xform_ah.c (282046) | xform_ah.c (285336) |
---|---|
1/* $FreeBSD: head/sys/netipsec/xform_ah.c 282046 2015-04-27 00:55:56Z ae $ */ | 1/* $FreeBSD: head/sys/netipsec/xform_ah.c 285336 2015-07-09 18:16:35Z gnn $ */ |
2/* $OpenBSD: ip_ah.c,v 1.63 2001/06/26 06:18:58 angelos Exp $ */ 3/*- 4 * The authors of this code are John Ioannidis (ji@tla.org), 5 * Angelos D. Keromytis (kermit@csd.uch.gr) and 6 * Niels Provos (provos@physnet.uni-hamburg.de). 7 * 8 * The original version of this code was written by John Ioannidis 9 * for BSD/OS in Athens, Greece, in November 1995. --- 67 unchanged lines hidden (view full) --- 77/* 78 * Return header size in bytes. The old protocol did not support 79 * the replay counter; the new protocol always includes the counter. 80 */ 81#define HDRSIZE(sav) \ 82 (((sav)->flags & SADB_X_EXT_OLD) ? \ 83 sizeof (struct ah) : sizeof (struct ah) + sizeof (u_int32_t)) 84/* | 2/* $OpenBSD: ip_ah.c,v 1.63 2001/06/26 06:18:58 angelos Exp $ */ 3/*- 4 * The authors of this code are John Ioannidis (ji@tla.org), 5 * Angelos D. Keromytis (kermit@csd.uch.gr) and 6 * Niels Provos (provos@physnet.uni-hamburg.de). 7 * 8 * The original version of this code was written by John Ioannidis 9 * for BSD/OS in Athens, Greece, in November 1995. --- 67 unchanged lines hidden (view full) --- 77/* 78 * Return header size in bytes. The old protocol did not support 79 * the replay counter; the new protocol always includes the counter. 80 */ 81#define HDRSIZE(sav) \ 82 (((sav)->flags & SADB_X_EXT_OLD) ? \ 83 sizeof (struct ah) : sizeof (struct ah) + sizeof (u_int32_t)) 84/* |
85 * Return authenticator size in bytes. The old protocol is known 86 * to use a fixed 16-byte authenticator. The new algorithm use 12-byte 87 * authenticator. | 85 * Return authenticator size in bytes, based on a field in the 86 * algorithm descriptor. |
88 */ | 87 */ |
89#define AUTHSIZE(sav) ah_authsize(sav) | 88#define AUTHSIZE(sav) \ 89 ((sav->flags & SADB_X_EXT_OLD) ? 16 : (sav)->tdb_authalgxform->hashsize) |
90 91VNET_DEFINE(int, ah_enable) = 1; /* control flow of packets with AH */ 92VNET_DEFINE(int, ah_cleartos) = 1; /* clear ip_tos when doing AH calc */ 93VNET_PCPUSTAT_DEFINE(struct ahstat, ahstat); 94VNET_PCPUSTAT_SYSINIT(ahstat); 95 96#ifdef VIMAGE 97VNET_PCPUSTAT_SYSUNINIT(ahstat); --- 9 unchanged lines hidden (view full) --- 107 ahstat, "AH statistics (struct ahstat, netipsec/ah_var.h)"); 108#endif 109 110static unsigned char ipseczeroes[256]; /* larger than an ip6 extension hdr */ 111 112static int ah_input_cb(struct cryptop*); 113static int ah_output_cb(struct cryptop*); 114 | 90 91VNET_DEFINE(int, ah_enable) = 1; /* control flow of packets with AH */ 92VNET_DEFINE(int, ah_cleartos) = 1; /* clear ip_tos when doing AH calc */ 93VNET_PCPUSTAT_DEFINE(struct ahstat, ahstat); 94VNET_PCPUSTAT_SYSINIT(ahstat); 95 96#ifdef VIMAGE 97VNET_PCPUSTAT_SYSUNINIT(ahstat); --- 9 unchanged lines hidden (view full) --- 107 ahstat, "AH statistics (struct ahstat, netipsec/ah_var.h)"); 108#endif 109 110static unsigned char ipseczeroes[256]; /* larger than an ip6 extension hdr */ 111 112static int ah_input_cb(struct cryptop*); 113static int ah_output_cb(struct cryptop*); 114 |
115static int 116ah_authsize(struct secasvar *sav) 117{ 118 119 IPSEC_ASSERT(sav != NULL, ("%s: sav == NULL", __func__)); 120 121 if (sav->flags & SADB_X_EXT_OLD) 122 return 16; 123 124 switch (sav->alg_auth) { 125 case SADB_X_AALG_SHA2_256: 126 return 16; 127 case SADB_X_AALG_SHA2_384: 128 return 24; 129 case SADB_X_AALG_SHA2_512: 130 return 32; 131 default: 132 return AH_HMAC_HASHLEN; 133 } 134 /* NOTREACHED */ 135} | |
136/* 137 * NB: this is public for use by the PF_KEY support. 138 */ 139struct auth_hash * 140ah_algorithm_lookup(int alg) 141{ 142 if (alg > SADB_AALG_MAX) 143 return NULL; --- 11 unchanged lines hidden (view full) --- 155 case SADB_X_AALG_SHA: 156 return &auth_hash_key_sha1; 157 case SADB_X_AALG_SHA2_256: 158 return &auth_hash_hmac_sha2_256; 159 case SADB_X_AALG_SHA2_384: 160 return &auth_hash_hmac_sha2_384; 161 case SADB_X_AALG_SHA2_512: 162 return &auth_hash_hmac_sha2_512; | 115/* 116 * NB: this is public for use by the PF_KEY support. 117 */ 118struct auth_hash * 119ah_algorithm_lookup(int alg) 120{ 121 if (alg > SADB_AALG_MAX) 122 return NULL; --- 11 unchanged lines hidden (view full) --- 134 case SADB_X_AALG_SHA: 135 return &auth_hash_key_sha1; 136 case SADB_X_AALG_SHA2_256: 137 return &auth_hash_hmac_sha2_256; 138 case SADB_X_AALG_SHA2_384: 139 return &auth_hash_hmac_sha2_384; 140 case SADB_X_AALG_SHA2_512: 141 return &auth_hash_hmac_sha2_512; |
142 case SADB_X_AALG_AES128GMAC: 143 return &auth_hash_nist_gmac_aes_128; 144 case SADB_X_AALG_AES192GMAC: 145 return &auth_hash_nist_gmac_aes_192; 146 case SADB_X_AALG_AES256GMAC: 147 return &auth_hash_nist_gmac_aes_256; |
|
163 } 164 return NULL; 165} 166 167size_t 168ah_hdrsiz(struct secasvar *sav) 169{ 170 size_t size; --- 1014 unchanged lines hidden --- | 148 } 149 return NULL; 150} 151 152size_t 153ah_hdrsiz(struct secasvar *sav) 154{ 155 size_t size; --- 1014 unchanged lines hidden --- |