| xform_esp.c (ec31427d3f2f35c68e07d0b41b1bb34ed82c82e4) | xform_esp.c (a0196c3c891ccf2ee88854f9798fd8e44d0e9f16) |
|---|---|
| 1/* $FreeBSD$ */ 2/* $OpenBSD: ip_esp.c,v 1.69 2001/06/26 06:18:59 angelos Exp $ */ 3/*- 4 * The authors of this code are John Ioannidis (ji@tla.org), 5 * Angelos D. Keromytis (kermit@csd.uch.gr) and 6 * Niels Provos (provos@physnet.uni-hamburg.de). 7 * 8 * The original version of this code was written by John Ioannidis --- 201 unchanged lines hidden (view full) --- 210 /* NB: override anything set in ah_init0 */ 211 sav->tdb_xform = xsp; 212 sav->tdb_encalgxform = txform; 213 214 /* Initialize crypto session. */ 215 bzero(&crie, sizeof (crie)); 216 crie.cri_alg = sav->tdb_encalgxform->type; 217 crie.cri_klen = _KEYBITS(sav->key_enc); | 1/* $FreeBSD$ */ 2/* $OpenBSD: ip_esp.c,v 1.69 2001/06/26 06:18:59 angelos Exp $ */ 3/*- 4 * The authors of this code are John Ioannidis (ji@tla.org), 5 * Angelos D. Keromytis (kermit@csd.uch.gr) and 6 * Niels Provos (provos@physnet.uni-hamburg.de). 7 * 8 * The original version of this code was written by John Ioannidis --- 201 unchanged lines hidden (view full) --- 210 /* NB: override anything set in ah_init0 */ 211 sav->tdb_xform = xsp; 212 sav->tdb_encalgxform = txform; 213 214 /* Initialize crypto session. */ 215 bzero(&crie, sizeof (crie)); 216 crie.cri_alg = sav->tdb_encalgxform->type; 217 crie.cri_klen = _KEYBITS(sav->key_enc); |
| 218 crie.cri_key = _KEYBUF(sav->key_enc); | 218 crie.cri_key = sav->key_enc->key_data; |
| 219 /* XXX Rounds ? */ 220 221 if (sav->tdb_authalgxform && sav->tdb_encalgxform) { 222 /* init both auth & enc */ 223 crie.cri_next = &cria; 224 error = crypto_newsession(&sav->tdb_cryptoid, 225 &crie, crypto_support); 226 } else if (sav->tdb_encalgxform) { --- 16 unchanged lines hidden (view full) --- 243 */ 244static int 245esp_zeroize(struct secasvar *sav) 246{ 247 /* NB: ah_zerorize free's the crypto session state */ 248 int error = ah_zeroize(sav); 249 250 if (sav->key_enc) | 219 /* XXX Rounds ? */ 220 221 if (sav->tdb_authalgxform && sav->tdb_encalgxform) { 222 /* init both auth & enc */ 223 crie.cri_next = &cria; 224 error = crypto_newsession(&sav->tdb_cryptoid, 225 &crie, crypto_support); 226 } else if (sav->tdb_encalgxform) { --- 16 unchanged lines hidden (view full) --- 243 */ 244static int 245esp_zeroize(struct secasvar *sav) 246{ 247 /* NB: ah_zerorize free's the crypto session state */ 248 int error = ah_zeroize(sav); 249 250 if (sav->key_enc) |
| 251 bzero(_KEYBUF(sav->key_enc), _KEYLEN(sav->key_enc)); | 251 bzero(sav->key_enc->key_data, _KEYLEN(sav->key_enc)); |
| 252 if (sav->iv) { 253 free(sav->iv, M_XDATA); 254 sav->iv = NULL; 255 } 256 sav->tdb_encalgxform = NULL; 257 sav->tdb_xform = NULL; 258 return error; 259} --- 116 unchanged lines hidden (view full) --- 376 IPSEC_ASSERT(crda != NULL, ("null ah crypto descriptor")); 377 378 /* Authentication descriptor */ 379 crda->crd_skip = skip; 380 crda->crd_len = m->m_pkthdr.len - (skip + alen); 381 crda->crd_inject = m->m_pkthdr.len - alen; 382 383 crda->crd_alg = esph->type; | 252 if (sav->iv) { 253 free(sav->iv, M_XDATA); 254 sav->iv = NULL; 255 } 256 sav->tdb_encalgxform = NULL; 257 sav->tdb_xform = NULL; 258 return error; 259} --- 116 unchanged lines hidden (view full) --- 376 IPSEC_ASSERT(crda != NULL, ("null ah crypto descriptor")); 377 378 /* Authentication descriptor */ 379 crda->crd_skip = skip; 380 crda->crd_len = m->m_pkthdr.len - (skip + alen); 381 crda->crd_inject = m->m_pkthdr.len - alen; 382 383 crda->crd_alg = esph->type; |
| 384 crda->crd_key = _KEYBUF(sav->key_auth); | 384 crda->crd_key = sav->key_auth->key_data; |
| 385 crda->crd_klen = _KEYBITS(sav->key_auth); 386 387 /* Copy the authenticator */ 388 if (mtag == NULL) 389 m_copydata(m, m->m_pkthdr.len - alen, alen, 390 (caddr_t) (tc + 1)); 391 392 /* Chain authentication request */ --- 20 unchanged lines hidden (view full) --- 413 /* Decryption descriptor */ 414 if (espx) { 415 IPSEC_ASSERT(crde != NULL, ("null esp crypto descriptor")); 416 crde->crd_skip = skip + hlen; 417 crde->crd_len = m->m_pkthdr.len - (skip + hlen + alen); 418 crde->crd_inject = skip + hlen - sav->ivlen; 419 420 crde->crd_alg = espx->type; | 385 crda->crd_klen = _KEYBITS(sav->key_auth); 386 387 /* Copy the authenticator */ 388 if (mtag == NULL) 389 m_copydata(m, m->m_pkthdr.len - alen, alen, 390 (caddr_t) (tc + 1)); 391 392 /* Chain authentication request */ --- 20 unchanged lines hidden (view full) --- 413 /* Decryption descriptor */ 414 if (espx) { 415 IPSEC_ASSERT(crde != NULL, ("null esp crypto descriptor")); 416 crde->crd_skip = skip + hlen; 417 crde->crd_len = m->m_pkthdr.len - (skip + hlen + alen); 418 crde->crd_inject = skip + hlen - sav->ivlen; 419 420 crde->crd_alg = espx->type; |
| 421 crde->crd_key = _KEYBUF(sav->key_enc); | 421 crde->crd_key = sav->key_enc->key_data; |
| 422 crde->crd_klen = _KEYBITS(sav->key_enc); 423 /* XXX Rounds ? */ 424 } 425 426 if (mtag == NULL) 427 return crypto_dispatch(crp); 428 else 429 return esp_input_cb(crp); --- 390 unchanged lines hidden (view full) --- 820 /* Encryption descriptor. */ 821 crde->crd_skip = skip + hlen; 822 crde->crd_len = m->m_pkthdr.len - (skip + hlen + alen); 823 crde->crd_flags = CRD_F_ENCRYPT; 824 crde->crd_inject = skip + hlen - sav->ivlen; 825 826 /* Encryption operation. */ 827 crde->crd_alg = espx->type; | 422 crde->crd_klen = _KEYBITS(sav->key_enc); 423 /* XXX Rounds ? */ 424 } 425 426 if (mtag == NULL) 427 return crypto_dispatch(crp); 428 else 429 return esp_input_cb(crp); --- 390 unchanged lines hidden (view full) --- 820 /* Encryption descriptor. */ 821 crde->crd_skip = skip + hlen; 822 crde->crd_len = m->m_pkthdr.len - (skip + hlen + alen); 823 crde->crd_flags = CRD_F_ENCRYPT; 824 crde->crd_inject = skip + hlen - sav->ivlen; 825 826 /* Encryption operation. */ 827 crde->crd_alg = espx->type; |
| 828 crde->crd_key = _KEYBUF(sav->key_enc); | 828 crde->crd_key = sav->key_enc->key_data; |
| 829 crde->crd_klen = _KEYBITS(sav->key_enc); 830 /* XXX Rounds ? */ 831 } else 832 crda = crp->crp_desc; 833 834 /* IPsec-specific opaque crypto info. */ 835 tc = (struct tdb_crypto *) malloc(sizeof(struct tdb_crypto), 836 M_XDATA, M_NOWAIT|M_ZERO); --- 22 unchanged lines hidden (view full) --- 859 if (esph) { 860 /* Authentication descriptor. */ 861 crda->crd_skip = skip; 862 crda->crd_len = m->m_pkthdr.len - (skip + alen); 863 crda->crd_inject = m->m_pkthdr.len - alen; 864 865 /* Authentication operation. */ 866 crda->crd_alg = esph->type; | 829 crde->crd_klen = _KEYBITS(sav->key_enc); 830 /* XXX Rounds ? */ 831 } else 832 crda = crp->crp_desc; 833 834 /* IPsec-specific opaque crypto info. */ 835 tc = (struct tdb_crypto *) malloc(sizeof(struct tdb_crypto), 836 M_XDATA, M_NOWAIT|M_ZERO); --- 22 unchanged lines hidden (view full) --- 859 if (esph) { 860 /* Authentication descriptor. */ 861 crda->crd_skip = skip; 862 crda->crd_len = m->m_pkthdr.len - (skip + alen); 863 crda->crd_inject = m->m_pkthdr.len - alen; 864 865 /* Authentication operation. */ 866 crda->crd_alg = esph->type; |
| 867 crda->crd_key = _KEYBUF(sav->key_auth); | 867 crda->crd_key = sav->key_auth->key_data; |
| 868 crda->crd_klen = _KEYBITS(sav->key_auth); 869 } 870 871 return crypto_dispatch(crp); 872bad: 873 if (m) 874 m_freem(m); 875 return (error); --- 113 unchanged lines hidden --- | 868 crda->crd_klen = _KEYBITS(sav->key_auth); 869 } 870 871 return crypto_dispatch(crp); 872bad: 873 if (m) 874 m_freem(m); 875 return (error); --- 113 unchanged lines hidden --- |