tsvwg Douglas Otis Internet Draft SANlight Document: draft-otis-sctp-digest-02.txt June 21, 2001 Category: Standards Track Integrity-Authentication Digest for SCTP draft-otis-sctp-digest-02.txt 1 Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet- Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. 2 Abstract This document is to allow the inclusion of a digest within the SCTP [RFC2960] packet. This digest would be negotiated on a per Association basis. The means of negotiation and use is beyond the scope of this document. 3 Integrity-Authentication Digest This chunk is used to verify integrity a SCTP packet. This chunk is placed as the first chunk within the SCTP packet. This removes the Checksum value from the common header. The common header changes to: SCTP Common Header Format 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source Port Number | Destination Port Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Verification Tag | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ D. Otis 2 The digest is created over the entire SCTP packet with the Digest Value zeroed. To assist generalized processing, an IANA Designator for the type of digest algorithm used is placed within the Chunk Flag region. The calculated Digest Value then replaces this zeroed region. The format of the IA-Digest chunk is shown below: ID Value Chunk Type ----- ---------- 0x80 - Integrity-Authentication (IA-Digest) Integrity-Authentication Digest 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type 0x80 |IANA Designator| Digest Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ \ / Digest Value / \ \ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Fletcher-16 Modulo 65535 Fletcher 32 bit checksum. Both one's complement 16 bit summations are limited to modulo 65535 or 2^16 - 1. This modification greatly improves the ability to detect a stuck bit. CRC-32c This Cyclic Redundancy Check is reflected to accommodate the bit order of Ethernet. The initial CRC values are set to all ones to improve a zero header condition. The final result is then inverted before being stored. D. Otis 3 /* Digest Designators */ #define NO_CHECK 1 #define FLETCHER 2 #define CRC 3 /* Packet Offsets */ #define IA_CHUNK_TYPE 8 #define IA_DESIGNATOR 9 #define IA_DIGEST_B3 12 #define IA_DIGEST_B2 13 #define IA_DIGEST_B1 14 #define IA_DIGEST_B0 15 /* generated using (0x11EDC6F41) x^32+x^28+x^27+x^26+x^25+x^23+x^22+x^20+x^19+x^18+x^14+x^13+ x^11+x^10+x^9+x^8+x^6+1 */ unsigned long crctab[256] = { 0x00000000L, 0xF26B8303L, 0xE13B70F7L, 0x1350F3F4L, 0xC79A971FL, 0x35F1141CL, 0x26A1E7E8L, 0xD4CA64EBL, 0x8AD958CFL, 0x78B2DBCCL, 0x6BE22838L, 0x9989AB3BL, 0x4D43CFD0L, 0xBF284CD3L, 0xAC78BF27L, 0x5E133C24L, 0x105EC76FL, 0xE235446CL, 0xF165B798L, 0x030E349BL, 0xD7C45070L, 0x25AFD373L, 0x36FF2087L, 0xC494A384L, 0x9A879FA0L, 0x68EC1CA3L, 0x7BBCEF57L, 0x89D76C54L, 0x5D1D08BFL, 0xAF768BBCL, 0xBC267848L, 0x4E4DFB4BL, 0x20BD8EDEL, 0xD2D60DDDL, 0xC186FE29L, 0x33ED7D2AL, 0xE72719C1L, 0x154C9AC2L, 0x061C6936L, 0xF477EA35L, 0xAA64D611L, 0x580F5512L, 0x4B5FA6E6L, 0xB93425E5L, 0x6DFE410EL, 0x9F95C20DL, 0x8CC531F9L, 0x7EAEB2FAL, 0x30E349B1L, 0xC288CAB2L, 0xD1D83946L, 0x23B3BA45L, 0xF779DEAEL, 0x05125DADL, 0x1642AE59L, 0xE4292D5AL, 0xBA3A117EL, 0x4851927DL, 0x5B016189L, 0xA96AE28AL, 0x7DA08661L, 0x8FCB0562L, 0x9C9BF696L, 0x6EF07595L, 0x417B1DBCL, 0xB3109EBFL, 0xA0406D4BL, 0x522BEE48L, 0x86E18AA3L, 0x748A09A0L, 0x67DAFA54L, 0x95B17957L, 0xCBA24573L, 0x39C9C670L, 0x2A993584L, 0xD8F2B687L, 0x0C38D26CL, 0xFE53516FL, 0xED03A29BL, 0x1F682198L, 0x5125DAD3L, 0xA34E59D0L, 0xB01EAA24L, 0x42752927L, 0x96BF4DCCL, 0x64D4CECFL, 0x77843D3BL, 0x85EFBE38L, 0xDBFC821CL, 0x2997011FL, 0x3AC7F2EBL, 0xC8AC71E8L, 0x1C661503L, 0xEE0D9600L, 0xFD5D65F4L, 0x0F36E6F7L, 0x61C69362L, 0x93AD1061L, 0x80FDE395L, 0x72966096L, 0xA65C047DL, 0x5437877EL, 0x4767748AL, 0xB50CF789L, 0xEB1FCBADL, 0x197448AEL, 0x0A24BB5AL, 0xF84F3859L, 0x2C855CB2L, 0xDEEEDFB1L, 0xCDBE2C45L, 0x3FD5AF46L, 0x7198540DL, 0x83F3D70EL, 0x90A324FAL, 0x62C8A7F9L, 0xB602C312L, 0x44694011L, 0x5739B3E5L, 0xA55230E6L, D. Otis 4 0xFB410CC2L, 0x092A8FC1L, 0x1A7A7C35L, 0xE811FF36L, 0x3CDB9BDDL, 0xCEB018DEL, 0xDDE0EB2AL, 0x2F8B6829L, 0x82F63B78L, 0x709DB87BL, 0x63CD4B8FL, 0x91A6C88CL, 0x456CAC67L, 0xB7072F64L, 0xA457DC90L, 0x563C5F93L, 0x082F63B7L, 0xFA44E0B4L, 0xE9141340L, 0x1B7F9043L, 0xCFB5F4A8L, 0x3DDE77ABL, 0x2E8E845FL, 0xDCE5075CL, 0x92A8FC17L, 0x60C37F14L, 0x73938CE0L, 0x81F80FE3L, 0x55326B08L, 0xA759E80BL, 0xB4091BFFL, 0x466298FCL, 0x1871A4D8L, 0xEA1A27DBL, 0xF94AD42FL, 0x0B21572CL, 0xDFEB33C7L, 0x2D80B0C4L, 0x3ED04330L, 0xCCBBC033L, 0xA24BB5A6L, 0x502036A5L, 0x4370C551L, 0xB11B4652L, 0x65D122B9L, 0x97BAA1BAL, 0x84EA524EL, 0x7681D14DL, 0x2892ED69L, 0xDAF96E6AL, 0xC9A99D9EL, 0x3BC21E9DL, 0xEF087A76L, 0x1D63F975L, 0x0E330A81L, 0xFC588982L, 0xB21572C9L, 0x407EF1CAL, 0x532E023EL, 0xA145813DL, 0x758FE5D6L, 0x87E466D5L, 0x94B49521L, 0x66DF1622L, 0x38CC2A06L, 0xCAA7A905L, 0xD9F75AF1L, 0x2B9CD9F2L, 0xFF56BD19L, 0x0D3D3E1AL, 0x1E6DCDEEL, 0xEC064EEDL, 0xC38D26C4L, 0x31E6A5C7L, 0x22B65633L, 0xD0DDD530L, 0x0417B1DBL, 0xF67C32D8L, 0xE52CC12CL, 0x1747422FL, 0x49547E0BL, 0xBB3FFD08L, 0xA86F0EFCL, 0x5A048DFFL, 0x8ECEE914L, 0x7CA56A17L, 0x6FF599E3L, 0x9D9E1AE0L, 0xD3D3E1ABL, 0x21B862A8L, 0x32E8915CL, 0xC083125FL, 0x144976B4L, 0xE622F5B7L, 0xF5720643L, 0x07198540L, 0x590AB964L, 0xAB613A67L, 0xB831C993L, 0x4A5A4A90L, 0x9E902E7BL, 0x6CFBAD78L, 0x7FAB5E8CL, 0x8DC0DD8FL, 0xE330A81AL, 0x115B2B19L, 0x020BD8EDL, 0xF0605BEEL, 0x24AA3F05L, 0xD6C1BC06L, 0xC5914FF2L, 0x37FACCF1L, 0x69E9F0D5L, 0x9B8273D6L, 0x88D28022L, 0x7AB90321L, 0xAE7367CAL, 0x5C18E4C9L, 0x4F48173DL, 0xBD23943EL, 0xF36E6F75L, 0x0105EC76L, 0x12551F82L, 0xE03E9C81L, 0x34F4F86AL, 0xC69F7B69L, 0xD5CF889DL, 0x27A40B9EL, 0x79B737BAL, 0x8BDCB4B9L, 0x988C474DL, 0x6AE7C44EL, 0xBE2DA0A5L, 0x4C4623A6L, 0x5F16D052L, 0xAD7D5351L }; #define CRC32(crc, d) (crc=(crc>>8)^crctab[(crc^(d))&0xff]) /* fscgen generates the digest based on Digest Designator */ /* buf[] contains the SCTP packet */ /* length is the packet length including padding */ int fscgen(unsigned char buf[], int length) { int i = 0; unsigned int s1 = 0; unsigned int s2 = 0; unsigned int crc = ~0; if (buf[IA_CHUNK_TYPE] != 0x80) return (-1); D. Otis 5 switch (buf[IA_DESIGNATOR]) { case FLETCHER: while (i < length) { s1+= (buf[i] << 8) + buf[i+1]; if (s1 >= 0xFFFF) s1 -= 0xFFFF; s2+=s1; if (s2 >= 0xFFFF) s2 -= 0xFFFF; i+=2; } buf[IA_DIGEST_B3] = s2 >> 8; buf[IA_DIGEST_B2] = s2 & 0xFF; buf[IA_DIGEST_B1] = s1 >> 8; buf[IA_DIGEST_B0] = s1 & 0xFF; break; case CRC: while (i < length) CRC32 (crc, buf[i++]); /* assumes digest zeroed */ crc^=~0; /* * CRC reflected table reflects both bits and bytes. * As an alternative check without save, invert the digest * as an added step done at the end of the buffer then * checked returning all ones. */ buf[IA_DIGEST_B3] = crc & 0xFF; /* ms */ buf[IA_DIGEST_B2] = (crc >> 8) & 0xFF; buf[IA_DIGEST_B1] = (crc >> 16) & 0xFF; buf[IA_DIGEST_B0] = crc >> 24; /* ls */ break; case NO_CHECK: break; default: return (-1); break; } return (0); } D. Otis 6 /* fscchk verifies the digest based on Digest Designator */ /* buf[] contains the SCTP packet */ /* length is the packet length including padding */ int fscchk(unsigned char buf[], int length) { int i = 0; unsigned int sav_s1; unsigned int sav_s2; unsigned int sav_crc; unsigned int s1 = 0; unsigned int s2 = 0; unsigned int crc = ~0; if (buf[IA_CHUNK_TYPE] != 0x80) return (-1); switch (buf[IA_DESIGNATOR]) { case FLETCHER: sav_s2 = (buf[IA_DIGEST_B3] << 8) + buf[IA_DIGEST_B2]; sav_s1 = (buf[IA_DIGEST_B1] << 8) + buf[IA_DIGEST_B0]; buf[IA_DIGEST_B3] = buf[IA_DIGEST_B2] = \ buf[IA_DIGEST_B1] = buf[IA_DIGEST_B0] = 0; while (i < length) { s1+= (buf[i] << 8) + buf[i+1]; if (s1 >= 0xFFFF) s1 -= 0xFFFF; s2+=s1; if (s2 >= 0xFFFF) s2 -= 0xFFFF; i+=2; } if (sav_s2 != s2 || sav_s1 != s1) return(-1); break; case CRC: sav_crc = buf[IA_DIGEST_B3]+ \ (buf[IA_DIGEST_B2] << 8)+ \ (buf[IA_DIGEST_B1] << 16)+ \ (buf[IA_DIGEST_B0] << 24); buf[IA_DIGEST_B3] = buf[IA_DIGEST_B2] = \ buf[IA_DIGEST_B1] = buf[IA_DIGEST_B0] = 0; while (i < length) CRC32 (crc, buf[i++]); /* assumes digest zeroed */ crc^=~0; if (crc != sav_crc) return (-1); break; D. Otis 7 case NO_CHECK: break; default: return (-1); break; } return (0); } D. Otis 8 Editor's Note: The IANA Designator for SCTP Integrity-Authentication Digest Number Description Reference --------- ------------------------------------ --------- 0 Reserved 1 No Digest (No Digest Value) 2 Modulo 65535 Fletcher 32 bit Digest 3 CRC-32c Digest(Castagnioli93) 4 KRB5_MD5 [RFC1964] 5 KRB5_DES_MD5 [RFC1964] 6 KRB5_DES_MAC [RFC1964] 7 SPKM [RFC2025] 8 SHA-1 [RFC2404] 9 - 239 Reserved by the IANA 240 - 254 Reserved for Private algorithms 255 Reserved [Castagnoli93] Guy Castagnoli, Stefan Braeuer and Martin Herrman "Optimization of Cyclic Redundancy-Check Codes with 24 and 32 Parity Bits", IEEE Transactions on Communications, Vol. 41, No. 6, June 1993 [FIPS-180-1] NIST, FIPS PUB 180-1: Secure Hash Standard, April 1995. http://csrc.nist.gov/fips/fip180-1.txt (ascii) http://csrc.nist.gov/fips/fip180-1.ps (postscript) D. Otis 9 Author's Addresses Douglas Otis SANlight Inc. 160 Saratoga Ave. #40 Santa Clara, CA 95051 Phone: 408-260-1400 x 2 Email: dotis@sanlight.net 4 Full Copyright Statement "Copyright (C) The Internet Society (date). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.