summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--sys/netinet/sctp_auth.c499
-rw-r--r--sys/netinet/sctp_auth.h6
-rw-r--r--sys/netinet/sctp_os_bsd.h6
-rw-r--r--sys/netinet/sctp_output.c8
-rw-r--r--sys/netinet/sctp_pcb.c17
-rw-r--r--sys/netinet/sctp_uio.h1
6 files changed, 2 insertions, 535 deletions
diff --git a/sys/netinet/sctp_auth.c b/sys/netinet/sctp_auth.c
index 5e8c518..928f572 100644
--- a/sys/netinet/sctp_auth.c
+++ b/sys/netinet/sctp_auth.c
@@ -456,21 +456,6 @@ sctp_compute_hashkey(sctp_key_t * key1, sctp_key_t * key2, sctp_key_t * shared)
/* concatenate the keys */
if (sctp_compare_key(key1, key2) <= 0) {
-#ifdef SCTP_AUTH_DRAFT_04
- /* key is key1 + shared + key2 */
- if (sctp_get_keylen(key1)) {
- bcopy(key1->key, key_ptr, key1->keylen);
- key_ptr += key1->keylen;
- }
- if (sctp_get_keylen(shared)) {
- bcopy(shared->key, key_ptr, shared->keylen);
- key_ptr += shared->keylen;
- }
- if (sctp_get_keylen(key2)) {
- bcopy(key2->key, key_ptr, key2->keylen);
- key_ptr += key2->keylen;
- }
-#else
/* key is shared + key1 + key2 */
if (sctp_get_keylen(shared)) {
bcopy(shared->key, key_ptr, shared->keylen);
@@ -484,23 +469,7 @@ sctp_compute_hashkey(sctp_key_t * key1, sctp_key_t * key2, sctp_key_t * shared)
bcopy(key2->key, key_ptr, key2->keylen);
key_ptr += key2->keylen;
}
-#endif
} else {
-#ifdef SCTP_AUTH_DRAFT_04
- /* key is key2 + shared + key1 */
- if (sctp_get_keylen(key2)) {
- bcopy(key2->key, key_ptr, key2->keylen);
- key_ptr += key2->keylen;
- }
- if (sctp_get_keylen(shared)) {
- bcopy(shared->key, key_ptr, shared->keylen);
- key_ptr += shared->keylen;
- }
- if (sctp_get_keylen(key1)) {
- bcopy(key1->key, key_ptr, key1->keylen);
- key_ptr += key1->keylen;
- }
-#else
/* key is shared + key2 + key1 */
if (sctp_get_keylen(shared)) {
bcopy(shared->key, key_ptr, shared->keylen);
@@ -514,7 +483,6 @@ sctp_compute_hashkey(sctp_key_t * key1, sctp_key_t * key2, sctp_key_t * shared)
bcopy(key1->key, key_ptr, key1->keylen);
key_ptr += key1->keylen;
}
-#endif
}
return (new_key);
}
@@ -739,7 +707,7 @@ sctp_auth_add_hmacid(sctp_hmaclist_t * list, uint16_t hmac_id)
(hmac_id != SCTP_AUTH_HMAC_ID_SHA384) &&
(hmac_id != SCTP_AUTH_HMAC_ID_SHA512) &&
#endif
- (hmac_id != SCTP_AUTH_HMAC_ID_MD5)) {
+ 1) {
return (-1);
}
/* Now is it already in the list */
@@ -802,12 +770,6 @@ sctp_negotiate_hmacid(sctp_hmaclist_t * peer, sctp_hmaclist_t * local)
for (i = 0; i < peer->num_algo; i++) {
for (j = 0; j < local->num_algo; j++) {
if (peer->hmac[i] == local->hmac[j]) {
-#ifndef SCTP_AUTH_DRAFT_04
- /* "skip" MD5 as it's been deprecated */
- if (peer->hmac[i] == SCTP_AUTH_HMAC_ID_MD5)
- continue;
-#endif
-
/* found the "best" one */
SCTPDBG(SCTP_DEBUG_AUTH1,
"SCTP: negotiated peer HMAC id %u\n",
@@ -911,8 +873,6 @@ sctp_get_hmac_digest_len(uint16_t hmac_algo)
switch (hmac_algo) {
case SCTP_AUTH_HMAC_ID_SHA1:
return (SCTP_AUTH_DIGEST_LEN_SHA1);
- case SCTP_AUTH_HMAC_ID_MD5:
- return (SCTP_AUTH_DIGEST_LEN_MD5);
#ifdef HAVE_SHA224
case SCTP_AUTH_HMAC_ID_SHA224:
return (SCTP_AUTH_DIGEST_LEN_SHA224);
@@ -936,7 +896,6 @@ sctp_get_hmac_block_len(uint16_t hmac_algo)
{
switch (hmac_algo) {
case SCTP_AUTH_HMAC_ID_SHA1:
- case SCTP_AUTH_HMAC_ID_MD5:
#ifdef HAVE_SHA224
case SCTP_AUTH_HMAC_ID_SHA224:
#endif
@@ -962,9 +921,6 @@ sctp_hmac_init(uint16_t hmac_algo, sctp_hash_context_t * ctx)
case SCTP_AUTH_HMAC_ID_SHA1:
SHA1_Init(&ctx->sha1);
break;
- case SCTP_AUTH_HMAC_ID_MD5:
- MD5_Init(&ctx->md5);
- break;
#ifdef HAVE_SHA224
case SCTP_AUTH_HMAC_ID_SHA224:
break;
@@ -995,9 +951,6 @@ sctp_hmac_update(uint16_t hmac_algo, sctp_hash_context_t * ctx,
case SCTP_AUTH_HMAC_ID_SHA1:
SHA1_Update(&ctx->sha1, text, textlen);
break;
- case SCTP_AUTH_HMAC_ID_MD5:
- MD5_Update(&ctx->md5, text, textlen);
- break;
#ifdef HAVE_SHA224
case SCTP_AUTH_HMAC_ID_SHA224:
break;
@@ -1028,9 +981,6 @@ sctp_hmac_final(uint16_t hmac_algo, sctp_hash_context_t * ctx,
case SCTP_AUTH_HMAC_ID_SHA1:
SHA1_Final(digest, &ctx->sha1);
break;
- case SCTP_AUTH_HMAC_ID_MD5:
- MD5_Final(digest, &ctx->md5);
- break;
#ifdef HAVE_SHA224
case SCTP_AUTH_HMAC_ID_SHA224:
break;
@@ -1636,15 +1586,6 @@ sctp_auth_get_cookie_params(struct sctp_tcb *stcb, struct mbuf *m,
(uint8_t *) & tmp_param);
}
/* concatenate the full random key */
-#ifdef SCTP_AUTH_DRAFT_04
- keylen = random_len;
- new_key = sctp_alloc_key(keylen);
- if (new_key != NULL) {
- /* copy in the RANDOM */
- if (p_random != NULL)
- bcopy(p_random->random_data, new_key->key, random_len);
- }
-#else
keylen = sizeof(*p_random) + random_len + sizeof(*hmacs) + hmacs_len;
if (chunks != NULL) {
keylen += sizeof(*chunks) + num_chunks;
@@ -1668,15 +1609,10 @@ sctp_auth_get_cookie_params(struct sctp_tcb *stcb, struct mbuf *m,
sizeof(*hmacs) + hmacs_len);
}
}
-#endif
if (stcb->asoc.authinfo.random != NULL)
sctp_free_key(stcb->asoc.authinfo.random);
stcb->asoc.authinfo.random = new_key;
stcb->asoc.authinfo.random_len = random_len;
-#ifdef SCTP_AUTH_DRAFT_04
- /* don't include the chunks and hmacs for draft -04 */
- stcb->asoc.authinfo.random->keylen = random_len;
-#endif
sctp_clear_cachedkeys(stcb, stcb->asoc.authinfo.assoc_keyid);
sctp_clear_cachedkeys(stcb, stcb->asoc.authinfo.recv_keyid);
@@ -2143,11 +2079,6 @@ sctp_initialize_auth_params(struct sctp_inpcb *inp, struct sctp_tcb *stcb)
&stcb->asoc.shared_keys);
/* now set the concatenated key (random + chunks + hmacs) */
-#ifdef SCTP_AUTH_DRAFT_04
- /* don't include the chunks and hmacs for draft -04 */
- keylen = random_len;
- new_key = sctp_generate_random_key(keylen);
-#else
/* key includes parameter headers */
keylen = (3 * sizeof(struct sctp_paramhdr)) + random_len + chunks_len +
hmacs_len;
@@ -2188,436 +2119,8 @@ sctp_initialize_auth_params(struct sctp_inpcb *inp, struct sctp_tcb *stcb)
(void)sctp_serialize_hmaclist(stcb->asoc.local_hmacs,
new_key->key + keylen);
}
-#endif
if (stcb->asoc.authinfo.random != NULL)
sctp_free_key(stcb->asoc.authinfo.random);
stcb->asoc.authinfo.random = new_key;
stcb->asoc.authinfo.random_len = random_len;
}
-
-
-#ifdef SCTP_HMAC_TEST
-/*
- * HMAC and key concatenation tests
- */
-static void
-sctp_print_digest(uint8_t * digest, uint32_t digestlen, const char *str)
-{
- uint32_t i;
-
- printf("\n%s: 0x", str);
- if (digest == NULL)
- return;
-
- for (i = 0; i < digestlen; i++)
- printf("%02x", digest[i]);
-}
-
-static int
-sctp_test_hmac(const char *str, uint16_t hmac_id, uint8_t * key,
- uint32_t keylen, uint8_t * text, uint32_t textlen,
- uint8_t * digest, uint32_t digestlen)
-{
- uint8_t computed_digest[SCTP_AUTH_DIGEST_LEN_MAX];
-
- printf("\n%s:", str);
- sctp_hmac(hmac_id, key, keylen, text, textlen, computed_digest);
- sctp_print_digest(digest, digestlen, "Expected digest");
- sctp_print_digest(computed_digest, digestlen, "Computed digest");
- if (memcmp(digest, computed_digest, digestlen) != 0) {
- printf("\nFAILED");
- return (-1);
- } else {
- printf("\nPASSED");
- return (0);
- }
-}
-
-
-/*
- * RFC 2202: HMAC-SHA1 test cases
- */
-void
-sctp_test_hmac_sha1(void)
-{
- uint8_t *digest;
- uint8_t key[128];
- uint32_t keylen;
- uint8_t text[128];
- uint32_t textlen;
- uint32_t digestlen = 20;
- int failed = 0;
-
- /*-
- * test_case = 1
- * key = 0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
- * key_len = 20
- * data = "Hi There"
- * data_len = 8
- * digest = 0xb617318655057264e28bc0b6fb378c8ef146be00
- */
- keylen = 20;
- memset(key, 0x0b, keylen);
- textlen = 8;
- strcpy(text, "Hi There");
- digest = "\xb6\x17\x31\x86\x55\x05\x72\x64\xe2\x8b\xc0\xb6\xfb\x37\x8c\x8e\xf1\x46\xbe\x00";
- if (sctp_test_hmac("SHA1 test case 1", SCTP_AUTH_HMAC_ID_SHA1, key, keylen,
- text, textlen, digest, digestlen) < 0)
- failed++;
-
- /*-
- * test_case = 2
- * key = "Jefe"
- * key_len = 4
- * data = "what do ya want for nothing?"
- * data_len = 28
- * digest = 0xeffcdf6ae5eb2fa2d27416d5f184df9c259a7c79
- */
- keylen = 4;
- strcpy(key, "Jefe");
- textlen = 28;
- strcpy(text, "what do ya want for nothing?");
- digest = "\xef\xfc\xdf\x6a\xe5\xeb\x2f\xa2\xd2\x74\x16\xd5\xf1\x84\xdf\x9c\x25\x9a\x7c\x79";
- if (sctp_test_hmac("SHA1 test case 2", SCTP_AUTH_HMAC_ID_SHA1, key, keylen,
- text, textlen, digest, digestlen) < 0)
- failed++;
-
- /*-
- * test_case = 3
- * key = 0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
- * key_len = 20
- * data = 0xdd repeated 50 times
- * data_len = 50
- * digest = 0x125d7342b9ac11cd91a39af48aa17b4f63f175d3
- */
- keylen = 20;
- memset(key, 0xaa, keylen);
- textlen = 50;
- memset(text, 0xdd, textlen);
- digest = "\x12\x5d\x73\x42\xb9\xac\x11\xcd\x91\xa3\x9a\xf4\x8a\xa1\x7b\x4f\x63\xf1\x75\xd3";
- if (sctp_test_hmac("SHA1 test case 3", SCTP_AUTH_HMAC_ID_SHA1, key, keylen,
- text, textlen, digest, digestlen) < 0)
- failed++;
-
- /*-
- * test_case = 4
- * key = 0x0102030405060708090a0b0c0d0e0f10111213141516171819
- * key_len = 25
- * data = 0xcd repeated 50 times
- * data_len = 50
- * digest = 0x4c9007f4026250c6bc8414f9bf50c86c2d7235da
- */
- keylen = 25;
- memcpy(key, "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19", keylen);
- textlen = 50;
- memset(text, 0xcd, textlen);
- digest = "\x4c\x90\x07\xf4\x02\x62\x50\xc6\xbc\x84\x14\xf9\xbf\x50\xc8\x6c\x2d\x72\x35\xda";
- if (sctp_test_hmac("SHA1 test case 4", SCTP_AUTH_HMAC_ID_SHA1, key, keylen,
- text, textlen, digest, digestlen) < 0)
- failed++;
-
- /*-
- * test_case = 5
- * key = 0x0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c
- * key_len = 20
- * data = "Test With Truncation"
- * data_len = 20
- * digest = 0x4c1a03424b55e07fe7f27be1d58bb9324a9a5a04
- * digest-96 = 0x4c1a03424b55e07fe7f27be1
- */
- keylen = 20;
- memset(key, 0x0c, keylen);
- textlen = 20;
- strcpy(text, "Test With Truncation");
- digest = "\x4c\x1a\x03\x42\x4b\x55\xe0\x7f\xe7\xf2\x7b\xe1\xd5\x8b\xb9\x32\x4a\x9a\x5a\x04";
- if (sctp_test_hmac("SHA1 test case 5", SCTP_AUTH_HMAC_ID_SHA1, key, keylen,
- text, textlen, digest, digestlen) < 0)
- failed++;
-
- /*-
- * test_case = 6
- * key = 0xaa repeated 80 times
- * key_len = 80
- * data = "Test Using Larger Than Block-Size Key - Hash Key First"
- * data_len = 54
- * digest = 0xaa4ae5e15272d00e95705637ce8a3b55ed402112
- */
- keylen = 80;
- memset(key, 0xaa, keylen);
- textlen = 54;
- strcpy(text, "Test Using Larger Than Block-Size Key - Hash Key First");
- digest = "\xaa\x4a\xe5\xe1\x52\x72\xd0\x0e\x95\x70\x56\x37\xce\x8a\x3b\x55\xed\x40\x21\x12";
- if (sctp_test_hmac("SHA1 test case 6", SCTP_AUTH_HMAC_ID_SHA1, key, keylen,
- text, textlen, digest, digestlen) < 0)
- failed++;
-
- /*-
- * test_case = 7
- * key = 0xaa repeated 80 times
- * key_len = 80
- * data = "Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data"
- * data_len = 73
- * digest = 0xe8e99d0f45237d786d6bbaa7965c7808bbff1a91
- */
- keylen = 80;
- memset(key, 0xaa, keylen);
- textlen = 73;
- strcpy(text, "Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data");
- digest = "\xe8\xe9\x9d\x0f\x45\x23\x7d\x78\x6d\x6b\xba\xa7\x96\x5c\x78\x08\xbb\xff\x1a\x91";
- if (sctp_test_hmac("SHA1 test case 7", SCTP_AUTH_HMAC_ID_SHA1, key, keylen,
- text, textlen, digest, digestlen) < 0)
- failed++;
-
- /* done with all tests */
- if (failed)
- printf("\nSHA1 test results: %d cases failed", failed);
- else
- printf("\nSHA1 test results: all test cases passed");
-}
-
-/*
- * RFC 2202: HMAC-MD5 test cases
- */
-void
-sctp_test_hmac_md5(void)
-{
- uint8_t *digest;
- uint8_t key[128];
- uint32_t keylen;
- uint8_t text[128];
- uint32_t textlen;
- uint32_t digestlen = 16;
- int failed = 0;
-
- /*-
- * test_case = 1
- * key = 0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
- * key_len = 16
- * data = "Hi There"
- * data_len = 8
- * digest = 0x9294727a3638bb1c13f48ef8158bfc9d
- */
- keylen = 16;
- memset(key, 0x0b, keylen);
- textlen = 8;
- strcpy(text, "Hi There");
- digest = "\x92\x94\x72\x7a\x36\x38\xbb\x1c\x13\xf4\x8e\xf8\x15\x8b\xfc\x9d";
- if (sctp_test_hmac("MD5 test case 1", SCTP_AUTH_HMAC_ID_MD5, key, keylen,
- text, textlen, digest, digestlen) < 0)
- failed++;
-
- /*-
- * test_case = 2
- * key = "Jefe"
- * key_len = 4
- * data = "what do ya want for nothing?"
- * data_len = 28
- * digest = 0x750c783e6ab0b503eaa86e310a5db738
- */
- keylen = 4;
- strcpy(key, "Jefe");
- textlen = 28;
- strcpy(text, "what do ya want for nothing?");
- digest = "\x75\x0c\x78\x3e\x6a\xb0\xb5\x03\xea\xa8\x6e\x31\x0a\x5d\xb7\x38";
- if (sctp_test_hmac("MD5 test case 2", SCTP_AUTH_HMAC_ID_MD5, key, keylen,
- text, textlen, digest, digestlen) < 0)
- failed++;
-
- /*-
- * test_case = 3
- * key = 0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
- * key_len = 16
- * data = 0xdd repeated 50 times
- * data_len = 50
- * digest = 0x56be34521d144c88dbb8c733f0e8b3f6
- */
- keylen = 16;
- memset(key, 0xaa, keylen);
- textlen = 50;
- memset(text, 0xdd, textlen);
- digest = "\x56\xbe\x34\x52\x1d\x14\x4c\x88\xdb\xb8\xc7\x33\xf0\xe8\xb3\xf6";
- if (sctp_test_hmac("MD5 test case 3", SCTP_AUTH_HMAC_ID_MD5, key, keylen,
- text, textlen, digest, digestlen) < 0)
- failed++;
-
- /*-
- * test_case = 4
- * key = 0x0102030405060708090a0b0c0d0e0f10111213141516171819
- * key_len = 25
- * data = 0xcd repeated 50 times
- * data_len = 50
- * digest = 0x697eaf0aca3a3aea3a75164746ffaa79
- */
- keylen = 25;
- memcpy(key, "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19", keylen);
- textlen = 50;
- memset(text, 0xcd, textlen);
- digest = "\x69\x7e\xaf\x0a\xca\x3a\x3a\xea\x3a\x75\x16\x47\x46\xff\xaa\x79";
- if (sctp_test_hmac("MD5 test case 4", SCTP_AUTH_HMAC_ID_MD5, key, keylen,
- text, textlen, digest, digestlen) < 0)
- failed++;
-
- /*-
- * test_case = 5
- * key = 0x0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c
- * key_len = 16
- * data = "Test With Truncation"
- * data_len = 20
- * digest = 0x56461ef2342edc00f9bab995690efd4c
- * digest-96 = 0x56461ef2342edc00f9bab995
- */
- keylen = 16;
- memset(key, 0x0c, keylen);
- textlen = 20;
- strcpy(text, "Test With Truncation");
- digest = "\x56\x46\x1e\xf2\x34\x2e\xdc\x00\xf9\xba\xb9\x95\x69\x0e\xfd\x4c";
- if (sctp_test_hmac("MD5 test case 5", SCTP_AUTH_HMAC_ID_MD5, key, keylen,
- text, textlen, digest, digestlen) < 0)
- failed++;
-
- /*-
- * test_case = 6
- * key = 0xaa repeated 80 times
- * key_len = 80
- * data = "Test Using Larger Than Block-Size Key - Hash Key First"
- * data_len = 54
- * digest = 0x6b1ab7fe4bd7bf8f0b62e6ce61b9d0cd
- */
- keylen = 80;
- memset(key, 0xaa, keylen);
- textlen = 54;
- strcpy(text, "Test Using Larger Than Block-Size Key - Hash Key First");
- digest = "\x6b\x1a\xb7\xfe\x4b\xd7\xbf\x8f\x0b\x62\xe6\xce\x61\xb9\xd0\xcd";
- if (sctp_test_hmac("MD5 test case 6", SCTP_AUTH_HMAC_ID_MD5, key, keylen,
- text, textlen, digest, digestlen) < 0)
- failed++;
-
- /*-
- * test_case = 7
- * key = 0xaa repeated 80 times
- * key_len = 80
- * data = "Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data"
- * data_len = 73
- * digest = 0x6f630fad67cda0ee1fb1f562db3aa53e
- */
- keylen = 80;
- memset(key, 0xaa, keylen);
- textlen = 73;
- strcpy(text, "Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data");
- digest = "\x6f\x63\x0f\xad\x67\xcd\xa0\xee\x1f\xb1\xf5\x62\xdb\x3a\xa5\x3e";
- if (sctp_test_hmac("MD5 test case 7", SCTP_AUTH_HMAC_ID_MD5, key, keylen,
- text, textlen, digest, digestlen) < 0)
- failed++;
-
- /* done with all tests */
- if (failed)
- printf("\nMD5 test results: %d cases failed", failed);
- else
- printf("\nMD5 test results: all test cases passed");
-}
-
-/*
- * test assoc key concatenation
- */
-static int
-sctp_test_key_concatenation(sctp_key_t * key1, sctp_key_t * key2,
- sctp_key_t * expected_key)
-{
- sctp_key_t *key;
- int ret_val;
-
- sctp_show_key(key1, "\nkey1");
- sctp_show_key(key2, "\nkey2");
- key = sctp_compute_hashkey(key1, key2, NULL);
- sctp_show_key(expected_key, "\nExpected");
- sctp_show_key(key, "\nComputed");
- if (memcmp(key, expected_key, expected_key->keylen) != 0) {
- printf("\nFAILED");
- ret_val = -1;
- } else {
- printf("\nPASSED");
- ret_val = 0;
- }
- sctp_free_key(key1);
- sctp_free_key(key2);
- sctp_free_key(expected_key);
- sctp_free_key(key);
- return (ret_val);
-}
-
-
-void
-sctp_test_authkey(void)
-{
- sctp_key_t *key1, *key2, *expected_key;
- int failed = 0;
-
- /* test case 1 */
- key1 = sctp_set_key("\x01\x01\x01\x01", 4);
- key2 = sctp_set_key("\x01\x02\x03\x04", 4);
- expected_key = sctp_set_key("\x01\x01\x01\x01\x01\x02\x03\x04", 8);
- if (sctp_test_key_concatenation(key1, key2, expected_key) < 0)
- failed++;
-
- /* test case 2 */
- key1 = sctp_set_key("\x00\x00\x00\x01", 4);
- key2 = sctp_set_key("\x02", 1);
- expected_key = sctp_set_key("\x00\x00\x00\x01\x02", 5);
- if (sctp_test_key_concatenation(key1, key2, expected_key) < 0)
- failed++;
-
- /* test case 3 */
- key1 = sctp_set_key("\x01", 1);
- key2 = sctp_set_key("\x00\x00\x00\x02", 4);
- expected_key = sctp_set_key("\x01\x00\x00\x00\x02", 5);
- if (sctp_test_key_concatenation(key1, key2, expected_key) < 0)
- failed++;
-
- /* test case 4 */
- key1 = sctp_set_key("\x00\x00\x00\x01", 4);
- key2 = sctp_set_key("\x01", 1);
- expected_key = sctp_set_key("\x01\x00\x00\x00\x01", 5);
- if (sctp_test_key_concatenation(key1, key2, expected_key) < 0)
- failed++;
-
- /* test case 5 */
- key1 = sctp_set_key("\x01", 1);
- key2 = sctp_set_key("\x00\x00\x00\x01", 4);
- expected_key = sctp_set_key("\x01\x00\x00\x00\x01", 5);
- if (sctp_test_key_concatenation(key1, key2, expected_key) < 0)
- failed++;
-
- /* test case 6 */
- key1 = sctp_set_key("\x00\x00\x00\x00\x01\x02\x03\x04\x05\x06\x07", 11);
- key2 = sctp_set_key("\x00\x00\x00\x00\x01\x02\x03\x04\x05\x06\x08", 11);
- expected_key = sctp_set_key("\x00\x00\x00\x00\x01\x02\x03\x04\x05\x06\x07\x00\x00\x00\x00\x01\x02\x03\x04\x05\x06\x08", 22);
- if (sctp_test_key_concatenation(key1, key2, expected_key) < 0)
- failed++;
-
- /* test case 7 */
- key1 = sctp_set_key("\x00\x00\x00\x00\x01\x02\x03\x04\x05\x06\x08", 11);
- key2 = sctp_set_key("\x00\x00\x00\x00\x01\x02\x03\x04\x05\x06\x07", 11);
- expected_key = sctp_set_key("\x00\x00\x00\x00\x01\x02\x03\x04\x05\x06\x07\x00\x00\x00\x00\x01\x02\x03\x04\x05\x06\x08", 22);
- if (sctp_test_key_concatenation(key1, key2, expected_key) < 0)
- failed++;
-
- /* done with all tests */
- if (failed)
- printf("\nKey concatenation test results: %d cases failed", failed);
- else
- printf("\nKey concatenation test results: all test cases passed");
-}
-
-
-#if defined(STANDALONE_HMAC_TEST)
-int
-main(void)
-{
- sctp_test_hmac_sha1();
- sctp_test_hmac_md5();
- sctp_test_authkey();
-}
-
-#endif /* STANDALONE_HMAC_TEST */
-
-#endif /* SCTP_HMAC_TEST */
diff --git a/sys/netinet/sctp_auth.h b/sys/netinet/sctp_auth.h
index 8602c97..cecdb90 100644
--- a/sys/netinet/sctp_auth.h
+++ b/sys/netinet/sctp_auth.h
@@ -37,7 +37,6 @@ __FBSDID("$FreeBSD$");
/* digest lengths */
#define SCTP_AUTH_DIGEST_LEN_SHA1 20
-#define SCTP_AUTH_DIGEST_LEN_MD5 16
#define SCTP_AUTH_DIGEST_LEN_SHA224 28
#define SCTP_AUTH_DIGEST_LEN_SHA256 32
#define SCTP_AUTH_DIGEST_LEN_SHA384 48
@@ -52,7 +51,6 @@ __FBSDID("$FreeBSD$");
/* union of all supported HMAC algorithm contexts */
typedef union sctp_hash_context {
SHA1_CTX sha1;
- MD5_CTX md5;
#ifdef HAVE_SHA2
SHA256_CTX sha256;
SHA384_CTX sha384;
@@ -234,8 +232,4 @@ sctp_initialize_auth_params(struct sctp_inpcb *inp,
struct sctp_tcb *stcb);
/* test functions */
-extern void sctp_test_hmac_sha1(void);
-extern void sctp_test_hmac_md5(void);
-extern void sctp_test_authkey(void);
-
#endif /* __SCTP_AUTH_H__ */
diff --git a/sys/netinet/sctp_os_bsd.h b/sys/netinet/sctp_os_bsd.h
index 349d164..cec568d 100644
--- a/sys/netinet/sctp_os_bsd.h
+++ b/sys/netinet/sctp_os_bsd.h
@@ -478,12 +478,6 @@ sctp_get_mbuf_for_msg(unsigned int space_needed,
#include <crypto/sha2/sha2.h>
#endif
-#include <sys/md5.h>
-/* map standard crypto API names */
-#define MD5_Init MD5Init
-#define MD5_Update MD5Update
-#define MD5_Final MD5Final
-
#endif
#define SCTP_DECREMENT_AND_CHECK_REFCOUNT(addr) (atomic_fetchadd_int(addr, -1) == 1)
diff --git a/sys/netinet/sctp_output.c b/sys/netinet/sctp_output.c
index cbc9a9a..50ccc93 100644
--- a/sys/netinet/sctp_output.c
+++ b/sys/netinet/sctp_output.c
@@ -4313,16 +4313,8 @@ sctp_send_initiate(struct sctp_inpcb *inp, struct sctp_tcb *stcb, int so_locked
if (stcb->asoc.authinfo.random != NULL) {
randp = (struct sctp_auth_random *)(mtod(m, caddr_t)+SCTP_BUF_LEN(m));
p_len = sizeof(*randp) + stcb->asoc.authinfo.random_len;
-#ifdef SCTP_AUTH_DRAFT_04
- randp->ph.param_type = htons(SCTP_RANDOM);
- randp->ph.param_length = htons(p_len);
- bcopy(stcb->asoc.authinfo.random->key,
- randp->random_data,
- stcb->asoc.authinfo.random_len);
-#else
/* random key already contains the header */
bcopy(stcb->asoc.authinfo.random->key, randp, p_len);
-#endif
/* zero out any padding required */
bzero((caddr_t)randp + p_len, SCTP_SIZE32(p_len) - p_len);
SCTP_BUF_LEN(m) += SCTP_SIZE32(p_len);
diff --git a/sys/netinet/sctp_pcb.c b/sys/netinet/sctp_pcb.c
index 682af5e..73e7991 100644
--- a/sys/netinet/sctp_pcb.c
+++ b/sys/netinet/sctp_pcb.c
@@ -6254,15 +6254,6 @@ next_param:
return (-33);
}
/* concatenate the full random key */
-#ifdef SCTP_AUTH_DRAFT_04
- keylen = random_len;
- new_key = sctp_alloc_key(keylen);
- if (new_key != NULL) {
- /* copy in the RANDOM */
- if (p_random != NULL)
- bcopy(p_random->random_data, new_key->key, random_len);
- }
-#else
keylen = sizeof(*p_random) + random_len + sizeof(*hmacs) + hmacs_len;
if (chunks != NULL) {
keylen += sizeof(*chunks) + num_chunks;
@@ -6285,19 +6276,13 @@ next_param:
bcopy(hmacs, new_key->key + keylen,
sizeof(*hmacs) + hmacs_len);
}
- }
-#endif
- else {
+ } else {
/* failed to get memory for the key */
return (-34);
}
if (stcb->asoc.authinfo.peer_random != NULL)
sctp_free_key(stcb->asoc.authinfo.peer_random);
stcb->asoc.authinfo.peer_random = new_key;
-#ifdef SCTP_AUTH_DRAFT_04
- /* don't include the chunks and hmacs for draft -04 */
- stcb->asoc.authinfo.peer_random->keylen = random_len;
-#endif
sctp_clear_cachedkeys(stcb, stcb->asoc.authinfo.assoc_keyid);
sctp_clear_cachedkeys(stcb, stcb->asoc.authinfo.recv_keyid);
diff --git a/sys/netinet/sctp_uio.h b/sys/netinet/sctp_uio.h
index 2f16b94..3b34941 100644
--- a/sys/netinet/sctp_uio.h
+++ b/sys/netinet/sctp_uio.h
@@ -526,7 +526,6 @@ struct sctp_hmacalgo {
/* AUTH hmac_id */
#define SCTP_AUTH_HMAC_ID_RSVD 0x0000
#define SCTP_AUTH_HMAC_ID_SHA1 0x0001 /* default, mandatory */
-#define SCTP_AUTH_HMAC_ID_MD5 0x0002 /* deprecated */
#define SCTP_AUTH_HMAC_ID_SHA256 0x0003
#define SCTP_AUTH_HMAC_ID_SHA224 0x0004
#define SCTP_AUTH_HMAC_ID_SHA384 0x0005
OpenPOWER on IntegriCloud