summaryrefslogtreecommitdiffstats
path: root/sys/netinet6/esp_core.c
diff options
context:
space:
mode:
authorume <ume@FreeBSD.org>2003-10-13 14:57:41 +0000
committerume <ume@FreeBSD.org>2003-10-13 14:57:41 +0000
commitfd41336ef5a14e7f322b0a8af359c45ce03d4cc8 (patch)
tree2a5d44fe2e98a214421d56ae5f3dea9a73bd2413 /sys/netinet6/esp_core.c
parentb24bb74b9ee088f076e89f68095367a214f7cc1d (diff)
downloadFreeBSD-src-fd41336ef5a14e7f322b0a8af359c45ce03d4cc8.zip
FreeBSD-src-fd41336ef5a14e7f322b0a8af359c45ce03d4cc8.tar.gz
- support AES counter mode for ESP.
- use size_t as return type of schedlen(), as there's no error check needed. - clear key schedule buffer before freeing. Obtained from: KAME
Diffstat (limited to 'sys/netinet6/esp_core.c')
-rw-r--r--sys/netinet6/esp_core.c30
1 files changed, 18 insertions, 12 deletions
diff --git a/sys/netinet6/esp_core.c b/sys/netinet6/esp_core.c
index 148d9c4..bfb0713a 100644
--- a/sys/netinet6/esp_core.c
+++ b/sys/netinet6/esp_core.c
@@ -68,9 +68,11 @@
#include <netinet6/esp6.h>
#endif
#include <netinet6/esp_rijndael.h>
+#include <netinet6/esp_aesctr.h>
#include <net/pfkeyv2.h>
#include <netkey/keydb.h>
#include <netkey/key.h>
+
#include <crypto/des/des.h>
#include <crypto/blowfish/blowfish.h>
#include <crypto/cast128/cast128.h>
@@ -87,7 +89,7 @@ static int esp_descbc_ivlen __P((const struct esp_algorithm *,
struct secasvar *));
static int esp_des_schedule __P((const struct esp_algorithm *,
struct secasvar *));
-static int esp_des_schedlen __P((const struct esp_algorithm *));
+static size_t esp_des_schedlen __P((const struct esp_algorithm *));
static int esp_des_blockdecrypt __P((const struct esp_algorithm *,
struct secasvar *, u_int8_t *, u_int8_t *));
static int esp_des_blockencrypt __P((const struct esp_algorithm *,
@@ -95,21 +97,21 @@ static int esp_des_blockencrypt __P((const struct esp_algorithm *,
static int esp_cbc_mature __P((struct secasvar *));
static int esp_blowfish_schedule __P((const struct esp_algorithm *,
struct secasvar *));
-static int esp_blowfish_schedlen __P((const struct esp_algorithm *));
+static size_t esp_blowfish_schedlen __P((const struct esp_algorithm *));
static int esp_blowfish_blockdecrypt __P((const struct esp_algorithm *,
struct secasvar *, u_int8_t *, u_int8_t *));
static int esp_blowfish_blockencrypt __P((const struct esp_algorithm *,
struct secasvar *, u_int8_t *, u_int8_t *));
static int esp_cast128_schedule __P((const struct esp_algorithm *,
struct secasvar *));
-static int esp_cast128_schedlen __P((const struct esp_algorithm *));
+static size_t esp_cast128_schedlen __P((const struct esp_algorithm *));
static int esp_cast128_blockdecrypt __P((const struct esp_algorithm *,
struct secasvar *, u_int8_t *, u_int8_t *));
static int esp_cast128_blockencrypt __P((const struct esp_algorithm *,
struct secasvar *, u_int8_t *, u_int8_t *));
static int esp_3des_schedule __P((const struct esp_algorithm *,
struct secasvar *));
-static int esp_3des_schedlen __P((const struct esp_algorithm *));
+static size_t esp_3des_schedlen __P((const struct esp_algorithm *));
static int esp_3des_blockdecrypt __P((const struct esp_algorithm *,
struct secasvar *, u_int8_t *, u_int8_t *));
static int esp_3des_blockencrypt __P((const struct esp_algorithm *,
@@ -134,7 +136,7 @@ static const struct esp_algorithm esp_algorithms[] = {
esp_common_ivlen, esp_cbc_decrypt,
esp_cbc_encrypt, esp_3des_schedule,
esp_3des_blockdecrypt, esp_3des_blockencrypt, },
- { 1, 0, esp_null_mature, 0, 2048, 0, "null",
+ { 1, 0, esp_null_mature, 0, 2048, NULL, "null",
esp_common_ivlen, esp_null_decrypt,
esp_null_encrypt, NULL, },
{ 8, 8, esp_cbc_mature, 40, 448, esp_blowfish_schedlen, "blowfish-cbc",
@@ -151,6 +153,9 @@ static const struct esp_algorithm esp_algorithms[] = {
esp_common_ivlen, esp_cbc_decrypt,
esp_cbc_encrypt, esp_rijndael_schedule,
esp_rijndael_blockdecrypt, esp_rijndael_blockencrypt },
+ { 16, 8, esp_aesctr_mature, 160, 288, esp_aesctr_schedlen, "aes-ctr",
+ esp_common_ivlen, esp_aesctr_decrypt,
+ esp_aesctr_encrypt, esp_aesctr_schedule },
};
const struct esp_algorithm *
@@ -171,6 +176,8 @@ esp_algorithm_lookup(idx)
return &esp_algorithms[4];
case SADB_X_EALG_RIJNDAELCBC:
return &esp_algorithms[5];
+ case SADB_X_EALG_AESCTR:
+ return &esp_algorithms[6];
default:
return NULL;
}
@@ -216,8 +223,6 @@ esp_schedule(algo, sav)
return 0;
sav->schedlen = (*algo->schedlen)(algo);
- if (sav->schedlen < 0)
- return EINVAL;
sav->sched = malloc(sav->schedlen, M_SECA, M_NOWAIT);
if (!sav->sched) {
sav->schedlen = 0;
@@ -228,6 +233,7 @@ esp_schedule(algo, sav)
if (error) {
ipseclog((LOG_ERR, "esp_schedule %s: error %d\n",
algo->name, error));
+ bzero(sav->sched, sav->schedlen);
free(sav->sched, M_SECA);
sav->sched = NULL;
sav->schedlen = 0;
@@ -326,7 +332,7 @@ esp_descbc_ivlen(algo, sav)
return 8;
}
-static int
+static size_t
esp_des_schedlen(algo)
const struct esp_algorithm *algo;
{
@@ -443,7 +449,7 @@ esp_cbc_mature(sav)
return 0;
}
-static int
+static size_t
esp_blowfish_schedlen(algo)
const struct esp_algorithm *algo;
{
@@ -502,12 +508,12 @@ esp_blowfish_blockencrypt(algo, sav, s, d)
return 0;
}
-static int
+static size_t
esp_cast128_schedlen(algo)
const struct esp_algorithm *algo;
{
- return sizeof(u_int32_t) * 32;
+ return sizeof(cast128_key);
}
static int
@@ -545,7 +551,7 @@ esp_cast128_blockencrypt(algo, sav, s, d)
return 0;
}
-static int
+static size_t
esp_3des_schedlen(algo)
const struct esp_algorithm *algo;
{
OpenPOWER on IntegriCloud