sctp_cookie.c revision 47b333251f6569b2d2a85df530163c314e6eb46c
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2009 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#include <inet/ipclassifier.h>
#include "sctp_impl.h"
/*
* Helper function for SunCluster (PSARC/2005/602) to get the original source
* address from the COOKIE
*/
/*
* From RFC 2104. This should probably go into libmd5 (and while
* we're at it, maybe we should make a libdigest so we can later
* add SHA1 and others, esp. since some weaknesses have been found
* with MD5).
*
* text IN pointer to data stream
* text_len IN length of data stream
* key IN pointer to authentication key
* key_len IN length of authentication key
* digest OUT caller digest to be filled in
*/
static void
{
int i;
/* if key is longer than 64 bytes reset it to key=MD5(key) */
if (key_len > 64) {
key_len = 16;
}
/*
* the HMAC_MD5 transform looks like:
*
* MD5(K XOR opad, MD5(K XOR ipad, text))
*
* where K is an n byte key
* ipad is the byte 0x36 repeated 64 times
* opad is the byte 0x5c repeated 64 times
* and text is the data being protected
*/
/* start out by storing key in pads */
/* XOR key with ipad and opad values */
for (i = 0; i < 64; i++) {
k_ipad[i] ^= 0x36;
k_opad[i] ^= 0x5c;
}
/*
* perform inner MD5
*/
/* pass */
/*
* perform outer MD5
*/
/* pass */
/* hash */
}
/*
* info in initmp to send the abort. Otherwise, no abort will be sent.
*
* When called from stcp_send_initack() while processing parameters
* from a received INIT_CHUNK want_cookie will be NULL.
*
* When called from sctp_send_cookie_echo() while processing an INIT_ACK,
* want_cookie contains a pointer to a pointer of type *sctp_parm_hdr_t.
* However, this last pointer will be NULL until the cookie is processed
* at which time it will be set to point to a sctp_parm_hdr_t that contains
* the cookie info.
*
* Note: an INIT_ACK is expected to contain a cookie.
*
* When processing an INIT_ACK, an ERROR chunk and chain of one or more
* error CAUSE blocks will be created if unrecognized parameters marked by
* the sender as reportable are found.
*
* When processing an INIT chunk, a chain of one or more error CAUSE blocks
* will be created if unrecognized parameters marked by the sender as
* reportable are found. These are appended directly to the INIT_ACK chunk.
*
* In both cases the error chain is visible to the caller via *errmp.
*
* Returns 1 if the parameters are OK (or if there are no optional
* parameters), returns 0 otherwise.
*/
static int
{
if (sctp_options != NULL)
*sctp_options = 0;
/* First validate stream parameters */
goto abort;
}
goto abort;
}
/*
* When processing a received INIT_ACK, a cookie is
* expected, if missing there is nothing to validate.
*/
if (want_cookie != NULL)
goto cookie_abort;
return (1);
}
switch (ptype) {
case PARM_HBINFO:
case PARM_UNRECOGNIZED:
case PARM_ECN:
/* just ignore them */
break;
case PARM_FORWARD_TSN:
if (sctp_options != NULL)
break;
case PARM_COOKIE:
got_cookie = B_TRUE;
/*
* Processing a received INIT_ACK, we have a cookie
* and a valid pointer in our caller to attach it to.
*/
if (want_cookie != NULL) {
*want_cookie = cph;
}
break;
case PARM_ADDR4:
*supp_af |= PARM_SUPP_V4;
break;
case PARM_ADDR6:
*supp_af |= PARM_SUPP_V6;
break;
case PARM_COOKIE_PRESERVE:
case PARM_ADAPT_LAYER_IND:
/* These are OK */
break;
case PARM_ADDR_HOST_NAME:
/* Don't support this; abort the association */
goto abort;
case PARM_SUPP_ADDRS: {
/* Make sure we have a supported addr intersection */
int plen;
while (plen > 0) {
switch (addrtype) {
case PARM_ADDR6:
*supp_af |= PARM_SUPP_V6;
break;
case PARM_ADDR4:
*supp_af |= PARM_SUPP_V4;
break;
default:
/*
* Do nothing, silently ignore hostname
* address.
*/
break;
}
p++;
plen -= sizeof (*p);
}
break;
}
default:
/*
* Handle any unrecognized params, the two high order
* bits of ptype define how the remote wants them
* handled.
* Top bit:
* 1. Continue processing other params in the chunk
* 0. Stop processing params after this one.
* 2nd bit:
* 1. Must report this unrecognized param to remote
* 0. Obey the top bit silently.
*/
if (ptype & SCTP_REPORT_THIS_PARAM) {
/*
* Processing an INIT_ACK, this is the
* first reportable param, create an
* ERROR chunk and populate it with a
* CAUSE block for this parameter.
*/
(void *)cph,
} else {
/*
* If processing an INIT chunk add
* an additional CAUSE block to an
* INIT_ACK, got_errchunk is B_FALSE.
*/
}
}
if (ptype & SCTP_CONT_PROC_PARAMS) {
/*
* Continue processing params after this
* parameter.
*/
break;
}
/*
* Stop processing params, report any reportable
* unrecognized params found so far.
*/
goto done;
}
}
done:
/*
* Some sanity checks. The following should not fail unless the
* other side is broken.
*
* 1. If this is a V4 endpoint but V4 address is not
* supported, abort.
* 2. If this is a V6 only endpoint but V6 address is
* not supported, abort. This assumes that a V6
* endpoint can use both V4 and V6 addresses.
* We only care about supp_af when processing INIT, i.e want_cookie
* is NULL.
*/
if (want_cookie == NULL &&
goto abort;
}
/* Will populate the CAUSE block in the ABORT chunk. */
return (0);
}
/* OK */
return (1);
if (want_cookie != NULL)
return (0);
return (0);
}
/*
* Initialize params from the INIT and INIT-ACK when the assoc. is
* established.
*/
{
/* Get initial TSN */
/* Serial number is initialized to the same value as the TSN */
/*
* Get verification tags; no byteordering is necessary, since
* verfication tags are never processed except for byte-by-byte
* comparisons.
*/
/* Get the peer's rwnd */
/* Allocate the in/out-stream counters */
return (B_FALSE);
return (B_FALSE);
}
return (B_TRUE);
}
/*
* Copy the peer's original source address into addr. This relies on the
* following format (see sctp_send_initack() below):
* relative timestamp for the cookie (int64_t) +
* cookie lifetime (uint32_t) +
* local tie-tag (uint32_t) + peer tie-tag (uint32_t) +
* Peer's original src ...
*/
int
{
return (EINVAL);
return (0);
}
#define SCTP_CALC_COOKIE_LEN(initcp) \
sizeof (int64_t) + /* timestamp */ \
sizeof (uint32_t) + /* cookie lifetime */ \
sizeof (sctp_init_chunk_t) + /* INIT ACK */ \
sizeof (in6_addr_t) + /* peer's original source */ \
sizeof (uint32_t) + /* local tie-tag */ \
sizeof (uint32_t) + /* peer tie-tag */ \
sizeof (sctp_parm_hdr_t) + /* param header */ \
16 /* MD5 hash */
void
{
char *p;
int supp_af = 0;
int pad;
/* Extract the INIT chunk */
if (isv4) {
supp_af |= PARM_SUPP_V4;
} else {
supp_af |= PARM_SUPP_V6;
}
/* Make sure we like the peer's parameters */
&supp_af, &sctp_options) == 0) {
return;
}
/*
* Irregardless of the supported address in the INIT, v4
* must be supported.
*/
}
/* normal, expected INIT: generate new vtag and itsn */
if (itag == 0)
/* init collision; copy vtag and itsn from sctp */
/*
* In addition we need to send all the params that was sent
* in our INIT chunk. Essentially, it is only the supported
* address params that we need to add.
*/
/*
* When we sent the INIT, we should have set linklocal in
* the sctp which should be good enough.
*/
if (linklocal)
} else {
/* peer restart; generate new vtag but keep everything else */
if (itag == 0)
}
/*
* Allocate a mblk for the INIT ACK, consisting of the link layer
* header, the IP header, the SCTP common header, and INIT ACK chunk,
* and finally the COOKIE parameter.
*/
if (sctp->sctp_send_adaptation)
}
if (initcollision)
if (!linklocal)
}
/*
* If the listen socket is bound to a trusted extensions
* multi-label port, attach a copy of the listener's cred
* to the new INITACK mblk. Modify the cred to contain
* the security label of the received INIT packet.
* If not a multi-label port, attach the unmodified
* listener's cred directly.
*
* We expect Sun developed kernel modules to properly set
* cred labels for sctp connections. We can't be so sure this
* will be done correctly when 3rd party kernel modules
* directly use sctp. The initlabel panic guard logic was
* added to cover this possibility.
*/
return;
}
return;
}
} else {
}
return;
}
if (isv4) {
/* Copy the peer's IP addr */
} else {
/* Copy the peer's IP addr */
errlen);
}
/* Fill in the holes in the SCTP common header */
/* INIT ACK chunk header */
/* The INIT ACK itself */
/* Advertise what we would want to have as stream #'s */
p = (char *)(iack + 1);
if (initcollision)
if (!linklocal)
}
/*
* Generate and lay in the COOKIE parameter.
*
* Any change here that results in a change of location for
* the peer's orig source address must be propagated to the fn
* cl_sctp_cookie_paddr() above.
*
* The cookie consists of:
* 1. The relative timestamp for the cookie (lbolt64)
* 2. The cookie lifetime (uint32_t) in tick
* 3. The local tie-tag
* 4. The peer tie-tag
* 5. Peer's original src, used to confirm the validity of address.
* 6. Our INIT ACK chunk, less any parameters
* 7. The INIT chunk (may contain parameters)
* 8. 128-bit MD5 signature.
*
* Since the timestamp values will only be evaluated locally, we
* don't need to worry about byte-ordering them.
*/
cookieph = (sctp_parm_hdr_t *)p;
/* timestamp */
/* cookie lifetime -- need configuration */
/* Set the tie-tags */
*ttag = 0;
ttag++;
*ttag = 0;
ttag++;
} else {
/* local tie-tag (network byte-order) */
ttag++;
/* peer tie-tag (network byte-order) */
ttag++;
}
/*
* Copy in peer's original source address so that we can confirm
* the reachability later.
*/
p = (char *)ttag;
if (isv4) {
} else {
}
p += sizeof (in6_addr_t);
/* Copy in our INIT ACK chunk */
iack = (sctp_init_chunk_t *)p;
/* Set the # of streams we'll end up using */
p += sizeof (*iack);
/* Copy in the peer's INIT chunk */
/*
* Calculate the HMAC ICV into the digest slot in buf.
* First, generate a new secret if the current secret is
* older than the new secret lifetime parameter permits,
* copying the current secret to sctp_old_secret.
*/
if (sctps->sctps_new_secret_interval > 0 &&
}
if (pad != 0)
int err;
if (isv4)
else
if (err != 0) {
return;
}
}
/*
* Stash the conn ptr info. for IP only as e don't have any
* cached IRE.
*/
/* XXX sctp == sctp_g_q, so using its obchunks is valid */
/* OK to call IP_PUT() here instead of sctp_add_sendq(). */
}
void
{
/* XXX should abort, but don't have the inmp anymore */
return;
}
}
static int
{
return (-1);
sizeof (uint32_t))) {
return (0);
}
}
return (-1);
}
void
{
int pad = 0;
int hdrlen;
int error;
return;
}
/* Got a cookie to echo back; allocate an mblk */
else
return;
}
/* Process the INIT ACK */
/*
* Populate sctp with addresses given in the INIT ACK or IP header.
* Need to set the df bit in the current fp as it has been cleared
* in sctp_connect().
*/
/*
* Since IP uses this info during the fanout process, we need to hold
* the lock for this hash line while performing this operation.
*/
/* XXX sctp_conn_fanout + SCTP_CONN_HASH(sctps, sctp->sctp_ports); */
/* sctp isn't a listener so only need to hold conn fanout lock */
return;
}
/*
* There could be a case when we get an INIT-ACK again, if the INIT
* is re-transmitted, for e.g., which means we would have already
* allocated this resource earlier (also for sctp_instr). In this
* case we check and re-allocate, if necessary.
*/
} else {
ASSERT(old_num_str > 0);
}
}
return;
}
/*
* Allocate the in stream tracking array. Comments for sctp_ostrcntrs
* hold here too.
*/
} else {
ASSERT(old_num_str > 0);
}
}
return;
}
&sctp->sctp_rx_adaptation_code) == 0) {
}
/* Copy the cookie (less the parm hdr) to the chunk */
if (sctp->sctp_unsent > 0) {
do {
else
B_FALSE);
else
} else {
}
if (unsent > 0) {
/*
* Update ULP the amount of queued data, which is
* sent-unack'ed + unsent.
* This is not necessary, but doesn't harm, we
* just use unsent instead of sent-unack'ed +
* unsent, since there won't be any sent-unack'ed
* here.
*/
if (!SCTP_IS_DETACHED(sctp))
}
}
/*
* The error cannot be anything else since we could have an non-zero
* error only if sctp_get_msg_to_send() tries to send a Forward
* TSN which will not happen here.
*/
goto sendcookie;
goto sendcookie;
}
/* OK, if this fails */
return;
}
/*
* Even if cookie-echo exceeds MTU for one of the hops, it'll
* have a chance of getting there.
*/
}
/* Don't bundle, we will just resend init if this cookie is lost. */
}
}
}
}
int
{
uchar_t *p;
/* Verify the ICV */
if (clen < 0) {
return (-1);
}
/* The given hash follows the cookie data */
given_hash = p + clen;
/* The secret may have changed; try the old secret */
return (-1);
}
}
/* Timestamp is int64_t, and we only guarantee 32-bit alignment */
/* Cookie life time, uint32_t */
/*
* To quote PRC, "this is our baby", so let's continue.
* We need to pull out the encapsulated INIT ACK and
* INIT chunks. Note that we don't process these until
* we have verified the timestamp, but we need them before
* processing the timestamp since if the time check fails,
* we need to get the verification tag from the INIT in order
* to send a stale cookie error.
*/
*recv_adaptation = 0;
/*
* Check the staleness of the Cookie, specified in 3.3.10.3 of
* RFC 2960.
*
* The mesaure of staleness is the difference, in microseconds,
* between the current time and the time the State Cookie expires.
* So it is lbolt64 - (ts + *lt). If it is positive, it means
* that the Cookie has expired.
*/
return (-1);
}
/* Check for attack by adding addresses to a restart */
sctps) != 1) {
return (-1);
}
/* Look for adaptation code if there any parms in the INIT chunk */
if ((initplen >= sizeof (sctp_parm_hdr_t)) &&
&sctp->sctp_rx_adaptation_code) == 0)) {
*recv_adaptation = 1;
}
/* Examine tie-tags */
(int)(sctp->sctp_fport)));
return (-1);
}
int i;
/* Section 5.2.4 case A: restart */
}
(int)(sctp->sctp_fport)));
/* reset parameters */
/* reset stream bookkeeping */
sctp->sctp_istr_nmsgs = 0;
sctp->sctp_rxqueued = 0;
for (i = 0; i < sctp->sctp_num_ostr; i++) {
sctp->sctp_ostrcntrs[i] = 0;
}
/* XXX flush xmit_list? */
return (0);
/* Section 5.2.4 case B: INIT collision */
return (-1); /* Drop? */
}
(int)(sctp->sctp_fport)));
return (0);
/* Section 5.2.4 case C: late COOKIE */
(int)(sctp->sctp_fport)));
return (-1);
/*
* Section 5.2.4 case D: COOKIE ECHO retransmit
* Don't check cookie lifetime
*/
(int)(sctp->sctp_fport)));
return (-1); /* Drop? */
}
return (0);
} else {
/* unrecognized case -- silently drop it */
return (-1);
}
}
return (0);
}
/*
* Similar to ip_fanout_sctp, except that the src addr(s) are drawn
* from address parameters in an INIT ACK's address list. This
* function is used when an INIT ACK is received but IP's fanout
* function could not find a sctp via the normal lookup routine.
* This can happen when a host sends an INIT ACK from a different
* address than the INIT was sent to.
*
* Returns the sctp_t if found, or NULL if not found.
*/
sctp_t *
{
int isv4;
if (isv4) {
} else {
}
/* pull out any address parameters */
return (NULL);
}
/*
* params have been put in host byteorder by
* sctp_check_input()
*/
&src);
sctps);
dprint(1,
("sctp_addrlist2sctp: src=%x:%x:%x:%x, sctp=%p\n",
return (sctp);
}
sctps);
dprint(1,
("sctp_addrlist2sctp: src=%x:%x:%x:%x, sctp=%p\n",
return (sctp);
}
}
}
return (NULL);
}