunks list */
76typedef struct sctp_auth_chklist {
77 uint8_t chunks[256];
78 uint8_t num_chunks;
79} sctp_auth_chklist_t;
80
81/* hmac algos supported list */
82typedef struct sctp_hmaclist {
83 uint16_t max_algo; /* max algorithms allocated */
84 uint16_t num_algo; /* num algorithms used */
85 uint16_t hmac[];
86} sctp_hmaclist_t;
87
88/* authentication info */
89typedef struct sctp_authinformation {
90 sctp_key_t *random; /* local random key (concatenated) */
91 uint32_t random_len; /* local random number length for param */
92 sctp_key_t *peer_random;/* peer's random key (concatenated) */
93 sctp_key_t *assoc_key; /* cached concatenated send key */
94 sctp_key_t *recv_key; /* cached concatenated recv key */
95 uint16_t active_keyid; /* active send keyid */
96 uint16_t assoc_keyid; /* current send keyid (cached) */
97 uint16_t recv_keyid; /* last recv keyid (cached) */
98} sctp_authinfo_t;
99
100
101
102/*
103 * Macros
104 */
105#define sctp_auth_is_required_chunk(chunk, list) ((list == NULL) ? (0) : (list->chunks[chunk] != 0))
106
107/*
108 * function prototypes
109 */
110
111/* socket option api functions */
112extern sctp_auth_chklist_t *sctp_alloc_chunklist(void);
113extern void sctp_free_chunklist(sctp_auth_chklist_t *chklist);
114extern void sctp_clear_chunklist(sctp_auth_chklist_t *chklist);
115extern sctp_auth_chklist_t *sctp_copy_chunklist(sctp_auth_chklist_t *chklist);
116extern int sctp_auth_add_chunk(uint8_t chunk, sctp_auth_chklist_t *list);
117extern int sctp_auth_delete_chunk(uint8_t chunk, sctp_auth_chklist_t *list);
118extern size_t sctp_auth_get_chklist_size(const sctp_auth_chklist_t *list);
119extern int sctp_serialize_auth_chunks(const sctp_auth_chklist_t *list,
120 uint8_t *ptr);
121extern int sctp_pack_auth_chunks(const sctp_auth_chklist_t *list,
122 uint8_t *ptr);
123extern int sctp_unpack_auth_chunks(const uint8_t *ptr, uint8_t num_chunks,
124 sctp_auth_chklist_t *list);
125
126/* key handling */
127extern sctp_key_t *sctp_alloc_key(uint32_t keylen);
128extern void sctp_free_key(sctp_key_t *key);
129extern void sctp_print_key(sctp_key_t *key, const char *str);
130extern void sctp_show_key(sctp_key_t *key, const char *str);
131extern sctp_key_t *sctp_generate_random_key(uint32_t keylen);
132extern sctp_key_t *sctp_set_key(uint8_t *key, uint32_t keylen);
133extern sctp_key_t *sctp_compute_hashkey(sctp_key_t *key1, sctp_key_t *key2,
134 sctp_key_t *shared);
135
136/* shared key handling */
137extern sctp_sharedkey_t *sctp_alloc_sharedkey(void);
138extern void sctp_free_sharedkey(sctp_sharedkey_t *skey);
139extern sctp_sharedkey_t *sctp_find_sharedkey(struct sctp_keyhead *shared_keys,
140 uint16_t key_id);
141extern int sctp_insert_sharedkey(struct sctp_keyhead *shared_keys,
142 sctp_sharedkey_t *new_skey);
143extern int sctp_copy_skeylist(const struct sctp_keyhead *src,
144 struct sctp_keyhead *dest);
145/* ref counts on shared keys, by key id */
146extern void sctp_auth_key_acquire(struct sctp_tcb *stcb, uint16_t keyid);
147extern void sctp_auth_key_release(struct sctp_tcb *stcb, uint16_t keyid,
148 int so_locked);
149
150
151/* hmac list handling */
152extern sctp_hmaclist_t *sctp_alloc_hmaclist(uint16_t num_hmacs);
153extern void sctp_free_hmaclist(sctp_hmaclist_t *list);
154extern int sctp_auth_add_hmacid(sctp_hmaclist_t *list, uint16_t hmac_id);
155extern sctp_hmaclist_t *sctp_copy_hmaclist(sctp_hmaclist_t *list);
156extern sctp_hmaclist_t *sctp_default_supported_hmaclist(void);
157extern uint16_t sctp_negotiate_hmacid(sctp_hmaclist_t *peer,
158 sctp_hmaclist_t *local);
159extern int sctp_serialize_hmaclist(sctp_hmaclist_t *list, uint8_t *ptr);
160extern int sctp_verify_hmac_param(struct sctp_auth_hmac_algo *hmacs,
161 uint32_t num_hmacs);
162
163extern sctp_authinfo_t *sctp_alloc_authinfo(void);
164extern void sctp_free_authinfo(sctp_authinfo_t *authinfo);
165
166/* keyed-HMAC functions */
167extern uint32_t sctp_get_auth_chunk_len(uint16_t hmac_algo);
168extern uint32_t sctp_get_hmac_digest_len(uint16_t hmac_algo);
169extern uint32_t sctp_hmac(uint16_t hmac_algo, uint8_t *key, uint32_t keylen,
170 uint8_t *text, uint32_t textlen, uint8_t *digest);
171extern int sctp_verify_hmac(uint16_t hmac_algo, uint8_t *key, uint32_t keylen,
172 uint8_t *text, uint32_t textlen, uint8_t *digest, uint32_t digestlen);
173extern uint32_t sctp_compute_hmac(uint16_t hmac_algo, sctp_key_t *key,
174 uint8_t *text, uint32_t textlen, uint8_t *digest);
175extern int sctp_auth_is_supported_hmac(sctp_hmaclist_t *list, uint16_t id);
176
177/* mbuf versions */
178extern uint32_t sctp_hmac_m(uint16_t hmac_algo, uint8_t *key, uint32_t keylen,
179 struct mbuf *m, uint32_t m_offset, uint8_t *digest, uint32_t trailer);
180extern uint32_t sctp_compute_hmac_m(uint16_t hmac_algo, sctp_key_t *key,
181 struct mbuf *m, uint32_t m_offset, uint8_t *digest);
182
183/*
184 * authentication routines
185 */
186extern void sctp_clear_cachedkeys(struct sctp_tcb *stcb, uint16_t keyid);
187extern void sctp_clear_cachedkeys_ep(struct sctp_inpcb *inp, uint16_t keyid);
188extern int sctp_delete_sharedkey(struct sctp_tcb *stcb, uint16_t keyid);
189extern int sctp_delete_sharedkey_ep(struct sctp_inpcb *inp, uint16_t keyid);
190extern int sctp_auth_setactivekey(struct sctp_tcb *stcb, uint16_t keyid);
191extern int sctp_auth_setactivekey_ep(struct sctp_inpcb *inp, uint16_t keyid);
192extern int sctp_deact_sharedkey(struct sctp_tcb *stcb, uint16_t keyid);
193extern int sctp_deact_sharedkey_ep(struct sctp_inpcb *inp, uint16_t keyid);
194
195extern void sctp_auth_get_cookie_params(struct sctp_tcb *stcb, struct mbuf *m,
196 uint32_t offset, uint32_t length);
197extern void sctp_fill_hmac_digest_m(struct mbuf *m, uint32_t auth_offset,
198 struct sctp_auth_chunk *auth, struct sctp_tcb *stcb, uint16_t key_id);
199extern struct mbuf *sctp_add_auth_chunk(struct mbuf *m, struct mbuf **m_end,
200 struct sctp_auth_chunk **auth_ret, uint32_t *offset,
201 struct sctp_tcb *stcb, uint8_t chunk);
202extern int sctp_handle_auth(struct sctp_tcb *stcb, struct sctp_auth_chunk *ch,
203 struct mbuf *m, uint32_t offset);
204extern void sctp_notify_authentication(struct sctp_tcb *stcb,
205 uint32_t indication, uint16_t keyid, uint16_t alt_keyid, int so_locked);
206extern int sctp_validate_init_auth_params(struct mbuf *m, int offset,
207 int limit);
208extern void sctp_initialize_auth_params(struct sctp_inpcb *inp,
209 struct sctp_tcb *stcb);
210
211/* test functions */
212#ifdef SCTP_HMAC_TEST
213extern void sctp_test_hmac_sha1(void);
214extern void sctp_test_authkey(void);
215#endif
216#endif /* __SCTP_AUTH_H__ */