1 /* $KAME: sctp_hashdriver.c,v 1.6 2004/02/24 21:52:26 itojun Exp $ */
2 /* $NetBSD: sctp_hashdriver.c,v 1.1 2015/10/13 21:28:35 rjs Exp $ */
3
4 /*
5 * Copyright (c) 2001, 2002, 2003, 2004 Cisco Systems, Inc.
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. All advertising materials mentioning features or use of this software
17 * must display the following acknowledgement:
18 * This product includes software developed by Cisco Systems, Inc.
19 * 4. Neither the name of the project nor the names of its contributors
20 * may be used to endorse or promote products derived from this software
21 * without specific prior written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY CISCO SYSTEMS AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL CISCO SYSTEMS OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * SUCH DAMAGE.
34 */
35 #include <sys/cdefs.h>
36 __KERNEL_RCSID(0, "$NetBSD: sctp_hashdriver.c,v 1.1 2015/10/13 21:28:35 rjs Exp $");
37
38 #include <sys/param.h>
39 #include <sys/systm.h>
40 #include <sys/malloc.h>
41 #include <sys/mbuf.h>
42 #include <sys/domain.h>
43 #include <sys/protosw.h>
44 #include <sys/socket.h>
45 #include <sys/socketvar.h>
46 #include <sys/proc.h>
47 #include <sys/kernel.h>
48 #include <sys/sysctl.h>
49 #include <sys/types.h>
50 #include <netinet/sctp_constants.h>
51 #ifdef USE_MD5
52 #include <sys/md5.h>
53 #else
54 #include <sys/sha1.h>
55 #endif
56 #include <netinet/sctp_hashdriver.h>
57
58 /*
59 * Main driver for SCTP's hashing.
60 * passing a two pointers and two lengths, returning a digest pointer
61 * filled. The md5 code was taken directly from the RFC (2104) so to
62 * understand it you may want to go look at the RFC referenced in the
63 * SCTP spec. We did modify this code to either user OURs implementation
64 * of SLA1 or the MD5 that comes from its RFC. SLA1 may have IPR issues
65 * so you need to check in to this if you wish to use it... Or at least
66 * that is what the FIP-180.1 web page says.
67 */
68
sctp_hash_digest(char * key,int key_len,char * text,int text_len,unsigned char * digest)69 void sctp_hash_digest(char *key, int key_len, char *text, int text_len,
70 unsigned char *digest)
71 {
72 #ifdef USE_MD5
73 MD5Context context;
74 #else
75 SHA1_CTX context;
76 #endif /* USE_MD5 */
77 /* inner padding - key XORd with ipad */
78 unsigned char k_ipad[65];
79 /* outer padding - key XORd with opad */
80 unsigned char k_opad[65];
81 unsigned char tk[20];
82 int i;
83
84 if (key_len > 64) {
85 #ifdef USE_MD5
86 md5_ctxt tctx;
87 MD5Init(&tctx);
88 MD5Update(&tctx, key, key_len);
89 MD5Final(tk, &tctx);
90 key = tk;
91 key_len = 16;
92 #else
93 SHA1_CTX tctx;
94 SHA1Init(&tctx);
95 SHA1Update(&tctx, key, key_len);
96 SHA1Final(tk, &tctx);
97 key = tk;
98 key_len = 20;
99 #endif /* USE_MD5 */
100 }
101
102 /*
103 * the HMAC_MD5 transform looks like:
104 *
105 * MD5(K XOR opad, MD5(K XOR ipad, text))
106 *
107 * where K is an n byte key
108 * ipad is the byte 0x36 repeated 64 times
109 * opad is the byte 0x5c repeated 64 times
110 * and text is the data being protected
111 */
112
113 /* start out by storing key in pads */
114 memset(k_ipad, 0, sizeof k_ipad);
115 memset(k_opad, 0, sizeof k_opad);
116 bcopy(key, k_ipad, key_len);
117 bcopy(key, k_opad, key_len);
118
119 /* XOR key with ipad and opad values */
120 for (i = 0; i < 64; i++) {
121 k_ipad[i] ^= 0x36;
122 k_opad[i] ^= 0x5c;
123 }
124 /*
125 * perform inner MD5
126 */
127 #ifdef USE_MD5
128 MD5Init(&context); /* init context for 1st pass */
129 MD5Update(&context, k_ipad, 64); /* start with inner pad */
130 MD5Update(&context, text, text_len); /* then text of datagram */
131 MD5Final(digest, &context); /* finish up 1st pass */
132 #else
133 SHA1Init(&context); /* init context for 1st pass */
134 SHA1Update(&context, k_ipad, 64); /* start with inner pad */
135 SHA1Update(&context, text, text_len); /* then text of datagram */
136 SHA1Final(digest, &context); /* finish up 1st pass */
137 #endif /* USE_MD5 */
138
139 /*
140 * perform outer MD5
141 */
142 #ifdef USE_MD5
143 MD5Init(&context); /* init context for 2nd pass */
144 MD5Update(&context, k_opad, 64); /* start with outer pad */
145 MD5Update(&context, digest, 16); /* then results of 1st hash */
146 MD5Final(digest, &context); /* finish up 2nd pass */
147 #else
148 SHA1Init(&context); /* init context for 2nd pass */
149 SHA1Update(&context, k_opad, 64); /* start with outer pad */
150 SHA1Update(&context, digest, 20); /* then results of 1st hash */
151 SHA1Final(digest, &context); /* finish up 2nd pass */
152 #endif /* USE_MD5 */
153 }
154
sctp_hash_digest_m(char * key,int key_len,struct mbuf * m,int offset,unsigned char * digest)155 void sctp_hash_digest_m(char *key, int key_len, struct mbuf *m, int offset,
156 unsigned char *digest)
157 {
158 struct mbuf *m_at;
159 #ifdef USE_MD5
160 MD5Context context;
161 #else
162 SHA1_CTX context;
163 #endif /* USE_MD5 */
164 /* inner padding - key XORd with ipad */
165 unsigned char k_ipad[65];
166 /* outer padding - key XORd with opad */
167 unsigned char k_opad[65];
168 unsigned char tk[20];
169 int i;
170
171 if (key_len > 64) {
172 #ifdef USE_MD5
173 MD5Context tctx;
174 MD5Init(&tctx);
175 MD5Update(&tctx, key, key_len);
176 MD5Final(tk, &tctx);
177 key = tk;
178 key_len = 16;
179 #else
180 SHA1_CTX tctx;
181 SHA1Init(&tctx);
182 SHA1Update(&tctx, key, key_len);
183 SHA1Final(tk, &tctx);
184 key = tk;
185 key_len = 20;
186 #endif /* USE_MD5 */
187 }
188
189 /*
190 * the HMAC_MD5 transform looks like:
191 *
192 * MD5(K XOR opad, MD5(K XOR ipad, text))
193 *
194 * where K is an n byte key
195 * ipad is the byte 0x36 repeated 64 times
196 * opad is the byte 0x5c repeated 64 times
197 * and text is the data being protected
198 */
199
200 /* start out by storing key in pads */
201 memset(k_ipad, 0, sizeof k_ipad);
202 memset(k_opad, 0, sizeof k_opad);
203 bcopy(key, k_ipad, key_len);
204 bcopy(key, k_opad, key_len);
205
206 /* XOR key with ipad and opad values */
207 for (i = 0; i < 64; i++) {
208 k_ipad[i] ^= 0x36;
209 k_opad[i] ^= 0x5c;
210 }
211
212 /* find the correct mbuf and offset into mbuf */
213 m_at = m;
214 while ((m_at != NULL) && (offset > m_at->m_len)) {
215 offset -= m_at->m_len; /* update remaining offset left */
216 m_at = m_at->m_next;
217 }
218 /*
219 * perform inner MD5
220 */
221 #ifdef USE_MD5
222 MD5Init(&context); /* init context for 1st pass */
223 MD5Update(&context, k_ipad, 64); /* start with inner pad */
224 /******/
225 while (m_at != NULL) {
226 /* then text of datagram... */
227 MD5Update(&context, mtod(m_at, char *)+offset,
228 m_at->m_len-offset);
229 /* only offset on the first mbuf */
230 offset = 0;
231 m_at = m_at->m_next;
232 }
233 /******/
234 MD5Final(digest, &context); /* finish up 1st pass */
235 #else
236 SHA1Init(&context); /* init context for 1st pass */
237 SHA1Update(&context, k_ipad, 64); /* start with inner pad */
238 /******/
239 while (m_at != NULL) {
240 /* then text of datagram */
241 SHA1Update(&context, mtod(m_at, char *)+offset,
242 m_at->m_len-offset);
243 /* only offset on the first mbuf */
244 offset = 0;
245 m_at = m_at->m_next;
246 }
247 /******/
248 SHA1Final(digest, &context); /* finish up 1st pass */
249 #endif /* USE_MD5 */
250
251 /*
252 * perform outer MD5
253 */
254 #ifdef USE_MD5
255 MD5Init(&context); /* init context for 2nd pass */
256 MD5Update(&context, k_opad, 64); /* start with outer pad */
257 MD5Update(&context, digest, 16); /* then results of 1st hash */
258 MD5Final(digest, &context); /* finish up 2nd pass */
259 #else
260 SHA1Init(&context); /* init context for 2nd pass */
261 SHA1Update(&context, k_opad, 64); /* start with outer pad */
262 SHA1Update(&context, digest, 20); /* then results of 1st hash */
263 SHA1Final(digest, &context); /* finish up 2nd pass */
264 #endif /* USE_MD5 */
265 }
266