Lines Matching refs:assoc
579 esp_age_bytes(ipsa_t *assoc, uint64_t bytes, boolean_t inbound) in esp_age_bytes() argument
586 netstack_t *ns = assoc->ipsa_netstack; in esp_age_bytes()
590 if (!assoc->ipsa_haspeer) { in esp_age_bytes()
591 return (sadb_age_bytes(espstack->esp_pfkey_q, assoc, bytes, in esp_age_bytes()
607 isv6 = (assoc->ipsa_addrfam == AF_INET6); in esp_age_bytes()
611 inassoc = assoc; in esp_age_bytes()
633 outassoc = assoc; in esp_age_bytes()
672 esp_fix_natt_checksums(mblk_t *data_mp, ipsa_t *assoc) in esp_fix_natt_checksums() argument
678 uint32_t sum = assoc->ipsa_inbound_cksum; in esp_fix_natt_checksums()
975 esp_set_usetime(ipsa_t *assoc, boolean_t inbound) in esp_set_usetime() argument
982 netstack_t *ns = assoc->ipsa_netstack; in esp_set_usetime()
986 if (!assoc->ipsa_haspeer) { in esp_set_usetime()
987 sadb_set_usetime(assoc); in esp_set_usetime()
1002 isv6 = (assoc->ipsa_addrfam == AF_INET6); in esp_set_usetime()
1006 inassoc = assoc; in esp_set_usetime()
1028 outassoc = assoc; in esp_set_usetime()
1125 sadb_sa_t *assoc; in esp_getspi() local
1232 assoc = (sadb_sa_t *)ksi->ks_in_extv[SADB_EXT_SPIRANGE]; in esp_getspi()
1233 assoc->sadb_sa_exttype = SADB_EXT_SA; in esp_getspi()
1234 assoc->sadb_sa_spi = newbie->ipsa_spi; in esp_getspi()
1235 *((uint64_t *)(&assoc->sadb_sa_replay)) = 0; in esp_getspi()
1330 esp_port_freshness(uint32_t ports, ipsa_t *assoc) in esp_port_freshness() argument
1336 ipsecesp_stack_t *espstack = assoc->ipsa_netstack->netstack_ipsecesp; in esp_port_freshness()
1341 ASSERT(assoc->ipsa_addrfam == AF_INET); in esp_port_freshness()
1351 if (remote == 0 || assoc->ipsa_otherspi == 0 || in esp_port_freshness()
1352 (assoc->ipsa_flags & IPSA_F_BEHIND_NAT) || in esp_port_freshness()
1353 (assoc->ipsa_remote_nat_port == 0 && in esp_port_freshness()
1355 remote == assoc->ipsa_remote_nat_port) in esp_port_freshness()
1360 assoc->ipsa_srcaddr[0]); in esp_port_freshness()
1362 outbound_peer = ipsec_getassocbyspi(bucket, assoc->ipsa_otherspi, in esp_port_freshness()
1363 assoc->ipsa_dstaddr, assoc->ipsa_srcaddr, AF_INET); in esp_port_freshness()
1379 mutex_enter(&assoc->ipsa_lock); in esp_port_freshness()
1380 outbound_peer->ipsa_remote_nat_port = assoc->ipsa_remote_nat_port = in esp_port_freshness()
1382 mutex_exit(&assoc->ipsa_lock); in esp_port_freshness()
1400 ipsa_t *assoc; in esp_in_done() local
1411 assoc = ira->ira_ipsec_esp_sa; in esp_in_done()
1412 ASSERT(assoc != NULL); in esp_in_done()
1414 is_natt = ((assoc->ipsa_flags & IPSA_F_NATT) != 0); in esp_in_done()
1417 if (assoc->ipsa_encr_alg == SADB_EALG_NULL) { in esp_in_done()
1423 ivlen = assoc->ipsa_iv_len; in esp_in_done()
1424 if (assoc->ipsa_auth_alg == SADB_AALG_NONE) { in esp_in_done()
1427 sizeof (esph_t) - assoc->ipsa_iv_len; in esp_in_done()
1440 if (assoc->ipsa_auth_alg != IPSA_AALG_NONE || in esp_in_done()
1441 (assoc->ipsa_flags & IPSA_F_COMBINED)) { in esp_in_done()
1449 data_mp->b_wptr -= assoc->ipsa_mac_len; in esp_in_done()
1458 if (!sadb_replay_check(assoc, esph->esph_replay)) { in esp_in_done()
1469 assoc->ipsa_spi, assoc->ipsa_dstaddr, in esp_in_done()
1470 assoc->ipsa_addrfam, espstack->ipsecesp_netstack); in esp_in_done()
1479 esp_port_freshness(ira->ira_esp_udp_ports, assoc); in esp_in_done()
1483 esp_set_usetime(assoc, B_TRUE); in esp_in_done()
1485 if (!esp_age_bytes(assoc, processed_len, B_TRUE)) { in esp_in_done()
1490 assoc->ipsa_spi, assoc->ipsa_dstaddr, assoc->ipsa_addrfam, in esp_in_done()
1505 if (is_system_labeled() && assoc->ipsa_tsl != NULL) { in esp_in_done()
1506 if (!ip_recv_attr_replace_label(ira, assoc->ipsa_tsl)) { in esp_in_done()
1516 return (esp_fix_natt_checksums(data_mp, assoc)); in esp_in_done()
1518 if (assoc->ipsa_state == IPSA_STATE_IDLE) { in esp_in_done()
1523 sadb_buf_pkt(assoc, data_mp, ira); in esp_in_done()
1546 ipsa_t *assoc = ira->ira_ipsec_esp_sa; in esp_log_bad_auth() local
1559 assoc->ipsa_spi, assoc->ipsa_dstaddr, assoc->ipsa_addrfam, in esp_log_bad_auth()
1827 ipsa_t *assoc, uint_t esph_offset) in esp_submit_req_inbound() argument
1834 uint_t icv_len = assoc->ipsa_mac_len; in esp_submit_req_inbound()
1838 uint_t iv_len = assoc->ipsa_iv_len; in esp_submit_req_inbound()
1847 do_auth = assoc->ipsa_auth_alg != SADB_AALG_NONE; in esp_submit_req_inbound()
1848 do_encr = assoc->ipsa_encr_alg != SADB_EALG_NULL; in esp_submit_req_inbound()
1849 force = (assoc->ipsa_flags & IPSA_F_ASYNC); in esp_submit_req_inbound()
1874 if ((assoc->ipsa_flags & IPSA_F_COUNTERMODE) && in esp_submit_req_inbound()
1875 (assoc->ipsa_nonce == NULL)) { in esp_submit_req_inbound()
1905 IPSEC_CTX_TMPL(assoc, ipsa_authtmpl, IPSEC_ALG_AUTH, in esp_submit_req_inbound()
1922 kef_rc = crypto_mac_verify(&assoc->ipsa_amech, in esp_submit_req_inbound()
1924 &assoc->ipsa_kcfauthkey, auth_ctx_tmpl, in esp_submit_req_inbound()
1931 IPSEC_CTX_TMPL(assoc, ipsa_encrtmpl, IPSEC_ALG_ENCR, in esp_submit_req_inbound()
1935 (assoc->ipsa_noncefunc)(assoc, (uchar_t *)esph_ptr, encr_len, in esp_submit_req_inbound()
1947 &assoc->ipsa_kcfencrkey, encr_ctx_tmpl, in esp_submit_req_inbound()
1963 kef_rc = crypto_mac_verify_decrypt(&assoc->ipsa_amech, in esp_submit_req_inbound()
1964 &assoc->ipsa_emech, &ic->ic_crypto_dual_data, in esp_submit_req_inbound()
1965 &assoc->ipsa_kcfauthkey, &assoc->ipsa_kcfencrkey, in esp_submit_req_inbound()
2091 ipsecesp_send_keepalive(ipsa_t *assoc) in ipsecesp_send_keepalive() argument
2096 netstack_t *ns = assoc->ipsa_netstack; in ipsecesp_send_keepalive()
2098 ASSERT(MUTEX_NOT_HELD(&assoc->ipsa_lock)); in ipsecesp_send_keepalive()
2108 ipha->ipha_ident = *(((uint16_t *)(&assoc->ipsa_spi)) + 1); in ipsecesp_send_keepalive()
2113 ipha->ipha_src = assoc->ipsa_srcaddr[0]; in ipsecesp_send_keepalive()
2114 ipha->ipha_dst = assoc->ipsa_dstaddr[0]; in ipsecesp_send_keepalive()
2116 udpha->uha_src_port = (assoc->ipsa_local_nat_port != 0) ? in ipsecesp_send_keepalive()
2117 assoc->ipsa_local_nat_port : htons(IPPORT_IKE_NATT); in ipsecesp_send_keepalive()
2118 udpha->uha_dst_port = (assoc->ipsa_remote_nat_port != 0) ? in ipsecesp_send_keepalive()
2119 assoc->ipsa_remote_nat_port : htons(IPPORT_IKE_NATT); in ipsecesp_send_keepalive()
2149 esp_submit_req_outbound(mblk_t *data_mp, ip_xmit_attr_t *ixa, ipsa_t *assoc, in esp_submit_req_outbound() argument
2158 uint_t icv_len = assoc->ipsa_mac_len; in esp_submit_req_outbound()
2161 uint_t iv_len = assoc->ipsa_iv_len; in esp_submit_req_outbound()
2163 boolean_t is_natt = ((assoc->ipsa_flags & IPSA_F_NATT) != 0); in esp_submit_req_outbound()
2177 do_encr = assoc->ipsa_encr_alg != SADB_EALG_NULL; in esp_submit_req_outbound()
2178 do_auth = assoc->ipsa_auth_alg != SADB_AALG_NONE; in esp_submit_req_outbound()
2179 force = (assoc->ipsa_flags & IPSA_F_ASYNC); in esp_submit_req_outbound()
2204 if ((assoc->ipsa_flags & IPSA_F_COUNTERMODE) && in esp_submit_req_outbound()
2205 (assoc->ipsa_nonce == NULL)) { in esp_submit_req_outbound()
2237 IPSEC_CTX_TMPL(assoc, ipsa_authtmpl, IPSEC_ALG_AUTH, in esp_submit_req_outbound()
2253 kef_rc = crypto_mac(&assoc->ipsa_amech, in esp_submit_req_outbound()
2255 &assoc->ipsa_kcfauthkey, auth_ctx_tmpl, in esp_submit_req_outbound()
2262 IPSEC_CTX_TMPL(assoc, ipsa_encrtmpl, IPSEC_ALG_ENCR, in esp_submit_req_outbound()
2265 (assoc->ipsa_noncefunc)(assoc, (uchar_t *)esph_ptr, payload_len, in esp_submit_req_outbound()
2287 if (assoc->ipsa_flags & IPSA_F_COMBINED) { in esp_submit_req_outbound()
2299 &assoc->ipsa_kcfencrkey, encr_ctx_tmpl, in esp_submit_req_outbound()
2322 kef_rc = crypto_encrypt_mac(&assoc->ipsa_emech, in esp_submit_req_outbound()
2323 &assoc->ipsa_amech, NULL, in esp_submit_req_outbound()
2324 &assoc->ipsa_kcfencrkey, &assoc->ipsa_kcfauthkey, in esp_submit_req_outbound()
2333 esp_set_usetime(assoc, B_FALSE); in esp_submit_req_outbound()
2375 ipsa_t *assoc; in esp_outbound() local
2409 assoc = ixa->ixa_ipsec_esp_sa; in esp_outbound()
2410 ASSERT(assoc != NULL); in esp_outbound()
2415 if (is_system_labeled() && (assoc->ipsa_otsl != NULL)) { in esp_outbound()
2430 label_hold(assoc->ipsa_otsl); in esp_outbound()
2431 ip_xmit_attr_replace_tsl(ixa, assoc->ipsa_otsl); in esp_outbound()
2433 data_mp = sadb_whack_label(data_mp, assoc, ixa, in esp_outbound()
2491 mac_len = assoc->ipsa_mac_len; in esp_outbound()
2493 if (assoc->ipsa_flags & IPSA_F_NATT) { in esp_outbound()
2504 if (assoc->ipsa_encr_alg != SADB_EALG_NULL) { in esp_outbound()
2505 iv_len = assoc->ipsa_iv_len; in esp_outbound()
2506 block_size = assoc->ipsa_datalen; in esp_outbound()
2536 if (!esp_age_bytes(assoc, datalen + padlen + iv_len + 2, B_FALSE)) { in esp_outbound()
2565 udpha->uha_src_port = (assoc->ipsa_local_nat_port != 0) ? in esp_outbound()
2566 assoc->ipsa_local_nat_port : htons(IPPORT_IKE_NATT); in esp_outbound()
2567 udpha->uha_dst_port = (assoc->ipsa_remote_nat_port != 0) ? in esp_outbound()
2568 assoc->ipsa_remote_nat_port : htons(IPPORT_IKE_NATT); in esp_outbound()
2577 esph_ptr->esph_spi = assoc->ipsa_spi; in esp_outbound()
2579 esph_ptr->esph_replay = htonl(atomic_inc_32_nv(&assoc->ipsa_replay)); in esp_outbound()
2580 if (esph_ptr->esph_replay == 0 && assoc->ipsa_replay_wsize != 0) { in esp_outbound()
2588 esph_ptr->esph_spi, assoc->ipsa_dstaddr, af, in esp_outbound()
2592 sadb_replay_delete(assoc); in esp_outbound()
2624 if (!update_iv((uint8_t *)iv_ptr, espstack->esp_pfkey_q, assoc, in esp_outbound()
2718 data_mp = esp_submit_req_outbound(data_mp, ixa, assoc, icv_buf, in esp_outbound()
3090 if (sq.assoc->sadb_sa_flags & IPSA_F_INBOUND) { in esp_add_sa_finish()
3094 if (sq.assoc->sadb_sa_flags & IPSA_F_OUTBOUND) in esp_add_sa_finish()
3096 } else if (sq.assoc->sadb_sa_flags & IPSA_F_OUTBOUND) { in esp_add_sa_finish()
3109 sq.assoc->sadb_sa_flags |= IPSA_F_OUTBOUND; in esp_add_sa_finish()
3120 sq.assoc->sadb_sa_flags |= IPSA_F_INBOUND; in esp_add_sa_finish()
3135 sq.assoc->sadb_sa_flags |= IPSA_F_OUTBOUND; in esp_add_sa_finish()
3139 sq.assoc->sadb_sa_flags |= IPSA_F_INBOUND; in esp_add_sa_finish()
3196 larval = ipsec_getassocbyspi(sq.inbound, sq.assoc->sadb_sa_spi, in esp_add_sa_finish()
3320 sadb_sa_t *assoc = (sadb_sa_t *)ksi->ks_in_extv[SADB_EXT_SA]; local
3366 if (assoc == NULL) {
3370 if (ekey == NULL && assoc->sadb_sa_encrypt != SADB_EALG_NULL) {
3385 if ((assoc->sadb_sa_state != SADB_SASTATE_MATURE) &&
3386 (assoc->sadb_sa_state != SADB_X_SASTATE_ACTIVE_ELSEWHERE)) {
3390 if (assoc->sadb_sa_encrypt == SADB_EALG_NONE) {
3396 if (assoc->sadb_sa_encrypt == SADB_EALG_NULL &&
3397 assoc->sadb_sa_auth == SADB_AALG_NONE) {
3403 if (assoc->sadb_sa_flags & ~espstack->esp_sadb.s_addflags) {
3413 if (assoc->sadb_sa_flags & SADB_X_SAFLAGS_NATT_LOC) {
3426 if (assoc->sadb_sa_flags & SADB_X_SAFLAGS_NATT_REM) {
3458 if (akey != NULL && assoc->sadb_sa_auth != SADB_AALG_NONE) {
3465 [assoc->sadb_sa_auth];
3469 assoc->sadb_sa_auth));
3504 [assoc->sadb_sa_encrypt];
3508 assoc->sadb_sa_encrypt));
3525 if ((assoc->sadb_sa_encrypt == SADB_EALG_NULL) ||
3555 sadb_sa_t *assoc = (sadb_sa_t *)ksi->ks_in_extv[SADB_EXT_SA]; local
3571 if ((assoc->sadb_sa_state != SADB_X_SASTATE_ACTIVE) ||
3591 sadb_sa_t *assoc = (sadb_sa_t *)ksi->ks_in_extv[SADB_EXT_SA]; local
3598 if (assoc == NULL) {