Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

do not hardcode maximum IV length.

This commit is contained in:
itojun 2000-09-26 08:37:38 +00:00
parent 26c512aade
commit 78f9775c35
3 changed files with 95 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
sys/netinet6/esp.h
View File

@ -1,5 +1,5 @@
/* $NetBSD: esp.h,v 1.12 2000/08/29 09:08:42 itojun Exp $ */
/* $KAME: esp.h,v 1.13 2000/08/28 08:29:54 itojun Exp $ */
/* $NetBSD: esp.h,v 1.13 2000/09/26 08:37:38 itojun Exp $ */
/* $KAME: esp.h,v 1.15 2000/09/20 18:15:22 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@ -78,7 +78,7 @@ struct esp_algorithm {
int (*mature) __P((struct secasvar *));
int keymin; /* in bits */
int keymax; /* in bits */
size_t schedlen;
int (*schedlen) __P((const struct esp_algorithm *));
const char *name;
int (*ivlen) __P((const struct esp_algorithm *, struct secasvar *));
int (*decrypt) __P((struct mbuf *, size_t,
@ -94,6 +94,7 @@ struct esp_algorithm {
};
extern const struct esp_algorithm *esp_algorithm_lookup __P((int));
extern int esp_max_ivlen __P((void));
/* crypt routines */
extern int esp4_output __P((struct mbuf *, struct ipsecrequest *));

117
sys/netinet6/esp_core.c
View File

@ -1,5 +1,5 @@
/* $NetBSD: esp_core.c,v 1.8 2000/09/18 21:57:35 itojun Exp $ */
/* $KAME: esp_core.c,v 1.41 2000/09/18 21:05:43 itojun Exp $ */
/* $NetBSD: esp_core.c,v 1.9 2000/09/26 08:37:38 itojun Exp $ */
/* $KAME: esp_core.c,v 1.44 2000/09/20 18:15:22 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@ -76,6 +76,7 @@ static int esp_descbc_ivlen __P((const struct esp_algorithm *,
struct secasvar *));
static int esp_des_schedule __P((const struct esp_algorithm *,
struct secasvar *));
static int esp_des_schedlen __P((const struct esp_algorithm *));
static int esp_des_blockdecrypt __P((const struct esp_algorithm *,
struct secasvar *, u_int8_t *, u_int8_t *));
static int esp_des_blockencrypt __P((const struct esp_algorithm *,
@ -83,18 +84,21 @@ static int esp_des_blockencrypt __P((const struct esp_algorithm *,
static int esp_cbc_mature __P((struct secasvar *));
static int esp_blowfish_schedule __P((const struct esp_algorithm *,
struct secasvar *));
static int esp_blowfish_schedlen __P((const struct esp_algorithm *));
static int esp_blowfish_blockdecrypt __P((const struct esp_algorithm *,
struct secasvar *, u_int8_t *, u_int8_t *));
static int esp_blowfish_blockencrypt __P((const struct esp_algorithm *,
struct secasvar *, u_int8_t *, u_int8_t *));
static int esp_cast128_schedule __P((const struct esp_algorithm *,
struct secasvar *));
static int esp_cast128_schedlen __P((const struct esp_algorithm *));
static int esp_cast128_blockdecrypt __P((const struct esp_algorithm *,
struct secasvar *, u_int8_t *, u_int8_t *));
static int esp_cast128_blockencrypt __P((const struct esp_algorithm *,
struct secasvar *, u_int8_t *, u_int8_t *));
static int esp_3des_schedule __P((const struct esp_algorithm *,
struct secasvar *));
static int esp_3des_schedlen __P((const struct esp_algorithm *));
static int esp_3des_blockdecrypt __P((const struct esp_algorithm *,
struct secasvar *, u_int8_t *, u_int8_t *));
static int esp_3des_blockencrypt __P((const struct esp_algorithm *,
@ -109,34 +113,35 @@ static void esp_increment_iv __P((struct secasvar *));
#define MAXIVLEN 16
static const struct esp_algorithm esp_algorithms[] = {
{ 8, -1, esp_descbc_mature, 64, 64, esp_des_schedlen,
"des-cbc",
esp_descbc_ivlen, esp_cbc_decrypt,
esp_cbc_encrypt, esp_des_schedule,
esp_des_blockdecrypt, esp_des_blockencrypt, },
{ 8, 8, esp_cbc_mature, 192, 192, esp_3des_schedlen,
"3des-cbc",
esp_common_ivlen, esp_cbc_decrypt,
esp_cbc_encrypt, esp_3des_schedule,
esp_3des_blockdecrypt, esp_3des_blockencrypt, },
{ 1, 0, esp_null_mature, 0, 2048, 0, "null",
esp_common_ivlen, esp_null_decrypt,
esp_null_encrypt, NULL, },
{ 8, 8, esp_cbc_mature, 40, 448, esp_blowfish_schedlen, "blowfish-cbc",
esp_common_ivlen, esp_cbc_decrypt,
esp_cbc_encrypt, esp_blowfish_schedule,
esp_blowfish_blockdecrypt, esp_blowfish_blockencrypt, },
{ 8, 8, esp_cbc_mature, 40, 128, esp_cast128_schedlen,
"cast128-cbc",
esp_common_ivlen, esp_cbc_decrypt,
esp_cbc_encrypt, esp_cast128_schedule,
esp_cast128_blockdecrypt, esp_cast128_blockencrypt, },
};
const struct esp_algorithm *
esp_algorithm_lookup(idx)
int idx;
{
static struct esp_algorithm esp_algorithms[] = {
{ 8, -1, esp_descbc_mature, 64, 64, sizeof(des_key_schedule),
"des-cbc",
esp_descbc_ivlen, esp_cbc_decrypt,
esp_cbc_encrypt, esp_des_schedule,
esp_des_blockdecrypt, esp_des_blockencrypt, },
{ 8, 8, esp_cbc_mature, 192, 192, sizeof(des_key_schedule) * 3,
"3des-cbc",
esp_common_ivlen, esp_cbc_decrypt,
esp_cbc_encrypt, esp_3des_schedule,
esp_3des_blockdecrypt, esp_3des_blockencrypt, },
{ 1, 0, esp_null_mature, 0, 2048, 0, "null",
esp_common_ivlen, esp_null_decrypt,
esp_null_encrypt, NULL, },
{ 8, 8, esp_cbc_mature, 40, 448, sizeof(BF_KEY), "blowfish-cbc",
esp_common_ivlen, esp_cbc_decrypt,
esp_cbc_encrypt, esp_blowfish_schedule,
esp_blowfish_blockdecrypt, esp_blowfish_blockencrypt, },
{ 8, 8, esp_cbc_mature, 40, 128, sizeof(u_int32_t) * 32,
"cast128-cbc",
esp_common_ivlen, esp_cbc_decrypt,
esp_cbc_encrypt, esp_cast128_schedule,
esp_cast128_blockdecrypt, esp_cast128_blockencrypt, },
};
switch (idx) {
case SADB_EALG_DESCBC:
@ -154,6 +159,22 @@ esp_algorithm_lookup(idx)
}
}
int
esp_max_ivlen()
{
int idx;
int ivlen;
ivlen = 0;
for (idx = 0; idx < sizeof(esp_algorithms)/sizeof(esp_algorithms[0]);
idx++) {
if (esp_algorithms[idx].ivlenval > ivlen)
ivlen = esp_algorithms[idx].ivlenval;
}
return ivlen;
}
int
esp_schedule(algo, sav)
const struct esp_algorithm *algo;
@ -175,13 +196,17 @@ esp_schedule(algo, sav)
if (sav->sched && sav->schedlen != 0)
return 0;
/* no schedule necessary */
if (!algo->schedule || algo->schedlen == 0)
if (!algo->schedule || !algo->schedlen)
return 0;
sav->sched = malloc(algo->schedlen, M_SECA, M_DONTWAIT);
if (!sav->sched)
sav->schedlen = (*algo->schedlen)(algo);
if (sav->schedlen < 0)
return EINVAL;
sav->sched = malloc(sav->schedlen, M_SECA, M_DONTWAIT);
if (!sav->sched) {
sav->schedlen = 0;
return ENOBUFS;
sav->schedlen = algo->schedlen;
}
error = (*algo->schedule)(algo, sav);
if (error) {
@ -285,6 +310,14 @@ esp_descbc_ivlen(algo, sav)
return 8;
}
static int
esp_des_schedlen(algo)
const struct esp_algorithm *algo;
{
return sizeof(des_key_schedule);
}
static int
esp_des_schedule(algo, sav)
const struct esp_algorithm *algo;
@ -385,6 +418,14 @@ esp_cbc_mature(sav)
return 0;
}
static int
esp_blowfish_schedlen(algo)
const struct esp_algorithm *algo;
{
return sizeof(BF_KEY);
}
static int
esp_blowfish_schedule(algo, sav)
const struct esp_algorithm *algo;
@ -436,6 +477,14 @@ esp_blowfish_blockencrypt(algo, sav, s, d)
return 0;
}
static int
esp_cast128_schedlen(algo)
const struct esp_algorithm *algo;
{
return sizeof(u_int32_t) * 32;
}
static int
esp_cast128_schedule(algo, sav)
const struct esp_algorithm *algo;
@ -476,6 +525,14 @@ esp_cast128_blockencrypt(algo, sav, s, d)
return 0;
}
static int
esp_3des_schedlen(algo)
const struct esp_algorithm *algo;
{
return sizeof(des_key_schedule) * 3;
}
static int
esp_3des_schedule(algo, sav)
const struct esp_algorithm *algo;

8
sys/netinet6/esp_output.c
View File

@ -1,5 +1,5 @@
/* $NetBSD: esp_output.c,v 1.7 2000/08/29 11:32:21 itojun Exp $ */
/* $KAME: esp_output.c,v 1.29 2000/08/29 11:22:48 itojun Exp $ */
/* $NetBSD: esp_output.c,v 1.8 2000/09/26 08:37:38 itojun Exp $ */
/* $KAME: esp_output.c,v 1.33 2000/09/19 15:15:12 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@ -137,12 +137,12 @@ esp_hdrsiz(isr)
/*
* ASSUMING:
* sizeof(struct newesp) > sizeof(struct esp).
* 8 = ivlen for CBC mode (RFC2451).
* esp_max_ivlen() = max ivlen for CBC mode
* 9 = (maximum padding length without random padding length)
* + (Pad Length field) + (Next Header field).
* 16 = maximum ICV we support.
*/
return sizeof(struct newesp) + 8 + 9 + 16;
return sizeof(struct newesp) + esp_max_ivlen() + 9 + 16;
}
/*