From owner-svn-src-head@FreeBSD.ORG Mon Sep 2 22:48:43 2013
Return-Path: <owner-svn-src-head@FreeBSD.ORG>
Delivered-To: svn-src-head@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTP id 291838FB;
Mon, 2 Sep 2013 22:48:43 +0000 (UTC)
(envelope-from tuexen@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org
[IPv6:2001:1900:2254:2068::e6a:0])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by mx1.freebsd.org (Postfix) with ESMTPS id 079172E1E;
Mon, 2 Sep 2013 22:48:43 +0000 (UTC)
Received: from svn.freebsd.org ([127.0.1.70])
by svn.freebsd.org (8.14.7/8.14.7) with ESMTP id r82MmgqT004883;
Mon, 2 Sep 2013 22:48:42 GMT (envelope-from tuexen@svn.freebsd.org)
Received: (from tuexen@localhost)
by svn.freebsd.org (8.14.7/8.14.5/Submit) id r82Mmgj5004877;
Mon, 2 Sep 2013 22:48:42 GMT (envelope-from tuexen@svn.freebsd.org)
Message-Id: <201309022248.r82Mmgj5004877@svn.freebsd.org>
From: Michael Tuexen <tuexen@FreeBSD.org>
Date: Mon, 2 Sep 2013 22:48:42 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
svn-src-head@freebsd.org
Subject: svn commit: r255160 - head/sys/netinet
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
<svn-src-head.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-src-head>,
<mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-head>,
<mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Sep 2013 22:48:43 -0000
Author: tuexen
Date: Mon Sep 2 22:48:41 2013
New Revision: 255160
URL: http://svnweb.freebsd.org/changeset/base/255160
Log:
All changes affect only SCTP-AUTH:
* Remove non working code related to SHA224.
* Remove support for non-standardised HMAC-IDs using SHA384 and SHA512.
* Prefer SHA256 over SHA1.
* Minor cleanup.
MFC after: 2 weeks
Modified:
head/sys/netinet/sctp_auth.c
head/sys/netinet/sctp_auth.h
head/sys/netinet/sctp_os_bsd.h
head/sys/netinet/sctp_uio.h
Modified: head/sys/netinet/sctp_auth.c
==============================================================================
--- head/sys/netinet/sctp_auth.c Mon Sep 2 22:45:49 2013 (r255159)
+++ head/sys/netinet/sctp_auth.c Mon Sep 2 22:48:41 2013 (r255160)
@@ -703,15 +703,7 @@ sctp_auth_add_hmacid(sctp_hmaclist_t * l
return (-1);
}
if ((hmac_id != SCTP_AUTH_HMAC_ID_SHA1) &&
-#ifdef HAVE_SHA224
- (hmac_id != SCTP_AUTH_HMAC_ID_SHA224) &&
-#endif
-#ifdef HAVE_SHA2
- (hmac_id != SCTP_AUTH_HMAC_ID_SHA256) &&
- (hmac_id != SCTP_AUTH_HMAC_ID_SHA384) &&
- (hmac_id != SCTP_AUTH_HMAC_ID_SHA512) &&
-#endif
- 1) {
+ (hmac_id != SCTP_AUTH_HMAC_ID_SHA256)) {
return (-1);
}
/* Now is it already in the list */
@@ -754,8 +746,9 @@ sctp_default_supported_hmaclist(void)
new_list = sctp_alloc_hmaclist(2);
if (new_list == NULL)
return (NULL);
- (void)sctp_auth_add_hmacid(new_list, SCTP_AUTH_HMAC_ID_SHA1);
+ /* We prefer SHA256, so list it first */
(void)sctp_auth_add_hmacid(new_list, SCTP_AUTH_HMAC_ID_SHA256);
+ (void)sctp_auth_add_hmacid(new_list, SCTP_AUTH_HMAC_ID_SHA1);
return (new_list);
}
@@ -811,19 +804,13 @@ int
sctp_verify_hmac_param(struct sctp_auth_hmac_algo *hmacs, uint32_t num_hmacs)
{
uint32_t i;
- uint16_t hmac_id;
- uint32_t sha1_supported = 0;
for (i = 0; i < num_hmacs; i++) {
- hmac_id = ntohs(hmacs->hmac_ids[i]);
- if (hmac_id == SCTP_AUTH_HMAC_ID_SHA1)
- sha1_supported = 1;
+ if (ntohs(hmacs->hmac_ids[i]) == SCTP_AUTH_HMAC_ID_SHA1) {
+ return (0);
+ }
}
- /* all HMAC id's are supported */
- if (sha1_supported == 0)
- return (-1);
- else
- return (0);
+ return (-1);
}
sctp_authinfo_t *
@@ -877,18 +864,8 @@ sctp_get_hmac_digest_len(uint16_t hmac_a
switch (hmac_algo) {
case SCTP_AUTH_HMAC_ID_SHA1:
return (SCTP_AUTH_DIGEST_LEN_SHA1);
-#ifdef HAVE_SHA224
- case SCTP_AUTH_HMAC_ID_SHA224:
- return (SCTP_AUTH_DIGEST_LEN_SHA224);
-#endif
-#ifdef HAVE_SHA2
case SCTP_AUTH_HMAC_ID_SHA256:
return (SCTP_AUTH_DIGEST_LEN_SHA256);
- case SCTP_AUTH_HMAC_ID_SHA384:
- return (SCTP_AUTH_DIGEST_LEN_SHA384);
- case SCTP_AUTH_HMAC_ID_SHA512:
- return (SCTP_AUTH_DIGEST_LEN_SHA512);
-#endif
default:
/* unknown HMAC algorithm: can't do anything */
return (0);
@@ -900,17 +877,9 @@ sctp_get_hmac_block_len(uint16_t hmac_al
{
switch (hmac_algo) {
case SCTP_AUTH_HMAC_ID_SHA1:
-#ifdef HAVE_SHA224
- case SCTP_AUTH_HMAC_ID_SHA224:
-#endif
return (64);
-#ifdef HAVE_SHA2
case SCTP_AUTH_HMAC_ID_SHA256:
return (64);
- case SCTP_AUTH_HMAC_ID_SHA384:
- case SCTP_AUTH_HMAC_ID_SHA512:
- return (128);
-#endif
case SCTP_AUTH_HMAC_ID_RSVD:
default:
/* unknown HMAC algorithm: can't do anything */
@@ -923,23 +892,11 @@ sctp_hmac_init(uint16_t hmac_algo, sctp_
{
switch (hmac_algo) {
case SCTP_AUTH_HMAC_ID_SHA1:
- SHA1_Init(&ctx->sha1);
- break;
-#ifdef HAVE_SHA224
- case SCTP_AUTH_HMAC_ID_SHA224:
+ SCTP_SHA1_INIT(&ctx->sha1);
break;
-#endif
-#ifdef HAVE_SHA2
case SCTP_AUTH_HMAC_ID_SHA256:
- SHA256_Init(&ctx->sha256);
- break;
- case SCTP_AUTH_HMAC_ID_SHA384:
- SHA384_Init(&ctx->sha384);
+ SCTP_SHA256_INIT(&ctx->sha256);
break;
- case SCTP_AUTH_HMAC_ID_SHA512:
- SHA512_Init(&ctx->sha512);
- break;
-#endif
case SCTP_AUTH_HMAC_ID_RSVD:
default:
/* unknown HMAC algorithm: can't do anything */
@@ -953,23 +910,11 @@ sctp_hmac_update(uint16_t hmac_algo, sct
{
switch (hmac_algo) {
case SCTP_AUTH_HMAC_ID_SHA1:
- SHA1_Update(&ctx->sha1, text, textlen);
+ SCTP_SHA1_UPDATE(&ctx->sha1, text, textlen);
break;
-#ifdef HAVE_SHA224
- case SCTP_AUTH_HMAC_ID_SHA224:
- break;
-#endif
-#ifdef HAVE_SHA2
case SCTP_AUTH_HMAC_ID_SHA256:
- SHA256_Update(&ctx->sha256, text, textlen);
- break;
- case SCTP_AUTH_HMAC_ID_SHA384:
- SHA384_Update(&ctx->sha384, text, textlen);
+ SCTP_SHA256_UPDATE(&ctx->sha256, text, textlen);
break;
- case SCTP_AUTH_HMAC_ID_SHA512:
- SHA512_Update(&ctx->sha512, text, textlen);
- break;
-#endif
case SCTP_AUTH_HMAC_ID_RSVD:
default:
/* unknown HMAC algorithm: can't do anything */
@@ -983,24 +928,11 @@ sctp_hmac_final(uint16_t hmac_algo, sctp
{
switch (hmac_algo) {
case SCTP_AUTH_HMAC_ID_SHA1:
- SHA1_Final(digest, &ctx->sha1);
+ SCTP_SHA1_FINAL(digest, &ctx->sha1);
break;
-#ifdef HAVE_SHA224
- case SCTP_AUTH_HMAC_ID_SHA224:
- break;
-#endif
-#ifdef HAVE_SHA2
case SCTP_AUTH_HMAC_ID_SHA256:
- SHA256_Final(digest, &ctx->sha256);
+ SCTP_SHA256_FINAL(digest, &ctx->sha256);
break;
- case SCTP_AUTH_HMAC_ID_SHA384:
- /* SHA384 is truncated SHA512 */
- SHA384_Final(digest, &ctx->sha384);
- break;
- case SCTP_AUTH_HMAC_ID_SHA512:
- SHA512_Final(digest, &ctx->sha512);
- break;
-#endif
case SCTP_AUTH_HMAC_ID_RSVD:
default:
/* unknown HMAC algorithm: can't do anything */
Modified: head/sys/netinet/sctp_auth.h
==============================================================================
--- head/sys/netinet/sctp_auth.h Mon Sep 2 22:45:49 2013 (r255159)
+++ head/sys/netinet/sctp_auth.h Mon Sep 2 22:48:41 2013 (r255160)
@@ -36,14 +36,12 @@ __FBSDID("$FreeBSD$");
#ifndef _NETINET_SCTP_AUTH_H_
#define _NETINET_SCTP_AUTH_H_
+#include <netinet/sctp_os.h>
/* digest lengths */
#define SCTP_AUTH_DIGEST_LEN_SHA1 20
-#define SCTP_AUTH_DIGEST_LEN_SHA224 28
#define SCTP_AUTH_DIGEST_LEN_SHA256 32
-#define SCTP_AUTH_DIGEST_LEN_SHA384 48
-#define SCTP_AUTH_DIGEST_LEN_SHA512 64
-#define SCTP_AUTH_DIGEST_LEN_MAX 64
+#define SCTP_AUTH_DIGEST_LEN_MAX SCTP_AUTH_DIGEST_LEN_SHA256
/* random sizes */
#define SCTP_AUTH_RANDOM_SIZE_DEFAULT 32
@@ -52,12 +50,8 @@ __FBSDID("$FreeBSD$");
/* union of all supported HMAC algorithm contexts */
typedef union sctp_hash_context {
- SHA1_CTX sha1;
-#ifdef HAVE_SHA2
- SHA256_CTX sha256;
- SHA384_CTX sha384;
- SHA512_CTX sha512;
-#endif
+ SCTP_SHA1_CTX sha1;
+ SCTP_SHA256_CTX sha256;
} sctp_hash_context_t;
typedef struct sctp_key {
Modified: head/sys/netinet/sctp_os_bsd.h
==============================================================================
--- head/sys/netinet/sctp_os_bsd.h Mon Sep 2 22:45:49 2013 (r255159)
+++ head/sys/netinet/sctp_os_bsd.h Mon Sep 2 22:48:41 2013 (r255160)
@@ -104,6 +104,9 @@ __FBSDID("$FreeBSD$");
#include <netinet/ip_options.h>
+#include <crypto/sha1.h>
+#include <crypto/sha2/sha2.h>
+
#ifndef in6pcb
#define in6pcb inpcb
#endif
@@ -468,23 +471,18 @@ sctp_get_mbuf_for_msg(unsigned int space
/*
* SCTP AUTH
*/
-#define HAVE_SHA2
-
#define SCTP_READ_RANDOM(buf, len) read_random(buf, len)
-#ifdef USE_SCTP_SHA1
-#include <netinet/sctp_sha1.h>
-#else
-#include <crypto/sha1.h>
/* map standard crypto API names */
-#define SHA1_Init SHA1Init
-#define SHA1_Update SHA1Update
-#define SHA1_Final(x,y) SHA1Final((caddr_t)x, y)
-#endif
-
-#if defined(HAVE_SHA2)
-#include <crypto/sha2/sha2.h>
-#endif
+#define SCTP_SHA1_CTX SHA1_CTX
+#define SCTP_SHA1_INIT SHA1Init
+#define SCTP_SHA1_UPDATE SHA1Update
+#define SCTP_SHA1_FINAL(x,y) SHA1Final((caddr_t)x, y)
+
+#define SCTP_SHA256_CTX SHA256_CTX
+#define SCTP_SHA256_INIT SHA256_Init
+#define SCTP_SHA256_UPDATE SHA256_Update
+#define SCTP_SHA256_FINAL(x,y) SHA256_Final((caddr_t)x, y)
#endif
Modified: head/sys/netinet/sctp_uio.h
==============================================================================
--- head/sys/netinet/sctp_uio.h Mon Sep 2 22:45:49 2013 (r255159)
+++ head/sys/netinet/sctp_uio.h Mon Sep 2 22:48:41 2013 (r255160)
@@ -662,10 +662,6 @@ struct sctp_hmacalgo {
#define SCTP_AUTH_HMAC_ID_RSVD 0x0000
#define SCTP_AUTH_HMAC_ID_SHA1 0x0001 /* default, mandatory */
#define SCTP_AUTH_HMAC_ID_SHA256 0x0003
-#define SCTP_AUTH_HMAC_ID_SHA224 0x0004
-#define SCTP_AUTH_HMAC_ID_SHA384 0x0005
-#define SCTP_AUTH_HMAC_ID_SHA512 0x0006
-
/* SCTP_AUTH_ACTIVE_KEY / SCTP_AUTH_DELETE_KEY */
struct sctp_authkeyid {