Lines Matching refs:assoc
648 esp_age_bytes(ipsa_t *assoc, uint64_t bytes, boolean_t inbound) in esp_age_bytes() argument
655 netstack_t *ns = assoc->ipsa_netstack; in esp_age_bytes()
659 if (!assoc->ipsa_haspeer) { in esp_age_bytes()
660 return (sadb_age_bytes(espstack->esp_pfkey_q, assoc, bytes, in esp_age_bytes()
676 isv6 = (assoc->ipsa_addrfam == AF_INET6); in esp_age_bytes()
680 inassoc = assoc; in esp_age_bytes()
702 outassoc = assoc; in esp_age_bytes()
741 esp_fix_natt_checksums(mblk_t *data_mp, ipsa_t *assoc) in esp_fix_natt_checksums() argument
747 uint32_t sum = assoc->ipsa_inbound_cksum; in esp_fix_natt_checksums()
1044 esp_set_usetime(ipsa_t *assoc, boolean_t inbound) in esp_set_usetime() argument
1051 netstack_t *ns = assoc->ipsa_netstack; in esp_set_usetime()
1055 if (!assoc->ipsa_haspeer) { in esp_set_usetime()
1056 sadb_set_usetime(assoc); in esp_set_usetime()
1071 isv6 = (assoc->ipsa_addrfam == AF_INET6); in esp_set_usetime()
1075 inassoc = assoc; in esp_set_usetime()
1097 outassoc = assoc; in esp_set_usetime()
1367 sadb_sa_t *assoc; in esp_getspi() local
1474 assoc = (sadb_sa_t *)ksi->ks_in_extv[SADB_EXT_SPIRANGE]; in esp_getspi()
1475 assoc->sadb_sa_exttype = SADB_EXT_SA; in esp_getspi()
1476 assoc->sadb_sa_spi = newbie->ipsa_spi; in esp_getspi()
1477 *((uint64_t *)(&assoc->sadb_sa_replay)) = 0; in esp_getspi()
1572 esp_port_freshness(uint32_t ports, ipsa_t *assoc) in esp_port_freshness() argument
1578 ipsecesp_stack_t *espstack = assoc->ipsa_netstack->netstack_ipsecesp; in esp_port_freshness()
1583 ASSERT(assoc->ipsa_addrfam == AF_INET); in esp_port_freshness()
1593 if (remote == 0 || assoc->ipsa_otherspi == 0 || in esp_port_freshness()
1594 (assoc->ipsa_flags & IPSA_F_BEHIND_NAT) || in esp_port_freshness()
1595 (assoc->ipsa_remote_nat_port == 0 && in esp_port_freshness()
1597 remote == assoc->ipsa_remote_nat_port) in esp_port_freshness()
1602 assoc->ipsa_srcaddr[0]); in esp_port_freshness()
1604 outbound_peer = ipsec_getassocbyspi(bucket, assoc->ipsa_otherspi, in esp_port_freshness()
1605 assoc->ipsa_dstaddr, assoc->ipsa_srcaddr, AF_INET); in esp_port_freshness()
1621 mutex_enter(&assoc->ipsa_lock); in esp_port_freshness()
1622 outbound_peer->ipsa_remote_nat_port = assoc->ipsa_remote_nat_port = in esp_port_freshness()
1624 mutex_exit(&assoc->ipsa_lock); in esp_port_freshness()
1642 ipsa_t *assoc; in esp_in_done() local
1653 assoc = ira->ira_ipsec_esp_sa; in esp_in_done()
1654 ASSERT(assoc != NULL); in esp_in_done()
1656 is_natt = ((assoc->ipsa_flags & IPSA_F_NATT) != 0); in esp_in_done()
1659 if (assoc->ipsa_encr_alg == SADB_EALG_NULL) { in esp_in_done()
1665 ivlen = assoc->ipsa_iv_len; in esp_in_done()
1666 if (assoc->ipsa_auth_alg == SADB_AALG_NONE) { in esp_in_done()
1669 sizeof (esph_t) - assoc->ipsa_iv_len; in esp_in_done()
1682 if (assoc->ipsa_auth_alg != IPSA_AALG_NONE || in esp_in_done()
1683 (assoc->ipsa_flags & IPSA_F_COMBINED)) { in esp_in_done()
1691 data_mp->b_wptr -= assoc->ipsa_mac_len; in esp_in_done()
1700 if (!sadb_replay_check(assoc, esph->esph_replay)) { in esp_in_done()
1711 assoc->ipsa_spi, assoc->ipsa_dstaddr, in esp_in_done()
1712 assoc->ipsa_addrfam, espstack->ipsecesp_netstack); in esp_in_done()
1721 esp_port_freshness(ira->ira_esp_udp_ports, assoc); in esp_in_done()
1725 esp_set_usetime(assoc, B_TRUE); in esp_in_done()
1727 if (!esp_age_bytes(assoc, processed_len, B_TRUE)) { in esp_in_done()
1732 assoc->ipsa_spi, assoc->ipsa_dstaddr, assoc->ipsa_addrfam, in esp_in_done()
1747 if (is_system_labeled() && assoc->ipsa_tsl != NULL) { in esp_in_done()
1748 if (!ip_recv_attr_replace_label(ira, assoc->ipsa_tsl)) { in esp_in_done()
1758 return (esp_fix_natt_checksums(data_mp, assoc)); in esp_in_done()
1760 if (assoc->ipsa_state == IPSA_STATE_IDLE) { in esp_in_done()
1765 sadb_buf_pkt(assoc, data_mp, ira); in esp_in_done()
1788 ipsa_t *assoc = ira->ira_ipsec_esp_sa; in esp_log_bad_auth() local
1801 assoc->ipsa_spi, assoc->ipsa_dstaddr, assoc->ipsa_addrfam, in esp_log_bad_auth()
2071 ipsa_t *assoc, uint_t esph_offset) in esp_submit_req_inbound() argument
2078 uint_t icv_len = assoc->ipsa_mac_len; in esp_submit_req_inbound()
2082 uint_t iv_len = assoc->ipsa_iv_len; in esp_submit_req_inbound()
2090 do_auth = assoc->ipsa_auth_alg != SADB_AALG_NONE; in esp_submit_req_inbound()
2091 do_encr = assoc->ipsa_encr_alg != SADB_EALG_NULL; in esp_submit_req_inbound()
2092 force = (assoc->ipsa_flags & IPSA_F_ASYNC); in esp_submit_req_inbound()
2117 if ((assoc->ipsa_flags & IPSA_F_COUNTERMODE) && in esp_submit_req_inbound()
2118 (assoc->ipsa_nonce == NULL)) { in esp_submit_req_inbound()
2148 IPSEC_CTX_TMPL(assoc, ipsa_authtmpl, IPSEC_ALG_AUTH, in esp_submit_req_inbound()
2165 kef_rc = crypto_mac_verify(&assoc->ipsa_amech, in esp_submit_req_inbound()
2167 &assoc->ipsa_kcfauthkey, auth_ctx_tmpl, in esp_submit_req_inbound()
2174 IPSEC_CTX_TMPL(assoc, ipsa_encrtmpl, IPSEC_ALG_ENCR, in esp_submit_req_inbound()
2178 (assoc->ipsa_noncefunc)(assoc, (uchar_t *)esph_ptr, encr_len, in esp_submit_req_inbound()
2190 &assoc->ipsa_kcfencrkey, encr_ctx_tmpl, in esp_submit_req_inbound()
2206 kef_rc = crypto_mac_verify_decrypt(&assoc->ipsa_amech, in esp_submit_req_inbound()
2207 &assoc->ipsa_emech, &ic->ic_crypto_dual_data, in esp_submit_req_inbound()
2208 &assoc->ipsa_kcfauthkey, &assoc->ipsa_kcfencrkey, in esp_submit_req_inbound()
2334 ipsecesp_send_keepalive(ipsa_t *assoc) in ipsecesp_send_keepalive() argument
2339 netstack_t *ns = assoc->ipsa_netstack; in ipsecesp_send_keepalive()
2341 ASSERT(MUTEX_NOT_HELD(&assoc->ipsa_lock)); in ipsecesp_send_keepalive()
2351 ipha->ipha_ident = *(((uint16_t *)(&assoc->ipsa_spi)) + 1); in ipsecesp_send_keepalive()
2356 ipha->ipha_src = assoc->ipsa_srcaddr[0]; in ipsecesp_send_keepalive()
2357 ipha->ipha_dst = assoc->ipsa_dstaddr[0]; in ipsecesp_send_keepalive()
2359 udpha->uha_src_port = (assoc->ipsa_local_nat_port != 0) ? in ipsecesp_send_keepalive()
2360 assoc->ipsa_local_nat_port : htons(IPPORT_IKE_NATT); in ipsecesp_send_keepalive()
2361 udpha->uha_dst_port = (assoc->ipsa_remote_nat_port != 0) ? in ipsecesp_send_keepalive()
2362 assoc->ipsa_remote_nat_port : htons(IPPORT_IKE_NATT); in ipsecesp_send_keepalive()
2392 esp_submit_req_outbound(mblk_t *data_mp, ip_xmit_attr_t *ixa, ipsa_t *assoc, in esp_submit_req_outbound() argument
2401 uint_t icv_len = assoc->ipsa_mac_len; in esp_submit_req_outbound()
2404 uint_t iv_len = assoc->ipsa_iv_len; in esp_submit_req_outbound()
2406 boolean_t is_natt = ((assoc->ipsa_flags & IPSA_F_NATT) != 0); in esp_submit_req_outbound()
2419 do_encr = assoc->ipsa_encr_alg != SADB_EALG_NULL; in esp_submit_req_outbound()
2420 do_auth = assoc->ipsa_auth_alg != SADB_AALG_NONE; in esp_submit_req_outbound()
2421 force = (assoc->ipsa_flags & IPSA_F_ASYNC); in esp_submit_req_outbound()
2446 if ((assoc->ipsa_flags & IPSA_F_COUNTERMODE) && in esp_submit_req_outbound()
2447 (assoc->ipsa_nonce == NULL)) { in esp_submit_req_outbound()
2479 IPSEC_CTX_TMPL(assoc, ipsa_authtmpl, IPSEC_ALG_AUTH, in esp_submit_req_outbound()
2495 kef_rc = crypto_mac(&assoc->ipsa_amech, in esp_submit_req_outbound()
2497 &assoc->ipsa_kcfauthkey, auth_ctx_tmpl, in esp_submit_req_outbound()
2504 IPSEC_CTX_TMPL(assoc, ipsa_encrtmpl, IPSEC_ALG_ENCR, in esp_submit_req_outbound()
2507 (assoc->ipsa_noncefunc)(assoc, (uchar_t *)esph_ptr, payload_len, in esp_submit_req_outbound()
2529 if (assoc->ipsa_flags & IPSA_F_COMBINED) { in esp_submit_req_outbound()
2541 &assoc->ipsa_kcfencrkey, encr_ctx_tmpl, in esp_submit_req_outbound()
2564 kef_rc = crypto_encrypt_mac(&assoc->ipsa_emech, in esp_submit_req_outbound()
2565 &assoc->ipsa_amech, NULL, in esp_submit_req_outbound()
2566 &assoc->ipsa_kcfencrkey, &assoc->ipsa_kcfauthkey, in esp_submit_req_outbound()
2575 esp_set_usetime(assoc, B_FALSE); in esp_submit_req_outbound()
2617 ipsa_t *assoc; in esp_outbound() local
2651 assoc = ixa->ixa_ipsec_esp_sa; in esp_outbound()
2652 ASSERT(assoc != NULL); in esp_outbound()
2657 if (is_system_labeled() && (assoc->ipsa_otsl != NULL)) { in esp_outbound()
2672 label_hold(assoc->ipsa_otsl); in esp_outbound()
2673 ip_xmit_attr_replace_tsl(ixa, assoc->ipsa_otsl); in esp_outbound()
2675 data_mp = sadb_whack_label(data_mp, assoc, ixa, in esp_outbound()
2733 mac_len = assoc->ipsa_mac_len; in esp_outbound()
2735 if (assoc->ipsa_flags & IPSA_F_NATT) { in esp_outbound()
2746 if (assoc->ipsa_encr_alg != SADB_EALG_NULL) { in esp_outbound()
2747 iv_len = assoc->ipsa_iv_len; in esp_outbound()
2748 block_size = assoc->ipsa_datalen; in esp_outbound()
2778 if (!esp_age_bytes(assoc, datalen + padlen + iv_len + 2, B_FALSE)) { in esp_outbound()
2807 udpha->uha_src_port = (assoc->ipsa_local_nat_port != 0) ? in esp_outbound()
2808 assoc->ipsa_local_nat_port : htons(IPPORT_IKE_NATT); in esp_outbound()
2809 udpha->uha_dst_port = (assoc->ipsa_remote_nat_port != 0) ? in esp_outbound()
2810 assoc->ipsa_remote_nat_port : htons(IPPORT_IKE_NATT); in esp_outbound()
2819 esph_ptr->esph_spi = assoc->ipsa_spi; in esp_outbound()
2821 esph_ptr->esph_replay = htonl(atomic_inc_32_nv(&assoc->ipsa_replay)); in esp_outbound()
2822 if (esph_ptr->esph_replay == 0 && assoc->ipsa_replay_wsize != 0) { in esp_outbound()
2830 esph_ptr->esph_spi, assoc->ipsa_dstaddr, af, in esp_outbound()
2834 sadb_replay_delete(assoc); in esp_outbound()
2866 if (!update_iv((uint8_t *)iv_ptr, espstack->esp_pfkey_q, assoc, in esp_outbound()
2960 data_mp = esp_submit_req_outbound(data_mp, ixa, assoc, icv_buf, in esp_outbound()
3332 if (sq.assoc->sadb_sa_flags & IPSA_F_INBOUND) { in esp_add_sa_finish()
3336 if (sq.assoc->sadb_sa_flags & IPSA_F_OUTBOUND) in esp_add_sa_finish()
3338 } else if (sq.assoc->sadb_sa_flags & IPSA_F_OUTBOUND) { in esp_add_sa_finish()
3351 sq.assoc->sadb_sa_flags |= IPSA_F_OUTBOUND; in esp_add_sa_finish()
3362 sq.assoc->sadb_sa_flags |= IPSA_F_INBOUND; in esp_add_sa_finish()
3377 sq.assoc->sadb_sa_flags |= IPSA_F_OUTBOUND; in esp_add_sa_finish()
3381 sq.assoc->sadb_sa_flags |= IPSA_F_INBOUND; in esp_add_sa_finish()
3438 larval = ipsec_getassocbyspi(sq.inbound, sq.assoc->sadb_sa_spi, in esp_add_sa_finish()
3562 sadb_sa_t *assoc = (sadb_sa_t *)ksi->ks_in_extv[SADB_EXT_SA]; local
3608 if (assoc == NULL) {
3612 if (ekey == NULL && assoc->sadb_sa_encrypt != SADB_EALG_NULL) {
3627 if ((assoc->sadb_sa_state != SADB_SASTATE_MATURE) &&
3628 (assoc->sadb_sa_state != SADB_X_SASTATE_ACTIVE_ELSEWHERE)) {
3632 if (assoc->sadb_sa_encrypt == SADB_EALG_NONE) {
3638 if (assoc->sadb_sa_encrypt == SADB_EALG_NULL &&
3639 assoc->sadb_sa_auth == SADB_AALG_NONE) {
3645 if (assoc->sadb_sa_flags & ~espstack->esp_sadb.s_addflags) {
3655 if (assoc->sadb_sa_flags & SADB_X_SAFLAGS_NATT_LOC) {
3668 if (assoc->sadb_sa_flags & SADB_X_SAFLAGS_NATT_REM) {
3700 if (akey != NULL && assoc->sadb_sa_auth != SADB_AALG_NONE) {
3707 [assoc->sadb_sa_auth];
3711 assoc->sadb_sa_auth));
3746 [assoc->sadb_sa_encrypt];
3750 assoc->sadb_sa_encrypt));
3767 if ((assoc->sadb_sa_encrypt == SADB_EALG_NULL) ||
3797 sadb_sa_t *assoc = (sadb_sa_t *)ksi->ks_in_extv[SADB_EXT_SA]; local
3813 if ((assoc->sadb_sa_state != SADB_X_SASTATE_ACTIVE) ||
3833 sadb_sa_t *assoc = (sadb_sa_t *)ksi->ks_in_extv[SADB_EXT_SA]; local
3840 if (assoc == NULL) {