diff options
Diffstat (limited to 'sys/netinet/sctp_auth.c')
| -rw-r--r-- | sys/netinet/sctp_auth.c | 121 |
1 files changed, 59 insertions, 62 deletions
diff --git a/sys/netinet/sctp_auth.c b/sys/netinet/sctp_auth.c index c562bb7e17b6..4a329abae106 100644 --- a/sys/netinet/sctp_auth.c +++ b/sys/netinet/sctp_auth.c @@ -53,7 +53,7 @@ __FBSDID("$FreeBSD$"); void -sctp_clear_chunklist(sctp_auth_chklist_t *chklist) +sctp_clear_chunklist(sctp_auth_chklist_t * chklist) { memset(chklist, 0, sizeof(*chklist)); /* chklist->num_chunks = 0; */ @@ -75,14 +75,14 @@ sctp_alloc_chunklist(void) } void -sctp_free_chunklist(sctp_auth_chklist_t *list) +sctp_free_chunklist(sctp_auth_chklist_t * list) { if (list != NULL) SCTP_FREE(list, SCTP_M_AUTH_CL); } sctp_auth_chklist_t * -sctp_copy_chunklist(sctp_auth_chklist_t *list) +sctp_copy_chunklist(sctp_auth_chklist_t * list) { sctp_auth_chklist_t *new_list; @@ -104,7 +104,7 @@ sctp_copy_chunklist(sctp_auth_chklist_t *list) * add a chunk to the required chunks list */ int -sctp_auth_add_chunk(uint8_t chunk, sctp_auth_chklist_t *list) +sctp_auth_add_chunk(uint8_t chunk, sctp_auth_chklist_t * list) { if (list == NULL) return (-1); @@ -130,7 +130,7 @@ sctp_auth_add_chunk(uint8_t chunk, sctp_auth_chklist_t *list) * delete a chunk from the required chunks list */ int -sctp_auth_delete_chunk(uint8_t chunk, sctp_auth_chklist_t *list) +sctp_auth_delete_chunk(uint8_t chunk, sctp_auth_chklist_t * list) { if (list == NULL) return (-1); @@ -146,7 +146,7 @@ sctp_auth_delete_chunk(uint8_t chunk, sctp_auth_chklist_t *list) } size_t -sctp_auth_get_chklist_size(const sctp_auth_chklist_t *list) +sctp_auth_get_chklist_size(const sctp_auth_chklist_t * list) { if (list == NULL) return (0); @@ -159,7 +159,7 @@ sctp_auth_get_chklist_size(const sctp_auth_chklist_t *list) * guarantee ptr has space for up to 256 bytes */ int -sctp_serialize_auth_chunks(const sctp_auth_chklist_t *list, uint8_t *ptr) +sctp_serialize_auth_chunks(const sctp_auth_chklist_t * list, uint8_t * ptr) { int i, count = 0; @@ -176,7 +176,7 @@ sctp_serialize_auth_chunks(const sctp_auth_chklist_t *list, uint8_t *ptr) } int -sctp_pack_auth_chunks(const sctp_auth_chklist_t *list, uint8_t *ptr) +sctp_pack_auth_chunks(const sctp_auth_chklist_t * list, uint8_t * ptr) { int i, size = 0; @@ -208,8 +208,8 @@ sctp_pack_auth_chunks(const sctp_auth_chklist_t *list, uint8_t *ptr) } int -sctp_unpack_auth_chunks(const uint8_t *ptr, uint8_t num_chunks, - sctp_auth_chklist_t *list) +sctp_unpack_auth_chunks(const uint8_t * ptr, uint8_t num_chunks, + sctp_auth_chklist_t * list) { int i; int size; @@ -259,14 +259,14 @@ sctp_alloc_key(uint32_t keylen) } void -sctp_free_key(sctp_key_t *key) +sctp_free_key(sctp_key_t * key) { if (key != NULL) SCTP_FREE(key, SCTP_M_AUTH_KY); } void -sctp_print_key(sctp_key_t *key, const char *str) +sctp_print_key(sctp_key_t * key, const char *str) { uint32_t i; @@ -285,7 +285,7 @@ sctp_print_key(sctp_key_t *key, const char *str) } void -sctp_show_key(sctp_key_t *key, const char *str) +sctp_show_key(sctp_key_t * key, const char *str) { uint32_t i; @@ -304,8 +304,7 @@ sctp_show_key(sctp_key_t *key, const char *str) } static uint32_t -sctp_get_keylen(sctp_key_t *key) -{ +sctp_get_keylen(sctp_key_t * key) { if (key != NULL) return (key->keylen); else @@ -331,7 +330,7 @@ sctp_generate_random_key(uint32_t keylen) } sctp_key_t * -sctp_set_key(uint8_t *key, uint32_t keylen) +sctp_set_key(uint8_t * key, uint32_t keylen) { sctp_key_t *new_key; @@ -351,7 +350,7 @@ sctp_set_key(uint8_t *key, uint32_t keylen) * 0 if key1 = key2 */ static int -sctp_compare_key(sctp_key_t *key1, sctp_key_t *key2) +sctp_compare_key(sctp_key_t * key1, sctp_key_t * key2) { uint32_t maxlen; uint32_t i; @@ -402,7 +401,7 @@ sctp_compare_key(sctp_key_t *key1, sctp_key_t *key2) * order for concatenation */ sctp_key_t * -sctp_compute_hashkey(sctp_key_t *key1, sctp_key_t *key2, sctp_key_t *shared) +sctp_compute_hashkey(sctp_key_t * key1, sctp_key_t * key2, sctp_key_t * shared) { uint32_t keylen; sctp_key_t *new_key; @@ -476,7 +475,7 @@ sctp_alloc_sharedkey(void) } void -sctp_free_sharedkey(sctp_sharedkey_t *skey) +sctp_free_sharedkey(sctp_sharedkey_t * skey) { if (skey == NULL) return; @@ -502,7 +501,7 @@ sctp_find_sharedkey(struct sctp_keyhead *shared_keys, uint16_t key_id) int sctp_insert_sharedkey(struct sctp_keyhead *shared_keys, - sctp_sharedkey_t *new_skey) + sctp_sharedkey_t * new_skey) { sctp_sharedkey_t *skey; @@ -596,8 +595,7 @@ sctp_auth_key_release(struct sctp_tcb *stcb, uint16_t key_id, int so_locked } static sctp_sharedkey_t * -sctp_copy_sharedkey(const sctp_sharedkey_t *skey) -{ +sctp_copy_sharedkey(const sctp_sharedkey_t * skey){ sctp_sharedkey_t *new_skey; if (skey == NULL) @@ -654,7 +652,7 @@ sctp_alloc_hmaclist(uint16_t num_hmacs) } void -sctp_free_hmaclist(sctp_hmaclist_t *list) +sctp_free_hmaclist(sctp_hmaclist_t * list) { if (list != NULL) { SCTP_FREE(list, SCTP_M_AUTH_HL); @@ -663,7 +661,7 @@ sctp_free_hmaclist(sctp_hmaclist_t *list) } int -sctp_auth_add_hmacid(sctp_hmaclist_t *list, uint16_t hmac_id) +sctp_auth_add_hmacid(sctp_hmaclist_t * list, uint16_t hmac_id) { int i; @@ -691,7 +689,7 @@ sctp_auth_add_hmacid(sctp_hmaclist_t *list, uint16_t hmac_id) } sctp_hmaclist_t * -sctp_copy_hmaclist(sctp_hmaclist_t *list) +sctp_copy_hmaclist(sctp_hmaclist_t * list) { sctp_hmaclist_t *new_list; int i; @@ -729,8 +727,7 @@ sctp_default_supported_hmaclist(void) * find the best HMAC id to use for the peer based on local support */ uint16_t -sctp_negotiate_hmacid(sctp_hmaclist_t *peer, sctp_hmaclist_t *local) -{ +sctp_negotiate_hmacid(sctp_hmaclist_t * peer, sctp_hmaclist_t * local) { int i, j; if ((local == NULL) || (peer == NULL)) @@ -756,7 +753,7 @@ sctp_negotiate_hmacid(sctp_hmaclist_t *peer, sctp_hmaclist_t *local) * caller must guarantee ptr has appropriate space */ int -sctp_serialize_hmaclist(sctp_hmaclist_t *list, uint8_t *ptr) +sctp_serialize_hmaclist(sctp_hmaclist_t * list, uint8_t * ptr) { int i; uint16_t hmac_id; @@ -802,7 +799,7 @@ sctp_alloc_authinfo(void) } void -sctp_free_authinfo(sctp_authinfo_t *authinfo) +sctp_free_authinfo(sctp_authinfo_t * authinfo) { if (authinfo == NULL) return; @@ -822,8 +819,7 @@ sctp_free_authinfo(sctp_authinfo_t *authinfo) uint32_t -sctp_get_auth_chunk_len(uint16_t hmac_algo) -{ +sctp_get_auth_chunk_len(uint16_t hmac_algo) { int size; size = sizeof(struct sctp_auth_chunk) + sctp_get_hmac_digest_len(hmac_algo); @@ -831,8 +827,7 @@ sctp_get_auth_chunk_len(uint16_t hmac_algo) } uint32_t -sctp_get_hmac_digest_len(uint16_t hmac_algo) -{ +sctp_get_hmac_digest_len(uint16_t hmac_algo) { switch (hmac_algo) { case SCTP_AUTH_HMAC_ID_SHA1: return (SCTP_AUTH_DIGEST_LEN_SHA1); @@ -860,7 +855,7 @@ sctp_get_hmac_block_len(uint16_t hmac_algo) } static void -sctp_hmac_init(uint16_t hmac_algo, sctp_hash_context_t *ctx) +sctp_hmac_init(uint16_t hmac_algo, sctp_hash_context_t * ctx) { switch (hmac_algo) { case SCTP_AUTH_HMAC_ID_SHA1: @@ -877,8 +872,8 @@ sctp_hmac_init(uint16_t hmac_algo, sctp_hash_context_t *ctx) } static void -sctp_hmac_update(uint16_t hmac_algo, sctp_hash_context_t *ctx, - uint8_t *text, uint32_t textlen) +sctp_hmac_update(uint16_t hmac_algo, sctp_hash_context_t * ctx, + uint8_t * text, uint32_t textlen) { switch (hmac_algo) { case SCTP_AUTH_HMAC_ID_SHA1: @@ -895,8 +890,8 @@ sctp_hmac_update(uint16_t hmac_algo, sctp_hash_context_t *ctx, } static void -sctp_hmac_final(uint16_t hmac_algo, sctp_hash_context_t *ctx, - uint8_t *digest) +sctp_hmac_final(uint16_t hmac_algo, sctp_hash_context_t * ctx, + uint8_t * digest) { switch (hmac_algo) { case SCTP_AUTH_HMAC_ID_SHA1: @@ -923,9 +918,8 @@ sctp_hmac_final(uint16_t hmac_algo, sctp_hash_context_t *ctx, * resultant digest. */ uint32_t -sctp_hmac(uint16_t hmac_algo, uint8_t *key, uint32_t keylen, - uint8_t *text, uint32_t textlen, uint8_t *digest) -{ +sctp_hmac(uint16_t hmac_algo, uint8_t * key, uint32_t keylen, + uint8_t * text, uint32_t textlen, uint8_t * digest) { uint32_t digestlen; uint32_t blocklen; sctp_hash_context_t ctx; @@ -983,9 +977,8 @@ sctp_hmac(uint16_t hmac_algo, uint8_t *key, uint32_t keylen, /* mbuf version */ uint32_t -sctp_hmac_m(uint16_t hmac_algo, uint8_t *key, uint32_t keylen, - struct mbuf *m, uint32_t m_offset, uint8_t *digest, uint32_t trailer) -{ +sctp_hmac_m(uint16_t hmac_algo, uint8_t * key, uint32_t keylen, + struct mbuf *m, uint32_t m_offset, uint8_t * digest, uint32_t trailer){ uint32_t digestlen; uint32_t blocklen; sctp_hash_context_t ctx; @@ -1031,17 +1024,17 @@ sctp_hmac_m(uint16_t hmac_algo, uint8_t *key, uint32_t keylen, sctp_hmac_update(hmac_algo, &ctx, ipad, blocklen); /* find the correct starting mbuf and offset (get start of text) */ m_tmp = m; - while ((m_tmp != NULL) && (m_offset >= (uint32_t)SCTP_BUF_LEN(m_tmp))) { + while ((m_tmp != NULL) && (m_offset >= (uint32_t) SCTP_BUF_LEN(m_tmp))) { m_offset -= SCTP_BUF_LEN(m_tmp); m_tmp = SCTP_BUF_NEXT(m_tmp); } /* now use the rest of the mbuf chain for the text */ while (m_tmp != NULL) { if ((SCTP_BUF_NEXT(m_tmp) == NULL) && trailer) { - sctp_hmac_update(hmac_algo, &ctx, mtod(m_tmp, uint8_t *)+m_offset, + sctp_hmac_update(hmac_algo, &ctx, mtod(m_tmp, uint8_t *) + m_offset, SCTP_BUF_LEN(m_tmp) - (trailer + m_offset)); } else { - sctp_hmac_update(hmac_algo, &ctx, mtod(m_tmp, uint8_t *)+m_offset, + sctp_hmac_update(hmac_algo, &ctx, mtod(m_tmp, uint8_t *) + m_offset, SCTP_BUF_LEN(m_tmp) - m_offset); } @@ -1066,9 +1059,9 @@ sctp_hmac_m(uint16_t hmac_algo, uint8_t *key, uint32_t keylen, * Returns -1 on error, 0 on success. */ int -sctp_verify_hmac(uint16_t hmac_algo, uint8_t *key, uint32_t keylen, - uint8_t *text, uint32_t textlen, - uint8_t *digest, uint32_t digestlen) +sctp_verify_hmac(uint16_t hmac_algo, uint8_t * key, uint32_t keylen, + uint8_t * text, uint32_t textlen, + uint8_t * digest, uint32_t digestlen) { uint32_t len; uint8_t temp[SCTP_AUTH_DIGEST_LEN_MAX]; @@ -1099,9 +1092,8 @@ sctp_verify_hmac(uint16_t hmac_algo, uint8_t *key, uint32_t keylen, * the keylen exceeds the HMAC block len). */ uint32_t -sctp_compute_hmac(uint16_t hmac_algo, sctp_key_t *key, uint8_t *text, - uint32_t textlen, uint8_t *digest) -{ +sctp_compute_hmac(uint16_t hmac_algo, sctp_key_t * key, uint8_t * text, + uint32_t textlen, uint8_t * digest) { uint32_t digestlen; uint32_t blocklen; sctp_hash_context_t ctx; @@ -1134,9 +1126,8 @@ sctp_compute_hmac(uint16_t hmac_algo, sctp_key_t *key, uint8_t *text, /* mbuf version */ uint32_t -sctp_compute_hmac_m(uint16_t hmac_algo, sctp_key_t *key, struct mbuf *m, - uint32_t m_offset, uint8_t *digest) -{ +sctp_compute_hmac_m(uint16_t hmac_algo, sctp_key_t * key, struct mbuf *m, + uint32_t m_offset, uint8_t * digest){ uint32_t digestlen; uint32_t blocklen; sctp_hash_context_t ctx; @@ -1166,7 +1157,7 @@ sctp_compute_hmac_m(uint16_t hmac_algo, sctp_key_t *key, struct mbuf *m, } int -sctp_auth_is_supported_hmac(sctp_hmaclist_t *list, uint16_t id) +sctp_auth_is_supported_hmac(sctp_hmaclist_t * list, uint16_t id) { int i; @@ -1309,6 +1300,7 @@ sctp_auth_setactivekey(struct sctp_tcb *stcb, uint16_t keyid) /* can't reactivate a deactivated key with other refcounts */ return (-1); } + /* set the (new) active key */ stcb->asoc.authinfo.active_keyid = keyid; /* reset the deactivated flag */ @@ -1363,6 +1355,7 @@ sctp_deact_sharedkey(struct sctp_tcb *stcb, uint16_t keyid) sctp_ulp_notify(SCTP_NOTIFY_AUTH_FREE_KEY, stcb, keyid, 0, SCTP_SO_LOCKED); } + /* mark the key as deactivated */ skey->deactivated = 1; @@ -1424,7 +1417,7 @@ sctp_auth_get_cookie_params(struct sctp_tcb *stcb, struct mbuf *m, length += offset; phdr = (struct sctp_paramhdr *)sctp_m_getptr(m, offset, - sizeof(struct sctp_paramhdr), (uint8_t *)&tmp_param); + sizeof(struct sctp_paramhdr), (uint8_t *) & tmp_param); while (phdr != NULL) { ptype = ntohs(phdr->param_type); plen = ntohs(phdr->param_length); @@ -1491,7 +1484,7 @@ sctp_auth_get_cookie_params(struct sctp_tcb *stcb, struct mbuf *m, if (offset + sizeof(struct sctp_paramhdr) > length) break; phdr = (struct sctp_paramhdr *)sctp_m_getptr(m, offset, sizeof(struct sctp_paramhdr), - (uint8_t *)&tmp_param); + (uint8_t *) & tmp_param); } /* concatenate the full random key */ keylen = sizeof(*p_random) + random_len + sizeof(*hmacs) + hmacs_len; @@ -1582,6 +1575,7 @@ sctp_fill_hmac_digest_m(struct mbuf *m, uint32_t auth_offset, "Assoc Key"); #endif } + /* set in the active key id */ auth->shared_key_id = htons(keyid); @@ -1603,14 +1597,14 @@ sctp_zero_m(struct mbuf *m, uint32_t m_offset, uint32_t size) /* find the correct starting mbuf and offset (get start position) */ m_tmp = m; - while ((m_tmp != NULL) && (m_offset >= (uint32_t)SCTP_BUF_LEN(m_tmp))) { + while ((m_tmp != NULL) && (m_offset >= (uint32_t) SCTP_BUF_LEN(m_tmp))) { m_offset -= SCTP_BUF_LEN(m_tmp); m_tmp = SCTP_BUF_NEXT(m_tmp); } /* now use the rest of the mbuf chain */ while ((m_tmp != NULL) && (size > 0)) { - data = mtod(m_tmp, uint8_t *)+m_offset; - if (size > (uint32_t)(SCTP_BUF_LEN(m_tmp) - m_offset)) { + data = mtod(m_tmp, uint8_t *) + m_offset; + if (size > (uint32_t) (SCTP_BUF_LEN(m_tmp) - m_offset)) { memset(data, 0, SCTP_BUF_LEN(m_tmp) - m_offset); size -= SCTP_BUF_LEN(m_tmp) - m_offset; } else { @@ -1769,6 +1763,7 @@ sctp_notify_authentication(struct sctp_tcb *stcb, uint32_t indication, /* If the socket is gone we are out of here */ return; } + if (sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_AUTHEVNT)) /* event not enabled */ return; @@ -1929,6 +1924,7 @@ sctp_validate_init_auth_params(struct mbuf *m, int offset, int limit) if (num_chunks) got_chklist = 1; } + offset += SCTP_SIZE32(plen); if (offset >= limit) { break; @@ -2023,6 +2019,7 @@ sctp_initialize_auth_params(struct sctp_inpcb *inp, struct sctp_tcb *stcb) new_key->key[keylen++] = i; } } + /* append in the HMACs */ ph = (struct sctp_paramhdr *)(new_key->key + keylen); ph->param_type = htons(SCTP_HMAC_LIST); |