sctp_cookie.c revision 77ebe684ef29c4e071249d0fcb90f306d3aa1f12
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy * CDDL HEADER START
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy * The contents of this file are subject to the terms of the
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy * Common Development and Distribution License (the "License").
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy * You may not use this file except in compliance with the License.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy * or http://www.opensolaris.org/os/licensing.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy * See the License for the specific language governing permissions
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy * and limitations under the License.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy * When distributing Covered Code, include this CDDL HEADER in each
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy * If applicable, add the following below this CDDL HEADER, with the
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy * fields enclosed by brackets "[]" replaced with your own identifying
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy * information: Portions Copyright [yyyy] [name of copyright owner]
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy * CDDL HEADER END
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy * Use is subject to license terms.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy * Helper function for SunCluster (PSARC/2005/602) to get the original source
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy * address from the COOKIE
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedyint cl_sctp_cookie_paddr(sctp_chunk_hdr_t *, in6_addr_t *);
52244c0958bdf281ca42932b449f644b4decfdc2John Wren Kennedy * From RFC 2104. This should probably go into libmd5 (and while
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy * we're at it, maybe we should make a libdigest so we can later
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy * add SHA1 and others, esp. since some weaknesses have been found
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy * text IN pointer to data stream
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy * text_len IN length of data stream
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy * key IN pointer to authentication key
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy * key_len IN length of authentication key
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy * digest OUT caller digest to be filled in
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedyhmac_md5(uchar_t *text, size_t text_len, uchar_t *key, size_t key_len,
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy uchar_t k_ipad[65]; /* inner padding - key XORd with ipad */
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy uchar_t k_opad[65]; /* outer padding - key XORd with opad */
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy /* if key is longer than 64 bytes reset it to key=MD5(key) */
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy * the HMAC_MD5 transform looks like:
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy * MD5(K XOR opad, MD5(K XOR ipad, text))
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy * where K is an n byte key
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy * ipad is the byte 0x36 repeated 64 times
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy * opad is the byte 0x5c repeated 64 times
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy * and text is the data being protected
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy /* start out by storing key in pads */
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy /* XOR key with ipad and opad values */
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy for (i = 0; i < 64; i++) {
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy * perform inner MD5
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy MD5Init(&context); /* init context for 1st */
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy MD5Update(&context, k_ipad, 64); /* start with inner pad */
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy MD5Update(&context, text, text_len); /* then text of datagram */
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy MD5Final(digest, &context); /* finish up 1st pass */
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy * perform outer MD5
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy MD5Init(&context); /* init context for 2nd */
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy MD5Update(&context, k_opad, 64); /* start with outer pad */
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy MD5Update(&context, digest, 16); /* then results of 1st */
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy MD5Final(digest, &context); /* finish up 2nd pass */
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy * If inmp is non-NULL, and we need to abort, it will use the IP/SCTP
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy * info in initmp to send the abort. Otherwise, no abort will be sent.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy * An ERROR chunk and chain of one or more error cause blocks will be
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy * created if unrecognized parameters marked by the sender as reportable
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy * are found. This error chain is visible to the caller via *errmp.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy * When called from stcp_send_init_ack() while processing parameters
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy * from a received INIT_CHUNK want_cookie will be NULL.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy * When called from sctp_send_cookie_echo() while processing an INIT_ACK,
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy * want_cookie contains a pointer to a pointer of type *sctp_parm_hdr_t.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy * However, this last pointer will be NULL until the cookie is processed
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy * at which time it will be set to point to a sctp_parm_hdr_t that contains
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy * the cookie info.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy * Note: an INIT_ACK is expected to contain a cookie.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy * Returns 1 if the parameters are OK (or if there are no optional
*sctp_options = 0;
goto abort;
goto abort;
goto cookie_abort;
switch (ptype) {
case PARM_HBINFO:
case PARM_UNRECOGNIZED:
case PARM_ECN:
case PARM_FORWARD_TSN:
case PARM_COOKIE:
case PARM_ADDR4:
case PARM_ADDR6:
case PARM_COOKIE_PRESERVE:
case PARM_ADAPT_LAYER_IND:
case PARM_ADDR_HOST_NAME:
goto abort;
case PARM_SUPP_ADDRS: {
int plen;
while (plen > 0) {
switch (addrtype) {
case PARM_ADDR6:
case PARM_ADDR4:
plen -= sizeof (*p);
if (!got_errchunk) {
(void *)cph,
goto done;
done:
goto abort;
/* Allocate the in/out-stream counters */
return (B_FALSE);
return (B_FALSE);
return (B_TRUE);
return (EINVAL);
int supp_af = 0;
int pad;
if (isv4) {
if (itag == 0)
if (linklocal)
if (itag == 0)
if (initcollision)
if (!linklocal)
if (isv4) {
errlen);
if (initcollision)
if (!linklocal)
*ttag = 0;
ttag++;
*ttag = 0;
ttag++;
ttag++;
ttag++;
p = (char *)ttag;
if (isv4) {
p += sizeof (in6_addr_t);
p += sizeof (*iack);
int err;
if (isv4)
if (err != 0) {
sizeof (uint32_t))) {
int pad = 0;
int hdrlen;
int error;
BPRI_MED);
B_FALSE);
if (unsent > 0) {
goto sendcookie;
goto sendcookie;
uchar_t *p;
if (clen < 0) {
*recv_adaptation = 0;
sctp_t *
int isv4;
if (isv4) {
return (NULL);
&src);
sctps);
return (sctp);
sctps);
return (sctp);
return (NULL);