2 * Copyright (c) 2001-2006, Cisco Systems, Inc. All rights reserved.
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are met:
7 * a) Redistributions of source code must retain the above copyright notice,
8 * this list of conditions and the following disclaimer.
10 * b) Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in
12 * the documentation and/or other materials provided with the distribution.
14 * c) Neither the name of Cisco Systems, Inc. nor the names of its
15 * contributors may be used to endorse or promote products derived
16 * from this software without specific prior written permission.
18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
20 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
22 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
23 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
26 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
28 * THE POSSIBILITY OF SUCH DAMAGE.
31 #include <sys/cdefs.h>
32 __FBSDID("$FreeBSD$");
35 #include <sys/param.h>
36 #include <sys/systm.h>
37 #include <sys/malloc.h>
39 #include <sys/domain.h>
40 #include <sys/protosw.h>
41 #include <sys/socket.h>
42 #include <sys/socketvar.h>
44 #include <sys/kernel.h>
45 #include <sys/sysctl.h>
48 #include <net/if_types.h>
49 #include <net/route.h>
50 #include <netinet/in.h>
51 #include <netinet/in_systm.h>
52 #include <netinet/ip.h>
53 #include <netinet/in_pcb.h>
54 #include <netinet/in_var.h>
55 #include <netinet/ip_var.h>
57 #include <netinet/sctp_os.h>
58 #include <netinet/sctp.h>
59 #include <netinet/sctp_header.h>
60 #include <netinet/sctp_pcb.h>
61 #include <netinet/sctp_var.h>
62 #include <netinet/sctputil.h>
63 #include <netinet/sctp_indata.h>
64 #include <netinet/sctp_output.h>
65 #include <netinet/sctp_auth.h>
68 extern uint32_t sctp_debug_on;
70 #define SCTP_AUTH_DEBUG (sctp_debug_on & SCTP_DEBUG_AUTH1)
71 #define SCTP_AUTH_DEBUG2 (sctp_debug_on & SCTP_DEBUG_AUTH2)
72 #endif /* SCTP_DEBUG */
76 sctp_clear_chunklist(sctp_auth_chklist_t * chklist)
78 bzero(chklist, sizeof(*chklist));
79 /* chklist->num_chunks = 0; */
83 sctp_alloc_chunklist(void)
85 sctp_auth_chklist_t *chklist;
87 SCTP_MALLOC(chklist, sctp_auth_chklist_t *, sizeof(*chklist),
89 if (chklist == NULL) {
91 if (sctp_debug_on & SCTP_AUTH_DEBUG) {
92 printf("sctp_alloc_chunklist: failed to get memory!\n");
94 #endif /* SCTP_DEBUG */
96 sctp_clear_chunklist(chklist);
102 sctp_free_chunklist(sctp_auth_chklist_t * list)
108 sctp_auth_chklist_t *
109 sctp_copy_chunklist(sctp_auth_chklist_t * list)
111 sctp_auth_chklist_t *new_list;
117 new_list = sctp_alloc_chunklist();
118 if (new_list == NULL)
121 bcopy(list, new_list, sizeof(*new_list));
128 * add a chunk to the required chunks list
131 sctp_auth_add_chunk(uint8_t chunk, sctp_auth_chklist_t * list)
136 /* is chunk restricted? */
137 if ((chunk == SCTP_INITIATION) ||
138 (chunk == SCTP_INITIATION_ACK) ||
139 (chunk == SCTP_SHUTDOWN_COMPLETE) ||
140 (chunk == SCTP_AUTHENTICATION)) {
143 if (list->chunks[chunk] == 0) {
144 list->chunks[chunk] = 1;
148 printf("SCTP: added chunk %u (0x%02x) to Auth list\n",
156 * delete a chunk from the required chunks list
159 sctp_auth_delete_chunk(uint8_t chunk, sctp_auth_chklist_t * list)
164 /* is chunk restricted? */
165 if ((chunk == SCTP_ASCONF) ||
166 (chunk == SCTP_ASCONF_ACK)) {
169 if (list->chunks[chunk] == 1) {
170 list->chunks[chunk] = 0;
174 printf("SCTP: deleted chunk %u (0x%02x) from Auth list\n",
182 sctp_auth_get_chklist_size(const sctp_auth_chklist_t * list)
187 return (list->num_chunks);
191 * set the default list of chunks requiring AUTH
194 sctp_auth_set_default_chunks(sctp_auth_chklist_t * list)
196 sctp_auth_add_chunk(SCTP_ASCONF, list);
197 sctp_auth_add_chunk(SCTP_ASCONF_ACK, list);
201 * return the current number and list of required chunks caller must
202 * guarantee ptr has space for up to 256 bytes
205 sctp_serialize_auth_chunks(const sctp_auth_chklist_t * list, uint8_t * ptr)
212 for (i = 0; i < 256; i++) {
213 if (list->chunks[i] != 0) {
222 sctp_pack_auth_chunks(const sctp_auth_chklist_t * list, uint8_t * ptr)
229 if (list->num_chunks <= 32) {
230 /* just list them, one byte each */
231 for (i = 0; i < 256; i++) {
232 if (list->chunks[i] != 0) {
240 /* pack into a 32 byte bitfield */
241 for (i = 0; i < 256; i++) {
242 if (list->chunks[i] != 0) {
245 ptr[index] |= (1 << offset);
254 sctp_unpack_auth_chunks(const uint8_t * ptr, uint8_t num_chunks,
255 sctp_auth_chklist_t * list)
263 if (num_chunks <= 32) {
264 /* just pull them, one byte each */
265 for (i = 0; i < num_chunks; i++) {
266 sctp_auth_add_chunk(*ptr++, list);
272 /* unpack from a 32 byte bitfield */
273 for (index = 0; index < 32; index++) {
274 for (offset = 0; offset < 8; offset++) {
275 if (ptr[index] & (1 << offset)) {
276 sctp_auth_add_chunk((index * 8) + offset, list);
287 * allocate structure space for a key of length keylen
290 sctp_alloc_key(uint32_t keylen)
294 SCTP_MALLOC(new_key, sctp_key_t *, sizeof(*new_key) + keylen,
296 if (new_key == NULL) {
300 new_key->keylen = keylen;
305 sctp_free_key(sctp_key_t * key)
312 sctp_print_key(sctp_key_t * key, const char *str)
317 printf("%s: [Null key]\n", str);
320 printf("%s: len %u, ", str, key->keylen);
322 for (i = 0; i < key->keylen; i++)
323 printf("%02x", key->key[i]);
326 printf("[Null key]\n");
331 sctp_show_key(sctp_key_t * key, const char *str)
336 printf("%s: [Null key]\n", str);
339 printf("%s: len %u, ", str, key->keylen);
341 for (i = 0; i < key->keylen; i++)
342 printf("%02x", key->key[i]);
345 printf("[Null key]\n");
349 static inline uint32_t
350 sctp_get_keylen(sctp_key_t * key)
353 return (key->keylen);
359 * generate a new random key of length 'keylen'
362 sctp_generate_random_key(uint32_t keylen)
366 /* validate keylen */
367 if (keylen > SCTP_AUTH_RANDOM_SIZE_MAX)
368 keylen = SCTP_AUTH_RANDOM_SIZE_MAX;
370 new_key = sctp_alloc_key(keylen);
371 if (new_key == NULL) {
375 sctp_read_random(new_key->key, keylen);
376 new_key->keylen = keylen;
381 sctp_set_key(uint8_t * key, uint32_t keylen)
385 new_key = sctp_alloc_key(keylen);
386 if (new_key == NULL) {
390 bcopy(key, new_key->key, keylen);
395 * given two keys of variable size, compute which key is "larger/smaller"
396 * returns: 1 if key1 > key2 -1 if key1 < key2 0 if key1 = key2
399 sctp_compare_key(sctp_key_t * key1, sctp_key_t * key2)
403 uint32_t key1len, key2len;
404 uint8_t *key_1, *key_2;
405 uint8_t temp[SCTP_AUTH_RANDOM_SIZE_MAX];
407 /* sanity/length check */
408 key1len = sctp_get_keylen(key1);
409 key2len = sctp_get_keylen(key2);
410 if ((key1len == 0) && (key2len == 0))
412 else if (key1len == 0)
414 else if (key2len == 0)
417 if (key1len != key2len) {
418 if (key1len >= key2len)
423 if (key1len < maxlen) {
424 /* prepend zeroes to key1 */
425 bcopy(key1->key, temp + (maxlen - key1len), key1len);
429 /* prepend zeroes to key2 */
430 bcopy(key2->key, temp + (maxlen - key2len), key2len);
440 for (i = 0; i < maxlen; i++) {
443 else if (*key_1 < *key_2)
449 /* keys are equal value, so check lengths */
450 if (key1len == key2len)
452 else if (key1len < key2len)
459 * generate the concatenated keying material based on the two keys and the
460 * shared key (if available). draft-ietf-tsvwg-auth specifies the specific
461 * order for concatenation
464 sctp_compute_hashkey(sctp_key_t * key1, sctp_key_t * key2, sctp_key_t * shared)
470 keylen = sctp_get_keylen(key1) + sctp_get_keylen(key2) +
471 sctp_get_keylen(shared);
474 /* get space for the new key */
475 new_key = sctp_alloc_key(keylen);
476 if (new_key == NULL) {
480 new_key->keylen = keylen;
481 key_ptr = new_key->key;
483 /* all keys empty/null?! */
487 /* concatenate the keys */
488 if (sctp_compare_key(key1, key2) <= 0) {
489 /* key is key1 + shared + key2 */
490 if (sctp_get_keylen(key1)) {
491 bcopy(key1->key, key_ptr, key1->keylen);
492 key_ptr += key1->keylen;
494 if (sctp_get_keylen(shared)) {
495 bcopy(shared->key, key_ptr, shared->keylen);
496 key_ptr += shared->keylen;
498 if (sctp_get_keylen(key2)) {
499 bcopy(key2->key, key_ptr, key2->keylen);
500 key_ptr += key2->keylen;
503 /* key is key2 + shared + key1 */
504 if (sctp_get_keylen(key2)) {
505 bcopy(key2->key, key_ptr, key2->keylen);
506 key_ptr += key2->keylen;
508 if (sctp_get_keylen(shared)) {
509 bcopy(shared->key, key_ptr, shared->keylen);
510 key_ptr += shared->keylen;
512 if (sctp_get_keylen(key1)) {
513 bcopy(key1->key, key_ptr, key1->keylen);
514 key_ptr += key1->keylen;
522 sctp_alloc_sharedkey(void)
524 sctp_sharedkey_t *new_key;
526 SCTP_MALLOC(new_key, sctp_sharedkey_t *, sizeof(*new_key),
528 if (new_key == NULL) {
538 sctp_free_sharedkey(sctp_sharedkey_t * skey)
541 if (skey->key != NULL)
542 sctp_free_key(skey->key);
548 sctp_find_sharedkey(struct sctp_keyhead *shared_keys, uint16_t key_id)
550 sctp_sharedkey_t *skey;
552 LIST_FOREACH(skey, shared_keys, next) {
553 if (skey->keyid == key_id)
560 sctp_insert_sharedkey(struct sctp_keyhead *shared_keys,
561 sctp_sharedkey_t * new_skey)
563 sctp_sharedkey_t *skey;
565 if ((shared_keys == NULL) || (new_skey == NULL))
568 /* insert into an empty list? */
569 if (LIST_EMPTY(shared_keys)) {
570 LIST_INSERT_HEAD(shared_keys, new_skey, next);
573 /* insert into the existing list, ordered by key id */
574 LIST_FOREACH(skey, shared_keys, next) {
575 if (new_skey->keyid < skey->keyid) {
576 /* insert it before here */
577 LIST_INSERT_BEFORE(skey, new_skey, next);
579 } else if (new_skey->keyid == skey->keyid) {
580 /* replace the existing key */
583 printf("replacing shared key id %u\n", new_skey->keyid);
585 LIST_INSERT_BEFORE(skey, new_skey, next);
586 LIST_REMOVE(skey, next);
587 sctp_free_sharedkey(skey);
590 if (LIST_NEXT(skey, next) == NULL) {
591 /* belongs at the end of the list */
592 LIST_INSERT_AFTER(skey, new_skey, next);
598 static sctp_sharedkey_t *
599 sctp_copy_sharedkey(const sctp_sharedkey_t * skey)
601 sctp_sharedkey_t *new_skey;
605 new_skey = sctp_alloc_sharedkey();
606 if (new_skey == NULL)
608 if (skey->key != NULL)
609 new_skey->key = sctp_set_key(skey->key->key, skey->key->keylen);
611 new_skey->key = NULL;
612 new_skey->keyid = skey->keyid;
617 sctp_copy_skeylist(const struct sctp_keyhead *src, struct sctp_keyhead *dest)
619 sctp_sharedkey_t *skey, *new_skey;
622 if ((src == NULL) || (dest == NULL))
624 LIST_FOREACH(skey, src, next) {
625 new_skey = sctp_copy_sharedkey(skey);
626 if (new_skey != NULL) {
627 sctp_insert_sharedkey(dest, new_skey);
636 sctp_alloc_hmaclist(uint8_t num_hmacs)
638 sctp_hmaclist_t *new_list;
641 alloc_size = sizeof(*new_list) + num_hmacs * sizeof(new_list->hmac[0]);
642 SCTP_MALLOC(new_list, sctp_hmaclist_t *, alloc_size,
644 if (new_list == NULL) {
648 new_list->max_algo = num_hmacs;
649 new_list->num_algo = 0;
654 sctp_free_hmaclist(sctp_hmaclist_t * list)
663 sctp_auth_add_hmacid(sctp_hmaclist_t * list, uint16_t hmac_id)
667 if (list->num_algo == list->max_algo) {
670 printf("SCTP: HMAC id list full, ignoring add %u\n", hmac_id);
674 if ((hmac_id != SCTP_AUTH_HMAC_ID_SHA1) &&
676 (hmac_id != SCTP_AUTH_HMAC_ID_SHA224) &&
679 (hmac_id != SCTP_AUTH_HMAC_ID_SHA256) &&
680 (hmac_id != SCTP_AUTH_HMAC_ID_SHA384) &&
681 (hmac_id != SCTP_AUTH_HMAC_ID_SHA512) &&
683 (hmac_id != SCTP_AUTH_HMAC_ID_MD5)) {
688 printf("SCTP: add HMAC id %u to list\n", hmac_id);
690 list->hmac[list->num_algo++] = hmac_id;
695 sctp_copy_hmaclist(sctp_hmaclist_t * list)
697 sctp_hmaclist_t *new_list;
703 new_list = sctp_alloc_hmaclist(list->max_algo);
704 if (new_list == NULL)
707 new_list->max_algo = list->max_algo;
708 new_list->num_algo = list->num_algo;
709 for (i = 0; i < list->num_algo; i++)
710 new_list->hmac[i] = list->hmac[i];
715 sctp_default_supported_hmaclist(void)
717 sctp_hmaclist_t *new_list;
719 new_list = sctp_alloc_hmaclist(2);
720 if (new_list == NULL)
722 sctp_auth_add_hmacid(new_list, SCTP_AUTH_HMAC_ID_SHA1);
723 sctp_auth_add_hmacid(new_list, SCTP_AUTH_HMAC_ID_SHA256);
728 * HMAC algos are listed in priority/preference order find the best HMAC id
729 * to use for the peer based on local support
732 sctp_negotiate_hmacid(sctp_hmaclist_t * peer, sctp_hmaclist_t * local)
736 if ((local == NULL) || (peer == NULL))
737 return (SCTP_AUTH_HMAC_ID_RSVD);
739 for (i = 0; i < peer->num_algo; i++) {
740 for (j = 0; j < local->num_algo; j++) {
741 if (peer->hmac[i] == local->hmac[j]) {
742 #ifndef SCTP_AUTH_DRAFT_04
743 /* "skip" MD5 as it's been deprecated */
744 if (peer->hmac[i] == SCTP_AUTH_HMAC_ID_MD5)
748 /* found the "best" one */
751 printf("SCTP: negotiated peer HMAC id %u\n", peer->hmac[i]);
753 return (peer->hmac[i]);
757 /* didn't find one! */
758 return (SCTP_AUTH_HMAC_ID_RSVD);
762 * serialize the HMAC algo list and return space used caller must guarantee
763 * ptr has appropriate space
766 sctp_serialize_hmaclist(sctp_hmaclist_t * list, uint8_t * ptr)
774 for (i = 0; i < list->num_algo; i++) {
775 hmac_id = htons(list->hmac[i]);
776 bcopy(&hmac_id, ptr, sizeof(hmac_id));
777 ptr += sizeof(hmac_id);
779 return (list->num_algo * sizeof(hmac_id));
783 sctp_verify_hmac_param(struct sctp_auth_hmac_algo *hmacs, uint32_t num_hmacs)
787 uint32_t sha1_supported = 0;
789 for (i = 0; i < num_hmacs; i++) {
790 hmac_id = ntohs(hmacs->hmac_ids[i]);
791 if (hmac_id == SCTP_AUTH_HMAC_ID_SHA1)
794 /* all HMAC id's are supported */
795 if (sha1_supported == 0)
802 sctp_alloc_authinfo(void)
804 sctp_authinfo_t *new_authinfo;
806 SCTP_MALLOC(new_authinfo, sctp_authinfo_t *, sizeof(*new_authinfo),
808 if (new_authinfo == NULL) {
812 bzero(&new_authinfo, sizeof(*new_authinfo));
813 return (new_authinfo);
817 sctp_free_authinfo(sctp_authinfo_t * authinfo)
819 if (authinfo == NULL)
822 if (authinfo->random != NULL)
823 sctp_free_key(authinfo->random);
824 if (authinfo->peer_random != NULL)
825 sctp_free_key(authinfo->peer_random);
826 if (authinfo->assoc_key != NULL)
827 sctp_free_key(authinfo->assoc_key);
828 if (authinfo->recv_key != NULL)
829 sctp_free_key(authinfo->recv_key);
831 /* We are NOT dynamically allocating authinfo's right now... */
832 /* SCTP_FREE(authinfo); */
837 sctp_get_auth_chunk_len(uint16_t hmac_algo)
841 size = sizeof(struct sctp_auth_chunk) + sctp_get_hmac_digest_len(hmac_algo);
842 return (SCTP_SIZE32(size));
846 sctp_get_hmac_digest_len(uint16_t hmac_algo)
849 case SCTP_AUTH_HMAC_ID_SHA1:
850 return (SCTP_AUTH_DIGEST_LEN_SHA1);
851 case SCTP_AUTH_HMAC_ID_MD5:
852 return (SCTP_AUTH_DIGEST_LEN_MD5);
854 case SCTP_AUTH_HMAC_ID_SHA224:
855 return (SCTP_AUTH_DIGEST_LEN_SHA224);
858 case SCTP_AUTH_HMAC_ID_SHA256:
859 return (SCTP_AUTH_DIGEST_LEN_SHA256);
860 case SCTP_AUTH_HMAC_ID_SHA384:
861 return (SCTP_AUTH_DIGEST_LEN_SHA384);
862 case SCTP_AUTH_HMAC_ID_SHA512:
863 return (SCTP_AUTH_DIGEST_LEN_SHA512);
866 /* unknown HMAC algorithm: can't do anything */
872 sctp_get_hmac_block_len(uint16_t hmac_algo)
875 case SCTP_AUTH_HMAC_ID_SHA1:
876 case SCTP_AUTH_HMAC_ID_MD5:
878 case SCTP_AUTH_HMAC_ID_SHA224:
882 case SCTP_AUTH_HMAC_ID_SHA256:
884 case SCTP_AUTH_HMAC_ID_SHA384:
885 case SCTP_AUTH_HMAC_ID_SHA512:
888 case SCTP_AUTH_HMAC_ID_RSVD:
890 /* unknown HMAC algorithm: can't do anything */
896 sctp_hmac_init(uint16_t hmac_algo, sctp_hash_context_t * ctx)
899 case SCTP_AUTH_HMAC_ID_SHA1:
900 SHA1_Init(&ctx->sha1);
902 case SCTP_AUTH_HMAC_ID_MD5:
906 case SCTP_AUTH_HMAC_ID_SHA224:
910 case SCTP_AUTH_HMAC_ID_SHA256:
911 SHA256_Init(&ctx->sha256);
913 case SCTP_AUTH_HMAC_ID_SHA384:
914 SHA384_Init(&ctx->sha384);
916 case SCTP_AUTH_HMAC_ID_SHA512:
917 SHA512_Init(&ctx->sha512);
920 case SCTP_AUTH_HMAC_ID_RSVD:
922 /* unknown HMAC algorithm: can't do anything */
928 sctp_hmac_update(uint16_t hmac_algo, sctp_hash_context_t * ctx,
929 const uint8_t * text, uint32_t textlen)
932 case SCTP_AUTH_HMAC_ID_SHA1:
933 SHA1_Update(&ctx->sha1, text, textlen);
935 case SCTP_AUTH_HMAC_ID_MD5:
936 MD5_Update(&ctx->md5, text, textlen);
939 case SCTP_AUTH_HMAC_ID_SHA224:
943 case SCTP_AUTH_HMAC_ID_SHA256:
944 SHA256_Update(&ctx->sha256, text, textlen);
946 case SCTP_AUTH_HMAC_ID_SHA384:
947 SHA384_Update(&ctx->sha384, text, textlen);
949 case SCTP_AUTH_HMAC_ID_SHA512:
950 SHA512_Update(&ctx->sha512, text, textlen);
953 case SCTP_AUTH_HMAC_ID_RSVD:
955 /* unknown HMAC algorithm: can't do anything */
961 sctp_hmac_final(uint16_t hmac_algo, sctp_hash_context_t * ctx,
965 case SCTP_AUTH_HMAC_ID_SHA1:
966 SHA1_Final(digest, &ctx->sha1);
968 case SCTP_AUTH_HMAC_ID_MD5:
969 MD5_Final(digest, &ctx->md5);
972 case SCTP_AUTH_HMAC_ID_SHA224:
976 case SCTP_AUTH_HMAC_ID_SHA256:
977 SHA256_Final(digest, &ctx->sha256);
979 case SCTP_AUTH_HMAC_ID_SHA384:
980 /* SHA384 is truncated SHA512 */
981 SHA384_Final(digest, &ctx->sha384);
983 case SCTP_AUTH_HMAC_ID_SHA512:
984 SHA512_Final(digest, &ctx->sha512);
987 case SCTP_AUTH_HMAC_ID_RSVD:
989 /* unknown HMAC algorithm: can't do anything */
995 * Keyed-Hashing for Message Authentication: FIPS 198 (RFC 2104)
997 * Compute the HMAC digest using the desired hash key, text, and HMAC
998 * algorithm. Resulting digest is placed in 'digest' and digest length
999 * is returned, if the HMAC was performed.
1001 * WARNING: it is up to the caller to supply sufficient space to hold the
1005 sctp_hmac(uint16_t hmac_algo, uint8_t * key, uint32_t keylen,
1006 const uint8_t * text, uint32_t textlen, uint8_t * digest)
1010 sctp_hash_context_t ctx;
1011 uint8_t ipad[128], opad[128]; /* keyed hash inner/outer pads */
1012 uint8_t temp[SCTP_AUTH_DIGEST_LEN_MAX];
1015 /* sanity check the material and length */
1016 if ((key == NULL) || (keylen == 0) || (text == NULL) ||
1017 (textlen == 0) || (digest == NULL)) {
1018 /* can't do HMAC with empty key or text or digest store */
1021 /* validate the hmac algo and get the digest length */
1022 digestlen = sctp_get_hmac_digest_len(hmac_algo);
1026 /* hash the key if it is longer than the hash block size */
1027 blocklen = sctp_get_hmac_block_len(hmac_algo);
1028 if (keylen > blocklen) {
1029 sctp_hmac_init(hmac_algo, &ctx);
1030 sctp_hmac_update(hmac_algo, &ctx, key, keylen);
1031 sctp_hmac_final(hmac_algo, &ctx, temp);
1032 /* set the hashed key as the key */
1036 /* initialize the inner/outer pads with the key and "append" zeroes */
1037 bzero(ipad, blocklen);
1038 bzero(opad, blocklen);
1039 bcopy(key, ipad, keylen);
1040 bcopy(key, opad, keylen);
1042 /* XOR the key with ipad and opad values */
1043 for (i = 0; i < blocklen; i++) {
1048 /* perform inner hash */
1049 sctp_hmac_init(hmac_algo, &ctx);
1050 sctp_hmac_update(hmac_algo, &ctx, ipad, blocklen);
1051 sctp_hmac_update(hmac_algo, &ctx, text, textlen);
1052 sctp_hmac_final(hmac_algo, &ctx, temp);
1054 /* perform outer hash */
1055 sctp_hmac_init(hmac_algo, &ctx);
1056 sctp_hmac_update(hmac_algo, &ctx, opad, blocklen);
1057 sctp_hmac_update(hmac_algo, &ctx, temp, digestlen);
1058 sctp_hmac_final(hmac_algo, &ctx, digest);
1065 sctp_hmac_m(uint16_t hmac_algo, uint8_t * key, uint32_t keylen,
1066 struct mbuf *m, uint32_t m_offset, uint8_t * digest)
1070 sctp_hash_context_t ctx;
1071 uint8_t ipad[128], opad[128]; /* keyed hash inner/outer pads */
1072 uint8_t temp[SCTP_AUTH_DIGEST_LEN_MAX];
1076 /* sanity check the material and length */
1077 if ((key == NULL) || (keylen == 0) || (m == NULL) || (digest == NULL)) {
1078 /* can't do HMAC with empty key or text or digest store */
1081 /* validate the hmac algo and get the digest length */
1082 digestlen = sctp_get_hmac_digest_len(hmac_algo);
1086 /* hash the key if it is longer than the hash block size */
1087 blocklen = sctp_get_hmac_block_len(hmac_algo);
1088 if (keylen > blocklen) {
1089 sctp_hmac_init(hmac_algo, &ctx);
1090 sctp_hmac_update(hmac_algo, &ctx, key, keylen);
1091 sctp_hmac_final(hmac_algo, &ctx, temp);
1092 /* set the hashed key as the key */
1096 /* initialize the inner/outer pads with the key and "append" zeroes */
1097 bzero(ipad, blocklen);
1098 bzero(opad, blocklen);
1099 bcopy(key, ipad, keylen);
1100 bcopy(key, opad, keylen);
1102 /* XOR the key with ipad and opad values */
1103 for (i = 0; i < blocklen; i++) {
1108 /* perform inner hash */
1109 sctp_hmac_init(hmac_algo, &ctx);
1110 sctp_hmac_update(hmac_algo, &ctx, ipad, blocklen);
1111 /* find the correct starting mbuf and offset (get start of text) */
1113 while ((m_tmp != NULL) && (m_offset >= (uint32_t) m_tmp->m_len)) {
1114 m_offset -= m_tmp->m_len;
1115 m_tmp = m_tmp->m_next;
1117 /* now use the rest of the mbuf chain for the text */
1118 while (m_tmp != NULL) {
1119 sctp_hmac_update(hmac_algo, &ctx, mtod(m_tmp, uint8_t *) + m_offset,
1120 m_tmp->m_len - m_offset);
1121 /* clear the offset since it's only for the first mbuf */
1123 m_tmp = m_tmp->m_next;
1125 sctp_hmac_final(hmac_algo, &ctx, temp);
1127 /* perform outer hash */
1128 sctp_hmac_init(hmac_algo, &ctx);
1129 sctp_hmac_update(hmac_algo, &ctx, opad, blocklen);
1130 sctp_hmac_update(hmac_algo, &ctx, temp, digestlen);
1131 sctp_hmac_final(hmac_algo, &ctx, digest);
1137 * verify the HMAC digest using the desired hash key, text, and HMAC
1138 * algorithm. Returns -1 on error, 0 on success.
1141 sctp_verify_hmac(uint16_t hmac_algo, uint8_t * key, uint32_t keylen,
1142 const uint8_t * text, uint32_t textlen,
1143 uint8_t * digest, uint32_t digestlen)
1146 uint8_t temp[SCTP_AUTH_DIGEST_LEN_MAX];
1148 /* sanity check the material and length */
1149 if ((key == NULL) || (keylen == 0) ||
1150 (text == NULL) || (textlen == 0) || (digest == NULL)) {
1151 /* can't do HMAC with empty key or text or digest */
1154 len = sctp_get_hmac_digest_len(hmac_algo);
1155 if ((len == 0) || (digestlen != len))
1158 /* compute the expected hash */
1159 if (sctp_hmac(hmac_algo, key, keylen, text, textlen, temp) != len)
1162 if (memcmp(digest, temp, digestlen) != 0)
1170 * computes the requested HMAC using a key struct (which may be modified if
1171 * the keylen exceeds the HMAC block len).
1174 sctp_compute_hmac(uint16_t hmac_algo, sctp_key_t * key, const uint8_t * text,
1175 uint32_t textlen, uint8_t * digest)
1179 sctp_hash_context_t ctx;
1180 uint8_t temp[SCTP_AUTH_DIGEST_LEN_MAX];
1183 if ((key == NULL) || (text == NULL) || (textlen == 0) ||
1185 /* can't do HMAC with empty key or text or digest store */
1188 /* validate the hmac algo and get the digest length */
1189 digestlen = sctp_get_hmac_digest_len(hmac_algo);
1193 /* hash the key if it is longer than the hash block size */
1194 blocklen = sctp_get_hmac_block_len(hmac_algo);
1195 if (key->keylen > blocklen) {
1196 sctp_hmac_init(hmac_algo, &ctx);
1197 sctp_hmac_update(hmac_algo, &ctx, key->key, key->keylen);
1198 sctp_hmac_final(hmac_algo, &ctx, temp);
1199 /* save the hashed key as the new key */
1200 key->keylen = digestlen;
1201 bcopy(temp, key->key, key->keylen);
1203 return (sctp_hmac(hmac_algo, key->key, key->keylen, text, textlen,
1209 sctp_compute_hmac_m(uint16_t hmac_algo, sctp_key_t * key, struct mbuf *m,
1210 uint32_t m_offset, uint8_t * digest)
1214 sctp_hash_context_t ctx;
1215 uint8_t temp[SCTP_AUTH_DIGEST_LEN_MAX];
1218 if ((key == NULL) || (m == NULL) || (digest == NULL)) {
1219 /* can't do HMAC with empty key or text or digest store */
1222 /* validate the hmac algo and get the digest length */
1223 digestlen = sctp_get_hmac_digest_len(hmac_algo);
1227 /* hash the key if it is longer than the hash block size */
1228 blocklen = sctp_get_hmac_block_len(hmac_algo);
1229 if (key->keylen > blocklen) {
1230 sctp_hmac_init(hmac_algo, &ctx);
1231 sctp_hmac_update(hmac_algo, &ctx, key->key, key->keylen);
1232 sctp_hmac_final(hmac_algo, &ctx, temp);
1233 /* save the hashed key as the new key */
1234 key->keylen = digestlen;
1235 bcopy(temp, key->key, key->keylen);
1237 return (sctp_hmac_m(hmac_algo, key->key, key->keylen, m, m_offset, digest));
1241 sctp_auth_is_supported_hmac(sctp_hmaclist_t * list, uint16_t id)
1245 if ((list == NULL) || (id == SCTP_AUTH_HMAC_ID_RSVD))
1248 for (i = 0; i < list->num_algo; i++)
1249 if (list->hmac[i] == id)
1252 /* not in the list */
1258 * clear any cached key(s) if they match the given key id on an association
1259 * the cached key(s) will be recomputed and re-cached at next use. ASSUMES
1260 * TCB_LOCK is already held
1263 sctp_clear_cachedkeys(struct sctp_tcb *stcb, uint16_t keyid)
1268 if (keyid == stcb->asoc.authinfo.assoc_keyid) {
1269 sctp_free_key(stcb->asoc.authinfo.assoc_key);
1270 stcb->asoc.authinfo.assoc_key = NULL;
1272 if (keyid == stcb->asoc.authinfo.recv_keyid) {
1273 sctp_free_key(stcb->asoc.authinfo.recv_key);
1274 stcb->asoc.authinfo.recv_key = NULL;
1279 * clear any cached key(s) if they match the given key id for all assocs on
1280 * an association ASSUMES INP_WLOCK is already held
1283 sctp_clear_cachedkeys_ep(struct sctp_inpcb *inp, uint16_t keyid)
1285 struct sctp_tcb *stcb;
1290 /* clear the cached keys on all assocs on this instance */
1291 LIST_FOREACH(stcb, &inp->sctp_asoc_list, sctp_tcblist) {
1292 SCTP_TCB_LOCK(stcb);
1293 sctp_clear_cachedkeys(stcb, keyid);
1294 SCTP_TCB_UNLOCK(stcb);
1299 * delete a shared key from an association ASSUMES TCB_LOCK is already held
1302 sctp_delete_sharedkey(struct sctp_tcb *stcb, uint16_t keyid)
1304 sctp_sharedkey_t *skey;
1309 /* is the keyid the assoc active sending key */
1310 if (keyid == stcb->asoc.authinfo.assoc_keyid)
1313 /* does the key exist? */
1314 skey = sctp_find_sharedkey(&stcb->asoc.shared_keys, keyid);
1319 LIST_REMOVE(skey, next);
1320 sctp_free_sharedkey(skey); /* frees skey->key as well */
1322 /* clear any cached keys */
1323 sctp_clear_cachedkeys(stcb, keyid);
1328 * deletes a shared key from the endpoint ASSUMES INP_WLOCK is already held
1331 sctp_delete_sharedkey_ep(struct sctp_inpcb *inp, uint16_t keyid)
1333 sctp_sharedkey_t *skey;
1334 struct sctp_tcb *stcb;
1339 /* is the keyid the active sending key on the endpoint or any assoc */
1340 if (keyid == inp->sctp_ep.default_keyid)
1342 LIST_FOREACH(stcb, &inp->sctp_asoc_list, sctp_tcblist) {
1343 SCTP_TCB_LOCK(stcb);
1344 if (keyid == stcb->asoc.authinfo.assoc_keyid) {
1345 SCTP_TCB_UNLOCK(stcb);
1348 SCTP_TCB_UNLOCK(stcb);
1351 /* does the key exist? */
1352 skey = sctp_find_sharedkey(&inp->sctp_ep.shared_keys, keyid);
1357 LIST_REMOVE(skey, next);
1358 sctp_free_sharedkey(skey); /* frees skey->key as well */
1360 /* clear any cached keys */
1361 sctp_clear_cachedkeys_ep(inp, keyid);
1366 * set the active key on an association ASSUME TCB_LOCK is already held
1369 sctp_auth_setactivekey(struct sctp_tcb *stcb, uint16_t keyid)
1371 sctp_sharedkey_t *skey = NULL;
1372 sctp_key_t *key = NULL;
1373 int using_ep_key = 0;
1375 /* find the key on the assoc */
1376 skey = sctp_find_sharedkey(&stcb->asoc.shared_keys, keyid);
1378 /* if not on the assoc, find the key on the endpoint */
1379 SCTP_INP_RLOCK(stcb->sctp_ep);
1380 skey = sctp_find_sharedkey(&stcb->sctp_ep->sctp_ep.shared_keys,
1385 /* that key doesn't exist */
1387 SCTP_INP_RUNLOCK(stcb->sctp_ep);
1390 /* get the shared key text */
1393 /* free any existing cached key */
1394 if (stcb->asoc.authinfo.assoc_key != NULL)
1395 sctp_free_key(stcb->asoc.authinfo.assoc_key);
1396 /* compute a new assoc key and cache it */
1397 stcb->asoc.authinfo.assoc_key =
1398 sctp_compute_hashkey(stcb->asoc.authinfo.random,
1399 stcb->asoc.authinfo.peer_random, key);
1400 stcb->asoc.authinfo.assoc_keyid = keyid;
1402 if (SCTP_AUTH_DEBUG)
1403 sctp_print_key(stcb->asoc.authinfo.assoc_key, "Assoc Key");
1407 SCTP_INP_RUNLOCK(stcb->sctp_ep);
1412 * set the active key on an endpoint ASSUMES INP_WLOCK is already held
1415 sctp_auth_setactivekey_ep(struct sctp_inpcb *inp, uint16_t keyid)
1417 sctp_sharedkey_t *skey;
1420 skey = sctp_find_sharedkey(&inp->sctp_ep.shared_keys, keyid);
1422 /* that key doesn't exist */
1425 inp->sctp_ep.default_keyid = keyid;
1430 * get local authentication parameters from cookie (from INIT-ACK)
1433 sctp_auth_get_cookie_params(struct sctp_tcb *stcb, struct mbuf *m,
1434 uint32_t offset, uint32_t length)
1436 struct sctp_paramhdr *phdr, tmp_param;
1437 uint16_t plen, ptype;
1439 struct sctp_auth_random *random = NULL;
1440 uint16_t random_len = 0;
1441 struct sctp_auth_hmac_algo *hmacs = NULL;
1442 uint16_t hmacs_len = 0;
1443 struct sctp_auth_chunk_list *chunks = NULL;
1444 uint16_t num_chunks = 0;
1445 sctp_key_t *new_key;
1448 /* convert to upper bound */
1451 phdr = (struct sctp_paramhdr *)sctp_m_getptr(m, offset,
1452 sizeof(struct sctp_paramhdr), (uint8_t *) & tmp_param);
1453 while (phdr != NULL) {
1454 ptype = ntohs(phdr->param_type);
1455 plen = ntohs(phdr->param_length);
1457 if ((plen == 0) || (offset + plen > length))
1460 if (ptype == SCTP_RANDOM) {
1461 if (plen > sizeof(store))
1463 phdr = sctp_get_next_param(m, offset,
1464 (struct sctp_paramhdr *)store, plen);
1467 /* save the random and length for the key */
1468 random = (struct sctp_auth_random *)phdr;
1469 random_len = plen - sizeof(*random);
1470 } else if (ptype == SCTP_HMAC_LIST) {
1474 if (plen > sizeof(store))
1476 phdr = sctp_get_next_param(m, offset,
1477 (struct sctp_paramhdr *)store, plen);
1480 /* save the hmacs list and num for the key */
1481 hmacs = (struct sctp_auth_hmac_algo *)phdr;
1482 hmacs_len = plen - sizeof(*hmacs);
1483 num_hmacs = hmacs_len / sizeof(hmacs->hmac_ids[0]);
1484 if (stcb->asoc.local_hmacs != NULL)
1485 sctp_free_hmaclist(stcb->asoc.local_hmacs);
1486 stcb->asoc.local_hmacs = sctp_alloc_hmaclist(num_hmacs);
1487 if (stcb->asoc.local_hmacs != NULL) {
1488 for (i = 0; i < num_hmacs; i++) {
1489 sctp_auth_add_hmacid(stcb->asoc.local_hmacs,
1490 ntohs(hmacs->hmac_ids[i]));
1493 } else if (ptype == SCTP_CHUNK_LIST) {
1496 if (plen > sizeof(store))
1498 phdr = sctp_get_next_param(m, offset,
1499 (struct sctp_paramhdr *)store, plen);
1502 chunks = (struct sctp_auth_chunk_list *)phdr;
1503 num_chunks = plen - sizeof(*chunks);
1504 /* save chunks list and num for the key */
1505 if (stcb->asoc.local_auth_chunks != NULL)
1506 sctp_clear_chunklist(stcb->asoc.local_auth_chunks);
1508 stcb->asoc.local_auth_chunks = sctp_alloc_chunklist();
1509 for (i = 0; i < num_chunks; i++) {
1510 sctp_auth_add_chunk(chunks->chunk_types[i],
1511 stcb->asoc.local_auth_chunks);
1514 /* get next parameter */
1515 offset += SCTP_SIZE32(plen);
1516 if (offset + sizeof(struct sctp_paramhdr) > length)
1518 phdr = (struct sctp_paramhdr *)sctp_m_getptr(m, offset, sizeof(struct sctp_paramhdr),
1519 (uint8_t *) & tmp_param);
1521 /* concatenate the full random key */
1522 keylen = random_len + num_chunks + hmacs_len;
1523 new_key = sctp_alloc_key(keylen);
1524 if (new_key != NULL) {
1525 /* copy in the RANDOM */
1527 bcopy(random->random_data, new_key->key, random_len);
1528 /* append in the AUTH chunks */
1530 bcopy(chunks->chunk_types, new_key->key + random_len,
1532 /* append in the HMACs */
1534 bcopy(hmacs->hmac_ids, new_key->key + random_len + num_chunks,
1537 if (stcb->asoc.authinfo.random != NULL)
1538 sctp_free_key(stcb->asoc.authinfo.random);
1539 stcb->asoc.authinfo.random = new_key;
1540 stcb->asoc.authinfo.random_len = random_len;
1541 #ifdef SCTP_AUTH_DRAFT_04
1542 /* don't include the chunks and hmacs for draft -04 */
1543 stcb->asoc.authinfo.random->keylen = random_len;
1545 sctp_clear_cachedkeys(stcb, stcb->asoc.authinfo.assoc_keyid);
1546 sctp_clear_cachedkeys(stcb, stcb->asoc.authinfo.recv_keyid);
1548 /* negotiate what HMAC to use for the peer */
1549 stcb->asoc.peer_hmac_id = sctp_negotiate_hmacid(stcb->asoc.peer_hmacs,
1550 stcb->asoc.local_hmacs);
1551 /* copy defaults from the endpoint */
1552 /* FIX ME: put in cookie? */
1553 stcb->asoc.authinfo.assoc_keyid = stcb->sctp_ep->sctp_ep.default_keyid;
1557 * compute and fill in the HMAC digest for a packet
1560 sctp_fill_hmac_digest_m(struct mbuf *m, uint32_t auth_offset,
1561 struct sctp_auth_chunk *auth, struct sctp_tcb *stcb)
1564 sctp_sharedkey_t *skey;
1567 if ((stcb == NULL) || (auth == NULL))
1570 /* zero the digest + chunk padding */
1571 digestlen = sctp_get_hmac_digest_len(stcb->asoc.peer_hmac_id);
1572 bzero(auth->hmac, SCTP_SIZE32(digestlen));
1573 /* is an assoc key cached? */
1574 if (stcb->asoc.authinfo.assoc_key == NULL) {
1575 skey = sctp_find_sharedkey(&stcb->asoc.shared_keys,
1576 stcb->asoc.authinfo.assoc_keyid);
1578 /* not in the assoc list, so check the endpoint list */
1579 skey = sctp_find_sharedkey(&stcb->sctp_ep->sctp_ep.shared_keys,
1580 stcb->asoc.authinfo.assoc_keyid);
1582 /* the only way skey is NULL is if null key id 0 is used */
1587 /* compute a new assoc key and cache it */
1588 stcb->asoc.authinfo.assoc_key =
1589 sctp_compute_hashkey(stcb->asoc.authinfo.random,
1590 stcb->asoc.authinfo.peer_random, key);
1592 if (SCTP_AUTH_DEBUG) {
1593 printf("caching key id %u\n",
1594 stcb->asoc.authinfo.assoc_keyid);
1595 sctp_print_key(stcb->asoc.authinfo.assoc_key, "Assoc Key");
1599 /* set in the active key id */
1600 auth->shared_key_id = htons(stcb->asoc.authinfo.assoc_keyid);
1602 /* compute and fill in the digest */
1603 (void)sctp_compute_hmac_m(stcb->asoc.peer_hmac_id,
1604 stcb->asoc.authinfo.assoc_key,
1605 m, auth_offset, auth->hmac);
1610 sctp_bzero_m(struct mbuf *m, uint32_t m_offset, uint32_t size)
1619 /* find the correct starting mbuf and offset (get start position) */
1621 while ((m_tmp != NULL) && (m_offset >= (uint32_t) m_tmp->m_len)) {
1622 m_offset -= m_tmp->m_len;
1623 m_tmp = m_tmp->m_next;
1625 /* now use the rest of the mbuf chain */
1626 while ((m_tmp != NULL) && (size > 0)) {
1627 data = mtod(m_tmp, uint8_t *) + m_offset;
1628 if (size > (uint32_t) m_tmp->m_len) {
1629 bzero(data, m_tmp->m_len);
1630 size -= m_tmp->m_len;
1635 /* clear the offset since it's only for the first mbuf */
1637 m_tmp = m_tmp->m_next;
1642 * process the incoming Authentication chunk return codes: -1 on any
1643 * authentication error 0 on authentication verification
1646 sctp_handle_auth(struct sctp_tcb *stcb, struct sctp_auth_chunk *auth,
1647 struct mbuf *m, uint32_t offset)
1650 uint16_t shared_key_id;
1652 sctp_sharedkey_t *skey;
1654 uint8_t digest[SCTP_AUTH_DIGEST_LEN_MAX];
1655 uint8_t computed_digest[SCTP_AUTH_DIGEST_LEN_MAX];
1657 /* auth is checked for NULL by caller */
1658 chunklen = ntohs(auth->ch.chunk_length);
1659 if (chunklen < sizeof(*auth)) {
1660 SCTP_STAT_INCR(sctps_recvauthfailed);
1663 SCTP_STAT_INCR(sctps_recvauth);
1665 /* get the auth params */
1666 shared_key_id = ntohs(auth->shared_key_id);
1667 hmac_id = ntohs(auth->hmac_id);
1669 if (SCTP_AUTH_DEBUG)
1670 printf("SCTP AUTH Chunk: shared key %u, HMAC id %u\n",
1671 shared_key_id, hmac_id);
1674 /* is the indicated HMAC supported? */
1675 if (!sctp_auth_is_supported_hmac(stcb->asoc.local_hmacs, hmac_id)) {
1677 struct sctp_auth_invalid_hmac *err;
1679 SCTP_STAT_INCR(sctps_recvivalhmacid);
1681 if (SCTP_AUTH_DEBUG)
1682 printf("SCTP Auth: unsupported HMAC id %u\n", hmac_id);
1685 * report this in an Error Chunk: Unsupported HMAC
1688 m_err = sctp_get_mbuf_for_msg(sizeof(*err), 1, M_DONTWAIT, 1, MT_HEADER);
1689 if (m_err != NULL) {
1690 /* pre-reserve some space */
1691 m_err->m_data += sizeof(struct sctp_chunkhdr);
1692 /* fill in the error */
1693 err = mtod(m_err, struct sctp_auth_invalid_hmac *);
1694 bzero(err, sizeof(*err));
1695 err->ph.param_type = htons(SCTP_CAUSE_UNSUPPORTED_HMACID);
1696 err->ph.param_length = htons(sizeof(*err));
1697 err->hmac_id = ntohs(hmac_id);
1698 m_err->m_pkthdr.len = m_err->m_len = sizeof(*err);
1700 sctp_queue_op_err(stcb, m_err);
1704 /* get the indicated shared key, if available */
1705 if ((stcb->asoc.authinfo.recv_key == NULL) ||
1706 (stcb->asoc.authinfo.recv_keyid != shared_key_id)) {
1707 /* find the shared key on the assoc first */
1708 skey = sctp_find_sharedkey(&stcb->asoc.shared_keys, shared_key_id);
1710 /* if not on the assoc, find it on the endpoint */
1711 skey = sctp_find_sharedkey(&stcb->sctp_ep->sctp_ep.shared_keys,
1714 /* if the shared key isn't found, discard the chunk */
1716 SCTP_STAT_INCR(sctps_recvivalkeyid);
1718 if (SCTP_AUTH_DEBUG)
1719 printf("SCTP Auth: unknown key id %u\n",
1724 /* generate a notification if this is a new key id */
1725 if (stcb->asoc.authinfo.recv_keyid != shared_key_id)
1727 * sctp_ulp_notify(SCTP_NOTIFY_AUTH_NEW_KEY, stcb,
1728 * shared_key_id, (void
1729 * *)stcb->asoc.authinfo.recv_keyid);
1731 sctp_notify_authentication(stcb, SCTP_AUTH_NEWKEY,
1732 shared_key_id, stcb->asoc.authinfo.recv_keyid);
1733 /* compute a new recv assoc key and cache it */
1734 if (stcb->asoc.authinfo.recv_key != NULL)
1735 sctp_free_key(stcb->asoc.authinfo.recv_key);
1736 stcb->asoc.authinfo.recv_key =
1737 sctp_compute_hashkey(stcb->asoc.authinfo.random,
1738 stcb->asoc.authinfo.peer_random, skey->key);
1739 stcb->asoc.authinfo.recv_keyid = shared_key_id;
1741 if (SCTP_AUTH_DEBUG)
1742 sctp_print_key(stcb->asoc.authinfo.recv_key, "Recv Key");
1745 /* validate the digest length */
1746 digestlen = sctp_get_hmac_digest_len(hmac_id);
1747 if (chunklen < (sizeof(*auth) + digestlen)) {
1748 /* invalid digest length */
1749 SCTP_STAT_INCR(sctps_recvauthfailed);
1751 if (SCTP_AUTH_DEBUG)
1752 printf("SCTP Auth: chunk too short for HMAC\n");
1756 /* save a copy of the digest, zero the pseudo header, and validate */
1757 bcopy(auth->hmac, digest, digestlen);
1758 sctp_bzero_m(m, offset + sizeof(*auth), SCTP_SIZE32(digestlen));
1759 (void)sctp_compute_hmac_m(hmac_id, stcb->asoc.authinfo.recv_key,
1760 m, offset, computed_digest);
1762 /* compare the computed digest with the one in the AUTH chunk */
1763 if (memcmp(digest, computed_digest, digestlen) != 0) {
1764 SCTP_STAT_INCR(sctps_recvauthfailed);
1766 if (SCTP_AUTH_DEBUG)
1767 printf("SCTP Auth: HMAC digest check failed\n");
1775 * Generate NOTIFICATION
1778 sctp_notify_authentication(struct sctp_tcb *stcb, uint32_t indication,
1779 uint16_t keyid, uint16_t alt_keyid)
1781 struct mbuf *m_notify;
1782 struct sctp_authkey_event *auth;
1783 struct sctp_queued_to_read *control;
1785 if (sctp_is_feature_off(stcb->sctp_ep, SCTP_PCB_FLAGS_AUTHEVNT))
1786 /* event not enabled */
1789 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_authkey_event),
1790 1, M_DONTWAIT, 1, MT_HEADER);
1791 if (m_notify == NULL)
1794 m_notify->m_len = 0;
1795 auth = mtod(m_notify, struct sctp_authkey_event *);
1796 auth->auth_type = SCTP_AUTHENTICATION_EVENT;
1797 auth->auth_flags = 0;
1798 auth->auth_length = sizeof(*auth);
1799 auth->auth_keynumber = keyid;
1800 auth->auth_altkeynumber = alt_keyid;
1801 auth->auth_indication = indication;
1802 auth->auth_assoc_id = sctp_get_associd(stcb);
1804 m_notify->m_flags |= M_EOR | M_NOTIFICATION;
1805 m_notify->m_pkthdr.len = sizeof(*auth);
1806 m_notify->m_pkthdr.rcvif = 0;
1807 m_notify->m_len = sizeof(*auth);
1808 m_notify->m_next = NULL;
1810 /* append to socket */
1811 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination,
1812 0, 0, 0, 0, 0, 0, m_notify);
1813 if (control == NULL) {
1815 sctp_m_freem(m_notify);
1818 control->length = m_notify->m_len;
1819 /* not that we need this */
1820 control->tail_mbuf = m_notify;
1821 sctp_add_to_readq(stcb->sctp_ep, stcb, control,
1822 &stcb->sctp_socket->so_rcv, 1);
1827 * validates the AUTHentication related parameters in an INIT/INIT-ACK
1828 * Note: currently only used for INIT as INIT-ACK is handled inline
1829 * with sctp_load_addresses_from_init()
1832 sctp_validate_init_auth_params(struct mbuf *m, int offset, int limit)
1834 struct sctp_paramhdr *phdr, parm_buf;
1835 uint16_t ptype, plen;
1836 int peer_supports_asconf = 0;
1837 int peer_supports_auth = 0;
1838 int got_random = 0, got_hmacs = 0;
1840 /* go through each of the params. */
1841 phdr = sctp_get_next_param(m, offset, &parm_buf, sizeof(parm_buf));
1843 ptype = ntohs(phdr->param_type);
1844 plen = ntohs(phdr->param_length);
1846 if (offset + plen > limit) {
1852 if (ptype == SCTP_SUPPORTED_CHUNK_EXT) {
1853 /* A supported extension chunk */
1854 struct sctp_supported_chunk_types_param *pr_supported;
1855 uint8_t local_store[128];
1858 phdr = sctp_get_next_param(m, offset,
1859 (struct sctp_paramhdr *)&local_store, plen);
1863 pr_supported = (struct sctp_supported_chunk_types_param *)phdr;
1864 num_ent = plen - sizeof(struct sctp_paramhdr);
1865 for (i = 0; i < num_ent; i++) {
1866 switch (pr_supported->chunk_types[i]) {
1868 case SCTP_ASCONF_ACK:
1869 peer_supports_asconf = 1;
1871 case SCTP_AUTHENTICATION:
1872 peer_supports_auth = 1;
1875 /* one we don't care about */
1879 } else if (ptype == SCTP_RANDOM) {
1881 /* enforce the random length */
1882 if (plen != (sizeof(struct sctp_auth_random) +
1883 SCTP_AUTH_RANDOM_SIZE_REQUIRED)) {
1885 if (sctp_debug_on & SCTP_DEBUG_AUTH1)
1886 printf("SCTP: invalid RANDOM len\n");
1890 } else if (ptype == SCTP_HMAC_LIST) {
1892 struct sctp_auth_hmac_algo *hmacs;
1895 if (plen > sizeof(store))
1897 phdr = sctp_get_next_param(m, offset,
1898 (struct sctp_paramhdr *)store, plen);
1901 hmacs = (struct sctp_auth_hmac_algo *)phdr;
1902 num_hmacs = (plen - sizeof(*hmacs)) /
1903 sizeof(hmacs->hmac_ids[0]);
1904 /* validate the hmac list */
1905 if (sctp_verify_hmac_param(hmacs, num_hmacs)) {
1907 if (sctp_debug_on & SCTP_DEBUG_AUTH1)
1908 printf("SCTP: invalid HMAC param\n");
1914 offset += SCTP_SIZE32(plen);
1915 if (offset >= limit) {
1918 phdr = sctp_get_next_param(m, offset, &parm_buf,
1921 /* validate authentication required parameters */
1922 if (got_random && got_hmacs) {
1923 peer_supports_auth = 1;
1925 peer_supports_auth = 0;
1927 if (!sctp_asconf_auth_nochk && peer_supports_asconf &&
1928 !peer_supports_auth) {
1930 if (sctp_debug_on & SCTP_DEBUG_AUTH1)
1931 printf("SCTP: peer supports ASCONF but not AUTH\n");
1939 sctp_initialize_auth_params(struct sctp_inpcb *inp, struct sctp_tcb *stcb)
1941 uint16_t chunks_len = 0;
1942 uint16_t hmacs_len = 0;
1943 uint16_t random_len = sctp_auth_random_len;
1944 sctp_key_t *new_key;
1947 /* initialize hmac list from endpoint */
1948 stcb->asoc.local_hmacs = sctp_copy_hmaclist(inp->sctp_ep.local_hmacs);
1949 if (stcb->asoc.local_hmacs != NULL) {
1950 hmacs_len = stcb->asoc.local_hmacs->num_algo *
1951 sizeof(stcb->asoc.local_hmacs->hmac[0]);
1953 /* initialize auth chunks list from endpoint */
1954 stcb->asoc.local_auth_chunks =
1955 sctp_copy_chunklist(inp->sctp_ep.local_auth_chunks);
1956 if (stcb->asoc.local_auth_chunks != NULL) {
1959 for (i = 0; i < 256; i++) {
1960 if (stcb->asoc.local_auth_chunks->chunks[i])
1964 /* copy defaults from the endpoint */
1965 stcb->asoc.authinfo.assoc_keyid = inp->sctp_ep.default_keyid;
1967 /* now set the concatenated key (random + chunks + hmacs) */
1968 keylen = random_len + chunks_len + hmacs_len;
1969 new_key = sctp_alloc_key(keylen);
1970 if (new_key != NULL) {
1971 /* generate and copy in the RANDOM */
1972 sctp_read_random(new_key->key, random_len);
1973 keylen = random_len;
1974 /* append in the AUTH chunks */
1975 if (stcb->asoc.local_auth_chunks) {
1978 for (i = 0; i < 256; i++) {
1979 if (stcb->asoc.local_auth_chunks->chunks[i])
1980 new_key->key[keylen++] = i;
1983 /* append in the HMACs */
1984 sctp_serialize_hmaclist(stcb->asoc.local_hmacs,
1985 new_key->key + keylen);
1987 if (stcb->asoc.authinfo.random != NULL)
1988 sctp_free_key(stcb->asoc.authinfo.random);
1989 stcb->asoc.authinfo.random = new_key;
1990 stcb->asoc.authinfo.random_len = random_len;
1991 #ifdef SCTP_AUTH_DRAFT_04
1992 /* don't include the chunks and hmacs for draft -04 */
1993 stcb->asoc.authinfo.random->keylen = random_len;
1998 #ifdef SCTP_HMAC_TEST
2000 * HMAC and key concatenation tests
2003 sctp_print_digest(uint8_t * digest, uint32_t digestlen, const char *str)
2007 printf("\n%s: 0x", str);
2011 for (i = 0; i < digestlen; i++)
2012 printf("%02x", digest[i]);
2016 sctp_test_hmac(const char *str, uint16_t hmac_id, uint8_t * key,
2017 uint32_t keylen, uint8_t * text, uint32_t textlen,
2018 uint8_t * digest, uint32_t digestlen)
2020 uint8_t computed_digest[SCTP_AUTH_DIGEST_LEN_MAX];
2022 printf("\n%s:", str);
2023 sctp_hmac(hmac_id, key, keylen, text, textlen, computed_digest);
2024 sctp_print_digest(digest, digestlen, "Expected digest");
2025 sctp_print_digest(computed_digest, digestlen, "Computed digest");
2026 if (memcmp(digest, computed_digest, digestlen) != 0) {
2037 * RFC 2202: HMAC-SHA1 test cases
2040 sctp_test_hmac_sha1(void)
2047 uint32_t digestlen = 20;
2051 * test_case = 1 key =
2052 * 0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b key_len = 20
2053 * data = "Hi There" data_len = 8 digest =
2054 * 0xb617318655057264e28bc0b6fb378c8ef146be00
2057 memset(key, 0x0b, keylen);
2059 strcpy(text, "Hi There");
2060 digest = "\xb6\x17\x31\x86\x55\x05\x72\x64\xe2\x8b\xc0\xb6\xfb\x37\x8c\x8e\xf1\x46\xbe\x00";
2061 if (sctp_test_hmac("SHA1 test case 1", SCTP_AUTH_HMAC_ID_SHA1, key, keylen,
2062 text, textlen, digest, digestlen) < 0)
2066 * test_case = 2 key = "Jefe" key_len = 4 data =
2067 * "what do ya want for nothing?" data_len = 28 digest =
2068 * 0xeffcdf6ae5eb2fa2d27416d5f184df9c259a7c79
2071 strcpy(key, "Jefe");
2073 strcpy(text, "what do ya want for nothing?");
2074 digest = "\xef\xfc\xdf\x6a\xe5\xeb\x2f\xa2\xd2\x74\x16\xd5\xf1\x84\xdf\x9c\x25\x9a\x7c\x79";
2075 if (sctp_test_hmac("SHA1 test case 2", SCTP_AUTH_HMAC_ID_SHA1, key, keylen,
2076 text, textlen, digest, digestlen) < 0)
2080 * test_case = 3 key =
2081 * 0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa key_len = 20
2082 * data = 0xdd repeated 50 times data_len = 50 digest
2083 * = 0x125d7342b9ac11cd91a39af48aa17b4f63f175d3
2086 memset(key, 0xaa, keylen);
2088 memset(text, 0xdd, textlen);
2089 digest = "\x12\x5d\x73\x42\xb9\xac\x11\xcd\x91\xa3\x9a\xf4\x8a\xa1\x7b\x4f\x63\xf1\x75\xd3";
2090 if (sctp_test_hmac("SHA1 test case 3", SCTP_AUTH_HMAC_ID_SHA1, key, keylen,
2091 text, textlen, digest, digestlen) < 0)
2095 * test_case = 4 key =
2096 * 0x0102030405060708090a0b0c0d0e0f10111213141516171819 key_len = 25
2097 * data = 0xcd repeated 50 times data_len = 50 digest
2098 * = 0x4c9007f4026250c6bc8414f9bf50c86c2d7235da
2101 memcpy(key, "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19", keylen);
2103 memset(text, 0xcd, textlen);
2104 digest = "\x4c\x90\x07\xf4\x02\x62\x50\xc6\xbc\x84\x14\xf9\xbf\x50\xc8\x6c\x2d\x72\x35\xda";
2105 if (sctp_test_hmac("SHA1 test case 4", SCTP_AUTH_HMAC_ID_SHA1, key, keylen,
2106 text, textlen, digest, digestlen) < 0)
2110 * test_case = 5 key =
2111 * 0x0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c key_len = 20
2112 * data = "Test With Truncation" data_len = 20 digest
2113 * = 0x4c1a03424b55e07fe7f27be1d58bb9324a9a5a04 digest-96 =
2114 * 0x4c1a03424b55e07fe7f27be1
2117 memset(key, 0x0c, keylen);
2119 strcpy(text, "Test With Truncation");
2120 digest = "\x4c\x1a\x03\x42\x4b\x55\xe0\x7f\xe7\xf2\x7b\xe1\xd5\x8b\xb9\x32\x4a\x9a\x5a\x04";
2121 if (sctp_test_hmac("SHA1 test case 5", SCTP_AUTH_HMAC_ID_SHA1, key, keylen,
2122 text, textlen, digest, digestlen) < 0)
2126 * test_case = 6 key = 0xaa repeated 80 times key_len
2127 * = 80 data = "Test Using Larger Than Block-Size Key -
2128 * Hash Key First" data_len = 54 digest =
2129 * 0xaa4ae5e15272d00e95705637ce8a3b55ed402112
2132 memset(key, 0xaa, keylen);
2134 strcpy(text, "Test Using Larger Than Block-Size Key - Hash Key First");
2135 digest = "\xaa\x4a\xe5\xe1\x52\x72\xd0\x0e\x95\x70\x56\x37\xce\x8a\x3b\x55\xed\x40\x21\x12";
2136 if (sctp_test_hmac("SHA1 test case 6", SCTP_AUTH_HMAC_ID_SHA1, key, keylen,
2137 text, textlen, digest, digestlen) < 0)
2141 * test_case = 7 key = 0xaa repeated 80 times key_len
2142 * = 80 data = "Test Using Larger Than Block-Size Key and
2143 * Larger Than One Block-Size Data" data_len = 73 digest =
2144 * 0xe8e99d0f45237d786d6bbaa7965c7808bbff1a91
2147 memset(key, 0xaa, keylen);
2149 strcpy(text, "Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data");
2150 digest = "\xe8\xe9\x9d\x0f\x45\x23\x7d\x78\x6d\x6b\xba\xa7\x96\x5c\x78\x08\xbb\xff\x1a\x91";
2151 if (sctp_test_hmac("SHA1 test case 7", SCTP_AUTH_HMAC_ID_SHA1, key, keylen,
2152 text, textlen, digest, digestlen) < 0)
2155 /* done with all tests */
2157 printf("\nSHA1 test results: %d cases failed", failed);
2159 printf("\nSHA1 test results: all test cases passed");
2163 * RFC 2202: HMAC-MD5 test cases
2166 sctp_test_hmac_md5(void)
2173 uint32_t digestlen = 16;
2177 * test_case = 1 key = 0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
2178 * key_len = 16 data = "Hi There" data_len = 8 digest =
2179 * 0x9294727a3638bb1c13f48ef8158bfc9d
2182 memset(key, 0x0b, keylen);
2184 strcpy(text, "Hi There");
2185 digest = "\x92\x94\x72\x7a\x36\x38\xbb\x1c\x13\xf4\x8e\xf8\x15\x8b\xfc\x9d";
2186 if (sctp_test_hmac("MD5 test case 1", SCTP_AUTH_HMAC_ID_MD5, key, keylen,
2187 text, textlen, digest, digestlen) < 0)
2191 * test_case = 2 key = "Jefe" key_len = 4 data =
2192 * "what do ya want for nothing?" data_len = 28 digest =
2193 * 0x750c783e6ab0b503eaa86e310a5db738
2196 strcpy(key, "Jefe");
2198 strcpy(text, "what do ya want for nothing?");
2199 digest = "\x75\x0c\x78\x3e\x6a\xb0\xb5\x03\xea\xa8\x6e\x31\x0a\x5d\xb7\x38";
2200 if (sctp_test_hmac("MD5 test case 2", SCTP_AUTH_HMAC_ID_MD5, key, keylen,
2201 text, textlen, digest, digestlen) < 0)
2205 * test_case = 3 key = 0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
2206 * key_len = 16 data = 0xdd repeated 50 times data_len = 50
2207 * digest = 0x56be34521d144c88dbb8c733f0e8b3f6
2210 memset(key, 0xaa, keylen);
2212 memset(text, 0xdd, textlen);
2213 digest = "\x56\xbe\x34\x52\x1d\x14\x4c\x88\xdb\xb8\xc7\x33\xf0\xe8\xb3\xf6";
2214 if (sctp_test_hmac("MD5 test case 3", SCTP_AUTH_HMAC_ID_MD5, key, keylen,
2215 text, textlen, digest, digestlen) < 0)
2219 * test_case = 4 key =
2220 * 0x0102030405060708090a0b0c0d0e0f10111213141516171819 key_len = 25
2221 * data = 0xcd repeated 50 times data_len = 50 digest
2222 * = 0x697eaf0aca3a3aea3a75164746ffaa79
2225 memcpy(key, "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19", keylen);
2227 memset(text, 0xcd, textlen);
2228 digest = "\x69\x7e\xaf\x0a\xca\x3a\x3a\xea\x3a\x75\x16\x47\x46\xff\xaa\x79";
2229 if (sctp_test_hmac("MD5 test case 4", SCTP_AUTH_HMAC_ID_MD5, key, keylen,
2230 text, textlen, digest, digestlen) < 0)
2234 * test_case = 5 key = 0x0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c
2235 * key_len = 16 data = "Test With Truncation" data_len = 20
2236 * digest = 0x56461ef2342edc00f9bab995690efd4c digest-96
2237 * 0x56461ef2342edc00f9bab995
2240 memset(key, 0x0c, keylen);
2242 strcpy(text, "Test With Truncation");
2243 digest = "\x56\x46\x1e\xf2\x34\x2e\xdc\x00\xf9\xba\xb9\x95\x69\x0e\xfd\x4c";
2244 if (sctp_test_hmac("MD5 test case 5", SCTP_AUTH_HMAC_ID_MD5, key, keylen,
2245 text, textlen, digest, digestlen) < 0)
2249 * test_case = 6 key = 0xaa repeated 80 times key_len
2250 * = 80 data = "Test Using Larger Than Block-Size Key -
2251 * Hash Key First" data_len = 54 digest =
2252 * 0x6b1ab7fe4bd7bf8f0b62e6ce61b9d0cd
2255 memset(key, 0xaa, keylen);
2257 strcpy(text, "Test Using Larger Than Block-Size Key - Hash Key First");
2258 digest = "\x6b\x1a\xb7\xfe\x4b\xd7\xbf\x8f\x0b\x62\xe6\xce\x61\xb9\xd0\xcd";
2259 if (sctp_test_hmac("MD5 test case 6", SCTP_AUTH_HMAC_ID_MD5, key, keylen,
2260 text, textlen, digest, digestlen) < 0)
2264 * test_case = 7 key = 0xaa repeated 80 times key_len
2265 * = 80 data = "Test Using Larger Than Block-Size Key and
2266 * Larger Than One Block-Size Data" data_len = 73 digest =
2267 * 0x6f630fad67cda0ee1fb1f562db3aa53e
2270 memset(key, 0xaa, keylen);
2272 strcpy(text, "Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data");
2273 digest = "\x6f\x63\x0f\xad\x67\xcd\xa0\xee\x1f\xb1\xf5\x62\xdb\x3a\xa5\x3e";
2274 if (sctp_test_hmac("MD5 test case 7", SCTP_AUTH_HMAC_ID_MD5, key, keylen,
2275 text, textlen, digest, digestlen) < 0)
2278 /* done with all tests */
2280 printf("\nMD5 test results: %d cases failed", failed);
2282 printf("\nMD5 test results: all test cases passed");
2286 * test assoc key concatenation
2289 sctp_test_key_concatenation(sctp_key_t * key1, sctp_key_t * key2,
2290 sctp_key_t * expected_key)
2295 sctp_show_key(key1, "\nkey1");
2296 sctp_show_key(key2, "\nkey2");
2297 key = sctp_compute_hashkey(key1, key2, NULL);
2298 sctp_show_key(expected_key, "\nExpected");
2299 sctp_show_key(key, "\nComputed");
2300 if (memcmp(key, expected_key, expected_key->keylen) != 0) {
2307 sctp_free_key(key1);
2308 sctp_free_key(key2);
2309 sctp_free_key(expected_key);
2316 sctp_test_authkey(void)
2318 sctp_key_t *key1, *key2, *expected_key;
2322 key1 = sctp_set_key("\x01\x01\x01\x01", 4);
2323 key2 = sctp_set_key("\x01\x02\x03\x04", 4);
2324 expected_key = sctp_set_key("\x01\x01\x01\x01\x01\x02\x03\x04", 8);
2325 if (sctp_test_key_concatenation(key1, key2, expected_key) < 0)
2329 key1 = sctp_set_key("\x00\x00\x00\x01", 4);
2330 key2 = sctp_set_key("\x02", 1);
2331 expected_key = sctp_set_key("\x00\x00\x00\x01\x02", 5);
2332 if (sctp_test_key_concatenation(key1, key2, expected_key) < 0)
2336 key1 = sctp_set_key("\x01", 1);
2337 key2 = sctp_set_key("\x00\x00\x00\x02", 4);
2338 expected_key = sctp_set_key("\x01\x00\x00\x00\x02", 5);
2339 if (sctp_test_key_concatenation(key1, key2, expected_key) < 0)
2343 key1 = sctp_set_key("\x00\x00\x00\x01", 4);
2344 key2 = sctp_set_key("\x01", 1);
2345 expected_key = sctp_set_key("\x01\x00\x00\x00\x01", 5);
2346 if (sctp_test_key_concatenation(key1, key2, expected_key) < 0)
2350 key1 = sctp_set_key("\x01", 1);
2351 key2 = sctp_set_key("\x00\x00\x00\x01", 4);
2352 expected_key = sctp_set_key("\x01\x00\x00\x00\x01", 5);
2353 if (sctp_test_key_concatenation(key1, key2, expected_key) < 0)
2357 key1 = sctp_set_key("\x00\x00\x00\x00\x01\x02\x03\x04\x05\x06\x07", 11);
2358 key2 = sctp_set_key("\x00\x00\x00\x00\x01\x02\x03\x04\x05\x06\x08", 11);
2359 expected_key = sctp_set_key("\x00\x00\x00\x00\x01\x02\x03\x04\x05\x06\x07\x00\x00\x00\x00\x01\x02\x03\x04\x05\x06\x08", 22);
2360 if (sctp_test_key_concatenation(key1, key2, expected_key) < 0)
2364 key1 = sctp_set_key("\x00\x00\x00\x00\x01\x02\x03\x04\x05\x06\x08", 11);
2365 key2 = sctp_set_key("\x00\x00\x00\x00\x01\x02\x03\x04\x05\x06\x07", 11);
2366 expected_key = sctp_set_key("\x00\x00\x00\x00\x01\x02\x03\x04\x05\x06\x07\x00\x00\x00\x00\x01\x02\x03\x04\x05\x06\x08", 22);
2367 if (sctp_test_key_concatenation(key1, key2, expected_key) < 0)
2370 /* done with all tests */
2372 printf("\nKey concatenation test results: %d cases failed", failed);
2374 printf("\nKey concatenation test results: all test cases passed");
2378 #if defined(STANDALONE_HMAC_TEST)
2382 sctp_test_hmac_sha1();
2383 sctp_test_hmac_md5();
2384 sctp_test_authkey();
2387 #endif /* STANDALONE_HMAC_TEST */
2389 #endif /* SCTP_HMAC_TEST */