diff options
author | rrs <rrs@FreeBSD.org> | 2008-12-06 13:19:54 +0000 |
---|---|---|
committer | rrs <rrs@FreeBSD.org> | 2008-12-06 13:19:54 +0000 |
commit | 0f2b9dafa358fb3b64efed4842cd31650ceea672 (patch) | |
tree | 773b646ae7f5af08e1421071f2aa493698537042 /sys/netinet/sctp_auth.h | |
parent | f4594595d3de298d45caf389d9cee0d893cedfc0 (diff) | |
download | FreeBSD-src-0f2b9dafa358fb3b64efed4842cd31650ceea672.zip FreeBSD-src-0f2b9dafa358fb3b64efed4842cd31650ceea672.tar.gz |
Code from the hack-session known as the IETF (and a
bit of debugging afterwards):
- Fix protection code for notification generation.
- Decouple associd from vtag
- Allow vtags to have less strigent requirements in non-uniqueness.
o don't pre-hash them when you issue one in a cookie.
o Allow duplicates and use addresses and ports to
discriminate amongst the duplicates during lookup.
- Add support for the NAT draft draft-ietf-behave-sctpnat-00, this
is still experimental and needs more extensive testing with the
Jason Butt ipfw changes.
- Support for the SENDER_DRY event to get DTLS in OpenSSL working
with a set of patches from Michael Tuexen (hopefully heading to OpenSSL soon).
- Update the support of SCTP-AUTH by Peter Lei.
- Use macros for refcounting.
- Fix MTU for UDP encapsulation.
- Fix reporting back of unsent data.
- Update assoc send counter handling to be consistent with endpoint sent counter.
- Fix a bug in PR-SCTP.
- Fix so we only send another FWD-TSN when a SACK arrives IF and only
if the adv-peer-ack point progressed. However we still make sure
a timer is running if we do have an adv_peer_ack point.
- Fix PR-SCTP bug where chunks were retransmitted if they are sent
unreliable but not abandoned yet.
With the help of: Michael Teuxen and Peter Lei :-)
MFC after: 4 weeks
Diffstat (limited to 'sys/netinet/sctp_auth.h')
-rw-r--r-- | sys/netinet/sctp_auth.h | 81 |
1 files changed, 46 insertions, 35 deletions
diff --git a/sys/netinet/sctp_auth.h b/sys/netinet/sctp_auth.h index be7e6a0..8602c97 100644 --- a/sys/netinet/sctp_auth.h +++ b/sys/netinet/sctp_auth.h @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2001-2007, by Cisco Systems, Inc. All rights reserved. + * Copyright (c) 2001-2008, by Cisco Systems, Inc. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: @@ -68,7 +68,9 @@ typedef struct sctp_key { typedef struct sctp_shared_key { LIST_ENTRY(sctp_shared_key) next; sctp_key_t *key; /* key text */ + uint32_t refcount; /* reference count */ uint16_t keyid; /* shared key ID */ + uint8_t deactivated; /* key is deactivated */ } sctp_sharedkey_t; LIST_HEAD(sctp_keyhead, sctp_shared_key); @@ -91,10 +93,11 @@ typedef struct sctp_authinfo { sctp_key_t *random; /* local random key (concatenated) */ uint32_t random_len; /* local random number length for param */ sctp_key_t *peer_random;/* peer's random key (concatenated) */ + sctp_key_t *assoc_key; /* cached concatenated send key */ + sctp_key_t *recv_key; /* cached concatenated recv key */ + uint16_t active_keyid; /* active send keyid */ uint16_t assoc_keyid; /* current send keyid (cached) */ uint16_t recv_keyid; /* last recv keyid (cached) */ - sctp_key_t *assoc_key; /* cached send key */ - sctp_key_t *recv_key; /* cached recv key */ } sctp_authinfo_t; @@ -117,10 +120,13 @@ extern int sctp_auth_add_chunk(uint8_t chunk, sctp_auth_chklist_t * list); extern int sctp_auth_delete_chunk(uint8_t chunk, sctp_auth_chklist_t * list); extern size_t sctp_auth_get_chklist_size(const sctp_auth_chklist_t * list); extern void sctp_auth_set_default_chunks(sctp_auth_chklist_t * list); -extern int - sctp_serialize_auth_chunks(const sctp_auth_chklist_t * list, uint8_t * ptr); -extern int sctp_pack_auth_chunks(const sctp_auth_chklist_t * list, uint8_t * ptr); -extern int +extern int +sctp_serialize_auth_chunks(const sctp_auth_chklist_t * list, + uint8_t * ptr); +extern int +sctp_pack_auth_chunks(const sctp_auth_chklist_t * list, + uint8_t * ptr); +extern int sctp_unpack_auth_chunks(const uint8_t * ptr, uint8_t num_chunks, sctp_auth_chklist_t * list); @@ -139,14 +145,20 @@ sctp_compute_hashkey(sctp_key_t * key1, sctp_key_t * key2, extern sctp_sharedkey_t *sctp_alloc_sharedkey(void); extern void sctp_free_sharedkey(sctp_sharedkey_t * skey); extern sctp_sharedkey_t * - sctp_find_sharedkey(struct sctp_keyhead *shared_keys, uint16_t key_id); -extern void +sctp_find_sharedkey(struct sctp_keyhead *shared_keys, + uint16_t key_id); +extern int sctp_insert_sharedkey(struct sctp_keyhead *shared_keys, sctp_sharedkey_t * new_skey); -extern int +extern int sctp_copy_skeylist(const struct sctp_keyhead *src, struct sctp_keyhead *dest); +/* ref counts on shared keys, by key id */ +extern void sctp_auth_key_acquire(struct sctp_tcb *stcb, uint16_t keyid); +extern void sctp_auth_key_release(struct sctp_tcb *stcb, uint16_t keyid); + + /* hmac list handling */ extern sctp_hmaclist_t *sctp_alloc_hmaclist(uint8_t num_hmacs); extern void sctp_free_hmaclist(sctp_hmaclist_t * list); @@ -167,25 +179,24 @@ extern void sctp_free_authinfo(sctp_authinfo_t * authinfo); /* keyed-HMAC functions */ extern uint32_t sctp_get_auth_chunk_len(uint16_t hmac_algo); extern uint32_t sctp_get_hmac_digest_len(uint16_t hmac_algo); -extern uint32_t +extern uint32_t sctp_hmac(uint16_t hmac_algo, uint8_t * key, uint32_t keylen, uint8_t * text, uint32_t textlen, uint8_t * digest); -extern int +extern int sctp_verify_hmac(uint16_t hmac_algo, uint8_t * key, uint32_t keylen, - uint8_t * text, uint32_t textlen, uint8_t * digest, - uint32_t digestlen); -extern uint32_t + uint8_t * text, uint32_t textlen, uint8_t * digest, uint32_t digestlen); +extern uint32_t sctp_compute_hmac(uint16_t hmac_algo, sctp_key_t * key, uint8_t * text, uint32_t textlen, uint8_t * digest); extern int sctp_auth_is_supported_hmac(sctp_hmaclist_t * list, uint16_t id); /* mbuf versions */ -extern uint32_t +extern uint32_t sctp_hmac_m(uint16_t hmac_algo, uint8_t * key, uint32_t keylen, struct mbuf *m, uint32_t m_offset, uint8_t * digest, uint32_t trailer); -extern uint32_t -sctp_compute_hmac_m(uint16_t hmac_algo, sctp_key_t * key, struct mbuf *m, - uint32_t m_offset, uint8_t * digest); +extern uint32_t +sctp_compute_hmac_m(uint16_t hmac_algo, sctp_key_t * key, + struct mbuf *m, uint32_t m_offset, uint8_t * digest); /* * authentication routines @@ -196,31 +207,31 @@ extern int sctp_delete_sharedkey(struct sctp_tcb *stcb, uint16_t keyid); extern int sctp_delete_sharedkey_ep(struct sctp_inpcb *inp, uint16_t keyid); extern int sctp_auth_setactivekey(struct sctp_tcb *stcb, uint16_t keyid); extern int sctp_auth_setactivekey_ep(struct sctp_inpcb *inp, uint16_t keyid); +extern int sctp_deact_sharedkey(struct sctp_tcb *stcb, uint16_t keyid); +extern int sctp_deact_sharedkey_ep(struct sctp_inpcb *inp, uint16_t keyid); -extern void +extern void sctp_auth_get_cookie_params(struct sctp_tcb *stcb, struct mbuf *m, uint32_t offset, uint32_t length); -extern void +extern void sctp_fill_hmac_digest_m(struct mbuf *m, uint32_t auth_offset, - struct sctp_auth_chunk *auth, - struct sctp_tcb *stcb); + struct sctp_auth_chunk *auth, struct sctp_tcb *stcb, uint16_t key_id); extern struct mbuf * sctp_add_auth_chunk(struct mbuf *m, struct mbuf **m_end, - struct sctp_auth_chunk **auth_ret, - uint32_t * offset, struct sctp_tcb *stcb, - uint8_t chunk); -extern int + struct sctp_auth_chunk **auth_ret, uint32_t * offset, + struct sctp_tcb *stcb, uint8_t chunk); +extern int sctp_handle_auth(struct sctp_tcb *stcb, struct sctp_auth_chunk *ch, struct mbuf *m, uint32_t offset); -extern void +extern void sctp_notify_authentication(struct sctp_tcb *stcb, - uint32_t indication, uint16_t keyid, - uint16_t alt_keyid); -extern int - sctp_validate_init_auth_params(struct mbuf *m, int offset, int limit); -extern void - sctp_initialize_auth_params(struct sctp_inpcb *inp, struct sctp_tcb *stcb); - + uint32_t indication, uint16_t keyid, uint16_t alt_keyid, int so_locked); +extern int +sctp_validate_init_auth_params(struct mbuf *m, int offset, + int limit); +extern void +sctp_initialize_auth_params(struct sctp_inpcb *inp, + struct sctp_tcb *stcb); /* test functions */ extern void sctp_test_hmac_sha1(void); |