]>
Commit | Line | Data |
---|---|---|
76ed51e8 MT |
1 | packaging/utils/kernelpatch 2.6 |
2 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
3 | +++ linux/README.openswan-2 Mon Feb 9 13:51:03 2004 | |
4 | @@ -0,0 +1,112 @@ | |
5 | +* | |
6 | +* RCSID $Id: README.openswan-2,v 1.1 2003/12/10 01:07:49 mcr Exp $ | |
7 | +* | |
8 | + | |
9 | + **************************************** | |
10 | + * IPSEC for Linux, Release 2.xx series * | |
11 | + **************************************** | |
12 | + | |
13 | + | |
14 | + | |
15 | +1. Files | |
16 | + | |
17 | +The contents of linux/net/ipsec/ (see below) join the linux kernel source tree. | |
18 | +as provided for higher up. | |
19 | + | |
20 | +The programs/ directory contains the user-level utilities which you need | |
21 | +to run IPSEC. See the top-level top/INSTALL to compile and install them. | |
22 | + | |
23 | +The testing/ directory contains test scripts. | |
24 | + | |
25 | +The doc/ directory contains -- what else -- documentation. | |
26 | + | |
27 | +1.1. Kernel files | |
28 | + | |
29 | +The following are found in net/ipsec/: | |
30 | + | |
31 | +Makefile The Makefile | |
32 | +Config.in The configuration script for make menuconfig | |
33 | +defconfig Configuration defaults for first time. | |
34 | + | |
35 | +radij.c General-purpose radix-tree operations | |
36 | + | |
37 | +ipsec_ipcomp.c IPCOMP encapsulate/decapsulate code. | |
38 | +ipsec_ah.c Authentication Header (AH) encapsulate/decapsulate code. | |
39 | +ipsec_esp.c Encapsulated Security Payload (ESP) encap/decap code. | |
40 | + | |
41 | +pfkey_v2.c PF_KEYv2 socket interface code. | |
42 | +pfkey_v2_parser.c PF_KEYv2 message parsing and processing code. | |
43 | + | |
44 | +ipsec_init.c Initialization code, /proc interface. | |
45 | +ipsec_radij.c Interface with the radix tree code. | |
46 | +ipsec_netlink.c Interface with the netlink code. | |
47 | +ipsec_xform.c Routines and structures common to transforms. | |
48 | +ipsec_tunnel.c The outgoing packet processing code. | |
49 | +ipsec_rcv.c The incoming packet processing code. | |
50 | +ipsec_md5c.c Somewhat modified RSADSI MD5 C code. | |
51 | +ipsec_sha1.c Somewhat modified Steve Reid SHA-1 C code. | |
52 | + | |
53 | +sysctl_net_ipsec.c /proc/sys/net/ipsec/* variable definitions. | |
54 | + | |
55 | +version.c symbolic link to project version. | |
56 | + | |
57 | +radij.h Headers for radij.c | |
58 | + | |
59 | +ipcomp.h Headers used by IPCOMP code. | |
60 | + | |
61 | +ipsec_radij.h Interface with the radix tree code. | |
62 | +ipsec_netlink.h Headers used by the netlink interface. | |
63 | +ipsec_encap.h Headers defining encapsulation structures. | |
64 | +ipsec_xform.h Transform headers. | |
65 | +ipsec_tunnel.h Headers used by tunneling code. | |
66 | +ipsec_ipe4.h Headers for the IP-in-IP code. | |
67 | +ipsec_ah.h Headers common to AH transforms. | |
68 | +ipsec_md5h.h RSADSI MD5 headers. | |
69 | +ipsec_sha1.h SHA-1 headers. | |
70 | +ipsec_esp.h Headers common to ESP transfroms. | |
71 | +ipsec_rcv.h Headers for incoming packet processing code. | |
72 | + | |
73 | +1.2. User-level files. | |
74 | + | |
75 | +The following are found in utils/: | |
76 | + | |
77 | +eroute.c Create an "extended route" source code | |
78 | +spi.c Set up Security Associations source code | |
79 | +spigrp.c Link SPIs together source code. | |
80 | +tncfg.c Configure the tunneling features of the virtual interface | |
81 | + source code | |
82 | +klipsdebug.c Set/reset klips debugging features source code. | |
83 | +version.c symbolic link to project version. | |
84 | + | |
85 | +eroute.8 Create an "extended route" manual page | |
86 | +spi.8 Set up Security Associations manual page | |
87 | +spigrp.8 Link SPIs together manual page | |
88 | +tncfg.8 Configure the tunneling features of the virtual interface | |
89 | + manual page | |
90 | +klipsdebug.8 Set/reset klips debugging features manual page | |
91 | + | |
92 | +eroute.5 /proc/net/ipsec_eroute format manual page | |
93 | +spi.5 /proc/net/ipsec_spi format manual page | |
94 | +spigrp.5 /proc/net/ipsec_spigrp format manual page | |
95 | +tncfg.5 /proc/net/ipsec_tncfg format manual page | |
96 | +klipsdebug.5 /proc/net/ipsec_klipsdebug format manual page | |
97 | +version.5 /proc/net/ipsec_version format manual page | |
98 | +pf_key.5 /proc/net/pf_key format manual page | |
99 | + | |
100 | +Makefile Utilities makefile. | |
101 | + | |
102 | +*.8 Manpages for the respective utils. | |
103 | + | |
104 | + | |
105 | +1.3. Test files | |
106 | + | |
107 | +The test scripts are locate in testing/ and and documentation is found | |
108 | +at doc/src/umltesting.html. Automated testing via "make check" is available | |
109 | +provided that the User-Mode-Linux patches are available. | |
110 | + | |
111 | +* | |
112 | +* $Log: README.openswan-2,v $ | |
113 | +* Revision 1.1 2003/12/10 01:07:49 mcr | |
114 | +* documentation for additions. | |
115 | +* | |
116 | +* | |
117 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
118 | +++ linux/crypto/ciphers/aes/test_main.c Mon Feb 9 13:51:03 2004 | |
119 | @@ -0,0 +1,41 @@ | |
120 | +#include <stdio.h> | |
121 | +#include <string.h> | |
122 | +#include <sys/types.h> | |
123 | +#include "aes_cbc.h" | |
124 | +#define AES_BLOCK_SIZE 16 | |
125 | +#define KEY_SIZE 128 /* bits */ | |
126 | +#define KEY "1234567890123456" | |
127 | +#define STR "hola guaso como estaisss ... 012" | |
128 | +#define STRSZ (sizeof(STR)-1) | |
129 | + | |
130 | +#define EMT_AESCBC_BLKLEN AES_BLOCK_SIZE | |
131 | +#define AES_CONTEXT_T aes_context | |
132 | +#define EMT_ESPAES_KEY_SZ 16 | |
133 | +int pretty_print(const unsigned char *buf, int count) { | |
134 | + int i=0; | |
135 | + for (;i<count;i++) { | |
136 | + if (i%8==0) putchar(' '); | |
137 | + if (i%16==0) putchar('\n'); | |
138 | + printf ("%02hhx ", buf[i]); | |
139 | + } | |
140 | + putchar('\n'); | |
141 | + return i; | |
142 | +} | |
143 | +//#define SIZE STRSZ/2 | |
144 | +#define SIZE STRSZ | |
145 | +int main() { | |
146 | + int ret; | |
147 | + char buf0[SIZE+1], buf1[SIZE+1]; | |
148 | + char IV[AES_BLOCK_SIZE]="\0\0\0\0\0\0\0\0" "\0\0\0\0\0\0\0\0"; | |
149 | + aes_context ac; | |
150 | + AES_set_key(&ac, KEY, KEY_SIZE); | |
151 | + //pretty_print((char *)&ac.aes_e_key, sizeof(ac.aes_e_key)); | |
152 | + memset(buf0, 0, sizeof (buf0)); | |
153 | + memset(buf1, 0, sizeof (buf1)); | |
154 | + ret=AES_cbc_encrypt(&ac, STR, buf0, SIZE, IV, 1); | |
155 | + pretty_print(buf0, SIZE); | |
156 | + printf("size=%d ret=%d\n%s\n", SIZE, ret, buf0); | |
157 | + ret=AES_cbc_encrypt(&ac, buf0, buf1, SIZE, IV, 0); | |
158 | + printf("size=%d ret=%d\n%s\n", SIZE, ret, buf1); | |
159 | + return 0; | |
160 | +} | |
161 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
162 | +++ linux/crypto/ciphers/aes/test_main_mac.c Mon Feb 9 13:51:03 2004 | |
163 | @@ -0,0 +1,30 @@ | |
164 | +#include <stdio.h> | |
165 | +#include <sys/types.h> | |
166 | +#include <string.h> | |
167 | +#include "aes.h" | |
168 | +#include "aes_xcbc_mac.h" | |
169 | +#define STR "Hola guasssso c|mo estais ...012" | |
170 | +void print_hash(const __u8 *hash) { | |
171 | + printf("%08x %08x %08x %08x\n", | |
172 | + *(__u32*)(&hash[0]), | |
173 | + *(__u32*)(&hash[4]), | |
174 | + *(__u32*)(&hash[8]), | |
175 | + *(__u32*)(&hash[12])); | |
176 | +} | |
177 | +int main(int argc, char *argv[]) { | |
178 | + aes_block key= { 0xdeadbeef, 0xceedcaca, 0xcafebabe, 0xff010204 }; | |
179 | + __u8 hash[16]; | |
180 | + char *str = argv[1]; | |
181 | + aes_context_mac ctx; | |
182 | + if (str==NULL) { | |
183 | + fprintf(stderr, "pasame el str\n"); | |
184 | + return 255; | |
185 | + } | |
186 | + AES_xcbc_mac_set_key(&ctx, (__u8 *)&key, sizeof(key)); | |
187 | + AES_xcbc_mac_hash(&ctx, str, strlen(str), hash); | |
188 | + print_hash(hash); | |
189 | + str[2]='x'; | |
190 | + AES_xcbc_mac_hash(&ctx, str, strlen(str), hash); | |
191 | + print_hash(hash); | |
192 | + return 0; | |
193 | +} | |
194 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
195 | +++ linux/include/crypto/aes.h Mon Feb 9 13:51:03 2004 | |
196 | @@ -0,0 +1,97 @@ | |
197 | +// I retain copyright in this code but I encourage its free use provided | |
198 | +// that I don't carry any responsibility for the results. I am especially | |
199 | +// happy to see it used in free and open source software. If you do use | |
200 | +// it I would appreciate an acknowledgement of its origin in the code or | |
201 | +// the product that results and I would also appreciate knowing a little | |
202 | +// about the use to which it is being put. I am grateful to Frank Yellin | |
203 | +// for some ideas that are used in this implementation. | |
204 | +// | |
205 | +// Dr B. R. Gladman <brg@gladman.uk.net> 6th April 2001. | |
206 | +// | |
207 | +// This is an implementation of the AES encryption algorithm (Rijndael) | |
208 | +// designed by Joan Daemen and Vincent Rijmen. This version is designed | |
209 | +// to provide both fixed and dynamic block and key lengths and can also | |
210 | +// run with either big or little endian internal byte order (see aes.h). | |
211 | +// It inputs block and key lengths in bytes with the legal values being | |
212 | +// 16, 24 and 32. | |
213 | + | |
214 | +/* | |
215 | + * Modified by Jari Ruusu, May 1 2001 | |
216 | + * - Fixed some compile warnings, code was ok but gcc warned anyway. | |
217 | + * - Changed basic types: byte -> unsigned char, word -> u_int32_t | |
218 | + * - Major name space cleanup: Names visible to outside now begin | |
219 | + * with "aes_" or "AES_". A lot of stuff moved from aes.h to aes.c | |
220 | + * - Removed C++ and DLL support as part of name space cleanup. | |
221 | + * - Eliminated unnecessary recomputation of tables. (actual bug fix) | |
222 | + * - Merged precomputed constant tables to aes.c file. | |
223 | + * - Removed data alignment restrictions for portability reasons. | |
224 | + * - Made block and key lengths accept bit count (128/192/256) | |
225 | + * as well byte count (16/24/32). | |
226 | + * - Removed all error checks. This change also eliminated the need | |
227 | + * to preinitialize the context struct to zero. | |
228 | + * - Removed some totally unused constants. | |
229 | + */ | |
230 | + | |
231 | +#ifndef _AES_H | |
232 | +#define _AES_H | |
233 | + | |
234 | +#if defined(__linux__) && defined(__KERNEL__) | |
235 | +# include <linux/types.h> | |
236 | +#else | |
237 | +# include <sys/types.h> | |
238 | +#endif | |
239 | + | |
240 | +// CONFIGURATION OPTIONS (see also aes.c) | |
241 | +// | |
242 | +// Define AES_BLOCK_SIZE to set the cipher block size (16, 24 or 32) or | |
243 | +// leave this undefined for dynamically variable block size (this will | |
244 | +// result in much slower code). | |
245 | +// IMPORTANT NOTE: AES_BLOCK_SIZE is in BYTES (16, 24, 32 or undefined). If | |
246 | +// left undefined a slower version providing variable block length is compiled | |
247 | + | |
248 | +#define AES_BLOCK_SIZE 16 | |
249 | + | |
250 | +// The number of key schedule words for different block and key lengths | |
251 | +// allowing for method of computation which requires the length to be a | |
252 | +// multiple of the key length | |
253 | +// | |
254 | +// Nk = 4 6 8 | |
255 | +// ------------- | |
256 | +// Nb = 4 | 60 60 64 | |
257 | +// 6 | 96 90 96 | |
258 | +// 8 | 120 120 120 | |
259 | + | |
260 | +#if !defined(AES_BLOCK_SIZE) || (AES_BLOCK_SIZE == 32) | |
261 | +#define AES_KS_LENGTH 120 | |
262 | +#define AES_RC_LENGTH 29 | |
263 | +#else | |
264 | +#define AES_KS_LENGTH 4 * AES_BLOCK_SIZE | |
265 | +#define AES_RC_LENGTH (9 * AES_BLOCK_SIZE) / 8 - 8 | |
266 | +#endif | |
267 | + | |
268 | +typedef struct | |
269 | +{ | |
270 | + u_int32_t aes_Nkey; // the number of words in the key input block | |
271 | + u_int32_t aes_Nrnd; // the number of cipher rounds | |
272 | + u_int32_t aes_e_key[AES_KS_LENGTH]; // the encryption key schedule | |
273 | + u_int32_t aes_d_key[AES_KS_LENGTH]; // the decryption key schedule | |
274 | +#if !defined(AES_BLOCK_SIZE) | |
275 | + u_int32_t aes_Ncol; // the number of columns in the cipher state | |
276 | +#endif | |
277 | +} aes_context; | |
278 | + | |
279 | +// THE CIPHER INTERFACE | |
280 | + | |
281 | +#if !defined(AES_BLOCK_SIZE) | |
282 | +extern void aes_set_blk(aes_context *, const int); | |
283 | +#endif | |
284 | +extern void aes_set_key(aes_context *, const unsigned char [], const int, const int); | |
285 | +extern void aes_encrypt(const aes_context *, const unsigned char [], unsigned char []); | |
286 | +extern void aes_decrypt(const aes_context *, const unsigned char [], unsigned char []); | |
287 | + | |
288 | +// The block length inputs to aes_set_block and aes_set_key are in numbers | |
289 | +// of bytes or bits. The calls to subroutines must be made in the above | |
290 | +// order but multiple calls can be made without repeating earlier calls | |
291 | +// if their parameters have not changed. | |
292 | + | |
293 | +#endif // _AES_H | |
294 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
295 | +++ linux/include/crypto/aes_cbc.h Mon Feb 9 13:51:03 2004 | |
296 | @@ -0,0 +1,4 @@ | |
297 | +/* Glue header */ | |
298 | +#include "aes.h" | |
299 | +int AES_set_key(aes_context *aes_ctx, const u_int8_t * key, int keysize); | |
300 | +int AES_cbc_encrypt(aes_context *ctx, const u_int8_t * in, u_int8_t * out, int ilen, const u_int8_t * iv, int encrypt); | |
301 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
302 | +++ linux/include/crypto/aes_xcbc_mac.h Mon Feb 9 13:51:03 2004 | |
303 | @@ -0,0 +1,12 @@ | |
304 | +#ifndef _AES_XCBC_MAC_H | |
305 | +#define _AES_XCBC_MAC_H | |
306 | + | |
307 | +typedef u_int32_t aes_block[4]; | |
308 | +typedef struct { | |
309 | + aes_context ctx_k1; | |
310 | + aes_block k2; | |
311 | + aes_block k3; | |
312 | +} aes_context_mac; | |
313 | +int AES_xcbc_mac_set_key(aes_context_mac *ctxm, const u_int8_t *key, int keylen); | |
314 | +int AES_xcbc_mac_hash(const aes_context_mac *ctxm, const u_int8_t * in, int ilen, u_int8_t hash[16]); | |
315 | +#endif /* _AES_XCBC_MAC_H */ | |
316 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
317 | +++ linux/include/crypto/cbc_generic.h Mon Feb 9 13:51:03 2004 | |
318 | @@ -0,0 +1,110 @@ | |
319 | +#ifndef _CBC_GENERIC_H | |
320 | +#define _CBC_GENERIC_H | |
321 | +/* | |
322 | + * CBC macro helpers | |
323 | + * | |
324 | + * Author: JuanJo Ciarlante <jjo-ipsec@mendoza.gov.ar> | |
325 | + * | |
326 | + * This program is free software; you can redistribute it and/or modify it | |
327 | + * under the terms of the GNU General Public License as published by the | |
328 | + * Free Software Foundation; either version 2 of the License, or (at your | |
329 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
330 | + * | |
331 | + * This program is distributed in the hope that it will be useful, but | |
332 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
333 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
334 | + * for more details. | |
335 | + * | |
336 | + */ | |
337 | + | |
338 | +/* | |
339 | + * Heavily inspired in loop_AES | |
340 | + */ | |
341 | +#define CBC_IMPL_BLK16(name, ctx_type, addr_type, enc_func, dec_func) \ | |
342 | +int name(ctx_type *ctx, const u_int8_t * in, u_int8_t * out, int ilen, const u_int8_t * iv, int encrypt) { \ | |
343 | + int ret=ilen, pos; \ | |
344 | + const u_int32_t *iv_i; \ | |
345 | + if ((ilen) % 16) return 0; \ | |
346 | + if (encrypt) { \ | |
347 | + pos=0; \ | |
348 | + while(pos<ilen) { \ | |
349 | + if (pos==0) \ | |
350 | + iv_i=(const u_int32_t*) iv; \ | |
351 | + else \ | |
352 | + iv_i=(const u_int32_t*) (out-16); \ | |
353 | + *((u_int32_t *)(&out[ 0])) = iv_i[0]^*((const u_int32_t *)(&in[ 0])); \ | |
354 | + *((u_int32_t *)(&out[ 4])) = iv_i[1]^*((const u_int32_t *)(&in[ 4])); \ | |
355 | + *((u_int32_t *)(&out[ 8])) = iv_i[2]^*((const u_int32_t *)(&in[ 8])); \ | |
356 | + *((u_int32_t *)(&out[12])) = iv_i[3]^*((const u_int32_t *)(&in[12])); \ | |
357 | + enc_func(ctx, (addr_type) out, (addr_type) out); \ | |
358 | + in+=16; \ | |
359 | + out+=16; \ | |
360 | + pos+=16; \ | |
361 | + } \ | |
362 | + } else { \ | |
363 | + pos=ilen-16; \ | |
364 | + in+=pos; \ | |
365 | + out+=pos; \ | |
366 | + while(pos>=0) { \ | |
367 | + dec_func(ctx, (const addr_type) in, (addr_type) out); \ | |
368 | + if (pos==0) \ | |
369 | + iv_i=(const u_int32_t*) (iv); \ | |
370 | + else \ | |
371 | + iv_i=(const u_int32_t*) (in-16); \ | |
372 | + *((u_int32_t *)(&out[ 0])) ^= iv_i[0]; \ | |
373 | + *((u_int32_t *)(&out[ 4])) ^= iv_i[1]; \ | |
374 | + *((u_int32_t *)(&out[ 8])) ^= iv_i[2]; \ | |
375 | + *((u_int32_t *)(&out[12])) ^= iv_i[3]; \ | |
376 | + in-=16; \ | |
377 | + out-=16; \ | |
378 | + pos-=16; \ | |
379 | + } \ | |
380 | + } \ | |
381 | + return ret; \ | |
382 | +} | |
383 | +#define CBC_IMPL_BLK8(name, ctx_type, addr_type, enc_func, dec_func) \ | |
384 | +int name(ctx_type *ctx, u_int8_t * in, u_int8_t * out, int ilen, const u_int8_t * iv, int encrypt) { \ | |
385 | + int ret=ilen, pos; \ | |
386 | + const u_int32_t *iv_i; \ | |
387 | + if ((ilen) % 8) return 0; \ | |
388 | + if (encrypt) { \ | |
389 | + pos=0; \ | |
390 | + while(pos<ilen) { \ | |
391 | + if (pos==0) \ | |
392 | + iv_i=(const u_int32_t*) iv; \ | |
393 | + else \ | |
394 | + iv_i=(const u_int32_t*) (out-8); \ | |
395 | + *((u_int32_t *)(&out[ 0])) = iv_i[0]^*((const u_int32_t *)(&in[ 0])); \ | |
396 | + *((u_int32_t *)(&out[ 4])) = iv_i[1]^*((const u_int32_t *)(&in[ 4])); \ | |
397 | + enc_func(ctx, (addr_type)out, (addr_type)out); \ | |
398 | + in+=8; \ | |
399 | + out+=8; \ | |
400 | + pos+=8; \ | |
401 | + } \ | |
402 | + } else { \ | |
403 | + pos=ilen-8; \ | |
404 | + in+=pos; \ | |
405 | + out+=pos; \ | |
406 | + while(pos>=0) { \ | |
407 | + dec_func(ctx, (const addr_type)in, (addr_type)out); \ | |
408 | + if (pos==0) \ | |
409 | + iv_i=(const u_int32_t*) (iv); \ | |
410 | + else \ | |
411 | + iv_i=(const u_int32_t*) (in-8); \ | |
412 | + *((u_int32_t *)(&out[ 0])) ^= iv_i[0]; \ | |
413 | + *((u_int32_t *)(&out[ 4])) ^= iv_i[1]; \ | |
414 | + in-=8; \ | |
415 | + out-=8; \ | |
416 | + pos-=8; \ | |
417 | + } \ | |
418 | + } \ | |
419 | + return ret; \ | |
420 | +} | |
421 | +#define CBC_DECL(name, ctx_type) \ | |
422 | +int name(ctx_type *ctx, u_int8_t * in, u_int8_t * out, int ilen, const u_int8_t * iv, int encrypt) | |
423 | +/* | |
424 | +Eg.: | |
425 | +CBC_IMPL_BLK16(AES_cbc_encrypt, aes_context, u_int8_t *, aes_encrypt, aes_decrypt); | |
426 | +CBC_DECL(AES_cbc_encrypt, aes_context); | |
427 | +*/ | |
428 | +#endif /* _CBC_GENERIC_H */ | |
429 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
430 | +++ linux/include/crypto/des.h Mon Feb 9 13:51:03 2004 | |
431 | @@ -0,0 +1,298 @@ | |
432 | +/* crypto/des/des.org */ | |
433 | +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) | |
434 | + * All rights reserved. | |
435 | + * | |
436 | + * This package is an SSL implementation written | |
437 | + * by Eric Young (eay@cryptsoft.com). | |
438 | + * The implementation was written so as to conform with Netscapes SSL. | |
439 | + * | |
440 | + * This library is free for commercial and non-commercial use as long as | |
441 | + * the following conditions are aheared to. The following conditions | |
442 | + * apply to all code found in this distribution, be it the RC4, RSA, | |
443 | + * lhash, DES, etc., code; not just the SSL code. The SSL documentation | |
444 | + * included with this distribution is covered by the same copyright terms | |
445 | + * except that the holder is Tim Hudson (tjh@cryptsoft.com). | |
446 | + * | |
447 | + * Copyright remains Eric Young's, and as such any Copyright notices in | |
448 | + * the code are not to be removed. | |
449 | + * If this package is used in a product, Eric Young should be given attribution | |
450 | + * as the author of the parts of the library used. | |
451 | + * This can be in the form of a textual message at program startup or | |
452 | + * in documentation (online or textual) provided with the package. | |
453 | + * | |
454 | + * Redistribution and use in source and binary forms, with or without | |
455 | + * modification, are permitted provided that the following conditions | |
456 | + * are met: | |
457 | + * 1. Redistributions of source code must retain the copyright | |
458 | + * notice, this list of conditions and the following disclaimer. | |
459 | + * 2. Redistributions in binary form must reproduce the above copyright | |
460 | + * notice, this list of conditions and the following disclaimer in the | |
461 | + * documentation and/or other materials provided with the distribution. | |
462 | + * 3. All advertising materials mentioning features or use of this software | |
463 | + * must display the following acknowledgement: | |
464 | + * "This product includes cryptographic software written by | |
465 | + * Eric Young (eay@cryptsoft.com)" | |
466 | + * The word 'cryptographic' can be left out if the rouines from the library | |
467 | + * being used are not cryptographic related :-). | |
468 | + * 4. If you include any Windows specific code (or a derivative thereof) from | |
469 | + * the apps directory (application code) you must include an acknowledgement: | |
470 | + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | |
471 | + * | |
472 | + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | |
473 | + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
474 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
475 | + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |
476 | + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
477 | + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
478 | + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
479 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
480 | + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
481 | + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
482 | + * SUCH DAMAGE. | |
483 | + * | |
484 | + * The licence and distribution terms for any publically available version or | |
485 | + * derivative of this code cannot be changed. i.e. this code cannot simply be | |
486 | + * copied and put under another distribution licence | |
487 | + * [including the GNU Public Licence.] | |
488 | + */ | |
489 | + | |
490 | +/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING | |
491 | + * | |
492 | + * Always modify des.org since des.h is automatically generated from | |
493 | + * it during SSLeay configuration. | |
494 | + * | |
495 | + * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING | |
496 | + */ | |
497 | + | |
498 | +#ifndef HEADER_DES_H | |
499 | +#define HEADER_DES_H | |
500 | + | |
501 | +#ifdef __cplusplus | |
502 | +extern "C" { | |
503 | +#endif | |
504 | + | |
505 | + | |
506 | +/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a | |
507 | + * %20 speed up (longs are 8 bytes, int's are 4). */ | |
508 | +/* Must be unsigned int on ia64/Itanium or DES breaks badly */ | |
509 | + | |
510 | +#ifdef __KERNEL__ | |
511 | +#include <linux/types.h> | |
512 | +#else | |
513 | +#include <sys/types.h> | |
514 | +#endif | |
515 | + | |
516 | +#ifndef DES_LONG | |
517 | +#define DES_LONG u_int32_t | |
518 | +#endif | |
519 | + | |
520 | +typedef unsigned char des_cblock[8]; | |
521 | +typedef struct { des_cblock ks; } des_key_schedule[16]; | |
522 | + | |
523 | +#define DES_KEY_SZ (sizeof(des_cblock)) | |
524 | +#define DES_SCHEDULE_SZ (sizeof(des_key_schedule)) | |
525 | + | |
526 | +#define DES_ENCRYPT 1 | |
527 | +#define DES_DECRYPT 0 | |
528 | + | |
529 | +#define DES_CBC_MODE 0 | |
530 | +#define DES_PCBC_MODE 1 | |
531 | + | |
532 | +#define des_ecb2_encrypt(i,o,k1,k2,e) \ | |
533 | + des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e)) | |
534 | + | |
535 | +#define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \ | |
536 | + des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e)) | |
537 | + | |
538 | +#define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \ | |
539 | + des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e)) | |
540 | + | |
541 | +#define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \ | |
542 | + des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n)) | |
543 | + | |
544 | +#define C_Block des_cblock | |
545 | +#define Key_schedule des_key_schedule | |
546 | +#ifdef KERBEROS | |
547 | +#define ENCRYPT DES_ENCRYPT | |
548 | +#define DECRYPT DES_DECRYPT | |
549 | +#endif | |
550 | +#define KEY_SZ DES_KEY_SZ | |
551 | +#define string_to_key des_string_to_key | |
552 | +#define read_pw_string des_read_pw_string | |
553 | +#define random_key des_random_key | |
554 | +#define pcbc_encrypt des_pcbc_encrypt | |
555 | +#define set_key des_set_key | |
556 | +#define key_sched des_key_sched | |
557 | +#define ecb_encrypt des_ecb_encrypt | |
558 | +#define cbc_encrypt des_cbc_encrypt | |
559 | +#define ncbc_encrypt des_ncbc_encrypt | |
560 | +#define xcbc_encrypt des_xcbc_encrypt | |
561 | +#define cbc_cksum des_cbc_cksum | |
562 | +#define quad_cksum des_quad_cksum | |
563 | + | |
564 | +/* For compatibility with the MIT lib - eay 20/05/92 */ | |
565 | +typedef des_key_schedule bit_64; | |
566 | +#define des_fixup_key_parity des_set_odd_parity | |
567 | +#define des_check_key_parity check_parity | |
568 | + | |
569 | +extern int des_check_key; /* defaults to false */ | |
570 | +extern int des_rw_mode; /* defaults to DES_PCBC_MODE */ | |
571 | + | |
572 | +/* The next line is used to disable full ANSI prototypes, if your | |
573 | + * compiler has problems with the prototypes, make sure this line always | |
574 | + * evaluates to true :-) */ | |
575 | +#if defined(MSDOS) || defined(__STDC__) | |
576 | +#undef NOPROTO | |
577 | +#endif | |
578 | +#ifndef NOPROTO | |
579 | +char *des_options(void); | |
580 | +void des_ecb3_encrypt(des_cblock *input,des_cblock *output, | |
581 | + des_key_schedule ks1,des_key_schedule ks2, | |
582 | + des_key_schedule ks3, int enc); | |
583 | +DES_LONG des_cbc_cksum(des_cblock *input,des_cblock *output, | |
584 | + long length,des_key_schedule schedule,des_cblock *ivec); | |
585 | +void des_cbc_encrypt(des_cblock *input,des_cblock *output,long length, | |
586 | + des_key_schedule schedule,des_cblock *ivec,int enc); | |
587 | +void des_ncbc_encrypt(des_cblock *input,des_cblock *output,long length, | |
588 | + des_key_schedule schedule,des_cblock *ivec,int enc); | |
589 | +void des_xcbc_encrypt(des_cblock *input,des_cblock *output,long length, | |
590 | + des_key_schedule schedule,des_cblock *ivec, | |
591 | + des_cblock *inw,des_cblock *outw,int enc); | |
592 | +void des_cfb_encrypt(unsigned char *in,unsigned char *out,int numbits, | |
593 | + long length,des_key_schedule schedule,des_cblock *ivec,int enc); | |
594 | +void des_ecb_encrypt(des_cblock *input,des_cblock *output, | |
595 | + des_key_schedule ks,int enc); | |
596 | +void des_encrypt(DES_LONG *data,des_key_schedule ks, int enc); | |
597 | +void des_encrypt2(DES_LONG *data,des_key_schedule ks, int enc); | |
598 | +void des_encrypt3(DES_LONG *data, des_key_schedule ks1, | |
599 | + des_key_schedule ks2, des_key_schedule ks3); | |
600 | +void des_decrypt3(DES_LONG *data, des_key_schedule ks1, | |
601 | + des_key_schedule ks2, des_key_schedule ks3); | |
602 | +void des_ede3_cbc_encrypt(des_cblock *input, des_cblock *output, | |
603 | + long length, des_key_schedule ks1, des_key_schedule ks2, | |
604 | + des_key_schedule ks3, des_cblock *ivec, int enc); | |
605 | +void des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out, | |
606 | + long length, des_key_schedule ks1, des_key_schedule ks2, | |
607 | + des_key_schedule ks3, des_cblock *ivec, int *num, int enc); | |
608 | +void des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out, | |
609 | + long length, des_key_schedule ks1, des_key_schedule ks2, | |
610 | + des_key_schedule ks3, des_cblock *ivec, int *num); | |
611 | + | |
612 | +void des_xwhite_in2out(des_cblock (*des_key), des_cblock (*in_white), | |
613 | + des_cblock (*out_white)); | |
614 | + | |
615 | +int des_enc_read(int fd,char *buf,int len,des_key_schedule sched, | |
616 | + des_cblock *iv); | |
617 | +int des_enc_write(int fd,char *buf,int len,des_key_schedule sched, | |
618 | + des_cblock *iv); | |
619 | +char *des_fcrypt(const char *buf,const char *salt, char *ret); | |
620 | +#ifdef PERL5 | |
621 | +char *des_crypt(const char *buf,const char *salt); | |
622 | +#else | |
623 | +/* some stupid compilers complain because I have declared char instead | |
624 | + * of const char */ | |
625 | +#ifndef __KERNEL__ | |
626 | +#ifdef HEADER_DES_LOCL_H | |
627 | +char *crypt(const char *buf,const char *salt); | |
628 | +#else /* HEADER_DES_LOCL_H */ | |
629 | +char *crypt(void); | |
630 | +#endif /* HEADER_DES_LOCL_H */ | |
631 | +#endif /* __KERNEL__ */ | |
632 | +#endif /* PERL5 */ | |
633 | +void des_ofb_encrypt(unsigned char *in,unsigned char *out, | |
634 | + int numbits,long length,des_key_schedule schedule,des_cblock *ivec); | |
635 | +void des_pcbc_encrypt(des_cblock *input,des_cblock *output,long length, | |
636 | + des_key_schedule schedule,des_cblock *ivec,int enc); | |
637 | +DES_LONG des_quad_cksum(des_cblock *input,des_cblock *output, | |
638 | + long length,int out_count,des_cblock *seed); | |
639 | +void des_random_seed(des_cblock key); | |
640 | +void des_random_key(des_cblock ret); | |
641 | +int des_read_password(des_cblock *key,char *prompt,int verify); | |
642 | +int des_read_2passwords(des_cblock *key1,des_cblock *key2, | |
643 | + char *prompt,int verify); | |
644 | +int des_read_pw_string(char *buf,int length,char *prompt,int verify); | |
645 | +void des_set_odd_parity(des_cblock *key); | |
646 | +int des_is_weak_key(des_cblock *key); | |
647 | +int des_set_key(des_cblock *key,des_key_schedule schedule); | |
648 | +int des_key_sched(des_cblock *key,des_key_schedule schedule); | |
649 | +void des_string_to_key(char *str,des_cblock *key); | |
650 | +void des_string_to_2keys(char *str,des_cblock *key1,des_cblock *key2); | |
651 | +void des_cfb64_encrypt(unsigned char *in, unsigned char *out, long length, | |
652 | + des_key_schedule schedule, des_cblock *ivec, int *num, int enc); | |
653 | +void des_ofb64_encrypt(unsigned char *in, unsigned char *out, long length, | |
654 | + des_key_schedule schedule, des_cblock *ivec, int *num); | |
655 | +int des_read_pw(char *buf, char *buff, int size, char *prompt, int verify); | |
656 | + | |
657 | +/* Extra functions from Mark Murray <mark@grondar.za> */ | |
658 | +/* The following functions are not in the normal unix build or the | |
659 | + * SSLeay build. When using the SSLeay build, use RAND_seed() | |
660 | + * and RAND_bytes() instead. */ | |
661 | +int des_new_random_key(des_cblock *key); | |
662 | +void des_init_random_number_generator(des_cblock *key); | |
663 | +void des_set_random_generator_seed(des_cblock *key); | |
664 | +void des_set_sequence_number(des_cblock new_sequence_number); | |
665 | +void des_generate_random_block(des_cblock *block); | |
666 | + | |
667 | +#else | |
668 | + | |
669 | +char *des_options(); | |
670 | +void des_ecb3_encrypt(); | |
671 | +DES_LONG des_cbc_cksum(); | |
672 | +void des_cbc_encrypt(); | |
673 | +void des_ncbc_encrypt(); | |
674 | +void des_xcbc_encrypt(); | |
675 | +void des_cfb_encrypt(); | |
676 | +void des_ede3_cfb64_encrypt(); | |
677 | +void des_ede3_ofb64_encrypt(); | |
678 | +void des_ecb_encrypt(); | |
679 | +void des_encrypt(); | |
680 | +void des_encrypt2(); | |
681 | +void des_encrypt3(); | |
682 | +void des_decrypt3(); | |
683 | +void des_ede3_cbc_encrypt(); | |
684 | +int des_enc_read(); | |
685 | +int des_enc_write(); | |
686 | +char *des_fcrypt(); | |
687 | +#ifdef PERL5 | |
688 | +char *des_crypt(); | |
689 | +#else | |
690 | +char *crypt(); | |
691 | +#endif | |
692 | +void des_ofb_encrypt(); | |
693 | +void des_pcbc_encrypt(); | |
694 | +DES_LONG des_quad_cksum(); | |
695 | +void des_random_seed(); | |
696 | +void des_random_key(); | |
697 | +int des_read_password(); | |
698 | +int des_read_2passwords(); | |
699 | +int des_read_pw_string(); | |
700 | +void des_set_odd_parity(); | |
701 | +int des_is_weak_key(); | |
702 | +int des_set_key(); | |
703 | +int des_key_sched(); | |
704 | +void des_string_to_key(); | |
705 | +void des_string_to_2keys(); | |
706 | +void des_cfb64_encrypt(); | |
707 | +void des_ofb64_encrypt(); | |
708 | +int des_read_pw(); | |
709 | +void des_xwhite_in2out(); | |
710 | + | |
711 | +/* Extra functions from Mark Murray <mark@grondar.za> */ | |
712 | +/* The following functions are not in the normal unix build or the | |
713 | + * SSLeay build. When using the SSLeay build, use RAND_seed() | |
714 | + * and RAND_bytes() instead. */ | |
715 | +#ifdef FreeBSD | |
716 | +int des_new_random_key(); | |
717 | +void des_init_random_number_generator(); | |
718 | +void des_set_random_generator_seed(); | |
719 | +void des_set_sequence_number(); | |
720 | +void des_generate_random_block(); | |
721 | +#endif | |
722 | + | |
723 | +#endif | |
724 | + | |
725 | +#ifdef __cplusplus | |
726 | +} | |
727 | +#endif | |
728 | + | |
729 | +#endif | |
730 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
731 | +++ linux/include/des/des_locl.h Mon Feb 9 13:51:03 2004 | |
732 | @@ -0,0 +1,515 @@ | |
733 | +/* crypto/des/des_locl.org */ | |
734 | +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) | |
735 | + * All rights reserved. | |
736 | + * | |
737 | + * This package is an SSL implementation written | |
738 | + * by Eric Young (eay@cryptsoft.com). | |
739 | + * The implementation was written so as to conform with Netscapes SSL. | |
740 | + * | |
741 | + * This library is free for commercial and non-commercial use as long as | |
742 | + * the following conditions are aheared to. The following conditions | |
743 | + * apply to all code found in this distribution, be it the RC4, RSA, | |
744 | + * lhash, DES, etc., code; not just the SSL code. The SSL documentation | |
745 | + * included with this distribution is covered by the same copyright terms | |
746 | + * except that the holder is Tim Hudson (tjh@cryptsoft.com). | |
747 | + * | |
748 | + * Copyright remains Eric Young's, and as such any Copyright notices in | |
749 | + * the code are not to be removed. | |
750 | + * If this package is used in a product, Eric Young should be given attribution | |
751 | + * as the author of the parts of the library used. | |
752 | + * This can be in the form of a textual message at program startup or | |
753 | + * in documentation (online or textual) provided with the package. | |
754 | + * | |
755 | + * Redistribution and use in source and binary forms, with or without | |
756 | + * modification, are permitted provided that the following conditions | |
757 | + * are met: | |
758 | + * 1. Redistributions of source code must retain the copyright | |
759 | + * notice, this list of conditions and the following disclaimer. | |
760 | + * 2. Redistributions in binary form must reproduce the above copyright | |
761 | + * notice, this list of conditions and the following disclaimer in the | |
762 | + * documentation and/or other materials provided with the distribution. | |
763 | + * 3. All advertising materials mentioning features or use of this software | |
764 | + * must display the following acknowledgement: | |
765 | + * "This product includes cryptographic software written by | |
766 | + * Eric Young (eay@cryptsoft.com)" | |
767 | + * The word 'cryptographic' can be left out if the rouines from the library | |
768 | + * being used are not cryptographic related :-). | |
769 | + * 4. If you include any Windows specific code (or a derivative thereof) from | |
770 | + * the apps directory (application code) you must include an acknowledgement: | |
771 | + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | |
772 | + * | |
773 | + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | |
774 | + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
775 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
776 | + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |
777 | + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
778 | + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
779 | + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
780 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
781 | + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
782 | + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
783 | + * SUCH DAMAGE. | |
784 | + * | |
785 | + * The licence and distribution terms for any publically available version or | |
786 | + * derivative of this code cannot be changed. i.e. this code cannot simply be | |
787 | + * copied and put under another distribution licence | |
788 | + * [including the GNU Public Licence.] | |
789 | + */ | |
790 | + | |
791 | +/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING | |
792 | + * | |
793 | + * Always modify des_locl.org since des_locl.h is automatically generated from | |
794 | + * it during SSLeay configuration. | |
795 | + * | |
796 | + * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING | |
797 | + */ | |
798 | + | |
799 | +#ifndef HEADER_DES_LOCL_H | |
800 | +#define HEADER_DES_LOCL_H | |
801 | + | |
802 | +#if defined(WIN32) || defined(WIN16) | |
803 | +#ifndef MSDOS | |
804 | +#define MSDOS | |
805 | +#endif | |
806 | +#endif | |
807 | + | |
808 | +#include "crypto/des.h" | |
809 | + | |
810 | +#ifndef DES_DEFAULT_OPTIONS | |
811 | +/* the following is tweaked from a config script, that is why it is a | |
812 | + * protected undef/define */ | |
813 | +#ifndef DES_PTR | |
814 | +#define DES_PTR | |
815 | +#endif | |
816 | + | |
817 | +/* This helps C compiler generate the correct code for multiple functional | |
818 | + * units. It reduces register dependancies at the expense of 2 more | |
819 | + * registers */ | |
820 | +#ifndef DES_RISC1 | |
821 | +#define DES_RISC1 | |
822 | +#endif | |
823 | + | |
824 | +#ifndef DES_RISC2 | |
825 | +#undef DES_RISC2 | |
826 | +#endif | |
827 | + | |
828 | +#if defined(DES_RISC1) && defined(DES_RISC2) | |
829 | +YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! | |
830 | +#endif | |
831 | + | |
832 | +/* Unroll the inner loop, this sometimes helps, sometimes hinders. | |
833 | + * Very mucy CPU dependant */ | |
834 | +#ifndef DES_UNROLL | |
835 | +#define DES_UNROLL | |
836 | +#endif | |
837 | + | |
838 | +/* These default values were supplied by | |
839 | + * Peter Gutman <pgut001@cs.auckland.ac.nz> | |
840 | + * They are only used if nothing else has been defined */ | |
841 | +#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL) | |
842 | +/* Special defines which change the way the code is built depending on the | |
843 | + CPU and OS. For SGI machines you can use _MIPS_SZLONG (32 or 64) to find | |
844 | + even newer MIPS CPU's, but at the moment one size fits all for | |
845 | + optimization options. Older Sparc's work better with only UNROLL, but | |
846 | + there's no way to tell at compile time what it is you're running on */ | |
847 | + | |
848 | +#if defined( sun ) /* Newer Sparc's */ | |
849 | + #define DES_PTR | |
850 | + #define DES_RISC1 | |
851 | + #define DES_UNROLL | |
852 | +#elif defined( __ultrix ) /* Older MIPS */ | |
853 | + #define DES_PTR | |
854 | + #define DES_RISC2 | |
855 | + #define DES_UNROLL | |
856 | +#elif defined( __osf1__ ) /* Alpha */ | |
857 | + #define DES_PTR | |
858 | + #define DES_RISC2 | |
859 | +#elif defined ( _AIX ) /* RS6000 */ | |
860 | + /* Unknown */ | |
861 | +#elif defined( __hpux ) /* HP-PA */ | |
862 | + /* Unknown */ | |
863 | +#elif defined( __aux ) /* 68K */ | |
864 | + /* Unknown */ | |
865 | +#elif defined( __dgux ) /* 88K (but P6 in latest boxes) */ | |
866 | + #define DES_UNROLL | |
867 | +#elif defined( __sgi ) /* Newer MIPS */ | |
868 | + #define DES_PTR | |
869 | + #define DES_RISC2 | |
870 | + #define DES_UNROLL | |
871 | +#elif defined( i386 ) /* x86 boxes, should be gcc */ | |
872 | + #define DES_PTR | |
873 | + #define DES_RISC1 | |
874 | + #define DES_UNROLL | |
875 | +#endif /* Systems-specific speed defines */ | |
876 | +#endif | |
877 | + | |
878 | +#endif /* DES_DEFAULT_OPTIONS */ | |
879 | + | |
880 | +#ifdef MSDOS /* Visual C++ 2.1 (Windows NT/95) */ | |
881 | +#include <stdlib.h> | |
882 | +#include <errno.h> | |
883 | +#include <time.h> | |
884 | +#include <io.h> | |
885 | +#ifndef RAND | |
886 | +#define RAND | |
887 | +#endif | |
888 | +#undef NOPROTO | |
889 | +#endif | |
890 | + | |
891 | +#if defined(__STDC__) || defined(VMS) || defined(M_XENIX) || defined(MSDOS) | |
892 | +#ifndef __KERNEL__ | |
893 | +#include <string.h> | |
894 | +#else | |
895 | +#include <linux/string.h> | |
896 | +#endif | |
897 | +#endif | |
898 | + | |
899 | +#ifndef RAND | |
900 | +#define RAND | |
901 | +#endif | |
902 | + | |
903 | +#ifdef linux | |
904 | +#undef RAND | |
905 | +#endif | |
906 | + | |
907 | +#ifdef MSDOS | |
908 | +#define getpid() 2 | |
909 | +#define RAND | |
910 | +#undef NOPROTO | |
911 | +#endif | |
912 | + | |
913 | +#if defined(NOCONST) | |
914 | +#define const | |
915 | +#endif | |
916 | + | |
917 | +#ifdef __STDC__ | |
918 | +#undef NOPROTO | |
919 | +#endif | |
920 | + | |
921 | +#ifdef RAND | |
922 | +#define srandom(s) srand(s) | |
923 | +#define random rand | |
924 | +#endif | |
925 | + | |
926 | +#define ITERATIONS 16 | |
927 | +#define HALF_ITERATIONS 8 | |
928 | + | |
929 | +/* used in des_read and des_write */ | |
930 | +#define MAXWRITE (1024*16) | |
931 | +#define BSIZE (MAXWRITE+4) | |
932 | + | |
933 | +#define c2l(c,l) (l =((DES_LONG)(*((c)++))) , \ | |
934 | + l|=((DES_LONG)(*((c)++)))<< 8L, \ | |
935 | + l|=((DES_LONG)(*((c)++)))<<16L, \ | |
936 | + l|=((DES_LONG)(*((c)++)))<<24L) | |
937 | + | |
938 | +/* NOTE - c is not incremented as per c2l */ | |
939 | +#define c2ln(c,l1,l2,n) { \ | |
940 | + c+=n; \ | |
941 | + l1=l2=0; \ | |
942 | + switch (n) { \ | |
943 | + case 8: l2 =((DES_LONG)(*(--(c))))<<24L; \ | |
944 | + case 7: l2|=((DES_LONG)(*(--(c))))<<16L; \ | |
945 | + case 6: l2|=((DES_LONG)(*(--(c))))<< 8L; \ | |
946 | + case 5: l2|=((DES_LONG)(*(--(c)))); \ | |
947 | + case 4: l1 =((DES_LONG)(*(--(c))))<<24L; \ | |
948 | + case 3: l1|=((DES_LONG)(*(--(c))))<<16L; \ | |
949 | + case 2: l1|=((DES_LONG)(*(--(c))))<< 8L; \ | |
950 | + case 1: l1|=((DES_LONG)(*(--(c)))); \ | |
951 | + } \ | |
952 | + } | |
953 | + | |
954 | +#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ | |
955 | + *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ | |
956 | + *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ | |
957 | + *((c)++)=(unsigned char)(((l)>>24L)&0xff)) | |
958 | + | |
959 | +/* replacements for htonl and ntohl since I have no idea what to do | |
960 | + * when faced with machines with 8 byte longs. */ | |
961 | +#define HDRSIZE 4 | |
962 | + | |
963 | +#define n2l(c,l) (l =((DES_LONG)(*((c)++)))<<24L, \ | |
964 | + l|=((DES_LONG)(*((c)++)))<<16L, \ | |
965 | + l|=((DES_LONG)(*((c)++)))<< 8L, \ | |
966 | + l|=((DES_LONG)(*((c)++)))) | |
967 | + | |
968 | +#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \ | |
969 | + *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ | |
970 | + *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ | |
971 | + *((c)++)=(unsigned char)(((l) )&0xff)) | |
972 | + | |
973 | +/* NOTE - c is not incremented as per l2c */ | |
974 | +#define l2cn(l1,l2,c,n) { \ | |
975 | + c+=n; \ | |
976 | + switch (n) { \ | |
977 | + case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \ | |
978 | + case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \ | |
979 | + case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \ | |
980 | + case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \ | |
981 | + case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \ | |
982 | + case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \ | |
983 | + case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \ | |
984 | + case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \ | |
985 | + } \ | |
986 | + } | |
987 | + | |
988 | +#if defined(WIN32) | |
989 | +#define ROTATE(a,n) (_lrotr(a,n)) | |
990 | +#else | |
991 | +#define ROTATE(a,n) (((a)>>(n))+((a)<<(32-(n)))) | |
992 | +#endif | |
993 | + | |
994 | +/* Don't worry about the LOAD_DATA() stuff, that is used by | |
995 | + * fcrypt() to add it's little bit to the front */ | |
996 | + | |
997 | +#ifdef DES_FCRYPT | |
998 | + | |
999 | +#define LOAD_DATA_tmp(R,S,u,t,E0,E1) \ | |
1000 | + { DES_LONG tmp; LOAD_DATA(R,S,u,t,E0,E1,tmp); } | |
1001 | + | |
1002 | +#define LOAD_DATA(R,S,u,t,E0,E1,tmp) \ | |
1003 | + t=R^(R>>16L); \ | |
1004 | + u=t&E0; t&=E1; \ | |
1005 | + tmp=(u<<16); u^=R^s[S ]; u^=tmp; \ | |
1006 | + tmp=(t<<16); t^=R^s[S+1]; t^=tmp | |
1007 | +#else | |
1008 | +#define LOAD_DATA_tmp(a,b,c,d,e,f) LOAD_DATA(a,b,c,d,e,f,g) | |
1009 | +#define LOAD_DATA(R,S,u,t,E0,E1,tmp) \ | |
1010 | + u=R^s[S ]; \ | |
1011 | + t=R^s[S+1] | |
1012 | +#endif | |
1013 | + | |
1014 | +/* The changes to this macro may help or hinder, depending on the | |
1015 | + * compiler and the achitecture. gcc2 always seems to do well :-). | |
1016 | + * Inspired by Dana How <how@isl.stanford.edu> | |
1017 | + * DO NOT use the alternative version on machines with 8 byte longs. | |
1018 | + * It does not seem to work on the Alpha, even when DES_LONG is 4 | |
1019 | + * bytes, probably an issue of accessing non-word aligned objects :-( */ | |
1020 | +#ifdef DES_PTR | |
1021 | + | |
1022 | +/* It recently occured to me that 0^0^0^0^0^0^0 == 0, so there | |
1023 | + * is no reason to not xor all the sub items together. This potentially | |
1024 | + * saves a register since things can be xored directly into L */ | |
1025 | + | |
1026 | +#if defined(DES_RISC1) || defined(DES_RISC2) | |
1027 | +#ifdef DES_RISC1 | |
1028 | +#define D_ENCRYPT(LL,R,S) { \ | |
1029 | + unsigned int u1,u2,u3; \ | |
1030 | + LOAD_DATA(R,S,u,t,E0,E1,u1); \ | |
1031 | + u2=(int)u>>8L; \ | |
1032 | + u1=(int)u&0xfc; \ | |
1033 | + u2&=0xfc; \ | |
1034 | + t=ROTATE(t,4); \ | |
1035 | + u>>=16L; \ | |
1036 | + LL^= *(DES_LONG *)((unsigned char *)des_SP +u1); \ | |
1037 | + LL^= *(DES_LONG *)((unsigned char *)des_SP+0x200+u2); \ | |
1038 | + u3=(int)(u>>8L); \ | |
1039 | + u1=(int)u&0xfc; \ | |
1040 | + u3&=0xfc; \ | |
1041 | + LL^= *(DES_LONG *)((unsigned char *)des_SP+0x400+u1); \ | |
1042 | + LL^= *(DES_LONG *)((unsigned char *)des_SP+0x600+u3); \ | |
1043 | + u2=(int)t>>8L; \ | |
1044 | + u1=(int)t&0xfc; \ | |
1045 | + u2&=0xfc; \ | |
1046 | + t>>=16L; \ | |
1047 | + LL^= *(DES_LONG *)((unsigned char *)des_SP+0x100+u1); \ | |
1048 | + LL^= *(DES_LONG *)((unsigned char *)des_SP+0x300+u2); \ | |
1049 | + u3=(int)t>>8L; \ | |
1050 | + u1=(int)t&0xfc; \ | |
1051 | + u3&=0xfc; \ | |
1052 | + LL^= *(DES_LONG *)((unsigned char *)des_SP+0x500+u1); \ | |
1053 | + LL^= *(DES_LONG *)((unsigned char *)des_SP+0x700+u3); } | |
1054 | +#endif | |
1055 | +#ifdef DES_RISC2 | |
1056 | +#define D_ENCRYPT(LL,R,S) { \ | |
1057 | + unsigned int u1,u2,s1,s2; \ | |
1058 | + LOAD_DATA(R,S,u,t,E0,E1,u1); \ | |
1059 | + u2=(int)u>>8L; \ | |
1060 | + u1=(int)u&0xfc; \ | |
1061 | + u2&=0xfc; \ | |
1062 | + t=ROTATE(t,4); \ | |
1063 | + LL^= *(DES_LONG *)((unsigned char *)des_SP +u1); \ | |
1064 | + LL^= *(DES_LONG *)((unsigned char *)des_SP+0x200+u2); \ | |
1065 | + s1=(int)(u>>16L); \ | |
1066 | + s2=(int)(u>>24L); \ | |
1067 | + s1&=0xfc; \ | |
1068 | + s2&=0xfc; \ | |
1069 | + LL^= *(DES_LONG *)((unsigned char *)des_SP+0x400+s1); \ | |
1070 | + LL^= *(DES_LONG *)((unsigned char *)des_SP+0x600+s2); \ | |
1071 | + u2=(int)t>>8L; \ | |
1072 | + u1=(int)t&0xfc; \ | |
1073 | + u2&=0xfc; \ | |
1074 | + LL^= *(DES_LONG *)((unsigned char *)des_SP+0x100+u1); \ | |
1075 | + LL^= *(DES_LONG *)((unsigned char *)des_SP+0x300+u2); \ | |
1076 | + s1=(int)(t>>16L); \ | |
1077 | + s2=(int)(t>>24L); \ | |
1078 | + s1&=0xfc; \ | |
1079 | + s2&=0xfc; \ | |
1080 | + LL^= *(DES_LONG *)((unsigned char *)des_SP+0x500+s1); \ | |
1081 | + LL^= *(DES_LONG *)((unsigned char *)des_SP+0x700+s2); } | |
1082 | +#endif | |
1083 | +#else | |
1084 | +#define D_ENCRYPT(LL,R,S) { \ | |
1085 | + LOAD_DATA_tmp(R,S,u,t,E0,E1); \ | |
1086 | + t=ROTATE(t,4); \ | |
1087 | + LL^= \ | |
1088 | + *(DES_LONG *)((unsigned char *)des_SP +((u )&0xfc))^ \ | |
1089 | + *(DES_LONG *)((unsigned char *)des_SP+0x200+((u>> 8L)&0xfc))^ \ | |
1090 | + *(DES_LONG *)((unsigned char *)des_SP+0x400+((u>>16L)&0xfc))^ \ | |
1091 | + *(DES_LONG *)((unsigned char *)des_SP+0x600+((u>>24L)&0xfc))^ \ | |
1092 | + *(DES_LONG *)((unsigned char *)des_SP+0x100+((t )&0xfc))^ \ | |
1093 | + *(DES_LONG *)((unsigned char *)des_SP+0x300+((t>> 8L)&0xfc))^ \ | |
1094 | + *(DES_LONG *)((unsigned char *)des_SP+0x500+((t>>16L)&0xfc))^ \ | |
1095 | + *(DES_LONG *)((unsigned char *)des_SP+0x700+((t>>24L)&0xfc)); } | |
1096 | +#endif | |
1097 | + | |
1098 | +#else /* original version */ | |
1099 | + | |
1100 | +#if defined(DES_RISC1) || defined(DES_RISC2) | |
1101 | +#ifdef DES_RISC1 | |
1102 | +#define D_ENCRYPT(LL,R,S) {\ | |
1103 | + unsigned int u1,u2,u3; \ | |
1104 | + LOAD_DATA(R,S,u,t,E0,E1,u1); \ | |
1105 | + u>>=2L; \ | |
1106 | + t=ROTATE(t,6); \ | |
1107 | + u2=(int)u>>8L; \ | |
1108 | + u1=(int)u&0x3f; \ | |
1109 | + u2&=0x3f; \ | |
1110 | + u>>=16L; \ | |
1111 | + LL^=des_SPtrans[0][u1]; \ | |
1112 | + LL^=des_SPtrans[2][u2]; \ | |
1113 | + u3=(int)u>>8L; \ | |
1114 | + u1=(int)u&0x3f; \ | |
1115 | + u3&=0x3f; \ | |
1116 | + LL^=des_SPtrans[4][u1]; \ | |
1117 | + LL^=des_SPtrans[6][u3]; \ | |
1118 | + u2=(int)t>>8L; \ | |
1119 | + u1=(int)t&0x3f; \ | |
1120 | + u2&=0x3f; \ | |
1121 | + t>>=16L; \ | |
1122 | + LL^=des_SPtrans[1][u1]; \ | |
1123 | + LL^=des_SPtrans[3][u2]; \ | |
1124 | + u3=(int)t>>8L; \ | |
1125 | + u1=(int)t&0x3f; \ | |
1126 | + u3&=0x3f; \ | |
1127 | + LL^=des_SPtrans[5][u1]; \ | |
1128 | + LL^=des_SPtrans[7][u3]; } | |
1129 | +#endif | |
1130 | +#ifdef DES_RISC2 | |
1131 | +#define D_ENCRYPT(LL,R,S) {\ | |
1132 | + unsigned int u1,u2,s1,s2; \ | |
1133 | + LOAD_DATA(R,S,u,t,E0,E1,u1); \ | |
1134 | + u>>=2L; \ | |
1135 | + t=ROTATE(t,6); \ | |
1136 | + u2=(int)u>>8L; \ | |
1137 | + u1=(int)u&0x3f; \ | |
1138 | + u2&=0x3f; \ | |
1139 | + LL^=des_SPtrans[0][u1]; \ | |
1140 | + LL^=des_SPtrans[2][u2]; \ | |
1141 | + s1=(int)u>>16L; \ | |
1142 | + s2=(int)u>>24L; \ | |
1143 | + s1&=0x3f; \ | |
1144 | + s2&=0x3f; \ | |
1145 | + LL^=des_SPtrans[4][s1]; \ | |
1146 | + LL^=des_SPtrans[6][s2]; \ | |
1147 | + u2=(int)t>>8L; \ | |
1148 | + u1=(int)t&0x3f; \ | |
1149 | + u2&=0x3f; \ | |
1150 | + LL^=des_SPtrans[1][u1]; \ | |
1151 | + LL^=des_SPtrans[3][u2]; \ | |
1152 | + s1=(int)t>>16; \ | |
1153 | + s2=(int)t>>24L; \ | |
1154 | + s1&=0x3f; \ | |
1155 | + s2&=0x3f; \ | |
1156 | + LL^=des_SPtrans[5][s1]; \ | |
1157 | + LL^=des_SPtrans[7][s2]; } | |
1158 | +#endif | |
1159 | + | |
1160 | +#else | |
1161 | + | |
1162 | +#define D_ENCRYPT(LL,R,S) {\ | |
1163 | + LOAD_DATA_tmp(R,S,u,t,E0,E1); \ | |
1164 | + t=ROTATE(t,4); \ | |
1165 | + LL^=\ | |
1166 | + des_SPtrans[0][(u>> 2L)&0x3f]^ \ | |
1167 | + des_SPtrans[2][(u>>10L)&0x3f]^ \ | |
1168 | + des_SPtrans[4][(u>>18L)&0x3f]^ \ | |
1169 | + des_SPtrans[6][(u>>26L)&0x3f]^ \ | |
1170 | + des_SPtrans[1][(t>> 2L)&0x3f]^ \ | |
1171 | + des_SPtrans[3][(t>>10L)&0x3f]^ \ | |
1172 | + des_SPtrans[5][(t>>18L)&0x3f]^ \ | |
1173 | + des_SPtrans[7][(t>>26L)&0x3f]; } | |
1174 | +#endif | |
1175 | +#endif | |
1176 | + | |
1177 | + /* IP and FP | |
1178 | + * The problem is more of a geometric problem that random bit fiddling. | |
1179 | + 0 1 2 3 4 5 6 7 62 54 46 38 30 22 14 6 | |
1180 | + 8 9 10 11 12 13 14 15 60 52 44 36 28 20 12 4 | |
1181 | + 16 17 18 19 20 21 22 23 58 50 42 34 26 18 10 2 | |
1182 | + 24 25 26 27 28 29 30 31 to 56 48 40 32 24 16 8 0 | |
1183 | + | |
1184 | + 32 33 34 35 36 37 38 39 63 55 47 39 31 23 15 7 | |
1185 | + 40 41 42 43 44 45 46 47 61 53 45 37 29 21 13 5 | |
1186 | + 48 49 50 51 52 53 54 55 59 51 43 35 27 19 11 3 | |
1187 | + 56 57 58 59 60 61 62 63 57 49 41 33 25 17 9 1 | |
1188 | + | |
1189 | + The output has been subject to swaps of the form | |
1190 | + 0 1 -> 3 1 but the odd and even bits have been put into | |
1191 | + 2 3 2 0 | |
1192 | + different words. The main trick is to remember that | |
1193 | + t=((l>>size)^r)&(mask); | |
1194 | + r^=t; | |
1195 | + l^=(t<<size); | |
1196 | + can be used to swap and move bits between words. | |
1197 | + | |
1198 | + So l = 0 1 2 3 r = 16 17 18 19 | |
1199 | + 4 5 6 7 20 21 22 23 | |
1200 | + 8 9 10 11 24 25 26 27 | |
1201 | + 12 13 14 15 28 29 30 31 | |
1202 | + becomes (for size == 2 and mask == 0x3333) | |
1203 | + t = 2^16 3^17 -- -- l = 0 1 16 17 r = 2 3 18 19 | |
1204 | + 6^20 7^21 -- -- 4 5 20 21 6 7 22 23 | |
1205 | + 10^24 11^25 -- -- 8 9 24 25 10 11 24 25 | |
1206 | + 14^28 15^29 -- -- 12 13 28 29 14 15 28 29 | |
1207 | + | |
1208 | + Thanks for hints from Richard Outerbridge - he told me IP&FP | |
1209 | + could be done in 15 xor, 10 shifts and 5 ands. | |
1210 | + When I finally started to think of the problem in 2D | |
1211 | + I first got ~42 operations without xors. When I remembered | |
1212 | + how to use xors :-) I got it to its final state. | |
1213 | + */ | |
1214 | +#define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\ | |
1215 | + (b)^=(t),\ | |
1216 | + (a)^=((t)<<(n))) | |
1217 | + | |
1218 | +#define IP(l,r) \ | |
1219 | + { \ | |
1220 | + register DES_LONG tt; \ | |
1221 | + PERM_OP(r,l,tt, 4,0x0f0f0f0fL); \ | |
1222 | + PERM_OP(l,r,tt,16,0x0000ffffL); \ | |
1223 | + PERM_OP(r,l,tt, 2,0x33333333L); \ | |
1224 | + PERM_OP(l,r,tt, 8,0x00ff00ffL); \ | |
1225 | + PERM_OP(r,l,tt, 1,0x55555555L); \ | |
1226 | + } | |
1227 | + | |
1228 | +#define FP(l,r) \ | |
1229 | + { \ | |
1230 | + register DES_LONG tt; \ | |
1231 | + PERM_OP(l,r,tt, 1,0x55555555L); \ | |
1232 | + PERM_OP(r,l,tt, 8,0x00ff00ffL); \ | |
1233 | + PERM_OP(l,r,tt, 2,0x33333333L); \ | |
1234 | + PERM_OP(r,l,tt,16,0x0000ffffL); \ | |
1235 | + PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \ | |
1236 | + } | |
1237 | + | |
1238 | +extern const DES_LONG des_SPtrans[8][64]; | |
1239 | + | |
1240 | +#ifndef NOPROTO | |
1241 | +void fcrypt_body(DES_LONG *out,des_key_schedule ks, | |
1242 | + DES_LONG Eswap0, DES_LONG Eswap1); | |
1243 | +#else | |
1244 | +void fcrypt_body(); | |
1245 | +#endif | |
1246 | + | |
1247 | +#endif | |
1248 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
1249 | +++ linux/include/des/des_ver.h Mon Feb 9 13:51:03 2004 | |
1250 | @@ -0,0 +1,60 @@ | |
1251 | +/* crypto/des/des_ver.h */ | |
1252 | +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) | |
1253 | + * All rights reserved. | |
1254 | + * | |
1255 | + * This package is an SSL implementation written | |
1256 | + * by Eric Young (eay@cryptsoft.com). | |
1257 | + * The implementation was written so as to conform with Netscapes SSL. | |
1258 | + * | |
1259 | + * This library is free for commercial and non-commercial use as long as | |
1260 | + * the following conditions are aheared to. The following conditions | |
1261 | + * apply to all code found in this distribution, be it the RC4, RSA, | |
1262 | + * lhash, DES, etc., code; not just the SSL code. The SSL documentation | |
1263 | + * included with this distribution is covered by the same copyright terms | |
1264 | + * except that the holder is Tim Hudson (tjh@cryptsoft.com). | |
1265 | + * | |
1266 | + * Copyright remains Eric Young's, and as such any Copyright notices in | |
1267 | + * the code are not to be removed. | |
1268 | + * If this package is used in a product, Eric Young should be given attribution | |
1269 | + * as the author of the parts of the library used. | |
1270 | + * This can be in the form of a textual message at program startup or | |
1271 | + * in documentation (online or textual) provided with the package. | |
1272 | + * | |
1273 | + * Redistribution and use in source and binary forms, with or without | |
1274 | + * modification, are permitted provided that the following conditions | |
1275 | + * are met: | |
1276 | + * 1. Redistributions of source code must retain the copyright | |
1277 | + * notice, this list of conditions and the following disclaimer. | |
1278 | + * 2. Redistributions in binary form must reproduce the above copyright | |
1279 | + * notice, this list of conditions and the following disclaimer in the | |
1280 | + * documentation and/or other materials provided with the distribution. | |
1281 | + * 3. All advertising materials mentioning features or use of this software | |
1282 | + * must display the following acknowledgement: | |
1283 | + * "This product includes cryptographic software written by | |
1284 | + * Eric Young (eay@cryptsoft.com)" | |
1285 | + * The word 'cryptographic' can be left out if the rouines from the library | |
1286 | + * being used are not cryptographic related :-). | |
1287 | + * 4. If you include any Windows specific code (or a derivative thereof) from | |
1288 | + * the apps directory (application code) you must include an acknowledgement: | |
1289 | + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | |
1290 | + * | |
1291 | + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | |
1292 | + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
1293 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
1294 | + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |
1295 | + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
1296 | + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
1297 | + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
1298 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
1299 | + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
1300 | + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
1301 | + * SUCH DAMAGE. | |
1302 | + * | |
1303 | + * The licence and distribution terms for any publically available version or | |
1304 | + * derivative of this code cannot be changed. i.e. this code cannot simply be | |
1305 | + * copied and put under another distribution licence | |
1306 | + * [including the GNU Public Licence.] | |
1307 | + */ | |
1308 | + | |
1309 | +extern char *DES_version; /* SSLeay version string */ | |
1310 | +extern char *libdes_version; /* old libdes version string */ | |
1311 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
1312 | +++ linux/include/des/podd.h Mon Feb 9 13:51:03 2004 | |
1313 | @@ -0,0 +1,75 @@ | |
1314 | +/* crypto/des/podd.h */ | |
1315 | +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) | |
1316 | + * All rights reserved. | |
1317 | + * | |
1318 | + * This package is an SSL implementation written | |
1319 | + * by Eric Young (eay@cryptsoft.com). | |
1320 | + * The implementation was written so as to conform with Netscapes SSL. | |
1321 | + * | |
1322 | + * This library is free for commercial and non-commercial use as long as | |
1323 | + * the following conditions are aheared to. The following conditions | |
1324 | + * apply to all code found in this distribution, be it the RC4, RSA, | |
1325 | + * lhash, DES, etc., code; not just the SSL code. The SSL documentation | |
1326 | + * included with this distribution is covered by the same copyright terms | |
1327 | + * except that the holder is Tim Hudson (tjh@cryptsoft.com). | |
1328 | + * | |
1329 | + * Copyright remains Eric Young's, and as such any Copyright notices in | |
1330 | + * the code are not to be removed. | |
1331 | + * If this package is used in a product, Eric Young should be given attribution | |
1332 | + * as the author of the parts of the library used. | |
1333 | + * This can be in the form of a textual message at program startup or | |
1334 | + * in documentation (online or textual) provided with the package. | |
1335 | + * | |
1336 | + * Redistribution and use in source and binary forms, with or without | |
1337 | + * modification, are permitted provided that the following conditions | |
1338 | + * are met: | |
1339 | + * 1. Redistributions of source code must retain the copyright | |
1340 | + * notice, this list of conditions and the following disclaimer. | |
1341 | + * 2. Redistributions in binary form must reproduce the above copyright | |
1342 | + * notice, this list of conditions and the following disclaimer in the | |
1343 | + * documentation and/or other materials provided with the distribution. | |
1344 | + * 3. All advertising materials mentioning features or use of this software | |
1345 | + * must display the following acknowledgement: | |
1346 | + * "This product includes cryptographic software written by | |
1347 | + * Eric Young (eay@cryptsoft.com)" | |
1348 | + * The word 'cryptographic' can be left out if the rouines from the library | |
1349 | + * being used are not cryptographic related :-). | |
1350 | + * 4. If you include any Windows specific code (or a derivative thereof) from | |
1351 | + * the apps directory (application code) you must include an acknowledgement: | |
1352 | + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | |
1353 | + * | |
1354 | + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | |
1355 | + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
1356 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
1357 | + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |
1358 | + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
1359 | + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
1360 | + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
1361 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
1362 | + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
1363 | + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
1364 | + * SUCH DAMAGE. | |
1365 | + * | |
1366 | + * The licence and distribution terms for any publically available version or | |
1367 | + * derivative of this code cannot be changed. i.e. this code cannot simply be | |
1368 | + * copied and put under another distribution licence | |
1369 | + * [including the GNU Public Licence.] | |
1370 | + */ | |
1371 | + | |
1372 | +static const unsigned char odd_parity[256]={ | |
1373 | + 1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, 14, | |
1374 | + 16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31, | |
1375 | + 32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47, | |
1376 | + 49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62, | |
1377 | + 64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79, | |
1378 | + 81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94, | |
1379 | + 97, 97, 98, 98,100,100,103,103,104,104,107,107,109,109,110,110, | |
1380 | +112,112,115,115,117,117,118,118,121,121,122,122,124,124,127,127, | |
1381 | +128,128,131,131,133,133,134,134,137,137,138,138,140,140,143,143, | |
1382 | +145,145,146,146,148,148,151,151,152,152,155,155,157,157,158,158, | |
1383 | +161,161,162,162,164,164,167,167,168,168,171,171,173,173,174,174, | |
1384 | +176,176,179,179,181,181,182,182,185,185,186,186,188,188,191,191, | |
1385 | +193,193,194,194,196,196,199,199,200,200,203,203,205,205,206,206, | |
1386 | +208,208,211,211,213,213,214,214,217,217,218,218,220,220,223,223, | |
1387 | +224,224,227,227,229,229,230,230,233,233,234,234,236,236,239,239, | |
1388 | +241,241,242,242,244,244,247,247,248,248,251,251,253,253,254,254}; | |
1389 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
1390 | +++ linux/include/des/sk.h Mon Feb 9 13:51:03 2004 | |
1391 | @@ -0,0 +1,204 @@ | |
1392 | +/* crypto/des/sk.h */ | |
1393 | +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) | |
1394 | + * All rights reserved. | |
1395 | + * | |
1396 | + * This package is an SSL implementation written | |
1397 | + * by Eric Young (eay@cryptsoft.com). | |
1398 | + * The implementation was written so as to conform with Netscapes SSL. | |
1399 | + * | |
1400 | + * This library is free for commercial and non-commercial use as long as | |
1401 | + * the following conditions are aheared to. The following conditions | |
1402 | + * apply to all code found in this distribution, be it the RC4, RSA, | |
1403 | + * lhash, DES, etc., code; not just the SSL code. The SSL documentation | |
1404 | + * included with this distribution is covered by the same copyright terms | |
1405 | + * except that the holder is Tim Hudson (tjh@cryptsoft.com). | |
1406 | + * | |
1407 | + * Copyright remains Eric Young's, and as such any Copyright notices in | |
1408 | + * the code are not to be removed. | |
1409 | + * If this package is used in a product, Eric Young should be given attribution | |
1410 | + * as the author of the parts of the library used. | |
1411 | + * This can be in the form of a textual message at program startup or | |
1412 | + * in documentation (online or textual) provided with the package. | |
1413 | + * | |
1414 | + * Redistribution and use in source and binary forms, with or without | |
1415 | + * modification, are permitted provided that the following conditions | |
1416 | + * are met: | |
1417 | + * 1. Redistributions of source code must retain the copyright | |
1418 | + * notice, this list of conditions and the following disclaimer. | |
1419 | + * 2. Redistributions in binary form must reproduce the above copyright | |
1420 | + * notice, this list of conditions and the following disclaimer in the | |
1421 | + * documentation and/or other materials provided with the distribution. | |
1422 | + * 3. All advertising materials mentioning features or use of this software | |
1423 | + * must display the following acknowledgement: | |
1424 | + * "This product includes cryptographic software written by | |
1425 | + * Eric Young (eay@cryptsoft.com)" | |
1426 | + * The word 'cryptographic' can be left out if the rouines from the library | |
1427 | + * being used are not cryptographic related :-). | |
1428 | + * 4. If you include any Windows specific code (or a derivative thereof) from | |
1429 | + * the apps directory (application code) you must include an acknowledgement: | |
1430 | + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | |
1431 | + * | |
1432 | + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | |
1433 | + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
1434 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
1435 | + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |
1436 | + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
1437 | + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
1438 | + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
1439 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
1440 | + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
1441 | + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
1442 | + * SUCH DAMAGE. | |
1443 | + * | |
1444 | + * The licence and distribution terms for any publically available version or | |
1445 | + * derivative of this code cannot be changed. i.e. this code cannot simply be | |
1446 | + * copied and put under another distribution licence | |
1447 | + * [including the GNU Public Licence.] | |
1448 | + */ | |
1449 | + | |
1450 | +static const DES_LONG des_skb[8][64]={ | |
1451 | +{ | |
1452 | +/* for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 */ | |
1453 | +0x00000000L,0x00000010L,0x20000000L,0x20000010L, | |
1454 | +0x00010000L,0x00010010L,0x20010000L,0x20010010L, | |
1455 | +0x00000800L,0x00000810L,0x20000800L,0x20000810L, | |
1456 | +0x00010800L,0x00010810L,0x20010800L,0x20010810L, | |
1457 | +0x00000020L,0x00000030L,0x20000020L,0x20000030L, | |
1458 | +0x00010020L,0x00010030L,0x20010020L,0x20010030L, | |
1459 | +0x00000820L,0x00000830L,0x20000820L,0x20000830L, | |
1460 | +0x00010820L,0x00010830L,0x20010820L,0x20010830L, | |
1461 | +0x00080000L,0x00080010L,0x20080000L,0x20080010L, | |
1462 | +0x00090000L,0x00090010L,0x20090000L,0x20090010L, | |
1463 | +0x00080800L,0x00080810L,0x20080800L,0x20080810L, | |
1464 | +0x00090800L,0x00090810L,0x20090800L,0x20090810L, | |
1465 | +0x00080020L,0x00080030L,0x20080020L,0x20080030L, | |
1466 | +0x00090020L,0x00090030L,0x20090020L,0x20090030L, | |
1467 | +0x00080820L,0x00080830L,0x20080820L,0x20080830L, | |
1468 | +0x00090820L,0x00090830L,0x20090820L,0x20090830L, | |
1469 | +},{ | |
1470 | +/* for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 */ | |
1471 | +0x00000000L,0x02000000L,0x00002000L,0x02002000L, | |
1472 | +0x00200000L,0x02200000L,0x00202000L,0x02202000L, | |
1473 | +0x00000004L,0x02000004L,0x00002004L,0x02002004L, | |
1474 | +0x00200004L,0x02200004L,0x00202004L,0x02202004L, | |
1475 | +0x00000400L,0x02000400L,0x00002400L,0x02002400L, | |
1476 | +0x00200400L,0x02200400L,0x00202400L,0x02202400L, | |
1477 | +0x00000404L,0x02000404L,0x00002404L,0x02002404L, | |
1478 | +0x00200404L,0x02200404L,0x00202404L,0x02202404L, | |
1479 | +0x10000000L,0x12000000L,0x10002000L,0x12002000L, | |
1480 | +0x10200000L,0x12200000L,0x10202000L,0x12202000L, | |
1481 | +0x10000004L,0x12000004L,0x10002004L,0x12002004L, | |
1482 | +0x10200004L,0x12200004L,0x10202004L,0x12202004L, | |
1483 | +0x10000400L,0x12000400L,0x10002400L,0x12002400L, | |
1484 | +0x10200400L,0x12200400L,0x10202400L,0x12202400L, | |
1485 | +0x10000404L,0x12000404L,0x10002404L,0x12002404L, | |
1486 | +0x10200404L,0x12200404L,0x10202404L,0x12202404L, | |
1487 | +},{ | |
1488 | +/* for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 */ | |
1489 | +0x00000000L,0x00000001L,0x00040000L,0x00040001L, | |
1490 | +0x01000000L,0x01000001L,0x01040000L,0x01040001L, | |
1491 | +0x00000002L,0x00000003L,0x00040002L,0x00040003L, | |
1492 | +0x01000002L,0x01000003L,0x01040002L,0x01040003L, | |
1493 | +0x00000200L,0x00000201L,0x00040200L,0x00040201L, | |
1494 | +0x01000200L,0x01000201L,0x01040200L,0x01040201L, | |
1495 | +0x00000202L,0x00000203L,0x00040202L,0x00040203L, | |
1496 | +0x01000202L,0x01000203L,0x01040202L,0x01040203L, | |
1497 | +0x08000000L,0x08000001L,0x08040000L,0x08040001L, | |
1498 | +0x09000000L,0x09000001L,0x09040000L,0x09040001L, | |
1499 | +0x08000002L,0x08000003L,0x08040002L,0x08040003L, | |
1500 | +0x09000002L,0x09000003L,0x09040002L,0x09040003L, | |
1501 | +0x08000200L,0x08000201L,0x08040200L,0x08040201L, | |
1502 | +0x09000200L,0x09000201L,0x09040200L,0x09040201L, | |
1503 | +0x08000202L,0x08000203L,0x08040202L,0x08040203L, | |
1504 | +0x09000202L,0x09000203L,0x09040202L,0x09040203L, | |
1505 | +},{ | |
1506 | +/* for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 */ | |
1507 | +0x00000000L,0x00100000L,0x00000100L,0x00100100L, | |
1508 | +0x00000008L,0x00100008L,0x00000108L,0x00100108L, | |
1509 | +0x00001000L,0x00101000L,0x00001100L,0x00101100L, | |
1510 | +0x00001008L,0x00101008L,0x00001108L,0x00101108L, | |
1511 | +0x04000000L,0x04100000L,0x04000100L,0x04100100L, | |
1512 | +0x04000008L,0x04100008L,0x04000108L,0x04100108L, | |
1513 | +0x04001000L,0x04101000L,0x04001100L,0x04101100L, | |
1514 | +0x04001008L,0x04101008L,0x04001108L,0x04101108L, | |
1515 | +0x00020000L,0x00120000L,0x00020100L,0x00120100L, | |
1516 | +0x00020008L,0x00120008L,0x00020108L,0x00120108L, | |
1517 | +0x00021000L,0x00121000L,0x00021100L,0x00121100L, | |
1518 | +0x00021008L,0x00121008L,0x00021108L,0x00121108L, | |
1519 | +0x04020000L,0x04120000L,0x04020100L,0x04120100L, | |
1520 | +0x04020008L,0x04120008L,0x04020108L,0x04120108L, | |
1521 | +0x04021000L,0x04121000L,0x04021100L,0x04121100L, | |
1522 | +0x04021008L,0x04121008L,0x04021108L,0x04121108L, | |
1523 | +},{ | |
1524 | +/* for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 */ | |
1525 | +0x00000000L,0x10000000L,0x00010000L,0x10010000L, | |
1526 | +0x00000004L,0x10000004L,0x00010004L,0x10010004L, | |
1527 | +0x20000000L,0x30000000L,0x20010000L,0x30010000L, | |
1528 | +0x20000004L,0x30000004L,0x20010004L,0x30010004L, | |
1529 | +0x00100000L,0x10100000L,0x00110000L,0x10110000L, | |
1530 | +0x00100004L,0x10100004L,0x00110004L,0x10110004L, | |
1531 | +0x20100000L,0x30100000L,0x20110000L,0x30110000L, | |
1532 | +0x20100004L,0x30100004L,0x20110004L,0x30110004L, | |
1533 | +0x00001000L,0x10001000L,0x00011000L,0x10011000L, | |
1534 | +0x00001004L,0x10001004L,0x00011004L,0x10011004L, | |
1535 | +0x20001000L,0x30001000L,0x20011000L,0x30011000L, | |
1536 | +0x20001004L,0x30001004L,0x20011004L,0x30011004L, | |
1537 | +0x00101000L,0x10101000L,0x00111000L,0x10111000L, | |
1538 | +0x00101004L,0x10101004L,0x00111004L,0x10111004L, | |
1539 | +0x20101000L,0x30101000L,0x20111000L,0x30111000L, | |
1540 | +0x20101004L,0x30101004L,0x20111004L,0x30111004L, | |
1541 | +},{ | |
1542 | +/* for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 */ | |
1543 | +0x00000000L,0x08000000L,0x00000008L,0x08000008L, | |
1544 | +0x00000400L,0x08000400L,0x00000408L,0x08000408L, | |
1545 | +0x00020000L,0x08020000L,0x00020008L,0x08020008L, | |
1546 | +0x00020400L,0x08020400L,0x00020408L,0x08020408L, | |
1547 | +0x00000001L,0x08000001L,0x00000009L,0x08000009L, | |
1548 | +0x00000401L,0x08000401L,0x00000409L,0x08000409L, | |
1549 | +0x00020001L,0x08020001L,0x00020009L,0x08020009L, | |
1550 | +0x00020401L,0x08020401L,0x00020409L,0x08020409L, | |
1551 | +0x02000000L,0x0A000000L,0x02000008L,0x0A000008L, | |
1552 | +0x02000400L,0x0A000400L,0x02000408L,0x0A000408L, | |
1553 | +0x02020000L,0x0A020000L,0x02020008L,0x0A020008L, | |
1554 | +0x02020400L,0x0A020400L,0x02020408L,0x0A020408L, | |
1555 | +0x02000001L,0x0A000001L,0x02000009L,0x0A000009L, | |
1556 | +0x02000401L,0x0A000401L,0x02000409L,0x0A000409L, | |
1557 | +0x02020001L,0x0A020001L,0x02020009L,0x0A020009L, | |
1558 | +0x02020401L,0x0A020401L,0x02020409L,0x0A020409L, | |
1559 | +},{ | |
1560 | +/* for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 */ | |
1561 | +0x00000000L,0x00000100L,0x00080000L,0x00080100L, | |
1562 | +0x01000000L,0x01000100L,0x01080000L,0x01080100L, | |
1563 | +0x00000010L,0x00000110L,0x00080010L,0x00080110L, | |
1564 | +0x01000010L,0x01000110L,0x01080010L,0x01080110L, | |
1565 | +0x00200000L,0x00200100L,0x00280000L,0x00280100L, | |
1566 | +0x01200000L,0x01200100L,0x01280000L,0x01280100L, | |
1567 | +0x00200010L,0x00200110L,0x00280010L,0x00280110L, | |
1568 | +0x01200010L,0x01200110L,0x01280010L,0x01280110L, | |
1569 | +0x00000200L,0x00000300L,0x00080200L,0x00080300L, | |
1570 | +0x01000200L,0x01000300L,0x01080200L,0x01080300L, | |
1571 | +0x00000210L,0x00000310L,0x00080210L,0x00080310L, | |
1572 | +0x01000210L,0x01000310L,0x01080210L,0x01080310L, | |
1573 | +0x00200200L,0x00200300L,0x00280200L,0x00280300L, | |
1574 | +0x01200200L,0x01200300L,0x01280200L,0x01280300L, | |
1575 | +0x00200210L,0x00200310L,0x00280210L,0x00280310L, | |
1576 | +0x01200210L,0x01200310L,0x01280210L,0x01280310L, | |
1577 | +},{ | |
1578 | +/* for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 */ | |
1579 | +0x00000000L,0x04000000L,0x00040000L,0x04040000L, | |
1580 | +0x00000002L,0x04000002L,0x00040002L,0x04040002L, | |
1581 | +0x00002000L,0x04002000L,0x00042000L,0x04042000L, | |
1582 | +0x00002002L,0x04002002L,0x00042002L,0x04042002L, | |
1583 | +0x00000020L,0x04000020L,0x00040020L,0x04040020L, | |
1584 | +0x00000022L,0x04000022L,0x00040022L,0x04040022L, | |
1585 | +0x00002020L,0x04002020L,0x00042020L,0x04042020L, | |
1586 | +0x00002022L,0x04002022L,0x00042022L,0x04042022L, | |
1587 | +0x00000800L,0x04000800L,0x00040800L,0x04040800L, | |
1588 | +0x00000802L,0x04000802L,0x00040802L,0x04040802L, | |
1589 | +0x00002800L,0x04002800L,0x00042800L,0x04042800L, | |
1590 | +0x00002802L,0x04002802L,0x00042802L,0x04042802L, | |
1591 | +0x00000820L,0x04000820L,0x00040820L,0x04040820L, | |
1592 | +0x00000822L,0x04000822L,0x00040822L,0x04040822L, | |
1593 | +0x00002820L,0x04002820L,0x00042820L,0x04042820L, | |
1594 | +0x00002822L,0x04002822L,0x00042822L,0x04042822L, | |
1595 | +}}; | |
1596 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
1597 | +++ linux/include/des/spr.h Mon Feb 9 13:51:03 2004 | |
1598 | @@ -0,0 +1,204 @@ | |
1599 | +/* crypto/des/spr.h */ | |
1600 | +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) | |
1601 | + * All rights reserved. | |
1602 | + * | |
1603 | + * This package is an SSL implementation written | |
1604 | + * by Eric Young (eay@cryptsoft.com). | |
1605 | + * The implementation was written so as to conform with Netscapes SSL. | |
1606 | + * | |
1607 | + * This library is free for commercial and non-commercial use as long as | |
1608 | + * the following conditions are aheared to. The following conditions | |
1609 | + * apply to all code found in this distribution, be it the RC4, RSA, | |
1610 | + * lhash, DES, etc., code; not just the SSL code. The SSL documentation | |
1611 | + * included with this distribution is covered by the same copyright terms | |
1612 | + * except that the holder is Tim Hudson (tjh@cryptsoft.com). | |
1613 | + * | |
1614 | + * Copyright remains Eric Young's, and as such any Copyright notices in | |
1615 | + * the code are not to be removed. | |
1616 | + * If this package is used in a product, Eric Young should be given attribution | |
1617 | + * as the author of the parts of the library used. | |
1618 | + * This can be in the form of a textual message at program startup or | |
1619 | + * in documentation (online or textual) provided with the package. | |
1620 | + * | |
1621 | + * Redistribution and use in source and binary forms, with or without | |
1622 | + * modification, are permitted provided that the following conditions | |
1623 | + * are met: | |
1624 | + * 1. Redistributions of source code must retain the copyright | |
1625 | + * notice, this list of conditions and the following disclaimer. | |
1626 | + * 2. Redistributions in binary form must reproduce the above copyright | |
1627 | + * notice, this list of conditions and the following disclaimer in the | |
1628 | + * documentation and/or other materials provided with the distribution. | |
1629 | + * 3. All advertising materials mentioning features or use of this software | |
1630 | + * must display the following acknowledgement: | |
1631 | + * "This product includes cryptographic software written by | |
1632 | + * Eric Young (eay@cryptsoft.com)" | |
1633 | + * The word 'cryptographic' can be left out if the rouines from the library | |
1634 | + * being used are not cryptographic related :-). | |
1635 | + * 4. If you include any Windows specific code (or a derivative thereof) from | |
1636 | + * the apps directory (application code) you must include an acknowledgement: | |
1637 | + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | |
1638 | + * | |
1639 | + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | |
1640 | + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
1641 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
1642 | + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |
1643 | + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
1644 | + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
1645 | + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
1646 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
1647 | + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
1648 | + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
1649 | + * SUCH DAMAGE. | |
1650 | + * | |
1651 | + * The licence and distribution terms for any publically available version or | |
1652 | + * derivative of this code cannot be changed. i.e. this code cannot simply be | |
1653 | + * copied and put under another distribution licence | |
1654 | + * [including the GNU Public Licence.] | |
1655 | + */ | |
1656 | + | |
1657 | +const DES_LONG des_SPtrans[8][64]={ | |
1658 | +{ | |
1659 | +/* nibble 0 */ | |
1660 | +0x02080800L, 0x00080000L, 0x02000002L, 0x02080802L, | |
1661 | +0x02000000L, 0x00080802L, 0x00080002L, 0x02000002L, | |
1662 | +0x00080802L, 0x02080800L, 0x02080000L, 0x00000802L, | |
1663 | +0x02000802L, 0x02000000L, 0x00000000L, 0x00080002L, | |
1664 | +0x00080000L, 0x00000002L, 0x02000800L, 0x00080800L, | |
1665 | +0x02080802L, 0x02080000L, 0x00000802L, 0x02000800L, | |
1666 | +0x00000002L, 0x00000800L, 0x00080800L, 0x02080002L, | |
1667 | +0x00000800L, 0x02000802L, 0x02080002L, 0x00000000L, | |
1668 | +0x00000000L, 0x02080802L, 0x02000800L, 0x00080002L, | |
1669 | +0x02080800L, 0x00080000L, 0x00000802L, 0x02000800L, | |
1670 | +0x02080002L, 0x00000800L, 0x00080800L, 0x02000002L, | |
1671 | +0x00080802L, 0x00000002L, 0x02000002L, 0x02080000L, | |
1672 | +0x02080802L, 0x00080800L, 0x02080000L, 0x02000802L, | |
1673 | +0x02000000L, 0x00000802L, 0x00080002L, 0x00000000L, | |
1674 | +0x00080000L, 0x02000000L, 0x02000802L, 0x02080800L, | |
1675 | +0x00000002L, 0x02080002L, 0x00000800L, 0x00080802L, | |
1676 | +},{ | |
1677 | +/* nibble 1 */ | |
1678 | +0x40108010L, 0x00000000L, 0x00108000L, 0x40100000L, | |
1679 | +0x40000010L, 0x00008010L, 0x40008000L, 0x00108000L, | |
1680 | +0x00008000L, 0x40100010L, 0x00000010L, 0x40008000L, | |
1681 | +0x00100010L, 0x40108000L, 0x40100000L, 0x00000010L, | |
1682 | +0x00100000L, 0x40008010L, 0x40100010L, 0x00008000L, | |
1683 | +0x00108010L, 0x40000000L, 0x00000000L, 0x00100010L, | |
1684 | +0x40008010L, 0x00108010L, 0x40108000L, 0x40000010L, | |
1685 | +0x40000000L, 0x00100000L, 0x00008010L, 0x40108010L, | |
1686 | +0x00100010L, 0x40108000L, 0x40008000L, 0x00108010L, | |
1687 | +0x40108010L, 0x00100010L, 0x40000010L, 0x00000000L, | |
1688 | +0x40000000L, 0x00008010L, 0x00100000L, 0x40100010L, | |
1689 | +0x00008000L, 0x40000000L, 0x00108010L, 0x40008010L, | |
1690 | +0x40108000L, 0x00008000L, 0x00000000L, 0x40000010L, | |
1691 | +0x00000010L, 0x40108010L, 0x00108000L, 0x40100000L, | |
1692 | +0x40100010L, 0x00100000L, 0x00008010L, 0x40008000L, | |
1693 | +0x40008010L, 0x00000010L, 0x40100000L, 0x00108000L, | |
1694 | +},{ | |
1695 | +/* nibble 2 */ | |
1696 | +0x04000001L, 0x04040100L, 0x00000100L, 0x04000101L, | |
1697 | +0x00040001L, 0x04000000L, 0x04000101L, 0x00040100L, | |
1698 | +0x04000100L, 0x00040000L, 0x04040000L, 0x00000001L, | |
1699 | +0x04040101L, 0x00000101L, 0x00000001L, 0x04040001L, | |
1700 | +0x00000000L, 0x00040001L, 0x04040100L, 0x00000100L, | |
1701 | +0x00000101L, 0x04040101L, 0x00040000L, 0x04000001L, | |
1702 | +0x04040001L, 0x04000100L, 0x00040101L, 0x04040000L, | |
1703 | +0x00040100L, 0x00000000L, 0x04000000L, 0x00040101L, | |
1704 | +0x04040100L, 0x00000100L, 0x00000001L, 0x00040000L, | |
1705 | +0x00000101L, 0x00040001L, 0x04040000L, 0x04000101L, | |
1706 | +0x00000000L, 0x04040100L, 0x00040100L, 0x04040001L, | |
1707 | +0x00040001L, 0x04000000L, 0x04040101L, 0x00000001L, | |
1708 | +0x00040101L, 0x04000001L, 0x04000000L, 0x04040101L, | |
1709 | +0x00040000L, 0x04000100L, 0x04000101L, 0x00040100L, | |
1710 | +0x04000100L, 0x00000000L, 0x04040001L, 0x00000101L, | |
1711 | +0x04000001L, 0x00040101L, 0x00000100L, 0x04040000L, | |
1712 | +},{ | |
1713 | +/* nibble 3 */ | |
1714 | +0x00401008L, 0x10001000L, 0x00000008L, 0x10401008L, | |
1715 | +0x00000000L, 0x10400000L, 0x10001008L, 0x00400008L, | |
1716 | +0x10401000L, 0x10000008L, 0x10000000L, 0x00001008L, | |
1717 | +0x10000008L, 0x00401008L, 0x00400000L, 0x10000000L, | |
1718 | +0x10400008L, 0x00401000L, 0x00001000L, 0x00000008L, | |
1719 | +0x00401000L, 0x10001008L, 0x10400000L, 0x00001000L, | |
1720 | +0x00001008L, 0x00000000L, 0x00400008L, 0x10401000L, | |
1721 | +0x10001000L, 0x10400008L, 0x10401008L, 0x00400000L, | |
1722 | +0x10400008L, 0x00001008L, 0x00400000L, 0x10000008L, | |
1723 | +0x00401000L, 0x10001000L, 0x00000008L, 0x10400000L, | |
1724 | +0x10001008L, 0x00000000L, 0x00001000L, 0x00400008L, | |
1725 | +0x00000000L, 0x10400008L, 0x10401000L, 0x00001000L, | |
1726 | +0x10000000L, 0x10401008L, 0x00401008L, 0x00400000L, | |
1727 | +0x10401008L, 0x00000008L, 0x10001000L, 0x00401008L, | |
1728 | +0x00400008L, 0x00401000L, 0x10400000L, 0x10001008L, | |
1729 | +0x00001008L, 0x10000000L, 0x10000008L, 0x10401000L, | |
1730 | +},{ | |
1731 | +/* nibble 4 */ | |
1732 | +0x08000000L, 0x00010000L, 0x00000400L, 0x08010420L, | |
1733 | +0x08010020L, 0x08000400L, 0x00010420L, 0x08010000L, | |
1734 | +0x00010000L, 0x00000020L, 0x08000020L, 0x00010400L, | |
1735 | +0x08000420L, 0x08010020L, 0x08010400L, 0x00000000L, | |
1736 | +0x00010400L, 0x08000000L, 0x00010020L, 0x00000420L, | |
1737 | +0x08000400L, 0x00010420L, 0x00000000L, 0x08000020L, | |
1738 | +0x00000020L, 0x08000420L, 0x08010420L, 0x00010020L, | |
1739 | +0x08010000L, 0x00000400L, 0x00000420L, 0x08010400L, | |
1740 | +0x08010400L, 0x08000420L, 0x00010020L, 0x08010000L, | |
1741 | +0x00010000L, 0x00000020L, 0x08000020L, 0x08000400L, | |
1742 | +0x08000000L, 0x00010400L, 0x08010420L, 0x00000000L, | |
1743 | +0x00010420L, 0x08000000L, 0x00000400L, 0x00010020L, | |
1744 | +0x08000420L, 0x00000400L, 0x00000000L, 0x08010420L, | |
1745 | +0x08010020L, 0x08010400L, 0x00000420L, 0x00010000L, | |
1746 | +0x00010400L, 0x08010020L, 0x08000400L, 0x00000420L, | |
1747 | +0x00000020L, 0x00010420L, 0x08010000L, 0x08000020L, | |
1748 | +},{ | |
1749 | +/* nibble 5 */ | |
1750 | +0x80000040L, 0x00200040L, 0x00000000L, 0x80202000L, | |
1751 | +0x00200040L, 0x00002000L, 0x80002040L, 0x00200000L, | |
1752 | +0x00002040L, 0x80202040L, 0x00202000L, 0x80000000L, | |
1753 | +0x80002000L, 0x80000040L, 0x80200000L, 0x00202040L, | |
1754 | +0x00200000L, 0x80002040L, 0x80200040L, 0x00000000L, | |
1755 | +0x00002000L, 0x00000040L, 0x80202000L, 0x80200040L, | |
1756 | +0x80202040L, 0x80200000L, 0x80000000L, 0x00002040L, | |
1757 | +0x00000040L, 0x00202000L, 0x00202040L, 0x80002000L, | |
1758 | +0x00002040L, 0x80000000L, 0x80002000L, 0x00202040L, | |
1759 | +0x80202000L, 0x00200040L, 0x00000000L, 0x80002000L, | |
1760 | +0x80000000L, 0x00002000L, 0x80200040L, 0x00200000L, | |
1761 | +0x00200040L, 0x80202040L, 0x00202000L, 0x00000040L, | |
1762 | +0x80202040L, 0x00202000L, 0x00200000L, 0x80002040L, | |
1763 | +0x80000040L, 0x80200000L, 0x00202040L, 0x00000000L, | |
1764 | +0x00002000L, 0x80000040L, 0x80002040L, 0x80202000L, | |
1765 | +0x80200000L, 0x00002040L, 0x00000040L, 0x80200040L, | |
1766 | +},{ | |
1767 | +/* nibble 6 */ | |
1768 | +0x00004000L, 0x00000200L, 0x01000200L, 0x01000004L, | |
1769 | +0x01004204L, 0x00004004L, 0x00004200L, 0x00000000L, | |
1770 | +0x01000000L, 0x01000204L, 0x00000204L, 0x01004000L, | |
1771 | +0x00000004L, 0x01004200L, 0x01004000L, 0x00000204L, | |
1772 | +0x01000204L, 0x00004000L, 0x00004004L, 0x01004204L, | |
1773 | +0x00000000L, 0x01000200L, 0x01000004L, 0x00004200L, | |
1774 | +0x01004004L, 0x00004204L, 0x01004200L, 0x00000004L, | |
1775 | +0x00004204L, 0x01004004L, 0x00000200L, 0x01000000L, | |
1776 | +0x00004204L, 0x01004000L, 0x01004004L, 0x00000204L, | |
1777 | +0x00004000L, 0x00000200L, 0x01000000L, 0x01004004L, | |
1778 | +0x01000204L, 0x00004204L, 0x00004200L, 0x00000000L, | |
1779 | +0x00000200L, 0x01000004L, 0x00000004L, 0x01000200L, | |
1780 | +0x00000000L, 0x01000204L, 0x01000200L, 0x00004200L, | |
1781 | +0x00000204L, 0x00004000L, 0x01004204L, 0x01000000L, | |
1782 | +0x01004200L, 0x00000004L, 0x00004004L, 0x01004204L, | |
1783 | +0x01000004L, 0x01004200L, 0x01004000L, 0x00004004L, | |
1784 | +},{ | |
1785 | +/* nibble 7 */ | |
1786 | +0x20800080L, 0x20820000L, 0x00020080L, 0x00000000L, | |
1787 | +0x20020000L, 0x00800080L, 0x20800000L, 0x20820080L, | |
1788 | +0x00000080L, 0x20000000L, 0x00820000L, 0x00020080L, | |
1789 | +0x00820080L, 0x20020080L, 0x20000080L, 0x20800000L, | |
1790 | +0x00020000L, 0x00820080L, 0x00800080L, 0x20020000L, | |
1791 | +0x20820080L, 0x20000080L, 0x00000000L, 0x00820000L, | |
1792 | +0x20000000L, 0x00800000L, 0x20020080L, 0x20800080L, | |
1793 | +0x00800000L, 0x00020000L, 0x20820000L, 0x00000080L, | |
1794 | +0x00800000L, 0x00020000L, 0x20000080L, 0x20820080L, | |
1795 | +0x00020080L, 0x20000000L, 0x00000000L, 0x00820000L, | |
1796 | +0x20800080L, 0x20020080L, 0x20020000L, 0x00800080L, | |
1797 | +0x20820000L, 0x00000080L, 0x00800080L, 0x20020000L, | |
1798 | +0x20820080L, 0x00800000L, 0x20800000L, 0x20000080L, | |
1799 | +0x00820000L, 0x00020080L, 0x20020080L, 0x20800000L, | |
1800 | +0x00000080L, 0x20820000L, 0x00820080L, 0x00000000L, | |
1801 | +0x20000000L, 0x20800080L, 0x00020000L, 0x00820080L, | |
1802 | +}}; | |
1803 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
1804 | +++ linux/include/mast.h Mon Feb 9 13:51:03 2004 | |
1805 | @@ -0,0 +1,33 @@ | |
1806 | +struct mast_callbacks { | |
1807 | + int (*packet_encap)(struct device *mast, void *context, | |
1808 | + struct sk_buff *skb, int flowref); | |
1809 | + int (*link_inquire)(struct device *mast, void *context); | |
1810 | +}; | |
1811 | + | |
1812 | + | |
1813 | +struct device *mast_init (int family, | |
1814 | + struct mast_callbacks *callbacks, | |
1815 | + unsigned int flags, | |
1816 | + unsigned int desired_unit, | |
1817 | + unsigned int max_flowref, | |
1818 | + void *context); | |
1819 | + | |
1820 | +int mast_destroy(struct device *mast); | |
1821 | + | |
1822 | +int mast_recv(struct device *mast, struct sk_buff *skb, int flowref); | |
1823 | + | |
1824 | +/* free this skb as being useless, increment failure count. */ | |
1825 | +int mast_toast(struct device *mast, struct sk_buff *skb, int flowref); | |
1826 | + | |
1827 | +int mast_linkstat (struct device *mast, int flowref, | |
1828 | + int status); | |
1829 | + | |
1830 | +int mast_setreference (struct device *mast, | |
1831 | + int defaultSA); | |
1832 | + | |
1833 | +int mast_setneighbor (struct device *mast, | |
1834 | + struct sockaddr *source, | |
1835 | + struct sockaddr *destination, | |
1836 | + int flowref); | |
1837 | + | |
1838 | + | |
1839 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
1840 | +++ linux/include/openswan.h Mon Feb 9 13:51:03 2004 | |
1841 | @@ -0,0 +1,518 @@ | |
1842 | +#ifndef _OPENSWAN_H | |
1843 | +/* | |
1844 | + * header file for FreeS/WAN library functions | |
1845 | + * Copyright (C) 1998, 1999, 2000 Henry Spencer. | |
1846 | + * Copyright (C) 1999, 2000, 2001 Richard Guy Briggs | |
1847 | + * | |
1848 | + * This library is free software; you can redistribute it and/or modify it | |
1849 | + * under the terms of the GNU Library General Public License as published by | |
1850 | + * the Free Software Foundation; either version 2 of the License, or (at your | |
1851 | + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. | |
1852 | + * | |
1853 | + * This library is distributed in the hope that it will be useful, but | |
1854 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
1855 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public | |
1856 | + * License for more details. | |
1857 | + * | |
1858 | + * RCSID $Id: openswan.h,v 1.93 2005/04/14 20:21:51 mcr Exp $ | |
1859 | + */ | |
1860 | +#define _OPENSWAN_H /* seen it, no need to see it again */ | |
1861 | + | |
1862 | +/* you'd think this should be builtin to compiler... */ | |
1863 | +#ifndef TRUE | |
1864 | +#define TRUE 1 | |
1865 | +#endif | |
1866 | + | |
1867 | +#ifndef FALSE | |
1868 | +#define FALSE 0 | |
1869 | +#endif | |
1870 | + | |
1871 | + | |
1872 | + | |
1873 | +/* | |
1874 | + * We've just got to have some datatypes defined... And annoyingly, just | |
1875 | + * where we get them depends on whether we're in userland or not. | |
1876 | + */ | |
1877 | +/* things that need to come from one place or the other, depending */ | |
1878 | +#ifdef __KERNEL__ | |
1879 | +#include <linux/types.h> | |
1880 | +#include <linux/socket.h> | |
1881 | +#include <linux/in.h> | |
1882 | +#include <linux/string.h> | |
1883 | +#include <linux/ctype.h> | |
1884 | +#define user_assert(foo) /*nothing*/ | |
1885 | +#else | |
1886 | +#include <sys/types.h> | |
1887 | +#include <netinet/in.h> | |
1888 | +#include <string.h> | |
1889 | +#include <ctype.h> | |
1890 | +#include <assert.h> | |
1891 | +#define user_assert(foo) assert(foo) | |
1892 | +#include <stdio.h> | |
1893 | + | |
1894 | +# define uint8_t u_int8_t | |
1895 | +# define uint16_t u_int16_t | |
1896 | +# define uint32_t u_int32_t | |
1897 | +# define uint64_t u_int64_t | |
1898 | + | |
1899 | + | |
1900 | +# define DEBUG_NO_STATIC static | |
1901 | + | |
1902 | +#endif | |
1903 | + | |
1904 | +#include <openswan/ipsec_param.h> | |
1905 | + | |
1906 | + | |
1907 | +/* | |
1908 | + * Grab the kernel version to see if we have NET_21, and therefore | |
1909 | + * IPv6. Some of this is repeated from ipsec_kversions.h. Of course, | |
1910 | + * we aren't really testing if the kernel has IPv6, but rather if the | |
1911 | + * the include files do. | |
1912 | + */ | |
1913 | +#include <linux/version.h> | |
1914 | +#ifndef KERNEL_VERSION | |
1915 | +#define KERNEL_VERSION(x,y,z) (((x)<<16)+((y)<<8)+(z)) | |
1916 | +#endif | |
1917 | + | |
1918 | +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,1,0) | |
1919 | +#define NET_21 | |
1920 | +#endif | |
1921 | + | |
1922 | +#ifndef IPPROTO_COMP | |
1923 | +# define IPPROTO_COMP 108 | |
1924 | +#endif /* !IPPROTO_COMP */ | |
1925 | + | |
1926 | +#ifndef IPPROTO_INT | |
1927 | +# define IPPROTO_INT 61 | |
1928 | +#endif /* !IPPROTO_INT */ | |
1929 | + | |
1930 | +#ifdef CONFIG_KLIPS_DEBUG | |
1931 | +#ifndef DEBUG_NO_STATIC | |
1932 | +# define DEBUG_NO_STATIC | |
1933 | +#endif | |
1934 | +#else /* CONFIG_KLIPS_DEBUG */ | |
1935 | +#ifndef DEBUG_NO_STATIC | |
1936 | +# define DEBUG_NO_STATIC static | |
1937 | +#endif | |
1938 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
1939 | + | |
1940 | +#if !defined(ESPINUDP_WITH_NON_IKE) | |
1941 | +#define ESPINUDP_WITH_NON_IKE 1 /* draft-ietf-ipsec-nat-t-ike-00/01 */ | |
1942 | +#define ESPINUDP_WITH_NON_ESP 2 /* draft-ietf-ipsec-nat-t-ike-02 */ | |
1943 | +#endif | |
1944 | + | |
1945 | +/* | |
1946 | + * Basic data types for the address-handling functions. | |
1947 | + * ip_address and ip_subnet are supposed to be opaque types; do not | |
1948 | + * use their definitions directly, they are subject to change! | |
1949 | + */ | |
1950 | + | |
1951 | +/* first, some quick fakes in case we're on an old system with no IPv6 */ | |
1952 | +#ifndef s6_addr16 | |
1953 | +struct in6_addr { | |
1954 | + union | |
1955 | + { | |
1956 | + __u8 u6_addr8[16]; | |
1957 | + __u16 u6_addr16[8]; | |
1958 | + __u32 u6_addr32[4]; | |
1959 | + } in6_u; | |
1960 | +#define s6_addr in6_u.u6_addr8 | |
1961 | +#define s6_addr16 in6_u.u6_addr16 | |
1962 | +#define s6_addr32 in6_u.u6_addr32 | |
1963 | +}; | |
1964 | +struct sockaddr_in6 { | |
1965 | + unsigned short int sin6_family; /* AF_INET6 */ | |
1966 | + __u16 sin6_port; /* Transport layer port # */ | |
1967 | + __u32 sin6_flowinfo; /* IPv6 flow information */ | |
1968 | + struct in6_addr sin6_addr; /* IPv6 address */ | |
1969 | + __u32 sin6_scope_id; /* scope id (new in RFC2553) */ | |
1970 | +}; | |
1971 | +#endif /* !s6_addr16 */ | |
1972 | + | |
1973 | +/* then the main types */ | |
1974 | +typedef struct { | |
1975 | + union { | |
1976 | + struct sockaddr_in v4; | |
1977 | + struct sockaddr_in6 v6; | |
1978 | + } u; | |
1979 | +} ip_address; | |
1980 | +typedef struct { | |
1981 | + ip_address addr; | |
1982 | + int maskbits; | |
1983 | +} ip_subnet; | |
1984 | + | |
1985 | +/* and the SA ID stuff */ | |
1986 | +#ifdef __KERNEL__ | |
1987 | +typedef __u32 ipsec_spi_t; | |
1988 | +#else | |
1989 | +typedef u_int32_t ipsec_spi_t; | |
1990 | +#endif | |
1991 | +typedef struct { /* to identify an SA, we need: */ | |
1992 | + ip_address dst; /* A. destination host */ | |
1993 | + ipsec_spi_t spi; /* B. 32-bit SPI, assigned by dest. host */ | |
1994 | +# define SPI_PASS 256 /* magic values... */ | |
1995 | +# define SPI_DROP 257 /* ...for use... */ | |
1996 | +# define SPI_REJECT 258 /* ...with SA_INT */ | |
1997 | +# define SPI_HOLD 259 | |
1998 | +# define SPI_TRAP 260 | |
1999 | +# define SPI_TRAPSUBNET 261 | |
2000 | + int proto; /* C. protocol */ | |
2001 | +# define SA_ESP 50 /* IPPROTO_ESP */ | |
2002 | +# define SA_AH 51 /* IPPROTO_AH */ | |
2003 | +# define SA_IPIP 4 /* IPPROTO_IPIP */ | |
2004 | +# define SA_COMP 108 /* IPPROTO_COMP */ | |
2005 | +# define SA_INT 61 /* IANA reserved for internal use */ | |
2006 | +} ip_said; | |
2007 | + | |
2008 | +/* misc */ | |
2009 | +typedef const char *err_t; /* error message, or NULL for success */ | |
2010 | +struct prng { /* pseudo-random-number-generator guts */ | |
2011 | + unsigned char sbox[256]; | |
2012 | + int i, j; | |
2013 | + unsigned long count; | |
2014 | +}; | |
2015 | + | |
2016 | + | |
2017 | +/* | |
2018 | + * definitions for user space, taken from freeswan/ipsec_sa.h | |
2019 | + */ | |
2020 | +typedef uint32_t IPsecSAref_t; | |
2021 | + | |
2022 | +#define IPSEC_SA_REF_FIELD_WIDTH (8 * sizeof(IPsecSAref_t)) | |
2023 | + | |
2024 | +#define IPsecSAref2NFmark(x) ((x) << (IPSEC_SA_REF_FIELD_WIDTH - IPSEC_SA_REF_TABLE_IDX_WIDTH)) | |
2025 | +#define NFmark2IPsecSAref(x) ((x) >> (IPSEC_SA_REF_FIELD_WIDTH - IPSEC_SA_REF_TABLE_IDX_WIDTH)) | |
2026 | + | |
2027 | +#define IPSEC_SAREF_NULL (~((IPsecSAref_t)0)) | |
2028 | + | |
2029 | +/* GCC magic for use in function definitions! */ | |
2030 | +#ifdef GCC_LINT | |
2031 | +# define PRINTF_LIKE(n) __attribute__ ((format(printf, n, n+1))) | |
2032 | +# define NEVER_RETURNS __attribute__ ((noreturn)) | |
2033 | +# define UNUSED __attribute__ ((unused)) | |
2034 | +# define BLANK_FORMAT " " /* GCC_LINT whines about empty formats */ | |
2035 | +#else | |
2036 | +# define PRINTF_LIKE(n) /* ignore */ | |
2037 | +# define NEVER_RETURNS /* ignore */ | |
2038 | +# define UNUSED /* ignore */ | |
2039 | +# define BLANK_FORMAT "" | |
2040 | +#endif | |
2041 | + | |
2042 | + | |
2043 | + | |
2044 | + | |
2045 | + | |
2046 | +/* | |
2047 | + * new IPv6-compatible functions | |
2048 | + */ | |
2049 | + | |
2050 | +/* text conversions */ | |
2051 | +err_t ttoul(const char *src, size_t srclen, int format, unsigned long *dst); | |
2052 | +size_t ultot(unsigned long src, int format, char *buf, size_t buflen); | |
2053 | +#define ULTOT_BUF (22+1) /* holds 64 bits in octal */ | |
2054 | +err_t ttoaddr(const char *src, size_t srclen, int af, ip_address *dst); | |
2055 | +err_t tnatoaddr(const char *src, size_t srclen, int af, ip_address *dst); | |
2056 | +size_t addrtot(const ip_address *src, int format, char *buf, size_t buflen); | |
2057 | +/* RFC 1886 old IPv6 reverse-lookup format is the bulkiest */ | |
2058 | +#define ADDRTOT_BUF (32*2 + 3 + 1 + 3 + 1 + 1) | |
2059 | +err_t ttosubnet(const char *src, size_t srclen, int af, ip_subnet *dst); | |
2060 | +size_t subnettot(const ip_subnet *src, int format, char *buf, size_t buflen); | |
2061 | +#define SUBNETTOT_BUF (ADDRTOT_BUF + 1 + 3) | |
2062 | +size_t subnetporttot(const ip_subnet *src, int format, char *buf, size_t buflen); | |
2063 | +#define SUBNETPROTOTOT_BUF (SUBNETTOTO_BUF + ULTOT_BUF) | |
2064 | +err_t ttosa(const char *src, size_t srclen, ip_said *dst); | |
2065 | +size_t satot(const ip_said *src, int format, char *bufptr, size_t buflen); | |
2066 | +#define SATOT_BUF (5 + ULTOA_BUF + 1 + ADDRTOT_BUF) | |
2067 | +err_t ttodata(const char *src, size_t srclen, int base, char *buf, | |
2068 | + size_t buflen, size_t *needed); | |
2069 | +err_t ttodatav(const char *src, size_t srclen, int base, | |
2070 | + char *buf, size_t buflen, size_t *needed, | |
2071 | + char *errp, size_t errlen, unsigned int flags); | |
2072 | +#define TTODATAV_BUF 40 /* ttodatav's largest non-literal message */ | |
2073 | +#define TTODATAV_IGNORESPACE (1<<1) /* ignore spaces in base64 encodings*/ | |
2074 | +#define TTODATAV_SPACECOUNTS 0 /* do not ignore spaces in base64 */ | |
2075 | + | |
2076 | +size_t datatot(const char *src, size_t srclen, int format, char *buf, | |
2077 | + size_t buflen); | |
2078 | +size_t keyblobtoid(const unsigned char *src, size_t srclen, char *dst, | |
2079 | + size_t dstlen); | |
2080 | +size_t splitkeytoid(const unsigned char *e, size_t elen, const unsigned char *m, | |
2081 | + size_t mlen, char *dst, size_t dstlen); | |
2082 | +#define KEYID_BUF 10 /* up to 9 text digits plus NUL */ | |
2083 | +err_t ttoprotoport(char *src, size_t src_len, u_int8_t *proto, u_int16_t *port, | |
2084 | + int *has_port_wildcard); | |
2085 | + | |
2086 | +/* initializations */ | |
2087 | +void initsaid(const ip_address *addr, ipsec_spi_t spi, int proto, ip_said *dst); | |
2088 | +err_t loopbackaddr(int af, ip_address *dst); | |
2089 | +err_t unspecaddr(int af, ip_address *dst); | |
2090 | +err_t anyaddr(int af, ip_address *dst); | |
2091 | +err_t initaddr(const unsigned char *src, size_t srclen, int af, ip_address *dst); | |
2092 | +err_t initsubnet(const ip_address *addr, int maskbits, int clash, ip_subnet *dst); | |
2093 | +err_t addrtosubnet(const ip_address *addr, ip_subnet *dst); | |
2094 | + | |
2095 | +/* misc. conversions and related */ | |
2096 | +err_t rangetosubnet(const ip_address *from, const ip_address *to, ip_subnet *dst); | |
2097 | +int addrtypeof(const ip_address *src); | |
2098 | +int subnettypeof(const ip_subnet *src); | |
2099 | +size_t addrlenof(const ip_address *src); | |
2100 | +size_t addrbytesptr(const ip_address *src, const unsigned char **dst); | |
2101 | +size_t addrbytesof(const ip_address *src, unsigned char *dst, size_t dstlen); | |
2102 | +int masktocount(const ip_address *src); | |
2103 | +void networkof(const ip_subnet *src, ip_address *dst); | |
2104 | +void maskof(const ip_subnet *src, ip_address *dst); | |
2105 | + | |
2106 | +/* tests */ | |
2107 | +int sameaddr(const ip_address *a, const ip_address *b); | |
2108 | +int addrcmp(const ip_address *a, const ip_address *b); | |
2109 | +int samesubnet(const ip_subnet *a, const ip_subnet *b); | |
2110 | +int addrinsubnet(const ip_address *a, const ip_subnet *s); | |
2111 | +int subnetinsubnet(const ip_subnet *a, const ip_subnet *b); | |
2112 | +int subnetishost(const ip_subnet *s); | |
2113 | +int samesaid(const ip_said *a, const ip_said *b); | |
2114 | +int sameaddrtype(const ip_address *a, const ip_address *b); | |
2115 | +int samesubnettype(const ip_subnet *a, const ip_subnet *b); | |
2116 | +int isanyaddr(const ip_address *src); | |
2117 | +int isunspecaddr(const ip_address *src); | |
2118 | +int isloopbackaddr(const ip_address *src); | |
2119 | + | |
2120 | +/* low-level grot */ | |
2121 | +int portof(const ip_address *src); | |
2122 | +void setportof(int port, ip_address *dst); | |
2123 | +struct sockaddr *sockaddrof(ip_address *src); | |
2124 | +size_t sockaddrlenof(const ip_address *src); | |
2125 | + | |
2126 | +/* PRNG */ | |
2127 | +void prng_init(struct prng *prng, const unsigned char *key, size_t keylen); | |
2128 | +void prng_bytes(struct prng *prng, unsigned char *dst, size_t dstlen); | |
2129 | +unsigned long prng_count(struct prng *prng); | |
2130 | +void prng_final(struct prng *prng); | |
2131 | + | |
2132 | +/* odds and ends */ | |
2133 | +const char *ipsec_version_code(void); | |
2134 | +const char *ipsec_version_string(void); | |
2135 | +const char **ipsec_copyright_notice(void); | |
2136 | + | |
2137 | +const char *dns_string_rr(int rr, char *buf, int bufsize); | |
2138 | +const char *dns_string_datetime(time_t seconds, | |
2139 | + char *buf, | |
2140 | + int bufsize); | |
2141 | + | |
2142 | + | |
2143 | +/* | |
2144 | + * old functions, to be deleted eventually | |
2145 | + */ | |
2146 | + | |
2147 | +/* unsigned long */ | |
2148 | +const char * /* NULL for success, else string literal */ | |
2149 | +atoul( | |
2150 | + const char *src, | |
2151 | + size_t srclen, /* 0 means strlen(src) */ | |
2152 | + int base, /* 0 means figure it out */ | |
2153 | + unsigned long *resultp | |
2154 | +); | |
2155 | +size_t /* space needed for full conversion */ | |
2156 | +ultoa( | |
2157 | + unsigned long n, | |
2158 | + int base, | |
2159 | + char *dst, | |
2160 | + size_t dstlen | |
2161 | +); | |
2162 | +#define ULTOA_BUF 21 /* just large enough for largest result, */ | |
2163 | + /* assuming 64-bit unsigned long! */ | |
2164 | + | |
2165 | +/* Internet addresses */ | |
2166 | +const char * /* NULL for success, else string literal */ | |
2167 | +atoaddr( | |
2168 | + const char *src, | |
2169 | + size_t srclen, /* 0 means strlen(src) */ | |
2170 | + struct in_addr *addr | |
2171 | +); | |
2172 | +size_t /* space needed for full conversion */ | |
2173 | +addrtoa( | |
2174 | + struct in_addr addr, | |
2175 | + int format, /* character; 0 means default */ | |
2176 | + char *dst, | |
2177 | + size_t dstlen | |
2178 | +); | |
2179 | +#define ADDRTOA_BUF 16 /* just large enough for largest result */ | |
2180 | + | |
2181 | +/* subnets */ | |
2182 | +const char * /* NULL for success, else string literal */ | |
2183 | +atosubnet( | |
2184 | + const char *src, | |
2185 | + size_t srclen, /* 0 means strlen(src) */ | |
2186 | + struct in_addr *addr, | |
2187 | + struct in_addr *mask | |
2188 | +); | |
2189 | +size_t /* space needed for full conversion */ | |
2190 | +subnettoa( | |
2191 | + struct in_addr addr, | |
2192 | + struct in_addr mask, | |
2193 | + int format, /* character; 0 means default */ | |
2194 | + char *dst, | |
2195 | + size_t dstlen | |
2196 | +); | |
2197 | +#define SUBNETTOA_BUF 32 /* large enough for worst case result */ | |
2198 | + | |
2199 | +/* ranges */ | |
2200 | +const char * /* NULL for success, else string literal */ | |
2201 | +atoasr( | |
2202 | + const char *src, | |
2203 | + size_t srclen, /* 0 means strlen(src) */ | |
2204 | + char *type, /* 'a', 's', 'r' */ | |
2205 | + struct in_addr *addrs /* two-element array */ | |
2206 | +); | |
2207 | +size_t /* space needed for full conversion */ | |
2208 | +rangetoa( | |
2209 | + struct in_addr *addrs, /* two-element array */ | |
2210 | + int format, /* character; 0 means default */ | |
2211 | + char *dst, | |
2212 | + size_t dstlen | |
2213 | +); | |
2214 | +#define RANGETOA_BUF 34 /* large enough for worst case result */ | |
2215 | + | |
2216 | +/* data types for SA conversion functions */ | |
2217 | + | |
2218 | +/* generic data, e.g. keys */ | |
2219 | +const char * /* NULL for success, else string literal */ | |
2220 | +atobytes( | |
2221 | + const char *src, | |
2222 | + size_t srclen, /* 0 means strlen(src) */ | |
2223 | + char *dst, | |
2224 | + size_t dstlen, | |
2225 | + size_t *lenp /* NULL means don't bother telling me */ | |
2226 | +); | |
2227 | +size_t /* 0 failure, else true size */ | |
2228 | +bytestoa( | |
2229 | + const char *src, | |
2230 | + size_t srclen, | |
2231 | + int format, /* character; 0 means default */ | |
2232 | + char *dst, | |
2233 | + size_t dstlen | |
2234 | +); | |
2235 | + | |
2236 | +/* old versions of generic-data functions; deprecated */ | |
2237 | +size_t /* 0 failure, else true size */ | |
2238 | +atodata( | |
2239 | + const char *src, | |
2240 | + size_t srclen, /* 0 means strlen(src) */ | |
2241 | + char *dst, | |
2242 | + size_t dstlen | |
2243 | +); | |
2244 | +size_t /* 0 failure, else true size */ | |
2245 | +datatoa( | |
2246 | + const char *src, | |
2247 | + size_t srclen, | |
2248 | + int format, /* character; 0 means default */ | |
2249 | + char *dst, | |
2250 | + size_t dstlen | |
2251 | +); | |
2252 | + | |
2253 | +/* part extraction and special addresses */ | |
2254 | +struct in_addr | |
2255 | +subnetof( | |
2256 | + struct in_addr addr, | |
2257 | + struct in_addr mask | |
2258 | +); | |
2259 | +struct in_addr | |
2260 | +hostof( | |
2261 | + struct in_addr addr, | |
2262 | + struct in_addr mask | |
2263 | +); | |
2264 | +struct in_addr | |
2265 | +broadcastof( | |
2266 | + struct in_addr addr, | |
2267 | + struct in_addr mask | |
2268 | +); | |
2269 | + | |
2270 | +/* mask handling */ | |
2271 | +int | |
2272 | +goodmask( | |
2273 | + struct in_addr mask | |
2274 | +); | |
2275 | +int | |
2276 | +masktobits( | |
2277 | + struct in_addr mask | |
2278 | +); | |
2279 | +struct in_addr | |
2280 | +bitstomask( | |
2281 | + int n | |
2282 | +); | |
2283 | + | |
2284 | + | |
2285 | + | |
2286 | +/* | |
2287 | + * general utilities | |
2288 | + */ | |
2289 | + | |
2290 | +#ifndef __KERNEL__ | |
2291 | +/* option pickup from files (userland only because of use of FILE) */ | |
2292 | +const char *optionsfrom(const char *filename, int *argcp, char ***argvp, | |
2293 | + int optind, FILE *errorreport); | |
2294 | + | |
2295 | +/* sanitize a string */ | |
2296 | +extern size_t sanitize_string(char *buf, size_t size); | |
2297 | + | |
2298 | +#endif | |
2299 | + | |
2300 | + | |
2301 | +/* | |
2302 | + * ENUM of klips debugging values. Not currently used in klips. | |
2303 | + * debug flag is actually 32 -bits, but only one bit is ever used, | |
2304 | + * so we can actually pack it all into a single 32-bit word. | |
2305 | + */ | |
2306 | +enum klips_debug_flags { | |
2307 | + KDF_VERBOSE = 0, | |
2308 | + KDF_XMIT = 1, | |
2309 | + KDF_NETLINK = 2, /* obsolete */ | |
2310 | + KDF_XFORM = 3, | |
2311 | + KDF_EROUTE = 4, | |
2312 | + KDF_SPI = 5, | |
2313 | + KDF_RADIJ = 6, | |
2314 | + KDF_ESP = 7, | |
2315 | + KDF_AH = 8, /* obsolete */ | |
2316 | + KDF_RCV = 9, | |
2317 | + KDF_TUNNEL = 10, | |
2318 | + KDF_PFKEY = 11, | |
2319 | + KDF_COMP = 12 | |
2320 | +}; | |
2321 | + | |
2322 | + | |
2323 | +/* | |
2324 | + * Debugging levels for pfkey_lib_debug | |
2325 | + */ | |
2326 | +#define PF_KEY_DEBUG_PARSE_NONE 0 | |
2327 | +#define PF_KEY_DEBUG_PARSE_PROBLEM 1 | |
2328 | +#define PF_KEY_DEBUG_PARSE_STRUCT 2 | |
2329 | +#define PF_KEY_DEBUG_PARSE_FLOW 4 | |
2330 | +#define PF_KEY_DEBUG_BUILD 8 | |
2331 | +#define PF_KEY_DEBUG_PARSE_MAX 15 | |
2332 | + | |
2333 | +extern unsigned int pfkey_lib_debug; /* bits selecting what to report */ | |
2334 | + | |
2335 | +/* | |
2336 | + * pluto and lwdnsq need to know the maximum size of the commands to, | |
2337 | + * and replies from lwdnsq. | |
2338 | + */ | |
2339 | + | |
2340 | +#define LWDNSQ_CMDBUF_LEN 1024 | |
2341 | +#define LWDNSQ_RESULT_LEN_MAX 4096 | |
2342 | + | |
2343 | + | |
2344 | +/* syntax for passthrough SA */ | |
2345 | +#ifndef PASSTHROUGHNAME | |
2346 | +#define PASSTHROUGHNAME "%passthrough" | |
2347 | +#define PASSTHROUGH4NAME "%passthrough4" | |
2348 | +#define PASSTHROUGH6NAME "%passthrough6" | |
2349 | +#define PASSTHROUGHIS "tun0@0.0.0.0" | |
2350 | +#define PASSTHROUGH4IS "tun0@0.0.0.0" | |
2351 | +#define PASSTHROUGH6IS "tun0@::" | |
2352 | +#define PASSTHROUGHTYPE "tun" | |
2353 | +#define PASSTHROUGHSPI 0 | |
2354 | +#define PASSTHROUGHDST 0 | |
2355 | +#endif | |
2356 | + | |
2357 | + | |
2358 | + | |
2359 | +#endif /* _OPENSWAN_H */ | |
2360 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
2361 | +++ linux/include/openswan/ipcomp.h Mon Feb 9 13:51:03 2004 | |
2362 | @@ -0,0 +1,61 @@ | |
2363 | +/* | |
2364 | + * IPCOMP zlib interface code. | |
2365 | + * Copyright (C) 2000 Svenning Soerensen <svenning@post5.tele.dk> | |
2366 | + * Copyright (C) 2000, 2001 Richard Guy Briggs <rgb@conscoop.ottawa.on.ca> | |
2367 | + * | |
2368 | + * This program is free software; you can redistribute it and/or modify it | |
2369 | + * under the terms of the GNU General Public License as published by the | |
2370 | + * Free Software Foundation; either version 2 of the License, or (at your | |
2371 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
2372 | + * | |
2373 | + * This program is distributed in the hope that it will be useful, but | |
2374 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
2375 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
2376 | + * for more details. | |
2377 | + | |
2378 | + RCSID $Id: ipcomp.h,v 1.14 2004/07/10 19:08:41 mcr Exp $ | |
2379 | + | |
2380 | + */ | |
2381 | + | |
2382 | +/* SSS */ | |
2383 | + | |
2384 | +#ifndef _IPCOMP_H | |
2385 | +#define _IPCOMP_H | |
2386 | + | |
2387 | +/* Prefix all global deflate symbols with "ipcomp_" to avoid collisions with ppp_deflate & ext2comp */ | |
2388 | +#ifndef IPCOMP_PREFIX | |
2389 | +#define IPCOMP_PREFIX | |
2390 | +#endif /* IPCOMP_PREFIX */ | |
2391 | + | |
2392 | +#ifndef IPPROTO_COMP | |
2393 | +#define IPPROTO_COMP 108 | |
2394 | +#endif /* IPPROTO_COMP */ | |
2395 | + | |
2396 | +#ifdef CONFIG_KLIPS_DEBUG | |
2397 | +extern int sysctl_ipsec_debug_ipcomp; | |
2398 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
2399 | + | |
2400 | +struct ipcomphdr { /* IPCOMP header */ | |
2401 | + __u8 ipcomp_nh; /* Next header (protocol) */ | |
2402 | + __u8 ipcomp_flags; /* Reserved, must be 0 */ | |
2403 | + __u16 ipcomp_cpi; /* Compression Parameter Index */ | |
2404 | +}; | |
2405 | + | |
2406 | +extern struct inet_protocol comp_protocol; | |
2407 | +extern int sysctl_ipsec_debug_ipcomp; | |
2408 | + | |
2409 | +#define IPCOMP_UNCOMPRESSABLE 0x000000001 | |
2410 | +#define IPCOMP_COMPRESSIONERROR 0x000000002 | |
2411 | +#define IPCOMP_PARMERROR 0x000000004 | |
2412 | +#define IPCOMP_DECOMPRESSIONERROR 0x000000008 | |
2413 | + | |
2414 | +#define IPCOMP_ADAPT_INITIAL_TRIES 8 | |
2415 | +#define IPCOMP_ADAPT_INITIAL_SKIP 4 | |
2416 | +#define IPCOMP_ADAPT_SUBSEQ_TRIES 2 | |
2417 | +#define IPCOMP_ADAPT_SUBSEQ_SKIP 8 | |
2418 | + | |
2419 | +/* Function prototypes */ | |
2420 | +struct sk_buff *skb_compress(struct sk_buff *skb, struct ipsec_sa *ips, unsigned int *flags); | |
2421 | +struct sk_buff *skb_decompress(struct sk_buff *skb, struct ipsec_sa *ips, unsigned int *flags); | |
2422 | + | |
2423 | +#endif /* _IPCOMP_H */ | |
2424 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
2425 | +++ linux/include/openswan/ipsec_ah.h Mon Feb 9 13:51:03 2004 | |
2426 | @@ -0,0 +1,200 @@ | |
2427 | +/* | |
2428 | + * Authentication Header declarations | |
2429 | + * Copyright (C) 1996, 1997 John Ioannidis. | |
2430 | + * Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs. | |
2431 | + * | |
2432 | + * This program is free software; you can redistribute it and/or modify it | |
2433 | + * under the terms of the GNU General Public License as published by the | |
2434 | + * Free Software Foundation; either version 2 of the License, or (at your | |
2435 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
2436 | + * | |
2437 | + * This program is distributed in the hope that it will be useful, but | |
2438 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
2439 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
2440 | + * for more details. | |
2441 | + * | |
2442 | + * RCSID $Id: ipsec_ah.h,v 1.26 2004/09/13 02:22:10 mcr Exp $ | |
2443 | + */ | |
2444 | + | |
2445 | +#include "ipsec_md5h.h" | |
2446 | +#include "ipsec_sha1.h" | |
2447 | + | |
2448 | +#ifndef IPPROTO_AH | |
2449 | +#define IPPROTO_AH 51 | |
2450 | +#endif /* IPPROTO_AH */ | |
2451 | + | |
2452 | +#include "ipsec_auth.h" | |
2453 | + | |
2454 | +#ifdef __KERNEL__ | |
2455 | + | |
2456 | +extern struct inet_protocol ah_protocol; | |
2457 | + | |
2458 | +struct options; | |
2459 | + | |
2460 | +struct ahhdr /* Generic AH header */ | |
2461 | +{ | |
2462 | + __u8 ah_nh; /* Next header (protocol) */ | |
2463 | + __u8 ah_hl; /* AH length, in 32-bit words */ | |
2464 | + __u16 ah_rv; /* reserved, must be 0 */ | |
2465 | + __u32 ah_spi; /* Security Parameters Index */ | |
2466 | + __u32 ah_rpl; /* Replay prevention */ | |
2467 | + __u8 ah_data[AHHMAC_HASHLEN];/* Authentication hash */ | |
2468 | +}; | |
2469 | +#define AH_BASIC_LEN 8 /* basic AH header is 8 bytes, nh,hl,rv,spi | |
2470 | + * and the ah_hl, says how many bytes after that | |
2471 | + * to cover. */ | |
2472 | + | |
2473 | +extern struct xform_functions ah_xform_funcs[]; | |
2474 | + | |
2475 | +#ifdef CONFIG_KLIPS_DEBUG | |
2476 | +extern int debug_ah; | |
2477 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
2478 | +#endif /* __KERNEL__ */ | |
2479 | + | |
2480 | +/* | |
2481 | + * $Log: ipsec_ah.h,v $ | |
2482 | + * Revision 1.26 2004/09/13 02:22:10 mcr | |
2483 | + * #define inet_protocol if necessary. | |
2484 | + * | |
2485 | + * Revision 1.25 2004/09/06 18:35:41 mcr | |
2486 | + * 2.6.8.1 gets rid of inet_protocol->net_protocol compatibility, | |
2487 | + * so adjust for that. | |
2488 | + * | |
2489 | + * Revision 1.24 2004/07/10 19:08:41 mcr | |
2490 | + * CONFIG_IPSEC -> CONFIG_KLIPS. | |
2491 | + * | |
2492 | + * Revision 1.23 2004/04/05 19:55:04 mcr | |
2493 | + * Moved from linux/include/freeswan/ipsec_ah.h,v | |
2494 | + * | |
2495 | + * Revision 1.22 2004/04/05 19:41:05 mcr | |
2496 | + * merged alg-branch code. | |
2497 | + * | |
2498 | + * Revision 1.21 2003/12/13 19:10:16 mcr | |
2499 | + * refactored rcv and xmit code - same as FS 2.05. | |
2500 | + * | |
2501 | + * Revision 1.22 2003/12/11 20:14:58 mcr | |
2502 | + * refactored the xmit code, to move all encapsulation | |
2503 | + * code into protocol functions. Note that all functions | |
2504 | + * are essentially done by a single function, which is probably | |
2505 | + * wrong. | |
2506 | + * the rcv_functions structures are renamed xform_functions. | |
2507 | + * | |
2508 | + * Revision 1.21 2003/12/06 21:21:19 mcr | |
2509 | + * split up receive path into per-transform files, for | |
2510 | + * easier later removal. | |
2511 | + * | |
2512 | + * Revision 1.20.8.1 2003/12/22 15:25:52 jjo | |
2513 | + * Merged algo-0.8.1-rc11-test1 into alg-branch | |
2514 | + * | |
2515 | + * Revision 1.20 2003/02/06 02:21:34 rgb | |
2516 | + * | |
2517 | + * Moved "struct auth_alg" from ipsec_rcv.c to ipsec_ah.h . | |
2518 | + * Changed "struct ah" to "struct ahhdr" and "struct esp" to "struct esphdr". | |
2519 | + * Removed "#ifdef INBOUND_POLICY_CHECK_eroute" dead code. | |
2520 | + * | |
2521 | + * Revision 1.19 2002/09/16 21:19:13 mcr | |
2522 | + * fixes for west-ah-icmp-01 - length of AH header must be | |
2523 | + * calculated properly, and next_header field properly copied. | |
2524 | + * | |
2525 | + * Revision 1.18 2002/05/14 02:37:02 rgb | |
2526 | + * Change reference from _TDB to _IPSA. | |
2527 | + * | |
2528 | + * Revision 1.17 2002/04/24 07:36:46 mcr | |
2529 | + * Moved from ./klips/net/ipsec/ipsec_ah.h,v | |
2530 | + * | |
2531 | + * Revision 1.16 2002/02/20 01:27:06 rgb | |
2532 | + * Ditched a pile of structs only used by the old Netlink interface. | |
2533 | + * | |
2534 | + * Revision 1.15 2001/12/11 02:35:57 rgb | |
2535 | + * Change "struct net_device" to "struct device" for 2.2 compatibility. | |
2536 | + * | |
2537 | + * Revision 1.14 2001/11/26 09:23:47 rgb | |
2538 | + * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes. | |
2539 | + * | |
2540 | + * Revision 1.13.2.1 2001/09/25 02:18:24 mcr | |
2541 | + * replace "struct device" with "struct netdevice" | |
2542 | + * | |
2543 | + * Revision 1.13 2001/06/14 19:35:08 rgb | |
2544 | + * Update copyright date. | |
2545 | + * | |
2546 | + * Revision 1.12 2000/09/12 03:21:20 rgb | |
2547 | + * Cleared out unused htonq. | |
2548 | + * | |
2549 | + * Revision 1.11 2000/09/08 19:12:55 rgb | |
2550 | + * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG. | |
2551 | + * | |
2552 | + * Revision 1.10 2000/01/21 06:13:10 rgb | |
2553 | + * Tidied up spacing. | |
2554 | + * Added macros for HMAC padding magic numbers.(kravietz) | |
2555 | + * | |
2556 | + * Revision 1.9 1999/12/07 18:16:23 rgb | |
2557 | + * Fixed comments at end of #endif lines. | |
2558 | + * | |
2559 | + * Revision 1.8 1999/04/11 00:28:56 henry | |
2560 | + * GPL boilerplate | |
2561 | + * | |
2562 | + * Revision 1.7 1999/04/06 04:54:25 rgb | |
2563 | + * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes | |
2564 | + * patch shell fixes. | |
2565 | + * | |
2566 | + * Revision 1.6 1999/01/26 02:06:01 rgb | |
2567 | + * Removed CONFIG_IPSEC_ALGO_SWITCH macro. | |
2568 | + * | |
2569 | + * Revision 1.5 1999/01/22 06:17:49 rgb | |
2570 | + * Updated macro comments. | |
2571 | + * Added context types to support algorithm switch code. | |
2572 | + * 64-bit clean-up -- converting 'u long long' to __u64. | |
2573 | + * | |
2574 | + * Revision 1.4 1998/07/14 15:54:56 rgb | |
2575 | + * Add #ifdef __KERNEL__ to protect kernel-only structures. | |
2576 | + * | |
2577 | + * Revision 1.3 1998/06/30 18:05:16 rgb | |
2578 | + * Comment out references to htonq. | |
2579 | + * | |
2580 | + * Revision 1.2 1998/06/25 19:33:46 rgb | |
2581 | + * Add prototype for protocol receive function. | |
2582 | + * Rearrange for more logical layout. | |
2583 | + * | |
2584 | + * Revision 1.1 1998/06/18 21:27:43 henry | |
2585 | + * move sources from klips/src to klips/net/ipsec, to keep stupid | |
2586 | + * kernel-build scripts happier in the presence of symlinks | |
2587 | + * | |
2588 | + * Revision 1.4 1998/05/18 22:28:43 rgb | |
2589 | + * Disable key printing facilities from /proc/net/ipsec_*. | |
2590 | + * | |
2591 | + * Revision 1.3 1998/04/21 21:29:07 rgb | |
2592 | + * Rearrange debug switches to change on the fly debug output from user | |
2593 | + * space. Only kernel changes checked in at this time. radij.c was also | |
2594 | + * changed to temporarily remove buggy debugging code in rj_delete causing | |
2595 | + * an OOPS and hence, netlink device open errors. | |
2596 | + * | |
2597 | + * Revision 1.2 1998/04/12 22:03:17 rgb | |
2598 | + * Updated ESP-3DES-HMAC-MD5-96, | |
2599 | + * ESP-DES-HMAC-MD5-96, | |
2600 | + * AH-HMAC-MD5-96, | |
2601 | + * AH-HMAC-SHA1-96 since Henry started freeswan cvs repository | |
2602 | + * from old standards (RFC182[5-9] to new (as of March 1998) drafts. | |
2603 | + * | |
2604 | + * Fixed eroute references in /proc/net/ipsec*. | |
2605 | + * | |
2606 | + * Started to patch module unloading memory leaks in ipsec_netlink and | |
2607 | + * radij tree unloading. | |
2608 | + * | |
2609 | + * Revision 1.1 1998/04/09 03:05:55 henry | |
2610 | + * sources moved up from linux/net/ipsec | |
2611 | + * | |
2612 | + * Revision 1.1.1.1 1998/04/08 05:35:02 henry | |
2613 | + * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8 | |
2614 | + * | |
2615 | + * Revision 0.4 1997/01/15 01:28:15 ji | |
2616 | + * Added definitions for new AH transforms. | |
2617 | + * | |
2618 | + * Revision 0.3 1996/11/20 14:35:48 ji | |
2619 | + * Minor Cleanup. | |
2620 | + * Rationalized debugging code. | |
2621 | + * | |
2622 | + * Revision 0.2 1996/11/02 00:18:33 ji | |
2623 | + * First limited release. | |
2624 | + * | |
2625 | + * | |
2626 | + */ | |
2627 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
2628 | +++ linux/include/openswan/ipsec_alg.h Mon Feb 9 13:51:03 2004 | |
2629 | @@ -0,0 +1,248 @@ | |
2630 | +/* | |
2631 | + * Modular extensions service and registration functions interface | |
2632 | + * | |
2633 | + * Author: JuanJo Ciarlante <jjo-ipsec@mendoza.gov.ar> | |
2634 | + * | |
2635 | + * ipsec_alg.h,v 1.1.2.1 2003/11/21 18:12:23 jjo Exp | |
2636 | + * | |
2637 | + */ | |
2638 | +/* | |
2639 | + * This program is free software; you can redistribute it and/or modify it | |
2640 | + * under the terms of the GNU General Public License as published by the | |
2641 | + * Free Software Foundation; either version 2 of the License, or (at your | |
2642 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
2643 | + * | |
2644 | + * This program is distributed in the hope that it will be useful, but | |
2645 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
2646 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
2647 | + * for more details. | |
2648 | + * | |
2649 | + */ | |
2650 | +#ifndef IPSEC_ALG_H | |
2651 | +#define IPSEC_ALG_H | |
2652 | + | |
2653 | +/* | |
2654 | + * gcc >= 3.2 has removed __FUNCTION__, replaced by C99 __func__ | |
2655 | + * *BUT* its a compiler variable. | |
2656 | + */ | |
2657 | +#if (__GNUC__ >= 3) | |
2658 | +#ifndef __FUNCTION__ | |
2659 | +#define __FUNCTION__ __func__ | |
2660 | +#endif | |
2661 | +#endif | |
2662 | + | |
2663 | +/* Version 0.8.1-0 */ | |
2664 | +#define IPSEC_ALG_VERSION 0x00080100 | |
2665 | + | |
2666 | +#include <linux/types.h> | |
2667 | +#include <linux/list.h> | |
2668 | +#include <asm/atomic.h> | |
2669 | +#include <pfkey.h> | |
2670 | + | |
2671 | +/* | |
2672 | + * The following structs are used via pointers in ipsec_alg object to | |
2673 | + * avoid ipsec_alg.h coupling with freeswan headers, thus simplifying | |
2674 | + * module development | |
2675 | + */ | |
2676 | +struct ipsec_sa; | |
2677 | +struct esp; | |
2678 | + | |
2679 | +/************************************** | |
2680 | + * | |
2681 | + * Main registration object | |
2682 | + * | |
2683 | + *************************************/ | |
2684 | +#define IPSEC_ALG_VERSION_QUAD(v) \ | |
2685 | + (v>>24),((v>>16)&0xff),((v>>8)&0xff),(v&0xff) | |
2686 | +/* | |
2687 | + * Main ipsec_alg objects: "OOPrograming wannabe" | |
2688 | + * Hierachy (carefully handled with _minimal_ cast'ing): | |
2689 | + * | |
2690 | + * ipsec_alg+ | |
2691 | + * +->ipsec_alg_enc (ixt_alg_type=SADB_EXT_SUPPORTED_ENCRYPT) | |
2692 | + * +->ipsec_alg_auth (ixt_alg_type=SADB_EXT_SUPPORTED_AUTH) | |
2693 | + */ | |
2694 | + | |
2695 | +/*************************************************************** | |
2696 | + * | |
2697 | + * INTERFACE object: struct ipsec_alg | |
2698 | + * | |
2699 | + ***************************************************************/ | |
2700 | + | |
2701 | +#define ixt_alg_type ixt_support.ias_exttype | |
2702 | +#define ixt_alg_id ixt_support.ias_id | |
2703 | + | |
2704 | +#define IPSEC_ALG_ST_SUPP 0x01 | |
2705 | +#define IPSEC_ALG_ST_REGISTERED 0x02 | |
2706 | +#define IPSEC_ALG_ST_EXCL 0x04 | |
2707 | +struct ipsec_alg { | |
2708 | + unsigned ixt_version; /* only allow this version (or 'near')*/ \ | |
2709 | + struct list_head ixt_list; /* dlinked list */ \ | |
2710 | + struct module *ixt_module; /* THIS_MODULE */ \ | |
2711 | + unsigned ixt_state; /* state flags */ \ | |
2712 | + atomic_t ixt_refcnt; /* ref. count when pointed from ipsec_sa */ \ | |
2713 | + char ixt_name[16]; /* descriptive short name, eg. "3des" */ \ | |
2714 | + void *ixt_data; /* private for algo implementation */ \ | |
2715 | + uint8_t ixt_blocksize; /* blocksize in bytes */ \ | |
2716 | + | |
2717 | + struct ipsec_alg_supported ixt_support; | |
2718 | +}; | |
2719 | +/* | |
2720 | + * Note the const in cbc_encrypt IV arg: | |
2721 | + * some ciphers like to toast passed IV (eg. 3DES): make a local IV copy | |
2722 | + */ | |
2723 | +struct ipsec_alg_enc { | |
2724 | + struct ipsec_alg ixt_common; | |
2725 | + unsigned ixt_e_keylen; /* raw key length in bytes */ | |
2726 | + unsigned ixt_e_ctx_size; /* sa_p->key_e_size */ | |
2727 | + int (*ixt_e_set_key)(struct ipsec_alg_enc *alg, __u8 *key_e, const __u8 *key, size_t keysize); | |
2728 | + __u8 *(*ixt_e_new_key)(struct ipsec_alg_enc *alg, const __u8 *key, size_t keysize); | |
2729 | + void (*ixt_e_destroy_key)(struct ipsec_alg_enc *alg, __u8 *key_e); | |
2730 | + int (*ixt_e_cbc_encrypt)(struct ipsec_alg_enc *alg, __u8 *key_e, __u8 *in, int ilen, const __u8 *iv, int encrypt); | |
2731 | +}; | |
2732 | +struct ipsec_alg_auth { | |
2733 | + struct ipsec_alg ixt_common; | |
2734 | + unsigned ixt_a_keylen; /* raw key length in bytes */ | |
2735 | + unsigned ixt_a_ctx_size; /* sa_p->key_a_size */ | |
2736 | + unsigned ixt_a_authlen; /* 'natural' auth. hash len (bytes) */ | |
2737 | + int (*ixt_a_hmac_set_key)(struct ipsec_alg_auth *alg, __u8 *key_a, const __u8 *key, int keylen); | |
2738 | + int (*ixt_a_hmac_hash)(struct ipsec_alg_auth *alg, __u8 *key_a, const __u8 *dat, int len, __u8 *hash, int hashlen); | |
2739 | +}; | |
2740 | +/* | |
2741 | + * These are _copies_ of SADB_EXT_SUPPORTED_{AUTH,ENCRYPT}, | |
2742 | + * to avoid header coupling for true constants | |
2743 | + * about headers ... "cp is your friend" --Linus | |
2744 | + */ | |
2745 | +#define IPSEC_ALG_TYPE_AUTH 14 | |
2746 | +#define IPSEC_ALG_TYPE_ENCRYPT 15 | |
2747 | + | |
2748 | +/*************************************************************** | |
2749 | + * | |
2750 | + * INTERFACE for module loading,testing, and unloading | |
2751 | + * | |
2752 | + ***************************************************************/ | |
2753 | +/* - registration calls */ | |
2754 | +int register_ipsec_alg(struct ipsec_alg *); | |
2755 | +int unregister_ipsec_alg(struct ipsec_alg *); | |
2756 | +/* - optional (simple test) for algos */ | |
2757 | +int ipsec_alg_test(unsigned alg_type, unsigned alg_id, int testparm); | |
2758 | +/* inline wrappers (usefull for type validation */ | |
2759 | +static inline int register_ipsec_alg_enc(struct ipsec_alg_enc *ixt) { | |
2760 | + return register_ipsec_alg((struct ipsec_alg*)ixt); | |
2761 | +} | |
2762 | +static inline int unregister_ipsec_alg_enc(struct ipsec_alg_enc *ixt) { | |
2763 | + return unregister_ipsec_alg((struct ipsec_alg*)ixt); | |
2764 | +} | |
2765 | +static inline int register_ipsec_alg_auth(struct ipsec_alg_auth *ixt) { | |
2766 | + return register_ipsec_alg((struct ipsec_alg*)ixt); | |
2767 | +} | |
2768 | +static inline int unregister_ipsec_alg_auth(struct ipsec_alg_auth *ixt) { | |
2769 | + return unregister_ipsec_alg((struct ipsec_alg*)ixt); | |
2770 | +} | |
2771 | + | |
2772 | +/***************************************************************** | |
2773 | + * | |
2774 | + * INTERFACE for ENC services: key creation, encrypt function | |
2775 | + * | |
2776 | + *****************************************************************/ | |
2777 | + | |
2778 | +#define IPSEC_ALG_ENCRYPT 1 | |
2779 | +#define IPSEC_ALG_DECRYPT 0 | |
2780 | + | |
2781 | +/* encryption key context creation function */ | |
2782 | +int ipsec_alg_enc_key_create(struct ipsec_sa *sa_p); | |
2783 | +/* | |
2784 | + * ipsec_alg_esp_encrypt(): encrypt ilen bytes in idat returns | |
2785 | + * 0 or ERR<0 | |
2786 | + */ | |
2787 | +int ipsec_alg_esp_encrypt(struct ipsec_sa *sa_p, __u8 *idat, int ilen, const __u8 *iv, int action); | |
2788 | + | |
2789 | +/*************************************************************** | |
2790 | + * | |
2791 | + * INTERFACE for AUTH services: key creation, hash functions | |
2792 | + * | |
2793 | + ***************************************************************/ | |
2794 | +int ipsec_alg_auth_key_create(struct ipsec_sa *sa_p); | |
2795 | +int ipsec_alg_sa_esp_hash(const struct ipsec_sa *sa_p, const __u8 *espp, int len, __u8 *hash, int hashlen) ; | |
2796 | +#define ipsec_alg_sa_esp_update(c,k,l) ipsec_alg_sa_esp_hash(c,k,l,NULL,0) | |
2797 | + | |
2798 | +/* only called from ipsec_init.c */ | |
2799 | +int ipsec_alg_init(void); | |
2800 | + | |
2801 | +/* algo module glue for static algos */ | |
2802 | +void ipsec_alg_static_init(void); | |
2803 | +typedef int (*ipsec_alg_init_func_t) (void); | |
2804 | + | |
2805 | +/********************************************** | |
2806 | + * | |
2807 | + * INTERFACE for ipsec_sa init and wipe | |
2808 | + * | |
2809 | + **********************************************/ | |
2810 | + | |
2811 | +/* returns true if ipsec_sa has ipsec_alg obj attached */ | |
2812 | +/* | |
2813 | + * Initializes ipsec_sa's ipsec_alg object, using already loaded | |
2814 | + * proto, authalg, encalg.; links ipsec_alg objects (enc, auth) | |
2815 | + */ | |
2816 | +int ipsec_alg_sa_init(struct ipsec_sa *sa_p); | |
2817 | +/* | |
2818 | + * Destroys ipsec_sa's ipsec_alg object | |
2819 | + * unlinking ipsec_alg objects | |
2820 | + */ | |
2821 | +int ipsec_alg_sa_wipe(struct ipsec_sa *sa_p); | |
2822 | + | |
2823 | +#define IPSEC_ALG_MODULE_INIT_MOD( func_name ) \ | |
2824 | + static int func_name(void); \ | |
2825 | + module_init(func_name); \ | |
2826 | + static int __init func_name(void) | |
2827 | +#define IPSEC_ALG_MODULE_EXIT_MOD( func_name ) \ | |
2828 | + static void func_name(void); \ | |
2829 | + module_exit(func_name); \ | |
2830 | + static void __exit func_name(void) | |
2831 | + | |
2832 | +#define IPSEC_ALG_MODULE_INIT_STATIC( func_name ) \ | |
2833 | + extern int func_name(void); \ | |
2834 | + int func_name(void) | |
2835 | +#define IPSEC_ALG_MODULE_EXIT_STATIC( func_name ) \ | |
2836 | + extern void func_name(void); \ | |
2837 | + void func_name(void) | |
2838 | + | |
2839 | +/********************************************** | |
2840 | + * | |
2841 | + * 2.2 backport for some 2.4 useful module stuff | |
2842 | + * | |
2843 | + **********************************************/ | |
2844 | +#ifdef MODULE | |
2845 | +#ifndef THIS_MODULE | |
2846 | +#define THIS_MODULE (&__this_module) | |
2847 | +#endif | |
2848 | +#ifndef module_init | |
2849 | +typedef int (*__init_module_func_t)(void); | |
2850 | +typedef void (*__cleanup_module_func_t)(void); | |
2851 | + | |
2852 | +#define module_init(x) \ | |
2853 | + int init_module(void) __attribute__((alias(#x))); \ | |
2854 | + static inline __init_module_func_t __init_module_inline(void) \ | |
2855 | + { return x; } | |
2856 | +#define module_exit(x) \ | |
2857 | + void cleanup_module(void) __attribute__((alias(#x))); \ | |
2858 | + static inline __cleanup_module_func_t __cleanup_module_inline(void) \ | |
2859 | + { return x; } | |
2860 | +#endif | |
2861 | +#define IPSEC_ALG_MODULE_INIT( func_name ) IPSEC_ALG_MODULE_INIT_MOD( func_name ) | |
2862 | +#define IPSEC_ALG_MODULE_EXIT( func_name ) IPSEC_ALG_MODULE_EXIT_MOD( func_name ) | |
2863 | + | |
2864 | +#else /* not MODULE */ | |
2865 | +#ifndef THIS_MODULE | |
2866 | +#define THIS_MODULE NULL | |
2867 | +#endif | |
2868 | +/* | |
2869 | + * I only want module_init() magic | |
2870 | + * when algo.c file *is THE MODULE*, in all other | |
2871 | + * cases, initialization is called explicitely from ipsec_alg_init() | |
2872 | + */ | |
2873 | +#define IPSEC_ALG_MODULE_INIT( func_name ) IPSEC_ALG_MODULE_INIT_STATIC(func_name) | |
2874 | +#define IPSEC_ALG_MODULE_EXIT( func_name ) IPSEC_ALG_MODULE_EXIT_STATIC(func_name) | |
2875 | +#endif | |
2876 | + | |
2877 | +#endif /* IPSEC_ALG_H */ | |
2878 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
2879 | +++ linux/include/openswan/ipsec_alg_3des.h Mon Feb 9 13:51:03 2004 | |
2880 | @@ -0,0 +1,12 @@ | |
2881 | +struct TripleDES_context { | |
2882 | + des_key_schedule s1; | |
2883 | + des_key_schedule s2; | |
2884 | + des_key_schedule s3; | |
2885 | +}; | |
2886 | +typedef struct TripleDES_context TripleDES_context; | |
2887 | + | |
2888 | +#define ESP_3DES_KEY_SZ 3*(sizeof(des_cblock)) | |
2889 | +#define ESP_3DES_CBC_BLK_LEN 8 | |
2890 | + | |
2891 | + | |
2892 | + | |
2893 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
2894 | +++ linux/include/openswan/ipsec_auth.h Mon Feb 9 13:51:03 2004 | |
2895 | @@ -0,0 +1,100 @@ | |
2896 | +/* | |
2897 | + * Authentication Header declarations | |
2898 | + * Copyright (C) 2003 Michael Richardson <mcr@sandelman.ottawa.on.ca> | |
2899 | + * | |
2900 | + * This program is free software; you can redistribute it and/or modify it | |
2901 | + * under the terms of the GNU General Public License as published by the | |
2902 | + * Free Software Foundation; either version 2 of the License, or (at your | |
2903 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
2904 | + * | |
2905 | + * This program is distributed in the hope that it will be useful, but | |
2906 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
2907 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
2908 | + * for more details. | |
2909 | + * | |
2910 | + * RCSID $Id: ipsec_auth.h,v 1.3 2004/04/06 02:49:08 mcr Exp $ | |
2911 | + */ | |
2912 | + | |
2913 | +#include "ipsec_md5h.h" | |
2914 | +#include "ipsec_sha1.h" | |
2915 | + | |
2916 | +#ifndef IPSEC_AUTH_H | |
2917 | +#define IPSEC_AUTH_H | |
2918 | + | |
2919 | +#define AH_FLENGTH 12 /* size of fixed part */ | |
2920 | +#define AHMD5_KMAX 64 /* MD5 max 512 bits key */ | |
2921 | +#define AHMD5_AMAX 12 /* MD5 96 bits of authenticator */ | |
2922 | + | |
2923 | +#define AHMD596_KLEN 16 /* MD5 128 bits key */ | |
2924 | +#define AHSHA196_KLEN 20 /* SHA1 160 bits key */ | |
2925 | + | |
2926 | +#define AHMD596_ALEN 16 /* MD5 128 bits authentication length */ | |
2927 | +#define AHSHA196_ALEN 20 /* SHA1 160 bits authentication length */ | |
2928 | + | |
2929 | +#define AHMD596_BLKLEN 64 /* MD5 block length */ | |
2930 | +#define AHSHA196_BLKLEN 64 /* SHA1 block length */ | |
2931 | +#define AHSHA2_256_BLKLEN 64 /* SHA2-256 block length */ | |
2932 | +#define AHSHA2_384_BLKLEN 128 /* SHA2-384 block length (?) */ | |
2933 | +#define AHSHA2_512_BLKLEN 128 /* SHA2-512 block length */ | |
2934 | + | |
2935 | +#define AH_BLKLEN_MAX 128 /* keep up to date! */ | |
2936 | + | |
2937 | + | |
2938 | +#define AH_AMAX AHSHA196_ALEN /* keep up to date! */ | |
2939 | +#define AHHMAC_HASHLEN 12 /* authenticator length of 96bits */ | |
2940 | +#define AHHMAC_RPLLEN 4 /* 32 bit replay counter */ | |
2941 | + | |
2942 | +#define DB_AH_PKTRX 0x0001 | |
2943 | +#define DB_AH_PKTRX2 0x0002 | |
2944 | +#define DB_AH_DMP 0x0004 | |
2945 | +#define DB_AH_IPSA 0x0010 | |
2946 | +#define DB_AH_XF 0x0020 | |
2947 | +#define DB_AH_INAU 0x0040 | |
2948 | +#define DB_AH_REPLAY 0x0100 | |
2949 | + | |
2950 | +#ifdef __KERNEL__ | |
2951 | + | |
2952 | +/* General HMAC algorithm is described in RFC 2104 */ | |
2953 | + | |
2954 | +#define HMAC_IPAD 0x36 | |
2955 | +#define HMAC_OPAD 0x5C | |
2956 | + | |
2957 | +struct md5_ctx { | |
2958 | + MD5_CTX ictx; /* context after H(K XOR ipad) */ | |
2959 | + MD5_CTX octx; /* context after H(K XOR opad) */ | |
2960 | +}; | |
2961 | + | |
2962 | +struct sha1_ctx { | |
2963 | + SHA1_CTX ictx; /* context after H(K XOR ipad) */ | |
2964 | + SHA1_CTX octx; /* context after H(K XOR opad) */ | |
2965 | +}; | |
2966 | + | |
2967 | +struct auth_alg { | |
2968 | + void (*init)(void *ctx); | |
2969 | + void (*update)(void *ctx, unsigned char *bytes, __u32 len); | |
2970 | + void (*final)(unsigned char *hash, void *ctx); | |
2971 | + int hashlen; | |
2972 | +}; | |
2973 | + | |
2974 | +struct options; | |
2975 | + | |
2976 | +#endif /* __KERNEL__ */ | |
2977 | +#endif /* IPSEC_AUTH_H */ | |
2978 | + | |
2979 | +/* | |
2980 | + * $Log: ipsec_auth.h,v $ | |
2981 | + * Revision 1.3 2004/04/06 02:49:08 mcr | |
2982 | + * pullup of algo code from alg-branch. | |
2983 | + * | |
2984 | + * Revision 1.2 2004/04/05 19:55:04 mcr | |
2985 | + * Moved from linux/include/freeswan/ipsec_auth.h,v | |
2986 | + * | |
2987 | + * Revision 1.1 2003/12/13 19:10:16 mcr | |
2988 | + * refactored rcv and xmit code - same as FS 2.05. | |
2989 | + * | |
2990 | + * Revision 1.1 2003/12/06 21:21:19 mcr | |
2991 | + * split up receive path into per-transform files, for | |
2992 | + * easier later removal. | |
2993 | + * | |
2994 | + * | |
2995 | + */ | |
2996 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
2997 | +++ linux/include/openswan/ipsec_encap.h Mon Feb 9 13:51:03 2004 | |
2998 | @@ -0,0 +1,149 @@ | |
2999 | +/* | |
3000 | + * declarations relevant to encapsulation-like operations | |
3001 | + * Copyright (C) 1996, 1997 John Ioannidis. | |
3002 | + * Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs. | |
3003 | + * | |
3004 | + * This program is free software; you can redistribute it and/or modify it | |
3005 | + * under the terms of the GNU General Public License as published by the | |
3006 | + * Free Software Foundation; either version 2 of the License, or (at your | |
3007 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
3008 | + * | |
3009 | + * This program is distributed in the hope that it will be useful, but | |
3010 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
3011 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
3012 | + * for more details. | |
3013 | + * | |
3014 | + * RCSID $Id: ipsec_encap.h,v 1.19 2004/04/05 19:55:04 mcr Exp $ | |
3015 | + */ | |
3016 | + | |
3017 | +#ifndef _IPSEC_ENCAP_H_ | |
3018 | + | |
3019 | +#define SENT_IP4 16 /* data is two struct in_addr + proto + ports*/ | |
3020 | + /* (2 * sizeof(struct in_addr)) */ | |
3021 | + /* sizeof(struct sockaddr_encap) | |
3022 | + - offsetof(struct sockaddr_encap, Sen.Sip4.Src) */ | |
3023 | + | |
3024 | +struct sockaddr_encap | |
3025 | +{ | |
3026 | + __u8 sen_len; /* length */ | |
3027 | + __u8 sen_family; /* AF_ENCAP */ | |
3028 | + __u16 sen_type; /* see SENT_* */ | |
3029 | + union | |
3030 | + { | |
3031 | + struct /* SENT_IP4 */ | |
3032 | + { | |
3033 | + struct in_addr Src; | |
3034 | + struct in_addr Dst; | |
3035 | + __u8 Proto; | |
3036 | + __u16 Sport; | |
3037 | + __u16 Dport; | |
3038 | + } Sip4; | |
3039 | + } Sen; | |
3040 | +}; | |
3041 | + | |
3042 | +#define sen_ip_src Sen.Sip4.Src | |
3043 | +#define sen_ip_dst Sen.Sip4.Dst | |
3044 | +#define sen_proto Sen.Sip4.Proto | |
3045 | +#define sen_sport Sen.Sip4.Sport | |
3046 | +#define sen_dport Sen.Sip4.Dport | |
3047 | + | |
3048 | +#ifndef AF_ENCAP | |
3049 | +#define AF_ENCAP 26 | |
3050 | +#endif /* AF_ENCAP */ | |
3051 | + | |
3052 | +#define _IPSEC_ENCAP_H_ | |
3053 | +#endif /* _IPSEC_ENCAP_H_ */ | |
3054 | + | |
3055 | +/* | |
3056 | + * $Log: ipsec_encap.h,v $ | |
3057 | + * Revision 1.19 2004/04/05 19:55:04 mcr | |
3058 | + * Moved from linux/include/freeswan/ipsec_encap.h,v | |
3059 | + * | |
3060 | + * Revision 1.18 2003/10/31 02:27:05 mcr | |
3061 | + * pulled up port-selector patches and sa_id elimination. | |
3062 | + * | |
3063 | + * Revision 1.17.30.1 2003/09/21 13:59:38 mcr | |
3064 | + * pre-liminary X.509 patch - does not yet pass tests. | |
3065 | + * | |
3066 | + * Revision 1.17 2002/04/24 07:36:46 mcr | |
3067 | + * Moved from ./klips/net/ipsec/ipsec_encap.h,v | |
3068 | + * | |
3069 | + * Revision 1.16 2001/11/26 09:23:47 rgb | |
3070 | + * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes. | |
3071 | + * | |
3072 | + * Revision 1.15.2.1 2001/09/25 02:18:54 mcr | |
3073 | + * struct eroute moved to ipsec_eroute.h | |
3074 | + * | |
3075 | + * Revision 1.15 2001/09/14 16:58:36 rgb | |
3076 | + * Added support for storing the first and last packets through a HOLD. | |
3077 | + * | |
3078 | + * Revision 1.14 2001/09/08 21:13:31 rgb | |
3079 | + * Added pfkey ident extension support for ISAKMPd. (NetCelo) | |
3080 | + * | |
3081 | + * Revision 1.13 2001/06/14 19:35:08 rgb | |
3082 | + * Update copyright date. | |
3083 | + * | |
3084 | + * Revision 1.12 2001/05/27 06:12:10 rgb | |
3085 | + * Added structures for pid, packet count and last access time to eroute. | |
3086 | + * Added packet count to beginning of /proc/net/ipsec_eroute. | |
3087 | + * | |
3088 | + * Revision 1.11 2000/09/08 19:12:56 rgb | |
3089 | + * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG. | |
3090 | + * | |
3091 | + * Revision 1.10 2000/03/22 16:15:36 rgb | |
3092 | + * Fixed renaming of dev_get (MB). | |
3093 | + * | |
3094 | + * Revision 1.9 2000/01/21 06:13:26 rgb | |
3095 | + * Added a macro for AF_ENCAP | |
3096 | + * | |
3097 | + * Revision 1.8 1999/12/31 14:56:55 rgb | |
3098 | + * MB fix for 2.3 dev-use-count. | |
3099 | + * | |
3100 | + * Revision 1.7 1999/11/18 04:09:18 rgb | |
3101 | + * Replaced all kernel version macros to shorter, readable form. | |
3102 | + * | |
3103 | + * Revision 1.6 1999/09/24 00:34:13 rgb | |
3104 | + * Add Marc Boucher's support for 2.3.xx+. | |
3105 | + * | |
3106 | + * Revision 1.5 1999/04/11 00:28:57 henry | |
3107 | + * GPL boilerplate | |
3108 | + * | |
3109 | + * Revision 1.4 1999/04/06 04:54:25 rgb | |
3110 | + * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes | |
3111 | + * patch shell fixes. | |
3112 | + * | |
3113 | + * Revision 1.3 1998/10/19 14:44:28 rgb | |
3114 | + * Added inclusion of freeswan.h. | |
3115 | + * sa_id structure implemented and used: now includes protocol. | |
3116 | + * | |
3117 | + * Revision 1.2 1998/07/14 18:19:33 rgb | |
3118 | + * Added #ifdef __KERNEL__ directives to restrict scope of header. | |
3119 | + * | |
3120 | + * Revision 1.1 1998/06/18 21:27:44 henry | |
3121 | + * move sources from klips/src to klips/net/ipsec, to keep stupid | |
3122 | + * kernel-build scripts happier in the presence of symlinks | |
3123 | + * | |
3124 | + * Revision 1.2 1998/04/21 21:29:10 rgb | |
3125 | + * Rearrange debug switches to change on the fly debug output from user | |
3126 | + * space. Only kernel changes checked in at this time. radij.c was also | |
3127 | + * changed to temporarily remove buggy debugging code in rj_delete causing | |
3128 | + * an OOPS and hence, netlink device open errors. | |
3129 | + * | |
3130 | + * Revision 1.1 1998/04/09 03:05:58 henry | |
3131 | + * sources moved up from linux/net/ipsec | |
3132 | + * | |
3133 | + * Revision 1.1.1.1 1998/04/08 05:35:02 henry | |
3134 | + * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8 | |
3135 | + * | |
3136 | + * Revision 0.4 1997/01/15 01:28:15 ji | |
3137 | + * Minor cosmetic changes. | |
3138 | + * | |
3139 | + * Revision 0.3 1996/11/20 14:35:48 ji | |
3140 | + * Minor Cleanup. | |
3141 | + * Rationalized debugging code. | |
3142 | + * | |
3143 | + * Revision 0.2 1996/11/02 00:18:33 ji | |
3144 | + * First limited release. | |
3145 | + * | |
3146 | + * | |
3147 | + */ | |
3148 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
3149 | +++ linux/include/openswan/ipsec_eroute.h Mon Feb 9 13:51:03 2004 | |
3150 | @@ -0,0 +1,112 @@ | |
3151 | +/* | |
3152 | + * @(#) declarations of eroute structures | |
3153 | + * | |
3154 | + * Copyright (C) 1996, 1997 John Ioannidis. | |
3155 | + * Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs <rgb@freeswan.org> | |
3156 | + * Copyright (C) 2001 Michael Richardson <mcr@freeswan.org> | |
3157 | + * | |
3158 | + * This program is free software; you can redistribute it and/or modify it | |
3159 | + * under the terms of the GNU General Public License as published by the | |
3160 | + * Free Software Foundation; either version 2 of the License, or (at your | |
3161 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
3162 | + * | |
3163 | + * This program is distributed in the hope that it will be useful, but | |
3164 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
3165 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
3166 | + * for more details. | |
3167 | + * | |
3168 | + * RCSID $Id: ipsec_eroute.h,v 1.5 2004/04/05 19:55:05 mcr Exp $ | |
3169 | + * | |
3170 | + * derived from ipsec_encap.h 1.15 on 2001/9/18 by mcr. | |
3171 | + * | |
3172 | + */ | |
3173 | + | |
3174 | +#ifndef _IPSEC_EROUTE_H_ | |
3175 | + | |
3176 | +#include "radij.h" | |
3177 | +#include "ipsec_encap.h" | |
3178 | +#include "ipsec_radij.h" | |
3179 | + | |
3180 | +/* | |
3181 | + * The "type" is really part of the address as far as the routing | |
3182 | + * system is concerned. By using only one bit in the type field | |
3183 | + * for each type, we sort-of make sure that different types of | |
3184 | + * encapsulation addresses won't be matched against the wrong type. | |
3185 | + */ | |
3186 | + | |
3187 | +/* | |
3188 | + * An entry in the radix tree | |
3189 | + */ | |
3190 | + | |
3191 | +struct rjtentry | |
3192 | +{ | |
3193 | + struct radij_node rd_nodes[2]; /* tree glue, and other values */ | |
3194 | +#define rd_key(r) ((struct sockaddr_encap *)((r)->rd_nodes->rj_key)) | |
3195 | +#define rd_mask(r) ((struct sockaddr_encap *)((r)->rd_nodes->rj_mask)) | |
3196 | + short rd_flags; | |
3197 | + short rd_count; | |
3198 | +}; | |
3199 | + | |
3200 | +struct ident | |
3201 | +{ | |
3202 | + __u16 type; /* identity type */ | |
3203 | + __u64 id; /* identity id */ | |
3204 | + __u8 len; /* identity len */ | |
3205 | + caddr_t data; /* identity data */ | |
3206 | +}; | |
3207 | + | |
3208 | +/* | |
3209 | + * An encapsulation route consists of a pointer to a | |
3210 | + * radix tree entry and a SAID (a destination_address/SPI/protocol triple). | |
3211 | + */ | |
3212 | + | |
3213 | +struct eroute | |
3214 | +{ | |
3215 | + struct rjtentry er_rjt; | |
3216 | + ip_said er_said; | |
3217 | + uint32_t er_pid; | |
3218 | + uint32_t er_count; | |
3219 | + uint64_t er_lasttime; | |
3220 | + struct sockaddr_encap er_eaddr; /* MCR get rid of _encap, it is silly*/ | |
3221 | + struct sockaddr_encap er_emask; | |
3222 | + struct ident er_ident_s; | |
3223 | + struct ident er_ident_d; | |
3224 | + struct sk_buff* er_first; | |
3225 | + struct sk_buff* er_last; | |
3226 | +}; | |
3227 | + | |
3228 | +#define er_dst er_said.dst | |
3229 | +#define er_spi er_said.spi | |
3230 | + | |
3231 | +#define _IPSEC_EROUTE_H_ | |
3232 | +#endif /* _IPSEC_EROUTE_H_ */ | |
3233 | + | |
3234 | +/* | |
3235 | + * $Log: ipsec_eroute.h,v $ | |
3236 | + * Revision 1.5 2004/04/05 19:55:05 mcr | |
3237 | + * Moved from linux/include/freeswan/ipsec_eroute.h,v | |
3238 | + * | |
3239 | + * Revision 1.4 2003/10/31 02:27:05 mcr | |
3240 | + * pulled up port-selector patches and sa_id elimination. | |
3241 | + * | |
3242 | + * Revision 1.3.30.2 2003/10/29 01:10:19 mcr | |
3243 | + * elimited "struct sa_id" | |
3244 | + * | |
3245 | + * Revision 1.3.30.1 2003/09/21 13:59:38 mcr | |
3246 | + * pre-liminary X.509 patch - does not yet pass tests. | |
3247 | + * | |
3248 | + * Revision 1.3 2002/04/24 07:36:46 mcr | |
3249 | + * Moved from ./klips/net/ipsec/ipsec_eroute.h,v | |
3250 | + * | |
3251 | + * Revision 1.2 2001/11/26 09:16:13 rgb | |
3252 | + * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes. | |
3253 | + * | |
3254 | + * Revision 1.1.2.1 2001/09/25 02:18:54 mcr | |
3255 | + * struct eroute moved to ipsec_eroute.h | |
3256 | + * | |
3257 | + * | |
3258 | + * Local variables: | |
3259 | + * c-file-style: "linux" | |
3260 | + * End: | |
3261 | + * | |
3262 | + */ | |
3263 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
3264 | +++ linux/include/openswan/ipsec_errs.h Mon Feb 9 13:51:03 2004 | |
3265 | @@ -0,0 +1,53 @@ | |
3266 | +/* | |
3267 | + * @(#) definition of ipsec_errs structure | |
3268 | + * | |
3269 | + * Copyright (C) 2001 Richard Guy Briggs <rgb@freeswan.org> | |
3270 | + * and Michael Richardson <mcr@freeswan.org> | |
3271 | + * | |
3272 | + * This program is free software; you can redistribute it and/or modify it | |
3273 | + * under the terms of the GNU General Public License as published by the | |
3274 | + * Free Software Foundation; either version 2 of the License, or (at your | |
3275 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
3276 | + * | |
3277 | + * This program is distributed in the hope that it will be useful, but | |
3278 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
3279 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
3280 | + * for more details. | |
3281 | + * | |
3282 | + * RCSID $Id: ipsec_errs.h,v 1.4 2004/04/05 19:55:05 mcr Exp $ | |
3283 | + * | |
3284 | + */ | |
3285 | + | |
3286 | +/* | |
3287 | + * This file describes the errors/statistics that FreeSWAN collects. | |
3288 | + * | |
3289 | + */ | |
3290 | + | |
3291 | +struct ipsec_errs { | |
3292 | + __u32 ips_alg_errs; /* number of algorithm errors */ | |
3293 | + __u32 ips_auth_errs; /* # of authentication errors */ | |
3294 | + __u32 ips_encsize_errs; /* # of encryption size errors*/ | |
3295 | + __u32 ips_encpad_errs; /* # of encryption pad errors*/ | |
3296 | + __u32 ips_replaywin_errs; /* # of pkt sequence errors */ | |
3297 | +}; | |
3298 | + | |
3299 | +/* | |
3300 | + * $Log: ipsec_errs.h,v $ | |
3301 | + * Revision 1.4 2004/04/05 19:55:05 mcr | |
3302 | + * Moved from linux/include/freeswan/ipsec_errs.h,v | |
3303 | + * | |
3304 | + * Revision 1.3 2002/04/24 07:36:46 mcr | |
3305 | + * Moved from ./klips/net/ipsec/ipsec_errs.h,v | |
3306 | + * | |
3307 | + * Revision 1.2 2001/11/26 09:16:13 rgb | |
3308 | + * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes. | |
3309 | + * | |
3310 | + * Revision 1.1.2.1 2001/09/25 02:25:57 mcr | |
3311 | + * lifetime structure created and common functions created. | |
3312 | + * | |
3313 | + * | |
3314 | + * Local variables: | |
3315 | + * c-file-style: "linux" | |
3316 | + * End: | |
3317 | + * | |
3318 | + */ | |
3319 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
3320 | +++ linux/include/openswan/ipsec_esp.h Mon Feb 9 13:51:03 2004 | |
3321 | @@ -0,0 +1,157 @@ | |
3322 | +/* | |
3323 | + * Copyright (C) 1996, 1997 John Ioannidis. | |
3324 | + * Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs. | |
3325 | + * | |
3326 | + * This program is free software; you can redistribute it and/or modify it | |
3327 | + * under the terms of the GNU General Public License as published by the | |
3328 | + * Free Software Foundation; either version 2 of the License, or (at your | |
3329 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
3330 | + * | |
3331 | + * This program is distributed in the hope that it will be useful, but | |
3332 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
3333 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
3334 | + * for more details. | |
3335 | + * | |
3336 | + * RCSID $Id: ipsec_esp.h,v 1.28 2004/09/13 02:22:10 mcr Exp $ | |
3337 | + */ | |
3338 | + | |
3339 | +#include "openswan/ipsec_md5h.h" | |
3340 | +#include "openswan/ipsec_sha1.h" | |
3341 | + | |
3342 | +#include "crypto/des.h" | |
3343 | + | |
3344 | +#ifndef IPPROTO_ESP | |
3345 | +#define IPPROTO_ESP 50 | |
3346 | +#endif /* IPPROTO_ESP */ | |
3347 | + | |
3348 | +#define ESP_HEADER_LEN 8 /* 64 bits header (spi+rpl)*/ | |
3349 | + | |
3350 | +#define EMT_ESPDESCBC_ULEN 20 /* coming from user mode */ | |
3351 | +#define EMT_ESPDES_KMAX 64 /* 512 bit secret key enough? */ | |
3352 | +#define EMT_ESPDES_KEY_SZ 8 /* 56 bit secret key with parity = 64 bits */ | |
3353 | +#define EMT_ESP3DES_KEY_SZ 24 /* 168 bit secret key with parity = 192 bits */ | |
3354 | +#define EMT_ESPDES_IV_SZ 8 /* IV size */ | |
3355 | +#define ESP_DESCBC_BLKLEN 8 /* DES-CBC block size */ | |
3356 | + | |
3357 | +#define ESP_IV_MAXSZ 16 /* This is _critical_ */ | |
3358 | +#define ESP_IV_MAXSZ_INT (ESP_IV_MAXSZ/sizeof(int)) | |
3359 | + | |
3360 | +#define DB_ES_PKTRX 0x0001 | |
3361 | +#define DB_ES_PKTRX2 0x0002 | |
3362 | +#define DB_ES_IPSA 0x0010 | |
3363 | +#define DB_ES_XF 0x0020 | |
3364 | +#define DB_ES_IPAD 0x0040 | |
3365 | +#define DB_ES_INAU 0x0080 | |
3366 | +#define DB_ES_OINFO 0x0100 | |
3367 | +#define DB_ES_OINFO2 0x0200 | |
3368 | +#define DB_ES_OH 0x0400 | |
3369 | +#define DB_ES_REPLAY 0x0800 | |
3370 | + | |
3371 | +#ifdef __KERNEL__ | |
3372 | +struct des_eks { | |
3373 | + des_key_schedule ks; | |
3374 | +}; | |
3375 | + | |
3376 | +extern struct inet_protocol esp_protocol; | |
3377 | + | |
3378 | +struct options; | |
3379 | + | |
3380 | +struct esphdr | |
3381 | +{ | |
3382 | + __u32 esp_spi; /* Security Parameters Index */ | |
3383 | + __u32 esp_rpl; /* Replay counter */ | |
3384 | + __u8 esp_iv[8]; /* iv */ | |
3385 | +}; | |
3386 | + | |
3387 | +extern struct xform_functions esp_xform_funcs[]; | |
3388 | + | |
3389 | +#ifdef CONFIG_KLIPS_DEBUG | |
3390 | +extern int debug_esp; | |
3391 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
3392 | +#endif /* __KERNEL__ */ | |
3393 | + | |
3394 | +/* | |
3395 | + * $Log: ipsec_esp.h,v $ | |
3396 | + * Revision 1.28 2004/09/13 02:22:10 mcr | |
3397 | + * #define inet_protocol if necessary. | |
3398 | + * | |
3399 | + * Revision 1.27 2004/09/06 18:35:41 mcr | |
3400 | + * 2.6.8.1 gets rid of inet_protocol->net_protocol compatibility, | |
3401 | + * so adjust for that. | |
3402 | + * | |
3403 | + * Revision 1.26 2004/07/10 19:08:41 mcr | |
3404 | + * CONFIG_IPSEC -> CONFIG_KLIPS. | |
3405 | + * | |
3406 | + * Revision 1.25 2004/04/06 02:49:08 mcr | |
3407 | + * pullup of algo code from alg-branch. | |
3408 | + * | |
3409 | + * Revision 1.24 2004/04/05 19:55:05 mcr | |
3410 | + * Moved from linux/include/freeswan/ipsec_esp.h,v | |
3411 | + * | |
3412 | + * Revision 1.23 2004/04/05 19:41:05 mcr | |
3413 | + * merged alg-branch code. | |
3414 | + * | |
3415 | + * Revision 1.22 2003/12/13 19:10:16 mcr | |
3416 | + * refactored rcv and xmit code - same as FS 2.05. | |
3417 | + * | |
3418 | + * Revision 1.23 2003/12/11 20:14:58 mcr | |
3419 | + * refactored the xmit code, to move all encapsulation | |
3420 | + * code into protocol functions. Note that all functions | |
3421 | + * are essentially done by a single function, which is probably | |
3422 | + * wrong. | |
3423 | + * the rcv_functions structures are renamed xform_functions. | |
3424 | + * | |
3425 | + * Revision 1.22 2003/12/06 21:21:19 mcr | |
3426 | + * split up receive path into per-transform files, for | |
3427 | + * easier later removal. | |
3428 | + * | |
3429 | + * Revision 1.21.8.1 2003/12/22 15:25:52 jjo | |
3430 | + * Merged algo-0.8.1-rc11-test1 into alg-branch | |
3431 | + * | |
3432 | + * Revision 1.21 2003/02/06 02:21:34 rgb | |
3433 | + * | |
3434 | + * Moved "struct auth_alg" from ipsec_rcv.c to ipsec_ah.h . | |
3435 | + * Changed "struct ah" to "struct ahhdr" and "struct esp" to "struct esphdr". | |
3436 | + * Removed "#ifdef INBOUND_POLICY_CHECK_eroute" dead code. | |
3437 | + * | |
3438 | + * Revision 1.20 2002/05/14 02:37:02 rgb | |
3439 | + * Change reference from _TDB to _IPSA. | |
3440 | + * | |
3441 | + * Revision 1.19 2002/04/24 07:55:32 mcr | |
3442 | + * #include patches and Makefiles for post-reorg compilation. | |
3443 | + * | |
3444 | + * Revision 1.18 2002/04/24 07:36:46 mcr | |
3445 | + * Moved from ./klips/net/ipsec/ipsec_esp.h,v | |
3446 | + * | |
3447 | + * Revision 1.17 2002/02/20 01:27:07 rgb | |
3448 | + * Ditched a pile of structs only used by the old Netlink interface. | |
3449 | + * | |
3450 | + * Revision 1.16 2001/12/11 02:35:57 rgb | |
3451 | + * Change "struct net_device" to "struct device" for 2.2 compatibility. | |
3452 | + * | |
3453 | + * Revision 1.15 2001/11/26 09:23:48 rgb | |
3454 | + * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes. | |
3455 | + * | |
3456 | + * Revision 1.14.2.3 2001/10/23 04:16:42 mcr | |
3457 | + * get definition of des_key_schedule from des.h | |
3458 | + * | |
3459 | + * Revision 1.14.2.2 2001/10/22 20:33:13 mcr | |
3460 | + * use "des_key_schedule" structure instead of cooking our own. | |
3461 | + * | |
3462 | + * Revision 1.14.2.1 2001/09/25 02:18:25 mcr | |
3463 | + * replace "struct device" with "struct netdevice" | |
3464 | + * | |
3465 | + * Revision 1.14 2001/06/14 19:35:08 rgb | |
3466 | + * Update copyright date. | |
3467 | + * | |
3468 | + * Revision 1.13 2000/09/08 19:12:56 rgb | |
3469 | + * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG. | |
3470 | + * | |
3471 | + * Revision 1.12 2000/08/01 14:51:50 rgb | |
3472 | + * Removed _all_ remaining traces of DES. | |
3473 | + * | |
3474 | + * Revision 1.11 2000/01/10 16:36:20 rgb | |
3475 | + * Ditch last of EME option flags, including initiator. | |
3476 | + * | |
3477 | + * | |
3478 | + */ | |
3479 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
3480 | +++ linux/include/openswan/ipsec_ipcomp.h Mon Feb 9 13:51:03 2004 | |
3481 | @@ -0,0 +1,94 @@ | |
3482 | +/* | |
3483 | + * IP compression header declations | |
3484 | + * | |
3485 | + * Copyright (C) 2003 Michael Richardson <mcr@sandelman.ottawa.on.ca> | |
3486 | + * | |
3487 | + * This program is free software; you can redistribute it and/or modify it | |
3488 | + * under the terms of the GNU General Public License as published by the | |
3489 | + * Free Software Foundation; either version 2 of the License, or (at your | |
3490 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
3491 | + * | |
3492 | + * This program is distributed in the hope that it will be useful, but | |
3493 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
3494 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
3495 | + * for more details. | |
3496 | + * | |
3497 | + * RCSID $Id: ipsec_ipcomp.h,v 1.4 2004/07/10 19:08:41 mcr Exp $ | |
3498 | + */ | |
3499 | + | |
3500 | +#ifndef IPSEC_IPCOMP_H | |
3501 | +#define IPSEC_IPCOMP_H | |
3502 | + | |
3503 | +#include "openswan/ipsec_auth.h" | |
3504 | + | |
3505 | +/* Prefix all global deflate symbols with "ipcomp_" to avoid collisions with ppp_deflate & ext2comp */ | |
3506 | +#ifndef IPCOMP_PREFIX | |
3507 | +#define IPCOMP_PREFIX | |
3508 | +#endif /* IPCOMP_PREFIX */ | |
3509 | + | |
3510 | +#ifndef IPPROTO_COMP | |
3511 | +#define IPPROTO_COMP 108 | |
3512 | +#endif /* IPPROTO_COMP */ | |
3513 | + | |
3514 | +#ifdef CONFIG_KLIPS_DEBUG | |
3515 | +extern int sysctl_ipsec_debug_ipcomp; | |
3516 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
3517 | + | |
3518 | +struct ipcomphdr { /* IPCOMP header */ | |
3519 | + __u8 ipcomp_nh; /* Next header (protocol) */ | |
3520 | + __u8 ipcomp_flags; /* Reserved, must be 0 */ | |
3521 | + __u16 ipcomp_cpi; /* Compression Parameter Index */ | |
3522 | +}; | |
3523 | + | |
3524 | +extern struct inet_protocol comp_protocol; | |
3525 | +extern int sysctl_ipsec_debug_ipcomp; | |
3526 | + | |
3527 | +#define IPCOMP_UNCOMPRESSABLE 0x000000001 | |
3528 | +#define IPCOMP_COMPRESSIONERROR 0x000000002 | |
3529 | +#define IPCOMP_PARMERROR 0x000000004 | |
3530 | +#define IPCOMP_DECOMPRESSIONERROR 0x000000008 | |
3531 | + | |
3532 | +#define IPCOMP_ADAPT_INITIAL_TRIES 8 | |
3533 | +#define IPCOMP_ADAPT_INITIAL_SKIP 4 | |
3534 | +#define IPCOMP_ADAPT_SUBSEQ_TRIES 2 | |
3535 | +#define IPCOMP_ADAPT_SUBSEQ_SKIP 8 | |
3536 | + | |
3537 | +/* Function prototypes */ | |
3538 | +struct sk_buff *skb_compress(struct sk_buff *skb, struct ipsec_sa *ips, unsigned int *flags); | |
3539 | +struct sk_buff *skb_decompress(struct sk_buff *skb, struct ipsec_sa *ips, unsigned int *flags); | |
3540 | + | |
3541 | +extern struct xform_functions ipcomp_xform_funcs[]; | |
3542 | + | |
3543 | +#endif /* IPSEC_IPCOMP_H */ | |
3544 | + | |
3545 | +/* | |
3546 | + * $Log: ipsec_ipcomp.h,v $ | |
3547 | + * Revision 1.4 2004/07/10 19:08:41 mcr | |
3548 | + * CONFIG_IPSEC -> CONFIG_KLIPS. | |
3549 | + * | |
3550 | + * Revision 1.3 2004/04/06 02:49:08 mcr | |
3551 | + * pullup of algo code from alg-branch. | |
3552 | + * | |
3553 | + * Revision 1.2 2004/04/05 19:55:05 mcr | |
3554 | + * Moved from linux/include/freeswan/ipsec_ipcomp.h,v | |
3555 | + * | |
3556 | + * Revision 1.1 2003/12/13 19:10:16 mcr | |
3557 | + * refactored rcv and xmit code - same as FS 2.05. | |
3558 | + * | |
3559 | + * Revision 1.2 2003/12/11 20:14:58 mcr | |
3560 | + * refactored the xmit code, to move all encapsulation | |
3561 | + * code into protocol functions. Note that all functions | |
3562 | + * are essentially done by a single function, which is probably | |
3563 | + * wrong. | |
3564 | + * the rcv_functions structures are renamed xform_functions. | |
3565 | + * | |
3566 | + * Revision 1.1 2003/12/06 21:21:19 mcr | |
3567 | + * split up receive path into per-transform files, for | |
3568 | + * easier later removal. | |
3569 | + * | |
3570 | + * | |
3571 | + * | |
3572 | + */ | |
3573 | + | |
3574 | + | |
3575 | + | |
3576 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
3577 | +++ linux/include/openswan/ipsec_ipe4.h Mon Feb 9 13:51:03 2004 | |
3578 | @@ -0,0 +1,68 @@ | |
3579 | +/* | |
3580 | + * IP-in-IP Header declarations | |
3581 | + * Copyright (C) 1996, 1997 John Ioannidis. | |
3582 | + * Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs. | |
3583 | + * | |
3584 | + * This program is free software; you can redistribute it and/or modify it | |
3585 | + * under the terms of the GNU General Public License as published by the | |
3586 | + * Free Software Foundation; either version 2 of the License, or (at your | |
3587 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
3588 | + * | |
3589 | + * This program is distributed in the hope that it will be useful, but | |
3590 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
3591 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
3592 | + * for more details. | |
3593 | + * | |
3594 | + * RCSID $Id: ipsec_ipe4.h,v 1.6 2004/04/05 19:55:05 mcr Exp $ | |
3595 | + */ | |
3596 | + | |
3597 | +/* The packet header is an IP header! */ | |
3598 | + | |
3599 | +struct ipe4_xdata /* transform table data */ | |
3600 | +{ | |
3601 | + struct in_addr i4_src; | |
3602 | + struct in_addr i4_dst; | |
3603 | +}; | |
3604 | + | |
3605 | +#define EMT_IPE4_ULEN 8 /* coming from user mode */ | |
3606 | + | |
3607 | + | |
3608 | +/* | |
3609 | + * $Log: ipsec_ipe4.h,v $ | |
3610 | + * Revision 1.6 2004/04/05 19:55:05 mcr | |
3611 | + * Moved from linux/include/freeswan/ipsec_ipe4.h,v | |
3612 | + * | |
3613 | + * Revision 1.5 2002/04/24 07:36:46 mcr | |
3614 | + * Moved from ./klips/net/ipsec/ipsec_ipe4.h,v | |
3615 | + * | |
3616 | + * Revision 1.4 2001/06/14 19:35:08 rgb | |
3617 | + * Update copyright date. | |
3618 | + * | |
3619 | + * Revision 1.3 1999/04/11 00:28:57 henry | |
3620 | + * GPL boilerplate | |
3621 | + * | |
3622 | + * Revision 1.2 1999/04/06 04:54:25 rgb | |
3623 | + * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes | |
3624 | + * patch shell fixes. | |
3625 | + * | |
3626 | + * Revision 1.1 1998/06/18 21:27:47 henry | |
3627 | + * move sources from klips/src to klips/net/ipsec, to keep stupid | |
3628 | + * kernel-build scripts happier in the presence of symlinks | |
3629 | + * | |
3630 | + * Revision 1.1 1998/04/09 03:06:07 henry | |
3631 | + * sources moved up from linux/net/ipsec | |
3632 | + * | |
3633 | + * Revision 1.1.1.1 1998/04/08 05:35:03 henry | |
3634 | + * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8 | |
3635 | + * | |
3636 | + * Revision 0.4 1997/01/15 01:28:15 ji | |
3637 | + * No changes. | |
3638 | + * | |
3639 | + * Revision 0.3 1996/11/20 14:48:53 ji | |
3640 | + * Release update only. | |
3641 | + * | |
3642 | + * Revision 0.2 1996/11/02 00:18:33 ji | |
3643 | + * First limited release. | |
3644 | + * | |
3645 | + * | |
3646 | + */ | |
3647 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
3648 | +++ linux/include/openswan/ipsec_ipip.h Mon Feb 9 13:51:03 2004 | |
3649 | @@ -0,0 +1,45 @@ | |
3650 | +/* | |
3651 | + * Copyright (C) 2003 Michael Richardson <mcr@sandelman.ottawa.on.ca> | |
3652 | + * | |
3653 | + * This program is free software; you can redistribute it and/or modify it | |
3654 | + * under the terms of the GNU General Public License as published by the | |
3655 | + * Free Software Foundation; either version 2 of the License, or (at your | |
3656 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
3657 | + * | |
3658 | + * This program is distributed in the hope that it will be useful, but | |
3659 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
3660 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
3661 | + * for more details. | |
3662 | + * | |
3663 | + * RCSID $Id: ipsec_ipip.h,v 1.2 2004/04/05 19:55:05 mcr Exp $ | |
3664 | + */ | |
3665 | + | |
3666 | +#ifndef _IPSEC_IPIP_H_ | |
3667 | + | |
3668 | +#ifndef IPPROTO_IPIP | |
3669 | +#define IPPROTO_IPIP 4 | |
3670 | +#endif /* IPPROTO_ESP */ | |
3671 | + | |
3672 | +extern struct xform_functions ipip_xform_funcs[]; | |
3673 | + | |
3674 | +#define _IPSEC_IPIP_H_ | |
3675 | + | |
3676 | +#endif /* _IPSEC_IPIP_H_ */ | |
3677 | + | |
3678 | +/* | |
3679 | + * $Log: ipsec_ipip.h,v $ | |
3680 | + * Revision 1.2 2004/04/05 19:55:05 mcr | |
3681 | + * Moved from linux/include/freeswan/ipsec_ipip.h,v | |
3682 | + * | |
3683 | + * Revision 1.1 2003/12/13 19:10:16 mcr | |
3684 | + * refactored rcv and xmit code - same as FS 2.05. | |
3685 | + * | |
3686 | + * Revision 1.1 2003/12/11 20:14:58 mcr | |
3687 | + * refactored the xmit code, to move all encapsulation | |
3688 | + * code into protocol functions. Note that all functions | |
3689 | + * are essentially done by a single function, which is probably | |
3690 | + * wrong. | |
3691 | + * the rcv_functions structures are renamed xform_functions. | |
3692 | + * | |
3693 | + * | |
3694 | + */ | |
3695 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
3696 | +++ linux/include/openswan/ipsec_kern24.h Mon Feb 9 13:51:03 2004 | |
3697 | @@ -0,0 +1,61 @@ | |
3698 | +/* | |
3699 | + * @(#) routines to makes kernel 2.4 compatible with 2.6 usage. | |
3700 | + * | |
3701 | + * Copyright (C) 2004 Michael Richardson <mcr@sandelman.ottawa.on.ca> | |
3702 | + * | |
3703 | + * This program is free software; you can redistribute it and/or modify it | |
3704 | + * under the terms of the GNU General Public License as published by the | |
3705 | + * Free Software Foundation; either version 2 of the License, or (at your | |
3706 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
3707 | + * | |
3708 | + * This program is distributed in the hope that it will be useful, but | |
3709 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
3710 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
3711 | + * for more details. | |
3712 | + * | |
3713 | + * RCSID $Id: ipsec_kern24.h,v 1.4 2005/05/20 03:19:18 mcr Exp $ | |
3714 | + */ | |
3715 | + | |
3716 | +#ifndef _IPSEC_KERN24_H | |
3717 | + | |
3718 | +#ifndef NET_26 | |
3719 | +#define sk_receive_queue receive_queue | |
3720 | +#define sk_destruct destruct | |
3721 | +#define sk_reuse reuse | |
3722 | +#define sk_zapped zapped | |
3723 | +#define sk_family family | |
3724 | +#define sk_protocol protocol | |
3725 | +#define sk_protinfo protinfo | |
3726 | +#define sk_sleep sleep | |
3727 | +#define sk_state_change state_change | |
3728 | +#define sk_shutdown shutdown | |
3729 | +#define sk_err err | |
3730 | +#define sk_stamp stamp | |
3731 | +#define sk_socket socket | |
3732 | +#define sk_sndbuf sndbuf | |
3733 | +#define sock_flag(sk, flag) sk->dead | |
3734 | +#define sk_for_each(sk, node, plist) for(sk=*plist; sk!=NULL; sk = sk->next) | |
3735 | +#endif | |
3736 | + | |
3737 | +/* deal with 2.4 vs 2.6 issues with module counts */ | |
3738 | + | |
3739 | +/* in 2.6, all refcounts are maintained *outside* of the | |
3740 | + * module to deal with race conditions. | |
3741 | + */ | |
3742 | + | |
3743 | +#ifdef NET_26 | |
3744 | +#define KLIPS_INC_USE /* nothing */ | |
3745 | +#define KLIPS_DEC_USE /* nothing */ | |
3746 | + | |
3747 | +#else | |
3748 | +#define KLIPS_INC_USE MOD_INC_USE_COUNT | |
3749 | +#define KLIPS_DEC_USE MOD_DEC_USE_COUNT | |
3750 | +#endif | |
3751 | + | |
3752 | +extern int printk_ratelimit(void); | |
3753 | + | |
3754 | + | |
3755 | +#define _IPSEC_KERN24_H 1 | |
3756 | + | |
3757 | +#endif /* _IPSEC_KERN24_H */ | |
3758 | + | |
3759 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
3760 | +++ linux/include/openswan/ipsec_kversion.h Mon Feb 9 13:51:03 2004 | |
3761 | @@ -0,0 +1,352 @@ | |
3762 | +#ifndef _OPENSWAN_KVERSIONS_H | |
3763 | +/* | |
3764 | + * header file for FreeS/WAN library functions | |
3765 | + * Copyright (C) 1998, 1999, 2000 Henry Spencer. | |
3766 | + * Copyright (C) 1999, 2000, 2001 Richard Guy Briggs | |
3767 | + * | |
3768 | + * This library is free software; you can redistribute it and/or modify it | |
3769 | + * under the terms of the GNU Library General Public License as published by | |
3770 | + * the Free Software Foundation; either version 2 of the License, or (at your | |
3771 | + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. | |
3772 | + * | |
3773 | + * This library is distributed in the hope that it will be useful, but | |
3774 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
3775 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public | |
3776 | + * License for more details. | |
3777 | + * | |
3778 | + * RCSID $Id: ipsec_kversion.h,v 1.15.2.11 2007/02/20 03:53:16 paul Exp $ | |
3779 | + */ | |
3780 | +#define _OPENSWAN_KVERSIONS_H /* seen it, no need to see it again */ | |
3781 | + | |
3782 | +/* | |
3783 | + * this file contains a series of atomic defines that depend upon | |
3784 | + * kernel version numbers. The kernel versions are arranged | |
3785 | + * in version-order number (which is often not chronological) | |
3786 | + * and each clause enables or disables a feature. | |
3787 | + */ | |
3788 | + | |
3789 | +/* | |
3790 | + * First, assorted kernel-version-dependent trickery. | |
3791 | + */ | |
3792 | +#include <linux/version.h> | |
3793 | +#ifndef KERNEL_VERSION | |
3794 | +#define KERNEL_VERSION(x,y,z) (((x)<<16)+((y)<<8)+(z)) | |
3795 | +#endif | |
3796 | + | |
3797 | +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,1,0) | |
3798 | +#define HEADER_CACHE_BIND_21 | |
3799 | +#error "KLIPS is no longer supported on Linux 2.0. Sorry" | |
3800 | +#endif | |
3801 | + | |
3802 | +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,1,0) | |
3803 | +#define SPINLOCK | |
3804 | +#define PROC_FS_21 | |
3805 | +#define NETLINK_SOCK | |
3806 | +#define NET_21 | |
3807 | +#endif | |
3808 | + | |
3809 | +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,1,19) | |
3810 | +#define net_device_stats enet_statistics | |
3811 | +#endif | |
3812 | + | |
3813 | +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,0) | |
3814 | +#define SPINLOCK_23 | |
3815 | +#define NETDEV_23 | |
3816 | +# ifndef CONFIG_IP_ALIAS | |
3817 | +# define CONFIG_IP_ALIAS | |
3818 | +# endif | |
3819 | +#include <linux/socket.h> | |
3820 | +#include <linux/skbuff.h> | |
3821 | +#include <linux/netlink.h> | |
3822 | +# ifdef NETLINK_XFRM | |
3823 | +# define NETDEV_25 | |
3824 | +# endif | |
3825 | +#endif | |
3826 | + | |
3827 | +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,25) | |
3828 | +#define PROC_FS_2325 | |
3829 | +#undef PROC_FS_21 | |
3830 | +#endif | |
3831 | + | |
3832 | +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,30) | |
3833 | +#define PROC_NO_DUMMY | |
3834 | +#endif | |
3835 | + | |
3836 | +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,35) | |
3837 | +#define SKB_COPY_EXPAND | |
3838 | +#endif | |
3839 | + | |
3840 | +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,37) | |
3841 | +#define IP_SELECT_IDENT | |
3842 | +#endif | |
3843 | + | |
3844 | +#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,50)) && defined(CONFIG_NETFILTER) | |
3845 | +#define SKB_RESET_NFCT | |
3846 | +#endif | |
3847 | + | |
3848 | +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,4,2) | |
3849 | +#define IP_SELECT_IDENT_NEW | |
3850 | +#endif | |
3851 | + | |
3852 | +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,4,4) | |
3853 | +#define IPH_is_SKB_PULLED | |
3854 | +#define SKB_COW_NEW | |
3855 | +#define PROTO_HANDLER_SINGLE_PARM | |
3856 | +#define IP_FRAGMENT_LINEARIZE 1 | |
3857 | +#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,4,4) */ | |
3858 | +# ifdef REDHAT_BOGOSITY | |
3859 | +# define IP_SELECT_IDENT_NEW | |
3860 | +# define IPH_is_SKB_PULLED | |
3861 | +# define SKB_COW_NEW | |
3862 | +# define PROTO_HANDLER_SINGLE_PARM | |
3863 | +# endif /* REDHAT_BOGOSITY */ | |
3864 | +#endif /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,4,4) */ | |
3865 | + | |
3866 | +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,4,9) | |
3867 | +#define MALLOC_SLAB | |
3868 | +#define LINUX_KERNEL_HAS_SNPRINTF | |
3869 | +#endif | |
3870 | + | |
3871 | +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) | |
3872 | +#define HAVE_NETDEV_PRINTK 1 | |
3873 | +#define NET_26 | |
3874 | +#endif | |
3875 | + | |
3876 | +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,8) | |
3877 | +#define NEED_INET_PROTOCOL | |
3878 | +#endif | |
3879 | + | |
3880 | +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,12) | |
3881 | +#define HAVE_SOCK_ZAPPED | |
3882 | +#define NET_26_12_SKALLOC | |
3883 | +#endif | |
3884 | + | |
3885 | +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,13) | |
3886 | +#define HAVE_SOCK_SECURITY | |
3887 | +/* skb->nf_debug disappared completely in 2.6.13 */ | |
3888 | +#define HAVE_SKB_NF_DEBUG | |
3889 | +#endif | |
3890 | + | |
3891 | +#define SYSCTL_IPSEC_DEFAULT_TTL sysctl_ip_default_ttl | |
3892 | +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,14) | |
3893 | +/* skb->stamp changed to skb->tstamp in 2.6.14 */ | |
3894 | +#define HAVE_TSTAMP | |
3895 | +#define HAVE_INET_SK_SPORT | |
3896 | +#undef SYSCTL_IPSEC_DEFAULT_TTL | |
3897 | +#define SYSCTL_IPSEC_DEFAULT_TTL IPSEC_DEFAULT_TTL | |
3898 | +#else | |
3899 | +#define HAVE_SKB_LIST | |
3900 | +#endif | |
3901 | + | |
3902 | +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,18) | |
3903 | +#define HAVE_NEW_SKB_LINEARIZE | |
3904 | +#endif | |
3905 | + | |
3906 | +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,20) | |
3907 | +/* skb->nfmark changed to skb->mark in 2.6.20 */ | |
3908 | +#define nfmark mark | |
3909 | +#endif | |
3910 | + | |
3911 | +#ifdef NET_21 | |
3912 | +# include <linux/in6.h> | |
3913 | +#else | |
3914 | + /* old kernel in.h has some IPv6 stuff, but not quite enough */ | |
3915 | +# define s6_addr16 s6_addr | |
3916 | +# define AF_INET6 10 | |
3917 | +# define uint8_t __u8 | |
3918 | +# define uint16_t __u16 | |
3919 | +# define uint32_t __u32 | |
3920 | +# define uint64_t __u64 | |
3921 | +#endif | |
3922 | + | |
3923 | +#ifdef NET_21 | |
3924 | +# define ipsec_kfree_skb(a) kfree_skb(a) | |
3925 | +#else /* NET_21 */ | |
3926 | +# define ipsec_kfree_skb(a) kfree_skb(a, FREE_WRITE) | |
3927 | +#endif /* NET_21 */ | |
3928 | + | |
3929 | +#ifdef NETDEV_23 | |
3930 | +#if 0 | |
3931 | +#ifndef NETDEV_25 | |
3932 | +#define device net_device | |
3933 | +#endif | |
3934 | +#endif | |
3935 | +# define ipsec_dev_get dev_get_by_name | |
3936 | +# define __ipsec_dev_get __dev_get_by_name | |
3937 | +# define ipsec_dev_put(x) dev_put(x) | |
3938 | +# define __ipsec_dev_put(x) __dev_put(x) | |
3939 | +# define ipsec_dev_hold(x) dev_hold(x) | |
3940 | +#else /* NETDEV_23 */ | |
3941 | +# define ipsec_dev_get dev_get | |
3942 | +# define __ipsec_dev_put(x) | |
3943 | +# define ipsec_dev_put(x) | |
3944 | +# define ipsec_dev_hold(x) | |
3945 | +#endif /* NETDEV_23 */ | |
3946 | + | |
3947 | +#ifndef SPINLOCK | |
3948 | +# include <linux/bios32.h> | |
3949 | + /* simulate spin locks and read/write locks */ | |
3950 | + typedef struct { | |
3951 | + volatile char lock; | |
3952 | + } spinlock_t; | |
3953 | + | |
3954 | + typedef struct { | |
3955 | + volatile unsigned int lock; | |
3956 | + } rwlock_t; | |
3957 | + | |
3958 | +# define spin_lock_init(x) { (x)->lock = 0;} | |
3959 | +# define rw_lock_init(x) { (x)->lock = 0; } | |
3960 | + | |
3961 | +# define spin_lock(x) { while ((x)->lock) barrier(); (x)->lock=1;} | |
3962 | +# define spin_lock_irq(x) { cli(); spin_lock(x);} | |
3963 | +# define spin_lock_irqsave(x,flags) { save_flags(flags); spin_lock_irq(x);} | |
3964 | + | |
3965 | +# define spin_unlock(x) { (x)->lock=0;} | |
3966 | +# define spin_unlock_irq(x) { spin_unlock(x); sti();} | |
3967 | +# define spin_unlock_irqrestore(x,flags) { spin_unlock(x); restore_flags(flags);} | |
3968 | + | |
3969 | +# define read_lock(x) spin_lock(x) | |
3970 | +# define read_lock_irq(x) spin_lock_irq(x) | |
3971 | +# define read_lock_irqsave(x,flags) spin_lock_irqsave(x,flags) | |
3972 | + | |
3973 | +# define read_unlock(x) spin_unlock(x) | |
3974 | +# define read_unlock_irq(x) spin_unlock_irq(x) | |
3975 | +# define read_unlock_irqrestore(x,flags) spin_unlock_irqrestore(x,flags) | |
3976 | + | |
3977 | +# define write_lock(x) spin_lock(x) | |
3978 | +# define write_lock_irq(x) spin_lock_irq(x) | |
3979 | +# define write_lock_irqsave(x,flags) spin_lock_irqsave(x,flags) | |
3980 | + | |
3981 | +# define write_unlock(x) spin_unlock(x) | |
3982 | +# define write_unlock_irq(x) spin_unlock_irq(x) | |
3983 | +# define write_unlock_irqrestore(x,flags) spin_unlock_irqrestore(x,flags) | |
3984 | +#endif /* !SPINLOCK */ | |
3985 | + | |
3986 | +#ifndef SPINLOCK_23 | |
3987 | +# define spin_lock_bh(x) spin_lock_irq(x) | |
3988 | +# define spin_unlock_bh(x) spin_unlock_irq(x) | |
3989 | + | |
3990 | +# define read_lock_bh(x) read_lock_irq(x) | |
3991 | +# define read_unlock_bh(x) read_unlock_irq(x) | |
3992 | + | |
3993 | +# define write_lock_bh(x) write_lock_irq(x) | |
3994 | +# define write_unlock_bh(x) write_unlock_irq(x) | |
3995 | +#endif /* !SPINLOCK_23 */ | |
3996 | + | |
3997 | +#ifndef HAVE_NETDEV_PRINTK | |
3998 | +#define netdev_printk(sevlevel, netdev, msglevel, format, arg...) \ | |
3999 | + printk(sevlevel "%s: " format , netdev->name , ## arg) | |
4000 | +#endif | |
4001 | + | |
4002 | +#if LINUX_VERSION_CODE <= KERNEL_VERSION(2,6,0) | |
4003 | +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,4,0) | |
4004 | +#include "openswan/ipsec_kern24.h" | |
4005 | +#else | |
4006 | +#error "kernels before 2.4 are not supported at this time" | |
4007 | +#endif | |
4008 | +#endif | |
4009 | + | |
4010 | + | |
4011 | +#endif /* _OPENSWAN_KVERSIONS_H */ | |
4012 | + | |
4013 | +/* | |
4014 | + * $Log: ipsec_kversion.h,v $ | |
4015 | + * Revision 1.15.2.11 2007/02/20 03:53:16 paul | |
4016 | + * Added comment, made layout consistent with other checks. | |
4017 | + * | |
4018 | + * Revision 1.15.2.10 2007/02/16 19:08:12 paul | |
4019 | + * Fix for compiling on 2.6.20 (nfmark is now called mark in sk_buff) | |
4020 | + * | |
4021 | + * Revision 1.15.2.9 2006/07/29 05:00:40 paul | |
4022 | + * Added HAVE_NEW_SKB_LINEARIZE for 2.6.18+ kernels where skb_linearize | |
4023 | + * only takes 1 argument. | |
4024 | + * | |
4025 | + * Revision 1.15.2.8 2006/05/01 14:31:52 mcr | |
4026 | + * FREESWAN->OPENSWAN in #ifdef. | |
4027 | + * | |
4028 | + * Revision 1.15.2.7 2006/01/11 02:02:59 mcr | |
4029 | + * updated patches and DEFAULT_TTL code to work | |
4030 | + * | |
4031 | + * Revision 1.15.2.6 2006/01/03 19:25:02 ken | |
4032 | + * Remove duplicated #ifdef for TTL fix - bad patch | |
4033 | + * | |
4034 | + * Revision 1.15.2.5 2006/01/03 18:06:33 ken | |
4035 | + * Fix for missing sysctl default ttl | |
4036 | + * | |
4037 | + * Revision 1.15.2.4 2005/11/27 21:40:14 paul | |
4038 | + * Pull down TTL fixes from head. this fixes "Unknown symbol sysctl_ip_default_ttl" | |
4039 | + * in for klips as module. | |
4040 | + * | |
4041 | + * Revision 1.15.2.3 2005/11/22 04:11:52 ken | |
4042 | + * Backport fixes for 2.6.14 kernels from HEAD | |
4043 | + * | |
4044 | + * Revision 1.15.2.2 2005/09/01 01:57:19 paul | |
4045 | + * michael's fixes for 2.6.13 from head | |
4046 | + * | |
4047 | + * Revision 1.15.2.1 2005/08/27 23:13:48 paul | |
4048 | + * Fix for: | |
4049 | + * 7 weeks ago: [NET]: Remove unused security member in sk_buff | |
4050 | + * changeset 4280: 328ea53f5fee | |
4051 | + * parent 4279: beb0afb0e3f8 | |
4052 | + * author: Thomas Graf <tgraf@suug.ch> | |
4053 | + * date: Tue Jul 5 21:12:44 2005 | |
4054 | + * files: include/linux/skbuff.h include/linux/tc_ematch/tc_em_meta.h net/core/skbuff.c net/ipv4/ip_output.c net/ipv6/ip6_output.c net/sched/em_meta.c | |
4055 | + * | |
4056 | + * This should fix compilation on 2.6.13(rc) kernels | |
4057 | + * | |
4058 | + * Revision 1.15 2005/07/19 20:02:15 mcr | |
4059 | + * sk_alloc() interface change. | |
4060 | + * | |
4061 | + * Revision 1.14 2005/07/08 16:20:05 mcr | |
4062 | + * fix for 2.6.12 disapperance of sk_zapped field -> sock_flags. | |
4063 | + * | |
4064 | + * Revision 1.13 2005/05/20 03:19:18 mcr | |
4065 | + * modifications for use on 2.4.30 kernel, with backported | |
4066 | + * printk_ratelimit(). all warnings removed. | |
4067 | + * | |
4068 | + * Revision 1.12 2005/04/13 22:46:21 mcr | |
4069 | + * note that KLIPS does not work on Linux 2.0. | |
4070 | + * | |
4071 | + * Revision 1.11 2004/09/13 02:22:26 mcr | |
4072 | + * #define inet_protocol if necessary. | |
4073 | + * | |
4074 | + * Revision 1.10 2004/08/03 18:17:15 mcr | |
4075 | + * in 2.6, use "net_device" instead of #define device->net_device. | |
4076 | + * this probably breaks 2.0 compiles. | |
4077 | + * | |
4078 | + * Revision 1.9 2004/04/05 19:55:05 mcr | |
4079 | + * Moved from linux/include/freeswan/ipsec_kversion.h,v | |
4080 | + * | |
4081 | + * Revision 1.8 2003/12/13 19:10:16 mcr | |
4082 | + * refactored rcv and xmit code - same as FS 2.05. | |
4083 | + * | |
4084 | + * Revision 1.7 2003/07/31 22:48:08 mcr | |
4085 | + * derive NET25-ness from presence of NETLINK_XFRM macro. | |
4086 | + * | |
4087 | + * Revision 1.6 2003/06/24 20:22:32 mcr | |
4088 | + * added new global: ipsecdevices[] so that we can keep track of | |
4089 | + * the ipsecX devices. They will be referenced with dev_hold(), | |
4090 | + * so 2.2 may need this as well. | |
4091 | + * | |
4092 | + * Revision 1.5 2003/04/03 17:38:09 rgb | |
4093 | + * Centralised ipsec_kfree_skb and ipsec_dev_{get,put}. | |
4094 | + * | |
4095 | + * Revision 1.4 2002/04/24 07:36:46 mcr | |
4096 | + * Moved from ./klips/net/ipsec/ipsec_kversion.h,v | |
4097 | + * | |
4098 | + * Revision 1.3 2002/04/12 03:21:17 mcr | |
4099 | + * three parameter version of ip_select_ident appears first | |
4100 | + * in 2.4.2 (RH7.1) not 2.4.4. | |
4101 | + * | |
4102 | + * Revision 1.2 2002/03/08 21:35:22 rgb | |
4103 | + * Defined LINUX_KERNEL_HAS_SNPRINTF to shut up compiler warnings after | |
4104 | + * 2.4.9. (Andreas Piesk). | |
4105 | + * | |
4106 | + * Revision 1.1 2002/01/29 02:11:42 mcr | |
4107 | + * removal of kversions.h - sources that needed it now use ipsec_param.h. | |
4108 | + * updating of IPv6 structures to match latest in6.h version. | |
4109 | + * removed dead code from freeswan.h that also duplicated kversions.h | |
4110 | + * code. | |
4111 | + * | |
4112 | + * | |
4113 | + */ | |
4114 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
4115 | +++ linux/include/openswan/ipsec_life.h Mon Feb 9 13:51:03 2004 | |
4116 | @@ -0,0 +1,112 @@ | |
4117 | +/* | |
4118 | + * Definitions relevant to IPSEC lifetimes | |
4119 | + * Copyright (C) 2001 Richard Guy Briggs <rgb@freeswan.org> | |
4120 | + * and Michael Richardson <mcr@freeswan.org> | |
4121 | + * | |
4122 | + * This program is free software; you can redistribute it and/or modify it | |
4123 | + * under the terms of the GNU General Public License as published by the | |
4124 | + * Free Software Foundation; either version 2 of the License, or (at your | |
4125 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
4126 | + * | |
4127 | + * This program is distributed in the hope that it will be useful, but | |
4128 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
4129 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
4130 | + * for more details. | |
4131 | + * | |
4132 | + * RCSID $Id: ipsec_life.h,v 1.4 2004/04/05 19:55:05 mcr Exp $ | |
4133 | + * | |
4134 | + * This file derived from ipsec_xform.h on 2001/9/18 by mcr. | |
4135 | + * | |
4136 | + */ | |
4137 | + | |
4138 | +/* | |
4139 | + * This file describes the book keeping fields for the | |
4140 | + * IPsec Security Association Structure. ("ipsec_sa") | |
4141 | + * | |
4142 | + * This structure is never allocated directly by kernel code, | |
4143 | + * (it is always a static/auto or is part of a structure) | |
4144 | + * so it does not have a reference count. | |
4145 | + * | |
4146 | + */ | |
4147 | + | |
4148 | +#ifndef _IPSEC_LIFE_H_ | |
4149 | + | |
4150 | +/* | |
4151 | + * _count is total count. | |
4152 | + * _hard is hard limit (kill SA after this number) | |
4153 | + * _soft is soft limit (try to renew SA after this number) | |
4154 | + * _last is used in some special cases. | |
4155 | + * | |
4156 | + */ | |
4157 | + | |
4158 | +struct ipsec_lifetime64 | |
4159 | +{ | |
4160 | + __u64 ipl_count; | |
4161 | + __u64 ipl_soft; | |
4162 | + __u64 ipl_hard; | |
4163 | + __u64 ipl_last; | |
4164 | +}; | |
4165 | + | |
4166 | +struct ipsec_lifetimes | |
4167 | +{ | |
4168 | + /* number of bytes processed */ | |
4169 | + struct ipsec_lifetime64 ipl_bytes; | |
4170 | + | |
4171 | + /* number of packets processed */ | |
4172 | + struct ipsec_lifetime64 ipl_packets; | |
4173 | + | |
4174 | + /* time since SA was added */ | |
4175 | + struct ipsec_lifetime64 ipl_addtime; | |
4176 | + | |
4177 | + /* time since SA was first used */ | |
4178 | + struct ipsec_lifetime64 ipl_usetime; | |
4179 | + | |
4180 | + /* from rfc2367: | |
4181 | + * For CURRENT, the number of different connections, | |
4182 | + * endpoints, or flows that the association has been | |
4183 | + * allocated towards. For HARD and SOFT, the number of | |
4184 | + * these the association may be allocated towards | |
4185 | + * before it expires. The concept of a connection, | |
4186 | + * flow, or endpoint is system specific. | |
4187 | + * | |
4188 | + * mcr(2001-9-18) it is unclear what purpose these serve for FreeSWAN. | |
4189 | + * They are maintained for PF_KEY compatibility. | |
4190 | + */ | |
4191 | + struct ipsec_lifetime64 ipl_allocations; | |
4192 | +}; | |
4193 | + | |
4194 | +enum ipsec_life_alive { | |
4195 | + ipsec_life_harddied = -1, | |
4196 | + ipsec_life_softdied = 0, | |
4197 | + ipsec_life_okay = 1 | |
4198 | +}; | |
4199 | + | |
4200 | +enum ipsec_life_type { | |
4201 | + ipsec_life_timebased = 1, | |
4202 | + ipsec_life_countbased= 0 | |
4203 | +}; | |
4204 | + | |
4205 | +#define _IPSEC_LIFE_H_ | |
4206 | +#endif /* _IPSEC_LIFE_H_ */ | |
4207 | + | |
4208 | + | |
4209 | +/* | |
4210 | + * $Log: ipsec_life.h,v $ | |
4211 | + * Revision 1.4 2004/04/05 19:55:05 mcr | |
4212 | + * Moved from linux/include/freeswan/ipsec_life.h,v | |
4213 | + * | |
4214 | + * Revision 1.3 2002/04/24 07:36:46 mcr | |
4215 | + * Moved from ./klips/net/ipsec/ipsec_life.h,v | |
4216 | + * | |
4217 | + * Revision 1.2 2001/11/26 09:16:14 rgb | |
4218 | + * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes. | |
4219 | + * | |
4220 | + * Revision 1.1.2.1 2001/09/25 02:25:58 mcr | |
4221 | + * lifetime structure created and common functions created. | |
4222 | + * | |
4223 | + * | |
4224 | + * Local variables: | |
4225 | + * c-file-style: "linux" | |
4226 | + * End: | |
4227 | + * | |
4228 | + */ | |
4229 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
4230 | +++ linux/include/openswan/ipsec_md5h.h Mon Feb 9 13:51:03 2004 | |
4231 | @@ -0,0 +1,143 @@ | |
4232 | +/* | |
4233 | + * RCSID $Id: ipsec_md5h.h,v 1.10 2004/09/08 17:21:35 ken Exp $ | |
4234 | + */ | |
4235 | + | |
4236 | +/* | |
4237 | + * The rest of this file is Copyright RSA DSI. See the following comments | |
4238 | + * for the full Copyright notice. | |
4239 | + */ | |
4240 | + | |
4241 | +#ifndef _IPSEC_MD5H_H_ | |
4242 | +#define _IPSEC_MD5H_H_ | |
4243 | + | |
4244 | +/* GLOBAL.H - RSAREF types and constants | |
4245 | + */ | |
4246 | + | |
4247 | +/* PROTOTYPES should be set to one if and only if the compiler supports | |
4248 | + function argument prototyping. | |
4249 | + The following makes PROTOTYPES default to 0 if it has not already | |
4250 | + been defined with C compiler flags. | |
4251 | + */ | |
4252 | +#ifndef PROTOTYPES | |
4253 | +#define PROTOTYPES 1 | |
4254 | +#endif /* !PROTOTYPES */ | |
4255 | + | |
4256 | +/* POINTER defines a generic pointer type */ | |
4257 | +typedef __u8 *POINTER; | |
4258 | + | |
4259 | +/* UINT2 defines a two byte word */ | |
4260 | +typedef __u16 UINT2; | |
4261 | + | |
4262 | +/* UINT4 defines a four byte word */ | |
4263 | +typedef __u32 UINT4; | |
4264 | + | |
4265 | +/* PROTO_LIST is defined depending on how PROTOTYPES is defined above. | |
4266 | + If using PROTOTYPES, then PROTO_LIST returns the list, otherwise it | |
4267 | + returns an empty list. | |
4268 | + */ | |
4269 | + | |
4270 | +#if PROTOTYPES | |
4271 | +#define PROTO_LIST(list) list | |
4272 | +#else /* PROTOTYPES */ | |
4273 | +#define PROTO_LIST(list) () | |
4274 | +#endif /* PROTOTYPES */ | |
4275 | + | |
4276 | + | |
4277 | +/* MD5.H - header file for MD5C.C | |
4278 | + */ | |
4279 | + | |
4280 | +/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All | |
4281 | +rights reserved. | |
4282 | + | |
4283 | +License to copy and use this software is granted provided that it | |
4284 | +is identified as the "RSA Data Security, Inc. MD5 Message-Digest | |
4285 | +Algorithm" in all material mentioning or referencing this software | |
4286 | +or this function. | |
4287 | + | |
4288 | +License is also granted to make and use derivative works provided | |
4289 | +that such works are identified as "derived from the RSA Data | |
4290 | +Security, Inc. MD5 Message-Digest Algorithm" in all material | |
4291 | +mentioning or referencing the derived work. | |
4292 | + | |
4293 | +RSA Data Security, Inc. makes no representations concerning either | |
4294 | +the merchantability of this software or the suitability of this | |
4295 | +software for any particular purpose. It is provided "as is" | |
4296 | +without express or implied warranty of any kind. | |
4297 | + | |
4298 | +These notices must be retained in any copies of any part of this | |
4299 | +documentation and/or software. | |
4300 | + */ | |
4301 | + | |
4302 | +/* MD5 context. */ | |
4303 | +typedef struct { | |
4304 | + UINT4 state[4]; /* state (ABCD) */ | |
4305 | + UINT4 count[2]; /* number of bits, modulo 2^64 (lsb first) */ | |
4306 | + unsigned char buffer[64]; /* input buffer */ | |
4307 | +} MD5_CTX; | |
4308 | + | |
4309 | +void osMD5Init PROTO_LIST ((void *)); | |
4310 | +void osMD5Update PROTO_LIST | |
4311 | + ((void *, unsigned char *, __u32)); | |
4312 | +void osMD5Final PROTO_LIST ((unsigned char [16], void *)); | |
4313 | + | |
4314 | +#endif /* _IPSEC_MD5H_H_ */ | |
4315 | + | |
4316 | +/* | |
4317 | + * $Log: ipsec_md5h.h,v $ | |
4318 | + * Revision 1.10 2004/09/08 17:21:35 ken | |
4319 | + * Rename MD5* -> osMD5 functions to prevent clashes with other symbols exported by kernel modules (CIFS in 2.6 initiated this) | |
4320 | + * | |
4321 | + * Revision 1.9 2004/04/05 19:55:05 mcr | |
4322 | + * Moved from linux/include/freeswan/ipsec_md5h.h,v | |
4323 | + * | |
4324 | + * Revision 1.8 2002/09/10 01:45:09 mcr | |
4325 | + * changed type of MD5_CTX and SHA1_CTX to void * so that | |
4326 | + * the function prototypes would match, and could be placed | |
4327 | + * into a pointer to a function. | |
4328 | + * | |
4329 | + * Revision 1.7 2002/04/24 07:36:46 mcr | |
4330 | + * Moved from ./klips/net/ipsec/ipsec_md5h.h,v | |
4331 | + * | |
4332 | + * Revision 1.6 1999/12/13 13:59:13 rgb | |
4333 | + * Quick fix to argument size to Update bugs. | |
4334 | + * | |
4335 | + * Revision 1.5 1999/12/07 18:16:23 rgb | |
4336 | + * Fixed comments at end of #endif lines. | |
4337 | + * | |
4338 | + * Revision 1.4 1999/04/06 04:54:26 rgb | |
4339 | + * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes | |
4340 | + * patch shell fixes. | |
4341 | + * | |
4342 | + * Revision 1.3 1999/01/22 06:19:58 rgb | |
4343 | + * 64-bit clean-up. | |
4344 | + * | |
4345 | + * Revision 1.2 1998/11/30 13:22:54 rgb | |
4346 | + * Rationalised all the klips kernel file headers. They are much shorter | |
4347 | + * now and won't conflict under RH5.2. | |
4348 | + * | |
4349 | + * Revision 1.1 1998/06/18 21:27:48 henry | |
4350 | + * move sources from klips/src to klips/net/ipsec, to keep stupid | |
4351 | + * kernel-build scripts happier in the presence of symlinks | |
4352 | + * | |
4353 | + * Revision 1.2 1998/04/23 20:54:03 rgb | |
4354 | + * Fixed md5 and sha1 include file nesting issues, to be cleaned up when | |
4355 | + * verified. | |
4356 | + * | |
4357 | + * Revision 1.1 1998/04/09 03:04:21 henry | |
4358 | + * sources moved up from linux/net/ipsec | |
4359 | + * these two include files modified not to include others except in kernel | |
4360 | + * | |
4361 | + * Revision 1.1.1.1 1998/04/08 05:35:03 henry | |
4362 | + * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8 | |
4363 | + * | |
4364 | + * Revision 0.4 1997/01/15 01:28:15 ji | |
4365 | + * No changes. | |
4366 | + * | |
4367 | + * Revision 0.3 1996/11/20 14:48:53 ji | |
4368 | + * Release update only. | |
4369 | + * | |
4370 | + * Revision 0.2 1996/11/02 00:18:33 ji | |
4371 | + * First limited release. | |
4372 | + * | |
4373 | + * | |
4374 | + */ | |
4375 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
4376 | +++ linux/include/openswan/ipsec_param.h Mon Feb 9 13:51:03 2004 | |
4377 | @@ -0,0 +1,387 @@ | |
4378 | +/* | |
4379 | + * @(#) Openswan tunable paramaters | |
4380 | + * | |
4381 | + * Copyright (C) 2001 Richard Guy Briggs <rgb@freeswan.org> | |
4382 | + * and Michael Richardson <mcr@freeswan.org> | |
4383 | + * Copyright (C) 2004 Michael Richardson <mcr@xelerance.com> | |
4384 | + * | |
4385 | + * This program is free software; you can redistribute it and/or modify it | |
4386 | + * under the terms of the GNU General Public License as published by the | |
4387 | + * Free Software Foundation; either version 2 of the License, or (at your | |
4388 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
4389 | + * | |
4390 | + * This program is distributed in the hope that it will be useful, but | |
4391 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
4392 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
4393 | + * for more details. | |
4394 | + * | |
4395 | + * RCSID $Id: ipsec_param.h,v 1.29.6.3 2006/05/01 14:32:31 mcr Exp $ | |
4396 | + * | |
4397 | + */ | |
4398 | + | |
4399 | +/* | |
4400 | + * This file provides a set of #define's which may be tuned by various | |
4401 | + * people/configurations. It keeps all compile-time tunables in one place. | |
4402 | + * | |
4403 | + * This file should be included before all other IPsec kernel-only files. | |
4404 | + * | |
4405 | + */ | |
4406 | + | |
4407 | +#ifndef _IPSEC_PARAM_H_ | |
4408 | + | |
4409 | +#ifdef __KERNEL__ | |
4410 | +#include "ipsec_kversion.h" | |
4411 | + | |
4412 | +/* Set number of ipsecX virtual devices here. */ | |
4413 | +/* This must be < exp(field width of IPSEC_DEV_FORMAT) */ | |
4414 | +/* It must also be reasonable so as not to overload the memory and CPU */ | |
4415 | +/* constraints of the host. */ | |
4416 | +#define IPSEC_NUM_IF 4 | |
4417 | +/* The field width must be < IF_NAM_SIZ - strlen("ipsec") - 1. */ | |
4418 | +/* With "ipsec" being 5 characters, that means 10 is the max field width */ | |
4419 | +/* but machine memory and CPU constraints are not likely to tollerate */ | |
4420 | +/* more than 3 digits. The default is one digit. */ | |
4421 | +/* Update: userland scripts get upset if they can't find "ipsec0", so */ | |
4422 | +/* for now, no "0"-padding should be used (which would have been helpful */ | |
4423 | +/* to make text-searches work */ | |
4424 | +#define IPSEC_DEV_FORMAT "ipsec%d" | |
4425 | +/* For, say, 500 virtual ipsec devices, I would recommend: */ | |
4426 | +/* #define IPSEC_NUM_IF 500 */ | |
4427 | +/* #define IPSEC_DEV_FORMAT "ipsec%03d" */ | |
4428 | +/* Note that the "interfaces=" line in /etc/ipsec.conf would be, um, challenging. */ | |
4429 | + | |
4430 | +/* use dynamic ipsecX device allocation */ | |
4431 | +#ifndef CONFIG_KLIPS_DYNDEV | |
4432 | +#define CONFIG_KLIPS_DYNDEV 1 | |
4433 | +#endif /* CONFIG_KLIPS_DYNDEV */ | |
4434 | + | |
4435 | + | |
4436 | +#ifdef CONFIG_KLIPS_BIGGATE | |
4437 | +# define SADB_HASHMOD 8069 | |
4438 | +#else /* CONFIG_KLIPS_BIGGATE */ | |
4439 | +# define SADB_HASHMOD 257 | |
4440 | +#endif /* CONFIG_KLIPS_BIGGATE */ | |
4441 | +#endif /* __KERNEL__ */ | |
4442 | + | |
4443 | +/* | |
4444 | + * This is for the SA reference table. This number is related to the | |
4445 | + * maximum number of SAs that KLIPS can concurrently deal with, plus enough | |
4446 | + * space for keeping expired SAs around. | |
4447 | + * | |
4448 | + * TABLE_MAX_WIDTH is the number of bits that we will use. | |
4449 | + * MAIN_TABLE_WIDTH is the number of bits used for the primary index table. | |
4450 | + * | |
4451 | + */ | |
4452 | +#ifndef IPSEC_SA_REF_TABLE_IDX_WIDTH | |
4453 | +# define IPSEC_SA_REF_TABLE_IDX_WIDTH 16 | |
4454 | +#endif | |
4455 | + | |
4456 | +#ifndef IPSEC_SA_REF_MAINTABLE_IDX_WIDTH | |
4457 | +# define IPSEC_SA_REF_MAINTABLE_IDX_WIDTH 4 | |
4458 | +#endif | |
4459 | + | |
4460 | +#ifndef IPSEC_SA_REF_FREELIST_NUM_ENTRIES | |
4461 | +# define IPSEC_SA_REF_FREELIST_NUM_ENTRIES 256 | |
4462 | +#endif | |
4463 | + | |
4464 | +#ifndef IPSEC_SA_REF_CODE | |
4465 | +# define IPSEC_SA_REF_CODE 1 | |
4466 | +#endif | |
4467 | + | |
4468 | +#ifdef __KERNEL__ | |
4469 | +/* This is defined for 2.4, but not 2.2.... */ | |
4470 | +#ifndef ARPHRD_VOID | |
4471 | +# define ARPHRD_VOID 0xFFFF | |
4472 | +#endif | |
4473 | + | |
4474 | +/* always turn on IPIP mode */ | |
4475 | +#ifndef CONFIG_KLIPS_IPIP | |
4476 | +#define CONFIG_KLIPS_IPIP 1 | |
4477 | +#endif | |
4478 | + | |
4479 | +/* | |
4480 | + * Worry about PROC_FS stuff | |
4481 | + */ | |
4482 | +#if defined(PROC_FS_2325) | |
4483 | +/* kernel 2.4 */ | |
4484 | +# define IPSEC_PROC_LAST_ARG ,int *eof,void *data | |
4485 | +# define IPSEC_PROCFS_DEBUG_NO_STATIC | |
4486 | +# define IPSEC_PROC_SUBDIRS | |
4487 | +#else | |
4488 | +/* kernel <2.4 */ | |
4489 | +# define IPSEC_PROCFS_DEBUG_NO_STATIC DEBUG_NO_STATIC | |
4490 | + | |
4491 | +# ifndef PROC_NO_DUMMY | |
4492 | +# define IPSEC_PROC_LAST_ARG , int dummy | |
4493 | +# else | |
4494 | +# define IPSEC_PROC_LAST_ARG | |
4495 | +# endif /* !PROC_NO_DUMMY */ | |
4496 | +#endif /* PROC_FS_2325 */ | |
4497 | + | |
4498 | +#if !defined(LINUX_KERNEL_HAS_SNPRINTF) | |
4499 | +/* GNU CPP specific! */ | |
4500 | +# define snprintf(buf, len, fmt...) sprintf(buf, ##fmt) | |
4501 | +#endif /* !LINUX_KERNEL_HAS_SNPRINTF */ | |
4502 | + | |
4503 | +#ifdef SPINLOCK | |
4504 | +# ifdef SPINLOCK_23 | |
4505 | +# include <linux/spinlock.h> /* *lock* */ | |
4506 | +# else /* SPINLOCK_23 */ | |
4507 | +# include <asm/spinlock.h> /* *lock* */ | |
4508 | +# endif /* SPINLOCK_23 */ | |
4509 | +#endif /* SPINLOCK */ | |
4510 | + | |
4511 | +#ifndef KLIPS_FIXES_DES_PARITY | |
4512 | +# define KLIPS_FIXES_DES_PARITY 1 | |
4513 | +#endif /* !KLIPS_FIXES_DES_PARITY */ | |
4514 | + | |
4515 | +/* we don't really want to print these unless there are really big problems */ | |
4516 | +#ifndef KLIPS_DIVULGE_CYPHER_KEY | |
4517 | +# define KLIPS_DIVULGE_CYPHER_KEY 0 | |
4518 | +#endif /* !KLIPS_DIVULGE_CYPHER_KEY */ | |
4519 | + | |
4520 | +#ifndef KLIPS_DIVULGE_HMAC_KEY | |
4521 | +# define KLIPS_DIVULGE_HMAC_KEY 0 | |
4522 | +#endif /* !KLIPS_DIVULGE_HMAC_KEY */ | |
4523 | + | |
4524 | +#ifndef IPSEC_DISALLOW_IPOPTIONS | |
4525 | +# define IPSEC_DISALLOW_IPOPTIONS 1 | |
4526 | +#endif /* !KLIPS_DIVULGE_HMAC_KEY */ | |
4527 | + | |
4528 | +/* extra toggles for regression testing */ | |
4529 | +#ifdef CONFIG_KLIPS_REGRESS | |
4530 | + | |
4531 | +/* | |
4532 | + * should pfkey_acquire() become 100% lossy? | |
4533 | + * | |
4534 | + */ | |
4535 | +extern int sysctl_ipsec_regress_pfkey_lossage; | |
4536 | +#ifndef KLIPS_PFKEY_ACQUIRE_LOSSAGE | |
4537 | +# ifdef CONFIG_KLIPS_PFKEY_ACQUIRE_LOSSAGE | |
4538 | +# define KLIPS_PFKEY_ACQUIRE_LOSSAGE 100 | |
4539 | +# endif /* CONFIG_KLIPS_PFKEY_ACQUIRE_LOSSAGE */ | |
4540 | +#else | |
4541 | +#define KLIPS_PFKEY_ACQUIRE_LOSSAGE 0 | |
4542 | +#endif /* KLIPS_PFKEY_ACQUIRE_LOSSAGE */ | |
4543 | + | |
4544 | +#else /* CONFIG_KLIPS_REGRESS */ | |
4545 | +#define KLIPS_PFKEY_ACQUIRE_LOSSAGE 0 | |
4546 | + | |
4547 | +#endif /* CONFIG_KLIPS_REGRESS */ | |
4548 | + | |
4549 | + | |
4550 | +/* | |
4551 | + * debugging routines. | |
4552 | + */ | |
4553 | +#define KLIPS_ERROR(flag, format, args...) if(printk_ratelimit() || flag) printk(KERN_ERR "KLIPS " format, ## args) | |
4554 | +#ifdef CONFIG_KLIPS_DEBUG | |
4555 | +extern void ipsec_print_ip(struct iphdr *ip); | |
4556 | + | |
4557 | + #define KLIPS_PRINT(flag, format, args...) \ | |
4558 | + ((flag) ? printk(KERN_INFO format , ## args) : 0) | |
4559 | + #define KLIPS_PRINTMORE(flag, format, args...) \ | |
4560 | + ((flag) ? printk(format , ## args) : 0) | |
4561 | + #define KLIPS_IP_PRINT(flag, ip) \ | |
4562 | + ((flag) ? ipsec_print_ip(ip) : 0) | |
4563 | +#else /* CONFIG_KLIPS_DEBUG */ | |
4564 | + #define KLIPS_PRINT(flag, format, args...) do ; while(0) | |
4565 | + #define KLIPS_PRINTMORE(flag, format, args...) do ; while(0) | |
4566 | + #define KLIPS_IP_PRINT(flag, ip) do ; while(0) | |
4567 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
4568 | + | |
4569 | + | |
4570 | +/* | |
4571 | + * Stupid kernel API differences in APIs. Not only do some | |
4572 | + * kernels not have ip_select_ident, but some have differing APIs, | |
4573 | + * and SuSE has one with one parameter, but no way of checking to | |
4574 | + * see what is really what. | |
4575 | + */ | |
4576 | + | |
4577 | +#ifdef SUSE_LINUX_2_4_19_IS_STUPID | |
4578 | +#define KLIPS_IP_SELECT_IDENT(iph, skb) ip_select_ident(iph) | |
4579 | +#else | |
4580 | + | |
4581 | +/* simplest case, nothing */ | |
4582 | +#if !defined(IP_SELECT_IDENT) | |
4583 | +#define KLIPS_IP_SELECT_IDENT(iph, skb) do { iph->id = htons(ip_id_count++); } while(0) | |
4584 | +#endif | |
4585 | + | |
4586 | +/* kernels > 2.3.37-ish */ | |
4587 | +#if defined(IP_SELECT_IDENT) && !defined(IP_SELECT_IDENT_NEW) | |
4588 | +#define KLIPS_IP_SELECT_IDENT(iph, skb) ip_select_ident(iph, skb->dst) | |
4589 | +#endif | |
4590 | + | |
4591 | +/* kernels > 2.4.2 */ | |
4592 | +#if defined(IP_SELECT_IDENT) && defined(IP_SELECT_IDENT_NEW) | |
4593 | +#define KLIPS_IP_SELECT_IDENT(iph, skb) ip_select_ident(iph, skb->dst, NULL) | |
4594 | +#endif | |
4595 | + | |
4596 | +#endif /* SUSE_LINUX_2_4_19_IS_STUPID */ | |
4597 | + | |
4598 | +/* | |
4599 | + * make klips fail test:east-espiv-01. | |
4600 | + * exploit is at testing/attacks/espiv | |
4601 | + * | |
4602 | + */ | |
4603 | +#define KLIPS_IMPAIRMENT_ESPIV_CBC_ATTACK 0 | |
4604 | + | |
4605 | + | |
4606 | +/* IP_FRAGMENT_LINEARIZE is set in freeswan.h if Kernel > 2.4.4 */ | |
4607 | +#ifndef IP_FRAGMENT_LINEARIZE | |
4608 | +# define IP_FRAGMENT_LINEARIZE 0 | |
4609 | +#endif /* IP_FRAGMENT_LINEARIZE */ | |
4610 | +#endif /* __KERNEL__ */ | |
4611 | + | |
4612 | +#ifdef NEED_INET_PROTOCOL | |
4613 | +#define inet_protocol net_protocol | |
4614 | +#endif | |
4615 | + | |
4616 | +#if defined(CONFIG_IPSEC_NAT_TRAVERSAL) && CONFIG_IPSEC_NAT_TRAVERSAL | |
4617 | +#define NAT_TRAVERSAL 1 | |
4618 | +#else | |
4619 | +/* let people either #undef, or #define = 0 it */ | |
4620 | +#ifdef CONFIG_IPSEC_NAT_TRAVERSAL | |
4621 | +#undef CONFIG_IPSEC_NAT_TRAVERSAL | |
4622 | +#endif | |
4623 | +#endif | |
4624 | + | |
4625 | +#ifndef IPSEC_DEFAULT_TTL | |
4626 | +#define IPSEC_DEFAULT_TTL 64 | |
4627 | +#endif | |
4628 | + | |
4629 | +#define _IPSEC_PARAM_H_ | |
4630 | +#endif /* _IPSEC_PARAM_H_ */ | |
4631 | + | |
4632 | +/* | |
4633 | + * $Log: ipsec_param.h,v $ | |
4634 | + * Revision 1.29.6.3 2006/05/01 14:32:31 mcr | |
4635 | + * added KLIPS_ERROR and make sure that things work without CONFIG_KLIPS_REGRESS. | |
4636 | + * | |
4637 | + * Revision 1.29.6.2 2005/11/27 21:40:14 paul | |
4638 | + * Pull down TTL fixes from head. this fixes "Unknown symbol sysctl_ip_default_ttl" | |
4639 | + * in for klips as module. | |
4640 | + * | |
4641 | + * Revision 1.29.6.1 2005/08/12 16:24:18 ken | |
4642 | + * Pull in NAT-T compile logic from HEAD | |
4643 | + * | |
4644 | + * Revision 1.29 2005/01/26 00:50:35 mcr | |
4645 | + * adjustment of confusion of CONFIG_IPSEC_NAT vs CONFIG_KLIPS_NAT, | |
4646 | + * and make sure that NAT_TRAVERSAL is set as well to match | |
4647 | + * userspace compiles of code. | |
4648 | + * | |
4649 | + * Revision 1.28 2004/09/13 15:50:15 mcr | |
4650 | + * spell NEED_INET properly, not NET_INET. | |
4651 | + * | |
4652 | + * Revision 1.27 2004/09/13 02:21:45 mcr | |
4653 | + * always turn on IPIP mode. | |
4654 | + * #define inet_protocol if necessary. | |
4655 | + * | |
4656 | + * Revision 1.26 2004/08/17 03:25:43 mcr | |
4657 | + * freeswan->openswan. | |
4658 | + * | |
4659 | + * Revision 1.25 2004/07/10 19:08:41 mcr | |
4660 | + * CONFIG_IPSEC -> CONFIG_KLIPS. | |
4661 | + * | |
4662 | + * Revision 1.24 2004/04/05 19:55:06 mcr | |
4663 | + * Moved from linux/include/freeswan/ipsec_param.h,v | |
4664 | + * | |
4665 | + * Revision 1.23 2003/12/13 19:10:16 mcr | |
4666 | + * refactored rcv and xmit code - same as FS 2.05. | |
4667 | + * | |
4668 | + * Revision 1.22 2003/10/31 02:27:05 mcr | |
4669 | + * pulled up port-selector patches and sa_id elimination. | |
4670 | + * | |
4671 | + * Revision 1.21.4.1 2003/10/29 01:10:19 mcr | |
4672 | + * elimited "struct sa_id" | |
4673 | + * | |
4674 | + * Revision 1.21 2003/04/03 17:38:18 rgb | |
4675 | + * Centralised ipsec_kfree_skb and ipsec_dev_{get,put}. | |
4676 | + * Change indentation for readability. | |
4677 | + * | |
4678 | + * Revision 1.20 2003/03/14 08:09:26 rgb | |
4679 | + * Fixed up CONFIG_IPSEC_DYNDEV definitions. | |
4680 | + * | |
4681 | + * Revision 1.19 2003/01/30 02:31:43 rgb | |
4682 | + * | |
4683 | + * Rename SAref table macro names for clarity. | |
4684 | + * | |
4685 | + * Revision 1.18 2002/09/30 19:06:26 rgb | |
4686 | + * Reduce default table to 16 bits width. | |
4687 | + * | |
4688 | + * Revision 1.17 2002/09/20 15:40:29 rgb | |
4689 | + * Define switch to activate new SAref code. | |
4690 | + * Prefix macros with "IPSEC_". | |
4691 | + * Rework saref freelist. | |
4692 | + * Restrict some bits to kernel context for use to klips utils. | |
4693 | + * | |
4694 | + * Revision 1.16 2002/09/20 05:00:31 rgb | |
4695 | + * Define switch to divulge hmac keys for debugging. | |
4696 | + * Added IPOPTIONS switch. | |
4697 | + * | |
4698 | + * Revision 1.15 2002/09/19 02:34:24 mcr | |
4699 | + * define IPSEC_PROC_SUBDIRS if we are 2.4, and use that in ipsec_proc.c | |
4700 | + * to decide if we are to create /proc/net/ipsec/. | |
4701 | + * | |
4702 | + * Revision 1.14 2002/08/30 01:20:54 mcr | |
4703 | + * reorganized 2.0/2.2/2.4 procfs support macro so match | |
4704 | + * 2.4 values/typedefs. | |
4705 | + * | |
4706 | + * Revision 1.13 2002/07/28 22:03:28 mcr | |
4707 | + * added some documentation to SA_REF_* | |
4708 | + * turned on fix for ESPIV attack, now that we have the attack code. | |
4709 | + * | |
4710 | + * Revision 1.12 2002/07/26 08:48:31 rgb | |
4711 | + * Added SA ref table code. | |
4712 | + * | |
4713 | + * Revision 1.11 2002/07/23 02:57:45 rgb | |
4714 | + * Define ARPHRD_VOID for < 2.4 kernels. | |
4715 | + * | |
4716 | + * Revision 1.10 2002/05/27 21:37:28 rgb | |
4717 | + * Set the defaults sanely for those adventurous enough to try more than 1 | |
4718 | + * digit of ipsec devices. | |
4719 | + * | |
4720 | + * Revision 1.9 2002/05/27 18:56:07 rgb | |
4721 | + * Convert to dynamic ipsec device allocation. | |
4722 | + * | |
4723 | + * Revision 1.8 2002/04/24 07:36:47 mcr | |
4724 | + * Moved from ./klips/net/ipsec/ipsec_param.h,v | |
4725 | + * | |
4726 | + * Revision 1.7 2002/04/20 00:12:25 rgb | |
4727 | + * Added esp IV CBC attack fix, disabled. | |
4728 | + * | |
4729 | + * Revision 1.6 2002/01/29 02:11:42 mcr | |
4730 | + * removal of kversions.h - sources that needed it now use ipsec_param.h. | |
4731 | + * updating of IPv6 structures to match latest in6.h version. | |
4732 | + * removed dead code from freeswan.h that also duplicated kversions.h | |
4733 | + * code. | |
4734 | + * | |
4735 | + * Revision 1.5 2002/01/28 19:22:01 mcr | |
4736 | + * by default, turn off LINEARIZE option | |
4737 | + * (let kversions.h turn it on) | |
4738 | + * | |
4739 | + * Revision 1.4 2002/01/20 20:19:36 mcr | |
4740 | + * renamed option to IP_FRAGMENT_LINEARIZE. | |
4741 | + * | |
4742 | + * Revision 1.3 2002/01/12 02:57:25 mcr | |
4743 | + * first regression test causes acquire messages to be lost | |
4744 | + * 100% of the time. This is to help testing of pluto. | |
4745 | + * | |
4746 | + * Revision 1.2 2001/11/26 09:16:14 rgb | |
4747 | + * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes. | |
4748 | + * | |
4749 | + * Revision 1.1.2.3 2001/10/23 04:40:16 mcr | |
4750 | + * added #define for DIVULGING session keys in debug output. | |
4751 | + * | |
4752 | + * Revision 1.1.2.2 2001/10/22 20:53:25 mcr | |
4753 | + * added a define to control forcing of DES parity. | |
4754 | + * | |
4755 | + * Revision 1.1.2.1 2001/09/25 02:20:19 mcr | |
4756 | + * many common kernel configuration questions centralized. | |
4757 | + * more things remain that should be moved from freeswan.h. | |
4758 | + * | |
4759 | + * | |
4760 | + * Local variables: | |
4761 | + * c-file-style: "linux" | |
4762 | + * End: | |
4763 | + * | |
4764 | + */ | |
4765 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
4766 | +++ linux/include/openswan/ipsec_policy.h Mon Feb 9 13:51:03 2004 | |
4767 | @@ -0,0 +1,217 @@ | |
4768 | +#ifndef _IPSEC_POLICY_H | |
4769 | +/* | |
4770 | + * policy interface file between pluto and applications | |
4771 | + * Copyright (C) 2003 Michael Richardson <mcr@freeswan.org> | |
4772 | + * | |
4773 | + * This library is free software; you can redistribute it and/or modify it | |
4774 | + * under the terms of the GNU Library General Public License as published by | |
4775 | + * the Free Software Foundation; either version 2 of the License, or (at your | |
4776 | + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. | |
4777 | + * | |
4778 | + * This library is distributed in the hope that it will be useful, but | |
4779 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
4780 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public | |
4781 | + * License for more details. | |
4782 | + * | |
4783 | + * RCSID $Id: ipsec_policy.h,v 1.7.6.1 2005/07/26 01:53:07 ken Exp $ | |
4784 | + */ | |
4785 | +#define _IPSEC_POLICY_H /* seen it, no need to see it again */ | |
4786 | + | |
4787 | + | |
4788 | +/* | |
4789 | + * this file defines an interface between an application (or rather an | |
4790 | + * application library) and a key/policy daemon. It provides for inquiries | |
4791 | + * as to the current state of a connected socket, as well as for general | |
4792 | + * questions. | |
4793 | + * | |
4794 | + * In general, the interface is defined as a series of functional interfaces, | |
4795 | + * and the policy messages should be internal. However, because this is in | |
4796 | + * fact an ABI between pieces of the system that may get compiled and revised | |
4797 | + * seperately, this ABI must be public and revision controlled. | |
4798 | + * | |
4799 | + * It is expected that the daemon will always support previous versions. | |
4800 | + */ | |
4801 | + | |
4802 | +#define IPSEC_POLICY_MSG_REVISION (unsigned)200305061 | |
4803 | + | |
4804 | +enum ipsec_policy_command { | |
4805 | + IPSEC_CMD_QUERY_FD = 1, | |
4806 | + IPSEC_CMD_QUERY_HOSTPAIR = 2, | |
4807 | + IPSEC_CMD_QUERY_DSTONLY = 3, | |
4808 | +}; | |
4809 | + | |
4810 | +struct ipsec_policy_msg_head { | |
4811 | + u_int32_t ipm_version; | |
4812 | + u_int32_t ipm_msg_len; | |
4813 | + u_int32_t ipm_msg_type; | |
4814 | + u_int32_t ipm_msg_seq; | |
4815 | +}; | |
4816 | + | |
4817 | +enum ipsec_privacy_quality { | |
4818 | + IPSEC_PRIVACY_NONE = 0, | |
4819 | + IPSEC_PRIVACY_INTEGRAL = 4, /* not private at all. AH-like */ | |
4820 | + IPSEC_PRIVACY_UNKNOWN = 8, /* something is claimed, but details unavail */ | |
4821 | + IPSEC_PRIVACY_ROT13 = 12, /* trivially breakable, i.e. 1DES */ | |
4822 | + IPSEC_PRIVACY_GAK = 16, /* known eavesdroppers */ | |
4823 | + IPSEC_PRIVACY_PRIVATE = 32, /* secure for at least a decade */ | |
4824 | + IPSEC_PRIVACY_STRONG = 64, /* ridiculously secure */ | |
4825 | + IPSEC_PRIVACY_TORTOISE = 192, /* even stronger, but very slow */ | |
4826 | + IPSEC_PRIVACY_OTP = 224, /* some kind of *true* one time pad */ | |
4827 | +}; | |
4828 | + | |
4829 | +enum ipsec_bandwidth_quality { | |
4830 | + IPSEC_QOS_UNKNOWN = 0, /* unknown bandwidth */ | |
4831 | + IPSEC_QOS_INTERACTIVE = 16, /* reasonably moderate jitter, moderate fast. | |
4832 | + Good enough for telnet/ssh. */ | |
4833 | + IPSEC_QOS_VOIP = 32, /* faster crypto, predicable jitter */ | |
4834 | + IPSEC_QOS_FTP = 64, /* higher throughput crypto, perhaps hardware | |
4835 | + offloaded, but latency/jitter may be bad */ | |
4836 | + IPSEC_QOS_WIRESPEED = 128, /* expect to be able to fill your pipe */ | |
4837 | +}; | |
4838 | + | |
4839 | +/* moved from programs/pluto/constants.h */ | |
4840 | +/* IPsec AH transform values | |
4841 | + * RFC2407 The Internet IP security Domain of Interpretation for ISAKMP 4.4.3 | |
4842 | + * and in http://www.iana.org/assignments/isakmp-registry | |
4843 | + */ | |
4844 | +enum ipsec_authentication_algo { | |
4845 | + AH_MD5=2, | |
4846 | + AH_SHA=3, | |
4847 | + AH_DES=4, | |
4848 | + AH_SHA2_256=5, | |
4849 | + AH_SHA2_384=6, | |
4850 | + AH_SHA2_512=7 | |
4851 | +}; | |
4852 | + | |
4853 | +/* IPsec ESP transform values | |
4854 | + * RFC2407 The Internet IP security Domain of Interpretation for ISAKMP 4.4.4 | |
4855 | + * and from http://www.iana.org/assignments/isakmp-registry | |
4856 | + */ | |
4857 | + | |
4858 | +enum ipsec_cipher_algo { | |
4859 | + ESP_reserved=0, | |
4860 | + ESP_DES_IV64=1, | |
4861 | + ESP_DES=2, | |
4862 | + ESP_3DES=3, | |
4863 | + ESP_RC5=4, | |
4864 | + ESP_IDEA=5, | |
4865 | + ESP_CAST=6, | |
4866 | + ESP_BLOWFISH=7, | |
4867 | + ESP_3IDEA=8, | |
4868 | + ESP_DES_IV32=9, | |
4869 | + ESP_RC4=10, | |
4870 | + ESP_NULL=11, | |
4871 | + ESP_AES=12, /* 128 bit AES */ | |
4872 | +}; | |
4873 | + | |
4874 | +/* IPCOMP transform values | |
4875 | + * RFC2407 The Internet IP security Domain of Interpretation for ISAKMP 4.4.5 | |
4876 | + */ | |
4877 | + | |
4878 | +enum ipsec_comp_algo { | |
4879 | + IPCOMP_OUI= 1, | |
4880 | + IPCOMP_DEFLATE= 2, | |
4881 | + IPCOMP_LZS= 3, | |
4882 | + IPCOMP_V42BIS= 4 | |
4883 | +}; | |
4884 | + | |
4885 | +/* Identification type values | |
4886 | + * RFC 2407 The Internet IP security Domain of Interpretation for ISAKMP 4.6.2.1 | |
4887 | + */ | |
4888 | + | |
4889 | +enum ipsec_id_type { | |
4890 | + ID_IMPOSSIBLE= (-2), /* private to Pluto */ | |
4891 | + ID_MYID= (-1), /* private to Pluto */ | |
4892 | + ID_NONE= 0, /* private to Pluto */ | |
4893 | + ID_IPV4_ADDR= 1, | |
4894 | + ID_FQDN= 2, | |
4895 | + ID_USER_FQDN= 3, | |
4896 | + ID_IPV4_ADDR_SUBNET= 4, | |
4897 | + ID_IPV6_ADDR= 5, | |
4898 | + ID_IPV6_ADDR_SUBNET= 6, | |
4899 | + ID_IPV4_ADDR_RANGE= 7, | |
4900 | + ID_IPV6_ADDR_RANGE= 8, | |
4901 | + ID_DER_ASN1_DN= 9, | |
4902 | + ID_DER_ASN1_GN= 10, | |
4903 | + ID_KEY_ID= 11 | |
4904 | +}; | |
4905 | + | |
4906 | +/* Certificate type values | |
4907 | + * RFC 2408 ISAKMP, chapter 3.9 | |
4908 | + */ | |
4909 | +enum ipsec_cert_type { | |
4910 | + CERT_NONE= 0, /* none, or guess from file contents */ | |
4911 | + CERT_PKCS7_WRAPPED_X509= 1, /* self-signed certificate from disk */ | |
4912 | + CERT_PGP= 2, | |
4913 | + CERT_DNS_SIGNED_KEY= 3, /* KEY RR from DNS */ | |
4914 | + CERT_X509_SIGNATURE= 4, | |
4915 | + CERT_X509_KEY_EXCHANGE= 5, | |
4916 | + CERT_KERBEROS_TOKENS= 6, | |
4917 | + CERT_CRL= 7, | |
4918 | + CERT_ARL= 8, | |
4919 | + CERT_SPKI= 9, | |
4920 | + CERT_X509_ATTRIBUTE= 10, | |
4921 | + CERT_RAW_RSA= 11, /* raw RSA from config file */ | |
4922 | +}; | |
4923 | + | |
4924 | +/* a SIG record in ASCII */ | |
4925 | +struct ipsec_dns_sig { | |
4926 | + char fqdn[256]; | |
4927 | + char dns_sig[768]; /* empty string if not signed */ | |
4928 | +}; | |
4929 | + | |
4930 | +struct ipsec_raw_key { | |
4931 | + char id_name[256]; | |
4932 | + char fs_keyid[8]; | |
4933 | +}; | |
4934 | + | |
4935 | +struct ipsec_identity { | |
4936 | + enum ipsec_id_type ii_type; | |
4937 | + enum ipsec_cert_type ii_format; | |
4938 | + union { | |
4939 | + struct ipsec_dns_sig ipsec_dns_signed; | |
4940 | + /* some thing for PGP */ | |
4941 | + /* some thing for PKIX */ | |
4942 | + struct ipsec_raw_key ipsec_raw_key; | |
4943 | + } ii_credential; | |
4944 | +}; | |
4945 | + | |
4946 | +#define IPSEC_MAX_CREDENTIALS 32 | |
4947 | + | |
4948 | +struct ipsec_policy_cmd_query { | |
4949 | + struct ipsec_policy_msg_head head; | |
4950 | + | |
4951 | + /* Query section */ | |
4952 | + ip_address query_local; /* us */ | |
4953 | + ip_address query_remote; /* them */ | |
4954 | + u_int8_t proto; /* TCP, ICMP, etc. */ | |
4955 | + u_short src_port, dst_port; | |
4956 | + | |
4957 | + /* Answer section */ | |
4958 | + enum ipsec_privacy_quality strength; | |
4959 | + enum ipsec_bandwidth_quality bandwidth; | |
4960 | + enum ipsec_authentication_algo auth_detail; | |
4961 | + enum ipsec_cipher_algo esp_detail; | |
4962 | + enum ipsec_comp_algo comp_detail; | |
4963 | + | |
4964 | + int credential_count; | |
4965 | + | |
4966 | + struct ipsec_identity credentials[IPSEC_MAX_CREDENTIALS]; | |
4967 | +}; | |
4968 | + | |
4969 | +#define IPSEC_POLICY_SOCKET "/var/run/pluto/pluto.info" | |
4970 | + | |
4971 | +/* prototypes */ | |
4972 | +extern err_t ipsec_policy_lookup(int fd, struct ipsec_policy_cmd_query *result); | |
4973 | +extern err_t ipsec_policy_init(void); | |
4974 | +extern err_t ipsec_policy_final(void); | |
4975 | +extern err_t ipsec_policy_readmsg(int policysock, | |
4976 | + unsigned char *buf, size_t buflen); | |
4977 | +extern err_t ipsec_policy_sendrecv(unsigned char *buf, size_t buflen); | |
4978 | +extern err_t ipsec_policy_cgilookup(struct ipsec_policy_cmd_query *result); | |
4979 | + | |
4980 | + | |
4981 | +extern const char *ipsec_policy_version_code(void); | |
4982 | +extern const char *ipsec_policy_version_string(void); | |
4983 | + | |
4984 | +#endif /* _IPSEC_POLICY_H */ | |
4985 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
4986 | +++ linux/include/openswan/ipsec_proto.h Mon Feb 9 13:51:03 2004 | |
4987 | @@ -0,0 +1,199 @@ | |
4988 | +/* | |
4989 | + * @(#) prototypes for FreeSWAN functions | |
4990 | + * | |
4991 | + * Copyright (C) 2001 Richard Guy Briggs <rgb@freeswan.org> | |
4992 | + * and Michael Richardson <mcr@freeswan.org> | |
4993 | + * | |
4994 | + * This program is free software; you can redistribute it and/or modify it | |
4995 | + * under the terms of the GNU General Public License as published by the | |
4996 | + * Free Software Foundation; either version 2 of the License, or (at your | |
4997 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
4998 | + * | |
4999 | + * This program is distributed in the hope that it will be useful, but | |
5000 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
5001 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
5002 | + * for more details. | |
5003 | + * | |
5004 | + * RCSID $Id: ipsec_proto.h,v 1.14 2005/04/29 04:50:03 mcr Exp $ | |
5005 | + * | |
5006 | + */ | |
5007 | + | |
5008 | +#ifndef _IPSEC_PROTO_H_ | |
5009 | + | |
5010 | +#include "ipsec_param.h" | |
5011 | + | |
5012 | +/* | |
5013 | + * This file is a kernel only file that declares prototypes for | |
5014 | + * all intra-module function calls and global data structures. | |
5015 | + * | |
5016 | + * Include this file last. | |
5017 | + * | |
5018 | + */ | |
5019 | + | |
5020 | +/* forward references */ | |
5021 | +enum ipsec_direction; | |
5022 | +enum ipsec_life_type; | |
5023 | +struct ipsec_lifetime64; | |
5024 | +struct ident; | |
5025 | +struct sockaddr_encap; | |
5026 | +struct ipsec_sa; | |
5027 | + | |
5028 | +/* ipsec_init.c */ | |
5029 | +extern struct prng ipsec_prng; | |
5030 | + | |
5031 | +/* ipsec_sa.c */ | |
5032 | +extern struct ipsec_sa *ipsec_sadb_hash[SADB_HASHMOD]; | |
5033 | +extern spinlock_t tdb_lock; | |
5034 | +extern int ipsec_sadb_init(void); | |
5035 | +extern int ipsec_sadb_cleanup(__u8); | |
5036 | + | |
5037 | +extern struct ipsec_sa *ipsec_sa_alloc(int*error); | |
5038 | + | |
5039 | + | |
5040 | +extern struct ipsec_sa *ipsec_sa_getbyid(ip_said *); | |
5041 | +extern int ipsec_sa_put(struct ipsec_sa *); | |
5042 | +extern /* void */ int ipsec_sa_del(struct ipsec_sa *); | |
5043 | +extern /* void */ int ipsec_sa_delchain(struct ipsec_sa *); | |
5044 | +extern /* void */ int ipsec_sa_add(struct ipsec_sa *); | |
5045 | + | |
5046 | +extern int ipsec_sa_init(struct ipsec_sa *ipsp); | |
5047 | +extern int ipsec_sa_wipe(struct ipsec_sa *ipsp); | |
5048 | + | |
5049 | +/* debug declarations */ | |
5050 | + | |
5051 | +/* ipsec_proc.c */ | |
5052 | +extern int ipsec_proc_init(void); | |
5053 | +extern void ipsec_proc_cleanup(void); | |
5054 | + | |
5055 | +/* ipsec_rcv.c */ | |
5056 | +extern int ipsec_rcv(struct sk_buff *skb); | |
5057 | +extern int klips26_rcv_encap(struct sk_buff *skb, __u16 encap_type); | |
5058 | + | |
5059 | +/* ipsec_xmit.c */ | |
5060 | +struct ipsec_xmit_state; | |
5061 | +extern enum ipsec_xmit_value ipsec_xmit_sanity_check_dev(struct ipsec_xmit_state *ixs); | |
5062 | +extern enum ipsec_xmit_value ipsec_xmit_sanity_check_skb(struct ipsec_xmit_state *ixs); | |
5063 | +extern void ipsec_print_ip(struct iphdr *ip); | |
5064 | + | |
5065 | + | |
5066 | + | |
5067 | +/* ipsec_radij.c */ | |
5068 | +extern int ipsec_makeroute(struct sockaddr_encap *ea, | |
5069 | + struct sockaddr_encap *em, | |
5070 | + ip_said said, | |
5071 | + uint32_t pid, | |
5072 | + struct sk_buff *skb, | |
5073 | + struct ident *ident_s, | |
5074 | + struct ident *ident_d); | |
5075 | + | |
5076 | +extern int ipsec_breakroute(struct sockaddr_encap *ea, | |
5077 | + struct sockaddr_encap *em, | |
5078 | + struct sk_buff **first, | |
5079 | + struct sk_buff **last); | |
5080 | + | |
5081 | +int ipsec_radijinit(void); | |
5082 | +int ipsec_cleareroutes(void); | |
5083 | +int ipsec_radijcleanup(void); | |
5084 | + | |
5085 | +/* ipsec_life.c */ | |
5086 | +extern enum ipsec_life_alive ipsec_lifetime_check(struct ipsec_lifetime64 *il64, | |
5087 | + const char *lifename, | |
5088 | + const char *saname, | |
5089 | + enum ipsec_life_type ilt, | |
5090 | + enum ipsec_direction idir, | |
5091 | + struct ipsec_sa *ips); | |
5092 | + | |
5093 | + | |
5094 | +extern int ipsec_lifetime_format(char *buffer, | |
5095 | + int buflen, | |
5096 | + char *lifename, | |
5097 | + enum ipsec_life_type timebaselife, | |
5098 | + struct ipsec_lifetime64 *lifetime); | |
5099 | + | |
5100 | +extern void ipsec_lifetime_update_hard(struct ipsec_lifetime64 *lifetime, | |
5101 | + __u64 newvalue); | |
5102 | + | |
5103 | +extern void ipsec_lifetime_update_soft(struct ipsec_lifetime64 *lifetime, | |
5104 | + __u64 newvalue); | |
5105 | + | |
5106 | +/* ipsec_snprintf.c */ | |
5107 | +extern int ipsec_snprintf(char * buf, ssize_t size, const char *fmt, ...); | |
5108 | +extern void ipsec_dmp_block(char *s, caddr_t bb, int len); | |
5109 | + | |
5110 | + | |
5111 | +/* ipsec_alg.c */ | |
5112 | +extern int ipsec_alg_init(void); | |
5113 | + | |
5114 | + | |
5115 | +#ifdef CONFIG_KLIPS_DEBUG | |
5116 | + | |
5117 | +extern int debug_xform; | |
5118 | +extern int debug_eroute; | |
5119 | +extern int debug_spi; | |
5120 | +extern int debug_netlink; | |
5121 | + | |
5122 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
5123 | + | |
5124 | + | |
5125 | + | |
5126 | + | |
5127 | +#define _IPSEC_PROTO_H | |
5128 | +#endif /* _IPSEC_PROTO_H_ */ | |
5129 | + | |
5130 | +/* | |
5131 | + * $Log: ipsec_proto.h,v $ | |
5132 | + * Revision 1.14 2005/04/29 04:50:03 mcr | |
5133 | + * prototypes for xmit and alg code. | |
5134 | + * | |
5135 | + * Revision 1.13 2005/04/17 03:46:07 mcr | |
5136 | + * added prototypes for ipsec_rcv() routines. | |
5137 | + * | |
5138 | + * Revision 1.12 2005/04/14 20:28:37 mcr | |
5139 | + * added additional prototypes. | |
5140 | + * | |
5141 | + * Revision 1.11 2005/04/14 01:16:28 mcr | |
5142 | + * add prototypes for snprintf. | |
5143 | + * | |
5144 | + * Revision 1.10 2005/04/13 22:47:28 mcr | |
5145 | + * make sure that forward references are available. | |
5146 | + * | |
5147 | + * Revision 1.9 2004/07/10 19:08:41 mcr | |
5148 | + * CONFIG_IPSEC -> CONFIG_KLIPS. | |
5149 | + * | |
5150 | + * Revision 1.8 2004/04/05 19:55:06 mcr | |
5151 | + * Moved from linux/include/freeswan/ipsec_proto.h,v | |
5152 | + * | |
5153 | + * Revision 1.7 2003/10/31 02:27:05 mcr | |
5154 | + * pulled up port-selector patches and sa_id elimination. | |
5155 | + * | |
5156 | + * Revision 1.6.30.1 2003/10/29 01:10:19 mcr | |
5157 | + * elimited "struct sa_id" | |
5158 | + * | |
5159 | + * Revision 1.6 2002/05/23 07:13:48 rgb | |
5160 | + * Added ipsec_sa_put() for releasing an ipsec_sa refcount. | |
5161 | + * | |
5162 | + * Revision 1.5 2002/05/14 02:36:40 rgb | |
5163 | + * Converted reference from ipsec_sa_put to ipsec_sa_add to avoid confusion | |
5164 | + * with "put" usage in the kernel. | |
5165 | + * | |
5166 | + * Revision 1.4 2002/04/24 07:36:47 mcr | |
5167 | + * Moved from ./klips/net/ipsec/ipsec_proto.h,v | |
5168 | + * | |
5169 | + * Revision 1.3 2002/04/20 00:12:25 rgb | |
5170 | + * Added esp IV CBC attack fix, disabled. | |
5171 | + * | |
5172 | + * Revision 1.2 2001/11/26 09:16:15 rgb | |
5173 | + * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes. | |
5174 | + * | |
5175 | + * Revision 1.1.2.1 2001/09/25 02:21:01 mcr | |
5176 | + * ipsec_proto.h created to keep prototypes rather than deal with | |
5177 | + * cyclic dependancies of structures and prototypes in .h files. | |
5178 | + * | |
5179 | + * | |
5180 | + * | |
5181 | + * Local variables: | |
5182 | + * c-file-style: "linux" | |
5183 | + * End: | |
5184 | + * | |
5185 | + */ | |
5186 | + | |
5187 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
5188 | +++ linux/include/openswan/ipsec_radij.h Mon Feb 9 13:51:03 2004 | |
5189 | @@ -0,0 +1,179 @@ | |
5190 | +/* | |
5191 | + * @(#) Definitions relevant to the IPSEC <> radij tree interfacing | |
5192 | + * Copyright (C) 1996, 1997 John Ioannidis. | |
5193 | + * Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs. | |
5194 | + * | |
5195 | + * This program is free software; you can redistribute it and/or modify it | |
5196 | + * under the terms of the GNU General Public License as published by the | |
5197 | + * Free Software Foundation; either version 2 of the License, or (at your | |
5198 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
5199 | + * | |
5200 | + * This program is distributed in the hope that it will be useful, but | |
5201 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
5202 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
5203 | + * for more details. | |
5204 | + * | |
5205 | + * RCSID $Id: ipsec_radij.h,v 1.22 2004/07/10 19:08:41 mcr Exp $ | |
5206 | + */ | |
5207 | + | |
5208 | +#ifndef _IPSEC_RADIJ_H | |
5209 | + | |
5210 | +#include <openswan.h> | |
5211 | + | |
5212 | +int ipsec_walk(char *); | |
5213 | + | |
5214 | +int ipsec_rj_walker_procprint(struct radij_node *, void *); | |
5215 | +int ipsec_rj_walker_delete(struct radij_node *, void *); | |
5216 | + | |
5217 | +/* This structure is used to pass information between | |
5218 | + * ipsec_eroute_get_info and ipsec_rj_walker_procprint | |
5219 | + * (through rj_walktree) and between calls of ipsec_rj_walker_procprint. | |
5220 | + */ | |
5221 | +struct wsbuf | |
5222 | +{ | |
5223 | + /* from caller of ipsec_eroute_get_info: */ | |
5224 | + char *const buffer; /* start of buffer provided */ | |
5225 | + const int length; /* length of buffer provided */ | |
5226 | + const off_t offset; /* file position of first character of interest */ | |
5227 | + /* accumulated by ipsec_rj_walker_procprint: */ | |
5228 | + int len; /* number of character filled into buffer */ | |
5229 | + off_t begin; /* file position contained in buffer[0] (<=offset) */ | |
5230 | +}; | |
5231 | + | |
5232 | +extern struct radij_node_head *rnh; | |
5233 | +extern spinlock_t eroute_lock; | |
5234 | + | |
5235 | +struct eroute * ipsec_findroute(struct sockaddr_encap *); | |
5236 | + | |
5237 | +#define O1(x) (int)(((x)>>24)&0xff) | |
5238 | +#define O2(x) (int)(((x)>>16)&0xff) | |
5239 | +#define O3(x) (int)(((x)>>8)&0xff) | |
5240 | +#define O4(x) (int)(((x))&0xff) | |
5241 | + | |
5242 | +#ifdef CONFIG_KLIPS_DEBUG | |
5243 | +extern int debug_radij; | |
5244 | +void rj_dumptrees(void); | |
5245 | + | |
5246 | +#define DB_RJ_DUMPTREES 0x0001 | |
5247 | +#define DB_RJ_FINDROUTE 0x0002 | |
5248 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
5249 | + | |
5250 | +#define _IPSEC_RADIJ_H | |
5251 | +#endif | |
5252 | + | |
5253 | +/* | |
5254 | + * $Log: ipsec_radij.h,v $ | |
5255 | + * Revision 1.22 2004/07/10 19:08:41 mcr | |
5256 | + * CONFIG_IPSEC -> CONFIG_KLIPS. | |
5257 | + * | |
5258 | + * Revision 1.21 2004/04/29 11:06:42 ken | |
5259 | + * Last bits from 2.06 procfs updates | |
5260 | + * | |
5261 | + * Revision 1.20 2004/04/06 02:49:08 mcr | |
5262 | + * pullup of algo code from alg-branch. | |
5263 | + * | |
5264 | + * Revision 1.19 2004/04/05 19:55:06 mcr | |
5265 | + * Moved from linux/include/freeswan/ipsec_radij.h,v | |
5266 | + * | |
5267 | + * Revision 1.18 2002/04/24 07:36:47 mcr | |
5268 | + * Moved from ./klips/net/ipsec/ipsec_radij.h,v | |
5269 | + * | |
5270 | + * Revision 1.17 2001/11/26 09:23:49 rgb | |
5271 | + * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes. | |
5272 | + * | |
5273 | + * Revision 1.16.2.1 2001/09/25 02:21:17 mcr | |
5274 | + * ipsec_proto.h created to keep prototypes rather than deal with | |
5275 | + * cyclic dependancies of structures and prototypes in .h files. | |
5276 | + * | |
5277 | + * Revision 1.16 2001/09/15 16:24:04 rgb | |
5278 | + * Re-inject first and last HOLD packet when an eroute REPLACE is done. | |
5279 | + * | |
5280 | + * Revision 1.15 2001/09/14 16:58:37 rgb | |
5281 | + * Added support for storing the first and last packets through a HOLD. | |
5282 | + * | |
5283 | + * Revision 1.14 2001/09/08 21:13:32 rgb | |
5284 | + * Added pfkey ident extension support for ISAKMPd. (NetCelo) | |
5285 | + * | |
5286 | + * Revision 1.13 2001/06/14 19:35:09 rgb | |
5287 | + * Update copyright date. | |
5288 | + * | |
5289 | + * Revision 1.12 2001/05/27 06:12:11 rgb | |
5290 | + * Added structures for pid, packet count and last access time to eroute. | |
5291 | + * Added packet count to beginning of /proc/net/ipsec_eroute. | |
5292 | + * | |
5293 | + * Revision 1.11 2000/09/08 19:12:56 rgb | |
5294 | + * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG. | |
5295 | + * | |
5296 | + * Revision 1.10 1999/11/17 15:53:39 rgb | |
5297 | + * Changed all occurrences of #include "../../../lib/freeswan.h" | |
5298 | + * to #include <freeswan.h> which works due to -Ilibfreeswan in the | |
5299 | + * klips/net/ipsec/Makefile. | |
5300 | + * | |
5301 | + * Revision 1.9 1999/10/01 00:01:23 rgb | |
5302 | + * Added eroute structure locking. | |
5303 | + * | |
5304 | + * Revision 1.8 1999/04/11 00:28:59 henry | |
5305 | + * GPL boilerplate | |
5306 | + * | |
5307 | + * Revision 1.7 1999/04/06 04:54:26 rgb | |
5308 | + * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes | |
5309 | + * patch shell fixes. | |
5310 | + * | |
5311 | + * Revision 1.6 1999/01/22 06:23:26 rgb | |
5312 | + * Cruft clean-out. | |
5313 | + * | |
5314 | + * Revision 1.5 1998/10/25 02:42:08 rgb | |
5315 | + * Change return type on ipsec_breakroute and ipsec_makeroute and add an | |
5316 | + * argument to be able to transmit more infomation about errors. | |
5317 | + * | |
5318 | + * Revision 1.4 1998/10/19 14:44:29 rgb | |
5319 | + * Added inclusion of freeswan.h. | |
5320 | + * sa_id structure implemented and used: now includes protocol. | |
5321 | + * | |
5322 | + * Revision 1.3 1998/07/28 00:03:31 rgb | |
5323 | + * Comment out temporary inet_nto4u() kluge. | |
5324 | + * | |
5325 | + * Revision 1.2 1998/07/14 18:22:00 rgb | |
5326 | + * Add function to clear the eroute table. | |
5327 | + * | |
5328 | + * Revision 1.1 1998/06/18 21:27:49 henry | |
5329 | + * move sources from klips/src to klips/net/ipsec, to keep stupid | |
5330 | + * kernel-build scripts happier in the presence of symlinks | |
5331 | + * | |
5332 | + * Revision 1.5 1998/05/25 20:30:38 rgb | |
5333 | + * Remove temporary ipsec_walk, rj_deltree and rj_delnodes functions. | |
5334 | + * | |
5335 | + * Rename ipsec_rj_walker (ipsec_walk) to ipsec_rj_walker_procprint and | |
5336 | + * add ipsec_rj_walker_delete. | |
5337 | + * | |
5338 | + * Revision 1.4 1998/05/21 13:02:56 rgb | |
5339 | + * Imported definitions from ipsec_radij.c and radij.c to support /proc 3k | |
5340 | + * limit fix. | |
5341 | + * | |
5342 | + * Revision 1.3 1998/04/21 21:29:09 rgb | |
5343 | + * Rearrange debug switches to change on the fly debug output from user | |
5344 | + * space. Only kernel changes checked in at this time. radij.c was also | |
5345 | + * changed to temporarily remove buggy debugging code in rj_delete causing | |
5346 | + * an OOPS and hence, netlink device open errors. | |
5347 | + * | |
5348 | + * Revision 1.2 1998/04/14 17:30:39 rgb | |
5349 | + * Fix up compiling errors for radij tree memory reclamation. | |
5350 | + * | |
5351 | + * Revision 1.1 1998/04/09 03:06:10 henry | |
5352 | + * sources moved up from linux/net/ipsec | |
5353 | + * | |
5354 | + * Revision 1.1.1.1 1998/04/08 05:35:04 henry | |
5355 | + * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8 | |
5356 | + * | |
5357 | + * Revision 0.4 1997/01/15 01:28:15 ji | |
5358 | + * No changes. | |
5359 | + * | |
5360 | + * Revision 0.3 1996/11/20 14:39:04 ji | |
5361 | + * Minor cleanups. | |
5362 | + * Rationalized debugging code. | |
5363 | + * | |
5364 | + * Revision 0.2 1996/11/02 00:18:33 ji | |
5365 | + * First limited release. | |
5366 | + * | |
5367 | + * | |
5368 | + */ | |
5369 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
5370 | +++ linux/include/openswan/ipsec_rcv.h Mon Feb 9 13:51:03 2004 | |
5371 | @@ -0,0 +1,199 @@ | |
5372 | +/* | |
5373 | + * | |
5374 | + * Copyright (C) 1996, 1997 John Ioannidis. | |
5375 | + * Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs. | |
5376 | + * | |
5377 | + * This program is free software; you can redistribute it and/or modify it | |
5378 | + * under the terms of the GNU General Public License as published by the | |
5379 | + * Free Software Foundation; either version 2 of the License, or (at your | |
5380 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
5381 | + * | |
5382 | + * This program is distributed in the hope that it will be useful, but | |
5383 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
5384 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
5385 | + * for more details. | |
5386 | + * | |
5387 | + * RCSID $Id: ipsec_rcv.h,v 1.28.2.2 2006/10/06 21:39:26 paul Exp $ | |
5388 | + */ | |
5389 | + | |
5390 | +#ifndef IPSEC_RCV_H | |
5391 | +#define IPSEC_RCV_H | |
5392 | + | |
5393 | +#include "openswan/ipsec_auth.h" | |
5394 | + | |
5395 | +#define DB_RX_PKTRX 0x0001 | |
5396 | +#define DB_RX_PKTRX2 0x0002 | |
5397 | +#define DB_RX_DMP 0x0004 | |
5398 | +#define DB_RX_IPSA 0x0010 | |
5399 | +#define DB_RX_XF 0x0020 | |
5400 | +#define DB_RX_IPAD 0x0040 | |
5401 | +#define DB_RX_INAU 0x0080 | |
5402 | +#define DB_RX_OINFO 0x0100 | |
5403 | +#define DB_RX_OINFO2 0x0200 | |
5404 | +#define DB_RX_OH 0x0400 | |
5405 | +#define DB_RX_REPLAY 0x0800 | |
5406 | + | |
5407 | +#ifdef __KERNEL__ | |
5408 | +/* struct options; */ | |
5409 | + | |
5410 | +#define __NO_VERSION__ | |
5411 | +#ifndef AUTOCONF_INCLUDED | |
5412 | +#include <linux/config.h> /* for CONFIG_IP_FORWARD */ | |
5413 | +#endif | |
5414 | +#ifdef CONFIG_MODULES | |
5415 | +#include <linux/module.h> | |
5416 | +#endif | |
5417 | +#include <linux/version.h> | |
5418 | +#include <openswan.h> | |
5419 | + | |
5420 | +#define IPSEC_BIRTH_TEMPLATE_MAXLEN 256 | |
5421 | + | |
5422 | +struct ipsec_birth_reply { | |
5423 | + int packet_template_len; | |
5424 | + unsigned char packet_template[IPSEC_BIRTH_TEMPLATE_MAXLEN]; | |
5425 | +}; | |
5426 | + | |
5427 | +extern struct ipsec_birth_reply ipsec_ipv4_birth_packet; | |
5428 | +extern struct ipsec_birth_reply ipsec_ipv6_birth_packet; | |
5429 | + | |
5430 | +enum ipsec_rcv_value { | |
5431 | + IPSEC_RCV_LASTPROTO=1, | |
5432 | + IPSEC_RCV_OK=0, | |
5433 | + IPSEC_RCV_BADPROTO=-1, | |
5434 | + IPSEC_RCV_BADLEN=-2, | |
5435 | + IPSEC_RCV_ESP_BADALG=-3, | |
5436 | + IPSEC_RCV_3DES_BADBLOCKING=-4, | |
5437 | + IPSEC_RCV_ESP_DECAPFAIL=-5, | |
5438 | + IPSEC_RCV_DECAPFAIL=-6, | |
5439 | + IPSEC_RCV_SAIDNOTFOUND=-7, | |
5440 | + IPSEC_RCV_IPCOMPALONE=-8, | |
5441 | + IPSEC_RCV_IPCOMPFAILED=-10, | |
5442 | + IPSEC_RCV_SAIDNOTLIVE=-11, | |
5443 | + IPSEC_RCV_FAILEDINBOUND=-12, | |
5444 | + IPSEC_RCV_LIFETIMEFAILED=-13, | |
5445 | + IPSEC_RCV_BADAUTH=-14, | |
5446 | + IPSEC_RCV_REPLAYFAILED=-15, | |
5447 | + IPSEC_RCV_AUTHFAILED=-16, | |
5448 | + IPSEC_RCV_REPLAYROLLED=-17, | |
5449 | + IPSEC_RCV_BAD_DECRYPT=-18 | |
5450 | +}; | |
5451 | + | |
5452 | +struct ipsec_rcv_state { | |
5453 | + struct sk_buff *skb; | |
5454 | + struct net_device_stats *stats; | |
5455 | + struct iphdr *ipp; /* the IP header */ | |
5456 | + struct ipsec_sa *ipsp; /* current SA being processed */ | |
5457 | + int len; /* length of packet */ | |
5458 | + int ilen; /* length of inner payload (-authlen) */ | |
5459 | + int authlen; /* how big is the auth data at end */ | |
5460 | + int hard_header_len; /* layer 2 size */ | |
5461 | + int iphlen; /* how big is IP header */ | |
5462 | + struct auth_alg *authfuncs; | |
5463 | + ip_said said; | |
5464 | + char sa[SATOT_BUF]; | |
5465 | + size_t sa_len; | |
5466 | + __u8 next_header; | |
5467 | + __u8 hash[AH_AMAX]; | |
5468 | + char ipsaddr_txt[ADDRTOA_BUF]; | |
5469 | + char ipdaddr_txt[ADDRTOA_BUF]; | |
5470 | + __u8 *octx; | |
5471 | + __u8 *ictx; | |
5472 | + int ictx_len; | |
5473 | + int octx_len; | |
5474 | + union { | |
5475 | + struct { | |
5476 | + struct esphdr *espp; | |
5477 | + } espstuff; | |
5478 | + struct { | |
5479 | + struct ahhdr *ahp; | |
5480 | + } ahstuff; | |
5481 | + struct { | |
5482 | + struct ipcomphdr *compp; | |
5483 | + } ipcompstuff; | |
5484 | + } protostuff; | |
5485 | +#ifdef CONFIG_IPSEC_NAT_TRAVERSAL | |
5486 | + __u8 natt_type; | |
5487 | + __u16 natt_sport; | |
5488 | + __u16 natt_dport; | |
5489 | + int natt_len; | |
5490 | +#endif | |
5491 | +}; | |
5492 | + | |
5493 | +extern int | |
5494 | +#ifdef PROTO_HANDLER_SINGLE_PARM | |
5495 | +ipsec_rcv(struct sk_buff *skb); | |
5496 | +#else /* PROTO_HANDLER_SINGLE_PARM */ | |
5497 | +ipsec_rcv(struct sk_buff *skb, | |
5498 | + unsigned short xlen); | |
5499 | +#endif /* PROTO_HANDLER_SINGLE_PARM */ | |
5500 | + | |
5501 | +#ifdef CONFIG_KLIPS_DEBUG | |
5502 | +extern int debug_rcv; | |
5503 | +#define ipsec_rcv_dmp(_x,_y, _z) if (debug_rcv && sysctl_ipsec_debug_verbose) ipsec_dmp_block(_x,_y,_z) | |
5504 | +#else | |
5505 | +#define ipsec_rcv_dmp(_x,_y, _z) do {} while(0) | |
5506 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
5507 | + | |
5508 | +extern int sysctl_ipsec_inbound_policy_check; | |
5509 | +#endif /* __KERNEL__ */ | |
5510 | + | |
5511 | +extern int klips26_rcv_encap(struct sk_buff *skb, __u16 encap_type); | |
5512 | + | |
5513 | + | |
5514 | +#endif /* IPSEC_RCV_H */ | |
5515 | + | |
5516 | +/* | |
5517 | + * $Log: ipsec_rcv.h,v $ | |
5518 | + * Revision 1.28.2.2 2006/10/06 21:39:26 paul | |
5519 | + * Fix for 2.6.18+ only include linux/config.h if AUTOCONF_INCLUDED is not | |
5520 | + * set. This is defined through autoconf.h which is included through the | |
5521 | + * linux kernel build macros. | |
5522 | + * | |
5523 | + * Revision 1.28.2.1 2006/07/10 15:52:20 paul | |
5524 | + * Fix for bug #642 by Bart Trojanowski | |
5525 | + * | |
5526 | + * Revision 1.28 2005/05/11 00:59:45 mcr | |
5527 | + * do not call debug routines if !defined KLIPS_DEBUG. | |
5528 | + * | |
5529 | + * Revision 1.27 2005/04/29 04:59:46 mcr | |
5530 | + * use ipsec_dmp_block. | |
5531 | + * | |
5532 | + * Revision 1.26 2005/04/13 22:48:35 mcr | |
5533 | + * added comments, and removed some log. | |
5534 | + * removed Linux 2.0 support. | |
5535 | + * | |
5536 | + * Revision 1.25 2005/04/08 18:25:37 mcr | |
5537 | + * prototype klips26 encap receive function | |
5538 | + * | |
5539 | + * Revision 1.24 2004/08/20 21:45:37 mcr | |
5540 | + * CONFIG_KLIPS_NAT_TRAVERSAL is not used in an attempt to | |
5541 | + * be 26sec compatible. But, some defines where changed. | |
5542 | + * | |
5543 | + * Revision 1.23 2004/08/03 18:17:40 mcr | |
5544 | + * in 2.6, use "net_device" instead of #define device->net_device. | |
5545 | + * this probably breaks 2.0 compiles. | |
5546 | + * | |
5547 | + * Revision 1.22 2004/07/10 19:08:41 mcr | |
5548 | + * CONFIG_IPSEC -> CONFIG_KLIPS. | |
5549 | + * | |
5550 | + * Revision 1.21 2004/04/06 02:49:08 mcr | |
5551 | + * pullup of algo code from alg-branch. | |
5552 | + * | |
5553 | + * Revision 1.20 2004/04/05 19:55:06 mcr | |
5554 | + * Moved from linux/include/freeswan/ipsec_rcv.h,v | |
5555 | + * | |
5556 | + * Revision 1.19 2003/12/15 18:13:09 mcr | |
5557 | + * when compiling with NAT traversal, don't assume that the | |
5558 | + * kernel has been patched, unless CONFIG_IPSEC_NAT_NON_ESP | |
5559 | + * is set. | |
5560 | + * | |
5561 | + * history elided 2005-04-12. | |
5562 | + * | |
5563 | + * Local Variables: | |
5564 | + * c-basic-offset:8 | |
5565 | + * c-style:linux | |
5566 | + * End: | |
5567 | + * | |
5568 | + */ | |
5569 | + | |
5570 | + | |
5571 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
5572 | +++ linux/include/openswan/ipsec_sa.h Mon Feb 9 13:51:03 2004 | |
5573 | @@ -0,0 +1,355 @@ | |
5574 | +/* | |
5575 | + * @(#) Definitions of IPsec Security Association (ipsec_sa) | |
5576 | + * | |
5577 | + * Copyright (C) 2001, 2002, 2003 | |
5578 | + * Richard Guy Briggs <rgb@freeswan.org> | |
5579 | + * and Michael Richardson <mcr@freeswan.org> | |
5580 | + * | |
5581 | + * This program is free software; you can redistribute it and/or modify it | |
5582 | + * under the terms of the GNU General Public License as published by the | |
5583 | + * Free Software Foundation; either version 2 of the License, or (at your | |
5584 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
5585 | + * | |
5586 | + * This program is distributed in the hope that it will be useful, but | |
5587 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
5588 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
5589 | + * for more details. | |
5590 | + * | |
5591 | + * RCSID $Id: ipsec_sa.h,v 1.23 2005/05/11 01:18:59 mcr Exp $ | |
5592 | + * | |
5593 | + * This file derived from ipsec_xform.h on 2001/9/18 by mcr. | |
5594 | + * | |
5595 | + */ | |
5596 | + | |
5597 | +/* | |
5598 | + * This file describes the IPsec Security Association Structure. | |
5599 | + * | |
5600 | + * This structure keeps track of a single transform that may be done | |
5601 | + * to a set of packets. It can describe applying the transform or | |
5602 | + * apply the reverse. (e.g. compression vs expansion). However, it | |
5603 | + * only describes one at a time. To describe both, two structures would | |
5604 | + * be used, but since the sides of the transform are performed | |
5605 | + * on different machines typically it is usual to have only one side | |
5606 | + * of each association. | |
5607 | + * | |
5608 | + */ | |
5609 | + | |
5610 | +#ifndef _IPSEC_SA_H_ | |
5611 | + | |
5612 | +#ifdef __KERNEL__ | |
5613 | +#include "openswan/ipsec_stats.h" | |
5614 | +#include "openswan/ipsec_life.h" | |
5615 | +#include "openswan/ipsec_eroute.h" | |
5616 | +#endif /* __KERNEL__ */ | |
5617 | +#include "openswan/ipsec_param.h" | |
5618 | + | |
5619 | +#include "pfkeyv2.h" | |
5620 | + | |
5621 | + | |
5622 | +/* SAs are held in a table. | |
5623 | + * Entries in this table are referenced by IPsecSAref_t values. | |
5624 | + * IPsecSAref_t values are conceptually subscripts. Because | |
5625 | + * we want to allocate the table piece-meal, the subscripting | |
5626 | + * is implemented with two levels, a bit like paged virtual memory. | |
5627 | + * This representation mechanism is known as an Iliffe Vector. | |
5628 | + * | |
5629 | + * The Main table (AKA the refTable) consists of 2^IPSEC_SA_REF_MAINTABLE_IDX_WIDTH | |
5630 | + * pointers to subtables. | |
5631 | + * Each subtable has 2^IPSEC_SA_REF_SUBTABLE_IDX_WIDTH entries, each of which | |
5632 | + * is a pointer to an SA. | |
5633 | + * | |
5634 | + * An IPsecSAref_t contains either an exceptional value (signified by the | |
5635 | + * high-order bit being on) or a reference to a table entry. A table entry | |
5636 | + * reference has the subtable subscript in the low-order | |
5637 | + * IPSEC_SA_REF_SUBTABLE_IDX_WIDTH bits and the Main table subscript | |
5638 | + * in the next lowest IPSEC_SA_REF_MAINTABLE_IDX_WIDTH bits. | |
5639 | + * | |
5640 | + * The Maintable entry for an IPsecSAref_t x, a pointer to its subtable, is | |
5641 | + * IPsecSAref2table(x). It is of type struct IPsecSArefSubTable *. | |
5642 | + * | |
5643 | + * The pointer to the SA for x is IPsecSAref2SA(x). It is of type | |
5644 | + * struct ipsec_sa*. The macro definition clearly shows the two-level | |
5645 | + * access needed to find the SA pointer. | |
5646 | + * | |
5647 | + * The Maintable is allocated when IPsec is initialized. | |
5648 | + * Each subtable is allocated when needed, but the first is allocated | |
5649 | + * when IPsec is initialized. | |
5650 | + * | |
5651 | + * IPsecSAref_t is designed to be smaller than an NFmark so that | |
5652 | + * they can be stored in NFmarks and still leave a few bits for other | |
5653 | + * purposes. The spare bits are in the low order of the NFmark | |
5654 | + * but in the high order of the IPsecSAref_t, so conversion is required. | |
5655 | + * We pick the upper bits of NFmark on the theory that they are less likely to | |
5656 | + * interfere with more pedestrian uses of nfmark. | |
5657 | + */ | |
5658 | + | |
5659 | + | |
5660 | +typedef unsigned short int IPsecRefTableUnusedCount; | |
5661 | + | |
5662 | +#define IPSEC_SA_REF_TABLE_NUM_ENTRIES (1 << IPSEC_SA_REF_TABLE_IDX_WIDTH) | |
5663 | + | |
5664 | +#ifdef __KERNEL__ | |
5665 | +#if ((IPSEC_SA_REF_TABLE_IDX_WIDTH - (1 + IPSEC_SA_REF_MAINTABLE_IDX_WIDTH)) < 0) | |
5666 | +#error "IPSEC_SA_REF_TABLE_IDX_WIDTH("IPSEC_SA_REF_TABLE_IDX_WIDTH") MUST be < 1 + IPSEC_SA_REF_MAINTABLE_IDX_WIDTH("IPSEC_SA_REF_MAINTABLE_IDX_WIDTH")" | |
5667 | +#endif | |
5668 | + | |
5669 | +#define IPSEC_SA_REF_SUBTABLE_IDX_WIDTH (IPSEC_SA_REF_TABLE_IDX_WIDTH - IPSEC_SA_REF_MAINTABLE_IDX_WIDTH) | |
5670 | + | |
5671 | +#define IPSEC_SA_REF_MAINTABLE_NUM_ENTRIES (1 << IPSEC_SA_REF_MAINTABLE_IDX_WIDTH) | |
5672 | +#define IPSEC_SA_REF_SUBTABLE_NUM_ENTRIES (1 << IPSEC_SA_REF_SUBTABLE_IDX_WIDTH) | |
5673 | + | |
5674 | +#ifdef CONFIG_NETFILTER | |
5675 | +#define IPSEC_SA_REF_HOST_FIELD(x) ((struct sk_buff*)(x))->nfmark | |
5676 | +#define IPSEC_SA_REF_HOST_FIELD_TYPE typeof(IPSEC_SA_REF_HOST_FIELD(NULL)) | |
5677 | +#else /* CONFIG_NETFILTER */ | |
5678 | +/* just make it work for now, it doesn't matter, since there is no nfmark */ | |
5679 | +#define IPSEC_SA_REF_HOST_FIELD_TYPE unsigned long | |
5680 | +#endif /* CONFIG_NETFILTER */ | |
5681 | +#define IPSEC_SA_REF_HOST_FIELD_WIDTH (8 * sizeof(IPSEC_SA_REF_HOST_FIELD_TYPE)) | |
5682 | +#define IPSEC_SA_REF_FIELD_WIDTH (8 * sizeof(IPsecSAref_t)) | |
5683 | + | |
5684 | +#define IPSEC_SA_REF_MASK (IPSEC_SAREF_NULL >> (IPSEC_SA_REF_FIELD_WIDTH - IPSEC_SA_REF_TABLE_IDX_WIDTH)) | |
5685 | +#define IPSEC_SA_REF_TABLE_MASK ((IPSEC_SAREF_NULL >> (IPSEC_SA_REF_FIELD_WIDTH - IPSEC_SA_REF_MAINTABLE_IDX_WIDTH)) << IPSEC_SA_REF_SUBTABLE_IDX_WIDTH) | |
5686 | +#define IPSEC_SA_REF_ENTRY_MASK (IPSEC_SAREF_NULL >> (IPSEC_SA_REF_FIELD_WIDTH - IPSEC_SA_REF_SUBTABLE_IDX_WIDTH)) | |
5687 | + | |
5688 | +#define IPsecSAref2table(x) (((x) & IPSEC_SA_REF_TABLE_MASK) >> IPSEC_SA_REF_SUBTABLE_IDX_WIDTH) | |
5689 | +#define IPsecSAref2entry(x) ((x) & IPSEC_SA_REF_ENTRY_MASK) | |
5690 | +#define IPsecSArefBuild(x,y) (((x) << IPSEC_SA_REF_SUBTABLE_IDX_WIDTH) + (y)) | |
5691 | + | |
5692 | +#define IPsecSAref2SA(x) (ipsec_sadb.refTable[IPsecSAref2table(x)]->entry[IPsecSAref2entry(x)]) | |
5693 | +#define IPsecSA2SAref(x) ((x)->ips_ref) | |
5694 | + | |
5695 | +#define EMT_INBOUND 0x01 /* SA direction, 1=inbound */ | |
5696 | + | |
5697 | +/* 'struct ipsec_sa' should be 64bit aligned when allocated. */ | |
5698 | +struct ipsec_sa | |
5699 | +{ | |
5700 | + IPsecSAref_t ips_ref; /* reference table entry number */ | |
5701 | + atomic_t ips_refcount; /* reference count for this struct */ | |
5702 | + struct ipsec_sa *ips_hnext; /* next in hash chain */ | |
5703 | + struct ipsec_sa *ips_inext; /* pointer to next xform */ | |
5704 | + struct ipsec_sa *ips_onext; /* pointer to prev xform */ | |
5705 | + | |
5706 | + struct ifnet *ips_rcvif; /* related rcv encap interface */ | |
5707 | + | |
5708 | + ip_said ips_said; /* SA ID */ | |
5709 | + | |
5710 | + __u32 ips_seq; /* seq num of msg that initiated this SA */ | |
5711 | + __u32 ips_pid; /* PID of process that initiated this SA */ | |
5712 | + __u8 ips_authalg; /* auth algorithm for this SA */ | |
5713 | + __u8 ips_encalg; /* enc algorithm for this SA */ | |
5714 | + | |
5715 | + struct ipsec_stats ips_errs; | |
5716 | + | |
5717 | + __u8 ips_replaywin; /* replay window size */ | |
5718 | + enum sadb_sastate ips_state; /* state of SA */ | |
5719 | + __u32 ips_replaywin_lastseq; /* last pkt sequence num */ | |
5720 | + __u64 ips_replaywin_bitmap; /* bitmap of received pkts */ | |
5721 | + __u32 ips_replaywin_maxdiff; /* max pkt sequence difference */ | |
5722 | + | |
5723 | + __u32 ips_flags; /* generic xform flags */ | |
5724 | + | |
5725 | + | |
5726 | + struct ipsec_lifetimes ips_life; /* lifetime records */ | |
5727 | + | |
5728 | + /* selector information */ | |
5729 | + __u8 ips_transport_protocol; /* protocol for this SA, if ports are involved */ | |
5730 | + struct sockaddr*ips_addr_s; /* src sockaddr */ | |
5731 | + struct sockaddr*ips_addr_d; /* dst sockaddr */ | |
5732 | + struct sockaddr*ips_addr_p; /* proxy sockaddr */ | |
5733 | + __u16 ips_addr_s_size; | |
5734 | + __u16 ips_addr_d_size; | |
5735 | + __u16 ips_addr_p_size; | |
5736 | + ip_address ips_flow_s; | |
5737 | + ip_address ips_flow_d; | |
5738 | + ip_address ips_mask_s; | |
5739 | + ip_address ips_mask_d; | |
5740 | + | |
5741 | + __u16 ips_key_bits_a; /* size of authkey in bits */ | |
5742 | + __u16 ips_auth_bits; /* size of authenticator in bits */ | |
5743 | + __u16 ips_key_bits_e; /* size of enckey in bits */ | |
5744 | + __u16 ips_iv_bits; /* size of IV in bits */ | |
5745 | + __u8 ips_iv_size; | |
5746 | + __u16 ips_key_a_size; | |
5747 | + __u16 ips_key_e_size; | |
5748 | + | |
5749 | + caddr_t ips_key_a; /* authentication key */ | |
5750 | + caddr_t ips_key_e; /* encryption key */ | |
5751 | + caddr_t ips_iv; /* Initialisation Vector */ | |
5752 | + | |
5753 | + struct ident ips_ident_s; /* identity src */ | |
5754 | + struct ident ips_ident_d; /* identity dst */ | |
5755 | + | |
5756 | + /* these are included even if CONFIG_KLIPS_IPCOMP is off */ | |
5757 | + __u16 ips_comp_adapt_tries; /* ipcomp self-adaption tries */ | |
5758 | + __u16 ips_comp_adapt_skip; /* ipcomp self-adaption to-skip */ | |
5759 | + __u64 ips_comp_ratio_cbytes; /* compressed bytes */ | |
5760 | + __u64 ips_comp_ratio_dbytes; /* decompressed (or uncompressed) bytes */ | |
5761 | + | |
5762 | + /* these are included even if CONFIG_IPSEC_NAT_TRAVERSAL is off */ | |
5763 | + __u8 ips_natt_type; | |
5764 | + __u8 ips_natt_reserved[3]; | |
5765 | + __u16 ips_natt_sport; | |
5766 | + __u16 ips_natt_dport; | |
5767 | + | |
5768 | + struct sockaddr *ips_natt_oa; | |
5769 | + __u16 ips_natt_oa_size; | |
5770 | + __u16 ips_natt_reserved2; | |
5771 | + | |
5772 | +#if 0 | |
5773 | + __u32 ips_sens_dpd; | |
5774 | + __u8 ips_sens_sens_level; | |
5775 | + __u8 ips_sens_sens_len; | |
5776 | + __u64* ips_sens_sens_bitmap; | |
5777 | + __u8 ips_sens_integ_level; | |
5778 | + __u8 ips_sens_integ_len; | |
5779 | + __u64* ips_sens_integ_bitmap; | |
5780 | +#endif | |
5781 | + struct ipsec_alg_enc *ips_alg_enc; | |
5782 | + struct ipsec_alg_auth *ips_alg_auth; | |
5783 | + IPsecSAref_t ips_ref_rel; | |
5784 | +}; | |
5785 | + | |
5786 | +struct IPsecSArefSubTable | |
5787 | +{ | |
5788 | + struct ipsec_sa* entry[IPSEC_SA_REF_SUBTABLE_NUM_ENTRIES]; | |
5789 | +}; | |
5790 | + | |
5791 | +struct ipsec_sadb { | |
5792 | + struct IPsecSArefSubTable* refTable[IPSEC_SA_REF_MAINTABLE_NUM_ENTRIES]; | |
5793 | + IPsecSAref_t refFreeList[IPSEC_SA_REF_FREELIST_NUM_ENTRIES]; | |
5794 | + int refFreeListHead; | |
5795 | + int refFreeListTail; | |
5796 | + IPsecSAref_t refFreeListCont; | |
5797 | + IPsecSAref_t said_hash[SADB_HASHMOD]; | |
5798 | + spinlock_t sadb_lock; | |
5799 | +}; | |
5800 | + | |
5801 | +extern struct ipsec_sadb ipsec_sadb; | |
5802 | + | |
5803 | +extern int ipsec_SAref_recycle(void); | |
5804 | +extern int ipsec_SArefSubTable_alloc(unsigned table); | |
5805 | +extern int ipsec_saref_freelist_init(void); | |
5806 | +extern int ipsec_sadb_init(void); | |
5807 | +extern struct ipsec_sa *ipsec_sa_alloc(int*error); /* pass in error var by pointer */ | |
5808 | +extern IPsecSAref_t ipsec_SAref_alloc(int*erorr); /* pass in error var by pointer */ | |
5809 | +extern int ipsec_sa_free(struct ipsec_sa* ips); | |
5810 | +extern int ipsec_sa_put(struct ipsec_sa *ips); | |
5811 | +extern int ipsec_sa_add(struct ipsec_sa *ips); | |
5812 | +extern int ipsec_sa_del(struct ipsec_sa *ips); | |
5813 | +extern int ipsec_sa_delchain(struct ipsec_sa *ips); | |
5814 | +extern int ipsec_sadb_cleanup(__u8 proto); | |
5815 | +extern int ipsec_sadb_free(void); | |
5816 | +extern int ipsec_sa_wipe(struct ipsec_sa *ips); | |
5817 | +#endif /* __KERNEL__ */ | |
5818 | + | |
5819 | +enum ipsec_direction { | |
5820 | + ipsec_incoming = 1, | |
5821 | + ipsec_outgoing = 2 | |
5822 | +}; | |
5823 | + | |
5824 | +#define _IPSEC_SA_H_ | |
5825 | +#endif /* _IPSEC_SA_H_ */ | |
5826 | + | |
5827 | +/* | |
5828 | + * $Log: ipsec_sa.h,v $ | |
5829 | + * Revision 1.23 2005/05/11 01:18:59 mcr | |
5830 | + * do not change structure based upon options, to avoid | |
5831 | + * too many #ifdef. | |
5832 | + * | |
5833 | + * Revision 1.22 2005/04/14 01:17:09 mcr | |
5834 | + * change sadb_state to an enum. | |
5835 | + * | |
5836 | + * Revision 1.21 2004/08/20 21:45:37 mcr | |
5837 | + * CONFIG_KLIPS_NAT_TRAVERSAL is not used in an attempt to | |
5838 | + * be 26sec compatible. But, some defines where changed. | |
5839 | + * | |
5840 | + * Revision 1.20 2004/07/10 19:08:41 mcr | |
5841 | + * CONFIG_IPSEC -> CONFIG_KLIPS. | |
5842 | + * | |
5843 | + * Revision 1.19 2004/04/05 19:55:06 mcr | |
5844 | + * Moved from linux/include/freeswan/ipsec_sa.h,v | |
5845 | + * | |
5846 | + * Revision 1.18 2004/04/05 19:41:05 mcr | |
5847 | + * merged alg-branch code. | |
5848 | + * | |
5849 | + * Revision 1.17.2.1 2003/12/22 15:25:52 jjo | |
5850 | + * . Merged algo-0.8.1-rc11-test1 into alg-branch | |
5851 | + * | |
5852 | + * Revision 1.17 2003/12/10 01:20:06 mcr | |
5853 | + * NAT-traversal patches to KLIPS. | |
5854 | + * | |
5855 | + * Revision 1.16 2003/10/31 02:27:05 mcr | |
5856 | + * pulled up port-selector patches and sa_id elimination. | |
5857 | + * | |
5858 | + * Revision 1.15.4.1 2003/10/29 01:10:19 mcr | |
5859 | + * elimited "struct sa_id" | |
5860 | + * | |
5861 | + * Revision 1.15 2003/05/11 00:53:09 mcr | |
5862 | + * IPsecSAref_t and macros were moved to freeswan.h. | |
5863 | + * | |
5864 | + * Revision 1.14 2003/02/12 19:31:55 rgb | |
5865 | + * Fixed bug in "file seen" machinery. | |
5866 | + * Updated copyright year. | |
5867 | + * | |
5868 | + * Revision 1.13 2003/01/30 02:31:52 rgb | |
5869 | + * | |
5870 | + * Re-wrote comments describing SAref system for accuracy. | |
5871 | + * Rename SAref table macro names for clarity. | |
5872 | + * Convert IPsecSAref_t from signed to unsigned to fix apparent SAref exhaustion bug. | |
5873 | + * Transmit error code through to caller from callee for better diagnosis of problems. | |
5874 | + * Enclose all macro arguments in parens to avoid any possible obscrure bugs. | |
5875 | + * | |
5876 | + * Revision 1.12 2002/10/07 18:31:19 rgb | |
5877 | + * Change comment to reflect the flexible nature of the main and sub-table widths. | |
5878 | + * Added a counter for the number of unused entries in each subtable. | |
5879 | + * Further break up host field type macro to host field. | |
5880 | + * Move field width sanity checks to ipsec_sa.c | |
5881 | + * Define a mask for an entire saref. | |
5882 | + * | |
5883 | + * Revision 1.11 2002/09/20 15:40:33 rgb | |
5884 | + * Re-write most of the SAref macros and types to eliminate any pointer references to Entrys. | |
5885 | + * Fixed SAref/nfmark macros. | |
5886 | + * Rework saref freeslist. | |
5887 | + * Place all ipsec sadb globals into one struct. | |
5888 | + * Restrict some bits to kernel context for use to klips utils. | |
5889 | + * | |
5890 | + * Revision 1.10 2002/09/20 05:00:34 rgb | |
5891 | + * Update copyright date. | |
5892 | + * | |
5893 | + * Revision 1.9 2002/09/17 17:19:29 mcr | |
5894 | + * make it compile even if there is no netfilter - we lost | |
5895 | + * functionality, but it works, especially on 2.2. | |
5896 | + * | |
5897 | + * Revision 1.8 2002/07/28 22:59:53 mcr | |
5898 | + * clarified/expanded one comment. | |
5899 | + * | |
5900 | + * Revision 1.7 2002/07/26 08:48:31 rgb | |
5901 | + * Added SA ref table code. | |
5902 | + * | |
5903 | + * Revision 1.6 2002/05/31 17:27:48 rgb | |
5904 | + * Comment fix. | |
5905 | + * | |
5906 | + * Revision 1.5 2002/05/27 18:55:03 rgb | |
5907 | + * Remove final vistiges of tdb references via IPSEC_KLIPS1_COMPAT. | |
5908 | + * | |
5909 | + * Revision 1.4 2002/05/23 07:13:36 rgb | |
5910 | + * Convert "usecount" to "refcount" to remove ambiguity. | |
5911 | + * | |
5912 | + * Revision 1.3 2002/04/24 07:36:47 mcr | |
5913 | + * Moved from ./klips/net/ipsec/ipsec_sa.h,v | |
5914 | + * | |
5915 | + * Revision 1.2 2001/11/26 09:16:15 rgb | |
5916 | + * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes. | |
5917 | + * | |
5918 | + * Revision 1.1.2.1 2001/09/25 02:24:58 mcr | |
5919 | + * struct tdb -> struct ipsec_sa. | |
5920 | + * sa(tdb) manipulation functions renamed and moved to ipsec_sa.c | |
5921 | + * ipsec_xform.c removed. header file still contains useful things. | |
5922 | + * | |
5923 | + * | |
5924 | + * Local variables: | |
5925 | + * c-file-style: "linux" | |
5926 | + * End: | |
5927 | + * | |
5928 | + */ | |
5929 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
5930 | +++ linux/include/openswan/ipsec_sha1.h Mon Feb 9 13:51:03 2004 | |
5931 | @@ -0,0 +1,79 @@ | |
5932 | +/* | |
5933 | + * RCSID $Id: ipsec_sha1.h,v 1.8 2004/04/05 19:55:07 mcr Exp $ | |
5934 | + */ | |
5935 | + | |
5936 | +/* | |
5937 | + * Here is the original comment from the distribution: | |
5938 | + | |
5939 | +SHA-1 in C | |
5940 | +By Steve Reid <steve@edmweb.com> | |
5941 | +100% Public Domain | |
5942 | + | |
5943 | + * Adapted for use by the IPSEC code by John Ioannidis | |
5944 | + */ | |
5945 | + | |
5946 | + | |
5947 | +#ifndef _IPSEC_SHA1_H_ | |
5948 | +#define _IPSEC_SHA1_H_ | |
5949 | + | |
5950 | +typedef struct | |
5951 | +{ | |
5952 | + __u32 state[5]; | |
5953 | + __u32 count[2]; | |
5954 | + __u8 buffer[64]; | |
5955 | +} SHA1_CTX; | |
5956 | + | |
5957 | +void SHA1Transform(__u32 state[5], __u8 buffer[64]); | |
5958 | +void SHA1Init(void *context); | |
5959 | +void SHA1Update(void *context, unsigned char *data, __u32 len); | |
5960 | +void SHA1Final(unsigned char digest[20], void *context); | |
5961 | + | |
5962 | + | |
5963 | +#endif /* _IPSEC_SHA1_H_ */ | |
5964 | + | |
5965 | +/* | |
5966 | + * $Log: ipsec_sha1.h,v $ | |
5967 | + * Revision 1.8 2004/04/05 19:55:07 mcr | |
5968 | + * Moved from linux/include/freeswan/ipsec_sha1.h,v | |
5969 | + * | |
5970 | + * Revision 1.7 2002/09/10 01:45:09 mcr | |
5971 | + * changed type of MD5_CTX and SHA1_CTX to void * so that | |
5972 | + * the function prototypes would match, and could be placed | |
5973 | + * into a pointer to a function. | |
5974 | + * | |
5975 | + * Revision 1.6 2002/04/24 07:36:47 mcr | |
5976 | + * Moved from ./klips/net/ipsec/ipsec_sha1.h,v | |
5977 | + * | |
5978 | + * Revision 1.5 1999/12/13 13:59:13 rgb | |
5979 | + * Quick fix to argument size to Update bugs. | |
5980 | + * | |
5981 | + * Revision 1.4 1999/12/07 18:16:23 rgb | |
5982 | + * Fixed comments at end of #endif lines. | |
5983 | + * | |
5984 | + * Revision 1.3 1999/04/06 04:54:27 rgb | |
5985 | + * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes | |
5986 | + * patch shell fixes. | |
5987 | + * | |
5988 | + * Revision 1.2 1998/11/30 13:22:54 rgb | |
5989 | + * Rationalised all the klips kernel file headers. They are much shorter | |
5990 | + * now and won't conflict under RH5.2. | |
5991 | + * | |
5992 | + * Revision 1.1 1998/06/18 21:27:50 henry | |
5993 | + * move sources from klips/src to klips/net/ipsec, to keep stupid | |
5994 | + * kernel-build scripts happier in the presence of symlinks | |
5995 | + * | |
5996 | + * Revision 1.2 1998/04/23 20:54:05 rgb | |
5997 | + * Fixed md5 and sha1 include file nesting issues, to be cleaned up when | |
5998 | + * verified. | |
5999 | + * | |
6000 | + * Revision 1.1 1998/04/09 03:04:21 henry | |
6001 | + * sources moved up from linux/net/ipsec | |
6002 | + * these two include files modified not to include others except in kernel | |
6003 | + * | |
6004 | + * Revision 1.1.1.1 1998/04/08 05:35:04 henry | |
6005 | + * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8 | |
6006 | + * | |
6007 | + * Revision 0.4 1997/01/15 01:28:15 ji | |
6008 | + * New transform | |
6009 | + * | |
6010 | + */ | |
6011 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
6012 | +++ linux/include/openswan/ipsec_stats.h Mon Feb 9 13:51:03 2004 | |
6013 | @@ -0,0 +1,76 @@ | |
6014 | +/* | |
6015 | + * @(#) definition of ipsec_stats structure | |
6016 | + * | |
6017 | + * Copyright (C) 2001 Richard Guy Briggs <rgb@freeswan.org> | |
6018 | + * and Michael Richardson <mcr@freeswan.org> | |
6019 | + * | |
6020 | + * This program is free software; you can redistribute it and/or modify it | |
6021 | + * under the terms of the GNU General Public License as published by the | |
6022 | + * Free Software Foundation; either version 2 of the License, or (at your | |
6023 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
6024 | + * | |
6025 | + * This program is distributed in the hope that it will be useful, but | |
6026 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
6027 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
6028 | + * for more details. | |
6029 | + * | |
6030 | + * RCSID $Id: ipsec_stats.h,v 1.7 2005/04/14 01:17:45 mcr Exp $ | |
6031 | + * | |
6032 | + */ | |
6033 | + | |
6034 | +/* | |
6035 | + * This file describes the errors/statistics that FreeSWAN collects. | |
6036 | + */ | |
6037 | + | |
6038 | +#ifndef _IPSEC_STATS_H_ | |
6039 | + | |
6040 | +struct ipsec_stats { | |
6041 | + __u32 ips_alg_errs; /* number of algorithm errors */ | |
6042 | + __u32 ips_auth_errs; /* # of authentication errors */ | |
6043 | + __u32 ips_encsize_errs; /* # of encryption size errors*/ | |
6044 | + __u32 ips_encpad_errs; /* # of encryption pad errors*/ | |
6045 | + __u32 ips_replaywin_errs; /* # of pkt sequence errors */ | |
6046 | +}; | |
6047 | + | |
6048 | +#define _IPSEC_STATS_H_ | |
6049 | +#endif /* _IPSEC_STATS_H_ */ | |
6050 | + | |
6051 | +/* | |
6052 | + * $Log: ipsec_stats.h,v $ | |
6053 | + * Revision 1.7 2005/04/14 01:17:45 mcr | |
6054 | + * add prototypes for snprintf. | |
6055 | + * | |
6056 | + * Revision 1.6 2004/04/05 19:55:07 mcr | |
6057 | + * Moved from linux/include/freeswan/ipsec_stats.h,v | |
6058 | + * | |
6059 | + * Revision 1.5 2004/04/05 19:41:05 mcr | |
6060 | + * merged alg-branch code. | |
6061 | + * | |
6062 | + * Revision 1.4 2004/03/28 20:27:19 paul | |
6063 | + * Included tested and confirmed fixes mcr made and dhr verified for | |
6064 | + * snprint statements. Changed one other snprintf to use ipsec_snprintf | |
6065 | + * so it wouldnt break compatibility with 2.0/2.2 kernels. Verified with | |
6066 | + * dhr. (thanks dhr!) | |
6067 | + * | |
6068 | + * Revision 1.4 2004/03/24 01:58:31 mcr | |
6069 | + * sprintf->snprintf for formatting into proc buffer. | |
6070 | + * | |
6071 | + * Revision 1.3.34.1 2004/04/05 04:30:46 mcr | |
6072 | + * patches for alg-branch to compile/work with 2.x openswan | |
6073 | + * | |
6074 | + * Revision 1.3 2002/04/24 07:36:47 mcr | |
6075 | + * Moved from ./klips/net/ipsec/ipsec_stats.h,v | |
6076 | + * | |
6077 | + * Revision 1.2 2001/11/26 09:16:16 rgb | |
6078 | + * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes. | |
6079 | + * | |
6080 | + * Revision 1.1.2.1 2001/09/25 02:27:00 mcr | |
6081 | + * statistics moved to seperate structure. | |
6082 | + * | |
6083 | + * | |
6084 | + * | |
6085 | + * Local variables: | |
6086 | + * c-file-style: "linux" | |
6087 | + * End: | |
6088 | + * | |
6089 | + */ | |
6090 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
6091 | +++ linux/include/openswan/ipsec_tunnel.h Mon Feb 9 13:51:03 2004 | |
6092 | @@ -0,0 +1,280 @@ | |
6093 | +/* | |
6094 | + * IPSEC tunneling code | |
6095 | + * Copyright (C) 1996, 1997 John Ioannidis. | |
6096 | + * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003 Richard Guy Briggs. | |
6097 | + * | |
6098 | + * This program is free software; you can redistribute it and/or modify it | |
6099 | + * under the terms of the GNU General Public License as published by the | |
6100 | + * Free Software Foundation; either version 2 of the License, or (at your | |
6101 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
6102 | + * | |
6103 | + * This program is distributed in the hope that it will be useful, but | |
6104 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
6105 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
6106 | + * for more details. | |
6107 | + * | |
6108 | + * RCSID $Id: ipsec_tunnel.h,v 1.33 2005/06/04 16:06:05 mcr Exp $ | |
6109 | + */ | |
6110 | + | |
6111 | + | |
6112 | +#ifdef NET_21 | |
6113 | +# define DEV_QUEUE_XMIT(skb, device, pri) {\ | |
6114 | + skb->dev = device; \ | |
6115 | + neigh_compat_output(skb); \ | |
6116 | + /* skb->dst->output(skb); */ \ | |
6117 | + } | |
6118 | +# define ICMP_SEND(skb_in, type, code, info, dev) \ | |
6119 | + icmp_send(skb_in, type, code, htonl(info)) | |
6120 | +# define IP_SEND(skb, dev) \ | |
6121 | + ip_send(skb); | |
6122 | +#else /* NET_21 */ | |
6123 | +# define DEV_QUEUE_XMIT(skb, device, pri) {\ | |
6124 | + dev_queue_xmit(skb, device, pri); \ | |
6125 | + } | |
6126 | +# define ICMP_SEND(skb_in, type, code, info, dev) \ | |
6127 | + icmp_send(skb_in, type, code, info, dev) | |
6128 | +# define IP_SEND(skb, dev) \ | |
6129 | + if(ntohs(iph->tot_len) > physmtu) { \ | |
6130 | + ip_fragment(NULL, skb, dev, 0); \ | |
6131 | + ipsec_kfree_skb(skb); \ | |
6132 | + } else { \ | |
6133 | + dev_queue_xmit(skb, dev, SOPRI_NORMAL); \ | |
6134 | + } | |
6135 | +#endif /* NET_21 */ | |
6136 | + | |
6137 | + | |
6138 | +/* | |
6139 | + * Heavily based on drivers/net/new_tunnel.c. Lots | |
6140 | + * of ideas also taken from the 2.1.x version of drivers/net/shaper.c | |
6141 | + */ | |
6142 | + | |
6143 | +struct ipsectunnelconf | |
6144 | +{ | |
6145 | + __u32 cf_cmd; | |
6146 | + union | |
6147 | + { | |
6148 | + char cfu_name[12]; | |
6149 | + } cf_u; | |
6150 | +#define cf_name cf_u.cfu_name | |
6151 | +}; | |
6152 | + | |
6153 | +#define IPSEC_SET_DEV (SIOCDEVPRIVATE) | |
6154 | +#define IPSEC_DEL_DEV (SIOCDEVPRIVATE + 1) | |
6155 | +#define IPSEC_CLR_DEV (SIOCDEVPRIVATE + 2) | |
6156 | + | |
6157 | +#ifdef __KERNEL__ | |
6158 | +#include <linux/version.h> | |
6159 | +#ifndef KERNEL_VERSION | |
6160 | +# define KERNEL_VERSION(x,y,z) (((x)<<16)+((y)<<8)+(z)) | |
6161 | +#endif | |
6162 | +struct ipsecpriv | |
6163 | +{ | |
6164 | + struct sk_buff_head sendq; | |
6165 | + struct net_device *dev; | |
6166 | + struct wait_queue *wait_queue; | |
6167 | + char locked; | |
6168 | + int (*hard_start_xmit) (struct sk_buff *skb, | |
6169 | + struct net_device *dev); | |
6170 | + int (*hard_header) (struct sk_buff *skb, | |
6171 | + struct net_device *dev, | |
6172 | + unsigned short type, | |
6173 | + void *daddr, | |
6174 | + void *saddr, | |
6175 | + unsigned len); | |
6176 | +#ifdef NET_21 | |
6177 | + int (*rebuild_header)(struct sk_buff *skb); | |
6178 | +#else /* NET_21 */ | |
6179 | + int (*rebuild_header)(void *buff, struct net_device *dev, | |
6180 | + unsigned long raddr, struct sk_buff *skb); | |
6181 | +#endif /* NET_21 */ | |
6182 | + int (*set_mac_address)(struct net_device *dev, void *addr); | |
6183 | +#ifndef NET_21 | |
6184 | + void (*header_cache_bind)(struct hh_cache **hhp, struct net_device *dev, | |
6185 | + unsigned short htype, __u32 daddr); | |
6186 | +#endif /* !NET_21 */ | |
6187 | + void (*header_cache_update)(struct hh_cache *hh, struct net_device *dev, unsigned char * haddr); | |
6188 | + struct net_device_stats *(*get_stats)(struct net_device *dev); | |
6189 | + struct net_device_stats mystats; | |
6190 | + int mtu; /* What is the desired MTU? */ | |
6191 | +}; | |
6192 | + | |
6193 | +extern char ipsec_tunnel_c_version[]; | |
6194 | + | |
6195 | +extern struct net_device *ipsecdevices[IPSEC_NUM_IF]; | |
6196 | + | |
6197 | +int ipsec_tunnel_init_devices(void); | |
6198 | + | |
6199 | +/* void */ int ipsec_tunnel_cleanup_devices(void); | |
6200 | + | |
6201 | +extern /* void */ int ipsec_init(void); | |
6202 | + | |
6203 | +extern int ipsec_tunnel_start_xmit(struct sk_buff *skb, struct net_device *dev); | |
6204 | +extern struct net_device *ipsec_get_device(int inst); | |
6205 | + | |
6206 | +#ifdef CONFIG_KLIPS_DEBUG | |
6207 | +extern int debug_tunnel; | |
6208 | +extern int sysctl_ipsec_debug_verbose; | |
6209 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
6210 | +#endif /* __KERNEL__ */ | |
6211 | + | |
6212 | +#ifdef CONFIG_KLIPS_DEBUG | |
6213 | +#define DB_TN_INIT 0x0001 | |
6214 | +#define DB_TN_PROCFS 0x0002 | |
6215 | +#define DB_TN_XMIT 0x0010 | |
6216 | +#define DB_TN_OHDR 0x0020 | |
6217 | +#define DB_TN_CROUT 0x0040 | |
6218 | +#define DB_TN_OXFS 0x0080 | |
6219 | +#define DB_TN_REVEC 0x0100 | |
6220 | +#define DB_TN_ENCAP 0x0200 | |
6221 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
6222 | + | |
6223 | +/* | |
6224 | + * $Log: ipsec_tunnel.h,v $ | |
6225 | + * Revision 1.33 2005/06/04 16:06:05 mcr | |
6226 | + * better patch for nat-t rcv-device code. | |
6227 | + * | |
6228 | + * Revision 1.32 2005/05/21 03:18:35 mcr | |
6229 | + * added additional debug flag tunnelling. | |
6230 | + * | |
6231 | + * Revision 1.31 2004/08/03 18:18:02 mcr | |
6232 | + * in 2.6, use "net_device" instead of #define device->net_device. | |
6233 | + * this probably breaks 2.0 compiles. | |
6234 | + * | |
6235 | + * Revision 1.30 2004/07/10 19:08:41 mcr | |
6236 | + * CONFIG_IPSEC -> CONFIG_KLIPS. | |
6237 | + * | |
6238 | + * Revision 1.29 2004/04/05 19:55:07 mcr | |
6239 | + * Moved from linux/include/freeswan/ipsec_tunnel.h,v | |
6240 | + * | |
6241 | + * Revision 1.28 2003/06/24 20:22:32 mcr | |
6242 | + * added new global: ipsecdevices[] so that we can keep track of | |
6243 | + * the ipsecX devices. They will be referenced with dev_hold(), | |
6244 | + * so 2.2 may need this as well. | |
6245 | + * | |
6246 | + * Revision 1.27 2003/04/03 17:38:09 rgb | |
6247 | + * Centralised ipsec_kfree_skb and ipsec_dev_{get,put}. | |
6248 | + * | |
6249 | + * Revision 1.26 2003/02/12 19:32:20 rgb | |
6250 | + * Updated copyright year. | |
6251 | + * | |
6252 | + * Revision 1.25 2002/05/27 18:56:07 rgb | |
6253 | + * Convert to dynamic ipsec device allocation. | |
6254 | + * | |
6255 | + * Revision 1.24 2002/04/24 07:36:48 mcr | |
6256 | + * Moved from ./klips/net/ipsec/ipsec_tunnel.h,v | |
6257 | + * | |
6258 | + * Revision 1.23 2001/11/06 19:50:44 rgb | |
6259 | + * Moved IP_SEND, ICMP_SEND, DEV_QUEUE_XMIT macros to ipsec_tunnel.h for | |
6260 | + * use also by pfkey_v2_parser.c | |
6261 | + * | |
6262 | + * Revision 1.22 2001/09/15 16:24:05 rgb | |
6263 | + * Re-inject first and last HOLD packet when an eroute REPLACE is done. | |
6264 | + * | |
6265 | + * Revision 1.21 2001/06/14 19:35:10 rgb | |
6266 | + * Update copyright date. | |
6267 | + * | |
6268 | + * Revision 1.20 2000/09/15 11:37:02 rgb | |
6269 | + * Merge in heavily modified Svenning Soerensen's <svenning@post5.tele.dk> | |
6270 | + * IPCOMP zlib deflate code. | |
6271 | + * | |
6272 | + * Revision 1.19 2000/09/08 19:12:56 rgb | |
6273 | + * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG. | |
6274 | + * | |
6275 | + * Revision 1.18 2000/07/28 13:50:54 rgb | |
6276 | + * Changed enet_statistics to net_device_stats and added back compatibility | |
6277 | + * for pre-2.1.19. | |
6278 | + * | |
6279 | + * Revision 1.17 1999/11/19 01:12:15 rgb | |
6280 | + * Purge unneeded proc_info prototypes, now that static linking uses | |
6281 | + * dynamic proc_info registration. | |
6282 | + * | |
6283 | + * Revision 1.16 1999/11/18 18:51:00 rgb | |
6284 | + * Changed all device registrations for static linking to | |
6285 | + * dynamic to reduce the number and size of patches. | |
6286 | + * | |
6287 | + * Revision 1.15 1999/11/18 04:14:21 rgb | |
6288 | + * Replaced all kernel version macros to shorter, readable form. | |
6289 | + * Added CONFIG_PROC_FS compiler directives in case it is shut off. | |
6290 | + * Added Marc Boucher's 2.3.25 proc patches. | |
6291 | + * | |
6292 | + * Revision 1.14 1999/05/25 02:50:10 rgb | |
6293 | + * Fix kernel version macros for 2.0.x static linking. | |
6294 | + * | |
6295 | + * Revision 1.13 1999/05/25 02:41:06 rgb | |
6296 | + * Add ipsec_klipsdebug support for static linking. | |
6297 | + * | |
6298 | + * Revision 1.12 1999/05/05 22:02:32 rgb | |
6299 | + * Add a quick and dirty port to 2.2 kernels by Marc Boucher <marc@mbsi.ca>. | |
6300 | + * | |
6301 | + * Revision 1.11 1999/04/29 15:19:50 rgb | |
6302 | + * Add return values to init and cleanup functions. | |
6303 | + * | |
6304 | + * Revision 1.10 1999/04/16 16:02:39 rgb | |
6305 | + * Bump up macro to 4 ipsec I/Fs. | |
6306 | + * | |
6307 | + * Revision 1.9 1999/04/15 15:37:25 rgb | |
6308 | + * Forward check changes from POST1_00 branch. | |
6309 | + * | |
6310 | + * Revision 1.5.2.1 1999/04/02 04:26:14 rgb | |
6311 | + * Backcheck from HEAD, pre1.0. | |
6312 | + * | |
6313 | + * Revision 1.8 1999/04/11 00:29:01 henry | |
6314 | + * GPL boilerplate | |
6315 | + * | |
6316 | + * Revision 1.7 1999/04/06 04:54:28 rgb | |
6317 | + * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes | |
6318 | + * patch shell fixes. | |
6319 | + * | |
6320 | + * Revision 1.6 1999/03/31 05:44:48 rgb | |
6321 | + * Keep PMTU reduction private. | |
6322 | + * | |
6323 | + * Revision 1.5 1999/02/10 22:31:20 rgb | |
6324 | + * Change rebuild_header member to reflect generality of link layer. | |
6325 | + * | |
6326 | + * Revision 1.4 1998/12/01 13:22:04 rgb | |
6327 | + * Added support for debug printing of version info. | |
6328 | + * | |
6329 | + * Revision 1.3 1998/07/29 20:42:46 rgb | |
6330 | + * Add a macro for clearing all tunnel devices. | |
6331 | + * Rearrange structures and declarations for sharing with userspace. | |
6332 | + * | |
6333 | + * Revision 1.2 1998/06/25 20:01:45 rgb | |
6334 | + * Make prototypes available for ipsec_init and ipsec proc_dir_entries | |
6335 | + * for static linking. | |
6336 | + * | |
6337 | + * Revision 1.1 1998/06/18 21:27:50 henry | |
6338 | + * move sources from klips/src to klips/net/ipsec, to keep stupid | |
6339 | + * kernel-build scripts happier in the presence of symlinks | |
6340 | + * | |
6341 | + * Revision 1.3 1998/05/18 21:51:50 rgb | |
6342 | + * Added macros for num of I/F's and a procfs debug switch. | |
6343 | + * | |
6344 | + * Revision 1.2 1998/04/21 21:29:09 rgb | |
6345 | + * Rearrange debug switches to change on the fly debug output from user | |
6346 | + * space. Only kernel changes checked in at this time. radij.c was also | |
6347 | + * changed to temporarily remove buggy debugging code in rj_delete causing | |
6348 | + * an OOPS and hence, netlink device open errors. | |
6349 | + * | |
6350 | + * Revision 1.1 1998/04/09 03:06:13 henry | |
6351 | + * sources moved up from linux/net/ipsec | |
6352 | + * | |
6353 | + * Revision 1.1.1.1 1998/04/08 05:35:05 henry | |
6354 | + * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8 | |
6355 | + * | |
6356 | + * Revision 0.5 1997/06/03 04:24:48 ji | |
6357 | + * Added transport mode. | |
6358 | + * Changed the way routing is done. | |
6359 | + * Lots of bug fixes. | |
6360 | + * | |
6361 | + * Revision 0.4 1997/01/15 01:28:15 ji | |
6362 | + * No changes. | |
6363 | + * | |
6364 | + * Revision 0.3 1996/11/20 14:39:04 ji | |
6365 | + * Minor cleanups. | |
6366 | + * Rationalized debugging code. | |
6367 | + * | |
6368 | + * Revision 0.2 1996/11/02 00:18:33 ji | |
6369 | + * First limited release. | |
6370 | + * | |
6371 | + * | |
6372 | + */ | |
6373 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
6374 | +++ linux/include/openswan/ipsec_xform.h Mon Feb 9 13:51:03 2004 | |
6375 | @@ -0,0 +1,257 @@ | |
6376 | +/* | |
6377 | + * Definitions relevant to IPSEC transformations | |
6378 | + * Copyright (C) 1996, 1997 John Ioannidis. | |
6379 | + * Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs. | |
6380 | + * COpyright (C) 2003 Michael Richardson <mcr@sandelman.ottawa.on.ca> | |
6381 | + * | |
6382 | + * This program is free software; you can redistribute it and/or modify it | |
6383 | + * under the terms of the GNU General Public License as published by the | |
6384 | + * Free Software Foundation; either version 2 of the License, or (at your | |
6385 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
6386 | + * | |
6387 | + * This program is distributed in the hope that it will be useful, but | |
6388 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
6389 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
6390 | + * for more details. | |
6391 | + * | |
6392 | + * RCSID $Id: ipsec_xform.h,v 1.41 2004/07/10 19:08:41 mcr Exp $ | |
6393 | + */ | |
6394 | + | |
6395 | +#ifndef _IPSEC_XFORM_H_ | |
6396 | + | |
6397 | +#include <openswan.h> | |
6398 | + | |
6399 | +#define XF_NONE 0 /* No transform set */ | |
6400 | +#define XF_IP4 1 /* IPv4 inside IPv4 */ | |
6401 | +#define XF_AHMD5 2 /* AH MD5 */ | |
6402 | +#define XF_AHSHA 3 /* AH SHA */ | |
6403 | +#define XF_ESP3DES 5 /* ESP DES3-CBC */ | |
6404 | +#define XF_AHHMACMD5 6 /* AH-HMAC-MD5 with opt replay prot */ | |
6405 | +#define XF_AHHMACSHA1 7 /* AH-HMAC-SHA1 with opt replay prot */ | |
6406 | +#define XF_ESP3DESMD5 9 /* triple DES, HMAC-MD-5, 128-bits of authentication */ | |
6407 | +#define XF_ESP3DESMD596 10 /* triple DES, HMAC-MD-5, 96-bits of authentication */ | |
6408 | +#define XF_ESPNULLMD596 12 /* NULL, HMAC-MD-5 with 96-bits of authentication */ | |
6409 | +#define XF_ESPNULLSHA196 13 /* NULL, HMAC-SHA-1 with 96-bits of authentication */ | |
6410 | +#define XF_ESP3DESSHA196 14 /* triple DES, HMAC-SHA-1, 96-bits of authentication */ | |
6411 | +#define XF_IP6 15 /* IPv6 inside IPv6 */ | |
6412 | +#define XF_COMPDEFLATE 16 /* IPCOMP deflate */ | |
6413 | + | |
6414 | +#define XF_CLR 126 /* Clear SA table */ | |
6415 | +#define XF_DEL 127 /* Delete SA */ | |
6416 | + | |
6417 | +/* IPsec AH transform values | |
6418 | + * RFC 2407 | |
6419 | + * draft-ietf-ipsec-doi-tc-mib-02.txt | |
6420 | + */ | |
6421 | + | |
6422 | +#define AH_NONE 0 | |
6423 | +#define AH_MD5 2 | |
6424 | +#define AH_SHA 3 | |
6425 | +/* draft-ietf-ipsec-ciph-aes-cbc-03.txt */ | |
6426 | +#define AH_SHA2_256 5 | |
6427 | +#define AH_SHA2_384 6 | |
6428 | +#define AH_SHA2_512 7 | |
6429 | +#define AH_RIPEMD 8 | |
6430 | +#define AH_MAX 15 | |
6431 | + | |
6432 | +/* IPsec ESP transform values */ | |
6433 | + | |
6434 | +#define ESP_NONE 0 | |
6435 | +#define ESP_DES 2 | |
6436 | +#define ESP_3DES 3 | |
6437 | +#define ESP_RC5 4 | |
6438 | +#define ESP_IDEA 5 | |
6439 | +#define ESP_CAST 6 | |
6440 | +#define ESP_BLOWFISH 7 | |
6441 | +#define ESP_3IDEA 8 | |
6442 | +#define ESP_RC4 10 | |
6443 | +#define ESP_NULL 11 | |
6444 | +#define ESP_AES 12 | |
6445 | + | |
6446 | +/* as draft-ietf-ipsec-ciph-aes-cbc-02.txt */ | |
6447 | +#define ESP_MARS 249 | |
6448 | +#define ESP_RC6 250 | |
6449 | +#define ESP_SERPENT 252 | |
6450 | +#define ESP_TWOFISH 253 | |
6451 | + | |
6452 | +/* IPCOMP transform values */ | |
6453 | + | |
6454 | +#define IPCOMP_NONE 0 | |
6455 | +#define IPCOMP_OUI 1 | |
6456 | +#define IPCOMP_DEFLAT 2 | |
6457 | +#define IPCOMP_LZS 3 | |
6458 | +#define IPCOMP_V42BIS 4 | |
6459 | + | |
6460 | +#define XFT_AUTH 0x0001 | |
6461 | +#define XFT_CONF 0x0100 | |
6462 | + | |
6463 | +/* available if CONFIG_KLIPS_DEBUG is defined */ | |
6464 | +#define DB_XF_INIT 0x0001 | |
6465 | + | |
6466 | +#define PROTO2TXT(x) \ | |
6467 | + (x) == IPPROTO_AH ? "AH" : \ | |
6468 | + (x) == IPPROTO_ESP ? "ESP" : \ | |
6469 | + (x) == IPPROTO_IPIP ? "IPIP" : \ | |
6470 | + (x) == IPPROTO_COMP ? "COMP" : \ | |
6471 | + "UNKNOWN_proto" | |
6472 | +static inline const char *enc_name_id (unsigned id) { | |
6473 | + static char buf[16]; | |
6474 | + snprintf(buf, sizeof(buf), "_ID%d", id); | |
6475 | + return buf; | |
6476 | +} | |
6477 | +static inline const char *auth_name_id (unsigned id) { | |
6478 | + static char buf[16]; | |
6479 | + snprintf(buf, sizeof(buf), "_ID%d", id); | |
6480 | + return buf; | |
6481 | +} | |
6482 | +#define IPS_XFORM_NAME(x) \ | |
6483 | + PROTO2TXT((x)->ips_said.proto), \ | |
6484 | + (x)->ips_said.proto == IPPROTO_COMP ? \ | |
6485 | + ((x)->ips_encalg == SADB_X_CALG_DEFLATE ? \ | |
6486 | + "_DEFLATE" : "_UNKNOWN_comp") : \ | |
6487 | + (x)->ips_encalg == ESP_NONE ? "" : \ | |
6488 | + (x)->ips_encalg == ESP_3DES ? "_3DES" : \ | |
6489 | + (x)->ips_encalg == ESP_AES ? "_AES" : \ | |
6490 | + (x)->ips_encalg == ESP_SERPENT ? "_SERPENT" : \ | |
6491 | + (x)->ips_encalg == ESP_TWOFISH ? "_TWOFISH" : \ | |
6492 | + enc_name_id(x->ips_encalg)/* "_UNKNOWN_encr" */, \ | |
6493 | + (x)->ips_authalg == AH_NONE ? "" : \ | |
6494 | + (x)->ips_authalg == AH_MD5 ? "_HMAC_MD5" : \ | |
6495 | + (x)->ips_authalg == AH_SHA ? "_HMAC_SHA1" : \ | |
6496 | + (x)->ips_authalg == AH_SHA2_256 ? "_HMAC_SHA2_256" : \ | |
6497 | + (x)->ips_authalg == AH_SHA2_384 ? "_HMAC_SHA2_384" : \ | |
6498 | + (x)->ips_authalg == AH_SHA2_512 ? "_HMAC_SHA2_512" : \ | |
6499 | + auth_name_id(x->ips_authalg) /* "_UNKNOWN_auth" */ \ | |
6500 | + | |
6501 | +#ifdef __KERNEL__ | |
6502 | +struct ipsec_rcv_state; | |
6503 | +struct ipsec_xmit_state; | |
6504 | + | |
6505 | +struct xform_functions { | |
6506 | + enum ipsec_rcv_value (*rcv_checks)(struct ipsec_rcv_state *irs, | |
6507 | + struct sk_buff *skb); | |
6508 | + enum ipsec_rcv_value (*rcv_decrypt)(struct ipsec_rcv_state *irs); | |
6509 | + | |
6510 | + enum ipsec_rcv_value (*rcv_setup_auth)(struct ipsec_rcv_state *irs, | |
6511 | + struct sk_buff *skb, | |
6512 | + __u32 *replay, | |
6513 | + unsigned char **authenticator); | |
6514 | + enum ipsec_rcv_value (*rcv_calc_auth)(struct ipsec_rcv_state *irs, | |
6515 | + struct sk_buff *skb); | |
6516 | + | |
6517 | + enum ipsec_xmit_value (*xmit_setup)(struct ipsec_xmit_state *ixs); | |
6518 | + enum ipsec_xmit_value (*xmit_encrypt)(struct ipsec_xmit_state *ixs); | |
6519 | + | |
6520 | + enum ipsec_xmit_value (*xmit_setup_auth)(struct ipsec_xmit_state *ixs, | |
6521 | + struct sk_buff *skb, | |
6522 | + __u32 *replay, | |
6523 | + unsigned char **authenticator); | |
6524 | + enum ipsec_xmit_value (*xmit_calc_auth)(struct ipsec_xmit_state *ixs, | |
6525 | + struct sk_buff *skb); | |
6526 | + int xmit_headroom; | |
6527 | + int xmit_needtailroom; | |
6528 | +}; | |
6529 | + | |
6530 | +#endif /* __KERNEL__ */ | |
6531 | + | |
6532 | +#ifdef CONFIG_KLIPS_DEBUG | |
6533 | +extern void ipsec_dmp(char *s, caddr_t bb, int len); | |
6534 | +#else /* CONFIG_KLIPS_DEBUG */ | |
6535 | +#define ipsec_dmp(_x, _y, _z) | |
6536 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
6537 | + | |
6538 | + | |
6539 | +#define _IPSEC_XFORM_H_ | |
6540 | +#endif /* _IPSEC_XFORM_H_ */ | |
6541 | + | |
6542 | +/* | |
6543 | + * $Log: ipsec_xform.h,v $ | |
6544 | + * Revision 1.41 2004/07/10 19:08:41 mcr | |
6545 | + * CONFIG_IPSEC -> CONFIG_KLIPS. | |
6546 | + * | |
6547 | + * Revision 1.40 2004/04/06 02:49:08 mcr | |
6548 | + * pullup of algo code from alg-branch. | |
6549 | + * | |
6550 | + * Revision 1.39 2004/04/05 19:55:07 mcr | |
6551 | + * Moved from linux/include/freeswan/ipsec_xform.h,v | |
6552 | + * | |
6553 | + * Revision 1.38 2004/04/05 19:41:05 mcr | |
6554 | + * merged alg-branch code. | |
6555 | + * | |
6556 | + * Revision 1.37 2003/12/13 19:10:16 mcr | |
6557 | + * refactored rcv and xmit code - same as FS 2.05. | |
6558 | + * | |
6559 | + * Revision 1.36.34.1 2003/12/22 15:25:52 jjo | |
6560 | + * Merged algo-0.8.1-rc11-test1 into alg-branch | |
6561 | + * | |
6562 | + * Revision 1.36 2002/04/24 07:36:48 mcr | |
6563 | + * Moved from ./klips/net/ipsec/ipsec_xform.h,v | |
6564 | + * | |
6565 | + * Revision 1.35 2001/11/26 09:23:51 rgb | |
6566 | + * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes. | |
6567 | + * | |
6568 | + * Revision 1.33.2.1 2001/09/25 02:24:58 mcr | |
6569 | + * struct tdb -> struct ipsec_sa. | |
6570 | + * sa(tdb) manipulation functions renamed and moved to ipsec_sa.c | |
6571 | + * ipsec_xform.c removed. header file still contains useful things. | |
6572 | + * | |
6573 | + * Revision 1.34 2001/11/06 19:47:17 rgb | |
6574 | + * Changed lifetime_packets to uint32 from uint64. | |
6575 | + * | |
6576 | + * Revision 1.33 2001/09/08 21:13:34 rgb | |
6577 | + * Added pfkey ident extension support for ISAKMPd. (NetCelo) | |
6578 | + * | |
6579 | + * Revision 1.32 2001/07/06 07:40:01 rgb | |
6580 | + * Reformatted for readability. | |
6581 | + * Added inbound policy checking fields for use with IPIP SAs. | |
6582 | + * | |
6583 | + * Revision 1.31 2001/06/14 19:35:11 rgb | |
6584 | + * Update copyright date. | |
6585 | + * | |
6586 | + * Revision 1.30 2001/05/30 08:14:03 rgb | |
6587 | + * Removed vestiges of esp-null transforms. | |
6588 | + * | |
6589 | + * Revision 1.29 2001/01/30 23:42:47 rgb | |
6590 | + * Allow pfkey msgs from pid other than user context required for ACQUIRE | |
6591 | + * and subsequent ADD or UDATE. | |
6592 | + * | |
6593 | + * Revision 1.28 2000/11/06 04:30:40 rgb | |
6594 | + * Add Svenning's adaptive content compression. | |
6595 | + * | |
6596 | + * Revision 1.27 2000/09/19 00:38:25 rgb | |
6597 | + * Fixed algorithm name bugs introduced for ipcomp. | |
6598 | + * | |
6599 | + * Revision 1.26 2000/09/17 21:36:48 rgb | |
6600 | + * Added proto2txt macro. | |
6601 | + * | |
6602 | + * Revision 1.25 2000/09/17 18:56:47 rgb | |
6603 | + * Added IPCOMP support. | |
6604 | + * | |
6605 | + * Revision 1.24 2000/09/12 19:34:12 rgb | |
6606 | + * Defined XF_IP6 from Gerhard for ipv6 tunnel support. | |
6607 | + * | |
6608 | + * Revision 1.23 2000/09/12 03:23:14 rgb | |
6609 | + * Cleaned out now unused tdb_xform and tdb_xdata members of struct tdb. | |
6610 | + * | |
6611 | + * Revision 1.22 2000/09/08 19:12:56 rgb | |
6612 | + * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG. | |
6613 | + * | |
6614 | + * Revision 1.21 2000/09/01 18:32:43 rgb | |
6615 | + * Added (disabled) sensitivity members to tdb struct. | |
6616 | + * | |
6617 | + * Revision 1.20 2000/08/30 05:31:01 rgb | |
6618 | + * Removed all the rest of the references to tdb_spi, tdb_proto, tdb_dst. | |
6619 | + * Kill remainder of tdb_xform, tdb_xdata, xformsw. | |
6620 | + * | |
6621 | + * Revision 1.19 2000/08/01 14:51:52 rgb | |
6622 | + * Removed _all_ remaining traces of DES. | |
6623 | + * | |
6624 | + * Revision 1.18 2000/01/21 06:17:45 rgb | |
6625 | + * Tidied up spacing. | |
6626 | + * | |
6627 | + * | |
6628 | + * Local variables: | |
6629 | + * c-file-style: "linux" | |
6630 | + * End: | |
6631 | + * | |
6632 | + */ | |
6633 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
6634 | +++ linux/include/openswan/ipsec_xmit.h Mon Feb 9 13:51:03 2004 | |
6635 | @@ -0,0 +1,198 @@ | |
6636 | +/* | |
6637 | + * IPSEC tunneling code | |
6638 | + * Copyright (C) 1996, 1997 John Ioannidis. | |
6639 | + * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003 Richard Guy Briggs. | |
6640 | + * | |
6641 | + * This program is free software; you can redistribute it and/or modify it | |
6642 | + * under the terms of the GNU General Public License as published by the | |
6643 | + * Free Software Foundation; either version 2 of the License, or (at your | |
6644 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
6645 | + * | |
6646 | + * This program is distributed in the hope that it will be useful, but | |
6647 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
6648 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
6649 | + * for more details. | |
6650 | + * | |
6651 | + * RCSID $Id: ipsec_xmit.h,v 1.14 2005/05/11 01:00:26 mcr Exp $ | |
6652 | + */ | |
6653 | + | |
6654 | +#include "openswan/ipsec_sa.h" | |
6655 | + | |
6656 | +enum ipsec_xmit_value | |
6657 | +{ | |
6658 | + IPSEC_XMIT_STOLEN=2, | |
6659 | + IPSEC_XMIT_PASS=1, | |
6660 | + IPSEC_XMIT_OK=0, | |
6661 | + IPSEC_XMIT_ERRMEMALLOC=-1, | |
6662 | + IPSEC_XMIT_ESP_BADALG=-2, | |
6663 | + IPSEC_XMIT_BADPROTO=-3, | |
6664 | + IPSEC_XMIT_ESP_PUSHPULLERR=-4, | |
6665 | + IPSEC_XMIT_BADLEN=-5, | |
6666 | + IPSEC_XMIT_AH_BADALG=-6, | |
6667 | + IPSEC_XMIT_SAIDNOTFOUND=-7, | |
6668 | + IPSEC_XMIT_SAIDNOTLIVE=-8, | |
6669 | + IPSEC_XMIT_REPLAYROLLED=-9, | |
6670 | + IPSEC_XMIT_LIFETIMEFAILED=-10, | |
6671 | + IPSEC_XMIT_CANNOTFRAG=-11, | |
6672 | + IPSEC_XMIT_MSSERR=-12, | |
6673 | + IPSEC_XMIT_ERRSKBALLOC=-13, | |
6674 | + IPSEC_XMIT_ENCAPFAIL=-14, | |
6675 | + IPSEC_XMIT_NODEV=-15, | |
6676 | + IPSEC_XMIT_NOPRIVDEV=-16, | |
6677 | + IPSEC_XMIT_NOPHYSDEV=-17, | |
6678 | + IPSEC_XMIT_NOSKB=-18, | |
6679 | + IPSEC_XMIT_NOIPV6=-19, | |
6680 | + IPSEC_XMIT_NOIPOPTIONS=-20, | |
6681 | + IPSEC_XMIT_TTLEXPIRED=-21, | |
6682 | + IPSEC_XMIT_BADHHLEN=-22, | |
6683 | + IPSEC_XMIT_PUSHPULLERR=-23, | |
6684 | + IPSEC_XMIT_ROUTEERR=-24, | |
6685 | + IPSEC_XMIT_RECURSDETECT=-25, | |
6686 | + IPSEC_XMIT_IPSENDFAILURE=-26, | |
6687 | + IPSEC_XMIT_ESPUDP=-27, | |
6688 | + IPSEC_XMIT_ESPUDP_BADTYPE=-28, | |
6689 | +}; | |
6690 | + | |
6691 | +struct ipsec_xmit_state | |
6692 | +{ | |
6693 | + struct sk_buff *skb; /* working skb pointer */ | |
6694 | + struct net_device *dev; /* working dev pointer */ | |
6695 | + struct ipsecpriv *prv; /* Our device' private space */ | |
6696 | + struct sk_buff *oskb; /* Original skb pointer */ | |
6697 | + struct net_device_stats *stats; /* This device's statistics */ | |
6698 | + struct iphdr *iph; /* Our new IP header */ | |
6699 | + __u32 newdst; /* The other SG's IP address */ | |
6700 | + __u32 orgdst; /* Original IP destination address */ | |
6701 | + __u32 orgedst; /* 1st SG's IP address */ | |
6702 | + __u32 newsrc; /* The new source SG's IP address */ | |
6703 | + __u32 orgsrc; /* Original IP source address */ | |
6704 | + __u32 innersrc; /* Innermost IP source address */ | |
6705 | + int iphlen; /* IP header length */ | |
6706 | + int pyldsz; /* upper protocol payload size */ | |
6707 | + int headroom; | |
6708 | + int tailroom; | |
6709 | + int authlen; | |
6710 | + int max_headroom; /* The extra header space needed */ | |
6711 | + int max_tailroom; /* The extra stuffing needed */ | |
6712 | + int ll_headroom; /* The extra link layer hard_header space needed */ | |
6713 | + int tot_headroom; /* The total header space needed */ | |
6714 | + int tot_tailroom; /* The totalstuffing needed */ | |
6715 | + __u8 *saved_header; /* saved copy of the hard header */ | |
6716 | + unsigned short sport, dport; | |
6717 | + | |
6718 | + struct sockaddr_encap matcher; /* eroute search key */ | |
6719 | + struct eroute *eroute; | |
6720 | + struct ipsec_sa *ipsp, *ipsq; /* ipsec_sa pointers */ | |
6721 | + char sa_txt[SATOT_BUF]; | |
6722 | + size_t sa_len; | |
6723 | + int hard_header_stripped; /* has the hard header been removed yet? */ | |
6724 | + int hard_header_len; | |
6725 | + struct net_device *physdev; | |
6726 | +/* struct device *virtdev; */ | |
6727 | + short physmtu; | |
6728 | + short cur_mtu; /* copy of prv->mtu, cause prv may == NULL */ | |
6729 | + short mtudiff; | |
6730 | +#ifdef NET_21 | |
6731 | + struct rtable *route; | |
6732 | +#endif /* NET_21 */ | |
6733 | + ip_said outgoing_said; | |
6734 | +#ifdef NET_21 | |
6735 | + int pass; | |
6736 | +#endif /* NET_21 */ | |
6737 | + int error; | |
6738 | + uint32_t eroute_pid; | |
6739 | + struct ipsec_sa ips; | |
6740 | +#ifdef CONFIG_IPSEC_NAT_TRAVERSAL | |
6741 | + uint8_t natt_type; | |
6742 | + uint8_t natt_head; | |
6743 | + uint16_t natt_sport; | |
6744 | + uint16_t natt_dport; | |
6745 | +#endif | |
6746 | +}; | |
6747 | + | |
6748 | +enum ipsec_xmit_value | |
6749 | +ipsec_xmit_sanity_check_dev(struct ipsec_xmit_state *ixs); | |
6750 | + | |
6751 | +enum ipsec_xmit_value | |
6752 | +ipsec_xmit_sanity_check_skb(struct ipsec_xmit_state *ixs); | |
6753 | + | |
6754 | +enum ipsec_xmit_value | |
6755 | +ipsec_xmit_encap_bundle(struct ipsec_xmit_state *ixs); | |
6756 | + | |
6757 | +extern void ipsec_extract_ports(struct iphdr * iph, struct sockaddr_encap * er); | |
6758 | + | |
6759 | + | |
6760 | +extern int ipsec_xmit_trap_count; | |
6761 | +extern int ipsec_xmit_trap_sendcount; | |
6762 | + | |
6763 | +#ifdef CONFIG_KLIPS_DEBUG | |
6764 | +extern int debug_tunnel; | |
6765 | + | |
6766 | +#define debug_xmit debug_tunnel | |
6767 | + | |
6768 | +#define ipsec_xmit_dmp(_x,_y, _z) if (debug_xmit && sysctl_ipsec_debug_verbose) ipsec_dmp_block(_x,_y,_z) | |
6769 | +#else | |
6770 | +#define ipsec_xmit_dmp(_x,_y, _z) do {} while(0) | |
6771 | + | |
6772 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
6773 | + | |
6774 | +extern int sysctl_ipsec_debug_verbose; | |
6775 | +extern int sysctl_ipsec_icmp; | |
6776 | +extern int sysctl_ipsec_tos; | |
6777 | + | |
6778 | + | |
6779 | +/* | |
6780 | + * $Log: ipsec_xmit.h,v $ | |
6781 | + * Revision 1.14 2005/05/11 01:00:26 mcr | |
6782 | + * do not call debug routines if !defined KLIPS_DEBUG. | |
6783 | + * | |
6784 | + * Revision 1.13 2005/04/29 05:01:38 mcr | |
6785 | + * use ipsec_dmp_block. | |
6786 | + * added cur_mtu to ixs instead of using ixs->dev. | |
6787 | + * | |
6788 | + * Revision 1.12 2004/08/20 21:45:37 mcr | |
6789 | + * CONFIG_KLIPS_NAT_TRAVERSAL is not used in an attempt to | |
6790 | + * be 26sec compatible. But, some defines where changed. | |
6791 | + * | |
6792 | + * Revision 1.11 2004/08/03 18:18:21 mcr | |
6793 | + * in 2.6, use "net_device" instead of #define device->net_device. | |
6794 | + * this probably breaks 2.0 compiles. | |
6795 | + * | |
6796 | + * Revision 1.10 2004/07/10 19:08:41 mcr | |
6797 | + * CONFIG_IPSEC -> CONFIG_KLIPS. | |
6798 | + * | |
6799 | + * Revision 1.9 2004/04/06 02:49:08 mcr | |
6800 | + * pullup of algo code from alg-branch. | |
6801 | + * | |
6802 | + * Revision 1.8 2004/04/05 19:55:07 mcr | |
6803 | + * Moved from linux/include/freeswan/ipsec_xmit.h,v | |
6804 | + * | |
6805 | + * Revision 1.7 2004/02/03 03:11:40 mcr | |
6806 | + * new xmit type if the UDP encapsulation is wrong. | |
6807 | + * | |
6808 | + * Revision 1.6 2003/12/13 19:10:16 mcr | |
6809 | + * refactored rcv and xmit code - same as FS 2.05. | |
6810 | + * | |
6811 | + * Revision 1.5 2003/12/10 01:20:06 mcr | |
6812 | + * NAT-traversal patches to KLIPS. | |
6813 | + * | |
6814 | + * Revision 1.4 2003/12/06 16:37:04 mcr | |
6815 | + * 1.4.7a X.509 patch applied. | |
6816 | + * | |
6817 | + * Revision 1.3 2003/10/31 02:27:05 mcr | |
6818 | + * pulled up port-selector patches and sa_id elimination. | |
6819 | + * | |
6820 | + * Revision 1.2.4.2 2003/10/29 01:10:19 mcr | |
6821 | + * elimited "struct sa_id" | |
6822 | + * | |
6823 | + * Revision 1.2.4.1 2003/09/21 13:59:38 mcr | |
6824 | + * pre-liminary X.509 patch - does not yet pass tests. | |
6825 | + * | |
6826 | + * Revision 1.2 2003/06/20 01:42:13 mcr | |
6827 | + * added counters to measure how many ACQUIREs we send to pluto, | |
6828 | + * and how many are successfully sent. | |
6829 | + * | |
6830 | + * Revision 1.1 2003/02/12 19:31:03 rgb | |
6831 | + * Refactored from ipsec_tunnel.c | |
6832 | + * | |
6833 | + */ | |
6834 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
6835 | +++ linux/include/openswan/passert.h Mon Feb 9 13:51:03 2004 | |
6836 | @@ -0,0 +1,75 @@ | |
6837 | +/* | |
6838 | + * sanitize a string into a printable format. | |
6839 | + * | |
6840 | + * Copyright (C) 1998-2002 D. Hugh Redelmeier. | |
6841 | + * Copyright (C) 2003 Michael Richardson <mcr@freeswan.org> | |
6842 | + * | |
6843 | + * This library is free software; you can redistribute it and/or modify it | |
6844 | + * under the terms of the GNU Library General Public License as published by | |
6845 | + * the Free Software Foundation; either version 2 of the License, or (at your | |
6846 | + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. | |
6847 | + * | |
6848 | + * This library is distributed in the hope that it will be useful, but | |
6849 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
6850 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public | |
6851 | + * License for more details. | |
6852 | + * | |
6853 | + * RCSID $Id: passert.h,v 1.7 2004/10/21 18:44:42 mcr Exp $ | |
6854 | + */ | |
6855 | + | |
6856 | +#include "openswan.h" | |
6857 | + | |
6858 | +#ifndef _OPENSWAN_PASSERT_H | |
6859 | +#define _OPENSWAN_PASSERT_H | |
6860 | +/* our versions of assert: log result */ | |
6861 | + | |
6862 | +#ifdef DEBUG | |
6863 | + | |
6864 | +typedef void (*openswan_passert_fail_t)(const char *pred_str, | |
6865 | + const char *file_str, | |
6866 | + unsigned long line_no) NEVER_RETURNS; | |
6867 | + | |
6868 | +openswan_passert_fail_t openswan_passert_fail; | |
6869 | + | |
6870 | +extern void pexpect_log(const char *pred_str | |
6871 | + , const char *file_str, unsigned long line_no); | |
6872 | + | |
6873 | +# define impossible() do { \ | |
6874 | + if(openswan_passert_fail) { \ | |
6875 | + (*openswan_passert_fail)("impossible", __FILE__, __LINE__); \ | |
6876 | + }} while(0) | |
6877 | + | |
6878 | +extern void switch_fail(int n | |
6879 | + , const char *file_str, unsigned long line_no) NEVER_RETURNS; | |
6880 | + | |
6881 | +# define bad_case(n) switch_fail((int) n, __FILE__, __LINE__) | |
6882 | + | |
6883 | +# define passert(pred) do { \ | |
6884 | + if (!(pred)) \ | |
6885 | + if(openswan_passert_fail) { \ | |
6886 | + (*openswan_passert_fail)(#pred, __FILE__, __LINE__); \ | |
6887 | + } \ | |
6888 | + } while(0) | |
6889 | + | |
6890 | +# define pexpect(pred) do { \ | |
6891 | + if (!(pred)) \ | |
6892 | + pexpect_log(#pred, __FILE__, __LINE__); \ | |
6893 | + } while(0) | |
6894 | + | |
6895 | +/* assert that an err_t is NULL; evaluate exactly once */ | |
6896 | +# define happy(x) { \ | |
6897 | + err_t ugh = x; \ | |
6898 | + if (ugh != NULL) \ | |
6899 | + if(openswan_passert_fail) { (*openswan_passert_fail)(ugh, __FILE__, __LINE__); } \ | |
6900 | + } | |
6901 | + | |
6902 | +#else /*!DEBUG*/ | |
6903 | + | |
6904 | +# define impossible() abort() | |
6905 | +# define bad_case(n) abort() | |
6906 | +# define passert(pred) { } /* do nothing */ | |
6907 | +# define happy(x) { (void) x; } /* evaluate non-judgementally */ | |
6908 | + | |
6909 | +#endif /*!DEBUG*/ | |
6910 | + | |
6911 | +#endif /* _OPENSWAN_PASSERT_H */ | |
6912 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
6913 | +++ linux/include/openswan/pfkey_debug.h Mon Feb 9 13:51:03 2004 | |
6914 | @@ -0,0 +1,54 @@ | |
6915 | +/* | |
6916 | + * sanitize a string into a printable format. | |
6917 | + * | |
6918 | + * Copyright (C) 1998-2002 D. Hugh Redelmeier. | |
6919 | + * Copyright (C) 2003 Michael Richardson <mcr@freeswan.org> | |
6920 | + * | |
6921 | + * This library is free software; you can redistribute it and/or modify it | |
6922 | + * under the terms of the GNU Library General Public License as published by | |
6923 | + * the Free Software Foundation; either version 2 of the License, or (at your | |
6924 | + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. | |
6925 | + * | |
6926 | + * This library is distributed in the hope that it will be useful, but | |
6927 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
6928 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public | |
6929 | + * License for more details. | |
6930 | + * | |
6931 | + * RCSID $Id: pfkey_debug.h,v 1.3 2004/04/05 19:55:07 mcr Exp $ | |
6932 | + */ | |
6933 | + | |
6934 | +#ifndef _FREESWAN_PFKEY_DEBUG_H | |
6935 | +#define _FREESWAN_PFKEY_DEBUG_H | |
6936 | + | |
6937 | +#ifdef __KERNEL__ | |
6938 | + | |
6939 | +/* note, kernel version ignores pfkey levels */ | |
6940 | +# define DEBUGGING(level,args...) \ | |
6941 | + KLIPS_PRINT(debug_pfkey, "klips_debug:" args) | |
6942 | + | |
6943 | +# define ERROR(args...) printk(KERN_ERR "klips:" args) | |
6944 | + | |
6945 | +#else | |
6946 | + | |
6947 | +extern unsigned int pfkey_lib_debug; | |
6948 | + | |
6949 | +extern void (*pfkey_debug_func)(const char *message, ...) PRINTF_LIKE(1); | |
6950 | +extern void (*pfkey_error_func)(const char *message, ...) PRINTF_LIKE(1); | |
6951 | + | |
6952 | +#define DEBUGGING(level,args...) if(pfkey_lib_debug & level) { \ | |
6953 | + if(pfkey_debug_func != NULL) { \ | |
6954 | + (*pfkey_debug_func)("pfkey_lib_debug:" args); \ | |
6955 | + } else { \ | |
6956 | + printf("pfkey_lib_debug:" args); \ | |
6957 | + } } | |
6958 | + | |
6959 | +#define ERROR(args...) if(pfkey_error_func != NULL) { \ | |
6960 | + (*pfkey_error_func)("pfkey_lib_debug:" args); \ | |
6961 | + } | |
6962 | + | |
6963 | +# define MALLOC(size) malloc(size) | |
6964 | +# define FREE(obj) free(obj) | |
6965 | + | |
6966 | +#endif | |
6967 | + | |
6968 | +#endif | |
6969 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
6970 | +++ linux/include/openswan/radij.h Mon Feb 9 13:51:03 2004 | |
6971 | @@ -0,0 +1,280 @@ | |
6972 | +/* | |
6973 | + * RCSID $Id: radij.h,v 1.13 2004/04/05 19:55:08 mcr Exp $ | |
6974 | + */ | |
6975 | + | |
6976 | +/* | |
6977 | + * This file is defived from ${SRC}/sys/net/radix.h of BSD 4.4lite | |
6978 | + * | |
6979 | + * Variable and procedure names have been modified so that they don't | |
6980 | + * conflict with the original BSD code, as a small number of modifications | |
6981 | + * have been introduced and we may want to reuse this code in BSD. | |
6982 | + * | |
6983 | + * The `j' in `radij' is pronounced as a voiceless guttural (like a Greek | |
6984 | + * chi or a German ch sound (as `doch', not as in `milch'), or even a | |
6985 | + * spanish j as in Juan. It is not as far back in the throat like | |
6986 | + * the corresponding Hebrew sound, nor is it a soft breath like the English h. | |
6987 | + * It has nothing to do with the Dutch ij sound. | |
6988 | + * | |
6989 | + * Here is the appropriate copyright notice: | |
6990 | + */ | |
6991 | + | |
6992 | +/* | |
6993 | + * Copyright (c) 1988, 1989, 1993 | |
6994 | + * The Regents of the University of California. All rights reserved. | |
6995 | + * | |
6996 | + * Redistribution and use in source and binary forms, with or without | |
6997 | + * modification, are permitted provided that the following conditions | |
6998 | + * are met: | |
6999 | + * 1. Redistributions of source code must retain the above copyright | |
7000 | + * notice, this list of conditions and the following disclaimer. | |
7001 | + * 2. Redistributions in binary form must reproduce the above copyright | |
7002 | + * notice, this list of conditions and the following disclaimer in the | |
7003 | + * documentation and/or other materials provided with the distribution. | |
7004 | + * 3. All advertising materials mentioning features or use of this software | |
7005 | + * must display the following acknowledgement: | |
7006 | + * This product includes software developed by the University of | |
7007 | + * California, Berkeley and its contributors. | |
7008 | + * 4. Neither the name of the University nor the names of its contributors | |
7009 | + * may be used to endorse or promote products derived from this software | |
7010 | + * without specific prior written permission. | |
7011 | + * | |
7012 | + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND | |
7013 | + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
7014 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
7015 | + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | |
7016 | + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
7017 | + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
7018 | + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
7019 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
7020 | + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
7021 | + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
7022 | + * SUCH DAMAGE. | |
7023 | + * | |
7024 | + * @(#)radix.h 8.1 (Berkeley) 6/10/93 | |
7025 | + */ | |
7026 | + | |
7027 | +#ifndef _RADIJ_H_ | |
7028 | +#define _RADIJ_H_ | |
7029 | + | |
7030 | +/* | |
7031 | +#define RJ_DEBUG | |
7032 | +*/ | |
7033 | + | |
7034 | +#ifdef __KERNEL__ | |
7035 | + | |
7036 | +#ifndef __P | |
7037 | +#ifdef __STDC__ | |
7038 | +#define __P(x) x | |
7039 | +#else | |
7040 | +#define __P(x) () | |
7041 | +#endif | |
7042 | +#endif | |
7043 | + | |
7044 | +/* | |
7045 | + * Radix search tree node layout. | |
7046 | + */ | |
7047 | + | |
7048 | +struct radij_node | |
7049 | +{ | |
7050 | + struct radij_mask *rj_mklist; /* list of masks contained in subtree */ | |
7051 | + struct radij_node *rj_p; /* parent */ | |
7052 | + short rj_b; /* bit offset; -1-index(netmask) */ | |
7053 | + char rj_bmask; /* node: mask for bit test*/ | |
7054 | + u_char rj_flags; /* enumerated next */ | |
7055 | +#define RJF_NORMAL 1 /* leaf contains normal route */ | |
7056 | +#define RJF_ROOT 2 /* leaf is root leaf for tree */ | |
7057 | +#define RJF_ACTIVE 4 /* This node is alive (for rtfree) */ | |
7058 | + union { | |
7059 | + struct { /* leaf only data: */ | |
7060 | + caddr_t rj_Key; /* object of search */ | |
7061 | + caddr_t rj_Mask; /* netmask, if present */ | |
7062 | + struct radij_node *rj_Dupedkey; | |
7063 | + } rj_leaf; | |
7064 | + struct { /* node only data: */ | |
7065 | + int rj_Off; /* where to start compare */ | |
7066 | + struct radij_node *rj_L;/* progeny */ | |
7067 | + struct radij_node *rj_R;/* progeny */ | |
7068 | + }rj_node; | |
7069 | + } rj_u; | |
7070 | +#ifdef RJ_DEBUG | |
7071 | + int rj_info; | |
7072 | + struct radij_node *rj_twin; | |
7073 | + struct radij_node *rj_ybro; | |
7074 | +#endif | |
7075 | +}; | |
7076 | + | |
7077 | +#define rj_dupedkey rj_u.rj_leaf.rj_Dupedkey | |
7078 | +#define rj_key rj_u.rj_leaf.rj_Key | |
7079 | +#define rj_mask rj_u.rj_leaf.rj_Mask | |
7080 | +#define rj_off rj_u.rj_node.rj_Off | |
7081 | +#define rj_l rj_u.rj_node.rj_L | |
7082 | +#define rj_r rj_u.rj_node.rj_R | |
7083 | + | |
7084 | +/* | |
7085 | + * Annotations to tree concerning potential routes applying to subtrees. | |
7086 | + */ | |
7087 | + | |
7088 | +extern struct radij_mask { | |
7089 | + short rm_b; /* bit offset; -1-index(netmask) */ | |
7090 | + char rm_unused; /* cf. rj_bmask */ | |
7091 | + u_char rm_flags; /* cf. rj_flags */ | |
7092 | + struct radij_mask *rm_mklist; /* more masks to try */ | |
7093 | + caddr_t rm_mask; /* the mask */ | |
7094 | + int rm_refs; /* # of references to this struct */ | |
7095 | +} *rj_mkfreelist; | |
7096 | + | |
7097 | +#define MKGet(m) {\ | |
7098 | + if (rj_mkfreelist) {\ | |
7099 | + m = rj_mkfreelist; \ | |
7100 | + rj_mkfreelist = (m)->rm_mklist; \ | |
7101 | + } else \ | |
7102 | + R_Malloc(m, struct radij_mask *, sizeof (*(m))); }\ | |
7103 | + | |
7104 | +#define MKFree(m) { (m)->rm_mklist = rj_mkfreelist; rj_mkfreelist = (m);} | |
7105 | + | |
7106 | +struct radij_node_head { | |
7107 | + struct radij_node *rnh_treetop; | |
7108 | + int rnh_addrsize; /* permit, but not require fixed keys */ | |
7109 | + int rnh_pktsize; /* permit, but not require fixed keys */ | |
7110 | +#if 0 | |
7111 | + struct radij_node *(*rnh_addaddr) /* add based on sockaddr */ | |
7112 | + __P((void *v, void *mask, | |
7113 | + struct radij_node_head *head, struct radij_node nodes[])); | |
7114 | +#endif | |
7115 | + int (*rnh_addaddr) /* add based on sockaddr */ | |
7116 | + __P((void *v, void *mask, | |
7117 | + struct radij_node_head *head, struct radij_node nodes[])); | |
7118 | + struct radij_node *(*rnh_addpkt) /* add based on packet hdr */ | |
7119 | + __P((void *v, void *mask, | |
7120 | + struct radij_node_head *head, struct radij_node nodes[])); | |
7121 | +#if 0 | |
7122 | + struct radij_node *(*rnh_deladdr) /* remove based on sockaddr */ | |
7123 | + __P((void *v, void *mask, struct radij_node_head *head)); | |
7124 | +#endif | |
7125 | + int (*rnh_deladdr) /* remove based on sockaddr */ | |
7126 | + __P((void *v, void *mask, struct radij_node_head *head, struct radij_node **node)); | |
7127 | + struct radij_node *(*rnh_delpkt) /* remove based on packet hdr */ | |
7128 | + __P((void *v, void *mask, struct radij_node_head *head)); | |
7129 | + struct radij_node *(*rnh_matchaddr) /* locate based on sockaddr */ | |
7130 | + __P((void *v, struct radij_node_head *head)); | |
7131 | + struct radij_node *(*rnh_matchpkt) /* locate based on packet hdr */ | |
7132 | + __P((void *v, struct radij_node_head *head)); | |
7133 | + int (*rnh_walktree) /* traverse tree */ | |
7134 | + __P((struct radij_node_head *head, int (*f)(struct radij_node *rn, void *w), void *w)); | |
7135 | + struct radij_node rnh_nodes[3]; /* empty tree for common case */ | |
7136 | +}; | |
7137 | + | |
7138 | + | |
7139 | +#define Bcmp(a, b, n) memcmp(((caddr_t)(b)), ((caddr_t)(a)), (unsigned)(n)) | |
7140 | +#define Bcopy(a, b, n) memmove(((caddr_t)(b)), ((caddr_t)(a)), (unsigned)(n)) | |
7141 | +#define Bzero(p, n) memset((caddr_t)(p), 0, (unsigned)(n)) | |
7142 | +#define R_Malloc(p, t, n) ((p = (t) kmalloc((size_t)(n), GFP_ATOMIC)), Bzero((p),(n))) | |
7143 | +#define Free(p) kfree((caddr_t)p); | |
7144 | + | |
7145 | +void rj_init __P((void)); | |
7146 | +int rj_inithead __P((void **, int)); | |
7147 | +int rj_refines __P((void *, void *)); | |
7148 | +int rj_walktree __P((struct radij_node_head *head, int (*f)(struct radij_node *rn, void *w), void *w)); | |
7149 | +struct radij_node | |
7150 | + *rj_addmask __P((void *, int, int)) /* , rgb */ ; | |
7151 | +int /* * */ rj_addroute __P((void *, void *, struct radij_node_head *, | |
7152 | + struct radij_node [2])) /* , rgb */ ; | |
7153 | +int /* * */ rj_delete __P((void *, void *, struct radij_node_head *, struct radij_node **)) /* , rgb */ ; | |
7154 | +struct radij_node /* rgb */ | |
7155 | + *rj_insert __P((void *, struct radij_node_head *, int *, | |
7156 | + struct radij_node [2])), | |
7157 | + *rj_match __P((void *, struct radij_node_head *)), | |
7158 | + *rj_newpair __P((void *, int, struct radij_node[2])), | |
7159 | + *rj_search __P((void *, struct radij_node *)), | |
7160 | + *rj_search_m __P((void *, struct radij_node *, void *)); | |
7161 | + | |
7162 | +void rj_deltree(struct radij_node_head *); | |
7163 | +void rj_delnodes(struct radij_node *); | |
7164 | +void rj_free_mkfreelist(void); | |
7165 | +int radijcleartree(void); | |
7166 | +int radijcleanup(void); | |
7167 | + | |
7168 | +extern struct radij_node_head *mask_rjhead; | |
7169 | +extern int maj_keylen; | |
7170 | +#endif /* __KERNEL__ */ | |
7171 | + | |
7172 | +#endif /* _RADIJ_H_ */ | |
7173 | + | |
7174 | + | |
7175 | +/* | |
7176 | + * $Log: radij.h,v $ | |
7177 | + * Revision 1.13 2004/04/05 19:55:08 mcr | |
7178 | + * Moved from linux/include/freeswan/radij.h,v | |
7179 | + * | |
7180 | + * Revision 1.12 2002/04/24 07:36:48 mcr | |
7181 | + * Moved from ./klips/net/ipsec/radij.h,v | |
7182 | + * | |
7183 | + * Revision 1.11 2001/09/20 15:33:00 rgb | |
7184 | + * Min/max cleanup. | |
7185 | + * | |
7186 | + * Revision 1.10 1999/11/18 04:09:20 rgb | |
7187 | + * Replaced all kernel version macros to shorter, readable form. | |
7188 | + * | |
7189 | + * Revision 1.9 1999/05/05 22:02:33 rgb | |
7190 | + * Add a quick and dirty port to 2.2 kernels by Marc Boucher <marc@mbsi.ca>. | |
7191 | + * | |
7192 | + * Revision 1.8 1999/04/29 15:24:58 rgb | |
7193 | + * Add check for existence of macros min/max. | |
7194 | + * | |
7195 | + * Revision 1.7 1999/04/11 00:29:02 henry | |
7196 | + * GPL boilerplate | |
7197 | + * | |
7198 | + * Revision 1.6 1999/04/06 04:54:29 rgb | |
7199 | + * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes | |
7200 | + * patch shell fixes. | |
7201 | + * | |
7202 | + * Revision 1.5 1999/01/22 06:30:32 rgb | |
7203 | + * 64-bit clean-up. | |
7204 | + * | |
7205 | + * Revision 1.4 1998/11/30 13:22:55 rgb | |
7206 | + * Rationalised all the klips kernel file headers. They are much shorter | |
7207 | + * now and won't conflict under RH5.2. | |
7208 | + * | |
7209 | + * Revision 1.3 1998/10/25 02:43:27 rgb | |
7210 | + * Change return type on rj_addroute and rj_delete and add and argument | |
7211 | + * to the latter to be able to transmit more infomation about errors. | |
7212 | + * | |
7213 | + * Revision 1.2 1998/07/14 18:09:51 rgb | |
7214 | + * Add a routine to clear eroute table. | |
7215 | + * Added #ifdef __KERNEL__ directives to restrict scope of header. | |
7216 | + * | |
7217 | + * Revision 1.1 1998/06/18 21:30:22 henry | |
7218 | + * move sources from klips/src to klips/net/ipsec to keep stupid kernel | |
7219 | + * build scripts happier about symlinks | |
7220 | + * | |
7221 | + * Revision 1.4 1998/05/25 20:34:16 rgb | |
7222 | + * Remove temporary ipsec_walk, rj_deltree and rj_delnodes functions. | |
7223 | + * | |
7224 | + * Rename ipsec_rj_walker (ipsec_walk) to ipsec_rj_walker_procprint and | |
7225 | + * add ipsec_rj_walker_delete. | |
7226 | + * | |
7227 | + * Recover memory for eroute table on unload of module. | |
7228 | + * | |
7229 | + * Revision 1.3 1998/04/22 16:51:37 rgb | |
7230 | + * Tidy up radij debug code from recent rash of modifications to debug code. | |
7231 | + * | |
7232 | + * Revision 1.2 1998/04/14 17:30:38 rgb | |
7233 | + * Fix up compiling errors for radij tree memory reclamation. | |
7234 | + * | |
7235 | + * Revision 1.1 1998/04/09 03:06:16 henry | |
7236 | + * sources moved up from linux/net/ipsec | |
7237 | + * | |
7238 | + * Revision 1.1.1.1 1998/04/08 05:35:04 henry | |
7239 | + * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8 | |
7240 | + * | |
7241 | + * Revision 0.4 1997/01/15 01:28:15 ji | |
7242 | + * No changes. | |
7243 | + * | |
7244 | + * Revision 0.3 1996/11/20 14:44:45 ji | |
7245 | + * Release update only. | |
7246 | + * | |
7247 | + * Revision 0.2 1996/11/02 00:18:33 ji | |
7248 | + * First limited release. | |
7249 | + * | |
7250 | + * | |
7251 | + */ | |
7252 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
7253 | +++ linux/include/pfkey.h Mon Feb 9 13:51:03 2004 | |
7254 | @@ -0,0 +1,529 @@ | |
7255 | +/* | |
7256 | + * FreeS/WAN specific PF_KEY headers | |
7257 | + * Copyright (C) 1999, 2000, 2001 Richard Guy Briggs. | |
7258 | + * | |
7259 | + * This program is free software; you can redistribute it and/or modify it | |
7260 | + * under the terms of the GNU General Public License as published by the | |
7261 | + * Free Software Foundation; either version 2 of the License, or (at your | |
7262 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
7263 | + * | |
7264 | + * This program is distributed in the hope that it will be useful, but | |
7265 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
7266 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
7267 | + * for more details. | |
7268 | + * | |
7269 | + * RCSID $Id: pfkey.h,v 1.49 2005/05/11 00:57:29 mcr Exp $ | |
7270 | + */ | |
7271 | + | |
7272 | +#ifndef __NET_IPSEC_PF_KEY_H | |
7273 | +#define __NET_IPSEC_PF_KEY_H | |
7274 | +#ifdef __KERNEL__ | |
7275 | +extern struct proto_ops pfkey_proto_ops; | |
7276 | +typedef struct sock pfkey_sock; | |
7277 | +extern int debug_pfkey; | |
7278 | + | |
7279 | +extern /* void */ int pfkey_init(void); | |
7280 | +extern /* void */ int pfkey_cleanup(void); | |
7281 | + | |
7282 | +struct socket_list | |
7283 | +{ | |
7284 | + struct socket *socketp; | |
7285 | + struct socket_list *next; | |
7286 | +}; | |
7287 | +extern int pfkey_list_insert_socket(struct socket*, struct socket_list**); | |
7288 | +extern int pfkey_list_remove_socket(struct socket*, struct socket_list**); | |
7289 | +extern struct socket_list *pfkey_open_sockets; | |
7290 | +extern struct socket_list *pfkey_registered_sockets[]; | |
7291 | + | |
7292 | +struct ipsec_alg_supported | |
7293 | +{ | |
7294 | + uint16_t ias_exttype; | |
7295 | + uint8_t ias_id; | |
7296 | + uint8_t ias_ivlen; | |
7297 | + uint16_t ias_keyminbits; | |
7298 | + uint16_t ias_keymaxbits; | |
7299 | + char *ias_name; | |
7300 | +}; | |
7301 | + | |
7302 | +extern struct supported_list *pfkey_supported_list[]; | |
7303 | +struct supported_list | |
7304 | +{ | |
7305 | + struct ipsec_alg_supported *supportedp; | |
7306 | + struct supported_list *next; | |
7307 | +}; | |
7308 | +extern int pfkey_list_insert_supported(struct ipsec_alg_supported*, struct supported_list**); | |
7309 | +extern int pfkey_list_remove_supported(struct ipsec_alg_supported*, struct supported_list**); | |
7310 | + | |
7311 | +struct sockaddr_key | |
7312 | +{ | |
7313 | + uint16_t key_family; /* PF_KEY */ | |
7314 | + uint16_t key_pad; /* not used */ | |
7315 | + uint32_t key_pid; /* process ID */ | |
7316 | +}; | |
7317 | + | |
7318 | +struct pfkey_extracted_data | |
7319 | +{ | |
7320 | + struct ipsec_sa* ips; | |
7321 | + struct ipsec_sa* ips2; | |
7322 | + struct eroute *eroute; | |
7323 | +}; | |
7324 | + | |
7325 | +/* forward reference */ | |
7326 | +struct sadb_ext; | |
7327 | +struct sadb_msg; | |
7328 | +struct sockaddr; | |
7329 | +struct sadb_comb; | |
7330 | +struct sadb_sadb; | |
7331 | +struct sadb_alg; | |
7332 | + | |
7333 | +extern int | |
7334 | +pfkey_alloc_eroute(struct eroute** eroute); | |
7335 | + | |
7336 | +extern int | |
7337 | +pfkey_sa_process(struct sadb_ext *pfkey_ext, | |
7338 | + struct pfkey_extracted_data* extr); | |
7339 | + | |
7340 | +extern int | |
7341 | +pfkey_lifetime_process(struct sadb_ext *pfkey_ext, | |
7342 | + struct pfkey_extracted_data* extr); | |
7343 | + | |
7344 | +extern int | |
7345 | +pfkey_address_process(struct sadb_ext *pfkey_ext, | |
7346 | + struct pfkey_extracted_data* extr); | |
7347 | + | |
7348 | +extern int | |
7349 | +pfkey_key_process(struct sadb_ext *pfkey_ext, | |
7350 | + struct pfkey_extracted_data* extr); | |
7351 | + | |
7352 | +extern int | |
7353 | +pfkey_ident_process(struct sadb_ext *pfkey_ext, | |
7354 | + struct pfkey_extracted_data* extr); | |
7355 | + | |
7356 | +extern int | |
7357 | +pfkey_sens_process(struct sadb_ext *pfkey_ext, | |
7358 | + struct pfkey_extracted_data* extr); | |
7359 | + | |
7360 | +extern int | |
7361 | +pfkey_prop_process(struct sadb_ext *pfkey_ext, | |
7362 | + struct pfkey_extracted_data* extr); | |
7363 | + | |
7364 | +extern int | |
7365 | +pfkey_supported_process(struct sadb_ext *pfkey_ext, | |
7366 | + struct pfkey_extracted_data* extr); | |
7367 | + | |
7368 | +extern int | |
7369 | +pfkey_spirange_process(struct sadb_ext *pfkey_ext, | |
7370 | + struct pfkey_extracted_data* extr); | |
7371 | + | |
7372 | +extern int | |
7373 | +pfkey_x_kmprivate_process(struct sadb_ext *pfkey_ext, | |
7374 | + struct pfkey_extracted_data* extr); | |
7375 | + | |
7376 | +extern int | |
7377 | +pfkey_x_satype_process(struct sadb_ext *pfkey_ext, | |
7378 | + struct pfkey_extracted_data* extr); | |
7379 | + | |
7380 | +extern int | |
7381 | +pfkey_x_debug_process(struct sadb_ext *pfkey_ext, | |
7382 | + struct pfkey_extracted_data* extr); | |
7383 | + | |
7384 | +extern int pfkey_upmsg(struct socket *, struct sadb_msg *); | |
7385 | +extern int pfkey_expire(struct ipsec_sa *, int); | |
7386 | +extern int pfkey_acquire(struct ipsec_sa *); | |
7387 | +#else /* ! __KERNEL__ */ | |
7388 | + | |
7389 | +extern void (*pfkey_debug_func)(const char *message, ...); | |
7390 | +extern void (*pfkey_error_func)(const char *message, ...); | |
7391 | +extern void pfkey_print(struct sadb_msg *msg, FILE *out); | |
7392 | + | |
7393 | + | |
7394 | +#endif /* __KERNEL__ */ | |
7395 | + | |
7396 | +extern uint8_t satype2proto(uint8_t satype); | |
7397 | +extern uint8_t proto2satype(uint8_t proto); | |
7398 | +extern char* satype2name(uint8_t satype); | |
7399 | +extern char* proto2name(uint8_t proto); | |
7400 | + | |
7401 | +struct key_opt | |
7402 | +{ | |
7403 | + uint32_t key_pid; /* process ID */ | |
7404 | + struct sock *sk; | |
7405 | +}; | |
7406 | + | |
7407 | +#define key_pid(sk) ((struct key_opt*)&((sk)->sk_protinfo))->key_pid | |
7408 | + | |
7409 | +/* XXX-mcr this is not an alignment, this is because the count is in 64-bit | |
7410 | + * words. | |
7411 | + */ | |
7412 | +#define IPSEC_PFKEYv2_ALIGN (sizeof(uint64_t)/sizeof(uint8_t)) | |
7413 | +#define BITS_PER_OCTET 8 | |
7414 | +#define OCTETBITS 8 | |
7415 | +#define PFKEYBITS 64 | |
7416 | +#define DIVUP(x,y) ((x + y -1) / y) /* divide, rounding upwards */ | |
7417 | +#define ALIGN_N(x,y) (DIVUP(x,y) * y) /* align on y boundary */ | |
7418 | + | |
7419 | +#define IPSEC_PFKEYv2_LEN(x) ((x) * IPSEC_PFKEYv2_ALIGN) | |
7420 | +#define IPSEC_PFKEYv2_WORDS(x) ((x) / IPSEC_PFKEYv2_ALIGN) | |
7421 | + | |
7422 | + | |
7423 | +#define PFKEYv2_MAX_MSGSIZE 4096 | |
7424 | + | |
7425 | +/* | |
7426 | + * PF_KEYv2 permitted and required extensions in and out bitmaps | |
7427 | + */ | |
7428 | +struct pf_key_ext_parsers_def { | |
7429 | + int (*parser)(struct sadb_ext*); | |
7430 | + char *parser_name; | |
7431 | +}; | |
7432 | + | |
7433 | + | |
7434 | +#define SADB_EXTENSIONS_MAX 31 | |
7435 | +extern unsigned int extensions_bitmaps[2/*in/out*/][2/*perm/req*/][SADB_EXTENSIONS_MAX]; | |
7436 | +#define EXT_BITS_IN 0 | |
7437 | +#define EXT_BITS_OUT 1 | |
7438 | +#define EXT_BITS_PERM 0 | |
7439 | +#define EXT_BITS_REQ 1 | |
7440 | + | |
7441 | +extern void pfkey_extensions_init(struct sadb_ext *extensions[]); | |
7442 | +extern void pfkey_extensions_free(struct sadb_ext *extensions[]); | |
7443 | +extern void pfkey_msg_free(struct sadb_msg **pfkey_msg); | |
7444 | + | |
7445 | +extern int pfkey_msg_parse(struct sadb_msg *pfkey_msg, | |
7446 | + struct pf_key_ext_parsers_def *ext_parsers[], | |
7447 | + struct sadb_ext **extensions, | |
7448 | + int dir); | |
7449 | + | |
7450 | +extern int pfkey_register_reply(int satype, struct sadb_msg *sadb_msg); | |
7451 | + | |
7452 | +/* | |
7453 | + * PF_KEYv2 build function prototypes | |
7454 | + */ | |
7455 | + | |
7456 | +int | |
7457 | +pfkey_msg_hdr_build(struct sadb_ext** pfkey_ext, | |
7458 | + uint8_t msg_type, | |
7459 | + uint8_t satype, | |
7460 | + uint8_t msg_errno, | |
7461 | + uint32_t seq, | |
7462 | + uint32_t pid); | |
7463 | + | |
7464 | +int | |
7465 | +pfkey_sa_ref_build(struct sadb_ext ** pfkey_ext, | |
7466 | + uint16_t exttype, | |
7467 | + uint32_t spi, /* in network order */ | |
7468 | + uint8_t replay_window, | |
7469 | + uint8_t sa_state, | |
7470 | + uint8_t auth, | |
7471 | + uint8_t encrypt, | |
7472 | + uint32_t flags, | |
7473 | + uint32_t/*IPsecSAref_t*/ ref); | |
7474 | + | |
7475 | +int | |
7476 | +pfkey_sa_build(struct sadb_ext ** pfkey_ext, | |
7477 | + uint16_t exttype, | |
7478 | + uint32_t spi, /* in network order */ | |
7479 | + uint8_t replay_window, | |
7480 | + uint8_t sa_state, | |
7481 | + uint8_t auth, | |
7482 | + uint8_t encrypt, | |
7483 | + uint32_t flags); | |
7484 | + | |
7485 | +int | |
7486 | +pfkey_lifetime_build(struct sadb_ext ** pfkey_ext, | |
7487 | + uint16_t exttype, | |
7488 | + uint32_t allocations, | |
7489 | + uint64_t bytes, | |
7490 | + uint64_t addtime, | |
7491 | + uint64_t usetime, | |
7492 | + uint32_t packets); | |
7493 | + | |
7494 | +int | |
7495 | +pfkey_address_build(struct sadb_ext** pfkey_ext, | |
7496 | + uint16_t exttype, | |
7497 | + uint8_t proto, | |
7498 | + uint8_t prefixlen, | |
7499 | + struct sockaddr* address); | |
7500 | + | |
7501 | +int | |
7502 | +pfkey_key_build(struct sadb_ext** pfkey_ext, | |
7503 | + uint16_t exttype, | |
7504 | + uint16_t key_bits, | |
7505 | + char* key); | |
7506 | + | |
7507 | +int | |
7508 | +pfkey_ident_build(struct sadb_ext** pfkey_ext, | |
7509 | + uint16_t exttype, | |
7510 | + uint16_t ident_type, | |
7511 | + uint64_t ident_id, | |
7512 | + uint8_t ident_len, | |
7513 | + char* ident_string); | |
7514 | + | |
7515 | +#ifdef __KERNEL__ | |
7516 | +extern int pfkey_nat_t_new_mapping(struct ipsec_sa *, struct sockaddr *, __u16); | |
7517 | +extern int pfkey_x_nat_t_type_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr); | |
7518 | +extern int pfkey_x_nat_t_port_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr); | |
7519 | +#endif /* __KERNEL__ */ | |
7520 | +int | |
7521 | +pfkey_x_nat_t_type_build(struct sadb_ext** pfkey_ext, | |
7522 | + uint8_t type); | |
7523 | +int | |
7524 | +pfkey_x_nat_t_port_build(struct sadb_ext** pfkey_ext, | |
7525 | + uint16_t exttype, | |
7526 | + uint16_t port); | |
7527 | + | |
7528 | +int | |
7529 | +pfkey_sens_build(struct sadb_ext** pfkey_ext, | |
7530 | + uint32_t dpd, | |
7531 | + uint8_t sens_level, | |
7532 | + uint8_t sens_len, | |
7533 | + uint64_t* sens_bitmap, | |
7534 | + uint8_t integ_level, | |
7535 | + uint8_t integ_len, | |
7536 | + uint64_t* integ_bitmap); | |
7537 | + | |
7538 | +int pfkey_x_protocol_build(struct sadb_ext **, uint8_t); | |
7539 | + | |
7540 | + | |
7541 | +int | |
7542 | +pfkey_prop_build(struct sadb_ext** pfkey_ext, | |
7543 | + uint8_t replay, | |
7544 | + unsigned int comb_num, | |
7545 | + struct sadb_comb* comb); | |
7546 | + | |
7547 | +int | |
7548 | +pfkey_supported_build(struct sadb_ext** pfkey_ext, | |
7549 | + uint16_t exttype, | |
7550 | + unsigned int alg_num, | |
7551 | + struct sadb_alg* alg); | |
7552 | + | |
7553 | +int | |
7554 | +pfkey_spirange_build(struct sadb_ext** pfkey_ext, | |
7555 | + uint16_t exttype, | |
7556 | + uint32_t min, | |
7557 | + uint32_t max); | |
7558 | + | |
7559 | +int | |
7560 | +pfkey_x_kmprivate_build(struct sadb_ext** pfkey_ext); | |
7561 | + | |
7562 | +int | |
7563 | +pfkey_x_satype_build(struct sadb_ext** pfkey_ext, | |
7564 | + uint8_t satype); | |
7565 | + | |
7566 | +int | |
7567 | +pfkey_x_debug_build(struct sadb_ext** pfkey_ext, | |
7568 | + uint32_t tunnel, | |
7569 | + uint32_t netlink, | |
7570 | + uint32_t xform, | |
7571 | + uint32_t eroute, | |
7572 | + uint32_t spi, | |
7573 | + uint32_t radij, | |
7574 | + uint32_t esp, | |
7575 | + uint32_t ah, | |
7576 | + uint32_t rcv, | |
7577 | + uint32_t pfkey, | |
7578 | + uint32_t ipcomp, | |
7579 | + uint32_t verbose); | |
7580 | + | |
7581 | +int | |
7582 | +pfkey_msg_build(struct sadb_msg** pfkey_msg, | |
7583 | + struct sadb_ext* extensions[], | |
7584 | + int dir); | |
7585 | + | |
7586 | +/* in pfkey_v2_debug.c - routines to decode numbers -> strings */ | |
7587 | +const char * | |
7588 | +pfkey_v2_sadb_ext_string(int extnum); | |
7589 | + | |
7590 | +const char * | |
7591 | +pfkey_v2_sadb_type_string(int sadb_type); | |
7592 | + | |
7593 | + | |
7594 | +#endif /* __NET_IPSEC_PF_KEY_H */ | |
7595 | + | |
7596 | +/* | |
7597 | + * $Log: pfkey.h,v $ | |
7598 | + * Revision 1.49 2005/05/11 00:57:29 mcr | |
7599 | + * rename struct supported -> struct ipsec_alg_supported. | |
7600 | + * make pfkey.h more standalone. | |
7601 | + * | |
7602 | + * Revision 1.48 2005/05/01 03:12:50 mcr | |
7603 | + * include name of algorithm in datastructure. | |
7604 | + * | |
7605 | + * Revision 1.47 2004/08/21 00:44:14 mcr | |
7606 | + * simplify definition of nat_t related prototypes. | |
7607 | + * | |
7608 | + * Revision 1.46 2004/08/04 16:27:22 mcr | |
7609 | + * 2.6 sk_ options. | |
7610 | + * | |
7611 | + * Revision 1.45 2004/04/06 02:49:00 mcr | |
7612 | + * pullup of algo code from alg-branch. | |
7613 | + * | |
7614 | + * Revision 1.44 2003/12/10 01:20:01 mcr | |
7615 | + * NAT-traversal patches to KLIPS. | |
7616 | + * | |
7617 | + * Revision 1.43 2003/10/31 02:26:44 mcr | |
7618 | + * pulled up port-selector patches. | |
7619 | + * | |
7620 | + * Revision 1.42.2.2 2003/10/29 01:09:32 mcr | |
7621 | + * added debugging for pfkey library. | |
7622 | + * | |
7623 | + * Revision 1.42.2.1 2003/09/21 13:59:34 mcr | |
7624 | + * pre-liminary X.509 patch - does not yet pass tests. | |
7625 | + * | |
7626 | + * Revision 1.42 2003/08/25 22:08:19 mcr | |
7627 | + * removed pfkey_proto_init() from pfkey.h for 2.6 support. | |
7628 | + * | |
7629 | + * Revision 1.41 2003/05/07 17:28:57 mcr | |
7630 | + * new function pfkey_debug_func added for us in debugging from | |
7631 | + | |
7632 | + * pfkey library. | |
7633 | + * | |
7634 | + * Revision 1.40 2003/01/30 02:31:34 rgb | |
7635 | + * | |
7636 | + * Convert IPsecSAref_t from signed to unsigned to fix apparent SAref exhaustion bug. | |
7637 | + * | |
7638 | + * Revision 1.39 2002/09/20 15:40:21 rgb | |
7639 | + * Switch from pfkey_alloc_ipsec_sa() to ipsec_sa_alloc(). | |
7640 | + * Added ref parameter to pfkey_sa_build(). | |
7641 | + * Cleaned out unused cruft. | |
7642 | + * | |
7643 | + * Revision 1.38 2002/05/14 02:37:24 rgb | |
7644 | + * Change all references to tdb, TDB or Tunnel Descriptor Block to ips, | |
7645 | + * ipsec_sa or ipsec_sa. | |
7646 | + * Added function prototypes for the functions moved to | |
7647 | + * pfkey_v2_ext_process.c. | |
7648 | + * | |
7649 | + * Revision 1.37 2002/04/24 07:36:49 mcr | |
7650 | + * Moved from ./lib/pfkey.h,v | |
7651 | + * | |
7652 | + * Revision 1.36 2002/01/20 20:34:49 mcr | |
7653 | + * added pfkey_v2_sadb_type_string to decode sadb_type to string. | |
7654 | + * | |
7655 | + * Revision 1.35 2001/11/27 05:27:47 mcr | |
7656 | + * pfkey parses are now maintained by a structure | |
7657 | + * that includes their name for debug purposes. | |
7658 | + * | |
7659 | + * Revision 1.34 2001/11/26 09:23:53 rgb | |
7660 | + * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes. | |
7661 | + * | |
7662 | + * Revision 1.33 2001/11/06 19:47:47 rgb | |
7663 | + * Added packet parameter to lifetime and comb structures. | |
7664 | + * | |
7665 | + * Revision 1.32 2001/09/08 21:13:34 rgb | |
7666 | + * Added pfkey ident extension support for ISAKMPd. (NetCelo) | |
7667 | + * | |
7668 | + * Revision 1.31 2001/06/14 19:35:16 rgb | |
7669 | + * Update copyright date. | |
7670 | + * | |
7671 | + * Revision 1.30 2001/02/27 07:04:52 rgb | |
7672 | + * Added satype2name prototype. | |
7673 | + * | |
7674 | + * Revision 1.29 2001/02/26 19:59:33 rgb | |
7675 | + * Ditch unused sadb_satype2proto[], replaced by satype2proto(). | |
7676 | + * | |
7677 | + * Revision 1.28 2000/10/10 20:10:19 rgb | |
7678 | + * Added support for debug_ipcomp and debug_verbose to klipsdebug. | |
7679 | + * | |
7680 | + * Revision 1.27 2000/09/21 04:20:45 rgb | |
7681 | + * Fixed array size off-by-one error. (Thanks Svenning!) | |
7682 | + * | |
7683 | + * Revision 1.26 2000/09/12 03:26:05 rgb | |
7684 | + * Added pfkey_acquire prototype. | |
7685 | + * | |
7686 | + * Revision 1.25 2000/09/08 19:21:28 rgb | |
7687 | + * Fix pfkey_prop_build() parameter to be only single indirection. | |
7688 | + * | |
7689 | + * Revision 1.24 2000/09/01 18:46:42 rgb | |
7690 | + * Added a supported algorithms array lists, one per satype and registered | |
7691 | + * existing algorithms. | |
7692 | + * Fixed pfkey_list_{insert,remove}_{socket,support}() to allow change to | |
7693 | + * list. | |
7694 | + * | |
7695 | + * Revision 1.23 2000/08/27 01:55:26 rgb | |
7696 | + * Define OCTETBITS and PFKEYBITS to avoid using 'magic' numbers in code. | |
7697 | + * | |
7698 | + * Revision 1.22 2000/08/20 21:39:23 rgb | |
7699 | + * Added kernel prototypes for kernel funcitions pfkey_upmsg() and | |
7700 | + * pfkey_expire(). | |
7701 | + * | |
7702 | + * Revision 1.21 2000/08/15 17:29:23 rgb | |
7703 | + * Fixes from SZI to untested pfkey_prop_build(). | |
7704 | + * | |
7705 | + * Revision 1.20 2000/05/10 20:14:19 rgb | |
7706 | + * Fleshed out sensitivity, proposal and supported extensions. | |
7707 | + * | |
7708 | + * Revision 1.19 2000/03/16 14:07:23 rgb | |
7709 | + * Renamed ALIGN macro to avoid fighting with others in kernel. | |
7710 | + * | |
7711 | + * Revision 1.18 2000/01/22 23:24:06 rgb | |
7712 | + * Added prototypes for proto2satype(), satype2proto() and proto2name(). | |
7713 | + * | |
7714 | + * Revision 1.17 2000/01/21 06:26:59 rgb | |
7715 | + * Converted from double tdb arguments to one structure (extr) | |
7716 | + * containing pointers to all temporary information structures. | |
7717 | + * Added klipsdebug switching capability. | |
7718 | + * Dropped unused argument to pfkey_x_satype_build(). | |
7719 | + * | |
7720 | + * Revision 1.16 1999/12/29 21:17:41 rgb | |
7721 | + * Changed pfkey_msg_build() I/F to include a struct sadb_msg** | |
7722 | + * parameter for cleaner manipulation of extensions[] and to guard | |
7723 | + * against potential memory leaks. | |
7724 | + * Changed the I/F to pfkey_msg_free() for the same reason. | |
7725 | + * | |
7726 | + * Revision 1.15 1999/12/09 23:12:54 rgb | |
7727 | + * Added macro for BITS_PER_OCTET. | |
7728 | + * Added argument to pfkey_sa_build() to do eroutes. | |
7729 | + * | |
7730 | + * Revision 1.14 1999/12/08 20:33:25 rgb | |
7731 | + * Changed sa_family_t to uint16_t for 2.0.xx compatibility. | |
7732 | + * | |
7733 | + * Revision 1.13 1999/12/07 19:53:40 rgb | |
7734 | + * Removed unused first argument from extension parsers. | |
7735 | + * Changed __u* types to uint* to avoid use of asm/types.h and | |
7736 | + * sys/types.h in userspace code. | |
7737 | + * Added function prototypes for pfkey message and extensions | |
7738 | + * initialisation and cleanup. | |
7739 | + * | |
7740 | + * Revision 1.12 1999/12/01 22:19:38 rgb | |
7741 | + * Change pfkey_sa_build to accept an SPI in network byte order. | |
7742 | + * | |
7743 | + * Revision 1.11 1999/11/27 11:55:26 rgb | |
7744 | + * Added extern sadb_satype2proto to enable moving protocol lookup table | |
7745 | + * to lib/pfkey_v2_parse.c. | |
7746 | + * Delete unused, moved typedefs. | |
7747 | + * Add argument to pfkey_msg_parse() for direction. | |
7748 | + * Consolidated the 4 1-d extension bitmap arrays into one 4-d array. | |
7749 | + * | |
7750 | + * Revision 1.10 1999/11/23 22:29:21 rgb | |
7751 | + * This file has been moved in the distribution from klips/net/ipsec to | |
7752 | + * lib. | |
7753 | + * Add macros for dealing with alignment and rounding up more opaquely. | |
7754 | + * The uint<n>_t type defines have been moved to freeswan.h to avoid | |
7755 | + * chicken-and-egg problems. | |
7756 | + * Add macros for dealing with alignment and rounding up more opaque. | |
7757 | + * Added prototypes for using extention header bitmaps. | |
7758 | + * Added prototypes of all the build functions. | |
7759 | + * | |
7760 | + * Revision 1.9 1999/11/20 21:59:48 rgb | |
7761 | + * Moved socketlist type declarations and prototypes for shared use. | |
7762 | + * Slightly modified scope of sockaddr_key declaration. | |
7763 | + * | |
7764 | + * Revision 1.8 1999/11/17 14:34:25 rgb | |
7765 | + * Protect sa_family_t from being used in userspace with GLIBC<2. | |
7766 | + * | |
7767 | + * Revision 1.7 1999/10/27 19:40:35 rgb | |
7768 | + * Add a maximum PFKEY packet size macro. | |
7769 | + * | |
7770 | + * Revision 1.6 1999/10/26 16:58:58 rgb | |
7771 | + * Created a sockaddr_key and key_opt socket extension structures. | |
7772 | + * | |
7773 | + * Revision 1.5 1999/06/10 05:24:41 rgb | |
7774 | + * Renamed variables to reduce confusion. | |
7775 | + * | |
7776 | + * Revision 1.4 1999/04/29 15:21:11 rgb | |
7777 | + * Add pfkey support to debugging. | |
7778 | + * Add return values to init and cleanup functions. | |
7779 | + * | |
7780 | + * Revision 1.3 1999/04/15 17:58:07 rgb | |
7781 | + * Add RCSID labels. | |
7782 | + * | |
7783 | + */ | |
7784 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
7785 | +++ linux/include/pfkeyv2.h Mon Feb 9 13:51:03 2004 | |
7786 | @@ -0,0 +1,472 @@ | |
7787 | +/* | |
7788 | + * RCSID $Id: pfkeyv2.h,v 1.31 2005/04/14 01:14:54 mcr Exp $ | |
7789 | + */ | |
7790 | + | |
7791 | +/* | |
7792 | +RFC 2367 PF_KEY Key Management API July 1998 | |
7793 | + | |
7794 | + | |
7795 | +Appendix D: Sample Header File | |
7796 | + | |
7797 | +This file defines structures and symbols for the PF_KEY Version 2 | |
7798 | +key management interface. It was written at the U.S. Naval Research | |
7799 | +Laboratory. This file is in the public domain. The authors ask that | |
7800 | +you leave this credit intact on any copies of this file. | |
7801 | +*/ | |
7802 | +#ifndef __PFKEY_V2_H | |
7803 | +#define __PFKEY_V2_H 1 | |
7804 | + | |
7805 | +#define PF_KEY_V2 2 | |
7806 | +#define PFKEYV2_REVISION 199806L | |
7807 | + | |
7808 | +#define SADB_RESERVED 0 | |
7809 | +#define SADB_GETSPI 1 | |
7810 | +#define SADB_UPDATE 2 | |
7811 | +#define SADB_ADD 3 | |
7812 | +#define SADB_DELETE 4 | |
7813 | +#define SADB_GET 5 | |
7814 | +#define SADB_ACQUIRE 6 | |
7815 | +#define SADB_REGISTER 7 | |
7816 | +#define SADB_EXPIRE 8 | |
7817 | +#define SADB_FLUSH 9 | |
7818 | +#define SADB_DUMP 10 | |
7819 | +#define SADB_X_PROMISC 11 | |
7820 | +#define SADB_X_PCHANGE 12 | |
7821 | +#define SADB_X_GRPSA 13 | |
7822 | +#define SADB_X_ADDFLOW 14 | |
7823 | +#define SADB_X_DELFLOW 15 | |
7824 | +#define SADB_X_DEBUG 16 | |
7825 | +#define SADB_X_NAT_T_NEW_MAPPING 17 | |
7826 | +#define SADB_MAX 17 | |
7827 | + | |
7828 | +struct sadb_msg { | |
7829 | + uint8_t sadb_msg_version; | |
7830 | + uint8_t sadb_msg_type; | |
7831 | + uint8_t sadb_msg_errno; | |
7832 | + uint8_t sadb_msg_satype; | |
7833 | + uint16_t sadb_msg_len; | |
7834 | + uint16_t sadb_msg_reserved; | |
7835 | + uint32_t sadb_msg_seq; | |
7836 | + uint32_t sadb_msg_pid; | |
7837 | +}; | |
7838 | + | |
7839 | +struct sadb_ext { | |
7840 | + uint16_t sadb_ext_len; | |
7841 | + uint16_t sadb_ext_type; | |
7842 | +}; | |
7843 | + | |
7844 | +struct sadb_sa { | |
7845 | + uint16_t sadb_sa_len; | |
7846 | + uint16_t sadb_sa_exttype; | |
7847 | + uint32_t sadb_sa_spi; | |
7848 | + uint8_t sadb_sa_replay; | |
7849 | + uint8_t sadb_sa_state; | |
7850 | + uint8_t sadb_sa_auth; | |
7851 | + uint8_t sadb_sa_encrypt; | |
7852 | + uint32_t sadb_sa_flags; | |
7853 | + uint32_t /*IPsecSAref_t*/ sadb_x_sa_ref; /* 32 bits */ | |
7854 | + uint8_t sadb_x_reserved[4]; | |
7855 | +}; | |
7856 | + | |
7857 | +struct sadb_sa_v1 { | |
7858 | + uint16_t sadb_sa_len; | |
7859 | + uint16_t sadb_sa_exttype; | |
7860 | + uint32_t sadb_sa_spi; | |
7861 | + uint8_t sadb_sa_replay; | |
7862 | + uint8_t sadb_sa_state; | |
7863 | + uint8_t sadb_sa_auth; | |
7864 | + uint8_t sadb_sa_encrypt; | |
7865 | + uint32_t sadb_sa_flags; | |
7866 | +}; | |
7867 | + | |
7868 | +struct sadb_lifetime { | |
7869 | + uint16_t sadb_lifetime_len; | |
7870 | + uint16_t sadb_lifetime_exttype; | |
7871 | + uint32_t sadb_lifetime_allocations; | |
7872 | + uint64_t sadb_lifetime_bytes; | |
7873 | + uint64_t sadb_lifetime_addtime; | |
7874 | + uint64_t sadb_lifetime_usetime; | |
7875 | + uint32_t sadb_x_lifetime_packets; | |
7876 | + uint32_t sadb_x_lifetime_reserved; | |
7877 | +}; | |
7878 | + | |
7879 | +struct sadb_address { | |
7880 | + uint16_t sadb_address_len; | |
7881 | + uint16_t sadb_address_exttype; | |
7882 | + uint8_t sadb_address_proto; | |
7883 | + uint8_t sadb_address_prefixlen; | |
7884 | + uint16_t sadb_address_reserved; | |
7885 | +}; | |
7886 | + | |
7887 | +struct sadb_key { | |
7888 | + uint16_t sadb_key_len; | |
7889 | + uint16_t sadb_key_exttype; | |
7890 | + uint16_t sadb_key_bits; | |
7891 | + uint16_t sadb_key_reserved; | |
7892 | +}; | |
7893 | + | |
7894 | +struct sadb_ident { | |
7895 | + uint16_t sadb_ident_len; | |
7896 | + uint16_t sadb_ident_exttype; | |
7897 | + uint16_t sadb_ident_type; | |
7898 | + uint16_t sadb_ident_reserved; | |
7899 | + uint64_t sadb_ident_id; | |
7900 | +}; | |
7901 | + | |
7902 | +struct sadb_sens { | |
7903 | + uint16_t sadb_sens_len; | |
7904 | + uint16_t sadb_sens_exttype; | |
7905 | + uint32_t sadb_sens_dpd; | |
7906 | + uint8_t sadb_sens_sens_level; | |
7907 | + uint8_t sadb_sens_sens_len; | |
7908 | + uint8_t sadb_sens_integ_level; | |
7909 | + uint8_t sadb_sens_integ_len; | |
7910 | + uint32_t sadb_sens_reserved; | |
7911 | +}; | |
7912 | + | |
7913 | +struct sadb_prop { | |
7914 | + uint16_t sadb_prop_len; | |
7915 | + uint16_t sadb_prop_exttype; | |
7916 | + uint8_t sadb_prop_replay; | |
7917 | + uint8_t sadb_prop_reserved[3]; | |
7918 | +}; | |
7919 | + | |
7920 | +struct sadb_comb { | |
7921 | + uint8_t sadb_comb_auth; | |
7922 | + uint8_t sadb_comb_encrypt; | |
7923 | + uint16_t sadb_comb_flags; | |
7924 | + uint16_t sadb_comb_auth_minbits; | |
7925 | + uint16_t sadb_comb_auth_maxbits; | |
7926 | + uint16_t sadb_comb_encrypt_minbits; | |
7927 | + uint16_t sadb_comb_encrypt_maxbits; | |
7928 | + uint32_t sadb_comb_reserved; | |
7929 | + uint32_t sadb_comb_soft_allocations; | |
7930 | + uint32_t sadb_comb_hard_allocations; | |
7931 | + uint64_t sadb_comb_soft_bytes; | |
7932 | + uint64_t sadb_comb_hard_bytes; | |
7933 | + uint64_t sadb_comb_soft_addtime; | |
7934 | + uint64_t sadb_comb_hard_addtime; | |
7935 | + uint64_t sadb_comb_soft_usetime; | |
7936 | + uint64_t sadb_comb_hard_usetime; | |
7937 | + uint32_t sadb_x_comb_soft_packets; | |
7938 | + uint32_t sadb_x_comb_hard_packets; | |
7939 | +}; | |
7940 | + | |
7941 | +struct sadb_supported { | |
7942 | + uint16_t sadb_supported_len; | |
7943 | + uint16_t sadb_supported_exttype; | |
7944 | + uint32_t sadb_supported_reserved; | |
7945 | +}; | |
7946 | + | |
7947 | +struct sadb_alg { | |
7948 | + uint8_t sadb_alg_id; | |
7949 | + uint8_t sadb_alg_ivlen; | |
7950 | + uint16_t sadb_alg_minbits; | |
7951 | + uint16_t sadb_alg_maxbits; | |
7952 | + uint16_t sadb_alg_reserved; | |
7953 | +}; | |
7954 | + | |
7955 | +struct sadb_spirange { | |
7956 | + uint16_t sadb_spirange_len; | |
7957 | + uint16_t sadb_spirange_exttype; | |
7958 | + uint32_t sadb_spirange_min; | |
7959 | + uint32_t sadb_spirange_max; | |
7960 | + uint32_t sadb_spirange_reserved; | |
7961 | +}; | |
7962 | + | |
7963 | +struct sadb_x_kmprivate { | |
7964 | + uint16_t sadb_x_kmprivate_len; | |
7965 | + uint16_t sadb_x_kmprivate_exttype; | |
7966 | + uint32_t sadb_x_kmprivate_reserved; | |
7967 | +}; | |
7968 | + | |
7969 | +struct sadb_x_satype { | |
7970 | + uint16_t sadb_x_satype_len; | |
7971 | + uint16_t sadb_x_satype_exttype; | |
7972 | + uint8_t sadb_x_satype_satype; | |
7973 | + uint8_t sadb_x_satype_reserved[3]; | |
7974 | +}; | |
7975 | + | |
7976 | +struct sadb_x_policy { | |
7977 | + uint16_t sadb_x_policy_len; | |
7978 | + uint16_t sadb_x_policy_exttype; | |
7979 | + uint16_t sadb_x_policy_type; | |
7980 | + uint8_t sadb_x_policy_dir; | |
7981 | + uint8_t sadb_x_policy_reserved; | |
7982 | + uint32_t sadb_x_policy_id; | |
7983 | + uint32_t sadb_x_policy_reserved2; | |
7984 | +}; | |
7985 | + | |
7986 | +struct sadb_x_debug { | |
7987 | + uint16_t sadb_x_debug_len; | |
7988 | + uint16_t sadb_x_debug_exttype; | |
7989 | + uint32_t sadb_x_debug_tunnel; | |
7990 | + uint32_t sadb_x_debug_netlink; | |
7991 | + uint32_t sadb_x_debug_xform; | |
7992 | + uint32_t sadb_x_debug_eroute; | |
7993 | + uint32_t sadb_x_debug_spi; | |
7994 | + uint32_t sadb_x_debug_radij; | |
7995 | + uint32_t sadb_x_debug_esp; | |
7996 | + uint32_t sadb_x_debug_ah; | |
7997 | + uint32_t sadb_x_debug_rcv; | |
7998 | + uint32_t sadb_x_debug_pfkey; | |
7999 | + uint32_t sadb_x_debug_ipcomp; | |
8000 | + uint32_t sadb_x_debug_verbose; | |
8001 | + uint8_t sadb_x_debug_reserved[4]; | |
8002 | +}; | |
8003 | + | |
8004 | +struct sadb_x_nat_t_type { | |
8005 | + uint16_t sadb_x_nat_t_type_len; | |
8006 | + uint16_t sadb_x_nat_t_type_exttype; | |
8007 | + uint8_t sadb_x_nat_t_type_type; | |
8008 | + uint8_t sadb_x_nat_t_type_reserved[3]; | |
8009 | +}; | |
8010 | +struct sadb_x_nat_t_port { | |
8011 | + uint16_t sadb_x_nat_t_port_len; | |
8012 | + uint16_t sadb_x_nat_t_port_exttype; | |
8013 | + uint16_t sadb_x_nat_t_port_port; | |
8014 | + uint16_t sadb_x_nat_t_port_reserved; | |
8015 | +}; | |
8016 | + | |
8017 | +/* | |
8018 | + * A protocol structure for passing through the transport level | |
8019 | + * protocol. It contains more fields than are actually used/needed | |
8020 | + * but it is this way to be compatible with the structure used in | |
8021 | + * OpenBSD (http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/pfkeyv2.h) | |
8022 | + */ | |
8023 | +struct sadb_protocol { | |
8024 | + uint16_t sadb_protocol_len; | |
8025 | + uint16_t sadb_protocol_exttype; | |
8026 | + uint8_t sadb_protocol_proto; | |
8027 | + uint8_t sadb_protocol_direction; | |
8028 | + uint8_t sadb_protocol_flags; | |
8029 | + uint8_t sadb_protocol_reserved2; | |
8030 | +}; | |
8031 | + | |
8032 | +#define SADB_EXT_RESERVED 0 | |
8033 | +#define SADB_EXT_SA 1 | |
8034 | +#define SADB_EXT_LIFETIME_CURRENT 2 | |
8035 | +#define SADB_EXT_LIFETIME_HARD 3 | |
8036 | +#define SADB_EXT_LIFETIME_SOFT 4 | |
8037 | +#define SADB_EXT_ADDRESS_SRC 5 | |
8038 | +#define SADB_EXT_ADDRESS_DST 6 | |
8039 | +#define SADB_EXT_ADDRESS_PROXY 7 | |
8040 | +#define SADB_EXT_KEY_AUTH 8 | |
8041 | +#define SADB_EXT_KEY_ENCRYPT 9 | |
8042 | +#define SADB_EXT_IDENTITY_SRC 10 | |
8043 | +#define SADB_EXT_IDENTITY_DST 11 | |
8044 | +#define SADB_EXT_SENSITIVITY 12 | |
8045 | +#define SADB_EXT_PROPOSAL 13 | |
8046 | +#define SADB_EXT_SUPPORTED_AUTH 14 | |
8047 | +#define SADB_EXT_SUPPORTED_ENCRYPT 15 | |
8048 | +#define SADB_EXT_SPIRANGE 16 | |
8049 | +#define SADB_X_EXT_KMPRIVATE 17 | |
8050 | +#define SADB_X_EXT_SATYPE2 18 | |
8051 | +#ifdef KERNEL26_HAS_KAME_DUPLICATES | |
8052 | +#define SADB_X_EXT_POLICY 18 | |
8053 | +#endif | |
8054 | +#define SADB_X_EXT_SA2 19 | |
8055 | +#define SADB_X_EXT_ADDRESS_DST2 20 | |
8056 | +#define SADB_X_EXT_ADDRESS_SRC_FLOW 21 | |
8057 | +#define SADB_X_EXT_ADDRESS_DST_FLOW 22 | |
8058 | +#define SADB_X_EXT_ADDRESS_SRC_MASK 23 | |
8059 | +#define SADB_X_EXT_ADDRESS_DST_MASK 24 | |
8060 | +#define SADB_X_EXT_DEBUG 25 | |
8061 | +#define SADB_X_EXT_PROTOCOL 26 | |
8062 | +#define SADB_X_EXT_NAT_T_TYPE 27 | |
8063 | +#define SADB_X_EXT_NAT_T_SPORT 28 | |
8064 | +#define SADB_X_EXT_NAT_T_DPORT 29 | |
8065 | +#define SADB_X_EXT_NAT_T_OA 30 | |
8066 | +#define SADB_EXT_MAX 30 | |
8067 | + | |
8068 | +/* SADB_X_DELFLOW required over and above SADB_X_SAFLAGS_CLEARFLOW */ | |
8069 | +#define SADB_X_EXT_ADDRESS_DELFLOW \ | |
8070 | + ( (1<<SADB_X_EXT_ADDRESS_SRC_FLOW) \ | |
8071 | + | (1<<SADB_X_EXT_ADDRESS_DST_FLOW) \ | |
8072 | + | (1<<SADB_X_EXT_ADDRESS_SRC_MASK) \ | |
8073 | + | (1<<SADB_X_EXT_ADDRESS_DST_MASK)) | |
8074 | + | |
8075 | +#define SADB_SATYPE_UNSPEC 0 | |
8076 | +#define SADB_SATYPE_AH 2 | |
8077 | +#define SADB_SATYPE_ESP 3 | |
8078 | +#define SADB_SATYPE_RSVP 5 | |
8079 | +#define SADB_SATYPE_OSPFV2 6 | |
8080 | +#define SADB_SATYPE_RIPV2 7 | |
8081 | +#define SADB_SATYPE_MIP 8 | |
8082 | +#define SADB_X_SATYPE_IPIP 9 | |
8083 | +#ifdef KERNEL26_HAS_KAME_DUPLICATES | |
8084 | +#define SADB_X_SATYPE_IPCOMP 9 /* ICK! */ | |
8085 | +#endif | |
8086 | +#define SADB_X_SATYPE_COMP 10 | |
8087 | +#define SADB_X_SATYPE_INT 11 | |
8088 | +#define SADB_SATYPE_MAX 11 | |
8089 | + | |
8090 | +enum sadb_sastate { | |
8091 | + SADB_SASTATE_LARVAL=0, | |
8092 | + SADB_SASTATE_MATURE=1, | |
8093 | + SADB_SASTATE_DYING=2, | |
8094 | + SADB_SASTATE_DEAD=3 | |
8095 | +}; | |
8096 | +#define SADB_SASTATE_MAX 3 | |
8097 | + | |
8098 | +#define SADB_SAFLAGS_PFS 1 | |
8099 | +#define SADB_X_SAFLAGS_REPLACEFLOW 2 | |
8100 | +#define SADB_X_SAFLAGS_CLEARFLOW 4 | |
8101 | +#define SADB_X_SAFLAGS_INFLOW 8 | |
8102 | + | |
8103 | +/* not obvious, but these are the same values as used in isakmp, | |
8104 | + * and in freeswan/ipsec_policy.h. If you need to add any, they | |
8105 | + * should be added as according to | |
8106 | + * http://www.iana.org/assignments/isakmp-registry | |
8107 | + * | |
8108 | + * and if not, then please try to use a private-use value, and | |
8109 | + * consider asking IANA to assign a value. | |
8110 | + */ | |
8111 | +#define SADB_AALG_NONE 0 | |
8112 | +#define SADB_AALG_MD5HMAC 2 | |
8113 | +#define SADB_AALG_SHA1HMAC 3 | |
8114 | +#define SADB_X_AALG_SHA2_256HMAC 5 | |
8115 | +#define SADB_X_AALG_SHA2_384HMAC 6 | |
8116 | +#define SADB_X_AALG_SHA2_512HMAC 7 | |
8117 | +#define SADB_X_AALG_RIPEMD160HMAC 8 | |
8118 | +#define SADB_X_AALG_NULL 251 /* kame */ | |
8119 | +#define SADB_AALG_MAX 251 | |
8120 | + | |
8121 | +#define SADB_EALG_NONE 0 | |
8122 | +#define SADB_EALG_DESCBC 2 | |
8123 | +#define SADB_EALG_3DESCBC 3 | |
8124 | +#define SADB_X_EALG_CASTCBC 6 | |
8125 | +#define SADB_X_EALG_BLOWFISHCBC 7 | |
8126 | +#define SADB_EALG_NULL 11 | |
8127 | +#define SADB_X_EALG_AESCBC 12 | |
8128 | +#define SADB_EALG_MAX 255 | |
8129 | + | |
8130 | +#define SADB_X_CALG_NONE 0 | |
8131 | +#define SADB_X_CALG_OUI 1 | |
8132 | +#define SADB_X_CALG_DEFLATE 2 | |
8133 | +#define SADB_X_CALG_LZS 3 | |
8134 | +#define SADB_X_CALG_V42BIS 4 | |
8135 | +#ifdef KERNEL26_HAS_KAME_DUPLICATES | |
8136 | +#define SADB_X_CALG_LZJH 4 | |
8137 | +#endif | |
8138 | +#define SADB_X_CALG_MAX 4 | |
8139 | + | |
8140 | +#define SADB_X_TALG_NONE 0 | |
8141 | +#define SADB_X_TALG_IPv4_in_IPv4 1 | |
8142 | +#define SADB_X_TALG_IPv6_in_IPv4 2 | |
8143 | +#define SADB_X_TALG_IPv4_in_IPv6 3 | |
8144 | +#define SADB_X_TALG_IPv6_in_IPv6 4 | |
8145 | +#define SADB_X_TALG_MAX 4 | |
8146 | + | |
8147 | + | |
8148 | +#define SADB_IDENTTYPE_RESERVED 0 | |
8149 | +#define SADB_IDENTTYPE_PREFIX 1 | |
8150 | +#define SADB_IDENTTYPE_FQDN 2 | |
8151 | +#define SADB_IDENTTYPE_USERFQDN 3 | |
8152 | +#define SADB_X_IDENTTYPE_CONNECTION 4 | |
8153 | +#define SADB_IDENTTYPE_MAX 4 | |
8154 | + | |
8155 | +#define SADB_KEY_FLAGS_MAX 0 | |
8156 | +#endif /* __PFKEY_V2_H */ | |
8157 | + | |
8158 | +/* | |
8159 | + * $Log: pfkeyv2.h,v $ | |
8160 | + * Revision 1.31 2005/04/14 01:14:54 mcr | |
8161 | + * change sadb_state to an enum. | |
8162 | + * | |
8163 | + * Revision 1.30 2004/04/06 02:49:00 mcr | |
8164 | + * pullup of algo code from alg-branch. | |
8165 | + * | |
8166 | + * Revision 1.29 2003/12/22 21:35:58 mcr | |
8167 | + * new patches from Dr{Who}. | |
8168 | + * | |
8169 | + * Revision 1.28 2003/12/22 19:33:15 mcr | |
8170 | + * added 0.6c NAT-T patch. | |
8171 | + * | |
8172 | + * Revision 1.27 2003/12/10 01:20:01 mcr | |
8173 | + * NAT-traversal patches to KLIPS. | |
8174 | + * | |
8175 | + * Revision 1.26 2003/10/31 02:26:44 mcr | |
8176 | + * pulled up port-selector patches. | |
8177 | + * | |
8178 | + * Revision 1.25.4.1 2003/09/21 13:59:34 mcr | |
8179 | + * pre-liminary X.509 patch - does not yet pass tests. | |
8180 | + * | |
8181 | + * Revision 1.25 2003/07/31 23:59:17 mcr | |
8182 | + * re-introduce kernel 2.6 duplicate values for now. | |
8183 | + * hope to get them changed! | |
8184 | + * | |
8185 | + * Revision 1.24 2003/07/31 22:55:27 mcr | |
8186 | + * added some definitions to keep pfkeyv2.h files in sync. | |
8187 | + * | |
8188 | + * Revision 1.23 2003/05/11 00:43:48 mcr | |
8189 | + * added comment about origin of values used | |
8190 | + * | |
8191 | + * Revision 1.22 2003/01/30 02:31:34 rgb | |
8192 | + * | |
8193 | + * Convert IPsecSAref_t from signed to unsigned to fix apparent SAref exhaustion bug. | |
8194 | + * | |
8195 | + * Revision 1.21 2002/12/16 19:26:49 mcr | |
8196 | + * added definition of FS 1.xx sadb structure | |
8197 | + * | |
8198 | + * Revision 1.20 2002/09/20 15:40:25 rgb | |
8199 | + * Added sadb_x_sa_ref to struct sadb_sa. | |
8200 | + * | |
8201 | + * Revision 1.19 2002/04/24 07:36:49 mcr | |
8202 | + * Moved from ./lib/pfkeyv2.h,v | |
8203 | + * | |
8204 | + * Revision 1.18 2001/11/06 19:47:47 rgb | |
8205 | + * Added packet parameter to lifetime and comb structures. | |
8206 | + * | |
8207 | + * Revision 1.17 2001/09/08 21:13:35 rgb | |
8208 | + * Added pfkey ident extension support for ISAKMPd. (NetCelo) | |
8209 | + * | |
8210 | + * Revision 1.16 2001/07/06 19:49:46 rgb | |
8211 | + * Added SADB_X_SAFLAGS_INFLOW for supporting incoming policy checks. | |
8212 | + * | |
8213 | + * Revision 1.15 2001/02/26 20:00:43 rgb | |
8214 | + * Added internal IP protocol 61 for magic SAs. | |
8215 | + * | |
8216 | + * Revision 1.14 2001/02/08 18:51:05 rgb | |
8217 | + * Include RFC document title and appendix subsection title. | |
8218 | + * | |
8219 | + * Revision 1.13 2000/10/10 20:10:20 rgb | |
8220 | + * Added support for debug_ipcomp and debug_verbose to klipsdebug. | |
8221 | + * | |
8222 | + * Revision 1.12 2000/09/15 06:41:50 rgb | |
8223 | + * Added V42BIS constant. | |
8224 | + * | |
8225 | + * Revision 1.11 2000/09/12 22:35:37 rgb | |
8226 | + * Restructured to remove unused extensions from CLEARFLOW messages. | |
8227 | + * | |
8228 | + * Revision 1.10 2000/09/12 18:50:09 rgb | |
8229 | + * Added IPIP tunnel types as algo support. | |
8230 | + * | |
8231 | + * Revision 1.9 2000/08/21 16:47:19 rgb | |
8232 | + * Added SADB_X_CALG_* macros for IPCOMP. | |
8233 | + * | |
8234 | + * Revision 1.8 2000/08/09 20:43:34 rgb | |
8235 | + * Fixed bitmask value for SADB_X_SAFLAGS_CLEAREROUTE. | |
8236 | + * | |
8237 | + * Revision 1.7 2000/01/21 06:28:37 rgb | |
8238 | + * Added flow add/delete message type macros. | |
8239 | + * Added flow address extension type macros. | |
8240 | + * Tidied up spacing. | |
8241 | + * Added klipsdebug switching capability. | |
8242 | + * | |
8243 | + * Revision 1.6 1999/11/27 11:56:08 rgb | |
8244 | + * Add SADB_X_SATYPE_COMP for compression, eventually. | |
8245 | + * | |
8246 | + * Revision 1.5 1999/11/23 22:23:16 rgb | |
8247 | + * This file has been moved in the distribution from klips/net/ipsec to | |
8248 | + * lib. | |
8249 | + * | |
8250 | + * Revision 1.4 1999/04/29 15:23:29 rgb | |
8251 | + * Add GRPSA support. | |
8252 | + * Add support for a second SATYPE, SA and DST_ADDRESS. | |
8253 | + * Add IPPROTO_IPIP support. | |
8254 | + * | |
8255 | + * Revision 1.3 1999/04/15 17:58:08 rgb | |
8256 | + * Add RCSID labels. | |
8257 | + * | |
8258 | + */ | |
8259 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
8260 | +++ linux/include/zlib/zconf.h Mon Feb 9 13:51:03 2004 | |
8261 | @@ -0,0 +1,309 @@ | |
8262 | +/* zconf.h -- configuration of the zlib compression library | |
8263 | + * Copyright (C) 1995-2002 Jean-loup Gailly. | |
8264 | + * For conditions of distribution and use, see copyright notice in zlib.h | |
8265 | + */ | |
8266 | + | |
8267 | +/* @(#) $Id: zconf.h,v 1.4 2004/07/10 07:48:40 mcr Exp $ */ | |
8268 | + | |
8269 | +#ifndef _ZCONF_H | |
8270 | +#define _ZCONF_H | |
8271 | + | |
8272 | +/* | |
8273 | + * If you *really* need a unique prefix for all types and library functions, | |
8274 | + * compile with -DZ_PREFIX. The "standard" zlib should be compiled without it. | |
8275 | + */ | |
8276 | +#ifdef IPCOMP_PREFIX | |
8277 | +# define deflateInit_ ipcomp_deflateInit_ | |
8278 | +# define deflate ipcomp_deflate | |
8279 | +# define deflateEnd ipcomp_deflateEnd | |
8280 | +# define inflateInit_ ipcomp_inflateInit_ | |
8281 | +# define inflate ipcomp_inflate | |
8282 | +# define inflateEnd ipcomp_inflateEnd | |
8283 | +# define deflateInit2_ ipcomp_deflateInit2_ | |
8284 | +# define deflateSetDictionary ipcomp_deflateSetDictionary | |
8285 | +# define deflateCopy ipcomp_deflateCopy | |
8286 | +# define deflateReset ipcomp_deflateReset | |
8287 | +# define deflateParams ipcomp_deflateParams | |
8288 | +# define inflateInit2_ ipcomp_inflateInit2_ | |
8289 | +# define inflateSetDictionary ipcomp_inflateSetDictionary | |
8290 | +# define inflateSync ipcomp_inflateSync | |
8291 | +# define inflateSyncPoint ipcomp_inflateSyncPoint | |
8292 | +# define inflateReset ipcomp_inflateReset | |
8293 | +# define compress ipcomp_compress | |
8294 | +# define compress2 ipcomp_compress2 | |
8295 | +# define uncompress ipcomp_uncompress | |
8296 | +# define adler32 ipcomp_adler32 | |
8297 | +# define crc32 ipcomp_crc32 | |
8298 | +# define get_crc_table ipcomp_get_crc_table | |
8299 | +/* SSS: these also need to be prefixed to avoid clash with ppp_deflate and ext2compression */ | |
8300 | +# define inflate_blocks ipcomp_deflate_blocks | |
8301 | +# define inflate_blocks_free ipcomp_deflate_blocks_free | |
8302 | +# define inflate_blocks_new ipcomp_inflate_blocks_new | |
8303 | +# define inflate_blocks_reset ipcomp_inflate_blocks_reset | |
8304 | +# define inflate_blocks_sync_point ipcomp_inflate_blocks_sync_point | |
8305 | +# define inflate_set_dictionary ipcomp_inflate_set_dictionary | |
8306 | +# define inflate_codes ipcomp_inflate_codes | |
8307 | +# define inflate_codes_free ipcomp_inflate_codes_free | |
8308 | +# define inflate_codes_new ipcomp_inflate_codes_new | |
8309 | +# define inflate_fast ipcomp_inflate_fast | |
8310 | +# define inflate_trees_bits ipcomp_inflate_trees_bits | |
8311 | +# define inflate_trees_dynamic ipcomp_inflate_trees_dynamic | |
8312 | +# define inflate_trees_fixed ipcomp_inflate_trees_fixed | |
8313 | +# define inflate_flush ipcomp_inflate_flush | |
8314 | +# define inflate_mask ipcomp_inflate_mask | |
8315 | +# define _dist_code _ipcomp_dist_code | |
8316 | +# define _length_code _ipcomp_length_code | |
8317 | +# define _tr_align _ipcomp_tr_align | |
8318 | +# define _tr_flush_block _ipcomp_tr_flush_block | |
8319 | +# define _tr_init _ipcomp_tr_init | |
8320 | +# define _tr_stored_block _ipcomp_tr_stored_block | |
8321 | +# define _tr_tally _ipcomp_tr_tally | |
8322 | +# define zError ipcomp_zError | |
8323 | +# define z_errmsg ipcomp_z_errmsg | |
8324 | +# define zlibVersion ipcomp_zlibVersion | |
8325 | +# define match_init ipcomp_match_init | |
8326 | +# define longest_match ipcomp_longest_match | |
8327 | +#endif | |
8328 | + | |
8329 | +#ifdef Z_PREFIX | |
8330 | +# define Byte z_Byte | |
8331 | +# define uInt z_uInt | |
8332 | +# define uLong z_uLong | |
8333 | +# define Bytef z_Bytef | |
8334 | +# define charf z_charf | |
8335 | +# define intf z_intf | |
8336 | +# define uIntf z_uIntf | |
8337 | +# define uLongf z_uLongf | |
8338 | +# define voidpf z_voidpf | |
8339 | +# define voidp z_voidp | |
8340 | +#endif | |
8341 | + | |
8342 | +#if (defined(_WIN32) || defined(__WIN32__)) && !defined(WIN32) | |
8343 | +# define WIN32 | |
8344 | +#endif | |
8345 | +#if defined(__GNUC__) || defined(WIN32) || defined(__386__) || defined(i386) | |
8346 | +# ifndef __32BIT__ | |
8347 | +# define __32BIT__ | |
8348 | +# endif | |
8349 | +#endif | |
8350 | +#if defined(__MSDOS__) && !defined(MSDOS) | |
8351 | +# define MSDOS | |
8352 | +#endif | |
8353 | + | |
8354 | +/* | |
8355 | + * Compile with -DMAXSEG_64K if the alloc function cannot allocate more | |
8356 | + * than 64k bytes at a time (needed on systems with 16-bit int). | |
8357 | + */ | |
8358 | +#if defined(MSDOS) && !defined(__32BIT__) | |
8359 | +# define MAXSEG_64K | |
8360 | +#endif | |
8361 | +#ifdef MSDOS | |
8362 | +# define UNALIGNED_OK | |
8363 | +#endif | |
8364 | + | |
8365 | +#if (defined(MSDOS) || defined(_WINDOWS) || defined(WIN32)) && !defined(STDC) | |
8366 | +# define STDC | |
8367 | +#endif | |
8368 | +#if defined(__STDC__) || defined(__cplusplus) || defined(__OS2__) | |
8369 | +# ifndef STDC | |
8370 | +# define STDC | |
8371 | +# endif | |
8372 | +#endif | |
8373 | + | |
8374 | +#ifndef STDC | |
8375 | +# ifndef const /* cannot use !defined(STDC) && !defined(const) on Mac */ | |
8376 | +# define const | |
8377 | +# endif | |
8378 | +#endif | |
8379 | + | |
8380 | +/* Some Mac compilers merge all .h files incorrectly: */ | |
8381 | +#if defined(__MWERKS__) || defined(applec) ||defined(THINK_C) ||defined(__SC__) | |
8382 | +# define NO_DUMMY_DECL | |
8383 | +#endif | |
8384 | + | |
8385 | +/* Old Borland C incorrectly complains about missing returns: */ | |
8386 | +#if defined(__BORLANDC__) && (__BORLANDC__ < 0x500) | |
8387 | +# define NEED_DUMMY_RETURN | |
8388 | +#endif | |
8389 | + | |
8390 | + | |
8391 | +/* Maximum value for memLevel in deflateInit2 */ | |
8392 | +#ifndef MAX_MEM_LEVEL | |
8393 | +# ifdef MAXSEG_64K | |
8394 | +# define MAX_MEM_LEVEL 8 | |
8395 | +# else | |
8396 | +# define MAX_MEM_LEVEL 9 | |
8397 | +# endif | |
8398 | +#endif | |
8399 | + | |
8400 | +/* Maximum value for windowBits in deflateInit2 and inflateInit2. | |
8401 | + * WARNING: reducing MAX_WBITS makes minigzip unable to extract .gz files | |
8402 | + * created by gzip. (Files created by minigzip can still be extracted by | |
8403 | + * gzip.) | |
8404 | + */ | |
8405 | +#ifndef MAX_WBITS | |
8406 | +# define MAX_WBITS 15 /* 32K LZ77 window */ | |
8407 | +#endif | |
8408 | + | |
8409 | +/* The memory requirements for deflate are (in bytes): | |
8410 | + (1 << (windowBits+2)) + (1 << (memLevel+9)) | |
8411 | + that is: 128K for windowBits=15 + 128K for memLevel = 8 (default values) | |
8412 | + plus a few kilobytes for small objects. For example, if you want to reduce | |
8413 | + the default memory requirements from 256K to 128K, compile with | |
8414 | + make CFLAGS="-O -DMAX_WBITS=14 -DMAX_MEM_LEVEL=7" | |
8415 | + Of course this will generally degrade compression (there's no free lunch). | |
8416 | + | |
8417 | + The memory requirements for inflate are (in bytes) 1 << windowBits | |
8418 | + that is, 32K for windowBits=15 (default value) plus a few kilobytes | |
8419 | + for small objects. | |
8420 | +*/ | |
8421 | + | |
8422 | + /* Type declarations */ | |
8423 | + | |
8424 | +#ifndef OF /* function prototypes */ | |
8425 | +# ifdef STDC | |
8426 | +# define OF(args) args | |
8427 | +# else | |
8428 | +# define OF(args) () | |
8429 | +# endif | |
8430 | +#endif | |
8431 | + | |
8432 | +/* The following definitions for FAR are needed only for MSDOS mixed | |
8433 | + * model programming (small or medium model with some far allocations). | |
8434 | + * This was tested only with MSC; for other MSDOS compilers you may have | |
8435 | + * to define NO_MEMCPY in zutil.h. If you don't need the mixed model, | |
8436 | + * just define FAR to be empty. | |
8437 | + */ | |
8438 | +#if (defined(M_I86SM) || defined(M_I86MM)) && !defined(__32BIT__) | |
8439 | + /* MSC small or medium model */ | |
8440 | +# define SMALL_MEDIUM | |
8441 | +# ifdef _MSC_VER | |
8442 | +# define FAR _far | |
8443 | +# else | |
8444 | +# define FAR far | |
8445 | +# endif | |
8446 | +#endif | |
8447 | +#if defined(__BORLANDC__) && (defined(__SMALL__) || defined(__MEDIUM__)) | |
8448 | +# ifndef __32BIT__ | |
8449 | +# define SMALL_MEDIUM | |
8450 | +# define FAR _far | |
8451 | +# endif | |
8452 | +#endif | |
8453 | + | |
8454 | +/* Compile with -DZLIB_DLL for Windows DLL support */ | |
8455 | +#if defined(ZLIB_DLL) | |
8456 | +# if defined(_WINDOWS) || defined(WINDOWS) | |
8457 | +# ifdef FAR | |
8458 | +# undef FAR | |
8459 | +# endif | |
8460 | +# include <windows.h> | |
8461 | +# define ZEXPORT WINAPI | |
8462 | +# ifdef WIN32 | |
8463 | +# define ZEXPORTVA WINAPIV | |
8464 | +# else | |
8465 | +# define ZEXPORTVA FAR _cdecl _export | |
8466 | +# endif | |
8467 | +# endif | |
8468 | +# if defined (__BORLANDC__) | |
8469 | +# if (__BORLANDC__ >= 0x0500) && defined (WIN32) | |
8470 | +# include <windows.h> | |
8471 | +# define ZEXPORT __declspec(dllexport) WINAPI | |
8472 | +# define ZEXPORTRVA __declspec(dllexport) WINAPIV | |
8473 | +# else | |
8474 | +# if defined (_Windows) && defined (__DLL__) | |
8475 | +# define ZEXPORT _export | |
8476 | +# define ZEXPORTVA _export | |
8477 | +# endif | |
8478 | +# endif | |
8479 | +# endif | |
8480 | +#endif | |
8481 | + | |
8482 | +#if defined (__BEOS__) | |
8483 | +# if defined (ZLIB_DLL) | |
8484 | +# define ZEXTERN extern __declspec(dllexport) | |
8485 | +# else | |
8486 | +# define ZEXTERN extern __declspec(dllimport) | |
8487 | +# endif | |
8488 | +#endif | |
8489 | + | |
8490 | +#ifndef ZEXPORT | |
8491 | +# define ZEXPORT | |
8492 | +#endif | |
8493 | +#ifndef ZEXPORTVA | |
8494 | +# define ZEXPORTVA | |
8495 | +#endif | |
8496 | +#ifndef ZEXTERN | |
8497 | +# define ZEXTERN extern | |
8498 | +#endif | |
8499 | + | |
8500 | +#ifndef FAR | |
8501 | +# define FAR | |
8502 | +#endif | |
8503 | + | |
8504 | +#if !defined(MACOS) && !defined(TARGET_OS_MAC) | |
8505 | +typedef unsigned char Byte; /* 8 bits */ | |
8506 | +#endif | |
8507 | +typedef unsigned int uInt; /* 16 bits or more */ | |
8508 | +typedef unsigned long uLong; /* 32 bits or more */ | |
8509 | + | |
8510 | +#ifdef SMALL_MEDIUM | |
8511 | + /* Borland C/C++ and some old MSC versions ignore FAR inside typedef */ | |
8512 | +# define Bytef Byte FAR | |
8513 | +#else | |
8514 | + typedef Byte FAR Bytef; | |
8515 | +#endif | |
8516 | +typedef char FAR charf; | |
8517 | +typedef int FAR intf; | |
8518 | +typedef uInt FAR uIntf; | |
8519 | +typedef uLong FAR uLongf; | |
8520 | + | |
8521 | +#ifdef STDC | |
8522 | + typedef void FAR *voidpf; | |
8523 | + typedef void *voidp; | |
8524 | +#else | |
8525 | + typedef Byte FAR *voidpf; | |
8526 | + typedef Byte *voidp; | |
8527 | +#endif | |
8528 | + | |
8529 | +#ifdef HAVE_UNISTD_H | |
8530 | +# include <sys/types.h> /* for off_t */ | |
8531 | +# include <unistd.h> /* for SEEK_* and off_t */ | |
8532 | +# define z_off_t off_t | |
8533 | +#endif | |
8534 | +#ifndef SEEK_SET | |
8535 | +# define SEEK_SET 0 /* Seek from beginning of file. */ | |
8536 | +# define SEEK_CUR 1 /* Seek from current position. */ | |
8537 | +# define SEEK_END 2 /* Set file pointer to EOF plus "offset" */ | |
8538 | +#endif | |
8539 | +#ifndef z_off_t | |
8540 | +# define z_off_t long | |
8541 | +#endif | |
8542 | + | |
8543 | +/* MVS linker does not support external names larger than 8 bytes */ | |
8544 | +#if defined(__MVS__) | |
8545 | +# pragma map(deflateInit_,"DEIN") | |
8546 | +# pragma map(deflateInit2_,"DEIN2") | |
8547 | +# pragma map(deflateEnd,"DEEND") | |
8548 | +# pragma map(inflateInit_,"ININ") | |
8549 | +# pragma map(inflateInit2_,"ININ2") | |
8550 | +# pragma map(inflateEnd,"INEND") | |
8551 | +# pragma map(inflateSync,"INSY") | |
8552 | +# pragma map(inflateSetDictionary,"INSEDI") | |
8553 | +# pragma map(inflate_blocks,"INBL") | |
8554 | +# pragma map(inflate_blocks_new,"INBLNE") | |
8555 | +# pragma map(inflate_blocks_free,"INBLFR") | |
8556 | +# pragma map(inflate_blocks_reset,"INBLRE") | |
8557 | +# pragma map(inflate_codes_free,"INCOFR") | |
8558 | +# pragma map(inflate_codes,"INCO") | |
8559 | +# pragma map(inflate_fast,"INFA") | |
8560 | +# pragma map(inflate_flush,"INFLU") | |
8561 | +# pragma map(inflate_mask,"INMA") | |
8562 | +# pragma map(inflate_set_dictionary,"INSEDI2") | |
8563 | +# pragma map(ipcomp_inflate_copyright,"INCOPY") | |
8564 | +# pragma map(inflate_trees_bits,"INTRBI") | |
8565 | +# pragma map(inflate_trees_dynamic,"INTRDY") | |
8566 | +# pragma map(inflate_trees_fixed,"INTRFI") | |
8567 | +# pragma map(inflate_trees_free,"INTRFR") | |
8568 | +#endif | |
8569 | + | |
8570 | +#endif /* _ZCONF_H */ | |
8571 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
8572 | +++ linux/include/zlib/zlib.h Mon Feb 9 13:51:03 2004 | |
8573 | @@ -0,0 +1,893 @@ | |
8574 | +/* zlib.h -- interface of the 'zlib' general purpose compression library | |
8575 | + version 1.1.4, March 11th, 2002 | |
8576 | + | |
8577 | + Copyright (C) 1995-2002 Jean-loup Gailly and Mark Adler | |
8578 | + | |
8579 | + This software is provided 'as-is', without any express or implied | |
8580 | + warranty. In no event will the authors be held liable for any damages | |
8581 | + arising from the use of this software. | |
8582 | + | |
8583 | + Permission is granted to anyone to use this software for any purpose, | |
8584 | + including commercial applications, and to alter it and redistribute it | |
8585 | + freely, subject to the following restrictions: | |
8586 | + | |
8587 | + 1. The origin of this software must not be misrepresented; you must not | |
8588 | + claim that you wrote the original software. If you use this software | |
8589 | + in a product, an acknowledgment in the product documentation would be | |
8590 | + appreciated but is not required. | |
8591 | + 2. Altered source versions must be plainly marked as such, and must not be | |
8592 | + misrepresented as being the original software. | |
8593 | + 3. This notice may not be removed or altered from any source distribution. | |
8594 | + | |
8595 | + Jean-loup Gailly Mark Adler | |
8596 | + jloup@gzip.org madler@alumni.caltech.edu | |
8597 | + | |
8598 | + | |
8599 | + The data format used by the zlib library is described by RFCs (Request for | |
8600 | + Comments) 1950 to 1952 in the files ftp://ds.internic.net/rfc/rfc1950.txt | |
8601 | + (zlib format), rfc1951.txt (deflate format) and rfc1952.txt (gzip format). | |
8602 | +*/ | |
8603 | + | |
8604 | +#ifndef _ZLIB_H | |
8605 | +#define _ZLIB_H | |
8606 | + | |
8607 | +#include "zconf.h" | |
8608 | + | |
8609 | +#ifdef __cplusplus | |
8610 | +extern "C" { | |
8611 | +#endif | |
8612 | + | |
8613 | +#define ZLIB_VERSION "1.1.4" | |
8614 | + | |
8615 | +/* | |
8616 | + The 'zlib' compression library provides in-memory compression and | |
8617 | + decompression functions, including integrity checks of the uncompressed | |
8618 | + data. This version of the library supports only one compression method | |
8619 | + (deflation) but other algorithms will be added later and will have the same | |
8620 | + stream interface. | |
8621 | + | |
8622 | + Compression can be done in a single step if the buffers are large | |
8623 | + enough (for example if an input file is mmap'ed), or can be done by | |
8624 | + repeated calls of the compression function. In the latter case, the | |
8625 | + application must provide more input and/or consume the output | |
8626 | + (providing more output space) before each call. | |
8627 | + | |
8628 | + The library also supports reading and writing files in gzip (.gz) format | |
8629 | + with an interface similar to that of stdio. | |
8630 | + | |
8631 | + The library does not install any signal handler. The decoder checks | |
8632 | + the consistency of the compressed data, so the library should never | |
8633 | + crash even in case of corrupted input. | |
8634 | +*/ | |
8635 | + | |
8636 | +typedef voidpf (*alloc_func) OF((voidpf opaque, uInt items, uInt size)); | |
8637 | +typedef void (*free_func) OF((voidpf opaque, voidpf address)); | |
8638 | + | |
8639 | +struct internal_state; | |
8640 | + | |
8641 | +typedef struct z_stream_s { | |
8642 | + Bytef *next_in; /* next input byte */ | |
8643 | + uInt avail_in; /* number of bytes available at next_in */ | |
8644 | + uLong total_in; /* total nb of input bytes read so far */ | |
8645 | + | |
8646 | + Bytef *next_out; /* next output byte should be put there */ | |
8647 | + uInt avail_out; /* remaining free space at next_out */ | |
8648 | + uLong total_out; /* total nb of bytes output so far */ | |
8649 | + | |
8650 | + const char *msg; /* last error message, NULL if no error */ | |
8651 | + struct internal_state FAR *state; /* not visible by applications */ | |
8652 | + | |
8653 | + alloc_func zalloc; /* used to allocate the internal state */ | |
8654 | + free_func zfree; /* used to free the internal state */ | |
8655 | + voidpf opaque; /* private data object passed to zalloc and zfree */ | |
8656 | + | |
8657 | + int data_type; /* best guess about the data type: ascii or binary */ | |
8658 | + uLong adler; /* adler32 value of the uncompressed data */ | |
8659 | + uLong reserved; /* reserved for future use */ | |
8660 | +} z_stream; | |
8661 | + | |
8662 | +typedef z_stream FAR *z_streamp; | |
8663 | + | |
8664 | +/* | |
8665 | + The application must update next_in and avail_in when avail_in has | |
8666 | + dropped to zero. It must update next_out and avail_out when avail_out | |
8667 | + has dropped to zero. The application must initialize zalloc, zfree and | |
8668 | + opaque before calling the init function. All other fields are set by the | |
8669 | + compression library and must not be updated by the application. | |
8670 | + | |
8671 | + The opaque value provided by the application will be passed as the first | |
8672 | + parameter for calls of zalloc and zfree. This can be useful for custom | |
8673 | + memory management. The compression library attaches no meaning to the | |
8674 | + opaque value. | |
8675 | + | |
8676 | + zalloc must return Z_NULL if there is not enough memory for the object. | |
8677 | + If zlib is used in a multi-threaded application, zalloc and zfree must be | |
8678 | + thread safe. | |
8679 | + | |
8680 | + On 16-bit systems, the functions zalloc and zfree must be able to allocate | |
8681 | + exactly 65536 bytes, but will not be required to allocate more than this | |
8682 | + if the symbol MAXSEG_64K is defined (see zconf.h). WARNING: On MSDOS, | |
8683 | + pointers returned by zalloc for objects of exactly 65536 bytes *must* | |
8684 | + have their offset normalized to zero. The default allocation function | |
8685 | + provided by this library ensures this (see zutil.c). To reduce memory | |
8686 | + requirements and avoid any allocation of 64K objects, at the expense of | |
8687 | + compression ratio, compile the library with -DMAX_WBITS=14 (see zconf.h). | |
8688 | + | |
8689 | + The fields total_in and total_out can be used for statistics or | |
8690 | + progress reports. After compression, total_in holds the total size of | |
8691 | + the uncompressed data and may be saved for use in the decompressor | |
8692 | + (particularly if the decompressor wants to decompress everything in | |
8693 | + a single step). | |
8694 | +*/ | |
8695 | + | |
8696 | + /* constants */ | |
8697 | + | |
8698 | +#define Z_NO_FLUSH 0 | |
8699 | +#define Z_PARTIAL_FLUSH 1 /* will be removed, use Z_SYNC_FLUSH instead */ | |
8700 | +#define Z_SYNC_FLUSH 2 | |
8701 | +#define Z_FULL_FLUSH 3 | |
8702 | +#define Z_FINISH 4 | |
8703 | +/* Allowed flush values; see deflate() below for details */ | |
8704 | + | |
8705 | +#define Z_OK 0 | |
8706 | +#define Z_STREAM_END 1 | |
8707 | +#define Z_NEED_DICT 2 | |
8708 | +#define Z_ERRNO (-1) | |
8709 | +#define Z_STREAM_ERROR (-2) | |
8710 | +#define Z_DATA_ERROR (-3) | |
8711 | +#define Z_MEM_ERROR (-4) | |
8712 | +#define Z_BUF_ERROR (-5) | |
8713 | +#define Z_VERSION_ERROR (-6) | |
8714 | +/* Return codes for the compression/decompression functions. Negative | |
8715 | + * values are errors, positive values are used for special but normal events. | |
8716 | + */ | |
8717 | + | |
8718 | +#define Z_NO_COMPRESSION 0 | |
8719 | +#define Z_BEST_SPEED 1 | |
8720 | +#define Z_BEST_COMPRESSION 9 | |
8721 | +#define Z_DEFAULT_COMPRESSION (-1) | |
8722 | +/* compression levels */ | |
8723 | + | |
8724 | +#define Z_FILTERED 1 | |
8725 | +#define Z_HUFFMAN_ONLY 2 | |
8726 | +#define Z_DEFAULT_STRATEGY 0 | |
8727 | +/* compression strategy; see deflateInit2() below for details */ | |
8728 | + | |
8729 | +#define Z_BINARY 0 | |
8730 | +#define Z_ASCII 1 | |
8731 | +#define Z_UNKNOWN 2 | |
8732 | +/* Possible values of the data_type field */ | |
8733 | + | |
8734 | +#define Z_DEFLATED 8 | |
8735 | +/* The deflate compression method (the only one supported in this version) */ | |
8736 | + | |
8737 | +#define Z_NULL 0 /* for initializing zalloc, zfree, opaque */ | |
8738 | + | |
8739 | +#define zlib_version zlibVersion() | |
8740 | +/* for compatibility with versions < 1.0.2 */ | |
8741 | + | |
8742 | + /* basic functions */ | |
8743 | + | |
8744 | +ZEXTERN const char * ZEXPORT zlibVersion OF((void)); | |
8745 | +/* The application can compare zlibVersion and ZLIB_VERSION for consistency. | |
8746 | + If the first character differs, the library code actually used is | |
8747 | + not compatible with the zlib.h header file used by the application. | |
8748 | + This check is automatically made by deflateInit and inflateInit. | |
8749 | + */ | |
8750 | + | |
8751 | +/* | |
8752 | +ZEXTERN int ZEXPORT deflateInit OF((z_streamp strm, int level)); | |
8753 | + | |
8754 | + Initializes the internal stream state for compression. The fields | |
8755 | + zalloc, zfree and opaque must be initialized before by the caller. | |
8756 | + If zalloc and zfree are set to Z_NULL, deflateInit updates them to | |
8757 | + use default allocation functions. | |
8758 | + | |
8759 | + The compression level must be Z_DEFAULT_COMPRESSION, or between 0 and 9: | |
8760 | + 1 gives best speed, 9 gives best compression, 0 gives no compression at | |
8761 | + all (the input data is simply copied a block at a time). | |
8762 | + Z_DEFAULT_COMPRESSION requests a default compromise between speed and | |
8763 | + compression (currently equivalent to level 6). | |
8764 | + | |
8765 | + deflateInit returns Z_OK if success, Z_MEM_ERROR if there was not | |
8766 | + enough memory, Z_STREAM_ERROR if level is not a valid compression level, | |
8767 | + Z_VERSION_ERROR if the zlib library version (zlib_version) is incompatible | |
8768 | + with the version assumed by the caller (ZLIB_VERSION). | |
8769 | + msg is set to null if there is no error message. deflateInit does not | |
8770 | + perform any compression: this will be done by deflate(). | |
8771 | +*/ | |
8772 | + | |
8773 | + | |
8774 | +ZEXTERN int ZEXPORT deflate OF((z_streamp strm, int flush)); | |
8775 | +/* | |
8776 | + deflate compresses as much data as possible, and stops when the input | |
8777 | + buffer becomes empty or the output buffer becomes full. It may introduce some | |
8778 | + output latency (reading input without producing any output) except when | |
8779 | + forced to flush. | |
8780 | + | |
8781 | + The detailed semantics are as follows. deflate performs one or both of the | |
8782 | + following actions: | |
8783 | + | |
8784 | + - Compress more input starting at next_in and update next_in and avail_in | |
8785 | + accordingly. If not all input can be processed (because there is not | |
8786 | + enough room in the output buffer), next_in and avail_in are updated and | |
8787 | + processing will resume at this point for the next call of deflate(). | |
8788 | + | |
8789 | + - Provide more output starting at next_out and update next_out and avail_out | |
8790 | + accordingly. This action is forced if the parameter flush is non zero. | |
8791 | + Forcing flush frequently degrades the compression ratio, so this parameter | |
8792 | + should be set only when necessary (in interactive applications). | |
8793 | + Some output may be provided even if flush is not set. | |
8794 | + | |
8795 | + Before the call of deflate(), the application should ensure that at least | |
8796 | + one of the actions is possible, by providing more input and/or consuming | |
8797 | + more output, and updating avail_in or avail_out accordingly; avail_out | |
8798 | + should never be zero before the call. The application can consume the | |
8799 | + compressed output when it wants, for example when the output buffer is full | |
8800 | + (avail_out == 0), or after each call of deflate(). If deflate returns Z_OK | |
8801 | + and with zero avail_out, it must be called again after making room in the | |
8802 | + output buffer because there might be more output pending. | |
8803 | + | |
8804 | + If the parameter flush is set to Z_SYNC_FLUSH, all pending output is | |
8805 | + flushed to the output buffer and the output is aligned on a byte boundary, so | |
8806 | + that the decompressor can get all input data available so far. (In particular | |
8807 | + avail_in is zero after the call if enough output space has been provided | |
8808 | + before the call.) Flushing may degrade compression for some compression | |
8809 | + algorithms and so it should be used only when necessary. | |
8810 | + | |
8811 | + If flush is set to Z_FULL_FLUSH, all output is flushed as with | |
8812 | + Z_SYNC_FLUSH, and the compression state is reset so that decompression can | |
8813 | + restart from this point if previous compressed data has been damaged or if | |
8814 | + random access is desired. Using Z_FULL_FLUSH too often can seriously degrade | |
8815 | + the compression. | |
8816 | + | |
8817 | + If deflate returns with avail_out == 0, this function must be called again | |
8818 | + with the same value of the flush parameter and more output space (updated | |
8819 | + avail_out), until the flush is complete (deflate returns with non-zero | |
8820 | + avail_out). | |
8821 | + | |
8822 | + If the parameter flush is set to Z_FINISH, pending input is processed, | |
8823 | + pending output is flushed and deflate returns with Z_STREAM_END if there | |
8824 | + was enough output space; if deflate returns with Z_OK, this function must be | |
8825 | + called again with Z_FINISH and more output space (updated avail_out) but no | |
8826 | + more input data, until it returns with Z_STREAM_END or an error. After | |
8827 | + deflate has returned Z_STREAM_END, the only possible operations on the | |
8828 | + stream are deflateReset or deflateEnd. | |
8829 | + | |
8830 | + Z_FINISH can be used immediately after deflateInit if all the compression | |
8831 | + is to be done in a single step. In this case, avail_out must be at least | |
8832 | + 0.1% larger than avail_in plus 12 bytes. If deflate does not return | |
8833 | + Z_STREAM_END, then it must be called again as described above. | |
8834 | + | |
8835 | + deflate() sets strm->adler to the adler32 checksum of all input read | |
8836 | + so far (that is, total_in bytes). | |
8837 | + | |
8838 | + deflate() may update data_type if it can make a good guess about | |
8839 | + the input data type (Z_ASCII or Z_BINARY). In doubt, the data is considered | |
8840 | + binary. This field is only for information purposes and does not affect | |
8841 | + the compression algorithm in any manner. | |
8842 | + | |
8843 | + deflate() returns Z_OK if some progress has been made (more input | |
8844 | + processed or more output produced), Z_STREAM_END if all input has been | |
8845 | + consumed and all output has been produced (only when flush is set to | |
8846 | + Z_FINISH), Z_STREAM_ERROR if the stream state was inconsistent (for example | |
8847 | + if next_in or next_out was NULL), Z_BUF_ERROR if no progress is possible | |
8848 | + (for example avail_in or avail_out was zero). | |
8849 | +*/ | |
8850 | + | |
8851 | + | |
8852 | +ZEXTERN int ZEXPORT deflateEnd OF((z_streamp strm)); | |
8853 | +/* | |
8854 | + All dynamically allocated data structures for this stream are freed. | |
8855 | + This function discards any unprocessed input and does not flush any | |
8856 | + pending output. | |
8857 | + | |
8858 | + deflateEnd returns Z_OK if success, Z_STREAM_ERROR if the | |
8859 | + stream state was inconsistent, Z_DATA_ERROR if the stream was freed | |
8860 | + prematurely (some input or output was discarded). In the error case, | |
8861 | + msg may be set but then points to a static string (which must not be | |
8862 | + deallocated). | |
8863 | +*/ | |
8864 | + | |
8865 | + | |
8866 | +/* | |
8867 | +ZEXTERN int ZEXPORT inflateInit OF((z_streamp strm)); | |
8868 | + | |
8869 | + Initializes the internal stream state for decompression. The fields | |
8870 | + next_in, avail_in, zalloc, zfree and opaque must be initialized before by | |
8871 | + the caller. If next_in is not Z_NULL and avail_in is large enough (the exact | |
8872 | + value depends on the compression method), inflateInit determines the | |
8873 | + compression method from the zlib header and allocates all data structures | |
8874 | + accordingly; otherwise the allocation will be deferred to the first call of | |
8875 | + inflate. If zalloc and zfree are set to Z_NULL, inflateInit updates them to | |
8876 | + use default allocation functions. | |
8877 | + | |
8878 | + inflateInit returns Z_OK if success, Z_MEM_ERROR if there was not enough | |
8879 | + memory, Z_VERSION_ERROR if the zlib library version is incompatible with the | |
8880 | + version assumed by the caller. msg is set to null if there is no error | |
8881 | + message. inflateInit does not perform any decompression apart from reading | |
8882 | + the zlib header if present: this will be done by inflate(). (So next_in and | |
8883 | + avail_in may be modified, but next_out and avail_out are unchanged.) | |
8884 | +*/ | |
8885 | + | |
8886 | + | |
8887 | +ZEXTERN int ZEXPORT inflate OF((z_streamp strm, int flush)); | |
8888 | +/* | |
8889 | + inflate decompresses as much data as possible, and stops when the input | |
8890 | + buffer becomes empty or the output buffer becomes full. It may some | |
8891 | + introduce some output latency (reading input without producing any output) | |
8892 | + except when forced to flush. | |
8893 | + | |
8894 | + The detailed semantics are as follows. inflate performs one or both of the | |
8895 | + following actions: | |
8896 | + | |
8897 | + - Decompress more input starting at next_in and update next_in and avail_in | |
8898 | + accordingly. If not all input can be processed (because there is not | |
8899 | + enough room in the output buffer), next_in is updated and processing | |
8900 | + will resume at this point for the next call of inflate(). | |
8901 | + | |
8902 | + - Provide more output starting at next_out and update next_out and avail_out | |
8903 | + accordingly. inflate() provides as much output as possible, until there | |
8904 | + is no more input data or no more space in the output buffer (see below | |
8905 | + about the flush parameter). | |
8906 | + | |
8907 | + Before the call of inflate(), the application should ensure that at least | |
8908 | + one of the actions is possible, by providing more input and/or consuming | |
8909 | + more output, and updating the next_* and avail_* values accordingly. | |
8910 | + The application can consume the uncompressed output when it wants, for | |
8911 | + example when the output buffer is full (avail_out == 0), or after each | |
8912 | + call of inflate(). If inflate returns Z_OK and with zero avail_out, it | |
8913 | + must be called again after making room in the output buffer because there | |
8914 | + might be more output pending. | |
8915 | + | |
8916 | + If the parameter flush is set to Z_SYNC_FLUSH, inflate flushes as much | |
8917 | + output as possible to the output buffer. The flushing behavior of inflate is | |
8918 | + not specified for values of the flush parameter other than Z_SYNC_FLUSH | |
8919 | + and Z_FINISH, but the current implementation actually flushes as much output | |
8920 | + as possible anyway. | |
8921 | + | |
8922 | + inflate() should normally be called until it returns Z_STREAM_END or an | |
8923 | + error. However if all decompression is to be performed in a single step | |
8924 | + (a single call of inflate), the parameter flush should be set to | |
8925 | + Z_FINISH. In this case all pending input is processed and all pending | |
8926 | + output is flushed; avail_out must be large enough to hold all the | |
8927 | + uncompressed data. (The size of the uncompressed data may have been saved | |
8928 | + by the compressor for this purpose.) The next operation on this stream must | |
8929 | + be inflateEnd to deallocate the decompression state. The use of Z_FINISH | |
8930 | + is never required, but can be used to inform inflate that a faster routine | |
8931 | + may be used for the single inflate() call. | |
8932 | + | |
8933 | + If a preset dictionary is needed at this point (see inflateSetDictionary | |
8934 | + below), inflate sets strm-adler to the adler32 checksum of the | |
8935 | + dictionary chosen by the compressor and returns Z_NEED_DICT; otherwise | |
8936 | + it sets strm->adler to the adler32 checksum of all output produced | |
8937 | + so far (that is, total_out bytes) and returns Z_OK, Z_STREAM_END or | |
8938 | + an error code as described below. At the end of the stream, inflate() | |
8939 | + checks that its computed adler32 checksum is equal to that saved by the | |
8940 | + compressor and returns Z_STREAM_END only if the checksum is correct. | |
8941 | + | |
8942 | + inflate() returns Z_OK if some progress has been made (more input processed | |
8943 | + or more output produced), Z_STREAM_END if the end of the compressed data has | |
8944 | + been reached and all uncompressed output has been produced, Z_NEED_DICT if a | |
8945 | + preset dictionary is needed at this point, Z_DATA_ERROR if the input data was | |
8946 | + corrupted (input stream not conforming to the zlib format or incorrect | |
8947 | + adler32 checksum), Z_STREAM_ERROR if the stream structure was inconsistent | |
8948 | + (for example if next_in or next_out was NULL), Z_MEM_ERROR if there was not | |
8949 | + enough memory, Z_BUF_ERROR if no progress is possible or if there was not | |
8950 | + enough room in the output buffer when Z_FINISH is used. In the Z_DATA_ERROR | |
8951 | + case, the application may then call inflateSync to look for a good | |
8952 | + compression block. | |
8953 | +*/ | |
8954 | + | |
8955 | + | |
8956 | +ZEXTERN int ZEXPORT inflateEnd OF((z_streamp strm)); | |
8957 | +/* | |
8958 | + All dynamically allocated data structures for this stream are freed. | |
8959 | + This function discards any unprocessed input and does not flush any | |
8960 | + pending output. | |
8961 | + | |
8962 | + inflateEnd returns Z_OK if success, Z_STREAM_ERROR if the stream state | |
8963 | + was inconsistent. In the error case, msg may be set but then points to a | |
8964 | + static string (which must not be deallocated). | |
8965 | +*/ | |
8966 | + | |
8967 | + /* Advanced functions */ | |
8968 | + | |
8969 | +/* | |
8970 | + The following functions are needed only in some special applications. | |
8971 | +*/ | |
8972 | + | |
8973 | +/* | |
8974 | +ZEXTERN int ZEXPORT deflateInit2 OF((z_streamp strm, | |
8975 | + int level, | |
8976 | + int method, | |
8977 | + int windowBits, | |
8978 | + int memLevel, | |
8979 | + int strategy)); | |
8980 | + | |
8981 | + This is another version of deflateInit with more compression options. The | |
8982 | + fields next_in, zalloc, zfree and opaque must be initialized before by | |
8983 | + the caller. | |
8984 | + | |
8985 | + The method parameter is the compression method. It must be Z_DEFLATED in | |
8986 | + this version of the library. | |
8987 | + | |
8988 | + The windowBits parameter is the base two logarithm of the window size | |
8989 | + (the size of the history buffer). It should be in the range 8..15 for this | |
8990 | + version of the library. Larger values of this parameter result in better | |
8991 | + compression at the expense of memory usage. The default value is 15 if | |
8992 | + deflateInit is used instead. | |
8993 | + | |
8994 | + The memLevel parameter specifies how much memory should be allocated | |
8995 | + for the internal compression state. memLevel=1 uses minimum memory but | |
8996 | + is slow and reduces compression ratio; memLevel=9 uses maximum memory | |
8997 | + for optimal speed. The default value is 8. See zconf.h for total memory | |
8998 | + usage as a function of windowBits and memLevel. | |
8999 | + | |
9000 | + The strategy parameter is used to tune the compression algorithm. Use the | |
9001 | + value Z_DEFAULT_STRATEGY for normal data, Z_FILTERED for data produced by a | |
9002 | + filter (or predictor), or Z_HUFFMAN_ONLY to force Huffman encoding only (no | |
9003 | + string match). Filtered data consists mostly of small values with a | |
9004 | + somewhat random distribution. In this case, the compression algorithm is | |
9005 | + tuned to compress them better. The effect of Z_FILTERED is to force more | |
9006 | + Huffman coding and less string matching; it is somewhat intermediate | |
9007 | + between Z_DEFAULT and Z_HUFFMAN_ONLY. The strategy parameter only affects | |
9008 | + the compression ratio but not the correctness of the compressed output even | |
9009 | + if it is not set appropriately. | |
9010 | + | |
9011 | + deflateInit2 returns Z_OK if success, Z_MEM_ERROR if there was not enough | |
9012 | + memory, Z_STREAM_ERROR if a parameter is invalid (such as an invalid | |
9013 | + method). msg is set to null if there is no error message. deflateInit2 does | |
9014 | + not perform any compression: this will be done by deflate(). | |
9015 | +*/ | |
9016 | + | |
9017 | +ZEXTERN int ZEXPORT deflateSetDictionary OF((z_streamp strm, | |
9018 | + const Bytef *dictionary, | |
9019 | + uInt dictLength)); | |
9020 | +/* | |
9021 | + Initializes the compression dictionary from the given byte sequence | |
9022 | + without producing any compressed output. This function must be called | |
9023 | + immediately after deflateInit, deflateInit2 or deflateReset, before any | |
9024 | + call of deflate. The compressor and decompressor must use exactly the same | |
9025 | + dictionary (see inflateSetDictionary). | |
9026 | + | |
9027 | + The dictionary should consist of strings (byte sequences) that are likely | |
9028 | + to be encountered later in the data to be compressed, with the most commonly | |
9029 | + used strings preferably put towards the end of the dictionary. Using a | |
9030 | + dictionary is most useful when the data to be compressed is short and can be | |
9031 | + predicted with good accuracy; the data can then be compressed better than | |
9032 | + with the default empty dictionary. | |
9033 | + | |
9034 | + Depending on the size of the compression data structures selected by | |
9035 | + deflateInit or deflateInit2, a part of the dictionary may in effect be | |
9036 | + discarded, for example if the dictionary is larger than the window size in | |
9037 | + deflate or deflate2. Thus the strings most likely to be useful should be | |
9038 | + put at the end of the dictionary, not at the front. | |
9039 | + | |
9040 | + Upon return of this function, strm->adler is set to the Adler32 value | |
9041 | + of the dictionary; the decompressor may later use this value to determine | |
9042 | + which dictionary has been used by the compressor. (The Adler32 value | |
9043 | + applies to the whole dictionary even if only a subset of the dictionary is | |
9044 | + actually used by the compressor.) | |
9045 | + | |
9046 | + deflateSetDictionary returns Z_OK if success, or Z_STREAM_ERROR if a | |
9047 | + parameter is invalid (such as NULL dictionary) or the stream state is | |
9048 | + inconsistent (for example if deflate has already been called for this stream | |
9049 | + or if the compression method is bsort). deflateSetDictionary does not | |
9050 | + perform any compression: this will be done by deflate(). | |
9051 | +*/ | |
9052 | + | |
9053 | +ZEXTERN int ZEXPORT deflateCopy OF((z_streamp dest, | |
9054 | + z_streamp source)); | |
9055 | +/* | |
9056 | + Sets the destination stream as a complete copy of the source stream. | |
9057 | + | |
9058 | + This function can be useful when several compression strategies will be | |
9059 | + tried, for example when there are several ways of pre-processing the input | |
9060 | + data with a filter. The streams that will be discarded should then be freed | |
9061 | + by calling deflateEnd. Note that deflateCopy duplicates the internal | |
9062 | + compression state which can be quite large, so this strategy is slow and | |
9063 | + can consume lots of memory. | |
9064 | + | |
9065 | + deflateCopy returns Z_OK if success, Z_MEM_ERROR if there was not | |
9066 | + enough memory, Z_STREAM_ERROR if the source stream state was inconsistent | |
9067 | + (such as zalloc being NULL). msg is left unchanged in both source and | |
9068 | + destination. | |
9069 | +*/ | |
9070 | + | |
9071 | +ZEXTERN int ZEXPORT deflateReset OF((z_streamp strm)); | |
9072 | +/* | |
9073 | + This function is equivalent to deflateEnd followed by deflateInit, | |
9074 | + but does not free and reallocate all the internal compression state. | |
9075 | + The stream will keep the same compression level and any other attributes | |
9076 | + that may have been set by deflateInit2. | |
9077 | + | |
9078 | + deflateReset returns Z_OK if success, or Z_STREAM_ERROR if the source | |
9079 | + stream state was inconsistent (such as zalloc or state being NULL). | |
9080 | +*/ | |
9081 | + | |
9082 | +ZEXTERN int ZEXPORT deflateParams OF((z_streamp strm, | |
9083 | + int level, | |
9084 | + int strategy)); | |
9085 | +/* | |
9086 | + Dynamically update the compression level and compression strategy. The | |
9087 | + interpretation of level and strategy is as in deflateInit2. This can be | |
9088 | + used to switch between compression and straight copy of the input data, or | |
9089 | + to switch to a different kind of input data requiring a different | |
9090 | + strategy. If the compression level is changed, the input available so far | |
9091 | + is compressed with the old level (and may be flushed); the new level will | |
9092 | + take effect only at the next call of deflate(). | |
9093 | + | |
9094 | + Before the call of deflateParams, the stream state must be set as for | |
9095 | + a call of deflate(), since the currently available input may have to | |
9096 | + be compressed and flushed. In particular, strm->avail_out must be non-zero. | |
9097 | + | |
9098 | + deflateParams returns Z_OK if success, Z_STREAM_ERROR if the source | |
9099 | + stream state was inconsistent or if a parameter was invalid, Z_BUF_ERROR | |
9100 | + if strm->avail_out was zero. | |
9101 | +*/ | |
9102 | + | |
9103 | +/* | |
9104 | +ZEXTERN int ZEXPORT inflateInit2 OF((z_streamp strm, | |
9105 | + int windowBits)); | |
9106 | + | |
9107 | + This is another version of inflateInit with an extra parameter. The | |
9108 | + fields next_in, avail_in, zalloc, zfree and opaque must be initialized | |
9109 | + before by the caller. | |
9110 | + | |
9111 | + The windowBits parameter is the base two logarithm of the maximum window | |
9112 | + size (the size of the history buffer). It should be in the range 8..15 for | |
9113 | + this version of the library. The default value is 15 if inflateInit is used | |
9114 | + instead. If a compressed stream with a larger window size is given as | |
9115 | + input, inflate() will return with the error code Z_DATA_ERROR instead of | |
9116 | + trying to allocate a larger window. | |
9117 | + | |
9118 | + inflateInit2 returns Z_OK if success, Z_MEM_ERROR if there was not enough | |
9119 | + memory, Z_STREAM_ERROR if a parameter is invalid (such as a negative | |
9120 | + memLevel). msg is set to null if there is no error message. inflateInit2 | |
9121 | + does not perform any decompression apart from reading the zlib header if | |
9122 | + present: this will be done by inflate(). (So next_in and avail_in may be | |
9123 | + modified, but next_out and avail_out are unchanged.) | |
9124 | +*/ | |
9125 | + | |
9126 | +ZEXTERN int ZEXPORT inflateSetDictionary OF((z_streamp strm, | |
9127 | + const Bytef *dictionary, | |
9128 | + uInt dictLength)); | |
9129 | +/* | |
9130 | + Initializes the decompression dictionary from the given uncompressed byte | |
9131 | + sequence. This function must be called immediately after a call of inflate | |
9132 | + if this call returned Z_NEED_DICT. The dictionary chosen by the compressor | |
9133 | + can be determined from the Adler32 value returned by this call of | |
9134 | + inflate. The compressor and decompressor must use exactly the same | |
9135 | + dictionary (see deflateSetDictionary). | |
9136 | + | |
9137 | + inflateSetDictionary returns Z_OK if success, Z_STREAM_ERROR if a | |
9138 | + parameter is invalid (such as NULL dictionary) or the stream state is | |
9139 | + inconsistent, Z_DATA_ERROR if the given dictionary doesn't match the | |
9140 | + expected one (incorrect Adler32 value). inflateSetDictionary does not | |
9141 | + perform any decompression: this will be done by subsequent calls of | |
9142 | + inflate(). | |
9143 | +*/ | |
9144 | + | |
9145 | +ZEXTERN int ZEXPORT inflateSync OF((z_streamp strm)); | |
9146 | +/* | |
9147 | + Skips invalid compressed data until a full flush point (see above the | |
9148 | + description of deflate with Z_FULL_FLUSH) can be found, or until all | |
9149 | + available input is skipped. No output is provided. | |
9150 | + | |
9151 | + inflateSync returns Z_OK if a full flush point has been found, Z_BUF_ERROR | |
9152 | + if no more input was provided, Z_DATA_ERROR if no flush point has been found, | |
9153 | + or Z_STREAM_ERROR if the stream structure was inconsistent. In the success | |
9154 | + case, the application may save the current current value of total_in which | |
9155 | + indicates where valid compressed data was found. In the error case, the | |
9156 | + application may repeatedly call inflateSync, providing more input each time, | |
9157 | + until success or end of the input data. | |
9158 | +*/ | |
9159 | + | |
9160 | +ZEXTERN int ZEXPORT inflateReset OF((z_streamp strm)); | |
9161 | +/* | |
9162 | + This function is equivalent to inflateEnd followed by inflateInit, | |
9163 | + but does not free and reallocate all the internal decompression state. | |
9164 | + The stream will keep attributes that may have been set by inflateInit2. | |
9165 | + | |
9166 | + inflateReset returns Z_OK if success, or Z_STREAM_ERROR if the source | |
9167 | + stream state was inconsistent (such as zalloc or state being NULL). | |
9168 | +*/ | |
9169 | + | |
9170 | + | |
9171 | + /* utility functions */ | |
9172 | + | |
9173 | +/* | |
9174 | + The following utility functions are implemented on top of the | |
9175 | + basic stream-oriented functions. To simplify the interface, some | |
9176 | + default options are assumed (compression level and memory usage, | |
9177 | + standard memory allocation functions). The source code of these | |
9178 | + utility functions can easily be modified if you need special options. | |
9179 | +*/ | |
9180 | + | |
9181 | +ZEXTERN int ZEXPORT compress OF((Bytef *dest, uLongf *destLen, | |
9182 | + const Bytef *source, uLong sourceLen)); | |
9183 | +/* | |
9184 | + Compresses the source buffer into the destination buffer. sourceLen is | |
9185 | + the byte length of the source buffer. Upon entry, destLen is the total | |
9186 | + size of the destination buffer, which must be at least 0.1% larger than | |
9187 | + sourceLen plus 12 bytes. Upon exit, destLen is the actual size of the | |
9188 | + compressed buffer. | |
9189 | + This function can be used to compress a whole file at once if the | |
9190 | + input file is mmap'ed. | |
9191 | + compress returns Z_OK if success, Z_MEM_ERROR if there was not | |
9192 | + enough memory, Z_BUF_ERROR if there was not enough room in the output | |
9193 | + buffer. | |
9194 | +*/ | |
9195 | + | |
9196 | +ZEXTERN int ZEXPORT compress2 OF((Bytef *dest, uLongf *destLen, | |
9197 | + const Bytef *source, uLong sourceLen, | |
9198 | + int level)); | |
9199 | +/* | |
9200 | + Compresses the source buffer into the destination buffer. The level | |
9201 | + parameter has the same meaning as in deflateInit. sourceLen is the byte | |
9202 | + length of the source buffer. Upon entry, destLen is the total size of the | |
9203 | + destination buffer, which must be at least 0.1% larger than sourceLen plus | |
9204 | + 12 bytes. Upon exit, destLen is the actual size of the compressed buffer. | |
9205 | + | |
9206 | + compress2 returns Z_OK if success, Z_MEM_ERROR if there was not enough | |
9207 | + memory, Z_BUF_ERROR if there was not enough room in the output buffer, | |
9208 | + Z_STREAM_ERROR if the level parameter is invalid. | |
9209 | +*/ | |
9210 | + | |
9211 | +ZEXTERN int ZEXPORT uncompress OF((Bytef *dest, uLongf *destLen, | |
9212 | + const Bytef *source, uLong sourceLen)); | |
9213 | +/* | |
9214 | + Decompresses the source buffer into the destination buffer. sourceLen is | |
9215 | + the byte length of the source buffer. Upon entry, destLen is the total | |
9216 | + size of the destination buffer, which must be large enough to hold the | |
9217 | + entire uncompressed data. (The size of the uncompressed data must have | |
9218 | + been saved previously by the compressor and transmitted to the decompressor | |
9219 | + by some mechanism outside the scope of this compression library.) | |
9220 | + Upon exit, destLen is the actual size of the compressed buffer. | |
9221 | + This function can be used to decompress a whole file at once if the | |
9222 | + input file is mmap'ed. | |
9223 | + | |
9224 | + uncompress returns Z_OK if success, Z_MEM_ERROR if there was not | |
9225 | + enough memory, Z_BUF_ERROR if there was not enough room in the output | |
9226 | + buffer, or Z_DATA_ERROR if the input data was corrupted. | |
9227 | +*/ | |
9228 | + | |
9229 | + | |
9230 | +typedef voidp gzFile; | |
9231 | + | |
9232 | +ZEXTERN gzFile ZEXPORT gzopen OF((const char *path, const char *mode)); | |
9233 | +/* | |
9234 | + Opens a gzip (.gz) file for reading or writing. The mode parameter | |
9235 | + is as in fopen ("rb" or "wb") but can also include a compression level | |
9236 | + ("wb9") or a strategy: 'f' for filtered data as in "wb6f", 'h' for | |
9237 | + Huffman only compression as in "wb1h". (See the description | |
9238 | + of deflateInit2 for more information about the strategy parameter.) | |
9239 | + | |
9240 | + gzopen can be used to read a file which is not in gzip format; in this | |
9241 | + case gzread will directly read from the file without decompression. | |
9242 | + | |
9243 | + gzopen returns NULL if the file could not be opened or if there was | |
9244 | + insufficient memory to allocate the (de)compression state; errno | |
9245 | + can be checked to distinguish the two cases (if errno is zero, the | |
9246 | + zlib error is Z_MEM_ERROR). */ | |
9247 | + | |
9248 | +ZEXTERN gzFile ZEXPORT gzdopen OF((int fd, const char *mode)); | |
9249 | +/* | |
9250 | + gzdopen() associates a gzFile with the file descriptor fd. File | |
9251 | + descriptors are obtained from calls like open, dup, creat, pipe or | |
9252 | + fileno (in the file has been previously opened with fopen). | |
9253 | + The mode parameter is as in gzopen. | |
9254 | + The next call of gzclose on the returned gzFile will also close the | |
9255 | + file descriptor fd, just like fclose(fdopen(fd), mode) closes the file | |
9256 | + descriptor fd. If you want to keep fd open, use gzdopen(dup(fd), mode). | |
9257 | + gzdopen returns NULL if there was insufficient memory to allocate | |
9258 | + the (de)compression state. | |
9259 | +*/ | |
9260 | + | |
9261 | +ZEXTERN int ZEXPORT gzsetparams OF((gzFile file, int level, int strategy)); | |
9262 | +/* | |
9263 | + Dynamically update the compression level or strategy. See the description | |
9264 | + of deflateInit2 for the meaning of these parameters. | |
9265 | + gzsetparams returns Z_OK if success, or Z_STREAM_ERROR if the file was not | |
9266 | + opened for writing. | |
9267 | +*/ | |
9268 | + | |
9269 | +ZEXTERN int ZEXPORT gzread OF((gzFile file, voidp buf, unsigned len)); | |
9270 | +/* | |
9271 | + Reads the given number of uncompressed bytes from the compressed file. | |
9272 | + If the input file was not in gzip format, gzread copies the given number | |
9273 | + of bytes into the buffer. | |
9274 | + gzread returns the number of uncompressed bytes actually read (0 for | |
9275 | + end of file, -1 for error). */ | |
9276 | + | |
9277 | +ZEXTERN int ZEXPORT gzwrite OF((gzFile file, | |
9278 | + const voidp buf, unsigned len)); | |
9279 | +/* | |
9280 | + Writes the given number of uncompressed bytes into the compressed file. | |
9281 | + gzwrite returns the number of uncompressed bytes actually written | |
9282 | + (0 in case of error). | |
9283 | +*/ | |
9284 | + | |
9285 | +ZEXTERN int ZEXPORTVA gzprintf OF((gzFile file, const char *format, ...)); | |
9286 | +/* | |
9287 | + Converts, formats, and writes the args to the compressed file under | |
9288 | + control of the format string, as in fprintf. gzprintf returns the number of | |
9289 | + uncompressed bytes actually written (0 in case of error). | |
9290 | +*/ | |
9291 | + | |
9292 | +ZEXTERN int ZEXPORT gzputs OF((gzFile file, const char *s)); | |
9293 | +/* | |
9294 | + Writes the given null-terminated string to the compressed file, excluding | |
9295 | + the terminating null character. | |
9296 | + gzputs returns the number of characters written, or -1 in case of error. | |
9297 | +*/ | |
9298 | + | |
9299 | +ZEXTERN char * ZEXPORT gzgets OF((gzFile file, char *buf, int len)); | |
9300 | +/* | |
9301 | + Reads bytes from the compressed file until len-1 characters are read, or | |
9302 | + a newline character is read and transferred to buf, or an end-of-file | |
9303 | + condition is encountered. The string is then terminated with a null | |
9304 | + character. | |
9305 | + gzgets returns buf, or Z_NULL in case of error. | |
9306 | +*/ | |
9307 | + | |
9308 | +ZEXTERN int ZEXPORT gzputc OF((gzFile file, int c)); | |
9309 | +/* | |
9310 | + Writes c, converted to an unsigned char, into the compressed file. | |
9311 | + gzputc returns the value that was written, or -1 in case of error. | |
9312 | +*/ | |
9313 | + | |
9314 | +ZEXTERN int ZEXPORT gzgetc OF((gzFile file)); | |
9315 | +/* | |
9316 | + Reads one byte from the compressed file. gzgetc returns this byte | |
9317 | + or -1 in case of end of file or error. | |
9318 | +*/ | |
9319 | + | |
9320 | +ZEXTERN int ZEXPORT gzflush OF((gzFile file, int flush)); | |
9321 | +/* | |
9322 | + Flushes all pending output into the compressed file. The parameter | |
9323 | + flush is as in the deflate() function. The return value is the zlib | |
9324 | + error number (see function gzerror below). gzflush returns Z_OK if | |
9325 | + the flush parameter is Z_FINISH and all output could be flushed. | |
9326 | + gzflush should be called only when strictly necessary because it can | |
9327 | + degrade compression. | |
9328 | +*/ | |
9329 | + | |
9330 | +ZEXTERN z_off_t ZEXPORT gzseek OF((gzFile file, | |
9331 | + z_off_t offset, int whence)); | |
9332 | +/* | |
9333 | + Sets the starting position for the next gzread or gzwrite on the | |
9334 | + given compressed file. The offset represents a number of bytes in the | |
9335 | + uncompressed data stream. The whence parameter is defined as in lseek(2); | |
9336 | + the value SEEK_END is not supported. | |
9337 | + If the file is opened for reading, this function is emulated but can be | |
9338 | + extremely slow. If the file is opened for writing, only forward seeks are | |
9339 | + supported; gzseek then compresses a sequence of zeroes up to the new | |
9340 | + starting position. | |
9341 | + | |
9342 | + gzseek returns the resulting offset location as measured in bytes from | |
9343 | + the beginning of the uncompressed stream, or -1 in case of error, in | |
9344 | + particular if the file is opened for writing and the new starting position | |
9345 | + would be before the current position. | |
9346 | +*/ | |
9347 | + | |
9348 | +ZEXTERN int ZEXPORT gzrewind OF((gzFile file)); | |
9349 | +/* | |
9350 | + Rewinds the given file. This function is supported only for reading. | |
9351 | + | |
9352 | + gzrewind(file) is equivalent to (int)gzseek(file, 0L, SEEK_SET) | |
9353 | +*/ | |
9354 | + | |
9355 | +ZEXTERN z_off_t ZEXPORT gztell OF((gzFile file)); | |
9356 | +/* | |
9357 | + Returns the starting position for the next gzread or gzwrite on the | |
9358 | + given compressed file. This position represents a number of bytes in the | |
9359 | + uncompressed data stream. | |
9360 | + | |
9361 | + gztell(file) is equivalent to gzseek(file, 0L, SEEK_CUR) | |
9362 | +*/ | |
9363 | + | |
9364 | +ZEXTERN int ZEXPORT gzeof OF((gzFile file)); | |
9365 | +/* | |
9366 | + Returns 1 when EOF has previously been detected reading the given | |
9367 | + input stream, otherwise zero. | |
9368 | +*/ | |
9369 | + | |
9370 | +ZEXTERN int ZEXPORT gzclose OF((gzFile file)); | |
9371 | +/* | |
9372 | + Flushes all pending output if necessary, closes the compressed file | |
9373 | + and deallocates all the (de)compression state. The return value is the zlib | |
9374 | + error number (see function gzerror below). | |
9375 | +*/ | |
9376 | + | |
9377 | +ZEXTERN const char * ZEXPORT gzerror OF((gzFile file, int *errnum)); | |
9378 | +/* | |
9379 | + Returns the error message for the last error which occurred on the | |
9380 | + given compressed file. errnum is set to zlib error number. If an | |
9381 | + error occurred in the file system and not in the compression library, | |
9382 | + errnum is set to Z_ERRNO and the application may consult errno | |
9383 | + to get the exact error code. | |
9384 | +*/ | |
9385 | + | |
9386 | + /* checksum functions */ | |
9387 | + | |
9388 | +/* | |
9389 | + These functions are not related to compression but are exported | |
9390 | + anyway because they might be useful in applications using the | |
9391 | + compression library. | |
9392 | +*/ | |
9393 | + | |
9394 | +ZEXTERN uLong ZEXPORT adler32 OF((uLong adler, const Bytef *buf, uInt len)); | |
9395 | + | |
9396 | +/* | |
9397 | + Update a running Adler-32 checksum with the bytes buf[0..len-1] and | |
9398 | + return the updated checksum. If buf is NULL, this function returns | |
9399 | + the required initial value for the checksum. | |
9400 | + An Adler-32 checksum is almost as reliable as a CRC32 but can be computed | |
9401 | + much faster. Usage example: | |
9402 | + | |
9403 | + uLong adler = adler32(0L, Z_NULL, 0); | |
9404 | + | |
9405 | + while (read_buffer(buffer, length) != EOF) { | |
9406 | + adler = adler32(adler, buffer, length); | |
9407 | + } | |
9408 | + if (adler != original_adler) error(); | |
9409 | +*/ | |
9410 | + | |
9411 | +ZEXTERN uLong ZEXPORT crc32 OF((uLong crc, const Bytef *buf, uInt len)); | |
9412 | +/* | |
9413 | + Update a running crc with the bytes buf[0..len-1] and return the updated | |
9414 | + crc. If buf is NULL, this function returns the required initial value | |
9415 | + for the crc. Pre- and post-conditioning (one's complement) is performed | |
9416 | + within this function so it shouldn't be done by the application. | |
9417 | + Usage example: | |
9418 | + | |
9419 | + uLong crc = crc32(0L, Z_NULL, 0); | |
9420 | + | |
9421 | + while (read_buffer(buffer, length) != EOF) { | |
9422 | + crc = crc32(crc, buffer, length); | |
9423 | + } | |
9424 | + if (crc != original_crc) error(); | |
9425 | +*/ | |
9426 | + | |
9427 | + | |
9428 | + /* various hacks, don't look :) */ | |
9429 | + | |
9430 | +/* deflateInit and inflateInit are macros to allow checking the zlib version | |
9431 | + * and the compiler's view of z_stream: | |
9432 | + */ | |
9433 | +ZEXTERN int ZEXPORT deflateInit_ OF((z_streamp strm, int level, | |
9434 | + const char *version, int stream_size)); | |
9435 | +ZEXTERN int ZEXPORT inflateInit_ OF((z_streamp strm, | |
9436 | + const char *version, int stream_size)); | |
9437 | +ZEXTERN int ZEXPORT deflateInit2_ OF((z_streamp strm, int level, int method, | |
9438 | + int windowBits, int memLevel, | |
9439 | + int strategy, const char *version, | |
9440 | + int stream_size)); | |
9441 | +ZEXTERN int ZEXPORT inflateInit2_ OF((z_streamp strm, int windowBits, | |
9442 | + const char *version, int stream_size)); | |
9443 | +#define deflateInit(strm, level) \ | |
9444 | + deflateInit_((strm), (level), ZLIB_VERSION, sizeof(z_stream)) | |
9445 | +#define inflateInit(strm) \ | |
9446 | + inflateInit_((strm), ZLIB_VERSION, sizeof(z_stream)) | |
9447 | +#define deflateInit2(strm, level, method, windowBits, memLevel, strategy) \ | |
9448 | + deflateInit2_((strm),(level),(method),(windowBits),(memLevel),\ | |
9449 | + (strategy), ZLIB_VERSION, sizeof(z_stream)) | |
9450 | +#define inflateInit2(strm, windowBits) \ | |
9451 | + inflateInit2_((strm), (windowBits), ZLIB_VERSION, sizeof(z_stream)) | |
9452 | + | |
9453 | + | |
9454 | +#if !defined(_Z_UTIL_H) && !defined(NO_DUMMY_DECL) | |
9455 | + struct internal_state {int dummy;}; /* hack for buggy compilers */ | |
9456 | +#endif | |
9457 | + | |
9458 | +ZEXTERN const char * ZEXPORT zError OF((int err)); | |
9459 | +ZEXTERN int ZEXPORT inflateSyncPoint OF((z_streamp z)); | |
9460 | +ZEXTERN const uLongf * ZEXPORT get_crc_table OF((void)); | |
9461 | + | |
9462 | +#ifdef __cplusplus | |
9463 | +} | |
9464 | +#endif | |
9465 | + | |
9466 | +#endif /* _ZLIB_H */ | |
9467 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
9468 | +++ linux/include/zlib/zutil.h Mon Feb 9 13:51:03 2004 | |
9469 | @@ -0,0 +1,225 @@ | |
9470 | +/* zutil.h -- internal interface and configuration of the compression library | |
9471 | + * Copyright (C) 1995-2002 Jean-loup Gailly. | |
9472 | + * For conditions of distribution and use, see copyright notice in zlib.h | |
9473 | + */ | |
9474 | + | |
9475 | +/* WARNING: this file should *not* be used by applications. It is | |
9476 | + part of the implementation of the compression library and is | |
9477 | + subject to change. Applications should only use zlib.h. | |
9478 | + */ | |
9479 | + | |
9480 | +/* @(#) $Id: zutil.h,v 1.4 2002/04/24 07:36:48 mcr Exp $ */ | |
9481 | + | |
9482 | +#ifndef _Z_UTIL_H | |
9483 | +#define _Z_UTIL_H | |
9484 | + | |
9485 | +#include "zlib.h" | |
9486 | + | |
9487 | +#include <linux/string.h> | |
9488 | +#define HAVE_MEMCPY | |
9489 | + | |
9490 | +#if 0 // #ifdef STDC | |
9491 | +# include <stddef.h> | |
9492 | +# include <string.h> | |
9493 | +# include <stdlib.h> | |
9494 | +#endif | |
9495 | +#ifndef __KERNEL__ | |
9496 | +#ifdef NO_ERRNO_H | |
9497 | + extern int errno; | |
9498 | +#else | |
9499 | +# include <errno.h> | |
9500 | +#endif | |
9501 | +#endif | |
9502 | + | |
9503 | +#ifndef local | |
9504 | +# define local static | |
9505 | +#endif | |
9506 | +/* compile with -Dlocal if your debugger can't find static symbols */ | |
9507 | + | |
9508 | +typedef unsigned char uch; | |
9509 | +typedef uch FAR uchf; | |
9510 | +typedef unsigned short ush; | |
9511 | +typedef ush FAR ushf; | |
9512 | +typedef unsigned long ulg; | |
9513 | + | |
9514 | +extern const char *z_errmsg[10]; /* indexed by 2-zlib_error */ | |
9515 | +/* (size given to avoid silly warnings with Visual C++) */ | |
9516 | + | |
9517 | +#define ERR_MSG(err) z_errmsg[Z_NEED_DICT-(err)] | |
9518 | + | |
9519 | +#define ERR_RETURN(strm,err) \ | |
9520 | + return (strm->msg = ERR_MSG(err), (err)) | |
9521 | +/* To be used only when the state is known to be valid */ | |
9522 | + | |
9523 | + /* common constants */ | |
9524 | + | |
9525 | +#ifndef DEF_WBITS | |
9526 | +# define DEF_WBITS MAX_WBITS | |
9527 | +#endif | |
9528 | +/* default windowBits for decompression. MAX_WBITS is for compression only */ | |
9529 | + | |
9530 | +#if MAX_MEM_LEVEL >= 8 | |
9531 | +# define DEF_MEM_LEVEL 8 | |
9532 | +#else | |
9533 | +# define DEF_MEM_LEVEL MAX_MEM_LEVEL | |
9534 | +#endif | |
9535 | +/* default memLevel */ | |
9536 | + | |
9537 | +#define STORED_BLOCK 0 | |
9538 | +#define STATIC_TREES 1 | |
9539 | +#define DYN_TREES 2 | |
9540 | +/* The three kinds of block type */ | |
9541 | + | |
9542 | +#define MIN_MATCH 3 | |
9543 | +#define MAX_MATCH 258 | |
9544 | +/* The minimum and maximum match lengths */ | |
9545 | + | |
9546 | +#define PRESET_DICT 0x20 /* preset dictionary flag in zlib header */ | |
9547 | + | |
9548 | + /* target dependencies */ | |
9549 | + | |
9550 | +#ifdef MSDOS | |
9551 | +# define OS_CODE 0x00 | |
9552 | +# if defined(__TURBOC__) || defined(__BORLANDC__) | |
9553 | +# if(__STDC__ == 1) && (defined(__LARGE__) || defined(__COMPACT__)) | |
9554 | + /* Allow compilation with ANSI keywords only enabled */ | |
9555 | + void _Cdecl farfree( void *block ); | |
9556 | + void *_Cdecl farmalloc( unsigned long nbytes ); | |
9557 | +# else | |
9558 | +# include <alloc.h> | |
9559 | +# endif | |
9560 | +# else /* MSC or DJGPP */ | |
9561 | +# include <malloc.h> | |
9562 | +# endif | |
9563 | +#endif | |
9564 | + | |
9565 | +#ifdef OS2 | |
9566 | +# define OS_CODE 0x06 | |
9567 | +#endif | |
9568 | + | |
9569 | +#ifdef WIN32 /* Window 95 & Windows NT */ | |
9570 | +# define OS_CODE 0x0b | |
9571 | +#endif | |
9572 | + | |
9573 | +#if defined(VAXC) || defined(VMS) | |
9574 | +# define OS_CODE 0x02 | |
9575 | +# define F_OPEN(name, mode) \ | |
9576 | + fopen((name), (mode), "mbc=60", "ctx=stm", "rfm=fix", "mrs=512") | |
9577 | +#endif | |
9578 | + | |
9579 | +#ifdef AMIGA | |
9580 | +# define OS_CODE 0x01 | |
9581 | +#endif | |
9582 | + | |
9583 | +#if defined(ATARI) || defined(atarist) | |
9584 | +# define OS_CODE 0x05 | |
9585 | +#endif | |
9586 | + | |
9587 | +#if defined(MACOS) || defined(TARGET_OS_MAC) | |
9588 | +# define OS_CODE 0x07 | |
9589 | +# if defined(__MWERKS__) && __dest_os != __be_os && __dest_os != __win32_os | |
9590 | +# include <unix.h> /* for fdopen */ | |
9591 | +# else | |
9592 | +# ifndef fdopen | |
9593 | +# define fdopen(fd,mode) NULL /* No fdopen() */ | |
9594 | +# endif | |
9595 | +# endif | |
9596 | +#endif | |
9597 | + | |
9598 | +#ifdef __50SERIES /* Prime/PRIMOS */ | |
9599 | +# define OS_CODE 0x0F | |
9600 | +#endif | |
9601 | + | |
9602 | +#ifdef TOPS20 | |
9603 | +# define OS_CODE 0x0a | |
9604 | +#endif | |
9605 | + | |
9606 | +#if defined(_BEOS_) || defined(RISCOS) | |
9607 | +# define fdopen(fd,mode) NULL /* No fdopen() */ | |
9608 | +#endif | |
9609 | + | |
9610 | +#if (defined(_MSC_VER) && (_MSC_VER > 600)) | |
9611 | +# define fdopen(fd,type) _fdopen(fd,type) | |
9612 | +#endif | |
9613 | + | |
9614 | + | |
9615 | + /* Common defaults */ | |
9616 | + | |
9617 | +#ifndef OS_CODE | |
9618 | +# define OS_CODE 0x03 /* assume Unix */ | |
9619 | +#endif | |
9620 | + | |
9621 | +#ifndef F_OPEN | |
9622 | +# define F_OPEN(name, mode) fopen((name), (mode)) | |
9623 | +#endif | |
9624 | + | |
9625 | + /* functions */ | |
9626 | + | |
9627 | +#ifdef HAVE_STRERROR | |
9628 | + extern char *strerror OF((int)); | |
9629 | +# define zstrerror(errnum) strerror(errnum) | |
9630 | +#else | |
9631 | +# define zstrerror(errnum) "" | |
9632 | +#endif | |
9633 | + | |
9634 | +#if defined(pyr) | |
9635 | +# define NO_MEMCPY | |
9636 | +#endif | |
9637 | +#if defined(SMALL_MEDIUM) && !defined(_MSC_VER) && !defined(__SC__) | |
9638 | + /* Use our own functions for small and medium model with MSC <= 5.0. | |
9639 | + * You may have to use the same strategy for Borland C (untested). | |
9640 | + * The __SC__ check is for Symantec. | |
9641 | + */ | |
9642 | +# define NO_MEMCPY | |
9643 | +#endif | |
9644 | +#if defined(STDC) && !defined(HAVE_MEMCPY) && !defined(NO_MEMCPY) | |
9645 | +# define HAVE_MEMCPY | |
9646 | +#endif | |
9647 | +#ifdef HAVE_MEMCPY | |
9648 | +# ifdef SMALL_MEDIUM /* MSDOS small or medium model */ | |
9649 | +# define zmemcpy _fmemcpy | |
9650 | +# define zmemcmp _fmemcmp | |
9651 | +# define zmemzero(dest, len) _fmemset(dest, 0, len) | |
9652 | +# else | |
9653 | +# define zmemcpy memcpy | |
9654 | +# define zmemcmp memcmp | |
9655 | +# define zmemzero(dest, len) memset(dest, 0, len) | |
9656 | +# endif | |
9657 | +#else | |
9658 | + extern void zmemcpy OF((Bytef* dest, const Bytef* source, uInt len)); | |
9659 | + extern int zmemcmp OF((const Bytef* s1, const Bytef* s2, uInt len)); | |
9660 | + extern void zmemzero OF((Bytef* dest, uInt len)); | |
9661 | +#endif | |
9662 | + | |
9663 | +/* Diagnostic functions */ | |
9664 | +#ifdef DEBUG | |
9665 | +# include <stdio.h> | |
9666 | + extern int z_verbose; | |
9667 | + extern void z_error OF((char *m)); | |
9668 | +# define Assert(cond,msg) {if(!(cond)) z_error(msg);} | |
9669 | +# define Trace(x) {if (z_verbose>=0) fprintf x ;} | |
9670 | +# define Tracev(x) {if (z_verbose>0) fprintf x ;} | |
9671 | +# define Tracevv(x) {if (z_verbose>1) fprintf x ;} | |
9672 | +# define Tracec(c,x) {if (z_verbose>0 && (c)) fprintf x ;} | |
9673 | +# define Tracecv(c,x) {if (z_verbose>1 && (c)) fprintf x ;} | |
9674 | +#else | |
9675 | +# define Assert(cond,msg) | |
9676 | +# define Trace(x) | |
9677 | +# define Tracev(x) | |
9678 | +# define Tracevv(x) | |
9679 | +# define Tracec(c,x) | |
9680 | +# define Tracecv(c,x) | |
9681 | +#endif | |
9682 | + | |
9683 | + | |
9684 | +typedef uLong (ZEXPORT *check_func) OF((uLong check, const Bytef *buf, | |
9685 | + uInt len)); | |
9686 | +voidpf zcalloc OF((voidpf opaque, unsigned items, unsigned size)); | |
9687 | +void zcfree OF((voidpf opaque, voidpf ptr)); | |
9688 | + | |
9689 | +#define ZALLOC(strm, items, size) \ | |
9690 | + (*((strm)->zalloc))((strm)->opaque, (items), (size)) | |
9691 | +#define ZFREE(strm, addr) (*((strm)->zfree))((strm)->opaque, (voidpf)(addr)) | |
9692 | +#define TRY_FREE(s, p) {if (p) ZFREE(s, p);} | |
9693 | + | |
9694 | +#endif /* _Z_UTIL_H */ | |
9695 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
9696 | +++ linux/lib/libfreeswan/Makefile.objs Mon Feb 9 13:51:03 2004 | |
9697 | @@ -0,0 +1,21 @@ | |
9698 | +obj-y += satot.o | |
9699 | +obj-y += addrtot.o | |
9700 | +obj-y += ultot.o | |
9701 | +obj-y += addrtypeof.o | |
9702 | +obj-y += anyaddr.o | |
9703 | +obj-y += initaddr.o | |
9704 | +obj-y += ultoa.o | |
9705 | +obj-y += addrtoa.o | |
9706 | +obj-y += subnettoa.o | |
9707 | +obj-y += subnetof.o | |
9708 | +obj-y += goodmask.o | |
9709 | +obj-y += datatot.o | |
9710 | +obj-y += rangetoa.o | |
9711 | +obj-y += prng.o | |
9712 | +obj-y += pfkey_v2_parse.o | |
9713 | +obj-y += pfkey_v2_build.o | |
9714 | +obj-y += pfkey_v2_debug.o | |
9715 | +obj-y += pfkey_v2_ext_bits.o | |
9716 | + | |
9717 | +#version.c: ${LIBFREESWANDIR}/version.in.c ${OPENSWANSRCDIR}/Makefile.ver | |
9718 | +# sed '/"/s/xxx/$(IPSECVERSION)/' ${LIBFREESWANDIR}/version.in.c >$@ | |
9719 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
9720 | +++ linux/lib/zlib/Makefile Mon Feb 9 13:51:03 2004 | |
9721 | @@ -0,0 +1,118 @@ | |
9722 | +# (kernel) Makefile for IPCOMP zlib deflate code | |
9723 | +# Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs. | |
9724 | +# Copyright (C) 2000 Svenning Soerensen | |
9725 | +# | |
9726 | +# This program is free software; you can redistribute it and/or modify it | |
9727 | +# under the terms of the GNU General Public License as published by the | |
9728 | +# Free Software Foundation; either version 2 of the License, or (at your | |
9729 | +# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
9730 | +# | |
9731 | +# This program is distributed in the hope that it will be useful, but | |
9732 | +# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
9733 | +# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
9734 | +# for more details. | |
9735 | +# | |
9736 | +# RCSID $Id: Makefile,v 1.9 2002/04/24 07:55:32 mcr Exp $ | |
9737 | +# | |
9738 | + | |
9739 | + | |
9740 | + | |
9741 | +include ../Makefile.inc | |
9742 | + | |
9743 | + | |
9744 | + | |
9745 | +ifndef TOPDIR | |
9746 | +TOPDIR := /usr/src/linux | |
9747 | +endif | |
9748 | + | |
9749 | + | |
9750 | +L_TARGET := zlib.a | |
9751 | + | |
9752 | +obj-y := | |
9753 | + | |
9754 | +include Makefile.objs | |
9755 | + | |
9756 | +EXTRA_CFLAGS += $(KLIPSCOMPILE) | |
9757 | + | |
9758 | +EXTRA_CFLAGS += -Wall | |
9759 | +#EXTRA_CFLAGS += -Wconversion | |
9760 | +#EXTRA_CFLAGS += -Wmissing-prototypes | |
9761 | +EXTRA_CFLAGS += -Wpointer-arith | |
9762 | +#EXTRA_CFLAGS += -Wcast-qual | |
9763 | +#EXTRA_CFLAGS += -Wmissing-declarations | |
9764 | +EXTRA_CFLAGS += -Wstrict-prototypes | |
9765 | +#EXTRA_CFLAGS += -pedantic | |
9766 | +#EXTRA_CFLAGS += -W | |
9767 | +#EXTRA_CFLAGS += -Wwrite-strings | |
9768 | +EXTRA_CFLAGS += -Wbad-function-cast | |
9769 | +EXTRA_CFLAGS += -DIPCOMP_PREFIX | |
9770 | + | |
9771 | +.S.o: | |
9772 | + $(CC) -D__ASSEMBLY__ -DNO_UNDERLINE -traditional -c $< -o $*.o | |
9773 | + | |
9774 | +asm-obj-$(CONFIG_M586) += match586.o | |
9775 | +asm-obj-$(CONFIG_M586TSC) += match586.o | |
9776 | +asm-obj-$(CONFIG_M586MMX) += match586.o | |
9777 | +asm-obj-$(CONFIG_M686) += match686.o | |
9778 | +asm-obj-$(CONFIG_MPENTIUMIII) += match686.o | |
9779 | +asm-obj-$(CONFIG_MPENTIUM4) += match686.o | |
9780 | +asm-obj-$(CONFIG_MK6) += match586.o | |
9781 | +asm-obj-$(CONFIG_MK7) += match686.o | |
9782 | +asm-obj-$(CONFIG_MCRUSOE) += match586.o | |
9783 | +asm-obj-$(CONFIG_MWINCHIPC6) += match586.o | |
9784 | +asm-obj-$(CONFIG_MWINCHIP2) += match686.o | |
9785 | +asm-obj-$(CONFIG_MWINCHIP3D) += match686.o | |
9786 | + | |
9787 | +obj-y += $(asm-obj-y) | |
9788 | +ifneq ($(strip $(asm-obj-y)),) | |
9789 | + EXTRA_CFLAGS += -DASMV | |
9790 | +endif | |
9791 | + | |
9792 | +active-objs := $(sort $(obj-y) $(obj-m)) | |
9793 | +L_OBJS := $(obj-y) | |
9794 | +M_OBJS := $(obj-m) | |
9795 | +MIX_OBJS := $(filter $(export-objs), $(active-objs)) | |
9796 | + | |
9797 | +include $(TOPDIR)/Rules.make | |
9798 | + | |
9799 | +$(obj-y) : $(TOPDIR)/include/linux/config.h $(TOPDIR)/include/linux/autoconf.h | |
9800 | + | |
9801 | + | |
9802 | +clean: | |
9803 | + -rm -f *.o *.a | |
9804 | + | |
9805 | +checkprograms: | |
9806 | +programs: $(L_TARGET) | |
9807 | + | |
9808 | +# | |
9809 | +# $Log: Makefile,v $ | |
9810 | +# Revision 1.9 2002/04/24 07:55:32 mcr | |
9811 | +# #include patches and Makefiles for post-reorg compilation. | |
9812 | +# | |
9813 | +# Revision 1.8 2002/04/24 07:36:44 mcr | |
9814 | +# Moved from ./zlib/Makefile,v | |
9815 | +# | |
9816 | +# Revision 1.7 2002/03/27 23:34:35 mcr | |
9817 | +# added programs: target | |
9818 | +# | |
9819 | +# Revision 1.6 2001/12/05 20:19:08 henry | |
9820 | +# use new compile-control variable | |
9821 | +# | |
9822 | +# Revision 1.5 2001/11/27 16:38:08 mcr | |
9823 | +# added new "checkprograms" target to deal with programs that | |
9824 | +# are required for "make check", but that may not be ready to | |
9825 | +# build for every user due to external dependancies. | |
9826 | +# | |
9827 | +# Revision 1.4 2001/10/24 14:46:24 henry | |
9828 | +# Makefile.inc | |
9829 | +# | |
9830 | +# Revision 1.3 2001/04/21 23:05:24 rgb | |
9831 | +# Update asm directives for 2.4 style makefiles. | |
9832 | +# | |
9833 | +# Revision 1.2 2001/01/29 22:22:00 rgb | |
9834 | +# Convert to 2.4 new style with back compat. | |
9835 | +# | |
9836 | +# Revision 1.1.1.1 2000/09/29 18:51:33 rgb | |
9837 | +# zlib_beginnings | |
9838 | +# | |
9839 | +# | |
9840 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
9841 | +++ linux/lib/zlib/Makefile.objs Mon Feb 9 13:51:03 2004 | |
9842 | @@ -0,0 +1,27 @@ | |
9843 | +obj-$(CONFIG_IPSEC_IPCOMP) += adler32.o | |
9844 | +obj-$(CONFIG_IPSEC_IPCOMP) += deflate.o | |
9845 | +obj-$(CONFIG_IPSEC_IPCOMP) += infblock.o | |
9846 | +obj-$(CONFIG_IPSEC_IPCOMP) += infcodes.o | |
9847 | +obj-$(CONFIG_IPSEC_IPCOMP) += inffast.o | |
9848 | +obj-$(CONFIG_IPSEC_IPCOMP) += inflate.o | |
9849 | +obj-$(CONFIG_IPSEC_IPCOMP) += inftrees.o | |
9850 | +obj-$(CONFIG_IPSEC_IPCOMP) += infutil.o | |
9851 | +obj-$(CONFIG_IPSEC_IPCOMP) += trees.o | |
9852 | +obj-$(CONFIG_IPSEC_IPCOMP) += zutil.o | |
9853 | + | |
9854 | +asm-obj-$(CONFIG_M586) += ${LIBZLIBSRCDIR}/match586.o | |
9855 | +asm-obj-$(CONFIG_M586TSC) += ${LIBZLIBSRCDIR}/match586.o | |
9856 | +asm-obj-$(CONFIG_M586MMX) += ${LIBZLIBSRCDIR}/match586.o | |
9857 | +asm-obj-$(CONFIG_M686) += ${LIBZLIBSRCDIR}/match686.o | |
9858 | +asm-obj-$(CONFIG_MPENTIUMIII) += ${LIBZLIBSRCDIR}/match686.o | |
9859 | +asm-obj-$(CONFIG_MPENTIUM4) += ${LIBZLIBSRCDIR}/match686.o | |
9860 | +asm-obj-$(CONFIG_MK6) += ${LIBZLIBSRCDIR}/match586.o | |
9861 | +asm-obj-$(CONFIG_MK7) += ${LIBZLIBSRCDIR}/match686.o | |
9862 | +asm-obj-$(CONFIG_MCRUSOE) += ${LIBZLIBSRCDIR}/match586.o | |
9863 | +asm-obj-$(CONFIG_MWINCHIPC6) += ${LIBZLIBSRCDIR}/match586.o | |
9864 | +asm-obj-$(CONFIG_MWINCHIP2) += ${LIBZLIBSRCDIR}/match686.o | |
9865 | +asm-obj-$(CONFIG_MWINCHIP3D) += ${LIBZLIBSRCDIR}/match686.o | |
9866 | + | |
9867 | +EXTRA_CFLAGS += -DIPCOMP_PREFIX | |
9868 | + | |
9869 | + | |
9870 | --- swan26/net/Kconfig.preipsec 2005-09-01 18:15:19.000000000 -0400 | |
9871 | +++ swan26/net/Kconfig 2005-09-03 16:51:17.000000000 -0400 | |
9872 | @@ -215,2 +215,6 @@ | |
9873 | ||
9874 | +if INET | |
9875 | +source "net/ipsec/Kconfig" | |
9876 | +endif # if INET | |
9877 | + | |
9878 | endif # if NET | |
9879 | --- /distros/kernel/linux-2.6.3-rc4/net/Makefile Mon Feb 16 21:22:12 2004 | |
9880 | +++ ref26/net/Makefile Thu Feb 19 21:02:25 2004 | |
9881 | @@ -42,3 +42,6 @@ | |
9882 | ifeq ($(CONFIG_NET),y) | |
9883 | obj-$(CONFIG_SYSCTL) += sysctl_net.o | |
9884 | endif | |
9885 | + | |
9886 | +obj-$(CONFIG_KLIPS) += ipsec/ | |
9887 | + | |
9888 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
9889 | +++ linux/net/ipsec/Kconfig Mon Feb 9 13:51:03 2004 | |
9890 | @@ -0,0 +1,161 @@ | |
9891 | +# | |
9892 | +# IPSEC configuration | |
9893 | +# Copyright (C) 2004 Michael Richardson <mcr@freeswan.org> | |
9894 | +# | |
9895 | +# This program is free software; you can redistribute it and/or modify it | |
9896 | +# under the terms of the GNU General Public License as published by the | |
9897 | +# Free Software Foundation; either version 2 of the License, or (at your | |
9898 | +# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
9899 | +# | |
9900 | +# This program is distributed in the hope that it will be useful, but | |
9901 | +# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
9902 | +# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
9903 | +# for more details. | |
9904 | +# | |
9905 | +# RCSID $Id: Kconfig,v 1.6.2.2 2006/10/11 18:14:33 paul Exp $ | |
9906 | + | |
9907 | +config KLIPS | |
9908 | + tristate "Openswan IPsec (KLIPS26)" | |
9909 | + default n | |
9910 | + help | |
9911 | + KLIPS is the Openswan (www.openswan.org) Kernel Level IP Security | |
9912 | + system. It is extensively tested, and has interoperated with | |
9913 | + many other systems. | |
9914 | + It provides "ipsecX" devices on which one can do firewalling. | |
9915 | + The userland, is compatible with both KLIPS and 26sec. | |
9916 | + | |
9917 | +menu "KLIPS options" | |
9918 | + depends on KLIPS | |
9919 | + | |
9920 | +config KLIPS_ESP | |
9921 | + bool 'Encapsulating Security Payload - ESP ("VPN")' | |
9922 | + default y | |
9923 | + help | |
9924 | + This option provides support for the IPSEC Encapsulation Security | |
9925 | + Payload (IP protocol 50) which provides packet layer content | |
9926 | + hiding, and content authentication. | |
9927 | + It is recommended to enable this. RFC2406 | |
9928 | + | |
9929 | +config KLIPS_AH | |
9930 | + bool 'Authentication Header - AH' | |
9931 | + default n | |
9932 | + help | |
9933 | + This option provides support for the IPSEC Authentication Header | |
9934 | + (IP protocol 51) which provides packet layer sender and content | |
9935 | + authentication. It does not provide for confidentiality. | |
9936 | + It is not recommended to enable this. RFC2402 | |
9937 | + | |
9938 | +config KLIPS_AUTH_HMAC_MD5 | |
9939 | + bool 'HMAC-MD5 authentication algorithm' | |
9940 | + default y | |
9941 | + help | |
9942 | + The HMAC-MD5 algorithm is used by ESP (and AH) to guarantee packet | |
9943 | + integrity. There is little reason not to include it. | |
9944 | + | |
9945 | +config KLIPS_AUTH_HMAC_SHA1 | |
9946 | + bool 'HMAC-SHA1 authentication algorithm' | |
9947 | + default y | |
9948 | + help | |
9949 | + The HMAC-SHA1 algorithm is used by ESP (and AH) to guarantee packet | |
9950 | + integrity. SHA1 is a little slower than MD5, but is said to be | |
9951 | + a bit more secure. There is little reason not to include it. | |
9952 | + | |
9953 | +config KLIPS_ENC_CRYPTOAPI | |
9954 | + bool 'CryptoAPI algorithm interface' | |
9955 | + default n | |
9956 | + help | |
9957 | + Enable the algorithm interface to make all CryptoAPI 1.0 algorithms | |
9958 | + available to KLIPS. | |
9959 | + | |
9960 | +config KLIPS_ENC_1DES | |
9961 | + bool 'Include 1DES with CryptoAPI' | |
9962 | + default n | |
9963 | + depends on KLIPS_ENC_CRYPTOAPI | |
9964 | + help | |
9965 | + The CryptoAPI interface does not include support for every algorithm | |
9966 | + yet, and one that it doesn't support by default is the VERY WEAK | |
9967 | + 1DES. Select this if you are terminally stupid. | |
9968 | + | |
9969 | +config KLIPS_ENC_3DES | |
9970 | + bool '3DES encryption algorithm' | |
9971 | + default y | |
9972 | + help | |
9973 | + The 3DES algorithm is used by ESP to provide for packet privacy. | |
9974 | + 3DES is 3-repeats of the DES algorithm. 3DES is widely supported, | |
9975 | + and analyzed and is considered very secure. 1DES is not supported. | |
9976 | + | |
9977 | +config KLIPS_ENC_AES | |
9978 | + bool 'AES encryption algorithm' | |
9979 | + default y | |
9980 | + help | |
9981 | + The AES algorithm is used by ESP to provide for packet privacy. | |
9982 | + AES the NIST replacement for DES. AES is being widely analyzed, | |
9983 | + and is very fast. | |
9984 | + | |
9985 | +config KLIPS_ENC_NULL | |
9986 | + bool 'NULL NON-encryption algorithm' | |
9987 | + default n | |
9988 | + help | |
9989 | + NON encryption algo , maybe useful for ESP auth only scenarios | |
9990 | + (eg: with NAT-T), see RFC 2410. | |
9991 | + | |
9992 | +config KLIPS_IPCOMP | |
9993 | + bool 'IP compression' | |
9994 | + default y | |
9995 | + help | |
9996 | + The IPcomp protocol is used prior to ESP to make the packet | |
9997 | + smaller. Once encrypted, compression will fail, so any link | |
9998 | + layer efforts (e.g. PPP) will not work. | |
9999 | + | |
10000 | +config KLIPS_DEBUG | |
10001 | + bool 'IPsec debugging' | |
10002 | + default y | |
10003 | + help | |
10004 | + KLIPS includes a lot of debugging code. Unless there is a real | |
10005 | + tangible benefit to removing this code, it should be left in place. | |
10006 | + Debugging connections without access to kernel level debugging is | |
10007 | + essentially impossible. Leave this on. | |
10008 | + | |
10009 | +endmenu | |
10010 | + | |
10011 | +# | |
10012 | +# | |
10013 | +# $Log: Kconfig,v $ | |
10014 | +# Revision 1.6.2.2 2006/10/11 18:14:33 paul | |
10015 | +# Add JuanJo Ciarlante's ESP_NULL patches for KLIPS, but leave it disabled | |
10016 | +# per default. | |
10017 | +# | |
10018 | +# Revision 1.6.2.1 2006/04/20 16:33:06 mcr | |
10019 | +# remove all of CONFIG_KLIPS_ALG --- one can no longer build without it. | |
10020 | +# Fix in-kernel module compilation. Sub-makefiles do not work. | |
10021 | +# | |
10022 | +# Revision 1.6 2005/05/18 20:55:27 mcr | |
10023 | +# default cryptoapi to n. | |
10024 | +# | |
10025 | +# Revision 1.5 2005/05/11 01:23:25 mcr | |
10026 | +# added 1DES option to cryptoapi. | |
10027 | +# | |
10028 | +# Revision 1.4 2005/04/29 05:29:54 mcr | |
10029 | +# add option to include cryptoapi algorithms. | |
10030 | +# | |
10031 | +# Revision 1.3 2004/08/17 03:27:23 mcr | |
10032 | +# klips 2.6 edits. | |
10033 | +# | |
10034 | +# Revision 1.2 2004/08/14 03:27:39 mcr | |
10035 | +# 2.6 kernel build/configuration files. | |
10036 | +# | |
10037 | +# Revision 1.1 2004/08/14 02:47:55 mcr | |
10038 | +# kernel build/config patches | |
10039 | +# | |
10040 | +# Revision 1.3 2004/02/24 17:17:04 mcr | |
10041 | +# s/CONFIG_IPSEC/CONFIG_KLIPS/ as 26sec uses "CONFIG_IPSEC" to | |
10042 | +# turn it on/off as well. | |
10043 | +# | |
10044 | +# Revision 1.2 2004/02/22 06:50:42 mcr | |
10045 | +# kernel 2.6 port - merged with 2.4 code. | |
10046 | +# | |
10047 | +# Revision 1.1.2.1 2004/02/20 02:07:53 mcr | |
10048 | +# module configuration for KLIPS 2.6 | |
10049 | +# | |
10050 | +# | |
10051 | + | |
10052 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
10053 | +++ linux/net/ipsec/Makefile Mon Feb 9 13:51:03 2004 | |
10054 | @@ -0,0 +1,195 @@ | |
10055 | +# Makefile for KLIPS kernel code as a module for 2.6 kernels | |
10056 | +# | |
10057 | +# Makefile for KLIPS kernel code as a module | |
10058 | +# Copyright (C) 1998, 1999, 2000,2001 Richard Guy Briggs. | |
10059 | +# Copyright (C) 2002-2004 Michael Richardson <mcr@freeswan.org> | |
10060 | +# | |
10061 | +# This program is free software; you can redistribute it and/or modify it | |
10062 | +# under the terms of the GNU General Public License as published by the | |
10063 | +# Free Software Foundation; either version 2 of the License, or (at your | |
10064 | +# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
10065 | +# | |
10066 | +# This program is distributed in the hope that it will be useful, but | |
10067 | +# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
10068 | +# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
10069 | +# for more details. | |
10070 | +# | |
10071 | +# RCSID $Id: Makefile.fs2_6,v 1.8.2.2 2006/10/11 18:14:33 paul Exp $ | |
10072 | +# | |
10073 | +# Note! Dependencies are done automagically by 'make dep', which also | |
10074 | +# removes any old dependencies. DON'T put your own dependencies here | |
10075 | +# unless it's something special (ie not a .c file). | |
10076 | +# | |
10077 | + | |
10078 | +OPENSWANSRCDIR?=. | |
10079 | +KLIPS_TOP?=. | |
10080 | + | |
10081 | +-include ${OPENSWANSRCDIR}/Makefile.ver | |
10082 | + | |
10083 | +base-klips-objs := | |
10084 | + | |
10085 | +base-klips-objs+= ipsec_init.o ipsec_sa.o ipsec_radij.o radij.o | |
10086 | +base-klips-objs+= ipsec_life.o ipsec_proc.o | |
10087 | +base-klips-objs+= ipsec_tunnel.o ipsec_xmit.o ipsec_rcv.o ipsec_ipip.o | |
10088 | +base-klips-objs+= ipsec_snprintf.o | |
10089 | +base-klips-objs+= sysctl_net_ipsec.o | |
10090 | +base-klips-objs+= pfkey_v2.o pfkey_v2_parser.o pfkey_v2_ext_process.o | |
10091 | +base-klips-objs+= version.o | |
10092 | + | |
10093 | +base-klips-objs+= satot.o | |
10094 | +base-klips-objs+= addrtot.o | |
10095 | +base-klips-objs+= ultot.o | |
10096 | +base-klips-objs+= addrtypeof.o | |
10097 | +base-klips-objs+= anyaddr.o | |
10098 | +base-klips-objs+= initaddr.o | |
10099 | +base-klips-objs+= ultoa.o | |
10100 | +base-klips-objs+= addrtoa.o | |
10101 | +base-klips-objs+= subnettoa.o | |
10102 | +base-klips-objs+= subnetof.o | |
10103 | +base-klips-objs+= goodmask.o | |
10104 | +base-klips-objs+= datatot.o | |
10105 | +base-klips-objs+= rangetoa.o | |
10106 | +base-klips-objs+= prng.o | |
10107 | +base-klips-objs+= pfkey_v2_parse.o | |
10108 | +base-klips-objs+= pfkey_v2_build.o | |
10109 | +base-klips-objs+= pfkey_v2_debug.o | |
10110 | +base-klips-objs+= pfkey_v2_ext_bits.o | |
10111 | +base-klips-objs+= version.o | |
10112 | + | |
10113 | +obj-${CONFIG_KLIPS} += ipsec.o | |
10114 | + | |
10115 | +ipsec-objs += ${base-klips-objs} | |
10116 | + | |
10117 | +ipsec-$(CONFIG_KLIPS_ESP) += ipsec_esp.o | |
10118 | +ipsec-$(CONFIG_KLIPS_IPCOMP) += ipsec_ipcomp.o | |
10119 | +ipsec-$(CONFIG_KLIPS_AUTH_HMAC_MD5) += ipsec_md5c.o | |
10120 | +ipsec-$(CONFIG_KLIPS_AUTH_HMAC_SHA1) += ipsec_sha1.o | |
10121 | + | |
10122 | +# AH, if you really think you need it. | |
10123 | +ipsec-$(CONFIG_KLIPS_AH) += ipsec_ah.o | |
10124 | + | |
10125 | +ipsec-y += ipsec_alg.o | |
10126 | + | |
10127 | +# include code from DES subdir | |
10128 | +crypto-$(CONFIG_KLIPS_ENC_3DES) += des/ipsec_alg_3des.o | |
10129 | +crypto-$(CONFIG_KLIPS_ENC_3DES) += des/cbc_enc.o | |
10130 | +crypto-$(CONFIG_KLIPS_ENC_3DES) += des/ecb_enc.o | |
10131 | +crypto-$(CONFIG_KLIPS_ENC_3DES) += des/set_key.o | |
10132 | + | |
10133 | +ifeq ($(strip ${SUBARCH}),) | |
10134 | +SUBARCH:=${ARCH} | |
10135 | +endif | |
10136 | + | |
10137 | +# the assembly version expects frame pointers, which are | |
10138 | +# optional in many kernel builds. If you want speed, you should | |
10139 | +# probably use cryptoapi code instead. | |
10140 | +USEASSEMBLY=${SUBARCH}${CONFIG_FRAME_POINTER} | |
10141 | +ifeq (${USEASSEMBLY},i386y) | |
10142 | +crypto-$(CONFIG_KLIPS_ENC_3DES) += des/dx86unix.o | |
10143 | +else | |
10144 | +crypto-$(CONFIG_KLIPS_ENC_3DES) += des/des_enc.o | |
10145 | +endif | |
10146 | + | |
10147 | +# include code from AES subdir | |
10148 | +crypto-$(CONFIG_KLIPS_ENC_AES) += aes/ipsec_alg_aes.o | |
10149 | +crypto-$(CONFIG_KLIPS_ENC_AES) += aes/aes_xcbc_mac.o | |
10150 | +crypto-$(CONFIG_KLIPS_ENC_AES) += aes/aes_cbc.o | |
10151 | + | |
10152 | +ifeq ($(strip ${SUBARCH}),) | |
10153 | +SUBARCH:=${ARCH} | |
10154 | +endif | |
10155 | + | |
10156 | +USEASSEMBLY=${SUBARCH}${CONFIG_FRAME_POINTER} | |
10157 | +ifeq (${USEASSEMBLY},i386y) | |
10158 | +crypto-$(CONFIG_KLIPS_ENC_AES) += aes/aes-i586.o | |
10159 | +else | |
10160 | +crypto-$(CONFIG_KLIPS_ENC_AES) += aes/aes.o | |
10161 | +endif | |
10162 | + | |
10163 | +crypto-$(CONFIG_KLIPS_ENC_NULL) += null/ipsec_alg_null.o | |
10164 | + | |
10165 | +ipsec-y += ${crypto-y} | |
10166 | + | |
10167 | +ipsec-$(CONFIG_KLIPS_ENC_CRYPTOAPI) += ipsec_alg_cryptoapi.o | |
10168 | + | |
10169 | +# IPcomp stuff | |
10170 | +base-ipcomp-objs := ipcomp.o | |
10171 | +base-ipcomp-objs += adler32.o | |
10172 | +base-ipcomp-objs += deflate.o | |
10173 | +base-ipcomp-objs += infblock.o | |
10174 | +base-ipcomp-objs += infcodes.o | |
10175 | +base-ipcomp-objs += inffast.o | |
10176 | +base-ipcomp-objs += inflate.o | |
10177 | +base-ipcomp-objs += inftrees.o | |
10178 | +base-ipcomp-objs += infutil.o | |
10179 | +base-ipcomp-objs += trees.o | |
10180 | +base-ipcomp-objs += zutil.o | |
10181 | +asm-ipcomp-obj-$(CONFIG_M586) += match586.o | |
10182 | +asm-ipcomp-obj-$(CONFIG_M586TSC) += match586.o | |
10183 | +asm-ipcomp-obj-$(CONFIG_M586MMX) += match586.o | |
10184 | +asm-ipcomp-obj-$(CONFIG_M686) += match686.o | |
10185 | +asm-ipcomp-obj-$(CONFIG_MPENTIUMIII) += match686.o | |
10186 | +asm-ipcomp-obj-$(CONFIG_MPENTIUM4) += match686.o | |
10187 | +asm-ipcomp-obj-$(CONFIG_MK6) += match586.o | |
10188 | +asm-ipcomp-obj-$(CONFIG_MK7) += match686.o | |
10189 | +asm-ipcomp-obj-$(CONFIG_MCRUSOE) += match586.o | |
10190 | +asm-ipcomp-obj-$(CONFIG_MWINCHIPC6) += match586.o | |
10191 | +asm-ipcomp-obj-$(CONFIG_MWINCHIP2) += match686.o | |
10192 | +asm-ipcomp-obj-$(CONFIG_MWINCHIP3D) += match686.o | |
10193 | +base-ipcomp-objs += ${asm-ipcomp-obj-y} | |
10194 | + | |
10195 | +ipsec-$(CONFIG_KLIPS_IPCOMP) += ${base-ipcomp-objs} | |
10196 | + | |
10197 | +EXTRA_CFLAGS += -DIPCOMP_PREFIX | |
10198 | + | |
10199 | +# | |
10200 | +# $Log: Makefile.fs2_6,v $ | |
10201 | +# Revision 1.8.2.2 2006/10/11 18:14:33 paul | |
10202 | +# Add JuanJo Ciarlante's ESP_NULL patches for KLIPS, but leave it disabled | |
10203 | +# per default. | |
10204 | +# | |
10205 | +# Revision 1.8.2.1 2006/04/20 16:33:06 mcr | |
10206 | +# remove all of CONFIG_KLIPS_ALG --- one can no longer build without it. | |
10207 | +# Fix in-kernel module compilation. Sub-makefiles do not work. | |
10208 | +# | |
10209 | +# Revision 1.8 2005/05/11 03:15:42 mcr | |
10210 | +# adjusted makefiles to sanely build modules properly. | |
10211 | +# | |
10212 | +# Revision 1.7 2005/04/13 22:52:12 mcr | |
10213 | +# moved KLIPS specific snprintf() wrapper to seperate file. | |
10214 | +# | |
10215 | +# Revision 1.6 2004/08/22 05:02:03 mcr | |
10216 | +# organized symbols such that it is easier to build modules. | |
10217 | +# | |
10218 | +# Revision 1.5 2004/08/18 01:43:56 mcr | |
10219 | +# adjusted makefile enumation so that it can be used by module | |
10220 | +# wrapper. | |
10221 | +# | |
10222 | +# Revision 1.4 2004/08/17 03:27:23 mcr | |
10223 | +# klips 2.6 edits. | |
10224 | +# | |
10225 | +# Revision 1.3 2004/08/04 16:50:13 mcr | |
10226 | +# removed duplicate definition of dx86unix.o | |
10227 | +# | |
10228 | +# Revision 1.2 2004/08/03 18:21:09 mcr | |
10229 | +# only set KLIPS_TOP and OPENSWANSRCDIR if not already set. | |
10230 | +# | |
10231 | +# Revision 1.1 2004/07/26 15:02:22 mcr | |
10232 | +# makefile for KLIPS module for 2.6. | |
10233 | +# | |
10234 | +# Revision 1.3 2004/02/24 17:17:04 mcr | |
10235 | +# s/CONFIG_IPSEC/CONFIG_KLIPS/ as 26sec uses "CONFIG_IPSEC" to | |
10236 | +# turn it on/off as well. | |
10237 | +# | |
10238 | +# Revision 1.2 2004/02/22 06:50:42 mcr | |
10239 | +# kernel 2.6 port - merged with 2.4 code. | |
10240 | +# | |
10241 | +# Revision 1.1.2.1 2004/02/20 02:07:53 mcr | |
10242 | +# module configuration for KLIPS 2.6 | |
10243 | +# | |
10244 | +# | |
10245 | +# Local Variables: | |
10246 | +# compile-command: "(cd ../../.. && source umlsetup.sh && make -C ${POOLSPACE} module/ipsec.o)" | |
10247 | +# End Variables: | |
10248 | +# | |
10249 | + | |
10250 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
10251 | +++ linux/net/ipsec/README-zlib Mon Feb 9 13:51:03 2004 | |
10252 | @@ -0,0 +1,147 @@ | |
10253 | +zlib 1.1.4 is a general purpose data compression library. All the code | |
10254 | +is thread safe. The data format used by the zlib library | |
10255 | +is described by RFCs (Request for Comments) 1950 to 1952 in the files | |
10256 | +http://www.ietf.org/rfc/rfc1950.txt (zlib format), rfc1951.txt (deflate | |
10257 | +format) and rfc1952.txt (gzip format). These documents are also available in | |
10258 | +other formats from ftp://ftp.uu.net/graphics/png/documents/zlib/zdoc-index.html | |
10259 | + | |
10260 | +All functions of the compression library are documented in the file zlib.h | |
10261 | +(volunteer to write man pages welcome, contact jloup@gzip.org). A usage | |
10262 | +example of the library is given in the file example.c which also tests that | |
10263 | +the library is working correctly. Another example is given in the file | |
10264 | +minigzip.c. The compression library itself is composed of all source files | |
10265 | +except example.c and minigzip.c. | |
10266 | + | |
10267 | +To compile all files and run the test program, follow the instructions | |
10268 | +given at the top of Makefile. In short "make test; make install" | |
10269 | +should work for most machines. For Unix: "./configure; make test; make install" | |
10270 | +For MSDOS, use one of the special makefiles such as Makefile.msc. | |
10271 | +For VMS, use Make_vms.com or descrip.mms. | |
10272 | + | |
10273 | +Questions about zlib should be sent to <zlib@gzip.org>, or to | |
10274 | +Gilles Vollant <info@winimage.com> for the Windows DLL version. | |
10275 | +The zlib home page is http://www.zlib.org or http://www.gzip.org/zlib/ | |
10276 | +Before reporting a problem, please check this site to verify that | |
10277 | +you have the latest version of zlib; otherwise get the latest version and | |
10278 | +check whether the problem still exists or not. | |
10279 | + | |
10280 | +PLEASE read the zlib FAQ http://www.gzip.org/zlib/zlib_faq.html | |
10281 | +before asking for help. | |
10282 | + | |
10283 | +Mark Nelson <markn@ieee.org> wrote an article about zlib for the Jan. 1997 | |
10284 | +issue of Dr. Dobb's Journal; a copy of the article is available in | |
10285 | +http://dogma.net/markn/articles/zlibtool/zlibtool.htm | |
10286 | + | |
10287 | +The changes made in version 1.1.4 are documented in the file ChangeLog. | |
10288 | +The only changes made since 1.1.3 are bug corrections: | |
10289 | + | |
10290 | +- ZFREE was repeated on same allocation on some error conditions. | |
10291 | + This creates a security problem described in | |
10292 | + http://www.zlib.org/advisory-2002-03-11.txt | |
10293 | +- Returned incorrect error (Z_MEM_ERROR) on some invalid data | |
10294 | +- Avoid accesses before window for invalid distances with inflate window | |
10295 | + less than 32K. | |
10296 | +- force windowBits > 8 to avoid a bug in the encoder for a window size | |
10297 | + of 256 bytes. (A complete fix will be available in 1.1.5). | |
10298 | + | |
10299 | +The beta version 1.1.5beta includes many more changes. A new official | |
10300 | +version 1.1.5 will be released as soon as extensive testing has been | |
10301 | +completed on it. | |
10302 | + | |
10303 | + | |
10304 | +Unsupported third party contributions are provided in directory "contrib". | |
10305 | + | |
10306 | +A Java implementation of zlib is available in the Java Development Kit | |
10307 | +http://www.javasoft.com/products/JDK/1.1/docs/api/Package-java.util.zip.html | |
10308 | +See the zlib home page http://www.zlib.org for details. | |
10309 | + | |
10310 | +A Perl interface to zlib written by Paul Marquess <pmarquess@bfsec.bt.co.uk> | |
10311 | +is in the CPAN (Comprehensive Perl Archive Network) sites | |
10312 | +http://www.cpan.org/modules/by-module/Compress/ | |
10313 | + | |
10314 | +A Python interface to zlib written by A.M. Kuchling <amk@magnet.com> | |
10315 | +is available in Python 1.5 and later versions, see | |
10316 | +http://www.python.org/doc/lib/module-zlib.html | |
10317 | + | |
10318 | +A zlib binding for TCL written by Andreas Kupries <a.kupries@westend.com> | |
10319 | +is availlable at http://www.westend.com/~kupries/doc/trf/man/man.html | |
10320 | + | |
10321 | +An experimental package to read and write files in .zip format, | |
10322 | +written on top of zlib by Gilles Vollant <info@winimage.com>, is | |
10323 | +available at http://www.winimage.com/zLibDll/unzip.html | |
10324 | +and also in the contrib/minizip directory of zlib. | |
10325 | + | |
10326 | + | |
10327 | +Notes for some targets: | |
10328 | + | |
10329 | +- To build a Windows DLL version, include in a DLL project zlib.def, zlib.rc | |
10330 | + and all .c files except example.c and minigzip.c; compile with -DZLIB_DLL | |
10331 | + The zlib DLL support was initially done by Alessandro Iacopetti and is | |
10332 | + now maintained by Gilles Vollant <info@winimage.com>. Check the zlib DLL | |
10333 | + home page at http://www.winimage.com/zLibDll | |
10334 | + | |
10335 | + From Visual Basic, you can call the DLL functions which do not take | |
10336 | + a structure as argument: compress, uncompress and all gz* functions. | |
10337 | + See contrib/visual-basic.txt for more information, or get | |
10338 | + http://www.tcfb.com/dowseware/cmp-z-it.zip | |
10339 | + | |
10340 | +- For 64-bit Irix, deflate.c must be compiled without any optimization. | |
10341 | + With -O, one libpng test fails. The test works in 32 bit mode (with | |
10342 | + the -n32 compiler flag). The compiler bug has been reported to SGI. | |
10343 | + | |
10344 | +- zlib doesn't work with gcc 2.6.3 on a DEC 3000/300LX under OSF/1 2.1 | |
10345 | + it works when compiled with cc. | |
10346 | + | |
10347 | +- on Digital Unix 4.0D (formely OSF/1) on AlphaServer, the cc option -std1 | |
10348 | + is necessary to get gzprintf working correctly. This is done by configure. | |
10349 | + | |
10350 | +- zlib doesn't work on HP-UX 9.05 with some versions of /bin/cc. It works | |
10351 | + with other compilers. Use "make test" to check your compiler. | |
10352 | + | |
10353 | +- gzdopen is not supported on RISCOS, BEOS and by some Mac compilers. | |
10354 | + | |
10355 | +- For Turbo C the small model is supported only with reduced performance to | |
10356 | + avoid any far allocation; it was tested with -DMAX_WBITS=11 -DMAX_MEM_LEVEL=3 | |
10357 | + | |
10358 | +- For PalmOs, see http://www.cs.uit.no/~perm/PASTA/pilot/software.html | |
10359 | + Per Harald Myrvang <perm@stud.cs.uit.no> | |
10360 | + | |
10361 | + | |
10362 | +Acknowledgments: | |
10363 | + | |
10364 | + The deflate format used by zlib was defined by Phil Katz. The deflate | |
10365 | + and zlib specifications were written by L. Peter Deutsch. Thanks to all the | |
10366 | + people who reported problems and suggested various improvements in zlib; | |
10367 | + they are too numerous to cite here. | |
10368 | + | |
10369 | +Copyright notice: | |
10370 | + | |
10371 | + (C) 1995-2002 Jean-loup Gailly and Mark Adler | |
10372 | + | |
10373 | + This software is provided 'as-is', without any express or implied | |
10374 | + warranty. In no event will the authors be held liable for any damages | |
10375 | + arising from the use of this software. | |
10376 | + | |
10377 | + Permission is granted to anyone to use this software for any purpose, | |
10378 | + including commercial applications, and to alter it and redistribute it | |
10379 | + freely, subject to the following restrictions: | |
10380 | + | |
10381 | + 1. The origin of this software must not be misrepresented; you must not | |
10382 | + claim that you wrote the original software. If you use this software | |
10383 | + in a product, an acknowledgment in the product documentation would be | |
10384 | + appreciated but is not required. | |
10385 | + 2. Altered source versions must be plainly marked as such, and must not be | |
10386 | + misrepresented as being the original software. | |
10387 | + 3. This notice may not be removed or altered from any source distribution. | |
10388 | + | |
10389 | + Jean-loup Gailly Mark Adler | |
10390 | + jloup@gzip.org madler@alumni.caltech.edu | |
10391 | + | |
10392 | +If you use the zlib library in a product, we would appreciate *not* | |
10393 | +receiving lengthy legal documents to sign. The sources are provided | |
10394 | +for free but without warranty of any kind. The library has been | |
10395 | +entirely written by Jean-loup Gailly and Mark Adler; it does not | |
10396 | +include third-party code. | |
10397 | + | |
10398 | +If you redistribute modified sources, we would appreciate that you include | |
10399 | +in the file ChangeLog history information documenting your changes. | |
10400 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
10401 | +++ linux/net/ipsec/README-zlib.freeswan Mon Feb 9 13:51:03 2004 | |
10402 | @@ -0,0 +1,13 @@ | |
10403 | +The only changes made to these files for use in FreeS/WAN are: | |
10404 | + | |
10405 | + - In zconf.h, macros are defined to prefix global symbols with "ipcomp_" | |
10406 | + (or "_ipcomp"), when compiled with -DIPCOMP_PREFIX. | |
10407 | + - The copyright strings are defined local (static) | |
10408 | + | |
10409 | + The above changes are made to avoid name collisions with ppp_deflate | |
10410 | + and ext2compr. | |
10411 | + | |
10412 | + - Files not needed for FreeS/WAN have been removed | |
10413 | + | |
10414 | + See the "README" file for information about where to obtain the complete | |
10415 | + zlib package. | |
10416 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
10417 | +++ linux/net/ipsec/addrtoa.c Mon Feb 9 13:51:03 2004 | |
10418 | @@ -0,0 +1,67 @@ | |
10419 | +/* | |
10420 | + * addresses to ASCII | |
10421 | + * Copyright (C) 1998, 1999 Henry Spencer. | |
10422 | + * | |
10423 | + * This library is free software; you can redistribute it and/or modify it | |
10424 | + * under the terms of the GNU Library General Public License as published by | |
10425 | + * the Free Software Foundation; either version 2 of the License, or (at your | |
10426 | + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. | |
10427 | + * | |
10428 | + * This library is distributed in the hope that it will be useful, but | |
10429 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
10430 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public | |
10431 | + * License for more details. | |
10432 | + * | |
10433 | + * RCSID $Id: addrtoa.c,v 1.10 2004/07/10 07:43:47 mcr Exp $ | |
10434 | + */ | |
10435 | +#include "openswan.h" | |
10436 | + | |
10437 | +#define NBYTES 4 /* bytes in an address */ | |
10438 | +#define PERBYTE 4 /* three digits plus a dot or NUL */ | |
10439 | +#define BUFLEN (NBYTES*PERBYTE) | |
10440 | + | |
10441 | +#if BUFLEN != ADDRTOA_BUF | |
10442 | +#error "ADDRTOA_BUF in openswan.h inconsistent with addrtoa() code" | |
10443 | +#endif | |
10444 | + | |
10445 | +/* | |
10446 | + - addrtoa - convert binary address to ASCII dotted decimal | |
10447 | + */ | |
10448 | +size_t /* space needed for full conversion */ | |
10449 | +addrtoa(addr, format, dst, dstlen) | |
10450 | +struct in_addr addr; | |
10451 | +int format; /* character */ | |
10452 | +char *dst; /* need not be valid if dstlen is 0 */ | |
10453 | +size_t dstlen; | |
10454 | +{ | |
10455 | + unsigned long a = ntohl(addr.s_addr); | |
10456 | + int i; | |
10457 | + size_t n; | |
10458 | + unsigned long byte; | |
10459 | + char buf[BUFLEN]; | |
10460 | + char *p; | |
10461 | + | |
10462 | + switch (format) { | |
10463 | + case 0: | |
10464 | + break; | |
10465 | + default: | |
10466 | + return 0; | |
10467 | + break; | |
10468 | + } | |
10469 | + | |
10470 | + p = buf; | |
10471 | + for (i = NBYTES-1; i >= 0; i--) { | |
10472 | + byte = (a >> (i*8)) & 0xff; | |
10473 | + p += ultoa(byte, 10, p, PERBYTE); | |
10474 | + if (i != 0) | |
10475 | + *(p-1) = '.'; | |
10476 | + } | |
10477 | + n = p - buf; | |
10478 | + | |
10479 | + if (dstlen > 0) { | |
10480 | + if (n > dstlen) | |
10481 | + buf[dstlen - 1] = '\0'; | |
10482 | + strcpy(dst, buf); | |
10483 | + } | |
10484 | + return n; | |
10485 | +} | |
10486 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
10487 | +++ linux/net/ipsec/addrtot.c Mon Feb 9 13:51:03 2004 | |
10488 | @@ -0,0 +1,423 @@ | |
10489 | +/* | |
10490 | + * addresses to text | |
10491 | + * Copyright (C) 2000 Henry Spencer. | |
10492 | + * | |
10493 | + * This library is free software; you can redistribute it and/or modify it | |
10494 | + * under the terms of the GNU Library General Public License as published by | |
10495 | + * the Free Software Foundation; either version 2 of the License, or (at your | |
10496 | + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. | |
10497 | + * | |
10498 | + * This library is distributed in the hope that it will be useful, but | |
10499 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
10500 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public | |
10501 | + * License for more details. | |
10502 | + * | |
10503 | + * RCSID $Id: addrtot.c,v 1.22.2.1 2005/11/17 22:30:49 paul Exp $ | |
10504 | + */ | |
10505 | + | |
10506 | +#if defined(__KERNEL__) && defined(__HAVE_ARCH_STRSTR) | |
10507 | +#include <linux/string.h> | |
10508 | +#endif | |
10509 | + | |
10510 | +#include "openswan.h" | |
10511 | + | |
10512 | +#define IP4BYTES 4 /* bytes in an IPv4 address */ | |
10513 | +#define PERBYTE 4 /* three digits plus a dot or NUL */ | |
10514 | +#define IP6BYTES 16 /* bytes in an IPv6 address */ | |
10515 | + | |
10516 | +/* forwards */ | |
10517 | +static size_t normal4(const unsigned char *s, size_t len, char *b, char **dp); | |
10518 | +static size_t normal6(const unsigned char *s, size_t len, char *b, char **dp, int squish); | |
10519 | +static size_t reverse4(const unsigned char *s, size_t len, char *b, char **dp); | |
10520 | +static size_t reverse6(const unsigned char *s, size_t len, char *b, char **dp); | |
10521 | + | |
10522 | +#if defined(__KERNEL__) && !defined(__HAVE_ARCH_STRSTR) | |
10523 | +#define strstr ipsec_strstr | |
10524 | +/* | |
10525 | + * Find the first occurrence of find in s. | |
10526 | + * (from NetBSD 1.6's /src/lib/libc/string/strstr.c) | |
10527 | + */ | |
10528 | +static char * | |
10529 | +strstr(s, find) | |
10530 | + const char *s, *find; | |
10531 | +{ | |
10532 | + char c, sc; | |
10533 | + size_t len; | |
10534 | + | |
10535 | + if ((c = *find++) != 0) { | |
10536 | + len = strlen(find); | |
10537 | + do { | |
10538 | + do { | |
10539 | + if ((sc = *s++) == 0) | |
10540 | + return (NULL); | |
10541 | + } while (sc != c); | |
10542 | + } while (strncmp(s, find, len) != 0); | |
10543 | + s--; | |
10544 | + } | |
10545 | + /* LINTED interface specification */ | |
10546 | + return ((char *)s); | |
10547 | +} | |
10548 | +#endif | |
10549 | + | |
10550 | +/* | |
10551 | + - addrtot - convert binary address to text (dotted decimal or IPv6 string) | |
10552 | + */ | |
10553 | +size_t /* space needed for full conversion */ | |
10554 | +addrtot(src, format, dst, dstlen) | |
10555 | +const ip_address *src; | |
10556 | +int format; /* character */ | |
10557 | +char *dst; /* need not be valid if dstlen is 0 */ | |
10558 | +size_t dstlen; | |
10559 | +{ | |
10560 | + const unsigned char *b; | |
10561 | + size_t n; | |
10562 | + char buf[1+ADDRTOT_BUF+1]; /* :address: */ | |
10563 | + char *p; | |
10564 | + int t = addrtypeof(src); | |
10565 | +# define TF(t, f) (((t)<<8) | (f)) | |
10566 | + | |
10567 | + n = addrbytesptr(src, &b); | |
10568 | + if (n == 0) { | |
10569 | + bad: | |
10570 | + dst[0]='\0'; | |
10571 | + strncat(dst, "<invalid>", dstlen); | |
10572 | + return sizeof("<invalid>"); | |
10573 | + } | |
10574 | + | |
10575 | + switch (TF(t, format)) { | |
10576 | + case TF(AF_INET, 0): | |
10577 | + n = normal4(b, n, buf, &p); | |
10578 | + break; | |
10579 | + case TF(AF_INET6, 0): | |
10580 | + n = normal6(b, n, buf, &p, 1); | |
10581 | + break; | |
10582 | + case TF(AF_INET, 'Q'): | |
10583 | + n = normal4(b, n, buf, &p); | |
10584 | + break; | |
10585 | + case TF(AF_INET6, 'Q'): | |
10586 | + n = normal6(b, n, buf, &p, 0); | |
10587 | + break; | |
10588 | + case TF(AF_INET, 'r'): | |
10589 | + n = reverse4(b, n, buf, &p); | |
10590 | + break; | |
10591 | + case TF(AF_INET6, 'r'): | |
10592 | + n = reverse6(b, n, buf, &p); | |
10593 | + break; | |
10594 | + default: /* including (AF_INET, 'R') */ | |
10595 | + goto bad; | |
10596 | + break; | |
10597 | + } | |
10598 | + | |
10599 | + if (dstlen > 0) { | |
10600 | + if (dstlen < n) | |
10601 | + p[dstlen - 1] = '\0'; | |
10602 | + strcpy(dst, p); | |
10603 | + } | |
10604 | + return n; | |
10605 | +} | |
10606 | + | |
10607 | +/* | |
10608 | + - normal4 - normal IPv4 address-text conversion | |
10609 | + */ | |
10610 | +static size_t /* size of text, including NUL */ | |
10611 | +normal4(srcp, srclen, buf, dstp) | |
10612 | +const unsigned char *srcp; | |
10613 | +size_t srclen; | |
10614 | +char *buf; /* guaranteed large enough */ | |
10615 | +char **dstp; /* where to put result pointer */ | |
10616 | +{ | |
10617 | + int i; | |
10618 | + char *p; | |
10619 | + | |
10620 | + if (srclen != IP4BYTES) /* "can't happen" */ | |
10621 | + return 0; | |
10622 | + p = buf; | |
10623 | + for (i = 0; i < IP4BYTES; i++) { | |
10624 | + p += ultot(srcp[i], 10, p, PERBYTE); | |
10625 | + if (i != IP4BYTES - 1) | |
10626 | + *(p-1) = '.'; /* overwrites the NUL */ | |
10627 | + } | |
10628 | + *dstp = buf; | |
10629 | + return p - buf; | |
10630 | +} | |
10631 | + | |
10632 | +/* | |
10633 | + - normal6 - normal IPv6 address-text conversion | |
10634 | + */ | |
10635 | +static size_t /* size of text, including NUL */ | |
10636 | +normal6(srcp, srclen, buf, dstp, squish) | |
10637 | +const unsigned char *srcp; | |
10638 | +size_t srclen; | |
10639 | +char *buf; /* guaranteed large enough, plus 2 */ | |
10640 | +char **dstp; /* where to put result pointer */ | |
10641 | +int squish; /* whether to squish out 0:0 */ | |
10642 | +{ | |
10643 | + int i; | |
10644 | + unsigned long piece; | |
10645 | + char *p; | |
10646 | + char *q; | |
10647 | + | |
10648 | + if (srclen != IP6BYTES) /* "can't happen" */ | |
10649 | + return 0; | |
10650 | + p = buf; | |
10651 | + *p++ = ':'; | |
10652 | + for (i = 0; i < IP6BYTES/2; i++) { | |
10653 | + piece = (srcp[2*i] << 8) + srcp[2*i + 1]; | |
10654 | + p += ultot(piece, 16, p, 5); /* 5 = abcd + NUL */ | |
10655 | + *(p-1) = ':'; /* overwrites the NUL */ | |
10656 | + } | |
10657 | + *p = '\0'; | |
10658 | + q = strstr(buf, ":0:0:"); | |
10659 | + if (squish && q != NULL) { /* zero squishing is possible */ | |
10660 | + p = q + 1; | |
10661 | + while (*p == '0' && *(p+1) == ':') | |
10662 | + p += 2; | |
10663 | + q++; | |
10664 | + *q++ = ':'; /* overwrite first 0 */ | |
10665 | + while (*p != '\0') | |
10666 | + *q++ = *p++; | |
10667 | + *q = '\0'; | |
10668 | + if (!(*(q-1) == ':' && *(q-2) == ':')) | |
10669 | + *--q = '\0'; /* strip final : unless :: */ | |
10670 | + p = buf; | |
10671 | + if (!(*p == ':' && *(p+1) == ':')) | |
10672 | + p++; /* skip initial : unless :: */ | |
10673 | + } else { | |
10674 | + q = p; | |
10675 | + *--q = '\0'; /* strip final : */ | |
10676 | + p = buf + 1; /* skip initial : */ | |
10677 | + } | |
10678 | + *dstp = p; | |
10679 | + return q - p + 1; | |
10680 | +} | |
10681 | + | |
10682 | +/* | |
10683 | + - reverse4 - IPv4 reverse-lookup conversion | |
10684 | + */ | |
10685 | +static size_t /* size of text, including NUL */ | |
10686 | +reverse4(srcp, srclen, buf, dstp) | |
10687 | +const unsigned char *srcp; | |
10688 | +size_t srclen; | |
10689 | +char *buf; /* guaranteed large enough */ | |
10690 | +char **dstp; /* where to put result pointer */ | |
10691 | +{ | |
10692 | + int i; | |
10693 | + char *p; | |
10694 | + | |
10695 | + if (srclen != IP4BYTES) /* "can't happen" */ | |
10696 | + return 0; | |
10697 | + p = buf; | |
10698 | + for (i = IP4BYTES-1; i >= 0; i--) { | |
10699 | + p += ultot(srcp[i], 10, p, PERBYTE); | |
10700 | + *(p-1) = '.'; /* overwrites the NUL */ | |
10701 | + } | |
10702 | + strcpy(p, "IN-ADDR.ARPA."); | |
10703 | + *dstp = buf; | |
10704 | + return strlen(buf) + 1; | |
10705 | +} | |
10706 | + | |
10707 | +/* | |
10708 | + - reverse6 - IPv6 reverse-lookup conversion (RFC 1886) | |
10709 | + * A trifle inefficient, really shouldn't use ultot... | |
10710 | + */ | |
10711 | +static size_t /* size of text, including NUL */ | |
10712 | +reverse6(srcp, srclen, buf, dstp) | |
10713 | +const unsigned char *srcp; | |
10714 | +size_t srclen; | |
10715 | +char *buf; /* guaranteed large enough */ | |
10716 | +char **dstp; /* where to put result pointer */ | |
10717 | +{ | |
10718 | + int i; | |
10719 | + unsigned long piece; | |
10720 | + char *p; | |
10721 | + | |
10722 | + if (srclen != IP6BYTES) /* "can't happen" */ | |
10723 | + return 0; | |
10724 | + p = buf; | |
10725 | + for (i = IP6BYTES-1; i >= 0; i--) { | |
10726 | + piece = srcp[i]; | |
10727 | + p += ultot(piece&0xf, 16, p, 2); | |
10728 | + *(p-1) = '.'; | |
10729 | + p += ultot(piece>>4, 16, p, 2); | |
10730 | + *(p-1) = '.'; | |
10731 | + } | |
10732 | + strcpy(p, "IP6.ARPA."); | |
10733 | + *dstp = buf; | |
10734 | + return strlen(buf) + 1; | |
10735 | +} | |
10736 | + | |
10737 | +/* | |
10738 | + - reverse6 - modern IPv6 reverse-lookup conversion (RFC 2874) | |
10739 | + * this version removed as it was obsoleted in the end. | |
10740 | + */ | |
10741 | + | |
10742 | +#ifdef ADDRTOT_MAIN | |
10743 | + | |
10744 | +#include <stdio.h> | |
10745 | +#include <sys/socket.h> | |
10746 | +#include <netinet/in.h> | |
10747 | +#include <arpa/inet.h> | |
10748 | + | |
10749 | +void regress(void); | |
10750 | + | |
10751 | +int | |
10752 | +main(int argc, char *argv[]) | |
10753 | +{ | |
10754 | + if (argc < 2) { | |
10755 | + fprintf(stderr, "Usage: %s {addr|net/mask|begin...end|-r}\n", | |
10756 | + argv[0]); | |
10757 | + exit(2); | |
10758 | + } | |
10759 | + | |
10760 | + if (strcmp(argv[1], "-r") == 0) { | |
10761 | + regress(); | |
10762 | + fprintf(stderr, "regress() returned?!?\n"); | |
10763 | + exit(1); | |
10764 | + } | |
10765 | + exit(0); | |
10766 | +} | |
10767 | + | |
10768 | +struct rtab { | |
10769 | + char *input; | |
10770 | + char format; | |
10771 | + char *output; /* NULL means error expected */ | |
10772 | +} rtab[] = { | |
10773 | + {"1.2.3.0", 0, "1.2.3.0"}, | |
10774 | + {"1:2::3:4", 0, "1:2::3:4"}, | |
10775 | + {"1:2::3:4", 'Q', "1:2:0:0:0:0:3:4"}, | |
10776 | + {"1:2:0:0:3:4:0:0", 0, "1:2::3:4:0:0"}, | |
10777 | + {"1.2.3.4", 'r' , "4.3.2.1.IN-ADDR.ARPA."}, | |
10778 | + /* 0 1 2 3 4 5 6 7 8 9 a b c d e f 0 1 2 3 4 5 6 7 8 9 a b c d e f */ | |
10779 | + {"1:2::3:4", 'r', "4.0.0.0.3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.0.1.0.0.0.IP6.ARPA."}, | |
10780 | + {NULL, 0, NULL} | |
10781 | +}; | |
10782 | + | |
10783 | +void | |
10784 | +regress() | |
10785 | +{ | |
10786 | + struct rtab *r; | |
10787 | + int status = 0; | |
10788 | + ip_address a; | |
10789 | + char in[100]; | |
10790 | + char buf[100]; | |
10791 | + const char *oops; | |
10792 | + size_t n; | |
10793 | + | |
10794 | + for (r = rtab; r->input != NULL; r++) { | |
10795 | + strcpy(in, r->input); | |
10796 | + | |
10797 | + /* convert it *to* internal format */ | |
10798 | + oops = ttoaddr(in, strlen(in), 0, &a); | |
10799 | + | |
10800 | + /* now convert it back */ | |
10801 | + | |
10802 | + n = addrtot(&a, r->format, buf, sizeof(buf)); | |
10803 | + | |
10804 | + if (n == 0 && r->output == NULL) | |
10805 | + {} /* okay, error expected */ | |
10806 | + | |
10807 | + else if (n == 0) { | |
10808 | + printf("`%s' atoasr failed\n", r->input); | |
10809 | + status = 1; | |
10810 | + | |
10811 | + } else if (r->output == NULL) { | |
10812 | + printf("`%s' atoasr succeeded unexpectedly '%c'\n", | |
10813 | + r->input, r->format); | |
10814 | + status = 1; | |
10815 | + } else { | |
10816 | + if (strcasecmp(r->output, buf) != 0) { | |
10817 | + printf("`%s' '%c' gave `%s', expected `%s'\n", | |
10818 | + r->input, r->format, buf, r->output); | |
10819 | + status = 1; | |
10820 | + } | |
10821 | + } | |
10822 | + } | |
10823 | + exit(status); | |
10824 | +} | |
10825 | + | |
10826 | +#endif /* ADDRTOT_MAIN */ | |
10827 | + | |
10828 | +/* | |
10829 | + * $Log: addrtot.c,v $ | |
10830 | + * Revision 1.22.2.1 2005/11/17 22:30:49 paul | |
10831 | + * pull up strstr fix from head. | |
10832 | + * | |
10833 | + * Revision 1.22 2005/05/20 16:47:40 mcr | |
10834 | + * make strstr static if we need it. | |
10835 | + * | |
10836 | + * Revision 1.21 2005/03/21 00:35:12 mcr | |
10837 | + * test for strstr properly | |
10838 | + * | |
10839 | + * Revision 1.20 2004/11/09 22:52:20 mcr | |
10840 | + * until we figure out which kernels have strsep and which | |
10841 | + * do not (UML does not under certain circumstances), then | |
10842 | + * let's just provide our own. | |
10843 | + * | |
10844 | + * Revision 1.19 2004/10/08 16:30:33 mcr | |
10845 | + * pull-up of initial crypto-offload work. | |
10846 | + * | |
10847 | + * Revision 1.18 2004/09/18 19:33:08 mcr | |
10848 | + * use an appropriate kernel happy ifdef for strstr. | |
10849 | + * | |
10850 | + * Revision 1.17 2004/09/15 21:49:02 mcr | |
10851 | + * use local copy of strstr() if this is going in the kernel. | |
10852 | + * Not clear why this worked before, or why this shows up | |
10853 | + * for modules only. | |
10854 | + * | |
10855 | + * Revision 1.16 2004/07/10 07:43:47 mcr | |
10856 | + * Moved from linux/lib/libfreeswan/addrtot.c,v | |
10857 | + * | |
10858 | + * Revision 1.15 2004/04/11 17:39:25 mcr | |
10859 | + * removed internal.h requirements. | |
10860 | + * | |
10861 | + * Revision 1.14 2004/03/08 01:59:08 ken | |
10862 | + * freeswan.h -> openswan.h | |
10863 | + * | |
10864 | + * Revision 1.13 2004/01/05 23:21:05 mcr | |
10865 | + * if the address type is invalid, then return length of <invalid> | |
10866 | + * string! | |
10867 | + * | |
10868 | + * Revision 1.12 2003/12/30 06:42:48 mcr | |
10869 | + * added $Log: addrtot.c,v $ | |
10870 | + * added Revision 1.22.2.1 2005/11/17 22:30:49 paul | |
10871 | + * added pull up strstr fix from head. | |
10872 | + * added | |
10873 | + * added Revision 1.22 2005/05/20 16:47:40 mcr | |
10874 | + * added make strstr static if we need it. | |
10875 | + * added | |
10876 | + * added Revision 1.21 2005/03/21 00:35:12 mcr | |
10877 | + * added test for strstr properly | |
10878 | + * added | |
10879 | + * added Revision 1.20 2004/11/09 22:52:20 mcr | |
10880 | + * added until we figure out which kernels have strsep and which | |
10881 | + * added do not (UML does not under certain circumstances), then | |
10882 | + * added let's just provide our own. | |
10883 | + * added | |
10884 | + * added Revision 1.19 2004/10/08 16:30:33 mcr | |
10885 | + * added pull-up of initial crypto-offload work. | |
10886 | + * added | |
10887 | + * added Revision 1.18 2004/09/18 19:33:08 mcr | |
10888 | + * added use an appropriate kernel happy ifdef for strstr. | |
10889 | + * added | |
10890 | + * added Revision 1.17 2004/09/15 21:49:02 mcr | |
10891 | + * added use local copy of strstr() if this is going in the kernel. | |
10892 | + * added Not clear why this worked before, or why this shows up | |
10893 | + * added for modules only. | |
10894 | + * added | |
10895 | + * added Revision 1.16 2004/07/10 07:43:47 mcr | |
10896 | + * added Moved from linux/lib/libfreeswan/addrtot.c,v | |
10897 | + * added | |
10898 | + * added Revision 1.15 2004/04/11 17:39:25 mcr | |
10899 | + * added removed internal.h requirements. | |
10900 | + * added | |
10901 | + * added Revision 1.14 2004/03/08 01:59:08 ken | |
10902 | + * added freeswan.h -> openswan.h | |
10903 | + * added | |
10904 | + * added Revision 1.13 2004/01/05 23:21:05 mcr | |
10905 | + * added if the address type is invalid, then return length of <invalid> | |
10906 | + * added string! | |
10907 | + * added | |
10908 | + * | |
10909 | + * | |
10910 | + */ | |
10911 | + | |
10912 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
10913 | +++ linux/net/ipsec/addrtypeof.c Mon Feb 9 13:51:03 2004 | |
10914 | @@ -0,0 +1,93 @@ | |
10915 | +/* | |
10916 | + * extract parts of an ip_address | |
10917 | + * Copyright (C) 2000 Henry Spencer. | |
10918 | + * | |
10919 | + * This library is free software; you can redistribute it and/or modify it | |
10920 | + * under the terms of the GNU Library General Public License as published by | |
10921 | + * the Free Software Foundation; either version 2 of the License, or (at your | |
10922 | + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. | |
10923 | + * | |
10924 | + * This library is distributed in the hope that it will be useful, but | |
10925 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
10926 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public | |
10927 | + * License for more details. | |
10928 | + * | |
10929 | + * RCSID $Id: addrtypeof.c,v 1.10 2004/07/10 07:43:47 mcr Exp $ | |
10930 | + */ | |
10931 | +#include "openswan.h" | |
10932 | + | |
10933 | +/* | |
10934 | + - addrtypeof - get the type of an ip_address | |
10935 | + */ | |
10936 | +int | |
10937 | +addrtypeof(src) | |
10938 | +const ip_address *src; | |
10939 | +{ | |
10940 | + return src->u.v4.sin_family; | |
10941 | +} | |
10942 | + | |
10943 | +/* | |
10944 | + - addrbytesptr - get pointer to the address bytes of an ip_address | |
10945 | + */ | |
10946 | +size_t /* 0 for error */ | |
10947 | +addrbytesptr(src, dstp) | |
10948 | +const ip_address *src; | |
10949 | +const unsigned char **dstp; /* NULL means just a size query */ | |
10950 | +{ | |
10951 | + const unsigned char *p; | |
10952 | + size_t n; | |
10953 | + | |
10954 | + switch (src->u.v4.sin_family) { | |
10955 | + case AF_INET: | |
10956 | + p = (const unsigned char *)&src->u.v4.sin_addr.s_addr; | |
10957 | + n = 4; | |
10958 | + break; | |
10959 | + case AF_INET6: | |
10960 | + p = (const unsigned char *)&src->u.v6.sin6_addr; | |
10961 | + n = 16; | |
10962 | + break; | |
10963 | + default: | |
10964 | + return 0; | |
10965 | + break; | |
10966 | + } | |
10967 | + | |
10968 | + if (dstp != NULL) | |
10969 | + *dstp = p; | |
10970 | + return n; | |
10971 | +} | |
10972 | + | |
10973 | +/* | |
10974 | + - addrlenof - get length of the address bytes of an ip_address | |
10975 | + */ | |
10976 | +size_t /* 0 for error */ | |
10977 | +addrlenof(src) | |
10978 | +const ip_address *src; | |
10979 | +{ | |
10980 | + return addrbytesptr(src, NULL); | |
10981 | +} | |
10982 | + | |
10983 | +/* | |
10984 | + - addrbytesof - get the address bytes of an ip_address | |
10985 | + */ | |
10986 | +size_t /* 0 for error */ | |
10987 | +addrbytesof(src, dst, dstlen) | |
10988 | +const ip_address *src; | |
10989 | +unsigned char *dst; | |
10990 | +size_t dstlen; | |
10991 | +{ | |
10992 | + const unsigned char *p; | |
10993 | + size_t n; | |
10994 | + size_t ncopy; | |
10995 | + | |
10996 | + n = addrbytesptr(src, &p); | |
10997 | + if (n == 0) | |
10998 | + return 0; | |
10999 | + | |
11000 | + if (dstlen > 0) { | |
11001 | + ncopy = n; | |
11002 | + if (ncopy > dstlen) | |
11003 | + ncopy = dstlen; | |
11004 | + memcpy(dst, p, ncopy); | |
11005 | + } | |
11006 | + return n; | |
11007 | +} | |
11008 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
11009 | +++ linux/net/ipsec/adler32.c Mon Feb 9 13:51:03 2004 | |
11010 | @@ -0,0 +1,49 @@ | |
11011 | +/* adler32.c -- compute the Adler-32 checksum of a data stream | |
11012 | + * Copyright (C) 1995-2002 Mark Adler | |
11013 | + * For conditions of distribution and use, see copyright notice in zlib.h | |
11014 | + */ | |
11015 | + | |
11016 | +/* @(#) $Id: adler32.c,v 1.6 2004/07/10 19:11:18 mcr Exp $ */ | |
11017 | + | |
11018 | +#include <zlib/zlib.h> | |
11019 | +#include <zlib/zconf.h> | |
11020 | + | |
11021 | +#define BASE 65521L /* largest prime smaller than 65536 */ | |
11022 | +#define NMAX 5552 | |
11023 | +/* NMAX is the largest n such that 255n(n+1)/2 + (n+1)(BASE-1) <= 2^32-1 */ | |
11024 | + | |
11025 | +#define DO1(buf,i) {s1 += buf[i]; s2 += s1;} | |
11026 | +#define DO2(buf,i) DO1(buf,i); DO1(buf,i+1); | |
11027 | +#define DO4(buf,i) DO2(buf,i); DO2(buf,i+2); | |
11028 | +#define DO8(buf,i) DO4(buf,i); DO4(buf,i+4); | |
11029 | +#define DO16(buf) DO8(buf,0); DO8(buf,8); | |
11030 | + | |
11031 | +/* ========================================================================= */ | |
11032 | +uLong ZEXPORT adler32(adler, buf, len) | |
11033 | + uLong adler; | |
11034 | + const Bytef *buf; | |
11035 | + uInt len; | |
11036 | +{ | |
11037 | + unsigned long s1 = adler & 0xffff; | |
11038 | + unsigned long s2 = (adler >> 16) & 0xffff; | |
11039 | + int k; | |
11040 | + | |
11041 | + if (buf == Z_NULL) return 1L; | |
11042 | + | |
11043 | + while (len > 0) { | |
11044 | + k = len < NMAX ? len : NMAX; | |
11045 | + len -= k; | |
11046 | + while (k >= 16) { | |
11047 | + DO16(buf); | |
11048 | + buf += 16; | |
11049 | + k -= 16; | |
11050 | + } | |
11051 | + if (k != 0) do { | |
11052 | + s1 += *buf++; | |
11053 | + s2 += s1; | |
11054 | + } while (--k); | |
11055 | + s1 %= BASE; | |
11056 | + s2 %= BASE; | |
11057 | + } | |
11058 | + return (s2 << 16) | s1; | |
11059 | +} | |
11060 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
11061 | +++ linux/net/ipsec/aes/Makefile Mon Feb 9 13:51:03 2004 | |
11062 | @@ -0,0 +1,59 @@ | |
11063 | +# Makefile for KLIPS 3DES kernel code as a module for 2.6 kernels | |
11064 | +# | |
11065 | +# Makefile for KLIPS kernel code as a module | |
11066 | +# Copyright (C) 2002-2004 Michael Richardson <mcr@xelerance.com> | |
11067 | +# | |
11068 | +# This program is free software; you can redistribute it and/or modify it | |
11069 | +# under the terms of the GNU General Public License as published by the | |
11070 | +# Free Software Foundation; either version 2 of the License, or (at your | |
11071 | +# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
11072 | +# | |
11073 | +# This program is distributed in the hope that it will be useful, but | |
11074 | +# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
11075 | +# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
11076 | +# for more details. | |
11077 | +# | |
11078 | +# RCSID $Id: Makefile.fs2_6,v 1.1.10.1 2005/08/12 16:10:05 ken Exp $ | |
11079 | +# | |
11080 | +# Note! Dependencies are done automagically by 'make dep', which also | |
11081 | +# removes any old dependencies. DON'T put your own dependencies here | |
11082 | +# unless it's something special (ie not a .c file). | |
11083 | +# | |
11084 | + | |
11085 | +obj-$(CONFIG_KLIPS_ENC_AES) += ipsec_alg_aes.o | |
11086 | +obj-$(CONFIG_KLIPS_ENC_AES) += aes_xcbc_mac.o | |
11087 | +obj-$(CONFIG_KLIPS_ENC_AES) += aes_cbc.o | |
11088 | + | |
11089 | +ifeq ($(strip ${SUBARCH}),) | |
11090 | +SUBARCH:=${ARCH} | |
11091 | +endif | |
11092 | + | |
11093 | +# the assembly version expects frame pointers, which are | |
11094 | +# optional in many kernel builds. If you want speed, you should | |
11095 | +# probably use cryptoapi code instead. | |
11096 | +USEASSEMBLY=${SUBARCH}${CONFIG_FRAME_POINTER} | |
11097 | +ifeq (${USEASSEMBLY},i386y) | |
11098 | +obj-$(CONFIG_KLIPS_ENC_AES) += aes-i586.o | |
11099 | +else | |
11100 | +obj-$(CONFIG_KLIPS_ENC_AES) += aes.o | |
11101 | +endif | |
11102 | + | |
11103 | + | |
11104 | +# | |
11105 | +# $Log: Makefile.fs2_6,v $ | |
11106 | +# Revision 1.1.10.1 2005/08/12 16:10:05 ken | |
11107 | +# do not use assembly code with there are no frame pointers | |
11108 | +# | |
11109 | +# Revision 1.2 2005/08/12 14:13:58 mcr | |
11110 | +# do not use assembly code with there are no frame pointers, | |
11111 | +# as it does not have the right linkages. | |
11112 | +# | |
11113 | +# Revision 1.1 2004/08/17 03:31:34 mcr | |
11114 | +# klips 2.6 edits. | |
11115 | +# | |
11116 | +# | |
11117 | +# Local Variables: | |
11118 | +# compile-command: "(cd ../../.. && source umlsetup.sh && make -C ${POOLSPACE} module/ipsec.o)" | |
11119 | +# End Variables: | |
11120 | +# | |
11121 | + | |
11122 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
11123 | +++ linux/net/ipsec/aes/aes-i586.S Mon Feb 9 13:51:03 2004 | |
11124 | @@ -0,0 +1,892 @@ | |
11125 | +// | |
11126 | +// Copyright (c) 2001, Dr Brian Gladman <brg@gladman.uk.net>, Worcester, UK. | |
11127 | +// All rights reserved. | |
11128 | +// | |
11129 | +// TERMS | |
11130 | +// | |
11131 | +// Redistribution and use in source and binary forms, with or without | |
11132 | +// modification, are permitted subject to the following conditions: | |
11133 | +// | |
11134 | +// 1. Redistributions of source code must retain the above copyright | |
11135 | +// notice, this list of conditions and the following disclaimer. | |
11136 | +// | |
11137 | +// 2. Redistributions in binary form must reproduce the above copyright | |
11138 | +// notice, this list of conditions and the following disclaimer in the | |
11139 | +// documentation and/or other materials provided with the distribution. | |
11140 | +// | |
11141 | +// 3. The copyright holder's name must not be used to endorse or promote | |
11142 | +// any products derived from this software without his specific prior | |
11143 | +// written permission. | |
11144 | +// | |
11145 | +// This software is provided 'as is' with no express or implied warranties | |
11146 | +// of correctness or fitness for purpose. | |
11147 | + | |
11148 | +// Modified by Jari Ruusu, December 24 2001 | |
11149 | +// - Converted syntax to GNU CPP/assembler syntax | |
11150 | +// - C programming interface converted back to "old" API | |
11151 | +// - Minor portability cleanups and speed optimizations | |
11152 | + | |
11153 | +// An AES (Rijndael) implementation for the Pentium. This version only | |
11154 | +// implements the standard AES block length (128 bits, 16 bytes). This code | |
11155 | +// does not preserve the eax, ecx or edx registers or the artihmetic status | |
11156 | +// flags. However, the ebx, esi, edi, and ebp registers are preserved across | |
11157 | +// calls. | |
11158 | + | |
11159 | +// void aes_set_key(aes_context *cx, const unsigned char key[], const int key_len, const int f) | |
11160 | +// void aes_encrypt(const aes_context *cx, const unsigned char in_blk[], unsigned char out_blk[]) | |
11161 | +// void aes_decrypt(const aes_context *cx, const unsigned char in_blk[], unsigned char out_blk[]) | |
11162 | + | |
11163 | +#if defined(USE_UNDERLINE) | |
11164 | +# define aes_set_key _aes_set_key | |
11165 | +# define aes_encrypt _aes_encrypt | |
11166 | +# define aes_decrypt _aes_decrypt | |
11167 | +#endif | |
11168 | +#if !defined(ALIGN32BYTES) | |
11169 | +# define ALIGN32BYTES 32 | |
11170 | +#endif | |
11171 | + | |
11172 | + .file "aes-i586.S" | |
11173 | + .globl aes_set_key | |
11174 | + .globl aes_encrypt | |
11175 | + .globl aes_decrypt | |
11176 | + | |
11177 | +#define tlen 1024 // length of each of 4 'xor' arrays (256 32-bit words) | |
11178 | + | |
11179 | +// offsets to parameters with one register pushed onto stack | |
11180 | + | |
11181 | +#define ctx 8 // AES context structure | |
11182 | +#define in_blk 12 // input byte array address parameter | |
11183 | +#define out_blk 16 // output byte array address parameter | |
11184 | + | |
11185 | +// offsets in context structure | |
11186 | + | |
11187 | +#define nkey 0 // key length, size 4 | |
11188 | +#define nrnd 4 // number of rounds, size 4 | |
11189 | +#define ekey 8 // encryption key schedule base address, size 256 | |
11190 | +#define dkey 264 // decryption key schedule base address, size 256 | |
11191 | + | |
11192 | +// This macro performs a forward encryption cycle. It is entered with | |
11193 | +// the first previous round column values in %eax, %ebx, %esi and %edi and | |
11194 | +// exits with the final values in the same registers. | |
11195 | + | |
11196 | +#define fwd_rnd(p1,p2) \ | |
11197 | + mov %ebx,(%esp) ;\ | |
11198 | + movzbl %al,%edx ;\ | |
11199 | + mov %eax,%ecx ;\ | |
11200 | + mov p2(%ebp),%eax ;\ | |
11201 | + mov %edi,4(%esp) ;\ | |
11202 | + mov p2+12(%ebp),%edi ;\ | |
11203 | + xor p1(,%edx,4),%eax ;\ | |
11204 | + movzbl %ch,%edx ;\ | |
11205 | + shr $16,%ecx ;\ | |
11206 | + mov p2+4(%ebp),%ebx ;\ | |
11207 | + xor p1+tlen(,%edx,4),%edi ;\ | |
11208 | + movzbl %cl,%edx ;\ | |
11209 | + movzbl %ch,%ecx ;\ | |
11210 | + xor p1+3*tlen(,%ecx,4),%ebx ;\ | |
11211 | + mov %esi,%ecx ;\ | |
11212 | + mov p1+2*tlen(,%edx,4),%esi ;\ | |
11213 | + movzbl %cl,%edx ;\ | |
11214 | + xor p1(,%edx,4),%esi ;\ | |
11215 | + movzbl %ch,%edx ;\ | |
11216 | + shr $16,%ecx ;\ | |
11217 | + xor p1+tlen(,%edx,4),%ebx ;\ | |
11218 | + movzbl %cl,%edx ;\ | |
11219 | + movzbl %ch,%ecx ;\ | |
11220 | + xor p1+2*tlen(,%edx,4),%eax ;\ | |
11221 | + mov (%esp),%edx ;\ | |
11222 | + xor p1+3*tlen(,%ecx,4),%edi ;\ | |
11223 | + movzbl %dl,%ecx ;\ | |
11224 | + xor p2+8(%ebp),%esi ;\ | |
11225 | + xor p1(,%ecx,4),%ebx ;\ | |
11226 | + movzbl %dh,%ecx ;\ | |
11227 | + shr $16,%edx ;\ | |
11228 | + xor p1+tlen(,%ecx,4),%eax ;\ | |
11229 | + movzbl %dl,%ecx ;\ | |
11230 | + movzbl %dh,%edx ;\ | |
11231 | + xor p1+2*tlen(,%ecx,4),%edi ;\ | |
11232 | + mov 4(%esp),%ecx ;\ | |
11233 | + xor p1+3*tlen(,%edx,4),%esi ;\ | |
11234 | + movzbl %cl,%edx ;\ | |
11235 | + xor p1(,%edx,4),%edi ;\ | |
11236 | + movzbl %ch,%edx ;\ | |
11237 | + shr $16,%ecx ;\ | |
11238 | + xor p1+tlen(,%edx,4),%esi ;\ | |
11239 | + movzbl %cl,%edx ;\ | |
11240 | + movzbl %ch,%ecx ;\ | |
11241 | + xor p1+2*tlen(,%edx,4),%ebx ;\ | |
11242 | + xor p1+3*tlen(,%ecx,4),%eax | |
11243 | + | |
11244 | +// This macro performs an inverse encryption cycle. It is entered with | |
11245 | +// the first previous round column values in %eax, %ebx, %esi and %edi and | |
11246 | +// exits with the final values in the same registers. | |
11247 | + | |
11248 | +#define inv_rnd(p1,p2) \ | |
11249 | + movzbl %al,%edx ;\ | |
11250 | + mov %ebx,(%esp) ;\ | |
11251 | + mov %eax,%ecx ;\ | |
11252 | + mov p2(%ebp),%eax ;\ | |
11253 | + mov %edi,4(%esp) ;\ | |
11254 | + mov p2+4(%ebp),%ebx ;\ | |
11255 | + xor p1(,%edx,4),%eax ;\ | |
11256 | + movzbl %ch,%edx ;\ | |
11257 | + shr $16,%ecx ;\ | |
11258 | + mov p2+12(%ebp),%edi ;\ | |
11259 | + xor p1+tlen(,%edx,4),%ebx ;\ | |
11260 | + movzbl %cl,%edx ;\ | |
11261 | + movzbl %ch,%ecx ;\ | |
11262 | + xor p1+3*tlen(,%ecx,4),%edi ;\ | |
11263 | + mov %esi,%ecx ;\ | |
11264 | + mov p1+2*tlen(,%edx,4),%esi ;\ | |
11265 | + movzbl %cl,%edx ;\ | |
11266 | + xor p1(,%edx,4),%esi ;\ | |
11267 | + movzbl %ch,%edx ;\ | |
11268 | + shr $16,%ecx ;\ | |
11269 | + xor p1+tlen(,%edx,4),%edi ;\ | |
11270 | + movzbl %cl,%edx ;\ | |
11271 | + movzbl %ch,%ecx ;\ | |
11272 | + xor p1+2*tlen(,%edx,4),%eax ;\ | |
11273 | + mov (%esp),%edx ;\ | |
11274 | + xor p1+3*tlen(,%ecx,4),%ebx ;\ | |
11275 | + movzbl %dl,%ecx ;\ | |
11276 | + xor p2+8(%ebp),%esi ;\ | |
11277 | + xor p1(,%ecx,4),%ebx ;\ | |
11278 | + movzbl %dh,%ecx ;\ | |
11279 | + shr $16,%edx ;\ | |
11280 | + xor p1+tlen(,%ecx,4),%esi ;\ | |
11281 | + movzbl %dl,%ecx ;\ | |
11282 | + movzbl %dh,%edx ;\ | |
11283 | + xor p1+2*tlen(,%ecx,4),%edi ;\ | |
11284 | + mov 4(%esp),%ecx ;\ | |
11285 | + xor p1+3*tlen(,%edx,4),%eax ;\ | |
11286 | + movzbl %cl,%edx ;\ | |
11287 | + xor p1(,%edx,4),%edi ;\ | |
11288 | + movzbl %ch,%edx ;\ | |
11289 | + shr $16,%ecx ;\ | |
11290 | + xor p1+tlen(,%edx,4),%eax ;\ | |
11291 | + movzbl %cl,%edx ;\ | |
11292 | + movzbl %ch,%ecx ;\ | |
11293 | + xor p1+2*tlen(,%edx,4),%ebx ;\ | |
11294 | + xor p1+3*tlen(,%ecx,4),%esi | |
11295 | + | |
11296 | +// AES (Rijndael) Encryption Subroutine | |
11297 | + | |
11298 | + .text | |
11299 | + .align ALIGN32BYTES | |
11300 | +aes_encrypt: | |
11301 | + push %ebp | |
11302 | + mov ctx(%esp),%ebp // pointer to context | |
11303 | + mov in_blk(%esp),%ecx | |
11304 | + push %ebx | |
11305 | + push %esi | |
11306 | + push %edi | |
11307 | + mov nrnd(%ebp),%edx // number of rounds | |
11308 | + lea ekey+16(%ebp),%ebp // key pointer | |
11309 | + | |
11310 | +// input four columns and xor in first round key | |
11311 | + | |
11312 | + mov (%ecx),%eax | |
11313 | + mov 4(%ecx),%ebx | |
11314 | + mov 8(%ecx),%esi | |
11315 | + mov 12(%ecx),%edi | |
11316 | + xor -16(%ebp),%eax | |
11317 | + xor -12(%ebp),%ebx | |
11318 | + xor -8(%ebp),%esi | |
11319 | + xor -4(%ebp),%edi | |
11320 | + | |
11321 | + sub $8,%esp // space for register saves on stack | |
11322 | + | |
11323 | + sub $10,%edx | |
11324 | + je aes_15 | |
11325 | + add $32,%ebp | |
11326 | + sub $2,%edx | |
11327 | + je aes_13 | |
11328 | + add $32,%ebp | |
11329 | + | |
11330 | + fwd_rnd(aes_ft_tab,-64) // 14 rounds for 256-bit key | |
11331 | + fwd_rnd(aes_ft_tab,-48) | |
11332 | +aes_13: fwd_rnd(aes_ft_tab,-32) // 12 rounds for 192-bit key | |
11333 | + fwd_rnd(aes_ft_tab,-16) | |
11334 | +aes_15: fwd_rnd(aes_ft_tab,0) // 10 rounds for 128-bit key | |
11335 | + fwd_rnd(aes_ft_tab,16) | |
11336 | + fwd_rnd(aes_ft_tab,32) | |
11337 | + fwd_rnd(aes_ft_tab,48) | |
11338 | + fwd_rnd(aes_ft_tab,64) | |
11339 | + fwd_rnd(aes_ft_tab,80) | |
11340 | + fwd_rnd(aes_ft_tab,96) | |
11341 | + fwd_rnd(aes_ft_tab,112) | |
11342 | + fwd_rnd(aes_ft_tab,128) | |
11343 | + fwd_rnd(aes_fl_tab,144) // last round uses a different table | |
11344 | + | |
11345 | +// move final values to the output array. | |
11346 | + | |
11347 | + mov out_blk+20(%esp),%ebp | |
11348 | + add $8,%esp | |
11349 | + mov %eax,(%ebp) | |
11350 | + mov %ebx,4(%ebp) | |
11351 | + mov %esi,8(%ebp) | |
11352 | + mov %edi,12(%ebp) | |
11353 | + pop %edi | |
11354 | + pop %esi | |
11355 | + pop %ebx | |
11356 | + pop %ebp | |
11357 | + ret | |
11358 | + | |
11359 | + | |
11360 | +// AES (Rijndael) Decryption Subroutine | |
11361 | + | |
11362 | + .align ALIGN32BYTES | |
11363 | +aes_decrypt: | |
11364 | + push %ebp | |
11365 | + mov ctx(%esp),%ebp // pointer to context | |
11366 | + mov in_blk(%esp),%ecx | |
11367 | + push %ebx | |
11368 | + push %esi | |
11369 | + push %edi | |
11370 | + mov nrnd(%ebp),%edx // number of rounds | |
11371 | + lea dkey+16(%ebp),%ebp // key pointer | |
11372 | + | |
11373 | +// input four columns and xor in first round key | |
11374 | + | |
11375 | + mov (%ecx),%eax | |
11376 | + mov 4(%ecx),%ebx | |
11377 | + mov 8(%ecx),%esi | |
11378 | + mov 12(%ecx),%edi | |
11379 | + xor -16(%ebp),%eax | |
11380 | + xor -12(%ebp),%ebx | |
11381 | + xor -8(%ebp),%esi | |
11382 | + xor -4(%ebp),%edi | |
11383 | + | |
11384 | + sub $8,%esp // space for register saves on stack | |
11385 | + | |
11386 | + sub $10,%edx | |
11387 | + je aes_25 | |
11388 | + add $32,%ebp | |
11389 | + sub $2,%edx | |
11390 | + je aes_23 | |
11391 | + add $32,%ebp | |
11392 | + | |
11393 | + inv_rnd(aes_it_tab,-64) // 14 rounds for 256-bit key | |
11394 | + inv_rnd(aes_it_tab,-48) | |
11395 | +aes_23: inv_rnd(aes_it_tab,-32) // 12 rounds for 192-bit key | |
11396 | + inv_rnd(aes_it_tab,-16) | |
11397 | +aes_25: inv_rnd(aes_it_tab,0) // 10 rounds for 128-bit key | |
11398 | + inv_rnd(aes_it_tab,16) | |
11399 | + inv_rnd(aes_it_tab,32) | |
11400 | + inv_rnd(aes_it_tab,48) | |
11401 | + inv_rnd(aes_it_tab,64) | |
11402 | + inv_rnd(aes_it_tab,80) | |
11403 | + inv_rnd(aes_it_tab,96) | |
11404 | + inv_rnd(aes_it_tab,112) | |
11405 | + inv_rnd(aes_it_tab,128) | |
11406 | + inv_rnd(aes_il_tab,144) // last round uses a different table | |
11407 | + | |
11408 | +// move final values to the output array. | |
11409 | + | |
11410 | + mov out_blk+20(%esp),%ebp | |
11411 | + add $8,%esp | |
11412 | + mov %eax,(%ebp) | |
11413 | + mov %ebx,4(%ebp) | |
11414 | + mov %esi,8(%ebp) | |
11415 | + mov %edi,12(%ebp) | |
11416 | + pop %edi | |
11417 | + pop %esi | |
11418 | + pop %ebx | |
11419 | + pop %ebp | |
11420 | + ret | |
11421 | + | |
11422 | +// AES (Rijndael) Key Schedule Subroutine | |
11423 | + | |
11424 | +// input/output parameters | |
11425 | + | |
11426 | +#define aes_cx 12 // AES context | |
11427 | +#define in_key 16 // key input array address | |
11428 | +#define key_ln 20 // key length, bytes (16,24,32) or bits (128,192,256) | |
11429 | +#define ed_flg 24 // 0=create both encr/decr keys, 1=create encr key only | |
11430 | + | |
11431 | +// offsets for locals | |
11432 | + | |
11433 | +#define cnt -4 | |
11434 | +#define kpf -8 | |
11435 | +#define slen 8 | |
11436 | + | |
11437 | +// This macro performs a column mixing operation on an input 32-bit | |
11438 | +// word to give a 32-bit result. It uses each of the 4 bytes in the | |
11439 | +// the input column to index 4 different tables of 256 32-bit words | |
11440 | +// that are xored together to form the output value. | |
11441 | + | |
11442 | +#define mix_col(p1) \ | |
11443 | + movzbl %bl,%ecx ;\ | |
11444 | + mov p1(,%ecx,4),%eax ;\ | |
11445 | + movzbl %bh,%ecx ;\ | |
11446 | + ror $16,%ebx ;\ | |
11447 | + xor p1+tlen(,%ecx,4),%eax ;\ | |
11448 | + movzbl %bl,%ecx ;\ | |
11449 | + xor p1+2*tlen(,%ecx,4),%eax ;\ | |
11450 | + movzbl %bh,%ecx ;\ | |
11451 | + xor p1+3*tlen(,%ecx,4),%eax | |
11452 | + | |
11453 | +// Key Schedule Macros | |
11454 | + | |
11455 | +#define ksc4(p1) \ | |
11456 | + rol $24,%ebx ;\ | |
11457 | + mix_col(aes_fl_tab) ;\ | |
11458 | + ror $8,%ebx ;\ | |
11459 | + xor 4*p1+aes_rcon_tab,%eax ;\ | |
11460 | + xor %eax,%esi ;\ | |
11461 | + xor %esi,%ebp ;\ | |
11462 | + mov %esi,16*p1(%edi) ;\ | |
11463 | + mov %ebp,16*p1+4(%edi) ;\ | |
11464 | + xor %ebp,%edx ;\ | |
11465 | + xor %edx,%ebx ;\ | |
11466 | + mov %edx,16*p1+8(%edi) ;\ | |
11467 | + mov %ebx,16*p1+12(%edi) | |
11468 | + | |
11469 | +#define ksc6(p1) \ | |
11470 | + rol $24,%ebx ;\ | |
11471 | + mix_col(aes_fl_tab) ;\ | |
11472 | + ror $8,%ebx ;\ | |
11473 | + xor 4*p1+aes_rcon_tab,%eax ;\ | |
11474 | + xor 24*p1-24(%edi),%eax ;\ | |
11475 | + mov %eax,24*p1(%edi) ;\ | |
11476 | + xor 24*p1-20(%edi),%eax ;\ | |
11477 | + mov %eax,24*p1+4(%edi) ;\ | |
11478 | + xor %eax,%esi ;\ | |
11479 | + xor %esi,%ebp ;\ | |
11480 | + mov %esi,24*p1+8(%edi) ;\ | |
11481 | + mov %ebp,24*p1+12(%edi) ;\ | |
11482 | + xor %ebp,%edx ;\ | |
11483 | + xor %edx,%ebx ;\ | |
11484 | + mov %edx,24*p1+16(%edi) ;\ | |
11485 | + mov %ebx,24*p1+20(%edi) | |
11486 | + | |
11487 | +#define ksc8(p1) \ | |
11488 | + rol $24,%ebx ;\ | |
11489 | + mix_col(aes_fl_tab) ;\ | |
11490 | + ror $8,%ebx ;\ | |
11491 | + xor 4*p1+aes_rcon_tab,%eax ;\ | |
11492 | + xor 32*p1-32(%edi),%eax ;\ | |
11493 | + mov %eax,32*p1(%edi) ;\ | |
11494 | + xor 32*p1-28(%edi),%eax ;\ | |
11495 | + mov %eax,32*p1+4(%edi) ;\ | |
11496 | + xor 32*p1-24(%edi),%eax ;\ | |
11497 | + mov %eax,32*p1+8(%edi) ;\ | |
11498 | + xor 32*p1-20(%edi),%eax ;\ | |
11499 | + mov %eax,32*p1+12(%edi) ;\ | |
11500 | + push %ebx ;\ | |
11501 | + mov %eax,%ebx ;\ | |
11502 | + mix_col(aes_fl_tab) ;\ | |
11503 | + pop %ebx ;\ | |
11504 | + xor %eax,%esi ;\ | |
11505 | + xor %esi,%ebp ;\ | |
11506 | + mov %esi,32*p1+16(%edi) ;\ | |
11507 | + mov %ebp,32*p1+20(%edi) ;\ | |
11508 | + xor %ebp,%edx ;\ | |
11509 | + xor %edx,%ebx ;\ | |
11510 | + mov %edx,32*p1+24(%edi) ;\ | |
11511 | + mov %ebx,32*p1+28(%edi) | |
11512 | + | |
11513 | + .align ALIGN32BYTES | |
11514 | +aes_set_key: | |
11515 | + pushfl | |
11516 | + push %ebp | |
11517 | + mov %esp,%ebp | |
11518 | + sub $slen,%esp | |
11519 | + push %ebx | |
11520 | + push %esi | |
11521 | + push %edi | |
11522 | + | |
11523 | + mov aes_cx(%ebp),%edx // edx -> AES context | |
11524 | + | |
11525 | + mov key_ln(%ebp),%ecx // key length | |
11526 | + cmpl $128,%ecx | |
11527 | + jb aes_30 | |
11528 | + shr $3,%ecx | |
11529 | +aes_30: cmpl $32,%ecx | |
11530 | + je aes_32 | |
11531 | + cmpl $24,%ecx | |
11532 | + je aes_32 | |
11533 | + mov $16,%ecx | |
11534 | +aes_32: shr $2,%ecx | |
11535 | + mov %ecx,nkey(%edx) | |
11536 | + | |
11537 | + lea 6(%ecx),%eax // 10/12/14 for 4/6/8 32-bit key length | |
11538 | + mov %eax,nrnd(%edx) | |
11539 | + | |
11540 | + mov in_key(%ebp),%esi // key input array | |
11541 | + lea ekey(%edx),%edi // key position in AES context | |
11542 | + cld | |
11543 | + push %ebp | |
11544 | + mov %ecx,%eax // save key length in eax | |
11545 | + rep ; movsl // words in the key schedule | |
11546 | + mov -4(%esi),%ebx // put some values in registers | |
11547 | + mov -8(%esi),%edx // to allow faster code | |
11548 | + mov -12(%esi),%ebp | |
11549 | + mov -16(%esi),%esi | |
11550 | + | |
11551 | + cmpl $4,%eax // jump on key size | |
11552 | + je aes_36 | |
11553 | + cmpl $6,%eax | |
11554 | + je aes_35 | |
11555 | + | |
11556 | + ksc8(0) | |
11557 | + ksc8(1) | |
11558 | + ksc8(2) | |
11559 | + ksc8(3) | |
11560 | + ksc8(4) | |
11561 | + ksc8(5) | |
11562 | + ksc8(6) | |
11563 | + jmp aes_37 | |
11564 | +aes_35: ksc6(0) | |
11565 | + ksc6(1) | |
11566 | + ksc6(2) | |
11567 | + ksc6(3) | |
11568 | + ksc6(4) | |
11569 | + ksc6(5) | |
11570 | + ksc6(6) | |
11571 | + ksc6(7) | |
11572 | + jmp aes_37 | |
11573 | +aes_36: ksc4(0) | |
11574 | + ksc4(1) | |
11575 | + ksc4(2) | |
11576 | + ksc4(3) | |
11577 | + ksc4(4) | |
11578 | + ksc4(5) | |
11579 | + ksc4(6) | |
11580 | + ksc4(7) | |
11581 | + ksc4(8) | |
11582 | + ksc4(9) | |
11583 | +aes_37: pop %ebp | |
11584 | + mov aes_cx(%ebp),%edx // edx -> AES context | |
11585 | + cmpl $0,ed_flg(%ebp) | |
11586 | + jne aes_39 | |
11587 | + | |
11588 | +// compile decryption key schedule from encryption schedule - reverse | |
11589 | +// order and do mix_column operation on round keys except first and last | |
11590 | + | |
11591 | + mov nrnd(%edx),%eax // kt = cx->d_key + nc * cx->Nrnd | |
11592 | + shl $2,%eax | |
11593 | + lea dkey(%edx,%eax,4),%edi | |
11594 | + lea ekey(%edx),%esi // kf = cx->e_key | |
11595 | + | |
11596 | + movsl // copy first round key (unmodified) | |
11597 | + movsl | |
11598 | + movsl | |
11599 | + movsl | |
11600 | + sub $32,%edi | |
11601 | + movl $1,cnt(%ebp) | |
11602 | +aes_38: // do mix column on each column of | |
11603 | + lodsl // each round key | |
11604 | + mov %eax,%ebx | |
11605 | + mix_col(aes_im_tab) | |
11606 | + stosl | |
11607 | + lodsl | |
11608 | + mov %eax,%ebx | |
11609 | + mix_col(aes_im_tab) | |
11610 | + stosl | |
11611 | + lodsl | |
11612 | + mov %eax,%ebx | |
11613 | + mix_col(aes_im_tab) | |
11614 | + stosl | |
11615 | + lodsl | |
11616 | + mov %eax,%ebx | |
11617 | + mix_col(aes_im_tab) | |
11618 | + stosl | |
11619 | + sub $32,%edi | |
11620 | + | |
11621 | + incl cnt(%ebp) | |
11622 | + mov cnt(%ebp),%eax | |
11623 | + cmp nrnd(%edx),%eax | |
11624 | + jb aes_38 | |
11625 | + | |
11626 | + movsl // copy last round key (unmodified) | |
11627 | + movsl | |
11628 | + movsl | |
11629 | + movsl | |
11630 | +aes_39: pop %edi | |
11631 | + pop %esi | |
11632 | + pop %ebx | |
11633 | + mov %ebp,%esp | |
11634 | + pop %ebp | |
11635 | + popfl | |
11636 | + ret | |
11637 | + | |
11638 | + | |
11639 | +// finite field multiplies by {02}, {04} and {08} | |
11640 | + | |
11641 | +#define f2(x) ((x<<1)^(((x>>7)&1)*0x11b)) | |
11642 | +#define f4(x) ((x<<2)^(((x>>6)&1)*0x11b)^(((x>>6)&2)*0x11b)) | |
11643 | +#define f8(x) ((x<<3)^(((x>>5)&1)*0x11b)^(((x>>5)&2)*0x11b)^(((x>>5)&4)*0x11b)) | |
11644 | + | |
11645 | +// finite field multiplies required in table generation | |
11646 | + | |
11647 | +#define f3(x) (f2(x) ^ x) | |
11648 | +#define f9(x) (f8(x) ^ x) | |
11649 | +#define fb(x) (f8(x) ^ f2(x) ^ x) | |
11650 | +#define fd(x) (f8(x) ^ f4(x) ^ x) | |
11651 | +#define fe(x) (f8(x) ^ f4(x) ^ f2(x)) | |
11652 | + | |
11653 | +// These defines generate the forward table entries | |
11654 | + | |
11655 | +#define u0(x) ((f3(x) << 24) | (x << 16) | (x << 8) | f2(x)) | |
11656 | +#define u1(x) ((x << 24) | (x << 16) | (f2(x) << 8) | f3(x)) | |
11657 | +#define u2(x) ((x << 24) | (f2(x) << 16) | (f3(x) << 8) | x) | |
11658 | +#define u3(x) ((f2(x) << 24) | (f3(x) << 16) | (x << 8) | x) | |
11659 | + | |
11660 | +// These defines generate the inverse table entries | |
11661 | + | |
11662 | +#define v0(x) ((fb(x) << 24) | (fd(x) << 16) | (f9(x) << 8) | fe(x)) | |
11663 | +#define v1(x) ((fd(x) << 24) | (f9(x) << 16) | (fe(x) << 8) | fb(x)) | |
11664 | +#define v2(x) ((f9(x) << 24) | (fe(x) << 16) | (fb(x) << 8) | fd(x)) | |
11665 | +#define v3(x) ((fe(x) << 24) | (fb(x) << 16) | (fd(x) << 8) | f9(x)) | |
11666 | + | |
11667 | +// These defines generate entries for the last round tables | |
11668 | + | |
11669 | +#define w0(x) (x) | |
11670 | +#define w1(x) (x << 8) | |
11671 | +#define w2(x) (x << 16) | |
11672 | +#define w3(x) (x << 24) | |
11673 | + | |
11674 | +// macro to generate inverse mix column tables (needed for the key schedule) | |
11675 | + | |
11676 | +#define im_data0(p1) \ | |
11677 | + .long p1(0x00),p1(0x01),p1(0x02),p1(0x03),p1(0x04),p1(0x05),p1(0x06),p1(0x07) ;\ | |
11678 | + .long p1(0x08),p1(0x09),p1(0x0a),p1(0x0b),p1(0x0c),p1(0x0d),p1(0x0e),p1(0x0f) ;\ | |
11679 | + .long p1(0x10),p1(0x11),p1(0x12),p1(0x13),p1(0x14),p1(0x15),p1(0x16),p1(0x17) ;\ | |
11680 | + .long p1(0x18),p1(0x19),p1(0x1a),p1(0x1b),p1(0x1c),p1(0x1d),p1(0x1e),p1(0x1f) | |
11681 | +#define im_data1(p1) \ | |
11682 | + .long p1(0x20),p1(0x21),p1(0x22),p1(0x23),p1(0x24),p1(0x25),p1(0x26),p1(0x27) ;\ | |
11683 | + .long p1(0x28),p1(0x29),p1(0x2a),p1(0x2b),p1(0x2c),p1(0x2d),p1(0x2e),p1(0x2f) ;\ | |
11684 | + .long p1(0x30),p1(0x31),p1(0x32),p1(0x33),p1(0x34),p1(0x35),p1(0x36),p1(0x37) ;\ | |
11685 | + .long p1(0x38),p1(0x39),p1(0x3a),p1(0x3b),p1(0x3c),p1(0x3d),p1(0x3e),p1(0x3f) | |
11686 | +#define im_data2(p1) \ | |
11687 | + .long p1(0x40),p1(0x41),p1(0x42),p1(0x43),p1(0x44),p1(0x45),p1(0x46),p1(0x47) ;\ | |
11688 | + .long p1(0x48),p1(0x49),p1(0x4a),p1(0x4b),p1(0x4c),p1(0x4d),p1(0x4e),p1(0x4f) ;\ | |
11689 | + .long p1(0x50),p1(0x51),p1(0x52),p1(0x53),p1(0x54),p1(0x55),p1(0x56),p1(0x57) ;\ | |
11690 | + .long p1(0x58),p1(0x59),p1(0x5a),p1(0x5b),p1(0x5c),p1(0x5d),p1(0x5e),p1(0x5f) | |
11691 | +#define im_data3(p1) \ | |
11692 | + .long p1(0x60),p1(0x61),p1(0x62),p1(0x63),p1(0x64),p1(0x65),p1(0x66),p1(0x67) ;\ | |
11693 | + .long p1(0x68),p1(0x69),p1(0x6a),p1(0x6b),p1(0x6c),p1(0x6d),p1(0x6e),p1(0x6f) ;\ | |
11694 | + .long p1(0x70),p1(0x71),p1(0x72),p1(0x73),p1(0x74),p1(0x75),p1(0x76),p1(0x77) ;\ | |
11695 | + .long p1(0x78),p1(0x79),p1(0x7a),p1(0x7b),p1(0x7c),p1(0x7d),p1(0x7e),p1(0x7f) | |
11696 | +#define im_data4(p1) \ | |
11697 | + .long p1(0x80),p1(0x81),p1(0x82),p1(0x83),p1(0x84),p1(0x85),p1(0x86),p1(0x87) ;\ | |
11698 | + .long p1(0x88),p1(0x89),p1(0x8a),p1(0x8b),p1(0x8c),p1(0x8d),p1(0x8e),p1(0x8f) ;\ | |
11699 | + .long p1(0x90),p1(0x91),p1(0x92),p1(0x93),p1(0x94),p1(0x95),p1(0x96),p1(0x97) ;\ | |
11700 | + .long p1(0x98),p1(0x99),p1(0x9a),p1(0x9b),p1(0x9c),p1(0x9d),p1(0x9e),p1(0x9f) | |
11701 | +#define im_data5(p1) \ | |
11702 | + .long p1(0xa0),p1(0xa1),p1(0xa2),p1(0xa3),p1(0xa4),p1(0xa5),p1(0xa6),p1(0xa7) ;\ | |
11703 | + .long p1(0xa8),p1(0xa9),p1(0xaa),p1(0xab),p1(0xac),p1(0xad),p1(0xae),p1(0xaf) ;\ | |
11704 | + .long p1(0xb0),p1(0xb1),p1(0xb2),p1(0xb3),p1(0xb4),p1(0xb5),p1(0xb6),p1(0xb7) ;\ | |
11705 | + .long p1(0xb8),p1(0xb9),p1(0xba),p1(0xbb),p1(0xbc),p1(0xbd),p1(0xbe),p1(0xbf) | |
11706 | +#define im_data6(p1) \ | |
11707 | + .long p1(0xc0),p1(0xc1),p1(0xc2),p1(0xc3),p1(0xc4),p1(0xc5),p1(0xc6),p1(0xc7) ;\ | |
11708 | + .long p1(0xc8),p1(0xc9),p1(0xca),p1(0xcb),p1(0xcc),p1(0xcd),p1(0xce),p1(0xcf) ;\ | |
11709 | + .long p1(0xd0),p1(0xd1),p1(0xd2),p1(0xd3),p1(0xd4),p1(0xd5),p1(0xd6),p1(0xd7) ;\ | |
11710 | + .long p1(0xd8),p1(0xd9),p1(0xda),p1(0xdb),p1(0xdc),p1(0xdd),p1(0xde),p1(0xdf) | |
11711 | +#define im_data7(p1) \ | |
11712 | + .long p1(0xe0),p1(0xe1),p1(0xe2),p1(0xe3),p1(0xe4),p1(0xe5),p1(0xe6),p1(0xe7) ;\ | |
11713 | + .long p1(0xe8),p1(0xe9),p1(0xea),p1(0xeb),p1(0xec),p1(0xed),p1(0xee),p1(0xef) ;\ | |
11714 | + .long p1(0xf0),p1(0xf1),p1(0xf2),p1(0xf3),p1(0xf4),p1(0xf5),p1(0xf6),p1(0xf7) ;\ | |
11715 | + .long p1(0xf8),p1(0xf9),p1(0xfa),p1(0xfb),p1(0xfc),p1(0xfd),p1(0xfe),p1(0xff) | |
11716 | + | |
11717 | +// S-box data - 256 entries | |
11718 | + | |
11719 | +#define sb_data0(p1) \ | |
11720 | + .long p1(0x63),p1(0x7c),p1(0x77),p1(0x7b),p1(0xf2),p1(0x6b),p1(0x6f),p1(0xc5) ;\ | |
11721 | + .long p1(0x30),p1(0x01),p1(0x67),p1(0x2b),p1(0xfe),p1(0xd7),p1(0xab),p1(0x76) ;\ | |
11722 | + .long p1(0xca),p1(0x82),p1(0xc9),p1(0x7d),p1(0xfa),p1(0x59),p1(0x47),p1(0xf0) ;\ | |
11723 | + .long p1(0xad),p1(0xd4),p1(0xa2),p1(0xaf),p1(0x9c),p1(0xa4),p1(0x72),p1(0xc0) | |
11724 | +#define sb_data1(p1) \ | |
11725 | + .long p1(0xb7),p1(0xfd),p1(0x93),p1(0x26),p1(0x36),p1(0x3f),p1(0xf7),p1(0xcc) ;\ | |
11726 | + .long p1(0x34),p1(0xa5),p1(0xe5),p1(0xf1),p1(0x71),p1(0xd8),p1(0x31),p1(0x15) ;\ | |
11727 | + .long p1(0x04),p1(0xc7),p1(0x23),p1(0xc3),p1(0x18),p1(0x96),p1(0x05),p1(0x9a) ;\ | |
11728 | + .long p1(0x07),p1(0x12),p1(0x80),p1(0xe2),p1(0xeb),p1(0x27),p1(0xb2),p1(0x75) | |
11729 | +#define sb_data2(p1) \ | |
11730 | + .long p1(0x09),p1(0x83),p1(0x2c),p1(0x1a),p1(0x1b),p1(0x6e),p1(0x5a),p1(0xa0) ;\ | |
11731 | + .long p1(0x52),p1(0x3b),p1(0xd6),p1(0xb3),p1(0x29),p1(0xe3),p1(0x2f),p1(0x84) ;\ | |
11732 | + .long p1(0x53),p1(0xd1),p1(0x00),p1(0xed),p1(0x20),p1(0xfc),p1(0xb1),p1(0x5b) ;\ | |
11733 | + .long p1(0x6a),p1(0xcb),p1(0xbe),p1(0x39),p1(0x4a),p1(0x4c),p1(0x58),p1(0xcf) | |
11734 | +#define sb_data3(p1) \ | |
11735 | + .long p1(0xd0),p1(0xef),p1(0xaa),p1(0xfb),p1(0x43),p1(0x4d),p1(0x33),p1(0x85) ;\ | |
11736 | + .long p1(0x45),p1(0xf9),p1(0x02),p1(0x7f),p1(0x50),p1(0x3c),p1(0x9f),p1(0xa8) ;\ | |
11737 | + .long p1(0x51),p1(0xa3),p1(0x40),p1(0x8f),p1(0x92),p1(0x9d),p1(0x38),p1(0xf5) ;\ | |
11738 | + .long p1(0xbc),p1(0xb6),p1(0xda),p1(0x21),p1(0x10),p1(0xff),p1(0xf3),p1(0xd2) | |
11739 | +#define sb_data4(p1) \ | |
11740 | + .long p1(0xcd),p1(0x0c),p1(0x13),p1(0xec),p1(0x5f),p1(0x97),p1(0x44),p1(0x17) ;\ | |
11741 | + .long p1(0xc4),p1(0xa7),p1(0x7e),p1(0x3d),p1(0x64),p1(0x5d),p1(0x19),p1(0x73) ;\ | |
11742 | + .long p1(0x60),p1(0x81),p1(0x4f),p1(0xdc),p1(0x22),p1(0x2a),p1(0x90),p1(0x88) ;\ | |
11743 | + .long p1(0x46),p1(0xee),p1(0xb8),p1(0x14),p1(0xde),p1(0x5e),p1(0x0b),p1(0xdb) | |
11744 | +#define sb_data5(p1) \ | |
11745 | + .long p1(0xe0),p1(0x32),p1(0x3a),p1(0x0a),p1(0x49),p1(0x06),p1(0x24),p1(0x5c) ;\ | |
11746 | + .long p1(0xc2),p1(0xd3),p1(0xac),p1(0x62),p1(0x91),p1(0x95),p1(0xe4),p1(0x79) ;\ | |
11747 | + .long p1(0xe7),p1(0xc8),p1(0x37),p1(0x6d),p1(0x8d),p1(0xd5),p1(0x4e),p1(0xa9) ;\ | |
11748 | + .long p1(0x6c),p1(0x56),p1(0xf4),p1(0xea),p1(0x65),p1(0x7a),p1(0xae),p1(0x08) | |
11749 | +#define sb_data6(p1) \ | |
11750 | + .long p1(0xba),p1(0x78),p1(0x25),p1(0x2e),p1(0x1c),p1(0xa6),p1(0xb4),p1(0xc6) ;\ | |
11751 | + .long p1(0xe8),p1(0xdd),p1(0x74),p1(0x1f),p1(0x4b),p1(0xbd),p1(0x8b),p1(0x8a) ;\ | |
11752 | + .long p1(0x70),p1(0x3e),p1(0xb5),p1(0x66),p1(0x48),p1(0x03),p1(0xf6),p1(0x0e) ;\ | |
11753 | + .long p1(0x61),p1(0x35),p1(0x57),p1(0xb9),p1(0x86),p1(0xc1),p1(0x1d),p1(0x9e) | |
11754 | +#define sb_data7(p1) \ | |
11755 | + .long p1(0xe1),p1(0xf8),p1(0x98),p1(0x11),p1(0x69),p1(0xd9),p1(0x8e),p1(0x94) ;\ | |
11756 | + .long p1(0x9b),p1(0x1e),p1(0x87),p1(0xe9),p1(0xce),p1(0x55),p1(0x28),p1(0xdf) ;\ | |
11757 | + .long p1(0x8c),p1(0xa1),p1(0x89),p1(0x0d),p1(0xbf),p1(0xe6),p1(0x42),p1(0x68) ;\ | |
11758 | + .long p1(0x41),p1(0x99),p1(0x2d),p1(0x0f),p1(0xb0),p1(0x54),p1(0xbb),p1(0x16) | |
11759 | + | |
11760 | +// Inverse S-box data - 256 entries | |
11761 | + | |
11762 | +#define ib_data0(p1) \ | |
11763 | + .long p1(0x52),p1(0x09),p1(0x6a),p1(0xd5),p1(0x30),p1(0x36),p1(0xa5),p1(0x38) ;\ | |
11764 | + .long p1(0xbf),p1(0x40),p1(0xa3),p1(0x9e),p1(0x81),p1(0xf3),p1(0xd7),p1(0xfb) ;\ | |
11765 | + .long p1(0x7c),p1(0xe3),p1(0x39),p1(0x82),p1(0x9b),p1(0x2f),p1(0xff),p1(0x87) ;\ | |
11766 | + .long p1(0x34),p1(0x8e),p1(0x43),p1(0x44),p1(0xc4),p1(0xde),p1(0xe9),p1(0xcb) | |
11767 | +#define ib_data1(p1) \ | |
11768 | + .long p1(0x54),p1(0x7b),p1(0x94),p1(0x32),p1(0xa6),p1(0xc2),p1(0x23),p1(0x3d) ;\ | |
11769 | + .long p1(0xee),p1(0x4c),p1(0x95),p1(0x0b),p1(0x42),p1(0xfa),p1(0xc3),p1(0x4e) ;\ | |
11770 | + .long p1(0x08),p1(0x2e),p1(0xa1),p1(0x66),p1(0x28),p1(0xd9),p1(0x24),p1(0xb2) ;\ | |
11771 | + .long p1(0x76),p1(0x5b),p1(0xa2),p1(0x49),p1(0x6d),p1(0x8b),p1(0xd1),p1(0x25) | |
11772 | +#define ib_data2(p1) \ | |
11773 | + .long p1(0x72),p1(0xf8),p1(0xf6),p1(0x64),p1(0x86),p1(0x68),p1(0x98),p1(0x16) ;\ | |
11774 | + .long p1(0xd4),p1(0xa4),p1(0x5c),p1(0xcc),p1(0x5d),p1(0x65),p1(0xb6),p1(0x92) ;\ | |
11775 | + .long p1(0x6c),p1(0x70),p1(0x48),p1(0x50),p1(0xfd),p1(0xed),p1(0xb9),p1(0xda) ;\ | |
11776 | + .long p1(0x5e),p1(0x15),p1(0x46),p1(0x57),p1(0xa7),p1(0x8d),p1(0x9d),p1(0x84) | |
11777 | +#define ib_data3(p1) \ | |
11778 | + .long p1(0x90),p1(0xd8),p1(0xab),p1(0x00),p1(0x8c),p1(0xbc),p1(0xd3),p1(0x0a) ;\ | |
11779 | + .long p1(0xf7),p1(0xe4),p1(0x58),p1(0x05),p1(0xb8),p1(0xb3),p1(0x45),p1(0x06) ;\ | |
11780 | + .long p1(0xd0),p1(0x2c),p1(0x1e),p1(0x8f),p1(0xca),p1(0x3f),p1(0x0f),p1(0x02) ;\ | |
11781 | + .long p1(0xc1),p1(0xaf),p1(0xbd),p1(0x03),p1(0x01),p1(0x13),p1(0x8a),p1(0x6b) | |
11782 | +#define ib_data4(p1) \ | |
11783 | + .long p1(0x3a),p1(0x91),p1(0x11),p1(0x41),p1(0x4f),p1(0x67),p1(0xdc),p1(0xea) ;\ | |
11784 | + .long p1(0x97),p1(0xf2),p1(0xcf),p1(0xce),p1(0xf0),p1(0xb4),p1(0xe6),p1(0x73) ;\ | |
11785 | + .long p1(0x96),p1(0xac),p1(0x74),p1(0x22),p1(0xe7),p1(0xad),p1(0x35),p1(0x85) ;\ | |
11786 | + .long p1(0xe2),p1(0xf9),p1(0x37),p1(0xe8),p1(0x1c),p1(0x75),p1(0xdf),p1(0x6e) | |
11787 | +#define ib_data5(p1) \ | |
11788 | + .long p1(0x47),p1(0xf1),p1(0x1a),p1(0x71),p1(0x1d),p1(0x29),p1(0xc5),p1(0x89) ;\ | |
11789 | + .long p1(0x6f),p1(0xb7),p1(0x62),p1(0x0e),p1(0xaa),p1(0x18),p1(0xbe),p1(0x1b) ;\ | |
11790 | + .long p1(0xfc),p1(0x56),p1(0x3e),p1(0x4b),p1(0xc6),p1(0xd2),p1(0x79),p1(0x20) ;\ | |
11791 | + .long p1(0x9a),p1(0xdb),p1(0xc0),p1(0xfe),p1(0x78),p1(0xcd),p1(0x5a),p1(0xf4) | |
11792 | +#define ib_data6(p1) \ | |
11793 | + .long p1(0x1f),p1(0xdd),p1(0xa8),p1(0x33),p1(0x88),p1(0x07),p1(0xc7),p1(0x31) ;\ | |
11794 | + .long p1(0xb1),p1(0x12),p1(0x10),p1(0x59),p1(0x27),p1(0x80),p1(0xec),p1(0x5f) ;\ | |
11795 | + .long p1(0x60),p1(0x51),p1(0x7f),p1(0xa9),p1(0x19),p1(0xb5),p1(0x4a),p1(0x0d) ;\ | |
11796 | + .long p1(0x2d),p1(0xe5),p1(0x7a),p1(0x9f),p1(0x93),p1(0xc9),p1(0x9c),p1(0xef) | |
11797 | +#define ib_data7(p1) \ | |
11798 | + .long p1(0xa0),p1(0xe0),p1(0x3b),p1(0x4d),p1(0xae),p1(0x2a),p1(0xf5),p1(0xb0) ;\ | |
11799 | + .long p1(0xc8),p1(0xeb),p1(0xbb),p1(0x3c),p1(0x83),p1(0x53),p1(0x99),p1(0x61) ;\ | |
11800 | + .long p1(0x17),p1(0x2b),p1(0x04),p1(0x7e),p1(0xba),p1(0x77),p1(0xd6),p1(0x26) ;\ | |
11801 | + .long p1(0xe1),p1(0x69),p1(0x14),p1(0x63),p1(0x55),p1(0x21),p1(0x0c),p1(0x7d) | |
11802 | + | |
11803 | +// The rcon_table (needed for the key schedule) | |
11804 | +// | |
11805 | +// Here is original Dr Brian Gladman's source code: | |
11806 | +// _rcon_tab: | |
11807 | +// %assign x 1 | |
11808 | +// %rep 29 | |
11809 | +// dd x | |
11810 | +// %assign x f2(x) | |
11811 | +// %endrep | |
11812 | +// | |
11813 | +// Here is precomputed output (it's more portable this way): | |
11814 | + | |
11815 | + .align ALIGN32BYTES | |
11816 | +aes_rcon_tab: | |
11817 | + .long 0x01,0x02,0x04,0x08,0x10,0x20,0x40,0x80 | |
11818 | + .long 0x1b,0x36,0x6c,0xd8,0xab,0x4d,0x9a,0x2f | |
11819 | + .long 0x5e,0xbc,0x63,0xc6,0x97,0x35,0x6a,0xd4 | |
11820 | + .long 0xb3,0x7d,0xfa,0xef,0xc5 | |
11821 | + | |
11822 | +// The forward xor tables | |
11823 | + | |
11824 | + .align ALIGN32BYTES | |
11825 | +aes_ft_tab: | |
11826 | + sb_data0(u0) | |
11827 | + sb_data1(u0) | |
11828 | + sb_data2(u0) | |
11829 | + sb_data3(u0) | |
11830 | + sb_data4(u0) | |
11831 | + sb_data5(u0) | |
11832 | + sb_data6(u0) | |
11833 | + sb_data7(u0) | |
11834 | + | |
11835 | + sb_data0(u1) | |
11836 | + sb_data1(u1) | |
11837 | + sb_data2(u1) | |
11838 | + sb_data3(u1) | |
11839 | + sb_data4(u1) | |
11840 | + sb_data5(u1) | |
11841 | + sb_data6(u1) | |
11842 | + sb_data7(u1) | |
11843 | + | |
11844 | + sb_data0(u2) | |
11845 | + sb_data1(u2) | |
11846 | + sb_data2(u2) | |
11847 | + sb_data3(u2) | |
11848 | + sb_data4(u2) | |
11849 | + sb_data5(u2) | |
11850 | + sb_data6(u2) | |
11851 | + sb_data7(u2) | |
11852 | + | |
11853 | + sb_data0(u3) | |
11854 | + sb_data1(u3) | |
11855 | + sb_data2(u3) | |
11856 | + sb_data3(u3) | |
11857 | + sb_data4(u3) | |
11858 | + sb_data5(u3) | |
11859 | + sb_data6(u3) | |
11860 | + sb_data7(u3) | |
11861 | + | |
11862 | + .align ALIGN32BYTES | |
11863 | +aes_fl_tab: | |
11864 | + sb_data0(w0) | |
11865 | + sb_data1(w0) | |
11866 | + sb_data2(w0) | |
11867 | + sb_data3(w0) | |
11868 | + sb_data4(w0) | |
11869 | + sb_data5(w0) | |
11870 | + sb_data6(w0) | |
11871 | + sb_data7(w0) | |
11872 | + | |
11873 | + sb_data0(w1) | |
11874 | + sb_data1(w1) | |
11875 | + sb_data2(w1) | |
11876 | + sb_data3(w1) | |
11877 | + sb_data4(w1) | |
11878 | + sb_data5(w1) | |
11879 | + sb_data6(w1) | |
11880 | + sb_data7(w1) | |
11881 | + | |
11882 | + sb_data0(w2) | |
11883 | + sb_data1(w2) | |
11884 | + sb_data2(w2) | |
11885 | + sb_data3(w2) | |
11886 | + sb_data4(w2) | |
11887 | + sb_data5(w2) | |
11888 | + sb_data6(w2) | |
11889 | + sb_data7(w2) | |
11890 | + | |
11891 | + sb_data0(w3) | |
11892 | + sb_data1(w3) | |
11893 | + sb_data2(w3) | |
11894 | + sb_data3(w3) | |
11895 | + sb_data4(w3) | |
11896 | + sb_data5(w3) | |
11897 | + sb_data6(w3) | |
11898 | + sb_data7(w3) | |
11899 | + | |
11900 | +// The inverse xor tables | |
11901 | + | |
11902 | + .align ALIGN32BYTES | |
11903 | +aes_it_tab: | |
11904 | + ib_data0(v0) | |
11905 | + ib_data1(v0) | |
11906 | + ib_data2(v0) | |
11907 | + ib_data3(v0) | |
11908 | + ib_data4(v0) | |
11909 | + ib_data5(v0) | |
11910 | + ib_data6(v0) | |
11911 | + ib_data7(v0) | |
11912 | + | |
11913 | + ib_data0(v1) | |
11914 | + ib_data1(v1) | |
11915 | + ib_data2(v1) | |
11916 | + ib_data3(v1) | |
11917 | + ib_data4(v1) | |
11918 | + ib_data5(v1) | |
11919 | + ib_data6(v1) | |
11920 | + ib_data7(v1) | |
11921 | + | |
11922 | + ib_data0(v2) | |
11923 | + ib_data1(v2) | |
11924 | + ib_data2(v2) | |
11925 | + ib_data3(v2) | |
11926 | + ib_data4(v2) | |
11927 | + ib_data5(v2) | |
11928 | + ib_data6(v2) | |
11929 | + ib_data7(v2) | |
11930 | + | |
11931 | + ib_data0(v3) | |
11932 | + ib_data1(v3) | |
11933 | + ib_data2(v3) | |
11934 | + ib_data3(v3) | |
11935 | + ib_data4(v3) | |
11936 | + ib_data5(v3) | |
11937 | + ib_data6(v3) | |
11938 | + ib_data7(v3) | |
11939 | + | |
11940 | + .align ALIGN32BYTES | |
11941 | +aes_il_tab: | |
11942 | + ib_data0(w0) | |
11943 | + ib_data1(w0) | |
11944 | + ib_data2(w0) | |
11945 | + ib_data3(w0) | |
11946 | + ib_data4(w0) | |
11947 | + ib_data5(w0) | |
11948 | + ib_data6(w0) | |
11949 | + ib_data7(w0) | |
11950 | + | |
11951 | + ib_data0(w1) | |
11952 | + ib_data1(w1) | |
11953 | + ib_data2(w1) | |
11954 | + ib_data3(w1) | |
11955 | + ib_data4(w1) | |
11956 | + ib_data5(w1) | |
11957 | + ib_data6(w1) | |
11958 | + ib_data7(w1) | |
11959 | + | |
11960 | + ib_data0(w2) | |
11961 | + ib_data1(w2) | |
11962 | + ib_data2(w2) | |
11963 | + ib_data3(w2) | |
11964 | + ib_data4(w2) | |
11965 | + ib_data5(w2) | |
11966 | + ib_data6(w2) | |
11967 | + ib_data7(w2) | |
11968 | + | |
11969 | + ib_data0(w3) | |
11970 | + ib_data1(w3) | |
11971 | + ib_data2(w3) | |
11972 | + ib_data3(w3) | |
11973 | + ib_data4(w3) | |
11974 | + ib_data5(w3) | |
11975 | + ib_data6(w3) | |
11976 | + ib_data7(w3) | |
11977 | + | |
11978 | +// The inverse mix column tables | |
11979 | + | |
11980 | + .align ALIGN32BYTES | |
11981 | +aes_im_tab: | |
11982 | + im_data0(v0) | |
11983 | + im_data1(v0) | |
11984 | + im_data2(v0) | |
11985 | + im_data3(v0) | |
11986 | + im_data4(v0) | |
11987 | + im_data5(v0) | |
11988 | + im_data6(v0) | |
11989 | + im_data7(v0) | |
11990 | + | |
11991 | + im_data0(v1) | |
11992 | + im_data1(v1) | |
11993 | + im_data2(v1) | |
11994 | + im_data3(v1) | |
11995 | + im_data4(v1) | |
11996 | + im_data5(v1) | |
11997 | + im_data6(v1) | |
11998 | + im_data7(v1) | |
11999 | + | |
12000 | + im_data0(v2) | |
12001 | + im_data1(v2) | |
12002 | + im_data2(v2) | |
12003 | + im_data3(v2) | |
12004 | + im_data4(v2) | |
12005 | + im_data5(v2) | |
12006 | + im_data6(v2) | |
12007 | + im_data7(v2) | |
12008 | + | |
12009 | + im_data0(v3) | |
12010 | + im_data1(v3) | |
12011 | + im_data2(v3) | |
12012 | + im_data3(v3) | |
12013 | + im_data4(v3) | |
12014 | + im_data5(v3) | |
12015 | + im_data6(v3) | |
12016 | + im_data7(v3) | |
12017 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
12018 | +++ linux/net/ipsec/aes/aes.c Mon Feb 9 13:51:03 2004 | |
12019 | @@ -0,0 +1,1415 @@ | |
12020 | +// I retain copyright in this code but I encourage its free use provided | |
12021 | +// that I don't carry any responsibility for the results. I am especially | |
12022 | +// happy to see it used in free and open source software. If you do use | |
12023 | +// it I would appreciate an acknowledgement of its origin in the code or | |
12024 | +// the product that results and I would also appreciate knowing a little | |
12025 | +// about the use to which it is being put. I am grateful to Frank Yellin | |
12026 | +// for some ideas that are used in this implementation. | |
12027 | +// | |
12028 | +// Dr B. R. Gladman <brg@gladman.uk.net> 6th April 2001. | |
12029 | +// | |
12030 | +// This is an implementation of the AES encryption algorithm (Rijndael) | |
12031 | +// designed by Joan Daemen and Vincent Rijmen. This version is designed | |
12032 | +// to provide both fixed and dynamic block and key lengths and can also | |
12033 | +// run with either big or little endian internal byte order (see aes.h). | |
12034 | +// It inputs block and key lengths in bytes with the legal values being | |
12035 | +// 16, 24 and 32. | |
12036 | + | |
12037 | +/* | |
12038 | + * Modified by Jari Ruusu, May 1 2001 | |
12039 | + * - Fixed some compile warnings, code was ok but gcc warned anyway. | |
12040 | + * - Changed basic types: byte -> unsigned char, word -> u_int32_t | |
12041 | + * - Major name space cleanup: Names visible to outside now begin | |
12042 | + * with "aes_" or "AES_". A lot of stuff moved from aes.h to aes.c | |
12043 | + * - Removed C++ and DLL support as part of name space cleanup. | |
12044 | + * - Eliminated unnecessary recomputation of tables. (actual bug fix) | |
12045 | + * - Merged precomputed constant tables to aes.c file. | |
12046 | + * - Removed data alignment restrictions for portability reasons. | |
12047 | + * - Made block and key lengths accept bit count (128/192/256) | |
12048 | + * as well byte count (16/24/32). | |
12049 | + * - Removed all error checks. This change also eliminated the need | |
12050 | + * to preinitialize the context struct to zero. | |
12051 | + * - Removed some totally unused constants. | |
12052 | + */ | |
12053 | + | |
12054 | +#include "crypto/aes.h" | |
12055 | + | |
12056 | +// CONFIGURATION OPTIONS (see also aes.h) | |
12057 | +// | |
12058 | +// 1. Define UNROLL for full loop unrolling in encryption and decryption. | |
12059 | +// 2. Define PARTIAL_UNROLL to unroll two loops in encryption and decryption. | |
12060 | +// 3. Define FIXED_TABLES for compiled rather than dynamic tables. | |
12061 | +// 4. Define FF_TABLES to use tables for field multiplies and inverses. | |
12062 | +// Do not enable this without understanding stack space requirements. | |
12063 | +// 5. Define ARRAYS to use arrays to hold the local state block. If this | |
12064 | +// is not defined, individually declared 32-bit words are used. | |
12065 | +// 6. Define FAST_VARIABLE if a high speed variable block implementation | |
12066 | +// is needed (essentially three separate fixed block size code sequences) | |
12067 | +// 7. Define either ONE_TABLE or FOUR_TABLES for a fast table driven | |
12068 | +// version using 1 table (2 kbytes of table space) or 4 tables (8 | |
12069 | +// kbytes of table space) for higher speed. | |
12070 | +// 8. Define either ONE_LR_TABLE or FOUR_LR_TABLES for a further speed | |
12071 | +// increase by using tables for the last rounds but with more table | |
12072 | +// space (2 or 8 kbytes extra). | |
12073 | +// 9. If neither ONE_TABLE nor FOUR_TABLES is defined, a compact but | |
12074 | +// slower version is provided. | |
12075 | +// 10. If fast decryption key scheduling is needed define ONE_IM_TABLE | |
12076 | +// or FOUR_IM_TABLES for higher speed (2 or 8 kbytes extra). | |
12077 | + | |
12078 | +#define UNROLL | |
12079 | +//#define PARTIAL_UNROLL | |
12080 | + | |
12081 | +#define FIXED_TABLES | |
12082 | +//#define FF_TABLES | |
12083 | +//#define ARRAYS | |
12084 | +#define FAST_VARIABLE | |
12085 | + | |
12086 | +//#define ONE_TABLE | |
12087 | +#define FOUR_TABLES | |
12088 | + | |
12089 | +//#define ONE_LR_TABLE | |
12090 | +#define FOUR_LR_TABLES | |
12091 | + | |
12092 | +//#define ONE_IM_TABLE | |
12093 | +#define FOUR_IM_TABLES | |
12094 | + | |
12095 | +#if defined(UNROLL) && defined (PARTIAL_UNROLL) | |
12096 | +#error both UNROLL and PARTIAL_UNROLL are defined | |
12097 | +#endif | |
12098 | + | |
12099 | +#if defined(ONE_TABLE) && defined (FOUR_TABLES) | |
12100 | +#error both ONE_TABLE and FOUR_TABLES are defined | |
12101 | +#endif | |
12102 | + | |
12103 | +#if defined(ONE_LR_TABLE) && defined (FOUR_LR_TABLES) | |
12104 | +#error both ONE_LR_TABLE and FOUR_LR_TABLES are defined | |
12105 | +#endif | |
12106 | + | |
12107 | +#if defined(ONE_IM_TABLE) && defined (FOUR_IM_TABLES) | |
12108 | +#error both ONE_IM_TABLE and FOUR_IM_TABLES are defined | |
12109 | +#endif | |
12110 | + | |
12111 | +#if defined(AES_BLOCK_SIZE) && AES_BLOCK_SIZE != 16 && AES_BLOCK_SIZE != 24 && AES_BLOCK_SIZE != 32 | |
12112 | +#error an illegal block size has been specified | |
12113 | +#endif | |
12114 | + | |
12115 | +// upr(x,n): rotates bytes within words by n positions, moving bytes | |
12116 | +// to higher index positions with wrap around into low positions | |
12117 | +// ups(x,n): moves bytes by n positions to higher index positions in | |
12118 | +// words but without wrap around | |
12119 | +// bval(x,n): extracts a byte from a word | |
12120 | + | |
12121 | +#define upr(x,n) (((x) << 8 * (n)) | ((x) >> (32 - 8 * (n)))) | |
12122 | +#define ups(x,n) ((x) << 8 * (n)) | |
12123 | +#define bval(x,n) ((unsigned char)((x) >> 8 * (n))) | |
12124 | +#define bytes2word(b0, b1, b2, b3) \ | |
12125 | + ((u_int32_t)(b3) << 24 | (u_int32_t)(b2) << 16 | (u_int32_t)(b1) << 8 | (b0)) | |
12126 | + | |
12127 | + | |
12128 | +/* little endian processor without data alignment restrictions: AES_LE_OK */ | |
12129 | +/* original code: i386 */ | |
12130 | +#if defined(i386) || defined(_I386) || defined(__i386__) || defined(__i386) | |
12131 | +#define AES_LE_OK 1 | |
12132 | +/* added (tested): alpha --jjo */ | |
12133 | +#elif defined(__alpha__)|| defined (__alpha) | |
12134 | +#define AES_LE_OK 1 | |
12135 | +/* added (tested): ia64 --jjo */ | |
12136 | +#elif defined(__ia64__)|| defined (__ia64) | |
12137 | +#define AES_LE_OK 1 | |
12138 | +#endif | |
12139 | + | |
12140 | +#ifdef AES_LE_OK | |
12141 | +/* little endian processor without data alignment restrictions */ | |
12142 | +#define word_in(x) *(u_int32_t*)(x) | |
12143 | +#define const_word_in(x) *(const u_int32_t*)(x) | |
12144 | +#define word_out(x,v) *(u_int32_t*)(x) = (v) | |
12145 | +#define const_word_out(x,v) *(const u_int32_t*)(x) = (v) | |
12146 | +#else | |
12147 | +/* slower but generic big endian or with data alignment restrictions */ | |
12148 | +/* some additional "const" touches to stop "gcc -Wcast-qual" complains --jjo */ | |
12149 | +#define word_in(x) ((u_int32_t)(((unsigned char *)(x))[0])|((u_int32_t)(((unsigned char *)(x))[1])<<8)|((u_int32_t)(((unsigned char *)(x))[2])<<16)|((u_int32_t)(((unsigned char *)(x))[3])<<24)) | |
12150 | +#define const_word_in(x) ((const u_int32_t)(((const unsigned char *)(x))[0])|((const u_int32_t)(((const unsigned char *)(x))[1])<<8)|((const u_int32_t)(((const unsigned char *)(x))[2])<<16)|((const u_int32_t)(((const unsigned char *)(x))[3])<<24)) | |
12151 | +#define word_out(x,v) ((unsigned char *)(x))[0]=(v),((unsigned char *)(x))[1]=((v)>>8),((unsigned char *)(x))[2]=((v)>>16),((unsigned char *)(x))[3]=((v)>>24) | |
12152 | +#define const_word_out(x,v) ((const unsigned char *)(x))[0]=(v),((const unsigned char *)(x))[1]=((v)>>8),((const unsigned char *)(x))[2]=((v)>>16),((const unsigned char *)(x))[3]=((v)>>24) | |
12153 | +#endif | |
12154 | + | |
12155 | +// Disable at least some poor combinations of options | |
12156 | + | |
12157 | +#if !defined(ONE_TABLE) && !defined(FOUR_TABLES) | |
12158 | +#define FIXED_TABLES | |
12159 | +#undef UNROLL | |
12160 | +#undef ONE_LR_TABLE | |
12161 | +#undef FOUR_LR_TABLES | |
12162 | +#undef ONE_IM_TABLE | |
12163 | +#undef FOUR_IM_TABLES | |
12164 | +#elif !defined(FOUR_TABLES) | |
12165 | +#ifdef FOUR_LR_TABLES | |
12166 | +#undef FOUR_LR_TABLES | |
12167 | +#define ONE_LR_TABLE | |
12168 | +#endif | |
12169 | +#ifdef FOUR_IM_TABLES | |
12170 | +#undef FOUR_IM_TABLES | |
12171 | +#define ONE_IM_TABLE | |
12172 | +#endif | |
12173 | +#elif !defined(AES_BLOCK_SIZE) | |
12174 | +#if defined(UNROLL) | |
12175 | +#define PARTIAL_UNROLL | |
12176 | +#undef UNROLL | |
12177 | +#endif | |
12178 | +#endif | |
12179 | + | |
12180 | +// the finite field modular polynomial and elements | |
12181 | + | |
12182 | +#define ff_poly 0x011b | |
12183 | +#define ff_hi 0x80 | |
12184 | + | |
12185 | +// multiply four bytes in GF(2^8) by 'x' {02} in parallel | |
12186 | + | |
12187 | +#define m1 0x80808080 | |
12188 | +#define m2 0x7f7f7f7f | |
12189 | +#define m3 0x0000001b | |
12190 | +#define FFmulX(x) ((((x) & m2) << 1) ^ ((((x) & m1) >> 7) * m3)) | |
12191 | + | |
12192 | +// The following defines provide alternative definitions of FFmulX that might | |
12193 | +// give improved performance if a fast 32-bit multiply is not available. Note | |
12194 | +// that a temporary variable u needs to be defined where FFmulX is used. | |
12195 | + | |
12196 | +// #define FFmulX(x) (u = (x) & m1, u |= (u >> 1), ((x) & m2) << 1) ^ ((u >> 3) | (u >> 6)) | |
12197 | +// #define m4 0x1b1b1b1b | |
12198 | +// #define FFmulX(x) (u = (x) & m1, ((x) & m2) << 1) ^ ((u - (u >> 7)) & m4) | |
12199 | + | |
12200 | +// perform column mix operation on four bytes in parallel | |
12201 | + | |
12202 | +#define fwd_mcol(x) (f2 = FFmulX(x), f2 ^ upr(x ^ f2,3) ^ upr(x,2) ^ upr(x,1)) | |
12203 | + | |
12204 | +#if defined(FIXED_TABLES) | |
12205 | + | |
12206 | +// the S-Box table | |
12207 | + | |
12208 | +static const unsigned char s_box[256] = | |
12209 | +{ | |
12210 | + 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, | |
12211 | + 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76, | |
12212 | + 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, | |
12213 | + 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0, | |
12214 | + 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, | |
12215 | + 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15, | |
12216 | + 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, | |
12217 | + 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75, | |
12218 | + 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, | |
12219 | + 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84, | |
12220 | + 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, | |
12221 | + 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf, | |
12222 | + 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, | |
12223 | + 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8, | |
12224 | + 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, | |
12225 | + 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2, | |
12226 | + 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, | |
12227 | + 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73, | |
12228 | + 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, | |
12229 | + 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb, | |
12230 | + 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, | |
12231 | + 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79, | |
12232 | + 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, | |
12233 | + 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08, | |
12234 | + 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, | |
12235 | + 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a, | |
12236 | + 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, | |
12237 | + 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e, | |
12238 | + 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, | |
12239 | + 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf, | |
12240 | + 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, | |
12241 | + 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16 | |
12242 | +}; | |
12243 | + | |
12244 | +// the inverse S-Box table | |
12245 | + | |
12246 | +static const unsigned char inv_s_box[256] = | |
12247 | +{ | |
12248 | + 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, | |
12249 | + 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb, | |
12250 | + 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87, | |
12251 | + 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb, | |
12252 | + 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d, | |
12253 | + 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e, | |
12254 | + 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2, | |
12255 | + 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25, | |
12256 | + 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16, | |
12257 | + 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92, | |
12258 | + 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda, | |
12259 | + 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84, | |
12260 | + 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a, | |
12261 | + 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06, | |
12262 | + 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02, | |
12263 | + 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b, | |
12264 | + 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea, | |
12265 | + 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73, | |
12266 | + 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85, | |
12267 | + 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e, | |
12268 | + 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89, | |
12269 | + 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b, | |
12270 | + 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20, | |
12271 | + 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4, | |
12272 | + 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31, | |
12273 | + 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f, | |
12274 | + 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d, | |
12275 | + 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef, | |
12276 | + 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0, | |
12277 | + 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61, | |
12278 | + 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26, | |
12279 | + 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d | |
12280 | +}; | |
12281 | + | |
12282 | +#define w0(p) 0x000000##p | |
12283 | + | |
12284 | +// Number of elements required in this table for different | |
12285 | +// block and key lengths is: | |
12286 | +// | |
12287 | +// Nk = 4 6 8 | |
12288 | +// ---------- | |
12289 | +// Nb = 4 | 10 8 7 | |
12290 | +// 6 | 19 12 11 | |
12291 | +// 8 | 29 19 14 | |
12292 | +// | |
12293 | +// this table can be a table of bytes if the key schedule | |
12294 | +// code is adjusted accordingly | |
12295 | + | |
12296 | +static const u_int32_t rcon_tab[29] = | |
12297 | +{ | |
12298 | + w0(01), w0(02), w0(04), w0(08), | |
12299 | + w0(10), w0(20), w0(40), w0(80), | |
12300 | + w0(1b), w0(36), w0(6c), w0(d8), | |
12301 | + w0(ab), w0(4d), w0(9a), w0(2f), | |
12302 | + w0(5e), w0(bc), w0(63), w0(c6), | |
12303 | + w0(97), w0(35), w0(6a), w0(d4), | |
12304 | + w0(b3), w0(7d), w0(fa), w0(ef), | |
12305 | + w0(c5) | |
12306 | +}; | |
12307 | + | |
12308 | +#undef w0 | |
12309 | + | |
12310 | +#define r0(p,q,r,s) 0x##p##q##r##s | |
12311 | +#define r1(p,q,r,s) 0x##q##r##s##p | |
12312 | +#define r2(p,q,r,s) 0x##r##s##p##q | |
12313 | +#define r3(p,q,r,s) 0x##s##p##q##r | |
12314 | +#define w0(p) 0x000000##p | |
12315 | +#define w1(p) 0x0000##p##00 | |
12316 | +#define w2(p) 0x00##p##0000 | |
12317 | +#define w3(p) 0x##p##000000 | |
12318 | + | |
12319 | +#if defined(FIXED_TABLES) && (defined(ONE_TABLE) || defined(FOUR_TABLES)) | |
12320 | + | |
12321 | +// data for forward tables (other than last round) | |
12322 | + | |
12323 | +#define f_table \ | |
12324 | + r(a5,63,63,c6), r(84,7c,7c,f8), r(99,77,77,ee), r(8d,7b,7b,f6),\ | |
12325 | + r(0d,f2,f2,ff), r(bd,6b,6b,d6), r(b1,6f,6f,de), r(54,c5,c5,91),\ | |
12326 | + r(50,30,30,60), r(03,01,01,02), r(a9,67,67,ce), r(7d,2b,2b,56),\ | |
12327 | + r(19,fe,fe,e7), r(62,d7,d7,b5), r(e6,ab,ab,4d), r(9a,76,76,ec),\ | |
12328 | + r(45,ca,ca,8f), r(9d,82,82,1f), r(40,c9,c9,89), r(87,7d,7d,fa),\ | |
12329 | + r(15,fa,fa,ef), r(eb,59,59,b2), r(c9,47,47,8e), r(0b,f0,f0,fb),\ | |
12330 | + r(ec,ad,ad,41), r(67,d4,d4,b3), r(fd,a2,a2,5f), r(ea,af,af,45),\ | |
12331 | + r(bf,9c,9c,23), r(f7,a4,a4,53), r(96,72,72,e4), r(5b,c0,c0,9b),\ | |
12332 | + r(c2,b7,b7,75), r(1c,fd,fd,e1), r(ae,93,93,3d), r(6a,26,26,4c),\ | |
12333 | + r(5a,36,36,6c), r(41,3f,3f,7e), r(02,f7,f7,f5), r(4f,cc,cc,83),\ | |
12334 | + r(5c,34,34,68), r(f4,a5,a5,51), r(34,e5,e5,d1), r(08,f1,f1,f9),\ | |
12335 | + r(93,71,71,e2), r(73,d8,d8,ab), r(53,31,31,62), r(3f,15,15,2a),\ | |
12336 | + r(0c,04,04,08), r(52,c7,c7,95), r(65,23,23,46), r(5e,c3,c3,9d),\ | |
12337 | + r(28,18,18,30), r(a1,96,96,37), r(0f,05,05,0a), r(b5,9a,9a,2f),\ | |
12338 | + r(09,07,07,0e), r(36,12,12,24), r(9b,80,80,1b), r(3d,e2,e2,df),\ | |
12339 | + r(26,eb,eb,cd), r(69,27,27,4e), r(cd,b2,b2,7f), r(9f,75,75,ea),\ | |
12340 | + r(1b,09,09,12), r(9e,83,83,1d), r(74,2c,2c,58), r(2e,1a,1a,34),\ | |
12341 | + r(2d,1b,1b,36), r(b2,6e,6e,dc), r(ee,5a,5a,b4), r(fb,a0,a0,5b),\ | |
12342 | + r(f6,52,52,a4), r(4d,3b,3b,76), r(61,d6,d6,b7), r(ce,b3,b3,7d),\ | |
12343 | + r(7b,29,29,52), r(3e,e3,e3,dd), r(71,2f,2f,5e), r(97,84,84,13),\ | |
12344 | + r(f5,53,53,a6), r(68,d1,d1,b9), r(00,00,00,00), r(2c,ed,ed,c1),\ | |
12345 | + r(60,20,20,40), r(1f,fc,fc,e3), r(c8,b1,b1,79), r(ed,5b,5b,b6),\ | |
12346 | + r(be,6a,6a,d4), r(46,cb,cb,8d), r(d9,be,be,67), r(4b,39,39,72),\ | |
12347 | + r(de,4a,4a,94), r(d4,4c,4c,98), r(e8,58,58,b0), r(4a,cf,cf,85),\ | |
12348 | + r(6b,d0,d0,bb), r(2a,ef,ef,c5), r(e5,aa,aa,4f), r(16,fb,fb,ed),\ | |
12349 | + r(c5,43,43,86), r(d7,4d,4d,9a), r(55,33,33,66), r(94,85,85,11),\ | |
12350 | + r(cf,45,45,8a), r(10,f9,f9,e9), r(06,02,02,04), r(81,7f,7f,fe),\ | |
12351 | + r(f0,50,50,a0), r(44,3c,3c,78), r(ba,9f,9f,25), r(e3,a8,a8,4b),\ | |
12352 | + r(f3,51,51,a2), r(fe,a3,a3,5d), r(c0,40,40,80), r(8a,8f,8f,05),\ | |
12353 | + r(ad,92,92,3f), r(bc,9d,9d,21), r(48,38,38,70), r(04,f5,f5,f1),\ | |
12354 | + r(df,bc,bc,63), r(c1,b6,b6,77), r(75,da,da,af), r(63,21,21,42),\ | |
12355 | + r(30,10,10,20), r(1a,ff,ff,e5), r(0e,f3,f3,fd), r(6d,d2,d2,bf),\ | |
12356 | + r(4c,cd,cd,81), r(14,0c,0c,18), r(35,13,13,26), r(2f,ec,ec,c3),\ | |
12357 | + r(e1,5f,5f,be), r(a2,97,97,35), r(cc,44,44,88), r(39,17,17,2e),\ | |
12358 | + r(57,c4,c4,93), r(f2,a7,a7,55), r(82,7e,7e,fc), r(47,3d,3d,7a),\ | |
12359 | + r(ac,64,64,c8), r(e7,5d,5d,ba), r(2b,19,19,32), r(95,73,73,e6),\ | |
12360 | + r(a0,60,60,c0), r(98,81,81,19), r(d1,4f,4f,9e), r(7f,dc,dc,a3),\ | |
12361 | + r(66,22,22,44), r(7e,2a,2a,54), r(ab,90,90,3b), r(83,88,88,0b),\ | |
12362 | + r(ca,46,46,8c), r(29,ee,ee,c7), r(d3,b8,b8,6b), r(3c,14,14,28),\ | |
12363 | + r(79,de,de,a7), r(e2,5e,5e,bc), r(1d,0b,0b,16), r(76,db,db,ad),\ | |
12364 | + r(3b,e0,e0,db), r(56,32,32,64), r(4e,3a,3a,74), r(1e,0a,0a,14),\ | |
12365 | + r(db,49,49,92), r(0a,06,06,0c), r(6c,24,24,48), r(e4,5c,5c,b8),\ | |
12366 | + r(5d,c2,c2,9f), r(6e,d3,d3,bd), r(ef,ac,ac,43), r(a6,62,62,c4),\ | |
12367 | + r(a8,91,91,39), r(a4,95,95,31), r(37,e4,e4,d3), r(8b,79,79,f2),\ | |
12368 | + r(32,e7,e7,d5), r(43,c8,c8,8b), r(59,37,37,6e), r(b7,6d,6d,da),\ | |
12369 | + r(8c,8d,8d,01), r(64,d5,d5,b1), r(d2,4e,4e,9c), r(e0,a9,a9,49),\ | |
12370 | + r(b4,6c,6c,d8), r(fa,56,56,ac), r(07,f4,f4,f3), r(25,ea,ea,cf),\ | |
12371 | + r(af,65,65,ca), r(8e,7a,7a,f4), r(e9,ae,ae,47), r(18,08,08,10),\ | |
12372 | + r(d5,ba,ba,6f), r(88,78,78,f0), r(6f,25,25,4a), r(72,2e,2e,5c),\ | |
12373 | + r(24,1c,1c,38), r(f1,a6,a6,57), r(c7,b4,b4,73), r(51,c6,c6,97),\ | |
12374 | + r(23,e8,e8,cb), r(7c,dd,dd,a1), r(9c,74,74,e8), r(21,1f,1f,3e),\ | |
12375 | + r(dd,4b,4b,96), r(dc,bd,bd,61), r(86,8b,8b,0d), r(85,8a,8a,0f),\ | |
12376 | + r(90,70,70,e0), r(42,3e,3e,7c), r(c4,b5,b5,71), r(aa,66,66,cc),\ | |
12377 | + r(d8,48,48,90), r(05,03,03,06), r(01,f6,f6,f7), r(12,0e,0e,1c),\ | |
12378 | + r(a3,61,61,c2), r(5f,35,35,6a), r(f9,57,57,ae), r(d0,b9,b9,69),\ | |
12379 | + r(91,86,86,17), r(58,c1,c1,99), r(27,1d,1d,3a), r(b9,9e,9e,27),\ | |
12380 | + r(38,e1,e1,d9), r(13,f8,f8,eb), r(b3,98,98,2b), r(33,11,11,22),\ | |
12381 | + r(bb,69,69,d2), r(70,d9,d9,a9), r(89,8e,8e,07), r(a7,94,94,33),\ | |
12382 | + r(b6,9b,9b,2d), r(22,1e,1e,3c), r(92,87,87,15), r(20,e9,e9,c9),\ | |
12383 | + r(49,ce,ce,87), r(ff,55,55,aa), r(78,28,28,50), r(7a,df,df,a5),\ | |
12384 | + r(8f,8c,8c,03), r(f8,a1,a1,59), r(80,89,89,09), r(17,0d,0d,1a),\ | |
12385 | + r(da,bf,bf,65), r(31,e6,e6,d7), r(c6,42,42,84), r(b8,68,68,d0),\ | |
12386 | + r(c3,41,41,82), r(b0,99,99,29), r(77,2d,2d,5a), r(11,0f,0f,1e),\ | |
12387 | + r(cb,b0,b0,7b), r(fc,54,54,a8), r(d6,bb,bb,6d), r(3a,16,16,2c) | |
12388 | + | |
12389 | +// data for inverse tables (other than last round) | |
12390 | + | |
12391 | +#define i_table \ | |
12392 | + r(50,a7,f4,51), r(53,65,41,7e), r(c3,a4,17,1a), r(96,5e,27,3a),\ | |
12393 | + r(cb,6b,ab,3b), r(f1,45,9d,1f), r(ab,58,fa,ac), r(93,03,e3,4b),\ | |
12394 | + r(55,fa,30,20), r(f6,6d,76,ad), r(91,76,cc,88), r(25,4c,02,f5),\ | |
12395 | + r(fc,d7,e5,4f), r(d7,cb,2a,c5), r(80,44,35,26), r(8f,a3,62,b5),\ | |
12396 | + r(49,5a,b1,de), r(67,1b,ba,25), r(98,0e,ea,45), r(e1,c0,fe,5d),\ | |
12397 | + r(02,75,2f,c3), r(12,f0,4c,81), r(a3,97,46,8d), r(c6,f9,d3,6b),\ | |
12398 | + r(e7,5f,8f,03), r(95,9c,92,15), r(eb,7a,6d,bf), r(da,59,52,95),\ | |
12399 | + r(2d,83,be,d4), r(d3,21,74,58), r(29,69,e0,49), r(44,c8,c9,8e),\ | |
12400 | + r(6a,89,c2,75), r(78,79,8e,f4), r(6b,3e,58,99), r(dd,71,b9,27),\ | |
12401 | + r(b6,4f,e1,be), r(17,ad,88,f0), r(66,ac,20,c9), r(b4,3a,ce,7d),\ | |
12402 | + r(18,4a,df,63), r(82,31,1a,e5), r(60,33,51,97), r(45,7f,53,62),\ | |
12403 | + r(e0,77,64,b1), r(84,ae,6b,bb), r(1c,a0,81,fe), r(94,2b,08,f9),\ | |
12404 | + r(58,68,48,70), r(19,fd,45,8f), r(87,6c,de,94), r(b7,f8,7b,52),\ | |
12405 | + r(23,d3,73,ab), r(e2,02,4b,72), r(57,8f,1f,e3), r(2a,ab,55,66),\ | |
12406 | + r(07,28,eb,b2), r(03,c2,b5,2f), r(9a,7b,c5,86), r(a5,08,37,d3),\ | |
12407 | + r(f2,87,28,30), r(b2,a5,bf,23), r(ba,6a,03,02), r(5c,82,16,ed),\ | |
12408 | + r(2b,1c,cf,8a), r(92,b4,79,a7), r(f0,f2,07,f3), r(a1,e2,69,4e),\ | |
12409 | + r(cd,f4,da,65), r(d5,be,05,06), r(1f,62,34,d1), r(8a,fe,a6,c4),\ | |
12410 | + r(9d,53,2e,34), r(a0,55,f3,a2), r(32,e1,8a,05), r(75,eb,f6,a4),\ | |
12411 | + r(39,ec,83,0b), r(aa,ef,60,40), r(06,9f,71,5e), r(51,10,6e,bd),\ | |
12412 | + r(f9,8a,21,3e), r(3d,06,dd,96), r(ae,05,3e,dd), r(46,bd,e6,4d),\ | |
12413 | + r(b5,8d,54,91), r(05,5d,c4,71), r(6f,d4,06,04), r(ff,15,50,60),\ | |
12414 | + r(24,fb,98,19), r(97,e9,bd,d6), r(cc,43,40,89), r(77,9e,d9,67),\ | |
12415 | + r(bd,42,e8,b0), r(88,8b,89,07), r(38,5b,19,e7), r(db,ee,c8,79),\ | |
12416 | + r(47,0a,7c,a1), r(e9,0f,42,7c), r(c9,1e,84,f8), r(00,00,00,00),\ | |
12417 | + r(83,86,80,09), r(48,ed,2b,32), r(ac,70,11,1e), r(4e,72,5a,6c),\ | |
12418 | + r(fb,ff,0e,fd), r(56,38,85,0f), r(1e,d5,ae,3d), r(27,39,2d,36),\ | |
12419 | + r(64,d9,0f,0a), r(21,a6,5c,68), r(d1,54,5b,9b), r(3a,2e,36,24),\ | |
12420 | + r(b1,67,0a,0c), r(0f,e7,57,93), r(d2,96,ee,b4), r(9e,91,9b,1b),\ | |
12421 | + r(4f,c5,c0,80), r(a2,20,dc,61), r(69,4b,77,5a), r(16,1a,12,1c),\ | |
12422 | + r(0a,ba,93,e2), r(e5,2a,a0,c0), r(43,e0,22,3c), r(1d,17,1b,12),\ | |
12423 | + r(0b,0d,09,0e), r(ad,c7,8b,f2), r(b9,a8,b6,2d), r(c8,a9,1e,14),\ | |
12424 | + r(85,19,f1,57), r(4c,07,75,af), r(bb,dd,99,ee), r(fd,60,7f,a3),\ | |
12425 | + r(9f,26,01,f7), r(bc,f5,72,5c), r(c5,3b,66,44), r(34,7e,fb,5b),\ | |
12426 | + r(76,29,43,8b), r(dc,c6,23,cb), r(68,fc,ed,b6), r(63,f1,e4,b8),\ | |
12427 | + r(ca,dc,31,d7), r(10,85,63,42), r(40,22,97,13), r(20,11,c6,84),\ | |
12428 | + r(7d,24,4a,85), r(f8,3d,bb,d2), r(11,32,f9,ae), r(6d,a1,29,c7),\ | |
12429 | + r(4b,2f,9e,1d), r(f3,30,b2,dc), r(ec,52,86,0d), r(d0,e3,c1,77),\ | |
12430 | + r(6c,16,b3,2b), r(99,b9,70,a9), r(fa,48,94,11), r(22,64,e9,47),\ | |
12431 | + r(c4,8c,fc,a8), r(1a,3f,f0,a0), r(d8,2c,7d,56), r(ef,90,33,22),\ | |
12432 | + r(c7,4e,49,87), r(c1,d1,38,d9), r(fe,a2,ca,8c), r(36,0b,d4,98),\ | |
12433 | + r(cf,81,f5,a6), r(28,de,7a,a5), r(26,8e,b7,da), r(a4,bf,ad,3f),\ | |
12434 | + r(e4,9d,3a,2c), r(0d,92,78,50), r(9b,cc,5f,6a), r(62,46,7e,54),\ | |
12435 | + r(c2,13,8d,f6), r(e8,b8,d8,90), r(5e,f7,39,2e), r(f5,af,c3,82),\ | |
12436 | + r(be,80,5d,9f), r(7c,93,d0,69), r(a9,2d,d5,6f), r(b3,12,25,cf),\ | |
12437 | + r(3b,99,ac,c8), r(a7,7d,18,10), r(6e,63,9c,e8), r(7b,bb,3b,db),\ | |
12438 | + r(09,78,26,cd), r(f4,18,59,6e), r(01,b7,9a,ec), r(a8,9a,4f,83),\ | |
12439 | + r(65,6e,95,e6), r(7e,e6,ff,aa), r(08,cf,bc,21), r(e6,e8,15,ef),\ | |
12440 | + r(d9,9b,e7,ba), r(ce,36,6f,4a), r(d4,09,9f,ea), r(d6,7c,b0,29),\ | |
12441 | + r(af,b2,a4,31), r(31,23,3f,2a), r(30,94,a5,c6), r(c0,66,a2,35),\ | |
12442 | + r(37,bc,4e,74), r(a6,ca,82,fc), r(b0,d0,90,e0), r(15,d8,a7,33),\ | |
12443 | + r(4a,98,04,f1), r(f7,da,ec,41), r(0e,50,cd,7f), r(2f,f6,91,17),\ | |
12444 | + r(8d,d6,4d,76), r(4d,b0,ef,43), r(54,4d,aa,cc), r(df,04,96,e4),\ | |
12445 | + r(e3,b5,d1,9e), r(1b,88,6a,4c), r(b8,1f,2c,c1), r(7f,51,65,46),\ | |
12446 | + r(04,ea,5e,9d), r(5d,35,8c,01), r(73,74,87,fa), r(2e,41,0b,fb),\ | |
12447 | + r(5a,1d,67,b3), r(52,d2,db,92), r(33,56,10,e9), r(13,47,d6,6d),\ | |
12448 | + r(8c,61,d7,9a), r(7a,0c,a1,37), r(8e,14,f8,59), r(89,3c,13,eb),\ | |
12449 | + r(ee,27,a9,ce), r(35,c9,61,b7), r(ed,e5,1c,e1), r(3c,b1,47,7a),\ | |
12450 | + r(59,df,d2,9c), r(3f,73,f2,55), r(79,ce,14,18), r(bf,37,c7,73),\ | |
12451 | + r(ea,cd,f7,53), r(5b,aa,fd,5f), r(14,6f,3d,df), r(86,db,44,78),\ | |
12452 | + r(81,f3,af,ca), r(3e,c4,68,b9), r(2c,34,24,38), r(5f,40,a3,c2),\ | |
12453 | + r(72,c3,1d,16), r(0c,25,e2,bc), r(8b,49,3c,28), r(41,95,0d,ff),\ | |
12454 | + r(71,01,a8,39), r(de,b3,0c,08), r(9c,e4,b4,d8), r(90,c1,56,64),\ | |
12455 | + r(61,84,cb,7b), r(70,b6,32,d5), r(74,5c,6c,48), r(42,57,b8,d0) | |
12456 | + | |
12457 | +// generate the required tables in the desired endian format | |
12458 | + | |
12459 | +#undef r | |
12460 | +#define r r0 | |
12461 | + | |
12462 | +#if defined(ONE_TABLE) | |
12463 | +static const u_int32_t ft_tab[256] = | |
12464 | + { f_table }; | |
12465 | +#elif defined(FOUR_TABLES) | |
12466 | +static const u_int32_t ft_tab[4][256] = | |
12467 | +{ { f_table }, | |
12468 | +#undef r | |
12469 | +#define r r1 | |
12470 | + { f_table }, | |
12471 | +#undef r | |
12472 | +#define r r2 | |
12473 | + { f_table }, | |
12474 | +#undef r | |
12475 | +#define r r3 | |
12476 | + { f_table } | |
12477 | +}; | |
12478 | +#endif | |
12479 | + | |
12480 | +#undef r | |
12481 | +#define r r0 | |
12482 | +#if defined(ONE_TABLE) | |
12483 | +static const u_int32_t it_tab[256] = | |
12484 | + { i_table }; | |
12485 | +#elif defined(FOUR_TABLES) | |
12486 | +static const u_int32_t it_tab[4][256] = | |
12487 | +{ { i_table }, | |
12488 | +#undef r | |
12489 | +#define r r1 | |
12490 | + { i_table }, | |
12491 | +#undef r | |
12492 | +#define r r2 | |
12493 | + { i_table }, | |
12494 | +#undef r | |
12495 | +#define r r3 | |
12496 | + { i_table } | |
12497 | +}; | |
12498 | +#endif | |
12499 | + | |
12500 | +#endif | |
12501 | + | |
12502 | +#if defined(FIXED_TABLES) && (defined(ONE_LR_TABLE) || defined(FOUR_LR_TABLES)) | |
12503 | + | |
12504 | +// data for inverse tables (last round) | |
12505 | + | |
12506 | +#define li_table \ | |
12507 | + w(52), w(09), w(6a), w(d5), w(30), w(36), w(a5), w(38),\ | |
12508 | + w(bf), w(40), w(a3), w(9e), w(81), w(f3), w(d7), w(fb),\ | |
12509 | + w(7c), w(e3), w(39), w(82), w(9b), w(2f), w(ff), w(87),\ | |
12510 | + w(34), w(8e), w(43), w(44), w(c4), w(de), w(e9), w(cb),\ | |
12511 | + w(54), w(7b), w(94), w(32), w(a6), w(c2), w(23), w(3d),\ | |
12512 | + w(ee), w(4c), w(95), w(0b), w(42), w(fa), w(c3), w(4e),\ | |
12513 | + w(08), w(2e), w(a1), w(66), w(28), w(d9), w(24), w(b2),\ | |
12514 | + w(76), w(5b), w(a2), w(49), w(6d), w(8b), w(d1), w(25),\ | |
12515 | + w(72), w(f8), w(f6), w(64), w(86), w(68), w(98), w(16),\ | |
12516 | + w(d4), w(a4), w(5c), w(cc), w(5d), w(65), w(b6), w(92),\ | |
12517 | + w(6c), w(70), w(48), w(50), w(fd), w(ed), w(b9), w(da),\ | |
12518 | + w(5e), w(15), w(46), w(57), w(a7), w(8d), w(9d), w(84),\ | |
12519 | + w(90), w(d8), w(ab), w(00), w(8c), w(bc), w(d3), w(0a),\ | |
12520 | + w(f7), w(e4), w(58), w(05), w(b8), w(b3), w(45), w(06),\ | |
12521 | + w(d0), w(2c), w(1e), w(8f), w(ca), w(3f), w(0f), w(02),\ | |
12522 | + w(c1), w(af), w(bd), w(03), w(01), w(13), w(8a), w(6b),\ | |
12523 | + w(3a), w(91), w(11), w(41), w(4f), w(67), w(dc), w(ea),\ | |
12524 | + w(97), w(f2), w(cf), w(ce), w(f0), w(b4), w(e6), w(73),\ | |
12525 | + w(96), w(ac), w(74), w(22), w(e7), w(ad), w(35), w(85),\ | |
12526 | + w(e2), w(f9), w(37), w(e8), w(1c), w(75), w(df), w(6e),\ | |
12527 | + w(47), w(f1), w(1a), w(71), w(1d), w(29), w(c5), w(89),\ | |
12528 | + w(6f), w(b7), w(62), w(0e), w(aa), w(18), w(be), w(1b),\ | |
12529 | + w(fc), w(56), w(3e), w(4b), w(c6), w(d2), w(79), w(20),\ | |
12530 | + w(9a), w(db), w(c0), w(fe), w(78), w(cd), w(5a), w(f4),\ | |
12531 | + w(1f), w(dd), w(a8), w(33), w(88), w(07), w(c7), w(31),\ | |
12532 | + w(b1), w(12), w(10), w(59), w(27), w(80), w(ec), w(5f),\ | |
12533 | + w(60), w(51), w(7f), w(a9), w(19), w(b5), w(4a), w(0d),\ | |
12534 | + w(2d), w(e5), w(7a), w(9f), w(93), w(c9), w(9c), w(ef),\ | |
12535 | + w(a0), w(e0), w(3b), w(4d), w(ae), w(2a), w(f5), w(b0),\ | |
12536 | + w(c8), w(eb), w(bb), w(3c), w(83), w(53), w(99), w(61),\ | |
12537 | + w(17), w(2b), w(04), w(7e), w(ba), w(77), w(d6), w(26),\ | |
12538 | + w(e1), w(69), w(14), w(63), w(55), w(21), w(0c), w(7d), | |
12539 | + | |
12540 | +// generate the required tables in the desired endian format | |
12541 | + | |
12542 | +#undef r | |
12543 | +#define r(p,q,r,s) w0(q) | |
12544 | +#if defined(ONE_LR_TABLE) | |
12545 | +static const u_int32_t fl_tab[256] = | |
12546 | + { f_table }; | |
12547 | +#elif defined(FOUR_LR_TABLES) | |
12548 | +static const u_int32_t fl_tab[4][256] = | |
12549 | +{ { f_table }, | |
12550 | +#undef r | |
12551 | +#define r(p,q,r,s) w1(q) | |
12552 | + { f_table }, | |
12553 | +#undef r | |
12554 | +#define r(p,q,r,s) w2(q) | |
12555 | + { f_table }, | |
12556 | +#undef r | |
12557 | +#define r(p,q,r,s) w3(q) | |
12558 | + { f_table } | |
12559 | +}; | |
12560 | +#endif | |
12561 | + | |
12562 | +#undef w | |
12563 | +#define w w0 | |
12564 | +#if defined(ONE_LR_TABLE) | |
12565 | +static const u_int32_t il_tab[256] = | |
12566 | + { li_table }; | |
12567 | +#elif defined(FOUR_LR_TABLES) | |
12568 | +static const u_int32_t il_tab[4][256] = | |
12569 | +{ { li_table }, | |
12570 | +#undef w | |
12571 | +#define w w1 | |
12572 | + { li_table }, | |
12573 | +#undef w | |
12574 | +#define w w2 | |
12575 | + { li_table }, | |
12576 | +#undef w | |
12577 | +#define w w3 | |
12578 | + { li_table } | |
12579 | +}; | |
12580 | +#endif | |
12581 | + | |
12582 | +#endif | |
12583 | + | |
12584 | +#if defined(FIXED_TABLES) && (defined(ONE_IM_TABLE) || defined(FOUR_IM_TABLES)) | |
12585 | + | |
12586 | +#define m_table \ | |
12587 | + r(00,00,00,00), r(0b,0d,09,0e), r(16,1a,12,1c), r(1d,17,1b,12),\ | |
12588 | + r(2c,34,24,38), r(27,39,2d,36), r(3a,2e,36,24), r(31,23,3f,2a),\ | |
12589 | + r(58,68,48,70), r(53,65,41,7e), r(4e,72,5a,6c), r(45,7f,53,62),\ | |
12590 | + r(74,5c,6c,48), r(7f,51,65,46), r(62,46,7e,54), r(69,4b,77,5a),\ | |
12591 | + r(b0,d0,90,e0), r(bb,dd,99,ee), r(a6,ca,82,fc), r(ad,c7,8b,f2),\ | |
12592 | + r(9c,e4,b4,d8), r(97,e9,bd,d6), r(8a,fe,a6,c4), r(81,f3,af,ca),\ | |
12593 | + r(e8,b8,d8,90), r(e3,b5,d1,9e), r(fe,a2,ca,8c), r(f5,af,c3,82),\ | |
12594 | + r(c4,8c,fc,a8), r(cf,81,f5,a6), r(d2,96,ee,b4), r(d9,9b,e7,ba),\ | |
12595 | + r(7b,bb,3b,db), r(70,b6,32,d5), r(6d,a1,29,c7), r(66,ac,20,c9),\ | |
12596 | + r(57,8f,1f,e3), r(5c,82,16,ed), r(41,95,0d,ff), r(4a,98,04,f1),\ | |
12597 | + r(23,d3,73,ab), r(28,de,7a,a5), r(35,c9,61,b7), r(3e,c4,68,b9),\ | |
12598 | + r(0f,e7,57,93), r(04,ea,5e,9d), r(19,fd,45,8f), r(12,f0,4c,81),\ | |
12599 | + r(cb,6b,ab,3b), r(c0,66,a2,35), r(dd,71,b9,27), r(d6,7c,b0,29),\ | |
12600 | + r(e7,5f,8f,03), r(ec,52,86,0d), r(f1,45,9d,1f), r(fa,48,94,11),\ | |
12601 | + r(93,03,e3,4b), r(98,0e,ea,45), r(85,19,f1,57), r(8e,14,f8,59),\ | |
12602 | + r(bf,37,c7,73), r(b4,3a,ce,7d), r(a9,2d,d5,6f), r(a2,20,dc,61),\ | |
12603 | + r(f6,6d,76,ad), r(fd,60,7f,a3), r(e0,77,64,b1), r(eb,7a,6d,bf),\ | |
12604 | + r(da,59,52,95), r(d1,54,5b,9b), r(cc,43,40,89), r(c7,4e,49,87),\ | |
12605 | + r(ae,05,3e,dd), r(a5,08,37,d3), r(b8,1f,2c,c1), r(b3,12,25,cf),\ | |
12606 | + r(82,31,1a,e5), r(89,3c,13,eb), r(94,2b,08,f9), r(9f,26,01,f7),\ | |
12607 | + r(46,bd,e6,4d), r(4d,b0,ef,43), r(50,a7,f4,51), r(5b,aa,fd,5f),\ | |
12608 | + r(6a,89,c2,75), r(61,84,cb,7b), r(7c,93,d0,69), r(77,9e,d9,67),\ | |
12609 | + r(1e,d5,ae,3d), r(15,d8,a7,33), r(08,cf,bc,21), r(03,c2,b5,2f),\ | |
12610 | + r(32,e1,8a,05), r(39,ec,83,0b), r(24,fb,98,19), r(2f,f6,91,17),\ | |
12611 | + r(8d,d6,4d,76), r(86,db,44,78), r(9b,cc,5f,6a), r(90,c1,56,64),\ | |
12612 | + r(a1,e2,69,4e), r(aa,ef,60,40), r(b7,f8,7b,52), r(bc,f5,72,5c),\ | |
12613 | + r(d5,be,05,06), r(de,b3,0c,08), r(c3,a4,17,1a), r(c8,a9,1e,14),\ | |
12614 | + r(f9,8a,21,3e), r(f2,87,28,30), r(ef,90,33,22), r(e4,9d,3a,2c),\ | |
12615 | + r(3d,06,dd,96), r(36,0b,d4,98), r(2b,1c,cf,8a), r(20,11,c6,84),\ | |
12616 | + r(11,32,f9,ae), r(1a,3f,f0,a0), r(07,28,eb,b2), r(0c,25,e2,bc),\ | |
12617 | + r(65,6e,95,e6), r(6e,63,9c,e8), r(73,74,87,fa), r(78,79,8e,f4),\ | |
12618 | + r(49,5a,b1,de), r(42,57,b8,d0), r(5f,40,a3,c2), r(54,4d,aa,cc),\ | |
12619 | + r(f7,da,ec,41), r(fc,d7,e5,4f), r(e1,c0,fe,5d), r(ea,cd,f7,53),\ | |
12620 | + r(db,ee,c8,79), r(d0,e3,c1,77), r(cd,f4,da,65), r(c6,f9,d3,6b),\ | |
12621 | + r(af,b2,a4,31), r(a4,bf,ad,3f), r(b9,a8,b6,2d), r(b2,a5,bf,23),\ | |
12622 | + r(83,86,80,09), r(88,8b,89,07), r(95,9c,92,15), r(9e,91,9b,1b),\ | |
12623 | + r(47,0a,7c,a1), r(4c,07,75,af), r(51,10,6e,bd), r(5a,1d,67,b3),\ | |
12624 | + r(6b,3e,58,99), r(60,33,51,97), r(7d,24,4a,85), r(76,29,43,8b),\ | |
12625 | + r(1f,62,34,d1), r(14,6f,3d,df), r(09,78,26,cd), r(02,75,2f,c3),\ | |
12626 | + r(33,56,10,e9), r(38,5b,19,e7), r(25,4c,02,f5), r(2e,41,0b,fb),\ | |
12627 | + r(8c,61,d7,9a), r(87,6c,de,94), r(9a,7b,c5,86), r(91,76,cc,88),\ | |
12628 | + r(a0,55,f3,a2), r(ab,58,fa,ac), r(b6,4f,e1,be), r(bd,42,e8,b0),\ | |
12629 | + r(d4,09,9f,ea), r(df,04,96,e4), r(c2,13,8d,f6), r(c9,1e,84,f8),\ | |
12630 | + r(f8,3d,bb,d2), r(f3,30,b2,dc), r(ee,27,a9,ce), r(e5,2a,a0,c0),\ | |
12631 | + r(3c,b1,47,7a), r(37,bc,4e,74), r(2a,ab,55,66), r(21,a6,5c,68),\ | |
12632 | + r(10,85,63,42), r(1b,88,6a,4c), r(06,9f,71,5e), r(0d,92,78,50),\ | |
12633 | + r(64,d9,0f,0a), r(6f,d4,06,04), r(72,c3,1d,16), r(79,ce,14,18),\ | |
12634 | + r(48,ed,2b,32), r(43,e0,22,3c), r(5e,f7,39,2e), r(55,fa,30,20),\ | |
12635 | + r(01,b7,9a,ec), r(0a,ba,93,e2), r(17,ad,88,f0), r(1c,a0,81,fe),\ | |
12636 | + r(2d,83,be,d4), r(26,8e,b7,da), r(3b,99,ac,c8), r(30,94,a5,c6),\ | |
12637 | + r(59,df,d2,9c), r(52,d2,db,92), r(4f,c5,c0,80), r(44,c8,c9,8e),\ | |
12638 | + r(75,eb,f6,a4), r(7e,e6,ff,aa), r(63,f1,e4,b8), r(68,fc,ed,b6),\ | |
12639 | + r(b1,67,0a,0c), r(ba,6a,03,02), r(a7,7d,18,10), r(ac,70,11,1e),\ | |
12640 | + r(9d,53,2e,34), r(96,5e,27,3a), r(8b,49,3c,28), r(80,44,35,26),\ | |
12641 | + r(e9,0f,42,7c), r(e2,02,4b,72), r(ff,15,50,60), r(f4,18,59,6e),\ | |
12642 | + r(c5,3b,66,44), r(ce,36,6f,4a), r(d3,21,74,58), r(d8,2c,7d,56),\ | |
12643 | + r(7a,0c,a1,37), r(71,01,a8,39), r(6c,16,b3,2b), r(67,1b,ba,25),\ | |
12644 | + r(56,38,85,0f), r(5d,35,8c,01), r(40,22,97,13), r(4b,2f,9e,1d),\ | |
12645 | + r(22,64,e9,47), r(29,69,e0,49), r(34,7e,fb,5b), r(3f,73,f2,55),\ | |
12646 | + r(0e,50,cd,7f), r(05,5d,c4,71), r(18,4a,df,63), r(13,47,d6,6d),\ | |
12647 | + r(ca,dc,31,d7), r(c1,d1,38,d9), r(dc,c6,23,cb), r(d7,cb,2a,c5),\ | |
12648 | + r(e6,e8,15,ef), r(ed,e5,1c,e1), r(f0,f2,07,f3), r(fb,ff,0e,fd),\ | |
12649 | + r(92,b4,79,a7), r(99,b9,70,a9), r(84,ae,6b,bb), r(8f,a3,62,b5),\ | |
12650 | + r(be,80,5d,9f), r(b5,8d,54,91), r(a8,9a,4f,83), r(a3,97,46,8d) | |
12651 | + | |
12652 | +#undef r | |
12653 | +#define r r0 | |
12654 | + | |
12655 | +#if defined(ONE_IM_TABLE) | |
12656 | +static const u_int32_t im_tab[256] = | |
12657 | + { m_table }; | |
12658 | +#elif defined(FOUR_IM_TABLES) | |
12659 | +static const u_int32_t im_tab[4][256] = | |
12660 | +{ { m_table }, | |
12661 | +#undef r | |
12662 | +#define r r1 | |
12663 | + { m_table }, | |
12664 | +#undef r | |
12665 | +#define r r2 | |
12666 | + { m_table }, | |
12667 | +#undef r | |
12668 | +#define r r3 | |
12669 | + { m_table } | |
12670 | +}; | |
12671 | +#endif | |
12672 | + | |
12673 | +#endif | |
12674 | + | |
12675 | +#else | |
12676 | + | |
12677 | +static int tab_gen = 0; | |
12678 | + | |
12679 | +static unsigned char s_box[256]; // the S box | |
12680 | +static unsigned char inv_s_box[256]; // the inverse S box | |
12681 | +static u_int32_t rcon_tab[AES_RC_LENGTH]; // table of round constants | |
12682 | + | |
12683 | +#if defined(ONE_TABLE) | |
12684 | +static u_int32_t ft_tab[256]; | |
12685 | +static u_int32_t it_tab[256]; | |
12686 | +#elif defined(FOUR_TABLES) | |
12687 | +static u_int32_t ft_tab[4][256]; | |
12688 | +static u_int32_t it_tab[4][256]; | |
12689 | +#endif | |
12690 | + | |
12691 | +#if defined(ONE_LR_TABLE) | |
12692 | +static u_int32_t fl_tab[256]; | |
12693 | +static u_int32_t il_tab[256]; | |
12694 | +#elif defined(FOUR_LR_TABLES) | |
12695 | +static u_int32_t fl_tab[4][256]; | |
12696 | +static u_int32_t il_tab[4][256]; | |
12697 | +#endif | |
12698 | + | |
12699 | +#if defined(ONE_IM_TABLE) | |
12700 | +static u_int32_t im_tab[256]; | |
12701 | +#elif defined(FOUR_IM_TABLES) | |
12702 | +static u_int32_t im_tab[4][256]; | |
12703 | +#endif | |
12704 | + | |
12705 | +// Generate the tables for the dynamic table option | |
12706 | + | |
12707 | +#if !defined(FF_TABLES) | |
12708 | + | |
12709 | +// It will generally be sensible to use tables to compute finite | |
12710 | +// field multiplies and inverses but where memory is scarse this | |
12711 | +// code might sometimes be better. | |
12712 | + | |
12713 | +// return 2 ^ (n - 1) where n is the bit number of the highest bit | |
12714 | +// set in x with x in the range 1 < x < 0x00000200. This form is | |
12715 | +// used so that locals within FFinv can be bytes rather than words | |
12716 | + | |
12717 | +static unsigned char hibit(const u_int32_t x) | |
12718 | +{ unsigned char r = (unsigned char)((x >> 1) | (x >> 2)); | |
12719 | + | |
12720 | + r |= (r >> 2); | |
12721 | + r |= (r >> 4); | |
12722 | + return (r + 1) >> 1; | |
12723 | +} | |
12724 | + | |
12725 | +// return the inverse of the finite field element x | |
12726 | + | |
12727 | +static unsigned char FFinv(const unsigned char x) | |
12728 | +{ unsigned char p1 = x, p2 = 0x1b, n1 = hibit(x), n2 = 0x80, v1 = 1, v2 = 0; | |
12729 | + | |
12730 | + if(x < 2) return x; | |
12731 | + | |
12732 | + for(;;) | |
12733 | + { | |
12734 | + if(!n1) return v1; | |
12735 | + | |
12736 | + while(n2 >= n1) | |
12737 | + { | |
12738 | + n2 /= n1; p2 ^= p1 * n2; v2 ^= v1 * n2; n2 = hibit(p2); | |
12739 | + } | |
12740 | + | |
12741 | + if(!n2) return v2; | |
12742 | + | |
12743 | + while(n1 >= n2) | |
12744 | + { | |
12745 | + n1 /= n2; p1 ^= p2 * n1; v1 ^= v2 * n1; n1 = hibit(p1); | |
12746 | + } | |
12747 | + } | |
12748 | +} | |
12749 | + | |
12750 | +// define the finite field multiplies required for Rijndael | |
12751 | + | |
12752 | +#define FFmul02(x) ((((x) & 0x7f) << 1) ^ ((x) & 0x80 ? 0x1b : 0)) | |
12753 | +#define FFmul03(x) ((x) ^ FFmul02(x)) | |
12754 | +#define FFmul09(x) ((x) ^ FFmul02(FFmul02(FFmul02(x)))) | |
12755 | +#define FFmul0b(x) ((x) ^ FFmul02((x) ^ FFmul02(FFmul02(x)))) | |
12756 | +#define FFmul0d(x) ((x) ^ FFmul02(FFmul02((x) ^ FFmul02(x)))) | |
12757 | +#define FFmul0e(x) FFmul02((x) ^ FFmul02((x) ^ FFmul02(x))) | |
12758 | + | |
12759 | +#else | |
12760 | + | |
12761 | +#define FFinv(x) ((x) ? pow[255 - log[x]]: 0) | |
12762 | + | |
12763 | +#define FFmul02(x) (x ? pow[log[x] + 0x19] : 0) | |
12764 | +#define FFmul03(x) (x ? pow[log[x] + 0x01] : 0) | |
12765 | +#define FFmul09(x) (x ? pow[log[x] + 0xc7] : 0) | |
12766 | +#define FFmul0b(x) (x ? pow[log[x] + 0x68] : 0) | |
12767 | +#define FFmul0d(x) (x ? pow[log[x] + 0xee] : 0) | |
12768 | +#define FFmul0e(x) (x ? pow[log[x] + 0xdf] : 0) | |
12769 | + | |
12770 | +#endif | |
12771 | + | |
12772 | +// The forward and inverse affine transformations used in the S-box | |
12773 | + | |
12774 | +#define fwd_affine(x) \ | |
12775 | + (w = (u_int32_t)x, w ^= (w<<1)^(w<<2)^(w<<3)^(w<<4), 0x63^(unsigned char)(w^(w>>8))) | |
12776 | + | |
12777 | +#define inv_affine(x) \ | |
12778 | + (w = (u_int32_t)x, w = (w<<1)^(w<<3)^(w<<6), 0x05^(unsigned char)(w^(w>>8))) | |
12779 | + | |
12780 | +static void gen_tabs(void) | |
12781 | +{ u_int32_t i, w; | |
12782 | + | |
12783 | +#if defined(FF_TABLES) | |
12784 | + | |
12785 | + unsigned char pow[512], log[256]; | |
12786 | + | |
12787 | + // log and power tables for GF(2^8) finite field with | |
12788 | + // 0x011b as modular polynomial - the simplest primitive | |
12789 | + // root is 0x03, used here to generate the tables | |
12790 | + | |
12791 | + i = 0; w = 1; | |
12792 | + do | |
12793 | + { | |
12794 | + pow[i] = (unsigned char)w; | |
12795 | + pow[i + 255] = (unsigned char)w; | |
12796 | + log[w] = (unsigned char)i++; | |
12797 | + w ^= (w << 1) ^ (w & ff_hi ? ff_poly : 0); | |
12798 | + } | |
12799 | + while (w != 1); | |
12800 | + | |
12801 | +#endif | |
12802 | + | |
12803 | + for(i = 0, w = 1; i < AES_RC_LENGTH; ++i) | |
12804 | + { | |
12805 | + rcon_tab[i] = bytes2word(w, 0, 0, 0); | |
12806 | + w = (w << 1) ^ (w & ff_hi ? ff_poly : 0); | |
12807 | + } | |
12808 | + | |
12809 | + for(i = 0; i < 256; ++i) | |
12810 | + { unsigned char b; | |
12811 | + | |
12812 | + s_box[i] = b = fwd_affine(FFinv((unsigned char)i)); | |
12813 | + | |
12814 | + w = bytes2word(b, 0, 0, 0); | |
12815 | +#if defined(ONE_LR_TABLE) | |
12816 | + fl_tab[i] = w; | |
12817 | +#elif defined(FOUR_LR_TABLES) | |
12818 | + fl_tab[0][i] = w; | |
12819 | + fl_tab[1][i] = upr(w,1); | |
12820 | + fl_tab[2][i] = upr(w,2); | |
12821 | + fl_tab[3][i] = upr(w,3); | |
12822 | +#endif | |
12823 | + w = bytes2word(FFmul02(b), b, b, FFmul03(b)); | |
12824 | +#if defined(ONE_TABLE) | |
12825 | + ft_tab[i] = w; | |
12826 | +#elif defined(FOUR_TABLES) | |
12827 | + ft_tab[0][i] = w; | |
12828 | + ft_tab[1][i] = upr(w,1); | |
12829 | + ft_tab[2][i] = upr(w,2); | |
12830 | + ft_tab[3][i] = upr(w,3); | |
12831 | +#endif | |
12832 | + inv_s_box[i] = b = FFinv(inv_affine((unsigned char)i)); | |
12833 | + | |
12834 | + w = bytes2word(b, 0, 0, 0); | |
12835 | +#if defined(ONE_LR_TABLE) | |
12836 | + il_tab[i] = w; | |
12837 | +#elif defined(FOUR_LR_TABLES) | |
12838 | + il_tab[0][i] = w; | |
12839 | + il_tab[1][i] = upr(w,1); | |
12840 | + il_tab[2][i] = upr(w,2); | |
12841 | + il_tab[3][i] = upr(w,3); | |
12842 | +#endif | |
12843 | + w = bytes2word(FFmul0e(b), FFmul09(b), FFmul0d(b), FFmul0b(b)); | |
12844 | +#if defined(ONE_TABLE) | |
12845 | + it_tab[i] = w; | |
12846 | +#elif defined(FOUR_TABLES) | |
12847 | + it_tab[0][i] = w; | |
12848 | + it_tab[1][i] = upr(w,1); | |
12849 | + it_tab[2][i] = upr(w,2); | |
12850 | + it_tab[3][i] = upr(w,3); | |
12851 | +#endif | |
12852 | +#if defined(ONE_IM_TABLE) | |
12853 | + im_tab[b] = w; | |
12854 | +#elif defined(FOUR_IM_TABLES) | |
12855 | + im_tab[0][b] = w; | |
12856 | + im_tab[1][b] = upr(w,1); | |
12857 | + im_tab[2][b] = upr(w,2); | |
12858 | + im_tab[3][b] = upr(w,3); | |
12859 | +#endif | |
12860 | + | |
12861 | + } | |
12862 | +} | |
12863 | + | |
12864 | +#endif | |
12865 | + | |
12866 | +#define no_table(x,box,vf,rf,c) bytes2word( \ | |
12867 | + box[bval(vf(x,0,c),rf(0,c))], \ | |
12868 | + box[bval(vf(x,1,c),rf(1,c))], \ | |
12869 | + box[bval(vf(x,2,c),rf(2,c))], \ | |
12870 | + box[bval(vf(x,3,c),rf(3,c))]) | |
12871 | + | |
12872 | +#define one_table(x,op,tab,vf,rf,c) \ | |
12873 | + ( tab[bval(vf(x,0,c),rf(0,c))] \ | |
12874 | + ^ op(tab[bval(vf(x,1,c),rf(1,c))],1) \ | |
12875 | + ^ op(tab[bval(vf(x,2,c),rf(2,c))],2) \ | |
12876 | + ^ op(tab[bval(vf(x,3,c),rf(3,c))],3)) | |
12877 | + | |
12878 | +#define four_tables(x,tab,vf,rf,c) \ | |
12879 | + ( tab[0][bval(vf(x,0,c),rf(0,c))] \ | |
12880 | + ^ tab[1][bval(vf(x,1,c),rf(1,c))] \ | |
12881 | + ^ tab[2][bval(vf(x,2,c),rf(2,c))] \ | |
12882 | + ^ tab[3][bval(vf(x,3,c),rf(3,c))]) | |
12883 | + | |
12884 | +#define vf1(x,r,c) (x) | |
12885 | +#define rf1(r,c) (r) | |
12886 | +#define rf2(r,c) ((r-c)&3) | |
12887 | + | |
12888 | +#if defined(FOUR_LR_TABLES) | |
12889 | +#define ls_box(x,c) four_tables(x,fl_tab,vf1,rf2,c) | |
12890 | +#elif defined(ONE_LR_TABLE) | |
12891 | +#define ls_box(x,c) one_table(x,upr,fl_tab,vf1,rf2,c) | |
12892 | +#else | |
12893 | +#define ls_box(x,c) no_table(x,s_box,vf1,rf2,c) | |
12894 | +#endif | |
12895 | + | |
12896 | +#if defined(FOUR_IM_TABLES) | |
12897 | +#define inv_mcol(x) four_tables(x,im_tab,vf1,rf1,0) | |
12898 | +#elif defined(ONE_IM_TABLE) | |
12899 | +#define inv_mcol(x) one_table(x,upr,im_tab,vf1,rf1,0) | |
12900 | +#else | |
12901 | +#define inv_mcol(x) \ | |
12902 | + (f9 = (x),f2 = FFmulX(f9), f4 = FFmulX(f2), f8 = FFmulX(f4), f9 ^= f8, \ | |
12903 | + f2 ^= f4 ^ f8 ^ upr(f2 ^ f9,3) ^ upr(f4 ^ f9,2) ^ upr(f9,1)) | |
12904 | +#endif | |
12905 | + | |
12906 | +// Subroutine to set the block size (if variable) in bytes, legal | |
12907 | +// values being 16, 24 and 32. | |
12908 | + | |
12909 | +#if defined(AES_BLOCK_SIZE) | |
12910 | +#define nc (AES_BLOCK_SIZE / 4) | |
12911 | +#else | |
12912 | +#define nc (cx->aes_Ncol) | |
12913 | + | |
12914 | +void aes_set_blk(aes_context *cx, int n_bytes) | |
12915 | +{ | |
12916 | +#if !defined(FIXED_TABLES) | |
12917 | + if(!tab_gen) { gen_tabs(); tab_gen = 1; } | |
12918 | +#endif | |
12919 | + | |
12920 | + switch(n_bytes) { | |
12921 | + case 32: /* bytes */ | |
12922 | + case 256: /* bits */ | |
12923 | + nc = 8; | |
12924 | + break; | |
12925 | + case 24: /* bytes */ | |
12926 | + case 192: /* bits */ | |
12927 | + nc = 6; | |
12928 | + break; | |
12929 | + case 16: /* bytes */ | |
12930 | + case 128: /* bits */ | |
12931 | + default: | |
12932 | + nc = 4; | |
12933 | + break; | |
12934 | + } | |
12935 | +} | |
12936 | + | |
12937 | +#endif | |
12938 | + | |
12939 | +// Initialise the key schedule from the user supplied key. The key | |
12940 | +// length is now specified in bytes - 16, 24 or 32 as appropriate. | |
12941 | +// This corresponds to bit lengths of 128, 192 and 256 bits, and | |
12942 | +// to Nk values of 4, 6 and 8 respectively. | |
12943 | + | |
12944 | +#define mx(t,f) (*t++ = inv_mcol(*f),f++) | |
12945 | +#define cp(t,f) *t++ = *f++ | |
12946 | + | |
12947 | +#if AES_BLOCK_SIZE == 16 | |
12948 | +#define cpy(d,s) cp(d,s); cp(d,s); cp(d,s); cp(d,s) | |
12949 | +#define mix(d,s) mx(d,s); mx(d,s); mx(d,s); mx(d,s) | |
12950 | +#elif AES_BLOCK_SIZE == 24 | |
12951 | +#define cpy(d,s) cp(d,s); cp(d,s); cp(d,s); cp(d,s); \ | |
12952 | + cp(d,s); cp(d,s) | |
12953 | +#define mix(d,s) mx(d,s); mx(d,s); mx(d,s); mx(d,s); \ | |
12954 | + mx(d,s); mx(d,s) | |
12955 | +#elif AES_BLOCK_SIZE == 32 | |
12956 | +#define cpy(d,s) cp(d,s); cp(d,s); cp(d,s); cp(d,s); \ | |
12957 | + cp(d,s); cp(d,s); cp(d,s); cp(d,s) | |
12958 | +#define mix(d,s) mx(d,s); mx(d,s); mx(d,s); mx(d,s); \ | |
12959 | + mx(d,s); mx(d,s); mx(d,s); mx(d,s) | |
12960 | +#else | |
12961 | + | |
12962 | +#define cpy(d,s) \ | |
12963 | +switch(nc) \ | |
12964 | +{ case 8: cp(d,s); cp(d,s); \ | |
12965 | + case 6: cp(d,s); cp(d,s); \ | |
12966 | + case 4: cp(d,s); cp(d,s); \ | |
12967 | + cp(d,s); cp(d,s); \ | |
12968 | +} | |
12969 | + | |
12970 | +#define mix(d,s) \ | |
12971 | +switch(nc) \ | |
12972 | +{ case 8: mx(d,s); mx(d,s); \ | |
12973 | + case 6: mx(d,s); mx(d,s); \ | |
12974 | + case 4: mx(d,s); mx(d,s); \ | |
12975 | + mx(d,s); mx(d,s); \ | |
12976 | +} | |
12977 | + | |
12978 | +#endif | |
12979 | + | |
12980 | +void aes_set_key(aes_context *cx, const unsigned char in_key[], int n_bytes, const int f) | |
12981 | +{ u_int32_t *kf, *kt, rci; | |
12982 | + | |
12983 | +#if !defined(FIXED_TABLES) | |
12984 | + if(!tab_gen) { gen_tabs(); tab_gen = 1; } | |
12985 | +#endif | |
12986 | + | |
12987 | + switch(n_bytes) { | |
12988 | + case 32: /* bytes */ | |
12989 | + case 256: /* bits */ | |
12990 | + cx->aes_Nkey = 8; | |
12991 | + break; | |
12992 | + case 24: /* bytes */ | |
12993 | + case 192: /* bits */ | |
12994 | + cx->aes_Nkey = 6; | |
12995 | + break; | |
12996 | + case 16: /* bytes */ | |
12997 | + case 128: /* bits */ | |
12998 | + default: | |
12999 | + cx->aes_Nkey = 4; | |
13000 | + break; | |
13001 | + } | |
13002 | + | |
13003 | + cx->aes_Nrnd = (cx->aes_Nkey > nc ? cx->aes_Nkey : nc) + 6; | |
13004 | + | |
13005 | + cx->aes_e_key[0] = const_word_in(in_key ); | |
13006 | + cx->aes_e_key[1] = const_word_in(in_key + 4); | |
13007 | + cx->aes_e_key[2] = const_word_in(in_key + 8); | |
13008 | + cx->aes_e_key[3] = const_word_in(in_key + 12); | |
13009 | + | |
13010 | + kf = cx->aes_e_key; | |
13011 | + kt = kf + nc * (cx->aes_Nrnd + 1) - cx->aes_Nkey; | |
13012 | + rci = 0; | |
13013 | + | |
13014 | + switch(cx->aes_Nkey) | |
13015 | + { | |
13016 | + case 4: do | |
13017 | + { kf[4] = kf[0] ^ ls_box(kf[3],3) ^ rcon_tab[rci++]; | |
13018 | + kf[5] = kf[1] ^ kf[4]; | |
13019 | + kf[6] = kf[2] ^ kf[5]; | |
13020 | + kf[7] = kf[3] ^ kf[6]; | |
13021 | + kf += 4; | |
13022 | + } | |
13023 | + while(kf < kt); | |
13024 | + break; | |
13025 | + | |
13026 | + case 6: cx->aes_e_key[4] = const_word_in(in_key + 16); | |
13027 | + cx->aes_e_key[5] = const_word_in(in_key + 20); | |
13028 | + do | |
13029 | + { kf[ 6] = kf[0] ^ ls_box(kf[5],3) ^ rcon_tab[rci++]; | |
13030 | + kf[ 7] = kf[1] ^ kf[ 6]; | |
13031 | + kf[ 8] = kf[2] ^ kf[ 7]; | |
13032 | + kf[ 9] = kf[3] ^ kf[ 8]; | |
13033 | + kf[10] = kf[4] ^ kf[ 9]; | |
13034 | + kf[11] = kf[5] ^ kf[10]; | |
13035 | + kf += 6; | |
13036 | + } | |
13037 | + while(kf < kt); | |
13038 | + break; | |
13039 | + | |
13040 | + case 8: cx->aes_e_key[4] = const_word_in(in_key + 16); | |
13041 | + cx->aes_e_key[5] = const_word_in(in_key + 20); | |
13042 | + cx->aes_e_key[6] = const_word_in(in_key + 24); | |
13043 | + cx->aes_e_key[7] = const_word_in(in_key + 28); | |
13044 | + do | |
13045 | + { kf[ 8] = kf[0] ^ ls_box(kf[7],3) ^ rcon_tab[rci++]; | |
13046 | + kf[ 9] = kf[1] ^ kf[ 8]; | |
13047 | + kf[10] = kf[2] ^ kf[ 9]; | |
13048 | + kf[11] = kf[3] ^ kf[10]; | |
13049 | + kf[12] = kf[4] ^ ls_box(kf[11],0); | |
13050 | + kf[13] = kf[5] ^ kf[12]; | |
13051 | + kf[14] = kf[6] ^ kf[13]; | |
13052 | + kf[15] = kf[7] ^ kf[14]; | |
13053 | + kf += 8; | |
13054 | + } | |
13055 | + while (kf < kt); | |
13056 | + break; | |
13057 | + } | |
13058 | + | |
13059 | + if(!f) | |
13060 | + { u_int32_t i; | |
13061 | + | |
13062 | + kt = cx->aes_d_key + nc * cx->aes_Nrnd; | |
13063 | + kf = cx->aes_e_key; | |
13064 | + | |
13065 | + cpy(kt, kf); kt -= 2 * nc; | |
13066 | + | |
13067 | + for(i = 1; i < cx->aes_Nrnd; ++i) | |
13068 | + { | |
13069 | +#if defined(ONE_TABLE) || defined(FOUR_TABLES) | |
13070 | +#if !defined(ONE_IM_TABLE) && !defined(FOUR_IM_TABLES) | |
13071 | + u_int32_t f2, f4, f8, f9; | |
13072 | +#endif | |
13073 | + mix(kt, kf); | |
13074 | +#else | |
13075 | + cpy(kt, kf); | |
13076 | +#endif | |
13077 | + kt -= 2 * nc; | |
13078 | + } | |
13079 | + | |
13080 | + cpy(kt, kf); | |
13081 | + } | |
13082 | +} | |
13083 | + | |
13084 | +// y = output word, x = input word, r = row, c = column | |
13085 | +// for r = 0, 1, 2 and 3 = column accessed for row r | |
13086 | + | |
13087 | +#if defined(ARRAYS) | |
13088 | +#define s(x,c) x[c] | |
13089 | +#else | |
13090 | +#define s(x,c) x##c | |
13091 | +#endif | |
13092 | + | |
13093 | +// I am grateful to Frank Yellin for the following constructions | |
13094 | +// which, given the column (c) of the output state variable that | |
13095 | +// is being computed, return the input state variables which are | |
13096 | +// needed for each row (r) of the state | |
13097 | + | |
13098 | +// For the fixed block size options, compilers reduce these two | |
13099 | +// expressions to fixed variable references. For variable block | |
13100 | +// size code conditional clauses will sometimes be returned | |
13101 | + | |
13102 | +#define unused 77 // Sunset Strip | |
13103 | + | |
13104 | +#define fwd_var(x,r,c) \ | |
13105 | + ( r==0 ? \ | |
13106 | + ( c==0 ? s(x,0) \ | |
13107 | + : c==1 ? s(x,1) \ | |
13108 | + : c==2 ? s(x,2) \ | |
13109 | + : c==3 ? s(x,3) \ | |
13110 | + : c==4 ? s(x,4) \ | |
13111 | + : c==5 ? s(x,5) \ | |
13112 | + : c==6 ? s(x,6) \ | |
13113 | + : s(x,7)) \ | |
13114 | + : r==1 ? \ | |
13115 | + ( c==0 ? s(x,1) \ | |
13116 | + : c==1 ? s(x,2) \ | |
13117 | + : c==2 ? s(x,3) \ | |
13118 | + : c==3 ? nc==4 ? s(x,0) : s(x,4) \ | |
13119 | + : c==4 ? s(x,5) \ | |
13120 | + : c==5 ? nc==8 ? s(x,6) : s(x,0) \ | |
13121 | + : c==6 ? s(x,7) \ | |
13122 | + : s(x,0)) \ | |
13123 | + : r==2 ? \ | |
13124 | + ( c==0 ? nc==8 ? s(x,3) : s(x,2) \ | |
13125 | + : c==1 ? nc==8 ? s(x,4) : s(x,3) \ | |
13126 | + : c==2 ? nc==4 ? s(x,0) : nc==8 ? s(x,5) : s(x,4) \ | |
13127 | + : c==3 ? nc==4 ? s(x,1) : nc==8 ? s(x,6) : s(x,5) \ | |
13128 | + : c==4 ? nc==8 ? s(x,7) : s(x,0) \ | |
13129 | + : c==5 ? nc==8 ? s(x,0) : s(x,1) \ | |
13130 | + : c==6 ? s(x,1) \ | |
13131 | + : s(x,2)) \ | |
13132 | + : \ | |
13133 | + ( c==0 ? nc==8 ? s(x,4) : s(x,3) \ | |
13134 | + : c==1 ? nc==4 ? s(x,0) : nc==8 ? s(x,5) : s(x,4) \ | |
13135 | + : c==2 ? nc==4 ? s(x,1) : nc==8 ? s(x,6) : s(x,5) \ | |
13136 | + : c==3 ? nc==4 ? s(x,2) : nc==8 ? s(x,7) : s(x,0) \ | |
13137 | + : c==4 ? nc==8 ? s(x,0) : s(x,1) \ | |
13138 | + : c==5 ? nc==8 ? s(x,1) : s(x,2) \ | |
13139 | + : c==6 ? s(x,2) \ | |
13140 | + : s(x,3))) | |
13141 | + | |
13142 | +#define inv_var(x,r,c) \ | |
13143 | + ( r==0 ? \ | |
13144 | + ( c==0 ? s(x,0) \ | |
13145 | + : c==1 ? s(x,1) \ | |
13146 | + : c==2 ? s(x,2) \ | |
13147 | + : c==3 ? s(x,3) \ | |
13148 | + : c==4 ? s(x,4) \ | |
13149 | + : c==5 ? s(x,5) \ | |
13150 | + : c==6 ? s(x,6) \ | |
13151 | + : s(x,7)) \ | |
13152 | + : r==1 ? \ | |
13153 | + ( c==0 ? nc==4 ? s(x,3) : nc==8 ? s(x,7) : s(x,5) \ | |
13154 | + : c==1 ? s(x,0) \ | |
13155 | + : c==2 ? s(x,1) \ | |
13156 | + : c==3 ? s(x,2) \ | |
13157 | + : c==4 ? s(x,3) \ | |
13158 | + : c==5 ? s(x,4) \ | |
13159 | + : c==6 ? s(x,5) \ | |
13160 | + : s(x,6)) \ | |
13161 | + : r==2 ? \ | |
13162 | + ( c==0 ? nc==4 ? s(x,2) : nc==8 ? s(x,5) : s(x,4) \ | |
13163 | + : c==1 ? nc==4 ? s(x,3) : nc==8 ? s(x,6) : s(x,5) \ | |
13164 | + : c==2 ? nc==8 ? s(x,7) : s(x,0) \ | |
13165 | + : c==3 ? nc==8 ? s(x,0) : s(x,1) \ | |
13166 | + : c==4 ? nc==8 ? s(x,1) : s(x,2) \ | |
13167 | + : c==5 ? nc==8 ? s(x,2) : s(x,3) \ | |
13168 | + : c==6 ? s(x,3) \ | |
13169 | + : s(x,4)) \ | |
13170 | + : \ | |
13171 | + ( c==0 ? nc==4 ? s(x,1) : nc==8 ? s(x,4) : s(x,3) \ | |
13172 | + : c==1 ? nc==4 ? s(x,2) : nc==8 ? s(x,5) : s(x,4) \ | |
13173 | + : c==2 ? nc==4 ? s(x,3) : nc==8 ? s(x,6) : s(x,5) \ | |
13174 | + : c==3 ? nc==8 ? s(x,7) : s(x,0) \ | |
13175 | + : c==4 ? nc==8 ? s(x,0) : s(x,1) \ | |
13176 | + : c==5 ? nc==8 ? s(x,1) : s(x,2) \ | |
13177 | + : c==6 ? s(x,2) \ | |
13178 | + : s(x,3))) | |
13179 | + | |
13180 | +#define si(y,x,k,c) s(y,c) = const_word_in(x + 4 * c) ^ k[c] | |
13181 | +#define so(y,x,c) word_out(y + 4 * c, s(x,c)) | |
13182 | + | |
13183 | +#if defined(FOUR_TABLES) | |
13184 | +#define fwd_rnd(y,x,k,c) s(y,c)= (k)[c] ^ four_tables(x,ft_tab,fwd_var,rf1,c) | |
13185 | +#define inv_rnd(y,x,k,c) s(y,c)= (k)[c] ^ four_tables(x,it_tab,inv_var,rf1,c) | |
13186 | +#elif defined(ONE_TABLE) | |
13187 | +#define fwd_rnd(y,x,k,c) s(y,c)= (k)[c] ^ one_table(x,upr,ft_tab,fwd_var,rf1,c) | |
13188 | +#define inv_rnd(y,x,k,c) s(y,c)= (k)[c] ^ one_table(x,upr,it_tab,inv_var,rf1,c) | |
13189 | +#else | |
13190 | +#define fwd_rnd(y,x,k,c) s(y,c) = fwd_mcol(no_table(x,s_box,fwd_var,rf1,c)) ^ (k)[c] | |
13191 | +#define inv_rnd(y,x,k,c) s(y,c) = inv_mcol(no_table(x,inv_s_box,inv_var,rf1,c) ^ (k)[c]) | |
13192 | +#endif | |
13193 | + | |
13194 | +#if defined(FOUR_LR_TABLES) | |
13195 | +#define fwd_lrnd(y,x,k,c) s(y,c)= (k)[c] ^ four_tables(x,fl_tab,fwd_var,rf1,c) | |
13196 | +#define inv_lrnd(y,x,k,c) s(y,c)= (k)[c] ^ four_tables(x,il_tab,inv_var,rf1,c) | |
13197 | +#elif defined(ONE_LR_TABLE) | |
13198 | +#define fwd_lrnd(y,x,k,c) s(y,c)= (k)[c] ^ one_table(x,ups,fl_tab,fwd_var,rf1,c) | |
13199 | +#define inv_lrnd(y,x,k,c) s(y,c)= (k)[c] ^ one_table(x,ups,il_tab,inv_var,rf1,c) | |
13200 | +#else | |
13201 | +#define fwd_lrnd(y,x,k,c) s(y,c) = no_table(x,s_box,fwd_var,rf1,c) ^ (k)[c] | |
13202 | +#define inv_lrnd(y,x,k,c) s(y,c) = no_table(x,inv_s_box,inv_var,rf1,c) ^ (k)[c] | |
13203 | +#endif | |
13204 | + | |
13205 | +#if AES_BLOCK_SIZE == 16 | |
13206 | + | |
13207 | +#if defined(ARRAYS) | |
13208 | +#define locals(y,x) x[4],y[4] | |
13209 | +#else | |
13210 | +#define locals(y,x) x##0,x##1,x##2,x##3,y##0,y##1,y##2,y##3 | |
13211 | +// the following defines prevent the compiler requiring the declaration | |
13212 | +// of generated but unused variables in the fwd_var and inv_var macros | |
13213 | +#define b04 unused | |
13214 | +#define b05 unused | |
13215 | +#define b06 unused | |
13216 | +#define b07 unused | |
13217 | +#define b14 unused | |
13218 | +#define b15 unused | |
13219 | +#define b16 unused | |
13220 | +#define b17 unused | |
13221 | +#endif | |
13222 | +#define l_copy(y, x) s(y,0) = s(x,0); s(y,1) = s(x,1); \ | |
13223 | + s(y,2) = s(x,2); s(y,3) = s(x,3); | |
13224 | +#define state_in(y,x,k) si(y,x,k,0); si(y,x,k,1); si(y,x,k,2); si(y,x,k,3) | |
13225 | +#define state_out(y,x) so(y,x,0); so(y,x,1); so(y,x,2); so(y,x,3) | |
13226 | +#define round(rm,y,x,k) rm(y,x,k,0); rm(y,x,k,1); rm(y,x,k,2); rm(y,x,k,3) | |
13227 | + | |
13228 | +#elif AES_BLOCK_SIZE == 24 | |
13229 | + | |
13230 | +#if defined(ARRAYS) | |
13231 | +#define locals(y,x) x[6],y[6] | |
13232 | +#else | |
13233 | +#define locals(y,x) x##0,x##1,x##2,x##3,x##4,x##5, \ | |
13234 | + y##0,y##1,y##2,y##3,y##4,y##5 | |
13235 | +#define b06 unused | |
13236 | +#define b07 unused | |
13237 | +#define b16 unused | |
13238 | +#define b17 unused | |
13239 | +#endif | |
13240 | +#define l_copy(y, x) s(y,0) = s(x,0); s(y,1) = s(x,1); \ | |
13241 | + s(y,2) = s(x,2); s(y,3) = s(x,3); \ | |
13242 | + s(y,4) = s(x,4); s(y,5) = s(x,5); | |
13243 | +#define state_in(y,x,k) si(y,x,k,0); si(y,x,k,1); si(y,x,k,2); \ | |
13244 | + si(y,x,k,3); si(y,x,k,4); si(y,x,k,5) | |
13245 | +#define state_out(y,x) so(y,x,0); so(y,x,1); so(y,x,2); \ | |
13246 | + so(y,x,3); so(y,x,4); so(y,x,5) | |
13247 | +#define round(rm,y,x,k) rm(y,x,k,0); rm(y,x,k,1); rm(y,x,k,2); \ | |
13248 | + rm(y,x,k,3); rm(y,x,k,4); rm(y,x,k,5) | |
13249 | +#else | |
13250 | + | |
13251 | +#if defined(ARRAYS) | |
13252 | +#define locals(y,x) x[8],y[8] | |
13253 | +#else | |
13254 | +#define locals(y,x) x##0,x##1,x##2,x##3,x##4,x##5,x##6,x##7, \ | |
13255 | + y##0,y##1,y##2,y##3,y##4,y##5,y##6,y##7 | |
13256 | +#endif | |
13257 | +#define l_copy(y, x) s(y,0) = s(x,0); s(y,1) = s(x,1); \ | |
13258 | + s(y,2) = s(x,2); s(y,3) = s(x,3); \ | |
13259 | + s(y,4) = s(x,4); s(y,5) = s(x,5); \ | |
13260 | + s(y,6) = s(x,6); s(y,7) = s(x,7); | |
13261 | + | |
13262 | +#if AES_BLOCK_SIZE == 32 | |
13263 | + | |
13264 | +#define state_in(y,x,k) si(y,x,k,0); si(y,x,k,1); si(y,x,k,2); si(y,x,k,3); \ | |
13265 | + si(y,x,k,4); si(y,x,k,5); si(y,x,k,6); si(y,x,k,7) | |
13266 | +#define state_out(y,x) so(y,x,0); so(y,x,1); so(y,x,2); so(y,x,3); \ | |
13267 | + so(y,x,4); so(y,x,5); so(y,x,6); so(y,x,7) | |
13268 | +#define round(rm,y,x,k) rm(y,x,k,0); rm(y,x,k,1); rm(y,x,k,2); rm(y,x,k,3); \ | |
13269 | + rm(y,x,k,4); rm(y,x,k,5); rm(y,x,k,6); rm(y,x,k,7) | |
13270 | +#else | |
13271 | + | |
13272 | +#define state_in(y,x,k) \ | |
13273 | +switch(nc) \ | |
13274 | +{ case 8: si(y,x,k,7); si(y,x,k,6); \ | |
13275 | + case 6: si(y,x,k,5); si(y,x,k,4); \ | |
13276 | + case 4: si(y,x,k,3); si(y,x,k,2); \ | |
13277 | + si(y,x,k,1); si(y,x,k,0); \ | |
13278 | +} | |
13279 | + | |
13280 | +#define state_out(y,x) \ | |
13281 | +switch(nc) \ | |
13282 | +{ case 8: so(y,x,7); so(y,x,6); \ | |
13283 | + case 6: so(y,x,5); so(y,x,4); \ | |
13284 | + case 4: so(y,x,3); so(y,x,2); \ | |
13285 | + so(y,x,1); so(y,x,0); \ | |
13286 | +} | |
13287 | + | |
13288 | +#if defined(FAST_VARIABLE) | |
13289 | + | |
13290 | +#define round(rm,y,x,k) \ | |
13291 | +switch(nc) \ | |
13292 | +{ case 8: rm(y,x,k,7); rm(y,x,k,6); \ | |
13293 | + rm(y,x,k,5); rm(y,x,k,4); \ | |
13294 | + rm(y,x,k,3); rm(y,x,k,2); \ | |
13295 | + rm(y,x,k,1); rm(y,x,k,0); \ | |
13296 | + break; \ | |
13297 | + case 6: rm(y,x,k,5); rm(y,x,k,4); \ | |
13298 | + rm(y,x,k,3); rm(y,x,k,2); \ | |
13299 | + rm(y,x,k,1); rm(y,x,k,0); \ | |
13300 | + break; \ | |
13301 | + case 4: rm(y,x,k,3); rm(y,x,k,2); \ | |
13302 | + rm(y,x,k,1); rm(y,x,k,0); \ | |
13303 | + break; \ | |
13304 | +} | |
13305 | +#else | |
13306 | + | |
13307 | +#define round(rm,y,x,k) \ | |
13308 | +switch(nc) \ | |
13309 | +{ case 8: rm(y,x,k,7); rm(y,x,k,6); \ | |
13310 | + case 6: rm(y,x,k,5); rm(y,x,k,4); \ | |
13311 | + case 4: rm(y,x,k,3); rm(y,x,k,2); \ | |
13312 | + rm(y,x,k,1); rm(y,x,k,0); \ | |
13313 | +} | |
13314 | + | |
13315 | +#endif | |
13316 | + | |
13317 | +#endif | |
13318 | +#endif | |
13319 | + | |
13320 | +void aes_encrypt(const aes_context *cx, const unsigned char in_blk[], unsigned char out_blk[]) | |
13321 | +{ u_int32_t locals(b0, b1); | |
13322 | + const u_int32_t *kp = cx->aes_e_key; | |
13323 | + | |
13324 | +#if !defined(ONE_TABLE) && !defined(FOUR_TABLES) | |
13325 | + u_int32_t f2; | |
13326 | +#endif | |
13327 | + | |
13328 | + state_in(b0, in_blk, kp); kp += nc; | |
13329 | + | |
13330 | +#if defined(UNROLL) | |
13331 | + | |
13332 | + switch(cx->aes_Nrnd) | |
13333 | + { | |
13334 | + case 14: round(fwd_rnd, b1, b0, kp ); | |
13335 | + round(fwd_rnd, b0, b1, kp + nc ); kp += 2 * nc; | |
13336 | + case 12: round(fwd_rnd, b1, b0, kp ); | |
13337 | + round(fwd_rnd, b0, b1, kp + nc ); kp += 2 * nc; | |
13338 | + case 10: round(fwd_rnd, b1, b0, kp ); | |
13339 | + round(fwd_rnd, b0, b1, kp + nc); | |
13340 | + round(fwd_rnd, b1, b0, kp + 2 * nc); | |
13341 | + round(fwd_rnd, b0, b1, kp + 3 * nc); | |
13342 | + round(fwd_rnd, b1, b0, kp + 4 * nc); | |
13343 | + round(fwd_rnd, b0, b1, kp + 5 * nc); | |
13344 | + round(fwd_rnd, b1, b0, kp + 6 * nc); | |
13345 | + round(fwd_rnd, b0, b1, kp + 7 * nc); | |
13346 | + round(fwd_rnd, b1, b0, kp + 8 * nc); | |
13347 | + round(fwd_lrnd, b0, b1, kp + 9 * nc); | |
13348 | + } | |
13349 | + | |
13350 | +#elif defined(PARTIAL_UNROLL) | |
13351 | + { u_int32_t rnd; | |
13352 | + | |
13353 | + for(rnd = 0; rnd < (cx->aes_Nrnd >> 1) - 1; ++rnd) | |
13354 | + { | |
13355 | + round(fwd_rnd, b1, b0, kp); | |
13356 | + round(fwd_rnd, b0, b1, kp + nc); kp += 2 * nc; | |
13357 | + } | |
13358 | + | |
13359 | + round(fwd_rnd, b1, b0, kp); | |
13360 | + round(fwd_lrnd, b0, b1, kp + nc); | |
13361 | + } | |
13362 | +#else | |
13363 | + { u_int32_t rnd; | |
13364 | + | |
13365 | + for(rnd = 0; rnd < cx->aes_Nrnd - 1; ++rnd) | |
13366 | + { | |
13367 | + round(fwd_rnd, b1, b0, kp); | |
13368 | + l_copy(b0, b1); kp += nc; | |
13369 | + } | |
13370 | + | |
13371 | + round(fwd_lrnd, b0, b1, kp); | |
13372 | + } | |
13373 | +#endif | |
13374 | + | |
13375 | + state_out(out_blk, b0); | |
13376 | +} | |
13377 | + | |
13378 | +void aes_decrypt(const aes_context *cx, const unsigned char in_blk[], unsigned char out_blk[]) | |
13379 | +{ u_int32_t locals(b0, b1); | |
13380 | + const u_int32_t *kp = cx->aes_d_key; | |
13381 | + | |
13382 | +#if !defined(ONE_TABLE) && !defined(FOUR_TABLES) | |
13383 | + u_int32_t f2, f4, f8, f9; | |
13384 | +#endif | |
13385 | + | |
13386 | + state_in(b0, in_blk, kp); kp += nc; | |
13387 | + | |
13388 | +#if defined(UNROLL) | |
13389 | + | |
13390 | + switch(cx->aes_Nrnd) | |
13391 | + { | |
13392 | + case 14: round(inv_rnd, b1, b0, kp ); | |
13393 | + round(inv_rnd, b0, b1, kp + nc ); kp += 2 * nc; | |
13394 | + case 12: round(inv_rnd, b1, b0, kp ); | |
13395 | + round(inv_rnd, b0, b1, kp + nc ); kp += 2 * nc; | |
13396 | + case 10: round(inv_rnd, b1, b0, kp ); | |
13397 | + round(inv_rnd, b0, b1, kp + nc); | |
13398 | + round(inv_rnd, b1, b0, kp + 2 * nc); | |
13399 | + round(inv_rnd, b0, b1, kp + 3 * nc); | |
13400 | + round(inv_rnd, b1, b0, kp + 4 * nc); | |
13401 | + round(inv_rnd, b0, b1, kp + 5 * nc); | |
13402 | + round(inv_rnd, b1, b0, kp + 6 * nc); | |
13403 | + round(inv_rnd, b0, b1, kp + 7 * nc); | |
13404 | + round(inv_rnd, b1, b0, kp + 8 * nc); | |
13405 | + round(inv_lrnd, b0, b1, kp + 9 * nc); | |
13406 | + } | |
13407 | + | |
13408 | +#elif defined(PARTIAL_UNROLL) | |
13409 | + { u_int32_t rnd; | |
13410 | + | |
13411 | + for(rnd = 0; rnd < (cx->aes_Nrnd >> 1) - 1; ++rnd) | |
13412 | + { | |
13413 | + round(inv_rnd, b1, b0, kp); | |
13414 | + round(inv_rnd, b0, b1, kp + nc); kp += 2 * nc; | |
13415 | + } | |
13416 | + | |
13417 | + round(inv_rnd, b1, b0, kp); | |
13418 | + round(inv_lrnd, b0, b1, kp + nc); | |
13419 | + } | |
13420 | +#else | |
13421 | + { u_int32_t rnd; | |
13422 | + | |
13423 | + for(rnd = 0; rnd < cx->aes_Nrnd - 1; ++rnd) | |
13424 | + { | |
13425 | + round(inv_rnd, b1, b0, kp); | |
13426 | + l_copy(b0, b1); kp += nc; | |
13427 | + } | |
13428 | + | |
13429 | + round(inv_lrnd, b0, b1, kp); | |
13430 | + } | |
13431 | +#endif | |
13432 | + | |
13433 | + state_out(out_blk, b0); | |
13434 | +} | |
13435 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
13436 | +++ linux/net/ipsec/aes/aes_cbc.c Mon Feb 9 13:51:03 2004 | |
13437 | @@ -0,0 +1,46 @@ | |
13438 | +/* | |
13439 | +// I retain copyright in this code but I encourage its free use provided | |
13440 | +// that I don't carry any responsibility for the results. I am especially | |
13441 | +// happy to see it used in free and open source software. If you do use | |
13442 | +// it I would appreciate an acknowledgement of its origin in the code or | |
13443 | +// the product that results and I would also appreciate knowing a little | |
13444 | +// about the use to which it is being put. I am grateful to Frank Yellin | |
13445 | +// for some ideas that are used in this implementation. | |
13446 | +// | |
13447 | +// Dr B. R. Gladman <brg@gladman.uk.net> 6th April 2001. | |
13448 | +// | |
13449 | +// This is an implementation of the AES encryption algorithm (Rijndael) | |
13450 | +// designed by Joan Daemen and Vincent Rijmen. This version is designed | |
13451 | +// to provide both fixed and dynamic block and key lengths and can also | |
13452 | +// run with either big or little endian internal byte order (see aes.h). | |
13453 | +// It inputs block and key lengths in bytes with the legal values being | |
13454 | +// 16, 24 and 32. | |
13455 | +* | |
13456 | +*/ | |
13457 | + | |
13458 | +#ifdef __KERNEL__ | |
13459 | +#include <linux/types.h> | |
13460 | +#else | |
13461 | +#include <sys/types.h> | |
13462 | +#endif | |
13463 | +#include "crypto/aes_cbc.h" | |
13464 | +#include "crypto/cbc_generic.h" | |
13465 | + | |
13466 | +/* returns bool success */ | |
13467 | +int AES_set_key(aes_context *aes_ctx, const u_int8_t *key, int keysize) { | |
13468 | + aes_set_key(aes_ctx, key, keysize, 0); | |
13469 | + return 1; | |
13470 | +} | |
13471 | +CBC_IMPL_BLK16(AES_cbc_encrypt, aes_context, u_int8_t *, aes_encrypt, aes_decrypt); | |
13472 | + | |
13473 | + | |
13474 | +/* | |
13475 | + * $Log: aes_cbc.c,v $ | |
13476 | + * Revision 1.2 2004/07/10 07:48:40 mcr | |
13477 | + * Moved from linux/crypto/ciphers/aes/aes_cbc.c,v | |
13478 | + * | |
13479 | + * Revision 1.1 2004/04/06 02:48:12 mcr | |
13480 | + * pullup of AES cipher from alg-branch. | |
13481 | + * | |
13482 | + * | |
13483 | + */ | |
13484 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
13485 | +++ linux/net/ipsec/aes/aes_xcbc_mac.c Mon Feb 9 13:51:03 2004 | |
13486 | @@ -0,0 +1,67 @@ | |
13487 | +#ifdef __KERNEL__ | |
13488 | +#include <linux/types.h> | |
13489 | +#include <linux/kernel.h> | |
13490 | +#define DEBUG(x) | |
13491 | +#else | |
13492 | +#include <stdio.h> | |
13493 | +#include <sys/types.h> | |
13494 | +#define DEBUG(x) x | |
13495 | +#endif | |
13496 | + | |
13497 | +#include "crypto/aes.h" | |
13498 | +#include "crypto/aes_xcbc_mac.h" | |
13499 | + | |
13500 | +int AES_xcbc_mac_set_key(aes_context_mac *ctxm, const u_int8_t *key, int keylen) | |
13501 | +{ | |
13502 | + int ret=1; | |
13503 | + aes_block kn[3] = { | |
13504 | + { 0x01010101, 0x01010101, 0x01010101, 0x01010101 }, | |
13505 | + { 0x02020202, 0x02020202, 0x02020202, 0x02020202 }, | |
13506 | + { 0x03030303, 0x03030303, 0x03030303, 0x03030303 }, | |
13507 | + }; | |
13508 | + aes_set_key(&ctxm->ctx_k1, key, keylen, 0); | |
13509 | + aes_encrypt(&ctxm->ctx_k1, (u_int8_t *) kn[0], (u_int8_t *) kn[0]); | |
13510 | + aes_encrypt(&ctxm->ctx_k1, (u_int8_t *) kn[1], (u_int8_t *) ctxm->k2); | |
13511 | + aes_encrypt(&ctxm->ctx_k1, (u_int8_t *) kn[2], (u_int8_t *) ctxm->k3); | |
13512 | + aes_set_key(&ctxm->ctx_k1, (u_int8_t *) kn[0], 16, 0); | |
13513 | + return ret; | |
13514 | +} | |
13515 | +static void do_pad_xor(u_int8_t *out, const u_int8_t *in, int len) { | |
13516 | + int pos=0; | |
13517 | + for (pos=1; pos <= 16; pos++, in++, out++) { | |
13518 | + if (pos <= len) | |
13519 | + *out ^= *in; | |
13520 | + if (pos > len) { | |
13521 | + DEBUG(printf("put 0x80 at pos=%d\n", pos)); | |
13522 | + *out ^= 0x80; | |
13523 | + break; | |
13524 | + } | |
13525 | + } | |
13526 | +} | |
13527 | +static void xor_block(aes_block res, const aes_block op) { | |
13528 | + res[0] ^= op[0]; | |
13529 | + res[1] ^= op[1]; | |
13530 | + res[2] ^= op[2]; | |
13531 | + res[3] ^= op[3]; | |
13532 | +} | |
13533 | +int AES_xcbc_mac_hash(const aes_context_mac *ctxm, const u_int8_t * in, int ilen, u_int8_t hash[16]) { | |
13534 | + int ret=ilen; | |
13535 | + u_int32_t out[4] = { 0, 0, 0, 0 }; | |
13536 | + for (; ilen > 16 ; ilen-=16) { | |
13537 | + xor_block(out, (const u_int32_t*) &in[0]); | |
13538 | + aes_encrypt(&ctxm->ctx_k1, in, (u_int8_t *)&out[0]); | |
13539 | + in+=16; | |
13540 | + } | |
13541 | + do_pad_xor((u_int8_t *)&out, in, ilen); | |
13542 | + if (ilen==16) { | |
13543 | + DEBUG(printf("using k3\n")); | |
13544 | + xor_block(out, ctxm->k3); | |
13545 | + } | |
13546 | + else | |
13547 | + { | |
13548 | + DEBUG(printf("using k2\n")); | |
13549 | + xor_block(out, ctxm->k2); | |
13550 | + } | |
13551 | + aes_encrypt(&ctxm->ctx_k1, (u_int8_t *)out, hash); | |
13552 | + return ret; | |
13553 | +} | |
13554 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
13555 | +++ linux/net/ipsec/aes/ipsec_alg_aes.c Mon Feb 9 13:51:03 2004 | |
13556 | @@ -0,0 +1,296 @@ | |
13557 | +/* | |
13558 | + * ipsec_alg AES cipher stubs | |
13559 | + * | |
13560 | + * Author: JuanJo Ciarlante <jjo-ipsec@mendoza.gov.ar> | |
13561 | + * | |
13562 | + * ipsec_alg_aes.c,v 1.1.2.1 2003/11/21 18:12:23 jjo Exp | |
13563 | + * | |
13564 | + * This program is free software; you can redistribute it and/or modify it | |
13565 | + * under the terms of the GNU General Public License as published by the | |
13566 | + * Free Software Foundation; either version 2 of the License, or (at your | |
13567 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
13568 | + * | |
13569 | + * This program is distributed in the hope that it will be useful, but | |
13570 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
13571 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
13572 | + * for more details. | |
13573 | + * | |
13574 | + * Fixes by: | |
13575 | + * PK: Pawel Krawczyk <kravietz@aba.krakow.pl> | |
13576 | + * Fixes list: | |
13577 | + * PK: make XCBC comply with latest draft (keylength) | |
13578 | + * | |
13579 | + */ | |
13580 | +#ifndef AUTOCONF_INCLUDED | |
13581 | +#include <linux/config.h> | |
13582 | +#endif | |
13583 | +#include <linux/version.h> | |
13584 | + | |
13585 | +/* | |
13586 | + * special case: ipsec core modular with this static algo inside: | |
13587 | + * must avoid MODULE magic for this file | |
13588 | + */ | |
13589 | +#if defined(CONFIG_KLIPS_MODULE) && defined(CONFIG_KLIPS_ENC_AES) | |
13590 | +#undef MODULE | |
13591 | +#endif | |
13592 | + | |
13593 | +#include <linux/module.h> | |
13594 | +#include <linux/init.h> | |
13595 | + | |
13596 | +#include <linux/kernel.h> /* printk() */ | |
13597 | +#include <linux/errno.h> /* error codes */ | |
13598 | +#include <linux/types.h> /* size_t */ | |
13599 | +#include <linux/string.h> | |
13600 | + | |
13601 | +/* Check if __exit is defined, if not null it */ | |
13602 | +#ifndef __exit | |
13603 | +#define __exit | |
13604 | +#endif | |
13605 | + | |
13606 | +/* Low freeswan header coupling */ | |
13607 | +#include "openswan/ipsec_alg.h" | |
13608 | +#include "crypto/aes_cbc.h" | |
13609 | + | |
13610 | +#define CONFIG_KLIPS_ENC_AES_MAC 1 | |
13611 | + | |
13612 | +#define AES_CONTEXT_T aes_context | |
13613 | +static int debug_aes=0; | |
13614 | +static int test_aes=0; | |
13615 | +static int excl_aes=0; | |
13616 | +static int keyminbits=0; | |
13617 | +static int keymaxbits=0; | |
13618 | +#if defined(CONFIG_KLIPS_ENC_AES_MODULE) | |
13619 | +MODULE_AUTHOR("JuanJo Ciarlante <jjo-ipsec@mendoza.gov.ar>"); | |
13620 | +#ifdef module_param | |
13621 | +module_param(debug_aes,int,0600) | |
13622 | +module_param(test_aes,int,0600) | |
13623 | +module_param(excl_aes,int,0600) | |
13624 | +module_param(keyminbits,int,0600) | |
13625 | +module_param(keymaxbits,int,0600) | |
13626 | +#else | |
13627 | +MODULE_PARM(debug_aes, "i"); | |
13628 | +MODULE_PARM(test_aes, "i"); | |
13629 | +MODULE_PARM(excl_aes, "i"); | |
13630 | +MODULE_PARM(keyminbits, "i"); | |
13631 | +MODULE_PARM(keymaxbits, "i"); | |
13632 | +#endif | |
13633 | +#endif | |
13634 | + | |
13635 | +#if CONFIG_KLIPS_ENC_AES_MAC | |
13636 | +#include "crypto/aes_xcbc_mac.h" | |
13637 | + | |
13638 | +/* | |
13639 | + * Not IANA number yet (draft-ietf-ipsec-ciph-aes-xcbc-mac-00.txt). | |
13640 | + * We use 9 for non-modular algorithm and none for modular, thus | |
13641 | + * forcing user to specify one on module load. -kravietz | |
13642 | + */ | |
13643 | +#ifdef MODULE | |
13644 | +static int auth_id=0; | |
13645 | +#else | |
13646 | +static int auth_id=9; | |
13647 | +#endif | |
13648 | +#ifdef module_param | |
13649 | +module_param(auth_id, int, 0600); | |
13650 | +#else | |
13651 | +MODULE_PARM(auth_id, "i"); | |
13652 | +#endif | |
13653 | +#endif | |
13654 | + | |
13655 | +#define ESP_AES 12 /* truely _constant_ :) */ | |
13656 | + | |
13657 | +/* 128, 192 or 256 */ | |
13658 | +#define ESP_AES_KEY_SZ_MIN 16 /* 128 bit secret key */ | |
13659 | +#define ESP_AES_KEY_SZ_MAX 32 /* 256 bit secret key */ | |
13660 | +#define ESP_AES_CBC_BLK_LEN 16 /* AES-CBC block size */ | |
13661 | + | |
13662 | +/* Values according to draft-ietf-ipsec-ciph-aes-xcbc-mac-02.txt | |
13663 | + * -kravietz | |
13664 | + */ | |
13665 | +#define ESP_AES_MAC_KEY_SZ 16 /* 128 bit MAC key */ | |
13666 | +#define ESP_AES_MAC_BLK_LEN 16 /* 128 bit block */ | |
13667 | + | |
13668 | +static int _aes_set_key(struct ipsec_alg_enc *alg, | |
13669 | + __u8 * key_e, const __u8 * key, | |
13670 | + size_t keysize) | |
13671 | +{ | |
13672 | + int ret; | |
13673 | + AES_CONTEXT_T *ctx=(AES_CONTEXT_T*)key_e; | |
13674 | + ret=AES_set_key(ctx, key, keysize)!=0? 0: -EINVAL; | |
13675 | + if (debug_aes > 0) | |
13676 | + printk(KERN_DEBUG "klips_debug:_aes_set_key:" | |
13677 | + "ret=%d key_e=%p key=%p keysize=%ld\n", | |
13678 | + ret, key_e, key, (unsigned long int) keysize); | |
13679 | + return ret; | |
13680 | +} | |
13681 | + | |
13682 | +static int _aes_cbc_encrypt(struct ipsec_alg_enc *alg, __u8 * key_e, | |
13683 | + __u8 * in, int ilen, const __u8 * iv, | |
13684 | + int encrypt) | |
13685 | +{ | |
13686 | + AES_CONTEXT_T *ctx=(AES_CONTEXT_T*)key_e; | |
13687 | + if (debug_aes > 0) | |
13688 | + printk(KERN_DEBUG "klips_debug:_aes_cbc_encrypt:" | |
13689 | + "key_e=%p in=%p ilen=%d iv=%p encrypt=%d\n", | |
13690 | + key_e, in, ilen, iv, encrypt); | |
13691 | + return AES_cbc_encrypt(ctx, in, in, ilen, iv, encrypt); | |
13692 | +} | |
13693 | +#if CONFIG_KLIPS_ENC_AES_MAC | |
13694 | +static int _aes_mac_set_key(struct ipsec_alg_auth *alg, __u8 * key_a, const __u8 * key, int keylen) { | |
13695 | + aes_context_mac *ctxm=(aes_context_mac *)key_a; | |
13696 | + return AES_xcbc_mac_set_key(ctxm, key, keylen)? 0 : -EINVAL; | |
13697 | +} | |
13698 | +static int _aes_mac_hash(struct ipsec_alg_auth *alg, __u8 * key_a, const __u8 * dat, int len, __u8 * hash, int hashlen) { | |
13699 | + int ret; | |
13700 | + char hash_buf[16]; | |
13701 | + aes_context_mac *ctxm=(aes_context_mac *)key_a; | |
13702 | + ret=AES_xcbc_mac_hash(ctxm, dat, len, hash_buf); | |
13703 | + memcpy(hash, hash_buf, hashlen); | |
13704 | + return ret; | |
13705 | +} | |
13706 | +static struct ipsec_alg_auth ipsec_alg_AES_MAC = { | |
13707 | + ixt_common: { ixt_version: IPSEC_ALG_VERSION, | |
13708 | + ixt_refcnt: ATOMIC_INIT(0), | |
13709 | + ixt_name: "aes_mac", | |
13710 | + ixt_blocksize: ESP_AES_MAC_BLK_LEN, | |
13711 | + ixt_support: { | |
13712 | + ias_exttype: IPSEC_ALG_TYPE_AUTH, | |
13713 | + ias_id: 0, | |
13714 | + ias_keyminbits: ESP_AES_MAC_KEY_SZ*8, | |
13715 | + ias_keymaxbits: ESP_AES_MAC_KEY_SZ*8, | |
13716 | + }, | |
13717 | + }, | |
13718 | +#if defined(CONFIG_KLIPS_ENC_AES_MODULE) | |
13719 | + ixt_module: THIS_MODULE, | |
13720 | +#endif | |
13721 | + ixt_a_keylen: ESP_AES_MAC_KEY_SZ, | |
13722 | + ixt_a_ctx_size: sizeof(aes_context_mac), | |
13723 | + ixt_a_hmac_set_key: _aes_mac_set_key, | |
13724 | + ixt_a_hmac_hash:_aes_mac_hash, | |
13725 | +}; | |
13726 | +#endif /* CONFIG_KLIPS_ENC_AES_MAC */ | |
13727 | +static struct ipsec_alg_enc ipsec_alg_AES = { | |
13728 | + ixt_common: { ixt_version: IPSEC_ALG_VERSION, | |
13729 | + ixt_refcnt: ATOMIC_INIT(0), | |
13730 | + ixt_name: "aes", | |
13731 | + ixt_blocksize: ESP_AES_CBC_BLK_LEN, | |
13732 | + ixt_support: { | |
13733 | + ias_exttype: IPSEC_ALG_TYPE_ENCRYPT, | |
13734 | + ias_id: ESP_AES, | |
13735 | + ias_keyminbits: ESP_AES_KEY_SZ_MIN*8, | |
13736 | + ias_keymaxbits: ESP_AES_KEY_SZ_MAX*8, | |
13737 | + }, | |
13738 | + }, | |
13739 | +#if defined(CONFIG_KLIPS_ENC_AES_MODULE) | |
13740 | + ixt_module: THIS_MODULE, | |
13741 | +#endif | |
13742 | + ixt_e_keylen: ESP_AES_KEY_SZ_MAX, | |
13743 | + ixt_e_ctx_size: sizeof(AES_CONTEXT_T), | |
13744 | + ixt_e_set_key: _aes_set_key, | |
13745 | + ixt_e_cbc_encrypt:_aes_cbc_encrypt, | |
13746 | +}; | |
13747 | + | |
13748 | +#if defined(CONFIG_KLIPS_ENC_AES_MODULE) | |
13749 | +IPSEC_ALG_MODULE_INIT_MOD( ipsec_aes_init ) | |
13750 | +#else | |
13751 | +IPSEC_ALG_MODULE_INIT_STATIC( ipsec_aes_init ) | |
13752 | +#endif | |
13753 | +{ | |
13754 | + int ret, test_ret; | |
13755 | + | |
13756 | + if (keyminbits) | |
13757 | + ipsec_alg_AES.ixt_common.ixt_support.ias_keyminbits=keyminbits; | |
13758 | + if (keymaxbits) { | |
13759 | + ipsec_alg_AES.ixt_common.ixt_support.ias_keymaxbits=keymaxbits; | |
13760 | + if (keymaxbits*8>ipsec_alg_AES.ixt_common.ixt_support.ias_keymaxbits) | |
13761 | + ipsec_alg_AES.ixt_e_keylen=keymaxbits*8; | |
13762 | + } | |
13763 | + if (excl_aes) ipsec_alg_AES.ixt_common.ixt_state |= IPSEC_ALG_ST_EXCL; | |
13764 | + ret=register_ipsec_alg_enc(&ipsec_alg_AES); | |
13765 | + printk("ipsec_aes_init(alg_type=%d alg_id=%d name=%s): ret=%d\n", | |
13766 | + ipsec_alg_AES.ixt_common.ixt_support.ias_exttype, | |
13767 | + ipsec_alg_AES.ixt_common.ixt_support.ias_id, | |
13768 | + ipsec_alg_AES.ixt_common.ixt_name, | |
13769 | + ret); | |
13770 | + if (ret==0 && test_aes) { | |
13771 | + test_ret=ipsec_alg_test( | |
13772 | + ipsec_alg_AES.ixt_common.ixt_support.ias_exttype , | |
13773 | + ipsec_alg_AES.ixt_common.ixt_support.ias_id, | |
13774 | + test_aes); | |
13775 | + printk("ipsec_aes_init(alg_type=%d alg_id=%d): test_ret=%d\n", | |
13776 | + ipsec_alg_AES.ixt_common.ixt_support.ias_exttype , | |
13777 | + ipsec_alg_AES.ixt_common.ixt_support.ias_id, | |
13778 | + test_ret); | |
13779 | + } | |
13780 | +#if CONFIG_KLIPS_ENC_AES_MAC | |
13781 | + if (auth_id!=0){ | |
13782 | + int ret; | |
13783 | + ipsec_alg_AES_MAC.ixt_common.ixt_support.ias_id=auth_id; | |
13784 | + ret=register_ipsec_alg_auth(&ipsec_alg_AES_MAC); | |
13785 | + printk("ipsec_aes_init(alg_type=%d alg_id=%d name=%s): ret=%d\n", | |
13786 | + ipsec_alg_AES_MAC.ixt_common.ixt_support.ias_exttype, | |
13787 | + ipsec_alg_AES_MAC.ixt_common.ixt_support.ias_id, | |
13788 | + ipsec_alg_AES_MAC.ixt_common.ixt_name, | |
13789 | + ret); | |
13790 | + if (ret==0 && test_aes) { | |
13791 | + test_ret=ipsec_alg_test( | |
13792 | + ipsec_alg_AES_MAC.ixt_common.ixt_support.ias_exttype, | |
13793 | + ipsec_alg_AES_MAC.ixt_common.ixt_support.ias_id, | |
13794 | + test_aes); | |
13795 | + printk("ipsec_aes_init(alg_type=%d alg_id=%d): test_ret=%d\n", | |
13796 | + ipsec_alg_AES_MAC.ixt_common.ixt_support.ias_exttype, | |
13797 | + ipsec_alg_AES_MAC.ixt_common.ixt_support.ias_id, | |
13798 | + test_ret); | |
13799 | + } | |
13800 | + } else { | |
13801 | + printk(KERN_DEBUG "klips_debug: experimental ipsec_alg_AES_MAC not registered [Ok] (auth_id=%d)\n", auth_id); | |
13802 | + } | |
13803 | +#endif /* CONFIG_KLIPS_ENC_AES_MAC */ | |
13804 | + return ret; | |
13805 | +} | |
13806 | + | |
13807 | +#if defined(CONFIG_KLIPS_ENC_AES_MODULE) | |
13808 | +IPSEC_ALG_MODULE_EXIT_MOD( ipsec_aes_fini ) | |
13809 | +#else | |
13810 | +IPSEC_ALG_MODULE_EXIT_STATIC( ipsec_aes_fini ) | |
13811 | +#endif | |
13812 | +{ | |
13813 | +#if CONFIG_KLIPS_ENC_AES_MAC | |
13814 | + if (auth_id) unregister_ipsec_alg_auth(&ipsec_alg_AES_MAC); | |
13815 | +#endif /* CONFIG_KLIPS_ENC_AES_MAC */ | |
13816 | + unregister_ipsec_alg_enc(&ipsec_alg_AES); | |
13817 | + return; | |
13818 | +} | |
13819 | +#ifdef MODULE_LICENSE | |
13820 | +MODULE_LICENSE("GPL"); | |
13821 | +#endif | |
13822 | + | |
13823 | +#if 0 /* +NOT_YET */ | |
13824 | +#ifndef MODULE | |
13825 | +/* | |
13826 | + * This is intended for static module setups, currently | |
13827 | + * doesn't work for modular ipsec.o with static algos inside | |
13828 | + */ | |
13829 | +static int setup_keybits(const char *str) | |
13830 | +{ | |
13831 | + unsigned aux; | |
13832 | + char *end; | |
13833 | + | |
13834 | + aux = simple_strtoul(str,&end,0); | |
13835 | + if (aux != 128 && aux != 192 && aux != 256) | |
13836 | + return 0; | |
13837 | + keyminbits = aux; | |
13838 | + | |
13839 | + if (*end == 0 || *end != ',') | |
13840 | + return 1; | |
13841 | + str=end+1; | |
13842 | + aux = simple_strtoul(str, NULL, 0); | |
13843 | + if (aux != 128 && aux != 192 && aux != 256) | |
13844 | + return 0; | |
13845 | + if (aux >= keyminbits) | |
13846 | + keymaxbits = aux; | |
13847 | + return 1; | |
13848 | +} | |
13849 | +__setup("ipsec_aes_keybits=", setup_keybits); | |
13850 | +#endif | |
13851 | +#endif | |
13852 | + | |
13853 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
13854 | +++ linux/net/ipsec/alg/Config.alg_aes.in Mon Feb 9 13:51:03 2004 | |
13855 | @@ -0,0 +1,3 @@ | |
13856 | +if [ "$CONFIG_IPSEC_ALG" = "y" ]; then | |
13857 | + tristate ' AES encryption algorithm' CONFIG_IPSEC_ENC_AES | |
13858 | +fi | |
13859 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
13860 | +++ linux/net/ipsec/alg/Config.alg_cryptoapi.in Mon Feb 9 13:51:03 2004 | |
13861 | @@ -0,0 +1,6 @@ | |
13862 | +if [ "$CONFIG_IPSEC_ALG" = "y" ]; then | |
13863 | + dep_tristate ' CRYPTOAPI ciphers support (needs cryptoapi patch)' CONFIG_IPSEC_ALG_CRYPTOAPI $CONFIG_CRYPTO | |
13864 | + if [ "$CONFIG_IPSEC_ALG_CRYPTOAPI" != "n" ]; then | |
13865 | + bool ' CRYPTOAPI proprietary ciphers ' CONFIG_IPSEC_ALG_NON_LIBRE | |
13866 | + fi | |
13867 | +fi | |
13868 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
13869 | +++ linux/net/ipsec/alg/Config.in Mon Feb 9 13:51:03 2004 | |
13870 | @@ -0,0 +1,3 @@ | |
13871 | +#Placeholder | |
13872 | +source net/ipsec/alg/Config.alg_aes.in | |
13873 | +source net/ipsec/alg/Config.alg_cryptoapi.in | |
13874 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
13875 | +++ linux/net/ipsec/alg/Makefile Mon Feb 9 13:51:03 2004 | |
13876 | @@ -0,0 +1,112 @@ | |
13877 | +# Makefile,v 1.1.2.1 2003/11/21 18:12:23 jjo Exp | |
13878 | +ifeq ($(strip $(KLIPSMODULE)),) | |
13879 | +FREESWANSRCDIR=. | |
13880 | +else | |
13881 | +FREESWANSRCDIR=../../../.. | |
13882 | +endif | |
13883 | +ifeq ($(strip $(KLIPS_TOP)),) | |
13884 | +KLIPS_TOP=../../.. | |
13885 | +override EXTRA_CFLAGS += -I$(KLIPS_TOP)/include | |
13886 | +endif | |
13887 | + | |
13888 | +ifeq ($(CONFIG_IPSEC_DEBUG),y) | |
13889 | +override EXTRA_CFLAGS += -g | |
13890 | +endif | |
13891 | + | |
13892 | +# LIBCRYPTO normally comes as an argument from "parent" Makefile | |
13893 | +# (this applies both to FS' "make module" and eg. Linux' "make modules" | |
13894 | +# But make dep doest follow same evaluations, so we need this default: | |
13895 | +LIBCRYPTO=$(TOPDIR)/lib/libcrypto | |
13896 | + | |
13897 | +override EXTRA_CFLAGS += -I$(LIBCRYPTO)/include | |
13898 | +override EXTRA_CFLAGS += -Wall -Wpointer-arith -Wstrict-prototypes | |
13899 | + | |
13900 | +MOD_LIST_NAME := NET_MISC_MODULES | |
13901 | + | |
13902 | +#O_TARGET := static_init.o | |
13903 | + | |
13904 | +subdir- := | |
13905 | +subdir-n := | |
13906 | +subdir-y := | |
13907 | +subdir-m := | |
13908 | + | |
13909 | +obj-y := static_init.o | |
13910 | + | |
13911 | +ARCH_ASM-y := | |
13912 | +ARCH_ASM-$(CONFIG_M586) := i586 | |
13913 | +ARCH_ASM-$(CONFIG_M586TSC) := i586 | |
13914 | +ARCH_ASM-$(CONFIG_M586MMX) := i586 | |
13915 | +ARCH_ASM-$(CONFIG_MK6) := i586 | |
13916 | +ARCH_ASM-$(CONFIG_M686) := i686 | |
13917 | +ARCH_ASM-$(CONFIG_MPENTIUMIII) := i686 | |
13918 | +ARCH_ASM-$(CONFIG_MPENTIUM4) := i686 | |
13919 | +ARCH_ASM-$(CONFIG_MK7) := i686 | |
13920 | +ARCH_ASM-$(CONFIG_MCRUSOE) := i586 | |
13921 | +ARCH_ASM-$(CONFIG_MWINCHIPC6) := i586 | |
13922 | +ARCH_ASM-$(CONFIG_MWINCHIP2) := i586 | |
13923 | +ARCH_ASM-$(CONFIG_MWINCHIP3D) := i586 | |
13924 | +ARCH_ASM-$(CONFIG_USERMODE) := i586 | |
13925 | + | |
13926 | +ARCH_ASM :=$(ARCH_ASM-y) | |
13927 | +ifdef NO_ASM | |
13928 | +ARCH_ASM := | |
13929 | +endif | |
13930 | + | |
13931 | +# The algorithm makefiles may put dependences, short-circuit them | |
13932 | +null: | |
13933 | + | |
13934 | +makefiles=$(filter-out %.preipsec, $(wildcard Makefile.alg_*)) | |
13935 | +ifneq ($(makefiles),) | |
13936 | +#include Makefile.alg_aes | |
13937 | +#include Makefile.alg_aes-opt | |
13938 | +include $(makefiles) | |
13939 | +endif | |
13940 | + | |
13941 | +# These rules translate from new to old makefile rules | |
13942 | +# Translate to Rules.make lists. | |
13943 | +multi-used := $(filter $(list-multi), $(obj-y) $(obj-m)) | |
13944 | +multi-objs := $(foreach m, $(multi-used), $($(basename $(m))-objs)) | |
13945 | +active-objs := $(sort $(multi-objs) $(obj-y) $(obj-m)) | |
13946 | +O_OBJS := $(obj-y) | |
13947 | +M_OBJS := $(obj-m) | |
13948 | +MIX_OBJS := $(filter $(export-objs), $(active-objs)) | |
13949 | +#OX_OBJS := $(export-objs) | |
13950 | +SUB_DIRS := $(subdir-y) | |
13951 | +ALL_SUB_DIRS := $(subdir-y) $(subdir-m) | |
13952 | +MOD_SUB_DIRS := $(subdir-m) | |
13953 | + | |
13954 | + | |
13955 | +static_init_mod.o: $(obj-y) | |
13956 | + rm -f $@ | |
13957 | + $(LD) $(LD_EXTRAFLAGS) $(obj-y) -r -o $@ | |
13958 | + | |
13959 | +perlasm: ../../../crypto/ciphers/des/asm/perlasm | |
13960 | + ln -sf $? $@ | |
13961 | + | |
13962 | +$(obj-y) $(obj-m): $(TOPDIR)/include/linux/config.h $(TOPDIR)/include/linux/autoconf.h $(KLIPS_TOP)/include/freeswan/ipsec_alg.h | |
13963 | +$(alg_obj-y) $(alg_obj-m): perlasm $(TOPDIR)/include/linux/config.h $(TOPDIR)/include/linux/autoconf.h $(KLIPS_TOP)/include/freeswan/ipsec_alg.h | |
13964 | + | |
13965 | + | |
13966 | +all_alg_modules: perlasm $(ALG_MODULES) | |
13967 | + @echo "ALG_MODULES=$(ALG_MODULES)" | |
13968 | + | |
13969 | + | |
13970 | +# | |
13971 | +# Construct alg. init. function: call ipsec_ALGO_init() for every static algo | |
13972 | +# Needed when there are static algos (with static or modular ipsec.o) | |
13973 | +# | |
13974 | +static_init.c: $(TOPDIR)/include/linux/autoconf.h Makefile $(makefiles) scripts/mk-static_init.c.sh | |
13975 | + @echo "Re-creating $@" | |
13976 | + $(SHELL) scripts/mk-static_init.c.sh $(static_init-func-y) > $@ | |
13977 | + | |
13978 | +clean: | |
13979 | + @for i in $(ALG_SUBDIRS);do test -d $$i && make -C $$i clean;done;exit 0 | |
13980 | + @find . -type l -exec rm -f {} \; | |
13981 | + -rm -f perlasm | |
13982 | + -rm -rf $(ALG_SUBDIRS) | |
13983 | + -rm -f *.o static_init.c | |
13984 | + | |
13985 | +ifdef TOPDIR | |
13986 | +include $(TOPDIR)/Rules.make | |
13987 | +endif | |
13988 | + | |
13989 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
13990 | +++ linux/net/ipsec/alg/Makefile.alg_aes Mon Feb 9 13:51:03 2004 | |
13991 | @@ -0,0 +1,18 @@ | |
13992 | +MOD_AES := ipsec_aes.o | |
13993 | + | |
13994 | +ALG_MODULES += $(MOD_AES) | |
13995 | +ALG_SUBDIRS += libaes | |
13996 | + | |
13997 | +obj-$(CONFIG_IPSEC_ALG_AES) += $(MOD_AES) | |
13998 | +static_init-func-$(CONFIG_IPSEC_ALG_AES)+= ipsec_aes_init | |
13999 | +alg_obj-$(CONFIG_IPSEC_ALG_AES) += ipsec_alg_aes.o | |
14000 | + | |
14001 | +AES_OBJS := ipsec_alg_aes.o $(LIBCRYPTO)/libaes/libaes.a | |
14002 | + | |
14003 | + | |
14004 | +$(MOD_AES): $(AES_OBJS) | |
14005 | + $(LD) $(EXTRA_LDFLAGS) -r $(AES_OBJS) -o $@ | |
14006 | + | |
14007 | +$(LIBCRYPTO)/libaes/libaes.a: | |
14008 | + $(MAKE) -C $(LIBCRYPTO)/libaes CC='$(CC)' 'ARCH_ASM=$(ARCH_ASM)' CFLAGS='$(CFLAGS) $(EXTRA_CFLAGS)' libaes.a | |
14009 | + | |
14010 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
14011 | +++ linux/net/ipsec/alg/Makefile.alg_cryptoapi Mon Feb 9 13:51:03 2004 | |
14012 | @@ -0,0 +1,14 @@ | |
14013 | +MOD_CRYPTOAPI := ipsec_cryptoapi.o | |
14014 | + | |
14015 | +ifneq ($(wildcard $(TOPDIR)/include/linux/crypto.h),) | |
14016 | +ALG_MODULES += $(MOD_CRYPTOAPI) | |
14017 | +obj-$(CONFIG_IPSEC_ALG_CRYPTOAPI) += $(MOD_CRYPTOAPI) | |
14018 | +static_init-func-$(CONFIG_IPSEC_ALG_CRYPTOAPI)+= ipsec_cryptoapi_init | |
14019 | +alg_obj-$(CONFIG_IPSEC_ALG_CRYPTOAPI) += ipsec_alg_cryptoapi.o | |
14020 | +else | |
14021 | +$(warning "Linux CryptoAPI (2.4.22+ or 2.6.x) not found, not building ipsec_cryptoapi.o") | |
14022 | +endif | |
14023 | + | |
14024 | +CRYPTOAPI_OBJS := ipsec_alg_cryptoapi.o | |
14025 | +$(MOD_CRYPTOAPI): $(CRYPTOAPI_OBJS) | |
14026 | + $(LD) -r $(CRYPTOAPI_OBJS) -o $@ | |
14027 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
14028 | +++ linux/net/ipsec/alg/ipsec_alg_cryptoapi.c Mon Feb 9 13:51:03 2004 | |
14029 | @@ -0,0 +1,442 @@ | |
14030 | +/* | |
14031 | + * ipsec_alg to linux cryptoapi GLUE | |
14032 | + * | |
14033 | + * Authors: CODE.ar TEAM | |
14034 | + * Harpo MAxx <harpo@linuxmendoza.org.ar> | |
14035 | + * JuanJo Ciarlante <jjo-ipsec@mendoza.gov.ar> | |
14036 | + * Luciano Ruete <docemeses@softhome.net> | |
14037 | + * | |
14038 | + * ipsec_alg_cryptoapi.c,v 1.1.2.1 2003/11/21 18:12:23 jjo Exp | |
14039 | + * | |
14040 | + * This program is free software; you can redistribute it and/or modify it | |
14041 | + * under the terms of the GNU General Public License as published by the | |
14042 | + * Free Software Foundation; either version 2 of the License, or (at your | |
14043 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
14044 | + * | |
14045 | + * This program is distributed in the hope that it will be useful, but | |
14046 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
14047 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
14048 | + * for more details. | |
14049 | + * | |
14050 | + * Example usage: | |
14051 | + * modinfo -p ipsec_cryptoapi (quite useful info, including supported algos) | |
14052 | + * modprobe ipsec_cryptoapi | |
14053 | + * modprobe ipsec_cryptoapi test=1 | |
14054 | + * modprobe ipsec_cryptoapi excl=1 (exclusive cipher/algo) | |
14055 | + * modprobe ipsec_cryptoapi noauto=1 aes=1 twofish=1 (only these ciphers) | |
14056 | + * modprobe ipsec_cryptoapi aes=128,128 (force these keylens) | |
14057 | + * modprobe ipsec_cryptoapi des_ede3=0 (everything but 3DES) | |
14058 | + */ | |
14059 | +#ifndef AUTOCONF_INCLUDED | |
14060 | +#include <linux/config.h> | |
14061 | +#endif | |
14062 | +#include <linux/version.h> | |
14063 | + | |
14064 | +/* | |
14065 | + * special case: ipsec core modular with this static algo inside: | |
14066 | + * must avoid MODULE magic for this file | |
14067 | + */ | |
14068 | +#if CONFIG_IPSEC_MODULE && CONFIG_IPSEC_ALG_CRYPTOAPI | |
14069 | +#undef MODULE | |
14070 | +#endif | |
14071 | + | |
14072 | +#include <linux/module.h> | |
14073 | +#include <linux/init.h> | |
14074 | + | |
14075 | +#include <linux/kernel.h> /* printk() */ | |
14076 | +#include <linux/errno.h> /* error codes */ | |
14077 | +#include <linux/types.h> /* size_t */ | |
14078 | +#include <linux/string.h> | |
14079 | + | |
14080 | +/* Check if __exit is defined, if not null it */ | |
14081 | +#ifndef __exit | |
14082 | +#define __exit | |
14083 | +#endif | |
14084 | + | |
14085 | +/* warn the innocent */ | |
14086 | +#if !defined (CONFIG_CRYPTO) && !defined (CONFIG_CRYPTO_MODULE) | |
14087 | +#warning "No linux CryptoAPI found, install 2.4.22+ or 2.6.x" | |
14088 | +#define NO_CRYPTOAPI_SUPPORT | |
14089 | +#endif | |
14090 | +/* Low freeswan header coupling */ | |
14091 | +#include "openswan/ipsec_alg.h" | |
14092 | + | |
14093 | +#include <linux/crypto.h> | |
14094 | +#ifdef CRYPTO_API_VERSION_CODE | |
14095 | +#warning "Old CryptoAPI is not supported. Only linux-2.4.22+ or linux-2.6.x are supported" | |
14096 | +#define NO_CRYPTOAPI_SUPPORT | |
14097 | +#endif | |
14098 | + | |
14099 | +#ifdef NO_CRYPTOAPI_SUPPORT | |
14100 | +#warning "Building an unusable module :P" | |
14101 | +/* Catch old CryptoAPI by not allowing module to load */ | |
14102 | +IPSEC_ALG_MODULE_INIT( ipsec_cryptoapi_init ) | |
14103 | +{ | |
14104 | + printk(KERN_WARNING "ipsec_cryptoapi.o was not built on stock Linux CryptoAPI (2.4.22+ or 2.6.x), not loading.\n"); | |
14105 | + return -EINVAL; | |
14106 | +} | |
14107 | +#else | |
14108 | +#include <asm/scatterlist.h> | |
14109 | +#include <asm/pgtable.h> | |
14110 | +#include <linux/mm.h> | |
14111 | + | |
14112 | +#define CIPHERNAME_AES "aes" | |
14113 | +#define CIPHERNAME_3DES "des3_ede" | |
14114 | +#define CIPHERNAME_BLOWFISH "blowfish" | |
14115 | +#define CIPHERNAME_CAST "cast5" | |
14116 | +#define CIPHERNAME_SERPENT "serpent" | |
14117 | +#define CIPHERNAME_TWOFISH "twofish" | |
14118 | + | |
14119 | +#define ESP_3DES 3 | |
14120 | +#define ESP_AES 12 | |
14121 | +#define ESP_BLOWFISH 7 /* truely _constant_ :) */ | |
14122 | +#define ESP_CAST 6 /* quite constant :) */ | |
14123 | +#define ESP_SERPENT 252 /* from ipsec drafts */ | |
14124 | +#define ESP_TWOFISH 253 /* from ipsec drafts */ | |
14125 | + | |
14126 | +#define AH_MD5 2 | |
14127 | +#define AH_SHA 3 | |
14128 | +#define DIGESTNAME_MD5 "md5" | |
14129 | +#define DIGESTNAME_SHA1 "sha1" | |
14130 | + | |
14131 | +MODULE_AUTHOR("Juanjo Ciarlante, Harpo MAxx, Luciano Ruete"); | |
14132 | +static int debug=0; | |
14133 | +static int test=0; | |
14134 | +static int excl=0; | |
14135 | +static int noauto = 0; | |
14136 | + | |
14137 | +static int des_ede3[] = {-1, -1}; | |
14138 | +static int aes[] = {-1, -1}; | |
14139 | +static int blowfish[] = {-1, -1}; | |
14140 | +static int cast[] = {-1, -1}; | |
14141 | +static int serpent[] = {-1, -1}; | |
14142 | +static int twofish[] = {-1, -1}; | |
14143 | + | |
14144 | +#ifdef module_param | |
14145 | +module_param(debug,int,0600); | |
14146 | +module_param(test,int,0600); | |
14147 | +module_param(ebug,int,0600); | |
14148 | + | |
14149 | +module_param(noauto,int,0600); | |
14150 | +module_param(ebug,int,0600); | |
14151 | + | |
14152 | +module_param_array(des_ede3,int,NULL,0); | |
14153 | +module_param(aes,int,NULL,0); | |
14154 | +module_param(blowfish,int,NULL,0); | |
14155 | +module_param(cast,int,NULL,0); | |
14156 | +module_param(serpent,int,NULL,0); | |
14157 | +module_param(twofish,int,NULL,0); | |
14158 | +#else | |
14159 | +MODULE_PARM(debug, "i"); | |
14160 | +MODULE_PARM(test, "i"); | |
14161 | +MODULE_PARM(excl, "i"); | |
14162 | + | |
14163 | +MODULE_PARM(noauto,"i"); | |
14164 | + | |
14165 | +MODULE_PARM(des_ede3,"1-2i"); | |
14166 | +MODULE_PARM(aes,"1-2i"); | |
14167 | +MODULE_PARM(blowfish,"1-2i"); | |
14168 | +MODULE_PARM(cast,"1-2i"); | |
14169 | +MODULE_PARM(serpent,"1-2i"); | |
14170 | +MODULE_PARM(twofish,"1-2i"); | |
14171 | +#endif | |
14172 | + | |
14173 | +MODULE_PARM_DESC(noauto, "Dont try all known algos, just setup enabled ones"); | |
14174 | + | |
14175 | +MODULE_PARM_DESC(des_ede3, "0: disable | 1: force_enable | min,max: dontuse"); | |
14176 | +MODULE_PARM_DESC(aes, "0: disable | 1: force_enable | min,max: keybitlens"); | |
14177 | +MODULE_PARM_DESC(blowfish, "0: disable | 1: force_enable | min,max: keybitlens"); | |
14178 | +MODULE_PARM_DESC(cast, "0: disable | 1: force_enable | min,max: keybitlens"); | |
14179 | +MODULE_PARM_DESC(serpent, "0: disable | 1: force_enable | min,max: keybitlens"); | |
14180 | +MODULE_PARM_DESC(twofish, "0: disable | 1: force_enable | min,max: keybitlens"); | |
14181 | + | |
14182 | +struct ipsec_alg_capi_cipher { | |
14183 | + const char *ciphername; /* cryptoapi's ciphername */ | |
14184 | + unsigned blocksize; | |
14185 | + unsigned short minbits; | |
14186 | + unsigned short maxbits; | |
14187 | + int *parm; /* lkm param for this cipher */ | |
14188 | + struct ipsec_alg_enc alg; /* note it's not a pointer */ | |
14189 | +}; | |
14190 | +static struct ipsec_alg_capi_cipher alg_capi_carray[] = { | |
14191 | + { CIPHERNAME_AES , 16, 128, 256, aes , { ixt_alg_id: ESP_AES, }}, | |
14192 | + { CIPHERNAME_TWOFISH , 16, 128, 256, twofish, { ixt_alg_id: ESP_TWOFISH, }}, | |
14193 | + { CIPHERNAME_SERPENT , 16, 128, 256, serpent, { ixt_alg_id: ESP_SERPENT, }}, | |
14194 | + { CIPHERNAME_CAST , 8, 128, 128, cast , { ixt_alg_id: ESP_CAST, }}, | |
14195 | + { CIPHERNAME_BLOWFISH , 8, 96, 448, blowfish,{ ixt_alg_id: ESP_BLOWFISH, }}, | |
14196 | + { CIPHERNAME_3DES , 8, 192, 192, des_ede3,{ ixt_alg_id: ESP_3DES, }}, | |
14197 | + { NULL, 0, 0, 0, NULL, {} } | |
14198 | +}; | |
14199 | +#ifdef NOT_YET | |
14200 | +struct ipsec_alg_capi_digest { | |
14201 | + const char *digestname; /* cryptoapi's digestname */ | |
14202 | + struct digest_implementation *di; | |
14203 | + struct ipsec_alg_auth alg; /* note it's not a pointer */ | |
14204 | +}; | |
14205 | +static struct ipsec_alg_capi_cipher alg_capi_darray[] = { | |
14206 | + { DIGESTNAME_MD5, NULL, { ixt_alg_id: AH_MD5, }}, | |
14207 | + { DIGESTNAME_SHA1, NULL, { ixt_alg_id: AH_SHA, }}, | |
14208 | + { NULL, NULL, {} } | |
14209 | +}; | |
14210 | +#endif | |
14211 | +/* | |
14212 | + * "generic" linux cryptoapi setup_cipher() function | |
14213 | + */ | |
14214 | +int setup_cipher(const char *ciphername) | |
14215 | +{ | |
14216 | + return crypto_alg_available(ciphername, 0); | |
14217 | +} | |
14218 | + | |
14219 | +/* | |
14220 | + * setups ipsec_alg_capi_cipher "hyper" struct components, calling | |
14221 | + * register_ipsec_alg for cointaned ipsec_alg object | |
14222 | + */ | |
14223 | +static void _capi_destroy_key (struct ipsec_alg_enc *alg, __u8 *key_e); | |
14224 | +static __u8 * _capi_new_key (struct ipsec_alg_enc *alg, const __u8 *key, size_t keylen); | |
14225 | +static int _capi_cbc_encrypt(struct ipsec_alg_enc *alg, __u8 * key_e, __u8 * in, int ilen, const __u8 * iv, int encrypt); | |
14226 | + | |
14227 | +static int | |
14228 | +setup_ipsec_alg_capi_cipher(struct ipsec_alg_capi_cipher *cptr) | |
14229 | +{ | |
14230 | + int ret; | |
14231 | + cptr->alg.ixt_version = IPSEC_ALG_VERSION; | |
14232 | + cptr->alg.ixt_module = THIS_MODULE; | |
14233 | + atomic_set (& cptr->alg.ixt_refcnt, 0); | |
14234 | + strncpy (cptr->alg.ixt_name , cptr->ciphername, sizeof (cptr->alg.ixt_name)); | |
14235 | + | |
14236 | + cptr->alg.ixt_blocksize=cptr->blocksize; | |
14237 | + cptr->alg.ixt_keyminbits=cptr->minbits; | |
14238 | + cptr->alg.ixt_keymaxbits=cptr->maxbits; | |
14239 | + cptr->alg.ixt_state = 0; | |
14240 | + if (excl) cptr->alg.ixt_state |= IPSEC_ALG_ST_EXCL; | |
14241 | + cptr->alg.ixt_e_keylen=cptr->alg.ixt_keymaxbits/8; | |
14242 | + cptr->alg.ixt_e_ctx_size = 0; | |
14243 | + cptr->alg.ixt_alg_type = IPSEC_ALG_TYPE_ENCRYPT; | |
14244 | + cptr->alg.ixt_e_new_key = _capi_new_key; | |
14245 | + cptr->alg.ixt_e_destroy_key = _capi_destroy_key; | |
14246 | + cptr->alg.ixt_e_cbc_encrypt = _capi_cbc_encrypt; | |
14247 | + cptr->alg.ixt_data = cptr; | |
14248 | + | |
14249 | + ret=register_ipsec_alg_enc(&cptr->alg); | |
14250 | + printk("setup_ipsec_alg_capi_cipher(): " | |
14251 | + "alg_type=%d alg_id=%d name=%s " | |
14252 | + "keyminbits=%d keymaxbits=%d, ret=%d\n", | |
14253 | + cptr->alg.ixt_alg_type, | |
14254 | + cptr->alg.ixt_alg_id, | |
14255 | + cptr->alg.ixt_name, | |
14256 | + cptr->alg.ixt_keyminbits, | |
14257 | + cptr->alg.ixt_keymaxbits, | |
14258 | + ret); | |
14259 | + return ret; | |
14260 | +} | |
14261 | +/* | |
14262 | + * called in ipsec_sa_wipe() time, will destroy key contexts | |
14263 | + * and do 1 unbind() | |
14264 | + */ | |
14265 | +static void | |
14266 | +_capi_destroy_key (struct ipsec_alg_enc *alg, __u8 *key_e) | |
14267 | +{ | |
14268 | + struct crypto_tfm *tfm=(struct crypto_tfm*)key_e; | |
14269 | + | |
14270 | + if (debug > 0) | |
14271 | + printk(KERN_DEBUG "klips_debug: _capi_destroy_key:" | |
14272 | + "name=%s key_e=%p \n", | |
14273 | + alg->ixt_name, key_e); | |
14274 | + if (!key_e) { | |
14275 | + printk(KERN_ERR "klips_debug: _capi_destroy_key:" | |
14276 | + "name=%s NULL key_e!\n", | |
14277 | + alg->ixt_name); | |
14278 | + return; | |
14279 | + } | |
14280 | + crypto_free_tfm(tfm); | |
14281 | +} | |
14282 | + | |
14283 | +/* | |
14284 | + * create new key context, need alg->ixt_data to know which | |
14285 | + * (of many) cipher inside this module is the target | |
14286 | + */ | |
14287 | +static __u8 * | |
14288 | +_capi_new_key (struct ipsec_alg_enc *alg, const __u8 *key, size_t keylen) | |
14289 | +{ | |
14290 | + struct ipsec_alg_capi_cipher *cptr; | |
14291 | + struct crypto_tfm *tfm=NULL; | |
14292 | + | |
14293 | + cptr = alg->ixt_data; | |
14294 | + if (!cptr) { | |
14295 | + printk(KERN_ERR "_capi_new_key(): " | |
14296 | + "NULL ixt_data (?!) for \"%s\" algo\n" | |
14297 | + , alg->ixt_name); | |
14298 | + goto err; | |
14299 | + } | |
14300 | + if (debug > 0) | |
14301 | + printk(KERN_DEBUG "klips_debug:_capi_new_key:" | |
14302 | + "name=%s cptr=%p key=%p keysize=%d\n", | |
14303 | + alg->ixt_name, cptr, key, keylen); | |
14304 | + | |
14305 | + /* | |
14306 | + * alloc tfm | |
14307 | + */ | |
14308 | + tfm = crypto_alloc_tfm(cptr->ciphername, CRYPTO_TFM_MODE_CBC); | |
14309 | + if (!tfm) { | |
14310 | + printk(KERN_ERR "_capi_new_key(): " | |
14311 | + "NULL tfm for \"%s\" cryptoapi (\"%s\") algo\n" | |
14312 | + , alg->ixt_name, cptr->ciphername); | |
14313 | + goto err; | |
14314 | + } | |
14315 | + if (crypto_cipher_setkey(tfm, key, keylen) < 0) { | |
14316 | + printk(KERN_ERR "_capi_new_key(): " | |
14317 | + "failed new_key() for \"%s\" cryptoapi algo (keylen=%d)\n" | |
14318 | + , alg->ixt_name, keylen); | |
14319 | + crypto_free_tfm(tfm); | |
14320 | + tfm=NULL; | |
14321 | + } | |
14322 | +err: | |
14323 | + if (debug > 0) | |
14324 | + printk(KERN_DEBUG "klips_debug:_capi_new_key:" | |
14325 | + "name=%s key=%p keylen=%d tfm=%p\n", | |
14326 | + alg->ixt_name, key, keylen, tfm); | |
14327 | + return (__u8 *) tfm; | |
14328 | +} | |
14329 | +/* | |
14330 | + * core encryption function: will use cx->ci to call actual cipher's | |
14331 | + * cbc function | |
14332 | + */ | |
14333 | +static int | |
14334 | +_capi_cbc_encrypt(struct ipsec_alg_enc *alg, __u8 * key_e, __u8 * in, int ilen, const __u8 * iv, int encrypt) { | |
14335 | + int error =0; | |
14336 | + struct crypto_tfm *tfm=(struct crypto_tfm *)key_e; | |
14337 | + struct scatterlist sg = { | |
14338 | + .page = virt_to_page(in), | |
14339 | + .offset = (unsigned long)(in) % PAGE_SIZE, | |
14340 | + .length=ilen, | |
14341 | + }; | |
14342 | + if (debug > 1) | |
14343 | + printk(KERN_DEBUG "klips_debug:_capi_cbc_encrypt:" | |
14344 | + "key_e=%p " | |
14345 | + "in=%p out=%p ilen=%d iv=%p encrypt=%d\n" | |
14346 | + , key_e | |
14347 | + , in, in, ilen, iv, encrypt); | |
14348 | + crypto_cipher_set_iv(tfm, iv, crypto_tfm_alg_ivsize(tfm)); | |
14349 | + if (encrypt) | |
14350 | + error = crypto_cipher_encrypt (tfm, &sg, &sg, ilen); | |
14351 | + else | |
14352 | + error = crypto_cipher_decrypt (tfm, &sg, &sg, ilen); | |
14353 | + if (debug > 1) | |
14354 | + printk(KERN_DEBUG "klips_debug:_capi_cbc_encrypt:" | |
14355 | + "error=%d\n" | |
14356 | + , error); | |
14357 | + return (error<0)? error : ilen; | |
14358 | +} | |
14359 | +/* | |
14360 | + * main initialization loop: for each cipher in list, do | |
14361 | + * 1) setup cryptoapi cipher else continue | |
14362 | + * 2) register ipsec_alg object | |
14363 | + */ | |
14364 | +static int | |
14365 | +setup_cipher_list (struct ipsec_alg_capi_cipher* clist) | |
14366 | +{ | |
14367 | + struct ipsec_alg_capi_cipher *cptr; | |
14368 | + /* foreach cipher in list ... */ | |
14369 | + for (cptr=clist;cptr->ciphername;cptr++) { | |
14370 | + /* | |
14371 | + * see if cipher has been disabled (0) or | |
14372 | + * if noauto set and not enabled (1) | |
14373 | + */ | |
14374 | + if (cptr->parm[0] == 0 || (noauto && cptr->parm[0] < 0)) { | |
14375 | + if (debug>0) | |
14376 | + printk(KERN_INFO "setup_cipher_list(): " | |
14377 | + "ciphername=%s skipped at user request: " | |
14378 | + "noauto=%d parm[0]=%d parm[1]=%d\n" | |
14379 | + , cptr->ciphername | |
14380 | + , noauto | |
14381 | + , cptr->parm[0] | |
14382 | + , cptr->parm[1]); | |
14383 | + continue; | |
14384 | + } | |
14385 | + /* | |
14386 | + * use a local ci to avoid touching cptr->ci, | |
14387 | + * if register ipsec_alg success then bind cipher | |
14388 | + */ | |
14389 | + if( setup_cipher(cptr->ciphername) ) { | |
14390 | + if (debug > 0) | |
14391 | + printk(KERN_DEBUG "klips_debug:" | |
14392 | + "setup_cipher_list():" | |
14393 | + "ciphername=%s found\n" | |
14394 | + , cptr->ciphername); | |
14395 | + if (setup_ipsec_alg_capi_cipher(cptr) == 0) { | |
14396 | + | |
14397 | + | |
14398 | + } else { | |
14399 | + printk(KERN_ERR "klips_debug:" | |
14400 | + "setup_cipher_list():" | |
14401 | + "ciphername=%s failed ipsec_alg_register\n" | |
14402 | + , cptr->ciphername); | |
14403 | + } | |
14404 | + } else { | |
14405 | + if (debug>0) | |
14406 | + printk(KERN_INFO "setup_cipher_list(): lookup for ciphername=%s: not found \n", | |
14407 | + cptr->ciphername); | |
14408 | + } | |
14409 | + } | |
14410 | + return 0; | |
14411 | +} | |
14412 | +/* | |
14413 | + * deregister ipsec_alg objects and unbind ciphers | |
14414 | + */ | |
14415 | +static int | |
14416 | +unsetup_cipher_list (struct ipsec_alg_capi_cipher* clist) | |
14417 | +{ | |
14418 | + struct ipsec_alg_capi_cipher *cptr; | |
14419 | + /* foreach cipher in list ... */ | |
14420 | + for (cptr=clist;cptr->ciphername;cptr++) { | |
14421 | + if (cptr->alg.ixt_state & IPSEC_ALG_ST_REGISTERED) { | |
14422 | + unregister_ipsec_alg_enc(&cptr->alg); | |
14423 | + } | |
14424 | + } | |
14425 | + return 0; | |
14426 | +} | |
14427 | +/* | |
14428 | + * test loop for registered algos | |
14429 | + */ | |
14430 | +static int | |
14431 | +test_cipher_list (struct ipsec_alg_capi_cipher* clist) | |
14432 | +{ | |
14433 | + int test_ret; | |
14434 | + struct ipsec_alg_capi_cipher *cptr; | |
14435 | + /* foreach cipher in list ... */ | |
14436 | + for (cptr=clist;cptr->ciphername;cptr++) { | |
14437 | + if (cptr->alg.ixt_state & IPSEC_ALG_ST_REGISTERED) { | |
14438 | + test_ret=ipsec_alg_test( | |
14439 | + cptr->alg.ixt_alg_type, | |
14440 | + cptr->alg.ixt_alg_id, | |
14441 | + test); | |
14442 | + printk("test_cipher_list(alg_type=%d alg_id=%d): test_ret=%d\n", | |
14443 | + cptr->alg.ixt_alg_type, | |
14444 | + cptr->alg.ixt_alg_id, | |
14445 | + test_ret); | |
14446 | + } | |
14447 | + } | |
14448 | + return 0; | |
14449 | +} | |
14450 | + | |
14451 | +IPSEC_ALG_MODULE_INIT( ipsec_cryptoapi_init ) | |
14452 | +{ | |
14453 | + int ret, test_ret; | |
14454 | + if ((ret=setup_cipher_list(alg_capi_carray)) < 0) | |
14455 | + return -EPROTONOSUPPORT; | |
14456 | + if (ret==0 && test) { | |
14457 | + test_ret=test_cipher_list(alg_capi_carray); | |
14458 | + } | |
14459 | + return ret; | |
14460 | +} | |
14461 | +IPSEC_ALG_MODULE_EXIT( ipsec_cryptoapi_fini ) | |
14462 | +{ | |
14463 | + unsetup_cipher_list(alg_capi_carray); | |
14464 | + return; | |
14465 | +} | |
14466 | +#ifdef MODULE_LICENSE | |
14467 | +MODULE_LICENSE("GPL"); | |
14468 | +#endif | |
14469 | + | |
14470 | +EXPORT_NO_SYMBOLS; | |
14471 | +#endif /* NO_CRYPTOAPI_SUPPORT */ | |
14472 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
14473 | +++ linux/net/ipsec/alg/scripts/mk-static_init.c.sh Mon Feb 9 13:51:03 2004 | |
14474 | @@ -0,0 +1,18 @@ | |
14475 | +#!/bin/sh | |
14476 | +cat << EOF | |
14477 | +#include <linux/kernel.h> | |
14478 | +#include <linux/list.h> | |
14479 | +#include "freeswan/ipsec_alg.h" | |
14480 | +$(for i in $*; do | |
14481 | + test -z "$i" && continue | |
14482 | + echo "extern int $i(void);" | |
14483 | +done) | |
14484 | +void ipsec_alg_static_init(void){ | |
14485 | + int __attribute__ ((unused)) err=0; | |
14486 | +$(for i in $*; do | |
14487 | + test -z "$i" && continue | |
14488 | + echo " if ((err=$i()) < 0)" | |
14489 | + echo " printk(KERN_WARNING \"$i() returned %d\", err);" | |
14490 | +done) | |
14491 | +} | |
14492 | +EOF | |
14493 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
14494 | +++ linux/net/ipsec/anyaddr.c Mon Feb 9 13:51:03 2004 | |
14495 | @@ -0,0 +1,148 @@ | |
14496 | +/* | |
14497 | + * special addresses | |
14498 | + * Copyright (C) 2000 Henry Spencer. | |
14499 | + * | |
14500 | + * This library is free software; you can redistribute it and/or modify it | |
14501 | + * under the terms of the GNU Library General Public License as published by | |
14502 | + * the Free Software Foundation; either version 2 of the License, or (at your | |
14503 | + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. | |
14504 | + * | |
14505 | + * This library is distributed in the hope that it will be useful, but | |
14506 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
14507 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public | |
14508 | + * License for more details. | |
14509 | + * | |
14510 | + * RCSID $Id: anyaddr.c,v 1.10.10.1 2006/11/24 05:55:46 paul Exp $ | |
14511 | + */ | |
14512 | +#include "openswan.h" | |
14513 | + | |
14514 | +/* these are mostly fallbacks for the no-IPv6-support-in-library case */ | |
14515 | +#ifndef IN6ADDR_ANY_INIT | |
14516 | +#define IN6ADDR_ANY_INIT {{{ 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 }}} | |
14517 | +#endif | |
14518 | +#ifndef IN6ADDR_LOOPBACK_INIT | |
14519 | +#define IN6ADDR_LOOPBACK_INIT {{{ 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1 }}} | |
14520 | +#endif | |
14521 | + | |
14522 | +static struct in6_addr v6any = IN6ADDR_ANY_INIT; | |
14523 | +static struct in6_addr v6loop = IN6ADDR_LOOPBACK_INIT; | |
14524 | + | |
14525 | +/* | |
14526 | + - anyaddr - initialize to the any-address value | |
14527 | + */ | |
14528 | +err_t /* NULL for success, else string literal */ | |
14529 | +anyaddr(af, dst) | |
14530 | +int af; /* address family */ | |
14531 | +ip_address *dst; | |
14532 | +{ | |
14533 | + uint32_t v4any = htonl(INADDR_ANY); | |
14534 | + | |
14535 | + switch (af) { | |
14536 | + case AF_INET: | |
14537 | + return initaddr((unsigned char *)&v4any, sizeof(v4any), af, dst); | |
14538 | + break; | |
14539 | + case AF_INET6: | |
14540 | + return initaddr((unsigned char *)&v6any, sizeof(v6any), af, dst); | |
14541 | + break; | |
14542 | + default: | |
14543 | + return "unknown address family in anyaddr/unspecaddr"; | |
14544 | + break; | |
14545 | + } | |
14546 | +} | |
14547 | + | |
14548 | +/* | |
14549 | + - unspecaddr - initialize to the unspecified-address value | |
14550 | + */ | |
14551 | +err_t /* NULL for success, else string literal */ | |
14552 | +unspecaddr(af, dst) | |
14553 | +int af; /* address family */ | |
14554 | +ip_address *dst; | |
14555 | +{ | |
14556 | + return anyaddr(af, dst); | |
14557 | +} | |
14558 | + | |
14559 | +/* | |
14560 | + - loopbackaddr - initialize to the loopback-address value | |
14561 | + */ | |
14562 | +err_t /* NULL for success, else string literal */ | |
14563 | +loopbackaddr(af, dst) | |
14564 | +int af; /* address family */ | |
14565 | +ip_address *dst; | |
14566 | +{ | |
14567 | + uint32_t v4loop = htonl(INADDR_LOOPBACK); | |
14568 | + | |
14569 | + switch (af) { | |
14570 | + case AF_INET: | |
14571 | + return initaddr((unsigned char *)&v4loop, sizeof(v4loop), af, dst); | |
14572 | + break; | |
14573 | + case AF_INET6: | |
14574 | + return initaddr((unsigned char *)&v6loop, sizeof(v6loop), af, dst); | |
14575 | + break; | |
14576 | + default: | |
14577 | + return "unknown address family in loopbackaddr"; | |
14578 | + break; | |
14579 | + } | |
14580 | +} | |
14581 | + | |
14582 | +/* | |
14583 | + - isanyaddr - test for the any-address value | |
14584 | + */ | |
14585 | +int | |
14586 | +isanyaddr(src) | |
14587 | +const ip_address *src; | |
14588 | +{ | |
14589 | + uint32_t v4any = htonl(INADDR_ANY); | |
14590 | + int cmp; | |
14591 | + | |
14592 | + switch (src->u.v4.sin_family) { | |
14593 | + case AF_INET: | |
14594 | + cmp = memcmp(&src->u.v4.sin_addr.s_addr, &v4any, sizeof(v4any)); | |
14595 | + break; | |
14596 | + case AF_INET6: | |
14597 | + cmp = memcmp(&src->u.v6.sin6_addr, &v6any, sizeof(v6any)); | |
14598 | + break; | |
14599 | + case 0: | |
14600 | + /* a zeroed structure is considered any address */ | |
14601 | + return 1; | |
14602 | + default: | |
14603 | + return 0; | |
14604 | + break; | |
14605 | + } | |
14606 | + | |
14607 | + return (cmp == 0) ? 1 : 0; | |
14608 | +} | |
14609 | + | |
14610 | +/* | |
14611 | + - isunspecaddr - test for the unspecified-address value | |
14612 | + */ | |
14613 | +int | |
14614 | +isunspecaddr(src) | |
14615 | +const ip_address *src; | |
14616 | +{ | |
14617 | + return isanyaddr(src); | |
14618 | +} | |
14619 | + | |
14620 | +/* | |
14621 | + - isloopbackaddr - test for the loopback-address value | |
14622 | + */ | |
14623 | +int | |
14624 | +isloopbackaddr(src) | |
14625 | +const ip_address *src; | |
14626 | +{ | |
14627 | + uint32_t v4loop = htonl(INADDR_LOOPBACK); | |
14628 | + int cmp; | |
14629 | + | |
14630 | + switch (src->u.v4.sin_family) { | |
14631 | + case AF_INET: | |
14632 | + cmp = memcmp(&src->u.v4.sin_addr.s_addr, &v4loop, sizeof(v4loop)); | |
14633 | + break; | |
14634 | + case AF_INET6: | |
14635 | + cmp = memcmp(&src->u.v6.sin6_addr, &v6loop, sizeof(v6loop)); | |
14636 | + break; | |
14637 | + default: | |
14638 | + return 0; | |
14639 | + break; | |
14640 | + } | |
14641 | + | |
14642 | + return (cmp == 0) ? 1 : 0; | |
14643 | +} | |
14644 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
14645 | +++ linux/net/ipsec/datatot.c Mon Feb 9 13:51:03 2004 | |
14646 | @@ -0,0 +1,234 @@ | |
14647 | +/* | |
14648 | + * convert from binary data (e.g. key) to text form | |
14649 | + * Copyright (C) 2000 Henry Spencer. | |
14650 | + * | |
14651 | + * This library is free software; you can redistribute it and/or modify it | |
14652 | + * under the terms of the GNU Library General Public License as published by | |
14653 | + * the Free Software Foundation; either version 2 of the License, or (at your | |
14654 | + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. | |
14655 | + * | |
14656 | + * This library is distributed in the hope that it will be useful, but | |
14657 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
14658 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public | |
14659 | + * License for more details. | |
14660 | + * | |
14661 | + * RCSID $Id: datatot.c,v 1.7 2005/04/14 20:48:43 mcr Exp $ | |
14662 | + */ | |
14663 | +#include "openswan.h" | |
14664 | + | |
14665 | +static void convert(const char *src, size_t nreal, int format, char *out); | |
14666 | + | |
14667 | +/* | |
14668 | + - datatot - convert data bytes to text | |
14669 | + */ | |
14670 | +size_t /* true length (with NUL) for success */ | |
14671 | +datatot(src, srclen, format, dst, dstlen) | |
14672 | +const char *src; | |
14673 | +size_t srclen; | |
14674 | +int format; /* character indicating what format */ | |
14675 | +char *dst; /* need not be valid if dstlen is 0 */ | |
14676 | +size_t dstlen; | |
14677 | +{ | |
14678 | + size_t inblocksize; /* process this many bytes at a time */ | |
14679 | + size_t outblocksize; /* producing this many */ | |
14680 | + size_t breakevery; /* add a _ every this many (0 means don't) */ | |
14681 | + size_t sincebreak; /* output bytes since last _ */ | |
14682 | + char breakchar; /* character used to break between groups */ | |
14683 | + char inblock[10]; /* enough for any format */ | |
14684 | + char outblock[10]; /* enough for any format */ | |
14685 | + char fake[1]; /* fake output area for dstlen == 0 */ | |
14686 | + size_t needed; /* return value */ | |
14687 | + char *stop; /* where the terminating NUL will go */ | |
14688 | + size_t ntodo; /* remaining input */ | |
14689 | + size_t nreal; | |
14690 | + char *out; | |
14691 | + char *prefix; | |
14692 | + | |
14693 | + breakevery = 0; | |
14694 | + breakchar = '_'; | |
14695 | + | |
14696 | + switch (format) { | |
14697 | + case 0: | |
14698 | + case 'h': | |
14699 | + format = 'x'; | |
14700 | + breakevery = 8; | |
14701 | + /* FALLTHROUGH */ | |
14702 | + case 'x': | |
14703 | + inblocksize = 1; | |
14704 | + outblocksize = 2; | |
14705 | + prefix = "0x"; | |
14706 | + break; | |
14707 | + case ':': | |
14708 | + format = 'x'; | |
14709 | + breakevery = 2; | |
14710 | + breakchar = ':'; | |
14711 | + /* FALLTHROUGH */ | |
14712 | + case 16: | |
14713 | + inblocksize = 1; | |
14714 | + outblocksize = 2; | |
14715 | + prefix = ""; | |
14716 | + format = 'x'; | |
14717 | + break; | |
14718 | + case 's': | |
14719 | + inblocksize = 3; | |
14720 | + outblocksize = 4; | |
14721 | + prefix = "0s"; | |
14722 | + break; | |
14723 | + case 64: /* beware, equals ' ' */ | |
14724 | + inblocksize = 3; | |
14725 | + outblocksize = 4; | |
14726 | + prefix = ""; | |
14727 | + format = 's'; | |
14728 | + break; | |
14729 | + default: | |
14730 | + return 0; | |
14731 | + break; | |
14732 | + } | |
14733 | + | |
14734 | + user_assert(inblocksize < sizeof(inblock)); | |
14735 | + user_assert(outblocksize < sizeof(outblock)); | |
14736 | + user_assert(breakevery % outblocksize == 0); | |
14737 | + | |
14738 | + if (srclen == 0) | |
14739 | + return 0; | |
14740 | + ntodo = srclen; | |
14741 | + | |
14742 | + if (dstlen == 0) { /* dispose of awkward special case */ | |
14743 | + dst = fake; | |
14744 | + dstlen = 1; | |
14745 | + } | |
14746 | + stop = dst + dstlen - 1; | |
14747 | + | |
14748 | + nreal = strlen(prefix); | |
14749 | + needed = nreal; /* for starters */ | |
14750 | + if (dstlen <= nreal) { /* prefix won't fit */ | |
14751 | + strncpy(dst, prefix, dstlen - 1); | |
14752 | + dst += dstlen - 1; | |
14753 | + } else { | |
14754 | + strcpy(dst, prefix); | |
14755 | + dst += nreal; | |
14756 | + } | |
14757 | + | |
14758 | + user_assert(dst <= stop); | |
14759 | + sincebreak = 0; | |
14760 | + | |
14761 | + while (ntodo > 0) { | |
14762 | + if (ntodo < inblocksize) { /* incomplete input */ | |
14763 | + memset(inblock, 0, sizeof(inblock)); | |
14764 | + memcpy(inblock, src, ntodo); | |
14765 | + src = inblock; | |
14766 | + nreal = ntodo; | |
14767 | + ntodo = inblocksize; | |
14768 | + } else | |
14769 | + nreal = inblocksize; | |
14770 | + out = (outblocksize > stop - dst) ? outblock : dst; | |
14771 | + | |
14772 | + convert(src, nreal, format, out); | |
14773 | + needed += outblocksize; | |
14774 | + sincebreak += outblocksize; | |
14775 | + if (dst < stop) { | |
14776 | + if (out != dst) { | |
14777 | + user_assert(outblocksize > stop - dst); | |
14778 | + memcpy(dst, out, stop - dst); | |
14779 | + dst = stop; | |
14780 | + } else | |
14781 | + dst += outblocksize; | |
14782 | + } | |
14783 | + | |
14784 | + src += inblocksize; | |
14785 | + ntodo -= inblocksize; | |
14786 | + if (breakevery != 0 && sincebreak >= breakevery && ntodo > 0) { | |
14787 | + if (dst < stop) | |
14788 | + *dst++ = breakchar; | |
14789 | + needed++; | |
14790 | + sincebreak = 0; | |
14791 | + } | |
14792 | + } | |
14793 | + | |
14794 | + user_assert(dst <= stop); | |
14795 | + *dst++ = '\0'; | |
14796 | + needed++; | |
14797 | + | |
14798 | + return needed; | |
14799 | +} | |
14800 | + | |
14801 | +/* | |
14802 | + - convert - convert one input block to one output block | |
14803 | + */ | |
14804 | +static void | |
14805 | +convert(src, nreal, format, out) | |
14806 | +const char *src; | |
14807 | +size_t nreal; /* how much of the input block is real */ | |
14808 | +int format; | |
14809 | +char *out; | |
14810 | +{ | |
14811 | + static char hex[] = "0123456789abcdef"; | |
14812 | + static char base64[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" | |
14813 | + "abcdefghijklmnopqrstuvwxyz" | |
14814 | + "0123456789+/"; | |
14815 | + unsigned char c; | |
14816 | + unsigned char c1, c2, c3; | |
14817 | + | |
14818 | + user_assert(nreal > 0); | |
14819 | + switch (format) { | |
14820 | + case 'x': | |
14821 | + user_assert(nreal == 1); | |
14822 | + c = (unsigned char)*src; | |
14823 | + *out++ = hex[c >> 4]; | |
14824 | + *out++ = hex[c & 0xf]; | |
14825 | + break; | |
14826 | + case 's': | |
14827 | + c1 = (unsigned char)*src++; | |
14828 | + c2 = (unsigned char)*src++; | |
14829 | + c3 = (unsigned char)*src++; | |
14830 | + *out++ = base64[c1 >> 2]; /* top 6 bits of c1 */ | |
14831 | + c = (c1 & 0x3) << 4; /* bottom 2 of c1... */ | |
14832 | + c |= c2 >> 4; /* ...top 4 of c2 */ | |
14833 | + *out++ = base64[c]; | |
14834 | + if (nreal == 1) | |
14835 | + *out++ = '='; | |
14836 | + else { | |
14837 | + c = (c2 & 0xf) << 2; /* bottom 4 of c2... */ | |
14838 | + c |= c3 >> 6; /* ...top 2 of c3 */ | |
14839 | + *out++ = base64[c]; | |
14840 | + } | |
14841 | + if (nreal <= 2) | |
14842 | + *out++ = '='; | |
14843 | + else | |
14844 | + *out++ = base64[c3 & 0x3f]; /* bottom 6 of c3 */ | |
14845 | + break; | |
14846 | + default: | |
14847 | + user_assert(nreal == 0); /* unknown format */ | |
14848 | + break; | |
14849 | + } | |
14850 | +} | |
14851 | + | |
14852 | +/* | |
14853 | + - datatoa - convert data to ASCII | |
14854 | + * backward-compatibility synonym for datatot | |
14855 | + */ | |
14856 | +size_t /* true length (with NUL) for success */ | |
14857 | +datatoa(src, srclen, format, dst, dstlen) | |
14858 | +const char *src; | |
14859 | +size_t srclen; | |
14860 | +int format; /* character indicating what format */ | |
14861 | +char *dst; /* need not be valid if dstlen is 0 */ | |
14862 | +size_t dstlen; | |
14863 | +{ | |
14864 | + return datatot(src, srclen, format, dst, dstlen); | |
14865 | +} | |
14866 | + | |
14867 | +/* | |
14868 | + - bytestoa - convert data bytes to ASCII | |
14869 | + * backward-compatibility synonym for datatot | |
14870 | + */ | |
14871 | +size_t /* true length (with NUL) for success */ | |
14872 | +bytestoa(src, srclen, format, dst, dstlen) | |
14873 | +const char *src; | |
14874 | +size_t srclen; | |
14875 | +int format; /* character indicating what format */ | |
14876 | +char *dst; /* need not be valid if dstlen is 0 */ | |
14877 | +size_t dstlen; | |
14878 | +{ | |
14879 | + return datatot(src, srclen, format, dst, dstlen); | |
14880 | +} | |
14881 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
14882 | +++ linux/net/ipsec/defconfig Mon Feb 9 13:51:03 2004 | |
14883 | @@ -0,0 +1,148 @@ | |
14884 | + | |
14885 | +# | |
14886 | +# RCSID $Id: defconfig,v 1.28.2.1 2006/10/11 18:14:33 paul Exp $ | |
14887 | +# | |
14888 | + | |
14889 | +# | |
14890 | +# FreeS/WAN IPSec implementation, KLIPS kernel config defaults | |
14891 | +# | |
14892 | + | |
14893 | +# | |
14894 | +# First, lets override stuff already set or not in the kernel config. | |
14895 | +# | |
14896 | +# We can't even think about leaving this off... | |
14897 | +CONFIG_INET=y | |
14898 | + | |
14899 | +# | |
14900 | +# This must be on for subnet protection. | |
14901 | +CONFIG_IP_FORWARD=y | |
14902 | + | |
14903 | +# Shut off IPSEC masquerading if it has been enabled, since it will | |
14904 | +# break the compile. IPPROTO_ESP and IPPROTO_AH were included in | |
14905 | +# net/ipv4/ip_masq.c when they should have gone into include/linux/in.h. | |
14906 | +CONFIG_IP_MASQUERADE_IPSEC=n | |
14907 | + | |
14908 | +# | |
14909 | +# Next, lets set the recommended FreeS/WAN configuration. | |
14910 | +# | |
14911 | + | |
14912 | +# To config as static (preferred), 'y'. To config as module, 'm'. | |
14913 | +CONFIG_KLIPS=m | |
14914 | + | |
14915 | +# To do tunnel mode IPSec, this must be enabled. | |
14916 | +CONFIG_KLIPS_IPIP=y | |
14917 | + | |
14918 | +# To enable authentication, say 'y'. (Highly recommended) | |
14919 | +CONFIG_KLIPS_AH=y | |
14920 | + | |
14921 | +# Authentication algorithm(s): | |
14922 | +CONFIG_KLIPS_AUTH_HMAC_MD5=y | |
14923 | +CONFIG_KLIPS_AUTH_HMAC_SHA1=y | |
14924 | + | |
14925 | +# To enable encryption, say 'y'. (Highly recommended) | |
14926 | +CONFIG_KLIPS_ESP=y | |
14927 | + | |
14928 | +# modular algo extensions (and new ALGOs) | |
14929 | +CONFIG_KLIPS_ALG=y | |
14930 | + | |
14931 | +# Encryption algorithm(s): | |
14932 | +CONFIG_KLIPS_ENC_3DES=y | |
14933 | +CONFIG_KLIPS_ENC_AES=y | |
14934 | +# CONFIG_KLIPS_ENC_NULL=y | |
14935 | + | |
14936 | +# Use CryptoAPI for ALG? - by default, no. | |
14937 | +CONFIG_KLIPS_ENC_CRYPTOAPI=n | |
14938 | + | |
14939 | +# IP Compression: new, probably still has minor bugs. | |
14940 | +CONFIG_KLIPS_IPCOMP=y | |
14941 | + | |
14942 | +# To enable userspace-switchable KLIPS debugging, say 'y'. | |
14943 | +CONFIG_KLIPS_DEBUG=y | |
14944 | + | |
14945 | +# NAT Traversal | |
14946 | +CONFIG_IPSEC_NAT_TRAVERSAL=y | |
14947 | + | |
14948 | +# | |
14949 | +# | |
14950 | +# $Log: defconfig,v $ | |
14951 | +# Revision 1.28.2.1 2006/10/11 18:14:33 paul | |
14952 | +# Add JuanJo Ciarlante's ESP_NULL patches for KLIPS, but leave it disabled | |
14953 | +# per default. | |
14954 | +# | |
14955 | +# Revision 1.28 2005/05/11 03:15:42 mcr | |
14956 | +# adjusted makefiles to sanely build modules properly. | |
14957 | +# | |
14958 | +# Revision 1.27 2005/03/20 03:00:05 mcr | |
14959 | +# default configuration should enable NAT_TRAVERSAL. | |
14960 | +# | |
14961 | +# Revision 1.26 2004/07/10 19:11:18 mcr | |
14962 | +# CONFIG_IPSEC -> CONFIG_KLIPS. | |
14963 | +# | |
14964 | +# Revision 1.25 2004/07/05 01:03:53 mcr | |
14965 | +# fix for adding cryptoapi code. | |
14966 | +# keep it off for now, since UMLs do not have it yet. | |
14967 | +# | |
14968 | +# Revision 1.24 2004/04/06 02:49:25 mcr | |
14969 | +# pullup of algo code from alg-branch. | |
14970 | +# | |
14971 | +# Revision 1.23.2.2 2004/04/05 04:30:46 mcr | |
14972 | +# patches for alg-branch to compile/work with 2.x openswan | |
14973 | +# | |
14974 | +# Revision 1.23.2.1 2003/12/22 15:25:52 jjo | |
14975 | +# . Merged algo-0.8.1-rc11-test1 into alg-branch | |
14976 | +# | |
14977 | +# Revision 1.23 2003/12/10 01:14:27 mcr | |
14978 | +# NAT-traversal patches to KLIPS. | |
14979 | +# | |
14980 | +# Revision 1.22 2003/02/24 19:37:27 mcr | |
14981 | +# changed default compilation mode to static. | |
14982 | +# | |
14983 | +# Revision 1.21 2002/04/24 07:36:27 mcr | |
14984 | +# Moved from ./klips/net/ipsec/defconfig,v | |
14985 | +# | |
14986 | +# Revision 1.20 2002/04/02 04:07:40 mcr | |
14987 | +# default build is now 'm'odule for KLIPS | |
14988 | +# | |
14989 | +# Revision 1.19 2002/03/08 18:57:17 rgb | |
14990 | +# Added a blank line at the beginning of the file to make it easier for | |
14991 | +# other projects to patch ./arch/i386/defconfig, for example | |
14992 | +# LIDS+grSecurity requested by Jason Pattie. | |
14993 | +# | |
14994 | +# Revision 1.18 2000/11/30 17:26:56 rgb | |
14995 | +# Cleaned out unused options and enabled ipcomp by default. | |
14996 | +# | |
14997 | +# Revision 1.17 2000/09/15 11:37:01 rgb | |
14998 | +# Merge in heavily modified Svenning Soerensen's <svenning@post5.tele.dk> | |
14999 | +# IPCOMP zlib deflate code. | |
15000 | +# | |
15001 | +# Revision 1.16 2000/09/08 19:12:55 rgb | |
15002 | +# Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG. | |
15003 | +# | |
15004 | +# Revision 1.15 2000/05/24 19:37:13 rgb | |
15005 | +# *** empty log message *** | |
15006 | +# | |
15007 | +# Revision 1.14 2000/05/11 21:14:57 henry | |
15008 | +# just commenting the FOOBAR=y lines out is not enough | |
15009 | +# | |
15010 | +# Revision 1.13 2000/05/10 20:17:58 rgb | |
15011 | +# Comment out netlink defaults, which are no longer needed. | |
15012 | +# | |
15013 | +# Revision 1.12 2000/05/10 19:13:38 rgb | |
15014 | +# Added configure option to shut off no eroute passthrough. | |
15015 | +# | |
15016 | +# Revision 1.11 2000/03/16 07:09:46 rgb | |
15017 | +# Hardcode PF_KEYv2 support. | |
15018 | +# Disable IPSEC_ICMP by default. | |
15019 | +# Remove DES config option from defaults file. | |
15020 | +# | |
15021 | +# Revision 1.10 2000/01/11 03:09:42 rgb | |
15022 | +# Added a default of 'y' to PF_KEYv2 keying I/F. | |
15023 | +# | |
15024 | +# Revision 1.9 1999/05/08 21:23:12 rgb | |
15025 | +# Added support for 2.2.x kernels. | |
15026 | +# | |
15027 | +# Revision 1.8 1999/04/06 04:54:25 rgb | |
15028 | +# Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes | |
15029 | +# patch shell fixes. | |
15030 | +# | |
15031 | +# | |
15032 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
15033 | +++ linux/net/ipsec/deflate.c Mon Feb 9 13:51:03 2004 | |
15034 | @@ -0,0 +1,1351 @@ | |
15035 | +/* deflate.c -- compress data using the deflation algorithm | |
15036 | + * Copyright (C) 1995-2002 Jean-loup Gailly. | |
15037 | + * For conditions of distribution and use, see copyright notice in zlib.h | |
15038 | + */ | |
15039 | + | |
15040 | +/* | |
15041 | + * ALGORITHM | |
15042 | + * | |
15043 | + * The "deflation" process depends on being able to identify portions | |
15044 | + * of the input text which are identical to earlier input (within a | |
15045 | + * sliding window trailing behind the input currently being processed). | |
15046 | + * | |
15047 | + * The most straightforward technique turns out to be the fastest for | |
15048 | + * most input files: try all possible matches and select the longest. | |
15049 | + * The key feature of this algorithm is that insertions into the string | |
15050 | + * dictionary are very simple and thus fast, and deletions are avoided | |
15051 | + * completely. Insertions are performed at each input character, whereas | |
15052 | + * string matches are performed only when the previous match ends. So it | |
15053 | + * is preferable to spend more time in matches to allow very fast string | |
15054 | + * insertions and avoid deletions. The matching algorithm for small | |
15055 | + * strings is inspired from that of Rabin & Karp. A brute force approach | |
15056 | + * is used to find longer strings when a small match has been found. | |
15057 | + * A similar algorithm is used in comic (by Jan-Mark Wams) and freeze | |
15058 | + * (by Leonid Broukhis). | |
15059 | + * A previous version of this file used a more sophisticated algorithm | |
15060 | + * (by Fiala and Greene) which is guaranteed to run in linear amortized | |
15061 | + * time, but has a larger average cost, uses more memory and is patented. | |
15062 | + * However the F&G algorithm may be faster for some highly redundant | |
15063 | + * files if the parameter max_chain_length (described below) is too large. | |
15064 | + * | |
15065 | + * ACKNOWLEDGEMENTS | |
15066 | + * | |
15067 | + * The idea of lazy evaluation of matches is due to Jan-Mark Wams, and | |
15068 | + * I found it in 'freeze' written by Leonid Broukhis. | |
15069 | + * Thanks to many people for bug reports and testing. | |
15070 | + * | |
15071 | + * REFERENCES | |
15072 | + * | |
15073 | + * Deutsch, L.P.,"DEFLATE Compressed Data Format Specification". | |
15074 | + * Available in ftp://ds.internic.net/rfc/rfc1951.txt | |
15075 | + * | |
15076 | + * A description of the Rabin and Karp algorithm is given in the book | |
15077 | + * "Algorithms" by R. Sedgewick, Addison-Wesley, p252. | |
15078 | + * | |
15079 | + * Fiala,E.R., and Greene,D.H. | |
15080 | + * Data Compression with Finite Windows, Comm.ACM, 32,4 (1989) 490-595 | |
15081 | + * | |
15082 | + */ | |
15083 | + | |
15084 | +/* @(#) $Id: deflate.c,v 1.4 2004/07/10 07:48:37 mcr Exp $ */ | |
15085 | + | |
15086 | +#include "deflate.h" | |
15087 | + | |
15088 | +local const char deflate_copyright[] = | |
15089 | + " deflate 1.1.4 Copyright 1995-2002 Jean-loup Gailly "; | |
15090 | +/* | |
15091 | + If you use the zlib library in a product, an acknowledgment is welcome | |
15092 | + in the documentation of your product. If for some reason you cannot | |
15093 | + include such an acknowledgment, I would appreciate that you keep this | |
15094 | + copyright string in the executable of your product. | |
15095 | + */ | |
15096 | + | |
15097 | +/* =========================================================================== | |
15098 | + * Function prototypes. | |
15099 | + */ | |
15100 | +typedef enum { | |
15101 | + need_more, /* block not completed, need more input or more output */ | |
15102 | + block_done, /* block flush performed */ | |
15103 | + finish_started, /* finish started, need only more output at next deflate */ | |
15104 | + finish_done /* finish done, accept no more input or output */ | |
15105 | +} block_state; | |
15106 | + | |
15107 | +typedef block_state (*compress_func) OF((deflate_state *s, int flush)); | |
15108 | +/* Compression function. Returns the block state after the call. */ | |
15109 | + | |
15110 | +local void fill_window OF((deflate_state *s)); | |
15111 | +local block_state deflate_stored OF((deflate_state *s, int flush)); | |
15112 | +local block_state deflate_fast OF((deflate_state *s, int flush)); | |
15113 | +local block_state deflate_slow OF((deflate_state *s, int flush)); | |
15114 | +local void lm_init OF((deflate_state *s)); | |
15115 | +local void putShortMSB OF((deflate_state *s, uInt b)); | |
15116 | +local void flush_pending OF((z_streamp strm)); | |
15117 | +local int read_buf OF((z_streamp strm, Bytef *buf, unsigned size)); | |
15118 | +#ifdef ASMV | |
15119 | + void match_init OF((void)); /* asm code initialization */ | |
15120 | + uInt longest_match OF((deflate_state *s, IPos cur_match)); | |
15121 | +#else | |
15122 | +local uInt longest_match OF((deflate_state *s, IPos cur_match)); | |
15123 | +#endif | |
15124 | + | |
15125 | +#ifdef DEBUG | |
15126 | +local void check_match OF((deflate_state *s, IPos start, IPos match, | |
15127 | + int length)); | |
15128 | +#endif | |
15129 | + | |
15130 | +/* =========================================================================== | |
15131 | + * Local data | |
15132 | + */ | |
15133 | + | |
15134 | +#define NIL 0 | |
15135 | +/* Tail of hash chains */ | |
15136 | + | |
15137 | +#ifndef TOO_FAR | |
15138 | +# define TOO_FAR 4096 | |
15139 | +#endif | |
15140 | +/* Matches of length 3 are discarded if their distance exceeds TOO_FAR */ | |
15141 | + | |
15142 | +#define MIN_LOOKAHEAD (MAX_MATCH+MIN_MATCH+1) | |
15143 | +/* Minimum amount of lookahead, except at the end of the input file. | |
15144 | + * See deflate.c for comments about the MIN_MATCH+1. | |
15145 | + */ | |
15146 | + | |
15147 | +/* Values for max_lazy_match, good_match and max_chain_length, depending on | |
15148 | + * the desired pack level (0..9). The values given below have been tuned to | |
15149 | + * exclude worst case performance for pathological files. Better values may be | |
15150 | + * found for specific files. | |
15151 | + */ | |
15152 | +typedef struct config_s { | |
15153 | + ush good_length; /* reduce lazy search above this match length */ | |
15154 | + ush max_lazy; /* do not perform lazy search above this match length */ | |
15155 | + ush nice_length; /* quit search above this match length */ | |
15156 | + ush max_chain; | |
15157 | + compress_func func; | |
15158 | +} config; | |
15159 | + | |
15160 | +local const config configuration_table[10] = { | |
15161 | +/* good lazy nice chain */ | |
15162 | +/* 0 */ {0, 0, 0, 0, deflate_stored}, /* store only */ | |
15163 | +/* 1 */ {4, 4, 8, 4, deflate_fast}, /* maximum speed, no lazy matches */ | |
15164 | +/* 2 */ {4, 5, 16, 8, deflate_fast}, | |
15165 | +/* 3 */ {4, 6, 32, 32, deflate_fast}, | |
15166 | + | |
15167 | +/* 4 */ {4, 4, 16, 16, deflate_slow}, /* lazy matches */ | |
15168 | +/* 5 */ {8, 16, 32, 32, deflate_slow}, | |
15169 | +/* 6 */ {8, 16, 128, 128, deflate_slow}, | |
15170 | +/* 7 */ {8, 32, 128, 256, deflate_slow}, | |
15171 | +/* 8 */ {32, 128, 258, 1024, deflate_slow}, | |
15172 | +/* 9 */ {32, 258, 258, 4096, deflate_slow}}; /* maximum compression */ | |
15173 | + | |
15174 | +/* Note: the deflate() code requires max_lazy >= MIN_MATCH and max_chain >= 4 | |
15175 | + * For deflate_fast() (levels <= 3) good is ignored and lazy has a different | |
15176 | + * meaning. | |
15177 | + */ | |
15178 | + | |
15179 | +#define EQUAL 0 | |
15180 | +/* result of memcmp for equal strings */ | |
15181 | + | |
15182 | +struct static_tree_desc_s {int dummy;}; /* for buggy compilers */ | |
15183 | + | |
15184 | +/* =========================================================================== | |
15185 | + * Update a hash value with the given input byte | |
15186 | + * IN assertion: all calls to to UPDATE_HASH are made with consecutive | |
15187 | + * input characters, so that a running hash key can be computed from the | |
15188 | + * previous key instead of complete recalculation each time. | |
15189 | + */ | |
15190 | +#define UPDATE_HASH(s,h,c) (h = (((h)<<s->hash_shift) ^ (c)) & s->hash_mask) | |
15191 | + | |
15192 | + | |
15193 | +/* =========================================================================== | |
15194 | + * Insert string str in the dictionary and set match_head to the previous head | |
15195 | + * of the hash chain (the most recent string with same hash key). Return | |
15196 | + * the previous length of the hash chain. | |
15197 | + * If this file is compiled with -DFASTEST, the compression level is forced | |
15198 | + * to 1, and no hash chains are maintained. | |
15199 | + * IN assertion: all calls to to INSERT_STRING are made with consecutive | |
15200 | + * input characters and the first MIN_MATCH bytes of str are valid | |
15201 | + * (except for the last MIN_MATCH-1 bytes of the input file). | |
15202 | + */ | |
15203 | +#ifdef FASTEST | |
15204 | +#define INSERT_STRING(s, str, match_head) \ | |
15205 | + (UPDATE_HASH(s, s->ins_h, s->window[(str) + (MIN_MATCH-1)]), \ | |
15206 | + match_head = s->head[s->ins_h], \ | |
15207 | + s->head[s->ins_h] = (Pos)(str)) | |
15208 | +#else | |
15209 | +#define INSERT_STRING(s, str, match_head) \ | |
15210 | + (UPDATE_HASH(s, s->ins_h, s->window[(str) + (MIN_MATCH-1)]), \ | |
15211 | + s->prev[(str) & s->w_mask] = match_head = s->head[s->ins_h], \ | |
15212 | + s->head[s->ins_h] = (Pos)(str)) | |
15213 | +#endif | |
15214 | + | |
15215 | +/* =========================================================================== | |
15216 | + * Initialize the hash table (avoiding 64K overflow for 16 bit systems). | |
15217 | + * prev[] will be initialized on the fly. | |
15218 | + */ | |
15219 | +#define CLEAR_HASH(s) \ | |
15220 | + s->head[s->hash_size-1] = NIL; \ | |
15221 | + zmemzero((Bytef *)s->head, (unsigned)(s->hash_size-1)*sizeof(*s->head)); | |
15222 | + | |
15223 | +/* ========================================================================= */ | |
15224 | +int ZEXPORT deflateInit_(strm, level, version, stream_size) | |
15225 | + z_streamp strm; | |
15226 | + int level; | |
15227 | + const char *version; | |
15228 | + int stream_size; | |
15229 | +{ | |
15230 | + return deflateInit2_(strm, level, Z_DEFLATED, MAX_WBITS, DEF_MEM_LEVEL, | |
15231 | + Z_DEFAULT_STRATEGY, version, stream_size); | |
15232 | + /* To do: ignore strm->next_in if we use it as window */ | |
15233 | +} | |
15234 | + | |
15235 | +/* ========================================================================= */ | |
15236 | +int ZEXPORT deflateInit2_(strm, level, method, windowBits, memLevel, strategy, | |
15237 | + version, stream_size) | |
15238 | + z_streamp strm; | |
15239 | + int level; | |
15240 | + int method; | |
15241 | + int windowBits; | |
15242 | + int memLevel; | |
15243 | + int strategy; | |
15244 | + const char *version; | |
15245 | + int stream_size; | |
15246 | +{ | |
15247 | + deflate_state *s; | |
15248 | + int noheader = 0; | |
15249 | + static const char* my_version = ZLIB_VERSION; | |
15250 | + | |
15251 | + ushf *overlay; | |
15252 | + /* We overlay pending_buf and d_buf+l_buf. This works since the average | |
15253 | + * output size for (length,distance) codes is <= 24 bits. | |
15254 | + */ | |
15255 | + | |
15256 | + if (version == Z_NULL || version[0] != my_version[0] || | |
15257 | + stream_size != sizeof(z_stream)) { | |
15258 | + return Z_VERSION_ERROR; | |
15259 | + } | |
15260 | + if (strm == Z_NULL) return Z_STREAM_ERROR; | |
15261 | + | |
15262 | + strm->msg = Z_NULL; | |
15263 | + if (strm->zalloc == Z_NULL) { | |
15264 | + return Z_STREAM_ERROR; | |
15265 | +/* strm->zalloc = zcalloc; | |
15266 | + strm->opaque = (voidpf)0;*/ | |
15267 | + } | |
15268 | + if (strm->zfree == Z_NULL) return Z_STREAM_ERROR; /* strm->zfree = zcfree; */ | |
15269 | + | |
15270 | + if (level == Z_DEFAULT_COMPRESSION) level = 6; | |
15271 | +#ifdef FASTEST | |
15272 | + level = 1; | |
15273 | +#endif | |
15274 | + | |
15275 | + if (windowBits < 0) { /* undocumented feature: suppress zlib header */ | |
15276 | + noheader = 1; | |
15277 | + windowBits = -windowBits; | |
15278 | + } | |
15279 | + if (memLevel < 1 || memLevel > MAX_MEM_LEVEL || method != Z_DEFLATED || | |
15280 | + windowBits < 9 || windowBits > 15 || level < 0 || level > 9 || | |
15281 | + strategy < 0 || strategy > Z_HUFFMAN_ONLY) { | |
15282 | + return Z_STREAM_ERROR; | |
15283 | + } | |
15284 | + s = (deflate_state *) ZALLOC(strm, 1, sizeof(deflate_state)); | |
15285 | + if (s == Z_NULL) return Z_MEM_ERROR; | |
15286 | + strm->state = (struct internal_state FAR *)s; | |
15287 | + s->strm = strm; | |
15288 | + | |
15289 | + s->noheader = noheader; | |
15290 | + s->w_bits = windowBits; | |
15291 | + s->w_size = 1 << s->w_bits; | |
15292 | + s->w_mask = s->w_size - 1; | |
15293 | + | |
15294 | + s->hash_bits = memLevel + 7; | |
15295 | + s->hash_size = 1 << s->hash_bits; | |
15296 | + s->hash_mask = s->hash_size - 1; | |
15297 | + s->hash_shift = ((s->hash_bits+MIN_MATCH-1)/MIN_MATCH); | |
15298 | + | |
15299 | + s->window = (Bytef *) ZALLOC(strm, s->w_size, 2*sizeof(Byte)); | |
15300 | + s->prev = (Posf *) ZALLOC(strm, s->w_size, sizeof(Pos)); | |
15301 | + s->head = (Posf *) ZALLOC(strm, s->hash_size, sizeof(Pos)); | |
15302 | + | |
15303 | + s->lit_bufsize = 1 << (memLevel + 6); /* 16K elements by default */ | |
15304 | + | |
15305 | + overlay = (ushf *) ZALLOC(strm, s->lit_bufsize, sizeof(ush)+2); | |
15306 | + s->pending_buf = (uchf *) overlay; | |
15307 | + s->pending_buf_size = (ulg)s->lit_bufsize * (sizeof(ush)+2L); | |
15308 | + | |
15309 | + if (s->window == Z_NULL || s->prev == Z_NULL || s->head == Z_NULL || | |
15310 | + s->pending_buf == Z_NULL) { | |
15311 | + strm->msg = ERR_MSG(Z_MEM_ERROR); | |
15312 | + deflateEnd (strm); | |
15313 | + return Z_MEM_ERROR; | |
15314 | + } | |
15315 | + s->d_buf = overlay + s->lit_bufsize/sizeof(ush); | |
15316 | + s->l_buf = s->pending_buf + (1+sizeof(ush))*s->lit_bufsize; | |
15317 | + | |
15318 | + s->level = level; | |
15319 | + s->strategy = strategy; | |
15320 | + s->method = (Byte)method; | |
15321 | + | |
15322 | + return deflateReset(strm); | |
15323 | +} | |
15324 | + | |
15325 | +/* ========================================================================= */ | |
15326 | +int ZEXPORT deflateSetDictionary (strm, dictionary, dictLength) | |
15327 | + z_streamp strm; | |
15328 | + const Bytef *dictionary; | |
15329 | + uInt dictLength; | |
15330 | +{ | |
15331 | + deflate_state *s; | |
15332 | + uInt length = dictLength; | |
15333 | + uInt n; | |
15334 | + IPos hash_head = 0; | |
15335 | + | |
15336 | + if (strm == Z_NULL || strm->state == Z_NULL || dictionary == Z_NULL || | |
15337 | + strm->state->status != INIT_STATE) return Z_STREAM_ERROR; | |
15338 | + | |
15339 | + s = strm->state; | |
15340 | + strm->adler = adler32(strm->adler, dictionary, dictLength); | |
15341 | + | |
15342 | + if (length < MIN_MATCH) return Z_OK; | |
15343 | + if (length > MAX_DIST(s)) { | |
15344 | + length = MAX_DIST(s); | |
15345 | +#ifndef USE_DICT_HEAD | |
15346 | + dictionary += dictLength - length; /* use the tail of the dictionary */ | |
15347 | +#endif | |
15348 | + } | |
15349 | + zmemcpy(s->window, dictionary, length); | |
15350 | + s->strstart = length; | |
15351 | + s->block_start = (long)length; | |
15352 | + | |
15353 | + /* Insert all strings in the hash table (except for the last two bytes). | |
15354 | + * s->lookahead stays null, so s->ins_h will be recomputed at the next | |
15355 | + * call of fill_window. | |
15356 | + */ | |
15357 | + s->ins_h = s->window[0]; | |
15358 | + UPDATE_HASH(s, s->ins_h, s->window[1]); | |
15359 | + for (n = 0; n <= length - MIN_MATCH; n++) { | |
15360 | + INSERT_STRING(s, n, hash_head); | |
15361 | + } | |
15362 | + if (hash_head) hash_head = 0; /* to make compiler happy */ | |
15363 | + return Z_OK; | |
15364 | +} | |
15365 | + | |
15366 | +/* ========================================================================= */ | |
15367 | +int ZEXPORT deflateReset (strm) | |
15368 | + z_streamp strm; | |
15369 | +{ | |
15370 | + deflate_state *s; | |
15371 | + | |
15372 | + if (strm == Z_NULL || strm->state == Z_NULL || | |
15373 | + strm->zalloc == Z_NULL || strm->zfree == Z_NULL) return Z_STREAM_ERROR; | |
15374 | + | |
15375 | + strm->total_in = strm->total_out = 0; | |
15376 | + strm->msg = Z_NULL; /* use zfree if we ever allocate msg dynamically */ | |
15377 | + strm->data_type = Z_UNKNOWN; | |
15378 | + | |
15379 | + s = (deflate_state *)strm->state; | |
15380 | + s->pending = 0; | |
15381 | + s->pending_out = s->pending_buf; | |
15382 | + | |
15383 | + if (s->noheader < 0) { | |
15384 | + s->noheader = 0; /* was set to -1 by deflate(..., Z_FINISH); */ | |
15385 | + } | |
15386 | + s->status = s->noheader ? BUSY_STATE : INIT_STATE; | |
15387 | + strm->adler = 1; | |
15388 | + s->last_flush = Z_NO_FLUSH; | |
15389 | + | |
15390 | + _tr_init(s); | |
15391 | + lm_init(s); | |
15392 | + | |
15393 | + return Z_OK; | |
15394 | +} | |
15395 | + | |
15396 | +/* ========================================================================= */ | |
15397 | +int ZEXPORT deflateParams(strm, level, strategy) | |
15398 | + z_streamp strm; | |
15399 | + int level; | |
15400 | + int strategy; | |
15401 | +{ | |
15402 | + deflate_state *s; | |
15403 | + compress_func func; | |
15404 | + int err = Z_OK; | |
15405 | + | |
15406 | + if (strm == Z_NULL || strm->state == Z_NULL) return Z_STREAM_ERROR; | |
15407 | + s = strm->state; | |
15408 | + | |
15409 | + if (level == Z_DEFAULT_COMPRESSION) { | |
15410 | + level = 6; | |
15411 | + } | |
15412 | + if (level < 0 || level > 9 || strategy < 0 || strategy > Z_HUFFMAN_ONLY) { | |
15413 | + return Z_STREAM_ERROR; | |
15414 | + } | |
15415 | + func = configuration_table[s->level].func; | |
15416 | + | |
15417 | + if (func != configuration_table[level].func && strm->total_in != 0) { | |
15418 | + /* Flush the last buffer: */ | |
15419 | + err = deflate(strm, Z_PARTIAL_FLUSH); | |
15420 | + } | |
15421 | + if (s->level != level) { | |
15422 | + s->level = level; | |
15423 | + s->max_lazy_match = configuration_table[level].max_lazy; | |
15424 | + s->good_match = configuration_table[level].good_length; | |
15425 | + s->nice_match = configuration_table[level].nice_length; | |
15426 | + s->max_chain_length = configuration_table[level].max_chain; | |
15427 | + } | |
15428 | + s->strategy = strategy; | |
15429 | + return err; | |
15430 | +} | |
15431 | + | |
15432 | +/* ========================================================================= | |
15433 | + * Put a short in the pending buffer. The 16-bit value is put in MSB order. | |
15434 | + * IN assertion: the stream state is correct and there is enough room in | |
15435 | + * pending_buf. | |
15436 | + */ | |
15437 | +local void putShortMSB (s, b) | |
15438 | + deflate_state *s; | |
15439 | + uInt b; | |
15440 | +{ | |
15441 | + put_byte(s, (Byte)(b >> 8)); | |
15442 | + put_byte(s, (Byte)(b & 0xff)); | |
15443 | +} | |
15444 | + | |
15445 | +/* ========================================================================= | |
15446 | + * Flush as much pending output as possible. All deflate() output goes | |
15447 | + * through this function so some applications may wish to modify it | |
15448 | + * to avoid allocating a large strm->next_out buffer and copying into it. | |
15449 | + * (See also read_buf()). | |
15450 | + */ | |
15451 | +local void flush_pending(strm) | |
15452 | + z_streamp strm; | |
15453 | +{ | |
15454 | + unsigned len = strm->state->pending; | |
15455 | + | |
15456 | + if (len > strm->avail_out) len = strm->avail_out; | |
15457 | + if (len == 0) return; | |
15458 | + | |
15459 | + zmemcpy(strm->next_out, strm->state->pending_out, len); | |
15460 | + strm->next_out += len; | |
15461 | + strm->state->pending_out += len; | |
15462 | + strm->total_out += len; | |
15463 | + strm->avail_out -= len; | |
15464 | + strm->state->pending -= len; | |
15465 | + if (strm->state->pending == 0) { | |
15466 | + strm->state->pending_out = strm->state->pending_buf; | |
15467 | + } | |
15468 | +} | |
15469 | + | |
15470 | +/* ========================================================================= */ | |
15471 | +int ZEXPORT deflate (strm, flush) | |
15472 | + z_streamp strm; | |
15473 | + int flush; | |
15474 | +{ | |
15475 | + int old_flush; /* value of flush param for previous deflate call */ | |
15476 | + deflate_state *s; | |
15477 | + | |
15478 | + if (strm == Z_NULL || strm->state == Z_NULL || | |
15479 | + flush > Z_FINISH || flush < 0) { | |
15480 | + return Z_STREAM_ERROR; | |
15481 | + } | |
15482 | + s = strm->state; | |
15483 | + | |
15484 | + if (strm->next_out == Z_NULL || | |
15485 | + (strm->next_in == Z_NULL && strm->avail_in != 0) || | |
15486 | + (s->status == FINISH_STATE && flush != Z_FINISH)) { | |
15487 | + ERR_RETURN(strm, Z_STREAM_ERROR); | |
15488 | + } | |
15489 | + if (strm->avail_out == 0) ERR_RETURN(strm, Z_BUF_ERROR); | |
15490 | + | |
15491 | + s->strm = strm; /* just in case */ | |
15492 | + old_flush = s->last_flush; | |
15493 | + s->last_flush = flush; | |
15494 | + | |
15495 | + /* Write the zlib header */ | |
15496 | + if (s->status == INIT_STATE) { | |
15497 | + | |
15498 | + uInt header = (Z_DEFLATED + ((s->w_bits-8)<<4)) << 8; | |
15499 | + uInt level_flags = (s->level-1) >> 1; | |
15500 | + | |
15501 | + if (level_flags > 3) level_flags = 3; | |
15502 | + header |= (level_flags << 6); | |
15503 | + if (s->strstart != 0) header |= PRESET_DICT; | |
15504 | + header += 31 - (header % 31); | |
15505 | + | |
15506 | + s->status = BUSY_STATE; | |
15507 | + putShortMSB(s, header); | |
15508 | + | |
15509 | + /* Save the adler32 of the preset dictionary: */ | |
15510 | + if (s->strstart != 0) { | |
15511 | + putShortMSB(s, (uInt)(strm->adler >> 16)); | |
15512 | + putShortMSB(s, (uInt)(strm->adler & 0xffff)); | |
15513 | + } | |
15514 | + strm->adler = 1L; | |
15515 | + } | |
15516 | + | |
15517 | + /* Flush as much pending output as possible */ | |
15518 | + if (s->pending != 0) { | |
15519 | + flush_pending(strm); | |
15520 | + if (strm->avail_out == 0) { | |
15521 | + /* Since avail_out is 0, deflate will be called again with | |
15522 | + * more output space, but possibly with both pending and | |
15523 | + * avail_in equal to zero. There won't be anything to do, | |
15524 | + * but this is not an error situation so make sure we | |
15525 | + * return OK instead of BUF_ERROR at next call of deflate: | |
15526 | + */ | |
15527 | + s->last_flush = -1; | |
15528 | + return Z_OK; | |
15529 | + } | |
15530 | + | |
15531 | + /* Make sure there is something to do and avoid duplicate consecutive | |
15532 | + * flushes. For repeated and useless calls with Z_FINISH, we keep | |
15533 | + * returning Z_STREAM_END instead of Z_BUFF_ERROR. | |
15534 | + */ | |
15535 | + } else if (strm->avail_in == 0 && flush <= old_flush && | |
15536 | + flush != Z_FINISH) { | |
15537 | + ERR_RETURN(strm, Z_BUF_ERROR); | |
15538 | + } | |
15539 | + | |
15540 | + /* User must not provide more input after the first FINISH: */ | |
15541 | + if (s->status == FINISH_STATE && strm->avail_in != 0) { | |
15542 | + ERR_RETURN(strm, Z_BUF_ERROR); | |
15543 | + } | |
15544 | + | |
15545 | + /* Start a new block or continue the current one. | |
15546 | + */ | |
15547 | + if (strm->avail_in != 0 || s->lookahead != 0 || | |
15548 | + (flush != Z_NO_FLUSH && s->status != FINISH_STATE)) { | |
15549 | + block_state bstate; | |
15550 | + | |
15551 | + bstate = (*(configuration_table[s->level].func))(s, flush); | |
15552 | + | |
15553 | + if (bstate == finish_started || bstate == finish_done) { | |
15554 | + s->status = FINISH_STATE; | |
15555 | + } | |
15556 | + if (bstate == need_more || bstate == finish_started) { | |
15557 | + if (strm->avail_out == 0) { | |
15558 | + s->last_flush = -1; /* avoid BUF_ERROR next call, see above */ | |
15559 | + } | |
15560 | + return Z_OK; | |
15561 | + /* If flush != Z_NO_FLUSH && avail_out == 0, the next call | |
15562 | + * of deflate should use the same flush parameter to make sure | |
15563 | + * that the flush is complete. So we don't have to output an | |
15564 | + * empty block here, this will be done at next call. This also | |
15565 | + * ensures that for a very small output buffer, we emit at most | |
15566 | + * one empty block. | |
15567 | + */ | |
15568 | + } | |
15569 | + if (bstate == block_done) { | |
15570 | + if (flush == Z_PARTIAL_FLUSH) { | |
15571 | + _tr_align(s); | |
15572 | + } else { /* FULL_FLUSH or SYNC_FLUSH */ | |
15573 | + _tr_stored_block(s, (char*)0, 0L, 0); | |
15574 | + /* For a full flush, this empty block will be recognized | |
15575 | + * as a special marker by inflate_sync(). | |
15576 | + */ | |
15577 | + if (flush == Z_FULL_FLUSH) { | |
15578 | + CLEAR_HASH(s); /* forget history */ | |
15579 | + } | |
15580 | + } | |
15581 | + flush_pending(strm); | |
15582 | + if (strm->avail_out == 0) { | |
15583 | + s->last_flush = -1; /* avoid BUF_ERROR at next call, see above */ | |
15584 | + return Z_OK; | |
15585 | + } | |
15586 | + } | |
15587 | + } | |
15588 | + Assert(strm->avail_out > 0, "bug2"); | |
15589 | + | |
15590 | + if (flush != Z_FINISH) return Z_OK; | |
15591 | + if (s->noheader) return Z_STREAM_END; | |
15592 | + | |
15593 | + /* Write the zlib trailer (adler32) */ | |
15594 | + putShortMSB(s, (uInt)(strm->adler >> 16)); | |
15595 | + putShortMSB(s, (uInt)(strm->adler & 0xffff)); | |
15596 | + flush_pending(strm); | |
15597 | + /* If avail_out is zero, the application will call deflate again | |
15598 | + * to flush the rest. | |
15599 | + */ | |
15600 | + s->noheader = -1; /* write the trailer only once! */ | |
15601 | + return s->pending != 0 ? Z_OK : Z_STREAM_END; | |
15602 | +} | |
15603 | + | |
15604 | +/* ========================================================================= */ | |
15605 | +int ZEXPORT deflateEnd (strm) | |
15606 | + z_streamp strm; | |
15607 | +{ | |
15608 | + int status; | |
15609 | + | |
15610 | + if (strm == Z_NULL || strm->state == Z_NULL) return Z_STREAM_ERROR; | |
15611 | + | |
15612 | + status = strm->state->status; | |
15613 | + if (status != INIT_STATE && status != BUSY_STATE && | |
15614 | + status != FINISH_STATE) { | |
15615 | + return Z_STREAM_ERROR; | |
15616 | + } | |
15617 | + | |
15618 | + /* Deallocate in reverse order of allocations: */ | |
15619 | + TRY_FREE(strm, strm->state->pending_buf); | |
15620 | + TRY_FREE(strm, strm->state->head); | |
15621 | + TRY_FREE(strm, strm->state->prev); | |
15622 | + TRY_FREE(strm, strm->state->window); | |
15623 | + | |
15624 | + ZFREE(strm, strm->state); | |
15625 | + strm->state = Z_NULL; | |
15626 | + | |
15627 | + return status == BUSY_STATE ? Z_DATA_ERROR : Z_OK; | |
15628 | +} | |
15629 | + | |
15630 | +/* ========================================================================= | |
15631 | + * Copy the source state to the destination state. | |
15632 | + * To simplify the source, this is not supported for 16-bit MSDOS (which | |
15633 | + * doesn't have enough memory anyway to duplicate compression states). | |
15634 | + */ | |
15635 | +int ZEXPORT deflateCopy (dest, source) | |
15636 | + z_streamp dest; | |
15637 | + z_streamp source; | |
15638 | +{ | |
15639 | +#ifdef MAXSEG_64K | |
15640 | + return Z_STREAM_ERROR; | |
15641 | +#else | |
15642 | + deflate_state *ds; | |
15643 | + deflate_state *ss; | |
15644 | + ushf *overlay; | |
15645 | + | |
15646 | + | |
15647 | + if (source == Z_NULL || dest == Z_NULL || source->state == Z_NULL) { | |
15648 | + return Z_STREAM_ERROR; | |
15649 | + } | |
15650 | + | |
15651 | + ss = source->state; | |
15652 | + | |
15653 | + *dest = *source; | |
15654 | + | |
15655 | + ds = (deflate_state *) ZALLOC(dest, 1, sizeof(deflate_state)); | |
15656 | + if (ds == Z_NULL) return Z_MEM_ERROR; | |
15657 | + dest->state = (struct internal_state FAR *) ds; | |
15658 | + *ds = *ss; | |
15659 | + ds->strm = dest; | |
15660 | + | |
15661 | + ds->window = (Bytef *) ZALLOC(dest, ds->w_size, 2*sizeof(Byte)); | |
15662 | + ds->prev = (Posf *) ZALLOC(dest, ds->w_size, sizeof(Pos)); | |
15663 | + ds->head = (Posf *) ZALLOC(dest, ds->hash_size, sizeof(Pos)); | |
15664 | + overlay = (ushf *) ZALLOC(dest, ds->lit_bufsize, sizeof(ush)+2); | |
15665 | + ds->pending_buf = (uchf *) overlay; | |
15666 | + | |
15667 | + if (ds->window == Z_NULL || ds->prev == Z_NULL || ds->head == Z_NULL || | |
15668 | + ds->pending_buf == Z_NULL) { | |
15669 | + deflateEnd (dest); | |
15670 | + return Z_MEM_ERROR; | |
15671 | + } | |
15672 | + /* following zmemcpy do not work for 16-bit MSDOS */ | |
15673 | + zmemcpy(ds->window, ss->window, ds->w_size * 2 * sizeof(Byte)); | |
15674 | + zmemcpy(ds->prev, ss->prev, ds->w_size * sizeof(Pos)); | |
15675 | + zmemcpy(ds->head, ss->head, ds->hash_size * sizeof(Pos)); | |
15676 | + zmemcpy(ds->pending_buf, ss->pending_buf, (uInt)ds->pending_buf_size); | |
15677 | + | |
15678 | + ds->pending_out = ds->pending_buf + (ss->pending_out - ss->pending_buf); | |
15679 | + ds->d_buf = overlay + ds->lit_bufsize/sizeof(ush); | |
15680 | + ds->l_buf = ds->pending_buf + (1+sizeof(ush))*ds->lit_bufsize; | |
15681 | + | |
15682 | + ds->l_desc.dyn_tree = ds->dyn_ltree; | |
15683 | + ds->d_desc.dyn_tree = ds->dyn_dtree; | |
15684 | + ds->bl_desc.dyn_tree = ds->bl_tree; | |
15685 | + | |
15686 | + return Z_OK; | |
15687 | +#endif | |
15688 | +} | |
15689 | + | |
15690 | +/* =========================================================================== | |
15691 | + * Read a new buffer from the current input stream, update the adler32 | |
15692 | + * and total number of bytes read. All deflate() input goes through | |
15693 | + * this function so some applications may wish to modify it to avoid | |
15694 | + * allocating a large strm->next_in buffer and copying from it. | |
15695 | + * (See also flush_pending()). | |
15696 | + */ | |
15697 | +local int read_buf(strm, buf, size) | |
15698 | + z_streamp strm; | |
15699 | + Bytef *buf; | |
15700 | + unsigned size; | |
15701 | +{ | |
15702 | + unsigned len = strm->avail_in; | |
15703 | + | |
15704 | + if (len > size) len = size; | |
15705 | + if (len == 0) return 0; | |
15706 | + | |
15707 | + strm->avail_in -= len; | |
15708 | + | |
15709 | + if (!strm->state->noheader) { | |
15710 | + strm->adler = adler32(strm->adler, strm->next_in, len); | |
15711 | + } | |
15712 | + zmemcpy(buf, strm->next_in, len); | |
15713 | + strm->next_in += len; | |
15714 | + strm->total_in += len; | |
15715 | + | |
15716 | + return (int)len; | |
15717 | +} | |
15718 | + | |
15719 | +/* =========================================================================== | |
15720 | + * Initialize the "longest match" routines for a new zlib stream | |
15721 | + */ | |
15722 | +local void lm_init (s) | |
15723 | + deflate_state *s; | |
15724 | +{ | |
15725 | + s->window_size = (ulg)2L*s->w_size; | |
15726 | + | |
15727 | + CLEAR_HASH(s); | |
15728 | + | |
15729 | + /* Set the default configuration parameters: | |
15730 | + */ | |
15731 | + s->max_lazy_match = configuration_table[s->level].max_lazy; | |
15732 | + s->good_match = configuration_table[s->level].good_length; | |
15733 | + s->nice_match = configuration_table[s->level].nice_length; | |
15734 | + s->max_chain_length = configuration_table[s->level].max_chain; | |
15735 | + | |
15736 | + s->strstart = 0; | |
15737 | + s->block_start = 0L; | |
15738 | + s->lookahead = 0; | |
15739 | + s->match_length = s->prev_length = MIN_MATCH-1; | |
15740 | + s->match_available = 0; | |
15741 | + s->ins_h = 0; | |
15742 | +#ifdef ASMV | |
15743 | + match_init(); /* initialize the asm code */ | |
15744 | +#endif | |
15745 | +} | |
15746 | + | |
15747 | +/* =========================================================================== | |
15748 | + * Set match_start to the longest match starting at the given string and | |
15749 | + * return its length. Matches shorter or equal to prev_length are discarded, | |
15750 | + * in which case the result is equal to prev_length and match_start is | |
15751 | + * garbage. | |
15752 | + * IN assertions: cur_match is the head of the hash chain for the current | |
15753 | + * string (strstart) and its distance is <= MAX_DIST, and prev_length >= 1 | |
15754 | + * OUT assertion: the match length is not greater than s->lookahead. | |
15755 | + */ | |
15756 | +#ifndef ASMV | |
15757 | +/* For 80x86 and 680x0, an optimized version will be provided in match.asm or | |
15758 | + * match.S. The code will be functionally equivalent. | |
15759 | + */ | |
15760 | +#ifndef FASTEST | |
15761 | +local uInt longest_match(s, cur_match) | |
15762 | + deflate_state *s; | |
15763 | + IPos cur_match; /* current match */ | |
15764 | +{ | |
15765 | + unsigned chain_length = s->max_chain_length;/* max hash chain length */ | |
15766 | + register Bytef *scan = s->window + s->strstart; /* current string */ | |
15767 | + register Bytef *match; /* matched string */ | |
15768 | + register int len; /* length of current match */ | |
15769 | + int best_len = s->prev_length; /* best match length so far */ | |
15770 | + int nice_match = s->nice_match; /* stop if match long enough */ | |
15771 | + IPos limit = s->strstart > (IPos)MAX_DIST(s) ? | |
15772 | + s->strstart - (IPos)MAX_DIST(s) : NIL; | |
15773 | + /* Stop when cur_match becomes <= limit. To simplify the code, | |
15774 | + * we prevent matches with the string of window index 0. | |
15775 | + */ | |
15776 | + Posf *prev = s->prev; | |
15777 | + uInt wmask = s->w_mask; | |
15778 | + | |
15779 | +#ifdef UNALIGNED_OK | |
15780 | + /* Compare two bytes at a time. Note: this is not always beneficial. | |
15781 | + * Try with and without -DUNALIGNED_OK to check. | |
15782 | + */ | |
15783 | + register Bytef *strend = s->window + s->strstart + MAX_MATCH - 1; | |
15784 | + register ush scan_start = *(ushf*)scan; | |
15785 | + register ush scan_end = *(ushf*)(scan+best_len-1); | |
15786 | +#else | |
15787 | + register Bytef *strend = s->window + s->strstart + MAX_MATCH; | |
15788 | + register Byte scan_end1 = scan[best_len-1]; | |
15789 | + register Byte scan_end = scan[best_len]; | |
15790 | +#endif | |
15791 | + | |
15792 | + /* The code is optimized for HASH_BITS >= 8 and MAX_MATCH-2 multiple of 16. | |
15793 | + * It is easy to get rid of this optimization if necessary. | |
15794 | + */ | |
15795 | + Assert(s->hash_bits >= 8 && MAX_MATCH == 258, "Code too clever"); | |
15796 | + | |
15797 | + /* Do not waste too much time if we already have a good match: */ | |
15798 | + if (s->prev_length >= s->good_match) { | |
15799 | + chain_length >>= 2; | |
15800 | + } | |
15801 | + /* Do not look for matches beyond the end of the input. This is necessary | |
15802 | + * to make deflate deterministic. | |
15803 | + */ | |
15804 | + if ((uInt)nice_match > s->lookahead) nice_match = s->lookahead; | |
15805 | + | |
15806 | + Assert((ulg)s->strstart <= s->window_size-MIN_LOOKAHEAD, "need lookahead"); | |
15807 | + | |
15808 | + do { | |
15809 | + Assert(cur_match < s->strstart, "no future"); | |
15810 | + match = s->window + cur_match; | |
15811 | + | |
15812 | + /* Skip to next match if the match length cannot increase | |
15813 | + * or if the match length is less than 2: | |
15814 | + */ | |
15815 | +#if (defined(UNALIGNED_OK) && MAX_MATCH == 258) | |
15816 | + /* This code assumes sizeof(unsigned short) == 2. Do not use | |
15817 | + * UNALIGNED_OK if your compiler uses a different size. | |
15818 | + */ | |
15819 | + if (*(ushf*)(match+best_len-1) != scan_end || | |
15820 | + *(ushf*)match != scan_start) continue; | |
15821 | + | |
15822 | + /* It is not necessary to compare scan[2] and match[2] since they are | |
15823 | + * always equal when the other bytes match, given that the hash keys | |
15824 | + * are equal and that HASH_BITS >= 8. Compare 2 bytes at a time at | |
15825 | + * strstart+3, +5, ... up to strstart+257. We check for insufficient | |
15826 | + * lookahead only every 4th comparison; the 128th check will be made | |
15827 | + * at strstart+257. If MAX_MATCH-2 is not a multiple of 8, it is | |
15828 | + * necessary to put more guard bytes at the end of the window, or | |
15829 | + * to check more often for insufficient lookahead. | |
15830 | + */ | |
15831 | + Assert(scan[2] == match[2], "scan[2]?"); | |
15832 | + scan++, match++; | |
15833 | + do { | |
15834 | + } while (*(ushf*)(scan+=2) == *(ushf*)(match+=2) && | |
15835 | + *(ushf*)(scan+=2) == *(ushf*)(match+=2) && | |
15836 | + *(ushf*)(scan+=2) == *(ushf*)(match+=2) && | |
15837 | + *(ushf*)(scan+=2) == *(ushf*)(match+=2) && | |
15838 | + scan < strend); | |
15839 | + /* The funny "do {}" generates better code on most compilers */ | |
15840 | + | |
15841 | + /* Here, scan <= window+strstart+257 */ | |
15842 | + Assert(scan <= s->window+(unsigned)(s->window_size-1), "wild scan"); | |
15843 | + if (*scan == *match) scan++; | |
15844 | + | |
15845 | + len = (MAX_MATCH - 1) - (int)(strend-scan); | |
15846 | + scan = strend - (MAX_MATCH-1); | |
15847 | + | |
15848 | +#else /* UNALIGNED_OK */ | |
15849 | + | |
15850 | + if (match[best_len] != scan_end || | |
15851 | + match[best_len-1] != scan_end1 || | |
15852 | + *match != *scan || | |
15853 | + *++match != scan[1]) continue; | |
15854 | + | |
15855 | + /* The check at best_len-1 can be removed because it will be made | |
15856 | + * again later. (This heuristic is not always a win.) | |
15857 | + * It is not necessary to compare scan[2] and match[2] since they | |
15858 | + * are always equal when the other bytes match, given that | |
15859 | + * the hash keys are equal and that HASH_BITS >= 8. | |
15860 | + */ | |
15861 | + scan += 2, match++; | |
15862 | + Assert(*scan == *match, "match[2]?"); | |
15863 | + | |
15864 | + /* We check for insufficient lookahead only every 8th comparison; | |
15865 | + * the 256th check will be made at strstart+258. | |
15866 | + */ | |
15867 | + do { | |
15868 | + } while (*++scan == *++match && *++scan == *++match && | |
15869 | + *++scan == *++match && *++scan == *++match && | |
15870 | + *++scan == *++match && *++scan == *++match && | |
15871 | + *++scan == *++match && *++scan == *++match && | |
15872 | + scan < strend); | |
15873 | + | |
15874 | + Assert(scan <= s->window+(unsigned)(s->window_size-1), "wild scan"); | |
15875 | + | |
15876 | + len = MAX_MATCH - (int)(strend - scan); | |
15877 | + scan = strend - MAX_MATCH; | |
15878 | + | |
15879 | +#endif /* UNALIGNED_OK */ | |
15880 | + | |
15881 | + if (len > best_len) { | |
15882 | + s->match_start = cur_match; | |
15883 | + best_len = len; | |
15884 | + if (len >= nice_match) break; | |
15885 | +#ifdef UNALIGNED_OK | |
15886 | + scan_end = *(ushf*)(scan+best_len-1); | |
15887 | +#else | |
15888 | + scan_end1 = scan[best_len-1]; | |
15889 | + scan_end = scan[best_len]; | |
15890 | +#endif | |
15891 | + } | |
15892 | + } while ((cur_match = prev[cur_match & wmask]) > limit | |
15893 | + && --chain_length != 0); | |
15894 | + | |
15895 | + if ((uInt)best_len <= s->lookahead) return (uInt)best_len; | |
15896 | + return s->lookahead; | |
15897 | +} | |
15898 | + | |
15899 | +#else /* FASTEST */ | |
15900 | +/* --------------------------------------------------------------------------- | |
15901 | + * Optimized version for level == 1 only | |
15902 | + */ | |
15903 | +local uInt longest_match(s, cur_match) | |
15904 | + deflate_state *s; | |
15905 | + IPos cur_match; /* current match */ | |
15906 | +{ | |
15907 | + register Bytef *scan = s->window + s->strstart; /* current string */ | |
15908 | + register Bytef *match; /* matched string */ | |
15909 | + register int len; /* length of current match */ | |
15910 | + register Bytef *strend = s->window + s->strstart + MAX_MATCH; | |
15911 | + | |
15912 | + /* The code is optimized for HASH_BITS >= 8 and MAX_MATCH-2 multiple of 16. | |
15913 | + * It is easy to get rid of this optimization if necessary. | |
15914 | + */ | |
15915 | + Assert(s->hash_bits >= 8 && MAX_MATCH == 258, "Code too clever"); | |
15916 | + | |
15917 | + Assert((ulg)s->strstart <= s->window_size-MIN_LOOKAHEAD, "need lookahead"); | |
15918 | + | |
15919 | + Assert(cur_match < s->strstart, "no future"); | |
15920 | + | |
15921 | + match = s->window + cur_match; | |
15922 | + | |
15923 | + /* Return failure if the match length is less than 2: | |
15924 | + */ | |
15925 | + if (match[0] != scan[0] || match[1] != scan[1]) return MIN_MATCH-1; | |
15926 | + | |
15927 | + /* The check at best_len-1 can be removed because it will be made | |
15928 | + * again later. (This heuristic is not always a win.) | |
15929 | + * It is not necessary to compare scan[2] and match[2] since they | |
15930 | + * are always equal when the other bytes match, given that | |
15931 | + * the hash keys are equal and that HASH_BITS >= 8. | |
15932 | + */ | |
15933 | + scan += 2, match += 2; | |
15934 | + Assert(*scan == *match, "match[2]?"); | |
15935 | + | |
15936 | + /* We check for insufficient lookahead only every 8th comparison; | |
15937 | + * the 256th check will be made at strstart+258. | |
15938 | + */ | |
15939 | + do { | |
15940 | + } while (*++scan == *++match && *++scan == *++match && | |
15941 | + *++scan == *++match && *++scan == *++match && | |
15942 | + *++scan == *++match && *++scan == *++match && | |
15943 | + *++scan == *++match && *++scan == *++match && | |
15944 | + scan < strend); | |
15945 | + | |
15946 | + Assert(scan <= s->window+(unsigned)(s->window_size-1), "wild scan"); | |
15947 | + | |
15948 | + len = MAX_MATCH - (int)(strend - scan); | |
15949 | + | |
15950 | + if (len < MIN_MATCH) return MIN_MATCH - 1; | |
15951 | + | |
15952 | + s->match_start = cur_match; | |
15953 | + return len <= s->lookahead ? len : s->lookahead; | |
15954 | +} | |
15955 | +#endif /* FASTEST */ | |
15956 | +#endif /* ASMV */ | |
15957 | + | |
15958 | +#ifdef DEBUG | |
15959 | +/* =========================================================================== | |
15960 | + * Check that the match at match_start is indeed a match. | |
15961 | + */ | |
15962 | +local void check_match(s, start, match, length) | |
15963 | + deflate_state *s; | |
15964 | + IPos start, match; | |
15965 | + int length; | |
15966 | +{ | |
15967 | + /* check that the match is indeed a match */ | |
15968 | + if (zmemcmp(s->window + match, | |
15969 | + s->window + start, length) != EQUAL) { | |
15970 | + fprintf(stderr, " start %u, match %u, length %d\n", | |
15971 | + start, match, length); | |
15972 | + do { | |
15973 | + fprintf(stderr, "%c%c", s->window[match++], s->window[start++]); | |
15974 | + } while (--length != 0); | |
15975 | + z_error("invalid match"); | |
15976 | + } | |
15977 | + if (z_verbose > 1) { | |
15978 | + fprintf(stderr,"\\[%d,%d]", start-match, length); | |
15979 | + do { putc(s->window[start++], stderr); } while (--length != 0); | |
15980 | + } | |
15981 | +} | |
15982 | +#else | |
15983 | +# define check_match(s, start, match, length) | |
15984 | +#endif | |
15985 | + | |
15986 | +/* =========================================================================== | |
15987 | + * Fill the window when the lookahead becomes insufficient. | |
15988 | + * Updates strstart and lookahead. | |
15989 | + * | |
15990 | + * IN assertion: lookahead < MIN_LOOKAHEAD | |
15991 | + * OUT assertions: strstart <= window_size-MIN_LOOKAHEAD | |
15992 | + * At least one byte has been read, or avail_in == 0; reads are | |
15993 | + * performed for at least two bytes (required for the zip translate_eol | |
15994 | + * option -- not supported here). | |
15995 | + */ | |
15996 | +local void fill_window(s) | |
15997 | + deflate_state *s; | |
15998 | +{ | |
15999 | + register unsigned n, m; | |
16000 | + register Posf *p; | |
16001 | + unsigned more; /* Amount of free space at the end of the window. */ | |
16002 | + uInt wsize = s->w_size; | |
16003 | + | |
16004 | + do { | |
16005 | + more = (unsigned)(s->window_size -(ulg)s->lookahead -(ulg)s->strstart); | |
16006 | + | |
16007 | + /* Deal with !@#$% 64K limit: */ | |
16008 | + if (more == 0 && s->strstart == 0 && s->lookahead == 0) { | |
16009 | + more = wsize; | |
16010 | + | |
16011 | + } else if (more == (unsigned)(-1)) { | |
16012 | + /* Very unlikely, but possible on 16 bit machine if strstart == 0 | |
16013 | + * and lookahead == 1 (input done one byte at time) | |
16014 | + */ | |
16015 | + more--; | |
16016 | + | |
16017 | + /* If the window is almost full and there is insufficient lookahead, | |
16018 | + * move the upper half to the lower one to make room in the upper half. | |
16019 | + */ | |
16020 | + } else if (s->strstart >= wsize+MAX_DIST(s)) { | |
16021 | + | |
16022 | + zmemcpy(s->window, s->window+wsize, (unsigned)wsize); | |
16023 | + s->match_start -= wsize; | |
16024 | + s->strstart -= wsize; /* we now have strstart >= MAX_DIST */ | |
16025 | + s->block_start -= (long) wsize; | |
16026 | + | |
16027 | + /* Slide the hash table (could be avoided with 32 bit values | |
16028 | + at the expense of memory usage). We slide even when level == 0 | |
16029 | + to keep the hash table consistent if we switch back to level > 0 | |
16030 | + later. (Using level 0 permanently is not an optimal usage of | |
16031 | + zlib, so we don't care about this pathological case.) | |
16032 | + */ | |
16033 | + n = s->hash_size; | |
16034 | + p = &s->head[n]; | |
16035 | + do { | |
16036 | + m = *--p; | |
16037 | + *p = (Pos)(m >= wsize ? m-wsize : NIL); | |
16038 | + } while (--n); | |
16039 | + | |
16040 | + n = wsize; | |
16041 | +#ifndef FASTEST | |
16042 | + p = &s->prev[n]; | |
16043 | + do { | |
16044 | + m = *--p; | |
16045 | + *p = (Pos)(m >= wsize ? m-wsize : NIL); | |
16046 | + /* If n is not on any hash chain, prev[n] is garbage but | |
16047 | + * its value will never be used. | |
16048 | + */ | |
16049 | + } while (--n); | |
16050 | +#endif | |
16051 | + more += wsize; | |
16052 | + } | |
16053 | + if (s->strm->avail_in == 0) return; | |
16054 | + | |
16055 | + /* If there was no sliding: | |
16056 | + * strstart <= WSIZE+MAX_DIST-1 && lookahead <= MIN_LOOKAHEAD - 1 && | |
16057 | + * more == window_size - lookahead - strstart | |
16058 | + * => more >= window_size - (MIN_LOOKAHEAD-1 + WSIZE + MAX_DIST-1) | |
16059 | + * => more >= window_size - 2*WSIZE + 2 | |
16060 | + * In the BIG_MEM or MMAP case (not yet supported), | |
16061 | + * window_size == input_size + MIN_LOOKAHEAD && | |
16062 | + * strstart + s->lookahead <= input_size => more >= MIN_LOOKAHEAD. | |
16063 | + * Otherwise, window_size == 2*WSIZE so more >= 2. | |
16064 | + * If there was sliding, more >= WSIZE. So in all cases, more >= 2. | |
16065 | + */ | |
16066 | + Assert(more >= 2, "more < 2"); | |
16067 | + | |
16068 | + n = read_buf(s->strm, s->window + s->strstart + s->lookahead, more); | |
16069 | + s->lookahead += n; | |
16070 | + | |
16071 | + /* Initialize the hash value now that we have some input: */ | |
16072 | + if (s->lookahead >= MIN_MATCH) { | |
16073 | + s->ins_h = s->window[s->strstart]; | |
16074 | + UPDATE_HASH(s, s->ins_h, s->window[s->strstart+1]); | |
16075 | +#if MIN_MATCH != 3 | |
16076 | + Call UPDATE_HASH() MIN_MATCH-3 more times | |
16077 | +#endif | |
16078 | + } | |
16079 | + /* If the whole input has less than MIN_MATCH bytes, ins_h is garbage, | |
16080 | + * but this is not important since only literal bytes will be emitted. | |
16081 | + */ | |
16082 | + | |
16083 | + } while (s->lookahead < MIN_LOOKAHEAD && s->strm->avail_in != 0); | |
16084 | +} | |
16085 | + | |
16086 | +/* =========================================================================== | |
16087 | + * Flush the current block, with given end-of-file flag. | |
16088 | + * IN assertion: strstart is set to the end of the current match. | |
16089 | + */ | |
16090 | +#define FLUSH_BLOCK_ONLY(s, eof) { \ | |
16091 | + _tr_flush_block(s, (s->block_start >= 0L ? \ | |
16092 | + (charf *)&s->window[(unsigned)s->block_start] : \ | |
16093 | + (charf *)Z_NULL), \ | |
16094 | + (ulg)((long)s->strstart - s->block_start), \ | |
16095 | + (eof)); \ | |
16096 | + s->block_start = s->strstart; \ | |
16097 | + flush_pending(s->strm); \ | |
16098 | + Tracev((stderr,"[FLUSH]")); \ | |
16099 | +} | |
16100 | + | |
16101 | +/* Same but force premature exit if necessary. */ | |
16102 | +#define FLUSH_BLOCK(s, eof) { \ | |
16103 | + FLUSH_BLOCK_ONLY(s, eof); \ | |
16104 | + if (s->strm->avail_out == 0) return (eof) ? finish_started : need_more; \ | |
16105 | +} | |
16106 | + | |
16107 | +/* =========================================================================== | |
16108 | + * Copy without compression as much as possible from the input stream, return | |
16109 | + * the current block state. | |
16110 | + * This function does not insert new strings in the dictionary since | |
16111 | + * uncompressible data is probably not useful. This function is used | |
16112 | + * only for the level=0 compression option. | |
16113 | + * NOTE: this function should be optimized to avoid extra copying from | |
16114 | + * window to pending_buf. | |
16115 | + */ | |
16116 | +local block_state deflate_stored(s, flush) | |
16117 | + deflate_state *s; | |
16118 | + int flush; | |
16119 | +{ | |
16120 | + /* Stored blocks are limited to 0xffff bytes, pending_buf is limited | |
16121 | + * to pending_buf_size, and each stored block has a 5 byte header: | |
16122 | + */ | |
16123 | + ulg max_block_size = 0xffff; | |
16124 | + ulg max_start; | |
16125 | + | |
16126 | + if (max_block_size > s->pending_buf_size - 5) { | |
16127 | + max_block_size = s->pending_buf_size - 5; | |
16128 | + } | |
16129 | + | |
16130 | + /* Copy as much as possible from input to output: */ | |
16131 | + for (;;) { | |
16132 | + /* Fill the window as much as possible: */ | |
16133 | + if (s->lookahead <= 1) { | |
16134 | + | |
16135 | + Assert(s->strstart < s->w_size+MAX_DIST(s) || | |
16136 | + s->block_start >= (long)s->w_size, "slide too late"); | |
16137 | + | |
16138 | + fill_window(s); | |
16139 | + if (s->lookahead == 0 && flush == Z_NO_FLUSH) return need_more; | |
16140 | + | |
16141 | + if (s->lookahead == 0) break; /* flush the current block */ | |
16142 | + } | |
16143 | + Assert(s->block_start >= 0L, "block gone"); | |
16144 | + | |
16145 | + s->strstart += s->lookahead; | |
16146 | + s->lookahead = 0; | |
16147 | + | |
16148 | + /* Emit a stored block if pending_buf will be full: */ | |
16149 | + max_start = s->block_start + max_block_size; | |
16150 | + if (s->strstart == 0 || (ulg)s->strstart >= max_start) { | |
16151 | + /* strstart == 0 is possible when wraparound on 16-bit machine */ | |
16152 | + s->lookahead = (uInt)(s->strstart - max_start); | |
16153 | + s->strstart = (uInt)max_start; | |
16154 | + FLUSH_BLOCK(s, 0); | |
16155 | + } | |
16156 | + /* Flush if we may have to slide, otherwise block_start may become | |
16157 | + * negative and the data will be gone: | |
16158 | + */ | |
16159 | + if (s->strstart - (uInt)s->block_start >= MAX_DIST(s)) { | |
16160 | + FLUSH_BLOCK(s, 0); | |
16161 | + } | |
16162 | + } | |
16163 | + FLUSH_BLOCK(s, flush == Z_FINISH); | |
16164 | + return flush == Z_FINISH ? finish_done : block_done; | |
16165 | +} | |
16166 | + | |
16167 | +/* =========================================================================== | |
16168 | + * Compress as much as possible from the input stream, return the current | |
16169 | + * block state. | |
16170 | + * This function does not perform lazy evaluation of matches and inserts | |
16171 | + * new strings in the dictionary only for unmatched strings or for short | |
16172 | + * matches. It is used only for the fast compression options. | |
16173 | + */ | |
16174 | +local block_state deflate_fast(s, flush) | |
16175 | + deflate_state *s; | |
16176 | + int flush; | |
16177 | +{ | |
16178 | + IPos hash_head = NIL; /* head of the hash chain */ | |
16179 | + int bflush; /* set if current block must be flushed */ | |
16180 | + | |
16181 | + for (;;) { | |
16182 | + /* Make sure that we always have enough lookahead, except | |
16183 | + * at the end of the input file. We need MAX_MATCH bytes | |
16184 | + * for the next match, plus MIN_MATCH bytes to insert the | |
16185 | + * string following the next match. | |
16186 | + */ | |
16187 | + if (s->lookahead < MIN_LOOKAHEAD) { | |
16188 | + fill_window(s); | |
16189 | + if (s->lookahead < MIN_LOOKAHEAD && flush == Z_NO_FLUSH) { | |
16190 | + return need_more; | |
16191 | + } | |
16192 | + if (s->lookahead == 0) break; /* flush the current block */ | |
16193 | + } | |
16194 | + | |
16195 | + /* Insert the string window[strstart .. strstart+2] in the | |
16196 | + * dictionary, and set hash_head to the head of the hash chain: | |
16197 | + */ | |
16198 | + if (s->lookahead >= MIN_MATCH) { | |
16199 | + INSERT_STRING(s, s->strstart, hash_head); | |
16200 | + } | |
16201 | + | |
16202 | + /* Find the longest match, discarding those <= prev_length. | |
16203 | + * At this point we have always match_length < MIN_MATCH | |
16204 | + */ | |
16205 | + if (hash_head != NIL && s->strstart - hash_head <= MAX_DIST(s)) { | |
16206 | + /* To simplify the code, we prevent matches with the string | |
16207 | + * of window index 0 (in particular we have to avoid a match | |
16208 | + * of the string with itself at the start of the input file). | |
16209 | + */ | |
16210 | + if (s->strategy != Z_HUFFMAN_ONLY) { | |
16211 | + s->match_length = longest_match (s, hash_head); | |
16212 | + } | |
16213 | + /* longest_match() sets match_start */ | |
16214 | + } | |
16215 | + if (s->match_length >= MIN_MATCH) { | |
16216 | + check_match(s, s->strstart, s->match_start, s->match_length); | |
16217 | + | |
16218 | + _tr_tally_dist(s, s->strstart - s->match_start, | |
16219 | + s->match_length - MIN_MATCH, bflush); | |
16220 | + | |
16221 | + s->lookahead -= s->match_length; | |
16222 | + | |
16223 | + /* Insert new strings in the hash table only if the match length | |
16224 | + * is not too large. This saves time but degrades compression. | |
16225 | + */ | |
16226 | +#ifndef FASTEST | |
16227 | + if (s->match_length <= s->max_insert_length && | |
16228 | + s->lookahead >= MIN_MATCH) { | |
16229 | + s->match_length--; /* string at strstart already in hash table */ | |
16230 | + do { | |
16231 | + s->strstart++; | |
16232 | + INSERT_STRING(s, s->strstart, hash_head); | |
16233 | + /* strstart never exceeds WSIZE-MAX_MATCH, so there are | |
16234 | + * always MIN_MATCH bytes ahead. | |
16235 | + */ | |
16236 | + } while (--s->match_length != 0); | |
16237 | + s->strstart++; | |
16238 | + } else | |
16239 | +#endif | |
16240 | + { | |
16241 | + s->strstart += s->match_length; | |
16242 | + s->match_length = 0; | |
16243 | + s->ins_h = s->window[s->strstart]; | |
16244 | + UPDATE_HASH(s, s->ins_h, s->window[s->strstart+1]); | |
16245 | +#if MIN_MATCH != 3 | |
16246 | + Call UPDATE_HASH() MIN_MATCH-3 more times | |
16247 | +#endif | |
16248 | + /* If lookahead < MIN_MATCH, ins_h is garbage, but it does not | |
16249 | + * matter since it will be recomputed at next deflate call. | |
16250 | + */ | |
16251 | + } | |
16252 | + } else { | |
16253 | + /* No match, output a literal byte */ | |
16254 | + Tracevv((stderr,"%c", s->window[s->strstart])); | |
16255 | + _tr_tally_lit (s, s->window[s->strstart], bflush); | |
16256 | + s->lookahead--; | |
16257 | + s->strstart++; | |
16258 | + } | |
16259 | + if (bflush) FLUSH_BLOCK(s, 0); | |
16260 | + } | |
16261 | + FLUSH_BLOCK(s, flush == Z_FINISH); | |
16262 | + return flush == Z_FINISH ? finish_done : block_done; | |
16263 | +} | |
16264 | + | |
16265 | +/* =========================================================================== | |
16266 | + * Same as above, but achieves better compression. We use a lazy | |
16267 | + * evaluation for matches: a match is finally adopted only if there is | |
16268 | + * no better match at the next window position. | |
16269 | + */ | |
16270 | +local block_state deflate_slow(s, flush) | |
16271 | + deflate_state *s; | |
16272 | + int flush; | |
16273 | +{ | |
16274 | + IPos hash_head = NIL; /* head of hash chain */ | |
16275 | + int bflush; /* set if current block must be flushed */ | |
16276 | + | |
16277 | + /* Process the input block. */ | |
16278 | + for (;;) { | |
16279 | + /* Make sure that we always have enough lookahead, except | |
16280 | + * at the end of the input file. We need MAX_MATCH bytes | |
16281 | + * for the next match, plus MIN_MATCH bytes to insert the | |
16282 | + * string following the next match. | |
16283 | + */ | |
16284 | + if (s->lookahead < MIN_LOOKAHEAD) { | |
16285 | + fill_window(s); | |
16286 | + if (s->lookahead < MIN_LOOKAHEAD && flush == Z_NO_FLUSH) { | |
16287 | + return need_more; | |
16288 | + } | |
16289 | + if (s->lookahead == 0) break; /* flush the current block */ | |
16290 | + } | |
16291 | + | |
16292 | + /* Insert the string window[strstart .. strstart+2] in the | |
16293 | + * dictionary, and set hash_head to the head of the hash chain: | |
16294 | + */ | |
16295 | + if (s->lookahead >= MIN_MATCH) { | |
16296 | + INSERT_STRING(s, s->strstart, hash_head); | |
16297 | + } | |
16298 | + | |
16299 | + /* Find the longest match, discarding those <= prev_length. | |
16300 | + */ | |
16301 | + s->prev_length = s->match_length, s->prev_match = s->match_start; | |
16302 | + s->match_length = MIN_MATCH-1; | |
16303 | + | |
16304 | + if (hash_head != NIL && s->prev_length < s->max_lazy_match && | |
16305 | + s->strstart - hash_head <= MAX_DIST(s)) { | |
16306 | + /* To simplify the code, we prevent matches with the string | |
16307 | + * of window index 0 (in particular we have to avoid a match | |
16308 | + * of the string with itself at the start of the input file). | |
16309 | + */ | |
16310 | + if (s->strategy != Z_HUFFMAN_ONLY) { | |
16311 | + s->match_length = longest_match (s, hash_head); | |
16312 | + } | |
16313 | + /* longest_match() sets match_start */ | |
16314 | + | |
16315 | + if (s->match_length <= 5 && (s->strategy == Z_FILTERED || | |
16316 | + (s->match_length == MIN_MATCH && | |
16317 | + s->strstart - s->match_start > TOO_FAR))) { | |
16318 | + | |
16319 | + /* If prev_match is also MIN_MATCH, match_start is garbage | |
16320 | + * but we will ignore the current match anyway. | |
16321 | + */ | |
16322 | + s->match_length = MIN_MATCH-1; | |
16323 | + } | |
16324 | + } | |
16325 | + /* If there was a match at the previous step and the current | |
16326 | + * match is not better, output the previous match: | |
16327 | + */ | |
16328 | + if (s->prev_length >= MIN_MATCH && s->match_length <= s->prev_length) { | |
16329 | + uInt max_insert = s->strstart + s->lookahead - MIN_MATCH; | |
16330 | + /* Do not insert strings in hash table beyond this. */ | |
16331 | + | |
16332 | + check_match(s, s->strstart-1, s->prev_match, s->prev_length); | |
16333 | + | |
16334 | + _tr_tally_dist(s, s->strstart -1 - s->prev_match, | |
16335 | + s->prev_length - MIN_MATCH, bflush); | |
16336 | + | |
16337 | + /* Insert in hash table all strings up to the end of the match. | |
16338 | + * strstart-1 and strstart are already inserted. If there is not | |
16339 | + * enough lookahead, the last two strings are not inserted in | |
16340 | + * the hash table. | |
16341 | + */ | |
16342 | + s->lookahead -= s->prev_length-1; | |
16343 | + s->prev_length -= 2; | |
16344 | + do { | |
16345 | + if (++s->strstart <= max_insert) { | |
16346 | + INSERT_STRING(s, s->strstart, hash_head); | |
16347 | + } | |
16348 | + } while (--s->prev_length != 0); | |
16349 | + s->match_available = 0; | |
16350 | + s->match_length = MIN_MATCH-1; | |
16351 | + s->strstart++; | |
16352 | + | |
16353 | + if (bflush) FLUSH_BLOCK(s, 0); | |
16354 | + | |
16355 | + } else if (s->match_available) { | |
16356 | + /* If there was no match at the previous position, output a | |
16357 | + * single literal. If there was a match but the current match | |
16358 | + * is longer, truncate the previous match to a single literal. | |
16359 | + */ | |
16360 | + Tracevv((stderr,"%c", s->window[s->strstart-1])); | |
16361 | + _tr_tally_lit(s, s->window[s->strstart-1], bflush); | |
16362 | + if (bflush) { | |
16363 | + FLUSH_BLOCK_ONLY(s, 0); | |
16364 | + } | |
16365 | + s->strstart++; | |
16366 | + s->lookahead--; | |
16367 | + if (s->strm->avail_out == 0) return need_more; | |
16368 | + } else { | |
16369 | + /* There is no previous match to compare with, wait for | |
16370 | + * the next step to decide. | |
16371 | + */ | |
16372 | + s->match_available = 1; | |
16373 | + s->strstart++; | |
16374 | + s->lookahead--; | |
16375 | + } | |
16376 | + } | |
16377 | + Assert (flush != Z_NO_FLUSH, "no flush?"); | |
16378 | + if (s->match_available) { | |
16379 | + Tracevv((stderr,"%c", s->window[s->strstart-1])); | |
16380 | + _tr_tally_lit(s, s->window[s->strstart-1], bflush); | |
16381 | + s->match_available = 0; | |
16382 | + } | |
16383 | + FLUSH_BLOCK(s, flush == Z_FINISH); | |
16384 | + return flush == Z_FINISH ? finish_done : block_done; | |
16385 | +} | |
16386 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
16387 | +++ linux/net/ipsec/deflate.h Mon Feb 9 13:51:03 2004 | |
16388 | @@ -0,0 +1,318 @@ | |
16389 | +/* deflate.h -- internal compression state | |
16390 | + * Copyright (C) 1995-2002 Jean-loup Gailly | |
16391 | + * For conditions of distribution and use, see copyright notice in zlib.h | |
16392 | + */ | |
16393 | + | |
16394 | +/* WARNING: this file should *not* be used by applications. It is | |
16395 | + part of the implementation of the compression library and is | |
16396 | + subject to change. Applications should only use zlib.h. | |
16397 | + */ | |
16398 | + | |
16399 | +/* @(#) $Id: deflate.h,v 1.5 2004/07/10 07:48:38 mcr Exp $ */ | |
16400 | + | |
16401 | +#ifndef _DEFLATE_H | |
16402 | +#define _DEFLATE_H | |
16403 | + | |
16404 | +#include "zlib/zutil.h" | |
16405 | + | |
16406 | +/* =========================================================================== | |
16407 | + * Internal compression state. | |
16408 | + */ | |
16409 | + | |
16410 | +#define LENGTH_CODES 29 | |
16411 | +/* number of length codes, not counting the special END_BLOCK code */ | |
16412 | + | |
16413 | +#define LITERALS 256 | |
16414 | +/* number of literal bytes 0..255 */ | |
16415 | + | |
16416 | +#define L_CODES (LITERALS+1+LENGTH_CODES) | |
16417 | +/* number of Literal or Length codes, including the END_BLOCK code */ | |
16418 | + | |
16419 | +#define D_CODES 30 | |
16420 | +/* number of distance codes */ | |
16421 | + | |
16422 | +#define BL_CODES 19 | |
16423 | +/* number of codes used to transfer the bit lengths */ | |
16424 | + | |
16425 | +#define HEAP_SIZE (2*L_CODES+1) | |
16426 | +/* maximum heap size */ | |
16427 | + | |
16428 | +#define MAX_BITS 15 | |
16429 | +/* All codes must not exceed MAX_BITS bits */ | |
16430 | + | |
16431 | +#define INIT_STATE 42 | |
16432 | +#define BUSY_STATE 113 | |
16433 | +#define FINISH_STATE 666 | |
16434 | +/* Stream status */ | |
16435 | + | |
16436 | + | |
16437 | +/* Data structure describing a single value and its code string. */ | |
16438 | +typedef struct ct_data_s { | |
16439 | + union { | |
16440 | + ush freq; /* frequency count */ | |
16441 | + ush code; /* bit string */ | |
16442 | + } fc; | |
16443 | + union { | |
16444 | + ush dad; /* father node in Huffman tree */ | |
16445 | + ush len; /* length of bit string */ | |
16446 | + } dl; | |
16447 | +} FAR ct_data; | |
16448 | + | |
16449 | +#define Freq fc.freq | |
16450 | +#define Code fc.code | |
16451 | +#define Dad dl.dad | |
16452 | +#define Len dl.len | |
16453 | + | |
16454 | +typedef struct static_tree_desc_s static_tree_desc; | |
16455 | + | |
16456 | +typedef struct tree_desc_s { | |
16457 | + ct_data *dyn_tree; /* the dynamic tree */ | |
16458 | + int max_code; /* largest code with non zero frequency */ | |
16459 | + static_tree_desc *stat_desc; /* the corresponding static tree */ | |
16460 | +} FAR tree_desc; | |
16461 | + | |
16462 | +typedef ush Pos; | |
16463 | +typedef Pos FAR Posf; | |
16464 | +typedef unsigned IPos; | |
16465 | + | |
16466 | +/* A Pos is an index in the character window. We use short instead of int to | |
16467 | + * save space in the various tables. IPos is used only for parameter passing. | |
16468 | + */ | |
16469 | + | |
16470 | +typedef struct internal_state { | |
16471 | + z_streamp strm; /* pointer back to this zlib stream */ | |
16472 | + int status; /* as the name implies */ | |
16473 | + Bytef *pending_buf; /* output still pending */ | |
16474 | + ulg pending_buf_size; /* size of pending_buf */ | |
16475 | + Bytef *pending_out; /* next pending byte to output to the stream */ | |
16476 | + int pending; /* nb of bytes in the pending buffer */ | |
16477 | + int noheader; /* suppress zlib header and adler32 */ | |
16478 | + Byte data_type; /* UNKNOWN, BINARY or ASCII */ | |
16479 | + Byte method; /* STORED (for zip only) or DEFLATED */ | |
16480 | + int last_flush; /* value of flush param for previous deflate call */ | |
16481 | + | |
16482 | + /* used by deflate.c: */ | |
16483 | + | |
16484 | + uInt w_size; /* LZ77 window size (32K by default) */ | |
16485 | + uInt w_bits; /* log2(w_size) (8..16) */ | |
16486 | + uInt w_mask; /* w_size - 1 */ | |
16487 | + | |
16488 | + Bytef *window; | |
16489 | + /* Sliding window. Input bytes are read into the second half of the window, | |
16490 | + * and move to the first half later to keep a dictionary of at least wSize | |
16491 | + * bytes. With this organization, matches are limited to a distance of | |
16492 | + * wSize-MAX_MATCH bytes, but this ensures that IO is always | |
16493 | + * performed with a length multiple of the block size. Also, it limits | |
16494 | + * the window size to 64K, which is quite useful on MSDOS. | |
16495 | + * To do: use the user input buffer as sliding window. | |
16496 | + */ | |
16497 | + | |
16498 | + ulg window_size; | |
16499 | + /* Actual size of window: 2*wSize, except when the user input buffer | |
16500 | + * is directly used as sliding window. | |
16501 | + */ | |
16502 | + | |
16503 | + Posf *prev; | |
16504 | + /* Link to older string with same hash index. To limit the size of this | |
16505 | + * array to 64K, this link is maintained only for the last 32K strings. | |
16506 | + * An index in this array is thus a window index modulo 32K. | |
16507 | + */ | |
16508 | + | |
16509 | + Posf *head; /* Heads of the hash chains or NIL. */ | |
16510 | + | |
16511 | + uInt ins_h; /* hash index of string to be inserted */ | |
16512 | + uInt hash_size; /* number of elements in hash table */ | |
16513 | + uInt hash_bits; /* log2(hash_size) */ | |
16514 | + uInt hash_mask; /* hash_size-1 */ | |
16515 | + | |
16516 | + uInt hash_shift; | |
16517 | + /* Number of bits by which ins_h must be shifted at each input | |
16518 | + * step. It must be such that after MIN_MATCH steps, the oldest | |
16519 | + * byte no longer takes part in the hash key, that is: | |
16520 | + * hash_shift * MIN_MATCH >= hash_bits | |
16521 | + */ | |
16522 | + | |
16523 | + long block_start; | |
16524 | + /* Window position at the beginning of the current output block. Gets | |
16525 | + * negative when the window is moved backwards. | |
16526 | + */ | |
16527 | + | |
16528 | + uInt match_length; /* length of best match */ | |
16529 | + IPos prev_match; /* previous match */ | |
16530 | + int match_available; /* set if previous match exists */ | |
16531 | + uInt strstart; /* start of string to insert */ | |
16532 | + uInt match_start; /* start of matching string */ | |
16533 | + uInt lookahead; /* number of valid bytes ahead in window */ | |
16534 | + | |
16535 | + uInt prev_length; | |
16536 | + /* Length of the best match at previous step. Matches not greater than this | |
16537 | + * are discarded. This is used in the lazy match evaluation. | |
16538 | + */ | |
16539 | + | |
16540 | + uInt max_chain_length; | |
16541 | + /* To speed up deflation, hash chains are never searched beyond this | |
16542 | + * length. A higher limit improves compression ratio but degrades the | |
16543 | + * speed. | |
16544 | + */ | |
16545 | + | |
16546 | + uInt max_lazy_match; | |
16547 | + /* Attempt to find a better match only when the current match is strictly | |
16548 | + * smaller than this value. This mechanism is used only for compression | |
16549 | + * levels >= 4. | |
16550 | + */ | |
16551 | +# define max_insert_length max_lazy_match | |
16552 | + /* Insert new strings in the hash table only if the match length is not | |
16553 | + * greater than this length. This saves time but degrades compression. | |
16554 | + * max_insert_length is used only for compression levels <= 3. | |
16555 | + */ | |
16556 | + | |
16557 | + int level; /* compression level (1..9) */ | |
16558 | + int strategy; /* favor or force Huffman coding*/ | |
16559 | + | |
16560 | + uInt good_match; | |
16561 | + /* Use a faster search when the previous match is longer than this */ | |
16562 | + | |
16563 | + int nice_match; /* Stop searching when current match exceeds this */ | |
16564 | + | |
16565 | + /* used by trees.c: */ | |
16566 | + /* Didn't use ct_data typedef below to supress compiler warning */ | |
16567 | + struct ct_data_s dyn_ltree[HEAP_SIZE]; /* literal and length tree */ | |
16568 | + struct ct_data_s dyn_dtree[2*D_CODES+1]; /* distance tree */ | |
16569 | + struct ct_data_s bl_tree[2*BL_CODES+1]; /* Huffman tree for bit lengths */ | |
16570 | + | |
16571 | + struct tree_desc_s l_desc; /* desc. for literal tree */ | |
16572 | + struct tree_desc_s d_desc; /* desc. for distance tree */ | |
16573 | + struct tree_desc_s bl_desc; /* desc. for bit length tree */ | |
16574 | + | |
16575 | + ush bl_count[MAX_BITS+1]; | |
16576 | + /* number of codes at each bit length for an optimal tree */ | |
16577 | + | |
16578 | + int heap[2*L_CODES+1]; /* heap used to build the Huffman trees */ | |
16579 | + int heap_len; /* number of elements in the heap */ | |
16580 | + int heap_max; /* element of largest frequency */ | |
16581 | + /* The sons of heap[n] are heap[2*n] and heap[2*n+1]. heap[0] is not used. | |
16582 | + * The same heap array is used to build all trees. | |
16583 | + */ | |
16584 | + | |
16585 | + uch depth[2*L_CODES+1]; | |
16586 | + /* Depth of each subtree used as tie breaker for trees of equal frequency | |
16587 | + */ | |
16588 | + | |
16589 | + uchf *l_buf; /* buffer for literals or lengths */ | |
16590 | + | |
16591 | + uInt lit_bufsize; | |
16592 | + /* Size of match buffer for literals/lengths. There are 4 reasons for | |
16593 | + * limiting lit_bufsize to 64K: | |
16594 | + * - frequencies can be kept in 16 bit counters | |
16595 | + * - if compression is not successful for the first block, all input | |
16596 | + * data is still in the window so we can still emit a stored block even | |
16597 | + * when input comes from standard input. (This can also be done for | |
16598 | + * all blocks if lit_bufsize is not greater than 32K.) | |
16599 | + * - if compression is not successful for a file smaller than 64K, we can | |
16600 | + * even emit a stored file instead of a stored block (saving 5 bytes). | |
16601 | + * This is applicable only for zip (not gzip or zlib). | |
16602 | + * - creating new Huffman trees less frequently may not provide fast | |
16603 | + * adaptation to changes in the input data statistics. (Take for | |
16604 | + * example a binary file with poorly compressible code followed by | |
16605 | + * a highly compressible string table.) Smaller buffer sizes give | |
16606 | + * fast adaptation but have of course the overhead of transmitting | |
16607 | + * trees more frequently. | |
16608 | + * - I can't count above 4 | |
16609 | + */ | |
16610 | + | |
16611 | + uInt last_lit; /* running index in l_buf */ | |
16612 | + | |
16613 | + ushf *d_buf; | |
16614 | + /* Buffer for distances. To simplify the code, d_buf and l_buf have | |
16615 | + * the same number of elements. To use different lengths, an extra flag | |
16616 | + * array would be necessary. | |
16617 | + */ | |
16618 | + | |
16619 | + ulg opt_len; /* bit length of current block with optimal trees */ | |
16620 | + ulg static_len; /* bit length of current block with static trees */ | |
16621 | + uInt matches; /* number of string matches in current block */ | |
16622 | + int last_eob_len; /* bit length of EOB code for last block */ | |
16623 | + | |
16624 | +#ifdef DEBUG | |
16625 | + ulg compressed_len; /* total bit length of compressed file mod 2^32 */ | |
16626 | + ulg bits_sent; /* bit length of compressed data sent mod 2^32 */ | |
16627 | +#endif | |
16628 | + | |
16629 | + ush bi_buf; | |
16630 | + /* Output buffer. bits are inserted starting at the bottom (least | |
16631 | + * significant bits). | |
16632 | + */ | |
16633 | + int bi_valid; | |
16634 | + /* Number of valid bits in bi_buf. All bits above the last valid bit | |
16635 | + * are always zero. | |
16636 | + */ | |
16637 | + | |
16638 | +} FAR deflate_state; | |
16639 | + | |
16640 | +/* Output a byte on the stream. | |
16641 | + * IN assertion: there is enough room in pending_buf. | |
16642 | + */ | |
16643 | +#define put_byte(s, c) {s->pending_buf[s->pending++] = (c);} | |
16644 | + | |
16645 | + | |
16646 | +#define MIN_LOOKAHEAD (MAX_MATCH+MIN_MATCH+1) | |
16647 | +/* Minimum amount of lookahead, except at the end of the input file. | |
16648 | + * See deflate.c for comments about the MIN_MATCH+1. | |
16649 | + */ | |
16650 | + | |
16651 | +#define MAX_DIST(s) ((s)->w_size-MIN_LOOKAHEAD) | |
16652 | +/* In order to simplify the code, particularly on 16 bit machines, match | |
16653 | + * distances are limited to MAX_DIST instead of WSIZE. | |
16654 | + */ | |
16655 | + | |
16656 | + /* in trees.c */ | |
16657 | +void _tr_init OF((deflate_state *s)); | |
16658 | +int _tr_tally OF((deflate_state *s, unsigned dist, unsigned lc)); | |
16659 | +void _tr_flush_block OF((deflate_state *s, charf *buf, ulg stored_len, | |
16660 | + int eof)); | |
16661 | +void _tr_align OF((deflate_state *s)); | |
16662 | +void _tr_stored_block OF((deflate_state *s, charf *buf, ulg stored_len, | |
16663 | + int eof)); | |
16664 | + | |
16665 | +#define d_code(dist) \ | |
16666 | + ((dist) < 256 ? _dist_code[dist] : _dist_code[256+((dist)>>7)]) | |
16667 | +/* Mapping from a distance to a distance code. dist is the distance - 1 and | |
16668 | + * must not have side effects. _dist_code[256] and _dist_code[257] are never | |
16669 | + * used. | |
16670 | + */ | |
16671 | + | |
16672 | +#ifndef DEBUG | |
16673 | +/* Inline versions of _tr_tally for speed: */ | |
16674 | + | |
16675 | +#if defined(GEN_TREES_H) || !defined(STDC) | |
16676 | + extern uch _length_code[]; | |
16677 | + extern uch _dist_code[]; | |
16678 | +#else | |
16679 | + extern const uch _length_code[]; | |
16680 | + extern const uch _dist_code[]; | |
16681 | +#endif | |
16682 | + | |
16683 | +# define _tr_tally_lit(s, c, flush) \ | |
16684 | + { uch cc = (c); \ | |
16685 | + s->d_buf[s->last_lit] = 0; \ | |
16686 | + s->l_buf[s->last_lit++] = cc; \ | |
16687 | + s->dyn_ltree[cc].Freq++; \ | |
16688 | + flush = (s->last_lit == s->lit_bufsize-1); \ | |
16689 | + } | |
16690 | +# define _tr_tally_dist(s, distance, length, flush) \ | |
16691 | + { uch len = (length); \ | |
16692 | + ush dist = (distance); \ | |
16693 | + s->d_buf[s->last_lit] = dist; \ | |
16694 | + s->l_buf[s->last_lit++] = len; \ | |
16695 | + dist--; \ | |
16696 | + s->dyn_ltree[_length_code[len]+LITERALS+1].Freq++; \ | |
16697 | + s->dyn_dtree[d_code(dist)].Freq++; \ | |
16698 | + flush = (s->last_lit == s->lit_bufsize-1); \ | |
16699 | + } | |
16700 | +#else | |
16701 | +# define _tr_tally_lit(s, c, flush) flush = _tr_tally(s, 0, c) | |
16702 | +# define _tr_tally_dist(s, distance, length, flush) \ | |
16703 | + flush = _tr_tally(s, distance, length) | |
16704 | +#endif | |
16705 | + | |
16706 | +#endif /* _DEFLATE_H */ | |
16707 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
16708 | +++ linux/net/ipsec/des/COPYRIGHT Mon Feb 9 13:51:03 2004 | |
16709 | @@ -0,0 +1,50 @@ | |
16710 | +Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) | |
16711 | +All rights reserved. | |
16712 | + | |
16713 | +This package is an DES implementation written by Eric Young (eay@cryptsoft.com). | |
16714 | +The implementation was written so as to conform with MIT's libdes. | |
16715 | + | |
16716 | +This library is free for commercial and non-commercial use as long as | |
16717 | +the following conditions are aheared to. The following conditions | |
16718 | +apply to all code found in this distribution. | |
16719 | + | |
16720 | +Copyright remains Eric Young's, and as such any Copyright notices in | |
16721 | +the code are not to be removed. | |
16722 | +If this package is used in a product, Eric Young should be given attribution | |
16723 | +as the author of that the SSL library. This can be in the form of a textual | |
16724 | +message at program startup or in documentation (online or textual) provided | |
16725 | +with the package. | |
16726 | + | |
16727 | +Redistribution and use in source and binary forms, with or without | |
16728 | +modification, are permitted provided that the following conditions | |
16729 | +are met: | |
16730 | +1. Redistributions of source code must retain the copyright | |
16731 | + notice, this list of conditions and the following disclaimer. | |
16732 | +2. Redistributions in binary form must reproduce the above copyright | |
16733 | + notice, this list of conditions and the following disclaimer in the | |
16734 | + documentation and/or other materials provided with the distribution. | |
16735 | +3. All advertising materials mentioning features or use of this software | |
16736 | + must display the following acknowledgement: | |
16737 | + This product includes software developed by Eric Young (eay@cryptsoft.com) | |
16738 | + | |
16739 | +THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | |
16740 | +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
16741 | +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
16742 | +ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |
16743 | +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
16744 | +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
16745 | +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
16746 | +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
16747 | +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
16748 | +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
16749 | +SUCH DAMAGE. | |
16750 | + | |
16751 | +The license and distribution terms for any publically available version or | |
16752 | +derivative of this code cannot be changed. i.e. this code cannot simply be | |
16753 | +copied and put under another distrubution license | |
16754 | +[including the GNU Public License.] | |
16755 | + | |
16756 | +The reason behind this being stated in this direct manner is past | |
16757 | +experience in code simply being copied and the attribution removed | |
16758 | +from it and then being distributed as part of other packages. This | |
16759 | +implementation was a non-trivial and unpaid effort. | |
16760 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
16761 | +++ linux/net/ipsec/des/INSTALL Mon Feb 9 13:51:03 2004 | |
16762 | @@ -0,0 +1,69 @@ | |
16763 | +Check the CC and CFLAGS lines in the makefile | |
16764 | + | |
16765 | +If your C library does not support the times(3) function, change the | |
16766 | +#define TIMES to | |
16767 | +#undef TIMES in speed.c | |
16768 | +If it does, check the HZ value for the times(3) function. | |
16769 | +If your system does not define CLK_TCK it will be assumed to | |
16770 | +be 100.0. | |
16771 | + | |
16772 | +If possible use gcc v 2.7.? | |
16773 | +Turn on the maximum optimising (normally '-O3 -fomit-frame-pointer' for gcc) | |
16774 | +In recent times, some system compilers give better performace. | |
16775 | + | |
16776 | +type 'make' | |
16777 | + | |
16778 | +run './destest' to check things are ok. | |
16779 | +run './rpw' to check the tty code for reading passwords works. | |
16780 | +run './speed' to see how fast those optimisations make the library run :-) | |
16781 | +run './des_opts' to determin the best compile time options. | |
16782 | + | |
16783 | +The output from des_opts should be put in the makefile options and des_enc.c | |
16784 | +should be rebuilt. For 64 bit computers, do not use the DES_PTR option. | |
16785 | +For the DEC Alpha, edit des.h and change DES_LONG to 'unsigned int' | |
16786 | +and then you can use the 'DES_PTR' option. | |
16787 | + | |
16788 | +The file options.txt has the options listed for best speed on quite a | |
16789 | +few systems. Look and the options (UNROLL, PTR, RISC2 etc) and then | |
16790 | +turn on the relevent option in the Makefile | |
16791 | + | |
16792 | +There are some special Makefile targets that make life easier. | |
16793 | +make cc - standard cc build | |
16794 | +make gcc - standard gcc build | |
16795 | +make x86-elf - x86 assembler (elf), linux-elf. | |
16796 | +make x86-out - x86 assembler (a.out), FreeBSD | |
16797 | +make x86-solaris- x86 assembler | |
16798 | +make x86-bsdi - x86 assembler (a.out with primative assembler). | |
16799 | + | |
16800 | +If at all possible use the assembler (for Windows NT/95, use | |
16801 | +asm/win32.obj to link with). The x86 assembler is very very fast. | |
16802 | + | |
16803 | +A make install will by default install | |
16804 | +libdes.a in /usr/local/lib/libdes.a | |
16805 | +des in /usr/local/bin/des | |
16806 | +des_crypt.man in /usr/local/man/man3/des_crypt.3 | |
16807 | +des.man in /usr/local/man/man1/des.1 | |
16808 | +des.h in /usr/include/des.h | |
16809 | + | |
16810 | +des(1) should be compatible with sunOS's but I have been unable to | |
16811 | +test it. | |
16812 | + | |
16813 | +These routines should compile on MSDOS, most 32bit and 64bit version | |
16814 | +of Unix (BSD and SYSV) and VMS, without modification. | |
16815 | +The only problems should be #include files that are in the wrong places. | |
16816 | + | |
16817 | +These routines can be compiled under MSDOS. | |
16818 | +I have successfully encrypted files using des(1) under MSDOS and then | |
16819 | +decrypted the files on a SparcStation. | |
16820 | +I have been able to compile and test the routines with | |
16821 | +Microsoft C v 5.1 and Turbo C v 2.0. | |
16822 | +The code in this library is in no way optimised for the 16bit | |
16823 | +operation of MSDOS. | |
16824 | + | |
16825 | +When building for glibc, ignore all of the above and just unpack into | |
16826 | +glibc-1.??/des and then gmake as per normal. | |
16827 | + | |
16828 | +As a final note on performace. Certain CPUs like sparcs and Alpha often give | |
16829 | +a %10 speed difference depending on the link order. It is rather anoying | |
16830 | +when one program reports 'x' DES encrypts a second and another reports | |
16831 | +'x*0.9' the speed. | |
16832 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
16833 | +++ linux/net/ipsec/des/Makefile Mon Feb 9 13:51:03 2004 | |
16834 | @@ -0,0 +1,63 @@ | |
16835 | +# Makefile for KLIPS kernel code as a module for 2.6 kernels | |
16836 | +# | |
16837 | +# Makefile for KLIPS kernel code as a module | |
16838 | +# Copyright (C) 1998, 1999, 2000,2001 Richard Guy Briggs. | |
16839 | +# Copyright (C) 2002-2004 Michael Richardson <mcr@freeswan.org> | |
16840 | +# | |
16841 | +# This program is free software; you can redistribute it and/or modify it | |
16842 | +# under the terms of the GNU General Public License as published by the | |
16843 | +# Free Software Foundation; either version 2 of the License, or (at your | |
16844 | +# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
16845 | +# | |
16846 | +# This program is distributed in the hope that it will be useful, but | |
16847 | +# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
16848 | +# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
16849 | +# for more details. | |
16850 | +# | |
16851 | +# RCSID $Id: Makefile.fs2_6,v 1.2.2.1 2005/08/12 16:10:57 ken Exp $ | |
16852 | +# | |
16853 | +# Note! Dependencies are done automagically by 'make dep', which also | |
16854 | +# removes any old dependencies. DON'T put your own dependencies here | |
16855 | +# unless it's something special (ie not a .c file). | |
16856 | +# | |
16857 | + | |
16858 | +obj-$(CONFIG_KLIPS_ENC_3DES) += ipsec_alg_3des.o | |
16859 | +obj-$(CONFIG_KLIPS_ENC_3DES) += cbc_enc.o | |
16860 | +obj-$(CONFIG_KLIPS_ENC_3DES) += ecb_enc.o | |
16861 | +obj-$(CONFIG_KLIPS_ENC_3DES) += set_key.o | |
16862 | + | |
16863 | +ifeq ($(strip ${SUBARCH}),) | |
16864 | +SUBARCH:=${ARCH} | |
16865 | +endif | |
16866 | + | |
16867 | +# the assembly version expects frame pointers, which are | |
16868 | +# optional in many kernel builds. If you want speed, you should | |
16869 | +# probably use cryptoapi code instead. | |
16870 | +USEASSEMBLY=${SUBARCH}${CONFIG_FRAME_POINTER} | |
16871 | +ifeq (${USEASSEMBLY},i386y) | |
16872 | +obj-$(CONFIG_KLIPS_ENC_3DES) += dx86unix.o | |
16873 | +else | |
16874 | +obj-$(CONFIG_KLIPS_ENC_3DES) += des_enc.o | |
16875 | +endif | |
16876 | + | |
16877 | +# | |
16878 | +# $Log: Makefile.fs2_6,v $ | |
16879 | +# Revision 1.2.2.1 2005/08/12 16:10:57 ken | |
16880 | +# do not use assembly code with there are no frame pointers | |
16881 | +# | |
16882 | +# Revision 1.3 2005/08/12 14:13:59 mcr | |
16883 | +# do not use assembly code with there are no frame pointers, | |
16884 | +# as it does not have the right linkages. | |
16885 | +# | |
16886 | +# Revision 1.2 2005/04/29 05:13:07 mcr | |
16887 | +# 3DES algorithm code. | |
16888 | +# | |
16889 | +# Revision 1.1 2004/08/17 03:27:30 mcr | |
16890 | +# klips 2.6 edits. | |
16891 | +# | |
16892 | +# | |
16893 | +# Local Variables: | |
16894 | +# compile-command: "(cd ../../.. && source umlsetup.sh && make -C ${POOLSPACE} module/ipsec.o)" | |
16895 | +# End Variables: | |
16896 | +# | |
16897 | + | |
16898 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
16899 | +++ linux/net/ipsec/des/README Mon Feb 9 13:51:03 2004 | |
16900 | @@ -0,0 +1,54 @@ | |
16901 | + | |
16902 | + libdes, Version 4.01 10-Jan-97 | |
16903 | + | |
16904 | + Copyright (c) 1997, Eric Young | |
16905 | + All rights reserved. | |
16906 | + | |
16907 | + This program is free software; you can redistribute it and/or modify | |
16908 | + it under the terms specified in COPYRIGHT. | |
16909 | + | |
16910 | +-- | |
16911 | +The primary ftp site for this library is | |
16912 | +ftp://ftp.psy.uq.oz.au/pub/Crypto/DES/libdes-x.xx.tar.gz | |
16913 | +libdes is now also shipped with SSLeay. Primary ftp site of | |
16914 | +ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/SSLeay-x.x.x.tar.gz | |
16915 | + | |
16916 | +The best way to build this library is to build it as part of SSLeay. | |
16917 | + | |
16918 | +This kit builds a DES encryption library and a DES encryption program. | |
16919 | +It supports ecb, cbc, ofb, cfb, triple ecb, triple cbc, triple ofb, | |
16920 | +triple cfb, desx, and MIT's pcbc encryption modes and also has a fast | |
16921 | +implementation of crypt(3). | |
16922 | +It contains support routines to read keys from a terminal, | |
16923 | +generate a random key, generate a key from an arbitrary length string, | |
16924 | +read/write encrypted data from/to a file descriptor. | |
16925 | + | |
16926 | +The implementation was written so as to conform with the manual entry | |
16927 | +for the des_crypt(3) library routines from MIT's project Athena. | |
16928 | + | |
16929 | +destest should be run after compilation to test the des routines. | |
16930 | +rpw should be run after compilation to test the read password routines. | |
16931 | +The des program is a replacement for the sun des command. I believe it | |
16932 | +conforms to the sun version. | |
16933 | + | |
16934 | +The Imakefile is setup for use in the kerberos distribution. | |
16935 | + | |
16936 | +These routines are best compiled with gcc or any other good | |
16937 | +optimising compiler. | |
16938 | +Just turn you optimiser up to the highest settings and run destest | |
16939 | +after the build to make sure everything works. | |
16940 | + | |
16941 | +I believe these routines are close to the fastest and most portable DES | |
16942 | +routines that use small lookup tables (4.5k) that are publicly available. | |
16943 | +The fcrypt routine is faster than ufc's fcrypt (when compiling with | |
16944 | +gcc2 -O2) on the sparc 2 (1410 vs 1270) but is not so good on other machines | |
16945 | +(on a sun3/260 168 vs 336). It is a function of CPU on chip cache size. | |
16946 | +[ 10-Jan-97 and a function of an incorrect speed testing program in | |
16947 | + ufc which gave much better test figures that reality ]. | |
16948 | + | |
16949 | +It is worth noting that on sparc and Alpha CPUs, performance of the DES | |
16950 | +library can vary by upto %10 due to the positioning of files after application | |
16951 | +linkage. | |
16952 | + | |
16953 | +Eric Young (eay@cryptsoft.com) | |
16954 | + | |
16955 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
16956 | +++ linux/net/ipsec/des/README.freeswan Mon Feb 9 13:51:03 2004 | |
16957 | @@ -0,0 +1,33 @@ | |
16958 | +The only changes the FreeS/WAN project has made to libdes-lite 4.04b are: | |
16959 | + | |
16960 | +We #ifdef-ed the declaration of DES_LONG in des.h, so it's more efficient | |
16961 | +on the Alpha, instead of just noting the issue in a comment. | |
16962 | + | |
16963 | +We #ifdef-ed out the des_options() function in ecb_enc.c, because we don't | |
16964 | +use it, and its call to sprintf() can cause subtle difficulties when KLIPS | |
16965 | +is built as a module (depending on details of Linux configuration options). | |
16966 | + | |
16967 | +We changed some instances of CC=$(CC) in the Makefile to CC='$(CC)' to make | |
16968 | +it cope better with Linux kernel Makefile stupidities, and took out an | |
16969 | +explicit CC=gcc (unwise on systems with strange compilers). | |
16970 | + | |
16971 | +We deleted some references to <stdio.h> and <stdlib.h>, and a declaration | |
16972 | +of one function found only in the full libdes (not in libdes-lite), to | |
16973 | +avoid dragging in bits of stdio/stdlib unnecessarily. (Our thanks to Hans | |
16974 | +Schultz for spotting this and pointing out the fixes.) | |
16975 | + | |
16976 | +We deleted a couple of .obj files in the asm subdirectory, which appear to | |
16977 | +have been included in the original library by accident. | |
16978 | + | |
16979 | +We have added an include of our Makefile.inc file, to permit overriding | |
16980 | +things like choice of compiler (although the libdes Makefile would | |
16981 | +probably need some work to make this effective). | |
16982 | + | |
16983 | + | |
16984 | + | |
16985 | +Note that Eric Young is no longer at the email address listed in these | |
16986 | +files, and is (alas) no longer working on free crypto software. | |
16987 | + | |
16988 | + | |
16989 | + | |
16990 | +This file is RCSID $Id: README.freeswan,v 1.12 2004/07/10 08:06:51 mcr Exp $ | |
16991 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
16992 | +++ linux/net/ipsec/des/VERSION Mon Feb 9 13:51:03 2004 | |
16993 | @@ -0,0 +1,406 @@ | |
16994 | +Version 4.04 | |
16995 | + Fixed a few tests in destest. Also added x86 assember for | |
16996 | + des_ncbc_encrypt() which is the standard cbc mode function. | |
16997 | + This makes a very very large performace difference. | |
16998 | + Ariel Glenn ariel@columbia.edu reports that the terminal | |
16999 | + 'turn echo off' can return (errno == EINVAL) under solaris | |
17000 | + when redirection is used. So I now catch that as well as ENOTTY. | |
17001 | + | |
17002 | + | |
17003 | +Version 4.03 | |
17004 | + Left a static out of enc_write.c, which caused to buffer to be | |
17005 | + continiously malloc()ed. Does anyone use these functions? I keep | |
17006 | + on feeling like removing them since I only had these in there | |
17007 | + for a version of kerberised login. Anyway, this was pointed out | |
17008 | + by Theo de Raadt <deraadt@cvs.openbsd.org> | |
17009 | + The 'n' bit ofb code was wrong, it was not shifting the shift | |
17010 | + register. It worked correctly for n == 64. Thanks to | |
17011 | + Gigi Ankeny <Gigi.Ankeny@Eng.Sun.COM> for pointing this one out. | |
17012 | + | |
17013 | +Version 4.02 | |
17014 | + I was doing 'if (memcmp(weak_keys[i],key,sizeof(key)) == 0)' | |
17015 | + when checking for weak keys which is wrong :-(, pointed out by | |
17016 | + Markus F.X.J. Oberhumer <markus.oberhumer@jk.uni-linz.ac.at>. | |
17017 | + | |
17018 | +Version 4.01 | |
17019 | + Even faster inner loop in the DES assembler for x86 and a modification | |
17020 | + for IP/FP which is faster on x86. Both of these changes are | |
17021 | + from Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>. His | |
17022 | + changes make the assembler run %40 faster on a pentium. This is just | |
17023 | + a case of getting the instruction sequence 'just right'. | |
17024 | + All credit to 'Svend' :-) | |
17025 | + Quite a few special x86 'make' targets. | |
17026 | + A libdes-l (lite) distribution. | |
17027 | + | |
17028 | +Version 4.00 | |
17029 | + After a bit of a pause, I'll up the major version number since this | |
17030 | + is mostly a performace release. I've added x86 assembler and | |
17031 | + added more options for performance. A %28 speedup for gcc | |
17032 | + on a pentium and the assembler is a %50 speedup. | |
17033 | + MIPS CPU's, sparc and Alpha are the main CPU's with speedups. | |
17034 | + Run des_opts to work out which options should be used. | |
17035 | + DES_RISC1/DES_RISC2 use alternative inner loops which use | |
17036 | + more registers but should give speedups on any CPU that does | |
17037 | + dual issue (pentium). DES_UNROLL unrolls the inner loop, | |
17038 | + which costs in code size. | |
17039 | + | |
17040 | +Version 3.26 | |
17041 | + I've finally removed one of the shifts in D_ENCRYPT. This | |
17042 | + meant I've changed the des_SPtrans table (spr.h), the set_key() | |
17043 | + function and some things in des_enc.c. This has definitly | |
17044 | + made things faster :-). I've known about this one for some | |
17045 | + time but I've been too lazy to follow it up :-). | |
17046 | + Noticed that in the D_ENCRYPT() macro, we can just do L^=(..)^(..)^.. | |
17047 | + instead of L^=((..)|(..)|(..).. This should save a register at | |
17048 | + least. | |
17049 | + Assember for x86. The file to replace is des_enc.c, which is replaced | |
17050 | + by one of the assembler files found in asm. Look at des/asm/readme | |
17051 | + for more info. | |
17052 | + | |
17053 | + /* Modification to fcrypt so it can be compiled to support | |
17054 | + HPUX 10.x's long password format, define -DLONGCRYPT to use this. | |
17055 | + Thanks to Jens Kupferschmidt <bt1cu@hpboot.rz.uni-leipzig.de>. */ | |
17056 | + | |
17057 | + SIGWINCH case put in des_read_passwd() so the function does not | |
17058 | + 'exit' if this function is recieved. | |
17059 | + | |
17060 | +Version 3.25 17/07/96 | |
17061 | + Modified read_pwd.c so that stdin can be read if not a tty. | |
17062 | + Thanks to Jeff Barber <jeffb@issl.atl.hp.com> for the patches. | |
17063 | + des_init_random_number_generator() shortened due to VMS linker | |
17064 | + limits. | |
17065 | + Added RSA's DESX cbc mode. It is a form of cbc encryption, with 2 | |
17066 | + 8 byte quantites xored before and after encryption. | |
17067 | + des_xcbc_encryption() - the name is funny to preserve the des_ | |
17068 | + prefix on all functions. | |
17069 | + | |
17070 | +Version 3.24 20/04/96 | |
17071 | + The DES_PTR macro option checked and used by SSLeay configuration | |
17072 | + | |
17073 | +Version 3.23 11/04/96 | |
17074 | + Added DES_LONG. If defined to 'unsigned int' on the DEC Alpha, | |
17075 | + it gives a %20 speedup :-) | |
17076 | + Fixed the problem with des.pl under perl5. The patches were | |
17077 | + sent by Ed Kubaitis (ejk@uiuc.edu). | |
17078 | + if fcrypt.c, changed values to handle illegal salt values the way | |
17079 | + normal crypt() implementations do. Some programs apparently use | |
17080 | + them :-(. The patch was sent by Bjorn Gronvall <bg@sics.se> | |
17081 | + | |
17082 | +Version 3.22 29/11/95 | |
17083 | + Bug in des(1), an error with the uuencoding stuff when the | |
17084 | + 'data' is small, thanks to Geoff Keating <keagchon@mehta.anu.edu.au> | |
17085 | + for the patch. | |
17086 | + | |
17087 | +Version 3.21 22/11/95 | |
17088 | + After some emailing back and forth with | |
17089 | + Colin Plumb <colin@nyx10.cs.du.edu>, I've tweaked a few things | |
17090 | + and in a future version I will probably put in some of the | |
17091 | + optimisation he suggested for use with the DES_USE_PTR option. | |
17092 | + Extra routines from Mark Murray <mark@grondar.za> for use in | |
17093 | + freeBSD. They mostly involve random number generation for use | |
17094 | + with kerberos. They involve evil machine specific system calls | |
17095 | + etc so I would normally suggest pushing this stuff into the | |
17096 | + application and/or using RAND_seed()/RAND_bytes() if you are | |
17097 | + using this DES library as part of SSLeay. | |
17098 | + Redone the read_pw() function so that it is cleaner and | |
17099 | + supports termios, thanks to Sameer Parekh <sameer@c2.org> | |
17100 | + for the initial patches for this. | |
17101 | + Renamed 3ecb_encrypt() to ecb3_encrypt(). This has been | |
17102 | + done just to make things more consistent. | |
17103 | + I have also now added triple DES versions of cfb and ofb. | |
17104 | + | |
17105 | +Version 3.20 | |
17106 | + Damn, Damn, Damn, as pointed out by Mike_Spreitzer.PARC@xerox.com, | |
17107 | + my des_random_seed() function was only copying 4 bytes of the | |
17108 | + passed seed into the init structure. It is now fixed to copy 8. | |
17109 | + My own suggestion is to used something like MD5 :-) | |
17110 | + | |
17111 | +Version 3.19 | |
17112 | + While looking at my code one day, I though, why do I keep on | |
17113 | + calling des_encrypt(in,out,ks,enc) when every function that | |
17114 | + calls it has in and out the same. So I dropped the 'out' | |
17115 | + parameter, people should not be using this function. | |
17116 | + | |
17117 | +Version 3.18 30/08/95 | |
17118 | + Fixed a few bit with the distribution and the filenames. | |
17119 | + 3.17 had been munged via a move to DOS and back again. | |
17120 | + NO CODE CHANGES | |
17121 | + | |
17122 | +Version 3.17 14/07/95 | |
17123 | + Fixed ede3 cbc which I had broken in 3.16. I have also | |
17124 | + removed some unneeded variables in 7-8 of the routines. | |
17125 | + | |
17126 | +Version 3.16 26/06/95 | |
17127 | + Added des_encrypt2() which does not use IP/FP, used by triple | |
17128 | + des routines. Tweaked things a bit elsewhere. %13 speedup on | |
17129 | + sparc and %6 on a R4400 for ede3 cbc mode. | |
17130 | + | |
17131 | +Version 3.15 06/06/95 | |
17132 | + Added des_ncbc_encrypt(), it is des_cbc mode except that it is | |
17133 | + 'normal' and copies the new iv value back over the top of the | |
17134 | + passed parameter. | |
17135 | + CHANGED des_ede3_cbc_encrypt() so that it too now overwrites | |
17136 | + the iv. THIS WILL BREAK EXISTING CODE, but since this function | |
17137 | + only new, I feel I can change it, not so with des_cbc_encrypt :-(. | |
17138 | + I need to update the documentation. | |
17139 | + | |
17140 | +Version 3.14 31/05/95 | |
17141 | + New release upon the world, as part of my SSL implementation. | |
17142 | + New copyright and usage stuff. Basically free for all to use | |
17143 | + as long as you say it came from me :-) | |
17144 | + | |
17145 | +Version 3.13 31/05/95 | |
17146 | + A fix in speed.c, if HZ is not defined, I set it to 100.0 | |
17147 | + which is reasonable for most unixes except SunOS 4.x. | |
17148 | + I now have a #ifdef sun but timing for SunOS 4.x looked very | |
17149 | + good :-(. At my last job where I used SunOS 4.x, it was | |
17150 | + defined to be 60.0 (look at the old INSTALL documentation), at | |
17151 | + the last release had it changed to 100.0 since I now work with | |
17152 | + Solaris2 and SVR4 boxes. | |
17153 | + Thanks to Rory Chisholm <rchishol@math.ethz.ch> for pointing this | |
17154 | + one out. | |
17155 | + | |
17156 | +Version 3.12 08/05/95 | |
17157 | + As pointed out by The Crypt Keeper <tck@bend.UCSD.EDU>, | |
17158 | + my D_ENCRYPT macro in crypt() had an un-necessary variable. | |
17159 | + It has been removed. | |
17160 | + | |
17161 | +Version 3.11 03/05/95 | |
17162 | + Added des_ede3_cbc_encrypt() which is cbc mode des with 3 keys | |
17163 | + and one iv. It is a standard and I needed it for my SSL code. | |
17164 | + It makes more sense to use this for triple DES than | |
17165 | + 3cbc_encrypt(). I have also added (or should I say tested :-) | |
17166 | + cfb64_encrypt() which is cfb64 but it will encrypt a partial | |
17167 | + number of bytes - 3 bytes in 3 bytes out. Again this is for | |
17168 | + my SSL library, as a form of encryption to use with SSL | |
17169 | + telnet. | |
17170 | + | |
17171 | +Version 3.10 22/03/95 | |
17172 | + Fixed a bug in 3cbc_encrypt() :-(. When making repeated calls | |
17173 | + to cbc3_encrypt, the 2 iv values that were being returned to | |
17174 | + be used in the next call were reversed :-(. | |
17175 | + Many thanks to Bill Wade <wade@Stoner.COM> for pointing out | |
17176 | + this error. | |
17177 | + | |
17178 | +Version 3.09 01/02/95 | |
17179 | + Fixed des_random_key to far more random, it was rather feeble | |
17180 | + with regards to picking the initial seed. The problem was | |
17181 | + pointed out by Olaf Kirch <okir@monad.swb.de>. | |
17182 | + | |
17183 | +Version 3.08 14/12/94 | |
17184 | + Added Makefile.PL so libdes can be built into perl5. | |
17185 | + Changed des_locl.h so RAND is always defined. | |
17186 | + | |
17187 | +Version 3.07 05/12/94 | |
17188 | + Added GNUmake and stuff so the library can be build with | |
17189 | + glibc. | |
17190 | + | |
17191 | +Version 3.06 30/08/94 | |
17192 | + Added rpc_enc.c which contains _des_crypt. This is for use in | |
17193 | + secure_rpc v 4.0 | |
17194 | + Finally fixed the cfb_enc problems. | |
17195 | + Fixed a few parameter parsing bugs in des (-3 and -b), thanks | |
17196 | + to Rob McMillan <R.McMillan@its.gu.edu.au> | |
17197 | + | |
17198 | +Version 3.05 21/04/94 | |
17199 | + for unsigned long l; gcc does not produce ((l>>34) == 0) | |
17200 | + This causes bugs in cfb_enc. | |
17201 | + Thanks to Hadmut Danisch <danisch@ira.uka.de> | |
17202 | + | |
17203 | +Version 3.04 20/04/94 | |
17204 | + Added a version number to des.c and libdes.a | |
17205 | + | |
17206 | +Version 3.03 12/01/94 | |
17207 | + Fixed a bug in non zero iv in 3cbc_enc. | |
17208 | + | |
17209 | +Version 3.02 29/10/93 | |
17210 | + I now work in a place where there are 6+ architectures and 14+ | |
17211 | + OS versions :-). | |
17212 | + Fixed TERMIO definition so the most sys V boxes will work :-) | |
17213 | + | |
17214 | +Release upon comp.sources.misc | |
17215 | +Version 3.01 08/10/93 | |
17216 | + Added des_3cbc_encrypt() | |
17217 | + | |
17218 | +Version 3.00 07/10/93 | |
17219 | + Fixed up documentation. | |
17220 | + quad_cksum definitely compatible with MIT's now. | |
17221 | + | |
17222 | +Version 2.30 24/08/93 | |
17223 | + Triple DES now defaults to triple cbc but can do triple ecb | |
17224 | + with the -b flag. | |
17225 | + Fixed some MSDOS uuen/uudecoding problems, thanks to | |
17226 | + Added prototypes. | |
17227 | + | |
17228 | +Version 2.22 29/06/93 | |
17229 | + Fixed a bug in des_is_weak_key() which stopped it working :-( | |
17230 | + thanks to engineering@MorningStar.Com. | |
17231 | + | |
17232 | +Version 2.21 03/06/93 | |
17233 | + des(1) with no arguments gives quite a bit of help. | |
17234 | + Added -c (generate ckecksum) flag to des(1). | |
17235 | + Added -3 (triple DES) flag to des(1). | |
17236 | + Added cfb and ofb routines to the library. | |
17237 | + | |
17238 | +Version 2.20 11/03/93 | |
17239 | + Added -u (uuencode) flag to des(1). | |
17240 | + I have been playing with byte order in quad_cksum to make it | |
17241 | + compatible with MIT's version. All I can say is avid this | |
17242 | + function if possible since MIT's output is endian dependent. | |
17243 | + | |
17244 | +Version 2.12 14/10/92 | |
17245 | + Added MSDOS specific macro in ecb_encrypt which gives a %70 | |
17246 | + speed up when the code is compiled with turbo C. | |
17247 | + | |
17248 | +Version 2.11 12/10/92 | |
17249 | + Speedup in set_key (recoding of PC-1) | |
17250 | + I now do it in 47 simple operations, down from 60. | |
17251 | + Thanks to John Fletcher (john_fletcher@lccmail.ocf.llnl.gov) | |
17252 | + for motivating me to look for a faster system :-) | |
17253 | + The speedup is probably less that 1% but it is still 13 | |
17254 | + instructions less :-). | |
17255 | + | |
17256 | +Version 2.10 06/10/92 | |
17257 | + The code now works on the 64bit ETA10 and CRAY without modifications or | |
17258 | + #defines. I believe the code should work on any machine that | |
17259 | + defines long, int or short to be 8 bytes long. | |
17260 | + Thanks to Shabbir J. Safdar (shabby@mentor.cc.purdue.edu) | |
17261 | + for helping me fix the code to run on 64bit machines (he had | |
17262 | + access to an ETA10). | |
17263 | + Thanks also to John Fletcher <john_fletcher@lccmail.ocf.llnl.gov> | |
17264 | + for testing the routines on a CRAY. | |
17265 | + read_password.c has been renamed to read_passwd.c | |
17266 | + string_to_key.c has been renamed to string2key.c | |
17267 | + | |
17268 | +Version 2.00 14/09/92 | |
17269 | + Made mods so that the library should work on 64bit CPU's. | |
17270 | + Removed all my uchar and ulong defs. To many different | |
17271 | + versions of unix define them in their header files in too many | |
17272 | + different combinations :-) | |
17273 | + IRIX - Sillicon Graphics mods (mostly in read_password.c). | |
17274 | + Thanks to Andrew Daviel (advax@erich.triumf.ca) | |
17275 | + | |
17276 | +Version 1.99 26/08/92 | |
17277 | + Fixed a bug or 2 in enc_read.c | |
17278 | + Fixed a bug in enc_write.c | |
17279 | + Fixed a pseudo bug in fcrypt.c (very obscure). | |
17280 | + | |
17281 | +Version 1.98 31/07/92 | |
17282 | + Support for the ETA10. This is a strange machine that defines | |
17283 | + longs and ints as 8 bytes and shorts as 4 bytes. | |
17284 | + Since I do evil things with long * that assume that they are 4 | |
17285 | + bytes. Look in the Makefile for the option to compile for | |
17286 | + this machine. quad_cksum appears to have problems but I | |
17287 | + will don't have the time to fix it right now, and this is not | |
17288 | + a function that uses DES and so will not effect the main uses | |
17289 | + of the library. | |
17290 | + | |
17291 | +Version 1.97 20/05/92 eay | |
17292 | + Fixed the Imakefile and made some changes to des.h to fix some | |
17293 | + problems when building this package with Kerberos v 4. | |
17294 | + | |
17295 | +Version 1.96 18/05/92 eay | |
17296 | + Fixed a small bug in string_to_key() where problems could | |
17297 | + occur if des_check_key was set to true and the string | |
17298 | + generated a weak key. | |
17299 | + | |
17300 | +Patch2 posted to comp.sources.misc | |
17301 | +Version 1.95 13/05/92 eay | |
17302 | + Added an alternative version of the D_ENCRYPT macro in | |
17303 | + ecb_encrypt and fcrypt. Depending on the compiler, one version or the | |
17304 | + other will be faster. This was inspired by | |
17305 | + Dana How <how@isl.stanford.edu>, and her pointers about doing the | |
17306 | + *(ulong *)((uchar *)ptr+(value&0xfc)) | |
17307 | + vs | |
17308 | + ptr[value&0x3f] | |
17309 | + to stop the C compiler doing a <<2 to convert the long array index. | |
17310 | + | |
17311 | +Version 1.94 05/05/92 eay | |
17312 | + Fixed an incompatibility between my string_to_key and the MIT | |
17313 | + version. When the key is longer than 8 chars, I was wrapping | |
17314 | + with a different method. To use the old version, define | |
17315 | + OLD_STR_TO_KEY in the makefile. Thanks to | |
17316 | + viktor@newsu.shearson.com (Viktor Dukhovni). | |
17317 | + | |
17318 | +Version 1.93 28/04/92 eay | |
17319 | + Fixed the VMS mods so that echo is now turned off in | |
17320 | + read_password. Thanks again to brennan@coco.cchs.su.oz.AU. | |
17321 | + MSDOS support added. The routines can be compiled with | |
17322 | + Turbo C (v2.0) and MSC (v5.1). Make sure MSDOS is defined. | |
17323 | + | |
17324 | +Patch1 posted to comp.sources.misc | |
17325 | +Version 1.92 13/04/92 eay | |
17326 | + Changed D_ENCRYPT so that the rotation of R occurs outside of | |
17327 | + the loop. This required rotating all the longs in sp.h (now | |
17328 | + called spr.h). Thanks to Richard Outerbridge <71755.204@CompuServe.COM> | |
17329 | + speed.c has been changed so it will work without SIGALRM. If | |
17330 | + times(3) is not present it will try to use ftime() instead. | |
17331 | + | |
17332 | +Version 1.91 08/04/92 eay | |
17333 | + Added -E/-D options to des(1) so it can use string_to_key. | |
17334 | + Added SVR4 mods suggested by witr@rwwa.COM | |
17335 | + Added VMS mods suggested by brennan@coco.cchs.su.oz.AU. If | |
17336 | + anyone knows how to turn of tty echo in VMS please tell me or | |
17337 | + implement it yourself :-). | |
17338 | + Changed FILE *IN/*OUT to *DES_IN/*DES_OUT since it appears VMS | |
17339 | + does not like IN/OUT being used. | |
17340 | + | |
17341 | +Libdes posted to comp.sources.misc | |
17342 | +Version 1.9 24/03/92 eay | |
17343 | + Now contains a fast small crypt replacement. | |
17344 | + Added des(1) command. | |
17345 | + Added des_rw_mode so people can use cbc encryption with | |
17346 | + enc_read and enc_write. | |
17347 | + | |
17348 | +Version 1.8 15/10/91 eay | |
17349 | + Bug in cbc_cksum. | |
17350 | + Many thanks to Keith Reynolds (keithr@sco.COM) for pointing this | |
17351 | + one out. | |
17352 | + | |
17353 | +Version 1.7 24/09/91 eay | |
17354 | + Fixed set_key :-) | |
17355 | + set_key is 4 times faster and takes less space. | |
17356 | + There are a few minor changes that could be made. | |
17357 | + | |
17358 | +Version 1.6 19/09/1991 eay | |
17359 | + Finally go IP and FP finished. | |
17360 | + Now I need to fix set_key. | |
17361 | + This version is quite a bit faster that 1.51 | |
17362 | + | |
17363 | +Version 1.52 15/06/1991 eay | |
17364 | + 20% speedup in ecb_encrypt by changing the E bit selection | |
17365 | + to use 2 32bit words. This also required modification of the | |
17366 | + sp table. There is still a way to speedup the IP and IP-1 | |
17367 | + (hints from outer@sq.com) still working on this one :-(. | |
17368 | + | |
17369 | +Version 1.51 07/06/1991 eay | |
17370 | + Faster des_encrypt by loop unrolling | |
17371 | + Fixed bug in quad_cksum.c (thanks to hughes@logos.ucs.indiana.edu) | |
17372 | + | |
17373 | +Version 1.50 28/05/1991 eay | |
17374 | + Optimised the code a bit more for the sparc. I have improved the | |
17375 | + speed of the inner des_encrypt by speeding up the initial and | |
17376 | + final permutations. | |
17377 | + | |
17378 | +Version 1.40 23/10/1990 eay | |
17379 | + Fixed des_random_key, it did not produce a random key :-( | |
17380 | + | |
17381 | +Version 1.30 2/10/1990 eay | |
17382 | + Have made des_quad_cksum the same as MIT's, the full package | |
17383 | + should be compatible with MIT's | |
17384 | + Have tested on a DECstation 3100 | |
17385 | + Still need to fix des_set_key (make it faster). | |
17386 | + Does des_cbc_encrypts at 70.5k/sec on a 3100. | |
17387 | + | |
17388 | +Version 1.20 18/09/1990 eay | |
17389 | + Fixed byte order dependencies. | |
17390 | + Fixed (I hope) all the word alignment problems. | |
17391 | + Speedup in des_ecb_encrypt. | |
17392 | + | |
17393 | +Version 1.10 11/09/1990 eay | |
17394 | + Added des_enc_read and des_enc_write. | |
17395 | + Still need to fix des_quad_cksum. | |
17396 | + Still need to document des_enc_read and des_enc_write. | |
17397 | + | |
17398 | +Version 1.00 27/08/1990 eay | |
17399 | + | |
17400 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
17401 | +++ linux/net/ipsec/des/asm/des-586.pl Mon Feb 9 13:51:03 2004 | |
17402 | @@ -0,0 +1,251 @@ | |
17403 | +#!/usr/local/bin/perl | |
17404 | +# | |
17405 | +# The inner loop instruction sequence and the IP/FP modifications are from | |
17406 | +# Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk> | |
17407 | +# | |
17408 | + | |
17409 | +push(@INC,"perlasm","../../perlasm"); | |
17410 | +require "x86asm.pl"; | |
17411 | +require "cbc.pl"; | |
17412 | +require "desboth.pl"; | |
17413 | + | |
17414 | +# base code is in microsft | |
17415 | +# op dest, source | |
17416 | +# format. | |
17417 | +# | |
17418 | + | |
17419 | +&asm_init($ARGV[0],"des-586.pl"); | |
17420 | + | |
17421 | +$L="edi"; | |
17422 | +$R="esi"; | |
17423 | + | |
17424 | +&external_label("des_SPtrans"); | |
17425 | +&des_encrypt("des_encrypt",1); | |
17426 | +&des_encrypt("des_encrypt2",0); | |
17427 | +&des_encrypt3("des_encrypt3",1); | |
17428 | +&des_encrypt3("des_decrypt3",0); | |
17429 | +&cbc("des_ncbc_encrypt","des_encrypt","des_encrypt",0,4,5,3,5,-1); | |
17430 | +&cbc("des_ede3_cbc_encrypt","des_encrypt3","des_decrypt3",0,6,7,3,4,5); | |
17431 | + | |
17432 | +&asm_finish(); | |
17433 | + | |
17434 | +sub des_encrypt | |
17435 | + { | |
17436 | + local($name,$do_ip)=@_; | |
17437 | + | |
17438 | + &function_begin_B($name,"EXTRN _des_SPtrans:DWORD"); | |
17439 | + | |
17440 | + &push("esi"); | |
17441 | + &push("edi"); | |
17442 | + | |
17443 | + &comment(""); | |
17444 | + &comment("Load the 2 words"); | |
17445 | + $ks="ebp"; | |
17446 | + | |
17447 | + if ($do_ip) | |
17448 | + { | |
17449 | + &mov($R,&wparam(0)); | |
17450 | + &xor( "ecx", "ecx" ); | |
17451 | + | |
17452 | + &push("ebx"); | |
17453 | + &push("ebp"); | |
17454 | + | |
17455 | + &mov("eax",&DWP(0,$R,"",0)); | |
17456 | + &mov("ebx",&wparam(2)); # get encrypt flag | |
17457 | + &mov($L,&DWP(4,$R,"",0)); | |
17458 | + &comment(""); | |
17459 | + &comment("IP"); | |
17460 | + &IP_new("eax",$L,$R,3); | |
17461 | + } | |
17462 | + else | |
17463 | + { | |
17464 | + &mov("eax",&wparam(0)); | |
17465 | + &xor( "ecx", "ecx" ); | |
17466 | + | |
17467 | + &push("ebx"); | |
17468 | + &push("ebp"); | |
17469 | + | |
17470 | + &mov($R,&DWP(0,"eax","",0)); | |
17471 | + &mov("ebx",&wparam(2)); # get encrypt flag | |
17472 | + &rotl($R,3); | |
17473 | + &mov($L,&DWP(4,"eax","",0)); | |
17474 | + &rotl($L,3); | |
17475 | + } | |
17476 | + | |
17477 | + &mov( $ks, &wparam(1) ); | |
17478 | + &cmp("ebx","0"); | |
17479 | + &je(&label("start_decrypt")); | |
17480 | + | |
17481 | + for ($i=0; $i<16; $i+=2) | |
17482 | + { | |
17483 | + &comment(""); | |
17484 | + &comment("Round $i"); | |
17485 | + &D_ENCRYPT($i,$L,$R,$i*2,$ks,"des_SPtrans","eax","ebx","ecx","edx"); | |
17486 | + | |
17487 | + &comment(""); | |
17488 | + &comment("Round ".sprintf("%d",$i+1)); | |
17489 | + &D_ENCRYPT($i+1,$R,$L,($i+1)*2,$ks,"des_SPtrans","eax","ebx","ecx","edx"); | |
17490 | + } | |
17491 | + &jmp(&label("end")); | |
17492 | + | |
17493 | + &set_label("start_decrypt"); | |
17494 | + | |
17495 | + for ($i=15; $i>0; $i-=2) | |
17496 | + { | |
17497 | + &comment(""); | |
17498 | + &comment("Round $i"); | |
17499 | + &D_ENCRYPT(15-$i,$L,$R,$i*2,$ks,"des_SPtrans","eax","ebx","ecx","edx"); | |
17500 | + &comment(""); | |
17501 | + &comment("Round ".sprintf("%d",$i-1)); | |
17502 | + &D_ENCRYPT(15-$i+1,$R,$L,($i-1)*2,$ks,"des_SPtrans","eax","ebx","ecx","edx"); | |
17503 | + } | |
17504 | + | |
17505 | + &set_label("end"); | |
17506 | + | |
17507 | + if ($do_ip) | |
17508 | + { | |
17509 | + &comment(""); | |
17510 | + &comment("FP"); | |
17511 | + &mov("edx",&wparam(0)); | |
17512 | + &FP_new($L,$R,"eax",3); | |
17513 | + | |
17514 | + &mov(&DWP(0,"edx","",0),"eax"); | |
17515 | + &mov(&DWP(4,"edx","",0),$R); | |
17516 | + } | |
17517 | + else | |
17518 | + { | |
17519 | + &comment(""); | |
17520 | + &comment("Fixup"); | |
17521 | + &rotr($L,3); # r | |
17522 | + &mov("eax",&wparam(0)); | |
17523 | + &rotr($R,3); # l | |
17524 | + &mov(&DWP(0,"eax","",0),$L); | |
17525 | + &mov(&DWP(4,"eax","",0),$R); | |
17526 | + } | |
17527 | + | |
17528 | + &pop("ebp"); | |
17529 | + &pop("ebx"); | |
17530 | + &pop("edi"); | |
17531 | + &pop("esi"); | |
17532 | + &ret(); | |
17533 | + | |
17534 | + &function_end_B($name); | |
17535 | + } | |
17536 | + | |
17537 | +sub D_ENCRYPT | |
17538 | + { | |
17539 | + local($r,$L,$R,$S,$ks,$desSP,$u,$tmp1,$tmp2,$t)=@_; | |
17540 | + | |
17541 | + &mov( $u, &DWP(&n2a($S*4),$ks,"",0)); | |
17542 | + &xor( $tmp1, $tmp1); | |
17543 | + &mov( $t, &DWP(&n2a(($S+1)*4),$ks,"",0)); | |
17544 | + &xor( $u, $R); | |
17545 | + &xor( $t, $R); | |
17546 | + &and( $u, "0xfcfcfcfc" ); | |
17547 | + &and( $t, "0xcfcfcfcf" ); | |
17548 | + &movb( &LB($tmp1), &LB($u) ); | |
17549 | + &movb( &LB($tmp2), &HB($u) ); | |
17550 | + &rotr( $t, 4 ); | |
17551 | + &mov( $ks, &DWP(" $desSP",$tmp1,"",0)); | |
17552 | + &movb( &LB($tmp1), &LB($t) ); | |
17553 | + &xor( $L, $ks); | |
17554 | + &mov( $ks, &DWP("0x200+$desSP",$tmp2,"",0)); | |
17555 | + &xor( $L, $ks); ###### | |
17556 | + &movb( &LB($tmp2), &HB($t) ); | |
17557 | + &shr( $u, 16); | |
17558 | + &mov( $ks, &DWP("0x100+$desSP",$tmp1,"",0)); | |
17559 | + &xor( $L, $ks); ###### | |
17560 | + &movb( &LB($tmp1), &HB($u) ); | |
17561 | + &shr( $t, 16); | |
17562 | + &mov( $ks, &DWP("0x300+$desSP",$tmp2,"",0)); | |
17563 | + &xor( $L, $ks); | |
17564 | + &mov( $ks, &wparam(1) ); | |
17565 | + &movb( &LB($tmp2), &HB($t) ); | |
17566 | + &and( $u, "0xff" ); | |
17567 | + &and( $t, "0xff" ); | |
17568 | + &mov( $tmp1, &DWP("0x600+$desSP",$tmp1,"",0)); | |
17569 | + &xor( $L, $tmp1); | |
17570 | + &mov( $tmp1, &DWP("0x700+$desSP",$tmp2,"",0)); | |
17571 | + &xor( $L, $tmp1); | |
17572 | + &mov( $tmp1, &DWP("0x400+$desSP",$u,"",0)); | |
17573 | + &xor( $L, $tmp1); | |
17574 | + &mov( $tmp1, &DWP("0x500+$desSP",$t,"",0)); | |
17575 | + &xor( $L, $tmp1); | |
17576 | + } | |
17577 | + | |
17578 | +sub n2a | |
17579 | + { | |
17580 | + sprintf("%d",$_[0]); | |
17581 | + } | |
17582 | + | |
17583 | +# now has a side affect of rotating $a by $shift | |
17584 | +sub R_PERM_OP | |
17585 | + { | |
17586 | + local($a,$b,$tt,$shift,$mask,$last)=@_; | |
17587 | + | |
17588 | + &rotl( $a, $shift ) if ($shift != 0); | |
17589 | + &mov( $tt, $a ); | |
17590 | + &xor( $a, $b ); | |
17591 | + &and( $a, $mask ); | |
17592 | + if (!$last eq $b) | |
17593 | + { | |
17594 | + &xor( $b, $a ); | |
17595 | + &xor( $tt, $a ); | |
17596 | + } | |
17597 | + else | |
17598 | + { | |
17599 | + &xor( $tt, $a ); | |
17600 | + &xor( $b, $a ); | |
17601 | + } | |
17602 | + &comment(""); | |
17603 | + } | |
17604 | + | |
17605 | +sub IP_new | |
17606 | + { | |
17607 | + local($l,$r,$tt,$lr)=@_; | |
17608 | + | |
17609 | + &R_PERM_OP($l,$r,$tt, 4,"0xf0f0f0f0",$l); | |
17610 | + &R_PERM_OP($r,$tt,$l,20,"0xfff0000f",$l); | |
17611 | + &R_PERM_OP($l,$tt,$r,14,"0x33333333",$r); | |
17612 | + &R_PERM_OP($tt,$r,$l,22,"0x03fc03fc",$r); | |
17613 | + &R_PERM_OP($l,$r,$tt, 9,"0xaaaaaaaa",$r); | |
17614 | + | |
17615 | + if ($lr != 3) | |
17616 | + { | |
17617 | + if (($lr-3) < 0) | |
17618 | + { &rotr($tt, 3-$lr); } | |
17619 | + else { &rotl($tt, $lr-3); } | |
17620 | + } | |
17621 | + if ($lr != 2) | |
17622 | + { | |
17623 | + if (($lr-2) < 0) | |
17624 | + { &rotr($r, 2-$lr); } | |
17625 | + else { &rotl($r, $lr-2); } | |
17626 | + } | |
17627 | + } | |
17628 | + | |
17629 | +sub FP_new | |
17630 | + { | |
17631 | + local($l,$r,$tt,$lr)=@_; | |
17632 | + | |
17633 | + if ($lr != 2) | |
17634 | + { | |
17635 | + if (($lr-2) < 0) | |
17636 | + { &rotl($r, 2-$lr); } | |
17637 | + else { &rotr($r, $lr-2); } | |
17638 | + } | |
17639 | + if ($lr != 3) | |
17640 | + { | |
17641 | + if (($lr-3) < 0) | |
17642 | + { &rotl($l, 3-$lr); } | |
17643 | + else { &rotr($l, $lr-3); } | |
17644 | + } | |
17645 | + | |
17646 | + &R_PERM_OP($l,$r,$tt, 0,"0xaaaaaaaa",$r); | |
17647 | + &R_PERM_OP($tt,$r,$l,23,"0x03fc03fc",$r); | |
17648 | + &R_PERM_OP($l,$r,$tt,10,"0x33333333",$l); | |
17649 | + &R_PERM_OP($r,$tt,$l,18,"0xfff0000f",$l); | |
17650 | + &R_PERM_OP($l,$tt,$r,12,"0xf0f0f0f0",$r); | |
17651 | + &rotr($tt , 4); | |
17652 | + } | |
17653 | + | |
17654 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
17655 | +++ linux/net/ipsec/des/asm/des686.pl Mon Feb 9 13:51:03 2004 | |
17656 | @@ -0,0 +1,230 @@ | |
17657 | +#!/usr/local/bin/perl | |
17658 | + | |
17659 | +$prog="des686.pl"; | |
17660 | + | |
17661 | +# base code is in microsft | |
17662 | +# op dest, source | |
17663 | +# format. | |
17664 | +# | |
17665 | + | |
17666 | +# WILL NOT WORK ANYMORE WITH desboth.pl | |
17667 | +require "desboth.pl"; | |
17668 | + | |
17669 | +if ( ($ARGV[0] eq "elf")) | |
17670 | + { require "x86unix.pl"; } | |
17671 | +elsif ( ($ARGV[0] eq "a.out")) | |
17672 | + { $aout=1; require "x86unix.pl"; } | |
17673 | +elsif ( ($ARGV[0] eq "sol")) | |
17674 | + { $sol=1; require "x86unix.pl"; } | |
17675 | +elsif ( ($ARGV[0] eq "cpp")) | |
17676 | + { $cpp=1; require "x86unix.pl"; } | |
17677 | +elsif ( ($ARGV[0] eq "win32")) | |
17678 | + { require "x86ms.pl"; } | |
17679 | +else | |
17680 | + { | |
17681 | + print STDERR <<"EOF"; | |
17682 | +Pick one target type from | |
17683 | + elf - linux, FreeBSD etc | |
17684 | + a.out - old linux | |
17685 | + sol - x86 solaris | |
17686 | + cpp - format so x86unix.cpp can be used | |
17687 | + win32 - Windows 95/Windows NT | |
17688 | +EOF | |
17689 | + exit(1); | |
17690 | + } | |
17691 | + | |
17692 | +&comment("Don't even think of reading this code"); | |
17693 | +&comment("It was automatically generated by $prog"); | |
17694 | +&comment("Which is a perl program used to generate the x86 assember for"); | |
17695 | +&comment("any of elf, a.out, Win32, or Solaris"); | |
17696 | +&comment("It can be found in SSLeay 0.6.5+ or in libdes 3.26+"); | |
17697 | +&comment("eric <eay\@cryptsoft.com>"); | |
17698 | +&comment(""); | |
17699 | + | |
17700 | +&file("dx86xxxx"); | |
17701 | + | |
17702 | +$L="edi"; | |
17703 | +$R="esi"; | |
17704 | + | |
17705 | +&des_encrypt("des_encrypt",1); | |
17706 | +&des_encrypt("des_encrypt2",0); | |
17707 | + | |
17708 | +&des_encrypt3("des_encrypt3",1); | |
17709 | +&des_encrypt3("des_decrypt3",0); | |
17710 | + | |
17711 | +&file_end(); | |
17712 | + | |
17713 | +sub des_encrypt | |
17714 | + { | |
17715 | + local($name,$do_ip)=@_; | |
17716 | + | |
17717 | + &function_begin($name,"EXTRN _des_SPtrans:DWORD"); | |
17718 | + | |
17719 | + &comment(""); | |
17720 | + &comment("Load the 2 words"); | |
17721 | + &mov("eax",&wparam(0)); | |
17722 | + &mov($L,&DWP(0,"eax","",0)); | |
17723 | + &mov($R,&DWP(4,"eax","",0)); | |
17724 | + | |
17725 | + $ksp=&wparam(1); | |
17726 | + | |
17727 | + if ($do_ip) | |
17728 | + { | |
17729 | + &comment(""); | |
17730 | + &comment("IP"); | |
17731 | + &IP_new($L,$R,"eax"); | |
17732 | + } | |
17733 | + | |
17734 | + &comment(""); | |
17735 | + &comment("fixup rotate"); | |
17736 | + &rotl($R,3); | |
17737 | + &rotl($L,3); | |
17738 | + &exch($L,$R); | |
17739 | + | |
17740 | + &comment(""); | |
17741 | + &comment("load counter, key_schedule and enc flag"); | |
17742 | + &mov("eax",&wparam(2)); # get encrypt flag | |
17743 | + &mov("ebp",&wparam(1)); # get ks | |
17744 | + &cmp("eax","0"); | |
17745 | + &je(&label("start_decrypt")); | |
17746 | + | |
17747 | + # encrypting part | |
17748 | + | |
17749 | + for ($i=0; $i<16; $i+=2) | |
17750 | + { | |
17751 | + &comment(""); | |
17752 | + &comment("Round $i"); | |
17753 | + &D_ENCRYPT($L,$R,$i*2,"ebp","des_SPtrans","ecx","edx","eax","ebx"); | |
17754 | + | |
17755 | + &comment(""); | |
17756 | + &comment("Round ".sprintf("%d",$i+1)); | |
17757 | + &D_ENCRYPT($R,$L,($i+1)*2,"ebp","des_SPtrans","ecx","edx","eax","ebx"); | |
17758 | + } | |
17759 | + &jmp(&label("end")); | |
17760 | + | |
17761 | + &set_label("start_decrypt"); | |
17762 | + | |
17763 | + for ($i=15; $i>0; $i-=2) | |
17764 | + { | |
17765 | + &comment(""); | |
17766 | + &comment("Round $i"); | |
17767 | + &D_ENCRYPT($L,$R,$i*2,"ebp","des_SPtrans","ecx","edx","eax","ebx"); | |
17768 | + &comment(""); | |
17769 | + &comment("Round ".sprintf("%d",$i-1)); | |
17770 | + &D_ENCRYPT($R,$L,($i-1)*2,"ebp","des_SPtrans","ecx","edx","eax","ebx"); | |
17771 | + } | |
17772 | + | |
17773 | + &set_label("end"); | |
17774 | + | |
17775 | + &comment(""); | |
17776 | + &comment("Fixup"); | |
17777 | + &rotr($L,3); # r | |
17778 | + &rotr($R,3); # l | |
17779 | + | |
17780 | + if ($do_ip) | |
17781 | + { | |
17782 | + &comment(""); | |
17783 | + &comment("FP"); | |
17784 | + &FP_new($R,$L,"eax"); | |
17785 | + } | |
17786 | + | |
17787 | + &mov("eax",&wparam(0)); | |
17788 | + &mov(&DWP(0,"eax","",0),$L); | |
17789 | + &mov(&DWP(4,"eax","",0),$R); | |
17790 | + | |
17791 | + &function_end($name); | |
17792 | + } | |
17793 | + | |
17794 | + | |
17795 | +# The logic is to load R into 2 registers and operate on both at the same time. | |
17796 | +# We also load the 2 R's into 2 more registers so we can do the 'move word down a byte' | |
17797 | +# while also masking the other copy and doing a lookup. We then also accumulate the | |
17798 | +# L value in 2 registers then combine them at the end. | |
17799 | +sub D_ENCRYPT | |
17800 | + { | |
17801 | + local($L,$R,$S,$ks,$desSP,$u,$t,$tmp1,$tmp2,$tmp3)=@_; | |
17802 | + | |
17803 | + &mov( $u, &DWP(&n2a($S*4),$ks,"",0)); | |
17804 | + &mov( $t, &DWP(&n2a(($S+1)*4),$ks,"",0)); | |
17805 | + &xor( $u, $R ); | |
17806 | + &xor( $t, $R ); | |
17807 | + &rotr( $t, 4 ); | |
17808 | + | |
17809 | + # the numbers at the end of the line are origional instruction order | |
17810 | + &mov( $tmp2, $u ); # 1 2 | |
17811 | + &mov( $tmp1, $t ); # 1 1 | |
17812 | + &and( $tmp2, "0xfc" ); # 1 4 | |
17813 | + &and( $tmp1, "0xfc" ); # 1 3 | |
17814 | + &shr( $t, 8 ); # 1 5 | |
17815 | + &xor( $L, &DWP("0x100+$desSP",$tmp1,"",0)); # 1 7 | |
17816 | + &shr( $u, 8 ); # 1 6 | |
17817 | + &mov( $tmp1, &DWP(" $desSP",$tmp2,"",0)); # 1 8 | |
17818 | + | |
17819 | + &mov( $tmp2, $u ); # 2 2 | |
17820 | + &xor( $L, $tmp1 ); # 1 9 | |
17821 | + &and( $tmp2, "0xfc" ); # 2 4 | |
17822 | + &mov( $tmp1, $t ); # 2 1 | |
17823 | + &and( $tmp1, "0xfc" ); # 2 3 | |
17824 | + &shr( $t, 8 ); # 2 5 | |
17825 | + &xor( $L, &DWP("0x300+$desSP",$tmp1,"",0)); # 2 7 | |
17826 | + &shr( $u, 8 ); # 2 6 | |
17827 | + &mov( $tmp1, &DWP("0x200+$desSP",$tmp2,"",0)); # 2 8 | |
17828 | + &mov( $tmp2, $u ); # 3 2 | |
17829 | + | |
17830 | + &xor( $L, $tmp1 ); # 2 9 | |
17831 | + &and( $tmp2, "0xfc" ); # 3 4 | |
17832 | + | |
17833 | + &mov( $tmp1, $t ); # 3 1 | |
17834 | + &shr( $u, 8 ); # 3 6 | |
17835 | + &and( $tmp1, "0xfc" ); # 3 3 | |
17836 | + &shr( $t, 8 ); # 3 5 | |
17837 | + &xor( $L, &DWP("0x500+$desSP",$tmp1,"",0)); # 3 7 | |
17838 | + &mov( $tmp1, &DWP("0x400+$desSP",$tmp2,"",0)); # 3 8 | |
17839 | + | |
17840 | + &and( $t, "0xfc" ); # 4 1 | |
17841 | + &xor( $L, $tmp1 ); # 3 9 | |
17842 | + | |
17843 | + &and( $u, "0xfc" ); # 4 2 | |
17844 | + &xor( $L, &DWP("0x700+$desSP",$t,"",0)); # 4 3 | |
17845 | + &xor( $L, &DWP("0x600+$desSP",$u,"",0)); # 4 4 | |
17846 | + } | |
17847 | + | |
17848 | +sub PERM_OP | |
17849 | + { | |
17850 | + local($a,$b,$tt,$shift,$mask)=@_; | |
17851 | + | |
17852 | + &mov( $tt, $a ); | |
17853 | + &shr( $tt, $shift ); | |
17854 | + &xor( $tt, $b ); | |
17855 | + &and( $tt, $mask ); | |
17856 | + &xor( $b, $tt ); | |
17857 | + &shl( $tt, $shift ); | |
17858 | + &xor( $a, $tt ); | |
17859 | + } | |
17860 | + | |
17861 | +sub IP_new | |
17862 | + { | |
17863 | + local($l,$r,$tt)=@_; | |
17864 | + | |
17865 | + &PERM_OP($r,$l,$tt, 4,"0x0f0f0f0f"); | |
17866 | + &PERM_OP($l,$r,$tt,16,"0x0000ffff"); | |
17867 | + &PERM_OP($r,$l,$tt, 2,"0x33333333"); | |
17868 | + &PERM_OP($l,$r,$tt, 8,"0x00ff00ff"); | |
17869 | + &PERM_OP($r,$l,$tt, 1,"0x55555555"); | |
17870 | + } | |
17871 | + | |
17872 | +sub FP_new | |
17873 | + { | |
17874 | + local($l,$r,$tt)=@_; | |
17875 | + | |
17876 | + &PERM_OP($l,$r,$tt, 1,"0x55555555"); | |
17877 | + &PERM_OP($r,$l,$tt, 8,"0x00ff00ff"); | |
17878 | + &PERM_OP($l,$r,$tt, 2,"0x33333333"); | |
17879 | + &PERM_OP($r,$l,$tt,16,"0x0000ffff"); | |
17880 | + &PERM_OP($l,$r,$tt, 4,"0x0f0f0f0f"); | |
17881 | + } | |
17882 | + | |
17883 | +sub n2a | |
17884 | + { | |
17885 | + sprintf("%d",$_[0]); | |
17886 | + } | |
17887 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
17888 | +++ linux/net/ipsec/des/asm/desboth.pl Mon Feb 9 13:51:03 2004 | |
17889 | @@ -0,0 +1,79 @@ | |
17890 | +#!/usr/local/bin/perl | |
17891 | + | |
17892 | +$L="edi"; | |
17893 | +$R="esi"; | |
17894 | + | |
17895 | +sub des_encrypt3 | |
17896 | + { | |
17897 | + local($name,$enc)=@_; | |
17898 | + | |
17899 | + &function_begin_B($name,""); | |
17900 | + &push("ebx"); | |
17901 | + &mov("ebx",&wparam(0)); | |
17902 | + | |
17903 | + &push("ebp"); | |
17904 | + &push("esi"); | |
17905 | + | |
17906 | + &push("edi"); | |
17907 | + | |
17908 | + &comment(""); | |
17909 | + &comment("Load the data words"); | |
17910 | + &mov($L,&DWP(0,"ebx","",0)); | |
17911 | + &mov($R,&DWP(4,"ebx","",0)); | |
17912 | + &stack_push(3); | |
17913 | + | |
17914 | + &comment(""); | |
17915 | + &comment("IP"); | |
17916 | + &IP_new($L,$R,"edx",0); | |
17917 | + | |
17918 | + # put them back | |
17919 | + | |
17920 | + if ($enc) | |
17921 | + { | |
17922 | + &mov(&DWP(4,"ebx","",0),$R); | |
17923 | + &mov("eax",&wparam(1)); | |
17924 | + &mov(&DWP(0,"ebx","",0),"edx"); | |
17925 | + &mov("edi",&wparam(2)); | |
17926 | + &mov("esi",&wparam(3)); | |
17927 | + } | |
17928 | + else | |
17929 | + { | |
17930 | + &mov(&DWP(4,"ebx","",0),$R); | |
17931 | + &mov("esi",&wparam(1)); | |
17932 | + &mov(&DWP(0,"ebx","",0),"edx"); | |
17933 | + &mov("edi",&wparam(2)); | |
17934 | + &mov("eax",&wparam(3)); | |
17935 | + } | |
17936 | + &mov(&swtmp(2), (($enc)?"1":"0")); | |
17937 | + &mov(&swtmp(1), "eax"); | |
17938 | + &mov(&swtmp(0), "ebx"); | |
17939 | + &call("des_encrypt2"); | |
17940 | + &mov(&swtmp(2), (($enc)?"0":"1")); | |
17941 | + &mov(&swtmp(1), "edi"); | |
17942 | + &mov(&swtmp(0), "ebx"); | |
17943 | + &call("des_encrypt2"); | |
17944 | + &mov(&swtmp(2), (($enc)?"1":"0")); | |
17945 | + &mov(&swtmp(1), "esi"); | |
17946 | + &mov(&swtmp(0), "ebx"); | |
17947 | + &call("des_encrypt2"); | |
17948 | + | |
17949 | + &stack_pop(3); | |
17950 | + &mov($L,&DWP(0,"ebx","",0)); | |
17951 | + &mov($R,&DWP(4,"ebx","",0)); | |
17952 | + | |
17953 | + &comment(""); | |
17954 | + &comment("FP"); | |
17955 | + &FP_new($L,$R,"eax",0); | |
17956 | + | |
17957 | + &mov(&DWP(0,"ebx","",0),"eax"); | |
17958 | + &mov(&DWP(4,"ebx","",0),$R); | |
17959 | + | |
17960 | + &pop("edi"); | |
17961 | + &pop("esi"); | |
17962 | + &pop("ebp"); | |
17963 | + &pop("ebx"); | |
17964 | + &ret(); | |
17965 | + &function_end_B($name); | |
17966 | + } | |
17967 | + | |
17968 | + | |
17969 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
17970 | +++ linux/net/ipsec/des/asm/readme Mon Feb 9 13:51:03 2004 | |
17971 | @@ -0,0 +1,131 @@ | |
17972 | +First up, let me say I don't like writing in assembler. It is not portable, | |
17973 | +dependant on the particular CPU architecture release and is generally a pig | |
17974 | +to debug and get right. Having said that, the x86 architecture is probably | |
17975 | +the most important for speed due to number of boxes and since | |
17976 | +it appears to be the worst architecture to to get | |
17977 | +good C compilers for. So due to this, I have lowered myself to do | |
17978 | +assembler for the inner DES routines in libdes :-). | |
17979 | + | |
17980 | +The file to implement in assembler is des_enc.c. Replace the following | |
17981 | +4 functions | |
17982 | +des_encrypt(DES_LONG data[2],des_key_schedule ks, int encrypt); | |
17983 | +des_encrypt2(DES_LONG data[2],des_key_schedule ks, int encrypt); | |
17984 | +des_encrypt3(DES_LONG data[2],des_key_schedule ks1,ks2,ks3); | |
17985 | +des_decrypt3(DES_LONG data[2],des_key_schedule ks1,ks2,ks3); | |
17986 | + | |
17987 | +They encrypt/decrypt the 64 bits held in 'data' using | |
17988 | +the 'ks' key schedules. The only difference between the 4 functions is that | |
17989 | +des_encrypt2() does not perform IP() or FP() on the data (this is an | |
17990 | +optimization for when doing triple DES and des_encrypt3() and des_decrypt3() | |
17991 | +perform triple des. The triple DES routines are in here because it does | |
17992 | +make a big difference to have them located near the des_encrypt2 function | |
17993 | +at link time.. | |
17994 | + | |
17995 | +Now as we all know, there are lots of different operating systems running on | |
17996 | +x86 boxes, and unfortunately they normally try to make sure their assembler | |
17997 | +formating is not the same as the other peoples. | |
17998 | +The 4 main formats I know of are | |
17999 | +Microsoft Windows 95/Windows NT | |
18000 | +Elf Includes Linux and FreeBSD(?). | |
18001 | +a.out The older Linux. | |
18002 | +Solaris Same as Elf but different comments :-(. | |
18003 | + | |
18004 | +Now I was not overly keen to write 4 different copies of the same code, | |
18005 | +so I wrote a few perl routines to output the correct assembler, given | |
18006 | +a target assembler type. This code is ugly and is just a hack. | |
18007 | +The libraries are x86unix.pl and x86ms.pl. | |
18008 | +des586.pl, des686.pl and des-som[23].pl are the programs to actually | |
18009 | +generate the assembler. | |
18010 | + | |
18011 | +So to generate elf assembler | |
18012 | +perl des-som3.pl elf >dx86-elf.s | |
18013 | +For Windows 95/NT | |
18014 | +perl des-som2.pl win32 >win32.asm | |
18015 | + | |
18016 | +[ update 4 Jan 1996 ] | |
18017 | +I have added another way to do things. | |
18018 | +perl des-som3.pl cpp >dx86-cpp.s | |
18019 | +generates a file that will be included by dx86unix.cpp when it is compiled. | |
18020 | +To build for elf, a.out, solaris, bsdi etc, | |
18021 | +cc -E -DELF asm/dx86unix.cpp | as -o asm/dx86-elf.o | |
18022 | +cc -E -DSOL asm/dx86unix.cpp | as -o asm/dx86-sol.o | |
18023 | +cc -E -DOUT asm/dx86unix.cpp | as -o asm/dx86-out.o | |
18024 | +cc -E -DBSDI asm/dx86unix.cpp | as -o asm/dx86bsdi.o | |
18025 | +This was done to cut down the number of files in the distribution. | |
18026 | + | |
18027 | +Now the ugly part. I acquired my copy of Intels | |
18028 | +"Optimization's For Intel's 32-Bit Processors" and found a few interesting | |
18029 | +things. First, the aim of the exersize is to 'extract' one byte at a time | |
18030 | +from a word and do an array lookup. This involves getting the byte from | |
18031 | +the 4 locations in the word and moving it to a new word and doing the lookup. | |
18032 | +The most obvious way to do this is | |
18033 | +xor eax, eax # clear word | |
18034 | +movb al, cl # get low byte | |
18035 | +xor edi DWORD PTR 0x100+des_SP[eax] # xor in word | |
18036 | +movb al, ch # get next byte | |
18037 | +xor edi DWORD PTR 0x300+des_SP[eax] # xor in word | |
18038 | +shr ecx 16 | |
18039 | +which seems ok. For the pentium, this system appears to be the best. | |
18040 | +One has to do instruction interleaving to keep both functional units | |
18041 | +operating, but it is basically very efficient. | |
18042 | + | |
18043 | +Now the crunch. When a full register is used after a partial write, eg. | |
18044 | +mov al, cl | |
18045 | +xor edi, DWORD PTR 0x100+des_SP[eax] | |
18046 | +386 - 1 cycle stall | |
18047 | +486 - 1 cycle stall | |
18048 | +586 - 0 cycle stall | |
18049 | +686 - at least 7 cycle stall (page 22 of the above mentioned document). | |
18050 | + | |
18051 | +So the technique that produces the best results on a pentium, according to | |
18052 | +the documentation, will produce hideous results on a pentium pro. | |
18053 | + | |
18054 | +To get around this, des686.pl will generate code that is not as fast on | |
18055 | +a pentium, should be very good on a pentium pro. | |
18056 | +mov eax, ecx # copy word | |
18057 | +shr ecx, 8 # line up next byte | |
18058 | +and eax, 0fch # mask byte | |
18059 | +xor edi DWORD PTR 0x100+des_SP[eax] # xor in array lookup | |
18060 | +mov eax, ecx # get word | |
18061 | +shr ecx 8 # line up next byte | |
18062 | +and eax, 0fch # mask byte | |
18063 | +xor edi DWORD PTR 0x300+des_SP[eax] # xor in array lookup | |
18064 | + | |
18065 | +Due to the execution units in the pentium, this actually works quite well. | |
18066 | +For a pentium pro it should be very good. This is the type of output | |
18067 | +Visual C++ generates. | |
18068 | + | |
18069 | +There is a third option. instead of using | |
18070 | +mov al, ch | |
18071 | +which is bad on the pentium pro, one may be able to use | |
18072 | +movzx eax, ch | |
18073 | +which may not incur the partial write penalty. On the pentium, | |
18074 | +this instruction takes 4 cycles so is not worth using but on the | |
18075 | +pentium pro it appears it may be worth while. I need access to one to | |
18076 | +experiment :-). | |
18077 | + | |
18078 | +eric (20 Oct 1996) | |
18079 | + | |
18080 | +22 Nov 1996 - I have asked people to run the 2 different version on pentium | |
18081 | +pros and it appears that the intel documentation is wrong. The | |
18082 | +mov al,bh is still faster on a pentium pro, so just use the des586.pl | |
18083 | +install des686.pl | |
18084 | + | |
18085 | +3 Dec 1996 - I added des_encrypt3/des_decrypt3 because I have moved these | |
18086 | +functions into des_enc.c because it does make a massive performance | |
18087 | +difference on some boxes to have the functions code located close to | |
18088 | +the des_encrypt2() function. | |
18089 | + | |
18090 | +9 Jan 1997 - des-som2.pl is now the correct perl script to use for | |
18091 | +pentiums. It contains an inner loop from | |
18092 | +Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk> which does raw ecb DES calls at | |
18093 | +273,000 per second. He had a previous version at 250,000 and the best | |
18094 | +I was able to get was 203,000. The content has not changed, this is all | |
18095 | +due to instruction sequencing (and actual instructions choice) which is able | |
18096 | +to keep both functional units of the pentium going. | |
18097 | +We may have lost the ugly register usage restrictions when x86 went 32 bit | |
18098 | +but for the pentium it has been replaced by evil instruction ordering tricks. | |
18099 | + | |
18100 | +13 Jan 1997 - des-som3.pl, more optimizations from Svend Olaf. | |
18101 | +raw DES at 281,000 per second on a pentium 100. | |
18102 | + | |
18103 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
18104 | +++ linux/net/ipsec/des/cbc_enc.c Mon Feb 9 13:51:03 2004 | |
18105 | @@ -0,0 +1,135 @@ | |
18106 | +/* crypto/des/cbc_enc.c */ | |
18107 | +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) | |
18108 | + * All rights reserved. | |
18109 | + * | |
18110 | + * This package is an SSL implementation written | |
18111 | + * by Eric Young (eay@cryptsoft.com). | |
18112 | + * The implementation was written so as to conform with Netscapes SSL. | |
18113 | + * | |
18114 | + * This library is free for commercial and non-commercial use as long as | |
18115 | + * the following conditions are aheared to. The following conditions | |
18116 | + * apply to all code found in this distribution, be it the RC4, RSA, | |
18117 | + * lhash, DES, etc., code; not just the SSL code. The SSL documentation | |
18118 | + * included with this distribution is covered by the same copyright terms | |
18119 | + * except that the holder is Tim Hudson (tjh@cryptsoft.com). | |
18120 | + * | |
18121 | + * Copyright remains Eric Young's, and as such any Copyright notices in | |
18122 | + * the code are not to be removed. | |
18123 | + * If this package is used in a product, Eric Young should be given attribution | |
18124 | + * as the author of the parts of the library used. | |
18125 | + * This can be in the form of a textual message at program startup or | |
18126 | + * in documentation (online or textual) provided with the package. | |
18127 | + * | |
18128 | + * Redistribution and use in source and binary forms, with or without | |
18129 | + * modification, are permitted provided that the following conditions | |
18130 | + * are met: | |
18131 | + * 1. Redistributions of source code must retain the copyright | |
18132 | + * notice, this list of conditions and the following disclaimer. | |
18133 | + * 2. Redistributions in binary form must reproduce the above copyright | |
18134 | + * notice, this list of conditions and the following disclaimer in the | |
18135 | + * documentation and/or other materials provided with the distribution. | |
18136 | + * 3. All advertising materials mentioning features or use of this software | |
18137 | + * must display the following acknowledgement: | |
18138 | + * "This product includes cryptographic software written by | |
18139 | + * Eric Young (eay@cryptsoft.com)" | |
18140 | + * The word 'cryptographic' can be left out if the rouines from the library | |
18141 | + * being used are not cryptographic related :-). | |
18142 | + * 4. If you include any Windows specific code (or a derivative thereof) from | |
18143 | + * the apps directory (application code) you must include an acknowledgement: | |
18144 | + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | |
18145 | + * | |
18146 | + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | |
18147 | + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
18148 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
18149 | + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |
18150 | + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
18151 | + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
18152 | + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
18153 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
18154 | + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
18155 | + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
18156 | + * SUCH DAMAGE. | |
18157 | + * | |
18158 | + * The licence and distribution terms for any publically available version or | |
18159 | + * derivative of this code cannot be changed. i.e. this code cannot simply be | |
18160 | + * copied and put under another distribution licence | |
18161 | + * [including the GNU Public Licence.] | |
18162 | + */ | |
18163 | + | |
18164 | +#include "des/des_locl.h" | |
18165 | + | |
18166 | +void des_cbc_encrypt(input, output, length, schedule, ivec, enc) | |
18167 | +des_cblock (*input); | |
18168 | +des_cblock (*output); | |
18169 | +long length; | |
18170 | +des_key_schedule schedule; | |
18171 | +des_cblock (*ivec); | |
18172 | +int enc; | |
18173 | + { | |
18174 | + register DES_LONG tin0,tin1; | |
18175 | + register DES_LONG tout0,tout1,xor0,xor1; | |
18176 | + register unsigned char *in,*out; | |
18177 | + register long l=length; | |
18178 | + DES_LONG tin[2]; | |
18179 | + unsigned char *iv; | |
18180 | + | |
18181 | + in=(unsigned char *)input; | |
18182 | + out=(unsigned char *)output; | |
18183 | + iv=(unsigned char *)ivec; | |
18184 | + | |
18185 | + if (enc) | |
18186 | + { | |
18187 | + c2l(iv,tout0); | |
18188 | + c2l(iv,tout1); | |
18189 | + for (l-=8; l>=0; l-=8) | |
18190 | + { | |
18191 | + c2l(in,tin0); | |
18192 | + c2l(in,tin1); | |
18193 | + tin0^=tout0; tin[0]=tin0; | |
18194 | + tin1^=tout1; tin[1]=tin1; | |
18195 | + des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT); | |
18196 | + tout0=tin[0]; l2c(tout0,out); | |
18197 | + tout1=tin[1]; l2c(tout1,out); | |
18198 | + } | |
18199 | + if (l != -8) | |
18200 | + { | |
18201 | + c2ln(in,tin0,tin1,l+8); | |
18202 | + tin0^=tout0; tin[0]=tin0; | |
18203 | + tin1^=tout1; tin[1]=tin1; | |
18204 | + des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT); | |
18205 | + tout0=tin[0]; l2c(tout0,out); | |
18206 | + tout1=tin[1]; l2c(tout1,out); | |
18207 | + } | |
18208 | + } | |
18209 | + else | |
18210 | + { | |
18211 | + c2l(iv,xor0); | |
18212 | + c2l(iv,xor1); | |
18213 | + for (l-=8; l>=0; l-=8) | |
18214 | + { | |
18215 | + c2l(in,tin0); tin[0]=tin0; | |
18216 | + c2l(in,tin1); tin[1]=tin1; | |
18217 | + des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT); | |
18218 | + tout0=tin[0]^xor0; | |
18219 | + tout1=tin[1]^xor1; | |
18220 | + l2c(tout0,out); | |
18221 | + l2c(tout1,out); | |
18222 | + xor0=tin0; | |
18223 | + xor1=tin1; | |
18224 | + } | |
18225 | + if (l != -8) | |
18226 | + { | |
18227 | + c2l(in,tin0); tin[0]=tin0; | |
18228 | + c2l(in,tin1); tin[1]=tin1; | |
18229 | + des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT); | |
18230 | + tout0=tin[0]^xor0; | |
18231 | + tout1=tin[1]^xor1; | |
18232 | + l2cn(tout0,tout1,out,l+8); | |
18233 | + /* xor0=tin0; | |
18234 | + xor1=tin1; */ | |
18235 | + } | |
18236 | + } | |
18237 | + tin0=tin1=tout0=tout1=xor0=xor1=0; | |
18238 | + tin[0]=tin[1]=0; | |
18239 | + } | |
18240 | + | |
18241 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
18242 | +++ linux/net/ipsec/des/des.doc Mon Feb 9 13:51:03 2004 | |
18243 | @@ -0,0 +1,505 @@ | |
18244 | +The DES library. | |
18245 | + | |
18246 | +Please note that this library was originally written to operate with | |
18247 | +eBones, a version of Kerberos that had had encryption removed when it left | |
18248 | +the USA and then put back in. As such there are some routines that I will | |
18249 | +advise not using but they are still in the library for historical reasons. | |
18250 | +For all calls that have an 'input' and 'output' variables, they can be the | |
18251 | +same. | |
18252 | + | |
18253 | +This library requires the inclusion of 'des.h'. | |
18254 | + | |
18255 | +All of the encryption functions take what is called a des_key_schedule as an | |
18256 | +argument. A des_key_schedule is an expanded form of the des key. | |
18257 | +A des_key is 8 bytes of odd parity, the type used to hold the key is a | |
18258 | +des_cblock. A des_cblock is an array of 8 bytes, often in this library | |
18259 | +description I will refer to input bytes when the function specifies | |
18260 | +des_cblock's as input or output, this just means that the variable should | |
18261 | +be a multiple of 8 bytes. | |
18262 | + | |
18263 | +The define DES_ENCRYPT is passed to specify encryption, DES_DECRYPT to | |
18264 | +specify decryption. The functions and global variable are as follows: | |
18265 | + | |
18266 | +int des_check_key; | |
18267 | + DES keys are supposed to be odd parity. If this variable is set to | |
18268 | + a non-zero value, des_set_key() will check that the key has odd | |
18269 | + parity and is not one of the known weak DES keys. By default this | |
18270 | + variable is turned off; | |
18271 | + | |
18272 | +void des_set_odd_parity( | |
18273 | +des_cblock *key ); | |
18274 | + This function takes a DES key (8 bytes) and sets the parity to odd. | |
18275 | + | |
18276 | +int des_is_weak_key( | |
18277 | +des_cblock *key ); | |
18278 | + This function returns a non-zero value if the DES key passed is a | |
18279 | + weak, DES key. If it is a weak key, don't use it, try a different | |
18280 | + one. If you are using 'random' keys, the chances of hitting a weak | |
18281 | + key are 1/2^52 so it is probably not worth checking for them. | |
18282 | + | |
18283 | +int des_set_key( | |
18284 | +des_cblock *key, | |
18285 | +des_key_schedule schedule); | |
18286 | + Des_set_key converts an 8 byte DES key into a des_key_schedule. | |
18287 | + A des_key_schedule is an expanded form of the key which is used to | |
18288 | + perform actual encryption. It can be regenerated from the DES key | |
18289 | + so it only needs to be kept when encryption or decryption is about | |
18290 | + to occur. Don't save or pass around des_key_schedule's since they | |
18291 | + are CPU architecture dependent, DES keys are not. If des_check_key | |
18292 | + is non zero, zero is returned if the key has the wrong parity or | |
18293 | + the key is a weak key, else 1 is returned. | |
18294 | + | |
18295 | +int des_key_sched( | |
18296 | +des_cblock *key, | |
18297 | +des_key_schedule schedule); | |
18298 | + An alternative name for des_set_key(). | |
18299 | + | |
18300 | +int des_rw_mode; /* defaults to DES_PCBC_MODE */ | |
18301 | + This flag holds either DES_CBC_MODE or DES_PCBC_MODE (default). | |
18302 | + This specifies the function to use in the enc_read() and enc_write() | |
18303 | + functions. | |
18304 | + | |
18305 | +void des_encrypt( | |
18306 | +unsigned long *data, | |
18307 | +des_key_schedule ks, | |
18308 | +int enc); | |
18309 | + This is the DES encryption function that gets called by just about | |
18310 | + every other DES routine in the library. You should not use this | |
18311 | + function except to implement 'modes' of DES. I say this because the | |
18312 | + functions that call this routine do the conversion from 'char *' to | |
18313 | + long, and this needs to be done to make sure 'non-aligned' memory | |
18314 | + access do not occur. The characters are loaded 'little endian', | |
18315 | + have a look at my source code for more details on how I use this | |
18316 | + function. | |
18317 | + Data is a pointer to 2 unsigned long's and ks is the | |
18318 | + des_key_schedule to use. enc, is non zero specifies encryption, | |
18319 | + zero if decryption. | |
18320 | + | |
18321 | +void des_encrypt2( | |
18322 | +unsigned long *data, | |
18323 | +des_key_schedule ks, | |
18324 | +int enc); | |
18325 | + This functions is the same as des_encrypt() except that the DES | |
18326 | + initial permutation (IP) and final permutation (FP) have been left | |
18327 | + out. As for des_encrypt(), you should not use this function. | |
18328 | + It is used by the routines in my library that implement triple DES. | |
18329 | + IP() des_encrypt2() des_encrypt2() des_encrypt2() FP() is the same | |
18330 | + as des_encrypt() des_encrypt() des_encrypt() except faster :-). | |
18331 | + | |
18332 | +void des_ecb_encrypt( | |
18333 | +des_cblock *input, | |
18334 | +des_cblock *output, | |
18335 | +des_key_schedule ks, | |
18336 | +int enc); | |
18337 | + This is the basic Electronic Code Book form of DES, the most basic | |
18338 | + form. Input is encrypted into output using the key represented by | |
18339 | + ks. If enc is non zero (DES_ENCRYPT), encryption occurs, otherwise | |
18340 | + decryption occurs. Input is 8 bytes long and output is 8 bytes. | |
18341 | + (the des_cblock structure is 8 chars). | |
18342 | + | |
18343 | +void des_ecb3_encrypt( | |
18344 | +des_cblock *input, | |
18345 | +des_cblock *output, | |
18346 | +des_key_schedule ks1, | |
18347 | +des_key_schedule ks2, | |
18348 | +des_key_schedule ks3, | |
18349 | +int enc); | |
18350 | + This is the 3 key EDE mode of ECB DES. What this means is that | |
18351 | + the 8 bytes of input is encrypted with ks1, decrypted with ks2 and | |
18352 | + then encrypted again with ks3, before being put into output; | |
18353 | + C=E(ks3,D(ks2,E(ks1,M))). There is a macro, des_ecb2_encrypt() | |
18354 | + that only takes 2 des_key_schedules that implements, | |
18355 | + C=E(ks1,D(ks2,E(ks1,M))) in that the final encrypt is done with ks1. | |
18356 | + | |
18357 | +void des_cbc_encrypt( | |
18358 | +des_cblock *input, | |
18359 | +des_cblock *output, | |
18360 | +long length, | |
18361 | +des_key_schedule ks, | |
18362 | +des_cblock *ivec, | |
18363 | +int enc); | |
18364 | + This routine implements DES in Cipher Block Chaining mode. | |
18365 | + Input, which should be a multiple of 8 bytes is encrypted | |
18366 | + (or decrypted) to output which will also be a multiple of 8 bytes. | |
18367 | + The number of bytes is in length (and from what I've said above, | |
18368 | + should be a multiple of 8). If length is not a multiple of 8, I'm | |
18369 | + not being held responsible :-). ivec is the initialisation vector. | |
18370 | + This function does not modify this variable. To correctly implement | |
18371 | + cbc mode, you need to do one of 2 things; copy the last 8 bytes of | |
18372 | + cipher text for use as the next ivec in your application, | |
18373 | + or use des_ncbc_encrypt(). | |
18374 | + Only this routine has this problem with updating the ivec, all | |
18375 | + other routines that are implementing cbc mode update ivec. | |
18376 | + | |
18377 | +void des_ncbc_encrypt( | |
18378 | +des_cblock *input, | |
18379 | +des_cblock *output, | |
18380 | +long length, | |
18381 | +des_key_schedule sk, | |
18382 | +des_cblock *ivec, | |
18383 | +int enc); | |
18384 | + For historical reasons, des_cbc_encrypt() did not update the | |
18385 | + ivec with the value requires so that subsequent calls to | |
18386 | + des_cbc_encrypt() would 'chain'. This was needed so that the same | |
18387 | + 'length' values would not need to be used when decrypting. | |
18388 | + des_ncbc_encrypt() does the right thing. It is the same as | |
18389 | + des_cbc_encrypt accept that ivec is updates with the correct value | |
18390 | + to pass in subsequent calls to des_ncbc_encrypt(). I advise using | |
18391 | + des_ncbc_encrypt() instead of des_cbc_encrypt(); | |
18392 | + | |
18393 | +void des_xcbc_encrypt( | |
18394 | +des_cblock *input, | |
18395 | +des_cblock *output, | |
18396 | +long length, | |
18397 | +des_key_schedule sk, | |
18398 | +des_cblock *ivec, | |
18399 | +des_cblock *inw, | |
18400 | +des_cblock *outw, | |
18401 | +int enc); | |
18402 | + This is RSA's DESX mode of DES. It uses inw and outw to | |
18403 | + 'whiten' the encryption. inw and outw are secret (unlike the iv) | |
18404 | + and are as such, part of the key. So the key is sort of 24 bytes. | |
18405 | + This is much better than cbc des. | |
18406 | + | |
18407 | +void des_3cbc_encrypt( | |
18408 | +des_cblock *input, | |
18409 | +des_cblock *output, | |
18410 | +long length, | |
18411 | +des_key_schedule sk1, | |
18412 | +des_key_schedule sk2, | |
18413 | +des_cblock *ivec1, | |
18414 | +des_cblock *ivec2, | |
18415 | +int enc); | |
18416 | + This function is flawed, do not use it. I have left it in the | |
18417 | + library because it is used in my des(1) program and will function | |
18418 | + correctly when used by des(1). If I removed the function, people | |
18419 | + could end up unable to decrypt files. | |
18420 | + This routine implements outer triple cbc encryption using 2 ks and | |
18421 | + 2 ivec's. Use des_ede2_cbc_encrypt() instead. | |
18422 | + | |
18423 | +void des_ede3_cbc_encrypt( | |
18424 | +des_cblock *input, | |
18425 | +des_cblock *output, | |
18426 | +long length, | |
18427 | +des_key_schedule ks1, | |
18428 | +des_key_schedule ks2, | |
18429 | +des_key_schedule ks3, | |
18430 | +des_cblock *ivec, | |
18431 | +int enc); | |
18432 | + This function implements inner triple CBC DES encryption with 3 | |
18433 | + keys. What this means is that each 'DES' operation | |
18434 | + inside the cbc mode is really an C=E(ks3,D(ks2,E(ks1,M))). | |
18435 | + Again, this is cbc mode so an ivec is requires. | |
18436 | + This mode is used by SSL. | |
18437 | + There is also a des_ede2_cbc_encrypt() that only uses 2 | |
18438 | + des_key_schedule's, the first being reused for the final | |
18439 | + encryption. C=E(ks1,D(ks2,E(ks1,M))). This form of triple DES | |
18440 | + is used by the RSAref library. | |
18441 | + | |
18442 | +void des_pcbc_encrypt( | |
18443 | +des_cblock *input, | |
18444 | +des_cblock *output, | |
18445 | +long length, | |
18446 | +des_key_schedule ks, | |
18447 | +des_cblock *ivec, | |
18448 | +int enc); | |
18449 | + This is Propagating Cipher Block Chaining mode of DES. It is used | |
18450 | + by Kerberos v4. It's parameters are the same as des_ncbc_encrypt(). | |
18451 | + | |
18452 | +void des_cfb_encrypt( | |
18453 | +unsigned char *in, | |
18454 | +unsigned char *out, | |
18455 | +int numbits, | |
18456 | +long length, | |
18457 | +des_key_schedule ks, | |
18458 | +des_cblock *ivec, | |
18459 | +int enc); | |
18460 | + Cipher Feedback Back mode of DES. This implementation 'feeds back' | |
18461 | + in numbit blocks. The input (and output) is in multiples of numbits | |
18462 | + bits. numbits should to be a multiple of 8 bits. Length is the | |
18463 | + number of bytes input. If numbits is not a multiple of 8 bits, | |
18464 | + the extra bits in the bytes will be considered padding. So if | |
18465 | + numbits is 12, for each 2 input bytes, the 4 high bits of the | |
18466 | + second byte will be ignored. So to encode 72 bits when using | |
18467 | + a numbits of 12 take 12 bytes. To encode 72 bits when using | |
18468 | + numbits of 9 will take 16 bytes. To encode 80 bits when using | |
18469 | + numbits of 16 will take 10 bytes. etc, etc. This padding will | |
18470 | + apply to both input and output. | |
18471 | + | |
18472 | + | |
18473 | +void des_cfb64_encrypt( | |
18474 | +unsigned char *in, | |
18475 | +unsigned char *out, | |
18476 | +long length, | |
18477 | +des_key_schedule ks, | |
18478 | +des_cblock *ivec, | |
18479 | +int *num, | |
18480 | +int enc); | |
18481 | + This is one of the more useful functions in this DES library, it | |
18482 | + implements CFB mode of DES with 64bit feedback. Why is this | |
18483 | + useful you ask? Because this routine will allow you to encrypt an | |
18484 | + arbitrary number of bytes, no 8 byte padding. Each call to this | |
18485 | + routine will encrypt the input bytes to output and then update ivec | |
18486 | + and num. num contains 'how far' we are though ivec. If this does | |
18487 | + not make much sense, read more about cfb mode of DES :-). | |
18488 | + | |
18489 | +void des_ede3_cfb64_encrypt( | |
18490 | +unsigned char *in, | |
18491 | +unsigned char *out, | |
18492 | +long length, | |
18493 | +des_key_schedule ks1, | |
18494 | +des_key_schedule ks2, | |
18495 | +des_key_schedule ks3, | |
18496 | +des_cblock *ivec, | |
18497 | +int *num, | |
18498 | +int enc); | |
18499 | + Same as des_cfb64_encrypt() accept that the DES operation is | |
18500 | + triple DES. As usual, there is a macro for | |
18501 | + des_ede2_cfb64_encrypt() which reuses ks1. | |
18502 | + | |
18503 | +void des_ofb_encrypt( | |
18504 | +unsigned char *in, | |
18505 | +unsigned char *out, | |
18506 | +int numbits, | |
18507 | +long length, | |
18508 | +des_key_schedule ks, | |
18509 | +des_cblock *ivec); | |
18510 | + This is a implementation of Output Feed Back mode of DES. It is | |
18511 | + the same as des_cfb_encrypt() in that numbits is the size of the | |
18512 | + units dealt with during input and output (in bits). | |
18513 | + | |
18514 | +void des_ofb64_encrypt( | |
18515 | +unsigned char *in, | |
18516 | +unsigned char *out, | |
18517 | +long length, | |
18518 | +des_key_schedule ks, | |
18519 | +des_cblock *ivec, | |
18520 | +int *num); | |
18521 | + The same as des_cfb64_encrypt() except that it is Output Feed Back | |
18522 | + mode. | |
18523 | + | |
18524 | +void des_ede3_ofb64_encrypt( | |
18525 | +unsigned char *in, | |
18526 | +unsigned char *out, | |
18527 | +long length, | |
18528 | +des_key_schedule ks1, | |
18529 | +des_key_schedule ks2, | |
18530 | +des_key_schedule ks3, | |
18531 | +des_cblock *ivec, | |
18532 | +int *num); | |
18533 | + Same as des_ofb64_encrypt() accept that the DES operation is | |
18534 | + triple DES. As usual, there is a macro for | |
18535 | + des_ede2_ofb64_encrypt() which reuses ks1. | |
18536 | + | |
18537 | +int des_read_pw_string( | |
18538 | +char *buf, | |
18539 | +int length, | |
18540 | +char *prompt, | |
18541 | +int verify); | |
18542 | + This routine is used to get a password from the terminal with echo | |
18543 | + turned off. Buf is where the string will end up and length is the | |
18544 | + size of buf. Prompt is a string presented to the 'user' and if | |
18545 | + verify is set, the key is asked for twice and unless the 2 copies | |
18546 | + match, an error is returned. A return code of -1 indicates a | |
18547 | + system error, 1 failure due to use interaction, and 0 is success. | |
18548 | + | |
18549 | +unsigned long des_cbc_cksum( | |
18550 | +des_cblock *input, | |
18551 | +des_cblock *output, | |
18552 | +long length, | |
18553 | +des_key_schedule ks, | |
18554 | +des_cblock *ivec); | |
18555 | + This function produces an 8 byte checksum from input that it puts in | |
18556 | + output and returns the last 4 bytes as a long. The checksum is | |
18557 | + generated via cbc mode of DES in which only the last 8 byes are | |
18558 | + kept. I would recommend not using this function but instead using | |
18559 | + the EVP_Digest routines, or at least using MD5 or SHA. This | |
18560 | + function is used by Kerberos v4 so that is why it stays in the | |
18561 | + library. | |
18562 | + | |
18563 | +char *des_fcrypt( | |
18564 | +const char *buf, | |
18565 | +const char *salt | |
18566 | +char *ret); | |
18567 | + This is my fast version of the unix crypt(3) function. This version | |
18568 | + takes only a small amount of space relative to other fast | |
18569 | + crypt() implementations. This is different to the normal crypt | |
18570 | + in that the third parameter is the buffer that the return value | |
18571 | + is written into. It needs to be at least 14 bytes long. This | |
18572 | + function is thread safe, unlike the normal crypt. | |
18573 | + | |
18574 | +char *crypt( | |
18575 | +const char *buf, | |
18576 | +const char *salt); | |
18577 | + This function calls des_fcrypt() with a static array passed as the | |
18578 | + third parameter. This emulates the normal non-thread safe semantics | |
18579 | + of crypt(3). | |
18580 | + | |
18581 | +void des_string_to_key( | |
18582 | +char *str, | |
18583 | +des_cblock *key); | |
18584 | + This function takes str and converts it into a DES key. I would | |
18585 | + recommend using MD5 instead and use the first 8 bytes of output. | |
18586 | + When I wrote the first version of these routines back in 1990, MD5 | |
18587 | + did not exist but I feel these routines are still sound. This | |
18588 | + routines is compatible with the one in MIT's libdes. | |
18589 | + | |
18590 | +void des_string_to_2keys( | |
18591 | +char *str, | |
18592 | +des_cblock *key1, | |
18593 | +des_cblock *key2); | |
18594 | + This function takes str and converts it into 2 DES keys. | |
18595 | + I would recommend using MD5 and using the 16 bytes as the 2 keys. | |
18596 | + I have nothing against these 2 'string_to_key' routines, it's just | |
18597 | + that if you say that your encryption key is generated by using the | |
18598 | + 16 bytes of an MD5 hash, every-one knows how you generated your | |
18599 | + keys. | |
18600 | + | |
18601 | +int des_read_password( | |
18602 | +des_cblock *key, | |
18603 | +char *prompt, | |
18604 | +int verify); | |
18605 | + This routine combines des_read_pw_string() with des_string_to_key(). | |
18606 | + | |
18607 | +int des_read_2passwords( | |
18608 | +des_cblock *key1, | |
18609 | +des_cblock *key2, | |
18610 | +char *prompt, | |
18611 | +int verify); | |
18612 | + This routine combines des_read_pw_string() with des_string_to_2key(). | |
18613 | + | |
18614 | +void des_random_seed( | |
18615 | +des_cblock key); | |
18616 | + This routine sets a starting point for des_random_key(). | |
18617 | + | |
18618 | +void des_random_key( | |
18619 | +des_cblock ret); | |
18620 | + This function return a random key. Make sure to 'seed' the random | |
18621 | + number generator (with des_random_seed()) before using this function. | |
18622 | + I personally now use a MD5 based random number system. | |
18623 | + | |
18624 | +int des_enc_read( | |
18625 | +int fd, | |
18626 | +char *buf, | |
18627 | +int len, | |
18628 | +des_key_schedule ks, | |
18629 | +des_cblock *iv); | |
18630 | + This function will write to a file descriptor the encrypted data | |
18631 | + from buf. This data will be preceded by a 4 byte 'byte count' and | |
18632 | + will be padded out to 8 bytes. The encryption is either CBC of | |
18633 | + PCBC depending on the value of des_rw_mode. If it is DES_PCBC_MODE, | |
18634 | + pcbc is used, if DES_CBC_MODE, cbc is used. The default is to use | |
18635 | + DES_PCBC_MODE. | |
18636 | + | |
18637 | +int des_enc_write( | |
18638 | +int fd, | |
18639 | +char *buf, | |
18640 | +int len, | |
18641 | +des_key_schedule ks, | |
18642 | +des_cblock *iv); | |
18643 | + This routines read stuff written by des_enc_read() and decrypts it. | |
18644 | + I have used these routines quite a lot but I don't believe they are | |
18645 | + suitable for non-blocking io. If you are after a full | |
18646 | + authentication/encryption over networks, have a look at SSL instead. | |
18647 | + | |
18648 | +unsigned long des_quad_cksum( | |
18649 | +des_cblock *input, | |
18650 | +des_cblock *output, | |
18651 | +long length, | |
18652 | +int out_count, | |
18653 | +des_cblock *seed); | |
18654 | + This is a function from Kerberos v4 that is not anything to do with | |
18655 | + DES but was needed. It is a cksum that is quicker to generate than | |
18656 | + des_cbc_cksum(); I personally would use MD5 routines now. | |
18657 | +===== | |
18658 | +Modes of DES | |
18659 | +Quite a bit of the following information has been taken from | |
18660 | + AS 2805.5.2 | |
18661 | + Australian Standard | |
18662 | + Electronic funds transfer - Requirements for interfaces, | |
18663 | + Part 5.2: Modes of operation for an n-bit block cipher algorithm | |
18664 | + Appendix A | |
18665 | + | |
18666 | +There are several different modes in which DES can be used, they are | |
18667 | +as follows. | |
18668 | + | |
18669 | +Electronic Codebook Mode (ECB) (des_ecb_encrypt()) | |
18670 | +- 64 bits are enciphered at a time. | |
18671 | +- The order of the blocks can be rearranged without detection. | |
18672 | +- The same plaintext block always produces the same ciphertext block | |
18673 | + (for the same key) making it vulnerable to a 'dictionary attack'. | |
18674 | +- An error will only affect one ciphertext block. | |
18675 | + | |
18676 | +Cipher Block Chaining Mode (CBC) (des_cbc_encrypt()) | |
18677 | +- a multiple of 64 bits are enciphered at a time. | |
18678 | +- The CBC mode produces the same ciphertext whenever the same | |
18679 | + plaintext is encrypted using the same key and starting variable. | |
18680 | +- The chaining operation makes the ciphertext blocks dependent on the | |
18681 | + current and all preceding plaintext blocks and therefore blocks can not | |
18682 | + be rearranged. | |
18683 | +- The use of different starting variables prevents the same plaintext | |
18684 | + enciphering to the same ciphertext. | |
18685 | +- An error will affect the current and the following ciphertext blocks. | |
18686 | + | |
18687 | +Cipher Feedback Mode (CFB) (des_cfb_encrypt()) | |
18688 | +- a number of bits (j) <= 64 are enciphered at a time. | |
18689 | +- The CFB mode produces the same ciphertext whenever the same | |
18690 | + plaintext is encrypted using the same key and starting variable. | |
18691 | +- The chaining operation makes the ciphertext variables dependent on the | |
18692 | + current and all preceding variables and therefore j-bit variables are | |
18693 | + chained together and can not be rearranged. | |
18694 | +- The use of different starting variables prevents the same plaintext | |
18695 | + enciphering to the same ciphertext. | |
18696 | +- The strength of the CFB mode depends on the size of k (maximal if | |
18697 | + j == k). In my implementation this is always the case. | |
18698 | +- Selection of a small value for j will require more cycles through | |
18699 | + the encipherment algorithm per unit of plaintext and thus cause | |
18700 | + greater processing overheads. | |
18701 | +- Only multiples of j bits can be enciphered. | |
18702 | +- An error will affect the current and the following ciphertext variables. | |
18703 | + | |
18704 | +Output Feedback Mode (OFB) (des_ofb_encrypt()) | |
18705 | +- a number of bits (j) <= 64 are enciphered at a time. | |
18706 | +- The OFB mode produces the same ciphertext whenever the same | |
18707 | + plaintext enciphered using the same key and starting variable. More | |
18708 | + over, in the OFB mode the same key stream is produced when the same | |
18709 | + key and start variable are used. Consequently, for security reasons | |
18710 | + a specific start variable should be used only once for a given key. | |
18711 | +- The absence of chaining makes the OFB more vulnerable to specific attacks. | |
18712 | +- The use of different start variables values prevents the same | |
18713 | + plaintext enciphering to the same ciphertext, by producing different | |
18714 | + key streams. | |
18715 | +- Selection of a small value for j will require more cycles through | |
18716 | + the encipherment algorithm per unit of plaintext and thus cause | |
18717 | + greater processing overheads. | |
18718 | +- Only multiples of j bits can be enciphered. | |
18719 | +- OFB mode of operation does not extend ciphertext errors in the | |
18720 | + resultant plaintext output. Every bit error in the ciphertext causes | |
18721 | + only one bit to be in error in the deciphered plaintext. | |
18722 | +- OFB mode is not self-synchronising. If the two operation of | |
18723 | + encipherment and decipherment get out of synchronism, the system needs | |
18724 | + to be re-initialised. | |
18725 | +- Each re-initialisation should use a value of the start variable | |
18726 | + different from the start variable values used before with the same | |
18727 | + key. The reason for this is that an identical bit stream would be | |
18728 | + produced each time from the same parameters. This would be | |
18729 | + susceptible to a ' known plaintext' attack. | |
18730 | + | |
18731 | +Triple ECB Mode (des_ecb3_encrypt()) | |
18732 | +- Encrypt with key1, decrypt with key2 and encrypt with key3 again. | |
18733 | +- As for ECB encryption but increases the key length to 168 bits. | |
18734 | + There are theoretic attacks that can be used that make the effective | |
18735 | + key length 112 bits, but this attack also requires 2^56 blocks of | |
18736 | + memory, not very likely, even for the NSA. | |
18737 | +- If both keys are the same it is equivalent to encrypting once with | |
18738 | + just one key. | |
18739 | +- If the first and last key are the same, the key length is 112 bits. | |
18740 | + There are attacks that could reduce the key space to 55 bit's but it | |
18741 | + requires 2^56 blocks of memory. | |
18742 | +- If all 3 keys are the same, this is effectively the same as normal | |
18743 | + ecb mode. | |
18744 | + | |
18745 | +Triple CBC Mode (des_ede3_cbc_encrypt()) | |
18746 | +- Encrypt with key1, decrypt with key2 and then encrypt with key3. | |
18747 | +- As for CBC encryption but increases the key length to 168 bits with | |
18748 | + the same restrictions as for triple ecb mode. | |
18749 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
18750 | +++ linux/net/ipsec/des/des_enc.c Mon Feb 9 13:51:03 2004 | |
18751 | @@ -0,0 +1,502 @@ | |
18752 | +/* crypto/des/des_enc.c */ | |
18753 | +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) | |
18754 | + * All rights reserved. | |
18755 | + * | |
18756 | + * This package is an SSL implementation written | |
18757 | + * by Eric Young (eay@cryptsoft.com). | |
18758 | + * The implementation was written so as to conform with Netscapes SSL. | |
18759 | + * | |
18760 | + * This library is free for commercial and non-commercial use as long as | |
18761 | + * the following conditions are aheared to. The following conditions | |
18762 | + * apply to all code found in this distribution, be it the RC4, RSA, | |
18763 | + * lhash, DES, etc., code; not just the SSL code. The SSL documentation | |
18764 | + * included with this distribution is covered by the same copyright terms | |
18765 | + * except that the holder is Tim Hudson (tjh@cryptsoft.com). | |
18766 | + * | |
18767 | + * Copyright remains Eric Young's, and as such any Copyright notices in | |
18768 | + * the code are not to be removed. | |
18769 | + * If this package is used in a product, Eric Young should be given attribution | |
18770 | + * as the author of the parts of the library used. | |
18771 | + * This can be in the form of a textual message at program startup or | |
18772 | + * in documentation (online or textual) provided with the package. | |
18773 | + * | |
18774 | + * Redistribution and use in source and binary forms, with or without | |
18775 | + * modification, are permitted provided that the following conditions | |
18776 | + * are met: | |
18777 | + * 1. Redistributions of source code must retain the copyright | |
18778 | + * notice, this list of conditions and the following disclaimer. | |
18779 | + * 2. Redistributions in binary form must reproduce the above copyright | |
18780 | + * notice, this list of conditions and the following disclaimer in the | |
18781 | + * documentation and/or other materials provided with the distribution. | |
18782 | + * 3. All advertising materials mentioning features or use of this software | |
18783 | + * must display the following acknowledgement: | |
18784 | + * "This product includes cryptographic software written by | |
18785 | + * Eric Young (eay@cryptsoft.com)" | |
18786 | + * The word 'cryptographic' can be left out if the rouines from the library | |
18787 | + * being used are not cryptographic related :-). | |
18788 | + * 4. If you include any Windows specific code (or a derivative thereof) from | |
18789 | + * the apps directory (application code) you must include an acknowledgement: | |
18790 | + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | |
18791 | + * | |
18792 | + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | |
18793 | + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
18794 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
18795 | + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |
18796 | + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
18797 | + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
18798 | + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
18799 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
18800 | + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
18801 | + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
18802 | + * SUCH DAMAGE. | |
18803 | + * | |
18804 | + * The licence and distribution terms for any publically available version or | |
18805 | + * derivative of this code cannot be changed. i.e. this code cannot simply be | |
18806 | + * copied and put under another distribution licence | |
18807 | + * [including the GNU Public Licence.] | |
18808 | + */ | |
18809 | + | |
18810 | +#include "des/des_locl.h" | |
18811 | + | |
18812 | +void des_encrypt(data, ks, enc) | |
18813 | +DES_LONG *data; | |
18814 | +des_key_schedule ks; | |
18815 | +int enc; | |
18816 | + { | |
18817 | + register DES_LONG l,r,t,u; | |
18818 | +#ifdef DES_PTR | |
18819 | + register unsigned char *des_SP=(unsigned char *)des_SPtrans; | |
18820 | +#endif | |
18821 | +#ifndef DES_UNROLL | |
18822 | + register int i; | |
18823 | +#endif | |
18824 | + register DES_LONG *s; | |
18825 | + | |
18826 | + r=data[0]; | |
18827 | + l=data[1]; | |
18828 | + | |
18829 | + IP(r,l); | |
18830 | + /* Things have been modified so that the initial rotate is | |
18831 | + * done outside the loop. This required the | |
18832 | + * des_SPtrans values in sp.h to be rotated 1 bit to the right. | |
18833 | + * One perl script later and things have a 5% speed up on a sparc2. | |
18834 | + * Thanks to Richard Outerbridge <71755.204@CompuServe.COM> | |
18835 | + * for pointing this out. */ | |
18836 | + /* clear the top bits on machines with 8byte longs */ | |
18837 | + /* shift left by 2 */ | |
18838 | + r=ROTATE(r,29)&0xffffffffL; | |
18839 | + l=ROTATE(l,29)&0xffffffffL; | |
18840 | + | |
18841 | + s=(DES_LONG *)ks; | |
18842 | + /* I don't know if it is worth the effort of loop unrolling the | |
18843 | + * inner loop */ | |
18844 | + if (enc) | |
18845 | + { | |
18846 | +#ifdef DES_UNROLL | |
18847 | + D_ENCRYPT(l,r, 0); /* 1 */ | |
18848 | + D_ENCRYPT(r,l, 2); /* 2 */ | |
18849 | + D_ENCRYPT(l,r, 4); /* 3 */ | |
18850 | + D_ENCRYPT(r,l, 6); /* 4 */ | |
18851 | + D_ENCRYPT(l,r, 8); /* 5 */ | |
18852 | + D_ENCRYPT(r,l,10); /* 6 */ | |
18853 | + D_ENCRYPT(l,r,12); /* 7 */ | |
18854 | + D_ENCRYPT(r,l,14); /* 8 */ | |
18855 | + D_ENCRYPT(l,r,16); /* 9 */ | |
18856 | + D_ENCRYPT(r,l,18); /* 10 */ | |
18857 | + D_ENCRYPT(l,r,20); /* 11 */ | |
18858 | + D_ENCRYPT(r,l,22); /* 12 */ | |
18859 | + D_ENCRYPT(l,r,24); /* 13 */ | |
18860 | + D_ENCRYPT(r,l,26); /* 14 */ | |
18861 | + D_ENCRYPT(l,r,28); /* 15 */ | |
18862 | + D_ENCRYPT(r,l,30); /* 16 */ | |
18863 | +#else | |
18864 | + for (i=0; i<32; i+=8) | |
18865 | + { | |
18866 | + D_ENCRYPT(l,r,i+0); /* 1 */ | |
18867 | + D_ENCRYPT(r,l,i+2); /* 2 */ | |
18868 | + D_ENCRYPT(l,r,i+4); /* 3 */ | |
18869 | + D_ENCRYPT(r,l,i+6); /* 4 */ | |
18870 | + } | |
18871 | +#endif | |
18872 | + } | |
18873 | + else | |
18874 | + { | |
18875 | +#ifdef DES_UNROLL | |
18876 | + D_ENCRYPT(l,r,30); /* 16 */ | |
18877 | + D_ENCRYPT(r,l,28); /* 15 */ | |
18878 | + D_ENCRYPT(l,r,26); /* 14 */ | |
18879 | + D_ENCRYPT(r,l,24); /* 13 */ | |
18880 | + D_ENCRYPT(l,r,22); /* 12 */ | |
18881 | + D_ENCRYPT(r,l,20); /* 11 */ | |
18882 | + D_ENCRYPT(l,r,18); /* 10 */ | |
18883 | + D_ENCRYPT(r,l,16); /* 9 */ | |
18884 | + D_ENCRYPT(l,r,14); /* 8 */ | |
18885 | + D_ENCRYPT(r,l,12); /* 7 */ | |
18886 | + D_ENCRYPT(l,r,10); /* 6 */ | |
18887 | + D_ENCRYPT(r,l, 8); /* 5 */ | |
18888 | + D_ENCRYPT(l,r, 6); /* 4 */ | |
18889 | + D_ENCRYPT(r,l, 4); /* 3 */ | |
18890 | + D_ENCRYPT(l,r, 2); /* 2 */ | |
18891 | + D_ENCRYPT(r,l, 0); /* 1 */ | |
18892 | +#else | |
18893 | + for (i=30; i>0; i-=8) | |
18894 | + { | |
18895 | + D_ENCRYPT(l,r,i-0); /* 16 */ | |
18896 | + D_ENCRYPT(r,l,i-2); /* 15 */ | |
18897 | + D_ENCRYPT(l,r,i-4); /* 14 */ | |
18898 | + D_ENCRYPT(r,l,i-6); /* 13 */ | |
18899 | + } | |
18900 | +#endif | |
18901 | + } | |
18902 | + | |
18903 | + /* rotate and clear the top bits on machines with 8byte longs */ | |
18904 | + l=ROTATE(l,3)&0xffffffffL; | |
18905 | + r=ROTATE(r,3)&0xffffffffL; | |
18906 | + | |
18907 | + FP(r,l); | |
18908 | + data[0]=l; | |
18909 | + data[1]=r; | |
18910 | + l=r=t=u=0; | |
18911 | + } | |
18912 | + | |
18913 | +void des_encrypt2(data, ks, enc) | |
18914 | +DES_LONG *data; | |
18915 | +des_key_schedule ks; | |
18916 | +int enc; | |
18917 | + { | |
18918 | + register DES_LONG l,r,t,u; | |
18919 | +#ifdef DES_PTR | |
18920 | + register unsigned char *des_SP=(unsigned char *)des_SPtrans; | |
18921 | +#endif | |
18922 | +#ifndef DES_UNROLL | |
18923 | + register int i; | |
18924 | +#endif | |
18925 | + register DES_LONG *s; | |
18926 | + | |
18927 | + r=data[0]; | |
18928 | + l=data[1]; | |
18929 | + | |
18930 | + /* Things have been modified so that the initial rotate is | |
18931 | + * done outside the loop. This required the | |
18932 | + * des_SPtrans values in sp.h to be rotated 1 bit to the right. | |
18933 | + * One perl script later and things have a 5% speed up on a sparc2. | |
18934 | + * Thanks to Richard Outerbridge <71755.204@CompuServe.COM> | |
18935 | + * for pointing this out. */ | |
18936 | + /* clear the top bits on machines with 8byte longs */ | |
18937 | + r=ROTATE(r,29)&0xffffffffL; | |
18938 | + l=ROTATE(l,29)&0xffffffffL; | |
18939 | + | |
18940 | + s=(DES_LONG *)ks; | |
18941 | + /* I don't know if it is worth the effort of loop unrolling the | |
18942 | + * inner loop */ | |
18943 | + if (enc) | |
18944 | + { | |
18945 | +#ifdef DES_UNROLL | |
18946 | + D_ENCRYPT(l,r, 0); /* 1 */ | |
18947 | + D_ENCRYPT(r,l, 2); /* 2 */ | |
18948 | + D_ENCRYPT(l,r, 4); /* 3 */ | |
18949 | + D_ENCRYPT(r,l, 6); /* 4 */ | |
18950 | + D_ENCRYPT(l,r, 8); /* 5 */ | |
18951 | + D_ENCRYPT(r,l,10); /* 6 */ | |
18952 | + D_ENCRYPT(l,r,12); /* 7 */ | |
18953 | + D_ENCRYPT(r,l,14); /* 8 */ | |
18954 | + D_ENCRYPT(l,r,16); /* 9 */ | |
18955 | + D_ENCRYPT(r,l,18); /* 10 */ | |
18956 | + D_ENCRYPT(l,r,20); /* 11 */ | |
18957 | + D_ENCRYPT(r,l,22); /* 12 */ | |
18958 | + D_ENCRYPT(l,r,24); /* 13 */ | |
18959 | + D_ENCRYPT(r,l,26); /* 14 */ | |
18960 | + D_ENCRYPT(l,r,28); /* 15 */ | |
18961 | + D_ENCRYPT(r,l,30); /* 16 */ | |
18962 | +#else | |
18963 | + for (i=0; i<32; i+=8) | |
18964 | + { | |
18965 | + D_ENCRYPT(l,r,i+0); /* 1 */ | |
18966 | + D_ENCRYPT(r,l,i+2); /* 2 */ | |
18967 | + D_ENCRYPT(l,r,i+4); /* 3 */ | |
18968 | + D_ENCRYPT(r,l,i+6); /* 4 */ | |
18969 | + } | |
18970 | +#endif | |
18971 | + } | |
18972 | + else | |
18973 | + { | |
18974 | +#ifdef DES_UNROLL | |
18975 | + D_ENCRYPT(l,r,30); /* 16 */ | |
18976 | + D_ENCRYPT(r,l,28); /* 15 */ | |
18977 | + D_ENCRYPT(l,r,26); /* 14 */ | |
18978 | + D_ENCRYPT(r,l,24); /* 13 */ | |
18979 | + D_ENCRYPT(l,r,22); /* 12 */ | |
18980 | + D_ENCRYPT(r,l,20); /* 11 */ | |
18981 | + D_ENCRYPT(l,r,18); /* 10 */ | |
18982 | + D_ENCRYPT(r,l,16); /* 9 */ | |
18983 | + D_ENCRYPT(l,r,14); /* 8 */ | |
18984 | + D_ENCRYPT(r,l,12); /* 7 */ | |
18985 | + D_ENCRYPT(l,r,10); /* 6 */ | |
18986 | + D_ENCRYPT(r,l, 8); /* 5 */ | |
18987 | + D_ENCRYPT(l,r, 6); /* 4 */ | |
18988 | + D_ENCRYPT(r,l, 4); /* 3 */ | |
18989 | + D_ENCRYPT(l,r, 2); /* 2 */ | |
18990 | + D_ENCRYPT(r,l, 0); /* 1 */ | |
18991 | +#else | |
18992 | + for (i=30; i>0; i-=8) | |
18993 | + { | |
18994 | + D_ENCRYPT(l,r,i-0); /* 16 */ | |
18995 | + D_ENCRYPT(r,l,i-2); /* 15 */ | |
18996 | + D_ENCRYPT(l,r,i-4); /* 14 */ | |
18997 | + D_ENCRYPT(r,l,i-6); /* 13 */ | |
18998 | + } | |
18999 | +#endif | |
19000 | + } | |
19001 | + /* rotate and clear the top bits on machines with 8byte longs */ | |
19002 | + data[0]=ROTATE(l,3)&0xffffffffL; | |
19003 | + data[1]=ROTATE(r,3)&0xffffffffL; | |
19004 | + l=r=t=u=0; | |
19005 | + } | |
19006 | + | |
19007 | +void des_encrypt3(data,ks1,ks2,ks3) | |
19008 | +DES_LONG *data; | |
19009 | +des_key_schedule ks1; | |
19010 | +des_key_schedule ks2; | |
19011 | +des_key_schedule ks3; | |
19012 | + { | |
19013 | + register DES_LONG l,r; | |
19014 | + | |
19015 | + l=data[0]; | |
19016 | + r=data[1]; | |
19017 | + IP(l,r); | |
19018 | + data[0]=l; | |
19019 | + data[1]=r; | |
19020 | + des_encrypt2((DES_LONG *)data,ks1,DES_ENCRYPT); | |
19021 | + des_encrypt2((DES_LONG *)data,ks2,DES_DECRYPT); | |
19022 | + des_encrypt2((DES_LONG *)data,ks3,DES_ENCRYPT); | |
19023 | + l=data[0]; | |
19024 | + r=data[1]; | |
19025 | + FP(r,l); | |
19026 | + data[0]=l; | |
19027 | + data[1]=r; | |
19028 | + } | |
19029 | + | |
19030 | +void des_decrypt3(data,ks1,ks2,ks3) | |
19031 | +DES_LONG *data; | |
19032 | +des_key_schedule ks1; | |
19033 | +des_key_schedule ks2; | |
19034 | +des_key_schedule ks3; | |
19035 | + { | |
19036 | + register DES_LONG l,r; | |
19037 | + | |
19038 | + l=data[0]; | |
19039 | + r=data[1]; | |
19040 | + IP(l,r); | |
19041 | + data[0]=l; | |
19042 | + data[1]=r; | |
19043 | + des_encrypt2((DES_LONG *)data,ks3,DES_DECRYPT); | |
19044 | + des_encrypt2((DES_LONG *)data,ks2,DES_ENCRYPT); | |
19045 | + des_encrypt2((DES_LONG *)data,ks1,DES_DECRYPT); | |
19046 | + l=data[0]; | |
19047 | + r=data[1]; | |
19048 | + FP(r,l); | |
19049 | + data[0]=l; | |
19050 | + data[1]=r; | |
19051 | + } | |
19052 | + | |
19053 | +#ifndef DES_DEFAULT_OPTIONS | |
19054 | + | |
19055 | +void des_ncbc_encrypt(input, output, length, schedule, ivec, enc) | |
19056 | +des_cblock (*input); | |
19057 | +des_cblock (*output); | |
19058 | +long length; | |
19059 | +des_key_schedule schedule; | |
19060 | +des_cblock (*ivec); | |
19061 | +int enc; | |
19062 | + { | |
19063 | + register DES_LONG tin0,tin1; | |
19064 | + register DES_LONG tout0,tout1,xor0,xor1; | |
19065 | + register unsigned char *in,*out; | |
19066 | + register long l=length; | |
19067 | + DES_LONG tin[2]; | |
19068 | + unsigned char *iv; | |
19069 | + | |
19070 | + in=(unsigned char *)input; | |
19071 | + out=(unsigned char *)output; | |
19072 | + iv=(unsigned char *)ivec; | |
19073 | + | |
19074 | + if (enc) | |
19075 | + { | |
19076 | + c2l(iv,tout0); | |
19077 | + c2l(iv,tout1); | |
19078 | + for (l-=8; l>=0; l-=8) | |
19079 | + { | |
19080 | + c2l(in,tin0); | |
19081 | + c2l(in,tin1); | |
19082 | + tin0^=tout0; tin[0]=tin0; | |
19083 | + tin1^=tout1; tin[1]=tin1; | |
19084 | + des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT); | |
19085 | + tout0=tin[0]; l2c(tout0,out); | |
19086 | + tout1=tin[1]; l2c(tout1,out); | |
19087 | + } | |
19088 | + if (l != -8) | |
19089 | + { | |
19090 | + c2ln(in,tin0,tin1,l+8); | |
19091 | + tin0^=tout0; tin[0]=tin0; | |
19092 | + tin1^=tout1; tin[1]=tin1; | |
19093 | + des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT); | |
19094 | + tout0=tin[0]; l2c(tout0,out); | |
19095 | + tout1=tin[1]; l2c(tout1,out); | |
19096 | + } | |
19097 | + iv=(unsigned char *)ivec; | |
19098 | + l2c(tout0,iv); | |
19099 | + l2c(tout1,iv); | |
19100 | + } | |
19101 | + else | |
19102 | + { | |
19103 | + c2l(iv,xor0); | |
19104 | + c2l(iv,xor1); | |
19105 | + for (l-=8; l>=0; l-=8) | |
19106 | + { | |
19107 | + c2l(in,tin0); tin[0]=tin0; | |
19108 | + c2l(in,tin1); tin[1]=tin1; | |
19109 | + des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT); | |
19110 | + tout0=tin[0]^xor0; | |
19111 | + tout1=tin[1]^xor1; | |
19112 | + l2c(tout0,out); | |
19113 | + l2c(tout1,out); | |
19114 | + xor0=tin0; | |
19115 | + xor1=tin1; | |
19116 | + } | |
19117 | + if (l != -8) | |
19118 | + { | |
19119 | + c2l(in,tin0); tin[0]=tin0; | |
19120 | + c2l(in,tin1); tin[1]=tin1; | |
19121 | + des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT); | |
19122 | + tout0=tin[0]^xor0; | |
19123 | + tout1=tin[1]^xor1; | |
19124 | + l2cn(tout0,tout1,out,l+8); | |
19125 | + xor0=tin0; | |
19126 | + xor1=tin1; | |
19127 | + } | |
19128 | + | |
19129 | + iv=(unsigned char *)ivec; | |
19130 | + l2c(xor0,iv); | |
19131 | + l2c(xor1,iv); | |
19132 | + } | |
19133 | + tin0=tin1=tout0=tout1=xor0=xor1=0; | |
19134 | + tin[0]=tin[1]=0; | |
19135 | + } | |
19136 | + | |
19137 | +void des_ede3_cbc_encrypt(input, output, length, ks1, ks2, ks3, ivec, enc) | |
19138 | +des_cblock (*input); | |
19139 | +des_cblock (*output); | |
19140 | +long length; | |
19141 | +des_key_schedule ks1; | |
19142 | +des_key_schedule ks2; | |
19143 | +des_key_schedule ks3; | |
19144 | +des_cblock (*ivec); | |
19145 | +int enc; | |
19146 | + { | |
19147 | + register DES_LONG tin0,tin1; | |
19148 | + register DES_LONG tout0,tout1,xor0,xor1; | |
19149 | + register unsigned char *in,*out; | |
19150 | + register long l=length; | |
19151 | + DES_LONG tin[2]; | |
19152 | + unsigned char *iv; | |
19153 | + | |
19154 | + in=(unsigned char *)input; | |
19155 | + out=(unsigned char *)output; | |
19156 | + iv=(unsigned char *)ivec; | |
19157 | + | |
19158 | + if (enc) | |
19159 | + { | |
19160 | + c2l(iv,tout0); | |
19161 | + c2l(iv,tout1); | |
19162 | + for (l-=8; l>=0; l-=8) | |
19163 | + { | |
19164 | + c2l(in,tin0); | |
19165 | + c2l(in,tin1); | |
19166 | + tin0^=tout0; | |
19167 | + tin1^=tout1; | |
19168 | + | |
19169 | + tin[0]=tin0; | |
19170 | + tin[1]=tin1; | |
19171 | + des_encrypt3((DES_LONG *)tin,ks1,ks2,ks3); | |
19172 | + tout0=tin[0]; | |
19173 | + tout1=tin[1]; | |
19174 | + | |
19175 | + l2c(tout0,out); | |
19176 | + l2c(tout1,out); | |
19177 | + } | |
19178 | + if (l != -8) | |
19179 | + { | |
19180 | + c2ln(in,tin0,tin1,l+8); | |
19181 | + tin0^=tout0; | |
19182 | + tin1^=tout1; | |
19183 | + | |
19184 | + tin[0]=tin0; | |
19185 | + tin[1]=tin1; | |
19186 | + des_encrypt3((DES_LONG *)tin,ks1,ks2,ks3); | |
19187 | + tout0=tin[0]; | |
19188 | + tout1=tin[1]; | |
19189 | + | |
19190 | + l2c(tout0,out); | |
19191 | + l2c(tout1,out); | |
19192 | + } | |
19193 | + iv=(unsigned char *)ivec; | |
19194 | + l2c(tout0,iv); | |
19195 | + l2c(tout1,iv); | |
19196 | + } | |
19197 | + else | |
19198 | + { | |
19199 | + register DES_LONG t0,t1; | |
19200 | + | |
19201 | + c2l(iv,xor0); | |
19202 | + c2l(iv,xor1); | |
19203 | + for (l-=8; l>=0; l-=8) | |
19204 | + { | |
19205 | + c2l(in,tin0); | |
19206 | + c2l(in,tin1); | |
19207 | + | |
19208 | + t0=tin0; | |
19209 | + t1=tin1; | |
19210 | + | |
19211 | + tin[0]=tin0; | |
19212 | + tin[1]=tin1; | |
19213 | + des_decrypt3((DES_LONG *)tin,ks1,ks2,ks3); | |
19214 | + tout0=tin[0]; | |
19215 | + tout1=tin[1]; | |
19216 | + | |
19217 | + tout0^=xor0; | |
19218 | + tout1^=xor1; | |
19219 | + l2c(tout0,out); | |
19220 | + l2c(tout1,out); | |
19221 | + xor0=t0; | |
19222 | + xor1=t1; | |
19223 | + } | |
19224 | + if (l != -8) | |
19225 | + { | |
19226 | + c2l(in,tin0); | |
19227 | + c2l(in,tin1); | |
19228 | + | |
19229 | + t0=tin0; | |
19230 | + t1=tin1; | |
19231 | + | |
19232 | + tin[0]=tin0; | |
19233 | + tin[1]=tin1; | |
19234 | + des_decrypt3((DES_LONG *)tin,ks1,ks2,ks3); | |
19235 | + tout0=tin[0]; | |
19236 | + tout1=tin[1]; | |
19237 | + | |
19238 | + tout0^=xor0; | |
19239 | + tout1^=xor1; | |
19240 | + l2cn(tout0,tout1,out,l+8); | |
19241 | + xor0=t0; | |
19242 | + xor1=t1; | |
19243 | + } | |
19244 | + | |
19245 | + iv=(unsigned char *)ivec; | |
19246 | + l2c(xor0,iv); | |
19247 | + l2c(xor1,iv); | |
19248 | + } | |
19249 | + tin0=tin1=tout0=tout1=xor0=xor1=0; | |
19250 | + tin[0]=tin[1]=0; | |
19251 | + } | |
19252 | + | |
19253 | +#endif /* DES_DEFAULT_OPTIONS */ | |
19254 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
19255 | +++ linux/net/ipsec/des/des_opts.c Mon Feb 9 13:51:03 2004 | |
19256 | @@ -0,0 +1,620 @@ | |
19257 | +/* crypto/des/des_opts.c */ | |
19258 | +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) | |
19259 | + * All rights reserved. | |
19260 | + * | |
19261 | + * This package is an SSL implementation written | |
19262 | + * by Eric Young (eay@cryptsoft.com). | |
19263 | + * The implementation was written so as to conform with Netscapes SSL. | |
19264 | + * | |
19265 | + * This library is free for commercial and non-commercial use as long as | |
19266 | + * the following conditions are aheared to. The following conditions | |
19267 | + * apply to all code found in this distribution, be it the RC4, RSA, | |
19268 | + * lhash, DES, etc., code; not just the SSL code. The SSL documentation | |
19269 | + * included with this distribution is covered by the same copyright terms | |
19270 | + * except that the holder is Tim Hudson (tjh@cryptsoft.com). | |
19271 | + * | |
19272 | + * Copyright remains Eric Young's, and as such any Copyright notices in | |
19273 | + * the code are not to be removed. | |
19274 | + * If this package is used in a product, Eric Young should be given attribution | |
19275 | + * as the author of the parts of the library used. | |
19276 | + * This can be in the form of a textual message at program startup or | |
19277 | + * in documentation (online or textual) provided with the package. | |
19278 | + * | |
19279 | + * Redistribution and use in source and binary forms, with or without | |
19280 | + * modification, are permitted provided that the following conditions | |
19281 | + * are met: | |
19282 | + * 1. Redistributions of source code must retain the copyright | |
19283 | + * notice, this list of conditions and the following disclaimer. | |
19284 | + * 2. Redistributions in binary form must reproduce the above copyright | |
19285 | + * notice, this list of conditions and the following disclaimer in the | |
19286 | + * documentation and/or other materials provided with the distribution. | |
19287 | + * 3. All advertising materials mentioning features or use of this software | |
19288 | + * must display the following acknowledgement: | |
19289 | + * "This product includes cryptographic software written by | |
19290 | + * Eric Young (eay@cryptsoft.com)" | |
19291 | + * The word 'cryptographic' can be left out if the rouines from the library | |
19292 | + * being used are not cryptographic related :-). | |
19293 | + * 4. If you include any Windows specific code (or a derivative thereof) from | |
19294 | + * the apps directory (application code) you must include an acknowledgement: | |
19295 | + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | |
19296 | + * | |
19297 | + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | |
19298 | + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
19299 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
19300 | + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |
19301 | + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
19302 | + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
19303 | + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
19304 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
19305 | + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
19306 | + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
19307 | + * SUCH DAMAGE. | |
19308 | + * | |
19309 | + * The licence and distribution terms for any publically available version or | |
19310 | + * derivative of this code cannot be changed. i.e. this code cannot simply be | |
19311 | + * copied and put under another distribution licence | |
19312 | + * [including the GNU Public Licence.] | |
19313 | + */ | |
19314 | + | |
19315 | +/* define PART1, PART2, PART3 or PART4 to build only with a few of the options. | |
19316 | + * This is for machines with 64k code segment size restrictions. */ | |
19317 | + | |
19318 | +#ifndef MSDOS | |
19319 | +#define TIMES | |
19320 | +#endif | |
19321 | + | |
19322 | +#include <stdio.h> | |
19323 | +#ifndef MSDOS | |
19324 | +#include <unistd.h> | |
19325 | +#else | |
19326 | +#include <io.h> | |
19327 | +extern void exit(); | |
19328 | +#endif | |
19329 | +#include <signal.h> | |
19330 | +#ifndef VMS | |
19331 | +#ifndef _IRIX | |
19332 | +#include <time.h> | |
19333 | +#endif | |
19334 | +#ifdef TIMES | |
19335 | +#include <sys/types.h> | |
19336 | +#include <sys/times.h> | |
19337 | +#endif | |
19338 | +#else /* VMS */ | |
19339 | +#include <types.h> | |
19340 | +struct tms { | |
19341 | + time_t tms_utime; | |
19342 | + time_t tms_stime; | |
19343 | + time_t tms_uchild; /* I dunno... */ | |
19344 | + time_t tms_uchildsys; /* so these names are a guess :-) */ | |
19345 | + } | |
19346 | +#endif | |
19347 | +#ifndef TIMES | |
19348 | +#include <sys/timeb.h> | |
19349 | +#endif | |
19350 | + | |
19351 | +#ifdef sun | |
19352 | +#include <limits.h> | |
19353 | +#include <sys/param.h> | |
19354 | +#endif | |
19355 | + | |
19356 | +#include "des/des_locl.h" | |
19357 | +#include "des/spr.h" | |
19358 | + | |
19359 | +#define DES_DEFAULT_OPTIONS | |
19360 | + | |
19361 | +#if !defined(PART1) && !defined(PART2) && !defined(PART3) && !defined(PART4) | |
19362 | +#define PART1 | |
19363 | +#define PART2 | |
19364 | +#define PART3 | |
19365 | +#define PART4 | |
19366 | +#endif | |
19367 | + | |
19368 | +#ifdef PART1 | |
19369 | + | |
19370 | +#undef DES_UNROLL | |
19371 | +#undef DES_RISC1 | |
19372 | +#undef DES_RISC2 | |
19373 | +#undef DES_PTR | |
19374 | +#undef D_ENCRYPT | |
19375 | +#define des_encrypt des_encrypt_u4_cisc_idx | |
19376 | +#define des_encrypt2 des_encrypt2_u4_cisc_idx | |
19377 | +#define des_encrypt3 des_encrypt3_u4_cisc_idx | |
19378 | +#define des_decrypt3 des_decrypt3_u4_cisc_idx | |
19379 | +#undef HEADER_DES_LOCL_H | |
19380 | +#include "des_enc.c" | |
19381 | + | |
19382 | +#define DES_UNROLL | |
19383 | +#undef DES_RISC1 | |
19384 | +#undef DES_RISC2 | |
19385 | +#undef DES_PTR | |
19386 | +#undef D_ENCRYPT | |
19387 | +#undef des_encrypt | |
19388 | +#undef des_encrypt2 | |
19389 | +#undef des_encrypt3 | |
19390 | +#undef des_decrypt3 | |
19391 | +#define des_encrypt des_encrypt_u16_cisc_idx | |
19392 | +#define des_encrypt2 des_encrypt2_u16_cisc_idx | |
19393 | +#define des_encrypt3 des_encrypt3_u16_cisc_idx | |
19394 | +#define des_decrypt3 des_decrypt3_u16_cisc_idx | |
19395 | +#undef HEADER_DES_LOCL_H | |
19396 | +#include "des_enc.c" | |
19397 | + | |
19398 | +#undef DES_UNROLL | |
19399 | +#define DES_RISC1 | |
19400 | +#undef DES_RISC2 | |
19401 | +#undef DES_PTR | |
19402 | +#undef D_ENCRYPT | |
19403 | +#undef des_encrypt | |
19404 | +#undef des_encrypt2 | |
19405 | +#undef des_encrypt3 | |
19406 | +#undef des_decrypt3 | |
19407 | +#define des_encrypt des_encrypt_u4_risc1_idx | |
19408 | +#define des_encrypt2 des_encrypt2_u4_risc1_idx | |
19409 | +#define des_encrypt3 des_encrypt3_u4_risc1_idx | |
19410 | +#define des_decrypt3 des_decrypt3_u4_risc1_idx | |
19411 | +#undef HEADER_DES_LOCL_H | |
19412 | +#include "des_enc.c" | |
19413 | + | |
19414 | +#endif | |
19415 | + | |
19416 | +#ifdef PART2 | |
19417 | + | |
19418 | +#undef DES_UNROLL | |
19419 | +#undef DES_RISC1 | |
19420 | +#define DES_RISC2 | |
19421 | +#undef DES_PTR | |
19422 | +#undef D_ENCRYPT | |
19423 | +#undef des_encrypt | |
19424 | +#undef des_encrypt2 | |
19425 | +#undef des_encrypt3 | |
19426 | +#undef des_decrypt3 | |
19427 | +#define des_encrypt des_encrypt_u4_risc2_idx | |
19428 | +#define des_encrypt2 des_encrypt2_u4_risc2_idx | |
19429 | +#define des_encrypt3 des_encrypt3_u4_risc2_idx | |
19430 | +#define des_decrypt3 des_decrypt3_u4_risc2_idx | |
19431 | +#undef HEADER_DES_LOCL_H | |
19432 | +#include "des_enc.c" | |
19433 | + | |
19434 | +#define DES_UNROLL | |
19435 | +#define DES_RISC1 | |
19436 | +#undef DES_RISC2 | |
19437 | +#undef DES_PTR | |
19438 | +#undef D_ENCRYPT | |
19439 | +#undef des_encrypt | |
19440 | +#undef des_encrypt2 | |
19441 | +#undef des_encrypt3 | |
19442 | +#undef des_decrypt3 | |
19443 | +#define des_encrypt des_encrypt_u16_risc1_idx | |
19444 | +#define des_encrypt2 des_encrypt2_u16_risc1_idx | |
19445 | +#define des_encrypt3 des_encrypt3_u16_risc1_idx | |
19446 | +#define des_decrypt3 des_decrypt3_u16_risc1_idx | |
19447 | +#undef HEADER_DES_LOCL_H | |
19448 | +#include "des_enc.c" | |
19449 | + | |
19450 | +#define DES_UNROLL | |
19451 | +#undef DES_RISC1 | |
19452 | +#define DES_RISC2 | |
19453 | +#undef DES_PTR | |
19454 | +#undef D_ENCRYPT | |
19455 | +#undef des_encrypt | |
19456 | +#undef des_encrypt2 | |
19457 | +#undef des_encrypt3 | |
19458 | +#undef des_decrypt3 | |
19459 | +#define des_encrypt des_encrypt_u16_risc2_idx | |
19460 | +#define des_encrypt2 des_encrypt2_u16_risc2_idx | |
19461 | +#define des_encrypt3 des_encrypt3_u16_risc2_idx | |
19462 | +#define des_decrypt3 des_decrypt3_u16_risc2_idx | |
19463 | +#undef HEADER_DES_LOCL_H | |
19464 | +#include "des_enc.c" | |
19465 | + | |
19466 | +#endif | |
19467 | + | |
19468 | +#ifdef PART3 | |
19469 | + | |
19470 | +#undef DES_UNROLL | |
19471 | +#undef DES_RISC1 | |
19472 | +#undef DES_RISC2 | |
19473 | +#define DES_PTR | |
19474 | +#undef D_ENCRYPT | |
19475 | +#undef des_encrypt | |
19476 | +#undef des_encrypt2 | |
19477 | +#undef des_encrypt3 | |
19478 | +#undef des_decrypt3 | |
19479 | +#define des_encrypt des_encrypt_u4_cisc_ptr | |
19480 | +#define des_encrypt2 des_encrypt2_u4_cisc_ptr | |
19481 | +#define des_encrypt3 des_encrypt3_u4_cisc_ptr | |
19482 | +#define des_decrypt3 des_decrypt3_u4_cisc_ptr | |
19483 | +#undef HEADER_DES_LOCL_H | |
19484 | +#include "des_enc.c" | |
19485 | + | |
19486 | +#define DES_UNROLL | |
19487 | +#undef DES_RISC1 | |
19488 | +#undef DES_RISC2 | |
19489 | +#define DES_PTR | |
19490 | +#undef D_ENCRYPT | |
19491 | +#undef des_encrypt | |
19492 | +#undef des_encrypt2 | |
19493 | +#undef des_encrypt3 | |
19494 | +#undef des_decrypt3 | |
19495 | +#define des_encrypt des_encrypt_u16_cisc_ptr | |
19496 | +#define des_encrypt2 des_encrypt2_u16_cisc_ptr | |
19497 | +#define des_encrypt3 des_encrypt3_u16_cisc_ptr | |
19498 | +#define des_decrypt3 des_decrypt3_u16_cisc_ptr | |
19499 | +#undef HEADER_DES_LOCL_H | |
19500 | +#include "des_enc.c" | |
19501 | + | |
19502 | +#undef DES_UNROLL | |
19503 | +#define DES_RISC1 | |
19504 | +#undef DES_RISC2 | |
19505 | +#define DES_PTR | |
19506 | +#undef D_ENCRYPT | |
19507 | +#undef des_encrypt | |
19508 | +#undef des_encrypt2 | |
19509 | +#undef des_encrypt3 | |
19510 | +#undef des_decrypt3 | |
19511 | +#define des_encrypt des_encrypt_u4_risc1_ptr | |
19512 | +#define des_encrypt2 des_encrypt2_u4_risc1_ptr | |
19513 | +#define des_encrypt3 des_encrypt3_u4_risc1_ptr | |
19514 | +#define des_decrypt3 des_decrypt3_u4_risc1_ptr | |
19515 | +#undef HEADER_DES_LOCL_H | |
19516 | +#include "des_enc.c" | |
19517 | + | |
19518 | +#endif | |
19519 | + | |
19520 | +#ifdef PART4 | |
19521 | + | |
19522 | +#undef DES_UNROLL | |
19523 | +#undef DES_RISC1 | |
19524 | +#define DES_RISC2 | |
19525 | +#define DES_PTR | |
19526 | +#undef D_ENCRYPT | |
19527 | +#undef des_encrypt | |
19528 | +#undef des_encrypt2 | |
19529 | +#undef des_encrypt3 | |
19530 | +#undef des_decrypt3 | |
19531 | +#define des_encrypt des_encrypt_u4_risc2_ptr | |
19532 | +#define des_encrypt2 des_encrypt2_u4_risc2_ptr | |
19533 | +#define des_encrypt3 des_encrypt3_u4_risc2_ptr | |
19534 | +#define des_decrypt3 des_decrypt3_u4_risc2_ptr | |
19535 | +#undef HEADER_DES_LOCL_H | |
19536 | +#include "des_enc.c" | |
19537 | + | |
19538 | +#define DES_UNROLL | |
19539 | +#define DES_RISC1 | |
19540 | +#undef DES_RISC2 | |
19541 | +#define DES_PTR | |
19542 | +#undef D_ENCRYPT | |
19543 | +#undef des_encrypt | |
19544 | +#undef des_encrypt2 | |
19545 | +#undef des_encrypt3 | |
19546 | +#undef des_decrypt3 | |
19547 | +#define des_encrypt des_encrypt_u16_risc1_ptr | |
19548 | +#define des_encrypt2 des_encrypt2_u16_risc1_ptr | |
19549 | +#define des_encrypt3 des_encrypt3_u16_risc1_ptr | |
19550 | +#define des_decrypt3 des_decrypt3_u16_risc1_ptr | |
19551 | +#undef HEADER_DES_LOCL_H | |
19552 | +#include "des_enc.c" | |
19553 | + | |
19554 | +#define DES_UNROLL | |
19555 | +#undef DES_RISC1 | |
19556 | +#define DES_RISC2 | |
19557 | +#define DES_PTR | |
19558 | +#undef D_ENCRYPT | |
19559 | +#undef des_encrypt | |
19560 | +#undef des_encrypt2 | |
19561 | +#undef des_encrypt3 | |
19562 | +#undef des_decrypt3 | |
19563 | +#define des_encrypt des_encrypt_u16_risc2_ptr | |
19564 | +#define des_encrypt2 des_encrypt2_u16_risc2_ptr | |
19565 | +#define des_encrypt3 des_encrypt3_u16_risc2_ptr | |
19566 | +#define des_decrypt3 des_decrypt3_u16_risc2_ptr | |
19567 | +#undef HEADER_DES_LOCL_H | |
19568 | +#include "des_enc.c" | |
19569 | + | |
19570 | +#endif | |
19571 | + | |
19572 | +/* The following if from times(3) man page. It may need to be changed */ | |
19573 | +#ifndef HZ | |
19574 | +# ifndef CLK_TCK | |
19575 | +# ifndef _BSD_CLK_TCK_ /* FreeBSD fix */ | |
19576 | +# ifndef VMS | |
19577 | +# define HZ 100.0 | |
19578 | +# else /* VMS */ | |
19579 | +# define HZ 100.0 | |
19580 | +# endif | |
19581 | +# else /* _BSD_CLK_TCK_ */ | |
19582 | +# define HZ ((double)_BSD_CLK_TCK_) | |
19583 | +# endif | |
19584 | +# else /* CLK_TCK */ | |
19585 | +# define HZ ((double)CLK_TCK) | |
19586 | +# endif | |
19587 | +#endif | |
19588 | + | |
19589 | +#define BUFSIZE ((long)1024) | |
19590 | +long run=0; | |
19591 | + | |
19592 | +#ifndef NOPROTO | |
19593 | +double Time_F(int s); | |
19594 | +#else | |
19595 | +double Time_F(); | |
19596 | +#endif | |
19597 | + | |
19598 | +#ifdef SIGALRM | |
19599 | +#if defined(__STDC__) || defined(sgi) | |
19600 | +#define SIGRETTYPE void | |
19601 | +#else | |
19602 | +#define SIGRETTYPE int | |
19603 | +#endif | |
19604 | + | |
19605 | +#ifndef NOPROTO | |
19606 | +SIGRETTYPE sig_done(int sig); | |
19607 | +#else | |
19608 | +SIGRETTYPE sig_done(); | |
19609 | +#endif | |
19610 | + | |
19611 | +SIGRETTYPE sig_done(sig) | |
19612 | +int sig; | |
19613 | + { | |
19614 | + signal(SIGALRM,sig_done); | |
19615 | + run=0; | |
19616 | +#ifdef LINT | |
19617 | + sig=sig; | |
19618 | +#endif | |
19619 | + } | |
19620 | +#endif | |
19621 | + | |
19622 | +#define START 0 | |
19623 | +#define STOP 1 | |
19624 | + | |
19625 | +double Time_F(s) | |
19626 | +int s; | |
19627 | + { | |
19628 | + double ret; | |
19629 | +#ifdef TIMES | |
19630 | + static struct tms tstart,tend; | |
19631 | + | |
19632 | + if (s == START) | |
19633 | + { | |
19634 | + times(&tstart); | |
19635 | + return(0); | |
19636 | + } | |
19637 | + else | |
19638 | + { | |
19639 | + times(&tend); | |
19640 | + ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ; | |
19641 | + return((ret == 0.0)?1e-6:ret); | |
19642 | + } | |
19643 | +#else /* !times() */ | |
19644 | + static struct timeb tstart,tend; | |
19645 | + long i; | |
19646 | + | |
19647 | + if (s == START) | |
19648 | + { | |
19649 | + ftime(&tstart); | |
19650 | + return(0); | |
19651 | + } | |
19652 | + else | |
19653 | + { | |
19654 | + ftime(&tend); | |
19655 | + i=(long)tend.millitm-(long)tstart.millitm; | |
19656 | + ret=((double)(tend.time-tstart.time))+((double)i)/1000.0; | |
19657 | + return((ret == 0.0)?1e-6:ret); | |
19658 | + } | |
19659 | +#endif | |
19660 | + } | |
19661 | + | |
19662 | +#ifdef SIGALRM | |
19663 | +#define print_name(name) fprintf(stderr,"Doing %s's for 10 seconds\n",name); alarm(10); | |
19664 | +#else | |
19665 | +#define print_name(name) fprintf(stderr,"Doing %s %ld times\n",name,cb); | |
19666 | +#endif | |
19667 | + | |
19668 | +#define time_it(func,name,index) \ | |
19669 | + print_name(name); \ | |
19670 | + Time_F(START); \ | |
19671 | + for (count=0,run=1; COND(cb); count++) \ | |
19672 | + { \ | |
19673 | + unsigned long d[2]; \ | |
19674 | + func(d,&(sch[0]),DES_ENCRYPT); \ | |
19675 | + } \ | |
19676 | + tm[index]=Time_F(STOP); \ | |
19677 | + fprintf(stderr,"%ld %s's in %.2f second\n",count,name,tm[index]); \ | |
19678 | + tm[index]=((double)COUNT(cb))/tm[index]; | |
19679 | + | |
19680 | +#define print_it(name,index) \ | |
19681 | + fprintf(stderr,"%s bytes per sec = %12.2f (%5.1fuS)\n",name, \ | |
19682 | + tm[index]*8,1.0e6/tm[index]); | |
19683 | + | |
19684 | +int main(argc,argv) | |
19685 | +int argc; | |
19686 | +char **argv; | |
19687 | + { | |
19688 | + long count; | |
19689 | + static unsigned char buf[BUFSIZE]; | |
19690 | + static des_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0}; | |
19691 | + static des_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12}; | |
19692 | + static des_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34}; | |
19693 | + des_key_schedule sch,sch2,sch3; | |
19694 | + double d,tm[16],max=0; | |
19695 | + int rank[16]; | |
19696 | + char *str[16]; | |
19697 | + int max_idx=0,i,num=0,j; | |
19698 | +#ifndef SIGALARM | |
19699 | + long ca,cb,cc,cd,ce; | |
19700 | +#endif | |
19701 | + | |
19702 | + for (i=0; i<12; i++) | |
19703 | + { | |
19704 | + tm[i]=0.0; | |
19705 | + rank[i]=0; | |
19706 | + } | |
19707 | + | |
19708 | +#ifndef TIMES | |
19709 | + fprintf(stderr,"To get the most acurate results, try to run this\n"); | |
19710 | + fprintf(stderr,"program when this computer is idle.\n"); | |
19711 | +#endif | |
19712 | + | |
19713 | + des_set_key((C_Block *)key,sch); | |
19714 | + des_set_key((C_Block *)key2,sch2); | |
19715 | + des_set_key((C_Block *)key3,sch3); | |
19716 | + | |
19717 | +#ifndef SIGALRM | |
19718 | + fprintf(stderr,"First we calculate the approximate speed ...\n"); | |
19719 | + des_set_key((C_Block *)key,sch); | |
19720 | + count=10; | |
19721 | + do { | |
19722 | + long i; | |
19723 | + unsigned long data[2]; | |
19724 | + | |
19725 | + count*=2; | |
19726 | + Time_F(START); | |
19727 | + for (i=count; i; i--) | |
19728 | + des_encrypt(data,&(sch[0]),DES_ENCRYPT); | |
19729 | + d=Time_F(STOP); | |
19730 | + } while (d < 3.0); | |
19731 | + ca=count; | |
19732 | + cb=count*3; | |
19733 | + cc=count*3*8/BUFSIZE+1; | |
19734 | + cd=count*8/BUFSIZE+1; | |
19735 | + | |
19736 | + ce=count/20+1; | |
19737 | +#define COND(d) (count != (d)) | |
19738 | +#define COUNT(d) (d) | |
19739 | +#else | |
19740 | +#define COND(c) (run) | |
19741 | +#define COUNT(d) (count) | |
19742 | + signal(SIGALRM,sig_done); | |
19743 | + alarm(10); | |
19744 | +#endif | |
19745 | + | |
19746 | +#ifdef PART1 | |
19747 | + time_it(des_encrypt_u4_cisc_idx, "des_encrypt_u4_cisc_idx ", 0); | |
19748 | + time_it(des_encrypt_u16_cisc_idx, "des_encrypt_u16_cisc_idx ", 1); | |
19749 | + time_it(des_encrypt_u4_risc1_idx, "des_encrypt_u4_risc1_idx ", 2); | |
19750 | + num+=3; | |
19751 | +#endif | |
19752 | +#ifdef PART2 | |
19753 | + time_it(des_encrypt_u16_risc1_idx,"des_encrypt_u16_risc1_idx", 3); | |
19754 | + time_it(des_encrypt_u4_risc2_idx, "des_encrypt_u4_risc2_idx ", 4); | |
19755 | + time_it(des_encrypt_u16_risc2_idx,"des_encrypt_u16_risc2_idx", 5); | |
19756 | + num+=3; | |
19757 | +#endif | |
19758 | +#ifdef PART3 | |
19759 | + time_it(des_encrypt_u4_cisc_ptr, "des_encrypt_u4_cisc_ptr ", 6); | |
19760 | + time_it(des_encrypt_u16_cisc_ptr, "des_encrypt_u16_cisc_ptr ", 7); | |
19761 | + time_it(des_encrypt_u4_risc1_ptr, "des_encrypt_u4_risc1_ptr ", 8); | |
19762 | + num+=3; | |
19763 | +#endif | |
19764 | +#ifdef PART4 | |
19765 | + time_it(des_encrypt_u16_risc1_ptr,"des_encrypt_u16_risc1_ptr", 9); | |
19766 | + time_it(des_encrypt_u4_risc2_ptr, "des_encrypt_u4_risc2_ptr ",10); | |
19767 | + time_it(des_encrypt_u16_risc2_ptr,"des_encrypt_u16_risc2_ptr",11); | |
19768 | + num+=3; | |
19769 | +#endif | |
19770 | + | |
19771 | +#ifdef PART1 | |
19772 | + str[0]=" 4 c i"; | |
19773 | + print_it("des_encrypt_u4_cisc_idx ",0); | |
19774 | + max=tm[0]; | |
19775 | + max_idx=0; | |
19776 | + str[1]="16 c i"; | |
19777 | + print_it("des_encrypt_u16_cisc_idx ",1); | |
19778 | + if (max < tm[1]) { max=tm[1]; max_idx=1; } | |
19779 | + str[2]=" 4 r1 i"; | |
19780 | + print_it("des_encrypt_u4_risc1_idx ",2); | |
19781 | + if (max < tm[2]) { max=tm[2]; max_idx=2; } | |
19782 | +#endif | |
19783 | +#ifdef PART2 | |
19784 | + str[3]="16 r1 i"; | |
19785 | + print_it("des_encrypt_u16_risc1_idx",3); | |
19786 | + if (max < tm[3]) { max=tm[3]; max_idx=3; } | |
19787 | + str[4]=" 4 r2 i"; | |
19788 | + print_it("des_encrypt_u4_risc2_idx ",4); | |
19789 | + if (max < tm[4]) { max=tm[4]; max_idx=4; } | |
19790 | + str[5]="16 r2 i"; | |
19791 | + print_it("des_encrypt_u16_risc2_idx",5); | |
19792 | + if (max < tm[5]) { max=tm[5]; max_idx=5; } | |
19793 | +#endif | |
19794 | +#ifdef PART3 | |
19795 | + str[6]=" 4 c p"; | |
19796 | + print_it("des_encrypt_u4_cisc_ptr ",6); | |
19797 | + if (max < tm[6]) { max=tm[6]; max_idx=6; } | |
19798 | + str[7]="16 c p"; | |
19799 | + print_it("des_encrypt_u16_cisc_ptr ",7); | |
19800 | + if (max < tm[7]) { max=tm[7]; max_idx=7; } | |
19801 | + str[8]=" 4 r1 p"; | |
19802 | + print_it("des_encrypt_u4_risc1_ptr ",8); | |
19803 | + if (max < tm[8]) { max=tm[8]; max_idx=8; } | |
19804 | +#endif | |
19805 | +#ifdef PART4 | |
19806 | + str[9]="16 r1 p"; | |
19807 | + print_it("des_encrypt_u16_risc1_ptr",9); | |
19808 | + if (max < tm[9]) { max=tm[9]; max_idx=9; } | |
19809 | + str[10]=" 4 r2 p"; | |
19810 | + print_it("des_encrypt_u4_risc2_ptr ",10); | |
19811 | + if (max < tm[10]) { max=tm[10]; max_idx=10; } | |
19812 | + str[11]="16 r2 p"; | |
19813 | + print_it("des_encrypt_u16_risc2_ptr",11); | |
19814 | + if (max < tm[11]) { max=tm[11]; max_idx=11; } | |
19815 | +#endif | |
19816 | + printf("options des ecb/s\n"); | |
19817 | + printf("%s %12.2f 100.0%%\n",str[max_idx],tm[max_idx]); | |
19818 | + d=tm[max_idx]; | |
19819 | + tm[max_idx]= -2.0; | |
19820 | + max= -1.0; | |
19821 | + for (;;) | |
19822 | + { | |
19823 | + for (i=0; i<12; i++) | |
19824 | + { | |
19825 | + if (max < tm[i]) { max=tm[i]; j=i; } | |
19826 | + } | |
19827 | + if (max < 0.0) break; | |
19828 | + printf("%s %12.2f %4.1f%%\n",str[j],tm[j],tm[j]/d*100.0); | |
19829 | + tm[j]= -2.0; | |
19830 | + max= -1.0; | |
19831 | + } | |
19832 | + | |
19833 | + switch (max_idx) | |
19834 | + { | |
19835 | + case 0: | |
19836 | + printf("-DDES_DEFAULT_OPTIONS\n"); | |
19837 | + break; | |
19838 | + case 1: | |
19839 | + printf("-DDES_UNROLL\n"); | |
19840 | + break; | |
19841 | + case 2: | |
19842 | + printf("-DDES_RISC1\n"); | |
19843 | + break; | |
19844 | + case 3: | |
19845 | + printf("-DDES_UNROLL -DDES_RISC1\n"); | |
19846 | + break; | |
19847 | + case 4: | |
19848 | + printf("-DDES_RISC2\n"); | |
19849 | + break; | |
19850 | + case 5: | |
19851 | + printf("-DDES_UNROLL -DDES_RISC2\n"); | |
19852 | + break; | |
19853 | + case 6: | |
19854 | + printf("-DDES_PTR\n"); | |
19855 | + break; | |
19856 | + case 7: | |
19857 | + printf("-DDES_UNROLL -DDES_PTR\n"); | |
19858 | + break; | |
19859 | + case 8: | |
19860 | + printf("-DDES_RISC1 -DDES_PTR\n"); | |
19861 | + break; | |
19862 | + case 9: | |
19863 | + printf("-DDES_UNROLL -DDES_RISC1 -DDES_PTR\n"); | |
19864 | + break; | |
19865 | + case 10: | |
19866 | + printf("-DDES_RISC2 -DDES_PTR\n"); | |
19867 | + break; | |
19868 | + case 11: | |
19869 | + printf("-DDES_UNROLL -DDES_RISC2 -DDES_PTR\n"); | |
19870 | + break; | |
19871 | + } | |
19872 | + exit(0); | |
19873 | +#if defined(LINT) || defined(MSDOS) | |
19874 | + return(0); | |
19875 | +#endif | |
19876 | + } | |
19877 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
19878 | +++ linux/net/ipsec/des/dx86unix.S Mon Feb 9 13:51:03 2004 | |
19879 | @@ -0,0 +1,3160 @@ | |
19880 | +/* | |
19881 | + * This file was originally generated by Michael Richardson <mcr@freeswan.org> | |
19882 | + * via the perl scripts found in the ASM subdir. It remains copyright of | |
19883 | + * Eric Young, see the file COPYRIGHT. | |
19884 | + * | |
19885 | + * This was last done on October 9, 2002. | |
19886 | + * | |
19887 | + * While this file does not need to go through cpp, we pass it through | |
19888 | + * CPP by naming it dx86unix.S instead of dx86unix.s because there is | |
19889 | + * a bug in Rules.make for .s builds - specifically it references EXTRA_CFLAGS | |
19890 | + * which may contain stuff that AS doesn't understand instead of | |
19891 | + * referencing EXTRA_AFLAGS. | |
19892 | + */ | |
19893 | + | |
19894 | + .file "dx86unix.S" | |
19895 | + .version "01.01" | |
19896 | +.text | |
19897 | + .align 16 | |
19898 | +.globl des_encrypt | |
19899 | + .type des_encrypt , @function | |
19900 | +des_encrypt: | |
19901 | + pushl %esi | |
19902 | + pushl %edi | |
19903 | + | |
19904 | + | |
19905 | + movl 12(%esp), %esi | |
19906 | + xorl %ecx, %ecx | |
19907 | + pushl %ebx | |
19908 | + pushl %ebp | |
19909 | + movl (%esi), %eax | |
19910 | + movl 28(%esp), %ebx | |
19911 | + movl 4(%esi), %edi | |
19912 | + | |
19913 | + | |
19914 | + roll $4, %eax | |
19915 | + movl %eax, %esi | |
19916 | + xorl %edi, %eax | |
19917 | + andl $0xf0f0f0f0, %eax | |
19918 | + xorl %eax, %esi | |
19919 | + xorl %eax, %edi | |
19920 | + | |
19921 | + roll $20, %edi | |
19922 | + movl %edi, %eax | |
19923 | + xorl %esi, %edi | |
19924 | + andl $0xfff0000f, %edi | |
19925 | + xorl %edi, %eax | |
19926 | + xorl %edi, %esi | |
19927 | + | |
19928 | + roll $14, %eax | |
19929 | + movl %eax, %edi | |
19930 | + xorl %esi, %eax | |
19931 | + andl $0x33333333, %eax | |
19932 | + xorl %eax, %edi | |
19933 | + xorl %eax, %esi | |
19934 | + | |
19935 | + roll $22, %esi | |
19936 | + movl %esi, %eax | |
19937 | + xorl %edi, %esi | |
19938 | + andl $0x03fc03fc, %esi | |
19939 | + xorl %esi, %eax | |
19940 | + xorl %esi, %edi | |
19941 | + | |
19942 | + roll $9, %eax | |
19943 | + movl %eax, %esi | |
19944 | + xorl %edi, %eax | |
19945 | + andl $0xaaaaaaaa, %eax | |
19946 | + xorl %eax, %esi | |
19947 | + xorl %eax, %edi | |
19948 | + | |
19949 | +.byte 209 | |
19950 | +.byte 199 | |
19951 | + movl 24(%esp), %ebp | |
19952 | + cmpl $0, %ebx | |
19953 | + je .L000start_decrypt | |
19954 | + | |
19955 | + | |
19956 | + movl (%ebp), %eax | |
19957 | + xorl %ebx, %ebx | |
19958 | + movl 4(%ebp), %edx | |
19959 | + xorl %esi, %eax | |
19960 | + xorl %esi, %edx | |
19961 | + andl $0xfcfcfcfc, %eax | |
19962 | + andl $0xcfcfcfcf, %edx | |
19963 | + movb %al, %bl | |
19964 | + movb %ah, %cl | |
19965 | + rorl $4, %edx | |
19966 | + movl des_SPtrans(%ebx),%ebp | |
19967 | + movb %dl, %bl | |
19968 | + xorl %ebp, %edi | |
19969 | + movl 0x200+des_SPtrans(%ecx),%ebp | |
19970 | + xorl %ebp, %edi | |
19971 | + movb %dh, %cl | |
19972 | + shrl $16, %eax | |
19973 | + movl 0x100+des_SPtrans(%ebx),%ebp | |
19974 | + xorl %ebp, %edi | |
19975 | + movb %ah, %bl | |
19976 | + shrl $16, %edx | |
19977 | + movl 0x300+des_SPtrans(%ecx),%ebp | |
19978 | + xorl %ebp, %edi | |
19979 | + movl 24(%esp), %ebp | |
19980 | + movb %dh, %cl | |
19981 | + andl $0xff, %eax | |
19982 | + andl $0xff, %edx | |
19983 | + movl 0x600+des_SPtrans(%ebx),%ebx | |
19984 | + xorl %ebx, %edi | |
19985 | + movl 0x700+des_SPtrans(%ecx),%ebx | |
19986 | + xorl %ebx, %edi | |
19987 | + movl 0x400+des_SPtrans(%eax),%ebx | |
19988 | + xorl %ebx, %edi | |
19989 | + movl 0x500+des_SPtrans(%edx),%ebx | |
19990 | + xorl %ebx, %edi | |
19991 | + | |
19992 | + | |
19993 | + movl 8(%ebp), %eax | |
19994 | + xorl %ebx, %ebx | |
19995 | + movl 12(%ebp), %edx | |
19996 | + xorl %edi, %eax | |
19997 | + xorl %edi, %edx | |
19998 | + andl $0xfcfcfcfc, %eax | |
19999 | + andl $0xcfcfcfcf, %edx | |
20000 | + movb %al, %bl | |
20001 | + movb %ah, %cl | |
20002 | + rorl $4, %edx | |
20003 | + movl des_SPtrans(%ebx),%ebp | |
20004 | + movb %dl, %bl | |
20005 | + xorl %ebp, %esi | |
20006 | + movl 0x200+des_SPtrans(%ecx),%ebp | |
20007 | + xorl %ebp, %esi | |
20008 | + movb %dh, %cl | |
20009 | + shrl $16, %eax | |
20010 | + movl 0x100+des_SPtrans(%ebx),%ebp | |
20011 | + xorl %ebp, %esi | |
20012 | + movb %ah, %bl | |
20013 | + shrl $16, %edx | |
20014 | + movl 0x300+des_SPtrans(%ecx),%ebp | |
20015 | + xorl %ebp, %esi | |
20016 | + movl 24(%esp), %ebp | |
20017 | + movb %dh, %cl | |
20018 | + andl $0xff, %eax | |
20019 | + andl $0xff, %edx | |
20020 | + movl 0x600+des_SPtrans(%ebx),%ebx | |
20021 | + xorl %ebx, %esi | |
20022 | + movl 0x700+des_SPtrans(%ecx),%ebx | |
20023 | + xorl %ebx, %esi | |
20024 | + movl 0x400+des_SPtrans(%eax),%ebx | |
20025 | + xorl %ebx, %esi | |
20026 | + movl 0x500+des_SPtrans(%edx),%ebx | |
20027 | + xorl %ebx, %esi | |
20028 | + | |
20029 | + | |
20030 | + movl 16(%ebp), %eax | |
20031 | + xorl %ebx, %ebx | |
20032 | + movl 20(%ebp), %edx | |
20033 | + xorl %esi, %eax | |
20034 | + xorl %esi, %edx | |
20035 | + andl $0xfcfcfcfc, %eax | |
20036 | + andl $0xcfcfcfcf, %edx | |
20037 | + movb %al, %bl | |
20038 | + movb %ah, %cl | |
20039 | + rorl $4, %edx | |
20040 | + movl des_SPtrans(%ebx),%ebp | |
20041 | + movb %dl, %bl | |
20042 | + xorl %ebp, %edi | |
20043 | + movl 0x200+des_SPtrans(%ecx),%ebp | |
20044 | + xorl %ebp, %edi | |
20045 | + movb %dh, %cl | |
20046 | + shrl $16, %eax | |
20047 | + movl 0x100+des_SPtrans(%ebx),%ebp | |
20048 | + xorl %ebp, %edi | |
20049 | + movb %ah, %bl | |
20050 | + shrl $16, %edx | |
20051 | + movl 0x300+des_SPtrans(%ecx),%ebp | |
20052 | + xorl %ebp, %edi | |
20053 | + movl 24(%esp), %ebp | |
20054 | + movb %dh, %cl | |
20055 | + andl $0xff, %eax | |
20056 | + andl $0xff, %edx | |
20057 | + movl 0x600+des_SPtrans(%ebx),%ebx | |
20058 | + xorl %ebx, %edi | |
20059 | + movl 0x700+des_SPtrans(%ecx),%ebx | |
20060 | + xorl %ebx, %edi | |
20061 | + movl 0x400+des_SPtrans(%eax),%ebx | |
20062 | + xorl %ebx, %edi | |
20063 | + movl 0x500+des_SPtrans(%edx),%ebx | |
20064 | + xorl %ebx, %edi | |
20065 | + | |
20066 | + | |
20067 | + movl 24(%ebp), %eax | |
20068 | + xorl %ebx, %ebx | |
20069 | + movl 28(%ebp), %edx | |
20070 | + xorl %edi, %eax | |
20071 | + xorl %edi, %edx | |
20072 | + andl $0xfcfcfcfc, %eax | |
20073 | + andl $0xcfcfcfcf, %edx | |
20074 | + movb %al, %bl | |
20075 | + movb %ah, %cl | |
20076 | + rorl $4, %edx | |
20077 | + movl des_SPtrans(%ebx),%ebp | |
20078 | + movb %dl, %bl | |
20079 | + xorl %ebp, %esi | |
20080 | + movl 0x200+des_SPtrans(%ecx),%ebp | |
20081 | + xorl %ebp, %esi | |
20082 | + movb %dh, %cl | |
20083 | + shrl $16, %eax | |
20084 | + movl 0x100+des_SPtrans(%ebx),%ebp | |
20085 | + xorl %ebp, %esi | |
20086 | + movb %ah, %bl | |
20087 | + shrl $16, %edx | |
20088 | + movl 0x300+des_SPtrans(%ecx),%ebp | |
20089 | + xorl %ebp, %esi | |
20090 | + movl 24(%esp), %ebp | |
20091 | + movb %dh, %cl | |
20092 | + andl $0xff, %eax | |
20093 | + andl $0xff, %edx | |
20094 | + movl 0x600+des_SPtrans(%ebx),%ebx | |
20095 | + xorl %ebx, %esi | |
20096 | + movl 0x700+des_SPtrans(%ecx),%ebx | |
20097 | + xorl %ebx, %esi | |
20098 | + movl 0x400+des_SPtrans(%eax),%ebx | |
20099 | + xorl %ebx, %esi | |
20100 | + movl 0x500+des_SPtrans(%edx),%ebx | |
20101 | + xorl %ebx, %esi | |
20102 | + | |
20103 | + | |
20104 | + movl 32(%ebp), %eax | |
20105 | + xorl %ebx, %ebx | |
20106 | + movl 36(%ebp), %edx | |
20107 | + xorl %esi, %eax | |
20108 | + xorl %esi, %edx | |
20109 | + andl $0xfcfcfcfc, %eax | |
20110 | + andl $0xcfcfcfcf, %edx | |
20111 | + movb %al, %bl | |
20112 | + movb %ah, %cl | |
20113 | + rorl $4, %edx | |
20114 | + movl des_SPtrans(%ebx),%ebp | |
20115 | + movb %dl, %bl | |
20116 | + xorl %ebp, %edi | |
20117 | + movl 0x200+des_SPtrans(%ecx),%ebp | |
20118 | + xorl %ebp, %edi | |
20119 | + movb %dh, %cl | |
20120 | + shrl $16, %eax | |
20121 | + movl 0x100+des_SPtrans(%ebx),%ebp | |
20122 | + xorl %ebp, %edi | |
20123 | + movb %ah, %bl | |
20124 | + shrl $16, %edx | |
20125 | + movl 0x300+des_SPtrans(%ecx),%ebp | |
20126 | + xorl %ebp, %edi | |
20127 | + movl 24(%esp), %ebp | |
20128 | + movb %dh, %cl | |
20129 | + andl $0xff, %eax | |
20130 | + andl $0xff, %edx | |
20131 | + movl 0x600+des_SPtrans(%ebx),%ebx | |
20132 | + xorl %ebx, %edi | |
20133 | + movl 0x700+des_SPtrans(%ecx),%ebx | |
20134 | + xorl %ebx, %edi | |
20135 | + movl 0x400+des_SPtrans(%eax),%ebx | |
20136 | + xorl %ebx, %edi | |
20137 | + movl 0x500+des_SPtrans(%edx),%ebx | |
20138 | + xorl %ebx, %edi | |
20139 | + | |
20140 | + | |
20141 | + movl 40(%ebp), %eax | |
20142 | + xorl %ebx, %ebx | |
20143 | + movl 44(%ebp), %edx | |
20144 | + xorl %edi, %eax | |
20145 | + xorl %edi, %edx | |
20146 | + andl $0xfcfcfcfc, %eax | |
20147 | + andl $0xcfcfcfcf, %edx | |
20148 | + movb %al, %bl | |
20149 | + movb %ah, %cl | |
20150 | + rorl $4, %edx | |
20151 | + movl des_SPtrans(%ebx),%ebp | |
20152 | + movb %dl, %bl | |
20153 | + xorl %ebp, %esi | |
20154 | + movl 0x200+des_SPtrans(%ecx),%ebp | |
20155 | + xorl %ebp, %esi | |
20156 | + movb %dh, %cl | |
20157 | + shrl $16, %eax | |
20158 | + movl 0x100+des_SPtrans(%ebx),%ebp | |
20159 | + xorl %ebp, %esi | |
20160 | + movb %ah, %bl | |
20161 | + shrl $16, %edx | |
20162 | + movl 0x300+des_SPtrans(%ecx),%ebp | |
20163 | + xorl %ebp, %esi | |
20164 | + movl 24(%esp), %ebp | |
20165 | + movb %dh, %cl | |
20166 | + andl $0xff, %eax | |
20167 | + andl $0xff, %edx | |
20168 | + movl 0x600+des_SPtrans(%ebx),%ebx | |
20169 | + xorl %ebx, %esi | |
20170 | + movl 0x700+des_SPtrans(%ecx),%ebx | |
20171 | + xorl %ebx, %esi | |
20172 | + movl 0x400+des_SPtrans(%eax),%ebx | |
20173 | + xorl %ebx, %esi | |
20174 | + movl 0x500+des_SPtrans(%edx),%ebx | |
20175 | + xorl %ebx, %esi | |
20176 | + | |
20177 | + | |
20178 | + movl 48(%ebp), %eax | |
20179 | + xorl %ebx, %ebx | |
20180 | + movl 52(%ebp), %edx | |
20181 | + xorl %esi, %eax | |
20182 | + xorl %esi, %edx | |
20183 | + andl $0xfcfcfcfc, %eax | |
20184 | + andl $0xcfcfcfcf, %edx | |
20185 | + movb %al, %bl | |
20186 | + movb %ah, %cl | |
20187 | + rorl $4, %edx | |
20188 | + movl des_SPtrans(%ebx),%ebp | |
20189 | + movb %dl, %bl | |
20190 | + xorl %ebp, %edi | |
20191 | + movl 0x200+des_SPtrans(%ecx),%ebp | |
20192 | + xorl %ebp, %edi | |
20193 | + movb %dh, %cl | |
20194 | + shrl $16, %eax | |
20195 | + movl 0x100+des_SPtrans(%ebx),%ebp | |
20196 | + xorl %ebp, %edi | |
20197 | + movb %ah, %bl | |
20198 | + shrl $16, %edx | |
20199 | + movl 0x300+des_SPtrans(%ecx),%ebp | |
20200 | + xorl %ebp, %edi | |
20201 | + movl 24(%esp), %ebp | |
20202 | + movb %dh, %cl | |
20203 | + andl $0xff, %eax | |
20204 | + andl $0xff, %edx | |
20205 | + movl 0x600+des_SPtrans(%ebx),%ebx | |
20206 | + xorl %ebx, %edi | |
20207 | + movl 0x700+des_SPtrans(%ecx),%ebx | |
20208 | + xorl %ebx, %edi | |
20209 | + movl 0x400+des_SPtrans(%eax),%ebx | |
20210 | + xorl %ebx, %edi | |
20211 | + movl 0x500+des_SPtrans(%edx),%ebx | |
20212 | + xorl %ebx, %edi | |
20213 | + | |
20214 | + | |
20215 | + movl 56(%ebp), %eax | |
20216 | + xorl %ebx, %ebx | |
20217 | + movl 60(%ebp), %edx | |
20218 | + xorl %edi, %eax | |
20219 | + xorl %edi, %edx | |
20220 | + andl $0xfcfcfcfc, %eax | |
20221 | + andl $0xcfcfcfcf, %edx | |
20222 | + movb %al, %bl | |
20223 | + movb %ah, %cl | |
20224 | + rorl $4, %edx | |
20225 | + movl des_SPtrans(%ebx),%ebp | |
20226 | + movb %dl, %bl | |
20227 | + xorl %ebp, %esi | |
20228 | + movl 0x200+des_SPtrans(%ecx),%ebp | |
20229 | + xorl %ebp, %esi | |
20230 | + movb %dh, %cl | |
20231 | + shrl $16, %eax | |
20232 | + movl 0x100+des_SPtrans(%ebx),%ebp | |
20233 | + xorl %ebp, %esi | |
20234 | + movb %ah, %bl | |
20235 | + shrl $16, %edx | |
20236 | + movl 0x300+des_SPtrans(%ecx),%ebp | |
20237 | + xorl %ebp, %esi | |
20238 | + movl 24(%esp), %ebp | |
20239 | + movb %dh, %cl | |
20240 | + andl $0xff, %eax | |
20241 | + andl $0xff, %edx | |
20242 | + movl 0x600+des_SPtrans(%ebx),%ebx | |
20243 | + xorl %ebx, %esi | |
20244 | + movl 0x700+des_SPtrans(%ecx),%ebx | |
20245 | + xorl %ebx, %esi | |
20246 | + movl 0x400+des_SPtrans(%eax),%ebx | |
20247 | + xorl %ebx, %esi | |
20248 | + movl 0x500+des_SPtrans(%edx),%ebx | |
20249 | + xorl %ebx, %esi | |
20250 | + | |
20251 | + | |
20252 | + movl 64(%ebp), %eax | |
20253 | + xorl %ebx, %ebx | |
20254 | + movl 68(%ebp), %edx | |
20255 | + xorl %esi, %eax | |
20256 | + xorl %esi, %edx | |
20257 | + andl $0xfcfcfcfc, %eax | |
20258 | + andl $0xcfcfcfcf, %edx | |
20259 | + movb %al, %bl | |
20260 | + movb %ah, %cl | |
20261 | + rorl $4, %edx | |
20262 | + movl des_SPtrans(%ebx),%ebp | |
20263 | + movb %dl, %bl | |
20264 | + xorl %ebp, %edi | |
20265 | + movl 0x200+des_SPtrans(%ecx),%ebp | |
20266 | + xorl %ebp, %edi | |
20267 | + movb %dh, %cl | |
20268 | + shrl $16, %eax | |
20269 | + movl 0x100+des_SPtrans(%ebx),%ebp | |
20270 | + xorl %ebp, %edi | |
20271 | + movb %ah, %bl | |
20272 | + shrl $16, %edx | |
20273 | + movl 0x300+des_SPtrans(%ecx),%ebp | |
20274 | + xorl %ebp, %edi | |
20275 | + movl 24(%esp), %ebp | |
20276 | + movb %dh, %cl | |
20277 | + andl $0xff, %eax | |
20278 | + andl $0xff, %edx | |
20279 | + movl 0x600+des_SPtrans(%ebx),%ebx | |
20280 | + xorl %ebx, %edi | |
20281 | + movl 0x700+des_SPtrans(%ecx),%ebx | |
20282 | + xorl %ebx, %edi | |
20283 | + movl 0x400+des_SPtrans(%eax),%ebx | |
20284 | + xorl %ebx, %edi | |
20285 | + movl 0x500+des_SPtrans(%edx),%ebx | |
20286 | + xorl %ebx, %edi | |
20287 | + | |
20288 | + | |
20289 | + movl 72(%ebp), %eax | |
20290 | + xorl %ebx, %ebx | |
20291 | + movl 76(%ebp), %edx | |
20292 | + xorl %edi, %eax | |
20293 | + xorl %edi, %edx | |
20294 | + andl $0xfcfcfcfc, %eax | |
20295 | + andl $0xcfcfcfcf, %edx | |
20296 | + movb %al, %bl | |
20297 | + movb %ah, %cl | |
20298 | + rorl $4, %edx | |
20299 | + movl des_SPtrans(%ebx),%ebp | |
20300 | + movb %dl, %bl | |
20301 | + xorl %ebp, %esi | |
20302 | + movl 0x200+des_SPtrans(%ecx),%ebp | |
20303 | + xorl %ebp, %esi | |
20304 | + movb %dh, %cl | |
20305 | + shrl $16, %eax | |
20306 | + movl 0x100+des_SPtrans(%ebx),%ebp | |
20307 | + xorl %ebp, %esi | |
20308 | + movb %ah, %bl | |
20309 | + shrl $16, %edx | |
20310 | + movl 0x300+des_SPtrans(%ecx),%ebp | |
20311 | + xorl %ebp, %esi | |
20312 | + movl 24(%esp), %ebp | |
20313 | + movb %dh, %cl | |
20314 | + andl $0xff, %eax | |
20315 | + andl $0xff, %edx | |
20316 | + movl 0x600+des_SPtrans(%ebx),%ebx | |
20317 | + xorl %ebx, %esi | |
20318 | + movl 0x700+des_SPtrans(%ecx),%ebx | |
20319 | + xorl %ebx, %esi | |
20320 | + movl 0x400+des_SPtrans(%eax),%ebx | |
20321 | + xorl %ebx, %esi | |
20322 | + movl 0x500+des_SPtrans(%edx),%ebx | |
20323 | + xorl %ebx, %esi | |
20324 | + | |
20325 | + | |
20326 | + movl 80(%ebp), %eax | |
20327 | + xorl %ebx, %ebx | |
20328 | + movl 84(%ebp), %edx | |
20329 | + xorl %esi, %eax | |
20330 | + xorl %esi, %edx | |
20331 | + andl $0xfcfcfcfc, %eax | |
20332 | + andl $0xcfcfcfcf, %edx | |
20333 | + movb %al, %bl | |
20334 | + movb %ah, %cl | |
20335 | + rorl $4, %edx | |
20336 | + movl des_SPtrans(%ebx),%ebp | |
20337 | + movb %dl, %bl | |
20338 | + xorl %ebp, %edi | |
20339 | + movl 0x200+des_SPtrans(%ecx),%ebp | |
20340 | + xorl %ebp, %edi | |
20341 | + movb %dh, %cl | |
20342 | + shrl $16, %eax | |
20343 | + movl 0x100+des_SPtrans(%ebx),%ebp | |
20344 | + xorl %ebp, %edi | |
20345 | + movb %ah, %bl | |
20346 | + shrl $16, %edx | |
20347 | + movl 0x300+des_SPtrans(%ecx),%ebp | |
20348 | + xorl %ebp, %edi | |
20349 | + movl 24(%esp), %ebp | |
20350 | + movb %dh, %cl | |
20351 | + andl $0xff, %eax | |
20352 | + andl $0xff, %edx | |
20353 | + movl 0x600+des_SPtrans(%ebx),%ebx | |
20354 | + xorl %ebx, %edi | |
20355 | + movl 0x700+des_SPtrans(%ecx),%ebx | |
20356 | + xorl %ebx, %edi | |
20357 | + movl 0x400+des_SPtrans(%eax),%ebx | |
20358 | + xorl %ebx, %edi | |
20359 | + movl 0x500+des_SPtrans(%edx),%ebx | |
20360 | + xorl %ebx, %edi | |
20361 | + | |
20362 | + | |
20363 | + movl 88(%ebp), %eax | |
20364 | + xorl %ebx, %ebx | |
20365 | + movl 92(%ebp), %edx | |
20366 | + xorl %edi, %eax | |
20367 | + xorl %edi, %edx | |
20368 | + andl $0xfcfcfcfc, %eax | |
20369 | + andl $0xcfcfcfcf, %edx | |
20370 | + movb %al, %bl | |
20371 | + movb %ah, %cl | |
20372 | + rorl $4, %edx | |
20373 | + movl des_SPtrans(%ebx),%ebp | |
20374 | + movb %dl, %bl | |
20375 | + xorl %ebp, %esi | |
20376 | + movl 0x200+des_SPtrans(%ecx),%ebp | |
20377 | + xorl %ebp, %esi | |
20378 | + movb %dh, %cl | |
20379 | + shrl $16, %eax | |
20380 | + movl 0x100+des_SPtrans(%ebx),%ebp | |
20381 | + xorl %ebp, %esi | |
20382 | + movb %ah, %bl | |
20383 | + shrl $16, %edx | |
20384 | + movl 0x300+des_SPtrans(%ecx),%ebp | |
20385 | + xorl %ebp, %esi | |
20386 | + movl 24(%esp), %ebp | |
20387 | + movb %dh, %cl | |
20388 | + andl $0xff, %eax | |
20389 | + andl $0xff, %edx | |
20390 | + movl 0x600+des_SPtrans(%ebx),%ebx | |
20391 | + xorl %ebx, %esi | |
20392 | + movl 0x700+des_SPtrans(%ecx),%ebx | |
20393 | + xorl %ebx, %esi | |
20394 | + movl 0x400+des_SPtrans(%eax),%ebx | |
20395 | + xorl %ebx, %esi | |
20396 | + movl 0x500+des_SPtrans(%edx),%ebx | |
20397 | + xorl %ebx, %esi | |
20398 | + | |
20399 | + | |
20400 | + movl 96(%ebp), %eax | |
20401 | + xorl %ebx, %ebx | |
20402 | + movl 100(%ebp), %edx | |
20403 | + xorl %esi, %eax | |
20404 | + xorl %esi, %edx | |
20405 | + andl $0xfcfcfcfc, %eax | |
20406 | + andl $0xcfcfcfcf, %edx | |
20407 | + movb %al, %bl | |
20408 | + movb %ah, %cl | |
20409 | + rorl $4, %edx | |
20410 | + movl des_SPtrans(%ebx),%ebp | |
20411 | + movb %dl, %bl | |
20412 | + xorl %ebp, %edi | |
20413 | + movl 0x200+des_SPtrans(%ecx),%ebp | |
20414 | + xorl %ebp, %edi | |
20415 | + movb %dh, %cl | |
20416 | + shrl $16, %eax | |
20417 | + movl 0x100+des_SPtrans(%ebx),%ebp | |
20418 | + xorl %ebp, %edi | |
20419 | + movb %ah, %bl | |
20420 | + shrl $16, %edx | |
20421 | + movl 0x300+des_SPtrans(%ecx),%ebp | |
20422 | + xorl %ebp, %edi | |
20423 | + movl 24(%esp), %ebp | |
20424 | + movb %dh, %cl | |
20425 | + andl $0xff, %eax | |
20426 | + andl $0xff, %edx | |
20427 | + movl 0x600+des_SPtrans(%ebx),%ebx | |
20428 | + xorl %ebx, %edi | |
20429 | + movl 0x700+des_SPtrans(%ecx),%ebx | |
20430 | + xorl %ebx, %edi | |
20431 | + movl 0x400+des_SPtrans(%eax),%ebx | |
20432 | + xorl %ebx, %edi | |
20433 | + movl 0x500+des_SPtrans(%edx),%ebx | |
20434 | + xorl %ebx, %edi | |
20435 | + | |
20436 | + | |
20437 | + movl 104(%ebp), %eax | |
20438 | + xorl %ebx, %ebx | |
20439 | + movl 108(%ebp), %edx | |
20440 | + xorl %edi, %eax | |
20441 | + xorl %edi, %edx | |
20442 | + andl $0xfcfcfcfc, %eax | |
20443 | + andl $0xcfcfcfcf, %edx | |
20444 | + movb %al, %bl | |
20445 | + movb %ah, %cl | |
20446 | + rorl $4, %edx | |
20447 | + movl des_SPtrans(%ebx),%ebp | |
20448 | + movb %dl, %bl | |
20449 | + xorl %ebp, %esi | |
20450 | + movl 0x200+des_SPtrans(%ecx),%ebp | |
20451 | + xorl %ebp, %esi | |
20452 | + movb %dh, %cl | |
20453 | + shrl $16, %eax | |
20454 | + movl 0x100+des_SPtrans(%ebx),%ebp | |
20455 | + xorl %ebp, %esi | |
20456 | + movb %ah, %bl | |
20457 | + shrl $16, %edx | |
20458 | + movl 0x300+des_SPtrans(%ecx),%ebp | |
20459 | + xorl %ebp, %esi | |
20460 | + movl 24(%esp), %ebp | |
20461 | + movb %dh, %cl | |
20462 | + andl $0xff, %eax | |
20463 | + andl $0xff, %edx | |
20464 | + movl 0x600+des_SPtrans(%ebx),%ebx | |
20465 | + xorl %ebx, %esi | |
20466 | + movl 0x700+des_SPtrans(%ecx),%ebx | |
20467 | + xorl %ebx, %esi | |
20468 | + movl 0x400+des_SPtrans(%eax),%ebx | |
20469 | + xorl %ebx, %esi | |
20470 | + movl 0x500+des_SPtrans(%edx),%ebx | |
20471 | + xorl %ebx, %esi | |
20472 | + | |
20473 | + | |
20474 | + movl 112(%ebp), %eax | |
20475 | + xorl %ebx, %ebx | |
20476 | + movl 116(%ebp), %edx | |
20477 | + xorl %esi, %eax | |
20478 | + xorl %esi, %edx | |
20479 | + andl $0xfcfcfcfc, %eax | |
20480 | + andl $0xcfcfcfcf, %edx | |
20481 | + movb %al, %bl | |
20482 | + movb %ah, %cl | |
20483 | + rorl $4, %edx | |
20484 | + movl des_SPtrans(%ebx),%ebp | |
20485 | + movb %dl, %bl | |
20486 | + xorl %ebp, %edi | |
20487 | + movl 0x200+des_SPtrans(%ecx),%ebp | |
20488 | + xorl %ebp, %edi | |
20489 | + movb %dh, %cl | |
20490 | + shrl $16, %eax | |
20491 | + movl 0x100+des_SPtrans(%ebx),%ebp | |
20492 | + xorl %ebp, %edi | |
20493 | + movb %ah, %bl | |
20494 | + shrl $16, %edx | |
20495 | + movl 0x300+des_SPtrans(%ecx),%ebp | |
20496 | + xorl %ebp, %edi | |
20497 | + movl 24(%esp), %ebp | |
20498 | + movb %dh, %cl | |
20499 | + andl $0xff, %eax | |
20500 | + andl $0xff, %edx | |
20501 | + movl 0x600+des_SPtrans(%ebx),%ebx | |
20502 | + xorl %ebx, %edi | |
20503 | + movl 0x700+des_SPtrans(%ecx),%ebx | |
20504 | + xorl %ebx, %edi | |
20505 | + movl 0x400+des_SPtrans(%eax),%ebx | |
20506 | + xorl %ebx, %edi | |
20507 | + movl 0x500+des_SPtrans(%edx),%ebx | |
20508 | + xorl %ebx, %edi | |
20509 | + | |
20510 | + | |
20511 | + movl 120(%ebp), %eax | |
20512 | + xorl %ebx, %ebx | |
20513 | + movl 124(%ebp), %edx | |
20514 | + xorl %edi, %eax | |
20515 | + xorl %edi, %edx | |
20516 | + andl $0xfcfcfcfc, %eax | |
20517 | + andl $0xcfcfcfcf, %edx | |
20518 | + movb %al, %bl | |
20519 | + movb %ah, %cl | |
20520 | + rorl $4, %edx | |
20521 | + movl des_SPtrans(%ebx),%ebp | |
20522 | + movb %dl, %bl | |
20523 | + xorl %ebp, %esi | |
20524 | + movl 0x200+des_SPtrans(%ecx),%ebp | |
20525 | + xorl %ebp, %esi | |
20526 | + movb %dh, %cl | |
20527 | + shrl $16, %eax | |
20528 | + movl 0x100+des_SPtrans(%ebx),%ebp | |
20529 | + xorl %ebp, %esi | |
20530 | + movb %ah, %bl | |
20531 | + shrl $16, %edx | |
20532 | + movl 0x300+des_SPtrans(%ecx),%ebp | |
20533 | + xorl %ebp, %esi | |
20534 | + movl 24(%esp), %ebp | |
20535 | + movb %dh, %cl | |
20536 | + andl $0xff, %eax | |
20537 | + andl $0xff, %edx | |
20538 | + movl 0x600+des_SPtrans(%ebx),%ebx | |
20539 | + xorl %ebx, %esi | |
20540 | + movl 0x700+des_SPtrans(%ecx),%ebx | |
20541 | + xorl %ebx, %esi | |
20542 | + movl 0x400+des_SPtrans(%eax),%ebx | |
20543 | + xorl %ebx, %esi | |
20544 | + movl 0x500+des_SPtrans(%edx),%ebx | |
20545 | + xorl %ebx, %esi | |
20546 | + jmp .L001end | |
20547 | +.L000start_decrypt: | |
20548 | + | |
20549 | + | |
20550 | + movl 120(%ebp), %eax | |
20551 | + xorl %ebx, %ebx | |
20552 | + movl 124(%ebp), %edx | |
20553 | + xorl %esi, %eax | |
20554 | + xorl %esi, %edx | |
20555 | + andl $0xfcfcfcfc, %eax | |
20556 | + andl $0xcfcfcfcf, %edx | |
20557 | + movb %al, %bl | |
20558 | + movb %ah, %cl | |
20559 | + rorl $4, %edx | |
20560 | + movl des_SPtrans(%ebx),%ebp | |
20561 | + movb %dl, %bl | |
20562 | + xorl %ebp, %edi | |
20563 | + movl 0x200+des_SPtrans(%ecx),%ebp | |
20564 | + xorl %ebp, %edi | |
20565 | + movb %dh, %cl | |
20566 | + shrl $16, %eax | |
20567 | + movl 0x100+des_SPtrans(%ebx),%ebp | |
20568 | + xorl %ebp, %edi | |
20569 | + movb %ah, %bl | |
20570 | + shrl $16, %edx | |
20571 | + movl 0x300+des_SPtrans(%ecx),%ebp | |
20572 | + xorl %ebp, %edi | |
20573 | + movl 24(%esp), %ebp | |
20574 | + movb %dh, %cl | |
20575 | + andl $0xff, %eax | |
20576 | + andl $0xff, %edx | |
20577 | + movl 0x600+des_SPtrans(%ebx),%ebx | |
20578 | + xorl %ebx, %edi | |
20579 | + movl 0x700+des_SPtrans(%ecx),%ebx | |
20580 | + xorl %ebx, %edi | |
20581 | + movl 0x400+des_SPtrans(%eax),%ebx | |
20582 | + xorl %ebx, %edi | |
20583 | + movl 0x500+des_SPtrans(%edx),%ebx | |
20584 | + xorl %ebx, %edi | |
20585 | + | |
20586 | + | |
20587 | + movl 112(%ebp), %eax | |
20588 | + xorl %ebx, %ebx | |
20589 | + movl 116(%ebp), %edx | |
20590 | + xorl %edi, %eax | |
20591 | + xorl %edi, %edx | |
20592 | + andl $0xfcfcfcfc, %eax | |
20593 | + andl $0xcfcfcfcf, %edx | |
20594 | + movb %al, %bl | |
20595 | + movb %ah, %cl | |
20596 | + rorl $4, %edx | |
20597 | + movl des_SPtrans(%ebx),%ebp | |
20598 | + movb %dl, %bl | |
20599 | + xorl %ebp, %esi | |
20600 | + movl 0x200+des_SPtrans(%ecx),%ebp | |
20601 | + xorl %ebp, %esi | |
20602 | + movb %dh, %cl | |
20603 | + shrl $16, %eax | |
20604 | + movl 0x100+des_SPtrans(%ebx),%ebp | |
20605 | + xorl %ebp, %esi | |
20606 | + movb %ah, %bl | |
20607 | + shrl $16, %edx | |
20608 | + movl 0x300+des_SPtrans(%ecx),%ebp | |
20609 | + xorl %ebp, %esi | |
20610 | + movl 24(%esp), %ebp | |
20611 | + movb %dh, %cl | |
20612 | + andl $0xff, %eax | |
20613 | + andl $0xff, %edx | |
20614 | + movl 0x600+des_SPtrans(%ebx),%ebx | |
20615 | + xorl %ebx, %esi | |
20616 | + movl 0x700+des_SPtrans(%ecx),%ebx | |
20617 | + xorl %ebx, %esi | |
20618 | + movl 0x400+des_SPtrans(%eax),%ebx | |
20619 | + xorl %ebx, %esi | |
20620 | + movl 0x500+des_SPtrans(%edx),%ebx | |
20621 | + xorl %ebx, %esi | |
20622 | + | |
20623 | + | |
20624 | + movl 104(%ebp), %eax | |
20625 | + xorl %ebx, %ebx | |
20626 | + movl 108(%ebp), %edx | |
20627 | + xorl %esi, %eax | |
20628 | + xorl %esi, %edx | |
20629 | + andl $0xfcfcfcfc, %eax | |
20630 | + andl $0xcfcfcfcf, %edx | |
20631 | + movb %al, %bl | |
20632 | + movb %ah, %cl | |
20633 | + rorl $4, %edx | |
20634 | + movl des_SPtrans(%ebx),%ebp | |
20635 | + movb %dl, %bl | |
20636 | + xorl %ebp, %edi | |
20637 | + movl 0x200+des_SPtrans(%ecx),%ebp | |
20638 | + xorl %ebp, %edi | |
20639 | + movb %dh, %cl | |
20640 | + shrl $16, %eax | |
20641 | + movl 0x100+des_SPtrans(%ebx),%ebp | |
20642 | + xorl %ebp, %edi | |
20643 | + movb %ah, %bl | |
20644 | + shrl $16, %edx | |
20645 | + movl 0x300+des_SPtrans(%ecx),%ebp | |
20646 | + xorl %ebp, %edi | |
20647 | + movl 24(%esp), %ebp | |
20648 | + movb %dh, %cl | |
20649 | + andl $0xff, %eax | |
20650 | + andl $0xff, %edx | |
20651 | + movl 0x600+des_SPtrans(%ebx),%ebx | |
20652 | + xorl %ebx, %edi | |
20653 | + movl 0x700+des_SPtrans(%ecx),%ebx | |
20654 | + xorl %ebx, %edi | |
20655 | + movl 0x400+des_SPtrans(%eax),%ebx | |
20656 | + xorl %ebx, %edi | |
20657 | + movl 0x500+des_SPtrans(%edx),%ebx | |
20658 | + xorl %ebx, %edi | |
20659 | + | |
20660 | + | |
20661 | + movl 96(%ebp), %eax | |
20662 | + xorl %ebx, %ebx | |
20663 | + movl 100(%ebp), %edx | |
20664 | + xorl %edi, %eax | |
20665 | + xorl %edi, %edx | |
20666 | + andl $0xfcfcfcfc, %eax | |
20667 | + andl $0xcfcfcfcf, %edx | |
20668 | + movb %al, %bl | |
20669 | + movb %ah, %cl | |
20670 | + rorl $4, %edx | |
20671 | + movl des_SPtrans(%ebx),%ebp | |
20672 | + movb %dl, %bl | |
20673 | + xorl %ebp, %esi | |
20674 | + movl 0x200+des_SPtrans(%ecx),%ebp | |
20675 | + xorl %ebp, %esi | |
20676 | + movb %dh, %cl | |
20677 | + shrl $16, %eax | |
20678 | + movl 0x100+des_SPtrans(%ebx),%ebp | |
20679 | + xorl %ebp, %esi | |
20680 | + movb %ah, %bl | |
20681 | + shrl $16, %edx | |
20682 | + movl 0x300+des_SPtrans(%ecx),%ebp | |
20683 | + xorl %ebp, %esi | |
20684 | + movl 24(%esp), %ebp | |
20685 | + movb %dh, %cl | |
20686 | + andl $0xff, %eax | |
20687 | + andl $0xff, %edx | |
20688 | + movl 0x600+des_SPtrans(%ebx),%ebx | |
20689 | + xorl %ebx, %esi | |
20690 | + movl 0x700+des_SPtrans(%ecx),%ebx | |
20691 | + xorl %ebx, %esi | |
20692 | + movl 0x400+des_SPtrans(%eax),%ebx | |
20693 | + xorl %ebx, %esi | |
20694 | + movl 0x500+des_SPtrans(%edx),%ebx | |
20695 | + xorl %ebx, %esi | |
20696 | + | |
20697 | + | |
20698 | + movl 88(%ebp), %eax | |
20699 | + xorl %ebx, %ebx | |
20700 | + movl 92(%ebp), %edx | |
20701 | + xorl %esi, %eax | |
20702 | + xorl %esi, %edx | |
20703 | + andl $0xfcfcfcfc, %eax | |
20704 | + andl $0xcfcfcfcf, %edx | |
20705 | + movb %al, %bl | |
20706 | + movb %ah, %cl | |
20707 | + rorl $4, %edx | |
20708 | + movl des_SPtrans(%ebx),%ebp | |
20709 | + movb %dl, %bl | |
20710 | + xorl %ebp, %edi | |
20711 | + movl 0x200+des_SPtrans(%ecx),%ebp | |
20712 | + xorl %ebp, %edi | |
20713 | + movb %dh, %cl | |
20714 | + shrl $16, %eax | |
20715 | + movl 0x100+des_SPtrans(%ebx),%ebp | |
20716 | + xorl %ebp, %edi | |
20717 | + movb %ah, %bl | |
20718 | + shrl $16, %edx | |
20719 | + movl 0x300+des_SPtrans(%ecx),%ebp | |
20720 | + xorl %ebp, %edi | |
20721 | + movl 24(%esp), %ebp | |
20722 | + movb %dh, %cl | |
20723 | + andl $0xff, %eax | |
20724 | + andl $0xff, %edx | |
20725 | + movl 0x600+des_SPtrans(%ebx),%ebx | |
20726 | + xorl %ebx, %edi | |
20727 | + movl 0x700+des_SPtrans(%ecx),%ebx | |
20728 | + xorl %ebx, %edi | |
20729 | + movl 0x400+des_SPtrans(%eax),%ebx | |
20730 | + xorl %ebx, %edi | |
20731 | + movl 0x500+des_SPtrans(%edx),%ebx | |
20732 | + xorl %ebx, %edi | |
20733 | + | |
20734 | + | |
20735 | + movl 80(%ebp), %eax | |
20736 | + xorl %ebx, %ebx | |
20737 | + movl 84(%ebp), %edx | |
20738 | + xorl %edi, %eax | |
20739 | + xorl %edi, %edx | |
20740 | + andl $0xfcfcfcfc, %eax | |
20741 | + andl $0xcfcfcfcf, %edx | |
20742 | + movb %al, %bl | |
20743 | + movb %ah, %cl | |
20744 | + rorl $4, %edx | |
20745 | + movl des_SPtrans(%ebx),%ebp | |
20746 | + movb %dl, %bl | |
20747 | + xorl %ebp, %esi | |
20748 | + movl 0x200+des_SPtrans(%ecx),%ebp | |
20749 | + xorl %ebp, %esi | |
20750 | + movb %dh, %cl | |
20751 | + shrl $16, %eax | |
20752 | + movl 0x100+des_SPtrans(%ebx),%ebp | |
20753 | + xorl %ebp, %esi | |
20754 | + movb %ah, %bl | |
20755 | + shrl $16, %edx | |
20756 | + movl 0x300+des_SPtrans(%ecx),%ebp | |
20757 | + xorl %ebp, %esi | |
20758 | + movl 24(%esp), %ebp | |
20759 | + movb %dh, %cl | |
20760 | + andl $0xff, %eax | |
20761 | + andl $0xff, %edx | |
20762 | + movl 0x600+des_SPtrans(%ebx),%ebx | |
20763 | + xorl %ebx, %esi | |
20764 | + movl 0x700+des_SPtrans(%ecx),%ebx | |
20765 | + xorl %ebx, %esi | |
20766 | + movl 0x400+des_SPtrans(%eax),%ebx | |
20767 | + xorl %ebx, %esi | |
20768 | + movl 0x500+des_SPtrans(%edx),%ebx | |
20769 | + xorl %ebx, %esi | |
20770 | + | |
20771 | + | |
20772 | + movl 72(%ebp), %eax | |
20773 | + xorl %ebx, %ebx | |
20774 | + movl 76(%ebp), %edx | |
20775 | + xorl %esi, %eax | |
20776 | + xorl %esi, %edx | |
20777 | + andl $0xfcfcfcfc, %eax | |
20778 | + andl $0xcfcfcfcf, %edx | |
20779 | + movb %al, %bl | |
20780 | + movb %ah, %cl | |
20781 | + rorl $4, %edx | |
20782 | + movl des_SPtrans(%ebx),%ebp | |
20783 | + movb %dl, %bl | |
20784 | + xorl %ebp, %edi | |
20785 | + movl 0x200+des_SPtrans(%ecx),%ebp | |
20786 | + xorl %ebp, %edi | |
20787 | + movb %dh, %cl | |
20788 | + shrl $16, %eax | |
20789 | + movl 0x100+des_SPtrans(%ebx),%ebp | |
20790 | + xorl %ebp, %edi | |
20791 | + movb %ah, %bl | |
20792 | + shrl $16, %edx | |
20793 | + movl 0x300+des_SPtrans(%ecx),%ebp | |
20794 | + xorl %ebp, %edi | |
20795 | + movl 24(%esp), %ebp | |
20796 | + movb %dh, %cl | |
20797 | + andl $0xff, %eax | |
20798 | + andl $0xff, %edx | |
20799 | + movl 0x600+des_SPtrans(%ebx),%ebx | |
20800 | + xorl %ebx, %edi | |
20801 | + movl 0x700+des_SPtrans(%ecx),%ebx | |
20802 | + xorl %ebx, %edi | |
20803 | + movl 0x400+des_SPtrans(%eax),%ebx | |
20804 | + xorl %ebx, %edi | |
20805 | + movl 0x500+des_SPtrans(%edx),%ebx | |
20806 | + xorl %ebx, %edi | |
20807 | + | |
20808 | + | |
20809 | + movl 64(%ebp), %eax | |
20810 | + xorl %ebx, %ebx | |
20811 | + movl 68(%ebp), %edx | |
20812 | + xorl %edi, %eax | |
20813 | + xorl %edi, %edx | |
20814 | + andl $0xfcfcfcfc, %eax | |
20815 | + andl $0xcfcfcfcf, %edx | |
20816 | + movb %al, %bl | |
20817 | + movb %ah, %cl | |
20818 | + rorl $4, %edx | |
20819 | + movl des_SPtrans(%ebx),%ebp | |
20820 | + movb %dl, %bl | |
20821 | + xorl %ebp, %esi | |
20822 | + movl 0x200+des_SPtrans(%ecx),%ebp | |
20823 | + xorl %ebp, %esi | |
20824 | + movb %dh, %cl | |
20825 | + shrl $16, %eax | |
20826 | + movl 0x100+des_SPtrans(%ebx),%ebp | |
20827 | + xorl %ebp, %esi | |
20828 | + movb %ah, %bl | |
20829 | + shrl $16, %edx | |
20830 | + movl 0x300+des_SPtrans(%ecx),%ebp | |
20831 | + xorl %ebp, %esi | |
20832 | + movl 24(%esp), %ebp | |
20833 | + movb %dh, %cl | |
20834 | + andl $0xff, %eax | |
20835 | + andl $0xff, %edx | |
20836 | + movl 0x600+des_SPtrans(%ebx),%ebx | |
20837 | + xorl %ebx, %esi | |
20838 | + movl 0x700+des_SPtrans(%ecx),%ebx | |
20839 | + xorl %ebx, %esi | |
20840 | + movl 0x400+des_SPtrans(%eax),%ebx | |
20841 | + xorl %ebx, %esi | |
20842 | + movl 0x500+des_SPtrans(%edx),%ebx | |
20843 | + xorl %ebx, %esi | |
20844 | + | |
20845 | + | |
20846 | + movl 56(%ebp), %eax | |
20847 | + xorl %ebx, %ebx | |
20848 | + movl 60(%ebp), %edx | |
20849 | + xorl %esi, %eax | |
20850 | + xorl %esi, %edx | |
20851 | + andl $0xfcfcfcfc, %eax | |
20852 | + andl $0xcfcfcfcf, %edx | |
20853 | + movb %al, %bl | |
20854 | + movb %ah, %cl | |
20855 | + rorl $4, %edx | |
20856 | + movl des_SPtrans(%ebx),%ebp | |
20857 | + movb %dl, %bl | |
20858 | + xorl %ebp, %edi | |
20859 | + movl 0x200+des_SPtrans(%ecx),%ebp | |
20860 | + xorl %ebp, %edi | |
20861 | + movb %dh, %cl | |
20862 | + shrl $16, %eax | |
20863 | + movl 0x100+des_SPtrans(%ebx),%ebp | |
20864 | + xorl %ebp, %edi | |
20865 | + movb %ah, %bl | |
20866 | + shrl $16, %edx | |
20867 | + movl 0x300+des_SPtrans(%ecx),%ebp | |
20868 | + xorl %ebp, %edi | |
20869 | + movl 24(%esp), %ebp | |
20870 | + movb %dh, %cl | |
20871 | + andl $0xff, %eax | |
20872 | + andl $0xff, %edx | |
20873 | + movl 0x600+des_SPtrans(%ebx),%ebx | |
20874 | + xorl %ebx, %edi | |
20875 | + movl 0x700+des_SPtrans(%ecx),%ebx | |
20876 | + xorl %ebx, %edi | |
20877 | + movl 0x400+des_SPtrans(%eax),%ebx | |
20878 | + xorl %ebx, %edi | |
20879 | + movl 0x500+des_SPtrans(%edx),%ebx | |
20880 | + xorl %ebx, %edi | |
20881 | + | |
20882 | + | |
20883 | + movl 48(%ebp), %eax | |
20884 | + xorl %ebx, %ebx | |
20885 | + movl 52(%ebp), %edx | |
20886 | + xorl %edi, %eax | |
20887 | + xorl %edi, %edx | |
20888 | + andl $0xfcfcfcfc, %eax | |
20889 | + andl $0xcfcfcfcf, %edx | |
20890 | + movb %al, %bl | |
20891 | + movb %ah, %cl | |
20892 | + rorl $4, %edx | |
20893 | + movl des_SPtrans(%ebx),%ebp | |
20894 | + movb %dl, %bl | |
20895 | + xorl %ebp, %esi | |
20896 | + movl 0x200+des_SPtrans(%ecx),%ebp | |
20897 | + xorl %ebp, %esi | |
20898 | + movb %dh, %cl | |
20899 | + shrl $16, %eax | |
20900 | + movl 0x100+des_SPtrans(%ebx),%ebp | |
20901 | + xorl %ebp, %esi | |
20902 | + movb %ah, %bl | |
20903 | + shrl $16, %edx | |
20904 | + movl 0x300+des_SPtrans(%ecx),%ebp | |
20905 | + xorl %ebp, %esi | |
20906 | + movl 24(%esp), %ebp | |
20907 | + movb %dh, %cl | |
20908 | + andl $0xff, %eax | |
20909 | + andl $0xff, %edx | |
20910 | + movl 0x600+des_SPtrans(%ebx),%ebx | |
20911 | + xorl %ebx, %esi | |
20912 | + movl 0x700+des_SPtrans(%ecx),%ebx | |
20913 | + xorl %ebx, %esi | |
20914 | + movl 0x400+des_SPtrans(%eax),%ebx | |
20915 | + xorl %ebx, %esi | |
20916 | + movl 0x500+des_SPtrans(%edx),%ebx | |
20917 | + xorl %ebx, %esi | |
20918 | + | |
20919 | + | |
20920 | + movl 40(%ebp), %eax | |
20921 | + xorl %ebx, %ebx | |
20922 | + movl 44(%ebp), %edx | |
20923 | + xorl %esi, %eax | |
20924 | + xorl %esi, %edx | |
20925 | + andl $0xfcfcfcfc, %eax | |
20926 | + andl $0xcfcfcfcf, %edx | |
20927 | + movb %al, %bl | |
20928 | + movb %ah, %cl | |
20929 | + rorl $4, %edx | |
20930 | + movl des_SPtrans(%ebx),%ebp | |
20931 | + movb %dl, %bl | |
20932 | + xorl %ebp, %edi | |
20933 | + movl 0x200+des_SPtrans(%ecx),%ebp | |
20934 | + xorl %ebp, %edi | |
20935 | + movb %dh, %cl | |
20936 | + shrl $16, %eax | |
20937 | + movl 0x100+des_SPtrans(%ebx),%ebp | |
20938 | + xorl %ebp, %edi | |
20939 | + movb %ah, %bl | |
20940 | + shrl $16, %edx | |
20941 | + movl 0x300+des_SPtrans(%ecx),%ebp | |
20942 | + xorl %ebp, %edi | |
20943 | + movl 24(%esp), %ebp | |
20944 | + movb %dh, %cl | |
20945 | + andl $0xff, %eax | |
20946 | + andl $0xff, %edx | |
20947 | + movl 0x600+des_SPtrans(%ebx),%ebx | |
20948 | + xorl %ebx, %edi | |
20949 | + movl 0x700+des_SPtrans(%ecx),%ebx | |
20950 | + xorl %ebx, %edi | |
20951 | + movl 0x400+des_SPtrans(%eax),%ebx | |
20952 | + xorl %ebx, %edi | |
20953 | + movl 0x500+des_SPtrans(%edx),%ebx | |
20954 | + xorl %ebx, %edi | |
20955 | + | |
20956 | + | |
20957 | + movl 32(%ebp), %eax | |
20958 | + xorl %ebx, %ebx | |
20959 | + movl 36(%ebp), %edx | |
20960 | + xorl %edi, %eax | |
20961 | + xorl %edi, %edx | |
20962 | + andl $0xfcfcfcfc, %eax | |
20963 | + andl $0xcfcfcfcf, %edx | |
20964 | + movb %al, %bl | |
20965 | + movb %ah, %cl | |
20966 | + rorl $4, %edx | |
20967 | + movl des_SPtrans(%ebx),%ebp | |
20968 | + movb %dl, %bl | |
20969 | + xorl %ebp, %esi | |
20970 | + movl 0x200+des_SPtrans(%ecx),%ebp | |
20971 | + xorl %ebp, %esi | |
20972 | + movb %dh, %cl | |
20973 | + shrl $16, %eax | |
20974 | + movl 0x100+des_SPtrans(%ebx),%ebp | |
20975 | + xorl %ebp, %esi | |
20976 | + movb %ah, %bl | |
20977 | + shrl $16, %edx | |
20978 | + movl 0x300+des_SPtrans(%ecx),%ebp | |
20979 | + xorl %ebp, %esi | |
20980 | + movl 24(%esp), %ebp | |
20981 | + movb %dh, %cl | |
20982 | + andl $0xff, %eax | |
20983 | + andl $0xff, %edx | |
20984 | + movl 0x600+des_SPtrans(%ebx),%ebx | |
20985 | + xorl %ebx, %esi | |
20986 | + movl 0x700+des_SPtrans(%ecx),%ebx | |
20987 | + xorl %ebx, %esi | |
20988 | + movl 0x400+des_SPtrans(%eax),%ebx | |
20989 | + xorl %ebx, %esi | |
20990 | + movl 0x500+des_SPtrans(%edx),%ebx | |
20991 | + xorl %ebx, %esi | |
20992 | + | |
20993 | + | |
20994 | + movl 24(%ebp), %eax | |
20995 | + xorl %ebx, %ebx | |
20996 | + movl 28(%ebp), %edx | |
20997 | + xorl %esi, %eax | |
20998 | + xorl %esi, %edx | |
20999 | + andl $0xfcfcfcfc, %eax | |
21000 | + andl $0xcfcfcfcf, %edx | |
21001 | + movb %al, %bl | |
21002 | + movb %ah, %cl | |
21003 | + rorl $4, %edx | |
21004 | + movl des_SPtrans(%ebx),%ebp | |
21005 | + movb %dl, %bl | |
21006 | + xorl %ebp, %edi | |
21007 | + movl 0x200+des_SPtrans(%ecx),%ebp | |
21008 | + xorl %ebp, %edi | |
21009 | + movb %dh, %cl | |
21010 | + shrl $16, %eax | |
21011 | + movl 0x100+des_SPtrans(%ebx),%ebp | |
21012 | + xorl %ebp, %edi | |
21013 | + movb %ah, %bl | |
21014 | + shrl $16, %edx | |
21015 | + movl 0x300+des_SPtrans(%ecx),%ebp | |
21016 | + xorl %ebp, %edi | |
21017 | + movl 24(%esp), %ebp | |
21018 | + movb %dh, %cl | |
21019 | + andl $0xff, %eax | |
21020 | + andl $0xff, %edx | |
21021 | + movl 0x600+des_SPtrans(%ebx),%ebx | |
21022 | + xorl %ebx, %edi | |
21023 | + movl 0x700+des_SPtrans(%ecx),%ebx | |
21024 | + xorl %ebx, %edi | |
21025 | + movl 0x400+des_SPtrans(%eax),%ebx | |
21026 | + xorl %ebx, %edi | |
21027 | + movl 0x500+des_SPtrans(%edx),%ebx | |
21028 | + xorl %ebx, %edi | |
21029 | + | |
21030 | + | |
21031 | + movl 16(%ebp), %eax | |
21032 | + xorl %ebx, %ebx | |
21033 | + movl 20(%ebp), %edx | |
21034 | + xorl %edi, %eax | |
21035 | + xorl %edi, %edx | |
21036 | + andl $0xfcfcfcfc, %eax | |
21037 | + andl $0xcfcfcfcf, %edx | |
21038 | + movb %al, %bl | |
21039 | + movb %ah, %cl | |
21040 | + rorl $4, %edx | |
21041 | + movl des_SPtrans(%ebx),%ebp | |
21042 | + movb %dl, %bl | |
21043 | + xorl %ebp, %esi | |
21044 | + movl 0x200+des_SPtrans(%ecx),%ebp | |
21045 | + xorl %ebp, %esi | |
21046 | + movb %dh, %cl | |
21047 | + shrl $16, %eax | |
21048 | + movl 0x100+des_SPtrans(%ebx),%ebp | |
21049 | + xorl %ebp, %esi | |
21050 | + movb %ah, %bl | |
21051 | + shrl $16, %edx | |
21052 | + movl 0x300+des_SPtrans(%ecx),%ebp | |
21053 | + xorl %ebp, %esi | |
21054 | + movl 24(%esp), %ebp | |
21055 | + movb %dh, %cl | |
21056 | + andl $0xff, %eax | |
21057 | + andl $0xff, %edx | |
21058 | + movl 0x600+des_SPtrans(%ebx),%ebx | |
21059 | + xorl %ebx, %esi | |
21060 | + movl 0x700+des_SPtrans(%ecx),%ebx | |
21061 | + xorl %ebx, %esi | |
21062 | + movl 0x400+des_SPtrans(%eax),%ebx | |
21063 | + xorl %ebx, %esi | |
21064 | + movl 0x500+des_SPtrans(%edx),%ebx | |
21065 | + xorl %ebx, %esi | |
21066 | + | |
21067 | + | |
21068 | + movl 8(%ebp), %eax | |
21069 | + xorl %ebx, %ebx | |
21070 | + movl 12(%ebp), %edx | |
21071 | + xorl %esi, %eax | |
21072 | + xorl %esi, %edx | |
21073 | + andl $0xfcfcfcfc, %eax | |
21074 | + andl $0xcfcfcfcf, %edx | |
21075 | + movb %al, %bl | |
21076 | + movb %ah, %cl | |
21077 | + rorl $4, %edx | |
21078 | + movl des_SPtrans(%ebx),%ebp | |
21079 | + movb %dl, %bl | |
21080 | + xorl %ebp, %edi | |
21081 | + movl 0x200+des_SPtrans(%ecx),%ebp | |
21082 | + xorl %ebp, %edi | |
21083 | + movb %dh, %cl | |
21084 | + shrl $16, %eax | |
21085 | + movl 0x100+des_SPtrans(%ebx),%ebp | |
21086 | + xorl %ebp, %edi | |
21087 | + movb %ah, %bl | |
21088 | + shrl $16, %edx | |
21089 | + movl 0x300+des_SPtrans(%ecx),%ebp | |
21090 | + xorl %ebp, %edi | |
21091 | + movl 24(%esp), %ebp | |
21092 | + movb %dh, %cl | |
21093 | + andl $0xff, %eax | |
21094 | + andl $0xff, %edx | |
21095 | + movl 0x600+des_SPtrans(%ebx),%ebx | |
21096 | + xorl %ebx, %edi | |
21097 | + movl 0x700+des_SPtrans(%ecx),%ebx | |
21098 | + xorl %ebx, %edi | |
21099 | + movl 0x400+des_SPtrans(%eax),%ebx | |
21100 | + xorl %ebx, %edi | |
21101 | + movl 0x500+des_SPtrans(%edx),%ebx | |
21102 | + xorl %ebx, %edi | |
21103 | + | |
21104 | + | |
21105 | + movl (%ebp), %eax | |
21106 | + xorl %ebx, %ebx | |
21107 | + movl 4(%ebp), %edx | |
21108 | + xorl %edi, %eax | |
21109 | + xorl %edi, %edx | |
21110 | + andl $0xfcfcfcfc, %eax | |
21111 | + andl $0xcfcfcfcf, %edx | |
21112 | + movb %al, %bl | |
21113 | + movb %ah, %cl | |
21114 | + rorl $4, %edx | |
21115 | + movl des_SPtrans(%ebx),%ebp | |
21116 | + movb %dl, %bl | |
21117 | + xorl %ebp, %esi | |
21118 | + movl 0x200+des_SPtrans(%ecx),%ebp | |
21119 | + xorl %ebp, %esi | |
21120 | + movb %dh, %cl | |
21121 | + shrl $16, %eax | |
21122 | + movl 0x100+des_SPtrans(%ebx),%ebp | |
21123 | + xorl %ebp, %esi | |
21124 | + movb %ah, %bl | |
21125 | + shrl $16, %edx | |
21126 | + movl 0x300+des_SPtrans(%ecx),%ebp | |
21127 | + xorl %ebp, %esi | |
21128 | + movl 24(%esp), %ebp | |
21129 | + movb %dh, %cl | |
21130 | + andl $0xff, %eax | |
21131 | + andl $0xff, %edx | |
21132 | + movl 0x600+des_SPtrans(%ebx),%ebx | |
21133 | + xorl %ebx, %esi | |
21134 | + movl 0x700+des_SPtrans(%ecx),%ebx | |
21135 | + xorl %ebx, %esi | |
21136 | + movl 0x400+des_SPtrans(%eax),%ebx | |
21137 | + xorl %ebx, %esi | |
21138 | + movl 0x500+des_SPtrans(%edx),%ebx | |
21139 | + xorl %ebx, %esi | |
21140 | +.L001end: | |
21141 | + | |
21142 | + | |
21143 | + movl 20(%esp), %edx | |
21144 | +.byte 209 | |
21145 | +.byte 206 | |
21146 | + movl %edi, %eax | |
21147 | + xorl %esi, %edi | |
21148 | + andl $0xaaaaaaaa, %edi | |
21149 | + xorl %edi, %eax | |
21150 | + xorl %edi, %esi | |
21151 | + | |
21152 | + roll $23, %eax | |
21153 | + movl %eax, %edi | |
21154 | + xorl %esi, %eax | |
21155 | + andl $0x03fc03fc, %eax | |
21156 | + xorl %eax, %edi | |
21157 | + xorl %eax, %esi | |
21158 | + | |
21159 | + roll $10, %edi | |
21160 | + movl %edi, %eax | |
21161 | + xorl %esi, %edi | |
21162 | + andl $0x33333333, %edi | |
21163 | + xorl %edi, %eax | |
21164 | + xorl %edi, %esi | |
21165 | + | |
21166 | + roll $18, %esi | |
21167 | + movl %esi, %edi | |
21168 | + xorl %eax, %esi | |
21169 | + andl $0xfff0000f, %esi | |
21170 | + xorl %esi, %edi | |
21171 | + xorl %esi, %eax | |
21172 | + | |
21173 | + roll $12, %edi | |
21174 | + movl %edi, %esi | |
21175 | + xorl %eax, %edi | |
21176 | + andl $0xf0f0f0f0, %edi | |
21177 | + xorl %edi, %esi | |
21178 | + xorl %edi, %eax | |
21179 | + | |
21180 | + rorl $4, %eax | |
21181 | + movl %eax, (%edx) | |
21182 | + movl %esi, 4(%edx) | |
21183 | + popl %ebp | |
21184 | + popl %ebx | |
21185 | + popl %edi | |
21186 | + popl %esi | |
21187 | + ret | |
21188 | +.des_encrypt_end: | |
21189 | + .size des_encrypt , .des_encrypt_end-des_encrypt | |
21190 | +.ident "desasm.pl" | |
21191 | +.text | |
21192 | + .align 16 | |
21193 | +.globl des_encrypt2 | |
21194 | + .type des_encrypt2 , @function | |
21195 | +des_encrypt2: | |
21196 | + pushl %esi | |
21197 | + pushl %edi | |
21198 | + | |
21199 | + | |
21200 | + movl 12(%esp), %eax | |
21201 | + xorl %ecx, %ecx | |
21202 | + pushl %ebx | |
21203 | + pushl %ebp | |
21204 | + movl (%eax), %esi | |
21205 | + movl 28(%esp), %ebx | |
21206 | + roll $3, %esi | |
21207 | + movl 4(%eax), %edi | |
21208 | + roll $3, %edi | |
21209 | + movl 24(%esp), %ebp | |
21210 | + cmpl $0, %ebx | |
21211 | + je .L002start_decrypt | |
21212 | + | |
21213 | + | |
21214 | + movl (%ebp), %eax | |
21215 | + xorl %ebx, %ebx | |
21216 | + movl 4(%ebp), %edx | |
21217 | + xorl %esi, %eax | |
21218 | + xorl %esi, %edx | |
21219 | + andl $0xfcfcfcfc, %eax | |
21220 | + andl $0xcfcfcfcf, %edx | |
21221 | + movb %al, %bl | |
21222 | + movb %ah, %cl | |
21223 | + rorl $4, %edx | |
21224 | + movl des_SPtrans(%ebx),%ebp | |
21225 | + movb %dl, %bl | |
21226 | + xorl %ebp, %edi | |
21227 | + movl 0x200+des_SPtrans(%ecx),%ebp | |
21228 | + xorl %ebp, %edi | |
21229 | + movb %dh, %cl | |
21230 | + shrl $16, %eax | |
21231 | + movl 0x100+des_SPtrans(%ebx),%ebp | |
21232 | + xorl %ebp, %edi | |
21233 | + movb %ah, %bl | |
21234 | + shrl $16, %edx | |
21235 | + movl 0x300+des_SPtrans(%ecx),%ebp | |
21236 | + xorl %ebp, %edi | |
21237 | + movl 24(%esp), %ebp | |
21238 | + movb %dh, %cl | |
21239 | + andl $0xff, %eax | |
21240 | + andl $0xff, %edx | |
21241 | + movl 0x600+des_SPtrans(%ebx),%ebx | |
21242 | + xorl %ebx, %edi | |
21243 | + movl 0x700+des_SPtrans(%ecx),%ebx | |
21244 | + xorl %ebx, %edi | |
21245 | + movl 0x400+des_SPtrans(%eax),%ebx | |
21246 | + xorl %ebx, %edi | |
21247 | + movl 0x500+des_SPtrans(%edx),%ebx | |
21248 | + xorl %ebx, %edi | |
21249 | + | |
21250 | + | |
21251 | + movl 8(%ebp), %eax | |
21252 | + xorl %ebx, %ebx | |
21253 | + movl 12(%ebp), %edx | |
21254 | + xorl %edi, %eax | |
21255 | + xorl %edi, %edx | |
21256 | + andl $0xfcfcfcfc, %eax | |
21257 | + andl $0xcfcfcfcf, %edx | |
21258 | + movb %al, %bl | |
21259 | + movb %ah, %cl | |
21260 | + rorl $4, %edx | |
21261 | + movl des_SPtrans(%ebx),%ebp | |
21262 | + movb %dl, %bl | |
21263 | + xorl %ebp, %esi | |
21264 | + movl 0x200+des_SPtrans(%ecx),%ebp | |
21265 | + xorl %ebp, %esi | |
21266 | + movb %dh, %cl | |
21267 | + shrl $16, %eax | |
21268 | + movl 0x100+des_SPtrans(%ebx),%ebp | |
21269 | + xorl %ebp, %esi | |
21270 | + movb %ah, %bl | |
21271 | + shrl $16, %edx | |
21272 | + movl 0x300+des_SPtrans(%ecx),%ebp | |
21273 | + xorl %ebp, %esi | |
21274 | + movl 24(%esp), %ebp | |
21275 | + movb %dh, %cl | |
21276 | + andl $0xff, %eax | |
21277 | + andl $0xff, %edx | |
21278 | + movl 0x600+des_SPtrans(%ebx),%ebx | |
21279 | + xorl %ebx, %esi | |
21280 | + movl 0x700+des_SPtrans(%ecx),%ebx | |
21281 | + xorl %ebx, %esi | |
21282 | + movl 0x400+des_SPtrans(%eax),%ebx | |
21283 | + xorl %ebx, %esi | |
21284 | + movl 0x500+des_SPtrans(%edx),%ebx | |
21285 | + xorl %ebx, %esi | |
21286 | + | |
21287 | + | |
21288 | + movl 16(%ebp), %eax | |
21289 | + xorl %ebx, %ebx | |
21290 | + movl 20(%ebp), %edx | |
21291 | + xorl %esi, %eax | |
21292 | + xorl %esi, %edx | |
21293 | + andl $0xfcfcfcfc, %eax | |
21294 | + andl $0xcfcfcfcf, %edx | |
21295 | + movb %al, %bl | |
21296 | + movb %ah, %cl | |
21297 | + rorl $4, %edx | |
21298 | + movl des_SPtrans(%ebx),%ebp | |
21299 | + movb %dl, %bl | |
21300 | + xorl %ebp, %edi | |
21301 | + movl 0x200+des_SPtrans(%ecx),%ebp | |
21302 | + xorl %ebp, %edi | |
21303 | + movb %dh, %cl | |
21304 | + shrl $16, %eax | |
21305 | + movl 0x100+des_SPtrans(%ebx),%ebp | |
21306 | + xorl %ebp, %edi | |
21307 | + movb %ah, %bl | |
21308 | + shrl $16, %edx | |
21309 | + movl 0x300+des_SPtrans(%ecx),%ebp | |
21310 | + xorl %ebp, %edi | |
21311 | + movl 24(%esp), %ebp | |
21312 | + movb %dh, %cl | |
21313 | + andl $0xff, %eax | |
21314 | + andl $0xff, %edx | |
21315 | + movl 0x600+des_SPtrans(%ebx),%ebx | |
21316 | + xorl %ebx, %edi | |
21317 | + movl 0x700+des_SPtrans(%ecx),%ebx | |
21318 | + xorl %ebx, %edi | |
21319 | + movl 0x400+des_SPtrans(%eax),%ebx | |
21320 | + xorl %ebx, %edi | |
21321 | + movl 0x500+des_SPtrans(%edx),%ebx | |
21322 | + xorl %ebx, %edi | |
21323 | + | |
21324 | + | |
21325 | + movl 24(%ebp), %eax | |
21326 | + xorl %ebx, %ebx | |
21327 | + movl 28(%ebp), %edx | |
21328 | + xorl %edi, %eax | |
21329 | + xorl %edi, %edx | |
21330 | + andl $0xfcfcfcfc, %eax | |
21331 | + andl $0xcfcfcfcf, %edx | |
21332 | + movb %al, %bl | |
21333 | + movb %ah, %cl | |
21334 | + rorl $4, %edx | |
21335 | + movl des_SPtrans(%ebx),%ebp | |
21336 | + movb %dl, %bl | |
21337 | + xorl %ebp, %esi | |
21338 | + movl 0x200+des_SPtrans(%ecx),%ebp | |
21339 | + xorl %ebp, %esi | |
21340 | + movb %dh, %cl | |
21341 | + shrl $16, %eax | |
21342 | + movl 0x100+des_SPtrans(%ebx),%ebp | |
21343 | + xorl %ebp, %esi | |
21344 | + movb %ah, %bl | |
21345 | + shrl $16, %edx | |
21346 | + movl 0x300+des_SPtrans(%ecx),%ebp | |
21347 | + xorl %ebp, %esi | |
21348 | + movl 24(%esp), %ebp | |
21349 | + movb %dh, %cl | |
21350 | + andl $0xff, %eax | |
21351 | + andl $0xff, %edx | |
21352 | + movl 0x600+des_SPtrans(%ebx),%ebx | |
21353 | + xorl %ebx, %esi | |
21354 | + movl 0x700+des_SPtrans(%ecx),%ebx | |
21355 | + xorl %ebx, %esi | |
21356 | + movl 0x400+des_SPtrans(%eax),%ebx | |
21357 | + xorl %ebx, %esi | |
21358 | + movl 0x500+des_SPtrans(%edx),%ebx | |
21359 | + xorl %ebx, %esi | |
21360 | + | |
21361 | + | |
21362 | + movl 32(%ebp), %eax | |
21363 | + xorl %ebx, %ebx | |
21364 | + movl 36(%ebp), %edx | |
21365 | + xorl %esi, %eax | |
21366 | + xorl %esi, %edx | |
21367 | + andl $0xfcfcfcfc, %eax | |
21368 | + andl $0xcfcfcfcf, %edx | |
21369 | + movb %al, %bl | |
21370 | + movb %ah, %cl | |
21371 | + rorl $4, %edx | |
21372 | + movl des_SPtrans(%ebx),%ebp | |
21373 | + movb %dl, %bl | |
21374 | + xorl %ebp, %edi | |
21375 | + movl 0x200+des_SPtrans(%ecx),%ebp | |
21376 | + xorl %ebp, %edi | |
21377 | + movb %dh, %cl | |
21378 | + shrl $16, %eax | |
21379 | + movl 0x100+des_SPtrans(%ebx),%ebp | |
21380 | + xorl %ebp, %edi | |
21381 | + movb %ah, %bl | |
21382 | + shrl $16, %edx | |
21383 | + movl 0x300+des_SPtrans(%ecx),%ebp | |
21384 | + xorl %ebp, %edi | |
21385 | + movl 24(%esp), %ebp | |
21386 | + movb %dh, %cl | |
21387 | + andl $0xff, %eax | |
21388 | + andl $0xff, %edx | |
21389 | + movl 0x600+des_SPtrans(%ebx),%ebx | |
21390 | + xorl %ebx, %edi | |
21391 | + movl 0x700+des_SPtrans(%ecx),%ebx | |
21392 | + xorl %ebx, %edi | |
21393 | + movl 0x400+des_SPtrans(%eax),%ebx | |
21394 | + xorl %ebx, %edi | |
21395 | + movl 0x500+des_SPtrans(%edx),%ebx | |
21396 | + xorl %ebx, %edi | |
21397 | + | |
21398 | + | |
21399 | + movl 40(%ebp), %eax | |
21400 | + xorl %ebx, %ebx | |
21401 | + movl 44(%ebp), %edx | |
21402 | + xorl %edi, %eax | |
21403 | + xorl %edi, %edx | |
21404 | + andl $0xfcfcfcfc, %eax | |
21405 | + andl $0xcfcfcfcf, %edx | |
21406 | + movb %al, %bl | |
21407 | + movb %ah, %cl | |
21408 | + rorl $4, %edx | |
21409 | + movl des_SPtrans(%ebx),%ebp | |
21410 | + movb %dl, %bl | |
21411 | + xorl %ebp, %esi | |
21412 | + movl 0x200+des_SPtrans(%ecx),%ebp | |
21413 | + xorl %ebp, %esi | |
21414 | + movb %dh, %cl | |
21415 | + shrl $16, %eax | |
21416 | + movl 0x100+des_SPtrans(%ebx),%ebp | |
21417 | + xorl %ebp, %esi | |
21418 | + movb %ah, %bl | |
21419 | + shrl $16, %edx | |
21420 | + movl 0x300+des_SPtrans(%ecx),%ebp | |
21421 | + xorl %ebp, %esi | |
21422 | + movl 24(%esp), %ebp | |
21423 | + movb %dh, %cl | |
21424 | + andl $0xff, %eax | |
21425 | + andl $0xff, %edx | |
21426 | + movl 0x600+des_SPtrans(%ebx),%ebx | |
21427 | + xorl %ebx, %esi | |
21428 | + movl 0x700+des_SPtrans(%ecx),%ebx | |
21429 | + xorl %ebx, %esi | |
21430 | + movl 0x400+des_SPtrans(%eax),%ebx | |
21431 | + xorl %ebx, %esi | |
21432 | + movl 0x500+des_SPtrans(%edx),%ebx | |
21433 | + xorl %ebx, %esi | |
21434 | + | |
21435 | + | |
21436 | + movl 48(%ebp), %eax | |
21437 | + xorl %ebx, %ebx | |
21438 | + movl 52(%ebp), %edx | |
21439 | + xorl %esi, %eax | |
21440 | + xorl %esi, %edx | |
21441 | + andl $0xfcfcfcfc, %eax | |
21442 | + andl $0xcfcfcfcf, %edx | |
21443 | + movb %al, %bl | |
21444 | + movb %ah, %cl | |
21445 | + rorl $4, %edx | |
21446 | + movl des_SPtrans(%ebx),%ebp | |
21447 | + movb %dl, %bl | |
21448 | + xorl %ebp, %edi | |
21449 | + movl 0x200+des_SPtrans(%ecx),%ebp | |
21450 | + xorl %ebp, %edi | |
21451 | + movb %dh, %cl | |
21452 | + shrl $16, %eax | |
21453 | + movl 0x100+des_SPtrans(%ebx),%ebp | |
21454 | + xorl %ebp, %edi | |
21455 | + movb %ah, %bl | |
21456 | + shrl $16, %edx | |
21457 | + movl 0x300+des_SPtrans(%ecx),%ebp | |
21458 | + xorl %ebp, %edi | |
21459 | + movl 24(%esp), %ebp | |
21460 | + movb %dh, %cl | |
21461 | + andl $0xff, %eax | |
21462 | + andl $0xff, %edx | |
21463 | + movl 0x600+des_SPtrans(%ebx),%ebx | |
21464 | + xorl %ebx, %edi | |
21465 | + movl 0x700+des_SPtrans(%ecx),%ebx | |
21466 | + xorl %ebx, %edi | |
21467 | + movl 0x400+des_SPtrans(%eax),%ebx | |
21468 | + xorl %ebx, %edi | |
21469 | + movl 0x500+des_SPtrans(%edx),%ebx | |
21470 | + xorl %ebx, %edi | |
21471 | + | |
21472 | + | |
21473 | + movl 56(%ebp), %eax | |
21474 | + xorl %ebx, %ebx | |
21475 | + movl 60(%ebp), %edx | |
21476 | + xorl %edi, %eax | |
21477 | + xorl %edi, %edx | |
21478 | + andl $0xfcfcfcfc, %eax | |
21479 | + andl $0xcfcfcfcf, %edx | |
21480 | + movb %al, %bl | |
21481 | + movb %ah, %cl | |
21482 | + rorl $4, %edx | |
21483 | + movl des_SPtrans(%ebx),%ebp | |
21484 | + movb %dl, %bl | |
21485 | + xorl %ebp, %esi | |
21486 | + movl 0x200+des_SPtrans(%ecx),%ebp | |
21487 | + xorl %ebp, %esi | |
21488 | + movb %dh, %cl | |
21489 | + shrl $16, %eax | |
21490 | + movl 0x100+des_SPtrans(%ebx),%ebp | |
21491 | + xorl %ebp, %esi | |
21492 | + movb %ah, %bl | |
21493 | + shrl $16, %edx | |
21494 | + movl 0x300+des_SPtrans(%ecx),%ebp | |
21495 | + xorl %ebp, %esi | |
21496 | + movl 24(%esp), %ebp | |
21497 | + movb %dh, %cl | |
21498 | + andl $0xff, %eax | |
21499 | + andl $0xff, %edx | |
21500 | + movl 0x600+des_SPtrans(%ebx),%ebx | |
21501 | + xorl %ebx, %esi | |
21502 | + movl 0x700+des_SPtrans(%ecx),%ebx | |
21503 | + xorl %ebx, %esi | |
21504 | + movl 0x400+des_SPtrans(%eax),%ebx | |
21505 | + xorl %ebx, %esi | |
21506 | + movl 0x500+des_SPtrans(%edx),%ebx | |
21507 | + xorl %ebx, %esi | |
21508 | + | |
21509 | + | |
21510 | + movl 64(%ebp), %eax | |
21511 | + xorl %ebx, %ebx | |
21512 | + movl 68(%ebp), %edx | |
21513 | + xorl %esi, %eax | |
21514 | + xorl %esi, %edx | |
21515 | + andl $0xfcfcfcfc, %eax | |
21516 | + andl $0xcfcfcfcf, %edx | |
21517 | + movb %al, %bl | |
21518 | + movb %ah, %cl | |
21519 | + rorl $4, %edx | |
21520 | + movl des_SPtrans(%ebx),%ebp | |
21521 | + movb %dl, %bl | |
21522 | + xorl %ebp, %edi | |
21523 | + movl 0x200+des_SPtrans(%ecx),%ebp | |
21524 | + xorl %ebp, %edi | |
21525 | + movb %dh, %cl | |
21526 | + shrl $16, %eax | |
21527 | + movl 0x100+des_SPtrans(%ebx),%ebp | |
21528 | + xorl %ebp, %edi | |
21529 | + movb %ah, %bl | |
21530 | + shrl $16, %edx | |
21531 | + movl 0x300+des_SPtrans(%ecx),%ebp | |
21532 | + xorl %ebp, %edi | |
21533 | + movl 24(%esp), %ebp | |
21534 | + movb %dh, %cl | |
21535 | + andl $0xff, %eax | |
21536 | + andl $0xff, %edx | |
21537 | + movl 0x600+des_SPtrans(%ebx),%ebx | |
21538 | + xorl %ebx, %edi | |
21539 | + movl 0x700+des_SPtrans(%ecx),%ebx | |
21540 | + xorl %ebx, %edi | |
21541 | + movl 0x400+des_SPtrans(%eax),%ebx | |
21542 | + xorl %ebx, %edi | |
21543 | + movl 0x500+des_SPtrans(%edx),%ebx | |
21544 | + xorl %ebx, %edi | |
21545 | + | |
21546 | + | |
21547 | + movl 72(%ebp), %eax | |
21548 | + xorl %ebx, %ebx | |
21549 | + movl 76(%ebp), %edx | |
21550 | + xorl %edi, %eax | |
21551 | + xorl %edi, %edx | |
21552 | + andl $0xfcfcfcfc, %eax | |
21553 | + andl $0xcfcfcfcf, %edx | |
21554 | + movb %al, %bl | |
21555 | + movb %ah, %cl | |
21556 | + rorl $4, %edx | |
21557 | + movl des_SPtrans(%ebx),%ebp | |
21558 | + movb %dl, %bl | |
21559 | + xorl %ebp, %esi | |
21560 | + movl 0x200+des_SPtrans(%ecx),%ebp | |
21561 | + xorl %ebp, %esi | |
21562 | + movb %dh, %cl | |
21563 | + shrl $16, %eax | |
21564 | + movl 0x100+des_SPtrans(%ebx),%ebp | |
21565 | + xorl %ebp, %esi | |
21566 | + movb %ah, %bl | |
21567 | + shrl $16, %edx | |
21568 | + movl 0x300+des_SPtrans(%ecx),%ebp | |
21569 | + xorl %ebp, %esi | |
21570 | + movl 24(%esp), %ebp | |
21571 | + movb %dh, %cl | |
21572 | + andl $0xff, %eax | |
21573 | + andl $0xff, %edx | |
21574 | + movl 0x600+des_SPtrans(%ebx),%ebx | |
21575 | + xorl %ebx, %esi | |
21576 | + movl 0x700+des_SPtrans(%ecx),%ebx | |
21577 | + xorl %ebx, %esi | |
21578 | + movl 0x400+des_SPtrans(%eax),%ebx | |
21579 | + xorl %ebx, %esi | |
21580 | + movl 0x500+des_SPtrans(%edx),%ebx | |
21581 | + xorl %ebx, %esi | |
21582 | + | |
21583 | + | |
21584 | + movl 80(%ebp), %eax | |
21585 | + xorl %ebx, %ebx | |
21586 | + movl 84(%ebp), %edx | |
21587 | + xorl %esi, %eax | |
21588 | + xorl %esi, %edx | |
21589 | + andl $0xfcfcfcfc, %eax | |
21590 | + andl $0xcfcfcfcf, %edx | |
21591 | + movb %al, %bl | |
21592 | + movb %ah, %cl | |
21593 | + rorl $4, %edx | |
21594 | + movl des_SPtrans(%ebx),%ebp | |
21595 | + movb %dl, %bl | |
21596 | + xorl %ebp, %edi | |
21597 | + movl 0x200+des_SPtrans(%ecx),%ebp | |
21598 | + xorl %ebp, %edi | |
21599 | + movb %dh, %cl | |
21600 | + shrl $16, %eax | |
21601 | + movl 0x100+des_SPtrans(%ebx),%ebp | |
21602 | + xorl %ebp, %edi | |
21603 | + movb %ah, %bl | |
21604 | + shrl $16, %edx | |
21605 | + movl 0x300+des_SPtrans(%ecx),%ebp | |
21606 | + xorl %ebp, %edi | |
21607 | + movl 24(%esp), %ebp | |
21608 | + movb %dh, %cl | |
21609 | + andl $0xff, %eax | |
21610 | + andl $0xff, %edx | |
21611 | + movl 0x600+des_SPtrans(%ebx),%ebx | |
21612 | + xorl %ebx, %edi | |
21613 | + movl 0x700+des_SPtrans(%ecx),%ebx | |
21614 | + xorl %ebx, %edi | |
21615 | + movl 0x400+des_SPtrans(%eax),%ebx | |
21616 | + xorl %ebx, %edi | |
21617 | + movl 0x500+des_SPtrans(%edx),%ebx | |
21618 | + xorl %ebx, %edi | |
21619 | + | |
21620 | + | |
21621 | + movl 88(%ebp), %eax | |
21622 | + xorl %ebx, %ebx | |
21623 | + movl 92(%ebp), %edx | |
21624 | + xorl %edi, %eax | |
21625 | + xorl %edi, %edx | |
21626 | + andl $0xfcfcfcfc, %eax | |
21627 | + andl $0xcfcfcfcf, %edx | |
21628 | + movb %al, %bl | |
21629 | + movb %ah, %cl | |
21630 | + rorl $4, %edx | |
21631 | + movl des_SPtrans(%ebx),%ebp | |
21632 | + movb %dl, %bl | |
21633 | + xorl %ebp, %esi | |
21634 | + movl 0x200+des_SPtrans(%ecx),%ebp | |
21635 | + xorl %ebp, %esi | |
21636 | + movb %dh, %cl | |
21637 | + shrl $16, %eax | |
21638 | + movl 0x100+des_SPtrans(%ebx),%ebp | |
21639 | + xorl %ebp, %esi | |
21640 | + movb %ah, %bl | |
21641 | + shrl $16, %edx | |
21642 | + movl 0x300+des_SPtrans(%ecx),%ebp | |
21643 | + xorl %ebp, %esi | |
21644 | + movl 24(%esp), %ebp | |
21645 | + movb %dh, %cl | |
21646 | + andl $0xff, %eax | |
21647 | + andl $0xff, %edx | |
21648 | + movl 0x600+des_SPtrans(%ebx),%ebx | |
21649 | + xorl %ebx, %esi | |
21650 | + movl 0x700+des_SPtrans(%ecx),%ebx | |
21651 | + xorl %ebx, %esi | |
21652 | + movl 0x400+des_SPtrans(%eax),%ebx | |
21653 | + xorl %ebx, %esi | |
21654 | + movl 0x500+des_SPtrans(%edx),%ebx | |
21655 | + xorl %ebx, %esi | |
21656 | + | |
21657 | + | |
21658 | + movl 96(%ebp), %eax | |
21659 | + xorl %ebx, %ebx | |
21660 | + movl 100(%ebp), %edx | |
21661 | + xorl %esi, %eax | |
21662 | + xorl %esi, %edx | |
21663 | + andl $0xfcfcfcfc, %eax | |
21664 | + andl $0xcfcfcfcf, %edx | |
21665 | + movb %al, %bl | |
21666 | + movb %ah, %cl | |
21667 | + rorl $4, %edx | |
21668 | + movl des_SPtrans(%ebx),%ebp | |
21669 | + movb %dl, %bl | |
21670 | + xorl %ebp, %edi | |
21671 | + movl 0x200+des_SPtrans(%ecx),%ebp | |
21672 | + xorl %ebp, %edi | |
21673 | + movb %dh, %cl | |
21674 | + shrl $16, %eax | |
21675 | + movl 0x100+des_SPtrans(%ebx),%ebp | |
21676 | + xorl %ebp, %edi | |
21677 | + movb %ah, %bl | |
21678 | + shrl $16, %edx | |
21679 | + movl 0x300+des_SPtrans(%ecx),%ebp | |
21680 | + xorl %ebp, %edi | |
21681 | + movl 24(%esp), %ebp | |
21682 | + movb %dh, %cl | |
21683 | + andl $0xff, %eax | |
21684 | + andl $0xff, %edx | |
21685 | + movl 0x600+des_SPtrans(%ebx),%ebx | |
21686 | + xorl %ebx, %edi | |
21687 | + movl 0x700+des_SPtrans(%ecx),%ebx | |
21688 | + xorl %ebx, %edi | |
21689 | + movl 0x400+des_SPtrans(%eax),%ebx | |
21690 | + xorl %ebx, %edi | |
21691 | + movl 0x500+des_SPtrans(%edx),%ebx | |
21692 | + xorl %ebx, %edi | |
21693 | + | |
21694 | + | |
21695 | + movl 104(%ebp), %eax | |
21696 | + xorl %ebx, %ebx | |
21697 | + movl 108(%ebp), %edx | |
21698 | + xorl %edi, %eax | |
21699 | + xorl %edi, %edx | |
21700 | + andl $0xfcfcfcfc, %eax | |
21701 | + andl $0xcfcfcfcf, %edx | |
21702 | + movb %al, %bl | |
21703 | + movb %ah, %cl | |
21704 | + rorl $4, %edx | |
21705 | + movl des_SPtrans(%ebx),%ebp | |
21706 | + movb %dl, %bl | |
21707 | + xorl %ebp, %esi | |
21708 | + movl 0x200+des_SPtrans(%ecx),%ebp | |
21709 | + xorl %ebp, %esi | |
21710 | + movb %dh, %cl | |
21711 | + shrl $16, %eax | |
21712 | + movl 0x100+des_SPtrans(%ebx),%ebp | |
21713 | + xorl %ebp, %esi | |
21714 | + movb %ah, %bl | |
21715 | + shrl $16, %edx | |
21716 | + movl 0x300+des_SPtrans(%ecx),%ebp | |
21717 | + xorl %ebp, %esi | |
21718 | + movl 24(%esp), %ebp | |
21719 | + movb %dh, %cl | |
21720 | + andl $0xff, %eax | |
21721 | + andl $0xff, %edx | |
21722 | + movl 0x600+des_SPtrans(%ebx),%ebx | |
21723 | + xorl %ebx, %esi | |
21724 | + movl 0x700+des_SPtrans(%ecx),%ebx | |
21725 | + xorl %ebx, %esi | |
21726 | + movl 0x400+des_SPtrans(%eax),%ebx | |
21727 | + xorl %ebx, %esi | |
21728 | + movl 0x500+des_SPtrans(%edx),%ebx | |
21729 | + xorl %ebx, %esi | |
21730 | + | |
21731 | + | |
21732 | + movl 112(%ebp), %eax | |
21733 | + xorl %ebx, %ebx | |
21734 | + movl 116(%ebp), %edx | |
21735 | + xorl %esi, %eax | |
21736 | + xorl %esi, %edx | |
21737 | + andl $0xfcfcfcfc, %eax | |
21738 | + andl $0xcfcfcfcf, %edx | |
21739 | + movb %al, %bl | |
21740 | + movb %ah, %cl | |
21741 | + rorl $4, %edx | |
21742 | + movl des_SPtrans(%ebx),%ebp | |
21743 | + movb %dl, %bl | |
21744 | + xorl %ebp, %edi | |
21745 | + movl 0x200+des_SPtrans(%ecx),%ebp | |
21746 | + xorl %ebp, %edi | |
21747 | + movb %dh, %cl | |
21748 | + shrl $16, %eax | |
21749 | + movl 0x100+des_SPtrans(%ebx),%ebp | |
21750 | + xorl %ebp, %edi | |
21751 | + movb %ah, %bl | |
21752 | + shrl $16, %edx | |
21753 | + movl 0x300+des_SPtrans(%ecx),%ebp | |
21754 | + xorl %ebp, %edi | |
21755 | + movl 24(%esp), %ebp | |
21756 | + movb %dh, %cl | |
21757 | + andl $0xff, %eax | |
21758 | + andl $0xff, %edx | |
21759 | + movl 0x600+des_SPtrans(%ebx),%ebx | |
21760 | + xorl %ebx, %edi | |
21761 | + movl 0x700+des_SPtrans(%ecx),%ebx | |
21762 | + xorl %ebx, %edi | |
21763 | + movl 0x400+des_SPtrans(%eax),%ebx | |
21764 | + xorl %ebx, %edi | |
21765 | + movl 0x500+des_SPtrans(%edx),%ebx | |
21766 | + xorl %ebx, %edi | |
21767 | + | |
21768 | + | |
21769 | + movl 120(%ebp), %eax | |
21770 | + xorl %ebx, %ebx | |
21771 | + movl 124(%ebp), %edx | |
21772 | + xorl %edi, %eax | |
21773 | + xorl %edi, %edx | |
21774 | + andl $0xfcfcfcfc, %eax | |
21775 | + andl $0xcfcfcfcf, %edx | |
21776 | + movb %al, %bl | |
21777 | + movb %ah, %cl | |
21778 | + rorl $4, %edx | |
21779 | + movl des_SPtrans(%ebx),%ebp | |
21780 | + movb %dl, %bl | |
21781 | + xorl %ebp, %esi | |
21782 | + movl 0x200+des_SPtrans(%ecx),%ebp | |
21783 | + xorl %ebp, %esi | |
21784 | + movb %dh, %cl | |
21785 | + shrl $16, %eax | |
21786 | + movl 0x100+des_SPtrans(%ebx),%ebp | |
21787 | + xorl %ebp, %esi | |
21788 | + movb %ah, %bl | |
21789 | + shrl $16, %edx | |
21790 | + movl 0x300+des_SPtrans(%ecx),%ebp | |
21791 | + xorl %ebp, %esi | |
21792 | + movl 24(%esp), %ebp | |
21793 | + movb %dh, %cl | |
21794 | + andl $0xff, %eax | |
21795 | + andl $0xff, %edx | |
21796 | + movl 0x600+des_SPtrans(%ebx),%ebx | |
21797 | + xorl %ebx, %esi | |
21798 | + movl 0x700+des_SPtrans(%ecx),%ebx | |
21799 | + xorl %ebx, %esi | |
21800 | + movl 0x400+des_SPtrans(%eax),%ebx | |
21801 | + xorl %ebx, %esi | |
21802 | + movl 0x500+des_SPtrans(%edx),%ebx | |
21803 | + xorl %ebx, %esi | |
21804 | + jmp .L003end | |
21805 | +.L002start_decrypt: | |
21806 | + | |
21807 | + | |
21808 | + movl 120(%ebp), %eax | |
21809 | + xorl %ebx, %ebx | |
21810 | + movl 124(%ebp), %edx | |
21811 | + xorl %esi, %eax | |
21812 | + xorl %esi, %edx | |
21813 | + andl $0xfcfcfcfc, %eax | |
21814 | + andl $0xcfcfcfcf, %edx | |
21815 | + movb %al, %bl | |
21816 | + movb %ah, %cl | |
21817 | + rorl $4, %edx | |
21818 | + movl des_SPtrans(%ebx),%ebp | |
21819 | + movb %dl, %bl | |
21820 | + xorl %ebp, %edi | |
21821 | + movl 0x200+des_SPtrans(%ecx),%ebp | |
21822 | + xorl %ebp, %edi | |
21823 | + movb %dh, %cl | |
21824 | + shrl $16, %eax | |
21825 | + movl 0x100+des_SPtrans(%ebx),%ebp | |
21826 | + xorl %ebp, %edi | |
21827 | + movb %ah, %bl | |
21828 | + shrl $16, %edx | |
21829 | + movl 0x300+des_SPtrans(%ecx),%ebp | |
21830 | + xorl %ebp, %edi | |
21831 | + movl 24(%esp), %ebp | |
21832 | + movb %dh, %cl | |
21833 | + andl $0xff, %eax | |
21834 | + andl $0xff, %edx | |
21835 | + movl 0x600+des_SPtrans(%ebx),%ebx | |
21836 | + xorl %ebx, %edi | |
21837 | + movl 0x700+des_SPtrans(%ecx),%ebx | |
21838 | + xorl %ebx, %edi | |
21839 | + movl 0x400+des_SPtrans(%eax),%ebx | |
21840 | + xorl %ebx, %edi | |
21841 | + movl 0x500+des_SPtrans(%edx),%ebx | |
21842 | + xorl %ebx, %edi | |
21843 | + | |
21844 | + | |
21845 | + movl 112(%ebp), %eax | |
21846 | + xorl %ebx, %ebx | |
21847 | + movl 116(%ebp), %edx | |
21848 | + xorl %edi, %eax | |
21849 | + xorl %edi, %edx | |
21850 | + andl $0xfcfcfcfc, %eax | |
21851 | + andl $0xcfcfcfcf, %edx | |
21852 | + movb %al, %bl | |
21853 | + movb %ah, %cl | |
21854 | + rorl $4, %edx | |
21855 | + movl des_SPtrans(%ebx),%ebp | |
21856 | + movb %dl, %bl | |
21857 | + xorl %ebp, %esi | |
21858 | + movl 0x200+des_SPtrans(%ecx),%ebp | |
21859 | + xorl %ebp, %esi | |
21860 | + movb %dh, %cl | |
21861 | + shrl $16, %eax | |
21862 | + movl 0x100+des_SPtrans(%ebx),%ebp | |
21863 | + xorl %ebp, %esi | |
21864 | + movb %ah, %bl | |
21865 | + shrl $16, %edx | |
21866 | + movl 0x300+des_SPtrans(%ecx),%ebp | |
21867 | + xorl %ebp, %esi | |
21868 | + movl 24(%esp), %ebp | |
21869 | + movb %dh, %cl | |
21870 | + andl $0xff, %eax | |
21871 | + andl $0xff, %edx | |
21872 | + movl 0x600+des_SPtrans(%ebx),%ebx | |
21873 | + xorl %ebx, %esi | |
21874 | + movl 0x700+des_SPtrans(%ecx),%ebx | |
21875 | + xorl %ebx, %esi | |
21876 | + movl 0x400+des_SPtrans(%eax),%ebx | |
21877 | + xorl %ebx, %esi | |
21878 | + movl 0x500+des_SPtrans(%edx),%ebx | |
21879 | + xorl %ebx, %esi | |
21880 | + | |
21881 | + | |
21882 | + movl 104(%ebp), %eax | |
21883 | + xorl %ebx, %ebx | |
21884 | + movl 108(%ebp), %edx | |
21885 | + xorl %esi, %eax | |
21886 | + xorl %esi, %edx | |
21887 | + andl $0xfcfcfcfc, %eax | |
21888 | + andl $0xcfcfcfcf, %edx | |
21889 | + movb %al, %bl | |
21890 | + movb %ah, %cl | |
21891 | + rorl $4, %edx | |
21892 | + movl des_SPtrans(%ebx),%ebp | |
21893 | + movb %dl, %bl | |
21894 | + xorl %ebp, %edi | |
21895 | + movl 0x200+des_SPtrans(%ecx),%ebp | |
21896 | + xorl %ebp, %edi | |
21897 | + movb %dh, %cl | |
21898 | + shrl $16, %eax | |
21899 | + movl 0x100+des_SPtrans(%ebx),%ebp | |
21900 | + xorl %ebp, %edi | |
21901 | + movb %ah, %bl | |
21902 | + shrl $16, %edx | |
21903 | + movl 0x300+des_SPtrans(%ecx),%ebp | |
21904 | + xorl %ebp, %edi | |
21905 | + movl 24(%esp), %ebp | |
21906 | + movb %dh, %cl | |
21907 | + andl $0xff, %eax | |
21908 | + andl $0xff, %edx | |
21909 | + movl 0x600+des_SPtrans(%ebx),%ebx | |
21910 | + xorl %ebx, %edi | |
21911 | + movl 0x700+des_SPtrans(%ecx),%ebx | |
21912 | + xorl %ebx, %edi | |
21913 | + movl 0x400+des_SPtrans(%eax),%ebx | |
21914 | + xorl %ebx, %edi | |
21915 | + movl 0x500+des_SPtrans(%edx),%ebx | |
21916 | + xorl %ebx, %edi | |
21917 | + | |
21918 | + | |
21919 | + movl 96(%ebp), %eax | |
21920 | + xorl %ebx, %ebx | |
21921 | + movl 100(%ebp), %edx | |
21922 | + xorl %edi, %eax | |
21923 | + xorl %edi, %edx | |
21924 | + andl $0xfcfcfcfc, %eax | |
21925 | + andl $0xcfcfcfcf, %edx | |
21926 | + movb %al, %bl | |
21927 | + movb %ah, %cl | |
21928 | + rorl $4, %edx | |
21929 | + movl des_SPtrans(%ebx),%ebp | |
21930 | + movb %dl, %bl | |
21931 | + xorl %ebp, %esi | |
21932 | + movl 0x200+des_SPtrans(%ecx),%ebp | |
21933 | + xorl %ebp, %esi | |
21934 | + movb %dh, %cl | |
21935 | + shrl $16, %eax | |
21936 | + movl 0x100+des_SPtrans(%ebx),%ebp | |
21937 | + xorl %ebp, %esi | |
21938 | + movb %ah, %bl | |
21939 | + shrl $16, %edx | |
21940 | + movl 0x300+des_SPtrans(%ecx),%ebp | |
21941 | + xorl %ebp, %esi | |
21942 | + movl 24(%esp), %ebp | |
21943 | + movb %dh, %cl | |
21944 | + andl $0xff, %eax | |
21945 | + andl $0xff, %edx | |
21946 | + movl 0x600+des_SPtrans(%ebx),%ebx | |
21947 | + xorl %ebx, %esi | |
21948 | + movl 0x700+des_SPtrans(%ecx),%ebx | |
21949 | + xorl %ebx, %esi | |
21950 | + movl 0x400+des_SPtrans(%eax),%ebx | |
21951 | + xorl %ebx, %esi | |
21952 | + movl 0x500+des_SPtrans(%edx),%ebx | |
21953 | + xorl %ebx, %esi | |
21954 | + | |
21955 | + | |
21956 | + movl 88(%ebp), %eax | |
21957 | + xorl %ebx, %ebx | |
21958 | + movl 92(%ebp), %edx | |
21959 | + xorl %esi, %eax | |
21960 | + xorl %esi, %edx | |
21961 | + andl $0xfcfcfcfc, %eax | |
21962 | + andl $0xcfcfcfcf, %edx | |
21963 | + movb %al, %bl | |
21964 | + movb %ah, %cl | |
21965 | + rorl $4, %edx | |
21966 | + movl des_SPtrans(%ebx),%ebp | |
21967 | + movb %dl, %bl | |
21968 | + xorl %ebp, %edi | |
21969 | + movl 0x200+des_SPtrans(%ecx),%ebp | |
21970 | + xorl %ebp, %edi | |
21971 | + movb %dh, %cl | |
21972 | + shrl $16, %eax | |
21973 | + movl 0x100+des_SPtrans(%ebx),%ebp | |
21974 | + xorl %ebp, %edi | |
21975 | + movb %ah, %bl | |
21976 | + shrl $16, %edx | |
21977 | + movl 0x300+des_SPtrans(%ecx),%ebp | |
21978 | + xorl %ebp, %edi | |
21979 | + movl 24(%esp), %ebp | |
21980 | + movb %dh, %cl | |
21981 | + andl $0xff, %eax | |
21982 | + andl $0xff, %edx | |
21983 | + movl 0x600+des_SPtrans(%ebx),%ebx | |
21984 | + xorl %ebx, %edi | |
21985 | + movl 0x700+des_SPtrans(%ecx),%ebx | |
21986 | + xorl %ebx, %edi | |
21987 | + movl 0x400+des_SPtrans(%eax),%ebx | |
21988 | + xorl %ebx, %edi | |
21989 | + movl 0x500+des_SPtrans(%edx),%ebx | |
21990 | + xorl %ebx, %edi | |
21991 | + | |
21992 | + | |
21993 | + movl 80(%ebp), %eax | |
21994 | + xorl %ebx, %ebx | |
21995 | + movl 84(%ebp), %edx | |
21996 | + xorl %edi, %eax | |
21997 | + xorl %edi, %edx | |
21998 | + andl $0xfcfcfcfc, %eax | |
21999 | + andl $0xcfcfcfcf, %edx | |
22000 | + movb %al, %bl | |
22001 | + movb %ah, %cl | |
22002 | + rorl $4, %edx | |
22003 | + movl des_SPtrans(%ebx),%ebp | |
22004 | + movb %dl, %bl | |
22005 | + xorl %ebp, %esi | |
22006 | + movl 0x200+des_SPtrans(%ecx),%ebp | |
22007 | + xorl %ebp, %esi | |
22008 | + movb %dh, %cl | |
22009 | + shrl $16, %eax | |
22010 | + movl 0x100+des_SPtrans(%ebx),%ebp | |
22011 | + xorl %ebp, %esi | |
22012 | + movb %ah, %bl | |
22013 | + shrl $16, %edx | |
22014 | + movl 0x300+des_SPtrans(%ecx),%ebp | |
22015 | + xorl %ebp, %esi | |
22016 | + movl 24(%esp), %ebp | |
22017 | + movb %dh, %cl | |
22018 | + andl $0xff, %eax | |
22019 | + andl $0xff, %edx | |
22020 | + movl 0x600+des_SPtrans(%ebx),%ebx | |
22021 | + xorl %ebx, %esi | |
22022 | + movl 0x700+des_SPtrans(%ecx),%ebx | |
22023 | + xorl %ebx, %esi | |
22024 | + movl 0x400+des_SPtrans(%eax),%ebx | |
22025 | + xorl %ebx, %esi | |
22026 | + movl 0x500+des_SPtrans(%edx),%ebx | |
22027 | + xorl %ebx, %esi | |
22028 | + | |
22029 | + | |
22030 | + movl 72(%ebp), %eax | |
22031 | + xorl %ebx, %ebx | |
22032 | + movl 76(%ebp), %edx | |
22033 | + xorl %esi, %eax | |
22034 | + xorl %esi, %edx | |
22035 | + andl $0xfcfcfcfc, %eax | |
22036 | + andl $0xcfcfcfcf, %edx | |
22037 | + movb %al, %bl | |
22038 | + movb %ah, %cl | |
22039 | + rorl $4, %edx | |
22040 | + movl des_SPtrans(%ebx),%ebp | |
22041 | + movb %dl, %bl | |
22042 | + xorl %ebp, %edi | |
22043 | + movl 0x200+des_SPtrans(%ecx),%ebp | |
22044 | + xorl %ebp, %edi | |
22045 | + movb %dh, %cl | |
22046 | + shrl $16, %eax | |
22047 | + movl 0x100+des_SPtrans(%ebx),%ebp | |
22048 | + xorl %ebp, %edi | |
22049 | + movb %ah, %bl | |
22050 | + shrl $16, %edx | |
22051 | + movl 0x300+des_SPtrans(%ecx),%ebp | |
22052 | + xorl %ebp, %edi | |
22053 | + movl 24(%esp), %ebp | |
22054 | + movb %dh, %cl | |
22055 | + andl $0xff, %eax | |
22056 | + andl $0xff, %edx | |
22057 | + movl 0x600+des_SPtrans(%ebx),%ebx | |
22058 | + xorl %ebx, %edi | |
22059 | + movl 0x700+des_SPtrans(%ecx),%ebx | |
22060 | + xorl %ebx, %edi | |
22061 | + movl 0x400+des_SPtrans(%eax),%ebx | |
22062 | + xorl %ebx, %edi | |
22063 | + movl 0x500+des_SPtrans(%edx),%ebx | |
22064 | + xorl %ebx, %edi | |
22065 | + | |
22066 | + | |
22067 | + movl 64(%ebp), %eax | |
22068 | + xorl %ebx, %ebx | |
22069 | + movl 68(%ebp), %edx | |
22070 | + xorl %edi, %eax | |
22071 | + xorl %edi, %edx | |
22072 | + andl $0xfcfcfcfc, %eax | |
22073 | + andl $0xcfcfcfcf, %edx | |
22074 | + movb %al, %bl | |
22075 | + movb %ah, %cl | |
22076 | + rorl $4, %edx | |
22077 | + movl des_SPtrans(%ebx),%ebp | |
22078 | + movb %dl, %bl | |
22079 | + xorl %ebp, %esi | |
22080 | + movl 0x200+des_SPtrans(%ecx),%ebp | |
22081 | + xorl %ebp, %esi | |
22082 | + movb %dh, %cl | |
22083 | + shrl $16, %eax | |
22084 | + movl 0x100+des_SPtrans(%ebx),%ebp | |
22085 | + xorl %ebp, %esi | |
22086 | + movb %ah, %bl | |
22087 | + shrl $16, %edx | |
22088 | + movl 0x300+des_SPtrans(%ecx),%ebp | |
22089 | + xorl %ebp, %esi | |
22090 | + movl 24(%esp), %ebp | |
22091 | + movb %dh, %cl | |
22092 | + andl $0xff, %eax | |
22093 | + andl $0xff, %edx | |
22094 | + movl 0x600+des_SPtrans(%ebx),%ebx | |
22095 | + xorl %ebx, %esi | |
22096 | + movl 0x700+des_SPtrans(%ecx),%ebx | |
22097 | + xorl %ebx, %esi | |
22098 | + movl 0x400+des_SPtrans(%eax),%ebx | |
22099 | + xorl %ebx, %esi | |
22100 | + movl 0x500+des_SPtrans(%edx),%ebx | |
22101 | + xorl %ebx, %esi | |
22102 | + | |
22103 | + | |
22104 | + movl 56(%ebp), %eax | |
22105 | + xorl %ebx, %ebx | |
22106 | + movl 60(%ebp), %edx | |
22107 | + xorl %esi, %eax | |
22108 | + xorl %esi, %edx | |
22109 | + andl $0xfcfcfcfc, %eax | |
22110 | + andl $0xcfcfcfcf, %edx | |
22111 | + movb %al, %bl | |
22112 | + movb %ah, %cl | |
22113 | + rorl $4, %edx | |
22114 | + movl des_SPtrans(%ebx),%ebp | |
22115 | + movb %dl, %bl | |
22116 | + xorl %ebp, %edi | |
22117 | + movl 0x200+des_SPtrans(%ecx),%ebp | |
22118 | + xorl %ebp, %edi | |
22119 | + movb %dh, %cl | |
22120 | + shrl $16, %eax | |
22121 | + movl 0x100+des_SPtrans(%ebx),%ebp | |
22122 | + xorl %ebp, %edi | |
22123 | + movb %ah, %bl | |
22124 | + shrl $16, %edx | |
22125 | + movl 0x300+des_SPtrans(%ecx),%ebp | |
22126 | + xorl %ebp, %edi | |
22127 | + movl 24(%esp), %ebp | |
22128 | + movb %dh, %cl | |
22129 | + andl $0xff, %eax | |
22130 | + andl $0xff, %edx | |
22131 | + movl 0x600+des_SPtrans(%ebx),%ebx | |
22132 | + xorl %ebx, %edi | |
22133 | + movl 0x700+des_SPtrans(%ecx),%ebx | |
22134 | + xorl %ebx, %edi | |
22135 | + movl 0x400+des_SPtrans(%eax),%ebx | |
22136 | + xorl %ebx, %edi | |
22137 | + movl 0x500+des_SPtrans(%edx),%ebx | |
22138 | + xorl %ebx, %edi | |
22139 | + | |
22140 | + | |
22141 | + movl 48(%ebp), %eax | |
22142 | + xorl %ebx, %ebx | |
22143 | + movl 52(%ebp), %edx | |
22144 | + xorl %edi, %eax | |
22145 | + xorl %edi, %edx | |
22146 | + andl $0xfcfcfcfc, %eax | |
22147 | + andl $0xcfcfcfcf, %edx | |
22148 | + movb %al, %bl | |
22149 | + movb %ah, %cl | |
22150 | + rorl $4, %edx | |
22151 | + movl des_SPtrans(%ebx),%ebp | |
22152 | + movb %dl, %bl | |
22153 | + xorl %ebp, %esi | |
22154 | + movl 0x200+des_SPtrans(%ecx),%ebp | |
22155 | + xorl %ebp, %esi | |
22156 | + movb %dh, %cl | |
22157 | + shrl $16, %eax | |
22158 | + movl 0x100+des_SPtrans(%ebx),%ebp | |
22159 | + xorl %ebp, %esi | |
22160 | + movb %ah, %bl | |
22161 | + shrl $16, %edx | |
22162 | + movl 0x300+des_SPtrans(%ecx),%ebp | |
22163 | + xorl %ebp, %esi | |
22164 | + movl 24(%esp), %ebp | |
22165 | + movb %dh, %cl | |
22166 | + andl $0xff, %eax | |
22167 | + andl $0xff, %edx | |
22168 | + movl 0x600+des_SPtrans(%ebx),%ebx | |
22169 | + xorl %ebx, %esi | |
22170 | + movl 0x700+des_SPtrans(%ecx),%ebx | |
22171 | + xorl %ebx, %esi | |
22172 | + movl 0x400+des_SPtrans(%eax),%ebx | |
22173 | + xorl %ebx, %esi | |
22174 | + movl 0x500+des_SPtrans(%edx),%ebx | |
22175 | + xorl %ebx, %esi | |
22176 | + | |
22177 | + | |
22178 | + movl 40(%ebp), %eax | |
22179 | + xorl %ebx, %ebx | |
22180 | + movl 44(%ebp), %edx | |
22181 | + xorl %esi, %eax | |
22182 | + xorl %esi, %edx | |
22183 | + andl $0xfcfcfcfc, %eax | |
22184 | + andl $0xcfcfcfcf, %edx | |
22185 | + movb %al, %bl | |
22186 | + movb %ah, %cl | |
22187 | + rorl $4, %edx | |
22188 | + movl des_SPtrans(%ebx),%ebp | |
22189 | + movb %dl, %bl | |
22190 | + xorl %ebp, %edi | |
22191 | + movl 0x200+des_SPtrans(%ecx),%ebp | |
22192 | + xorl %ebp, %edi | |
22193 | + movb %dh, %cl | |
22194 | + shrl $16, %eax | |
22195 | + movl 0x100+des_SPtrans(%ebx),%ebp | |
22196 | + xorl %ebp, %edi | |
22197 | + movb %ah, %bl | |
22198 | + shrl $16, %edx | |
22199 | + movl 0x300+des_SPtrans(%ecx),%ebp | |
22200 | + xorl %ebp, %edi | |
22201 | + movl 24(%esp), %ebp | |
22202 | + movb %dh, %cl | |
22203 | + andl $0xff, %eax | |
22204 | + andl $0xff, %edx | |
22205 | + movl 0x600+des_SPtrans(%ebx),%ebx | |
22206 | + xorl %ebx, %edi | |
22207 | + movl 0x700+des_SPtrans(%ecx),%ebx | |
22208 | + xorl %ebx, %edi | |
22209 | + movl 0x400+des_SPtrans(%eax),%ebx | |
22210 | + xorl %ebx, %edi | |
22211 | + movl 0x500+des_SPtrans(%edx),%ebx | |
22212 | + xorl %ebx, %edi | |
22213 | + | |
22214 | + | |
22215 | + movl 32(%ebp), %eax | |
22216 | + xorl %ebx, %ebx | |
22217 | + movl 36(%ebp), %edx | |
22218 | + xorl %edi, %eax | |
22219 | + xorl %edi, %edx | |
22220 | + andl $0xfcfcfcfc, %eax | |
22221 | + andl $0xcfcfcfcf, %edx | |
22222 | + movb %al, %bl | |
22223 | + movb %ah, %cl | |
22224 | + rorl $4, %edx | |
22225 | + movl des_SPtrans(%ebx),%ebp | |
22226 | + movb %dl, %bl | |
22227 | + xorl %ebp, %esi | |
22228 | + movl 0x200+des_SPtrans(%ecx),%ebp | |
22229 | + xorl %ebp, %esi | |
22230 | + movb %dh, %cl | |
22231 | + shrl $16, %eax | |
22232 | + movl 0x100+des_SPtrans(%ebx),%ebp | |
22233 | + xorl %ebp, %esi | |
22234 | + movb %ah, %bl | |
22235 | + shrl $16, %edx | |
22236 | + movl 0x300+des_SPtrans(%ecx),%ebp | |
22237 | + xorl %ebp, %esi | |
22238 | + movl 24(%esp), %ebp | |
22239 | + movb %dh, %cl | |
22240 | + andl $0xff, %eax | |
22241 | + andl $0xff, %edx | |
22242 | + movl 0x600+des_SPtrans(%ebx),%ebx | |
22243 | + xorl %ebx, %esi | |
22244 | + movl 0x700+des_SPtrans(%ecx),%ebx | |
22245 | + xorl %ebx, %esi | |
22246 | + movl 0x400+des_SPtrans(%eax),%ebx | |
22247 | + xorl %ebx, %esi | |
22248 | + movl 0x500+des_SPtrans(%edx),%ebx | |
22249 | + xorl %ebx, %esi | |
22250 | + | |
22251 | + | |
22252 | + movl 24(%ebp), %eax | |
22253 | + xorl %ebx, %ebx | |
22254 | + movl 28(%ebp), %edx | |
22255 | + xorl %esi, %eax | |
22256 | + xorl %esi, %edx | |
22257 | + andl $0xfcfcfcfc, %eax | |
22258 | + andl $0xcfcfcfcf, %edx | |
22259 | + movb %al, %bl | |
22260 | + movb %ah, %cl | |
22261 | + rorl $4, %edx | |
22262 | + movl des_SPtrans(%ebx),%ebp | |
22263 | + movb %dl, %bl | |
22264 | + xorl %ebp, %edi | |
22265 | + movl 0x200+des_SPtrans(%ecx),%ebp | |
22266 | + xorl %ebp, %edi | |
22267 | + movb %dh, %cl | |
22268 | + shrl $16, %eax | |
22269 | + movl 0x100+des_SPtrans(%ebx),%ebp | |
22270 | + xorl %ebp, %edi | |
22271 | + movb %ah, %bl | |
22272 | + shrl $16, %edx | |
22273 | + movl 0x300+des_SPtrans(%ecx),%ebp | |
22274 | + xorl %ebp, %edi | |
22275 | + movl 24(%esp), %ebp | |
22276 | + movb %dh, %cl | |
22277 | + andl $0xff, %eax | |
22278 | + andl $0xff, %edx | |
22279 | + movl 0x600+des_SPtrans(%ebx),%ebx | |
22280 | + xorl %ebx, %edi | |
22281 | + movl 0x700+des_SPtrans(%ecx),%ebx | |
22282 | + xorl %ebx, %edi | |
22283 | + movl 0x400+des_SPtrans(%eax),%ebx | |
22284 | + xorl %ebx, %edi | |
22285 | + movl 0x500+des_SPtrans(%edx),%ebx | |
22286 | + xorl %ebx, %edi | |
22287 | + | |
22288 | + | |
22289 | + movl 16(%ebp), %eax | |
22290 | + xorl %ebx, %ebx | |
22291 | + movl 20(%ebp), %edx | |
22292 | + xorl %edi, %eax | |
22293 | + xorl %edi, %edx | |
22294 | + andl $0xfcfcfcfc, %eax | |
22295 | + andl $0xcfcfcfcf, %edx | |
22296 | + movb %al, %bl | |
22297 | + movb %ah, %cl | |
22298 | + rorl $4, %edx | |
22299 | + movl des_SPtrans(%ebx),%ebp | |
22300 | + movb %dl, %bl | |
22301 | + xorl %ebp, %esi | |
22302 | + movl 0x200+des_SPtrans(%ecx),%ebp | |
22303 | + xorl %ebp, %esi | |
22304 | + movb %dh, %cl | |
22305 | + shrl $16, %eax | |
22306 | + movl 0x100+des_SPtrans(%ebx),%ebp | |
22307 | + xorl %ebp, %esi | |
22308 | + movb %ah, %bl | |
22309 | + shrl $16, %edx | |
22310 | + movl 0x300+des_SPtrans(%ecx),%ebp | |
22311 | + xorl %ebp, %esi | |
22312 | + movl 24(%esp), %ebp | |
22313 | + movb %dh, %cl | |
22314 | + andl $0xff, %eax | |
22315 | + andl $0xff, %edx | |
22316 | + movl 0x600+des_SPtrans(%ebx),%ebx | |
22317 | + xorl %ebx, %esi | |
22318 | + movl 0x700+des_SPtrans(%ecx),%ebx | |
22319 | + xorl %ebx, %esi | |
22320 | + movl 0x400+des_SPtrans(%eax),%ebx | |
22321 | + xorl %ebx, %esi | |
22322 | + movl 0x500+des_SPtrans(%edx),%ebx | |
22323 | + xorl %ebx, %esi | |
22324 | + | |
22325 | + | |
22326 | + movl 8(%ebp), %eax | |
22327 | + xorl %ebx, %ebx | |
22328 | + movl 12(%ebp), %edx | |
22329 | + xorl %esi, %eax | |
22330 | + xorl %esi, %edx | |
22331 | + andl $0xfcfcfcfc, %eax | |
22332 | + andl $0xcfcfcfcf, %edx | |
22333 | + movb %al, %bl | |
22334 | + movb %ah, %cl | |
22335 | + rorl $4, %edx | |
22336 | + movl des_SPtrans(%ebx),%ebp | |
22337 | + movb %dl, %bl | |
22338 | + xorl %ebp, %edi | |
22339 | + movl 0x200+des_SPtrans(%ecx),%ebp | |
22340 | + xorl %ebp, %edi | |
22341 | + movb %dh, %cl | |
22342 | + shrl $16, %eax | |
22343 | + movl 0x100+des_SPtrans(%ebx),%ebp | |
22344 | + xorl %ebp, %edi | |
22345 | + movb %ah, %bl | |
22346 | + shrl $16, %edx | |
22347 | + movl 0x300+des_SPtrans(%ecx),%ebp | |
22348 | + xorl %ebp, %edi | |
22349 | + movl 24(%esp), %ebp | |
22350 | + movb %dh, %cl | |
22351 | + andl $0xff, %eax | |
22352 | + andl $0xff, %edx | |
22353 | + movl 0x600+des_SPtrans(%ebx),%ebx | |
22354 | + xorl %ebx, %edi | |
22355 | + movl 0x700+des_SPtrans(%ecx),%ebx | |
22356 | + xorl %ebx, %edi | |
22357 | + movl 0x400+des_SPtrans(%eax),%ebx | |
22358 | + xorl %ebx, %edi | |
22359 | + movl 0x500+des_SPtrans(%edx),%ebx | |
22360 | + xorl %ebx, %edi | |
22361 | + | |
22362 | + | |
22363 | + movl (%ebp), %eax | |
22364 | + xorl %ebx, %ebx | |
22365 | + movl 4(%ebp), %edx | |
22366 | + xorl %edi, %eax | |
22367 | + xorl %edi, %edx | |
22368 | + andl $0xfcfcfcfc, %eax | |
22369 | + andl $0xcfcfcfcf, %edx | |
22370 | + movb %al, %bl | |
22371 | + movb %ah, %cl | |
22372 | + rorl $4, %edx | |
22373 | + movl des_SPtrans(%ebx),%ebp | |
22374 | + movb %dl, %bl | |
22375 | + xorl %ebp, %esi | |
22376 | + movl 0x200+des_SPtrans(%ecx),%ebp | |
22377 | + xorl %ebp, %esi | |
22378 | + movb %dh, %cl | |
22379 | + shrl $16, %eax | |
22380 | + movl 0x100+des_SPtrans(%ebx),%ebp | |
22381 | + xorl %ebp, %esi | |
22382 | + movb %ah, %bl | |
22383 | + shrl $16, %edx | |
22384 | + movl 0x300+des_SPtrans(%ecx),%ebp | |
22385 | + xorl %ebp, %esi | |
22386 | + movl 24(%esp), %ebp | |
22387 | + movb %dh, %cl | |
22388 | + andl $0xff, %eax | |
22389 | + andl $0xff, %edx | |
22390 | + movl 0x600+des_SPtrans(%ebx),%ebx | |
22391 | + xorl %ebx, %esi | |
22392 | + movl 0x700+des_SPtrans(%ecx),%ebx | |
22393 | + xorl %ebx, %esi | |
22394 | + movl 0x400+des_SPtrans(%eax),%ebx | |
22395 | + xorl %ebx, %esi | |
22396 | + movl 0x500+des_SPtrans(%edx),%ebx | |
22397 | + xorl %ebx, %esi | |
22398 | +.L003end: | |
22399 | + | |
22400 | + | |
22401 | + rorl $3, %edi | |
22402 | + movl 20(%esp), %eax | |
22403 | + rorl $3, %esi | |
22404 | + movl %edi, (%eax) | |
22405 | + movl %esi, 4(%eax) | |
22406 | + popl %ebp | |
22407 | + popl %ebx | |
22408 | + popl %edi | |
22409 | + popl %esi | |
22410 | + ret | |
22411 | +.des_encrypt2_end: | |
22412 | + .size des_encrypt2 , .des_encrypt2_end-des_encrypt2 | |
22413 | +.ident "desasm.pl" | |
22414 | +.text | |
22415 | + .align 16 | |
22416 | +.globl des_encrypt3 | |
22417 | + .type des_encrypt3 , @function | |
22418 | +des_encrypt3: | |
22419 | + pushl %ebx | |
22420 | + movl 8(%esp), %ebx | |
22421 | + pushl %ebp | |
22422 | + pushl %esi | |
22423 | + pushl %edi | |
22424 | + | |
22425 | + | |
22426 | + movl (%ebx), %edi | |
22427 | + movl 4(%ebx), %esi | |
22428 | + subl $12, %esp | |
22429 | + | |
22430 | + | |
22431 | + roll $4, %edi | |
22432 | + movl %edi, %edx | |
22433 | + xorl %esi, %edi | |
22434 | + andl $0xf0f0f0f0, %edi | |
22435 | + xorl %edi, %edx | |
22436 | + xorl %edi, %esi | |
22437 | + | |
22438 | + roll $20, %esi | |
22439 | + movl %esi, %edi | |
22440 | + xorl %edx, %esi | |
22441 | + andl $0xfff0000f, %esi | |
22442 | + xorl %esi, %edi | |
22443 | + xorl %esi, %edx | |
22444 | + | |
22445 | + roll $14, %edi | |
22446 | + movl %edi, %esi | |
22447 | + xorl %edx, %edi | |
22448 | + andl $0x33333333, %edi | |
22449 | + xorl %edi, %esi | |
22450 | + xorl %edi, %edx | |
22451 | + | |
22452 | + roll $22, %edx | |
22453 | + movl %edx, %edi | |
22454 | + xorl %esi, %edx | |
22455 | + andl $0x03fc03fc, %edx | |
22456 | + xorl %edx, %edi | |
22457 | + xorl %edx, %esi | |
22458 | + | |
22459 | + roll $9, %edi | |
22460 | + movl %edi, %edx | |
22461 | + xorl %esi, %edi | |
22462 | + andl $0xaaaaaaaa, %edi | |
22463 | + xorl %edi, %edx | |
22464 | + xorl %edi, %esi | |
22465 | + | |
22466 | + rorl $3, %edx | |
22467 | + rorl $2, %esi | |
22468 | + movl %esi, 4(%ebx) | |
22469 | + movl 36(%esp), %eax | |
22470 | + movl %edx, (%ebx) | |
22471 | + movl 40(%esp), %edi | |
22472 | + movl 44(%esp), %esi | |
22473 | + movl $1, 8(%esp) | |
22474 | + movl %eax, 4(%esp) | |
22475 | + movl %ebx, (%esp) | |
22476 | + call des_encrypt2 | |
22477 | + movl $0, 8(%esp) | |
22478 | + movl %edi, 4(%esp) | |
22479 | + movl %ebx, (%esp) | |
22480 | + call des_encrypt2 | |
22481 | + movl $1, 8(%esp) | |
22482 | + movl %esi, 4(%esp) | |
22483 | + movl %ebx, (%esp) | |
22484 | + call des_encrypt2 | |
22485 | + addl $12, %esp | |
22486 | + movl (%ebx), %edi | |
22487 | + movl 4(%ebx), %esi | |
22488 | + | |
22489 | + | |
22490 | + roll $2, %esi | |
22491 | + roll $3, %edi | |
22492 | + movl %edi, %eax | |
22493 | + xorl %esi, %edi | |
22494 | + andl $0xaaaaaaaa, %edi | |
22495 | + xorl %edi, %eax | |
22496 | + xorl %edi, %esi | |
22497 | + | |
22498 | + roll $23, %eax | |
22499 | + movl %eax, %edi | |
22500 | + xorl %esi, %eax | |
22501 | + andl $0x03fc03fc, %eax | |
22502 | + xorl %eax, %edi | |
22503 | + xorl %eax, %esi | |
22504 | + | |
22505 | + roll $10, %edi | |
22506 | + movl %edi, %eax | |
22507 | + xorl %esi, %edi | |
22508 | + andl $0x33333333, %edi | |
22509 | + xorl %edi, %eax | |
22510 | + xorl %edi, %esi | |
22511 | + | |
22512 | + roll $18, %esi | |
22513 | + movl %esi, %edi | |
22514 | + xorl %eax, %esi | |
22515 | + andl $0xfff0000f, %esi | |
22516 | + xorl %esi, %edi | |
22517 | + xorl %esi, %eax | |
22518 | + | |
22519 | + roll $12, %edi | |
22520 | + movl %edi, %esi | |
22521 | + xorl %eax, %edi | |
22522 | + andl $0xf0f0f0f0, %edi | |
22523 | + xorl %edi, %esi | |
22524 | + xorl %edi, %eax | |
22525 | + | |
22526 | + rorl $4, %eax | |
22527 | + movl %eax, (%ebx) | |
22528 | + movl %esi, 4(%ebx) | |
22529 | + popl %edi | |
22530 | + popl %esi | |
22531 | + popl %ebp | |
22532 | + popl %ebx | |
22533 | + ret | |
22534 | +.des_encrypt3_end: | |
22535 | + .size des_encrypt3 , .des_encrypt3_end-des_encrypt3 | |
22536 | +.ident "desasm.pl" | |
22537 | +.text | |
22538 | + .align 16 | |
22539 | +.globl des_decrypt3 | |
22540 | + .type des_decrypt3 , @function | |
22541 | +des_decrypt3: | |
22542 | + pushl %ebx | |
22543 | + movl 8(%esp), %ebx | |
22544 | + pushl %ebp | |
22545 | + pushl %esi | |
22546 | + pushl %edi | |
22547 | + | |
22548 | + | |
22549 | + movl (%ebx), %edi | |
22550 | + movl 4(%ebx), %esi | |
22551 | + subl $12, %esp | |
22552 | + | |
22553 | + | |
22554 | + roll $4, %edi | |
22555 | + movl %edi, %edx | |
22556 | + xorl %esi, %edi | |
22557 | + andl $0xf0f0f0f0, %edi | |
22558 | + xorl %edi, %edx | |
22559 | + xorl %edi, %esi | |
22560 | + | |
22561 | + roll $20, %esi | |
22562 | + movl %esi, %edi | |
22563 | + xorl %edx, %esi | |
22564 | + andl $0xfff0000f, %esi | |
22565 | + xorl %esi, %edi | |
22566 | + xorl %esi, %edx | |
22567 | + | |
22568 | + roll $14, %edi | |
22569 | + movl %edi, %esi | |
22570 | + xorl %edx, %edi | |
22571 | + andl $0x33333333, %edi | |
22572 | + xorl %edi, %esi | |
22573 | + xorl %edi, %edx | |
22574 | + | |
22575 | + roll $22, %edx | |
22576 | + movl %edx, %edi | |
22577 | + xorl %esi, %edx | |
22578 | + andl $0x03fc03fc, %edx | |
22579 | + xorl %edx, %edi | |
22580 | + xorl %edx, %esi | |
22581 | + | |
22582 | + roll $9, %edi | |
22583 | + movl %edi, %edx | |
22584 | + xorl %esi, %edi | |
22585 | + andl $0xaaaaaaaa, %edi | |
22586 | + xorl %edi, %edx | |
22587 | + xorl %edi, %esi | |
22588 | + | |
22589 | + rorl $3, %edx | |
22590 | + rorl $2, %esi | |
22591 | + movl %esi, 4(%ebx) | |
22592 | + movl 36(%esp), %esi | |
22593 | + movl %edx, (%ebx) | |
22594 | + movl 40(%esp), %edi | |
22595 | + movl 44(%esp), %eax | |
22596 | + movl $0, 8(%esp) | |
22597 | + movl %eax, 4(%esp) | |
22598 | + movl %ebx, (%esp) | |
22599 | + call des_encrypt2 | |
22600 | + movl $1, 8(%esp) | |
22601 | + movl %edi, 4(%esp) | |
22602 | + movl %ebx, (%esp) | |
22603 | + call des_encrypt2 | |
22604 | + movl $0, 8(%esp) | |
22605 | + movl %esi, 4(%esp) | |
22606 | + movl %ebx, (%esp) | |
22607 | + call des_encrypt2 | |
22608 | + addl $12, %esp | |
22609 | + movl (%ebx), %edi | |
22610 | + movl 4(%ebx), %esi | |
22611 | + | |
22612 | + | |
22613 | + roll $2, %esi | |
22614 | + roll $3, %edi | |
22615 | + movl %edi, %eax | |
22616 | + xorl %esi, %edi | |
22617 | + andl $0xaaaaaaaa, %edi | |
22618 | + xorl %edi, %eax | |
22619 | + xorl %edi, %esi | |
22620 | + | |
22621 | + roll $23, %eax | |
22622 | + movl %eax, %edi | |
22623 | + xorl %esi, %eax | |
22624 | + andl $0x03fc03fc, %eax | |
22625 | + xorl %eax, %edi | |
22626 | + xorl %eax, %esi | |
22627 | + | |
22628 | + roll $10, %edi | |
22629 | + movl %edi, %eax | |
22630 | + xorl %esi, %edi | |
22631 | + andl $0x33333333, %edi | |
22632 | + xorl %edi, %eax | |
22633 | + xorl %edi, %esi | |
22634 | + | |
22635 | + roll $18, %esi | |
22636 | + movl %esi, %edi | |
22637 | + xorl %eax, %esi | |
22638 | + andl $0xfff0000f, %esi | |
22639 | + xorl %esi, %edi | |
22640 | + xorl %esi, %eax | |
22641 | + | |
22642 | + roll $12, %edi | |
22643 | + movl %edi, %esi | |
22644 | + xorl %eax, %edi | |
22645 | + andl $0xf0f0f0f0, %edi | |
22646 | + xorl %edi, %esi | |
22647 | + xorl %edi, %eax | |
22648 | + | |
22649 | + rorl $4, %eax | |
22650 | + movl %eax, (%ebx) | |
22651 | + movl %esi, 4(%ebx) | |
22652 | + popl %edi | |
22653 | + popl %esi | |
22654 | + popl %ebp | |
22655 | + popl %ebx | |
22656 | + ret | |
22657 | +.des_decrypt3_end: | |
22658 | + .size des_decrypt3 , .des_decrypt3_end-des_decrypt3 | |
22659 | +.ident "desasm.pl" | |
22660 | +.text | |
22661 | + .align 16 | |
22662 | +.globl des_ncbc_encrypt | |
22663 | + .type des_ncbc_encrypt , @function | |
22664 | +des_ncbc_encrypt: | |
22665 | + | |
22666 | + pushl %ebp | |
22667 | + pushl %ebx | |
22668 | + pushl %esi | |
22669 | + pushl %edi | |
22670 | + movl 28(%esp), %ebp | |
22671 | + | |
22672 | + movl 36(%esp), %ebx | |
22673 | + movl (%ebx), %esi | |
22674 | + movl 4(%ebx), %edi | |
22675 | + pushl %edi | |
22676 | + pushl %esi | |
22677 | + pushl %edi | |
22678 | + pushl %esi | |
22679 | + movl %esp, %ebx | |
22680 | + movl 36(%esp), %esi | |
22681 | + movl 40(%esp), %edi | |
22682 | + | |
22683 | + movl 56(%esp), %ecx | |
22684 | + | |
22685 | + pushl %ecx | |
22686 | + | |
22687 | + movl 52(%esp), %eax | |
22688 | + pushl %eax | |
22689 | + pushl %ebx | |
22690 | + cmpl $0, %ecx | |
22691 | + jz .L004decrypt | |
22692 | + andl $4294967288, %ebp | |
22693 | + movl 12(%esp), %eax | |
22694 | + movl 16(%esp), %ebx | |
22695 | + jz .L005encrypt_finish | |
22696 | +.L006encrypt_loop: | |
22697 | + movl (%esi), %ecx | |
22698 | + movl 4(%esi), %edx | |
22699 | + xorl %ecx, %eax | |
22700 | + xorl %edx, %ebx | |
22701 | + movl %eax, 12(%esp) | |
22702 | + movl %ebx, 16(%esp) | |
22703 | + call des_encrypt | |
22704 | + movl 12(%esp), %eax | |
22705 | + movl 16(%esp), %ebx | |
22706 | + movl %eax, (%edi) | |
22707 | + movl %ebx, 4(%edi) | |
22708 | + addl $8, %esi | |
22709 | + addl $8, %edi | |
22710 | + subl $8, %ebp | |
22711 | + jnz .L006encrypt_loop | |
22712 | +.L005encrypt_finish: | |
22713 | + movl 56(%esp), %ebp | |
22714 | + andl $7, %ebp | |
22715 | + jz .L007finish | |
22716 | + xorl %ecx, %ecx | |
22717 | + xorl %edx, %edx | |
22718 | + movl .L008cbc_enc_jmp_table(,%ebp,4),%ebp | |
22719 | + jmp *%ebp | |
22720 | +.L009ej7: | |
22721 | + movb 6(%esi), %dh | |
22722 | + sall $8, %edx | |
22723 | +.L010ej6: | |
22724 | + movb 5(%esi), %dh | |
22725 | +.L011ej5: | |
22726 | + movb 4(%esi), %dl | |
22727 | +.L012ej4: | |
22728 | + movl (%esi), %ecx | |
22729 | + jmp .L013ejend | |
22730 | +.L014ej3: | |
22731 | + movb 2(%esi), %ch | |
22732 | + sall $8, %ecx | |
22733 | +.L015ej2: | |
22734 | + movb 1(%esi), %ch | |
22735 | +.L016ej1: | |
22736 | + movb (%esi), %cl | |
22737 | +.L013ejend: | |
22738 | + xorl %ecx, %eax | |
22739 | + xorl %edx, %ebx | |
22740 | + movl %eax, 12(%esp) | |
22741 | + movl %ebx, 16(%esp) | |
22742 | + call des_encrypt | |
22743 | + movl 12(%esp), %eax | |
22744 | + movl 16(%esp), %ebx | |
22745 | + movl %eax, (%edi) | |
22746 | + movl %ebx, 4(%edi) | |
22747 | + jmp .L007finish | |
22748 | +.align 16 | |
22749 | +.L004decrypt: | |
22750 | + andl $4294967288, %ebp | |
22751 | + movl 20(%esp), %eax | |
22752 | + movl 24(%esp), %ebx | |
22753 | + jz .L017decrypt_finish | |
22754 | +.L018decrypt_loop: | |
22755 | + movl (%esi), %eax | |
22756 | + movl 4(%esi), %ebx | |
22757 | + movl %eax, 12(%esp) | |
22758 | + movl %ebx, 16(%esp) | |
22759 | + call des_encrypt | |
22760 | + movl 12(%esp), %eax | |
22761 | + movl 16(%esp), %ebx | |
22762 | + movl 20(%esp), %ecx | |
22763 | + movl 24(%esp), %edx | |
22764 | + xorl %eax, %ecx | |
22765 | + xorl %ebx, %edx | |
22766 | + movl (%esi), %eax | |
22767 | + movl 4(%esi), %ebx | |
22768 | + movl %ecx, (%edi) | |
22769 | + movl %edx, 4(%edi) | |
22770 | + movl %eax, 20(%esp) | |
22771 | + movl %ebx, 24(%esp) | |
22772 | + addl $8, %esi | |
22773 | + addl $8, %edi | |
22774 | + subl $8, %ebp | |
22775 | + jnz .L018decrypt_loop | |
22776 | +.L017decrypt_finish: | |
22777 | + movl 56(%esp), %ebp | |
22778 | + andl $7, %ebp | |
22779 | + jz .L007finish | |
22780 | + movl (%esi), %eax | |
22781 | + movl 4(%esi), %ebx | |
22782 | + movl %eax, 12(%esp) | |
22783 | + movl %ebx, 16(%esp) | |
22784 | + call des_encrypt | |
22785 | + movl 12(%esp), %eax | |
22786 | + movl 16(%esp), %ebx | |
22787 | + movl 20(%esp), %ecx | |
22788 | + movl 24(%esp), %edx | |
22789 | + xorl %eax, %ecx | |
22790 | + xorl %ebx, %edx | |
22791 | + movl (%esi), %eax | |
22792 | + movl 4(%esi), %ebx | |
22793 | +.L019dj7: | |
22794 | + rorl $16, %edx | |
22795 | + movb %dl, 6(%edi) | |
22796 | + shrl $16, %edx | |
22797 | +.L020dj6: | |
22798 | + movb %dh, 5(%edi) | |
22799 | +.L021dj5: | |
22800 | + movb %dl, 4(%edi) | |
22801 | +.L022dj4: | |
22802 | + movl %ecx, (%edi) | |
22803 | + jmp .L023djend | |
22804 | +.L024dj3: | |
22805 | + rorl $16, %ecx | |
22806 | + movb %cl, 2(%edi) | |
22807 | + sall $16, %ecx | |
22808 | +.L025dj2: | |
22809 | + movb %ch, 1(%esi) | |
22810 | +.L026dj1: | |
22811 | + movb %cl, (%esi) | |
22812 | +.L023djend: | |
22813 | + jmp .L007finish | |
22814 | +.align 16 | |
22815 | +.L007finish: | |
22816 | + movl 64(%esp), %ecx | |
22817 | + addl $28, %esp | |
22818 | + movl %eax, (%ecx) | |
22819 | + movl %ebx, 4(%ecx) | |
22820 | + popl %edi | |
22821 | + popl %esi | |
22822 | + popl %ebx | |
22823 | + popl %ebp | |
22824 | + ret | |
22825 | +.align 16 | |
22826 | +.L008cbc_enc_jmp_table: | |
22827 | + .long 0 | |
22828 | + .long .L016ej1 | |
22829 | + .long .L015ej2 | |
22830 | + .long .L014ej3 | |
22831 | + .long .L012ej4 | |
22832 | + .long .L011ej5 | |
22833 | + .long .L010ej6 | |
22834 | + .long .L009ej7 | |
22835 | +.align 16 | |
22836 | +.L027cbc_dec_jmp_table: | |
22837 | + .long 0 | |
22838 | + .long .L026dj1 | |
22839 | + .long .L025dj2 | |
22840 | + .long .L024dj3 | |
22841 | + .long .L022dj4 | |
22842 | + .long .L021dj5 | |
22843 | + .long .L020dj6 | |
22844 | + .long .L019dj7 | |
22845 | +.des_ncbc_encrypt_end: | |
22846 | + .size des_ncbc_encrypt , .des_ncbc_encrypt_end-des_ncbc_encrypt | |
22847 | +.ident "desasm.pl" | |
22848 | +.text | |
22849 | + .align 16 | |
22850 | +.globl des_ede3_cbc_encrypt | |
22851 | + .type des_ede3_cbc_encrypt , @function | |
22852 | +des_ede3_cbc_encrypt: | |
22853 | + | |
22854 | + pushl %ebp | |
22855 | + pushl %ebx | |
22856 | + pushl %esi | |
22857 | + pushl %edi | |
22858 | + movl 28(%esp), %ebp | |
22859 | + | |
22860 | + movl 44(%esp), %ebx | |
22861 | + movl (%ebx), %esi | |
22862 | + movl 4(%ebx), %edi | |
22863 | + pushl %edi | |
22864 | + pushl %esi | |
22865 | + pushl %edi | |
22866 | + pushl %esi | |
22867 | + movl %esp, %ebx | |
22868 | + movl 36(%esp), %esi | |
22869 | + movl 40(%esp), %edi | |
22870 | + | |
22871 | + movl 64(%esp), %ecx | |
22872 | + | |
22873 | + movl 56(%esp), %eax | |
22874 | + pushl %eax | |
22875 | + | |
22876 | + movl 56(%esp), %eax | |
22877 | + pushl %eax | |
22878 | + | |
22879 | + movl 56(%esp), %eax | |
22880 | + pushl %eax | |
22881 | + pushl %ebx | |
22882 | + cmpl $0, %ecx | |
22883 | + jz .L028decrypt | |
22884 | + andl $4294967288, %ebp | |
22885 | + movl 16(%esp), %eax | |
22886 | + movl 20(%esp), %ebx | |
22887 | + jz .L029encrypt_finish | |
22888 | +.L030encrypt_loop: | |
22889 | + movl (%esi), %ecx | |
22890 | + movl 4(%esi), %edx | |
22891 | + xorl %ecx, %eax | |
22892 | + xorl %edx, %ebx | |
22893 | + movl %eax, 16(%esp) | |
22894 | + movl %ebx, 20(%esp) | |
22895 | + call des_encrypt3 | |
22896 | + movl 16(%esp), %eax | |
22897 | + movl 20(%esp), %ebx | |
22898 | + movl %eax, (%edi) | |
22899 | + movl %ebx, 4(%edi) | |
22900 | + addl $8, %esi | |
22901 | + addl $8, %edi | |
22902 | + subl $8, %ebp | |
22903 | + jnz .L030encrypt_loop | |
22904 | +.L029encrypt_finish: | |
22905 | + movl 60(%esp), %ebp | |
22906 | + andl $7, %ebp | |
22907 | + jz .L031finish | |
22908 | + xorl %ecx, %ecx | |
22909 | + xorl %edx, %edx | |
22910 | + movl .L032cbc_enc_jmp_table(,%ebp,4),%ebp | |
22911 | + jmp *%ebp | |
22912 | +.L033ej7: | |
22913 | + movb 6(%esi), %dh | |
22914 | + sall $8, %edx | |
22915 | +.L034ej6: | |
22916 | + movb 5(%esi), %dh | |
22917 | +.L035ej5: | |
22918 | + movb 4(%esi), %dl | |
22919 | +.L036ej4: | |
22920 | + movl (%esi), %ecx | |
22921 | + jmp .L037ejend | |
22922 | +.L038ej3: | |
22923 | + movb 2(%esi), %ch | |
22924 | + sall $8, %ecx | |
22925 | +.L039ej2: | |
22926 | + movb 1(%esi), %ch | |
22927 | +.L040ej1: | |
22928 | + movb (%esi), %cl | |
22929 | +.L037ejend: | |
22930 | + xorl %ecx, %eax | |
22931 | + xorl %edx, %ebx | |
22932 | + movl %eax, 16(%esp) | |
22933 | + movl %ebx, 20(%esp) | |
22934 | + call des_encrypt3 | |
22935 | + movl 16(%esp), %eax | |
22936 | + movl 20(%esp), %ebx | |
22937 | + movl %eax, (%edi) | |
22938 | + movl %ebx, 4(%edi) | |
22939 | + jmp .L031finish | |
22940 | +.align 16 | |
22941 | +.L028decrypt: | |
22942 | + andl $4294967288, %ebp | |
22943 | + movl 24(%esp), %eax | |
22944 | + movl 28(%esp), %ebx | |
22945 | + jz .L041decrypt_finish | |
22946 | +.L042decrypt_loop: | |
22947 | + movl (%esi), %eax | |
22948 | + movl 4(%esi), %ebx | |
22949 | + movl %eax, 16(%esp) | |
22950 | + movl %ebx, 20(%esp) | |
22951 | + call des_decrypt3 | |
22952 | + movl 16(%esp), %eax | |
22953 | + movl 20(%esp), %ebx | |
22954 | + movl 24(%esp), %ecx | |
22955 | + movl 28(%esp), %edx | |
22956 | + xorl %eax, %ecx | |
22957 | + xorl %ebx, %edx | |
22958 | + movl (%esi), %eax | |
22959 | + movl 4(%esi), %ebx | |
22960 | + movl %ecx, (%edi) | |
22961 | + movl %edx, 4(%edi) | |
22962 | + movl %eax, 24(%esp) | |
22963 | + movl %ebx, 28(%esp) | |
22964 | + addl $8, %esi | |
22965 | + addl $8, %edi | |
22966 | + subl $8, %ebp | |
22967 | + jnz .L042decrypt_loop | |
22968 | +.L041decrypt_finish: | |
22969 | + movl 60(%esp), %ebp | |
22970 | + andl $7, %ebp | |
22971 | + jz .L031finish | |
22972 | + movl (%esi), %eax | |
22973 | + movl 4(%esi), %ebx | |
22974 | + movl %eax, 16(%esp) | |
22975 | + movl %ebx, 20(%esp) | |
22976 | + call des_decrypt3 | |
22977 | + movl 16(%esp), %eax | |
22978 | + movl 20(%esp), %ebx | |
22979 | + movl 24(%esp), %ecx | |
22980 | + movl 28(%esp), %edx | |
22981 | + xorl %eax, %ecx | |
22982 | + xorl %ebx, %edx | |
22983 | + movl (%esi), %eax | |
22984 | + movl 4(%esi), %ebx | |
22985 | +.L043dj7: | |
22986 | + rorl $16, %edx | |
22987 | + movb %dl, 6(%edi) | |
22988 | + shrl $16, %edx | |
22989 | +.L044dj6: | |
22990 | + movb %dh, 5(%edi) | |
22991 | +.L045dj5: | |
22992 | + movb %dl, 4(%edi) | |
22993 | +.L046dj4: | |
22994 | + movl %ecx, (%edi) | |
22995 | + jmp .L047djend | |
22996 | +.L048dj3: | |
22997 | + rorl $16, %ecx | |
22998 | + movb %cl, 2(%edi) | |
22999 | + sall $16, %ecx | |
23000 | +.L049dj2: | |
23001 | + movb %ch, 1(%esi) | |
23002 | +.L050dj1: | |
23003 | + movb %cl, (%esi) | |
23004 | +.L047djend: | |
23005 | + jmp .L031finish | |
23006 | +.align 16 | |
23007 | +.L031finish: | |
23008 | + movl 76(%esp), %ecx | |
23009 | + addl $32, %esp | |
23010 | + movl %eax, (%ecx) | |
23011 | + movl %ebx, 4(%ecx) | |
23012 | + popl %edi | |
23013 | + popl %esi | |
23014 | + popl %ebx | |
23015 | + popl %ebp | |
23016 | + ret | |
23017 | +.align 16 | |
23018 | +.L032cbc_enc_jmp_table: | |
23019 | + .long 0 | |
23020 | + .long .L040ej1 | |
23021 | + .long .L039ej2 | |
23022 | + .long .L038ej3 | |
23023 | + .long .L036ej4 | |
23024 | + .long .L035ej5 | |
23025 | + .long .L034ej6 | |
23026 | + .long .L033ej7 | |
23027 | +.align 16 | |
23028 | +.L051cbc_dec_jmp_table: | |
23029 | + .long 0 | |
23030 | + .long .L050dj1 | |
23031 | + .long .L049dj2 | |
23032 | + .long .L048dj3 | |
23033 | + .long .L046dj4 | |
23034 | + .long .L045dj5 | |
23035 | + .long .L044dj6 | |
23036 | + .long .L043dj7 | |
23037 | +.des_ede3_cbc_encrypt_end: | |
23038 | + .size des_ede3_cbc_encrypt , .des_ede3_cbc_encrypt_end-des_ede3_cbc_encrypt | |
23039 | +.ident "desasm.pl" | |
23040 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
23041 | +++ linux/net/ipsec/des/ecb_enc.c Mon Feb 9 13:51:03 2004 | |
23042 | @@ -0,0 +1,128 @@ | |
23043 | +/* crypto/des/ecb_enc.c */ | |
23044 | +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) | |
23045 | + * All rights reserved. | |
23046 | + * | |
23047 | + * This package is an SSL implementation written | |
23048 | + * by Eric Young (eay@cryptsoft.com). | |
23049 | + * The implementation was written so as to conform with Netscapes SSL. | |
23050 | + * | |
23051 | + * This library is free for commercial and non-commercial use as long as | |
23052 | + * the following conditions are aheared to. The following conditions | |
23053 | + * apply to all code found in this distribution, be it the RC4, RSA, | |
23054 | + * lhash, DES, etc., code; not just the SSL code. The SSL documentation | |
23055 | + * included with this distribution is covered by the same copyright terms | |
23056 | + * except that the holder is Tim Hudson (tjh@cryptsoft.com). | |
23057 | + * | |
23058 | + * Copyright remains Eric Young's, and as such any Copyright notices in | |
23059 | + * the code are not to be removed. | |
23060 | + * If this package is used in a product, Eric Young should be given attribution | |
23061 | + * as the author of the parts of the library used. | |
23062 | + * This can be in the form of a textual message at program startup or | |
23063 | + * in documentation (online or textual) provided with the package. | |
23064 | + * | |
23065 | + * Redistribution and use in source and binary forms, with or without | |
23066 | + * modification, are permitted provided that the following conditions | |
23067 | + * are met: | |
23068 | + * 1. Redistributions of source code must retain the copyright | |
23069 | + * notice, this list of conditions and the following disclaimer. | |
23070 | + * 2. Redistributions in binary form must reproduce the above copyright | |
23071 | + * notice, this list of conditions and the following disclaimer in the | |
23072 | + * documentation and/or other materials provided with the distribution. | |
23073 | + * 3. All advertising materials mentioning features or use of this software | |
23074 | + * must display the following acknowledgement: | |
23075 | + * "This product includes cryptographic software written by | |
23076 | + * Eric Young (eay@cryptsoft.com)" | |
23077 | + * The word 'cryptographic' can be left out if the rouines from the library | |
23078 | + * being used are not cryptographic related :-). | |
23079 | + * 4. If you include any Windows specific code (or a derivative thereof) from | |
23080 | + * the apps directory (application code) you must include an acknowledgement: | |
23081 | + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | |
23082 | + * | |
23083 | + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | |
23084 | + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
23085 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
23086 | + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |
23087 | + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
23088 | + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
23089 | + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
23090 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
23091 | + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
23092 | + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
23093 | + * SUCH DAMAGE. | |
23094 | + * | |
23095 | + * The licence and distribution terms for any publically available version or | |
23096 | + * derivative of this code cannot be changed. i.e. this code cannot simply be | |
23097 | + * copied and put under another distribution licence | |
23098 | + * [including the GNU Public Licence.] | |
23099 | + */ | |
23100 | + | |
23101 | +#include "des/des_locl.h" | |
23102 | +#include "des/spr.h" | |
23103 | + | |
23104 | +char *libdes_version="libdes v 3.24 - 20-Apr-1996 - eay"; | |
23105 | +char *DES_version="DES part of SSLeay 0.8.2b 08-Jan-1998"; | |
23106 | + | |
23107 | +/* RCSID $Id: ecb_enc.c,v 1.8 2004/08/04 15:57:22 mcr Exp $ */ | |
23108 | +/* This function ifdef'ed out for FreeS/WAN project. */ | |
23109 | +#ifdef notdef | |
23110 | +char *des_options() | |
23111 | + { | |
23112 | + static int init=1; | |
23113 | + static char buf[32]; | |
23114 | + | |
23115 | + if (init) | |
23116 | + { | |
23117 | + char *ptr,*unroll,*risc,*size; | |
23118 | + | |
23119 | + init=0; | |
23120 | +#ifdef DES_PTR | |
23121 | + ptr="ptr"; | |
23122 | +#else | |
23123 | + ptr="idx"; | |
23124 | +#endif | |
23125 | +#if defined(DES_RISC1) || defined(DES_RISC2) | |
23126 | +#ifdef DES_RISC1 | |
23127 | + risc="risc1"; | |
23128 | +#endif | |
23129 | +#ifdef DES_RISC2 | |
23130 | + risc="risc2"; | |
23131 | +#endif | |
23132 | +#else | |
23133 | + risc="cisc"; | |
23134 | +#endif | |
23135 | +#ifdef DES_UNROLL | |
23136 | + unroll="16"; | |
23137 | +#else | |
23138 | + unroll="4"; | |
23139 | +#endif | |
23140 | + if (sizeof(DES_LONG) != sizeof(long)) | |
23141 | + size="int"; | |
23142 | + else | |
23143 | + size="long"; | |
23144 | + sprintf(buf,"des(%s,%s,%s,%s)",ptr,risc,unroll,size); | |
23145 | + } | |
23146 | + return(buf); | |
23147 | + } | |
23148 | +#endif | |
23149 | + | |
23150 | + | |
23151 | +void des_ecb_encrypt(input, output, ks, enc) | |
23152 | +des_cblock (*input); | |
23153 | +des_cblock (*output); | |
23154 | +des_key_schedule ks; | |
23155 | +int enc; | |
23156 | + { | |
23157 | + register DES_LONG l; | |
23158 | + register unsigned char *in,*out; | |
23159 | + DES_LONG ll[2]; | |
23160 | + | |
23161 | + in=(unsigned char *)input; | |
23162 | + out=(unsigned char *)output; | |
23163 | + c2l(in,l); ll[0]=l; | |
23164 | + c2l(in,l); ll[1]=l; | |
23165 | + des_encrypt(ll,ks,enc); | |
23166 | + l=ll[0]; l2c(l,out); | |
23167 | + l=ll[1]; l2c(l,out); | |
23168 | + l=ll[0]=ll[1]=0; | |
23169 | + } | |
23170 | + | |
23171 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
23172 | +++ linux/net/ipsec/des/ipsec_alg_3des.c Mon Feb 9 13:51:03 2004 | |
23173 | @@ -0,0 +1,181 @@ | |
23174 | +/* | |
23175 | + * ipsec_alg 3DES cipher stubs | |
23176 | + * | |
23177 | + * Copyright (C) 2005 Michael Richardson <mcr@xelerance.com> | |
23178 | + * | |
23179 | + * Adapted from ipsec_alg_aes.c by JuanJo Ciarlante <jjo-ipsec@mendoza.gov.ar> | |
23180 | + * | |
23181 | + * ipsec_alg_aes.c,v 1.1.2.1 2003/11/21 18:12:23 jjo Exp | |
23182 | + * | |
23183 | + * This program is free software; you can redistribute it and/or modify it | |
23184 | + * under the terms of the GNU General Public License as published by the | |
23185 | + * Free Software Foundation; either version 2 of the License, or (at your | |
23186 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
23187 | + * | |
23188 | + * This program is distributed in the hope that it will be useful, but | |
23189 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
23190 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
23191 | + * for more details. | |
23192 | + * | |
23193 | + */ | |
23194 | +#ifndef AUTOCONF_INCLUDED | |
23195 | +#include <linux/config.h> | |
23196 | +#endif | |
23197 | +#include <linux/version.h> | |
23198 | + | |
23199 | +/* | |
23200 | + * special case: ipsec core modular with this static algo inside: | |
23201 | + * must avoid MODULE magic for this file | |
23202 | + */ | |
23203 | +#if defined(CONFIG_KLIPS_MODULE) && defined(CONFIG_KLIPS_ENC_3DES) | |
23204 | +#undef MODULE | |
23205 | +#endif | |
23206 | + | |
23207 | +#include <linux/module.h> | |
23208 | +#include <linux/init.h> | |
23209 | + | |
23210 | +#include <linux/kernel.h> /* printk() */ | |
23211 | +#include <linux/errno.h> /* error codes */ | |
23212 | +#include <linux/types.h> /* size_t */ | |
23213 | +#include <linux/string.h> | |
23214 | + | |
23215 | +/* Low freeswan header coupling */ | |
23216 | +#include "openswan/ipsec_xform.h" | |
23217 | +#include "openswan/ipsec_alg.h" | |
23218 | +#include "crypto/des.h" | |
23219 | +#include "openswan/ipsec_alg_3des.h" | |
23220 | + | |
23221 | +#define AES_CONTEXT_T aes_context | |
23222 | +static int debug_3des=0; | |
23223 | +static int test_3des=0; | |
23224 | +static int excl_3des=0; | |
23225 | + | |
23226 | +#if defined(CONFIG_KLIPS_ENC_3DES_MODULE) | |
23227 | +MODULE_AUTHOR("Michael Richardson <mcr@xelerance.com>"); | |
23228 | +#ifdef module_param | |
23229 | +module_param(debug_3des,int,0600) | |
23230 | +module_param(test_des,int,0600) | |
23231 | +module_param(excl_des,int,0600) | |
23232 | +#else | |
23233 | +MODULE_PARM(debug_3des, "i"); | |
23234 | +MODULE_PARM(test_des, "i"); | |
23235 | +MODULE_PARM(excl_des, "i"); | |
23236 | +#endif | |
23237 | +#endif | |
23238 | + | |
23239 | +#define ESP_AES_MAC_KEY_SZ 16 /* 128 bit MAC key */ | |
23240 | +#define ESP_AES_MAC_BLK_LEN 16 /* 128 bit block */ | |
23241 | + | |
23242 | +static int _3des_set_key(struct ipsec_alg_enc *alg, | |
23243 | + __u8 * key_e, const __u8 * key, | |
23244 | + size_t keysize) | |
23245 | +{ | |
23246 | + int ret = 0; | |
23247 | + TripleDES_context *ctx = (TripleDES_context*)key_e; | |
23248 | + | |
23249 | + if(keysize != 192/8) { | |
23250 | + return EINVAL; | |
23251 | + } | |
23252 | + | |
23253 | + des_set_key((des_cblock *)(key + DES_KEY_SZ*0), ctx->s1); | |
23254 | + des_set_key((des_cblock *)(key + DES_KEY_SZ*1), ctx->s2); | |
23255 | + des_set_key((des_cblock *)(key + DES_KEY_SZ*2), ctx->s3); | |
23256 | + | |
23257 | + if (debug_3des > 0) | |
23258 | + printk(KERN_DEBUG "klips_debug:_3des_set_key:" | |
23259 | + "ret=%d key_e=%p key=%p keysize=%ld\n", | |
23260 | + ret, key_e, key, (unsigned long int) keysize); | |
23261 | + return ret; | |
23262 | +} | |
23263 | + | |
23264 | +static int _3des_cbc_encrypt(struct ipsec_alg_enc *alg, | |
23265 | + __u8 * key_e, | |
23266 | + __u8 * in, | |
23267 | + int ilen, const __u8 * iv, | |
23268 | + int encrypt) | |
23269 | +{ | |
23270 | + TripleDES_context *ctx=(TripleDES_context*)key_e; | |
23271 | + des_cblock miv; | |
23272 | + | |
23273 | + memcpy(&miv, iv, sizeof(miv)); | |
23274 | + | |
23275 | + if (debug_3des > 0) | |
23276 | + printk(KERN_DEBUG "klips_debug:_aes_cbc_encrypt:" | |
23277 | + "key_e=%p in=%p ilen=%d iv=%p encrypt=%d\n", | |
23278 | + key_e, in, ilen, iv, encrypt); | |
23279 | + | |
23280 | + des_ede3_cbc_encrypt((des_cblock *)in, | |
23281 | + (des_cblock *)in, | |
23282 | + ilen, | |
23283 | + ctx->s1, | |
23284 | + ctx->s2, | |
23285 | + ctx->s3, | |
23286 | + &miv, encrypt); | |
23287 | + return 1; | |
23288 | +} | |
23289 | + | |
23290 | +static struct ipsec_alg_enc ipsec_alg_3DES = { | |
23291 | + ixt_common: { ixt_version: IPSEC_ALG_VERSION, | |
23292 | + ixt_refcnt: ATOMIC_INIT(0), | |
23293 | + ixt_name: "3des", | |
23294 | + ixt_blocksize: ESP_3DES_CBC_BLK_LEN, | |
23295 | + ixt_support: { | |
23296 | + ias_exttype: IPSEC_ALG_TYPE_ENCRYPT, | |
23297 | + ias_id: ESP_3DES, | |
23298 | + ias_keyminbits: ESP_3DES_KEY_SZ*8, | |
23299 | + ias_keymaxbits: ESP_3DES_KEY_SZ*8, | |
23300 | + }, | |
23301 | + }, | |
23302 | +#if defined(MODULE_KLIPS_ENC_3DES_MODULE) | |
23303 | + ixt_module: THIS_MODULE, | |
23304 | +#endif | |
23305 | + ixt_e_keylen: ESP_3DES_KEY_SZ*8, | |
23306 | + ixt_e_ctx_size: sizeof(TripleDES_context), | |
23307 | + ixt_e_set_key: _3des_set_key, | |
23308 | + ixt_e_cbc_encrypt:_3des_cbc_encrypt, | |
23309 | +}; | |
23310 | + | |
23311 | +#if defined(CONFIG_KLIPS_ENC_3DES_MODULE) | |
23312 | +IPSEC_ALG_MODULE_INIT_MOD( ipsec_3des_init ) | |
23313 | +#else | |
23314 | +IPSEC_ALG_MODULE_INIT_STATIC( ipsec_3des_init ) | |
23315 | +#endif | |
23316 | +{ | |
23317 | + int ret, test_ret; | |
23318 | + | |
23319 | + if (excl_3des) ipsec_alg_3DES.ixt_common.ixt_state |= IPSEC_ALG_ST_EXCL; | |
23320 | + ret=register_ipsec_alg_enc(&ipsec_alg_3DES); | |
23321 | + printk("ipsec_3des_init(alg_type=%d alg_id=%d name=%s): ret=%d\n", | |
23322 | + ipsec_alg_3DES.ixt_common.ixt_support.ias_exttype, | |
23323 | + ipsec_alg_3DES.ixt_common.ixt_support.ias_id, | |
23324 | + ipsec_alg_3DES.ixt_common.ixt_name, | |
23325 | + ret); | |
23326 | + if (ret==0 && test_3des) { | |
23327 | + test_ret=ipsec_alg_test( | |
23328 | + ipsec_alg_3DES.ixt_common.ixt_support.ias_exttype, | |
23329 | + ipsec_alg_3DES.ixt_common.ixt_support.ias_id, | |
23330 | + test_3des); | |
23331 | + printk("ipsec_aes_init(alg_type=%d alg_id=%d): test_ret=%d\n", | |
23332 | + ipsec_alg_3DES.ixt_common.ixt_support.ias_exttype, | |
23333 | + ipsec_alg_3DES.ixt_common.ixt_support.ias_id, | |
23334 | + test_ret); | |
23335 | + } | |
23336 | + return ret; | |
23337 | +} | |
23338 | + | |
23339 | +#if defined(CONFIG_KLIPS_ENC_3DES_MODULE) | |
23340 | +IPSEC_ALG_MODULE_EXIT_MOD( ipsec_3des_fini ) | |
23341 | +#else | |
23342 | +IPSEC_ALG_MODULE_EXIT_STATIC( ipsec_3des_fini ) | |
23343 | +#endif | |
23344 | +{ | |
23345 | + unregister_ipsec_alg_enc(&ipsec_alg_3DES); | |
23346 | + return; | |
23347 | +} | |
23348 | + | |
23349 | +/* Dual, because 3des code is 4-clause BSD licensed */ | |
23350 | +#ifdef MODULE_LICENSE | |
23351 | +MODULE_LICENSE("Dual BSD/GPL"); | |
23352 | +#endif | |
23353 | + | |
23354 | + | |
23355 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
23356 | +++ linux/net/ipsec/des/set_key.c Mon Feb 9 13:51:03 2004 | |
23357 | @@ -0,0 +1,246 @@ | |
23358 | +/* crypto/des/set_key.c */ | |
23359 | +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) | |
23360 | + * All rights reserved. | |
23361 | + * | |
23362 | + * This package is an SSL implementation written | |
23363 | + * by Eric Young (eay@cryptsoft.com). | |
23364 | + * The implementation was written so as to conform with Netscapes SSL. | |
23365 | + * | |
23366 | + * This library is free for commercial and non-commercial use as long as | |
23367 | + * the following conditions are aheared to. The following conditions | |
23368 | + * apply to all code found in this distribution, be it the RC4, RSA, | |
23369 | + * lhash, DES, etc., code; not just the SSL code. The SSL documentation | |
23370 | + * included with this distribution is covered by the same copyright terms | |
23371 | + * except that the holder is Tim Hudson (tjh@cryptsoft.com). | |
23372 | + * | |
23373 | + * Copyright remains Eric Young's, and as such any Copyright notices in | |
23374 | + * the code are not to be removed. | |
23375 | + * If this package is used in a product, Eric Young should be given attribution | |
23376 | + * as the author of the parts of the library used. | |
23377 | + * This can be in the form of a textual message at program startup or | |
23378 | + * in documentation (online or textual) provided with the package. | |
23379 | + * | |
23380 | + * Redistribution and use in source and binary forms, with or without | |
23381 | + * modification, are permitted provided that the following conditions | |
23382 | + * are met: | |
23383 | + * 1. Redistributions of source code must retain the copyright | |
23384 | + * notice, this list of conditions and the following disclaimer. | |
23385 | + * 2. Redistributions in binary form must reproduce the above copyright | |
23386 | + * notice, this list of conditions and the following disclaimer in the | |
23387 | + * documentation and/or other materials provided with the distribution. | |
23388 | + * 3. All advertising materials mentioning features or use of this software | |
23389 | + * must display the following acknowledgement: | |
23390 | + * "This product includes cryptographic software written by | |
23391 | + * Eric Young (eay@cryptsoft.com)" | |
23392 | + * The word 'cryptographic' can be left out if the rouines from the library | |
23393 | + * being used are not cryptographic related :-). | |
23394 | + * 4. If you include any Windows specific code (or a derivative thereof) from | |
23395 | + * the apps directory (application code) you must include an acknowledgement: | |
23396 | + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | |
23397 | + * | |
23398 | + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | |
23399 | + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
23400 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
23401 | + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |
23402 | + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
23403 | + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
23404 | + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
23405 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
23406 | + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
23407 | + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
23408 | + * SUCH DAMAGE. | |
23409 | + * | |
23410 | + * The licence and distribution terms for any publically available version or | |
23411 | + * derivative of this code cannot be changed. i.e. this code cannot simply be | |
23412 | + * copied and put under another distribution licence | |
23413 | + * [including the GNU Public Licence.] | |
23414 | + */ | |
23415 | + | |
23416 | +/* set_key.c v 1.4 eay 24/9/91 | |
23417 | + * 1.4 Speed up by 400% :-) | |
23418 | + * 1.3 added register declarations. | |
23419 | + * 1.2 unrolled make_key_sched a bit more | |
23420 | + * 1.1 added norm_expand_bits | |
23421 | + * 1.0 First working version | |
23422 | + */ | |
23423 | +#include "des/des_locl.h" | |
23424 | +#include "des/podd.h" | |
23425 | +#include "des/sk.h" | |
23426 | + | |
23427 | +#ifndef NOPROTO | |
23428 | +static int check_parity(des_cblock (*key)); | |
23429 | +#else | |
23430 | +static int check_parity(); | |
23431 | +#endif | |
23432 | + | |
23433 | +int des_check_key=0; | |
23434 | + | |
23435 | +void des_set_odd_parity(key) | |
23436 | +des_cblock (*key); | |
23437 | + { | |
23438 | + int i; | |
23439 | + | |
23440 | + for (i=0; i<DES_KEY_SZ; i++) | |
23441 | + (*key)[i]=odd_parity[(*key)[i]]; | |
23442 | + } | |
23443 | + | |
23444 | +static int check_parity(key) | |
23445 | +des_cblock (*key); | |
23446 | + { | |
23447 | + int i; | |
23448 | + | |
23449 | + for (i=0; i<DES_KEY_SZ; i++) | |
23450 | + { | |
23451 | + if ((*key)[i] != odd_parity[(*key)[i]]) | |
23452 | + return(0); | |
23453 | + } | |
23454 | + return(1); | |
23455 | + } | |
23456 | + | |
23457 | +/* Weak and semi week keys as take from | |
23458 | + * %A D.W. Davies | |
23459 | + * %A W.L. Price | |
23460 | + * %T Security for Computer Networks | |
23461 | + * %I John Wiley & Sons | |
23462 | + * %D 1984 | |
23463 | + * Many thanks to smb@ulysses.att.com (Steven Bellovin) for the reference | |
23464 | + * (and actual cblock values). | |
23465 | + */ | |
23466 | +#define NUM_WEAK_KEY 16 | |
23467 | +static des_cblock weak_keys[NUM_WEAK_KEY]={ | |
23468 | + /* weak keys */ | |
23469 | + {0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01}, | |
23470 | + {0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE}, | |
23471 | + {0x1F,0x1F,0x1F,0x1F,0x1F,0x1F,0x1F,0x1F}, | |
23472 | + {0xE0,0xE0,0xE0,0xE0,0xE0,0xE0,0xE0,0xE0}, | |
23473 | + /* semi-weak keys */ | |
23474 | + {0x01,0xFE,0x01,0xFE,0x01,0xFE,0x01,0xFE}, | |
23475 | + {0xFE,0x01,0xFE,0x01,0xFE,0x01,0xFE,0x01}, | |
23476 | + {0x1F,0xE0,0x1F,0xE0,0x0E,0xF1,0x0E,0xF1}, | |
23477 | + {0xE0,0x1F,0xE0,0x1F,0xF1,0x0E,0xF1,0x0E}, | |
23478 | + {0x01,0xE0,0x01,0xE0,0x01,0xF1,0x01,0xF1}, | |
23479 | + {0xE0,0x01,0xE0,0x01,0xF1,0x01,0xF1,0x01}, | |
23480 | + {0x1F,0xFE,0x1F,0xFE,0x0E,0xFE,0x0E,0xFE}, | |
23481 | + {0xFE,0x1F,0xFE,0x1F,0xFE,0x0E,0xFE,0x0E}, | |
23482 | + {0x01,0x1F,0x01,0x1F,0x01,0x0E,0x01,0x0E}, | |
23483 | + {0x1F,0x01,0x1F,0x01,0x0E,0x01,0x0E,0x01}, | |
23484 | + {0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE}, | |
23485 | + {0xFE,0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1}}; | |
23486 | + | |
23487 | +int des_is_weak_key(key) | |
23488 | +des_cblock (*key); | |
23489 | + { | |
23490 | + int i; | |
23491 | + | |
23492 | + for (i=0; i<NUM_WEAK_KEY; i++) | |
23493 | + /* Added == 0 to comparision, I obviously don't run | |
23494 | + * this section very often :-(, thanks to | |
23495 | + * engineering@MorningStar.Com for the fix | |
23496 | + * eay 93/06/29 | |
23497 | + * Another problem, I was comparing only the first 4 | |
23498 | + * bytes, 97/03/18 */ | |
23499 | + if (memcmp(weak_keys[i],key,sizeof(des_cblock)) == 0) return(1); | |
23500 | + return(0); | |
23501 | + } | |
23502 | + | |
23503 | +/* NOW DEFINED IN des_local.h | |
23504 | + * See ecb_encrypt.c for a pseudo description of these macros. | |
23505 | + * #define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\ | |
23506 | + * (b)^=(t),\ | |
23507 | + * (a)=((a)^((t)<<(n)))) | |
23508 | + */ | |
23509 | + | |
23510 | +#define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\ | |
23511 | + (a)=(a)^(t)^(t>>(16-(n)))) | |
23512 | + | |
23513 | +/* return 0 if key parity is odd (correct), | |
23514 | + * return -1 if key parity error, | |
23515 | + * return -2 if illegal weak key. | |
23516 | + */ | |
23517 | +int des_set_key(key, schedule) | |
23518 | +des_cblock (*key); | |
23519 | +des_key_schedule schedule; | |
23520 | + { | |
23521 | + static int shifts2[16]={0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0}; | |
23522 | + register DES_LONG c,d,t,s,t2; | |
23523 | + register unsigned char *in; | |
23524 | + register DES_LONG *k; | |
23525 | + register int i; | |
23526 | + | |
23527 | + if (des_check_key) | |
23528 | + { | |
23529 | + if (!check_parity(key)) | |
23530 | + return(-1); | |
23531 | + | |
23532 | + if (des_is_weak_key(key)) | |
23533 | + return(-2); | |
23534 | + } | |
23535 | + | |
23536 | + k=(DES_LONG *)schedule; | |
23537 | + in=(unsigned char *)key; | |
23538 | + | |
23539 | + c2l(in,c); | |
23540 | + c2l(in,d); | |
23541 | + | |
23542 | + /* do PC1 in 60 simple operations */ | |
23543 | +/* PERM_OP(d,c,t,4,0x0f0f0f0fL); | |
23544 | + HPERM_OP(c,t,-2, 0xcccc0000L); | |
23545 | + HPERM_OP(c,t,-1, 0xaaaa0000L); | |
23546 | + HPERM_OP(c,t, 8, 0x00ff0000L); | |
23547 | + HPERM_OP(c,t,-1, 0xaaaa0000L); | |
23548 | + HPERM_OP(d,t,-8, 0xff000000L); | |
23549 | + HPERM_OP(d,t, 8, 0x00ff0000L); | |
23550 | + HPERM_OP(d,t, 2, 0x33330000L); | |
23551 | + d=((d&0x00aa00aaL)<<7L)|((d&0x55005500L)>>7L)|(d&0xaa55aa55L); | |
23552 | + d=(d>>8)|((c&0xf0000000L)>>4); | |
23553 | + c&=0x0fffffffL; */ | |
23554 | + | |
23555 | + /* I now do it in 47 simple operations :-) | |
23556 | + * Thanks to John Fletcher (john_fletcher@lccmail.ocf.llnl.gov) | |
23557 | + * for the inspiration. :-) */ | |
23558 | + PERM_OP (d,c,t,4,0x0f0f0f0fL); | |
23559 | + HPERM_OP(c,t,-2,0xcccc0000L); | |
23560 | + HPERM_OP(d,t,-2,0xcccc0000L); | |
23561 | + PERM_OP (d,c,t,1,0x55555555L); | |
23562 | + PERM_OP (c,d,t,8,0x00ff00ffL); | |
23563 | + PERM_OP (d,c,t,1,0x55555555L); | |
23564 | + d= (((d&0x000000ffL)<<16L)| (d&0x0000ff00L) | | |
23565 | + ((d&0x00ff0000L)>>16L)|((c&0xf0000000L)>>4L)); | |
23566 | + c&=0x0fffffffL; | |
23567 | + | |
23568 | + for (i=0; i<ITERATIONS; i++) | |
23569 | + { | |
23570 | + if (shifts2[i]) | |
23571 | + { c=((c>>2L)|(c<<26L)); d=((d>>2L)|(d<<26L)); } | |
23572 | + else | |
23573 | + { c=((c>>1L)|(c<<27L)); d=((d>>1L)|(d<<27L)); } | |
23574 | + c&=0x0fffffffL; | |
23575 | + d&=0x0fffffffL; | |
23576 | + /* could be a few less shifts but I am to lazy at this | |
23577 | + * point in time to investigate */ | |
23578 | + s= des_skb[0][ (c )&0x3f ]| | |
23579 | + des_skb[1][((c>> 6)&0x03)|((c>> 7L)&0x3c)]| | |
23580 | + des_skb[2][((c>>13)&0x0f)|((c>>14L)&0x30)]| | |
23581 | + des_skb[3][((c>>20)&0x01)|((c>>21L)&0x06) | | |
23582 | + ((c>>22L)&0x38)]; | |
23583 | + t= des_skb[4][ (d )&0x3f ]| | |
23584 | + des_skb[5][((d>> 7L)&0x03)|((d>> 8L)&0x3c)]| | |
23585 | + des_skb[6][ (d>>15L)&0x3f ]| | |
23586 | + des_skb[7][((d>>21L)&0x0f)|((d>>22L)&0x30)]; | |
23587 | + | |
23588 | + /* table contained 0213 4657 */ | |
23589 | + t2=((t<<16L)|(s&0x0000ffffL))&0xffffffffL; | |
23590 | + *(k++)=ROTATE(t2,30)&0xffffffffL; | |
23591 | + | |
23592 | + t2=((s>>16L)|(t&0xffff0000L)); | |
23593 | + *(k++)=ROTATE(t2,26)&0xffffffffL; | |
23594 | + } | |
23595 | + return(0); | |
23596 | + } | |
23597 | + | |
23598 | +int des_key_sched(key, schedule) | |
23599 | +des_cblock (*key); | |
23600 | +des_key_schedule schedule; | |
23601 | + { | |
23602 | + return(des_set_key(key,schedule)); | |
23603 | + } | |
23604 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
23605 | +++ linux/net/ipsec/goodmask.c Mon Feb 9 13:51:03 2004 | |
23606 | @@ -0,0 +1,100 @@ | |
23607 | +/* | |
23608 | + * minor utilities for subnet-mask manipulation | |
23609 | + * Copyright (C) 1998, 1999 Henry Spencer. | |
23610 | + * | |
23611 | + * This library is free software; you can redistribute it and/or modify it | |
23612 | + * under the terms of the GNU Library General Public License as published by | |
23613 | + * the Free Software Foundation; either version 2 of the License, or (at your | |
23614 | + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. | |
23615 | + * | |
23616 | + * This library is distributed in the hope that it will be useful, but | |
23617 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
23618 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public | |
23619 | + * License for more details. | |
23620 | + * | |
23621 | + * RCSID $Id: goodmask.c,v 1.12 2004/07/10 07:43:47 mcr Exp $ | |
23622 | + */ | |
23623 | +#include "openswan.h" | |
23624 | + | |
23625 | +#ifndef ABITS | |
23626 | +#define ABITS 32 /* bits in an IPv4 address */ | |
23627 | +#endif | |
23628 | + | |
23629 | +/* | |
23630 | + - goodmask - is this a good (^1*0*$) subnet mask? | |
23631 | + * You are not expected to understand this. See Henry S. Warren Jr, | |
23632 | + * "Functions realizable with word-parallel logical and two's-complement | |
23633 | + * addition instructions", CACM 20.6 (June 1977), p.439. | |
23634 | + */ | |
23635 | +int /* predicate */ | |
23636 | +goodmask(mask) | |
23637 | +struct in_addr mask; | |
23638 | +{ | |
23639 | + unsigned long x = ntohl(mask.s_addr); | |
23640 | + /* clear rightmost contiguous string of 1-bits */ | |
23641 | +# define CRCS1B(x) (((x|(x-1))+1)&x) | |
23642 | +# define TOPBIT (1UL << 31) | |
23643 | + | |
23644 | + /* either zero, or has one string of 1-bits which is left-justified */ | |
23645 | + if (x == 0 || (CRCS1B(x) == 0 && (x&TOPBIT))) | |
23646 | + return 1; | |
23647 | + return 0; | |
23648 | +} | |
23649 | + | |
23650 | +/* | |
23651 | + - masktobits - how many bits in this mask? | |
23652 | + * The algorithm is essentially a binary search, but highly optimized | |
23653 | + * for this particular task. | |
23654 | + */ | |
23655 | +int /* -1 means !goodmask() */ | |
23656 | +masktobits(mask) | |
23657 | +struct in_addr mask; | |
23658 | +{ | |
23659 | + unsigned long m = ntohl(mask.s_addr); | |
23660 | + int masklen; | |
23661 | + | |
23662 | + if (!goodmask(mask)) | |
23663 | + return -1; | |
23664 | + | |
23665 | + if (m&0x00000001UL) | |
23666 | + return 32; | |
23667 | + masklen = 0; | |
23668 | + if (m&(0x0000ffffUL<<1)) { /* <<1 for 1-origin numbering */ | |
23669 | + masklen |= 0x10; | |
23670 | + m <<= 16; | |
23671 | + } | |
23672 | + if (m&(0x00ff0000UL<<1)) { | |
23673 | + masklen |= 0x08; | |
23674 | + m <<= 8; | |
23675 | + } | |
23676 | + if (m&(0x0f000000UL<<1)) { | |
23677 | + masklen |= 0x04; | |
23678 | + m <<= 4; | |
23679 | + } | |
23680 | + if (m&(0x30000000UL<<1)) { | |
23681 | + masklen |= 0x02; | |
23682 | + m <<= 2; | |
23683 | + } | |
23684 | + if (m&(0x40000000UL<<1)) | |
23685 | + masklen |= 0x01; | |
23686 | + | |
23687 | + return masklen; | |
23688 | +} | |
23689 | + | |
23690 | +/* | |
23691 | + - bitstomask - return a mask with this many high bits on | |
23692 | + */ | |
23693 | +struct in_addr | |
23694 | +bitstomask(n) | |
23695 | +int n; | |
23696 | +{ | |
23697 | + struct in_addr result; | |
23698 | + | |
23699 | + if (n > 0 && n <= ABITS) | |
23700 | + result.s_addr = htonl(~((1UL << (ABITS - n)) - 1)); | |
23701 | + else if (n == 0) | |
23702 | + result.s_addr = 0; | |
23703 | + else | |
23704 | + result.s_addr = 0; /* best error report we can do */ | |
23705 | + return result; | |
23706 | +} | |
23707 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
23708 | +++ linux/net/ipsec/infblock.c Mon Feb 9 13:51:03 2004 | |
23709 | @@ -0,0 +1,403 @@ | |
23710 | +/* infblock.c -- interpret and process block types to last block | |
23711 | + * Copyright (C) 1995-2002 Mark Adler | |
23712 | + * For conditions of distribution and use, see copyright notice in zlib.h | |
23713 | + */ | |
23714 | + | |
23715 | +#include <zlib/zutil.h> | |
23716 | +#include "infblock.h" | |
23717 | +#include "inftrees.h" | |
23718 | +#include "infcodes.h" | |
23719 | +#include "infutil.h" | |
23720 | + | |
23721 | +struct inflate_codes_state {int dummy;}; /* for buggy compilers */ | |
23722 | + | |
23723 | +/* simplify the use of the inflate_huft type with some defines */ | |
23724 | +#define exop word.what.Exop | |
23725 | +#define bits word.what.Bits | |
23726 | + | |
23727 | +/* Table for deflate from PKZIP's appnote.txt. */ | |
23728 | +local const uInt border[] = { /* Order of the bit length code lengths */ | |
23729 | + 16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15}; | |
23730 | + | |
23731 | +/* | |
23732 | + Notes beyond the 1.93a appnote.txt: | |
23733 | + | |
23734 | + 1. Distance pointers never point before the beginning of the output | |
23735 | + stream. | |
23736 | + 2. Distance pointers can point back across blocks, up to 32k away. | |
23737 | + 3. There is an implied maximum of 7 bits for the bit length table and | |
23738 | + 15 bits for the actual data. | |
23739 | + 4. If only one code exists, then it is encoded using one bit. (Zero | |
23740 | + would be more efficient, but perhaps a little confusing.) If two | |
23741 | + codes exist, they are coded using one bit each (0 and 1). | |
23742 | + 5. There is no way of sending zero distance codes--a dummy must be | |
23743 | + sent if there are none. (History: a pre 2.0 version of PKZIP would | |
23744 | + store blocks with no distance codes, but this was discovered to be | |
23745 | + too harsh a criterion.) Valid only for 1.93a. 2.04c does allow | |
23746 | + zero distance codes, which is sent as one code of zero bits in | |
23747 | + length. | |
23748 | + 6. There are up to 286 literal/length codes. Code 256 represents the | |
23749 | + end-of-block. Note however that the static length tree defines | |
23750 | + 288 codes just to fill out the Huffman codes. Codes 286 and 287 | |
23751 | + cannot be used though, since there is no length base or extra bits | |
23752 | + defined for them. Similarily, there are up to 30 distance codes. | |
23753 | + However, static trees define 32 codes (all 5 bits) to fill out the | |
23754 | + Huffman codes, but the last two had better not show up in the data. | |
23755 | + 7. Unzip can check dynamic Huffman blocks for complete code sets. | |
23756 | + The exception is that a single code would not be complete (see #4). | |
23757 | + 8. The five bits following the block type is really the number of | |
23758 | + literal codes sent minus 257. | |
23759 | + 9. Length codes 8,16,16 are interpreted as 13 length codes of 8 bits | |
23760 | + (1+6+6). Therefore, to output three times the length, you output | |
23761 | + three codes (1+1+1), whereas to output four times the same length, | |
23762 | + you only need two codes (1+3). Hmm. | |
23763 | + 10. In the tree reconstruction algorithm, Code = Code + Increment | |
23764 | + only if BitLength(i) is not zero. (Pretty obvious.) | |
23765 | + 11. Correction: 4 Bits: # of Bit Length codes - 4 (4 - 19) | |
23766 | + 12. Note: length code 284 can represent 227-258, but length code 285 | |
23767 | + really is 258. The last length deserves its own, short code | |
23768 | + since it gets used a lot in very redundant files. The length | |
23769 | + 258 is special since 258 - 3 (the min match length) is 255. | |
23770 | + 13. The literal/length and distance code bit lengths are read as a | |
23771 | + single stream of lengths. It is possible (and advantageous) for | |
23772 | + a repeat code (16, 17, or 18) to go across the boundary between | |
23773 | + the two sets of lengths. | |
23774 | + */ | |
23775 | + | |
23776 | + | |
23777 | +void inflate_blocks_reset(s, z, c) | |
23778 | +inflate_blocks_statef *s; | |
23779 | +z_streamp z; | |
23780 | +uLongf *c; | |
23781 | +{ | |
23782 | + if (c != Z_NULL) | |
23783 | + *c = s->check; | |
23784 | + if (s->mode == BTREE || s->mode == DTREE) | |
23785 | + ZFREE(z, s->sub.trees.blens); | |
23786 | + if (s->mode == CODES) | |
23787 | + inflate_codes_free(s->sub.decode.codes, z); | |
23788 | + s->mode = TYPE; | |
23789 | + s->bitk = 0; | |
23790 | + s->bitb = 0; | |
23791 | + s->read = s->write = s->window; | |
23792 | + if (s->checkfn != Z_NULL) | |
23793 | + z->adler = s->check = (*s->checkfn)(0L, (const Bytef *)Z_NULL, 0); | |
23794 | + Tracev((stderr, "inflate: blocks reset\n")); | |
23795 | +} | |
23796 | + | |
23797 | + | |
23798 | +inflate_blocks_statef *inflate_blocks_new(z, c, w) | |
23799 | +z_streamp z; | |
23800 | +check_func c; | |
23801 | +uInt w; | |
23802 | +{ | |
23803 | + inflate_blocks_statef *s; | |
23804 | + | |
23805 | + if ((s = (inflate_blocks_statef *)ZALLOC | |
23806 | + (z,1,sizeof(struct inflate_blocks_state))) == Z_NULL) | |
23807 | + return s; | |
23808 | + if ((s->hufts = | |
23809 | + (inflate_huft *)ZALLOC(z, sizeof(inflate_huft), MANY)) == Z_NULL) | |
23810 | + { | |
23811 | + ZFREE(z, s); | |
23812 | + return Z_NULL; | |
23813 | + } | |
23814 | + if ((s->window = (Bytef *)ZALLOC(z, 1, w)) == Z_NULL) | |
23815 | + { | |
23816 | + ZFREE(z, s->hufts); | |
23817 | + ZFREE(z, s); | |
23818 | + return Z_NULL; | |
23819 | + } | |
23820 | + s->end = s->window + w; | |
23821 | + s->checkfn = c; | |
23822 | + s->mode = TYPE; | |
23823 | + Tracev((stderr, "inflate: blocks allocated\n")); | |
23824 | + inflate_blocks_reset(s, z, Z_NULL); | |
23825 | + return s; | |
23826 | +} | |
23827 | + | |
23828 | + | |
23829 | +int inflate_blocks(s, z, r) | |
23830 | +inflate_blocks_statef *s; | |
23831 | +z_streamp z; | |
23832 | +int r; | |
23833 | +{ | |
23834 | + uInt t; /* temporary storage */ | |
23835 | + uLong b; /* bit buffer */ | |
23836 | + uInt k; /* bits in bit buffer */ | |
23837 | + Bytef *p; /* input data pointer */ | |
23838 | + uInt n; /* bytes available there */ | |
23839 | + Bytef *q; /* output window write pointer */ | |
23840 | + uInt m; /* bytes to end of window or read pointer */ | |
23841 | + | |
23842 | + /* copy input/output information to locals (UPDATE macro restores) */ | |
23843 | + LOAD | |
23844 | + | |
23845 | + /* process input based on current state */ | |
23846 | + while (1) switch (s->mode) | |
23847 | + { | |
23848 | + case TYPE: | |
23849 | + NEEDBITS(3) | |
23850 | + t = (uInt)b & 7; | |
23851 | + s->last = t & 1; | |
23852 | + switch (t >> 1) | |
23853 | + { | |
23854 | + case 0: /* stored */ | |
23855 | + Tracev((stderr, "inflate: stored block%s\n", | |
23856 | + s->last ? " (last)" : "")); | |
23857 | + DUMPBITS(3) | |
23858 | + t = k & 7; /* go to byte boundary */ | |
23859 | + DUMPBITS(t) | |
23860 | + s->mode = LENS; /* get length of stored block */ | |
23861 | + break; | |
23862 | + case 1: /* fixed */ | |
23863 | + Tracev((stderr, "inflate: fixed codes block%s\n", | |
23864 | + s->last ? " (last)" : "")); | |
23865 | + { | |
23866 | + uInt bl, bd; | |
23867 | + inflate_huft *tl, *td; | |
23868 | + | |
23869 | + inflate_trees_fixed(&bl, &bd, &tl, &td, z); | |
23870 | + s->sub.decode.codes = inflate_codes_new(bl, bd, tl, td, z); | |
23871 | + if (s->sub.decode.codes == Z_NULL) | |
23872 | + { | |
23873 | + r = Z_MEM_ERROR; | |
23874 | + LEAVE | |
23875 | + } | |
23876 | + } | |
23877 | + DUMPBITS(3) | |
23878 | + s->mode = CODES; | |
23879 | + break; | |
23880 | + case 2: /* dynamic */ | |
23881 | + Tracev((stderr, "inflate: dynamic codes block%s\n", | |
23882 | + s->last ? " (last)" : "")); | |
23883 | + DUMPBITS(3) | |
23884 | + s->mode = TABLE; | |
23885 | + break; | |
23886 | + case 3: /* illegal */ | |
23887 | + DUMPBITS(3) | |
23888 | + s->mode = BAD; | |
23889 | + z->msg = (char*)"invalid block type"; | |
23890 | + r = Z_DATA_ERROR; | |
23891 | + LEAVE | |
23892 | + } | |
23893 | + break; | |
23894 | + case LENS: | |
23895 | + NEEDBITS(32) | |
23896 | + if ((((~b) >> 16) & 0xffff) != (b & 0xffff)) | |
23897 | + { | |
23898 | + s->mode = BAD; | |
23899 | + z->msg = (char*)"invalid stored block lengths"; | |
23900 | + r = Z_DATA_ERROR; | |
23901 | + LEAVE | |
23902 | + } | |
23903 | + s->sub.left = (uInt)b & 0xffff; | |
23904 | + b = k = 0; /* dump bits */ | |
23905 | + Tracev((stderr, "inflate: stored length %u\n", s->sub.left)); | |
23906 | + s->mode = s->sub.left ? STORED : (s->last ? DRY : TYPE); | |
23907 | + break; | |
23908 | + case STORED: | |
23909 | + if (n == 0) | |
23910 | + LEAVE | |
23911 | + NEEDOUT | |
23912 | + t = s->sub.left; | |
23913 | + if (t > n) t = n; | |
23914 | + if (t > m) t = m; | |
23915 | + zmemcpy(q, p, t); | |
23916 | + p += t; n -= t; | |
23917 | + q += t; m -= t; | |
23918 | + if ((s->sub.left -= t) != 0) | |
23919 | + break; | |
23920 | + Tracev((stderr, "inflate: stored end, %lu total out\n", | |
23921 | + z->total_out + (q >= s->read ? q - s->read : | |
23922 | + (s->end - s->read) + (q - s->window)))); | |
23923 | + s->mode = s->last ? DRY : TYPE; | |
23924 | + break; | |
23925 | + case TABLE: | |
23926 | + NEEDBITS(14) | |
23927 | + s->sub.trees.table = t = (uInt)b & 0x3fff; | |
23928 | +#ifndef PKZIP_BUG_WORKAROUND | |
23929 | + if ((t & 0x1f) > 29 || ((t >> 5) & 0x1f) > 29) | |
23930 | + { | |
23931 | + s->mode = BAD; | |
23932 | + z->msg = (char*)"too many length or distance symbols"; | |
23933 | + r = Z_DATA_ERROR; | |
23934 | + LEAVE | |
23935 | + } | |
23936 | +#endif | |
23937 | + t = 258 + (t & 0x1f) + ((t >> 5) & 0x1f); | |
23938 | + if ((s->sub.trees.blens = (uIntf*)ZALLOC(z, t, sizeof(uInt))) == Z_NULL) | |
23939 | + { | |
23940 | + r = Z_MEM_ERROR; | |
23941 | + LEAVE | |
23942 | + } | |
23943 | + DUMPBITS(14) | |
23944 | + s->sub.trees.index = 0; | |
23945 | + Tracev((stderr, "inflate: table sizes ok\n")); | |
23946 | + s->mode = BTREE; | |
23947 | + case BTREE: | |
23948 | + while (s->sub.trees.index < 4 + (s->sub.trees.table >> 10)) | |
23949 | + { | |
23950 | + NEEDBITS(3) | |
23951 | + s->sub.trees.blens[border[s->sub.trees.index++]] = (uInt)b & 7; | |
23952 | + DUMPBITS(3) | |
23953 | + } | |
23954 | + while (s->sub.trees.index < 19) | |
23955 | + s->sub.trees.blens[border[s->sub.trees.index++]] = 0; | |
23956 | + s->sub.trees.bb = 7; | |
23957 | + t = inflate_trees_bits(s->sub.trees.blens, &s->sub.trees.bb, | |
23958 | + &s->sub.trees.tb, s->hufts, z); | |
23959 | + if (t != Z_OK) | |
23960 | + { | |
23961 | + r = t; | |
23962 | + if (r == Z_DATA_ERROR) | |
23963 | + { | |
23964 | + ZFREE(z, s->sub.trees.blens); | |
23965 | + s->mode = BAD; | |
23966 | + } | |
23967 | + LEAVE | |
23968 | + } | |
23969 | + s->sub.trees.index = 0; | |
23970 | + Tracev((stderr, "inflate: bits tree ok\n")); | |
23971 | + s->mode = DTREE; | |
23972 | + case DTREE: | |
23973 | + while (t = s->sub.trees.table, | |
23974 | + s->sub.trees.index < 258 + (t & 0x1f) + ((t >> 5) & 0x1f)) | |
23975 | + { | |
23976 | + inflate_huft *h; | |
23977 | + uInt i, j, c; | |
23978 | + | |
23979 | + t = s->sub.trees.bb; | |
23980 | + NEEDBITS(t) | |
23981 | + h = s->sub.trees.tb + ((uInt)b & inflate_mask[t]); | |
23982 | + t = h->bits; | |
23983 | + c = h->base; | |
23984 | + if (c < 16) | |
23985 | + { | |
23986 | + DUMPBITS(t) | |
23987 | + s->sub.trees.blens[s->sub.trees.index++] = c; | |
23988 | + } | |
23989 | + else /* c == 16..18 */ | |
23990 | + { | |
23991 | + i = c == 18 ? 7 : c - 14; | |
23992 | + j = c == 18 ? 11 : 3; | |
23993 | + NEEDBITS(t + i) | |
23994 | + DUMPBITS(t) | |
23995 | + j += (uInt)b & inflate_mask[i]; | |
23996 | + DUMPBITS(i) | |
23997 | + i = s->sub.trees.index; | |
23998 | + t = s->sub.trees.table; | |
23999 | + if (i + j > 258 + (t & 0x1f) + ((t >> 5) & 0x1f) || | |
24000 | + (c == 16 && i < 1)) | |
24001 | + { | |
24002 | + ZFREE(z, s->sub.trees.blens); | |
24003 | + s->mode = BAD; | |
24004 | + z->msg = (char*)"invalid bit length repeat"; | |
24005 | + r = Z_DATA_ERROR; | |
24006 | + LEAVE | |
24007 | + } | |
24008 | + c = c == 16 ? s->sub.trees.blens[i - 1] : 0; | |
24009 | + do { | |
24010 | + s->sub.trees.blens[i++] = c; | |
24011 | + } while (--j); | |
24012 | + s->sub.trees.index = i; | |
24013 | + } | |
24014 | + } | |
24015 | + s->sub.trees.tb = Z_NULL; | |
24016 | + { | |
24017 | + uInt bl, bd; | |
24018 | + inflate_huft *tl, *td; | |
24019 | + inflate_codes_statef *c; | |
24020 | + | |
24021 | + bl = 9; /* must be <= 9 for lookahead assumptions */ | |
24022 | + bd = 6; /* must be <= 9 for lookahead assumptions */ | |
24023 | + t = s->sub.trees.table; | |
24024 | + t = inflate_trees_dynamic(257 + (t & 0x1f), 1 + ((t >> 5) & 0x1f), | |
24025 | + s->sub.trees.blens, &bl, &bd, &tl, &td, | |
24026 | + s->hufts, z); | |
24027 | + if (t != Z_OK) | |
24028 | + { | |
24029 | + if (t == (uInt)Z_DATA_ERROR) | |
24030 | + { | |
24031 | + ZFREE(z, s->sub.trees.blens); | |
24032 | + s->mode = BAD; | |
24033 | + } | |
24034 | + r = t; | |
24035 | + LEAVE | |
24036 | + } | |
24037 | + Tracev((stderr, "inflate: trees ok\n")); | |
24038 | + if ((c = inflate_codes_new(bl, bd, tl, td, z)) == Z_NULL) | |
24039 | + { | |
24040 | + r = Z_MEM_ERROR; | |
24041 | + LEAVE | |
24042 | + } | |
24043 | + s->sub.decode.codes = c; | |
24044 | + } | |
24045 | + ZFREE(z, s->sub.trees.blens); | |
24046 | + s->mode = CODES; | |
24047 | + case CODES: | |
24048 | + UPDATE | |
24049 | + if ((r = inflate_codes(s, z, r)) != Z_STREAM_END) | |
24050 | + return inflate_flush(s, z, r); | |
24051 | + r = Z_OK; | |
24052 | + inflate_codes_free(s->sub.decode.codes, z); | |
24053 | + LOAD | |
24054 | + Tracev((stderr, "inflate: codes end, %lu total out\n", | |
24055 | + z->total_out + (q >= s->read ? q - s->read : | |
24056 | + (s->end - s->read) + (q - s->window)))); | |
24057 | + if (!s->last) | |
24058 | + { | |
24059 | + s->mode = TYPE; | |
24060 | + break; | |
24061 | + } | |
24062 | + s->mode = DRY; | |
24063 | + case DRY: | |
24064 | + FLUSH | |
24065 | + if (s->read != s->write) | |
24066 | + LEAVE | |
24067 | + s->mode = DONE; | |
24068 | + case DONE: | |
24069 | + r = Z_STREAM_END; | |
24070 | + LEAVE | |
24071 | + case BAD: | |
24072 | + r = Z_DATA_ERROR; | |
24073 | + LEAVE | |
24074 | + default: | |
24075 | + r = Z_STREAM_ERROR; | |
24076 | + LEAVE | |
24077 | + } | |
24078 | +} | |
24079 | + | |
24080 | + | |
24081 | +int inflate_blocks_free(s, z) | |
24082 | +inflate_blocks_statef *s; | |
24083 | +z_streamp z; | |
24084 | +{ | |
24085 | + inflate_blocks_reset(s, z, Z_NULL); | |
24086 | + ZFREE(z, s->window); | |
24087 | + ZFREE(z, s->hufts); | |
24088 | + ZFREE(z, s); | |
24089 | + Tracev((stderr, "inflate: blocks freed\n")); | |
24090 | + return Z_OK; | |
24091 | +} | |
24092 | + | |
24093 | + | |
24094 | +void inflate_set_dictionary(s, d, n) | |
24095 | +inflate_blocks_statef *s; | |
24096 | +const Bytef *d; | |
24097 | +uInt n; | |
24098 | +{ | |
24099 | + zmemcpy(s->window, d, n); | |
24100 | + s->read = s->write = s->window + n; | |
24101 | +} | |
24102 | + | |
24103 | + | |
24104 | +/* Returns true if inflate is currently at the end of a block generated | |
24105 | + * by Z_SYNC_FLUSH or Z_FULL_FLUSH. | |
24106 | + * IN assertion: s != Z_NULL | |
24107 | + */ | |
24108 | +int inflate_blocks_sync_point(s) | |
24109 | +inflate_blocks_statef *s; | |
24110 | +{ | |
24111 | + return s->mode == LENS; | |
24112 | +} | |
24113 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
24114 | +++ linux/net/ipsec/infblock.h Mon Feb 9 13:51:03 2004 | |
24115 | @@ -0,0 +1,39 @@ | |
24116 | +/* infblock.h -- header to use infblock.c | |
24117 | + * Copyright (C) 1995-2002 Mark Adler | |
24118 | + * For conditions of distribution and use, see copyright notice in zlib.h | |
24119 | + */ | |
24120 | + | |
24121 | +/* WARNING: this file should *not* be used by applications. It is | |
24122 | + part of the implementation of the compression library and is | |
24123 | + subject to change. Applications should only use zlib.h. | |
24124 | + */ | |
24125 | + | |
24126 | +struct inflate_blocks_state; | |
24127 | +typedef struct inflate_blocks_state FAR inflate_blocks_statef; | |
24128 | + | |
24129 | +extern inflate_blocks_statef * inflate_blocks_new OF(( | |
24130 | + z_streamp z, | |
24131 | + check_func c, /* check function */ | |
24132 | + uInt w)); /* window size */ | |
24133 | + | |
24134 | +extern int inflate_blocks OF(( | |
24135 | + inflate_blocks_statef *, | |
24136 | + z_streamp , | |
24137 | + int)); /* initial return code */ | |
24138 | + | |
24139 | +extern void inflate_blocks_reset OF(( | |
24140 | + inflate_blocks_statef *, | |
24141 | + z_streamp , | |
24142 | + uLongf *)); /* check value on output */ | |
24143 | + | |
24144 | +extern int inflate_blocks_free OF(( | |
24145 | + inflate_blocks_statef *, | |
24146 | + z_streamp)); | |
24147 | + | |
24148 | +extern void inflate_set_dictionary OF(( | |
24149 | + inflate_blocks_statef *s, | |
24150 | + const Bytef *d, /* dictionary */ | |
24151 | + uInt n)); /* dictionary length */ | |
24152 | + | |
24153 | +extern int inflate_blocks_sync_point OF(( | |
24154 | + inflate_blocks_statef *s)); | |
24155 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
24156 | +++ linux/net/ipsec/infcodes.c Mon Feb 9 13:51:03 2004 | |
24157 | @@ -0,0 +1,251 @@ | |
24158 | +/* infcodes.c -- process literals and length/distance pairs | |
24159 | + * Copyright (C) 1995-2002 Mark Adler | |
24160 | + * For conditions of distribution and use, see copyright notice in zlib.h | |
24161 | + */ | |
24162 | + | |
24163 | +#include <zlib/zutil.h> | |
24164 | +#include "inftrees.h" | |
24165 | +#include "infblock.h" | |
24166 | +#include "infcodes.h" | |
24167 | +#include "infutil.h" | |
24168 | +#include "inffast.h" | |
24169 | + | |
24170 | +/* simplify the use of the inflate_huft type with some defines */ | |
24171 | +#define exop word.what.Exop | |
24172 | +#define bits word.what.Bits | |
24173 | + | |
24174 | +typedef enum { /* waiting for "i:"=input, "o:"=output, "x:"=nothing */ | |
24175 | + START, /* x: set up for LEN */ | |
24176 | + LEN, /* i: get length/literal/eob next */ | |
24177 | + LENEXT, /* i: getting length extra (have base) */ | |
24178 | + DIST, /* i: get distance next */ | |
24179 | + DISTEXT, /* i: getting distance extra */ | |
24180 | + COPY, /* o: copying bytes in window, waiting for space */ | |
24181 | + LIT, /* o: got literal, waiting for output space */ | |
24182 | + WASH, /* o: got eob, possibly still output waiting */ | |
24183 | + END, /* x: got eob and all data flushed */ | |
24184 | + BADCODE} /* x: got error */ | |
24185 | +inflate_codes_mode; | |
24186 | + | |
24187 | +/* inflate codes private state */ | |
24188 | +struct inflate_codes_state { | |
24189 | + | |
24190 | + /* mode */ | |
24191 | + inflate_codes_mode mode; /* current inflate_codes mode */ | |
24192 | + | |
24193 | + /* mode dependent information */ | |
24194 | + uInt len; | |
24195 | + union { | |
24196 | + struct { | |
24197 | + inflate_huft *tree; /* pointer into tree */ | |
24198 | + uInt need; /* bits needed */ | |
24199 | + } code; /* if LEN or DIST, where in tree */ | |
24200 | + uInt lit; /* if LIT, literal */ | |
24201 | + struct { | |
24202 | + uInt get; /* bits to get for extra */ | |
24203 | + uInt dist; /* distance back to copy from */ | |
24204 | + } copy; /* if EXT or COPY, where and how much */ | |
24205 | + } sub; /* submode */ | |
24206 | + | |
24207 | + /* mode independent information */ | |
24208 | + Byte lbits; /* ltree bits decoded per branch */ | |
24209 | + Byte dbits; /* dtree bits decoder per branch */ | |
24210 | + inflate_huft *ltree; /* literal/length/eob tree */ | |
24211 | + inflate_huft *dtree; /* distance tree */ | |
24212 | + | |
24213 | +}; | |
24214 | + | |
24215 | + | |
24216 | +inflate_codes_statef *inflate_codes_new(bl, bd, tl, td, z) | |
24217 | +uInt bl, bd; | |
24218 | +inflate_huft *tl; | |
24219 | +inflate_huft *td; /* need separate declaration for Borland C++ */ | |
24220 | +z_streamp z; | |
24221 | +{ | |
24222 | + inflate_codes_statef *c; | |
24223 | + | |
24224 | + if ((c = (inflate_codes_statef *) | |
24225 | + ZALLOC(z,1,sizeof(struct inflate_codes_state))) != Z_NULL) | |
24226 | + { | |
24227 | + c->mode = START; | |
24228 | + c->lbits = (Byte)bl; | |
24229 | + c->dbits = (Byte)bd; | |
24230 | + c->ltree = tl; | |
24231 | + c->dtree = td; | |
24232 | + Tracev((stderr, "inflate: codes new\n")); | |
24233 | + } | |
24234 | + return c; | |
24235 | +} | |
24236 | + | |
24237 | + | |
24238 | +int inflate_codes(s, z, r) | |
24239 | +inflate_blocks_statef *s; | |
24240 | +z_streamp z; | |
24241 | +int r; | |
24242 | +{ | |
24243 | + uInt j; /* temporary storage */ | |
24244 | + inflate_huft *t; /* temporary pointer */ | |
24245 | + uInt e; /* extra bits or operation */ | |
24246 | + uLong b; /* bit buffer */ | |
24247 | + uInt k; /* bits in bit buffer */ | |
24248 | + Bytef *p; /* input data pointer */ | |
24249 | + uInt n; /* bytes available there */ | |
24250 | + Bytef *q; /* output window write pointer */ | |
24251 | + uInt m; /* bytes to end of window or read pointer */ | |
24252 | + Bytef *f; /* pointer to copy strings from */ | |
24253 | + inflate_codes_statef *c = s->sub.decode.codes; /* codes state */ | |
24254 | + | |
24255 | + /* copy input/output information to locals (UPDATE macro restores) */ | |
24256 | + LOAD | |
24257 | + | |
24258 | + /* process input and output based on current state */ | |
24259 | + while (1) switch (c->mode) | |
24260 | + { /* waiting for "i:"=input, "o:"=output, "x:"=nothing */ | |
24261 | + case START: /* x: set up for LEN */ | |
24262 | +#ifndef SLOW | |
24263 | + if (m >= 258 && n >= 10) | |
24264 | + { | |
24265 | + UPDATE | |
24266 | + r = inflate_fast(c->lbits, c->dbits, c->ltree, c->dtree, s, z); | |
24267 | + LOAD | |
24268 | + if (r != Z_OK) | |
24269 | + { | |
24270 | + c->mode = r == Z_STREAM_END ? WASH : BADCODE; | |
24271 | + break; | |
24272 | + } | |
24273 | + } | |
24274 | +#endif /* !SLOW */ | |
24275 | + c->sub.code.need = c->lbits; | |
24276 | + c->sub.code.tree = c->ltree; | |
24277 | + c->mode = LEN; | |
24278 | + case LEN: /* i: get length/literal/eob next */ | |
24279 | + j = c->sub.code.need; | |
24280 | + NEEDBITS(j) | |
24281 | + t = c->sub.code.tree + ((uInt)b & inflate_mask[j]); | |
24282 | + DUMPBITS(t->bits) | |
24283 | + e = (uInt)(t->exop); | |
24284 | + if (e == 0) /* literal */ | |
24285 | + { | |
24286 | + c->sub.lit = t->base; | |
24287 | + Tracevv((stderr, t->base >= 0x20 && t->base < 0x7f ? | |
24288 | + "inflate: literal '%c'\n" : | |
24289 | + "inflate: literal 0x%02x\n", t->base)); | |
24290 | + c->mode = LIT; | |
24291 | + break; | |
24292 | + } | |
24293 | + if (e & 16) /* length */ | |
24294 | + { | |
24295 | + c->sub.copy.get = e & 15; | |
24296 | + c->len = t->base; | |
24297 | + c->mode = LENEXT; | |
24298 | + break; | |
24299 | + } | |
24300 | + if ((e & 64) == 0) /* next table */ | |
24301 | + { | |
24302 | + c->sub.code.need = e; | |
24303 | + c->sub.code.tree = t + t->base; | |
24304 | + break; | |
24305 | + } | |
24306 | + if (e & 32) /* end of block */ | |
24307 | + { | |
24308 | + Tracevv((stderr, "inflate: end of block\n")); | |
24309 | + c->mode = WASH; | |
24310 | + break; | |
24311 | + } | |
24312 | + c->mode = BADCODE; /* invalid code */ | |
24313 | + z->msg = (char*)"invalid literal/length code"; | |
24314 | + r = Z_DATA_ERROR; | |
24315 | + LEAVE | |
24316 | + case LENEXT: /* i: getting length extra (have base) */ | |
24317 | + j = c->sub.copy.get; | |
24318 | + NEEDBITS(j) | |
24319 | + c->len += (uInt)b & inflate_mask[j]; | |
24320 | + DUMPBITS(j) | |
24321 | + c->sub.code.need = c->dbits; | |
24322 | + c->sub.code.tree = c->dtree; | |
24323 | + Tracevv((stderr, "inflate: length %u\n", c->len)); | |
24324 | + c->mode = DIST; | |
24325 | + case DIST: /* i: get distance next */ | |
24326 | + j = c->sub.code.need; | |
24327 | + NEEDBITS(j) | |
24328 | + t = c->sub.code.tree + ((uInt)b & inflate_mask[j]); | |
24329 | + DUMPBITS(t->bits) | |
24330 | + e = (uInt)(t->exop); | |
24331 | + if (e & 16) /* distance */ | |
24332 | + { | |
24333 | + c->sub.copy.get = e & 15; | |
24334 | + c->sub.copy.dist = t->base; | |
24335 | + c->mode = DISTEXT; | |
24336 | + break; | |
24337 | + } | |
24338 | + if ((e & 64) == 0) /* next table */ | |
24339 | + { | |
24340 | + c->sub.code.need = e; | |
24341 | + c->sub.code.tree = t + t->base; | |
24342 | + break; | |
24343 | + } | |
24344 | + c->mode = BADCODE; /* invalid code */ | |
24345 | + z->msg = (char*)"invalid distance code"; | |
24346 | + r = Z_DATA_ERROR; | |
24347 | + LEAVE | |
24348 | + case DISTEXT: /* i: getting distance extra */ | |
24349 | + j = c->sub.copy.get; | |
24350 | + NEEDBITS(j) | |
24351 | + c->sub.copy.dist += (uInt)b & inflate_mask[j]; | |
24352 | + DUMPBITS(j) | |
24353 | + Tracevv((stderr, "inflate: distance %u\n", c->sub.copy.dist)); | |
24354 | + c->mode = COPY; | |
24355 | + case COPY: /* o: copying bytes in window, waiting for space */ | |
24356 | + f = q - c->sub.copy.dist; | |
24357 | + while (f < s->window) /* modulo window size-"while" instead */ | |
24358 | + f += s->end - s->window; /* of "if" handles invalid distances */ | |
24359 | + while (c->len) | |
24360 | + { | |
24361 | + NEEDOUT | |
24362 | + OUTBYTE(*f++) | |
24363 | + if (f == s->end) | |
24364 | + f = s->window; | |
24365 | + c->len--; | |
24366 | + } | |
24367 | + c->mode = START; | |
24368 | + break; | |
24369 | + case LIT: /* o: got literal, waiting for output space */ | |
24370 | + NEEDOUT | |
24371 | + OUTBYTE(c->sub.lit) | |
24372 | + c->mode = START; | |
24373 | + break; | |
24374 | + case WASH: /* o: got eob, possibly more output */ | |
24375 | + if (k > 7) /* return unused byte, if any */ | |
24376 | + { | |
24377 | + Assert(k < 16, "inflate_codes grabbed too many bytes") | |
24378 | + k -= 8; | |
24379 | + n++; | |
24380 | + p--; /* can always return one */ | |
24381 | + } | |
24382 | + FLUSH | |
24383 | + if (s->read != s->write) | |
24384 | + LEAVE | |
24385 | + c->mode = END; | |
24386 | + case END: | |
24387 | + r = Z_STREAM_END; | |
24388 | + LEAVE | |
24389 | + case BADCODE: /* x: got error */ | |
24390 | + r = Z_DATA_ERROR; | |
24391 | + LEAVE | |
24392 | + default: | |
24393 | + r = Z_STREAM_ERROR; | |
24394 | + LEAVE | |
24395 | + } | |
24396 | +#ifdef NEED_DUMMY_RETURN | |
24397 | + return Z_STREAM_ERROR; /* Some dumb compilers complain without this */ | |
24398 | +#endif | |
24399 | +} | |
24400 | + | |
24401 | + | |
24402 | +void inflate_codes_free(c, z) | |
24403 | +inflate_codes_statef *c; | |
24404 | +z_streamp z; | |
24405 | +{ | |
24406 | + ZFREE(z, c); | |
24407 | + Tracev((stderr, "inflate: codes free\n")); | |
24408 | +} | |
24409 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
24410 | +++ linux/net/ipsec/infcodes.h Mon Feb 9 13:51:03 2004 | |
24411 | @@ -0,0 +1,31 @@ | |
24412 | +/* infcodes.h -- header to use infcodes.c | |
24413 | + * Copyright (C) 1995-2002 Mark Adler | |
24414 | + * For conditions of distribution and use, see copyright notice in zlib.h | |
24415 | + */ | |
24416 | + | |
24417 | +/* WARNING: this file should *not* be used by applications. It is | |
24418 | + part of the implementation of the compression library and is | |
24419 | + subject to change. Applications should only use zlib.h. | |
24420 | + */ | |
24421 | + | |
24422 | +#ifndef _INFCODES_H | |
24423 | +#define _INFCODES_H | |
24424 | + | |
24425 | +struct inflate_codes_state; | |
24426 | +typedef struct inflate_codes_state FAR inflate_codes_statef; | |
24427 | + | |
24428 | +extern inflate_codes_statef *inflate_codes_new OF(( | |
24429 | + uInt, uInt, | |
24430 | + inflate_huft *, inflate_huft *, | |
24431 | + z_streamp )); | |
24432 | + | |
24433 | +extern int inflate_codes OF(( | |
24434 | + inflate_blocks_statef *, | |
24435 | + z_streamp , | |
24436 | + int)); | |
24437 | + | |
24438 | +extern void inflate_codes_free OF(( | |
24439 | + inflate_codes_statef *, | |
24440 | + z_streamp )); | |
24441 | + | |
24442 | +#endif /* _INFCODES_H */ | |
24443 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
24444 | +++ linux/net/ipsec/inffast.c Mon Feb 9 13:51:03 2004 | |
24445 | @@ -0,0 +1,183 @@ | |
24446 | +/* inffast.c -- process literals and length/distance pairs fast | |
24447 | + * Copyright (C) 1995-2002 Mark Adler | |
24448 | + * For conditions of distribution and use, see copyright notice in zlib.h | |
24449 | + */ | |
24450 | + | |
24451 | +#include <zlib/zutil.h> | |
24452 | +#include "inftrees.h" | |
24453 | +#include "infblock.h" | |
24454 | +#include "infcodes.h" | |
24455 | +#include "infutil.h" | |
24456 | +#include "inffast.h" | |
24457 | + | |
24458 | +struct inflate_codes_state {int dummy;}; /* for buggy compilers */ | |
24459 | + | |
24460 | +/* simplify the use of the inflate_huft type with some defines */ | |
24461 | +#define exop word.what.Exop | |
24462 | +#define bits word.what.Bits | |
24463 | + | |
24464 | +/* macros for bit input with no checking and for returning unused bytes */ | |
24465 | +#define GRABBITS(j) {while(k<(j)){b|=((uLong)NEXTBYTE)<<k;k+=8;}} | |
24466 | +#define UNGRAB {c=z->avail_in-n;c=(k>>3)<c?k>>3:c;n+=c;p-=c;k-=c<<3;} | |
24467 | + | |
24468 | +/* Called with number of bytes left to write in window at least 258 | |
24469 | + (the maximum string length) and number of input bytes available | |
24470 | + at least ten. The ten bytes are six bytes for the longest length/ | |
24471 | + distance pair plus four bytes for overloading the bit buffer. */ | |
24472 | + | |
24473 | +int inflate_fast(bl, bd, tl, td, s, z) | |
24474 | +uInt bl, bd; | |
24475 | +inflate_huft *tl; | |
24476 | +inflate_huft *td; /* need separate declaration for Borland C++ */ | |
24477 | +inflate_blocks_statef *s; | |
24478 | +z_streamp z; | |
24479 | +{ | |
24480 | + inflate_huft *t; /* temporary pointer */ | |
24481 | + uInt e; /* extra bits or operation */ | |
24482 | + uLong b; /* bit buffer */ | |
24483 | + uInt k; /* bits in bit buffer */ | |
24484 | + Bytef *p; /* input data pointer */ | |
24485 | + uInt n; /* bytes available there */ | |
24486 | + Bytef *q; /* output window write pointer */ | |
24487 | + uInt m; /* bytes to end of window or read pointer */ | |
24488 | + uInt ml; /* mask for literal/length tree */ | |
24489 | + uInt md; /* mask for distance tree */ | |
24490 | + uInt c; /* bytes to copy */ | |
24491 | + uInt d; /* distance back to copy from */ | |
24492 | + Bytef *r; /* copy source pointer */ | |
24493 | + | |
24494 | + /* load input, output, bit values */ | |
24495 | + LOAD | |
24496 | + | |
24497 | + /* initialize masks */ | |
24498 | + ml = inflate_mask[bl]; | |
24499 | + md = inflate_mask[bd]; | |
24500 | + | |
24501 | + /* do until not enough input or output space for fast loop */ | |
24502 | + do { /* assume called with m >= 258 && n >= 10 */ | |
24503 | + /* get literal/length code */ | |
24504 | + GRABBITS(20) /* max bits for literal/length code */ | |
24505 | + if ((e = (t = tl + ((uInt)b & ml))->exop) == 0) | |
24506 | + { | |
24507 | + DUMPBITS(t->bits) | |
24508 | + Tracevv((stderr, t->base >= 0x20 && t->base < 0x7f ? | |
24509 | + "inflate: * literal '%c'\n" : | |
24510 | + "inflate: * literal 0x%02x\n", t->base)); | |
24511 | + *q++ = (Byte)t->base; | |
24512 | + m--; | |
24513 | + continue; | |
24514 | + } | |
24515 | + do { | |
24516 | + DUMPBITS(t->bits) | |
24517 | + if (e & 16) | |
24518 | + { | |
24519 | + /* get extra bits for length */ | |
24520 | + e &= 15; | |
24521 | + c = t->base + ((uInt)b & inflate_mask[e]); | |
24522 | + DUMPBITS(e) | |
24523 | + Tracevv((stderr, "inflate: * length %u\n", c)); | |
24524 | + | |
24525 | + /* decode distance base of block to copy */ | |
24526 | + GRABBITS(15); /* max bits for distance code */ | |
24527 | + e = (t = td + ((uInt)b & md))->exop; | |
24528 | + do { | |
24529 | + DUMPBITS(t->bits) | |
24530 | + if (e & 16) | |
24531 | + { | |
24532 | + /* get extra bits to add to distance base */ | |
24533 | + e &= 15; | |
24534 | + GRABBITS(e) /* get extra bits (up to 13) */ | |
24535 | + d = t->base + ((uInt)b & inflate_mask[e]); | |
24536 | + DUMPBITS(e) | |
24537 | + Tracevv((stderr, "inflate: * distance %u\n", d)); | |
24538 | + | |
24539 | + /* do the copy */ | |
24540 | + m -= c; | |
24541 | + r = q - d; | |
24542 | + if (r < s->window) /* wrap if needed */ | |
24543 | + { | |
24544 | + do { | |
24545 | + r += s->end - s->window; /* force pointer in window */ | |
24546 | + } while (r < s->window); /* covers invalid distances */ | |
24547 | + e = s->end - r; | |
24548 | + if (c > e) | |
24549 | + { | |
24550 | + c -= e; /* wrapped copy */ | |
24551 | + do { | |
24552 | + *q++ = *r++; | |
24553 | + } while (--e); | |
24554 | + r = s->window; | |
24555 | + do { | |
24556 | + *q++ = *r++; | |
24557 | + } while (--c); | |
24558 | + } | |
24559 | + else /* normal copy */ | |
24560 | + { | |
24561 | + *q++ = *r++; c--; | |
24562 | + *q++ = *r++; c--; | |
24563 | + do { | |
24564 | + *q++ = *r++; | |
24565 | + } while (--c); | |
24566 | + } | |
24567 | + } | |
24568 | + else /* normal copy */ | |
24569 | + { | |
24570 | + *q++ = *r++; c--; | |
24571 | + *q++ = *r++; c--; | |
24572 | + do { | |
24573 | + *q++ = *r++; | |
24574 | + } while (--c); | |
24575 | + } | |
24576 | + break; | |
24577 | + } | |
24578 | + else if ((e & 64) == 0) | |
24579 | + { | |
24580 | + t += t->base; | |
24581 | + e = (t += ((uInt)b & inflate_mask[e]))->exop; | |
24582 | + } | |
24583 | + else | |
24584 | + { | |
24585 | + z->msg = (char*)"invalid distance code"; | |
24586 | + UNGRAB | |
24587 | + UPDATE | |
24588 | + return Z_DATA_ERROR; | |
24589 | + } | |
24590 | + } while (1); | |
24591 | + break; | |
24592 | + } | |
24593 | + if ((e & 64) == 0) | |
24594 | + { | |
24595 | + t += t->base; | |
24596 | + if ((e = (t += ((uInt)b & inflate_mask[e]))->exop) == 0) | |
24597 | + { | |
24598 | + DUMPBITS(t->bits) | |
24599 | + Tracevv((stderr, t->base >= 0x20 && t->base < 0x7f ? | |
24600 | + "inflate: * literal '%c'\n" : | |
24601 | + "inflate: * literal 0x%02x\n", t->base)); | |
24602 | + *q++ = (Byte)t->base; | |
24603 | + m--; | |
24604 | + break; | |
24605 | + } | |
24606 | + } | |
24607 | + else if (e & 32) | |
24608 | + { | |
24609 | + Tracevv((stderr, "inflate: * end of block\n")); | |
24610 | + UNGRAB | |
24611 | + UPDATE | |
24612 | + return Z_STREAM_END; | |
24613 | + } | |
24614 | + else | |
24615 | + { | |
24616 | + z->msg = (char*)"invalid literal/length code"; | |
24617 | + UNGRAB | |
24618 | + UPDATE | |
24619 | + return Z_DATA_ERROR; | |
24620 | + } | |
24621 | + } while (1); | |
24622 | + } while (m >= 258 && n >= 10); | |
24623 | + | |
24624 | + /* not enough input or output--restore pointers and return */ | |
24625 | + UNGRAB | |
24626 | + UPDATE | |
24627 | + return Z_OK; | |
24628 | +} | |
24629 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
24630 | +++ linux/net/ipsec/inffast.h Mon Feb 9 13:51:03 2004 | |
24631 | @@ -0,0 +1,22 @@ | |
24632 | +/* inffast.h -- header to use inffast.c | |
24633 | + * Copyright (C) 1995-2002 Mark Adler | |
24634 | + * For conditions of distribution and use, see copyright notice in zlib.h | |
24635 | + */ | |
24636 | + | |
24637 | +/* WARNING: this file should *not* be used by applications. It is | |
24638 | + part of the implementation of the compression library and is | |
24639 | + subject to change. Applications should only use zlib.h. | |
24640 | + */ | |
24641 | + | |
24642 | +#ifndef _INFFAST_H | |
24643 | +#define _INFFAST_H | |
24644 | + | |
24645 | +extern int inflate_fast OF(( | |
24646 | + uInt, | |
24647 | + uInt, | |
24648 | + inflate_huft *, | |
24649 | + inflate_huft *, | |
24650 | + inflate_blocks_statef *, | |
24651 | + z_streamp )); | |
24652 | + | |
24653 | +#endif /* _INFFAST_H */ | |
24654 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
24655 | +++ linux/net/ipsec/inffixed.h Mon Feb 9 13:51:03 2004 | |
24656 | @@ -0,0 +1,151 @@ | |
24657 | +/* inffixed.h -- table for decoding fixed codes | |
24658 | + * Generated automatically by the maketree.c program | |
24659 | + */ | |
24660 | + | |
24661 | +/* WARNING: this file should *not* be used by applications. It is | |
24662 | + part of the implementation of the compression library and is | |
24663 | + subject to change. Applications should only use zlib.h. | |
24664 | + */ | |
24665 | + | |
24666 | +local uInt fixed_bl = 9; | |
24667 | +local uInt fixed_bd = 5; | |
24668 | +local inflate_huft fixed_tl[] = { | |
24669 | + {{{96,7}},256}, {{{0,8}},80}, {{{0,8}},16}, {{{84,8}},115}, | |
24670 | + {{{82,7}},31}, {{{0,8}},112}, {{{0,8}},48}, {{{0,9}},192}, | |
24671 | + {{{80,7}},10}, {{{0,8}},96}, {{{0,8}},32}, {{{0,9}},160}, | |
24672 | + {{{0,8}},0}, {{{0,8}},128}, {{{0,8}},64}, {{{0,9}},224}, | |
24673 | + {{{80,7}},6}, {{{0,8}},88}, {{{0,8}},24}, {{{0,9}},144}, | |
24674 | + {{{83,7}},59}, {{{0,8}},120}, {{{0,8}},56}, {{{0,9}},208}, | |
24675 | + {{{81,7}},17}, {{{0,8}},104}, {{{0,8}},40}, {{{0,9}},176}, | |
24676 | + {{{0,8}},8}, {{{0,8}},136}, {{{0,8}},72}, {{{0,9}},240}, | |
24677 | + {{{80,7}},4}, {{{0,8}},84}, {{{0,8}},20}, {{{85,8}},227}, | |
24678 | + {{{83,7}},43}, {{{0,8}},116}, {{{0,8}},52}, {{{0,9}},200}, | |
24679 | + {{{81,7}},13}, {{{0,8}},100}, {{{0,8}},36}, {{{0,9}},168}, | |
24680 | + {{{0,8}},4}, {{{0,8}},132}, {{{0,8}},68}, {{{0,9}},232}, | |
24681 | + {{{80,7}},8}, {{{0,8}},92}, {{{0,8}},28}, {{{0,9}},152}, | |
24682 | + {{{84,7}},83}, {{{0,8}},124}, {{{0,8}},60}, {{{0,9}},216}, | |
24683 | + {{{82,7}},23}, {{{0,8}},108}, {{{0,8}},44}, {{{0,9}},184}, | |
24684 | + {{{0,8}},12}, {{{0,8}},140}, {{{0,8}},76}, {{{0,9}},248}, | |
24685 | + {{{80,7}},3}, {{{0,8}},82}, {{{0,8}},18}, {{{85,8}},163}, | |
24686 | + {{{83,7}},35}, {{{0,8}},114}, {{{0,8}},50}, {{{0,9}},196}, | |
24687 | + {{{81,7}},11}, {{{0,8}},98}, {{{0,8}},34}, {{{0,9}},164}, | |
24688 | + {{{0,8}},2}, {{{0,8}},130}, {{{0,8}},66}, {{{0,9}},228}, | |
24689 | + {{{80,7}},7}, {{{0,8}},90}, {{{0,8}},26}, {{{0,9}},148}, | |
24690 | + {{{84,7}},67}, {{{0,8}},122}, {{{0,8}},58}, {{{0,9}},212}, | |
24691 | + {{{82,7}},19}, {{{0,8}},106}, {{{0,8}},42}, {{{0,9}},180}, | |
24692 | + {{{0,8}},10}, {{{0,8}},138}, {{{0,8}},74}, {{{0,9}},244}, | |
24693 | + {{{80,7}},5}, {{{0,8}},86}, {{{0,8}},22}, {{{192,8}},0}, | |
24694 | + {{{83,7}},51}, {{{0,8}},118}, {{{0,8}},54}, {{{0,9}},204}, | |
24695 | + {{{81,7}},15}, {{{0,8}},102}, {{{0,8}},38}, {{{0,9}},172}, | |
24696 | + {{{0,8}},6}, {{{0,8}},134}, {{{0,8}},70}, {{{0,9}},236}, | |
24697 | + {{{80,7}},9}, {{{0,8}},94}, {{{0,8}},30}, {{{0,9}},156}, | |
24698 | + {{{84,7}},99}, {{{0,8}},126}, {{{0,8}},62}, {{{0,9}},220}, | |
24699 | + {{{82,7}},27}, {{{0,8}},110}, {{{0,8}},46}, {{{0,9}},188}, | |
24700 | + {{{0,8}},14}, {{{0,8}},142}, {{{0,8}},78}, {{{0,9}},252}, | |
24701 | + {{{96,7}},256}, {{{0,8}},81}, {{{0,8}},17}, {{{85,8}},131}, | |
24702 | + {{{82,7}},31}, {{{0,8}},113}, {{{0,8}},49}, {{{0,9}},194}, | |
24703 | + {{{80,7}},10}, {{{0,8}},97}, {{{0,8}},33}, {{{0,9}},162}, | |
24704 | + {{{0,8}},1}, {{{0,8}},129}, {{{0,8}},65}, {{{0,9}},226}, | |
24705 | + {{{80,7}},6}, {{{0,8}},89}, {{{0,8}},25}, {{{0,9}},146}, | |
24706 | + {{{83,7}},59}, {{{0,8}},121}, {{{0,8}},57}, {{{0,9}},210}, | |
24707 | + {{{81,7}},17}, {{{0,8}},105}, {{{0,8}},41}, {{{0,9}},178}, | |
24708 | + {{{0,8}},9}, {{{0,8}},137}, {{{0,8}},73}, {{{0,9}},242}, | |
24709 | + {{{80,7}},4}, {{{0,8}},85}, {{{0,8}},21}, {{{80,8}},258}, | |
24710 | + {{{83,7}},43}, {{{0,8}},117}, {{{0,8}},53}, {{{0,9}},202}, | |
24711 | + {{{81,7}},13}, {{{0,8}},101}, {{{0,8}},37}, {{{0,9}},170}, | |
24712 | + {{{0,8}},5}, {{{0,8}},133}, {{{0,8}},69}, {{{0,9}},234}, | |
24713 | + {{{80,7}},8}, {{{0,8}},93}, {{{0,8}},29}, {{{0,9}},154}, | |
24714 | + {{{84,7}},83}, {{{0,8}},125}, {{{0,8}},61}, {{{0,9}},218}, | |
24715 | + {{{82,7}},23}, {{{0,8}},109}, {{{0,8}},45}, {{{0,9}},186}, | |
24716 | + {{{0,8}},13}, {{{0,8}},141}, {{{0,8}},77}, {{{0,9}},250}, | |
24717 | + {{{80,7}},3}, {{{0,8}},83}, {{{0,8}},19}, {{{85,8}},195}, | |
24718 | + {{{83,7}},35}, {{{0,8}},115}, {{{0,8}},51}, {{{0,9}},198}, | |
24719 | + {{{81,7}},11}, {{{0,8}},99}, {{{0,8}},35}, {{{0,9}},166}, | |
24720 | + {{{0,8}},3}, {{{0,8}},131}, {{{0,8}},67}, {{{0,9}},230}, | |
24721 | + {{{80,7}},7}, {{{0,8}},91}, {{{0,8}},27}, {{{0,9}},150}, | |
24722 | + {{{84,7}},67}, {{{0,8}},123}, {{{0,8}},59}, {{{0,9}},214}, | |
24723 | + {{{82,7}},19}, {{{0,8}},107}, {{{0,8}},43}, {{{0,9}},182}, | |
24724 | + {{{0,8}},11}, {{{0,8}},139}, {{{0,8}},75}, {{{0,9}},246}, | |
24725 | + {{{80,7}},5}, {{{0,8}},87}, {{{0,8}},23}, {{{192,8}},0}, | |
24726 | + {{{83,7}},51}, {{{0,8}},119}, {{{0,8}},55}, {{{0,9}},206}, | |
24727 | + {{{81,7}},15}, {{{0,8}},103}, {{{0,8}},39}, {{{0,9}},174}, | |
24728 | + {{{0,8}},7}, {{{0,8}},135}, {{{0,8}},71}, {{{0,9}},238}, | |
24729 | + {{{80,7}},9}, {{{0,8}},95}, {{{0,8}},31}, {{{0,9}},158}, | |
24730 | + {{{84,7}},99}, {{{0,8}},127}, {{{0,8}},63}, {{{0,9}},222}, | |
24731 | + {{{82,7}},27}, {{{0,8}},111}, {{{0,8}},47}, {{{0,9}},190}, | |
24732 | + {{{0,8}},15}, {{{0,8}},143}, {{{0,8}},79}, {{{0,9}},254}, | |
24733 | + {{{96,7}},256}, {{{0,8}},80}, {{{0,8}},16}, {{{84,8}},115}, | |
24734 | + {{{82,7}},31}, {{{0,8}},112}, {{{0,8}},48}, {{{0,9}},193}, | |
24735 | + {{{80,7}},10}, {{{0,8}},96}, {{{0,8}},32}, {{{0,9}},161}, | |
24736 | + {{{0,8}},0}, {{{0,8}},128}, {{{0,8}},64}, {{{0,9}},225}, | |
24737 | + {{{80,7}},6}, {{{0,8}},88}, {{{0,8}},24}, {{{0,9}},145}, | |
24738 | + {{{83,7}},59}, {{{0,8}},120}, {{{0,8}},56}, {{{0,9}},209}, | |
24739 | + {{{81,7}},17}, {{{0,8}},104}, {{{0,8}},40}, {{{0,9}},177}, | |
24740 | + {{{0,8}},8}, {{{0,8}},136}, {{{0,8}},72}, {{{0,9}},241}, | |
24741 | + {{{80,7}},4}, {{{0,8}},84}, {{{0,8}},20}, {{{85,8}},227}, | |
24742 | + {{{83,7}},43}, {{{0,8}},116}, {{{0,8}},52}, {{{0,9}},201}, | |
24743 | + {{{81,7}},13}, {{{0,8}},100}, {{{0,8}},36}, {{{0,9}},169}, | |
24744 | + {{{0,8}},4}, {{{0,8}},132}, {{{0,8}},68}, {{{0,9}},233}, | |
24745 | + {{{80,7}},8}, {{{0,8}},92}, {{{0,8}},28}, {{{0,9}},153}, | |
24746 | + {{{84,7}},83}, {{{0,8}},124}, {{{0,8}},60}, {{{0,9}},217}, | |
24747 | + {{{82,7}},23}, {{{0,8}},108}, {{{0,8}},44}, {{{0,9}},185}, | |
24748 | + {{{0,8}},12}, {{{0,8}},140}, {{{0,8}},76}, {{{0,9}},249}, | |
24749 | + {{{80,7}},3}, {{{0,8}},82}, {{{0,8}},18}, {{{85,8}},163}, | |
24750 | + {{{83,7}},35}, {{{0,8}},114}, {{{0,8}},50}, {{{0,9}},197}, | |
24751 | + {{{81,7}},11}, {{{0,8}},98}, {{{0,8}},34}, {{{0,9}},165}, | |
24752 | + {{{0,8}},2}, {{{0,8}},130}, {{{0,8}},66}, {{{0,9}},229}, | |
24753 | + {{{80,7}},7}, {{{0,8}},90}, {{{0,8}},26}, {{{0,9}},149}, | |
24754 | + {{{84,7}},67}, {{{0,8}},122}, {{{0,8}},58}, {{{0,9}},213}, | |
24755 | + {{{82,7}},19}, {{{0,8}},106}, {{{0,8}},42}, {{{0,9}},181}, | |
24756 | + {{{0,8}},10}, {{{0,8}},138}, {{{0,8}},74}, {{{0,9}},245}, | |
24757 | + {{{80,7}},5}, {{{0,8}},86}, {{{0,8}},22}, {{{192,8}},0}, | |
24758 | + {{{83,7}},51}, {{{0,8}},118}, {{{0,8}},54}, {{{0,9}},205}, | |
24759 | + {{{81,7}},15}, {{{0,8}},102}, {{{0,8}},38}, {{{0,9}},173}, | |
24760 | + {{{0,8}},6}, {{{0,8}},134}, {{{0,8}},70}, {{{0,9}},237}, | |
24761 | + {{{80,7}},9}, {{{0,8}},94}, {{{0,8}},30}, {{{0,9}},157}, | |
24762 | + {{{84,7}},99}, {{{0,8}},126}, {{{0,8}},62}, {{{0,9}},221}, | |
24763 | + {{{82,7}},27}, {{{0,8}},110}, {{{0,8}},46}, {{{0,9}},189}, | |
24764 | + {{{0,8}},14}, {{{0,8}},142}, {{{0,8}},78}, {{{0,9}},253}, | |
24765 | + {{{96,7}},256}, {{{0,8}},81}, {{{0,8}},17}, {{{85,8}},131}, | |
24766 | + {{{82,7}},31}, {{{0,8}},113}, {{{0,8}},49}, {{{0,9}},195}, | |
24767 | + {{{80,7}},10}, {{{0,8}},97}, {{{0,8}},33}, {{{0,9}},163}, | |
24768 | + {{{0,8}},1}, {{{0,8}},129}, {{{0,8}},65}, {{{0,9}},227}, | |
24769 | + {{{80,7}},6}, {{{0,8}},89}, {{{0,8}},25}, {{{0,9}},147}, | |
24770 | + {{{83,7}},59}, {{{0,8}},121}, {{{0,8}},57}, {{{0,9}},211}, | |
24771 | + {{{81,7}},17}, {{{0,8}},105}, {{{0,8}},41}, {{{0,9}},179}, | |
24772 | + {{{0,8}},9}, {{{0,8}},137}, {{{0,8}},73}, {{{0,9}},243}, | |
24773 | + {{{80,7}},4}, {{{0,8}},85}, {{{0,8}},21}, {{{80,8}},258}, | |
24774 | + {{{83,7}},43}, {{{0,8}},117}, {{{0,8}},53}, {{{0,9}},203}, | |
24775 | + {{{81,7}},13}, {{{0,8}},101}, {{{0,8}},37}, {{{0,9}},171}, | |
24776 | + {{{0,8}},5}, {{{0,8}},133}, {{{0,8}},69}, {{{0,9}},235}, | |
24777 | + {{{80,7}},8}, {{{0,8}},93}, {{{0,8}},29}, {{{0,9}},155}, | |
24778 | + {{{84,7}},83}, {{{0,8}},125}, {{{0,8}},61}, {{{0,9}},219}, | |
24779 | + {{{82,7}},23}, {{{0,8}},109}, {{{0,8}},45}, {{{0,9}},187}, | |
24780 | + {{{0,8}},13}, {{{0,8}},141}, {{{0,8}},77}, {{{0,9}},251}, | |
24781 | + {{{80,7}},3}, {{{0,8}},83}, {{{0,8}},19}, {{{85,8}},195}, | |
24782 | + {{{83,7}},35}, {{{0,8}},115}, {{{0,8}},51}, {{{0,9}},199}, | |
24783 | + {{{81,7}},11}, {{{0,8}},99}, {{{0,8}},35}, {{{0,9}},167}, | |
24784 | + {{{0,8}},3}, {{{0,8}},131}, {{{0,8}},67}, {{{0,9}},231}, | |
24785 | + {{{80,7}},7}, {{{0,8}},91}, {{{0,8}},27}, {{{0,9}},151}, | |
24786 | + {{{84,7}},67}, {{{0,8}},123}, {{{0,8}},59}, {{{0,9}},215}, | |
24787 | + {{{82,7}},19}, {{{0,8}},107}, {{{0,8}},43}, {{{0,9}},183}, | |
24788 | + {{{0,8}},11}, {{{0,8}},139}, {{{0,8}},75}, {{{0,9}},247}, | |
24789 | + {{{80,7}},5}, {{{0,8}},87}, {{{0,8}},23}, {{{192,8}},0}, | |
24790 | + {{{83,7}},51}, {{{0,8}},119}, {{{0,8}},55}, {{{0,9}},207}, | |
24791 | + {{{81,7}},15}, {{{0,8}},103}, {{{0,8}},39}, {{{0,9}},175}, | |
24792 | + {{{0,8}},7}, {{{0,8}},135}, {{{0,8}},71}, {{{0,9}},239}, | |
24793 | + {{{80,7}},9}, {{{0,8}},95}, {{{0,8}},31}, {{{0,9}},159}, | |
24794 | + {{{84,7}},99}, {{{0,8}},127}, {{{0,8}},63}, {{{0,9}},223}, | |
24795 | + {{{82,7}},27}, {{{0,8}},111}, {{{0,8}},47}, {{{0,9}},191}, | |
24796 | + {{{0,8}},15}, {{{0,8}},143}, {{{0,8}},79}, {{{0,9}},255} | |
24797 | + }; | |
24798 | +local inflate_huft fixed_td[] = { | |
24799 | + {{{80,5}},1}, {{{87,5}},257}, {{{83,5}},17}, {{{91,5}},4097}, | |
24800 | + {{{81,5}},5}, {{{89,5}},1025}, {{{85,5}},65}, {{{93,5}},16385}, | |
24801 | + {{{80,5}},3}, {{{88,5}},513}, {{{84,5}},33}, {{{92,5}},8193}, | |
24802 | + {{{82,5}},9}, {{{90,5}},2049}, {{{86,5}},129}, {{{192,5}},24577}, | |
24803 | + {{{80,5}},2}, {{{87,5}},385}, {{{83,5}},25}, {{{91,5}},6145}, | |
24804 | + {{{81,5}},7}, {{{89,5}},1537}, {{{85,5}},97}, {{{93,5}},24577}, | |
24805 | + {{{80,5}},4}, {{{88,5}},769}, {{{84,5}},49}, {{{92,5}},12289}, | |
24806 | + {{{82,5}},13}, {{{90,5}},3073}, {{{86,5}},193}, {{{192,5}},24577} | |
24807 | + }; | |
24808 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
24809 | +++ linux/net/ipsec/inflate.c Mon Feb 9 13:51:03 2004 | |
24810 | @@ -0,0 +1,368 @@ | |
24811 | +/* inflate.c -- zlib interface to inflate modules | |
24812 | + * Copyright (C) 1995-2002 Mark Adler | |
24813 | + * For conditions of distribution and use, see copyright notice in zlib.h | |
24814 | + */ | |
24815 | + | |
24816 | +#include <zlib/zutil.h> | |
24817 | +#include "infblock.h" | |
24818 | + | |
24819 | +struct inflate_blocks_state {int dummy;}; /* for buggy compilers */ | |
24820 | + | |
24821 | +typedef enum { | |
24822 | + METHOD, /* waiting for method byte */ | |
24823 | + FLAG, /* waiting for flag byte */ | |
24824 | + DICT4, /* four dictionary check bytes to go */ | |
24825 | + DICT3, /* three dictionary check bytes to go */ | |
24826 | + DICT2, /* two dictionary check bytes to go */ | |
24827 | + DICT1, /* one dictionary check byte to go */ | |
24828 | + DICT0, /* waiting for inflateSetDictionary */ | |
24829 | + BLOCKS, /* decompressing blocks */ | |
24830 | + CHECK4, /* four check bytes to go */ | |
24831 | + CHECK3, /* three check bytes to go */ | |
24832 | + CHECK2, /* two check bytes to go */ | |
24833 | + CHECK1, /* one check byte to go */ | |
24834 | + DONE, /* finished check, done */ | |
24835 | + BAD} /* got an error--stay here */ | |
24836 | +inflate_mode; | |
24837 | + | |
24838 | +/* inflate private state */ | |
24839 | +struct internal_state { | |
24840 | + | |
24841 | + /* mode */ | |
24842 | + inflate_mode mode; /* current inflate mode */ | |
24843 | + | |
24844 | + /* mode dependent information */ | |
24845 | + union { | |
24846 | + uInt method; /* if FLAGS, method byte */ | |
24847 | + struct { | |
24848 | + uLong was; /* computed check value */ | |
24849 | + uLong need; /* stream check value */ | |
24850 | + } check; /* if CHECK, check values to compare */ | |
24851 | + uInt marker; /* if BAD, inflateSync's marker bytes count */ | |
24852 | + } sub; /* submode */ | |
24853 | + | |
24854 | + /* mode independent information */ | |
24855 | + int nowrap; /* flag for no wrapper */ | |
24856 | + uInt wbits; /* log2(window size) (8..15, defaults to 15) */ | |
24857 | + inflate_blocks_statef | |
24858 | + *blocks; /* current inflate_blocks state */ | |
24859 | + | |
24860 | +}; | |
24861 | + | |
24862 | + | |
24863 | +int ZEXPORT inflateReset(z) | |
24864 | +z_streamp z; | |
24865 | +{ | |
24866 | + if (z == Z_NULL || z->state == Z_NULL) | |
24867 | + return Z_STREAM_ERROR; | |
24868 | + z->total_in = z->total_out = 0; | |
24869 | + z->msg = Z_NULL; | |
24870 | + z->state->mode = z->state->nowrap ? BLOCKS : METHOD; | |
24871 | + inflate_blocks_reset(z->state->blocks, z, Z_NULL); | |
24872 | + Tracev((stderr, "inflate: reset\n")); | |
24873 | + return Z_OK; | |
24874 | +} | |
24875 | + | |
24876 | + | |
24877 | +int ZEXPORT inflateEnd(z) | |
24878 | +z_streamp z; | |
24879 | +{ | |
24880 | + if (z == Z_NULL || z->state == Z_NULL || z->zfree == Z_NULL) | |
24881 | + return Z_STREAM_ERROR; | |
24882 | + if (z->state->blocks != Z_NULL) | |
24883 | + inflate_blocks_free(z->state->blocks, z); | |
24884 | + ZFREE(z, z->state); | |
24885 | + z->state = Z_NULL; | |
24886 | + Tracev((stderr, "inflate: end\n")); | |
24887 | + return Z_OK; | |
24888 | +} | |
24889 | + | |
24890 | + | |
24891 | +int ZEXPORT inflateInit2_(z, w, version, stream_size) | |
24892 | +z_streamp z; | |
24893 | +int w; | |
24894 | +const char *version; | |
24895 | +int stream_size; | |
24896 | +{ | |
24897 | + if (version == Z_NULL || version[0] != ZLIB_VERSION[0] || | |
24898 | + stream_size != sizeof(z_stream)) | |
24899 | + return Z_VERSION_ERROR; | |
24900 | + | |
24901 | + /* initialize state */ | |
24902 | + if (z == Z_NULL) | |
24903 | + return Z_STREAM_ERROR; | |
24904 | + z->msg = Z_NULL; | |
24905 | + if (z->zalloc == Z_NULL) | |
24906 | + { | |
24907 | + return Z_STREAM_ERROR; | |
24908 | +/* z->zalloc = zcalloc; | |
24909 | + z->opaque = (voidpf)0; | |
24910 | +*/ | |
24911 | + } | |
24912 | + if (z->zfree == Z_NULL) return Z_STREAM_ERROR; /* z->zfree = zcfree; */ | |
24913 | + if ((z->state = (struct internal_state FAR *) | |
24914 | + ZALLOC(z,1,sizeof(struct internal_state))) == Z_NULL) | |
24915 | + return Z_MEM_ERROR; | |
24916 | + z->state->blocks = Z_NULL; | |
24917 | + | |
24918 | + /* handle undocumented nowrap option (no zlib header or check) */ | |
24919 | + z->state->nowrap = 0; | |
24920 | + if (w < 0) | |
24921 | + { | |
24922 | + w = - w; | |
24923 | + z->state->nowrap = 1; | |
24924 | + } | |
24925 | + | |
24926 | + /* set window size */ | |
24927 | + if (w < 8 || w > 15) | |
24928 | + { | |
24929 | + inflateEnd(z); | |
24930 | + return Z_STREAM_ERROR; | |
24931 | + } | |
24932 | + z->state->wbits = (uInt)w; | |
24933 | + | |
24934 | + /* create inflate_blocks state */ | |
24935 | + if ((z->state->blocks = | |
24936 | + inflate_blocks_new(z, z->state->nowrap ? Z_NULL : adler32, (uInt)1 << w)) | |
24937 | + == Z_NULL) | |
24938 | + { | |
24939 | + inflateEnd(z); | |
24940 | + return Z_MEM_ERROR; | |
24941 | + } | |
24942 | + Tracev((stderr, "inflate: allocated\n")); | |
24943 | + | |
24944 | + /* reset state */ | |
24945 | + inflateReset(z); | |
24946 | + return Z_OK; | |
24947 | +} | |
24948 | + | |
24949 | + | |
24950 | +int ZEXPORT inflateInit_(z, version, stream_size) | |
24951 | +z_streamp z; | |
24952 | +const char *version; | |
24953 | +int stream_size; | |
24954 | +{ | |
24955 | + return inflateInit2_(z, DEF_WBITS, version, stream_size); | |
24956 | +} | |
24957 | + | |
24958 | + | |
24959 | +#define NEEDBYTE {if(z->avail_in==0)return r;r=f;} | |
24960 | +#define NEXTBYTE (z->avail_in--,z->total_in++,*z->next_in++) | |
24961 | + | |
24962 | +int ZEXPORT inflate(z, f) | |
24963 | +z_streamp z; | |
24964 | +int f; | |
24965 | +{ | |
24966 | + int r; | |
24967 | + uInt b; | |
24968 | + | |
24969 | + if (z == Z_NULL || z->state == Z_NULL || z->next_in == Z_NULL) | |
24970 | + return Z_STREAM_ERROR; | |
24971 | + f = f == Z_FINISH ? Z_BUF_ERROR : Z_OK; | |
24972 | + r = Z_BUF_ERROR; | |
24973 | + while (1) switch (z->state->mode) | |
24974 | + { | |
24975 | + case METHOD: | |
24976 | + NEEDBYTE | |
24977 | + if (((z->state->sub.method = NEXTBYTE) & 0xf) != Z_DEFLATED) | |
24978 | + { | |
24979 | + z->state->mode = BAD; | |
24980 | + z->msg = (char*)"unknown compression method"; | |
24981 | + z->state->sub.marker = 5; /* can't try inflateSync */ | |
24982 | + break; | |
24983 | + } | |
24984 | + if ((z->state->sub.method >> 4) + 8 > z->state->wbits) | |
24985 | + { | |
24986 | + z->state->mode = BAD; | |
24987 | + z->msg = (char*)"invalid window size"; | |
24988 | + z->state->sub.marker = 5; /* can't try inflateSync */ | |
24989 | + break; | |
24990 | + } | |
24991 | + z->state->mode = FLAG; | |
24992 | + case FLAG: | |
24993 | + NEEDBYTE | |
24994 | + b = NEXTBYTE; | |
24995 | + if (((z->state->sub.method << 8) + b) % 31) | |
24996 | + { | |
24997 | + z->state->mode = BAD; | |
24998 | + z->msg = (char*)"incorrect header check"; | |
24999 | + z->state->sub.marker = 5; /* can't try inflateSync */ | |
25000 | + break; | |
25001 | + } | |
25002 | + Tracev((stderr, "inflate: zlib header ok\n")); | |
25003 | + if (!(b & PRESET_DICT)) | |
25004 | + { | |
25005 | + z->state->mode = BLOCKS; | |
25006 | + break; | |
25007 | + } | |
25008 | + z->state->mode = DICT4; | |
25009 | + case DICT4: | |
25010 | + NEEDBYTE | |
25011 | + z->state->sub.check.need = (uLong)NEXTBYTE << 24; | |
25012 | + z->state->mode = DICT3; | |
25013 | + case DICT3: | |
25014 | + NEEDBYTE | |
25015 | + z->state->sub.check.need += (uLong)NEXTBYTE << 16; | |
25016 | + z->state->mode = DICT2; | |
25017 | + case DICT2: | |
25018 | + NEEDBYTE | |
25019 | + z->state->sub.check.need += (uLong)NEXTBYTE << 8; | |
25020 | + z->state->mode = DICT1; | |
25021 | + case DICT1: | |
25022 | + NEEDBYTE | |
25023 | + z->state->sub.check.need += (uLong)NEXTBYTE; | |
25024 | + z->adler = z->state->sub.check.need; | |
25025 | + z->state->mode = DICT0; | |
25026 | + return Z_NEED_DICT; | |
25027 | + case DICT0: | |
25028 | + z->state->mode = BAD; | |
25029 | + z->msg = (char*)"need dictionary"; | |
25030 | + z->state->sub.marker = 0; /* can try inflateSync */ | |
25031 | + return Z_STREAM_ERROR; | |
25032 | + case BLOCKS: | |
25033 | + r = inflate_blocks(z->state->blocks, z, r); | |
25034 | + if (r == Z_DATA_ERROR) | |
25035 | + { | |
25036 | + z->state->mode = BAD; | |
25037 | + z->state->sub.marker = 0; /* can try inflateSync */ | |
25038 | + break; | |
25039 | + } | |
25040 | + if (r == Z_OK) | |
25041 | + r = f; | |
25042 | + if (r != Z_STREAM_END) | |
25043 | + return r; | |
25044 | + r = f; | |
25045 | + inflate_blocks_reset(z->state->blocks, z, &z->state->sub.check.was); | |
25046 | + if (z->state->nowrap) | |
25047 | + { | |
25048 | + z->state->mode = DONE; | |
25049 | + break; | |
25050 | + } | |
25051 | + z->state->mode = CHECK4; | |
25052 | + case CHECK4: | |
25053 | + NEEDBYTE | |
25054 | + z->state->sub.check.need = (uLong)NEXTBYTE << 24; | |
25055 | + z->state->mode = CHECK3; | |
25056 | + case CHECK3: | |
25057 | + NEEDBYTE | |
25058 | + z->state->sub.check.need += (uLong)NEXTBYTE << 16; | |
25059 | + z->state->mode = CHECK2; | |
25060 | + case CHECK2: | |
25061 | + NEEDBYTE | |
25062 | + z->state->sub.check.need += (uLong)NEXTBYTE << 8; | |
25063 | + z->state->mode = CHECK1; | |
25064 | + case CHECK1: | |
25065 | + NEEDBYTE | |
25066 | + z->state->sub.check.need += (uLong)NEXTBYTE; | |
25067 | + | |
25068 | + if (z->state->sub.check.was != z->state->sub.check.need) | |
25069 | + { | |
25070 | + z->state->mode = BAD; | |
25071 | + z->msg = (char*)"incorrect data check"; | |
25072 | + z->state->sub.marker = 5; /* can't try inflateSync */ | |
25073 | + break; | |
25074 | + } | |
25075 | + Tracev((stderr, "inflate: zlib check ok\n")); | |
25076 | + z->state->mode = DONE; | |
25077 | + case DONE: | |
25078 | + return Z_STREAM_END; | |
25079 | + case BAD: | |
25080 | + return Z_DATA_ERROR; | |
25081 | + default: | |
25082 | + return Z_STREAM_ERROR; | |
25083 | + } | |
25084 | +#ifdef NEED_DUMMY_RETURN | |
25085 | + return Z_STREAM_ERROR; /* Some dumb compilers complain without this */ | |
25086 | +#endif | |
25087 | +} | |
25088 | + | |
25089 | + | |
25090 | +int ZEXPORT inflateSetDictionary(z, dictionary, dictLength) | |
25091 | +z_streamp z; | |
25092 | +const Bytef *dictionary; | |
25093 | +uInt dictLength; | |
25094 | +{ | |
25095 | + uInt length = dictLength; | |
25096 | + | |
25097 | + if (z == Z_NULL || z->state == Z_NULL || z->state->mode != DICT0) | |
25098 | + return Z_STREAM_ERROR; | |
25099 | + | |
25100 | + if (adler32(1L, dictionary, dictLength) != z->adler) return Z_DATA_ERROR; | |
25101 | + z->adler = 1L; | |
25102 | + | |
25103 | + if (length >= ((uInt)1<<z->state->wbits)) | |
25104 | + { | |
25105 | + length = (1<<z->state->wbits)-1; | |
25106 | + dictionary += dictLength - length; | |
25107 | + } | |
25108 | + inflate_set_dictionary(z->state->blocks, dictionary, length); | |
25109 | + z->state->mode = BLOCKS; | |
25110 | + return Z_OK; | |
25111 | +} | |
25112 | + | |
25113 | + | |
25114 | +int ZEXPORT inflateSync(z) | |
25115 | +z_streamp z; | |
25116 | +{ | |
25117 | + uInt n; /* number of bytes to look at */ | |
25118 | + Bytef *p; /* pointer to bytes */ | |
25119 | + uInt m; /* number of marker bytes found in a row */ | |
25120 | + uLong r, w; /* temporaries to save total_in and total_out */ | |
25121 | + | |
25122 | + /* set up */ | |
25123 | + if (z == Z_NULL || z->state == Z_NULL) | |
25124 | + return Z_STREAM_ERROR; | |
25125 | + if (z->state->mode != BAD) | |
25126 | + { | |
25127 | + z->state->mode = BAD; | |
25128 | + z->state->sub.marker = 0; | |
25129 | + } | |
25130 | + if ((n = z->avail_in) == 0) | |
25131 | + return Z_BUF_ERROR; | |
25132 | + p = z->next_in; | |
25133 | + m = z->state->sub.marker; | |
25134 | + | |
25135 | + /* search */ | |
25136 | + while (n && m < 4) | |
25137 | + { | |
25138 | + static const Byte mark[4] = {0, 0, 0xff, 0xff}; | |
25139 | + if (*p == mark[m]) | |
25140 | + m++; | |
25141 | + else if (*p) | |
25142 | + m = 0; | |
25143 | + else | |
25144 | + m = 4 - m; | |
25145 | + p++, n--; | |
25146 | + } | |
25147 | + | |
25148 | + /* restore */ | |
25149 | + z->total_in += p - z->next_in; | |
25150 | + z->next_in = p; | |
25151 | + z->avail_in = n; | |
25152 | + z->state->sub.marker = m; | |
25153 | + | |
25154 | + /* return no joy or set up to restart on a new block */ | |
25155 | + if (m != 4) | |
25156 | + return Z_DATA_ERROR; | |
25157 | + r = z->total_in; w = z->total_out; | |
25158 | + inflateReset(z); | |
25159 | + z->total_in = r; z->total_out = w; | |
25160 | + z->state->mode = BLOCKS; | |
25161 | + return Z_OK; | |
25162 | +} | |
25163 | + | |
25164 | + | |
25165 | +/* Returns true if inflate is currently at the end of a block generated | |
25166 | + * by Z_SYNC_FLUSH or Z_FULL_FLUSH. This function is used by one PPP | |
25167 | + * implementation to provide an additional safety check. PPP uses Z_SYNC_FLUSH | |
25168 | + * but removes the length bytes of the resulting empty stored block. When | |
25169 | + * decompressing, PPP checks that at the end of input packet, inflate is | |
25170 | + * waiting for these length bytes. | |
25171 | + */ | |
25172 | +int ZEXPORT inflateSyncPoint(z) | |
25173 | +z_streamp z; | |
25174 | +{ | |
25175 | + if (z == Z_NULL || z->state == Z_NULL || z->state->blocks == Z_NULL) | |
25176 | + return Z_STREAM_ERROR; | |
25177 | + return inflate_blocks_sync_point(z->state->blocks); | |
25178 | +} | |
25179 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
25180 | +++ linux/net/ipsec/inftrees.c Mon Feb 9 13:51:03 2004 | |
25181 | @@ -0,0 +1,454 @@ | |
25182 | +/* inftrees.c -- generate Huffman trees for efficient decoding | |
25183 | + * Copyright (C) 1995-2002 Mark Adler | |
25184 | + * For conditions of distribution and use, see copyright notice in zlib.h | |
25185 | + */ | |
25186 | + | |
25187 | +#include <zlib/zutil.h> | |
25188 | +#include "inftrees.h" | |
25189 | + | |
25190 | +#if !defined(BUILDFIXED) && !defined(STDC) | |
25191 | +# define BUILDFIXED /* non ANSI compilers may not accept inffixed.h */ | |
25192 | +#endif | |
25193 | + | |
25194 | +local const char inflate_copyright[] = | |
25195 | + " inflate 1.1.4 Copyright 1995-2002 Mark Adler "; | |
25196 | +/* | |
25197 | + If you use the zlib library in a product, an acknowledgment is welcome | |
25198 | + in the documentation of your product. If for some reason you cannot | |
25199 | + include such an acknowledgment, I would appreciate that you keep this | |
25200 | + copyright string in the executable of your product. | |
25201 | + */ | |
25202 | +struct internal_state {int dummy;}; /* for buggy compilers */ | |
25203 | + | |
25204 | +/* simplify the use of the inflate_huft type with some defines */ | |
25205 | +#define exop word.what.Exop | |
25206 | +#define bits word.what.Bits | |
25207 | + | |
25208 | + | |
25209 | +local int huft_build OF(( | |
25210 | + uIntf *, /* code lengths in bits */ | |
25211 | + uInt, /* number of codes */ | |
25212 | + uInt, /* number of "simple" codes */ | |
25213 | + const uIntf *, /* list of base values for non-simple codes */ | |
25214 | + const uIntf *, /* list of extra bits for non-simple codes */ | |
25215 | + inflate_huft * FAR*,/* result: starting table */ | |
25216 | + uIntf *, /* maximum lookup bits (returns actual) */ | |
25217 | + inflate_huft *, /* space for trees */ | |
25218 | + uInt *, /* hufts used in space */ | |
25219 | + uIntf * )); /* space for values */ | |
25220 | + | |
25221 | +/* Tables for deflate from PKZIP's appnote.txt. */ | |
25222 | +local const uInt cplens[31] = { /* Copy lengths for literal codes 257..285 */ | |
25223 | + 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 15, 17, 19, 23, 27, 31, | |
25224 | + 35, 43, 51, 59, 67, 83, 99, 115, 131, 163, 195, 227, 258, 0, 0}; | |
25225 | + /* see note #13 above about 258 */ | |
25226 | +local const uInt cplext[31] = { /* Extra bits for literal codes 257..285 */ | |
25227 | + 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 2, 2, 2, 2, | |
25228 | + 3, 3, 3, 3, 4, 4, 4, 4, 5, 5, 5, 5, 0, 112, 112}; /* 112==invalid */ | |
25229 | +local const uInt cpdist[30] = { /* Copy offsets for distance codes 0..29 */ | |
25230 | + 1, 2, 3, 4, 5, 7, 9, 13, 17, 25, 33, 49, 65, 97, 129, 193, | |
25231 | + 257, 385, 513, 769, 1025, 1537, 2049, 3073, 4097, 6145, | |
25232 | + 8193, 12289, 16385, 24577}; | |
25233 | +local const uInt cpdext[30] = { /* Extra bits for distance codes */ | |
25234 | + 0, 0, 0, 0, 1, 1, 2, 2, 3, 3, 4, 4, 5, 5, 6, 6, | |
25235 | + 7, 7, 8, 8, 9, 9, 10, 10, 11, 11, | |
25236 | + 12, 12, 13, 13}; | |
25237 | + | |
25238 | +/* | |
25239 | + Huffman code decoding is performed using a multi-level table lookup. | |
25240 | + The fastest way to decode is to simply build a lookup table whose | |
25241 | + size is determined by the longest code. However, the time it takes | |
25242 | + to build this table can also be a factor if the data being decoded | |
25243 | + is not very long. The most common codes are necessarily the | |
25244 | + shortest codes, so those codes dominate the decoding time, and hence | |
25245 | + the speed. The idea is you can have a shorter table that decodes the | |
25246 | + shorter, more probable codes, and then point to subsidiary tables for | |
25247 | + the longer codes. The time it costs to decode the longer codes is | |
25248 | + then traded against the time it takes to make longer tables. | |
25249 | + | |
25250 | + This results of this trade are in the variables lbits and dbits | |
25251 | + below. lbits is the number of bits the first level table for literal/ | |
25252 | + length codes can decode in one step, and dbits is the same thing for | |
25253 | + the distance codes. Subsequent tables are also less than or equal to | |
25254 | + those sizes. These values may be adjusted either when all of the | |
25255 | + codes are shorter than that, in which case the longest code length in | |
25256 | + bits is used, or when the shortest code is *longer* than the requested | |
25257 | + table size, in which case the length of the shortest code in bits is | |
25258 | + used. | |
25259 | + | |
25260 | + There are two different values for the two tables, since they code a | |
25261 | + different number of possibilities each. The literal/length table | |
25262 | + codes 286 possible values, or in a flat code, a little over eight | |
25263 | + bits. The distance table codes 30 possible values, or a little less | |
25264 | + than five bits, flat. The optimum values for speed end up being | |
25265 | + about one bit more than those, so lbits is 8+1 and dbits is 5+1. | |
25266 | + The optimum values may differ though from machine to machine, and | |
25267 | + possibly even between compilers. Your mileage may vary. | |
25268 | + */ | |
25269 | + | |
25270 | + | |
25271 | +/* If BMAX needs to be larger than 16, then h and x[] should be uLong. */ | |
25272 | +#define BMAX 15 /* maximum bit length of any code */ | |
25273 | + | |
25274 | +local int huft_build(b, n, s, d, e, t, m, hp, hn, v) | |
25275 | +uIntf *b; /* code lengths in bits (all assumed <= BMAX) */ | |
25276 | +uInt n; /* number of codes (assumed <= 288) */ | |
25277 | +uInt s; /* number of simple-valued codes (0..s-1) */ | |
25278 | +const uIntf *d; /* list of base values for non-simple codes */ | |
25279 | +const uIntf *e; /* list of extra bits for non-simple codes */ | |
25280 | +inflate_huft * FAR *t; /* result: starting table */ | |
25281 | +uIntf *m; /* maximum lookup bits, returns actual */ | |
25282 | +inflate_huft *hp; /* space for trees */ | |
25283 | +uInt *hn; /* hufts used in space */ | |
25284 | +uIntf *v; /* working area: values in order of bit length */ | |
25285 | +/* Given a list of code lengths and a maximum table size, make a set of | |
25286 | + tables to decode that set of codes. Return Z_OK on success, Z_BUF_ERROR | |
25287 | + if the given code set is incomplete (the tables are still built in this | |
25288 | + case), or Z_DATA_ERROR if the input is invalid. */ | |
25289 | +{ | |
25290 | + | |
25291 | + uInt a; /* counter for codes of length k */ | |
25292 | + uInt c[BMAX+1]; /* bit length count table */ | |
25293 | + uInt f; /* i repeats in table every f entries */ | |
25294 | + int g; /* maximum code length */ | |
25295 | + int h; /* table level */ | |
25296 | + register uInt i; /* counter, current code */ | |
25297 | + register uInt j; /* counter */ | |
25298 | + register int k; /* number of bits in current code */ | |
25299 | + int l; /* bits per table (returned in m) */ | |
25300 | + uInt mask; /* (1 << w) - 1, to avoid cc -O bug on HP */ | |
25301 | + register uIntf *p; /* pointer into c[], b[], or v[] */ | |
25302 | + inflate_huft *q; /* points to current table */ | |
25303 | + struct inflate_huft_s r; /* table entry for structure assignment */ | |
25304 | + inflate_huft *u[BMAX]; /* table stack */ | |
25305 | + register int w; /* bits before this table == (l * h) */ | |
25306 | + uInt x[BMAX+1]; /* bit offsets, then code stack */ | |
25307 | + uIntf *xp; /* pointer into x */ | |
25308 | + int y; /* number of dummy codes added */ | |
25309 | + uInt z; /* number of entries in current table */ | |
25310 | + | |
25311 | + | |
25312 | + /* Generate counts for each bit length */ | |
25313 | + p = c; | |
25314 | +#define C0 *p++ = 0; | |
25315 | +#define C2 C0 C0 C0 C0 | |
25316 | +#define C4 C2 C2 C2 C2 | |
25317 | + C4 /* clear c[]--assume BMAX+1 is 16 */ | |
25318 | + p = b; i = n; | |
25319 | + do { | |
25320 | + c[*p++]++; /* assume all entries <= BMAX */ | |
25321 | + } while (--i); | |
25322 | + if (c[0] == n) /* null input--all zero length codes */ | |
25323 | + { | |
25324 | + *t = (inflate_huft *)Z_NULL; | |
25325 | + *m = 0; | |
25326 | + return Z_OK; | |
25327 | + } | |
25328 | + | |
25329 | + | |
25330 | + /* Find minimum and maximum length, bound *m by those */ | |
25331 | + l = *m; | |
25332 | + for (j = 1; j <= BMAX; j++) | |
25333 | + if (c[j]) | |
25334 | + break; | |
25335 | + k = j; /* minimum code length */ | |
25336 | + if ((uInt)l < j) | |
25337 | + l = j; | |
25338 | + for (i = BMAX; i; i--) | |
25339 | + if (c[i]) | |
25340 | + break; | |
25341 | + g = i; /* maximum code length */ | |
25342 | + if ((uInt)l > i) | |
25343 | + l = i; | |
25344 | + *m = l; | |
25345 | + | |
25346 | + | |
25347 | + /* Adjust last length count to fill out codes, if needed */ | |
25348 | + for (y = 1 << j; j < i; j++, y <<= 1) | |
25349 | + if ((y -= c[j]) < 0) | |
25350 | + return Z_DATA_ERROR; | |
25351 | + if ((y -= c[i]) < 0) | |
25352 | + return Z_DATA_ERROR; | |
25353 | + c[i] += y; | |
25354 | + | |
25355 | + | |
25356 | + /* Generate starting offsets into the value table for each length */ | |
25357 | + x[1] = j = 0; | |
25358 | + p = c + 1; xp = x + 2; | |
25359 | + while (--i) { /* note that i == g from above */ | |
25360 | + *xp++ = (j += *p++); | |
25361 | + } | |
25362 | + | |
25363 | + | |
25364 | + /* Make a table of values in order of bit lengths */ | |
25365 | + p = b; i = 0; | |
25366 | + do { | |
25367 | + if ((j = *p++) != 0) | |
25368 | + v[x[j]++] = i; | |
25369 | + } while (++i < n); | |
25370 | + n = x[g]; /* set n to length of v */ | |
25371 | + | |
25372 | + | |
25373 | + /* Generate the Huffman codes and for each, make the table entries */ | |
25374 | + x[0] = i = 0; /* first Huffman code is zero */ | |
25375 | + p = v; /* grab values in bit order */ | |
25376 | + h = -1; /* no tables yet--level -1 */ | |
25377 | + w = -l; /* bits decoded == (l * h) */ | |
25378 | + u[0] = (inflate_huft *)Z_NULL; /* just to keep compilers happy */ | |
25379 | + q = (inflate_huft *)Z_NULL; /* ditto */ | |
25380 | + z = 0; /* ditto */ | |
25381 | + | |
25382 | + /* go through the bit lengths (k already is bits in shortest code) */ | |
25383 | + for (; k <= g; k++) | |
25384 | + { | |
25385 | + a = c[k]; | |
25386 | + while (a--) | |
25387 | + { | |
25388 | + /* here i is the Huffman code of length k bits for value *p */ | |
25389 | + /* make tables up to required level */ | |
25390 | + while (k > w + l) | |
25391 | + { | |
25392 | + h++; | |
25393 | + w += l; /* previous table always l bits */ | |
25394 | + | |
25395 | + /* compute minimum size table less than or equal to l bits */ | |
25396 | + z = g - w; | |
25397 | + z = z > (uInt)l ? l : z; /* table size upper limit */ | |
25398 | + if ((f = 1 << (j = k - w)) > a + 1) /* try a k-w bit table */ | |
25399 | + { /* too few codes for k-w bit table */ | |
25400 | + f -= a + 1; /* deduct codes from patterns left */ | |
25401 | + xp = c + k; | |
25402 | + if (j < z) | |
25403 | + while (++j < z) /* try smaller tables up to z bits */ | |
25404 | + { | |
25405 | + if ((f <<= 1) <= *++xp) | |
25406 | + break; /* enough codes to use up j bits */ | |
25407 | + f -= *xp; /* else deduct codes from patterns */ | |
25408 | + } | |
25409 | + } | |
25410 | + z = 1 << j; /* table entries for j-bit table */ | |
25411 | + | |
25412 | + /* allocate new table */ | |
25413 | + if (*hn + z > MANY) /* (note: doesn't matter for fixed) */ | |
25414 | + return Z_DATA_ERROR; /* overflow of MANY */ | |
25415 | + u[h] = q = hp + *hn; | |
25416 | + *hn += z; | |
25417 | + | |
25418 | + /* connect to last table, if there is one */ | |
25419 | + if (h) | |
25420 | + { | |
25421 | + x[h] = i; /* save pattern for backing up */ | |
25422 | + r.bits = (Byte)l; /* bits to dump before this table */ | |
25423 | + r.exop = (Byte)j; /* bits in this table */ | |
25424 | + j = i >> (w - l); | |
25425 | + r.base = (uInt)(q - u[h-1] - j); /* offset to this table */ | |
25426 | + u[h-1][j] = r; /* connect to last table */ | |
25427 | + } | |
25428 | + else | |
25429 | + *t = q; /* first table is returned result */ | |
25430 | + } | |
25431 | + | |
25432 | + /* set up table entry in r */ | |
25433 | + r.bits = (Byte)(k - w); | |
25434 | + if (p >= v + n) | |
25435 | + r.exop = 128 + 64; /* out of values--invalid code */ | |
25436 | + else if (*p < s) | |
25437 | + { | |
25438 | + r.exop = (Byte)(*p < 256 ? 0 : 32 + 64); /* 256 is end-of-block */ | |
25439 | + r.base = *p++; /* simple code is just the value */ | |
25440 | + } | |
25441 | + else | |
25442 | + { | |
25443 | + r.exop = (Byte)(e[*p - s] + 16 + 64);/* non-simple--look up in lists */ | |
25444 | + r.base = d[*p++ - s]; | |
25445 | + } | |
25446 | + | |
25447 | + /* fill code-like entries with r */ | |
25448 | + f = 1 << (k - w); | |
25449 | + for (j = i >> w; j < z; j += f) | |
25450 | + q[j] = r; | |
25451 | + | |
25452 | + /* backwards increment the k-bit code i */ | |
25453 | + for (j = 1 << (k - 1); i & j; j >>= 1) | |
25454 | + i ^= j; | |
25455 | + i ^= j; | |
25456 | + | |
25457 | + /* backup over finished tables */ | |
25458 | + mask = (1 << w) - 1; /* needed on HP, cc -O bug */ | |
25459 | + while ((i & mask) != x[h]) | |
25460 | + { | |
25461 | + h--; /* don't need to update q */ | |
25462 | + w -= l; | |
25463 | + mask = (1 << w) - 1; | |
25464 | + } | |
25465 | + } | |
25466 | + } | |
25467 | + | |
25468 | + | |
25469 | + /* Return Z_BUF_ERROR if we were given an incomplete table */ | |
25470 | + return y != 0 && g != 1 ? Z_BUF_ERROR : Z_OK; | |
25471 | +} | |
25472 | + | |
25473 | + | |
25474 | +int inflate_trees_bits(c, bb, tb, hp, z) | |
25475 | +uIntf *c; /* 19 code lengths */ | |
25476 | +uIntf *bb; /* bits tree desired/actual depth */ | |
25477 | +inflate_huft * FAR *tb; /* bits tree result */ | |
25478 | +inflate_huft *hp; /* space for trees */ | |
25479 | +z_streamp z; /* for messages */ | |
25480 | +{ | |
25481 | + int r; | |
25482 | + uInt hn = 0; /* hufts used in space */ | |
25483 | + uIntf *v; /* work area for huft_build */ | |
25484 | + | |
25485 | + if ((v = (uIntf*)ZALLOC(z, 19, sizeof(uInt))) == Z_NULL) | |
25486 | + return Z_MEM_ERROR; | |
25487 | + r = huft_build(c, 19, 19, (uIntf*)Z_NULL, (uIntf*)Z_NULL, | |
25488 | + tb, bb, hp, &hn, v); | |
25489 | + if (r == Z_DATA_ERROR) | |
25490 | + z->msg = (char*)"oversubscribed dynamic bit lengths tree"; | |
25491 | + else if (r == Z_BUF_ERROR || *bb == 0) | |
25492 | + { | |
25493 | + z->msg = (char*)"incomplete dynamic bit lengths tree"; | |
25494 | + r = Z_DATA_ERROR; | |
25495 | + } | |
25496 | + ZFREE(z, v); | |
25497 | + return r; | |
25498 | +} | |
25499 | + | |
25500 | + | |
25501 | +int inflate_trees_dynamic(nl, nd, c, bl, bd, tl, td, hp, z) | |
25502 | +uInt nl; /* number of literal/length codes */ | |
25503 | +uInt nd; /* number of distance codes */ | |
25504 | +uIntf *c; /* that many (total) code lengths */ | |
25505 | +uIntf *bl; /* literal desired/actual bit depth */ | |
25506 | +uIntf *bd; /* distance desired/actual bit depth */ | |
25507 | +inflate_huft * FAR *tl; /* literal/length tree result */ | |
25508 | +inflate_huft * FAR *td; /* distance tree result */ | |
25509 | +inflate_huft *hp; /* space for trees */ | |
25510 | +z_streamp z; /* for messages */ | |
25511 | +{ | |
25512 | + int r; | |
25513 | + uInt hn = 0; /* hufts used in space */ | |
25514 | + uIntf *v; /* work area for huft_build */ | |
25515 | + | |
25516 | + /* allocate work area */ | |
25517 | + if ((v = (uIntf*)ZALLOC(z, 288, sizeof(uInt))) == Z_NULL) | |
25518 | + return Z_MEM_ERROR; | |
25519 | + | |
25520 | + /* build literal/length tree */ | |
25521 | + r = huft_build(c, nl, 257, cplens, cplext, tl, bl, hp, &hn, v); | |
25522 | + if (r != Z_OK || *bl == 0) | |
25523 | + { | |
25524 | + if (r == Z_DATA_ERROR) | |
25525 | + z->msg = (char*)"oversubscribed literal/length tree"; | |
25526 | + else if (r != Z_MEM_ERROR) | |
25527 | + { | |
25528 | + z->msg = (char*)"incomplete literal/length tree"; | |
25529 | + r = Z_DATA_ERROR; | |
25530 | + } | |
25531 | + ZFREE(z, v); | |
25532 | + return r; | |
25533 | + } | |
25534 | + | |
25535 | + /* build distance tree */ | |
25536 | + r = huft_build(c + nl, nd, 0, cpdist, cpdext, td, bd, hp, &hn, v); | |
25537 | + if (r != Z_OK || (*bd == 0 && nl > 257)) | |
25538 | + { | |
25539 | + if (r == Z_DATA_ERROR) | |
25540 | + z->msg = (char*)"oversubscribed distance tree"; | |
25541 | + else if (r == Z_BUF_ERROR) { | |
25542 | +#ifdef PKZIP_BUG_WORKAROUND | |
25543 | + r = Z_OK; | |
25544 | + } | |
25545 | +#else | |
25546 | + z->msg = (char*)"incomplete distance tree"; | |
25547 | + r = Z_DATA_ERROR; | |
25548 | + } | |
25549 | + else if (r != Z_MEM_ERROR) | |
25550 | + { | |
25551 | + z->msg = (char*)"empty distance tree with lengths"; | |
25552 | + r = Z_DATA_ERROR; | |
25553 | + } | |
25554 | + ZFREE(z, v); | |
25555 | + return r; | |
25556 | +#endif | |
25557 | + } | |
25558 | + | |
25559 | + /* done */ | |
25560 | + ZFREE(z, v); | |
25561 | + return Z_OK; | |
25562 | +} | |
25563 | + | |
25564 | + | |
25565 | +/* build fixed tables only once--keep them here */ | |
25566 | +#ifdef BUILDFIXED | |
25567 | +local int fixed_built = 0; | |
25568 | +#define FIXEDH 544 /* number of hufts used by fixed tables */ | |
25569 | +local inflate_huft fixed_mem[FIXEDH]; | |
25570 | +local uInt fixed_bl; | |
25571 | +local uInt fixed_bd; | |
25572 | +local inflate_huft *fixed_tl; | |
25573 | +local inflate_huft *fixed_td; | |
25574 | +#else | |
25575 | +#include "inffixed.h" | |
25576 | +#endif | |
25577 | + | |
25578 | + | |
25579 | +int inflate_trees_fixed(bl, bd, tl, td, z) | |
25580 | +uIntf *bl; /* literal desired/actual bit depth */ | |
25581 | +uIntf *bd; /* distance desired/actual bit depth */ | |
25582 | +inflate_huft * FAR *tl; /* literal/length tree result */ | |
25583 | +inflate_huft * FAR *td; /* distance tree result */ | |
25584 | +z_streamp z; /* for memory allocation */ | |
25585 | +{ | |
25586 | +#ifdef BUILDFIXED | |
25587 | + /* build fixed tables if not already */ | |
25588 | + if (!fixed_built) | |
25589 | + { | |
25590 | + int k; /* temporary variable */ | |
25591 | + uInt f = 0; /* number of hufts used in fixed_mem */ | |
25592 | + uIntf *c; /* length list for huft_build */ | |
25593 | + uIntf *v; /* work area for huft_build */ | |
25594 | + | |
25595 | + /* allocate memory */ | |
25596 | + if ((c = (uIntf*)ZALLOC(z, 288, sizeof(uInt))) == Z_NULL) | |
25597 | + return Z_MEM_ERROR; | |
25598 | + if ((v = (uIntf*)ZALLOC(z, 288, sizeof(uInt))) == Z_NULL) | |
25599 | + { | |
25600 | + ZFREE(z, c); | |
25601 | + return Z_MEM_ERROR; | |
25602 | + } | |
25603 | + | |
25604 | + /* literal table */ | |
25605 | + for (k = 0; k < 144; k++) | |
25606 | + c[k] = 8; | |
25607 | + for (; k < 256; k++) | |
25608 | + c[k] = 9; | |
25609 | + for (; k < 280; k++) | |
25610 | + c[k] = 7; | |
25611 | + for (; k < 288; k++) | |
25612 | + c[k] = 8; | |
25613 | + fixed_bl = 9; | |
25614 | + huft_build(c, 288, 257, cplens, cplext, &fixed_tl, &fixed_bl, | |
25615 | + fixed_mem, &f, v); | |
25616 | + | |
25617 | + /* distance table */ | |
25618 | + for (k = 0; k < 30; k++) | |
25619 | + c[k] = 5; | |
25620 | + fixed_bd = 5; | |
25621 | + huft_build(c, 30, 0, cpdist, cpdext, &fixed_td, &fixed_bd, | |
25622 | + fixed_mem, &f, v); | |
25623 | + | |
25624 | + /* done */ | |
25625 | + ZFREE(z, v); | |
25626 | + ZFREE(z, c); | |
25627 | + fixed_built = 1; | |
25628 | + } | |
25629 | +#endif | |
25630 | + *bl = fixed_bl; | |
25631 | + *bd = fixed_bd; | |
25632 | + *tl = fixed_tl; | |
25633 | + *td = fixed_td; | |
25634 | + return Z_OK; | |
25635 | +} | |
25636 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
25637 | +++ linux/net/ipsec/inftrees.h Mon Feb 9 13:51:03 2004 | |
25638 | @@ -0,0 +1,63 @@ | |
25639 | +/* inftrees.h -- header to use inftrees.c | |
25640 | + * Copyright (C) 1995-2002 Mark Adler | |
25641 | + * For conditions of distribution and use, see copyright notice in zlib.h | |
25642 | + */ | |
25643 | + | |
25644 | +/* WARNING: this file should *not* be used by applications. It is | |
25645 | + part of the implementation of the compression library and is | |
25646 | + subject to change. Applications should only use zlib.h. | |
25647 | + */ | |
25648 | + | |
25649 | +/* Huffman code lookup table entry--this entry is four bytes for machines | |
25650 | + that have 16-bit pointers (e.g. PC's in the small or medium model). */ | |
25651 | + | |
25652 | +#ifndef _INFTREES_H | |
25653 | +#define _INFTREES_H | |
25654 | + | |
25655 | +typedef struct inflate_huft_s FAR inflate_huft; | |
25656 | + | |
25657 | +struct inflate_huft_s { | |
25658 | + union { | |
25659 | + struct { | |
25660 | + Byte Exop; /* number of extra bits or operation */ | |
25661 | + Byte Bits; /* number of bits in this code or subcode */ | |
25662 | + } what; | |
25663 | + uInt pad; /* pad structure to a power of 2 (4 bytes for */ | |
25664 | + } word; /* 16-bit, 8 bytes for 32-bit int's) */ | |
25665 | + uInt base; /* literal, length base, distance base, | |
25666 | + or table offset */ | |
25667 | +}; | |
25668 | + | |
25669 | +/* Maximum size of dynamic tree. The maximum found in a long but non- | |
25670 | + exhaustive search was 1004 huft structures (850 for length/literals | |
25671 | + and 154 for distances, the latter actually the result of an | |
25672 | + exhaustive search). The actual maximum is not known, but the | |
25673 | + value below is more than safe. */ | |
25674 | +#define MANY 1440 | |
25675 | + | |
25676 | +extern int inflate_trees_bits OF(( | |
25677 | + uIntf *, /* 19 code lengths */ | |
25678 | + uIntf *, /* bits tree desired/actual depth */ | |
25679 | + inflate_huft * FAR *, /* bits tree result */ | |
25680 | + inflate_huft *, /* space for trees */ | |
25681 | + z_streamp)); /* for messages */ | |
25682 | + | |
25683 | +extern int inflate_trees_dynamic OF(( | |
25684 | + uInt, /* number of literal/length codes */ | |
25685 | + uInt, /* number of distance codes */ | |
25686 | + uIntf *, /* that many (total) code lengths */ | |
25687 | + uIntf *, /* literal desired/actual bit depth */ | |
25688 | + uIntf *, /* distance desired/actual bit depth */ | |
25689 | + inflate_huft * FAR *, /* literal/length tree result */ | |
25690 | + inflate_huft * FAR *, /* distance tree result */ | |
25691 | + inflate_huft *, /* space for trees */ | |
25692 | + z_streamp)); /* for messages */ | |
25693 | + | |
25694 | +extern int inflate_trees_fixed OF(( | |
25695 | + uIntf *, /* literal desired/actual bit depth */ | |
25696 | + uIntf *, /* distance desired/actual bit depth */ | |
25697 | + inflate_huft * FAR *, /* literal/length tree result */ | |
25698 | + inflate_huft * FAR *, /* distance tree result */ | |
25699 | + z_streamp)); /* for memory allocation */ | |
25700 | + | |
25701 | +#endif /* _INFTREES_H */ | |
25702 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
25703 | +++ linux/net/ipsec/infutil.c Mon Feb 9 13:51:03 2004 | |
25704 | @@ -0,0 +1,87 @@ | |
25705 | +/* inflate_util.c -- data and routines common to blocks and codes | |
25706 | + * Copyright (C) 1995-2002 Mark Adler | |
25707 | + * For conditions of distribution and use, see copyright notice in zlib.h | |
25708 | + */ | |
25709 | + | |
25710 | +#include <zlib/zutil.h> | |
25711 | +#include "infblock.h" | |
25712 | +#include "inftrees.h" | |
25713 | +#include "infcodes.h" | |
25714 | +#include "infutil.h" | |
25715 | + | |
25716 | +struct inflate_codes_state {int dummy;}; /* for buggy compilers */ | |
25717 | + | |
25718 | +/* And'ing with mask[n] masks the lower n bits */ | |
25719 | +uInt inflate_mask[17] = { | |
25720 | + 0x0000, | |
25721 | + 0x0001, 0x0003, 0x0007, 0x000f, 0x001f, 0x003f, 0x007f, 0x00ff, | |
25722 | + 0x01ff, 0x03ff, 0x07ff, 0x0fff, 0x1fff, 0x3fff, 0x7fff, 0xffff | |
25723 | +}; | |
25724 | + | |
25725 | + | |
25726 | +/* copy as much as possible from the sliding window to the output area */ | |
25727 | +int inflate_flush(s, z, r) | |
25728 | +inflate_blocks_statef *s; | |
25729 | +z_streamp z; | |
25730 | +int r; | |
25731 | +{ | |
25732 | + uInt n; | |
25733 | + Bytef *p; | |
25734 | + Bytef *q; | |
25735 | + | |
25736 | + /* local copies of source and destination pointers */ | |
25737 | + p = z->next_out; | |
25738 | + q = s->read; | |
25739 | + | |
25740 | + /* compute number of bytes to copy as far as end of window */ | |
25741 | + n = (uInt)((q <= s->write ? s->write : s->end) - q); | |
25742 | + if (n > z->avail_out) n = z->avail_out; | |
25743 | + if (n && r == Z_BUF_ERROR) r = Z_OK; | |
25744 | + | |
25745 | + /* update counters */ | |
25746 | + z->avail_out -= n; | |
25747 | + z->total_out += n; | |
25748 | + | |
25749 | + /* update check information */ | |
25750 | + if (s->checkfn != Z_NULL) | |
25751 | + z->adler = s->check = (*s->checkfn)(s->check, q, n); | |
25752 | + | |
25753 | + /* copy as far as end of window */ | |
25754 | + zmemcpy(p, q, n); | |
25755 | + p += n; | |
25756 | + q += n; | |
25757 | + | |
25758 | + /* see if more to copy at beginning of window */ | |
25759 | + if (q == s->end) | |
25760 | + { | |
25761 | + /* wrap pointers */ | |
25762 | + q = s->window; | |
25763 | + if (s->write == s->end) | |
25764 | + s->write = s->window; | |
25765 | + | |
25766 | + /* compute bytes to copy */ | |
25767 | + n = (uInt)(s->write - q); | |
25768 | + if (n > z->avail_out) n = z->avail_out; | |
25769 | + if (n && r == Z_BUF_ERROR) r = Z_OK; | |
25770 | + | |
25771 | + /* update counters */ | |
25772 | + z->avail_out -= n; | |
25773 | + z->total_out += n; | |
25774 | + | |
25775 | + /* update check information */ | |
25776 | + if (s->checkfn != Z_NULL) | |
25777 | + z->adler = s->check = (*s->checkfn)(s->check, q, n); | |
25778 | + | |
25779 | + /* copy */ | |
25780 | + zmemcpy(p, q, n); | |
25781 | + p += n; | |
25782 | + q += n; | |
25783 | + } | |
25784 | + | |
25785 | + /* update pointers */ | |
25786 | + z->next_out = p; | |
25787 | + s->read = q; | |
25788 | + | |
25789 | + /* done */ | |
25790 | + return r; | |
25791 | +} | |
25792 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
25793 | +++ linux/net/ipsec/infutil.h Mon Feb 9 13:51:03 2004 | |
25794 | @@ -0,0 +1,98 @@ | |
25795 | +/* infutil.h -- types and macros common to blocks and codes | |
25796 | + * Copyright (C) 1995-2002 Mark Adler | |
25797 | + * For conditions of distribution and use, see copyright notice in zlib.h | |
25798 | + */ | |
25799 | + | |
25800 | +/* WARNING: this file should *not* be used by applications. It is | |
25801 | + part of the implementation of the compression library and is | |
25802 | + subject to change. Applications should only use zlib.h. | |
25803 | + */ | |
25804 | + | |
25805 | +#ifndef _INFUTIL_H | |
25806 | +#define _INFUTIL_H | |
25807 | + | |
25808 | +typedef enum { | |
25809 | + TYPE, /* get type bits (3, including end bit) */ | |
25810 | + LENS, /* get lengths for stored */ | |
25811 | + STORED, /* processing stored block */ | |
25812 | + TABLE, /* get table lengths */ | |
25813 | + BTREE, /* get bit lengths tree for a dynamic block */ | |
25814 | + DTREE, /* get length, distance trees for a dynamic block */ | |
25815 | + CODES, /* processing fixed or dynamic block */ | |
25816 | + DRY, /* output remaining window bytes */ | |
25817 | + DONE, /* finished last block, done */ | |
25818 | + BAD} /* got a data error--stuck here */ | |
25819 | +inflate_block_mode; | |
25820 | + | |
25821 | +/* inflate blocks semi-private state */ | |
25822 | +struct inflate_blocks_state { | |
25823 | + | |
25824 | + /* mode */ | |
25825 | + inflate_block_mode mode; /* current inflate_block mode */ | |
25826 | + | |
25827 | + /* mode dependent information */ | |
25828 | + union { | |
25829 | + uInt left; /* if STORED, bytes left to copy */ | |
25830 | + struct { | |
25831 | + uInt table; /* table lengths (14 bits) */ | |
25832 | + uInt index; /* index into blens (or border) */ | |
25833 | + uIntf *blens; /* bit lengths of codes */ | |
25834 | + uInt bb; /* bit length tree depth */ | |
25835 | + inflate_huft *tb; /* bit length decoding tree */ | |
25836 | + } trees; /* if DTREE, decoding info for trees */ | |
25837 | + struct { | |
25838 | + inflate_codes_statef | |
25839 | + *codes; | |
25840 | + } decode; /* if CODES, current state */ | |
25841 | + } sub; /* submode */ | |
25842 | + uInt last; /* true if this block is the last block */ | |
25843 | + | |
25844 | + /* mode independent information */ | |
25845 | + uInt bitk; /* bits in bit buffer */ | |
25846 | + uLong bitb; /* bit buffer */ | |
25847 | + inflate_huft *hufts; /* single malloc for tree space */ | |
25848 | + Bytef *window; /* sliding window */ | |
25849 | + Bytef *end; /* one byte after sliding window */ | |
25850 | + Bytef *read; /* window read pointer */ | |
25851 | + Bytef *write; /* window write pointer */ | |
25852 | + check_func checkfn; /* check function */ | |
25853 | + uLong check; /* check on output */ | |
25854 | + | |
25855 | +}; | |
25856 | + | |
25857 | + | |
25858 | +/* defines for inflate input/output */ | |
25859 | +/* update pointers and return */ | |
25860 | +#define UPDBITS {s->bitb=b;s->bitk=k;} | |
25861 | +#define UPDIN {z->avail_in=n;z->total_in+=p-z->next_in;z->next_in=p;} | |
25862 | +#define UPDOUT {s->write=q;} | |
25863 | +#define UPDATE {UPDBITS UPDIN UPDOUT} | |
25864 | +#define LEAVE {UPDATE return inflate_flush(s,z,r);} | |
25865 | +/* get bytes and bits */ | |
25866 | +#define LOADIN {p=z->next_in;n=z->avail_in;b=s->bitb;k=s->bitk;} | |
25867 | +#define NEEDBYTE {if(n)r=Z_OK;else LEAVE} | |
25868 | +#define NEXTBYTE (n--,*p++) | |
25869 | +#define NEEDBITS(j) {while(k<(j)){NEEDBYTE;b|=((uLong)NEXTBYTE)<<k;k+=8;}} | |
25870 | +#define DUMPBITS(j) {b>>=(j);k-=(j);} | |
25871 | +/* output bytes */ | |
25872 | +#define WAVAIL (uInt)(q<s->read?s->read-q-1:s->end-q) | |
25873 | +#define LOADOUT {q=s->write;m=(uInt)WAVAIL;} | |
25874 | +#define WRAP {if(q==s->end&&s->read!=s->window){q=s->window;m=(uInt)WAVAIL;}} | |
25875 | +#define FLUSH {UPDOUT r=inflate_flush(s,z,r); LOADOUT} | |
25876 | +#define NEEDOUT {if(m==0){WRAP if(m==0){FLUSH WRAP if(m==0) LEAVE}}r=Z_OK;} | |
25877 | +#define OUTBYTE(a) {*q++=(Byte)(a);m--;} | |
25878 | +/* load local pointers */ | |
25879 | +#define LOAD {LOADIN LOADOUT} | |
25880 | + | |
25881 | +/* masks for lower bits (size given to avoid silly warnings with Visual C++) */ | |
25882 | +extern uInt inflate_mask[17]; | |
25883 | + | |
25884 | +/* copy as much as possible from the sliding window to the output area */ | |
25885 | +extern int inflate_flush OF(( | |
25886 | + inflate_blocks_statef *, | |
25887 | + z_streamp , | |
25888 | + int)); | |
25889 | + | |
25890 | +struct internal_state {int dummy;}; /* for buggy compilers */ | |
25891 | + | |
25892 | +#endif /* _INFUTIL_H */ | |
25893 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
25894 | +++ linux/net/ipsec/initaddr.c Mon Feb 9 13:51:03 2004 | |
25895 | @@ -0,0 +1,50 @@ | |
25896 | +/* | |
25897 | + * initialize address structure | |
25898 | + * Copyright (C) 2000 Henry Spencer. | |
25899 | + * | |
25900 | + * This library is free software; you can redistribute it and/or modify it | |
25901 | + * under the terms of the GNU Library General Public License as published by | |
25902 | + * the Free Software Foundation; either version 2 of the License, or (at your | |
25903 | + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. | |
25904 | + * | |
25905 | + * This library is distributed in the hope that it will be useful, but | |
25906 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
25907 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public | |
25908 | + * License for more details. | |
25909 | + * | |
25910 | + * RCSID $Id: initaddr.c,v 1.6 2004/07/10 07:43:47 mcr Exp $ | |
25911 | + */ | |
25912 | +#include "openswan.h" | |
25913 | + | |
25914 | +/* | |
25915 | + - initaddr - initialize ip_address from bytes | |
25916 | + */ | |
25917 | +err_t /* NULL for success, else string literal */ | |
25918 | +initaddr(src, srclen, af, dst) | |
25919 | +const unsigned char *src; | |
25920 | +size_t srclen; | |
25921 | +int af; /* address family */ | |
25922 | +ip_address *dst; | |
25923 | +{ | |
25924 | + switch (af) { | |
25925 | + case AF_INET: | |
25926 | + if (srclen != 4) | |
25927 | + return "IPv4 address must be exactly 4 bytes"; | |
25928 | + dst->u.v4.sin_family = af; | |
25929 | + dst->u.v4.sin_port = 0; /* unused */ | |
25930 | + memcpy((char *)&dst->u.v4.sin_addr.s_addr, src, srclen); | |
25931 | + break; | |
25932 | + case AF_INET6: | |
25933 | + if (srclen != 16) | |
25934 | + return "IPv6 address must be exactly 16 bytes"; | |
25935 | + dst->u.v6.sin6_family = af; | |
25936 | + dst->u.v6.sin6_flowinfo = 0; /* unused */ | |
25937 | + dst->u.v6.sin6_port = 0; /* unused */ | |
25938 | + memcpy((char *)&dst->u.v6.sin6_addr, src, srclen); | |
25939 | + break; | |
25940 | + default: | |
25941 | + return "unknown address family in initaddr"; | |
25942 | + break; | |
25943 | + } | |
25944 | + return NULL; | |
25945 | +} | |
25946 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
25947 | +++ linux/net/ipsec/ipcomp.c Mon Feb 9 13:51:03 2004 | |
25948 | @@ -0,0 +1,701 @@ | |
25949 | +/* | |
25950 | + * IPCOMP zlib interface code. | |
25951 | + * Copyright (C) 2000 Svenning Soerensen <svenning@post5.tele.dk> | |
25952 | + * Copyright (C) 2000, 2001 Richard Guy Briggs <rgb@conscoop.ottawa.on.ca> | |
25953 | + * | |
25954 | + * This program is free software; you can redistribute it and/or modify it | |
25955 | + * under the terms of the GNU General Public License as published by the | |
25956 | + * Free Software Foundation; either version 2 of the License, or (at your | |
25957 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
25958 | + * | |
25959 | + * This program is distributed in the hope that it will be useful, but | |
25960 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
25961 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
25962 | + * for more details. | |
25963 | + */ | |
25964 | + | |
25965 | +char ipcomp_c_version[] = "RCSID $Id: ipcomp.c,v 1.41.2.5 2006/10/06 21:39:26 paul Exp $"; | |
25966 | + | |
25967 | +/* SSS */ | |
25968 | + | |
25969 | +#ifndef AUTOCONF_INCLUDED | |
25970 | +#include <linux/config.h> | |
25971 | +#endif | |
25972 | +#include <linux/version.h> | |
25973 | + | |
25974 | +#define __NO_VERSION__ | |
25975 | +#include <linux/module.h> | |
25976 | +#include <linux/kernel.h> /* printk() */ | |
25977 | + | |
25978 | +#include "openswan/ipsec_param.h" | |
25979 | + | |
25980 | +#ifdef MALLOC_SLAB | |
25981 | +# include <linux/slab.h> /* kmalloc() */ | |
25982 | +#else /* MALLOC_SLAB */ | |
25983 | +# include <linux/malloc.h> /* kmalloc() */ | |
25984 | +#endif /* MALLOC_SLAB */ | |
25985 | +#include <linux/errno.h> /* error codes */ | |
25986 | +#include <linux/types.h> | |
25987 | +#include <linux/netdevice.h> | |
25988 | +#include <linux/ip.h> | |
25989 | +#include <linux/skbuff.h> | |
25990 | + | |
25991 | +#include <linux/netdevice.h> /* struct device, and other headers */ | |
25992 | +#include <linux/etherdevice.h> /* eth_type_trans */ | |
25993 | +#include <linux/ip.h> /* struct iphdr */ | |
25994 | +#include <linux/skbuff.h> | |
25995 | +#include <asm/uaccess.h> | |
25996 | +#include <asm/checksum.h> | |
25997 | + | |
25998 | +#include <openswan.h> | |
25999 | + | |
26000 | +#include <net/ip.h> | |
26001 | + | |
26002 | +#include "openswan/radij.h" | |
26003 | +#include "openswan/ipsec_encap.h" | |
26004 | +#include "openswan/ipsec_sa.h" | |
26005 | + | |
26006 | +#include "openswan/ipsec_xform.h" | |
26007 | +#include "openswan/ipsec_tunnel.h" | |
26008 | +#include "openswan/ipsec_rcv.h" /* sysctl_ipsec_inbound_policy_check */ | |
26009 | +#include "openswan/ipsec_proto.h" | |
26010 | +#include "openswan/ipcomp.h" | |
26011 | +#include "zlib/zlib.h" | |
26012 | +#include "zlib/zutil.h" | |
26013 | + | |
26014 | +#include <pfkeyv2.h> /* SADB_X_CALG_DEFLATE */ | |
26015 | + | |
26016 | +#ifdef CONFIG_KLIPS_DEBUG | |
26017 | +int sysctl_ipsec_debug_ipcomp = 0; | |
26018 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
26019 | + | |
26020 | +static | |
26021 | +struct sk_buff *skb_copy_ipcomp(struct sk_buff *skb, int data_growth, int gfp_mask); | |
26022 | + | |
26023 | +static | |
26024 | +voidpf my_zcalloc(voidpf opaque, uInt items, uInt size) | |
26025 | +{ | |
26026 | + return (voidpf) kmalloc(items*size, GFP_ATOMIC); | |
26027 | +} | |
26028 | + | |
26029 | +static | |
26030 | +void my_zfree(voidpf opaque, voidpf address) | |
26031 | +{ | |
26032 | + kfree(address); | |
26033 | +} | |
26034 | + | |
26035 | +/* | |
26036 | + * We use this function because sometimes we want to pass a negative offset | |
26037 | + * into skb_put(), this does not work on 64bit platforms because long to | |
26038 | + * unsigned int casting. | |
26039 | + */ | |
26040 | +static inline unsigned char * | |
26041 | +safe_skb_put(struct sk_buff *skb, int extend) | |
26042 | +{ | |
26043 | + unsigned char *ptr; | |
26044 | + | |
26045 | + if (extend>0) { | |
26046 | + // increase the size of the packet | |
26047 | + ptr = skb_put(skb, extend); | |
26048 | + } else { | |
26049 | + // shrink the size of the packet | |
26050 | + ptr = skb->tail; | |
26051 | + skb_trim (skb, skb->len + extend); | |
26052 | + } | |
26053 | + | |
26054 | + return ptr; | |
26055 | +} | |
26056 | + | |
26057 | +struct sk_buff *skb_compress(struct sk_buff *skb, struct ipsec_sa *ips, unsigned int *flags) | |
26058 | +{ | |
26059 | + struct iphdr *iph; | |
26060 | + unsigned int iphlen, pyldsz, cpyldsz; | |
26061 | + unsigned char *buffer; | |
26062 | + z_stream zs; | |
26063 | + int zresult; | |
26064 | + | |
26065 | + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, | |
26066 | + "klips_debug:skb_compress: .\n"); | |
26067 | + | |
26068 | + if(skb == NULL) { | |
26069 | + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, | |
26070 | + "klips_debug:skb_compress: " | |
26071 | + "passed in NULL skb, returning ERROR.\n"); | |
26072 | + if(flags != NULL) { | |
26073 | + *flags |= IPCOMP_PARMERROR; | |
26074 | + } | |
26075 | + return skb; | |
26076 | + } | |
26077 | + | |
26078 | + if(ips == NULL) { | |
26079 | + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, | |
26080 | + "klips_debug:skb_compress: " | |
26081 | + "passed in NULL ipsec_sa needed for cpi, returning ERROR.\n"); | |
26082 | + if(flags) { | |
26083 | + *flags |= IPCOMP_PARMERROR; | |
26084 | + } | |
26085 | + return skb; | |
26086 | + } | |
26087 | + | |
26088 | + if (flags == NULL) { | |
26089 | + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, | |
26090 | + "klips_debug:skb_compress: " | |
26091 | + "passed in NULL flags, returning ERROR.\n"); | |
26092 | + ipsec_kfree_skb(skb); | |
26093 | + return NULL; | |
26094 | + } | |
26095 | + | |
26096 | +#ifdef NET_21 | |
26097 | + iph = skb->nh.iph; | |
26098 | +#else /* NET_21 */ | |
26099 | + iph = skb->ip_hdr; | |
26100 | +#endif /* NET_21 */ | |
26101 | + | |
26102 | + switch (iph->protocol) { | |
26103 | + case IPPROTO_COMP: | |
26104 | + case IPPROTO_AH: | |
26105 | + case IPPROTO_ESP: | |
26106 | + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, | |
26107 | + "klips_debug:skb_compress: " | |
26108 | + "skipping compression of packet with ip protocol %d.\n", | |
26109 | + iph->protocol); | |
26110 | + *flags |= IPCOMP_UNCOMPRESSABLE; | |
26111 | + return skb; | |
26112 | + } | |
26113 | + | |
26114 | + /* Don't compress packets already fragmented */ | |
26115 | + if (iph->frag_off & __constant_htons(IP_MF | IP_OFFSET)) { | |
26116 | + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, | |
26117 | + "klips_debug:skb_compress: " | |
26118 | + "skipping compression of fragmented packet.\n"); | |
26119 | + *flags |= IPCOMP_UNCOMPRESSABLE; | |
26120 | + return skb; | |
26121 | + } | |
26122 | + | |
26123 | + iphlen = iph->ihl << 2; | |
26124 | + pyldsz = ntohs(iph->tot_len) - iphlen; | |
26125 | + | |
26126 | + /* Don't compress less than 90 bytes (rfc 2394) */ | |
26127 | + if (pyldsz < 90) { | |
26128 | + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, | |
26129 | + "klips_debug:skb_compress: " | |
26130 | + "skipping compression of tiny packet, len=%d.\n", | |
26131 | + pyldsz); | |
26132 | + *flags |= IPCOMP_UNCOMPRESSABLE; | |
26133 | + return skb; | |
26134 | + } | |
26135 | + | |
26136 | + /* Adaptive decision */ | |
26137 | + if (ips->ips_comp_adapt_skip) { | |
26138 | + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, | |
26139 | + "klips_debug:skb_compress: " | |
26140 | + "skipping compression: ips_comp_adapt_skip=%d.\n", | |
26141 | + ips->ips_comp_adapt_skip); | |
26142 | + ips->ips_comp_adapt_skip--; | |
26143 | + *flags |= IPCOMP_UNCOMPRESSABLE; | |
26144 | + return skb; | |
26145 | + } | |
26146 | + | |
26147 | + zs.zalloc = my_zcalloc; | |
26148 | + zs.zfree = my_zfree; | |
26149 | + zs.opaque = 0; | |
26150 | + | |
26151 | + /* We want to use deflateInit2 because we don't want the adler | |
26152 | + header. */ | |
26153 | + zresult = deflateInit2(&zs, Z_DEFAULT_COMPRESSION, Z_DEFLATED, -11, | |
26154 | + DEF_MEM_LEVEL, Z_DEFAULT_STRATEGY); | |
26155 | + if (zresult != Z_OK) { | |
26156 | + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, | |
26157 | + "klips_error:skb_compress: " | |
26158 | + "deflateInit2() returned error %d (%s), " | |
26159 | + "skipping compression.\n", | |
26160 | + zresult, | |
26161 | + zs.msg ? zs.msg : zError(zresult)); | |
26162 | + *flags |= IPCOMP_COMPRESSIONERROR; | |
26163 | + return skb; | |
26164 | + } | |
26165 | + | |
26166 | + | |
26167 | + /* Max output size. Result should be max this size. | |
26168 | + * Implementation specific tweak: | |
26169 | + * If it's not at least 32 bytes and 6.25% smaller than | |
26170 | + * the original packet, it's probably not worth wasting | |
26171 | + * the receiver's CPU cycles decompressing it. | |
26172 | + * Your mileage may vary. | |
26173 | + */ | |
26174 | + cpyldsz = pyldsz - sizeof(struct ipcomphdr) - (pyldsz <= 512 ? 32 : pyldsz >> 4); | |
26175 | + | |
26176 | + buffer = kmalloc(cpyldsz, GFP_ATOMIC); | |
26177 | + if (!buffer) { | |
26178 | + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, | |
26179 | + "klips_error:skb_compress: " | |
26180 | + "unable to kmalloc(%d, GFP_ATOMIC), " | |
26181 | + "skipping compression.\n", | |
26182 | + cpyldsz); | |
26183 | + *flags |= IPCOMP_COMPRESSIONERROR; | |
26184 | + deflateEnd(&zs); | |
26185 | + return skb; | |
26186 | + } | |
26187 | + | |
26188 | +#ifdef CONFIG_KLIPS_DEBUG | |
26189 | + if(sysctl_ipsec_debug_ipcomp && sysctl_ipsec_debug_verbose) { | |
26190 | + __u8 *c; | |
26191 | + | |
26192 | + c = (__u8*)iph + iphlen; | |
26193 | + ipsec_dmp_block("compress before", c, pyldsz); | |
26194 | + } | |
26195 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
26196 | + | |
26197 | + zs.next_in = (char *) iph + iphlen; /* start of payload */ | |
26198 | + zs.avail_in = pyldsz; | |
26199 | + zs.next_out = buffer; /* start of compressed payload */ | |
26200 | + zs.avail_out = cpyldsz; | |
26201 | + | |
26202 | + /* Finish compression in one step */ | |
26203 | + zresult = deflate(&zs, Z_FINISH); | |
26204 | + | |
26205 | + /* Free all dynamically allocated buffers */ | |
26206 | + deflateEnd(&zs); | |
26207 | + if (zresult != Z_STREAM_END) { | |
26208 | + *flags |= IPCOMP_UNCOMPRESSABLE; | |
26209 | + kfree(buffer); | |
26210 | + | |
26211 | + /* Adjust adaptive counters */ | |
26212 | + if (++(ips->ips_comp_adapt_tries) == IPCOMP_ADAPT_INITIAL_TRIES) { | |
26213 | + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, | |
26214 | + "klips_debug:skb_compress: " | |
26215 | + "first %d packets didn't compress, " | |
26216 | + "skipping next %d\n", | |
26217 | + IPCOMP_ADAPT_INITIAL_TRIES, | |
26218 | + IPCOMP_ADAPT_INITIAL_SKIP); | |
26219 | + ips->ips_comp_adapt_skip = IPCOMP_ADAPT_INITIAL_SKIP; | |
26220 | + } | |
26221 | + else if (ips->ips_comp_adapt_tries == IPCOMP_ADAPT_INITIAL_TRIES + IPCOMP_ADAPT_SUBSEQ_TRIES) { | |
26222 | + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, | |
26223 | + "klips_debug:skb_compress: " | |
26224 | + "next %d packets didn't compress, " | |
26225 | + "skipping next %d\n", | |
26226 | + IPCOMP_ADAPT_SUBSEQ_TRIES, | |
26227 | + IPCOMP_ADAPT_SUBSEQ_SKIP); | |
26228 | + ips->ips_comp_adapt_skip = IPCOMP_ADAPT_SUBSEQ_SKIP; | |
26229 | + ips->ips_comp_adapt_tries = IPCOMP_ADAPT_INITIAL_TRIES; | |
26230 | + } | |
26231 | + | |
26232 | + return skb; | |
26233 | + } | |
26234 | + | |
26235 | + /* resulting compressed size */ | |
26236 | + cpyldsz -= zs.avail_out; | |
26237 | + | |
26238 | + /* Insert IPCOMP header */ | |
26239 | + ((struct ipcomphdr*) ((char*) iph + iphlen))->ipcomp_nh = iph->protocol; | |
26240 | + ((struct ipcomphdr*) ((char*) iph + iphlen))->ipcomp_flags = 0; | |
26241 | + /* use the bottom 16 bits of the spi for the cpi. The top 16 bits are | |
26242 | + for internal reference only. */ | |
26243 | + ((struct ipcomphdr*) (((char*)iph) + iphlen))->ipcomp_cpi = htons((__u16)(ntohl(ips->ips_said.spi) & 0x0000ffff)); | |
26244 | + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, | |
26245 | + "klips_debug:skb_compress: " | |
26246 | + "spi=%08x, spi&0xffff=%04x, cpi=%04x, payload size: raw=%d, comp=%d.\n", | |
26247 | + ntohl(ips->ips_said.spi), | |
26248 | + ntohl(ips->ips_said.spi) & 0x0000ffff, | |
26249 | + ntohs(((struct ipcomphdr*)(((char*)iph)+iphlen))->ipcomp_cpi), | |
26250 | + pyldsz, | |
26251 | + cpyldsz); | |
26252 | + | |
26253 | + /* Update IP header */ | |
26254 | + iph->protocol = IPPROTO_COMP; | |
26255 | + iph->tot_len = htons(iphlen + sizeof(struct ipcomphdr) + cpyldsz); | |
26256 | +#if 1 /* XXX checksum is done by ipsec_tunnel ? */ | |
26257 | + iph->check = 0; | |
26258 | + iph->check = ip_fast_csum((char *) iph, iph->ihl); | |
26259 | +#endif | |
26260 | + | |
26261 | + /* Copy compressed payload */ | |
26262 | + memcpy((char *) iph + iphlen + sizeof(struct ipcomphdr), | |
26263 | + buffer, | |
26264 | + cpyldsz); | |
26265 | + kfree(buffer); | |
26266 | + | |
26267 | + /* Update skb length/tail by "unputting" the shrinkage */ | |
26268 | + safe_skb_put (skb, cpyldsz + sizeof(struct ipcomphdr) - pyldsz); | |
26269 | + | |
26270 | +#ifdef CONFIG_KLIPS_DEBUG | |
26271 | + if(sysctl_ipsec_debug_ipcomp && sysctl_ipsec_debug_verbose) { | |
26272 | + __u8 *c; | |
26273 | + | |
26274 | + c = (__u8*)iph + iphlen + sizeof(struct ipcomphdr); | |
26275 | + ipsec_dmp_block("compress result", c, cpyldsz); | |
26276 | + } | |
26277 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
26278 | + | |
26279 | + ips->ips_comp_adapt_skip = 0; | |
26280 | + ips->ips_comp_adapt_tries = 0; | |
26281 | + | |
26282 | + return skb; | |
26283 | +} | |
26284 | + | |
26285 | +struct sk_buff *skb_decompress(struct sk_buff *skb, struct ipsec_sa *ips, unsigned int *flags) | |
26286 | +{ | |
26287 | + struct sk_buff *nskb = NULL; | |
26288 | + | |
26289 | + /* original ip header */ | |
26290 | + struct iphdr *oiph, *iph; | |
26291 | + unsigned int iphlen, pyldsz, cpyldsz; | |
26292 | + z_stream zs; | |
26293 | + int zresult; | |
26294 | + | |
26295 | + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, | |
26296 | + "klips_debug:skb_decompress: .\n"); | |
26297 | + | |
26298 | + if(!skb) { | |
26299 | + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, | |
26300 | + "klips_error:skb_decompress: " | |
26301 | + "passed in NULL skb, returning ERROR.\n"); | |
26302 | + if (flags) *flags |= IPCOMP_PARMERROR; | |
26303 | + return skb; | |
26304 | + } | |
26305 | + | |
26306 | + if(!ips && sysctl_ipsec_inbound_policy_check) { | |
26307 | + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, | |
26308 | + "klips_error:skb_decompress: " | |
26309 | + "passed in NULL ipsec_sa needed for comp alg, returning ERROR.\n"); | |
26310 | + if (flags) *flags |= IPCOMP_PARMERROR; | |
26311 | + return skb; | |
26312 | + } | |
26313 | + | |
26314 | + if (!flags) { | |
26315 | + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, | |
26316 | + "klips_error:skb_decompress: " | |
26317 | + "passed in NULL flags, returning ERROR.\n"); | |
26318 | + ipsec_kfree_skb(skb); | |
26319 | + return NULL; | |
26320 | + } | |
26321 | + | |
26322 | +#ifdef NET_21 | |
26323 | + oiph = skb->nh.iph; | |
26324 | +#else /* NET_21 */ | |
26325 | + oiph = skb->ip_hdr; | |
26326 | +#endif /* NET_21 */ | |
26327 | + | |
26328 | + iphlen = oiph->ihl << 2; | |
26329 | + | |
26330 | + if (oiph->protocol != IPPROTO_COMP) { | |
26331 | + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, | |
26332 | + "klips_error:skb_decompress: " | |
26333 | + "called with non-IPCOMP packet (protocol=%d)," | |
26334 | + "skipping decompression.\n", | |
26335 | + oiph->protocol); | |
26336 | + *flags |= IPCOMP_PARMERROR; | |
26337 | + return skb; | |
26338 | + } | |
26339 | + | |
26340 | + if ( (((struct ipcomphdr*)((char*) oiph + iphlen))->ipcomp_flags != 0) | |
26341 | + || ((((struct ipcomphdr*) ((char*) oiph + iphlen))->ipcomp_cpi | |
26342 | + != htons(SADB_X_CALG_DEFLATE)) | |
26343 | + && sysctl_ipsec_inbound_policy_check | |
26344 | + && (!ips || (ips && (ips->ips_encalg != SADB_X_CALG_DEFLATE)))) ) { | |
26345 | + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, | |
26346 | + "klips_error:skb_decompress: " | |
26347 | + "called with incompatible IPCOMP packet (flags=%d, " | |
26348 | + "cpi=%d), ips-compalg=%d, skipping decompression.\n", | |
26349 | + ntohs(((struct ipcomphdr*) ((char*) oiph + iphlen))->ipcomp_flags), | |
26350 | + ntohs(((struct ipcomphdr*) ((char*) oiph + iphlen))->ipcomp_cpi), | |
26351 | + ips ? ips->ips_encalg : 0); | |
26352 | + *flags |= IPCOMP_PARMERROR; | |
26353 | + | |
26354 | + return skb; | |
26355 | + } | |
26356 | + | |
26357 | + if (ntohs(oiph->frag_off) & ~0x4000) { | |
26358 | + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, | |
26359 | + "klips_error:skb_decompress: " | |
26360 | + "called with fragmented IPCOMP packet, " | |
26361 | + "skipping decompression.\n"); | |
26362 | + *flags |= IPCOMP_PARMERROR; | |
26363 | + return skb; | |
26364 | + } | |
26365 | + | |
26366 | + /* original compressed payload size */ | |
26367 | + cpyldsz = ntohs(oiph->tot_len) - iphlen - sizeof(struct ipcomphdr); | |
26368 | + | |
26369 | + zs.zalloc = my_zcalloc; | |
26370 | + zs.zfree = my_zfree; | |
26371 | + zs.opaque = 0; | |
26372 | + | |
26373 | + zs.next_in = (char *) oiph + iphlen + sizeof(struct ipcomphdr); | |
26374 | + zs.avail_in = cpyldsz; | |
26375 | + | |
26376 | + /* Maybe we should be a bit conservative about memory | |
26377 | + requirements and use inflateInit2 */ | |
26378 | + /* Beware, that this might make us unable to decompress packets | |
26379 | + from other implementations - HINT: check PGPnet source code */ | |
26380 | + /* We want to use inflateInit2 because we don't want the adler | |
26381 | + header. */ | |
26382 | + zresult = inflateInit2(&zs, -15); | |
26383 | + if (zresult != Z_OK) { | |
26384 | + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, | |
26385 | + "klips_error:skb_decompress: " | |
26386 | + "inflateInit2() returned error %d (%s), " | |
26387 | + "skipping decompression.\n", | |
26388 | + zresult, | |
26389 | + zs.msg ? zs.msg : zError(zresult)); | |
26390 | + *flags |= IPCOMP_DECOMPRESSIONERROR; | |
26391 | + | |
26392 | + return skb; | |
26393 | + } | |
26394 | + | |
26395 | + /* We have no way of knowing the exact length of the resulting | |
26396 | + decompressed output before we have actually done the decompression. | |
26397 | + For now, we guess that the packet will not be bigger than the | |
26398 | + attached ipsec device's mtu or 16260, whichever is biggest. | |
26399 | + This may be wrong, since the sender's mtu may be bigger yet. | |
26400 | + XXX This must be dealt with later XXX | |
26401 | + */ | |
26402 | + | |
26403 | + /* max payload size */ | |
26404 | + pyldsz = skb->dev ? (skb->dev->mtu < 16260 ? 16260 : skb->dev->mtu) | |
26405 | + : (65520 - iphlen); | |
26406 | + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, | |
26407 | + "klips_debug:skb_decompress: " | |
26408 | + "max payload size: %d\n", pyldsz); | |
26409 | + | |
26410 | + while (pyldsz > (cpyldsz + sizeof(struct ipcomphdr)) && | |
26411 | + (nskb = skb_copy_ipcomp(skb, | |
26412 | + pyldsz - cpyldsz - sizeof(struct ipcomphdr), | |
26413 | + GFP_ATOMIC)) == NULL) { | |
26414 | + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, | |
26415 | + "klips_error:skb_decompress: " | |
26416 | + "unable to skb_copy_ipcomp(skb, %d, GFP_ATOMIC), " | |
26417 | + "trying with less payload size.\n", | |
26418 | + (int)(pyldsz - cpyldsz - sizeof(struct ipcomphdr))); | |
26419 | + pyldsz >>=1; | |
26420 | + } | |
26421 | + | |
26422 | + if (!nskb) { | |
26423 | + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, | |
26424 | + "klips_error:skb_decompress: " | |
26425 | + "unable to allocate memory, dropping packet.\n"); | |
26426 | + *flags |= IPCOMP_DECOMPRESSIONERROR; | |
26427 | + inflateEnd(&zs); | |
26428 | + | |
26429 | + return skb; | |
26430 | + } | |
26431 | + | |
26432 | +#ifdef CONFIG_KLIPS_DEBUG | |
26433 | + if(sysctl_ipsec_debug_ipcomp && sysctl_ipsec_debug_verbose) { | |
26434 | + __u8 *c; | |
26435 | + | |
26436 | + c = (__u8*)oiph + iphlen + sizeof(struct ipcomphdr); | |
26437 | + ipsec_dmp_block("decompress before", c, cpyldsz); | |
26438 | + } | |
26439 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
26440 | + | |
26441 | +#ifdef NET_21 | |
26442 | + iph = nskb->nh.iph; | |
26443 | +#else /* NET_21 */ | |
26444 | + iph = nskb->ip_hdr; | |
26445 | +#endif /* NET_21 */ | |
26446 | + zs.next_out = (char *)iph + iphlen; | |
26447 | + zs.avail_out = pyldsz; | |
26448 | + | |
26449 | + zresult = inflate(&zs, Z_SYNC_FLUSH); | |
26450 | + | |
26451 | + /* work around a bug in zlib, which sometimes wants to taste an extra | |
26452 | + * byte when being used in the (undocumented) raw deflate mode. | |
26453 | + */ | |
26454 | + if (zresult == Z_OK && !zs.avail_in && zs.avail_out) { | |
26455 | + __u8 zerostuff = 0; | |
26456 | + | |
26457 | + zs.next_in = &zerostuff; | |
26458 | + zs.avail_in = 1; | |
26459 | + zresult = inflate(&zs, Z_FINISH); | |
26460 | + } | |
26461 | + | |
26462 | + inflateEnd(&zs); | |
26463 | + if (zresult != Z_STREAM_END) { | |
26464 | + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, | |
26465 | + "klips_error:skb_decompress: " | |
26466 | + "inflate() returned error %d (%s), " | |
26467 | + "skipping decompression.\n", | |
26468 | + zresult, | |
26469 | + zs.msg ? zs.msg : zError(zresult)); | |
26470 | + *flags |= IPCOMP_DECOMPRESSIONERROR; | |
26471 | + ipsec_kfree_skb(nskb); | |
26472 | + | |
26473 | + return skb; | |
26474 | + } | |
26475 | + | |
26476 | + /* Update IP header */ | |
26477 | + /* resulting decompressed size */ | |
26478 | + pyldsz -= zs.avail_out; | |
26479 | + iph->tot_len = htons(iphlen + pyldsz); | |
26480 | + iph->protocol = ((struct ipcomphdr*) ((char*) oiph + iphlen))->ipcomp_nh; | |
26481 | + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, | |
26482 | + "klips_debug:skb_decompress: " | |
26483 | + "spi=%08x, spi&0xffff=%04x, cpi=%04x, payload size: comp=%d, raw=%d, nh=%d.\n", | |
26484 | + ips ? ntohl(ips->ips_said.spi) : 0, | |
26485 | + ips ? ntohl(ips->ips_said.spi) & 0x0000ffff : 0, | |
26486 | + ntohs(((struct ipcomphdr*)(((char*)oiph)+iphlen))->ipcomp_cpi), | |
26487 | + cpyldsz, | |
26488 | + pyldsz, | |
26489 | + iph->protocol); | |
26490 | + | |
26491 | +#if 1 /* XXX checksum is done by ipsec_rcv ? */ | |
26492 | + iph->check = 0; | |
26493 | + iph->check = ip_fast_csum((char*) iph, iph->ihl); | |
26494 | +#endif | |
26495 | + | |
26496 | + /* Update skb length/tail by "unputting" the unused data area */ | |
26497 | + safe_skb_put(nskb, -zs.avail_out); | |
26498 | + | |
26499 | + ipsec_kfree_skb(skb); | |
26500 | + | |
26501 | + if (iph->protocol == IPPROTO_COMP) | |
26502 | + { | |
26503 | +#ifdef CONFIG_KLIPS_DEBUG | |
26504 | + if(sysctl_ipsec_debug_ipcomp) | |
26505 | + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, | |
26506 | + "klips_debug:skb_decompress: " | |
26507 | + "Eh? inner packet is also compressed, dropping.\n"); | |
26508 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
26509 | + | |
26510 | + ipsec_kfree_skb(nskb); | |
26511 | + return NULL; | |
26512 | + } | |
26513 | + | |
26514 | +#ifdef CONFIG_KLIPS_DEBUG | |
26515 | + if(sysctl_ipsec_debug_ipcomp && sysctl_ipsec_debug_verbose) { | |
26516 | + __u8 *c; | |
26517 | + | |
26518 | + c = (__u8*)iph + iphlen; | |
26519 | + ipsec_dmp_block("decompress result", c, pyldsz); | |
26520 | + } | |
26521 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
26522 | + | |
26523 | + return nskb; | |
26524 | +} | |
26525 | + | |
26526 | + | |
26527 | +/* this is derived from skb_copy() in linux 2.2.14 */ | |
26528 | +/* May be incompatible with other kernel versions!! */ | |
26529 | +static | |
26530 | +struct sk_buff *skb_copy_ipcomp(struct sk_buff *skb, int data_growth, int gfp_mask) | |
26531 | +{ | |
26532 | + struct sk_buff *n; | |
26533 | + struct iphdr *iph; | |
26534 | + unsigned long offset; | |
26535 | + unsigned int iphlen; | |
26536 | + | |
26537 | + if(!skb) { | |
26538 | + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, | |
26539 | + "klips_debug:skb_copy_ipcomp: " | |
26540 | + "passed in NULL skb, returning NULL.\n"); | |
26541 | + return NULL; | |
26542 | + } | |
26543 | + | |
26544 | + /* | |
26545 | + * Allocate the copy buffer | |
26546 | + */ | |
26547 | + | |
26548 | +#ifdef NET_21 | |
26549 | + iph = skb->nh.iph; | |
26550 | +#else /* NET_21 */ | |
26551 | + iph = skb->ip_hdr; | |
26552 | +#endif /* NET_21 */ | |
26553 | + if (!iph) return NULL; | |
26554 | + iphlen = iph->ihl << 2; | |
26555 | + | |
26556 | + n=alloc_skb(skb->end - skb->head + data_growth, gfp_mask); | |
26557 | + if(n==NULL) | |
26558 | + return NULL; | |
26559 | + | |
26560 | + /* | |
26561 | + * Shift between the two data areas in bytes | |
26562 | + */ | |
26563 | + | |
26564 | + offset=n->head-skb->head; | |
26565 | + | |
26566 | + /* Set the data pointer */ | |
26567 | + skb_reserve(n,skb->data-skb->head); | |
26568 | + /* Set the tail pointer and length */ | |
26569 | + safe_skb_put(n,skb->len+data_growth); | |
26570 | + /* Copy the bytes up to and including the ip header */ | |
26571 | + memcpy(n->head, | |
26572 | + skb->head, | |
26573 | + ((char *)iph - (char *)skb->head) + iphlen); | |
26574 | +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,14) | |
26575 | + n->list=NULL; | |
26576 | +#endif | |
26577 | + n->next=NULL; | |
26578 | + n->prev=NULL; | |
26579 | + n->sk=NULL; | |
26580 | + n->dev=skb->dev; | |
26581 | + if (skb->h.raw) | |
26582 | + n->h.raw=skb->h.raw+offset; | |
26583 | + else | |
26584 | + n->h.raw=NULL; | |
26585 | + n->protocol=skb->protocol; | |
26586 | +#ifdef NET_21 | |
26587 | + n->csum = 0; | |
26588 | + n->priority=skb->priority; | |
26589 | + n->dst=dst_clone(skb->dst); | |
26590 | + n->nh.raw=skb->nh.raw+offset; | |
26591 | +#ifndef NETDEV_23 | |
26592 | + n->is_clone=0; | |
26593 | +#endif /* NETDEV_23 */ | |
26594 | + atomic_set(&n->users, 1); | |
26595 | + n->destructor = NULL; | |
26596 | +#ifdef HAVE_SOCK_SECURITY | |
26597 | + n->security=skb->security; | |
26598 | +#endif | |
26599 | + memcpy(n->cb, skb->cb, sizeof(skb->cb)); | |
26600 | +#ifdef CONFIG_IP_FIREWALL | |
26601 | + n->fwmark = skb->fwmark; | |
26602 | +#endif | |
26603 | +#else /* NET_21 */ | |
26604 | + n->link3=NULL; | |
26605 | + n->when=skb->when; | |
26606 | + n->ip_hdr=(struct iphdr *)(((char *)skb->ip_hdr)+offset); | |
26607 | + n->saddr=skb->saddr; | |
26608 | + n->daddr=skb->daddr; | |
26609 | + n->raddr=skb->raddr; | |
26610 | + n->seq=skb->seq; | |
26611 | + n->end_seq=skb->end_seq; | |
26612 | + n->ack_seq=skb->ack_seq; | |
26613 | + n->acked=skb->acked; | |
26614 | + n->free=1; | |
26615 | + n->arp=skb->arp; | |
26616 | + n->tries=0; | |
26617 | + n->lock=0; | |
26618 | + n->users=0; | |
26619 | + memcpy(n->proto_priv, skb->proto_priv, sizeof(skb->proto_priv)); | |
26620 | +#endif /* NET_21 */ | |
26621 | + if (skb->mac.raw) | |
26622 | + n->mac.raw=skb->mac.raw+offset; | |
26623 | + else | |
26624 | + n->mac.raw=NULL; | |
26625 | +#ifndef NETDEV_23 | |
26626 | + n->used=skb->used; | |
26627 | +#endif /* !NETDEV_23 */ | |
26628 | + n->pkt_type=skb->pkt_type; | |
26629 | +#ifndef NETDEV_23 | |
26630 | + n->pkt_bridged=skb->pkt_bridged; | |
26631 | +#endif /* NETDEV_23 */ | |
26632 | + n->ip_summed=0; | |
26633 | +#ifdef HAVE_TSTAMP | |
26634 | + n->tstamp = skb->tstamp; | |
26635 | +#else | |
26636 | + n->stamp=skb->stamp; | |
26637 | +#endif | |
26638 | +#ifndef NETDEV_23 /* this seems to have been removed in 2.4 */ | |
26639 | +#if defined(CONFIG_SHAPER) || defined(CONFIG_SHAPER_MODULE) | |
26640 | + n->shapelatency=skb->shapelatency; /* Latency on frame */ | |
26641 | + n->shapeclock=skb->shapeclock; /* Time it should go out */ | |
26642 | + n->shapelen=skb->shapelen; /* Frame length in clocks */ | |
26643 | + n->shapestamp=skb->shapestamp; /* Stamp for shaper */ | |
26644 | + n->shapepend=skb->shapepend; /* Pending */ | |
26645 | +#endif /* defined(CONFIG_SHAPER) || defined(CONFIG_SHAPER_MODULE) */ | |
26646 | +#endif /* NETDEV_23 */ | |
26647 | + | |
26648 | + return n; | |
26649 | +} | |
26650 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
26651 | +++ linux/net/ipsec/ipsec_ah.c Mon Feb 9 13:51:03 2004 | |
26652 | @@ -0,0 +1,407 @@ | |
26653 | +/* | |
26654 | + * processing code for AH | |
26655 | + * Copyright (C) 2003-2004 Michael Richardson <mcr@xelerance.com> | |
26656 | + * | |
26657 | + * This program is free software; you can redistribute it and/or modify it | |
26658 | + * under the terms of the GNU General Public License as published by the | |
26659 | + * Free Software Foundation; either version 2 of the License, or (at your | |
26660 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
26661 | + * | |
26662 | + * This program is distributed in the hope that it will be useful, but | |
26663 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
26664 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
26665 | + * for more details. | |
26666 | + */ | |
26667 | + | |
26668 | +char ipsec_ah_c_version[] = "RCSID $Id: ipsec_ah.c,v 1.12.2.2 2006/10/06 21:39:26 paul Exp $"; | |
26669 | +#ifndef AUTOCONF_INCLUDED | |
26670 | +#include <linux/config.h> | |
26671 | +#endif | |
26672 | +#include <linux/version.h> | |
26673 | + | |
26674 | +#define __NO_VERSION__ | |
26675 | +#include <linux/module.h> | |
26676 | +#include <linux/kernel.h> /* printk() */ | |
26677 | + | |
26678 | +#include "openswan/ipsec_param.h" | |
26679 | + | |
26680 | +#ifdef MALLOC_SLAB | |
26681 | +# include <linux/slab.h> /* kmalloc() */ | |
26682 | +#else /* MALLOC_SLAB */ | |
26683 | +# include <linux/malloc.h> /* kmalloc() */ | |
26684 | +#endif /* MALLOC_SLAB */ | |
26685 | +#include <linux/errno.h> /* error codes */ | |
26686 | +#include <linux/types.h> /* size_t */ | |
26687 | +#include <linux/interrupt.h> /* mark_bh */ | |
26688 | + | |
26689 | +#include <linux/netdevice.h> /* struct device, and other headers */ | |
26690 | +#include <linux/etherdevice.h> /* eth_type_trans */ | |
26691 | +#include <linux/ip.h> /* struct iphdr */ | |
26692 | +#include <linux/skbuff.h> | |
26693 | +#include <openswan.h> | |
26694 | +#ifdef SPINLOCK | |
26695 | +# ifdef SPINLOCK_23 | |
26696 | +# include <linux/spinlock.h> /* *lock* */ | |
26697 | +# else /* SPINLOCK_23 */ | |
26698 | +# include <asm/spinlock.h> /* *lock* */ | |
26699 | +# endif /* SPINLOCK_23 */ | |
26700 | +#endif /* SPINLOCK */ | |
26701 | + | |
26702 | +#include <net/ip.h> | |
26703 | +#include <net/protocol.h> | |
26704 | + | |
26705 | +#include "openswan/radij.h" | |
26706 | +#include "openswan/ipsec_encap.h" | |
26707 | +#include "openswan/ipsec_sa.h" | |
26708 | + | |
26709 | +#include "openswan/ipsec_radij.h" | |
26710 | +#include "openswan/ipsec_xform.h" | |
26711 | +#include "openswan/ipsec_tunnel.h" | |
26712 | +#include "openswan/ipsec_rcv.h" | |
26713 | +#include "openswan/ipsec_xmit.h" | |
26714 | + | |
26715 | +#include "openswan/ipsec_auth.h" | |
26716 | +#include "openswan/ipsec_ah.h" | |
26717 | +#include "openswan/ipsec_proto.h" | |
26718 | + | |
26719 | +__u32 zeroes[AH_AMAX]; | |
26720 | + | |
26721 | +enum ipsec_rcv_value | |
26722 | +ipsec_rcv_ah_checks(struct ipsec_rcv_state *irs, | |
26723 | + struct sk_buff *skb) | |
26724 | +{ | |
26725 | + int ahminlen; | |
26726 | + | |
26727 | + ahminlen = irs->hard_header_len + sizeof(struct iphdr); | |
26728 | + | |
26729 | + /* take care not to deref this pointer until we check the minlen though */ | |
26730 | + irs->protostuff.ahstuff.ahp = (struct ahhdr *)skb->h.raw; | |
26731 | + | |
26732 | + if((skb->len < ahminlen+sizeof(struct ahhdr)) || | |
26733 | + (skb->len < ahminlen+(irs->protostuff.ahstuff.ahp->ah_hl << 2))) { | |
26734 | + KLIPS_PRINT(debug_rcv & DB_RX_INAU, | |
26735 | + "klips_debug:ipsec_rcv: " | |
26736 | + "runt ah packet of skb->len=%d received from %s, dropped.\n", | |
26737 | + skb->len, | |
26738 | + irs->ipsaddr_txt); | |
26739 | + if(irs->stats) { | |
26740 | + irs->stats->rx_errors++; | |
26741 | + } | |
26742 | + return IPSEC_RCV_BADLEN; | |
26743 | + } | |
26744 | + | |
26745 | + irs->said.spi = irs->protostuff.ahstuff.ahp->ah_spi; | |
26746 | + | |
26747 | + /* XXX we only support the one 12-byte authenticator for now */ | |
26748 | + if(irs->protostuff.ahstuff.ahp->ah_hl != ((AHHMAC_HASHLEN+AHHMAC_RPLLEN) >> 2)) { | |
26749 | + KLIPS_PRINT(debug_rcv & DB_RX_INAU, | |
26750 | + "klips_debug:ipsec_rcv: " | |
26751 | + "bad authenticator length %ld, expected %lu from %s.\n", | |
26752 | + (long)(irs->protostuff.ahstuff.ahp->ah_hl << 2), | |
26753 | + (unsigned long) sizeof(struct ahhdr), | |
26754 | + irs->ipsaddr_txt); | |
26755 | + if(irs->stats) { | |
26756 | + irs->stats->rx_errors++; | |
26757 | + } | |
26758 | + return IPSEC_RCV_BADLEN; | |
26759 | + } | |
26760 | + | |
26761 | + return IPSEC_RCV_OK; | |
26762 | +} | |
26763 | + | |
26764 | + | |
26765 | +enum ipsec_rcv_value | |
26766 | +ipsec_rcv_ah_setup_auth(struct ipsec_rcv_state *irs, | |
26767 | + struct sk_buff *skb, | |
26768 | + __u32 *replay, | |
26769 | + unsigned char **authenticator) | |
26770 | +{ | |
26771 | + struct ahhdr *ahp = irs->protostuff.ahstuff.ahp; | |
26772 | + | |
26773 | + *replay = ntohl(ahp->ah_rpl); | |
26774 | + *authenticator = ahp->ah_data; | |
26775 | + | |
26776 | + return IPSEC_RCV_OK; | |
26777 | +} | |
26778 | + | |
26779 | +enum ipsec_rcv_value | |
26780 | +ipsec_rcv_ah_authcalc(struct ipsec_rcv_state *irs, | |
26781 | + struct sk_buff *skb) | |
26782 | +{ | |
26783 | + struct auth_alg *aa; | |
26784 | + struct ahhdr *ahp = irs->protostuff.ahstuff.ahp; | |
26785 | + union { | |
26786 | + MD5_CTX md5; | |
26787 | + SHA1_CTX sha1; | |
26788 | + } tctx; | |
26789 | + struct iphdr ipo; | |
26790 | + int ahhlen; | |
26791 | + | |
26792 | + aa = irs->authfuncs; | |
26793 | + | |
26794 | + /* copy the initialized keying material */ | |
26795 | + memcpy(&tctx, irs->ictx, irs->ictx_len); | |
26796 | + | |
26797 | + ipo = *irs->ipp; | |
26798 | + ipo.tos = 0; /* mutable RFC 2402 3.3.3.1.1.1 */ | |
26799 | + ipo.frag_off = 0; | |
26800 | + ipo.ttl = 0; | |
26801 | + ipo.check = 0; | |
26802 | + | |
26803 | + | |
26804 | + /* do the sanitized header */ | |
26805 | + (*aa->update)((void*)&tctx, (caddr_t)&ipo, sizeof(struct iphdr)); | |
26806 | + | |
26807 | + /* XXX we didn't do the options here! */ | |
26808 | + | |
26809 | + /* now do the AH header itself */ | |
26810 | + ahhlen = AH_BASIC_LEN + (ahp->ah_hl << 2); | |
26811 | + (*aa->update)((void*)&tctx, (caddr_t)ahp, ahhlen - AHHMAC_HASHLEN); | |
26812 | + | |
26813 | + /* now, do some zeroes */ | |
26814 | + (*aa->update)((void*)&tctx, (caddr_t)zeroes, AHHMAC_HASHLEN); | |
26815 | + | |
26816 | + /* finally, do the packet contents themselves */ | |
26817 | + (*aa->update)((void*)&tctx, | |
26818 | + (caddr_t)skb->h.raw + ahhlen, | |
26819 | + skb->len - ahhlen); | |
26820 | + | |
26821 | + (*aa->final)(irs->hash, (void *)&tctx); | |
26822 | + | |
26823 | + memcpy(&tctx, irs->octx, irs->octx_len); | |
26824 | + | |
26825 | + (*aa->update)((void *)&tctx, irs->hash, aa->hashlen); | |
26826 | + (*aa->final)(irs->hash, (void *)&tctx); | |
26827 | + | |
26828 | + return IPSEC_RCV_OK; | |
26829 | +} | |
26830 | + | |
26831 | +enum ipsec_rcv_value | |
26832 | +ipsec_rcv_ah_decap(struct ipsec_rcv_state *irs) | |
26833 | +{ | |
26834 | + struct ahhdr *ahp = irs->protostuff.ahstuff.ahp; | |
26835 | + struct sk_buff *skb; | |
26836 | + int ahhlen; | |
26837 | + | |
26838 | + skb=irs->skb; | |
26839 | + | |
26840 | + ahhlen = AH_BASIC_LEN + (ahp->ah_hl << 2); | |
26841 | + | |
26842 | + irs->ipp->tot_len = htons(ntohs(irs->ipp->tot_len) - ahhlen); | |
26843 | + irs->next_header = ahp->ah_nh; | |
26844 | + | |
26845 | + /* | |
26846 | + * move the IP header forward by the size of the AH header, which | |
26847 | + * will remove the the AH header from the packet. | |
26848 | + */ | |
26849 | + memmove((void *)(skb->nh.raw + ahhlen), | |
26850 | + (void *)(skb->nh.raw), irs->iphlen); | |
26851 | + | |
26852 | + ipsec_rcv_dmp("ah postmove", skb->data, skb->len); | |
26853 | + | |
26854 | + /* skb_pull below, will move up by ahhlen */ | |
26855 | + | |
26856 | + /* XXX not clear how this can happen, as the message indicates */ | |
26857 | + if(skb->len < ahhlen) { | |
26858 | + printk(KERN_WARNING | |
26859 | + "klips_error:ipsec_rcv: " | |
26860 | + "tried to skb_pull ahhlen=%d, %d available. This should never happen, please report.\n", | |
26861 | + ahhlen, | |
26862 | + (int)(skb->len)); | |
26863 | + return IPSEC_RCV_DECAPFAIL; | |
26864 | + } | |
26865 | + skb_pull(skb, ahhlen); | |
26866 | + | |
26867 | + skb->nh.raw = skb->nh.raw + ahhlen; | |
26868 | + irs->ipp = skb->nh.iph; | |
26869 | + | |
26870 | + ipsec_rcv_dmp("ah postpull", (void *)skb->nh.iph, skb->len); | |
26871 | + | |
26872 | + return IPSEC_RCV_OK; | |
26873 | +} | |
26874 | + | |
26875 | +enum ipsec_xmit_value | |
26876 | +ipsec_xmit_ah_setup(struct ipsec_xmit_state *ixs) | |
26877 | +{ | |
26878 | + struct iphdr ipo; | |
26879 | + struct ahhdr *ahp; | |
26880 | + __u8 hash[AH_AMAX]; | |
26881 | + union { | |
26882 | +#ifdef CONFIG_KLIPS_AUTH_HMAC_MD5 | |
26883 | + MD5_CTX md5; | |
26884 | +#endif /* CONFIG_KLIPS_AUTH_HMAC_MD5 */ | |
26885 | +#ifdef CONFIG_KLIPS_AUTH_HMAC_SHA1 | |
26886 | + SHA1_CTX sha1; | |
26887 | +#endif /* CONFIG_KLIPS_AUTH_HMAC_SHA1 */ | |
26888 | + } tctx; | |
26889 | + unsigned char *dat = (unsigned char *)ixs->iph; | |
26890 | + | |
26891 | + ahp = (struct ahhdr *)(dat + ixs->iphlen); | |
26892 | + ahp->ah_spi = ixs->ipsp->ips_said.spi; | |
26893 | + ahp->ah_rpl = htonl(++(ixs->ipsp->ips_replaywin_lastseq)); | |
26894 | + ahp->ah_rv = 0; | |
26895 | + ahp->ah_nh = ixs->iph->protocol; | |
26896 | + ahp->ah_hl = (sizeof(struct ahhdr) >> 2) - sizeof(__u64)/sizeof(__u32); | |
26897 | + ixs->iph->protocol = IPPROTO_AH; | |
26898 | + ipsec_xmit_dmp("ahp", (char*)ahp, sizeof(*ahp)); | |
26899 | + | |
26900 | + ipo = *ixs->iph; | |
26901 | + ipo.tos = 0; | |
26902 | + ipo.frag_off = 0; | |
26903 | + ipo.ttl = 0; | |
26904 | + ipo.check = 0; | |
26905 | + ipsec_xmit_dmp("ipo", (char*)&ipo, sizeof(ipo)); | |
26906 | + | |
26907 | + switch(ixs->ipsp->ips_authalg) { | |
26908 | +#ifdef CONFIG_KLIPS_AUTH_HMAC_MD5 | |
26909 | + case AH_MD5: | |
26910 | + tctx.md5 = ((struct md5_ctx*)(ixs->ipsp->ips_key_a))->ictx; | |
26911 | + ipsec_xmit_dmp("ictx", (char*)&tctx.md5, sizeof(tctx.md5)); | |
26912 | + osMD5Update(&tctx.md5, (unsigned char *)&ipo, sizeof (struct iphdr)); | |
26913 | + ipsec_xmit_dmp("ictx+ipo", (char*)&tctx.md5, sizeof(tctx.md5)); | |
26914 | + osMD5Update(&tctx.md5, (unsigned char *)ahp, | |
26915 | + sizeof(struct ahhdr) - sizeof(ahp->ah_data)); | |
26916 | + ipsec_xmit_dmp("ictx+ahp", (char*)&tctx.md5, sizeof(tctx.md5)); | |
26917 | + osMD5Update(&tctx.md5, (unsigned char *)zeroes, AHHMAC_HASHLEN); | |
26918 | + ipsec_xmit_dmp("ictx+zeroes", (char*)&tctx.md5, sizeof(tctx.md5)); | |
26919 | + osMD5Update(&tctx.md5, dat + ixs->iphlen + sizeof(struct ahhdr), | |
26920 | + ixs->skb->len - ixs->iphlen - sizeof(struct ahhdr)); | |
26921 | + ipsec_xmit_dmp("ictx+dat", (char*)&tctx.md5, sizeof(tctx.md5)); | |
26922 | + osMD5Final(hash, &tctx.md5); | |
26923 | + ipsec_xmit_dmp("ictx hash", (char*)&hash, sizeof(hash)); | |
26924 | + tctx.md5 = ((struct md5_ctx*)(ixs->ipsp->ips_key_a))->octx; | |
26925 | + ipsec_xmit_dmp("octx", (char*)&tctx.md5, sizeof(tctx.md5)); | |
26926 | + osMD5Update(&tctx.md5, hash, AHMD596_ALEN); | |
26927 | + ipsec_xmit_dmp("octx+hash", (char*)&tctx.md5, sizeof(tctx.md5)); | |
26928 | + osMD5Final(hash, &tctx.md5); | |
26929 | + ipsec_xmit_dmp("octx hash", (char*)&hash, sizeof(hash)); | |
26930 | + | |
26931 | + memcpy(ahp->ah_data, hash, AHHMAC_HASHLEN); | |
26932 | + | |
26933 | + /* paranoid */ | |
26934 | + memset((caddr_t)&tctx.md5, 0, sizeof(tctx.md5)); | |
26935 | + memset((caddr_t)hash, 0, sizeof(*hash)); | |
26936 | + break; | |
26937 | +#endif /* CONFIG_KLIPS_AUTH_HMAC_MD5 */ | |
26938 | +#ifdef CONFIG_KLIPS_AUTH_HMAC_SHA1 | |
26939 | + case AH_SHA: | |
26940 | + tctx.sha1 = ((struct sha1_ctx*)(ixs->ipsp->ips_key_a))->ictx; | |
26941 | + SHA1Update(&tctx.sha1, (unsigned char *)&ipo, sizeof (struct iphdr)); | |
26942 | + SHA1Update(&tctx.sha1, (unsigned char *)ahp, sizeof(struct ahhdr) - sizeof(ahp->ah_data)); | |
26943 | + SHA1Update(&tctx.sha1, (unsigned char *)zeroes, AHHMAC_HASHLEN); | |
26944 | + SHA1Update(&tctx.sha1, dat + ixs->iphlen + sizeof(struct ahhdr), | |
26945 | + ixs->skb->len - ixs->iphlen - sizeof(struct ahhdr)); | |
26946 | + SHA1Final(hash, &tctx.sha1); | |
26947 | + tctx.sha1 = ((struct sha1_ctx*)(ixs->ipsp->ips_key_a))->octx; | |
26948 | + SHA1Update(&tctx.sha1, hash, AHSHA196_ALEN); | |
26949 | + SHA1Final(hash, &tctx.sha1); | |
26950 | + | |
26951 | + memcpy(ahp->ah_data, hash, AHHMAC_HASHLEN); | |
26952 | + | |
26953 | + /* paranoid */ | |
26954 | + memset((caddr_t)&tctx.sha1, 0, sizeof(tctx.sha1)); | |
26955 | + memset((caddr_t)hash, 0, sizeof(*hash)); | |
26956 | + break; | |
26957 | +#endif /* CONFIG_KLIPS_AUTH_HMAC_SHA1 */ | |
26958 | + default: | |
26959 | + ixs->stats->tx_errors++; | |
26960 | + return IPSEC_XMIT_AH_BADALG; | |
26961 | + } | |
26962 | +#ifdef NET_21 | |
26963 | + ixs->skb->h.raw = (unsigned char*)ahp; | |
26964 | +#endif /* NET_21 */ | |
26965 | + | |
26966 | + return IPSEC_XMIT_OK; | |
26967 | +} | |
26968 | + | |
26969 | +struct xform_functions ah_xform_funcs[]={ | |
26970 | + { rcv_checks: ipsec_rcv_ah_checks, | |
26971 | + rcv_setup_auth: ipsec_rcv_ah_setup_auth, | |
26972 | + rcv_calc_auth: ipsec_rcv_ah_authcalc, | |
26973 | + rcv_decrypt: ipsec_rcv_ah_decap, | |
26974 | + | |
26975 | + xmit_setup: ipsec_xmit_ah_setup, | |
26976 | + xmit_headroom: sizeof(struct ahhdr), | |
26977 | + xmit_needtailroom: 0, | |
26978 | + }, | |
26979 | +}; | |
26980 | + | |
26981 | + | |
26982 | +#ifdef NET_26 | |
26983 | +struct inet_protocol ah_protocol = { | |
26984 | + .handler = ipsec_rcv, | |
26985 | + .no_policy = 1, | |
26986 | +}; | |
26987 | +#else | |
26988 | +struct inet_protocol ah_protocol = | |
26989 | +{ | |
26990 | + ipsec_rcv, /* AH handler */ | |
26991 | + NULL, /* TUNNEL error control */ | |
26992 | +#ifdef NETDEV_25 | |
26993 | + 1, /* no policy */ | |
26994 | +#else | |
26995 | + 0, /* next */ | |
26996 | + IPPROTO_AH, /* protocol ID */ | |
26997 | + 0, /* copy */ | |
26998 | + NULL, /* data */ | |
26999 | + "AH" /* name */ | |
27000 | +#endif | |
27001 | +}; | |
27002 | +#endif /* NET_26 */ | |
27003 | + | |
27004 | +/* | |
27005 | + * $Log: ipsec_ah.c,v $ | |
27006 | + * Revision 1.12.2.2 2006/10/06 21:39:26 paul | |
27007 | + * Fix for 2.6.18+ only include linux/config.h if AUTOCONF_INCLUDED is not | |
27008 | + * set. This is defined through autoconf.h which is included through the | |
27009 | + * linux kernel build macros. | |
27010 | + * | |
27011 | + * Revision 1.12.2.1 2006/02/15 05:35:14 paul | |
27012 | + * Patch by David McCullough <davidm@snapgear.com> | |
27013 | + * If you setup a tunnel without ESP it doesn't work. It used to work in | |
27014 | + * an older openswan version but stopped when klips was modified to deal | |
27015 | + * with the pulled IP header on the received SKB's. | |
27016 | + * | |
27017 | + * The code in ipsec_ah.c still thinks the IP header is there and runs the | |
27018 | + * hash on the incorrect data. | |
27019 | + * | |
27020 | + * Revision 1.12 2005/04/29 05:10:22 mcr | |
27021 | + * removed from extraenous includes to make unit testing easier. | |
27022 | + * | |
27023 | + * Revision 1.11 2005/04/15 19:50:55 mcr | |
27024 | + * adjustments to use proper skb fields for data. | |
27025 | + * | |
27026 | + * Revision 1.10 2004/09/14 00:22:57 mcr | |
27027 | + * adjustment of MD5* functions. | |
27028 | + * | |
27029 | + * Revision 1.9 2004/09/13 02:22:47 mcr | |
27030 | + * #define inet_protocol if necessary. | |
27031 | + * | |
27032 | + * Revision 1.8 2004/09/06 18:35:48 mcr | |
27033 | + * 2.6.8.1 gets rid of inet_protocol->net_protocol compatibility, | |
27034 | + * so adjust for that. | |
27035 | + * | |
27036 | + * Revision 1.7 2004/08/22 05:00:48 mcr | |
27037 | + * if we choose to compile the file, we want the contents, | |
27038 | + * so don't pull any punches. | |
27039 | + * | |
27040 | + * Revision 1.6 2004/08/17 03:27:23 mcr | |
27041 | + * klips 2.6 edits. | |
27042 | + * | |
27043 | + * Revision 1.5 2004/08/14 03:28:24 mcr | |
27044 | + * fixed log comment to remove warning about embedded comment. | |
27045 | + * | |
27046 | + * Revision 1.4 2004/08/04 15:57:07 mcr | |
27047 | + * moved des .h files to include/des/ * | |
27048 | + * included 2.6 protocol specific things | |
27049 | + * started at NAT-T support, but it will require a kernel patch. | |
27050 | + * | |
27051 | + * Revision 1.3 2004/07/10 19:11:18 mcr | |
27052 | + * CONFIG_IPSEC -> CONFIG_KLIPS. | |
27053 | + * | |
27054 | + * Revision 1.2 2004/04/06 02:49:25 mcr | |
27055 | + * pullup of algo code from alg-branch. | |
27056 | + * | |
27057 | + * | |
27058 | + * | |
27059 | + */ | |
27060 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
27061 | +++ linux/net/ipsec/ipsec_alg.c Mon Feb 9 13:51:03 2004 | |
27062 | @@ -0,0 +1,1057 @@ | |
27063 | +/* | |
27064 | + * Modular extensions service and registration functions | |
27065 | + * | |
27066 | + * Author: JuanJo Ciarlante <jjo-ipsec@mendoza.gov.ar> | |
27067 | + * | |
27068 | + * Version: 0.8.1 | |
27069 | + * | |
27070 | + * ipsec_alg.c,v 1.1.2.1 2003/11/21 18:12:23 jjo Exp | |
27071 | + * | |
27072 | + * This program is free software; you can redistribute it and/or modify it | |
27073 | + * under the terms of the GNU General Public License as published by the | |
27074 | + * Free Software Foundation; either version 2 of the License, or (at your | |
27075 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
27076 | + * | |
27077 | + * This program is distributed in the hope that it will be useful, but | |
27078 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
27079 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
27080 | + * for more details. | |
27081 | + * | |
27082 | + */ | |
27083 | +#define __NO_VERSION__ | |
27084 | + | |
27085 | +#if defined (MODULE) | |
27086 | +#include <linux/module.h> | |
27087 | +#endif | |
27088 | + | |
27089 | +#include <linux/kernel.h> /* printk() */ | |
27090 | + | |
27091 | +#include <linux/netdevice.h> /* struct device, and other headers */ | |
27092 | +#include <linux/etherdevice.h> /* eth_type_trans */ | |
27093 | +#include <linux/ip.h> /* struct iphdr */ | |
27094 | +#include <linux/skbuff.h> | |
27095 | +#include <linux/socket.h> | |
27096 | +#include <linux/in.h> | |
27097 | +#include <linux/types.h> | |
27098 | +#include <linux/string.h> /* memcmp() */ | |
27099 | +#include <linux/random.h> /* get_random_bytes() */ | |
27100 | +#include <linux/errno.h> /* error codes */ | |
27101 | +#ifdef SPINLOCK | |
27102 | +# ifdef SPINLOCK_23 | |
27103 | +# include <linux/spinlock.h> /* *lock* */ | |
27104 | +# else /* SPINLOCK_23 */ | |
27105 | +# include <asm/spinlock.h> /* *lock* */ | |
27106 | +# endif /* SPINLOCK_23 */ | |
27107 | +#endif /* SPINLOCK */ | |
27108 | + | |
27109 | +#include "openswan/ipsec_param.h" | |
27110 | +#include <openswan.h> | |
27111 | +#include "openswan/ipsec_sa.h" | |
27112 | +#include "openswan/radij.h" | |
27113 | +#include "openswan/ipsec_encap.h" | |
27114 | +#include "openswan/ipsec_radij.h" | |
27115 | +#include "openswan/ipsec_xform.h" | |
27116 | +#include "openswan/ipsec_tunnel.h" | |
27117 | +#include "openswan/ipsec_rcv.h" | |
27118 | +#if defined(CONFIG_KLIPS_ESP) || defined(CONFIG_KLIPS_AH) | |
27119 | +# include "openswan/ipsec_ah.h" | |
27120 | +#endif /* defined(CONFIG_KLIPS_ESP) || defined(CONFIG_KLIPS_AH) */ | |
27121 | +#ifdef CONFIG_KLIPS_ESP | |
27122 | +# include "openswan/ipsec_esp.h" | |
27123 | +#endif /* !CONFIG_KLIPS_ESP */ | |
27124 | +#ifdef CONFIG_KLIPS_IPCOMP | |
27125 | +# include "openswan/ipcomp.h" | |
27126 | +#endif /* CONFIG_KLIPS_COMP */ | |
27127 | + | |
27128 | +#include <pfkeyv2.h> | |
27129 | +#include <pfkey.h> | |
27130 | + | |
27131 | +#include "openswan/ipsec_alg.h" | |
27132 | +#include "openswan/ipsec_proto.h" | |
27133 | + | |
27134 | +#if SADB_EALG_MAX < 255 | |
27135 | +#warning Compiling with limited ESP support ( SADB_EALG_MAX < 256 ) | |
27136 | +#endif | |
27137 | + | |
27138 | +static rwlock_t ipsec_alg_lock = RW_LOCK_UNLOCKED; | |
27139 | +#define IPSEC_ALG_HASHSZ 16 /* must be power of 2, even 2^0=1 */ | |
27140 | +static struct list_head ipsec_alg_hash_table[IPSEC_ALG_HASHSZ]; | |
27141 | + | |
27142 | +/* Old gcc's will fail here */ | |
27143 | +#define barf_out(fmt, args...) do { struct ipsec_alg *ixtc = (struct ipsec_alg *)ixt; printk(KERN_ERR "%s: (%s) " fmt, __FUNCTION__, ixtc->ixt_name , ## args) \ | |
27144 | + ; goto out; } while(0) | |
27145 | + | |
27146 | +#ifdef NET_26 | |
27147 | +/* | |
27148 | + * Must be already protected by lock | |
27149 | + */ | |
27150 | +static void __ipsec_alg_usage_inc(struct ipsec_alg *ixt) | |
27151 | +{ | |
27152 | +#ifdef MODULE | |
27153 | + if (ixt->ixt_module) | |
27154 | + try_module_get(ixt->ixt_module); | |
27155 | +#endif | |
27156 | + atomic_inc(&ixt->ixt_refcnt); | |
27157 | +} | |
27158 | +static void __ipsec_alg_usage_dec(struct ipsec_alg *ixt) { | |
27159 | + atomic_dec(&ixt->ixt_refcnt); | |
27160 | +#ifdef MODULE | |
27161 | + if (ixt->ixt_module) | |
27162 | + module_put(ixt->ixt_module); | |
27163 | +#endif | |
27164 | +} | |
27165 | + | |
27166 | +#else | |
27167 | + | |
27168 | +/* | |
27169 | + * Must be already protected by lock | |
27170 | + */ | |
27171 | +static void __ipsec_alg_usage_inc(struct ipsec_alg *ixt) { | |
27172 | +#ifdef MODULE | |
27173 | + if (ixt->ixt_module) { | |
27174 | + __MOD_INC_USE_COUNT(ixt->ixt_module); | |
27175 | + } | |
27176 | +#endif | |
27177 | + atomic_inc(&ixt->ixt_refcnt); | |
27178 | +} | |
27179 | +static void __ipsec_alg_usage_dec(struct ipsec_alg *ixt) { | |
27180 | + atomic_dec(&ixt->ixt_refcnt); | |
27181 | +#ifdef MODULE | |
27182 | + if (ixt->ixt_module) | |
27183 | + __MOD_DEC_USE_COUNT(ixt->ixt_module); | |
27184 | +#endif | |
27185 | +} | |
27186 | +#endif | |
27187 | + | |
27188 | +/* | |
27189 | + * simple hash function, optimized for 0-hash (1 list) special | |
27190 | + * case | |
27191 | + */ | |
27192 | +#if IPSEC_ALG_HASHSZ > 1 | |
27193 | +static inline unsigned ipsec_alg_hashfn(int alg_type, int alg_id) { | |
27194 | + return ((alg_type^alg_id)&(IPSEC_ALG_HASHSZ-1)); | |
27195 | +} | |
27196 | +#else | |
27197 | +#define ipsec_alg_hashfn(x,y) (0) | |
27198 | +#endif | |
27199 | + | |
27200 | +/***************************************************************** | |
27201 | + * | |
27202 | + * INTERNAL table handling: insert, delete, find | |
27203 | + * | |
27204 | + *****************************************************************/ | |
27205 | + | |
27206 | +/* | |
27207 | + * hash table initialization, called from ipsec_alg_init() | |
27208 | + */ | |
27209 | +static void ipsec_alg_hash_init(void) { | |
27210 | + struct list_head *head = ipsec_alg_hash_table; | |
27211 | + int i = IPSEC_ALG_HASHSZ; | |
27212 | + do { | |
27213 | + INIT_LIST_HEAD(head); | |
27214 | + head++; | |
27215 | + i--; | |
27216 | + } while (i); | |
27217 | +} | |
27218 | +/* | |
27219 | + * hash list lookup by {alg_type, alg_id} and table head, | |
27220 | + * must be already protected by lock | |
27221 | + */ | |
27222 | +static struct ipsec_alg *__ipsec_alg_find(unsigned alg_type, unsigned alg_id, struct list_head * head) { | |
27223 | + struct list_head *p; | |
27224 | + struct ipsec_alg *ixt=NULL; | |
27225 | + for (p=head->next; p!=head; p=p->next) { | |
27226 | + ixt = list_entry(p, struct ipsec_alg, ixt_list); | |
27227 | + if (ixt->ixt_alg_type == alg_type && ixt->ixt_alg_id==alg_id) { | |
27228 | + goto out; | |
27229 | + } | |
27230 | + } | |
27231 | + ixt=NULL; | |
27232 | +out: | |
27233 | + return ixt; | |
27234 | +} | |
27235 | +/* | |
27236 | + * inserts (in front) a new entry in hash table, | |
27237 | + * called from ipsec_alg_register() when new algorithm is registered. | |
27238 | + */ | |
27239 | +static int ipsec_alg_insert(struct ipsec_alg *ixt) { | |
27240 | + int ret=-EINVAL; | |
27241 | + unsigned hashval=ipsec_alg_hashfn(ixt->ixt_alg_type, ixt->ixt_alg_id); | |
27242 | + struct list_head *head= ipsec_alg_hash_table + hashval; | |
27243 | + struct ipsec_alg *ixt_cur; | |
27244 | + | |
27245 | + /* new element must be virgin ... */ | |
27246 | + if (ixt->ixt_list.next != &ixt->ixt_list || | |
27247 | + ixt->ixt_list.prev != &ixt->ixt_list) { | |
27248 | + printk(KERN_ERR "ipsec_alg_insert: ixt object \"%s\" " | |
27249 | + "list head not initialized\n", | |
27250 | + ixt->ixt_name); | |
27251 | + return ret; | |
27252 | + } | |
27253 | + write_lock_bh(&ipsec_alg_lock); | |
27254 | + | |
27255 | + ixt_cur = __ipsec_alg_find(ixt->ixt_alg_type, ixt->ixt_alg_id, head); | |
27256 | + | |
27257 | + /* if previous (current) ipsec_alg found check excl flag of _anyone_ */ | |
27258 | + if (ixt_cur | |
27259 | + && ((ixt->ixt_state|ixt_cur->ixt_state) & IPSEC_ALG_ST_EXCL)) { | |
27260 | + barf_out("ipsec_alg for alg_type=%d, alg_id=%d already exist. " | |
27261 | + "Not loaded (ret=%d).\n", | |
27262 | + ixt->ixt_alg_type, | |
27263 | + ixt->ixt_alg_id, ret=-EEXIST); | |
27264 | + } | |
27265 | + list_add(&ixt->ixt_list, head); | |
27266 | + ixt->ixt_state |= IPSEC_ALG_ST_REGISTERED; | |
27267 | + ret=0; | |
27268 | +out: | |
27269 | + write_unlock_bh(&ipsec_alg_lock); | |
27270 | + return ret; | |
27271 | +} | |
27272 | + | |
27273 | +/* | |
27274 | + * deletes an existing entry in hash table, | |
27275 | + * called from ipsec_alg_unregister() when algorithm is unregistered. | |
27276 | + */ | |
27277 | +static int ipsec_alg_delete(struct ipsec_alg *ixt) { | |
27278 | + write_lock_bh(&ipsec_alg_lock); | |
27279 | + list_del(&ixt->ixt_list); | |
27280 | + write_unlock_bh(&ipsec_alg_lock); | |
27281 | + return 0; | |
27282 | +} | |
27283 | + | |
27284 | +/* | |
27285 | + * here @user context (read-only when @kernel bh context) | |
27286 | + * -> no bh disabling | |
27287 | + * | |
27288 | + * called from ipsec_sa_init() -> ipsec_alg_sa_init() | |
27289 | + */ | |
27290 | +static struct ipsec_alg *ipsec_alg_get(int alg_type, int alg_id) | |
27291 | +{ | |
27292 | + unsigned hashval=ipsec_alg_hashfn(alg_type, alg_id); | |
27293 | + struct list_head *head= ipsec_alg_hash_table + hashval; | |
27294 | + struct ipsec_alg *ixt; | |
27295 | + | |
27296 | + read_lock(&ipsec_alg_lock); | |
27297 | + ixt=__ipsec_alg_find(alg_type, alg_id, head); | |
27298 | + if (ixt) __ipsec_alg_usage_inc(ixt); | |
27299 | + read_unlock(&ipsec_alg_lock); | |
27300 | + | |
27301 | + return ixt; | |
27302 | +} | |
27303 | + | |
27304 | +static void ipsec_alg_put(struct ipsec_alg *ixt) { | |
27305 | + __ipsec_alg_usage_dec((struct ipsec_alg *)ixt); | |
27306 | +} | |
27307 | + | |
27308 | +/***************************************************************** | |
27309 | + * | |
27310 | + * INTERFACE for ENC services: key creation, encrypt function | |
27311 | + * | |
27312 | + *****************************************************************/ | |
27313 | + | |
27314 | +/* | |
27315 | + * main encrypt service entry point | |
27316 | + * called from ipsec_rcv() with encrypt=IPSEC_ALG_DECRYPT and | |
27317 | + * ipsec_tunnel_start_xmit with encrypt=IPSEC_ALG_ENCRYPT | |
27318 | + */ | |
27319 | +int ipsec_alg_esp_encrypt(struct ipsec_sa *sa_p, __u8 * idat, | |
27320 | + int ilen, const __u8 * iv, int encrypt) | |
27321 | +{ | |
27322 | + int ret; | |
27323 | + struct ipsec_alg_enc *ixt_e=sa_p->ips_alg_enc; | |
27324 | +#ifdef CONFIG_KLIPS_DEBUG | |
27325 | + int debug_flag = (encrypt==IPSEC_ALG_ENCRYPT ? | |
27326 | + debug_tunnel : debug_rcv); | |
27327 | +#endif | |
27328 | + | |
27329 | + KLIPS_PRINT(debug_flag, | |
27330 | + "klips_debug:ipsec_alg_esp_encrypt: " | |
27331 | + "entering with encalg=%d, ixt_e=%p\n", | |
27332 | + sa_p->ips_encalg, ixt_e); | |
27333 | + if (ixt_e == NULL) { | |
27334 | +#ifdef CONFIG_KLIPS_DEBUG | |
27335 | + KLIPS_ERROR(debug_flag, | |
27336 | + "klips_debug:ipsec_alg_esp_encrypt: " | |
27337 | + "NULL ipsec_alg_enc object\n"); | |
27338 | +#endif | |
27339 | + return -1; | |
27340 | + } | |
27341 | + KLIPS_PRINT(debug_flag, | |
27342 | + "klips_debug:ipsec_alg_esp_encrypt: " | |
27343 | + "calling cbc_encrypt encalg=%d " | |
27344 | + "ips_key_e=%p idat=%p ilen=%d iv=%p, encrypt=%d\n", | |
27345 | + sa_p->ips_encalg, | |
27346 | + sa_p->ips_key_e, idat, ilen, iv, encrypt); | |
27347 | + ret=ixt_e->ixt_e_cbc_encrypt(ixt_e, sa_p->ips_key_e, idat, | |
27348 | + ilen, iv, encrypt); | |
27349 | + KLIPS_PRINT(debug_flag, | |
27350 | + "klips_debug:ipsec_alg_esp_encrypt: " | |
27351 | + "returned ret=%d\n", | |
27352 | + ret); | |
27353 | + return ret; | |
27354 | +} | |
27355 | + | |
27356 | +/* | |
27357 | + * encryption key context creation function | |
27358 | + * called from pfkey_v2_parser.c:pfkey_ips_init() | |
27359 | + */ | |
27360 | +int ipsec_alg_enc_key_create(struct ipsec_sa *sa_p) { | |
27361 | + int ret=-EINVAL; | |
27362 | + int keyminbits, keymaxbits; | |
27363 | + caddr_t ekp; | |
27364 | + struct ipsec_alg_enc *ixt_e=sa_p->ips_alg_enc; | |
27365 | + | |
27366 | + KLIPS_PRINT(debug_pfkey, | |
27367 | + "klips_debug:ipsec_alg_enc_key_create: " | |
27368 | + "entering with encalg=%d ixt_e=%p\n", | |
27369 | + sa_p->ips_encalg, ixt_e); | |
27370 | + if (!ixt_e) { | |
27371 | + KLIPS_PRINT(debug_pfkey, | |
27372 | + "klips_debug:ipsec_alg_enc_key_create: " | |
27373 | + "NULL ipsec_alg_enc object\n"); | |
27374 | + return -EPROTO; | |
27375 | + } | |
27376 | + | |
27377 | + /* | |
27378 | + * grRRR... DES 7bits jurassic stuff ... f*ckk --jjo | |
27379 | + */ | |
27380 | + switch(ixt_e->ixt_common.ixt_support.ias_id) { | |
27381 | + case ESP_3DES: | |
27382 | + keyminbits=keymaxbits=192;break; | |
27383 | + case ESP_DES: | |
27384 | + keyminbits=keymaxbits=64;break; | |
27385 | + default: | |
27386 | + keyminbits=ixt_e->ixt_common.ixt_support.ias_keyminbits; | |
27387 | + keymaxbits=ixt_e->ixt_common.ixt_support.ias_keymaxbits; | |
27388 | + } | |
27389 | + if(sa_p->ips_key_bits_e<keyminbits || | |
27390 | + sa_p->ips_key_bits_e>keymaxbits) { | |
27391 | + KLIPS_PRINT(debug_pfkey, | |
27392 | + "klips_debug:ipsec_alg_enc_key_create: " | |
27393 | + "incorrect encryption key size for id=%d: %d bits -- " | |
27394 | + "must be between %d,%d bits\n" /*octets (bytes)\n"*/, | |
27395 | + ixt_e->ixt_common.ixt_support.ias_id, | |
27396 | + sa_p->ips_key_bits_e, keyminbits, keymaxbits); | |
27397 | + ret=-EINVAL; | |
27398 | + goto ixt_out; | |
27399 | + } | |
27400 | + /* save encryption key pointer */ | |
27401 | + ekp = sa_p->ips_key_e; | |
27402 | + | |
27403 | + | |
27404 | + if (ixt_e->ixt_e_new_key) { | |
27405 | + sa_p->ips_key_e = ixt_e->ixt_e_new_key(ixt_e, | |
27406 | + ekp, sa_p->ips_key_bits_e/8); | |
27407 | + ret = (sa_p->ips_key_e)? 0 : -EINVAL; | |
27408 | + } else { | |
27409 | + if((sa_p->ips_key_e = (caddr_t) | |
27410 | + kmalloc((sa_p->ips_key_e_size = ixt_e->ixt_e_ctx_size), | |
27411 | + GFP_ATOMIC)) == NULL) { | |
27412 | + ret=-ENOMEM; | |
27413 | + goto ixt_out; | |
27414 | + } | |
27415 | + /* zero-out key_e */ | |
27416 | + memset(sa_p->ips_key_e, 0, sa_p->ips_key_e_size); | |
27417 | + | |
27418 | + /* I cast here to allow more decoupling in alg module */ | |
27419 | + KLIPS_PRINT(debug_pfkey, | |
27420 | + "klips_debug:ipsec_alg_enc_key_create: about to call:" | |
27421 | + "set_key(key_e=%p, ekp=%p, key_size=%d)\n", | |
27422 | + (caddr_t)sa_p->ips_key_e, ekp, sa_p->ips_key_bits_e/8); | |
27423 | + ret = ixt_e->ixt_e_set_key(ixt_e, (caddr_t)sa_p->ips_key_e, ekp, sa_p->ips_key_bits_e/8); | |
27424 | + } | |
27425 | + /* paranoid */ | |
27426 | + memset(ekp, 0, sa_p->ips_key_bits_e/8); | |
27427 | + kfree(ekp); | |
27428 | +ixt_out: | |
27429 | + return ret; | |
27430 | +} | |
27431 | + | |
27432 | +/*************************************************************** | |
27433 | + * | |
27434 | + * INTERFACE for AUTH services: key creation, hash functions | |
27435 | + * | |
27436 | + ***************************************************************/ | |
27437 | + | |
27438 | +/* | |
27439 | + * auth key context creation function | |
27440 | + * called from pfkey_v2_parser.c:pfkey_ips_init() | |
27441 | + */ | |
27442 | +int ipsec_alg_auth_key_create(struct ipsec_sa *sa_p) { | |
27443 | + int ret=-EINVAL; | |
27444 | + struct ipsec_alg_auth *ixt_a=sa_p->ips_alg_auth; | |
27445 | + int keyminbits, keymaxbits; | |
27446 | + unsigned char *akp; | |
27447 | + unsigned int aks; | |
27448 | + KLIPS_PRINT(debug_pfkey, | |
27449 | + "klips_debug:ipsec_alg_auth_key_create: " | |
27450 | + "entering with authalg=%d ixt_a=%p\n", | |
27451 | + sa_p->ips_authalg, ixt_a); | |
27452 | + if (!ixt_a) { | |
27453 | + KLIPS_PRINT(debug_pfkey, | |
27454 | + "klips_debug:ipsec_alg_auth_key_create: " | |
27455 | + "NULL ipsec_alg_auth object\n"); | |
27456 | + return -EPROTO; | |
27457 | + } | |
27458 | + keyminbits=ixt_a->ixt_common.ixt_support.ias_keyminbits; | |
27459 | + keymaxbits=ixt_a->ixt_common.ixt_support.ias_keymaxbits; | |
27460 | + if(sa_p->ips_key_bits_a<keyminbits || sa_p->ips_key_bits_a>keymaxbits) { | |
27461 | + KLIPS_PRINT(debug_pfkey, | |
27462 | + "klips_debug:ipsec_alg_auth_key_create: incorrect auth" | |
27463 | + "key size: %d bits -- must be between %d,%d bits\n"/*octets (bytes)\n"*/, | |
27464 | + sa_p->ips_key_bits_a, keyminbits, keymaxbits); | |
27465 | + ret=-EINVAL; | |
27466 | + goto ixt_out; | |
27467 | + } | |
27468 | + /* save auth key pointer */ | |
27469 | + sa_p->ips_auth_bits = ixt_a->ixt_a_keylen * 8; /* XXX XXX */ | |
27470 | + akp = sa_p->ips_key_a; | |
27471 | + aks = sa_p->ips_key_a_size; | |
27472 | + | |
27473 | + /* will hold: 2 ctx and a blocksize buffer: kb */ | |
27474 | + sa_p->ips_key_a_size = ixt_a->ixt_a_ctx_size; | |
27475 | + if((sa_p->ips_key_a = | |
27476 | + (caddr_t) kmalloc(sa_p->ips_key_a_size, GFP_ATOMIC)) == NULL) { | |
27477 | + ret=-ENOMEM; | |
27478 | + goto ixt_out; | |
27479 | + } | |
27480 | + ixt_a->ixt_a_hmac_set_key(ixt_a, sa_p->ips_key_a, akp, sa_p->ips_key_bits_a/8); /* XXX XXX */ | |
27481 | + ret=0; | |
27482 | + memset(akp, 0, aks); | |
27483 | + kfree(akp); | |
27484 | + | |
27485 | +ixt_out: | |
27486 | + return ret; | |
27487 | +} | |
27488 | + | |
27489 | + | |
27490 | +int ipsec_alg_sa_esp_hash(const struct ipsec_sa *sa_p, const __u8 *espp, | |
27491 | + int len, __u8 *hash, int hashlen) | |
27492 | +{ | |
27493 | + struct ipsec_alg_auth *ixt_a=sa_p->ips_alg_auth; | |
27494 | + if (!ixt_a) { | |
27495 | + KLIPS_PRINT(debug_pfkey, | |
27496 | + "klips_debug:ipsec_sa_esp_hash: " | |
27497 | + "NULL ipsec_alg_auth object\n"); | |
27498 | + return -EPROTO; | |
27499 | + } | |
27500 | + KLIPS_PRINT(debug_tunnel|debug_rcv, | |
27501 | + "klips_debug:ipsec_sa_esp_hash: " | |
27502 | + "hashing %p (%d bytes) to %p (%d bytes)\n", | |
27503 | + espp, len, | |
27504 | + hash, hashlen); | |
27505 | + ixt_a->ixt_a_hmac_hash(ixt_a, | |
27506 | + sa_p->ips_key_a, | |
27507 | + espp, len, | |
27508 | + hash, hashlen); | |
27509 | + return 0; | |
27510 | +} | |
27511 | + | |
27512 | +/*************************************************************** | |
27513 | + * | |
27514 | + * INTERFACE for module loading,testing, and unloading | |
27515 | + * | |
27516 | + ***************************************************************/ | |
27517 | + | |
27518 | +/* validation for registering (enc) module */ | |
27519 | +static int check_enc(struct ipsec_alg_enc *ixt) | |
27520 | +{ | |
27521 | + int ret=-EINVAL; | |
27522 | + if (ixt->ixt_common.ixt_blocksize==0) /* || ixt->ixt_common.ixt_blocksize%2) need for ESP_NULL */ | |
27523 | + barf_out(KERN_ERR "invalid blocksize=%d\n", ixt->ixt_common.ixt_blocksize); | |
27524 | + if (ixt->ixt_common.ixt_support.ias_keyminbits==0 | |
27525 | + && ixt->ixt_common.ixt_support.ias_keymaxbits==0 | |
27526 | + && ixt->ixt_e_keylen==0) | |
27527 | + goto zero_key_ok; | |
27528 | + | |
27529 | + if (ixt->ixt_common.ixt_support.ias_keyminbits==0) | |
27530 | + barf_out(KERN_ERR "invalid keyminbits=%d\n", ixt->ixt_common.ixt_support.ias_keyminbits); | |
27531 | + | |
27532 | + if (ixt->ixt_common.ixt_support.ias_keymaxbits==0) | |
27533 | + barf_out(KERN_ERR "invalid keymaxbits=%d\n", ixt->ixt_common.ixt_support.ias_keymaxbits); | |
27534 | + | |
27535 | + if (ixt->ixt_e_keylen==0) | |
27536 | + barf_out(KERN_ERR "invalid keysize=%d\n", ixt->ixt_e_keylen); | |
27537 | + | |
27538 | +zero_key_ok: | |
27539 | + if (ixt->ixt_e_ctx_size==0 && ixt->ixt_e_new_key == NULL) | |
27540 | + barf_out(KERN_ERR "invalid key_e_size=%d and ixt_e_new_key=NULL\n", ixt->ixt_e_ctx_size); | |
27541 | + if (ixt->ixt_e_cbc_encrypt==NULL) | |
27542 | + barf_out(KERN_ERR "e_cbc_encrypt() must be not NULL\n"); | |
27543 | + ret=0; | |
27544 | +out: | |
27545 | + return ret; | |
27546 | +} | |
27547 | + | |
27548 | +/* validation for registering (auth) module */ | |
27549 | +static int check_auth(struct ipsec_alg_auth *ixt) | |
27550 | +{ | |
27551 | + int ret=-EINVAL; | |
27552 | + if (ixt->ixt_common.ixt_support.ias_id==0 || ixt->ixt_common.ixt_support.ias_id > SADB_AALG_MAX) | |
27553 | + barf_out("invalid alg_id=%d > %d (SADB_AALG_MAX)\n", | |
27554 | + ixt->ixt_common.ixt_support.ias_id, SADB_AALG_MAX); | |
27555 | + | |
27556 | + if (ixt->ixt_common.ixt_blocksize==0 | |
27557 | + || ixt->ixt_common.ixt_blocksize%2) | |
27558 | + barf_out(KERN_ERR "invalid blocksize=%d\n", | |
27559 | + ixt->ixt_common.ixt_blocksize); | |
27560 | + | |
27561 | + if (ixt->ixt_common.ixt_blocksize>AH_BLKLEN_MAX) | |
27562 | + barf_out(KERN_ERR "sorry blocksize=%d > %d. " | |
27563 | + "Please increase AH_BLKLEN_MAX and recompile\n", | |
27564 | + ixt->ixt_common.ixt_blocksize, | |
27565 | + AH_BLKLEN_MAX); | |
27566 | + if (ixt->ixt_common.ixt_support.ias_keyminbits==0 && ixt->ixt_common.ixt_support.ias_keymaxbits==0 && ixt->ixt_a_keylen==0) | |
27567 | + goto zero_key_ok; | |
27568 | + if (ixt->ixt_common.ixt_support.ias_keyminbits==0) | |
27569 | + barf_out(KERN_ERR "invalid keyminbits=%d\n", ixt->ixt_common.ixt_support.ias_keyminbits); | |
27570 | + if (ixt->ixt_common.ixt_support.ias_keymaxbits==0) | |
27571 | + barf_out(KERN_ERR "invalid keymaxbits=%d\n", ixt->ixt_common.ixt_support.ias_keymaxbits); | |
27572 | + if (ixt->ixt_common.ixt_support.ias_keymaxbits!=ixt->ixt_common.ixt_support.ias_keyminbits) | |
27573 | + barf_out(KERN_ERR "keymaxbits must equal keyminbits (not sure).\n"); | |
27574 | + if (ixt->ixt_a_keylen==0) | |
27575 | + barf_out(KERN_ERR "invalid keysize=%d\n", ixt->ixt_a_keylen); | |
27576 | +zero_key_ok: | |
27577 | + if (ixt->ixt_a_ctx_size==0) | |
27578 | + barf_out(KERN_ERR "invalid a_ctx_size=%d\n", ixt->ixt_a_ctx_size); | |
27579 | + if (ixt->ixt_a_hmac_set_key==NULL) | |
27580 | + barf_out(KERN_ERR "a_hmac_set_key() must be not NULL\n"); | |
27581 | + if (ixt->ixt_a_hmac_hash==NULL) | |
27582 | + barf_out(KERN_ERR "a_hmac_hash() must be not NULL\n"); | |
27583 | + ret=0; | |
27584 | +out: | |
27585 | + return ret; | |
27586 | +} | |
27587 | + | |
27588 | +/* | |
27589 | + * Generic (enc, auth) registration entry point | |
27590 | + */ | |
27591 | +int register_ipsec_alg(struct ipsec_alg *ixt) | |
27592 | +{ | |
27593 | + int ret=-EINVAL; | |
27594 | + /* Validation */ | |
27595 | + if (ixt==NULL) | |
27596 | + barf_out("NULL ipsec_alg object passed\n"); | |
27597 | + if ((ixt->ixt_version&0xffffff00) != (IPSEC_ALG_VERSION&0xffffff00)) | |
27598 | + barf_out("incorrect version: %d.%d.%d-%d, " | |
27599 | + "must be %d.%d.%d[-%d]\n", | |
27600 | + IPSEC_ALG_VERSION_QUAD(ixt->ixt_version), | |
27601 | + IPSEC_ALG_VERSION_QUAD(IPSEC_ALG_VERSION)); | |
27602 | + | |
27603 | + switch(ixt->ixt_alg_type) { | |
27604 | + case IPSEC_ALG_TYPE_AUTH: | |
27605 | + if ((ret=check_auth((struct ipsec_alg_auth *)ixt)<0)) | |
27606 | + goto out; | |
27607 | + break; | |
27608 | + case IPSEC_ALG_TYPE_ENCRYPT: | |
27609 | + if ((ret=check_enc((struct ipsec_alg_enc *)ixt)<0)) | |
27610 | + goto out; | |
27611 | + /* | |
27612 | + * Adapted two lines below: | |
27613 | + * ivlen == 0 is possible (NULL enc has blocksize==1) | |
27614 | + * | |
27615 | + * fixed NULL support by David De Reu <DeReu@tComLabs.com> | |
27616 | + */ | |
27617 | + if (ixt->ixt_support.ias_ivlen == 0 | |
27618 | + && ixt->ixt_blocksize > 1) { | |
27619 | + ixt->ixt_support.ias_ivlen = ixt->ixt_blocksize*8; | |
27620 | + } | |
27621 | + break; | |
27622 | + default: | |
27623 | + barf_out("alg_type=%d not supported\n", ixt->ixt_alg_type); | |
27624 | + } | |
27625 | + INIT_LIST_HEAD(&ixt->ixt_list); | |
27626 | + ret = ipsec_alg_insert(ixt); | |
27627 | + if (ret<0) | |
27628 | + barf_out(KERN_WARNING "ipsec_alg for alg_id=%d failed." | |
27629 | + "Not loaded (ret=%d).\n", | |
27630 | + ixt->ixt_support.ias_id, ret); | |
27631 | + | |
27632 | + | |
27633 | + ret = pfkey_list_insert_supported((struct ipsec_alg_supported *)&ixt->ixt_support | |
27634 | + , &(pfkey_supported_list[SADB_SATYPE_ESP])); | |
27635 | + | |
27636 | + if (ret==0) { | |
27637 | + ixt->ixt_state |= IPSEC_ALG_ST_SUPP; | |
27638 | + /* send register event to userspace */ | |
27639 | + pfkey_register_reply(SADB_SATYPE_ESP, NULL); | |
27640 | + } else | |
27641 | + printk(KERN_ERR "pfkey_list_insert_supported returned %d. " | |
27642 | + "Loading anyway.\n", ret); | |
27643 | + ret=0; | |
27644 | +out: | |
27645 | + return ret; | |
27646 | +} | |
27647 | + | |
27648 | +/* | |
27649 | + * unregister ipsec_alg object from own tables, if | |
27650 | + * success => calls pfkey_list_remove_supported() | |
27651 | + */ | |
27652 | +int unregister_ipsec_alg(struct ipsec_alg *ixt) { | |
27653 | + int ret= -EINVAL; | |
27654 | + switch(ixt->ixt_alg_type) { | |
27655 | + case IPSEC_ALG_TYPE_AUTH: | |
27656 | + case IPSEC_ALG_TYPE_ENCRYPT: | |
27657 | + break; | |
27658 | + default: | |
27659 | + /* this is not a typo :) */ | |
27660 | + barf_out("frog found in list (\"%s\"): ixt_p=NULL\n", | |
27661 | + ixt->ixt_name); | |
27662 | + } | |
27663 | + | |
27664 | + ret=ipsec_alg_delete(ixt); | |
27665 | + if (ixt->ixt_state&IPSEC_ALG_ST_SUPP) { | |
27666 | + ixt->ixt_state &= ~IPSEC_ALG_ST_SUPP; | |
27667 | + pfkey_list_remove_supported((struct ipsec_alg_supported *)&ixt->ixt_support | |
27668 | + , &(pfkey_supported_list[SADB_SATYPE_ESP])); | |
27669 | + | |
27670 | + /* send register event to userspace */ | |
27671 | + pfkey_register_reply(SADB_SATYPE_ESP, NULL); | |
27672 | + } | |
27673 | + | |
27674 | +out: | |
27675 | + return ret; | |
27676 | +} | |
27677 | + | |
27678 | +/* | |
27679 | + * Must be called from user context | |
27680 | + * used at module load type for testing algo implementation | |
27681 | + */ | |
27682 | +static int ipsec_alg_test_encrypt(int enc_alg, int test) { | |
27683 | + int ret; | |
27684 | + caddr_t buf = NULL; | |
27685 | + int iv_size, keysize, key_e_size; | |
27686 | + struct ipsec_alg_enc *ixt_e; | |
27687 | + void *tmp_key_e = NULL; | |
27688 | + #define BUFSZ 1024 | |
27689 | + #define MARGIN 0 | |
27690 | + #define test_enc (buf+MARGIN) | |
27691 | + #define test_dec (test_enc+BUFSZ+MARGIN) | |
27692 | + #define test_tmp (test_dec+BUFSZ+MARGIN) | |
27693 | + #define test_key_e (test_tmp+BUFSZ+MARGIN) | |
27694 | + #define test_iv (test_key_e+key_e_size+MARGIN) | |
27695 | + #define test_key (test_iv+iv_size+MARGIN) | |
27696 | + #define test_size (BUFSZ*3+key_e_size+iv_size+keysize+MARGIN*7) | |
27697 | + ixt_e=(struct ipsec_alg_enc *)ipsec_alg_get(IPSEC_ALG_TYPE_ENCRYPT, enc_alg); | |
27698 | + if (ixt_e==NULL) { | |
27699 | + KLIPS_PRINT(1, | |
27700 | + "klips_debug: ipsec_alg_test_encrypt: " | |
27701 | + "encalg=%d object not found\n", | |
27702 | + enc_alg); | |
27703 | + ret=-EINVAL; | |
27704 | + goto out; | |
27705 | + } | |
27706 | + iv_size=ixt_e->ixt_common.ixt_support.ias_ivlen / 8; | |
27707 | + key_e_size=ixt_e->ixt_e_ctx_size; | |
27708 | + keysize=ixt_e->ixt_e_keylen; | |
27709 | + KLIPS_PRINT(1, | |
27710 | + "klips_debug: ipsec_alg_test_encrypt: " | |
27711 | + "enc_alg=%d blocksize=%d key_e_size=%d keysize=%d\n", | |
27712 | + enc_alg, iv_size, key_e_size, keysize); | |
27713 | + if ((buf=kmalloc (test_size, GFP_KERNEL)) == NULL) { | |
27714 | + ret= -ENOMEM; | |
27715 | + goto out; | |
27716 | + } | |
27717 | + get_random_bytes(test_key, keysize); | |
27718 | + get_random_bytes(test_iv, iv_size); | |
27719 | + if (ixt_e->ixt_e_new_key) { | |
27720 | + tmp_key_e = ixt_e->ixt_e_new_key(ixt_e, test_key, keysize); | |
27721 | + ret = tmp_key_e ? 0 : -EINVAL; | |
27722 | + } else { | |
27723 | + tmp_key_e = test_key_e; | |
27724 | + ret = ixt_e->ixt_e_set_key(ixt_e, test_key_e, test_key, keysize); | |
27725 | + } | |
27726 | + if (ret < 0) | |
27727 | + goto out; | |
27728 | + get_random_bytes(test_enc, BUFSZ); | |
27729 | + memcpy(test_tmp, test_enc, BUFSZ); | |
27730 | + ret=ixt_e->ixt_e_cbc_encrypt(ixt_e, tmp_key_e, test_enc, BUFSZ, test_iv, 1); | |
27731 | + printk(KERN_INFO | |
27732 | + "klips_info: ipsec_alg_test_encrypt: " | |
27733 | + "cbc_encrypt=1 ret=%d\n", | |
27734 | + ret); | |
27735 | + ret=memcmp(test_enc, test_tmp, BUFSZ); | |
27736 | + printk(KERN_INFO | |
27737 | + "klips_info: ipsec_alg_test_encrypt: " | |
27738 | + "memcmp(enc, tmp) ret=%d: %s\n", ret, | |
27739 | + ret!=0? "OK. (encr->DIFFers)" : "FAIL! (encr->SAME)" ); | |
27740 | + memcpy(test_dec, test_enc, BUFSZ); | |
27741 | + ret=ixt_e->ixt_e_cbc_encrypt(ixt_e, tmp_key_e, test_dec, BUFSZ, test_iv, 0); | |
27742 | + printk(KERN_INFO | |
27743 | + "klips_info: ipsec_alg_test_encrypt: " | |
27744 | + "cbc_encrypt=0 ret=%d\n", ret); | |
27745 | + ret=memcmp(test_dec, test_tmp, BUFSZ); | |
27746 | + printk(KERN_INFO | |
27747 | + "klips_info: ipsec_alg_test_encrypt: " | |
27748 | + "memcmp(dec,tmp) ret=%d: %s\n", ret, | |
27749 | + ret==0? "OK. (encr->decr->SAME)" : "FAIL! (encr->decr->DIFFers)" ); | |
27750 | + { | |
27751 | + /* Shamelessly taken from drivers/md sources O:) */ | |
27752 | + unsigned long now; | |
27753 | + int i, count, max=0; | |
27754 | + int encrypt, speed; | |
27755 | + for (encrypt=0; encrypt <2;encrypt ++) { | |
27756 | + for (i = 0; i < 5; i++) { | |
27757 | + now = jiffies; | |
27758 | + count = 0; | |
27759 | + while (jiffies == now) { | |
27760 | + mb(); | |
27761 | + ixt_e->ixt_e_cbc_encrypt(ixt_e, | |
27762 | + tmp_key_e, test_tmp, | |
27763 | + BUFSZ, test_iv, encrypt); | |
27764 | + mb(); | |
27765 | + count++; | |
27766 | + mb(); | |
27767 | + } | |
27768 | + if (count > max) | |
27769 | + max = count; | |
27770 | + } | |
27771 | + speed = max * (HZ * BUFSZ / 1024); | |
27772 | + printk(KERN_INFO | |
27773 | + "klips_info: ipsec_alg_test_encrypt: " | |
27774 | + "%s %s speed=%d KB/s\n", | |
27775 | + ixt_e->ixt_common.ixt_name, | |
27776 | + encrypt? "encrypt": "decrypt", speed); | |
27777 | + } | |
27778 | + } | |
27779 | +out: | |
27780 | + if (tmp_key_e && ixt_e->ixt_e_destroy_key) ixt_e->ixt_e_destroy_key(ixt_e, tmp_key_e); | |
27781 | + if (buf) kfree(buf); | |
27782 | + if (ixt_e) ipsec_alg_put((struct ipsec_alg *)ixt_e); | |
27783 | + return ret; | |
27784 | + #undef test_enc | |
27785 | + #undef test_dec | |
27786 | + #undef test_tmp | |
27787 | + #undef test_key_e | |
27788 | + #undef test_iv | |
27789 | + #undef test_key | |
27790 | + #undef test_size | |
27791 | +} | |
27792 | + | |
27793 | +/* | |
27794 | + * Must be called from user context | |
27795 | + * used at module load type for testing algo implementation | |
27796 | + */ | |
27797 | +static int ipsec_alg_test_auth(int auth_alg, int test) { | |
27798 | + int ret; | |
27799 | + caddr_t buf = NULL; | |
27800 | + int blocksize, keysize, key_a_size; | |
27801 | + struct ipsec_alg_auth *ixt_a; | |
27802 | + #define BUFSZ 1024 | |
27803 | + #define MARGIN 0 | |
27804 | + #define test_auth (buf+MARGIN) | |
27805 | + #define test_key_a (test_auth+BUFSZ+MARGIN) | |
27806 | + #define test_key (test_key_a+key_a_size+MARGIN) | |
27807 | + #define test_hash (test_key+keysize+MARGIN) | |
27808 | + #define test_size (BUFSZ+key_a_size+keysize+AHHMAC_HASHLEN+MARGIN*4) | |
27809 | + ixt_a=(struct ipsec_alg_auth *)ipsec_alg_get(IPSEC_ALG_TYPE_AUTH, auth_alg); | |
27810 | + if (ixt_a==NULL) { | |
27811 | + KLIPS_PRINT(1, | |
27812 | + "klips_debug: ipsec_alg_test_auth: " | |
27813 | + "encalg=%d object not found\n", | |
27814 | + auth_alg); | |
27815 | + ret=-EINVAL; | |
27816 | + goto out; | |
27817 | + } | |
27818 | + blocksize=ixt_a->ixt_common.ixt_blocksize; | |
27819 | + key_a_size=ixt_a->ixt_a_ctx_size; | |
27820 | + keysize=ixt_a->ixt_a_keylen; | |
27821 | + KLIPS_PRINT(1, | |
27822 | + "klips_debug: ipsec_alg_test_auth: " | |
27823 | + "auth_alg=%d blocksize=%d key_a_size=%d keysize=%d\n", | |
27824 | + auth_alg, blocksize, key_a_size, keysize); | |
27825 | + if ((buf=kmalloc (test_size, GFP_KERNEL)) == NULL) { | |
27826 | + ret= -ENOMEM; | |
27827 | + goto out; | |
27828 | + } | |
27829 | + get_random_bytes(test_key, keysize); | |
27830 | + ret = ixt_a->ixt_a_hmac_set_key(ixt_a, test_key_a, test_key, keysize); | |
27831 | + if (ret < 0 ) | |
27832 | + goto out; | |
27833 | + get_random_bytes(test_auth, BUFSZ); | |
27834 | + ret=ixt_a->ixt_a_hmac_hash(ixt_a, test_key_a, test_auth, BUFSZ, test_hash, AHHMAC_HASHLEN); | |
27835 | + printk(KERN_INFO | |
27836 | + "klips_info: ipsec_alg_test_auth: " | |
27837 | + "ret=%d\n", ret); | |
27838 | + { | |
27839 | + /* Shamelessly taken from drivers/md sources O:) */ | |
27840 | + unsigned long now; | |
27841 | + int i, count, max=0; | |
27842 | + int speed; | |
27843 | + for (i = 0; i < 5; i++) { | |
27844 | + now = jiffies; | |
27845 | + count = 0; | |
27846 | + while (jiffies == now) { | |
27847 | + mb(); | |
27848 | + ixt_a->ixt_a_hmac_hash(ixt_a, test_key_a, test_auth, BUFSZ, test_hash, AHHMAC_HASHLEN); | |
27849 | + mb(); | |
27850 | + count++; | |
27851 | + mb(); | |
27852 | + } | |
27853 | + if (count > max) | |
27854 | + max = count; | |
27855 | + } | |
27856 | + speed = max * (HZ * BUFSZ / 1024); | |
27857 | + printk(KERN_INFO | |
27858 | + "klips_info: ipsec_alg_test_auth: " | |
27859 | + "%s hash speed=%d KB/s\n", | |
27860 | + ixt_a->ixt_common.ixt_name, | |
27861 | + speed); | |
27862 | + } | |
27863 | +out: | |
27864 | + if (buf) kfree(buf); | |
27865 | + if (ixt_a) ipsec_alg_put((struct ipsec_alg *)ixt_a); | |
27866 | + return ret; | |
27867 | + #undef test_auth | |
27868 | + #undef test_key_a | |
27869 | + #undef test_key | |
27870 | + #undef test_hash | |
27871 | + #undef test_size | |
27872 | +} | |
27873 | + | |
27874 | +int ipsec_alg_test(unsigned alg_type, unsigned alg_id, int test) { | |
27875 | + switch(alg_type) { | |
27876 | + case IPSEC_ALG_TYPE_ENCRYPT: | |
27877 | + return ipsec_alg_test_encrypt(alg_id, test); | |
27878 | + break; | |
27879 | + case IPSEC_ALG_TYPE_AUTH: | |
27880 | + return ipsec_alg_test_auth(alg_id, test); | |
27881 | + break; | |
27882 | + } | |
27883 | + printk(KERN_ERR "klips_info: ipsec_alg_test() called incorrectly: " | |
27884 | + "alg_type=%d alg_id=%d\n", | |
27885 | + alg_type, alg_id); | |
27886 | + return -EINVAL; | |
27887 | +} | |
27888 | + | |
27889 | +int ipsec_alg_init(void) { | |
27890 | + KLIPS_PRINT(1, "klips_info:ipsec_alg_init: " | |
27891 | + "KLIPS alg v=%d.%d.%d-%d (EALG_MAX=%d, AALG_MAX=%d)\n", | |
27892 | + IPSEC_ALG_VERSION_QUAD(IPSEC_ALG_VERSION), | |
27893 | + SADB_EALG_MAX, SADB_AALG_MAX); | |
27894 | + /* Initialize tables */ | |
27895 | + write_lock_bh(&ipsec_alg_lock); | |
27896 | + ipsec_alg_hash_init(); | |
27897 | + write_unlock_bh(&ipsec_alg_lock); | |
27898 | + | |
27899 | + /* Initialize static algos */ | |
27900 | + KLIPS_PRINT(1, "klips_info:ipsec_alg_init: " | |
27901 | + "calling ipsec_alg_static_init()\n"); | |
27902 | + | |
27903 | + /* If we are suppose to use our AES, and don't have | |
27904 | + * CryptoAPI enabled... | |
27905 | + */ | |
27906 | +#if defined(CONFIG_KLIPS_ENC_AES) && CONFIG_KLIPS_ENC_AES && !defined(CONFIG_KLIPS_ENC_AES_MODULE) | |
27907 | +#if defined(CONFIG_KLIPS_ENC_CRYPTOAPI) && CONFIG_KLIPS_ENC_CRYPTOAPI | |
27908 | +#warning "Using built-in AES rather than CryptoAPI AES" | |
27909 | +#endif | |
27910 | + { | |
27911 | + extern int ipsec_aes_init(void); | |
27912 | + ipsec_aes_init(); | |
27913 | + } | |
27914 | +#endif | |
27915 | + | |
27916 | +#if defined(CONFIG_KLIPS_ENC_3DES) && CONFIG_KLIPS_ENC_3DES && !defined(CONFIG_KLIPS_ENC_3DES_MODULE) | |
27917 | +#if defined(CONFIG_KLIPS_ENC_CRYPTOAPI) && CONFIG_KLIPS_ENC_CRYPTOAPI | |
27918 | +#warning "Using built-in 3des rather than CryptoAPI 3des" | |
27919 | +#endif | |
27920 | + { | |
27921 | + extern int ipsec_3des_init(void); | |
27922 | + ipsec_3des_init(); | |
27923 | + } | |
27924 | +#endif | |
27925 | +#if defined(CONFIG_KLIPS_ENC_NULL) && CONFIG_KLIPS_ENC_NULL && !defined(CONFIG_KLIPS_ENC_NULL_MODULE) | |
27926 | +#if defined(CONFIG_KLIPS_ENC_CRYPTOAPI) && CONFIG_KLIPS_ENC_CRYPTOAPI | |
27927 | +#warning "Using built-in null cipher rather than CryptoAPI null cipher" | |
27928 | +#endif | |
27929 | +#warning "Building with null cipher (ESP_NULL), blame on you :-)" | |
27930 | + { | |
27931 | + extern int ipsec_null_init(void); | |
27932 | + ipsec_null_init(); | |
27933 | + } | |
27934 | +#endif | |
27935 | + | |
27936 | + | |
27937 | + /* If we are doing CryptoAPI, then init */ | |
27938 | +#if defined(CONFIG_KLIPS_ENC_CRYPTOAPI) && CONFIG_KLIPS_ENC_CRYPTOAPI && !defined(CONFIG_KLIPS_ENC_CRYPTOAPI_MODULE) | |
27939 | + { | |
27940 | + extern int ipsec_cryptoapi_init(void); | |
27941 | + ipsec_cryptoapi_init(); | |
27942 | + } | |
27943 | +#endif | |
27944 | + | |
27945 | + | |
27946 | + return 0; | |
27947 | +} | |
27948 | + | |
27949 | +/********************************************** | |
27950 | + * | |
27951 | + * INTERFACE for ipsec_sa init and wipe | |
27952 | + * | |
27953 | + **********************************************/ | |
27954 | + | |
27955 | +/* | |
27956 | + * Called from pluto -> pfkey_v2_parser.c:pfkey_ipsec_sa_init() | |
27957 | + */ | |
27958 | +int ipsec_alg_sa_init(struct ipsec_sa *sa_p) { | |
27959 | + struct ipsec_alg_enc *ixt_e; | |
27960 | + struct ipsec_alg_auth *ixt_a; | |
27961 | + | |
27962 | + /* Only ESP for now ... */ | |
27963 | + if (sa_p->ips_said.proto != IPPROTO_ESP) | |
27964 | + return -EPROTONOSUPPORT; | |
27965 | + | |
27966 | + KLIPS_PRINT(debug_pfkey, "klips_debug: ipsec_alg_sa_init() :" | |
27967 | + "entering for encalg=%d, authalg=%d\n", | |
27968 | + sa_p->ips_encalg, sa_p->ips_authalg); | |
27969 | + | |
27970 | + if ((ixt_e=(struct ipsec_alg_enc *) | |
27971 | + ipsec_alg_get(IPSEC_ALG_TYPE_ENCRYPT, sa_p->ips_encalg))) { | |
27972 | + KLIPS_PRINT(debug_pfkey, | |
27973 | + "klips_debug: ipsec_alg_sa_init() :" | |
27974 | + "found ipsec_alg (ixt_e=%p) for encalg=%d\n", | |
27975 | + ixt_e, sa_p->ips_encalg); | |
27976 | + sa_p->ips_alg_enc=ixt_e; | |
27977 | + } | |
27978 | + | |
27979 | + if ((ixt_a=(struct ipsec_alg_auth *) | |
27980 | + ipsec_alg_get(IPSEC_ALG_TYPE_AUTH, sa_p->ips_authalg))) { | |
27981 | + KLIPS_PRINT(debug_pfkey, | |
27982 | + "klips_debug: ipsec_alg_sa_init() :" | |
27983 | + "found ipsec_alg (ixt_a=%p) for auth=%d\n", | |
27984 | + ixt_a, sa_p->ips_authalg); | |
27985 | + sa_p->ips_alg_auth=ixt_a; | |
27986 | + } | |
27987 | + return 0; | |
27988 | +} | |
27989 | + | |
27990 | +/* | |
27991 | + * Called from pluto -> ipsec_sa.c:ipsec_sa_delchain() | |
27992 | + */ | |
27993 | +int ipsec_alg_sa_wipe(struct ipsec_sa *sa_p) { | |
27994 | + struct ipsec_alg *ixt; | |
27995 | + if ((ixt=(struct ipsec_alg *)sa_p->ips_alg_enc)) { | |
27996 | + KLIPS_PRINT(debug_pfkey, "klips_debug: ipsec_alg_sa_wipe() :" | |
27997 | + "unlinking for encalg=%d\n", | |
27998 | + ixt->ixt_support.ias_id); | |
27999 | + ipsec_alg_put(ixt); | |
28000 | + } | |
28001 | + if ((ixt=(struct ipsec_alg *)sa_p->ips_alg_auth)) { | |
28002 | + KLIPS_PRINT(debug_pfkey, "klips_debug: ipsec_alg_sa_wipe() :" | |
28003 | + "unlinking for authalg=%d\n", | |
28004 | + ixt->ixt_support.ias_id); | |
28005 | + ipsec_alg_put(ixt); | |
28006 | + } | |
28007 | + return 0; | |
28008 | +} | |
28009 | + | |
28010 | +IPSEC_PROCFS_DEBUG_NO_STATIC | |
28011 | +int | |
28012 | +ipsec_xform_get_info(char *buffer, | |
28013 | + char **start, | |
28014 | + off_t offset, | |
28015 | + int length IPSEC_PROC_LAST_ARG) | |
28016 | +{ | |
28017 | + int len = 0; | |
28018 | + off_t begin = 0; | |
28019 | + int i; | |
28020 | + struct list_head *head; | |
28021 | + struct ipsec_alg *ixt; | |
28022 | + | |
28023 | + KLIPS_PRINT(debug_tunnel & DB_TN_PROCFS, | |
28024 | + "klips_debug:ipsec_tncfg_get_info: " | |
28025 | + "buffer=0p%p, *start=0p%p, offset=%d, length=%d\n", | |
28026 | + buffer, | |
28027 | + *start, | |
28028 | + (int)offset, | |
28029 | + length); | |
28030 | + | |
28031 | + for(i = 0, head = ipsec_alg_hash_table; | |
28032 | + i<IPSEC_ALG_HASHSZ; | |
28033 | + i++, head++) | |
28034 | + { | |
28035 | + struct list_head *p; | |
28036 | + for (p=head->next; p!=head; p=p->next) | |
28037 | + { | |
28038 | + ixt = list_entry(p, struct ipsec_alg, ixt_list); | |
28039 | + len += ipsec_snprintf(buffer+len, length-len, | |
28040 | + "VERSION=%d TYPE=%d ID=%d NAME=%s REFCNT=%d ", | |
28041 | + ixt->ixt_version, ixt->ixt_alg_type, ixt->ixt_support.ias_id, | |
28042 | + ixt->ixt_name, ixt->ixt_refcnt); | |
28043 | + | |
28044 | + len += ipsec_snprintf(buffer+len, length-len, | |
28045 | + "STATE=%08x BLOCKSIZE=%d IVLEN=%d KEYMINBITS=%d KEYMAXBITS=%d ", | |
28046 | + ixt->ixt_state, ixt->ixt_blocksize, | |
28047 | + ixt->ixt_support.ias_ivlen, ixt->ixt_support.ias_keyminbits, ixt->ixt_support.ias_keymaxbits); | |
28048 | + | |
28049 | + len += ipsec_snprintf(buffer+len, length-len, | |
28050 | + "IVLEN=%d KEYMINBITS=%d KEYMAXBITS=%d ", | |
28051 | + ixt->ixt_support.ias_ivlen, ixt->ixt_support.ias_keyminbits, ixt->ixt_support.ias_keymaxbits); | |
28052 | + | |
28053 | + switch(ixt->ixt_alg_type) | |
28054 | + { | |
28055 | + case IPSEC_ALG_TYPE_AUTH: | |
28056 | + { | |
28057 | + struct ipsec_alg_auth *auth = (struct ipsec_alg_auth *)ixt; | |
28058 | + | |
28059 | + len += ipsec_snprintf(buffer+len, length-len, | |
28060 | + "KEYLEN=%d CTXSIZE=%d AUTHLEN=%d ", | |
28061 | + auth->ixt_a_keylen, auth->ixt_a_ctx_size, | |
28062 | + auth->ixt_a_authlen); | |
28063 | + break; | |
28064 | + } | |
28065 | + case IPSEC_ALG_TYPE_ENCRYPT: | |
28066 | + { | |
28067 | + struct ipsec_alg_enc *enc = (struct ipsec_alg_enc *)ixt; | |
28068 | + len += ipsec_snprintf(buffer+len, length-len, | |
28069 | + "KEYLEN=%d CTXSIZE=%d ", | |
28070 | + enc->ixt_e_keylen, enc->ixt_e_ctx_size); | |
28071 | + | |
28072 | + break; | |
28073 | + } | |
28074 | + } | |
28075 | + | |
28076 | + len += ipsec_snprintf(buffer+len, length-len, "\n"); | |
28077 | + } | |
28078 | + } | |
28079 | + | |
28080 | + *start = buffer + (offset - begin); /* Start of wanted data */ | |
28081 | + len -= (offset - begin); /* Start slop */ | |
28082 | + if (len > length) | |
28083 | + len = length; | |
28084 | + return len; | |
28085 | +} | |
28086 | + | |
28087 | + | |
28088 | +/* | |
28089 | + * As the author of this module, I ONLY ALLOW using it from | |
28090 | + * GPL (or same LICENSE TERMS as kernel source) modules. | |
28091 | + * | |
28092 | + * In respect to hardware crypto engines this means: | |
28093 | + * * Closed-source device drivers ARE NOT ALLOWED to use | |
28094 | + * this interface. | |
28095 | + * * Closed-source VHDL/Verilog firmware running on | |
28096 | + * the crypto hardware device IS ALLOWED to use this interface | |
28097 | + * via a GPL (or same LICENSE TERMS as kernel source) device driver. | |
28098 | + * --Juan Jose Ciarlante 20/03/2002 (thanks RGB for the correct wording) | |
28099 | + */ | |
28100 | + | |
28101 | +/* | |
28102 | + * These symbols can only be used from GPL modules | |
28103 | + * for now, I'm disabling this because it creates false | |
28104 | + * symbol problems for old modutils. | |
28105 | + */ | |
28106 | + | |
28107 | +#ifdef CONFIG_MODULES | |
28108 | +#ifndef NET_26 | |
28109 | +#if 0 | |
28110 | +#ifndef EXPORT_SYMBOL_GPL | |
28111 | +#undef EXPORT_SYMBOL_GPL | |
28112 | +#define EXPORT_SYMBOL_GPL EXPORT_SYMBOL | |
28113 | +#endif | |
28114 | +#endif | |
28115 | +EXPORT_SYMBOL(register_ipsec_alg); | |
28116 | +EXPORT_SYMBOL(unregister_ipsec_alg); | |
28117 | +EXPORT_SYMBOL(ipsec_alg_test); | |
28118 | +#endif | |
28119 | +#endif | |
28120 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
28121 | +++ linux/net/ipsec/ipsec_alg_cryptoapi.c Mon Feb 9 13:51:03 2004 | |
28122 | @@ -0,0 +1,455 @@ | |
28123 | +/* | |
28124 | + * ipsec_alg to linux cryptoapi GLUE | |
28125 | + * | |
28126 | + * Authors: CODE.ar TEAM | |
28127 | + * Harpo MAxx <harpo@linuxmendoza.org.ar> | |
28128 | + * JuanJo Ciarlante <jjo-ipsec@mendoza.gov.ar> | |
28129 | + * Luciano Ruete <docemeses@softhome.net> | |
28130 | + * | |
28131 | + * ipsec_alg_cryptoapi.c,v 1.1.2.1 2003/11/21 18:12:23 jjo Exp | |
28132 | + * | |
28133 | + * This program is free software; you can redistribute it and/or modify it | |
28134 | + * under the terms of the GNU General Public License as published by the | |
28135 | + * Free Software Foundation; either version 2 of the License, or (at your | |
28136 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
28137 | + * | |
28138 | + * This program is distributed in the hope that it will be useful, but | |
28139 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
28140 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
28141 | + * for more details. | |
28142 | + * | |
28143 | + * Example usage: | |
28144 | + * modinfo -p ipsec_cryptoapi (quite useful info, including supported algos) | |
28145 | + * modprobe ipsec_cryptoapi | |
28146 | + * modprobe ipsec_cryptoapi test=1 | |
28147 | + * modprobe ipsec_cryptoapi excl=1 (exclusive cipher/algo) | |
28148 | + * modprobe ipsec_cryptoapi noauto=1 aes=1 twofish=1 (only these ciphers) | |
28149 | + * modprobe ipsec_cryptoapi aes=128,128 (force these keylens) | |
28150 | + * modprobe ipsec_cryptoapi des_ede3=0 (everything but 3DES) | |
28151 | + */ | |
28152 | +#ifndef AUTOCONF_INCLUDED | |
28153 | +#include <linux/config.h> | |
28154 | +#endif | |
28155 | +#include <linux/version.h> | |
28156 | + | |
28157 | +/* | |
28158 | + * special case: ipsec core modular with this static algo inside: | |
28159 | + * must avoid MODULE magic for this file | |
28160 | + */ | |
28161 | +#if defined(CONFIG_KLIPS_MODULE) && defined(CONFIG_KLIPS_ENC_CRYPTOAPI) | |
28162 | +#undef MODULE | |
28163 | +#endif | |
28164 | + | |
28165 | +#include <linux/module.h> | |
28166 | +#include <linux/init.h> | |
28167 | + | |
28168 | +#include <linux/kernel.h> /* printk() */ | |
28169 | +#include <linux/errno.h> /* error codes */ | |
28170 | +#include <linux/types.h> /* size_t */ | |
28171 | +#include <linux/string.h> | |
28172 | + | |
28173 | +/* Check if __exit is defined, if not null it */ | |
28174 | +#ifndef __exit | |
28175 | +#define __exit | |
28176 | +#endif | |
28177 | + | |
28178 | +/* warn the innocent */ | |
28179 | +#if !defined (CONFIG_CRYPTO) && !defined (CONFIG_CRYPTO_MODULE) | |
28180 | +#warning "No linux CryptoAPI found, install 2.4.22+ or 2.6.x" | |
28181 | +#define NO_CRYPTOAPI_SUPPORT | |
28182 | +#endif | |
28183 | + | |
28184 | +#include "openswan.h" | |
28185 | +#include "openswan/ipsec_alg.h" | |
28186 | +#include "openswan/ipsec_policy.h" | |
28187 | + | |
28188 | +#include <linux/crypto.h> | |
28189 | +#ifdef CRYPTO_API_VERSION_CODE | |
28190 | +#warning "Old CryptoAPI is not supported. Only linux-2.4.22+ or linux-2.6.x are supported" | |
28191 | +#define NO_CRYPTOAPI_SUPPORT | |
28192 | +#endif | |
28193 | + | |
28194 | +#ifdef NO_CRYPTOAPI_SUPPORT | |
28195 | +#warning "Building an unusable module :P" | |
28196 | +/* Catch old CryptoAPI by not allowing module to load */ | |
28197 | +IPSEC_ALG_MODULE_INIT_STATIC( ipsec_cryptoapi_init ) | |
28198 | +{ | |
28199 | + printk(KERN_WARNING "ipsec_cryptoapi.o was not built on stock Linux CryptoAPI (2.4.22+ or 2.6.x), not loading.\n"); | |
28200 | + return -EINVAL; | |
28201 | +} | |
28202 | +#else | |
28203 | +#include <asm/scatterlist.h> | |
28204 | +#include <asm/pgtable.h> | |
28205 | +#include <linux/mm.h> | |
28206 | + | |
28207 | +#define CIPHERNAME_AES "aes" | |
28208 | +#define CIPHERNAME_1DES "des" | |
28209 | +#define CIPHERNAME_3DES "des3_ede" | |
28210 | +#define CIPHERNAME_BLOWFISH "blowfish" | |
28211 | +#define CIPHERNAME_CAST "cast5" | |
28212 | +#define CIPHERNAME_SERPENT "serpent" | |
28213 | +#define CIPHERNAME_TWOFISH "twofish" | |
28214 | + | |
28215 | +#define ESP_SERPENT 252 /* from ipsec drafts */ | |
28216 | +#define ESP_TWOFISH 253 /* from ipsec drafts */ | |
28217 | + | |
28218 | +#define DIGESTNAME_MD5 "md5" | |
28219 | +#define DIGESTNAME_SHA1 "sha1" | |
28220 | + | |
28221 | +MODULE_AUTHOR("Juanjo Ciarlante, Harpo MAxx, Luciano Ruete"); | |
28222 | +static int debug_crypto=0; | |
28223 | +static int test_crypto=0; | |
28224 | +static int excl_crypto=0; | |
28225 | + | |
28226 | +static int noauto = 0; | |
28227 | + | |
28228 | +#ifdef module_param | |
28229 | +module_param(debug_crypto,int,0600) | |
28230 | +module_param(test_crypto,int,0600) | |
28231 | +module_param(excl_crypto,int,0600) | |
28232 | + | |
28233 | +module_param(noauto,int,0600) | |
28234 | +#else | |
28235 | +MODULE_PARM(debug_crypto, "i"); | |
28236 | +MODULE_PARM(test_crypto, "i"); | |
28237 | +MODULE_PARM(excl_crypto, "i"); | |
28238 | + | |
28239 | +MODULE_PARM(noauto,"i"); | |
28240 | +#endif | |
28241 | +MODULE_PARM_DESC(noauto, "Dont try all known algos, just setup enabled ones"); | |
28242 | + | |
28243 | +#ifdef CONFIG_KLIPS_ENC_1DES | |
28244 | +static int des_ede1[] = {-1, -1}; | |
28245 | +#endif | |
28246 | +static int des_ede3[] = {-1, -1}; | |
28247 | +static int aes[] = {-1, -1}; | |
28248 | +static int blowfish[] = {-1, -1}; | |
28249 | +static int cast[] = {-1, -1}; | |
28250 | +static int serpent[] = {-1, -1}; | |
28251 | +static int twofish[] = {-1, -1}; | |
28252 | + | |
28253 | +#ifdef CONFIG_KLIPS_ENC_1DES | |
28254 | +#ifdef module_param | |
28255 | +module_param_array(des_ede1,int,NULL,0) | |
28256 | +#else | |
28257 | +MODULE_PARM(des_ede1,"1-2i"); | |
28258 | +#endif | |
28259 | +#endif | |
28260 | +#ifdef module_param | |
28261 | +module_param_array(des_ede3,int,NULL,0) | |
28262 | +module_param_array(aes,int,NULL,0) | |
28263 | +module_param_array(blowfish,int,NULL,0) | |
28264 | +module_param_array(cast,int,NULL,0) | |
28265 | +module_param_array(serpent,int,NULL,0) | |
28266 | +module_param_array(twofish,int,NULL,0) | |
28267 | +#else | |
28268 | +MODULE_PARM(des_ede3,"1-2i"); | |
28269 | +MODULE_PARM(aes,"1-2i"); | |
28270 | +MODULE_PARM(blowfish,"1-2i"); | |
28271 | +MODULE_PARM(cast,"1-2i"); | |
28272 | +MODULE_PARM(serpent,"1-2i"); | |
28273 | +MODULE_PARM(twofish,"1-2i"); | |
28274 | +#endif | |
28275 | +MODULE_PARM_DESC(des_ede1, "0: disable | 1: force_enable | min,max: dontuse"); | |
28276 | +MODULE_PARM_DESC(des_ede3, "0: disable | 1: force_enable | min,max: dontuse"); | |
28277 | +MODULE_PARM_DESC(aes, "0: disable | 1: force_enable | min,max: keybitlens"); | |
28278 | +MODULE_PARM_DESC(blowfish, "0: disable | 1: force_enable | min,max: keybitlens"); | |
28279 | +MODULE_PARM_DESC(cast, "0: disable | 1: force_enable | min,max: keybitlens"); | |
28280 | +MODULE_PARM_DESC(serpent, "0: disable | 1: force_enable | min,max: keybitlens"); | |
28281 | +MODULE_PARM_DESC(twofish, "0: disable | 1: force_enable | min,max: keybitlens"); | |
28282 | + | |
28283 | +struct ipsec_alg_capi_cipher { | |
28284 | + const char *ciphername; /* cryptoapi's ciphername */ | |
28285 | + unsigned blocksize; | |
28286 | + unsigned short minbits; | |
28287 | + unsigned short maxbits; | |
28288 | + int *parm; /* lkm param for this cipher */ | |
28289 | + struct ipsec_alg_enc alg; /* note it's not a pointer */ | |
28290 | +}; | |
28291 | + | |
28292 | +static struct ipsec_alg_capi_cipher alg_capi_carray[] = { | |
28293 | + { CIPHERNAME_AES, 16, 128, 256, aes, { ixt_common:{ ixt_support:{ ias_id: ESP_AES}}}}, | |
28294 | + { CIPHERNAME_TWOFISH, 16, 128, 256, twofish, { ixt_common:{ ixt_support:{ ias_id: ESP_TWOFISH,}}}}, | |
28295 | + { CIPHERNAME_SERPENT, 16, 128, 256, serpent, { ixt_common:{ ixt_support:{ ias_id: ESP_SERPENT,}}}}, | |
28296 | + { CIPHERNAME_CAST, 8, 128, 128, cast , { ixt_common:{ ixt_support:{ ias_id: ESP_CAST,}}}}, | |
28297 | + { CIPHERNAME_BLOWFISH, 8, 96, 448, blowfish, { ixt_common:{ ixt_support:{ ias_id: ESP_BLOWFISH,}}}}, | |
28298 | + { CIPHERNAME_3DES, 8, 192, 192, des_ede3, { ixt_common:{ ixt_support:{ ias_id: ESP_3DES,}}}}, | |
28299 | +#ifdef CONFIG_KLIPS_ENC_1DES | |
28300 | + { CIPHERNAME_1DES, 8, 64, 64, des_ede1, { ixt_common:{ ixt_support:{ ias_id: ESP_DES,}}}}, | |
28301 | +#endif | |
28302 | + { NULL, 0, 0, 0, NULL, {} } | |
28303 | +}; | |
28304 | + | |
28305 | +#ifdef NOT_YET | |
28306 | +struct ipsec_alg_capi_digest { | |
28307 | + const char *digestname; /* cryptoapi's digestname */ | |
28308 | + struct digest_implementation *di; | |
28309 | + struct ipsec_alg_auth alg; /* note it's not a pointer */ | |
28310 | +}; | |
28311 | +static struct ipsec_alg_capi_cipher alg_capi_darray[] = { | |
28312 | + { DIGESTNAME_MD5, NULL, { ixt_alg_id: AH_MD5, }}, | |
28313 | + { DIGESTNAME_SHA1, NULL, { ixt_alg_id: AH_SHA, }}, | |
28314 | + { NULL, NULL, {} } | |
28315 | +}; | |
28316 | +#endif | |
28317 | +/* | |
28318 | + * "generic" linux cryptoapi setup_cipher() function | |
28319 | + */ | |
28320 | +int setup_cipher(const char *ciphername) | |
28321 | +{ | |
28322 | + return crypto_alg_available(ciphername, 0); | |
28323 | +} | |
28324 | + | |
28325 | +/* | |
28326 | + * setups ipsec_alg_capi_cipher "hyper" struct components, calling | |
28327 | + * register_ipsec_alg for cointaned ipsec_alg object | |
28328 | + */ | |
28329 | +static void _capi_destroy_key (struct ipsec_alg_enc *alg, __u8 *key_e); | |
28330 | +static __u8 * _capi_new_key (struct ipsec_alg_enc *alg, const __u8 *key, size_t keylen); | |
28331 | +static int _capi_cbc_encrypt(struct ipsec_alg_enc *alg, __u8 * key_e, __u8 * in, int ilen, const __u8 * iv, int encrypt); | |
28332 | + | |
28333 | +static int | |
28334 | +setup_ipsec_alg_capi_cipher(struct ipsec_alg_capi_cipher *cptr) | |
28335 | +{ | |
28336 | + int ret; | |
28337 | + cptr->alg.ixt_common.ixt_version = IPSEC_ALG_VERSION; | |
28338 | + cptr->alg.ixt_common.ixt_module = THIS_MODULE; | |
28339 | + atomic_set (& cptr->alg.ixt_common.ixt_refcnt, 0); | |
28340 | + strncpy (cptr->alg.ixt_common.ixt_name , cptr->ciphername, sizeof (cptr->alg.ixt_common.ixt_name)); | |
28341 | + | |
28342 | + cptr->alg.ixt_common.ixt_blocksize=cptr->blocksize; | |
28343 | + cptr->alg.ixt_common.ixt_support.ias_keyminbits=cptr->minbits; | |
28344 | + cptr->alg.ixt_common.ixt_support.ias_keymaxbits=cptr->maxbits; | |
28345 | + cptr->alg.ixt_common.ixt_state = 0; | |
28346 | + if (excl_crypto) cptr->alg.ixt_common.ixt_state |= IPSEC_ALG_ST_EXCL; | |
28347 | + cptr->alg.ixt_e_keylen=cptr->alg.ixt_common.ixt_support.ias_keymaxbits/8; | |
28348 | + cptr->alg.ixt_e_ctx_size = 0; | |
28349 | + cptr->alg.ixt_common.ixt_support.ias_exttype = IPSEC_ALG_TYPE_ENCRYPT; | |
28350 | + cptr->alg.ixt_e_new_key = _capi_new_key; | |
28351 | + cptr->alg.ixt_e_destroy_key = _capi_destroy_key; | |
28352 | + cptr->alg.ixt_e_cbc_encrypt = _capi_cbc_encrypt; | |
28353 | + cptr->alg.ixt_common.ixt_data = cptr; | |
28354 | + | |
28355 | + ret=register_ipsec_alg_enc(&cptr->alg); | |
28356 | + printk(KERN_INFO "KLIPS cryptoapi interface: " | |
28357 | + "alg_type=%d alg_id=%d name=%s " | |
28358 | + "keyminbits=%d keymaxbits=%d, %s(%d)\n", | |
28359 | + cptr->alg.ixt_common.ixt_support.ias_exttype, | |
28360 | + cptr->alg.ixt_common.ixt_support.ias_id, | |
28361 | + cptr->alg.ixt_common.ixt_name, | |
28362 | + cptr->alg.ixt_common.ixt_support.ias_keyminbits, | |
28363 | + cptr->alg.ixt_common.ixt_support.ias_keymaxbits, | |
28364 | + ret ? "not found" : "found", ret); | |
28365 | + return ret; | |
28366 | +} | |
28367 | +/* | |
28368 | + * called in ipsec_sa_wipe() time, will destroy key contexts | |
28369 | + * and do 1 unbind() | |
28370 | + */ | |
28371 | +static void | |
28372 | +_capi_destroy_key (struct ipsec_alg_enc *alg, __u8 *key_e) | |
28373 | +{ | |
28374 | + struct crypto_tfm *tfm=(struct crypto_tfm*)key_e; | |
28375 | + | |
28376 | + if (debug_crypto > 0) | |
28377 | + printk(KERN_DEBUG "klips_debug: _capi_destroy_key:" | |
28378 | + "name=%s key_e=%p \n", | |
28379 | + alg->ixt_common.ixt_name, key_e); | |
28380 | + if (!key_e) { | |
28381 | + printk(KERN_ERR "klips_debug: _capi_destroy_key:" | |
28382 | + "name=%s NULL key_e!\n", | |
28383 | + alg->ixt_common.ixt_name); | |
28384 | + return; | |
28385 | + } | |
28386 | + crypto_free_tfm(tfm); | |
28387 | +} | |
28388 | + | |
28389 | +/* | |
28390 | + * create new key context, need alg->ixt_data to know which | |
28391 | + * (of many) cipher inside this module is the target | |
28392 | + */ | |
28393 | +static __u8 * | |
28394 | +_capi_new_key (struct ipsec_alg_enc *alg, const __u8 *key, size_t keylen) | |
28395 | +{ | |
28396 | + struct ipsec_alg_capi_cipher *cptr; | |
28397 | + struct crypto_tfm *tfm=NULL; | |
28398 | + | |
28399 | + cptr = alg->ixt_common.ixt_data; | |
28400 | + if (!cptr) { | |
28401 | + printk(KERN_ERR "_capi_new_key(): " | |
28402 | + "NULL ixt_data (?!) for \"%s\" algo\n" | |
28403 | + , alg->ixt_common.ixt_name); | |
28404 | + goto err; | |
28405 | + } | |
28406 | + if (debug_crypto > 0) | |
28407 | + printk(KERN_DEBUG "klips_debug:_capi_new_key:" | |
28408 | + "name=%s cptr=%p key=%p keysize=%d\n", | |
28409 | + alg->ixt_common.ixt_name, cptr, key, keylen); | |
28410 | + | |
28411 | + /* | |
28412 | + * alloc tfm | |
28413 | + */ | |
28414 | + tfm = crypto_alloc_tfm(cptr->ciphername, CRYPTO_TFM_MODE_CBC); | |
28415 | + if (!tfm) { | |
28416 | + printk(KERN_ERR "_capi_new_key(): " | |
28417 | + "NULL tfm for \"%s\" cryptoapi (\"%s\") algo\n" | |
28418 | + , alg->ixt_common.ixt_name, cptr->ciphername); | |
28419 | + goto err; | |
28420 | + } | |
28421 | + if (crypto_cipher_setkey(tfm, key, keylen) < 0) { | |
28422 | + printk(KERN_ERR "_capi_new_key(): " | |
28423 | + "failed new_key() for \"%s\" cryptoapi algo (keylen=%d)\n" | |
28424 | + , alg->ixt_common.ixt_name, keylen); | |
28425 | + crypto_free_tfm(tfm); | |
28426 | + tfm=NULL; | |
28427 | + } | |
28428 | +err: | |
28429 | + if (debug_crypto > 0) | |
28430 | + printk(KERN_DEBUG "klips_debug:_capi_new_key:" | |
28431 | + "name=%s key=%p keylen=%d tfm=%p\n", | |
28432 | + alg->ixt_common.ixt_name, key, keylen, tfm); | |
28433 | + return (__u8 *) tfm; | |
28434 | +} | |
28435 | +/* | |
28436 | + * core encryption function: will use cx->ci to call actual cipher's | |
28437 | + * cbc function | |
28438 | + */ | |
28439 | +static int | |
28440 | +_capi_cbc_encrypt(struct ipsec_alg_enc *alg, __u8 * key_e, __u8 * in, int ilen, const __u8 * iv, int encrypt) { | |
28441 | + int error =0; | |
28442 | + struct crypto_tfm *tfm=(struct crypto_tfm *)key_e; | |
28443 | + struct scatterlist sg = { | |
28444 | + .page = virt_to_page(in), | |
28445 | + .offset = (unsigned long)(in) % PAGE_SIZE, | |
28446 | + .length=ilen, | |
28447 | + }; | |
28448 | + if (debug_crypto > 1) | |
28449 | + printk(KERN_DEBUG "klips_debug:_capi_cbc_encrypt:" | |
28450 | + "key_e=%p " | |
28451 | + "in=%p out=%p ilen=%d iv=%p encrypt=%d\n" | |
28452 | + , key_e | |
28453 | + , in, in, ilen, iv, encrypt); | |
28454 | + crypto_cipher_set_iv(tfm, iv, crypto_tfm_alg_ivsize(tfm)); | |
28455 | + if (encrypt) | |
28456 | + error = crypto_cipher_encrypt (tfm, &sg, &sg, ilen); | |
28457 | + else | |
28458 | + error = crypto_cipher_decrypt (tfm, &sg, &sg, ilen); | |
28459 | + if (debug_crypto > 1) | |
28460 | + printk(KERN_DEBUG "klips_debug:_capi_cbc_encrypt:" | |
28461 | + "error=%d\n" | |
28462 | + , error); | |
28463 | + return (error<0)? error : ilen; | |
28464 | +} | |
28465 | +/* | |
28466 | + * main initialization loop: for each cipher in list, do | |
28467 | + * 1) setup cryptoapi cipher else continue | |
28468 | + * 2) register ipsec_alg object | |
28469 | + */ | |
28470 | +static int | |
28471 | +setup_cipher_list (struct ipsec_alg_capi_cipher* clist) | |
28472 | +{ | |
28473 | + struct ipsec_alg_capi_cipher *cptr; | |
28474 | + /* foreach cipher in list ... */ | |
28475 | + for (cptr=clist;cptr->ciphername;cptr++) { | |
28476 | + /* | |
28477 | + * see if cipher has been disabled (0) or | |
28478 | + * if noauto set and not enabled (1) | |
28479 | + */ | |
28480 | + if (cptr->parm[0] == 0 || (noauto && cptr->parm[0] < 0)) { | |
28481 | + if (debug_crypto>0) | |
28482 | + printk(KERN_INFO "setup_cipher_list(): " | |
28483 | + "ciphername=%s skipped at user request: " | |
28484 | + "noauto=%d parm[0]=%d parm[1]=%d\n" | |
28485 | + , cptr->ciphername | |
28486 | + , noauto | |
28487 | + , cptr->parm[0] | |
28488 | + , cptr->parm[1]); | |
28489 | + continue; | |
28490 | + } | |
28491 | + /* | |
28492 | + * use a local ci to avoid touching cptr->ci, | |
28493 | + * if register ipsec_alg success then bind cipher | |
28494 | + */ | |
28495 | + if(cptr->alg.ixt_common.ixt_support.ias_name == NULL) { | |
28496 | + cptr->alg.ixt_common.ixt_support.ias_name = cptr->ciphername; | |
28497 | + } | |
28498 | + | |
28499 | + if( setup_cipher(cptr->ciphername) ) { | |
28500 | + if (debug_crypto > 0) | |
28501 | + printk(KERN_DEBUG "klips_debug:" | |
28502 | + "setup_cipher_list():" | |
28503 | + "ciphername=%s found\n" | |
28504 | + , cptr->ciphername); | |
28505 | + | |
28506 | + if (setup_ipsec_alg_capi_cipher(cptr) != 0) { | |
28507 | + printk(KERN_ERR "klips_debug:" | |
28508 | + "setup_cipher_list():" | |
28509 | + "ciphername=%s failed ipsec_alg_register\n" | |
28510 | + , cptr->ciphername); | |
28511 | + } | |
28512 | + } else { | |
28513 | + printk(KERN_INFO "KLIPS: lookup for ciphername=%s: not found \n", | |
28514 | + cptr->ciphername); | |
28515 | + } | |
28516 | + } | |
28517 | + return 0; | |
28518 | +} | |
28519 | +/* | |
28520 | + * deregister ipsec_alg objects and unbind ciphers | |
28521 | + */ | |
28522 | +static int | |
28523 | +unsetup_cipher_list (struct ipsec_alg_capi_cipher* clist) | |
28524 | +{ | |
28525 | + struct ipsec_alg_capi_cipher *cptr; | |
28526 | + /* foreach cipher in list ... */ | |
28527 | + for (cptr=clist;cptr->ciphername;cptr++) { | |
28528 | + if (cptr->alg.ixt_common.ixt_state & IPSEC_ALG_ST_REGISTERED) { | |
28529 | + unregister_ipsec_alg_enc(&cptr->alg); | |
28530 | + } | |
28531 | + } | |
28532 | + return 0; | |
28533 | +} | |
28534 | +/* | |
28535 | + * test loop for registered algos | |
28536 | + */ | |
28537 | +static int | |
28538 | +test_cipher_list (struct ipsec_alg_capi_cipher* clist) | |
28539 | +{ | |
28540 | + int test_ret; | |
28541 | + struct ipsec_alg_capi_cipher *cptr; | |
28542 | + /* foreach cipher in list ... */ | |
28543 | + for (cptr=clist;cptr->ciphername;cptr++) { | |
28544 | + if (cptr->alg.ixt_common.ixt_state & IPSEC_ALG_ST_REGISTERED) { | |
28545 | + test_ret=ipsec_alg_test( | |
28546 | + cptr->alg.ixt_common.ixt_support.ias_exttype, | |
28547 | + cptr->alg.ixt_common.ixt_support.ias_id, | |
28548 | + test_crypto); | |
28549 | + printk("test_cipher_list(alg_type=%d alg_id=%d): test_ret=%d\n", | |
28550 | + cptr->alg.ixt_common.ixt_support.ias_exttype, | |
28551 | + cptr->alg.ixt_common.ixt_support.ias_id, | |
28552 | + test_ret); | |
28553 | + } | |
28554 | + } | |
28555 | + return 0; | |
28556 | +} | |
28557 | + | |
28558 | +IPSEC_ALG_MODULE_INIT_STATIC( ipsec_cryptoapi_init ) | |
28559 | +{ | |
28560 | + int ret, test_ret; | |
28561 | + if ((ret=setup_cipher_list(alg_capi_carray)) < 0) | |
28562 | + return -EPROTONOSUPPORT; | |
28563 | + if (ret==0 && test_crypto) { | |
28564 | + test_ret=test_cipher_list(alg_capi_carray); | |
28565 | + } | |
28566 | + return ret; | |
28567 | +} | |
28568 | +IPSEC_ALG_MODULE_EXIT_STATIC( ipsec_cryptoapi_fini ) | |
28569 | +{ | |
28570 | + unsetup_cipher_list(alg_capi_carray); | |
28571 | + return; | |
28572 | +} | |
28573 | +#ifdef MODULE_LICENSE | |
28574 | +MODULE_LICENSE("GPL"); | |
28575 | +#endif | |
28576 | + | |
28577 | +#endif /* NO_CRYPTOAPI_SUPPORT */ | |
28578 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
28579 | +++ linux/net/ipsec/ipsec_esp.c Mon Feb 9 13:51:03 2004 | |
28580 | @@ -0,0 +1,607 @@ | |
28581 | +/* | |
28582 | + * processing code for ESP | |
28583 | + * Copyright (C) 2003 Michael Richardson <mcr@sandelman.ottawa.on.ca> | |
28584 | + * | |
28585 | + * This program is free software; you can redistribute it and/or modify it | |
28586 | + * under the terms of the GNU General Public License as published by the | |
28587 | + * Free Software Foundation; either version 2 of the License, or (at your | |
28588 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
28589 | + * | |
28590 | + * This program is distributed in the hope that it will be useful, but | |
28591 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
28592 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
28593 | + * for more details. | |
28594 | + */ | |
28595 | + | |
28596 | +char ipsec_esp_c_version[] = "RCSID $Id: ipsec_esp.c,v 1.13.2.6 2006/10/06 21:39:26 paul Exp $"; | |
28597 | +#ifndef AUTOCONF_INCLUDED | |
28598 | +#include <linux/config.h> | |
28599 | +#endif | |
28600 | +#include <linux/version.h> | |
28601 | + | |
28602 | +#define __NO_VERSION__ | |
28603 | +#include <linux/module.h> | |
28604 | +#include <linux/kernel.h> /* printk() */ | |
28605 | + | |
28606 | +#include "openswan/ipsec_param.h" | |
28607 | + | |
28608 | +#ifdef MALLOC_SLAB | |
28609 | +# include <linux/slab.h> /* kmalloc() */ | |
28610 | +#else /* MALLOC_SLAB */ | |
28611 | +# include <linux/malloc.h> /* kmalloc() */ | |
28612 | +#endif /* MALLOC_SLAB */ | |
28613 | +#include <linux/errno.h> /* error codes */ | |
28614 | +#include <linux/types.h> /* size_t */ | |
28615 | +#include <linux/interrupt.h> /* mark_bh */ | |
28616 | + | |
28617 | +#include <linux/netdevice.h> /* struct device, and other headers */ | |
28618 | +#include <linux/etherdevice.h> /* eth_type_trans */ | |
28619 | +#include <linux/ip.h> /* struct iphdr */ | |
28620 | +#include <linux/skbuff.h> | |
28621 | +#include <openswan.h> | |
28622 | +#ifdef SPINLOCK | |
28623 | +# ifdef SPINLOCK_23 | |
28624 | +# include <linux/spinlock.h> /* *lock* */ | |
28625 | +# else /* SPINLOCK_23 */ | |
28626 | +# include <asm/spinlock.h> /* *lock* */ | |
28627 | +# endif /* SPINLOCK_23 */ | |
28628 | +#endif /* SPINLOCK */ | |
28629 | + | |
28630 | +#include <net/ip.h> | |
28631 | +#include <net/protocol.h> | |
28632 | + | |
28633 | +#include "openswan/radij.h" | |
28634 | +#include "openswan/ipsec_encap.h" | |
28635 | +#include "openswan/ipsec_sa.h" | |
28636 | + | |
28637 | +#include "openswan/ipsec_radij.h" | |
28638 | +#include "openswan/ipsec_xform.h" | |
28639 | +#include "openswan/ipsec_tunnel.h" | |
28640 | +#include "openswan/ipsec_rcv.h" | |
28641 | +#include "openswan/ipsec_xmit.h" | |
28642 | + | |
28643 | +#include "openswan/ipsec_auth.h" | |
28644 | + | |
28645 | +#ifdef CONFIG_KLIPS_ESP | |
28646 | +#include "openswan/ipsec_esp.h" | |
28647 | +#endif /* CONFIG_KLIPS_ESP */ | |
28648 | + | |
28649 | +#include "openswan/ipsec_proto.h" | |
28650 | +#include "openswan/ipsec_alg.h" | |
28651 | + | |
28652 | +#ifdef CONFIG_KLIPS_DEBUG | |
28653 | +#define ESP_DMP(_x,_y,_z) if(debug_rcv && sysctl_ipsec_debug_verbose) ipsec_dmp_block(_x,_y,_z) | |
28654 | +#else | |
28655 | +#define ESP_DMP(_x,_y,_z) | |
28656 | +#endif | |
28657 | + | |
28658 | +#ifdef CONFIG_KLIPS_ESP | |
28659 | +enum ipsec_rcv_value | |
28660 | +ipsec_rcv_esp_checks(struct ipsec_rcv_state *irs, | |
28661 | + struct sk_buff *skb) | |
28662 | +{ | |
28663 | + __u8 proto; | |
28664 | + int len; /* packet length */ | |
28665 | + | |
28666 | + len = skb->len; | |
28667 | + proto = irs->ipp->protocol; | |
28668 | + | |
28669 | + /* XXX this will need to be 8 for IPv6 */ | |
28670 | + if ((proto == IPPROTO_ESP) && ((len - irs->iphlen) % 4)) { | |
28671 | + printk("klips_error:ipsec_rcv: " | |
28672 | + "got packet with content length = %d from %s -- should be on 4 octet boundary, packet dropped\n", | |
28673 | + len - irs->iphlen, | |
28674 | + irs->ipsaddr_txt); | |
28675 | + if(irs->stats) { | |
28676 | + irs->stats->rx_errors++; | |
28677 | + } | |
28678 | + return IPSEC_RCV_BADLEN; | |
28679 | + } | |
28680 | + | |
28681 | + if(skb->len < (irs->hard_header_len + sizeof(struct iphdr) + sizeof(struct esphdr))) { | |
28682 | + KLIPS_PRINT(debug_rcv & DB_RX_INAU, | |
28683 | + "klips_debug:ipsec_rcv: " | |
28684 | + "runt esp packet of skb->len=%d received from %s, dropped.\n", | |
28685 | + skb->len, | |
28686 | + irs->ipsaddr_txt); | |
28687 | + if(irs->stats) { | |
28688 | + irs->stats->rx_errors++; | |
28689 | + } | |
28690 | + return IPSEC_RCV_BADLEN; | |
28691 | + } | |
28692 | + | |
28693 | + irs->protostuff.espstuff.espp = (struct esphdr *)skb->h.raw; | |
28694 | + irs->said.spi = irs->protostuff.espstuff.espp->esp_spi; | |
28695 | + | |
28696 | + return IPSEC_RCV_OK; | |
28697 | +} | |
28698 | + | |
28699 | +enum ipsec_rcv_value | |
28700 | +ipsec_rcv_esp_decrypt_setup(struct ipsec_rcv_state *irs, | |
28701 | + struct sk_buff *skb, | |
28702 | + __u32 *replay, | |
28703 | + unsigned char **authenticator) | |
28704 | +{ | |
28705 | + struct esphdr *espp = irs->protostuff.espstuff.espp; | |
28706 | + //unsigned char *idat = (unsigned char *)espp; | |
28707 | + | |
28708 | + KLIPS_PRINT(debug_rcv, | |
28709 | + "klips_debug:ipsec_rcv: " | |
28710 | + "packet from %s received with seq=%d (iv)=0x%08x%08x iplen=%d esplen=%d sa=%s\n", | |
28711 | + irs->ipsaddr_txt, | |
28712 | + (__u32)ntohl(espp->esp_rpl), | |
28713 | + (__u32)ntohl(*((__u32 *)(espp->esp_iv) )), | |
28714 | + (__u32)ntohl(*((__u32 *)(espp->esp_iv) + 1)), | |
28715 | + irs->len, | |
28716 | + irs->ilen, | |
28717 | + irs->sa_len ? irs->sa : " (error)"); | |
28718 | + | |
28719 | + *replay = ntohl(espp->esp_rpl); | |
28720 | + *authenticator = &(skb->h.raw[irs->ilen]); | |
28721 | + | |
28722 | + return IPSEC_RCV_OK; | |
28723 | +} | |
28724 | + | |
28725 | +enum ipsec_rcv_value | |
28726 | +ipsec_rcv_esp_authcalc(struct ipsec_rcv_state *irs, | |
28727 | + struct sk_buff *skb) | |
28728 | +{ | |
28729 | + struct auth_alg *aa; | |
28730 | + struct esphdr *espp = irs->protostuff.espstuff.espp; | |
28731 | + union { | |
28732 | + MD5_CTX md5; | |
28733 | + SHA1_CTX sha1; | |
28734 | + } tctx; | |
28735 | + | |
28736 | + if (irs->ipsp->ips_alg_auth) { | |
28737 | + KLIPS_PRINT(debug_rcv, | |
28738 | + "klips_debug:ipsec_rcv: " | |
28739 | + "ipsec_alg hashing proto=%d... ", | |
28740 | + irs->said.proto); | |
28741 | + if(irs->said.proto == IPPROTO_ESP) { | |
28742 | + ipsec_alg_sa_esp_hash(irs->ipsp, | |
28743 | + (caddr_t)espp, irs->ilen, | |
28744 | + irs->hash, AHHMAC_HASHLEN); | |
28745 | + return IPSEC_RCV_OK; | |
28746 | + } | |
28747 | + return IPSEC_RCV_BADPROTO; | |
28748 | + } | |
28749 | + aa = irs->authfuncs; | |
28750 | + | |
28751 | + /* copy the initialized keying material */ | |
28752 | + memcpy(&tctx, irs->ictx, irs->ictx_len); | |
28753 | + | |
28754 | +#ifdef HASH_DEBUG | |
28755 | + ESP_DMP("ictx", irs->ictx, irs->ictx_len); | |
28756 | + | |
28757 | + ESP_DMP("mac_esp", (caddr_t)espp, irs->ilen); | |
28758 | +#endif | |
28759 | + (*aa->update)((void *)&tctx, (caddr_t)espp, irs->ilen); | |
28760 | + | |
28761 | + (*aa->final)(irs->hash, (void *)&tctx); | |
28762 | + | |
28763 | +#ifdef HASH_DEBUG | |
28764 | + ESP_DMP("hash1", irs->hash, aa->hashlen); | |
28765 | +#endif | |
28766 | + | |
28767 | + memcpy(&tctx, irs->octx, irs->octx_len); | |
28768 | + | |
28769 | +#ifdef HASH_DEBUG | |
28770 | + ESP_DMP("octx", irs->octx, irs->octx_len); | |
28771 | +#endif | |
28772 | + | |
28773 | + (*aa->update)((void *)&tctx, irs->hash, aa->hashlen); | |
28774 | + (*aa->final)(irs->hash, (void *)&tctx); | |
28775 | + | |
28776 | + return IPSEC_RCV_OK; | |
28777 | +} | |
28778 | + | |
28779 | + | |
28780 | +enum ipsec_rcv_value | |
28781 | +ipsec_rcv_esp_decrypt(struct ipsec_rcv_state *irs) | |
28782 | +{ | |
28783 | + struct ipsec_sa *ipsp = irs->ipsp; | |
28784 | + struct esphdr *espp = irs->protostuff.espstuff.espp; | |
28785 | + int i; | |
28786 | + int pad = 0, padlen; | |
28787 | + int badpad = 0; | |
28788 | + int esphlen = 0; | |
28789 | + __u8 *idat; /* pointer to content to be decrypted/authenticated */ | |
28790 | + int encaplen = 0; | |
28791 | + struct sk_buff *skb; | |
28792 | + struct ipsec_alg_enc *ixt_e=NULL; | |
28793 | + | |
28794 | + skb=irs->skb; | |
28795 | + | |
28796 | + idat = skb->h.raw; | |
28797 | + | |
28798 | + /* encaplen is the distance between the end of the IP | |
28799 | + * header and the beginning of the ESP header. | |
28800 | + * on ESP headers it is zero, but on UDP-encap ESP | |
28801 | + * it includes the space for the UDP header. | |
28802 | + * | |
28803 | + * Note: UDP-encap code has already moved the | |
28804 | + * skb->data forward to accomodate this. | |
28805 | + */ | |
28806 | + encaplen = idat - (skb->nh.raw + irs->iphlen); | |
28807 | + | |
28808 | + ixt_e=ipsp->ips_alg_enc; | |
28809 | + esphlen = ESP_HEADER_LEN + ixt_e->ixt_common.ixt_support.ias_ivlen/8; | |
28810 | + KLIPS_PRINT(debug_rcv, | |
28811 | + "klips_debug:ipsec_rcv: " | |
28812 | + "encalg=%d esphlen=%d\n", | |
28813 | + ipsp->ips_encalg, esphlen); | |
28814 | + | |
28815 | + idat += esphlen; | |
28816 | + irs->ilen -= esphlen; | |
28817 | + | |
28818 | + if (ipsec_alg_esp_encrypt(ipsp, | |
28819 | + idat, irs->ilen, espp->esp_iv, | |
28820 | + IPSEC_ALG_DECRYPT) <= 0) { | |
28821 | +#ifdef CONFIG_KLIPS_DEBUG | |
28822 | + KLIPS_ERROR(debug_rcv, "klips_error:ipsec_rcv: " | |
28823 | + "got packet with esplen = %d " | |
28824 | + "from %s -- should be on " | |
28825 | + "ENC(%d) octet boundary, " | |
28826 | + "packet dropped\n", | |
28827 | + irs->ilen, | |
28828 | + irs->ipsaddr_txt, | |
28829 | + ipsp->ips_encalg); | |
28830 | +#endif | |
28831 | + if(irs->stats) { | |
28832 | + irs->stats->rx_errors++; | |
28833 | + } | |
28834 | + return IPSEC_RCV_BAD_DECRYPT; | |
28835 | + } | |
28836 | + | |
28837 | + ESP_DMP("postdecrypt", idat, irs->ilen); | |
28838 | + | |
28839 | + irs->next_header = idat[irs->ilen - 1]; | |
28840 | + padlen = idat[irs->ilen - 2]; | |
28841 | + pad = padlen + 2 + irs->authlen; | |
28842 | + | |
28843 | + KLIPS_PRINT(debug_rcv & DB_RX_IPAD, | |
28844 | + "klips_debug:ipsec_rcv: " | |
28845 | + "padlen=%d, contents: 0x<offset>: 0x<value> 0x<value> ...\n", | |
28846 | + padlen); | |
28847 | + | |
28848 | + for (i = 1; i <= padlen; i++) { | |
28849 | + if((i % 16) == 1) { | |
28850 | + KLIPS_PRINT(debug_rcv & DB_RX_IPAD, | |
28851 | + "klips_debug: %02x:", | |
28852 | + i - 1); | |
28853 | + } | |
28854 | + KLIPS_PRINTMORE(debug_rcv & DB_RX_IPAD, | |
28855 | + " %02x", | |
28856 | + idat[irs->ilen - 2 - padlen + i - 1]); | |
28857 | + if(i != idat[irs->ilen - 2 - padlen + i - 1]) { | |
28858 | + badpad = 1; | |
28859 | + } | |
28860 | + if((i % 16) == 0) { | |
28861 | + KLIPS_PRINTMORE(debug_rcv & DB_RX_IPAD, | |
28862 | + "\n"); | |
28863 | + } | |
28864 | + } | |
28865 | + if((i % 16) != 1) { | |
28866 | + KLIPS_PRINTMORE(debug_rcv & DB_RX_IPAD, | |
28867 | + "\n"); | |
28868 | + } | |
28869 | + if(badpad) { | |
28870 | + KLIPS_PRINT(debug_rcv & DB_RX_IPAD, | |
28871 | + "klips_debug:ipsec_rcv: " | |
28872 | + "warning, decrypted packet from %s has bad padding\n", | |
28873 | + irs->ipsaddr_txt); | |
28874 | + KLIPS_PRINT(debug_rcv & DB_RX_IPAD, | |
28875 | + "klips_debug:ipsec_rcv: " | |
28876 | + "...may be bad decryption -- not dropped\n"); | |
28877 | + ipsp->ips_errs.ips_encpad_errs += 1; | |
28878 | + } | |
28879 | + | |
28880 | + KLIPS_PRINT(debug_rcv & DB_RX_IPAD, | |
28881 | + "klips_debug:ipsec_rcv: " | |
28882 | + "packet decrypted from %s: next_header = %d, padding = %d\n", | |
28883 | + irs->ipsaddr_txt, | |
28884 | + irs->next_header, | |
28885 | + pad - 2 - irs->authlen); | |
28886 | + | |
28887 | + irs->ipp->tot_len = htons(ntohs(irs->ipp->tot_len) - (esphlen + pad)); | |
28888 | + | |
28889 | + /* | |
28890 | + * move the IP header forward by the size of the ESP header, which | |
28891 | + * will remove the the ESP header from the packet. | |
28892 | + * | |
28893 | + * XXX this is really unnecessary, since odds we are in tunnel | |
28894 | + * mode, and we will be *removing* this IP header. | |
28895 | + * | |
28896 | + */ | |
28897 | + memmove((void *)(idat - irs->iphlen), | |
28898 | + (void *)(skb->nh.raw), irs->iphlen); | |
28899 | + | |
28900 | + ESP_DMP("esp postmove", (idat - irs->iphlen), | |
28901 | + irs->iphlen + irs->ilen); | |
28902 | + | |
28903 | + /* skb_pull below, will move up by esphlen */ | |
28904 | + | |
28905 | + /* XXX not clear how this can happen, as the message indicates */ | |
28906 | + if(skb->len < esphlen) { | |
28907 | + printk(KERN_WARNING | |
28908 | + "klips_error:ipsec_rcv: " | |
28909 | + "tried to skb_pull esphlen=%d, %d available. This should never happen, please report.\n", | |
28910 | + esphlen, (int)(skb->len)); | |
28911 | + return IPSEC_RCV_ESP_DECAPFAIL; | |
28912 | + } | |
28913 | + skb_pull(skb, esphlen); | |
28914 | + skb->nh.raw = idat - irs->iphlen; | |
28915 | + irs->ipp = skb->nh.iph; | |
28916 | + | |
28917 | + ESP_DMP("esp postpull", skb->data, skb->len); | |
28918 | + | |
28919 | + /* now, trip off the padding from the end */ | |
28920 | + KLIPS_PRINT(debug_rcv & DB_RX_PKTRX, | |
28921 | + "klips_debug:ipsec_rcv: " | |
28922 | + "trimming to %d.\n", | |
28923 | + irs->len - esphlen - pad); | |
28924 | + if(pad + esphlen <= irs->len) { | |
28925 | + skb_trim(skb, irs->len - esphlen - pad); | |
28926 | + } else { | |
28927 | + KLIPS_PRINT(debug_rcv & DB_RX_PKTRX, | |
28928 | + "klips_debug:ipsec_rcv: " | |
28929 | + "bogus packet, size is zero or negative, dropping.\n"); | |
28930 | + return IPSEC_RCV_DECAPFAIL; | |
28931 | + } | |
28932 | + | |
28933 | + return IPSEC_RCV_OK; | |
28934 | +} | |
28935 | + | |
28936 | +/* | |
28937 | + * | |
28938 | + */ | |
28939 | +enum ipsec_xmit_value | |
28940 | +ipsec_xmit_esp_setup(struct ipsec_xmit_state *ixs) | |
28941 | +{ | |
28942 | +#ifdef CONFIG_KLIPS_ENC_3DES | |
28943 | + __u32 iv[2]; | |
28944 | +#endif | |
28945 | + struct esphdr *espp; | |
28946 | + int ilen = 0; | |
28947 | + int padlen = 0, i; | |
28948 | + unsigned char *dat; | |
28949 | + unsigned char *idat, *pad; | |
28950 | + __u8 hash[AH_AMAX]; | |
28951 | + union { | |
28952 | +#ifdef CONFIG_KLIPS_AUTH_HMAC_MD5 | |
28953 | + MD5_CTX md5; | |
28954 | +#endif /* CONFIG_KLIPS_AUTH_HMAC_MD5 */ | |
28955 | +#ifdef CONFIG_KLIPS_AUTH_HMAC_SHA1 | |
28956 | + SHA1_CTX sha1; | |
28957 | +#endif /* CONFIG_KLIPS_AUTH_HMAC_SHA1 */ | |
28958 | + } tctx; | |
28959 | + | |
28960 | + dat = (unsigned char *)ixs->iph; | |
28961 | + | |
28962 | + espp = (struct esphdr *)(dat + ixs->iphlen); | |
28963 | + espp->esp_spi = ixs->ipsp->ips_said.spi; | |
28964 | + espp->esp_rpl = htonl(++(ixs->ipsp->ips_replaywin_lastseq)); | |
28965 | + | |
28966 | + switch(ixs->ipsp->ips_encalg) { | |
28967 | +#if defined(CONFIG_KLIPS_ENC_3DES) | |
28968 | +#ifdef CONFIG_KLIPS_ENC_3DES | |
28969 | + case ESP_3DES: | |
28970 | +#endif /* CONFIG_KLIPS_ENC_3DES */ | |
28971 | + iv[0] = *((__u32*)&(espp->esp_iv) ) = | |
28972 | + ((__u32*)(ixs->ipsp->ips_iv))[0]; | |
28973 | + iv[1] = *((__u32*)&(espp->esp_iv) + 1) = | |
28974 | + ((__u32*)(ixs->ipsp->ips_iv))[1]; | |
28975 | + break; | |
28976 | +#endif /* defined(CONFIG_KLIPS_ENC_3DES) */ | |
28977 | + default: | |
28978 | + ixs->stats->tx_errors++; | |
28979 | + return IPSEC_XMIT_ESP_BADALG; | |
28980 | + } | |
28981 | + | |
28982 | + idat = dat + ixs->iphlen + sizeof(struct esphdr); | |
28983 | + ilen = ixs->skb->len - (ixs->iphlen + sizeof(struct esphdr) + ixs->authlen); | |
28984 | + | |
28985 | + /* Self-describing padding */ | |
28986 | + pad = &dat[ixs->skb->len - ixs->tailroom]; | |
28987 | + padlen = ixs->tailroom - 2 - ixs->authlen; | |
28988 | + for (i = 0; i < padlen; i++) { | |
28989 | + pad[i] = i + 1; | |
28990 | + } | |
28991 | + dat[ixs->skb->len - ixs->authlen - 2] = padlen; | |
28992 | + | |
28993 | + dat[ixs->skb->len - ixs->authlen - 1] = ixs->iph->protocol; | |
28994 | + ixs->iph->protocol = IPPROTO_ESP; | |
28995 | + | |
28996 | + switch(ixs->ipsp->ips_encalg) { | |
28997 | +#ifdef CONFIG_KLIPS_ENC_3DES | |
28998 | + case ESP_3DES: | |
28999 | + des_ede3_cbc_encrypt((des_cblock *)idat, | |
29000 | + (des_cblock *)idat, | |
29001 | + ilen, | |
29002 | + ((struct des_eks *)(ixs->ipsp->ips_key_e))[0].ks, | |
29003 | + ((struct des_eks *)(ixs->ipsp->ips_key_e))[1].ks, | |
29004 | + ((struct des_eks *)(ixs->ipsp->ips_key_e))[2].ks, | |
29005 | + (des_cblock *)iv, 1); | |
29006 | + break; | |
29007 | +#endif /* CONFIG_KLIPS_ENC_3DES */ | |
29008 | + default: | |
29009 | + ixs->stats->tx_errors++; | |
29010 | + return IPSEC_XMIT_ESP_BADALG; | |
29011 | + } | |
29012 | + | |
29013 | + switch(ixs->ipsp->ips_encalg) { | |
29014 | +#if defined(CONFIG_KLIPS_ENC_3DES) | |
29015 | +#ifdef CONFIG_KLIPS_ENC_3DES | |
29016 | + case ESP_3DES: | |
29017 | +#endif /* CONFIG_KLIPS_ENC_3DES */ | |
29018 | + /* XXX update IV with the last 8 octets of the encryption */ | |
29019 | +#if KLIPS_IMPAIRMENT_ESPIV_CBC_ATTACK | |
29020 | + ((__u32*)(ixs->ipsp->ips_iv))[0] = | |
29021 | + ((__u32 *)(idat))[(ilen >> 2) - 2]; | |
29022 | + ((__u32*)(ixs->ipsp->ips_iv))[1] = | |
29023 | + ((__u32 *)(idat))[(ilen >> 2) - 1]; | |
29024 | +#else /* KLIPS_IMPAIRMENT_ESPIV_CBC_ATTACK */ | |
29025 | + prng_bytes(&ipsec_prng, (char *)ixs->ipsp->ips_iv, EMT_ESPDES_IV_SZ); | |
29026 | +#endif /* KLIPS_IMPAIRMENT_ESPIV_CBC_ATTACK */ | |
29027 | + break; | |
29028 | +#endif /* defined(CONFIG_KLIPS_ENC_3DES) */ | |
29029 | + default: | |
29030 | + ixs->stats->tx_errors++; | |
29031 | + return IPSEC_XMIT_ESP_BADALG; | |
29032 | + } | |
29033 | + | |
29034 | + switch(ixs->ipsp->ips_authalg) { | |
29035 | +#ifdef CONFIG_KLIPS_AUTH_HMAC_MD5 | |
29036 | + case AH_MD5: | |
29037 | + ipsec_xmit_dmp("espp", (char*)espp, ixs->skb->len - ixs->iphlen - ixs->authlen); | |
29038 | + tctx.md5 = ((struct md5_ctx*)(ixs->ipsp->ips_key_a))->ictx; | |
29039 | + ipsec_xmit_dmp("ictx", (char*)&tctx.md5, sizeof(tctx.md5)); | |
29040 | + osMD5Update(&tctx.md5, (caddr_t)espp, ixs->skb->len - ixs->iphlen - ixs->authlen); | |
29041 | + ipsec_xmit_dmp("ictx+dat", (char*)&tctx.md5, sizeof(tctx.md5)); | |
29042 | + osMD5Final(hash, &tctx.md5); | |
29043 | + ipsec_xmit_dmp("ictx hash", (char*)&hash, sizeof(hash)); | |
29044 | + tctx.md5 = ((struct md5_ctx*)(ixs->ipsp->ips_key_a))->octx; | |
29045 | + ipsec_xmit_dmp("octx", (char*)&tctx.md5, sizeof(tctx.md5)); | |
29046 | + osMD5Update(&tctx.md5, hash, AHMD596_ALEN); | |
29047 | + ipsec_xmit_dmp("octx+hash", (char*)&tctx.md5, sizeof(tctx.md5)); | |
29048 | + osMD5Final(hash, &tctx.md5); | |
29049 | + ipsec_xmit_dmp("octx hash", (char*)&hash, sizeof(hash)); | |
29050 | + memcpy(&(dat[ixs->skb->len - ixs->authlen]), hash, ixs->authlen); | |
29051 | + | |
29052 | + /* paranoid */ | |
29053 | + memset((caddr_t)&tctx.md5, 0, sizeof(tctx.md5)); | |
29054 | + memset((caddr_t)hash, 0, sizeof(*hash)); | |
29055 | + break; | |
29056 | +#endif /* CONFIG_KLIPS_AUTH_HMAC_MD5 */ | |
29057 | +#ifdef CONFIG_KLIPS_AUTH_HMAC_SHA1 | |
29058 | + case AH_SHA: | |
29059 | + tctx.sha1 = ((struct sha1_ctx*)(ixs->ipsp->ips_key_a))->ictx; | |
29060 | + SHA1Update(&tctx.sha1, (caddr_t)espp, ixs->skb->len - ixs->iphlen - ixs->authlen); | |
29061 | + SHA1Final(hash, &tctx.sha1); | |
29062 | + tctx.sha1 = ((struct sha1_ctx*)(ixs->ipsp->ips_key_a))->octx; | |
29063 | + SHA1Update(&tctx.sha1, hash, AHSHA196_ALEN); | |
29064 | + SHA1Final(hash, &tctx.sha1); | |
29065 | + memcpy(&(dat[ixs->skb->len - ixs->authlen]), hash, ixs->authlen); | |
29066 | + | |
29067 | + /* paranoid */ | |
29068 | + memset((caddr_t)&tctx.sha1, 0, sizeof(tctx.sha1)); | |
29069 | + memset((caddr_t)hash, 0, sizeof(*hash)); | |
29070 | + break; | |
29071 | +#endif /* CONFIG_KLIPS_AUTH_HMAC_SHA1 */ | |
29072 | + case AH_NONE: | |
29073 | + break; | |
29074 | + default: | |
29075 | + ixs->stats->tx_errors++; | |
29076 | + return IPSEC_XMIT_AH_BADALG; | |
29077 | + } | |
29078 | + | |
29079 | + ixs->skb->h.raw = (unsigned char*)espp; | |
29080 | + | |
29081 | + return IPSEC_XMIT_OK; | |
29082 | +} | |
29083 | + | |
29084 | + | |
29085 | +struct xform_functions esp_xform_funcs[]={ | |
29086 | + { rcv_checks: ipsec_rcv_esp_checks, | |
29087 | + rcv_setup_auth: ipsec_rcv_esp_decrypt_setup, | |
29088 | + rcv_calc_auth: ipsec_rcv_esp_authcalc, | |
29089 | + rcv_decrypt: ipsec_rcv_esp_decrypt, | |
29090 | + | |
29091 | + xmit_setup: ipsec_xmit_esp_setup, | |
29092 | + xmit_headroom: sizeof(struct esphdr), | |
29093 | + xmit_needtailroom: 1, | |
29094 | + }, | |
29095 | +}; | |
29096 | + | |
29097 | +#ifdef NET_26 | |
29098 | +struct inet_protocol esp_protocol = { | |
29099 | + .handler = ipsec_rcv, | |
29100 | + .no_policy = 1, | |
29101 | +}; | |
29102 | +#else | |
29103 | +struct inet_protocol esp_protocol = | |
29104 | +{ | |
29105 | + ipsec_rcv, /* ESP handler */ | |
29106 | + NULL, /* TUNNEL error control */ | |
29107 | +#ifdef NETDEV_25 | |
29108 | + 1, /* no policy */ | |
29109 | +#else | |
29110 | + 0, /* next */ | |
29111 | + IPPROTO_ESP, /* protocol ID */ | |
29112 | + 0, /* copy */ | |
29113 | + NULL, /* data */ | |
29114 | + "ESP" /* name */ | |
29115 | +#endif | |
29116 | +}; | |
29117 | +#endif /* NET_26 */ | |
29118 | + | |
29119 | +#endif /* !CONFIG_KLIPS_ESP */ | |
29120 | + | |
29121 | + | |
29122 | +/* | |
29123 | + * $Log: ipsec_esp.c,v $ | |
29124 | + * Revision 1.13.2.6 2006/10/06 21:39:26 paul | |
29125 | + * Fix for 2.6.18+ only include linux/config.h if AUTOCONF_INCLUDED is not | |
29126 | + * set. This is defined through autoconf.h which is included through the | |
29127 | + * linux kernel build macros. | |
29128 | + * | |
29129 | + * Revision 1.13.2.5 2006/08/24 03:02:01 paul | |
29130 | + * Compile fixes for when CONFIG_KLIPS_DEBUG is not set. (bug #642) | |
29131 | + * | |
29132 | + * Revision 1.13.2.4 2006/05/06 03:07:38 ken | |
29133 | + * Pull in proper padsize->tailroom fix from #public | |
29134 | + * Need to do correct math on padlen since padsize is not equal to tailroom | |
29135 | + * | |
29136 | + * Revision 1.13.2.3 2006/05/05 03:58:04 ken | |
29137 | + * ixs->padsize becomes ixs->tailroom | |
29138 | + * | |
29139 | + * Revision 1.13.2.2 2006/05/01 14:36:03 mcr | |
29140 | + * use KLIPS_ERROR for fatal things. | |
29141 | + * | |
29142 | + * Revision 1.13.2.1 2006/04/20 16:33:06 mcr | |
29143 | + * remove all of CONFIG_KLIPS_ALG --- one can no longer build without it. | |
29144 | + * Fix in-kernel module compilation. Sub-makefiles do not work. | |
29145 | + * | |
29146 | + * Revision 1.13 2005/05/21 03:19:57 mcr | |
29147 | + * hash ctx is not really that interesting most of the time. | |
29148 | + * | |
29149 | + * Revision 1.12 2005/05/11 01:28:49 mcr | |
29150 | + * removed "poor-man"s OOP in favour of proper C structures. | |
29151 | + * | |
29152 | + * Revision 1.11 2005/04/29 05:10:22 mcr | |
29153 | + * removed from extraenous includes to make unit testing easier. | |
29154 | + * | |
29155 | + * Revision 1.10 2005/04/17 04:36:14 mcr | |
29156 | + * code now deals with ESP and UDP-ESP code. | |
29157 | + * | |
29158 | + * Revision 1.9 2005/04/15 19:52:30 mcr | |
29159 | + * adjustments to use proper skb fields for data. | |
29160 | + * | |
29161 | + * Revision 1.8 2004/09/14 00:22:57 mcr | |
29162 | + * adjustment of MD5* functions. | |
29163 | + * | |
29164 | + * Revision 1.7 2004/09/13 02:23:01 mcr | |
29165 | + * #define inet_protocol if necessary. | |
29166 | + * | |
29167 | + * Revision 1.6 2004/09/06 18:35:49 mcr | |
29168 | + * 2.6.8.1 gets rid of inet_protocol->net_protocol compatibility, | |
29169 | + * so adjust for that. | |
29170 | + * | |
29171 | + * Revision 1.5 2004/08/17 03:27:23 mcr | |
29172 | + * klips 2.6 edits. | |
29173 | + * | |
29174 | + * Revision 1.4 2004/08/04 15:57:07 mcr | |
29175 | + * moved des .h files to include/des/ * | |
29176 | + * included 2.6 protocol specific things | |
29177 | + * started at NAT-T support, but it will require a kernel patch. | |
29178 | + * | |
29179 | + * Revision 1.3 2004/07/10 19:11:18 mcr | |
29180 | + * CONFIG_IPSEC -> CONFIG_KLIPS. | |
29181 | + * | |
29182 | + * Revision 1.2 2004/04/06 02:49:25 mcr | |
29183 | + * pullup of algo code from alg-branch. | |
29184 | + * | |
29185 | + * | |
29186 | + * | |
29187 | + */ | |
29188 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
29189 | +++ linux/net/ipsec/ipsec_init.c Mon Feb 9 13:51:03 2004 | |
29190 | @@ -0,0 +1,614 @@ | |
29191 | +/* | |
29192 | + * @(#) Initialization code. | |
29193 | + * Copyright (C) 1996, 1997 John Ioannidis. | |
29194 | + * Copyright (C) 1998 - 2002 Richard Guy Briggs <rgb@freeswan.org> | |
29195 | + * 2001 - 2004 Michael Richardson <mcr@xelerance.com> | |
29196 | + * | |
29197 | + * This program is free software; you can redistribute it and/or modify it | |
29198 | + * under the terms of the GNU General Public License as published by the | |
29199 | + * Free Software Foundation; either version 2 of the License, or (at your | |
29200 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
29201 | + * | |
29202 | + * This program is distributed in the hope that it will be useful, but | |
29203 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
29204 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
29205 | + * for more details. | |
29206 | + * | |
29207 | + * /proc system code was split out into ipsec_proc.c after rev. 1.70. | |
29208 | + * | |
29209 | + */ | |
29210 | + | |
29211 | +char ipsec_init_c_version[] = "RCSID $Id: ipsec_init.c,v 1.104.2.4 2006/10/06 21:39:26 paul Exp $"; | |
29212 | + | |
29213 | +#ifndef AUTOCONF_INCLUDED | |
29214 | +#include <linux/config.h> | |
29215 | +#endif | |
29216 | +#include <linux/version.h> | |
29217 | +#include <linux/module.h> | |
29218 | +#include <linux/kernel.h> /* printk() */ | |
29219 | + | |
29220 | +#include "openswan/ipsec_param.h" | |
29221 | + | |
29222 | +#ifdef MALLOC_SLAB | |
29223 | +# include <linux/slab.h> /* kmalloc() */ | |
29224 | +#else /* MALLOC_SLAB */ | |
29225 | +# include <linux/malloc.h> /* kmalloc() */ | |
29226 | +#endif /* MALLOC_SLAB */ | |
29227 | +#include <linux/errno.h> /* error codes */ | |
29228 | +#include <linux/types.h> /* size_t */ | |
29229 | +#include <linux/interrupt.h> /* mark_bh */ | |
29230 | + | |
29231 | +#include <linux/netdevice.h> /* struct device, and other headers */ | |
29232 | +#include <linux/etherdevice.h> /* eth_type_trans */ | |
29233 | +#include <linux/ip.h> /* struct iphdr */ | |
29234 | +#include <linux/in.h> /* struct sockaddr_in */ | |
29235 | +#include <linux/skbuff.h> | |
29236 | +#include <linux/random.h> /* get_random_bytes() */ | |
29237 | +#include <net/protocol.h> | |
29238 | + | |
29239 | +#include <openswan.h> | |
29240 | + | |
29241 | +#ifdef SPINLOCK | |
29242 | +# ifdef SPINLOCK_23 | |
29243 | +# include <linux/spinlock.h> /* *lock* */ | |
29244 | +# else /* 23_SPINLOCK */ | |
29245 | +# include <asm/spinlock.h> /* *lock* */ | |
29246 | +# endif /* 23_SPINLOCK */ | |
29247 | +#endif /* SPINLOCK */ | |
29248 | + | |
29249 | +#include <net/ip.h> | |
29250 | + | |
29251 | +#ifdef CONFIG_PROC_FS | |
29252 | +# include <linux/proc_fs.h> | |
29253 | +#endif /* CONFIG_PROC_FS */ | |
29254 | + | |
29255 | +#ifdef NETLINK_SOCK | |
29256 | +# include <linux/netlink.h> | |
29257 | +#else | |
29258 | +# include <net/netlink.h> | |
29259 | +#endif | |
29260 | + | |
29261 | +#include "openswan/radij.h" | |
29262 | + | |
29263 | +#include "openswan/ipsec_life.h" | |
29264 | +#include "openswan/ipsec_stats.h" | |
29265 | +#include "openswan/ipsec_sa.h" | |
29266 | + | |
29267 | +#include "openswan/ipsec_encap.h" | |
29268 | +#include "openswan/ipsec_radij.h" | |
29269 | +#include "openswan/ipsec_xform.h" | |
29270 | +#include "openswan/ipsec_tunnel.h" | |
29271 | + | |
29272 | +#include "openswan/ipsec_rcv.h" | |
29273 | +#include "openswan/ipsec_ah.h" | |
29274 | +#include "openswan/ipsec_esp.h" | |
29275 | + | |
29276 | +#ifdef CONFIG_KLIPS_IPCOMP | |
29277 | +# include "openswan/ipcomp.h" | |
29278 | +#endif /* CONFIG_KLIPS_IPCOMP */ | |
29279 | + | |
29280 | +#include "openswan/ipsec_proto.h" | |
29281 | +#include "openswan/ipsec_alg.h" | |
29282 | + | |
29283 | +#include <pfkeyv2.h> | |
29284 | +#include <pfkey.h> | |
29285 | + | |
29286 | +#if defined(NET_26) && defined(CONFIG_IPSEC_NAT_TRAVERSAL) | |
29287 | +#include <net/xfrmudp.h> | |
29288 | +#endif | |
29289 | + | |
29290 | +#if defined(NET_26) && defined(CONFIG_IPSEC_NAT_TRAVERSAL) && !defined(HAVE_XFRM4_UDP_REGISTER) | |
29291 | +#warning "You are trying to build KLIPS2.6 with NAT-T support, but you did not" | |
29292 | +#error "properly apply the NAT-T patch to your 2.6 kernel source tree." | |
29293 | +#endif | |
29294 | + | |
29295 | +#if !defined(CONFIG_KLIPS_ESP) && !defined(CONFIG_KLIPS_AH) | |
29296 | +#error "kernel configuration must include ESP or AH" | |
29297 | +#endif | |
29298 | + | |
29299 | +/* | |
29300 | + * seems to be present in 2.4.10 (Linus), but also in some RH and other | |
29301 | + * distro kernels of a lower number. | |
29302 | + */ | |
29303 | +#ifdef MODULE_LICENSE | |
29304 | +MODULE_LICENSE("GPL"); | |
29305 | +#endif | |
29306 | + | |
29307 | +#ifdef CONFIG_KLIPS_DEBUG | |
29308 | +int debug_eroute = 0; | |
29309 | +int debug_spi = 0; | |
29310 | +int debug_netlink = 0; | |
29311 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
29312 | + | |
29313 | +struct prng ipsec_prng; | |
29314 | + | |
29315 | + | |
29316 | +#if defined(NET_26) && defined(CONFIG_IPSEC_NAT_TRAVERSAL) | |
29317 | +xfrm4_rcv_encap_t klips_old_encap = NULL; | |
29318 | +#endif | |
29319 | + | |
29320 | +extern int ipsec_device_event(struct notifier_block *dnot, unsigned long event, void *ptr); | |
29321 | +/* | |
29322 | + * the following structure is required so that we receive | |
29323 | + * event notifications when network devices are enabled and | |
29324 | + * disabled (ifconfig up and down). | |
29325 | + */ | |
29326 | +static struct notifier_block ipsec_dev_notifier={ | |
29327 | + ipsec_device_event, | |
29328 | + NULL, | |
29329 | + 0 | |
29330 | +}; | |
29331 | + | |
29332 | +#ifdef CONFIG_SYSCTL | |
29333 | +extern int ipsec_sysctl_register(void); | |
29334 | +extern void ipsec_sysctl_unregister(void); | |
29335 | +#endif | |
29336 | + | |
29337 | +#if defined(NET_26) || defined(IPSKB_XFRM_TUNNEL_SIZE) | |
29338 | +static inline int | |
29339 | +openswan_inet_add_protocol(struct inet_protocol *prot, unsigned protocol) | |
29340 | +{ | |
29341 | + return inet_add_protocol(prot, protocol); | |
29342 | +} | |
29343 | + | |
29344 | +static inline int | |
29345 | +openswan_inet_del_protocol(struct inet_protocol *prot, unsigned protocol) | |
29346 | +{ | |
29347 | + return inet_del_protocol(prot, protocol); | |
29348 | +} | |
29349 | + | |
29350 | +#else | |
29351 | +static inline int | |
29352 | +openswan_inet_add_protocol(struct inet_protocol *prot, unsigned protocol) | |
29353 | +{ | |
29354 | + inet_add_protocol(prot); | |
29355 | + return 0; | |
29356 | +} | |
29357 | + | |
29358 | +static inline int | |
29359 | +openswan_inet_del_protocol(struct inet_protocol *prot, unsigned protocol) | |
29360 | +{ | |
29361 | + inet_del_protocol(prot); | |
29362 | + return 0; | |
29363 | +} | |
29364 | + | |
29365 | +#endif | |
29366 | + | |
29367 | +/* void */ | |
29368 | +int | |
29369 | +ipsec_klips_init(void) | |
29370 | +{ | |
29371 | + int error = 0; | |
29372 | + unsigned char seed[256]; | |
29373 | +#ifdef CONFIG_KLIPS_ENC_3DES | |
29374 | + extern int des_check_key; | |
29375 | + | |
29376 | + /* turn off checking of keys */ | |
29377 | + des_check_key=0; | |
29378 | +#endif /* CONFIG_KLIPS_ENC_3DES */ | |
29379 | + | |
29380 | + KLIPS_PRINT(1, "klips_info:ipsec_init: " | |
29381 | + "KLIPS startup, Openswan KLIPS IPsec stack version: %s\n", | |
29382 | + ipsec_version_code()); | |
29383 | + | |
29384 | + error |= ipsec_proc_init(); | |
29385 | + | |
29386 | +#ifdef SPINLOCK | |
29387 | + ipsec_sadb.sadb_lock = SPIN_LOCK_UNLOCKED; | |
29388 | +#else /* SPINLOCK */ | |
29389 | + ipsec_sadb.sadb_lock = 0; | |
29390 | +#endif /* SPINLOCK */ | |
29391 | + | |
29392 | +#ifndef SPINLOCK | |
29393 | + tdb_lock.lock = 0; | |
29394 | + eroute_lock.lock = 0; | |
29395 | +#endif /* !SPINLOCK */ | |
29396 | + | |
29397 | + error |= ipsec_sadb_init(); | |
29398 | + error |= ipsec_radijinit(); | |
29399 | + | |
29400 | + error |= pfkey_init(); | |
29401 | + | |
29402 | + error |= register_netdevice_notifier(&ipsec_dev_notifier); | |
29403 | + | |
29404 | +#ifdef CONFIG_KLIPS_ESP | |
29405 | + openswan_inet_add_protocol(&esp_protocol, IPPROTO_ESP); | |
29406 | +#endif /* CONFIG_KLIPS_ESP */ | |
29407 | + | |
29408 | +#ifdef CONFIG_KLIPS_AH | |
29409 | + openswan_inet_add_protocol(&ah_protocol, IPPROTO_AH); | |
29410 | +#endif /* CONFIG_KLIPS_AH */ | |
29411 | + | |
29412 | +/* we never actually link IPCOMP to the stack */ | |
29413 | +#ifdef IPCOMP_USED_ALONE | |
29414 | +#ifdef CONFIG_KLIPS_IPCOMP | |
29415 | + openswan_inet_add_protocol(&comp_protocol, IPPROTO_COMP); | |
29416 | +#endif /* CONFIG_KLIPS_IPCOMP */ | |
29417 | +#endif | |
29418 | + | |
29419 | + error |= ipsec_tunnel_init_devices(); | |
29420 | + | |
29421 | +#if defined(NET_26) && defined(CONFIG_IPSEC_NAT_TRAVERSAL) | |
29422 | + /* register our ESP-UDP handler */ | |
29423 | + if(udp4_register_esp_rcvencap(klips26_rcv_encap | |
29424 | + , &klips_old_encap)!=0) { | |
29425 | + printk(KERN_ERR "KLIPS: can not register klips_rcv_encap function\n"); | |
29426 | + } | |
29427 | +#endif | |
29428 | + | |
29429 | + | |
29430 | +#ifdef CONFIG_SYSCTL | |
29431 | + error |= ipsec_sysctl_register(); | |
29432 | +#endif | |
29433 | + | |
29434 | + ipsec_alg_init(); | |
29435 | + | |
29436 | + get_random_bytes((void *)seed, sizeof(seed)); | |
29437 | + prng_init(&ipsec_prng, seed, sizeof(seed)); | |
29438 | + | |
29439 | + return error; | |
29440 | +} | |
29441 | + | |
29442 | + | |
29443 | +/* void */ | |
29444 | +int | |
29445 | +ipsec_cleanup(void) | |
29446 | +{ | |
29447 | + int error = 0; | |
29448 | + | |
29449 | +#ifdef CONFIG_SYSCTL | |
29450 | + ipsec_sysctl_unregister(); | |
29451 | +#endif | |
29452 | +#if defined(NET_26) && defined(CONFIG_IPSEC_NAT_TRAVERSAL) | |
29453 | + if(udp4_unregister_esp_rcvencap(klips_old_encap) < 0) { | |
29454 | + printk(KERN_ERR "KLIPS: can not unregister klips_rcv_encap function\n"); | |
29455 | + } | |
29456 | +#endif | |
29457 | + | |
29458 | + KLIPS_PRINT(debug_netlink, /* debug_tunnel & DB_TN_INIT, */ | |
29459 | + "klips_debug:ipsec_cleanup: " | |
29460 | + "calling ipsec_tunnel_cleanup_devices.\n"); | |
29461 | + error |= ipsec_tunnel_cleanup_devices(); | |
29462 | + | |
29463 | + KLIPS_PRINT(debug_netlink, "called ipsec_tunnel_cleanup_devices"); | |
29464 | + | |
29465 | +/* we never actually link IPCOMP to the stack */ | |
29466 | +#ifdef IPCOMP_USED_ALONE | |
29467 | +#ifdef CONFIG_KLIPS_IPCOMP | |
29468 | + if (openswan_inet_del_protocol(&comp_protocol, IPPROTO_COMP) < 0) | |
29469 | + printk(KERN_INFO "klips_debug:ipsec_cleanup: " | |
29470 | + "comp close: can't remove protocol\n"); | |
29471 | +#endif /* CONFIG_KLIPS_IPCOMP */ | |
29472 | +#endif /* IPCOMP_USED_ALONE */ | |
29473 | + | |
29474 | +#ifdef CONFIG_KLIPS_AH | |
29475 | + if (openswan_inet_del_protocol(&ah_protocol, IPPROTO_AH) < 0) | |
29476 | + printk(KERN_INFO "klips_debug:ipsec_cleanup: " | |
29477 | + "ah close: can't remove protocol\n"); | |
29478 | +#endif /* CONFIG_KLIPS_AH */ | |
29479 | + | |
29480 | +#ifdef CONFIG_KLIPS_ESP | |
29481 | + if (openswan_inet_del_protocol(&esp_protocol, IPPROTO_ESP) < 0) | |
29482 | + printk(KERN_INFO "klips_debug:ipsec_cleanup: " | |
29483 | + "esp close: can't remove protocol\n"); | |
29484 | +#endif /* CONFIG_KLIPS_ESP */ | |
29485 | + | |
29486 | + error |= unregister_netdevice_notifier(&ipsec_dev_notifier); | |
29487 | + | |
29488 | + KLIPS_PRINT(debug_netlink, /* debug_tunnel & DB_TN_INIT, */ | |
29489 | + "klips_debug:ipsec_cleanup: " | |
29490 | + "calling ipsec_sadb_cleanup.\n"); | |
29491 | + error |= ipsec_sadb_cleanup(0); | |
29492 | + error |= ipsec_sadb_free(); | |
29493 | + | |
29494 | + KLIPS_PRINT(debug_netlink, /* debug_tunnel & DB_TN_INIT, */ | |
29495 | + "klips_debug:ipsec_cleanup: " | |
29496 | + "calling ipsec_radijcleanup.\n"); | |
29497 | + error |= ipsec_radijcleanup(); | |
29498 | + | |
29499 | + KLIPS_PRINT(debug_pfkey, /* debug_tunnel & DB_TN_INIT, */ | |
29500 | + "klips_debug:ipsec_cleanup: " | |
29501 | + "calling pfkey_cleanup.\n"); | |
29502 | + error |= pfkey_cleanup(); | |
29503 | + | |
29504 | + ipsec_proc_cleanup(); | |
29505 | + | |
29506 | + prng_final(&ipsec_prng); | |
29507 | + | |
29508 | + return error; | |
29509 | +} | |
29510 | + | |
29511 | +#ifdef MODULE | |
29512 | +int | |
29513 | +init_module(void) | |
29514 | +{ | |
29515 | + int error = 0; | |
29516 | + | |
29517 | + error |= ipsec_klips_init(); | |
29518 | + | |
29519 | + return error; | |
29520 | +} | |
29521 | + | |
29522 | +void | |
29523 | +cleanup_module(void) | |
29524 | +{ | |
29525 | + KLIPS_PRINT(debug_netlink, /* debug_tunnel & DB_TN_INIT, */ | |
29526 | + "klips_debug:cleanup_module: " | |
29527 | + "calling ipsec_cleanup.\n"); | |
29528 | + | |
29529 | + ipsec_cleanup(); | |
29530 | + | |
29531 | + KLIPS_PRINT(1, "klips_info:cleanup_module: " | |
29532 | + "ipsec module unloaded.\n"); | |
29533 | +} | |
29534 | +#endif /* MODULE */ | |
29535 | + | |
29536 | +/* | |
29537 | + * $Log: ipsec_init.c,v $ | |
29538 | + * Revision 1.104.2.4 2006/10/06 21:39:26 paul | |
29539 | + * Fix for 2.6.18+ only include linux/config.h if AUTOCONF_INCLUDED is not | |
29540 | + * set. This is defined through autoconf.h which is included through the | |
29541 | + * linux kernel build macros. | |
29542 | + * | |
29543 | + * Revision 1.104.2.3 2006/07/31 15:25:20 paul | |
29544 | + * Check for NETKEY backport in Debian using IPSKB_XFRM_TUNNEL_SIZE to | |
29545 | + * determine wether inet_add_protocol needs the protocol argument. | |
29546 | + * | |
29547 | + * Revision 1.104.2.2 2006/04/20 16:33:06 mcr | |
29548 | + * remove all of CONFIG_KLIPS_ALG --- one can no longer build without it. | |
29549 | + * Fix in-kernel module compilation. Sub-makefiles do not work. | |
29550 | + * | |
29551 | + * Revision 1.104.2.1 2005/08/12 01:18:20 ken | |
29552 | + * Warn people who don't have NAT-T patch applied, but try and compile NAT-T code | |
29553 | + * | |
29554 | + * Revision 1.105 2005/08/12 00:56:33 mcr | |
29555 | + * add warning for people who didn't apply nat-t patch. | |
29556 | + * | |
29557 | + * Revision 1.104 2005/07/08 15:51:41 mcr | |
29558 | + * removed duplicate NAT-T code. | |
29559 | + * if CONFIG_IPSEC_NAT_TRAVERSAL isn't defined, then there is no issue. | |
29560 | + * | |
29561 | + * Revision 1.103 2005/07/08 03:02:05 paul | |
29562 | + * Fixed garbled define that accidentally got commited to the real tree. | |
29563 | + * | |
29564 | + * Revision 1.102 2005/07/08 02:56:37 paul | |
29565 | + * gcc4 fixes that were not commited because vault was down | |
29566 | + * | |
29567 | + * Revision 1.101 2005/04/29 05:10:22 mcr | |
29568 | + * removed from extraenous includes to make unit testing easier. | |
29569 | + * | |
29570 | + * Revision 1.100 2005/04/10 22:56:09 mcr | |
29571 | + * change to udp.c registration API. | |
29572 | + * | |
29573 | + * Revision 1.99 2005/04/08 18:26:13 mcr | |
29574 | + * register with udp.c, the klips26 encap receive function | |
29575 | + * | |
29576 | + * Revision 1.98 2004/09/13 02:23:18 mcr | |
29577 | + * #define inet_protocol if necessary. | |
29578 | + * | |
29579 | + * Revision 1.97 2004/09/06 18:35:49 mcr | |
29580 | + * 2.6.8.1 gets rid of inet_protocol->net_protocol compatibility, | |
29581 | + * so adjust for that. | |
29582 | + * | |
29583 | + * Revision 1.96 2004/08/17 03:27:23 mcr | |
29584 | + * klips 2.6 edits. | |
29585 | + * | |
29586 | + * Revision 1.95 2004/08/03 18:19:08 mcr | |
29587 | + * in 2.6, use "net_device" instead of #define device->net_device. | |
29588 | + * this probably breaks 2.0 compiles. | |
29589 | + * | |
29590 | + * Revision 1.94 2004/07/10 19:11:18 mcr | |
29591 | + * CONFIG_IPSEC -> CONFIG_KLIPS. | |
29592 | + * | |
29593 | + * Revision 1.93 2004/04/06 02:49:26 mcr | |
29594 | + * pullup of algo code from alg-branch. | |
29595 | + * | |
29596 | + * Revision 1.92 2004/03/30 15:30:39 ken | |
29597 | + * Proper Capitalization | |
29598 | + * | |
29599 | + * Revision 1.91 2004/03/22 01:51:51 ken | |
29600 | + * We are open | |
29601 | + * | |
29602 | + * Revision 1.90.4.2 2004/04/05 04:30:46 mcr | |
29603 | + * patches for alg-branch to compile/work with 2.x openswan | |
29604 | + * | |
29605 | + * Revision 1.90.4.1 2003/12/22 15:25:52 jjo | |
29606 | + * Merged algo-0.8.1-rc11-test1 into alg-branch | |
29607 | + * | |
29608 | + * Revision 1.90 2003/10/31 02:27:55 mcr | |
29609 | + * pulled up port-selector patches and sa_id elimination. | |
29610 | + * | |
29611 | + * Revision 1.89.4.1 2003/10/29 01:30:41 mcr | |
29612 | + * elimited "struct sa_id". | |
29613 | + * | |
29614 | + * Revision 1.89 2003/07/31 22:47:16 mcr | |
29615 | + * preliminary (untested by FS-team) 2.5 patches. | |
29616 | + * | |
29617 | + * Revision 1.88 2003/06/22 20:05:36 mcr | |
29618 | + * clarified why IPCOMP was not being registered, and put a new | |
29619 | + * #ifdef in rather than #if 0. | |
29620 | + * | |
29621 | + * Revision 1.87 2002/09/20 15:40:51 rgb | |
29622 | + * Added a lock to the global ipsec_sadb struct for future use. | |
29623 | + * Split ipsec_sadb_cleanup from new funciton ipsec_sadb_free to avoid problem | |
29624 | + * of freeing newly created structures when clearing the reftable upon startup | |
29625 | + * to start from a known state. | |
29626 | + * | |
29627 | + * Revision 1.86 2002/08/15 18:39:15 rgb | |
29628 | + * Move ipsec_prng outside debug code. | |
29629 | + * | |
29630 | + * Revision 1.85 2002/05/14 02:35:29 rgb | |
29631 | + * Change reference to tdb to ipsa. | |
29632 | + * | |
29633 | + * Revision 1.84 2002/04/24 07:55:32 mcr | |
29634 | + * #include patches and Makefiles for post-reorg compilation. | |
29635 | + * | |
29636 | + * Revision 1.83 2002/04/24 07:36:28 mcr | |
29637 | + * Moved from ./klips/net/ipsec/ipsec_init.c,v | |
29638 | + * | |
29639 | + * Revision 1.82 2002/04/20 00:12:25 rgb | |
29640 | + * Added esp IV CBC attack fix, disabled. | |
29641 | + * | |
29642 | + * Revision 1.81 2002/04/09 16:13:32 mcr | |
29643 | + * switch license to straight GPL. | |
29644 | + * | |
29645 | + * Revision 1.80 2002/03/24 07:34:08 rgb | |
29646 | + * Sanity check for at least one of AH or ESP configured. | |
29647 | + * | |
29648 | + * Revision 1.79 2002/02/05 22:55:15 mcr | |
29649 | + * added MODULE_LICENSE declaration. | |
29650 | + * This macro does not appear in all kernel versions (see comment). | |
29651 | + * | |
29652 | + * Revision 1.78 2002/01/29 17:17:55 mcr | |
29653 | + * moved include of ipsec_param.h to after include of linux/kernel.h | |
29654 | + * otherwise, it seems that some option that is set in ipsec_param.h | |
29655 | + * screws up something subtle in the include path to kernel.h, and | |
29656 | + * it complains on the snprintf() prototype. | |
29657 | + * | |
29658 | + * Revision 1.77 2002/01/29 04:00:51 mcr | |
29659 | + * more excise of kversions.h header. | |
29660 | + * | |
29661 | + * Revision 1.76 2002/01/29 02:13:17 mcr | |
29662 | + * introduction of ipsec_kversion.h means that include of | |
29663 | + * ipsec_param.h must preceed any decisions about what files to | |
29664 | + * include to deal with differences in kernel source. | |
29665 | + * | |
29666 | + * Revision 1.75 2001/11/26 09:23:48 rgb | |
29667 | + * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes. | |
29668 | + * | |
29669 | + * Revision 1.74 2001/11/22 05:44:11 henry | |
29670 | + * new version stuff | |
29671 | + * | |
29672 | + * Revision 1.71.2.2 2001/10/22 20:51:00 mcr | |
29673 | + * explicitely set des_check_key. | |
29674 | + * | |
29675 | + * Revision 1.71.2.1 2001/09/25 02:19:39 mcr | |
29676 | + * /proc manipulation code moved to new ipsec_proc.c | |
29677 | + * | |
29678 | + * Revision 1.73 2001/11/06 19:47:17 rgb | |
29679 | + * Changed lifetime_packets to uint32 from uint64. | |
29680 | + * | |
29681 | + * Revision 1.72 2001/10/18 04:45:19 rgb | |
29682 | + * 2.4.9 kernel deprecates linux/malloc.h in favour of linux/slab.h, | |
29683 | + * lib/freeswan.h version macros moved to lib/kversions.h. | |
29684 | + * Other compiler directive cleanups. | |
29685 | + * | |
29686 | + * Revision 1.71 2001/09/20 15:32:45 rgb | |
29687 | + * Minor pfkey lifetime fixes. | |
29688 | + * | |
29689 | + * Revision 1.70 2001/07/06 19:51:21 rgb | |
29690 | + * Added inbound policy checking code for IPIP SAs. | |
29691 | + * | |
29692 | + * Revision 1.69 2001/06/14 19:33:26 rgb | |
29693 | + * Silence startup message for console, but allow it to be logged. | |
29694 | + * Update copyright date. | |
29695 | + * | |
29696 | + * Revision 1.68 2001/05/29 05:14:36 rgb | |
29697 | + * Added PMTU to /proc/net/ipsec_tncfg output. See 'man 5 ipsec_tncfg'. | |
29698 | + * | |
29699 | + * Revision 1.67 2001/05/04 16:34:52 rgb | |
29700 | + * Rremove erroneous checking of return codes for proc_net_* in 2.4. | |
29701 | + * | |
29702 | + * Revision 1.66 2001/05/03 19:40:34 rgb | |
29703 | + * Check error return codes in startup and shutdown. | |
29704 | + * | |
29705 | + * Revision 1.65 2001/02/28 05:03:27 rgb | |
29706 | + * Clean up and rationalise startup messages. | |
29707 | + * | |
29708 | + * Revision 1.64 2001/02/27 22:24:53 rgb | |
29709 | + * Re-formatting debug output (line-splitting, joining, 1arg/line). | |
29710 | + * Check for satoa() return codes. | |
29711 | + * | |
29712 | + * Revision 1.63 2000/11/29 20:14:06 rgb | |
29713 | + * Add src= to the output of /proc/net/ipsec_spi and delete dst from IPIP. | |
29714 | + * | |
29715 | + * Revision 1.62 2000/11/06 04:31:24 rgb | |
29716 | + * Ditched spin_lock_irqsave in favour of spin_lock_bh. | |
29717 | + * Fixed longlong for pre-2.4 kernels (Svenning). | |
29718 | + * Add Svenning's adaptive content compression. | |
29719 | + * Disabled registration of ipcomp handler. | |
29720 | + * | |
29721 | + * Revision 1.61 2000/10/11 13:37:54 rgb | |
29722 | + * #ifdef out debug print that causes proc/net/ipsec_version to oops. | |
29723 | + * | |
29724 | + * Revision 1.60 2000/09/20 03:59:01 rgb | |
29725 | + * Change static info functions to DEBUG_NO_STATIC to reveal function names | |
29726 | + * in oopsen. | |
29727 | + * | |
29728 | + * Revision 1.59 2000/09/16 01:06:26 rgb | |
29729 | + * Added cast of var to silence compiler warning about long fed to int | |
29730 | + * format. | |
29731 | + * | |
29732 | + * Revision 1.58 2000/09/15 11:37:01 rgb | |
29733 | + * Merge in heavily modified Svenning Soerensen's <svenning@post5.tele.dk> | |
29734 | + * IPCOMP zlib deflate code. | |
29735 | + * | |
29736 | + * Revision 1.57 2000/09/12 03:21:50 rgb | |
29737 | + * Moved radij_c_version printing to ipsec_version_get_info(). | |
29738 | + * Reformatted ipsec_version_get_info(). | |
29739 | + * Added sysctl_{,un}register() calls. | |
29740 | + * | |
29741 | + * Revision 1.56 2000/09/08 19:16:50 rgb | |
29742 | + * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG. | |
29743 | + * Removed all references to CONFIG_IPSEC_PFKEYv2. | |
29744 | + * | |
29745 | + * Revision 1.55 2000/08/30 05:19:03 rgb | |
29746 | + * Cleaned up no longer used spi_next, netlink register/unregister, other | |
29747 | + * minor cleanup. | |
29748 | + * Removed cruft replaced by TDB_XFORM_NAME. | |
29749 | + * Removed all the rest of the references to tdb_spi, tdb_proto, tdb_dst. | |
29750 | + * Moved debug version strings to printk when /proc/net/ipsec_version is | |
29751 | + * called. | |
29752 | + * | |
29753 | + * Revision 1.54 2000/08/20 18:31:05 rgb | |
29754 | + * Changed cosmetic alignment in spi_info. | |
29755 | + * Changed addtime and usetime to use actual value which is relative | |
29756 | + * anyways, as intended. (Momchil) | |
29757 | + * | |
29758 | + * Revision 1.53 2000/08/18 17:37:03 rgb | |
29759 | + * Added an (int) cast to shut up the compiler... | |
29760 | + * | |
29761 | + * Revision 1.52 2000/08/01 14:51:50 rgb | |
29762 | + * Removed _all_ remaining traces of DES. | |
29763 | + * | |
29764 | + * Revision 1.51 2000/07/25 20:41:22 rgb | |
29765 | + * Removed duplicate parameter in spi_getinfo. | |
29766 | + * | |
29767 | + * Revision 1.50 2000/07/17 03:21:45 rgb | |
29768 | + * Removed /proc/net/ipsec_spinew. | |
29769 | + * | |
29770 | + * Revision 1.49 2000/06/28 05:46:51 rgb | |
29771 | + * Renamed ivlen to iv_bits for consistency. | |
29772 | + * Changed output of add and use times to be relative to now. | |
29773 | + * | |
29774 | + * Revision 1.48 2000/05/11 18:26:10 rgb | |
29775 | + * Commented out calls to netlink_attach/detach to avoid activating netlink | |
29776 | + * in the kenrel config. | |
29777 | + * | |
29778 | + * Revision 1.47 2000/05/10 22:35:26 rgb | |
29779 | + * Comment out most of the startup version information. | |
29780 | + * | |
29781 | + * Revision 1.46 2000/03/22 16:15:36 rgb | |
29782 | + * Fixed renaming of dev_get (MB). | |
29783 | + * | |
29784 | + * Revision 1.45 2000/03/16 06:40:48 rgb | |
29785 | + * Hardcode PF_KEYv2 support. | |
29786 | + * | |
29787 | + * Revision 1.44 2000/01/22 23:19:20 rgb | |
29788 | + * Simplified code to use existing macro TDB_XFORM_NAME(). | |
29789 | + * | |
29790 | + * Revision 1.43 2000/01/21 06:14:04 rgb | |
29791 | + * Print individual stats only if non-zero. | |
29792 | + * Removed 'bits' from each keylength for brevity. | |
29793 | + * Shortened lifetimes legend for brevity. | |
29794 | + * Changed wording from 'last_used' to the clearer 'idle'. | |
29795 | + * | |
29796 | + * Revision 1.42 1999/12/31 14:57:19 rgb | |
29797 | + * MB fix for new dummy-less proc_get_info in 2.3.35. | |
29798 | + * | |
29799 | + * | |
29800 | + * Local variables: | |
29801 | + * c-file-style: "linux" | |
29802 | + * End: | |
29803 | + * | |
29804 | + */ | |
29805 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
29806 | +++ linux/net/ipsec/ipsec_ipcomp.c Mon Feb 9 13:51:03 2004 | |
29807 | @@ -0,0 +1,256 @@ | |
29808 | +/* | |
29809 | + * processing code for IPCOMP | |
29810 | + * Copyright (C) 2003 Michael Richardson <mcr@sandelman.ottawa.on.ca> | |
29811 | + * | |
29812 | + * This program is free software; you can redistribute it and/or modify it | |
29813 | + * under the terms of the GNU General Public License as published by the | |
29814 | + * Free Software Foundation; either version 2 of the License, or (at your | |
29815 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
29816 | + * | |
29817 | + * This program is distributed in the hope that it will be useful, but | |
29818 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
29819 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
29820 | + * for more details. | |
29821 | + */ | |
29822 | + | |
29823 | +char ipsec_ipcomp_c_version[] = "RCSID $Id: ipsec_ipcomp.c,v 1.5.2.2 2006/10/06 21:39:26 paul Exp $"; | |
29824 | +#ifndef AUTOCONF_INCLUDED | |
29825 | +#include <linux/config.h> | |
29826 | +#endif | |
29827 | +#include <linux/version.h> | |
29828 | + | |
29829 | +#define __NO_VERSION__ | |
29830 | +#include <linux/module.h> | |
29831 | +#include <linux/kernel.h> /* printk() */ | |
29832 | + | |
29833 | +#include "openswan/ipsec_param.h" | |
29834 | + | |
29835 | +#ifdef MALLOC_SLAB | |
29836 | +# include <linux/slab.h> /* kmalloc() */ | |
29837 | +#else /* MALLOC_SLAB */ | |
29838 | +# include <linux/malloc.h> /* kmalloc() */ | |
29839 | +#endif /* MALLOC_SLAB */ | |
29840 | +#include <linux/errno.h> /* error codes */ | |
29841 | +#include <linux/types.h> /* size_t */ | |
29842 | +#include <linux/interrupt.h> /* mark_bh */ | |
29843 | + | |
29844 | +#include <linux/netdevice.h> /* struct device, and other headers */ | |
29845 | +#include <linux/etherdevice.h> /* eth_type_trans */ | |
29846 | +#include <linux/ip.h> /* struct iphdr */ | |
29847 | +#include <linux/skbuff.h> | |
29848 | +#include <openswan.h> | |
29849 | +#ifdef SPINLOCK | |
29850 | +# ifdef SPINLOCK_23 | |
29851 | +# include <linux/spinlock.h> /* *lock* */ | |
29852 | +# else /* SPINLOCK_23 */ | |
29853 | +# include <asm/spinlock.h> /* *lock* */ | |
29854 | +# endif /* SPINLOCK_23 */ | |
29855 | +#endif /* SPINLOCK */ | |
29856 | + | |
29857 | +#include <net/ip.h> | |
29858 | + | |
29859 | +#include "openswan/radij.h" | |
29860 | +#include "openswan/ipsec_encap.h" | |
29861 | +#include "openswan/ipsec_sa.h" | |
29862 | + | |
29863 | +#include "openswan/ipsec_radij.h" | |
29864 | +#include "openswan/ipsec_xform.h" | |
29865 | +#include "openswan/ipsec_tunnel.h" | |
29866 | +#include "openswan/ipsec_rcv.h" | |
29867 | +#include "openswan/ipsec_xmit.h" | |
29868 | + | |
29869 | +#include "openswan/ipsec_auth.h" | |
29870 | + | |
29871 | +#ifdef CONFIG_KLIPS_IPCOMP | |
29872 | +#include "openswan/ipsec_ipcomp.h" | |
29873 | +#endif /* CONFIG_KLIPS_IPCOMP */ | |
29874 | + | |
29875 | +#include "openswan/ipsec_proto.h" | |
29876 | + | |
29877 | +#ifdef CONFIG_KLIPS_DEBUG | |
29878 | +int debug_ipcomp = 0; | |
29879 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
29880 | + | |
29881 | + | |
29882 | +#ifdef CONFIG_KLIPS_IPCOMP | |
29883 | +enum ipsec_rcv_value | |
29884 | +ipsec_rcv_ipcomp_checks(struct ipsec_rcv_state *irs, | |
29885 | + struct sk_buff *skb) | |
29886 | +{ | |
29887 | + int ipcompminlen; | |
29888 | + | |
29889 | + ipcompminlen = sizeof(struct iphdr); | |
29890 | + | |
29891 | + if(skb->len < (ipcompminlen + sizeof(struct ipcomphdr))) { | |
29892 | + KLIPS_PRINT(debug_rcv & DB_RX_INAU, | |
29893 | + "klips_debug:ipsec_rcv: " | |
29894 | + "runt comp packet of skb->len=%d received from %s, dropped.\n", | |
29895 | + skb->len, | |
29896 | + irs->ipsaddr_txt); | |
29897 | + if(irs->stats) { | |
29898 | + irs->stats->rx_errors++; | |
29899 | + } | |
29900 | + return IPSEC_RCV_BADLEN; | |
29901 | + } | |
29902 | + | |
29903 | + irs->protostuff.ipcompstuff.compp = (struct ipcomphdr *)skb->h.raw; | |
29904 | + irs->said.spi = htonl((__u32)ntohs(irs->protostuff.ipcompstuff.compp->ipcomp_cpi)); | |
29905 | + return IPSEC_RCV_OK; | |
29906 | +} | |
29907 | + | |
29908 | +enum ipsec_rcv_value | |
29909 | +ipsec_rcv_ipcomp_decomp(struct ipsec_rcv_state *irs) | |
29910 | +{ | |
29911 | + unsigned int flags = 0; | |
29912 | + struct ipsec_sa *ipsp = irs->ipsp; | |
29913 | + struct sk_buff *skb; | |
29914 | + | |
29915 | + skb=irs->skb; | |
29916 | + | |
29917 | + ipsec_xmit_dmp("ipcomp", skb->h.raw, skb->len); | |
29918 | + | |
29919 | + if(ipsp == NULL) { | |
29920 | + return IPSEC_RCV_SAIDNOTFOUND; | |
29921 | + } | |
29922 | + | |
29923 | + if(sysctl_ipsec_inbound_policy_check && | |
29924 | + ((((ntohl(ipsp->ips_said.spi) & 0x0000ffff) != ntohl(irs->said.spi)) && | |
29925 | + (ipsp->ips_encalg != ntohl(irs->said.spi)) /* this is a workaround for peer non-compliance with rfc2393 */ | |
29926 | + ))) { | |
29927 | + char sa2[SATOT_BUF]; | |
29928 | + size_t sa_len2 = 0; | |
29929 | + | |
29930 | + sa_len2 = satot(&ipsp->ips_said, 0, sa2, sizeof(sa2)); | |
29931 | + | |
29932 | + KLIPS_PRINT(debug_rcv, | |
29933 | + "klips_debug:ipsec_rcv: " | |
29934 | + "Incoming packet with SA(IPCA):%s does not match policy SA(IPCA):%s cpi=%04x cpi->spi=%08x spi=%08x, spi->cpi=%04x for SA grouping, dropped.\n", | |
29935 | + irs->sa_len ? irs->sa : " (error)", | |
29936 | + ipsp != NULL ? (sa_len2 ? sa2 : " (error)") : "NULL", | |
29937 | + ntohs(irs->protostuff.ipcompstuff.compp->ipcomp_cpi), | |
29938 | + (__u32)ntohl(irs->said.spi), | |
29939 | + ipsp != NULL ? (__u32)ntohl((ipsp->ips_said.spi)) : 0, | |
29940 | + ipsp != NULL ? (__u16)(ntohl(ipsp->ips_said.spi) & 0x0000ffff) : 0); | |
29941 | + if(irs->stats) { | |
29942 | + irs->stats->rx_dropped++; | |
29943 | + } | |
29944 | + return IPSEC_RCV_SAIDNOTFOUND; | |
29945 | + } | |
29946 | + | |
29947 | + ipsp->ips_comp_ratio_cbytes += ntohs(irs->ipp->tot_len); | |
29948 | + irs->next_header = irs->protostuff.ipcompstuff.compp->ipcomp_nh; | |
29949 | + | |
29950 | + skb = skb_decompress(skb, ipsp, &flags); | |
29951 | + if (!skb || flags) { | |
29952 | + spin_unlock(&tdb_lock); | |
29953 | + KLIPS_PRINT(debug_rcv, | |
29954 | + "klips_debug:ipsec_rcv: " | |
29955 | + "skb_decompress() returned error flags=%x, dropped.\n", | |
29956 | + flags); | |
29957 | + if (irs->stats) { | |
29958 | + if (flags) | |
29959 | + irs->stats->rx_errors++; | |
29960 | + else | |
29961 | + irs->stats->rx_dropped++; | |
29962 | + } | |
29963 | + return IPSEC_RCV_IPCOMPFAILED; | |
29964 | + } | |
29965 | + | |
29966 | + /* make sure we update the pointer */ | |
29967 | + irs->skb = skb; | |
29968 | + | |
29969 | +#ifdef NET_21 | |
29970 | + irs->ipp = skb->nh.iph; | |
29971 | +#else /* NET_21 */ | |
29972 | + irs->ipp = skb->ip_hdr; | |
29973 | +#endif /* NET_21 */ | |
29974 | + | |
29975 | + ipsp->ips_comp_ratio_dbytes += ntohs(irs->ipp->tot_len); | |
29976 | + | |
29977 | + KLIPS_PRINT(debug_rcv, | |
29978 | + "klips_debug:ipsec_rcv: " | |
29979 | + "packet decompressed SA(IPCA):%s cpi->spi=%08x spi=%08x, spi->cpi=%04x, nh=%d.\n", | |
29980 | + irs->sa_len ? irs->sa : " (error)", | |
29981 | + (__u32)ntohl(irs->said.spi), | |
29982 | + ipsp != NULL ? (__u32)ntohl((ipsp->ips_said.spi)) : 0, | |
29983 | + ipsp != NULL ? (__u16)(ntohl(ipsp->ips_said.spi) & 0x0000ffff) : 0, | |
29984 | + irs->next_header); | |
29985 | + KLIPS_IP_PRINT(debug_rcv & DB_RX_PKTRX, irs->ipp); | |
29986 | + | |
29987 | + return IPSEC_RCV_OK; | |
29988 | +} | |
29989 | + | |
29990 | +enum ipsec_xmit_value | |
29991 | +ipsec_xmit_ipcomp_setup(struct ipsec_xmit_state *ixs) | |
29992 | +{ | |
29993 | + unsigned int flags = 0; | |
29994 | +#ifdef CONFIG_KLIPS_DEBUG | |
29995 | + unsigned int old_tot_len = ntohs(ixs->iph->tot_len); | |
29996 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
29997 | + | |
29998 | + ixs->ipsp->ips_comp_ratio_dbytes += ntohs(ixs->iph->tot_len); | |
29999 | + | |
30000 | + ixs->skb = skb_compress(ixs->skb, ixs->ipsp, &flags); | |
30001 | + | |
30002 | +#ifdef NET_21 | |
30003 | + ixs->iph = ixs->skb->nh.iph; | |
30004 | +#else /* NET_21 */ | |
30005 | + ixs->iph = ixs->skb->ip_hdr; | |
30006 | +#endif /* NET_21 */ | |
30007 | + | |
30008 | + ixs->ipsp->ips_comp_ratio_cbytes += ntohs(ixs->iph->tot_len); | |
30009 | + | |
30010 | +#ifdef CONFIG_KLIPS_DEBUG | |
30011 | + if (debug_tunnel & DB_TN_CROUT) | |
30012 | + { | |
30013 | + if (old_tot_len > ntohs(ixs->iph->tot_len)) | |
30014 | + KLIPS_PRINT(debug_tunnel & DB_TN_CROUT, | |
30015 | + "klips_debug:ipsec_xmit_encap_once: " | |
30016 | + "packet shrunk from %d to %d bytes after compression, cpi=%04x (should be from spi=%08x, spi&0xffff=%04x.\n", | |
30017 | + old_tot_len, ntohs(ixs->iph->tot_len), | |
30018 | + ntohs(((struct ipcomphdr*)(((char*)ixs->iph) + ((ixs->iph->ihl) << 2)))->ipcomp_cpi), | |
30019 | + ntohl(ixs->ipsp->ips_said.spi), | |
30020 | + (__u16)(ntohl(ixs->ipsp->ips_said.spi) & 0x0000ffff)); | |
30021 | + else | |
30022 | + KLIPS_PRINT(debug_tunnel & DB_TN_CROUT, | |
30023 | + "klips_debug:ipsec_xmit_encap_once: " | |
30024 | + "packet did not compress (flags = %d).\n", | |
30025 | + flags); | |
30026 | + } | |
30027 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
30028 | + | |
30029 | + return IPSEC_XMIT_OK; | |
30030 | +} | |
30031 | + | |
30032 | +struct xform_functions ipcomp_xform_funcs[]={ | |
30033 | + {rcv_checks: ipsec_rcv_ipcomp_checks, | |
30034 | + rcv_decrypt: ipsec_rcv_ipcomp_decomp, | |
30035 | + xmit_setup: ipsec_xmit_ipcomp_setup, | |
30036 | + xmit_headroom: 0, | |
30037 | + xmit_needtailroom: 0, | |
30038 | + }, | |
30039 | +}; | |
30040 | + | |
30041 | +#if 0 | |
30042 | +/* We probably don't want to install a pure IPCOMP protocol handler, but | |
30043 | + only want to handle IPCOMP if it is encapsulated inside an ESP payload | |
30044 | + (which is already handled) */ | |
30045 | +#ifdef CONFIG_KLIPS_IPCOMP | |
30046 | +struct inet_protocol comp_protocol = | |
30047 | +{ | |
30048 | + ipsec_rcv, /* COMP handler */ | |
30049 | + NULL, /* COMP error control */ | |
30050 | +#ifdef NETDEV_25 | |
30051 | + 1, /* no policy */ | |
30052 | +#else | |
30053 | + 0, /* next */ | |
30054 | + IPPROTO_COMP, /* protocol ID */ | |
30055 | + 0, /* copy */ | |
30056 | + NULL, /* data */ | |
30057 | + "COMP" /* name */ | |
30058 | +#endif | |
30059 | +}; | |
30060 | +#endif /* CONFIG_KLIPS_IPCOMP */ | |
30061 | +#endif | |
30062 | + | |
30063 | +#endif /* CONFIG_KLIPS_IPCOMP */ | |
30064 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
30065 | +++ linux/net/ipsec/ipsec_ipip.c Mon Feb 9 13:51:03 2004 | |
30066 | @@ -0,0 +1,122 @@ | |
30067 | +/* | |
30068 | + * processing code for IPIP | |
30069 | + * Copyright (C) 2003 Michael Richardson <mcr@sandelman.ottawa.on.ca> | |
30070 | + * | |
30071 | + * This program is free software; you can redistribute it and/or modify it | |
30072 | + * under the terms of the GNU General Public License as published by the | |
30073 | + * Free Software Foundation; either version 2 of the License, or (at your | |
30074 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
30075 | + * | |
30076 | + * This program is distributed in the hope that it will be useful, but | |
30077 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
30078 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
30079 | + * for more details. | |
30080 | + */ | |
30081 | + | |
30082 | +char ipsec_ipip_c_version[] = "RCSID $Id: ipsec_ipip.c,v 1.3.2.3 2006/10/06 21:39:26 paul Exp $"; | |
30083 | +#ifndef AUTOCONF_INCLUDED | |
30084 | +#include <linux/config.h> | |
30085 | +#endif | |
30086 | +#include <linux/version.h> | |
30087 | + | |
30088 | +#define __NO_VERSION__ | |
30089 | +#include <linux/module.h> | |
30090 | +#include <linux/kernel.h> /* printk() */ | |
30091 | + | |
30092 | +#include "openswan/ipsec_param.h" | |
30093 | + | |
30094 | +#ifdef MALLOC_SLAB | |
30095 | +# include <linux/slab.h> /* kmalloc() */ | |
30096 | +#else /* MALLOC_SLAB */ | |
30097 | +# include <linux/malloc.h> /* kmalloc() */ | |
30098 | +#endif /* MALLOC_SLAB */ | |
30099 | +#include <linux/errno.h> /* error codes */ | |
30100 | +#include <linux/types.h> /* size_t */ | |
30101 | +#include <linux/interrupt.h> /* mark_bh */ | |
30102 | + | |
30103 | +#include <linux/netdevice.h> /* struct device, and other headers */ | |
30104 | +#include <linux/etherdevice.h> /* eth_type_trans */ | |
30105 | +#include <linux/ip.h> /* struct iphdr */ | |
30106 | +#include <linux/skbuff.h> | |
30107 | +#include <openswan.h> | |
30108 | +#ifdef SPINLOCK | |
30109 | +# ifdef SPINLOCK_23 | |
30110 | +# include <linux/spinlock.h> /* *lock* */ | |
30111 | +# else /* SPINLOCK_23 */ | |
30112 | +# include <asm/spinlock.h> /* *lock* */ | |
30113 | +# endif /* SPINLOCK_23 */ | |
30114 | +#endif /* SPINLOCK */ | |
30115 | + | |
30116 | +#include <net/ip.h> | |
30117 | + | |
30118 | +#include "openswan/radij.h" | |
30119 | +#include "openswan/ipsec_encap.h" | |
30120 | +#include "openswan/ipsec_sa.h" | |
30121 | + | |
30122 | +#include "openswan/ipsec_radij.h" | |
30123 | +#include "openswan/ipsec_xform.h" | |
30124 | +#include "openswan/ipsec_tunnel.h" | |
30125 | +#include "openswan/ipsec_rcv.h" | |
30126 | +#include "openswan/ipsec_xmit.h" | |
30127 | + | |
30128 | +#include "openswan/ipsec_auth.h" | |
30129 | +#include "openswan/ipsec_ipip.h" | |
30130 | +#include "openswan/ipsec_param.h" | |
30131 | + | |
30132 | +#include "openswan/ipsec_proto.h" | |
30133 | + | |
30134 | +enum ipsec_xmit_value | |
30135 | +ipsec_xmit_ipip_setup(struct ipsec_xmit_state *ixs) | |
30136 | +{ | |
30137 | + ixs->iph->version = 4; | |
30138 | + | |
30139 | + switch(sysctl_ipsec_tos) { | |
30140 | + case 0: | |
30141 | +#ifdef NET_21 | |
30142 | + ixs->iph->tos = ixs->skb->nh.iph->tos; | |
30143 | +#else /* NET_21 */ | |
30144 | + ixs->iph->tos = ixs->skb->ip_hdr->tos; | |
30145 | +#endif /* NET_21 */ | |
30146 | + break; | |
30147 | + case 1: | |
30148 | + ixs->iph->tos = 0; | |
30149 | + break; | |
30150 | + default: | |
30151 | + break; | |
30152 | + } | |
30153 | + ixs->iph->ttl = SYSCTL_IPSEC_DEFAULT_TTL; | |
30154 | + ixs->iph->frag_off = 0; | |
30155 | + ixs->iph->saddr = ((struct sockaddr_in*)(ixs->ipsp->ips_addr_s))->sin_addr.s_addr; | |
30156 | + ixs->iph->daddr = ((struct sockaddr_in*)(ixs->ipsp->ips_addr_d))->sin_addr.s_addr; | |
30157 | + ixs->iph->protocol = IPPROTO_IPIP; | |
30158 | + ixs->iph->ihl = sizeof(struct iphdr) >> 2; | |
30159 | + | |
30160 | + KLIPS_IP_SELECT_IDENT(ixs->iph, ixs->skb); | |
30161 | + | |
30162 | + ixs->newdst = (__u32)ixs->iph->daddr; | |
30163 | + ixs->newsrc = (__u32)ixs->iph->saddr; | |
30164 | + | |
30165 | +#ifdef NET_21 | |
30166 | + ixs->skb->h.ipiph = ixs->skb->nh.iph; | |
30167 | +#endif /* NET_21 */ | |
30168 | + return IPSEC_XMIT_OK; | |
30169 | +} | |
30170 | + | |
30171 | +struct xform_functions ipip_xform_funcs[]={ | |
30172 | + { rcv_checks: NULL, | |
30173 | + rcv_setup_auth: NULL, | |
30174 | + rcv_calc_auth: NULL, | |
30175 | + rcv_decrypt: NULL, | |
30176 | + | |
30177 | + xmit_setup: ipsec_xmit_ipip_setup, | |
30178 | + xmit_headroom: sizeof(struct iphdr), | |
30179 | + xmit_needtailroom: 0, | |
30180 | + }, | |
30181 | +}; | |
30182 | + | |
30183 | + | |
30184 | + | |
30185 | + | |
30186 | + | |
30187 | + | |
30188 | + | |
30189 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
30190 | +++ linux/net/ipsec/ipsec_kern24.c Mon Feb 9 13:51:03 2004 | |
30191 | @@ -0,0 +1,74 @@ | |
30192 | +/* | |
30193 | + * Copyright 2005 (C) Michael Richardson <mcr@xelerance.com> | |
30194 | + * | |
30195 | + * This is a file of functions which are present in 2.6 kernels, | |
30196 | + * but are not available by default in the 2.4 series. | |
30197 | + * | |
30198 | + * As such this code is usually from the Linux kernel, and is covered by | |
30199 | + * GPL. | |
30200 | + * | |
30201 | + * This program is free software; you can redistribute it and/or modify it | |
30202 | + * under the terms of the GNU General Public License as published by the | |
30203 | + * Free Software Foundation; either version 2 of the License, or (at your | |
30204 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
30205 | + * | |
30206 | + * This program is distributed in the hope that it will be useful, but | |
30207 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
30208 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
30209 | + * for more details. | |
30210 | + * | |
30211 | + * $Id: ipsec_kern24.c,v 1.2 2005/05/20 03:19:18 mcr Exp $ | |
30212 | + * | |
30213 | + */ | |
30214 | + | |
30215 | +#include <linux/kernel.h> | |
30216 | +#include <linux/mm.h> | |
30217 | +#include <linux/spinlock.h> | |
30218 | + | |
30219 | +/* | |
30220 | + * printk rate limiting, lifted from the networking subsystem. | |
30221 | + * | |
30222 | + * This enforces a rate limit: not more than one kernel message | |
30223 | + * every printk_ratelimit_jiffies to make a denial-of-service | |
30224 | + * attack impossible. | |
30225 | + */ | |
30226 | +static spinlock_t ratelimit_lock = SPIN_LOCK_UNLOCKED; | |
30227 | + | |
30228 | +int __printk_ratelimit(int ratelimit_jiffies, int ratelimit_burst) | |
30229 | +{ | |
30230 | + static unsigned long toks = 10*5*HZ; | |
30231 | + static unsigned long last_msg; | |
30232 | + static int missed; | |
30233 | + unsigned long flags; | |
30234 | + unsigned long now = jiffies; | |
30235 | + | |
30236 | + spin_lock_irqsave(&ratelimit_lock, flags); | |
30237 | + toks += now - last_msg; | |
30238 | + last_msg = now; | |
30239 | + if (toks > (ratelimit_burst * ratelimit_jiffies)) | |
30240 | + toks = ratelimit_burst * ratelimit_jiffies; | |
30241 | + if (toks >= ratelimit_jiffies) { | |
30242 | + int lost = missed; | |
30243 | + missed = 0; | |
30244 | + toks -= ratelimit_jiffies; | |
30245 | + spin_unlock_irqrestore(&ratelimit_lock, flags); | |
30246 | + if (lost) | |
30247 | + printk(KERN_WARNING "printk: %d messages suppressed.\n", lost); | |
30248 | + return 1; | |
30249 | + } | |
30250 | + missed++; | |
30251 | + spin_unlock_irqrestore(&ratelimit_lock, flags); | |
30252 | + return 0; | |
30253 | +} | |
30254 | + | |
30255 | +/* minimum time in jiffies between messages */ | |
30256 | +int printk_ratelimit_jiffies = 5*HZ; | |
30257 | + | |
30258 | +/* number of messages we send before ratelimiting */ | |
30259 | +int printk_ratelimit_burst = 10; | |
30260 | + | |
30261 | +int printk_ratelimit(void) | |
30262 | +{ | |
30263 | + return __printk_ratelimit(printk_ratelimit_jiffies, | |
30264 | + printk_ratelimit_burst); | |
30265 | +} | |
30266 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
30267 | +++ linux/net/ipsec/ipsec_life.c Mon Feb 9 13:51:03 2004 | |
30268 | @@ -0,0 +1,273 @@ | |
30269 | +/* | |
30270 | + * @(#) lifetime structure utilities | |
30271 | + * | |
30272 | + * Copyright (C) 2001 Richard Guy Briggs <rgb@freeswan.org> | |
30273 | + * and Michael Richardson <mcr@freeswan.org> | |
30274 | + * | |
30275 | + * This program is free software; you can redistribute it and/or modify it | |
30276 | + * under the terms of the GNU General Public License as published by the | |
30277 | + * Free Software Foundation; either version 2 of the License, or (at your | |
30278 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
30279 | + * | |
30280 | + * This program is distributed in the hope that it will be useful, but | |
30281 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
30282 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
30283 | + * for more details. | |
30284 | + * | |
30285 | + * RCSID $Id: ipsec_life.c,v 1.13.10.1 2006/10/06 21:39:26 paul Exp $ | |
30286 | + * | |
30287 | + */ | |
30288 | + | |
30289 | +/* | |
30290 | + * This provides series of utility functions for dealing with lifetime | |
30291 | + * structures. | |
30292 | + * | |
30293 | + * ipsec_check_lifetime - returns -1 hard lifetime exceeded | |
30294 | + * 0 soft lifetime exceeded | |
30295 | + * 1 everything is okay | |
30296 | + * based upon whether or not the count exceeds hard/soft | |
30297 | + * | |
30298 | + */ | |
30299 | + | |
30300 | +#define __NO_VERSION__ | |
30301 | +#include <linux/module.h> | |
30302 | +#ifndef AUTOCONF_INCLUDED | |
30303 | +#include <linux/config.h> | |
30304 | +#endif /* for CONFIG_IP_FORWARD */ | |
30305 | +#include <linux/version.h> | |
30306 | +#include <linux/kernel.h> /* printk() */ | |
30307 | + | |
30308 | +#include "openswan/ipsec_param.h" | |
30309 | + | |
30310 | +#include <linux/netdevice.h> /* struct device, struct net_device_stats and other headers */ | |
30311 | +#include <linux/etherdevice.h> /* eth_type_trans */ | |
30312 | +#include <linux/skbuff.h> | |
30313 | +#include <openswan.h> | |
30314 | + | |
30315 | +#include "openswan/radij.h" | |
30316 | +#include "openswan/ipsec_life.h" | |
30317 | +#include "openswan/ipsec_xform.h" | |
30318 | +#include "openswan/ipsec_eroute.h" | |
30319 | +#include "openswan/ipsec_encap.h" | |
30320 | +#include "openswan/ipsec_radij.h" | |
30321 | + | |
30322 | +#include "openswan/ipsec_sa.h" | |
30323 | +#include "openswan/ipsec_tunnel.h" | |
30324 | +#include "openswan/ipsec_ipe4.h" | |
30325 | +#include "openswan/ipsec_ah.h" | |
30326 | +#include "openswan/ipsec_esp.h" | |
30327 | + | |
30328 | +#ifdef CONFIG_KLIPS_IPCOMP | |
30329 | +#include "openswan/ipcomp.h" | |
30330 | +#endif /* CONFIG_KLIPS_IPCOMP */ | |
30331 | + | |
30332 | +#include <pfkeyv2.h> | |
30333 | +#include <pfkey.h> | |
30334 | + | |
30335 | +#include "openswan/ipsec_proto.h" | |
30336 | + | |
30337 | + | |
30338 | +enum ipsec_life_alive | |
30339 | +ipsec_lifetime_check(struct ipsec_lifetime64 *il64, | |
30340 | + const char *lifename, | |
30341 | + const char *saname, | |
30342 | + enum ipsec_life_type ilt, | |
30343 | + enum ipsec_direction idir, | |
30344 | + struct ipsec_sa *ips) | |
30345 | +{ | |
30346 | + __u64 count; | |
30347 | + const char *dir; | |
30348 | + | |
30349 | + if(saname == NULL) { | |
30350 | + saname = "unknown-SA"; | |
30351 | + } | |
30352 | + | |
30353 | + if(idir == ipsec_incoming) { | |
30354 | + dir = "incoming"; | |
30355 | + } else { | |
30356 | + dir = "outgoing"; | |
30357 | + } | |
30358 | + | |
30359 | + | |
30360 | + if(ilt == ipsec_life_timebased) { | |
30361 | + count = jiffies/HZ - il64->ipl_count; | |
30362 | + } else { | |
30363 | + count = il64->ipl_count; | |
30364 | + } | |
30365 | + | |
30366 | + if(il64->ipl_hard && | |
30367 | + (count > il64->ipl_hard)) { | |
30368 | + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, | |
30369 | + "klips_debug:ipsec_lifetime_check: " | |
30370 | + "hard %s lifetime of SA:<%s%s%s> %s has been reached, SA expired, " | |
30371 | + "%s packet dropped.\n", | |
30372 | + lifename, | |
30373 | + IPS_XFORM_NAME(ips), | |
30374 | + saname, | |
30375 | + dir); | |
30376 | + | |
30377 | + pfkey_expire(ips, 1); | |
30378 | + return ipsec_life_harddied; | |
30379 | + } | |
30380 | + | |
30381 | + if(il64->ipl_soft && | |
30382 | + (count > il64->ipl_soft)) { | |
30383 | + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, | |
30384 | + "klips_debug:ipsec_lifetime_check: " | |
30385 | + "soft %s lifetime of SA:<%s%s%s> %s has been reached, SA expiring, " | |
30386 | + "soft expire message sent up, %s packet still processed.\n", | |
30387 | + lifename, | |
30388 | + IPS_XFORM_NAME(ips), | |
30389 | + saname, | |
30390 | + dir); | |
30391 | + | |
30392 | + if(ips->ips_state != SADB_SASTATE_DYING) { | |
30393 | + pfkey_expire(ips, 0); | |
30394 | + } | |
30395 | + ips->ips_state = SADB_SASTATE_DYING; | |
30396 | + | |
30397 | + return ipsec_life_softdied; | |
30398 | + } | |
30399 | + return ipsec_life_okay; | |
30400 | +} | |
30401 | + | |
30402 | + | |
30403 | +/* | |
30404 | + * This function takes a buffer (with length), a lifetime name and type, | |
30405 | + * and formats a string to represent the current values of the lifetime. | |
30406 | + * | |
30407 | + * It returns the number of bytes that the format took (or would take, | |
30408 | + * if the buffer were large enough: snprintf semantics). | |
30409 | + * This is used in /proc routines and in debug output. | |
30410 | + */ | |
30411 | +int | |
30412 | +ipsec_lifetime_format(char *buffer, | |
30413 | + int buflen, | |
30414 | + char *lifename, | |
30415 | + enum ipsec_life_type timebaselife, | |
30416 | + struct ipsec_lifetime64 *lifetime) | |
30417 | +{ | |
30418 | + int len = 0; | |
30419 | + __u64 count; | |
30420 | + | |
30421 | + if(timebaselife == ipsec_life_timebased) { | |
30422 | + count = jiffies/HZ - lifetime->ipl_count; | |
30423 | + } else { | |
30424 | + count = lifetime->ipl_count; | |
30425 | + } | |
30426 | + | |
30427 | + if(lifetime->ipl_count > 1 || | |
30428 | + lifetime->ipl_soft || | |
30429 | + lifetime->ipl_hard) { | |
30430 | +#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,0)) | |
30431 | + len = ipsec_snprintf(buffer, buflen, | |
30432 | + "%s(%Lu,%Lu,%Lu)", | |
30433 | + lifename, | |
30434 | + count, | |
30435 | + lifetime->ipl_soft, | |
30436 | + lifetime->ipl_hard); | |
30437 | +#else /* XXX high 32 bits are not displayed */ | |
30438 | + len = ipsec_snprintf(buffer, buflen, | |
30439 | + "%s(%lu,%lu,%lu)", | |
30440 | + lifename, | |
30441 | + (unsigned long)count, | |
30442 | + (unsigned long)lifetime->ipl_soft, | |
30443 | + (unsigned long)lifetime->ipl_hard); | |
30444 | +#endif | |
30445 | + } | |
30446 | + | |
30447 | + return len; | |
30448 | +} | |
30449 | + | |
30450 | +void | |
30451 | +ipsec_lifetime_update_hard(struct ipsec_lifetime64 *lifetime, | |
30452 | + __u64 newvalue) | |
30453 | +{ | |
30454 | + if(newvalue && | |
30455 | + (!lifetime->ipl_hard || | |
30456 | + (newvalue < lifetime->ipl_hard))) { | |
30457 | + lifetime->ipl_hard = newvalue; | |
30458 | + | |
30459 | + if(!lifetime->ipl_soft && | |
30460 | + (lifetime->ipl_hard < lifetime->ipl_soft)) { | |
30461 | + lifetime->ipl_soft = lifetime->ipl_hard; | |
30462 | + } | |
30463 | + } | |
30464 | +} | |
30465 | + | |
30466 | +void | |
30467 | +ipsec_lifetime_update_soft(struct ipsec_lifetime64 *lifetime, | |
30468 | + __u64 newvalue) | |
30469 | +{ | |
30470 | + if(newvalue && | |
30471 | + (!lifetime->ipl_soft || | |
30472 | + (newvalue < lifetime->ipl_soft))) { | |
30473 | + lifetime->ipl_soft = newvalue; | |
30474 | + | |
30475 | + if(lifetime->ipl_hard && | |
30476 | + (lifetime->ipl_hard < lifetime->ipl_soft)) { | |
30477 | + lifetime->ipl_soft = lifetime->ipl_hard; | |
30478 | + } | |
30479 | + } | |
30480 | +} | |
30481 | + | |
30482 | + | |
30483 | +/* | |
30484 | + * $Log: ipsec_life.c,v $ | |
30485 | + * Revision 1.13.10.1 2006/10/06 21:39:26 paul | |
30486 | + * Fix for 2.6.18+ only include linux/config.h if AUTOCONF_INCLUDED is not | |
30487 | + * set. This is defined through autoconf.h which is included through the | |
30488 | + * linux kernel build macros. | |
30489 | + * | |
30490 | + * Revision 1.13 2004/07/10 19:11:18 mcr | |
30491 | + * CONFIG_IPSEC -> CONFIG_KLIPS. | |
30492 | + * | |
30493 | + * Revision 1.12 2004/04/23 20:44:35 ken | |
30494 | + * Update comments | |
30495 | + * | |
30496 | + * Revision 1.11 2004/04/06 02:49:26 mcr | |
30497 | + * pullup of algo code from alg-branch. | |
30498 | + * | |
30499 | + * Revision 1.10 2004/03/30 11:03:10 paul | |
30500 | + * two more occurances of snprintf, found by Sam from a users oops msg. | |
30501 | + * | |
30502 | + * Revision 1.9 2003/10/31 02:27:55 mcr | |
30503 | + * pulled up port-selector patches and sa_id elimination. | |
30504 | + * | |
30505 | + * Revision 1.8.4.1 2003/10/29 01:30:41 mcr | |
30506 | + * elimited "struct sa_id". | |
30507 | + * | |
30508 | + * Revision 1.8 2003/02/06 02:00:10 rgb | |
30509 | + * Fixed incorrect debugging text label | |
30510 | + * | |
30511 | + * Revision 1.7 2002/05/23 07:16:26 rgb | |
30512 | + * Fixed absolute/relative reference to lifetime count printout. | |
30513 | + * | |
30514 | + * Revision 1.6 2002/04/24 07:55:32 mcr | |
30515 | + * #include patches and Makefiles for post-reorg compilation. | |
30516 | + * | |
30517 | + * Revision 1.5 2002/04/24 07:36:28 mcr | |
30518 | + * Moved from ./klips/net/ipsec/ipsec_life.c,v | |
30519 | + * | |
30520 | + * Revision 1.4 2002/01/29 17:17:55 mcr | |
30521 | + * moved include of ipsec_param.h to after include of linux/kernel.h | |
30522 | + * otherwise, it seems that some option that is set in ipsec_param.h | |
30523 | + * screws up something subtle in the include path to kernel.h, and | |
30524 | + * it complains on the snprintf() prototype. | |
30525 | + * | |
30526 | + * Revision 1.3 2002/01/29 02:13:17 mcr | |
30527 | + * introduction of ipsec_kversion.h means that include of | |
30528 | + * ipsec_param.h must preceed any decisions about what files to | |
30529 | + * include to deal with differences in kernel source. | |
30530 | + * | |
30531 | + * Revision 1.2 2001/11/26 09:16:14 rgb | |
30532 | + * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes. | |
30533 | + * | |
30534 | + * Revision 1.1.2.1 2001/09/25 02:25:57 mcr | |
30535 | + * lifetime structure created and common functions created. | |
30536 | + * | |
30537 | + * Local variables: | |
30538 | + * c-file-style: "linux" | |
30539 | + * End: | |
30540 | + * | |
30541 | + */ | |
30542 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
30543 | +++ linux/net/ipsec/ipsec_mast.c Mon Feb 9 13:51:03 2004 | |
30544 | @@ -0,0 +1,1099 @@ | |
30545 | +/* | |
30546 | + * IPSEC MAST code. | |
30547 | + * Copyright (C) 1996, 1997 John Ioannidis. | |
30548 | + * Copyright (C) 1998, 1999, 2000, 2001, 2002 Richard Guy Briggs. | |
30549 | + * | |
30550 | + * This program is free software; you can redistribute it and/or modify it | |
30551 | + * under the terms of the GNU General Public License as published by the | |
30552 | + * Free Software Foundation; either version 2 of the License, or (at your | |
30553 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
30554 | + * | |
30555 | + * This program is distributed in the hope that it will be useful, but | |
30556 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
30557 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
30558 | + * for more details. | |
30559 | + */ | |
30560 | + | |
30561 | +char ipsec_mast_c_version[] = "RCSID $Id: ipsec_mast.c,v 1.7.2.1 2006/10/06 21:39:26 paul Exp $"; | |
30562 | + | |
30563 | +#define __NO_VERSION__ | |
30564 | +#include <linux/module.h> | |
30565 | +#ifndef AUTOCONF_INCLUDED | |
30566 | +#include <linux/config.h> | |
30567 | +#endif /* for CONFIG_IP_FORWARD */ | |
30568 | +#include <linux/version.h> | |
30569 | +#include <linux/kernel.h> /* printk() */ | |
30570 | + | |
30571 | +#include "freeswan/ipsec_param.h" | |
30572 | + | |
30573 | +#ifdef MALLOC_SLAB | |
30574 | +# include <linux/slab.h> /* kmalloc() */ | |
30575 | +#else /* MALLOC_SLAB */ | |
30576 | +# include <linux/malloc.h> /* kmalloc() */ | |
30577 | +#endif /* MALLOC_SLAB */ | |
30578 | +#include <linux/errno.h> /* error codes */ | |
30579 | +#include <linux/types.h> /* size_t */ | |
30580 | +#include <linux/interrupt.h> /* mark_bh */ | |
30581 | + | |
30582 | +#include <linux/netdevice.h> /* struct device, struct net_device_stats, dev_queue_xmit() and other headers */ | |
30583 | +#include <linux/etherdevice.h> /* eth_type_trans */ | |
30584 | +#include <linux/ip.h> /* struct iphdr */ | |
30585 | +#include <linux/tcp.h> /* struct tcphdr */ | |
30586 | +#include <linux/udp.h> /* struct udphdr */ | |
30587 | +#include <linux/skbuff.h> | |
30588 | +#include <freeswan.h> | |
30589 | +#include <linux/in6.h> | |
30590 | +#include <net/dst.h> | |
30591 | +#undef dev_kfree_skb | |
30592 | +#define dev_kfree_skb(a,b) kfree_skb(a) | |
30593 | +#define PHYSDEV_TYPE | |
30594 | +#include <net/icmp.h> /* icmp_send() */ | |
30595 | +#include <net/ip.h> | |
30596 | +#include <linux/netfilter_ipv4.h> | |
30597 | + | |
30598 | +#include <linux/if_arp.h> | |
30599 | + | |
30600 | +#include "freeswan/radij.h" | |
30601 | +#include "freeswan/ipsec_life.h" | |
30602 | +#include "freeswan/ipsec_xform.h" | |
30603 | +#include "freeswan/ipsec_eroute.h" | |
30604 | +#include "freeswan/ipsec_encap.h" | |
30605 | +#include "freeswan/ipsec_radij.h" | |
30606 | +#include "freeswan/ipsec_sa.h" | |
30607 | +#include "freeswan/ipsec_tunnel.h" | |
30608 | +#include "freeswan/ipsec_mast.h" | |
30609 | +#include "freeswan/ipsec_ipe4.h" | |
30610 | +#include "freeswan/ipsec_ah.h" | |
30611 | +#include "freeswan/ipsec_esp.h" | |
30612 | + | |
30613 | +#include <pfkeyv2.h> | |
30614 | +#include <pfkey.h> | |
30615 | + | |
30616 | +#include "freeswan/ipsec_proto.h" | |
30617 | + | |
30618 | +int ipsec_maxdevice_count = -1; | |
30619 | + | |
30620 | +DEBUG_NO_STATIC int | |
30621 | +ipsec_mast_open(struct net_device *dev) | |
30622 | +{ | |
30623 | + struct ipsecpriv *prv = dev->priv; | |
30624 | + | |
30625 | + /* | |
30626 | + * Can't open until attached. | |
30627 | + */ | |
30628 | + | |
30629 | + KLIPS_PRINT(debug_mast & DB_MAST_INIT, | |
30630 | + "klips_debug:ipsec_mast_open: " | |
30631 | + "dev = %s, prv->dev = %s\n", | |
30632 | + dev->name, prv->dev?prv->dev->name:"NONE"); | |
30633 | + | |
30634 | + if (prv->dev == NULL) | |
30635 | + return -ENODEV; | |
30636 | + | |
30637 | + KLIPS_INC_USE; | |
30638 | + return 0; | |
30639 | +} | |
30640 | + | |
30641 | +DEBUG_NO_STATIC int | |
30642 | +ipsec_mast_close(struct net_device *dev) | |
30643 | +{ | |
30644 | + KLIPS_DEC_USE; | |
30645 | + return 0; | |
30646 | +} | |
30647 | + | |
30648 | +static inline int ipsec_mast_xmit2(struct sk_buff *skb) | |
30649 | +{ | |
30650 | + return ip_send(skb); | |
30651 | +} | |
30652 | + | |
30653 | +enum ipsec_xmit_value | |
30654 | +ipsec_mast_send(struct ipsec_xmit_state*ixs) | |
30655 | +{ | |
30656 | + /* new route/dst cache code from James Morris */ | |
30657 | + ixs->skb->dev = ixs->physdev; | |
30658 | + /*skb_orphan(ixs->skb);*/ | |
30659 | + if((ixs->error = ip_route_output(&ixs->route, | |
30660 | + ixs->skb->nh.iph->daddr, | |
30661 | + ixs->pass ? 0 : ixs->skb->nh.iph->saddr, | |
30662 | + RT_TOS(ixs->skb->nh.iph->tos), | |
30663 | + ixs->physdev->iflink /* rgb: should this be 0? */))) { | |
30664 | + ixs->stats->tx_errors++; | |
30665 | + KLIPS_PRINT(debug_mast & DB_MAST_XMIT, | |
30666 | + "klips_debug:ipsec_xmit_send: " | |
30667 | + "ip_route_output failed with error code %d, rt->u.dst.dev=%s, dropped\n", | |
30668 | + ixs->error, | |
30669 | + ixs->route->u.dst.dev->name); | |
30670 | + return IPSEC_XMIT_ROUTEERR; | |
30671 | + } | |
30672 | + if(ixs->dev == ixs->route->u.dst.dev) { | |
30673 | + ip_rt_put(ixs->route); | |
30674 | + /* This is recursion, drop it. */ | |
30675 | + ixs->stats->tx_errors++; | |
30676 | + KLIPS_PRINT(debug_mast & DB_MAST_XMIT, | |
30677 | + "klips_debug:ipsec_xmit_send: " | |
30678 | + "suspect recursion, dev=rt->u.dst.dev=%s, dropped\n", | |
30679 | + ixs->dev->name); | |
30680 | + return IPSEC_XMIT_RECURSDETECT; | |
30681 | + } | |
30682 | + dst_release(ixs->skb->dst); | |
30683 | + ixs->skb->dst = &ixs->route->u.dst; | |
30684 | + ixs->stats->tx_bytes += ixs->skb->len; | |
30685 | + if(ixs->skb->len < ixs->skb->nh.raw - ixs->skb->data) { | |
30686 | + ixs->stats->tx_errors++; | |
30687 | + printk(KERN_WARNING | |
30688 | + "klips_error:ipsec_xmit_send: " | |
30689 | + "tried to __skb_pull nh-data=%ld, %d available. This should never happen, please report.\n", | |
30690 | + (unsigned long)(ixs->skb->nh.raw - ixs->skb->data), | |
30691 | + ixs->skb->len); | |
30692 | + return IPSEC_XMIT_PUSHPULLERR; | |
30693 | + } | |
30694 | + __skb_pull(ixs->skb, ixs->skb->nh.raw - ixs->skb->data); | |
30695 | +#ifdef SKB_RESET_NFCT | |
30696 | + nf_conntrack_put(ixs->skb->nfct); | |
30697 | + ixs->skb->nfct = NULL; | |
30698 | +#ifdef CONFIG_NETFILTER_DEBUG | |
30699 | + ixs->skb->nf_debug = 0; | |
30700 | +#endif /* CONFIG_NETFILTER_DEBUG */ | |
30701 | +#endif /* SKB_RESET_NFCT */ | |
30702 | + KLIPS_PRINT(debug_mast & DB_MAST_XMIT, | |
30703 | + "klips_debug:ipsec_xmit_send: " | |
30704 | + "...done, calling ip_send() on device:%s\n", | |
30705 | + ixs->skb->dev ? ixs->skb->dev->name : "NULL"); | |
30706 | + KLIPS_IP_PRINT(debug_mast & DB_MAST_XMIT, ixs->skb->nh.iph); | |
30707 | + { | |
30708 | + int err; | |
30709 | + | |
30710 | + err = NF_HOOK(PF_INET, NF_IP_LOCAL_OUT, ixs->skb, NULL, ixs->route->u.dst.dev, | |
30711 | + ipsec_mast_xmit2); | |
30712 | + if(err != NET_XMIT_SUCCESS && err != NET_XMIT_CN) { | |
30713 | + if(net_ratelimit()) | |
30714 | + printk(KERN_ERR | |
30715 | + "klips_error:ipsec_xmit_send: " | |
30716 | + "ip_send() failed, err=%d\n", | |
30717 | + -err); | |
30718 | + ixs->stats->tx_errors++; | |
30719 | + ixs->stats->tx_aborted_errors++; | |
30720 | + ixs->skb = NULL; | |
30721 | + return IPSEC_XMIT_IPSENDFAILURE; | |
30722 | + } | |
30723 | + } | |
30724 | + ixs->stats->tx_packets++; | |
30725 | + | |
30726 | + ixs->skb = NULL; | |
30727 | + | |
30728 | + return IPSEC_XMIT_OK; | |
30729 | +} | |
30730 | + | |
30731 | +void | |
30732 | +ipsec_mast_cleanup(struct ipsec_xmit_state*ixs) | |
30733 | +{ | |
30734 | +#if defined(HAS_NETIF_QUEUE) || defined (HAVE_NETIF_QUEUE) | |
30735 | + netif_wake_queue(ixs->dev); | |
30736 | +#else /* defined(HAS_NETIF_QUEUE) || defined (HAVE_NETIF_QUEUE) */ | |
30737 | + ixs->dev->tbusy = 0; | |
30738 | +#endif /* defined(HAS_NETIF_QUEUE) || defined (HAVE_NETIF_QUEUE) */ | |
30739 | + if(ixs->saved_header) { | |
30740 | + kfree(ixs->saved_header); | |
30741 | + } | |
30742 | + if(ixs->skb) { | |
30743 | + dev_kfree_skb(ixs->skb, FREE_WRITE); | |
30744 | + } | |
30745 | + if(ixs->oskb) { | |
30746 | + dev_kfree_skb(ixs->oskb, FREE_WRITE); | |
30747 | + } | |
30748 | + if (ixs->ips.ips_ident_s.data) { | |
30749 | + kfree(ixs->ips.ips_ident_s.data); | |
30750 | + } | |
30751 | + if (ixs->ips.ips_ident_d.data) { | |
30752 | + kfree(ixs->ips.ips_ident_d.data); | |
30753 | + } | |
30754 | +} | |
30755 | + | |
30756 | +#if 0 | |
30757 | +/* | |
30758 | + * This function assumes it is being called from dev_queue_xmit() | |
30759 | + * and that skb is filled properly by that function. | |
30760 | + */ | |
30761 | +int | |
30762 | +ipsec_mast_start_xmit(struct sk_buff *skb, struct net_device *dev, IPsecSAref_t SAref) | |
30763 | +{ | |
30764 | + struct ipsec_xmit_state ixs_mem; | |
30765 | + struct ipsec_xmit_state *ixs = &ixs_mem; | |
30766 | + enum ipsec_xmit_value stat = IPSEC_XMIT_OK; | |
30767 | + | |
30768 | + /* dev could be a mast device, but should be optional, I think... */ | |
30769 | + /* SAref is also optional, but one of the two must be present. */ | |
30770 | + /* I wonder if it could accept no device or saref and guess? */ | |
30771 | + | |
30772 | +/* ipsec_xmit_sanity_check_dev(ixs); */ | |
30773 | + | |
30774 | + ipsec_xmit_sanity_check_skb(ixs); | |
30775 | + | |
30776 | + ipsec_xmit_adjust_hard_header(ixs); | |
30777 | + | |
30778 | + stat = ipsec_xmit_encap_bundle(ixs); | |
30779 | + if(stat != IPSEC_XMIT_OK) { | |
30780 | + /* SA processing failed */ | |
30781 | + } | |
30782 | + | |
30783 | + ipsec_xmit_hard_header_restore(); | |
30784 | +} | |
30785 | +#endif | |
30786 | + | |
30787 | +DEBUG_NO_STATIC struct net_device_stats * | |
30788 | +ipsec_mast_get_stats(struct net_device *dev) | |
30789 | +{ | |
30790 | + return &(((struct ipsecpriv *)(dev->priv))->mystats); | |
30791 | +} | |
30792 | + | |
30793 | +/* | |
30794 | + * Revectored calls. | |
30795 | + * For each of these calls, a field exists in our private structure. | |
30796 | + */ | |
30797 | + | |
30798 | +DEBUG_NO_STATIC int | |
30799 | +ipsec_mast_hard_header(struct sk_buff *skb, struct net_device *dev, | |
30800 | + unsigned short type, void *daddr, void *saddr, unsigned len) | |
30801 | +{ | |
30802 | + struct ipsecpriv *prv = dev->priv; | |
30803 | + struct net_device *tmp; | |
30804 | + int ret; | |
30805 | + struct net_device_stats *stats; /* This device's statistics */ | |
30806 | + | |
30807 | + if(skb == NULL) { | |
30808 | + KLIPS_PRINT(debug_mast & DB_MAST_REVEC, | |
30809 | + "klips_debug:ipsec_mast_hard_header: " | |
30810 | + "no skb...\n"); | |
30811 | + return -ENODATA; | |
30812 | + } | |
30813 | + | |
30814 | + if(dev == NULL) { | |
30815 | + KLIPS_PRINT(debug_mast & DB_MAST_REVEC, | |
30816 | + "klips_debug:ipsec_mast_hard_header: " | |
30817 | + "no device...\n"); | |
30818 | + return -ENODEV; | |
30819 | + } | |
30820 | + | |
30821 | + KLIPS_PRINT(debug_mast & DB_MAST_REVEC, | |
30822 | + "klips_debug:ipsec_mast_hard_header: " | |
30823 | + "skb->dev=%s dev=%s.\n", | |
30824 | + skb->dev ? skb->dev->name : "NULL", | |
30825 | + dev->name); | |
30826 | + | |
30827 | + if(prv == NULL) { | |
30828 | + KLIPS_PRINT(debug_mast & DB_MAST_REVEC, | |
30829 | + "klips_debug:ipsec_mast_hard_header: " | |
30830 | + "no private space associated with dev=%s\n", | |
30831 | + dev->name ? dev->name : "NULL"); | |
30832 | + return -ENODEV; | |
30833 | + } | |
30834 | + | |
30835 | + stats = (struct net_device_stats *) &(prv->mystats); | |
30836 | + | |
30837 | + if(prv->dev == NULL) { | |
30838 | + KLIPS_PRINT(debug_mast & DB_MAST_REVEC, | |
30839 | + "klips_debug:ipsec_mast_hard_header: " | |
30840 | + "no physical device associated with dev=%s\n", | |
30841 | + dev->name ? dev->name : "NULL"); | |
30842 | + stats->tx_dropped++; | |
30843 | + return -ENODEV; | |
30844 | + } | |
30845 | + | |
30846 | + /* check if we have to send a IPv6 packet. It might be a Router | |
30847 | + Solicitation, where the building of the packet happens in | |
30848 | + reverse order: | |
30849 | + 1. ll hdr, | |
30850 | + 2. IPv6 hdr, | |
30851 | + 3. ICMPv6 hdr | |
30852 | + -> skb->nh.raw is still uninitialized when this function is | |
30853 | + called!! If this is no IPv6 packet, we can print debugging | |
30854 | + messages, otherwise we skip all debugging messages and just | |
30855 | + build the ll header */ | |
30856 | + if(type != ETH_P_IPV6) { | |
30857 | + /* execute this only, if we don't have to build the | |
30858 | + header for a IPv6 packet */ | |
30859 | + if(!prv->hard_header) { | |
30860 | + KLIPS_PRINT(debug_mast & DB_MAST_REVEC, | |
30861 | + "klips_debug:ipsec_mast_hard_header: " | |
30862 | + "physical device has been detached, packet dropped 0p%p->0p%p len=%d type=%d dev=%s->NULL ", | |
30863 | + saddr, | |
30864 | + daddr, | |
30865 | + len, | |
30866 | + type, | |
30867 | + dev->name); | |
30868 | + KLIPS_PRINTMORE(debug_mast & DB_MAST_REVEC, | |
30869 | + "ip=%08x->%08x\n", | |
30870 | + (__u32)ntohl(skb->nh.iph->saddr), | |
30871 | + (__u32)ntohl(skb->nh.iph->daddr) ); | |
30872 | + stats->tx_dropped++; | |
30873 | + return -ENODEV; | |
30874 | + } | |
30875 | + | |
30876 | +#define da ((struct net_device *)(prv->dev))->dev_addr | |
30877 | + KLIPS_PRINT(debug_mast & DB_MAST_REVEC, | |
30878 | + "klips_debug:ipsec_mast_hard_header: " | |
30879 | + "Revectored 0p%p->0p%p len=%d type=%d dev=%s->%s dev_addr=%02x:%02x:%02x:%02x:%02x:%02x ", | |
30880 | + saddr, | |
30881 | + daddr, | |
30882 | + len, | |
30883 | + type, | |
30884 | + dev->name, | |
30885 | + prv->dev->name, | |
30886 | + da[0], da[1], da[2], da[3], da[4], da[5]); | |
30887 | + KLIPS_PRINTMORE(debug_mast & DB_MAST_REVEC, | |
30888 | + "ip=%08x->%08x\n", | |
30889 | + (__u32)ntohl(skb->nh.iph->saddr), | |
30890 | + (__u32)ntohl(skb->nh.iph->daddr) ); | |
30891 | + } else { | |
30892 | + KLIPS_PRINT(debug_mast, | |
30893 | + "klips_debug:ipsec_mast_hard_header: " | |
30894 | + "is IPv6 packet, skip debugging messages, only revector and build linklocal header.\n"); | |
30895 | + } | |
30896 | + tmp = skb->dev; | |
30897 | + skb->dev = prv->dev; | |
30898 | + ret = prv->hard_header(skb, prv->dev, type, (void *)daddr, (void *)saddr, len); | |
30899 | + skb->dev = tmp; | |
30900 | + return ret; | |
30901 | +} | |
30902 | + | |
30903 | +DEBUG_NO_STATIC int | |
30904 | +ipsec_mast_rebuild_header(struct sk_buff *skb) | |
30905 | +{ | |
30906 | + struct ipsecpriv *prv = skb->dev->priv; | |
30907 | + struct net_device *tmp; | |
30908 | + int ret; | |
30909 | + struct net_device_stats *stats; /* This device's statistics */ | |
30910 | + | |
30911 | + if(skb->dev == NULL) { | |
30912 | + KLIPS_PRINT(debug_mast & DB_MAST_REVEC, | |
30913 | + "klips_debug:ipsec_mast_rebuild_header: " | |
30914 | + "no device..."); | |
30915 | + return -ENODEV; | |
30916 | + } | |
30917 | + | |
30918 | + if(prv == NULL) { | |
30919 | + KLIPS_PRINT(debug_mast & DB_MAST_REVEC, | |
30920 | + "klips_debug:ipsec_mast_rebuild_header: " | |
30921 | + "no private space associated with dev=%s", | |
30922 | + skb->dev->name ? skb->dev->name : "NULL"); | |
30923 | + return -ENODEV; | |
30924 | + } | |
30925 | + | |
30926 | + stats = (struct net_device_stats *) &(prv->mystats); | |
30927 | + | |
30928 | + if(prv->dev == NULL) { | |
30929 | + KLIPS_PRINT(debug_mast & DB_MAST_REVEC, | |
30930 | + "klips_debug:ipsec_mast_rebuild_header: " | |
30931 | + "no physical device associated with dev=%s", | |
30932 | + skb->dev->name ? skb->dev->name : "NULL"); | |
30933 | + stats->tx_dropped++; | |
30934 | + return -ENODEV; | |
30935 | + } | |
30936 | + | |
30937 | + if(!prv->rebuild_header) { | |
30938 | + KLIPS_PRINT(debug_mast & DB_MAST_REVEC, | |
30939 | + "klips_debug:ipsec_mast_rebuild_header: " | |
30940 | + "physical device has been detached, packet dropped skb->dev=%s->NULL ", | |
30941 | + skb->dev->name); | |
30942 | + KLIPS_PRINT(debug_mast & DB_MAST_REVEC, | |
30943 | + "ip=%08x->%08x\n", | |
30944 | + (__u32)ntohl(skb->nh.iph->saddr), | |
30945 | + (__u32)ntohl(skb->nh.iph->daddr) ); | |
30946 | + stats->tx_dropped++; | |
30947 | + return -ENODEV; | |
30948 | + } | |
30949 | + | |
30950 | + KLIPS_PRINT(debug_mast & DB_MAST_REVEC, | |
30951 | + "klips_debug:ipsec_mast: " | |
30952 | + "Revectored rebuild_header dev=%s->%s ", | |
30953 | + skb->dev->name, prv->dev->name); | |
30954 | + KLIPS_PRINT(debug_mast & DB_MAST_REVEC, | |
30955 | + "ip=%08x->%08x\n", | |
30956 | + (__u32)ntohl(skb->nh.iph->saddr), | |
30957 | + (__u32)ntohl(skb->nh.iph->daddr) ); | |
30958 | + tmp = skb->dev; | |
30959 | + skb->dev = prv->dev; | |
30960 | + | |
30961 | + ret = prv->rebuild_header(skb); | |
30962 | + skb->dev = tmp; | |
30963 | + return ret; | |
30964 | +} | |
30965 | + | |
30966 | +DEBUG_NO_STATIC int | |
30967 | +ipsec_mast_set_mac_address(struct net_device *dev, void *addr) | |
30968 | +{ | |
30969 | + struct ipsecpriv *prv = dev->priv; | |
30970 | + | |
30971 | + struct net_device_stats *stats; /* This device's statistics */ | |
30972 | + | |
30973 | + if(dev == NULL) { | |
30974 | + KLIPS_PRINT(debug_mast & DB_MAST_REVEC, | |
30975 | + "klips_debug:ipsec_mast_set_mac_address: " | |
30976 | + "no device..."); | |
30977 | + return -ENODEV; | |
30978 | + } | |
30979 | + | |
30980 | + if(prv == NULL) { | |
30981 | + KLIPS_PRINT(debug_mast & DB_MAST_REVEC, | |
30982 | + "klips_debug:ipsec_mast_set_mac_address: " | |
30983 | + "no private space associated with dev=%s", | |
30984 | + dev->name ? dev->name : "NULL"); | |
30985 | + return -ENODEV; | |
30986 | + } | |
30987 | + | |
30988 | + stats = (struct net_device_stats *) &(prv->mystats); | |
30989 | + | |
30990 | + if(prv->dev == NULL) { | |
30991 | + KLIPS_PRINT(debug_mast & DB_MAST_REVEC, | |
30992 | + "klips_debug:ipsec_mast_set_mac_address: " | |
30993 | + "no physical device associated with dev=%s", | |
30994 | + dev->name ? dev->name : "NULL"); | |
30995 | + stats->tx_dropped++; | |
30996 | + return -ENODEV; | |
30997 | + } | |
30998 | + | |
30999 | + if(!prv->set_mac_address) { | |
31000 | + KLIPS_PRINT(debug_mast & DB_MAST_REVEC, | |
31001 | + "klips_debug:ipsec_mast_set_mac_address: " | |
31002 | + "physical device has been detached, cannot set - skb->dev=%s->NULL\n", | |
31003 | + dev->name); | |
31004 | + return -ENODEV; | |
31005 | + } | |
31006 | + | |
31007 | + KLIPS_PRINT(debug_mast & DB_MAST_REVEC, | |
31008 | + "klips_debug:ipsec_mast_set_mac_address: " | |
31009 | + "Revectored dev=%s->%s addr=0p%p\n", | |
31010 | + dev->name, prv->dev->name, addr); | |
31011 | + return prv->set_mac_address(prv->dev, addr); | |
31012 | + | |
31013 | +} | |
31014 | + | |
31015 | +DEBUG_NO_STATIC void | |
31016 | +ipsec_mast_cache_update(struct hh_cache *hh, struct net_device *dev, unsigned char * haddr) | |
31017 | +{ | |
31018 | + struct ipsecpriv *prv = dev->priv; | |
31019 | + | |
31020 | + struct net_device_stats *stats; /* This device's statistics */ | |
31021 | + | |
31022 | + if(dev == NULL) { | |
31023 | + KLIPS_PRINT(debug_mast & DB_MAST_REVEC, | |
31024 | + "klips_debug:ipsec_mast_cache_update: " | |
31025 | + "no device..."); | |
31026 | + return; | |
31027 | + } | |
31028 | + | |
31029 | + if(prv == NULL) { | |
31030 | + KLIPS_PRINT(debug_mast & DB_MAST_REVEC, | |
31031 | + "klips_debug:ipsec_mast_cache_update: " | |
31032 | + "no private space associated with dev=%s", | |
31033 | + dev->name ? dev->name : "NULL"); | |
31034 | + return; | |
31035 | + } | |
31036 | + | |
31037 | + stats = (struct net_device_stats *) &(prv->mystats); | |
31038 | + | |
31039 | + if(prv->dev == NULL) { | |
31040 | + KLIPS_PRINT(debug_mast & DB_MAST_REVEC, | |
31041 | + "klips_debug:ipsec_mast_cache_update: " | |
31042 | + "no physical device associated with dev=%s", | |
31043 | + dev->name ? dev->name : "NULL"); | |
31044 | + stats->tx_dropped++; | |
31045 | + return; | |
31046 | + } | |
31047 | + | |
31048 | + if(!prv->header_cache_update) { | |
31049 | + KLIPS_PRINT(debug_mast & DB_MAST_REVEC, | |
31050 | + "klips_debug:ipsec_mast_cache_update: " | |
31051 | + "physical device has been detached, cannot set - skb->dev=%s->NULL\n", | |
31052 | + dev->name); | |
31053 | + return; | |
31054 | + } | |
31055 | + | |
31056 | + KLIPS_PRINT(debug_mast & DB_MAST_REVEC, | |
31057 | + "klips_debug:ipsec_mast: " | |
31058 | + "Revectored cache_update\n"); | |
31059 | + prv->header_cache_update(hh, prv->dev, haddr); | |
31060 | + return; | |
31061 | +} | |
31062 | + | |
31063 | +DEBUG_NO_STATIC int | |
31064 | +ipsec_mast_neigh_setup(struct neighbour *n) | |
31065 | +{ | |
31066 | + KLIPS_PRINT(debug_mast & DB_MAST_REVEC, | |
31067 | + "klips_debug:ipsec_mast_neigh_setup:\n"); | |
31068 | + | |
31069 | + if (n->nud_state == NUD_NONE) { | |
31070 | + n->ops = &arp_broken_ops; | |
31071 | + n->output = n->ops->output; | |
31072 | + } | |
31073 | + return 0; | |
31074 | +} | |
31075 | + | |
31076 | +DEBUG_NO_STATIC int | |
31077 | +ipsec_mast_neigh_setup_dev(struct net_device *dev, struct neigh_parms *p) | |
31078 | +{ | |
31079 | + KLIPS_PRINT(debug_mast & DB_MAST_REVEC, | |
31080 | + "klips_debug:ipsec_mast_neigh_setup_dev: " | |
31081 | + "setting up %s\n", | |
31082 | + dev ? dev->name : "NULL"); | |
31083 | + | |
31084 | + if (p->tbl->family == AF_INET) { | |
31085 | + p->neigh_setup = ipsec_mast_neigh_setup; | |
31086 | + p->ucast_probes = 0; | |
31087 | + p->mcast_probes = 0; | |
31088 | + } | |
31089 | + return 0; | |
31090 | +} | |
31091 | + | |
31092 | +/* | |
31093 | + * We call the attach routine to attach another device. | |
31094 | + */ | |
31095 | + | |
31096 | +DEBUG_NO_STATIC int | |
31097 | +ipsec_mast_attach(struct net_device *dev, struct net_device *physdev) | |
31098 | +{ | |
31099 | + int i; | |
31100 | + struct ipsecpriv *prv = dev->priv; | |
31101 | + | |
31102 | + if(dev == NULL) { | |
31103 | + KLIPS_PRINT(debug_mast & DB_MAST_REVEC, | |
31104 | + "klips_debug:ipsec_mast_attach: " | |
31105 | + "no device..."); | |
31106 | + return -ENODEV; | |
31107 | + } | |
31108 | + | |
31109 | + if(prv == NULL) { | |
31110 | + KLIPS_PRINT(debug_mast & DB_MAST_REVEC, | |
31111 | + "klips_debug:ipsec_mast_attach: " | |
31112 | + "no private space associated with dev=%s", | |
31113 | + dev->name ? dev->name : "NULL"); | |
31114 | + return -ENODATA; | |
31115 | + } | |
31116 | + | |
31117 | + prv->dev = physdev; | |
31118 | + prv->hard_start_xmit = physdev->hard_start_xmit; | |
31119 | + prv->get_stats = physdev->get_stats; | |
31120 | + | |
31121 | + if (physdev->hard_header) { | |
31122 | + prv->hard_header = physdev->hard_header; | |
31123 | + dev->hard_header = ipsec_mast_hard_header; | |
31124 | + } else | |
31125 | + dev->hard_header = NULL; | |
31126 | + | |
31127 | + if (physdev->rebuild_header) { | |
31128 | + prv->rebuild_header = physdev->rebuild_header; | |
31129 | + dev->rebuild_header = ipsec_mast_rebuild_header; | |
31130 | + } else | |
31131 | + dev->rebuild_header = NULL; | |
31132 | + | |
31133 | + if (physdev->set_mac_address) { | |
31134 | + prv->set_mac_address = physdev->set_mac_address; | |
31135 | + dev->set_mac_address = ipsec_mast_set_mac_address; | |
31136 | + } else | |
31137 | + dev->set_mac_address = NULL; | |
31138 | + | |
31139 | + if (physdev->header_cache_update) { | |
31140 | + prv->header_cache_update = physdev->header_cache_update; | |
31141 | + dev->header_cache_update = ipsec_mast_cache_update; | |
31142 | + } else | |
31143 | + dev->header_cache_update = NULL; | |
31144 | + | |
31145 | + dev->hard_header_len = physdev->hard_header_len; | |
31146 | + | |
31147 | +/* prv->neigh_setup = physdev->neigh_setup; */ | |
31148 | + dev->neigh_setup = ipsec_mast_neigh_setup_dev; | |
31149 | + dev->mtu = 16260; /* 0xfff0; */ /* dev->mtu; */ | |
31150 | + prv->mtu = physdev->mtu; | |
31151 | + | |
31152 | +#ifdef PHYSDEV_TYPE | |
31153 | + dev->type = physdev->type; /* ARPHRD_MAST; */ | |
31154 | +#endif /* PHYSDEV_TYPE */ | |
31155 | + | |
31156 | + dev->addr_len = physdev->addr_len; | |
31157 | + for (i=0; i<dev->addr_len; i++) { | |
31158 | + dev->dev_addr[i] = physdev->dev_addr[i]; | |
31159 | + } | |
31160 | +#ifdef CONFIG_KLIPS_DEBUG | |
31161 | + if(debug_mast & DB_MAST_INIT) { | |
31162 | + printk(KERN_INFO "klips_debug:ipsec_mast_attach: " | |
31163 | + "physical device %s being attached has HW address: %2x", | |
31164 | + physdev->name, physdev->dev_addr[0]); | |
31165 | + for (i=1; i < physdev->addr_len; i++) { | |
31166 | + printk(":%02x", physdev->dev_addr[i]); | |
31167 | + } | |
31168 | + printk("\n"); | |
31169 | + } | |
31170 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
31171 | + | |
31172 | + return 0; | |
31173 | +} | |
31174 | + | |
31175 | +/* | |
31176 | + * We call the detach routine to detach the ipsec mast from another device. | |
31177 | + */ | |
31178 | + | |
31179 | +DEBUG_NO_STATIC int | |
31180 | +ipsec_mast_detach(struct net_device *dev) | |
31181 | +{ | |
31182 | + int i; | |
31183 | + struct ipsecpriv *prv = dev->priv; | |
31184 | + | |
31185 | + if(dev == NULL) { | |
31186 | + KLIPS_PRINT(debug_mast & DB_MAST_REVEC, | |
31187 | + "klips_debug:ipsec_mast_detach: " | |
31188 | + "no device..."); | |
31189 | + return -ENODEV; | |
31190 | + } | |
31191 | + | |
31192 | + if(prv == NULL) { | |
31193 | + KLIPS_PRINT(debug_mast & DB_MAST_REVEC, | |
31194 | + "klips_debug:ipsec_mast_detach: " | |
31195 | + "no private space associated with dev=%s", | |
31196 | + dev->name ? dev->name : "NULL"); | |
31197 | + return -ENODATA; | |
31198 | + } | |
31199 | + | |
31200 | + KLIPS_PRINT(debug_mast & DB_MAST_INIT, | |
31201 | + "klips_debug:ipsec_mast_detach: " | |
31202 | + "physical device %s being detached from virtual device %s\n", | |
31203 | + prv->dev ? prv->dev->name : "NULL", | |
31204 | + dev->name); | |
31205 | + | |
31206 | + prv->dev = NULL; | |
31207 | + prv->hard_start_xmit = NULL; | |
31208 | + prv->get_stats = NULL; | |
31209 | + | |
31210 | + prv->hard_header = NULL; | |
31211 | +#ifdef DETACH_AND_DOWN | |
31212 | + dev->hard_header = NULL; | |
31213 | +#endif /* DETACH_AND_DOWN */ | |
31214 | + | |
31215 | + prv->rebuild_header = NULL; | |
31216 | +#ifdef DETACH_AND_DOWN | |
31217 | + dev->rebuild_header = NULL; | |
31218 | +#endif /* DETACH_AND_DOWN */ | |
31219 | + | |
31220 | + prv->set_mac_address = NULL; | |
31221 | +#ifdef DETACH_AND_DOWN | |
31222 | + dev->set_mac_address = NULL; | |
31223 | +#endif /* DETACH_AND_DOWN */ | |
31224 | + | |
31225 | + prv->header_cache_update = NULL; | |
31226 | +#ifdef DETACH_AND_DOWN | |
31227 | + dev->header_cache_update = NULL; | |
31228 | +#endif /* DETACH_AND_DOWN */ | |
31229 | + | |
31230 | +#ifdef DETACH_AND_DOWN | |
31231 | + dev->neigh_setup = NULL; | |
31232 | +#endif /* DETACH_AND_DOWN */ | |
31233 | + | |
31234 | + dev->hard_header_len = 0; | |
31235 | +#ifdef DETACH_AND_DOWN | |
31236 | + dev->mtu = 0; | |
31237 | +#endif /* DETACH_AND_DOWN */ | |
31238 | + prv->mtu = 0; | |
31239 | + for (i=0; i<MAX_ADDR_LEN; i++) { | |
31240 | + dev->dev_addr[i] = 0; | |
31241 | + } | |
31242 | + dev->addr_len = 0; | |
31243 | +#ifdef PHYSDEV_TYPE | |
31244 | + dev->type = ARPHRD_VOID; /* ARPHRD_MAST; */ | |
31245 | +#endif /* PHYSDEV_TYPE */ | |
31246 | + | |
31247 | + return 0; | |
31248 | +} | |
31249 | + | |
31250 | +/* | |
31251 | + * We call the clear routine to detach all ipsec masts from other devices. | |
31252 | + */ | |
31253 | +DEBUG_NO_STATIC int | |
31254 | +ipsec_mast_clear(void) | |
31255 | +{ | |
31256 | + int i; | |
31257 | + struct net_device *ipsecdev = NULL, *prvdev; | |
31258 | + struct ipsecpriv *prv; | |
31259 | + char name[9]; | |
31260 | + int ret; | |
31261 | + | |
31262 | + KLIPS_PRINT(debug_mast & DB_MAST_INIT, | |
31263 | + "klips_debug:ipsec_mast_clear: .\n"); | |
31264 | + | |
31265 | + for(i = 0; i < IPSEC_NUM_IF; i++) { | |
31266 | + sprintf(name, IPSEC_DEV_FORMAT, i); | |
31267 | + if((ipsecdev = ipsec_dev_get(name)) != NULL) { | |
31268 | + if((prv = (struct ipsecpriv *)(ipsecdev->priv))) { | |
31269 | + prvdev = (struct net_device *)(prv->dev); | |
31270 | + if(prvdev) { | |
31271 | + KLIPS_PRINT(debug_mast & DB_MAST_INIT, | |
31272 | + "klips_debug:ipsec_mast_clear: " | |
31273 | + "physical device for device %s is %s\n", | |
31274 | + name, prvdev->name); | |
31275 | + if((ret = ipsec_mast_detach(ipsecdev))) { | |
31276 | + KLIPS_PRINT(debug_mast & DB_MAST_INIT, | |
31277 | + "klips_debug:ipsec_mast_clear: " | |
31278 | + "error %d detatching device %s from device %s.\n", | |
31279 | + ret, name, prvdev->name); | |
31280 | + return ret; | |
31281 | + } | |
31282 | + } | |
31283 | + } | |
31284 | + } | |
31285 | + } | |
31286 | + return 0; | |
31287 | +} | |
31288 | + | |
31289 | +DEBUG_NO_STATIC int | |
31290 | +ipsec_mast_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) | |
31291 | +{ | |
31292 | + struct ipsecmastconf *cf = (struct ipsecmastconf *)&ifr->ifr_data; | |
31293 | + struct ipsecpriv *prv = dev->priv; | |
31294 | + struct net_device *them; /* physical device */ | |
31295 | +#ifdef CONFIG_IP_ALIAS | |
31296 | + char *colon; | |
31297 | + char realphysname[IFNAMSIZ]; | |
31298 | +#endif /* CONFIG_IP_ALIAS */ | |
31299 | + | |
31300 | + if(dev == NULL) { | |
31301 | + KLIPS_PRINT(debug_mast & DB_MAST_INIT, | |
31302 | + "klips_debug:ipsec_mast_ioctl: " | |
31303 | + "device not supplied.\n"); | |
31304 | + return -ENODEV; | |
31305 | + } | |
31306 | + | |
31307 | + KLIPS_PRINT(debug_mast & DB_MAST_INIT, | |
31308 | + "klips_debug:ipsec_mast_ioctl: " | |
31309 | + "tncfg service call #%d for dev=%s\n", | |
31310 | + cmd, | |
31311 | + dev->name ? dev->name : "NULL"); | |
31312 | + switch (cmd) { | |
31313 | + /* attach a virtual ipsec? device to a physical device */ | |
31314 | + case IPSEC_SET_DEV: | |
31315 | + KLIPS_PRINT(debug_mast & DB_MAST_INIT, | |
31316 | + "klips_debug:ipsec_mast_ioctl: " | |
31317 | + "calling ipsec_mast_attatch...\n"); | |
31318 | +#ifdef CONFIG_IP_ALIAS | |
31319 | + /* If this is an IP alias interface, get its real physical name */ | |
31320 | + strncpy(realphysname, cf->cf_name, IFNAMSIZ); | |
31321 | + realphysname[IFNAMSIZ-1] = 0; | |
31322 | + colon = strchr(realphysname, ':'); | |
31323 | + if (colon) *colon = 0; | |
31324 | + them = ipsec_dev_get(realphysname); | |
31325 | +#else /* CONFIG_IP_ALIAS */ | |
31326 | + them = ipsec_dev_get(cf->cf_name); | |
31327 | +#endif /* CONFIG_IP_ALIAS */ | |
31328 | + | |
31329 | + if (them == NULL) { | |
31330 | + KLIPS_PRINT(debug_mast & DB_MAST_INIT, | |
31331 | + "klips_debug:ipsec_mast_ioctl: " | |
31332 | + "physical device %s requested is null\n", | |
31333 | + cf->cf_name); | |
31334 | + return -ENXIO; | |
31335 | + } | |
31336 | + | |
31337 | +#if 0 | |
31338 | + if (them->flags & IFF_UP) { | |
31339 | + KLIPS_PRINT(debug_mast & DB_MAST_INIT, | |
31340 | + "klips_debug:ipsec_mast_ioctl: " | |
31341 | + "physical device %s requested is not up.\n", | |
31342 | + cf->cf_name); | |
31343 | + return -ENXIO; | |
31344 | + } | |
31345 | +#endif | |
31346 | + | |
31347 | + if (prv && prv->dev) { | |
31348 | + KLIPS_PRINT(debug_mast & DB_MAST_INIT, | |
31349 | + "klips_debug:ipsec_mast_ioctl: " | |
31350 | + "virtual device is already connected to %s.\n", | |
31351 | + prv->dev->name ? prv->dev->name : "NULL"); | |
31352 | + return -EBUSY; | |
31353 | + } | |
31354 | + return ipsec_mast_attach(dev, them); | |
31355 | + | |
31356 | + case IPSEC_DEL_DEV: | |
31357 | + KLIPS_PRINT(debug_mast & DB_MAST_INIT, | |
31358 | + "klips_debug:ipsec_mast_ioctl: " | |
31359 | + "calling ipsec_mast_detatch.\n"); | |
31360 | + if (! prv->dev) { | |
31361 | + KLIPS_PRINT(debug_mast & DB_MAST_INIT, | |
31362 | + "klips_debug:ipsec_mast_ioctl: " | |
31363 | + "physical device not connected.\n"); | |
31364 | + return -ENODEV; | |
31365 | + } | |
31366 | + return ipsec_mast_detach(dev); | |
31367 | + | |
31368 | + case IPSEC_CLR_DEV: | |
31369 | + KLIPS_PRINT(debug_mast & DB_MAST_INIT, | |
31370 | + "klips_debug:ipsec_mast_ioctl: " | |
31371 | + "calling ipsec_mast_clear.\n"); | |
31372 | + return ipsec_mast_clear(); | |
31373 | + | |
31374 | + default: | |
31375 | + KLIPS_PRINT(debug_mast & DB_MAST_INIT, | |
31376 | + "klips_debug:ipsec_mast_ioctl: " | |
31377 | + "unknown command %d.\n", | |
31378 | + cmd); | |
31379 | + return -EOPNOTSUPP; | |
31380 | + } | |
31381 | +} | |
31382 | + | |
31383 | +int | |
31384 | +ipsec_mast_device_event(struct notifier_block *unused, unsigned long event, void *ptr) | |
31385 | +{ | |
31386 | + struct net_device *dev = ptr; | |
31387 | + struct net_device *ipsec_dev; | |
31388 | + struct ipsecpriv *priv; | |
31389 | + char name[9]; | |
31390 | + int i; | |
31391 | + | |
31392 | + if (dev == NULL) { | |
31393 | + KLIPS_PRINT(debug_mast & DB_MAST_INIT, | |
31394 | + "klips_debug:ipsec_mast_device_event: " | |
31395 | + "dev=NULL for event type %ld.\n", | |
31396 | + event); | |
31397 | + return(NOTIFY_DONE); | |
31398 | + } | |
31399 | + | |
31400 | + /* check for loopback devices */ | |
31401 | + if (dev && (dev->flags & IFF_LOOPBACK)) { | |
31402 | + return(NOTIFY_DONE); | |
31403 | + } | |
31404 | + | |
31405 | + switch (event) { | |
31406 | + case NETDEV_DOWN: | |
31407 | + /* look very carefully at the scope of these compiler | |
31408 | + directives before changing anything... -- RGB */ | |
31409 | + | |
31410 | + case NETDEV_UNREGISTER: | |
31411 | + switch (event) { | |
31412 | + case NETDEV_DOWN: | |
31413 | + KLIPS_PRINT(debug_mast & DB_MAST_INIT, | |
31414 | + "klips_debug:ipsec_mast_device_event: " | |
31415 | + "NETDEV_DOWN dev=%s flags=%x\n", | |
31416 | + dev->name, | |
31417 | + dev->flags); | |
31418 | + if(strncmp(dev->name, "ipsec", strlen("ipsec")) == 0) { | |
31419 | + printk(KERN_CRIT "IPSEC EVENT: KLIPS device %s shut down.\n", | |
31420 | + dev->name); | |
31421 | + } | |
31422 | + break; | |
31423 | + case NETDEV_UNREGISTER: | |
31424 | + KLIPS_PRINT(debug_mast & DB_MAST_INIT, | |
31425 | + "klips_debug:ipsec_mast_device_event: " | |
31426 | + "NETDEV_UNREGISTER dev=%s flags=%x\n", | |
31427 | + dev->name, | |
31428 | + dev->flags); | |
31429 | + break; | |
31430 | + } | |
31431 | + | |
31432 | + /* find the attached physical device and detach it. */ | |
31433 | + for(i = 0; i < IPSEC_NUM_IF; i++) { | |
31434 | + sprintf(name, IPSEC_DEV_FORMAT, i); | |
31435 | + ipsec_dev = ipsec_dev_get(name); | |
31436 | + if(ipsec_dev) { | |
31437 | + priv = (struct ipsecpriv *)(ipsec_dev->priv); | |
31438 | + if(priv) { | |
31439 | + ; | |
31440 | + if(((struct net_device *)(priv->dev)) == dev) { | |
31441 | + /* dev_close(ipsec_dev); */ | |
31442 | + /* return */ ipsec_mast_detach(ipsec_dev); | |
31443 | + KLIPS_PRINT(debug_mast & DB_MAST_INIT, | |
31444 | + "klips_debug:ipsec_mast_device_event: " | |
31445 | + "device '%s' has been detached.\n", | |
31446 | + ipsec_dev->name); | |
31447 | + break; | |
31448 | + } | |
31449 | + } else { | |
31450 | + KLIPS_PRINT(debug_mast & DB_MAST_INIT, | |
31451 | + "klips_debug:ipsec_mast_device_event: " | |
31452 | + "device '%s' has no private data space!\n", | |
31453 | + ipsec_dev->name); | |
31454 | + } | |
31455 | + } | |
31456 | + } | |
31457 | + break; | |
31458 | + case NETDEV_UP: | |
31459 | + KLIPS_PRINT(debug_mast & DB_MAST_INIT, | |
31460 | + "klips_debug:ipsec_mast_device_event: " | |
31461 | + "NETDEV_UP dev=%s\n", | |
31462 | + dev->name); | |
31463 | + break; | |
31464 | + case NETDEV_REBOOT: | |
31465 | + KLIPS_PRINT(debug_mast & DB_MAST_INIT, | |
31466 | + "klips_debug:ipsec_mast_device_event: " | |
31467 | + "NETDEV_REBOOT dev=%s\n", | |
31468 | + dev->name); | |
31469 | + break; | |
31470 | + case NETDEV_CHANGE: | |
31471 | + KLIPS_PRINT(debug_mast & DB_MAST_INIT, | |
31472 | + "klips_debug:ipsec_mast_device_event: " | |
31473 | + "NETDEV_CHANGE dev=%s flags=%x\n", | |
31474 | + dev->name, | |
31475 | + dev->flags); | |
31476 | + break; | |
31477 | + case NETDEV_REGISTER: | |
31478 | + KLIPS_PRINT(debug_mast & DB_MAST_INIT, | |
31479 | + "klips_debug:ipsec_mast_device_event: " | |
31480 | + "NETDEV_REGISTER dev=%s\n", | |
31481 | + dev->name); | |
31482 | + break; | |
31483 | + case NETDEV_CHANGEMTU: | |
31484 | + KLIPS_PRINT(debug_mast & DB_MAST_INIT, | |
31485 | + "klips_debug:ipsec_mast_device_event: " | |
31486 | + "NETDEV_CHANGEMTU dev=%s to mtu=%d\n", | |
31487 | + dev->name, | |
31488 | + dev->mtu); | |
31489 | + break; | |
31490 | + case NETDEV_CHANGEADDR: | |
31491 | + KLIPS_PRINT(debug_mast & DB_MAST_INIT, | |
31492 | + "klips_debug:ipsec_mast_device_event: " | |
31493 | + "NETDEV_CHANGEADDR dev=%s\n", | |
31494 | + dev->name); | |
31495 | + break; | |
31496 | + case NETDEV_GOING_DOWN: | |
31497 | + KLIPS_PRINT(debug_mast & DB_MAST_INIT, | |
31498 | + "klips_debug:ipsec_mast_device_event: " | |
31499 | + "NETDEV_GOING_DOWN dev=%s\n", | |
31500 | + dev->name); | |
31501 | + break; | |
31502 | + case NETDEV_CHANGENAME: | |
31503 | + KLIPS_PRINT(debug_mast & DB_MAST_INIT, | |
31504 | + "klips_debug:ipsec_mast_device_event: " | |
31505 | + "NETDEV_CHANGENAME dev=%s\n", | |
31506 | + dev->name); | |
31507 | + break; | |
31508 | + default: | |
31509 | + KLIPS_PRINT(debug_mast & DB_MAST_INIT, | |
31510 | + "klips_debug:ipsec_mast_device_event: " | |
31511 | + "event type %ld unrecognised for dev=%s\n", | |
31512 | + event, | |
31513 | + dev->name); | |
31514 | + break; | |
31515 | + } | |
31516 | + return NOTIFY_DONE; | |
31517 | +} | |
31518 | + | |
31519 | +/* | |
31520 | + * Called when an ipsec mast device is initialized. | |
31521 | + * The ipsec mast device structure is passed to us. | |
31522 | + */ | |
31523 | + | |
31524 | +int | |
31525 | +ipsec_mast_init(struct net_device *dev) | |
31526 | +{ | |
31527 | + int i; | |
31528 | + | |
31529 | + KLIPS_PRINT(debug_mast, | |
31530 | + "klips_debug:ipsec_mast_init: " | |
31531 | + "allocating %lu bytes initialising device: %s\n", | |
31532 | + (unsigned long) sizeof(struct ipsecpriv), | |
31533 | + dev->name ? dev->name : "NULL"); | |
31534 | + | |
31535 | + /* Add our mast functions to the device */ | |
31536 | + dev->open = ipsec_mast_open; | |
31537 | + dev->stop = ipsec_mast_close; | |
31538 | + dev->hard_start_xmit = ipsec_mast_start_xmit; | |
31539 | + dev->get_stats = ipsec_mast_get_stats; | |
31540 | + | |
31541 | + dev->priv = kmalloc(sizeof(struct ipsecpriv), GFP_KERNEL); | |
31542 | + if (dev->priv == NULL) | |
31543 | + return -ENOMEM; | |
31544 | + memset((caddr_t)(dev->priv), 0, sizeof(struct ipsecpriv)); | |
31545 | + | |
31546 | + for(i = 0; i < sizeof(zeroes); i++) { | |
31547 | + ((__u8*)(zeroes))[i] = 0; | |
31548 | + } | |
31549 | + | |
31550 | + dev->set_multicast_list = NULL; | |
31551 | + dev->do_ioctl = ipsec_mast_ioctl; | |
31552 | + dev->hard_header = NULL; | |
31553 | + dev->rebuild_header = NULL; | |
31554 | + dev->set_mac_address = NULL; | |
31555 | + dev->header_cache_update= NULL; | |
31556 | + dev->neigh_setup = ipsec_mast_neigh_setup_dev; | |
31557 | + dev->hard_header_len = 0; | |
31558 | + dev->mtu = 0; | |
31559 | + dev->addr_len = 0; | |
31560 | + dev->type = ARPHRD_VOID; /* ARPHRD_MAST; */ /* ARPHRD_ETHER; */ | |
31561 | + dev->tx_queue_len = 10; /* Small queue */ | |
31562 | + memset((caddr_t)(dev->broadcast),0xFF, ETH_ALEN); /* what if this is not attached to ethernet? */ | |
31563 | + | |
31564 | + /* New-style flags. */ | |
31565 | + dev->flags = IFF_NOARP /* 0 */ /* Petr Novak */; | |
31566 | + dev_init_buffers(dev); | |
31567 | + | |
31568 | + /* We're done. Have I forgotten anything? */ | |
31569 | + return 0; | |
31570 | +} | |
31571 | + | |
31572 | +/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ | |
31573 | +/* Module specific interface (but it links with the rest of IPSEC) */ | |
31574 | +/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ | |
31575 | + | |
31576 | +int | |
31577 | +ipsec_mast_probe(struct net_device *dev) | |
31578 | +{ | |
31579 | + ipsec_mast_init(dev); | |
31580 | + return 0; | |
31581 | +} | |
31582 | + | |
31583 | +int | |
31584 | +ipsec_mast_init_devices(void) | |
31585 | +{ | |
31586 | + return 0; | |
31587 | +} | |
31588 | + | |
31589 | +/* void */ | |
31590 | +int | |
31591 | +ipsec_mast_cleanup_devices(void) | |
31592 | +{ | |
31593 | + int error = 0; | |
31594 | + int i; | |
31595 | + char name[10]; | |
31596 | + struct net_device *dev_mast; | |
31597 | + | |
31598 | + for(i = 0; i < ipsec_mastdevice_count; i++) { | |
31599 | + sprintf(name, MAST_DEV_FORMAT, i); | |
31600 | + if((dev_mast = ipsec_dev_get(name)) == NULL) { | |
31601 | + break; | |
31602 | + } | |
31603 | + unregister_netdev(dev_mast); | |
31604 | + kfree(dev_mast->priv); | |
31605 | + dev_mast->priv=NULL; | |
31606 | + } | |
31607 | + return error; | |
31608 | +} | |
31609 | + | |
31610 | +/* | |
31611 | + * $Log: ipsec_mast.c,v $ | |
31612 | + * Revision 1.7.2.1 2006/10/06 21:39:26 paul | |
31613 | + * Fix for 2.6.18+ only include linux/config.h if AUTOCONF_INCLUDED is not | |
31614 | + * set. This is defined through autoconf.h which is included through the | |
31615 | + * linux kernel build macros. | |
31616 | + * | |
31617 | + * Revision 1.7 2005/04/29 05:10:22 mcr | |
31618 | + * removed from extraenous includes to make unit testing easier. | |
31619 | + * | |
31620 | + * Revision 1.6 2004/12/03 21:25:57 mcr | |
31621 | + * compile time fixes for running on 2.6. | |
31622 | + * still experimental. | |
31623 | + * | |
31624 | + * Revision 1.5 2004/08/03 18:19:08 mcr | |
31625 | + * in 2.6, use "net_device" instead of #define device->net_device. | |
31626 | + * this probably breaks 2.0 compiles. | |
31627 | + * | |
31628 | + * Revision 1.4 2004/07/10 19:11:18 mcr | |
31629 | + * CONFIG_IPSEC -> CONFIG_KLIPS. | |
31630 | + * | |
31631 | + * Revision 1.3 2003/10/31 02:27:55 mcr | |
31632 | + * pulled up port-selector patches and sa_id elimination. | |
31633 | + * | |
31634 | + * Revision 1.2.4.1 2003/10/29 01:30:41 mcr | |
31635 | + * elimited "struct sa_id". | |
31636 | + * | |
31637 | + * Revision 1.2 2003/06/22 20:06:17 mcr | |
31638 | + * refactored mast code still had lots of ipsecX junk in it. | |
31639 | + * | |
31640 | + * Revision 1.1 2003/02/12 19:31:12 rgb | |
31641 | + * Refactored from ipsec_tunnel.c | |
31642 | + * | |
31643 | + */ | |
31644 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
31645 | +++ linux/net/ipsec/ipsec_md5c.c Mon Feb 9 13:51:03 2004 | |
31646 | @@ -0,0 +1,453 @@ | |
31647 | +/* | |
31648 | + * RCSID $Id: ipsec_md5c.c,v 1.10 2005/04/15 01:25:57 mcr Exp $ | |
31649 | + */ | |
31650 | + | |
31651 | +/* | |
31652 | + * The rest of the code is derived from MD5C.C by RSADSI. Minor cosmetic | |
31653 | + * changes to accomodate it in the kernel by ji. | |
31654 | + */ | |
31655 | + | |
31656 | +#include <asm/byteorder.h> | |
31657 | +#include <linux/string.h> | |
31658 | + | |
31659 | +#include "openswan/ipsec_md5h.h" | |
31660 | + | |
31661 | +/* MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm | |
31662 | + */ | |
31663 | + | |
31664 | +/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All | |
31665 | +rights reserved. | |
31666 | + | |
31667 | +License to copy and use this software is granted provided that it | |
31668 | +is identified as the "RSA Data Security, Inc. MD5 Message-Digest | |
31669 | +Algorithm" in all material mentioning or referencing this software | |
31670 | +or this function. | |
31671 | + | |
31672 | +License is also granted to make and use derivative works provided | |
31673 | +that such works are identified as "derived from the RSA Data | |
31674 | +Security, Inc. MD5 Message-Digest Algorithm" in all material | |
31675 | +mentioning or referencing the derived work. | |
31676 | + | |
31677 | +RSA Data Security, Inc. makes no representations concerning either | |
31678 | +the merchantability of this software or the suitability of this | |
31679 | +software for any particular purpose. It is provided "as is" | |
31680 | +without express or implied warranty of any kind. | |
31681 | + | |
31682 | +These notices must be retained in any copies of any part of this | |
31683 | +documentation and/or software. | |
31684 | + */ | |
31685 | + | |
31686 | +/* | |
31687 | + * Additions by JI | |
31688 | + * | |
31689 | + * HAVEMEMCOPY is defined if mem* routines are available | |
31690 | + * | |
31691 | + * HAVEHTON is defined if htons() and htonl() can be used | |
31692 | + * for big/little endian conversions | |
31693 | + * | |
31694 | + */ | |
31695 | + | |
31696 | +#define HAVEMEMCOPY | |
31697 | +#ifdef __LITTLE_ENDIAN | |
31698 | +#define LITTLENDIAN | |
31699 | +#endif | |
31700 | +#ifdef __BIG_ENDIAN | |
31701 | +#define BIGENDIAN | |
31702 | +#endif | |
31703 | + | |
31704 | +/* Constants for MD5Transform routine. | |
31705 | + */ | |
31706 | + | |
31707 | +#define S11 7 | |
31708 | +#define S12 12 | |
31709 | +#define S13 17 | |
31710 | +#define S14 22 | |
31711 | +#define S21 5 | |
31712 | +#define S22 9 | |
31713 | +#define S23 14 | |
31714 | +#define S24 20 | |
31715 | +#define S31 4 | |
31716 | +#define S32 11 | |
31717 | +#define S33 16 | |
31718 | +#define S34 23 | |
31719 | +#define S41 6 | |
31720 | +#define S42 10 | |
31721 | +#define S43 15 | |
31722 | +#define S44 21 | |
31723 | + | |
31724 | +static void MD5Transform PROTO_LIST ((UINT4 [4], unsigned char [64])); | |
31725 | + | |
31726 | +#ifdef LITTLEENDIAN | |
31727 | +#define Encode MD5_memcpy | |
31728 | +#define Decode MD5_memcpy | |
31729 | +#else | |
31730 | +static void Encode PROTO_LIST | |
31731 | + ((unsigned char *, UINT4 *, unsigned int)); | |
31732 | +static void Decode PROTO_LIST | |
31733 | + ((UINT4 *, unsigned char *, unsigned int)); | |
31734 | +#endif | |
31735 | + | |
31736 | +#ifdef HAVEMEMCOPY | |
31737 | +/* no need to include <memory.h> here; <linux/string.h> defines these */ | |
31738 | +#define MD5_memcpy memcpy | |
31739 | +#define MD5_memset memset | |
31740 | +#else | |
31741 | +#ifdef HAVEBCOPY | |
31742 | +#define MD5_memcpy(_a,_b,_c) bcopy((_b),(_a),(_c)) | |
31743 | +#define MD5_memset(_a,_b,_c) bzero((_a),(_c)) | |
31744 | +#else | |
31745 | +static void MD5_memcpy PROTO_LIST ((POINTER, POINTER, unsigned int)); | |
31746 | +static void MD5_memset PROTO_LIST ((POINTER, int, unsigned int)); | |
31747 | +#endif | |
31748 | +#endif | |
31749 | +static unsigned char PADDING[64] = { | |
31750 | + 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, | |
31751 | + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, | |
31752 | + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 | |
31753 | +}; | |
31754 | + | |
31755 | +/* F, G, H and I are basic MD5 functions. | |
31756 | + */ | |
31757 | +#define F(x, y, z) (((x) & (y)) | ((~x) & (z))) | |
31758 | +#define G(x, y, z) (((x) & (z)) | ((y) & (~z))) | |
31759 | +#define H(x, y, z) ((x) ^ (y) ^ (z)) | |
31760 | +#define I(x, y, z) ((y) ^ ((x) | (~z))) | |
31761 | + | |
31762 | +/* ROTATE_LEFT rotates x left n bits. | |
31763 | + */ | |
31764 | +#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n)))) | |
31765 | + | |
31766 | +/* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4. | |
31767 | +Rotation is separate from addition to prevent recomputation. | |
31768 | + */ | |
31769 | +#define FF(a, b, c, d, x, s, ac) { \ | |
31770 | + (a) += F ((b), (c), (d)) + (x) + (UINT4)(ac); \ | |
31771 | + (a) = ROTATE_LEFT ((a), (s)); \ | |
31772 | + (a) += (b); \ | |
31773 | + } | |
31774 | +#define GG(a, b, c, d, x, s, ac) { \ | |
31775 | + (a) += G ((b), (c), (d)) + (x) + (UINT4)(ac); \ | |
31776 | + (a) = ROTATE_LEFT ((a), (s)); \ | |
31777 | + (a) += (b); \ | |
31778 | + } | |
31779 | +#define HH(a, b, c, d, x, s, ac) { \ | |
31780 | + (a) += H ((b), (c), (d)) + (x) + (UINT4)(ac); \ | |
31781 | + (a) = ROTATE_LEFT ((a), (s)); \ | |
31782 | + (a) += (b); \ | |
31783 | + } | |
31784 | +#define II(a, b, c, d, x, s, ac) { \ | |
31785 | + (a) += I ((b), (c), (d)) + (x) + (UINT4)(ac); \ | |
31786 | + (a) = ROTATE_LEFT ((a), (s)); \ | |
31787 | + (a) += (b); \ | |
31788 | + } | |
31789 | + | |
31790 | +/* | |
31791 | + * MD5 initialization. Begins an MD5 operation, writing a new context. | |
31792 | + */ | |
31793 | +void osMD5Init(void *vcontext) | |
31794 | +{ | |
31795 | + MD5_CTX *context = vcontext; | |
31796 | + | |
31797 | + context->count[0] = context->count[1] = 0; | |
31798 | + /* Load magic initialization constants.*/ | |
31799 | + context->state[0] = 0x67452301; | |
31800 | + context->state[1] = 0xefcdab89; | |
31801 | + context->state[2] = 0x98badcfe; | |
31802 | + context->state[3] = 0x10325476; | |
31803 | +} | |
31804 | + | |
31805 | +/* MD5 block update operation. Continues an MD5 message-digest | |
31806 | + operation, processing another message block, and updating the | |
31807 | + context. | |
31808 | + */ | |
31809 | +void osMD5Update (vcontext, input, inputLen) | |
31810 | + void *vcontext; | |
31811 | + unsigned char *input; /* input block */ | |
31812 | + __u32 inputLen; /* length of input block */ | |
31813 | +{ | |
31814 | + MD5_CTX *context = vcontext; | |
31815 | + __u32 i; | |
31816 | + unsigned int index, partLen; | |
31817 | + | |
31818 | + /* Compute number of bytes mod 64 */ | |
31819 | + index = (unsigned int)((context->count[0] >> 3) & 0x3F); | |
31820 | + | |
31821 | + /* Update number of bits */ | |
31822 | + if ((context->count[0] += ((UINT4)inputLen << 3)) | |
31823 | + < ((UINT4)inputLen << 3)) | |
31824 | + context->count[1]++; | |
31825 | + context->count[1] += ((UINT4)inputLen >> 29); | |
31826 | + | |
31827 | + partLen = 64 - index; | |
31828 | + | |
31829 | + /* Transform as many times as possible. | |
31830 | +*/ | |
31831 | + if (inputLen >= partLen) { | |
31832 | + MD5_memcpy | |
31833 | + ((POINTER)&context->buffer[index], (POINTER)input, partLen); | |
31834 | + MD5Transform (context->state, context->buffer); | |
31835 | + | |
31836 | + for (i = partLen; i + 63 < inputLen; i += 64) | |
31837 | + MD5Transform (context->state, &input[i]); | |
31838 | + | |
31839 | + index = 0; | |
31840 | + } | |
31841 | + else | |
31842 | + i = 0; | |
31843 | + | |
31844 | + /* Buffer remaining input */ | |
31845 | + MD5_memcpy | |
31846 | + ((POINTER)&context->buffer[index], (POINTER)&input[i], | |
31847 | + inputLen-i); | |
31848 | +} | |
31849 | + | |
31850 | +/* MD5 finalization. Ends an MD5 message-digest operation, writing the | |
31851 | + the message digest and zeroizing the context. | |
31852 | + */ | |
31853 | +void osMD5Final (digest, vcontext) | |
31854 | +unsigned char digest[16]; /* message digest */ | |
31855 | +void *vcontext; /* context */ | |
31856 | +{ | |
31857 | + MD5_CTX *context = vcontext; | |
31858 | + unsigned char bits[8]; | |
31859 | + unsigned int index, padLen; | |
31860 | + | |
31861 | + /* Save number of bits */ | |
31862 | + Encode (bits, context->count, 8); | |
31863 | + | |
31864 | + /* Pad out to 56 mod 64. | |
31865 | +*/ | |
31866 | + index = (unsigned int)((context->count[0] >> 3) & 0x3f); | |
31867 | + padLen = (index < 56) ? (56 - index) : (120 - index); | |
31868 | + osMD5Update (context, PADDING, padLen); | |
31869 | + | |
31870 | + /* Append length (before padding) */ | |
31871 | + osMD5Update (context, bits, 8); | |
31872 | + | |
31873 | + if (digest != NULL) /* Bill Simpson's padding */ | |
31874 | + { | |
31875 | + /* store state in digest */ | |
31876 | + Encode (digest, context->state, 16); | |
31877 | + | |
31878 | + /* Zeroize sensitive information. | |
31879 | + */ | |
31880 | + MD5_memset ((POINTER)context, 0, sizeof (*context)); | |
31881 | + } | |
31882 | +} | |
31883 | + | |
31884 | +/* MD5 basic transformation. Transforms state based on block. | |
31885 | + */ | |
31886 | +static void MD5Transform (state, block) | |
31887 | +UINT4 state[4]; | |
31888 | +unsigned char block[64]; | |
31889 | +{ | |
31890 | + UINT4 a = state[0], b = state[1], c = state[2], d = state[3], x[16]; | |
31891 | + | |
31892 | + Decode (x, block, 64); | |
31893 | + | |
31894 | + /* Round 1 */ | |
31895 | + FF (a, b, c, d, x[ 0], S11, 0xd76aa478); /* 1 */ | |
31896 | + FF (d, a, b, c, x[ 1], S12, 0xe8c7b756); /* 2 */ | |
31897 | + FF (c, d, a, b, x[ 2], S13, 0x242070db); /* 3 */ | |
31898 | + FF (b, c, d, a, x[ 3], S14, 0xc1bdceee); /* 4 */ | |
31899 | + FF (a, b, c, d, x[ 4], S11, 0xf57c0faf); /* 5 */ | |
31900 | + FF (d, a, b, c, x[ 5], S12, 0x4787c62a); /* 6 */ | |
31901 | + FF (c, d, a, b, x[ 6], S13, 0xa8304613); /* 7 */ | |
31902 | + FF (b, c, d, a, x[ 7], S14, 0xfd469501); /* 8 */ | |
31903 | + FF (a, b, c, d, x[ 8], S11, 0x698098d8); /* 9 */ | |
31904 | + FF (d, a, b, c, x[ 9], S12, 0x8b44f7af); /* 10 */ | |
31905 | + FF (c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */ | |
31906 | + FF (b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */ | |
31907 | + FF (a, b, c, d, x[12], S11, 0x6b901122); /* 13 */ | |
31908 | + FF (d, a, b, c, x[13], S12, 0xfd987193); /* 14 */ | |
31909 | + FF (c, d, a, b, x[14], S13, 0xa679438e); /* 15 */ | |
31910 | + FF (b, c, d, a, x[15], S14, 0x49b40821); /* 16 */ | |
31911 | + | |
31912 | + /* Round 2 */ | |
31913 | + GG (a, b, c, d, x[ 1], S21, 0xf61e2562); /* 17 */ | |
31914 | + GG (d, a, b, c, x[ 6], S22, 0xc040b340); /* 18 */ | |
31915 | + GG (c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */ | |
31916 | + GG (b, c, d, a, x[ 0], S24, 0xe9b6c7aa); /* 20 */ | |
31917 | + GG (a, b, c, d, x[ 5], S21, 0xd62f105d); /* 21 */ | |
31918 | + GG (d, a, b, c, x[10], S22, 0x2441453); /* 22 */ | |
31919 | + GG (c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */ | |
31920 | + GG (b, c, d, a, x[ 4], S24, 0xe7d3fbc8); /* 24 */ | |
31921 | + GG (a, b, c, d, x[ 9], S21, 0x21e1cde6); /* 25 */ | |
31922 | + GG (d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */ | |
31923 | + GG (c, d, a, b, x[ 3], S23, 0xf4d50d87); /* 27 */ | |
31924 | + GG (b, c, d, a, x[ 8], S24, 0x455a14ed); /* 28 */ | |
31925 | + GG (a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */ | |
31926 | + GG (d, a, b, c, x[ 2], S22, 0xfcefa3f8); /* 30 */ | |
31927 | + GG (c, d, a, b, x[ 7], S23, 0x676f02d9); /* 31 */ | |
31928 | + GG (b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */ | |
31929 | + | |
31930 | + /* Round 3 */ | |
31931 | + HH (a, b, c, d, x[ 5], S31, 0xfffa3942); /* 33 */ | |
31932 | + HH (d, a, b, c, x[ 8], S32, 0x8771f681); /* 34 */ | |
31933 | + HH (c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */ | |
31934 | + HH (b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */ | |
31935 | + HH (a, b, c, d, x[ 1], S31, 0xa4beea44); /* 37 */ | |
31936 | + HH (d, a, b, c, x[ 4], S32, 0x4bdecfa9); /* 38 */ | |
31937 | + HH (c, d, a, b, x[ 7], S33, 0xf6bb4b60); /* 39 */ | |
31938 | + HH (b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */ | |
31939 | + HH (a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */ | |
31940 | + HH (d, a, b, c, x[ 0], S32, 0xeaa127fa); /* 42 */ | |
31941 | + HH (c, d, a, b, x[ 3], S33, 0xd4ef3085); /* 43 */ | |
31942 | + HH (b, c, d, a, x[ 6], S34, 0x4881d05); /* 44 */ | |
31943 | + HH (a, b, c, d, x[ 9], S31, 0xd9d4d039); /* 45 */ | |
31944 | + HH (d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */ | |
31945 | + HH (c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */ | |
31946 | + HH (b, c, d, a, x[ 2], S34, 0xc4ac5665); /* 48 */ | |
31947 | + | |
31948 | + /* Round 4 */ | |
31949 | + II (a, b, c, d, x[ 0], S41, 0xf4292244); /* 49 */ | |
31950 | + II (d, a, b, c, x[ 7], S42, 0x432aff97); /* 50 */ | |
31951 | + II (c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */ | |
31952 | + II (b, c, d, a, x[ 5], S44, 0xfc93a039); /* 52 */ | |
31953 | + II (a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */ | |
31954 | + II (d, a, b, c, x[ 3], S42, 0x8f0ccc92); /* 54 */ | |
31955 | + II (c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */ | |
31956 | + II (b, c, d, a, x[ 1], S44, 0x85845dd1); /* 56 */ | |
31957 | + II (a, b, c, d, x[ 8], S41, 0x6fa87e4f); /* 57 */ | |
31958 | + II (d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */ | |
31959 | + II (c, d, a, b, x[ 6], S43, 0xa3014314); /* 59 */ | |
31960 | + II (b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */ | |
31961 | + II (a, b, c, d, x[ 4], S41, 0xf7537e82); /* 61 */ | |
31962 | + II (d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */ | |
31963 | + II (c, d, a, b, x[ 2], S43, 0x2ad7d2bb); /* 63 */ | |
31964 | + II (b, c, d, a, x[ 9], S44, 0xeb86d391); /* 64 */ | |
31965 | + | |
31966 | + state[0] += a; | |
31967 | + state[1] += b; | |
31968 | + state[2] += c; | |
31969 | + state[3] += d; | |
31970 | + | |
31971 | + /* Zeroize sensitive information. | |
31972 | +*/ | |
31973 | + MD5_memset ((POINTER)x, 0, sizeof (x)); | |
31974 | +} | |
31975 | + | |
31976 | +#ifndef LITTLEENDIAN | |
31977 | + | |
31978 | +/* Encodes input (UINT4) into output (unsigned char). Assumes len is | |
31979 | + a multiple of 4. | |
31980 | + */ | |
31981 | +static void Encode (output, input, len) | |
31982 | +unsigned char *output; | |
31983 | +UINT4 *input; | |
31984 | +unsigned int len; | |
31985 | +{ | |
31986 | + unsigned int i, j; | |
31987 | + | |
31988 | + for (i = 0, j = 0; j < len; i++, j += 4) { | |
31989 | + output[j] = (unsigned char)(input[i] & 0xff); | |
31990 | + output[j+1] = (unsigned char)((input[i] >> 8) & 0xff); | |
31991 | + output[j+2] = (unsigned char)((input[i] >> 16) & 0xff); | |
31992 | + output[j+3] = (unsigned char)((input[i] >> 24) & 0xff); | |
31993 | + } | |
31994 | +} | |
31995 | + | |
31996 | +/* Decodes input (unsigned char) into output (UINT4). Assumes len is | |
31997 | + a multiple of 4. | |
31998 | + */ | |
31999 | +static void Decode (output, input, len) | |
32000 | +UINT4 *output; | |
32001 | +unsigned char *input; | |
32002 | +unsigned int len; | |
32003 | +{ | |
32004 | + unsigned int i, j; | |
32005 | + | |
32006 | + for (i = 0, j = 0; j < len; i++, j += 4) | |
32007 | + output[i] = ((UINT4)input[j]) | (((UINT4)input[j+1]) << 8) | | |
32008 | + (((UINT4)input[j+2]) << 16) | (((UINT4)input[j+3]) << 24); | |
32009 | +} | |
32010 | + | |
32011 | +#endif | |
32012 | + | |
32013 | +#ifndef HAVEMEMCOPY | |
32014 | +#ifndef HAVEBCOPY | |
32015 | +/* Note: Replace "for loop" with standard memcpy if possible. | |
32016 | + */ | |
32017 | + | |
32018 | +static void MD5_memcpy (output, input, len) | |
32019 | +POINTER output; | |
32020 | +POINTER input; | |
32021 | +unsigned int len; | |
32022 | +{ | |
32023 | + unsigned int i; | |
32024 | + | |
32025 | + for (i = 0; i < len; i++) | |
32026 | + | |
32027 | + output[i] = input[i]; | |
32028 | +} | |
32029 | + | |
32030 | +/* Note: Replace "for loop" with standard memset if possible. | |
32031 | + */ | |
32032 | + | |
32033 | +static void MD5_memset (output, value, len) | |
32034 | +POINTER output; | |
32035 | +int value; | |
32036 | +unsigned int len; | |
32037 | +{ | |
32038 | + unsigned int i; | |
32039 | + | |
32040 | + for (i = 0; i < len; i++) | |
32041 | + ((char *)output)[i] = (char)value; | |
32042 | +} | |
32043 | +#endif | |
32044 | +#endif | |
32045 | + | |
32046 | +/* | |
32047 | + * $Log: ipsec_md5c.c,v $ | |
32048 | + * Revision 1.10 2005/04/15 01:25:57 mcr | |
32049 | + * minor fix to comments. | |
32050 | + * | |
32051 | + * Revision 1.9 2004/09/08 17:21:36 ken | |
32052 | + * Rename MD5* -> osMD5 functions to prevent clashes with other symbols exported by kernel modules (CIFS in 2.6 initiated this) | |
32053 | + * | |
32054 | + * Revision 1.8 2004/04/06 02:49:26 mcr | |
32055 | + * pullup of algo code from alg-branch. | |
32056 | + * | |
32057 | + * Revision 1.7 2002/09/10 01:45:14 mcr | |
32058 | + * changed type of MD5_CTX and SHA1_CTX to void * so that | |
32059 | + * the function prototypes would match, and could be placed | |
32060 | + * into a pointer to a function. | |
32061 | + * | |
32062 | + * Revision 1.6 2002/04/24 07:55:32 mcr | |
32063 | + * #include patches and Makefiles for post-reorg compilation. | |
32064 | + * | |
32065 | + * Revision 1.5 2002/04/24 07:36:28 mcr | |
32066 | + * Moved from ./klips/net/ipsec/ipsec_md5c.c,v | |
32067 | + * | |
32068 | + * Revision 1.4 1999/12/13 13:59:12 rgb | |
32069 | + * Quick fix to argument size to Update bugs. | |
32070 | + * | |
32071 | + * Revision 1.3 1999/05/21 18:09:28 henry | |
32072 | + * unnecessary <memory.h> include causes trouble in 2.2 | |
32073 | + * | |
32074 | + * Revision 1.2 1999/04/06 04:54:26 rgb | |
32075 | + * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes | |
32076 | + * patch shell fixes. | |
32077 | + * | |
32078 | + * Revision 1.1 1998/06/18 21:27:48 henry | |
32079 | + * move sources from klips/src to klips/net/ipsec, to keep stupid | |
32080 | + * kernel-build scripts happier in the presence of symlinks | |
32081 | + * | |
32082 | + * Revision 1.2 1998/04/23 20:54:02 rgb | |
32083 | + * Fixed md5 and sha1 include file nesting issues, to be cleaned up when | |
32084 | + * verified. | |
32085 | + * | |
32086 | + * Revision 1.1 1998/04/09 03:06:08 henry | |
32087 | + * sources moved up from linux/net/ipsec | |
32088 | + * | |
32089 | + * Revision 1.1.1.1 1998/04/08 05:35:04 henry | |
32090 | + * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8 | |
32091 | + * | |
32092 | + * Revision 0.3 1996/11/20 14:48:53 ji | |
32093 | + * Release update only. | |
32094 | + * | |
32095 | + * Revision 0.2 1996/11/02 00:18:33 ji | |
32096 | + * First limited release. | |
32097 | + * | |
32098 | + * | |
32099 | + */ | |
32100 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
32101 | +++ linux/net/ipsec/ipsec_proc.c Mon Feb 9 13:51:03 2004 | |
32102 | @@ -0,0 +1,1186 @@ | |
32103 | +/* | |
32104 | + * @(#) /proc file system interface code. | |
32105 | + * | |
32106 | + * Copyright (C) 1996, 1997 John Ioannidis. | |
32107 | + * Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs <rgb@freeswan.org> | |
32108 | + * 2001 Michael Richardson <mcr@freeswan.org> | |
32109 | + * | |
32110 | + * This program is free software; you can redistribute it and/or modify it | |
32111 | + * under the terms of the GNU General Public License as published by the | |
32112 | + * Free Software Foundation; either version 2 of the License, or (at your | |
32113 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
32114 | + * | |
32115 | + * This program is distributed in the hope that it will be useful, but | |
32116 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
32117 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
32118 | + * for more details. | |
32119 | + * | |
32120 | + * Split out from ipsec_init.c version 1.70. | |
32121 | + */ | |
32122 | + | |
32123 | +char ipsec_proc_c_version[] = "RCSID $Id: ipsec_proc.c,v 1.39.2.4 2006/11/15 22:21:39 paul Exp $"; | |
32124 | + | |
32125 | + | |
32126 | +#ifndef AUTOCONF_INCLUDED | |
32127 | +#include <linux/config.h> | |
32128 | +#endif | |
32129 | +#include <linux/version.h> | |
32130 | +#define __NO_VERSION__ | |
32131 | +#include <linux/module.h> | |
32132 | +#include <linux/kernel.h> /* printk() */ | |
32133 | + | |
32134 | +#include "openswan/ipsec_kversion.h" | |
32135 | +#include "openswan/ipsec_param.h" | |
32136 | + | |
32137 | +#ifdef MALLOC_SLAB | |
32138 | +# include <linux/slab.h> /* kmalloc() */ | |
32139 | +#else /* MALLOC_SLAB */ | |
32140 | +# include <linux/malloc.h> /* kmalloc() */ | |
32141 | +#endif /* MALLOC_SLAB */ | |
32142 | +#include <linux/errno.h> /* error codes */ | |
32143 | +#include <linux/types.h> /* size_t */ | |
32144 | +#include <linux/interrupt.h> /* mark_bh */ | |
32145 | + | |
32146 | +#include <linux/netdevice.h> /* struct device, and other headers */ | |
32147 | +#include <linux/etherdevice.h> /* eth_type_trans */ | |
32148 | +#include <linux/ip.h> /* struct iphdr */ | |
32149 | +#include <linux/in.h> /* struct sockaddr_in */ | |
32150 | +#include <linux/skbuff.h> | |
32151 | +#include <asm/uaccess.h> /* copy_from_user */ | |
32152 | +#include <openswan.h> | |
32153 | +#ifdef SPINLOCK | |
32154 | +#ifdef SPINLOCK_23 | |
32155 | +#include <linux/spinlock.h> /* *lock* */ | |
32156 | +#else /* SPINLOCK_23 */ | |
32157 | +#include <asm/spinlock.h> /* *lock* */ | |
32158 | +#endif /* SPINLOCK_23 */ | |
32159 | +#endif /* SPINLOCK */ | |
32160 | + | |
32161 | +#include <net/ip.h> | |
32162 | +#ifdef CONFIG_PROC_FS | |
32163 | +#include <linux/proc_fs.h> | |
32164 | +#endif /* CONFIG_PROC_FS */ | |
32165 | +#ifdef NETLINK_SOCK | |
32166 | +#include <linux/netlink.h> | |
32167 | +#else | |
32168 | +#include <net/netlink.h> | |
32169 | +#endif | |
32170 | + | |
32171 | +#include "openswan/radij.h" | |
32172 | + | |
32173 | +#include "openswan/ipsec_life.h" | |
32174 | +#include "openswan/ipsec_stats.h" | |
32175 | +#include "openswan/ipsec_sa.h" | |
32176 | + | |
32177 | +#include "openswan/ipsec_encap.h" | |
32178 | +#include "openswan/ipsec_radij.h" | |
32179 | +#include "openswan/ipsec_xform.h" | |
32180 | +#include "openswan/ipsec_tunnel.h" | |
32181 | +#include "openswan/ipsec_xmit.h" | |
32182 | + | |
32183 | +#include "openswan/ipsec_rcv.h" | |
32184 | +#include "openswan/ipsec_ah.h" | |
32185 | +#include "openswan/ipsec_esp.h" | |
32186 | +#include "openswan/ipsec_kern24.h" | |
32187 | + | |
32188 | +#ifdef CONFIG_KLIPS_IPCOMP | |
32189 | +#include "openswan/ipcomp.h" | |
32190 | +#endif /* CONFIG_KLIPS_IPCOMP */ | |
32191 | + | |
32192 | +#include "openswan/ipsec_proto.h" | |
32193 | + | |
32194 | +#include <pfkeyv2.h> | |
32195 | +#include <pfkey.h> | |
32196 | + | |
32197 | +#ifdef CONFIG_PROC_FS | |
32198 | + | |
32199 | +#ifdef IPSEC_PROC_SUBDIRS | |
32200 | +static struct proc_dir_entry *proc_net_ipsec_dir = NULL; | |
32201 | +static struct proc_dir_entry *proc_eroute_dir = NULL; | |
32202 | +static struct proc_dir_entry *proc_spi_dir = NULL; | |
32203 | +static struct proc_dir_entry *proc_spigrp_dir = NULL; | |
32204 | +static struct proc_dir_entry *proc_birth_dir = NULL; | |
32205 | +static struct proc_dir_entry *proc_stats_dir = NULL; | |
32206 | +#endif | |
32207 | + | |
32208 | +struct ipsec_birth_reply ipsec_ipv4_birth_packet; | |
32209 | +struct ipsec_birth_reply ipsec_ipv6_birth_packet; | |
32210 | + | |
32211 | +#ifdef CONFIG_KLIPS_DEBUG | |
32212 | +int debug_esp = 0; | |
32213 | +int debug_ah = 0; | |
32214 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
32215 | + | |
32216 | +#define DECREMENT_UNSIGNED(X, amount) ((amount < (X)) ? (X)-amount : 0) | |
32217 | + | |
32218 | +extern int ipsec_xform_get_info(char *buffer, char **start, | |
32219 | + off_t offset, int length IPSEC_PROC_LAST_ARG); | |
32220 | + | |
32221 | + | |
32222 | +IPSEC_PROCFS_DEBUG_NO_STATIC | |
32223 | +int | |
32224 | +ipsec_eroute_get_info(char *buffer, | |
32225 | + char **start, | |
32226 | + off_t offset, | |
32227 | + int length IPSEC_PROC_LAST_ARG) | |
32228 | +{ | |
32229 | + struct wsbuf w = {buffer, length, offset, 0, 0}; | |
32230 | + | |
32231 | +#ifdef CONFIG_KLIPS_DEBUG | |
32232 | + if (debug_radij & DB_RJ_DUMPTREES) | |
32233 | + rj_dumptrees(); /* XXXXXXXXX */ | |
32234 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
32235 | + | |
32236 | + KLIPS_PRINT(debug_tunnel & DB_TN_PROCFS, | |
32237 | + "klips_debug:ipsec_eroute_get_info: " | |
32238 | + "buffer=0p%p, *start=0p%p, offset=%d, length=%d\n", | |
32239 | + buffer, | |
32240 | + *start, | |
32241 | + (int)offset, | |
32242 | + length); | |
32243 | + | |
32244 | + spin_lock_bh(&eroute_lock); | |
32245 | + | |
32246 | + rj_walktree(rnh, ipsec_rj_walker_procprint, &w); | |
32247 | +/* rj_walktree(mask_rjhead, ipsec_rj_walker_procprint, &w); */ | |
32248 | + | |
32249 | + spin_unlock_bh(&eroute_lock); | |
32250 | + | |
32251 | + *start = buffer + (offset - w.begin); /* Start of wanted data */ | |
32252 | + return w.len - (offset - w.begin); | |
32253 | +} | |
32254 | + | |
32255 | +IPSEC_PROCFS_DEBUG_NO_STATIC | |
32256 | +int | |
32257 | +ipsec_spi_get_info(char *buffer, | |
32258 | + char **start, | |
32259 | + off_t offset, | |
32260 | + int length IPSEC_PROC_LAST_ARG) | |
32261 | +{ | |
32262 | + const int max_content = length > 0? length-1 : 0; | |
32263 | + int len = 0; | |
32264 | + off_t begin = 0; | |
32265 | + int i; | |
32266 | + struct ipsec_sa *sa_p; | |
32267 | + char sa[SATOT_BUF]; | |
32268 | + char buf_s[SUBNETTOA_BUF]; | |
32269 | + char buf_d[SUBNETTOA_BUF]; | |
32270 | + size_t sa_len; | |
32271 | + | |
32272 | + KLIPS_PRINT(debug_tunnel & DB_TN_PROCFS, | |
32273 | + "klips_debug:ipsec_spi_get_info: " | |
32274 | + "buffer=0p%p, *start=0p%p, offset=%d, length=%d\n", | |
32275 | + buffer, | |
32276 | + *start, | |
32277 | + (int)offset, | |
32278 | + length); | |
32279 | + | |
32280 | + spin_lock_bh(&tdb_lock); | |
32281 | + | |
32282 | + for (i = 0; i < SADB_HASHMOD; i++) { | |
32283 | + for (sa_p = ipsec_sadb_hash[i]; | |
32284 | + sa_p; | |
32285 | + sa_p = sa_p->ips_hnext) { | |
32286 | + atomic_inc(&sa_p->ips_refcount); | |
32287 | + sa_len = satot(&sa_p->ips_said, 'x', sa, sizeof(sa)); | |
32288 | + len += ipsec_snprintf(buffer+len, length-len, "%s ", | |
32289 | + sa_len ? sa : " (error)"); | |
32290 | + | |
32291 | + len += ipsec_snprintf(buffer+len, length-len, "%s%s%s", | |
32292 | + IPS_XFORM_NAME(sa_p)); | |
32293 | + | |
32294 | + len += ipsec_snprintf(buffer+len, length-len, ": dir=%s", | |
32295 | + (sa_p->ips_flags & EMT_INBOUND) ? | |
32296 | + "in " : "out"); | |
32297 | + | |
32298 | + if(sa_p->ips_addr_s) { | |
32299 | + addrtoa(((struct sockaddr_in*)(sa_p->ips_addr_s))->sin_addr, | |
32300 | + 0, buf_s, sizeof(buf_s)); | |
32301 | + len += ipsec_snprintf(buffer+len, length-len, " src=%s", | |
32302 | + buf_s); | |
32303 | + } | |
32304 | + | |
32305 | + if((sa_p->ips_said.proto == IPPROTO_IPIP) | |
32306 | + && (sa_p->ips_flags & SADB_X_SAFLAGS_INFLOW)) { | |
32307 | + subnettoa(sa_p->ips_flow_s.u.v4.sin_addr, | |
32308 | + sa_p->ips_mask_s.u.v4.sin_addr, | |
32309 | + 0, | |
32310 | + buf_s, | |
32311 | + sizeof(buf_s)); | |
32312 | + | |
32313 | + subnettoa(sa_p->ips_flow_d.u.v4.sin_addr, | |
32314 | + sa_p->ips_mask_d.u.v4.sin_addr, | |
32315 | + 0, | |
32316 | + buf_d, | |
32317 | + sizeof(buf_d)); | |
32318 | + | |
32319 | + len += ipsec_snprintf(buffer+len, length-len, " policy=%s->%s", | |
32320 | + buf_s, buf_d); | |
32321 | + } | |
32322 | + | |
32323 | + if(sa_p->ips_iv_bits) { | |
32324 | + int j; | |
32325 | + len += ipsec_snprintf(buffer+len, length-len, " iv_bits=%dbits iv=0x", | |
32326 | + sa_p->ips_iv_bits); | |
32327 | + | |
32328 | + for(j = 0; j < sa_p->ips_iv_bits / 8; j++) { | |
32329 | + len += ipsec_snprintf(buffer+len, length-len, "%02x", | |
32330 | + (__u32)((__u8*)(sa_p->ips_iv))[j]); | |
32331 | + } | |
32332 | + } | |
32333 | + | |
32334 | + if(sa_p->ips_encalg || sa_p->ips_authalg) { | |
32335 | + if(sa_p->ips_replaywin) { | |
32336 | + len += ipsec_snprintf(buffer+len, length-len, " ooowin=%d", | |
32337 | + sa_p->ips_replaywin); | |
32338 | + } | |
32339 | + if(sa_p->ips_errs.ips_replaywin_errs) { | |
32340 | + len += ipsec_snprintf(buffer+len, length-len, " ooo_errs=%d", | |
32341 | + sa_p->ips_errs.ips_replaywin_errs); | |
32342 | + } | |
32343 | + if(sa_p->ips_replaywin_lastseq) { | |
32344 | + len += ipsec_snprintf(buffer+len, length-len, " seq=%d", | |
32345 | + sa_p->ips_replaywin_lastseq); | |
32346 | + } | |
32347 | + if(sa_p->ips_replaywin_bitmap) { | |
32348 | +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,0) | |
32349 | + len += ipsec_snprintf(buffer+len, length-len, " bit=0x%Lx", | |
32350 | + sa_p->ips_replaywin_bitmap); | |
32351 | +#else | |
32352 | + len += ipsec_snprintf(buffer+len, length-len, " bit=0x%x%08x", | |
32353 | + (__u32)(sa_p->ips_replaywin_bitmap >> 32), | |
32354 | + (__u32)sa_p->ips_replaywin_bitmap); | |
32355 | +#endif | |
32356 | + } | |
32357 | + if(sa_p->ips_replaywin_maxdiff) { | |
32358 | + len += ipsec_snprintf(buffer+len, length-len, " max_seq_diff=%d", | |
32359 | + sa_p->ips_replaywin_maxdiff); | |
32360 | + } | |
32361 | + } | |
32362 | + if(sa_p->ips_flags & ~EMT_INBOUND) { | |
32363 | + len += ipsec_snprintf(buffer+len, length-len, " flags=0x%x", | |
32364 | + sa_p->ips_flags & ~EMT_INBOUND); | |
32365 | + len += ipsec_snprintf(buffer+len, length-len, "<"); | |
32366 | + /* flag printing goes here */ | |
32367 | + len += ipsec_snprintf(buffer+len, length-len, ">"); | |
32368 | + } | |
32369 | + if(sa_p->ips_auth_bits) { | |
32370 | + len += ipsec_snprintf(buffer+len, length-len, " alen=%d", | |
32371 | + sa_p->ips_auth_bits); | |
32372 | + } | |
32373 | + if(sa_p->ips_key_bits_a) { | |
32374 | + len += ipsec_snprintf(buffer+len, length-len, " aklen=%d", | |
32375 | + sa_p->ips_key_bits_a); | |
32376 | + } | |
32377 | + if(sa_p->ips_errs.ips_auth_errs) { | |
32378 | + len += ipsec_snprintf(buffer+len, length-len, " auth_errs=%d", | |
32379 | + sa_p->ips_errs.ips_auth_errs); | |
32380 | + } | |
32381 | + if(sa_p->ips_key_bits_e) { | |
32382 | + len += ipsec_snprintf(buffer+len, length-len, " eklen=%d", | |
32383 | + sa_p->ips_key_bits_e); | |
32384 | + } | |
32385 | + if(sa_p->ips_errs.ips_encsize_errs) { | |
32386 | + len += ipsec_snprintf(buffer+len, length-len, " encr_size_errs=%d", | |
32387 | + sa_p->ips_errs.ips_encsize_errs); | |
32388 | + } | |
32389 | + if(sa_p->ips_errs.ips_encpad_errs) { | |
32390 | + len += ipsec_snprintf(buffer+len, length-len, " encr_pad_errs=%d", | |
32391 | + sa_p->ips_errs.ips_encpad_errs); | |
32392 | + } | |
32393 | + | |
32394 | + len += ipsec_snprintf(buffer+len, length-len, " life(c,s,h)="); | |
32395 | + | |
32396 | + len += ipsec_lifetime_format(buffer + len, | |
32397 | + length - len, | |
32398 | + "alloc", | |
32399 | + ipsec_life_countbased, | |
32400 | + &sa_p->ips_life.ipl_allocations); | |
32401 | + | |
32402 | + len += ipsec_lifetime_format(buffer + len, | |
32403 | + length - len, | |
32404 | + "bytes", | |
32405 | + ipsec_life_countbased, | |
32406 | + &sa_p->ips_life.ipl_bytes); | |
32407 | + | |
32408 | + len += ipsec_lifetime_format(buffer + len, | |
32409 | + length - len, | |
32410 | + "addtime", | |
32411 | + ipsec_life_timebased, | |
32412 | + &sa_p->ips_life.ipl_addtime); | |
32413 | + | |
32414 | + len += ipsec_lifetime_format(buffer + len, | |
32415 | + length - len, | |
32416 | + "usetime", | |
32417 | + ipsec_life_timebased, | |
32418 | + &sa_p->ips_life.ipl_usetime); | |
32419 | + | |
32420 | + len += ipsec_lifetime_format(buffer + len, | |
32421 | + length - len, | |
32422 | + "packets", | |
32423 | + ipsec_life_countbased, | |
32424 | + &sa_p->ips_life.ipl_packets); | |
32425 | + | |
32426 | + if(sa_p->ips_life.ipl_usetime.ipl_last) { /* XXX-MCR should be last? */ | |
32427 | +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,0) | |
32428 | + len += ipsec_snprintf(buffer+len, length-len, " idle=%Ld", | |
32429 | + jiffies / HZ - sa_p->ips_life.ipl_usetime.ipl_last); | |
32430 | +#else | |
32431 | + len += ipsec_snprintf(buffer+len, length-len, " idle=%lu", | |
32432 | + jiffies / HZ - (unsigned long)sa_p->ips_life.ipl_usetime.ipl_last); | |
32433 | +#endif | |
32434 | + } | |
32435 | + | |
32436 | +#ifdef CONFIG_KLIPS_IPCOMP | |
32437 | + if(sa_p->ips_said.proto == IPPROTO_COMP && | |
32438 | + (sa_p->ips_comp_ratio_dbytes || | |
32439 | + sa_p->ips_comp_ratio_cbytes)) { | |
32440 | +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,0) | |
32441 | + len += ipsec_snprintf(buffer+len, length-len, " ratio=%Ld:%Ld", | |
32442 | + sa_p->ips_comp_ratio_dbytes, | |
32443 | + sa_p->ips_comp_ratio_cbytes); | |
32444 | +#else | |
32445 | + len += ipsec_snprintf(buffer+len, length-len, " ratio=%lu:%lu", | |
32446 | + (unsigned long)sa_p->ips_comp_ratio_dbytes, | |
32447 | + (unsigned long)sa_p->ips_comp_ratio_cbytes); | |
32448 | +#endif | |
32449 | + } | |
32450 | +#endif /* CONFIG_KLIPS_IPCOMP */ | |
32451 | + | |
32452 | +#ifdef CONFIG_IPSEC_NAT_TRAVERSAL | |
32453 | + { | |
32454 | + char *natttype_name; | |
32455 | + | |
32456 | + switch(sa_p->ips_natt_type) | |
32457 | + { | |
32458 | + case 0: | |
32459 | + natttype_name="none"; | |
32460 | + break; | |
32461 | + case ESPINUDP_WITH_NON_IKE: | |
32462 | + natttype_name="nonike"; | |
32463 | + break; | |
32464 | + case ESPINUDP_WITH_NON_ESP: | |
32465 | + natttype_name="nonesp"; | |
32466 | + break; | |
32467 | + default: | |
32468 | + natttype_name = "unknown"; | |
32469 | + break; | |
32470 | + } | |
32471 | + | |
32472 | + len += ipsec_snprintf(buffer + len, length-len, " natencap=%s", | |
32473 | + natttype_name); | |
32474 | + | |
32475 | + len += ipsec_snprintf(buffer + len, length-len, " natsport=%d", | |
32476 | + sa_p->ips_natt_sport); | |
32477 | + | |
32478 | + len += ipsec_snprintf(buffer + len,length-len, " natdport=%d", | |
32479 | + sa_p->ips_natt_dport); | |
32480 | + } | |
32481 | +#else | |
32482 | + len += ipsec_snprintf(buffer + len, length-len, " natencap=na"); | |
32483 | +#endif /* CONFIG_IPSEC_NAT_TRAVERSAL */ | |
32484 | + | |
32485 | + len += ipsec_snprintf(buffer + len,length-len, " refcount=%d", | |
32486 | + atomic_read(&sa_p->ips_refcount)); | |
32487 | + | |
32488 | + len += ipsec_snprintf(buffer+len, length-len, " ref=%d", | |
32489 | + sa_p->ips_ref); | |
32490 | +#ifdef CONFIG_KLIPS_DEBUG | |
32491 | + if(debug_xform) { | |
32492 | + len += ipsec_snprintf(buffer+len, length-len, " reftable=%lu refentry=%lu", | |
32493 | + (unsigned long)IPsecSAref2table(sa_p->ips_ref), | |
32494 | + (unsigned long)IPsecSAref2entry(sa_p->ips_ref)); | |
32495 | + } | |
32496 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
32497 | + | |
32498 | + len += ipsec_snprintf(buffer+len, length-len, "\n"); | |
32499 | + | |
32500 | + atomic_dec(&sa_p->ips_refcount); | |
32501 | + | |
32502 | + if (len >= max_content) { | |
32503 | + /* we've done all that can fit -- stop loops */ | |
32504 | + len = max_content; /* truncate crap */ | |
32505 | + goto done_spi_i; | |
32506 | + } else { | |
32507 | + const off_t pos = begin + len; /* file position of end of what we've generated */ | |
32508 | + | |
32509 | + if (pos <= offset) { | |
32510 | + /* all is before first interesting character: | |
32511 | + * discard, but note where we are. | |
32512 | + */ | |
32513 | + len = 0; | |
32514 | + begin = pos; | |
32515 | + } | |
32516 | + } | |
32517 | + } | |
32518 | + } | |
32519 | + | |
32520 | +done_spi_i: | |
32521 | + spin_unlock_bh(&tdb_lock); | |
32522 | + | |
32523 | + *start = buffer + (offset - begin); /* Start of wanted data */ | |
32524 | + return len - (offset - begin); | |
32525 | +} | |
32526 | + | |
32527 | +IPSEC_PROCFS_DEBUG_NO_STATIC | |
32528 | +int | |
32529 | +ipsec_spigrp_get_info(char *buffer, | |
32530 | + char **start, | |
32531 | + off_t offset, | |
32532 | + int length IPSEC_PROC_LAST_ARG) | |
32533 | +{ | |
32534 | + /* Limit of useful snprintf output */ | |
32535 | + const int max_content = length > 0? length-1 : 0; | |
32536 | + | |
32537 | + int len = 0; | |
32538 | + off_t begin = 0; | |
32539 | + int i; | |
32540 | + struct ipsec_sa *sa_p, *sa_p2; | |
32541 | + char sa[SATOT_BUF]; | |
32542 | + size_t sa_len; | |
32543 | + | |
32544 | + KLIPS_PRINT(debug_tunnel & DB_TN_PROCFS, | |
32545 | + "klips_debug:ipsec_spigrp_get_info: " | |
32546 | + "buffer=0p%p, *start=0p%p, offset=%d, length=%d\n", | |
32547 | + buffer, | |
32548 | + *start, | |
32549 | + (int)offset, | |
32550 | + length); | |
32551 | + | |
32552 | + spin_lock_bh(&tdb_lock); | |
32553 | + | |
32554 | + for (i = 0; i < SADB_HASHMOD; i++) { | |
32555 | + for (sa_p = ipsec_sadb_hash[i]; | |
32556 | + sa_p != NULL; | |
32557 | + sa_p = sa_p->ips_hnext) | |
32558 | + { | |
32559 | + atomic_inc(&sa_p->ips_refcount); | |
32560 | + if(sa_p->ips_inext == NULL) { | |
32561 | + sa_p2 = sa_p; | |
32562 | + while(sa_p2 != NULL) { | |
32563 | + atomic_inc(&sa_p2->ips_refcount); | |
32564 | + sa_len = satot(&sa_p2->ips_said, | |
32565 | + 'x', sa, sizeof(sa)); | |
32566 | + | |
32567 | + len += ipsec_snprintf(buffer+len, length-len, "%s ", | |
32568 | + sa_len ? sa : " (error)"); | |
32569 | + atomic_dec(&sa_p2->ips_refcount); | |
32570 | + sa_p2 = sa_p2->ips_onext; | |
32571 | + } | |
32572 | + len += ipsec_snprintf(buffer+len, length-len, "\n"); | |
32573 | + } | |
32574 | + | |
32575 | + atomic_dec(&sa_p->ips_refcount); | |
32576 | + | |
32577 | + if (len >= max_content) { | |
32578 | + /* we've done all that can fit -- stop loops */ | |
32579 | + len = max_content; /* truncate crap */ | |
32580 | + goto done_spigrp_i; | |
32581 | + } else { | |
32582 | + const off_t pos = begin + len; | |
32583 | + | |
32584 | + if (pos <= offset) { | |
32585 | + /* all is before first interesting character: | |
32586 | + * discard, but note where we are. | |
32587 | + */ | |
32588 | + len = 0; | |
32589 | + begin = pos; | |
32590 | + } | |
32591 | + } | |
32592 | + } | |
32593 | + } | |
32594 | + | |
32595 | +done_spigrp_i: | |
32596 | + spin_unlock_bh(&tdb_lock); | |
32597 | + | |
32598 | + *start = buffer + (offset - begin); /* Start of wanted data */ | |
32599 | + return len - (offset - begin); | |
32600 | +} | |
32601 | + | |
32602 | + | |
32603 | +IPSEC_PROCFS_DEBUG_NO_STATIC | |
32604 | +int | |
32605 | +ipsec_tncfg_get_info(char *buffer, | |
32606 | + char **start, | |
32607 | + off_t offset, | |
32608 | + int length IPSEC_PROC_LAST_ARG) | |
32609 | +{ | |
32610 | + /* limit of useful snprintf output */ | |
32611 | + const int max_content = length > 0? length-1 : 0; | |
32612 | + int len = 0; | |
32613 | + off_t begin = 0; | |
32614 | + int i; | |
32615 | + char name[9]; | |
32616 | + struct net_device *dev, *privdev; | |
32617 | + struct ipsecpriv *priv; | |
32618 | + | |
32619 | + KLIPS_PRINT(debug_tunnel & DB_TN_PROCFS, | |
32620 | + "klips_debug:ipsec_tncfg_get_info: " | |
32621 | + "buffer=0p%p, *start=0p%p, offset=%d, length=%d\n", | |
32622 | + buffer, | |
32623 | + *start, | |
32624 | + (int)offset, | |
32625 | + length); | |
32626 | + | |
32627 | + for(i = 0; i < IPSEC_NUM_IF; i++) { | |
32628 | + ipsec_snprintf(name, (ssize_t) sizeof(name), IPSEC_DEV_FORMAT, i); | |
32629 | + dev = __ipsec_dev_get(name); | |
32630 | + if(dev) { | |
32631 | + priv = (struct ipsecpriv *)(dev->priv); | |
32632 | + len += ipsec_snprintf(buffer+len, length-len, "%s", | |
32633 | + dev->name); | |
32634 | + if(priv) { | |
32635 | + privdev = (struct net_device *)(priv->dev); | |
32636 | + len += ipsec_snprintf(buffer+len, length-len, " -> %s", | |
32637 | + privdev ? privdev->name : "NULL"); | |
32638 | + len += ipsec_snprintf(buffer+len, length-len, " mtu=%d(%d) -> %d", | |
32639 | + dev->mtu, | |
32640 | + priv->mtu, | |
32641 | + privdev ? privdev->mtu : 0); | |
32642 | + } else { | |
32643 | + KLIPS_PRINT(debug_tunnel & DB_TN_PROCFS, | |
32644 | + "klips_debug:ipsec_tncfg_get_info: device '%s' has no private data space!\n", | |
32645 | + dev->name); | |
32646 | + } | |
32647 | + len += ipsec_snprintf(buffer+len, length-len, "\n"); | |
32648 | + | |
32649 | + if (len >= max_content) { | |
32650 | + /* we've done all that can fit -- stop loop */ | |
32651 | + len = max_content; /* truncate crap */ | |
32652 | + break; | |
32653 | + } else { | |
32654 | + const off_t pos = begin + len; | |
32655 | + if (pos <= offset) { | |
32656 | + len = 0; | |
32657 | + begin = pos; | |
32658 | + } | |
32659 | + } | |
32660 | + } | |
32661 | + } | |
32662 | + *start = buffer + (offset - begin); /* Start of wanted data */ | |
32663 | + len -= (offset - begin); /* Start slop */ | |
32664 | + if (len > length) | |
32665 | + len = length; | |
32666 | + return len; | |
32667 | +} | |
32668 | + | |
32669 | +IPSEC_PROCFS_DEBUG_NO_STATIC | |
32670 | +int | |
32671 | +ipsec_version_get_info(char *buffer, | |
32672 | + char **start, | |
32673 | + off_t offset, | |
32674 | + int length IPSEC_PROC_LAST_ARG) | |
32675 | +{ | |
32676 | + int len = 0; | |
32677 | + off_t begin = 0; | |
32678 | + | |
32679 | + KLIPS_PRINT(debug_tunnel & DB_TN_PROCFS, | |
32680 | + "klips_debug:ipsec_version_get_info: " | |
32681 | + "buffer=0p%p, *start=0p%p, offset=%d, length=%d\n", | |
32682 | + buffer, | |
32683 | + *start, | |
32684 | + (int)offset, | |
32685 | + length); | |
32686 | + | |
32687 | + len += ipsec_snprintf(buffer + len,length-len, "Openswan version: %s\n", | |
32688 | + ipsec_version_code()); | |
32689 | +#if 0 | |
32690 | + KLIPS_PRINT(debug_tunnel & DB_TN_PROCFS, | |
32691 | + "klips_debug:ipsec_version_get_info: " | |
32692 | + "ipsec_init version: %s\n", | |
32693 | + ipsec_init_c_version); | |
32694 | + KLIPS_PRINT(debug_tunnel & DB_TN_PROCFS, | |
32695 | + "klips_debug:ipsec_version_get_info: " | |
32696 | + "ipsec_tunnel version: %s\n", | |
32697 | + ipsec_tunnel_c_version); | |
32698 | + KLIPS_PRINT(debug_tunnel & DB_TN_PROCFS, | |
32699 | + "klips_debug:ipsec_version_get_info: " | |
32700 | + "ipsec_netlink version: %s\n", | |
32701 | + ipsec_netlink_c_version); | |
32702 | + KLIPS_PRINT(debug_tunnel & DB_TN_PROCFS, | |
32703 | + "klips_debug:ipsec_version_get_info: " | |
32704 | + "radij_c_version: %s\n", | |
32705 | + radij_c_version); | |
32706 | +#endif | |
32707 | + | |
32708 | + | |
32709 | + *start = buffer + (offset - begin); /* Start of wanted data */ | |
32710 | + len -= (offset - begin); /* Start slop */ | |
32711 | + if (len > length) | |
32712 | + len = length; | |
32713 | + return len; | |
32714 | +} | |
32715 | + | |
32716 | +#ifdef CONFIG_IPSEC_NAT_TRAVERSAL | |
32717 | +unsigned int natt_available = 1; | |
32718 | +#else | |
32719 | +unsigned int natt_available = 0; | |
32720 | +#endif | |
32721 | +module_param(natt_available, int, 0444); | |
32722 | + | |
32723 | +IPSEC_PROCFS_DEBUG_NO_STATIC | |
32724 | +int | |
32725 | +ipsec_natt_get_info(char *buffer, | |
32726 | + char **start, | |
32727 | + off_t offset, | |
32728 | + int length IPSEC_PROC_LAST_ARG) | |
32729 | +{ | |
32730 | + int len = 0; | |
32731 | + off_t begin = 0; | |
32732 | + | |
32733 | + len += ipsec_snprintf(buffer + len, | |
32734 | + length-len, "%d\n", | |
32735 | +#ifdef CONFIG_IPSEC_NAT_TRAVERSAL | |
32736 | + 1 | |
32737 | +#else | |
32738 | + 0 | |
32739 | +#endif | |
32740 | + ); | |
32741 | + | |
32742 | + *start = buffer + (offset - begin); /* Start of wanted data */ | |
32743 | + len -= (offset - begin); /* Start slop */ | |
32744 | + if (len > length) | |
32745 | + len = length; | |
32746 | + return len; | |
32747 | +} | |
32748 | + | |
32749 | +IPSEC_PROCFS_DEBUG_NO_STATIC | |
32750 | +int | |
32751 | +ipsec_birth_info(char *page, | |
32752 | + char **start, | |
32753 | + off_t offset, | |
32754 | + int count, | |
32755 | + int *eof, | |
32756 | + void *data) | |
32757 | +{ | |
32758 | + struct ipsec_birth_reply *ibr = (struct ipsec_birth_reply *)data; | |
32759 | + int len; | |
32760 | + | |
32761 | + if(offset >= ibr->packet_template_len) { | |
32762 | + if(eof) { | |
32763 | + *eof=1; | |
32764 | + } | |
32765 | + return 0; | |
32766 | + } | |
32767 | + | |
32768 | + len = ibr->packet_template_len; | |
32769 | + len -= offset; | |
32770 | + if (len > count) | |
32771 | + len = count; | |
32772 | + | |
32773 | + memcpy(page + offset, ibr->packet_template+offset, len); | |
32774 | + | |
32775 | + return len; | |
32776 | +} | |
32777 | + | |
32778 | +IPSEC_PROCFS_DEBUG_NO_STATIC | |
32779 | +int | |
32780 | +ipsec_birth_set(struct file *file, const char *buffer, | |
32781 | + unsigned long count, void *data) | |
32782 | +{ | |
32783 | + struct ipsec_birth_reply *ibr = (struct ipsec_birth_reply *)data; | |
32784 | + int len; | |
32785 | + | |
32786 | + KLIPS_INC_USE; | |
32787 | + if(count > IPSEC_BIRTH_TEMPLATE_MAXLEN) { | |
32788 | + len = IPSEC_BIRTH_TEMPLATE_MAXLEN; | |
32789 | + } else { | |
32790 | + len = count; | |
32791 | + } | |
32792 | + | |
32793 | + if(copy_from_user(ibr->packet_template, buffer, len)) { | |
32794 | + KLIPS_DEC_USE; | |
32795 | + return -EFAULT; | |
32796 | + } | |
32797 | + ibr->packet_template_len = len; | |
32798 | + | |
32799 | + KLIPS_DEC_USE; | |
32800 | + | |
32801 | + return len; | |
32802 | +} | |
32803 | + | |
32804 | + | |
32805 | +#ifdef CONFIG_KLIPS_DEBUG | |
32806 | +IPSEC_PROCFS_DEBUG_NO_STATIC | |
32807 | +int | |
32808 | +ipsec_klipsdebug_get_info(char *buffer, | |
32809 | + char **start, | |
32810 | + off_t offset, | |
32811 | + int length IPSEC_PROC_LAST_ARG) | |
32812 | +{ | |
32813 | + int len = 0; | |
32814 | + off_t begin = 0; | |
32815 | + | |
32816 | + KLIPS_PRINT(debug_tunnel & DB_TN_PROCFS, | |
32817 | + "klips_debug:ipsec_klipsdebug_get_info: " | |
32818 | + "buffer=0p%p, *start=0p%p, offset=%d, length=%d\n", | |
32819 | + buffer, | |
32820 | + *start, | |
32821 | + (int)offset, | |
32822 | + length); | |
32823 | + | |
32824 | + len += ipsec_snprintf(buffer+len, length-len, "debug_tunnel=%08x.\n", debug_tunnel); | |
32825 | + len += ipsec_snprintf(buffer+len, length-len, "debug_xform=%08x.\n", debug_xform); | |
32826 | + len += ipsec_snprintf(buffer+len, length-len, "debug_eroute=%08x.\n", debug_eroute); | |
32827 | + len += ipsec_snprintf(buffer+len, length-len, "debug_spi=%08x.\n", debug_spi); | |
32828 | + len += ipsec_snprintf(buffer+len, length-len, "debug_radij=%08x.\n", debug_radij); | |
32829 | + len += ipsec_snprintf(buffer+len, length-len, "debug_esp=%08x.\n", debug_esp); | |
32830 | + len += ipsec_snprintf(buffer+len, length-len, "debug_ah=%08x.\n", debug_ah); | |
32831 | + len += ipsec_snprintf(buffer+len, length-len, "debug_rcv=%08x.\n", debug_rcv); | |
32832 | + len += ipsec_snprintf(buffer+len, length-len, "debug_pfkey=%08x.\n", debug_pfkey); | |
32833 | + | |
32834 | + *start = buffer + (offset - begin); /* Start of wanted data */ | |
32835 | + len -= (offset - begin); /* Start slop */ | |
32836 | + if (len > length) | |
32837 | + len = length; | |
32838 | + return len; | |
32839 | +} | |
32840 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
32841 | + | |
32842 | +IPSEC_PROCFS_DEBUG_NO_STATIC | |
32843 | +int | |
32844 | +ipsec_stats_get_int_info(char *buffer, | |
32845 | + char **start, | |
32846 | + off_t offset, | |
32847 | + int length, | |
32848 | + int *eof, | |
32849 | + void *data) | |
32850 | +{ | |
32851 | + | |
32852 | + const int max_content = length > 0? length-1 : 0; | |
32853 | + int len = 0; | |
32854 | + int *thing; | |
32855 | + | |
32856 | + thing = (int *)data; | |
32857 | + | |
32858 | + len = ipsec_snprintf(buffer+len, length-len, "%08x\n", *thing); | |
32859 | + | |
32860 | + if (len >= max_content) | |
32861 | + len = max_content; /* truncate crap */ | |
32862 | + | |
32863 | + *start = buffer + offset; /* Start of wanted data */ | |
32864 | + return len > offset? len - offset : 0; | |
32865 | + | |
32866 | +} | |
32867 | + | |
32868 | +#ifndef PROC_FS_2325 | |
32869 | +struct proc_dir_entry ipsec_eroute = | |
32870 | +{ | |
32871 | + 0, | |
32872 | + 12, "ipsec_eroute", | |
32873 | + S_IFREG | S_IRUGO, 1, 0, 0, 0, | |
32874 | + &proc_net_inode_operations, | |
32875 | + ipsec_eroute_get_info, | |
32876 | + NULL, NULL, NULL, NULL, NULL | |
32877 | +}; | |
32878 | + | |
32879 | +struct proc_dir_entry ipsec_spi = | |
32880 | +{ | |
32881 | + 0, | |
32882 | + 9, "ipsec_spi", | |
32883 | + S_IFREG | S_IRUGO, 1, 0, 0, 0, | |
32884 | + &proc_net_inode_operations, | |
32885 | + ipsec_spi_get_info, | |
32886 | + NULL, NULL, NULL, NULL, NULL | |
32887 | +}; | |
32888 | + | |
32889 | +struct proc_dir_entry ipsec_spigrp = | |
32890 | +{ | |
32891 | + 0, | |
32892 | + 12, "ipsec_spigrp", | |
32893 | + S_IFREG | S_IRUGO, 1, 0, 0, 0, | |
32894 | + &proc_net_inode_operations, | |
32895 | + ipsec_spigrp_get_info, | |
32896 | + NULL, NULL, NULL, NULL, NULL | |
32897 | +}; | |
32898 | + | |
32899 | +struct proc_dir_entry ipsec_tncfg = | |
32900 | +{ | |
32901 | + 0, | |
32902 | + 11, "ipsec_tncfg", | |
32903 | + S_IFREG | S_IRUGO, 1, 0, 0, 0, | |
32904 | + &proc_net_inode_operations, | |
32905 | + ipsec_tncfg_get_info, | |
32906 | + NULL, NULL, NULL, NULL, NULL | |
32907 | +}; | |
32908 | + | |
32909 | +struct proc_dir_entry ipsec_version = | |
32910 | +{ | |
32911 | + 0, | |
32912 | + 13, "ipsec_version", | |
32913 | + S_IFREG | S_IRUGO, 1, 0, 0, 0, | |
32914 | + &proc_net_inode_operations, | |
32915 | + ipsec_version_get_info, | |
32916 | + NULL, NULL, NULL, NULL, NULL | |
32917 | +}; | |
32918 | + | |
32919 | +#ifdef CONFIG_KLIPS_DEBUG | |
32920 | +struct proc_dir_entry ipsec_klipsdebug = | |
32921 | +{ | |
32922 | + 0, | |
32923 | + 16, "ipsec_klipsdebug", | |
32924 | + S_IFREG | S_IRUGO, 1, 0, 0, 0, | |
32925 | + &proc_net_inode_operations, | |
32926 | + ipsec_klipsdebug_get_info, | |
32927 | + NULL, NULL, NULL, NULL, NULL | |
32928 | +}; | |
32929 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
32930 | +#endif /* !PROC_FS_2325 */ | |
32931 | +#endif /* CONFIG_PROC_FS */ | |
32932 | + | |
32933 | +#if defined(PROC_FS_2325) | |
32934 | +struct ipsec_proc_list { | |
32935 | + char *name; | |
32936 | + struct proc_dir_entry **parent; | |
32937 | + struct proc_dir_entry **dir; | |
32938 | + read_proc_t *readthing; | |
32939 | + write_proc_t *writething; | |
32940 | + void *data; | |
32941 | +}; | |
32942 | +static struct ipsec_proc_list proc_items[]={ | |
32943 | +#ifdef CONFIG_KLIPS_DEBUG | |
32944 | + {"klipsdebug", &proc_net_ipsec_dir, NULL, ipsec_klipsdebug_get_info, NULL, NULL}, | |
32945 | +#endif | |
32946 | + {"eroute", &proc_net_ipsec_dir, &proc_eroute_dir, NULL, NULL, NULL}, | |
32947 | + {"all", &proc_eroute_dir, NULL, ipsec_eroute_get_info, NULL, NULL}, | |
32948 | + {"spi", &proc_net_ipsec_dir, &proc_spi_dir, NULL, NULL, NULL}, | |
32949 | + {"all", &proc_spi_dir, NULL, ipsec_spi_get_info, NULL, NULL}, | |
32950 | + {"spigrp", &proc_net_ipsec_dir, &proc_spigrp_dir, NULL, NULL, NULL}, | |
32951 | + {"all", &proc_spigrp_dir, NULL, ipsec_spigrp_get_info, NULL, NULL}, | |
32952 | + {"birth", &proc_net_ipsec_dir, &proc_birth_dir, NULL, NULL, NULL}, | |
32953 | + {"ipv4", &proc_birth_dir, NULL, ipsec_birth_info, ipsec_birth_set, (void *)&ipsec_ipv4_birth_packet}, | |
32954 | + {"ipv6", &proc_birth_dir, NULL, ipsec_birth_info, ipsec_birth_set, (void *)&ipsec_ipv6_birth_packet}, | |
32955 | + {"tncfg", &proc_net_ipsec_dir, NULL, ipsec_tncfg_get_info, NULL, NULL}, | |
32956 | + {"xforms", &proc_net_ipsec_dir, NULL, ipsec_xform_get_info, NULL, NULL}, | |
32957 | + {"stats", &proc_net_ipsec_dir, &proc_stats_dir, NULL, NULL, NULL}, | |
32958 | + {"trap_count", &proc_stats_dir, NULL, ipsec_stats_get_int_info, NULL, &ipsec_xmit_trap_count}, | |
32959 | + {"trap_sendcount", &proc_stats_dir, NULL, ipsec_stats_get_int_info, NULL, &ipsec_xmit_trap_sendcount}, | |
32960 | + {"version", &proc_net_ipsec_dir, NULL, ipsec_version_get_info, NULL, NULL}, | |
32961 | + {NULL, NULL, NULL, NULL, NULL, NULL} | |
32962 | +}; | |
32963 | +#endif | |
32964 | + | |
32965 | +int | |
32966 | +ipsec_proc_init() | |
32967 | +{ | |
32968 | + int error = 0; | |
32969 | +#ifdef IPSEC_PROC_SUBDIRS | |
32970 | + struct proc_dir_entry *item; | |
32971 | +#endif | |
32972 | + | |
32973 | + /* | |
32974 | + * just complain because pluto won't run without /proc! | |
32975 | + */ | |
32976 | +#ifndef CONFIG_PROC_FS | |
32977 | +#error You must have PROC_FS built in to use KLIPS | |
32978 | +#endif | |
32979 | + | |
32980 | + /* for 2.0 kernels */ | |
32981 | +#if !defined(PROC_FS_2325) && !defined(PROC_FS_21) | |
32982 | + error |= proc_register_dynamic(&proc_net, &ipsec_eroute); | |
32983 | + error |= proc_register_dynamic(&proc_net, &ipsec_spi); | |
32984 | + error |= proc_register_dynamic(&proc_net, &ipsec_spigrp); | |
32985 | + error |= proc_register_dynamic(&proc_net, &ipsec_tncfg); | |
32986 | + error |= proc_register_dynamic(&proc_net, &ipsec_version); | |
32987 | +#ifdef CONFIG_KLIPS_DEBUG | |
32988 | + error |= proc_register_dynamic(&proc_net, &ipsec_klipsdebug); | |
32989 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
32990 | +#endif | |
32991 | + | |
32992 | + /* for 2.2 kernels */ | |
32993 | +#if !defined(PROC_FS_2325) && defined(PROC_FS_21) | |
32994 | + error |= proc_register(proc_net, &ipsec_eroute); | |
32995 | + error |= proc_register(proc_net, &ipsec_spi); | |
32996 | + error |= proc_register(proc_net, &ipsec_spigrp); | |
32997 | + error |= proc_register(proc_net, &ipsec_tncfg); | |
32998 | + error |= proc_register(proc_net, &ipsec_version); | |
32999 | +#ifdef CONFIG_KLIPS_DEBUG | |
33000 | + error |= proc_register(proc_net, &ipsec_klipsdebug); | |
33001 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
33002 | +#endif | |
33003 | + | |
33004 | + /* for 2.4 kernels */ | |
33005 | +#if defined(PROC_FS_2325) | |
33006 | + /* create /proc/net/ipsec */ | |
33007 | + | |
33008 | + /* zero these out before we initialize /proc/net/ipsec/birth/stuff */ | |
33009 | + memset(&ipsec_ipv4_birth_packet, 0, sizeof(struct ipsec_birth_reply)); | |
33010 | + memset(&ipsec_ipv6_birth_packet, 0, sizeof(struct ipsec_birth_reply)); | |
33011 | + | |
33012 | + proc_net_ipsec_dir = proc_mkdir("ipsec", proc_net); | |
33013 | + if(proc_net_ipsec_dir == NULL) { | |
33014 | + /* no point in continuing */ | |
33015 | + return 1; | |
33016 | + } | |
33017 | + | |
33018 | + { | |
33019 | + struct ipsec_proc_list *it; | |
33020 | + | |
33021 | + it=proc_items; | |
33022 | + while(it->name!=NULL) { | |
33023 | + if(it->dir) { | |
33024 | + /* make a dir instead */ | |
33025 | + item = proc_mkdir(it->name, *it->parent); | |
33026 | + *it->dir = item; | |
33027 | + } else { | |
33028 | + item = create_proc_entry(it->name, 0400, *it->parent); | |
33029 | + } | |
33030 | + if(item) { | |
33031 | + item->read_proc = it->readthing; | |
33032 | + item->write_proc = it->writething; | |
33033 | + item->data = it->data; | |
33034 | +#ifdef MODULE | |
33035 | + item->owner = THIS_MODULE; | |
33036 | +#endif | |
33037 | + } else { | |
33038 | + error |= 1; | |
33039 | + } | |
33040 | + it++; | |
33041 | + } | |
33042 | + } | |
33043 | + | |
33044 | + /* now create some symlinks to provide compatibility */ | |
33045 | + proc_symlink("ipsec_eroute", proc_net, "ipsec/eroute/all"); | |
33046 | + proc_symlink("ipsec_spi", proc_net, "ipsec/spi/all"); | |
33047 | + proc_symlink("ipsec_spigrp", proc_net, "ipsec/spigrp/all"); | |
33048 | + proc_symlink("ipsec_tncfg", proc_net, "ipsec/tncfg"); | |
33049 | + proc_symlink("ipsec_version",proc_net, "ipsec/version"); | |
33050 | + proc_symlink("ipsec_klipsdebug",proc_net,"ipsec/klipsdebug"); | |
33051 | + | |
33052 | +#endif /* !PROC_FS_2325 */ | |
33053 | + | |
33054 | + return error; | |
33055 | +} | |
33056 | + | |
33057 | +void | |
33058 | +ipsec_proc_cleanup() | |
33059 | +{ | |
33060 | + | |
33061 | + /* for 2.0 and 2.2 kernels */ | |
33062 | +#if !defined(PROC_FS_2325) | |
33063 | + | |
33064 | +#ifdef CONFIG_KLIPS_DEBUG | |
33065 | + if (proc_net_unregister(ipsec_klipsdebug.low_ino) != 0) | |
33066 | + printk("klips_debug:ipsec_cleanup: " | |
33067 | + "cannot unregister /proc/net/ipsec_klipsdebug\n"); | |
33068 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
33069 | + | |
33070 | + if (proc_net_unregister(ipsec_version.low_ino) != 0) | |
33071 | + printk("klips_debug:ipsec_cleanup: " | |
33072 | + "cannot unregister /proc/net/ipsec_version\n"); | |
33073 | + if (proc_net_unregister(ipsec_eroute.low_ino) != 0) | |
33074 | + printk("klips_debug:ipsec_cleanup: " | |
33075 | + "cannot unregister /proc/net/ipsec_eroute\n"); | |
33076 | + if (proc_net_unregister(ipsec_spi.low_ino) != 0) | |
33077 | + printk("klips_debug:ipsec_cleanup: " | |
33078 | + "cannot unregister /proc/net/ipsec_spi\n"); | |
33079 | + if (proc_net_unregister(ipsec_spigrp.low_ino) != 0) | |
33080 | + printk("klips_debug:ipsec_cleanup: " | |
33081 | + "cannot unregister /proc/net/ipsec_spigrp\n"); | |
33082 | + if (proc_net_unregister(ipsec_tncfg.low_ino) != 0) | |
33083 | + printk("klips_debug:ipsec_cleanup: " | |
33084 | + "cannot unregister /proc/net/ipsec_tncfg\n"); | |
33085 | +#endif | |
33086 | + | |
33087 | + /* for 2.4 kernels */ | |
33088 | +#if defined(PROC_FS_2325) | |
33089 | + { | |
33090 | + struct ipsec_proc_list *it; | |
33091 | + | |
33092 | + /* find end of list */ | |
33093 | + it=proc_items; | |
33094 | + while(it->name!=NULL) { | |
33095 | + it++; | |
33096 | + } | |
33097 | + it--; | |
33098 | + | |
33099 | + do { | |
33100 | + remove_proc_entry(it->name, *it->parent); | |
33101 | + it--; | |
33102 | + } while(it >= proc_items); | |
33103 | + } | |
33104 | + | |
33105 | + | |
33106 | +#ifdef CONFIG_KLIPS_DEBUG | |
33107 | + remove_proc_entry("ipsec_klipsdebug", proc_net); | |
33108 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
33109 | + remove_proc_entry("ipsec_eroute", proc_net); | |
33110 | + remove_proc_entry("ipsec_spi", proc_net); | |
33111 | + remove_proc_entry("ipsec_spigrp", proc_net); | |
33112 | + remove_proc_entry("ipsec_tncfg", proc_net); | |
33113 | + remove_proc_entry("ipsec_version", proc_net); | |
33114 | + remove_proc_entry("ipsec", proc_net); | |
33115 | +#endif /* 2.4 kernel */ | |
33116 | +} | |
33117 | + | |
33118 | +/* | |
33119 | + * $Log: ipsec_proc.c,v $ | |
33120 | + * Revision 1.39.2.4 2006/11/15 22:21:39 paul | |
33121 | + * backport of creating a /sys/ file to test for nat-t capability in kernel. | |
33122 | + * | |
33123 | + * Revision 1.39.2.3 2006/10/06 21:39:26 paul | |
33124 | + * Fix for 2.6.18+ only include linux/config.h if AUTOCONF_INCLUDED is not | |
33125 | + * set. This is defined through autoconf.h which is included through the | |
33126 | + * linux kernel build macros. | |
33127 | + * | |
33128 | + * Revision 1.39.2.2 2006/02/13 18:48:12 paul | |
33129 | + * Fix by Ankit Desai <ankit@elitecore.com> for module unloading. | |
33130 | + * | |
33131 | + * Revision 1.39.2.1 2005/09/07 00:45:59 paul | |
33132 | + * pull up of mcr's nat-t klips detection patch from head | |
33133 | + * | |
33134 | + * Revision 1.39 2005/05/20 03:19:18 mcr | |
33135 | + * modifications for use on 2.4.30 kernel, with backported | |
33136 | + * printk_ratelimit(). all warnings removed. | |
33137 | + * | |
33138 | + * Revision 1.38 2005/04/29 05:10:22 mcr | |
33139 | + * removed from extraenous includes to make unit testing easier. | |
33140 | + * | |
33141 | + * Revision 1.37 2005/04/13 22:49:49 mcr | |
33142 | + * moved KLIPS specific snprintf() wrapper to seperate file. | |
33143 | + * | |
33144 | + * Revision 1.36 2005/04/06 17:44:36 mcr | |
33145 | + * when NAT-T is compiled out, show encap as "NA" | |
33146 | + * | |
33147 | + * Revision 1.35 2005/01/26 00:50:35 mcr | |
33148 | + * adjustment of confusion of CONFIG_IPSEC_NAT vs CONFIG_KLIPS_NAT, | |
33149 | + * and make sure that NAT_TRAVERSAL is set as well to match | |
33150 | + * userspace compiles of code. | |
33151 | + * | |
33152 | + * Revision 1.34 2004/12/03 21:25:57 mcr | |
33153 | + * compile time fixes for running on 2.6. | |
33154 | + * still experimental. | |
33155 | + * | |
33156 | + * Revision 1.33 2004/08/17 03:27:23 mcr | |
33157 | + * klips 2.6 edits. | |
33158 | + * | |
33159 | + * Revision 1.32 2004/08/03 18:19:08 mcr | |
33160 | + * in 2.6, use "net_device" instead of #define device->net_device. | |
33161 | + * this probably breaks 2.0 compiles. | |
33162 | + * | |
33163 | + * Revision 1.31 2004/07/10 19:11:18 mcr | |
33164 | + * CONFIG_IPSEC -> CONFIG_KLIPS. | |
33165 | + * | |
33166 | + * Revision 1.30 2004/04/25 21:23:11 ken | |
33167 | + * Pull in dhr's changes from FreeS/WAN 2.06 | |
33168 | + * | |
33169 | + * Revision 1.29 2004/04/06 02:49:26 mcr | |
33170 | + * pullup of algo code from alg-branch. | |
33171 | + * | |
33172 | + * Revision 1.28 2004/03/28 20:29:58 paul | |
33173 | + * <hugh_> ssize_t, not ssized_t | |
33174 | + * | |
33175 | + * Revision 1.27 2004/03/28 20:27:20 paul | |
33176 | + * Included tested and confirmed fixes mcr made and dhr verified for | |
33177 | + * snprint statements. Changed one other snprintf to use ipsec_snprintf | |
33178 | + * so it wouldnt break compatibility with 2.0/2.2 kernels. Verified with | |
33179 | + * dhr. (thanks dhr!) | |
33180 | + * | |
33181 | + * Revision 1.26 2004/02/09 22:07:06 mcr | |
33182 | + * added information about nat-traversal setting to spi-output. | |
33183 | + * | |
33184 | + * Revision 1.25.4.1 2004/04/05 04:30:46 mcr | |
33185 | + * patches for alg-branch to compile/work with 2.x openswan | |
33186 | + * | |
33187 | + * Revision 1.25 2003/10/31 02:27:55 mcr | |
33188 | + * pulled up port-selector patches and sa_id elimination. | |
33189 | + * | |
33190 | + * Revision 1.24.4.1 2003/10/29 01:30:41 mcr | |
33191 | + * elimited "struct sa_id". | |
33192 | + * | |
33193 | + * Revision 1.24 2003/06/20 01:42:21 mcr | |
33194 | + * added counters to measure how many ACQUIREs we send to pluto, | |
33195 | + * and how many are successfully sent. | |
33196 | + * | |
33197 | + * Revision 1.23 2003/04/03 17:38:09 rgb | |
33198 | + * Centralised ipsec_kfree_skb and ipsec_dev_{get,put}. | |
33199 | + * | |
33200 | + * Revision 1.22 2002/09/20 15:40:57 rgb | |
33201 | + * Renamed saref macros for consistency and brevity. | |
33202 | + * | |
33203 | + * Revision 1.21 2002/09/20 05:01:35 rgb | |
33204 | + * Print ref and reftable, refentry seperately. | |
33205 | + * | |
33206 | + * Revision 1.20 2002/09/19 02:35:39 mcr | |
33207 | + * do not define structures needed by /proc/net/ipsec/ if we | |
33208 | + * aren't going create that directory. | |
33209 | + * | |
33210 | + * Revision 1.19 2002/09/10 01:43:25 mcr | |
33211 | + * fixed problem in /-* comment. | |
33212 | + * | |
33213 | + * Revision 1.18 2002/09/03 16:22:11 mcr | |
33214 | + * fixed initialization of birth/stuff values - some simple | |
33215 | + * screw ups in the code. | |
33216 | + * removed debugging that was left in by mistake. | |
33217 | + * | |
33218 | + * Revision 1.17 2002/09/02 17:54:53 mcr | |
33219 | + * changed how the table driven /proc entries are created so that | |
33220 | + * making subdirs is now explicit rather than implicit. | |
33221 | + * | |
33222 | + * Revision 1.16 2002/08/30 01:23:37 mcr | |
33223 | + * reorganized /proc creating code to clear up ifdefs, | |
33224 | + * make the 2.4 code table driven, and put things into | |
33225 | + * /proc/net/ipsec subdir. Symlinks are left for compatibility. | |
33226 | + * | |
33227 | + * Revision 1.15 2002/08/13 19:01:25 mcr | |
33228 | + * patches from kenb to permit compilation of FreeSWAN on ia64. | |
33229 | + * des library patched to use proper DES_LONG type for ia64. | |
33230 | + * | |
33231 | + * Revision 1.14 2002/07/26 08:48:31 rgb | |
33232 | + * Added SA ref table code. | |
33233 | + * | |
33234 | + * Revision 1.13 2002/07/24 18:44:54 rgb | |
33235 | + * Type fiddling to tame ia64 compiler. | |
33236 | + * | |
33237 | + * Revision 1.12 2002/05/27 18:56:07 rgb | |
33238 | + * Convert to dynamic ipsec device allocation. | |
33239 | + * | |
33240 | + * Revision 1.11 2002/05/23 07:14:50 rgb | |
33241 | + * Added refcount code. | |
33242 | + * Cleaned up %p variants to 0p%p for test suite cleanup. | |
33243 | + * Convert "usecount" to "refcount" to remove ambiguity. | |
33244 | + * | |
33245 | + * Revision 1.10 2002/04/24 07:55:32 mcr | |
33246 | + * #include patches and Makefiles for post-reorg compilation. | |
33247 | + * | |
33248 | + * Revision 1.9 2002/04/24 07:36:28 mcr | |
33249 | + * Moved from ./klips/net/ipsec/ipsec_proc.c,v | |
33250 | + * | |
33251 | + * Revision 1.8 2002/01/29 17:17:55 mcr | |
33252 | + * moved include of ipsec_param.h to after include of linux/kernel.h | |
33253 | + * otherwise, it seems that some option that is set in ipsec_param.h | |
33254 | + * screws up something subtle in the include path to kernel.h, and | |
33255 | + * it complains on the snprintf() prototype. | |
33256 | + * | |
33257 | + * Revision 1.7 2002/01/29 04:00:52 mcr | |
33258 | + * more excise of kversions.h header. | |
33259 | + * | |
33260 | + * Revision 1.6 2002/01/29 02:13:17 mcr | |
33261 | + * introduction of ipsec_kversion.h means that include of | |
33262 | + * ipsec_param.h must preceed any decisions about what files to | |
33263 | + * include to deal with differences in kernel source. | |
33264 | + * | |
33265 | + * Revision 1.5 2002/01/12 02:54:30 mcr | |
33266 | + * beginnings of /proc/net/ipsec dir. | |
33267 | + * | |
33268 | + * Revision 1.4 2001/12/11 02:21:05 rgb | |
33269 | + * Don't include module version here, fixing 2.2 compile bug. | |
33270 | + * | |
33271 | + * Revision 1.3 2001/12/05 07:19:44 rgb | |
33272 | + * Fixed extraneous #include "version.c" bug causing modular KLIPS failure. | |
33273 | + * | |
33274 | + * Revision 1.2 2001/11/26 09:16:14 rgb | |
33275 | + * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes. | |
33276 | + * | |
33277 | + * Revision 1.74 2001/11/22 05:44:11 henry | |
33278 | + * new version stuff | |
33279 | + * | |
33280 | + * Revision 1.1.2.1 2001/09/25 02:19:40 mcr | |
33281 | + * /proc manipulation code moved to new ipsec_proc.c | |
33282 | + * | |
33283 | + * | |
33284 | + * Local variables: | |
33285 | + * c-file-style: "linux" | |
33286 | + * End: | |
33287 | + * | |
33288 | + */ | |
33289 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
33290 | +++ linux/net/ipsec/ipsec_radij.c Mon Feb 9 13:51:03 2004 | |
33291 | @@ -0,0 +1,889 @@ | |
33292 | +/* | |
33293 | + * Interface between the IPSEC code and the radix (radij) tree code | |
33294 | + * Copyright (C) 1996, 1997 John Ioannidis. | |
33295 | + * Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs. | |
33296 | + * | |
33297 | + * This program is free software; you can redistribute it and/or modify it | |
33298 | + * under the terms of the GNU General Public License as published by the | |
33299 | + * Free Software Foundation; either version 2 of the License, or (at your | |
33300 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
33301 | + * | |
33302 | + * This program is distributed in the hope that it will be useful, but | |
33303 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
33304 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
33305 | + * for more details. | |
33306 | + * | |
33307 | + * RCSID $Id: ipsec_radij.c,v 1.73.2.1 2006/10/06 21:39:26 paul Exp $ | |
33308 | + */ | |
33309 | + | |
33310 | +#ifndef AUTOCONF_INCLUDED | |
33311 | +#include <linux/config.h> | |
33312 | +#endif | |
33313 | +#include <linux/version.h> | |
33314 | +#include <linux/kernel.h> /* printk() */ | |
33315 | + | |
33316 | +#include "openswan/ipsec_param.h" | |
33317 | + | |
33318 | +#ifdef MALLOC_SLAB | |
33319 | +# include <linux/slab.h> /* kmalloc() */ | |
33320 | +#else /* MALLOC_SLAB */ | |
33321 | +# include <linux/malloc.h> /* kmalloc() */ | |
33322 | +#endif /* MALLOC_SLAB */ | |
33323 | +#include <linux/errno.h> /* error codes */ | |
33324 | +#include <linux/types.h> /* size_t */ | |
33325 | +#include <linux/interrupt.h> /* mark_bh */ | |
33326 | + | |
33327 | +#include <linux/netdevice.h> /* struct device, struct net_device_stats and other headers */ | |
33328 | +#include <linux/etherdevice.h> /* eth_type_trans */ | |
33329 | +#include <linux/ip.h> /* struct iphdr */ | |
33330 | +#include <linux/skbuff.h> | |
33331 | +#include <openswan.h> | |
33332 | +#ifdef SPINLOCK | |
33333 | +# ifdef SPINLOCK_23 | |
33334 | +# include <linux/spinlock.h> /* *lock* */ | |
33335 | +# else /* 23_SPINLOCK */ | |
33336 | +# include <asm/spinlock.h> /* *lock* */ | |
33337 | +# endif /* 23_SPINLOCK */ | |
33338 | +#endif /* SPINLOCK */ | |
33339 | + | |
33340 | +#include <net/ip.h> | |
33341 | + | |
33342 | +#include "openswan/ipsec_eroute.h" | |
33343 | +#include "openswan/ipsec_sa.h" | |
33344 | + | |
33345 | +#include "openswan/radij.h" | |
33346 | +#include "openswan/ipsec_encap.h" | |
33347 | +#include "openswan/radij.h" | |
33348 | +#include "openswan/ipsec_encap.h" | |
33349 | +#include "openswan/ipsec_radij.h" | |
33350 | +#include "openswan/ipsec_tunnel.h" /* struct ipsecpriv */ | |
33351 | +#include "openswan/ipsec_xform.h" | |
33352 | + | |
33353 | +#include <pfkeyv2.h> | |
33354 | +#include <pfkey.h> | |
33355 | + | |
33356 | +#include "openswan/ipsec_proto.h" | |
33357 | + | |
33358 | +#ifdef CONFIG_KLIPS_DEBUG | |
33359 | +int debug_radij = 0; | |
33360 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
33361 | + | |
33362 | +struct radij_node_head *rnh = NULL; | |
33363 | +#ifdef SPINLOCK | |
33364 | +spinlock_t eroute_lock = SPIN_LOCK_UNLOCKED; | |
33365 | +#else /* SPINLOCK */ | |
33366 | +spinlock_t eroute_lock; | |
33367 | +#endif /* SPINLOCK */ | |
33368 | + | |
33369 | +int | |
33370 | +ipsec_radijinit(void) | |
33371 | +{ | |
33372 | + maj_keylen = sizeof (struct sockaddr_encap); | |
33373 | + | |
33374 | + rj_init(); | |
33375 | + | |
33376 | + if (rj_inithead((void **)&rnh, /*16*/offsetof(struct sockaddr_encap, sen_type) * sizeof(__u8)) == 0) /* 16 is bit offset of sen_type */ | |
33377 | + return -1; | |
33378 | + return 0; | |
33379 | +} | |
33380 | + | |
33381 | +int | |
33382 | +ipsec_radijcleanup(void) | |
33383 | +{ | |
33384 | + int error; | |
33385 | + | |
33386 | + spin_lock_bh(&eroute_lock); | |
33387 | + | |
33388 | + error = radijcleanup(); | |
33389 | + | |
33390 | + spin_unlock_bh(&eroute_lock); | |
33391 | + | |
33392 | + return error; | |
33393 | +} | |
33394 | + | |
33395 | +int | |
33396 | +ipsec_cleareroutes(void) | |
33397 | +{ | |
33398 | + int error; | |
33399 | + | |
33400 | + spin_lock_bh(&eroute_lock); | |
33401 | + | |
33402 | + error = radijcleartree(); | |
33403 | + | |
33404 | + spin_unlock_bh(&eroute_lock); | |
33405 | + | |
33406 | + return error; | |
33407 | +} | |
33408 | + | |
33409 | +int | |
33410 | +ipsec_breakroute(struct sockaddr_encap *eaddr, | |
33411 | + struct sockaddr_encap *emask, | |
33412 | + struct sk_buff **first, | |
33413 | + struct sk_buff **last) | |
33414 | +{ | |
33415 | + struct eroute *ro; | |
33416 | + struct radij_node *rn; | |
33417 | + int error; | |
33418 | +#ifdef CONFIG_KLIPS_DEBUG | |
33419 | + | |
33420 | + if (debug_eroute) { | |
33421 | + char buf1[SUBNETTOA_BUF], buf2[SUBNETTOA_BUF]; | |
33422 | + subnettoa(eaddr->sen_ip_src, emask->sen_ip_src, 0, buf1, sizeof(buf1)); | |
33423 | + subnettoa(eaddr->sen_ip_dst, emask->sen_ip_dst, 0, buf2, sizeof(buf2)); | |
33424 | + KLIPS_PRINT(debug_eroute, | |
33425 | + "klips_debug:ipsec_breakroute: " | |
33426 | + "attempting to delete eroute for %s:%d->%s:%d %d\n", | |
33427 | + buf1, ntohs(eaddr->sen_sport), | |
33428 | + buf2, ntohs(eaddr->sen_dport), eaddr->sen_proto); | |
33429 | + } | |
33430 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
33431 | + | |
33432 | + spin_lock_bh(&eroute_lock); | |
33433 | + | |
33434 | + if ((error = rj_delete(eaddr, emask, rnh, &rn)) != 0) { | |
33435 | + spin_unlock_bh(&eroute_lock); | |
33436 | + KLIPS_PRINT(debug_eroute, | |
33437 | + "klips_debug:ipsec_breakroute: " | |
33438 | + "node not found, eroute delete failed.\n"); | |
33439 | + return error; | |
33440 | + } | |
33441 | + | |
33442 | + spin_unlock_bh(&eroute_lock); | |
33443 | + | |
33444 | + ro = (struct eroute *)rn; | |
33445 | + | |
33446 | + KLIPS_PRINT(debug_eroute, | |
33447 | + "klips_debug:ipsec_breakroute: " | |
33448 | + "deleted eroute=0p%p, ident=0p%p->0p%p, first=0p%p, last=0p%p\n", | |
33449 | + ro, | |
33450 | + ro->er_ident_s.data, | |
33451 | + ro->er_ident_d.data, | |
33452 | + ro->er_first, | |
33453 | + ro->er_last); | |
33454 | + | |
33455 | + if (ro->er_ident_s.data != NULL) { | |
33456 | + kfree(ro->er_ident_s.data); | |
33457 | + } | |
33458 | + if (ro->er_ident_d.data != NULL) { | |
33459 | + kfree(ro->er_ident_d.data); | |
33460 | + } | |
33461 | + if (ro->er_first != NULL) { | |
33462 | +#if 0 | |
33463 | + struct net_device_stats *stats = (struct net_device_stats *) &(((struct ipsecpriv *)(ro->er_first->dev->priv))->mystats); | |
33464 | + stats->tx_dropped--; | |
33465 | +#endif | |
33466 | + *first = ro->er_first; | |
33467 | + } | |
33468 | + if (ro->er_last != NULL) { | |
33469 | +#if 0 | |
33470 | + struct net_device_stats *stats = (struct net_device_stats *) &(((struct ipsecpriv *)(ro->er_last->dev->priv))->mystats); | |
33471 | + stats->tx_dropped--; | |
33472 | +#endif | |
33473 | + *last = ro->er_last; | |
33474 | + } | |
33475 | + | |
33476 | + if (rn->rj_flags & (RJF_ACTIVE | RJF_ROOT)) | |
33477 | + panic ("ipsec_breakroute RMT_DELEROUTE root or active node\n"); | |
33478 | + memset((caddr_t)rn, 0, sizeof (struct eroute)); | |
33479 | + kfree(rn); | |
33480 | + | |
33481 | + return 0; | |
33482 | +} | |
33483 | + | |
33484 | +int | |
33485 | +ipsec_makeroute(struct sockaddr_encap *eaddr, | |
33486 | + struct sockaddr_encap *emask, | |
33487 | + ip_said said, | |
33488 | + uint32_t pid, | |
33489 | + struct sk_buff *skb, | |
33490 | + struct ident *ident_s, | |
33491 | + struct ident *ident_d) | |
33492 | +{ | |
33493 | + struct eroute *retrt; | |
33494 | + int error; | |
33495 | + char sa[SATOT_BUF]; | |
33496 | + size_t sa_len; | |
33497 | + | |
33498 | +#ifdef CONFIG_KLIPS_DEBUG | |
33499 | + | |
33500 | + if (debug_eroute) { | |
33501 | + | |
33502 | + { | |
33503 | + char buf1[SUBNETTOA_BUF], buf2[SUBNETTOA_BUF]; | |
33504 | + | |
33505 | + subnettoa(eaddr->sen_ip_src, emask->sen_ip_src, 0, buf1, sizeof(buf1)); | |
33506 | + subnettoa(eaddr->sen_ip_dst, emask->sen_ip_dst, 0, buf2, sizeof(buf2)); | |
33507 | + sa_len = satot(&said, 0, sa, sizeof(sa)); | |
33508 | + KLIPS_PRINT(debug_eroute, | |
33509 | + "klips_debug:ipsec_makeroute: " | |
33510 | + "attempting to allocate %lu bytes to insert eroute for %s->%s, SA: %s, PID:%d, skb=0p%p, ident:%s->%s\n", | |
33511 | + (unsigned long) sizeof(struct eroute), | |
33512 | + buf1, | |
33513 | + buf2, | |
33514 | + sa_len ? sa : " (error)", | |
33515 | + pid, | |
33516 | + skb, | |
33517 | + (ident_s ? (ident_s->data ? ident_s->data : "NULL") : "NULL"), | |
33518 | + (ident_d ? (ident_d->data ? ident_d->data : "NULL") : "NULL")); | |
33519 | + } | |
33520 | + { | |
33521 | + char buf1[sizeof(struct sockaddr_encap)*2 + 1], | |
33522 | + buf2[sizeof(struct sockaddr_encap)*2 + 1]; | |
33523 | + int i; | |
33524 | + unsigned char *b1 = buf1, | |
33525 | + *b2 = buf2, | |
33526 | + *ea = (unsigned char *)eaddr, | |
33527 | + *em = (unsigned char *)emask; | |
33528 | + | |
33529 | + | |
33530 | + for (i=0; i<sizeof(struct sockaddr_encap); i++) { | |
33531 | + sprintf(b1, "%02x", ea[i]); | |
33532 | + sprintf(b2, "%02x", em[i]); | |
33533 | + b1+=2; | |
33534 | + b2+=2; | |
33535 | + } | |
33536 | + KLIPS_PRINT(debug_eroute, "klips_debug:ipsec_makeroute: %s / %s \n", buf1, buf2); | |
33537 | + } | |
33538 | + | |
33539 | + } | |
33540 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
33541 | + | |
33542 | + retrt = (struct eroute *)kmalloc(sizeof (struct eroute), GFP_ATOMIC); | |
33543 | + if (retrt == NULL) { | |
33544 | + printk("klips_error:ipsec_makeroute: " | |
33545 | + "not able to allocate kernel memory"); | |
33546 | + return -ENOMEM; | |
33547 | + } | |
33548 | + memset((caddr_t)retrt, 0, sizeof (struct eroute)); | |
33549 | + | |
33550 | + retrt->er_eaddr = *eaddr; | |
33551 | + retrt->er_emask = *emask; | |
33552 | + retrt->er_said = said; | |
33553 | + retrt->er_pid = pid; | |
33554 | + retrt->er_count = 0; | |
33555 | + retrt->er_lasttime = jiffies/HZ; | |
33556 | + | |
33557 | + { | |
33558 | + /* this is because gcc 3. doesn't like cast's as lvalues */ | |
33559 | + struct rjtentry *rje = (struct rjtentry *)&(retrt->er_rjt); | |
33560 | + caddr_t er = (caddr_t)&(retrt->er_eaddr); | |
33561 | + | |
33562 | + rje->rd_nodes->rj_key= er; | |
33563 | + } | |
33564 | + | |
33565 | + if (ident_s && ident_s->type != SADB_IDENTTYPE_RESERVED) { | |
33566 | + int data_len = ident_s->len * IPSEC_PFKEYv2_ALIGN - sizeof(struct sadb_ident); | |
33567 | + | |
33568 | + retrt->er_ident_s.type = ident_s->type; | |
33569 | + retrt->er_ident_s.id = ident_s->id; | |
33570 | + retrt->er_ident_s.len = ident_s->len; | |
33571 | + if(data_len) { | |
33572 | + KLIPS_PRINT(debug_eroute, | |
33573 | + "klips_debug:ipsec_makeroute: " | |
33574 | + "attempting to allocate %u bytes for ident_s.\n", | |
33575 | + data_len); | |
33576 | + if(!(retrt->er_ident_s.data = kmalloc(data_len, GFP_KERNEL))) { | |
33577 | + kfree(retrt); | |
33578 | + printk("klips_error:ipsec_makeroute: not able to allocate kernel memory (%d)\n", data_len); | |
33579 | + return ENOMEM; | |
33580 | + } | |
33581 | + memcpy(retrt->er_ident_s.data, ident_s->data, data_len); | |
33582 | + } else { | |
33583 | + retrt->er_ident_s.data = NULL; | |
33584 | + } | |
33585 | + } | |
33586 | + | |
33587 | + if (ident_d && ident_d->type != SADB_IDENTTYPE_RESERVED) { | |
33588 | + int data_len = ident_d->len * IPSEC_PFKEYv2_ALIGN - sizeof(struct sadb_ident); | |
33589 | + | |
33590 | + retrt->er_ident_d.type = ident_d->type; | |
33591 | + retrt->er_ident_d.id = ident_d->id; | |
33592 | + retrt->er_ident_d.len = ident_d->len; | |
33593 | + if(data_len) { | |
33594 | + KLIPS_PRINT(debug_eroute, | |
33595 | + "klips_debug:ipsec_makeroute: " | |
33596 | + "attempting to allocate %u bytes for ident_d.\n", | |
33597 | + data_len); | |
33598 | + if(!(retrt->er_ident_d.data = kmalloc(data_len, GFP_KERNEL))) { | |
33599 | + if (retrt->er_ident_s.data) | |
33600 | + kfree(retrt->er_ident_s.data); | |
33601 | + kfree(retrt); | |
33602 | + printk("klips_error:ipsec_makeroute: not able to allocate kernel memory (%d)\n", data_len); | |
33603 | + return ENOMEM; | |
33604 | + } | |
33605 | + memcpy(retrt->er_ident_d.data, ident_d->data, data_len); | |
33606 | + } else { | |
33607 | + retrt->er_ident_d.data = NULL; | |
33608 | + } | |
33609 | + } | |
33610 | + retrt->er_first = skb; | |
33611 | + retrt->er_last = NULL; | |
33612 | + | |
33613 | + KLIPS_PRINT(debug_eroute, | |
33614 | + "klips_debug:ipsec_makeroute: " | |
33615 | + "calling rj_addroute now\n"); | |
33616 | + | |
33617 | + spin_lock_bh(&eroute_lock); | |
33618 | + | |
33619 | + error = rj_addroute(&(retrt->er_eaddr), &(retrt->er_emask), | |
33620 | + rnh, retrt->er_rjt.rd_nodes); | |
33621 | + | |
33622 | + spin_unlock_bh(&eroute_lock); | |
33623 | + | |
33624 | + if(error) { | |
33625 | + sa_len = satot(&said, 0, sa, sizeof(sa)); | |
33626 | + KLIPS_PRINT(debug_eroute, | |
33627 | + "klips_debug:ipsec_makeroute: " | |
33628 | + "rj_addroute not able to insert eroute for SA:%s (error:%d)\n", | |
33629 | + sa_len ? sa : " (error)", error); | |
33630 | + if (retrt->er_ident_s.data) | |
33631 | + kfree(retrt->er_ident_s.data); | |
33632 | + if (retrt->er_ident_d.data) | |
33633 | + kfree(retrt->er_ident_d.data); | |
33634 | + | |
33635 | + kfree(retrt); | |
33636 | + | |
33637 | + return error; | |
33638 | + } | |
33639 | + | |
33640 | +#ifdef CONFIG_KLIPS_DEBUG | |
33641 | + if (debug_eroute) { | |
33642 | + char buf1[SUBNETTOA_BUF], buf2[SUBNETTOA_BUF]; | |
33643 | +/* | |
33644 | + subnettoa(eaddr->sen_ip_src, emask->sen_ip_src, 0, buf1, sizeof(buf1)); | |
33645 | + subnettoa(eaddr->sen_ip_dst, emask->sen_ip_dst, 0, buf2, sizeof(buf2)); | |
33646 | +*/ | |
33647 | + subnettoa(rd_key((&(retrt->er_rjt)))->sen_ip_src, rd_mask((&(retrt->er_rjt)))->sen_ip_src, 0, buf1, sizeof(buf1)); | |
33648 | + subnettoa(rd_key((&(retrt->er_rjt)))->sen_ip_dst, rd_mask((&(retrt->er_rjt)))->sen_ip_dst, 0, buf2, sizeof(buf2)); | |
33649 | + sa_len = satot(&retrt->er_said, 0, sa, sizeof(sa)); | |
33650 | + | |
33651 | + KLIPS_PRINT(debug_eroute, | |
33652 | + "klips_debug:ipsec_makeroute: " | |
33653 | + "pid=%05d " | |
33654 | + "count=%10d " | |
33655 | + "lasttime=%6d " | |
33656 | + "%-18s -> %-18s => %s\n", | |
33657 | + retrt->er_pid, | |
33658 | + retrt->er_count, | |
33659 | + (int)(jiffies/HZ - retrt->er_lasttime), | |
33660 | + buf1, | |
33661 | + buf2, | |
33662 | + sa_len ? sa : " (error)"); | |
33663 | + } | |
33664 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
33665 | + KLIPS_PRINT(debug_eroute, | |
33666 | + "klips_debug:ipsec_makeroute: " | |
33667 | + "succeeded.\n"); | |
33668 | + return 0; | |
33669 | +} | |
33670 | + | |
33671 | +struct eroute * | |
33672 | +ipsec_findroute(struct sockaddr_encap *eaddr) | |
33673 | +{ | |
33674 | + struct radij_node *rn; | |
33675 | +#ifdef CONFIG_KLIPS_DEBUG | |
33676 | + char buf1[ADDRTOA_BUF], buf2[ADDRTOA_BUF]; | |
33677 | + | |
33678 | + if (debug_radij & DB_RJ_FINDROUTE) { | |
33679 | + addrtoa(eaddr->sen_ip_src, 0, buf1, sizeof(buf1)); | |
33680 | + addrtoa(eaddr->sen_ip_dst, 0, buf2, sizeof(buf2)); | |
33681 | + KLIPS_PRINT(debug_eroute, | |
33682 | + "klips_debug:ipsec_findroute: " | |
33683 | + "%s:%d->%s:%d %d\n", | |
33684 | + buf1, ntohs(eaddr->sen_sport), | |
33685 | + buf2, ntohs(eaddr->sen_dport), | |
33686 | + eaddr->sen_proto); | |
33687 | + } | |
33688 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
33689 | + rn = rj_match((caddr_t)eaddr, rnh); | |
33690 | + if(rn) { | |
33691 | + KLIPS_PRINT(debug_eroute && sysctl_ipsec_debug_verbose, | |
33692 | + "klips_debug:ipsec_findroute: " | |
33693 | + "found, points to proto=%d, spi=%x, dst=%x.\n", | |
33694 | + ((struct eroute*)rn)->er_said.proto, | |
33695 | + ntohl(((struct eroute*)rn)->er_said.spi), | |
33696 | + ntohl(((struct eroute*)rn)->er_said.dst.u.v4.sin_addr.s_addr)); | |
33697 | + } | |
33698 | + return (struct eroute *)rn; | |
33699 | +} | |
33700 | + | |
33701 | +#ifdef CONFIG_PROC_FS | |
33702 | +/** ipsec_rj_walker_procprint: print one line of eroute table output. | |
33703 | + * | |
33704 | + * Theoretical BUG: if w->length is less than the length | |
33705 | + * of some line we should produce, that line will never | |
33706 | + * be finished. In effect, the "file" will stop part way | |
33707 | + * through that line. | |
33708 | + */ | |
33709 | +int | |
33710 | +ipsec_rj_walker_procprint(struct radij_node *rn, void *w0) | |
33711 | +{ | |
33712 | + struct eroute *ro = (struct eroute *)rn; | |
33713 | + struct rjtentry *rd = (struct rjtentry *)rn; | |
33714 | + struct wsbuf *w = (struct wsbuf *)w0; | |
33715 | + char buf1[SUBNETTOA_BUF], buf2[SUBNETTOA_BUF]; | |
33716 | + char buf3[16]; | |
33717 | + char sa[SATOT_BUF]; | |
33718 | + size_t sa_len, buf_len; | |
33719 | + struct sockaddr_encap *key, *mask; | |
33720 | + | |
33721 | + KLIPS_PRINT(debug_radij, | |
33722 | + "klips_debug:ipsec_rj_walker_procprint: " | |
33723 | + "rn=0p%p, w0=0p%p\n", | |
33724 | + rn, | |
33725 | + w0); | |
33726 | + if (rn->rj_b >= 0) { | |
33727 | + return 0; | |
33728 | + } | |
33729 | + | |
33730 | + key = rd_key(rd); | |
33731 | + mask = rd_mask(rd); | |
33732 | + | |
33733 | + if (key == NULL || mask == NULL) { | |
33734 | + return 0; | |
33735 | + } | |
33736 | + | |
33737 | + buf_len = subnettoa(key->sen_ip_src, mask->sen_ip_src, 0, buf1, sizeof(buf1)); | |
33738 | + if(key->sen_sport != 0) { | |
33739 | + sprintf(buf1+buf_len-1, ":%d", ntohs(key->sen_sport)); | |
33740 | + } | |
33741 | + | |
33742 | + buf_len = subnettoa(key->sen_ip_dst, mask->sen_ip_dst, 0, buf2, sizeof(buf2)); | |
33743 | + if(key->sen_dport != 0) { | |
33744 | + sprintf(buf2+buf_len-1, ":%d", ntohs(key->sen_dport)); | |
33745 | + } | |
33746 | + | |
33747 | + buf3[0]='\0'; | |
33748 | + if(key->sen_proto != 0) { | |
33749 | + sprintf(buf3, ":%d", key->sen_proto); | |
33750 | + } | |
33751 | + | |
33752 | + sa_len = satot(&ro->er_said, 'x', sa, sizeof(sa)); | |
33753 | + w->len += ipsec_snprintf(w->buffer + w->len, | |
33754 | + w->length - w->len, | |
33755 | + "%-10d " | |
33756 | + "%-18s -> %-18s => %s%s\n", | |
33757 | + ro->er_count, | |
33758 | + buf1, | |
33759 | + buf2, | |
33760 | + sa_len ? sa : " (error)", | |
33761 | + buf3); | |
33762 | + | |
33763 | + { | |
33764 | + /* snprintf can only fill the last character with NUL | |
33765 | + * so the maximum useful character is w->length-1. | |
33766 | + * However, if w->length == 0, we cannot go back. | |
33767 | + * (w->length surely cannot be negative.) | |
33768 | + */ | |
33769 | + int max_content = w->length > 0? w->length-1 : 0; | |
33770 | + | |
33771 | + if (w->len >= max_content) { | |
33772 | + /* we've done all that can fit -- stop treewalking */ | |
33773 | + w->len = max_content; /* truncate crap */ | |
33774 | + return -ENOBUFS; | |
33775 | + } else { | |
33776 | + const off_t pos = w->begin + w->len; /* file position of end of what we've generated */ | |
33777 | + | |
33778 | + if (pos <= w->offset) { | |
33779 | + /* all is before first interesting character: | |
33780 | + * discard, but note where we are. | |
33781 | + */ | |
33782 | + w->len = 0; | |
33783 | + w->begin = pos; | |
33784 | + } | |
33785 | + return 0; | |
33786 | + } | |
33787 | + } | |
33788 | +} | |
33789 | +#endif /* CONFIG_PROC_FS */ | |
33790 | + | |
33791 | +int | |
33792 | +ipsec_rj_walker_delete(struct radij_node *rn, void *w0) | |
33793 | +{ | |
33794 | + struct eroute *ro; | |
33795 | + struct rjtentry *rd = (struct rjtentry *)rn; | |
33796 | + struct radij_node *rn2; | |
33797 | + int error; | |
33798 | + struct sockaddr_encap *key, *mask; | |
33799 | + | |
33800 | + key = rd_key(rd); | |
33801 | + mask = rd_mask(rd); | |
33802 | + | |
33803 | + if(!key || !mask) { | |
33804 | + return -ENODATA; | |
33805 | + } | |
33806 | +#ifdef CONFIG_KLIPS_DEBUG | |
33807 | + if(debug_radij) { | |
33808 | + char buf1[SUBNETTOA_BUF], buf2[SUBNETTOA_BUF]; | |
33809 | + subnettoa(key->sen_ip_src, mask->sen_ip_src, 0, buf1, sizeof(buf1)); | |
33810 | + subnettoa(key->sen_ip_dst, mask->sen_ip_dst, 0, buf2, sizeof(buf2)); | |
33811 | + KLIPS_PRINT(debug_radij, | |
33812 | + "klips_debug:ipsec_rj_walker_delete: " | |
33813 | + "deleting: %s -> %s\n", | |
33814 | + buf1, | |
33815 | + buf2); | |
33816 | + } | |
33817 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
33818 | + | |
33819 | + if((error = rj_delete(key, mask, rnh, &rn2))) { | |
33820 | + KLIPS_PRINT(debug_radij, | |
33821 | + "klips_debug:ipsec_rj_walker_delete: " | |
33822 | + "rj_delete failed with error=%d.\n", error); | |
33823 | + return error; | |
33824 | + } | |
33825 | + | |
33826 | + if(rn2 != rn) { | |
33827 | + printk("klips_debug:ipsec_rj_walker_delete: " | |
33828 | + "tried to delete a different node?!? This should never happen!\n"); | |
33829 | + } | |
33830 | + | |
33831 | + ro = (struct eroute *)rn; | |
33832 | + | |
33833 | + if (ro->er_ident_s.data) | |
33834 | + kfree(ro->er_ident_s.data); | |
33835 | + if (ro->er_ident_d.data) | |
33836 | + kfree(ro->er_ident_d.data); | |
33837 | + | |
33838 | + memset((caddr_t)rn, 0, sizeof (struct eroute)); | |
33839 | + kfree(rn); | |
33840 | + | |
33841 | + return 0; | |
33842 | +} | |
33843 | + | |
33844 | +/* | |
33845 | + * $Log: ipsec_radij.c,v $ | |
33846 | + * Revision 1.73.2.1 2006/10/06 21:39:26 paul | |
33847 | + * Fix for 2.6.18+ only include linux/config.h if AUTOCONF_INCLUDED is not | |
33848 | + * set. This is defined through autoconf.h which is included through the | |
33849 | + * linux kernel build macros. | |
33850 | + * | |
33851 | + * Revision 1.73 2005/04/29 05:10:22 mcr | |
33852 | + * removed from extraenous includes to make unit testing easier. | |
33853 | + * | |
33854 | + * Revision 1.72 2004/12/03 21:25:57 mcr | |
33855 | + * compile time fixes for running on 2.6. | |
33856 | + * still experimental. | |
33857 | + * | |
33858 | + * Revision 1.71 2004/07/10 19:11:18 mcr | |
33859 | + * CONFIG_IPSEC -> CONFIG_KLIPS. | |
33860 | + * | |
33861 | + * Revision 1.70 2004/04/25 21:10:52 ken | |
33862 | + * Pull in dhr's changes from FreeS/WAN 2.06 | |
33863 | + * | |
33864 | + * Revision 1.69 2004/04/06 02:49:26 mcr | |
33865 | + * pullup of algo code from alg-branch. | |
33866 | + * | |
33867 | + * Revision 1.68 2004/03/28 20:27:20 paul | |
33868 | + * Included tested and confirmed fixes mcr made and dhr verified for | |
33869 | + * snprint statements. Changed one other snprintf to use ipsec_snprintf | |
33870 | + * so it wouldnt break compatibility with 2.0/2.2 kernels. Verified with | |
33871 | + * dhr. (thanks dhr!) | |
33872 | + * | |
33873 | + * Revision 1.67.4.1 2004/04/05 04:30:46 mcr | |
33874 | + * patches for alg-branch to compile/work with 2.x openswan | |
33875 | + * | |
33876 | + * Revision 1.67 2003/10/31 02:27:55 mcr | |
33877 | + * pulled up port-selector patches and sa_id elimination. | |
33878 | + * | |
33879 | + * Revision 1.66.24.2 2003/10/29 01:30:41 mcr | |
33880 | + * elimited "struct sa_id". | |
33881 | + * | |
33882 | + * Revision 1.66.24.1 2003/09/21 13:59:56 mcr | |
33883 | + * pre-liminary X.509 patch - does not yet pass tests. | |
33884 | + * | |
33885 | + * Revision 1.66 2002/10/12 23:11:53 dhr | |
33886 | + * | |
33887 | + * [KenB + DHR] more 64-bit cleanup | |
33888 | + * | |
33889 | + * Revision 1.65 2002/09/20 05:01:40 rgb | |
33890 | + * Added memory allocation debugging. | |
33891 | + * | |
33892 | + * Revision 1.64 2002/05/31 01:46:05 mcr | |
33893 | + * added && sysctl_ipsec_debug_verbose verbose to ipsec_findroute | |
33894 | + * as requested in PR#14. | |
33895 | + * | |
33896 | + * Revision 1.63 2002/05/23 07:14:11 rgb | |
33897 | + * Cleaned up %p variants to 0p%p for test suite cleanup. | |
33898 | + * | |
33899 | + * Revision 1.62 2002/04/24 07:55:32 mcr | |
33900 | + * #include patches and Makefiles for post-reorg compilation. | |
33901 | + * | |
33902 | + * Revision 1.61 2002/04/24 07:36:29 mcr | |
33903 | + * Moved from ./klips/net/ipsec/ipsec_radij.c,v | |
33904 | + * | |
33905 | + * Revision 1.60 2002/02/19 23:59:45 rgb | |
33906 | + * Removed redundant compiler directives. | |
33907 | + * | |
33908 | + * Revision 1.59 2002/02/06 04:13:47 mcr | |
33909 | + * missing #ifdef CONFIG_IPSEC_DEBUG. | |
33910 | + * | |
33911 | + * Revision 1.58 2002/01/29 17:17:56 mcr | |
33912 | + * moved include of ipsec_param.h to after include of linux/kernel.h | |
33913 | + * otherwise, it seems that some option that is set in ipsec_param.h | |
33914 | + * screws up something subtle in the include path to kernel.h, and | |
33915 | + * it complains on the snprintf() prototype. | |
33916 | + * | |
33917 | + * Revision 1.57 2002/01/29 04:00:52 mcr | |
33918 | + * more excise of kversions.h header. | |
33919 | + * | |
33920 | + * Revision 1.56 2002/01/29 02:13:17 mcr | |
33921 | + * introduction of ipsec_kversion.h means that include of | |
33922 | + * ipsec_param.h must preceed any decisions about what files to | |
33923 | + * include to deal with differences in kernel source. | |
33924 | + * | |
33925 | + * Revision 1.55 2001/11/26 09:23:48 rgb | |
33926 | + * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes. | |
33927 | + * | |
33928 | + * Revision 1.53.2.1 2001/09/25 02:26:32 mcr | |
33929 | + * headers adjusted for new usage. | |
33930 | + * | |
33931 | + * Revision 1.54 2001/10/18 04:45:20 rgb | |
33932 | + * 2.4.9 kernel deprecates linux/malloc.h in favour of linux/slab.h, | |
33933 | + * lib/freeswan.h version macros moved to lib/kversions.h. | |
33934 | + * Other compiler directive cleanups. | |
33935 | + * | |
33936 | + * Revision 1.53 2001/09/19 17:19:40 rgb | |
33937 | + * Debug output bugfix for NetCelo's PF_KEY ident patch. | |
33938 | + * | |
33939 | + * Revision 1.52 2001/09/19 16:33:37 rgb | |
33940 | + * Temporarily disable ident fields to /proc/net/ipsec_eroute. | |
33941 | + * | |
33942 | + * Revision 1.51 2001/09/15 16:24:04 rgb | |
33943 | + * Re-inject first and last HOLD packet when an eroute REPLACE is done. | |
33944 | + * | |
33945 | + * Revision 1.50 2001/09/14 16:58:36 rgb | |
33946 | + * Added support for storing the first and last packets through a HOLD. | |
33947 | + * | |
33948 | + * Revision 1.49 2001/09/08 21:13:32 rgb | |
33949 | + * Added pfkey ident extension support for ISAKMPd. (NetCelo) | |
33950 | + * | |
33951 | + * Revision 1.48 2001/06/15 04:12:56 rgb | |
33952 | + * Fixed kernel memory allocation error return code polarity bug. | |
33953 | + * | |
33954 | + * Revision 1.47 2001/06/14 19:35:09 rgb | |
33955 | + * Update copyright date. | |
33956 | + * | |
33957 | + * Revision 1.46 2001/06/08 08:47:18 rgb | |
33958 | + * Fixed for debug disabled. | |
33959 | + * | |
33960 | + * Revision 1.45 2001/05/27 06:12:11 rgb | |
33961 | + * Added structures for pid, packet count and last access time to eroute. | |
33962 | + * Added packet count to beginning of /proc/net/ipsec_eroute. | |
33963 | + * | |
33964 | + * Revision 1.44 2001/05/03 19:41:01 rgb | |
33965 | + * Initialise error return variable. | |
33966 | + * Use more appropriate return value for ipsec_rj_walker_delete(). | |
33967 | + * | |
33968 | + * Revision 1.43 2001/02/27 22:24:54 rgb | |
33969 | + * Re-formatting debug output (line-splitting, joining, 1arg/line). | |
33970 | + * Check for satoa() return codes. | |
33971 | + * | |
33972 | + * Revision 1.42 2001/02/27 06:21:57 rgb | |
33973 | + * Added findroute success instrumentation. | |
33974 | + * | |
33975 | + * Revision 1.41 2000/11/06 04:32:08 rgb | |
33976 | + * Ditched spin_lock_irqsave in favour of spin_lock_bh. | |
33977 | + * | |
33978 | + * Revision 1.40 2000/09/08 19:12:56 rgb | |
33979 | + * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG. | |
33980 | + * | |
33981 | + * Revision 1.39 2000/08/30 05:25:20 rgb | |
33982 | + * Correct debug text in ipsec_breakroute() from incorrect | |
33983 | + * "ipsec_callback". | |
33984 | + * | |
33985 | + * Revision 1.38 2000/07/28 14:58:31 rgb | |
33986 | + * Changed kfree_s to kfree, eliminating extra arg to fix 2.4.0-test5. | |
33987 | + * | |
33988 | + * Revision 1.37 2000/03/16 14:02:50 rgb | |
33989 | + * Fixed debug scope to enable compilation with debug off. | |
33990 | + * | |
33991 | + * Revision 1.36 2000/01/21 06:14:46 rgb | |
33992 | + * Added debugging text to ipsec_rj_walker_delete(). | |
33993 | + * Set return code to negative for consistency. | |
33994 | + * | |
33995 | + * Revision 1.35 1999/11/23 23:05:24 rgb | |
33996 | + * Use provided macro ADDRTOA_BUF instead of hardcoded value. | |
33997 | + * | |
33998 | + * Revision 1.34 1999/11/18 04:13:56 rgb | |
33999 | + * Replaced all kernel version macros to shorter, readable form. | |
34000 | + * Added CONFIG_PROC_FS compiler directives in case it is shut off. | |
34001 | + * | |
34002 | + * Revision 1.33 1999/11/17 15:53:39 rgb | |
34003 | + * Changed all occurrences of #include "../../../lib/freeswan.h" | |
34004 | + * to #include <freeswan.h> which works due to -Ilibfreeswan in the | |
34005 | + * klips/net/ipsec/Makefile. | |
34006 | + * | |
34007 | + * Revision 1.32 1999/10/26 13:58:33 rgb | |
34008 | + * Put spinlock flags variable declaration outside the debug compiler | |
34009 | + * directive to enable compilation with debug shut off. | |
34010 | + * | |
34011 | + * Revision 1.31 1999/10/15 22:13:29 rgb | |
34012 | + * Clean out cruft. | |
34013 | + * Align /proc/net/ipsec_eroute output for easier readability. | |
34014 | + * Fix double linefeed in radij debug output. | |
34015 | + * Fix double locking bug that locks up 2.0.36 but not 2.0.38. | |
34016 | + * | |
34017 | + * Revision 1.30 1999/10/08 18:37:33 rgb | |
34018 | + * Fix end-of-line spacing to sate whining PHMs. | |
34019 | + * | |
34020 | + * Revision 1.29 1999/10/03 18:52:45 rgb | |
34021 | + * Spinlock support for 2.0.xx. | |
34022 | + * Dumb return code spin_unlock fix. | |
34023 | + * | |
34024 | + * Revision 1.28 1999/10/01 16:22:24 rgb | |
34025 | + * Switch from assignment init. to functional init. of spinlocks. | |
34026 | + * | |
34027 | + * Revision 1.27 1999/10/01 15:44:53 rgb | |
34028 | + * Move spinlock header include to 2.1> scope. | |
34029 | + * | |
34030 | + * Revision 1.26 1999/10/01 00:01:23 rgb | |
34031 | + * Added eroute structure locking. | |
34032 | + * | |
34033 | + * Revision 1.25 1999/06/10 16:07:30 rgb | |
34034 | + * Silence delete eroute on no debug. | |
34035 | + * | |
34036 | + * Revision 1.24 1999/05/09 03:25:36 rgb | |
34037 | + * Fix bug introduced by 2.2 quick-and-dirty patch. | |
34038 | + * | |
34039 | + * Revision 1.23 1999/05/05 22:02:31 rgb | |
34040 | + * Add a quick and dirty port to 2.2 kernels by Marc Boucher <marc@mbsi.ca>. | |
34041 | + * | |
34042 | + * Revision 1.22 1999/04/29 15:17:23 rgb | |
34043 | + * Add return values to init and cleanup functions. | |
34044 | + * Add sanity checking for null pointer arguments. | |
34045 | + * | |
34046 | + * Revision 1.21 1999/04/11 00:28:58 henry | |
34047 | + * GPL boilerplate | |
34048 | + * | |
34049 | + * Revision 1.20 1999/04/06 04:54:26 rgb | |
34050 | + * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes | |
34051 | + * patch shell fixes. | |
34052 | + * | |
34053 | + * Revision 1.19 1999/02/17 16:50:35 rgb | |
34054 | + * Clean out unused cruft. | |
34055 | + * Consolidate for space and speed efficiency. | |
34056 | + * Convert DEBUG_IPSEC to KLIPS_PRINT | |
34057 | + * | |
34058 | + * Revision 1.18 1999/01/22 06:22:06 rgb | |
34059 | + * Cruft clean-out. | |
34060 | + * 64-bit clean-up. | |
34061 | + * | |
34062 | + * Revision 1.17 1998/12/02 03:09:39 rgb | |
34063 | + * Clean up debug printing conditionals to compile with debugging off. | |
34064 | + * | |
34065 | + * Revision 1.16 1998/12/01 13:49:39 rgb | |
34066 | + * Wrap version info printing in debug switches. | |
34067 | + * | |
34068 | + * Revision 1.15 1998/11/30 13:22:54 rgb | |
34069 | + * Rationalised all the klips kernel file headers. They are much shorter | |
34070 | + * now and won't conflict under RH5.2. | |
34071 | + * | |
34072 | + * Revision 1.14 1998/10/31 06:48:17 rgb | |
34073 | + * Fixed up comments in #endif directives. | |
34074 | + * | |
34075 | + * Revision 1.13 1998/10/27 13:48:09 rgb | |
34076 | + * Cleaned up /proc/net/ipsec_* filesystem for easy parsing by scripts. | |
34077 | + * Fixed less(1) truncated output bug. | |
34078 | + * Code clean-up. | |
34079 | + * | |
34080 | + * Revision 1.12 1998/10/25 02:41:36 rgb | |
34081 | + * Change return type on ipsec_breakroute and ipsec_makeroute and add an | |
34082 | + * argument to be able to transmit more infomation about errors. | |
34083 | + * Fix cut-and-paste debug statement identifier. | |
34084 | + * | |
34085 | + * Revision 1.11 1998/10/22 06:45:39 rgb | |
34086 | + * Cleaned up cruft. | |
34087 | + * Convert to use satoa for printk. | |
34088 | + * | |
34089 | + * Revision 1.10 1998/10/19 14:44:28 rgb | |
34090 | + * Added inclusion of freeswan.h. | |
34091 | + * sa_id structure implemented and used: now includes protocol. | |
34092 | + * | |
34093 | + * Revision 1.9 1998/10/09 04:30:52 rgb | |
34094 | + * Added 'klips_debug' prefix to all klips printk debug statements. | |
34095 | + * Deleted old commented out cruft. | |
34096 | + * | |
34097 | + * Revision 1.8 1998/08/06 17:24:23 rgb | |
34098 | + * Fix addrtoa return code bug from stale manpage advice preventing packets | |
34099 | + * from being erouted. | |
34100 | + * | |
34101 | + * Revision 1.7 1998/08/06 07:44:59 rgb | |
34102 | + * Fixed /proc/net/ipsec_eroute subnettoa and addrtoa return value bug that | |
34103 | + * ended up in nothing being printed. | |
34104 | + * | |
34105 | + * Revision 1.6 1998/08/05 22:16:41 rgb | |
34106 | + * Cleanup to prevent cosmetic errors (ie. debug output) from being fatal. | |
34107 | + * | |
34108 | + * Revision 1.5 1998/07/29 20:38:44 rgb | |
34109 | + * Debug and fix subnettoa and addrtoa output. | |
34110 | + * | |
34111 | + * Revision 1.4 1998/07/28 00:02:39 rgb | |
34112 | + * Converting to exclusive use of addrtoa. | |
34113 | + * Fix eroute delete. | |
34114 | + * | |
34115 | + * Revision 1.3 1998/07/14 18:21:26 rgb | |
34116 | + * Add function to clear the eroute table. | |
34117 | + * | |
34118 | + * Revision 1.2 1998/06/23 02:59:14 rgb | |
34119 | + * Added debugging output to eroute add/delete routines. | |
34120 | + * | |
34121 | + * Revision 1.9 1998/06/18 21:29:06 henry | |
34122 | + * move sources from klips/src to klips/net/ipsec, to keep stupid kernel | |
34123 | + * build scripts happier in presence of symbolic links | |
34124 | + * | |
34125 | + * Revision 1.8 1998/06/05 02:32:26 rgb | |
34126 | + * Fix spi ntoh kernel debug output. | |
34127 | + * | |
34128 | + * Revision 1.7 1998/05/25 20:30:37 rgb | |
34129 | + * Remove temporary ipsec_walk, rj_deltree and rj_delnodes functions. | |
34130 | + * | |
34131 | + * Rename ipsec_rj_walker (ipsec_walk) to ipsec_rj_walker_procprint and | |
34132 | + * add ipsec_rj_walker_delete. | |
34133 | + * | |
34134 | + * Revision 1.6 1998/05/21 13:08:57 rgb | |
34135 | + * Rewrote procinfo subroutines to avoid *bad things* when more that 3k of | |
34136 | + * information is available for printout. | |
34137 | + * | |
34138 | + * Revision 1.5 1998/05/18 21:35:55 rgb | |
34139 | + * Clean up output for numerical consistency and readability. Zero freed | |
34140 | + * eroute memory. | |
34141 | + * | |
34142 | + * Revision 1.4 1998/04/21 21:28:58 rgb | |
34143 | + * Rearrange debug switches to change on the fly debug output from user | |
34144 | + * space. Only kernel changes checked in at this time. radij.c was also | |
34145 | + * changed to temporarily remove buggy debugging code in rj_delete causing | |
34146 | + * an OOPS and hence, netlink device open errors. | |
34147 | + * | |
34148 | + * Revision 1.3 1998/04/14 17:30:39 rgb | |
34149 | + * Fix up compiling errors for radij tree memory reclamation. | |
34150 | + * | |
34151 | + * Revision 1.2 1998/04/12 22:03:23 rgb | |
34152 | + * Updated ESP-3DES-HMAC-MD5-96, | |
34153 | + * ESP-DES-HMAC-MD5-96, | |
34154 | + * AH-HMAC-MD5-96, | |
34155 | + * AH-HMAC-SHA1-96 since Henry started freeswan cvs repository | |
34156 | + * from old standards (RFC182[5-9] to new (as of March 1998) drafts. | |
34157 | + * | |
34158 | + * Fixed eroute references in /proc/net/ipsec*. | |
34159 | + * | |
34160 | + * Started to patch module unloading memory leaks in ipsec_netlink and | |
34161 | + * radij tree unloading. | |
34162 | + * | |
34163 | + * Revision 1.1 1998/04/09 03:06:10 henry | |
34164 | + * sources moved up from linux/net/ipsec | |
34165 | + * | |
34166 | + * Revision 1.1.1.1 1998/04/08 05:35:03 henry | |
34167 | + * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8 | |
34168 | + * | |
34169 | + * Revision 0.4 1997/01/15 01:28:15 ji | |
34170 | + * No changes. | |
34171 | + * | |
34172 | + * Revision 0.3 1996/11/20 14:39:04 ji | |
34173 | + * Minor cleanups. | |
34174 | + * Rationalized debugging code. | |
34175 | + * | |
34176 | + * Revision 0.2 1996/11/02 00:18:33 ji | |
34177 | + * First limited release. | |
34178 | + * | |
34179 | + * | |
34180 | + */ | |
34181 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
34182 | +++ linux/net/ipsec/ipsec_rcv.c Mon Feb 9 13:51:03 2004 | |
34183 | @@ -0,0 +1,2304 @@ | |
34184 | +/* | |
34185 | + * receive code | |
34186 | + * Copyright (C) 1996, 1997 John Ioannidis. | |
34187 | + * Copyright (C) 1998-2003 Richard Guy Briggs. | |
34188 | + * Copyright (C) 2004 Michael Richardson <mcr@xelerance.com> | |
34189 | + * | |
34190 | + * This program is free software; you can redistribute it and/or modify it | |
34191 | + * under the terms of the GNU General Public License as published by the | |
34192 | + * Free Software Foundation; either version 2 of the License, or (at your | |
34193 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
34194 | + * | |
34195 | + * This program is distributed in the hope that it will be useful, but | |
34196 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
34197 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
34198 | + * for more details. | |
34199 | + */ | |
34200 | + | |
34201 | +char ipsec_rcv_c_version[] = "RCSID $Id: ipsec_rcv.c,v 1.171.2.10 2006/10/06 21:39:26 paul Exp $"; | |
34202 | + | |
34203 | +#ifndef AUTOCONF_INCLUDED | |
34204 | +#include <linux/config.h> | |
34205 | +#endif | |
34206 | +#include <linux/version.h> | |
34207 | + | |
34208 | +#define __NO_VERSION__ | |
34209 | +#include <linux/module.h> | |
34210 | +#include <linux/kernel.h> /* printk() */ | |
34211 | + | |
34212 | +#include "openswan/ipsec_param.h" | |
34213 | + | |
34214 | +#ifdef MALLOC_SLAB | |
34215 | +# include <linux/slab.h> /* kmalloc() */ | |
34216 | +#else /* MALLOC_SLAB */ | |
34217 | +# include <linux/malloc.h> /* kmalloc() */ | |
34218 | +#endif /* MALLOC_SLAB */ | |
34219 | +#include <linux/errno.h> /* error codes */ | |
34220 | +#include <linux/types.h> /* size_t */ | |
34221 | +#include <linux/interrupt.h> /* mark_bh */ | |
34222 | + | |
34223 | +#include <linux/netdevice.h> /* struct device, and other headers */ | |
34224 | +#include <linux/etherdevice.h> /* eth_type_trans */ | |
34225 | +#include <linux/ip.h> /* struct iphdr */ | |
34226 | + | |
34227 | +#include <net/tcp.h> | |
34228 | +#include <net/udp.h> | |
34229 | +#include <linux/skbuff.h> | |
34230 | +#include <openswan.h> | |
34231 | +#ifdef SPINLOCK | |
34232 | +# ifdef SPINLOCK_23 | |
34233 | +# include <linux/spinlock.h> /* *lock* */ | |
34234 | +# else /* SPINLOCK_23 */ | |
34235 | +# include <asm/spinlock.h> /* *lock* */ | |
34236 | +# endif /* SPINLOCK_23 */ | |
34237 | +#endif /* SPINLOCK */ | |
34238 | + | |
34239 | +#include <net/ip.h> | |
34240 | + | |
34241 | +#include "openswan/ipsec_kern24.h" | |
34242 | +#include "openswan/radij.h" | |
34243 | +#include "openswan/ipsec_encap.h" | |
34244 | +#include "openswan/ipsec_sa.h" | |
34245 | + | |
34246 | +#include "openswan/ipsec_radij.h" | |
34247 | +#include "openswan/ipsec_xform.h" | |
34248 | +#include "openswan/ipsec_tunnel.h" | |
34249 | +#include "openswan/ipsec_rcv.h" | |
34250 | + | |
34251 | +#include "openswan/ipsec_auth.h" | |
34252 | + | |
34253 | +#include "openswan/ipsec_esp.h" | |
34254 | + | |
34255 | +#ifdef CONFIG_KLIPS_AH | |
34256 | +#include "openswan/ipsec_ah.h" | |
34257 | +#endif /* CONFIG_KLIPS_AH */ | |
34258 | + | |
34259 | +#ifdef CONFIG_KLIPS_IPCOMP | |
34260 | +#include "openswan/ipsec_ipcomp.h" | |
34261 | +#endif /* CONFIG_KLIPS_COMP */ | |
34262 | + | |
34263 | +#include <pfkeyv2.h> | |
34264 | +#include <pfkey.h> | |
34265 | + | |
34266 | +#include "openswan/ipsec_proto.h" | |
34267 | +#include "openswan/ipsec_alg.h" | |
34268 | +#include "openswan/ipsec_kern24.h" | |
34269 | + | |
34270 | +#ifdef CONFIG_KLIPS_DEBUG | |
34271 | +int debug_rcv = 0; | |
34272 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
34273 | + | |
34274 | +int sysctl_ipsec_inbound_policy_check = 1; | |
34275 | + | |
34276 | +#ifdef CONFIG_IPSEC_NAT_TRAVERSAL | |
34277 | +#include <linux/udp.h> | |
34278 | +#endif | |
34279 | + | |
34280 | +/* This is a private use protocol, and AT&T should be ashamed. They should have | |
34281 | + * used protocol # 59, which is "no next header" instead of 0xFE. | |
34282 | + */ | |
34283 | +#ifndef IPPROTO_ATT_HEARTBEAT | |
34284 | +#define IPPROTO_ATT_HEARTBEAT 0xFE | |
34285 | +#endif | |
34286 | + | |
34287 | +/* | |
34288 | + * Check-replay-window routine, adapted from the original | |
34289 | + * by J. Hughes, from draft-ietf-ipsec-esp-des-md5-03.txt | |
34290 | + * | |
34291 | + * This is a routine that implements a 64 packet window. This is intend- | |
34292 | + * ed on being an implementation sample. | |
34293 | + */ | |
34294 | + | |
34295 | +DEBUG_NO_STATIC int | |
34296 | +ipsec_checkreplaywindow(struct ipsec_sa*ipsp, __u32 seq) | |
34297 | +{ | |
34298 | + __u32 diff; | |
34299 | + | |
34300 | + if (ipsp->ips_replaywin == 0) /* replay shut off */ | |
34301 | + return 1; | |
34302 | + if (seq == 0) | |
34303 | + return 0; /* first == 0 or wrapped */ | |
34304 | + | |
34305 | + /* new larger sequence number */ | |
34306 | + if (seq > ipsp->ips_replaywin_lastseq) { | |
34307 | + return 1; /* larger is good */ | |
34308 | + } | |
34309 | + diff = ipsp->ips_replaywin_lastseq - seq; | |
34310 | + | |
34311 | + /* too old or wrapped */ /* if wrapped, kill off SA? */ | |
34312 | + if (diff >= ipsp->ips_replaywin) { | |
34313 | + return 0; | |
34314 | + } | |
34315 | + /* this packet already seen */ | |
34316 | + if (ipsp->ips_replaywin_bitmap & (1 << diff)) | |
34317 | + return 0; | |
34318 | + return 1; /* out of order but good */ | |
34319 | +} | |
34320 | + | |
34321 | +DEBUG_NO_STATIC int | |
34322 | +ipsec_updatereplaywindow(struct ipsec_sa*ipsp, __u32 seq) | |
34323 | +{ | |
34324 | + __u32 diff; | |
34325 | + | |
34326 | + if (ipsp->ips_replaywin == 0) /* replay shut off */ | |
34327 | + return 1; | |
34328 | + if (seq == 0) | |
34329 | + return 0; /* first == 0 or wrapped */ | |
34330 | + | |
34331 | + /* new larger sequence number */ | |
34332 | + if (seq > ipsp->ips_replaywin_lastseq) { | |
34333 | + diff = seq - ipsp->ips_replaywin_lastseq; | |
34334 | + | |
34335 | + /* In win, set bit for this pkt */ | |
34336 | + if (diff < ipsp->ips_replaywin) | |
34337 | + ipsp->ips_replaywin_bitmap = | |
34338 | + (ipsp->ips_replaywin_bitmap << diff) | 1; | |
34339 | + else | |
34340 | + /* This packet has way larger seq num */ | |
34341 | + ipsp->ips_replaywin_bitmap = 1; | |
34342 | + | |
34343 | + if(seq - ipsp->ips_replaywin_lastseq - 1 > ipsp->ips_replaywin_maxdiff) { | |
34344 | + ipsp->ips_replaywin_maxdiff = seq - ipsp->ips_replaywin_lastseq - 1; | |
34345 | + } | |
34346 | + ipsp->ips_replaywin_lastseq = seq; | |
34347 | + return 1; /* larger is good */ | |
34348 | + } | |
34349 | + diff = ipsp->ips_replaywin_lastseq - seq; | |
34350 | + | |
34351 | + /* too old or wrapped */ /* if wrapped, kill off SA? */ | |
34352 | + if (diff >= ipsp->ips_replaywin) { | |
34353 | +/* | |
34354 | + if(seq < 0.25*max && ipsp->ips_replaywin_lastseq > 0.75*max) { | |
34355 | + ipsec_sa_delchain(ipsp); | |
34356 | + } | |
34357 | +*/ | |
34358 | + return 0; | |
34359 | + } | |
34360 | + /* this packet already seen */ | |
34361 | + if (ipsp->ips_replaywin_bitmap & (1 << diff)) | |
34362 | + return 0; | |
34363 | + ipsp->ips_replaywin_bitmap |= (1 << diff); /* mark as seen */ | |
34364 | + return 1; /* out of order but good */ | |
34365 | +} | |
34366 | + | |
34367 | +#ifdef CONFIG_KLIPS_AUTH_HMAC_MD5 | |
34368 | +struct auth_alg ipsec_rcv_md5[]={ | |
34369 | + {osMD5Init, osMD5Update, osMD5Final, AHMD596_ALEN} | |
34370 | +}; | |
34371 | + | |
34372 | +#endif /* CONFIG_KLIPS_AUTH_HMAC_MD5 */ | |
34373 | + | |
34374 | +#ifdef CONFIG_KLIPS_AUTH_HMAC_SHA1 | |
34375 | +struct auth_alg ipsec_rcv_sha1[]={ | |
34376 | + {SHA1Init, SHA1Update, SHA1Final, AHSHA196_ALEN} | |
34377 | +}; | |
34378 | +#endif /* CONFIG_KLIPS_AUTH_HMAC_MD5 */ | |
34379 | + | |
34380 | +/* | |
34381 | + * decapsulate a single layer of the system | |
34382 | + * | |
34383 | + * the following things should be setup to enter this function. | |
34384 | + * | |
34385 | + * irs->stats == stats structure (or NULL) | |
34386 | + * irs->ipp = IP header. | |
34387 | + * irs->len = total length of packet | |
34388 | + * skb->nh.iph = ipp; | |
34389 | + * skb->h.raw = start of payload | |
34390 | + * irs->ipsp = NULL. | |
34391 | + * irs->iphlen = N/A = is recalculated. | |
34392 | + * irs->ilen = 0; | |
34393 | + * irs->authlen = 0; | |
34394 | + * irs->authfuncs = NULL; | |
34395 | + * irs->skb = the skb; | |
34396 | + * | |
34397 | + * proto_funcs should be from ipsec_esp.c, ipsec_ah.c or ipsec_ipcomp.c. | |
34398 | + * | |
34399 | + */ | |
34400 | +enum ipsec_rcv_value | |
34401 | +ipsec_rcv_decap_once(struct ipsec_rcv_state *irs | |
34402 | + , struct xform_functions *proto_funcs) | |
34403 | +{ | |
34404 | + int iphlen; | |
34405 | + __u8 proto; | |
34406 | + struct in_addr ipsaddr; | |
34407 | + struct in_addr ipdaddr; | |
34408 | + int replay = 0; /* replay value in AH or ESP packet */ | |
34409 | + struct ipsec_sa* ipsnext = NULL; /* next SA towards inside of packet */ | |
34410 | + struct ipsec_sa *newipsp; | |
34411 | + struct iphdr *ipp; | |
34412 | + struct sk_buff *skb; | |
34413 | + struct ipsec_alg_auth *ixt_a=NULL; | |
34414 | + | |
34415 | + skb = irs->skb; | |
34416 | + irs->len = skb->len; | |
34417 | + ipp = irs->ipp; | |
34418 | + proto = ipp->protocol; | |
34419 | + ipsaddr.s_addr = ipp->saddr; | |
34420 | + addrtoa(ipsaddr, 0, irs->ipsaddr_txt, sizeof(irs->ipsaddr_txt)); | |
34421 | + ipdaddr.s_addr = ipp->daddr; | |
34422 | + addrtoa(ipdaddr, 0, irs->ipdaddr_txt, sizeof(irs->ipdaddr_txt)); | |
34423 | + | |
34424 | + iphlen = ipp->ihl << 2; | |
34425 | + irs->iphlen=iphlen; | |
34426 | + ipp->check = 0; /* we know the sum is good */ | |
34427 | + | |
34428 | + KLIPS_PRINT(debug_rcv, | |
34429 | + "klips_debug:ipsec_rcv_decap_once: " | |
34430 | + "decap (%d) from %s -> %s\n", | |
34431 | + proto, irs->ipsaddr_txt, irs->ipdaddr_txt); | |
34432 | + | |
34433 | + /* | |
34434 | + * Find tunnel control block and (indirectly) call the | |
34435 | + * appropriate tranform routine. The resulting sk_buf | |
34436 | + * is a valid IP packet ready to go through input processing. | |
34437 | + */ | |
34438 | + | |
34439 | + irs->said.dst.u.v4.sin_addr.s_addr = ipp->daddr; | |
34440 | + irs->said.dst.u.v4.sin_family = AF_INET; | |
34441 | + | |
34442 | + /* note: rcv_checks set up the said.spi value, if appropriate */ | |
34443 | + if(proto_funcs->rcv_checks) { | |
34444 | + enum ipsec_rcv_value retval = | |
34445 | + (*proto_funcs->rcv_checks)(irs, skb); | |
34446 | + | |
34447 | + if(retval < 0) { | |
34448 | + return retval; | |
34449 | + } | |
34450 | + } | |
34451 | + | |
34452 | + irs->said.proto = proto; | |
34453 | + irs->sa_len = satot(&irs->said, 0, irs->sa, sizeof(irs->sa)); | |
34454 | + if(irs->sa_len == 0) { | |
34455 | + strcpy(irs->sa, "(error)"); | |
34456 | + } | |
34457 | + | |
34458 | + newipsp = ipsec_sa_getbyid(&irs->said); | |
34459 | + if (newipsp == NULL) { | |
34460 | + KLIPS_PRINT(debug_rcv, | |
34461 | + "klips_debug:ipsec_rcv: " | |
34462 | + "no ipsec_sa for SA:%s: incoming packet with no SA dropped\n", | |
34463 | + irs->sa_len ? irs->sa : " (error)"); | |
34464 | + if(irs->stats) { | |
34465 | + irs->stats->rx_dropped++; | |
34466 | + } | |
34467 | + return IPSEC_RCV_SAIDNOTFOUND; | |
34468 | + } | |
34469 | + | |
34470 | + /* MCR - XXX this is bizarre. ipsec_sa_getbyid returned it, having | |
34471 | + * incremented the refcount, why in the world would we decrement it | |
34472 | + * here? */ | |
34473 | + /* ipsec_sa_put(irs->ipsp);*/ /* incomplete */ | |
34474 | + | |
34475 | + /* If it is in larval state, drop the packet, we cannot process yet. */ | |
34476 | + if(newipsp->ips_state == SADB_SASTATE_LARVAL) { | |
34477 | + KLIPS_PRINT(debug_rcv, | |
34478 | + "klips_debug:ipsec_rcv: " | |
34479 | + "ipsec_sa in larval state, cannot be used yet, dropping packet.\n"); | |
34480 | + if(irs->stats) { | |
34481 | + irs->stats->rx_dropped++; | |
34482 | + } | |
34483 | + ipsec_sa_put(newipsp); | |
34484 | + return IPSEC_RCV_SAIDNOTLIVE; | |
34485 | + } | |
34486 | + | |
34487 | + if(newipsp->ips_state == SADB_SASTATE_DEAD) { | |
34488 | + KLIPS_PRINT(debug_rcv, | |
34489 | + "klips_debug:ipsec_rcv: " | |
34490 | + "ipsec_sa in dead state, cannot be used any more, dropping packet.\n"); | |
34491 | + if(irs->stats) { | |
34492 | + irs->stats->rx_dropped++; | |
34493 | + } | |
34494 | + ipsec_sa_put(newipsp); | |
34495 | + return IPSEC_RCV_SAIDNOTLIVE; | |
34496 | + } | |
34497 | + | |
34498 | + if(sysctl_ipsec_inbound_policy_check) { | |
34499 | + if(irs->ipp->saddr != ((struct sockaddr_in*)(newipsp->ips_addr_s))->sin_addr.s_addr) { | |
34500 | + KLIPS_PRINT(debug_rcv, | |
34501 | + "klips_debug:ipsec_rcv: " | |
34502 | + "SA:%s, src=%s of pkt does not agree with expected SA source address policy.\n", | |
34503 | + irs->sa_len ? irs->sa : " (error)", | |
34504 | + irs->ipsaddr_txt); | |
34505 | + if(irs->stats) { | |
34506 | + irs->stats->rx_dropped++; | |
34507 | + } | |
34508 | + ipsec_sa_put(newipsp); | |
34509 | + return IPSEC_RCV_FAILEDINBOUND; | |
34510 | + } | |
34511 | + | |
34512 | + KLIPS_PRINT(debug_rcv, | |
34513 | + "klips_debug:ipsec_rcv: " | |
34514 | + "SA:%s, src=%s of pkt agrees with expected SA source address policy.\n", | |
34515 | + irs->sa_len ? irs->sa : " (error)", | |
34516 | + irs->ipsaddr_txt); | |
34517 | + | |
34518 | + /* | |
34519 | + * at this point, we have looked up a new SA, and we want to make sure that if this | |
34520 | + * isn't the first SA in the list, that the previous SA actually points at this one. | |
34521 | + */ | |
34522 | + if(irs->ipsp) { | |
34523 | + if(irs->ipsp->ips_inext != newipsp) { | |
34524 | + KLIPS_PRINT(debug_rcv, | |
34525 | + "klips_debug:ipsec_rcv: " | |
34526 | + "unexpected SA:%s: does not agree with ips->inext policy, dropped\n", | |
34527 | + irs->sa_len ? irs->sa : " (error)"); | |
34528 | + if(irs->stats) { | |
34529 | + irs->stats->rx_dropped++; | |
34530 | + } | |
34531 | + ipsec_sa_put(newipsp); | |
34532 | + return IPSEC_RCV_FAILEDINBOUND; | |
34533 | + } | |
34534 | + KLIPS_PRINT(debug_rcv, | |
34535 | + "klips_debug:ipsec_rcv: " | |
34536 | + "SA:%s grouping from previous SA is OK.\n", | |
34537 | + irs->sa_len ? irs->sa : " (error)"); | |
34538 | + } else { | |
34539 | + KLIPS_PRINT(debug_rcv, | |
34540 | + "klips_debug:ipsec_rcv: " | |
34541 | + "SA:%s First SA in group.\n", | |
34542 | + irs->sa_len ? irs->sa : " (error)"); | |
34543 | + } | |
34544 | + | |
34545 | + | |
34546 | + | |
34547 | + | |
34548 | + | |
34549 | +#ifdef CONFIG_IPSEC_NAT_TRAVERSAL | |
34550 | + if (proto == IPPROTO_ESP) { | |
34551 | + KLIPS_PRINT(debug_rcv, | |
34552 | + "klips_debug:ipsec_rcv: " | |
34553 | + "natt_type=%u tdbp->ips_natt_type=%u : %s\n", | |
34554 | + irs->natt_type, newipsp->ips_natt_type, | |
34555 | + (irs->natt_type==newipsp->ips_natt_type)?"ok":"bad"); | |
34556 | + if (irs->natt_type != newipsp->ips_natt_type) { | |
34557 | + KLIPS_PRINT(debug_rcv, | |
34558 | + "klips_debug:ipsec_rcv: " | |
34559 | + "SA:%s does not agree with expected NAT-T policy.\n", | |
34560 | + irs->sa_len ? irs->sa : " (error)"); | |
34561 | + if(irs->stats) { | |
34562 | + irs->stats->rx_dropped++; | |
34563 | + } | |
34564 | + ipsec_sa_put(newipsp); | |
34565 | + return IPSEC_RCV_FAILEDINBOUND; | |
34566 | + } | |
34567 | + } | |
34568 | +#endif | |
34569 | + } | |
34570 | + | |
34571 | + /* okay, SA checks out, so free any previous SA, and record a new one*/ | |
34572 | + | |
34573 | + if(irs->ipsp) { | |
34574 | + ipsec_sa_put(irs->ipsp); | |
34575 | + } | |
34576 | + irs->ipsp=newipsp; | |
34577 | + | |
34578 | + /* note that the outer code will free the irs->ipsp | |
34579 | + if there is an error */ | |
34580 | + | |
34581 | + | |
34582 | + /* now check the lifetimes */ | |
34583 | + if(ipsec_lifetime_check(&irs->ipsp->ips_life.ipl_bytes, "bytes", | |
34584 | + irs->sa, ipsec_life_countbased, ipsec_incoming, | |
34585 | + irs->ipsp) == ipsec_life_harddied || | |
34586 | + ipsec_lifetime_check(&irs->ipsp->ips_life.ipl_addtime, "addtime", | |
34587 | + irs->sa, ipsec_life_timebased, ipsec_incoming, | |
34588 | + irs->ipsp) == ipsec_life_harddied || | |
34589 | + ipsec_lifetime_check(&irs->ipsp->ips_life.ipl_addtime, "usetime", | |
34590 | + irs->sa, ipsec_life_timebased, ipsec_incoming, | |
34591 | + irs->ipsp) == ipsec_life_harddied || | |
34592 | + ipsec_lifetime_check(&irs->ipsp->ips_life.ipl_packets, "packets", | |
34593 | + irs->sa, ipsec_life_countbased, ipsec_incoming, | |
34594 | + irs->ipsp) == ipsec_life_harddied) { | |
34595 | + ipsec_sa_delchain(irs->ipsp); | |
34596 | + if(irs->stats) { | |
34597 | + irs->stats->rx_dropped++; | |
34598 | + } | |
34599 | + | |
34600 | + KLIPS_PRINT(debug_rcv, | |
34601 | + "klips_debug:ipsec_rcv_decap_once: " | |
34602 | + "decap (%d) failed lifetime check\n", | |
34603 | + proto); | |
34604 | + | |
34605 | + return IPSEC_RCV_LIFETIMEFAILED; | |
34606 | + } | |
34607 | + | |
34608 | +#if 0 | |
34609 | + /* | |
34610 | + * This is removed for some reasons: | |
34611 | + * 1) it needs to happen *after* authentication. | |
34612 | + * 2) do we really care, if it authenticates, if it came | |
34613 | + * from the wrong location? | |
34614 | + * 3) the NAT_KA messages in IKE will also get to pluto | |
34615 | + * and it will figure out that stuff has moved. | |
34616 | + * 4) the 2.6 udp-esp encap function does not pass us | |
34617 | + * the originating port number, and I can't tell | |
34618 | + * if skb->sk is guaranteed to be valid here. | |
34619 | + * 2005-04-16: mcr@xelerance.com | |
34620 | + */ | |
34621 | +#ifdef CONFIG_IPSEC_NAT_TRAVERSAL | |
34622 | + /* | |
34623 | + * | |
34624 | + * XXX we should ONLY update pluto if the SA passes all checks, | |
34625 | + * which we clearly do not now. | |
34626 | + */ | |
34627 | + if ((irs->natt_type) && | |
34628 | + ( (irs->ipp->saddr != (((struct sockaddr_in*)(newipsp->ips_addr_s))->sin_addr.s_addr)) || | |
34629 | + (irs->natt_sport != newipsp->ips_natt_sport) | |
34630 | + )) { | |
34631 | + struct sockaddr sipaddr; | |
34632 | + struct sockaddr_in *psin = (struct sockaddr_in*)(newipsp->ips_addr_s); | |
34633 | + | |
34634 | + /** Advertise NAT-T addr change to pluto **/ | |
34635 | + sipaddr.sa_family = AF_INET; | |
34636 | + ((struct sockaddr_in*)&sipaddr)->sin_addr.s_addr = irs->ipp->saddr; | |
34637 | + ((struct sockaddr_in*)&sipaddr)->sin_port = htons(irs->natt_sport); | |
34638 | + pfkey_nat_t_new_mapping(newipsp, &sipaddr, irs->natt_sport); | |
34639 | + | |
34640 | + /** | |
34641 | + * Then allow or block packet depending on | |
34642 | + * sysctl_ipsec_inbound_policy_check. | |
34643 | + * | |
34644 | + * In all cases, pluto will update SA if new mapping is | |
34645 | + * accepted. | |
34646 | + */ | |
34647 | + if (sysctl_ipsec_inbound_policy_check) { | |
34648 | + KLIPS_PRINT(debug_rcv, | |
34649 | + "klips_debug:ipsec_rcv: " | |
34650 | + "SA:%s, src=%s:%u of pkt does not agree with expected " | |
34651 | + "SA source address [%08x:%u] (notifying pluto of change).\n", | |
34652 | + irs->sa_len ? irs->sa : " (error)", | |
34653 | + irs->ipsaddr_txt, irs->natt_sport, | |
34654 | + psin->sin_addr.s_addr, | |
34655 | + newipsp->ips_natt_sport); | |
34656 | + if(irs->stats) { | |
34657 | + irs->stats->rx_dropped++; | |
34658 | + } | |
34659 | + ipsec_sa_put(newipsp); | |
34660 | + return IPSEC_RCV_FAILEDINBOUND; | |
34661 | + } | |
34662 | + } | |
34663 | +#endif | |
34664 | +#endif | |
34665 | + | |
34666 | + irs->authfuncs=NULL; | |
34667 | + | |
34668 | + /* authenticate, if required */ | |
34669 | + if ((ixt_a=irs->ipsp->ips_alg_auth)) { | |
34670 | + irs->authlen = AHHMAC_HASHLEN; | |
34671 | + irs->authfuncs = NULL; | |
34672 | + irs->ictx = NULL; | |
34673 | + irs->octx = NULL; | |
34674 | + irs->ictx_len = 0; | |
34675 | + irs->octx_len = 0; | |
34676 | + KLIPS_PRINT(debug_rcv, | |
34677 | + "klips_debug:ipsec_rcv: " | |
34678 | + "authalg=%d authlen=%d\n", | |
34679 | + irs->ipsp->ips_authalg, | |
34680 | + irs->authlen); | |
34681 | + } else | |
34682 | + switch(irs->ipsp->ips_authalg) { | |
34683 | +#ifdef CONFIG_KLIPS_AUTH_HMAC_MD5 | |
34684 | + case AH_MD5: | |
34685 | + irs->authlen = AHHMAC_HASHLEN; | |
34686 | + irs->authfuncs = ipsec_rcv_md5; | |
34687 | + irs->ictx = (void *)&((struct md5_ctx*)(irs->ipsp->ips_key_a))->ictx; | |
34688 | + irs->octx = (void *)&((struct md5_ctx*)(irs->ipsp->ips_key_a))->octx; | |
34689 | + irs->ictx_len = sizeof(((struct md5_ctx*)(irs->ipsp->ips_key_a))->ictx); | |
34690 | + irs->octx_len = sizeof(((struct md5_ctx*)(irs->ipsp->ips_key_a))->octx); | |
34691 | + break; | |
34692 | +#endif /* CONFIG_KLIPS_AUTH_HMAC_MD5 */ | |
34693 | +#ifdef CONFIG_KLIPS_AUTH_HMAC_SHA1 | |
34694 | + case AH_SHA: | |
34695 | + irs->authlen = AHHMAC_HASHLEN; | |
34696 | + irs->authfuncs = ipsec_rcv_sha1; | |
34697 | + irs->ictx = (void *)&((struct sha1_ctx*)(irs->ipsp->ips_key_a))->ictx; | |
34698 | + irs->octx = (void *)&((struct sha1_ctx*)(irs->ipsp->ips_key_a))->octx; | |
34699 | + irs->ictx_len = sizeof(((struct sha1_ctx*)(irs->ipsp->ips_key_a))->ictx); | |
34700 | + irs->octx_len = sizeof(((struct sha1_ctx*)(irs->ipsp->ips_key_a))->octx); | |
34701 | + break; | |
34702 | +#endif /* CONFIG_KLIPS_AUTH_HMAC_SHA1 */ | |
34703 | + case AH_NONE: | |
34704 | + irs->authlen = 0; | |
34705 | + irs->authfuncs = NULL; | |
34706 | + irs->ictx = NULL; | |
34707 | + irs->octx = NULL; | |
34708 | + irs->ictx_len = 0; | |
34709 | + irs->octx_len = 0; | |
34710 | + break; | |
34711 | + default: | |
34712 | + irs->ipsp->ips_errs.ips_alg_errs += 1; | |
34713 | + if(irs->stats) { | |
34714 | + irs->stats->rx_errors++; | |
34715 | + } | |
34716 | + return IPSEC_RCV_BADAUTH; | |
34717 | + } | |
34718 | + | |
34719 | + /* ilen counts number of bytes in ESP portion */ | |
34720 | + irs->ilen = ((skb->data + skb->len) - skb->h.raw) - irs->authlen; | |
34721 | + if(irs->ilen <= 0) { | |
34722 | + KLIPS_PRINT(debug_rcv, | |
34723 | + "klips_debug:ipsec_rcv: " | |
34724 | + "runt %s packet with no data, dropping.\n", | |
34725 | + (proto == IPPROTO_ESP ? "esp" : "ah")); | |
34726 | + if(irs->stats) { | |
34727 | + irs->stats->rx_dropped++; | |
34728 | + } | |
34729 | + return IPSEC_RCV_BADLEN; | |
34730 | + } | |
34731 | + | |
34732 | + if(irs->authfuncs || ixt_a) { | |
34733 | + unsigned char *authenticator = NULL; | |
34734 | + | |
34735 | + if(proto_funcs->rcv_setup_auth) { | |
34736 | + enum ipsec_rcv_value retval | |
34737 | + = (*proto_funcs->rcv_setup_auth)(irs, skb, | |
34738 | + &replay, | |
34739 | + &authenticator); | |
34740 | + if(retval < 0) { | |
34741 | + return retval; | |
34742 | + } | |
34743 | + } | |
34744 | + | |
34745 | + if(!authenticator) { | |
34746 | + irs->ipsp->ips_errs.ips_auth_errs += 1; | |
34747 | + if(irs->stats) { | |
34748 | + irs->stats->rx_dropped++; | |
34749 | + } | |
34750 | + return IPSEC_RCV_BADAUTH; | |
34751 | + } | |
34752 | + | |
34753 | + if(!ipsec_checkreplaywindow(irs->ipsp, replay)) { | |
34754 | + irs->ipsp->ips_errs.ips_replaywin_errs += 1; | |
34755 | + KLIPS_PRINT(debug_rcv & DB_RX_REPLAY, | |
34756 | + "klips_debug:ipsec_rcv: " | |
34757 | + "duplicate frame from %s, packet dropped\n", | |
34758 | + irs->ipsaddr_txt); | |
34759 | + if(irs->stats) { | |
34760 | + irs->stats->rx_dropped++; | |
34761 | + } | |
34762 | + return IPSEC_RCV_REPLAYFAILED; | |
34763 | + } | |
34764 | + | |
34765 | + /* | |
34766 | + * verify authenticator | |
34767 | + */ | |
34768 | + | |
34769 | + KLIPS_PRINT(debug_rcv, | |
34770 | + "klips_debug:ipsec_rcv: " | |
34771 | + "encalg = %d, authalg = %d.\n", | |
34772 | + irs->ipsp->ips_encalg, | |
34773 | + irs->ipsp->ips_authalg); | |
34774 | + | |
34775 | + /* calculate authenticator */ | |
34776 | + if(proto_funcs->rcv_calc_auth == NULL) { | |
34777 | + return IPSEC_RCV_BADAUTH; | |
34778 | + } | |
34779 | + (*proto_funcs->rcv_calc_auth)(irs, skb); | |
34780 | + | |
34781 | + if (memcmp(irs->hash, authenticator, irs->authlen)) { | |
34782 | + irs->ipsp->ips_errs.ips_auth_errs += 1; | |
34783 | + KLIPS_PRINT(debug_rcv & DB_RX_INAU, | |
34784 | + "klips_debug:ipsec_rcv: " | |
34785 | + "auth failed on incoming packet from %s: hash=%08x%08x%08x auth=%08x%08x%08x, dropped\n", | |
34786 | + irs->ipsaddr_txt, | |
34787 | + ntohl(*(__u32*)&irs->hash[0]), | |
34788 | + ntohl(*(__u32*)&irs->hash[4]), | |
34789 | + ntohl(*(__u32*)&irs->hash[8]), | |
34790 | + ntohl(*(__u32*)authenticator), | |
34791 | + ntohl(*((__u32*)authenticator + 1)), | |
34792 | + ntohl(*((__u32*)authenticator + 2))); | |
34793 | + if(irs->stats) { | |
34794 | + irs->stats->rx_dropped++; | |
34795 | + } | |
34796 | + return IPSEC_RCV_AUTHFAILED; | |
34797 | + } else { | |
34798 | + KLIPS_PRINT(debug_rcv, | |
34799 | + "klips_debug:ipsec_rcv: " | |
34800 | + "authentication successful.\n"); | |
34801 | + } | |
34802 | + | |
34803 | + /* Crypto hygiene: clear memory used to calculate autheticator. | |
34804 | + * The length varies with the algorithm. | |
34805 | + */ | |
34806 | + memset(irs->hash, 0, irs->authlen); | |
34807 | + | |
34808 | + /* If the sequence number == 0, expire SA, it had rolled */ | |
34809 | + if(irs->ipsp->ips_replaywin && !replay /* !irs->ipsp->ips_replaywin_lastseq */) { | |
34810 | + ipsec_sa_delchain(irs->ipsp); | |
34811 | + KLIPS_PRINT(debug_rcv, | |
34812 | + "klips_debug:ipsec_rcv: " | |
34813 | + "replay window counter rolled, expiring SA.\n"); | |
34814 | + if(irs->stats) { | |
34815 | + irs->stats->rx_dropped++; | |
34816 | + } | |
34817 | + return IPSEC_RCV_REPLAYROLLED; | |
34818 | + } | |
34819 | + | |
34820 | + /* now update the replay counter */ | |
34821 | + if (!ipsec_updatereplaywindow(irs->ipsp, replay)) { | |
34822 | + irs->ipsp->ips_errs.ips_replaywin_errs += 1; | |
34823 | + KLIPS_PRINT(debug_rcv & DB_RX_REPLAY, | |
34824 | + "klips_debug:ipsec_rcv: " | |
34825 | + "duplicate frame from %s, packet dropped\n", | |
34826 | + irs->ipsaddr_txt); | |
34827 | + if(irs->stats) { | |
34828 | + irs->stats->rx_dropped++; | |
34829 | + } | |
34830 | + return IPSEC_RCV_REPLAYROLLED; | |
34831 | + } | |
34832 | + } | |
34833 | + | |
34834 | + if(proto_funcs->rcv_decrypt) { | |
34835 | + enum ipsec_rcv_value retval = | |
34836 | + (*proto_funcs->rcv_decrypt)(irs); | |
34837 | + | |
34838 | + if(retval != IPSEC_RCV_OK) { | |
34839 | + return retval; | |
34840 | + } | |
34841 | + } | |
34842 | + | |
34843 | + /* | |
34844 | + * Adjust pointers | |
34845 | + */ | |
34846 | + skb = irs->skb; | |
34847 | + irs->len = skb->len; | |
34848 | + ipp = irs->ipp = skb->nh.iph; | |
34849 | + iphlen = ipp->ihl<<2; | |
34850 | + skb->h.raw = skb->nh.raw + iphlen; | |
34851 | + | |
34852 | + /* zero any options that there might be */ | |
34853 | + memset(&(IPCB(skb)->opt), 0, sizeof(struct ip_options)); | |
34854 | + | |
34855 | + ipsaddr.s_addr = ipp->saddr; | |
34856 | + addrtoa(ipsaddr, 0, irs->ipsaddr_txt, sizeof(irs->ipsaddr_txt)); | |
34857 | + ipdaddr.s_addr = ipp->daddr; | |
34858 | + addrtoa(ipdaddr, 0, irs->ipdaddr_txt, sizeof(irs->ipdaddr_txt)); | |
34859 | + | |
34860 | + /* | |
34861 | + * Discard the original ESP/AH header | |
34862 | + */ | |
34863 | + ipp->protocol = irs->next_header; | |
34864 | + | |
34865 | + ipp->check = 0; /* NOTE: this will be included in checksum */ | |
34866 | + ipp->check = ip_fast_csum((unsigned char *)skb->nh.iph, iphlen >> 2); | |
34867 | + | |
34868 | + KLIPS_PRINT(debug_rcv & DB_RX_PKTRX, | |
34869 | + "klips_debug:ipsec_rcv: " | |
34870 | + "after <%s%s%s>, SA:%s:\n", | |
34871 | + IPS_XFORM_NAME(irs->ipsp), | |
34872 | + irs->sa_len ? irs->sa : " (error)"); | |
34873 | + KLIPS_IP_PRINT(debug_rcv & DB_RX_PKTRX, ipp); | |
34874 | + | |
34875 | + skb->protocol = htons(ETH_P_IP); | |
34876 | + skb->ip_summed = 0; | |
34877 | + | |
34878 | + ipsnext = irs->ipsp->ips_inext; | |
34879 | + if(sysctl_ipsec_inbound_policy_check) { | |
34880 | + if(ipsnext) { | |
34881 | + if( | |
34882 | + ipp->protocol != IPPROTO_AH | |
34883 | + && ipp->protocol != IPPROTO_ESP | |
34884 | +#ifdef CONFIG_KLIPS_IPCOMP | |
34885 | + && ipp->protocol != IPPROTO_COMP | |
34886 | + && (ipsnext->ips_said.proto != IPPROTO_COMP | |
34887 | + || ipsnext->ips_inext) | |
34888 | +#endif /* CONFIG_KLIPS_IPCOMP */ | |
34889 | + && ipp->protocol != IPPROTO_IPIP | |
34890 | + && ipp->protocol != IPPROTO_ATT_HEARTBEAT /* heartbeats to AT&T SIG/GIG */ | |
34891 | + ) { | |
34892 | + KLIPS_PRINT(debug_rcv, | |
34893 | + "klips_debug:ipsec_rcv: " | |
34894 | + "packet with incomplete policy dropped, last successful SA:%s.\n", | |
34895 | + irs->sa_len ? irs->sa : " (error)"); | |
34896 | + if(irs->stats) { | |
34897 | + irs->stats->rx_dropped++; | |
34898 | + } | |
34899 | + return IPSEC_RCV_FAILEDINBOUND; | |
34900 | + } | |
34901 | + KLIPS_PRINT(debug_rcv, | |
34902 | + "klips_debug:ipsec_rcv: " | |
34903 | + "SA:%s, Another IPSEC header to process.\n", | |
34904 | + irs->sa_len ? irs->sa : " (error)"); | |
34905 | + } else { | |
34906 | + KLIPS_PRINT(debug_rcv, | |
34907 | + "klips_debug:ipsec_rcv: " | |
34908 | + "No ips_inext from this SA:%s.\n", | |
34909 | + irs->sa_len ? irs->sa : " (error)"); | |
34910 | + } | |
34911 | + } | |
34912 | + | |
34913 | +#ifdef CONFIG_KLIPS_IPCOMP | |
34914 | + /* update ipcomp ratio counters, even if no ipcomp packet is present */ | |
34915 | + if (ipsnext | |
34916 | + && ipsnext->ips_said.proto == IPPROTO_COMP | |
34917 | + && ipp->protocol != IPPROTO_COMP) { | |
34918 | + ipsnext->ips_comp_ratio_cbytes += ntohs(ipp->tot_len); | |
34919 | + ipsnext->ips_comp_ratio_dbytes += ntohs(ipp->tot_len); | |
34920 | + } | |
34921 | +#endif /* CONFIG_KLIPS_IPCOMP */ | |
34922 | + | |
34923 | + irs->ipsp->ips_life.ipl_bytes.ipl_count += irs->len; | |
34924 | + irs->ipsp->ips_life.ipl_bytes.ipl_last = irs->len; | |
34925 | + | |
34926 | + if(!irs->ipsp->ips_life.ipl_usetime.ipl_count) { | |
34927 | + irs->ipsp->ips_life.ipl_usetime.ipl_count = jiffies / HZ; | |
34928 | + } | |
34929 | + irs->ipsp->ips_life.ipl_usetime.ipl_last = jiffies / HZ; | |
34930 | + irs->ipsp->ips_life.ipl_packets.ipl_count += 1; | |
34931 | + | |
34932 | +#ifdef CONFIG_NETFILTER | |
34933 | + if(proto == IPPROTO_ESP || proto == IPPROTO_AH) { | |
34934 | + skb->nfmark = (skb->nfmark & (~(IPsecSAref2NFmark(IPSEC_SA_REF_MASK)))) | |
34935 | + | IPsecSAref2NFmark(IPsecSA2SAref(irs->ipsp)); | |
34936 | + KLIPS_PRINT(debug_rcv & DB_RX_PKTRX, | |
34937 | + "klips_debug:ipsec_rcv: " | |
34938 | + "%s SA sets skb->nfmark=0x%x.\n", | |
34939 | + proto == IPPROTO_ESP ? "ESP" : "AH", | |
34940 | + (unsigned)skb->nfmark); | |
34941 | + } | |
34942 | +#endif /* CONFIG_NETFILTER */ | |
34943 | + | |
34944 | + return IPSEC_RCV_OK; | |
34945 | +} | |
34946 | + | |
34947 | + | |
34948 | +/* | |
34949 | + * core decapsulation loop for all protocols. | |
34950 | + * | |
34951 | + * the following things should be setup to enter this function. | |
34952 | + * | |
34953 | + * irs->stats == stats structure (or NULL) | |
34954 | + * irs->ipp = IP header. | |
34955 | + * irs->ipsp = NULL. | |
34956 | + * irs->ilen = 0; | |
34957 | + * irs->authlen = 0; | |
34958 | + * irs->authfuncs = NULL; | |
34959 | + * irs->skb = skb; | |
34960 | + * skb->nh.iph = ipp; | |
34961 | + * skb->h.raw = start of payload | |
34962 | + * | |
34963 | + */ | |
34964 | +int ipsec_rcv_decap(struct ipsec_rcv_state *irs) | |
34965 | +{ | |
34966 | + struct ipsec_sa *ipsp = NULL; | |
34967 | + struct ipsec_sa* ipsnext = NULL; | |
34968 | + struct in_addr ipsaddr; | |
34969 | + struct in_addr ipdaddr; | |
34970 | + struct iphdr *ipp; | |
34971 | + struct sk_buff *skb = NULL; | |
34972 | + | |
34973 | + /* begin decapsulating loop here */ | |
34974 | + | |
34975 | + /* | |
34976 | + The spinlock is to prevent any other process from | |
34977 | + accessing or deleting the ipsec_sa hash table or any of the | |
34978 | + ipsec_sa s while we are using and updating them. | |
34979 | + | |
34980 | + This is not optimal, but was relatively straightforward | |
34981 | + at the time. A better way to do it has been planned for | |
34982 | + more than a year, to lock the hash table and put reference | |
34983 | + counts on each ipsec_sa instead. This is not likely to happen | |
34984 | + in KLIPS1 unless a volunteer contributes it, but will be | |
34985 | + designed into KLIPS2. | |
34986 | + */ | |
34987 | + spin_lock(&tdb_lock); | |
34988 | + | |
34989 | + do { | |
34990 | + int decap_stat; | |
34991 | + struct xform_functions *proto_funcs; | |
34992 | + | |
34993 | + switch(irs->ipp->protocol) { | |
34994 | + case IPPROTO_ESP: | |
34995 | + proto_funcs = esp_xform_funcs; | |
34996 | + break; | |
34997 | + | |
34998 | +#ifdef CONFIG_KLIPS_AH | |
34999 | + case IPPROTO_AH: | |
35000 | + proto_funcs = ah_xform_funcs; | |
35001 | + break; | |
35002 | +#endif /* !CONFIG_KLIPS_AH */ | |
35003 | + | |
35004 | +#ifdef CONFIG_KLIPS_IPCOMP | |
35005 | + case IPPROTO_COMP: | |
35006 | + proto_funcs = ipcomp_xform_funcs; | |
35007 | + break; | |
35008 | +#endif /* !CONFIG_KLIPS_IPCOMP */ | |
35009 | + default: | |
35010 | + if(irs->stats) { | |
35011 | + irs->stats->rx_errors++; | |
35012 | + } | |
35013 | + decap_stat = IPSEC_RCV_BADPROTO; | |
35014 | + goto rcvleave; | |
35015 | + } | |
35016 | + | |
35017 | + decap_stat = ipsec_rcv_decap_once(irs, proto_funcs); | |
35018 | + | |
35019 | + if(decap_stat != IPSEC_RCV_OK) { | |
35020 | + spin_unlock(&tdb_lock); | |
35021 | + KLIPS_PRINT(debug_rcv, | |
35022 | + "klips_debug:ipsec_rcv: decap_once failed: %d\n", | |
35023 | + decap_stat); | |
35024 | + | |
35025 | + goto rcvleave; | |
35026 | + } | |
35027 | + /* end decapsulation loop here */ | |
35028 | + } while( (irs->ipp->protocol == IPPROTO_ESP ) | |
35029 | + || (irs->ipp->protocol == IPPROTO_AH ) | |
35030 | +#ifdef CONFIG_KLIPS_IPCOMP | |
35031 | + || (irs->ipp->protocol == IPPROTO_COMP) | |
35032 | +#endif /* CONFIG_KLIPS_IPCOMP */ | |
35033 | + ); | |
35034 | + | |
35035 | + /* set up for decap loop */ | |
35036 | + ipp =irs->ipp; | |
35037 | + ipsp =irs->ipsp; | |
35038 | + ipsnext = ipsp->ips_inext; | |
35039 | + skb = irs->skb; | |
35040 | + | |
35041 | + /* if there is an IPCOMP, but we don't have an IPPROTO_COMP, | |
35042 | + * then we can just skip it | |
35043 | + */ | |
35044 | +#ifdef CONFIG_KLIPS_IPCOMP | |
35045 | + if(ipsnext && ipsnext->ips_said.proto == IPPROTO_COMP) { | |
35046 | + ipsp = ipsnext; | |
35047 | + ipsnext = ipsp->ips_inext; | |
35048 | + } | |
35049 | +#endif /* CONFIG_KLIPS_IPCOMP */ | |
35050 | + | |
35051 | +#ifdef CONFIG_IPSEC_NAT_TRAVERSAL | |
35052 | + if ((irs->natt_type) && (ipp->protocol != IPPROTO_IPIP)) { | |
35053 | + /** | |
35054 | + * NAT-Traversal and Transport Mode: | |
35055 | + * we need to correct TCP/UDP checksum | |
35056 | + * | |
35057 | + * If we've got NAT-OA, we can fix checksum without recalculation. | |
35058 | + */ | |
35059 | + __u32 natt_oa = ipsp->ips_natt_oa ? | |
35060 | + ((struct sockaddr_in*)(ipsp->ips_natt_oa))->sin_addr.s_addr : 0; | |
35061 | + __u16 pkt_len = skb->tail - (unsigned char *)ipp; | |
35062 | + __u16 data_len = pkt_len - (ipp->ihl << 2); | |
35063 | + | |
35064 | + switch (ipp->protocol) { | |
35065 | + case IPPROTO_TCP: | |
35066 | + if (data_len >= sizeof(struct tcphdr)) { | |
35067 | + struct tcphdr *tcp = skb->h.th; | |
35068 | + if (natt_oa) { | |
35069 | + __u32 buff[2] = { ~natt_oa, ipp->saddr }; | |
35070 | + KLIPS_PRINT(debug_rcv, | |
35071 | + "klips_debug:ipsec_rcv: " | |
35072 | + "NAT-T & TRANSPORT: " | |
35073 | + "fix TCP checksum using NAT-OA\n"); | |
35074 | + tcp->check = csum_fold( | |
35075 | + csum_partial((unsigned char *)buff, sizeof(buff), | |
35076 | + tcp->check^0xffff)); | |
35077 | + } | |
35078 | + else { | |
35079 | + KLIPS_PRINT(debug_rcv, | |
35080 | + "klips_debug:ipsec_rcv: " | |
35081 | + "NAT-T & TRANSPORT: recalc TCP checksum\n"); | |
35082 | + if (pkt_len > (ntohs(ipp->tot_len))) | |
35083 | + data_len -= (pkt_len - ntohs(ipp->tot_len)); | |
35084 | + tcp->check = 0; | |
35085 | + tcp->check = csum_tcpudp_magic(ipp->saddr, ipp->daddr, | |
35086 | + data_len, IPPROTO_TCP, | |
35087 | + csum_partial((unsigned char *)tcp, data_len, 0)); | |
35088 | + } | |
35089 | + } | |
35090 | + else { | |
35091 | + KLIPS_PRINT(debug_rcv, | |
35092 | + "klips_debug:ipsec_rcv: " | |
35093 | + "NAT-T & TRANSPORT: can't fix TCP checksum\n"); | |
35094 | + } | |
35095 | + break; | |
35096 | + case IPPROTO_UDP: | |
35097 | + if (data_len >= sizeof(struct udphdr)) { | |
35098 | + struct udphdr *udp = skb->h.uh; | |
35099 | + if (udp->check == 0) { | |
35100 | + KLIPS_PRINT(debug_rcv, | |
35101 | + "klips_debug:ipsec_rcv: " | |
35102 | + "NAT-T & TRANSPORT: UDP checksum already 0\n"); | |
35103 | + } | |
35104 | + else if (natt_oa) { | |
35105 | + __u32 buff[2] = { ~natt_oa, ipp->saddr }; | |
35106 | + KLIPS_PRINT(debug_rcv, | |
35107 | + "klips_debug:ipsec_rcv: " | |
35108 | + "NAT-T & TRANSPORT: " | |
35109 | + "fix UDP checksum using NAT-OA\n"); | |
35110 | + udp->check = csum_fold( | |
35111 | + csum_partial((unsigned char *)buff, sizeof(buff), | |
35112 | + udp->check^0xffff)); | |
35113 | + } | |
35114 | + else { | |
35115 | + KLIPS_PRINT(debug_rcv, | |
35116 | + "klips_debug:ipsec_rcv: " | |
35117 | + "NAT-T & TRANSPORT: zero UDP checksum\n"); | |
35118 | + udp->check = 0; | |
35119 | + } | |
35120 | + } | |
35121 | + else { | |
35122 | + KLIPS_PRINT(debug_rcv, | |
35123 | + "klips_debug:ipsec_rcv: " | |
35124 | + "NAT-T & TRANSPORT: can't fix UDP checksum\n"); | |
35125 | + } | |
35126 | + break; | |
35127 | + default: | |
35128 | + KLIPS_PRINT(debug_rcv, | |
35129 | + "klips_debug:ipsec_rcv: " | |
35130 | + "NAT-T & TRANSPORT: non TCP/UDP packet -- do nothing\n"); | |
35131 | + break; | |
35132 | + } | |
35133 | + } | |
35134 | +#endif | |
35135 | + | |
35136 | + /* | |
35137 | + * XXX this needs to be locked from when it was first looked | |
35138 | + * up in the decapsulation loop. Perhaps it is better to put | |
35139 | + * the IPIP decap inside the loop. | |
35140 | + */ | |
35141 | + if(ipsnext) { | |
35142 | + ipsp = ipsnext; | |
35143 | + irs->sa_len = satot(&irs->said, 0, irs->sa, sizeof(irs->sa)); | |
35144 | + if((ipp->protocol != IPPROTO_IPIP) && | |
35145 | + (ipp->protocol != IPPROTO_ATT_HEARTBEAT)) { /* AT&T heartbeats to SIG/GIG */ | |
35146 | + spin_unlock(&tdb_lock); | |
35147 | + KLIPS_PRINT(debug_rcv, | |
35148 | + "klips_debug:ipsec_rcv: " | |
35149 | + "SA:%s, Hey! How did this get through? Dropped.\n", | |
35150 | + irs->sa_len ? irs->sa : " (error)"); | |
35151 | + if(irs->stats) { | |
35152 | + irs->stats->rx_dropped++; | |
35153 | + } | |
35154 | + goto rcvleave; | |
35155 | + } | |
35156 | + if(sysctl_ipsec_inbound_policy_check) { | |
35157 | + struct sockaddr_in *psin = (struct sockaddr_in*)(ipsp->ips_addr_s); | |
35158 | + if((ipsnext = ipsp->ips_inext)) { | |
35159 | + char sa2[SATOT_BUF]; | |
35160 | + size_t sa_len2; | |
35161 | + sa_len2 = satot(&ipsnext->ips_said, 0, sa2, sizeof(sa2)); | |
35162 | + spin_unlock(&tdb_lock); | |
35163 | + KLIPS_PRINT(debug_rcv, | |
35164 | + "klips_debug:ipsec_rcv: " | |
35165 | + "unexpected SA:%s after IPIP SA:%s\n", | |
35166 | + sa_len2 ? sa2 : " (error)", | |
35167 | + irs->sa_len ? irs->sa : " (error)"); | |
35168 | + if(irs->stats) { | |
35169 | + irs->stats->rx_dropped++; | |
35170 | + } | |
35171 | + goto rcvleave; | |
35172 | + } | |
35173 | + if(ipp->saddr != psin->sin_addr.s_addr) { | |
35174 | + spin_unlock(&tdb_lock); | |
35175 | + KLIPS_PRINT(debug_rcv, | |
35176 | + "klips_debug:ipsec_rcv: " | |
35177 | + "SA:%s, src=%s(%08x) does match expected 0x%08x.\n", | |
35178 | + irs->sa_len ? irs->sa : " (error)", | |
35179 | + irs->ipsaddr_txt, | |
35180 | + ipp->saddr, psin->sin_addr.s_addr); | |
35181 | + if(irs->stats) { | |
35182 | + irs->stats->rx_dropped++; | |
35183 | + } | |
35184 | + goto rcvleave; | |
35185 | + } | |
35186 | + } | |
35187 | + | |
35188 | + if(ipp->protocol == IPPROTO_IPIP) /* added to support AT&T heartbeats to SIG/GIG */ | |
35189 | + { | |
35190 | + /* | |
35191 | + * XXX this needs to be locked from when it was first looked | |
35192 | + * up in the decapsulation loop. Perhaps it is better to put | |
35193 | + * the IPIP decap inside the loop. | |
35194 | + */ | |
35195 | + ipsp->ips_life.ipl_bytes.ipl_count += skb->len; | |
35196 | + ipsp->ips_life.ipl_bytes.ipl_last = skb->len; | |
35197 | + | |
35198 | + if(!ipsp->ips_life.ipl_usetime.ipl_count) { | |
35199 | + ipsp->ips_life.ipl_usetime.ipl_count = jiffies / HZ; | |
35200 | + } | |
35201 | + ipsp->ips_life.ipl_usetime.ipl_last = jiffies / HZ; | |
35202 | + ipsp->ips_life.ipl_packets.ipl_count += 1; | |
35203 | + | |
35204 | + if(skb->len < irs->iphlen) { | |
35205 | + spin_unlock(&tdb_lock); | |
35206 | + printk(KERN_WARNING "klips_debug:ipsec_rcv: " | |
35207 | + "tried to skb_pull iphlen=%d, %d available. This should never happen, please report.\n", | |
35208 | + irs->iphlen, | |
35209 | + (int)(skb->len)); | |
35210 | + | |
35211 | + goto rcvleave; | |
35212 | + } | |
35213 | + | |
35214 | + /* | |
35215 | + * we need to pull up by size of IP header, | |
35216 | + * options, but also by any UDP/ESP encap there might | |
35217 | + * have been, and this deals with all cases. | |
35218 | + */ | |
35219 | + skb_pull(skb, (skb->h.raw - skb->nh.raw)); | |
35220 | + | |
35221 | + /* new L3 header is where L4 payload was */ | |
35222 | + skb->nh.raw = skb->h.raw; | |
35223 | + | |
35224 | + /* now setup new L4 payload location */ | |
35225 | + ipp = (struct iphdr *)skb->nh.raw; | |
35226 | + skb->h.raw = skb->nh.raw + (ipp->ihl << 2); | |
35227 | + | |
35228 | + | |
35229 | + /* remove any saved options that we might have, | |
35230 | + * since we have a new IP header. | |
35231 | + */ | |
35232 | + memset(&(IPCB(skb)->opt), 0, sizeof(struct ip_options)); | |
35233 | + | |
35234 | +#if 0 | |
35235 | + KLIPS_PRINT(debug_rcv, "csum: %d\n", ip_fast_csum((u8 *)ipp, ipp->ihl)); | |
35236 | +#endif | |
35237 | + | |
35238 | + /* re-do any strings for debugging */ | |
35239 | + ipsaddr.s_addr = ipp->saddr; | |
35240 | + addrtoa(ipsaddr, 0, irs->ipsaddr_txt, sizeof(irs->ipsaddr_txt)); | |
35241 | + ipdaddr.s_addr = ipp->daddr; | |
35242 | + addrtoa(ipdaddr, 0, irs->ipdaddr_txt, sizeof(irs->ipdaddr_txt)); | |
35243 | + | |
35244 | + skb->protocol = htons(ETH_P_IP); | |
35245 | + skb->ip_summed = 0; | |
35246 | + KLIPS_PRINT(debug_rcv & DB_RX_PKTRX, | |
35247 | + "klips_debug:ipsec_rcv: " | |
35248 | + "IPIP tunnel stripped.\n"); | |
35249 | + KLIPS_IP_PRINT(debug_rcv & DB_RX_PKTRX, ipp); | |
35250 | + } | |
35251 | + | |
35252 | + if(sysctl_ipsec_inbound_policy_check | |
35253 | + /* | |
35254 | + Note: "xor" (^) logically replaces "not equal" | |
35255 | + (!=) and "bitwise or" (|) logically replaces | |
35256 | + "boolean or" (||). This is done to speed up | |
35257 | + execution by doing only bitwise operations and | |
35258 | + no branch operations | |
35259 | + */ | |
35260 | + && (((ipp->saddr & ipsp->ips_mask_s.u.v4.sin_addr.s_addr) | |
35261 | + ^ ipsp->ips_flow_s.u.v4.sin_addr.s_addr) | |
35262 | + | ((ipp->daddr & ipsp->ips_mask_d.u.v4.sin_addr.s_addr) | |
35263 | + ^ ipsp->ips_flow_d.u.v4.sin_addr.s_addr)) ) | |
35264 | + { | |
35265 | + char sflow_txt[SUBNETTOA_BUF], dflow_txt[SUBNETTOA_BUF]; | |
35266 | + | |
35267 | + subnettoa(ipsp->ips_flow_s.u.v4.sin_addr, | |
35268 | + ipsp->ips_mask_s.u.v4.sin_addr, | |
35269 | + 0, sflow_txt, sizeof(sflow_txt)); | |
35270 | + subnettoa(ipsp->ips_flow_d.u.v4.sin_addr, | |
35271 | + ipsp->ips_mask_d.u.v4.sin_addr, | |
35272 | + 0, dflow_txt, sizeof(dflow_txt)); | |
35273 | + spin_unlock(&tdb_lock); | |
35274 | + KLIPS_PRINT(debug_rcv, | |
35275 | + "klips_debug:ipsec_rcv: " | |
35276 | + "SA:%s, inner tunnel policy [%s -> %s] does not agree with pkt contents [%s -> %s].\n", | |
35277 | + irs->sa_len ? irs->sa : " (error)", | |
35278 | + sflow_txt, | |
35279 | + dflow_txt, | |
35280 | + irs->ipsaddr_txt, | |
35281 | + irs->ipdaddr_txt); | |
35282 | + if(irs->stats) { | |
35283 | + irs->stats->rx_dropped++; | |
35284 | + } | |
35285 | + goto rcvleave; | |
35286 | + } | |
35287 | +#ifdef CONFIG_NETFILTER | |
35288 | + skb->nfmark = (skb->nfmark & (~(IPsecSAref2NFmark(IPSEC_SA_REF_TABLE_MASK)))) | |
35289 | + | IPsecSAref2NFmark(IPsecSA2SAref(ipsp)); | |
35290 | + KLIPS_PRINT(debug_rcv & DB_RX_PKTRX, | |
35291 | + "klips_debug:ipsec_rcv: " | |
35292 | + "IPIP SA sets skb->nfmark=0x%x.\n", | |
35293 | + (unsigned)skb->nfmark); | |
35294 | +#endif /* CONFIG_NETFILTER */ | |
35295 | + } | |
35296 | + | |
35297 | + spin_unlock(&tdb_lock); | |
35298 | + | |
35299 | + if(irs->stats) { | |
35300 | + irs->stats->rx_bytes += skb->len; | |
35301 | + } | |
35302 | + if(skb->dst) { | |
35303 | + dst_release(skb->dst); | |
35304 | + skb->dst = NULL; | |
35305 | + } | |
35306 | + skb->pkt_type = PACKET_HOST; | |
35307 | + if(irs->hard_header_len && | |
35308 | + (skb->mac.raw != (skb->nh.raw - irs->hard_header_len)) && | |
35309 | + (irs->hard_header_len <= skb_headroom(skb))) { | |
35310 | + /* copy back original MAC header */ | |
35311 | + memmove(skb->nh.raw - irs->hard_header_len, | |
35312 | + skb->mac.raw, irs->hard_header_len); | |
35313 | + skb->mac.raw = skb->nh.raw - irs->hard_header_len; | |
35314 | + } | |
35315 | + | |
35316 | +#ifdef CONFIG_KLIPS_IPCOMP | |
35317 | + if(ipp->protocol == IPPROTO_COMP) { | |
35318 | + unsigned int flags = 0; | |
35319 | + | |
35320 | + if(sysctl_ipsec_inbound_policy_check) { | |
35321 | + KLIPS_PRINT(debug_rcv & DB_RX_PKTRX, | |
35322 | + "klips_debug:ipsec_rcv: " | |
35323 | + "inbound policy checking enabled, IPCOMP follows IPIP, dropped.\n"); | |
35324 | + if (irs->stats) { | |
35325 | + irs->stats->rx_errors++; | |
35326 | + } | |
35327 | + goto rcvleave; | |
35328 | + } | |
35329 | + /* | |
35330 | + XXX need a ipsec_sa for updating ratio counters but it is not | |
35331 | + following policy anyways so it is not a priority | |
35332 | + */ | |
35333 | + skb = skb_decompress(skb, NULL, &flags); | |
35334 | + if (!skb || flags) { | |
35335 | + KLIPS_PRINT(debug_rcv & DB_RX_PKTRX, | |
35336 | + "klips_debug:ipsec_rcv: " | |
35337 | + "skb_decompress() returned error flags: %d, dropped.\n", | |
35338 | + flags); | |
35339 | + if (irs->stats) { | |
35340 | + irs->stats->rx_errors++; | |
35341 | + } | |
35342 | + goto rcvleave; | |
35343 | + } | |
35344 | + } | |
35345 | +#endif /* CONFIG_KLIPS_IPCOMP */ | |
35346 | + | |
35347 | + /* | |
35348 | + * make sure that data now starts at IP header, since we are going | |
35349 | + * to pass this back to ip_input (aka netif_rx). Rules for what the | |
35350 | + * pointers wind up a different for 2.6 vs 2.4, so we just fudge it here. | |
35351 | + */ | |
35352 | +#ifdef NET_26 | |
35353 | + skb->data = skb_push(skb, skb->h.raw - skb->nh.raw); | |
35354 | +#else | |
35355 | + skb->data = skb->nh.raw; | |
35356 | + { | |
35357 | + struct iphdr *iph = skb->nh.iph; | |
35358 | + int len = ntohs(iph->tot_len); | |
35359 | + skb->len = len; | |
35360 | + } | |
35361 | +#endif | |
35362 | + | |
35363 | +#ifdef SKB_RESET_NFCT | |
35364 | + nf_conntrack_put(skb->nfct); | |
35365 | + skb->nfct = NULL; | |
35366 | +#if defined(CONFIG_NETFILTER_DEBUG) && defined(HAVE_SKB_NF_DEBUG) | |
35367 | + skb->nf_debug = 0; | |
35368 | +#endif /* CONFIG_NETFILTER_DEBUG */ | |
35369 | +#endif /* SKB_RESET_NFCT */ | |
35370 | + KLIPS_PRINT(debug_rcv & DB_RX_PKTRX, | |
35371 | + "klips_debug:ipsec_rcv: " | |
35372 | + "netif_rx() called.\n"); | |
35373 | + netif_rx(skb); | |
35374 | + skb=NULL; | |
35375 | + | |
35376 | + rcvleave: | |
35377 | + if(skb) { | |
35378 | + ipsec_kfree_skb(skb); | |
35379 | + } | |
35380 | + | |
35381 | + /* KLIPS_DEC_USE; Artifact from refactor? bug # 454 */ | |
35382 | + return(0); | |
35383 | +} | |
35384 | + | |
35385 | +struct sk_buff *ipsec_rcv_unclone(struct sk_buff *skb, | |
35386 | + struct ipsec_rcv_state *irs) | |
35387 | +{ | |
35388 | + /* if skb was cloned (most likely due to a packet sniffer such as | |
35389 | + tcpdump being momentarily attached to the interface), make | |
35390 | + a copy of our own to modify */ | |
35391 | + if(skb_cloned(skb)) { | |
35392 | + /* include any mac header while copying.. */ | |
35393 | + if(skb_headroom(skb) < irs->hard_header_len) { | |
35394 | + printk(KERN_WARNING "klips_error:ipsec_rcv: " | |
35395 | + "tried to skb_push hhlen=%d, %d available. This should never happen, please report.\n", | |
35396 | + irs->hard_header_len, | |
35397 | + skb_headroom(skb)); | |
35398 | + goto rcvleave; | |
35399 | + } | |
35400 | + skb_push(skb, irs->hard_header_len); | |
35401 | + if | |
35402 | +#ifdef SKB_COW_NEW | |
35403 | + (skb_cow(skb, skb_headroom(skb)) != 0) | |
35404 | +#else /* SKB_COW_NEW */ | |
35405 | + ((skb = skb_cow(skb, skb_headroom(skb))) == NULL) | |
35406 | +#endif /* SKB_COW_NEW */ | |
35407 | + { | |
35408 | + goto rcvleave; | |
35409 | + } | |
35410 | + if(skb->len < irs->hard_header_len) { | |
35411 | + printk(KERN_WARNING "klips_error:ipsec_rcv: " | |
35412 | + "tried to skb_pull hhlen=%d, %d available. This should never happen, please report.\n", | |
35413 | + irs->hard_header_len, | |
35414 | + skb->len); | |
35415 | + goto rcvleave; | |
35416 | + } | |
35417 | + skb_pull(skb, irs->hard_header_len); | |
35418 | + } | |
35419 | + return skb; | |
35420 | + | |
35421 | +rcvleave: | |
35422 | + ipsec_kfree_skb(skb); | |
35423 | + return NULL; | |
35424 | +} | |
35425 | + | |
35426 | + | |
35427 | +#if !defined(NET_26) && defined(CONFIG_IPSEC_NAT_TRAVERSAL) | |
35428 | +/* | |
35429 | + * decapsulate a UDP encapsulated ESP packet | |
35430 | + */ | |
35431 | +struct sk_buff *ipsec_rcv_natt_decap(struct sk_buff *skb | |
35432 | + , struct ipsec_rcv_state *irs | |
35433 | + , int *udp_decap_ret_p) | |
35434 | +{ | |
35435 | + *udp_decap_ret_p = 0; | |
35436 | + if (skb->sk && skb->nh.iph && skb->nh.iph->protocol==IPPROTO_UDP) { | |
35437 | + /** | |
35438 | + * Packet comes from udp_queue_rcv_skb so it is already defrag, | |
35439 | + * checksum verified, ... (ie safe to use) | |
35440 | + * | |
35441 | + * If the packet is not for us, return -1 and udp_queue_rcv_skb | |
35442 | + * will continue to handle it (do not kfree skb !!). | |
35443 | + */ | |
35444 | + | |
35445 | +#ifndef UDP_OPT_IN_SOCK | |
35446 | + struct udp_opt { | |
35447 | + __u32 esp_in_udp; | |
35448 | + }; | |
35449 | + struct udp_opt *tp = (struct udp_opt *)&(skb->sk->tp_pinfo.af_tcp); | |
35450 | +#else | |
35451 | + struct udp_opt *tp = &(skb->sk->tp_pinfo.af_udp); | |
35452 | +#endif | |
35453 | + | |
35454 | + struct iphdr *ip = (struct iphdr *)skb->nh.iph; | |
35455 | + struct udphdr *udp = (struct udphdr *)((__u32 *)ip+ip->ihl); | |
35456 | + __u8 *udpdata = (__u8 *)udp + sizeof(struct udphdr); | |
35457 | + __u32 *udpdata32 = (__u32 *)udpdata; | |
35458 | + | |
35459 | + irs->natt_sport = ntohs(udp->source); | |
35460 | + irs->natt_dport = ntohs(udp->dest); | |
35461 | + | |
35462 | + KLIPS_PRINT(debug_rcv, | |
35463 | + "klips_debug:ipsec_rcv: " | |
35464 | + "suspected ESPinUDP packet (NAT-Traversal) [%d].\n", | |
35465 | + tp->esp_in_udp); | |
35466 | + KLIPS_IP_PRINT(debug_rcv, ip); | |
35467 | + | |
35468 | + if (udpdata < skb->tail) { | |
35469 | + unsigned int len = skb->tail - udpdata; | |
35470 | + if ((len==1) && (udpdata[0]==0xff)) { | |
35471 | + KLIPS_PRINT(debug_rcv, | |
35472 | + "klips_debug:ipsec_rcv: " | |
35473 | + /* not IPv6 compliant message */ | |
35474 | + "NAT-keepalive from %d.%d.%d.%d.\n", NIPQUAD(ip->saddr)); | |
35475 | + *udp_decap_ret_p = 0; | |
35476 | + return NULL; | |
35477 | + } | |
35478 | + else if ( (tp->esp_in_udp == ESPINUDP_WITH_NON_IKE) && | |
35479 | + (len > (2*sizeof(__u32) + sizeof(struct esphdr))) && | |
35480 | + (udpdata32[0]==0) && (udpdata32[1]==0) ) { | |
35481 | + /* ESP Packet with Non-IKE header */ | |
35482 | + KLIPS_PRINT(debug_rcv, | |
35483 | + "klips_debug:ipsec_rcv: " | |
35484 | + "ESPinUDP pkt with Non-IKE - spi=0x%x\n", | |
35485 | + ntohl(udpdata32[2])); | |
35486 | + irs->natt_type = ESPINUDP_WITH_NON_IKE; | |
35487 | + irs->natt_len = sizeof(struct udphdr)+(2*sizeof(__u32)); | |
35488 | + } | |
35489 | + else if ( (tp->esp_in_udp == ESPINUDP_WITH_NON_ESP) && | |
35490 | + (len > sizeof(struct esphdr)) && | |
35491 | + (udpdata32[0]!=0) ) { | |
35492 | + /* ESP Packet without Non-ESP header */ | |
35493 | + irs->natt_type = ESPINUDP_WITH_NON_ESP; | |
35494 | + irs->natt_len = sizeof(struct udphdr); | |
35495 | + KLIPS_PRINT(debug_rcv, | |
35496 | + "klips_debug:ipsec_rcv: " | |
35497 | + "ESPinUDP pkt without Non-ESP - spi=0x%x\n", | |
35498 | + ntohl(udpdata32[0])); | |
35499 | + } | |
35500 | + else { | |
35501 | + KLIPS_PRINT(debug_rcv, | |
35502 | + "klips_debug:ipsec_rcv: " | |
35503 | + "IKE packet - not handled here\n"); | |
35504 | + *udp_decap_ret_p = -1; | |
35505 | + return NULL; | |
35506 | + } | |
35507 | + } | |
35508 | + else { | |
35509 | + return NULL; | |
35510 | + } | |
35511 | + } | |
35512 | + return skb; | |
35513 | +} | |
35514 | +#endif | |
35515 | + | |
35516 | + | |
35517 | +int | |
35518 | +ipsec_rcv(struct sk_buff *skb | |
35519 | +#ifndef PROTO_HANDLER_SINGLE_PARM | |
35520 | + unsigned short xlen | |
35521 | +#endif /* PROTO_HANDLER_SINGLE_PARM */ | |
35522 | + ) | |
35523 | +{ | |
35524 | +#ifdef CONFIG_KLIPS_DEBUG | |
35525 | + struct net_device *dev = skb->dev; | |
35526 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
35527 | + unsigned char protoc; | |
35528 | + struct net_device_stats *stats = NULL; /* This device's statistics */ | |
35529 | + struct net_device *ipsecdev = NULL, *prvdev; | |
35530 | + struct ipsecpriv *prv; | |
35531 | + struct ipsec_rcv_state nirs, *irs = &nirs; | |
35532 | + struct iphdr *ipp; | |
35533 | + char name[9]; | |
35534 | + int i; | |
35535 | + | |
35536 | + /* Don't unlink in the middle of a turnaround */ | |
35537 | + KLIPS_INC_USE; | |
35538 | + | |
35539 | + memset(&nirs, 0, sizeof(struct ipsec_rcv_state)); | |
35540 | + | |
35541 | + if (skb == NULL) { | |
35542 | + KLIPS_PRINT(debug_rcv, | |
35543 | + "klips_debug:ipsec_rcv: " | |
35544 | + "NULL skb passed in.\n"); | |
35545 | + goto rcvleave; | |
35546 | + } | |
35547 | + | |
35548 | + if (skb->data == NULL) { | |
35549 | + KLIPS_PRINT(debug_rcv, | |
35550 | + "klips_debug:ipsec_rcv: " | |
35551 | + "NULL skb->data passed in, packet is bogus, dropping.\n"); | |
35552 | + goto rcvleave; | |
35553 | + } | |
35554 | + | |
35555 | +#if defined(CONFIG_IPSEC_NAT_TRAVERSAL) && !defined(NET_26) | |
35556 | + { | |
35557 | + /* NET_26 NAT-T is handled by seperate function */ | |
35558 | + struct sk_buff *nskb; | |
35559 | + int udp_decap_ret = 0; | |
35560 | + | |
35561 | + nskb = ipsec_rcv_natt_decap(skb, irs, &udp_decap_ret); | |
35562 | + if(nskb == NULL) { | |
35563 | + /* return with non-zero, because UDP.c code | |
35564 | + * need to send it upstream. | |
35565 | + */ | |
35566 | + if(skb && udp_decap_ret == 0) { | |
35567 | + ipsec_kfree_skb(skb); | |
35568 | + } | |
35569 | + KLIPS_DEC_USE; | |
35570 | + return(udp_decap_ret); | |
35571 | + } | |
35572 | + skb = nskb; | |
35573 | + } | |
35574 | +#endif /* NAT_T */ | |
35575 | + | |
35576 | + /* dev->hard_header_len is unreliable and should not be used */ | |
35577 | + irs->hard_header_len = skb->mac.raw ? (skb->nh.raw - skb->mac.raw) : 0; | |
35578 | + if((irs->hard_header_len < 0) || (irs->hard_header_len > skb_headroom(skb))) | |
35579 | + irs->hard_header_len = 0; | |
35580 | + | |
35581 | + skb = ipsec_rcv_unclone(skb, irs); | |
35582 | + if(skb == NULL) { | |
35583 | + goto rcvleave; | |
35584 | + } | |
35585 | + | |
35586 | +#if IP_FRAGMENT_LINEARIZE | |
35587 | + /* In Linux 2.4.4, we may have to reassemble fragments. They are | |
35588 | + not assembled automatically to save TCP from having to copy | |
35589 | + twice. | |
35590 | + */ | |
35591 | + if (skb_is_nonlinear(skb)) { | |
35592 | +#ifdef HAVE_NEW_SKB_LINEARIZE | |
35593 | + if (skb_linearize_cow(skb) != 0) | |
35594 | +#else | |
35595 | + if (skb_linearize(skb, GFP_ATOMIC) != 0) | |
35596 | +#endif | |
35597 | + { | |
35598 | + goto rcvleave; | |
35599 | + } | |
35600 | + } | |
35601 | +#endif /* IP_FRAGMENT_LINEARIZE */ | |
35602 | + | |
35603 | +#if defined(CONFIG_IPSEC_NAT_TRAVERSAL) && !defined(NET_26) | |
35604 | + if (irs->natt_len) { | |
35605 | + /** | |
35606 | + * Now, we are sure packet is ESPinUDP, and we have a private | |
35607 | + * copy that has been linearized, remove natt_len bytes | |
35608 | + * from packet and modify protocol to ESP. | |
35609 | + */ | |
35610 | + if (((unsigned char *)skb->data > (unsigned char *)skb->nh.iph) | |
35611 | + && ((unsigned char *)skb->nh.iph > (unsigned char *)skb->head)) | |
35612 | + { | |
35613 | + unsigned int _len = (unsigned char *)skb->data - | |
35614 | + (unsigned char *)skb->nh.iph; | |
35615 | + KLIPS_PRINT(debug_rcv, | |
35616 | + "klips_debug:ipsec_rcv: adjusting skb: skb_push(%u)\n", | |
35617 | + _len); | |
35618 | + skb_push(skb, _len); | |
35619 | + } | |
35620 | + KLIPS_PRINT(debug_rcv, | |
35621 | + "klips_debug:ipsec_rcv: " | |
35622 | + "removing %d bytes from ESPinUDP packet\n", irs->natt_len); | |
35623 | + ipp = skb->nh.iph; | |
35624 | + irs->iphlen = ipp->ihl << 2; | |
35625 | + ipp->tot_len = htons(ntohs(ipp->tot_len) - irs->natt_len); | |
35626 | + if (skb->len < irs->iphlen + irs->natt_len) { | |
35627 | + printk(KERN_WARNING | |
35628 | + "klips_error:ipsec_rcv: " | |
35629 | + "ESPinUDP packet is too small (%d < %d+%d). " | |
35630 | + "This should never happen, please report.\n", | |
35631 | + (int)(skb->len), irs->iphlen, irs->natt_len); | |
35632 | + goto rcvleave; | |
35633 | + } | |
35634 | + | |
35635 | + /* advance payload pointer to point past the UDP header */ | |
35636 | + skb->h.raw = skb->h.raw + irs->natt_len; | |
35637 | + | |
35638 | + /* modify protocol */ | |
35639 | + ipp->protocol = IPPROTO_ESP; | |
35640 | + | |
35641 | + skb->sk = NULL; | |
35642 | + | |
35643 | + KLIPS_IP_PRINT(debug_rcv, skb->nh.iph); | |
35644 | + } | |
35645 | +#endif | |
35646 | + | |
35647 | + ipp = skb->nh.iph; | |
35648 | + | |
35649 | + { | |
35650 | + struct in_addr ipsaddr; | |
35651 | + struct in_addr ipdaddr; | |
35652 | + | |
35653 | + ipsaddr.s_addr = ipp->saddr; | |
35654 | + addrtoa(ipsaddr, 0, irs->ipsaddr_txt | |
35655 | + , sizeof(irs->ipsaddr_txt)); | |
35656 | + ipdaddr.s_addr = ipp->daddr; | |
35657 | + addrtoa(ipdaddr, 0, irs->ipdaddr_txt | |
35658 | + , sizeof(irs->ipdaddr_txt)); | |
35659 | + } | |
35660 | + | |
35661 | + irs->iphlen = ipp->ihl << 2; | |
35662 | + | |
35663 | + KLIPS_PRINT(debug_rcv, | |
35664 | + "klips_debug:ipsec_rcv: " | |
35665 | + "<<< Info -- "); | |
35666 | + KLIPS_PRINTMORE(debug_rcv && skb->dev, "skb->dev=%s ", | |
35667 | + skb->dev->name ? skb->dev->name : "NULL"); | |
35668 | + KLIPS_PRINTMORE(debug_rcv && dev, "dev=%s ", | |
35669 | + dev->name ? dev->name : "NULL"); | |
35670 | + KLIPS_PRINTMORE(debug_rcv, "\n"); | |
35671 | + | |
35672 | + KLIPS_PRINT(debug_rcv && !(skb->dev && dev && (skb->dev == dev)), | |
35673 | + "klips_debug:ipsec_rcv: " | |
35674 | + "Informational -- **if this happens, find out why** skb->dev:%s is not equal to dev:%s\n", | |
35675 | + skb->dev ? (skb->dev->name ? skb->dev->name : "NULL") : "NULL", | |
35676 | + dev ? (dev->name ? dev->name : "NULL") : "NULL"); | |
35677 | + | |
35678 | + protoc = ipp->protocol; | |
35679 | +#ifndef NET_21 | |
35680 | + if((!protocol) || (protocol->protocol != protoc)) { | |
35681 | + KLIPS_PRINT(debug_rcv & DB_RX_IPSA, | |
35682 | + "klips_debug:ipsec_rcv: " | |
35683 | + "protocol arg is NULL or unequal to the packet contents, this is odd, using value in packet.\n"); | |
35684 | + } | |
35685 | +#endif /* !NET_21 */ | |
35686 | + | |
35687 | + if( (protoc != IPPROTO_AH) && | |
35688 | +#ifdef CONFIG_KLIPS_IPCOMP_disabled_until_we_register_IPCOMP_HANDLER | |
35689 | + (protoc != IPPROTO_COMP) && | |
35690 | +#endif /* CONFIG_KLIPS_IPCOMP */ | |
35691 | + (protoc != IPPROTO_ESP) ) { | |
35692 | + KLIPS_PRINT(debug_rcv & DB_RX_IPSA, | |
35693 | + "klips_debug:ipsec_rcv: Why the hell is someone " | |
35694 | + "passing me a non-ipsec protocol = %d packet? -- dropped.\n", | |
35695 | + protoc); | |
35696 | + goto rcvleave; | |
35697 | + } | |
35698 | + | |
35699 | + if(skb->dev) { | |
35700 | + for(i = 0; i < IPSEC_NUM_IF; i++) { | |
35701 | + sprintf(name, IPSEC_DEV_FORMAT, i); | |
35702 | + if(!strcmp(name, skb->dev->name)) { | |
35703 | + prv = (struct ipsecpriv *)(skb->dev->priv); | |
35704 | + if(prv) { | |
35705 | + stats = (struct net_device_stats *) &(prv->mystats); | |
35706 | + } | |
35707 | + ipsecdev = skb->dev; | |
35708 | + KLIPS_PRINT(debug_rcv, | |
35709 | + "klips_debug:ipsec_rcv: " | |
35710 | + "Info -- pkt already proc'ed a group of ipsec headers, processing next group of ipsec headers.\n"); | |
35711 | + break; | |
35712 | + } | |
35713 | + if((ipsecdev = __ipsec_dev_get(name)) == NULL) { | |
35714 | + KLIPS_PRINT(debug_rcv, | |
35715 | + "klips_error:ipsec_rcv: " | |
35716 | + "device %s does not exist\n", | |
35717 | + name); | |
35718 | + } | |
35719 | + prv = ipsecdev ? (struct ipsecpriv *)(ipsecdev->priv) : NULL; | |
35720 | + prvdev = prv ? (struct net_device *)(prv->dev) : NULL; | |
35721 | + | |
35722 | +#if 0 | |
35723 | + KLIPS_PRINT(debug_rcv && prvdev, | |
35724 | + "klips_debug:ipsec_rcv: " | |
35725 | + "physical device for device %s is %s\n", | |
35726 | + name, | |
35727 | + prvdev->name); | |
35728 | +#endif | |
35729 | + if(prvdev && skb->dev && | |
35730 | + !strcmp(prvdev->name, skb->dev->name)) { | |
35731 | + stats = prv ? ((struct net_device_stats *) &(prv->mystats)) : NULL; | |
35732 | + skb->dev = ipsecdev; | |
35733 | + KLIPS_PRINT(debug_rcv && prvdev, | |
35734 | + "klips_debug:ipsec_rcv: " | |
35735 | + "assigning packet ownership to virtual device %s from physical device %s.\n", | |
35736 | + name, prvdev->name); | |
35737 | + if(stats) { | |
35738 | + stats->rx_packets++; | |
35739 | + } | |
35740 | + break; | |
35741 | + } | |
35742 | + } | |
35743 | + } else { | |
35744 | + KLIPS_PRINT(debug_rcv, | |
35745 | + "klips_debug:ipsec_rcv: " | |
35746 | + "device supplied with skb is NULL\n"); | |
35747 | + } | |
35748 | + | |
35749 | + if(stats == NULL) { | |
35750 | + KLIPS_PRINT((debug_rcv), | |
35751 | + "klips_error:ipsec_rcv: " | |
35752 | + "packet received from physical I/F (%s) not connected to ipsec I/F. Cannot record stats. May not have SA for decoding. Is IPSEC traffic expected on this I/F? Check routing.\n", | |
35753 | + skb->dev ? (skb->dev->name ? skb->dev->name : "NULL") : "NULL"); | |
35754 | + } | |
35755 | + | |
35756 | + KLIPS_IP_PRINT(debug_rcv, ipp); | |
35757 | + | |
35758 | + /* set up for decap loop */ | |
35759 | + irs->stats= stats; | |
35760 | + irs->ipp = ipp; | |
35761 | + irs->ipsp = NULL; | |
35762 | + irs->ilen = 0; | |
35763 | + irs->authlen=0; | |
35764 | + irs->authfuncs=NULL; | |
35765 | + irs->skb = skb; | |
35766 | + | |
35767 | + ipsec_rcv_decap(irs); | |
35768 | + KLIPS_DEC_USE; | |
35769 | + return(0); | |
35770 | + | |
35771 | + rcvleave: | |
35772 | + if(skb) { | |
35773 | + ipsec_kfree_skb(skb); | |
35774 | + } | |
35775 | + KLIPS_DEC_USE; | |
35776 | + return(0); | |
35777 | + | |
35778 | +} | |
35779 | + | |
35780 | +#ifdef NET_26 | |
35781 | +/* | |
35782 | + * this entry point is not a protocol entry point, so the entry | |
35783 | + * is a bit different. | |
35784 | + * | |
35785 | + * skb->iph->tot_len has been byte-swapped, and reduced by the size of | |
35786 | + * the IP header (and options). | |
35787 | + * | |
35788 | + * skb->h.raw has been pulled up the ESP header. | |
35789 | + * | |
35790 | + * skb->iph->protocol = 50 IPPROTO_ESP; | |
35791 | + * | |
35792 | + */ | |
35793 | +int klips26_rcv_encap(struct sk_buff *skb, __u16 encap_type) | |
35794 | +{ | |
35795 | + struct ipsec_rcv_state nirs, *irs = &nirs; | |
35796 | + struct iphdr *ipp; | |
35797 | + | |
35798 | + /* Don't unlink in the middle of a turnaround */ | |
35799 | + KLIPS_INC_USE; | |
35800 | + | |
35801 | + memset(irs, 0, sizeof(*irs)); | |
35802 | + | |
35803 | + /* XXX fudge it so that all nat-t stuff comes from ipsec0 */ | |
35804 | + /* eventually, the SA itself will determine which device | |
35805 | + * it comes from | |
35806 | + */ | |
35807 | + { | |
35808 | + skb->dev = ipsec_get_device(0); | |
35809 | + } | |
35810 | + | |
35811 | + /* set up for decap loop */ | |
35812 | + irs->hard_header_len = skb->dev->hard_header_len; | |
35813 | + | |
35814 | + skb = ipsec_rcv_unclone(skb, irs); | |
35815 | + | |
35816 | +#if IP_FRAGMENT_LINEARIZE | |
35817 | + /* In Linux 2.4.4, we may have to reassemble fragments. They are | |
35818 | + not assembled automatically to save TCP from having to copy | |
35819 | + twice. | |
35820 | + */ | |
35821 | + if (skb_is_nonlinear(skb)) { | |
35822 | +#ifdef HAVE_NEW_SKB_LINEARIZE | |
35823 | + if (skb_linearize_cow(skb) != 0) | |
35824 | +#else | |
35825 | + if (skb_linearize(skb, GFP_ATOMIC) != 0) | |
35826 | +#endif | |
35827 | + { | |
35828 | + goto rcvleave; | |
35829 | + } | |
35830 | + } | |
35831 | +#endif /* IP_FRAGMENT_LINEARIZE */ | |
35832 | + | |
35833 | + ipp = skb->nh.iph; | |
35834 | + | |
35835 | + { | |
35836 | + struct in_addr ipsaddr; | |
35837 | + struct in_addr ipdaddr; | |
35838 | + | |
35839 | + ipsaddr.s_addr = ipp->saddr; | |
35840 | + addrtoa(ipsaddr, 0, irs->ipsaddr_txt | |
35841 | + , sizeof(irs->ipsaddr_txt)); | |
35842 | + ipdaddr.s_addr = ipp->daddr; | |
35843 | + addrtoa(ipdaddr, 0, irs->ipdaddr_txt | |
35844 | + , sizeof(irs->ipdaddr_txt)); | |
35845 | + } | |
35846 | + | |
35847 | + irs->iphlen = ipp->ihl << 2; | |
35848 | + | |
35849 | + KLIPS_IP_PRINT(debug_rcv, ipp); | |
35850 | + | |
35851 | + irs->stats= NULL; | |
35852 | + irs->ipp = ipp; | |
35853 | + irs->ipsp = NULL; | |
35854 | + irs->ilen = 0; | |
35855 | + irs->authlen=0; | |
35856 | + irs->authfuncs=NULL; | |
35857 | + irs->skb = skb; | |
35858 | + | |
35859 | +#ifdef CONFIG_IPSEC_NAT_TRAVERSAL | |
35860 | + switch(encap_type) { | |
35861 | + case UDP_ENCAP_ESPINUDP: | |
35862 | + irs->natt_type = ESPINUDP_WITH_NON_ESP; | |
35863 | + break; | |
35864 | + | |
35865 | + case UDP_ENCAP_ESPINUDP_NON_IKE: | |
35866 | + irs->natt_type = ESPINUDP_WITH_NON_IKE; | |
35867 | + break; | |
35868 | + | |
35869 | + default: | |
35870 | + if(printk_ratelimit()) { | |
35871 | + printk(KERN_INFO "KLIPS received unknown UDP-ESP encap type %u\n", | |
35872 | + encap_type); | |
35873 | + } | |
35874 | + return -1; | |
35875 | + } | |
35876 | + | |
35877 | +#endif | |
35878 | + ipsec_rcv_decap(irs); | |
35879 | + KLIPS_DEC_USE; | |
35880 | + return 0; | |
35881 | + | |
35882 | +rcvleave: | |
35883 | + if(skb) { | |
35884 | + ipsec_kfree_skb(skb); | |
35885 | + } | |
35886 | + KLIPS_DEC_USE; | |
35887 | + return 0; | |
35888 | +} | |
35889 | +#endif | |
35890 | + | |
35891 | + | |
35892 | +/* | |
35893 | + * $Log: ipsec_rcv.c,v $ | |
35894 | + * Revision 1.171.2.10 2006/10/06 21:39:26 paul | |
35895 | + * Fix for 2.6.18+ only include linux/config.h if AUTOCONF_INCLUDED is not | |
35896 | + * set. This is defined through autoconf.h which is included through the | |
35897 | + * linux kernel build macros. | |
35898 | + * | |
35899 | + * Revision 1.171.2.9 2006/07/30 02:09:33 paul | |
35900 | + * Author: Bart Trojanowski <bart@xelerance.com> | |
35901 | + * This fixes a NATT+ESP bug in rcv path. | |
35902 | + * | |
35903 | + * We only want to test NATT policy on the ESP packet. Doing so on the | |
35904 | + * bundled SA breaks because the next layer does not know anything about | |
35905 | + * NATT. | |
35906 | + * | |
35907 | + * Fix just puts an if(proto == IPPROTO_ESP) around the NATT policy check. | |
35908 | + * | |
35909 | + * Revision 1.171.2.8 2006/07/29 05:03:04 paul | |
35910 | + * Added check for new version of skb_linearize that only takes 1 argument, | |
35911 | + * for 2.6.18+ kernels. | |
35912 | + * | |
35913 | + * Revision 1.171.2.7 2006/04/20 16:33:07 mcr | |
35914 | + * remove all of CONFIG_KLIPS_ALG --- one can no longer build without it. | |
35915 | + * Fix in-kernel module compilation. Sub-makefiles do not work. | |
35916 | + * | |
35917 | + * Revision 1.171.2.6 2005/12/07 06:07:04 paul | |
35918 | + * comment out KLIPS_DEC_USE in ipsec_rcv_decap. Likely an artifact from | |
35919 | + * refactoring. http://bugs.xelerance.com/view.php?id=454 | |
35920 | + * | |
35921 | + * Revision 1.171.2.5 2005/10/21 02:22:29 mcr | |
35922 | + * pull up of another try at 2.4.x kernel fix | |
35923 | + * | |
35924 | + * Revision 1.171.2.4 2005/10/21 01:39:56 mcr | |
35925 | + * nat-t fix is 2.4/2.6 specific | |
35926 | + * | |
35927 | + * Revision 1.178 2005/10/21 02:19:34 mcr | |
35928 | + * on 2.4 systems, we have to fix up the length as well. | |
35929 | + * | |
35930 | + * Revision 1.177 2005/10/21 00:18:31 mcr | |
35931 | + * nat-t fix is 2.4 specific. | |
35932 | + * | |
35933 | + * Revision 1.176 2005/10/20 21:06:11 mcr | |
35934 | + * possible fix for nat-t problem on 2.4 kernels. | |
35935 | + * | |
35936 | + * Revision 1.175 2005/10/13 02:49:24 mcr | |
35937 | + * tested UDP-encapsulated ESP packets that were not actually ESP, | |
35938 | + * (but IKE) were being eaten. | |
35939 | + * | |
35940 | + * Revision 1.174 2005/10/13 01:25:22 mcr | |
35941 | + * UDP-encapsulated ESP packets that were not actually ESP, | |
35942 | + * (but IKE) were being eaten. | |
35943 | + * | |
35944 | + * Revision 1.173 2005/08/31 23:26:11 mcr | |
35945 | + * fixes for 2.6.13 | |
35946 | + * | |
35947 | + * Revision 1.172 2005/08/05 08:44:54 mcr | |
35948 | + * ipsec_kern24.h (compat code for 2.4) must be include | |
35949 | + * explicitely now. | |
35950 | + * | |
35951 | + * Revision 1.171 2005/07/08 23:56:06 ken | |
35952 | + * #ifdef | |
35953 | + * | |
35954 | + * Revision 1.170 2005/07/08 23:50:05 ken | |
35955 | + * Don't attempt to decapsulate if NAT-T isn't available in the code | |
35956 | + * | |
35957 | + * Revision 1.169 2005/06/06 00:27:31 mcr | |
35958 | + * fix for making tcpdump (packet capture) work correctly for | |
35959 | + * nat-t received packets. | |
35960 | + * | |
35961 | + * Revision 1.168 2005/06/04 16:06:06 mcr | |
35962 | + * better patch for nat-t rcv-device code. | |
35963 | + * | |
35964 | + * Revision 1.167 2005/06/03 17:04:46 mcr | |
35965 | + * nat-t packets are forced to arrive from ipsec0. | |
35966 | + * | |
35967 | + * Revision 1.166 2005/04/29 05:10:22 mcr | |
35968 | + * removed from extraenous includes to make unit testing easier. | |
35969 | + * | |
35970 | + * Revision 1.165 2005/04/20 17:11:32 mcr | |
35971 | + * fixed to compile on 2.4. | |
35972 | + * | |
35973 | + * Revision 1.164 2005/04/18 03:09:50 ken | |
35974 | + * Fix typo | |
35975 | + * | |
35976 | + * Revision 1.163 2005/04/17 05:32:58 mcr | |
35977 | + * remove extraneous debugging | |
35978 | + * make sure to return success from klips26_encap_rcv(). | |
35979 | + * | |
35980 | + * Revision 1.162 2005/04/17 04:37:01 mcr | |
35981 | + * make sure that irs->ipp is still set. | |
35982 | + * | |
35983 | + * Revision 1.161 2005/04/17 03:51:52 mcr | |
35984 | + * removed old comment about removed code. | |
35985 | + * added translation from udp.c/2.6 to KLIPS NAT-ESP naming. | |
35986 | + * comment about check for origin address/port for incoming NAT-ESP packets. | |
35987 | + * | |
35988 | + * Revision 1.160 2005/04/15 19:55:58 mcr | |
35989 | + * adjustments to use proper skb fields for data. | |
35990 | + * | |
35991 | + * Revision 1.159 2005/04/10 22:58:20 mcr | |
35992 | + * refactoring of receive functions to make it easier to | |
35993 | + * call the ESP decap. | |
35994 | + * | |
35995 | + * Revision 1.158 2005/04/08 18:27:53 mcr | |
35996 | + * refactored ipsec_rcv() into ipsec_rcv() and ipsec_rcv_decap(). | |
35997 | + * | |
35998 | + * Revision 1.157 2004/12/28 23:13:09 mcr | |
35999 | + * use consistent CONFIG_IPSEC_NAT_TRAVERSAL. | |
36000 | + * | |
36001 | + * Revision 1.156 2004/12/03 21:34:51 mcr | |
36002 | + * mistype of KLIPS_USE_COUNT -> KLIPS_INC_USE; | |
36003 | + * | |
36004 | + * Revision 1.155 2004/12/03 21:25:57 mcr | |
36005 | + * compile time fixes for running on 2.6. | |
36006 | + * still experimental. | |
36007 | + * | |
36008 | + * Revision 1.154 2004/09/08 17:21:36 ken | |
36009 | + * Rename MD5* -> osMD5 functions to prevent clashes with other symbols exported by kernel modules (CIFS in 2.6 initiated this) | |
36010 | + * | |
36011 | + * Revision 1.153 2004/08/22 20:10:00 mcr | |
36012 | + * removed check for incorrect setting of NET_26. | |
36013 | + * | |
36014 | + * Revision 1.152 2004/08/21 15:22:39 mcr | |
36015 | + * added #defines for ATT heartbeat. | |
36016 | + * | |
36017 | + * Revision 1.151 2004/08/21 02:16:32 ken | |
36018 | + * Patch from Jochen Eisinger for AT&T MTS Heartbeat packet support | |
36019 | + * | |
36020 | + * Revision 1.150 2004/08/21 00:44:48 mcr | |
36021 | + * CONFIG_KLIPS_NAT was wrong, also need to include udp.h. | |
36022 | + * | |
36023 | + * Revision 1.149 2004/08/20 21:45:45 mcr | |
36024 | + * CONFIG_KLIPS_NAT_TRAVERSAL is not used in an attempt to | |
36025 | + * be 26sec compatible. But, some defines where changed. | |
36026 | + * | |
36027 | + * Revision 1.148 2004/08/17 03:27:23 mcr | |
36028 | + * klips 2.6 edits. | |
36029 | + * | |
36030 | + * Revision 1.147 2004/08/05 23:29:27 mcr | |
36031 | + * fixed nesting of #ifdef vs {} in ipsec_rcv(). | |
36032 | + * | |
36033 | + * Revision 1.146 2004/08/04 15:57:07 mcr | |
36034 | + * moved des .h files to include/des/ * | |
36035 | + * included 2.6 protocol specific things | |
36036 | + * started at NAT-T support, but it will require a kernel patch. | |
36037 | + * | |
36038 | + * Revision 1.145 2004/08/03 18:19:08 mcr | |
36039 | + * in 2.6, use "net_device" instead of #define device->net_device. | |
36040 | + * this probably breaks 2.0 compiles. | |
36041 | + * | |
36042 | + * Revision 1.144 2004/07/10 19:11:18 mcr | |
36043 | + * CONFIG_IPSEC -> CONFIG_KLIPS. | |
36044 | + * | |
36045 | + * Revision 1.143 2004/05/10 22:27:00 mcr | |
36046 | + * fix for ESP-3DES-noauth test case. | |
36047 | + * | |
36048 | + * Revision 1.142 2004/05/10 22:25:57 mcr | |
36049 | + * reformat of calls to ipsec_lifetime_check(). | |
36050 | + * | |
36051 | + * Revision 1.141 2004/04/06 02:49:26 mcr | |
36052 | + * pullup of algo code from alg-branch. | |
36053 | + * | |
36054 | + * Revision 1.140 2004/02/03 03:12:53 mcr | |
36055 | + * removed erroneously, double patched code. | |
36056 | + * | |
36057 | + * Revision 1.139 2004/01/05 23:21:29 mcr | |
36058 | + * initialize sin_family in ipsec_rcv.c | |
36059 | + * | |
36060 | + * Revision 1.138 2003/12/24 19:46:52 mcr | |
36061 | + * if sock.h patch has not been applied, then define appropriate | |
36062 | + * structure so we can use it. This is serious inferior, and | |
36063 | + * depends upon the concept that the structure in question is | |
36064 | + * smaller than the other members of that union. | |
36065 | + * getting rid of differing methods is a better solution. | |
36066 | + * | |
36067 | + * Revision 1.137 2003/12/22 19:40:57 mcr | |
36068 | + * NAT-T patches 0.6c. | |
36069 | + * | |
36070 | + * Revision 1.136 2003/12/15 18:13:12 mcr | |
36071 | + * when compiling with NAT traversal, don't assume that the | |
36072 | + * kernel has been patched, unless CONFIG_IPSEC_NAT_NON_ESP | |
36073 | + * is set. | |
36074 | + * | |
36075 | + * Revision 1.135 2003/12/13 19:10:21 mcr | |
36076 | + * refactored rcv and xmit code - same as FS 2.05. | |
36077 | + * | |
36078 | + * Revision 1.134.2.1 2003/12/22 15:25:52 jjo | |
36079 | + * Merged algo-0.8.1-rc11-test1 into alg-branch | |
36080 | + * | |
36081 | + * Revision 1.134 2003/12/10 01:14:27 mcr | |
36082 | + * NAT-traversal patches to KLIPS. | |
36083 | + * | |
36084 | + * Revision 1.133 2003/10/31 02:27:55 mcr | |
36085 | + * pulled up port-selector patches and sa_id elimination. | |
36086 | + * | |
36087 | + * Revision 1.132.2.1 2003/10/29 01:30:41 mcr | |
36088 | + * elimited "struct sa_id". | |
36089 | + * | |
36090 | + * Revision 1.132 2003/09/02 19:51:48 mcr | |
36091 | + * fixes for PR#252. | |
36092 | + * | |
36093 | + * Revision 1.131 2003/07/31 22:47:16 mcr | |
36094 | + * preliminary (untested by FS-team) 2.5 patches. | |
36095 | + * | |
36096 | + * Revision 1.130 2003/04/03 17:38:25 rgb | |
36097 | + * Centralised ipsec_kfree_skb and ipsec_dev_{get,put}. | |
36098 | + * Clarified logic for non-connected devices. | |
36099 | + * | |
36100 | + * Revision 1.129 2003/02/06 02:21:34 rgb | |
36101 | + * | |
36102 | + * Moved "struct auth_alg" from ipsec_rcv.c to ipsec_ah.h . | |
36103 | + * Changed "struct ah" to "struct ahhdr" and "struct esp" to "struct esphdr". | |
36104 | + * Removed "#ifdef INBOUND_POLICY_CHECK_eroute" dead code. | |
36105 | + * | |
36106 | + * Revision 1.128 2002/12/13 20:58:03 rgb | |
36107 | + * Relegated MCR's recent "_dmp" routine to debug_verbose. | |
36108 | + * Cleaned up printing of source and destination addresses in debug output. | |
36109 | + * | |
36110 | + * Revision 1.127 2002/12/04 16:00:16 rgb | |
36111 | + * | |
36112 | + * Fixed AH decapsulation pointer update bug and added some comments and | |
36113 | + * debugging. | |
36114 | + * This bug was caught by west-ah-0[12]. | |
36115 | + * | |
36116 | + * Revision 1.126 2002/11/04 05:03:43 mcr | |
36117 | + * fixes for IPCOMP. There were two problems: | |
36118 | + * 1) the irs->ipp pointer was not being updated properly after | |
36119 | + * the ESP descryption. The meant nothing for IPIP, as the | |
36120 | + * later IP header overwrote the earlier one. | |
36121 | + * 2) the more serious problem was that skb_decompress will | |
36122 | + * usually allocate a new SKB, so we have to make sure that | |
36123 | + * it doesn't get lost. | |
36124 | + * #2 meant removing the skb argument from the ->decrypt routine | |
36125 | + * and moving it to the irs->skb, so it could be value/result. | |
36126 | + * | |
36127 | + * Revision 1.125 2002/11/01 01:53:35 dhr | |
36128 | + * | |
36129 | + * fix typo | |
36130 | + * | |
36131 | + * Revision 1.124 2002/10/31 22:49:01 dhr | |
36132 | + * | |
36133 | + * - eliminate unused variable "hash" | |
36134 | + * - reduce scope of variable "authenticator" | |
36135 | + * - add comment on a couple of tricky bits | |
36136 | + * | |
36137 | + * Revision 1.123 2002/10/31 22:39:56 dhr | |
36138 | + * | |
36139 | + * use correct type for result of function calls | |
36140 | + * | |
36141 | + * Revision 1.122 2002/10/31 22:36:25 dhr | |
36142 | + * | |
36143 | + * simplify complex test | |
36144 | + * | |
36145 | + * Revision 1.121 2002/10/31 22:34:04 dhr | |
36146 | + * | |
36147 | + * ipsprev is never used: ditch it | |
36148 | + * | |
36149 | + * Revision 1.120 2002/10/31 22:30:21 dhr | |
36150 | + * | |
36151 | + * eliminate redundant assignments | |
36152 | + * | |
36153 | + * Revision 1.119 2002/10/31 22:27:43 dhr | |
36154 | + * | |
36155 | + * make whitespace canonical | |
36156 | + * | |
36157 | + * Revision 1.118 2002/10/30 05:47:17 rgb | |
36158 | + * Fixed cut-and-paste error mis-identifying comp runt as ah. | |
36159 | + * | |
36160 | + * Revision 1.117 2002/10/17 16:37:45 rgb | |
36161 | + * Remove compp intermediate variable and in-line its contents | |
36162 | + * where used | |
36163 | + * | |
36164 | + * Revision 1.116 2002/10/12 23:11:53 dhr | |
36165 | + * | |
36166 | + * [KenB + DHR] more 64-bit cleanup | |
36167 | + * | |
36168 | + * Revision 1.115 2002/10/07 19:06:58 rgb | |
36169 | + * Minor fixups and activation to west-rcv-nfmark-set-01 test to check for SA reference properly set on incoming. | |
36170 | + * | |
36171 | + * Revision 1.114 2002/10/07 18:31:31 rgb | |
36172 | + * Set saref on incoming packets. | |
36173 | + * | |
36174 | + * Revision 1.113 2002/09/16 21:28:12 mcr | |
36175 | + * adjust hash length for HMAC calculation - must look at whether | |
36176 | + * it is MD5 or SHA1. | |
36177 | + * | |
36178 | + * Revision 1.112 2002/09/16 21:19:15 mcr | |
36179 | + * fixes for west-ah-icmp-01 - length of AH header must be | |
36180 | + * calculated properly, and next_header field properly copied. | |
36181 | + * | |
36182 | + * Revision 1.111 2002/09/10 02:45:56 mcr | |
36183 | + * re-factored the ipsec_rcv function into several functions, | |
36184 | + * ipsec_rcv_decap_once, and a set of functions for AH, ESP and IPCOMP. | |
36185 | + * In addition, the MD5 and SHA1 functions are replaced with pointers. | |
36186 | + * | |
36187 | + * Revision 1.110 2002/08/30 06:34:33 rgb | |
36188 | + * Fix scope of shift in AH header length check. | |
36189 | + * | |
36190 | + * Revision 1.109 2002/08/27 16:49:20 rgb | |
36191 | + * Fixed ESP short packet DOS (and AH and IPCOMP). | |
36192 | + * | |
36193 | + * Revision 1.108 2002/07/24 18:44:54 rgb | |
36194 | + * Type fiddling to tame ia64 compiler. | |
36195 | + * | |
36196 | + * Revision 1.107 2002/05/27 18:58:18 rgb | |
36197 | + * Convert to dynamic ipsec device allocation. | |
36198 | + * Remove final vistiges of tdb references via IPSEC_KLIPS1_COMPAT. | |
36199 | + * | |
36200 | + * Revision 1.106 2002/05/23 07:15:21 rgb | |
36201 | + * Pointer clean-up. | |
36202 | + * Added refcount code. | |
36203 | + * | |
36204 | + * Revision 1.105 2002/05/14 02:35:06 rgb | |
36205 | + * Change all references to tdb, TDB or Tunnel Descriptor Block to ips, | |
36206 | + * ipsec_sa or ipsec_sa. | |
36207 | + * Change references to _TDB to _IPSA. | |
36208 | + * | |
36209 | + * Revision 1.104 2002/04/24 07:55:32 mcr | |
36210 | + * #include patches and Makefiles for post-reorg compilation. | |
36211 | + * | |
36212 | + * Revision 1.103 2002/04/24 07:36:30 mcr | |
36213 | + * Moved from ./klips/net/ipsec/ipsec_rcv.c,v | |
36214 | + * | |
36215 | + * Revision 1.102 2002/01/29 17:17:56 mcr | |
36216 | + * moved include of ipsec_param.h to after include of linux/kernel.h | |
36217 | + * otherwise, it seems that some option that is set in ipsec_param.h | |
36218 | + * screws up something subtle in the include path to kernel.h, and | |
36219 | + * it complains on the snprintf() prototype. | |
36220 | + * | |
36221 | + * Revision 1.101 2002/01/29 04:00:52 mcr | |
36222 | + * more excise of kversions.h header. | |
36223 | + * | |
36224 | + * Revision 1.100 2002/01/29 02:13:17 mcr | |
36225 | + * introduction of ipsec_kversion.h means that include of | |
36226 | + * ipsec_param.h must preceed any decisions about what files to | |
36227 | + * include to deal with differences in kernel source. | |
36228 | + * | |
36229 | + * Revision 1.99 2002/01/28 21:40:59 mcr | |
36230 | + * should use #if to test boolean option rather than #ifdef. | |
36231 | + * | |
36232 | + * Revision 1.98 2002/01/20 20:19:36 mcr | |
36233 | + * renamed option to IP_FRAGMENT_LINEARIZE. | |
36234 | + * | |
36235 | + * Revision 1.97 2002/01/12 02:55:36 mcr | |
36236 | + * fix for post-2.4.4 to linearize skb's when ESP packet | |
36237 | + * was assembled from fragments. | |
36238 | + * | |
36239 | + * Revision 1.96 2001/11/26 09:23:49 rgb | |
36240 | + * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes. | |
36241 | + * | |
36242 | + * Revision 1.93.2.2 2001/10/22 20:54:07 mcr | |
36243 | + * include des.h, removed phony prototypes and fixed calling | |
36244 | + * conventions to match real prototypes. | |
36245 | + * | |
36246 | + * Revision 1.93.2.1 2001/09/25 02:22:22 mcr | |
36247 | + * struct tdb -> struct ipsec_sa. | |
36248 | + * lifetime checks moved to ipsec_life.c | |
36249 | + * some sa(tdb) manipulation functions renamed. | |
36250 | + * | |
36251 | + * Revision 1.95 2001/11/06 19:49:07 rgb | |
36252 | + * Added variable descriptions. | |
36253 | + * Removed unauthenticated sequence==0 check to prevent DoS. | |
36254 | + * | |
36255 | + * Revision 1.94 2001/10/18 04:45:20 rgb | |
36256 | + * 2.4.9 kernel deprecates linux/malloc.h in favour of linux/slab.h, | |
36257 | + * lib/freeswan.h version macros moved to lib/kversions.h. | |
36258 | + * Other compiler directive cleanups. | |
36259 | + * | |
36260 | + * Revision 1.93 2001/09/07 22:17:24 rgb | |
36261 | + * Fix for removal of transport layer protocol handler arg in 2.4.4. | |
36262 | + * Fix to accomodate peer non-conformance to IPCOMP rfc2393. | |
36263 | + * | |
36264 | + * Revision 1.92 2001/08/27 19:44:41 rgb | |
36265 | + * Fix error in comment. | |
36266 | + * | |
36267 | + * Revision 1.91 2001/07/20 19:31:48 dhr | |
36268 | + * [DHR] fix source and destination subnets of policy in diagnostic | |
36269 | + * | |
36270 | + * Revision 1.90 2001/07/06 19:51:09 rgb | |
36271 | + * Added inbound policy checking code for IPIP SAs. | |
36272 | + * Renamed unused function argument for ease and intuitive naming. | |
36273 | + * | |
36274 | + * Revision 1.89 2001/06/22 19:35:23 rgb | |
36275 | + * Disable ipcomp processing if we are handed a ipcomp packet with no esp | |
36276 | + * or ah header. | |
36277 | + * Print protocol if we are handed a non-ipsec packet. | |
36278 | + * | |
36279 | + * Revision 1.88 2001/06/20 06:30:47 rgb | |
36280 | + * Fixed transport mode IPCOMP policy check bug. | |
36281 | + * | |
36282 | + * Revision 1.87 2001/06/13 20:58:40 rgb | |
36283 | + * Added parentheses around assignment used as truth value to silence | |
36284 | + * compiler. | |
36285 | + * | |
36286 | + * Revision 1.86 2001/06/07 22:25:23 rgb | |
36287 | + * Added a source address policy check for tunnel mode. It still does | |
36288 | + * not check client addresses and masks. | |
36289 | + * Only decapsulate IPIP if it is expected. | |
36290 | + * | |
36291 | + * Revision 1.85 2001/05/30 08:14:02 rgb | |
36292 | + * Removed vestiges of esp-null transforms. | |
36293 | + * | |
36294 | + * Revision 1.84 2001/05/27 06:12:11 rgb | |
36295 | + * Added structures for pid, packet count and last access time to eroute. | |
36296 | + * Added packet count to beginning of /proc/net/ipsec_eroute. | |
36297 | + * | |
36298 | + * Revision 1.83 2001/05/04 16:45:47 rgb | |
36299 | + * Remove unneeded code. ipp is not used after this point. | |
36300 | + * | |
36301 | + * Revision 1.82 2001/05/04 16:36:00 rgb | |
36302 | + * Fix skb_cow() call for 2.4.4. (SS) | |
36303 | + * | |
36304 | + * Revision 1.81 2001/05/02 14:46:53 rgb | |
36305 | + * Fix typo for compiler directive to pull IPH back. | |
36306 | + * | |
36307 | + * Revision 1.80 2001/04/30 19:46:34 rgb | |
36308 | + * Update for 2.4.4. We now receive the skb with skb->data pointing to | |
36309 | + * h.raw. | |
36310 | + * | |
36311 | + * Revision 1.79 2001/04/23 15:01:15 rgb | |
36312 | + * Added spin_lock() check to prevent double-locking for multiple | |
36313 | + * transforms and hence kernel lock-ups with SMP kernels. | |
36314 | + * Minor spin_unlock() adjustments to unlock before non-dependant prints | |
36315 | + * and IPSEC device stats updates. | |
36316 | + * | |
36317 | + * Revision 1.78 2001/04/21 23:04:24 rgb | |
36318 | + * Check if soft expire has already been sent before sending another to | |
36319 | + * prevent ACQUIRE flooding. | |
36320 | + * | |
36321 | + * Revision 1.77 2001/03/16 07:35:20 rgb | |
36322 | + * Ditch extra #if 1 around now permanent policy checking code. | |
36323 | + * | |
36324 | + * Revision 1.76 2001/02/27 22:24:54 rgb | |
36325 | + * Re-formatting debug output (line-splitting, joining, 1arg/line). | |
36326 | + * Check for satoa() return codes. | |
36327 | + * | |
36328 | + * Revision 1.75 2001/02/19 22:28:30 rgb | |
36329 | + * Minor change to virtual device discovery code to assert which I/F has | |
36330 | + * been found. | |
36331 | + * | |
36332 | + * Revision 1.74 2000/11/25 03:50:36 rgb | |
36333 | + * Oops fix by minor re-arrangement of code to avoid accessing a freed tdb. | |
36334 | + * | |
36335 | + * Revision 1.73 2000/11/09 20:52:15 rgb | |
36336 | + * More spinlock shuffling, locking earlier and unlocking later in rcv to | |
36337 | + * include ipcomp and prevent races, renaming some tdb variables that got | |
36338 | + * forgotten, moving some unlocks to include tdbs and adding a missing | |
36339 | + * unlock. Thanks to Svenning for some of these. | |
36340 | + * | |
36341 | + * Revision 1.72 2000/11/09 20:11:22 rgb | |
36342 | + * Minor shuffles to fix non-standard kernel config option selection. | |
36343 | + * | |
36344 | + * Revision 1.71 2000/11/06 04:36:18 rgb | |
36345 | + * Ditched spin_lock_irqsave in favour of spin_lock. | |
36346 | + * Minor initial protocol check rewrite. | |
36347 | + * Clean up debug printing. | |
36348 | + * Clean up tdb handling on ipcomp. | |
36349 | + * Fixed transport mode null pointer de-reference without ipcomp. | |
36350 | + * Add Svenning's adaptive content compression. | |
36351 | + * Disabled registration of ipcomp handler. | |
36352 | + * | |
36353 | + * Revision 1.70 2000/10/30 23:41:43 henry | |
36354 | + * Hans-Joerg Hoexer's null-pointer fix | |
36355 | + * | |
36356 | + * Revision 1.69 2000/10/10 18:54:16 rgb | |
36357 | + * Added a fix for incoming policy check with ipcomp enabled but | |
36358 | + * uncompressible. | |
36359 | + * | |
36360 | + * Revision 1.68 2000/09/22 17:53:12 rgb | |
36361 | + * Fixed ipcomp tdb pointers update for policy checking. | |
36362 | + * | |
36363 | + * Revision 1.67 2000/09/21 03:40:58 rgb | |
36364 | + * Added more debugging to try and track down the cpi outward copy problem. | |
36365 | + * | |
36366 | + * Revision 1.66 2000/09/20 04:00:10 rgb | |
36367 | + * Changed static functions to DEBUG_NO_STATIC to reveal function names for | |
36368 | + * debugging oopsen. | |
36369 | + * | |
36370 | + * Revision 1.65 2000/09/19 07:07:16 rgb | |
36371 | + * Added debugging to inbound policy check for ipcomp. | |
36372 | + * Added missing spin_unlocks (thanks Svenning!). | |
36373 | + * Fixed misplaced tdbnext pointers causing mismatched ipip policy check. | |
36374 | + * Protect ipcomp policy check following ipip decap with sysctl switch. | |
36375 | + * | |
36376 | + * Revision 1.64 2000/09/18 21:27:29 rgb | |
36377 | + * 2.0 fixes. | |
36378 | + * | |
36379 | + * Revision 1.63 2000/09/18 02:35:50 rgb | |
36380 | + * Added policy checking to ipcomp and re-enabled policy checking by | |
36381 | + * default. | |
36382 | + * Optimised satoa calls. | |
36383 | + * | |
36384 | + * Revision 1.62 2000/09/17 21:02:32 rgb | |
36385 | + * Clean up debugging, removing slow timestamp debug code. | |
36386 | + * | |
36387 | + * Revision 1.61 2000/09/16 01:07:55 rgb | |
36388 | + * Fixed erroneous ref from struct ipcomp to struct ipcomphdr. | |
36389 | + * | |
36390 | + * Revision 1.60 2000/09/15 11:37:01 rgb | |
36391 | + * Merge in heavily modified Svenning Soerensen's <svenning@post5.tele.dk> | |
36392 | + * IPCOMP zlib deflate code. | |
36393 | + * | |
36394 | + * Revision 1.59 2000/09/15 04:56:20 rgb | |
36395 | + * Remove redundant satoa() call, reformat comment. | |
36396 | + * | |
36397 | + * Revision 1.58 2000/09/13 08:00:52 rgb | |
36398 | + * Flick on inbound policy checking. | |
36399 | + * | |
36400 | + * Revision 1.57 2000/09/12 03:22:19 rgb | |
36401 | + * Converted inbound_policy_check to sysctl. | |
36402 | + * Re-enabled policy backcheck. | |
36403 | + * Moved policy checks to top and within tdb lock. | |
36404 | + * | |
36405 | + * Revision 1.56 2000/09/08 19:12:56 rgb | |
36406 | + * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG. | |
36407 | + * | |
36408 | + * Revision 1.55 2000/08/28 18:15:46 rgb | |
36409 | + * Added MB's nf-debug reset patch. | |
36410 | + * | |
36411 | + * Revision 1.54 2000/08/27 01:41:26 rgb | |
36412 | + * More minor tweaks to the bad padding debug code. | |
36413 | + * | |
36414 | + * Revision 1.53 2000/08/24 16:54:16 rgb | |
36415 | + * Added KLIPS_PRINTMORE macro to continue lines without KERN_INFO level | |
36416 | + * info. | |
36417 | + * Tidied up device reporting at the start of ipsec_rcv. | |
36418 | + * Tidied up bad padding debugging and processing. | |
36419 | + * | |
36420 | + * Revision 1.52 2000/08/20 21:36:03 rgb | |
36421 | + * Activated pfkey_expire() calls. | |
36422 | + * Added a hard/soft expiry parameter to pfkey_expire(). | |
36423 | + * Added sanity checking to avoid propagating zero or smaller-length skbs | |
36424 | + * from a bogus decryption. | |
36425 | + * Re-arranged the order of soft and hard expiry to conform to RFC2367. | |
36426 | + * Clean up references to CONFIG_IPSEC_PFKEYv2. | |
36427 | + * | |
36428 | + * Revision 1.51 2000/08/18 21:23:30 rgb | |
36429 | + * Improve bad padding warning so that the printk buffer doesn't get | |
36430 | + * trampled. | |
36431 | + * | |
36432 | + * Revision 1.50 2000/08/01 14:51:51 rgb | |
36433 | + * Removed _all_ remaining traces of DES. | |
36434 | + * | |
36435 | + * Revision 1.49 2000/07/28 13:50:53 rgb | |
36436 | + * Changed enet_statistics to net_device_stats and added back compatibility | |
36437 | + * for pre-2.1.19. | |
36438 | + * | |
36439 | + * Revision 1.48 2000/05/10 19:14:40 rgb | |
36440 | + * Only check usetime against soft and hard limits if the tdb has been | |
36441 | + * used. | |
36442 | + * Cast output of ntohl so that the broken prototype doesn't make our | |
36443 | + * compile noisy. | |
36444 | + * | |
36445 | + * Revision 1.47 2000/05/09 17:45:43 rgb | |
36446 | + * Fix replay bitmap corruption bug upon receipt of bogus packet | |
36447 | + * with correct SPI. This was a DoS. | |
36448 | + * | |
36449 | + * Revision 1.46 2000/03/27 02:31:58 rgb | |
36450 | + * Fixed authentication failure printout bug. | |
36451 | + * | |
36452 | + * Revision 1.45 2000/03/22 16:15:37 rgb | |
36453 | + * Fixed renaming of dev_get (MB). | |
36454 | + * | |
36455 | + * Revision 1.44 2000/03/16 08:17:24 rgb | |
36456 | + * Hardcode PF_KEYv2 support. | |
36457 | + * Fixed minor bug checking AH header length. | |
36458 | + * | |
36459 | + * Revision 1.43 2000/03/14 12:26:59 rgb | |
36460 | + * Added skb->nfct support for clearing netfilter conntrack bits (MB). | |
36461 | + * | |
36462 | + * Revision 1.42 2000/01/26 10:04:04 rgb | |
36463 | + * Fixed inbound policy checking on transport mode bug. | |
36464 | + * Fixed noisy 2.0 printk arguments. | |
36465 | + * | |
36466 | + * Revision 1.41 2000/01/24 20:58:02 rgb | |
36467 | + * Improve debugging/reporting support for (disabled) inbound | |
36468 | + * policy checking. | |
36469 | + * | |
36470 | + * Revision 1.40 2000/01/22 23:20:10 rgb | |
36471 | + * Fixed up inboud policy checking code. | |
36472 | + * Cleaned out unused crud. | |
36473 | + * | |
36474 | + * Revision 1.39 2000/01/21 06:15:29 rgb | |
36475 | + * Added sanity checks on skb_push(), skb_pull() to prevent panics. | |
36476 | + * Fixed cut-and-paste debug_tunnel to debug_rcv. | |
36477 | + * Added inbound policy checking code, disabled. | |
36478 | + * Simplified output code by updating ipp to post-IPIP decapsulation. | |
36479 | + * | |
36480 | + * elided pre-2000 comments. Use "cvs log" | |
36481 | + * | |
36482 | + * | |
36483 | + * Local Variables: | |
36484 | + * c-set-style: linux | |
36485 | + * End: | |
36486 | + * | |
36487 | + */ | |
36488 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
36489 | +++ linux/net/ipsec/ipsec_sa.c Mon Feb 9 13:51:03 2004 | |
36490 | @@ -0,0 +1,1870 @@ | |
36491 | +/* | |
36492 | + * Common routines for IPsec SA maintenance routines. | |
36493 | + * | |
36494 | + * Copyright (C) 1996, 1997 John Ioannidis. | |
36495 | + * Copyright (C) 1998, 1999, 2000, 2001, 2002 Richard Guy Briggs. | |
36496 | + * | |
36497 | + * This program is free software; you can redistribute it and/or modify it | |
36498 | + * under the terms of the GNU General Public License as published by the | |
36499 | + * Free Software Foundation; either version 2 of the License, or (at your | |
36500 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
36501 | + * | |
36502 | + * This program is distributed in the hope that it will be useful, but | |
36503 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
36504 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
36505 | + * for more details. | |
36506 | + * | |
36507 | + * RCSID $Id: ipsec_sa.c,v 1.30.2.2 2006/10/06 21:39:26 paul Exp $ | |
36508 | + * | |
36509 | + * This is the file formerly known as "ipsec_xform.h" | |
36510 | + * | |
36511 | + */ | |
36512 | + | |
36513 | +#ifndef AUTOCONF_INCLUDED | |
36514 | +#include <linux/config.h> | |
36515 | +#endif | |
36516 | +#include <linux/version.h> | |
36517 | +#include <linux/kernel.h> /* printk() */ | |
36518 | + | |
36519 | +#include "openswan/ipsec_param.h" | |
36520 | + | |
36521 | +#ifdef MALLOC_SLAB | |
36522 | +# include <linux/slab.h> /* kmalloc() */ | |
36523 | +#else /* MALLOC_SLAB */ | |
36524 | +# include <linux/malloc.h> /* kmalloc() */ | |
36525 | +#endif /* MALLOC_SLAB */ | |
36526 | +#include <linux/vmalloc.h> /* vmalloc() */ | |
36527 | +#include <linux/errno.h> /* error codes */ | |
36528 | +#include <linux/types.h> /* size_t */ | |
36529 | +#include <linux/interrupt.h> /* mark_bh */ | |
36530 | + | |
36531 | +#include <linux/netdevice.h> /* struct device, and other headers */ | |
36532 | +#include <linux/etherdevice.h> /* eth_type_trans */ | |
36533 | +#include <linux/ip.h> /* struct iphdr */ | |
36534 | +#include <linux/skbuff.h> | |
36535 | +#include <openswan.h> | |
36536 | +#ifdef SPINLOCK | |
36537 | +#ifdef SPINLOCK_23 | |
36538 | +#include <linux/spinlock.h> /* *lock* */ | |
36539 | +#else /* SPINLOCK_23 */ | |
36540 | +#include <asm/spinlock.h> /* *lock* */ | |
36541 | +#endif /* SPINLOCK_23 */ | |
36542 | +#endif /* SPINLOCK */ | |
36543 | + | |
36544 | +#include <net/ip.h> | |
36545 | + | |
36546 | +#include "openswan/radij.h" | |
36547 | + | |
36548 | +#include "openswan/ipsec_stats.h" | |
36549 | +#include "openswan/ipsec_life.h" | |
36550 | +#include "openswan/ipsec_sa.h" | |
36551 | +#include "openswan/ipsec_xform.h" | |
36552 | + | |
36553 | +#include "openswan/ipsec_encap.h" | |
36554 | +#include "openswan/ipsec_radij.h" | |
36555 | +#include "openswan/ipsec_xform.h" | |
36556 | +#include "openswan/ipsec_ipe4.h" | |
36557 | +#include "openswan/ipsec_ah.h" | |
36558 | +#include "openswan/ipsec_esp.h" | |
36559 | + | |
36560 | +#include <pfkeyv2.h> | |
36561 | +#include <pfkey.h> | |
36562 | + | |
36563 | +#include "openswan/ipsec_proto.h" | |
36564 | +#include "openswan/ipsec_alg.h" | |
36565 | + | |
36566 | + | |
36567 | +#ifdef CONFIG_KLIPS_DEBUG | |
36568 | +int debug_xform = 0; | |
36569 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
36570 | + | |
36571 | +#define SENDERR(_x) do { error = -(_x); goto errlab; } while (0) | |
36572 | + | |
36573 | +struct ipsec_sa *ipsec_sadb_hash[SADB_HASHMOD]; | |
36574 | +#ifdef SPINLOCK | |
36575 | +spinlock_t tdb_lock = SPIN_LOCK_UNLOCKED; | |
36576 | +#else /* SPINLOCK */ | |
36577 | +spinlock_t tdb_lock; | |
36578 | +#endif /* SPINLOCK */ | |
36579 | + | |
36580 | +struct ipsec_sadb ipsec_sadb; | |
36581 | + | |
36582 | +#if IPSEC_SA_REF_CODE | |
36583 | + | |
36584 | +/* the sub table must be narrower (or equal) in bits than the variable type | |
36585 | + in the main table to count the number of unused entries in it. */ | |
36586 | +typedef struct { | |
36587 | + int testSizeOf_refSubTable : | |
36588 | + ((sizeof(IPsecRefTableUnusedCount) * 8) < IPSEC_SA_REF_SUBTABLE_IDX_WIDTH ? -1 : 1); | |
36589 | +} dummy; | |
36590 | + | |
36591 | + | |
36592 | +/* The field where the saref will be hosted in the skb must be wide enough to | |
36593 | + accomodate the information it needs to store. */ | |
36594 | +typedef struct { | |
36595 | + int testSizeOf_refField : | |
36596 | + (IPSEC_SA_REF_HOST_FIELD_WIDTH < IPSEC_SA_REF_TABLE_IDX_WIDTH ? -1 : 1 ); | |
36597 | +} dummy2; | |
36598 | + | |
36599 | + | |
36600 | +#define IPS_HASH(said) (((said)->spi + (said)->dst.u.v4.sin_addr.s_addr + (said)->proto) % SADB_HASHMOD) | |
36601 | + | |
36602 | + | |
36603 | +void | |
36604 | +ipsec_SAtest(void) | |
36605 | +{ | |
36606 | + IPsecSAref_t SAref = 258; | |
36607 | + struct ipsec_sa ips; | |
36608 | + ips.ips_ref = 772; | |
36609 | + | |
36610 | + printk("klips_debug:ipsec_SAtest: " | |
36611 | + "IPSEC_SA_REF_SUBTABLE_IDX_WIDTH=%u\n" | |
36612 | + "IPSEC_SA_REF_MAINTABLE_NUM_ENTRIES=%u\n" | |
36613 | + "IPSEC_SA_REF_SUBTABLE_NUM_ENTRIES=%u\n" | |
36614 | + "IPSEC_SA_REF_HOST_FIELD_WIDTH=%lu\n" | |
36615 | + "IPSEC_SA_REF_TABLE_MASK=%x\n" | |
36616 | + "IPSEC_SA_REF_ENTRY_MASK=%x\n" | |
36617 | + "IPsecSAref2table(%d)=%u\n" | |
36618 | + "IPsecSAref2entry(%d)=%u\n" | |
36619 | + "IPsecSAref2NFmark(%d)=%u\n" | |
36620 | + "IPsecSAref2SA(%d)=%p\n" | |
36621 | + "IPsecSA2SAref(%p)=%d\n" | |
36622 | + , | |
36623 | + IPSEC_SA_REF_SUBTABLE_IDX_WIDTH, | |
36624 | + IPSEC_SA_REF_MAINTABLE_NUM_ENTRIES, | |
36625 | + IPSEC_SA_REF_SUBTABLE_NUM_ENTRIES, | |
36626 | + (unsigned long) IPSEC_SA_REF_HOST_FIELD_WIDTH, | |
36627 | + IPSEC_SA_REF_TABLE_MASK, | |
36628 | + IPSEC_SA_REF_ENTRY_MASK, | |
36629 | + SAref, IPsecSAref2table(SAref), | |
36630 | + SAref, IPsecSAref2entry(SAref), | |
36631 | + SAref, IPsecSAref2NFmark(SAref), | |
36632 | + SAref, IPsecSAref2SA(SAref), | |
36633 | + (&ips), IPsecSA2SAref((&ips)) | |
36634 | + ); | |
36635 | + return; | |
36636 | +} | |
36637 | + | |
36638 | +int | |
36639 | +ipsec_SAref_recycle(void) | |
36640 | +{ | |
36641 | + int table; | |
36642 | + int entry; | |
36643 | + int error = 0; | |
36644 | + | |
36645 | + ipsec_sadb.refFreeListHead = -1; | |
36646 | + ipsec_sadb.refFreeListTail = -1; | |
36647 | + | |
36648 | + if(ipsec_sadb.refFreeListCont == IPSEC_SA_REF_MAINTABLE_NUM_ENTRIES * IPSEC_SA_REF_SUBTABLE_NUM_ENTRIES) { | |
36649 | + KLIPS_PRINT(debug_xform, | |
36650 | + "klips_debug:ipsec_SAref_recycle: " | |
36651 | + "end of table reached, continuing at start..\n"); | |
36652 | + ipsec_sadb.refFreeListCont = 0; | |
36653 | + } | |
36654 | + | |
36655 | + KLIPS_PRINT(debug_xform, | |
36656 | + "klips_debug:ipsec_SAref_recycle: " | |
36657 | + "recycling, continuing from SAref=%d (0p%p), table=%d, entry=%d.\n", | |
36658 | + ipsec_sadb.refFreeListCont, | |
36659 | + (ipsec_sadb.refTable[IPsecSAref2table(ipsec_sadb.refFreeListCont)] != NULL) ? IPsecSAref2SA(ipsec_sadb.refFreeListCont) : NULL, | |
36660 | + IPsecSAref2table(ipsec_sadb.refFreeListCont), | |
36661 | + IPsecSAref2entry(ipsec_sadb.refFreeListCont)); | |
36662 | + | |
36663 | + for(table = IPsecSAref2table(ipsec_sadb.refFreeListCont); | |
36664 | + table < IPSEC_SA_REF_MAINTABLE_NUM_ENTRIES; | |
36665 | + table++) { | |
36666 | + if(ipsec_sadb.refTable[table] == NULL) { | |
36667 | + error = ipsec_SArefSubTable_alloc(table); | |
36668 | + if(error) { | |
36669 | + return error; | |
36670 | + } | |
36671 | + } | |
36672 | + for(entry = IPsecSAref2entry(ipsec_sadb.refFreeListCont); | |
36673 | + entry < IPSEC_SA_REF_SUBTABLE_NUM_ENTRIES; | |
36674 | + entry++) { | |
36675 | + if(ipsec_sadb.refTable[table]->entry[entry] == NULL) { | |
36676 | + ipsec_sadb.refFreeList[++ipsec_sadb.refFreeListTail] = IPsecSArefBuild(table, entry); | |
36677 | + if(ipsec_sadb.refFreeListTail == (IPSEC_SA_REF_FREELIST_NUM_ENTRIES - 1)) { | |
36678 | + ipsec_sadb.refFreeListHead = 0; | |
36679 | + ipsec_sadb.refFreeListCont = ipsec_sadb.refFreeList[ipsec_sadb.refFreeListTail] + 1; | |
36680 | + KLIPS_PRINT(debug_xform, | |
36681 | + "klips_debug:ipsec_SAref_recycle: " | |
36682 | + "SArefFreeList refilled.\n"); | |
36683 | + return 0; | |
36684 | + } | |
36685 | + } | |
36686 | + } | |
36687 | + } | |
36688 | + | |
36689 | + if(ipsec_sadb.refFreeListTail == -1) { | |
36690 | + KLIPS_PRINT(debug_xform, | |
36691 | + "klips_debug:ipsec_SAref_recycle: " | |
36692 | + "out of room in the SArefTable.\n"); | |
36693 | + | |
36694 | + return(-ENOSPC); | |
36695 | + } | |
36696 | + | |
36697 | + ipsec_sadb.refFreeListHead = 0; | |
36698 | + ipsec_sadb.refFreeListCont = ipsec_sadb.refFreeList[ipsec_sadb.refFreeListTail] + 1; | |
36699 | + KLIPS_PRINT(debug_xform, | |
36700 | + "klips_debug:ipsec_SAref_recycle: " | |
36701 | + "SArefFreeList partly refilled to %d of %d.\n", | |
36702 | + ipsec_sadb.refFreeListTail, | |
36703 | + IPSEC_SA_REF_FREELIST_NUM_ENTRIES); | |
36704 | + return 0; | |
36705 | +} | |
36706 | + | |
36707 | +int | |
36708 | +ipsec_SArefSubTable_alloc(unsigned table) | |
36709 | +{ | |
36710 | + unsigned entry; | |
36711 | + struct IPsecSArefSubTable* SArefsub; | |
36712 | + | |
36713 | + KLIPS_PRINT(debug_xform, | |
36714 | + "klips_debug:ipsec_SArefSubTable_alloc: " | |
36715 | + "allocating %lu bytes for table %u of %u.\n", | |
36716 | + (unsigned long) (IPSEC_SA_REF_SUBTABLE_NUM_ENTRIES * sizeof(struct ipsec_sa *)), | |
36717 | + table, | |
36718 | + IPSEC_SA_REF_MAINTABLE_NUM_ENTRIES); | |
36719 | + | |
36720 | + /* allocate another sub-table */ | |
36721 | + SArefsub = vmalloc(IPSEC_SA_REF_SUBTABLE_NUM_ENTRIES * sizeof(struct ipsec_sa *)); | |
36722 | + if(SArefsub == NULL) { | |
36723 | + KLIPS_PRINT(debug_xform, | |
36724 | + "klips_debug:ipsec_SArefSubTable_alloc: " | |
36725 | + "error allocating memory for table %u of %u!\n", | |
36726 | + table, | |
36727 | + IPSEC_SA_REF_MAINTABLE_NUM_ENTRIES); | |
36728 | + return -ENOMEM; | |
36729 | + } | |
36730 | + | |
36731 | + /* add this sub-table to the main table */ | |
36732 | + ipsec_sadb.refTable[table] = SArefsub; | |
36733 | + | |
36734 | + /* initialise each element to NULL */ | |
36735 | + KLIPS_PRINT(debug_xform, | |
36736 | + "klips_debug:ipsec_SArefSubTable_alloc: " | |
36737 | + "initialising %u elements (2 ^ %u) of table %u.\n", | |
36738 | + IPSEC_SA_REF_SUBTABLE_NUM_ENTRIES, | |
36739 | + IPSEC_SA_REF_SUBTABLE_IDX_WIDTH, | |
36740 | + table); | |
36741 | + for(entry = 0; entry < IPSEC_SA_REF_SUBTABLE_NUM_ENTRIES; entry++) { | |
36742 | + SArefsub->entry[entry] = NULL; | |
36743 | + } | |
36744 | + | |
36745 | + return 0; | |
36746 | +} | |
36747 | +#endif /* IPSEC_SA_REF_CODE */ | |
36748 | + | |
36749 | +int | |
36750 | +ipsec_saref_freelist_init(void) | |
36751 | +{ | |
36752 | + int i; | |
36753 | + | |
36754 | + KLIPS_PRINT(debug_xform, | |
36755 | + "klips_debug:ipsec_saref_freelist_init: " | |
36756 | + "initialising %u elements of FreeList.\n", | |
36757 | + IPSEC_SA_REF_FREELIST_NUM_ENTRIES); | |
36758 | + | |
36759 | + for(i = 0; i < IPSEC_SA_REF_FREELIST_NUM_ENTRIES; i++) { | |
36760 | + ipsec_sadb.refFreeList[i] = IPSEC_SAREF_NULL; | |
36761 | + } | |
36762 | + ipsec_sadb.refFreeListHead = -1; | |
36763 | + ipsec_sadb.refFreeListCont = 0; | |
36764 | + ipsec_sadb.refFreeListTail = -1; | |
36765 | + | |
36766 | + return 0; | |
36767 | +} | |
36768 | + | |
36769 | +int | |
36770 | +ipsec_sadb_init(void) | |
36771 | +{ | |
36772 | + int error = 0; | |
36773 | + unsigned i; | |
36774 | + | |
36775 | + for(i = 0; i < SADB_HASHMOD; i++) { | |
36776 | + ipsec_sadb_hash[i] = NULL; | |
36777 | + } | |
36778 | + /* parts above are for the old style SADB hash table */ | |
36779 | + | |
36780 | + | |
36781 | +#if IPSEC_SA_REF_CODE | |
36782 | + /* initialise SA reference table */ | |
36783 | + | |
36784 | + /* initialise the main table */ | |
36785 | + KLIPS_PRINT(debug_xform, | |
36786 | + "klips_debug:ipsec_sadb_init: " | |
36787 | + "initialising main table of size %u (2 ^ %u).\n", | |
36788 | + IPSEC_SA_REF_MAINTABLE_NUM_ENTRIES, | |
36789 | + IPSEC_SA_REF_MAINTABLE_IDX_WIDTH); | |
36790 | + { | |
36791 | + unsigned table; | |
36792 | + for(table = 0; table < IPSEC_SA_REF_MAINTABLE_NUM_ENTRIES; table++) { | |
36793 | + ipsec_sadb.refTable[table] = NULL; | |
36794 | + } | |
36795 | + } | |
36796 | + | |
36797 | + /* allocate the first sub-table */ | |
36798 | + error = ipsec_SArefSubTable_alloc(0); | |
36799 | + if(error) { | |
36800 | + return error; | |
36801 | + } | |
36802 | + | |
36803 | + error = ipsec_saref_freelist_init(); | |
36804 | +#endif /* IPSEC_SA_REF_CODE */ | |
36805 | + return error; | |
36806 | +} | |
36807 | + | |
36808 | +#if IPSEC_SA_REF_CODE | |
36809 | +IPsecSAref_t | |
36810 | +ipsec_SAref_alloc(int*error) /* pass in error var by pointer */ | |
36811 | +{ | |
36812 | + IPsecSAref_t SAref; | |
36813 | + | |
36814 | + KLIPS_PRINT(debug_xform, | |
36815 | + "klips_debug:ipsec_SAref_alloc: " | |
36816 | + "SAref requested... head=%d, cont=%d, tail=%d, listsize=%d.\n", | |
36817 | + ipsec_sadb.refFreeListHead, | |
36818 | + ipsec_sadb.refFreeListCont, | |
36819 | + ipsec_sadb.refFreeListTail, | |
36820 | + IPSEC_SA_REF_FREELIST_NUM_ENTRIES); | |
36821 | + | |
36822 | + if(ipsec_sadb.refFreeListHead == -1) { | |
36823 | + KLIPS_PRINT(debug_xform, | |
36824 | + "klips_debug:ipsec_SAref_alloc: " | |
36825 | + "FreeList empty, recycling...\n"); | |
36826 | + *error = ipsec_SAref_recycle(); | |
36827 | + if(*error) { | |
36828 | + return IPSEC_SAREF_NULL; | |
36829 | + } | |
36830 | + } | |
36831 | + | |
36832 | + SAref = ipsec_sadb.refFreeList[ipsec_sadb.refFreeListHead]; | |
36833 | + if(SAref == IPSEC_SAREF_NULL) { | |
36834 | + KLIPS_PRINT(debug_xform, | |
36835 | + "klips_debug:ipsec_SAref_alloc: " | |
36836 | + "unexpected error, refFreeListHead = %d points to invalid entry.\n", | |
36837 | + ipsec_sadb.refFreeListHead); | |
36838 | + *error = -ESPIPE; | |
36839 | + return IPSEC_SAREF_NULL; | |
36840 | + } | |
36841 | + | |
36842 | + KLIPS_PRINT(debug_xform, | |
36843 | + "klips_debug:ipsec_SAref_alloc: " | |
36844 | + "allocating SAref=%d, table=%u, entry=%u of %u.\n", | |
36845 | + SAref, | |
36846 | + IPsecSAref2table(SAref), | |
36847 | + IPsecSAref2entry(SAref), | |
36848 | + IPSEC_SA_REF_MAINTABLE_NUM_ENTRIES * IPSEC_SA_REF_SUBTABLE_NUM_ENTRIES); | |
36849 | + | |
36850 | + ipsec_sadb.refFreeList[ipsec_sadb.refFreeListHead] = IPSEC_SAREF_NULL; | |
36851 | + ipsec_sadb.refFreeListHead++; | |
36852 | + if(ipsec_sadb.refFreeListHead > ipsec_sadb.refFreeListTail) { | |
36853 | + KLIPS_PRINT(debug_xform, | |
36854 | + "klips_debug:ipsec_SAref_alloc: " | |
36855 | + "last FreeList entry allocated, resetting list head to empty.\n"); | |
36856 | + ipsec_sadb.refFreeListHead = -1; | |
36857 | + } | |
36858 | + | |
36859 | + return SAref; | |
36860 | +} | |
36861 | +#endif /* IPSEC_SA_REF_CODE */ | |
36862 | + | |
36863 | +int | |
36864 | +ipsec_sa_print(struct ipsec_sa *ips) | |
36865 | +{ | |
36866 | + char sa[SATOT_BUF]; | |
36867 | + size_t sa_len; | |
36868 | + | |
36869 | + printk(KERN_INFO "klips_debug: SA:"); | |
36870 | + if(ips == NULL) { | |
36871 | + printk("NULL\n"); | |
36872 | + return -ENOENT; | |
36873 | + } | |
36874 | + printk(" ref=%d", ips->ips_ref); | |
36875 | + printk(" refcount=%d", atomic_read(&ips->ips_refcount)); | |
36876 | + if(ips->ips_hnext != NULL) { | |
36877 | + printk(" hnext=0p%p", ips->ips_hnext); | |
36878 | + } | |
36879 | + if(ips->ips_inext != NULL) { | |
36880 | + printk(" inext=0p%p", ips->ips_inext); | |
36881 | + } | |
36882 | + if(ips->ips_onext != NULL) { | |
36883 | + printk(" onext=0p%p", ips->ips_onext); | |
36884 | + } | |
36885 | + sa_len = satot(&ips->ips_said, 0, sa, sizeof(sa)); | |
36886 | + printk(" said=%s", sa_len ? sa : " (error)"); | |
36887 | + if(ips->ips_seq) { | |
36888 | + printk(" seq=%u", ips->ips_seq); | |
36889 | + } | |
36890 | + if(ips->ips_pid) { | |
36891 | + printk(" pid=%u", ips->ips_pid); | |
36892 | + } | |
36893 | + if(ips->ips_authalg) { | |
36894 | + printk(" authalg=%u", ips->ips_authalg); | |
36895 | + } | |
36896 | + if(ips->ips_encalg) { | |
36897 | + printk(" encalg=%u", ips->ips_encalg); | |
36898 | + } | |
36899 | + printk(" XFORM=%s%s%s", IPS_XFORM_NAME(ips)); | |
36900 | + if(ips->ips_replaywin) { | |
36901 | + printk(" ooowin=%u", ips->ips_replaywin); | |
36902 | + } | |
36903 | + if(ips->ips_flags) { | |
36904 | + printk(" flags=%u", ips->ips_flags); | |
36905 | + } | |
36906 | + if(ips->ips_addr_s) { | |
36907 | + char buf[SUBNETTOA_BUF]; | |
36908 | + addrtoa(((struct sockaddr_in*)(ips->ips_addr_s))->sin_addr, | |
36909 | + 0, buf, sizeof(buf)); | |
36910 | + printk(" src=%s", buf); | |
36911 | + } | |
36912 | + if(ips->ips_addr_d) { | |
36913 | + char buf[SUBNETTOA_BUF]; | |
36914 | + addrtoa(((struct sockaddr_in*)(ips->ips_addr_s))->sin_addr, | |
36915 | + 0, buf, sizeof(buf)); | |
36916 | + printk(" dst=%s", buf); | |
36917 | + } | |
36918 | + if(ips->ips_addr_p) { | |
36919 | + char buf[SUBNETTOA_BUF]; | |
36920 | + addrtoa(((struct sockaddr_in*)(ips->ips_addr_p))->sin_addr, | |
36921 | + 0, buf, sizeof(buf)); | |
36922 | + printk(" proxy=%s", buf); | |
36923 | + } | |
36924 | + if(ips->ips_key_bits_a) { | |
36925 | + printk(" key_bits_a=%u", ips->ips_key_bits_a); | |
36926 | + } | |
36927 | + if(ips->ips_key_bits_e) { | |
36928 | + printk(" key_bits_e=%u", ips->ips_key_bits_e); | |
36929 | + } | |
36930 | + | |
36931 | + printk("\n"); | |
36932 | + return 0; | |
36933 | +} | |
36934 | + | |
36935 | +struct ipsec_sa* | |
36936 | +ipsec_sa_alloc(int*error) /* pass in error var by pointer */ | |
36937 | +{ | |
36938 | + struct ipsec_sa* ips; | |
36939 | + | |
36940 | + if((ips = kmalloc(sizeof(*ips), GFP_ATOMIC) ) == NULL) { | |
36941 | + KLIPS_PRINT(debug_xform, | |
36942 | + "klips_debug:ipsec_sa_alloc: " | |
36943 | + "memory allocation error\n"); | |
36944 | + *error = -ENOMEM; | |
36945 | + return NULL; | |
36946 | + } | |
36947 | + memset((caddr_t)ips, 0, sizeof(*ips)); | |
36948 | +#if IPSEC_SA_REF_CODE | |
36949 | + ips->ips_ref = ipsec_SAref_alloc(error); /* pass in error return by pointer */ | |
36950 | + KLIPS_PRINT(debug_xform, | |
36951 | + "klips_debug:ipsec_sa_alloc: " | |
36952 | + "allocated %lu bytes for ipsec_sa struct=0p%p ref=%d.\n", | |
36953 | + (unsigned long) sizeof(*ips), | |
36954 | + ips, | |
36955 | + ips->ips_ref); | |
36956 | + if(ips->ips_ref == IPSEC_SAREF_NULL) { | |
36957 | + kfree(ips); | |
36958 | + KLIPS_PRINT(debug_xform, | |
36959 | + "klips_debug:ipsec_sa_alloc: " | |
36960 | + "SAref allocation error\n"); | |
36961 | + return NULL; | |
36962 | + } | |
36963 | + | |
36964 | + atomic_inc(&ips->ips_refcount); | |
36965 | + IPsecSAref2SA(ips->ips_ref) = ips; | |
36966 | +#endif /* IPSEC_SA_REF_CODE */ | |
36967 | + | |
36968 | + *error = 0; | |
36969 | + return(ips); | |
36970 | +} | |
36971 | + | |
36972 | +int | |
36973 | +ipsec_sa_free(struct ipsec_sa* ips) | |
36974 | +{ | |
36975 | + return ipsec_sa_wipe(ips); | |
36976 | +} | |
36977 | + | |
36978 | +struct ipsec_sa * | |
36979 | +ipsec_sa_getbyid(ip_said *said) | |
36980 | +{ | |
36981 | + int hashval; | |
36982 | + struct ipsec_sa *ips; | |
36983 | + char sa[SATOT_BUF]; | |
36984 | + size_t sa_len; | |
36985 | + | |
36986 | + if(said == NULL) { | |
36987 | + KLIPS_PRINT(debug_xform, | |
36988 | + "klips_error:ipsec_sa_getbyid: " | |
36989 | + "null pointer passed in!\n"); | |
36990 | + return NULL; | |
36991 | + } | |
36992 | + | |
36993 | + sa_len = satot(said, 0, sa, sizeof(sa)); | |
36994 | + | |
36995 | + hashval = IPS_HASH(said); | |
36996 | + | |
36997 | + KLIPS_PRINT(debug_xform, | |
36998 | + "klips_debug:ipsec_sa_getbyid: " | |
36999 | + "linked entry in ipsec_sa table for hash=%d of SA:%s requested.\n", | |
37000 | + hashval, | |
37001 | + sa_len ? sa : " (error)"); | |
37002 | + | |
37003 | + if((ips = ipsec_sadb_hash[hashval]) == NULL) { | |
37004 | + KLIPS_PRINT(debug_xform, | |
37005 | + "klips_debug:ipsec_sa_getbyid: " | |
37006 | + "no entries in ipsec_sa table for hash=%d of SA:%s.\n", | |
37007 | + hashval, | |
37008 | + sa_len ? sa : " (error)"); | |
37009 | + return NULL; | |
37010 | + } | |
37011 | + | |
37012 | + for (; ips; ips = ips->ips_hnext) { | |
37013 | + if ((ips->ips_said.spi == said->spi) && | |
37014 | + (ips->ips_said.dst.u.v4.sin_addr.s_addr == said->dst.u.v4.sin_addr.s_addr) && | |
37015 | + (ips->ips_said.proto == said->proto)) { | |
37016 | + atomic_inc(&ips->ips_refcount); | |
37017 | + return ips; | |
37018 | + } | |
37019 | + } | |
37020 | + | |
37021 | + KLIPS_PRINT(debug_xform, | |
37022 | + "klips_debug:ipsec_sa_getbyid: " | |
37023 | + "no entry in linked list for hash=%d of SA:%s.\n", | |
37024 | + hashval, | |
37025 | + sa_len ? sa : " (error)"); | |
37026 | + return NULL; | |
37027 | +} | |
37028 | + | |
37029 | +int | |
37030 | +ipsec_sa_put(struct ipsec_sa *ips) | |
37031 | +{ | |
37032 | + char sa[SATOT_BUF]; | |
37033 | + size_t sa_len; | |
37034 | + | |
37035 | + if(ips == NULL) { | |
37036 | + KLIPS_PRINT(debug_xform, | |
37037 | + "klips_error:ipsec_sa_put: " | |
37038 | + "null pointer passed in!\n"); | |
37039 | + return -1; | |
37040 | + } | |
37041 | + | |
37042 | + sa_len = satot(&ips->ips_said, 0, sa, sizeof(sa)); | |
37043 | + | |
37044 | + KLIPS_PRINT(debug_xform, | |
37045 | + "klips_debug:ipsec_sa_put: " | |
37046 | + "ipsec_sa SA:%s, ref:%d reference count decremented.\n", | |
37047 | + sa_len ? sa : " (error)", | |
37048 | + ips->ips_ref); | |
37049 | + | |
37050 | + atomic_dec(&ips->ips_refcount); | |
37051 | + | |
37052 | + return 0; | |
37053 | +} | |
37054 | + | |
37055 | +/* | |
37056 | + The ipsec_sa table better *NOT* be locked before it is handed in, or SMP locks will happen | |
37057 | +*/ | |
37058 | +int | |
37059 | +ipsec_sa_add(struct ipsec_sa *ips) | |
37060 | +{ | |
37061 | + int error = 0; | |
37062 | + unsigned int hashval; | |
37063 | + | |
37064 | + if(ips == NULL) { | |
37065 | + KLIPS_PRINT(debug_xform, | |
37066 | + "klips_error:ipsec_sa_add: " | |
37067 | + "null pointer passed in!\n"); | |
37068 | + return -ENODATA; | |
37069 | + } | |
37070 | + hashval = IPS_HASH(&ips->ips_said); | |
37071 | + | |
37072 | + atomic_inc(&ips->ips_refcount); | |
37073 | + spin_lock_bh(&tdb_lock); | |
37074 | + | |
37075 | + ips->ips_hnext = ipsec_sadb_hash[hashval]; | |
37076 | + ipsec_sadb_hash[hashval] = ips; | |
37077 | + | |
37078 | + spin_unlock_bh(&tdb_lock); | |
37079 | + | |
37080 | + return error; | |
37081 | +} | |
37082 | + | |
37083 | +/* | |
37084 | + The ipsec_sa table better be locked before it is handed in, or races might happen | |
37085 | +*/ | |
37086 | +int | |
37087 | +ipsec_sa_del(struct ipsec_sa *ips) | |
37088 | +{ | |
37089 | + unsigned int hashval; | |
37090 | + struct ipsec_sa *ipstp; | |
37091 | + char sa[SATOT_BUF]; | |
37092 | + size_t sa_len; | |
37093 | + | |
37094 | + if(ips == NULL) { | |
37095 | + KLIPS_PRINT(debug_xform, | |
37096 | + "klips_error:ipsec_sa_del: " | |
37097 | + "null pointer passed in!\n"); | |
37098 | + return -ENODATA; | |
37099 | + } | |
37100 | + | |
37101 | + sa_len = satot(&ips->ips_said, 0, sa, sizeof(sa)); | |
37102 | + if(ips->ips_inext || ips->ips_onext) { | |
37103 | + KLIPS_PRINT(debug_xform, | |
37104 | + "klips_error:ipsec_sa_del: " | |
37105 | + "SA:%s still linked!\n", | |
37106 | + sa_len ? sa : " (error)"); | |
37107 | + return -EMLINK; | |
37108 | + } | |
37109 | + | |
37110 | + hashval = IPS_HASH(&ips->ips_said); | |
37111 | + | |
37112 | + KLIPS_PRINT(debug_xform, | |
37113 | + "klips_debug:ipsec_sa_del: " | |
37114 | + "deleting SA:%s, hashval=%d.\n", | |
37115 | + sa_len ? sa : " (error)", | |
37116 | + hashval); | |
37117 | + if(ipsec_sadb_hash[hashval] == NULL) { | |
37118 | + KLIPS_PRINT(debug_xform, | |
37119 | + "klips_debug:ipsec_sa_del: " | |
37120 | + "no entries in ipsec_sa table for hash=%d of SA:%s.\n", | |
37121 | + hashval, | |
37122 | + sa_len ? sa : " (error)"); | |
37123 | + return -ENOENT; | |
37124 | + } | |
37125 | + | |
37126 | + if (ips == ipsec_sadb_hash[hashval]) { | |
37127 | + ipsec_sadb_hash[hashval] = ipsec_sadb_hash[hashval]->ips_hnext; | |
37128 | + ips->ips_hnext = NULL; | |
37129 | + atomic_dec(&ips->ips_refcount); | |
37130 | + KLIPS_PRINT(debug_xform, | |
37131 | + "klips_debug:ipsec_sa_del: " | |
37132 | + "successfully deleted first ipsec_sa in chain.\n"); | |
37133 | + return 0; | |
37134 | + } else { | |
37135 | + for (ipstp = ipsec_sadb_hash[hashval]; | |
37136 | + ipstp; | |
37137 | + ipstp = ipstp->ips_hnext) { | |
37138 | + if (ipstp->ips_hnext == ips) { | |
37139 | + ipstp->ips_hnext = ips->ips_hnext; | |
37140 | + ips->ips_hnext = NULL; | |
37141 | + atomic_dec(&ips->ips_refcount); | |
37142 | + KLIPS_PRINT(debug_xform, | |
37143 | + "klips_debug:ipsec_sa_del: " | |
37144 | + "successfully deleted link in ipsec_sa chain.\n"); | |
37145 | + return 0; | |
37146 | + } | |
37147 | + } | |
37148 | + } | |
37149 | + | |
37150 | + KLIPS_PRINT(debug_xform, | |
37151 | + "klips_debug:ipsec_sa_del: " | |
37152 | + "no entries in linked list for hash=%d of SA:%s.\n", | |
37153 | + hashval, | |
37154 | + sa_len ? sa : " (error)"); | |
37155 | + return -ENOENT; | |
37156 | +} | |
37157 | + | |
37158 | +/* | |
37159 | + The ipsec_sa table better be locked before it is handed in, or races | |
37160 | + might happen | |
37161 | +*/ | |
37162 | +int | |
37163 | +ipsec_sa_delchain(struct ipsec_sa *ips) | |
37164 | +{ | |
37165 | + struct ipsec_sa *ipsdel; | |
37166 | + int error = 0; | |
37167 | + char sa[SATOT_BUF]; | |
37168 | + size_t sa_len; | |
37169 | + | |
37170 | + if(ips == NULL) { | |
37171 | + KLIPS_PRINT(debug_xform, | |
37172 | + "klips_error:ipsec_sa_delchain: " | |
37173 | + "null pointer passed in!\n"); | |
37174 | + return -ENODATA; | |
37175 | + } | |
37176 | + | |
37177 | + sa_len = satot(&ips->ips_said, 0, sa, sizeof(sa)); | |
37178 | + KLIPS_PRINT(debug_xform, | |
37179 | + "klips_debug:ipsec_sa_delchain: " | |
37180 | + "passed SA:%s\n", | |
37181 | + sa_len ? sa : " (error)"); | |
37182 | + while(ips->ips_onext != NULL) { | |
37183 | + ips = ips->ips_onext; | |
37184 | + } | |
37185 | + | |
37186 | + while(ips) { | |
37187 | + /* XXX send a pfkey message up to advise of deleted ipsec_sa */ | |
37188 | + sa_len = satot(&ips->ips_said, 0, sa, sizeof(sa)); | |
37189 | + KLIPS_PRINT(debug_xform, | |
37190 | + "klips_debug:ipsec_sa_delchain: " | |
37191 | + "unlinking and delting SA:%s", | |
37192 | + sa_len ? sa : " (error)"); | |
37193 | + ipsdel = ips; | |
37194 | + ips = ips->ips_inext; | |
37195 | + if(ips != NULL) { | |
37196 | + sa_len = satot(&ips->ips_said, 0, sa, sizeof(sa)); | |
37197 | + KLIPS_PRINT(debug_xform, | |
37198 | + ", inext=%s", | |
37199 | + sa_len ? sa : " (error)"); | |
37200 | + atomic_dec(&ipsdel->ips_refcount); | |
37201 | + ipsdel->ips_inext = NULL; | |
37202 | + atomic_dec(&ips->ips_refcount); | |
37203 | + ips->ips_onext = NULL; | |
37204 | + } | |
37205 | + KLIPS_PRINT(debug_xform, | |
37206 | + ".\n"); | |
37207 | + if((error = ipsec_sa_del(ipsdel))) { | |
37208 | + KLIPS_PRINT(debug_xform, | |
37209 | + "klips_debug:ipsec_sa_delchain: " | |
37210 | + "ipsec_sa_del returned error %d.\n", -error); | |
37211 | + return error; | |
37212 | + } | |
37213 | + if((error = ipsec_sa_wipe(ipsdel))) { | |
37214 | + KLIPS_PRINT(debug_xform, | |
37215 | + "klips_debug:ipsec_sa_delchain: " | |
37216 | + "ipsec_sa_wipe returned error %d.\n", -error); | |
37217 | + return error; | |
37218 | + } | |
37219 | + } | |
37220 | + return error; | |
37221 | +} | |
37222 | + | |
37223 | +int | |
37224 | +ipsec_sadb_cleanup(__u8 proto) | |
37225 | +{ | |
37226 | + unsigned i; | |
37227 | + int error = 0; | |
37228 | + struct ipsec_sa *ips, **ipsprev, *ipsdel; | |
37229 | + char sa[SATOT_BUF]; | |
37230 | + size_t sa_len; | |
37231 | + | |
37232 | + KLIPS_PRINT(debug_xform, | |
37233 | + "klips_debug:ipsec_sadb_cleanup: " | |
37234 | + "cleaning up proto=%d.\n", | |
37235 | + proto); | |
37236 | + | |
37237 | + spin_lock_bh(&tdb_lock); | |
37238 | + | |
37239 | + for (i = 0; i < SADB_HASHMOD; i++) { | |
37240 | + ipsprev = &(ipsec_sadb_hash[i]); | |
37241 | + ips = ipsec_sadb_hash[i]; | |
37242 | + if(ips != NULL) { | |
37243 | + atomic_inc(&ips->ips_refcount); | |
37244 | + } | |
37245 | + for(; ips != NULL;) { | |
37246 | + sa_len = satot(&ips->ips_said, 0, sa, sizeof(sa)); | |
37247 | + KLIPS_PRINT(debug_xform, | |
37248 | + "klips_debug:ipsec_sadb_cleanup: " | |
37249 | + "checking SA:%s, hash=%d, ref=%d", | |
37250 | + sa_len ? sa : " (error)", | |
37251 | + i, | |
37252 | + ips->ips_ref); | |
37253 | + ipsdel = ips; | |
37254 | + ips = ipsdel->ips_hnext; | |
37255 | + if(ips != NULL) { | |
37256 | + atomic_inc(&ips->ips_refcount); | |
37257 | + sa_len = satot(&ips->ips_said, 0, sa, sizeof(sa)); | |
37258 | + KLIPS_PRINT(debug_xform, | |
37259 | + ", hnext=%s", | |
37260 | + sa_len ? sa : " (error)"); | |
37261 | + } | |
37262 | + if(*ipsprev != NULL) { | |
37263 | + sa_len = satot(&(*ipsprev)->ips_said, 0, sa, sizeof(sa)); | |
37264 | + KLIPS_PRINT(debug_xform, | |
37265 | + ", *ipsprev=%s", | |
37266 | + sa_len ? sa : " (error)"); | |
37267 | + if((*ipsprev)->ips_hnext) { | |
37268 | + sa_len = satot(&(*ipsprev)->ips_hnext->ips_said, 0, sa, sizeof(sa)); | |
37269 | + KLIPS_PRINT(debug_xform, | |
37270 | + ", *ipsprev->ips_hnext=%s", | |
37271 | + sa_len ? sa : " (error)"); | |
37272 | + } | |
37273 | + } | |
37274 | + KLIPS_PRINT(debug_xform, | |
37275 | + ".\n"); | |
37276 | + if(proto == 0 || (proto == ipsdel->ips_said.proto)) { | |
37277 | + sa_len = satot(&ipsdel->ips_said, 0, sa, sizeof(sa)); | |
37278 | + KLIPS_PRINT(debug_xform, | |
37279 | + "klips_debug:ipsec_sadb_cleanup: " | |
37280 | + "deleting SA chain:%s.\n", | |
37281 | + sa_len ? sa : " (error)"); | |
37282 | + if((error = ipsec_sa_delchain(ipsdel))) { | |
37283 | + SENDERR(-error); | |
37284 | + } | |
37285 | + ipsprev = &(ipsec_sadb_hash[i]); | |
37286 | + ips = ipsec_sadb_hash[i]; | |
37287 | + | |
37288 | + KLIPS_PRINT(debug_xform, | |
37289 | + "klips_debug:ipsec_sadb_cleanup: " | |
37290 | + "deleted SA chain:%s", | |
37291 | + sa_len ? sa : " (error)"); | |
37292 | + if(ips != NULL) { | |
37293 | + sa_len = satot(&ips->ips_said, 0, sa, sizeof(sa)); | |
37294 | + KLIPS_PRINT(debug_xform, | |
37295 | + ", ipsec_sadb_hash[%d]=%s", | |
37296 | + i, | |
37297 | + sa_len ? sa : " (error)"); | |
37298 | + } | |
37299 | + if(*ipsprev != NULL) { | |
37300 | + sa_len = satot(&(*ipsprev)->ips_said, 0, sa, sizeof(sa)); | |
37301 | + KLIPS_PRINT(debug_xform, | |
37302 | + ", *ipsprev=%s", | |
37303 | + sa_len ? sa : " (error)"); | |
37304 | + if((*ipsprev)->ips_hnext != NULL) { | |
37305 | + sa_len = satot(&(*ipsprev)->ips_hnext->ips_said, 0, sa, sizeof(sa)); | |
37306 | + KLIPS_PRINT(debug_xform, | |
37307 | + ", *ipsprev->ips_hnext=%s", | |
37308 | + sa_len ? sa : " (error)"); | |
37309 | + } | |
37310 | + } | |
37311 | + KLIPS_PRINT(debug_xform, | |
37312 | + ".\n"); | |
37313 | + } else { | |
37314 | + ipsprev = &ipsdel; | |
37315 | + } | |
37316 | + if(ipsdel != NULL) { | |
37317 | + ipsec_sa_put(ipsdel); | |
37318 | + } | |
37319 | + } | |
37320 | + } | |
37321 | + errlab: | |
37322 | + | |
37323 | + spin_unlock_bh(&tdb_lock); | |
37324 | + | |
37325 | + | |
37326 | +#if IPSEC_SA_REF_CODE | |
37327 | + /* clean up SA reference table */ | |
37328 | + | |
37329 | + /* go through the ref table and clean out all the SAs */ | |
37330 | + KLIPS_PRINT(debug_xform, | |
37331 | + "klips_debug:ipsec_sadb_cleanup: " | |
37332 | + "removing SAref entries and tables."); | |
37333 | + { | |
37334 | + unsigned table, entry; | |
37335 | + for(table = 0; table < IPSEC_SA_REF_MAINTABLE_NUM_ENTRIES; table++) { | |
37336 | + KLIPS_PRINT(debug_xform, | |
37337 | + "klips_debug:ipsec_sadb_cleanup: " | |
37338 | + "cleaning SAref table=%u.\n", | |
37339 | + table); | |
37340 | + if(ipsec_sadb.refTable[table] == NULL) { | |
37341 | + printk("\n"); | |
37342 | + KLIPS_PRINT(debug_xform, | |
37343 | + "klips_debug:ipsec_sadb_cleanup: " | |
37344 | + "cleaned %u used refTables.\n", | |
37345 | + table); | |
37346 | + break; | |
37347 | + } | |
37348 | + for(entry = 0; entry < IPSEC_SA_REF_SUBTABLE_NUM_ENTRIES; entry++) { | |
37349 | + if(ipsec_sadb.refTable[table]->entry[entry] != NULL) { | |
37350 | + ipsec_sa_delchain(ipsec_sadb.refTable[table]->entry[entry]); | |
37351 | + ipsec_sadb.refTable[table]->entry[entry] = NULL; | |
37352 | + } | |
37353 | + } | |
37354 | + } | |
37355 | + } | |
37356 | +#endif /* IPSEC_SA_REF_CODE */ | |
37357 | + | |
37358 | + return(error); | |
37359 | +} | |
37360 | + | |
37361 | +int | |
37362 | +ipsec_sadb_free(void) | |
37363 | +{ | |
37364 | + int error = 0; | |
37365 | + | |
37366 | + KLIPS_PRINT(debug_xform, | |
37367 | + "klips_debug:ipsec_sadb_free: " | |
37368 | + "freeing SArefTable memory.\n"); | |
37369 | + | |
37370 | + /* clean up SA reference table */ | |
37371 | + | |
37372 | + /* go through the ref table and clean out all the SAs if any are | |
37373 | + left and free table memory */ | |
37374 | + KLIPS_PRINT(debug_xform, | |
37375 | + "klips_debug:ipsec_sadb_free: " | |
37376 | + "removing SAref entries and tables.\n"); | |
37377 | + { | |
37378 | + unsigned table, entry; | |
37379 | + for(table = 0; table < IPSEC_SA_REF_MAINTABLE_NUM_ENTRIES; table++) { | |
37380 | + KLIPS_PRINT(debug_xform, | |
37381 | + "klips_debug:ipsec_sadb_free: " | |
37382 | + "removing SAref table=%u.\n", | |
37383 | + table); | |
37384 | + if(ipsec_sadb.refTable[table] == NULL) { | |
37385 | + KLIPS_PRINT(debug_xform, | |
37386 | + "klips_debug:ipsec_sadb_free: " | |
37387 | + "removed %u used refTables.\n", | |
37388 | + table); | |
37389 | + break; | |
37390 | + } | |
37391 | + for(entry = 0; entry < IPSEC_SA_REF_SUBTABLE_NUM_ENTRIES; entry++) { | |
37392 | + if(ipsec_sadb.refTable[table]->entry[entry] != NULL) { | |
37393 | + ipsec_sa_delchain(ipsec_sadb.refTable[table]->entry[entry]); | |
37394 | + ipsec_sadb.refTable[table]->entry[entry] = NULL; | |
37395 | + } | |
37396 | + } | |
37397 | + vfree(ipsec_sadb.refTable[table]); | |
37398 | + ipsec_sadb.refTable[table] = NULL; | |
37399 | + } | |
37400 | + } | |
37401 | + | |
37402 | + return(error); | |
37403 | +} | |
37404 | + | |
37405 | +int | |
37406 | +ipsec_sa_wipe(struct ipsec_sa *ips) | |
37407 | +{ | |
37408 | + if(ips == NULL) { | |
37409 | + return -ENODATA; | |
37410 | + } | |
37411 | + | |
37412 | + /* if(atomic_dec_and_test(ips)) { | |
37413 | + }; */ | |
37414 | + | |
37415 | +#if IPSEC_SA_REF_CODE | |
37416 | + /* remove me from the SArefTable */ | |
37417 | + { | |
37418 | + char sa[SATOT_BUF]; | |
37419 | + size_t sa_len; | |
37420 | + sa_len = satot(&ips->ips_said, 0, sa, sizeof(sa)); | |
37421 | + KLIPS_PRINT(debug_xform, | |
37422 | + "klips_debug:ipsec_sa_wipe: " | |
37423 | + "removing SA=%s(0p%p), SAref=%d, table=%d(0p%p), entry=%d from the refTable.\n", | |
37424 | + sa_len ? sa : " (error)", | |
37425 | + ips, | |
37426 | + ips->ips_ref, | |
37427 | + IPsecSAref2table(IPsecSA2SAref(ips)), | |
37428 | + ipsec_sadb.refTable[IPsecSAref2table(IPsecSA2SAref(ips))], | |
37429 | + IPsecSAref2entry(IPsecSA2SAref(ips))); | |
37430 | + } | |
37431 | + if(ips->ips_ref == IPSEC_SAREF_NULL) { | |
37432 | + KLIPS_PRINT(debug_xform, | |
37433 | + "klips_debug:ipsec_sa_wipe: " | |
37434 | + "why does this SA not have a valid SAref?.\n"); | |
37435 | + } | |
37436 | + ipsec_sadb.refTable[IPsecSAref2table(IPsecSA2SAref(ips))]->entry[IPsecSAref2entry(IPsecSA2SAref(ips))] = NULL; | |
37437 | + ips->ips_ref = IPSEC_SAREF_NULL; | |
37438 | + ipsec_sa_put(ips); | |
37439 | +#endif /* IPSEC_SA_REF_CODE */ | |
37440 | + | |
37441 | + /* paranoid clean up */ | |
37442 | + if(ips->ips_addr_s != NULL) { | |
37443 | + memset((caddr_t)(ips->ips_addr_s), 0, ips->ips_addr_s_size); | |
37444 | + kfree(ips->ips_addr_s); | |
37445 | + } | |
37446 | + ips->ips_addr_s = NULL; | |
37447 | + | |
37448 | + if(ips->ips_addr_d != NULL) { | |
37449 | + memset((caddr_t)(ips->ips_addr_d), 0, ips->ips_addr_d_size); | |
37450 | + kfree(ips->ips_addr_d); | |
37451 | + } | |
37452 | + ips->ips_addr_d = NULL; | |
37453 | + | |
37454 | + if(ips->ips_addr_p != NULL) { | |
37455 | + memset((caddr_t)(ips->ips_addr_p), 0, ips->ips_addr_p_size); | |
37456 | + kfree(ips->ips_addr_p); | |
37457 | + } | |
37458 | + ips->ips_addr_p = NULL; | |
37459 | + | |
37460 | +#ifdef CONFIG_IPSEC_NAT_TRAVERSAL | |
37461 | + if(ips->ips_natt_oa) { | |
37462 | + memset((caddr_t)(ips->ips_natt_oa), 0, ips->ips_natt_oa_size); | |
37463 | + kfree(ips->ips_natt_oa); | |
37464 | + } | |
37465 | + ips->ips_natt_oa = NULL; | |
37466 | +#endif | |
37467 | + | |
37468 | + if(ips->ips_key_a != NULL) { | |
37469 | + memset((caddr_t)(ips->ips_key_a), 0, ips->ips_key_a_size); | |
37470 | + kfree(ips->ips_key_a); | |
37471 | + } | |
37472 | + ips->ips_key_a = NULL; | |
37473 | + | |
37474 | + if(ips->ips_key_e != NULL) { | |
37475 | + if (ips->ips_alg_enc && | |
37476 | + ips->ips_alg_enc->ixt_e_destroy_key) | |
37477 | + { | |
37478 | + ips->ips_alg_enc->ixt_e_destroy_key(ips->ips_alg_enc, | |
37479 | + ips->ips_key_e); | |
37480 | + } else | |
37481 | + { | |
37482 | + memset((caddr_t)(ips->ips_key_e), 0, ips->ips_key_e_size); | |
37483 | + kfree(ips->ips_key_e); | |
37484 | + } | |
37485 | + } | |
37486 | + ips->ips_key_e = NULL; | |
37487 | + | |
37488 | + if(ips->ips_iv != NULL) { | |
37489 | + memset((caddr_t)(ips->ips_iv), 0, ips->ips_iv_size); | |
37490 | + kfree(ips->ips_iv); | |
37491 | + } | |
37492 | + ips->ips_iv = NULL; | |
37493 | + | |
37494 | + if(ips->ips_ident_s.data != NULL) { | |
37495 | + memset((caddr_t)(ips->ips_ident_s.data), | |
37496 | + 0, | |
37497 | + ips->ips_ident_s.len * IPSEC_PFKEYv2_ALIGN - sizeof(struct sadb_ident)); | |
37498 | + kfree(ips->ips_ident_s.data); | |
37499 | + } | |
37500 | + ips->ips_ident_s.data = NULL; | |
37501 | + | |
37502 | + if(ips->ips_ident_d.data != NULL) { | |
37503 | + memset((caddr_t)(ips->ips_ident_d.data), | |
37504 | + 0, | |
37505 | + ips->ips_ident_d.len * IPSEC_PFKEYv2_ALIGN - sizeof(struct sadb_ident)); | |
37506 | + kfree(ips->ips_ident_d.data); | |
37507 | + } | |
37508 | + ips->ips_ident_d.data = NULL; | |
37509 | + | |
37510 | + if (ips->ips_alg_enc||ips->ips_alg_auth) { | |
37511 | + ipsec_alg_sa_wipe(ips); | |
37512 | + } | |
37513 | + | |
37514 | + memset((caddr_t)ips, 0, sizeof(*ips)); | |
37515 | + kfree(ips); | |
37516 | + ips = NULL; | |
37517 | + | |
37518 | + return 0; | |
37519 | +} | |
37520 | + | |
37521 | +extern int sysctl_ipsec_debug_verbose; | |
37522 | + | |
37523 | +int ipsec_sa_init(struct ipsec_sa *ipsp) | |
37524 | +{ | |
37525 | + int i; | |
37526 | + int error = 0; | |
37527 | + char sa[SATOT_BUF]; | |
37528 | + size_t sa_len; | |
37529 | + char ipaddr_txt[ADDRTOA_BUF]; | |
37530 | + char ipaddr2_txt[ADDRTOA_BUF]; | |
37531 | +#if defined (CONFIG_KLIPS_AUTH_HMAC_MD5) || defined (CONFIG_KLIPS_AUTH_HMAC_SHA1) | |
37532 | + unsigned char kb[AHMD596_BLKLEN]; | |
37533 | +#endif | |
37534 | + struct ipsec_alg_enc *ixt_e = NULL; | |
37535 | + struct ipsec_alg_auth *ixt_a = NULL; | |
37536 | + | |
37537 | + if(ipsp == NULL) { | |
37538 | + KLIPS_PRINT(debug_pfkey, | |
37539 | + "ipsec_sa_init: " | |
37540 | + "ipsp is NULL, fatal\n"); | |
37541 | + SENDERR(EINVAL); | |
37542 | + } | |
37543 | + | |
37544 | + sa_len = satot(&ipsp->ips_said, 0, sa, sizeof(sa)); | |
37545 | + | |
37546 | + KLIPS_PRINT(debug_pfkey, | |
37547 | + "ipsec_sa_init: " | |
37548 | + "(pfkey defined) called for SA:%s\n", | |
37549 | + sa_len ? sa : " (error)"); | |
37550 | + | |
37551 | + KLIPS_PRINT(debug_pfkey, | |
37552 | + "ipsec_sa_init: " | |
37553 | + "calling init routine of %s%s%s\n", | |
37554 | + IPS_XFORM_NAME(ipsp)); | |
37555 | + | |
37556 | + switch(ipsp->ips_said.proto) { | |
37557 | + | |
37558 | +#ifdef CONFIG_KLIPS_IPIP | |
37559 | + case IPPROTO_IPIP: { | |
37560 | + addrtoa(((struct sockaddr_in*)(ipsp->ips_addr_s))->sin_addr, | |
37561 | + 0, | |
37562 | + ipaddr_txt, sizeof(ipaddr_txt)); | |
37563 | + addrtoa(((struct sockaddr_in*)(ipsp->ips_addr_d))->sin_addr, | |
37564 | + 0, | |
37565 | + ipaddr2_txt, sizeof(ipaddr_txt)); | |
37566 | + KLIPS_PRINT(debug_pfkey, | |
37567 | + "ipsec_sa_init: " | |
37568 | + "(pfkey defined) IPIP ipsec_sa set for %s->%s.\n", | |
37569 | + ipaddr_txt, | |
37570 | + ipaddr2_txt); | |
37571 | + } | |
37572 | + break; | |
37573 | +#endif /* !CONFIG_KLIPS_IPIP */ | |
37574 | + | |
37575 | +#ifdef CONFIG_KLIPS_AH | |
37576 | + case IPPROTO_AH: | |
37577 | + switch(ipsp->ips_authalg) { | |
37578 | +# ifdef CONFIG_KLIPS_AUTH_HMAC_MD5 | |
37579 | + case AH_MD5: { | |
37580 | + unsigned char *akp; | |
37581 | + unsigned int aks; | |
37582 | + MD5_CTX *ictx; | |
37583 | + MD5_CTX *octx; | |
37584 | + | |
37585 | + if(ipsp->ips_key_bits_a != (AHMD596_KLEN * 8)) { | |
37586 | + KLIPS_PRINT(debug_pfkey, | |
37587 | + "ipsec_sa_init: " | |
37588 | + "incorrect key size: %d bits -- must be %d bits\n"/*octets (bytes)\n"*/, | |
37589 | + ipsp->ips_key_bits_a, AHMD596_KLEN * 8); | |
37590 | + SENDERR(EINVAL); | |
37591 | + } | |
37592 | + | |
37593 | +# if KLIPS_DIVULGE_HMAC_KEY | |
37594 | + KLIPS_PRINT(debug_pfkey && sysctl_ipsec_debug_verbose, | |
37595 | + "ipsec_sa_init: " | |
37596 | + "hmac md5-96 key is 0x%08x %08x %08x %08x\n", | |
37597 | + ntohl(*(((__u32 *)ipsp->ips_key_a)+0)), | |
37598 | + ntohl(*(((__u32 *)ipsp->ips_key_a)+1)), | |
37599 | + ntohl(*(((__u32 *)ipsp->ips_key_a)+2)), | |
37600 | + ntohl(*(((__u32 *)ipsp->ips_key_a)+3))); | |
37601 | +# endif /* KLIPS_DIVULGE_HMAC_KEY */ | |
37602 | + | |
37603 | + ipsp->ips_auth_bits = AHMD596_ALEN * 8; | |
37604 | + | |
37605 | + /* save the pointer to the key material */ | |
37606 | + akp = ipsp->ips_key_a; | |
37607 | + aks = ipsp->ips_key_a_size; | |
37608 | + | |
37609 | + KLIPS_PRINT(debug_pfkey && sysctl_ipsec_debug_verbose, | |
37610 | + "ipsec_sa_init: " | |
37611 | + "allocating %lu bytes for md5_ctx.\n", | |
37612 | + (unsigned long) sizeof(struct md5_ctx)); | |
37613 | + if((ipsp->ips_key_a = (caddr_t) | |
37614 | + kmalloc(sizeof(struct md5_ctx), GFP_ATOMIC)) == NULL) { | |
37615 | + ipsp->ips_key_a = akp; | |
37616 | + SENDERR(ENOMEM); | |
37617 | + } | |
37618 | + ipsp->ips_key_a_size = sizeof(struct md5_ctx); | |
37619 | + | |
37620 | + for (i = 0; i < DIVUP(ipsp->ips_key_bits_a, 8); i++) { | |
37621 | + kb[i] = akp[i] ^ HMAC_IPAD; | |
37622 | + } | |
37623 | + for (; i < AHMD596_BLKLEN; i++) { | |
37624 | + kb[i] = HMAC_IPAD; | |
37625 | + } | |
37626 | + | |
37627 | + ictx = &(((struct md5_ctx*)(ipsp->ips_key_a))->ictx); | |
37628 | + osMD5Init(ictx); | |
37629 | + osMD5Update(ictx, kb, AHMD596_BLKLEN); | |
37630 | + | |
37631 | + for (i = 0; i < AHMD596_BLKLEN; i++) { | |
37632 | + kb[i] ^= (HMAC_IPAD ^ HMAC_OPAD); | |
37633 | + } | |
37634 | + | |
37635 | + octx = &(((struct md5_ctx*)(ipsp->ips_key_a))->octx); | |
37636 | + osMD5Init(octx); | |
37637 | + osMD5Update(octx, kb, AHMD596_BLKLEN); | |
37638 | + | |
37639 | +# if KLIPS_DIVULGE_HMAC_KEY | |
37640 | + KLIPS_PRINT(debug_pfkey && sysctl_ipsec_debug_verbose, | |
37641 | + "ipsec_sa_init: " | |
37642 | + "MD5 ictx=0x%08x %08x %08x %08x octx=0x%08x %08x %08x %08x\n", | |
37643 | + ((__u32*)ictx)[0], | |
37644 | + ((__u32*)ictx)[1], | |
37645 | + ((__u32*)ictx)[2], | |
37646 | + ((__u32*)ictx)[3], | |
37647 | + ((__u32*)octx)[0], | |
37648 | + ((__u32*)octx)[1], | |
37649 | + ((__u32*)octx)[2], | |
37650 | + ((__u32*)octx)[3] ); | |
37651 | +# endif /* KLIPS_DIVULGE_HMAC_KEY */ | |
37652 | + | |
37653 | + /* zero key buffer -- paranoid */ | |
37654 | + memset(akp, 0, aks); | |
37655 | + kfree(akp); | |
37656 | + } | |
37657 | + break; | |
37658 | +# endif /* CONFIG_KLIPS_AUTH_HMAC_MD5 */ | |
37659 | +# ifdef CONFIG_KLIPS_AUTH_HMAC_SHA1 | |
37660 | + case AH_SHA: { | |
37661 | + unsigned char *akp; | |
37662 | + unsigned int aks; | |
37663 | + SHA1_CTX *ictx; | |
37664 | + SHA1_CTX *octx; | |
37665 | + | |
37666 | + if(ipsp->ips_key_bits_a != (AHSHA196_KLEN * 8)) { | |
37667 | + KLIPS_PRINT(debug_pfkey, | |
37668 | + "ipsec_sa_init: " | |
37669 | + "incorrect key size: %d bits -- must be %d bits\n"/*octets (bytes)\n"*/, | |
37670 | + ipsp->ips_key_bits_a, AHSHA196_KLEN * 8); | |
37671 | + SENDERR(EINVAL); | |
37672 | + } | |
37673 | + | |
37674 | +# if KLIPS_DIVULGE_HMAC_KEY | |
37675 | + KLIPS_PRINT(debug_pfkey && sysctl_ipsec_debug_verbose, | |
37676 | + "ipsec_sa_init: " | |
37677 | + "hmac sha1-96 key is 0x%08x %08x %08x %08x\n", | |
37678 | + ntohl(*(((__u32 *)ipsp->ips_key_a)+0)), | |
37679 | + ntohl(*(((__u32 *)ipsp->ips_key_a)+1)), | |
37680 | + ntohl(*(((__u32 *)ipsp->ips_key_a)+2)), | |
37681 | + ntohl(*(((__u32 *)ipsp->ips_key_a)+3))); | |
37682 | +# endif /* KLIPS_DIVULGE_HMAC_KEY */ | |
37683 | + | |
37684 | + ipsp->ips_auth_bits = AHSHA196_ALEN * 8; | |
37685 | + | |
37686 | + /* save the pointer to the key material */ | |
37687 | + akp = ipsp->ips_key_a; | |
37688 | + aks = ipsp->ips_key_a_size; | |
37689 | + | |
37690 | + KLIPS_PRINT(debug_pfkey && sysctl_ipsec_debug_verbose, | |
37691 | + "ipsec_sa_init: " | |
37692 | + "allocating %lu bytes for sha1_ctx.\n", | |
37693 | + (unsigned long) sizeof(struct sha1_ctx)); | |
37694 | + if((ipsp->ips_key_a = (caddr_t) | |
37695 | + kmalloc(sizeof(struct sha1_ctx), GFP_ATOMIC)) == NULL) { | |
37696 | + ipsp->ips_key_a = akp; | |
37697 | + SENDERR(ENOMEM); | |
37698 | + } | |
37699 | + ipsp->ips_key_a_size = sizeof(struct sha1_ctx); | |
37700 | + | |
37701 | + for (i = 0; i < DIVUP(ipsp->ips_key_bits_a, 8); i++) { | |
37702 | + kb[i] = akp[i] ^ HMAC_IPAD; | |
37703 | + } | |
37704 | + for (; i < AHMD596_BLKLEN; i++) { | |
37705 | + kb[i] = HMAC_IPAD; | |
37706 | + } | |
37707 | + | |
37708 | + ictx = &(((struct sha1_ctx*)(ipsp->ips_key_a))->ictx); | |
37709 | + SHA1Init(ictx); | |
37710 | + SHA1Update(ictx, kb, AHSHA196_BLKLEN); | |
37711 | + | |
37712 | + for (i = 0; i < AHSHA196_BLKLEN; i++) { | |
37713 | + kb[i] ^= (HMAC_IPAD ^ HMAC_OPAD); | |
37714 | + } | |
37715 | + | |
37716 | + octx = &(((struct sha1_ctx*)(ipsp->ips_key_a))->octx); | |
37717 | + SHA1Init(octx); | |
37718 | + SHA1Update(octx, kb, AHSHA196_BLKLEN); | |
37719 | + | |
37720 | +# if KLIPS_DIVULGE_HMAC_KEY | |
37721 | + KLIPS_PRINT(debug_pfkey && sysctl_ipsec_debug_verbose, | |
37722 | + "ipsec_sa_init: " | |
37723 | + "SHA1 ictx=0x%08x %08x %08x %08x octx=0x%08x %08x %08x %08x\n", | |
37724 | + ((__u32*)ictx)[0], | |
37725 | + ((__u32*)ictx)[1], | |
37726 | + ((__u32*)ictx)[2], | |
37727 | + ((__u32*)ictx)[3], | |
37728 | + ((__u32*)octx)[0], | |
37729 | + ((__u32*)octx)[1], | |
37730 | + ((__u32*)octx)[2], | |
37731 | + ((__u32*)octx)[3] ); | |
37732 | +# endif /* KLIPS_DIVULGE_HMAC_KEY */ | |
37733 | + /* zero key buffer -- paranoid */ | |
37734 | + memset(akp, 0, aks); | |
37735 | + kfree(akp); | |
37736 | + } | |
37737 | + break; | |
37738 | +# endif /* CONFIG_KLIPS_AUTH_HMAC_SHA1 */ | |
37739 | + default: | |
37740 | + KLIPS_PRINT(debug_pfkey, | |
37741 | + "ipsec_sa_init: " | |
37742 | + "authalg=%d support not available in the kernel", | |
37743 | + ipsp->ips_authalg); | |
37744 | + SENDERR(EINVAL); | |
37745 | + } | |
37746 | + break; | |
37747 | +#endif /* CONFIG_KLIPS_AH */ | |
37748 | + | |
37749 | +#ifdef CONFIG_KLIPS_ESP | |
37750 | + case IPPROTO_ESP: | |
37751 | + { | |
37752 | +#if defined (CONFIG_KLIPS_AUTH_HMAC_MD5) || defined (CONFIG_KLIPS_AUTH_HMAC_SHA1) | |
37753 | + unsigned char *akp; | |
37754 | + unsigned int aks; | |
37755 | +#endif | |
37756 | + | |
37757 | + ipsec_alg_sa_init(ipsp); | |
37758 | + ixt_e=ipsp->ips_alg_enc; | |
37759 | + | |
37760 | + if (ixt_e == NULL) { | |
37761 | + if(printk_ratelimit()) { | |
37762 | + printk(KERN_INFO | |
37763 | + "ipsec_sa_init: " | |
37764 | + "encalg=%d support not available in the kernel", | |
37765 | + ipsp->ips_encalg); | |
37766 | + } | |
37767 | + SENDERR(ENOENT); | |
37768 | + } | |
37769 | + | |
37770 | + ipsp->ips_iv_size = ixt_e->ixt_common.ixt_support.ias_ivlen/8; | |
37771 | + | |
37772 | + /* Create IV */ | |
37773 | + if (ipsp->ips_iv_size) { | |
37774 | + if((ipsp->ips_iv = (caddr_t) | |
37775 | + kmalloc(ipsp->ips_iv_size, GFP_ATOMIC)) == NULL) { | |
37776 | + SENDERR(ENOMEM); | |
37777 | + } | |
37778 | + prng_bytes(&ipsec_prng, | |
37779 | + (char *)ipsp->ips_iv, | |
37780 | + ipsp->ips_iv_size); | |
37781 | + ipsp->ips_iv_bits = ipsp->ips_iv_size * 8; | |
37782 | + } | |
37783 | + | |
37784 | + if ((error=ipsec_alg_enc_key_create(ipsp)) < 0) | |
37785 | + SENDERR(-error); | |
37786 | + | |
37787 | + if ((ixt_a=ipsp->ips_alg_auth)) { | |
37788 | + if ((error=ipsec_alg_auth_key_create(ipsp)) < 0) | |
37789 | + SENDERR(-error); | |
37790 | + } else | |
37791 | + | |
37792 | + switch(ipsp->ips_authalg) { | |
37793 | +# ifdef CONFIG_KLIPS_AUTH_HMAC_MD5 | |
37794 | + case AH_MD5: { | |
37795 | + MD5_CTX *ictx; | |
37796 | + MD5_CTX *octx; | |
37797 | + | |
37798 | + if(ipsp->ips_key_bits_a != (AHMD596_KLEN * 8)) { | |
37799 | + KLIPS_PRINT(debug_pfkey, | |
37800 | + "ipsec_sa_init: " | |
37801 | + "incorrect authorisation key size: %d bits -- must be %d bits\n"/*octets (bytes)\n"*/, | |
37802 | + ipsp->ips_key_bits_a, | |
37803 | + AHMD596_KLEN * 8); | |
37804 | + SENDERR(EINVAL); | |
37805 | + } | |
37806 | + | |
37807 | +# if KLIPS_DIVULGE_HMAC_KEY | |
37808 | + KLIPS_PRINT(debug_pfkey && sysctl_ipsec_debug_verbose, | |
37809 | + "ipsec_sa_init: " | |
37810 | + "hmac md5-96 key is 0x%08x %08x %08x %08x\n", | |
37811 | + ntohl(*(((__u32 *)(ipsp->ips_key_a))+0)), | |
37812 | + ntohl(*(((__u32 *)(ipsp->ips_key_a))+1)), | |
37813 | + ntohl(*(((__u32 *)(ipsp->ips_key_a))+2)), | |
37814 | + ntohl(*(((__u32 *)(ipsp->ips_key_a))+3))); | |
37815 | +# endif /* KLIPS_DIVULGE_HMAC_KEY */ | |
37816 | + ipsp->ips_auth_bits = AHMD596_ALEN * 8; | |
37817 | + | |
37818 | + /* save the pointer to the key material */ | |
37819 | + akp = ipsp->ips_key_a; | |
37820 | + aks = ipsp->ips_key_a_size; | |
37821 | + | |
37822 | + KLIPS_PRINT(debug_pfkey && sysctl_ipsec_debug_verbose, | |
37823 | + "ipsec_sa_init: " | |
37824 | + "allocating %lu bytes for md5_ctx.\n", | |
37825 | + (unsigned long) sizeof(struct md5_ctx)); | |
37826 | + if((ipsp->ips_key_a = (caddr_t) | |
37827 | + kmalloc(sizeof(struct md5_ctx), GFP_ATOMIC)) == NULL) { | |
37828 | + ipsp->ips_key_a = akp; | |
37829 | + SENDERR(ENOMEM); | |
37830 | + } | |
37831 | + ipsp->ips_key_a_size = sizeof(struct md5_ctx); | |
37832 | + | |
37833 | + for (i = 0; i < DIVUP(ipsp->ips_key_bits_a, 8); i++) { | |
37834 | + kb[i] = akp[i] ^ HMAC_IPAD; | |
37835 | + } | |
37836 | + for (; i < AHMD596_BLKLEN; i++) { | |
37837 | + kb[i] = HMAC_IPAD; | |
37838 | + } | |
37839 | + | |
37840 | + ictx = &(((struct md5_ctx*)(ipsp->ips_key_a))->ictx); | |
37841 | + osMD5Init(ictx); | |
37842 | + osMD5Update(ictx, kb, AHMD596_BLKLEN); | |
37843 | + | |
37844 | + for (i = 0; i < AHMD596_BLKLEN; i++) { | |
37845 | + kb[i] ^= (HMAC_IPAD ^ HMAC_OPAD); | |
37846 | + } | |
37847 | + | |
37848 | + octx = &(((struct md5_ctx*)(ipsp->ips_key_a))->octx); | |
37849 | + osMD5Init(octx); | |
37850 | + osMD5Update(octx, kb, AHMD596_BLKLEN); | |
37851 | + | |
37852 | +# if KLIPS_DIVULGE_HMAC_KEY | |
37853 | + KLIPS_PRINT(debug_pfkey && sysctl_ipsec_debug_verbose, | |
37854 | + "ipsec_sa_init: " | |
37855 | + "MD5 ictx=0x%08x %08x %08x %08x octx=0x%08x %08x %08x %08x\n", | |
37856 | + ((__u32*)ictx)[0], | |
37857 | + ((__u32*)ictx)[1], | |
37858 | + ((__u32*)ictx)[2], | |
37859 | + ((__u32*)ictx)[3], | |
37860 | + ((__u32*)octx)[0], | |
37861 | + ((__u32*)octx)[1], | |
37862 | + ((__u32*)octx)[2], | |
37863 | + ((__u32*)octx)[3] ); | |
37864 | +# endif /* KLIPS_DIVULGE_HMAC_KEY */ | |
37865 | + /* paranoid */ | |
37866 | + memset(akp, 0, aks); | |
37867 | + kfree(akp); | |
37868 | + break; | |
37869 | + } | |
37870 | +# endif /* CONFIG_KLIPS_AUTH_HMAC_MD5 */ | |
37871 | +# ifdef CONFIG_KLIPS_AUTH_HMAC_SHA1 | |
37872 | + case AH_SHA: { | |
37873 | + SHA1_CTX *ictx; | |
37874 | + SHA1_CTX *octx; | |
37875 | + | |
37876 | + if(ipsp->ips_key_bits_a != (AHSHA196_KLEN * 8)) { | |
37877 | + KLIPS_PRINT(debug_pfkey, | |
37878 | + "ipsec_sa_init: " | |
37879 | + "incorrect authorisation key size: %d bits -- must be %d bits\n"/*octets (bytes)\n"*/, | |
37880 | + ipsp->ips_key_bits_a, | |
37881 | + AHSHA196_KLEN * 8); | |
37882 | + SENDERR(EINVAL); | |
37883 | + } | |
37884 | + | |
37885 | +# if KLIPS_DIVULGE_HMAC_KEY | |
37886 | + KLIPS_PRINT(debug_pfkey && sysctl_ipsec_debug_verbose, | |
37887 | + "ipsec_sa_init: " | |
37888 | + "hmac sha1-96 key is 0x%08x %08x %08x %08x\n", | |
37889 | + ntohl(*(((__u32 *)ipsp->ips_key_a)+0)), | |
37890 | + ntohl(*(((__u32 *)ipsp->ips_key_a)+1)), | |
37891 | + ntohl(*(((__u32 *)ipsp->ips_key_a)+2)), | |
37892 | + ntohl(*(((__u32 *)ipsp->ips_key_a)+3))); | |
37893 | +# endif /* KLIPS_DIVULGE_HMAC_KEY */ | |
37894 | + ipsp->ips_auth_bits = AHSHA196_ALEN * 8; | |
37895 | + | |
37896 | + /* save the pointer to the key material */ | |
37897 | + akp = ipsp->ips_key_a; | |
37898 | + aks = ipsp->ips_key_a_size; | |
37899 | + | |
37900 | + KLIPS_PRINT(debug_pfkey && sysctl_ipsec_debug_verbose, | |
37901 | + "ipsec_sa_init: " | |
37902 | + "allocating %lu bytes for sha1_ctx.\n", | |
37903 | + (unsigned long) sizeof(struct sha1_ctx)); | |
37904 | + if((ipsp->ips_key_a = (caddr_t) | |
37905 | + kmalloc(sizeof(struct sha1_ctx), GFP_ATOMIC)) == NULL) { | |
37906 | + ipsp->ips_key_a = akp; | |
37907 | + SENDERR(ENOMEM); | |
37908 | + } | |
37909 | + ipsp->ips_key_a_size = sizeof(struct sha1_ctx); | |
37910 | + | |
37911 | + for (i = 0; i < DIVUP(ipsp->ips_key_bits_a, 8); i++) { | |
37912 | + kb[i] = akp[i] ^ HMAC_IPAD; | |
37913 | + } | |
37914 | + for (; i < AHMD596_BLKLEN; i++) { | |
37915 | + kb[i] = HMAC_IPAD; | |
37916 | + } | |
37917 | + | |
37918 | + ictx = &(((struct sha1_ctx*)(ipsp->ips_key_a))->ictx); | |
37919 | + SHA1Init(ictx); | |
37920 | + SHA1Update(ictx, kb, AHSHA196_BLKLEN); | |
37921 | + | |
37922 | + for (i = 0; i < AHSHA196_BLKLEN; i++) { | |
37923 | + kb[i] ^= (HMAC_IPAD ^ HMAC_OPAD); | |
37924 | + } | |
37925 | + | |
37926 | + octx = &((struct sha1_ctx*)(ipsp->ips_key_a))->octx; | |
37927 | + SHA1Init(octx); | |
37928 | + SHA1Update(octx, kb, AHSHA196_BLKLEN); | |
37929 | + | |
37930 | +# if KLIPS_DIVULGE_HMAC_KEY | |
37931 | + KLIPS_PRINT(debug_pfkey && sysctl_ipsec_debug_verbose, | |
37932 | + "ipsec_sa_init: " | |
37933 | + "SHA1 ictx=0x%08x %08x %08x %08x octx=0x%08x %08x %08x %08x\n", | |
37934 | + ((__u32*)ictx)[0], | |
37935 | + ((__u32*)ictx)[1], | |
37936 | + ((__u32*)ictx)[2], | |
37937 | + ((__u32*)ictx)[3], | |
37938 | + ((__u32*)octx)[0], | |
37939 | + ((__u32*)octx)[1], | |
37940 | + ((__u32*)octx)[2], | |
37941 | + ((__u32*)octx)[3] ); | |
37942 | +# endif /* KLIPS_DIVULGE_HMAC_KEY */ | |
37943 | + memset(akp, 0, aks); | |
37944 | + kfree(akp); | |
37945 | + break; | |
37946 | + } | |
37947 | +# endif /* CONFIG_KLIPS_AUTH_HMAC_SHA1 */ | |
37948 | + case AH_NONE: | |
37949 | + break; | |
37950 | + default: | |
37951 | + KLIPS_PRINT(debug_pfkey, | |
37952 | + "ipsec_sa_init: " | |
37953 | + "authalg=%d support not available in the kernel.\n", | |
37954 | + ipsp->ips_authalg); | |
37955 | + SENDERR(EINVAL); | |
37956 | + } | |
37957 | + } | |
37958 | + break; | |
37959 | +#endif /* !CONFIG_KLIPS_ESP */ | |
37960 | +#ifdef CONFIG_KLIPS_IPCOMP | |
37961 | + case IPPROTO_COMP: | |
37962 | + ipsp->ips_comp_adapt_tries = 0; | |
37963 | + ipsp->ips_comp_adapt_skip = 0; | |
37964 | + ipsp->ips_comp_ratio_cbytes = 0; | |
37965 | + ipsp->ips_comp_ratio_dbytes = 0; | |
37966 | + break; | |
37967 | +#endif /* CONFIG_KLIPS_IPCOMP */ | |
37968 | + default: | |
37969 | + printk(KERN_ERR "KLIPS sa initialization: " | |
37970 | + "proto=%d unknown.\n", | |
37971 | + ipsp->ips_said.proto); | |
37972 | + SENDERR(EINVAL); | |
37973 | + } | |
37974 | + | |
37975 | + errlab: | |
37976 | + return(error); | |
37977 | +} | |
37978 | + | |
37979 | + | |
37980 | + | |
37981 | +/* | |
37982 | + * $Log: ipsec_sa.c,v $ | |
37983 | + * Revision 1.30.2.2 2006/10/06 21:39:26 paul | |
37984 | + * Fix for 2.6.18+ only include linux/config.h if AUTOCONF_INCLUDED is not | |
37985 | + * set. This is defined through autoconf.h which is included through the | |
37986 | + * linux kernel build macros. | |
37987 | + * | |
37988 | + * Revision 1.30.2.1 2006/04/20 16:33:07 mcr | |
37989 | + * remove all of CONFIG_KLIPS_ALG --- one can no longer build without it. | |
37990 | + * Fix in-kernel module compilation. Sub-makefiles do not work. | |
37991 | + * | |
37992 | + * Revision 1.30 2005/05/24 01:02:35 mcr | |
37993 | + * some refactoring/simplification of situation where alg | |
37994 | + * is not found. | |
37995 | + * | |
37996 | + * Revision 1.29 2005/05/18 19:13:28 mcr | |
37997 | + * rename debug messages. make sure that algo not found is not | |
37998 | + * a debug message. | |
37999 | + * | |
38000 | + * Revision 1.28 2005/05/11 01:30:20 mcr | |
38001 | + * removed "poor-man"s OOP in favour of proper C structures. | |
38002 | + * | |
38003 | + * Revision 1.27 2005/04/29 05:10:22 mcr | |
38004 | + * removed from extraenous includes to make unit testing easier. | |
38005 | + * | |
38006 | + * Revision 1.26 2005/04/14 20:56:24 mcr | |
38007 | + * moved (pfkey_)ipsec_sa_init to ipsec_sa.c. | |
38008 | + * | |
38009 | + * Revision 1.25 2004/08/22 20:12:16 mcr | |
38010 | + * one more KLIPS_NAT->IPSEC_NAT. | |
38011 | + * | |
38012 | + * Revision 1.24 2004/07/10 19:11:18 mcr | |
38013 | + * CONFIG_IPSEC -> CONFIG_KLIPS. | |
38014 | + * | |
38015 | + * Revision 1.23 2004/04/06 02:49:26 mcr | |
38016 | + * pullup of algo code from alg-branch. | |
38017 | + * | |
38018 | + * Revision 1.22.2.1 2003/12/22 15:25:52 jjo | |
38019 | + * . Merged algo-0.8.1-rc11-test1 into alg-branch | |
38020 | + * | |
38021 | + * Revision 1.22 2003/12/10 01:14:27 mcr | |
38022 | + * NAT-traversal patches to KLIPS. | |
38023 | + * | |
38024 | + * Revision 1.21 2003/10/31 02:27:55 mcr | |
38025 | + * pulled up port-selector patches and sa_id elimination. | |
38026 | + * | |
38027 | + * Revision 1.20.4.1 2003/10/29 01:30:41 mcr | |
38028 | + * elimited "struct sa_id". | |
38029 | + * | |
38030 | + * Revision 1.20 2003/02/06 01:50:34 rgb | |
38031 | + * Fixed initialisation bug for first sadb hash bucket that would only manifest itself on platforms where NULL != 0. | |
38032 | + * | |
38033 | + * Revision 1.19 2003/01/30 02:32:22 rgb | |
38034 | + * | |
38035 | + * Rename SAref table macro names for clarity. | |
38036 | + * Transmit error code through to caller from callee for better diagnosis of problems. | |
38037 | + * Convert IPsecSAref_t from signed to unsigned to fix apparent SAref exhaustion bug. | |
38038 | + * | |
38039 | + * Revision 1.18 2002/10/12 23:11:53 dhr | |
38040 | + * | |
38041 | + * [KenB + DHR] more 64-bit cleanup | |
38042 | + * | |
38043 | + * Revision 1.17 2002/10/07 18:31:43 rgb | |
38044 | + * Move field width sanity checks to ipsec_sa.c | |
38045 | + * | |
38046 | + * Revision 1.16 2002/09/20 15:41:02 rgb | |
38047 | + * Re-wrote most of the SAref code to eliminate Entry pointers. | |
38048 | + * Added SAref code compiler directive switch. | |
38049 | + * Added a saref test function for testing macros. | |
38050 | + * Switch from pfkey_alloc_ipsec_sa() to ipsec_sa_alloc(). | |
38051 | + * Split ipsec_sadb_cleanup from new funciton ipsec_sadb_free to avoid problem | |
38052 | + * of freeing newly created structures when clearing the reftable upon startup | |
38053 | + * to start from a known state. | |
38054 | + * Place all ipsec sadb globals into one struct. | |
38055 | + * Rework saref freelist. | |
38056 | + * Added memory allocation debugging. | |
38057 | + * | |
38058 | + * Revision 1.15 2002/09/20 05:01:44 rgb | |
38059 | + * Update copyright date. | |
38060 | + * | |
38061 | + * Revision 1.14 2002/08/13 19:01:25 mcr | |
38062 | + * patches from kenb to permit compilation of FreeSWAN on ia64. | |
38063 | + * des library patched to use proper DES_LONG type for ia64. | |
38064 | + * | |
38065 | + * Revision 1.13 2002/07/29 03:06:20 mcr | |
38066 | + * get rid of variable not used warnings. | |
38067 | + * | |
38068 | + * Revision 1.12 2002/07/26 08:48:31 rgb | |
38069 | + * Added SA ref table code. | |
38070 | + * | |
38071 | + * Revision 1.11 2002/06/04 16:48:49 rgb | |
38072 | + * Tidied up pointer code for processor independance. | |
38073 | + * | |
38074 | + * Revision 1.10 2002/05/23 07:16:17 rgb | |
38075 | + * Added ipsec_sa_put() for releasing an ipsec_sa refcount. | |
38076 | + * Pointer clean-up. | |
38077 | + * Added refcount code. | |
38078 | + * Convert "usecount" to "refcount" to remove ambiguity. | |
38079 | + * | |
38080 | + * Revision 1.9 2002/05/14 02:34:49 rgb | |
38081 | + * Converted reference from ipsec_sa_put to ipsec_sa_add to avoid confusion | |
38082 | + * with "put" usage in the kernel. | |
38083 | + * Change all references to tdb, TDB or Tunnel Descriptor Block to ips, | |
38084 | + * ipsec_sa or ipsec_sa. | |
38085 | + * Added some preliminary refcount code. | |
38086 | + * | |
38087 | + * Revision 1.8 2002/04/24 07:55:32 mcr | |
38088 | + * #include patches and Makefiles for post-reorg compilation. | |
38089 | + * | |
38090 | + * Revision 1.7 2002/04/24 07:36:30 mcr | |
38091 | + * Moved from ./klips/net/ipsec/ipsec_sa.c,v | |
38092 | + * | |
38093 | + * Revision 1.6 2002/04/20 00:12:25 rgb | |
38094 | + * Added esp IV CBC attack fix, disabled. | |
38095 | + * | |
38096 | + * Revision 1.5 2002/01/29 17:17:56 mcr | |
38097 | + * moved include of ipsec_param.h to after include of linux/kernel.h | |
38098 | + * otherwise, it seems that some option that is set in ipsec_param.h | |
38099 | + * screws up something subtle in the include path to kernel.h, and | |
38100 | + * it complains on the snprintf() prototype. | |
38101 | + * | |
38102 | + * Revision 1.4 2002/01/29 04:00:52 mcr | |
38103 | + * more excise of kversions.h header. | |
38104 | + * | |
38105 | + * Revision 1.3 2002/01/29 02:13:18 mcr | |
38106 | + * introduction of ipsec_kversion.h means that include of | |
38107 | + * ipsec_param.h must preceed any decisions about what files to | |
38108 | + * include to deal with differences in kernel source. | |
38109 | + * | |
38110 | + * Revision 1.2 2001/11/26 09:16:15 rgb | |
38111 | + * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes. | |
38112 | + * | |
38113 | + * Revision 1.1.2.2 2001/10/22 21:05:41 mcr | |
38114 | + * removed phony prototype for des_set_key. | |
38115 | + * | |
38116 | + * Revision 1.1.2.1 2001/09/25 02:24:57 mcr | |
38117 | + * struct tdb -> struct ipsec_sa. | |
38118 | + * sa(tdb) manipulation functions renamed and moved to ipsec_sa.c | |
38119 | + * ipsec_xform.c removed. header file still contains useful things. | |
38120 | + * | |
38121 | + * | |
38122 | + * | |
38123 | + * CLONED from ipsec_xform.c: | |
38124 | + * Revision 1.53 2001/09/08 21:13:34 rgb | |
38125 | + * Added pfkey ident extension support for ISAKMPd. (NetCelo) | |
38126 | + * | |
38127 | + * Revision 1.52 2001/06/14 19:35:11 rgb | |
38128 | + * Update copyright date. | |
38129 | + * | |
38130 | + * Revision 1.51 2001/05/30 08:14:03 rgb | |
38131 | + * Removed vestiges of esp-null transforms. | |
38132 | + * | |
38133 | + * Revision 1.50 2001/05/03 19:43:18 rgb | |
38134 | + * Initialise error return variable. | |
38135 | + * Update SENDERR macro. | |
38136 | + * Fix sign of error return code for ipsec_tdbcleanup(). | |
38137 | + * Use more appropriate return code for ipsec_tdbwipe(). | |
38138 | + * | |
38139 | + * Revision 1.49 2001/04/19 18:56:17 rgb | |
38140 | + * Fixed tdb table locking comments. | |
38141 | + * | |
38142 | + * Revision 1.48 2001/02/27 22:24:55 rgb | |
38143 | + * Re-formatting debug output (line-splitting, joining, 1arg/line). | |
38144 | + * Check for satoa() return codes. | |
38145 | + * | |
38146 | + * Revision 1.47 2000/11/06 04:32:08 rgb | |
38147 | + * Ditched spin_lock_irqsave in favour of spin_lock_bh. | |
38148 | + * | |
38149 | + * Revision 1.46 2000/09/20 16:21:57 rgb | |
38150 | + * Cleaned up ident string alloc/free. | |
38151 | + * | |
38152 | + * Revision 1.45 2000/09/08 19:16:51 rgb | |
38153 | + * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG. | |
38154 | + * Removed all references to CONFIG_IPSEC_PFKEYv2. | |
38155 | + * | |
38156 | + * Revision 1.44 2000/08/30 05:29:04 rgb | |
38157 | + * Compiler-define out no longer used tdb_init() in ipsec_xform.c. | |
38158 | + * | |
38159 | + * Revision 1.43 2000/08/18 21:30:41 rgb | |
38160 | + * Purged all tdb_spi, tdb_proto and tdb_dst macros. They are unclear. | |
38161 | + * | |
38162 | + * Revision 1.42 2000/08/01 14:51:51 rgb | |
38163 | + * Removed _all_ remaining traces of DES. | |
38164 | + * | |
38165 | + * Revision 1.41 2000/07/28 14:58:31 rgb | |
38166 | + * Changed kfree_s to kfree, eliminating extra arg to fix 2.4.0-test5. | |
38167 | + * | |
38168 | + * Revision 1.40 2000/06/28 05:50:11 rgb | |
38169 | + * Actually set iv_bits. | |
38170 | + * | |
38171 | + * Revision 1.39 2000/05/10 23:11:09 rgb | |
38172 | + * Added netlink debugging output. | |
38173 | + * Added a cast to quiet down the ntohl bug. | |
38174 | + * | |
38175 | + * Revision 1.38 2000/05/10 19:18:42 rgb | |
38176 | + * Cast output of ntohl so that the broken prototype doesn't make our | |
38177 | + * compile noisy. | |
38178 | + * | |
38179 | + * Revision 1.37 2000/03/16 14:04:59 rgb | |
38180 | + * Hardwired CONFIG_IPSEC_PFKEYv2 on. | |
38181 | + * | |
38182 | + * Revision 1.36 2000/01/26 10:11:28 rgb | |
38183 | + * Fixed spacing in error text causing run-in words. | |
38184 | + * | |
38185 | + * Revision 1.35 2000/01/21 06:17:16 rgb | |
38186 | + * Tidied up compiler directive indentation for readability. | |
38187 | + * Added ictx,octx vars for simplification.(kravietz) | |
38188 | + * Added macros for HMAC padding magic numbers.(kravietz) | |
38189 | + * Fixed missing key length reporting bug. | |
38190 | + * Fixed bug in tdbwipe to return immediately on NULL tdbp passed in. | |
38191 | + * | |
38192 | + * Revision 1.34 1999/12/08 00:04:19 rgb | |
38193 | + * Fixed SA direction overwriting bug for netlink users. | |
38194 | + * | |
38195 | + * Revision 1.33 1999/12/01 22:16:44 rgb | |
38196 | + * Minor formatting changes in ESP MD5 initialisation. | |
38197 | + * | |
38198 | + * Revision 1.32 1999/11/25 09:06:36 rgb | |
38199 | + * Fixed error return messages, should be returning negative numbers. | |
38200 | + * Implemented SENDERR macro for propagating error codes. | |
38201 | + * Added debug message and separate error code for algorithms not compiled | |
38202 | + * in. | |
38203 | + * | |
38204 | + * Revision 1.31 1999/11/23 23:06:26 rgb | |
38205 | + * Sort out pfkey and freeswan headers, putting them in a library path. | |
38206 | + * | |
38207 | + * Revision 1.30 1999/11/18 04:09:20 rgb | |
38208 | + * Replaced all kernel version macros to shorter, readable form. | |
38209 | + * | |
38210 | + * Revision 1.29 1999/11/17 15:53:40 rgb | |
38211 | + * Changed all occurrences of #include "../../../lib/freeswan.h" | |
38212 | + * to #include <freeswan.h> which works due to -Ilibfreeswan in the | |
38213 | + * klips/net/ipsec/Makefile. | |
38214 | + * | |
38215 | + * Revision 1.28 1999/10/18 20:04:01 rgb | |
38216 | + * Clean-out unused cruft. | |
38217 | + * | |
38218 | + * Revision 1.27 1999/10/03 19:01:03 rgb | |
38219 | + * Spinlock support for 2.3.xx and 2.0.xx kernels. | |
38220 | + * | |
38221 | + * Revision 1.26 1999/10/01 16:22:24 rgb | |
38222 | + * Switch from assignment init. to functional init. of spinlocks. | |
38223 | + * | |
38224 | + * Revision 1.25 1999/10/01 15:44:54 rgb | |
38225 | + * Move spinlock header include to 2.1> scope. | |
38226 | + * | |
38227 | + * Revision 1.24 1999/10/01 00:03:46 rgb | |
38228 | + * Added tdb structure locking. | |
38229 | + * Minor formatting changes. | |
38230 | + * Add function to initialize tdb hash table. | |
38231 | + * | |
38232 | + * Revision 1.23 1999/05/25 22:42:12 rgb | |
38233 | + * Add deltdbchain() debugging. | |
38234 | + * | |
38235 | + * Revision 1.22 1999/05/25 21:24:31 rgb | |
38236 | + * Add debugging statements to deltdbchain(). | |
38237 | + * | |
38238 | + * Revision 1.21 1999/05/25 03:51:48 rgb | |
38239 | + * Refix error return code. | |
38240 | + * | |
38241 | + * Revision 1.20 1999/05/25 03:34:07 rgb | |
38242 | + * Fix error return for flush. | |
38243 | + * | |
38244 | + * Revision 1.19 1999/05/09 03:25:37 rgb | |
38245 | + * Fix bug introduced by 2.2 quick-and-dirty patch. | |
38246 | + * | |
38247 | + * Revision 1.18 1999/05/05 22:02:32 rgb | |
38248 | + * Add a quick and dirty port to 2.2 kernels by Marc Boucher <marc@mbsi.ca>. | |
38249 | + * | |
38250 | + * Revision 1.17 1999/04/29 15:20:16 rgb | |
38251 | + * Change gettdb parameter to a pointer to reduce stack loading and | |
38252 | + * facilitate parameter sanity checking. | |
38253 | + * Add sanity checking for null pointer arguments. | |
38254 | + * Add debugging instrumentation. | |
38255 | + * Add function deltdbchain() which will take care of unlinking, | |
38256 | + * zeroing and deleting a chain of tdbs. | |
38257 | + * Add a parameter to tdbcleanup to be able to delete a class of SAs. | |
38258 | + * tdbwipe now actually zeroes the tdb as well as any of its pointed | |
38259 | + * structures. | |
38260 | + * | |
38261 | + * Revision 1.16 1999/04/16 15:36:29 rgb | |
38262 | + * Fix cut-and-paste error causing a memory leak in IPIP TDB freeing. | |
38263 | + * | |
38264 | + * Revision 1.15 1999/04/11 00:29:01 henry | |
38265 | + * GPL boilerplate | |
38266 | + * | |
38267 | + * Revision 1.14 1999/04/06 04:54:28 rgb | |
38268 | + * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes | |
38269 | + * patch shell fixes. | |
38270 | + * | |
38271 | + * Revision 1.13 1999/02/19 18:23:01 rgb | |
38272 | + * Nix debug off compile warning. | |
38273 | + * | |
38274 | + * Revision 1.12 1999/02/17 16:52:16 rgb | |
38275 | + * Consolidate satoa()s for space and speed efficiency. | |
38276 | + * Convert DEBUG_IPSEC to KLIPS_PRINT | |
38277 | + * Clean out unused cruft. | |
38278 | + * Ditch NET_IPIP dependancy. | |
38279 | + * Loop for 3des key setting. | |
38280 | + * | |
38281 | + * Revision 1.11 1999/01/26 02:09:05 rgb | |
38282 | + * Remove ah/esp/IPIP switching on include files. | |
38283 | + * Removed CONFIG_IPSEC_ALGO_SWITCH macro. | |
38284 | + * Removed dead code. | |
38285 | + * Clean up debug code when switched off. | |
38286 | + * Remove references to INET_GET_PROTOCOL. | |
38287 | + * Added code exclusion macros to reduce code from unused algorithms. | |
38288 | + * | |
38289 | + * Revision 1.10 1999/01/22 06:28:55 rgb | |
38290 | + * Cruft clean-out. | |
38291 | + * Put random IV generation in kernel. | |
38292 | + * Added algorithm switch code. | |
38293 | + * Enhanced debugging. | |
38294 | + * 64-bit clean-up. | |
38295 | + * | |
38296 | + * Revision 1.9 1998/11/30 13:22:55 rgb | |
38297 | + * Rationalised all the klips kernel file headers. They are much shorter | |
38298 | + * now and won't conflict under RH5.2. | |
38299 | + * | |
38300 | + * Revision 1.8 1998/11/25 04:59:06 rgb | |
38301 | + * Add conditionals for no IPIP tunnel code. | |
38302 | + * Delete commented out code. | |
38303 | + * | |
38304 | + * Revision 1.7 1998/10/31 06:50:41 rgb | |
38305 | + * Convert xform ASCII names to no spaces. | |
38306 | + * Fixed up comments in #endif directives. | |
38307 | + * | |
38308 | + * Revision 1.6 1998/10/19 14:44:28 rgb | |
38309 | + * Added inclusion of freeswan.h. | |
38310 | + * sa_id structure implemented and used: now includes protocol. | |
38311 | + * | |
38312 | + * Revision 1.5 1998/10/09 04:32:19 rgb | |
38313 | + * Added 'klips_debug' prefix to all klips printk debug statements. | |
38314 | + * | |
38315 | + * Revision 1.4 1998/08/12 00:11:31 rgb | |
38316 | + * Added new xform functions to the xform table. | |
38317 | + * Fixed minor debug output spelling error. | |
38318 | + * | |
38319 | + * Revision 1.3 1998/07/09 17:45:31 rgb | |
38320 | + * Clarify algorithm not available message. | |
38321 | + * | |
38322 | + * Revision 1.2 1998/06/23 03:00:51 rgb | |
38323 | + * Check for presence of IPIP protocol if it is setup one way (we don't | |
38324 | + * know what has been set up the other way and can only assume it will be | |
38325 | + * symmetrical with the exception of keys). | |
38326 | + * | |
38327 | + * Revision 1.1 1998/06/18 21:27:51 henry | |
38328 | + * move sources from klips/src to klips/net/ipsec, to keep stupid | |
38329 | + * kernel-build scripts happier in the presence of symlinks | |
38330 | + * | |
38331 | + * Revision 1.3 1998/06/11 05:54:59 rgb | |
38332 | + * Added transform version string pointer to xformsw initialisations. | |
38333 | + * | |
38334 | + * Revision 1.2 1998/04/21 21:28:57 rgb | |
38335 | + * Rearrange debug switches to change on the fly debug output from user | |
38336 | + * space. Only kernel changes checked in at this time. radij.c was also | |
38337 | + * changed to temporarily remove buggy debugging code in rj_delete causing | |
38338 | + * an OOPS and hence, netlink device open errors. | |
38339 | + * | |
38340 | + * Revision 1.1 1998/04/09 03:06:13 henry | |
38341 | + * sources moved up from linux/net/ipsec | |
38342 | + * | |
38343 | + * Revision 1.1.1.1 1998/04/08 05:35:02 henry | |
38344 | + * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8 | |
38345 | + * | |
38346 | + * Revision 0.5 1997/06/03 04:24:48 ji | |
38347 | + * Added ESP-3DES-MD5-96 | |
38348 | + * | |
38349 | + * Revision 0.4 1997/01/15 01:28:15 ji | |
38350 | + * Added new transforms. | |
38351 | + * | |
38352 | + * Revision 0.3 1996/11/20 14:39:04 ji | |
38353 | + * Minor cleanups. | |
38354 | + * Rationalized debugging code. | |
38355 | + * | |
38356 | + * Revision 0.2 1996/11/02 00:18:33 ji | |
38357 | + * First limited release. | |
38358 | + * | |
38359 | + * | |
38360 | + */ | |
38361 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
38362 | +++ linux/net/ipsec/ipsec_sha1.c Mon Feb 9 13:51:03 2004 | |
38363 | @@ -0,0 +1,219 @@ | |
38364 | +/* | |
38365 | + * RCSID $Id: ipsec_sha1.c,v 1.9 2004/04/06 02:49:26 mcr Exp $ | |
38366 | + */ | |
38367 | + | |
38368 | +/* | |
38369 | + * The rest of the code is derived from sha1.c by Steve Reid, which is | |
38370 | + * public domain. | |
38371 | + * Minor cosmetic changes to accomodate it in the Linux kernel by ji. | |
38372 | + */ | |
38373 | + | |
38374 | +#include <asm/byteorder.h> | |
38375 | +#include <linux/string.h> | |
38376 | + | |
38377 | +#include "openswan/ipsec_sha1.h" | |
38378 | + | |
38379 | +#if defined(rol) | |
38380 | +#undef rol | |
38381 | +#endif | |
38382 | + | |
38383 | +#define SHA1HANDSOFF | |
38384 | + | |
38385 | +#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits)))) | |
38386 | + | |
38387 | +/* blk0() and blk() perform the initial expand. */ | |
38388 | +/* I got the idea of expanding during the round function from SSLeay */ | |
38389 | +#ifdef __LITTLE_ENDIAN | |
38390 | +#define blk0(i) (block->l[i] = (rol(block->l[i],24)&0xFF00FF00) \ | |
38391 | + |(rol(block->l[i],8)&0x00FF00FF)) | |
38392 | +#else | |
38393 | +#define blk0(i) block->l[i] | |
38394 | +#endif | |
38395 | +#define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \ | |
38396 | + ^block->l[(i+2)&15]^block->l[i&15],1)) | |
38397 | + | |
38398 | +/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */ | |
38399 | +#define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30); | |
38400 | +#define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30); | |
38401 | +#define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30); | |
38402 | +#define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30); | |
38403 | +#define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30); | |
38404 | + | |
38405 | + | |
38406 | +/* Hash a single 512-bit block. This is the core of the algorithm. */ | |
38407 | + | |
38408 | +void SHA1Transform(__u32 state[5], __u8 buffer[64]) | |
38409 | +{ | |
38410 | +__u32 a, b, c, d, e; | |
38411 | +typedef union { | |
38412 | + unsigned char c[64]; | |
38413 | + __u32 l[16]; | |
38414 | +} CHAR64LONG16; | |
38415 | +CHAR64LONG16* block; | |
38416 | +#ifdef SHA1HANDSOFF | |
38417 | +static unsigned char workspace[64]; | |
38418 | + block = (CHAR64LONG16*)workspace; | |
38419 | + memcpy(block, buffer, 64); | |
38420 | +#else | |
38421 | + block = (CHAR64LONG16*)buffer; | |
38422 | +#endif | |
38423 | + /* Copy context->state[] to working vars */ | |
38424 | + a = state[0]; | |
38425 | + b = state[1]; | |
38426 | + c = state[2]; | |
38427 | + d = state[3]; | |
38428 | + e = state[4]; | |
38429 | + /* 4 rounds of 20 operations each. Loop unrolled. */ | |
38430 | + R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3); | |
38431 | + R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7); | |
38432 | + R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11); | |
38433 | + R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15); | |
38434 | + R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19); | |
38435 | + R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23); | |
38436 | + R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27); | |
38437 | + R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31); | |
38438 | + R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35); | |
38439 | + R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39); | |
38440 | + R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43); | |
38441 | + R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47); | |
38442 | + R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51); | |
38443 | + R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55); | |
38444 | + R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59); | |
38445 | + R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63); | |
38446 | + R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67); | |
38447 | + R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71); | |
38448 | + R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75); | |
38449 | + R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79); | |
38450 | + /* Add the working vars back into context.state[] */ | |
38451 | + state[0] += a; | |
38452 | + state[1] += b; | |
38453 | + state[2] += c; | |
38454 | + state[3] += d; | |
38455 | + state[4] += e; | |
38456 | + /* Wipe variables */ | |
38457 | + a = b = c = d = e = 0; | |
38458 | +} | |
38459 | + | |
38460 | + | |
38461 | +/* SHA1Init - Initialize new context */ | |
38462 | + | |
38463 | +void SHA1Init(void *vcontext) | |
38464 | +{ | |
38465 | + SHA1_CTX* context = vcontext; | |
38466 | + | |
38467 | + /* SHA1 initialization constants */ | |
38468 | + context->state[0] = 0x67452301; | |
38469 | + context->state[1] = 0xEFCDAB89; | |
38470 | + context->state[2] = 0x98BADCFE; | |
38471 | + context->state[3] = 0x10325476; | |
38472 | + context->state[4] = 0xC3D2E1F0; | |
38473 | + context->count[0] = context->count[1] = 0; | |
38474 | +} | |
38475 | + | |
38476 | + | |
38477 | +/* Run your data through this. */ | |
38478 | + | |
38479 | +void SHA1Update(void *vcontext, unsigned char* data, __u32 len) | |
38480 | +{ | |
38481 | + SHA1_CTX* context = vcontext; | |
38482 | + __u32 i, j; | |
38483 | + | |
38484 | + j = context->count[0]; | |
38485 | + if ((context->count[0] += len << 3) < j) | |
38486 | + context->count[1]++; | |
38487 | + context->count[1] += (len>>29); | |
38488 | + j = (j >> 3) & 63; | |
38489 | + if ((j + len) > 63) { | |
38490 | + memcpy(&context->buffer[j], data, (i = 64-j)); | |
38491 | + SHA1Transform(context->state, context->buffer); | |
38492 | + for ( ; i + 63 < len; i += 64) { | |
38493 | + SHA1Transform(context->state, &data[i]); | |
38494 | + } | |
38495 | + j = 0; | |
38496 | + } | |
38497 | + else i = 0; | |
38498 | + memcpy(&context->buffer[j], &data[i], len - i); | |
38499 | +} | |
38500 | + | |
38501 | + | |
38502 | +/* Add padding and return the message digest. */ | |
38503 | + | |
38504 | +void SHA1Final(unsigned char digest[20], void *vcontext) | |
38505 | +{ | |
38506 | + __u32 i, j; | |
38507 | + unsigned char finalcount[8]; | |
38508 | + SHA1_CTX* context = vcontext; | |
38509 | + | |
38510 | + for (i = 0; i < 8; i++) { | |
38511 | + finalcount[i] = (unsigned char)((context->count[(i >= 4 ? 0 : 1)] | |
38512 | + >> ((3-(i & 3)) * 8) ) & 255); /* Endian independent */ | |
38513 | + } | |
38514 | + SHA1Update(context, (unsigned char *)"\200", 1); | |
38515 | + while ((context->count[0] & 504) != 448) { | |
38516 | + SHA1Update(context, (unsigned char *)"\0", 1); | |
38517 | + } | |
38518 | + SHA1Update(context, finalcount, 8); /* Should cause a SHA1Transform() */ | |
38519 | + for (i = 0; i < 20; i++) { | |
38520 | + digest[i] = (unsigned char) | |
38521 | + ((context->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255); | |
38522 | + } | |
38523 | + /* Wipe variables */ | |
38524 | + i = j = 0; | |
38525 | + memset(context->buffer, 0, 64); | |
38526 | + memset(context->state, 0, 20); | |
38527 | + memset(context->count, 0, 8); | |
38528 | + memset(&finalcount, 0, 8); | |
38529 | +#ifdef SHA1HANDSOFF /* make SHA1Transform overwrite its own static vars */ | |
38530 | + SHA1Transform(context->state, context->buffer); | |
38531 | +#endif | |
38532 | +} | |
38533 | + | |
38534 | + | |
38535 | +/* | |
38536 | + * $Log: ipsec_sha1.c,v $ | |
38537 | + * Revision 1.9 2004/04/06 02:49:26 mcr | |
38538 | + * pullup of algo code from alg-branch. | |
38539 | + * | |
38540 | + * Revision 1.8 2002/09/10 01:45:14 mcr | |
38541 | + * changed type of MD5_CTX and SHA1_CTX to void * so that | |
38542 | + * the function prototypes would match, and could be placed | |
38543 | + * into a pointer to a function. | |
38544 | + * | |
38545 | + * Revision 1.7 2002/04/24 07:55:32 mcr | |
38546 | + * #include patches and Makefiles for post-reorg compilation. | |
38547 | + * | |
38548 | + * Revision 1.6 2002/04/24 07:36:30 mcr | |
38549 | + * Moved from ./klips/net/ipsec/ipsec_sha1.c,v | |
38550 | + * | |
38551 | + * Revision 1.5 1999/12/13 13:59:13 rgb | |
38552 | + * Quick fix to argument size to Update bugs. | |
38553 | + * | |
38554 | + * Revision 1.4 1999/04/11 00:29:00 henry | |
38555 | + * GPL boilerplate | |
38556 | + * | |
38557 | + * Revision 1.3 1999/04/06 04:54:27 rgb | |
38558 | + * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes | |
38559 | + * patch shell fixes. | |
38560 | + * | |
38561 | + * Revision 1.2 1999/01/22 06:55:50 rgb | |
38562 | + * 64-bit clean-up. | |
38563 | + * | |
38564 | + * Revision 1.1 1998/06/18 21:27:50 henry | |
38565 | + * move sources from klips/src to klips/net/ipsec, to keep stupid | |
38566 | + * kernel-build scripts happier in the presence of symlinks | |
38567 | + * | |
38568 | + * Revision 1.2 1998/04/23 20:54:04 rgb | |
38569 | + * Fixed md5 and sha1 include file nesting issues, to be cleaned up when | |
38570 | + * verified. | |
38571 | + * | |
38572 | + * Revision 1.1 1998/04/09 03:06:11 henry | |
38573 | + * sources moved up from linux/net/ipsec | |
38574 | + * | |
38575 | + * Revision 1.1.1.1 1998/04/08 05:35:05 henry | |
38576 | + * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8 | |
38577 | + * | |
38578 | + * Revision 0.4 1997/01/15 01:28:15 ji | |
38579 | + * New transform | |
38580 | + * | |
38581 | + * | |
38582 | + */ | |
38583 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
38584 | +++ linux/net/ipsec/ipsec_snprintf.c Mon Feb 9 13:51:03 2004 | |
38585 | @@ -0,0 +1,135 @@ | |
38586 | +/* | |
38587 | + * @(#) ipsec_snprintf() function | |
38588 | + * | |
38589 | + * Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs <rgb@freeswan.org> | |
38590 | + * 2001 Michael Richardson <mcr@freeswan.org> | |
38591 | + * Copyright (C) 2005 Michael Richardson <mcr@xelerance.com> | |
38592 | + * | |
38593 | + * This program is free software; you can redistribute it and/or modify it | |
38594 | + * under the terms of the GNU General Public License as published by the | |
38595 | + * Free Software Foundation; either version 2 of the License, or (at your | |
38596 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
38597 | + * | |
38598 | + * This program is distributed in the hope that it will be useful, but | |
38599 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
38600 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
38601 | + * for more details. | |
38602 | + * | |
38603 | + * Split out from ipsec_proc.c. | |
38604 | + */ | |
38605 | + | |
38606 | +#ifndef AUTOCONF_INCLUDED | |
38607 | +#include <linux/config.h> | |
38608 | +#endif | |
38609 | +#include <linux/version.h> | |
38610 | +#define __NO_VERSION__ | |
38611 | +#include <linux/module.h> | |
38612 | +#include <linux/kernel.h> /* printk() */ | |
38613 | + | |
38614 | +#include "openswan/ipsec_kversion.h" | |
38615 | +#include "openswan/ipsec_param.h" | |
38616 | + | |
38617 | +#include <net/ip.h> | |
38618 | + | |
38619 | +#include "openswan/radij.h" | |
38620 | + | |
38621 | +#include "openswan/ipsec_life.h" | |
38622 | +#include "openswan/ipsec_stats.h" | |
38623 | +#include "openswan/ipsec_sa.h" | |
38624 | + | |
38625 | +#include "openswan/ipsec_encap.h" | |
38626 | +#include "openswan/ipsec_radij.h" | |
38627 | +#include "openswan/ipsec_xform.h" | |
38628 | +#include "openswan/ipsec_tunnel.h" | |
38629 | +#include "openswan/ipsec_xmit.h" | |
38630 | + | |
38631 | +#include "openswan/ipsec_rcv.h" | |
38632 | +#include "openswan/ipsec_ah.h" | |
38633 | +#include "openswan/ipsec_esp.h" | |
38634 | +#include "openswan/ipsec_kern24.h" | |
38635 | + | |
38636 | +#ifdef CONFIG_KLIPS_IPCOMP | |
38637 | +#include "openswan/ipcomp.h" | |
38638 | +#endif /* CONFIG_KLIPS_IPCOMP */ | |
38639 | + | |
38640 | +#include "openswan/ipsec_proto.h" | |
38641 | + | |
38642 | +#include <pfkeyv2.h> | |
38643 | +#include <pfkey.h> | |
38644 | + | |
38645 | +/* ipsec_snprintf: like snprintf except | |
38646 | + * - size is signed and a negative value is treated as if it were 0 | |
38647 | + * - the returned result is never negative -- | |
38648 | + * an error generates a "?" or null output (depending on space). | |
38649 | + * (Our callers are too lazy to check for an error return.) | |
38650 | + * | |
38651 | + * @param buf String buffer | |
38652 | + * @param size Size of the string | |
38653 | + * @param fmt printf string | |
38654 | + * @param ... Variables to be displayed in fmt | |
38655 | + * @return int Return code | |
38656 | + */ | |
38657 | +int ipsec_snprintf(char *buf, ssize_t size, const char *fmt, ...) | |
38658 | +{ | |
38659 | + va_list args; | |
38660 | + int i; | |
38661 | + size_t possize = size < 0? 0 : size; | |
38662 | + va_start(args, fmt); | |
38663 | + i = vsnprintf(buf,possize,fmt,args); | |
38664 | + va_end(args); | |
38665 | + if (i < 0) { | |
38666 | + /* create empty output in place of error */ | |
38667 | + i = 0; | |
38668 | + if (size > 0) { | |
38669 | + *buf = '\0'; | |
38670 | + } | |
38671 | + } | |
38672 | + return i; | |
38673 | +} | |
38674 | + | |
38675 | + | |
38676 | +void ipsec_dmp_block(char *s, caddr_t bb, int len) | |
38677 | +{ | |
38678 | + int i; | |
38679 | + unsigned char *b = bb; | |
38680 | + | |
38681 | + printk(KERN_INFO "klips_dmp: " | |
38682 | + "at %s, len=%d:\n", s, len); | |
38683 | + | |
38684 | + for(i = 0; i < len; i++ /*, c++*/) { | |
38685 | + if(!(i % 16)) { | |
38686 | + printk(KERN_INFO | |
38687 | + "klips_debug: @%03x:", | |
38688 | + i); | |
38689 | + } | |
38690 | + printk(" %02x", b[i]); | |
38691 | + if(!((i + 1) % 16)) { | |
38692 | + printk("\n"); | |
38693 | + } | |
38694 | + } | |
38695 | + if(i % 16) { | |
38696 | + printk("\n"); | |
38697 | + } | |
38698 | +} | |
38699 | + | |
38700 | +/* | |
38701 | + * | |
38702 | + * $Log: ipsec_snprintf.c,v $ | |
38703 | + * Revision 1.3.2.1 2006/10/06 21:39:26 paul | |
38704 | + * Fix for 2.6.18+ only include linux/config.h if AUTOCONF_INCLUDED is not | |
38705 | + * set. This is defined through autoconf.h which is included through the | |
38706 | + * linux kernel build macros. | |
38707 | + * | |
38708 | + * Revision 1.3 2005/04/29 05:10:22 mcr | |
38709 | + * removed from extraenous includes to make unit testing easier. | |
38710 | + * | |
38711 | + * Revision 1.2 2005/04/15 00:32:01 mcr | |
38712 | + * added ipsec_dmp_block routine. | |
38713 | + * | |
38714 | + * | |
38715 | + * Local Variables: | |
38716 | + * c-file-style: "linux" | |
38717 | + * End: | |
38718 | + * | |
38719 | + */ | |
38720 | + | |
38721 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
38722 | +++ linux/net/ipsec/ipsec_tunnel.c Mon Feb 9 13:51:03 2004 | |
38723 | @@ -0,0 +1,2878 @@ | |
38724 | +/* | |
38725 | + * IPSEC Tunneling code. Heavily based on drivers/net/new_tunnel.c | |
38726 | + * Copyright (C) 1996, 1997 John Ioannidis. | |
38727 | + * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003 Richard Guy Briggs. | |
38728 | + * | |
38729 | + * This program is free software; you can redistribute it and/or modify it | |
38730 | + * under the terms of the GNU General Public License as published by the | |
38731 | + * Free Software Foundation; either version 2 of the License, or (at your | |
38732 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
38733 | + * | |
38734 | + * This program is distributed in the hope that it will be useful, but | |
38735 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
38736 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
38737 | + * for more details. | |
38738 | + */ | |
38739 | + | |
38740 | +char ipsec_tunnel_c_version[] = "RCSID $Id: ipsec_tunnel.c,v 1.232.2.5 2006/10/06 21:39:26 paul Exp $"; | |
38741 | + | |
38742 | +#define __NO_VERSION__ | |
38743 | +#include <linux/module.h> | |
38744 | +#ifndef AUTOCONF_INCLUDED | |
38745 | +#include <linux/config.h> | |
38746 | +#endif /* for CONFIG_IP_FORWARD */ | |
38747 | +#include <linux/version.h> | |
38748 | +#include <linux/kernel.h> /* printk() */ | |
38749 | + | |
38750 | +#include "openswan/ipsec_param.h" | |
38751 | + | |
38752 | +#ifdef MALLOC_SLAB | |
38753 | +# include <linux/slab.h> /* kmalloc() */ | |
38754 | +#else /* MALLOC_SLAB */ | |
38755 | +# include <linux/malloc.h> /* kmalloc() */ | |
38756 | +#endif /* MALLOC_SLAB */ | |
38757 | +#include <linux/errno.h> /* error codes */ | |
38758 | +#include <linux/types.h> /* size_t */ | |
38759 | +#include <linux/interrupt.h> /* mark_bh */ | |
38760 | + | |
38761 | +#include <net/tcp.h> | |
38762 | +#include <net/udp.h> | |
38763 | +#include <linux/skbuff.h> | |
38764 | + | |
38765 | +#include <linux/netdevice.h> /* struct device, struct net_device_stats, dev_queue_xmit() and other headers */ | |
38766 | +#include <linux/etherdevice.h> /* eth_type_trans */ | |
38767 | +#include <linux/ip.h> /* struct iphdr */ | |
38768 | +#include <linux/skbuff.h> | |
38769 | + | |
38770 | +#include <openswan.h> | |
38771 | + | |
38772 | +#ifdef NET_21 | |
38773 | +# include <linux/in6.h> | |
38774 | +# define ip_chk_addr inet_addr_type | |
38775 | +# define IS_MYADDR RTN_LOCAL | |
38776 | +# include <net/dst.h> | |
38777 | +# undef dev_kfree_skb | |
38778 | +# define dev_kfree_skb(a,b) kfree_skb(a) | |
38779 | +# define PHYSDEV_TYPE | |
38780 | +#endif /* NET_21 */ | |
38781 | + | |
38782 | +#include <net/icmp.h> /* icmp_send() */ | |
38783 | +#include <net/ip.h> | |
38784 | +#ifdef NETDEV_23 | |
38785 | +# include <linux/netfilter_ipv4.h> | |
38786 | +#endif /* NETDEV_23 */ | |
38787 | + | |
38788 | +#include <linux/if_arp.h> | |
38789 | +#include <net/arp.h> | |
38790 | + | |
38791 | +#include "openswan/ipsec_kversion.h" | |
38792 | +#include "openswan/radij.h" | |
38793 | +#include "openswan/ipsec_life.h" | |
38794 | +#include "openswan/ipsec_xform.h" | |
38795 | +#include "openswan/ipsec_eroute.h" | |
38796 | +#include "openswan/ipsec_encap.h" | |
38797 | +#include "openswan/ipsec_radij.h" | |
38798 | +#include "openswan/ipsec_sa.h" | |
38799 | +#include "openswan/ipsec_tunnel.h" | |
38800 | +#include "openswan/ipsec_xmit.h" | |
38801 | +#include "openswan/ipsec_ipe4.h" | |
38802 | +#include "openswan/ipsec_ah.h" | |
38803 | +#include "openswan/ipsec_esp.h" | |
38804 | +#include "openswan/ipsec_kern24.h" | |
38805 | + | |
38806 | +#include <pfkeyv2.h> | |
38807 | +#include <pfkey.h> | |
38808 | + | |
38809 | +#include "openswan/ipsec_proto.h" | |
38810 | +#ifdef CONFIG_IPSEC_NAT_TRAVERSAL | |
38811 | +#include <linux/udp.h> | |
38812 | +#endif | |
38813 | + | |
38814 | +static __u32 zeroes[64]; | |
38815 | + | |
38816 | +#ifdef CONFIG_KLIPS_DEBUG | |
38817 | +int debug_tunnel = 0; | |
38818 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
38819 | + | |
38820 | +DEBUG_NO_STATIC int | |
38821 | +ipsec_tunnel_open(struct net_device *dev) | |
38822 | +{ | |
38823 | + struct ipsecpriv *prv = dev->priv; | |
38824 | + | |
38825 | + /* | |
38826 | + * Can't open until attached. | |
38827 | + */ | |
38828 | + | |
38829 | + KLIPS_PRINT(debug_tunnel & DB_TN_INIT, | |
38830 | + "klips_debug:ipsec_tunnel_open: " | |
38831 | + "dev = %s, prv->dev = %s\n", | |
38832 | + dev->name, prv->dev?prv->dev->name:"NONE"); | |
38833 | + | |
38834 | + if (prv->dev == NULL) | |
38835 | + return -ENODEV; | |
38836 | + | |
38837 | + KLIPS_INC_USE; | |
38838 | + return 0; | |
38839 | +} | |
38840 | + | |
38841 | +DEBUG_NO_STATIC int | |
38842 | +ipsec_tunnel_close(struct net_device *dev) | |
38843 | +{ | |
38844 | + KLIPS_DEC_USE; | |
38845 | + return 0; | |
38846 | +} | |
38847 | + | |
38848 | +#ifdef NETDEV_23 | |
38849 | +static inline int ipsec_tunnel_xmit2(struct sk_buff *skb) | |
38850 | +{ | |
38851 | +#ifdef NETDEV_25 /* 2.6 kernels */ | |
38852 | + return dst_output(skb); | |
38853 | +#else | |
38854 | + return ip_send(skb); | |
38855 | +#endif | |
38856 | +} | |
38857 | +#endif /* NETDEV_23 */ | |
38858 | + | |
38859 | +enum ipsec_xmit_value | |
38860 | +ipsec_tunnel_strip_hard_header(struct ipsec_xmit_state *ixs) | |
38861 | +{ | |
38862 | + /* ixs->physdev->hard_header_len is unreliable and should not be used */ | |
38863 | + ixs->hard_header_len = (unsigned char *)(ixs->iph) - ixs->skb->data; | |
38864 | + | |
38865 | + if(ixs->hard_header_len < 0) { | |
38866 | + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, | |
38867 | + "klips_error:ipsec_xmit_strip_hard_header: " | |
38868 | + "Negative hard_header_len (%d)?!\n", ixs->hard_header_len); | |
38869 | + ixs->stats->tx_dropped++; | |
38870 | + return IPSEC_XMIT_BADHHLEN; | |
38871 | + } | |
38872 | + | |
38873 | + /* while ixs->physdev->hard_header_len is unreliable and | |
38874 | + * should not be trusted, it accurate and required for ATM, GRE and | |
38875 | + * some other interfaces to work. Thanks to Willy Tarreau | |
38876 | + * <willy@w.ods.org>. | |
38877 | + */ | |
38878 | + if(ixs->hard_header_len == 0) { /* no hard header present */ | |
38879 | + ixs->hard_header_stripped = 1; | |
38880 | + ixs->hard_header_len = ixs->physdev->hard_header_len; | |
38881 | + } | |
38882 | + | |
38883 | +#ifdef CONFIG_KLIPS_DEBUG | |
38884 | + if (debug_tunnel & DB_TN_XMIT) { | |
38885 | + int i; | |
38886 | + char c; | |
38887 | + | |
38888 | + printk(KERN_INFO "klips_debug:ipsec_xmit_strip_hard_header: " | |
38889 | + ">>> skb->len=%ld hard_header_len:%d", | |
38890 | + (unsigned long int)ixs->skb->len, ixs->hard_header_len); | |
38891 | + c = ' '; | |
38892 | + for (i=0; i < ixs->hard_header_len; i++) { | |
38893 | + printk("%c%02x", c, ixs->skb->data[i]); | |
38894 | + c = ':'; | |
38895 | + } | |
38896 | + printk(" \n"); | |
38897 | + } | |
38898 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
38899 | + | |
38900 | + KLIPS_IP_PRINT(debug_tunnel & DB_TN_XMIT, ixs->iph); | |
38901 | + | |
38902 | + KLIPS_PRINT(debug_tunnel & DB_TN_CROUT, | |
38903 | + "klips_debug:ipsec_xmit_strip_hard_header: " | |
38904 | + "Original head,tailroom: %d,%d\n", | |
38905 | + skb_headroom(ixs->skb), skb_tailroom(ixs->skb)); | |
38906 | + | |
38907 | + return IPSEC_XMIT_OK; | |
38908 | +} | |
38909 | + | |
38910 | +enum ipsec_xmit_value | |
38911 | +ipsec_tunnel_SAlookup(struct ipsec_xmit_state *ixs) | |
38912 | +{ | |
38913 | + unsigned int bypass; | |
38914 | + | |
38915 | + bypass = FALSE; | |
38916 | + | |
38917 | + /* | |
38918 | + * First things first -- look us up in the erouting tables. | |
38919 | + */ | |
38920 | + ixs->matcher.sen_len = sizeof (struct sockaddr_encap); | |
38921 | + ixs->matcher.sen_family = AF_ENCAP; | |
38922 | + ixs->matcher.sen_type = SENT_IP4; | |
38923 | + ixs->matcher.sen_ip_src.s_addr = ixs->iph->saddr; | |
38924 | + ixs->matcher.sen_ip_dst.s_addr = ixs->iph->daddr; | |
38925 | + ixs->matcher.sen_proto = ixs->iph->protocol; | |
38926 | + ipsec_extract_ports(ixs->iph, &ixs->matcher); | |
38927 | + | |
38928 | + /* | |
38929 | + * The spinlock is to prevent any other process from accessing or deleting | |
38930 | + * the eroute while we are using and updating it. | |
38931 | + */ | |
38932 | + spin_lock(&eroute_lock); | |
38933 | + | |
38934 | + ixs->eroute = ipsec_findroute(&ixs->matcher); | |
38935 | + | |
38936 | + if(ixs->iph->protocol == IPPROTO_UDP) { | |
38937 | + struct udphdr *t = NULL; | |
38938 | + | |
38939 | + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, | |
38940 | + "klips_debug:udp port check: " | |
38941 | + "fragoff: %d len: %d>%ld \n", | |
38942 | + ntohs(ixs->iph->frag_off) & IP_OFFSET, | |
38943 | + (ixs->skb->len - ixs->hard_header_len), | |
38944 | + (unsigned long int) ((ixs->iph->ihl << 2) + sizeof(struct udphdr))); | |
38945 | + | |
38946 | + if((ntohs(ixs->iph->frag_off) & IP_OFFSET) == 0 && | |
38947 | + ((ixs->skb->len - ixs->hard_header_len) >= | |
38948 | + ((ixs->iph->ihl << 2) + sizeof(struct udphdr)))) | |
38949 | + { | |
38950 | + t =((struct udphdr*)((caddr_t)ixs->iph+(ixs->iph->ihl<<2))); | |
38951 | + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, | |
38952 | + "klips_debug:udp port in packet: " | |
38953 | + "port %d -> %d\n", | |
38954 | + ntohs(t->source), ntohs(t->dest)); | |
38955 | + } | |
38956 | + | |
38957 | + ixs->sport=0; ixs->dport=0; | |
38958 | + | |
38959 | + if(ixs->skb->sk) { | |
38960 | +#ifdef NET_26 | |
38961 | + struct udp_sock *us; | |
38962 | + | |
38963 | + us = (struct udp_sock *)ixs->skb->sk; | |
38964 | + | |
38965 | + ixs->sport = ntohs(us->inet.sport); | |
38966 | + ixs->dport = ntohs(us->inet.dport); | |
38967 | +#else | |
38968 | + ixs->sport = ntohs(ixs->skb->sk->sport); | |
38969 | + ixs->dport = ntohs(ixs->skb->sk->dport); | |
38970 | +#endif | |
38971 | + | |
38972 | + } | |
38973 | + | |
38974 | + if(t != NULL) { | |
38975 | + if(ixs->sport == 0) { | |
38976 | + ixs->sport = ntohs(t->source); | |
38977 | + } | |
38978 | + if(ixs->dport == 0) { | |
38979 | + ixs->dport = ntohs(t->dest); | |
38980 | + } | |
38981 | + } | |
38982 | + } | |
38983 | + | |
38984 | + /* | |
38985 | + * practically identical to above, but let's be careful about | |
38986 | + * tcp vs udp headers | |
38987 | + */ | |
38988 | + if(ixs->iph->protocol == IPPROTO_TCP) { | |
38989 | + struct tcphdr *t = NULL; | |
38990 | + | |
38991 | + if((ntohs(ixs->iph->frag_off) & IP_OFFSET) == 0 && | |
38992 | + ((ixs->skb->len - ixs->hard_header_len) >= | |
38993 | + ((ixs->iph->ihl << 2) + sizeof(struct tcphdr)))) { | |
38994 | + t =((struct tcphdr*)((caddr_t)ixs->iph+(ixs->iph->ihl<<2))); | |
38995 | + } | |
38996 | + | |
38997 | + ixs->sport=0; ixs->dport=0; | |
38998 | + | |
38999 | + if(ixs->skb->sk) { | |
39000 | +#ifdef NET_26 | |
39001 | +#ifdef HAVE_INET_SK_SPORT | |
39002 | + ixs->sport = ntohs(inet_sk(ixs->skb->sk)->sport); | |
39003 | + ixs->dport = ntohs(inet_sk(ixs->skb->sk)->dport); | |
39004 | +#else | |
39005 | + struct tcp_tw_bucket *tw; | |
39006 | + | |
39007 | + tw = (struct tcp_tw_bucket *)ixs->skb->sk; | |
39008 | + | |
39009 | + ixs->sport = ntohs(tw->tw_sport); | |
39010 | + ixs->dport = ntohs(tw->tw_dport); | |
39011 | +#endif | |
39012 | +#else | |
39013 | + ixs->sport = ntohs(ixs->skb->sk->sport); | |
39014 | + ixs->dport = ntohs(ixs->skb->sk->dport); | |
39015 | +#endif | |
39016 | + } | |
39017 | + | |
39018 | + if(t != NULL) { | |
39019 | + if(ixs->sport == 0) { | |
39020 | + ixs->sport = ntohs(t->source); | |
39021 | + } | |
39022 | + if(ixs->dport == 0) { | |
39023 | + ixs->dport = ntohs(t->dest); | |
39024 | + } | |
39025 | + } | |
39026 | + } | |
39027 | + | |
39028 | + /* default to a %drop eroute */ | |
39029 | + ixs->outgoing_said.proto = IPPROTO_INT; | |
39030 | + ixs->outgoing_said.spi = htonl(SPI_DROP); | |
39031 | + ixs->outgoing_said.dst.u.v4.sin_addr.s_addr = INADDR_ANY; | |
39032 | + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, | |
39033 | + "klips_debug:ipsec_xmit_SAlookup: " | |
39034 | + "checking for local udp/500 IKE packet " | |
39035 | + "saddr=%x, er=0p%p, daddr=%x, er_dst=%x, proto=%d sport=%d dport=%d\n", | |
39036 | + ntohl((unsigned int)ixs->iph->saddr), | |
39037 | + ixs->eroute, | |
39038 | + ntohl((unsigned int)ixs->iph->daddr), | |
39039 | + ixs->eroute ? ntohl((unsigned int)ixs->eroute->er_said.dst.u.v4.sin_addr.s_addr) : 0, | |
39040 | + ixs->iph->protocol, | |
39041 | + ixs->sport, | |
39042 | + ixs->dport); | |
39043 | + | |
39044 | + /* | |
39045 | + * cheat for now...are we udp/500? If so, let it through | |
39046 | + * without interference since it is most likely an IKE packet. | |
39047 | + */ | |
39048 | + | |
39049 | + if (ip_chk_addr((unsigned long)ixs->iph->saddr) == IS_MYADDR | |
39050 | + && (ixs->eroute==NULL | |
39051 | + || ixs->iph->daddr == ixs->eroute->er_said.dst.u.v4.sin_addr.s_addr | |
39052 | + || INADDR_ANY == ixs->eroute->er_said.dst.u.v4.sin_addr.s_addr) | |
39053 | + && (ixs->iph->protocol == IPPROTO_UDP && | |
39054 | + (ixs->sport == 500 || ixs->sport == 4500))) { | |
39055 | + /* Whatever the eroute, this is an IKE message | |
39056 | + * from us (i.e. not being forwarded). | |
39057 | + * Furthermore, if there is a tunnel eroute, | |
39058 | + * the destination is the peer for this eroute. | |
39059 | + * So %pass the packet: modify the default %drop. | |
39060 | + */ | |
39061 | + | |
39062 | + ixs->outgoing_said.spi = htonl(SPI_PASS); | |
39063 | + if(!(ixs->skb->sk) && ((ntohs(ixs->iph->frag_off) & IP_MF) != 0)) { | |
39064 | + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, | |
39065 | + "klips_debug:ipsec_xmit_SAlookup: " | |
39066 | + "local UDP/500 (probably IKE) passthrough: base fragment, rest of fragments will probably get filtered.\n"); | |
39067 | + } | |
39068 | + bypass = TRUE; | |
39069 | + } | |
39070 | + | |
39071 | +#ifdef KLIPS_EXCEPT_DNS53 | |
39072 | + /* | |
39073 | + * | |
39074 | + * if we are udp/53 or tcp/53, also let it through a %trap or %hold, | |
39075 | + * since it is DNS, but *also* follow the %trap. | |
39076 | + * | |
39077 | + * we do not do this for tunnels, only %trap's and %hold's. | |
39078 | + * | |
39079 | + */ | |
39080 | + | |
39081 | + if (ip_chk_addr((unsigned long)ixs->iph->saddr) == IS_MYADDR | |
39082 | + && (ixs->eroute==NULL | |
39083 | + || ixs->iph->daddr == ixs->eroute->er_said.dst.u.v4.sin_addr.s_addr | |
39084 | + || INADDR_ANY == ixs->eroute->er_said.dst.u.v4.sin_addr.s_addr) | |
39085 | + && ((ixs->iph->protocol == IPPROTO_UDP | |
39086 | + || ixs->iph->protocol == IPPROTO_TCP) | |
39087 | + && ixs->dport == 53)) { | |
39088 | + | |
39089 | + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, | |
39090 | + "klips_debug:ipsec_xmit_SAlookup: " | |
39091 | + "possible DNS packet\n"); | |
39092 | + | |
39093 | + if(ixs->eroute) | |
39094 | + { | |
39095 | + if(ixs->eroute->er_said.spi == htonl(SPI_TRAP) | |
39096 | + || ixs->eroute->er_said.spi == htonl(SPI_HOLD)) | |
39097 | + { | |
39098 | + ixs->outgoing_said.spi = htonl(SPI_PASSTRAP); | |
39099 | + bypass = TRUE; | |
39100 | + } | |
39101 | + } | |
39102 | + else | |
39103 | + { | |
39104 | + ixs->outgoing_said.spi = htonl(SPI_PASSTRAP); | |
39105 | + bypass = TRUE; | |
39106 | + } | |
39107 | + | |
39108 | + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, | |
39109 | + "klips_debug:ipsec_xmit_SAlookup: " | |
39110 | + "bypass = %d\n", bypass); | |
39111 | + | |
39112 | + if(bypass | |
39113 | + && !(ixs->skb->sk) | |
39114 | + && ((ntohs(ixs->iph->frag_off) & IP_MF) != 0)) | |
39115 | + { | |
39116 | + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, | |
39117 | + "klips_debug:ipsec_xmit_SAlookup: " | |
39118 | + "local port 53 (probably DNS) passthrough:" | |
39119 | + "base fragment, rest of fragments will " | |
39120 | + "probably get filtered.\n"); | |
39121 | + } | |
39122 | + } | |
39123 | +#endif | |
39124 | + | |
39125 | + if (bypass==FALSE && ixs->eroute) { | |
39126 | + ixs->eroute->er_count++; | |
39127 | + ixs->eroute->er_lasttime = jiffies/HZ; | |
39128 | + if(ixs->eroute->er_said.proto==IPPROTO_INT | |
39129 | + && ixs->eroute->er_said.spi==htonl(SPI_HOLD)) | |
39130 | + { | |
39131 | + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, | |
39132 | + "klips_debug:ipsec_xmit_SAlookup: " | |
39133 | + "shunt SA of HOLD: skb stored in HOLD.\n"); | |
39134 | + if(ixs->eroute->er_last != NULL) { | |
39135 | + kfree_skb(ixs->eroute->er_last); | |
39136 | + } | |
39137 | + ixs->eroute->er_last = ixs->skb; | |
39138 | + ixs->skb = NULL; | |
39139 | + ixs->stats->tx_dropped++; | |
39140 | + spin_unlock(&eroute_lock); | |
39141 | + return IPSEC_XMIT_STOLEN; | |
39142 | + } | |
39143 | + ixs->outgoing_said = ixs->eroute->er_said; | |
39144 | + ixs->eroute_pid = ixs->eroute->er_pid; | |
39145 | + | |
39146 | + /* Copy of the ident for the TRAP/TRAPSUBNET eroutes */ | |
39147 | + if(ixs->outgoing_said.proto==IPPROTO_INT | |
39148 | + && (ixs->outgoing_said.spi==htonl(SPI_TRAP) | |
39149 | + || (ixs->outgoing_said.spi==htonl(SPI_TRAPSUBNET)))) { | |
39150 | + int len; | |
39151 | + | |
39152 | + ixs->ips.ips_ident_s.type = ixs->eroute->er_ident_s.type; | |
39153 | + ixs->ips.ips_ident_s.id = ixs->eroute->er_ident_s.id; | |
39154 | + ixs->ips.ips_ident_s.len = ixs->eroute->er_ident_s.len; | |
39155 | + if (ixs->ips.ips_ident_s.len) | |
39156 | + { | |
39157 | + len = ixs->ips.ips_ident_s.len * IPSEC_PFKEYv2_ALIGN - sizeof(struct sadb_ident); | |
39158 | + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, | |
39159 | + "klips_debug:ipsec_xmit_SAlookup: " | |
39160 | + "allocating %d bytes for ident_s shunt SA of HOLD: skb stored in HOLD.\n", | |
39161 | + len); | |
39162 | + if ((ixs->ips.ips_ident_s.data = kmalloc(len, GFP_ATOMIC)) == NULL) { | |
39163 | + printk(KERN_WARNING "klips_debug:ipsec_xmit_SAlookup: " | |
39164 | + "Failed, tried to allocate %d bytes for source ident.\n", | |
39165 | + len); | |
39166 | + ixs->stats->tx_dropped++; | |
39167 | + spin_unlock(&eroute_lock); | |
39168 | + return IPSEC_XMIT_ERRMEMALLOC; | |
39169 | + } | |
39170 | + memcpy(ixs->ips.ips_ident_s.data, ixs->eroute->er_ident_s.data, len); | |
39171 | + } | |
39172 | + ixs->ips.ips_ident_d.type = ixs->eroute->er_ident_d.type; | |
39173 | + ixs->ips.ips_ident_d.id = ixs->eroute->er_ident_d.id; | |
39174 | + ixs->ips.ips_ident_d.len = ixs->eroute->er_ident_d.len; | |
39175 | + if (ixs->ips.ips_ident_d.len) | |
39176 | + { | |
39177 | + len = ixs->ips.ips_ident_d.len * IPSEC_PFKEYv2_ALIGN - sizeof(struct sadb_ident); | |
39178 | + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, | |
39179 | + "klips_debug:ipsec_xmit_SAlookup: " | |
39180 | + "allocating %d bytes for ident_d shunt SA of HOLD: skb stored in HOLD.\n", | |
39181 | + len); | |
39182 | + if ((ixs->ips.ips_ident_d.data = kmalloc(len, GFP_ATOMIC)) == NULL) { | |
39183 | + printk(KERN_WARNING "klips_debug:ipsec_xmit_SAlookup: " | |
39184 | + "Failed, tried to allocate %d bytes for dest ident.\n", | |
39185 | + len); | |
39186 | + ixs->stats->tx_dropped++; | |
39187 | + spin_unlock(&eroute_lock); | |
39188 | + return IPSEC_XMIT_ERRMEMALLOC; | |
39189 | + } | |
39190 | + memcpy(ixs->ips.ips_ident_d.data, ixs->eroute->er_ident_d.data, len); | |
39191 | + } | |
39192 | + } | |
39193 | + } | |
39194 | + | |
39195 | + spin_unlock(&eroute_lock); | |
39196 | + return IPSEC_XMIT_OK; | |
39197 | +} | |
39198 | + | |
39199 | + | |
39200 | +enum ipsec_xmit_value | |
39201 | +ipsec_tunnel_restore_hard_header(struct ipsec_xmit_state*ixs) | |
39202 | +{ | |
39203 | + KLIPS_PRINT(debug_tunnel & DB_TN_CROUT, | |
39204 | + "klips_debug:ipsec_xmit_restore_hard_header: " | |
39205 | + "After recursive xforms -- head,tailroom: %d,%d\n", | |
39206 | + skb_headroom(ixs->skb), | |
39207 | + skb_tailroom(ixs->skb)); | |
39208 | + | |
39209 | + if(ixs->saved_header) { | |
39210 | + if(skb_headroom(ixs->skb) < ixs->hard_header_len) { | |
39211 | + printk(KERN_WARNING | |
39212 | + "klips_error:ipsec_xmit_restore_hard_header: " | |
39213 | + "tried to skb_push hhlen=%d, %d available. This should never happen, please report.\n", | |
39214 | + ixs->hard_header_len, | |
39215 | + skb_headroom(ixs->skb)); | |
39216 | + ixs->stats->tx_errors++; | |
39217 | + return IPSEC_XMIT_PUSHPULLERR; | |
39218 | + | |
39219 | + } | |
39220 | + skb_push(ixs->skb, ixs->hard_header_len); | |
39221 | + { | |
39222 | + int i; | |
39223 | + for (i = 0; i < ixs->hard_header_len; i++) { | |
39224 | + ixs->skb->data[i] = ixs->saved_header[i]; | |
39225 | + } | |
39226 | + } | |
39227 | + } | |
39228 | +#ifdef CONFIG_IPSEC_NAT_TRAVERSAL | |
39229 | + if (ixs->natt_type && ixs->natt_head) { | |
39230 | + struct iphdr *ipp = ixs->skb->nh.iph; | |
39231 | + struct udphdr *udp; | |
39232 | + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, | |
39233 | + "klips_debug:ipsec_tunnel_start_xmit: " | |
39234 | + "encapsuling packet into UDP (NAT-Traversal) (%d %d)\n", | |
39235 | + ixs->natt_type, ixs->natt_head); | |
39236 | + | |
39237 | + ixs->iphlen = ipp->ihl << 2; | |
39238 | + ipp->tot_len = | |
39239 | + htons(ntohs(ipp->tot_len) + ixs->natt_head); | |
39240 | + if(skb_tailroom(ixs->skb) < ixs->natt_head) { | |
39241 | + printk(KERN_WARNING "klips_error:ipsec_tunnel_start_xmit: " | |
39242 | + "tried to skb_put %d, %d available. " | |
39243 | + "This should never happen, please report.\n", | |
39244 | + ixs->natt_head, | |
39245 | + skb_tailroom(ixs->skb)); | |
39246 | + ixs->stats->tx_errors++; | |
39247 | + return IPSEC_XMIT_ESPUDP; | |
39248 | + } | |
39249 | + skb_put(ixs->skb, ixs->natt_head); | |
39250 | + | |
39251 | + udp = (struct udphdr *)((char *)ipp + ixs->iphlen); | |
39252 | + | |
39253 | + /* move ESP hdr after UDP hdr */ | |
39254 | + memmove((void *)((char *)udp + ixs->natt_head), | |
39255 | + (void *)(udp), | |
39256 | + ntohs(ipp->tot_len) - ixs->iphlen - ixs->natt_head); | |
39257 | + | |
39258 | + /* clear UDP & Non-IKE Markers (if any) */ | |
39259 | + memset(udp, 0, ixs->natt_head); | |
39260 | + | |
39261 | + /* fill UDP with usefull informations ;-) */ | |
39262 | + udp->source = htons(ixs->natt_sport); | |
39263 | + udp->dest = htons(ixs->natt_dport); | |
39264 | + udp->len = htons(ntohs(ipp->tot_len) - ixs->iphlen); | |
39265 | + | |
39266 | + /* set protocol */ | |
39267 | + ipp->protocol = IPPROTO_UDP; | |
39268 | + | |
39269 | + /* fix IP checksum */ | |
39270 | + ipp->check = 0; | |
39271 | + ipp->check = ip_fast_csum((unsigned char *)ipp, ipp->ihl); | |
39272 | + } | |
39273 | +#endif | |
39274 | + KLIPS_PRINT(debug_tunnel & DB_TN_CROUT, | |
39275 | + "klips_debug:ipsec_xmit_restore_hard_header: " | |
39276 | + "With hard_header, final head,tailroom: %d,%d\n", | |
39277 | + skb_headroom(ixs->skb), | |
39278 | + skb_tailroom(ixs->skb)); | |
39279 | + | |
39280 | + return IPSEC_XMIT_OK; | |
39281 | +} | |
39282 | + | |
39283 | +enum ipsec_xmit_value | |
39284 | +ipsec_tunnel_send(struct ipsec_xmit_state*ixs) | |
39285 | +{ | |
39286 | +#ifdef NETDEV_25 | |
39287 | + struct flowi fl; | |
39288 | +#endif | |
39289 | + | |
39290 | +#ifdef NET_21 /* 2.2 and 2.4 kernels */ | |
39291 | + /* new route/dst cache code from James Morris */ | |
39292 | + ixs->skb->dev = ixs->physdev; | |
39293 | +#ifdef NETDEV_25 | |
39294 | + memset (&fl, 0x0, sizeof (struct flowi)); | |
39295 | + fl.oif = ixs->physdev->iflink; | |
39296 | + fl.nl_u.ip4_u.daddr = ixs->skb->nh.iph->daddr; | |
39297 | + fl.nl_u.ip4_u.saddr = ixs->pass ? 0 : ixs->skb->nh.iph->saddr; | |
39298 | + fl.nl_u.ip4_u.tos = RT_TOS(ixs->skb->nh.iph->tos); | |
39299 | + fl.proto = ixs->skb->nh.iph->protocol; | |
39300 | + if ((ixs->error = ip_route_output_key(&ixs->route, &fl))) { | |
39301 | +#else | |
39302 | + /*skb_orphan(ixs->skb);*/ | |
39303 | + if((ixs->error = ip_route_output(&ixs->route, | |
39304 | + ixs->skb->nh.iph->daddr, | |
39305 | + ixs->pass ? 0 : ixs->skb->nh.iph->saddr, | |
39306 | + RT_TOS(ixs->skb->nh.iph->tos), | |
39307 | + /* mcr->rgb: should this be 0 instead? */ | |
39308 | + ixs->physdev->iflink))) { | |
39309 | +#endif | |
39310 | + ixs->stats->tx_errors++; | |
39311 | + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, | |
39312 | + "klips_debug:ipsec_xmit_send: " | |
39313 | + "ip_route_output failed with error code %d, rt->u.dst.dev=%s, dropped\n", | |
39314 | + ixs->error, | |
39315 | + ixs->route->u.dst.dev->name); | |
39316 | + return IPSEC_XMIT_ROUTEERR; | |
39317 | + } | |
39318 | + if(ixs->dev == ixs->route->u.dst.dev) { | |
39319 | + ip_rt_put(ixs->route); | |
39320 | + /* This is recursion, drop it. */ | |
39321 | + ixs->stats->tx_errors++; | |
39322 | + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, | |
39323 | + "klips_debug:ipsec_xmit_send: " | |
39324 | + "suspect recursion, dev=rt->u.dst.dev=%s, dropped\n", | |
39325 | + ixs->dev->name); | |
39326 | + return IPSEC_XMIT_RECURSDETECT; | |
39327 | + } | |
39328 | + dst_release(ixs->skb->dst); | |
39329 | + ixs->skb->dst = &ixs->route->u.dst; | |
39330 | + ixs->stats->tx_bytes += ixs->skb->len; | |
39331 | + if(ixs->skb->len < ixs->skb->nh.raw - ixs->skb->data) { | |
39332 | + ixs->stats->tx_errors++; | |
39333 | + printk(KERN_WARNING | |
39334 | + "klips_error:ipsec_xmit_send: " | |
39335 | + "tried to __skb_pull nh-data=%ld, %d available. This should never happen, please report.\n", | |
39336 | + (unsigned long)(ixs->skb->nh.raw - ixs->skb->data), | |
39337 | + ixs->skb->len); | |
39338 | + return IPSEC_XMIT_PUSHPULLERR; | |
39339 | + } | |
39340 | + __skb_pull(ixs->skb, ixs->skb->nh.raw - ixs->skb->data); | |
39341 | +#ifdef SKB_RESET_NFCT | |
39342 | + if(!ixs->pass) { | |
39343 | + nf_conntrack_put(ixs->skb->nfct); | |
39344 | + ixs->skb->nfct = NULL; | |
39345 | + } | |
39346 | +#if defined(CONFIG_NETFILTER_DEBUG) && defined(HAVE_SKB_NF_DEBUG) | |
39347 | + ixs->skb->nf_debug = 0; | |
39348 | +#endif /* CONFIG_NETFILTER_DEBUG */ | |
39349 | +#endif /* SKB_RESET_NFCT */ | |
39350 | + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, | |
39351 | + "klips_debug:ipsec_xmit_send: " | |
39352 | + "...done, calling ip_send() on device:%s\n", | |
39353 | + ixs->skb->dev ? ixs->skb->dev->name : "NULL"); | |
39354 | + KLIPS_IP_PRINT(debug_tunnel & DB_TN_XMIT, ixs->skb->nh.iph); | |
39355 | +#ifdef NETDEV_23 /* 2.4 kernels */ | |
39356 | + { | |
39357 | + int err; | |
39358 | + | |
39359 | + err = NF_HOOK(PF_INET, NF_IP_LOCAL_OUT, ixs->skb, NULL, ixs->route->u.dst.dev, | |
39360 | + ipsec_tunnel_xmit2); | |
39361 | + if(err != NET_XMIT_SUCCESS && err != NET_XMIT_CN) { | |
39362 | + if(net_ratelimit()) | |
39363 | + printk(KERN_ERR | |
39364 | + "klips_error:ipsec_xmit_send: " | |
39365 | + "ip_send() failed, err=%d\n", | |
39366 | + -err); | |
39367 | + ixs->stats->tx_errors++; | |
39368 | + ixs->stats->tx_aborted_errors++; | |
39369 | + ixs->skb = NULL; | |
39370 | + return IPSEC_XMIT_IPSENDFAILURE; | |
39371 | + } | |
39372 | + } | |
39373 | +#else /* NETDEV_23 */ /* 2.2 kernels */ | |
39374 | + ip_send(ixs->skb); | |
39375 | +#endif /* NETDEV_23 */ | |
39376 | +#else /* NET_21 */ /* 2.0 kernels */ | |
39377 | + ixs->skb->arp = 1; | |
39378 | + /* ISDN/ASYNC PPP from Matjaz Godec. */ | |
39379 | + /* skb->protocol = htons(ETH_P_IP); */ | |
39380 | + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, | |
39381 | + "klips_debug:ipsec_xmit_send: " | |
39382 | + "...done, calling dev_queue_xmit() or ip_fragment().\n"); | |
39383 | + IP_SEND(ixs->skb, ixs->physdev); | |
39384 | +#endif /* NET_21 */ | |
39385 | + ixs->stats->tx_packets++; | |
39386 | + | |
39387 | + ixs->skb = NULL; | |
39388 | + | |
39389 | + return IPSEC_XMIT_OK; | |
39390 | +} | |
39391 | + | |
39392 | +void | |
39393 | +ipsec_tunnel_cleanup(struct ipsec_xmit_state*ixs) | |
39394 | +{ | |
39395 | +#if defined(HAS_NETIF_QUEUE) || defined (HAVE_NETIF_QUEUE) | |
39396 | + netif_wake_queue(ixs->dev); | |
39397 | +#else /* defined(HAS_NETIF_QUEUE) || defined (HAVE_NETIF_QUEUE) */ | |
39398 | + ixs->dev->tbusy = 0; | |
39399 | +#endif /* defined(HAS_NETIF_QUEUE) || defined (HAVE_NETIF_QUEUE) */ | |
39400 | + if(ixs->saved_header) { | |
39401 | + kfree(ixs->saved_header); | |
39402 | + } | |
39403 | + if(ixs->skb) { | |
39404 | + dev_kfree_skb(ixs->skb, FREE_WRITE); | |
39405 | + } | |
39406 | + if(ixs->oskb) { | |
39407 | + dev_kfree_skb(ixs->oskb, FREE_WRITE); | |
39408 | + } | |
39409 | + if (ixs->ips.ips_ident_s.data) { | |
39410 | + kfree(ixs->ips.ips_ident_s.data); | |
39411 | + } | |
39412 | + if (ixs->ips.ips_ident_d.data) { | |
39413 | + kfree(ixs->ips.ips_ident_d.data); | |
39414 | + } | |
39415 | +} | |
39416 | + | |
39417 | +/* | |
39418 | + * This function assumes it is being called from dev_queue_xmit() | |
39419 | + * and that skb is filled properly by that function. | |
39420 | + */ | |
39421 | +int | |
39422 | +ipsec_tunnel_start_xmit(struct sk_buff *skb, struct net_device *dev) | |
39423 | +{ | |
39424 | + struct ipsec_xmit_state ixs_mem; | |
39425 | + struct ipsec_xmit_state *ixs = &ixs_mem; | |
39426 | + enum ipsec_xmit_value stat; | |
39427 | + | |
39428 | +#ifdef CONFIG_IPSEC_NAT_TRAVERSAL | |
39429 | + ixs->natt_type = 0, ixs->natt_head = 0; | |
39430 | + ixs->natt_sport = 0, ixs->natt_dport = 0; | |
39431 | +#endif | |
39432 | + | |
39433 | + memset((caddr_t)ixs, 0, sizeof(*ixs)); | |
39434 | + ixs->oskb = NULL; | |
39435 | + ixs->saved_header = NULL; /* saved copy of the hard header */ | |
39436 | + ixs->route = NULL; | |
39437 | + memset((caddr_t)&(ixs->ips), 0, sizeof(ixs->ips)); | |
39438 | + ixs->dev = dev; | |
39439 | + ixs->skb = skb; | |
39440 | + | |
39441 | + stat = ipsec_xmit_sanity_check_dev(ixs); | |
39442 | + if(stat != IPSEC_XMIT_OK) { | |
39443 | + goto cleanup; | |
39444 | + } | |
39445 | + | |
39446 | + stat = ipsec_xmit_sanity_check_skb(ixs); | |
39447 | + if(stat != IPSEC_XMIT_OK) { | |
39448 | + goto cleanup; | |
39449 | + } | |
39450 | + | |
39451 | + stat = ipsec_tunnel_strip_hard_header(ixs); | |
39452 | + if(stat != IPSEC_XMIT_OK) { | |
39453 | + goto cleanup; | |
39454 | + } | |
39455 | + | |
39456 | + stat = ipsec_tunnel_SAlookup(ixs); | |
39457 | + if(stat != IPSEC_XMIT_OK) { | |
39458 | + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, | |
39459 | + "klips_debug:ipsec_tunnel_start_xmit: SAlookup failed: %d\n", | |
39460 | + stat); | |
39461 | + goto cleanup; | |
39462 | + } | |
39463 | + | |
39464 | + ixs->innersrc = ixs->iph->saddr; | |
39465 | + /* start encapsulation loop here XXX */ | |
39466 | + do { | |
39467 | + stat = ipsec_xmit_encap_bundle(ixs); | |
39468 | + if(stat != IPSEC_XMIT_OK) { | |
39469 | + if(stat == IPSEC_XMIT_PASS) { | |
39470 | + goto bypass; | |
39471 | + } | |
39472 | + | |
39473 | + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, | |
39474 | + "klips_debug:ipsec_tunnel_start_xmit: encap_bundle failed: %d\n", | |
39475 | + stat); | |
39476 | + goto cleanup; | |
39477 | + } | |
39478 | + | |
39479 | + ixs->matcher.sen_ip_src.s_addr = ixs->iph->saddr; | |
39480 | + ixs->matcher.sen_ip_dst.s_addr = ixs->iph->daddr; | |
39481 | + ixs->matcher.sen_proto = ixs->iph->protocol; | |
39482 | + ipsec_extract_ports(ixs->iph, &ixs->matcher); | |
39483 | + | |
39484 | + spin_lock(&eroute_lock); | |
39485 | + ixs->eroute = ipsec_findroute(&ixs->matcher); | |
39486 | + if(ixs->eroute) { | |
39487 | + ixs->outgoing_said = ixs->eroute->er_said; | |
39488 | + ixs->eroute_pid = ixs->eroute->er_pid; | |
39489 | + ixs->eroute->er_count++; | |
39490 | + ixs->eroute->er_lasttime = jiffies/HZ; | |
39491 | + } | |
39492 | + spin_unlock(&eroute_lock); | |
39493 | + | |
39494 | + KLIPS_PRINT((debug_tunnel & DB_TN_XMIT) && | |
39495 | + /* ((ixs->orgdst != ixs->newdst) || (ixs->orgsrc != ixs->newsrc)) */ | |
39496 | + (ixs->orgedst != ixs->outgoing_said.dst.u.v4.sin_addr.s_addr) && | |
39497 | + ixs->outgoing_said.dst.u.v4.sin_addr.s_addr && | |
39498 | + ixs->eroute, | |
39499 | + "klips_debug:ipsec_tunnel_start_xmit: " | |
39500 | + "We are recursing here.\n"); | |
39501 | + | |
39502 | + } while(/*((ixs->orgdst != ixs->newdst) || (ixs->orgsrc != ixs->newsrc))*/ | |
39503 | + (ixs->orgedst != ixs->outgoing_said.dst.u.v4.sin_addr.s_addr) && | |
39504 | + ixs->outgoing_said.dst.u.v4.sin_addr.s_addr && | |
39505 | + ixs->eroute); | |
39506 | + | |
39507 | + stat = ipsec_tunnel_restore_hard_header(ixs); | |
39508 | + if(stat != IPSEC_XMIT_OK) { | |
39509 | + goto cleanup; | |
39510 | + } | |
39511 | + | |
39512 | + bypass: | |
39513 | + stat = ipsec_tunnel_send(ixs); | |
39514 | + | |
39515 | + cleanup: | |
39516 | + ipsec_tunnel_cleanup(ixs); | |
39517 | + | |
39518 | + return 0; | |
39519 | +} | |
39520 | + | |
39521 | +DEBUG_NO_STATIC struct net_device_stats * | |
39522 | +ipsec_tunnel_get_stats(struct net_device *dev) | |
39523 | +{ | |
39524 | + return &(((struct ipsecpriv *)(dev->priv))->mystats); | |
39525 | +} | |
39526 | + | |
39527 | +/* | |
39528 | + * Revectored calls. | |
39529 | + * For each of these calls, a field exists in our private structure. | |
39530 | + */ | |
39531 | + | |
39532 | +DEBUG_NO_STATIC int | |
39533 | +ipsec_tunnel_hard_header(struct sk_buff *skb, struct net_device *dev, | |
39534 | + unsigned short type, void *daddr, void *saddr, unsigned len) | |
39535 | +{ | |
39536 | + struct ipsecpriv *prv = dev->priv; | |
39537 | + struct net_device *tmp; | |
39538 | + int ret; | |
39539 | + struct net_device_stats *stats; /* This device's statistics */ | |
39540 | + | |
39541 | + if(skb == NULL) { | |
39542 | + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, | |
39543 | + "klips_debug:ipsec_tunnel_hard_header: " | |
39544 | + "no skb...\n"); | |
39545 | + return -ENODATA; | |
39546 | + } | |
39547 | + | |
39548 | + if(dev == NULL) { | |
39549 | + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, | |
39550 | + "klips_debug:ipsec_tunnel_hard_header: " | |
39551 | + "no device...\n"); | |
39552 | + return -ENODEV; | |
39553 | + } | |
39554 | + | |
39555 | + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, | |
39556 | + "klips_debug:ipsec_tunnel_hard_header: " | |
39557 | + "skb->dev=%s dev=%s.\n", | |
39558 | + skb->dev ? skb->dev->name : "NULL", | |
39559 | + dev->name); | |
39560 | + | |
39561 | + if(prv == NULL) { | |
39562 | + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, | |
39563 | + "klips_debug:ipsec_tunnel_hard_header: " | |
39564 | + "no private space associated with dev=%s\n", | |
39565 | + dev->name ? dev->name : "NULL"); | |
39566 | + return -ENODEV; | |
39567 | + } | |
39568 | + | |
39569 | + stats = (struct net_device_stats *) &(prv->mystats); | |
39570 | + | |
39571 | + if(prv->dev == NULL) { | |
39572 | + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, | |
39573 | + "klips_debug:ipsec_tunnel_hard_header: " | |
39574 | + "no physical device associated with dev=%s\n", | |
39575 | + dev->name ? dev->name : "NULL"); | |
39576 | + stats->tx_dropped++; | |
39577 | + return -ENODEV; | |
39578 | + } | |
39579 | + | |
39580 | + /* check if we have to send a IPv6 packet. It might be a Router | |
39581 | + Solicitation, where the building of the packet happens in | |
39582 | + reverse order: | |
39583 | + 1. ll hdr, | |
39584 | + 2. IPv6 hdr, | |
39585 | + 3. ICMPv6 hdr | |
39586 | + -> skb->nh.raw is still uninitialized when this function is | |
39587 | + called!! If this is no IPv6 packet, we can print debugging | |
39588 | + messages, otherwise we skip all debugging messages and just | |
39589 | + build the ll header */ | |
39590 | + if(type != ETH_P_IPV6) { | |
39591 | + /* execute this only, if we don't have to build the | |
39592 | + header for a IPv6 packet */ | |
39593 | + if(!prv->hard_header) { | |
39594 | + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, | |
39595 | + "klips_debug:ipsec_tunnel_hard_header: " | |
39596 | + "physical device has been detached, packet dropped 0p%p->0p%p len=%d type=%d dev=%s->NULL ", | |
39597 | + saddr, | |
39598 | + daddr, | |
39599 | + len, | |
39600 | + type, | |
39601 | + dev->name); | |
39602 | +#ifdef NET_21 | |
39603 | + KLIPS_PRINTMORE(debug_tunnel & DB_TN_REVEC, | |
39604 | + "ip=%08x->%08x\n", | |
39605 | + (__u32)ntohl(skb->nh.iph->saddr), | |
39606 | + (__u32)ntohl(skb->nh.iph->daddr) ); | |
39607 | +#else /* NET_21 */ | |
39608 | + KLIPS_PRINTMORE(debug_tunnel & DB_TN_REVEC, | |
39609 | + "ip=%08x->%08x\n", | |
39610 | + (__u32)ntohl(skb->ip_hdr->saddr), | |
39611 | + (__u32)ntohl(skb->ip_hdr->daddr) ); | |
39612 | +#endif /* NET_21 */ | |
39613 | + stats->tx_dropped++; | |
39614 | + return -ENODEV; | |
39615 | + } | |
39616 | + | |
39617 | +#define da ((struct net_device *)(prv->dev))->dev_addr | |
39618 | + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, | |
39619 | + "klips_debug:ipsec_tunnel_hard_header: " | |
39620 | + "Revectored 0p%p->0p%p len=%d type=%d dev=%s->%s dev_addr=%02x:%02x:%02x:%02x:%02x:%02x ", | |
39621 | + saddr, | |
39622 | + daddr, | |
39623 | + len, | |
39624 | + type, | |
39625 | + dev->name, | |
39626 | + prv->dev->name, | |
39627 | + da[0], da[1], da[2], da[3], da[4], da[5]); | |
39628 | +#ifdef NET_21 | |
39629 | + KLIPS_PRINTMORE(debug_tunnel & DB_TN_REVEC, | |
39630 | + "ip=%08x->%08x\n", | |
39631 | + (__u32)ntohl(skb->nh.iph->saddr), | |
39632 | + (__u32)ntohl(skb->nh.iph->daddr) ); | |
39633 | +#else /* NET_21 */ | |
39634 | + KLIPS_PRINTMORE(debug_tunnel & DB_TN_REVEC, | |
39635 | + "ip=%08x->%08x\n", | |
39636 | + (__u32)ntohl(skb->ip_hdr->saddr), | |
39637 | + (__u32)ntohl(skb->ip_hdr->daddr) ); | |
39638 | +#endif /* NET_21 */ | |
39639 | + } else { | |
39640 | + KLIPS_PRINT(debug_tunnel, | |
39641 | + "klips_debug:ipsec_tunnel_hard_header: " | |
39642 | + "is IPv6 packet, skip debugging messages, only revector and build linklocal header.\n"); | |
39643 | + } | |
39644 | + tmp = skb->dev; | |
39645 | + skb->dev = prv->dev; | |
39646 | + ret = prv->hard_header(skb, prv->dev, type, (void *)daddr, (void *)saddr, len); | |
39647 | + skb->dev = tmp; | |
39648 | + return ret; | |
39649 | +} | |
39650 | + | |
39651 | +DEBUG_NO_STATIC int | |
39652 | +#ifdef NET_21 | |
39653 | +ipsec_tunnel_rebuild_header(struct sk_buff *skb) | |
39654 | +#else /* NET_21 */ | |
39655 | +ipsec_tunnel_rebuild_header(void *buff, struct net_device *dev, | |
39656 | + unsigned long raddr, struct sk_buff *skb) | |
39657 | +#endif /* NET_21 */ | |
39658 | +{ | |
39659 | + struct ipsecpriv *prv = skb->dev->priv; | |
39660 | + struct net_device *tmp; | |
39661 | + int ret; | |
39662 | + struct net_device_stats *stats; /* This device's statistics */ | |
39663 | + | |
39664 | + if(skb->dev == NULL) { | |
39665 | + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, | |
39666 | + "klips_debug:ipsec_tunnel_rebuild_header: " | |
39667 | + "no device..."); | |
39668 | + return -ENODEV; | |
39669 | + } | |
39670 | + | |
39671 | + if(prv == NULL) { | |
39672 | + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, | |
39673 | + "klips_debug:ipsec_tunnel_rebuild_header: " | |
39674 | + "no private space associated with dev=%s", | |
39675 | + skb->dev->name ? skb->dev->name : "NULL"); | |
39676 | + return -ENODEV; | |
39677 | + } | |
39678 | + | |
39679 | + stats = (struct net_device_stats *) &(prv->mystats); | |
39680 | + | |
39681 | + if(prv->dev == NULL) { | |
39682 | + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, | |
39683 | + "klips_debug:ipsec_tunnel_rebuild_header: " | |
39684 | + "no physical device associated with dev=%s", | |
39685 | + skb->dev->name ? skb->dev->name : "NULL"); | |
39686 | + stats->tx_dropped++; | |
39687 | + return -ENODEV; | |
39688 | + } | |
39689 | + | |
39690 | + if(!prv->rebuild_header) { | |
39691 | + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, | |
39692 | + "klips_debug:ipsec_tunnel_rebuild_header: " | |
39693 | + "physical device has been detached, packet dropped skb->dev=%s->NULL ", | |
39694 | + skb->dev->name); | |
39695 | +#ifdef NET_21 | |
39696 | + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, | |
39697 | + "ip=%08x->%08x\n", | |
39698 | + (__u32)ntohl(skb->nh.iph->saddr), | |
39699 | + (__u32)ntohl(skb->nh.iph->daddr) ); | |
39700 | +#else /* NET_21 */ | |
39701 | + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, | |
39702 | + "ip=%08x->%08x\n", | |
39703 | + (__u32)ntohl(skb->ip_hdr->saddr), | |
39704 | + (__u32)ntohl(skb->ip_hdr->daddr) ); | |
39705 | +#endif /* NET_21 */ | |
39706 | + stats->tx_dropped++; | |
39707 | + return -ENODEV; | |
39708 | + } | |
39709 | + | |
39710 | + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, | |
39711 | + "klips_debug:ipsec_tunnel: " | |
39712 | + "Revectored rebuild_header dev=%s->%s ", | |
39713 | + skb->dev->name, prv->dev->name); | |
39714 | +#ifdef NET_21 | |
39715 | + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, | |
39716 | + "ip=%08x->%08x\n", | |
39717 | + (__u32)ntohl(skb->nh.iph->saddr), | |
39718 | + (__u32)ntohl(skb->nh.iph->daddr) ); | |
39719 | +#else /* NET_21 */ | |
39720 | + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, | |
39721 | + "ip=%08x->%08x\n", | |
39722 | + (__u32)ntohl(skb->ip_hdr->saddr), | |
39723 | + (__u32)ntohl(skb->ip_hdr->daddr) ); | |
39724 | +#endif /* NET_21 */ | |
39725 | + tmp = skb->dev; | |
39726 | + skb->dev = prv->dev; | |
39727 | + | |
39728 | +#ifdef NET_21 | |
39729 | + ret = prv->rebuild_header(skb); | |
39730 | +#else /* NET_21 */ | |
39731 | + ret = prv->rebuild_header(buff, prv->dev, raddr, skb); | |
39732 | +#endif /* NET_21 */ | |
39733 | + skb->dev = tmp; | |
39734 | + return ret; | |
39735 | +} | |
39736 | + | |
39737 | +DEBUG_NO_STATIC int | |
39738 | +ipsec_tunnel_set_mac_address(struct net_device *dev, void *addr) | |
39739 | +{ | |
39740 | + struct ipsecpriv *prv = dev->priv; | |
39741 | + | |
39742 | + struct net_device_stats *stats; /* This device's statistics */ | |
39743 | + | |
39744 | + if(dev == NULL) { | |
39745 | + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, | |
39746 | + "klips_debug:ipsec_tunnel_set_mac_address: " | |
39747 | + "no device..."); | |
39748 | + return -ENODEV; | |
39749 | + } | |
39750 | + | |
39751 | + if(prv == NULL) { | |
39752 | + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, | |
39753 | + "klips_debug:ipsec_tunnel_set_mac_address: " | |
39754 | + "no private space associated with dev=%s", | |
39755 | + dev->name ? dev->name : "NULL"); | |
39756 | + return -ENODEV; | |
39757 | + } | |
39758 | + | |
39759 | + stats = (struct net_device_stats *) &(prv->mystats); | |
39760 | + | |
39761 | + if(prv->dev == NULL) { | |
39762 | + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, | |
39763 | + "klips_debug:ipsec_tunnel_set_mac_address: " | |
39764 | + "no physical device associated with dev=%s", | |
39765 | + dev->name ? dev->name : "NULL"); | |
39766 | + stats->tx_dropped++; | |
39767 | + return -ENODEV; | |
39768 | + } | |
39769 | + | |
39770 | + if(!prv->set_mac_address) { | |
39771 | + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, | |
39772 | + "klips_debug:ipsec_tunnel_set_mac_address: " | |
39773 | + "physical device has been detached, cannot set - skb->dev=%s->NULL\n", | |
39774 | + dev->name); | |
39775 | + return -ENODEV; | |
39776 | + } | |
39777 | + | |
39778 | + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, | |
39779 | + "klips_debug:ipsec_tunnel_set_mac_address: " | |
39780 | + "Revectored dev=%s->%s addr=0p%p\n", | |
39781 | + dev->name, prv->dev->name, addr); | |
39782 | + return prv->set_mac_address(prv->dev, addr); | |
39783 | + | |
39784 | +} | |
39785 | + | |
39786 | +#ifndef NET_21 | |
39787 | +DEBUG_NO_STATIC void | |
39788 | +ipsec_tunnel_cache_bind(struct hh_cache **hhp, struct net_device *dev, | |
39789 | + unsigned short htype, __u32 daddr) | |
39790 | +{ | |
39791 | + struct ipsecpriv *prv = dev->priv; | |
39792 | + | |
39793 | + struct net_device_stats *stats; /* This device's statistics */ | |
39794 | + | |
39795 | + if(dev == NULL) { | |
39796 | + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, | |
39797 | + "klips_debug:ipsec_tunnel_cache_bind: " | |
39798 | + "no device..."); | |
39799 | + return; | |
39800 | + } | |
39801 | + | |
39802 | + if(prv == NULL) { | |
39803 | + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, | |
39804 | + "klips_debug:ipsec_tunnel_cache_bind: " | |
39805 | + "no private space associated with dev=%s", | |
39806 | + dev->name ? dev->name : "NULL"); | |
39807 | + return; | |
39808 | + } | |
39809 | + | |
39810 | + stats = (struct net_device_stats *) &(prv->mystats); | |
39811 | + | |
39812 | + if(prv->dev == NULL) { | |
39813 | + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, | |
39814 | + "klips_debug:ipsec_tunnel_cache_bind: " | |
39815 | + "no physical device associated with dev=%s", | |
39816 | + dev->name ? dev->name : "NULL"); | |
39817 | + stats->tx_dropped++; | |
39818 | + return; | |
39819 | + } | |
39820 | + | |
39821 | + if(!prv->header_cache_bind) { | |
39822 | + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, | |
39823 | + "klips_debug:ipsec_tunnel_cache_bind: " | |
39824 | + "physical device has been detached, cannot set - skb->dev=%s->NULL\n", | |
39825 | + dev->name); | |
39826 | + stats->tx_dropped++; | |
39827 | + return; | |
39828 | + } | |
39829 | + | |
39830 | + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, | |
39831 | + "klips_debug:ipsec_tunnel_cache_bind: " | |
39832 | + "Revectored \n"); | |
39833 | + prv->header_cache_bind(hhp, prv->dev, htype, daddr); | |
39834 | + return; | |
39835 | +} | |
39836 | +#endif /* !NET_21 */ | |
39837 | + | |
39838 | + | |
39839 | +DEBUG_NO_STATIC void | |
39840 | +ipsec_tunnel_cache_update(struct hh_cache *hh, struct net_device *dev, unsigned char * haddr) | |
39841 | +{ | |
39842 | + struct ipsecpriv *prv = dev->priv; | |
39843 | + | |
39844 | + struct net_device_stats *stats; /* This device's statistics */ | |
39845 | + | |
39846 | + if(dev == NULL) { | |
39847 | + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, | |
39848 | + "klips_debug:ipsec_tunnel_cache_update: " | |
39849 | + "no device..."); | |
39850 | + return; | |
39851 | + } | |
39852 | + | |
39853 | + if(prv == NULL) { | |
39854 | + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, | |
39855 | + "klips_debug:ipsec_tunnel_cache_update: " | |
39856 | + "no private space associated with dev=%s", | |
39857 | + dev->name ? dev->name : "NULL"); | |
39858 | + return; | |
39859 | + } | |
39860 | + | |
39861 | + stats = (struct net_device_stats *) &(prv->mystats); | |
39862 | + | |
39863 | + if(prv->dev == NULL) { | |
39864 | + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, | |
39865 | + "klips_debug:ipsec_tunnel_cache_update: " | |
39866 | + "no physical device associated with dev=%s", | |
39867 | + dev->name ? dev->name : "NULL"); | |
39868 | + stats->tx_dropped++; | |
39869 | + return; | |
39870 | + } | |
39871 | + | |
39872 | + if(!prv->header_cache_update) { | |
39873 | + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, | |
39874 | + "klips_debug:ipsec_tunnel_cache_update: " | |
39875 | + "physical device has been detached, cannot set - skb->dev=%s->NULL\n", | |
39876 | + dev->name); | |
39877 | + return; | |
39878 | + } | |
39879 | + | |
39880 | + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, | |
39881 | + "klips_debug:ipsec_tunnel: " | |
39882 | + "Revectored cache_update\n"); | |
39883 | + prv->header_cache_update(hh, prv->dev, haddr); | |
39884 | + return; | |
39885 | +} | |
39886 | + | |
39887 | +#ifdef NET_21 | |
39888 | +DEBUG_NO_STATIC int | |
39889 | +ipsec_tunnel_neigh_setup(struct neighbour *n) | |
39890 | +{ | |
39891 | + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, | |
39892 | + "klips_debug:ipsec_tunnel_neigh_setup:\n"); | |
39893 | + | |
39894 | + if (n->nud_state == NUD_NONE) { | |
39895 | + n->ops = &arp_broken_ops; | |
39896 | + n->output = n->ops->output; | |
39897 | + } | |
39898 | + return 0; | |
39899 | +} | |
39900 | + | |
39901 | +DEBUG_NO_STATIC int | |
39902 | +ipsec_tunnel_neigh_setup_dev(struct net_device *dev, struct neigh_parms *p) | |
39903 | +{ | |
39904 | + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, | |
39905 | + "klips_debug:ipsec_tunnel_neigh_setup_dev: " | |
39906 | + "setting up %s\n", | |
39907 | + dev ? dev->name : "NULL"); | |
39908 | + | |
39909 | + if (p->tbl->family == AF_INET) { | |
39910 | + p->neigh_setup = ipsec_tunnel_neigh_setup; | |
39911 | + p->ucast_probes = 0; | |
39912 | + p->mcast_probes = 0; | |
39913 | + } | |
39914 | + return 0; | |
39915 | +} | |
39916 | +#endif /* NET_21 */ | |
39917 | + | |
39918 | +/* | |
39919 | + * We call the attach routine to attach another device. | |
39920 | + */ | |
39921 | + | |
39922 | +DEBUG_NO_STATIC int | |
39923 | +ipsec_tunnel_attach(struct net_device *dev, struct net_device *physdev) | |
39924 | +{ | |
39925 | + int i; | |
39926 | + struct ipsecpriv *prv = dev->priv; | |
39927 | + | |
39928 | + if(dev == NULL) { | |
39929 | + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, | |
39930 | + "klips_debug:ipsec_tunnel_attach: " | |
39931 | + "no device..."); | |
39932 | + return -ENODEV; | |
39933 | + } | |
39934 | + | |
39935 | + if(prv == NULL) { | |
39936 | + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, | |
39937 | + "klips_debug:ipsec_tunnel_attach: " | |
39938 | + "no private space associated with dev=%s", | |
39939 | + dev->name ? dev->name : "NULL"); | |
39940 | + return -ENODATA; | |
39941 | + } | |
39942 | + | |
39943 | + prv->dev = physdev; | |
39944 | + prv->hard_start_xmit = physdev->hard_start_xmit; | |
39945 | + prv->get_stats = physdev->get_stats; | |
39946 | + | |
39947 | + if (physdev->hard_header) { | |
39948 | + prv->hard_header = physdev->hard_header; | |
39949 | + dev->hard_header = ipsec_tunnel_hard_header; | |
39950 | + } else | |
39951 | + dev->hard_header = NULL; | |
39952 | + | |
39953 | + if (physdev->rebuild_header) { | |
39954 | + prv->rebuild_header = physdev->rebuild_header; | |
39955 | + dev->rebuild_header = ipsec_tunnel_rebuild_header; | |
39956 | + } else | |
39957 | + dev->rebuild_header = NULL; | |
39958 | + | |
39959 | + if (physdev->set_mac_address) { | |
39960 | + prv->set_mac_address = physdev->set_mac_address; | |
39961 | + dev->set_mac_address = ipsec_tunnel_set_mac_address; | |
39962 | + } else | |
39963 | + dev->set_mac_address = NULL; | |
39964 | + | |
39965 | +#ifndef NET_21 | |
39966 | + if (physdev->header_cache_bind) { | |
39967 | + prv->header_cache_bind = physdev->header_cache_bind; | |
39968 | + dev->header_cache_bind = ipsec_tunnel_cache_bind; | |
39969 | + } else | |
39970 | + dev->header_cache_bind = NULL; | |
39971 | +#endif /* !NET_21 */ | |
39972 | + | |
39973 | + if (physdev->header_cache_update) { | |
39974 | + prv->header_cache_update = physdev->header_cache_update; | |
39975 | + dev->header_cache_update = ipsec_tunnel_cache_update; | |
39976 | + } else | |
39977 | + dev->header_cache_update = NULL; | |
39978 | + | |
39979 | + dev->hard_header_len = physdev->hard_header_len; | |
39980 | + | |
39981 | +#ifdef NET_21 | |
39982 | +/* prv->neigh_setup = physdev->neigh_setup; */ | |
39983 | + dev->neigh_setup = ipsec_tunnel_neigh_setup_dev; | |
39984 | +#endif /* NET_21 */ | |
39985 | + dev->mtu = 16260; /* 0xfff0; */ /* dev->mtu; */ | |
39986 | + prv->mtu = physdev->mtu; | |
39987 | + | |
39988 | +#ifdef PHYSDEV_TYPE | |
39989 | + dev->type = physdev->type; /* ARPHRD_TUNNEL; */ | |
39990 | +#endif /* PHYSDEV_TYPE */ | |
39991 | + | |
39992 | + dev->addr_len = physdev->addr_len; | |
39993 | + for (i=0; i<dev->addr_len; i++) { | |
39994 | + dev->dev_addr[i] = physdev->dev_addr[i]; | |
39995 | + } | |
39996 | +#ifdef CONFIG_KLIPS_DEBUG | |
39997 | + if(debug_tunnel & DB_TN_INIT) { | |
39998 | + printk(KERN_INFO "klips_debug:ipsec_tunnel_attach: " | |
39999 | + "physical device %s being attached has HW address: %2x", | |
40000 | + physdev->name, physdev->dev_addr[0]); | |
40001 | + for (i=1; i < physdev->addr_len; i++) { | |
40002 | + printk(":%02x", physdev->dev_addr[i]); | |
40003 | + } | |
40004 | + printk("\n"); | |
40005 | + } | |
40006 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
40007 | + | |
40008 | + return 0; | |
40009 | +} | |
40010 | + | |
40011 | +/* | |
40012 | + * We call the detach routine to detach the ipsec tunnel from another device. | |
40013 | + */ | |
40014 | + | |
40015 | +DEBUG_NO_STATIC int | |
40016 | +ipsec_tunnel_detach(struct net_device *dev) | |
40017 | +{ | |
40018 | + int i; | |
40019 | + struct ipsecpriv *prv = dev->priv; | |
40020 | + | |
40021 | + if(dev == NULL) { | |
40022 | + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, | |
40023 | + "klips_debug:ipsec_tunnel_detach: " | |
40024 | + "no device..."); | |
40025 | + return -ENODEV; | |
40026 | + } | |
40027 | + | |
40028 | + if(prv == NULL) { | |
40029 | + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, | |
40030 | + "klips_debug:ipsec_tunnel_detach: " | |
40031 | + "no private space associated with dev=%s", | |
40032 | + dev->name ? dev->name : "NULL"); | |
40033 | + return -ENODATA; | |
40034 | + } | |
40035 | + | |
40036 | + KLIPS_PRINT(debug_tunnel & DB_TN_INIT, | |
40037 | + "klips_debug:ipsec_tunnel_detach: " | |
40038 | + "physical device %s being detached from virtual device %s\n", | |
40039 | + prv->dev ? prv->dev->name : "NULL", | |
40040 | + dev->name); | |
40041 | + | |
40042 | + ipsec_dev_put(prv->dev); | |
40043 | + prv->dev = NULL; | |
40044 | + prv->hard_start_xmit = NULL; | |
40045 | + prv->get_stats = NULL; | |
40046 | + | |
40047 | + prv->hard_header = NULL; | |
40048 | +#ifdef DETACH_AND_DOWN | |
40049 | + dev->hard_header = NULL; | |
40050 | +#endif /* DETACH_AND_DOWN */ | |
40051 | + | |
40052 | + prv->rebuild_header = NULL; | |
40053 | +#ifdef DETACH_AND_DOWN | |
40054 | + dev->rebuild_header = NULL; | |
40055 | +#endif /* DETACH_AND_DOWN */ | |
40056 | + | |
40057 | + prv->set_mac_address = NULL; | |
40058 | +#ifdef DETACH_AND_DOWN | |
40059 | + dev->set_mac_address = NULL; | |
40060 | +#endif /* DETACH_AND_DOWN */ | |
40061 | + | |
40062 | +#ifndef NET_21 | |
40063 | + prv->header_cache_bind = NULL; | |
40064 | +#ifdef DETACH_AND_DOWN | |
40065 | + dev->header_cache_bind = NULL; | |
40066 | +#endif /* DETACH_AND_DOWN */ | |
40067 | +#endif /* !NET_21 */ | |
40068 | + | |
40069 | + prv->header_cache_update = NULL; | |
40070 | +#ifdef DETACH_AND_DOWN | |
40071 | + dev->header_cache_update = NULL; | |
40072 | +#endif /* DETACH_AND_DOWN */ | |
40073 | + | |
40074 | +#ifdef NET_21 | |
40075 | +/* prv->neigh_setup = NULL; */ | |
40076 | +#ifdef DETACH_AND_DOWN | |
40077 | + dev->neigh_setup = NULL; | |
40078 | +#endif /* DETACH_AND_DOWN */ | |
40079 | +#endif /* NET_21 */ | |
40080 | + dev->hard_header_len = 0; | |
40081 | +#ifdef DETACH_AND_DOWN | |
40082 | + dev->mtu = 0; | |
40083 | +#endif /* DETACH_AND_DOWN */ | |
40084 | + prv->mtu = 0; | |
40085 | + for (i=0; i<MAX_ADDR_LEN; i++) { | |
40086 | + dev->dev_addr[i] = 0; | |
40087 | + } | |
40088 | + dev->addr_len = 0; | |
40089 | +#ifdef PHYSDEV_TYPE | |
40090 | + dev->type = ARPHRD_VOID; /* ARPHRD_TUNNEL; */ | |
40091 | +#endif /* PHYSDEV_TYPE */ | |
40092 | + | |
40093 | + return 0; | |
40094 | +} | |
40095 | + | |
40096 | +/* | |
40097 | + * We call the clear routine to detach all ipsec tunnels from other devices. | |
40098 | + */ | |
40099 | +DEBUG_NO_STATIC int | |
40100 | +ipsec_tunnel_clear(void) | |
40101 | +{ | |
40102 | + int i; | |
40103 | + struct net_device *ipsecdev = NULL, *prvdev; | |
40104 | + struct ipsecpriv *prv; | |
40105 | + int ret; | |
40106 | + | |
40107 | + KLIPS_PRINT(debug_tunnel & DB_TN_INIT, | |
40108 | + "klips_debug:ipsec_tunnel_clear: .\n"); | |
40109 | + | |
40110 | + for(i = 0; i < IPSEC_NUM_IF; i++) { | |
40111 | + ipsecdev = ipsecdevices[i]; | |
40112 | + if(ipsecdev != NULL) { | |
40113 | + if((prv = (struct ipsecpriv *)(ipsecdev->priv))) { | |
40114 | + prvdev = (struct net_device *)(prv->dev); | |
40115 | + if(prvdev) { | |
40116 | + KLIPS_PRINT(debug_tunnel & DB_TN_INIT, | |
40117 | + "klips_debug:ipsec_tunnel_clear: " | |
40118 | + "physical device for device %s is %s\n", | |
40119 | + ipsecdev->name, prvdev->name); | |
40120 | + if((ret = ipsec_tunnel_detach(ipsecdev))) { | |
40121 | + KLIPS_PRINT(debug_tunnel & DB_TN_INIT, | |
40122 | + "klips_debug:ipsec_tunnel_clear: " | |
40123 | + "error %d detatching device %s from device %s.\n", | |
40124 | + ret, ipsecdev->name, prvdev->name); | |
40125 | + return ret; | |
40126 | + } | |
40127 | + } | |
40128 | + } | |
40129 | + } | |
40130 | + } | |
40131 | + return 0; | |
40132 | +} | |
40133 | + | |
40134 | +DEBUG_NO_STATIC int | |
40135 | +ipsec_tunnel_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) | |
40136 | +{ | |
40137 | + struct ipsectunnelconf *cf = (struct ipsectunnelconf *)&ifr->ifr_data; | |
40138 | + struct ipsecpriv *prv = dev->priv; | |
40139 | + struct net_device *them; /* physical device */ | |
40140 | +#ifdef CONFIG_IP_ALIAS | |
40141 | + char *colon; | |
40142 | + char realphysname[IFNAMSIZ]; | |
40143 | +#endif /* CONFIG_IP_ALIAS */ | |
40144 | + | |
40145 | + if(dev == NULL) { | |
40146 | + KLIPS_PRINT(debug_tunnel & DB_TN_INIT, | |
40147 | + "klips_debug:ipsec_tunnel_ioctl: " | |
40148 | + "device not supplied.\n"); | |
40149 | + return -ENODEV; | |
40150 | + } | |
40151 | + | |
40152 | + KLIPS_PRINT(debug_tunnel & DB_TN_INIT, | |
40153 | + "klips_debug:ipsec_tunnel_ioctl: " | |
40154 | + "tncfg service call #%d for dev=%s\n", | |
40155 | + cmd, | |
40156 | + dev->name ? dev->name : "NULL"); | |
40157 | + switch (cmd) { | |
40158 | + /* attach a virtual ipsec? device to a physical device */ | |
40159 | + case IPSEC_SET_DEV: | |
40160 | + KLIPS_PRINT(debug_tunnel & DB_TN_INIT, | |
40161 | + "klips_debug:ipsec_tunnel_ioctl: " | |
40162 | + "calling ipsec_tunnel_attatch...\n"); | |
40163 | +#ifdef CONFIG_IP_ALIAS | |
40164 | + /* If this is an IP alias interface, get its real physical name */ | |
40165 | + strncpy(realphysname, cf->cf_name, IFNAMSIZ); | |
40166 | + realphysname[IFNAMSIZ-1] = 0; | |
40167 | + colon = strchr(realphysname, ':'); | |
40168 | + if (colon) *colon = 0; | |
40169 | + them = ipsec_dev_get(realphysname); | |
40170 | +#else /* CONFIG_IP_ALIAS */ | |
40171 | + them = ipsec_dev_get(cf->cf_name); | |
40172 | +#endif /* CONFIG_IP_ALIAS */ | |
40173 | + | |
40174 | + if (them == NULL) { | |
40175 | + KLIPS_PRINT(debug_tunnel & DB_TN_INIT, | |
40176 | + "klips_debug:ipsec_tunnel_ioctl: " | |
40177 | + "physical device %s requested is null\n", | |
40178 | + cf->cf_name); | |
40179 | + return -ENXIO; | |
40180 | + } | |
40181 | + | |
40182 | +#if 0 | |
40183 | + if (them->flags & IFF_UP) { | |
40184 | + KLIPS_PRINT(debug_tunnel & DB_TN_INIT, | |
40185 | + "klips_debug:ipsec_tunnel_ioctl: " | |
40186 | + "physical device %s requested is not up.\n", | |
40187 | + cf->cf_name); | |
40188 | + ipsec_dev_put(them); | |
40189 | + return -ENXIO; | |
40190 | + } | |
40191 | +#endif | |
40192 | + | |
40193 | + if (prv && prv->dev) { | |
40194 | + KLIPS_PRINT(debug_tunnel & DB_TN_INIT, | |
40195 | + "klips_debug:ipsec_tunnel_ioctl: " | |
40196 | + "virtual device is already connected to %s.\n", | |
40197 | + prv->dev->name ? prv->dev->name : "NULL"); | |
40198 | + ipsec_dev_put(them); | |
40199 | + return -EBUSY; | |
40200 | + } | |
40201 | + return ipsec_tunnel_attach(dev, them); | |
40202 | + | |
40203 | + case IPSEC_DEL_DEV: | |
40204 | + KLIPS_PRINT(debug_tunnel & DB_TN_INIT, | |
40205 | + "klips_debug:ipsec_tunnel_ioctl: " | |
40206 | + "calling ipsec_tunnel_detatch.\n"); | |
40207 | + if (! prv->dev) { | |
40208 | + KLIPS_PRINT(debug_tunnel & DB_TN_INIT, | |
40209 | + "klips_debug:ipsec_tunnel_ioctl: " | |
40210 | + "physical device not connected.\n"); | |
40211 | + return -ENODEV; | |
40212 | + } | |
40213 | + return ipsec_tunnel_detach(dev); | |
40214 | + | |
40215 | + case IPSEC_CLR_DEV: | |
40216 | + KLIPS_PRINT(debug_tunnel & DB_TN_INIT, | |
40217 | + "klips_debug:ipsec_tunnel_ioctl: " | |
40218 | + "calling ipsec_tunnel_clear.\n"); | |
40219 | + return ipsec_tunnel_clear(); | |
40220 | + | |
40221 | + default: | |
40222 | + KLIPS_PRINT(debug_tunnel & DB_TN_INIT, | |
40223 | + "klips_debug:ipsec_tunnel_ioctl: " | |
40224 | + "unknown command %d.\n", | |
40225 | + cmd); | |
40226 | + return -EOPNOTSUPP; | |
40227 | + } | |
40228 | +} | |
40229 | + | |
40230 | +struct net_device *ipsec_get_device(int inst) | |
40231 | +{ | |
40232 | + struct net_device *ipsec_dev; | |
40233 | + | |
40234 | + ipsec_dev = NULL; | |
40235 | + | |
40236 | + if(inst < IPSEC_NUM_IF) { | |
40237 | + ipsec_dev = ipsecdevices[inst]; | |
40238 | + } | |
40239 | + | |
40240 | + return ipsec_dev; | |
40241 | +} | |
40242 | + | |
40243 | +int | |
40244 | +ipsec_device_event(struct notifier_block *unused, unsigned long event, void *ptr) | |
40245 | +{ | |
40246 | + struct net_device *dev = ptr; | |
40247 | + struct net_device *ipsec_dev; | |
40248 | + struct ipsecpriv *priv; | |
40249 | + int i; | |
40250 | + | |
40251 | + if (dev == NULL) { | |
40252 | + KLIPS_PRINT(debug_tunnel & DB_TN_INIT, | |
40253 | + "klips_debug:ipsec_device_event: " | |
40254 | + "dev=NULL for event type %ld.\n", | |
40255 | + event); | |
40256 | + return(NOTIFY_DONE); | |
40257 | + } | |
40258 | + | |
40259 | + /* check for loopback devices */ | |
40260 | + if (dev && (dev->flags & IFF_LOOPBACK)) { | |
40261 | + return(NOTIFY_DONE); | |
40262 | + } | |
40263 | + | |
40264 | + switch (event) { | |
40265 | + case NETDEV_DOWN: | |
40266 | + /* look very carefully at the scope of these compiler | |
40267 | + directives before changing anything... -- RGB */ | |
40268 | +#ifdef NET_21 | |
40269 | + case NETDEV_UNREGISTER: | |
40270 | + switch (event) { | |
40271 | + case NETDEV_DOWN: | |
40272 | +#endif /* NET_21 */ | |
40273 | + KLIPS_PRINT(debug_tunnel & DB_TN_INIT, | |
40274 | + "klips_debug:ipsec_device_event: " | |
40275 | + "NETDEV_DOWN dev=%s flags=%x\n", | |
40276 | + dev->name, | |
40277 | + dev->flags); | |
40278 | + if(strncmp(dev->name, "ipsec", strlen("ipsec")) == 0) { | |
40279 | + printk(KERN_CRIT "IPSEC EVENT: KLIPS device %s shut down.\n", | |
40280 | + dev->name); | |
40281 | + } | |
40282 | +#ifdef NET_21 | |
40283 | + break; | |
40284 | + case NETDEV_UNREGISTER: | |
40285 | + KLIPS_PRINT(debug_tunnel & DB_TN_INIT, | |
40286 | + "klips_debug:ipsec_device_event: " | |
40287 | + "NETDEV_UNREGISTER dev=%s flags=%x\n", | |
40288 | + dev->name, | |
40289 | + dev->flags); | |
40290 | + break; | |
40291 | + } | |
40292 | +#endif /* NET_21 */ | |
40293 | + | |
40294 | + /* find the attached physical device and detach it. */ | |
40295 | + for(i = 0; i < IPSEC_NUM_IF; i++) { | |
40296 | + ipsec_dev = ipsecdevices[i]; | |
40297 | + | |
40298 | + if(ipsec_dev) { | |
40299 | + priv = (struct ipsecpriv *)(ipsec_dev->priv); | |
40300 | + if(priv) { | |
40301 | + ; | |
40302 | + if(((struct net_device *)(priv->dev)) == dev) { | |
40303 | + /* dev_close(ipsec_dev); */ | |
40304 | + /* return */ ipsec_tunnel_detach(ipsec_dev); | |
40305 | + KLIPS_PRINT(debug_tunnel & DB_TN_INIT, | |
40306 | + "klips_debug:ipsec_device_event: " | |
40307 | + "device '%s' has been detached.\n", | |
40308 | + ipsec_dev->name); | |
40309 | + break; | |
40310 | + } | |
40311 | + } else { | |
40312 | + KLIPS_PRINT(debug_tunnel & DB_TN_INIT, | |
40313 | + "klips_debug:ipsec_device_event: " | |
40314 | + "device '%s' has no private data space!\n", | |
40315 | + ipsec_dev->name); | |
40316 | + } | |
40317 | + } | |
40318 | + } | |
40319 | + break; | |
40320 | + case NETDEV_UP: | |
40321 | + KLIPS_PRINT(debug_tunnel & DB_TN_INIT, | |
40322 | + "klips_debug:ipsec_device_event: " | |
40323 | + "NETDEV_UP dev=%s\n", | |
40324 | + dev->name); | |
40325 | + break; | |
40326 | +#ifdef NET_21 | |
40327 | + case NETDEV_REBOOT: | |
40328 | + KLIPS_PRINT(debug_tunnel & DB_TN_INIT, | |
40329 | + "klips_debug:ipsec_device_event: " | |
40330 | + "NETDEV_REBOOT dev=%s\n", | |
40331 | + dev->name); | |
40332 | + break; | |
40333 | + case NETDEV_CHANGE: | |
40334 | + KLIPS_PRINT(debug_tunnel & DB_TN_INIT, | |
40335 | + "klips_debug:ipsec_device_event: " | |
40336 | + "NETDEV_CHANGE dev=%s flags=%x\n", | |
40337 | + dev->name, | |
40338 | + dev->flags); | |
40339 | + break; | |
40340 | + case NETDEV_REGISTER: | |
40341 | + KLIPS_PRINT(debug_tunnel & DB_TN_INIT, | |
40342 | + "klips_debug:ipsec_device_event: " | |
40343 | + "NETDEV_REGISTER dev=%s\n", | |
40344 | + dev->name); | |
40345 | + break; | |
40346 | + case NETDEV_CHANGEMTU: | |
40347 | + KLIPS_PRINT(debug_tunnel & DB_TN_INIT, | |
40348 | + "klips_debug:ipsec_device_event: " | |
40349 | + "NETDEV_CHANGEMTU dev=%s to mtu=%d\n", | |
40350 | + dev->name, | |
40351 | + dev->mtu); | |
40352 | + break; | |
40353 | + case NETDEV_CHANGEADDR: | |
40354 | + KLIPS_PRINT(debug_tunnel & DB_TN_INIT, | |
40355 | + "klips_debug:ipsec_device_event: " | |
40356 | + "NETDEV_CHANGEADDR dev=%s\n", | |
40357 | + dev->name); | |
40358 | + break; | |
40359 | + case NETDEV_GOING_DOWN: | |
40360 | + KLIPS_PRINT(debug_tunnel & DB_TN_INIT, | |
40361 | + "klips_debug:ipsec_device_event: " | |
40362 | + "NETDEV_GOING_DOWN dev=%s\n", | |
40363 | + dev->name); | |
40364 | + break; | |
40365 | + case NETDEV_CHANGENAME: | |
40366 | + KLIPS_PRINT(debug_tunnel & DB_TN_INIT, | |
40367 | + "klips_debug:ipsec_device_event: " | |
40368 | + "NETDEV_CHANGENAME dev=%s\n", | |
40369 | + dev->name); | |
40370 | + break; | |
40371 | +#endif /* NET_21 */ | |
40372 | + default: | |
40373 | + KLIPS_PRINT(debug_tunnel & DB_TN_INIT, | |
40374 | + "klips_debug:ipsec_device_event: " | |
40375 | + "event type %ld unrecognised for dev=%s\n", | |
40376 | + event, | |
40377 | + dev->name); | |
40378 | + break; | |
40379 | + } | |
40380 | + return NOTIFY_DONE; | |
40381 | +} | |
40382 | + | |
40383 | +/* | |
40384 | + * Called when an ipsec tunnel device is initialized. | |
40385 | + * The ipsec tunnel device structure is passed to us. | |
40386 | + */ | |
40387 | + | |
40388 | +int | |
40389 | +ipsec_tunnel_init(struct net_device *dev) | |
40390 | +{ | |
40391 | + int i; | |
40392 | + | |
40393 | + KLIPS_PRINT(debug_tunnel, | |
40394 | + "klips_debug:ipsec_tunnel_init: " | |
40395 | + "allocating %lu bytes initialising device: %s\n", | |
40396 | + (unsigned long) sizeof(struct ipsecpriv), | |
40397 | + dev->name ? dev->name : "NULL"); | |
40398 | + | |
40399 | + /* Add our tunnel functions to the device */ | |
40400 | + dev->open = ipsec_tunnel_open; | |
40401 | + dev->stop = ipsec_tunnel_close; | |
40402 | + dev->hard_start_xmit = ipsec_tunnel_start_xmit; | |
40403 | + dev->get_stats = ipsec_tunnel_get_stats; | |
40404 | + | |
40405 | + dev->priv = kmalloc(sizeof(struct ipsecpriv), GFP_KERNEL); | |
40406 | + if (dev->priv == NULL) | |
40407 | + return -ENOMEM; | |
40408 | + memset((caddr_t)(dev->priv), 0, sizeof(struct ipsecpriv)); | |
40409 | + | |
40410 | + for(i = 0; i < sizeof(zeroes); i++) { | |
40411 | + ((__u8*)(zeroes))[i] = 0; | |
40412 | + } | |
40413 | + | |
40414 | +#ifndef NET_21 | |
40415 | + /* Initialize the tunnel device structure */ | |
40416 | + for (i = 0; i < DEV_NUMBUFFS; i++) | |
40417 | + skb_queue_head_init(&dev->buffs[i]); | |
40418 | +#endif /* !NET_21 */ | |
40419 | + | |
40420 | + dev->set_multicast_list = NULL; | |
40421 | + dev->do_ioctl = ipsec_tunnel_ioctl; | |
40422 | + dev->hard_header = NULL; | |
40423 | + dev->rebuild_header = NULL; | |
40424 | + dev->set_mac_address = NULL; | |
40425 | +#ifndef NET_21 | |
40426 | + dev->header_cache_bind = NULL; | |
40427 | +#endif /* !NET_21 */ | |
40428 | + dev->header_cache_update= NULL; | |
40429 | + | |
40430 | +#ifdef NET_21 | |
40431 | +/* prv->neigh_setup = NULL; */ | |
40432 | + dev->neigh_setup = ipsec_tunnel_neigh_setup_dev; | |
40433 | +#endif /* NET_21 */ | |
40434 | + dev->hard_header_len = 0; | |
40435 | + dev->mtu = 0; | |
40436 | + dev->addr_len = 0; | |
40437 | + dev->type = ARPHRD_VOID; /* ARPHRD_TUNNEL; */ /* ARPHRD_ETHER; */ | |
40438 | + dev->tx_queue_len = 10; /* Small queue */ | |
40439 | + memset((caddr_t)(dev->broadcast),0xFF, ETH_ALEN); /* what if this is not attached to ethernet? */ | |
40440 | + | |
40441 | + /* New-style flags. */ | |
40442 | + dev->flags = IFF_NOARP /* 0 */ /* Petr Novak */; | |
40443 | + | |
40444 | +#if 0 | |
40445 | +#ifdef NET_21 | |
40446 | + dev_init_buffers(dev); | |
40447 | +#else /* NET_21 */ | |
40448 | + dev->family = AF_INET; | |
40449 | + dev->pa_addr = 0; | |
40450 | + dev->pa_brdaddr = 0; | |
40451 | + dev->pa_mask = 0; | |
40452 | + dev->pa_alen = 4; | |
40453 | +#endif /* NET_21 */ | |
40454 | +#endif | |
40455 | + | |
40456 | + /* We're done. Have I forgotten anything? */ | |
40457 | + return 0; | |
40458 | +} | |
40459 | + | |
40460 | +/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ | |
40461 | +/* Module specific interface (but it links with the rest of IPSEC) */ | |
40462 | +/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ | |
40463 | + | |
40464 | +int | |
40465 | +ipsec_tunnel_probe(struct net_device *dev) | |
40466 | +{ | |
40467 | + ipsec_tunnel_init(dev); | |
40468 | + return 0; | |
40469 | +} | |
40470 | + | |
40471 | +struct net_device *ipsecdevices[IPSEC_NUM_IF]; | |
40472 | + | |
40473 | +int | |
40474 | +ipsec_tunnel_init_devices(void) | |
40475 | +{ | |
40476 | + int i; | |
40477 | + char name[IFNAMSIZ]; | |
40478 | + struct net_device *dev_ipsec; | |
40479 | + | |
40480 | + KLIPS_PRINT(debug_tunnel & DB_TN_INIT, | |
40481 | + "klips_debug:ipsec_tunnel_init_devices: " | |
40482 | + "creating and registering IPSEC_NUM_IF=%u devices, allocating %lu per device, IFNAMSIZ=%u.\n", | |
40483 | + IPSEC_NUM_IF, | |
40484 | + (unsigned long) (sizeof(struct net_device) + IFNAMSIZ), | |
40485 | + IFNAMSIZ); | |
40486 | + | |
40487 | + for(i = 0; i < IPSEC_NUM_IF; i++) { | |
40488 | + sprintf(name, IPSEC_DEV_FORMAT, i); | |
40489 | + dev_ipsec = (struct net_device*)kmalloc(sizeof(struct net_device), GFP_KERNEL); | |
40490 | + if (dev_ipsec == NULL) { | |
40491 | + KLIPS_PRINT(debug_tunnel & DB_TN_INIT, | |
40492 | + "klips_debug:ipsec_tunnel_init_devices: " | |
40493 | + "failed to allocate memory for device %s, quitting device init.\n", | |
40494 | + name); | |
40495 | + return -ENOMEM; | |
40496 | + } | |
40497 | + memset((caddr_t)dev_ipsec, 0, sizeof(struct net_device)); | |
40498 | +#ifdef NETDEV_23 | |
40499 | + strncpy(dev_ipsec->name, name, sizeof(dev_ipsec->name)); | |
40500 | +#else /* NETDEV_23 */ | |
40501 | + dev_ipsec->name = (char*)kmalloc(IFNAMSIZ, GFP_KERNEL); | |
40502 | + if (dev_ipsec->name == NULL) { | |
40503 | + KLIPS_PRINT(debug_tunnel & DB_TN_INIT, | |
40504 | + "klips_debug:ipsec_tunnel_init_devices: " | |
40505 | + "failed to allocate memory for device %s name, quitting device init.\n", | |
40506 | + name); | |
40507 | + return -ENOMEM; | |
40508 | + } | |
40509 | + memset((caddr_t)dev_ipsec->name, 0, IFNAMSIZ); | |
40510 | + strncpy(dev_ipsec->name, name, IFNAMSIZ); | |
40511 | +#endif /* NETDEV_23 */ | |
40512 | + dev_ipsec->next = NULL; | |
40513 | + dev_ipsec->init = &ipsec_tunnel_probe; | |
40514 | + KLIPS_PRINT(debug_tunnel & DB_TN_INIT, | |
40515 | + "klips_debug:ipsec_tunnel_init_devices: " | |
40516 | + "registering device %s\n", | |
40517 | + dev_ipsec->name); | |
40518 | + | |
40519 | + /* reference and hold the device reference */ | |
40520 | + dev_hold(dev_ipsec); | |
40521 | + ipsecdevices[i]=dev_ipsec; | |
40522 | + | |
40523 | + if (register_netdev(dev_ipsec) != 0) { | |
40524 | + KLIPS_PRINT(1 || debug_tunnel & DB_TN_INIT, | |
40525 | + "klips_debug:ipsec_tunnel_init_devices: " | |
40526 | + "registering device %s failed, quitting device init.\n", | |
40527 | + dev_ipsec->name); | |
40528 | + return -EIO; | |
40529 | + } else { | |
40530 | + KLIPS_PRINT(debug_tunnel & DB_TN_INIT, | |
40531 | + "klips_debug:ipsec_tunnel_init_devices: " | |
40532 | + "registering device %s succeeded, continuing...\n", | |
40533 | + dev_ipsec->name); | |
40534 | + } | |
40535 | + } | |
40536 | + return 0; | |
40537 | +} | |
40538 | + | |
40539 | +/* void */ | |
40540 | +int | |
40541 | +ipsec_tunnel_cleanup_devices(void) | |
40542 | +{ | |
40543 | + int error = 0; | |
40544 | + int i; | |
40545 | + struct net_device *dev_ipsec; | |
40546 | + | |
40547 | + for(i = 0; i < IPSEC_NUM_IF; i++) { | |
40548 | + dev_ipsec = ipsecdevices[i]; | |
40549 | + if(dev_ipsec == NULL) { | |
40550 | + continue; | |
40551 | + } | |
40552 | + | |
40553 | + /* release reference */ | |
40554 | + ipsecdevices[i]=NULL; | |
40555 | + ipsec_dev_put(dev_ipsec); | |
40556 | + | |
40557 | + KLIPS_PRINT(debug_tunnel, "Unregistering %s (refcnt=%d)\n", | |
40558 | + dev_ipsec->name, | |
40559 | + atomic_read(&dev_ipsec->refcnt)); | |
40560 | + unregister_netdev(dev_ipsec); | |
40561 | + KLIPS_PRINT(debug_tunnel, "Unregisted %s\n", dev_ipsec->name); | |
40562 | +#ifndef NETDEV_23 | |
40563 | + kfree(dev_ipsec->name); | |
40564 | + dev_ipsec->name=NULL; | |
40565 | +#endif /* !NETDEV_23 */ | |
40566 | + kfree(dev_ipsec->priv); | |
40567 | + dev_ipsec->priv=NULL; | |
40568 | + } | |
40569 | + return error; | |
40570 | +} | |
40571 | + | |
40572 | +/* | |
40573 | + * $Log: ipsec_tunnel.c,v $ | |
40574 | + * Revision 1.232.2.5 2006/10/06 21:39:26 paul | |
40575 | + * Fix for 2.6.18+ only include linux/config.h if AUTOCONF_INCLUDED is not | |
40576 | + * set. This is defined through autoconf.h which is included through the | |
40577 | + * linux kernel build macros. | |
40578 | + * | |
40579 | + * Revision 1.232.2.4 2006/03/28 20:58:19 ken | |
40580 | + * Fix for KLIPS on 2.6.16 - need to include <net/arp.h> now | |
40581 | + * | |
40582 | + * Revision 1.232.2.3 2006/02/15 05:14:12 paul | |
40583 | + * 568: uninitialized struct in ipsec_tunnel.c coud break routing under 2.6 kernels | |
40584 | + * ipsec_tunnel_send() calls the entry point function of routing subsystem | |
40585 | + * (ip_route_output_key()) using a not fully initialized struct of type | |
40586 | + * struct flowi. | |
40587 | + * This will cause a failure in routing packets through an ipsec interface | |
40588 | + * when patches for multipath routing from http://www.ssi.bg/~ja/ | |
40589 | + * are applied. | |
40590 | + * | |
40591 | + * Revision 1.232.2.2 2005/11/22 04:11:52 ken | |
40592 | + * Backport fixes for 2.6.14 kernels from HEAD | |
40593 | + * | |
40594 | + * Revision 1.232.2.1 2005/09/21 22:57:43 paul | |
40595 | + * pulled up compile fix for 2.6.13 | |
40596 | + * | |
40597 | + * Revision 1.232 2005/06/04 16:06:06 mcr | |
40598 | + * better patch for nat-t rcv-device code. | |
40599 | + * | |
40600 | + * Revision 1.231 2005/05/21 03:28:51 mcr | |
40601 | + * make sure that port-500 hole is used for port-4500 as well. | |
40602 | + * | |
40603 | + * Revision 1.230 2005/05/11 01:42:04 mcr | |
40604 | + * removal of debugging showed useless/wrong variables used. | |
40605 | + * | |
40606 | + * Revision 1.229 2005/04/29 05:10:22 mcr | |
40607 | + * removed from extraenous includes to make unit testing easier. | |
40608 | + * | |
40609 | + * Revision 1.228 2005/01/26 00:50:35 mcr | |
40610 | + * adjustment of confusion of CONFIG_IPSEC_NAT vs CONFIG_KLIPS_NAT, | |
40611 | + * and make sure that NAT_TRAVERSAL is set as well to match | |
40612 | + * userspace compiles of code. | |
40613 | + * | |
40614 | + * Revision 1.227 2004/12/10 21:16:08 ken | |
40615 | + * 64bit fixes from Opteron port of KLIPS 2.6 | |
40616 | + * | |
40617 | + * Revision 1.226 2004/12/04 07:11:23 mcr | |
40618 | + * fix for snmp SIOCPRIVATE use of snmpd. | |
40619 | + * http://bugs.xelerance.com/view.php?id=144 | |
40620 | + * | |
40621 | + * Revision 1.225 2004/12/03 21:25:57 mcr | |
40622 | + * compile time fixes for running on 2.6. | |
40623 | + * still experimental. | |
40624 | + * | |
40625 | + * Revision 1.224 2004/08/14 03:28:24 mcr | |
40626 | + * fixed log comment to remove warning about embedded comment. | |
40627 | + * | |
40628 | + * Revision 1.223 2004/08/04 15:57:07 mcr | |
40629 | + * moved des .h files to include/des/ * | |
40630 | + * included 2.6 protocol specific things | |
40631 | + * started at NAT-T support, but it will require a kernel patch. | |
40632 | + * | |
40633 | + * Revision 1.222 2004/08/03 18:19:08 mcr | |
40634 | + * in 2.6, use "net_device" instead of #define device->net_device. | |
40635 | + * this probably breaks 2.0 compiles. | |
40636 | + * | |
40637 | + * Revision 1.221 2004/07/10 19:11:18 mcr | |
40638 | + * CONFIG_IPSEC -> CONFIG_KLIPS. | |
40639 | + * | |
40640 | + * Revision 1.220 2004/04/06 02:49:26 mcr | |
40641 | + * pullup of algo code from alg-branch. | |
40642 | + * | |
40643 | + * Revision 1.219 2004/02/03 03:13:17 mcr | |
40644 | + * minor edits for readability, and error reporting. | |
40645 | + * | |
40646 | + * Revision 1.218 2004/01/27 20:29:20 mcr | |
40647 | + * fix for unregister_netdev() problem for underlying eth0. | |
40648 | + * | |
40649 | + * Revision 1.217 2003/12/10 01:14:27 mcr | |
40650 | + * NAT-traversal patches to KLIPS. | |
40651 | + * | |
40652 | + * Revision 1.216 2003/12/04 23:01:17 mcr | |
40653 | + * removed ipsec_netlink.h | |
40654 | + * | |
40655 | + * Revision 1.215 2003/12/04 16:35:16 ken | |
40656 | + * Fix for ATM devices where physdev->hard_header_len *is* correct | |
40657 | + * | |
40658 | + * Revision 1.214 2003/11/25 23:52:37 mcr | |
40659 | + * fix typo in patch - ixs-> needed. | |
40660 | + * | |
40661 | + * Revision 1.213 2003/11/24 18:25:49 mcr | |
40662 | + * patch from willy@w.ods.org to fix problems with ATM interfaces. | |
40663 | + * | |
40664 | + * Revision 1.212 2003/10/31 02:27:55 mcr | |
40665 | + * pulled up port-selector patches and sa_id elimination. | |
40666 | + * | |
40667 | + * Revision 1.211.2.2 2003/10/29 01:30:41 mcr | |
40668 | + * elimited "struct sa_id". | |
40669 | + * | |
40670 | + * Revision 1.211.2.1 2003/09/21 13:59:56 mcr | |
40671 | + * pre-liminary X.509 patch - does not yet pass tests. | |
40672 | + * | |
40673 | + * Revision 1.211 2003/09/10 16:46:30 mcr | |
40674 | + * patches for 2.4 backport/2.6 existence. | |
40675 | + * | |
40676 | + * Revision 1.210 2003/07/31 22:47:16 mcr | |
40677 | + * preliminary (untested by FS-team) 2.5 patches. | |
40678 | + * | |
40679 | + * Revision 1.209 2003/06/22 21:28:43 mcr | |
40680 | + * inability to unload module was caused by calls to dev_get | |
40681 | + * (ipsec_dev_get), to gather a device from a name. There is | |
40682 | + * simply no reason to look the devices up - they should be kept | |
40683 | + * in a nice array, ready for use. | |
40684 | + * | |
40685 | + * Revision 1.208 2003/06/22 21:25:07 mcr | |
40686 | + * all staticly counted ipsecXXX device support removed. | |
40687 | + * | |
40688 | + * Revision 1.207 2003/04/02 20:15:37 mcr | |
40689 | + * fix for PR#204 - do not clear connection tracking info if we | |
40690 | + * the packet is being sent in the clear. | |
40691 | + * | |
40692 | + * Revision 1.206 2003/02/12 19:32:51 rgb | |
40693 | + * Refactored file to: | |
40694 | + * ipsec_xmit.c | |
40695 | + * ipsec_xmit.h | |
40696 | + * ipsec_mast.c | |
40697 | + * | |
40698 | + * Revision 1.205 2003/02/06 17:47:00 rgb | |
40699 | + * | |
40700 | + * Remove unused ipsec_tunnel_lock() and ipsec_tunnel_unlock() code. | |
40701 | + * Refactor ipsec_tunnel_start_xmit() further into: | |
40702 | + * ipsec_xmit_sanity_check_dev() | |
40703 | + * ipsec_xmit_sanity_check_skb() | |
40704 | + * ipsec_xmit_strip_hard_header() | |
40705 | + * ipsec_xmit_restore_hard_header() | |
40706 | + * ipsec_xmit_send() | |
40707 | + * ipsec_xmit_cleanup() | |
40708 | + * and start a skeletal ipsec_mast_start_xmit() . | |
40709 | + * | |
40710 | + * Revision 1.204 2003/02/06 06:43:46 rgb | |
40711 | + * | |
40712 | + * Refactor ipsec_tunnel_start_xmit, bringing out: | |
40713 | + * ipsec_xmit_SAlookup | |
40714 | + * ipsec_xmit_encap_once | |
40715 | + * ipsec_xmit_encap_bundle | |
40716 | + * | |
40717 | + * Revision 1.203 2003/02/06 02:21:34 rgb | |
40718 | + * | |
40719 | + * Moved "struct auth_alg" from ipsec_rcv.c to ipsec_ah.h . | |
40720 | + * Changed "struct ah" to "struct ahhdr" and "struct esp" to "struct esphdr". | |
40721 | + * Removed "#ifdef INBOUND_POLICY_CHECK_eroute" dead code. | |
40722 | + * | |
40723 | + * Revision 1.202 2003/01/03 07:38:01 rgb | |
40724 | + * | |
40725 | + * Start to refactor ipsec_tunnel_start_xmit() by putting local variables | |
40726 | + * into struct ipsec_xmit_state and renaming a few variables to give more | |
40727 | + * unique or searchable names. | |
40728 | + * | |
40729 | + * Revision 1.201 2003/01/03 00:31:28 rgb | |
40730 | + * | |
40731 | + * Clean up memset usage, including fixing 2 places where keys were not | |
40732 | + * properly wiped. | |
40733 | + * | |
40734 | + * Revision 1.200 2002/12/06 02:24:02 mcr | |
40735 | + * patches for compiling against SUSE 8.1 kernels. Requires | |
40736 | + * an additional -DSUSE_LINUX_2_4_19_IS_STUPID. | |
40737 | + * | |
40738 | + * Revision 1.199 2002/10/12 23:11:53 dhr | |
40739 | + * | |
40740 | + * [KenB + DHR] more 64-bit cleanup | |
40741 | + * | |
40742 | + * Revision 1.198 2002/10/05 05:02:58 dhr | |
40743 | + * | |
40744 | + * C labels go on statements | |
40745 | + * | |
40746 | + * Revision 1.197 2002/09/20 05:01:50 rgb | |
40747 | + * Added compiler directive to switch on IP options and fix IP options bug. | |
40748 | + * Make ip->ihl treatment consistent using shifts rather than multiplications. | |
40749 | + * Check for large enough packet before accessing udp header for IKE bypass. | |
40750 | + * Added memory allocation debugging. | |
40751 | + * Fixed potential memory allocation failure-induced oops. | |
40752 | + * | |
40753 | + * Revision 1.196 2002/07/24 18:44:54 rgb | |
40754 | + * Type fiddling to tame ia64 compiler. | |
40755 | + * | |
40756 | + * Revision 1.195 2002/07/23 03:36:07 rgb | |
40757 | + * Fixed 2.2 device initialisation hang. | |
40758 | + * | |
40759 | + * Revision 1.194 2002/05/27 21:40:34 rgb | |
40760 | + * Set unused ipsec devices to ARPHRD_VOID to avoid confusing iproute2. | |
40761 | + * Cleaned up intermediate step to dynamic device allocation. | |
40762 | + * | |
40763 | + * Revision 1.193 2002/05/27 19:31:36 rgb | |
40764 | + * Convert to dynamic ipsec device allocation. | |
40765 | + * Remove final vistiges of tdb references via IPSEC_KLIPS1_COMPAT. | |
40766 | + * | |
40767 | + * Revision 1.192 2002/05/23 07:14:28 rgb | |
40768 | + * Added refcount code. | |
40769 | + * Cleaned up %p variants to 0p%p for test suite cleanup. | |
40770 | + * | |
40771 | + * Revision 1.191 2002/05/14 02:34:37 rgb | |
40772 | + * Change all references to tdb, TDB or Tunnel Descriptor Block to ips, | |
40773 | + * ipsec_sa or ipsec_sa. | |
40774 | + * | |
40775 | + * Revision 1.190 2002/04/24 07:55:32 mcr | |
40776 | + * #include patches and Makefiles for post-reorg compilation. | |
40777 | + * | |
40778 | + * Revision 1.189 2002/04/24 07:36:32 mcr | |
40779 | + * Moved from ./klips/net/ipsec/ipsec_tunnel.c,v | |
40780 | + * | |
40781 | + * Revision 1.188 2002/04/20 00:12:25 rgb | |
40782 | + * Added esp IV CBC attack fix, disabled. | |
40783 | + * | |
40784 | + * Revision 1.187 2002/03/23 19:55:17 rgb | |
40785 | + * Fix for 2.2 local IKE fragmentation blackhole. Still won't work if | |
40786 | + * iptraf or another pcap app is running. | |
40787 | + * | |
40788 | + * Revision 1.186 2002/03/19 03:26:22 rgb | |
40789 | + * Applied DHR's tunnel patch to streamline IKE/specialSA processing. | |
40790 | + * | |
40791 | + * Revision 1.185 2002/02/20 04:13:05 rgb | |
40792 | + * Send back ICMP_PKT_FILTERED upon %reject. | |
40793 | + * | |
40794 | + * Revision 1.184 2002/01/29 17:17:56 mcr | |
40795 | + * moved include of ipsec_param.h to after include of linux/kernel.h | |
40796 | + * otherwise, it seems that some option that is set in ipsec_param.h | |
40797 | + * screws up something subtle in the include path to kernel.h, and | |
40798 | + * it complains on the snprintf() prototype. | |
40799 | + * | |
40800 | + * Revision 1.183 2002/01/29 04:00:53 mcr | |
40801 | + * more excise of kversions.h header. | |
40802 | + * | |
40803 | + * Revision 1.182 2002/01/29 02:13:18 mcr | |
40804 | + * introduction of ipsec_kversion.h means that include of | |
40805 | + * ipsec_param.h must preceed any decisions about what files to | |
40806 | + * include to deal with differences in kernel source. | |
40807 | + * | |
40808 | + * Revision 1.181 2002/01/07 20:00:33 rgb | |
40809 | + * Added IKE destination port debugging. | |
40810 | + * | |
40811 | + * Revision 1.180 2001/12/21 21:49:54 rgb | |
40812 | + * Fixed bug as a result of moving IKE bypass above %trap/%hold code. | |
40813 | + * | |
40814 | + * Revision 1.179 2001/12/19 21:08:14 rgb | |
40815 | + * Added transport protocol ports to ipsec_print_ip(). | |
40816 | + * Update eroute info for non-SA targets. | |
40817 | + * Added obey DF code disabled. | |
40818 | + * Fixed formatting bugs in ipsec_tunnel_hard_header(). | |
40819 | + * | |
40820 | + * Revision 1.178 2001/12/05 09:36:10 rgb | |
40821 | + * Moved the UDP/500 IKE check just above the %hold/%trap checks to avoid | |
40822 | + * IKE packets being stolen by the %hold (and returned to the sending KMd | |
40823 | + * in an ACQUIRE, ironically ;-). | |
40824 | + * | |
40825 | + * Revision 1.177 2001/11/26 09:23:50 rgb | |
40826 | + * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes. | |
40827 | + * | |
40828 | + * Revision 1.170.2.1 2001/09/25 02:28:27 mcr | |
40829 | + * struct tdb -> struct ipsec_sa. | |
40830 | + * lifetime checks moved to common routines. | |
40831 | + * cleaned up includes. | |
40832 | + * | |
40833 | + * Revision 1.170.2.2 2001/10/22 21:08:01 mcr | |
40834 | + * include des.h, removed phony prototypes and fixed calling | |
40835 | + * conventions to match real prototypes. | |
40836 | + * | |
40837 | + * Revision 1.176 2001/11/09 18:32:31 rgb | |
40838 | + * Added Hans Schultz' fragmented UDP/500 IKE socket port selector. | |
40839 | + * | |
40840 | + * Revision 1.175 2001/11/06 20:47:00 rgb | |
40841 | + * Added Eric Espie's TRAPSUBNET fix, minus spin-lock-bh dabbling. | |
40842 | + * | |
40843 | + * Revision 1.174 2001/11/06 19:50:43 rgb | |
40844 | + * Moved IP_SEND, ICMP_SEND, DEV_QUEUE_XMIT macros to ipsec_tunnel.h for | |
40845 | + * use also by pfkey_v2_parser.c | |
40846 | + * | |
40847 | + * Revision 1.173 2001/10/29 21:53:44 henry | |
40848 | + * tone down the device-down message slightly, until we can make it smarter | |
40849 | + * | |
40850 | + * Revision 1.172 2001/10/26 04:59:37 rgb | |
40851 | + * Added a critical level syslog message if an ipsec device goes down. | |
40852 | + * | |
40853 | + * Revision 1.171 2001/10/18 04:45:21 rgb | |
40854 | + * 2.4.9 kernel deprecates linux/malloc.h in favour of linux/slab.h, | |
40855 | + * lib/freeswan.h version macros moved to lib/kversions.h. | |
40856 | + * Other compiler directive cleanups. | |
40857 | + * | |
40858 | + * Revision 1.170 2001/09/25 00:09:50 rgb | |
40859 | + * Added NetCelo's TRAPSUBNET code to convert a new type TRAPSUBNET into a | |
40860 | + * HOLD. | |
40861 | + * | |
40862 | + * Revision 1.169 2001/09/15 16:24:05 rgb | |
40863 | + * Re-inject first and last HOLD packet when an eroute REPLACE is done. | |
40864 | + * | |
40865 | + * Revision 1.168 2001/09/14 16:58:37 rgb | |
40866 | + * Added support for storing the first and last packets through a HOLD. | |
40867 | + * | |
40868 | + * Revision 1.167 2001/09/08 21:13:33 rgb | |
40869 | + * Added pfkey ident extension support for ISAKMPd. (NetCelo) | |
40870 | + * | |
40871 | + * Revision 1.166 2001/08/27 19:47:59 rgb | |
40872 | + * Clear tdb before usage. | |
40873 | + * Added comment: clear IF before calling routing? | |
40874 | + * | |
40875 | + * Revision 1.165 2001/07/03 01:23:53 rgb | |
40876 | + * Send back ICMP iff DF set, !ICMP, offset==0, sysctl_icmp, iph->tot_len > | |
40877 | + * emtu, and don't drop. | |
40878 | + * | |
40879 | + * Revision 1.164 2001/06/14 19:35:10 rgb | |
40880 | + * Update copyright date. | |
40881 | + * | |
40882 | + * Revision 1.163 2001/06/06 20:28:51 rgb | |
40883 | + * Added sanity checks for NULL skbs and devices. | |
40884 | + * Added more debugging output to various functions. | |
40885 | + * Removed redundant dev->priv argument to ipsec_tunnel_{at,de}tach(). | |
40886 | + * Renamed ipsec_tunnel_attach() virtual and physical device arguments. | |
40887 | + * Corrected neigh_setup() device function assignment. | |
40888 | + * Keep valid pointers to ipsec_tunnel_*() on detach. | |
40889 | + * Set dev->type to the originally-initiallised value. | |
40890 | + * | |
40891 | + * Revision 1.162 2001/06/01 07:28:04 rgb | |
40892 | + * Added sanity checks for detached devices. Don't down virtual devices | |
40893 | + * to prevent packets going out in the clear if the detached device comes | |
40894 | + * back up. | |
40895 | + * | |
40896 | + * Revision 1.161 2001/05/30 08:14:52 rgb | |
40897 | + * Removed vestiges of esp-null transforms. | |
40898 | + * NetDev Notifier instrumentation to track down disappearing devices. | |
40899 | + * | |
40900 | + * Revision 1.160 2001/05/29 05:15:12 rgb | |
40901 | + * Added SS' PMTU patch which notifies sender if packet doesn't fit | |
40902 | + * physical MTU (if it wasn't ICMP) and then drops it. | |
40903 | + * | |
40904 | + * Revision 1.159 2001/05/27 06:12:12 rgb | |
40905 | + * Added structures for pid, packet count and last access time to eroute. | |
40906 | + * Added packet count to beginning of /proc/net/ipsec_eroute. | |
40907 | + * | |
40908 | + * Revision 1.158 2001/05/24 05:39:33 rgb | |
40909 | + * Applied source zeroing to 2.2 ip_route_output() call as well to enable | |
40910 | + * PASS eroutes for opportunism. | |
40911 | + * | |
40912 | + * Revision 1.157 2001/05/23 22:35:28 rgb | |
40913 | + * 2.4 source override simplification. | |
40914 | + * | |
40915 | + * Revision 1.156 2001/05/23 21:41:31 rgb | |
40916 | + * Added error return code printing on ip_route_output(). | |
40917 | + * | |
40918 | + * Revision 1.155 2001/05/23 05:09:13 rgb | |
40919 | + * Fixed incorrect ip_route_output() failure message. | |
40920 | + * | |
40921 | + * Revision 1.154 2001/05/21 14:53:31 rgb | |
40922 | + * Added debug statement for case when ip_route_output() fails, causing | |
40923 | + * packet to be dropped, but log looked ok. | |
40924 | + * | |
40925 | + * Revision 1.153 2001/05/19 02:37:54 rgb | |
40926 | + * Fixed missing comment termination. | |
40927 | + * | |
40928 | + * Revision 1.152 2001/05/19 02:35:50 rgb | |
40929 | + * Debug code optimisation for non-debug speed. | |
40930 | + * Kernel version compiler define comments. | |
40931 | + * 2.2 and 2.4 kernel ip_send device and ip debug output added. | |
40932 | + * | |
40933 | + * Revision 1.151 2001/05/18 16:17:35 rgb | |
40934 | + * Changed reference from "magic" to "shunt" SAs. | |
40935 | + * | |
40936 | + * Revision 1.150 2001/05/18 16:12:19 rgb | |
40937 | + * Changed UDP/500 bypass test from 3 nested ifs to one anded if. | |
40938 | + * | |
40939 | + * Revision 1.149 2001/05/16 04:39:33 rgb | |
40940 | + * Add default == eroute.dest to IKE bypass conditions for magic eroutes. | |
40941 | + * | |
40942 | + * Revision 1.148 2001/05/05 03:31:41 rgb | |
40943 | + * IP frag debugging updates and enhancements. | |
40944 | + * | |
40945 | + * Revision 1.147 2001/05/03 19:41:40 rgb | |
40946 | + * Added SS' skb_cow fix for 2.4.4. | |
40947 | + * | |
40948 | + * Revision 1.146 2001/04/30 19:28:16 rgb | |
40949 | + * Update for 2.4.4. ip_select_ident() now has 3 args. | |
40950 | + * | |
40951 | + * Revision 1.145 2001/04/23 14:56:10 rgb | |
40952 | + * Added spin_lock() check to prevent double-locking for multiple | |
40953 | + * transforms and hence kernel lock-ups with SMP kernels. | |
40954 | + * | |
40955 | + * Revision 1.144 2001/04/21 23:04:45 rgb | |
40956 | + * Define out skb->used for 2.4 kernels. | |
40957 | + * Check if soft expire has already been sent before sending another to | |
40958 | + * prevent ACQUIRE flooding. | |
40959 | + * | |
40960 | + * Revision 1.143 2001/03/16 07:37:21 rgb | |
40961 | + * Added comments to all #endifs. | |
40962 | + * | |
40963 | + * Revision 1.142 2001/02/28 05:03:27 rgb | |
40964 | + * Clean up and rationalise startup messages. | |
40965 | + * | |
40966 | + * Revision 1.141 2001/02/27 22:24:54 rgb | |
40967 | + * Re-formatting debug output (line-splitting, joining, 1arg/line). | |
40968 | + * Check for satoa() return codes. | |
40969 | + * | |
40970 | + * Revision 1.140 2001/02/27 06:40:12 rgb | |
40971 | + * Fixed TRAP->HOLD eroute byte order. | |
40972 | + * | |
40973 | + * Revision 1.139 2001/02/26 20:38:59 rgb | |
40974 | + * Added compiler defines for 2.4.x-specific code. | |
40975 | + * | |
40976 | + * Revision 1.138 2001/02/26 19:57:27 rgb | |
40977 | + * Implement magic SAs %drop, %reject, %trap, %hold, %pass as part | |
40978 | + * of the new SPD and to support opportunistic. | |
40979 | + * Drop sysctl_ipsec_{no_eroute_pass,opportunistic}, replaced by magic SAs. | |
40980 | + * | |
40981 | + * Revision 1.137 2001/02/19 22:29:49 rgb | |
40982 | + * Fixes for presence of active ipv6 segments which share ipsec physical | |
40983 | + * device (gg). | |
40984 | + * | |
40985 | + * Revision 1.136 2001/01/29 22:30:38 rgb | |
40986 | + * Fixed minor acquire debug printing bug. | |
40987 | + * | |
40988 | + * Revision 1.135 2001/01/29 22:19:45 rgb | |
40989 | + * Zero source address for 2.4 bypass route lookup. | |
40990 | + * | |
40991 | + * Revision 1.134 2001/01/23 20:19:49 rgb | |
40992 | + * 2.4 fix to remove removed is_clone member. | |
40993 | + * | |
40994 | + * Revision 1.133 2000/12/09 22:08:35 rgb | |
40995 | + * Fix NET_23 bug, should be NETDEV_23. | |
40996 | + * | |
40997 | + * Revision 1.132 2000/12/01 06:54:50 rgb | |
40998 | + * Fix for new 2.4 IP TTL default variable name. | |
40999 | + * | |
41000 | + * Revision 1.131 2000/11/09 20:52:15 rgb | |
41001 | + * More spinlock shuffling, locking earlier and unlocking later in rcv to | |
41002 | + * include ipcomp and prevent races, renaming some tdb variables that got | |
41003 | + * forgotten, moving some unlocks to include tdbs and adding a missing | |
41004 | + * unlock. Thanks to Svenning for some of these. | |
41005 | + * | |
41006 | + * Revision 1.130 2000/11/09 20:11:22 rgb | |
41007 | + * Minor shuffles to fix non-standard kernel config option selection. | |
41008 | + * | |
41009 | + * Revision 1.129 2000/11/06 04:32:49 rgb | |
41010 | + * Clean up debug printing. | |
41011 | + * Copy skb->protocol for all kernel versions. | |
41012 | + * Ditched spin_lock_irqsave in favour of spin_lock. | |
41013 | + * Disabled TTL decrement, done in ip_forward. | |
41014 | + * Added debug printing before pfkey_acquire(). | |
41015 | + * Fixed printk-deltdbchain-spin_lock races (Svenning). | |
41016 | + * Use defaultTTL for 2.1+ kernels. | |
41017 | + * Add Svenning's adaptive content compression. | |
41018 | + * Fix up debug display arguments. | |
41019 | + * | |
41020 | + * Revision 1.128 2000/09/28 00:58:57 rgb | |
41021 | + * Moved the IKE passthrough check after the eroute lookup so we can pass | |
41022 | + * IKE through intermediate tunnels. | |
41023 | + * | |
41024 | + * Revision 1.127 2000/09/22 17:52:11 rgb | |
41025 | + * Fixed misleading ipcomp debug output. | |
41026 | + * | |
41027 | + * Revision 1.126 2000/09/22 04:22:56 rgb | |
41028 | + * Fixed dumb spi->cpi conversion error. | |
41029 | + * | |
41030 | + * Revision 1.125 2000/09/21 04:34:48 rgb | |
41031 | + * A few debug-specific things should be hidden under | |
41032 | + * CONFIG_IPSEC_DEBUG.(MB) | |
41033 | + * Improved ip_send() error handling.(MB) | |
41034 | + * | |
41035 | + * Revision 1.124 2000/09/21 03:40:58 rgb | |
41036 | + * Added more debugging to try and track down the cpi outward copy problem. | |
41037 | + * | |
41038 | + * Revision 1.123 2000/09/19 07:08:49 rgb | |
41039 | + * Added debugging to outgoing compression report. | |
41040 | + * | |
41041 | + * Revision 1.122 2000/09/18 19:21:26 henry | |
41042 | + * RGB-supplied fix for RH5.2 problem | |
41043 | + * | |
41044 | + * Revision 1.121 2000/09/17 21:05:09 rgb | |
41045 | + * Added tdb to skb_compress call to write in cpi. | |
41046 | + * | |
41047 | + * Revision 1.120 2000/09/17 16:57:16 rgb | |
41048 | + * Added Svenning's patch to remove restriction of ipcomp to innermost | |
41049 | + * transform. | |
41050 | + * | |
41051 | + * Revision 1.119 2000/09/15 11:37:01 rgb | |
41052 | + * Merge in heavily modified Svenning Soerensen's <svenning@post5.tele.dk> | |
41053 | + * IPCOMP zlib deflate code. | |
41054 | + * | |
41055 | + * Revision 1.118 2000/09/15 04:57:16 rgb | |
41056 | + * Moved debug output after sanity check. | |
41057 | + * Added tos copy sysctl. | |
41058 | + * | |
41059 | + * Revision 1.117 2000/09/12 03:22:51 rgb | |
41060 | + * Converted ipsec_icmp, no_eroute_pass, opportunistic and #if0 debugs to | |
41061 | + * sysctl. | |
41062 | + * | |
41063 | + * Revision 1.116 2000/09/08 19:18:19 rgb | |
41064 | + * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG. | |
41065 | + * Added outgoing opportunistic hook, ifdef'ed out. | |
41066 | + * | |
41067 | + * Revision 1.115 2000/08/30 05:27:29 rgb | |
41068 | + * Removed all the rest of the references to tdb_spi, tdb_proto, tdb_dst. | |
41069 | + * Kill remainder of tdb_xform, tdb_xdata, xformsw. | |
41070 | + * | |
41071 | + * Revision 1.114 2000/08/28 18:15:46 rgb | |
41072 | + * Added MB's nf-debug reset patch. | |
41073 | + * | |
41074 | + * Revision 1.113 2000/08/27 02:26:40 rgb | |
41075 | + * Send all no-eroute-bypass, pluto-bypass and passthrough packets through | |
41076 | + * fragmentation machinery for 2.0, 2.2 and 2.4 kernels. | |
41077 | + * | |
41078 | + * Revision 1.112 2000/08/20 21:37:33 rgb | |
41079 | + * Activated pfkey_expire() calls. | |
41080 | + * Added a hard/soft expiry parameter to pfkey_expire(). (Momchil) | |
41081 | + * Re-arranged the order of soft and hard expiry to conform to RFC2367. | |
41082 | + * Clean up references to CONFIG_IPSEC_PFKEYv2. | |
41083 | + * | |
41084 | + * Revision 1.111 2000/08/01 14:51:51 rgb | |
41085 | + * Removed _all_ remaining traces of DES. | |
41086 | + * | |
41087 | + * Revision 1.110 2000/07/28 14:58:31 rgb | |
41088 | + * Changed kfree_s to kfree, eliminating extra arg to fix 2.4.0-test5. | |
41089 | + * | |
41090 | + * Revision 1.109 2000/07/28 13:50:54 rgb | |
41091 | + * Changed enet_statistics to net_device_stats and added back compatibility | |
41092 | + * for pre-2.1.19. | |
41093 | + * | |
41094 | + * Revision 1.108 2000/05/16 03:03:11 rgb | |
41095 | + * Updates for 2.3.99pre8 from MB. | |
41096 | + * | |
41097 | + * Revision 1.107 2000/05/10 23:08:21 rgb | |
41098 | + * Print a debug warning about bogus packets received by the outgoing | |
41099 | + * processing machinery only when klipsdebug is not set to none. | |
41100 | + * Comment out the device initialisation informational messages. | |
41101 | + * | |
41102 | + * Revision 1.106 2000/05/10 19:17:14 rgb | |
41103 | + * Define an IP_SEND macro, intending to have all packet passthroughs | |
41104 | + * use fragmentation. This didn't quite work, but is a step in the | |
41105 | + * right direction. | |
41106 | + * Added buffer allocation debugging statements. | |
41107 | + * Added configure option to shut off no eroute passthrough. | |
41108 | + * Only check usetime against soft and hard limits if the tdb has been | |
41109 | + * used. | |
41110 | + * Cast output of ntohl so that the broken prototype doesn't make our | |
41111 | + * compile noisy. | |
41112 | + * | |
41113 | + * Revision 1.105 2000/03/22 16:15:37 rgb | |
41114 | + * Fixed renaming of dev_get (MB). | |
41115 | + * | |
41116 | + * Revision 1.104 2000/03/16 14:04:15 rgb | |
41117 | + * Indented headers for readability. | |
41118 | + * Fixed debug scope to enable compilation with debug off. | |
41119 | + * Added macros for ip_chk_addr and IS_MYADDR for identifying self. | |
41120 | + * | |
41121 | + * Revision 1.103 2000/03/16 07:11:07 rgb | |
41122 | + * Hardcode PF_KEYv2 support. | |
41123 | + * Fixed bug which allowed UDP/500 packet from another machine | |
41124 | + * through in the clear. | |
41125 | + * Added disabled skb->protocol fix for ISDN/ASYNC PPP from Matjaz Godec. | |
41126 | + * | |
41127 | + * Revision 1.102 2000/03/14 12:26:59 rgb | |
41128 | + * Added skb->nfct support for clearing netfilter conntrack bits (MB). | |
41129 | + * | |
41130 | + * Revision 1.101 2000/02/14 21:05:22 rgb | |
41131 | + * Added MB's netif_queue fix for kernels 2.3.43+. | |
41132 | + * | |
41133 | + * Revision 1.100 2000/01/26 10:04:57 rgb | |
41134 | + * Fixed noisy 2.0 printk arguments. | |
41135 | + * | |
41136 | + * Revision 1.99 2000/01/21 06:16:25 rgb | |
41137 | + * Added sanity checks on skb_push(), skb_pull() to prevent panics. | |
41138 | + * Switched to AF_ENCAP macro. | |
41139 | + * Shortened debug output per packet and re-arranging debug_tunnel | |
41140 | + * bitmap flags, while retaining necessary information to avoid | |
41141 | + * trampling the kernel print ring buffer. | |
41142 | + * Reformatted recursion switch code. | |
41143 | + * Changed all references to tdb_proto to tdb_said.proto for clarity. | |
41144 | + * | |
41145 | + * Revision 1.98 2000/01/13 08:09:31 rgb | |
41146 | + * Shuffled debug_tunnel switches to focus output. | |
41147 | + * Fixed outgoing recursion bug, limiting to recursing only if the remote | |
41148 | + * SG changes and if it is valid, ie. not passthrough. | |
41149 | + * Clarified a number of debug messages. | |
41150 | + * | |
41151 | + * Revision 1.97 2000/01/10 16:37:16 rgb | |
41152 | + * MB support for new ip_select_ident() upon disappearance of | |
41153 | + * ip_id_count in 2.3.36+. | |
41154 | + * | |
41155 | + * Revision 1.96 1999/12/31 14:59:08 rgb | |
41156 | + * MB fix to use new skb_copy_expand in kernel 2.3.35. | |
41157 | + * | |
41158 | + * Revision 1.95 1999/12/29 21:15:44 rgb | |
41159 | + * Fix tncfg to aliased device bug. | |
41160 | + * | |
41161 | + * Revision 1.94 1999/12/22 04:26:06 rgb | |
41162 | + * Converted all 'static' functions to 'DEBUG_NO_STATIC' to enable | |
41163 | + * debugging by providing external labels to all functions with debugging | |
41164 | + * turned on. | |
41165 | + * | |
41166 | + * Revision 1.93 1999/12/13 13:30:14 rgb | |
41167 | + * Changed MTU reports and HW address reporting back to debug only. | |
41168 | + * | |
41169 | + * Revision 1.92 1999/12/07 18:57:56 rgb | |
41170 | + * Fix PFKEY symbol compile error (SADB_*) without pfkey enabled. | |
41171 | + * | |
41172 | + * Revision 1.91 1999/12/01 22:15:36 rgb | |
41173 | + * Add checks for LARVAL and DEAD SAs. | |
41174 | + * Change state of SA from MATURE to DYING when a soft lifetime is | |
41175 | + * reached and print debug warning. | |
41176 | + * | |
41177 | + * Revision 1.90 1999/11/23 23:04:04 rgb | |
41178 | + * Use provided macro ADDRTOA_BUF instead of hardcoded value. | |
41179 | + * Sort out pfkey and freeswan headers, putting them in a library path. | |
41180 | + * | |
41181 | + * Revision 1.89 1999/11/18 18:50:59 rgb | |
41182 | + * Changed all device registrations for static linking to | |
41183 | + * dynamic to reduce the number and size of patches. | |
41184 | + * | |
41185 | + * Revision 1.88 1999/11/18 04:09:19 rgb | |
41186 | + * Replaced all kernel version macros to shorter, readable form. | |
41187 | + * | |
41188 | + * Revision 1.87 1999/11/17 15:53:40 rgb | |
41189 | + * Changed all occurrences of #include "../../../lib/freeswan.h" | |
41190 | + * to #include <freeswan.h> which works due to -Ilibfreeswan in the | |
41191 | + * klips/net/ipsec/Makefile. | |
41192 | + * | |
41193 | + * Revision 1.86 1999/10/16 18:25:37 rgb | |
41194 | + * Moved SA lifetime expiry checks before packet processing. | |
41195 | + * Expire SA on replay counter rollover. | |
41196 | + * | |
41197 | + * Revision 1.85 1999/10/16 04:24:31 rgb | |
41198 | + * Add stats for time since last packet. | |
41199 | + * | |
41200 | + * Revision 1.84 1999/10/16 00:30:47 rgb | |
41201 | + * Added SA lifetime counting. | |
41202 | + * | |
41203 | + * Revision 1.83 1999/10/15 22:15:57 rgb | |
41204 | + * Clean out cruft. | |
41205 | + * Add debugging. | |
41206 | + * | |
41207 | + * Revision 1.82 1999/10/08 18:26:19 rgb | |
41208 | + * Fix 2.0.3x outgoing fragmented packet memory leak. | |
41209 | + * | |
41210 | + * Revision 1.81 1999/10/05 02:38:54 rgb | |
41211 | + * Lower the default mtu of virtual devices to 16260. | |
41212 | + * | |
41213 | + * Revision 1.80 1999/10/03 18:56:41 rgb | |
41214 | + * Spinlock support for 2.3.xx. | |
41215 | + * Don't forget to undo spinlocks on error! | |
41216 | + * Check for valid eroute before copying the structure. | |
41217 | + * | |
41218 | + * Revision 1.79 1999/10/01 15:44:53 rgb | |
41219 | + * Move spinlock header include to 2.1> scope. | |
41220 | + * | |
41221 | + * Revision 1.78 1999/10/01 00:02:43 rgb | |
41222 | + * Added tdb structure locking. | |
41223 | + * Added eroute structure locking. | |
41224 | + * | |
41225 | + * Revision 1.77 1999/09/30 02:52:29 rgb | |
41226 | + * Add Marc Boucher's Copy-On-Write code (same as ipsec_rcv.c). | |
41227 | + * | |
41228 | + * Revision 1.76 1999/09/25 19:31:27 rgb | |
41229 | + * Refine MSS hack to affect SYN, but not SYN+ACK packets. | |
41230 | + * | |
41231 | + * Revision 1.75 1999/09/24 22:52:38 rgb | |
41232 | + * Fix two things broken in 2.0.38 by trying to fix network notifiers. | |
41233 | + * | |
41234 | + * Revision 1.74 1999/09/24 00:30:37 rgb | |
41235 | + * Add test for changed source as well as destination to check for | |
41236 | + * recursion. | |
41237 | + * | |
41238 | + * Revision 1.73 1999/09/23 20:52:24 rgb | |
41239 | + * Add James Morris' MSS hack patch, disabled. | |
41240 | + * | |
41241 | + * Revision 1.72 1999/09/23 20:22:40 rgb | |
41242 | + * Enable, tidy and fix network notifier code. | |
41243 | + * | |
41244 | + * Revision 1.71 1999/09/23 18:09:05 rgb | |
41245 | + * Clean up 2.2.x fragmenting traces. | |
41246 | + * Disable dev->type switching, forcing ARPHRD_TUNNEL. | |
41247 | + * | |
41248 | + * Revision 1.70 1999/09/22 14:14:24 rgb | |
41249 | + * Add sanity checks for revectored calls to prevent calling a downed I/F. | |
41250 | + * | |
41251 | + * Revision 1.69 1999/09/21 15:00:57 rgb | |
41252 | + * Add Marc Boucher's packet size check. | |
41253 | + * Flesh out network device notifier code. | |
41254 | + * | |
41255 | + * Revision 1.68 1999/09/18 11:39:57 rgb | |
41256 | + * Start to add (disabled) netdevice notifier code. | |
41257 | + * | |
41258 | + * Revision 1.67 1999/09/17 23:44:40 rgb | |
41259 | + * Add a comment warning potential code hackers to stay away from mac.raw. | |
41260 | + * | |
41261 | + * Revision 1.66 1999/09/17 18:04:02 rgb | |
41262 | + * Add fix for unpredictable hard_header_len for ISDN folks (thanks MB). | |
41263 | + * Ditch TTL decrement in 2.2 (MB). | |
41264 | + * | |
41265 | + * Revision 1.65 1999/09/15 23:15:35 henry | |
41266 | + * Marc Boucher's PPP fixes | |
41267 | + * | |
41268 | + * Revision 1.64 1999/09/07 13:40:53 rgb | |
41269 | + * Ditch unreliable references to skb->mac.raw. | |
41270 | + * | |
41271 | + * Revision 1.63 1999/08/28 11:33:09 rgb | |
41272 | + * Check for null skb->mac pointer. | |
41273 | + * | |
41274 | + * Revision 1.62 1999/08/28 02:02:30 rgb | |
41275 | + * Add Marc Boucher's fix for properly dealing with skb->sk. | |
41276 | + * | |
41277 | + * Revision 1.61 1999/08/27 05:23:05 rgb | |
41278 | + * Clean up skb->data/raw/nh/h manipulation. | |
41279 | + * Add Marc Boucher's mods to aid tcpdump. | |
41280 | + * Add sanity checks to skb->raw/nh/h pointer copies in skb_copy_expand. | |
41281 | + * Re-order hard_header stripping -- might be able to remove it... | |
41282 | + * | |
41283 | + * Revision 1.60 1999/08/26 20:01:02 rgb | |
41284 | + * Tidy up compiler directives and macros. | |
41285 | + * Re-enable ICMP for tunnels where inner_dst != outer_dst. | |
41286 | + * Remove unnecessary skb->dev = physdev assignment affecting 2.2.x. | |
41287 | + * | |
41288 | + * Revision 1.59 1999/08/25 15:44:41 rgb | |
41289 | + * Clean up from 2.2.x instrumenting for compilation under 2.0.36. | |
41290 | + * | |
41291 | + * Revision 1.58 1999/08/25 15:00:54 rgb | |
41292 | + * Add dst cache code for 2.2.xx. | |
41293 | + * Add sanity check for skb packet header pointers. | |
41294 | + * Add/modify debugging instrumentation to *_start_xmit, *_hard_header and | |
41295 | + * *_rebuild_header. | |
41296 | + * Add neigh_* cache code. | |
41297 | + * Change dev->type back to ARPHRD_TUNNEL. | |
41298 | + * | |
41299 | + * Revision 1.57 1999/08/17 21:50:23 rgb | |
41300 | + * Fixed minor debug output bugs. | |
41301 | + * Regrouped error recovery exit code. | |
41302 | + * Added compiler directives to remove unwanted code and symbols. | |
41303 | + * Shut off ICMP messages: to be refined to only send ICMP to remote systems. | |
41304 | + * Add debugging code for output function addresses. | |
41305 | + * Fix minor bug in (possibly unused) header_cache_bind function. | |
41306 | + * Add device neighbour caching code. | |
41307 | + * Change dev->type from ARPHRD_TUNNEL to physdev->type. | |
41308 | + * | |
41309 | + * Revision 1.56 1999/08/03 17:22:56 rgb | |
41310 | + * Debug output clarification using KERN_* macros. Other inactive changes | |
41311 | + * added. | |
41312 | + * | |
41313 | + * Revision 1.55 1999/08/03 16:58:46 rgb | |
41314 | + * Fix skb_copy_expand size bug. Was getting incorrect size. | |
41315 | + * | |
41316 | + * Revision 1.54 1999/07/14 19:32:38 rgb | |
41317 | + * Fix oversize packet crash and ssh stalling in 2.2.x kernels. | |
41318 | + * | |
41319 | + * Revision 1.53 1999/06/10 15:44:02 rgb | |
41320 | + * Minor reformatting and clean-up. | |
41321 | + * | |
41322 | + * Revision 1.52 1999/05/09 03:25:36 rgb | |
41323 | + * Fix bug introduced by 2.2 quick-and-dirty patch. | |
41324 | + * | |
41325 | + * Revision 1.51 1999/05/08 21:24:59 rgb | |
41326 | + * Add casting to silence the 2.2.x compile. | |
41327 | + * | |
41328 | + * Revision 1.50 1999/05/05 22:02:32 rgb | |
41329 | + * Add a quick and dirty port to 2.2 kernels by Marc Boucher <marc@mbsi.ca>. | |
41330 | + * | |
41331 | + * Revision 1.49 1999/04/29 15:18:52 rgb | |
41332 | + * Change gettdb parameter to a pointer to reduce stack loading and | |
41333 | + * facilitate parameter sanity checking. | |
41334 | + * Fix undetected bug that might have tried to access a null pointer. | |
41335 | + * Eliminate unnessessary usage of tdb_xform member to further switch | |
41336 | + * away from the transform switch to the algorithm switch. | |
41337 | + * Add return values to init and cleanup functions. | |
41338 | + * | |
41339 | + * Revision 1.48 1999/04/16 15:38:00 rgb | |
41340 | + * Minor rearrangement of freeing code to avoid memory leaks with impossible or | |
41341 | + * rare situations. | |
41342 | + * | |
41343 | + * Revision 1.47 1999/04/15 15:37:25 rgb | |
41344 | + * Forward check changes from POST1_00 branch. | |
41345 | + * | |
41346 | + * Revision 1.32.2.4 1999/04/13 21:00:18 rgb | |
41347 | + * Ditch 'things I wish I had known before...'. | |
41348 | + * | |
41349 | + * Revision 1.32.2.3 1999/04/13 20:34:38 rgb | |
41350 | + * Free skb after fragmentation. | |
41351 | + * Use stats more effectively. | |
41352 | + * Add I/F to mtu notch-down reporting. | |
41353 | + * | |
41354 | + * Revision 1.32.2.2 1999/04/02 04:26:14 rgb | |
41355 | + * Backcheck from HEAD, pre1.0. | |
41356 | + * | |
41357 | + * Revision 1.46 1999/04/11 00:29:00 henry | |
41358 | + * GPL boilerplate | |
41359 | + * | |
41360 | + * Revision 1.45 1999/04/07 15:42:01 rgb | |
41361 | + * Fix mtu/ping bug AGAIN! | |
41362 | + * | |
41363 | + * Revision 1.44 1999/04/06 04:54:27 rgb | |
41364 | + * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes | |
41365 | + * patch shell fixes. | |
41366 | + * | |
41367 | + * Revision 1.43 1999/04/04 03:57:07 rgb | |
41368 | + * ip_fragment() doesn't free the supplied skb. Freed. | |
41369 | + * | |
41370 | + * Revision 1.42 1999/04/01 23:27:15 rgb | |
41371 | + * Preload size of virtual mtu. | |
41372 | + * | |
41373 | + * Revision 1.41 1999/04/01 09:31:23 rgb | |
41374 | + * Invert meaning of ICMP PMTUD config option and clarify. | |
41375 | + * Code clean-up. | |
41376 | + * | |
41377 | + * Revision 1.40 1999/04/01 04:37:17 rgb | |
41378 | + * SSH stalling bug fix. | |
41379 | + * | |
41380 | + * Revision 1.39 1999/03/31 23:44:28 rgb | |
41381 | + * Don't send ICMP on DF and frag_off. | |
41382 | + * | |
41383 | + * Revision 1.38 1999/03/31 15:20:10 rgb | |
41384 | + * Quiet down debugging. | |
41385 | + * | |
41386 | + * Revision 1.37 1999/03/31 08:30:31 rgb | |
41387 | + * Add switch to shut off ICMP PMTUD packets. | |
41388 | + * | |
41389 | + * Revision 1.36 1999/03/31 05:44:47 rgb | |
41390 | + * Keep PMTU reduction private. | |
41391 | + * | |
41392 | + * Revision 1.35 1999/03/27 15:13:02 rgb | |
41393 | + * PMTU/fragmentation bug fix. | |
41394 | + * | |
41395 | + * Revision 1.34 1999/03/17 21:19:26 rgb | |
41396 | + * Fix kmalloc nonatomic bug. | |
41397 | + * | |
41398 | + * Revision 1.33 1999/03/17 15:38:42 rgb | |
41399 | + * Code clean-up. | |
41400 | + * ESP_NULL IV bug fix. | |
41401 | + * | |
41402 | + * Revision 1.32 1999/03/01 20:44:25 rgb | |
41403 | + * Code clean-up. | |
41404 | + * Memory leak bug fix. | |
41405 | + * | |
41406 | + * Revision 1.31 1999/02/27 00:02:09 rgb | |
41407 | + * Tune to report the MTU reduction once, rather than after every recursion | |
41408 | + * through the encapsulating code, preventing tcp stream stalling. | |
41409 | + * | |
41410 | + * Revision 1.30 1999/02/24 20:21:01 rgb | |
41411 | + * Reformat debug printk's. | |
41412 | + * Fix recursive encapsulation, dynamic MTU bugs and add debugging code. | |
41413 | + * Clean-up. | |
41414 | + * | |
41415 | + * Revision 1.29 1999/02/22 17:08:14 rgb | |
41416 | + * Fix recursive encapsulation code. | |
41417 | + * | |
41418 | + * Revision 1.28 1999/02/19 18:27:02 rgb | |
41419 | + * Improve DF, fragmentation and PMTU behaviour and add dynamic MTU discovery. | |
41420 | + * | |
41421 | + * Revision 1.27 1999/02/17 16:51:37 rgb | |
41422 | + * Clean out unused cruft. | |
41423 | + * Temporarily tone down volume of debug output. | |
41424 | + * Temporarily shut off fragment rejection. | |
41425 | + * Disabled temporary failed recursive encapsulation loop. | |
41426 | + * | |
41427 | + * Revision 1.26 1999/02/12 21:21:26 rgb | |
41428 | + * Move KLIPS_PRINT to ipsec_netlink.h for accessibility. | |
41429 | + * | |
41430 | + * Revision 1.25 1999/02/11 19:38:27 rgb | |
41431 | + * More clean-up. | |
41432 | + * Add sanity checking for skb_copy_expand() to prevent kernel panics on | |
41433 | + * skb_put() values out of range. | |
41434 | + * Fix head/tailroom calculation causing skb_put() out-of-range values. | |
41435 | + * Fix return values to prevent 'nonatomic alloc_skb' warnings. | |
41436 | + * Allocate new skb iff needed. | |
41437 | + * Added more debug statements. | |
41438 | + * Make headroom depend on structure, not hard-coded values. | |
41439 | + * | |
41440 | + * Revision 1.24 1999/02/10 23:20:33 rgb | |
41441 | + * Shut up annoying 'statement has no effect' compiler warnings with | |
41442 | + * debugging compiled out. | |
41443 | + * | |
41444 | + * Revision 1.23 1999/02/10 22:36:30 rgb | |
41445 | + * Clean-up obsolete, unused and messy code. | |
41446 | + * Converted most IPSEC_DEBUG statements to KLIPS_PRINT macros. | |
41447 | + * Rename ipsec_tunnel_do_xmit to ipsec_tunnel_start_xmit and eliminated | |
41448 | + * original ipsec_tunnel_start_xmit. | |
41449 | + * Send all packet with different inner and outer destinations directly to | |
41450 | + * the attached physical device, rather than back through ip_forward, | |
41451 | + * preventing disappearing routes problems. | |
41452 | + * Do sanity checking before investing too much CPU in allocating new | |
41453 | + * structures. | |
41454 | + * Fail on IP header options: We cannot process them yet. | |
41455 | + * Add some helpful comments. | |
41456 | + * Use virtual device for parameters instead of physical device. | |
41457 | + * | |
41458 | + * Revision 1.22 1999/02/10 03:03:02 rgb | |
41459 | + * Duh. Fixed the TTL bug: forgot to update the checksum. | |
41460 | + * | |
41461 | + * Revision 1.21 1999/02/09 23:17:53 rgb | |
41462 | + * Add structure members to ipsec_print_ip debug function. | |
41463 | + * Temporarily fix TTL bug preventing tunnel mode from functioning. | |
41464 | + * | |
41465 | + * Revision 1.20 1999/02/09 00:14:25 rgb | |
41466 | + * Add KLIPSPRINT macro. (Not used yet, though.) | |
41467 | + * Delete old ip_tunnel code (BADCODE). | |
41468 | + * Decrement TTL in outgoing packet. | |
41469 | + * Set TTL on new IPIP_TUNNEL to default, not existing packet TTL. | |
41470 | + * Delete ethernet only feature and fix hard-coded hard_header_len. | |
41471 | + * | |
41472 | + * Revision 1.19 1999/01/29 17:56:22 rgb | |
41473 | + * 64-bit re-fix submitted by Peter Onion. | |
41474 | + * | |
41475 | + * Revision 1.18 1999/01/28 22:43:24 rgb | |
41476 | + * Fixed bug in ipsec_print_ip that caused an OOPS, found by P.Onion. | |
41477 | + * | |
41478 | + * Revision 1.17 1999/01/26 02:08:16 rgb | |
41479 | + * Removed CONFIG_IPSEC_ALGO_SWITCH macro. | |
41480 | + * Removed dead code. | |
41481 | + * | |
41482 | + * Revision 1.16 1999/01/22 06:25:26 rgb | |
41483 | + * Cruft clean-out. | |
41484 | + * Added algorithm switch code. | |
41485 | + * 64-bit clean-up. | |
41486 | + * Passthrough on IPIP protocol, spi 0x0 fix. | |
41487 | + * Enhanced debugging. | |
41488 | + * | |
41489 | + * Revision 1.15 1998/12/01 13:22:04 rgb | |
41490 | + * Added support for debug printing of version info. | |
41491 | + * | |
41492 | + * Revision 1.14 1998/11/30 13:22:55 rgb | |
41493 | + * Rationalised all the klips kernel file headers. They are much shorter | |
41494 | + * now and won't conflict under RH5.2. | |
41495 | + * | |
41496 | + * Revision 1.13 1998/11/17 21:13:52 rgb | |
41497 | + * Put IKE port bypass debug output in user-switched debug statements. | |
41498 | + * | |
41499 | + * Revision 1.12 1998/11/13 13:20:25 rgb | |
41500 | + * Fixed ntohs bug in udp/500 hole for IKE. | |
41501 | + * | |
41502 | + * Revision 1.11 1998/11/10 08:01:19 rgb | |
41503 | + * Kill tcp/500 hole, keep udp/500 hole. | |
41504 | + * | |
41505 | + * Revision 1.10 1998/11/09 21:29:26 rgb | |
41506 | + * If no eroute is found, discard packet and incr. tx_error. | |
41507 | + * | |
41508 | + * Revision 1.9 1998/10/31 06:50:00 rgb | |
41509 | + * Add tcp/udp/500 bypass. | |
41510 | + * Fixed up comments in #endif directives. | |
41511 | + * | |
41512 | + * Revision 1.8 1998/10/27 00:34:31 rgb | |
41513 | + * Reformat debug output of IP headers. | |
41514 | + * Newlines added before calls to ipsec_print_ip. | |
41515 | + * | |
41516 | + * Revision 1.7 1998/10/19 14:44:28 rgb | |
41517 | + * Added inclusion of freeswan.h. | |
41518 | + * sa_id structure implemented and used: now includes protocol. | |
41519 | + * | |
41520 | + * Revision 1.6 1998/10/09 04:31:35 rgb | |
41521 | + * Added 'klips_debug' prefix to all klips printk debug statements. | |
41522 | + * | |
41523 | + * Revision 1.5 1998/08/28 03:09:51 rgb | |
41524 | + * Prevent kernel log spam with default route through ipsec. | |
41525 | + * | |
41526 | + * Revision 1.4 1998/08/05 22:23:09 rgb | |
41527 | + * Change setdev return code to ENXIO for a non-existant physical device. | |
41528 | + * | |
41529 | + * Revision 1.3 1998/07/29 20:41:11 rgb | |
41530 | + * Add ipsec_tunnel_clear to clear all tunnel attachments. | |
41531 | + * | |
41532 | + * Revision 1.2 1998/06/25 20:00:33 rgb | |
41533 | + * Clean up #endif comments. | |
41534 | + * Rename dev_ipsec to dev_ipsec0 for consistency. | |
41535 | + * Document ipsec device fields. | |
41536 | + * Make ipsec_tunnel_probe visible from rest of kernel for static linking. | |
41537 | + * Get debugging report for *every* ipsec device initialisation. | |
41538 | + * Comment out redundant code. | |
41539 | + * | |
41540 | + * Revision 1.1 1998/06/18 21:27:50 henry | |
41541 | + * move sources from klips/src to klips/net/ipsec, to keep stupid | |
41542 | + * kernel-build scripts happier in the presence of symlinks | |
41543 | + * | |
41544 | + * Revision 1.8 1998/06/14 23:49:40 rgb | |
41545 | + * Clarify version reporting on module loading. | |
41546 | + * | |
41547 | + * Revision 1.7 1998/05/27 23:19:20 rgb | |
41548 | + * Added version reporting. | |
41549 | + * | |
41550 | + * Revision 1.6 1998/05/18 21:56:23 rgb | |
41551 | + * Clean up for numerical consistency of output and cleaning up debug code. | |
41552 | + * | |
41553 | + * Revision 1.5 1998/05/12 02:44:23 rgb | |
41554 | + * Clarifying 'no e-route to host' message. | |
41555 | + * | |
41556 | + * Revision 1.4 1998/04/30 15:34:35 rgb | |
41557 | + * Enclosed most remaining debugging statements in #ifdef's to make it quieter. | |
41558 | + * | |
41559 | + * Revision 1.3 1998/04/21 21:28:54 rgb | |
41560 | + * Rearrange debug switches to change on the fly debug output from user | |
41561 | + * space. Only kernel changes checked in at this time. radij.c was also | |
41562 | + * changed to temporarily remove buggy debugging code in rj_delete causing | |
41563 | + * an OOPS and hence, netlink device open errors. | |
41564 | + * | |
41565 | + * Revision 1.2 1998/04/12 22:03:24 rgb | |
41566 | + * Updated ESP-3DES-HMAC-MD5-96, | |
41567 | + * ESP-DES-HMAC-MD5-96, | |
41568 | + * AH-HMAC-MD5-96, | |
41569 | + * AH-HMAC-SHA1-96 since Henry started freeswan cvs repository | |
41570 | + * from old standards (RFC182[5-9] to new (as of March 1998) drafts. | |
41571 | + * | |
41572 | + * Fixed eroute references in /proc/net/ipsec*. | |
41573 | + * | |
41574 | + * Started to patch module unloading memory leaks in ipsec_netlink and | |
41575 | + * radij tree unloading. | |
41576 | + * | |
41577 | + * Revision 1.1 1998/04/09 03:06:12 henry | |
41578 | + * sources moved up from linux/net/ipsec | |
41579 | + * | |
41580 | + * Revision 1.1.1.1 1998/04/08 05:35:04 henry | |
41581 | + * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8 | |
41582 | + * | |
41583 | + * Revision 0.5 1997/06/03 04:24:48 ji | |
41584 | + * Added transport mode. | |
41585 | + * Changed the way routing is done. | |
41586 | + * Lots of bug fixes. | |
41587 | + * | |
41588 | + * Revision 0.4 1997/01/15 01:28:15 ji | |
41589 | + * No changes. | |
41590 | + * | |
41591 | + * Revision 0.3 1996/11/20 14:39:04 ji | |
41592 | + * Minor cleanups. | |
41593 | + * Rationalized debugging code. | |
41594 | + * | |
41595 | + * Revision 0.2 1996/11/02 00:18:33 ji | |
41596 | + * First limited release. | |
41597 | + * | |
41598 | + * Local Variables: | |
41599 | + * c-style: linux | |
41600 | + * End: | |
41601 | + */ | |
41602 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
41603 | +++ linux/net/ipsec/ipsec_xform.c Mon Feb 9 13:51:03 2004 | |
41604 | @@ -0,0 +1,360 @@ | |
41605 | +/* | |
41606 | + * Common routines for IPSEC transformations. | |
41607 | + * Copyright (C) 1996, 1997 John Ioannidis. | |
41608 | + * Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs. | |
41609 | + * | |
41610 | + * This program is free software; you can redistribute it and/or modify it | |
41611 | + * under the terms of the GNU General Public License as published by the | |
41612 | + * Free Software Foundation; either version 2 of the License, or (at your | |
41613 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
41614 | + * | |
41615 | + * This program is distributed in the hope that it will be useful, but | |
41616 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
41617 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
41618 | + * for more details. | |
41619 | + * | |
41620 | + * RCSID $Id: ipsec_xform.c,v 1.65.2.1 2006/10/06 21:39:26 paul Exp $ | |
41621 | + */ | |
41622 | + | |
41623 | +#ifndef AUTOCONF_INCLUDED | |
41624 | +#include <linux/config.h> | |
41625 | +#endif | |
41626 | +#include <linux/version.h> | |
41627 | +#include <linux/kernel.h> /* printk() */ | |
41628 | + | |
41629 | +#include "freeswan/ipsec_param.h" | |
41630 | + | |
41631 | +#ifdef MALLOC_SLAB | |
41632 | +# include <linux/slab.h> /* kmalloc() */ | |
41633 | +#else /* MALLOC_SLAB */ | |
41634 | +# include <linux/malloc.h> /* kmalloc() */ | |
41635 | +#endif /* MALLOC_SLAB */ | |
41636 | +#include <linux/errno.h> /* error codes */ | |
41637 | +#include <linux/types.h> /* size_t */ | |
41638 | +#include <linux/interrupt.h> /* mark_bh */ | |
41639 | + | |
41640 | +#include <linux/netdevice.h> /* struct device, and other headers */ | |
41641 | +#include <linux/etherdevice.h> /* eth_type_trans */ | |
41642 | +#include <linux/ip.h> /* struct iphdr */ | |
41643 | +#include <linux/skbuff.h> | |
41644 | +#include <linux/random.h> /* get_random_bytes() */ | |
41645 | +#include <freeswan.h> | |
41646 | +#ifdef SPINLOCK | |
41647 | +# ifdef SPINLOCK_23 | |
41648 | +# include <linux/spinlock.h> /* *lock* */ | |
41649 | +# else /* SPINLOCK_23 */ | |
41650 | +# include <asm/spinlock.h> /* *lock* */ | |
41651 | +# endif /* SPINLOCK_23 */ | |
41652 | +#endif /* SPINLOCK */ | |
41653 | + | |
41654 | +#include <net/ip.h> | |
41655 | + | |
41656 | +#include "freeswan/radij.h" | |
41657 | +#include "freeswan/ipsec_encap.h" | |
41658 | +#include "freeswan/ipsec_radij.h" | |
41659 | +#include "freeswan/ipsec_xform.h" | |
41660 | +#include "freeswan/ipsec_ipe4.h" | |
41661 | +#include "freeswan/ipsec_ah.h" | |
41662 | +#include "freeswan/ipsec_esp.h" | |
41663 | + | |
41664 | +#include <pfkeyv2.h> | |
41665 | +#include <pfkey.h> | |
41666 | + | |
41667 | +#ifdef CONFIG_KLIPS_DEBUG | |
41668 | +int debug_xform = 0; | |
41669 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
41670 | + | |
41671 | +#ifdef SPINLOCK | |
41672 | +spinlock_t tdb_lock = SPIN_LOCK_UNLOCKED; | |
41673 | +#else /* SPINLOCK */ | |
41674 | +spinlock_t tdb_lock; | |
41675 | +#endif /* SPINLOCK */ | |
41676 | + | |
41677 | +/* | |
41678 | + * $Log: ipsec_xform.c,v $ | |
41679 | + * Revision 1.65.2.1 2006/10/06 21:39:26 paul | |
41680 | + * Fix for 2.6.18+ only include linux/config.h if AUTOCONF_INCLUDED is not | |
41681 | + * set. This is defined through autoconf.h which is included through the | |
41682 | + * linux kernel build macros. | |
41683 | + * | |
41684 | + * Revision 1.65 2005/04/29 05:10:22 mcr | |
41685 | + * removed from extraenous includes to make unit testing easier. | |
41686 | + * | |
41687 | + * Revision 1.64 2004/07/10 19:11:18 mcr | |
41688 | + * CONFIG_IPSEC -> CONFIG_KLIPS. | |
41689 | + * | |
41690 | + * Revision 1.63 2003/10/31 02:27:55 mcr | |
41691 | + * pulled up port-selector patches and sa_id elimination. | |
41692 | + * | |
41693 | + * Revision 1.62.30.1 2003/10/29 01:30:41 mcr | |
41694 | + * elimited "struct sa_id". | |
41695 | + * | |
41696 | + * Revision 1.62 2002/05/14 02:34:21 rgb | |
41697 | + * Delete stale code. | |
41698 | + * | |
41699 | + * Revision 1.61 2002/04/24 07:55:32 mcr | |
41700 | + * #include patches and Makefiles for post-reorg compilation. | |
41701 | + * | |
41702 | + * Revision 1.60 2002/04/24 07:36:33 mcr | |
41703 | + * Moved from ./klips/net/ipsec/ipsec_xform.c,v | |
41704 | + * | |
41705 | + * Revision 1.59 2002/03/29 15:01:36 rgb | |
41706 | + * Delete decommissioned code. | |
41707 | + * | |
41708 | + * Revision 1.58 2002/01/29 17:17:57 mcr | |
41709 | + * moved include of ipsec_param.h to after include of linux/kernel.h | |
41710 | + * otherwise, it seems that some option that is set in ipsec_param.h | |
41711 | + * screws up something subtle in the include path to kernel.h, and | |
41712 | + * it complains on the snprintf() prototype. | |
41713 | + * | |
41714 | + * Revision 1.57 2002/01/29 04:00:53 mcr | |
41715 | + * more excise of kversions.h header. | |
41716 | + * | |
41717 | + * Revision 1.56 2001/11/27 05:17:22 mcr | |
41718 | + * turn off the worst of the per-packet debugging. | |
41719 | + * | |
41720 | + * Revision 1.55 2001/11/26 09:23:50 rgb | |
41721 | + * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes. | |
41722 | + * | |
41723 | + * Revision 1.54 2001/10/18 04:45:21 rgb | |
41724 | + * 2.4.9 kernel deprecates linux/malloc.h in favour of linux/slab.h, | |
41725 | + * lib/freeswan.h version macros moved to lib/kversions.h. | |
41726 | + * Other compiler directive cleanups. | |
41727 | + * | |
41728 | + * Revision 1.53 2001/09/08 21:13:34 rgb | |
41729 | + * Added pfkey ident extension support for ISAKMPd. (NetCelo) | |
41730 | + * | |
41731 | + * Revision 1.52 2001/06/14 19:35:11 rgb | |
41732 | + * Update copyright date. | |
41733 | + * | |
41734 | + * Revision 1.51 2001/05/30 08:14:03 rgb | |
41735 | + * Removed vestiges of esp-null transforms. | |
41736 | + * | |
41737 | + * Revision 1.50 2001/05/03 19:43:18 rgb | |
41738 | + * Initialise error return variable. | |
41739 | + * Update SENDERR macro. | |
41740 | + * Fix sign of error return code for ipsec_tdbcleanup(). | |
41741 | + * Use more appropriate return code for ipsec_tdbwipe(). | |
41742 | + * | |
41743 | + * Revision 1.49 2001/04/19 18:56:17 rgb | |
41744 | + * Fixed tdb table locking comments. | |
41745 | + * | |
41746 | + * Revision 1.48 2001/02/27 22:24:55 rgb | |
41747 | + * Re-formatting debug output (line-splitting, joining, 1arg/line). | |
41748 | + * Check for satoa() return codes. | |
41749 | + * | |
41750 | + * Revision 1.47 2000/11/06 04:32:08 rgb | |
41751 | + * Ditched spin_lock_irqsave in favour of spin_lock_bh. | |
41752 | + * | |
41753 | + * Revision 1.46 2000/09/20 16:21:57 rgb | |
41754 | + * Cleaned up ident string alloc/free. | |
41755 | + * | |
41756 | + * Revision 1.45 2000/09/08 19:16:51 rgb | |
41757 | + * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG. | |
41758 | + * Removed all references to CONFIG_IPSEC_PFKEYv2. | |
41759 | + * | |
41760 | + * Revision 1.44 2000/08/30 05:29:04 rgb | |
41761 | + * Compiler-define out no longer used tdb_init() in ipsec_xform.c. | |
41762 | + * | |
41763 | + * Revision 1.43 2000/08/18 21:30:41 rgb | |
41764 | + * Purged all tdb_spi, tdb_proto and tdb_dst macros. They are unclear. | |
41765 | + * | |
41766 | + * Revision 1.42 2000/08/01 14:51:51 rgb | |
41767 | + * Removed _all_ remaining traces of DES. | |
41768 | + * | |
41769 | + * Revision 1.41 2000/07/28 14:58:31 rgb | |
41770 | + * Changed kfree_s to kfree, eliminating extra arg to fix 2.4.0-test5. | |
41771 | + * | |
41772 | + * Revision 1.40 2000/06/28 05:50:11 rgb | |
41773 | + * Actually set iv_bits. | |
41774 | + * | |
41775 | + * Revision 1.39 2000/05/10 23:11:09 rgb | |
41776 | + * Added netlink debugging output. | |
41777 | + * Added a cast to quiet down the ntohl bug. | |
41778 | + * | |
41779 | + * Revision 1.38 2000/05/10 19:18:42 rgb | |
41780 | + * Cast output of ntohl so that the broken prototype doesn't make our | |
41781 | + * compile noisy. | |
41782 | + * | |
41783 | + * Revision 1.37 2000/03/16 14:04:59 rgb | |
41784 | + * Hardwired CONFIG_IPSEC_PFKEYv2 on. | |
41785 | + * | |
41786 | + * Revision 1.36 2000/01/26 10:11:28 rgb | |
41787 | + * Fixed spacing in error text causing run-in words. | |
41788 | + * | |
41789 | + * Revision 1.35 2000/01/21 06:17:16 rgb | |
41790 | + * Tidied up compiler directive indentation for readability. | |
41791 | + * Added ictx,octx vars for simplification.(kravietz) | |
41792 | + * Added macros for HMAC padding magic numbers.(kravietz) | |
41793 | + * Fixed missing key length reporting bug. | |
41794 | + * Fixed bug in tdbwipe to return immediately on NULL tdbp passed in. | |
41795 | + * | |
41796 | + * Revision 1.34 1999/12/08 00:04:19 rgb | |
41797 | + * Fixed SA direction overwriting bug for netlink users. | |
41798 | + * | |
41799 | + * Revision 1.33 1999/12/01 22:16:44 rgb | |
41800 | + * Minor formatting changes in ESP MD5 initialisation. | |
41801 | + * | |
41802 | + * Revision 1.32 1999/11/25 09:06:36 rgb | |
41803 | + * Fixed error return messages, should be returning negative numbers. | |
41804 | + * Implemented SENDERR macro for propagating error codes. | |
41805 | + * Added debug message and separate error code for algorithms not compiled | |
41806 | + * in. | |
41807 | + * | |
41808 | + * Revision 1.31 1999/11/23 23:06:26 rgb | |
41809 | + * Sort out pfkey and freeswan headers, putting them in a library path. | |
41810 | + * | |
41811 | + * Revision 1.30 1999/11/18 04:09:20 rgb | |
41812 | + * Replaced all kernel version macros to shorter, readable form. | |
41813 | + * | |
41814 | + * Revision 1.29 1999/11/17 15:53:40 rgb | |
41815 | + * Changed all occurrences of #include "../../../lib/freeswan.h" | |
41816 | + * to #include <freeswan.h> which works due to -Ilibfreeswan in the | |
41817 | + * klips/net/ipsec/Makefile. | |
41818 | + * | |
41819 | + * Revision 1.28 1999/10/18 20:04:01 rgb | |
41820 | + * Clean-out unused cruft. | |
41821 | + * | |
41822 | + * Revision 1.27 1999/10/03 19:01:03 rgb | |
41823 | + * Spinlock support for 2.3.xx and 2.0.xx kernels. | |
41824 | + * | |
41825 | + * Revision 1.26 1999/10/01 16:22:24 rgb | |
41826 | + * Switch from assignment init. to functional init. of spinlocks. | |
41827 | + * | |
41828 | + * Revision 1.25 1999/10/01 15:44:54 rgb | |
41829 | + * Move spinlock header include to 2.1> scope. | |
41830 | + * | |
41831 | + * Revision 1.24 1999/10/01 00:03:46 rgb | |
41832 | + * Added tdb structure locking. | |
41833 | + * Minor formatting changes. | |
41834 | + * Add function to initialize tdb hash table. | |
41835 | + * | |
41836 | + * Revision 1.23 1999/05/25 22:42:12 rgb | |
41837 | + * Add deltdbchain() debugging. | |
41838 | + * | |
41839 | + * Revision 1.22 1999/05/25 21:24:31 rgb | |
41840 | + * Add debugging statements to deltdbchain(). | |
41841 | + * | |
41842 | + * Revision 1.21 1999/05/25 03:51:48 rgb | |
41843 | + * Refix error return code. | |
41844 | + * | |
41845 | + * Revision 1.20 1999/05/25 03:34:07 rgb | |
41846 | + * Fix error return for flush. | |
41847 | + * | |
41848 | + * Revision 1.19 1999/05/09 03:25:37 rgb | |
41849 | + * Fix bug introduced by 2.2 quick-and-dirty patch. | |
41850 | + * | |
41851 | + * Revision 1.18 1999/05/05 22:02:32 rgb | |
41852 | + * Add a quick and dirty port to 2.2 kernels by Marc Boucher <marc@mbsi.ca>. | |
41853 | + * | |
41854 | + * Revision 1.17 1999/04/29 15:20:16 rgb | |
41855 | + * Change gettdb parameter to a pointer to reduce stack loading and | |
41856 | + * facilitate parameter sanity checking. | |
41857 | + * Add sanity checking for null pointer arguments. | |
41858 | + * Add debugging instrumentation. | |
41859 | + * Add function deltdbchain() which will take care of unlinking, | |
41860 | + * zeroing and deleting a chain of tdbs. | |
41861 | + * Add a parameter to tdbcleanup to be able to delete a class of SAs. | |
41862 | + * tdbwipe now actually zeroes the tdb as well as any of its pointed | |
41863 | + * structures. | |
41864 | + * | |
41865 | + * Revision 1.16 1999/04/16 15:36:29 rgb | |
41866 | + * Fix cut-and-paste error causing a memory leak in IPIP TDB freeing. | |
41867 | + * | |
41868 | + * Revision 1.15 1999/04/11 00:29:01 henry | |
41869 | + * GPL boilerplate | |
41870 | + * | |
41871 | + * Revision 1.14 1999/04/06 04:54:28 rgb | |
41872 | + * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes | |
41873 | + * patch shell fixes. | |
41874 | + * | |
41875 | + * Revision 1.13 1999/02/19 18:23:01 rgb | |
41876 | + * Nix debug off compile warning. | |
41877 | + * | |
41878 | + * Revision 1.12 1999/02/17 16:52:16 rgb | |
41879 | + * Consolidate satoa()s for space and speed efficiency. | |
41880 | + * Convert DEBUG_IPSEC to KLIPS_PRINT | |
41881 | + * Clean out unused cruft. | |
41882 | + * Ditch NET_IPIP dependancy. | |
41883 | + * Loop for 3des key setting. | |
41884 | + * | |
41885 | + * Revision 1.11 1999/01/26 02:09:05 rgb | |
41886 | + * Remove ah/esp/IPIP switching on include files. | |
41887 | + * Removed CONFIG_IPSEC_ALGO_SWITCH macro. | |
41888 | + * Removed dead code. | |
41889 | + * Clean up debug code when switched off. | |
41890 | + * Remove references to INET_GET_PROTOCOL. | |
41891 | + * Added code exclusion macros to reduce code from unused algorithms. | |
41892 | + * | |
41893 | + * Revision 1.10 1999/01/22 06:28:55 rgb | |
41894 | + * Cruft clean-out. | |
41895 | + * Put random IV generation in kernel. | |
41896 | + * Added algorithm switch code. | |
41897 | + * Enhanced debugging. | |
41898 | + * 64-bit clean-up. | |
41899 | + * | |
41900 | + * Revision 1.9 1998/11/30 13:22:55 rgb | |
41901 | + * Rationalised all the klips kernel file headers. They are much shorter | |
41902 | + * now and won't conflict under RH5.2. | |
41903 | + * | |
41904 | + * Revision 1.8 1998/11/25 04:59:06 rgb | |
41905 | + * Add conditionals for no IPIP tunnel code. | |
41906 | + * Delete commented out code. | |
41907 | + * | |
41908 | + * Revision 1.7 1998/10/31 06:50:41 rgb | |
41909 | + * Convert xform ASCII names to no spaces. | |
41910 | + * Fixed up comments in #endif directives. | |
41911 | + * | |
41912 | + * Revision 1.6 1998/10/19 14:44:28 rgb | |
41913 | + * Added inclusion of freeswan.h. | |
41914 | + * sa_id structure implemented and used: now includes protocol. | |
41915 | + * | |
41916 | + * Revision 1.5 1998/10/09 04:32:19 rgb | |
41917 | + * Added 'klips_debug' prefix to all klips printk debug statements. | |
41918 | + * | |
41919 | + * Revision 1.4 1998/08/12 00:11:31 rgb | |
41920 | + * Added new xform functions to the xform table. | |
41921 | + * Fixed minor debug output spelling error. | |
41922 | + * | |
41923 | + * Revision 1.3 1998/07/09 17:45:31 rgb | |
41924 | + * Clarify algorithm not available message. | |
41925 | + * | |
41926 | + * Revision 1.2 1998/06/23 03:00:51 rgb | |
41927 | + * Check for presence of IPIP protocol if it is setup one way (we don't | |
41928 | + * know what has been set up the other way and can only assume it will be | |
41929 | + * symmetrical with the exception of keys). | |
41930 | + * | |
41931 | + * Revision 1.1 1998/06/18 21:27:51 henry | |
41932 | + * move sources from klips/src to klips/net/ipsec, to keep stupid | |
41933 | + * kernel-build scripts happier in the presence of symlinks | |
41934 | + * | |
41935 | + * Revision 1.3 1998/06/11 05:54:59 rgb | |
41936 | + * Added transform version string pointer to xformsw initialisations. | |
41937 | + * | |
41938 | + * Revision 1.2 1998/04/21 21:28:57 rgb | |
41939 | + * Rearrange debug switches to change on the fly debug output from user | |
41940 | + * space. Only kernel changes checked in at this time. radij.c was also | |
41941 | + * changed to temporarily remove buggy debugging code in rj_delete causing | |
41942 | + * an OOPS and hence, netlink device open errors. | |
41943 | + * | |
41944 | + * Revision 1.1 1998/04/09 03:06:13 henry | |
41945 | + * sources moved up from linux/net/ipsec | |
41946 | + * | |
41947 | + * Revision 1.1.1.1 1998/04/08 05:35:02 henry | |
41948 | + * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8 | |
41949 | + * | |
41950 | + * Revision 0.5 1997/06/03 04:24:48 ji | |
41951 | + * Added ESP-3DES-MD5-96 | |
41952 | + * | |
41953 | + * Revision 0.4 1997/01/15 01:28:15 ji | |
41954 | + * Added new transforms. | |
41955 | + * | |
41956 | + * Revision 0.3 1996/11/20 14:39:04 ji | |
41957 | + * Minor cleanups. | |
41958 | + * Rationalized debugging code. | |
41959 | + * | |
41960 | + * Revision 0.2 1996/11/02 00:18:33 ji | |
41961 | + * First limited release. | |
41962 | + * | |
41963 | + * | |
41964 | + */ | |
41965 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
41966 | +++ linux/net/ipsec/ipsec_xmit.c Mon Feb 9 13:51:03 2004 | |
41967 | @@ -0,0 +1,1850 @@ | |
41968 | +/* | |
41969 | + * IPSEC Transmit code. | |
41970 | + * Copyright (C) 1996, 1997 John Ioannidis. | |
41971 | + * Copyright (C) 1998-2003 Richard Guy Briggs. | |
41972 | + * Copyright (C) 2004-2005 Michael Richardson <mcr@xelerance.com> | |
41973 | + * | |
41974 | + * This program is free software; you can redistribute it and/or modify it | |
41975 | + * under the terms of the GNU General Public License as published by the | |
41976 | + * Free Software Foundation; either version 2 of the License, or (at your | |
41977 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
41978 | + * | |
41979 | + * This program is distributed in the hope that it will be useful, but | |
41980 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
41981 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
41982 | + * for more details. | |
41983 | + */ | |
41984 | + | |
41985 | +char ipsec_xmit_c_version[] = "RCSID $Id: ipsec_xmit.c,v 1.20.2.8 2006/10/06 21:39:26 paul Exp $"; | |
41986 | + | |
41987 | +#define __NO_VERSION__ | |
41988 | +#include <linux/module.h> | |
41989 | +#ifndef AUTOCONF_INCLUDED | |
41990 | +#include <linux/config.h> | |
41991 | +#endif /* for CONFIG_IP_FORWARD */ | |
41992 | +#include <linux/version.h> | |
41993 | +#include <linux/kernel.h> /* printk() */ | |
41994 | + | |
41995 | +#include "openswan/ipsec_param.h" | |
41996 | + | |
41997 | +#ifdef MALLOC_SLAB | |
41998 | +# include <linux/slab.h> /* kmalloc() */ | |
41999 | +#else /* MALLOC_SLAB */ | |
42000 | +# include <linux/malloc.h> /* kmalloc() */ | |
42001 | +#endif /* MALLOC_SLAB */ | |
42002 | +#include <linux/errno.h> /* error codes */ | |
42003 | +#include <linux/types.h> /* size_t */ | |
42004 | +#include <linux/interrupt.h> /* mark_bh */ | |
42005 | + | |
42006 | +#include <linux/netdevice.h> /* struct device, struct net_device_stats, dev_queue_xmit() and other headers */ | |
42007 | +#include <linux/etherdevice.h> /* eth_type_trans */ | |
42008 | +#include <linux/ip.h> /* struct iphdr */ | |
42009 | +#include <linux/tcp.h> /* struct tcphdr */ | |
42010 | +#include <linux/udp.h> /* struct udphdr */ | |
42011 | +#include <linux/skbuff.h> | |
42012 | +#include <asm/uaccess.h> | |
42013 | +#include <asm/checksum.h> | |
42014 | +#include <openswan.h> | |
42015 | +#ifdef NET_21 | |
42016 | +# define MSS_HACK_ /* experimental */ | |
42017 | +# include <linux/in6.h> | |
42018 | +# include <net/dst.h> | |
42019 | +# define proto_priv cb | |
42020 | +#endif /* NET_21 */ | |
42021 | + | |
42022 | +#include <net/icmp.h> /* icmp_send() */ | |
42023 | +#include <net/ip.h> | |
42024 | +#ifdef NETDEV_23 | |
42025 | +# include <linux/netfilter_ipv4.h> | |
42026 | +#endif /* NETDEV_23 */ | |
42027 | + | |
42028 | +#include <linux/if_arp.h> | |
42029 | +#ifdef MSS_HACK | |
42030 | +# include <net/tcp.h> /* TCP options */ | |
42031 | +#endif /* MSS_HACK */ | |
42032 | + | |
42033 | +#include "openswan/radij.h" | |
42034 | +#include "openswan/ipsec_life.h" | |
42035 | +#include "openswan/ipsec_xform.h" | |
42036 | +#include "openswan/ipsec_eroute.h" | |
42037 | +#include "openswan/ipsec_encap.h" | |
42038 | +#include "openswan/ipsec_radij.h" | |
42039 | +#include "openswan/ipsec_xmit.h" | |
42040 | +#include "openswan/ipsec_sa.h" | |
42041 | +#include "openswan/ipsec_tunnel.h" | |
42042 | +#include "openswan/ipsec_ipe4.h" | |
42043 | +#include "openswan/ipsec_ah.h" | |
42044 | +#include "openswan/ipsec_esp.h" | |
42045 | + | |
42046 | +#ifdef CONFIG_KLIPS_IPCOMP | |
42047 | +#include "openswan/ipcomp.h" | |
42048 | +#endif /* CONFIG_KLIPS_IPCOMP */ | |
42049 | + | |
42050 | +#include <pfkeyv2.h> | |
42051 | +#include <pfkey.h> | |
42052 | + | |
42053 | +#include "openswan/ipsec_proto.h" | |
42054 | +#include "openswan/ipsec_alg.h" | |
42055 | + | |
42056 | + | |
42057 | +/* | |
42058 | + * Stupid kernel API differences in APIs. Not only do some | |
42059 | + * kernels not have ip_select_ident, but some have differing APIs, | |
42060 | + * and SuSE has one with one parameter, but no way of checking to | |
42061 | + * see what is really what. | |
42062 | + */ | |
42063 | + | |
42064 | +#ifdef SUSE_LINUX_2_4_19_IS_STUPID | |
42065 | +#define KLIPS_IP_SELECT_IDENT(iph, skb) ip_select_ident(iph) | |
42066 | +#else | |
42067 | + | |
42068 | +/* simplest case, nothing */ | |
42069 | +#if !defined(IP_SELECT_IDENT) | |
42070 | +#define KLIPS_IP_SELECT_IDENT(iph, skb) do { iph->id = htons(ip_id_count++); } while(0) | |
42071 | +#endif | |
42072 | + | |
42073 | +/* kernels > 2.3.37-ish */ | |
42074 | +#if defined(IP_SELECT_IDENT) && !defined(IP_SELECT_IDENT_NEW) | |
42075 | +#define KLIPS_IP_SELECT_IDENT(iph, skb) ip_select_ident(iph, skb->dst) | |
42076 | +#endif | |
42077 | + | |
42078 | +/* kernels > 2.4.2 */ | |
42079 | +#if defined(IP_SELECT_IDENT) && defined(IP_SELECT_IDENT_NEW) | |
42080 | +#define KLIPS_IP_SELECT_IDENT(iph, skb) ip_select_ident(iph, skb->dst, NULL) | |
42081 | +#endif | |
42082 | + | |
42083 | +#endif /* SUSE_LINUX_2_4_19_IS_STUPID */ | |
42084 | + | |
42085 | + | |
42086 | + | |
42087 | +#if defined(CONFIG_KLIPS_AH) | |
42088 | +static __u32 zeroes[64]; | |
42089 | +#endif | |
42090 | + | |
42091 | +#ifdef CONFIG_KLIPS_DEBUG | |
42092 | +int sysctl_ipsec_debug_verbose = 0; | |
42093 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
42094 | + | |
42095 | +int ipsec_xmit_trap_count = 0; | |
42096 | +int ipsec_xmit_trap_sendcount = 0; | |
42097 | + | |
42098 | +int sysctl_ipsec_icmp = 0; | |
42099 | +int sysctl_ipsec_tos = 0; | |
42100 | + | |
42101 | +#ifdef CONFIG_KLIPS_DEBUG | |
42102 | +#define dmp(_x,_y,_z) if(debug_tunnel) ipsec_dmp_block(_x,_y,_z) | |
42103 | +#else /* CONFIG_KLIPS_DEBUG */ | |
42104 | +#define dmp(_x, _y, _z) | |
42105 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
42106 | + | |
42107 | + | |
42108 | +#if !defined(SKB_COPY_EXPAND) || defined(KLIPS_UNIT_TESTS) | |
42109 | +/* | |
42110 | + * This is mostly skbuff.c:skb_copy(). | |
42111 | + */ | |
42112 | +struct sk_buff * | |
42113 | +skb_copy_expand(const struct sk_buff *skb, int headroom, | |
42114 | + int tailroom, int priority) | |
42115 | +{ | |
42116 | + struct sk_buff *n; | |
42117 | + unsigned long offset; | |
42118 | + | |
42119 | + /* | |
42120 | + * Do sanity checking | |
42121 | + */ | |
42122 | + if((headroom < 0) || (tailroom < 0) || ((headroom+tailroom) < 0)) { | |
42123 | + printk(KERN_WARNING | |
42124 | + "klips_error:skb_copy_expand: " | |
42125 | + "Illegal negative head,tailroom %d,%d\n", | |
42126 | + headroom, | |
42127 | + tailroom); | |
42128 | + return NULL; | |
42129 | + } | |
42130 | + /* | |
42131 | + * Allocate the copy buffer | |
42132 | + */ | |
42133 | + | |
42134 | +#ifndef NET_21 | |
42135 | + IS_SKB(skb); | |
42136 | +#endif /* !NET_21 */ | |
42137 | + | |
42138 | + | |
42139 | + n=alloc_skb(skb->end - skb->head + headroom + tailroom, priority); | |
42140 | + | |
42141 | + KLIPS_PRINT(debug_tunnel & DB_TN_CROUT, | |
42142 | + "klips_debug:skb_copy_expand: " | |
42143 | + "allocating %d bytes, head=0p%p data=0p%p tail=0p%p end=0p%p end-head=%d tail-data=%d\n", | |
42144 | + skb->end - skb->head + headroom + tailroom, | |
42145 | + skb->head, | |
42146 | + skb->data, | |
42147 | + skb->tail, | |
42148 | + skb->end, | |
42149 | + skb->end - skb->head, | |
42150 | + skb->tail - skb->data); | |
42151 | + | |
42152 | + if(n==NULL) | |
42153 | + return NULL; | |
42154 | + | |
42155 | + /* | |
42156 | + * Shift between the two data areas in bytes | |
42157 | + */ | |
42158 | + | |
42159 | + /* Set the data pointer */ | |
42160 | + skb_reserve(n,skb->data-skb->head+headroom); | |
42161 | + /* Set the tail pointer and length */ | |
42162 | + if(skb_tailroom(n) < skb->len) { | |
42163 | + printk(KERN_WARNING "klips_error:skb_copy_expand: " | |
42164 | + "tried to skb_put %ld, %d available. This should never happen, please report.\n", | |
42165 | + (unsigned long int)skb->len, | |
42166 | + skb_tailroom(n)); | |
42167 | + ipsec_kfree_skb(n); | |
42168 | + return NULL; | |
42169 | + } | |
42170 | + skb_put(n,skb->len); | |
42171 | + | |
42172 | + offset=n->head + headroom - skb->head; | |
42173 | + | |
42174 | + /* Copy the bytes */ | |
42175 | + memcpy(n->head + headroom, skb->head,skb->end-skb->head); | |
42176 | +#ifdef NET_21 | |
42177 | + n->csum=skb->csum; | |
42178 | + n->priority=skb->priority; | |
42179 | + n->dst=dst_clone(skb->dst); | |
42180 | + if(skb->nh.raw) | |
42181 | + n->nh.raw=skb->nh.raw+offset; | |
42182 | +#ifndef NETDEV_23 | |
42183 | + n->is_clone=0; | |
42184 | +#endif /* NETDEV_23 */ | |
42185 | + atomic_set(&n->users, 1); | |
42186 | + n->destructor = NULL; | |
42187 | +#ifdef HAVE_SOCK_SECURITY | |
42188 | + n->security=skb->security; | |
42189 | +#endif | |
42190 | +#else /* NET_21 */ | |
42191 | + n->link3=NULL; | |
42192 | + n->when=skb->when; | |
42193 | + if(skb->ip_hdr) | |
42194 | + n->ip_hdr=(struct iphdr *)(((char *)skb->ip_hdr)+offset); | |
42195 | + n->saddr=skb->saddr; | |
42196 | + n->daddr=skb->daddr; | |
42197 | + n->raddr=skb->raddr; | |
42198 | + n->seq=skb->seq; | |
42199 | + n->end_seq=skb->end_seq; | |
42200 | + n->ack_seq=skb->ack_seq; | |
42201 | + n->acked=skb->acked; | |
42202 | + n->free=1; | |
42203 | + n->arp=skb->arp; | |
42204 | + n->tries=0; | |
42205 | + n->lock=0; | |
42206 | + n->users=0; | |
42207 | +#endif /* NET_21 */ | |
42208 | + n->protocol=skb->protocol; | |
42209 | + n->list=NULL; | |
42210 | + n->sk=NULL; | |
42211 | + n->dev=skb->dev; | |
42212 | + if(skb->h.raw) | |
42213 | + n->h.raw=skb->h.raw+offset; | |
42214 | + if(skb->mac.raw) | |
42215 | + n->mac.raw=skb->mac.raw+offset; | |
42216 | + memcpy(n->proto_priv, skb->proto_priv, sizeof(skb->proto_priv)); | |
42217 | +#ifndef NETDEV_23 | |
42218 | + n->used=skb->used; | |
42219 | +#endif /* !NETDEV_23 */ | |
42220 | + n->pkt_type=skb->pkt_type; | |
42221 | + n->stamp=skb->stamp; | |
42222 | + | |
42223 | +#ifndef NET_21 | |
42224 | + IS_SKB(n); | |
42225 | +#endif /* !NET_21 */ | |
42226 | + return n; | |
42227 | +} | |
42228 | +#endif /* !SKB_COPY_EXPAND */ | |
42229 | + | |
42230 | +#ifdef CONFIG_KLIPS_DEBUG | |
42231 | +void | |
42232 | +ipsec_print_ip(struct iphdr *ip) | |
42233 | +{ | |
42234 | + char buf[ADDRTOA_BUF]; | |
42235 | + | |
42236 | + printk(KERN_INFO "klips_debug: IP:"); | |
42237 | + printk(" ihl:%d", ip->ihl << 2); | |
42238 | + printk(" ver:%d", ip->version); | |
42239 | + printk(" tos:%d", ip->tos); | |
42240 | + printk(" tlen:%d", ntohs(ip->tot_len)); | |
42241 | + printk(" id:%d", ntohs(ip->id)); | |
42242 | + printk(" %s%s%sfrag_off:%d", | |
42243 | + ip->frag_off & __constant_htons(IP_CE) ? "CE " : "", | |
42244 | + ip->frag_off & __constant_htons(IP_DF) ? "DF " : "", | |
42245 | + ip->frag_off & __constant_htons(IP_MF) ? "MF " : "", | |
42246 | + (ntohs(ip->frag_off) & IP_OFFSET) << 3); | |
42247 | + printk(" ttl:%d", ip->ttl); | |
42248 | + printk(" proto:%d", ip->protocol); | |
42249 | + if(ip->protocol == IPPROTO_UDP) | |
42250 | + printk(" (UDP)"); | |
42251 | + if(ip->protocol == IPPROTO_TCP) | |
42252 | + printk(" (TCP)"); | |
42253 | + if(ip->protocol == IPPROTO_ICMP) | |
42254 | + printk(" (ICMP)"); | |
42255 | + if(ip->protocol == IPPROTO_ESP) | |
42256 | + printk(" (ESP)"); | |
42257 | + if(ip->protocol == IPPROTO_AH) | |
42258 | + printk(" (AH)"); | |
42259 | + if(ip->protocol == IPPROTO_COMP) | |
42260 | + printk(" (COMP)"); | |
42261 | + printk(" chk:%d", ntohs(ip->check)); | |
42262 | + addrtoa(*((struct in_addr*)(&ip->saddr)), 0, buf, sizeof(buf)); | |
42263 | + printk(" saddr:%s", buf); | |
42264 | + if(ip->protocol == IPPROTO_UDP) | |
42265 | + printk(":%d", | |
42266 | + ntohs(((struct udphdr*)((caddr_t)ip + (ip->ihl << 2)))->source)); | |
42267 | + if(ip->protocol == IPPROTO_TCP) | |
42268 | + printk(":%d", | |
42269 | + ntohs(((struct tcphdr*)((caddr_t)ip + (ip->ihl << 2)))->source)); | |
42270 | + addrtoa(*((struct in_addr*)(&ip->daddr)), 0, buf, sizeof(buf)); | |
42271 | + printk(" daddr:%s", buf); | |
42272 | + if(ip->protocol == IPPROTO_UDP) | |
42273 | + printk(":%d", | |
42274 | + ntohs(((struct udphdr*)((caddr_t)ip + (ip->ihl << 2)))->dest)); | |
42275 | + if(ip->protocol == IPPROTO_TCP) | |
42276 | + printk(":%d", | |
42277 | + ntohs(((struct tcphdr*)((caddr_t)ip + (ip->ihl << 2)))->dest)); | |
42278 | + if(ip->protocol == IPPROTO_ICMP) | |
42279 | + printk(" type:code=%d:%d", | |
42280 | + ((struct icmphdr*)((caddr_t)ip + (ip->ihl << 2)))->type, | |
42281 | + ((struct icmphdr*)((caddr_t)ip + (ip->ihl << 2)))->code); | |
42282 | + printk("\n"); | |
42283 | + | |
42284 | + if(sysctl_ipsec_debug_verbose) { | |
42285 | + __u8 *c; | |
42286 | + int len = ntohs(ip->tot_len) - ip->ihl*4; | |
42287 | + | |
42288 | + c = ((__u8*)ip) + ip->ihl*4; | |
42289 | + ipsec_dmp_block("ip_print", c, len); | |
42290 | + } | |
42291 | +} | |
42292 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
42293 | + | |
42294 | +#ifdef MSS_HACK | |
42295 | +/* | |
42296 | + * Issues: | |
42297 | + * 1) Fragments arriving in the tunnel should probably be rejected. | |
42298 | + * 2) How does this affect syncookies, mss_cache, dst cache ? | |
42299 | + * 3) Path MTU discovery handling needs to be reviewed. For example, | |
42300 | + * if we receive an ICMP 'packet too big' message from an intermediate | |
42301 | + * router specifying it's next hop MTU, our stack may process this and | |
42302 | + * adjust the MSS without taking our AH/ESP overheads into account. | |
42303 | + */ | |
42304 | + | |
42305 | + | |
42306 | +/* | |
42307 | + * Recaclulate checksum using differences between changed datum, | |
42308 | + * borrowed from netfilter. | |
42309 | + */ | |
42310 | +DEBUG_NO_STATIC u_int16_t | |
42311 | +ipsec_fast_csum(u_int32_t oldvalinv, u_int32_t newval, u_int16_t oldcheck) | |
42312 | +{ | |
42313 | + u_int32_t diffs[] = { oldvalinv, newval }; | |
42314 | + return csum_fold(csum_partial((char *)diffs, sizeof(diffs), | |
42315 | + oldcheck^0xFFFF)); | |
42316 | +} | |
42317 | + | |
42318 | +/* | |
42319 | + * Determine effective MSS. | |
42320 | + * | |
42321 | + * Note that we assume that there is always an MSS option for our own | |
42322 | + * SYN segments, which is mentioned in tcp_syn_build_options(), kernel 2.2.x. | |
42323 | + * This could change, and we should probably parse TCP options instead. | |
42324 | + * | |
42325 | + */ | |
42326 | +DEBUG_NO_STATIC u_int8_t | |
42327 | +ipsec_adjust_mss(struct sk_buff *skb, struct tcphdr *tcph, u_int16_t mtu) | |
42328 | +{ | |
42329 | + u_int16_t oldmss, newmss; | |
42330 | + u_int32_t *mssp; | |
42331 | + struct sock *sk = skb->sk; | |
42332 | + | |
42333 | + newmss = tcp_sync_mss(sk, mtu); | |
42334 | + printk(KERN_INFO "klips: setting mss to %u\n", newmss); | |
42335 | + mssp = (u_int32_t *)tcph + sizeof(struct tcphdr) / sizeof(u_int32_t); | |
42336 | + oldmss = ntohl(*mssp) & 0x0000FFFF; | |
42337 | + *mssp = htonl((TCPOPT_MSS << 24) | (TCPOLEN_MSS << 16) | newmss); | |
42338 | + tcph->check = ipsec_fast_csum(htons(~oldmss), | |
42339 | + htons(newmss), tcph->check); | |
42340 | + return 1; | |
42341 | +} | |
42342 | +#endif /* MSS_HACK */ | |
42343 | + | |
42344 | +/* | |
42345 | + * Sanity checks | |
42346 | + */ | |
42347 | +enum ipsec_xmit_value | |
42348 | +ipsec_xmit_sanity_check_dev(struct ipsec_xmit_state *ixs) | |
42349 | +{ | |
42350 | + | |
42351 | + if (ixs->dev == NULL) { | |
42352 | + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, | |
42353 | + "klips_error:ipsec_xmit_sanity_check_dev: " | |
42354 | + "No device associated with skb!\n" ); | |
42355 | + return IPSEC_XMIT_NODEV; | |
42356 | + } | |
42357 | + | |
42358 | + ixs->prv = ixs->dev->priv; | |
42359 | + if (ixs->prv == NULL) { | |
42360 | + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, | |
42361 | + "klips_error:ipsec_xmit_sanity_check_dev: " | |
42362 | + "Device has no private structure!\n" ); | |
42363 | + return IPSEC_XMIT_NOPRIVDEV; | |
42364 | + } | |
42365 | + | |
42366 | + ixs->physdev = ixs->prv->dev; | |
42367 | + if (ixs->physdev == NULL) { | |
42368 | + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, | |
42369 | + "klips_error:ipsec_xmit_sanity_check_dev: " | |
42370 | + "Device is not attached to physical device!\n" ); | |
42371 | + return IPSEC_XMIT_NOPHYSDEV; | |
42372 | + } | |
42373 | + | |
42374 | + ixs->physmtu = ixs->physdev->mtu; | |
42375 | + ixs->cur_mtu = ixs->physdev->mtu; | |
42376 | + ixs->stats = (struct net_device_stats *) &(ixs->prv->mystats); | |
42377 | + | |
42378 | + return IPSEC_XMIT_OK; | |
42379 | +} | |
42380 | + | |
42381 | +enum ipsec_xmit_value | |
42382 | +ipsec_xmit_sanity_check_skb(struct ipsec_xmit_state *ixs) | |
42383 | +{ | |
42384 | + /* | |
42385 | + * Return if there is nothing to do. (Does this ever happen?) XXX | |
42386 | + */ | |
42387 | + if (ixs->skb == NULL) { | |
42388 | + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, | |
42389 | + "klips_error:ipsec_xmit_sanity_check_skb: " | |
42390 | + "Nothing to do!\n" ); | |
42391 | + return IPSEC_XMIT_NOSKB; | |
42392 | + } | |
42393 | + | |
42394 | + /* if skb was cloned (most likely due to a packet sniffer such as | |
42395 | + tcpdump being momentarily attached to the interface), make | |
42396 | + a copy of our own to modify */ | |
42397 | + if(skb_cloned(ixs->skb)) { | |
42398 | + if | |
42399 | +#ifdef SKB_COW_NEW | |
42400 | + (skb_cow(ixs->skb, skb_headroom(ixs->skb)) != 0) | |
42401 | +#else /* SKB_COW_NEW */ | |
42402 | + ((ixs->skb = skb_cow(ixs->skb, skb_headroom(ixs->skb))) == NULL) | |
42403 | +#endif /* SKB_COW_NEW */ | |
42404 | + { | |
42405 | + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, | |
42406 | + "klips_error:ipsec_xmit_sanity_check_skb: " | |
42407 | + "skb_cow failed to allocate buffer, dropping.\n" ); | |
42408 | + ixs->stats->tx_dropped++; | |
42409 | + return IPSEC_XMIT_ERRSKBALLOC; | |
42410 | + } | |
42411 | + } | |
42412 | + | |
42413 | + ixs->iph = ixs->skb->nh.iph; | |
42414 | + | |
42415 | + /* sanity check for IP version as we can't handle IPv6 right now */ | |
42416 | + if (ixs->iph->version != 4) { | |
42417 | + KLIPS_PRINT(debug_tunnel, | |
42418 | + "klips_debug:ipsec_xmit_sanity_check_skb: " | |
42419 | + "found IP Version %d but cannot process other IP versions than v4.\n", | |
42420 | + ixs->iph->version); /* XXX */ | |
42421 | + ixs->stats->tx_dropped++; | |
42422 | + return IPSEC_XMIT_NOIPV6; | |
42423 | + } | |
42424 | + | |
42425 | +#if IPSEC_DISALLOW_IPOPTIONS | |
42426 | + if ((ixs->iph->ihl << 2) != sizeof (struct iphdr)) { | |
42427 | + KLIPS_PRINT(debug_tunnel, | |
42428 | + "klips_debug:ipsec_xmit_sanity_check_skb: " | |
42429 | + "cannot process IP header options yet. May be mal-formed packet.\n"); /* XXX */ | |
42430 | + ixs->stats->tx_dropped++; | |
42431 | + return IPSEC_XMIT_NOIPOPTIONS; | |
42432 | + } | |
42433 | +#endif /* IPSEC_DISALLOW_IPOPTIONS */ | |
42434 | + | |
42435 | +#ifndef NET_21 | |
42436 | + if (ixs->iph->ttl <= 0) { | |
42437 | + /* Tell the sender its packet died... */ | |
42438 | + ICMP_SEND(ixs->skb, ICMP_TIME_EXCEEDED, ICMP_EXC_TTL, 0, ixs->physdev); | |
42439 | + | |
42440 | + KLIPS_PRINT(debug_tunnel, "klips_debug:ipsec_xmit_sanity_check_skb: " | |
42441 | + "TTL=0, too many hops!\n"); | |
42442 | + ixs->stats->tx_dropped++; | |
42443 | + return IPSEC_XMIT_TTLEXPIRED; | |
42444 | + } | |
42445 | +#endif /* !NET_21 */ | |
42446 | + | |
42447 | + return IPSEC_XMIT_OK; | |
42448 | +} | |
42449 | + | |
42450 | +enum ipsec_xmit_value | |
42451 | +ipsec_xmit_encap_once(struct ipsec_xmit_state *ixs) | |
42452 | +{ | |
42453 | +#ifdef CONFIG_KLIPS_ESP | |
42454 | + struct esphdr *espp; | |
42455 | + unsigned char *idat, *pad; | |
42456 | + int authlen = 0, padlen = 0, i; | |
42457 | +#endif /* !CONFIG_KLIPS_ESP */ | |
42458 | +#ifdef CONFIG_KLIPS_AH | |
42459 | + struct iphdr ipo; | |
42460 | + struct ahhdr *ahp; | |
42461 | +#endif /* CONFIG_KLIPS_AH */ | |
42462 | +#if defined(CONFIG_KLIPS_AUTH_HMAC_MD5) || defined(CONFIG_KLIPS_AUTH_HMAC_SHA1) | |
42463 | + union { | |
42464 | +#ifdef CONFIG_KLIPS_AUTH_HMAC_MD5 | |
42465 | + MD5_CTX md5; | |
42466 | +#endif /* CONFIG_KLIPS_AUTH_HMAC_MD5 */ | |
42467 | +#ifdef CONFIG_KLIPS_AUTH_HMAC_SHA1 | |
42468 | + SHA1_CTX sha1; | |
42469 | +#endif /* CONFIG_KLIPS_AUTH_HMAC_SHA1 */ | |
42470 | + } tctx; | |
42471 | + __u8 hash[AH_AMAX]; | |
42472 | +#endif /* defined(CONFIG_KLIPS_AUTH_HMAC_MD5) || defined(CONFIG_KLIPS_AUTH_HMACn_SHA1) */ | |
42473 | + int headroom = 0, tailroom = 0, ilen = 0, len = 0; | |
42474 | + unsigned char *dat; | |
42475 | + int blocksize = 8; /* XXX: should be inside ixs --jjo */ | |
42476 | + struct ipsec_alg_enc *ixt_e = NULL; | |
42477 | + struct ipsec_alg_auth *ixt_a = NULL; | |
42478 | + | |
42479 | + ixs->iphlen = ixs->iph->ihl << 2; | |
42480 | + ixs->pyldsz = ntohs(ixs->iph->tot_len) - ixs->iphlen; | |
42481 | + ixs->sa_len = satot(&ixs->ipsp->ips_said, 0, ixs->sa_txt, SATOT_BUF); | |
42482 | + KLIPS_PRINT(debug_tunnel & DB_TN_OXFS, | |
42483 | + "klips_debug:ipsec_xmit_encap_once: " | |
42484 | + "calling output for <%s%s%s>, SA:%s\n", | |
42485 | + IPS_XFORM_NAME(ixs->ipsp), | |
42486 | + ixs->sa_len ? ixs->sa_txt : " (error)"); | |
42487 | + | |
42488 | + switch(ixs->ipsp->ips_said.proto) { | |
42489 | +#ifdef CONFIG_KLIPS_AH | |
42490 | + case IPPROTO_AH: | |
42491 | + headroom += sizeof(struct ahhdr); | |
42492 | + break; | |
42493 | +#endif /* CONFIG_KLIPS_AH */ | |
42494 | + | |
42495 | +#ifdef CONFIG_KLIPS_ESP | |
42496 | + case IPPROTO_ESP: | |
42497 | + ixt_e=ixs->ipsp->ips_alg_enc; | |
42498 | + if (ixt_e) { | |
42499 | + blocksize = ixt_e->ixt_common.ixt_blocksize; | |
42500 | + headroom += ESP_HEADER_LEN + ixt_e->ixt_common.ixt_support.ias_ivlen/8; | |
42501 | + } else { | |
42502 | + ixs->stats->tx_errors++; | |
42503 | + return IPSEC_XMIT_ESP_BADALG; | |
42504 | + } | |
42505 | + | |
42506 | + ixt_a=ixs->ipsp->ips_alg_auth; | |
42507 | + if (ixt_a) { | |
42508 | + tailroom += AHHMAC_HASHLEN; | |
42509 | + } else | |
42510 | + switch(ixs->ipsp->ips_authalg) { | |
42511 | +#ifdef CONFIG_KLIPS_AUTH_HMAC_MD5 | |
42512 | + case AH_MD5: | |
42513 | + authlen = AHHMAC_HASHLEN; | |
42514 | + break; | |
42515 | +#endif /* CONFIG_KLIPS_AUTH_HMAC_MD5 */ | |
42516 | +#ifdef CONFIG_KLIPS_AUTH_HMAC_SHA1 | |
42517 | + case AH_SHA: | |
42518 | + authlen = AHHMAC_HASHLEN; | |
42519 | + break; | |
42520 | +#endif /* CONFIG_KLIPS_AUTH_HMAC_SHA1 */ | |
42521 | + case AH_NONE: | |
42522 | + break; | |
42523 | + default: | |
42524 | + ixs->stats->tx_errors++; | |
42525 | + return IPSEC_XMIT_ESP_BADALG; | |
42526 | + } | |
42527 | + tailroom += blocksize != 1 ? | |
42528 | + ((blocksize - ((ixs->pyldsz + 2) % blocksize)) % blocksize) + 2 : | |
42529 | + ((4 - ((ixs->pyldsz + 2) % 4)) % 4) + 2; | |
42530 | + tailroom += authlen; | |
42531 | + break; | |
42532 | +#endif /* CONFIG_KLIPS_ESP */ | |
42533 | + | |
42534 | +#ifdef CONFIG_KLIPS_IPIP | |
42535 | + case IPPROTO_IPIP: | |
42536 | + headroom += sizeof(struct iphdr); | |
42537 | + ixs->iphlen = sizeof(struct iphdr); | |
42538 | + break; | |
42539 | +#endif /* !CONFIG_KLIPS_IPIP */ | |
42540 | + | |
42541 | +#ifdef CONFIG_KLIPS_IPCOMP | |
42542 | + case IPPROTO_COMP: | |
42543 | + break; | |
42544 | +#endif /* CONFIG_KLIPS_IPCOMP */ | |
42545 | + | |
42546 | + default: | |
42547 | + ixs->stats->tx_errors++; | |
42548 | + return IPSEC_XMIT_BADPROTO; | |
42549 | + } | |
42550 | + | |
42551 | + KLIPS_PRINT(debug_tunnel & DB_TN_CROUT, | |
42552 | + "klips_debug:ipsec_xmit_encap_once: " | |
42553 | + "pushing %d bytes, putting %d, proto %d.\n", | |
42554 | + headroom, tailroom, ixs->ipsp->ips_said.proto); | |
42555 | + if(skb_headroom(ixs->skb) < headroom) { | |
42556 | + printk(KERN_WARNING | |
42557 | + "klips_error:ipsec_xmit_encap_once: " | |
42558 | + "tried to skb_push headroom=%d, %d available. This should never happen, please report.\n", | |
42559 | + headroom, skb_headroom(ixs->skb)); | |
42560 | + ixs->stats->tx_errors++; | |
42561 | + return IPSEC_XMIT_ESP_PUSHPULLERR; | |
42562 | + } | |
42563 | + | |
42564 | + dat = skb_push(ixs->skb, headroom); | |
42565 | + ilen = ixs->skb->len - tailroom; | |
42566 | + if(skb_tailroom(ixs->skb) < tailroom) { | |
42567 | + printk(KERN_WARNING | |
42568 | + "klips_error:ipsec_xmit_encap_once: " | |
42569 | + "tried to skb_put %d, %d available. This should never happen, please report.\n", | |
42570 | + tailroom, skb_tailroom(ixs->skb)); | |
42571 | + ixs->stats->tx_errors++; | |
42572 | + return IPSEC_XMIT_ESP_PUSHPULLERR; | |
42573 | + } | |
42574 | + skb_put(ixs->skb, tailroom); | |
42575 | + KLIPS_PRINT(debug_tunnel & DB_TN_CROUT, | |
42576 | + "klips_debug:ipsec_xmit_encap_once: " | |
42577 | + "head,tailroom: %d,%d before xform.\n", | |
42578 | + skb_headroom(ixs->skb), skb_tailroom(ixs->skb)); | |
42579 | + len = ixs->skb->len; | |
42580 | + if(len > 0xfff0) { | |
42581 | + printk(KERN_WARNING "klips_error:ipsec_xmit_encap_once: " | |
42582 | + "tot_len (%d) > 65520. This should never happen, please report.\n", | |
42583 | + len); | |
42584 | + ixs->stats->tx_errors++; | |
42585 | + return IPSEC_XMIT_BADLEN; | |
42586 | + } | |
42587 | + memmove((void *)dat, (void *)(dat + headroom), ixs->iphlen); | |
42588 | + ixs->iph = (struct iphdr *)dat; | |
42589 | + ixs->iph->tot_len = htons(ixs->skb->len); | |
42590 | + | |
42591 | + switch(ixs->ipsp->ips_said.proto) { | |
42592 | +#ifdef CONFIG_KLIPS_ESP | |
42593 | + case IPPROTO_ESP: | |
42594 | + espp = (struct esphdr *)(dat + ixs->iphlen); | |
42595 | + espp->esp_spi = ixs->ipsp->ips_said.spi; | |
42596 | + espp->esp_rpl = htonl(++(ixs->ipsp->ips_replaywin_lastseq)); | |
42597 | + | |
42598 | + if (!ixt_e) { | |
42599 | + ixs->stats->tx_errors++; | |
42600 | + return IPSEC_XMIT_ESP_BADALG; | |
42601 | + } | |
42602 | + | |
42603 | + idat = dat + ixs->iphlen + headroom; | |
42604 | + ilen = len - (ixs->iphlen + headroom + authlen); | |
42605 | + | |
42606 | + /* Self-describing padding */ | |
42607 | + pad = &dat[len - tailroom]; | |
42608 | + padlen = tailroom - 2 - authlen; | |
42609 | + for (i = 0; i < padlen; i++) { | |
42610 | + pad[i] = i + 1; | |
42611 | + } | |
42612 | + dat[len - authlen - 2] = padlen; | |
42613 | + | |
42614 | + dat[len - authlen - 1] = ixs->iph->protocol; | |
42615 | + ixs->iph->protocol = IPPROTO_ESP; | |
42616 | +#ifdef CONFIG_KLIPS_DEBUG | |
42617 | + if(debug_tunnel & DB_TN_ENCAP) { | |
42618 | + dmp("pre-encrypt", dat, len); | |
42619 | + } | |
42620 | +#endif | |
42621 | + | |
42622 | + /* | |
42623 | + * Do all operations here: | |
42624 | + * copy IV->ESP, encrypt, update ips IV | |
42625 | + * | |
42626 | + */ | |
42627 | + { | |
42628 | + int ret; | |
42629 | + memcpy(espp->esp_iv, | |
42630 | + ixs->ipsp->ips_iv, | |
42631 | + ixs->ipsp->ips_iv_size); | |
42632 | + ret=ipsec_alg_esp_encrypt(ixs->ipsp, | |
42633 | + idat, ilen, espp->esp_iv, | |
42634 | + IPSEC_ALG_ENCRYPT); | |
42635 | + | |
42636 | + prng_bytes(&ipsec_prng, | |
42637 | + (char *)ixs->ipsp->ips_iv, | |
42638 | + ixs->ipsp->ips_iv_size); | |
42639 | + } | |
42640 | + | |
42641 | + if (ixt_a) { | |
42642 | + ipsec_alg_sa_esp_hash(ixs->ipsp, | |
42643 | + (caddr_t)espp, len - ixs->iphlen - authlen, | |
42644 | + &(dat[len - authlen]), authlen); | |
42645 | + | |
42646 | + } else | |
42647 | + switch(ixs->ipsp->ips_authalg) { | |
42648 | +#ifdef CONFIG_KLIPS_AUTH_HMAC_MD5 | |
42649 | + case AH_MD5: | |
42650 | + dmp("espp", (char*)espp, len - ixs->iphlen - authlen); | |
42651 | + tctx.md5 = ((struct md5_ctx*)(ixs->ipsp->ips_key_a))->ictx; | |
42652 | + dmp("ictx", (char*)&tctx.md5, sizeof(tctx.md5)); | |
42653 | + osMD5Update(&tctx.md5, (caddr_t)espp, len - ixs->iphlen - authlen); | |
42654 | + dmp("ictx+dat", (char*)&tctx.md5, sizeof(tctx.md5)); | |
42655 | + osMD5Final(hash, &tctx.md5); | |
42656 | + dmp("ictx hash", (char*)&hash, sizeof(hash)); | |
42657 | + tctx.md5 = ((struct md5_ctx*)(ixs->ipsp->ips_key_a))->octx; | |
42658 | + dmp("octx", (char*)&tctx.md5, sizeof(tctx.md5)); | |
42659 | + osMD5Update(&tctx.md5, hash, AHMD596_ALEN); | |
42660 | + dmp("octx+hash", (char*)&tctx.md5, sizeof(tctx.md5)); | |
42661 | + osMD5Final(hash, &tctx.md5); | |
42662 | + dmp("octx hash", (char*)&hash, sizeof(hash)); | |
42663 | + memcpy(&(dat[len - authlen]), hash, authlen); | |
42664 | + | |
42665 | + /* paranoid */ | |
42666 | + memset((caddr_t)&tctx.md5, 0, sizeof(tctx.md5)); | |
42667 | + memset((caddr_t)hash, 0, sizeof(*hash)); | |
42668 | + break; | |
42669 | +#endif /* CONFIG_KLIPS_AUTH_HMAC_MD5 */ | |
42670 | +#ifdef CONFIG_KLIPS_AUTH_HMAC_SHA1 | |
42671 | + case AH_SHA: | |
42672 | + tctx.sha1 = ((struct sha1_ctx*)(ixs->ipsp->ips_key_a))->ictx; | |
42673 | + SHA1Update(&tctx.sha1, (caddr_t)espp, len - ixs->iphlen - authlen); | |
42674 | + SHA1Final(hash, &tctx.sha1); | |
42675 | + tctx.sha1 = ((struct sha1_ctx*)(ixs->ipsp->ips_key_a))->octx; | |
42676 | + SHA1Update(&tctx.sha1, hash, AHSHA196_ALEN); | |
42677 | + SHA1Final(hash, &tctx.sha1); | |
42678 | + memcpy(&(dat[len - authlen]), hash, authlen); | |
42679 | + | |
42680 | + /* paranoid */ | |
42681 | + memset((caddr_t)&tctx.sha1, 0, sizeof(tctx.sha1)); | |
42682 | + memset((caddr_t)hash, 0, sizeof(*hash)); | |
42683 | + break; | |
42684 | +#endif /* CONFIG_KLIPS_AUTH_HMAC_SHA1 */ | |
42685 | + case AH_NONE: | |
42686 | + break; | |
42687 | + default: | |
42688 | + ixs->stats->tx_errors++; | |
42689 | + return IPSEC_XMIT_AH_BADALG; | |
42690 | + } | |
42691 | +#ifdef NET_21 | |
42692 | + ixs->skb->h.raw = (unsigned char*)espp; | |
42693 | +#endif /* NET_21 */ | |
42694 | + break; | |
42695 | +#endif /* !CONFIG_KLIPS_ESP */ | |
42696 | +#ifdef CONFIG_KLIPS_AH | |
42697 | + case IPPROTO_AH: | |
42698 | + ahp = (struct ahhdr *)(dat + ixs->iphlen); | |
42699 | + ahp->ah_spi = ixs->ipsp->ips_said.spi; | |
42700 | + ahp->ah_rpl = htonl(++(ixs->ipsp->ips_replaywin_lastseq)); | |
42701 | + ahp->ah_rv = 0; | |
42702 | + ahp->ah_nh = ixs->iph->protocol; | |
42703 | + ahp->ah_hl = (headroom >> 2) - sizeof(__u64)/sizeof(__u32); | |
42704 | + ixs->iph->protocol = IPPROTO_AH; | |
42705 | + dmp("ahp", (char*)ahp, sizeof(*ahp)); | |
42706 | + | |
42707 | + ipo = *ixs->iph; | |
42708 | + ipo.tos = 0; | |
42709 | + ipo.frag_off = 0; | |
42710 | + ipo.ttl = 0; | |
42711 | + ipo.check = 0; | |
42712 | + dmp("ipo", (char*)&ipo, sizeof(ipo)); | |
42713 | + | |
42714 | + switch(ixs->ipsp->ips_authalg) { | |
42715 | +#ifdef CONFIG_KLIPS_AUTH_HMAC_MD5 | |
42716 | + case AH_MD5: | |
42717 | + tctx.md5 = ((struct md5_ctx*)(ixs->ipsp->ips_key_a))->ictx; | |
42718 | + dmp("ictx", (char*)&tctx.md5, sizeof(tctx.md5)); | |
42719 | + osMD5Update(&tctx.md5, (unsigned char *)&ipo, sizeof (struct iphdr)); | |
42720 | + dmp("ictx+ipo", (char*)&tctx.md5, sizeof(tctx.md5)); | |
42721 | + osMD5Update(&tctx.md5, (unsigned char *)ahp, headroom - sizeof(ahp->ah_data)); | |
42722 | + dmp("ictx+ahp", (char*)&tctx.md5, sizeof(tctx.md5)); | |
42723 | + osMD5Update(&tctx.md5, (unsigned char *)zeroes, AHHMAC_HASHLEN); | |
42724 | + dmp("ictx+zeroes", (char*)&tctx.md5, sizeof(tctx.md5)); | |
42725 | + osMD5Update(&tctx.md5, dat + ixs->iphlen + headroom, len - ixs->iphlen - headroom); | |
42726 | + dmp("ictx+dat", (char*)&tctx.md5, sizeof(tctx.md5)); | |
42727 | + osMD5Final(hash, &tctx.md5); | |
42728 | + dmp("ictx hash", (char*)&hash, sizeof(hash)); | |
42729 | + tctx.md5 = ((struct md5_ctx*)(ixs->ipsp->ips_key_a))->octx; | |
42730 | + dmp("octx", (char*)&tctx.md5, sizeof(tctx.md5)); | |
42731 | + osMD5Update(&tctx.md5, hash, AHMD596_ALEN); | |
42732 | + dmp("octx+hash", (char*)&tctx.md5, sizeof(tctx.md5)); | |
42733 | + osMD5Final(hash, &tctx.md5); | |
42734 | + dmp("octx hash", (char*)&hash, sizeof(hash)); | |
42735 | + | |
42736 | + memcpy(ahp->ah_data, hash, AHHMAC_HASHLEN); | |
42737 | + | |
42738 | + /* paranoid */ | |
42739 | + memset((caddr_t)&tctx.md5, 0, sizeof(tctx.md5)); | |
42740 | + memset((caddr_t)hash, 0, sizeof(*hash)); | |
42741 | + break; | |
42742 | +#endif /* CONFIG_KLIPS_AUTH_HMAC_MD5 */ | |
42743 | +#ifdef CONFIG_KLIPS_AUTH_HMAC_SHA1 | |
42744 | + case AH_SHA: | |
42745 | + tctx.sha1 = ((struct sha1_ctx*)(ixs->ipsp->ips_key_a))->ictx; | |
42746 | + SHA1Update(&tctx.sha1, (unsigned char *)&ipo, sizeof (struct iphdr)); | |
42747 | + SHA1Update(&tctx.sha1, (unsigned char *)ahp, headroom - sizeof(ahp->ah_data)); | |
42748 | + SHA1Update(&tctx.sha1, (unsigned char *)zeroes, AHHMAC_HASHLEN); | |
42749 | + SHA1Update(&tctx.sha1, dat + ixs->iphlen + headroom, len - ixs->iphlen - headroom); | |
42750 | + SHA1Final(hash, &tctx.sha1); | |
42751 | + tctx.sha1 = ((struct sha1_ctx*)(ixs->ipsp->ips_key_a))->octx; | |
42752 | + SHA1Update(&tctx.sha1, hash, AHSHA196_ALEN); | |
42753 | + SHA1Final(hash, &tctx.sha1); | |
42754 | + | |
42755 | + memcpy(ahp->ah_data, hash, AHHMAC_HASHLEN); | |
42756 | + | |
42757 | + /* paranoid */ | |
42758 | + memset((caddr_t)&tctx.sha1, 0, sizeof(tctx.sha1)); | |
42759 | + memset((caddr_t)hash, 0, sizeof(*hash)); | |
42760 | + break; | |
42761 | +#endif /* CONFIG_KLIPS_AUTH_HMAC_SHA1 */ | |
42762 | + default: | |
42763 | + ixs->stats->tx_errors++; | |
42764 | + return IPSEC_XMIT_AH_BADALG; | |
42765 | + } | |
42766 | +#ifdef NET_21 | |
42767 | + ixs->skb->h.raw = (unsigned char*)ahp; | |
42768 | +#endif /* NET_21 */ | |
42769 | + break; | |
42770 | +#endif /* CONFIG_KLIPS_AH */ | |
42771 | +#ifdef CONFIG_KLIPS_IPIP | |
42772 | + case IPPROTO_IPIP: | |
42773 | + ixs->iph->version = 4; | |
42774 | + switch(sysctl_ipsec_tos) { | |
42775 | + case 0: | |
42776 | +#ifdef NET_21 | |
42777 | + ixs->iph->tos = ixs->skb->nh.iph->tos; | |
42778 | +#else /* NET_21 */ | |
42779 | + ixs->iph->tos = ixs->skb->ip_hdr->tos; | |
42780 | +#endif /* NET_21 */ | |
42781 | + break; | |
42782 | + case 1: | |
42783 | + ixs->iph->tos = 0; | |
42784 | + break; | |
42785 | + default: | |
42786 | + break; | |
42787 | + } | |
42788 | + ixs->iph->ttl = SYSCTL_IPSEC_DEFAULT_TTL; | |
42789 | + ixs->iph->frag_off = 0; | |
42790 | + ixs->iph->saddr = ((struct sockaddr_in*)(ixs->ipsp->ips_addr_s))->sin_addr.s_addr; | |
42791 | + ixs->iph->daddr = ((struct sockaddr_in*)(ixs->ipsp->ips_addr_d))->sin_addr.s_addr; | |
42792 | + ixs->iph->protocol = IPPROTO_IPIP; | |
42793 | + ixs->iph->ihl = sizeof(struct iphdr) >> 2; | |
42794 | + | |
42795 | + KLIPS_IP_SELECT_IDENT(ixs->iph, ixs->skb); | |
42796 | + | |
42797 | + ixs->newdst = (__u32)ixs->iph->daddr; | |
42798 | + ixs->newsrc = (__u32)ixs->iph->saddr; | |
42799 | + | |
42800 | +#ifdef NET_21 | |
42801 | + ixs->skb->h.ipiph = ixs->skb->nh.iph; | |
42802 | +#endif /* NET_21 */ | |
42803 | + break; | |
42804 | +#endif /* !CONFIG_KLIPS_IPIP */ | |
42805 | +#ifdef CONFIG_KLIPS_IPCOMP | |
42806 | + case IPPROTO_COMP: | |
42807 | + { | |
42808 | + unsigned int flags = 0; | |
42809 | +#ifdef CONFIG_KLIPS_DEBUG | |
42810 | + unsigned int old_tot_len = ntohs(ixs->iph->tot_len); | |
42811 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
42812 | + ixs->ipsp->ips_comp_ratio_dbytes += ntohs(ixs->iph->tot_len); | |
42813 | + | |
42814 | + ixs->skb = skb_compress(ixs->skb, ixs->ipsp, &flags); | |
42815 | + | |
42816 | +#ifdef NET_21 | |
42817 | + ixs->iph = ixs->skb->nh.iph; | |
42818 | +#else /* NET_21 */ | |
42819 | + ixs->iph = ixs->skb->ip_hdr; | |
42820 | +#endif /* NET_21 */ | |
42821 | + | |
42822 | + ixs->ipsp->ips_comp_ratio_cbytes += ntohs(ixs->iph->tot_len); | |
42823 | + | |
42824 | +#ifdef CONFIG_KLIPS_DEBUG | |
42825 | + if (debug_tunnel & DB_TN_CROUT) | |
42826 | + { | |
42827 | + if (old_tot_len > ntohs(ixs->iph->tot_len)) | |
42828 | + KLIPS_PRINT(debug_tunnel & DB_TN_CROUT, | |
42829 | + "klips_debug:ipsec_xmit_encap_once: " | |
42830 | + "packet shrunk from %d to %d bytes after compression, cpi=%04x (should be from spi=%08x, spi&0xffff=%04x.\n", | |
42831 | + old_tot_len, ntohs(ixs->iph->tot_len), | |
42832 | + ntohs(((struct ipcomphdr*)(((char*)ixs->iph) + ((ixs->iph->ihl) << 2)))->ipcomp_cpi), | |
42833 | + ntohl(ixs->ipsp->ips_said.spi), | |
42834 | + (__u16)(ntohl(ixs->ipsp->ips_said.spi) & 0x0000ffff)); | |
42835 | + else | |
42836 | + KLIPS_PRINT(debug_tunnel & DB_TN_CROUT, | |
42837 | + "klips_debug:ipsec_xmit_encap_once: " | |
42838 | + "packet did not compress (flags = %d).\n", | |
42839 | + flags); | |
42840 | + } | |
42841 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
42842 | + } | |
42843 | + break; | |
42844 | +#endif /* CONFIG_KLIPS_IPCOMP */ | |
42845 | + default: | |
42846 | + ixs->stats->tx_errors++; | |
42847 | + return IPSEC_XMIT_BADPROTO; | |
42848 | + } | |
42849 | + | |
42850 | +#ifdef NET_21 | |
42851 | + ixs->skb->nh.raw = ixs->skb->data; | |
42852 | +#else /* NET_21 */ | |
42853 | + ixs->skb->ip_hdr = ixs->skb->h.iph = (struct iphdr *) ixs->skb->data; | |
42854 | +#endif /* NET_21 */ | |
42855 | + ixs->iph->check = 0; | |
42856 | + ixs->iph->check = ip_fast_csum((unsigned char *)ixs->iph, ixs->iph->ihl); | |
42857 | + | |
42858 | + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, | |
42859 | + "klips_debug:ipsec_xmit_encap_once: " | |
42860 | + "after <%s%s%s>, SA:%s:\n", | |
42861 | + IPS_XFORM_NAME(ixs->ipsp), | |
42862 | + ixs->sa_len ? ixs->sa_txt : " (error)"); | |
42863 | + KLIPS_IP_PRINT(debug_tunnel & DB_TN_XMIT, ixs->iph); | |
42864 | + | |
42865 | + ixs->ipsp->ips_life.ipl_bytes.ipl_count += len; | |
42866 | + ixs->ipsp->ips_life.ipl_bytes.ipl_last = len; | |
42867 | + | |
42868 | + if(!ixs->ipsp->ips_life.ipl_usetime.ipl_count) { | |
42869 | + ixs->ipsp->ips_life.ipl_usetime.ipl_count = jiffies / HZ; | |
42870 | + } | |
42871 | + ixs->ipsp->ips_life.ipl_usetime.ipl_last = jiffies / HZ; | |
42872 | + ixs->ipsp->ips_life.ipl_packets.ipl_count++; | |
42873 | + | |
42874 | + ixs->ipsp = ixs->ipsp->ips_onext; | |
42875 | + | |
42876 | + return IPSEC_XMIT_OK; | |
42877 | +} | |
42878 | + | |
42879 | +/* | |
42880 | + * If the IP packet (iph) is a carrying TCP/UDP, then set the encaps | |
42881 | + * source and destination ports to those from the TCP/UDP header. | |
42882 | + */ | |
42883 | +void ipsec_extract_ports(struct iphdr * iph, struct sockaddr_encap * er) | |
42884 | +{ | |
42885 | + struct udphdr *udp; | |
42886 | + | |
42887 | + switch (iph->protocol) { | |
42888 | + case IPPROTO_UDP: | |
42889 | + case IPPROTO_TCP: | |
42890 | + /* | |
42891 | + * The ports are at the same offsets in a TCP and UDP | |
42892 | + * header so hack it ... | |
42893 | + */ | |
42894 | + udp = (struct udphdr*)(((char*)iph)+(iph->ihl<<2)); | |
42895 | + er->sen_sport = udp->source; | |
42896 | + er->sen_dport = udp->dest; | |
42897 | + break; | |
42898 | + default: | |
42899 | + er->sen_sport = 0; | |
42900 | + er->sen_dport = 0; | |
42901 | + break; | |
42902 | + } | |
42903 | +} | |
42904 | + | |
42905 | +/* | |
42906 | + * A TRAP eroute is installed and we want to replace it with a HOLD | |
42907 | + * eroute. | |
42908 | + */ | |
42909 | +static int create_hold_eroute(struct eroute *origtrap, | |
42910 | + struct sk_buff * skb, struct iphdr * iph, | |
42911 | + uint32_t eroute_pid) | |
42912 | +{ | |
42913 | + struct eroute hold_eroute; | |
42914 | + ip_said hold_said; | |
42915 | + struct sk_buff *first, *last; | |
42916 | + int error; | |
42917 | + | |
42918 | + first = last = NULL; | |
42919 | + memset((caddr_t)&hold_eroute, 0, sizeof(hold_eroute)); | |
42920 | + memset((caddr_t)&hold_said, 0, sizeof(hold_said)); | |
42921 | + | |
42922 | + hold_said.proto = IPPROTO_INT; | |
42923 | + hold_said.spi = htonl(SPI_HOLD); | |
42924 | + hold_said.dst.u.v4.sin_addr.s_addr = INADDR_ANY; | |
42925 | + | |
42926 | + hold_eroute.er_eaddr.sen_len = sizeof(struct sockaddr_encap); | |
42927 | + hold_eroute.er_emask.sen_len = sizeof(struct sockaddr_encap); | |
42928 | + hold_eroute.er_eaddr.sen_family = AF_ENCAP; | |
42929 | + hold_eroute.er_emask.sen_family = AF_ENCAP; | |
42930 | + hold_eroute.er_eaddr.sen_type = SENT_IP4; | |
42931 | + hold_eroute.er_emask.sen_type = 255; | |
42932 | + | |
42933 | + hold_eroute.er_eaddr.sen_ip_src.s_addr = iph->saddr; | |
42934 | + hold_eroute.er_eaddr.sen_ip_dst.s_addr = iph->daddr; | |
42935 | + hold_eroute.er_emask.sen_ip_src.s_addr = INADDR_BROADCAST; | |
42936 | + hold_eroute.er_emask.sen_ip_dst.s_addr = INADDR_BROADCAST; | |
42937 | + hold_eroute.er_emask.sen_sport = 0; | |
42938 | + hold_eroute.er_emask.sen_dport = 0; | |
42939 | + hold_eroute.er_pid = eroute_pid; | |
42940 | + hold_eroute.er_count = 0; | |
42941 | + hold_eroute.er_lasttime = jiffies/HZ; | |
42942 | + | |
42943 | + /* | |
42944 | + * if it wasn't captured by a wildcard, then don't record it as | |
42945 | + * a wildcard. | |
42946 | + */ | |
42947 | + if(origtrap->er_eaddr.sen_proto != 0) { | |
42948 | + hold_eroute.er_eaddr.sen_proto = iph->protocol; | |
42949 | + | |
42950 | + if((iph->protocol == IPPROTO_TCP || | |
42951 | + iph->protocol == IPPROTO_UDP) && | |
42952 | + (origtrap->er_eaddr.sen_sport != 0 || | |
42953 | + origtrap->er_eaddr.sen_dport != 0)) { | |
42954 | + | |
42955 | + if(origtrap->er_eaddr.sen_sport != 0) | |
42956 | + hold_eroute.er_emask.sen_sport = ~0; | |
42957 | + | |
42958 | + if(origtrap->er_eaddr.sen_dport != 0) | |
42959 | + hold_eroute.er_emask.sen_dport = ~0; | |
42960 | + | |
42961 | + ipsec_extract_ports(iph, &hold_eroute.er_eaddr); | |
42962 | + } | |
42963 | + } | |
42964 | + | |
42965 | +#ifdef CONFIG_KLIPS_DEBUG | |
42966 | + if (debug_pfkey) { | |
42967 | + char buf1[64], buf2[64]; | |
42968 | + subnettoa(hold_eroute.er_eaddr.sen_ip_src, | |
42969 | + hold_eroute.er_emask.sen_ip_src, 0, buf1, sizeof(buf1)); | |
42970 | + subnettoa(hold_eroute.er_eaddr.sen_ip_dst, | |
42971 | + hold_eroute.er_emask.sen_ip_dst, 0, buf2, sizeof(buf2)); | |
42972 | + KLIPS_PRINT(debug_pfkey, | |
42973 | + "klips_debug:ipsec_tunnel_start_xmit: " | |
42974 | + "calling breakeroute and makeroute for %s:%d->%s:%d %d HOLD eroute.\n", | |
42975 | + buf1, ntohs(hold_eroute.er_eaddr.sen_sport), | |
42976 | + buf2, ntohs(hold_eroute.er_eaddr.sen_dport), | |
42977 | + hold_eroute.er_eaddr.sen_proto); | |
42978 | + } | |
42979 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
42980 | + | |
42981 | + if (ipsec_breakroute(&(hold_eroute.er_eaddr), &(hold_eroute.er_emask), | |
42982 | + &first, &last)) { | |
42983 | + KLIPS_PRINT(debug_pfkey, | |
42984 | + "klips_debug:ipsec_tunnel_start_xmit: " | |
42985 | + "HOLD breakeroute found nothing.\n"); | |
42986 | + } else { | |
42987 | + KLIPS_PRINT(debug_pfkey, | |
42988 | + "klips_debug:ipsec_tunnel_start_xmit: " | |
42989 | + "HOLD breakroute deleted %u.%u.%u.%u:%u -> %u.%u.%u.%u:%u %u\n", | |
42990 | + NIPQUAD(hold_eroute.er_eaddr.sen_ip_src), | |
42991 | + ntohs(hold_eroute.er_eaddr.sen_sport), | |
42992 | + NIPQUAD(hold_eroute.er_eaddr.sen_ip_dst), | |
42993 | + ntohs(hold_eroute.er_eaddr.sen_dport), | |
42994 | + hold_eroute.er_eaddr.sen_proto); | |
42995 | + } | |
42996 | + if (first != NULL) | |
42997 | + kfree_skb(first); | |
42998 | + if (last != NULL) | |
42999 | + kfree_skb(last); | |
43000 | + | |
43001 | + error = ipsec_makeroute(&(hold_eroute.er_eaddr), | |
43002 | + &(hold_eroute.er_emask), | |
43003 | + hold_said, eroute_pid, skb, NULL, NULL); | |
43004 | + if (error) { | |
43005 | + KLIPS_PRINT(debug_pfkey, | |
43006 | + "klips_debug:ipsec_tunnel_start_xmit: " | |
43007 | + "HOLD makeroute returned %d, failed.\n", error); | |
43008 | + } else { | |
43009 | + KLIPS_PRINT(debug_pfkey, | |
43010 | + "klips_debug:ipsec_tunnel_start_xmit: " | |
43011 | + "HOLD makeroute call successful.\n"); | |
43012 | + } | |
43013 | + return (error == 0); | |
43014 | +} | |
43015 | + | |
43016 | +/* | |
43017 | + * upon entry to this function, ixs->skb should be setup | |
43018 | + * as follows: | |
43019 | + * | |
43020 | + * data = beginning of IP packet <- differs from ipsec_rcv(). | |
43021 | + * nh.raw = beginning of IP packet. | |
43022 | + * h.raw = data after the IP packet. | |
43023 | + * | |
43024 | + */ | |
43025 | +enum ipsec_xmit_value | |
43026 | +ipsec_xmit_encap_bundle(struct ipsec_xmit_state *ixs) | |
43027 | +{ | |
43028 | + struct ipsec_alg_enc *ixt_e = NULL; | |
43029 | + struct ipsec_alg_auth *ixt_a = NULL; | |
43030 | + int blocksize = 8; | |
43031 | + enum ipsec_xmit_value bundle_stat = IPSEC_XMIT_OK; | |
43032 | + | |
43033 | + ixs->newdst = ixs->orgdst = ixs->iph->daddr; | |
43034 | + ixs->newsrc = ixs->orgsrc = ixs->iph->saddr; | |
43035 | + ixs->orgedst = ixs->outgoing_said.dst.u.v4.sin_addr.s_addr; | |
43036 | + ixs->iphlen = ixs->iph->ihl << 2; | |
43037 | + ixs->pyldsz = ntohs(ixs->iph->tot_len) - ixs->iphlen; | |
43038 | + ixs->max_headroom = ixs->max_tailroom = 0; | |
43039 | + | |
43040 | + if (ixs->outgoing_said.proto == IPPROTO_INT) { | |
43041 | + switch (ntohl(ixs->outgoing_said.spi)) { | |
43042 | + case SPI_DROP: | |
43043 | + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, | |
43044 | + "klips_debug:ipsec_xmit_encap_bundle: " | |
43045 | + "shunt SA of DROP or no eroute: dropping.\n"); | |
43046 | + ixs->stats->tx_dropped++; | |
43047 | + break; | |
43048 | + | |
43049 | + case SPI_REJECT: | |
43050 | + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, | |
43051 | + "klips_debug:ipsec_xmit_encap_bundle: " | |
43052 | + "shunt SA of REJECT: notifying and dropping.\n"); | |
43053 | + ICMP_SEND(ixs->skb, | |
43054 | + ICMP_DEST_UNREACH, | |
43055 | + ICMP_PKT_FILTERED, | |
43056 | + 0, | |
43057 | + ixs->physdev); | |
43058 | + ixs->stats->tx_dropped++; | |
43059 | + break; | |
43060 | + | |
43061 | + case SPI_PASS: | |
43062 | +#ifdef NET_21 | |
43063 | + ixs->pass = 1; | |
43064 | +#endif /* NET_21 */ | |
43065 | + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, | |
43066 | + "klips_debug:ipsec_xmit_encap_bundle: " | |
43067 | + "PASS: calling dev_queue_xmit\n"); | |
43068 | + return IPSEC_XMIT_PASS; | |
43069 | + goto cleanup; | |
43070 | + | |
43071 | + case SPI_HOLD: | |
43072 | + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, | |
43073 | + "klips_debug:ipsec_xmit_encap_bundle: " | |
43074 | + "shunt SA of HOLD: this does not make sense here, dropping.\n"); | |
43075 | + ixs->stats->tx_dropped++; | |
43076 | + break; | |
43077 | + | |
43078 | + case SPI_TRAP: | |
43079 | + case SPI_TRAPSUBNET: | |
43080 | + { | |
43081 | + struct sockaddr_in src, dst; | |
43082 | +#ifdef CONFIG_KLIPS_DEBUG | |
43083 | + char bufsrc[ADDRTOA_BUF], bufdst[ADDRTOA_BUF]; | |
43084 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
43085 | + | |
43086 | + /* Signal all listening KMds with a PF_KEY ACQUIRE */ | |
43087 | + | |
43088 | + memset(&src, 0, sizeof(src)); | |
43089 | + memset(&dst, 0, sizeof(dst)); | |
43090 | + src.sin_family = AF_INET; | |
43091 | + dst.sin_family = AF_INET; | |
43092 | + src.sin_addr.s_addr = ixs->iph->saddr; | |
43093 | + dst.sin_addr.s_addr = ixs->iph->daddr; | |
43094 | + | |
43095 | + ixs->ips.ips_transport_protocol = 0; | |
43096 | + src.sin_port = 0; | |
43097 | + dst.sin_port = 0; | |
43098 | + | |
43099 | + if(ixs->eroute->er_eaddr.sen_proto != 0) { | |
43100 | + ixs->ips.ips_transport_protocol = ixs->iph->protocol; | |
43101 | + | |
43102 | + if(ixs->eroute->er_eaddr.sen_sport != 0) { | |
43103 | + src.sin_port = | |
43104 | + (ixs->iph->protocol == IPPROTO_UDP | |
43105 | + ? ((struct udphdr*) (((caddr_t)ixs->iph) + (ixs->iph->ihl << 2)))->source | |
43106 | + : (ixs->iph->protocol == IPPROTO_TCP | |
43107 | + ? ((struct tcphdr*)((caddr_t)ixs->iph + (ixs->iph->ihl << 2)))->source | |
43108 | + : 0)); | |
43109 | + } | |
43110 | + if(ixs->eroute->er_eaddr.sen_dport != 0) { | |
43111 | + dst.sin_port = | |
43112 | + (ixs->iph->protocol == IPPROTO_UDP | |
43113 | + ? ((struct udphdr*) (((caddr_t)ixs->iph) + (ixs->iph->ihl << 2)))->dest | |
43114 | + : (ixs->iph->protocol == IPPROTO_TCP | |
43115 | + ? ((struct tcphdr*)((caddr_t)ixs->iph + (ixs->iph->ihl << 2)))->dest | |
43116 | + : 0)); | |
43117 | + } | |
43118 | + } | |
43119 | + | |
43120 | + ixs->ips.ips_addr_s = (struct sockaddr*)(&src); | |
43121 | + ixs->ips.ips_addr_d = (struct sockaddr*)(&dst); | |
43122 | + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, | |
43123 | + "klips_debug:ipsec_xmit_encap_bundle: " | |
43124 | + "SADB_ACQUIRE sent with src=%s:%d, dst=%s:%d, proto=%d.\n", | |
43125 | + addrtoa(((struct sockaddr_in*)(ixs->ips.ips_addr_s))->sin_addr, 0, bufsrc, sizeof(bufsrc)) <= ADDRTOA_BUF ? bufsrc : "BAD_ADDR", | |
43126 | + ntohs(((struct sockaddr_in*)(ixs->ips.ips_addr_s))->sin_port), | |
43127 | + addrtoa(((struct sockaddr_in*)(ixs->ips.ips_addr_d))->sin_addr, 0, bufdst, sizeof(bufdst)) <= ADDRTOA_BUF ? bufdst : "BAD_ADDR", | |
43128 | + ntohs(((struct sockaddr_in*)(ixs->ips.ips_addr_d))->sin_port), | |
43129 | + ixs->ips.ips_said.proto); | |
43130 | + | |
43131 | + /* increment count of total traps needed */ | |
43132 | + ipsec_xmit_trap_count++; | |
43133 | + | |
43134 | + if (pfkey_acquire(&ixs->ips) == 0) { | |
43135 | + | |
43136 | + /* note that we succeeded */ | |
43137 | + ipsec_xmit_trap_sendcount++; | |
43138 | + | |
43139 | + if (ixs->outgoing_said.spi==htonl(SPI_TRAPSUBNET)) { | |
43140 | + /* | |
43141 | + * The spinlock is to prevent any other | |
43142 | + * process from accessing or deleting | |
43143 | + * the eroute while we are using and | |
43144 | + * updating it. | |
43145 | + */ | |
43146 | + spin_lock(&eroute_lock); | |
43147 | + ixs->eroute = ipsec_findroute(&ixs->matcher); | |
43148 | + if(ixs->eroute) { | |
43149 | + ixs->eroute->er_said.spi = htonl(SPI_HOLD); | |
43150 | + ixs->eroute->er_first = ixs->skb; | |
43151 | + ixs->skb = NULL; | |
43152 | + } | |
43153 | + spin_unlock(&eroute_lock); | |
43154 | + } else if (create_hold_eroute(ixs->eroute, | |
43155 | + ixs->skb, | |
43156 | + ixs->iph, | |
43157 | + ixs->eroute_pid)) { | |
43158 | + ixs->skb = NULL; | |
43159 | + } | |
43160 | + /* whether or not the above succeeded, we continue */ | |
43161 | + | |
43162 | + } | |
43163 | + ixs->stats->tx_dropped++; | |
43164 | + } | |
43165 | + default: | |
43166 | + /* XXX what do we do with an unknown shunt spi? */ | |
43167 | + break; | |
43168 | + } /* switch (ntohl(ixs->outgoing_said.spi)) */ | |
43169 | + return IPSEC_XMIT_STOLEN; | |
43170 | + } /* if (ixs->outgoing_said.proto == IPPROTO_INT) */ | |
43171 | + | |
43172 | + /* | |
43173 | + The spinlock is to prevent any other process from | |
43174 | + accessing or deleting the ipsec_sa hash table or any of the | |
43175 | + ipsec_sa s while we are using and updating them. | |
43176 | + | |
43177 | + This is not optimal, but was relatively straightforward | |
43178 | + at the time. A better way to do it has been planned for | |
43179 | + more than a year, to lock the hash table and put reference | |
43180 | + counts on each ipsec_sa instead. This is not likely to happen | |
43181 | + in KLIPS1 unless a volunteer contributes it, but will be | |
43182 | + designed into KLIPS2. | |
43183 | + */ | |
43184 | + spin_lock(&tdb_lock); | |
43185 | + | |
43186 | + ixs->ipsp = ipsec_sa_getbyid(&ixs->outgoing_said); | |
43187 | + ixs->sa_len = satot(&ixs->outgoing_said, 0, ixs->sa_txt, sizeof(ixs->sa_txt)); | |
43188 | + | |
43189 | + if (ixs->ipsp == NULL) { | |
43190 | + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, | |
43191 | + "klips_debug:ipsec_xmit_encap_bundle: " | |
43192 | + "no ipsec_sa for SA%s: outgoing packet with no SA, dropped.\n", | |
43193 | + ixs->sa_len ? ixs->sa_txt : " (error)"); | |
43194 | + if(ixs->stats) { | |
43195 | + ixs->stats->tx_dropped++; | |
43196 | + } | |
43197 | + bundle_stat = IPSEC_XMIT_SAIDNOTFOUND; | |
43198 | + goto cleanup; | |
43199 | + } | |
43200 | + | |
43201 | + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, | |
43202 | + "klips_debug:ipsec_xmit_encap_bundle: " | |
43203 | + "found ipsec_sa -- SA:<%s%s%s> %s\n", | |
43204 | + IPS_XFORM_NAME(ixs->ipsp), | |
43205 | + ixs->sa_len ? ixs->sa_txt : " (error)"); | |
43206 | + | |
43207 | + /* | |
43208 | + * How much headroom do we need to be able to apply | |
43209 | + * all the grouped transforms? | |
43210 | + */ | |
43211 | + ixs->ipsq = ixs->ipsp; /* save the head of the ipsec_sa chain */ | |
43212 | + while (ixs->ipsp) { | |
43213 | + ixs->sa_len = satot(&ixs->ipsp->ips_said, 0, ixs->sa_txt, sizeof(ixs->sa_txt)); | |
43214 | + if(ixs->sa_len == 0) { | |
43215 | + strcpy(ixs->sa_txt, "(error)"); | |
43216 | + } | |
43217 | + | |
43218 | + /* If it is in larval state, drop the packet, we cannot process yet. */ | |
43219 | + if(ixs->ipsp->ips_state == SADB_SASTATE_LARVAL) { | |
43220 | + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, | |
43221 | + "klips_debug:ipsec_xmit_encap_bundle: " | |
43222 | + "ipsec_sa in larval state for SA:<%s%s%s> %s, cannot be used yet, dropping packet.\n", | |
43223 | + IPS_XFORM_NAME(ixs->ipsp), | |
43224 | + ixs->sa_len ? ixs->sa_txt : " (error)"); | |
43225 | + if(ixs->stats) { | |
43226 | + ixs->stats->tx_errors++; | |
43227 | + } | |
43228 | + bundle_stat = IPSEC_XMIT_SAIDNOTLIVE; | |
43229 | + goto cleanup; | |
43230 | + } | |
43231 | + | |
43232 | + if(ixs->ipsp->ips_state == SADB_SASTATE_DEAD) { | |
43233 | + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, | |
43234 | + "klips_debug:ipsec_xmit_encap_bundle: " | |
43235 | + "ipsec_sa in dead state for SA:<%s%s%s> %s, can no longer be used, dropping packet.\n", | |
43236 | + IPS_XFORM_NAME(ixs->ipsp), | |
43237 | + ixs->sa_len ? ixs->sa_txt : " (error)"); | |
43238 | + ixs->stats->tx_errors++; | |
43239 | + bundle_stat = IPSEC_XMIT_SAIDNOTLIVE; | |
43240 | + goto cleanup; | |
43241 | + } | |
43242 | + | |
43243 | + /* If the replay window counter == -1, expire SA, it will roll */ | |
43244 | + if(ixs->ipsp->ips_replaywin && ixs->ipsp->ips_replaywin_lastseq == -1) { | |
43245 | + pfkey_expire(ixs->ipsp, 1); | |
43246 | + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, | |
43247 | + "klips_debug:ipsec_xmit_encap_bundle: " | |
43248 | + "replay window counter rolled for SA:<%s%s%s> %s, packet dropped, expiring SA.\n", | |
43249 | + IPS_XFORM_NAME(ixs->ipsp), | |
43250 | + ixs->sa_len ? ixs->sa_txt : " (error)"); | |
43251 | + ipsec_sa_delchain(ixs->ipsp); | |
43252 | + ixs->stats->tx_errors++; | |
43253 | + bundle_stat = IPSEC_XMIT_REPLAYROLLED; | |
43254 | + goto cleanup; | |
43255 | + } | |
43256 | + | |
43257 | + /* | |
43258 | + * if this is the first time we are using this SA, mark start time, | |
43259 | + * and offset hard/soft counters by "now" for later checking. | |
43260 | + */ | |
43261 | +#if 0 | |
43262 | + if(ixs->ipsp->ips_life.ipl_usetime.count == 0) { | |
43263 | + ixs->ipsp->ips_life.ipl_usetime.count = jiffies; | |
43264 | + ixs->ipsp->ips_life.ipl_usetime.hard += jiffies; | |
43265 | + ixs->ipsp->ips_life.ipl_usetime.soft += jiffies; | |
43266 | + } | |
43267 | +#endif | |
43268 | + | |
43269 | + | |
43270 | + if(ipsec_lifetime_check(&ixs->ipsp->ips_life.ipl_bytes, "bytes", ixs->sa_txt, | |
43271 | + ipsec_life_countbased, ipsec_outgoing, ixs->ipsp) == ipsec_life_harddied || | |
43272 | + ipsec_lifetime_check(&ixs->ipsp->ips_life.ipl_addtime, "addtime",ixs->sa_txt, | |
43273 | + ipsec_life_timebased, ipsec_outgoing, ixs->ipsp) == ipsec_life_harddied || | |
43274 | + ipsec_lifetime_check(&ixs->ipsp->ips_life.ipl_usetime, "usetime",ixs->sa_txt, | |
43275 | + ipsec_life_timebased, ipsec_outgoing, ixs->ipsp) == ipsec_life_harddied || | |
43276 | + ipsec_lifetime_check(&ixs->ipsp->ips_life.ipl_packets, "packets",ixs->sa_txt, | |
43277 | + ipsec_life_countbased, ipsec_outgoing, ixs->ipsp) == ipsec_life_harddied) { | |
43278 | + | |
43279 | + ipsec_sa_delchain(ixs->ipsp); | |
43280 | + ixs->stats->tx_errors++; | |
43281 | + bundle_stat = IPSEC_XMIT_LIFETIMEFAILED; | |
43282 | + goto cleanup; | |
43283 | + } | |
43284 | + | |
43285 | + | |
43286 | + ixs->headroom = ixs->tailroom = 0; | |
43287 | + KLIPS_PRINT(debug_tunnel & DB_TN_CROUT, | |
43288 | + "klips_debug:ipsec_xmit_encap_bundle: " | |
43289 | + "calling room for <%s%s%s>, SA:%s\n", | |
43290 | + IPS_XFORM_NAME(ixs->ipsp), | |
43291 | + ixs->sa_len ? ixs->sa_txt : " (error)"); | |
43292 | + switch(ixs->ipsp->ips_said.proto) { | |
43293 | +#ifdef CONFIG_KLIPS_AH | |
43294 | + case IPPROTO_AH: | |
43295 | + ixs->headroom += sizeof(struct ahhdr); | |
43296 | + break; | |
43297 | +#endif /* CONFIG_KLIPS_AH */ | |
43298 | +#ifdef CONFIG_KLIPS_ESP | |
43299 | + case IPPROTO_ESP: | |
43300 | + ixt_e=ixs->ipsp->ips_alg_enc; | |
43301 | + if (ixt_e) { | |
43302 | + blocksize = ixt_e->ixt_common.ixt_blocksize; | |
43303 | + ixs->headroom += ESP_HEADER_LEN + ixt_e->ixt_common.ixt_support.ias_ivlen/8; | |
43304 | + } | |
43305 | + else { | |
43306 | + ixs->stats->tx_errors++; | |
43307 | + bundle_stat = IPSEC_XMIT_ESP_BADALG; | |
43308 | + goto cleanup; | |
43309 | + } | |
43310 | + | |
43311 | + if ((ixt_a=ixs->ipsp->ips_alg_auth)) { | |
43312 | + ixs->tailroom += AHHMAC_HASHLEN; | |
43313 | + } else | |
43314 | + switch(ixs->ipsp->ips_authalg) { | |
43315 | +#ifdef CONFIG_KLIPS_AUTH_HMAC_MD5 | |
43316 | + case AH_MD5: | |
43317 | + ixs->tailroom += AHHMAC_HASHLEN; | |
43318 | + break; | |
43319 | +#endif /* CONFIG_KLIPS_AUTH_HMAC_MD5 */ | |
43320 | +#ifdef CONFIG_KLIPS_AUTH_HMAC_SHA1 | |
43321 | + case AH_SHA: | |
43322 | + ixs->tailroom += AHHMAC_HASHLEN; | |
43323 | + break; | |
43324 | +#endif /* CONFIG_KLIPS_AUTH_HMAC_SHA1 */ | |
43325 | + case AH_NONE: | |
43326 | + break; | |
43327 | + default: | |
43328 | + ixs->stats->tx_errors++; | |
43329 | + bundle_stat = IPSEC_XMIT_AH_BADALG; | |
43330 | + goto cleanup; | |
43331 | + } | |
43332 | + ixs->tailroom += blocksize != 1 ? | |
43333 | + ((blocksize - ((ixs->pyldsz + 2) % blocksize)) % blocksize) + 2 : | |
43334 | + ((4 - ((ixs->pyldsz + 2) % 4)) % 4) + 2; | |
43335 | +#ifdef CONFIG_IPSEC_NAT_TRAVERSAL | |
43336 | + if ((ixs->ipsp->ips_natt_type) && (!ixs->natt_type)) { | |
43337 | + ixs->natt_type = ixs->ipsp->ips_natt_type; | |
43338 | + ixs->natt_sport = ixs->ipsp->ips_natt_sport; | |
43339 | + ixs->natt_dport = ixs->ipsp->ips_natt_dport; | |
43340 | + switch (ixs->natt_type) { | |
43341 | + case ESPINUDP_WITH_NON_IKE: | |
43342 | + ixs->natt_head = sizeof(struct udphdr)+(2*sizeof(__u32)); | |
43343 | + break; | |
43344 | + | |
43345 | + case ESPINUDP_WITH_NON_ESP: | |
43346 | + ixs->natt_head = sizeof(struct udphdr); | |
43347 | + break; | |
43348 | + | |
43349 | + default: | |
43350 | + KLIPS_PRINT(debug_tunnel & DB_TN_CROUT | |
43351 | + , "klips_xmit: invalid nat-t type %d" | |
43352 | + , ixs->natt_type); | |
43353 | + bundle_stat = IPSEC_XMIT_ESPUDP_BADTYPE; | |
43354 | + goto cleanup; | |
43355 | + | |
43356 | + break; | |
43357 | + } | |
43358 | + ixs->tailroom += ixs->natt_head; | |
43359 | + } | |
43360 | +#endif | |
43361 | + break; | |
43362 | +#endif /* !CONFIG_KLIPS_ESP */ | |
43363 | +#ifdef CONFIG_KLIPS_IPIP | |
43364 | + case IPPROTO_IPIP: | |
43365 | + ixs->headroom += sizeof(struct iphdr); | |
43366 | + break; | |
43367 | +#endif /* !CONFIG_KLIPS_IPIP */ | |
43368 | + case IPPROTO_COMP: | |
43369 | +#ifdef CONFIG_KLIPS_IPCOMP | |
43370 | + /* | |
43371 | + We can't predict how much the packet will | |
43372 | + shrink without doing the actual compression. | |
43373 | + We could do it here, if we were the first | |
43374 | + encapsulation in the chain. That might save | |
43375 | + us a skb_copy_expand, since we might fit | |
43376 | + into the existing skb then. However, this | |
43377 | + would be a bit unclean (and this hack has | |
43378 | + bit us once), so we better not do it. After | |
43379 | + all, the skb_copy_expand is cheap in | |
43380 | + comparison to the actual compression. | |
43381 | + At least we know the packet will not grow. | |
43382 | + */ | |
43383 | + break; | |
43384 | +#endif /* CONFIG_KLIPS_IPCOMP */ | |
43385 | + default: | |
43386 | + ixs->stats->tx_errors++; | |
43387 | + bundle_stat = IPSEC_XMIT_BADPROTO; | |
43388 | + goto cleanup; | |
43389 | + } | |
43390 | + ixs->ipsp = ixs->ipsp->ips_onext; | |
43391 | + KLIPS_PRINT(debug_tunnel & DB_TN_CROUT, | |
43392 | + "klips_debug:ipsec_xmit_encap_bundle: " | |
43393 | + "Required head,tailroom: %d,%d\n", | |
43394 | + ixs->headroom, ixs->tailroom); | |
43395 | + ixs->max_headroom += ixs->headroom; | |
43396 | + ixs->max_tailroom += ixs->tailroom; | |
43397 | + ixs->pyldsz += (ixs->headroom + ixs->tailroom); | |
43398 | + } | |
43399 | + ixs->ipsp = ixs->ipsq; /* restore the head of the ipsec_sa chain */ | |
43400 | + | |
43401 | + KLIPS_PRINT(debug_tunnel & DB_TN_CROUT, | |
43402 | + "klips_debug:ipsec_xmit_encap_bundle: " | |
43403 | + "existing head,tailroom: %d,%d before applying xforms with head,tailroom: %d,%d .\n", | |
43404 | + skb_headroom(ixs->skb), skb_tailroom(ixs->skb), | |
43405 | + ixs->max_headroom, ixs->max_tailroom); | |
43406 | + | |
43407 | + ixs->tot_headroom += ixs->max_headroom; | |
43408 | + ixs->tot_tailroom += ixs->max_tailroom; | |
43409 | + | |
43410 | + ixs->mtudiff = ixs->cur_mtu + ixs->tot_headroom + ixs->tot_tailroom - ixs->physmtu; | |
43411 | + | |
43412 | + KLIPS_PRINT(debug_tunnel & DB_TN_CROUT, | |
43413 | + "klips_debug:ipsec_xmit_encap_bundle: " | |
43414 | + "mtu:%d physmtu:%d tothr:%d tottr:%d mtudiff:%d ippkttotlen:%d\n", | |
43415 | + ixs->cur_mtu, ixs->physmtu, | |
43416 | + ixs->tot_headroom, ixs->tot_tailroom, ixs->mtudiff, ntohs(ixs->iph->tot_len)); | |
43417 | + if(ixs->mtudiff > 0) { | |
43418 | + int newmtu = ixs->physmtu - (ixs->tot_headroom + ((ixs->tot_tailroom + 2) & ~7) + 5); | |
43419 | + | |
43420 | + KLIPS_PRINT(debug_tunnel & DB_TN_CROUT, | |
43421 | + "klips_info:ipsec_xmit_encap_bundle: " | |
43422 | + "dev %s mtu of %d decreased by %d to %d\n", | |
43423 | + ixs->dev ? ixs->dev->name : "ifX", | |
43424 | + ixs->cur_mtu, | |
43425 | + ixs->cur_mtu - newmtu, | |
43426 | + newmtu); | |
43427 | + ixs->cur_mtu = newmtu; | |
43428 | + | |
43429 | + /* this would seem to adjust the MTU of the route as well */ | |
43430 | +#if 0 | |
43431 | + ixs->skb->dst->pmtu = ixs->prv->mtu; /* RGB */ | |
43432 | +#endif /* 0 */ | |
43433 | + } | |
43434 | + | |
43435 | + /* | |
43436 | + If the sender is doing PMTU discovery, and the | |
43437 | + packet doesn't fit within ixs->prv->mtu, notify him | |
43438 | + (unless it was an ICMP packet, or it was not the | |
43439 | + zero-offset packet) and send it anyways. | |
43440 | + | |
43441 | + Note: buggy firewall configuration may prevent the | |
43442 | + ICMP packet from getting back. | |
43443 | + */ | |
43444 | + if(sysctl_ipsec_icmp | |
43445 | + && ixs->cur_mtu < ntohs(ixs->iph->tot_len) | |
43446 | + && (ixs->iph->frag_off & __constant_htons(IP_DF)) ) { | |
43447 | + int notify = ixs->iph->protocol != IPPROTO_ICMP | |
43448 | + && (ixs->iph->frag_off & __constant_htons(IP_OFFSET)) == 0; | |
43449 | + | |
43450 | +#ifdef IPSEC_obey_DF | |
43451 | + KLIPS_PRINT(debug_tunnel & DB_TN_CROUT, | |
43452 | + "klips_debug:ipsec_xmit_encap_bundle: " | |
43453 | + "fragmentation needed and DF set; %sdropping packet\n", | |
43454 | + notify ? "sending ICMP and " : ""); | |
43455 | + if (notify) | |
43456 | + ICMP_SEND(ixs->skb, | |
43457 | + ICMP_DEST_UNREACH, | |
43458 | + ICMP_FRAG_NEEDED, | |
43459 | + ixs->cur_mtu, | |
43460 | + ixs->physdev); | |
43461 | + ixs->stats->tx_errors++; | |
43462 | + bundle_stat = IPSEC_XMIT_CANNOTFRAG; | |
43463 | + goto cleanup; | |
43464 | +#else /* IPSEC_obey_DF */ | |
43465 | + KLIPS_PRINT(debug_tunnel & DB_TN_CROUT, | |
43466 | + "klips_debug:ipsec_xmit_encap_bundle: " | |
43467 | + "fragmentation needed and DF set; %spassing packet\n", | |
43468 | + notify ? "sending ICMP and " : ""); | |
43469 | + if (notify) | |
43470 | + ICMP_SEND(ixs->skb, | |
43471 | + ICMP_DEST_UNREACH, | |
43472 | + ICMP_FRAG_NEEDED, | |
43473 | + ixs->cur_mtu, | |
43474 | + ixs->physdev); | |
43475 | +#endif /* IPSEC_obey_DF */ | |
43476 | + } | |
43477 | + | |
43478 | +#ifdef MSS_HACK | |
43479 | + /* | |
43480 | + * If this is a transport mode TCP packet with | |
43481 | + * SYN set, determine an effective MSS based on | |
43482 | + * AH/ESP overheads determined above. | |
43483 | + */ | |
43484 | + if (ixs->iph->protocol == IPPROTO_TCP | |
43485 | + && ixs->outgoing_said.proto != IPPROTO_IPIP) { | |
43486 | + struct tcphdr *tcph = ixs->skb->h.th; | |
43487 | + if (tcph->syn && !tcph->ack) { | |
43488 | + if(!ipsec_adjust_mss(ixs->skb, tcph, ixs->cur_mtu)) { | |
43489 | + printk(KERN_WARNING | |
43490 | + "klips_warning:ipsec_xmit_encap_bundle: " | |
43491 | + "ipsec_adjust_mss() failed\n"); | |
43492 | + ixs->stats->tx_errors++; | |
43493 | + bundle_stat = IPSEC_XMIT_MSSERR; | |
43494 | + goto cleanup; | |
43495 | + } | |
43496 | + } | |
43497 | + } | |
43498 | +#endif /* MSS_HACK */ | |
43499 | + | |
43500 | +#ifdef CONFIG_IPSEC_NAT_TRAVERSAL | |
43501 | + if ((ixs->natt_type) && (ixs->outgoing_said.proto != IPPROTO_IPIP)) { | |
43502 | + /** | |
43503 | + * NAT-Traversal and Transport Mode: | |
43504 | + * we need to correct TCP/UDP checksum | |
43505 | + * | |
43506 | + * If we've got NAT-OA, we can fix checksum without recalculation. | |
43507 | + * If we don't we can zero udp checksum. | |
43508 | + */ | |
43509 | + __u32 natt_oa = ixs->ipsp->ips_natt_oa ? | |
43510 | + ((struct sockaddr_in*)(ixs->ipsp->ips_natt_oa))->sin_addr.s_addr : 0; | |
43511 | + __u16 pkt_len = ixs->skb->tail - (unsigned char *)ixs->iph; | |
43512 | + __u16 data_len = pkt_len - (ixs->iph->ihl << 2); | |
43513 | + switch (ixs->iph->protocol) { | |
43514 | + case IPPROTO_TCP: | |
43515 | + if (data_len >= sizeof(struct tcphdr)) { | |
43516 | + struct tcphdr *tcp = (struct tcphdr *)((__u32 *)ixs->iph+ixs->iph->ihl); | |
43517 | + if (natt_oa) { | |
43518 | + __u32 buff[2] = { ~ixs->iph->daddr, natt_oa }; | |
43519 | + KLIPS_PRINT(debug_tunnel, | |
43520 | + "klips_debug:ipsec_tunnel_start_xmit: " | |
43521 | + "NAT-T & TRANSPORT: " | |
43522 | + "fix TCP checksum using NAT-OA\n"); | |
43523 | + tcp->check = csum_fold( | |
43524 | + csum_partial((unsigned char *)buff, sizeof(buff), | |
43525 | + tcp->check^0xffff)); | |
43526 | + } | |
43527 | + else { | |
43528 | + KLIPS_PRINT(debug_tunnel, | |
43529 | + "klips_debug:ipsec_tunnel_start_xmit: " | |
43530 | + "NAT-T & TRANSPORT: do not recalc TCP checksum\n"); | |
43531 | + } | |
43532 | + } | |
43533 | + else { | |
43534 | + KLIPS_PRINT(debug_tunnel, | |
43535 | + "klips_debug:ipsec_tunnel_start_xmit: " | |
43536 | + "NAT-T & TRANSPORT: can't fix TCP checksum\n"); | |
43537 | + } | |
43538 | + break; | |
43539 | + case IPPROTO_UDP: | |
43540 | + if (data_len >= sizeof(struct udphdr)) { | |
43541 | + struct udphdr *udp = (struct udphdr *)((__u32 *)ixs->iph+ixs->iph->ihl); | |
43542 | + if (udp->check == 0) { | |
43543 | + KLIPS_PRINT(debug_tunnel, | |
43544 | + "klips_debug:ipsec_tunnel_start_xmit: " | |
43545 | + "NAT-T & TRANSPORT: UDP checksum already 0\n"); | |
43546 | + } | |
43547 | + else if (natt_oa) { | |
43548 | + __u32 buff[2] = { ~ixs->iph->daddr, natt_oa }; | |
43549 | + KLIPS_PRINT(debug_tunnel, | |
43550 | + "klips_debug:ipsec_tunnel_start_xmit: " | |
43551 | + "NAT-T & TRANSPORT: " | |
43552 | + "fix UDP checksum using NAT-OA\n"); | |
43553 | + udp->check = csum_fold( | |
43554 | + csum_partial((unsigned char *)buff, sizeof(buff), | |
43555 | + udp->check^0xffff)); | |
43556 | + } | |
43557 | + else { | |
43558 | + KLIPS_PRINT(debug_tunnel, | |
43559 | + "klips_debug:ipsec_tunnel_start_xmit: " | |
43560 | + "NAT-T & TRANSPORT: zero UDP checksum\n"); | |
43561 | + udp->check = 0; | |
43562 | + } | |
43563 | + } | |
43564 | + else { | |
43565 | + KLIPS_PRINT(debug_tunnel, | |
43566 | + "klips_debug:ipsec_tunnel_start_xmit: " | |
43567 | + "NAT-T & TRANSPORT: can't fix UDP checksum\n"); | |
43568 | + } | |
43569 | + break; | |
43570 | + default: | |
43571 | + KLIPS_PRINT(debug_tunnel, | |
43572 | + "klips_debug:ipsec_tunnel_start_xmit: " | |
43573 | + "NAT-T & TRANSPORT: non TCP/UDP packet -- do nothing\n"); | |
43574 | + break; | |
43575 | + } | |
43576 | + } | |
43577 | +#endif /* CONFIG_IPSEC_NAT_TRAVERSAL */ | |
43578 | + | |
43579 | + if(!ixs->hard_header_stripped && ixs->hard_header_len>0) { | |
43580 | + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, | |
43581 | + "klips_debug:ipsec_xmit_encap_bundle: " | |
43582 | + "allocating %d bytes for hardheader.\n", | |
43583 | + ixs->hard_header_len); | |
43584 | + if((ixs->saved_header = kmalloc(ixs->hard_header_len, GFP_ATOMIC)) == NULL) { | |
43585 | + printk(KERN_WARNING "klips_debug:ipsec_xmit_encap_bundle: " | |
43586 | + "Failed, tried to allocate %d bytes for temp hard_header.\n", | |
43587 | + ixs->hard_header_len); | |
43588 | + ixs->stats->tx_errors++; | |
43589 | + bundle_stat = IPSEC_XMIT_ERRMEMALLOC; | |
43590 | + goto cleanup; | |
43591 | + } | |
43592 | + { | |
43593 | + int i; | |
43594 | + for (i = 0; i < ixs->hard_header_len; i++) { | |
43595 | + ixs->saved_header[i] = ixs->skb->data[i]; | |
43596 | + } | |
43597 | + } | |
43598 | + if(ixs->skb->len < ixs->hard_header_len) { | |
43599 | + printk(KERN_WARNING "klips_error:ipsec_xmit_encap_bundle: " | |
43600 | + "tried to skb_pull hhlen=%d, %d available. This should never happen, please report.\n", | |
43601 | + ixs->hard_header_len, (int)(ixs->skb->len)); | |
43602 | + ixs->stats->tx_errors++; | |
43603 | + bundle_stat = IPSEC_XMIT_ESP_PUSHPULLERR; | |
43604 | + goto cleanup; | |
43605 | + } | |
43606 | + skb_pull(ixs->skb, ixs->hard_header_len); | |
43607 | + ixs->hard_header_stripped = 1; | |
43608 | + | |
43609 | +/* ixs->iph = (struct iphdr *) (ixs->skb->data); */ | |
43610 | + KLIPS_PRINT(debug_tunnel & DB_TN_CROUT, | |
43611 | + "klips_debug:ipsec_xmit_encap_bundle: " | |
43612 | + "head,tailroom: %d,%d after hard_header stripped.\n", | |
43613 | + skb_headroom(ixs->skb), skb_tailroom(ixs->skb)); | |
43614 | + KLIPS_IP_PRINT(debug_tunnel & DB_TN_CROUT, ixs->iph); | |
43615 | + } else { | |
43616 | + KLIPS_PRINT(debug_tunnel & DB_TN_CROUT, | |
43617 | + "klips_debug:ipsec_xmit_encap_bundle: " | |
43618 | + "hard header already stripped.\n"); | |
43619 | + } | |
43620 | + | |
43621 | + ixs->ll_headroom = (ixs->hard_header_len + 15) & ~15; | |
43622 | + | |
43623 | + if ((skb_headroom(ixs->skb) >= ixs->max_headroom + 2 * ixs->ll_headroom) && | |
43624 | + (skb_tailroom(ixs->skb) >= ixs->max_tailroom) | |
43625 | +#ifndef NET_21 | |
43626 | + && ixs->skb->free | |
43627 | +#endif /* !NET_21 */ | |
43628 | + ) { | |
43629 | + KLIPS_PRINT(debug_tunnel & DB_TN_CROUT, | |
43630 | + "klips_debug:ipsec_xmit_encap_bundle: " | |
43631 | + "data fits in existing skb\n"); | |
43632 | + } else { | |
43633 | + struct sk_buff* tskb; | |
43634 | + | |
43635 | + if(!ixs->oskb) { | |
43636 | + ixs->oskb = ixs->skb; | |
43637 | + } | |
43638 | + | |
43639 | + tskb = skb_copy_expand(ixs->skb, | |
43640 | + /* The need for 2 * link layer length here remains unexplained...RGB */ | |
43641 | + ixs->max_headroom + 2 * ixs->ll_headroom, | |
43642 | + ixs->max_tailroom, | |
43643 | + GFP_ATOMIC); | |
43644 | + | |
43645 | + if(tskb && ixs->skb->sk) { | |
43646 | + skb_set_owner_w(tskb, ixs->skb->sk); | |
43647 | + } | |
43648 | + | |
43649 | + if(ixs->skb != ixs->oskb) { | |
43650 | + ipsec_kfree_skb(ixs->skb); | |
43651 | + } | |
43652 | + ixs->skb = tskb; | |
43653 | + if (!ixs->skb) { | |
43654 | + printk(KERN_WARNING | |
43655 | + "klips_debug:ipsec_xmit_encap_bundle: " | |
43656 | + "Failed, tried to allocate %d head and %d tailroom\n", | |
43657 | + ixs->max_headroom, ixs->max_tailroom); | |
43658 | + ixs->stats->tx_errors++; | |
43659 | + bundle_stat = IPSEC_XMIT_ERRSKBALLOC; | |
43660 | + goto cleanup; | |
43661 | + } | |
43662 | + KLIPS_PRINT(debug_tunnel & DB_TN_CROUT, | |
43663 | + "klips_debug:ipsec_xmit_encap_bundle: " | |
43664 | + "head,tailroom: %d,%d after allocation\n", | |
43665 | + skb_headroom(ixs->skb), skb_tailroom(ixs->skb)); | |
43666 | + } | |
43667 | +#ifdef CONFIG_KLIPS_DEBUG | |
43668 | + if(debug_tunnel & DB_TN_ENCAP) { | |
43669 | + ipsec_print_ip(ixs->iph); | |
43670 | + } | |
43671 | +#endif | |
43672 | + | |
43673 | + /* | |
43674 | + * Apply grouped transforms to packet | |
43675 | + */ | |
43676 | + while (ixs->ipsp) { | |
43677 | + enum ipsec_xmit_value encap_stat = IPSEC_XMIT_OK; | |
43678 | + | |
43679 | + encap_stat = ipsec_xmit_encap_once(ixs); | |
43680 | +#ifdef CONFIG_KLIPS_DEBUG | |
43681 | + if(debug_tunnel & DB_TN_ENCAP) { | |
43682 | + ipsec_print_ip(ixs->iph); | |
43683 | + } | |
43684 | +#endif | |
43685 | + | |
43686 | + if(encap_stat != IPSEC_XMIT_OK) { | |
43687 | + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, | |
43688 | + "klips_debug:ipsec_xmit_encap_bundle: encap_once failed: %d\n", | |
43689 | + encap_stat); | |
43690 | + | |
43691 | + bundle_stat = IPSEC_XMIT_ENCAPFAIL; | |
43692 | + goto cleanup; | |
43693 | + } | |
43694 | + } | |
43695 | + | |
43696 | + /* we are done with this SA */ | |
43697 | + ipsec_sa_put(ixs->ipsp); | |
43698 | + | |
43699 | + /* end encapsulation loop here XXX */ | |
43700 | + cleanup: | |
43701 | + spin_unlock(&tdb_lock); | |
43702 | + return bundle_stat; | |
43703 | +} | |
43704 | + | |
43705 | +/* | |
43706 | + * $Log: ipsec_xmit.c,v $ | |
43707 | + * Revision 1.20.2.8 2006/10/06 21:39:26 paul | |
43708 | + * Fix for 2.6.18+ only include linux/config.h if AUTOCONF_INCLUDED is not | |
43709 | + * set. This is defined through autoconf.h which is included through the | |
43710 | + * linux kernel build macros. | |
43711 | + * | |
43712 | + * Revision 1.20.2.7 2006/08/24 03:02:01 paul | |
43713 | + * Compile fixes for when CONFIG_KLIPS_DEBUG is not set. (bug #642) | |
43714 | + * | |
43715 | + * Revision 1.20.2.6 2006/07/07 22:09:49 paul | |
43716 | + * From: Bart Trojanowski <bart@xelerance.com> | |
43717 | + * Removing a left over '#else' that split another '#if/#endif' block in two. | |
43718 | + * | |
43719 | + * Revision 1.20.2.5 2006/07/07 15:43:17 paul | |
43720 | + * From: Bart Trojanowski <bart@xelerance.com> | |
43721 | + * improved protocol detection in ipsec_print_ip() -- a debug aid. | |
43722 | + * | |
43723 | + * Revision 1.20.2.4 2006/04/20 16:33:07 mcr | |
43724 | + * remove all of CONFIG_KLIPS_ALG --- one can no longer build without it. | |
43725 | + * Fix in-kernel module compilation. Sub-makefiles do not work. | |
43726 | + * | |
43727 | + * Revision 1.20.2.3 2005/11/29 21:52:57 ken | |
43728 | + * Fix for #518 MTU issues | |
43729 | + * | |
43730 | + * Revision 1.20.2.2 2005/11/27 21:41:03 paul | |
43731 | + * Pull down TTL fixes from head. this fixes "Unknown symbol sysctl_ip_default_ttl"in for klips as module. | |
43732 | + * | |
43733 | + * Revision 1.20.2.1 2005/08/27 23:40:00 paul | |
43734 | + * recommited HAVE_SOCK_SECURITY fixes for linux 2.6.13 | |
43735 | + * | |
43736 | + * Revision 1.20 2005/07/12 15:39:27 paul | |
43737 | + * include asm/uaccess.h for VERIFY_WRITE | |
43738 | + * | |
43739 | + * Revision 1.19 2005/05/24 01:02:35 mcr | |
43740 | + * some refactoring/simplification of situation where alg | |
43741 | + * is not found. | |
43742 | + * | |
43743 | + * Revision 1.18 2005/05/23 23:52:33 mcr | |
43744 | + * adjust comments, add additional debugging. | |
43745 | + * | |
43746 | + * Revision 1.17 2005/05/23 22:57:23 mcr | |
43747 | + * removed explicit 3DES support. | |
43748 | + * | |
43749 | + * Revision 1.16 2005/05/21 03:29:15 mcr | |
43750 | + * fixed warning about unused zeroes if AH is off. | |
43751 | + * | |
43752 | + * Revision 1.15 2005/05/20 16:47:59 mcr | |
43753 | + * include asm/checksum.h to get ip_fast_csum macro. | |
43754 | + * | |
43755 | + * Revision 1.14 2005/05/11 01:43:03 mcr | |
43756 | + * removed "poor-man"s OOP in favour of proper C structures. | |
43757 | + * | |
43758 | + * Revision 1.13 2005/04/29 05:10:22 mcr | |
43759 | + * removed from extraenous includes to make unit testing easier. | |
43760 | + * | |
43761 | + * Revision 1.12 2005/04/15 01:28:34 mcr | |
43762 | + * use ipsec_dmp_block. | |
43763 | + * | |
43764 | + * Revision 1.11 2005/01/26 00:50:35 mcr | |
43765 | + * adjustment of confusion of CONFIG_IPSEC_NAT vs CONFIG_KLIPS_NAT, | |
43766 | + * and make sure that NAT_TRAVERSAL is set as well to match | |
43767 | + * userspace compiles of code. | |
43768 | + * | |
43769 | + * Revision 1.10 2004/09/13 17:55:21 ken | |
43770 | + * MD5* -> osMD5* | |
43771 | + * | |
43772 | + * Revision 1.9 2004/07/10 19:11:18 mcr | |
43773 | + * CONFIG_IPSEC -> CONFIG_KLIPS. | |
43774 | + * | |
43775 | + * Revision 1.8 2004/04/06 02:49:26 mcr | |
43776 | + * pullup of algo code from alg-branch. | |
43777 | + * | |
43778 | + * Revision 1.7 2004/02/03 03:13:41 mcr | |
43779 | + * mark invalid encapsulation states. | |
43780 | + * | |
43781 | + * Revision 1.6.2.1 2003/12/22 15:25:52 jjo | |
43782 | + * Merged algo-0.8.1-rc11-test1 into alg-branch | |
43783 | + * | |
43784 | + * Revision 1.6 2003/12/10 01:14:27 mcr | |
43785 | + * NAT-traversal patches to KLIPS. | |
43786 | + * | |
43787 | + * Revision 1.5 2003/10/31 02:27:55 mcr | |
43788 | + * pulled up port-selector patches and sa_id elimination. | |
43789 | + * | |
43790 | + * Revision 1.4.4.2 2003/10/29 01:37:39 mcr | |
43791 | + * when creating %hold from %trap, only make the %hold as | |
43792 | + * specific as the %trap was - so if the protocol and ports | |
43793 | + * were wildcards, then the %hold will be too. | |
43794 | + * | |
43795 | + * Revision 1.4.4.1 2003/09/21 13:59:56 mcr | |
43796 | + * pre-liminary X.509 patch - does not yet pass tests. | |
43797 | + * | |
43798 | + * Revision 1.4 2003/06/20 02:28:10 mcr | |
43799 | + * misstype of variable name, not detected by module build. | |
43800 | + * | |
43801 | + * Revision 1.3 2003/06/20 01:42:21 mcr | |
43802 | + * added counters to measure how many ACQUIREs we send to pluto, | |
43803 | + * and how many are successfully sent. | |
43804 | + * | |
43805 | + * Revision 1.2 2003/04/03 17:38:35 rgb | |
43806 | + * Centralised ipsec_kfree_skb and ipsec_dev_{get,put}. | |
43807 | + * Normalised coding style. | |
43808 | + * Simplified logic and reduced duplication of code. | |
43809 | + * | |
43810 | + * Revision 1.1 2003/02/12 19:31:23 rgb | |
43811 | + * Refactored from ipsec_tunnel.c | |
43812 | + * | |
43813 | + * Local Variables: | |
43814 | + * c-file-style: "linux" | |
43815 | + * End: | |
43816 | + * | |
43817 | + */ | |
43818 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
43819 | +++ linux/net/ipsec/match586.S Mon Feb 9 13:51:03 2004 | |
43820 | @@ -0,0 +1,357 @@ | |
43821 | +/* match.s -- Pentium-optimized version of longest_match() | |
43822 | + * Written for zlib 1.1.2 | |
43823 | + * Copyright (C) 1998 Brian Raiter <breadbox@muppetlabs.com> | |
43824 | + * | |
43825 | + * This is free software; you can redistribute it and/or modify it | |
43826 | + * under the terms of the GNU General Public License. | |
43827 | + */ | |
43828 | + | |
43829 | +#ifndef NO_UNDERLINE | |
43830 | +#define match_init _ipcomp_match_init | |
43831 | +#define longest_match _ipcomp_longest_match | |
43832 | +#else | |
43833 | +#define match_init ipcomp_match_init | |
43834 | +#define longest_match ipcomp_longest_match | |
43835 | +#endif | |
43836 | + | |
43837 | +#define MAX_MATCH (258) | |
43838 | +#define MIN_MATCH (3) | |
43839 | +#define MIN_LOOKAHEAD (MAX_MATCH + MIN_MATCH + 1) | |
43840 | +#define MAX_MATCH_8 ((MAX_MATCH + 7) & ~7) | |
43841 | + | |
43842 | +/* stack frame offsets */ | |
43843 | + | |
43844 | +#define wmask 0 /* local copy of s->wmask */ | |
43845 | +#define window 4 /* local copy of s->window */ | |
43846 | +#define windowbestlen 8 /* s->window + bestlen */ | |
43847 | +#define chainlenscanend 12 /* high word: current chain len */ | |
43848 | + /* low word: last bytes sought */ | |
43849 | +#define scanstart 16 /* first two bytes of string */ | |
43850 | +#define scanalign 20 /* dword-misalignment of string */ | |
43851 | +#define nicematch 24 /* a good enough match size */ | |
43852 | +#define bestlen 28 /* size of best match so far */ | |
43853 | +#define scan 32 /* ptr to string wanting match */ | |
43854 | + | |
43855 | +#define LocalVarsSize (36) | |
43856 | +/* saved ebx 36 */ | |
43857 | +/* saved edi 40 */ | |
43858 | +/* saved esi 44 */ | |
43859 | +/* saved ebp 48 */ | |
43860 | +/* return address 52 */ | |
43861 | +#define deflatestate 56 /* the function arguments */ | |
43862 | +#define curmatch 60 | |
43863 | + | |
43864 | +/* Offsets for fields in the deflate_state structure. These numbers | |
43865 | + * are calculated from the definition of deflate_state, with the | |
43866 | + * assumption that the compiler will dword-align the fields. (Thus, | |
43867 | + * changing the definition of deflate_state could easily cause this | |
43868 | + * program to crash horribly, without so much as a warning at | |
43869 | + * compile time. Sigh.) | |
43870 | + */ | |
43871 | +#define dsWSize 36 | |
43872 | +#define dsWMask 44 | |
43873 | +#define dsWindow 48 | |
43874 | +#define dsPrev 56 | |
43875 | +#define dsMatchLen 88 | |
43876 | +#define dsPrevMatch 92 | |
43877 | +#define dsStrStart 100 | |
43878 | +#define dsMatchStart 104 | |
43879 | +#define dsLookahead 108 | |
43880 | +#define dsPrevLen 112 | |
43881 | +#define dsMaxChainLen 116 | |
43882 | +#define dsGoodMatch 132 | |
43883 | +#define dsNiceMatch 136 | |
43884 | + | |
43885 | + | |
43886 | +.file "match.S" | |
43887 | + | |
43888 | +.globl match_init, longest_match | |
43889 | + | |
43890 | +.text | |
43891 | + | |
43892 | +/* uInt longest_match(deflate_state *deflatestate, IPos curmatch) */ | |
43893 | + | |
43894 | +longest_match: | |
43895 | + | |
43896 | +/* Save registers that the compiler may be using, and adjust %esp to */ | |
43897 | +/* make room for our stack frame. */ | |
43898 | + | |
43899 | + pushl %ebp | |
43900 | + pushl %edi | |
43901 | + pushl %esi | |
43902 | + pushl %ebx | |
43903 | + subl $LocalVarsSize, %esp | |
43904 | + | |
43905 | +/* Retrieve the function arguments. %ecx will hold cur_match */ | |
43906 | +/* throughout the entire function. %edx will hold the pointer to the */ | |
43907 | +/* deflate_state structure during the function's setup (before */ | |
43908 | +/* entering the main loop). */ | |
43909 | + | |
43910 | + movl deflatestate(%esp), %edx | |
43911 | + movl curmatch(%esp), %ecx | |
43912 | + | |
43913 | +/* if ((uInt)nice_match > s->lookahead) nice_match = s->lookahead; */ | |
43914 | + | |
43915 | + movl dsNiceMatch(%edx), %eax | |
43916 | + movl dsLookahead(%edx), %ebx | |
43917 | + cmpl %eax, %ebx | |
43918 | + jl LookaheadLess | |
43919 | + movl %eax, %ebx | |
43920 | +LookaheadLess: movl %ebx, nicematch(%esp) | |
43921 | + | |
43922 | +/* register Bytef *scan = s->window + s->strstart; */ | |
43923 | + | |
43924 | + movl dsWindow(%edx), %esi | |
43925 | + movl %esi, window(%esp) | |
43926 | + movl dsStrStart(%edx), %ebp | |
43927 | + lea (%esi,%ebp), %edi | |
43928 | + movl %edi, scan(%esp) | |
43929 | + | |
43930 | +/* Determine how many bytes the scan ptr is off from being */ | |
43931 | +/* dword-aligned. */ | |
43932 | + | |
43933 | + movl %edi, %eax | |
43934 | + negl %eax | |
43935 | + andl $3, %eax | |
43936 | + movl %eax, scanalign(%esp) | |
43937 | + | |
43938 | +/* IPos limit = s->strstart > (IPos)MAX_DIST(s) ? */ | |
43939 | +/* s->strstart - (IPos)MAX_DIST(s) : NIL; */ | |
43940 | + | |
43941 | + movl dsWSize(%edx), %eax | |
43942 | + subl $MIN_LOOKAHEAD, %eax | |
43943 | + subl %eax, %ebp | |
43944 | + jg LimitPositive | |
43945 | + xorl %ebp, %ebp | |
43946 | +LimitPositive: | |
43947 | + | |
43948 | +/* unsigned chain_length = s->max_chain_length; */ | |
43949 | +/* if (s->prev_length >= s->good_match) { */ | |
43950 | +/* chain_length >>= 2; */ | |
43951 | +/* } */ | |
43952 | + | |
43953 | + movl dsPrevLen(%edx), %eax | |
43954 | + movl dsGoodMatch(%edx), %ebx | |
43955 | + cmpl %ebx, %eax | |
43956 | + movl dsMaxChainLen(%edx), %ebx | |
43957 | + jl LastMatchGood | |
43958 | + shrl $2, %ebx | |
43959 | +LastMatchGood: | |
43960 | + | |
43961 | +/* chainlen is decremented once beforehand so that the function can */ | |
43962 | +/* use the sign flag instead of the zero flag for the exit test. */ | |
43963 | +/* It is then shifted into the high word, to make room for the scanend */ | |
43964 | +/* scanend value, which it will always accompany. */ | |
43965 | + | |
43966 | + decl %ebx | |
43967 | + shll $16, %ebx | |
43968 | + | |
43969 | +/* int best_len = s->prev_length; */ | |
43970 | + | |
43971 | + movl dsPrevLen(%edx), %eax | |
43972 | + movl %eax, bestlen(%esp) | |
43973 | + | |
43974 | +/* Store the sum of s->window + best_len in %esi locally, and in %esi. */ | |
43975 | + | |
43976 | + addl %eax, %esi | |
43977 | + movl %esi, windowbestlen(%esp) | |
43978 | + | |
43979 | +/* register ush scan_start = *(ushf*)scan; */ | |
43980 | +/* register ush scan_end = *(ushf*)(scan+best_len-1); */ | |
43981 | + | |
43982 | + movw (%edi), %bx | |
43983 | + movw %bx, scanstart(%esp) | |
43984 | + movw -1(%edi,%eax), %bx | |
43985 | + movl %ebx, chainlenscanend(%esp) | |
43986 | + | |
43987 | +/* Posf *prev = s->prev; */ | |
43988 | +/* uInt wmask = s->w_mask; */ | |
43989 | + | |
43990 | + movl dsPrev(%edx), %edi | |
43991 | + movl dsWMask(%edx), %edx | |
43992 | + mov %edx, wmask(%esp) | |
43993 | + | |
43994 | +/* Jump into the main loop. */ | |
43995 | + | |
43996 | + jmp LoopEntry | |
43997 | + | |
43998 | +.balign 16 | |
43999 | + | |
44000 | +/* do { | |
44001 | + * match = s->window + cur_match; | |
44002 | + * if (*(ushf*)(match+best_len-1) != scan_end || | |
44003 | + * *(ushf*)match != scan_start) continue; | |
44004 | + * [...] | |
44005 | + * } while ((cur_match = prev[cur_match & wmask]) > limit | |
44006 | + * && --chain_length != 0); | |
44007 | + * | |
44008 | + * Here is the inner loop of the function. The function will spend the | |
44009 | + * majority of its time in this loop, and majority of that time will | |
44010 | + * be spent in the first ten instructions. | |
44011 | + * | |
44012 | + * Within this loop: | |
44013 | + * %ebx = chainlenscanend - i.e., ((chainlen << 16) | scanend) | |
44014 | + * %ecx = curmatch | |
44015 | + * %edx = curmatch & wmask | |
44016 | + * %esi = windowbestlen - i.e., (window + bestlen) | |
44017 | + * %edi = prev | |
44018 | + * %ebp = limit | |
44019 | + * | |
44020 | + * Two optimization notes on the choice of instructions: | |
44021 | + * | |
44022 | + * The first instruction uses a 16-bit address, which costs an extra, | |
44023 | + * unpairable cycle. This is cheaper than doing a 32-bit access and | |
44024 | + * zeroing the high word, due to the 3-cycle misalignment penalty which | |
44025 | + * would occur half the time. This also turns out to be cheaper than | |
44026 | + * doing two separate 8-bit accesses, as the memory is so rarely in the | |
44027 | + * L1 cache. | |
44028 | + * | |
44029 | + * The window buffer, however, apparently spends a lot of time in the | |
44030 | + * cache, and so it is faster to retrieve the word at the end of the | |
44031 | + * match string with two 8-bit loads. The instructions that test the | |
44032 | + * word at the beginning of the match string, however, are executed | |
44033 | + * much less frequently, and there it was cheaper to use 16-bit | |
44034 | + * instructions, which avoided the necessity of saving off and | |
44035 | + * subsequently reloading one of the other registers. | |
44036 | + */ | |
44037 | +LookupLoop: | |
44038 | + /* 1 U & V */ | |
44039 | + movw (%edi,%edx,2), %cx /* 2 U pipe */ | |
44040 | + movl wmask(%esp), %edx /* 2 V pipe */ | |
44041 | + cmpl %ebp, %ecx /* 3 U pipe */ | |
44042 | + jbe LeaveNow /* 3 V pipe */ | |
44043 | + subl $0x00010000, %ebx /* 4 U pipe */ | |
44044 | + js LeaveNow /* 4 V pipe */ | |
44045 | +LoopEntry: movb -1(%esi,%ecx), %al /* 5 U pipe */ | |
44046 | + andl %ecx, %edx /* 5 V pipe */ | |
44047 | + cmpb %bl, %al /* 6 U pipe */ | |
44048 | + jnz LookupLoop /* 6 V pipe */ | |
44049 | + movb (%esi,%ecx), %ah | |
44050 | + cmpb %bh, %ah | |
44051 | + jnz LookupLoop | |
44052 | + movl window(%esp), %eax | |
44053 | + movw (%eax,%ecx), %ax | |
44054 | + cmpw scanstart(%esp), %ax | |
44055 | + jnz LookupLoop | |
44056 | + | |
44057 | +/* Store the current value of chainlen. */ | |
44058 | + | |
44059 | + movl %ebx, chainlenscanend(%esp) | |
44060 | + | |
44061 | +/* Point %edi to the string under scrutiny, and %esi to the string we */ | |
44062 | +/* are hoping to match it up with. In actuality, %esi and %edi are */ | |
44063 | +/* both pointed (MAX_MATCH_8 - scanalign) bytes ahead, and %edx is */ | |
44064 | +/* initialized to -(MAX_MATCH_8 - scanalign). */ | |
44065 | + | |
44066 | + movl window(%esp), %esi | |
44067 | + movl scan(%esp), %edi | |
44068 | + addl %ecx, %esi | |
44069 | + movl scanalign(%esp), %eax | |
44070 | + movl $(-MAX_MATCH_8), %edx | |
44071 | + lea MAX_MATCH_8(%edi,%eax), %edi | |
44072 | + lea MAX_MATCH_8(%esi,%eax), %esi | |
44073 | + | |
44074 | +/* Test the strings for equality, 8 bytes at a time. At the end, | |
44075 | + * adjust %edx so that it is offset to the exact byte that mismatched. | |
44076 | + * | |
44077 | + * We already know at this point that the first three bytes of the | |
44078 | + * strings match each other, and they can be safely passed over before | |
44079 | + * starting the compare loop. So what this code does is skip over 0-3 | |
44080 | + * bytes, as much as necessary in order to dword-align the %edi | |
44081 | + * pointer. (%esi will still be misaligned three times out of four.) | |
44082 | + * | |
44083 | + * It should be confessed that this loop usually does not represent | |
44084 | + * much of the total running time. Replacing it with a more | |
44085 | + * straightforward "rep cmpsb" would not drastically degrade | |
44086 | + * performance. | |
44087 | + */ | |
44088 | +LoopCmps: | |
44089 | + movl (%esi,%edx), %eax | |
44090 | + movl (%edi,%edx), %ebx | |
44091 | + xorl %ebx, %eax | |
44092 | + jnz LeaveLoopCmps | |
44093 | + movl 4(%esi,%edx), %eax | |
44094 | + movl 4(%edi,%edx), %ebx | |
44095 | + xorl %ebx, %eax | |
44096 | + jnz LeaveLoopCmps4 | |
44097 | + addl $8, %edx | |
44098 | + jnz LoopCmps | |
44099 | + jmp LenMaximum | |
44100 | +LeaveLoopCmps4: addl $4, %edx | |
44101 | +LeaveLoopCmps: testl $0x0000FFFF, %eax | |
44102 | + jnz LenLower | |
44103 | + addl $2, %edx | |
44104 | + shrl $16, %eax | |
44105 | +LenLower: subb $1, %al | |
44106 | + adcl $0, %edx | |
44107 | + | |
44108 | +/* Calculate the length of the match. If it is longer than MAX_MATCH, */ | |
44109 | +/* then automatically accept it as the best possible match and leave. */ | |
44110 | + | |
44111 | + lea (%edi,%edx), %eax | |
44112 | + movl scan(%esp), %edi | |
44113 | + subl %edi, %eax | |
44114 | + cmpl $MAX_MATCH, %eax | |
44115 | + jge LenMaximum | |
44116 | + | |
44117 | +/* If the length of the match is not longer than the best match we */ | |
44118 | +/* have so far, then forget it and return to the lookup loop. */ | |
44119 | + | |
44120 | + movl deflatestate(%esp), %edx | |
44121 | + movl bestlen(%esp), %ebx | |
44122 | + cmpl %ebx, %eax | |
44123 | + jg LongerMatch | |
44124 | + movl chainlenscanend(%esp), %ebx | |
44125 | + movl windowbestlen(%esp), %esi | |
44126 | + movl dsPrev(%edx), %edi | |
44127 | + movl wmask(%esp), %edx | |
44128 | + andl %ecx, %edx | |
44129 | + jmp LookupLoop | |
44130 | + | |
44131 | +/* s->match_start = cur_match; */ | |
44132 | +/* best_len = len; */ | |
44133 | +/* if (len >= nice_match) break; */ | |
44134 | +/* scan_end = *(ushf*)(scan+best_len-1); */ | |
44135 | + | |
44136 | +LongerMatch: movl nicematch(%esp), %ebx | |
44137 | + movl %eax, bestlen(%esp) | |
44138 | + movl %ecx, dsMatchStart(%edx) | |
44139 | + cmpl %ebx, %eax | |
44140 | + jge LeaveNow | |
44141 | + movl window(%esp), %esi | |
44142 | + addl %eax, %esi | |
44143 | + movl %esi, windowbestlen(%esp) | |
44144 | + movl chainlenscanend(%esp), %ebx | |
44145 | + movw -1(%edi,%eax), %bx | |
44146 | + movl dsPrev(%edx), %edi | |
44147 | + movl %ebx, chainlenscanend(%esp) | |
44148 | + movl wmask(%esp), %edx | |
44149 | + andl %ecx, %edx | |
44150 | + jmp LookupLoop | |
44151 | + | |
44152 | +/* Accept the current string, with the maximum possible length. */ | |
44153 | + | |
44154 | +LenMaximum: movl deflatestate(%esp), %edx | |
44155 | + movl $MAX_MATCH, bestlen(%esp) | |
44156 | + movl %ecx, dsMatchStart(%edx) | |
44157 | + | |
44158 | +/* if ((uInt)best_len <= s->lookahead) return (uInt)best_len; */ | |
44159 | +/* return s->lookahead; */ | |
44160 | + | |
44161 | +LeaveNow: | |
44162 | + movl deflatestate(%esp), %edx | |
44163 | + movl bestlen(%esp), %ebx | |
44164 | + movl dsLookahead(%edx), %eax | |
44165 | + cmpl %eax, %ebx | |
44166 | + jg LookaheadRet | |
44167 | + movl %ebx, %eax | |
44168 | +LookaheadRet: | |
44169 | + | |
44170 | +/* Restore the stack and return from whence we came. */ | |
44171 | + | |
44172 | + addl $LocalVarsSize, %esp | |
44173 | + popl %ebx | |
44174 | + popl %esi | |
44175 | + popl %edi | |
44176 | + popl %ebp | |
44177 | +match_init: ret | |
44178 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
44179 | +++ linux/net/ipsec/match686.S Mon Feb 9 13:51:03 2004 | |
44180 | @@ -0,0 +1,330 @@ | |
44181 | +/* match.s -- Pentium-Pro-optimized version of longest_match() | |
44182 | + * Written for zlib 1.1.2 | |
44183 | + * Copyright (C) 1998 Brian Raiter <breadbox@muppetlabs.com> | |
44184 | + * | |
44185 | + * This is free software; you can redistribute it and/or modify it | |
44186 | + * under the terms of the GNU General Public License. | |
44187 | + */ | |
44188 | + | |
44189 | +#ifndef NO_UNDERLINE | |
44190 | +#define match_init _ipcomp_match_init | |
44191 | +#define longest_match _ipcomp_longest_match | |
44192 | +#else | |
44193 | +#define match_init ipcomp_match_init | |
44194 | +#define longest_match ipcomp_longest_match | |
44195 | +#endif | |
44196 | + | |
44197 | +#define MAX_MATCH (258) | |
44198 | +#define MIN_MATCH (3) | |
44199 | +#define MIN_LOOKAHEAD (MAX_MATCH + MIN_MATCH + 1) | |
44200 | +#define MAX_MATCH_8 ((MAX_MATCH + 7) & ~7) | |
44201 | + | |
44202 | +/* stack frame offsets */ | |
44203 | + | |
44204 | +#define chainlenwmask 0 /* high word: current chain len */ | |
44205 | + /* low word: s->wmask */ | |
44206 | +#define window 4 /* local copy of s->window */ | |
44207 | +#define windowbestlen 8 /* s->window + bestlen */ | |
44208 | +#define scanstart 16 /* first two bytes of string */ | |
44209 | +#define scanend 12 /* last two bytes of string */ | |
44210 | +#define scanalign 20 /* dword-misalignment of string */ | |
44211 | +#define nicematch 24 /* a good enough match size */ | |
44212 | +#define bestlen 28 /* size of best match so far */ | |
44213 | +#define scan 32 /* ptr to string wanting match */ | |
44214 | + | |
44215 | +#define LocalVarsSize (36) | |
44216 | +/* saved ebx 36 */ | |
44217 | +/* saved edi 40 */ | |
44218 | +/* saved esi 44 */ | |
44219 | +/* saved ebp 48 */ | |
44220 | +/* return address 52 */ | |
44221 | +#define deflatestate 56 /* the function arguments */ | |
44222 | +#define curmatch 60 | |
44223 | + | |
44224 | +/* Offsets for fields in the deflate_state structure. These numbers | |
44225 | + * are calculated from the definition of deflate_state, with the | |
44226 | + * assumption that the compiler will dword-align the fields. (Thus, | |
44227 | + * changing the definition of deflate_state could easily cause this | |
44228 | + * program to crash horribly, without so much as a warning at | |
44229 | + * compile time. Sigh.) | |
44230 | + */ | |
44231 | +#define dsWSize 36 | |
44232 | +#define dsWMask 44 | |
44233 | +#define dsWindow 48 | |
44234 | +#define dsPrev 56 | |
44235 | +#define dsMatchLen 88 | |
44236 | +#define dsPrevMatch 92 | |
44237 | +#define dsStrStart 100 | |
44238 | +#define dsMatchStart 104 | |
44239 | +#define dsLookahead 108 | |
44240 | +#define dsPrevLen 112 | |
44241 | +#define dsMaxChainLen 116 | |
44242 | +#define dsGoodMatch 132 | |
44243 | +#define dsNiceMatch 136 | |
44244 | + | |
44245 | + | |
44246 | +.file "match.S" | |
44247 | + | |
44248 | +.globl match_init, longest_match | |
44249 | + | |
44250 | +.text | |
44251 | + | |
44252 | +/* uInt longest_match(deflate_state *deflatestate, IPos curmatch) */ | |
44253 | + | |
44254 | +longest_match: | |
44255 | + | |
44256 | +/* Save registers that the compiler may be using, and adjust %esp to */ | |
44257 | +/* make room for our stack frame. */ | |
44258 | + | |
44259 | + pushl %ebp | |
44260 | + pushl %edi | |
44261 | + pushl %esi | |
44262 | + pushl %ebx | |
44263 | + subl $LocalVarsSize, %esp | |
44264 | + | |
44265 | +/* Retrieve the function arguments. %ecx will hold cur_match */ | |
44266 | +/* throughout the entire function. %edx will hold the pointer to the */ | |
44267 | +/* deflate_state structure during the function's setup (before */ | |
44268 | +/* entering the main loop). */ | |
44269 | + | |
44270 | + movl deflatestate(%esp), %edx | |
44271 | + movl curmatch(%esp), %ecx | |
44272 | + | |
44273 | +/* uInt wmask = s->w_mask; */ | |
44274 | +/* unsigned chain_length = s->max_chain_length; */ | |
44275 | +/* if (s->prev_length >= s->good_match) { */ | |
44276 | +/* chain_length >>= 2; */ | |
44277 | +/* } */ | |
44278 | + | |
44279 | + movl dsPrevLen(%edx), %eax | |
44280 | + movl dsGoodMatch(%edx), %ebx | |
44281 | + cmpl %ebx, %eax | |
44282 | + movl dsWMask(%edx), %eax | |
44283 | + movl dsMaxChainLen(%edx), %ebx | |
44284 | + jl LastMatchGood | |
44285 | + shrl $2, %ebx | |
44286 | +LastMatchGood: | |
44287 | + | |
44288 | +/* chainlen is decremented once beforehand so that the function can */ | |
44289 | +/* use the sign flag instead of the zero flag for the exit test. */ | |
44290 | +/* It is then shifted into the high word, to make room for the wmask */ | |
44291 | +/* value, which it will always accompany. */ | |
44292 | + | |
44293 | + decl %ebx | |
44294 | + shll $16, %ebx | |
44295 | + orl %eax, %ebx | |
44296 | + movl %ebx, chainlenwmask(%esp) | |
44297 | + | |
44298 | +/* if ((uInt)nice_match > s->lookahead) nice_match = s->lookahead; */ | |
44299 | + | |
44300 | + movl dsNiceMatch(%edx), %eax | |
44301 | + movl dsLookahead(%edx), %ebx | |
44302 | + cmpl %eax, %ebx | |
44303 | + jl LookaheadLess | |
44304 | + movl %eax, %ebx | |
44305 | +LookaheadLess: movl %ebx, nicematch(%esp) | |
44306 | + | |
44307 | +/* register Bytef *scan = s->window + s->strstart; */ | |
44308 | + | |
44309 | + movl dsWindow(%edx), %esi | |
44310 | + movl %esi, window(%esp) | |
44311 | + movl dsStrStart(%edx), %ebp | |
44312 | + lea (%esi,%ebp), %edi | |
44313 | + movl %edi, scan(%esp) | |
44314 | + | |
44315 | +/* Determine how many bytes the scan ptr is off from being */ | |
44316 | +/* dword-aligned. */ | |
44317 | + | |
44318 | + movl %edi, %eax | |
44319 | + negl %eax | |
44320 | + andl $3, %eax | |
44321 | + movl %eax, scanalign(%esp) | |
44322 | + | |
44323 | +/* IPos limit = s->strstart > (IPos)MAX_DIST(s) ? */ | |
44324 | +/* s->strstart - (IPos)MAX_DIST(s) : NIL; */ | |
44325 | + | |
44326 | + movl dsWSize(%edx), %eax | |
44327 | + subl $MIN_LOOKAHEAD, %eax | |
44328 | + subl %eax, %ebp | |
44329 | + jg LimitPositive | |
44330 | + xorl %ebp, %ebp | |
44331 | +LimitPositive: | |
44332 | + | |
44333 | +/* int best_len = s->prev_length; */ | |
44334 | + | |
44335 | + movl dsPrevLen(%edx), %eax | |
44336 | + movl %eax, bestlen(%esp) | |
44337 | + | |
44338 | +/* Store the sum of s->window + best_len in %esi locally, and in %esi. */ | |
44339 | + | |
44340 | + addl %eax, %esi | |
44341 | + movl %esi, windowbestlen(%esp) | |
44342 | + | |
44343 | +/* register ush scan_start = *(ushf*)scan; */ | |
44344 | +/* register ush scan_end = *(ushf*)(scan+best_len-1); */ | |
44345 | +/* Posf *prev = s->prev; */ | |
44346 | + | |
44347 | + movzwl (%edi), %ebx | |
44348 | + movl %ebx, scanstart(%esp) | |
44349 | + movzwl -1(%edi,%eax), %ebx | |
44350 | + movl %ebx, scanend(%esp) | |
44351 | + movl dsPrev(%edx), %edi | |
44352 | + | |
44353 | +/* Jump into the main loop. */ | |
44354 | + | |
44355 | + movl chainlenwmask(%esp), %edx | |
44356 | + jmp LoopEntry | |
44357 | + | |
44358 | +.balign 16 | |
44359 | + | |
44360 | +/* do { | |
44361 | + * match = s->window + cur_match; | |
44362 | + * if (*(ushf*)(match+best_len-1) != scan_end || | |
44363 | + * *(ushf*)match != scan_start) continue; | |
44364 | + * [...] | |
44365 | + * } while ((cur_match = prev[cur_match & wmask]) > limit | |
44366 | + * && --chain_length != 0); | |
44367 | + * | |
44368 | + * Here is the inner loop of the function. The function will spend the | |
44369 | + * majority of its time in this loop, and majority of that time will | |
44370 | + * be spent in the first ten instructions. | |
44371 | + * | |
44372 | + * Within this loop: | |
44373 | + * %ebx = scanend | |
44374 | + * %ecx = curmatch | |
44375 | + * %edx = chainlenwmask - i.e., ((chainlen << 16) | wmask) | |
44376 | + * %esi = windowbestlen - i.e., (window + bestlen) | |
44377 | + * %edi = prev | |
44378 | + * %ebp = limit | |
44379 | + */ | |
44380 | +LookupLoop: | |
44381 | + andl %edx, %ecx | |
44382 | + movzwl (%edi,%ecx,2), %ecx | |
44383 | + cmpl %ebp, %ecx | |
44384 | + jbe LeaveNow | |
44385 | + subl $0x00010000, %edx | |
44386 | + js LeaveNow | |
44387 | +LoopEntry: movzwl -1(%esi,%ecx), %eax | |
44388 | + cmpl %ebx, %eax | |
44389 | + jnz LookupLoop | |
44390 | + movl window(%esp), %eax | |
44391 | + movzwl (%eax,%ecx), %eax | |
44392 | + cmpl scanstart(%esp), %eax | |
44393 | + jnz LookupLoop | |
44394 | + | |
44395 | +/* Store the current value of chainlen. */ | |
44396 | + | |
44397 | + movl %edx, chainlenwmask(%esp) | |
44398 | + | |
44399 | +/* Point %edi to the string under scrutiny, and %esi to the string we */ | |
44400 | +/* are hoping to match it up with. In actuality, %esi and %edi are */ | |
44401 | +/* both pointed (MAX_MATCH_8 - scanalign) bytes ahead, and %edx is */ | |
44402 | +/* initialized to -(MAX_MATCH_8 - scanalign). */ | |
44403 | + | |
44404 | + movl window(%esp), %esi | |
44405 | + movl scan(%esp), %edi | |
44406 | + addl %ecx, %esi | |
44407 | + movl scanalign(%esp), %eax | |
44408 | + movl $(-MAX_MATCH_8), %edx | |
44409 | + lea MAX_MATCH_8(%edi,%eax), %edi | |
44410 | + lea MAX_MATCH_8(%esi,%eax), %esi | |
44411 | + | |
44412 | +/* Test the strings for equality, 8 bytes at a time. At the end, | |
44413 | + * adjust %edx so that it is offset to the exact byte that mismatched. | |
44414 | + * | |
44415 | + * We already know at this point that the first three bytes of the | |
44416 | + * strings match each other, and they can be safely passed over before | |
44417 | + * starting the compare loop. So what this code does is skip over 0-3 | |
44418 | + * bytes, as much as necessary in order to dword-align the %edi | |
44419 | + * pointer. (%esi will still be misaligned three times out of four.) | |
44420 | + * | |
44421 | + * It should be confessed that this loop usually does not represent | |
44422 | + * much of the total running time. Replacing it with a more | |
44423 | + * straightforward "rep cmpsb" would not drastically degrade | |
44424 | + * performance. | |
44425 | + */ | |
44426 | +LoopCmps: | |
44427 | + movl (%esi,%edx), %eax | |
44428 | + xorl (%edi,%edx), %eax | |
44429 | + jnz LeaveLoopCmps | |
44430 | + movl 4(%esi,%edx), %eax | |
44431 | + xorl 4(%edi,%edx), %eax | |
44432 | + jnz LeaveLoopCmps4 | |
44433 | + addl $8, %edx | |
44434 | + jnz LoopCmps | |
44435 | + jmp LenMaximum | |
44436 | +LeaveLoopCmps4: addl $4, %edx | |
44437 | +LeaveLoopCmps: testl $0x0000FFFF, %eax | |
44438 | + jnz LenLower | |
44439 | + addl $2, %edx | |
44440 | + shrl $16, %eax | |
44441 | +LenLower: subb $1, %al | |
44442 | + adcl $0, %edx | |
44443 | + | |
44444 | +/* Calculate the length of the match. If it is longer than MAX_MATCH, */ | |
44445 | +/* then automatically accept it as the best possible match and leave. */ | |
44446 | + | |
44447 | + lea (%edi,%edx), %eax | |
44448 | + movl scan(%esp), %edi | |
44449 | + subl %edi, %eax | |
44450 | + cmpl $MAX_MATCH, %eax | |
44451 | + jge LenMaximum | |
44452 | + | |
44453 | +/* If the length of the match is not longer than the best match we */ | |
44454 | +/* have so far, then forget it and return to the lookup loop. */ | |
44455 | + | |
44456 | + movl deflatestate(%esp), %edx | |
44457 | + movl bestlen(%esp), %ebx | |
44458 | + cmpl %ebx, %eax | |
44459 | + jg LongerMatch | |
44460 | + movl windowbestlen(%esp), %esi | |
44461 | + movl dsPrev(%edx), %edi | |
44462 | + movl scanend(%esp), %ebx | |
44463 | + movl chainlenwmask(%esp), %edx | |
44464 | + jmp LookupLoop | |
44465 | + | |
44466 | +/* s->match_start = cur_match; */ | |
44467 | +/* best_len = len; */ | |
44468 | +/* if (len >= nice_match) break; */ | |
44469 | +/* scan_end = *(ushf*)(scan+best_len-1); */ | |
44470 | + | |
44471 | +LongerMatch: movl nicematch(%esp), %ebx | |
44472 | + movl %eax, bestlen(%esp) | |
44473 | + movl %ecx, dsMatchStart(%edx) | |
44474 | + cmpl %ebx, %eax | |
44475 | + jge LeaveNow | |
44476 | + movl window(%esp), %esi | |
44477 | + addl %eax, %esi | |
44478 | + movl %esi, windowbestlen(%esp) | |
44479 | + movzwl -1(%edi,%eax), %ebx | |
44480 | + movl dsPrev(%edx), %edi | |
44481 | + movl %ebx, scanend(%esp) | |
44482 | + movl chainlenwmask(%esp), %edx | |
44483 | + jmp LookupLoop | |
44484 | + | |
44485 | +/* Accept the current string, with the maximum possible length. */ | |
44486 | + | |
44487 | +LenMaximum: movl deflatestate(%esp), %edx | |
44488 | + movl $MAX_MATCH, bestlen(%esp) | |
44489 | + movl %ecx, dsMatchStart(%edx) | |
44490 | + | |
44491 | +/* if ((uInt)best_len <= s->lookahead) return (uInt)best_len; */ | |
44492 | +/* return s->lookahead; */ | |
44493 | + | |
44494 | +LeaveNow: | |
44495 | + movl deflatestate(%esp), %edx | |
44496 | + movl bestlen(%esp), %ebx | |
44497 | + movl dsLookahead(%edx), %eax | |
44498 | + cmpl %eax, %ebx | |
44499 | + jg LookaheadRet | |
44500 | + movl %ebx, %eax | |
44501 | +LookaheadRet: | |
44502 | + | |
44503 | +/* Restore the stack and return from whence we came. */ | |
44504 | + | |
44505 | + addl $LocalVarsSize, %esp | |
44506 | + popl %ebx | |
44507 | + popl %esi | |
44508 | + popl %edi | |
44509 | + popl %ebp | |
44510 | +match_init: ret | |
44511 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
44512 | +++ linux/net/ipsec/null/ipsec_alg_null.c Mon Feb 9 13:51:03 2004 | |
44513 | @@ -0,0 +1,145 @@ | |
44514 | +/* | |
44515 | + * ipsec_alg NULL cipher stubs | |
44516 | + * | |
44517 | + * Author: JuanJo Ciarlante <jjo-ipsec@mendoza.gov.ar> | |
44518 | + * | |
44519 | + * $Id: ipsec_alg_null.c,v 1.1.2.1 2006/10/11 18:14:33 paul Exp $ | |
44520 | + * | |
44521 | + * This program is free software; you can redistribute it and/or modify it | |
44522 | + * under the terms of the GNU General Public License as published by the | |
44523 | + * Free Software Foundation; either version 2 of the License, or (at your | |
44524 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
44525 | + * | |
44526 | + * This program is distributed in the hope that it will be useful, but | |
44527 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
44528 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
44529 | + * for more details. | |
44530 | + * | |
44531 | + */ | |
44532 | +#include <linux/config.h> | |
44533 | +#include <linux/version.h> | |
44534 | + | |
44535 | +/* | |
44536 | + * special case: ipsec core modular with this static algo inside: | |
44537 | + * must avoid MODULE magic for this file | |
44538 | + */ | |
44539 | +#if defined(CONFIG_KLIPS_MODULE) && defined(CONFIG_KLIPS_ENC_NULL) | |
44540 | +#undef MODULE | |
44541 | +#endif | |
44542 | + | |
44543 | +#include <linux/module.h> | |
44544 | +#include <linux/init.h> | |
44545 | + | |
44546 | +#include <linux/kernel.h> /* printk() */ | |
44547 | +#include <linux/errno.h> /* error codes */ | |
44548 | +#include <linux/types.h> /* size_t */ | |
44549 | +#include <linux/string.h> | |
44550 | + | |
44551 | +/* Check if __exit is defined, if not null it */ | |
44552 | +#ifndef __exit | |
44553 | +#define __exit | |
44554 | +#endif | |
44555 | + | |
44556 | +/* Low freeswan header coupling */ | |
44557 | +#include "openswan/ipsec_alg.h" | |
44558 | + | |
44559 | +#define ESP_NULL 11 /* from ipsec drafts */ | |
44560 | +#define ESP_NULL_BLK_LEN 1 | |
44561 | + | |
44562 | +MODULE_AUTHOR("JuanJo Ciarlante <jjo-ipsec@mendoza.gov.ar>"); | |
44563 | +static int debug_null=0; | |
44564 | +static int test_null=0; | |
44565 | +#ifdef module_param | |
44566 | +module_param(debug_null, int, 0600); | |
44567 | +module_param(test_null, int, 0600); | |
44568 | +#else | |
44569 | +MODULE_PARM(debug_null, "i"); | |
44570 | +MODULE_PARM(test_null, "i"); | |
44571 | +#endif | |
44572 | + | |
44573 | +typedef int null_context; | |
44574 | + | |
44575 | +struct null_eks{ | |
44576 | + null_context null_ctx; | |
44577 | +}; | |
44578 | +static int _null_set_key(struct ipsec_alg_enc *alg, | |
44579 | + __u8 * key_e, const __u8 * key, | |
44580 | + size_t keysize) { | |
44581 | + null_context *ctx=&((struct null_eks*)key_e)->null_ctx; | |
44582 | + if (debug_null > 0) | |
44583 | + printk(KERN_DEBUG "klips_debug:_null_set_key:" | |
44584 | + "key_e=%p key=%p keysize=%d\n", | |
44585 | + key_e, key, keysize); | |
44586 | + *ctx = 1; | |
44587 | + return 0; | |
44588 | +} | |
44589 | +static int _null_cbc_encrypt(struct ipsec_alg_enc *alg, | |
44590 | + __u8 * key_e, __u8 * in, int ilen, const __u8 * iv, | |
44591 | + int encrypt) { | |
44592 | + null_context *ctx=&((struct null_eks*)key_e)->null_ctx; | |
44593 | + if (debug_null > 0) | |
44594 | + printk(KERN_DEBUG "klips_debug:_null_cbc_encrypt:" | |
44595 | + "key_e=%p in=%p ilen=%d iv=%p encrypt=%d\n", | |
44596 | + key_e, in, ilen, iv, encrypt); | |
44597 | + (*ctx)++; | |
44598 | + return ilen; | |
44599 | +} | |
44600 | +static struct ipsec_alg_enc ipsec_alg_NULL = { | |
44601 | + ixt_common: { ixt_version: IPSEC_ALG_VERSION, | |
44602 | + ixt_refcnt: ATOMIC_INIT(0), | |
44603 | + ixt_name: "null", | |
44604 | + ixt_blocksize: ESP_NULL_BLK_LEN, | |
44605 | + ixt_support: { | |
44606 | + ias_exttype: IPSEC_ALG_TYPE_ENCRYPT, | |
44607 | + ias_id: ESP_NULL, | |
44608 | + ias_ivlen: 0, | |
44609 | + ias_keyminbits: 0, | |
44610 | + ias_keymaxbits: 0, | |
44611 | + }, | |
44612 | + }, | |
44613 | +#if defined(CONFIG_KLIPS_ENC_NULL_MODULE) | |
44614 | + ixt_module: THIS_MODULE, | |
44615 | +#endif | |
44616 | + ixt_e_keylen: 0, | |
44617 | + ixt_e_ctx_size: sizeof(null_context), | |
44618 | + ixt_e_set_key: _null_set_key, | |
44619 | + ixt_e_cbc_encrypt:_null_cbc_encrypt, | |
44620 | +}; | |
44621 | + | |
44622 | +#if defined(CONFIG_KLIPS_ENC_NULL_MODULE) | |
44623 | +IPSEC_ALG_MODULE_INIT_MOD( ipsec_null_init ) | |
44624 | +#else | |
44625 | +IPSEC_ALG_MODULE_INIT_STATIC( ipsec_null_init ) | |
44626 | +#endif | |
44627 | +{ | |
44628 | + int ret, test_ret; | |
44629 | + ret=register_ipsec_alg_enc(&ipsec_alg_NULL); | |
44630 | + printk("ipsec_null_init(alg_type=%d alg_id=%d name=%s): ret=%d\n", | |
44631 | + ipsec_alg_NULL.ixt_common.ixt_support.ias_exttype, | |
44632 | + ipsec_alg_NULL.ixt_common.ixt_support.ias_id, | |
44633 | + ipsec_alg_NULL.ixt_common.ixt_name, | |
44634 | + ret); | |
44635 | + if (ret==0 && test_null) { | |
44636 | + test_ret=ipsec_alg_test( | |
44637 | + ipsec_alg_NULL.ixt_common.ixt_support.ias_exttype, | |
44638 | + ipsec_alg_NULL.ixt_common.ixt_support.ias_id, | |
44639 | + test_null); | |
44640 | + printk("ipsec_null_init(alg_type=%d alg_id=%d): test_ret=%d\n", | |
44641 | + ipsec_alg_NULL.ixt_common.ixt_support.ias_exttype, | |
44642 | + ipsec_alg_NULL.ixt_common.ixt_support.ias_id, | |
44643 | + test_ret); | |
44644 | + } | |
44645 | + return ret; | |
44646 | +} | |
44647 | +#if defined(CONFIG_KLIPS_ENC_NULL_MODULE) | |
44648 | +IPSEC_ALG_MODULE_EXIT_MOD( ipsec_null_fini ) | |
44649 | +#else | |
44650 | +IPSEC_ALG_MODULE_EXIT_STATIC( ipsec_null_fini ) | |
44651 | +#endif | |
44652 | +{ | |
44653 | + unregister_ipsec_alg_enc(&ipsec_alg_NULL); | |
44654 | + return; | |
44655 | +} | |
44656 | +#ifdef MODULE_LICENSE | |
44657 | +MODULE_LICENSE("GPL"); | |
44658 | +#endif | |
44659 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
44660 | +++ linux/net/ipsec/pfkey_v2.c Mon Feb 9 13:51:03 2004 | |
44661 | @@ -0,0 +1,2022 @@ | |
44662 | +/* | |
44663 | + * @(#) RFC2367 PF_KEYv2 Key management API domain socket I/F | |
44664 | + * Copyright (C) 1999, 2000, 2001 Richard Guy Briggs. | |
44665 | + * | |
44666 | + * This program is free software; you can redistribute it and/or modify it | |
44667 | + * under the terms of the GNU General Public License as published by the | |
44668 | + * Free Software Foundation; either version 2 of the License, or (at your | |
44669 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
44670 | + * | |
44671 | + * This program is distributed in the hope that it will be useful, but | |
44672 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
44673 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
44674 | + * for more details. | |
44675 | + * | |
44676 | + * RCSID $Id: pfkey_v2.c,v 1.97.2.12 2006/11/24 05:43:29 paul Exp $ | |
44677 | + */ | |
44678 | + | |
44679 | +/* | |
44680 | + * Template from /usr/src/linux-2.0.36/net/unix/af_unix.c. | |
44681 | + * Hints from /usr/src/linux-2.0.36/net/ipv4/udp.c. | |
44682 | + */ | |
44683 | + | |
44684 | +#define __NO_VERSION__ | |
44685 | +#include <linux/module.h> | |
44686 | +#include <linux/version.h> | |
44687 | +#ifndef AUTOCONF_INCLUDED | |
44688 | +#include <linux/config.h> | |
44689 | +#endif | |
44690 | +#include <linux/kernel.h> | |
44691 | + | |
44692 | +#include "openswan/ipsec_param.h" | |
44693 | + | |
44694 | +#include <linux/major.h> | |
44695 | +#include <linux/signal.h> | |
44696 | +#include <linux/sched.h> | |
44697 | +#include <linux/errno.h> | |
44698 | +#include <linux/string.h> | |
44699 | +#include <linux/stat.h> | |
44700 | +#include <linux/socket.h> | |
44701 | +#include <linux/un.h> | |
44702 | +#include <linux/fcntl.h> | |
44703 | +#include <linux/termios.h> | |
44704 | +#include <linux/socket.h> | |
44705 | +#include <linux/sockios.h> | |
44706 | +#include <linux/net.h> /* struct socket */ | |
44707 | +#include <linux/in.h> | |
44708 | +#include <linux/fs.h> | |
44709 | +#ifdef MALLOC_SLAB | |
44710 | +# include <linux/slab.h> /* kmalloc() */ | |
44711 | +#else /* MALLOC_SLAB */ | |
44712 | +# include <linux/malloc.h> /* kmalloc() */ | |
44713 | +#endif /* MALLOC_SLAB */ | |
44714 | +#include <asm/segment.h> | |
44715 | +#include <linux/skbuff.h> | |
44716 | +#include <linux/netdevice.h> | |
44717 | +#include <net/sock.h> /* struct sock */ | |
44718 | +#include <net/protocol.h> | |
44719 | +/* #include <net/tcp.h> */ | |
44720 | +#include <net/af_unix.h> | |
44721 | +#ifdef CONFIG_PROC_FS | |
44722 | +# include <linux/proc_fs.h> | |
44723 | +#endif /* CONFIG_PROC_FS */ | |
44724 | + | |
44725 | +#include <linux/types.h> | |
44726 | + | |
44727 | +#include <openswan.h> | |
44728 | + | |
44729 | +#include "openswan/radij.h" | |
44730 | +#include "openswan/ipsec_encap.h" | |
44731 | +#include "openswan/ipsec_sa.h" | |
44732 | + | |
44733 | +#include <pfkeyv2.h> | |
44734 | +#include <pfkey.h> | |
44735 | + | |
44736 | +#include "openswan/ipsec_proto.h" | |
44737 | +#include "openswan/ipsec_kern24.h" | |
44738 | + | |
44739 | +#ifdef CONFIG_KLIPS_DEBUG | |
44740 | +int debug_pfkey = 0; | |
44741 | +extern int sysctl_ipsec_debug_verbose; | |
44742 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
44743 | + | |
44744 | +#define SENDERR(_x) do { error = -(_x); goto errlab; } while (0) | |
44745 | + | |
44746 | +#ifndef SOCKOPS_WRAPPED | |
44747 | +#define SOCKOPS_WRAPPED(name) name | |
44748 | +#endif /* SOCKOPS_WRAPPED */ | |
44749 | + | |
44750 | +#ifdef NET_26 | |
44751 | +static rwlock_t pfkey_sock_lock = RW_LOCK_UNLOCKED; | |
44752 | +HLIST_HEAD(pfkey_sock_list); | |
44753 | +static DECLARE_WAIT_QUEUE_HEAD(pfkey_sock_wait); | |
44754 | +static atomic_t pfkey_sock_users = ATOMIC_INIT(0); | |
44755 | +#else | |
44756 | +struct sock *pfkey_sock_list = NULL; | |
44757 | +#endif | |
44758 | + | |
44759 | +struct supported_list *pfkey_supported_list[SADB_SATYPE_MAX+1]; | |
44760 | + | |
44761 | +struct socket_list *pfkey_open_sockets = NULL; | |
44762 | +struct socket_list *pfkey_registered_sockets[SADB_SATYPE_MAX+1]; | |
44763 | + | |
44764 | +int pfkey_msg_interp(struct sock *, struct sadb_msg *, struct sadb_msg **); | |
44765 | + | |
44766 | +DEBUG_NO_STATIC int pfkey_create(struct socket *sock, int protocol); | |
44767 | +DEBUG_NO_STATIC int pfkey_shutdown(struct socket *sock, int mode); | |
44768 | +DEBUG_NO_STATIC int pfkey_release(struct socket *sock); | |
44769 | + | |
44770 | +#ifdef NET_26 | |
44771 | +DEBUG_NO_STATIC int pfkey_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len); | |
44772 | +DEBUG_NO_STATIC int pfkey_recvmsg(struct kiocb *kiocb, struct socket *sock, struct msghdr *msg | |
44773 | + , size_t size, int flags); | |
44774 | +#else | |
44775 | +DEBUG_NO_STATIC int pfkey_sendmsg(struct socket *sock, struct msghdr *msg, int len, struct scm_cookie *scm); | |
44776 | +DEBUG_NO_STATIC int pfkey_recvmsg(struct socket *sock, struct msghdr *msg, int size, int flags, struct scm_cookie *scm); | |
44777 | +#endif | |
44778 | + | |
44779 | +struct net_proto_family pfkey_family_ops = { | |
44780 | +#ifdef NETDEV_23 | |
44781 | + .family = PF_KEY, | |
44782 | + .create = pfkey_create, | |
44783 | +#ifdef NET_26 | |
44784 | + .owner = THIS_MODULE, | |
44785 | +#endif | |
44786 | +#else | |
44787 | + PF_KEY, | |
44788 | + pfkey_create | |
44789 | +#endif | |
44790 | +}; | |
44791 | + | |
44792 | +struct proto_ops SOCKOPS_WRAPPED(pfkey_ops) = { | |
44793 | +#ifdef NETDEV_23 | |
44794 | + family: PF_KEY, | |
44795 | +#ifdef NET_26 | |
44796 | + owner: THIS_MODULE, | |
44797 | +#endif | |
44798 | + release: pfkey_release, | |
44799 | + bind: sock_no_bind, | |
44800 | + connect: sock_no_connect, | |
44801 | + socketpair: sock_no_socketpair, | |
44802 | + accept: sock_no_accept, | |
44803 | + getname: sock_no_getname, | |
44804 | + poll: datagram_poll, | |
44805 | + ioctl: sock_no_ioctl, | |
44806 | + listen: sock_no_listen, | |
44807 | + shutdown: pfkey_shutdown, | |
44808 | + setsockopt: sock_no_setsockopt, | |
44809 | + getsockopt: sock_no_getsockopt, | |
44810 | + sendmsg: pfkey_sendmsg, | |
44811 | + recvmsg: pfkey_recvmsg, | |
44812 | + mmap: sock_no_mmap, | |
44813 | +#else /* NETDEV_23 */ | |
44814 | + PF_KEY, | |
44815 | + sock_no_dup, | |
44816 | + pfkey_release, | |
44817 | + sock_no_bind, | |
44818 | + sock_no_connect, | |
44819 | + sock_no_socketpair, | |
44820 | + sock_no_accept, | |
44821 | + sock_no_getname, | |
44822 | + datagram_poll, | |
44823 | + sock_no_ioctl, | |
44824 | + sock_no_listen, | |
44825 | + pfkey_shutdown, | |
44826 | + sock_no_setsockopt, | |
44827 | + sock_no_getsockopt, | |
44828 | + sock_no_fcntl, | |
44829 | + pfkey_sendmsg, | |
44830 | + pfkey_recvmsg | |
44831 | +#endif /* NETDEV_23 */ | |
44832 | +}; | |
44833 | + | |
44834 | +#ifdef NETDEV_23 | |
44835 | +#include <linux/smp_lock.h> | |
44836 | +SOCKOPS_WRAP(pfkey, PF_KEY); | |
44837 | +#endif /* NETDEV_23 */ | |
44838 | + | |
44839 | +#ifdef NET_26 | |
44840 | +static void pfkey_sock_list_grab(void) | |
44841 | +{ | |
44842 | + write_lock_bh(&pfkey_sock_lock); | |
44843 | + | |
44844 | + if (atomic_read(&pfkey_sock_users)) { | |
44845 | + DECLARE_WAITQUEUE(wait, current); | |
44846 | + | |
44847 | + add_wait_queue_exclusive(&pfkey_sock_wait, &wait); | |
44848 | + for(;;) { | |
44849 | + set_current_state(TASK_UNINTERRUPTIBLE); | |
44850 | + if (atomic_read(&pfkey_sock_users) == 0) | |
44851 | + break; | |
44852 | + write_unlock_bh(&pfkey_sock_lock); | |
44853 | + schedule(); | |
44854 | + write_lock_bh(&pfkey_sock_lock); | |
44855 | + } | |
44856 | + | |
44857 | + __set_current_state(TASK_RUNNING); | |
44858 | + remove_wait_queue(&pfkey_sock_wait, &wait); | |
44859 | + } | |
44860 | +} | |
44861 | + | |
44862 | +static __inline__ void pfkey_sock_list_ungrab(void) | |
44863 | +{ | |
44864 | + write_unlock_bh(&pfkey_sock_lock); | |
44865 | + wake_up(&pfkey_sock_wait); | |
44866 | +} | |
44867 | + | |
44868 | +static __inline__ void pfkey_lock_sock_list(void) | |
44869 | +{ | |
44870 | + /* read_lock() synchronizes us to pfkey_table_grab */ | |
44871 | + | |
44872 | + read_lock(&pfkey_sock_lock); | |
44873 | + atomic_inc(&pfkey_sock_users); | |
44874 | + read_unlock(&pfkey_sock_lock); | |
44875 | +} | |
44876 | + | |
44877 | +static __inline__ void pfkey_unlock_sock_list(void) | |
44878 | +{ | |
44879 | + if (atomic_dec_and_test(&pfkey_sock_users)) | |
44880 | + wake_up(&pfkey_sock_wait); | |
44881 | +} | |
44882 | +#endif | |
44883 | + | |
44884 | +int | |
44885 | +pfkey_list_remove_socket(struct socket *socketp, struct socket_list **sockets) | |
44886 | +{ | |
44887 | + struct socket_list *socket_listp,*prev; | |
44888 | + | |
44889 | + if(!socketp) { | |
44890 | + KLIPS_PRINT(debug_pfkey, | |
44891 | + "klips_debug:pfkey_list_remove_socket: " | |
44892 | + "NULL socketp handed in, failed.\n"); | |
44893 | + return -EINVAL; | |
44894 | + } | |
44895 | + | |
44896 | + if(!sockets) { | |
44897 | + KLIPS_PRINT(debug_pfkey, | |
44898 | + "klips_debug:pfkey_list_remove_socket: " | |
44899 | + "NULL sockets list handed in, failed.\n"); | |
44900 | + return -EINVAL; | |
44901 | + } | |
44902 | + | |
44903 | + socket_listp = *sockets; | |
44904 | + prev = NULL; | |
44905 | + | |
44906 | + KLIPS_PRINT(debug_pfkey, | |
44907 | + "klips_debug:pfkey_list_remove_socket: " | |
44908 | + "removing sock=0p%p\n", | |
44909 | + socketp); | |
44910 | + | |
44911 | + while(socket_listp != NULL) { | |
44912 | + if(socket_listp->socketp == socketp) { | |
44913 | + if(prev != NULL) { | |
44914 | + prev->next = socket_listp->next; | |
44915 | + } else { | |
44916 | + *sockets = socket_listp->next; | |
44917 | + } | |
44918 | + | |
44919 | + kfree((void*)socket_listp); | |
44920 | + | |
44921 | + break; | |
44922 | + } | |
44923 | + prev = socket_listp; | |
44924 | + socket_listp = socket_listp->next; | |
44925 | + } | |
44926 | + | |
44927 | + return 0; | |
44928 | +} | |
44929 | + | |
44930 | +int | |
44931 | +pfkey_list_insert_socket(struct socket *socketp, struct socket_list **sockets) | |
44932 | +{ | |
44933 | + struct socket_list *socket_listp; | |
44934 | + | |
44935 | + if(!socketp) { | |
44936 | + KLIPS_PRINT(debug_pfkey, | |
44937 | + "klips_debug:pfkey_list_insert_socket: " | |
44938 | + "NULL socketp handed in, failed.\n"); | |
44939 | + return -EINVAL; | |
44940 | + } | |
44941 | + | |
44942 | + if(!sockets) { | |
44943 | + KLIPS_PRINT(debug_pfkey, | |
44944 | + "klips_debug:pfkey_list_insert_socket: " | |
44945 | + "NULL sockets list handed in, failed.\n"); | |
44946 | + return -EINVAL; | |
44947 | + } | |
44948 | + | |
44949 | + KLIPS_PRINT(debug_pfkey, | |
44950 | + "klips_debug:pfkey_list_insert_socket: " | |
44951 | + "allocating %lu bytes for socketp=0p%p\n", | |
44952 | + (unsigned long) sizeof(struct socket_list), | |
44953 | + socketp); | |
44954 | + | |
44955 | + if((socket_listp = (struct socket_list *)kmalloc(sizeof(struct socket_list), GFP_KERNEL)) == NULL) { | |
44956 | + KLIPS_PRINT(debug_pfkey, | |
44957 | + "klips_debug:pfkey_list_insert_socket: " | |
44958 | + "memory allocation error.\n"); | |
44959 | + return -ENOMEM; | |
44960 | + } | |
44961 | + | |
44962 | + socket_listp->socketp = socketp; | |
44963 | + socket_listp->next = *sockets; | |
44964 | + *sockets = socket_listp; | |
44965 | + | |
44966 | + return 0; | |
44967 | +} | |
44968 | + | |
44969 | +int | |
44970 | +pfkey_list_remove_supported(struct ipsec_alg_supported *supported, struct supported_list **supported_list) | |
44971 | +{ | |
44972 | + struct supported_list *supported_listp = *supported_list, *prev = NULL; | |
44973 | + | |
44974 | + if(!supported) { | |
44975 | + KLIPS_PRINT(debug_pfkey, | |
44976 | + "klips_debug:pfkey_list_remove_supported: " | |
44977 | + "NULL supported handed in, failed.\n"); | |
44978 | + return -EINVAL; | |
44979 | + } | |
44980 | + | |
44981 | + if(!supported_list) { | |
44982 | + KLIPS_PRINT(debug_pfkey, | |
44983 | + "klips_debug:pfkey_list_remove_supported: " | |
44984 | + "NULL supported_list handed in, failed.\n"); | |
44985 | + return -EINVAL; | |
44986 | + } | |
44987 | + | |
44988 | + KLIPS_PRINT(debug_pfkey, | |
44989 | + "klips_debug:pfkey_list_remove_supported: " | |
44990 | + "removing supported=0p%p\n", | |
44991 | + supported); | |
44992 | + | |
44993 | + while(supported_listp != NULL) { | |
44994 | + if(supported_listp->supportedp == supported) { | |
44995 | + if(prev != NULL) { | |
44996 | + prev->next = supported_listp->next; | |
44997 | + } else { | |
44998 | + *supported_list = supported_listp->next; | |
44999 | + } | |
45000 | + | |
45001 | + kfree((void*)supported_listp); | |
45002 | + | |
45003 | + break; | |
45004 | + } | |
45005 | + prev = supported_listp; | |
45006 | + supported_listp = supported_listp->next; | |
45007 | + } | |
45008 | + | |
45009 | + return 0; | |
45010 | +} | |
45011 | + | |
45012 | +int | |
45013 | +pfkey_list_insert_supported(struct ipsec_alg_supported *supported | |
45014 | + , struct supported_list **supported_list) | |
45015 | +{ | |
45016 | + struct supported_list *supported_listp; | |
45017 | + | |
45018 | + if(!supported) { | |
45019 | + KLIPS_PRINT(debug_pfkey, | |
45020 | + "klips_debug:pfkey_list_insert_supported: " | |
45021 | + "NULL supported handed in, failed.\n"); | |
45022 | + return -EINVAL; | |
45023 | + } | |
45024 | + | |
45025 | + if(!supported_list) { | |
45026 | + KLIPS_PRINT(debug_pfkey, | |
45027 | + "klips_debug:pfkey_list_insert_supported: " | |
45028 | + "NULL supported_list handed in, failed.\n"); | |
45029 | + return -EINVAL; | |
45030 | + } | |
45031 | + | |
45032 | + KLIPS_PRINT(debug_pfkey, | |
45033 | + "klips_debug:pfkey_list_insert_supported: " | |
45034 | + "allocating %lu bytes for incoming, supported=0p%p, supported_list=0p%p\n", | |
45035 | + (unsigned long) sizeof(struct supported_list), | |
45036 | + supported, | |
45037 | + supported_list); | |
45038 | + | |
45039 | + supported_listp = (struct supported_list *)kmalloc(sizeof(struct supported_list), GFP_KERNEL); | |
45040 | + | |
45041 | + if(supported_listp == NULL) | |
45042 | + { | |
45043 | + KLIPS_PRINT(debug_pfkey, | |
45044 | + "klips_debug:pfkey_list_insert_supported: " | |
45045 | + "memory allocation error.\n"); | |
45046 | + return -ENOMEM; | |
45047 | + } | |
45048 | + | |
45049 | + supported_listp->supportedp = supported; | |
45050 | + supported_listp->next = *supported_list; | |
45051 | + *supported_list = supported_listp; | |
45052 | + KLIPS_PRINT(debug_pfkey, | |
45053 | + "klips_debug:pfkey_list_insert_supported: " | |
45054 | + "outgoing, supported=0p%p, supported_list=0p%p\n", | |
45055 | + supported, | |
45056 | + supported_list); | |
45057 | + | |
45058 | + return 0; | |
45059 | +} | |
45060 | + | |
45061 | +#ifdef NET_26 | |
45062 | +DEBUG_NO_STATIC void | |
45063 | +pfkey_insert_socket(struct sock *sk) | |
45064 | +{ | |
45065 | + KLIPS_PRINT(debug_pfkey, | |
45066 | + "klips_debug:pfkey_insert_socket: " | |
45067 | + "sk=0p%p\n", | |
45068 | + sk); | |
45069 | + pfkey_sock_list_grab(); | |
45070 | + sk_add_node(sk, &pfkey_sock_list); | |
45071 | + pfkey_sock_list_ungrab(); | |
45072 | +} | |
45073 | + | |
45074 | +DEBUG_NO_STATIC void | |
45075 | +pfkey_remove_socket(struct sock *sk) | |
45076 | +{ | |
45077 | + KLIPS_PRINT(debug_pfkey, | |
45078 | + "klips_debug:pfkey_remove_socket: 0p%p\n", sk); | |
45079 | + pfkey_sock_list_grab(); | |
45080 | + sk_del_node_init(sk); | |
45081 | + pfkey_sock_list_ungrab(); | |
45082 | + return; | |
45083 | +} | |
45084 | +#else | |
45085 | + | |
45086 | +DEBUG_NO_STATIC void | |
45087 | +pfkey_insert_socket(struct sock *sk) | |
45088 | +{ | |
45089 | + KLIPS_PRINT(debug_pfkey, | |
45090 | + "klips_debug:pfkey_insert_socket: " | |
45091 | + "sk=0p%p\n", | |
45092 | + sk); | |
45093 | + cli(); | |
45094 | + sk->next=pfkey_sock_list; | |
45095 | + pfkey_sock_list=sk; | |
45096 | + sti(); | |
45097 | +} | |
45098 | +DEBUG_NO_STATIC void | |
45099 | +pfkey_remove_socket(struct sock *sk) | |
45100 | +{ | |
45101 | + struct sock **s; | |
45102 | + | |
45103 | + s = NULL; | |
45104 | + KLIPS_PRINT(debug_pfkey, | |
45105 | + "klips_debug:pfkey_remove_socket: .\n"); | |
45106 | + | |
45107 | + cli(); | |
45108 | + s=&pfkey_sock_list; | |
45109 | + | |
45110 | + while(*s!=NULL) { | |
45111 | + if(*s==sk) { | |
45112 | + *s=sk->next; | |
45113 | + sk->next=NULL; | |
45114 | + sti(); | |
45115 | + KLIPS_PRINT(debug_pfkey, | |
45116 | + "klips_debug:pfkey_remove_socket: " | |
45117 | + "succeeded.\n"); | |
45118 | + return; | |
45119 | + } | |
45120 | + s=&((*s)->next); | |
45121 | + } | |
45122 | + sti(); | |
45123 | + | |
45124 | + KLIPS_PRINT(debug_pfkey, | |
45125 | + "klips_debug:pfkey_remove_socket: " | |
45126 | + "not found.\n"); | |
45127 | + return; | |
45128 | +} | |
45129 | +#endif | |
45130 | + | |
45131 | +DEBUG_NO_STATIC void | |
45132 | +pfkey_destroy_socket(struct sock *sk) | |
45133 | +{ | |
45134 | + struct sk_buff *skb; | |
45135 | + | |
45136 | + KLIPS_PRINT(debug_pfkey, | |
45137 | + "klips_debug:pfkey_destroy_socket: 0p%p\n",sk); | |
45138 | + pfkey_remove_socket(sk); | |
45139 | + | |
45140 | + KLIPS_PRINT(debug_pfkey, | |
45141 | + "klips_debug:pfkey_destroy_socket: " | |
45142 | + "pfkey_remove_socket called, sk=0p%p\n",sk); | |
45143 | + | |
45144 | + KLIPS_PRINT(debug_pfkey, | |
45145 | + "klips_debug:pfkey_destroy_socket: " | |
45146 | + "sk(0p%p)->(&0p%p)receive_queue.{next=0p%p,prev=0p%p}.\n", | |
45147 | + sk, | |
45148 | + &(sk->sk_receive_queue), | |
45149 | + sk->sk_receive_queue.next, | |
45150 | + sk->sk_receive_queue.prev); | |
45151 | + | |
45152 | + while(sk && ((skb=skb_dequeue(&(sk->sk_receive_queue)))!=NULL)) { | |
45153 | +#ifdef CONFIG_KLIPS_DEBUG | |
45154 | + if(debug_pfkey && sysctl_ipsec_debug_verbose) { | |
45155 | + KLIPS_PRINT(debug_pfkey, | |
45156 | + "klips_debug:pfkey_destroy_socket: " | |
45157 | + "skb=0p%p dequeued.\n", skb); | |
45158 | + printk(KERN_INFO "klips_debug:pfkey_destroy_socket: " | |
45159 | + "pfkey_skb contents:"); | |
45160 | + printk(" next:0p%p", skb->next); | |
45161 | + printk(" prev:0p%p", skb->prev); | |
45162 | + printk(" sk:0p%p", skb->sk); | |
45163 | + printk(" dev:0p%p", skb->dev); | |
45164 | + if(skb->dev) { | |
45165 | + if(skb->dev->name) { | |
45166 | + printk(" dev->name:%s", skb->dev->name); | |
45167 | + } else { | |
45168 | + printk(" dev->name:NULL?"); | |
45169 | + } | |
45170 | + } else { | |
45171 | + printk(" dev:NULL"); | |
45172 | + } | |
45173 | + printk(" h:0p%p", skb->h.raw); | |
45174 | + printk(" nh:0p%p", skb->nh.raw); | |
45175 | + printk(" mac:0p%p", skb->mac.raw); | |
45176 | + printk(" dst:0p%p", skb->dst); | |
45177 | + if(sysctl_ipsec_debug_verbose) { | |
45178 | + int i; | |
45179 | + | |
45180 | + printk(" cb"); | |
45181 | + for(i=0; i<48; i++) { | |
45182 | + printk(":%2x", skb->cb[i]); | |
45183 | + } | |
45184 | + } | |
45185 | + printk(" len:%d", skb->len); | |
45186 | + printk(" csum:%d", skb->csum); | |
45187 | +#ifndef NETDEV_23 | |
45188 | + printk(" used:%d", skb->used); | |
45189 | + printk(" is_clone:%d", skb->is_clone); | |
45190 | +#endif /* NETDEV_23 */ | |
45191 | + printk(" cloned:%d", skb->cloned); | |
45192 | + printk(" pkt_type:%d", skb->pkt_type); | |
45193 | + printk(" ip_summed:%d", skb->ip_summed); | |
45194 | + printk(" priority:%d", skb->priority); | |
45195 | + printk(" protocol:%d", skb->protocol); | |
45196 | +#ifdef HAVE_SOCK_SECURITY | |
45197 | + printk(" security:%d", skb->security); | |
45198 | +#endif | |
45199 | + printk(" truesize:%d", skb->truesize); | |
45200 | + printk(" head:0p%p", skb->head); | |
45201 | + printk(" data:0p%p", skb->data); | |
45202 | + printk(" tail:0p%p", skb->tail); | |
45203 | + printk(" end:0p%p", skb->end); | |
45204 | + if(sysctl_ipsec_debug_verbose) { | |
45205 | + unsigned char* i; | |
45206 | + printk(" data"); | |
45207 | + for(i = skb->head; i < skb->end; i++) { | |
45208 | + printk(":%2x", (unsigned char)(*(i))); | |
45209 | + } | |
45210 | + } | |
45211 | + printk(" destructor:0p%p", skb->destructor); | |
45212 | + printk("\n"); | |
45213 | + } | |
45214 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
45215 | + KLIPS_PRINT(debug_pfkey, | |
45216 | + "klips_debug:pfkey_destroy_socket: " | |
45217 | + "skb=0p%p freed.\n", | |
45218 | + skb); | |
45219 | + ipsec_kfree_skb(skb); | |
45220 | + } | |
45221 | + | |
45222 | +#ifdef NET_26 | |
45223 | + sock_set_flag(sk, SOCK_DEAD); | |
45224 | +#else | |
45225 | + sk->dead = 1; | |
45226 | +#endif | |
45227 | + sk_free(sk); | |
45228 | + | |
45229 | + KLIPS_PRINT(debug_pfkey, | |
45230 | + "klips_debug:pfkey_destroy_socket: destroyed.\n"); | |
45231 | +} | |
45232 | + | |
45233 | +int | |
45234 | +pfkey_upmsg(struct socket *sock, struct sadb_msg *pfkey_msg) | |
45235 | +{ | |
45236 | + int error = 0; | |
45237 | + struct sk_buff * skb = NULL; | |
45238 | + struct sock *sk; | |
45239 | + | |
45240 | + if(sock == NULL) { | |
45241 | + KLIPS_PRINT(debug_pfkey, | |
45242 | + "klips_debug:pfkey_upmsg: " | |
45243 | + "NULL socket passed in.\n"); | |
45244 | + return -EINVAL; | |
45245 | + } | |
45246 | + | |
45247 | + if(pfkey_msg == NULL) { | |
45248 | + KLIPS_PRINT(debug_pfkey, | |
45249 | + "klips_debug:pfkey_upmsg: " | |
45250 | + "NULL pfkey_msg passed in.\n"); | |
45251 | + return -EINVAL; | |
45252 | + } | |
45253 | + | |
45254 | + sk = sock->sk; | |
45255 | + | |
45256 | + if(sk == NULL) { | |
45257 | + KLIPS_PRINT(debug_pfkey, | |
45258 | + "klips_debug:pfkey_upmsg: " | |
45259 | + "NULL sock passed in.\n"); | |
45260 | + return -EINVAL; | |
45261 | + } | |
45262 | + | |
45263 | + KLIPS_PRINT(debug_pfkey, | |
45264 | + "klips_debug:pfkey_upmsg: " | |
45265 | + "allocating %d bytes...\n", | |
45266 | + (int)(pfkey_msg->sadb_msg_len * IPSEC_PFKEYv2_ALIGN)); | |
45267 | + if(!(skb = alloc_skb(pfkey_msg->sadb_msg_len * IPSEC_PFKEYv2_ALIGN, GFP_ATOMIC) )) { | |
45268 | + KLIPS_PRINT(debug_pfkey, | |
45269 | + "klips_debug:pfkey_upmsg: " | |
45270 | + "no buffers left to send up a message.\n"); | |
45271 | + return -ENOBUFS; | |
45272 | + } | |
45273 | + KLIPS_PRINT(debug_pfkey, | |
45274 | + "klips_debug:pfkey_upmsg: " | |
45275 | + "...allocated at 0p%p.\n", | |
45276 | + skb); | |
45277 | + | |
45278 | + skb->dev = NULL; | |
45279 | + | |
45280 | + if(skb_tailroom(skb) < pfkey_msg->sadb_msg_len * IPSEC_PFKEYv2_ALIGN) { | |
45281 | + printk(KERN_WARNING "klips_error:pfkey_upmsg: " | |
45282 | + "tried to skb_put %ld, %d available. This should never happen, please report.\n", | |
45283 | + (unsigned long int)pfkey_msg->sadb_msg_len * IPSEC_PFKEYv2_ALIGN, | |
45284 | + skb_tailroom(skb)); | |
45285 | + ipsec_kfree_skb(skb); | |
45286 | + return -ENOBUFS; | |
45287 | + } | |
45288 | + skb->h.raw = skb_put(skb, pfkey_msg->sadb_msg_len * IPSEC_PFKEYv2_ALIGN); | |
45289 | + memcpy(skb->h.raw, pfkey_msg, pfkey_msg->sadb_msg_len * IPSEC_PFKEYv2_ALIGN); | |
45290 | + | |
45291 | + if((error = sock_queue_rcv_skb(sk, skb)) < 0) { | |
45292 | + skb->sk=NULL; | |
45293 | + KLIPS_PRINT(debug_pfkey, | |
45294 | + "klips_debug:pfkey_upmsg: " | |
45295 | + "error=%d calling sock_queue_rcv_skb with skb=0p%p.\n", | |
45296 | + error, | |
45297 | + skb); | |
45298 | + ipsec_kfree_skb(skb); | |
45299 | + return error; | |
45300 | + } | |
45301 | + return error; | |
45302 | +} | |
45303 | + | |
45304 | +#ifdef NET_26_12_SKALLOC | |
45305 | +static struct proto key_proto = { | |
45306 | + .name = "KEY", | |
45307 | + .owner = THIS_MODULE, | |
45308 | + .obj_size = sizeof(struct sock), | |
45309 | + | |
45310 | +}; | |
45311 | +#endif | |
45312 | + | |
45313 | +DEBUG_NO_STATIC int | |
45314 | +pfkey_create(struct socket *sock, int protocol) | |
45315 | +{ | |
45316 | + struct sock *sk; | |
45317 | + | |
45318 | + if(sock == NULL) { | |
45319 | + KLIPS_PRINT(debug_pfkey, | |
45320 | + "klips_debug:pfkey_create: " | |
45321 | + "socket NULL.\n"); | |
45322 | + return -EINVAL; | |
45323 | + } | |
45324 | + | |
45325 | + KLIPS_PRINT(debug_pfkey, | |
45326 | + "klips_debug:pfkey_create: " | |
45327 | + "sock=0p%p type:%d state:%d flags:%ld protocol:%d\n", | |
45328 | + sock, | |
45329 | + sock->type, | |
45330 | + (unsigned int)(sock->state), | |
45331 | + sock->flags, protocol); | |
45332 | + | |
45333 | + if(sock->type != SOCK_RAW) { | |
45334 | + KLIPS_PRINT(debug_pfkey, | |
45335 | + "klips_debug:pfkey_create: " | |
45336 | + "only SOCK_RAW supported.\n"); | |
45337 | + return -ESOCKTNOSUPPORT; | |
45338 | + } | |
45339 | + | |
45340 | + if(protocol != PF_KEY_V2) { | |
45341 | + KLIPS_PRINT(debug_pfkey, | |
45342 | + "klips_debug:pfkey_create: " | |
45343 | + "protocol not PF_KEY_V2.\n"); | |
45344 | + return -EPROTONOSUPPORT; | |
45345 | + } | |
45346 | + | |
45347 | + if((current->uid != 0)) { | |
45348 | + KLIPS_PRINT(debug_pfkey, | |
45349 | + "klips_debug:pfkey_create: " | |
45350 | + "must be root to open pfkey sockets.\n"); | |
45351 | + return -EACCES; | |
45352 | + } | |
45353 | + | |
45354 | + sock->state = SS_UNCONNECTED; | |
45355 | + | |
45356 | + KLIPS_INC_USE; | |
45357 | + | |
45358 | +#ifdef NET_26 | |
45359 | +#ifdef NET_26_12_SKALLOC | |
45360 | + sk=(struct sock *)sk_alloc(PF_KEY, GFP_KERNEL, &key_proto, 1); | |
45361 | +#else | |
45362 | + sk=(struct sock *)sk_alloc(PF_KEY, GFP_KERNEL, 1, NULL); | |
45363 | +#endif | |
45364 | +#else | |
45365 | + /* 2.4 interface */ | |
45366 | + sk=(struct sock *)sk_alloc(PF_KEY, GFP_KERNEL, 1); | |
45367 | +#endif | |
45368 | + | |
45369 | + if(sk == NULL) | |
45370 | + { | |
45371 | + KLIPS_PRINT(debug_pfkey, | |
45372 | + "klips_debug:pfkey_create: " | |
45373 | + "Out of memory trying to allocate.\n"); | |
45374 | + KLIPS_DEC_USE; | |
45375 | + return -ENOMEM; | |
45376 | + } | |
45377 | + | |
45378 | + sock_init_data(sock, sk); | |
45379 | + | |
45380 | + sk->sk_destruct = NULL; | |
45381 | + sk->sk_reuse = 1; | |
45382 | + sock->ops = &pfkey_ops; | |
45383 | + | |
45384 | + sk->sk_family = PF_KEY; | |
45385 | +/* sk->num = protocol; */ | |
45386 | + sk->sk_protocol = protocol; | |
45387 | + key_pid(sk) = current->pid; | |
45388 | + KLIPS_PRINT(debug_pfkey, | |
45389 | + "klips_debug:pfkey_create: " | |
45390 | + "sock->fasync_list=0p%p sk->sleep=0p%p.\n", | |
45391 | + sock->fasync_list, | |
45392 | + sk->sk_sleep); | |
45393 | + | |
45394 | + pfkey_insert_socket(sk); | |
45395 | + pfkey_list_insert_socket(sock, &pfkey_open_sockets); | |
45396 | + | |
45397 | + KLIPS_PRINT(debug_pfkey, | |
45398 | + "klips_debug:pfkey_create: " | |
45399 | + "Socket sock=0p%p sk=0p%p initialised.\n", sock, sk); | |
45400 | + return 0; | |
45401 | +} | |
45402 | + | |
45403 | +DEBUG_NO_STATIC int | |
45404 | +#ifdef NETDEV_23 | |
45405 | +pfkey_release(struct socket *sock) | |
45406 | +#else /* NETDEV_23 */ | |
45407 | +pfkey_release(struct socket *sock, struct socket *peersock) | |
45408 | +#endif /* NETDEV_23 */ | |
45409 | +{ | |
45410 | + struct sock *sk; | |
45411 | + int i; | |
45412 | + | |
45413 | + if(sock==NULL) { | |
45414 | + KLIPS_PRINT(debug_pfkey, | |
45415 | + "klips_debug:pfkey_release: " | |
45416 | + "No socket attached.\n"); | |
45417 | + return 0; /* -EINVAL; */ | |
45418 | + } | |
45419 | + | |
45420 | + sk=sock->sk; | |
45421 | + | |
45422 | + /* May not have data attached */ | |
45423 | + if(sk==NULL) { | |
45424 | + KLIPS_PRINT(debug_pfkey, | |
45425 | + "klips_debug:pfkey_release: " | |
45426 | + "No sk attached to sock=0p%p.\n", sock); | |
45427 | + return 0; /* -EINVAL; */ | |
45428 | + } | |
45429 | + | |
45430 | + KLIPS_PRINT(debug_pfkey, | |
45431 | + "klips_debug:pfkey_release: " | |
45432 | + "sock=0p%p sk=0p%p\n", sock, sk); | |
45433 | + | |
45434 | + if(sock_flag(sk, SOCK_DEAD)) | |
45435 | + if(sk->sk_state_change) { | |
45436 | + sk->sk_state_change(sk); | |
45437 | + } | |
45438 | + | |
45439 | + sock->sk = NULL; | |
45440 | + | |
45441 | + /* Try to flush out this socket. Throw out buffers at least */ | |
45442 | + pfkey_destroy_socket(sk); | |
45443 | + pfkey_list_remove_socket(sock, &pfkey_open_sockets); | |
45444 | + for(i = SADB_SATYPE_UNSPEC; i <= SADB_SATYPE_MAX; i++) { | |
45445 | + pfkey_list_remove_socket(sock, &(pfkey_registered_sockets[i])); | |
45446 | + } | |
45447 | + | |
45448 | + KLIPS_DEC_USE; | |
45449 | + KLIPS_PRINT(debug_pfkey, | |
45450 | + "klips_debug:pfkey_release: " | |
45451 | + "succeeded.\n"); | |
45452 | + | |
45453 | + return 0; | |
45454 | +} | |
45455 | + | |
45456 | +DEBUG_NO_STATIC int | |
45457 | +pfkey_shutdown(struct socket *sock, int mode) | |
45458 | +{ | |
45459 | + struct sock *sk; | |
45460 | + | |
45461 | + if(sock == NULL) { | |
45462 | + KLIPS_PRINT(debug_pfkey, | |
45463 | + "klips_debug:pfkey_shutdown: " | |
45464 | + "NULL socket passed in.\n"); | |
45465 | + return -EINVAL; | |
45466 | + } | |
45467 | + | |
45468 | + sk=sock->sk; | |
45469 | + | |
45470 | + if(sk == NULL) { | |
45471 | + KLIPS_PRINT(debug_pfkey, | |
45472 | + "klips_debug:pfkey_shutdown: " | |
45473 | + "No sock attached to socket.\n"); | |
45474 | + return -EINVAL; | |
45475 | + } | |
45476 | + | |
45477 | + KLIPS_PRINT(debug_pfkey, | |
45478 | + "klips_debug:pfkey_shutdown: " | |
45479 | + "mode=%x.\n", mode); | |
45480 | + mode++; | |
45481 | + | |
45482 | + if(mode&SEND_SHUTDOWN) { | |
45483 | + sk->sk_shutdown|=SEND_SHUTDOWN; | |
45484 | + sk->sk_state_change(sk); | |
45485 | + } | |
45486 | + | |
45487 | + if(mode&RCV_SHUTDOWN) { | |
45488 | + sk->sk_shutdown|=RCV_SHUTDOWN; | |
45489 | + sk->sk_state_change(sk); | |
45490 | + } | |
45491 | + return 0; | |
45492 | +} | |
45493 | + | |
45494 | +/* | |
45495 | + * Send PF_KEY data down. | |
45496 | + */ | |
45497 | + | |
45498 | +DEBUG_NO_STATIC int | |
45499 | +#ifdef NET_26 | |
45500 | +pfkey_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len) | |
45501 | +#else | |
45502 | +pfkey_sendmsg(struct socket *sock, struct msghdr *msg, int len, struct scm_cookie *scm) | |
45503 | +#endif | |
45504 | +{ | |
45505 | + struct sock *sk; | |
45506 | + int error = 0; | |
45507 | + struct sadb_msg *pfkey_msg = NULL, *pfkey_reply = NULL; | |
45508 | + | |
45509 | + if(sock == NULL) { | |
45510 | + KLIPS_PRINT(debug_pfkey, | |
45511 | + "klips_debug:pfkey_sendmsg: " | |
45512 | + "Null socket passed in.\n"); | |
45513 | + SENDERR(EINVAL); | |
45514 | + } | |
45515 | + | |
45516 | + sk = sock->sk; | |
45517 | + | |
45518 | + if(sk == NULL) { | |
45519 | + KLIPS_PRINT(debug_pfkey, | |
45520 | + "klips_debug:pfkey_sendmsg: " | |
45521 | + "Null sock passed in.\n"); | |
45522 | + SENDERR(EINVAL); | |
45523 | + } | |
45524 | + | |
45525 | + if(msg == NULL) { | |
45526 | + KLIPS_PRINT(debug_pfkey, | |
45527 | + "klips_debug:pfkey_sendmsg: " | |
45528 | + "Null msghdr passed in.\n"); | |
45529 | + SENDERR(EINVAL); | |
45530 | + } | |
45531 | + | |
45532 | + KLIPS_PRINT(debug_pfkey, | |
45533 | + "klips_debug:pfkey_sendmsg: .\n"); | |
45534 | + if(sk->sk_err) { | |
45535 | + error = sock_error(sk); | |
45536 | + KLIPS_PRINT(debug_pfkey, | |
45537 | + "klips_debug:pfkey_sendmsg: " | |
45538 | + "sk->err is non-zero, returns %d.\n", | |
45539 | + error); | |
45540 | + SENDERR(-error); | |
45541 | + } | |
45542 | + | |
45543 | + if((current->uid != 0)) { | |
45544 | + KLIPS_PRINT(debug_pfkey, | |
45545 | + "klips_debug:pfkey_sendmsg: " | |
45546 | + "must be root to send messages to pfkey sockets.\n"); | |
45547 | + SENDERR(EACCES); | |
45548 | + } | |
45549 | + | |
45550 | + if(msg->msg_control) | |
45551 | + { | |
45552 | + KLIPS_PRINT(debug_pfkey, | |
45553 | + "klips_debug:pfkey_sendmsg: " | |
45554 | + "can't set flags or set msg_control.\n"); | |
45555 | + SENDERR(EINVAL); | |
45556 | + } | |
45557 | + | |
45558 | + if(sk->sk_shutdown & SEND_SHUTDOWN) { | |
45559 | + KLIPS_PRINT(debug_pfkey, | |
45560 | + "klips_debug:pfkey_sendmsg: " | |
45561 | + "shutdown.\n"); | |
45562 | + send_sig(SIGPIPE, current, 0); | |
45563 | + SENDERR(EPIPE); | |
45564 | + } | |
45565 | + | |
45566 | + if(len < sizeof(struct sadb_msg)) { | |
45567 | + KLIPS_PRINT(debug_pfkey, | |
45568 | + "klips_debug:pfkey_sendmsg: " | |
45569 | + "bogus msg len of %d, too small.\n", (int)len); | |
45570 | + SENDERR(EMSGSIZE); | |
45571 | + } | |
45572 | + | |
45573 | + KLIPS_PRINT(debug_pfkey, | |
45574 | + "klips_debug:pfkey_sendmsg: " | |
45575 | + "allocating %d bytes for downward message.\n", | |
45576 | + (int)len); | |
45577 | + if((pfkey_msg = (struct sadb_msg*)kmalloc(len, GFP_KERNEL)) == NULL) { | |
45578 | + KLIPS_PRINT(debug_pfkey, | |
45579 | + "klips_debug:pfkey_sendmsg: " | |
45580 | + "memory allocation error.\n"); | |
45581 | + SENDERR(ENOBUFS); | |
45582 | + } | |
45583 | + | |
45584 | + memcpy_fromiovec((void *)pfkey_msg, msg->msg_iov, len); | |
45585 | + | |
45586 | + if(pfkey_msg->sadb_msg_version != PF_KEY_V2) { | |
45587 | + KLIPS_PRINT(1 || debug_pfkey, | |
45588 | + "klips_debug:pfkey_sendmsg: " | |
45589 | + "not PF_KEY_V2 msg, found %d, should be %d.\n", | |
45590 | + pfkey_msg->sadb_msg_version, | |
45591 | + PF_KEY_V2); | |
45592 | + kfree((void*)pfkey_msg); | |
45593 | + return -EINVAL; | |
45594 | + } | |
45595 | + | |
45596 | + if(len != pfkey_msg->sadb_msg_len * IPSEC_PFKEYv2_ALIGN) { | |
45597 | + KLIPS_PRINT(debug_pfkey, | |
45598 | + "klips_debug:pfkey_sendmsg: " | |
45599 | + "bogus msg len of %d, not %d byte aligned.\n", | |
45600 | + (int)len, (int)IPSEC_PFKEYv2_ALIGN); | |
45601 | + SENDERR(EMSGSIZE); | |
45602 | + } | |
45603 | + | |
45604 | +#if 0 | |
45605 | + /* This check is questionable, since a downward message could be | |
45606 | + the result of an ACQUIRE either from kernel (PID==0) or | |
45607 | + userspace (some other PID). */ | |
45608 | + /* check PID */ | |
45609 | + if(pfkey_msg->sadb_msg_pid != current->pid) { | |
45610 | + KLIPS_PRINT(debug_pfkey, | |
45611 | + "klips_debug:pfkey_sendmsg: " | |
45612 | + "pid (%d) does not equal sending process pid (%d).\n", | |
45613 | + pfkey_msg->sadb_msg_pid, current->pid); | |
45614 | + SENDERR(EINVAL); | |
45615 | + } | |
45616 | +#endif | |
45617 | + | |
45618 | + if(pfkey_msg->sadb_msg_reserved) { | |
45619 | + KLIPS_PRINT(debug_pfkey, | |
45620 | + "klips_debug:pfkey_sendmsg: " | |
45621 | + "reserved field must be zero, set to %d.\n", | |
45622 | + pfkey_msg->sadb_msg_reserved); | |
45623 | + SENDERR(EINVAL); | |
45624 | + } | |
45625 | + | |
45626 | + if((pfkey_msg->sadb_msg_type > SADB_MAX) || (!pfkey_msg->sadb_msg_type)){ | |
45627 | + KLIPS_PRINT(debug_pfkey, | |
45628 | + "klips_debug:pfkey_sendmsg: " | |
45629 | + "msg type too large or small:%d.\n", | |
45630 | + pfkey_msg->sadb_msg_type); | |
45631 | + SENDERR(EINVAL); | |
45632 | + } | |
45633 | + | |
45634 | + KLIPS_PRINT(debug_pfkey, | |
45635 | + "klips_debug:pfkey_sendmsg: " | |
45636 | + "msg sent for parsing.\n"); | |
45637 | + | |
45638 | + if((error = pfkey_msg_interp(sk, pfkey_msg, &pfkey_reply))) { | |
45639 | + struct socket_list *pfkey_socketsp; | |
45640 | + | |
45641 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_sendmsg: " | |
45642 | + "pfkey_msg_parse returns %d.\n", | |
45643 | + error); | |
45644 | + | |
45645 | + if((pfkey_reply = (struct sadb_msg*)kmalloc(sizeof(struct sadb_msg), GFP_KERNEL)) == NULL) { | |
45646 | + KLIPS_PRINT(debug_pfkey, | |
45647 | + "klips_debug:pfkey_sendmsg: " | |
45648 | + "memory allocation error.\n"); | |
45649 | + SENDERR(ENOBUFS); | |
45650 | + } | |
45651 | + memcpy((void*)pfkey_reply, (void*)pfkey_msg, sizeof(struct sadb_msg)); | |
45652 | + pfkey_reply->sadb_msg_errno = -error; | |
45653 | + pfkey_reply->sadb_msg_len = sizeof(struct sadb_msg) / IPSEC_PFKEYv2_ALIGN; | |
45654 | + | |
45655 | + for(pfkey_socketsp = pfkey_open_sockets; | |
45656 | + pfkey_socketsp; | |
45657 | + pfkey_socketsp = pfkey_socketsp->next) { | |
45658 | + int error_upmsg = 0; | |
45659 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_sendmsg: " | |
45660 | + "sending up error=%d message=0p%p to socket=0p%p.\n", | |
45661 | + error, | |
45662 | + pfkey_reply, | |
45663 | + pfkey_socketsp->socketp); | |
45664 | + if((error_upmsg = pfkey_upmsg(pfkey_socketsp->socketp, pfkey_reply))) { | |
45665 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_sendmsg: " | |
45666 | + "sending up error message to socket=0p%p failed with error=%d.\n", | |
45667 | + pfkey_socketsp->socketp, | |
45668 | + error_upmsg); | |
45669 | + /* pfkey_msg_free(&pfkey_reply); */ | |
45670 | + /* SENDERR(-error); */ | |
45671 | + } | |
45672 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_sendmsg: " | |
45673 | + "sending up error message to socket=0p%p succeeded.\n", | |
45674 | + pfkey_socketsp->socketp); | |
45675 | + } | |
45676 | + | |
45677 | + pfkey_msg_free(&pfkey_reply); | |
45678 | + | |
45679 | + SENDERR(-error); | |
45680 | + } | |
45681 | + | |
45682 | + errlab: | |
45683 | + if (pfkey_msg) { | |
45684 | + kfree((void*)pfkey_msg); | |
45685 | + } | |
45686 | + | |
45687 | + if(error) { | |
45688 | + return error; | |
45689 | + } else { | |
45690 | + return len; | |
45691 | + } | |
45692 | +} | |
45693 | + | |
45694 | +/* | |
45695 | + * Receive PF_KEY data up. | |
45696 | + */ | |
45697 | + | |
45698 | +DEBUG_NO_STATIC int | |
45699 | +#ifdef NET_26 | |
45700 | +pfkey_recvmsg(struct kiocb *kiocb | |
45701 | + , struct socket *sock | |
45702 | + , struct msghdr *msg | |
45703 | + , size_t size | |
45704 | + , int flags) | |
45705 | +#else | |
45706 | +pfkey_recvmsg(struct socket *sock | |
45707 | + , struct msghdr *msg | |
45708 | + , int size, int flags | |
45709 | + , struct scm_cookie *scm) | |
45710 | +#endif | |
45711 | +{ | |
45712 | + struct sock *sk; | |
45713 | + int noblock = flags & MSG_DONTWAIT; | |
45714 | + struct sk_buff *skb; | |
45715 | + int error; | |
45716 | + | |
45717 | + if(sock == NULL) { | |
45718 | + KLIPS_PRINT(debug_pfkey, | |
45719 | + "klips_debug:pfkey_recvmsg: " | |
45720 | + "Null socket passed in.\n"); | |
45721 | + return -EINVAL; | |
45722 | + } | |
45723 | + | |
45724 | + sk = sock->sk; | |
45725 | + | |
45726 | + if(sk == NULL) { | |
45727 | + KLIPS_PRINT(debug_pfkey, | |
45728 | + "klips_debug:pfkey_recvmsg: " | |
45729 | + "Null sock passed in for sock=0p%p.\n", sock); | |
45730 | + return -EINVAL; | |
45731 | + } | |
45732 | + | |
45733 | + if(msg == NULL) { | |
45734 | + KLIPS_PRINT(debug_pfkey, | |
45735 | + "klips_debug:pfkey_recvmsg: " | |
45736 | + "Null msghdr passed in for sock=0p%p, sk=0p%p.\n", | |
45737 | + sock, sk); | |
45738 | + return -EINVAL; | |
45739 | + } | |
45740 | + | |
45741 | + KLIPS_PRINT(debug_pfkey && sysctl_ipsec_debug_verbose, | |
45742 | + "klips_debug:pfkey_recvmsg: sock=0p%p sk=0p%p msg=0p%p size=%d.\n", | |
45743 | + sock, sk, msg, (int)size); | |
45744 | + if(flags & ~MSG_PEEK) { | |
45745 | + KLIPS_PRINT(debug_pfkey, | |
45746 | + "klips_debug:pfkey_sendmsg: " | |
45747 | + "flags (%d) other than MSG_PEEK not supported.\n", | |
45748 | + flags); | |
45749 | + return -EOPNOTSUPP; | |
45750 | + } | |
45751 | + | |
45752 | + msg->msg_namelen = 0; /* sizeof(*ska); */ | |
45753 | + | |
45754 | + if(sk->sk_err) { | |
45755 | + KLIPS_PRINT(debug_pfkey, | |
45756 | + "klips_debug:pfkey_sendmsg: " | |
45757 | + "sk->sk_err=%d.\n", sk->sk_err); | |
45758 | + return sock_error(sk); | |
45759 | + } | |
45760 | + | |
45761 | + if((skb = skb_recv_datagram(sk, flags, noblock, &error) ) == NULL) { | |
45762 | + return error; | |
45763 | + } | |
45764 | + | |
45765 | + if(size > skb->len) { | |
45766 | + size = skb->len; | |
45767 | + } | |
45768 | + else if(size <skb->len) { | |
45769 | + msg->msg_flags |= MSG_TRUNC; | |
45770 | + } | |
45771 | + | |
45772 | + skb_copy_datagram_iovec(skb, 0, msg->msg_iov, size); | |
45773 | +#ifdef HAVE_TSTAMP | |
45774 | + sk->sk_stamp.tv_sec = skb->tstamp.off_sec; | |
45775 | + sk->sk_stamp.tv_usec = skb->tstamp.off_usec; | |
45776 | +#else | |
45777 | + sk->sk_stamp=skb->stamp; | |
45778 | +#endif | |
45779 | + | |
45780 | + skb_free_datagram(sk, skb); | |
45781 | + return size; | |
45782 | +} | |
45783 | + | |
45784 | +#ifdef CONFIG_PROC_FS | |
45785 | +#ifndef PROC_FS_2325 | |
45786 | +DEBUG_NO_STATIC | |
45787 | +#endif /* PROC_FS_2325 */ | |
45788 | +int | |
45789 | +pfkey_get_info(char *buffer, char **start, off_t offset, int length | |
45790 | +#ifndef PROC_NO_DUMMY | |
45791 | +, int dummy | |
45792 | +#endif /* !PROC_NO_DUMMY */ | |
45793 | +) | |
45794 | +{ | |
45795 | + const int max_content = length > 0? length-1 : 0; /* limit of useful snprintf output */ | |
45796 | +#ifdef NET_26 | |
45797 | + struct hlist_node *node; | |
45798 | +#endif | |
45799 | + off_t begin=0; | |
45800 | + int len=0; | |
45801 | + struct sock *sk; | |
45802 | + | |
45803 | +#ifdef CONFIG_KLIPS_DEBUG | |
45804 | + if(!sysctl_ipsec_debug_verbose) { | |
45805 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
45806 | + len += ipsec_snprintf(buffer, length, | |
45807 | + " sock pid socket next prev e n p sndbf Flags Type St\n"); | |
45808 | +#ifdef CONFIG_KLIPS_DEBUG | |
45809 | + } else { | |
45810 | + len += ipsec_snprintf(buffer, length, | |
45811 | + " sock pid d sleep socket next prev e r z n p sndbf stamp Flags Type St\n"); | |
45812 | + } | |
45813 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
45814 | + | |
45815 | + sk_for_each(sk, node, &pfkey_sock_list) { | |
45816 | + | |
45817 | +#ifdef CONFIG_KLIPS_DEBUG | |
45818 | + if(!sysctl_ipsec_debug_verbose) { | |
45819 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
45820 | + len += ipsec_snprintf(buffer+len, length-len, | |
45821 | + "%8p %5d %8p %d %d %5d %08lX %8X %2X\n", | |
45822 | + sk, | |
45823 | + key_pid(sk), | |
45824 | + sk->sk_socket, | |
45825 | + sk->sk_err, | |
45826 | + sk->sk_protocol, | |
45827 | + sk->sk_sndbuf, | |
45828 | + sk->sk_socket->flags, | |
45829 | + sk->sk_socket->type, | |
45830 | + sk->sk_socket->state); | |
45831 | +#ifdef CONFIG_KLIPS_DEBUG | |
45832 | + } else { | |
45833 | + len += ipsec_snprintf(buffer+len, length-len, | |
45834 | + "%8p %5d %d %8p %8p %d %d %d %d %5d %d.%06d %08lX %8X %2X\n", | |
45835 | + sk, | |
45836 | + key_pid(sk), | |
45837 | + sock_flag(sk, SOCK_DEAD), | |
45838 | + sk->sk_sleep, | |
45839 | + sk->sk_socket, | |
45840 | + sk->sk_err, | |
45841 | + sk->sk_reuse, | |
45842 | +#ifdef HAVE_SOCK_ZAPPED | |
45843 | + sock_flag(sk, SOCK_ZAPPED), | |
45844 | +#else | |
45845 | + sk->sk_zapped, | |
45846 | +#endif | |
45847 | + sk->sk_protocol, | |
45848 | + sk->sk_sndbuf, | |
45849 | + (unsigned int)sk->sk_stamp.tv_sec, | |
45850 | + (unsigned int)sk->sk_stamp.tv_usec, | |
45851 | + sk->sk_socket->flags, | |
45852 | + sk->sk_socket->type, | |
45853 | + sk->sk_socket->state); | |
45854 | + } | |
45855 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
45856 | + | |
45857 | + if (len >= max_content) { | |
45858 | + /* we've done all that can fit -- stop loop */ | |
45859 | + len = max_content; /* truncate crap */ | |
45860 | + break; | |
45861 | + } else { | |
45862 | + const off_t pos = begin + len; /* file position of end of what we've generated */ | |
45863 | + | |
45864 | + if (pos <= offset) { | |
45865 | + /* all is before first interesting character: | |
45866 | + * discard, but note where we are. | |
45867 | + */ | |
45868 | + len = 0; | |
45869 | + begin = pos; | |
45870 | + } | |
45871 | + } | |
45872 | + } | |
45873 | + | |
45874 | + *start = buffer + (offset - begin); /* Start of wanted data */ | |
45875 | + return len - (offset - begin); | |
45876 | +} | |
45877 | + | |
45878 | +#ifndef PROC_FS_2325 | |
45879 | +DEBUG_NO_STATIC | |
45880 | +#endif /* PROC_FS_2325 */ | |
45881 | +int | |
45882 | +pfkey_supported_get_info(char *buffer, char **start, off_t offset, int length | |
45883 | +#ifndef PROC_NO_DUMMY | |
45884 | +, int dummy | |
45885 | +#endif /* !PROC_NO_DUMMY */ | |
45886 | +) | |
45887 | +{ | |
45888 | + /* limit of useful snprintf output */ | |
45889 | + const int max_content = length > 0? length-1 : 0; | |
45890 | + off_t begin=0; | |
45891 | + int len=0; | |
45892 | + int satype; | |
45893 | + struct supported_list *ps; | |
45894 | + | |
45895 | + len += ipsec_snprintf(buffer, length, | |
45896 | + "satype exttype alg_id ivlen minbits maxbits name\n"); | |
45897 | + | |
45898 | + for(satype = SADB_SATYPE_UNSPEC; satype <= SADB_SATYPE_MAX; satype++) { | |
45899 | + ps = pfkey_supported_list[satype]; | |
45900 | + while(ps) { | |
45901 | + struct ipsec_alg_supported *alg = ps->supportedp; | |
45902 | + unsigned char *n = alg->ias_name; | |
45903 | + if(n == NULL) n = "unknown"; | |
45904 | + | |
45905 | + len += ipsec_snprintf(buffer+len, length-len, | |
45906 | + " %2d %2d %2d %3d %3d %3d %20s\n", | |
45907 | + satype, | |
45908 | + alg->ias_exttype, | |
45909 | + alg->ias_id, | |
45910 | + alg->ias_ivlen, | |
45911 | + alg->ias_keyminbits, | |
45912 | + alg->ias_keymaxbits, | |
45913 | + n); | |
45914 | + | |
45915 | + if (len >= max_content) { | |
45916 | + /* we've done all that can fit -- stop loop */ | |
45917 | + len = max_content; /* truncate crap */ | |
45918 | + break; | |
45919 | + } else { | |
45920 | + const off_t pos = begin + len; /* file position of end of what we've generated */ | |
45921 | + | |
45922 | + if (pos <= offset) { | |
45923 | + /* all is before first interesting character: | |
45924 | + * discard, but note where we are. | |
45925 | + */ | |
45926 | + len = 0; | |
45927 | + begin = pos; | |
45928 | + } | |
45929 | + } | |
45930 | + | |
45931 | + ps = ps->next; | |
45932 | + } | |
45933 | + } | |
45934 | + *start = buffer + (offset - begin); /* Start of wanted data */ | |
45935 | + return len - (offset - begin); | |
45936 | +} | |
45937 | + | |
45938 | +#ifndef PROC_FS_2325 | |
45939 | +DEBUG_NO_STATIC | |
45940 | +#endif /* PROC_FS_2325 */ | |
45941 | +int | |
45942 | +pfkey_registered_get_info(char *buffer, char **start, off_t offset, int length | |
45943 | +#ifndef PROC_NO_DUMMY | |
45944 | +, int dummy | |
45945 | +#endif /* !PROC_NO_DUMMY */ | |
45946 | +) | |
45947 | +{ | |
45948 | + const int max_content = length > 0? length-1 : 0; /* limit of useful snprintf output */ | |
45949 | + off_t begin=0; | |
45950 | + int len=0; | |
45951 | + int satype; | |
45952 | + struct socket_list *pfkey_sockets; | |
45953 | + | |
45954 | + len += ipsec_snprintf(buffer, length, | |
45955 | + "satype socket pid sk\n"); | |
45956 | + | |
45957 | + for(satype = SADB_SATYPE_UNSPEC; satype <= SADB_SATYPE_MAX; satype++) { | |
45958 | + pfkey_sockets = pfkey_registered_sockets[satype]; | |
45959 | + while(pfkey_sockets) { | |
45960 | + len += ipsec_snprintf(buffer+len, length-len, | |
45961 | + " %2d %8p %5d %8p\n", | |
45962 | + satype, | |
45963 | + pfkey_sockets->socketp, | |
45964 | + key_pid(pfkey_sockets->socketp->sk), | |
45965 | + pfkey_sockets->socketp->sk); | |
45966 | + | |
45967 | + if (len >= max_content) { | |
45968 | + /* we've done all that can fit -- stop loop (could stop two) */ | |
45969 | + len = max_content; /* truncate crap */ | |
45970 | + break; | |
45971 | + } else { | |
45972 | + const off_t pos = begin + len; /* file position of end of what we've generated */ | |
45973 | + | |
45974 | + if (pos <= offset) { | |
45975 | + /* all is before first interesting character: | |
45976 | + * discard, but note where we are. | |
45977 | + */ | |
45978 | + len = 0; | |
45979 | + begin = pos; | |
45980 | + } | |
45981 | + } | |
45982 | + | |
45983 | + pfkey_sockets = pfkey_sockets->next; | |
45984 | + } | |
45985 | + } | |
45986 | + *start = buffer + (offset - begin); /* Start of wanted data */ | |
45987 | + return len - (offset - begin); | |
45988 | +} | |
45989 | + | |
45990 | +#ifndef PROC_FS_2325 | |
45991 | +struct proc_dir_entry proc_net_pfkey = | |
45992 | +{ | |
45993 | + 0, | |
45994 | + 6, "pf_key", | |
45995 | + S_IFREG | S_IRUGO, 1, 0, 0, | |
45996 | + 0, &proc_net_inode_operations, | |
45997 | + pfkey_get_info | |
45998 | +}; | |
45999 | +struct proc_dir_entry proc_net_pfkey_supported = | |
46000 | +{ | |
46001 | + 0, | |
46002 | + 16, "pf_key_supported", | |
46003 | + S_IFREG | S_IRUGO, 1, 0, 0, | |
46004 | + 0, &proc_net_inode_operations, | |
46005 | + pfkey_supported_get_info | |
46006 | +}; | |
46007 | +struct proc_dir_entry proc_net_pfkey_registered = | |
46008 | +{ | |
46009 | + 0, | |
46010 | + 17, "pf_key_registered", | |
46011 | + S_IFREG | S_IRUGO, 1, 0, 0, | |
46012 | + 0, &proc_net_inode_operations, | |
46013 | + pfkey_registered_get_info | |
46014 | +}; | |
46015 | +#endif /* !PROC_FS_2325 */ | |
46016 | +#endif /* CONFIG_PROC_FS */ | |
46017 | + | |
46018 | +DEBUG_NO_STATIC int | |
46019 | +supported_add_all(int satype, struct ipsec_alg_supported supported[], int size) | |
46020 | +{ | |
46021 | + int i; | |
46022 | + int error = 0; | |
46023 | + | |
46024 | + KLIPS_PRINT(debug_pfkey, | |
46025 | + "klips_debug:init_pfkey: " | |
46026 | + "sizeof(supported_init_<satype=%d>)[%d]/sizeof(struct ipsec_alg_supported)[%d]=%d.\n", | |
46027 | + satype, | |
46028 | + size, | |
46029 | + (int)sizeof(struct ipsec_alg_supported), | |
46030 | + (int)(size/sizeof(struct ipsec_alg_supported))); | |
46031 | + | |
46032 | + for(i = 0; i < size / sizeof(struct ipsec_alg_supported); i++) { | |
46033 | + | |
46034 | + unsigned char *n = supported[i].ias_name; | |
46035 | + if(n == NULL) n="unknown"; | |
46036 | + | |
46037 | + KLIPS_PRINT(debug_pfkey, | |
46038 | + "klips_debug:init_pfkey: " | |
46039 | + "i=%d inserting satype=%d exttype=%d id=%d ivlen=%d minbits=%d maxbits=%d name=%s.\n", | |
46040 | + i, | |
46041 | + satype, | |
46042 | + supported[i].ias_exttype, | |
46043 | + supported[i].ias_id, | |
46044 | + supported[i].ias_ivlen, | |
46045 | + supported[i].ias_keyminbits, | |
46046 | + supported[i].ias_keymaxbits, | |
46047 | + n); | |
46048 | + | |
46049 | + error |= pfkey_list_insert_supported(&(supported[i]), | |
46050 | + &(pfkey_supported_list[satype])); | |
46051 | + } | |
46052 | + return error; | |
46053 | +} | |
46054 | + | |
46055 | +DEBUG_NO_STATIC int | |
46056 | +supported_remove_all(int satype) | |
46057 | +{ | |
46058 | + int error = 0; | |
46059 | + struct ipsec_alg_supported*supportedp; | |
46060 | + | |
46061 | + while(pfkey_supported_list[satype]) { | |
46062 | + unsigned char *n; | |
46063 | + supportedp = pfkey_supported_list[satype]->supportedp; | |
46064 | + | |
46065 | + n = supportedp->ias_name; | |
46066 | + if(n == NULL) n="unknown"; | |
46067 | + | |
46068 | + KLIPS_PRINT(debug_pfkey, | |
46069 | + "klips_debug:init_pfkey: " | |
46070 | + "removing satype=%d exttype=%d id=%d ivlen=%d minbits=%d maxbits=%d name=%s.\n", | |
46071 | + satype, | |
46072 | + supportedp->ias_exttype, | |
46073 | + supportedp->ias_id, | |
46074 | + supportedp->ias_ivlen, | |
46075 | + supportedp->ias_keyminbits, | |
46076 | + supportedp->ias_keymaxbits, n); | |
46077 | + | |
46078 | + error |= pfkey_list_remove_supported(supportedp, | |
46079 | + &(pfkey_supported_list[satype])); | |
46080 | + } | |
46081 | + return error; | |
46082 | +} | |
46083 | + | |
46084 | +int | |
46085 | +pfkey_init(void) | |
46086 | +{ | |
46087 | + int error = 0; | |
46088 | + int i; | |
46089 | + | |
46090 | + static struct ipsec_alg_supported supported_init_ah[] = { | |
46091 | +#ifdef CONFIG_KLIPS_AUTH_HMAC_MD5 | |
46092 | + {SADB_EXT_SUPPORTED_AUTH, SADB_AALG_MD5HMAC, 0, 128, 128}, | |
46093 | +#endif /* CONFIG_KLIPS_AUTH_HMAC_MD5 */ | |
46094 | +#ifdef CONFIG_KLIPS_AUTH_HMAC_SHA1 | |
46095 | + {SADB_EXT_SUPPORTED_AUTH, SADB_AALG_SHA1HMAC, 0, 160, 160} | |
46096 | +#endif /* CONFIG_KLIPS_AUTH_HMAC_SHA1 */ | |
46097 | + }; | |
46098 | + static struct ipsec_alg_supported supported_init_esp[] = { | |
46099 | +#ifdef CONFIG_KLIPS_AUTH_HMAC_MD5 | |
46100 | + {SADB_EXT_SUPPORTED_AUTH, SADB_AALG_MD5HMAC, 0, 128, 128}, | |
46101 | +#endif /* CONFIG_KLIPS_AUTH_HMAC_MD5 */ | |
46102 | +#ifdef CONFIG_KLIPS_AUTH_HMAC_SHA1 | |
46103 | + {SADB_EXT_SUPPORTED_AUTH, SADB_AALG_SHA1HMAC, 0, 160, 160}, | |
46104 | +#endif /* CONFIG_KLIPS_AUTH_HMAC_SHA1 */ | |
46105 | +#ifdef CONFIG_KLIPS_ENC_3DES | |
46106 | + {SADB_EXT_SUPPORTED_ENCRYPT, SADB_EALG_3DESCBC, 64, 168, 168}, | |
46107 | +#endif /* CONFIG_KLIPS_ENC_3DES */ | |
46108 | + }; | |
46109 | + static struct ipsec_alg_supported supported_init_ipip[] = { | |
46110 | + {SADB_EXT_SUPPORTED_ENCRYPT, SADB_X_TALG_IPv4_in_IPv4, 0, 32, 32} | |
46111 | +#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) | |
46112 | + , {SADB_EXT_SUPPORTED_ENCRYPT, SADB_X_TALG_IPv6_in_IPv4, 0, 128, 32} | |
46113 | + , {SADB_EXT_SUPPORTED_ENCRYPT, SADB_X_TALG_IPv4_in_IPv6, 0, 32, 128} | |
46114 | + , {SADB_EXT_SUPPORTED_ENCRYPT, SADB_X_TALG_IPv6_in_IPv6, 0, 128, 128} | |
46115 | +#endif /* defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) */ | |
46116 | + }; | |
46117 | +#ifdef CONFIG_KLIPS_IPCOMP | |
46118 | + static struct ipsec_alg_supported supported_init_ipcomp[] = { | |
46119 | + {SADB_EXT_SUPPORTED_ENCRYPT, SADB_X_CALG_DEFLATE, 0, 1, 1} | |
46120 | + }; | |
46121 | +#endif /* CONFIG_KLIPS_IPCOMP */ | |
46122 | + | |
46123 | +#if 0 | |
46124 | + printk(KERN_INFO | |
46125 | + "klips_info:pfkey_init: " | |
46126 | + "FreeS/WAN: initialising PF_KEYv2 domain sockets.\n"); | |
46127 | +#endif | |
46128 | + | |
46129 | + for(i = SADB_SATYPE_UNSPEC; i <= SADB_SATYPE_MAX; i++) { | |
46130 | + pfkey_registered_sockets[i] = NULL; | |
46131 | + pfkey_supported_list[i] = NULL; | |
46132 | + } | |
46133 | + | |
46134 | + error |= supported_add_all(SADB_SATYPE_AH, supported_init_ah, sizeof(supported_init_ah)); | |
46135 | + error |= supported_add_all(SADB_SATYPE_ESP, supported_init_esp, sizeof(supported_init_esp)); | |
46136 | +#ifdef CONFIG_KLIPS_IPCOMP | |
46137 | + error |= supported_add_all(SADB_X_SATYPE_COMP, supported_init_ipcomp, sizeof(supported_init_ipcomp)); | |
46138 | +#endif /* CONFIG_KLIPS_IPCOMP */ | |
46139 | + error |= supported_add_all(SADB_X_SATYPE_IPIP, supported_init_ipip, sizeof(supported_init_ipip)); | |
46140 | + | |
46141 | + error |= sock_register(&pfkey_family_ops); | |
46142 | + | |
46143 | +#ifdef CONFIG_PROC_FS | |
46144 | +# ifndef PROC_FS_2325 | |
46145 | +# ifdef PROC_FS_21 | |
46146 | + error |= proc_register(proc_net, &proc_net_pfkey); | |
46147 | + error |= proc_register(proc_net, &proc_net_pfkey_supported); | |
46148 | + error |= proc_register(proc_net, &proc_net_pfkey_registered); | |
46149 | +# else /* PROC_FS_21 */ | |
46150 | + error |= proc_register_dynamic(&proc_net, &proc_net_pfkey); | |
46151 | + error |= proc_register_dynamic(&proc_net, &proc_net_pfkey_supported); | |
46152 | + error |= proc_register_dynamic(&proc_net, &proc_net_pfkey_registered); | |
46153 | +# endif /* PROC_FS_21 */ | |
46154 | +# else /* !PROC_FS_2325 */ | |
46155 | + proc_net_create ("pf_key", 0, pfkey_get_info); | |
46156 | + proc_net_create ("pf_key_supported", 0, pfkey_supported_get_info); | |
46157 | + proc_net_create ("pf_key_registered", 0, pfkey_registered_get_info); | |
46158 | +# endif /* !PROC_FS_2325 */ | |
46159 | +#endif /* CONFIG_PROC_FS */ | |
46160 | + | |
46161 | + return error; | |
46162 | +} | |
46163 | + | |
46164 | +int | |
46165 | +pfkey_cleanup(void) | |
46166 | +{ | |
46167 | + int error = 0; | |
46168 | + | |
46169 | + printk(KERN_INFO "klips_info:pfkey_cleanup: " | |
46170 | + "shutting down PF_KEY domain sockets.\n"); | |
46171 | + sock_unregister(PF_KEY); | |
46172 | + | |
46173 | + error |= supported_remove_all(SADB_SATYPE_AH); | |
46174 | + error |= supported_remove_all(SADB_SATYPE_ESP); | |
46175 | +#ifdef CONFIG_KLIPS_IPCOMP | |
46176 | + error |= supported_remove_all(SADB_X_SATYPE_COMP); | |
46177 | +#endif /* CONFIG_KLIPS_IPCOMP */ | |
46178 | + error |= supported_remove_all(SADB_X_SATYPE_IPIP); | |
46179 | + | |
46180 | +#ifdef CONFIG_PROC_FS | |
46181 | +# ifndef PROC_FS_2325 | |
46182 | + if (proc_net_unregister(proc_net_pfkey.low_ino) != 0) | |
46183 | + printk("klips_debug:pfkey_cleanup: " | |
46184 | + "cannot unregister /proc/net/pf_key\n"); | |
46185 | + if (proc_net_unregister(proc_net_pfkey_supported.low_ino) != 0) | |
46186 | + printk("klips_debug:pfkey_cleanup: " | |
46187 | + "cannot unregister /proc/net/pf_key_supported\n"); | |
46188 | + if (proc_net_unregister(proc_net_pfkey_registered.low_ino) != 0) | |
46189 | + printk("klips_debug:pfkey_cleanup: " | |
46190 | + "cannot unregister /proc/net/pf_key_registered\n"); | |
46191 | +# else /* !PROC_FS_2325 */ | |
46192 | + proc_net_remove ("pf_key"); | |
46193 | + proc_net_remove ("pf_key_supported"); | |
46194 | + proc_net_remove ("pf_key_registered"); | |
46195 | +# endif /* !PROC_FS_2325 */ | |
46196 | +#endif /* CONFIG_PROC_FS */ | |
46197 | + | |
46198 | + /* other module unloading cleanup happens here */ | |
46199 | + return error; | |
46200 | +} | |
46201 | + | |
46202 | +#ifdef MODULE | |
46203 | +#if 0 | |
46204 | +int | |
46205 | +init_module(void) | |
46206 | +{ | |
46207 | + pfkey_init(); | |
46208 | + return 0; | |
46209 | +} | |
46210 | + | |
46211 | +void | |
46212 | +cleanup_module(void) | |
46213 | +{ | |
46214 | + pfkey_cleanup(); | |
46215 | +} | |
46216 | +#endif /* 0 */ | |
46217 | +#else /* MODULE */ | |
46218 | +struct net_protocol; | |
46219 | +void pfkey_proto_init(struct net_protocol *pro) | |
46220 | +{ | |
46221 | + pfkey_init(); | |
46222 | +} | |
46223 | +#endif /* MODULE */ | |
46224 | + | |
46225 | +/* | |
46226 | + * $Log: pfkey_v2.c,v $ | |
46227 | + * Revision 1.97.2.12 2006/11/24 05:43:29 paul | |
46228 | + * kernels after 2.6.18 do not return a code from unregister_socket() | |
46229 | + * backport from git 41e54a2684dc809d7952e816860ea646a3194a72 | |
46230 | + * | |
46231 | + * Revision 1.97.2.11 2006/11/15 16:05:57 paul | |
46232 | + * fix for compiling on 2.4. kernels by Matthias Haas. | |
46233 | + * | |
46234 | + * Revision 1.97.2.10 2006/10/10 20:43:28 paul | |
46235 | + * Add family/create/owner for pfkey_family_ops. This fixes bug #671 | |
46236 | + * | |
46237 | + * Revision 1.97.2.9 2006/10/06 21:39:26 paul | |
46238 | + * Fix for 2.6.18+ only include linux/config.h if AUTOCONF_INCLUDED is not | |
46239 | + * set. This is defined through autoconf.h which is included through the | |
46240 | + * linux kernel build macros. | |
46241 | + * | |
46242 | + * Revision 1.97.2.8 2006/07/10 15:56:11 paul | |
46243 | + * Fix for bug #642 by Bart. | |
46244 | + * | |
46245 | + * Revision 1.97.2.7 2006/04/04 11:34:19 ken | |
46246 | + * Backport SMP fixes + #ifdef cleanup from #public | |
46247 | + * | |
46248 | + * Revision 1.97.2.6 2006/02/15 05:00:20 paul | |
46249 | + * Fix for crasher on 2.6.12+ with klips (mostly seen on redhat kernels) | |
46250 | + * | |
46251 | + * Revision 1.97.2.5 2005/11/22 04:11:52 ken | |
46252 | + * Backport fixes for 2.6.14 kernels from HEAD | |
46253 | + * | |
46254 | + * Revision 1.97.2.4 2005/09/14 16:40:45 mcr | |
46255 | + * pull up of compilation on 2.4 | |
46256 | + * | |
46257 | + * Revision 1.97.2.3 2005/09/06 02:10:03 mcr | |
46258 | + * pulled up possible SMP-related compilation fix | |
46259 | + * | |
46260 | + * Revision 1.97.2.2 2005/08/28 01:21:12 paul | |
46261 | + * Undid Ken's gcc4 fix in version 1.94 since it breaks linking KLIPS on | |
46262 | + * SMP kernels. | |
46263 | + * | |
46264 | + * Revision 1.97.2.1 2005/08/27 23:40:00 paul | |
46265 | + * recommited HAVE_SOCK_SECURITY fixes for linux 2.6.13 | |
46266 | + * | |
46267 | + * Revision 1.102 2005/09/14 16:37:23 mcr | |
46268 | + * fix to compile on 2.4. | |
46269 | + * | |
46270 | + * Revision 1.101 2005/09/06 01:42:25 mcr | |
46271 | + * removed additional SOCKOPS_WRAPPED code | |
46272 | + * | |
46273 | + * Revision 1.100 2005/08/30 18:10:15 mcr | |
46274 | + * remove SOCKOPS_WRAPPED() code, add proper locking to the | |
46275 | + * pfkey code. (cross fingers) | |
46276 | + * | |
46277 | + * Revision 1.99 2005/08/28 01:53:37 paul | |
46278 | + * Undid Ken's gcc4 fix in version 1.94 since it breaks linking KLIPS on SMP kernels. | |
46279 | + * | |
46280 | + * Revision 1.98 2005/08/27 23:07:21 paul | |
46281 | + * Somewhere between 2.6.12 and 2.6.13rc7 the unused security memnber in sk_buff | |
46282 | + * has been removed. This patch should fix compilation for both cases. | |
46283 | + * | |
46284 | + * Revision 1.97 2005/07/20 00:33:36 mcr | |
46285 | + * fixed typo in #ifdef for SKALLOC. | |
46286 | + * | |
46287 | + * Revision 1.96 2005/07/19 20:02:15 mcr | |
46288 | + * sk_alloc() interface change. | |
46289 | + * | |
46290 | + * Revision 1.95 2005/07/09 00:40:06 ken | |
46291 | + * Fix for GCC4 - it doesn't like the potential for duplicate declaration | |
46292 | + * | |
46293 | + * Revision 1.94 2005/07/09 00:14:04 ken | |
46294 | + * Casts for 64bit cleanliness | |
46295 | + * | |
46296 | + * Revision 1.93 2005/07/08 16:20:05 mcr | |
46297 | + * fix for 2.6.12 disapperance of sk_zapped field -> sock_flags. | |
46298 | + * | |
46299 | + * Revision 1.92 2005/05/21 03:29:39 mcr | |
46300 | + * fixed missing prototype definition. | |
46301 | + * | |
46302 | + * Revision 1.91 2005/05/11 01:43:45 mcr | |
46303 | + * removed "poor-man"s OOP in favour of proper C structures. | |
46304 | + * | |
46305 | + * Revision 1.90 2005/05/02 18:42:47 mcr | |
46306 | + * fix for cut&paste error with pfkey_v2.c "supported_name" | |
46307 | + * | |
46308 | + * Revision 1.89 2005/05/01 03:12:31 mcr | |
46309 | + * print name if it is available. | |
46310 | + * | |
46311 | + * Revision 1.88 2005/04/29 05:10:22 mcr | |
46312 | + * removed from extraenous includes to make unit testing easier. | |
46313 | + * | |
46314 | + * Revision 1.87 2005/04/15 19:57:10 mcr | |
46315 | + * make sure that address has 0p so that it will | |
46316 | + * sanitized. | |
46317 | + * | |
46318 | + * Revision 1.86 2005/04/08 18:28:36 mcr | |
46319 | + * some minor #ifdef simplification in pursuit of a possible bug. | |
46320 | + * | |
46321 | + * Revision 1.85 2004/12/03 21:25:57 mcr | |
46322 | + * compile time fixes for running on 2.6. | |
46323 | + * still experimental. | |
46324 | + * | |
46325 | + * Revision 1.84 2004/08/17 03:27:23 mcr | |
46326 | + * klips 2.6 edits. | |
46327 | + * | |
46328 | + * Revision 1.83 2004/08/04 15:57:07 mcr | |
46329 | + * moved des .h files to include/des/ * | |
46330 | + * included 2.6 protocol specific things | |
46331 | + * started at NAT-T support, but it will require a kernel patch. | |
46332 | + * | |
46333 | + * Revision 1.82 2004/07/10 19:11:18 mcr | |
46334 | + * CONFIG_IPSEC -> CONFIG_KLIPS. | |
46335 | + * | |
46336 | + * Revision 1.81 2004/04/25 21:23:11 ken | |
46337 | + * Pull in dhr's changes from FreeS/WAN 2.06 | |
46338 | + * | |
46339 | + * Revision 1.80 2004/04/06 02:49:26 mcr | |
46340 | + * pullup of algo code from alg-branch. | |
46341 | + * | |
46342 | + * Revision 1.79.4.1 2003/12/22 15:25:52 jjo | |
46343 | + * . Merged algo-0.8.1-rc11-test1 into alg-branch | |
46344 | + * | |
46345 | + * Revision 1.79 2003/10/31 02:27:55 mcr | |
46346 | + * pulled up port-selector patches and sa_id elimination. | |
46347 | + * | |
46348 | + * Revision 1.78.4.1 2003/10/29 01:30:41 mcr | |
46349 | + * elimited "struct sa_id". | |
46350 | + * | |
46351 | + * Revision 1.78 2003/04/03 17:38:09 rgb | |
46352 | + * Centralised ipsec_kfree_skb and ipsec_dev_{get,put}. | |
46353 | + * | |
46354 | + * Revision 1.77 2002/10/17 16:49:36 mcr | |
46355 | + * sock->ops should reference the unwrapped options so that | |
46356 | + * we get hacked in locking on SMP systems. | |
46357 | + * | |
46358 | + * Revision 1.76 2002/10/12 23:11:53 dhr | |
46359 | + * | |
46360 | + * [KenB + DHR] more 64-bit cleanup | |
46361 | + * | |
46362 | + * Revision 1.75 2002/09/20 05:01:57 rgb | |
46363 | + * Added memory allocation debugging. | |
46364 | + * | |
46365 | + * Revision 1.74 2002/09/19 02:42:50 mcr | |
46366 | + * do not define the pfkey_ops function for now. | |
46367 | + * | |
46368 | + * Revision 1.73 2002/09/17 17:29:23 mcr | |
46369 | + * #if 0 out some dead code - pfkey_ops is never used as written. | |
46370 | + * | |
46371 | + * Revision 1.72 2002/07/24 18:44:54 rgb | |
46372 | + * Type fiddling to tame ia64 compiler. | |
46373 | + * | |
46374 | + * Revision 1.71 2002/05/23 07:14:11 rgb | |
46375 | + * Cleaned up %p variants to 0p%p for test suite cleanup. | |
46376 | + * | |
46377 | + * Revision 1.70 2002/04/24 07:55:32 mcr | |
46378 | + * #include patches and Makefiles for post-reorg compilation. | |
46379 | + * | |
46380 | + * Revision 1.69 2002/04/24 07:36:33 mcr | |
46381 | + * Moved from ./klips/net/ipsec/pfkey_v2.c,v | |
46382 | + * | |
46383 | + * Revision 1.68 2002/03/08 01:15:17 mcr | |
46384 | + * put some internal structure only debug messages behind | |
46385 | + * && sysctl_ipsec_debug_verbose. | |
46386 | + * | |
46387 | + * Revision 1.67 2002/01/29 17:17:57 mcr | |
46388 | + * moved include of ipsec_param.h to after include of linux/kernel.h | |
46389 | + * otherwise, it seems that some option that is set in ipsec_param.h | |
46390 | + * screws up something subtle in the include path to kernel.h, and | |
46391 | + * it complains on the snprintf() prototype. | |
46392 | + * | |
46393 | + * Revision 1.66 2002/01/29 04:00:54 mcr | |
46394 | + * more excise of kversions.h header. | |
46395 | + * | |
46396 | + * Revision 1.65 2002/01/29 02:13:18 mcr | |
46397 | + * introduction of ipsec_kversion.h means that include of | |
46398 | + * ipsec_param.h must preceed any decisions about what files to | |
46399 | + * include to deal with differences in kernel source. | |
46400 | + * | |
46401 | + * Revision 1.64 2001/11/26 09:23:51 rgb | |
46402 | + * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes. | |
46403 | + * | |
46404 | + * Revision 1.61.2.1 2001/09/25 02:28:44 mcr | |
46405 | + * cleaned up includes. | |
46406 | + * | |
46407 | + * Revision 1.63 2001/11/12 19:38:00 rgb | |
46408 | + * Continue trying other sockets even if one fails and return only original | |
46409 | + * error. | |
46410 | + * | |
46411 | + * Revision 1.62 2001/10/18 04:45:22 rgb | |
46412 | + * 2.4.9 kernel deprecates linux/malloc.h in favour of linux/slab.h, | |
46413 | + * lib/freeswan.h version macros moved to lib/kversions.h. | |
46414 | + * Other compiler directive cleanups. | |
46415 | + * | |
46416 | + * Revision 1.61 2001/09/20 15:32:59 rgb | |
46417 | + * Min/max cleanup. | |
46418 | + * | |
46419 | + * Revision 1.60 2001/06/14 19:35:12 rgb | |
46420 | + * Update copyright date. | |
46421 | + * | |
46422 | + * Revision 1.59 2001/06/13 15:35:48 rgb | |
46423 | + * Fixed #endif comments. | |
46424 | + * | |
46425 | + * Revision 1.58 2001/05/04 16:37:24 rgb | |
46426 | + * Remove erroneous checking of return codes for proc_net_* in 2.4. | |
46427 | + * | |
46428 | + * Revision 1.57 2001/05/03 19:43:36 rgb | |
46429 | + * Initialise error return variable. | |
46430 | + * Check error return codes in startup and shutdown. | |
46431 | + * Standardise on SENDERR() macro. | |
46432 | + * | |
46433 | + * Revision 1.56 2001/04/21 23:05:07 rgb | |
46434 | + * Define out skb->used for 2.4 kernels. | |
46435 | + * | |
46436 | + * Revision 1.55 2001/02/28 05:03:28 rgb | |
46437 | + * Clean up and rationalise startup messages. | |
46438 | + * | |
46439 | + * Revision 1.54 2001/02/27 22:24:55 rgb | |
46440 | + * Re-formatting debug output (line-splitting, joining, 1arg/line). | |
46441 | + * Check for satoa() return codes. | |
46442 | + * | |
46443 | + * Revision 1.53 2001/02/27 06:48:18 rgb | |
46444 | + * Fixed pfkey socket unregister log message to reflect type and function. | |
46445 | + * | |
46446 | + * Revision 1.52 2001/02/26 22:34:38 rgb | |
46447 | + * Fix error return code that was getting overwritten by the error return | |
46448 | + * code of an upmsg. | |
46449 | + * | |
46450 | + * Revision 1.51 2001/01/30 23:42:47 rgb | |
46451 | + * Allow pfkey msgs from pid other than user context required for ACQUIRE | |
46452 | + * and subsequent ADD or UDATE. | |
46453 | + * | |
46454 | + * Revision 1.50 2001/01/23 20:22:59 rgb | |
46455 | + * 2.4 fix to remove removed is_clone member. | |
46456 | + * | |
46457 | + * Revision 1.49 2000/11/06 04:33:47 rgb | |
46458 | + * Changed non-exported functions to DEBUG_NO_STATIC. | |
46459 | + * | |
46460 | + * Revision 1.48 2000/09/29 19:47:41 rgb | |
46461 | + * Update copyright. | |
46462 | + * | |
46463 | + * Revision 1.47 2000/09/22 04:23:04 rgb | |
46464 | + * Added more debugging to pfkey_upmsg() call from pfkey_sendmsg() error. | |
46465 | + * | |
46466 | + * Revision 1.46 2000/09/21 04:20:44 rgb | |
46467 | + * Fixed array size off-by-one error. (Thanks Svenning!) | |
46468 | + * | |
46469 | + * Revision 1.45 2000/09/20 04:01:26 rgb | |
46470 | + * Changed static functions to DEBUG_NO_STATIC for revealing function names | |
46471 | + * in oopsen. | |
46472 | + * | |
46473 | + * Revision 1.44 2000/09/19 00:33:17 rgb | |
46474 | + * 2.0 fixes. | |
46475 | + * | |
46476 | + * Revision 1.43 2000/09/16 01:28:13 rgb | |
46477 | + * Fixed use of 0 in p format warning. | |
46478 | + * | |
46479 | + * Revision 1.42 2000/09/16 01:09:41 rgb | |
46480 | + * Fixed debug format warning for pointers that was expecting ints. | |
46481 | + * | |
46482 | + * Revision 1.41 2000/09/13 15:54:00 rgb | |
46483 | + * Rewrote pfkey_get_info(), added pfkey_{supported,registered}_get_info(). | |
46484 | + * Moved supported algos add and remove to functions. | |
46485 | + * | |
46486 | + * Revision 1.40 2000/09/12 18:49:28 rgb | |
46487 | + * Added IPIP tunnel and IPCOMP register support. | |
46488 | + * | |
46489 | + * Revision 1.39 2000/09/12 03:23:49 rgb | |
46490 | + * Converted #if0 debugs to sysctl. | |
46491 | + * Removed debug_pfkey initialisations that prevented no_debug loading or | |
46492 | + * linking. | |
46493 | + * | |
46494 | + * Revision 1.38 2000/09/09 06:38:02 rgb | |
46495 | + * Return positive errno in pfkey_reply error message. | |
46496 | + * | |
46497 | + * Revision 1.37 2000/09/08 19:19:09 rgb | |
46498 | + * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG. | |
46499 | + * Clean-up of long-unused crud... | |
46500 | + * Create pfkey error message on on failure. | |
46501 | + * Give pfkey_list_{insert,remove}_{socket,supported}() some error | |
46502 | + * checking. | |
46503 | + * | |
46504 | + * Revision 1.36 2000/09/01 18:49:38 rgb | |
46505 | + * Reap experimental NET_21_ bits. | |
46506 | + * Turned registered sockets list into an array of one list per satype. | |
46507 | + * Remove references to deprecated sklist_{insert,remove}_socket. | |
46508 | + * Removed leaking socket debugging code. | |
46509 | + * Removed duplicate pfkey_insert_socket in pfkey_create. | |
46510 | + * Removed all references to pfkey msg->msg_name, since it is not used for | |
46511 | + * pfkey. | |
46512 | + * Added a supported algorithms array lists, one per satype and registered | |
46513 | + * existing algorithms. | |
46514 | + * Fixed pfkey_list_{insert,remove}_{socket,support}() to allow change to | |
46515 | + * list. | |
46516 | + * Only send pfkey_expire() messages to sockets registered for that satype. | |
46517 | + * | |
46518 | + * Revision 1.35 2000/08/24 17:03:00 rgb | |
46519 | + * Corrected message size error return code for PF_KEYv2. | |
46520 | + * Removed downward error prohibition. | |
46521 | + * | |
46522 | + * Revision 1.34 2000/08/21 16:32:26 rgb | |
46523 | + * Re-formatted for cosmetic consistency and readability. | |
46524 | + * | |
46525 | + * Revision 1.33 2000/08/20 21:38:24 rgb | |
46526 | + * Added a pfkey_reply parameter to pfkey_msg_interp(). (Momchil) | |
46527 | + * Extended the upward message initiation of pfkey_sendmsg(). (Momchil) | |
46528 | + * | |
46529 | + * Revision 1.32 2000/07/28 14:58:31 rgb | |
46530 | + * Changed kfree_s to kfree, eliminating extra arg to fix 2.4.0-test5. | |
46531 | + * | |
46532 | + * Revision 1.31 2000/05/16 03:04:00 rgb | |
46533 | + * Updates for 2.3.99pre8 from MB. | |
46534 | + * | |
46535 | + * Revision 1.30 2000/05/10 19:22:21 rgb | |
46536 | + * Use sklist private functions for 2.3.xx compatibility. | |
46537 | + * | |
46538 | + * Revision 1.29 2000/03/22 16:17:03 rgb | |
46539 | + * Fixed SOCKOPS_WRAPPED macro for SMP (MB). | |
46540 | + * | |
46541 | + * Revision 1.28 2000/02/21 19:30:45 rgb | |
46542 | + * Removed references to pkt_bridged for 2.3.47 compatibility. | |
46543 | + * | |
46544 | + * Revision 1.27 2000/02/14 21:07:00 rgb | |
46545 | + * Fixed /proc/net/pf-key legend spacing. | |
46546 | + * | |
46547 | + * Revision 1.26 2000/01/22 03:46:59 rgb | |
46548 | + * Fixed pfkey error return mechanism so that we are able to free the | |
46549 | + * local copy of the pfkey_msg, plugging a memory leak and silencing | |
46550 | + * the bad object free complaints. | |
46551 | + * | |
46552 | + * Revision 1.25 2000/01/21 06:19:44 rgb | |
46553 | + * Moved pfkey_list_remove_socket() calls to before MOD_USE_DEC_COUNT. | |
46554 | + * Added debugging to pfkey_upmsg. | |
46555 | + * | |
46556 | + * Revision 1.24 2000/01/10 16:38:23 rgb | |
46557 | + * MB fixups for 2.3.x. | |
46558 | + * | |
46559 | + * Revision 1.23 1999/12/09 23:22:16 rgb | |
46560 | + * Added more instrumentation for debugging 2.0 socket | |
46561 | + * selection/reading. | |
46562 | + * Removed erroneous 2.0 wait==NULL check bug in select. | |
46563 | + * | |
46564 | + * Revision 1.22 1999/12/08 20:32:16 rgb | |
46565 | + * Tidied up 2.0.xx support, after major pfkey work, eliminating | |
46566 | + * msg->msg_name twiddling in the process, since it is not defined | |
46567 | + * for PF_KEYv2. | |
46568 | + * | |
46569 | + * Revision 1.21 1999/12/01 22:17:19 rgb | |
46570 | + * Set skb->dev to zero on new skb in case it is a reused skb. | |
46571 | + * Added check for skb_put overflow and freeing to avoid upmsg on error. | |
46572 | + * Added check for wrong pfkey version and freeing to avoid upmsg on | |
46573 | + * error. | |
46574 | + * Shut off content dumping in pfkey_destroy. | |
46575 | + * Added debugging message for size of buffer allocated for upmsg. | |
46576 | + * | |
46577 | + * Revision 1.20 1999/11/27 12:11:00 rgb | |
46578 | + * Minor clean-up, enabling quiet operation of pfkey if desired. | |
46579 | + * | |
46580 | + * Revision 1.19 1999/11/25 19:04:21 rgb | |
46581 | + * Update proc_fs code for pfkey to use dynamic registration. | |
46582 | + * | |
46583 | + * Revision 1.18 1999/11/25 09:07:17 rgb | |
46584 | + * Implemented SENDERR macro for propagating error codes. | |
46585 | + * Fixed error return code bug. | |
46586 | + * | |
46587 | + * Revision 1.17 1999/11/23 23:07:20 rgb | |
46588 | + * Change name of pfkey_msg_parser to pfkey_msg_interp since it no longer | |
46589 | + * parses. (PJO) | |
46590 | + * Sort out pfkey and freeswan headers, putting them in a library path. | |
46591 | + * | |
46592 | + * Revision 1.16 1999/11/20 22:00:22 rgb | |
46593 | + * Moved socketlist type declarations and prototypes for shared use. | |
46594 | + * Renamed reformatted and generically extended for use by other socket | |
46595 | + * lists pfkey_{del,add}_open_socket to pfkey_list_{remove,insert}_socket. | |
46596 | + * | |
46597 | + * Revision 1.15 1999/11/18 04:15:09 rgb | |
46598 | + * Make pfkey_data_ready temporarily available for 2.2.x testing. | |
46599 | + * Clean up pfkey_destroy_socket() debugging statements. | |
46600 | + * Add Peter Onion's code to send messages up to all listening sockets. | |
46601 | + * Changed all occurrences of #include "../../../lib/freeswan.h" | |
46602 | + * to #include <freeswan.h> which works due to -Ilibfreeswan in the | |
46603 | + * klips/net/ipsec/Makefile. | |
46604 | + * Replaced all kernel version macros to shorter, readable form. | |
46605 | + * Added CONFIG_PROC_FS compiler directives in case it is shut off. | |
46606 | + * | |
46607 | + * Revision 1.14 1999/11/17 16:01:00 rgb | |
46608 | + * Make pfkey_data_ready temporarily available for 2.2.x testing. | |
46609 | + * Clean up pfkey_destroy_socket() debugging statements. | |
46610 | + * Add Peter Onion's code to send messages up to all listening sockets. | |
46611 | + * Changed #include "../../../lib/freeswan.h" to #include <freeswan.h> | |
46612 | + * which works due to -Ilibfreeswan in the klips/net/ipsec/Makefile. | |
46613 | + * | |
46614 | + * Revision 1.13 1999/10/27 19:59:51 rgb | |
46615 | + * Removed af_unix comments that are no longer relevant. | |
46616 | + * Added debug prink statements. | |
46617 | + * Added to the /proc output in pfkey_get_info. | |
46618 | + * Made most functions non-static to enable oops tracing. | |
46619 | + * Re-enable skb dequeueing and freeing. | |
46620 | + * Fix skb_alloc() and skb_put() size bug in pfkey_upmsg(). | |
46621 | + * | |
46622 | + * Revision 1.12 1999/10/26 17:05:42 rgb | |
46623 | + * Complete re-ordering based on proto_ops structure order. | |
46624 | + * Separated out proto_ops structures for 2.0.x and 2.2.x for clarity. | |
46625 | + * Simplification to use built-in socket ops where possible for 2.2.x. | |
46626 | + * Add shorter macros for compiler directives to visually clean-up. | |
46627 | + * Add lots of sk skb dequeueing debugging statements. | |
46628 | + * Added to the /proc output in pfkey_get_info. | |
46629 | + * | |
46630 | + * Revision 1.11 1999/09/30 02:55:10 rgb | |
46631 | + * Bogus skb detection. | |
46632 | + * Fix incorrect /proc/net/ipsec-eroute printk message. | |
46633 | + * | |
46634 | + * Revision 1.10 1999/09/21 15:22:13 rgb | |
46635 | + * Temporary fix while I figure out the right way to destroy sockets. | |
46636 | + * | |
46637 | + * Revision 1.9 1999/07/08 19:19:44 rgb | |
46638 | + * Fix pointer format warning. | |
46639 | + * Fix missing member error under 2.0.xx kernels. | |
46640 | + * | |
46641 | + * Revision 1.8 1999/06/13 07:24:04 rgb | |
46642 | + * Add more debugging. | |
46643 | + * | |
46644 | + * Revision 1.7 1999/06/10 05:24:17 rgb | |
46645 | + * Clarified compiler directives. | |
46646 | + * Renamed variables to reduce confusion. | |
46647 | + * Used sklist_*_socket() kernel functions to simplify 2.2.x socket support. | |
46648 | + * Added lots of sanity checking. | |
46649 | + * | |
46650 | + * Revision 1.6 1999/06/03 18:59:50 rgb | |
46651 | + * More updates to 2.2.x socket support. Almost works, oops at end of call. | |
46652 | + * | |
46653 | + * Revision 1.5 1999/05/25 22:44:05 rgb | |
46654 | + * Start fixing 2.2 sockets. | |
46655 | + * | |
46656 | + * Revision 1.4 1999/04/29 15:21:34 rgb | |
46657 | + * Move log to the end of the file. | |
46658 | + * Eliminate min/max redefinition in #include <net/tcp.h>. | |
46659 | + * Correct path for pfkey #includes | |
46660 | + * Standardise an error return method. | |
46661 | + * Add debugging instrumentation. | |
46662 | + * Move message type checking to pfkey_msg_parse(). | |
46663 | + * Add check for errno incorrectly set. | |
46664 | + * Add check for valid PID. | |
46665 | + * Add check for reserved illegally set. | |
46666 | + * Add check for message out of bounds. | |
46667 | + * | |
46668 | + * Revision 1.3 1999/04/15 17:58:07 rgb | |
46669 | + * Add RCSID labels. | |
46670 | + * | |
46671 | + * Revision 1.2 1999/04/15 15:37:26 rgb | |
46672 | + * Forward check changes from POST1_00 branch. | |
46673 | + * | |
46674 | + * Revision 1.1.2.2 1999/04/13 20:37:12 rgb | |
46675 | + * Header Title correction. | |
46676 | + * | |
46677 | + * Revision 1.1.2.1 1999/03/26 20:58:55 rgb | |
46678 | + * Add pfkeyv2 support to KLIPS. | |
46679 | + * | |
46680 | + * | |
46681 | + * RFC 2367 | |
46682 | + * PF_KEY_v2 Key Management API | |
46683 | + */ | |
46684 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
46685 | +++ linux/net/ipsec/pfkey_v2_build.c Mon Feb 9 13:51:03 2004 | |
46686 | @@ -0,0 +1,1581 @@ | |
46687 | +/* | |
46688 | + * RFC2367 PF_KEYv2 Key management API message parser | |
46689 | + * Copyright (C) 1999, 2000, 2001 Richard Guy Briggs. | |
46690 | + * | |
46691 | + * This program is free software; you can redistribute it and/or modify it | |
46692 | + * under the terms of the GNU General Public License as published by the | |
46693 | + * Free Software Foundation; either version 2 of the License, or (at your | |
46694 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
46695 | + * | |
46696 | + * This program is distributed in the hope that it will be useful, but | |
46697 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
46698 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
46699 | + * for more details. | |
46700 | + * | |
46701 | + * RCSID $Id: pfkey_v2_build.c,v 1.51.8.1 2006/05/01 14:36:39 mcr Exp $ | |
46702 | + */ | |
46703 | + | |
46704 | +/* | |
46705 | + * Template from klips/net/ipsec/ipsec/ipsec_parser.c. | |
46706 | + */ | |
46707 | + | |
46708 | +char pfkey_v2_build_c_version[] = "$Id: pfkey_v2_build.c,v 1.51.8.1 2006/05/01 14:36:39 mcr Exp $"; | |
46709 | + | |
46710 | +/* | |
46711 | + * Some ugly stuff to allow consistent debugging code for use in the | |
46712 | + * kernel and in user space | |
46713 | +*/ | |
46714 | + | |
46715 | +#ifdef __KERNEL__ | |
46716 | + | |
46717 | +# include <linux/kernel.h> /* for printk */ | |
46718 | + | |
46719 | +# include "openswan/ipsec_kversion.h" /* for malloc switch */ | |
46720 | +# ifdef MALLOC_SLAB | |
46721 | +# include <linux/slab.h> /* kmalloc() */ | |
46722 | +# else /* MALLOC_SLAB */ | |
46723 | +# include <linux/malloc.h> /* kmalloc() */ | |
46724 | +# endif /* MALLOC_SLAB */ | |
46725 | +# include <linux/errno.h> /* error codes */ | |
46726 | +# include <linux/types.h> /* size_t */ | |
46727 | +# include <linux/interrupt.h> /* mark_bh */ | |
46728 | + | |
46729 | +# include <linux/netdevice.h> /* struct device, and other headers */ | |
46730 | +# include <linux/etherdevice.h> /* eth_type_trans */ | |
46731 | +# include <linux/ip.h> /* struct iphdr */ | |
46732 | +# if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) | |
46733 | +# include <linux/ipv6.h> /* struct ipv6hdr */ | |
46734 | +# endif /* if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) */ | |
46735 | + | |
46736 | +# define MALLOC(size) kmalloc(size, GFP_ATOMIC) | |
46737 | +# define FREE(obj) kfree(obj) | |
46738 | +# include <openswan.h> | |
46739 | +#else /* __KERNEL__ */ | |
46740 | + | |
46741 | +# include <sys/types.h> | |
46742 | +# include <linux/types.h> | |
46743 | +# include <linux/errno.h> | |
46744 | +# include <malloc.h> | |
46745 | +# include <string.h> /* memset */ | |
46746 | + | |
46747 | +# include <openswan.h> | |
46748 | + | |
46749 | +#endif /* __KERNEL__ */ | |
46750 | + | |
46751 | +#include <pfkeyv2.h> | |
46752 | +#include <pfkey.h> | |
46753 | + | |
46754 | +#ifdef __KERNEL__ | |
46755 | +#include "openswan/radij.h" /* rd_nodes */ | |
46756 | +#include "openswan/ipsec_encap.h" /* sockaddr_encap */ | |
46757 | +#endif /* __KERNEL__ */ | |
46758 | + | |
46759 | + | |
46760 | +#include "openswan/ipsec_sa.h" /* IPSEC_SAREF_NULL, IPSEC_SA_REF_TABLE_IDX_WIDTH */ | |
46761 | +#include "openswan/pfkey_debug.h" | |
46762 | + | |
46763 | + | |
46764 | +#define SENDERR(_x) do { error = -(_x); goto errlab; } while (0) | |
46765 | + | |
46766 | +void | |
46767 | +pfkey_extensions_init(struct sadb_ext *extensions[SADB_EXT_MAX + 1]) | |
46768 | +{ | |
46769 | + int i; | |
46770 | + | |
46771 | + for (i = 0; i != SADB_EXT_MAX + 1; i++) { | |
46772 | + extensions[i] = NULL; | |
46773 | + } | |
46774 | +} | |
46775 | + | |
46776 | +void | |
46777 | +pfkey_extensions_free(struct sadb_ext *extensions[SADB_EXT_MAX + 1]) | |
46778 | +{ | |
46779 | + int i; | |
46780 | + | |
46781 | + if(!extensions) { | |
46782 | + return; | |
46783 | + } | |
46784 | + | |
46785 | + if(extensions[0]) { | |
46786 | + memset(extensions[0], 0, sizeof(struct sadb_msg)); | |
46787 | + FREE(extensions[0]); | |
46788 | + extensions[0] = NULL; | |
46789 | + } | |
46790 | + | |
46791 | + for (i = 1; i != SADB_EXT_MAX + 1; i++) { | |
46792 | + if(extensions[i]) { | |
46793 | + memset(extensions[i], 0, extensions[i]->sadb_ext_len * IPSEC_PFKEYv2_ALIGN); | |
46794 | + FREE(extensions[i]); | |
46795 | + extensions[i] = NULL; | |
46796 | + } | |
46797 | + } | |
46798 | +} | |
46799 | + | |
46800 | +void | |
46801 | +pfkey_msg_free(struct sadb_msg **pfkey_msg) | |
46802 | +{ | |
46803 | + if(*pfkey_msg) { | |
46804 | + memset(*pfkey_msg, 0, (*pfkey_msg)->sadb_msg_len * IPSEC_PFKEYv2_ALIGN); | |
46805 | + FREE(*pfkey_msg); | |
46806 | + *pfkey_msg = NULL; | |
46807 | + } | |
46808 | +} | |
46809 | + | |
46810 | +/* Default extension builders taken from the KLIPS code */ | |
46811 | + | |
46812 | +int | |
46813 | +pfkey_msg_hdr_build(struct sadb_ext** pfkey_ext, | |
46814 | + uint8_t msg_type, | |
46815 | + uint8_t satype, | |
46816 | + uint8_t msg_errno, | |
46817 | + uint32_t seq, | |
46818 | + uint32_t pid) | |
46819 | +{ | |
46820 | + int error = 0; | |
46821 | + struct sadb_msg *pfkey_msg = (struct sadb_msg *)*pfkey_ext; | |
46822 | + | |
46823 | + DEBUGGING(PF_KEY_DEBUG_BUILD, | |
46824 | + "pfkey_msg_hdr_build:\n"); | |
46825 | + DEBUGGING(PF_KEY_DEBUG_BUILD, | |
46826 | + "pfkey_msg_hdr_build: " | |
46827 | + "on_entry &pfkey_ext=0p%p pfkey_ext=0p%p *pfkey_ext=0p%p.\n", | |
46828 | + &pfkey_ext, | |
46829 | + pfkey_ext, | |
46830 | + *pfkey_ext); | |
46831 | + /* sanity checks... */ | |
46832 | + if(pfkey_msg) { | |
46833 | + DEBUGGING(PF_KEY_DEBUG_BUILD, | |
46834 | + "pfkey_msg_hdr_build: " | |
46835 | + "why is pfkey_msg already pointing to something?\n"); | |
46836 | + SENDERR(EINVAL); | |
46837 | + } | |
46838 | + | |
46839 | + if(!msg_type) { | |
46840 | + DEBUGGING(PF_KEY_DEBUG_BUILD, | |
46841 | + "pfkey_msg_hdr_build: " | |
46842 | + "msg type not set, must be non-zero..\n"); | |
46843 | + SENDERR(EINVAL); | |
46844 | + } | |
46845 | + | |
46846 | + if(msg_type > SADB_MAX) { | |
46847 | + DEBUGGING(PF_KEY_DEBUG_BUILD, | |
46848 | + "pfkey_msg_hdr_build: " | |
46849 | + "msg type too large:%d.\n", | |
46850 | + msg_type); | |
46851 | + SENDERR(EINVAL); | |
46852 | + } | |
46853 | + | |
46854 | + if(satype > SADB_SATYPE_MAX) { | |
46855 | + DEBUGGING(PF_KEY_DEBUG_BUILD, | |
46856 | + "pfkey_msg_hdr_build: " | |
46857 | + "satype %d > max %d\n", | |
46858 | + satype, SADB_SATYPE_MAX); | |
46859 | + SENDERR(EINVAL); | |
46860 | + } | |
46861 | + | |
46862 | + pfkey_msg = (struct sadb_msg*)MALLOC(sizeof(struct sadb_msg)); | |
46863 | + *pfkey_ext = (struct sadb_ext*)pfkey_msg; | |
46864 | + | |
46865 | + if(pfkey_msg == NULL) { | |
46866 | + DEBUGGING(PF_KEY_DEBUG_BUILD, | |
46867 | + "pfkey_msg_hdr_build: " | |
46868 | + "memory allocation failed\n"); | |
46869 | + SENDERR(ENOMEM); | |
46870 | + } | |
46871 | + memset(pfkey_msg, 0, sizeof(struct sadb_msg)); | |
46872 | + | |
46873 | + pfkey_msg->sadb_msg_len = sizeof(struct sadb_msg) / IPSEC_PFKEYv2_ALIGN; | |
46874 | + | |
46875 | + pfkey_msg->sadb_msg_type = msg_type; | |
46876 | + pfkey_msg->sadb_msg_satype = satype; | |
46877 | + | |
46878 | + pfkey_msg->sadb_msg_version = PF_KEY_V2; | |
46879 | + pfkey_msg->sadb_msg_errno = msg_errno; | |
46880 | + pfkey_msg->sadb_msg_reserved = 0; | |
46881 | + pfkey_msg->sadb_msg_seq = seq; | |
46882 | + pfkey_msg->sadb_msg_pid = pid; | |
46883 | + DEBUGGING(PF_KEY_DEBUG_BUILD, | |
46884 | + "pfkey_msg_hdr_build: " | |
46885 | + "on_exit &pfkey_ext=0p%p pfkey_ext=0p%p *pfkey_ext=0p%p.\n", | |
46886 | + &pfkey_ext, | |
46887 | + pfkey_ext, | |
46888 | + *pfkey_ext); | |
46889 | +errlab: | |
46890 | + return error; | |
46891 | +} | |
46892 | + | |
46893 | +int | |
46894 | +pfkey_sa_ref_build(struct sadb_ext ** pfkey_ext, | |
46895 | + uint16_t exttype, | |
46896 | + uint32_t spi, | |
46897 | + uint8_t replay_window, | |
46898 | + uint8_t sa_state, | |
46899 | + uint8_t auth, | |
46900 | + uint8_t encrypt, | |
46901 | + uint32_t flags, | |
46902 | + uint32_t/*IPsecSAref_t*/ ref) | |
46903 | +{ | |
46904 | + int error = 0; | |
46905 | + struct sadb_sa *pfkey_sa = (struct sadb_sa *)*pfkey_ext; | |
46906 | + | |
46907 | + DEBUGGING(PF_KEY_DEBUG_BUILD, | |
46908 | + "pfkey_sa_build: " | |
46909 | + "spi=%08x replay=%d sa_state=%d auth=%d encrypt=%d flags=%d\n", | |
46910 | + ntohl(spi), /* in network order */ | |
46911 | + replay_window, | |
46912 | + sa_state, | |
46913 | + auth, | |
46914 | + encrypt, | |
46915 | + flags); | |
46916 | + /* sanity checks... */ | |
46917 | + if(pfkey_sa) { | |
46918 | + DEBUGGING(PF_KEY_DEBUG_BUILD, | |
46919 | + "pfkey_sa_build: " | |
46920 | + "why is pfkey_sa already pointing to something?\n"); | |
46921 | + SENDERR(EINVAL); | |
46922 | + } | |
46923 | + | |
46924 | + if(exttype != SADB_EXT_SA && | |
46925 | + exttype != SADB_X_EXT_SA2) { | |
46926 | + DEBUGGING(PF_KEY_DEBUG_BUILD, | |
46927 | + "pfkey_sa_build: " | |
46928 | + "invalid exttype=%d.\n", | |
46929 | + exttype); | |
46930 | + SENDERR(EINVAL); | |
46931 | + } | |
46932 | + | |
46933 | + if(replay_window > 64) { | |
46934 | + DEBUGGING(PF_KEY_DEBUG_BUILD, | |
46935 | + "pfkey_sa_build: " | |
46936 | + "replay window size: %d -- must be 0 <= size <= 64\n", | |
46937 | + replay_window); | |
46938 | + SENDERR(EINVAL); | |
46939 | + } | |
46940 | + | |
46941 | + if(auth > SADB_AALG_MAX) { | |
46942 | + DEBUGGING(PF_KEY_DEBUG_BUILD, | |
46943 | + "pfkey_sa_build: " | |
46944 | + "auth=%d > SADB_AALG_MAX=%d.\n", | |
46945 | + auth, | |
46946 | + SADB_AALG_MAX); | |
46947 | + SENDERR(EINVAL); | |
46948 | + } | |
46949 | + | |
46950 | +#if SADB_EALG_MAX < 255 | |
46951 | + if(encrypt > SADB_EALG_MAX) { | |
46952 | + DEBUGGING(PF_KEY_DEBUG_BUILD, | |
46953 | + "pfkey_sa_build: " | |
46954 | + "encrypt=%d > SADB_EALG_MAX=%d.\n", | |
46955 | + encrypt, | |
46956 | + SADB_EALG_MAX); | |
46957 | + SENDERR(EINVAL); | |
46958 | + } | |
46959 | +#endif | |
46960 | + | |
46961 | + if(sa_state > SADB_SASTATE_MAX) { | |
46962 | + DEBUGGING(PF_KEY_DEBUG_BUILD, | |
46963 | + "pfkey_sa_build: " | |
46964 | + "sa_state=%d exceeds MAX=%d.\n", | |
46965 | + sa_state, | |
46966 | + SADB_SASTATE_MAX); | |
46967 | + SENDERR(EINVAL); | |
46968 | + } | |
46969 | + | |
46970 | + if(sa_state == SADB_SASTATE_DEAD) { | |
46971 | + DEBUGGING(PF_KEY_DEBUG_BUILD, | |
46972 | + "pfkey_sa_build: " | |
46973 | + "sa_state=%d is DEAD=%d is not allowed.\n", | |
46974 | + sa_state, | |
46975 | + SADB_SASTATE_DEAD); | |
46976 | + SENDERR(EINVAL); | |
46977 | + } | |
46978 | + | |
46979 | + if((IPSEC_SAREF_NULL != ref) && (ref >= (1 << IPSEC_SA_REF_TABLE_IDX_WIDTH))) { | |
46980 | + DEBUGGING(PF_KEY_DEBUG_BUILD, | |
46981 | + "pfkey_sa_build: " | |
46982 | + "SAref=%d must be (SAref == IPSEC_SAREF_NULL(%d) || SAref < IPSEC_SA_REF_TABLE_NUM_ENTRIES(%d)).\n", | |
46983 | + ref, | |
46984 | + IPSEC_SAREF_NULL, | |
46985 | + IPSEC_SA_REF_TABLE_NUM_ENTRIES); | |
46986 | + SENDERR(EINVAL); | |
46987 | + } | |
46988 | + | |
46989 | + pfkey_sa = (struct sadb_sa*)MALLOC(sizeof(struct sadb_sa)); | |
46990 | + *pfkey_ext = (struct sadb_ext*)pfkey_sa; | |
46991 | + | |
46992 | + if(pfkey_sa == NULL) { | |
46993 | + DEBUGGING(PF_KEY_DEBUG_BUILD, | |
46994 | + "pfkey_sa_build: " | |
46995 | + "memory allocation failed\n"); | |
46996 | + SENDERR(ENOMEM); | |
46997 | + } | |
46998 | + memset(pfkey_sa, 0, sizeof(struct sadb_sa)); | |
46999 | + | |
47000 | + pfkey_sa->sadb_sa_len = sizeof(*pfkey_sa) / IPSEC_PFKEYv2_ALIGN; | |
47001 | + pfkey_sa->sadb_sa_exttype = exttype; | |
47002 | + pfkey_sa->sadb_sa_spi = spi; | |
47003 | + pfkey_sa->sadb_sa_replay = replay_window; | |
47004 | + pfkey_sa->sadb_sa_state = sa_state; | |
47005 | + pfkey_sa->sadb_sa_auth = auth; | |
47006 | + pfkey_sa->sadb_sa_encrypt = encrypt; | |
47007 | + pfkey_sa->sadb_sa_flags = flags; | |
47008 | + pfkey_sa->sadb_x_sa_ref = ref; | |
47009 | + | |
47010 | +errlab: | |
47011 | + return error; | |
47012 | +} | |
47013 | + | |
47014 | +int | |
47015 | +pfkey_sa_build(struct sadb_ext ** pfkey_ext, | |
47016 | + uint16_t exttype, | |
47017 | + uint32_t spi, | |
47018 | + uint8_t replay_window, | |
47019 | + uint8_t sa_state, | |
47020 | + uint8_t auth, | |
47021 | + uint8_t encrypt, | |
47022 | + uint32_t flags) | |
47023 | +{ | |
47024 | + return pfkey_sa_ref_build(pfkey_ext, | |
47025 | + exttype, | |
47026 | + spi, | |
47027 | + replay_window, | |
47028 | + sa_state, | |
47029 | + auth, | |
47030 | + encrypt, | |
47031 | + flags, | |
47032 | + IPSEC_SAREF_NULL); | |
47033 | +} | |
47034 | + | |
47035 | +int | |
47036 | +pfkey_lifetime_build(struct sadb_ext ** pfkey_ext, | |
47037 | + uint16_t exttype, | |
47038 | + uint32_t allocations, | |
47039 | + uint64_t bytes, | |
47040 | + uint64_t addtime, | |
47041 | + uint64_t usetime, | |
47042 | + uint32_t packets) | |
47043 | +{ | |
47044 | + int error = 0; | |
47045 | + struct sadb_lifetime *pfkey_lifetime = (struct sadb_lifetime *)*pfkey_ext; | |
47046 | + | |
47047 | + DEBUGGING(PF_KEY_DEBUG_BUILD, | |
47048 | + "pfkey_lifetime_build:\n"); | |
47049 | + /* sanity checks... */ | |
47050 | + if(pfkey_lifetime) { | |
47051 | + DEBUGGING(PF_KEY_DEBUG_BUILD, | |
47052 | + "pfkey_lifetime_build: " | |
47053 | + "why is pfkey_lifetime already pointing to something?\n"); | |
47054 | + SENDERR(EINVAL); | |
47055 | + } | |
47056 | + | |
47057 | + if(exttype != SADB_EXT_LIFETIME_CURRENT && | |
47058 | + exttype != SADB_EXT_LIFETIME_HARD && | |
47059 | + exttype != SADB_EXT_LIFETIME_SOFT) { | |
47060 | + DEBUGGING(PF_KEY_DEBUG_BUILD, | |
47061 | + "pfkey_lifetime_build: " | |
47062 | + "invalid exttype=%d.\n", | |
47063 | + exttype); | |
47064 | + SENDERR(EINVAL); | |
47065 | + } | |
47066 | + | |
47067 | + pfkey_lifetime = (struct sadb_lifetime*)MALLOC(sizeof(struct sadb_lifetime)); | |
47068 | + *pfkey_ext = (struct sadb_ext*) pfkey_lifetime; | |
47069 | + | |
47070 | + if(pfkey_lifetime == NULL) { | |
47071 | + DEBUGGING(PF_KEY_DEBUG_BUILD, | |
47072 | + "pfkey_lifetime_build: " | |
47073 | + "memory allocation failed\n"); | |
47074 | + SENDERR(ENOMEM); | |
47075 | + } | |
47076 | + memset(pfkey_lifetime, 0, sizeof(struct sadb_lifetime)); | |
47077 | + | |
47078 | + pfkey_lifetime->sadb_lifetime_len = sizeof(struct sadb_lifetime) / IPSEC_PFKEYv2_ALIGN; | |
47079 | + pfkey_lifetime->sadb_lifetime_exttype = exttype; | |
47080 | + pfkey_lifetime->sadb_lifetime_allocations = allocations; | |
47081 | + pfkey_lifetime->sadb_lifetime_bytes = bytes; | |
47082 | + pfkey_lifetime->sadb_lifetime_addtime = addtime; | |
47083 | + pfkey_lifetime->sadb_lifetime_usetime = usetime; | |
47084 | + pfkey_lifetime->sadb_x_lifetime_packets = packets; | |
47085 | + | |
47086 | +errlab: | |
47087 | + return error; | |
47088 | +} | |
47089 | + | |
47090 | +int | |
47091 | +pfkey_address_build(struct sadb_ext** pfkey_ext, | |
47092 | + uint16_t exttype, | |
47093 | + uint8_t proto, | |
47094 | + uint8_t prefixlen, | |
47095 | + struct sockaddr* address) | |
47096 | +{ | |
47097 | + int error = 0; | |
47098 | + int saddr_len = 0; | |
47099 | + char ipaddr_txt[ADDRTOT_BUF + 6/*extra for port number*/]; | |
47100 | + struct sadb_address *pfkey_address = (struct sadb_address *)*pfkey_ext; | |
47101 | + | |
47102 | + DEBUGGING(PF_KEY_DEBUG_BUILD, | |
47103 | + "pfkey_address_build: " | |
47104 | + "exttype=%d proto=%d prefixlen=%d\n", | |
47105 | + exttype, | |
47106 | + proto, | |
47107 | + prefixlen); | |
47108 | + /* sanity checks... */ | |
47109 | + if(pfkey_address) { | |
47110 | + ERROR("pfkey_address_build: " | |
47111 | + "why is pfkey_address already pointing to something?\n"); | |
47112 | + SENDERR(EINVAL); | |
47113 | + } | |
47114 | + | |
47115 | + if (!address) { | |
47116 | + ERROR("pfkey_address_build: " "address is NULL\n"); | |
47117 | + SENDERR(EINVAL); | |
47118 | + } | |
47119 | + | |
47120 | + switch(exttype) { | |
47121 | + case SADB_EXT_ADDRESS_SRC: | |
47122 | + case SADB_EXT_ADDRESS_DST: | |
47123 | + case SADB_EXT_ADDRESS_PROXY: | |
47124 | + case SADB_X_EXT_ADDRESS_DST2: | |
47125 | + case SADB_X_EXT_ADDRESS_SRC_FLOW: | |
47126 | + case SADB_X_EXT_ADDRESS_DST_FLOW: | |
47127 | + case SADB_X_EXT_ADDRESS_SRC_MASK: | |
47128 | + case SADB_X_EXT_ADDRESS_DST_MASK: | |
47129 | +#ifdef NAT_TRAVERSAL | |
47130 | + case SADB_X_EXT_NAT_T_OA: | |
47131 | +#endif | |
47132 | + break; | |
47133 | + default: | |
47134 | + ERROR("pfkey_address_build: " | |
47135 | + "unrecognised ext_type=%d.\n", | |
47136 | + exttype); | |
47137 | + SENDERR(EINVAL); | |
47138 | + } | |
47139 | + | |
47140 | + switch(address->sa_family) { | |
47141 | + case AF_INET: | |
47142 | + DEBUGGING(PF_KEY_DEBUG_BUILD, | |
47143 | + "pfkey_address_build: " | |
47144 | + "found address family AF_INET.\n"); | |
47145 | + saddr_len = sizeof(struct sockaddr_in); | |
47146 | + sprintf(ipaddr_txt, "%d.%d.%d.%d:%d" | |
47147 | + , (((struct sockaddr_in*)address)->sin_addr.s_addr >> 0) & 0xFF | |
47148 | + , (((struct sockaddr_in*)address)->sin_addr.s_addr >> 8) & 0xFF | |
47149 | + , (((struct sockaddr_in*)address)->sin_addr.s_addr >> 16) & 0xFF | |
47150 | + , (((struct sockaddr_in*)address)->sin_addr.s_addr >> 24) & 0xFF | |
47151 | + , ntohs(((struct sockaddr_in*)address)->sin_port)); | |
47152 | + break; | |
47153 | + case AF_INET6: | |
47154 | + DEBUGGING(PF_KEY_DEBUG_BUILD, | |
47155 | + "pfkey_address_build: " | |
47156 | + "found address family AF_INET6.\n"); | |
47157 | + saddr_len = sizeof(struct sockaddr_in6); | |
47158 | + sprintf(ipaddr_txt, "%x:%x:%x:%x:%x:%x:%x:%x-%x" | |
47159 | + , ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr16[0]) | |
47160 | + , ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr16[1]) | |
47161 | + , ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr16[2]) | |
47162 | + , ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr16[3]) | |
47163 | + , ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr16[4]) | |
47164 | + , ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr16[5]) | |
47165 | + , ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr16[6]) | |
47166 | + , ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr16[7]) | |
47167 | + , ntohs(((struct sockaddr_in6*)address)->sin6_port)); | |
47168 | + break; | |
47169 | + default: | |
47170 | + ERROR("pfkey_address_build: " | |
47171 | + "address->sa_family=%d not supported.\n", | |
47172 | + address->sa_family); | |
47173 | + SENDERR(EPFNOSUPPORT); | |
47174 | + } | |
47175 | + | |
47176 | + DEBUGGING(PF_KEY_DEBUG_BUILD, | |
47177 | + "pfkey_address_build: " | |
47178 | + "found address=%s.\n", | |
47179 | + ipaddr_txt); | |
47180 | + if(prefixlen != 0) { | |
47181 | + ERROR("pfkey_address_build: " | |
47182 | + "address prefixes not supported yet.\n"); | |
47183 | + SENDERR(EAFNOSUPPORT); /* not supported yet */ | |
47184 | + } | |
47185 | + | |
47186 | + /* allocate some memory for the extension */ | |
47187 | + pfkey_address = (struct sadb_address*) | |
47188 | + MALLOC(ALIGN_N(sizeof(struct sadb_address) + saddr_len, IPSEC_PFKEYv2_ALIGN)); | |
47189 | + *pfkey_ext = (struct sadb_ext*)pfkey_address; | |
47190 | + | |
47191 | + if(pfkey_address == NULL ) { | |
47192 | + ERROR("pfkey_lifetime_build: " | |
47193 | + "memory allocation failed\n"); | |
47194 | + SENDERR(ENOMEM); | |
47195 | + } | |
47196 | + memset(pfkey_address, | |
47197 | + 0, | |
47198 | + ALIGN_N(sizeof(struct sadb_address) + saddr_len, | |
47199 | + IPSEC_PFKEYv2_ALIGN)); | |
47200 | + | |
47201 | + pfkey_address->sadb_address_len = DIVUP(sizeof(struct sadb_address) + saddr_len, | |
47202 | + IPSEC_PFKEYv2_ALIGN); | |
47203 | + | |
47204 | + pfkey_address->sadb_address_exttype = exttype; | |
47205 | + pfkey_address->sadb_address_proto = proto; | |
47206 | + pfkey_address->sadb_address_prefixlen = prefixlen; | |
47207 | + pfkey_address->sadb_address_reserved = 0; | |
47208 | + | |
47209 | + memcpy((char*)pfkey_address + sizeof(struct sadb_address), | |
47210 | + address, | |
47211 | + saddr_len); | |
47212 | + | |
47213 | +#if 0 | |
47214 | + for(i = 0; i < sizeof(struct sockaddr_in) - offsetof(struct sockaddr_in, sin_zero); i++) { | |
47215 | + pfkey_address_s_ska.sin_zero[i] = 0; | |
47216 | + } | |
47217 | +#endif | |
47218 | + DEBUGGING(PF_KEY_DEBUG_BUILD, | |
47219 | + "pfkey_address_build: " | |
47220 | + "successful created len: %d.\n", pfkey_address->sadb_address_len); | |
47221 | + | |
47222 | + errlab: | |
47223 | + return error; | |
47224 | +} | |
47225 | + | |
47226 | +int | |
47227 | +pfkey_key_build(struct sadb_ext** pfkey_ext, | |
47228 | + uint16_t exttype, | |
47229 | + uint16_t key_bits, | |
47230 | + char* key) | |
47231 | +{ | |
47232 | + int error = 0; | |
47233 | + struct sadb_key *pfkey_key = (struct sadb_key *)*pfkey_ext; | |
47234 | + | |
47235 | + DEBUGGING(PF_KEY_DEBUG_BUILD, | |
47236 | + "pfkey_key_build:\n"); | |
47237 | + /* sanity checks... */ | |
47238 | + if(pfkey_key) { | |
47239 | + ERROR("pfkey_key_build: " | |
47240 | + "why is pfkey_key already pointing to something?\n"); | |
47241 | + SENDERR(EINVAL); | |
47242 | + } | |
47243 | + | |
47244 | + if(!key_bits) { | |
47245 | + ERROR("pfkey_key_build: " | |
47246 | + "key_bits is zero, it must be non-zero.\n"); | |
47247 | + SENDERR(EINVAL); | |
47248 | + } | |
47249 | + | |
47250 | + if( !((exttype == SADB_EXT_KEY_AUTH) || (exttype == SADB_EXT_KEY_ENCRYPT))) { | |
47251 | + ERROR("pfkey_key_build: " | |
47252 | + "unsupported extension type=%d.\n", | |
47253 | + exttype); | |
47254 | + SENDERR(EINVAL); | |
47255 | + } | |
47256 | + | |
47257 | + pfkey_key = (struct sadb_key*) | |
47258 | + MALLOC(sizeof(struct sadb_key) + | |
47259 | + DIVUP(key_bits, 64) * IPSEC_PFKEYv2_ALIGN); | |
47260 | + | |
47261 | + *pfkey_ext = (struct sadb_ext*)pfkey_key; | |
47262 | + | |
47263 | + if(pfkey_key == NULL) { | |
47264 | + ERROR("pfkey_key_build: " | |
47265 | + "memory allocation failed\n"); | |
47266 | + SENDERR(ENOMEM); | |
47267 | + } | |
47268 | + memset(pfkey_key, | |
47269 | + 0, | |
47270 | + sizeof(struct sadb_key) + | |
47271 | + DIVUP(key_bits, 64) * IPSEC_PFKEYv2_ALIGN); | |
47272 | + | |
47273 | + pfkey_key->sadb_key_len = DIVUP(sizeof(struct sadb_key) * IPSEC_PFKEYv2_ALIGN + key_bits, | |
47274 | + 64); | |
47275 | + pfkey_key->sadb_key_exttype = exttype; | |
47276 | + pfkey_key->sadb_key_bits = key_bits; | |
47277 | + pfkey_key->sadb_key_reserved = 0; | |
47278 | + memcpy((char*)pfkey_key + sizeof(struct sadb_key), | |
47279 | + key, | |
47280 | + DIVUP(key_bits, 8)); | |
47281 | + | |
47282 | +errlab: | |
47283 | + return error; | |
47284 | +} | |
47285 | + | |
47286 | +int | |
47287 | +pfkey_ident_build(struct sadb_ext** pfkey_ext, | |
47288 | + uint16_t exttype, | |
47289 | + uint16_t ident_type, | |
47290 | + uint64_t ident_id, | |
47291 | + uint8_t ident_len, | |
47292 | + char* ident_string) | |
47293 | +{ | |
47294 | + int error = 0; | |
47295 | + struct sadb_ident *pfkey_ident = (struct sadb_ident *)*pfkey_ext; | |
47296 | + int data_len = ident_len * IPSEC_PFKEYv2_ALIGN - sizeof(struct sadb_ident); | |
47297 | + | |
47298 | + DEBUGGING(PF_KEY_DEBUG_BUILD, | |
47299 | + "pfkey_ident_build:\n"); | |
47300 | + /* sanity checks... */ | |
47301 | + if(pfkey_ident) { | |
47302 | + ERROR("pfkey_ident_build: " | |
47303 | + "why is pfkey_ident already pointing to something?\n"); | |
47304 | + SENDERR(EINVAL); | |
47305 | + } | |
47306 | + | |
47307 | + if( ! ((exttype == SADB_EXT_IDENTITY_SRC) || | |
47308 | + (exttype == SADB_EXT_IDENTITY_DST))) { | |
47309 | + ERROR("pfkey_ident_build: " | |
47310 | + "unsupported extension type=%d.\n", | |
47311 | + exttype); | |
47312 | + SENDERR(EINVAL); | |
47313 | + } | |
47314 | + | |
47315 | + if((ident_type == SADB_IDENTTYPE_RESERVED)) { | |
47316 | + ERROR("pfkey_ident_build: " | |
47317 | + "ident_type must be non-zero.\n"); | |
47318 | + SENDERR(EINVAL); | |
47319 | + } | |
47320 | + | |
47321 | + if(ident_type > SADB_IDENTTYPE_MAX) { | |
47322 | + ERROR("pfkey_ident_build: " | |
47323 | + "identtype=%d out of range.\n", | |
47324 | + ident_type); | |
47325 | + SENDERR(EINVAL); | |
47326 | + } | |
47327 | + | |
47328 | + if(((ident_type == SADB_IDENTTYPE_PREFIX) || | |
47329 | + (ident_type == SADB_IDENTTYPE_FQDN)) && | |
47330 | + !ident_string) { | |
47331 | + ERROR("pfkey_ident_build: " | |
47332 | + "string required to allocate size of extension.\n"); | |
47333 | + SENDERR(EINVAL); | |
47334 | + } | |
47335 | + | |
47336 | +#if 0 | |
47337 | + if((ident_type == SADB_IDENTTYPE_USERFQDN) ) { | |
47338 | + } | |
47339 | +#endif | |
47340 | + | |
47341 | + pfkey_ident = (struct sadb_ident*) | |
47342 | + MALLOC(ident_len * IPSEC_PFKEYv2_ALIGN); | |
47343 | + | |
47344 | + *pfkey_ext = (struct sadb_ext*)pfkey_ident; | |
47345 | + | |
47346 | + if(pfkey_ident == NULL) { | |
47347 | + ERROR("pfkey_ident_build: " | |
47348 | + "memory allocation failed\n"); | |
47349 | + SENDERR(ENOMEM); | |
47350 | + } | |
47351 | + memset(pfkey_ident, 0, ident_len * IPSEC_PFKEYv2_ALIGN); | |
47352 | + | |
47353 | + pfkey_ident->sadb_ident_len = ident_len; | |
47354 | + pfkey_ident->sadb_ident_exttype = exttype; | |
47355 | + pfkey_ident->sadb_ident_type = ident_type; | |
47356 | + pfkey_ident->sadb_ident_reserved = 0; | |
47357 | + pfkey_ident->sadb_ident_id = ident_id; | |
47358 | + memcpy((char*)pfkey_ident + sizeof(struct sadb_ident), | |
47359 | + ident_string, | |
47360 | + data_len); | |
47361 | + | |
47362 | +errlab: | |
47363 | + return error; | |
47364 | +} | |
47365 | + | |
47366 | +int | |
47367 | +pfkey_sens_build(struct sadb_ext** pfkey_ext, | |
47368 | + uint32_t dpd, | |
47369 | + uint8_t sens_level, | |
47370 | + uint8_t sens_len, | |
47371 | + uint64_t* sens_bitmap, | |
47372 | + uint8_t integ_level, | |
47373 | + uint8_t integ_len, | |
47374 | + uint64_t* integ_bitmap) | |
47375 | +{ | |
47376 | + int error = 0; | |
47377 | + struct sadb_sens *pfkey_sens = (struct sadb_sens *)*pfkey_ext; | |
47378 | + int i; | |
47379 | + uint64_t* bitmap; | |
47380 | + | |
47381 | + DEBUGGING(PF_KEY_DEBUG_BUILD, | |
47382 | + "pfkey_sens_build:\n"); | |
47383 | + /* sanity checks... */ | |
47384 | + if(pfkey_sens) { | |
47385 | + ERROR("pfkey_sens_build: " | |
47386 | + "why is pfkey_sens already pointing to something?\n"); | |
47387 | + SENDERR(EINVAL); | |
47388 | + } | |
47389 | + | |
47390 | + DEBUGGING(PF_KEY_DEBUG_BUILD, | |
47391 | + "pfkey_sens_build: " | |
47392 | + "Sorry, I can't build exttype=%d yet.\n", | |
47393 | + (*pfkey_ext)->sadb_ext_type); | |
47394 | + SENDERR(EINVAL); /* don't process these yet */ | |
47395 | + | |
47396 | + pfkey_sens = (struct sadb_sens*) | |
47397 | + MALLOC(sizeof(struct sadb_sens) + | |
47398 | + (sens_len + integ_len) * sizeof(uint64_t)); | |
47399 | + | |
47400 | + *pfkey_ext = (struct sadb_ext*)pfkey_sens; | |
47401 | + | |
47402 | + if(pfkey_sens == NULL) { | |
47403 | + ERROR("pfkey_sens_build: " | |
47404 | + "memory allocation failed\n"); | |
47405 | + SENDERR(ENOMEM); | |
47406 | + } | |
47407 | + memset(pfkey_sens, | |
47408 | + 0, | |
47409 | + sizeof(struct sadb_sens) + | |
47410 | + (sens_len + integ_len) * sizeof(uint64_t)); | |
47411 | + | |
47412 | + pfkey_sens->sadb_sens_len = (sizeof(struct sadb_sens) + | |
47413 | + (sens_len + integ_len) * sizeof(uint64_t)) / IPSEC_PFKEYv2_ALIGN; | |
47414 | + pfkey_sens->sadb_sens_exttype = SADB_EXT_SENSITIVITY; | |
47415 | + pfkey_sens->sadb_sens_dpd = dpd; | |
47416 | + pfkey_sens->sadb_sens_sens_level = sens_level; | |
47417 | + pfkey_sens->sadb_sens_sens_len = sens_len; | |
47418 | + pfkey_sens->sadb_sens_integ_level = integ_level; | |
47419 | + pfkey_sens->sadb_sens_integ_len = integ_len; | |
47420 | + pfkey_sens->sadb_sens_reserved = 0; | |
47421 | + | |
47422 | + bitmap = (uint64_t*)((char*)pfkey_ext + sizeof(struct sadb_sens)); | |
47423 | + for(i = 0; i < sens_len; i++) { | |
47424 | + *bitmap = sens_bitmap[i]; | |
47425 | + bitmap++; | |
47426 | + } | |
47427 | + for(i = 0; i < integ_len; i++) { | |
47428 | + *bitmap = integ_bitmap[i]; | |
47429 | + bitmap++; | |
47430 | + } | |
47431 | + | |
47432 | +errlab: | |
47433 | + return error; | |
47434 | +} | |
47435 | + | |
47436 | +int | |
47437 | +pfkey_prop_build(struct sadb_ext** pfkey_ext, | |
47438 | + uint8_t replay, | |
47439 | + unsigned int comb_num, | |
47440 | + struct sadb_comb* comb) | |
47441 | +{ | |
47442 | + int error = 0; | |
47443 | + int i; | |
47444 | + struct sadb_prop *pfkey_prop = (struct sadb_prop *)*pfkey_ext; | |
47445 | + struct sadb_comb *combp; | |
47446 | + | |
47447 | + DEBUGGING(PF_KEY_DEBUG_BUILD, | |
47448 | + "pfkey_prop_build:\n"); | |
47449 | + /* sanity checks... */ | |
47450 | + if(pfkey_prop) { | |
47451 | + ERROR("pfkey_prop_build: " | |
47452 | + "why is pfkey_prop already pointing to something?\n"); | |
47453 | + SENDERR(EINVAL); | |
47454 | + } | |
47455 | + | |
47456 | + pfkey_prop = (struct sadb_prop*) | |
47457 | + MALLOC(sizeof(struct sadb_prop) + | |
47458 | + comb_num * sizeof(struct sadb_comb)); | |
47459 | + | |
47460 | + *pfkey_ext = (struct sadb_ext*)pfkey_prop; | |
47461 | + | |
47462 | + if(pfkey_prop == NULL) { | |
47463 | + ERROR("pfkey_prop_build: " | |
47464 | + "memory allocation failed\n"); | |
47465 | + SENDERR(ENOMEM); | |
47466 | + } | |
47467 | + memset(pfkey_prop, | |
47468 | + 0, | |
47469 | + sizeof(struct sadb_prop) + | |
47470 | + comb_num * sizeof(struct sadb_comb)); | |
47471 | + | |
47472 | + pfkey_prop->sadb_prop_len = (sizeof(struct sadb_prop) + | |
47473 | + comb_num * sizeof(struct sadb_comb)) / IPSEC_PFKEYv2_ALIGN; | |
47474 | + | |
47475 | + pfkey_prop->sadb_prop_exttype = SADB_EXT_PROPOSAL; | |
47476 | + pfkey_prop->sadb_prop_replay = replay; | |
47477 | + | |
47478 | + for(i=0; i<3; i++) { | |
47479 | + pfkey_prop->sadb_prop_reserved[i] = 0; | |
47480 | + } | |
47481 | + | |
47482 | + combp = (struct sadb_comb*)((char*)*pfkey_ext + sizeof(struct sadb_prop)); | |
47483 | + for(i = 0; i < comb_num; i++) { | |
47484 | + memcpy (combp, &(comb[i]), sizeof(struct sadb_comb)); | |
47485 | + combp++; | |
47486 | + } | |
47487 | + | |
47488 | +#if 0 | |
47489 | + uint8_t sadb_comb_auth; | |
47490 | + uint8_t sadb_comb_encrypt; | |
47491 | + uint16_t sadb_comb_flags; | |
47492 | + uint16_t sadb_comb_auth_minbits; | |
47493 | + uint16_t sadb_comb_auth_maxbits; | |
47494 | + uint16_t sadb_comb_encrypt_minbits; | |
47495 | + uint16_t sadb_comb_encrypt_maxbits; | |
47496 | + uint32_t sadb_comb_reserved; | |
47497 | + uint32_t sadb_comb_soft_allocations; | |
47498 | + uint32_t sadb_comb_hard_allocations; | |
47499 | + uint64_t sadb_comb_soft_bytes; | |
47500 | + uint64_t sadb_comb_hard_bytes; | |
47501 | + uint64_t sadb_comb_soft_addtime; | |
47502 | + uint64_t sadb_comb_hard_addtime; | |
47503 | + uint64_t sadb_comb_soft_usetime; | |
47504 | + uint64_t sadb_comb_hard_usetime; | |
47505 | + uint32_t sadb_comb_soft_packets; | |
47506 | + uint32_t sadb_comb_hard_packets; | |
47507 | +#endif | |
47508 | +errlab: | |
47509 | + return error; | |
47510 | +} | |
47511 | + | |
47512 | +int | |
47513 | +pfkey_supported_build(struct sadb_ext** pfkey_ext, | |
47514 | + uint16_t exttype, | |
47515 | + unsigned int alg_num, | |
47516 | + struct sadb_alg* alg) | |
47517 | +{ | |
47518 | + int error = 0; | |
47519 | + unsigned int i; | |
47520 | + struct sadb_supported *pfkey_supported = (struct sadb_supported *)*pfkey_ext; | |
47521 | + struct sadb_alg *pfkey_alg; | |
47522 | + | |
47523 | + /* sanity checks... */ | |
47524 | + if(pfkey_supported) { | |
47525 | + DEBUGGING(PF_KEY_DEBUG_BUILD, | |
47526 | + "pfkey_supported_build: " | |
47527 | + "why is pfkey_supported already pointing to something?\n"); | |
47528 | + SENDERR(EINVAL); | |
47529 | + } | |
47530 | + | |
47531 | + if( !((exttype == SADB_EXT_SUPPORTED_AUTH) || (exttype == SADB_EXT_SUPPORTED_ENCRYPT))) { | |
47532 | + DEBUGGING(PF_KEY_DEBUG_BUILD, | |
47533 | + "pfkey_supported_build: " | |
47534 | + "unsupported extension type=%d.\n", | |
47535 | + exttype); | |
47536 | + SENDERR(EINVAL); | |
47537 | + } | |
47538 | + | |
47539 | + pfkey_supported = (struct sadb_supported*) | |
47540 | + MALLOC(sizeof(struct sadb_supported) + | |
47541 | + alg_num * | |
47542 | + sizeof(struct sadb_alg)); | |
47543 | + | |
47544 | + *pfkey_ext = (struct sadb_ext*)pfkey_supported; | |
47545 | + | |
47546 | + if(pfkey_supported == NULL) { | |
47547 | + DEBUGGING(PF_KEY_DEBUG_BUILD, | |
47548 | + "pfkey_supported_build: " | |
47549 | + "memory allocation failed\n"); | |
47550 | + SENDERR(ENOMEM); | |
47551 | + } | |
47552 | + memset(pfkey_supported, | |
47553 | + 0, | |
47554 | + sizeof(struct sadb_supported) + | |
47555 | + alg_num * | |
47556 | + sizeof(struct sadb_alg)); | |
47557 | + | |
47558 | + pfkey_supported->sadb_supported_len = (sizeof(struct sadb_supported) + | |
47559 | + alg_num * | |
47560 | + sizeof(struct sadb_alg)) / | |
47561 | + IPSEC_PFKEYv2_ALIGN; | |
47562 | + pfkey_supported->sadb_supported_exttype = exttype; | |
47563 | + pfkey_supported->sadb_supported_reserved = 0; | |
47564 | + | |
47565 | + pfkey_alg = (struct sadb_alg*)((char*)pfkey_supported + sizeof(struct sadb_supported)); | |
47566 | + for(i = 0; i < alg_num; i++) { | |
47567 | + memcpy (pfkey_alg, &(alg[i]), sizeof(struct sadb_alg)); | |
47568 | + pfkey_alg->sadb_alg_reserved = 0; | |
47569 | + pfkey_alg++; | |
47570 | + } | |
47571 | + | |
47572 | +#if 0 | |
47573 | + DEBUGGING(PF_KEY_DEBUG_BUILD, | |
47574 | + "pfkey_supported_build: " | |
47575 | + "Sorry, I can't build exttype=%d yet.\n", | |
47576 | + (*pfkey_ext)->sadb_ext_type); | |
47577 | + SENDERR(EINVAL); /* don't process these yet */ | |
47578 | + | |
47579 | + uint8_t sadb_alg_id; | |
47580 | + uint8_t sadb_alg_ivlen; | |
47581 | + uint16_t sadb_alg_minbits; | |
47582 | + uint16_t sadb_alg_maxbits; | |
47583 | + uint16_t sadb_alg_reserved; | |
47584 | +#endif | |
47585 | +errlab: | |
47586 | + return error; | |
47587 | +} | |
47588 | + | |
47589 | +int | |
47590 | +pfkey_spirange_build(struct sadb_ext** pfkey_ext, | |
47591 | + uint16_t exttype, | |
47592 | + uint32_t min, /* in network order */ | |
47593 | + uint32_t max) /* in network order */ | |
47594 | +{ | |
47595 | + int error = 0; | |
47596 | + struct sadb_spirange *pfkey_spirange = (struct sadb_spirange *)*pfkey_ext; | |
47597 | + | |
47598 | + /* sanity checks... */ | |
47599 | + if(pfkey_spirange) { | |
47600 | + DEBUGGING(PF_KEY_DEBUG_BUILD, | |
47601 | + "pfkey_spirange_build: " | |
47602 | + "why is pfkey_spirange already pointing to something?\n"); | |
47603 | + SENDERR(EINVAL); | |
47604 | + } | |
47605 | + | |
47606 | + if(ntohl(max) < ntohl(min)) { | |
47607 | + DEBUGGING(PF_KEY_DEBUG_BUILD, | |
47608 | + "pfkey_spirange_build: " | |
47609 | + "minspi=%08x must be < maxspi=%08x.\n", | |
47610 | + ntohl(min), | |
47611 | + ntohl(max)); | |
47612 | + SENDERR(EINVAL); | |
47613 | + } | |
47614 | + | |
47615 | + if(ntohl(min) <= 255) { | |
47616 | + DEBUGGING(PF_KEY_DEBUG_BUILD, | |
47617 | + "pfkey_spirange_build: " | |
47618 | + "minspi=%08x must be > 255.\n", | |
47619 | + ntohl(min)); | |
47620 | + SENDERR(EEXIST); | |
47621 | + } | |
47622 | + | |
47623 | + pfkey_spirange = (struct sadb_spirange*) | |
47624 | + MALLOC(sizeof(struct sadb_spirange)); | |
47625 | + | |
47626 | + *pfkey_ext = (struct sadb_ext*)pfkey_spirange; | |
47627 | + | |
47628 | + if(pfkey_spirange == NULL) { | |
47629 | + DEBUGGING(PF_KEY_DEBUG_BUILD, | |
47630 | + "pfkey_spirange_build: " | |
47631 | + "memory allocation failed\n"); | |
47632 | + SENDERR(ENOMEM); | |
47633 | + } | |
47634 | + memset(pfkey_spirange, | |
47635 | + 0, | |
47636 | + sizeof(struct sadb_spirange)); | |
47637 | + | |
47638 | + pfkey_spirange->sadb_spirange_len = sizeof(struct sadb_spirange) / IPSEC_PFKEYv2_ALIGN; | |
47639 | + | |
47640 | + pfkey_spirange->sadb_spirange_exttype = SADB_EXT_SPIRANGE; | |
47641 | + pfkey_spirange->sadb_spirange_min = min; | |
47642 | + pfkey_spirange->sadb_spirange_max = max; | |
47643 | + pfkey_spirange->sadb_spirange_reserved = 0; | |
47644 | + errlab: | |
47645 | + return error; | |
47646 | +} | |
47647 | + | |
47648 | +int | |
47649 | +pfkey_x_kmprivate_build(struct sadb_ext** pfkey_ext) | |
47650 | +{ | |
47651 | + int error = 0; | |
47652 | + struct sadb_x_kmprivate *pfkey_x_kmprivate = (struct sadb_x_kmprivate *)*pfkey_ext; | |
47653 | + | |
47654 | + /* sanity checks... */ | |
47655 | + if(pfkey_x_kmprivate) { | |
47656 | + DEBUGGING(PF_KEY_DEBUG_BUILD, | |
47657 | + "pfkey_x_kmprivate_build: " | |
47658 | + "why is pfkey_x_kmprivate already pointing to something?\n"); | |
47659 | + SENDERR(EINVAL); | |
47660 | + } | |
47661 | + | |
47662 | + pfkey_x_kmprivate->sadb_x_kmprivate_reserved = 0; | |
47663 | + | |
47664 | + DEBUGGING(PF_KEY_DEBUG_BUILD, | |
47665 | + "pfkey_x_kmprivate_build: " | |
47666 | + "Sorry, I can't build exttype=%d yet.\n", | |
47667 | + (*pfkey_ext)->sadb_ext_type); | |
47668 | + SENDERR(EINVAL); /* don't process these yet */ | |
47669 | + | |
47670 | + pfkey_x_kmprivate = (struct sadb_x_kmprivate*) | |
47671 | + MALLOC(sizeof(struct sadb_x_kmprivate)); | |
47672 | + | |
47673 | + *pfkey_ext = (struct sadb_ext*)pfkey_x_kmprivate; | |
47674 | + | |
47675 | + if(pfkey_x_kmprivate == NULL) { | |
47676 | + DEBUGGING(PF_KEY_DEBUG_BUILD, | |
47677 | + "pfkey_x_kmprivate_build: " | |
47678 | + "memory allocation failed\n"); | |
47679 | + SENDERR(ENOMEM); | |
47680 | + } | |
47681 | + memset(pfkey_x_kmprivate, | |
47682 | + 0, | |
47683 | + sizeof(struct sadb_x_kmprivate)); | |
47684 | + | |
47685 | + pfkey_x_kmprivate->sadb_x_kmprivate_len = | |
47686 | + sizeof(struct sadb_x_kmprivate) / IPSEC_PFKEYv2_ALIGN; | |
47687 | + | |
47688 | + pfkey_x_kmprivate->sadb_x_kmprivate_exttype = SADB_X_EXT_KMPRIVATE; | |
47689 | + pfkey_x_kmprivate->sadb_x_kmprivate_reserved = 0; | |
47690 | +errlab: | |
47691 | + return error; | |
47692 | +} | |
47693 | + | |
47694 | +int | |
47695 | +pfkey_x_satype_build(struct sadb_ext** pfkey_ext, | |
47696 | + uint8_t satype) | |
47697 | +{ | |
47698 | + int error = 0; | |
47699 | + int i; | |
47700 | + struct sadb_x_satype *pfkey_x_satype = (struct sadb_x_satype *)*pfkey_ext; | |
47701 | + | |
47702 | + DEBUGGING(PF_KEY_DEBUG_BUILD, | |
47703 | + "pfkey_x_satype_build:\n"); | |
47704 | + /* sanity checks... */ | |
47705 | + if(pfkey_x_satype) { | |
47706 | + ERROR("pfkey_x_satype_build: " | |
47707 | + "why is pfkey_x_satype already pointing to something?\n"); | |
47708 | + SENDERR(EINVAL); | |
47709 | + } | |
47710 | + | |
47711 | + if(!satype) { | |
47712 | + ERROR("pfkey_x_satype_build: " | |
47713 | + "SA type not set, must be non-zero.\n"); | |
47714 | + SENDERR(EINVAL); | |
47715 | + } | |
47716 | + | |
47717 | + if(satype > SADB_SATYPE_MAX) { | |
47718 | + ERROR("pfkey_x_satype_build: " | |
47719 | + "satype %d > max %d\n", | |
47720 | + satype, SADB_SATYPE_MAX); | |
47721 | + SENDERR(EINVAL); | |
47722 | + } | |
47723 | + | |
47724 | + pfkey_x_satype = (struct sadb_x_satype*) | |
47725 | + MALLOC(sizeof(struct sadb_x_satype)); | |
47726 | + | |
47727 | + *pfkey_ext = (struct sadb_ext*)pfkey_x_satype; | |
47728 | + if(pfkey_x_satype == NULL) { | |
47729 | + ERROR("pfkey_x_satype_build: " | |
47730 | + "memory allocation failed\n"); | |
47731 | + SENDERR(ENOMEM); | |
47732 | + } | |
47733 | + memset(pfkey_x_satype, | |
47734 | + 0, | |
47735 | + sizeof(struct sadb_x_satype)); | |
47736 | + | |
47737 | + pfkey_x_satype->sadb_x_satype_len = sizeof(struct sadb_x_satype) / IPSEC_PFKEYv2_ALIGN; | |
47738 | + | |
47739 | + pfkey_x_satype->sadb_x_satype_exttype = SADB_X_EXT_SATYPE2; | |
47740 | + pfkey_x_satype->sadb_x_satype_satype = satype; | |
47741 | + for(i=0; i<3; i++) { | |
47742 | + pfkey_x_satype->sadb_x_satype_reserved[i] = 0; | |
47743 | + } | |
47744 | + | |
47745 | +errlab: | |
47746 | + return error; | |
47747 | +} | |
47748 | + | |
47749 | +int | |
47750 | +pfkey_x_debug_build(struct sadb_ext** pfkey_ext, | |
47751 | + uint32_t tunnel, | |
47752 | + uint32_t netlink, | |
47753 | + uint32_t xform, | |
47754 | + uint32_t eroute, | |
47755 | + uint32_t spi, | |
47756 | + uint32_t radij, | |
47757 | + uint32_t esp, | |
47758 | + uint32_t ah, | |
47759 | + uint32_t rcv, | |
47760 | + uint32_t pfkey, | |
47761 | + uint32_t ipcomp, | |
47762 | + uint32_t verbose) | |
47763 | +{ | |
47764 | + int error = 0; | |
47765 | + int i; | |
47766 | + struct sadb_x_debug *pfkey_x_debug = (struct sadb_x_debug *)*pfkey_ext; | |
47767 | + | |
47768 | + DEBUGGING(PF_KEY_DEBUG_BUILD, | |
47769 | + "pfkey_x_debug_build:\n"); | |
47770 | + /* sanity checks... */ | |
47771 | + if(pfkey_x_debug) { | |
47772 | + ERROR("pfkey_x_debug_build: " | |
47773 | + "why is pfkey_x_debug already pointing to something?\n"); | |
47774 | + SENDERR(EINVAL); | |
47775 | + } | |
47776 | + | |
47777 | + DEBUGGING(PF_KEY_DEBUG_BUILD, | |
47778 | + "pfkey_x_debug_build: " | |
47779 | + "tunnel=%x netlink=%x xform=%x eroute=%x spi=%x radij=%x esp=%x ah=%x rcv=%x pfkey=%x ipcomp=%x verbose=%x?\n", | |
47780 | + tunnel, netlink, xform, eroute, spi, radij, esp, ah, rcv, pfkey, ipcomp, verbose); | |
47781 | + | |
47782 | + pfkey_x_debug = (struct sadb_x_debug*) | |
47783 | + MALLOC(sizeof(struct sadb_x_debug)); | |
47784 | + | |
47785 | + *pfkey_ext = (struct sadb_ext*)pfkey_x_debug; | |
47786 | + | |
47787 | + if(pfkey_x_debug == NULL) { | |
47788 | + ERROR("pfkey_x_debug_build: " | |
47789 | + "memory allocation failed\n"); | |
47790 | + SENDERR(ENOMEM); | |
47791 | + } | |
47792 | +#if 0 | |
47793 | + memset(pfkey_x_debug, | |
47794 | + 0, | |
47795 | + sizeof(struct sadb_x_debug)); | |
47796 | +#endif | |
47797 | + | |
47798 | + pfkey_x_debug->sadb_x_debug_len = sizeof(struct sadb_x_debug) / IPSEC_PFKEYv2_ALIGN; | |
47799 | + pfkey_x_debug->sadb_x_debug_exttype = SADB_X_EXT_DEBUG; | |
47800 | + | |
47801 | + pfkey_x_debug->sadb_x_debug_tunnel = tunnel; | |
47802 | + pfkey_x_debug->sadb_x_debug_netlink = netlink; | |
47803 | + pfkey_x_debug->sadb_x_debug_xform = xform; | |
47804 | + pfkey_x_debug->sadb_x_debug_eroute = eroute; | |
47805 | + pfkey_x_debug->sadb_x_debug_spi = spi; | |
47806 | + pfkey_x_debug->sadb_x_debug_radij = radij; | |
47807 | + pfkey_x_debug->sadb_x_debug_esp = esp; | |
47808 | + pfkey_x_debug->sadb_x_debug_ah = ah; | |
47809 | + pfkey_x_debug->sadb_x_debug_rcv = rcv; | |
47810 | + pfkey_x_debug->sadb_x_debug_pfkey = pfkey; | |
47811 | + pfkey_x_debug->sadb_x_debug_ipcomp = ipcomp; | |
47812 | + pfkey_x_debug->sadb_x_debug_verbose = verbose; | |
47813 | + | |
47814 | + for(i=0; i<4; i++) { | |
47815 | + pfkey_x_debug->sadb_x_debug_reserved[i] = 0; | |
47816 | + } | |
47817 | + | |
47818 | +errlab: | |
47819 | + return error; | |
47820 | +} | |
47821 | + | |
47822 | +int | |
47823 | +pfkey_x_nat_t_type_build(struct sadb_ext** pfkey_ext, | |
47824 | + uint8_t type) | |
47825 | +{ | |
47826 | + int error = 0; | |
47827 | + int i; | |
47828 | + struct sadb_x_nat_t_type *pfkey_x_nat_t_type = (struct sadb_x_nat_t_type *)*pfkey_ext; | |
47829 | + | |
47830 | + DEBUGGING(PF_KEY_DEBUG_BUILD, | |
47831 | + "pfkey_x_nat_t_type_build:\n"); | |
47832 | + /* sanity checks... */ | |
47833 | + if(pfkey_x_nat_t_type) { | |
47834 | + DEBUGGING(PF_KEY_DEBUG_BUILD, | |
47835 | + "pfkey_x_nat_t_type_build: " | |
47836 | + "why is pfkey_x_nat_t_type already pointing to something?\n"); | |
47837 | + SENDERR(EINVAL); | |
47838 | + } | |
47839 | + | |
47840 | + DEBUGGING(PF_KEY_DEBUG_BUILD, | |
47841 | + "pfkey_x_nat_t_type_build: " | |
47842 | + "type=%d\n", type); | |
47843 | + | |
47844 | + pfkey_x_nat_t_type = (struct sadb_x_nat_t_type*) | |
47845 | + MALLOC(sizeof(struct sadb_x_nat_t_type)); | |
47846 | + | |
47847 | + *pfkey_ext = (struct sadb_ext*)pfkey_x_nat_t_type; | |
47848 | + | |
47849 | + if(pfkey_x_nat_t_type == NULL) { | |
47850 | + DEBUGGING(PF_KEY_DEBUG_BUILD, | |
47851 | + "pfkey_x_nat_t_type_build: " | |
47852 | + "memory allocation failed\n"); | |
47853 | + SENDERR(ENOMEM); | |
47854 | + } | |
47855 | + | |
47856 | + pfkey_x_nat_t_type->sadb_x_nat_t_type_len = sizeof(struct sadb_x_nat_t_type) / IPSEC_PFKEYv2_ALIGN; | |
47857 | + pfkey_x_nat_t_type->sadb_x_nat_t_type_exttype = SADB_X_EXT_NAT_T_TYPE; | |
47858 | + pfkey_x_nat_t_type->sadb_x_nat_t_type_type = type; | |
47859 | + for(i=0; i<3; i++) { | |
47860 | + pfkey_x_nat_t_type->sadb_x_nat_t_type_reserved[i] = 0; | |
47861 | + } | |
47862 | + | |
47863 | +errlab: | |
47864 | + return error; | |
47865 | +} | |
47866 | +int | |
47867 | +pfkey_x_nat_t_port_build(struct sadb_ext** pfkey_ext, | |
47868 | + uint16_t exttype, | |
47869 | + uint16_t port) | |
47870 | +{ | |
47871 | + int error = 0; | |
47872 | + struct sadb_x_nat_t_port *pfkey_x_nat_t_port = (struct sadb_x_nat_t_port *)*pfkey_ext; | |
47873 | + | |
47874 | + DEBUGGING(PF_KEY_DEBUG_BUILD, | |
47875 | + "pfkey_x_nat_t_port_build:\n"); | |
47876 | + /* sanity checks... */ | |
47877 | + if(pfkey_x_nat_t_port) { | |
47878 | + DEBUGGING(PF_KEY_DEBUG_BUILD, | |
47879 | + "pfkey_x_nat_t_port_build: " | |
47880 | + "why is pfkey_x_nat_t_port already pointing to something?\n"); | |
47881 | + SENDERR(EINVAL); | |
47882 | + } | |
47883 | + | |
47884 | + switch(exttype) { | |
47885 | + case SADB_X_EXT_NAT_T_SPORT: | |
47886 | + case SADB_X_EXT_NAT_T_DPORT: | |
47887 | + break; | |
47888 | + default: | |
47889 | + DEBUGGING(PF_KEY_DEBUG_BUILD, | |
47890 | + "pfkey_nat_t_port_build: " | |
47891 | + "unrecognised ext_type=%d.\n", | |
47892 | + exttype); | |
47893 | + SENDERR(EINVAL); | |
47894 | + } | |
47895 | + | |
47896 | + DEBUGGING(PF_KEY_DEBUG_BUILD, | |
47897 | + "pfkey_x_nat_t_port_build: " | |
47898 | + "ext=%d, port=%d\n", exttype, port); | |
47899 | + | |
47900 | + pfkey_x_nat_t_port = (struct sadb_x_nat_t_port*) | |
47901 | + MALLOC(sizeof(struct sadb_x_nat_t_port)); | |
47902 | + | |
47903 | + *pfkey_ext = (struct sadb_ext*)pfkey_x_nat_t_port; | |
47904 | + | |
47905 | + if(pfkey_x_nat_t_port == NULL) { | |
47906 | + DEBUGGING(PF_KEY_DEBUG_BUILD, | |
47907 | + "pfkey_x_nat_t_port_build: " | |
47908 | + "memory allocation failed\n"); | |
47909 | + SENDERR(ENOMEM); | |
47910 | + } | |
47911 | + | |
47912 | + pfkey_x_nat_t_port->sadb_x_nat_t_port_len = sizeof(struct sadb_x_nat_t_port) / IPSEC_PFKEYv2_ALIGN; | |
47913 | + pfkey_x_nat_t_port->sadb_x_nat_t_port_exttype = exttype; | |
47914 | + pfkey_x_nat_t_port->sadb_x_nat_t_port_port = port; | |
47915 | + pfkey_x_nat_t_port->sadb_x_nat_t_port_reserved = 0; | |
47916 | + | |
47917 | +errlab: | |
47918 | + return error; | |
47919 | +} | |
47920 | + | |
47921 | +int pfkey_x_protocol_build(struct sadb_ext **pfkey_ext, | |
47922 | + uint8_t protocol) | |
47923 | +{ | |
47924 | + int error = 0; | |
47925 | + struct sadb_protocol * p = (struct sadb_protocol *)*pfkey_ext; | |
47926 | + DEBUGGING(PF_KEY_DEBUG_BUILD,"pfkey_x_protocol_build: protocol=%u\n", protocol); | |
47927 | + /* sanity checks... */ | |
47928 | + if (p != 0) { | |
47929 | + ERROR("pfkey_x_protocol_build: bogus protocol pointer\n"); | |
47930 | + SENDERR(EINVAL); | |
47931 | + } | |
47932 | + if ((p = (struct sadb_protocol*)MALLOC(sizeof(*p))) == 0) { | |
47933 | + ERROR("pfkey_build: memory allocation failed\n"); | |
47934 | + SENDERR(ENOMEM); | |
47935 | + } | |
47936 | + *pfkey_ext = (struct sadb_ext *)p; | |
47937 | + p->sadb_protocol_len = sizeof(*p) / sizeof(uint64_t); | |
47938 | + p->sadb_protocol_exttype = SADB_X_EXT_PROTOCOL; | |
47939 | + p->sadb_protocol_proto = protocol; | |
47940 | + p->sadb_protocol_flags = 0; | |
47941 | + p->sadb_protocol_reserved2 = 0; | |
47942 | + errlab: | |
47943 | + return error; | |
47944 | +} | |
47945 | + | |
47946 | +int | |
47947 | +pfkey_msg_build(struct sadb_msg **pfkey_msg, struct sadb_ext *extensions[], int dir) | |
47948 | +{ | |
47949 | + int error = 0; | |
47950 | + unsigned ext; | |
47951 | + unsigned total_size; | |
47952 | + struct sadb_ext *pfkey_ext; | |
47953 | + int extensions_seen = 0; | |
47954 | +#ifndef __KERNEL__ | |
47955 | + struct sadb_ext *extensions_check[SADB_EXT_MAX + 1]; | |
47956 | +#endif | |
47957 | + | |
47958 | + if(!extensions[0]) { | |
47959 | + ERROR("pfkey_msg_build: " | |
47960 | + "extensions[0] must be specified (struct sadb_msg).\n"); | |
47961 | + SENDERR(EINVAL); | |
47962 | + } | |
47963 | + | |
47964 | + /* figure out the total size for all the requested extensions */ | |
47965 | + total_size = IPSEC_PFKEYv2_WORDS(sizeof(struct sadb_msg)); | |
47966 | + for(ext = 1; ext <= SADB_EXT_MAX; ext++) { | |
47967 | + if(extensions[ext]) { | |
47968 | + total_size += (extensions[ext])->sadb_ext_len; | |
47969 | + } | |
47970 | + } | |
47971 | + | |
47972 | + /* allocate that much space */ | |
47973 | + *pfkey_msg = (struct sadb_msg*)MALLOC(total_size * IPSEC_PFKEYv2_ALIGN); | |
47974 | + if(*pfkey_msg == NULL) { | |
47975 | + ERROR("pfkey_msg_build: " | |
47976 | + "memory allocation failed\n"); | |
47977 | + SENDERR(ENOMEM); | |
47978 | + } | |
47979 | + | |
47980 | + DEBUGGING(PF_KEY_DEBUG_BUILD, | |
47981 | + "pfkey_msg_build: " | |
47982 | + "pfkey_msg=0p%p allocated %lu bytes, &(extensions[0])=0p%p\n", | |
47983 | + *pfkey_msg, | |
47984 | + (unsigned long)(total_size * IPSEC_PFKEYv2_ALIGN), | |
47985 | + &(extensions[0])); | |
47986 | + | |
47987 | + memcpy(*pfkey_msg, | |
47988 | + extensions[0], | |
47989 | + sizeof(struct sadb_msg)); | |
47990 | + (*pfkey_msg)->sadb_msg_len = total_size; | |
47991 | + (*pfkey_msg)->sadb_msg_reserved = 0; | |
47992 | + extensions_seen = 1 ; | |
47993 | + | |
47994 | + /* | |
47995 | + * point pfkey_ext to immediately after the space for the header, | |
47996 | + * i.e. at the first extension location. | |
47997 | + */ | |
47998 | + pfkey_ext = (struct sadb_ext*)(((char*)(*pfkey_msg)) + sizeof(struct sadb_msg)); | |
47999 | + | |
48000 | + for(ext = 1; ext <= SADB_EXT_MAX; ext++) { | |
48001 | + /* copy from extension[ext] to buffer */ | |
48002 | + if(extensions[ext]) { | |
48003 | + /* Is this type of extension permitted for this type of message? */ | |
48004 | + if(!(extensions_bitmaps[dir][EXT_BITS_PERM][(*pfkey_msg)->sadb_msg_type] & | |
48005 | + 1<<ext)) { | |
48006 | + ERROR("pfkey_msg_build: " | |
48007 | + "ext type %d not permitted, exts_perm=%08x, 1<<type=%08x\n", | |
48008 | + ext, | |
48009 | + extensions_bitmaps[dir][EXT_BITS_PERM][(*pfkey_msg)->sadb_msg_type], | |
48010 | + 1<<ext); | |
48011 | + SENDERR(EINVAL); | |
48012 | + } | |
48013 | + | |
48014 | + DEBUGGING(PF_KEY_DEBUG_BUILD, | |
48015 | + "pfkey_msg_build: " | |
48016 | + "copying %lu bytes from extensions[%u] (type=%d)\n", | |
48017 | + (unsigned long)(extensions[ext]->sadb_ext_len * IPSEC_PFKEYv2_ALIGN), | |
48018 | + ext, | |
48019 | + extensions[ext]->sadb_ext_type); | |
48020 | + | |
48021 | + memcpy(pfkey_ext, | |
48022 | + extensions[ext], | |
48023 | + (extensions[ext])->sadb_ext_len * IPSEC_PFKEYv2_ALIGN); | |
48024 | + { | |
48025 | + char *pfkey_ext_c = (char *)pfkey_ext; | |
48026 | + | |
48027 | + pfkey_ext_c += (extensions[ext])->sadb_ext_len * IPSEC_PFKEYv2_ALIGN; | |
48028 | + pfkey_ext = (struct sadb_ext *)pfkey_ext_c; | |
48029 | + } | |
48030 | + | |
48031 | + /* Mark that we have seen this extension and remember the header location */ | |
48032 | + extensions_seen |= ( 1 << ext ); | |
48033 | + } | |
48034 | + } | |
48035 | + | |
48036 | + /* check required extensions */ | |
48037 | + DEBUGGING(PF_KEY_DEBUG_BUILD, | |
48038 | + "pfkey_msg_build: " | |
48039 | + "extensions permitted=%08x, seen=%08x, required=%08x.\n", | |
48040 | + extensions_bitmaps[dir][EXT_BITS_PERM][(*pfkey_msg)->sadb_msg_type], | |
48041 | + extensions_seen, | |
48042 | + extensions_bitmaps[dir][EXT_BITS_REQ][(*pfkey_msg)->sadb_msg_type]); | |
48043 | + | |
48044 | + if((extensions_seen & | |
48045 | + extensions_bitmaps[dir][EXT_BITS_REQ][(*pfkey_msg)->sadb_msg_type]) != | |
48046 | + extensions_bitmaps[dir][EXT_BITS_REQ][(*pfkey_msg)->sadb_msg_type]) { | |
48047 | + DEBUGGING(PF_KEY_DEBUG_BUILD, | |
48048 | + "pfkey_msg_build: " | |
48049 | + "required extensions missing:%08x.\n", | |
48050 | + extensions_bitmaps[dir][EXT_BITS_REQ][(*pfkey_msg)->sadb_msg_type] - | |
48051 | + (extensions_seen & | |
48052 | + extensions_bitmaps[dir][EXT_BITS_REQ][(*pfkey_msg)->sadb_msg_type]) ); | |
48053 | + SENDERR(EINVAL); | |
48054 | + } | |
48055 | + | |
48056 | +#ifndef __KERNEL__ | |
48057 | +/* | |
48058 | + * this is silly, there is no need to reparse the message that we just built. | |
48059 | + * | |
48060 | + */ | |
48061 | + if((error = pfkey_msg_parse(*pfkey_msg, NULL, extensions_check, dir))) { | |
48062 | + ERROR( | |
48063 | + "pfkey_msg_build: " | |
48064 | + "Trouble parsing newly built pfkey message, error=%d.\n", | |
48065 | + error); | |
48066 | + SENDERR(-error); | |
48067 | + } | |
48068 | +#endif | |
48069 | + | |
48070 | +errlab: | |
48071 | + | |
48072 | + return error; | |
48073 | +} | |
48074 | + | |
48075 | +/* | |
48076 | + * $Log: pfkey_v2_build.c,v $ | |
48077 | + * Revision 1.51.8.1 2006/05/01 14:36:39 mcr | |
48078 | + * get rid of dead code. | |
48079 | + * | |
48080 | + * Revision 1.51 2004/10/03 01:26:36 mcr | |
48081 | + * fixes for gcc 3.4 compilation. | |
48082 | + * | |
48083 | + * Revision 1.50 2004/07/10 07:48:35 mcr | |
48084 | + * Moved from linux/lib/libfreeswan/pfkey_v2_build.c,v | |
48085 | + * | |
48086 | + * Revision 1.49 2004/04/12 02:59:06 mcr | |
48087 | + * erroneously moved pfkey_v2_build.c | |
48088 | + * | |
48089 | + * Revision 1.48 2004/04/09 18:00:40 mcr | |
48090 | + * Moved from linux/lib/libfreeswan/pfkey_v2_build.c,v | |
48091 | + * | |
48092 | + * Revision 1.47 2004/03/08 01:59:08 ken | |
48093 | + * freeswan.h -> openswan.h | |
48094 | + * | |
48095 | + * Revision 1.46 2003/12/10 01:20:19 mcr | |
48096 | + * NAT-traversal patches to KLIPS. | |
48097 | + * | |
48098 | + * Revision 1.45 2003/12/04 23:01:12 mcr | |
48099 | + * removed ipsec_netlink.h | |
48100 | + * | |
48101 | + * Revision 1.44 2003/10/31 02:27:12 mcr | |
48102 | + * pulled up port-selector patches and sa_id elimination. | |
48103 | + * | |
48104 | + * Revision 1.43.4.2 2003/10/29 01:11:32 mcr | |
48105 | + * added debugging for pfkey library. | |
48106 | + * | |
48107 | + * Revision 1.43.4.1 2003/09/21 13:59:44 mcr | |
48108 | + * pre-liminary X.509 patch - does not yet pass tests. | |
48109 | + * | |
48110 | + * Revision 1.43 2003/05/07 17:29:17 mcr | |
48111 | + * new function pfkey_debug_func added for us in debugging from | |
48112 | + * pfkey library. | |
48113 | + * | |
48114 | + * Revision 1.42 2003/01/30 02:32:09 rgb | |
48115 | + * | |
48116 | + * Rename SAref table macro names for clarity. | |
48117 | + * Convert IPsecSAref_t from signed to unsigned to fix apparent SAref exhaustion bug. | |
48118 | + * | |
48119 | + * Revision 1.41 2002/12/13 18:16:02 mcr | |
48120 | + * restored sa_ref code | |
48121 | + * | |
48122 | + * Revision 1.40 2002/12/13 18:06:52 mcr | |
48123 | + * temporarily removed sadb_x_sa_ref reference for 2.xx | |
48124 | + * | |
48125 | + * Revision 1.39 2002/12/13 17:43:28 mcr | |
48126 | + * commented out access to sadb_x_sa_ref for 2.xx branch | |
48127 | + * | |
48128 | + * Revision 1.38 2002/10/09 03:12:05 dhr | |
48129 | + * | |
48130 | + * [kenb+dhr] 64-bit fixes | |
48131 | + * | |
48132 | + * Revision 1.37 2002/09/20 15:40:39 rgb | |
48133 | + * Added new function pfkey_sa_ref_build() to accomodate saref parameter. | |
48134 | + * | |
48135 | + * Revision 1.36 2002/09/20 05:01:22 rgb | |
48136 | + * Generalise for platform independance: fix (ia64) using unsigned for sizes. | |
48137 | + * | |
48138 | + * Revision 1.35 2002/07/24 18:44:54 rgb | |
48139 | + * Type fiddling to tame ia64 compiler. | |
48140 | + * | |
48141 | + * Revision 1.34 2002/05/23 07:14:11 rgb | |
48142 | + * Cleaned up %p variants to 0p%p for test suite cleanup. | |
48143 | + * | |
48144 | + * Revision 1.33 2002/04/24 07:55:32 mcr | |
48145 | + * #include patches and Makefiles for post-reorg compilation. | |
48146 | + * | |
48147 | + * Revision 1.32 2002/04/24 07:36:40 mcr | |
48148 | + * Moved from ./lib/pfkey_v2_build.c,v | |
48149 | + * | |
48150 | + * Revision 1.31 2002/01/29 22:25:35 rgb | |
48151 | + * Re-add ipsec_kversion.h to keep MALLOC happy. | |
48152 | + * | |
48153 | + * Revision 1.30 2002/01/29 01:59:09 mcr | |
48154 | + * removal of kversions.h - sources that needed it now use ipsec_param.h. | |
48155 | + * updating of IPv6 structures to match latest in6.h version. | |
48156 | + * removed dead code from openswan.h that also duplicated kversions.h | |
48157 | + * code. | |
48158 | + * | |
48159 | + * Revision 1.29 2001/12/19 21:06:09 rgb | |
48160 | + * Added port numbers to pfkey_address_build() debugging. | |
48161 | + * | |
48162 | + * Revision 1.28 2001/11/06 19:47:47 rgb | |
48163 | + * Added packet parameter to lifetime and comb structures. | |
48164 | + * | |
48165 | + * Revision 1.27 2001/10/18 04:45:24 rgb | |
48166 | + * 2.4.9 kernel deprecates linux/malloc.h in favour of linux/slab.h, | |
48167 | + * lib/openswan.h version macros moved to lib/kversions.h. | |
48168 | + * Other compiler directive cleanups. | |
48169 | + * | |
48170 | + * Revision 1.26 2001/09/08 21:13:34 rgb | |
48171 | + * Added pfkey ident extension support for ISAKMPd. (NetCelo) | |
48172 | + * | |
48173 | + * Revision 1.25 2001/06/14 19:35:16 rgb | |
48174 | + * Update copyright date. | |
48175 | + * | |
48176 | + * Revision 1.24 2001/03/20 03:49:45 rgb | |
48177 | + * Ditch superfluous debug_pfkey declaration. | |
48178 | + * Move misplaced openswan.h inclusion for kernel case. | |
48179 | + * | |
48180 | + * Revision 1.23 2001/03/16 07:41:50 rgb | |
48181 | + * Put openswan.h include before pluto includes. | |
48182 | + * | |
48183 | + * Revision 1.22 2001/02/27 22:24:56 rgb | |
48184 | + * Re-formatting debug output (line-splitting, joining, 1arg/line). | |
48185 | + * Check for satoa() return codes. | |
48186 | + * | |
48187 | + * Revision 1.21 2000/11/17 18:10:30 rgb | |
48188 | + * Fixed bugs mostly relating to spirange, to treat all spi variables as | |
48189 | + * network byte order since this is the way PF_KEYv2 stored spis. | |
48190 | + * | |
48191 | + * Revision 1.20 2000/10/12 00:02:39 rgb | |
48192 | + * Removed 'format, ##' nonsense from debug macros for RH7.0. | |
48193 | + * | |
48194 | + * Revision 1.19 2000/10/10 20:10:20 rgb | |
48195 | + * Added support for debug_ipcomp and debug_verbose to klipsdebug. | |
48196 | + * | |
48197 | + * Revision 1.18 2000/09/12 18:59:54 rgb | |
48198 | + * Added Gerhard's IPv6 support to pfkey parts of libopenswan. | |
48199 | + * | |
48200 | + * Revision 1.17 2000/09/12 03:27:00 rgb | |
48201 | + * Moved DEBUGGING definition to compile kernel with debug off. | |
48202 | + * | |
48203 | + * Revision 1.16 2000/09/08 19:22:12 rgb | |
48204 | + * Fixed pfkey_prop_build() parameter to be only single indirection. | |
48205 | + * Fixed struct alg copy. | |
48206 | + * | |
48207 | + * Revision 1.15 2000/08/20 21:40:01 rgb | |
48208 | + * Added an address parameter sanity check to pfkey_address_build(). | |
48209 | + * | |
48210 | + * Revision 1.14 2000/08/15 17:29:23 rgb | |
48211 | + * Fixes from SZI to untested pfkey_prop_build(). | |
48212 | + * | |
48213 | + * Revision 1.13 2000/06/02 22:54:14 rgb | |
48214 | + * Added Gerhard Gessler's struct sockaddr_storage mods for IPv6 support. | |
48215 | + * | |
48216 | + * Revision 1.12 2000/05/10 19:24:01 rgb | |
48217 | + * Fleshed out sensitivity, proposal and supported extensions. | |
48218 | + * | |
48219 | + * Revision 1.11 2000/03/16 14:07:23 rgb | |
48220 | + * Renamed ALIGN macro to avoid fighting with others in kernel. | |
48221 | + * | |
48222 | + * Revision 1.10 2000/01/24 21:14:35 rgb | |
48223 | + * Added disabled pluto pfkey lib debug flag. | |
48224 | + * | |
48225 | + * Revision 1.9 2000/01/21 06:27:32 rgb | |
48226 | + * Added address cases for eroute flows. | |
48227 | + * Removed unused code. | |
48228 | + * Dropped unused argument to pfkey_x_satype_build(). | |
48229 | + * Indented compiler directives for readability. | |
48230 | + * Added klipsdebug switching capability. | |
48231 | + * Fixed SADB_EXT_MAX bug not permitting last extension access. | |
48232 | + * | |
48233 | + * Revision 1.8 1999/12/29 21:17:41 rgb | |
48234 | + * Changed pfkey_msg_build() I/F to include a struct sadb_msg** | |
48235 | + * parameter for cleaner manipulation of extensions[] and to guard | |
48236 | + * against potential memory leaks. | |
48237 | + * Changed the I/F to pfkey_msg_free() for the same reason. | |
48238 | + * | |
48239 | + * Revision 1.7 1999/12/09 23:12:20 rgb | |
48240 | + * Removed unused cruft. | |
48241 | + * Added argument to pfkey_sa_build() to do eroutes. | |
48242 | + * Fixed exttype check in as yet unused pfkey_lifetime_build(). | |
48243 | + * | |
48244 | + * Revision 1.6 1999/12/07 19:54:29 rgb | |
48245 | + * Removed static pluto debug flag. | |
48246 | + * Added functions for pfkey message and extensions initialisation | |
48247 | + * and cleanup. | |
48248 | + * | |
48249 | + * Revision 1.5 1999/12/01 22:20:06 rgb | |
48250 | + * Changed pfkey_sa_build to accept an SPI in network byte order. | |
48251 | + * Added <string.h> to quiet userspace compiler. | |
48252 | + * Moved pfkey_lib_debug variable into the library. | |
48253 | + * Removed SATYPE check from pfkey_msg_hdr_build so FLUSH will work. | |
48254 | + * Added extension assembly debugging. | |
48255 | + * Isolated assignment with brackets to be sure of scope. | |
48256 | + * | |
48257 | + * Revision 1.4 1999/11/27 11:57:35 rgb | |
48258 | + * Added ipv6 headers. | |
48259 | + * Remove over-zealous algorithm sanity checkers from pfkey_sa_build. | |
48260 | + * Debugging error messages added. | |
48261 | + * Fixed missing auth and encrypt assignment bug. | |
48262 | + * Add argument to pfkey_msg_parse() for direction. | |
48263 | + * Move parse-after-build check inside pfkey_msg_build(). | |
48264 | + * Consolidated the 4 1-d extension bitmap arrays into one 4-d array. | |
48265 | + * Add CVS log entry to bottom of file. | |
48266 | + * | |
48267 | + */ | |
48268 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
48269 | +++ linux/net/ipsec/pfkey_v2_debug.c Mon Feb 9 13:51:03 2004 | |
48270 | @@ -0,0 +1,181 @@ | |
48271 | +/* | |
48272 | + * @(#) pfkey version 2 debugging messages | |
48273 | + * | |
48274 | + * Copyright (C) 2001 Richard Guy Briggs <rgb@openswan.org> | |
48275 | + * and Michael Richardson <mcr@openswan.org> | |
48276 | + * | |
48277 | + * This program is free software; you can redistribute it and/or modify it | |
48278 | + * under the terms of the GNU General Public License as published by the | |
48279 | + * Free Software Foundation; either version 2 of the License, or (at your | |
48280 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
48281 | + * | |
48282 | + * This program is distributed in the hope that it will be useful, but | |
48283 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
48284 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
48285 | + * for more details. | |
48286 | + * | |
48287 | + * RCSID $Id: pfkey_v2_debug.c,v 1.11 2005/04/06 17:45:16 mcr Exp $ | |
48288 | + * | |
48289 | + */ | |
48290 | + | |
48291 | +#ifdef __KERNEL__ | |
48292 | + | |
48293 | +# include <linux/kernel.h> /* for printk */ | |
48294 | + | |
48295 | +# include "openswan/ipsec_kversion.h" /* for malloc switch */ | |
48296 | +# ifdef MALLOC_SLAB | |
48297 | +# include <linux/slab.h> /* kmalloc() */ | |
48298 | +# else /* MALLOC_SLAB */ | |
48299 | +# include <linux/malloc.h> /* kmalloc() */ | |
48300 | +# endif /* MALLOC_SLAB */ | |
48301 | +# include <linux/errno.h> /* error codes */ | |
48302 | +# include <linux/types.h> /* size_t */ | |
48303 | +# include <linux/interrupt.h> /* mark_bh */ | |
48304 | + | |
48305 | +# include <linux/netdevice.h> /* struct device, and other headers */ | |
48306 | +# include <linux/etherdevice.h> /* eth_type_trans */ | |
48307 | +extern int debug_pfkey; | |
48308 | + | |
48309 | +#else /* __KERNEL__ */ | |
48310 | + | |
48311 | +# include <sys/types.h> | |
48312 | +# include <linux/types.h> | |
48313 | +# include <linux/errno.h> | |
48314 | + | |
48315 | +#endif /* __KERNEL__ */ | |
48316 | + | |
48317 | +#include "openswan.h" | |
48318 | +#include "pfkeyv2.h" | |
48319 | +#include "pfkey.h" | |
48320 | + | |
48321 | +/* | |
48322 | + * This file provides ASCII translations of PF_KEY magic numbers. | |
48323 | + * | |
48324 | + */ | |
48325 | + | |
48326 | +static char *pfkey_sadb_ext_strings[]={ | |
48327 | + "reserved", /* SADB_EXT_RESERVED 0 */ | |
48328 | + "security-association", /* SADB_EXT_SA 1 */ | |
48329 | + "lifetime-current", /* SADB_EXT_LIFETIME_CURRENT 2 */ | |
48330 | + "lifetime-hard", /* SADB_EXT_LIFETIME_HARD 3 */ | |
48331 | + "lifetime-soft", /* SADB_EXT_LIFETIME_SOFT 4 */ | |
48332 | + "source-address", /* SADB_EXT_ADDRESS_SRC 5 */ | |
48333 | + "destination-address", /* SADB_EXT_ADDRESS_DST 6 */ | |
48334 | + "proxy-address", /* SADB_EXT_ADDRESS_PROXY 7 */ | |
48335 | + "authentication-key", /* SADB_EXT_KEY_AUTH 8 */ | |
48336 | + "cipher-key", /* SADB_EXT_KEY_ENCRYPT 9 */ | |
48337 | + "source-identity", /* SADB_EXT_IDENTITY_SRC 10 */ | |
48338 | + "destination-identity", /* SADB_EXT_IDENTITY_DST 11 */ | |
48339 | + "sensitivity-label", /* SADB_EXT_SENSITIVITY 12 */ | |
48340 | + "proposal", /* SADB_EXT_PROPOSAL 13 */ | |
48341 | + "supported-auth", /* SADB_EXT_SUPPORTED_AUTH 14 */ | |
48342 | + "supported-cipher", /* SADB_EXT_SUPPORTED_ENCRYPT 15 */ | |
48343 | + "spi-range", /* SADB_EXT_SPIRANGE 16 */ | |
48344 | + "X-kmpprivate", /* SADB_X_EXT_KMPRIVATE 17 */ | |
48345 | + "X-satype2", /* SADB_X_EXT_SATYPE2 18 */ | |
48346 | + "X-security-association", /* SADB_X_EXT_SA2 19 */ | |
48347 | + "X-destination-address2", /* SADB_X_EXT_ADDRESS_DST2 20 */ | |
48348 | + "X-source-flow-address", /* SADB_X_EXT_ADDRESS_SRC_FLOW 21 */ | |
48349 | + "X-dest-flow-address", /* SADB_X_EXT_ADDRESS_DST_FLOW 22 */ | |
48350 | + "X-source-mask", /* SADB_X_EXT_ADDRESS_SRC_MASK 23 */ | |
48351 | + "X-dest-mask", /* SADB_X_EXT_ADDRESS_DST_MASK 24 */ | |
48352 | + "X-set-debug", /* SADB_X_EXT_DEBUG 25 */ | |
48353 | + /* NAT_TRAVERSAL */ | |
48354 | + "X-NAT-T-type", /* SADB_X_EXT_NAT_T_TYPE 26 */ | |
48355 | + "X-NAT-T-sport", /* SADB_X_EXT_NAT_T_SPORT 27 */ | |
48356 | + "X-NAT-T-dport", /* SADB_X_EXT_NAT_T_DPORT 28 */ | |
48357 | + "X-NAT-T-OA", /* SADB_X_EXT_NAT_T_OA 29 */ | |
48358 | +}; | |
48359 | + | |
48360 | +const char * | |
48361 | +pfkey_v2_sadb_ext_string(int ext) | |
48362 | +{ | |
48363 | + if(ext <= SADB_EXT_MAX) { | |
48364 | + return pfkey_sadb_ext_strings[ext]; | |
48365 | + } else { | |
48366 | + return "unknown-ext"; | |
48367 | + } | |
48368 | +} | |
48369 | + | |
48370 | + | |
48371 | +static char *pfkey_sadb_type_strings[]={ | |
48372 | + "reserved", /* SADB_RESERVED */ | |
48373 | + "getspi", /* SADB_GETSPI */ | |
48374 | + "update", /* SADB_UPDATE */ | |
48375 | + "add", /* SADB_ADD */ | |
48376 | + "delete", /* SADB_DELETE */ | |
48377 | + "get", /* SADB_GET */ | |
48378 | + "acquire", /* SADB_ACQUIRE */ | |
48379 | + "register", /* SADB_REGISTER */ | |
48380 | + "expire", /* SADB_EXPIRE */ | |
48381 | + "flush", /* SADB_FLUSH */ | |
48382 | + "dump", /* SADB_DUMP */ | |
48383 | + "x-promisc", /* SADB_X_PROMISC */ | |
48384 | + "x-pchange", /* SADB_X_PCHANGE */ | |
48385 | + "x-groupsa", /* SADB_X_GRPSA */ | |
48386 | + "x-addflow(eroute)", /* SADB_X_ADDFLOW */ | |
48387 | + "x-delflow(eroute)", /* SADB_X_DELFLOW */ | |
48388 | + "x-debug", /* SADB_X_DEBUG */ | |
48389 | +}; | |
48390 | + | |
48391 | +const char * | |
48392 | +pfkey_v2_sadb_type_string(int sadb_type) | |
48393 | +{ | |
48394 | + if(sadb_type <= SADB_MAX) { | |
48395 | + return pfkey_sadb_type_strings[sadb_type]; | |
48396 | + } else { | |
48397 | + return "unknown-sadb-type"; | |
48398 | + } | |
48399 | +} | |
48400 | + | |
48401 | + | |
48402 | + | |
48403 | + | |
48404 | +/* | |
48405 | + * $Log: pfkey_v2_debug.c,v $ | |
48406 | + * Revision 1.11 2005/04/06 17:45:16 mcr | |
48407 | + * always include NAT-T names. | |
48408 | + * | |
48409 | + * Revision 1.10 2004/07/10 07:48:35 mcr | |
48410 | + * Moved from linux/lib/libfreeswan/pfkey_v2_debug.c,v | |
48411 | + * | |
48412 | + * Revision 1.9 2004/03/08 01:59:08 ken | |
48413 | + * freeswan.h -> openswan.h | |
48414 | + * | |
48415 | + * Revision 1.8 2003/12/10 01:20:19 mcr | |
48416 | + * NAT-traversal patches to KLIPS. | |
48417 | + * | |
48418 | + * Revision 1.7 2002/09/20 05:01:26 rgb | |
48419 | + * Fixed limit inclusion error in both type and ext string conversion. | |
48420 | + * | |
48421 | + * Revision 1.6 2002/04/24 07:55:32 mcr | |
48422 | + * #include patches and Makefiles for post-reorg compilation. | |
48423 | + * | |
48424 | + * Revision 1.5 2002/04/24 07:36:40 mcr | |
48425 | + * Moved from ./lib/pfkey_v2_debug.c,v | |
48426 | + * | |
48427 | + * Revision 1.4 2002/01/29 22:25:36 rgb | |
48428 | + * Re-add ipsec_kversion.h to keep MALLOC happy. | |
48429 | + * | |
48430 | + * Revision 1.3 2002/01/29 01:59:09 mcr | |
48431 | + * removal of kversions.h - sources that needed it now use ipsec_param.h. | |
48432 | + * updating of IPv6 structures to match latest in6.h version. | |
48433 | + * removed dead code from openswan.h that also duplicated kversions.h | |
48434 | + * code. | |
48435 | + * | |
48436 | + * Revision 1.2 2002/01/20 20:34:50 mcr | |
48437 | + * added pfkey_v2_sadb_type_string to decode sadb_type to string. | |
48438 | + * | |
48439 | + * Revision 1.1 2001/11/27 05:30:06 mcr | |
48440 | + * initial set of debug strings for pfkey debugging. | |
48441 | + * this will eventually only be included for debug builds. | |
48442 | + * | |
48443 | + * Revision 1.1 2001/09/21 04:12:03 mcr | |
48444 | + * first compilable version. | |
48445 | + * | |
48446 | + * | |
48447 | + * Local variables: | |
48448 | + * c-file-style: "linux" | |
48449 | + * End: | |
48450 | + * | |
48451 | + */ | |
48452 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
48453 | +++ linux/net/ipsec/pfkey_v2_ext_bits.c Mon Feb 9 13:51:03 2004 | |
48454 | @@ -0,0 +1,814 @@ | |
48455 | +/* | |
48456 | + * RFC2367 PF_KEYv2 Key management API message parser | |
48457 | + * Copyright (C) 1999, 2000, 2001 Richard Guy Briggs. | |
48458 | + * | |
48459 | + * This program is free software; you can redistribute it and/or modify it | |
48460 | + * under the terms of the GNU General Public License as published by the | |
48461 | + * Free Software Foundation; either version 2 of the License, or (at your | |
48462 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
48463 | + * | |
48464 | + * This program is distributed in the hope that it will be useful, but | |
48465 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
48466 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
48467 | + * for more details. | |
48468 | + * | |
48469 | + * RCSID $Id: pfkey_v2_ext_bits.c,v 1.22 2005/05/11 01:45:31 mcr Exp $ | |
48470 | + */ | |
48471 | + | |
48472 | +/* | |
48473 | + * Template from klips/net/ipsec/ipsec/ipsec_parse.c. | |
48474 | + */ | |
48475 | + | |
48476 | +char pfkey_v2_ext_bits_c_version[] = "$Id: pfkey_v2_ext_bits.c,v 1.22 2005/05/11 01:45:31 mcr Exp $"; | |
48477 | + | |
48478 | +/* | |
48479 | + * Some ugly stuff to allow consistent debugging code for use in the | |
48480 | + * kernel and in user space | |
48481 | +*/ | |
48482 | + | |
48483 | +#ifdef __KERNEL__ | |
48484 | + | |
48485 | +# include <linux/kernel.h> /* for printk */ | |
48486 | + | |
48487 | +# include "openswan/ipsec_kversion.h" /* for malloc switch */ | |
48488 | +# ifdef MALLOC_SLAB | |
48489 | +# include <linux/slab.h> /* kmalloc() */ | |
48490 | +# else /* MALLOC_SLAB */ | |
48491 | +# include <linux/malloc.h> /* kmalloc() */ | |
48492 | +# endif /* MALLOC_SLAB */ | |
48493 | +# include <linux/errno.h> /* error codes */ | |
48494 | +# include <linux/types.h> /* size_t */ | |
48495 | +# include <linux/interrupt.h> /* mark_bh */ | |
48496 | + | |
48497 | +# include <linux/netdevice.h> /* struct device, and other headers */ | |
48498 | +# include <linux/etherdevice.h> /* eth_type_trans */ | |
48499 | +# include <linux/ip.h> /* struct iphdr */ | |
48500 | +# if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) | |
48501 | +# include <linux/ipv6.h> | |
48502 | +# endif /* defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) */ | |
48503 | + | |
48504 | +#else /* __KERNEL__ */ | |
48505 | + | |
48506 | +# include <sys/types.h> | |
48507 | +# include <linux/types.h> | |
48508 | +# include <linux/errno.h> | |
48509 | +#endif | |
48510 | + | |
48511 | +#include <openswan.h> | |
48512 | +#include <pfkeyv2.h> | |
48513 | +#include <pfkey.h> | |
48514 | + | |
48515 | +unsigned int extensions_bitmaps[2/*in/out*/][2/*perm/req*/][SADB_EXTENSIONS_MAX] = { | |
48516 | + | |
48517 | +/* INBOUND EXTENSIONS */ | |
48518 | +{ | |
48519 | + | |
48520 | +/* PERMITTED IN */ | |
48521 | +{ | |
48522 | +/* SADB_RESERVED */ | |
48523 | +0 | |
48524 | +, | |
48525 | +/* SADB_GETSPI */ | |
48526 | +1<<SADB_EXT_RESERVED | |
48527 | +| 1<<SADB_EXT_ADDRESS_SRC | |
48528 | +| 1<<SADB_EXT_ADDRESS_DST | |
48529 | +| 1<<SADB_EXT_ADDRESS_PROXY | |
48530 | +| 1<<SADB_EXT_SPIRANGE | |
48531 | +, | |
48532 | +/* SADB_UPDATE */ | |
48533 | +1<<SADB_EXT_RESERVED | |
48534 | +| 1<<SADB_EXT_SA | |
48535 | +| 1<<SADB_EXT_LIFETIME_CURRENT | |
48536 | +| 1<<SADB_EXT_LIFETIME_HARD | |
48537 | +| 1<<SADB_EXT_LIFETIME_SOFT | |
48538 | +| 1<<SADB_EXT_ADDRESS_SRC | |
48539 | +| 1<<SADB_EXT_ADDRESS_DST | |
48540 | +| 1<<SADB_EXT_ADDRESS_PROXY | |
48541 | +| 1<<SADB_EXT_KEY_AUTH | |
48542 | +| 1<<SADB_EXT_KEY_ENCRYPT | |
48543 | +| 1<<SADB_EXT_IDENTITY_SRC | |
48544 | +| 1<<SADB_EXT_IDENTITY_DST | |
48545 | +| 1<<SADB_EXT_SENSITIVITY | |
48546 | +| 1<<SADB_X_EXT_NAT_T_SPORT | |
48547 | +| 1<<SADB_X_EXT_NAT_T_DPORT | |
48548 | +, | |
48549 | +/* SADB_ADD */ | |
48550 | +1<<SADB_EXT_RESERVED | |
48551 | +| 1<<SADB_EXT_SA | |
48552 | +| 1<<SADB_EXT_LIFETIME_HARD | |
48553 | +| 1<<SADB_EXT_LIFETIME_SOFT | |
48554 | +| 1<<SADB_EXT_ADDRESS_SRC | |
48555 | +| 1<<SADB_EXT_ADDRESS_DST | |
48556 | +| 1<<SADB_EXT_ADDRESS_PROXY | |
48557 | +| 1<<SADB_EXT_KEY_AUTH | |
48558 | +| 1<<SADB_EXT_KEY_ENCRYPT | |
48559 | +| 1<<SADB_EXT_IDENTITY_SRC | |
48560 | +| 1<<SADB_EXT_IDENTITY_DST | |
48561 | +| 1<<SADB_EXT_SENSITIVITY | |
48562 | +| 1<<SADB_X_EXT_NAT_T_TYPE | |
48563 | +| 1<<SADB_X_EXT_NAT_T_SPORT | |
48564 | +| 1<<SADB_X_EXT_NAT_T_DPORT | |
48565 | +| 1<<SADB_X_EXT_NAT_T_OA | |
48566 | +, | |
48567 | +/* SADB_DELETE */ | |
48568 | +1<<SADB_EXT_RESERVED | |
48569 | +| 1<<SADB_EXT_SA | |
48570 | +| 1<<SADB_EXT_ADDRESS_SRC | |
48571 | +| 1<<SADB_EXT_ADDRESS_DST | |
48572 | +, | |
48573 | +/* SADB_GET */ | |
48574 | +1<<SADB_EXT_RESERVED | |
48575 | +| 1<<SADB_EXT_SA | |
48576 | +| 1<<SADB_EXT_ADDRESS_SRC | |
48577 | +| 1<<SADB_EXT_ADDRESS_DST | |
48578 | +, | |
48579 | +/* SADB_ACQUIRE */ | |
48580 | +1<<SADB_EXT_RESERVED | |
48581 | +| 1<<SADB_EXT_ADDRESS_SRC | |
48582 | +| 1<<SADB_EXT_ADDRESS_DST | |
48583 | +| 1<<SADB_EXT_ADDRESS_PROXY | |
48584 | +| 1<<SADB_EXT_IDENTITY_SRC | |
48585 | +| 1<<SADB_EXT_IDENTITY_DST | |
48586 | +| 1<<SADB_EXT_SENSITIVITY | |
48587 | +| 1<<SADB_EXT_PROPOSAL | |
48588 | +, | |
48589 | +/* SADB_REGISTER */ | |
48590 | +1<<SADB_EXT_RESERVED | |
48591 | +, | |
48592 | +/* SADB_EXPIRE */ | |
48593 | +0 | |
48594 | +, | |
48595 | +/* SADB_FLUSH */ | |
48596 | +1<<SADB_EXT_RESERVED | |
48597 | +, | |
48598 | +/* SADB_DUMP */ | |
48599 | +1<<SADB_EXT_RESERVED | |
48600 | +, | |
48601 | +/* SADB_X_PROMISC */ | |
48602 | +1<<SADB_EXT_RESERVED | |
48603 | +| 1<<SADB_EXT_SA | |
48604 | +| 1<<SADB_EXT_LIFETIME_CURRENT | |
48605 | +| 1<<SADB_EXT_LIFETIME_HARD | |
48606 | +| 1<<SADB_EXT_LIFETIME_SOFT | |
48607 | +| 1<<SADB_EXT_ADDRESS_SRC | |
48608 | +| 1<<SADB_EXT_ADDRESS_DST | |
48609 | +| 1<<SADB_EXT_ADDRESS_PROXY | |
48610 | +| 1<<SADB_EXT_KEY_AUTH | |
48611 | +| 1<<SADB_EXT_KEY_ENCRYPT | |
48612 | +| 1<<SADB_EXT_IDENTITY_SRC | |
48613 | +| 1<<SADB_EXT_IDENTITY_DST | |
48614 | +| 1<<SADB_EXT_SENSITIVITY | |
48615 | +| 1<<SADB_EXT_PROPOSAL | |
48616 | +| 1<<SADB_EXT_SUPPORTED_AUTH | |
48617 | +| 1<<SADB_EXT_SUPPORTED_ENCRYPT | |
48618 | +| 1<<SADB_EXT_SPIRANGE | |
48619 | +| 1<<SADB_X_EXT_KMPRIVATE | |
48620 | +| 1<<SADB_X_EXT_SATYPE2 | |
48621 | +| 1<<SADB_X_EXT_SA2 | |
48622 | +| 1<<SADB_X_EXT_ADDRESS_DST2 | |
48623 | +, | |
48624 | +/* SADB_X_PCHANGE */ | |
48625 | +1<<SADB_EXT_RESERVED | |
48626 | +| 1<<SADB_EXT_SA | |
48627 | +| 1<<SADB_EXT_LIFETIME_CURRENT | |
48628 | +| 1<<SADB_EXT_LIFETIME_HARD | |
48629 | +| 1<<SADB_EXT_LIFETIME_SOFT | |
48630 | +| 1<<SADB_EXT_ADDRESS_SRC | |
48631 | +| 1<<SADB_EXT_ADDRESS_DST | |
48632 | +| 1<<SADB_EXT_ADDRESS_PROXY | |
48633 | +| 1<<SADB_EXT_KEY_AUTH | |
48634 | +| 1<<SADB_EXT_KEY_ENCRYPT | |
48635 | +| 1<<SADB_EXT_IDENTITY_SRC | |
48636 | +| 1<<SADB_EXT_IDENTITY_DST | |
48637 | +| 1<<SADB_EXT_SENSITIVITY | |
48638 | +| 1<<SADB_EXT_PROPOSAL | |
48639 | +| 1<<SADB_EXT_SUPPORTED_AUTH | |
48640 | +| 1<<SADB_EXT_SUPPORTED_ENCRYPT | |
48641 | +| 1<<SADB_EXT_SPIRANGE | |
48642 | +| 1<<SADB_X_EXT_KMPRIVATE | |
48643 | +| 1<<SADB_X_EXT_SATYPE2 | |
48644 | +| 1<<SADB_X_EXT_SA2 | |
48645 | +| 1<<SADB_X_EXT_ADDRESS_DST2 | |
48646 | +, | |
48647 | +/* SADB_X_GRPSA */ | |
48648 | +1<<SADB_EXT_RESERVED | |
48649 | +| 1<<SADB_EXT_SA | |
48650 | +| 1<<SADB_EXT_ADDRESS_DST | |
48651 | +| 1<<SADB_X_EXT_SATYPE2 | |
48652 | +| 1<<SADB_X_EXT_SA2 | |
48653 | +| 1<<SADB_X_EXT_ADDRESS_DST2 | |
48654 | +, | |
48655 | +/* SADB_X_ADDFLOW */ | |
48656 | +1<<SADB_EXT_RESERVED | |
48657 | +| 1<<SADB_EXT_SA | |
48658 | +| 1<<SADB_EXT_ADDRESS_SRC | |
48659 | +| 1<<SADB_EXT_ADDRESS_DST | |
48660 | +| 1<<SADB_X_EXT_ADDRESS_SRC_FLOW | |
48661 | +| 1<<SADB_X_EXT_ADDRESS_DST_FLOW | |
48662 | +| 1<<SADB_X_EXT_ADDRESS_SRC_MASK | |
48663 | +| 1<<SADB_X_EXT_ADDRESS_DST_MASK | |
48664 | +| 1<<SADB_EXT_IDENTITY_SRC | |
48665 | +| 1<<SADB_EXT_IDENTITY_DST | |
48666 | +| 1<<SADB_X_EXT_PROTOCOL | |
48667 | +, | |
48668 | +/* SADB_X_DELFLOW */ | |
48669 | +1<<SADB_EXT_RESERVED | |
48670 | +| 1<<SADB_EXT_SA | |
48671 | +| 1<<SADB_X_EXT_ADDRESS_SRC_FLOW | |
48672 | +| 1<<SADB_X_EXT_ADDRESS_DST_FLOW | |
48673 | +| 1<<SADB_X_EXT_ADDRESS_SRC_MASK | |
48674 | +| 1<<SADB_X_EXT_ADDRESS_DST_MASK | |
48675 | +| 1<<SADB_EXT_IDENTITY_SRC | |
48676 | +| 1<<SADB_EXT_IDENTITY_DST | |
48677 | +| 1<<SADB_X_EXT_PROTOCOL | |
48678 | +, | |
48679 | +/* SADB_X_DEBUG */ | |
48680 | +1<<SADB_EXT_RESERVED | |
48681 | +| 1<<SADB_X_EXT_DEBUG | |
48682 | +, | |
48683 | +/* SADB_X_NAT_T_NEW_MAPPING */ | |
48684 | +1<<SADB_EXT_RESERVED | |
48685 | +| 1<<SADB_EXT_SA | |
48686 | +| 1<<SADB_EXT_ADDRESS_SRC | |
48687 | +| 1<<SADB_EXT_ADDRESS_DST | |
48688 | +| 1<<SADB_X_EXT_NAT_T_SPORT | |
48689 | +| 1<<SADB_X_EXT_NAT_T_DPORT | |
48690 | +}, | |
48691 | + | |
48692 | +/* REQUIRED IN */ | |
48693 | +{ | |
48694 | +/* SADB_RESERVED */ | |
48695 | +0 | |
48696 | +, | |
48697 | +/* SADB_GETSPI */ | |
48698 | +1<<SADB_EXT_RESERVED | |
48699 | +| 1<<SADB_EXT_ADDRESS_SRC | |
48700 | +| 1<<SADB_EXT_ADDRESS_DST | |
48701 | +| 1<<SADB_EXT_SPIRANGE | |
48702 | +, | |
48703 | +/* SADB_UPDATE */ | |
48704 | +1<<SADB_EXT_RESERVED | |
48705 | +| 1<<SADB_EXT_SA | |
48706 | +| 1<<SADB_EXT_ADDRESS_SRC | |
48707 | +| 1<<SADB_EXT_ADDRESS_DST | |
48708 | +/*| 1<<SADB_EXT_KEY_AUTH*/ | |
48709 | +/*| 1<<SADB_EXT_KEY_ENCRYPT*/ | |
48710 | +, | |
48711 | +/* SADB_ADD */ | |
48712 | +1<<SADB_EXT_RESERVED | |
48713 | +| 1<<SADB_EXT_SA | |
48714 | +| 1<<SADB_EXT_ADDRESS_SRC | |
48715 | +| 1<<SADB_EXT_ADDRESS_DST | |
48716 | +/*| 1<<SADB_EXT_KEY_AUTH*/ | |
48717 | +/*| 1<<SADB_EXT_KEY_ENCRYPT*/ | |
48718 | +, | |
48719 | +/* SADB_DELETE */ | |
48720 | +1<<SADB_EXT_RESERVED | |
48721 | +| 1<<SADB_EXT_SA | |
48722 | +| 1<<SADB_EXT_ADDRESS_SRC | |
48723 | +| 1<<SADB_EXT_ADDRESS_DST | |
48724 | +, | |
48725 | +/* SADB_GET */ | |
48726 | +1<<SADB_EXT_RESERVED | |
48727 | +| 1<<SADB_EXT_SA | |
48728 | +| 1<<SADB_EXT_ADDRESS_SRC | |
48729 | +| 1<<SADB_EXT_ADDRESS_DST | |
48730 | +, | |
48731 | +/* SADB_ACQUIRE */ | |
48732 | +1<<SADB_EXT_RESERVED | |
48733 | +| 1<<SADB_EXT_ADDRESS_SRC | |
48734 | +| 1<<SADB_EXT_ADDRESS_DST | |
48735 | +| 1<<SADB_EXT_PROPOSAL | |
48736 | +, | |
48737 | +/* SADB_REGISTER */ | |
48738 | +1<<SADB_EXT_RESERVED | |
48739 | +, | |
48740 | +/* SADB_EXPIRE */ | |
48741 | +0 | |
48742 | +, | |
48743 | +/* SADB_FLUSH */ | |
48744 | +1<<SADB_EXT_RESERVED | |
48745 | +, | |
48746 | +/* SADB_DUMP */ | |
48747 | +1<<SADB_EXT_RESERVED | |
48748 | +, | |
48749 | +/* SADB_X_PROMISC */ | |
48750 | +1<<SADB_EXT_RESERVED | |
48751 | +| 1<<SADB_EXT_SA | |
48752 | +| 1<<SADB_EXT_LIFETIME_CURRENT | |
48753 | +| 1<<SADB_EXT_LIFETIME_HARD | |
48754 | +| 1<<SADB_EXT_LIFETIME_SOFT | |
48755 | +| 1<<SADB_EXT_ADDRESS_SRC | |
48756 | +| 1<<SADB_EXT_ADDRESS_DST | |
48757 | +| 1<<SADB_EXT_ADDRESS_PROXY | |
48758 | +| 1<<SADB_EXT_KEY_AUTH | |
48759 | +| 1<<SADB_EXT_KEY_ENCRYPT | |
48760 | +| 1<<SADB_EXT_IDENTITY_SRC | |
48761 | +| 1<<SADB_EXT_IDENTITY_DST | |
48762 | +| 1<<SADB_EXT_SENSITIVITY | |
48763 | +| 1<<SADB_EXT_PROPOSAL | |
48764 | +| 1<<SADB_EXT_SUPPORTED_AUTH | |
48765 | +| 1<<SADB_EXT_SUPPORTED_ENCRYPT | |
48766 | +| 1<<SADB_EXT_SPIRANGE | |
48767 | +| 1<<SADB_X_EXT_KMPRIVATE | |
48768 | +| 1<<SADB_X_EXT_SATYPE2 | |
48769 | +| 1<<SADB_X_EXT_SA2 | |
48770 | +| 1<<SADB_X_EXT_ADDRESS_DST2 | |
48771 | +, | |
48772 | +/* SADB_X_PCHANGE */ | |
48773 | +1<<SADB_EXT_RESERVED | |
48774 | +| 1<<SADB_EXT_SA | |
48775 | +| 1<<SADB_EXT_LIFETIME_CURRENT | |
48776 | +| 1<<SADB_EXT_LIFETIME_HARD | |
48777 | +| 1<<SADB_EXT_LIFETIME_SOFT | |
48778 | +| 1<<SADB_EXT_ADDRESS_SRC | |
48779 | +| 1<<SADB_EXT_ADDRESS_DST | |
48780 | +| 1<<SADB_EXT_ADDRESS_PROXY | |
48781 | +| 1<<SADB_EXT_KEY_AUTH | |
48782 | +| 1<<SADB_EXT_KEY_ENCRYPT | |
48783 | +| 1<<SADB_EXT_IDENTITY_SRC | |
48784 | +| 1<<SADB_EXT_IDENTITY_DST | |
48785 | +| 1<<SADB_EXT_SENSITIVITY | |
48786 | +| 1<<SADB_EXT_PROPOSAL | |
48787 | +| 1<<SADB_EXT_SUPPORTED_AUTH | |
48788 | +| 1<<SADB_EXT_SUPPORTED_ENCRYPT | |
48789 | +| 1<<SADB_EXT_SPIRANGE | |
48790 | +| 1<<SADB_X_EXT_KMPRIVATE | |
48791 | +| 1<<SADB_X_EXT_SATYPE2 | |
48792 | +| 1<<SADB_X_EXT_SA2 | |
48793 | +| 1<<SADB_X_EXT_ADDRESS_DST2 | |
48794 | +, | |
48795 | +/* SADB_X_GRPSA */ | |
48796 | +1<<SADB_EXT_RESERVED | |
48797 | +| 1<<SADB_EXT_SA | |
48798 | +| 1<<SADB_EXT_ADDRESS_DST | |
48799 | +/*| 1<<SADB_X_EXT_SATYPE2*/ | |
48800 | +/*| 1<<SADB_X_EXT_SA2*/ | |
48801 | +/*| 1<<SADB_X_EXT_ADDRESS_DST2*/ | |
48802 | +, | |
48803 | +/* SADB_X_ADDFLOW */ | |
48804 | +1<<SADB_EXT_RESERVED | |
48805 | +| 1<<SADB_EXT_SA | |
48806 | +| 1<<SADB_EXT_ADDRESS_DST | |
48807 | +| 1<<SADB_X_EXT_ADDRESS_SRC_FLOW | |
48808 | +| 1<<SADB_X_EXT_ADDRESS_DST_FLOW | |
48809 | +| 1<<SADB_X_EXT_ADDRESS_SRC_MASK | |
48810 | +| 1<<SADB_X_EXT_ADDRESS_DST_MASK | |
48811 | +, | |
48812 | +/* SADB_X_DELFLOW */ | |
48813 | +1<<SADB_EXT_RESERVED | |
48814 | +/*| 1<<SADB_EXT_SA*/ | |
48815 | +#if 0 /* SADB_X_CLREROUTE doesn't need all these... */ | |
48816 | +| 1<<SADB_X_EXT_ADDRESS_SRC_FLOW | |
48817 | +| 1<<SADB_X_EXT_ADDRESS_DST_FLOW | |
48818 | +| 1<<SADB_X_EXT_ADDRESS_SRC_MASK | |
48819 | +| 1<<SADB_X_EXT_ADDRESS_DST_MASK | |
48820 | +#endif | |
48821 | +, | |
48822 | +/* SADB_X_DEBUG */ | |
48823 | +1<<SADB_EXT_RESERVED | |
48824 | +| 1<<SADB_X_EXT_DEBUG | |
48825 | +, | |
48826 | +/* SADB_X_NAT_T_NEW_MAPPING */ | |
48827 | +1<<SADB_EXT_RESERVED | |
48828 | +| 1<<SADB_EXT_SA | |
48829 | +| 1<<SADB_EXT_ADDRESS_SRC | |
48830 | +| 1<<SADB_EXT_ADDRESS_DST | |
48831 | +| 1<<SADB_X_EXT_NAT_T_SPORT | |
48832 | +| 1<<SADB_X_EXT_NAT_T_DPORT | |
48833 | +} | |
48834 | + | |
48835 | +}, | |
48836 | + | |
48837 | +/* OUTBOUND EXTENSIONS */ | |
48838 | +{ | |
48839 | + | |
48840 | +/* PERMITTED OUT */ | |
48841 | +{ | |
48842 | +/* SADB_RESERVED */ | |
48843 | +0 | |
48844 | +, | |
48845 | +/* SADB_GETSPI */ | |
48846 | +1<<SADB_EXT_RESERVED | |
48847 | +| 1<<SADB_EXT_SA | |
48848 | +| 1<<SADB_EXT_ADDRESS_SRC | |
48849 | +| 1<<SADB_EXT_ADDRESS_DST | |
48850 | +, | |
48851 | +/* SADB_UPDATE */ | |
48852 | +1<<SADB_EXT_RESERVED | |
48853 | +| 1<<SADB_EXT_SA | |
48854 | +| 1<<SADB_EXT_LIFETIME_CURRENT | |
48855 | +| 1<<SADB_EXT_LIFETIME_HARD | |
48856 | +| 1<<SADB_EXT_LIFETIME_SOFT | |
48857 | +| 1<<SADB_EXT_ADDRESS_SRC | |
48858 | +| 1<<SADB_EXT_ADDRESS_DST | |
48859 | +| 1<<SADB_EXT_ADDRESS_PROXY | |
48860 | +| 1<<SADB_EXT_IDENTITY_SRC | |
48861 | +| 1<<SADB_EXT_IDENTITY_DST | |
48862 | +| 1<<SADB_EXT_SENSITIVITY | |
48863 | +| 1<<SADB_X_EXT_NAT_T_SPORT | |
48864 | +| 1<<SADB_X_EXT_NAT_T_DPORT | |
48865 | +, | |
48866 | +/* SADB_ADD */ | |
48867 | +1<<SADB_EXT_RESERVED | |
48868 | +| 1<<SADB_EXT_SA | |
48869 | +| 1<<SADB_EXT_LIFETIME_HARD | |
48870 | +| 1<<SADB_EXT_LIFETIME_SOFT | |
48871 | +| 1<<SADB_EXT_ADDRESS_SRC | |
48872 | +| 1<<SADB_EXT_ADDRESS_DST | |
48873 | +| 1<<SADB_EXT_IDENTITY_SRC | |
48874 | +| 1<<SADB_EXT_IDENTITY_DST | |
48875 | +| 1<<SADB_EXT_SENSITIVITY | |
48876 | +| 1<<SADB_X_EXT_NAT_T_TYPE | |
48877 | +| 1<<SADB_X_EXT_NAT_T_SPORT | |
48878 | +| 1<<SADB_X_EXT_NAT_T_DPORT | |
48879 | +| 1<<SADB_X_EXT_NAT_T_OA | |
48880 | +, | |
48881 | +/* SADB_DELETE */ | |
48882 | +1<<SADB_EXT_RESERVED | |
48883 | +| 1<<SADB_EXT_SA | |
48884 | +| 1<<SADB_EXT_ADDRESS_SRC | |
48885 | +| 1<<SADB_EXT_ADDRESS_DST | |
48886 | +, | |
48887 | +/* SADB_GET */ | |
48888 | +1<<SADB_EXT_RESERVED | |
48889 | +| 1<<SADB_EXT_SA | |
48890 | +| 1<<SADB_EXT_LIFETIME_CURRENT | |
48891 | +| 1<<SADB_EXT_LIFETIME_HARD | |
48892 | +| 1<<SADB_EXT_LIFETIME_SOFT | |
48893 | +| 1<<SADB_EXT_ADDRESS_SRC | |
48894 | +| 1<<SADB_EXT_ADDRESS_DST | |
48895 | +| 1<<SADB_EXT_ADDRESS_PROXY | |
48896 | +| 1<<SADB_EXT_KEY_AUTH | |
48897 | +| 1<<SADB_EXT_KEY_ENCRYPT | |
48898 | +| 1<<SADB_EXT_IDENTITY_SRC | |
48899 | +| 1<<SADB_EXT_IDENTITY_DST | |
48900 | +| 1<<SADB_EXT_SENSITIVITY | |
48901 | +| 1<<SADB_X_EXT_NAT_T_TYPE | |
48902 | +| 1<<SADB_X_EXT_NAT_T_SPORT | |
48903 | +| 1<<SADB_X_EXT_NAT_T_DPORT | |
48904 | +| 1<<SADB_X_EXT_NAT_T_OA | |
48905 | +, | |
48906 | +/* SADB_ACQUIRE */ | |
48907 | +1<<SADB_EXT_RESERVED | |
48908 | +| 1<<SADB_EXT_ADDRESS_SRC | |
48909 | +| 1<<SADB_EXT_ADDRESS_DST | |
48910 | +| 1<<SADB_EXT_ADDRESS_PROXY | |
48911 | +| 1<<SADB_EXT_IDENTITY_SRC | |
48912 | +| 1<<SADB_EXT_IDENTITY_DST | |
48913 | +| 1<<SADB_EXT_SENSITIVITY | |
48914 | +| 1<<SADB_EXT_PROPOSAL | |
48915 | +, | |
48916 | +/* SADB_REGISTER */ | |
48917 | +1<<SADB_EXT_RESERVED | |
48918 | +| 1<<SADB_EXT_SUPPORTED_AUTH | |
48919 | +| 1<<SADB_EXT_SUPPORTED_ENCRYPT | |
48920 | +, | |
48921 | +/* SADB_EXPIRE */ | |
48922 | +1<<SADB_EXT_RESERVED | |
48923 | +| 1<<SADB_EXT_SA | |
48924 | +| 1<<SADB_EXT_LIFETIME_CURRENT | |
48925 | +| 1<<SADB_EXT_LIFETIME_HARD | |
48926 | +| 1<<SADB_EXT_LIFETIME_SOFT | |
48927 | +| 1<<SADB_EXT_ADDRESS_SRC | |
48928 | +| 1<<SADB_EXT_ADDRESS_DST | |
48929 | +, | |
48930 | +/* SADB_FLUSH */ | |
48931 | +1<<SADB_EXT_RESERVED | |
48932 | +, | |
48933 | +/* SADB_DUMP */ | |
48934 | +1<<SADB_EXT_RESERVED | |
48935 | +| 1<<SADB_EXT_SA | |
48936 | +| 1<<SADB_EXT_LIFETIME_CURRENT | |
48937 | +| 1<<SADB_EXT_LIFETIME_HARD | |
48938 | +| 1<<SADB_EXT_LIFETIME_SOFT | |
48939 | +| 1<<SADB_EXT_ADDRESS_SRC | |
48940 | +| 1<<SADB_EXT_ADDRESS_DST | |
48941 | +| 1<<SADB_EXT_ADDRESS_PROXY | |
48942 | +| 1<<SADB_EXT_KEY_AUTH | |
48943 | +| 1<<SADB_EXT_KEY_ENCRYPT | |
48944 | +| 1<<SADB_EXT_IDENTITY_SRC | |
48945 | +| 1<<SADB_EXT_IDENTITY_DST | |
48946 | +| 1<<SADB_EXT_SENSITIVITY | |
48947 | +| 1<<SADB_X_EXT_NAT_T_TYPE | |
48948 | +| 1<<SADB_X_EXT_NAT_T_SPORT | |
48949 | +| 1<<SADB_X_EXT_NAT_T_DPORT | |
48950 | +| 1<<SADB_X_EXT_NAT_T_OA | |
48951 | +, | |
48952 | +/* SADB_X_PROMISC */ | |
48953 | +1<<SADB_EXT_RESERVED | |
48954 | +| 1<<SADB_EXT_SA | |
48955 | +| 1<<SADB_EXT_LIFETIME_CURRENT | |
48956 | +| 1<<SADB_EXT_LIFETIME_HARD | |
48957 | +| 1<<SADB_EXT_LIFETIME_SOFT | |
48958 | +| 1<<SADB_EXT_ADDRESS_SRC | |
48959 | +| 1<<SADB_EXT_ADDRESS_DST | |
48960 | +| 1<<SADB_EXT_ADDRESS_PROXY | |
48961 | +| 1<<SADB_EXT_KEY_AUTH | |
48962 | +| 1<<SADB_EXT_KEY_ENCRYPT | |
48963 | +| 1<<SADB_EXT_IDENTITY_SRC | |
48964 | +| 1<<SADB_EXT_IDENTITY_DST | |
48965 | +| 1<<SADB_EXT_SENSITIVITY | |
48966 | +| 1<<SADB_EXT_PROPOSAL | |
48967 | +| 1<<SADB_EXT_SUPPORTED_AUTH | |
48968 | +| 1<<SADB_EXT_SUPPORTED_ENCRYPT | |
48969 | +| 1<<SADB_EXT_SPIRANGE | |
48970 | +| 1<<SADB_X_EXT_KMPRIVATE | |
48971 | +| 1<<SADB_X_EXT_SATYPE2 | |
48972 | +| 1<<SADB_X_EXT_SA2 | |
48973 | +| 1<<SADB_X_EXT_ADDRESS_DST2 | |
48974 | +, | |
48975 | +/* SADB_X_PCHANGE */ | |
48976 | +1<<SADB_EXT_RESERVED | |
48977 | +| 1<<SADB_EXT_SA | |
48978 | +| 1<<SADB_EXT_LIFETIME_CURRENT | |
48979 | +| 1<<SADB_EXT_LIFETIME_HARD | |
48980 | +| 1<<SADB_EXT_LIFETIME_SOFT | |
48981 | +| 1<<SADB_EXT_ADDRESS_SRC | |
48982 | +| 1<<SADB_EXT_ADDRESS_DST | |
48983 | +| 1<<SADB_EXT_ADDRESS_PROXY | |
48984 | +| 1<<SADB_EXT_KEY_AUTH | |
48985 | +| 1<<SADB_EXT_KEY_ENCRYPT | |
48986 | +| 1<<SADB_EXT_IDENTITY_SRC | |
48987 | +| 1<<SADB_EXT_IDENTITY_DST | |
48988 | +| 1<<SADB_EXT_SENSITIVITY | |
48989 | +| 1<<SADB_EXT_PROPOSAL | |
48990 | +| 1<<SADB_EXT_SUPPORTED_AUTH | |
48991 | +| 1<<SADB_EXT_SUPPORTED_ENCRYPT | |
48992 | +| 1<<SADB_EXT_SPIRANGE | |
48993 | +| 1<<SADB_X_EXT_KMPRIVATE | |
48994 | +| 1<<SADB_X_EXT_SATYPE2 | |
48995 | +| 1<<SADB_X_EXT_SA2 | |
48996 | +| 1<<SADB_X_EXT_ADDRESS_DST2 | |
48997 | +, | |
48998 | +/* SADB_X_GRPSA */ | |
48999 | +1<<SADB_EXT_RESERVED | |
49000 | +| 1<<SADB_EXT_SA | |
49001 | +| 1<<SADB_EXT_ADDRESS_DST | |
49002 | +| 1<<SADB_X_EXT_SATYPE2 | |
49003 | +| 1<<SADB_X_EXT_SA2 | |
49004 | +| 1<<SADB_X_EXT_ADDRESS_DST2 | |
49005 | +, | |
49006 | +/* SADB_X_ADDFLOW */ | |
49007 | +1<<SADB_EXT_RESERVED | |
49008 | +| 1<<SADB_EXT_SA | |
49009 | +| 1<<SADB_EXT_ADDRESS_SRC | |
49010 | +| 1<<SADB_EXT_ADDRESS_DST | |
49011 | +| 1<<SADB_X_EXT_ADDRESS_SRC_FLOW | |
49012 | +| 1<<SADB_X_EXT_ADDRESS_DST_FLOW | |
49013 | +| 1<<SADB_X_EXT_ADDRESS_SRC_MASK | |
49014 | +| 1<<SADB_X_EXT_ADDRESS_DST_MASK | |
49015 | +| 1<<SADB_X_EXT_PROTOCOL | |
49016 | +, | |
49017 | +/* SADB_X_DELFLOW */ | |
49018 | +1<<SADB_EXT_RESERVED | |
49019 | +| 1<<SADB_EXT_SA | |
49020 | +| 1<<SADB_X_EXT_ADDRESS_SRC_FLOW | |
49021 | +| 1<<SADB_X_EXT_ADDRESS_DST_FLOW | |
49022 | +| 1<<SADB_X_EXT_ADDRESS_SRC_MASK | |
49023 | +| 1<<SADB_X_EXT_ADDRESS_DST_MASK | |
49024 | +| 1<<SADB_X_EXT_PROTOCOL | |
49025 | +, | |
49026 | +/* SADB_X_DEBUG */ | |
49027 | +1<<SADB_EXT_RESERVED | |
49028 | +| 1<<SADB_X_EXT_DEBUG | |
49029 | +, | |
49030 | +/* SADB_X_NAT_T_NEW_MAPPING */ | |
49031 | +1<<SADB_EXT_RESERVED | |
49032 | +| 1<<SADB_EXT_SA | |
49033 | +| 1<<SADB_EXT_ADDRESS_SRC | |
49034 | +| 1<<SADB_EXT_ADDRESS_DST | |
49035 | +| 1<<SADB_X_EXT_NAT_T_SPORT | |
49036 | +| 1<<SADB_X_EXT_NAT_T_DPORT | |
49037 | +}, | |
49038 | + | |
49039 | +/* REQUIRED OUT */ | |
49040 | +{ | |
49041 | +/* SADB_RESERVED */ | |
49042 | +0 | |
49043 | +, | |
49044 | +/* SADB_GETSPI */ | |
49045 | +1<<SADB_EXT_RESERVED | |
49046 | +| 1<<SADB_EXT_SA | |
49047 | +| 1<<SADB_EXT_ADDRESS_SRC | |
49048 | +| 1<<SADB_EXT_ADDRESS_DST | |
49049 | +, | |
49050 | +/* SADB_UPDATE */ | |
49051 | +1<<SADB_EXT_RESERVED | |
49052 | +| 1<<SADB_EXT_SA | |
49053 | +| 1<<SADB_EXT_ADDRESS_SRC | |
49054 | +| 1<<SADB_EXT_ADDRESS_DST | |
49055 | +, | |
49056 | +/* SADB_ADD */ | |
49057 | +1<<SADB_EXT_RESERVED | |
49058 | +| 1<<SADB_EXT_SA | |
49059 | +| 1<<SADB_EXT_ADDRESS_SRC | |
49060 | +| 1<<SADB_EXT_ADDRESS_DST | |
49061 | +, | |
49062 | +/* SADB_DELETE */ | |
49063 | +1<<SADB_EXT_RESERVED | |
49064 | +| 1<<SADB_EXT_SA | |
49065 | +| 1<<SADB_EXT_ADDRESS_SRC | |
49066 | +| 1<<SADB_EXT_ADDRESS_DST | |
49067 | +, | |
49068 | +/* SADB_GET */ | |
49069 | +1<<SADB_EXT_RESERVED | |
49070 | +| 1<<SADB_EXT_SA | |
49071 | +| 1<<SADB_EXT_ADDRESS_SRC | |
49072 | +| 1<<SADB_EXT_ADDRESS_DST | |
49073 | +/* | 1<<SADB_EXT_KEY_AUTH */ | |
49074 | +/* | 1<<SADB_EXT_KEY_ENCRYPT */ | |
49075 | +, | |
49076 | +/* SADB_ACQUIRE */ | |
49077 | +1<<SADB_EXT_RESERVED | |
49078 | +| 1<<SADB_EXT_ADDRESS_SRC | |
49079 | +| 1<<SADB_EXT_ADDRESS_DST | |
49080 | +| 1<<SADB_EXT_PROPOSAL | |
49081 | +, | |
49082 | +/* SADB_REGISTER */ | |
49083 | +1<<SADB_EXT_RESERVED | |
49084 | +/* | 1<<SADB_EXT_SUPPORTED_AUTH | |
49085 | + | 1<<SADB_EXT_SUPPORTED_ENCRYPT */ | |
49086 | +, | |
49087 | +/* SADB_EXPIRE */ | |
49088 | +1<<SADB_EXT_RESERVED | |
49089 | +| 1<<SADB_EXT_SA | |
49090 | +| 1<<SADB_EXT_LIFETIME_CURRENT | |
49091 | +/* | 1<<SADB_EXT_LIFETIME_HARD | |
49092 | + | 1<<SADB_EXT_LIFETIME_SOFT */ | |
49093 | +| 1<<SADB_EXT_ADDRESS_SRC | |
49094 | +| 1<<SADB_EXT_ADDRESS_DST | |
49095 | +, | |
49096 | +/* SADB_FLUSH */ | |
49097 | +1<<SADB_EXT_RESERVED | |
49098 | +, | |
49099 | +/* SADB_DUMP */ | |
49100 | +1<<SADB_EXT_RESERVED | |
49101 | +| 1<<SADB_EXT_SA | |
49102 | +| 1<<SADB_EXT_ADDRESS_SRC | |
49103 | +| 1<<SADB_EXT_ADDRESS_DST | |
49104 | +| 1<<SADB_EXT_KEY_AUTH | |
49105 | +| 1<<SADB_EXT_KEY_ENCRYPT | |
49106 | +, | |
49107 | +/* SADB_X_PROMISC */ | |
49108 | +1<<SADB_EXT_RESERVED | |
49109 | +| 1<<SADB_EXT_SA | |
49110 | +| 1<<SADB_EXT_LIFETIME_CURRENT | |
49111 | +| 1<<SADB_EXT_LIFETIME_HARD | |
49112 | +| 1<<SADB_EXT_LIFETIME_SOFT | |
49113 | +| 1<<SADB_EXT_ADDRESS_SRC | |
49114 | +| 1<<SADB_EXT_ADDRESS_DST | |
49115 | +| 1<<SADB_EXT_ADDRESS_PROXY | |
49116 | +| 1<<SADB_EXT_KEY_AUTH | |
49117 | +| 1<<SADB_EXT_KEY_ENCRYPT | |
49118 | +| 1<<SADB_EXT_IDENTITY_SRC | |
49119 | +| 1<<SADB_EXT_IDENTITY_DST | |
49120 | +| 1<<SADB_EXT_SENSITIVITY | |
49121 | +| 1<<SADB_EXT_PROPOSAL | |
49122 | +| 1<<SADB_EXT_SUPPORTED_AUTH | |
49123 | +| 1<<SADB_EXT_SUPPORTED_ENCRYPT | |
49124 | +| 1<<SADB_EXT_SPIRANGE | |
49125 | +| 1<<SADB_X_EXT_KMPRIVATE | |
49126 | +| 1<<SADB_X_EXT_SATYPE2 | |
49127 | +| 1<<SADB_X_EXT_SA2 | |
49128 | +| 1<<SADB_X_EXT_ADDRESS_DST2 | |
49129 | +, | |
49130 | +/* SADB_X_PCHANGE */ | |
49131 | +1<<SADB_EXT_RESERVED | |
49132 | +| 1<<SADB_EXT_SA | |
49133 | +| 1<<SADB_EXT_LIFETIME_CURRENT | |
49134 | +| 1<<SADB_EXT_LIFETIME_HARD | |
49135 | +| 1<<SADB_EXT_LIFETIME_SOFT | |
49136 | +| 1<<SADB_EXT_ADDRESS_SRC | |
49137 | +| 1<<SADB_EXT_ADDRESS_DST | |
49138 | +| 1<<SADB_EXT_ADDRESS_PROXY | |
49139 | +| 1<<SADB_EXT_KEY_AUTH | |
49140 | +| 1<<SADB_EXT_KEY_ENCRYPT | |
49141 | +| 1<<SADB_EXT_IDENTITY_SRC | |
49142 | +| 1<<SADB_EXT_IDENTITY_DST | |
49143 | +| 1<<SADB_EXT_SENSITIVITY | |
49144 | +| 1<<SADB_EXT_PROPOSAL | |
49145 | +| 1<<SADB_EXT_SUPPORTED_AUTH | |
49146 | +| 1<<SADB_EXT_SUPPORTED_ENCRYPT | |
49147 | +| 1<<SADB_EXT_SPIRANGE | |
49148 | +| 1<<SADB_X_EXT_KMPRIVATE | |
49149 | +| 1<<SADB_X_EXT_SATYPE2 | |
49150 | +| 1<<SADB_X_EXT_SA2 | |
49151 | +| 1<<SADB_X_EXT_ADDRESS_DST2 | |
49152 | +, | |
49153 | +/* SADB_X_GRPSA */ | |
49154 | +1<<SADB_EXT_RESERVED | |
49155 | +| 1<<SADB_EXT_SA | |
49156 | +| 1<<SADB_EXT_ADDRESS_DST | |
49157 | +, | |
49158 | +/* SADB_X_ADDFLOW */ | |
49159 | +1<<SADB_EXT_RESERVED | |
49160 | +| 1<<SADB_EXT_SA | |
49161 | +| 1<<SADB_EXT_ADDRESS_DST | |
49162 | +| 1<<SADB_X_EXT_ADDRESS_SRC_FLOW | |
49163 | +| 1<<SADB_X_EXT_ADDRESS_DST_FLOW | |
49164 | +| 1<<SADB_X_EXT_ADDRESS_SRC_MASK | |
49165 | +| 1<<SADB_X_EXT_ADDRESS_DST_MASK | |
49166 | +, | |
49167 | +/* SADB_X_DELFLOW */ | |
49168 | +1<<SADB_EXT_RESERVED | |
49169 | +/*| 1<<SADB_EXT_SA*/ | |
49170 | +| 1<<SADB_X_EXT_ADDRESS_SRC_FLOW | |
49171 | +| 1<<SADB_X_EXT_ADDRESS_DST_FLOW | |
49172 | +| 1<<SADB_X_EXT_ADDRESS_SRC_MASK | |
49173 | +| 1<<SADB_X_EXT_ADDRESS_DST_MASK | |
49174 | +, | |
49175 | +/* SADB_X_DEBUG */ | |
49176 | +1<<SADB_EXT_RESERVED | |
49177 | +| 1<<SADB_X_EXT_DEBUG | |
49178 | +, | |
49179 | +/* SADB_X_NAT_T_NEW_MAPPING */ | |
49180 | +1<<SADB_EXT_RESERVED | |
49181 | +| 1<<SADB_EXT_SA | |
49182 | +| 1<<SADB_EXT_ADDRESS_SRC | |
49183 | +| 1<<SADB_EXT_ADDRESS_DST | |
49184 | +| 1<<SADB_X_EXT_NAT_T_SPORT | |
49185 | +| 1<<SADB_X_EXT_NAT_T_DPORT | |
49186 | +} | |
49187 | +} | |
49188 | +}; | |
49189 | + | |
49190 | +/* | |
49191 | + * $Log: pfkey_v2_ext_bits.c,v $ | |
49192 | + * Revision 1.22 2005/05/11 01:45:31 mcr | |
49193 | + * make pfkey.h standalone. | |
49194 | + * | |
49195 | + * Revision 1.21 2004/07/10 07:48:36 mcr | |
49196 | + * Moved from linux/lib/libfreeswan/pfkey_v2_ext_bits.c,v | |
49197 | + * | |
49198 | + * Revision 1.20 2004/03/08 01:59:08 ken | |
49199 | + * freeswan.h -> openswan.h | |
49200 | + * | |
49201 | + * Revision 1.19 2003/12/22 21:38:13 mcr | |
49202 | + * removed extraenous #endif. | |
49203 | + * | |
49204 | + * Revision 1.18 2003/12/22 19:34:41 mcr | |
49205 | + * added 0.6c NAT-T patch. | |
49206 | + * | |
49207 | + * Revision 1.17 2003/12/10 01:20:19 mcr | |
49208 | + * NAT-traversal patches to KLIPS. | |
49209 | + * | |
49210 | + * Revision 1.16 2003/10/31 02:27:12 mcr | |
49211 | + * pulled up port-selector patches and sa_id elimination. | |
49212 | + * | |
49213 | + * Revision 1.15.30.1 2003/09/21 13:59:44 mcr | |
49214 | + * pre-liminary X.509 patch - does not yet pass tests. | |
49215 | + * | |
49216 | + * Revision 1.15 2002/04/24 07:55:32 mcr | |
49217 | + * #include patches and Makefiles for post-reorg compilation. | |
49218 | + * | |
49219 | + * Revision 1.14 2002/04/24 07:36:40 mcr | |
49220 | + * Moved from ./lib/pfkey_v2_ext_bits.c,v | |
49221 | + * | |
49222 | + * Revision 1.13 2002/01/29 22:25:36 rgb | |
49223 | + * Re-add ipsec_kversion.h to keep MALLOC happy. | |
49224 | + * | |
49225 | + * Revision 1.12 2002/01/29 01:59:10 mcr | |
49226 | + * removal of kversions.h - sources that needed it now use ipsec_param.h. | |
49227 | + * updating of IPv6 structures to match latest in6.h version. | |
49228 | + * removed dead code from openswan.h that also duplicated kversions.h | |
49229 | + * code. | |
49230 | + * | |
49231 | + * Revision 1.11 2001/10/18 04:45:24 rgb | |
49232 | + * 2.4.9 kernel deprecates linux/malloc.h in favour of linux/slab.h, | |
49233 | + * lib/openswan.h version macros moved to lib/kversions.h. | |
49234 | + * Other compiler directive cleanups. | |
49235 | + * | |
49236 | + * Revision 1.10 2001/09/08 21:13:35 rgb | |
49237 | + * Added pfkey ident extension support for ISAKMPd. (NetCelo) | |
49238 | + * | |
49239 | + * Revision 1.9 2001/06/14 19:35:16 rgb | |
49240 | + * Update copyright date. | |
49241 | + * | |
49242 | + * Revision 1.8 2001/03/26 23:07:36 rgb | |
49243 | + * Remove requirement for auth and enc key from UPDATE. | |
49244 | + * | |
49245 | + * Revision 1.7 2000/09/12 22:35:37 rgb | |
49246 | + * Restructured to remove unused extensions from CLEARFLOW messages. | |
49247 | + * | |
49248 | + * Revision 1.6 2000/09/09 06:39:01 rgb | |
49249 | + * Added comments for clarity. | |
49250 | + * | |
49251 | + * Revision 1.5 2000/06/02 22:54:14 rgb | |
49252 | + * Added Gerhard Gessler's struct sockaddr_storage mods for IPv6 support. | |
49253 | + * | |
49254 | + * Revision 1.4 2000/01/21 06:27:56 rgb | |
49255 | + * Added address cases for eroute flows. | |
49256 | + * Added comments for each message type. | |
49257 | + * Added klipsdebug switching capability. | |
49258 | + * Fixed GRPSA bitfields. | |
49259 | + * | |
49260 | + * Revision 1.3 1999/12/01 22:20:27 rgb | |
49261 | + * Remove requirement for a proxy address in an incoming getspi message. | |
49262 | + * | |
49263 | + * Revision 1.2 1999/11/27 11:57:06 rgb | |
49264 | + * Consolidated the 4 1-d extension bitmap arrays into one 4-d array. | |
49265 | + * Add CVS log entry to bottom of file. | |
49266 | + * Cleaned out unused bits. | |
49267 | + * | |
49268 | + */ | |
49269 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
49270 | +++ linux/net/ipsec/pfkey_v2_ext_process.c Mon Feb 9 13:51:03 2004 | |
49271 | @@ -0,0 +1,951 @@ | |
49272 | +/* | |
49273 | + * @(#) RFC2367 PF_KEYv2 Key management API message parser | |
49274 | + * Copyright (C) 1998-2003 Richard Guy Briggs. | |
49275 | + * Copyright (C) 2004 Michael Richardson <mcr@xelerance.com> | |
49276 | + * | |
49277 | + * This program is free software; you can redistribute it and/or modify it | |
49278 | + * under the terms of the GNU General Public License as published by the | |
49279 | + * Free Software Foundation; either version 2 of the License, or (at your | |
49280 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
49281 | + * | |
49282 | + * This program is distributed in the hope that it will be useful, but | |
49283 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
49284 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
49285 | + * for more details. | |
49286 | + * | |
49287 | + * RCSID $Id: pfkey_v2_ext_process.c,v 1.20.2.2 2006/10/06 21:39:26 paul Exp $ | |
49288 | + */ | |
49289 | + | |
49290 | +/* | |
49291 | + * Template from klips/net/ipsec/ipsec/ipsec_netlink.c. | |
49292 | + */ | |
49293 | + | |
49294 | +char pfkey_v2_ext_process_c_version[] = "$Id: pfkey_v2_ext_process.c,v 1.20.2.2 2006/10/06 21:39:26 paul Exp $"; | |
49295 | + | |
49296 | +#ifndef AUTOCONF_INCLUDED | |
49297 | +#include <linux/config.h> | |
49298 | +#endif | |
49299 | +#include <linux/version.h> | |
49300 | +#include <linux/kernel.h> /* printk() */ | |
49301 | + | |
49302 | +#include "openswan/ipsec_param.h" | |
49303 | + | |
49304 | +#ifdef MALLOC_SLAB | |
49305 | +# include <linux/slab.h> /* kmalloc() */ | |
49306 | +#else /* MALLOC_SLAB */ | |
49307 | +# include <linux/malloc.h> /* kmalloc() */ | |
49308 | +#endif /* MALLOC_SLAB */ | |
49309 | +#include <linux/errno.h> /* error codes */ | |
49310 | +#include <linux/types.h> /* size_t */ | |
49311 | +#include <linux/interrupt.h> /* mark_bh */ | |
49312 | + | |
49313 | +#include <linux/netdevice.h> /* struct device, and other headers */ | |
49314 | +#include <linux/etherdevice.h> /* eth_type_trans */ | |
49315 | +#include <linux/ip.h> /* struct iphdr */ | |
49316 | +#include <linux/skbuff.h> | |
49317 | + | |
49318 | +#include <openswan.h> | |
49319 | + | |
49320 | +#include <crypto/des.h> | |
49321 | + | |
49322 | +#ifdef SPINLOCK | |
49323 | +# ifdef SPINLOCK_23 | |
49324 | +# include <linux/spinlock.h> /* *lock* */ | |
49325 | +# else /* SPINLOCK_23 */ | |
49326 | +# include <asm/spinlock.h> /* *lock* */ | |
49327 | +# endif /* SPINLOCK_23 */ | |
49328 | +#endif /* SPINLOCK */ | |
49329 | +#ifdef NET_21 | |
49330 | +# include <linux/in6.h> | |
49331 | +# define ip_chk_addr inet_addr_type | |
49332 | +# define IS_MYADDR RTN_LOCAL | |
49333 | +#endif | |
49334 | + | |
49335 | +#include <net/ip.h> | |
49336 | +#ifdef NETLINK_SOCK | |
49337 | +# include <linux/netlink.h> | |
49338 | +#else | |
49339 | +# include <net/netlink.h> | |
49340 | +#endif | |
49341 | + | |
49342 | +#include <linux/random.h> /* get_random_bytes() */ | |
49343 | + | |
49344 | +#include "openswan/radij.h" | |
49345 | +#include "openswan/ipsec_encap.h" | |
49346 | +#include "openswan/ipsec_sa.h" | |
49347 | + | |
49348 | +#include "openswan/ipsec_radij.h" | |
49349 | +#include "openswan/ipsec_xform.h" | |
49350 | +#include "openswan/ipsec_ah.h" | |
49351 | +#include "openswan/ipsec_esp.h" | |
49352 | +#include "openswan/ipsec_tunnel.h" | |
49353 | +#include "openswan/ipsec_rcv.h" | |
49354 | +#include "openswan/ipcomp.h" | |
49355 | + | |
49356 | +#include <pfkeyv2.h> | |
49357 | +#include <pfkey.h> | |
49358 | + | |
49359 | +#include "openswan/ipsec_proto.h" | |
49360 | +#include "openswan/ipsec_alg.h" | |
49361 | + | |
49362 | +#define SENDERR(_x) do { error = -(_x); goto errlab; } while (0) | |
49363 | + | |
49364 | +int | |
49365 | +pfkey_sa_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr) | |
49366 | +{ | |
49367 | + struct sadb_sa *pfkey_sa = (struct sadb_sa *)pfkey_ext; | |
49368 | + int error = 0; | |
49369 | + struct ipsec_sa* ipsp; | |
49370 | + | |
49371 | + KLIPS_PRINT(debug_pfkey, | |
49372 | + "klips_debug:pfkey_sa_process: .\n"); | |
49373 | + | |
49374 | + if(!extr || !extr->ips) { | |
49375 | + KLIPS_PRINT(debug_pfkey, | |
49376 | + "klips_debug:pfkey_sa_process: " | |
49377 | + "extr or extr->ips is NULL, fatal\n"); | |
49378 | + SENDERR(EINVAL); | |
49379 | + } | |
49380 | + | |
49381 | + switch(pfkey_ext->sadb_ext_type) { | |
49382 | + case SADB_EXT_SA: | |
49383 | + ipsp = extr->ips; | |
49384 | + break; | |
49385 | + case SADB_X_EXT_SA2: | |
49386 | + if(extr->ips2 == NULL) { | |
49387 | + extr->ips2 = ipsec_sa_alloc(&error); /* pass error var by pointer */ | |
49388 | + } | |
49389 | + if(extr->ips2 == NULL) { | |
49390 | + SENDERR(-error); | |
49391 | + } | |
49392 | + ipsp = extr->ips2; | |
49393 | + break; | |
49394 | + default: | |
49395 | + KLIPS_PRINT(debug_pfkey, | |
49396 | + "klips_debug:pfkey_sa_process: " | |
49397 | + "invalid exttype=%d.\n", | |
49398 | + pfkey_ext->sadb_ext_type); | |
49399 | + SENDERR(EINVAL); | |
49400 | + } | |
49401 | + | |
49402 | + ipsp->ips_said.spi = pfkey_sa->sadb_sa_spi; | |
49403 | + ipsp->ips_replaywin = pfkey_sa->sadb_sa_replay; | |
49404 | + ipsp->ips_state = pfkey_sa->sadb_sa_state; | |
49405 | + ipsp->ips_flags = pfkey_sa->sadb_sa_flags; | |
49406 | + ipsp->ips_replaywin_lastseq = ipsp->ips_replaywin_bitmap = 0; | |
49407 | + ipsp->ips_ref_rel = pfkey_sa->sadb_x_sa_ref; | |
49408 | + | |
49409 | + switch(ipsp->ips_said.proto) { | |
49410 | + case IPPROTO_AH: | |
49411 | + ipsp->ips_authalg = pfkey_sa->sadb_sa_auth; | |
49412 | + ipsp->ips_encalg = SADB_EALG_NONE; | |
49413 | + break; | |
49414 | + case IPPROTO_ESP: | |
49415 | + ipsp->ips_authalg = pfkey_sa->sadb_sa_auth; | |
49416 | + ipsp->ips_encalg = pfkey_sa->sadb_sa_encrypt; | |
49417 | + ipsec_alg_sa_init(ipsp); | |
49418 | + break; | |
49419 | + case IPPROTO_IPIP: | |
49420 | + ipsp->ips_authalg = AH_NONE; | |
49421 | + ipsp->ips_encalg = ESP_NONE; | |
49422 | + break; | |
49423 | +#ifdef CONFIG_KLIPS_IPCOMP | |
49424 | + case IPPROTO_COMP: | |
49425 | + ipsp->ips_authalg = AH_NONE; | |
49426 | + ipsp->ips_encalg = pfkey_sa->sadb_sa_encrypt; | |
49427 | + break; | |
49428 | +#endif /* CONFIG_KLIPS_IPCOMP */ | |
49429 | + case IPPROTO_INT: | |
49430 | + ipsp->ips_authalg = AH_NONE; | |
49431 | + ipsp->ips_encalg = ESP_NONE; | |
49432 | + break; | |
49433 | + case 0: | |
49434 | + break; | |
49435 | + default: | |
49436 | + KLIPS_PRINT(debug_pfkey, | |
49437 | + "klips_debug:pfkey_sa_process: " | |
49438 | + "unknown proto=%d.\n", | |
49439 | + ipsp->ips_said.proto); | |
49440 | + SENDERR(EINVAL); | |
49441 | + } | |
49442 | + | |
49443 | +errlab: | |
49444 | + return error; | |
49445 | +} | |
49446 | + | |
49447 | +int | |
49448 | +pfkey_lifetime_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr) | |
49449 | +{ | |
49450 | + int error = 0; | |
49451 | + struct sadb_lifetime *pfkey_lifetime = (struct sadb_lifetime *)pfkey_ext; | |
49452 | + | |
49453 | + KLIPS_PRINT(debug_pfkey, | |
49454 | + "klips_debug:pfkey_lifetime_process: .\n"); | |
49455 | + | |
49456 | + if(!extr || !extr->ips) { | |
49457 | + KLIPS_PRINT(debug_pfkey, | |
49458 | + "klips_debug:pfkey_lifetime_process: " | |
49459 | + "extr or extr->ips is NULL, fatal\n"); | |
49460 | + SENDERR(EINVAL); | |
49461 | + } | |
49462 | + | |
49463 | + switch(pfkey_lifetime->sadb_lifetime_exttype) { | |
49464 | + case SADB_EXT_LIFETIME_CURRENT: | |
49465 | + KLIPS_PRINT(debug_pfkey, | |
49466 | + "klips_debug:pfkey_lifetime_process: " | |
49467 | + "lifetime_current not supported yet.\n"); | |
49468 | + SENDERR(EINVAL); | |
49469 | + break; | |
49470 | + case SADB_EXT_LIFETIME_HARD: | |
49471 | + ipsec_lifetime_update_hard(&extr->ips->ips_life.ipl_allocations, | |
49472 | + pfkey_lifetime->sadb_lifetime_allocations); | |
49473 | + | |
49474 | + ipsec_lifetime_update_hard(&extr->ips->ips_life.ipl_bytes, | |
49475 | + pfkey_lifetime->sadb_lifetime_bytes); | |
49476 | + | |
49477 | + ipsec_lifetime_update_hard(&extr->ips->ips_life.ipl_addtime, | |
49478 | + pfkey_lifetime->sadb_lifetime_addtime); | |
49479 | + | |
49480 | + ipsec_lifetime_update_hard(&extr->ips->ips_life.ipl_usetime, | |
49481 | + pfkey_lifetime->sadb_lifetime_usetime); | |
49482 | + | |
49483 | + break; | |
49484 | + | |
49485 | + case SADB_EXT_LIFETIME_SOFT: | |
49486 | + ipsec_lifetime_update_soft(&extr->ips->ips_life.ipl_allocations, | |
49487 | + pfkey_lifetime->sadb_lifetime_allocations); | |
49488 | + | |
49489 | + ipsec_lifetime_update_soft(&extr->ips->ips_life.ipl_bytes, | |
49490 | + pfkey_lifetime->sadb_lifetime_bytes); | |
49491 | + | |
49492 | + ipsec_lifetime_update_soft(&extr->ips->ips_life.ipl_addtime, | |
49493 | + pfkey_lifetime->sadb_lifetime_addtime); | |
49494 | + | |
49495 | + ipsec_lifetime_update_soft(&extr->ips->ips_life.ipl_usetime, | |
49496 | + pfkey_lifetime->sadb_lifetime_usetime); | |
49497 | + | |
49498 | + break; | |
49499 | + default: | |
49500 | + KLIPS_PRINT(debug_pfkey, | |
49501 | + "klips_debug:pfkey_lifetime_process: " | |
49502 | + "invalid exttype=%d.\n", | |
49503 | + pfkey_ext->sadb_ext_type); | |
49504 | + SENDERR(EINVAL); | |
49505 | + } | |
49506 | + | |
49507 | +errlab: | |
49508 | + return error; | |
49509 | +} | |
49510 | + | |
49511 | +int | |
49512 | +pfkey_address_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr) | |
49513 | +{ | |
49514 | + int error = 0; | |
49515 | + int saddr_len = 0; | |
49516 | + char ipaddr_txt[ADDRTOA_BUF]; | |
49517 | + unsigned char **sap; | |
49518 | + unsigned short * portp = 0; | |
49519 | + struct sadb_address *pfkey_address = (struct sadb_address *)pfkey_ext; | |
49520 | + struct sockaddr* s = (struct sockaddr*)((char*)pfkey_address + sizeof(*pfkey_address)); | |
49521 | + struct ipsec_sa* ipsp; | |
49522 | + | |
49523 | + KLIPS_PRINT(debug_pfkey, | |
49524 | + "klips_debug:pfkey_address_process:\n"); | |
49525 | + | |
49526 | + if(!extr || !extr->ips) { | |
49527 | + KLIPS_PRINT(debug_pfkey, | |
49528 | + "klips_debug:pfkey_address_process: " | |
49529 | + "extr or extr->ips is NULL, fatal\n"); | |
49530 | + SENDERR(EINVAL); | |
49531 | + } | |
49532 | + | |
49533 | + switch(s->sa_family) { | |
49534 | + case AF_INET: | |
49535 | + saddr_len = sizeof(struct sockaddr_in); | |
49536 | + addrtoa(((struct sockaddr_in*)s)->sin_addr, 0, ipaddr_txt, sizeof(ipaddr_txt)); | |
49537 | + KLIPS_PRINT(debug_pfkey, | |
49538 | + "klips_debug:pfkey_address_process: " | |
49539 | + "found address family=%d, AF_INET, %s.\n", | |
49540 | + s->sa_family, | |
49541 | + ipaddr_txt); | |
49542 | + break; | |
49543 | +#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) | |
49544 | + case AF_INET6: | |
49545 | + saddr_len = sizeof(struct sockaddr_in6); | |
49546 | + break; | |
49547 | +#endif /* defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) */ | |
49548 | + default: | |
49549 | + KLIPS_PRINT(debug_pfkey, | |
49550 | + "klips_debug:pfkey_address_process: " | |
49551 | + "s->sa_family=%d not supported.\n", | |
49552 | + s->sa_family); | |
49553 | + SENDERR(EPFNOSUPPORT); | |
49554 | + } | |
49555 | + | |
49556 | + switch(pfkey_address->sadb_address_exttype) { | |
49557 | + case SADB_EXT_ADDRESS_SRC: | |
49558 | + KLIPS_PRINT(debug_pfkey, | |
49559 | + "klips_debug:pfkey_address_process: " | |
49560 | + "found src address.\n"); | |
49561 | + sap = (unsigned char **)&(extr->ips->ips_addr_s); | |
49562 | + extr->ips->ips_addr_s_size = saddr_len; | |
49563 | + break; | |
49564 | + case SADB_EXT_ADDRESS_DST: | |
49565 | + KLIPS_PRINT(debug_pfkey, | |
49566 | + "klips_debug:pfkey_address_process: " | |
49567 | + "found dst address.\n"); | |
49568 | + sap = (unsigned char **)&(extr->ips->ips_addr_d); | |
49569 | + extr->ips->ips_addr_d_size = saddr_len; | |
49570 | + break; | |
49571 | + case SADB_EXT_ADDRESS_PROXY: | |
49572 | + KLIPS_PRINT(debug_pfkey, | |
49573 | + "klips_debug:pfkey_address_process: " | |
49574 | + "found proxy address.\n"); | |
49575 | + sap = (unsigned char **)&(extr->ips->ips_addr_p); | |
49576 | + extr->ips->ips_addr_p_size = saddr_len; | |
49577 | + break; | |
49578 | + case SADB_X_EXT_ADDRESS_DST2: | |
49579 | + KLIPS_PRINT(debug_pfkey, | |
49580 | + "klips_debug:pfkey_address_process: " | |
49581 | + "found 2nd dst address.\n"); | |
49582 | + if(extr->ips2 == NULL) { | |
49583 | + extr->ips2 = ipsec_sa_alloc(&error); /* pass error var by pointer */ | |
49584 | + } | |
49585 | + if(extr->ips2 == NULL) { | |
49586 | + SENDERR(-error); | |
49587 | + } | |
49588 | + sap = (unsigned char **)&(extr->ips2->ips_addr_d); | |
49589 | + extr->ips2->ips_addr_d_size = saddr_len; | |
49590 | + break; | |
49591 | + case SADB_X_EXT_ADDRESS_SRC_FLOW: | |
49592 | + KLIPS_PRINT(debug_pfkey, | |
49593 | + "klips_debug:pfkey_address_process: " | |
49594 | + "found src flow address.\n"); | |
49595 | + if(pfkey_alloc_eroute(&(extr->eroute)) == ENOMEM) { | |
49596 | + SENDERR(ENOMEM); | |
49597 | + } | |
49598 | + sap = (unsigned char **)&(extr->eroute->er_eaddr.sen_ip_src); | |
49599 | + portp = &(extr->eroute->er_eaddr.sen_sport); | |
49600 | + break; | |
49601 | + case SADB_X_EXT_ADDRESS_DST_FLOW: | |
49602 | + KLIPS_PRINT(debug_pfkey, | |
49603 | + "klips_debug:pfkey_address_process: " | |
49604 | + "found dst flow address.\n"); | |
49605 | + if(pfkey_alloc_eroute(&(extr->eroute)) == ENOMEM) { | |
49606 | + SENDERR(ENOMEM); | |
49607 | + } | |
49608 | + sap = (unsigned char **)&(extr->eroute->er_eaddr.sen_ip_dst); | |
49609 | + portp = &(extr->eroute->er_eaddr.sen_dport); | |
49610 | + break; | |
49611 | + case SADB_X_EXT_ADDRESS_SRC_MASK: | |
49612 | + KLIPS_PRINT(debug_pfkey, | |
49613 | + "klips_debug:pfkey_address_process: " | |
49614 | + "found src mask address.\n"); | |
49615 | + if(pfkey_alloc_eroute(&(extr->eroute)) == ENOMEM) { | |
49616 | + SENDERR(ENOMEM); | |
49617 | + } | |
49618 | + sap = (unsigned char **)&(extr->eroute->er_emask.sen_ip_src); | |
49619 | + portp = &(extr->eroute->er_emask.sen_sport); | |
49620 | + break; | |
49621 | + case SADB_X_EXT_ADDRESS_DST_MASK: | |
49622 | + KLIPS_PRINT(debug_pfkey, | |
49623 | + "klips_debug:pfkey_address_process: " | |
49624 | + "found dst mask address.\n"); | |
49625 | + if(pfkey_alloc_eroute(&(extr->eroute)) == ENOMEM) { | |
49626 | + SENDERR(ENOMEM); | |
49627 | + } | |
49628 | + sap = (unsigned char **)&(extr->eroute->er_emask.sen_ip_dst); | |
49629 | + portp = &(extr->eroute->er_emask.sen_dport); | |
49630 | + break; | |
49631 | +#ifdef NAT_TRAVERSAL | |
49632 | + case SADB_X_EXT_NAT_T_OA: | |
49633 | + KLIPS_PRINT(debug_pfkey, | |
49634 | + "klips_debug:pfkey_address_process: " | |
49635 | + "found NAT-OA address.\n"); | |
49636 | + sap = (unsigned char **)&(extr->ips->ips_natt_oa); | |
49637 | + extr->ips->ips_natt_oa_size = saddr_len; | |
49638 | + break; | |
49639 | +#endif | |
49640 | + default: | |
49641 | + KLIPS_PRINT(debug_pfkey, | |
49642 | + "klips_debug:pfkey_address_process: " | |
49643 | + "unrecognised ext_type=%d.\n", | |
49644 | + pfkey_address->sadb_address_exttype); | |
49645 | + SENDERR(EINVAL); | |
49646 | + } | |
49647 | + | |
49648 | + switch(pfkey_address->sadb_address_exttype) { | |
49649 | + case SADB_EXT_ADDRESS_SRC: | |
49650 | + case SADB_EXT_ADDRESS_DST: | |
49651 | + case SADB_EXT_ADDRESS_PROXY: | |
49652 | + case SADB_X_EXT_ADDRESS_DST2: | |
49653 | +#ifdef NAT_TRAVERSAL | |
49654 | + case SADB_X_EXT_NAT_T_OA: | |
49655 | +#endif | |
49656 | + KLIPS_PRINT(debug_pfkey, | |
49657 | + "klips_debug:pfkey_address_process: " | |
49658 | + "allocating %d bytes for saddr.\n", | |
49659 | + saddr_len); | |
49660 | + if(!(*sap = kmalloc(saddr_len, GFP_KERNEL))) { | |
49661 | + SENDERR(ENOMEM); | |
49662 | + } | |
49663 | + memcpy(*sap, s, saddr_len); | |
49664 | + break; | |
49665 | + default: | |
49666 | + if(s->sa_family != AF_INET) { | |
49667 | + KLIPS_PRINT(debug_pfkey, | |
49668 | + "klips_debug:pfkey_address_process: " | |
49669 | + "s->sa_family=%d not supported.\n", | |
49670 | + s->sa_family); | |
49671 | + SENDERR(EPFNOSUPPORT); | |
49672 | + } | |
49673 | + { | |
49674 | + unsigned long *ulsap = (unsigned long *)sap; | |
49675 | + *ulsap = ((struct sockaddr_in*)s)->sin_addr.s_addr; | |
49676 | + } | |
49677 | + | |
49678 | + if (portp != 0) | |
49679 | + *portp = ((struct sockaddr_in*)s)->sin_port; | |
49680 | +#ifdef CONFIG_KLIPS_DEBUG | |
49681 | + if(extr->eroute) { | |
49682 | + char buf1[64], buf2[64]; | |
49683 | + if (debug_pfkey) { | |
49684 | + subnettoa(extr->eroute->er_eaddr.sen_ip_src, | |
49685 | + extr->eroute->er_emask.sen_ip_src, 0, buf1, sizeof(buf1)); | |
49686 | + subnettoa(extr->eroute->er_eaddr.sen_ip_dst, | |
49687 | + extr->eroute->er_emask.sen_ip_dst, 0, buf2, sizeof(buf2)); | |
49688 | + KLIPS_PRINT(debug_pfkey, | |
49689 | + "klips_debug:pfkey_address_parse: " | |
49690 | + "extr->eroute set to %s:%d->%s:%d\n", | |
49691 | + buf1, | |
49692 | + ntohs(extr->eroute->er_eaddr.sen_sport), | |
49693 | + buf2, | |
49694 | + ntohs(extr->eroute->er_eaddr.sen_dport)); | |
49695 | + } | |
49696 | + } | |
49697 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
49698 | + } | |
49699 | + | |
49700 | + ipsp = extr->ips; | |
49701 | + switch(pfkey_address->sadb_address_exttype) { | |
49702 | + case SADB_X_EXT_ADDRESS_DST2: | |
49703 | + ipsp = extr->ips2; | |
49704 | + case SADB_EXT_ADDRESS_DST: | |
49705 | + if(s->sa_family == AF_INET) { | |
49706 | + ipsp->ips_said.dst.u.v4.sin_addr.s_addr = ((struct sockaddr_in*)(ipsp->ips_addr_d))->sin_addr.s_addr; | |
49707 | + ipsp->ips_said.dst.u.v4.sin_family = AF_INET; | |
49708 | + addrtoa(((struct sockaddr_in*)(ipsp->ips_addr_d))->sin_addr, | |
49709 | + 0, | |
49710 | + ipaddr_txt, | |
49711 | + sizeof(ipaddr_txt)); | |
49712 | + KLIPS_PRINT(debug_pfkey, | |
49713 | + "klips_debug:pfkey_address_process: " | |
49714 | + "ips_said.dst set to %s.\n", | |
49715 | + ipaddr_txt); | |
49716 | + } else { | |
49717 | + KLIPS_PRINT(debug_pfkey, | |
49718 | + "klips_debug:pfkey_address_process: " | |
49719 | + "uh, ips_said.dst doesn't do address family=%d yet, said will be invalid.\n", | |
49720 | + s->sa_family); | |
49721 | + } | |
49722 | + default: | |
49723 | + break; | |
49724 | + } | |
49725 | + | |
49726 | + /* XXX check if port!=0 */ | |
49727 | + | |
49728 | + KLIPS_PRINT(debug_pfkey, | |
49729 | + "klips_debug:pfkey_address_process: successful.\n"); | |
49730 | + errlab: | |
49731 | + return error; | |
49732 | +} | |
49733 | + | |
49734 | +int | |
49735 | +pfkey_key_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr) | |
49736 | +{ | |
49737 | + int error = 0; | |
49738 | + struct sadb_key *pfkey_key = (struct sadb_key *)pfkey_ext; | |
49739 | + | |
49740 | + KLIPS_PRINT(debug_pfkey, | |
49741 | + "klips_debug:pfkey_key_process: .\n"); | |
49742 | + | |
49743 | + if(!extr || !extr->ips) { | |
49744 | + KLIPS_PRINT(debug_pfkey, | |
49745 | + "klips_debug:pfkey_key_process: " | |
49746 | + "extr or extr->ips is NULL, fatal\n"); | |
49747 | + SENDERR(EINVAL); | |
49748 | + } | |
49749 | + | |
49750 | + switch(pfkey_key->sadb_key_exttype) { | |
49751 | + case SADB_EXT_KEY_AUTH: | |
49752 | + KLIPS_PRINT(debug_pfkey, | |
49753 | + "klips_debug:pfkey_key_process: " | |
49754 | + "allocating %d bytes for authkey.\n", | |
49755 | + DIVUP(pfkey_key->sadb_key_bits, 8)); | |
49756 | + if(!(extr->ips->ips_key_a = kmalloc(DIVUP(pfkey_key->sadb_key_bits, 8), GFP_KERNEL))) { | |
49757 | + KLIPS_PRINT(debug_pfkey, | |
49758 | + "klips_debug:pfkey_key_process: " | |
49759 | + "memory allocation error.\n"); | |
49760 | + SENDERR(ENOMEM); | |
49761 | + } | |
49762 | + extr->ips->ips_key_bits_a = pfkey_key->sadb_key_bits; | |
49763 | + extr->ips->ips_key_a_size = DIVUP(pfkey_key->sadb_key_bits, 8); | |
49764 | + memcpy(extr->ips->ips_key_a, | |
49765 | + (char*)pfkey_key + sizeof(struct sadb_key), | |
49766 | + extr->ips->ips_key_a_size); | |
49767 | + break; | |
49768 | + case SADB_EXT_KEY_ENCRYPT: /* Key(s) */ | |
49769 | + KLIPS_PRINT(debug_pfkey, | |
49770 | + "klips_debug:pfkey_key_process: " | |
49771 | + "allocating %d bytes for enckey.\n", | |
49772 | + DIVUP(pfkey_key->sadb_key_bits, 8)); | |
49773 | + if(!(extr->ips->ips_key_e = kmalloc(DIVUP(pfkey_key->sadb_key_bits, 8), GFP_KERNEL))) { | |
49774 | + KLIPS_PRINT(debug_pfkey, | |
49775 | + "klips_debug:pfkey_key_process: " | |
49776 | + "memory allocation error.\n"); | |
49777 | + SENDERR(ENOMEM); | |
49778 | + } | |
49779 | + extr->ips->ips_key_bits_e = pfkey_key->sadb_key_bits; | |
49780 | + extr->ips->ips_key_e_size = DIVUP(pfkey_key->sadb_key_bits, 8); | |
49781 | + memcpy(extr->ips->ips_key_e, | |
49782 | + (char*)pfkey_key + sizeof(struct sadb_key), | |
49783 | + extr->ips->ips_key_e_size); | |
49784 | + break; | |
49785 | + default: | |
49786 | + SENDERR(EINVAL); | |
49787 | + } | |
49788 | + | |
49789 | + KLIPS_PRINT(debug_pfkey, | |
49790 | + "klips_debug:pfkey_key_process: " | |
49791 | + "success.\n"); | |
49792 | +errlab: | |
49793 | + return error; | |
49794 | +} | |
49795 | + | |
49796 | +int | |
49797 | +pfkey_ident_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr) | |
49798 | +{ | |
49799 | + int error = 0; | |
49800 | + struct sadb_ident *pfkey_ident = (struct sadb_ident *)pfkey_ext; | |
49801 | + int data_len; | |
49802 | + | |
49803 | + KLIPS_PRINT(debug_pfkey, | |
49804 | + "klips_debug:pfkey_ident_process: .\n"); | |
49805 | + | |
49806 | + if(!extr || !extr->ips) { | |
49807 | + KLIPS_PRINT(debug_pfkey, | |
49808 | + "klips_debug:pfkey_ident_process: " | |
49809 | + "extr or extr->ips is NULL, fatal\n"); | |
49810 | + SENDERR(EINVAL); | |
49811 | + } | |
49812 | + | |
49813 | + switch(pfkey_ident->sadb_ident_exttype) { | |
49814 | + case SADB_EXT_IDENTITY_SRC: | |
49815 | + data_len = pfkey_ident->sadb_ident_len * IPSEC_PFKEYv2_ALIGN - sizeof(struct sadb_ident); | |
49816 | + | |
49817 | + extr->ips->ips_ident_s.type = pfkey_ident->sadb_ident_type; | |
49818 | + extr->ips->ips_ident_s.id = pfkey_ident->sadb_ident_id; | |
49819 | + extr->ips->ips_ident_s.len = pfkey_ident->sadb_ident_len; | |
49820 | + if(data_len) { | |
49821 | + KLIPS_PRINT(debug_pfkey, | |
49822 | + "klips_debug:pfkey_ident_process: " | |
49823 | + "allocating %d bytes for ident_s.\n", | |
49824 | + data_len); | |
49825 | + if(!(extr->ips->ips_ident_s.data | |
49826 | + = kmalloc(data_len, GFP_KERNEL))) { | |
49827 | + SENDERR(ENOMEM); | |
49828 | + } | |
49829 | + memcpy(extr->ips->ips_ident_s.data, | |
49830 | + (char*)pfkey_ident + sizeof(struct sadb_ident), | |
49831 | + data_len); | |
49832 | + } else { | |
49833 | + extr->ips->ips_ident_s.data = NULL; | |
49834 | + } | |
49835 | + break; | |
49836 | + case SADB_EXT_IDENTITY_DST: /* Identity(ies) */ | |
49837 | + data_len = pfkey_ident->sadb_ident_len * IPSEC_PFKEYv2_ALIGN - sizeof(struct sadb_ident); | |
49838 | + | |
49839 | + extr->ips->ips_ident_d.type = pfkey_ident->sadb_ident_type; | |
49840 | + extr->ips->ips_ident_d.id = pfkey_ident->sadb_ident_id; | |
49841 | + extr->ips->ips_ident_d.len = pfkey_ident->sadb_ident_len; | |
49842 | + if(data_len) { | |
49843 | + KLIPS_PRINT(debug_pfkey, | |
49844 | + "klips_debug:pfkey_ident_process: " | |
49845 | + "allocating %d bytes for ident_d.\n", | |
49846 | + data_len); | |
49847 | + if(!(extr->ips->ips_ident_d.data | |
49848 | + = kmalloc(data_len, GFP_KERNEL))) { | |
49849 | + SENDERR(ENOMEM); | |
49850 | + } | |
49851 | + memcpy(extr->ips->ips_ident_d.data, | |
49852 | + (char*)pfkey_ident + sizeof(struct sadb_ident), | |
49853 | + data_len); | |
49854 | + } else { | |
49855 | + extr->ips->ips_ident_d.data = NULL; | |
49856 | + } | |
49857 | + break; | |
49858 | + default: | |
49859 | + SENDERR(EINVAL); | |
49860 | + } | |
49861 | +errlab: | |
49862 | + return error; | |
49863 | +} | |
49864 | + | |
49865 | +int | |
49866 | +pfkey_sens_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr) | |
49867 | +{ | |
49868 | + int error = 0; | |
49869 | + | |
49870 | + KLIPS_PRINT(debug_pfkey, | |
49871 | + "klips_debug:pfkey_sens_process: " | |
49872 | + "Sorry, I can't process exttype=%d yet.\n", | |
49873 | + pfkey_ext->sadb_ext_type); | |
49874 | + SENDERR(EINVAL); /* don't process these yet */ | |
49875 | + errlab: | |
49876 | + return error; | |
49877 | +} | |
49878 | + | |
49879 | +int | |
49880 | +pfkey_prop_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr) | |
49881 | +{ | |
49882 | + int error = 0; | |
49883 | + | |
49884 | + KLIPS_PRINT(debug_pfkey, | |
49885 | + "klips_debug:pfkey_prop_process: " | |
49886 | + "Sorry, I can't process exttype=%d yet.\n", | |
49887 | + pfkey_ext->sadb_ext_type); | |
49888 | + SENDERR(EINVAL); /* don't process these yet */ | |
49889 | + | |
49890 | + errlab: | |
49891 | + return error; | |
49892 | +} | |
49893 | + | |
49894 | +int | |
49895 | +pfkey_supported_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr) | |
49896 | +{ | |
49897 | + int error = 0; | |
49898 | + | |
49899 | + KLIPS_PRINT(debug_pfkey, | |
49900 | + "klips_debug:pfkey_supported_process: " | |
49901 | + "Sorry, I can't process exttype=%d yet.\n", | |
49902 | + pfkey_ext->sadb_ext_type); | |
49903 | + SENDERR(EINVAL); /* don't process these yet */ | |
49904 | + | |
49905 | +errlab: | |
49906 | + return error; | |
49907 | +} | |
49908 | + | |
49909 | +int | |
49910 | +pfkey_spirange_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr) | |
49911 | +{ | |
49912 | + int error = 0; | |
49913 | + | |
49914 | + KLIPS_PRINT(debug_pfkey, | |
49915 | + "klips_debug:pfkey_spirange_process: .\n"); | |
49916 | +/* errlab: */ | |
49917 | + return error; | |
49918 | +} | |
49919 | + | |
49920 | +int | |
49921 | +pfkey_x_kmprivate_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr) | |
49922 | +{ | |
49923 | + int error = 0; | |
49924 | + | |
49925 | + KLIPS_PRINT(debug_pfkey, | |
49926 | + "klips_debug:pfkey_x_kmprivate_process: " | |
49927 | + "Sorry, I can't process exttype=%d yet.\n", | |
49928 | + pfkey_ext->sadb_ext_type); | |
49929 | + SENDERR(EINVAL); /* don't process these yet */ | |
49930 | + | |
49931 | +errlab: | |
49932 | + return error; | |
49933 | +} | |
49934 | + | |
49935 | +int | |
49936 | +pfkey_x_satype_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr) | |
49937 | +{ | |
49938 | + int error = 0; | |
49939 | + struct sadb_x_satype *pfkey_x_satype = (struct sadb_x_satype *)pfkey_ext; | |
49940 | + | |
49941 | + KLIPS_PRINT(debug_pfkey, | |
49942 | + "klips_debug:pfkey_x_satype_process: .\n"); | |
49943 | + | |
49944 | + if(!extr || !extr->ips) { | |
49945 | + KLIPS_PRINT(debug_pfkey, | |
49946 | + "klips_debug:pfkey_x_satype_process: " | |
49947 | + "extr or extr->ips is NULL, fatal\n"); | |
49948 | + SENDERR(EINVAL); | |
49949 | + } | |
49950 | + | |
49951 | + if(extr->ips2 == NULL) { | |
49952 | + extr->ips2 = ipsec_sa_alloc(&error); /* pass error var by pointer */ | |
49953 | + } | |
49954 | + if(extr->ips2 == NULL) { | |
49955 | + SENDERR(-error); | |
49956 | + } | |
49957 | + if(!(extr->ips2->ips_said.proto = satype2proto(pfkey_x_satype->sadb_x_satype_satype))) { | |
49958 | + KLIPS_PRINT(debug_pfkey, | |
49959 | + "klips_debug:pfkey_x_satype_process: " | |
49960 | + "proto lookup from satype=%d failed.\n", | |
49961 | + pfkey_x_satype->sadb_x_satype_satype); | |
49962 | + SENDERR(EINVAL); | |
49963 | + } | |
49964 | + KLIPS_PRINT(debug_pfkey, | |
49965 | + "klips_debug:pfkey_x_satype_process: " | |
49966 | + "protocol==%d decoded from satype==%d(%s).\n", | |
49967 | + extr->ips2->ips_said.proto, | |
49968 | + pfkey_x_satype->sadb_x_satype_satype, | |
49969 | + satype2name(pfkey_x_satype->sadb_x_satype_satype)); | |
49970 | + | |
49971 | +errlab: | |
49972 | + return error; | |
49973 | +} | |
49974 | + | |
49975 | + | |
49976 | +#ifdef CONFIG_IPSEC_NAT_TRAVERSAL | |
49977 | +int | |
49978 | +pfkey_x_nat_t_type_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr) | |
49979 | +{ | |
49980 | + int error = 0; | |
49981 | + struct sadb_x_nat_t_type *pfkey_x_nat_t_type = (struct sadb_x_nat_t_type *)pfkey_ext; | |
49982 | + | |
49983 | + if(!pfkey_x_nat_t_type) { | |
49984 | + printk("klips_debug:pfkey_x_nat_t_type_process: " | |
49985 | + "null pointer passed in\n"); | |
49986 | + SENDERR(EINVAL); | |
49987 | + } | |
49988 | + | |
49989 | + KLIPS_PRINT(debug_pfkey, | |
49990 | + "klips_debug:pfkey_x_nat_t_type_process: %d.\n", | |
49991 | + pfkey_x_nat_t_type->sadb_x_nat_t_type_type); | |
49992 | + | |
49993 | + if(!extr || !extr->ips) { | |
49994 | + KLIPS_PRINT(debug_pfkey, | |
49995 | + "klips_debug:pfkey_nat_t_type_process: " | |
49996 | + "extr or extr->ips is NULL, fatal\n"); | |
49997 | + SENDERR(EINVAL); | |
49998 | + } | |
49999 | + | |
50000 | + switch(pfkey_x_nat_t_type->sadb_x_nat_t_type_type) { | |
50001 | + case ESPINUDP_WITH_NON_IKE: /* with Non-IKE (older version) */ | |
50002 | + case ESPINUDP_WITH_NON_ESP: /* with Non-ESP */ | |
50003 | + | |
50004 | + extr->ips->ips_natt_type = pfkey_x_nat_t_type->sadb_x_nat_t_type_type; | |
50005 | + break; | |
50006 | + default: | |
50007 | + KLIPS_PRINT(debug_pfkey, | |
50008 | + "klips_debug:pfkey_x_nat_t_type_process: " | |
50009 | + "unknown type %d.\n", | |
50010 | + pfkey_x_nat_t_type->sadb_x_nat_t_type_type); | |
50011 | + SENDERR(EINVAL); | |
50012 | + break; | |
50013 | + } | |
50014 | + | |
50015 | +errlab: | |
50016 | + return error; | |
50017 | +} | |
50018 | + | |
50019 | +int | |
50020 | +pfkey_x_nat_t_port_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr) | |
50021 | +{ | |
50022 | + int error = 0; | |
50023 | + struct sadb_x_nat_t_port *pfkey_x_nat_t_port = (struct sadb_x_nat_t_port *)pfkey_ext; | |
50024 | + | |
50025 | + if(!pfkey_x_nat_t_port) { | |
50026 | + printk("klips_debug:pfkey_x_nat_t_port_process: " | |
50027 | + "null pointer passed in\n"); | |
50028 | + SENDERR(EINVAL); | |
50029 | + } | |
50030 | + | |
50031 | + KLIPS_PRINT(debug_pfkey, | |
50032 | + "klips_debug:pfkey_x_nat_t_port_process: %d/%d.\n", | |
50033 | + pfkey_x_nat_t_port->sadb_x_nat_t_port_exttype, | |
50034 | + pfkey_x_nat_t_port->sadb_x_nat_t_port_port); | |
50035 | + | |
50036 | + if(!extr || !extr->ips) { | |
50037 | + KLIPS_PRINT(debug_pfkey, | |
50038 | + "klips_debug:pfkey_nat_t_type_process: " | |
50039 | + "extr or extr->ips is NULL, fatal\n"); | |
50040 | + SENDERR(EINVAL); | |
50041 | + } | |
50042 | + | |
50043 | + switch(pfkey_x_nat_t_port->sadb_x_nat_t_port_exttype) { | |
50044 | + case SADB_X_EXT_NAT_T_SPORT: | |
50045 | + extr->ips->ips_natt_sport = pfkey_x_nat_t_port->sadb_x_nat_t_port_port; | |
50046 | + break; | |
50047 | + case SADB_X_EXT_NAT_T_DPORT: | |
50048 | + extr->ips->ips_natt_dport = pfkey_x_nat_t_port->sadb_x_nat_t_port_port; | |
50049 | + break; | |
50050 | + default: | |
50051 | + KLIPS_PRINT(debug_pfkey, | |
50052 | + "klips_debug:pfkey_x_nat_t_port_process: " | |
50053 | + "unknown exttype %d.\n", | |
50054 | + pfkey_x_nat_t_port->sadb_x_nat_t_port_exttype); | |
50055 | + SENDERR(EINVAL); | |
50056 | + break; | |
50057 | + } | |
50058 | + | |
50059 | +errlab: | |
50060 | + return error; | |
50061 | +} | |
50062 | +#endif | |
50063 | + | |
50064 | +int | |
50065 | +pfkey_x_debug_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr) | |
50066 | +{ | |
50067 | + int error = 0; | |
50068 | + struct sadb_x_debug *pfkey_x_debug = (struct sadb_x_debug *)pfkey_ext; | |
50069 | + | |
50070 | + if(!pfkey_x_debug) { | |
50071 | + printk("klips_debug:pfkey_x_debug_process: " | |
50072 | + "null pointer passed in\n"); | |
50073 | + SENDERR(EINVAL); | |
50074 | + } | |
50075 | + | |
50076 | + KLIPS_PRINT(debug_pfkey, | |
50077 | + "klips_debug:pfkey_x_debug_process: .\n"); | |
50078 | + | |
50079 | +#ifdef CONFIG_KLIPS_DEBUG | |
50080 | + if(pfkey_x_debug->sadb_x_debug_netlink >> | |
50081 | + (sizeof(pfkey_x_debug->sadb_x_debug_netlink) * 8 - 1)) { | |
50082 | + pfkey_x_debug->sadb_x_debug_netlink &= | |
50083 | + ~(1 << (sizeof(pfkey_x_debug->sadb_x_debug_netlink) * 8 -1)); | |
50084 | + debug_tunnel |= pfkey_x_debug->sadb_x_debug_tunnel; | |
50085 | + debug_netlink |= pfkey_x_debug->sadb_x_debug_netlink; | |
50086 | + debug_xform |= pfkey_x_debug->sadb_x_debug_xform; | |
50087 | + debug_eroute |= pfkey_x_debug->sadb_x_debug_eroute; | |
50088 | + debug_spi |= pfkey_x_debug->sadb_x_debug_spi; | |
50089 | + debug_radij |= pfkey_x_debug->sadb_x_debug_radij; | |
50090 | + debug_esp |= pfkey_x_debug->sadb_x_debug_esp; | |
50091 | + debug_ah |= pfkey_x_debug->sadb_x_debug_ah; | |
50092 | + debug_rcv |= pfkey_x_debug->sadb_x_debug_rcv; | |
50093 | + debug_pfkey |= pfkey_x_debug->sadb_x_debug_pfkey; | |
50094 | +#ifdef CONFIG_KLIPS_IPCOMP | |
50095 | + sysctl_ipsec_debug_ipcomp |= pfkey_x_debug->sadb_x_debug_ipcomp; | |
50096 | +#endif /* CONFIG_KLIPS_IPCOMP */ | |
50097 | + sysctl_ipsec_debug_verbose |= pfkey_x_debug->sadb_x_debug_verbose; | |
50098 | + KLIPS_PRINT(debug_pfkey, | |
50099 | + "klips_debug:pfkey_x_debug_process: " | |
50100 | + "set\n"); | |
50101 | + } else { | |
50102 | + KLIPS_PRINT(debug_pfkey, | |
50103 | + "klips_debug:pfkey_x_debug_process: " | |
50104 | + "unset\n"); | |
50105 | + debug_tunnel &= pfkey_x_debug->sadb_x_debug_tunnel; | |
50106 | + debug_netlink &= pfkey_x_debug->sadb_x_debug_netlink; | |
50107 | + debug_xform &= pfkey_x_debug->sadb_x_debug_xform; | |
50108 | + debug_eroute &= pfkey_x_debug->sadb_x_debug_eroute; | |
50109 | + debug_spi &= pfkey_x_debug->sadb_x_debug_spi; | |
50110 | + debug_radij &= pfkey_x_debug->sadb_x_debug_radij; | |
50111 | + debug_esp &= pfkey_x_debug->sadb_x_debug_esp; | |
50112 | + debug_ah &= pfkey_x_debug->sadb_x_debug_ah; | |
50113 | + debug_rcv &= pfkey_x_debug->sadb_x_debug_rcv; | |
50114 | + debug_pfkey &= pfkey_x_debug->sadb_x_debug_pfkey; | |
50115 | +#ifdef CONFIG_KLIPS_IPCOMP | |
50116 | + sysctl_ipsec_debug_ipcomp &= pfkey_x_debug->sadb_x_debug_ipcomp; | |
50117 | +#endif /* CONFIG_KLIPS_IPCOMP */ | |
50118 | + sysctl_ipsec_debug_verbose &= pfkey_x_debug->sadb_x_debug_verbose; | |
50119 | + } | |
50120 | +#else /* CONFIG_KLIPS_DEBUG */ | |
50121 | + printk("klips_debug:pfkey_x_debug_process: " | |
50122 | + "debugging not enabled\n"); | |
50123 | + SENDERR(EINVAL); | |
50124 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
50125 | + | |
50126 | +errlab: | |
50127 | + return error; | |
50128 | +} | |
50129 | + | |
50130 | +/* | |
50131 | + * $Log: pfkey_v2_ext_process.c,v $ | |
50132 | + * Revision 1.20.2.2 2006/10/06 21:39:26 paul | |
50133 | + * Fix for 2.6.18+ only include linux/config.h if AUTOCONF_INCLUDED is not | |
50134 | + * set. This is defined through autoconf.h which is included through the | |
50135 | + * linux kernel build macros. | |
50136 | + * | |
50137 | + * Revision 1.20.2.1 2006/04/20 16:33:07 mcr | |
50138 | + * remove all of CONFIG_KLIPS_ALG --- one can no longer build without it. | |
50139 | + * Fix in-kernel module compilation. Sub-makefiles do not work. | |
50140 | + * | |
50141 | + * Revision 1.20 2005/04/29 05:10:22 mcr | |
50142 | + * removed from extraenous includes to make unit testing easier. | |
50143 | + * | |
50144 | + * Revision 1.19 2004/12/04 07:14:18 mcr | |
50145 | + * resolution to gcc3-ism was wrong. fixed to assign correct | |
50146 | + * variable. | |
50147 | + * | |
50148 | + * Revision 1.18 2004/12/03 21:25:57 mcr | |
50149 | + * compile time fixes for running on 2.6. | |
50150 | + * still experimental. | |
50151 | + * | |
50152 | + * Revision 1.17 2004/08/21 00:45:04 mcr | |
50153 | + * CONFIG_KLIPS_NAT was wrong, also need to include udp.h. | |
50154 | + * | |
50155 | + * Revision 1.16 2004/07/10 19:11:18 mcr | |
50156 | + * CONFIG_IPSEC -> CONFIG_KLIPS. | |
50157 | + * | |
50158 | + * Revision 1.15 2004/04/06 02:49:26 mcr | |
50159 | + * pullup of algo code from alg-branch. | |
50160 | + * | |
50161 | + * Revision 1.14 2004/02/03 03:13:59 mcr | |
50162 | + * no longer #ifdef out NON_ESP mode. That was a mistake. | |
50163 | + * | |
50164 | + * Revision 1.13 2003/12/15 18:13:12 mcr | |
50165 | + * when compiling with NAT traversal, don't assume that the | |
50166 | + * kernel has been patched, unless CONFIG_IPSEC_NAT_NON_ESP | |
50167 | + * is set. | |
50168 | + * | |
50169 | + * Revision 1.12.2.1 2003/12/22 15:25:52 jjo | |
50170 | + * Merged algo-0.8.1-rc11-test1 into alg-branch | |
50171 | + * | |
50172 | + * Revision 1.12 2003/12/10 01:14:27 mcr | |
50173 | + * NAT-traversal patches to KLIPS. | |
50174 | + * | |
50175 | + * Revision 1.11 2003/10/31 02:27:55 mcr | |
50176 | + * pulled up port-selector patches and sa_id elimination. | |
50177 | + * | |
50178 | + * Revision 1.10.4.2 2003/10/29 01:30:41 mcr | |
50179 | + * elimited "struct sa_id". | |
50180 | + * | |
50181 | + * Revision 1.10.4.1 2003/09/21 13:59:56 mcr | |
50182 | + * pre-liminary X.509 patch - does not yet pass tests. | |
50183 | + * | |
50184 | + * Revision 1.10 2003/02/06 01:51:41 rgb | |
50185 | + * Removed no longer relevant comment | |
50186 | + * | |
50187 | + * Revision 1.9 2003/01/30 02:32:44 rgb | |
50188 | + * | |
50189 | + * Transmit error code through to caller from callee for better diagnosis of problems. | |
50190 | + * | |
50191 | + * Revision 1.8 2002/12/13 22:42:22 mcr | |
50192 | + * restored sa_ref code | |
50193 | + * | |
50194 | + * Revision 1.7 2002/12/13 22:40:48 mcr | |
50195 | + * temporarily removed sadb_x_sa_ref reference for 2.xx | |
50196 | + * | |
50197 | + * Revision 1.6 2002/10/05 05:02:58 dhr | |
50198 | + * | |
50199 | + * C labels go on statements | |
50200 | + * | |
50201 | + * Revision 1.5 2002/09/20 15:41:08 rgb | |
50202 | + * Switch from pfkey_alloc_ipsec_sa() to ipsec_sa_alloc(). | |
50203 | + * Added sadb_x_sa_ref to struct sadb_sa. | |
50204 | + * | |
50205 | + * Revision 1.4 2002/09/20 05:02:02 rgb | |
50206 | + * Added memory allocation debugging. | |
50207 | + * | |
50208 | + * Revision 1.3 2002/07/24 18:44:54 rgb | |
50209 | + * Type fiddling to tame ia64 compiler. | |
50210 | + * | |
50211 | + * Revision 1.2 2002/05/27 18:55:03 rgb | |
50212 | + * Remove final vistiges of tdb references via IPSEC_KLIPS1_COMPAT. | |
50213 | + * | |
50214 | + * Revision 1.1 2002/05/14 02:33:51 rgb | |
50215 | + * Moved all the extension processing functions to pfkey_v2_ext_process.c. | |
50216 | + * | |
50217 | + * | |
50218 | + * Local variables: | |
50219 | + * c-file-style: "linux" | |
50220 | + * End: | |
50221 | + * | |
50222 | + */ | |
50223 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
50224 | +++ linux/net/ipsec/pfkey_v2_parse.c Mon Feb 9 13:51:03 2004 | |
50225 | @@ -0,0 +1,1846 @@ | |
50226 | +/* | |
50227 | + * RFC2367 PF_KEYv2 Key management API message parser | |
50228 | + * Copyright (C) 1999, 2000, 2001 Richard Guy Briggs. | |
50229 | + * | |
50230 | + * This program is free software; you can redistribute it and/or modify it | |
50231 | + * under the terms of the GNU General Public License as published by the | |
50232 | + * Free Software Foundation; either version 2 of the License, or (at your | |
50233 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
50234 | + * | |
50235 | + * This program is distributed in the hope that it will be useful, but | |
50236 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
50237 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
50238 | + * for more details. | |
50239 | + * | |
50240 | + * RCSID $Id: pfkey_v2_parse.c,v 1.65 2005/04/06 17:46:05 mcr Exp $ | |
50241 | + */ | |
50242 | + | |
50243 | +/* | |
50244 | + * Template from klips/net/ipsec/ipsec/ipsec_parser.c. | |
50245 | + */ | |
50246 | + | |
50247 | +char pfkey_v2_parse_c_version[] = "$Id: pfkey_v2_parse.c,v 1.65 2005/04/06 17:46:05 mcr Exp $"; | |
50248 | + | |
50249 | +/* | |
50250 | + * Some ugly stuff to allow consistent debugging code for use in the | |
50251 | + * kernel and in user space | |
50252 | +*/ | |
50253 | + | |
50254 | +#ifdef __KERNEL__ | |
50255 | + | |
50256 | +# include <linux/kernel.h> /* for printk */ | |
50257 | + | |
50258 | +#include "openswan/ipsec_kversion.h" /* for malloc switch */ | |
50259 | + | |
50260 | +# ifdef MALLOC_SLAB | |
50261 | +# include <linux/slab.h> /* kmalloc() */ | |
50262 | +# else /* MALLOC_SLAB */ | |
50263 | +# include <linux/malloc.h> /* kmalloc() */ | |
50264 | +# endif /* MALLOC_SLAB */ | |
50265 | +# include <linux/errno.h> /* error codes */ | |
50266 | +# include <linux/types.h> /* size_t */ | |
50267 | +# include <linux/interrupt.h> /* mark_bh */ | |
50268 | + | |
50269 | +# include <linux/netdevice.h> /* struct device, and other headers */ | |
50270 | +# include <linux/etherdevice.h> /* eth_type_trans */ | |
50271 | +# include <linux/ip.h> /* struct iphdr */ | |
50272 | +# if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) | |
50273 | +# include <linux/ipv6.h> /* struct ipv6hdr */ | |
50274 | +# endif /* if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) */ | |
50275 | +extern int debug_pfkey; | |
50276 | + | |
50277 | +# include <openswan.h> | |
50278 | + | |
50279 | +#include "openswan/ipsec_encap.h" | |
50280 | + | |
50281 | +#else /* __KERNEL__ */ | |
50282 | + | |
50283 | +# include <sys/types.h> | |
50284 | +# include <linux/types.h> | |
50285 | +# include <linux/errno.h> | |
50286 | + | |
50287 | +# include <openswan.h> | |
50288 | +# include "constants.h" | |
50289 | +# include "programs/pluto/defs.h" /* for PRINTF_LIKE */ | |
50290 | + | |
50291 | +#endif /* __KERNEL__ */ | |
50292 | + | |
50293 | + | |
50294 | +#include <pfkeyv2.h> | |
50295 | +#include <pfkey.h> | |
50296 | + | |
50297 | +#include "openswan/ipsec_sa.h" /* IPSEC_SAREF_NULL, IPSEC_SA_REF_TABLE_IDX_WIDTH */ | |
50298 | + | |
50299 | +/* | |
50300 | + * how to handle debugging for pfkey. | |
50301 | + */ | |
50302 | +#include <openswan/pfkey_debug.h> | |
50303 | + | |
50304 | +unsigned int pfkey_lib_debug = PF_KEY_DEBUG_PARSE_NONE; | |
50305 | +void (*pfkey_debug_func)(const char *message, ...) PRINTF_LIKE(1); | |
50306 | +void (*pfkey_error_func)(const char *message, ...) PRINTF_LIKE(1); | |
50307 | + | |
50308 | + | |
50309 | +#define SENDERR(_x) do { error = -(_x); goto errlab; } while (0) | |
50310 | + | |
50311 | +struct satype_tbl { | |
50312 | + uint8_t proto; | |
50313 | + uint8_t satype; | |
50314 | + char* name; | |
50315 | +} static satype_tbl[] = { | |
50316 | +#ifdef __KERNEL__ | |
50317 | + { IPPROTO_ESP, SADB_SATYPE_ESP, "ESP" }, | |
50318 | + { IPPROTO_AH, SADB_SATYPE_AH, "AH" }, | |
50319 | + { IPPROTO_IPIP, SADB_X_SATYPE_IPIP, "IPIP" }, | |
50320 | +#ifdef CONFIG_KLIPS_IPCOMP | |
50321 | + { IPPROTO_COMP, SADB_X_SATYPE_COMP, "COMP" }, | |
50322 | +#endif /* CONFIG_KLIPS_IPCOMP */ | |
50323 | + { IPPROTO_INT, SADB_X_SATYPE_INT, "INT" }, | |
50324 | +#else /* __KERNEL__ */ | |
50325 | + { SA_ESP, SADB_SATYPE_ESP, "ESP" }, | |
50326 | + { SA_AH, SADB_SATYPE_AH, "AH" }, | |
50327 | + { SA_IPIP, SADB_X_SATYPE_IPIP, "IPIP" }, | |
50328 | + { SA_COMP, SADB_X_SATYPE_COMP, "COMP" }, | |
50329 | + { SA_INT, SADB_X_SATYPE_INT, "INT" }, | |
50330 | +#endif /* __KERNEL__ */ | |
50331 | + { 0, 0, "UNKNOWN" } | |
50332 | +}; | |
50333 | + | |
50334 | +uint8_t | |
50335 | +satype2proto(uint8_t satype) | |
50336 | +{ | |
50337 | + int i =0; | |
50338 | + | |
50339 | + while(satype_tbl[i].satype != satype && satype_tbl[i].satype != 0) { | |
50340 | + i++; | |
50341 | + } | |
50342 | + return satype_tbl[i].proto; | |
50343 | +} | |
50344 | + | |
50345 | +uint8_t | |
50346 | +proto2satype(uint8_t proto) | |
50347 | +{ | |
50348 | + int i = 0; | |
50349 | + | |
50350 | + while(satype_tbl[i].proto != proto && satype_tbl[i].proto != 0) { | |
50351 | + i++; | |
50352 | + } | |
50353 | + return satype_tbl[i].satype; | |
50354 | +} | |
50355 | + | |
50356 | +char* | |
50357 | +satype2name(uint8_t satype) | |
50358 | +{ | |
50359 | + int i = 0; | |
50360 | + | |
50361 | + while(satype_tbl[i].satype != satype && satype_tbl[i].satype != 0) { | |
50362 | + i++; | |
50363 | + } | |
50364 | + return satype_tbl[i].name; | |
50365 | +} | |
50366 | + | |
50367 | +char* | |
50368 | +proto2name(uint8_t proto) | |
50369 | +{ | |
50370 | + int i = 0; | |
50371 | + | |
50372 | + while(satype_tbl[i].proto != proto && satype_tbl[i].proto != 0) { | |
50373 | + i++; | |
50374 | + } | |
50375 | + return satype_tbl[i].name; | |
50376 | +} | |
50377 | + | |
50378 | +/* Default extension parsers taken from the KLIPS code */ | |
50379 | + | |
50380 | +DEBUG_NO_STATIC int | |
50381 | +pfkey_sa_parse(struct sadb_ext *pfkey_ext) | |
50382 | +{ | |
50383 | + int error = 0; | |
50384 | + struct sadb_sa *pfkey_sa = (struct sadb_sa *)pfkey_ext; | |
50385 | +#if 0 | |
50386 | + struct sadb_sa sav2; | |
50387 | +#endif | |
50388 | + | |
50389 | + /* sanity checks... */ | |
50390 | + if(!pfkey_sa) { | |
50391 | + ERROR("pfkey_sa_parse: " | |
50392 | + "NULL pointer passed in.\n"); | |
50393 | + SENDERR(EINVAL); | |
50394 | + } | |
50395 | + | |
50396 | +#if 0 | |
50397 | + /* check if this structure is short, and if so, fix it up. | |
50398 | + * XXX this is NOT the way to do things. | |
50399 | + */ | |
50400 | + if(pfkey_sa->sadb_sa_len == sizeof(struct sadb_sa_v1)/IPSEC_PFKEYv2_ALIGN) { | |
50401 | + | |
50402 | + /* yes, so clear out a temporary structure, and copy first */ | |
50403 | + memset(&sav2, 0, sizeof(sav2)); | |
50404 | + memcpy(&sav2, pfkey_sa, sizeof(struct sadb_sa_v1)); | |
50405 | + sav2.sadb_x_sa_ref=-1; | |
50406 | + sav2.sadb_sa_len = sizeof(struct sadb_sa) / IPSEC_PFKEYv2_ALIGN; | |
50407 | + | |
50408 | + pfkey_sa = &sav2; | |
50409 | + } | |
50410 | +#endif | |
50411 | + | |
50412 | + | |
50413 | + if(pfkey_sa->sadb_sa_len != sizeof(struct sadb_sa) / IPSEC_PFKEYv2_ALIGN) { | |
50414 | + ERROR( | |
50415 | + "pfkey_sa_parse: " | |
50416 | + "length wrong pfkey_sa->sadb_sa_len=%d sizeof(struct sadb_sa)=%d.\n", | |
50417 | + pfkey_sa->sadb_sa_len, | |
50418 | + (int)sizeof(struct sadb_sa)); | |
50419 | + SENDERR(EINVAL); | |
50420 | + } | |
50421 | + | |
50422 | +#if SADB_EALG_MAX < 255 | |
50423 | + if(pfkey_sa->sadb_sa_encrypt > SADB_EALG_MAX) { | |
50424 | + ERROR( | |
50425 | + "pfkey_sa_parse: " | |
50426 | + "pfkey_sa->sadb_sa_encrypt=%d > SADB_EALG_MAX=%d.\n", | |
50427 | + pfkey_sa->sadb_sa_encrypt, | |
50428 | + SADB_EALG_MAX); | |
50429 | + SENDERR(EINVAL); | |
50430 | + } | |
50431 | +#endif | |
50432 | + | |
50433 | +#if SADB_AALG_MAX < 255 | |
50434 | + if(pfkey_sa->sadb_sa_auth > SADB_AALG_MAX) { | |
50435 | + ERROR( | |
50436 | + "pfkey_sa_parse: " | |
50437 | + "pfkey_sa->sadb_sa_auth=%d > SADB_AALG_MAX=%d.\n", | |
50438 | + pfkey_sa->sadb_sa_auth, | |
50439 | + SADB_AALG_MAX); | |
50440 | + SENDERR(EINVAL); | |
50441 | + } | |
50442 | +#endif | |
50443 | + | |
50444 | +#if SADB_SASTATE_MAX < 255 | |
50445 | + if(pfkey_sa->sadb_sa_state > SADB_SASTATE_MAX) { | |
50446 | + ERROR( | |
50447 | + "pfkey_sa_parse: " | |
50448 | + "state=%d exceeds MAX=%d.\n", | |
50449 | + pfkey_sa->sadb_sa_state, | |
50450 | + SADB_SASTATE_MAX); | |
50451 | + SENDERR(EINVAL); | |
50452 | + } | |
50453 | +#endif | |
50454 | + | |
50455 | + if(pfkey_sa->sadb_sa_state == SADB_SASTATE_DEAD) { | |
50456 | + ERROR( | |
50457 | + "pfkey_sa_parse: " | |
50458 | + "state=%d is DEAD=%d.\n", | |
50459 | + pfkey_sa->sadb_sa_state, | |
50460 | + SADB_SASTATE_DEAD); | |
50461 | + SENDERR(EINVAL); | |
50462 | + } | |
50463 | + | |
50464 | + if(pfkey_sa->sadb_sa_replay > 64) { | |
50465 | + ERROR( | |
50466 | + "pfkey_sa_parse: " | |
50467 | + "replay window size: %d -- must be 0 <= size <= 64\n", | |
50468 | + pfkey_sa->sadb_sa_replay); | |
50469 | + SENDERR(EINVAL); | |
50470 | + } | |
50471 | + | |
50472 | + if(! ((pfkey_sa->sadb_sa_exttype == SADB_EXT_SA) || | |
50473 | + (pfkey_sa->sadb_sa_exttype == SADB_X_EXT_SA2))) | |
50474 | + { | |
50475 | + ERROR( | |
50476 | + "pfkey_sa_parse: " | |
50477 | + "unknown exttype=%d, expecting SADB_EXT_SA=%d or SADB_X_EXT_SA2=%d.\n", | |
50478 | + pfkey_sa->sadb_sa_exttype, | |
50479 | + SADB_EXT_SA, | |
50480 | + SADB_X_EXT_SA2); | |
50481 | + SENDERR(EINVAL); | |
50482 | + } | |
50483 | + | |
50484 | + if((IPSEC_SAREF_NULL != pfkey_sa->sadb_x_sa_ref) && (pfkey_sa->sadb_x_sa_ref >= (1 << IPSEC_SA_REF_TABLE_IDX_WIDTH))) { | |
50485 | + ERROR( | |
50486 | + "pfkey_sa_parse: " | |
50487 | + "SAref=%d must be (SAref == IPSEC_SAREF_NULL(%d) || SAref < IPSEC_SA_REF_TABLE_NUM_ENTRIES(%d)).\n", | |
50488 | + pfkey_sa->sadb_x_sa_ref, | |
50489 | + IPSEC_SAREF_NULL, | |
50490 | + IPSEC_SA_REF_TABLE_NUM_ENTRIES); | |
50491 | + SENDERR(EINVAL); | |
50492 | + } | |
50493 | + | |
50494 | + DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT, | |
50495 | + "pfkey_sa_parse: " | |
50496 | + "successfully found len=%d exttype=%d(%s) spi=%08lx replay=%d state=%d auth=%d encrypt=%d flags=%d ref=%d.\n", | |
50497 | + pfkey_sa->sadb_sa_len, | |
50498 | + pfkey_sa->sadb_sa_exttype, | |
50499 | + pfkey_v2_sadb_ext_string(pfkey_sa->sadb_sa_exttype), | |
50500 | + (long unsigned int)ntohl(pfkey_sa->sadb_sa_spi), | |
50501 | + pfkey_sa->sadb_sa_replay, | |
50502 | + pfkey_sa->sadb_sa_state, | |
50503 | + pfkey_sa->sadb_sa_auth, | |
50504 | + pfkey_sa->sadb_sa_encrypt, | |
50505 | + pfkey_sa->sadb_sa_flags, | |
50506 | + pfkey_sa->sadb_x_sa_ref); | |
50507 | + | |
50508 | + errlab: | |
50509 | + return error; | |
50510 | +} | |
50511 | + | |
50512 | +DEBUG_NO_STATIC int | |
50513 | +pfkey_lifetime_parse(struct sadb_ext *pfkey_ext) | |
50514 | +{ | |
50515 | + int error = 0; | |
50516 | + struct sadb_lifetime *pfkey_lifetime = (struct sadb_lifetime *)pfkey_ext; | |
50517 | + | |
50518 | + DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW, | |
50519 | + "pfkey_lifetime_parse:enter\n"); | |
50520 | + /* sanity checks... */ | |
50521 | + if(!pfkey_lifetime) { | |
50522 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
50523 | + "pfkey_lifetime_parse: " | |
50524 | + "NULL pointer passed in.\n"); | |
50525 | + SENDERR(EINVAL); | |
50526 | + } | |
50527 | + | |
50528 | + if(pfkey_lifetime->sadb_lifetime_len != | |
50529 | + sizeof(struct sadb_lifetime) / IPSEC_PFKEYv2_ALIGN) { | |
50530 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
50531 | + "pfkey_lifetime_parse: " | |
50532 | + "length wrong pfkey_lifetime->sadb_lifetime_len=%d sizeof(struct sadb_lifetime)=%d.\n", | |
50533 | + pfkey_lifetime->sadb_lifetime_len, | |
50534 | + (int)sizeof(struct sadb_lifetime)); | |
50535 | + SENDERR(EINVAL); | |
50536 | + } | |
50537 | + | |
50538 | + if((pfkey_lifetime->sadb_lifetime_exttype != SADB_EXT_LIFETIME_HARD) && | |
50539 | + (pfkey_lifetime->sadb_lifetime_exttype != SADB_EXT_LIFETIME_SOFT) && | |
50540 | + (pfkey_lifetime->sadb_lifetime_exttype != SADB_EXT_LIFETIME_CURRENT)) { | |
50541 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
50542 | + "pfkey_lifetime_parse: " | |
50543 | + "unexpected ext_type=%d.\n", | |
50544 | + pfkey_lifetime->sadb_lifetime_exttype); | |
50545 | + SENDERR(EINVAL); | |
50546 | + } | |
50547 | + | |
50548 | + DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT, | |
50549 | + "pfkey_lifetime_parse: " | |
50550 | + "life_type=%d(%s) alloc=%u bytes=%u add=%u use=%u pkts=%u.\n", | |
50551 | + pfkey_lifetime->sadb_lifetime_exttype, | |
50552 | + pfkey_v2_sadb_ext_string(pfkey_lifetime->sadb_lifetime_exttype), | |
50553 | + pfkey_lifetime->sadb_lifetime_allocations, | |
50554 | + (unsigned)pfkey_lifetime->sadb_lifetime_bytes, | |
50555 | + (unsigned)pfkey_lifetime->sadb_lifetime_addtime, | |
50556 | + (unsigned)pfkey_lifetime->sadb_lifetime_usetime, | |
50557 | + pfkey_lifetime->sadb_x_lifetime_packets); | |
50558 | +errlab: | |
50559 | + return error; | |
50560 | +} | |
50561 | + | |
50562 | +DEBUG_NO_STATIC int | |
50563 | +pfkey_address_parse(struct sadb_ext *pfkey_ext) | |
50564 | +{ | |
50565 | + int error = 0; | |
50566 | + int saddr_len = 0; | |
50567 | + struct sadb_address *pfkey_address = (struct sadb_address *)pfkey_ext; | |
50568 | + struct sockaddr* s = (struct sockaddr*)((char*)pfkey_address + sizeof(*pfkey_address)); | |
50569 | + char ipaddr_txt[ADDRTOT_BUF]; | |
50570 | + | |
50571 | + /* sanity checks... */ | |
50572 | + if(!pfkey_address) { | |
50573 | + ERROR( | |
50574 | + "pfkey_address_parse: " | |
50575 | + "NULL pointer passed in.\n"); | |
50576 | + SENDERR(EINVAL); | |
50577 | + } | |
50578 | + | |
50579 | + if(pfkey_address->sadb_address_len < | |
50580 | + (sizeof(struct sadb_address) + sizeof(struct sockaddr))/ | |
50581 | + IPSEC_PFKEYv2_ALIGN) { | |
50582 | + ERROR("pfkey_address_parse: " | |
50583 | + "size wrong 1 ext_len=%d, adr_ext_len=%d, saddr_len=%d.\n", | |
50584 | + pfkey_address->sadb_address_len, | |
50585 | + (int)sizeof(struct sadb_address), | |
50586 | + (int)sizeof(struct sockaddr)); | |
50587 | + SENDERR(EINVAL); | |
50588 | + } | |
50589 | + | |
50590 | + if(pfkey_address->sadb_address_reserved) { | |
50591 | + ERROR("pfkey_address_parse: " | |
50592 | + "res=%d, must be zero.\n", | |
50593 | + pfkey_address->sadb_address_reserved); | |
50594 | + SENDERR(EINVAL); | |
50595 | + } | |
50596 | + | |
50597 | + switch(pfkey_address->sadb_address_exttype) { | |
50598 | + case SADB_EXT_ADDRESS_SRC: | |
50599 | + case SADB_EXT_ADDRESS_DST: | |
50600 | + case SADB_EXT_ADDRESS_PROXY: | |
50601 | + case SADB_X_EXT_ADDRESS_DST2: | |
50602 | + case SADB_X_EXT_ADDRESS_SRC_FLOW: | |
50603 | + case SADB_X_EXT_ADDRESS_DST_FLOW: | |
50604 | + case SADB_X_EXT_ADDRESS_SRC_MASK: | |
50605 | + case SADB_X_EXT_ADDRESS_DST_MASK: | |
50606 | +#ifdef NAT_TRAVERSAL | |
50607 | + case SADB_X_EXT_NAT_T_OA: | |
50608 | +#endif | |
50609 | + break; | |
50610 | + default: | |
50611 | + ERROR( | |
50612 | + "pfkey_address_parse: " | |
50613 | + "unexpected ext_type=%d.\n", | |
50614 | + pfkey_address->sadb_address_exttype); | |
50615 | + SENDERR(ENOPKG); | |
50616 | + } | |
50617 | + | |
50618 | + switch(s->sa_family) { | |
50619 | + case AF_INET: | |
50620 | + saddr_len = sizeof(struct sockaddr_in); | |
50621 | + sprintf(ipaddr_txt, "%d.%d.%d.%d" | |
50622 | + , (((struct sockaddr_in*)s)->sin_addr.s_addr >> 0) & 0xFF | |
50623 | + , (((struct sockaddr_in*)s)->sin_addr.s_addr >> 8) & 0xFF | |
50624 | + , (((struct sockaddr_in*)s)->sin_addr.s_addr >> 16) & 0xFF | |
50625 | + , (((struct sockaddr_in*)s)->sin_addr.s_addr >> 24) & 0xFF); | |
50626 | + DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT, | |
50627 | + "pfkey_address_parse: " | |
50628 | + "found exttype=%u(%s) family=%d(AF_INET) address=%s proto=%u port=%u.\n", | |
50629 | + pfkey_address->sadb_address_exttype, | |
50630 | + pfkey_v2_sadb_ext_string(pfkey_address->sadb_address_exttype), | |
50631 | + s->sa_family, | |
50632 | + ipaddr_txt, | |
50633 | + pfkey_address->sadb_address_proto, | |
50634 | + ntohs(((struct sockaddr_in*)s)->sin_port)); | |
50635 | + break; | |
50636 | + case AF_INET6: | |
50637 | + saddr_len = sizeof(struct sockaddr_in6); | |
50638 | + sprintf(ipaddr_txt, "%x:%x:%x:%x:%x:%x:%x:%x" | |
50639 | + , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr16[0]) | |
50640 | + , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr16[1]) | |
50641 | + , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr16[2]) | |
50642 | + , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr16[3]) | |
50643 | + , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr16[4]) | |
50644 | + , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr16[5]) | |
50645 | + , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr16[6]) | |
50646 | + , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr16[7])); | |
50647 | + DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT, | |
50648 | + "pfkey_address_parse: " | |
50649 | + "found exttype=%u(%s) family=%d(AF_INET6) address=%s proto=%u port=%u.\n", | |
50650 | + pfkey_address->sadb_address_exttype, | |
50651 | + pfkey_v2_sadb_ext_string(pfkey_address->sadb_address_exttype), | |
50652 | + s->sa_family, | |
50653 | + ipaddr_txt, | |
50654 | + pfkey_address->sadb_address_proto, | |
50655 | + ((struct sockaddr_in6*)s)->sin6_port); | |
50656 | + break; | |
50657 | + default: | |
50658 | + ERROR( | |
50659 | + "pfkey_address_parse: " | |
50660 | + "s->sa_family=%d not supported.\n", | |
50661 | + s->sa_family); | |
50662 | + SENDERR(EPFNOSUPPORT); | |
50663 | + } | |
50664 | + | |
50665 | + if(pfkey_address->sadb_address_len != | |
50666 | + DIVUP(sizeof(struct sadb_address) + saddr_len, IPSEC_PFKEYv2_ALIGN)) { | |
50667 | + ERROR( | |
50668 | + "pfkey_address_parse: " | |
50669 | + "size wrong 2 ext_len=%d, adr_ext_len=%d, saddr_len=%d.\n", | |
50670 | + pfkey_address->sadb_address_len, | |
50671 | + (int)sizeof(struct sadb_address), | |
50672 | + saddr_len); | |
50673 | + SENDERR(EINVAL); | |
50674 | + } | |
50675 | + | |
50676 | + if(pfkey_address->sadb_address_prefixlen != 0) { | |
50677 | + ERROR( | |
50678 | + "pfkey_address_parse: " | |
50679 | + "address prefixes not supported yet.\n"); | |
50680 | + SENDERR(EAFNOSUPPORT); /* not supported yet */ | |
50681 | + } | |
50682 | + | |
50683 | + /* XXX check if port!=0 */ | |
50684 | + | |
50685 | + DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW, | |
50686 | + "pfkey_address_parse: successful.\n"); | |
50687 | + errlab: | |
50688 | + return error; | |
50689 | +} | |
50690 | + | |
50691 | +DEBUG_NO_STATIC int | |
50692 | +pfkey_key_parse(struct sadb_ext *pfkey_ext) | |
50693 | +{ | |
50694 | + int error = 0; | |
50695 | + struct sadb_key *pfkey_key = (struct sadb_key *)pfkey_ext; | |
50696 | + | |
50697 | + /* sanity checks... */ | |
50698 | + | |
50699 | + if(!pfkey_key) { | |
50700 | + ERROR( | |
50701 | + "pfkey_key_parse: " | |
50702 | + "NULL pointer passed in.\n"); | |
50703 | + SENDERR(EINVAL); | |
50704 | + } | |
50705 | + | |
50706 | + if(pfkey_key->sadb_key_len < sizeof(struct sadb_key) / IPSEC_PFKEYv2_ALIGN) { | |
50707 | + ERROR( | |
50708 | + "pfkey_key_parse: " | |
50709 | + "size wrong ext_len=%d, key_ext_len=%d.\n", | |
50710 | + pfkey_key->sadb_key_len, | |
50711 | + (int)sizeof(struct sadb_key)); | |
50712 | + SENDERR(EINVAL); | |
50713 | + } | |
50714 | + | |
50715 | + if(!pfkey_key->sadb_key_bits) { | |
50716 | + ERROR( | |
50717 | + "pfkey_key_parse: " | |
50718 | + "key length set to zero, must be non-zero.\n"); | |
50719 | + SENDERR(EINVAL); | |
50720 | + } | |
50721 | + | |
50722 | + if(pfkey_key->sadb_key_len != | |
50723 | + DIVUP(sizeof(struct sadb_key) * OCTETBITS + pfkey_key->sadb_key_bits, | |
50724 | + PFKEYBITS)) { | |
50725 | + ERROR( | |
50726 | + "pfkey_key_parse: " | |
50727 | + "key length=%d does not agree with extension length=%d.\n", | |
50728 | + pfkey_key->sadb_key_bits, | |
50729 | + pfkey_key->sadb_key_len); | |
50730 | + SENDERR(EINVAL); | |
50731 | + } | |
50732 | + | |
50733 | + if(pfkey_key->sadb_key_reserved) { | |
50734 | + ERROR( | |
50735 | + "pfkey_key_parse: " | |
50736 | + "res=%d, must be zero.\n", | |
50737 | + pfkey_key->sadb_key_reserved); | |
50738 | + SENDERR(EINVAL); | |
50739 | + } | |
50740 | + | |
50741 | + if(! ( (pfkey_key->sadb_key_exttype == SADB_EXT_KEY_AUTH) || | |
50742 | + (pfkey_key->sadb_key_exttype == SADB_EXT_KEY_ENCRYPT))) { | |
50743 | + ERROR( | |
50744 | + "pfkey_key_parse: " | |
50745 | + "expecting extension type AUTH or ENCRYPT, got %d.\n", | |
50746 | + pfkey_key->sadb_key_exttype); | |
50747 | + SENDERR(EINVAL); | |
50748 | + } | |
50749 | + | |
50750 | + DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT, | |
50751 | + "pfkey_key_parse: " | |
50752 | + "success, found len=%d exttype=%d(%s) bits=%d reserved=%d.\n", | |
50753 | + pfkey_key->sadb_key_len, | |
50754 | + pfkey_key->sadb_key_exttype, | |
50755 | + pfkey_v2_sadb_ext_string(pfkey_key->sadb_key_exttype), | |
50756 | + pfkey_key->sadb_key_bits, | |
50757 | + pfkey_key->sadb_key_reserved); | |
50758 | + | |
50759 | +errlab: | |
50760 | + return error; | |
50761 | +} | |
50762 | + | |
50763 | +DEBUG_NO_STATIC int | |
50764 | +pfkey_ident_parse(struct sadb_ext *pfkey_ext) | |
50765 | +{ | |
50766 | + int error = 0; | |
50767 | + struct sadb_ident *pfkey_ident = (struct sadb_ident *)pfkey_ext; | |
50768 | + | |
50769 | + /* sanity checks... */ | |
50770 | + if(pfkey_ident->sadb_ident_len < sizeof(struct sadb_ident) / IPSEC_PFKEYv2_ALIGN) { | |
50771 | + ERROR( | |
50772 | + "pfkey_ident_parse: " | |
50773 | + "size wrong ext_len=%d, key_ext_len=%d.\n", | |
50774 | + pfkey_ident->sadb_ident_len, | |
50775 | + (int)sizeof(struct sadb_ident)); | |
50776 | + SENDERR(EINVAL); | |
50777 | + } | |
50778 | + | |
50779 | + if(pfkey_ident->sadb_ident_type > SADB_IDENTTYPE_MAX) { | |
50780 | + ERROR( | |
50781 | + "pfkey_ident_parse: " | |
50782 | + "ident_type=%d out of range, must be less than %d.\n", | |
50783 | + pfkey_ident->sadb_ident_type, | |
50784 | + SADB_IDENTTYPE_MAX); | |
50785 | + SENDERR(EINVAL); | |
50786 | + } | |
50787 | + | |
50788 | + if(pfkey_ident->sadb_ident_reserved) { | |
50789 | + ERROR( | |
50790 | + "pfkey_ident_parse: " | |
50791 | + "res=%d, must be zero.\n", | |
50792 | + pfkey_ident->sadb_ident_reserved); | |
50793 | + SENDERR(EINVAL); | |
50794 | + } | |
50795 | + | |
50796 | + /* string terminator/padding must be zero */ | |
50797 | + if(pfkey_ident->sadb_ident_len > sizeof(struct sadb_ident) / IPSEC_PFKEYv2_ALIGN) { | |
50798 | + if(*((char*)pfkey_ident + pfkey_ident->sadb_ident_len * IPSEC_PFKEYv2_ALIGN - 1)) { | |
50799 | + ERROR( | |
50800 | + "pfkey_ident_parse: " | |
50801 | + "string padding must be zero, last is 0x%02x.\n", | |
50802 | + *((char*)pfkey_ident + | |
50803 | + pfkey_ident->sadb_ident_len * IPSEC_PFKEYv2_ALIGN - 1)); | |
50804 | + SENDERR(EINVAL); | |
50805 | + } | |
50806 | + } | |
50807 | + | |
50808 | + if( ! ((pfkey_ident->sadb_ident_exttype == SADB_EXT_IDENTITY_SRC) || | |
50809 | + (pfkey_ident->sadb_ident_exttype == SADB_EXT_IDENTITY_DST))) { | |
50810 | + ERROR( | |
50811 | + "pfkey_key_parse: " | |
50812 | + "expecting extension type IDENTITY_SRC or IDENTITY_DST, got %d.\n", | |
50813 | + pfkey_ident->sadb_ident_exttype); | |
50814 | + SENDERR(EINVAL); | |
50815 | + } | |
50816 | + | |
50817 | +errlab: | |
50818 | + return error; | |
50819 | +} | |
50820 | + | |
50821 | +DEBUG_NO_STATIC int | |
50822 | +pfkey_sens_parse(struct sadb_ext *pfkey_ext) | |
50823 | +{ | |
50824 | + int error = 0; | |
50825 | + struct sadb_sens *pfkey_sens = (struct sadb_sens *)pfkey_ext; | |
50826 | + | |
50827 | + /* sanity checks... */ | |
50828 | + if(pfkey_sens->sadb_sens_len < sizeof(struct sadb_sens) / IPSEC_PFKEYv2_ALIGN) { | |
50829 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
50830 | + "pfkey_sens_parse: " | |
50831 | + "size wrong ext_len=%d, key_ext_len=%d.\n", | |
50832 | + pfkey_sens->sadb_sens_len, | |
50833 | + (int)sizeof(struct sadb_sens)); | |
50834 | + SENDERR(EINVAL); | |
50835 | + } | |
50836 | + | |
50837 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
50838 | + "pfkey_sens_parse: " | |
50839 | + "Sorry, I can't parse exttype=%d yet.\n", | |
50840 | + pfkey_ext->sadb_ext_type); | |
50841 | +#if 0 | |
50842 | + SENDERR(EINVAL); /* don't process these yet */ | |
50843 | +#endif | |
50844 | + | |
50845 | +errlab: | |
50846 | + return error; | |
50847 | +} | |
50848 | + | |
50849 | +DEBUG_NO_STATIC int | |
50850 | +pfkey_prop_parse(struct sadb_ext *pfkey_ext) | |
50851 | +{ | |
50852 | + int error = 0; | |
50853 | + int i, num_comb; | |
50854 | + struct sadb_prop *pfkey_prop = (struct sadb_prop *)pfkey_ext; | |
50855 | + struct sadb_comb *pfkey_comb = (struct sadb_comb *)((char*)pfkey_ext + sizeof(struct sadb_prop)); | |
50856 | + | |
50857 | + /* sanity checks... */ | |
50858 | + if((pfkey_prop->sadb_prop_len < sizeof(struct sadb_prop) / IPSEC_PFKEYv2_ALIGN) || | |
50859 | + (((pfkey_prop->sadb_prop_len * IPSEC_PFKEYv2_ALIGN) - sizeof(struct sadb_prop)) % sizeof(struct sadb_comb))) { | |
50860 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
50861 | + "pfkey_prop_parse: " | |
50862 | + "size wrong ext_len=%d, prop_ext_len=%d comb_ext_len=%d.\n", | |
50863 | + pfkey_prop->sadb_prop_len, | |
50864 | + (int)sizeof(struct sadb_prop), | |
50865 | + (int)sizeof(struct sadb_comb)); | |
50866 | + SENDERR(EINVAL); | |
50867 | + } | |
50868 | + | |
50869 | + if(pfkey_prop->sadb_prop_replay > 64) { | |
50870 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
50871 | + "pfkey_prop_parse: " | |
50872 | + "replay window size: %d -- must be 0 <= size <= 64\n", | |
50873 | + pfkey_prop->sadb_prop_replay); | |
50874 | + SENDERR(EINVAL); | |
50875 | + } | |
50876 | + | |
50877 | + for(i=0; i<3; i++) { | |
50878 | + if(pfkey_prop->sadb_prop_reserved[i]) { | |
50879 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
50880 | + "pfkey_prop_parse: " | |
50881 | + "res[%d]=%d, must be zero.\n", | |
50882 | + i, pfkey_prop->sadb_prop_reserved[i]); | |
50883 | + SENDERR(EINVAL); | |
50884 | + } | |
50885 | + } | |
50886 | + | |
50887 | + num_comb = ((pfkey_prop->sadb_prop_len * IPSEC_PFKEYv2_ALIGN) - sizeof(struct sadb_prop)) / sizeof(struct sadb_comb); | |
50888 | + | |
50889 | + for(i = 0; i < num_comb; i++) { | |
50890 | + if(pfkey_comb->sadb_comb_auth > SADB_AALG_MAX) { | |
50891 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
50892 | + "pfkey_prop_parse: " | |
50893 | + "pfkey_comb[%d]->sadb_comb_auth=%d > SADB_AALG_MAX=%d.\n", | |
50894 | + i, | |
50895 | + pfkey_comb->sadb_comb_auth, | |
50896 | + SADB_AALG_MAX); | |
50897 | + SENDERR(EINVAL); | |
50898 | + } | |
50899 | + | |
50900 | + if(pfkey_comb->sadb_comb_auth) { | |
50901 | + if(!pfkey_comb->sadb_comb_auth_minbits) { | |
50902 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
50903 | + "pfkey_prop_parse: " | |
50904 | + "pfkey_comb[%d]->sadb_comb_auth_minbits=0, fatal.\n", | |
50905 | + i); | |
50906 | + SENDERR(EINVAL); | |
50907 | + } | |
50908 | + if(!pfkey_comb->sadb_comb_auth_maxbits) { | |
50909 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
50910 | + "pfkey_prop_parse: " | |
50911 | + "pfkey_comb[%d]->sadb_comb_auth_maxbits=0, fatal.\n", | |
50912 | + i); | |
50913 | + SENDERR(EINVAL); | |
50914 | + } | |
50915 | + if(pfkey_comb->sadb_comb_auth_minbits > pfkey_comb->sadb_comb_auth_maxbits) { | |
50916 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
50917 | + "pfkey_prop_parse: " | |
50918 | + "pfkey_comb[%d]->sadb_comb_auth_minbits=%d > maxbits=%d, fatal.\n", | |
50919 | + i, | |
50920 | + pfkey_comb->sadb_comb_auth_minbits, | |
50921 | + pfkey_comb->sadb_comb_auth_maxbits); | |
50922 | + SENDERR(EINVAL); | |
50923 | + } | |
50924 | + } else { | |
50925 | + if(pfkey_comb->sadb_comb_auth_minbits) { | |
50926 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
50927 | + "pfkey_prop_parse: " | |
50928 | + "pfkey_comb[%d]->sadb_comb_auth_minbits=%d != 0, fatal.\n", | |
50929 | + i, | |
50930 | + pfkey_comb->sadb_comb_auth_minbits); | |
50931 | + SENDERR(EINVAL); | |
50932 | + } | |
50933 | + if(pfkey_comb->sadb_comb_auth_maxbits) { | |
50934 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
50935 | + "pfkey_prop_parse: " | |
50936 | + "pfkey_comb[%d]->sadb_comb_auth_maxbits=%d != 0, fatal.\n", | |
50937 | + i, | |
50938 | + pfkey_comb->sadb_comb_auth_maxbits); | |
50939 | + SENDERR(EINVAL); | |
50940 | + } | |
50941 | + } | |
50942 | + | |
50943 | +#if SADB_EALG_MAX < 255 | |
50944 | + if(pfkey_comb->sadb_comb_encrypt > SADB_EALG_MAX) { | |
50945 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
50946 | + "pfkey_comb_parse: " | |
50947 | + "pfkey_comb[%d]->sadb_comb_encrypt=%d > SADB_EALG_MAX=%d.\n", | |
50948 | + i, | |
50949 | + pfkey_comb->sadb_comb_encrypt, | |
50950 | + SADB_EALG_MAX); | |
50951 | + SENDERR(EINVAL); | |
50952 | + } | |
50953 | +#endif | |
50954 | + | |
50955 | + if(pfkey_comb->sadb_comb_encrypt) { | |
50956 | + if(!pfkey_comb->sadb_comb_encrypt_minbits) { | |
50957 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
50958 | + "pfkey_prop_parse: " | |
50959 | + "pfkey_comb[%d]->sadb_comb_encrypt_minbits=0, fatal.\n", | |
50960 | + i); | |
50961 | + SENDERR(EINVAL); | |
50962 | + } | |
50963 | + if(!pfkey_comb->sadb_comb_encrypt_maxbits) { | |
50964 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
50965 | + "pfkey_prop_parse: " | |
50966 | + "pfkey_comb[%d]->sadb_comb_encrypt_maxbits=0, fatal.\n", | |
50967 | + i); | |
50968 | + SENDERR(EINVAL); | |
50969 | + } | |
50970 | + if(pfkey_comb->sadb_comb_encrypt_minbits > pfkey_comb->sadb_comb_encrypt_maxbits) { | |
50971 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
50972 | + "pfkey_prop_parse: " | |
50973 | + "pfkey_comb[%d]->sadb_comb_encrypt_minbits=%d > maxbits=%d, fatal.\n", | |
50974 | + i, | |
50975 | + pfkey_comb->sadb_comb_encrypt_minbits, | |
50976 | + pfkey_comb->sadb_comb_encrypt_maxbits); | |
50977 | + SENDERR(EINVAL); | |
50978 | + } | |
50979 | + } else { | |
50980 | + if(pfkey_comb->sadb_comb_encrypt_minbits) { | |
50981 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
50982 | + "pfkey_prop_parse: " | |
50983 | + "pfkey_comb[%d]->sadb_comb_encrypt_minbits=%d != 0, fatal.\n", | |
50984 | + i, | |
50985 | + pfkey_comb->sadb_comb_encrypt_minbits); | |
50986 | + SENDERR(EINVAL); | |
50987 | + } | |
50988 | + if(pfkey_comb->sadb_comb_encrypt_maxbits) { | |
50989 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
50990 | + "pfkey_prop_parse: " | |
50991 | + "pfkey_comb[%d]->sadb_comb_encrypt_maxbits=%d != 0, fatal.\n", | |
50992 | + i, | |
50993 | + pfkey_comb->sadb_comb_encrypt_maxbits); | |
50994 | + SENDERR(EINVAL); | |
50995 | + } | |
50996 | + } | |
50997 | + | |
50998 | + /* XXX do sanity check on flags */ | |
50999 | + | |
51000 | + if(pfkey_comb->sadb_comb_hard_allocations && pfkey_comb->sadb_comb_soft_allocations > pfkey_comb->sadb_comb_hard_allocations) { | |
51001 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
51002 | + "pfkey_prop_parse: " | |
51003 | + "pfkey_comb[%d]->sadb_comb_soft_allocations=%d > hard_allocations=%d, fatal.\n", | |
51004 | + i, | |
51005 | + pfkey_comb->sadb_comb_soft_allocations, | |
51006 | + pfkey_comb->sadb_comb_hard_allocations); | |
51007 | + SENDERR(EINVAL); | |
51008 | + } | |
51009 | + | |
51010 | + if(pfkey_comb->sadb_comb_hard_bytes && pfkey_comb->sadb_comb_soft_bytes > pfkey_comb->sadb_comb_hard_bytes) { | |
51011 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
51012 | + "pfkey_prop_parse: " | |
51013 | + "pfkey_comb[%d]->sadb_comb_soft_bytes=%Ld > hard_bytes=%Ld, fatal.\n", | |
51014 | + i, | |
51015 | + (unsigned long long int)pfkey_comb->sadb_comb_soft_bytes, | |
51016 | + (unsigned long long int)pfkey_comb->sadb_comb_hard_bytes); | |
51017 | + SENDERR(EINVAL); | |
51018 | + } | |
51019 | + | |
51020 | + if(pfkey_comb->sadb_comb_hard_addtime && pfkey_comb->sadb_comb_soft_addtime > pfkey_comb->sadb_comb_hard_addtime) { | |
51021 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
51022 | + "pfkey_prop_parse: " | |
51023 | + "pfkey_comb[%d]->sadb_comb_soft_addtime=%Ld > hard_addtime=%Ld, fatal.\n", | |
51024 | + i, | |
51025 | + (unsigned long long int)pfkey_comb->sadb_comb_soft_addtime, | |
51026 | + (unsigned long long int)pfkey_comb->sadb_comb_hard_addtime); | |
51027 | + SENDERR(EINVAL); | |
51028 | + } | |
51029 | + | |
51030 | + if(pfkey_comb->sadb_comb_hard_usetime && pfkey_comb->sadb_comb_soft_usetime > pfkey_comb->sadb_comb_hard_usetime) { | |
51031 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
51032 | + "pfkey_prop_parse: " | |
51033 | + "pfkey_comb[%d]->sadb_comb_soft_usetime=%Ld > hard_usetime=%Ld, fatal.\n", | |
51034 | + i, | |
51035 | + (unsigned long long int)pfkey_comb->sadb_comb_soft_usetime, | |
51036 | + (unsigned long long int)pfkey_comb->sadb_comb_hard_usetime); | |
51037 | + SENDERR(EINVAL); | |
51038 | + } | |
51039 | + | |
51040 | + if(pfkey_comb->sadb_x_comb_hard_packets && pfkey_comb->sadb_x_comb_soft_packets > pfkey_comb->sadb_x_comb_hard_packets) { | |
51041 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
51042 | + "pfkey_prop_parse: " | |
51043 | + "pfkey_comb[%d]->sadb_x_comb_soft_packets=%d > hard_packets=%d, fatal.\n", | |
51044 | + i, | |
51045 | + pfkey_comb->sadb_x_comb_soft_packets, | |
51046 | + pfkey_comb->sadb_x_comb_hard_packets); | |
51047 | + SENDERR(EINVAL); | |
51048 | + } | |
51049 | + | |
51050 | + if(pfkey_comb->sadb_comb_reserved) { | |
51051 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
51052 | + "pfkey_prop_parse: " | |
51053 | + "comb[%d].res=%d, must be zero.\n", | |
51054 | + i, | |
51055 | + pfkey_comb->sadb_comb_reserved); | |
51056 | + SENDERR(EINVAL); | |
51057 | + } | |
51058 | + pfkey_comb++; | |
51059 | + } | |
51060 | + | |
51061 | +errlab: | |
51062 | + return error; | |
51063 | +} | |
51064 | + | |
51065 | +DEBUG_NO_STATIC int | |
51066 | +pfkey_supported_parse(struct sadb_ext *pfkey_ext) | |
51067 | +{ | |
51068 | + int error = 0; | |
51069 | + unsigned int i, num_alg; | |
51070 | + struct sadb_supported *pfkey_supported = (struct sadb_supported *)pfkey_ext; | |
51071 | + struct sadb_alg *pfkey_alg = (struct sadb_alg*)((char*)pfkey_ext + sizeof(struct sadb_supported)); | |
51072 | + | |
51073 | + /* sanity checks... */ | |
51074 | + if((pfkey_supported->sadb_supported_len < | |
51075 | + sizeof(struct sadb_supported) / IPSEC_PFKEYv2_ALIGN) || | |
51076 | + (((pfkey_supported->sadb_supported_len * IPSEC_PFKEYv2_ALIGN) - | |
51077 | + sizeof(struct sadb_supported)) % sizeof(struct sadb_alg))) { | |
51078 | + | |
51079 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
51080 | + "pfkey_supported_parse: " | |
51081 | + "size wrong ext_len=%d, supported_ext_len=%d alg_ext_len=%d.\n", | |
51082 | + pfkey_supported->sadb_supported_len, | |
51083 | + (int)sizeof(struct sadb_supported), | |
51084 | + (int)sizeof(struct sadb_alg)); | |
51085 | + SENDERR(EINVAL); | |
51086 | + } | |
51087 | + | |
51088 | + if(pfkey_supported->sadb_supported_reserved) { | |
51089 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
51090 | + "pfkey_supported_parse: " | |
51091 | + "res=%d, must be zero.\n", | |
51092 | + pfkey_supported->sadb_supported_reserved); | |
51093 | + SENDERR(EINVAL); | |
51094 | + } | |
51095 | + | |
51096 | + num_alg = ((pfkey_supported->sadb_supported_len * IPSEC_PFKEYv2_ALIGN) - sizeof(struct sadb_supported)) / sizeof(struct sadb_alg); | |
51097 | + | |
51098 | + for(i = 0; i < num_alg; i++) { | |
51099 | + /* process algo description */ | |
51100 | + if(pfkey_alg->sadb_alg_reserved) { | |
51101 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
51102 | + "pfkey_supported_parse: " | |
51103 | + "alg[%d], id=%d, ivlen=%d, minbits=%d, maxbits=%d, res=%d, must be zero.\n", | |
51104 | + i, | |
51105 | + pfkey_alg->sadb_alg_id, | |
51106 | + pfkey_alg->sadb_alg_ivlen, | |
51107 | + pfkey_alg->sadb_alg_minbits, | |
51108 | + pfkey_alg->sadb_alg_maxbits, | |
51109 | + pfkey_alg->sadb_alg_reserved); | |
51110 | + SENDERR(EINVAL); | |
51111 | + } | |
51112 | + | |
51113 | + /* XXX can alg_id auth/enc be determined from info given? | |
51114 | + Yes, but OpenBSD's method does not iteroperate with rfc2367. | |
51115 | + rgb, 2000-04-06 */ | |
51116 | + | |
51117 | + switch(pfkey_supported->sadb_supported_exttype) { | |
51118 | + case SADB_EXT_SUPPORTED_AUTH: | |
51119 | + if(pfkey_alg->sadb_alg_id > SADB_AALG_MAX) { | |
51120 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
51121 | + "pfkey_supported_parse: " | |
51122 | + "alg[%d], alg_id=%d > SADB_AALG_MAX=%d, fatal.\n", | |
51123 | + i, | |
51124 | + pfkey_alg->sadb_alg_id, | |
51125 | + SADB_AALG_MAX); | |
51126 | + SENDERR(EINVAL); | |
51127 | + } | |
51128 | + break; | |
51129 | + case SADB_EXT_SUPPORTED_ENCRYPT: | |
51130 | +#if SADB_EALG_MAX < 255 | |
51131 | + if(pfkey_alg->sadb_alg_id > SADB_EALG_MAX) { | |
51132 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
51133 | + "pfkey_supported_parse: " | |
51134 | + "alg[%d], alg_id=%d > SADB_EALG_MAX=%d, fatal.\n", | |
51135 | + i, | |
51136 | + pfkey_alg->sadb_alg_id, | |
51137 | + SADB_EALG_MAX); | |
51138 | + SENDERR(EINVAL); | |
51139 | + } | |
51140 | +#endif | |
51141 | + break; | |
51142 | + default: | |
51143 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
51144 | + "pfkey_supported_parse: " | |
51145 | + "alg[%d], alg_id=%d > SADB_EALG_MAX=%d, fatal.\n", | |
51146 | + i, | |
51147 | + pfkey_alg->sadb_alg_id, | |
51148 | + SADB_EALG_MAX); | |
51149 | + SENDERR(EINVAL); | |
51150 | + } | |
51151 | + pfkey_alg++; | |
51152 | + } | |
51153 | + | |
51154 | + errlab: | |
51155 | + return error; | |
51156 | +} | |
51157 | + | |
51158 | +DEBUG_NO_STATIC int | |
51159 | +pfkey_spirange_parse(struct sadb_ext *pfkey_ext) | |
51160 | +{ | |
51161 | + int error = 0; | |
51162 | + struct sadb_spirange *pfkey_spirange = (struct sadb_spirange *)pfkey_ext; | |
51163 | + | |
51164 | + /* sanity checks... */ | |
51165 | + if(pfkey_spirange->sadb_spirange_len != | |
51166 | + sizeof(struct sadb_spirange) / IPSEC_PFKEYv2_ALIGN) { | |
51167 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
51168 | + "pfkey_spirange_parse: " | |
51169 | + "size wrong ext_len=%d, key_ext_len=%d.\n", | |
51170 | + pfkey_spirange->sadb_spirange_len, | |
51171 | + (int)sizeof(struct sadb_spirange)); | |
51172 | + SENDERR(EINVAL); | |
51173 | + } | |
51174 | + | |
51175 | + if(pfkey_spirange->sadb_spirange_reserved) { | |
51176 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
51177 | + "pfkey_spirange_parse: " | |
51178 | + "reserved=%d must be set to zero.\n", | |
51179 | + pfkey_spirange->sadb_spirange_reserved); | |
51180 | + SENDERR(EINVAL); | |
51181 | + } | |
51182 | + | |
51183 | + if(ntohl(pfkey_spirange->sadb_spirange_max) < ntohl(pfkey_spirange->sadb_spirange_min)) { | |
51184 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
51185 | + "pfkey_spirange_parse: " | |
51186 | + "minspi=%08x must be < maxspi=%08x.\n", | |
51187 | + ntohl(pfkey_spirange->sadb_spirange_min), | |
51188 | + ntohl(pfkey_spirange->sadb_spirange_max)); | |
51189 | + SENDERR(EINVAL); | |
51190 | + } | |
51191 | + | |
51192 | + if(ntohl(pfkey_spirange->sadb_spirange_min) <= 255) { | |
51193 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
51194 | + "pfkey_spirange_parse: " | |
51195 | + "minspi=%08x must be > 255.\n", | |
51196 | + ntohl(pfkey_spirange->sadb_spirange_min)); | |
51197 | + SENDERR(EEXIST); | |
51198 | + } | |
51199 | + | |
51200 | + DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT, | |
51201 | + "pfkey_spirange_parse: " | |
51202 | + "ext_len=%u ext_type=%u(%s) min=%u max=%u res=%u.\n", | |
51203 | + pfkey_spirange->sadb_spirange_len, | |
51204 | + pfkey_spirange->sadb_spirange_exttype, | |
51205 | + pfkey_v2_sadb_ext_string(pfkey_spirange->sadb_spirange_exttype), | |
51206 | + pfkey_spirange->sadb_spirange_min, | |
51207 | + pfkey_spirange->sadb_spirange_max, | |
51208 | + pfkey_spirange->sadb_spirange_reserved); | |
51209 | + errlab: | |
51210 | + return error; | |
51211 | +} | |
51212 | + | |
51213 | +DEBUG_NO_STATIC int | |
51214 | +pfkey_x_kmprivate_parse(struct sadb_ext *pfkey_ext) | |
51215 | +{ | |
51216 | + int error = 0; | |
51217 | + struct sadb_x_kmprivate *pfkey_x_kmprivate = (struct sadb_x_kmprivate *)pfkey_ext; | |
51218 | + | |
51219 | + /* sanity checks... */ | |
51220 | + if(pfkey_x_kmprivate->sadb_x_kmprivate_len < | |
51221 | + sizeof(struct sadb_x_kmprivate) / IPSEC_PFKEYv2_ALIGN) { | |
51222 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
51223 | + "pfkey_x_kmprivate_parse: " | |
51224 | + "size wrong ext_len=%d, key_ext_len=%d.\n", | |
51225 | + pfkey_x_kmprivate->sadb_x_kmprivate_len, | |
51226 | + (int)sizeof(struct sadb_x_kmprivate)); | |
51227 | + SENDERR(EINVAL); | |
51228 | + } | |
51229 | + | |
51230 | + if(pfkey_x_kmprivate->sadb_x_kmprivate_reserved) { | |
51231 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
51232 | + "pfkey_x_kmprivate_parse: " | |
51233 | + "reserved=%d must be set to zero.\n", | |
51234 | + pfkey_x_kmprivate->sadb_x_kmprivate_reserved); | |
51235 | + SENDERR(EINVAL); | |
51236 | + } | |
51237 | + | |
51238 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
51239 | + "pfkey_x_kmprivate_parse: " | |
51240 | + "Sorry, I can't parse exttype=%d yet.\n", | |
51241 | + pfkey_ext->sadb_ext_type); | |
51242 | + SENDERR(EINVAL); /* don't process these yet */ | |
51243 | + | |
51244 | +errlab: | |
51245 | + return error; | |
51246 | +} | |
51247 | + | |
51248 | +DEBUG_NO_STATIC int | |
51249 | +pfkey_x_satype_parse(struct sadb_ext *pfkey_ext) | |
51250 | +{ | |
51251 | + int error = 0; | |
51252 | + int i; | |
51253 | + struct sadb_x_satype *pfkey_x_satype = (struct sadb_x_satype *)pfkey_ext; | |
51254 | + | |
51255 | + DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW, | |
51256 | + "pfkey_x_satype_parse: enter\n"); | |
51257 | + /* sanity checks... */ | |
51258 | + if(pfkey_x_satype->sadb_x_satype_len != | |
51259 | + sizeof(struct sadb_x_satype) / IPSEC_PFKEYv2_ALIGN) { | |
51260 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
51261 | + "pfkey_x_satype_parse: " | |
51262 | + "size wrong ext_len=%d, key_ext_len=%d.\n", | |
51263 | + pfkey_x_satype->sadb_x_satype_len, | |
51264 | + (int)sizeof(struct sadb_x_satype)); | |
51265 | + SENDERR(EINVAL); | |
51266 | + } | |
51267 | + | |
51268 | + if(!pfkey_x_satype->sadb_x_satype_satype) { | |
51269 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
51270 | + "pfkey_x_satype_parse: " | |
51271 | + "satype is zero, must be non-zero.\n"); | |
51272 | + SENDERR(EINVAL); | |
51273 | + } | |
51274 | + | |
51275 | + if(pfkey_x_satype->sadb_x_satype_satype > SADB_SATYPE_MAX) { | |
51276 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
51277 | + "pfkey_x_satype_parse: " | |
51278 | + "satype %d > max %d, invalid.\n", | |
51279 | + pfkey_x_satype->sadb_x_satype_satype, SADB_SATYPE_MAX); | |
51280 | + SENDERR(EINVAL); | |
51281 | + } | |
51282 | + | |
51283 | + if(!(satype2proto(pfkey_x_satype->sadb_x_satype_satype))) { | |
51284 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
51285 | + "pfkey_x_satype_parse: " | |
51286 | + "proto lookup from satype=%d failed.\n", | |
51287 | + pfkey_x_satype->sadb_x_satype_satype); | |
51288 | + SENDERR(EINVAL); | |
51289 | + } | |
51290 | + | |
51291 | + for(i = 0; i < 3; i++) { | |
51292 | + if(pfkey_x_satype->sadb_x_satype_reserved[i]) { | |
51293 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
51294 | + "pfkey_x_satype_parse: " | |
51295 | + "reserved[%d]=%d must be set to zero.\n", | |
51296 | + i, pfkey_x_satype->sadb_x_satype_reserved[i]); | |
51297 | + SENDERR(EINVAL); | |
51298 | + } | |
51299 | + } | |
51300 | + | |
51301 | + DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT, | |
51302 | + "pfkey_x_satype_parse: " | |
51303 | + "len=%u ext=%u(%s) satype=%u(%s) res=%u,%u,%u.\n", | |
51304 | + pfkey_x_satype->sadb_x_satype_len, | |
51305 | + pfkey_x_satype->sadb_x_satype_exttype, | |
51306 | + pfkey_v2_sadb_ext_string(pfkey_x_satype->sadb_x_satype_exttype), | |
51307 | + pfkey_x_satype->sadb_x_satype_satype, | |
51308 | + satype2name(pfkey_x_satype->sadb_x_satype_satype), | |
51309 | + pfkey_x_satype->sadb_x_satype_reserved[0], | |
51310 | + pfkey_x_satype->sadb_x_satype_reserved[1], | |
51311 | + pfkey_x_satype->sadb_x_satype_reserved[2]); | |
51312 | +errlab: | |
51313 | + return error; | |
51314 | +} | |
51315 | + | |
51316 | +DEBUG_NO_STATIC int | |
51317 | +pfkey_x_ext_debug_parse(struct sadb_ext *pfkey_ext) | |
51318 | +{ | |
51319 | + int error = 0; | |
51320 | + int i; | |
51321 | + struct sadb_x_debug *pfkey_x_debug = (struct sadb_x_debug *)pfkey_ext; | |
51322 | + | |
51323 | + DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW, | |
51324 | + "pfkey_x_debug_parse: enter\n"); | |
51325 | + /* sanity checks... */ | |
51326 | + if(pfkey_x_debug->sadb_x_debug_len != | |
51327 | + sizeof(struct sadb_x_debug) / IPSEC_PFKEYv2_ALIGN) { | |
51328 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
51329 | + "pfkey_x_debug_parse: " | |
51330 | + "size wrong ext_len=%d, key_ext_len=%d.\n", | |
51331 | + pfkey_x_debug->sadb_x_debug_len, | |
51332 | + (int)sizeof(struct sadb_x_debug)); | |
51333 | + SENDERR(EINVAL); | |
51334 | + } | |
51335 | + | |
51336 | + for(i = 0; i < 4; i++) { | |
51337 | + if(pfkey_x_debug->sadb_x_debug_reserved[i]) { | |
51338 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
51339 | + "pfkey_x_debug_parse: " | |
51340 | + "reserved[%d]=%d must be set to zero.\n", | |
51341 | + i, pfkey_x_debug->sadb_x_debug_reserved[i]); | |
51342 | + SENDERR(EINVAL); | |
51343 | + } | |
51344 | + } | |
51345 | + | |
51346 | +errlab: | |
51347 | + return error; | |
51348 | +} | |
51349 | + | |
51350 | +DEBUG_NO_STATIC int | |
51351 | +pfkey_x_ext_protocol_parse(struct sadb_ext *pfkey_ext) | |
51352 | +{ | |
51353 | + int error = 0; | |
51354 | + struct sadb_protocol *p = (struct sadb_protocol *)pfkey_ext; | |
51355 | + | |
51356 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, "pfkey_x_protocol_parse:\n"); | |
51357 | + /* sanity checks... */ | |
51358 | + | |
51359 | + if (p->sadb_protocol_len != sizeof(*p)/IPSEC_PFKEYv2_ALIGN) { | |
51360 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
51361 | + "pfkey_x_protocol_parse: size wrong ext_len=%d, key_ext_len=%d.\n", | |
51362 | + p->sadb_protocol_len, (int)sizeof(*p)); | |
51363 | + SENDERR(EINVAL); | |
51364 | + } | |
51365 | + | |
51366 | + if (p->sadb_protocol_reserved2 != 0) { | |
51367 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
51368 | + "pfkey_protocol_parse: res=%d, must be zero.\n", | |
51369 | + p->sadb_protocol_reserved2); | |
51370 | + SENDERR(EINVAL); | |
51371 | + } | |
51372 | + | |
51373 | + errlab: | |
51374 | + return error; | |
51375 | +} | |
51376 | + | |
51377 | +#ifdef NAT_TRAVERSAL | |
51378 | +DEBUG_NO_STATIC int | |
51379 | +pfkey_x_ext_nat_t_type_parse(struct sadb_ext *pfkey_ext) | |
51380 | +{ | |
51381 | + return 0; | |
51382 | +} | |
51383 | +DEBUG_NO_STATIC int | |
51384 | +pfkey_x_ext_nat_t_port_parse(struct sadb_ext *pfkey_ext) | |
51385 | +{ | |
51386 | + return 0; | |
51387 | +} | |
51388 | +#endif | |
51389 | + | |
51390 | +#define DEFINEPARSER(NAME) static struct pf_key_ext_parsers_def NAME##_def={NAME, #NAME}; | |
51391 | + | |
51392 | +DEFINEPARSER(pfkey_sa_parse); | |
51393 | +DEFINEPARSER(pfkey_lifetime_parse); | |
51394 | +DEFINEPARSER(pfkey_address_parse); | |
51395 | +DEFINEPARSER(pfkey_key_parse); | |
51396 | +DEFINEPARSER(pfkey_ident_parse); | |
51397 | +DEFINEPARSER(pfkey_sens_parse); | |
51398 | +DEFINEPARSER(pfkey_prop_parse); | |
51399 | +DEFINEPARSER(pfkey_supported_parse); | |
51400 | +DEFINEPARSER(pfkey_spirange_parse); | |
51401 | +DEFINEPARSER(pfkey_x_kmprivate_parse); | |
51402 | +DEFINEPARSER(pfkey_x_satype_parse); | |
51403 | +DEFINEPARSER(pfkey_x_ext_debug_parse); | |
51404 | +DEFINEPARSER(pfkey_x_ext_protocol_parse); | |
51405 | +#ifdef NAT_TRAVERSAL | |
51406 | +DEFINEPARSER(pfkey_x_ext_nat_t_type_parse); | |
51407 | +DEFINEPARSER(pfkey_x_ext_nat_t_port_parse); | |
51408 | +#endif | |
51409 | + | |
51410 | +struct pf_key_ext_parsers_def *ext_default_parsers[]= | |
51411 | +{ | |
51412 | + NULL, /* pfkey_msg_parse, */ | |
51413 | + &pfkey_sa_parse_def, | |
51414 | + &pfkey_lifetime_parse_def, | |
51415 | + &pfkey_lifetime_parse_def, | |
51416 | + &pfkey_lifetime_parse_def, | |
51417 | + &pfkey_address_parse_def, | |
51418 | + &pfkey_address_parse_def, | |
51419 | + &pfkey_address_parse_def, | |
51420 | + &pfkey_key_parse_def, | |
51421 | + &pfkey_key_parse_def, | |
51422 | + &pfkey_ident_parse_def, | |
51423 | + &pfkey_ident_parse_def, | |
51424 | + &pfkey_sens_parse_def, | |
51425 | + &pfkey_prop_parse_def, | |
51426 | + &pfkey_supported_parse_def, | |
51427 | + &pfkey_supported_parse_def, | |
51428 | + &pfkey_spirange_parse_def, | |
51429 | + &pfkey_x_kmprivate_parse_def, | |
51430 | + &pfkey_x_satype_parse_def, | |
51431 | + &pfkey_sa_parse_def, | |
51432 | + &pfkey_address_parse_def, | |
51433 | + &pfkey_address_parse_def, | |
51434 | + &pfkey_address_parse_def, | |
51435 | + &pfkey_address_parse_def, | |
51436 | + &pfkey_address_parse_def, | |
51437 | + &pfkey_x_ext_debug_parse_def, | |
51438 | + &pfkey_x_ext_protocol_parse_def | |
51439 | +#ifdef NAT_TRAVERSAL | |
51440 | + , | |
51441 | + &pfkey_x_ext_nat_t_type_parse_def, | |
51442 | + &pfkey_x_ext_nat_t_port_parse_def, | |
51443 | + &pfkey_x_ext_nat_t_port_parse_def, | |
51444 | + &pfkey_address_parse_def | |
51445 | +#endif | |
51446 | +}; | |
51447 | + | |
51448 | +int | |
51449 | +pfkey_msg_parse(struct sadb_msg *pfkey_msg, | |
51450 | + struct pf_key_ext_parsers_def *ext_parsers[], | |
51451 | + struct sadb_ext *extensions[], | |
51452 | + int dir) | |
51453 | +{ | |
51454 | + int error = 0; | |
51455 | + int remain; | |
51456 | + struct sadb_ext *pfkey_ext; | |
51457 | + int extensions_seen = 0; | |
51458 | + | |
51459 | + DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT, | |
51460 | + "pfkey_msg_parse: " | |
51461 | + "parsing message ver=%d, type=%d(%s), errno=%d, satype=%d(%s), len=%d, res=%d, seq=%d, pid=%d.\n", | |
51462 | + pfkey_msg->sadb_msg_version, | |
51463 | + pfkey_msg->sadb_msg_type, | |
51464 | + pfkey_v2_sadb_type_string(pfkey_msg->sadb_msg_type), | |
51465 | + pfkey_msg->sadb_msg_errno, | |
51466 | + pfkey_msg->sadb_msg_satype, | |
51467 | + satype2name(pfkey_msg->sadb_msg_satype), | |
51468 | + pfkey_msg->sadb_msg_len, | |
51469 | + pfkey_msg->sadb_msg_reserved, | |
51470 | + pfkey_msg->sadb_msg_seq, | |
51471 | + pfkey_msg->sadb_msg_pid); | |
51472 | + | |
51473 | + if(ext_parsers == NULL) ext_parsers = ext_default_parsers; | |
51474 | + | |
51475 | + pfkey_extensions_init(extensions); | |
51476 | + | |
51477 | + remain = pfkey_msg->sadb_msg_len; | |
51478 | + remain -= sizeof(struct sadb_msg) / IPSEC_PFKEYv2_ALIGN; | |
51479 | + | |
51480 | + pfkey_ext = (struct sadb_ext*)((char*)pfkey_msg + | |
51481 | + sizeof(struct sadb_msg)); | |
51482 | + | |
51483 | + extensions[0] = (struct sadb_ext *) pfkey_msg; | |
51484 | + | |
51485 | + | |
51486 | + if(pfkey_msg->sadb_msg_version != PF_KEY_V2) { | |
51487 | + ERROR("pfkey_msg_parse: " | |
51488 | + "not PF_KEY_V2 msg, found %d, should be %d.\n", | |
51489 | + pfkey_msg->sadb_msg_version, | |
51490 | + PF_KEY_V2); | |
51491 | + SENDERR(EINVAL); | |
51492 | + } | |
51493 | + | |
51494 | + if(!pfkey_msg->sadb_msg_type) { | |
51495 | + ERROR("pfkey_msg_parse: " | |
51496 | + "msg type not set, must be non-zero..\n"); | |
51497 | + SENDERR(EINVAL); | |
51498 | + } | |
51499 | + | |
51500 | + if(pfkey_msg->sadb_msg_type > SADB_MAX) { | |
51501 | + ERROR("pfkey_msg_parse: " | |
51502 | + "msg type=%d > max=%d.\n", | |
51503 | + pfkey_msg->sadb_msg_type, | |
51504 | + SADB_MAX); | |
51505 | + SENDERR(EINVAL); | |
51506 | + } | |
51507 | + | |
51508 | + switch(pfkey_msg->sadb_msg_type) { | |
51509 | + case SADB_GETSPI: | |
51510 | + case SADB_UPDATE: | |
51511 | + case SADB_ADD: | |
51512 | + case SADB_DELETE: | |
51513 | + case SADB_GET: | |
51514 | + case SADB_X_GRPSA: | |
51515 | + case SADB_X_ADDFLOW: | |
51516 | + if(!satype2proto(pfkey_msg->sadb_msg_satype)) { | |
51517 | + ERROR("pfkey_msg_parse: " | |
51518 | + "satype %d conversion to proto failed for msg_type %d (%s).\n", | |
51519 | + pfkey_msg->sadb_msg_satype, | |
51520 | + pfkey_msg->sadb_msg_type, | |
51521 | + pfkey_v2_sadb_type_string(pfkey_msg->sadb_msg_type)); | |
51522 | + SENDERR(EINVAL); | |
51523 | + } else { | |
51524 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
51525 | + "pfkey_msg_parse: " | |
51526 | + "satype %d(%s) conversion to proto gives %d for msg_type %d(%s).\n", | |
51527 | + pfkey_msg->sadb_msg_satype, | |
51528 | + satype2name(pfkey_msg->sadb_msg_satype), | |
51529 | + satype2proto(pfkey_msg->sadb_msg_satype), | |
51530 | + pfkey_msg->sadb_msg_type, | |
51531 | + pfkey_v2_sadb_type_string(pfkey_msg->sadb_msg_type)); | |
51532 | + } | |
51533 | + case SADB_ACQUIRE: | |
51534 | + case SADB_REGISTER: | |
51535 | + case SADB_EXPIRE: | |
51536 | + if(!pfkey_msg->sadb_msg_satype) { | |
51537 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
51538 | + "pfkey_msg_parse: " | |
51539 | + "satype is zero, must be non-zero for msg_type %d(%s).\n", | |
51540 | + pfkey_msg->sadb_msg_type, | |
51541 | + pfkey_v2_sadb_type_string(pfkey_msg->sadb_msg_type)); | |
51542 | + SENDERR(EINVAL); | |
51543 | + } | |
51544 | + default: | |
51545 | + break; | |
51546 | + } | |
51547 | + | |
51548 | + /* errno must not be set in downward messages */ | |
51549 | + /* this is not entirely true... a response to an ACQUIRE could return an error */ | |
51550 | + if((dir == EXT_BITS_IN) && (pfkey_msg->sadb_msg_type != SADB_ACQUIRE) && pfkey_msg->sadb_msg_errno) { | |
51551 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
51552 | + "pfkey_msg_parse: " | |
51553 | + "errno set to %d.\n", | |
51554 | + pfkey_msg->sadb_msg_errno); | |
51555 | + SENDERR(EINVAL); | |
51556 | + } | |
51557 | + | |
51558 | + DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW, | |
51559 | + "pfkey_msg_parse: " | |
51560 | + "remain=%d\n", | |
51561 | + remain | |
51562 | + ); | |
51563 | + | |
51564 | + DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW, | |
51565 | + "pfkey_msg_parse: " | |
51566 | + "extensions permitted=%08x, required=%08x.\n", | |
51567 | + extensions_bitmaps[dir][EXT_BITS_PERM][pfkey_msg->sadb_msg_type], | |
51568 | + extensions_bitmaps[dir][EXT_BITS_REQ][pfkey_msg->sadb_msg_type]); | |
51569 | + | |
51570 | + extensions_seen = 1; | |
51571 | + | |
51572 | + while( (remain * IPSEC_PFKEYv2_ALIGN) >= sizeof(struct sadb_ext) ) { | |
51573 | + /* Is there enough message left to support another extension header? */ | |
51574 | + if(remain < pfkey_ext->sadb_ext_len) { | |
51575 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
51576 | + "pfkey_msg_parse: " | |
51577 | + "remain %d less than ext len %d.\n", | |
51578 | + remain, pfkey_ext->sadb_ext_len); | |
51579 | + SENDERR(EINVAL); | |
51580 | + } | |
51581 | + | |
51582 | + DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW, | |
51583 | + "pfkey_msg_parse: " | |
51584 | + "parsing ext type=%d(%s) remain=%d.\n", | |
51585 | + pfkey_ext->sadb_ext_type, | |
51586 | + pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type), | |
51587 | + remain); | |
51588 | + | |
51589 | + /* Is the extension header type valid? */ | |
51590 | + if((pfkey_ext->sadb_ext_type > SADB_EXT_MAX) || (!pfkey_ext->sadb_ext_type)) { | |
51591 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
51592 | + "pfkey_msg_parse: " | |
51593 | + "ext type %d(%s) invalid, SADB_EXT_MAX=%d.\n", | |
51594 | + pfkey_ext->sadb_ext_type, | |
51595 | + pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type), | |
51596 | + SADB_EXT_MAX); | |
51597 | + SENDERR(EINVAL); | |
51598 | + } | |
51599 | + | |
51600 | + /* Have we already seen this type of extension? */ | |
51601 | + if((extensions_seen & ( 1 << pfkey_ext->sadb_ext_type )) != 0) | |
51602 | + { | |
51603 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
51604 | + "pfkey_msg_parse: " | |
51605 | + "ext type %d(%s) already seen.\n", | |
51606 | + pfkey_ext->sadb_ext_type, | |
51607 | + pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type)); | |
51608 | + SENDERR(EINVAL); | |
51609 | + } | |
51610 | + | |
51611 | + /* Do I even know about this type of extension? */ | |
51612 | + if(ext_parsers[pfkey_ext->sadb_ext_type]==NULL) { | |
51613 | + ERROR("pfkey_msg_parse: " | |
51614 | + "ext type %d(%s) unknown, ignoring.\n", | |
51615 | + pfkey_ext->sadb_ext_type, | |
51616 | + pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type)); | |
51617 | + goto next_ext; | |
51618 | + } | |
51619 | + | |
51620 | + /* Is this type of extension permitted for this type of message? */ | |
51621 | + if(!(extensions_bitmaps[dir][EXT_BITS_PERM][pfkey_msg->sadb_msg_type] & | |
51622 | + 1<<pfkey_ext->sadb_ext_type)) { | |
51623 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
51624 | + "pfkey_msg_parse: " | |
51625 | + "ext type %d(%s) not permitted, exts_perm_in=%08x, 1<<type=%08x\n", | |
51626 | + pfkey_ext->sadb_ext_type, | |
51627 | + pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type), | |
51628 | + extensions_bitmaps[dir][EXT_BITS_PERM][pfkey_msg->sadb_msg_type], | |
51629 | + 1<<pfkey_ext->sadb_ext_type); | |
51630 | + SENDERR(EINVAL); | |
51631 | + } | |
51632 | + | |
51633 | + DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT, | |
51634 | + "pfkey_msg_parse: " | |
51635 | + "remain=%d ext_type=%d(%s) ext_len=%d parsing ext 0p%p with parser %s.\n", | |
51636 | + remain, | |
51637 | + pfkey_ext->sadb_ext_type, | |
51638 | + pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type), | |
51639 | + pfkey_ext->sadb_ext_len, | |
51640 | + pfkey_ext, | |
51641 | + ext_parsers[pfkey_ext->sadb_ext_type]->parser_name); | |
51642 | + | |
51643 | + /* Parse the extension */ | |
51644 | + if((error = | |
51645 | + (*ext_parsers[pfkey_ext->sadb_ext_type]->parser)(pfkey_ext))) { | |
51646 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
51647 | + "pfkey_msg_parse: " | |
51648 | + "extension parsing for type %d(%s) failed with error %d.\n", | |
51649 | + pfkey_ext->sadb_ext_type, | |
51650 | + pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type), | |
51651 | + error); | |
51652 | + SENDERR(-error); | |
51653 | + } | |
51654 | + DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW, | |
51655 | + "pfkey_msg_parse: " | |
51656 | + "Extension %d(%s) parsed.\n", | |
51657 | + pfkey_ext->sadb_ext_type, | |
51658 | + pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type)); | |
51659 | + | |
51660 | + /* Mark that we have seen this extension and remember the header location */ | |
51661 | + extensions_seen |= ( 1 << pfkey_ext->sadb_ext_type ); | |
51662 | + extensions[pfkey_ext->sadb_ext_type] = pfkey_ext; | |
51663 | + | |
51664 | + next_ext: | |
51665 | + /* Calculate how much message remains */ | |
51666 | + remain -= pfkey_ext->sadb_ext_len; | |
51667 | + | |
51668 | + if(!remain) { | |
51669 | + break; | |
51670 | + } | |
51671 | + /* Find the next extension header */ | |
51672 | + pfkey_ext = (struct sadb_ext*)((char*)pfkey_ext + | |
51673 | + pfkey_ext->sadb_ext_len * IPSEC_PFKEYv2_ALIGN); | |
51674 | + } | |
51675 | + | |
51676 | + if(remain) { | |
51677 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
51678 | + "pfkey_msg_parse: " | |
51679 | + "unexpected remainder of %d.\n", | |
51680 | + remain); | |
51681 | + /* why is there still something remaining? */ | |
51682 | + SENDERR(EINVAL); | |
51683 | + } | |
51684 | + | |
51685 | + /* check required extensions */ | |
51686 | + DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT, | |
51687 | + "pfkey_msg_parse: " | |
51688 | + "extensions permitted=%08x, seen=%08x, required=%08x.\n", | |
51689 | + extensions_bitmaps[dir][EXT_BITS_PERM][pfkey_msg->sadb_msg_type], | |
51690 | + extensions_seen, | |
51691 | + extensions_bitmaps[dir][EXT_BITS_REQ][pfkey_msg->sadb_msg_type]); | |
51692 | + | |
51693 | + /* don't check further if it is an error return message since it | |
51694 | + may not have a body */ | |
51695 | + if(pfkey_msg->sadb_msg_errno) { | |
51696 | + SENDERR(-error); | |
51697 | + } | |
51698 | + | |
51699 | + if((extensions_seen & | |
51700 | + extensions_bitmaps[dir][EXT_BITS_REQ][pfkey_msg->sadb_msg_type]) != | |
51701 | + extensions_bitmaps[dir][EXT_BITS_REQ][pfkey_msg->sadb_msg_type]) { | |
51702 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
51703 | + "pfkey_msg_parse: " | |
51704 | + "required extensions missing:%08x.\n", | |
51705 | + extensions_bitmaps[dir][EXT_BITS_REQ][pfkey_msg->sadb_msg_type] - | |
51706 | + (extensions_seen & | |
51707 | + extensions_bitmaps[dir][EXT_BITS_REQ][pfkey_msg->sadb_msg_type])); | |
51708 | + SENDERR(EINVAL); | |
51709 | + } | |
51710 | + | |
51711 | + if((dir == EXT_BITS_IN) && (pfkey_msg->sadb_msg_type == SADB_X_DELFLOW) | |
51712 | + && ((extensions_seen & SADB_X_EXT_ADDRESS_DELFLOW) | |
51713 | + != SADB_X_EXT_ADDRESS_DELFLOW) | |
51714 | + && (((extensions_seen & (1<<SADB_EXT_SA)) != (1<<SADB_EXT_SA)) | |
51715 | + || ((((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_flags | |
51716 | + & SADB_X_SAFLAGS_CLEARFLOW) | |
51717 | + != SADB_X_SAFLAGS_CLEARFLOW))) { | |
51718 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
51719 | + "pfkey_msg_parse: " | |
51720 | + "required SADB_X_DELFLOW extensions missing: either %08x must be present or %08x must be present with SADB_X_SAFLAGS_CLEARFLOW set.\n", | |
51721 | + SADB_X_EXT_ADDRESS_DELFLOW | |
51722 | + - (extensions_seen & SADB_X_EXT_ADDRESS_DELFLOW), | |
51723 | + (1<<SADB_EXT_SA) - (extensions_seen & (1<<SADB_EXT_SA))); | |
51724 | + SENDERR(EINVAL); | |
51725 | + } | |
51726 | + | |
51727 | + switch(pfkey_msg->sadb_msg_type) { | |
51728 | + case SADB_ADD: | |
51729 | + case SADB_UPDATE: | |
51730 | + /* check maturity */ | |
51731 | + if(((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_state != | |
51732 | + SADB_SASTATE_MATURE) { | |
51733 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
51734 | + "pfkey_msg_parse: " | |
51735 | + "state=%d for add or update should be MATURE=%d.\n", | |
51736 | + ((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_state, | |
51737 | + SADB_SASTATE_MATURE); | |
51738 | + SENDERR(EINVAL); | |
51739 | + } | |
51740 | + | |
51741 | + /* check AH and ESP */ | |
51742 | + switch(((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype) { | |
51743 | + case SADB_SATYPE_AH: | |
51744 | + if(!(((struct sadb_sa*)extensions[SADB_EXT_SA]) && | |
51745 | + ((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_auth != | |
51746 | + SADB_AALG_NONE)) { | |
51747 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
51748 | + "pfkey_msg_parse: " | |
51749 | + "auth alg is zero, must be non-zero for AH SAs.\n"); | |
51750 | + SENDERR(EINVAL); | |
51751 | + } | |
51752 | + if(((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_sa_encrypt != | |
51753 | + SADB_EALG_NONE) { | |
51754 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
51755 | + "pfkey_msg_parse: " | |
51756 | + "AH handed encalg=%d, must be zero.\n", | |
51757 | + ((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_sa_encrypt); | |
51758 | + SENDERR(EINVAL); | |
51759 | + } | |
51760 | + break; | |
51761 | + case SADB_SATYPE_ESP: | |
51762 | + if(!(((struct sadb_sa*)extensions[SADB_EXT_SA]) && | |
51763 | + ((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_encrypt != | |
51764 | + SADB_EALG_NONE)) { | |
51765 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
51766 | + "pfkey_msg_parse: " | |
51767 | + "encrypt alg=%d is zero, must be non-zero for ESP=%d SAs.\n", | |
51768 | + ((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_encrypt, | |
51769 | + ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype); | |
51770 | + SENDERR(EINVAL); | |
51771 | + } | |
51772 | + if((((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_sa_encrypt == | |
51773 | + SADB_EALG_NULL) && | |
51774 | + (((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_sa_auth == | |
51775 | + SADB_AALG_NONE) ) { | |
51776 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
51777 | + "pfkey_msg_parse: " | |
51778 | + "ESP handed encNULL+authNONE, illegal combination.\n"); | |
51779 | + SENDERR(EINVAL); | |
51780 | + } | |
51781 | + break; | |
51782 | + case SADB_X_SATYPE_COMP: | |
51783 | + if(!(((struct sadb_sa*)extensions[SADB_EXT_SA]) && | |
51784 | + ((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_encrypt != | |
51785 | + SADB_EALG_NONE)) { | |
51786 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
51787 | + "pfkey_msg_parse: " | |
51788 | + "encrypt alg=%d is zero, must be non-zero for COMP=%d SAs.\n", | |
51789 | + ((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_encrypt, | |
51790 | + ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype); | |
51791 | + SENDERR(EINVAL); | |
51792 | + } | |
51793 | + if(((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_sa_auth != | |
51794 | + SADB_AALG_NONE) { | |
51795 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
51796 | + "pfkey_msg_parse: " | |
51797 | + "COMP handed auth=%d, must be zero.\n", | |
51798 | + ((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_sa_auth); | |
51799 | + SENDERR(EINVAL); | |
51800 | + } | |
51801 | + break; | |
51802 | + default: | |
51803 | + break; | |
51804 | + } | |
51805 | + if(ntohl(((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_sa_spi) <= 255) { | |
51806 | + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, | |
51807 | + "pfkey_msg_parse: " | |
51808 | + "spi=%08x must be > 255.\n", | |
51809 | + ntohl(((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_sa_spi)); | |
51810 | + SENDERR(EINVAL); | |
51811 | + } | |
51812 | + default: | |
51813 | + break; | |
51814 | + } | |
51815 | +errlab: | |
51816 | + | |
51817 | + return error; | |
51818 | +} | |
51819 | + | |
51820 | +/* | |
51821 | + * $Log: pfkey_v2_parse.c,v $ | |
51822 | + * Revision 1.65 2005/04/06 17:46:05 mcr | |
51823 | + * failure to recognize an extension is considered an error. | |
51824 | + * This could be a problem in the future, but we need some kind | |
51825 | + * of logging. This should be rate limited, probably. | |
51826 | + * | |
51827 | + * Revision 1.64 2005/01/26 00:50:35 mcr | |
51828 | + * adjustment of confusion of CONFIG_IPSEC_NAT vs CONFIG_KLIPS_NAT, | |
51829 | + * and make sure that NAT_TRAVERSAL is set as well to match | |
51830 | + * userspace compiles of code. | |
51831 | + * | |
51832 | + * Revision 1.63 2004/10/28 22:54:10 mcr | |
51833 | + * results from valgrind, thanks to: Harald Hoyer <harald@redhat.com> | |
51834 | + * | |
51835 | + * Revision 1.62 2004/10/03 01:26:36 mcr | |
51836 | + * fixes for gcc 3.4 compilation. | |
51837 | + * | |
51838 | + * Revision 1.61 2004/07/10 19:11:18 mcr | |
51839 | + * CONFIG_IPSEC -> CONFIG_KLIPS. | |
51840 | + * | |
51841 | + * Revision 1.59 2004/04/18 03:03:49 mcr | |
51842 | + * renamed common include files from pluto directory. | |
51843 | + * | |
51844 | + * Revision 1.58 2004/03/08 01:59:08 ken | |
51845 | + * freeswan.h -> openswan.h | |
51846 | + * | |
51847 | + * Revision 1.57 2003/12/10 01:20:19 mcr | |
51848 | + * NAT-traversal patches to KLIPS. | |
51849 | + * | |
51850 | + * Revision 1.56 2003/12/04 23:01:12 mcr | |
51851 | + * removed ipsec_netlink.h | |
51852 | + * | |
51853 | + * Revision 1.55 2003/11/07 01:30:37 ken | |
51854 | + * Cast sizeof() to int to keep things 64bit clean | |
51855 | + * | |
51856 | + * Revision 1.54 2003/10/31 02:27:12 mcr | |
51857 | + * pulled up port-selector patches and sa_id elimination. | |
51858 | + * | |
51859 | + * Revision 1.53.20.2 2003/10/29 01:11:32 mcr | |
51860 | + * added debugging for pfkey library. | |
51861 | + * | |
51862 | + * Revision 1.53.20.1 2003/09/21 13:59:44 mcr | |
51863 | + * pre-liminary X.509 patch - does not yet pass tests. | |
51864 | + * | |
51865 | + * Revision 1.53 2003/01/30 02:32:09 rgb | |
51866 | + * | |
51867 | + * Rename SAref table macro names for clarity. | |
51868 | + * Convert IPsecSAref_t from signed to unsigned to fix apparent SAref exhaustion bug. | |
51869 | + * | |
51870 | + * Revision 1.52 2002/12/30 06:53:07 mcr | |
51871 | + * deal with short SA structures... #if 0 out for now. Probably | |
51872 | + * not quite the right way. | |
51873 | + * | |
51874 | + * Revision 1.51 2002/12/13 18:16:02 mcr | |
51875 | + * restored sa_ref code | |
51876 | + * | |
51877 | + * Revision 1.50 2002/12/13 18:06:52 mcr | |
51878 | + * temporarily removed sadb_x_sa_ref reference for 2.xx | |
51879 | + * | |
51880 | + * Revision 1.49 2002/10/05 05:02:58 dhr | |
51881 | + * | |
51882 | + * C labels go on statements | |
51883 | + * | |
51884 | + * Revision 1.48 2002/09/20 15:40:45 rgb | |
51885 | + * Added sadb_x_sa_ref to struct sadb_sa. | |
51886 | + * | |
51887 | + * Revision 1.47 2002/09/20 05:01:31 rgb | |
51888 | + * Fixed usage of pfkey_lib_debug. | |
51889 | + * Format for function declaration style consistency. | |
51890 | + * Added text labels to elucidate numeric values presented. | |
51891 | + * Re-organised debug output to reduce noise in output. | |
51892 | + * | |
51893 | + * Revision 1.46 2002/07/24 18:44:54 rgb | |
51894 | + * Type fiddling to tame ia64 compiler. | |
51895 | + * | |
51896 | + * Revision 1.45 2002/05/23 07:14:11 rgb | |
51897 | + * Cleaned up %p variants to 0p%p for test suite cleanup. | |
51898 | + * | |
51899 | + * Revision 1.44 2002/04/24 07:55:32 mcr | |
51900 | + * #include patches and Makefiles for post-reorg compilation. | |
51901 | + * | |
51902 | + * Revision 1.43 2002/04/24 07:36:40 mcr | |
51903 | + * Moved from ./lib/pfkey_v2_parse.c,v | |
51904 | + * | |
51905 | + * Revision 1.42 2002/01/29 22:25:36 rgb | |
51906 | + * Re-add ipsec_kversion.h to keep MALLOC happy. | |
51907 | + * | |
51908 | + * Revision 1.41 2002/01/29 01:59:10 mcr | |
51909 | + * removal of kversions.h - sources that needed it now use ipsec_param.h. | |
51910 | + * updating of IPv6 structures to match latest in6.h version. | |
51911 | + * removed dead code from openswan.h that also duplicated kversions.h | |
51912 | + * code. | |
51913 | + * | |
51914 | + * Revision 1.40 2002/01/20 20:34:50 mcr | |
51915 | + * added pfkey_v2_sadb_type_string to decode sadb_type to string. | |
51916 | + * | |
51917 | + * Revision 1.39 2001/11/27 05:29:22 mcr | |
51918 | + * pfkey parses are now maintained by a structure | |
51919 | + * that includes their name for debug purposes. | |
51920 | + * DEBUGGING() macro changed so that it takes a debug | |
51921 | + * level so that pf_key() can use this to decode the | |
51922 | + * structures without innundanting humans. | |
51923 | + * Also uses pfkey_v2_sadb_ext_string() in messages. | |
51924 | + * | |
51925 | + * Revision 1.38 2001/11/06 19:47:47 rgb | |
51926 | + * Added packet parameter to lifetime and comb structures. | |
51927 | + * | |
51928 | + * Revision 1.37 2001/10/18 04:45:24 rgb | |
51929 | + * 2.4.9 kernel deprecates linux/malloc.h in favour of linux/slab.h, | |
51930 | + * lib/openswan.h version macros moved to lib/kversions.h. | |
51931 | + * Other compiler directive cleanups. | |
51932 | + * | |
51933 | + * Revision 1.36 2001/06/14 19:35:16 rgb | |
51934 | + * Update copyright date. | |
51935 | + * | |
51936 | + * Revision 1.35 2001/05/03 19:44:51 rgb | |
51937 | + * Standardise on SENDERR() macro. | |
51938 | + * | |
51939 | + * Revision 1.34 2001/03/16 07:41:51 rgb | |
51940 | + * Put openswan.h include before pluto includes. | |
51941 | + * | |
51942 | + * Revision 1.33 2001/02/27 07:13:51 rgb | |
51943 | + * Added satype2name() function. | |
51944 | + * Added text to default satype_tbl entry. | |
51945 | + * Added satype2name() conversions for most satype debug output. | |
51946 | + * | |
51947 | + * Revision 1.32 2001/02/26 20:01:09 rgb | |
51948 | + * Added internal IP protocol 61 for magic SAs. | |
51949 | + * Ditch unused sadb_satype2proto[], replaced by satype2proto(). | |
51950 | + * Re-formatted debug output (split lines, consistent spacing). | |
51951 | + * Removed acquire, register and expire requirements for a known satype. | |
51952 | + * Changed message type checking to a switch structure. | |
51953 | + * Verify expected NULL auth for IPCOMP. | |
51954 | + * Enforced spi > 0x100 requirement, now that pass uses a magic SA for | |
51955 | + * appropriate message types. | |
51956 | + * | |
51957 | + * Revision 1.31 2000/12/01 07:09:00 rgb | |
51958 | + * Added ipcomp sanity check to require encalgo is set. | |
51959 | + * | |
51960 | + * Revision 1.30 2000/11/17 18:10:30 rgb | |
51961 | + * Fixed bugs mostly relating to spirange, to treat all spi variables as | |
51962 | + * network byte order since this is the way PF_KEYv2 stored spis. | |
51963 | + * | |
51964 | + * Revision 1.29 2000/10/12 00:02:39 rgb | |
51965 | + * Removed 'format, ##' nonsense from debug macros for RH7.0. | |
51966 | + * | |
51967 | + * Revision 1.28 2000/09/20 16:23:04 rgb | |
51968 | + * Remove over-paranoid extension check in the presence of sadb_msg_errno. | |
51969 | + * | |
51970 | + * Revision 1.27 2000/09/20 04:04:21 rgb | |
51971 | + * Changed static functions to DEBUG_NO_STATIC to reveal function names in | |
51972 | + * oopsen. | |
51973 | + * | |
51974 | + * Revision 1.26 2000/09/15 11:37:02 rgb | |
51975 | + * Merge in heavily modified Svenning Soerensen's <svenning@post5.tele.dk> | |
51976 | + * IPCOMP zlib deflate code. | |
51977 | + * | |
51978 | + * Revision 1.25 2000/09/12 22:35:37 rgb | |
51979 | + * Restructured to remove unused extensions from CLEARFLOW messages. | |
51980 | + * | |
51981 | + * Revision 1.24 2000/09/12 18:59:54 rgb | |
51982 | + * Added Gerhard's IPv6 support to pfkey parts of libopenswan. | |
51983 | + * | |
51984 | + * Revision 1.23 2000/09/12 03:27:00 rgb | |
51985 | + * Moved DEBUGGING definition to compile kernel with debug off. | |
51986 | + * | |
51987 | + * Revision 1.22 2000/09/09 06:39:27 rgb | |
51988 | + * Restrict pfkey errno check to downward messages only. | |
51989 | + * | |
51990 | + * Revision 1.21 2000/09/08 19:22:34 rgb | |
51991 | + * Enabled pfkey_sens_parse(). | |
51992 | + * Added check for errno on downward acquire messages only. | |
51993 | + * | |
51994 | + * Revision 1.20 2000/09/01 18:48:23 rgb | |
51995 | + * Fixed reserved check bug and added debug output in | |
51996 | + * pfkey_supported_parse(). | |
51997 | + * Fixed debug output label bug in pfkey_ident_parse(). | |
51998 | + * | |
51999 | + * Revision 1.19 2000/08/27 01:55:26 rgb | |
52000 | + * Define OCTETBITS and PFKEYBITS to avoid using 'magic' numbers in code. | |
52001 | + * | |
52002 | + * Revision 1.18 2000/08/24 17:00:36 rgb | |
52003 | + * Ignore unknown extensions instead of failing. | |
52004 | + * | |
52005 | + * Revision 1.17 2000/06/02 22:54:14 rgb | |
52006 | + * Added Gerhard Gessler's struct sockaddr_storage mods for IPv6 support. | |
52007 | + * | |
52008 | + * Revision 1.16 2000/05/10 19:25:11 rgb | |
52009 | + * Fleshed out proposal and supported extensions. | |
52010 | + * | |
52011 | + * Revision 1.15 2000/01/24 21:15:31 rgb | |
52012 | + * Added disabled pluto pfkey lib debug flag. | |
52013 | + * Added algo debugging reporting. | |
52014 | + * | |
52015 | + * Revision 1.14 2000/01/22 23:24:29 rgb | |
52016 | + * Added new functions proto2satype() and satype2proto() and lookup | |
52017 | + * table satype_tbl. Also added proto2name() since it was easy. | |
52018 | + * | |
52019 | + * Revision 1.13 2000/01/21 09:43:59 rgb | |
52020 | + * Cast ntohl(spi) as (unsigned long int) to shut up compiler. | |
52021 | + * | |
52022 | + * Revision 1.12 2000/01/21 06:28:19 rgb | |
52023 | + * Added address cases for eroute flows. | |
52024 | + * Indented compiler directives for readability. | |
52025 | + * Added klipsdebug switching capability. | |
52026 | + * | |
52027 | + * Revision 1.11 1999/12/29 21:14:59 rgb | |
52028 | + * Fixed debug text cut and paste typo. | |
52029 | + * | |
52030 | + * Revision 1.10 1999/12/10 17:45:24 rgb | |
52031 | + * Added address debugging. | |
52032 | + * | |
52033 | + * Revision 1.9 1999/12/09 23:11:42 rgb | |
52034 | + * Ditched <string.h> include since we no longer use memset(). | |
52035 | + * Use new pfkey_extensions_init() instead of memset(). | |
52036 | + * Added check for SATYPE in pfkey_msg_build(). | |
52037 | + * Tidy up comments and debugging comments. | |
52038 | + * | |
52039 | + * Revision 1.8 1999/12/07 19:55:26 rgb | |
52040 | + * Removed unused first argument from extension parsers. | |
52041 | + * Removed static pluto debug flag. | |
52042 | + * Moved message type and state checking to pfkey_msg_parse(). | |
52043 | + * Changed print[fk] type from lx to x to quiet compiler. | |
52044 | + * Removed redundant remain check. | |
52045 | + * Changed __u* types to uint* to avoid use of asm/types.h and | |
52046 | + * sys/types.h in userspace code. | |
52047 | + * | |
52048 | + * Revision 1.7 1999/12/01 22:20:51 rgb | |
52049 | + * Moved pfkey_lib_debug variable into the library. | |
52050 | + * Added pfkey version check into header parsing. | |
52051 | + * Added check for SATYPE only for those extensions that require a | |
52052 | + * non-zero value. | |
52053 | + * | |
52054 | + * Revision 1.6 1999/11/27 11:58:05 rgb | |
52055 | + * Added ipv6 headers. | |
52056 | + * Moved sadb_satype2proto protocol lookup table from | |
52057 | + * klips/net/ipsec/pfkey_v2_parser.c. | |
52058 | + * Enable lifetime_current checking. | |
52059 | + * Debugging error messages added. | |
52060 | + * Add argument to pfkey_msg_parse() for direction. | |
52061 | + * Consolidated the 4 1-d extension bitmap arrays into one 4-d array. | |
52062 | + * Add CVS log entry to bottom of file. | |
52063 | + * Moved auth and enc alg check to pfkey_msg_parse(). | |
52064 | + * Enable accidentally disabled spirange parsing. | |
52065 | + * Moved protocol/algorithm checks from klips/net/ipsec/pfkey_v2_parser.c | |
52066 | + * | |
52067 | + * Local variables: | |
52068 | + * c-file-style: "linux" | |
52069 | + * End: | |
52070 | + * | |
52071 | + */ | |
52072 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
52073 | +++ linux/net/ipsec/pfkey_v2_parser.c Mon Feb 9 13:51:03 2004 | |
52074 | @@ -0,0 +1,3520 @@ | |
52075 | +/* | |
52076 | + * @(#) RFC2367 PF_KEYv2 Key management API message parser | |
52077 | + * Copyright (C) 1999, 2000, 2001 Richard Guy Briggs <rgb@freeswan.org> | |
52078 | + * | |
52079 | + * This program is free software; you can redistribute it and/or modify it | |
52080 | + * under the terms of the GNU General Public License as published by the | |
52081 | + * Free Software Foundation; either version 2 of the License, or (at your | |
52082 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
52083 | + * | |
52084 | + * This program is distributed in the hope that it will be useful, but | |
52085 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
52086 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
52087 | + * for more details. | |
52088 | + * | |
52089 | + * RCSID $Id: pfkey_v2_parser.c,v 1.134.2.2 2006/10/06 21:39:26 paul Exp $ | |
52090 | + */ | |
52091 | + | |
52092 | +/* | |
52093 | + * Template from klips/net/ipsec/ipsec/ipsec_netlink.c. | |
52094 | + */ | |
52095 | + | |
52096 | +char pfkey_v2_parser_c_version[] = "$Id: pfkey_v2_parser.c,v 1.134.2.2 2006/10/06 21:39:26 paul Exp $"; | |
52097 | + | |
52098 | +#ifndef AUTOCONF_INCLUDED | |
52099 | +#include <linux/config.h> | |
52100 | +#endif | |
52101 | +#include <linux/version.h> | |
52102 | +#include <linux/kernel.h> /* printk() */ | |
52103 | + | |
52104 | +#include "openswan/ipsec_param.h" | |
52105 | + | |
52106 | +#ifdef MALLOC_SLAB | |
52107 | +# include <linux/slab.h> /* kmalloc() */ | |
52108 | +#else /* MALLOC_SLAB */ | |
52109 | +# include <linux/malloc.h> /* kmalloc() */ | |
52110 | +#endif /* MALLOC_SLAB */ | |
52111 | +#include <linux/errno.h> /* error codes */ | |
52112 | +#include <linux/types.h> /* size_t */ | |
52113 | +#include <linux/interrupt.h> /* mark_bh */ | |
52114 | + | |
52115 | +#include <linux/netdevice.h> /* struct device, and other headers */ | |
52116 | +#include <linux/etherdevice.h> /* eth_type_trans */ | |
52117 | +#include <linux/ip.h> /* struct iphdr */ | |
52118 | +#include <linux/skbuff.h> | |
52119 | + | |
52120 | +#include <openswan.h> | |
52121 | + | |
52122 | +#include <crypto/des.h> | |
52123 | + | |
52124 | +#ifdef SPINLOCK | |
52125 | +# ifdef SPINLOCK_23 | |
52126 | +# include <linux/spinlock.h> /* *lock* */ | |
52127 | +# else /* SPINLOCK_23 */ | |
52128 | +# include <asm/spinlock.h> /* *lock* */ | |
52129 | +# endif /* SPINLOCK_23 */ | |
52130 | +#endif /* SPINLOCK */ | |
52131 | + | |
52132 | +#include <linux/in6.h> | |
52133 | +#include <net/route.h> | |
52134 | + | |
52135 | +#include <net/ip.h> | |
52136 | +#ifdef NETLINK_SOCK | |
52137 | +# include <linux/netlink.h> | |
52138 | +#else | |
52139 | +# include <net/netlink.h> | |
52140 | +#endif | |
52141 | + | |
52142 | +#include <linux/random.h> /* get_random_bytes() */ | |
52143 | + | |
52144 | +#include "openswan/radij.h" | |
52145 | +#include "openswan/ipsec_encap.h" | |
52146 | +#include "openswan/ipsec_sa.h" | |
52147 | + | |
52148 | +#include "openswan/ipsec_radij.h" | |
52149 | +#include "openswan/ipsec_xform.h" | |
52150 | +#include "openswan/ipsec_ah.h" | |
52151 | +#include "openswan/ipsec_esp.h" | |
52152 | +#include "openswan/ipsec_tunnel.h" | |
52153 | +#include "openswan/ipsec_rcv.h" | |
52154 | +#include "openswan/ipcomp.h" | |
52155 | + | |
52156 | +#include <pfkeyv2.h> | |
52157 | +#include <pfkey.h> | |
52158 | + | |
52159 | +#include "openswan/ipsec_proto.h" | |
52160 | +#include "openswan/ipsec_alg.h" | |
52161 | + | |
52162 | +#include "openswan/ipsec_kern24.h" | |
52163 | + | |
52164 | +#define SENDERR(_x) do { error = -(_x); goto errlab; } while (0) | |
52165 | + | |
52166 | +struct sklist_t { | |
52167 | + struct socket *sk; | |
52168 | + struct sklist_t* next; | |
52169 | +} pfkey_sklist_head, *pfkey_sklist, *pfkey_sklist_prev; | |
52170 | + | |
52171 | +__u32 pfkey_msg_seq = 0; | |
52172 | + | |
52173 | + | |
52174 | +#if 0 | |
52175 | +#define DUMP_SAID dump_said(&extr->ips->ips_said, __LINE__) | |
52176 | +#define DUMP_SAID2 dump_said(&extr.ips->ips_said, __LINE__) | |
52177 | +static void dump_said(ip_said *s, int line) | |
52178 | +{ | |
52179 | + char msa[SATOT_BUF]; | |
52180 | + size_t msa_len; | |
52181 | + | |
52182 | + msa_len = satot(s, 0, msa, sizeof(msa)); | |
52183 | + | |
52184 | + printk("line: %d msa: %s\n", line, msa); | |
52185 | +} | |
52186 | +#endif | |
52187 | + | |
52188 | + | |
52189 | +int | |
52190 | +pfkey_alloc_eroute(struct eroute** eroute) | |
52191 | +{ | |
52192 | + int error = 0; | |
52193 | + if(*eroute) { | |
52194 | + KLIPS_PRINT(debug_pfkey, | |
52195 | + "klips_debug:pfkey_alloc_eroute: " | |
52196 | + "eroute struct already allocated\n"); | |
52197 | + SENDERR(EEXIST); | |
52198 | + } | |
52199 | + | |
52200 | + if((*eroute = kmalloc(sizeof(**eroute), GFP_ATOMIC) ) == NULL) { | |
52201 | + KLIPS_PRINT(debug_pfkey, | |
52202 | + "klips_debug:pfkey_alloc_eroute: " | |
52203 | + "memory allocation error\n"); | |
52204 | + SENDERR(ENOMEM); | |
52205 | + } | |
52206 | + | |
52207 | + KLIPS_PRINT(debug_pfkey, | |
52208 | + "klips_debug:pfkey_alloc_eroute: " | |
52209 | + "allocating %lu bytes for an eroute at 0p%p\n", | |
52210 | + (unsigned long) sizeof(**eroute), *eroute); | |
52211 | + | |
52212 | + memset((caddr_t)*eroute, 0, sizeof(**eroute)); | |
52213 | + (*eroute)->er_eaddr.sen_len = | |
52214 | + (*eroute)->er_emask.sen_len = sizeof(struct sockaddr_encap); | |
52215 | + (*eroute)->er_eaddr.sen_family = | |
52216 | + (*eroute)->er_emask.sen_family = AF_ENCAP; | |
52217 | + (*eroute)->er_eaddr.sen_type = SENT_IP4; | |
52218 | + (*eroute)->er_emask.sen_type = 255; | |
52219 | + (*eroute)->er_pid = 0; | |
52220 | + (*eroute)->er_count = 0; | |
52221 | + (*eroute)->er_lasttime = jiffies/HZ; | |
52222 | + | |
52223 | + errlab: | |
52224 | + return(error); | |
52225 | +} | |
52226 | + | |
52227 | +DEBUG_NO_STATIC int | |
52228 | +pfkey_x_protocol_process(struct sadb_ext *pfkey_ext, | |
52229 | + struct pfkey_extracted_data *extr) | |
52230 | +{ | |
52231 | + int error = 0; | |
52232 | + struct sadb_protocol * p = (struct sadb_protocol *)pfkey_ext; | |
52233 | + | |
52234 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_x_protocol_process: %p\n", extr); | |
52235 | + | |
52236 | + if (extr == 0) { | |
52237 | + KLIPS_PRINT(debug_pfkey, | |
52238 | + "klips_debug:pfkey_x_protocol_process:" | |
52239 | + "extr is NULL, fatal\n"); | |
52240 | + SENDERR(EINVAL); | |
52241 | + } | |
52242 | + if (extr->eroute == 0) { | |
52243 | + KLIPS_PRINT(debug_pfkey, | |
52244 | + "klips_debug:pfkey_x_protocol_process:" | |
52245 | + "extr->eroute is NULL, fatal\n"); | |
52246 | + SENDERR(EINVAL); | |
52247 | + } | |
52248 | + | |
52249 | + extr->eroute->er_eaddr.sen_proto = p->sadb_protocol_proto; | |
52250 | + extr->eroute->er_emask.sen_proto = p->sadb_protocol_proto ? ~0:0; | |
52251 | + KLIPS_PRINT(debug_pfkey, | |
52252 | + "klips_debug:pfkey_x_protocol_process: protocol = %d.\n", | |
52253 | + p->sadb_protocol_proto); | |
52254 | + errlab: | |
52255 | + return error; | |
52256 | +} | |
52257 | + | |
52258 | +DEBUG_NO_STATIC int | |
52259 | +pfkey_ipsec_sa_init(struct ipsec_sa *ipsp) | |
52260 | +{ | |
52261 | + | |
52262 | + return ipsec_sa_init(ipsp); | |
52263 | +} | |
52264 | + | |
52265 | +int | |
52266 | +pfkey_safe_build(int error, struct sadb_ext *extensions[SADB_MAX+1]) | |
52267 | +{ | |
52268 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_safe_build: " | |
52269 | + "error=%d\n", | |
52270 | + error); | |
52271 | + if (!error) { | |
52272 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_safe_build:" | |
52273 | + "success.\n"); | |
52274 | + return 1; | |
52275 | + } else { | |
52276 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_safe_build:" | |
52277 | + "caught error %d\n", | |
52278 | + error); | |
52279 | + pfkey_extensions_free(extensions); | |
52280 | + return 0; | |
52281 | + } | |
52282 | +} | |
52283 | + | |
52284 | + | |
52285 | +DEBUG_NO_STATIC int | |
52286 | +pfkey_getspi_parse(struct sock *sk, struct sadb_ext **extensions, struct pfkey_extracted_data* extr) | |
52287 | +{ | |
52288 | + int error = 0; | |
52289 | + ipsec_spi_t minspi = htonl(256), maxspi = htonl(-1L); | |
52290 | + int found_avail = 0; | |
52291 | + struct ipsec_sa *ipsq; | |
52292 | + char sa[SATOT_BUF]; | |
52293 | + size_t sa_len; | |
52294 | + struct sadb_ext *extensions_reply[SADB_EXT_MAX+1]; | |
52295 | + struct sadb_msg *pfkey_reply = NULL; | |
52296 | + struct socket_list *pfkey_socketsp; | |
52297 | + uint8_t satype = ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype; | |
52298 | + | |
52299 | + KLIPS_PRINT(debug_pfkey, | |
52300 | + "klips_debug:pfkey_getspi_parse: .\n"); | |
52301 | + | |
52302 | + pfkey_extensions_init(extensions_reply); | |
52303 | + | |
52304 | + if(extr == NULL || extr->ips == NULL) { | |
52305 | + KLIPS_PRINT(debug_pfkey, | |
52306 | + "klips_debug:pfkey_getspi_parse: " | |
52307 | + "error, extr or extr->ipsec_sa pointer NULL\n"); | |
52308 | + SENDERR(EINVAL); | |
52309 | + } | |
52310 | + | |
52311 | + if(extensions[SADB_EXT_SPIRANGE]) { | |
52312 | + minspi = ((struct sadb_spirange *)extensions[SADB_EXT_SPIRANGE])->sadb_spirange_min; | |
52313 | + maxspi = ((struct sadb_spirange *)extensions[SADB_EXT_SPIRANGE])->sadb_spirange_max; | |
52314 | + } | |
52315 | + | |
52316 | + if(maxspi == minspi) { | |
52317 | + extr->ips->ips_said.spi = maxspi; | |
52318 | + ipsq = ipsec_sa_getbyid(&(extr->ips->ips_said)); | |
52319 | + if(ipsq != NULL) { | |
52320 | + sa_len = satot(&extr->ips->ips_said, 0, sa, sizeof(sa)); | |
52321 | + ipsec_sa_put(ipsq); | |
52322 | + KLIPS_PRINT(debug_pfkey, | |
52323 | + "klips_debug:pfkey_getspi_parse: " | |
52324 | + "EMT_GETSPI found an old ipsec_sa for SA: %s, delete it first.\n", | |
52325 | + sa_len ? sa : " (error)"); | |
52326 | + SENDERR(EEXIST); | |
52327 | + } else { | |
52328 | + found_avail = 1; | |
52329 | + } | |
52330 | + } else { | |
52331 | + int i = 0; | |
52332 | + __u32 rand_val; | |
52333 | + __u32 spi_diff; | |
52334 | + while( ( i < (spi_diff = (ntohl(maxspi) - ntohl(minspi)))) && !found_avail ) { | |
52335 | + prng_bytes(&ipsec_prng, (char *) &(rand_val), | |
52336 | + ( (spi_diff < (2^8)) ? 1 : | |
52337 | + ( (spi_diff < (2^16)) ? 2 : | |
52338 | + ( (spi_diff < (2^24)) ? 3 : | |
52339 | + 4 ) ) ) ); | |
52340 | + extr->ips->ips_said.spi = htonl(ntohl(minspi) + | |
52341 | + (rand_val % | |
52342 | + (spi_diff + 1))); | |
52343 | + i++; | |
52344 | + ipsq = ipsec_sa_getbyid(&(extr->ips->ips_said)); | |
52345 | + if(ipsq == NULL) { | |
52346 | + found_avail = 1; | |
52347 | + } else { | |
52348 | + ipsec_sa_put(ipsq); | |
52349 | + } | |
52350 | + } | |
52351 | + } | |
52352 | + | |
52353 | + sa_len = satot(&extr->ips->ips_said, 0, sa, sizeof(sa)); | |
52354 | + | |
52355 | + if (!found_avail) { | |
52356 | + KLIPS_PRINT(debug_pfkey, | |
52357 | + "klips_debug:pfkey_getspi_parse: " | |
52358 | + "found an old ipsec_sa for SA: %s, delete it first.\n", | |
52359 | + sa_len ? sa : " (error)"); | |
52360 | + SENDERR(EEXIST); | |
52361 | + } | |
52362 | + | |
52363 | + if(inet_addr_type((unsigned long)extr->ips->ips_said.dst.u.v4.sin_addr.s_addr) == RTN_LOCAL) { | |
52364 | + extr->ips->ips_flags |= EMT_INBOUND; | |
52365 | + } | |
52366 | + | |
52367 | + KLIPS_PRINT(debug_pfkey, | |
52368 | + "klips_debug:pfkey_getspi_parse: " | |
52369 | + "existing ipsec_sa not found (this is good) for SA: %s, %s-bound, allocating.\n", | |
52370 | + sa_len ? sa : " (error)", | |
52371 | + extr->ips->ips_flags & EMT_INBOUND ? "in" : "out"); | |
52372 | + | |
52373 | + /* XXX extr->ips->ips_rcvif = &(enc_softc[em->em_if].enc_if);*/ | |
52374 | + extr->ips->ips_rcvif = NULL; | |
52375 | + extr->ips->ips_life.ipl_addtime.ipl_count = jiffies/HZ; | |
52376 | + | |
52377 | + extr->ips->ips_state = SADB_SASTATE_LARVAL; | |
52378 | + | |
52379 | + if(!extr->ips->ips_life.ipl_allocations.ipl_count) { | |
52380 | + extr->ips->ips_life.ipl_allocations.ipl_count += 1; | |
52381 | + } | |
52382 | + | |
52383 | + if(!(pfkey_safe_build(error = pfkey_msg_hdr_build(&extensions_reply[0], | |
52384 | + SADB_GETSPI, | |
52385 | + satype, | |
52386 | + 0, | |
52387 | + ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_seq, | |
52388 | + ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_pid), | |
52389 | + extensions_reply) | |
52390 | + && pfkey_safe_build(error = pfkey_sa_ref_build(&extensions_reply[SADB_EXT_SA], | |
52391 | + SADB_EXT_SA, | |
52392 | + extr->ips->ips_said.spi, | |
52393 | + 0, | |
52394 | + SADB_SASTATE_LARVAL, | |
52395 | + 0, | |
52396 | + 0, | |
52397 | + 0, | |
52398 | + extr->ips->ips_ref), | |
52399 | + extensions_reply) | |
52400 | + && pfkey_safe_build(error = pfkey_address_build(&extensions_reply[SADB_EXT_ADDRESS_SRC], | |
52401 | + SADB_EXT_ADDRESS_SRC, | |
52402 | + 0, /*extr->ips->ips_said.proto,*/ | |
52403 | + 0, | |
52404 | + extr->ips->ips_addr_s), | |
52405 | + extensions_reply) | |
52406 | + && pfkey_safe_build(error = pfkey_address_build(&extensions_reply[SADB_EXT_ADDRESS_DST], | |
52407 | + SADB_EXT_ADDRESS_DST, | |
52408 | + 0, /*extr->ips->ips_said.proto,*/ | |
52409 | + 0, | |
52410 | + extr->ips->ips_addr_d), | |
52411 | + extensions_reply) )) { | |
52412 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_getspi_parse: " | |
52413 | + "failed to build the getspi reply message extensions\n"); | |
52414 | + goto errlab; | |
52415 | + } | |
52416 | + | |
52417 | + if((error = pfkey_msg_build(&pfkey_reply, extensions_reply, EXT_BITS_OUT))) { | |
52418 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_getspi_parse: " | |
52419 | + "failed to build the getspi reply message\n"); | |
52420 | + SENDERR(-error); | |
52421 | + } | |
52422 | + for(pfkey_socketsp = pfkey_open_sockets; | |
52423 | + pfkey_socketsp; | |
52424 | + pfkey_socketsp = pfkey_socketsp->next) { | |
52425 | + if((error = pfkey_upmsg(pfkey_socketsp->socketp, pfkey_reply))) { | |
52426 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_getspi_parse: " | |
52427 | + "sending up getspi reply message for satype=%d(%s) to socket=0p%p failed with error=%d.\n", | |
52428 | + satype, | |
52429 | + satype2name(satype), | |
52430 | + pfkey_socketsp->socketp, | |
52431 | + error); | |
52432 | + SENDERR(-error); | |
52433 | + } | |
52434 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_getspi_parse: " | |
52435 | + "sending up getspi reply message for satype=%d(%s) to socket=0p%p succeeded.\n", | |
52436 | + satype, | |
52437 | + satype2name(satype), | |
52438 | + pfkey_socketsp->socketp); | |
52439 | + } | |
52440 | + | |
52441 | + if((error = ipsec_sa_add(extr->ips))) { | |
52442 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_getspi_parse: " | |
52443 | + "failed to add the larval SA=%s with error=%d.\n", | |
52444 | + sa_len ? sa : " (error)", | |
52445 | + error); | |
52446 | + SENDERR(-error); | |
52447 | + } | |
52448 | + extr->ips = NULL; | |
52449 | + | |
52450 | + KLIPS_PRINT(debug_pfkey, | |
52451 | + "klips_debug:pfkey_getspi_parse: " | |
52452 | + "successful for SA: %s\n", | |
52453 | + sa_len ? sa : " (error)"); | |
52454 | + | |
52455 | + errlab: | |
52456 | + if (pfkey_reply) { | |
52457 | + pfkey_msg_free(&pfkey_reply); | |
52458 | + } | |
52459 | + pfkey_extensions_free(extensions_reply); | |
52460 | + return error; | |
52461 | +} | |
52462 | + | |
52463 | +DEBUG_NO_STATIC int | |
52464 | +pfkey_update_parse(struct sock *sk, struct sadb_ext **extensions, struct pfkey_extracted_data* extr) | |
52465 | +{ | |
52466 | + int error = 0; | |
52467 | + struct ipsec_sa* ipsq; | |
52468 | + char sa[SATOT_BUF]; | |
52469 | + size_t sa_len; | |
52470 | + struct sadb_ext *extensions_reply[SADB_EXT_MAX+1]; | |
52471 | + struct sadb_msg *pfkey_reply = NULL; | |
52472 | + struct socket_list *pfkey_socketsp; | |
52473 | + uint8_t satype = ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype; | |
52474 | +#ifdef CONFIG_IPSEC_NAT_TRAVERSAL | |
52475 | + struct ipsec_sa *nat_t_ips_saved = NULL; | |
52476 | +#endif | |
52477 | + KLIPS_PRINT(debug_pfkey, | |
52478 | + "klips_debug:pfkey_update_parse: .\n"); | |
52479 | + | |
52480 | + pfkey_extensions_init(extensions_reply); | |
52481 | + | |
52482 | + if(((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_state != SADB_SASTATE_MATURE) { | |
52483 | + KLIPS_PRINT(debug_pfkey, | |
52484 | + "klips_debug:pfkey_update_parse: " | |
52485 | + "error, sa_state=%d must be MATURE=%d\n", | |
52486 | + ((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_state, | |
52487 | + SADB_SASTATE_MATURE); | |
52488 | + SENDERR(EINVAL); | |
52489 | + } | |
52490 | + | |
52491 | + if(extr == NULL || extr->ips == NULL) { | |
52492 | + KLIPS_PRINT(debug_pfkey, | |
52493 | + "klips_debug:pfkey_update_parse: " | |
52494 | + "error, extr or extr->ips pointer NULL\n"); | |
52495 | + SENDERR(EINVAL); | |
52496 | + } | |
52497 | + | |
52498 | + sa_len = satot(&extr->ips->ips_said, 0, sa, sizeof(sa)); | |
52499 | + | |
52500 | + spin_lock_bh(&tdb_lock); | |
52501 | + | |
52502 | + ipsq = ipsec_sa_getbyid(&(extr->ips->ips_said)); | |
52503 | + if (ipsq == NULL) { | |
52504 | + spin_unlock_bh(&tdb_lock); | |
52505 | + KLIPS_PRINT(debug_pfkey, | |
52506 | + "klips_debug:pfkey_update_parse: " | |
52507 | + "reserved ipsec_sa for SA: %s not found. Call SADB_GETSPI first or call SADB_ADD instead.\n", | |
52508 | + sa_len ? sa : " (error)"); | |
52509 | + SENDERR(ENOENT); | |
52510 | + } | |
52511 | + | |
52512 | + if(inet_addr_type((unsigned long)extr->ips->ips_said.dst.u.v4.sin_addr.s_addr) == RTN_LOCAL) { | |
52513 | + extr->ips->ips_flags |= EMT_INBOUND; | |
52514 | + } | |
52515 | + | |
52516 | + KLIPS_PRINT(debug_pfkey, | |
52517 | + "klips_debug:pfkey_update_parse: " | |
52518 | + "existing ipsec_sa found (this is good) for SA: %s, %s-bound, updating.\n", | |
52519 | + sa_len ? sa : " (error)", | |
52520 | + extr->ips->ips_flags & EMT_INBOUND ? "in" : "out"); | |
52521 | + | |
52522 | +#ifdef CONFIG_IPSEC_NAT_TRAVERSAL | |
52523 | + if (extr->ips->ips_natt_sport || extr->ips->ips_natt_dport) { | |
52524 | + KLIPS_PRINT(debug_pfkey, | |
52525 | + "klips_debug:pfkey_update_parse: only updating NAT-T ports " | |
52526 | + "(%u:%u -> %u:%u)\n", | |
52527 | + ipsq->ips_natt_sport, ipsq->ips_natt_dport, | |
52528 | + extr->ips->ips_natt_sport, extr->ips->ips_natt_dport); | |
52529 | + | |
52530 | + if (extr->ips->ips_natt_sport) { | |
52531 | + ipsq->ips_natt_sport = extr->ips->ips_natt_sport; | |
52532 | + if (ipsq->ips_addr_s->sa_family == AF_INET) { | |
52533 | + ((struct sockaddr_in *)(ipsq->ips_addr_s))->sin_port = htons(extr->ips->ips_natt_sport); | |
52534 | + } | |
52535 | + } | |
52536 | + | |
52537 | + if (extr->ips->ips_natt_dport) { | |
52538 | + ipsq->ips_natt_dport = extr->ips->ips_natt_dport; | |
52539 | + if (ipsq->ips_addr_d->sa_family == AF_INET) { | |
52540 | + ((struct sockaddr_in *)(ipsq->ips_addr_d))->sin_port = htons(extr->ips->ips_natt_dport); | |
52541 | + } | |
52542 | + } | |
52543 | + | |
52544 | + nat_t_ips_saved = extr->ips; | |
52545 | + extr->ips = ipsq; | |
52546 | + } | |
52547 | + else { | |
52548 | +#endif | |
52549 | + | |
52550 | + /* XXX extr->ips->ips_rcvif = &(enc_softc[em->em_if].enc_if);*/ | |
52551 | + extr->ips->ips_rcvif = NULL; | |
52552 | + if ((error = pfkey_ipsec_sa_init(extr->ips))) { | |
52553 | + ipsec_sa_put(ipsq); | |
52554 | + spin_unlock_bh(&tdb_lock); | |
52555 | + KLIPS_PRINT(debug_pfkey, | |
52556 | + "klips_debug:pfkey_update_parse: " | |
52557 | + "not successful for SA: %s, deleting.\n", | |
52558 | + sa_len ? sa : " (error)"); | |
52559 | + SENDERR(-error); | |
52560 | + } | |
52561 | + | |
52562 | + extr->ips->ips_life.ipl_addtime.ipl_count = ipsq->ips_life.ipl_addtime.ipl_count; | |
52563 | + ipsec_sa_put(ipsq); | |
52564 | + if((error = ipsec_sa_delchain(ipsq))) { | |
52565 | + spin_unlock_bh(&tdb_lock); | |
52566 | + KLIPS_PRINT(debug_pfkey, | |
52567 | + "klips_debug:pfkey_update_parse: " | |
52568 | + "error=%d, trouble deleting intermediate ipsec_sa for SA=%s.\n", | |
52569 | + error, | |
52570 | + sa_len ? sa : " (error)"); | |
52571 | + SENDERR(-error); | |
52572 | + } | |
52573 | +#ifdef CONFIG_IPSEC_NAT_TRAVERSAL | |
52574 | + } | |
52575 | +#endif | |
52576 | + | |
52577 | + spin_unlock_bh(&tdb_lock); | |
52578 | + | |
52579 | + if(!(pfkey_safe_build(error = pfkey_msg_hdr_build(&extensions_reply[0], | |
52580 | + SADB_UPDATE, | |
52581 | + satype, | |
52582 | + 0, | |
52583 | + ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_seq, | |
52584 | + ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_pid), | |
52585 | + extensions_reply) | |
52586 | + && pfkey_safe_build(error = pfkey_sa_ref_build(&extensions_reply[SADB_EXT_SA], | |
52587 | + SADB_EXT_SA, | |
52588 | + extr->ips->ips_said.spi, | |
52589 | + extr->ips->ips_replaywin, | |
52590 | + extr->ips->ips_state, | |
52591 | + extr->ips->ips_authalg, | |
52592 | + extr->ips->ips_encalg, | |
52593 | + extr->ips->ips_flags, | |
52594 | + extr->ips->ips_ref), | |
52595 | + extensions_reply) | |
52596 | + /* The 3 lifetime extentions should only be sent if non-zero. */ | |
52597 | + && (extensions[SADB_EXT_LIFETIME_HARD] | |
52598 | + ? pfkey_safe_build(error = pfkey_lifetime_build(&extensions_reply[SADB_EXT_LIFETIME_HARD], | |
52599 | + SADB_EXT_LIFETIME_HARD, | |
52600 | + extr->ips->ips_life.ipl_allocations.ipl_hard, | |
52601 | + extr->ips->ips_life.ipl_bytes.ipl_hard, | |
52602 | + extr->ips->ips_life.ipl_addtime.ipl_hard, | |
52603 | + extr->ips->ips_life.ipl_usetime.ipl_hard, | |
52604 | + extr->ips->ips_life.ipl_packets.ipl_hard), | |
52605 | + extensions_reply) : 1) | |
52606 | + && (extensions[SADB_EXT_LIFETIME_SOFT] | |
52607 | + ? pfkey_safe_build(error = pfkey_lifetime_build(&extensions_reply[SADB_EXT_LIFETIME_SOFT], | |
52608 | + SADB_EXT_LIFETIME_SOFT, | |
52609 | + extr->ips->ips_life.ipl_allocations.ipl_count, | |
52610 | + extr->ips->ips_life.ipl_bytes.ipl_count, | |
52611 | + extr->ips->ips_life.ipl_addtime.ipl_count, | |
52612 | + extr->ips->ips_life.ipl_usetime.ipl_count, | |
52613 | + extr->ips->ips_life.ipl_packets.ipl_count), | |
52614 | + extensions_reply) : 1) | |
52615 | + && (extr->ips->ips_life.ipl_allocations.ipl_count | |
52616 | + || extr->ips->ips_life.ipl_bytes.ipl_count | |
52617 | + || extr->ips->ips_life.ipl_addtime.ipl_count | |
52618 | + || extr->ips->ips_life.ipl_usetime.ipl_count | |
52619 | + || extr->ips->ips_life.ipl_packets.ipl_count | |
52620 | + | |
52621 | + ? pfkey_safe_build(error = pfkey_lifetime_build(&extensions_reply[SADB_EXT_LIFETIME_CURRENT], | |
52622 | + SADB_EXT_LIFETIME_CURRENT, | |
52623 | + extr->ips->ips_life.ipl_allocations.ipl_count, | |
52624 | + extr->ips->ips_life.ipl_bytes.ipl_count, | |
52625 | + extr->ips->ips_life.ipl_addtime.ipl_count, | |
52626 | + extr->ips->ips_life.ipl_usetime.ipl_count, | |
52627 | + extr->ips->ips_life.ipl_packets.ipl_count), | |
52628 | + extensions_reply) : 1) | |
52629 | + && pfkey_safe_build(error = pfkey_address_build(&extensions_reply[SADB_EXT_ADDRESS_SRC], | |
52630 | + SADB_EXT_ADDRESS_SRC, | |
52631 | + 0, /*extr->ips->ips_said.proto,*/ | |
52632 | + 0, | |
52633 | + extr->ips->ips_addr_s), | |
52634 | + extensions_reply) | |
52635 | + && pfkey_safe_build(error = pfkey_address_build(&extensions_reply[SADB_EXT_ADDRESS_DST], | |
52636 | + SADB_EXT_ADDRESS_DST, | |
52637 | + 0, /*extr->ips->ips_said.proto,*/ | |
52638 | + 0, | |
52639 | + extr->ips->ips_addr_d), | |
52640 | + extensions_reply) | |
52641 | + && (extr->ips->ips_ident_s.data | |
52642 | + ? pfkey_safe_build(error = pfkey_ident_build(&extensions_reply[SADB_EXT_IDENTITY_SRC], | |
52643 | + SADB_EXT_IDENTITY_SRC, | |
52644 | + extr->ips->ips_ident_s.type, | |
52645 | + extr->ips->ips_ident_s.id, | |
52646 | + extr->ips->ips_ident_s.len, | |
52647 | + extr->ips->ips_ident_s.data), | |
52648 | + extensions_reply) : 1) | |
52649 | + && (extr->ips->ips_ident_d.data | |
52650 | + ? pfkey_safe_build(error = pfkey_ident_build(&extensions_reply[SADB_EXT_IDENTITY_DST], | |
52651 | + SADB_EXT_IDENTITY_DST, | |
52652 | + extr->ips->ips_ident_d.type, | |
52653 | + extr->ips->ips_ident_d.id, | |
52654 | + extr->ips->ips_ident_d.len, | |
52655 | + extr->ips->ips_ident_d.data), | |
52656 | + extensions_reply) : 1) | |
52657 | +#if 0 | |
52658 | + /* FIXME: This won't work yet because I have not finished | |
52659 | + it. */ | |
52660 | + && (extr->ips->ips_sens_ | |
52661 | + ? pfkey_safe_build(error = pfkey_sens_build(&extensions_reply[SADB_EXT_SENSITIVITY], | |
52662 | + extr->ips->ips_sens_dpd, | |
52663 | + extr->ips->ips_sens_sens_level, | |
52664 | + extr->ips->ips_sens_sens_len, | |
52665 | + extr->ips->ips_sens_sens_bitmap, | |
52666 | + extr->ips->ips_sens_integ_level, | |
52667 | + extr->ips->ips_sens_integ_len, | |
52668 | + extr->ips->ips_sens_integ_bitmap), | |
52669 | + extensions_reply) : 1) | |
52670 | +#endif | |
52671 | + )) { | |
52672 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_update_parse: " | |
52673 | + "failed to build the update reply message extensions\n"); | |
52674 | + SENDERR(-error); | |
52675 | + } | |
52676 | + | |
52677 | + if((error = pfkey_msg_build(&pfkey_reply, extensions_reply, EXT_BITS_OUT))) { | |
52678 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_update_parse: " | |
52679 | + "failed to build the update reply message\n"); | |
52680 | + SENDERR(-error); | |
52681 | + } | |
52682 | + for(pfkey_socketsp = pfkey_open_sockets; | |
52683 | + pfkey_socketsp; | |
52684 | + pfkey_socketsp = pfkey_socketsp->next) { | |
52685 | + if((error = pfkey_upmsg(pfkey_socketsp->socketp, pfkey_reply))) { | |
52686 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_update_parse: " | |
52687 | + "sending up update reply message for satype=%d(%s) to socket=0p%p failed with error=%d.\n", | |
52688 | + satype, | |
52689 | + satype2name(satype), | |
52690 | + pfkey_socketsp->socketp, | |
52691 | + error); | |
52692 | + SENDERR(-error); | |
52693 | + } | |
52694 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_update_parse: " | |
52695 | + "sending up update reply message for satype=%d(%s) to socket=0p%p succeeded.\n", | |
52696 | + satype, | |
52697 | + satype2name(satype), | |
52698 | + pfkey_socketsp->socketp); | |
52699 | + } | |
52700 | + | |
52701 | +#ifdef CONFIG_IPSEC_NAT_TRAVERSAL | |
52702 | + if (nat_t_ips_saved) { | |
52703 | + /** | |
52704 | + * As we _really_ update existing SA, we keep tdbq and need to delete | |
52705 | + * parsed ips (nat_t_ips_saved, was extr->ips). | |
52706 | + * | |
52707 | + * goto errlab with extr->ips = nat_t_ips_saved will free it. | |
52708 | + */ | |
52709 | + | |
52710 | + extr->ips = nat_t_ips_saved; | |
52711 | + | |
52712 | + error = 0; | |
52713 | + KLIPS_PRINT(debug_pfkey, | |
52714 | + "klips_debug:pfkey_update_parse (NAT-T ports): " | |
52715 | + "successful for SA: %s\n", | |
52716 | + sa_len ? sa : " (error)"); | |
52717 | + | |
52718 | + goto errlab; | |
52719 | + } | |
52720 | +#endif | |
52721 | + | |
52722 | + if((error = ipsec_sa_add(extr->ips))) { | |
52723 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_update_parse: " | |
52724 | + "failed to update the mature SA=%s with error=%d.\n", | |
52725 | + sa_len ? sa : " (error)", | |
52726 | + error); | |
52727 | + SENDERR(-error); | |
52728 | + } | |
52729 | + extr->ips = NULL; | |
52730 | + | |
52731 | + KLIPS_PRINT(debug_pfkey, | |
52732 | + "klips_debug:pfkey_update_parse: " | |
52733 | + "successful for SA: %s\n", | |
52734 | + sa_len ? sa : " (error)"); | |
52735 | + | |
52736 | + errlab: | |
52737 | + if (pfkey_reply) { | |
52738 | + pfkey_msg_free(&pfkey_reply); | |
52739 | + } | |
52740 | + pfkey_extensions_free(extensions_reply); | |
52741 | + return error; | |
52742 | +} | |
52743 | + | |
52744 | +DEBUG_NO_STATIC int | |
52745 | +pfkey_add_parse(struct sock *sk, struct sadb_ext **extensions, struct pfkey_extracted_data* extr) | |
52746 | +{ | |
52747 | + int error = 0; | |
52748 | + struct ipsec_sa* ipsq; | |
52749 | + char sa[SATOT_BUF]; | |
52750 | + size_t sa_len; | |
52751 | + struct sadb_ext *extensions_reply[SADB_EXT_MAX+1]; | |
52752 | + struct sadb_msg *pfkey_reply = NULL; | |
52753 | + struct socket_list *pfkey_socketsp; | |
52754 | + uint8_t satype = ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype; | |
52755 | + | |
52756 | + KLIPS_PRINT(debug_pfkey, | |
52757 | + "klips_debug:pfkey_add_parse: .\n"); | |
52758 | + | |
52759 | + pfkey_extensions_init(extensions_reply); | |
52760 | + | |
52761 | + if(((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_state != SADB_SASTATE_MATURE) { | |
52762 | + KLIPS_PRINT(debug_pfkey, | |
52763 | + "klips_debug:pfkey_add_parse: " | |
52764 | + "error, sa_state=%d must be MATURE=%d\n", | |
52765 | + ((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_state, | |
52766 | + SADB_SASTATE_MATURE); | |
52767 | + SENDERR(EINVAL); | |
52768 | + } | |
52769 | + | |
52770 | + if(!extr || !extr->ips) { | |
52771 | + KLIPS_PRINT(debug_pfkey, | |
52772 | + "klips_debug:pfkey_add_parse: " | |
52773 | + "extr or extr->ips pointer NULL\n"); | |
52774 | + SENDERR(EINVAL); | |
52775 | + } | |
52776 | + | |
52777 | + sa_len = satot(&extr->ips->ips_said, 0, sa, sizeof(sa)); | |
52778 | + | |
52779 | + ipsq = ipsec_sa_getbyid(&(extr->ips->ips_said)); | |
52780 | + if(ipsq != NULL) { | |
52781 | + ipsec_sa_put(ipsq); | |
52782 | + KLIPS_PRINT(debug_pfkey, | |
52783 | + "klips_debug:pfkey_add_parse: " | |
52784 | + "found an old ipsec_sa for SA%s, delete it first.\n", | |
52785 | + sa_len ? sa : " (error)"); | |
52786 | + SENDERR(EEXIST); | |
52787 | + } | |
52788 | + | |
52789 | + if(inet_addr_type((unsigned long)extr->ips->ips_said.dst.u.v4.sin_addr.s_addr) == RTN_LOCAL) { | |
52790 | + extr->ips->ips_flags |= EMT_INBOUND; | |
52791 | + } | |
52792 | + | |
52793 | + KLIPS_PRINT(debug_pfkey, | |
52794 | + "klips_debug:pfkey_add_parse: " | |
52795 | + "existing ipsec_sa not found (this is good) for SA%s, %s-bound, allocating.\n", | |
52796 | + sa_len ? sa : " (error)", | |
52797 | + extr->ips->ips_flags & EMT_INBOUND ? "in" : "out"); | |
52798 | + | |
52799 | + /* XXX extr->ips->ips_rcvif = &(enc_softc[em->em_if].enc_if);*/ | |
52800 | + extr->ips->ips_rcvif = NULL; | |
52801 | + | |
52802 | + if ((error = pfkey_ipsec_sa_init(extr->ips))) { | |
52803 | + KLIPS_PRINT(debug_pfkey, | |
52804 | + "klips_debug:pfkey_add_parse: " | |
52805 | + "not successful for SA: %s, deleting.\n", | |
52806 | + sa_len ? sa : " (error)"); | |
52807 | + SENDERR(-error); | |
52808 | + } | |
52809 | + | |
52810 | + extr->ips->ips_life.ipl_addtime.ipl_count = jiffies / HZ; | |
52811 | + if(!extr->ips->ips_life.ipl_allocations.ipl_count) { | |
52812 | + extr->ips->ips_life.ipl_allocations.ipl_count += 1; | |
52813 | + } | |
52814 | + | |
52815 | + if(!(pfkey_safe_build(error = pfkey_msg_hdr_build(&extensions_reply[0], | |
52816 | + SADB_ADD, | |
52817 | + satype, | |
52818 | + 0, | |
52819 | + ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_seq, | |
52820 | + ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_pid), | |
52821 | + extensions_reply) | |
52822 | + && pfkey_safe_build(error = pfkey_sa_ref_build(&extensions_reply[SADB_EXT_SA], | |
52823 | + SADB_EXT_SA, | |
52824 | + extr->ips->ips_said.spi, | |
52825 | + extr->ips->ips_replaywin, | |
52826 | + extr->ips->ips_state, | |
52827 | + extr->ips->ips_authalg, | |
52828 | + extr->ips->ips_encalg, | |
52829 | + extr->ips->ips_flags, | |
52830 | + extr->ips->ips_ref), | |
52831 | + extensions_reply) | |
52832 | + /* The 3 lifetime extentions should only be sent if non-zero. */ | |
52833 | + && (extensions[SADB_EXT_LIFETIME_HARD] | |
52834 | + ? pfkey_safe_build(error = pfkey_lifetime_build(&extensions_reply[SADB_EXT_LIFETIME_HARD], | |
52835 | + SADB_EXT_LIFETIME_HARD, | |
52836 | + extr->ips->ips_life.ipl_allocations.ipl_hard, | |
52837 | + extr->ips->ips_life.ipl_bytes.ipl_hard, | |
52838 | + extr->ips->ips_life.ipl_addtime.ipl_hard, | |
52839 | + extr->ips->ips_life.ipl_usetime.ipl_hard, | |
52840 | + extr->ips->ips_life.ipl_packets.ipl_hard), | |
52841 | + extensions_reply) : 1) | |
52842 | + && (extensions[SADB_EXT_LIFETIME_SOFT] | |
52843 | + ? pfkey_safe_build(error = pfkey_lifetime_build(&extensions_reply[SADB_EXT_LIFETIME_SOFT], | |
52844 | + SADB_EXT_LIFETIME_SOFT, | |
52845 | + extr->ips->ips_life.ipl_allocations.ipl_soft, | |
52846 | + extr->ips->ips_life.ipl_bytes.ipl_soft, | |
52847 | + extr->ips->ips_life.ipl_addtime.ipl_soft, | |
52848 | + extr->ips->ips_life.ipl_usetime.ipl_soft, | |
52849 | + extr->ips->ips_life.ipl_packets.ipl_soft), | |
52850 | + extensions_reply) : 1) | |
52851 | + && pfkey_safe_build(error = pfkey_address_build(&extensions_reply[SADB_EXT_ADDRESS_SRC], | |
52852 | + SADB_EXT_ADDRESS_SRC, | |
52853 | + 0, /*extr->ips->ips_said.proto,*/ | |
52854 | + 0, | |
52855 | + extr->ips->ips_addr_s), | |
52856 | + extensions_reply) | |
52857 | + && pfkey_safe_build(error = pfkey_address_build(&extensions_reply[SADB_EXT_ADDRESS_DST], | |
52858 | + SADB_EXT_ADDRESS_DST, | |
52859 | + 0, /*extr->ips->ips_said.proto,*/ | |
52860 | + 0, | |
52861 | + extr->ips->ips_addr_d), | |
52862 | + extensions_reply) | |
52863 | + && (extr->ips->ips_ident_s.data | |
52864 | + ? pfkey_safe_build(error = pfkey_ident_build(&extensions_reply[SADB_EXT_IDENTITY_SRC], | |
52865 | + SADB_EXT_IDENTITY_SRC, | |
52866 | + extr->ips->ips_ident_s.type, | |
52867 | + extr->ips->ips_ident_s.id, | |
52868 | + extr->ips->ips_ident_s.len, | |
52869 | + extr->ips->ips_ident_s.data), | |
52870 | + extensions_reply) : 1) | |
52871 | + && (extr->ips->ips_ident_d.data | |
52872 | + ? pfkey_safe_build(error = pfkey_ident_build(&extensions_reply[SADB_EXT_IDENTITY_DST], | |
52873 | + SADB_EXT_IDENTITY_DST, | |
52874 | + extr->ips->ips_ident_d.type, | |
52875 | + extr->ips->ips_ident_d.id, | |
52876 | + extr->ips->ips_ident_d.len, | |
52877 | + extr->ips->ips_ident_d.data), | |
52878 | + extensions_reply) : 1) | |
52879 | +#if 0 | |
52880 | + /* FIXME: This won't work yet because I have not finished | |
52881 | + it. */ | |
52882 | + && (extr->ips->ips_sens_ | |
52883 | + ? pfkey_safe_build(error = pfkey_sens_build(&extensions_reply[SADB_EXT_SENSITIVITY], | |
52884 | + extr->ips->ips_sens_dpd, | |
52885 | + extr->ips->ips_sens_sens_level, | |
52886 | + extr->ips->ips_sens_sens_len, | |
52887 | + extr->ips->ips_sens_sens_bitmap, | |
52888 | + extr->ips->ips_sens_integ_level, | |
52889 | + extr->ips->ips_sens_integ_len, | |
52890 | + extr->ips->ips_sens_integ_bitmap), | |
52891 | + extensions_reply) : 1) | |
52892 | +#endif | |
52893 | + )) { | |
52894 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_add_parse: " | |
52895 | + "failed to build the add reply message extensions\n"); | |
52896 | + SENDERR(-error); | |
52897 | + } | |
52898 | + | |
52899 | + if((error = pfkey_msg_build(&pfkey_reply, extensions_reply, EXT_BITS_OUT))) { | |
52900 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_add_parse: " | |
52901 | + "failed to build the add reply message\n"); | |
52902 | + SENDERR(-error); | |
52903 | + } | |
52904 | + for(pfkey_socketsp = pfkey_open_sockets; | |
52905 | + pfkey_socketsp; | |
52906 | + pfkey_socketsp = pfkey_socketsp->next) { | |
52907 | + if((error = pfkey_upmsg(pfkey_socketsp->socketp, pfkey_reply))) { | |
52908 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_add_parse: " | |
52909 | + "sending up add reply message for satype=%d(%s) to socket=0p%p failed with error=%d.\n", | |
52910 | + satype, | |
52911 | + satype2name(satype), | |
52912 | + pfkey_socketsp->socketp, | |
52913 | + error); | |
52914 | + SENDERR(-error); | |
52915 | + } | |
52916 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_add_parse: " | |
52917 | + "sending up add reply message for satype=%d(%s) to socket=0p%p succeeded.\n", | |
52918 | + satype, | |
52919 | + satype2name(satype), | |
52920 | + pfkey_socketsp->socketp); | |
52921 | + } | |
52922 | + | |
52923 | + if((error = ipsec_sa_add(extr->ips))) { | |
52924 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_add_parse: " | |
52925 | + "failed to add the mature SA=%s with error=%d.\n", | |
52926 | + sa_len ? sa : " (error)", | |
52927 | + error); | |
52928 | + SENDERR(-error); | |
52929 | + } | |
52930 | + extr->ips = NULL; | |
52931 | + | |
52932 | + KLIPS_PRINT(debug_pfkey, | |
52933 | + "klips_debug:pfkey_add_parse: " | |
52934 | + "successful for SA: %s\n", | |
52935 | + sa_len ? sa : " (error)"); | |
52936 | + | |
52937 | + errlab: | |
52938 | + if (pfkey_reply) { | |
52939 | + pfkey_msg_free(&pfkey_reply); | |
52940 | + } | |
52941 | + pfkey_extensions_free(extensions_reply); | |
52942 | + return error; | |
52943 | +} | |
52944 | + | |
52945 | +DEBUG_NO_STATIC int | |
52946 | +pfkey_delete_parse(struct sock *sk, struct sadb_ext **extensions, struct pfkey_extracted_data* extr) | |
52947 | +{ | |
52948 | + struct ipsec_sa *ipsp; | |
52949 | + char sa[SATOT_BUF]; | |
52950 | + size_t sa_len; | |
52951 | + int error = 0; | |
52952 | + struct sadb_ext *extensions_reply[SADB_EXT_MAX+1]; | |
52953 | + struct sadb_msg *pfkey_reply = NULL; | |
52954 | + struct socket_list *pfkey_socketsp; | |
52955 | + uint8_t satype = ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype; | |
52956 | + | |
52957 | + KLIPS_PRINT(debug_pfkey, | |
52958 | + "klips_debug:pfkey_delete_parse: .\n"); | |
52959 | + | |
52960 | + pfkey_extensions_init(extensions_reply); | |
52961 | + | |
52962 | + if(!extr || !extr->ips) { | |
52963 | + KLIPS_PRINT(debug_pfkey, | |
52964 | + "klips_debug:pfkey_delete_parse: " | |
52965 | + "extr or extr->ips pointer NULL, fatal\n"); | |
52966 | + SENDERR(EINVAL); | |
52967 | + } | |
52968 | + | |
52969 | + sa_len = satot(&extr->ips->ips_said, 0, sa, sizeof(sa)); | |
52970 | + | |
52971 | + spin_lock_bh(&tdb_lock); | |
52972 | + | |
52973 | + ipsp = ipsec_sa_getbyid(&(extr->ips->ips_said)); | |
52974 | + if (ipsp == NULL) { | |
52975 | + spin_unlock_bh(&tdb_lock); | |
52976 | + KLIPS_PRINT(debug_pfkey, | |
52977 | + "klips_debug:pfkey_delete_parse: " | |
52978 | + "ipsec_sa not found for SA:%s, could not delete.\n", | |
52979 | + sa_len ? sa : " (error)"); | |
52980 | + SENDERR(ESRCH); | |
52981 | + } | |
52982 | + | |
52983 | + ipsec_sa_put(ipsp); | |
52984 | + if((error = ipsec_sa_delchain(ipsp))) { | |
52985 | + spin_unlock_bh(&tdb_lock); | |
52986 | + KLIPS_PRINT(debug_pfkey, | |
52987 | + "klips_debug:pfkey_delete_parse: " | |
52988 | + "error=%d returned trying to delete ipsec_sa for SA:%s.\n", | |
52989 | + error, | |
52990 | + sa_len ? sa : " (error)"); | |
52991 | + SENDERR(-error); | |
52992 | + } | |
52993 | + spin_unlock_bh(&tdb_lock); | |
52994 | + | |
52995 | + if(!(pfkey_safe_build(error = pfkey_msg_hdr_build(&extensions_reply[0], | |
52996 | + SADB_DELETE, | |
52997 | + satype, | |
52998 | + 0, | |
52999 | + ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_seq, | |
53000 | + ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_pid), | |
53001 | + extensions_reply) | |
53002 | + && pfkey_safe_build(error = pfkey_sa_ref_build(&extensions_reply[SADB_EXT_SA], | |
53003 | + SADB_EXT_SA, | |
53004 | + extr->ips->ips_said.spi, | |
53005 | + 0, | |
53006 | + 0, | |
53007 | + 0, | |
53008 | + 0, | |
53009 | + 0, | |
53010 | + extr->ips->ips_ref), | |
53011 | + extensions_reply) | |
53012 | + && pfkey_safe_build(error = pfkey_address_build(&extensions_reply[SADB_EXT_ADDRESS_SRC], | |
53013 | + SADB_EXT_ADDRESS_SRC, | |
53014 | + 0, /*extr->ips->ips_said.proto,*/ | |
53015 | + 0, | |
53016 | + extr->ips->ips_addr_s), | |
53017 | + extensions_reply) | |
53018 | + && pfkey_safe_build(error = pfkey_address_build(&extensions_reply[SADB_EXT_ADDRESS_DST], | |
53019 | + SADB_EXT_ADDRESS_DST, | |
53020 | + 0, /*extr->ips->ips_said.proto,*/ | |
53021 | + 0, | |
53022 | + extr->ips->ips_addr_d), | |
53023 | + extensions_reply) | |
53024 | + )) { | |
53025 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_delete_parse: " | |
53026 | + "failed to build the delete reply message extensions\n"); | |
53027 | + SENDERR(-error); | |
53028 | + } | |
53029 | + | |
53030 | + if((error = pfkey_msg_build(&pfkey_reply, extensions_reply, EXT_BITS_OUT))) { | |
53031 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_delete_parse: " | |
53032 | + "failed to build the delete reply message\n"); | |
53033 | + SENDERR(-error); | |
53034 | + } | |
53035 | + for(pfkey_socketsp = pfkey_open_sockets; | |
53036 | + pfkey_socketsp; | |
53037 | + pfkey_socketsp = pfkey_socketsp->next) { | |
53038 | + if((error = pfkey_upmsg(pfkey_socketsp->socketp, pfkey_reply))) { | |
53039 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_delete_parse: " | |
53040 | + "sending up delete reply message for satype=%d(%s) to socket=0p%p failed with error=%d.\n", | |
53041 | + satype, | |
53042 | + satype2name(satype), | |
53043 | + pfkey_socketsp->socketp, | |
53044 | + error); | |
53045 | + SENDERR(-error); | |
53046 | + } | |
53047 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_delete_parse: " | |
53048 | + "sending up delete reply message for satype=%d(%s) to socket=0p%p succeeded.\n", | |
53049 | + satype, | |
53050 | + satype2name(satype), | |
53051 | + pfkey_socketsp->socketp); | |
53052 | + } | |
53053 | + | |
53054 | + errlab: | |
53055 | + if (pfkey_reply) { | |
53056 | + pfkey_msg_free(&pfkey_reply); | |
53057 | + } | |
53058 | + pfkey_extensions_free(extensions_reply); | |
53059 | + return error; | |
53060 | +} | |
53061 | + | |
53062 | +DEBUG_NO_STATIC int | |
53063 | +pfkey_get_parse(struct sock *sk, struct sadb_ext **extensions, struct pfkey_extracted_data* extr) | |
53064 | +{ | |
53065 | + int error = 0; | |
53066 | + struct ipsec_sa *ipsp; | |
53067 | + char sa[SATOT_BUF]; | |
53068 | + size_t sa_len; | |
53069 | + struct sadb_ext *extensions_reply[SADB_EXT_MAX+1]; | |
53070 | + struct sadb_msg *pfkey_reply = NULL; | |
53071 | + | |
53072 | + KLIPS_PRINT(debug_pfkey, | |
53073 | + "klips_debug:pfkey_get_parse: .\n"); | |
53074 | + | |
53075 | + pfkey_extensions_init(extensions_reply); | |
53076 | + | |
53077 | + if(!extr || !extr->ips) { | |
53078 | + KLIPS_PRINT(debug_pfkey, | |
53079 | + "klips_debug:pfkey_get_parse: " | |
53080 | + "extr or extr->ips pointer NULL, fatal\n"); | |
53081 | + SENDERR(EINVAL); | |
53082 | + } | |
53083 | + | |
53084 | + sa_len = satot(&extr->ips->ips_said, 0, sa, sizeof(sa)); | |
53085 | + | |
53086 | + spin_lock_bh(&tdb_lock); | |
53087 | + | |
53088 | + ipsp = ipsec_sa_getbyid(&(extr->ips->ips_said)); | |
53089 | + if (ipsp == NULL) { | |
53090 | + spin_unlock_bh(&tdb_lock); | |
53091 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_get_parse: " | |
53092 | + "ipsec_sa not found for SA=%s, could not get.\n", | |
53093 | + sa_len ? sa : " (error)"); | |
53094 | + SENDERR(ESRCH); | |
53095 | + } | |
53096 | + | |
53097 | + if(!(pfkey_safe_build(error = pfkey_msg_hdr_build(&extensions_reply[0], | |
53098 | + SADB_GET, | |
53099 | + ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype, | |
53100 | + 0, | |
53101 | + ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_seq, | |
53102 | + ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_pid), | |
53103 | + extensions_reply) | |
53104 | + && pfkey_safe_build(error = pfkey_sa_ref_build(&extensions_reply[SADB_EXT_SA], | |
53105 | + SADB_EXT_SA, | |
53106 | + extr->ips->ips_said.spi, | |
53107 | + extr->ips->ips_replaywin, | |
53108 | + extr->ips->ips_state, | |
53109 | + extr->ips->ips_authalg, | |
53110 | + extr->ips->ips_encalg, | |
53111 | + extr->ips->ips_flags, | |
53112 | + extr->ips->ips_ref), | |
53113 | + extensions_reply) | |
53114 | + /* The 3 lifetime extentions should only be sent if non-zero. */ | |
53115 | + && (ipsp->ips_life.ipl_allocations.ipl_count | |
53116 | + || ipsp->ips_life.ipl_bytes.ipl_count | |
53117 | + || ipsp->ips_life.ipl_addtime.ipl_count | |
53118 | + || ipsp->ips_life.ipl_usetime.ipl_count | |
53119 | + || ipsp->ips_life.ipl_packets.ipl_count | |
53120 | + ? pfkey_safe_build(error = pfkey_lifetime_build(&extensions_reply[SADB_EXT_LIFETIME_CURRENT], | |
53121 | + SADB_EXT_LIFETIME_CURRENT, | |
53122 | + ipsp->ips_life.ipl_allocations.ipl_count, | |
53123 | + ipsp->ips_life.ipl_bytes.ipl_count, | |
53124 | + ipsp->ips_life.ipl_addtime.ipl_count, | |
53125 | + ipsp->ips_life.ipl_usetime.ipl_count, | |
53126 | + ipsp->ips_life.ipl_packets.ipl_count), | |
53127 | + extensions_reply) : 1) | |
53128 | + && (ipsp->ips_life.ipl_allocations.ipl_hard | |
53129 | + || ipsp->ips_life.ipl_bytes.ipl_hard | |
53130 | + || ipsp->ips_life.ipl_addtime.ipl_hard | |
53131 | + || ipsp->ips_life.ipl_usetime.ipl_hard | |
53132 | + || ipsp->ips_life.ipl_packets.ipl_hard | |
53133 | + ? pfkey_safe_build(error = pfkey_lifetime_build(&extensions_reply[SADB_EXT_LIFETIME_HARD], | |
53134 | + SADB_EXT_LIFETIME_HARD, | |
53135 | + ipsp->ips_life.ipl_allocations.ipl_hard, | |
53136 | + ipsp->ips_life.ipl_bytes.ipl_hard, | |
53137 | + ipsp->ips_life.ipl_addtime.ipl_hard, | |
53138 | + ipsp->ips_life.ipl_usetime.ipl_hard, | |
53139 | + ipsp->ips_life.ipl_packets.ipl_hard), | |
53140 | + extensions_reply) : 1) | |
53141 | + && (ipsp->ips_life.ipl_allocations.ipl_soft | |
53142 | + || ipsp->ips_life.ipl_bytes.ipl_soft | |
53143 | + || ipsp->ips_life.ipl_addtime.ipl_soft | |
53144 | + || ipsp->ips_life.ipl_usetime.ipl_soft | |
53145 | + || ipsp->ips_life.ipl_packets.ipl_soft | |
53146 | + ? pfkey_safe_build(error = pfkey_lifetime_build(&extensions_reply[SADB_EXT_LIFETIME_SOFT], | |
53147 | + SADB_EXT_LIFETIME_SOFT, | |
53148 | + ipsp->ips_life.ipl_allocations.ipl_soft, | |
53149 | + ipsp->ips_life.ipl_bytes.ipl_soft, | |
53150 | + ipsp->ips_life.ipl_addtime.ipl_soft, | |
53151 | + ipsp->ips_life.ipl_usetime.ipl_soft, | |
53152 | + ipsp->ips_life.ipl_packets.ipl_soft), | |
53153 | + extensions_reply) : 1) | |
53154 | + && pfkey_safe_build(error = pfkey_address_build(&extensions_reply[SADB_EXT_ADDRESS_SRC], | |
53155 | + SADB_EXT_ADDRESS_SRC, | |
53156 | + 0, /*extr->ips->ips_said.proto,*/ | |
53157 | + 0, | |
53158 | + extr->ips->ips_addr_s), | |
53159 | + extensions_reply) | |
53160 | + && pfkey_safe_build(error = pfkey_address_build(&extensions_reply[SADB_EXT_ADDRESS_DST], | |
53161 | + SADB_EXT_ADDRESS_DST, | |
53162 | + 0, /*extr->ips->ips_said.proto,*/ | |
53163 | + 0, | |
53164 | + extr->ips->ips_addr_d), | |
53165 | + extensions_reply) | |
53166 | + && (extr->ips->ips_addr_p | |
53167 | + ? pfkey_safe_build(error = pfkey_address_build(&extensions_reply[SADB_EXT_ADDRESS_PROXY], | |
53168 | + SADB_EXT_ADDRESS_PROXY, | |
53169 | + 0, /*extr->ips->ips_said.proto,*/ | |
53170 | + 0, | |
53171 | + extr->ips->ips_addr_p), | |
53172 | + extensions_reply) : 1) | |
53173 | +#if 0 | |
53174 | + /* FIXME: This won't work yet because the keys are not | |
53175 | + stored directly in the ipsec_sa. They are stored as | |
53176 | + contexts. */ | |
53177 | + && (extr->ips->ips_key_a_size | |
53178 | + ? pfkey_safe_build(error = pfkey_key_build(&extensions_reply[SADB_EXT_KEY_AUTH], | |
53179 | + SADB_EXT_KEY_AUTH, | |
53180 | + extr->ips->ips_key_a_size * 8, | |
53181 | + extr->ips->ips_key_a), | |
53182 | + extensions_reply) : 1) | |
53183 | + /* FIXME: This won't work yet because the keys are not | |
53184 | + stored directly in the ipsec_sa. They are stored as | |
53185 | + key schedules. */ | |
53186 | + && (extr->ips->ips_key_e_size | |
53187 | + ? pfkey_safe_build(error = pfkey_key_build(&extensions_reply[SADB_EXT_KEY_ENCRYPT], | |
53188 | + SADB_EXT_KEY_ENCRYPT, | |
53189 | + extr->ips->ips_key_e_size * 8, | |
53190 | + extr->ips->ips_key_e), | |
53191 | + extensions_reply) : 1) | |
53192 | +#endif | |
53193 | + && (extr->ips->ips_ident_s.data | |
53194 | + ? pfkey_safe_build(error = pfkey_ident_build(&extensions_reply[SADB_EXT_IDENTITY_SRC], | |
53195 | + SADB_EXT_IDENTITY_SRC, | |
53196 | + extr->ips->ips_ident_s.type, | |
53197 | + extr->ips->ips_ident_s.id, | |
53198 | + extr->ips->ips_ident_s.len, | |
53199 | + extr->ips->ips_ident_s.data), | |
53200 | + extensions_reply) : 1) | |
53201 | + && (extr->ips->ips_ident_d.data | |
53202 | + ? pfkey_safe_build(error = pfkey_ident_build(&extensions_reply[SADB_EXT_IDENTITY_DST], | |
53203 | + SADB_EXT_IDENTITY_DST, | |
53204 | + extr->ips->ips_ident_d.type, | |
53205 | + extr->ips->ips_ident_d.id, | |
53206 | + extr->ips->ips_ident_d.len, | |
53207 | + extr->ips->ips_ident_d.data), | |
53208 | + extensions_reply) : 1) | |
53209 | +#if 0 | |
53210 | + /* FIXME: This won't work yet because I have not finished | |
53211 | + it. */ | |
53212 | + && (extr->ips->ips_sens_ | |
53213 | + ? pfkey_safe_build(error = pfkey_sens_build(&extensions_reply[SADB_EXT_SENSITIVITY], | |
53214 | + extr->ips->ips_sens_dpd, | |
53215 | + extr->ips->ips_sens_sens_level, | |
53216 | + extr->ips->ips_sens_sens_len, | |
53217 | + extr->ips->ips_sens_sens_bitmap, | |
53218 | + extr->ips->ips_sens_integ_level, | |
53219 | + extr->ips->ips_sens_integ_len, | |
53220 | + extr->ips->ips_sens_integ_bitmap), | |
53221 | + extensions_reply) : 1) | |
53222 | +#endif | |
53223 | + )) { | |
53224 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_get_parse: " | |
53225 | + "failed to build the get reply message extensions\n"); | |
53226 | + ipsec_sa_put(ipsp); | |
53227 | + spin_unlock_bh(&tdb_lock); | |
53228 | + SENDERR(-error); | |
53229 | + } | |
53230 | + | |
53231 | + ipsec_sa_put(ipsp); | |
53232 | + spin_unlock_bh(&tdb_lock); | |
53233 | + | |
53234 | + if((error = pfkey_msg_build(&pfkey_reply, extensions_reply, EXT_BITS_OUT))) { | |
53235 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_get_parse: " | |
53236 | + "failed to build the get reply message\n"); | |
53237 | + SENDERR(-error); | |
53238 | + } | |
53239 | + | |
53240 | + if((error = pfkey_upmsg(sk->sk_socket, pfkey_reply))) { | |
53241 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_get_parse: " | |
53242 | + "failed to send the get reply message\n"); | |
53243 | + SENDERR(-error); | |
53244 | + } | |
53245 | + | |
53246 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_get_parse: " | |
53247 | + "succeeded in sending get reply message.\n"); | |
53248 | + | |
53249 | + errlab: | |
53250 | + if (pfkey_reply) { | |
53251 | + pfkey_msg_free(&pfkey_reply); | |
53252 | + } | |
53253 | + pfkey_extensions_free(extensions_reply); | |
53254 | + return error; | |
53255 | +} | |
53256 | + | |
53257 | +DEBUG_NO_STATIC int | |
53258 | +pfkey_acquire_parse(struct sock *sk, struct sadb_ext **extensions, struct pfkey_extracted_data* extr) | |
53259 | +{ | |
53260 | + int error = 0; | |
53261 | + struct socket_list *pfkey_socketsp; | |
53262 | + uint8_t satype = ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype; | |
53263 | + | |
53264 | + KLIPS_PRINT(debug_pfkey, | |
53265 | + "klips_debug:pfkey_acquire_parse: .\n"); | |
53266 | + | |
53267 | + /* XXX I don't know if we want an upper bound, since userspace may | |
53268 | + want to register itself for an satype > SADB_SATYPE_MAX. */ | |
53269 | + if((satype == 0) || (satype > SADB_SATYPE_MAX)) { | |
53270 | + KLIPS_PRINT(debug_pfkey, | |
53271 | + "klips_debug:pfkey_acquire_parse: " | |
53272 | + "SATYPE=%d invalid.\n", | |
53273 | + satype); | |
53274 | + SENDERR(EINVAL); | |
53275 | + } | |
53276 | + | |
53277 | + if(!(pfkey_registered_sockets[satype])) { | |
53278 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_acquire_parse: " | |
53279 | + "no sockets registered for SAtype=%d(%s).\n", | |
53280 | + satype, | |
53281 | + satype2name(satype)); | |
53282 | + SENDERR(EPROTONOSUPPORT); | |
53283 | + } | |
53284 | + | |
53285 | + for(pfkey_socketsp = pfkey_registered_sockets[satype]; | |
53286 | + pfkey_socketsp; | |
53287 | + pfkey_socketsp = pfkey_socketsp->next) { | |
53288 | + if((error = pfkey_upmsg(pfkey_socketsp->socketp, | |
53289 | + ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])))) { | |
53290 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_acquire_parse: " | |
53291 | + "sending up acquire reply message for satype=%d(%s) to socket=0p%p failed with error=%d.\n", | |
53292 | + satype, | |
53293 | + satype2name(satype), | |
53294 | + pfkey_socketsp->socketp, | |
53295 | + error); | |
53296 | + SENDERR(-error); | |
53297 | + } | |
53298 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_acquire_parse: " | |
53299 | + "sending up acquire reply message for satype=%d(%s) to socket=0p%p succeeded.\n", | |
53300 | + satype, | |
53301 | + satype2name(satype), | |
53302 | + pfkey_socketsp->socketp); | |
53303 | + } | |
53304 | + | |
53305 | + errlab: | |
53306 | + return error; | |
53307 | +} | |
53308 | + | |
53309 | +DEBUG_NO_STATIC int | |
53310 | +pfkey_register_parse(struct sock *sk, struct sadb_ext **extensions, struct pfkey_extracted_data* extr) | |
53311 | +{ | |
53312 | + int error = 0; | |
53313 | + uint8_t satype = ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype; | |
53314 | + | |
53315 | + KLIPS_PRINT(debug_pfkey, | |
53316 | + "klips_debug:pfkey_register_parse: .\n"); | |
53317 | + | |
53318 | + /* XXX I don't know if we want an upper bound, since userspace may | |
53319 | + want to register itself for an satype > SADB_SATYPE_MAX. */ | |
53320 | + if((satype == 0) || (satype > SADB_SATYPE_MAX)) { | |
53321 | + KLIPS_PRINT(debug_pfkey, | |
53322 | + "klips_debug:pfkey_register_parse: " | |
53323 | + "SATYPE=%d invalid.\n", | |
53324 | + satype); | |
53325 | + SENDERR(EINVAL); | |
53326 | + } | |
53327 | + | |
53328 | + if(!pfkey_list_insert_socket(sk->sk_socket, | |
53329 | + &(pfkey_registered_sockets[satype]))) { | |
53330 | + KLIPS_PRINT(debug_pfkey, | |
53331 | + "klips_debug:pfkey_register_parse: " | |
53332 | + "SATYPE=%02d(%s) successfully registered by KMd (pid=%d).\n", | |
53333 | + satype, | |
53334 | + satype2name(satype), | |
53335 | + key_pid(sk)); | |
53336 | + }; | |
53337 | + | |
53338 | + /* send up register msg with supported SATYPE algos */ | |
53339 | + | |
53340 | + error=pfkey_register_reply(satype, (struct sadb_msg*)extensions[SADB_EXT_RESERVED]); | |
53341 | + errlab: | |
53342 | + return error; | |
53343 | +} | |
53344 | + | |
53345 | +int | |
53346 | +pfkey_register_reply(int satype, struct sadb_msg *sadb_msg) | |
53347 | +{ | |
53348 | + struct sadb_ext *extensions_reply[SADB_EXT_MAX+1]; | |
53349 | + struct sadb_msg *pfkey_reply = NULL; | |
53350 | + struct socket_list *pfkey_socketsp; | |
53351 | + struct supported_list *pfkey_supported_listp; | |
53352 | + unsigned int alg_num_a = 0, alg_num_e = 0; | |
53353 | + struct sadb_alg *alg_a = NULL, *alg_e = NULL, *alg_ap = NULL, *alg_ep = NULL; | |
53354 | + int error = 0; | |
53355 | + | |
53356 | + pfkey_extensions_init(extensions_reply); | |
53357 | + | |
53358 | + if((satype == 0) || (satype > SADB_SATYPE_MAX)) { | |
53359 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_register_reply: " | |
53360 | + "SAtype=%d unspecified or unknown.\n", | |
53361 | + satype); | |
53362 | + SENDERR(EINVAL); | |
53363 | + } | |
53364 | + if(!(pfkey_registered_sockets[satype])) { | |
53365 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_register_reply: " | |
53366 | + "no sockets registered for SAtype=%d(%s).\n", | |
53367 | + satype, | |
53368 | + satype2name(satype)); | |
53369 | + SENDERR(EPROTONOSUPPORT); | |
53370 | + } | |
53371 | + /* send up register msg with supported SATYPE algos */ | |
53372 | + pfkey_supported_listp = pfkey_supported_list[satype]; | |
53373 | + KLIPS_PRINT(debug_pfkey, | |
53374 | + "klips_debug:pfkey_register_reply: " | |
53375 | + "pfkey_supported_list[%d]=0p%p\n", | |
53376 | + satype, | |
53377 | + pfkey_supported_list[satype]); | |
53378 | + while(pfkey_supported_listp) { | |
53379 | + KLIPS_PRINT(debug_pfkey, | |
53380 | + "klips_debug:pfkey_register_reply: " | |
53381 | + "checking supported=0p%p\n", | |
53382 | + pfkey_supported_listp); | |
53383 | + if(pfkey_supported_listp->supportedp->ias_exttype == SADB_EXT_SUPPORTED_AUTH) { | |
53384 | + KLIPS_PRINT(debug_pfkey, | |
53385 | + "klips_debug:pfkey_register_reply: " | |
53386 | + "adding auth alg.\n"); | |
53387 | + alg_num_a++; | |
53388 | + } | |
53389 | + if(pfkey_supported_listp->supportedp->ias_exttype == SADB_EXT_SUPPORTED_ENCRYPT) { | |
53390 | + KLIPS_PRINT(debug_pfkey, | |
53391 | + "klips_debug:pfkey_register_reply: " | |
53392 | + "adding encrypt alg.\n"); | |
53393 | + alg_num_e++; | |
53394 | + } | |
53395 | + pfkey_supported_listp = pfkey_supported_listp->next; | |
53396 | + } | |
53397 | + | |
53398 | + if(alg_num_a) { | |
53399 | + KLIPS_PRINT(debug_pfkey, | |
53400 | + "klips_debug:pfkey_register_reply: " | |
53401 | + "allocating %lu bytes for auth algs.\n", | |
53402 | + (unsigned long) (alg_num_a * sizeof(struct sadb_alg))); | |
53403 | + if((alg_a = kmalloc(alg_num_a * sizeof(struct sadb_alg), GFP_ATOMIC) ) == NULL) { | |
53404 | + KLIPS_PRINT(debug_pfkey, | |
53405 | + "klips_debug:pfkey_register_reply: " | |
53406 | + "auth alg memory allocation error\n"); | |
53407 | + SENDERR(ENOMEM); | |
53408 | + } | |
53409 | + alg_ap = alg_a; | |
53410 | + } | |
53411 | + | |
53412 | + if(alg_num_e) { | |
53413 | + KLIPS_PRINT(debug_pfkey, | |
53414 | + "klips_debug:pfkey_register_reply: " | |
53415 | + "allocating %lu bytes for enc algs.\n", | |
53416 | + (unsigned long) (alg_num_e * sizeof(struct sadb_alg))); | |
53417 | + if((alg_e = kmalloc(alg_num_e * sizeof(struct sadb_alg), GFP_ATOMIC) ) == NULL) { | |
53418 | + KLIPS_PRINT(debug_pfkey, | |
53419 | + "klips_debug:pfkey_register_reply: " | |
53420 | + "enc alg memory allocation error\n"); | |
53421 | + SENDERR(ENOMEM); | |
53422 | + } | |
53423 | + alg_ep = alg_e; | |
53424 | + } | |
53425 | + | |
53426 | + pfkey_supported_listp = pfkey_supported_list[satype]; | |
53427 | + while(pfkey_supported_listp) { | |
53428 | + if(alg_num_a) { | |
53429 | + if(pfkey_supported_listp->supportedp->ias_exttype == SADB_EXT_SUPPORTED_AUTH) { | |
53430 | + alg_ap->sadb_alg_id = pfkey_supported_listp->supportedp->ias_id; | |
53431 | + alg_ap->sadb_alg_ivlen = pfkey_supported_listp->supportedp->ias_ivlen; | |
53432 | + alg_ap->sadb_alg_minbits = pfkey_supported_listp->supportedp->ias_keyminbits; | |
53433 | + alg_ap->sadb_alg_maxbits = pfkey_supported_listp->supportedp->ias_keymaxbits; | |
53434 | + alg_ap->sadb_alg_reserved = 0; | |
53435 | + KLIPS_PRINT(debug_pfkey && sysctl_ipsec_debug_verbose, | |
53436 | + "klips_debug:pfkey_register_reply: " | |
53437 | + "adding auth=0p%p\n", | |
53438 | + alg_ap); | |
53439 | + alg_ap++; | |
53440 | + } | |
53441 | + } | |
53442 | + if(alg_num_e) { | |
53443 | + if(pfkey_supported_listp->supportedp->ias_exttype == SADB_EXT_SUPPORTED_ENCRYPT) { | |
53444 | + alg_ep->sadb_alg_id = pfkey_supported_listp->supportedp->ias_id; | |
53445 | + alg_ep->sadb_alg_ivlen = pfkey_supported_listp->supportedp->ias_ivlen; | |
53446 | + alg_ep->sadb_alg_minbits = pfkey_supported_listp->supportedp->ias_keyminbits; | |
53447 | + alg_ep->sadb_alg_maxbits = pfkey_supported_listp->supportedp->ias_keymaxbits; | |
53448 | + alg_ep->sadb_alg_reserved = 0; | |
53449 | + KLIPS_PRINT(debug_pfkey && sysctl_ipsec_debug_verbose, | |
53450 | + "klips_debug:pfkey_register_reply: " | |
53451 | + "adding encrypt=0p%p\n", | |
53452 | + alg_ep); | |
53453 | + alg_ep++; | |
53454 | + } | |
53455 | + } | |
53456 | + KLIPS_PRINT(debug_pfkey, | |
53457 | + "klips_debug:pfkey_register_reply: " | |
53458 | + "found satype=%d(%s) exttype=%d id=%d ivlen=%d minbits=%d maxbits=%d.\n", | |
53459 | + satype, | |
53460 | + satype2name(satype), | |
53461 | + pfkey_supported_listp->supportedp->ias_exttype, | |
53462 | + pfkey_supported_listp->supportedp->ias_id, | |
53463 | + pfkey_supported_listp->supportedp->ias_ivlen, | |
53464 | + pfkey_supported_listp->supportedp->ias_keyminbits, | |
53465 | + pfkey_supported_listp->supportedp->ias_keymaxbits); | |
53466 | + pfkey_supported_listp = pfkey_supported_listp->next; | |
53467 | + } | |
53468 | + | |
53469 | + if(!(pfkey_safe_build(error = pfkey_msg_hdr_build(&extensions_reply[0], | |
53470 | + SADB_REGISTER, | |
53471 | + satype, | |
53472 | + 0, | |
53473 | + sadb_msg? sadb_msg->sadb_msg_seq : ++pfkey_msg_seq, | |
53474 | + sadb_msg? sadb_msg->sadb_msg_pid: current->pid), | |
53475 | + extensions_reply) && | |
53476 | + (alg_num_a ? pfkey_safe_build(error = pfkey_supported_build(&extensions_reply[SADB_EXT_SUPPORTED_AUTH], | |
53477 | + SADB_EXT_SUPPORTED_AUTH, | |
53478 | + alg_num_a, | |
53479 | + alg_a), | |
53480 | + extensions_reply) : 1) && | |
53481 | + (alg_num_e ? pfkey_safe_build(error = pfkey_supported_build(&extensions_reply[SADB_EXT_SUPPORTED_ENCRYPT], | |
53482 | + SADB_EXT_SUPPORTED_ENCRYPT, | |
53483 | + alg_num_e, | |
53484 | + alg_e), | |
53485 | + extensions_reply) : 1))) { | |
53486 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_register_reply: " | |
53487 | + "failed to build the register message extensions_reply\n"); | |
53488 | + SENDERR(-error); | |
53489 | + } | |
53490 | + | |
53491 | + if((error = pfkey_msg_build(&pfkey_reply, extensions_reply, EXT_BITS_OUT))) { | |
53492 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_register_reply: " | |
53493 | + "failed to build the register message\n"); | |
53494 | + SENDERR(-error); | |
53495 | + } | |
53496 | + /* this should go to all registered sockets for that satype only */ | |
53497 | + for(pfkey_socketsp = pfkey_registered_sockets[satype]; | |
53498 | + pfkey_socketsp; | |
53499 | + pfkey_socketsp = pfkey_socketsp->next) { | |
53500 | + if((error = pfkey_upmsg(pfkey_socketsp->socketp, pfkey_reply))) { | |
53501 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_register_reply: " | |
53502 | + "sending up acquire message for satype=%d(%s) to socket=0p%p failed with error=%d.\n", | |
53503 | + satype, | |
53504 | + satype2name(satype), | |
53505 | + pfkey_socketsp->socketp, | |
53506 | + error); | |
53507 | + SENDERR(-error); | |
53508 | + } | |
53509 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_register_reply: " | |
53510 | + "sending up register message for satype=%d(%s) to socket=0p%p succeeded.\n", | |
53511 | + satype, | |
53512 | + satype2name(satype), | |
53513 | + pfkey_socketsp->socketp); | |
53514 | + } | |
53515 | + | |
53516 | + errlab: | |
53517 | + if(alg_a) { | |
53518 | + kfree(alg_a); | |
53519 | + } | |
53520 | + if(alg_e) { | |
53521 | + kfree(alg_e); | |
53522 | + } | |
53523 | + | |
53524 | + if (pfkey_reply) { | |
53525 | + pfkey_msg_free(&pfkey_reply); | |
53526 | + } | |
53527 | + pfkey_extensions_free(extensions_reply); | |
53528 | + return error; | |
53529 | +} | |
53530 | + | |
53531 | +DEBUG_NO_STATIC int | |
53532 | +pfkey_expire_parse(struct sock *sk, struct sadb_ext **extensions, struct pfkey_extracted_data* extr) | |
53533 | +{ | |
53534 | + int error = 0; | |
53535 | + struct socket_list *pfkey_socketsp; | |
53536 | +#ifdef CONFIG_KLIPS_DEBUG | |
53537 | + uint8_t satype = ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype; | |
53538 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
53539 | + | |
53540 | + KLIPS_PRINT(debug_pfkey, | |
53541 | + "klips_debug:pfkey_expire_parse: .\n"); | |
53542 | + | |
53543 | + if(pfkey_open_sockets) { | |
53544 | + for(pfkey_socketsp = pfkey_open_sockets; | |
53545 | + pfkey_socketsp; | |
53546 | + pfkey_socketsp = pfkey_socketsp->next) { | |
53547 | + if((error = pfkey_upmsg(pfkey_socketsp->socketp, | |
53548 | + ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])))) { | |
53549 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_expire_parse: " | |
53550 | + "sending up expire reply message for satype=%d(%s) to socket=0p%p failed with error=%d.\n", | |
53551 | + satype, | |
53552 | + satype2name(satype), | |
53553 | + pfkey_socketsp->socketp, | |
53554 | + error); | |
53555 | + SENDERR(-error); | |
53556 | + } | |
53557 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_expire_parse: " | |
53558 | + "sending up expire reply message for satype=%d(%s) to socket=0p%p succeeded.\n", | |
53559 | + satype, | |
53560 | + satype2name(satype), | |
53561 | + pfkey_socketsp->socketp); | |
53562 | + } | |
53563 | + } | |
53564 | + | |
53565 | + errlab: | |
53566 | + return error; | |
53567 | +} | |
53568 | + | |
53569 | +DEBUG_NO_STATIC int | |
53570 | +pfkey_flush_parse(struct sock *sk, struct sadb_ext **extensions, struct pfkey_extracted_data* extr) | |
53571 | +{ | |
53572 | + int error = 0; | |
53573 | + struct socket_list *pfkey_socketsp; | |
53574 | + uint8_t satype = ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype; | |
53575 | + uint8_t proto = 0; | |
53576 | + | |
53577 | + KLIPS_PRINT(debug_pfkey, | |
53578 | + "klips_debug:pfkey_flush_parse: " | |
53579 | + "flushing type %d SAs\n", | |
53580 | + satype); | |
53581 | + | |
53582 | + if(satype && !(proto = satype2proto(satype))) { | |
53583 | + KLIPS_PRINT(debug_pfkey, | |
53584 | + "klips_debug:pfkey_flush_parse: " | |
53585 | + "satype %d lookup failed.\n", | |
53586 | + ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype); | |
53587 | + SENDERR(EINVAL); | |
53588 | + } | |
53589 | + | |
53590 | + if ((error = ipsec_sadb_cleanup(proto))) { | |
53591 | + SENDERR(-error); | |
53592 | + } | |
53593 | + | |
53594 | + if(pfkey_open_sockets) { | |
53595 | + for(pfkey_socketsp = pfkey_open_sockets; | |
53596 | + pfkey_socketsp; | |
53597 | + pfkey_socketsp = pfkey_socketsp->next) { | |
53598 | + if((error = pfkey_upmsg(pfkey_socketsp->socketp, | |
53599 | + ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])))) { | |
53600 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_flush_parse: " | |
53601 | + "sending up flush reply message for satype=%d(%s) (proto=%d) to socket=0p%p failed with error=%d.\n", | |
53602 | + satype, | |
53603 | + satype2name(satype), | |
53604 | + proto, | |
53605 | + pfkey_socketsp->socketp, | |
53606 | + error); | |
53607 | + SENDERR(-error); | |
53608 | + } | |
53609 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_flush_parse: " | |
53610 | + "sending up flush reply message for satype=%d(%s) to socket=0p%p succeeded.\n", | |
53611 | + satype, | |
53612 | + satype2name(satype), | |
53613 | + pfkey_socketsp->socketp); | |
53614 | + } | |
53615 | + } | |
53616 | + | |
53617 | + errlab: | |
53618 | + return error; | |
53619 | +} | |
53620 | + | |
53621 | +DEBUG_NO_STATIC int | |
53622 | +pfkey_dump_parse(struct sock *sk, struct sadb_ext **extensions, struct pfkey_extracted_data* extr) | |
53623 | +{ | |
53624 | + int error = 0; | |
53625 | + | |
53626 | + KLIPS_PRINT(debug_pfkey, | |
53627 | + "klips_debug:pfkey_dump_parse: .\n"); | |
53628 | + | |
53629 | + SENDERR(ENOSYS); | |
53630 | + errlab: | |
53631 | + return error; | |
53632 | +} | |
53633 | + | |
53634 | +DEBUG_NO_STATIC int | |
53635 | +pfkey_x_promisc_parse(struct sock *sk, struct sadb_ext **extensions, struct pfkey_extracted_data* extr) | |
53636 | +{ | |
53637 | + int error = 0; | |
53638 | + | |
53639 | + KLIPS_PRINT(debug_pfkey, | |
53640 | + "klips_debug:pfkey_promisc_parse: .\n"); | |
53641 | + | |
53642 | + SENDERR(ENOSYS); | |
53643 | + errlab: | |
53644 | + return error; | |
53645 | +} | |
53646 | + | |
53647 | +DEBUG_NO_STATIC int | |
53648 | +pfkey_x_pchange_parse(struct sock *sk, struct sadb_ext **extensions, struct pfkey_extracted_data* extr) | |
53649 | +{ | |
53650 | + int error = 0; | |
53651 | + | |
53652 | + KLIPS_PRINT(debug_pfkey, | |
53653 | + "klips_debug:pfkey_x_pchange_parse: .\n"); | |
53654 | + | |
53655 | + SENDERR(ENOSYS); | |
53656 | + errlab: | |
53657 | + return error; | |
53658 | +} | |
53659 | + | |
53660 | +DEBUG_NO_STATIC int | |
53661 | +pfkey_x_grpsa_parse(struct sock *sk, struct sadb_ext **extensions, struct pfkey_extracted_data* extr) | |
53662 | +{ | |
53663 | + struct ipsec_sa *ips1p, *ips2p, *ipsp; | |
53664 | + struct sadb_ext *extensions_reply[SADB_EXT_MAX+1]; | |
53665 | + struct sadb_msg *pfkey_reply = NULL; | |
53666 | + struct socket_list *pfkey_socketsp; | |
53667 | + uint8_t satype = ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype; | |
53668 | + char sa1[SATOT_BUF], sa2[SATOT_BUF]; | |
53669 | + size_t sa_len1, sa_len2 = 0; | |
53670 | + int error = 0; | |
53671 | + | |
53672 | + KLIPS_PRINT(debug_pfkey, | |
53673 | + "klips_debug:pfkey_x_grpsa_parse: .\n"); | |
53674 | + | |
53675 | + pfkey_extensions_init(extensions_reply); | |
53676 | + | |
53677 | + if(extr == NULL || extr->ips == NULL) { | |
53678 | + KLIPS_PRINT(debug_pfkey, | |
53679 | + "klips_debug:pfkey_x_grpsa_parse: " | |
53680 | + "extr or extr->ips is NULL, fatal.\n"); | |
53681 | + SENDERR(EINVAL); | |
53682 | + } | |
53683 | + | |
53684 | + sa_len1 = satot(&extr->ips->ips_said, 0, sa1, sizeof(sa1)); | |
53685 | + if(extr->ips2 != NULL) { | |
53686 | + sa_len2 = satot(&extr->ips2->ips_said, 0, sa2, sizeof(sa2)); | |
53687 | + } | |
53688 | + | |
53689 | + spin_lock_bh(&tdb_lock); | |
53690 | + | |
53691 | + ips1p = ipsec_sa_getbyid(&(extr->ips->ips_said)); | |
53692 | + if(ips1p == NULL) { | |
53693 | + spin_unlock_bh(&tdb_lock); | |
53694 | + KLIPS_PRINT(debug_pfkey, | |
53695 | + "klips_debug:pfkey_x_grpsa_parse: " | |
53696 | + "reserved ipsec_sa for SA1: %s not found. Call SADB_ADD/UPDATE first.\n", | |
53697 | + sa_len1 ? sa1 : " (error)"); | |
53698 | + SENDERR(ENOENT); | |
53699 | + } | |
53700 | + if(extr->ips2) { /* GRPSA */ | |
53701 | + ips2p = ipsec_sa_getbyid(&(extr->ips2->ips_said)); | |
53702 | + if(ips2p == NULL) { | |
53703 | + ipsec_sa_put(ips1p); | |
53704 | + spin_unlock_bh(&tdb_lock); | |
53705 | + KLIPS_PRINT(debug_pfkey, | |
53706 | + "klips_debug:pfkey_x_grpsa_parse: " | |
53707 | + "reserved ipsec_sa for SA2: %s not found. Call SADB_ADD/UPDATE first.\n", | |
53708 | + sa_len2 ? sa2 : " (error)"); | |
53709 | + SENDERR(ENOENT); | |
53710 | + } | |
53711 | + | |
53712 | + /* Is either one already linked? */ | |
53713 | + if(ips1p->ips_onext) { | |
53714 | + ipsec_sa_put(ips1p); | |
53715 | + ipsec_sa_put(ips2p); | |
53716 | + spin_unlock_bh(&tdb_lock); | |
53717 | + KLIPS_PRINT(debug_pfkey, | |
53718 | + "klips_debug:pfkey_x_grpsa_parse: " | |
53719 | + "ipsec_sa for SA: %s is already linked.\n", | |
53720 | + sa_len1 ? sa1 : " (error)"); | |
53721 | + SENDERR(EEXIST); | |
53722 | + } | |
53723 | + if(ips2p->ips_inext) { | |
53724 | + ipsec_sa_put(ips1p); | |
53725 | + ipsec_sa_put(ips2p); | |
53726 | + spin_unlock_bh(&tdb_lock); | |
53727 | + KLIPS_PRINT(debug_pfkey, | |
53728 | + "klips_debug:pfkey_x_grpsa_parse: " | |
53729 | + "ipsec_sa for SA: %s is already linked.\n", | |
53730 | + sa_len2 ? sa2 : " (error)"); | |
53731 | + SENDERR(EEXIST); | |
53732 | + } | |
53733 | + | |
53734 | + /* Is extr->ips already linked to extr->ips2? */ | |
53735 | + ipsp = ips2p; | |
53736 | + while(ipsp) { | |
53737 | + if(ipsp == ips1p) { | |
53738 | + ipsec_sa_put(ips1p); | |
53739 | + ipsec_sa_put(ips2p); | |
53740 | + spin_unlock_bh(&tdb_lock); | |
53741 | + KLIPS_PRINT(debug_pfkey, | |
53742 | + "klips_debug:pfkey_x_grpsa_parse: " | |
53743 | + "ipsec_sa for SA: %s is already linked to %s.\n", | |
53744 | + sa_len1 ? sa1 : " (error)", | |
53745 | + sa_len2 ? sa2 : " (error)"); | |
53746 | + SENDERR(EEXIST); | |
53747 | + } | |
53748 | + ipsp = ipsp->ips_onext; | |
53749 | + } | |
53750 | + | |
53751 | + /* link 'em */ | |
53752 | + KLIPS_PRINT(debug_pfkey, | |
53753 | + "klips_debug:pfkey_x_grpsa_parse: " | |
53754 | + "linking ipsec_sa SA: %s with %s.\n", | |
53755 | + sa_len1 ? sa1 : " (error)", | |
53756 | + sa_len2 ? sa2 : " (error)"); | |
53757 | + ips1p->ips_onext = ips2p; | |
53758 | + ips2p->ips_inext = ips1p; | |
53759 | + } else { /* UNGRPSA */ | |
53760 | + ipsec_sa_put(ips1p); | |
53761 | + KLIPS_PRINT(debug_pfkey, | |
53762 | + "klips_debug:pfkey_x_grpsa_parse: " | |
53763 | + "unlinking ipsec_sa SA: %s.\n", | |
53764 | + sa_len1 ? sa1 : " (error)"); | |
53765 | + while(ips1p->ips_onext) { | |
53766 | + ips1p = ips1p->ips_onext; | |
53767 | + } | |
53768 | + while(ips1p->ips_inext) { | |
53769 | + ipsp = ips1p; | |
53770 | + ips1p = ips1p->ips_inext; | |
53771 | + ipsec_sa_put(ips1p); | |
53772 | + ipsp->ips_inext = NULL; | |
53773 | + ipsec_sa_put(ipsp); | |
53774 | + ips1p->ips_onext = NULL; | |
53775 | + } | |
53776 | + } | |
53777 | + | |
53778 | + spin_unlock_bh(&tdb_lock); | |
53779 | + | |
53780 | + if(!(pfkey_safe_build(error = pfkey_msg_hdr_build(&extensions_reply[0], | |
53781 | + SADB_X_GRPSA, | |
53782 | + satype, | |
53783 | + 0, | |
53784 | + ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_seq, | |
53785 | + ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_pid), | |
53786 | + extensions_reply) | |
53787 | + && pfkey_safe_build(error = pfkey_sa_ref_build(&extensions_reply[SADB_EXT_SA], | |
53788 | + SADB_EXT_SA, | |
53789 | + extr->ips->ips_said.spi, | |
53790 | + extr->ips->ips_replaywin, | |
53791 | + extr->ips->ips_state, | |
53792 | + extr->ips->ips_authalg, | |
53793 | + extr->ips->ips_encalg, | |
53794 | + extr->ips->ips_flags, | |
53795 | + extr->ips->ips_ref), | |
53796 | + extensions_reply) | |
53797 | + && pfkey_safe_build(error = pfkey_address_build(&extensions_reply[SADB_EXT_ADDRESS_DST], | |
53798 | + SADB_EXT_ADDRESS_DST, | |
53799 | + 0, /*extr->ips->ips_said.proto,*/ | |
53800 | + 0, | |
53801 | + extr->ips->ips_addr_d), | |
53802 | + extensions_reply) | |
53803 | + && (extr->ips2 | |
53804 | + ? (pfkey_safe_build(error = pfkey_x_satype_build(&extensions_reply[SADB_X_EXT_SATYPE2], | |
53805 | + ((struct sadb_x_satype*)extensions[SADB_X_EXT_SATYPE2])->sadb_x_satype_satype | |
53806 | + /* proto2satype(extr->ips2->ips_said.proto) */), | |
53807 | + extensions_reply) | |
53808 | + && pfkey_safe_build(error = pfkey_sa_ref_build(&extensions_reply[SADB_X_EXT_SA2], | |
53809 | + SADB_X_EXT_SA2, | |
53810 | + extr->ips2->ips_said.spi, | |
53811 | + extr->ips2->ips_replaywin, | |
53812 | + extr->ips2->ips_state, | |
53813 | + extr->ips2->ips_authalg, | |
53814 | + extr->ips2->ips_encalg, | |
53815 | + extr->ips2->ips_flags, | |
53816 | + extr->ips2->ips_ref), | |
53817 | + extensions_reply) | |
53818 | + && pfkey_safe_build(error = pfkey_address_build(&extensions_reply[SADB_X_EXT_ADDRESS_DST2], | |
53819 | + SADB_X_EXT_ADDRESS_DST2, | |
53820 | + 0, /*extr->ips->ips_said.proto,*/ | |
53821 | + 0, | |
53822 | + extr->ips2->ips_addr_d), | |
53823 | + extensions_reply) ) : 1 ) | |
53824 | + )) { | |
53825 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_x_grpsa_parse: " | |
53826 | + "failed to build the x_grpsa reply message extensions\n"); | |
53827 | + SENDERR(-error); | |
53828 | + } | |
53829 | + | |
53830 | + if((error = pfkey_msg_build(&pfkey_reply, extensions_reply, EXT_BITS_OUT))) { | |
53831 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_x_grpsa_parse: " | |
53832 | + "failed to build the x_grpsa reply message\n"); | |
53833 | + SENDERR(-error); | |
53834 | + } | |
53835 | + | |
53836 | + for(pfkey_socketsp = pfkey_open_sockets; | |
53837 | + pfkey_socketsp; | |
53838 | + pfkey_socketsp = pfkey_socketsp->next) { | |
53839 | + if((error = pfkey_upmsg(pfkey_socketsp->socketp, pfkey_reply))) { | |
53840 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_x_grpsa_parse: " | |
53841 | + "sending up x_grpsa reply message for satype=%d(%s) to socket=0p%p failed with error=%d.\n", | |
53842 | + satype, | |
53843 | + satype2name(satype), | |
53844 | + pfkey_socketsp->socketp, | |
53845 | + error); | |
53846 | + SENDERR(-error); | |
53847 | + } | |
53848 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_x_grpsa_parse: " | |
53849 | + "sending up x_grpsa reply message for satype=%d(%s) to socket=0p%p succeeded.\n", | |
53850 | + satype, | |
53851 | + satype2name(satype), | |
53852 | + pfkey_socketsp->socketp); | |
53853 | + } | |
53854 | + | |
53855 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_x_grpsa_parse: " | |
53856 | + "succeeded in sending x_grpsa reply message.\n"); | |
53857 | + | |
53858 | + errlab: | |
53859 | + if (pfkey_reply) { | |
53860 | + pfkey_msg_free(&pfkey_reply); | |
53861 | + } | |
53862 | + pfkey_extensions_free(extensions_reply); | |
53863 | + return error; | |
53864 | +} | |
53865 | + | |
53866 | +DEBUG_NO_STATIC int | |
53867 | +pfkey_x_addflow_parse(struct sock *sk, struct sadb_ext **extensions, struct pfkey_extracted_data* extr) | |
53868 | +{ | |
53869 | + int error = 0; | |
53870 | +#ifdef CONFIG_KLIPS_DEBUG | |
53871 | + char buf1[64], buf2[64]; | |
53872 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
53873 | + struct sadb_ext *extensions_reply[SADB_EXT_MAX+1]; | |
53874 | + struct sadb_msg *pfkey_reply = NULL; | |
53875 | + struct socket_list *pfkey_socketsp; | |
53876 | + uint8_t satype = ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype; | |
53877 | + ip_address srcflow, dstflow, srcmask, dstmask; | |
53878 | + | |
53879 | + KLIPS_PRINT(debug_pfkey, | |
53880 | + "klips_debug:pfkey_x_addflow_parse: .\n"); | |
53881 | + | |
53882 | + pfkey_extensions_init(extensions_reply); | |
53883 | + | |
53884 | + memset((caddr_t)&srcflow, 0, sizeof(srcflow)); | |
53885 | + memset((caddr_t)&dstflow, 0, sizeof(dstflow)); | |
53886 | + memset((caddr_t)&srcmask, 0, sizeof(srcmask)); | |
53887 | + memset((caddr_t)&dstmask, 0, sizeof(dstmask)); | |
53888 | + | |
53889 | + if(!extr || !(extr->ips) || !(extr->eroute)) { | |
53890 | + KLIPS_PRINT(debug_pfkey, | |
53891 | + "klips_debug:pfkey_x_addflow_parse: " | |
53892 | + "missing extr, ipsec_sa or eroute data.\n"); | |
53893 | + SENDERR(EINVAL); | |
53894 | + } | |
53895 | + | |
53896 | + srcflow.u.v4.sin_family = AF_INET; | |
53897 | + dstflow.u.v4.sin_family = AF_INET; | |
53898 | + srcmask.u.v4.sin_family = AF_INET; | |
53899 | + dstmask.u.v4.sin_family = AF_INET; | |
53900 | + srcflow.u.v4.sin_addr = extr->eroute->er_eaddr.sen_ip_src; | |
53901 | + dstflow.u.v4.sin_addr = extr->eroute->er_eaddr.sen_ip_dst; | |
53902 | + srcmask.u.v4.sin_addr = extr->eroute->er_emask.sen_ip_src; | |
53903 | + dstmask.u.v4.sin_addr = extr->eroute->er_emask.sen_ip_dst; | |
53904 | + | |
53905 | +#ifdef CONFIG_KLIPS_DEBUG | |
53906 | + if (debug_pfkey) { | |
53907 | + subnettoa(extr->eroute->er_eaddr.sen_ip_src, | |
53908 | + extr->eroute->er_emask.sen_ip_src, 0, buf1, sizeof(buf1)); | |
53909 | + subnettoa(extr->eroute->er_eaddr.sen_ip_dst, | |
53910 | + extr->eroute->er_emask.sen_ip_dst, 0, buf2, sizeof(buf2)); | |
53911 | + KLIPS_PRINT(debug_pfkey, | |
53912 | + "klips_debug:pfkey_x_addflow_parse: " | |
53913 | + "calling breakeroute and/or makeroute for %s->%s\n", | |
53914 | + buf1, buf2); | |
53915 | + } | |
53916 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
53917 | + | |
53918 | + if(extr->ips->ips_flags & SADB_X_SAFLAGS_INFLOW) { | |
53919 | + struct ipsec_sa *ipsp, *ipsq; | |
53920 | + char sa[SATOT_BUF]; | |
53921 | + size_t sa_len; | |
53922 | + | |
53923 | + ipsq = ipsec_sa_getbyid(&(extr->ips->ips_said)); | |
53924 | + if(ipsq == NULL) { | |
53925 | + KLIPS_PRINT(debug_pfkey, | |
53926 | + "klips_debug:pfkey_x_addflow_parse: " | |
53927 | + "ipsec_sa not found, cannot set incoming policy.\n"); | |
53928 | + SENDERR(ENOENT); | |
53929 | + } | |
53930 | + | |
53931 | + ipsp = ipsq; | |
53932 | + while(ipsp && ipsp->ips_said.proto != IPPROTO_IPIP) { | |
53933 | + ipsp = ipsp->ips_inext; | |
53934 | + } | |
53935 | + | |
53936 | + if(ipsp == NULL) { | |
53937 | + ipsec_sa_put(ipsq); | |
53938 | + KLIPS_PRINT(debug_pfkey, | |
53939 | + "klips_debug:pfkey_x_addflow_parse: " | |
53940 | + "SA chain does not have an IPIP SA, cannot set incoming policy.\n"); | |
53941 | + SENDERR(ENOENT); | |
53942 | + } | |
53943 | + | |
53944 | + sa_len = satot(&extr->ips->ips_said, 0, sa, sizeof(sa)); | |
53945 | + | |
53946 | + ipsp->ips_flags |= SADB_X_SAFLAGS_INFLOW; | |
53947 | + ipsp->ips_flow_s = srcflow; | |
53948 | + ipsp->ips_flow_d = dstflow; | |
53949 | + ipsp->ips_mask_s = srcmask; | |
53950 | + ipsp->ips_mask_d = dstmask; | |
53951 | + | |
53952 | + ipsec_sa_put(ipsq); | |
53953 | + | |
53954 | + KLIPS_PRINT(debug_pfkey, | |
53955 | + "klips_debug:pfkey_x_addflow_parse: " | |
53956 | + "inbound eroute, setting incoming policy information in IPIP ipsec_sa for SA: %s.\n", | |
53957 | + sa_len ? sa : " (error)"); | |
53958 | + } else { | |
53959 | + struct sk_buff *first = NULL, *last = NULL; | |
53960 | + | |
53961 | + if(extr->ips->ips_flags & SADB_X_SAFLAGS_REPLACEFLOW) { | |
53962 | + KLIPS_PRINT(debug_pfkey, | |
53963 | + "klips_debug:pfkey_x_addflow_parse: " | |
53964 | + "REPLACEFLOW flag set, calling breakeroute.\n"); | |
53965 | + if ((error = ipsec_breakroute(&(extr->eroute->er_eaddr), | |
53966 | + &(extr->eroute->er_emask), | |
53967 | + &first, &last))) { | |
53968 | + KLIPS_PRINT(debug_pfkey, | |
53969 | + "klips_debug:pfkey_x_addflow_parse: " | |
53970 | + "breakeroute returned %d. first=0p%p, last=0p%p\n", | |
53971 | + error, | |
53972 | + first, | |
53973 | + last); | |
53974 | + if(first != NULL) { | |
53975 | + ipsec_kfree_skb(first); | |
53976 | + } | |
53977 | + if(last != NULL) { | |
53978 | + ipsec_kfree_skb(last); | |
53979 | + } | |
53980 | + SENDERR(-error); | |
53981 | + } | |
53982 | + } | |
53983 | + | |
53984 | + KLIPS_PRINT(debug_pfkey, | |
53985 | + "klips_debug:pfkey_x_addflow_parse: " | |
53986 | + "calling makeroute.\n"); | |
53987 | + | |
53988 | + if ((error = ipsec_makeroute(&(extr->eroute->er_eaddr), | |
53989 | + &(extr->eroute->er_emask), | |
53990 | + extr->ips->ips_said, | |
53991 | + ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_pid, | |
53992 | + NULL, | |
53993 | + &(extr->ips->ips_ident_s), | |
53994 | + &(extr->ips->ips_ident_d)))) { | |
53995 | + KLIPS_PRINT(debug_pfkey, | |
53996 | + "klips_debug:pfkey_x_addflow_parse: " | |
53997 | + "makeroute returned %d.\n", error); | |
53998 | + SENDERR(-error); | |
53999 | + } | |
54000 | + if(first != NULL) { | |
54001 | + KLIPS_PRINT(debug_eroute, | |
54002 | + "klips_debug:pfkey_x_addflow_parse: " | |
54003 | + "first=0p%p HOLD packet re-injected.\n", | |
54004 | + first); | |
54005 | + DEV_QUEUE_XMIT(first, first->dev, SOPRI_NORMAL); | |
54006 | + } | |
54007 | + if(last != NULL) { | |
54008 | + KLIPS_PRINT(debug_eroute, | |
54009 | + "klips_debug:pfkey_x_addflow_parse: " | |
54010 | + "last=0p%p HOLD packet re-injected.\n", | |
54011 | + last); | |
54012 | + DEV_QUEUE_XMIT(last, last->dev, SOPRI_NORMAL); | |
54013 | + } | |
54014 | + } | |
54015 | + | |
54016 | + KLIPS_PRINT(debug_pfkey, | |
54017 | + "klips_debug:pfkey_x_addflow_parse: " | |
54018 | + "makeroute call successful.\n"); | |
54019 | + | |
54020 | + if(!(pfkey_safe_build(error = pfkey_msg_hdr_build(&extensions_reply[0], | |
54021 | + SADB_X_ADDFLOW, | |
54022 | + satype, | |
54023 | + 0, | |
54024 | + ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_seq, | |
54025 | + ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_pid), | |
54026 | + extensions_reply) | |
54027 | + && pfkey_safe_build(error = pfkey_sa_ref_build(&extensions_reply[SADB_EXT_SA], | |
54028 | + SADB_EXT_SA, | |
54029 | + extr->ips->ips_said.spi, | |
54030 | + extr->ips->ips_replaywin, | |
54031 | + extr->ips->ips_state, | |
54032 | + extr->ips->ips_authalg, | |
54033 | + extr->ips->ips_encalg, | |
54034 | + extr->ips->ips_flags, | |
54035 | + extr->ips->ips_ref), | |
54036 | + extensions_reply) | |
54037 | + && (extensions[SADB_EXT_ADDRESS_SRC] | |
54038 | + ? pfkey_safe_build(error = pfkey_address_build(&extensions_reply[SADB_EXT_ADDRESS_SRC], | |
54039 | + SADB_EXT_ADDRESS_SRC, | |
54040 | + 0, /*extr->ips->ips_said.proto,*/ | |
54041 | + 0, | |
54042 | + extr->ips->ips_addr_s), | |
54043 | + extensions_reply) : 1) | |
54044 | + && (extensions[SADB_EXT_ADDRESS_DST] | |
54045 | + ? pfkey_safe_build(error = pfkey_address_build(&extensions_reply[SADB_EXT_ADDRESS_DST], | |
54046 | + SADB_EXT_ADDRESS_DST, | |
54047 | + 0, /*extr->ips->ips_said.proto,*/ | |
54048 | + 0, | |
54049 | + extr->ips->ips_addr_d), | |
54050 | + extensions_reply) : 1) | |
54051 | + && pfkey_safe_build(error = pfkey_address_build(&extensions_reply[SADB_X_EXT_ADDRESS_SRC_FLOW], | |
54052 | + SADB_X_EXT_ADDRESS_SRC_FLOW, | |
54053 | + 0, /*extr->ips->ips_said.proto,*/ | |
54054 | + 0, | |
54055 | + (struct sockaddr*)&srcflow), | |
54056 | + extensions_reply) | |
54057 | + && pfkey_safe_build(error = pfkey_address_build(&extensions_reply[SADB_X_EXT_ADDRESS_DST_FLOW], | |
54058 | + SADB_X_EXT_ADDRESS_DST_FLOW, | |
54059 | + 0, /*extr->ips->ips_said.proto,*/ | |
54060 | + 0, | |
54061 | + (struct sockaddr*)&dstflow), | |
54062 | + extensions_reply) | |
54063 | + && pfkey_safe_build(error = pfkey_address_build(&extensions_reply[SADB_X_EXT_ADDRESS_SRC_MASK], | |
54064 | + SADB_X_EXT_ADDRESS_SRC_MASK, | |
54065 | + 0, /*extr->ips->ips_said.proto,*/ | |
54066 | + 0, | |
54067 | + (struct sockaddr*)&srcmask), | |
54068 | + extensions_reply) | |
54069 | + && pfkey_safe_build(error = pfkey_address_build(&extensions_reply[SADB_X_EXT_ADDRESS_DST_MASK], | |
54070 | + SADB_X_EXT_ADDRESS_DST_MASK, | |
54071 | + 0, /*extr->ips->ips_said.proto,*/ | |
54072 | + 0, | |
54073 | + (struct sockaddr*)&dstmask), | |
54074 | + extensions_reply) | |
54075 | + )) { | |
54076 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_x_addflow_parse: " | |
54077 | + "failed to build the x_addflow reply message extensions\n"); | |
54078 | + SENDERR(-error); | |
54079 | + } | |
54080 | + | |
54081 | + if((error = pfkey_msg_build(&pfkey_reply, extensions_reply, EXT_BITS_OUT))) { | |
54082 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_x_addflow_parse: " | |
54083 | + "failed to build the x_addflow reply message\n"); | |
54084 | + SENDERR(-error); | |
54085 | + } | |
54086 | + | |
54087 | + for(pfkey_socketsp = pfkey_open_sockets; | |
54088 | + pfkey_socketsp; | |
54089 | + pfkey_socketsp = pfkey_socketsp->next) { | |
54090 | + if((error = pfkey_upmsg(pfkey_socketsp->socketp, pfkey_reply))) { | |
54091 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_x_addflow_parse: " | |
54092 | + "sending up x_addflow reply message for satype=%d(%s) to socket=0p%p failed with error=%d.\n", | |
54093 | + satype, | |
54094 | + satype2name(satype), | |
54095 | + pfkey_socketsp->socketp, | |
54096 | + error); | |
54097 | + SENDERR(-error); | |
54098 | + } | |
54099 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_x_addflow_parse: " | |
54100 | + "sending up x_addflow reply message for satype=%d(%s) (proto=%d) to socket=0p%p succeeded.\n", | |
54101 | + satype, | |
54102 | + satype2name(satype), | |
54103 | + extr->ips->ips_said.proto, | |
54104 | + pfkey_socketsp->socketp); | |
54105 | + } | |
54106 | + | |
54107 | + KLIPS_PRINT(debug_pfkey, | |
54108 | + "klips_debug:pfkey_x_addflow_parse: " | |
54109 | + "extr->ips cleaned up and freed.\n"); | |
54110 | + | |
54111 | + errlab: | |
54112 | + if (pfkey_reply) { | |
54113 | + pfkey_msg_free(&pfkey_reply); | |
54114 | + } | |
54115 | + pfkey_extensions_free(extensions_reply); | |
54116 | + return error; | |
54117 | +} | |
54118 | + | |
54119 | +DEBUG_NO_STATIC int | |
54120 | +pfkey_x_delflow_parse(struct sock *sk, struct sadb_ext **extensions, struct pfkey_extracted_data* extr) | |
54121 | +{ | |
54122 | + int error = 0; | |
54123 | +#ifdef CONFIG_KLIPS_DEBUG | |
54124 | + char buf1[64], buf2[64]; | |
54125 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
54126 | + struct sadb_ext *extensions_reply[SADB_EXT_MAX+1]; | |
54127 | + struct sadb_msg *pfkey_reply = NULL; | |
54128 | + struct socket_list *pfkey_socketsp; | |
54129 | + uint8_t satype = ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype; | |
54130 | + ip_address srcflow, dstflow, srcmask, dstmask; | |
54131 | + | |
54132 | + KLIPS_PRINT(debug_pfkey, | |
54133 | + "klips_debug:pfkey_x_delflow_parse: .\n"); | |
54134 | + | |
54135 | + pfkey_extensions_init(extensions_reply); | |
54136 | + | |
54137 | + memset((caddr_t)&srcflow, 0, sizeof(srcflow)); | |
54138 | + memset((caddr_t)&dstflow, 0, sizeof(dstflow)); | |
54139 | + memset((caddr_t)&srcmask, 0, sizeof(srcmask)); | |
54140 | + memset((caddr_t)&dstmask, 0, sizeof(dstmask)); | |
54141 | + | |
54142 | + if(!extr || !(extr->ips)) { | |
54143 | + KLIPS_PRINT(debug_pfkey, | |
54144 | + "klips_debug:pfkey_x_delflow_parse: " | |
54145 | + "extr, or extr->ips is NULL, fatal\n"); | |
54146 | + SENDERR(EINVAL); | |
54147 | + } | |
54148 | + | |
54149 | + if(extr->ips->ips_flags & SADB_X_SAFLAGS_CLEARFLOW) { | |
54150 | + KLIPS_PRINT(debug_pfkey, | |
54151 | + "klips_debug:pfkey_x_delflow_parse: " | |
54152 | + "CLEARFLOW flag set, calling cleareroutes.\n"); | |
54153 | + if ((error = ipsec_cleareroutes())) | |
54154 | + KLIPS_PRINT(debug_pfkey, | |
54155 | + "klips_debug:pfkey_x_delflow_parse: " | |
54156 | + "cleareroutes returned %d.\n", error); | |
54157 | + SENDERR(-error); | |
54158 | + } else { | |
54159 | + struct sk_buff *first = NULL, *last = NULL; | |
54160 | + | |
54161 | + if(!(extr->eroute)) { | |
54162 | + KLIPS_PRINT(debug_pfkey, | |
54163 | + "klips_debug:pfkey_x_delflow_parse: " | |
54164 | + "extr->eroute is NULL, fatal.\n"); | |
54165 | + SENDERR(EINVAL); | |
54166 | + } | |
54167 | + | |
54168 | + srcflow.u.v4.sin_family = AF_INET; | |
54169 | + dstflow.u.v4.sin_family = AF_INET; | |
54170 | + srcmask.u.v4.sin_family = AF_INET; | |
54171 | + dstmask.u.v4.sin_family = AF_INET; | |
54172 | + srcflow.u.v4.sin_addr = extr->eroute->er_eaddr.sen_ip_src; | |
54173 | + dstflow.u.v4.sin_addr = extr->eroute->er_eaddr.sen_ip_dst; | |
54174 | + srcmask.u.v4.sin_addr = extr->eroute->er_emask.sen_ip_src; | |
54175 | + dstmask.u.v4.sin_addr = extr->eroute->er_emask.sen_ip_dst; | |
54176 | + | |
54177 | +#ifdef CONFIG_KLIPS_DEBUG | |
54178 | + if (debug_pfkey) { | |
54179 | + subnettoa(extr->eroute->er_eaddr.sen_ip_src, | |
54180 | + extr->eroute->er_emask.sen_ip_src, 0, buf1, sizeof(buf1)); | |
54181 | + subnettoa(extr->eroute->er_eaddr.sen_ip_dst, | |
54182 | + extr->eroute->er_emask.sen_ip_dst, 0, buf2, sizeof(buf2)); | |
54183 | + KLIPS_PRINT(debug_pfkey, | |
54184 | + "klips_debug:pfkey_x_delflow_parse: " | |
54185 | + "calling breakeroute for %s->%s\n", | |
54186 | + buf1, buf2); | |
54187 | + } | |
54188 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
54189 | + error = ipsec_breakroute(&(extr->eroute->er_eaddr), | |
54190 | + &(extr->eroute->er_emask), | |
54191 | + &first, &last); | |
54192 | + if(error) { | |
54193 | + KLIPS_PRINT(debug_pfkey, | |
54194 | + "klips_debug:pfkey_x_delflow_parse: " | |
54195 | + "breakeroute returned %d. first=0p%p, last=0p%p\n", | |
54196 | + error, | |
54197 | + first, | |
54198 | + last); | |
54199 | + } | |
54200 | + if(first != NULL) { | |
54201 | + ipsec_kfree_skb(first); | |
54202 | + } | |
54203 | + if(last != NULL) { | |
54204 | + ipsec_kfree_skb(last); | |
54205 | + } | |
54206 | + if(error) { | |
54207 | + SENDERR(-error); | |
54208 | + } | |
54209 | + } | |
54210 | + | |
54211 | + if(!(pfkey_safe_build(error = pfkey_msg_hdr_build(&extensions_reply[0], | |
54212 | + SADB_X_DELFLOW, | |
54213 | + satype, | |
54214 | + 0, | |
54215 | + ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_seq, | |
54216 | + ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_pid), | |
54217 | + extensions_reply) | |
54218 | + && pfkey_safe_build(error = pfkey_sa_ref_build(&extensions_reply[SADB_EXT_SA], | |
54219 | + SADB_EXT_SA, | |
54220 | + extr->ips->ips_said.spi, | |
54221 | + extr->ips->ips_replaywin, | |
54222 | + extr->ips->ips_state, | |
54223 | + extr->ips->ips_authalg, | |
54224 | + extr->ips->ips_encalg, | |
54225 | + extr->ips->ips_flags, | |
54226 | + extr->ips->ips_ref), | |
54227 | + extensions_reply) | |
54228 | + && pfkey_safe_build(error = pfkey_address_build(&extensions_reply[SADB_X_EXT_ADDRESS_SRC_FLOW], | |
54229 | + SADB_X_EXT_ADDRESS_SRC_FLOW, | |
54230 | + 0, /*extr->ips->ips_said.proto,*/ | |
54231 | + 0, | |
54232 | + (struct sockaddr*)&srcflow), | |
54233 | + extensions_reply) | |
54234 | + && pfkey_safe_build(error = pfkey_address_build(&extensions_reply[SADB_X_EXT_ADDRESS_DST_FLOW], | |
54235 | + SADB_X_EXT_ADDRESS_DST_FLOW, | |
54236 | + 0, /*extr->ips->ips_said.proto,*/ | |
54237 | + 0, | |
54238 | + (struct sockaddr*)&dstflow), | |
54239 | + extensions_reply) | |
54240 | + && pfkey_safe_build(error = pfkey_address_build(&extensions_reply[SADB_X_EXT_ADDRESS_SRC_MASK], | |
54241 | + SADB_X_EXT_ADDRESS_SRC_MASK, | |
54242 | + 0, /*extr->ips->ips_said.proto,*/ | |
54243 | + 0, | |
54244 | + (struct sockaddr*)&srcmask), | |
54245 | + extensions_reply) | |
54246 | + && pfkey_safe_build(error = pfkey_address_build(&extensions_reply[SADB_X_EXT_ADDRESS_DST_MASK], | |
54247 | + SADB_X_EXT_ADDRESS_DST_MASK, | |
54248 | + 0, /*extr->ips->ips_said.proto,*/ | |
54249 | + 0, | |
54250 | + (struct sockaddr*)&dstmask), | |
54251 | + extensions_reply) | |
54252 | + )) { | |
54253 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_x_delflow_parse: " | |
54254 | + "failed to build the x_delflow reply message extensions\n"); | |
54255 | + SENDERR(-error); | |
54256 | + } | |
54257 | + | |
54258 | + if((error = pfkey_msg_build(&pfkey_reply, extensions_reply, EXT_BITS_OUT))) { | |
54259 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_x_delflow_parse: " | |
54260 | + "failed to build the x_delflow reply message\n"); | |
54261 | + SENDERR(-error); | |
54262 | + } | |
54263 | + | |
54264 | + for(pfkey_socketsp = pfkey_open_sockets; | |
54265 | + pfkey_socketsp; | |
54266 | + pfkey_socketsp = pfkey_socketsp->next) { | |
54267 | + if((error = pfkey_upmsg(pfkey_socketsp->socketp, pfkey_reply))) { | |
54268 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_x_delflow_parse: " | |
54269 | + "sending up x_delflow reply message for satype=%d(%s) to socket=0p%p failed with error=%d.\n", | |
54270 | + satype, | |
54271 | + satype2name(satype), | |
54272 | + pfkey_socketsp->socketp, | |
54273 | + error); | |
54274 | + SENDERR(-error); | |
54275 | + } | |
54276 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_x_delflow_parse: " | |
54277 | + "sending up x_delflow reply message for satype=%d(%s) to socket=0p%p succeeded.\n", | |
54278 | + satype, | |
54279 | + satype2name(satype), | |
54280 | + pfkey_socketsp->socketp); | |
54281 | + } | |
54282 | + | |
54283 | + KLIPS_PRINT(debug_pfkey, | |
54284 | + "klips_debug:pfkey_x_delflow_parse: " | |
54285 | + "extr->ips cleaned up and freed.\n"); | |
54286 | + | |
54287 | + errlab: | |
54288 | + if (pfkey_reply) { | |
54289 | + pfkey_msg_free(&pfkey_reply); | |
54290 | + } | |
54291 | + pfkey_extensions_free(extensions_reply); | |
54292 | + return error; | |
54293 | +} | |
54294 | + | |
54295 | +DEBUG_NO_STATIC int | |
54296 | +pfkey_x_msg_debug_parse(struct sock *sk, struct sadb_ext **extensions, struct pfkey_extracted_data* extr) | |
54297 | +{ | |
54298 | + int error = 0; | |
54299 | + | |
54300 | + KLIPS_PRINT(debug_pfkey, | |
54301 | + "klips_debug:pfkey_x_msg_debug_parse: .\n"); | |
54302 | + | |
54303 | +/* errlab:*/ | |
54304 | + return error; | |
54305 | +} | |
54306 | + | |
54307 | +/* pfkey_expire expects the ipsec_sa table to be locked before being called. */ | |
54308 | +int | |
54309 | +pfkey_expire(struct ipsec_sa *ipsp, int hard) | |
54310 | +{ | |
54311 | + struct sadb_ext *extensions[SADB_EXT_MAX+1]; | |
54312 | + struct sadb_msg *pfkey_msg = NULL; | |
54313 | + struct socket_list *pfkey_socketsp; | |
54314 | + int error = 0; | |
54315 | + uint8_t satype; | |
54316 | + | |
54317 | + pfkey_extensions_init(extensions); | |
54318 | + | |
54319 | + if(!(satype = proto2satype(ipsp->ips_said.proto))) { | |
54320 | + KLIPS_PRINT(debug_pfkey, | |
54321 | + "klips_debug:pfkey_expire: " | |
54322 | + "satype lookup for protocol %d lookup failed.\n", | |
54323 | + ipsp->ips_said.proto); | |
54324 | + SENDERR(EINVAL); | |
54325 | + } | |
54326 | + | |
54327 | + if(!pfkey_open_sockets) { | |
54328 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_expire: " | |
54329 | + "no sockets listening.\n"); | |
54330 | + SENDERR(EPROTONOSUPPORT); | |
54331 | + } | |
54332 | + | |
54333 | + if (!(pfkey_safe_build(error = pfkey_msg_hdr_build(&extensions[0], | |
54334 | + SADB_EXPIRE, | |
54335 | + satype, | |
54336 | + 0, | |
54337 | + ++pfkey_msg_seq, | |
54338 | + 0), | |
54339 | + extensions) | |
54340 | + && pfkey_safe_build(error = pfkey_sa_ref_build(&extensions[SADB_EXT_SA], | |
54341 | + SADB_EXT_SA, | |
54342 | + ipsp->ips_said.spi, | |
54343 | + ipsp->ips_replaywin, | |
54344 | + ipsp->ips_state, | |
54345 | + ipsp->ips_authalg, | |
54346 | + ipsp->ips_encalg, | |
54347 | + ipsp->ips_flags, | |
54348 | + ipsp->ips_ref), | |
54349 | + extensions) | |
54350 | + && pfkey_safe_build(error = pfkey_lifetime_build(&extensions[SADB_EXT_LIFETIME_CURRENT], | |
54351 | + SADB_EXT_LIFETIME_CURRENT, | |
54352 | + ipsp->ips_life.ipl_allocations.ipl_count, | |
54353 | + ipsp->ips_life.ipl_bytes.ipl_count, | |
54354 | + ipsp->ips_life.ipl_addtime.ipl_count, | |
54355 | + ipsp->ips_life.ipl_usetime.ipl_count, | |
54356 | + ipsp->ips_life.ipl_packets.ipl_count), | |
54357 | + extensions) | |
54358 | + && (hard ? | |
54359 | + pfkey_safe_build(error = pfkey_lifetime_build(&extensions[SADB_EXT_LIFETIME_HARD], | |
54360 | + SADB_EXT_LIFETIME_HARD, | |
54361 | + ipsp->ips_life.ipl_allocations.ipl_hard, | |
54362 | + ipsp->ips_life.ipl_bytes.ipl_hard, | |
54363 | + ipsp->ips_life.ipl_addtime.ipl_hard, | |
54364 | + ipsp->ips_life.ipl_usetime.ipl_hard, | |
54365 | + ipsp->ips_life.ipl_packets.ipl_hard), | |
54366 | + extensions) | |
54367 | + : pfkey_safe_build(error = pfkey_lifetime_build(&extensions[SADB_EXT_LIFETIME_SOFT], | |
54368 | + SADB_EXT_LIFETIME_SOFT, | |
54369 | + ipsp->ips_life.ipl_allocations.ipl_soft, | |
54370 | + ipsp->ips_life.ipl_bytes.ipl_soft, | |
54371 | + ipsp->ips_life.ipl_addtime.ipl_soft, | |
54372 | + ipsp->ips_life.ipl_usetime.ipl_soft, | |
54373 | + ipsp->ips_life.ipl_packets.ipl_soft), | |
54374 | + extensions)) | |
54375 | + && pfkey_safe_build(error = pfkey_address_build(&extensions[SADB_EXT_ADDRESS_SRC], | |
54376 | + SADB_EXT_ADDRESS_SRC, | |
54377 | + 0, /* ipsp->ips_said.proto, */ | |
54378 | + 0, | |
54379 | + ipsp->ips_addr_s), | |
54380 | + extensions) | |
54381 | + && pfkey_safe_build(error = pfkey_address_build(&extensions[SADB_EXT_ADDRESS_DST], | |
54382 | + SADB_EXT_ADDRESS_DST, | |
54383 | + 0, /* ipsp->ips_said.proto, */ | |
54384 | + 0, | |
54385 | + ipsp->ips_addr_d), | |
54386 | + extensions))) { | |
54387 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_expire: " | |
54388 | + "failed to build the expire message extensions\n"); | |
54389 | + spin_unlock(&tdb_lock); | |
54390 | + goto errlab; | |
54391 | + } | |
54392 | + | |
54393 | + if ((error = pfkey_msg_build(&pfkey_msg, extensions, EXT_BITS_OUT))) { | |
54394 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_expire: " | |
54395 | + "failed to build the expire message\n"); | |
54396 | + SENDERR(-error); | |
54397 | + } | |
54398 | + | |
54399 | + for(pfkey_socketsp = pfkey_open_sockets; | |
54400 | + pfkey_socketsp; | |
54401 | + pfkey_socketsp = pfkey_socketsp->next) { | |
54402 | + if((error = pfkey_upmsg(pfkey_socketsp->socketp, pfkey_msg))) { | |
54403 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_expire: " | |
54404 | + "sending up expire message for satype=%d(%s) to socket=0p%p failed with error=%d.\n", | |
54405 | + satype, | |
54406 | + satype2name(satype), | |
54407 | + pfkey_socketsp->socketp, | |
54408 | + error); | |
54409 | + SENDERR(-error); | |
54410 | + } | |
54411 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_expire: " | |
54412 | + "sending up expire message for satype=%d(%s) (proto=%d) to socket=0p%p succeeded.\n", | |
54413 | + satype, | |
54414 | + satype2name(satype), | |
54415 | + ipsp->ips_said.proto, | |
54416 | + pfkey_socketsp->socketp); | |
54417 | + } | |
54418 | + | |
54419 | + errlab: | |
54420 | + if (pfkey_msg) { | |
54421 | + pfkey_msg_free(&pfkey_msg); | |
54422 | + } | |
54423 | + pfkey_extensions_free(extensions); | |
54424 | + return error; | |
54425 | +} | |
54426 | + | |
54427 | +int | |
54428 | +pfkey_acquire(struct ipsec_sa *ipsp) | |
54429 | +{ | |
54430 | + struct sadb_ext *extensions[SADB_EXT_MAX+1]; | |
54431 | + struct sadb_msg *pfkey_msg = NULL; | |
54432 | + struct socket_list *pfkey_socketsp; | |
54433 | + int error = 0; | |
54434 | + struct sadb_comb comb[] = { | |
54435 | + /* auth; encrypt; flags; */ | |
54436 | + /* auth_minbits; auth_maxbits; encrypt_minbits; encrypt_maxbits; */ | |
54437 | + /* reserved; soft_allocations; hard_allocations; soft_bytes; hard_bytes; */ | |
54438 | + /* soft_addtime; hard_addtime; soft_usetime; hard_usetime; */ | |
54439 | + /* soft_packets; hard_packets; */ | |
54440 | + { SADB_AALG_MD5HMAC, SADB_EALG_3DESCBC, SADB_SAFLAGS_PFS, | |
54441 | + 128, 128, 168, 168, | |
54442 | + 0, 0, 0, 0, 0, | |
54443 | + 57600, 86400, 57600, 86400, | |
54444 | + 0, 0 }, | |
54445 | + { SADB_AALG_SHA1HMAC, SADB_EALG_3DESCBC, SADB_SAFLAGS_PFS, | |
54446 | + 160, 160, 168, 168, | |
54447 | + 0, 0, 0, 0, 0, | |
54448 | + 57600, 86400, 57600, 86400, | |
54449 | + 0, 0 } | |
54450 | + }; | |
54451 | + | |
54452 | + /* XXX This should not be hard-coded. It should be taken from the spdb */ | |
54453 | + uint8_t satype = SADB_SATYPE_ESP; | |
54454 | + | |
54455 | + pfkey_extensions_init(extensions); | |
54456 | + | |
54457 | + if((satype == 0) || (satype > SADB_SATYPE_MAX)) { | |
54458 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_acquire: " | |
54459 | + "SAtype=%d unspecified or unknown.\n", | |
54460 | + satype); | |
54461 | + SENDERR(EINVAL); | |
54462 | + } | |
54463 | + | |
54464 | + if(!(pfkey_registered_sockets[satype])) { | |
54465 | + KLIPS_PRINT(1|debug_pfkey, "klips_debug:pfkey_acquire: " | |
54466 | + "no sockets registered for SAtype=%d(%s).\n", | |
54467 | + satype, | |
54468 | + satype2name(satype)); | |
54469 | + SENDERR(EPROTONOSUPPORT); | |
54470 | + } | |
54471 | + | |
54472 | + if (!(pfkey_safe_build(error = pfkey_msg_hdr_build(&extensions[0], | |
54473 | + SADB_ACQUIRE, | |
54474 | + satype, | |
54475 | + 0, | |
54476 | + ++pfkey_msg_seq, | |
54477 | + 0), | |
54478 | + extensions) | |
54479 | + && pfkey_safe_build(error = pfkey_address_build(&extensions[SADB_EXT_ADDRESS_SRC], | |
54480 | + SADB_EXT_ADDRESS_SRC, | |
54481 | + ipsp->ips_transport_protocol, | |
54482 | + 0, | |
54483 | + ipsp->ips_addr_s), | |
54484 | + extensions) | |
54485 | + && pfkey_safe_build(error = pfkey_address_build(&extensions[SADB_EXT_ADDRESS_DST], | |
54486 | + SADB_EXT_ADDRESS_DST, | |
54487 | + ipsp->ips_transport_protocol, | |
54488 | + 0, | |
54489 | + ipsp->ips_addr_d), | |
54490 | + extensions) | |
54491 | +#if 0 | |
54492 | + && (ipsp->ips_addr_p | |
54493 | + ? pfkey_safe_build(error = pfkey_address_build(&extensions[SADB_EXT_ADDRESS_PROXY], | |
54494 | + SADB_EXT_ADDRESS_PROXY, | |
54495 | + ipsp->ips_transport_protocol, | |
54496 | + 0, | |
54497 | + ipsp->ips_addr_p), | |
54498 | + extensions) : 1) | |
54499 | +#endif | |
54500 | + && (ipsp->ips_ident_s.type != SADB_IDENTTYPE_RESERVED | |
54501 | + ? pfkey_safe_build(error = pfkey_ident_build(&extensions[SADB_EXT_IDENTITY_SRC], | |
54502 | + SADB_EXT_IDENTITY_SRC, | |
54503 | + ipsp->ips_ident_s.type, | |
54504 | + ipsp->ips_ident_s.id, | |
54505 | + ipsp->ips_ident_s.len, | |
54506 | + ipsp->ips_ident_s.data), | |
54507 | + extensions) : 1) | |
54508 | + | |
54509 | + && (ipsp->ips_ident_d.type != SADB_IDENTTYPE_RESERVED | |
54510 | + ? pfkey_safe_build(error = pfkey_ident_build(&extensions[SADB_EXT_IDENTITY_DST], | |
54511 | + SADB_EXT_IDENTITY_DST, | |
54512 | + ipsp->ips_ident_d.type, | |
54513 | + ipsp->ips_ident_d.id, | |
54514 | + ipsp->ips_ident_d.len, | |
54515 | + ipsp->ips_ident_d.data), | |
54516 | + extensions) : 1) | |
54517 | +#if 0 | |
54518 | + /* FIXME: This won't work yet because I have not finished | |
54519 | + it. */ | |
54520 | + && (ipsp->ips_sens_ | |
54521 | + ? pfkey_safe_build(error = pfkey_sens_build(&extensions[SADB_EXT_SENSITIVITY], | |
54522 | + ipsp->ips_sens_dpd, | |
54523 | + ipsp->ips_sens_sens_level, | |
54524 | + ipsp->ips_sens_sens_len, | |
54525 | + ipsp->ips_sens_sens_bitmap, | |
54526 | + ipsp->ips_sens_integ_level, | |
54527 | + ipsp->ips_sens_integ_len, | |
54528 | + ipsp->ips_sens_integ_bitmap), | |
54529 | + extensions) : 1) | |
54530 | +#endif | |
54531 | + && pfkey_safe_build(error = pfkey_prop_build(&extensions[SADB_EXT_PROPOSAL], | |
54532 | + 64, /* replay */ | |
54533 | + sizeof(comb)/sizeof(struct sadb_comb), | |
54534 | + &(comb[0])), | |
54535 | + extensions) | |
54536 | + )) { | |
54537 | + KLIPS_PRINT(1|debug_pfkey, "klips_debug:pfkey_acquire: " | |
54538 | + "failed to build the acquire message extensions\n"); | |
54539 | + SENDERR(-error); | |
54540 | + } | |
54541 | + | |
54542 | + if ((error = pfkey_msg_build(&pfkey_msg, extensions, EXT_BITS_OUT))) { | |
54543 | + KLIPS_PRINT(1|debug_pfkey, "klips_debug:pfkey_acquire: " | |
54544 | + "failed to build the acquire message\n"); | |
54545 | + SENDERR(-error); | |
54546 | + } | |
54547 | + | |
54548 | +#if KLIPS_PFKEY_ACQUIRE_LOSSAGE > 0 | |
54549 | + if(sysctl_ipsec_regress_pfkey_lossage) { | |
54550 | + return(0); | |
54551 | + } | |
54552 | +#endif | |
54553 | + | |
54554 | + /* this should go to all registered sockets for that satype only */ | |
54555 | + for(pfkey_socketsp = pfkey_registered_sockets[satype]; | |
54556 | + pfkey_socketsp; | |
54557 | + pfkey_socketsp = pfkey_socketsp->next) { | |
54558 | + if((error = pfkey_upmsg(pfkey_socketsp->socketp, pfkey_msg))) { | |
54559 | + KLIPS_PRINT(1|debug_pfkey, "klips_debug:pfkey_acquire: " | |
54560 | + "sending up acquire message for satype=%d(%s) to socket=0p%p failed with error=%d.\n", | |
54561 | + satype, | |
54562 | + satype2name(satype), | |
54563 | + pfkey_socketsp->socketp, | |
54564 | + error); | |
54565 | + SENDERR(-error); | |
54566 | + } | |
54567 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_acquire: " | |
54568 | + "sending up acquire message for satype=%d(%s) to socket=0p%p succeeded.\n", | |
54569 | + satype, | |
54570 | + satype2name(satype), | |
54571 | + pfkey_socketsp->socketp); | |
54572 | + } | |
54573 | + | |
54574 | + errlab: | |
54575 | + if (pfkey_msg) { | |
54576 | + pfkey_msg_free(&pfkey_msg); | |
54577 | + } | |
54578 | + pfkey_extensions_free(extensions); | |
54579 | + return error; | |
54580 | +} | |
54581 | + | |
54582 | +#ifdef CONFIG_IPSEC_NAT_TRAVERSAL | |
54583 | +int | |
54584 | +pfkey_nat_t_new_mapping(struct ipsec_sa *ipsp, struct sockaddr *ipaddr, | |
54585 | + __u16 sport) | |
54586 | +{ | |
54587 | + struct sadb_ext *extensions[SADB_EXT_MAX+1]; | |
54588 | + struct sadb_msg *pfkey_msg = NULL; | |
54589 | + struct socket_list *pfkey_socketsp; | |
54590 | + int error = 0; | |
54591 | + uint8_t satype = (ipsp->ips_said.proto==IPPROTO_ESP) ? SADB_SATYPE_ESP : 0; | |
54592 | + | |
54593 | + /* Construct SADB_X_NAT_T_NEW_MAPPING message */ | |
54594 | + | |
54595 | + pfkey_extensions_init(extensions); | |
54596 | + | |
54597 | + if((satype == 0) || (satype > SADB_SATYPE_MAX)) { | |
54598 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_nat_t_new_mapping: " | |
54599 | + "SAtype=%d unspecified or unknown.\n", | |
54600 | + satype); | |
54601 | + SENDERR(EINVAL); | |
54602 | + } | |
54603 | + | |
54604 | + if(!(pfkey_registered_sockets[satype])) { | |
54605 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_nat_t_new_mapping: " | |
54606 | + "no sockets registered for SAtype=%d(%s).\n", | |
54607 | + satype, | |
54608 | + satype2name(satype)); | |
54609 | + SENDERR(EPROTONOSUPPORT); | |
54610 | + } | |
54611 | + | |
54612 | + if (!(pfkey_safe_build | |
54613 | + (error = pfkey_msg_hdr_build(&extensions[0], SADB_X_NAT_T_NEW_MAPPING, | |
54614 | + satype, 0, ++pfkey_msg_seq, 0), extensions) | |
54615 | + /* SA */ | |
54616 | + && pfkey_safe_build | |
54617 | + (error = pfkey_sa_build(&extensions[SADB_EXT_SA], | |
54618 | + SADB_EXT_SA, ipsp->ips_said.spi, 0, 0, 0, 0, 0), extensions) | |
54619 | + /* ADDRESS_SRC = old addr */ | |
54620 | + && pfkey_safe_build | |
54621 | + (error = pfkey_address_build(&extensions[SADB_EXT_ADDRESS_SRC], | |
54622 | + SADB_EXT_ADDRESS_SRC, ipsp->ips_said.proto, 0, ipsp->ips_addr_s), | |
54623 | + extensions) | |
54624 | + /* NAT_T_SPORT = old port */ | |
54625 | + && pfkey_safe_build | |
54626 | + (error = pfkey_x_nat_t_port_build(&extensions[SADB_X_EXT_NAT_T_SPORT], | |
54627 | + SADB_X_EXT_NAT_T_SPORT, ipsp->ips_natt_sport), extensions) | |
54628 | + /* ADDRESS_DST = new addr */ | |
54629 | + && pfkey_safe_build | |
54630 | + (error = pfkey_address_build(&extensions[SADB_EXT_ADDRESS_DST], | |
54631 | + SADB_EXT_ADDRESS_DST, ipsp->ips_said.proto, 0, ipaddr), extensions) | |
54632 | + /* NAT_T_DPORT = new port */ | |
54633 | + && pfkey_safe_build | |
54634 | + (error = pfkey_x_nat_t_port_build(&extensions[SADB_X_EXT_NAT_T_DPORT], | |
54635 | + SADB_X_EXT_NAT_T_DPORT, sport), extensions) | |
54636 | + )) { | |
54637 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_nat_t_new_mapping: " | |
54638 | + "failed to build the nat_t_new_mapping message extensions\n"); | |
54639 | + SENDERR(-error); | |
54640 | + } | |
54641 | + | |
54642 | + if ((error = pfkey_msg_build(&pfkey_msg, extensions, EXT_BITS_OUT))) { | |
54643 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_nat_t_new_mapping: " | |
54644 | + "failed to build the nat_t_new_mapping message\n"); | |
54645 | + SENDERR(-error); | |
54646 | + } | |
54647 | + | |
54648 | + /* this should go to all registered sockets for that satype only */ | |
54649 | + for(pfkey_socketsp = pfkey_registered_sockets[satype]; | |
54650 | + pfkey_socketsp; | |
54651 | + pfkey_socketsp = pfkey_socketsp->next) { | |
54652 | + if((error = pfkey_upmsg(pfkey_socketsp->socketp, pfkey_msg))) { | |
54653 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_nat_t_new_mapping: " | |
54654 | + "sending up nat_t_new_mapping message for satype=%d(%s) to socket=%p failed with error=%d.\n", | |
54655 | + satype, | |
54656 | + satype2name(satype), | |
54657 | + pfkey_socketsp->socketp, | |
54658 | + error); | |
54659 | + SENDERR(-error); | |
54660 | + } | |
54661 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_nat_t_new_mapping: " | |
54662 | + "sending up nat_t_new_mapping message for satype=%d(%s) to socket=%p succeeded.\n", | |
54663 | + satype, | |
54664 | + satype2name(satype), | |
54665 | + pfkey_socketsp->socketp); | |
54666 | + } | |
54667 | + | |
54668 | + errlab: | |
54669 | + if (pfkey_msg) { | |
54670 | + pfkey_msg_free(&pfkey_msg); | |
54671 | + } | |
54672 | + pfkey_extensions_free(extensions); | |
54673 | + return error; | |
54674 | +} | |
54675 | + | |
54676 | +DEBUG_NO_STATIC int | |
54677 | +pfkey_x_nat_t_new_mapping_parse(struct sock *sk, struct sadb_ext **extensions, struct pfkey_extracted_data* extr) | |
54678 | +{ | |
54679 | + /* SADB_X_NAT_T_NEW_MAPPING not used in kernel */ | |
54680 | + return -EINVAL; | |
54681 | +} | |
54682 | +#endif | |
54683 | + | |
54684 | +DEBUG_NO_STATIC int (*ext_processors[SADB_EXT_MAX+1])(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr) = | |
54685 | +{ | |
54686 | + NULL, /* pfkey_msg_process, */ | |
54687 | + pfkey_sa_process, | |
54688 | + pfkey_lifetime_process, | |
54689 | + pfkey_lifetime_process, | |
54690 | + pfkey_lifetime_process, | |
54691 | + pfkey_address_process, | |
54692 | + pfkey_address_process, | |
54693 | + pfkey_address_process, | |
54694 | + pfkey_key_process, | |
54695 | + pfkey_key_process, | |
54696 | + pfkey_ident_process, | |
54697 | + pfkey_ident_process, | |
54698 | + pfkey_sens_process, | |
54699 | + pfkey_prop_process, | |
54700 | + pfkey_supported_process, | |
54701 | + pfkey_supported_process, | |
54702 | + pfkey_spirange_process, | |
54703 | + pfkey_x_kmprivate_process, | |
54704 | + pfkey_x_satype_process, | |
54705 | + pfkey_sa_process, | |
54706 | + pfkey_address_process, | |
54707 | + pfkey_address_process, | |
54708 | + pfkey_address_process, | |
54709 | + pfkey_address_process, | |
54710 | + pfkey_address_process, | |
54711 | + pfkey_x_debug_process, | |
54712 | + pfkey_x_protocol_process | |
54713 | +#ifdef CONFIG_IPSEC_NAT_TRAVERSAL | |
54714 | + , | |
54715 | + pfkey_x_nat_t_type_process, | |
54716 | + pfkey_x_nat_t_port_process, | |
54717 | + pfkey_x_nat_t_port_process, | |
54718 | + pfkey_address_process | |
54719 | +#endif | |
54720 | +}; | |
54721 | + | |
54722 | + | |
54723 | +DEBUG_NO_STATIC int (*msg_parsers[SADB_MAX +1])(struct sock *sk, struct sadb_ext *extensions[], struct pfkey_extracted_data* extr) | |
54724 | + = | |
54725 | +{ | |
54726 | + NULL, /* RESERVED */ | |
54727 | + pfkey_getspi_parse, | |
54728 | + pfkey_update_parse, | |
54729 | + pfkey_add_parse, | |
54730 | + pfkey_delete_parse, | |
54731 | + pfkey_get_parse, | |
54732 | + pfkey_acquire_parse, | |
54733 | + pfkey_register_parse, | |
54734 | + pfkey_expire_parse, | |
54735 | + pfkey_flush_parse, | |
54736 | + pfkey_dump_parse, | |
54737 | + pfkey_x_promisc_parse, | |
54738 | + pfkey_x_pchange_parse, | |
54739 | + pfkey_x_grpsa_parse, | |
54740 | + pfkey_x_addflow_parse, | |
54741 | + pfkey_x_delflow_parse, | |
54742 | + pfkey_x_msg_debug_parse | |
54743 | +#ifdef CONFIG_IPSEC_NAT_TRAVERSAL | |
54744 | + , pfkey_x_nat_t_new_mapping_parse | |
54745 | +#endif | |
54746 | +}; | |
54747 | + | |
54748 | +int | |
54749 | +pfkey_build_reply(struct sadb_msg *pfkey_msg, | |
54750 | + struct pfkey_extracted_data *extr, | |
54751 | + struct sadb_msg **pfkey_reply) | |
54752 | +{ | |
54753 | + struct sadb_ext *extensions[SADB_EXT_MAX+1]; | |
54754 | + int error = 0; | |
54755 | + int msg_type = pfkey_msg->sadb_msg_type; | |
54756 | + int seq = pfkey_msg->sadb_msg_seq; | |
54757 | + | |
54758 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_build_reply: " | |
54759 | + "building reply with type: %d\n", | |
54760 | + msg_type); | |
54761 | + pfkey_extensions_init(extensions); | |
54762 | + if (!extr || !extr->ips) { | |
54763 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_build_reply: " | |
54764 | + "bad ipsec_sa passed\n"); | |
54765 | + return EINVAL; | |
54766 | + } | |
54767 | + error = pfkey_safe_build(pfkey_msg_hdr_build(&extensions[0], | |
54768 | + msg_type, | |
54769 | + proto2satype(extr->ips->ips_said.proto), | |
54770 | + 0, | |
54771 | + seq, | |
54772 | + pfkey_msg->sadb_msg_pid), | |
54773 | + extensions) && | |
54774 | + (!(extensions_bitmaps[EXT_BITS_OUT][EXT_BITS_REQ][msg_type] & | |
54775 | + 1 << SADB_EXT_SA) | |
54776 | + || pfkey_safe_build(pfkey_sa_ref_build(&extensions[SADB_EXT_SA], | |
54777 | + SADB_EXT_SA, | |
54778 | + extr->ips->ips_said.spi, | |
54779 | + extr->ips->ips_replaywin, | |
54780 | + extr->ips->ips_state, | |
54781 | + extr->ips->ips_authalg, | |
54782 | + extr->ips->ips_encalg, | |
54783 | + extr->ips->ips_flags, | |
54784 | + extr->ips->ips_ref), | |
54785 | + extensions)) && | |
54786 | + (!(extensions_bitmaps[EXT_BITS_OUT][EXT_BITS_REQ][msg_type] & | |
54787 | + 1 << SADB_EXT_LIFETIME_CURRENT) | |
54788 | + || pfkey_safe_build(pfkey_lifetime_build(&extensions | |
54789 | + [SADB_EXT_LIFETIME_CURRENT], | |
54790 | + SADB_EXT_LIFETIME_CURRENT, | |
54791 | + extr->ips->ips_life.ipl_allocations.ipl_count, | |
54792 | + extr->ips->ips_life.ipl_bytes.ipl_count, | |
54793 | + extr->ips->ips_life.ipl_addtime.ipl_count, | |
54794 | + extr->ips->ips_life.ipl_usetime.ipl_count, | |
54795 | + extr->ips->ips_life.ipl_packets.ipl_count), | |
54796 | + extensions)) && | |
54797 | + (!(extensions_bitmaps[EXT_BITS_OUT][EXT_BITS_REQ][msg_type] & | |
54798 | + 1 << SADB_EXT_ADDRESS_SRC) | |
54799 | + || pfkey_safe_build(pfkey_address_build(&extensions[SADB_EXT_ADDRESS_SRC], | |
54800 | + SADB_EXT_ADDRESS_SRC, | |
54801 | + extr->ips->ips_said.proto, | |
54802 | + 0, | |
54803 | + extr->ips->ips_addr_s), | |
54804 | + extensions)) && | |
54805 | + (!(extensions_bitmaps[EXT_BITS_OUT][EXT_BITS_REQ][msg_type] & | |
54806 | + 1 << SADB_EXT_ADDRESS_DST) | |
54807 | + || pfkey_safe_build(pfkey_address_build(&extensions[SADB_EXT_ADDRESS_DST], | |
54808 | + SADB_EXT_ADDRESS_DST, | |
54809 | + extr->ips->ips_said.proto, | |
54810 | + 0, | |
54811 | + extr->ips->ips_addr_d), | |
54812 | + extensions)); | |
54813 | + | |
54814 | + if (error == 0) { | |
54815 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_build_reply: " | |
54816 | + "building extensions failed\n"); | |
54817 | + return EINVAL; | |
54818 | + } | |
54819 | + | |
54820 | + KLIPS_PRINT(debug_pfkey, | |
54821 | + "klips_debug:pfkey_build_reply: " | |
54822 | + "built extensions, proceed to build the message\n"); | |
54823 | + KLIPS_PRINT(debug_pfkey, | |
54824 | + "klips_debug:pfkey_build_reply: " | |
54825 | + "extensions[1]=0p%p\n", | |
54826 | + extensions[1]); | |
54827 | + error = pfkey_msg_build(pfkey_reply, extensions, EXT_BITS_OUT); | |
54828 | + pfkey_extensions_free(extensions); | |
54829 | + | |
54830 | + return error; | |
54831 | +} | |
54832 | + | |
54833 | +int | |
54834 | +pfkey_msg_interp(struct sock *sk, struct sadb_msg *pfkey_msg, | |
54835 | + struct sadb_msg **pfkey_reply) | |
54836 | +{ | |
54837 | + int error = 0; | |
54838 | + int i; | |
54839 | + struct sadb_ext *extensions[SADB_EXT_MAX+1]; | |
54840 | + struct pfkey_extracted_data extr = {NULL, NULL, NULL}; | |
54841 | + | |
54842 | + pfkey_extensions_init(extensions); | |
54843 | + KLIPS_PRINT(debug_pfkey, | |
54844 | + "klips_debug:pfkey_msg_interp: " | |
54845 | + "parsing message ver=%d, type=%d, errno=%d, satype=%d(%s), len=%d, res=%d, seq=%d, pid=%d.\n", | |
54846 | + pfkey_msg->sadb_msg_version, | |
54847 | + pfkey_msg->sadb_msg_type, | |
54848 | + pfkey_msg->sadb_msg_errno, | |
54849 | + pfkey_msg->sadb_msg_satype, | |
54850 | + satype2name(pfkey_msg->sadb_msg_satype), | |
54851 | + pfkey_msg->sadb_msg_len, | |
54852 | + pfkey_msg->sadb_msg_reserved, | |
54853 | + pfkey_msg->sadb_msg_seq, | |
54854 | + pfkey_msg->sadb_msg_pid); | |
54855 | + | |
54856 | + extr.ips = ipsec_sa_alloc(&error); /* pass in error var by pointer */ | |
54857 | + if(extr.ips == NULL) { | |
54858 | + KLIPS_PRINT(debug_pfkey, | |
54859 | + "klips_debug:pfkey_msg_interp: " | |
54860 | + "memory allocation error.\n"); | |
54861 | + SENDERR(-error); | |
54862 | + } | |
54863 | + | |
54864 | + KLIPS_PRINT(debug_pfkey, | |
54865 | + "klips_debug:pfkey_msg_interp: " | |
54866 | + "allocated extr->ips=0p%p.\n", | |
54867 | + extr.ips); | |
54868 | + | |
54869 | + if(pfkey_msg->sadb_msg_satype > SADB_SATYPE_MAX) { | |
54870 | + KLIPS_PRINT(debug_pfkey, | |
54871 | + "klips_debug:pfkey_msg_interp: " | |
54872 | + "satype %d > max %d\n", | |
54873 | + pfkey_msg->sadb_msg_satype, | |
54874 | + SADB_SATYPE_MAX); | |
54875 | + SENDERR(EINVAL); | |
54876 | + } | |
54877 | + | |
54878 | + switch(pfkey_msg->sadb_msg_type) { | |
54879 | + case SADB_GETSPI: | |
54880 | + case SADB_UPDATE: | |
54881 | + case SADB_ADD: | |
54882 | + case SADB_DELETE: | |
54883 | + case SADB_X_GRPSA: | |
54884 | + case SADB_X_ADDFLOW: | |
54885 | + if(!(extr.ips->ips_said.proto = satype2proto(pfkey_msg->sadb_msg_satype))) { | |
54886 | + KLIPS_PRINT(debug_pfkey, | |
54887 | + "klips_debug:pfkey_msg_interp: " | |
54888 | + "satype %d lookup failed.\n", | |
54889 | + pfkey_msg->sadb_msg_satype); | |
54890 | + SENDERR(EINVAL); | |
54891 | + } else { | |
54892 | + KLIPS_PRINT(debug_pfkey, | |
54893 | + "klips_debug:pfkey_msg_interp: " | |
54894 | + "satype %d lookups to proto=%d.\n", | |
54895 | + pfkey_msg->sadb_msg_satype, | |
54896 | + extr.ips->ips_said.proto); | |
54897 | + } | |
54898 | + break; | |
54899 | + default: | |
54900 | + break; | |
54901 | + } | |
54902 | + | |
54903 | + /* The NULL below causes the default extension parsers to be used */ | |
54904 | + /* Parse the extensions */ | |
54905 | + if((error = pfkey_msg_parse(pfkey_msg, NULL, extensions, EXT_BITS_IN))) | |
54906 | + { | |
54907 | + KLIPS_PRINT(debug_pfkey, | |
54908 | + "klips_debug:pfkey_msg_interp: " | |
54909 | + "message parsing failed with error %d.\n", | |
54910 | + error); | |
54911 | + SENDERR(-error); | |
54912 | + } | |
54913 | + | |
54914 | + /* Process the extensions */ | |
54915 | + for(i=1; i <= SADB_EXT_MAX;i++) { | |
54916 | + if(extensions[i] != NULL) { | |
54917 | + KLIPS_PRINT(debug_pfkey, | |
54918 | + "klips_debug:pfkey_msg_interp: " | |
54919 | + "processing ext %d 0p%p with processor 0p%p.\n", | |
54920 | + i, extensions[i], ext_processors[i]); | |
54921 | + if((error = ext_processors[i](extensions[i], &extr))) { | |
54922 | + KLIPS_PRINT(debug_pfkey, | |
54923 | + "klips_debug:pfkey_msg_interp: " | |
54924 | + "extension processing for type %d failed with error %d.\n", | |
54925 | + i, | |
54926 | + error); | |
54927 | + SENDERR(-error); | |
54928 | + } | |
54929 | + | |
54930 | + } | |
54931 | + | |
54932 | + } | |
54933 | + | |
54934 | + /* Parse the message types */ | |
54935 | + KLIPS_PRINT(debug_pfkey, | |
54936 | + "klips_debug:pfkey_msg_interp: " | |
54937 | + "parsing message type %d(%s) with msg_parser 0p%p.\n", | |
54938 | + pfkey_msg->sadb_msg_type, | |
54939 | + pfkey_v2_sadb_type_string(pfkey_msg->sadb_msg_type), | |
54940 | + msg_parsers[pfkey_msg->sadb_msg_type]); | |
54941 | + if((error = msg_parsers[pfkey_msg->sadb_msg_type](sk, extensions, &extr))) { | |
54942 | + KLIPS_PRINT(debug_pfkey, | |
54943 | + "klips_debug:pfkey_msg_interp: " | |
54944 | + "message parsing failed with error %d.\n", | |
54945 | + error); | |
54946 | + SENDERR(-error); | |
54947 | + } | |
54948 | + | |
54949 | +#if 0 | |
54950 | + error = pfkey_build_reply(pfkey_msg, &extr, pfkey_reply); | |
54951 | + if (error) { | |
54952 | + *pfkey_reply = NULL; | |
54953 | + } | |
54954 | +#endif | |
54955 | + errlab: | |
54956 | + if(extr.ips != NULL) { | |
54957 | + ipsec_sa_wipe(extr.ips); | |
54958 | + } | |
54959 | + if(extr.ips2 != NULL) { | |
54960 | + ipsec_sa_wipe(extr.ips2); | |
54961 | + } | |
54962 | + if (extr.eroute != NULL) { | |
54963 | + kfree(extr.eroute); | |
54964 | + } | |
54965 | + return(error); | |
54966 | +} | |
54967 | + | |
54968 | +/* | |
54969 | + * $Log: pfkey_v2_parser.c,v $ | |
54970 | + * Revision 1.134.2.2 2006/10/06 21:39:26 paul | |
54971 | + * Fix for 2.6.18+ only include linux/config.h if AUTOCONF_INCLUDED is not | |
54972 | + * set. This is defined through autoconf.h which is included through the | |
54973 | + * linux kernel build macros. | |
54974 | + * | |
54975 | + * Revision 1.134.2.1 2006/05/01 14:37:25 mcr | |
54976 | + * ip_chk_addr -> inet_addr_type for more direct 2.4/2.6 support. | |
54977 | + * | |
54978 | + * Revision 1.134 2005/05/11 01:48:20 mcr | |
54979 | + * removed "poor-man"s OOP in favour of proper C structures. | |
54980 | + * | |
54981 | + * Revision 1.133 2005/04/29 05:10:22 mcr | |
54982 | + * removed from extraenous includes to make unit testing easier. | |
54983 | + * | |
54984 | + * Revision 1.132 2005/04/14 20:56:24 mcr | |
54985 | + * moved (pfkey_)ipsec_sa_init to ipsec_sa.c. | |
54986 | + * | |
54987 | + * Revision 1.131 2005/01/26 00:50:35 mcr | |
54988 | + * adjustment of confusion of CONFIG_IPSEC_NAT vs CONFIG_KLIPS_NAT, | |
54989 | + * and make sure that NAT_TRAVERSAL is set as well to match | |
54990 | + * userspace compiles of code. | |
54991 | + * | |
54992 | + * Revision 1.130 2004/09/08 17:21:36 ken | |
54993 | + * Rename MD5* -> osMD5 functions to prevent clashes with other symbols exported by kernel modules (CIFS in 2.6 initiated this) | |
54994 | + * | |
54995 | + * Revision 1.129 2004/09/06 18:36:30 mcr | |
54996 | + * if a protocol can not be found, then log it. This is not | |
54997 | + * debugging. | |
54998 | + * | |
54999 | + * Revision 1.128 2004/08/21 00:45:19 mcr | |
55000 | + * CONFIG_KLIPS_NAT was wrong, also need to include udp.h. | |
55001 | + * | |
55002 | + * Revision 1.127 2004/08/20 21:45:45 mcr | |
55003 | + * CONFIG_KLIPS_NAT_TRAVERSAL is not used in an attempt to | |
55004 | + * be 26sec compatible. But, some defines where changed. | |
55005 | + * | |
55006 | + * Revision 1.126 2004/08/17 03:27:23 mcr | |
55007 | + * klips 2.6 edits. | |
55008 | + * | |
55009 | + * Revision 1.125 2004/08/04 15:57:07 mcr | |
55010 | + * moved des .h files to include/des/ * | |
55011 | + * included 2.6 protocol specific things | |
55012 | + * started at NAT-T support, but it will require a kernel patch. | |
55013 | + * | |
55014 | + * Revision 1.124 2004/07/10 19:11:18 mcr | |
55015 | + * CONFIG_IPSEC -> CONFIG_KLIPS. | |
55016 | + * | |
55017 | + * Revision 1.123 2004/04/06 02:49:26 mcr | |
55018 | + * pullup of algo code from alg-branch. | |
55019 | + * | |
55020 | + * Revision 1.122.2.2 2004/04/05 04:30:46 mcr | |
55021 | + * patches for alg-branch to compile/work with 2.x openswan | |
55022 | + * | |
55023 | + * Revision 1.122.2.1 2003/12/22 15:25:52 jjo | |
55024 | + * . Merged algo-0.8.1-rc11-test1 into alg-branch | |
55025 | + * | |
55026 | + * Revision 1.122 2003/12/10 01:14:27 mcr | |
55027 | + * NAT-traversal patches to KLIPS. | |
55028 | + * | |
55029 | + * Revision 1.121 2003/10/31 02:27:55 mcr | |
55030 | + * pulled up port-selector patches and sa_id elimination. | |
55031 | + * | |
55032 | + * Revision 1.120.4.2 2003/10/29 01:30:41 mcr | |
55033 | + * elimited "struct sa_id". | |
55034 | + * | |
55035 | + * Revision 1.120.4.1 2003/09/21 13:59:56 mcr | |
55036 | + * pre-liminary X.509 patch - does not yet pass tests. | |
55037 | + * | |
55038 | + * Revision 1.120 2003/04/03 17:38:09 rgb | |
55039 | + * Centralised ipsec_kfree_skb and ipsec_dev_{get,put}. | |
55040 | + * | |
55041 | + * Revision 1.119 2003/02/06 01:52:37 rgb | |
55042 | + * Removed no longer relevant comment | |
55043 | + * | |
55044 | + * Revision 1.118 2003/01/30 02:32:44 rgb | |
55045 | + * | |
55046 | + * Transmit error code through to caller from callee for better diagnosis of problems. | |
55047 | + * | |
55048 | + * Revision 1.117 2003/01/16 18:48:13 rgb | |
55049 | + * | |
55050 | + * Fixed sign bug in error return from an sa allocation call in | |
55051 | + * pfkey_msg_interp. | |
55052 | + * | |
55053 | + * Revision 1.116 2002/10/17 16:38:01 rgb | |
55054 | + * Change pfkey_alloc_eroute() to never static since its consumers | |
55055 | + * have been moved outside the file. | |
55056 | + * | |
55057 | + * Revision 1.115 2002/10/12 23:11:53 dhr | |
55058 | + * | |
55059 | + * [KenB + DHR] more 64-bit cleanup | |
55060 | + * | |
55061 | + * Revision 1.114 2002/10/05 05:02:58 dhr | |
55062 | + * | |
55063 | + * C labels go on statements | |
55064 | + * | |
55065 | + * Revision 1.113 2002/09/30 19:11:22 rgb | |
55066 | + * Turn on debugging for upgoing acquire messages to test for reliability. | |
55067 | + * | |
55068 | + * Revision 1.112 2002/09/20 15:41:16 rgb | |
55069 | + * Switch from pfkey_alloc_ipsec_sa() to ipsec_sa_alloc(). | |
55070 | + * Added sadb_x_sa_ref to struct sadb_sa. | |
55071 | + * Added ref parameter to pfkey_sa_build(). | |
55072 | + * | |
55073 | + * Revision 1.111 2002/09/20 05:02:08 rgb | |
55074 | + * Added memory allocation debugging. | |
55075 | + * Convert to switch to divulge hmac keys for debugging. | |
55076 | + * Added text labels to elucidate numeric values presented. | |
55077 | + * | |
55078 | + * Revision 1.110 2002/08/03 18:03:05 mcr | |
55079 | + * loop that checks for SPI's to have been already linked | |
55080 | + * fails to actually step to next pointer, but continuously | |
55081 | + * resets to head of list. Wrong pointer used. | |
55082 | + * test east-icmp-02 revealed this. | |
55083 | + * | |
55084 | + * Revision 1.109 2002/07/26 08:48:31 rgb | |
55085 | + * Added SA ref table code. | |
55086 | + * | |
55087 | + * Revision 1.108 2002/05/27 18:55:03 rgb | |
55088 | + * Remove final vistiges of tdb references via IPSEC_KLIPS1_COMPAT. | |
55089 | + * | |
55090 | + * Revision 1.107 2002/05/23 07:16:08 rgb | |
55091 | + * Added ipsec_sa_put() for releasing an ipsec_sa refcount. | |
55092 | + * Pointer clean-up. | |
55093 | + * Added refcount code. | |
55094 | + * | |
55095 | + * Revision 1.106 2002/05/14 02:34:13 rgb | |
55096 | + * Converted reference from ipsec_sa_put to ipsec_sa_add to avoid confusion | |
55097 | + * with "put" usage in the kernel. | |
55098 | + * Change all references to tdb, TDB or Tunnel Descriptor Block to ips, | |
55099 | + * ipsec_sa or ipsec_sa. | |
55100 | + * Moved all the extension parsing functions to pfkey_v2_ext_process.c. | |
55101 | + * | |
55102 | + * Revision 1.105 2002/04/24 07:55:32 mcr | |
55103 | + * #include patches and Makefiles for post-reorg compilation. | |
55104 | + * | |
55105 | + * Revision 1.104 2002/04/24 07:36:34 mcr | |
55106 | + * Moved from ./klips/net/ipsec/pfkey_v2_parser.c,v | |
55107 | + * | |
55108 | + * Revision 1.103 2002/04/20 00:12:25 rgb | |
55109 | + * Added esp IV CBC attack fix, disabled. | |
55110 | + * | |
55111 | + * Revision 1.102 2002/03/08 01:15:17 mcr | |
55112 | + * put some internal structure only debug messages behind | |
55113 | + * && sysctl_ipsec_debug_verbose. | |
55114 | + * | |
55115 | + * Revision 1.101 2002/01/29 17:17:57 mcr | |
55116 | + * moved include of ipsec_param.h to after include of linux/kernel.h | |
55117 | + * otherwise, it seems that some option that is set in ipsec_param.h | |
55118 | + * screws up something subtle in the include path to kernel.h, and | |
55119 | + * it complains on the snprintf() prototype. | |
55120 | + * | |
55121 | + * Revision 1.100 2002/01/29 04:00:54 mcr | |
55122 | + * more excise of kversions.h header. | |
55123 | + * | |
55124 | + * Revision 1.99 2002/01/29 02:13:19 mcr | |
55125 | + * introduction of ipsec_kversion.h means that include of | |
55126 | + * ipsec_param.h must preceed any decisions about what files to | |
55127 | + * include to deal with differences in kernel source. | |
55128 | + * | |
55129 | + * Revision 1.98 2002/01/12 02:57:57 mcr | |
55130 | + * first regression test causes acquire messages to be lost | |
55131 | + * 100% of the time. This is to help testing of pluto. | |
55132 | + * | |
55133 | + * Revision 1.97 2001/11/26 09:23:52 rgb | |
55134 | + * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes. | |
55135 | + * | |
55136 | + * Revision 1.93.2.4 2001/10/23 04:20:27 mcr | |
55137 | + * parity was forced on wrong structure! prototypes help here. | |
55138 | + * | |
55139 | + * Revision 1.93.2.3 2001/10/22 21:14:59 mcr | |
55140 | + * include des.h, removed phony prototypes and fixed calling | |
55141 | + * conventions to match real prototypes. | |
55142 | + * | |
55143 | + * Revision 1.93.2.2 2001/10/15 05:39:03 mcr | |
55144 | + * %08lx is not the right format for u32. Use %08x. 64-bit safe? ha. | |
55145 | + * | |
55146 | + * Revision 1.93.2.1 2001/09/25 02:30:14 mcr | |
55147 | + * struct tdb -> struct ipsec_sa. | |
55148 | + * use new lifetime structure. common format routines for debug. | |
55149 | + * | |
55150 | + * Revision 1.96 2001/11/06 20:47:54 rgb | |
55151 | + * Fixed user context call to ipsec_dev_start_xmit() bug. Call | |
55152 | + * dev_queue_xmit() instead. | |
55153 | + * | |
55154 | + * Revision 1.95 2001/11/06 19:47:46 rgb | |
55155 | + * Added packet parameter to lifetime and comb structures. | |
55156 | + * | |
55157 | + * Revision 1.94 2001/10/18 04:45:23 rgb | |
55158 | + * 2.4.9 kernel deprecates linux/malloc.h in favour of linux/slab.h, | |
55159 | + * lib/freeswan.h version macros moved to lib/kversions.h. | |
55160 | + * Other compiler directive cleanups. | |
55161 | + * | |
55162 | + * Revision 1.93 2001/09/20 15:32:59 rgb | |
55163 | + * Min/max cleanup. | |
55164 | + * | |
55165 | + * Revision 1.92 2001/09/19 16:35:48 rgb | |
55166 | + * PF_KEY ident fix for getspi from NetCelo (puttdb duplication). | |
55167 | + * | |
55168 | + * Revision 1.91 2001/09/15 16:24:06 rgb | |
55169 | + * Re-inject first and last HOLD packet when an eroute REPLACE is done. | |
55170 | + * | |
55171 | + * Revision 1.90 2001/09/14 16:58:38 rgb | |
55172 | + * Added support for storing the first and last packets through a HOLD. | |
55173 | + * | |
55174 | + * Revision 1.89 2001/09/08 21:14:07 rgb | |
55175 | + * Added pfkey ident extension support for ISAKMPd. (NetCelo) | |
55176 | + * Better state coherency (error management) between pf_key and IKE daemon. | |
55177 | + * (NetCelo) | |
55178 | + * | |
55179 | + * Revision 1.88 2001/08/27 19:42:44 rgb | |
55180 | + * Fix memory leak of encrypt and auth structs in pfkey register. | |
55181 | + * | |
55182 | + * Revision 1.87 2001/07/06 19:50:46 rgb | |
55183 | + * Removed unused debugging code. | |
55184 | + * Added inbound policy checking code for IPIP SAs. | |
55185 | + * | |
55186 | + * Revision 1.86 2001/06/20 06:26:04 rgb | |
55187 | + * Changed missing SA errors from EEXIST to ENOENT and added debug output | |
55188 | + * for already linked SAs. | |
55189 | + * | |
55190 | + * Revision 1.85 2001/06/15 04:57:02 rgb | |
55191 | + * Remove single error return condition check and check for all errors in | |
55192 | + * the case of a replace eroute delete operation. This means that | |
55193 | + * applications must expect to be deleting something before replacing it | |
55194 | + * and if nothing is found, complain. | |
55195 | + * | |
55196 | + * Revision 1.84 2001/06/14 19:35:12 rgb | |
55197 | + * Update copyright date. | |
55198 | + * | |
55199 | + * Revision 1.83 2001/06/12 00:03:19 rgb | |
55200 | + * Silence debug set/unset under normal conditions. | |
55201 | + * | |
55202 | + * Revision 1.82 2001/05/30 08:14:04 rgb | |
55203 | + * Removed vestiges of esp-null transforms. | |
55204 | + * | |
55205 | + * Revision 1.81 2001/05/27 06:12:12 rgb | |
55206 | + * Added structures for pid, packet count and last access time to eroute. | |
55207 | + * Added packet count to beginning of /proc/net/ipsec_eroute. | |
55208 | + * | |
55209 | + * Revision 1.80 2001/05/03 19:43:59 rgb | |
55210 | + * Check error return codes for all build function calls. | |
55211 | + * Standardise on SENDERR() macro. | |
55212 | + * | |
55213 | + * Revision 1.79 2001/04/20 21:09:16 rgb | |
55214 | + * Cleaned up fixed tdbwipes. | |
55215 | + * Free pfkey_reply and clean up extensions_reply for grpsa, addflow and | |
55216 | + * delflow (Per Cederqvist) plugging memleaks. | |
55217 | + * | |
55218 | + * Revision 1.78 2001/04/19 19:02:39 rgb | |
55219 | + * Fixed extr.tdb freeing, stealing it for getspi, update and add. | |
55220 | + * Refined a couple of spinlocks, fixed the one in update. | |
55221 | + * | |
55222 | + * Revision 1.77 2001/04/18 20:26:16 rgb | |
55223 | + * Wipe/free eroute and both tdbs from extr at end of pfkey_msg_interp() | |
55224 | + * instead of inside each message type parser. This fixes two memleaks. | |
55225 | + * | |
55226 | + * Revision 1.76 2001/04/17 23:51:18 rgb | |
55227 | + * Quiet down pfkey_x_debug_process(). | |
55228 | + * | |
55229 | + * Revision 1.75 2001/03/29 01:55:05 rgb | |
55230 | + * Fixed pfkey key init memleak. | |
55231 | + * Fixed pfkey encryption key debug output. | |
55232 | + * | |
55233 | + * Revision 1.74 2001/03/27 05:29:14 rgb | |
55234 | + * Debug output cleanup/silencing. | |
55235 | + * | |
55236 | + * Revision 1.73 2001/02/28 05:03:28 rgb | |
55237 | + * Clean up and rationalise startup messages. | |
55238 | + * | |
55239 | + * Revision 1.72 2001/02/27 22:24:56 rgb | |
55240 | + * Re-formatting debug output (line-splitting, joining, 1arg/line). | |
55241 | + * Check for satoa() return codes. | |
55242 | + * | |
55243 | + * Revision 1.71 2001/02/27 06:59:30 rgb | |
55244 | + * Added satype2name() conversions most places satype is debug printed. | |
55245 | + * | |
55246 | + * Revision 1.70 2001/02/26 22:37:08 rgb | |
55247 | + * Fixed 'unknown proto' INT bug in new code. | |
55248 | + * Added satype to protocol debugging instrumentation. | |
55249 | + * | |
55250 | + * Revision 1.69 2001/02/26 19:57:51 rgb | |
55251 | + * Re-formatted debug output (split lines, consistent spacing). | |
55252 | + * Fixed as yet undetected FLUSH bug which called ipsec_tdbcleanup() | |
55253 | + * with an satype instead of proto. | |
55254 | + * Checked for satype consistency and fixed minor bugs. | |
55255 | + * Fixed undetected ungrpspi bug that tried to upmsg a second tdb. | |
55256 | + * Check for satype sanity in pfkey_expire(). | |
55257 | + * Added satype sanity check to addflow. | |
55258 | + * | |
55259 | + * Revision 1.68 2001/02/12 23:14:40 rgb | |
55260 | + * Remove double spin lock in pfkey_expire(). | |
55261 | + * | |
55262 | + * Revision 1.67 2001/01/31 19:23:40 rgb | |
55263 | + * Fixed double-unlock bug introduced by grpsa upmsg (found by Lars Heete). | |
55264 | + * | |
55265 | + * Revision 1.66 2001/01/29 22:20:04 rgb | |
55266 | + * Fix minor add upmsg lifetime bug. | |
55267 | + * | |
55268 | + * Revision 1.65 2001/01/24 06:12:33 rgb | |
55269 | + * Fixed address extension compile bugs just introduced. | |
55270 | + * | |
55271 | + * Revision 1.64 2001/01/24 00:31:15 rgb | |
55272 | + * Added upmsg for addflow/delflow. | |
55273 | + * | |
55274 | + * Revision 1.63 2001/01/23 22:02:55 rgb | |
55275 | + * Added upmsg to x_grpsa. | |
55276 | + * Fixed lifetimes extentions to add/update/get upmsg. | |
55277 | + * | |
55278 | + * Revision 1.62 2000/11/30 21:47:51 rgb | |
55279 | + * Fix error return bug after returning from pfkey_tdb_init(). | |
55280 | + * | |
55281 | + * Revision 1.61 2000/11/17 18:10:29 rgb | |
55282 | + * Fixed bugs mostly relating to spirange, to treat all spi variables as | |
55283 | + * network byte order since this is the way PF_KEYv2 stored spis. | |
55284 | + * | |
55285 | + * Revision 1.60 2000/11/06 04:34:53 rgb | |
55286 | + * Changed non-exported functions to DEBUG_NO_STATIC. | |
55287 | + * Add Svenning's adaptive content compression. | |
55288 | + * Ditched spin_lock_irqsave in favour of spin_lock/_bh. | |
55289 | + * Fixed double unlock bug (Svenning). | |
55290 | + * Fixed pfkey_msg uninitialized bug in pfkey_{expire,acquire}(). | |
55291 | + * Fixed incorrect extension type (prop) in pfkey)acquire(). | |
55292 | + * | |
55293 | + * Revision 1.59 2000/10/11 15:25:12 rgb | |
55294 | + * Fixed IPCOMP disabled compile bug. | |
55295 | + * | |
55296 | + * Revision 1.58 2000/10/11 14:54:03 rgb | |
55297 | + * Fixed pfkey_acquire() satype to SADB_SATYPE_ESP and removed pfkey | |
55298 | + * protocol violations of setting pfkey_address_build() protocol parameter | |
55299 | + * to non-zero except in the case of pfkey_acquire(). | |
55300 | + * | |
55301 | + * Revision 1.57 2000/10/10 20:10:18 rgb | |
55302 | + * Added support for debug_ipcomp and debug_verbose to klipsdebug. | |
55303 | + * | |
55304 | + * Revision 1.56 2000/10/06 20:24:36 rgb | |
55305 | + * Fixes to pfkey_acquire to initialize extensions[] and use correct | |
55306 | + * ipproto. | |
55307 | + * | |
55308 | + * Revision 1.55 2000/10/03 03:20:57 rgb | |
55309 | + * Added brackets to get a?b:c scope right for pfkey_register reply. | |
55310 | + * | |
55311 | + * Revision 1.54 2000/09/29 19:49:30 rgb | |
55312 | + * As-yet-unused-bits cleanup. | |
55313 | + * | |
55314 | + * Revision 1.53 2000/09/28 00:35:45 rgb | |
55315 | + * Padded SATYPE printout in pfkey_register for vertical alignment. | |
55316 | + * | |
55317 | + * Revision 1.52 2000/09/20 16:21:58 rgb | |
55318 | + * Cleaned up ident string alloc/free. | |
55319 | + * | |
55320 | + * Revision 1.51 2000/09/20 04:04:20 rgb | |
55321 | + * Changed static functions to DEBUG_NO_STATIC to reveal function names in | |
55322 | + * oopsen. | |
55323 | + * | |
55324 | + * Revision 1.50 2000/09/16 01:10:53 rgb | |
55325 | + * Fixed unused var warning with debug off. | |
55326 | + * | |
55327 | + * Revision 1.49 2000/09/15 11:37:02 rgb | |
55328 | + * Merge in heavily modified Svenning Soerensen's <svenning@post5.tele.dk> | |
55329 | + * IPCOMP zlib deflate code. | |
55330 | + * | |
55331 | + * Revision 1.48 2000/09/15 04:57:57 rgb | |
55332 | + * Cleaned up existing IPCOMP code before svenning addition. | |
55333 | + * Initialize pfkey_reply and extensions_reply in case of early error in | |
55334 | + * message parsing functions (thanks Kai!). | |
55335 | + * | |
55336 | + * Revision 1.47 2000/09/13 08:02:56 rgb | |
55337 | + * Added KMd registration notification. | |
55338 | + * | |
55339 | + * Revision 1.46 2000/09/12 22:35:36 rgb | |
55340 | + * Restructured to remove unused extensions from CLEARFLOW messages. | |
55341 | + * | |
55342 | + * Revision 1.45 2000/09/12 03:24:23 rgb | |
55343 | + * Converted #if0 debugs to sysctl. | |
55344 | + * | |
55345 | + * Revision 1.44 2000/09/09 06:38:39 rgb | |
55346 | + * Correct SADB message type for update, add and delete. | |
55347 | + * | |
55348 | + * Revision 1.43 2000/09/08 19:19:56 rgb | |
55349 | + * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG. | |
55350 | + * Removed all references to CONFIG_IPSEC_PFKEYv2. | |
55351 | + * Put in sanity checks in most msg type parsers to catch invalid satypes | |
55352 | + * and empty socket lists. | |
55353 | + * Moved spin-locks in pfkey_get_parse() to simplify. | |
55354 | + * Added pfkey_acquire(). | |
55355 | + * Added upwards messages to update, add, delete, acquire_parse, | |
55356 | + * expire_parse and flush. | |
55357 | + * Fix pfkey_prop_build() parameter to be only single indirection. | |
55358 | + * Changed all replies to use pfkey_reply. | |
55359 | + * Check return code on puttdb() and deltdbchain() in getspi, update, | |
55360 | + * add, delete. | |
55361 | + * Fixed up all pfkey replies to open and registered sockets. | |
55362 | + * | |
55363 | + * Revision 1.42 2000/09/01 18:50:26 rgb | |
55364 | + * Added a supported algorithms array lists, one per satype and registered | |
55365 | + * existing algorithms. | |
55366 | + * Fixed pfkey_list_{insert,remove}_{socket,support}() to allow change to | |
55367 | + * list. | |
55368 | + * Only send pfkey_expire() messages to sockets registered for that satype. | |
55369 | + * Added reply to pfkey_getspi_parse(). | |
55370 | + * Added reply to pfkey_get_parse(). | |
55371 | + * Fixed debug output label bug in pfkey_lifetime_process(). | |
55372 | + * Cleaned up pfkey_sa_process a little. | |
55373 | + * Moved pfkey_safe_build() above message type parsers to make it available | |
55374 | + * for creating replies. | |
55375 | + * Added comments for future work in pfkey_acquire_parse(). | |
55376 | + * Fleshed out guts of pfkey_register_parse(). | |
55377 | + * | |
55378 | + * Revision 1.41 2000/08/24 16:58:11 rgb | |
55379 | + * Fixed key debugging variables. | |
55380 | + * Fixed error return code for a failed search. | |
55381 | + * Changed order of pfkey_get operations. | |
55382 | + * | |
55383 | + * Revision 1.40 2000/08/21 16:32:27 rgb | |
55384 | + * Re-formatted for cosmetic consistency and readability. | |
55385 | + * | |
55386 | + * Revision 1.39 2000/08/20 21:38:57 rgb | |
55387 | + * Bugfixes to as-yet-unused pfkey_update_parse() and | |
55388 | + * pfkey_register_parse(). (Momchil) | |
55389 | + * Added functions pfkey_safe_build(), pfkey_expire() and | |
55390 | + * pfkey_build_reply(). (Momchil) | |
55391 | + * Added a pfkey_reply parameter to pfkey_msg_interp(). (Momchil) | |
55392 | + * | |
55393 | + * Revision 1.38 2000/08/18 21:30:41 rgb | |
55394 | + * Purged all tdb_spi, tdb_proto and tdb_dst macros. They are unclear. | |
55395 | + * | |
55396 | + * Revision 1.37 2000/08/18 18:18:02 rgb | |
55397 | + * Cosmetic and descriptive changes made to debug test. | |
55398 | + * getspi and update fixes from Momchil. | |
55399 | + * | |
55400 | + * Revision 1.36 2000/08/15 15:41:55 rgb | |
55401 | + * Fixed the (as yet unused and untested) pfkey_getspi() routine. | |
55402 | + * | |
55403 | + * Revision 1.35 2000/08/01 14:51:52 rgb | |
55404 | + * Removed _all_ remaining traces of DES. | |
55405 | + * | |
55406 | + * Revision 1.34 2000/07/28 14:58:32 rgb | |
55407 | + * Changed kfree_s to kfree, eliminating extra arg to fix 2.4.0-test5. | |
55408 | + * | |
55409 | + * Revision 1.33 2000/06/28 05:50:11 rgb | |
55410 | + * Actually set iv_bits. | |
55411 | + * | |
55412 | + * Revision 1.32 2000/05/30 18:36:56 rgb | |
55413 | + * Fix AH auth hash setup bug. This breaks interop with previous PF_KEY | |
55414 | + * FreeS/WAN, but fixes interop with other implementations. | |
55415 | + * | |
55416 | + * Revision 1.31 2000/03/16 14:05:48 rgb | |
55417 | + * Fixed brace scope preventing non-debug compile. | |
55418 | + * Added null parameter check for pfkey_x_debug(). | |
55419 | + * | |
55420 | + * Revision 1.30 2000/01/22 23:21:13 rgb | |
55421 | + * Use new function satype2proto(). | |
55422 | + * | |
55423 | + * Revision 1.29 2000/01/22 08:40:21 rgb | |
55424 | + * Invert condition to known value to avoid AF_INET6 in 2.0.36. | |
55425 | + * | |
55426 | + * Revision 1.28 2000/01/22 07:58:57 rgb | |
55427 | + * Fixed REPLACEFLOW bug, missing braces around KLIPS_PRINT *and* SENDERR. | |
55428 | + * | |
55429 | + * Revision 1.27 2000/01/22 03:48:01 rgb | |
55430 | + * Added extr pointer component debugging. | |
55431 | + * | |
55432 | + * Revision 1.26 2000/01/21 09:41:25 rgb | |
55433 | + * Changed a (void*) to (char*) cast to do proper pointer math. | |
55434 | + * Don't call tdbwipe if tdb2 is NULL. | |
55435 | + * | |
55436 | + * Revision 1.25 2000/01/21 06:21:01 rgb | |
55437 | + * Added address cases for eroute flows. | |
55438 | + * Tidied up compiler directive indentation for readability. | |
55439 | + * Added ictx,octx vars for simplification. | |
55440 | + * Added macros for HMAC padding magic numbers. | |
55441 | + * Converted from double tdb arguments to one structure (extr) | |
55442 | + * containing pointers to all temporary information structures | |
55443 | + * and checking for valid arguments to all ext processors and | |
55444 | + * msg type parsers. | |
55445 | + * Added spiungrp'ing. | |
55446 | + * Added klipsdebug switching capability. | |
55447 | + * Removed sa_process() check for zero protocol. | |
55448 | + * Added address case for DST2 for grouping. | |
55449 | + * Added/changed minor debugging instrumentation. | |
55450 | + * Fixed spigrp for single said, ungrouping case. | |
55451 | + * Added code to parse addflow and delflow messages. | |
55452 | + * Removed redundant statements duplicating tdbwipe() functionality | |
55453 | + * and causing double kfrees. | |
55454 | + * Permit addflow to have a protocol of 0. | |
55455 | + * | |
55456 | + * Revision 1.24 1999/12/09 23:23:00 rgb | |
55457 | + * Added check to pfkey_sa_process() to do eroutes. | |
55458 | + * Converted to DIVUP() macro. | |
55459 | + * Converted if() to switch() in pfkey_register_parse(). | |
55460 | + * Use new pfkey_extensions_init() instead of memset(). | |
55461 | + * | |
55462 | + * Revision 1.23 1999/12/01 22:18:13 rgb | |
55463 | + * Preset minspi and maxspi values in case and spirange extension is not | |
55464 | + * included and check for the presence of an spirange extension before | |
55465 | + * using it. Initialise tdb_sastate to LARVAL. | |
55466 | + * Fixed debugging output typo. | |
55467 | + * Fixed authentication context initialisation bugs (4 places). | |
55468 | + * | |
55469 | + * Revision 1.22 1999/11/27 11:53:08 rgb | |
55470 | + * Moved pfkey_msg_parse prototype to pfkey.h | |
55471 | + * Moved exts_permitted/required prototype to pfkey.h. | |
55472 | + * Moved sadb_satype2proto protocol lookup table to lib/pfkey_v2_parse.c. | |
55473 | + * Deleted SADB_X_EXT_SA2 code from pfkey_sa_process() since it will never | |
55474 | + * be called. | |
55475 | + * Moved protocol/algorithm checks to lib/pfkey_v2_parse.c | |
55476 | + * Debugging error messages added. | |
55477 | + * Enable lifetime_current checking. | |
55478 | + * Remove illegal requirement for SA extension to be present in an | |
55479 | + * originating GETSPI call. | |
55480 | + * Re-instate requirement for UPDATE or ADD message to be MATURE. | |
55481 | + * Add argument to pfkey_msg_parse() for direction. | |
55482 | + * Fixed IPIP dst address bug and purged redundant, leaky code. | |
55483 | + * | |
55484 | + * Revision 1.21 1999/11/24 05:24:20 rgb | |
55485 | + * hanged 'void*extensions' to 'struct sadb_ext*extensions'. | |
55486 | + * Fixed indention. | |
55487 | + * Ditched redundant replay check. | |
55488 | + * Fixed debug message text from 'parse' to 'process'. | |
55489 | + * Added more debug output. | |
55490 | + * Forgot to zero extensions array causing bug, fixed. | |
55491 | + * | |
55492 | + * Revision 1.20 1999/11/23 23:08:13 rgb | |
55493 | + * Move all common parsing code to lib/pfkey_v2_parse.c and rename | |
55494 | + * remaining bits to *_process. (PJO) | |
55495 | + * Add macros for dealing with alignment and rounding up more opaquely. | |
55496 | + * Use provided macro ADDRTOA_BUF instead of hardcoded value. | |
55497 | + * Sort out pfkey and freeswan headers, putting them in a library path. | |
55498 | + * Corrected a couple of bugs in as-yet-inactive code. | |
55499 | + * | |
55500 | + * Revision 1.19 1999/11/20 22:01:10 rgb | |
55501 | + * Add more descriptive error messages for non-zero reserved fields. | |
55502 | + * Add more descriptive error message for spirange parsing. | |
55503 | + * Start on supported extension parsing. | |
55504 | + * Start on register and get message parsing. | |
55505 | + * | |
55506 | + * Revision 1.18 1999/11/18 04:09:20 rgb | |
55507 | + * Replaced all kernel version macros to shorter, readable form. | |
55508 | + * | |
55509 | + * Revision 1.17 1999/11/17 15:53:41 rgb | |
55510 | + * Changed all occurrences of #include "../../../lib/freeswan.h" | |
55511 | + * to #include <freeswan.h> which works due to -Ilibfreeswan in the | |
55512 | + * klips/net/ipsec/Makefile. | |
55513 | + * | |
55514 | + * Revision 1.16 1999/10/26 16:57:43 rgb | |
55515 | + * Add shorter macros for compiler directives to visually clean-up. | |
55516 | + * Give ipv6 code meaningful compiler directive. | |
55517 | + * Add comments to other #if 0 debug code. | |
55518 | + * Remove unused *_bh_atomic() calls. | |
55519 | + * Fix mis-placed spinlock. | |
55520 | + * | |
55521 | + * Revision 1.15 1999/10/16 18:27:10 rgb | |
55522 | + * Clean-up unused cruft. | |
55523 | + * Fix-up lifetime_allocations_c and lifetime_addtime_c initialisations. | |
55524 | + * | |
55525 | + * Revision 1.14 1999/10/08 18:37:34 rgb | |
55526 | + * Fix end-of-line spacing to sate whining PHMs. | |
55527 | + * | |
55528 | + * Revision 1.13 1999/10/03 18:49:12 rgb | |
55529 | + * Spinlock fixes for 2.0.xx and 2.3.xx. | |
55530 | + * | |
55531 | + * Revision 1.12 1999/10/01 15:44:54 rgb | |
55532 | + * Move spinlock header include to 2.1> scope. | |
55533 | + * | |
55534 | + * Revision 1.11 1999/10/01 00:05:45 rgb | |
55535 | + * Added tdb structure locking. | |
55536 | + * Use 'jiffies' instead of do_get_timeofday(). | |
55537 | + * Fix lifetime assignments. | |
55538 | + * | |
55539 | + * Revision 1.10 1999/09/21 15:24:45 rgb | |
55540 | + * Rework spirange code to save entropy and prevent endless loops. | |
55541 | + * | |
55542 | + * Revision 1.9 1999/09/16 12:10:21 rgb | |
55543 | + * Minor fixes to random spi selection for correctness and entropy conservation. | |
55544 | + * | |
55545 | + * Revision 1.8 1999/05/25 22:54:46 rgb | |
55546 | + * Fix comparison that should be an assignment in an if. | |
55547 | + * | |
55548 | + * Revision 1.7 1999/05/09 03:25:37 rgb | |
55549 | + * Fix bug introduced by 2.2 quick-and-dirty patch. | |
55550 | + * | |
55551 | + * Revision 1.6 1999/05/08 21:32:30 rgb | |
55552 | + * Fix error return reporting. | |
55553 | + * | |
55554 | + * Revision 1.5 1999/05/05 22:02:33 rgb | |
55555 | + * Add a quick and dirty port to 2.2 kernels by Marc Boucher <marc@mbsi.ca>. | |
55556 | + * | |
55557 | + * Revision 1.4 1999/04/29 15:22:40 rgb | |
55558 | + * Standardise an error return method. | |
55559 | + * Add debugging instrumentation. | |
55560 | + * Add check for existence of macros min/max. | |
55561 | + * Add extensions permitted/required in/out filters. | |
55562 | + * Add satype-to-protocol table. | |
55563 | + * Add a second tdb pointer to each parser to accomodate GRPSA. | |
55564 | + * Move AH & no_algo_set to GETSPI, UPDATE and ADD. | |
55565 | + * Add OOO window check. | |
55566 | + * Add support for IPPROTO_IPIP and hooks for IPPROTO_COMP. | |
55567 | + * Add timestamp to lifetime parse. | |
55568 | + * Fix address structure length checking bug. | |
55569 | + * Fix address structure allocation bug (forgot to kmalloc!). | |
55570 | + * Add checks for extension lengths. | |
55571 | + * Add checks for extension reserved illegal values. | |
55572 | + * Add check for spirange legal values. | |
55573 | + * Add an extension type for parsing a second satype, SA and | |
55574 | + * DST_ADDRESS. | |
55575 | + * Make changes to tdb_init() template to get pfkey_tdb_init(), | |
55576 | + * eliminating any mention of xformsw. | |
55577 | + * Implement getspi, update and grpsa (not tested). | |
55578 | + * Add stubs for as yet unimplemented message types. | |
55579 | + * Add table of message parsers to substitute for msg_parse switch. | |
55580 | + * | |
55581 | + * Revision 1.3 1999/04/15 17:58:07 rgb | |
55582 | + * Add RCSID labels. | |
55583 | + * | |
55584 | + * Revision 1.2 1999/04/15 15:37:26 rgb | |
55585 | + * Forward check changes from POST1_00 branch. | |
55586 | + * | |
55587 | + * Revision 1.1.2.1 1999/03/26 20:58:56 rgb | |
55588 | + * Add pfkeyv2 support to KLIPS. | |
55589 | + * | |
55590 | + * Local variables: | |
55591 | + * c-file-style: "linux" | |
55592 | + * End: | |
55593 | + * | |
55594 | + */ | |
55595 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
55596 | +++ linux/net/ipsec/prng.c Mon Feb 9 13:51:03 2004 | |
55597 | @@ -0,0 +1,201 @@ | |
55598 | +/* | |
55599 | + * crypto-class pseudorandom number generator | |
55600 | + * currently uses same algorithm as RC4(TM), from Schneier 2nd ed p397 | |
55601 | + * Copyright (C) 2002 Henry Spencer. | |
55602 | + * | |
55603 | + * This library is free software; you can redistribute it and/or modify it | |
55604 | + * under the terms of the GNU Library General Public License as published by | |
55605 | + * the Free Software Foundation; either version 2 of the License, or (at your | |
55606 | + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. | |
55607 | + * | |
55608 | + * This library is distributed in the hope that it will be useful, but | |
55609 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
55610 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public | |
55611 | + * License for more details. | |
55612 | + * | |
55613 | + * RCSID $Id: prng.c,v 1.7 2004/07/10 07:48:36 mcr Exp $ | |
55614 | + */ | |
55615 | +#include "openswan.h" | |
55616 | + | |
55617 | +/* | |
55618 | + - prng_init - initialize PRNG from a key | |
55619 | + */ | |
55620 | +void | |
55621 | +prng_init(prng, key, keylen) | |
55622 | +struct prng *prng; | |
55623 | +const unsigned char *key; | |
55624 | +size_t keylen; | |
55625 | +{ | |
55626 | + unsigned char k[256]; | |
55627 | + int i, j; | |
55628 | + unsigned const char *p; | |
55629 | + unsigned const char *keyend = key + keylen; | |
55630 | + unsigned char t; | |
55631 | + | |
55632 | + for (i = 0; i <= 255; i++) | |
55633 | + prng->sbox[i] = i; | |
55634 | + p = key; | |
55635 | + for (i = 0; i <= 255; i++) { | |
55636 | + k[i] = *p++; | |
55637 | + if (p >= keyend) | |
55638 | + p = key; | |
55639 | + } | |
55640 | + j = 0; | |
55641 | + for (i = 0; i <= 255; i++) { | |
55642 | + j = (j + prng->sbox[i] + k[i]) & 0xff; | |
55643 | + t = prng->sbox[i]; | |
55644 | + prng->sbox[i] = prng->sbox[j]; | |
55645 | + prng->sbox[j] = t; | |
55646 | + k[i] = 0; /* clear out key memory */ | |
55647 | + } | |
55648 | + prng->i = 0; | |
55649 | + prng->j = 0; | |
55650 | + prng->count = 0; | |
55651 | +} | |
55652 | + | |
55653 | +/* | |
55654 | + - prng_bytes - get some pseudorandom bytes from PRNG | |
55655 | + */ | |
55656 | +void | |
55657 | +prng_bytes(prng, dst, dstlen) | |
55658 | +struct prng *prng; | |
55659 | +unsigned char *dst; | |
55660 | +size_t dstlen; | |
55661 | +{ | |
55662 | + int i, j, t; | |
55663 | + unsigned char *p = dst; | |
55664 | + size_t remain = dstlen; | |
55665 | +# define MAX 4000000000ul | |
55666 | + | |
55667 | + while (remain > 0) { | |
55668 | + i = (prng->i + 1) & 0xff; | |
55669 | + prng->i = i; | |
55670 | + j = (prng->j + prng->sbox[i]) & 0xff; | |
55671 | + prng->j = j; | |
55672 | + t = prng->sbox[i]; | |
55673 | + prng->sbox[i] = prng->sbox[j]; | |
55674 | + prng->sbox[j] = t; | |
55675 | + t = (t + prng->sbox[i]) & 0xff; | |
55676 | + *p++ = prng->sbox[t]; | |
55677 | + remain--; | |
55678 | + } | |
55679 | + if (prng->count < MAX - dstlen) | |
55680 | + prng->count += dstlen; | |
55681 | + else | |
55682 | + prng->count = MAX; | |
55683 | +} | |
55684 | + | |
55685 | +/* | |
55686 | + - prnt_count - how many bytes have been extracted from PRNG so far? | |
55687 | + */ | |
55688 | +unsigned long | |
55689 | +prng_count(prng) | |
55690 | +struct prng *prng; | |
55691 | +{ | |
55692 | + return prng->count; | |
55693 | +} | |
55694 | + | |
55695 | +/* | |
55696 | + - prng_final - clear out PRNG to ensure nothing left in memory | |
55697 | + */ | |
55698 | +void | |
55699 | +prng_final(prng) | |
55700 | +struct prng *prng; | |
55701 | +{ | |
55702 | + int i; | |
55703 | + | |
55704 | + for (i = 0; i <= 255; i++) | |
55705 | + prng->sbox[i] = 0; | |
55706 | + prng->i = 0; | |
55707 | + prng->j = 0; | |
55708 | + prng->count = 0; /* just for good measure */ | |
55709 | +} | |
55710 | + | |
55711 | + | |
55712 | + | |
55713 | +#ifdef PRNG_MAIN | |
55714 | + | |
55715 | +#include <stdio.h> | |
55716 | + | |
55717 | +void regress(); | |
55718 | + | |
55719 | +int | |
55720 | +main(argc, argv) | |
55721 | +int argc; | |
55722 | +char *argv[]; | |
55723 | +{ | |
55724 | + struct prng pr; | |
55725 | + unsigned char buf[100]; | |
55726 | + unsigned char *p; | |
55727 | + size_t n; | |
55728 | + | |
55729 | + if (argc < 2) { | |
55730 | + fprintf(stderr, "Usage: %s {key|-r}\n", argv[0]); | |
55731 | + exit(2); | |
55732 | + } | |
55733 | + | |
55734 | + if (strcmp(argv[1], "-r") == 0) { | |
55735 | + regress(); | |
55736 | + fprintf(stderr, "regress() returned?!?\n"); | |
55737 | + exit(1); | |
55738 | + } | |
55739 | + | |
55740 | + prng_init(&pr, argv[1], strlen(argv[1])); | |
55741 | + prng_bytes(&pr, buf, 32); | |
55742 | + printf("0x"); | |
55743 | + for (p = buf, n = 32; n > 0; p++, n--) | |
55744 | + printf("%02x", *p); | |
55745 | + printf("\n%lu bytes\n", prng_count(&pr)); | |
55746 | + prng_final(&pr); | |
55747 | + exit(0); | |
55748 | +} | |
55749 | + | |
55750 | +void | |
55751 | +regress() | |
55752 | +{ | |
55753 | + struct prng pr; | |
55754 | + unsigned char buf[100]; | |
55755 | + unsigned char *p; | |
55756 | + size_t n; | |
55757 | + /* somewhat non-random sample key */ | |
55758 | + unsigned char key[] = "here we go gathering nuts in May"; | |
55759 | + /* first thirty bytes of output from that key */ | |
55760 | + unsigned char good[] = "\x3f\x02\x8e\x4a\x2a\xea\x23\x18\x92\x7c" | |
55761 | + "\x09\x52\x83\x61\xaa\x26\xce\xbb\x9d\x71" | |
55762 | + "\x71\xe5\x10\x22\xaf\x60\x54\x8d\x5b\x28"; | |
55763 | + int nzero, none; | |
55764 | + int show = 0; | |
55765 | + | |
55766 | + prng_init(&pr, key, strlen(key)); | |
55767 | + prng_bytes(&pr, buf, sizeof(buf)); | |
55768 | + for (p = buf, n = sizeof(buf); n > 0; p++, n--) { | |
55769 | + if (*p == 0) | |
55770 | + nzero++; | |
55771 | + if (*p == 255) | |
55772 | + none++; | |
55773 | + } | |
55774 | + if (nzero > 3 || none > 3) { | |
55775 | + fprintf(stderr, "suspiciously non-random output!\n"); | |
55776 | + show = 1; | |
55777 | + } | |
55778 | + if (memcmp(buf, good, strlen(good)) != 0) { | |
55779 | + fprintf(stderr, "incorrect output!\n"); | |
55780 | + show = 1; | |
55781 | + } | |
55782 | + if (show) { | |
55783 | + fprintf(stderr, "0x"); | |
55784 | + for (p = buf, n = sizeof(buf); n > 0; p++, n--) | |
55785 | + fprintf(stderr, "%02x", *p); | |
55786 | + fprintf(stderr, "\n"); | |
55787 | + exit(1); | |
55788 | + } | |
55789 | + if (prng_count(&pr) != sizeof(buf)) { | |
55790 | + fprintf(stderr, "got %u bytes, but count is %lu\n", | |
55791 | + sizeof(buf), prng_count(&pr)); | |
55792 | + exit(1); | |
55793 | + } | |
55794 | + prng_final(&pr); | |
55795 | + exit(0); | |
55796 | +} | |
55797 | + | |
55798 | +#endif /* PRNG_MAIN */ | |
55799 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
55800 | +++ linux/net/ipsec/radij.c Mon Feb 9 13:51:03 2004 | |
55801 | @@ -0,0 +1,1237 @@ | |
55802 | +char radij_c_version[] = "RCSID $Id: radij.c,v 1.48.2.1 2006/10/06 21:39:27 paul Exp $"; | |
55803 | + | |
55804 | +/* | |
55805 | + * This file is defived from ${SRC}/sys/net/radix.c of BSD 4.4lite | |
55806 | + * | |
55807 | + * Variable and procedure names have been modified so that they don't | |
55808 | + * conflict with the original BSD code, as a small number of modifications | |
55809 | + * have been introduced and we may want to reuse this code in BSD. | |
55810 | + * | |
55811 | + * The `j' in `radij' is pronounced as a voiceless guttural (like a Greek | |
55812 | + * chi or a German ch sound (as `doch', not as in `milch'), or even a | |
55813 | + * spanish j as in Juan. It is not as far back in the throat like | |
55814 | + * the corresponding Hebrew sound, nor is it a soft breath like the English h. | |
55815 | + * It has nothing to do with the Dutch ij sound. | |
55816 | + * | |
55817 | + * Here is the appropriate copyright notice: | |
55818 | + */ | |
55819 | + | |
55820 | +/* | |
55821 | + * Copyright (c) 1988, 1989, 1993 | |
55822 | + * The Regents of the University of California. All rights reserved. | |
55823 | + * | |
55824 | + * Redistribution and use in source and binary forms, with or without | |
55825 | + * modification, are permitted provided that the following conditions | |
55826 | + * are met: | |
55827 | + * 1. Redistributions of source code must retain the above copyright | |
55828 | + * notice, this list of conditions and the following disclaimer. | |
55829 | + * 2. Redistributions in binary form must reproduce the above copyright | |
55830 | + * notice, this list of conditions and the following disclaimer in the | |
55831 | + * documentation and/or other materials provided with the distribution. | |
55832 | + * 3. All advertising materials mentioning features or use of this software | |
55833 | + * must display the following acknowledgement: | |
55834 | + * This product includes software developed by the University of | |
55835 | + * California, Berkeley and its contributors. | |
55836 | + * 4. Neither the name of the University nor the names of its contributors | |
55837 | + * may be used to endorse or promote products derived from this software | |
55838 | + * without specific prior written permission. | |
55839 | + * | |
55840 | + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND | |
55841 | + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
55842 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
55843 | + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | |
55844 | + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
55845 | + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
55846 | + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
55847 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
55848 | + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
55849 | + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
55850 | + * SUCH DAMAGE. | |
55851 | + * | |
55852 | + * @(#)radix.c 8.2 (Berkeley) 1/4/94 | |
55853 | + */ | |
55854 | + | |
55855 | +/* | |
55856 | + * Routines to build and maintain radix trees for routing lookups. | |
55857 | + */ | |
55858 | + | |
55859 | +#ifndef AUTOCONF_INCLUDED | |
55860 | +#include <linux/config.h> | |
55861 | +#endif | |
55862 | +#include <linux/version.h> | |
55863 | +#include <linux/kernel.h> /* printk() */ | |
55864 | + | |
55865 | +#include "openswan/ipsec_param.h" | |
55866 | + | |
55867 | +#ifdef MALLOC_SLAB | |
55868 | +# include <linux/slab.h> /* kmalloc() */ | |
55869 | +#else /* MALLOC_SLAB */ | |
55870 | +# include <linux/malloc.h> /* kmalloc() */ | |
55871 | +#endif /* MALLOC_SLAB */ | |
55872 | +#include <linux/errno.h> /* error codes */ | |
55873 | +#include <linux/types.h> /* size_t */ | |
55874 | +#include <linux/interrupt.h> /* mark_bh */ | |
55875 | + | |
55876 | +#include <linux/netdevice.h> /* struct device, and other headers */ | |
55877 | +#include <linux/etherdevice.h> /* eth_type_trans */ | |
55878 | +#include <linux/ip.h> /* struct iphdr */ | |
55879 | +#include <linux/skbuff.h> | |
55880 | +#ifdef NET_21 | |
55881 | +# include <linux/in6.h> | |
55882 | +#endif /* NET_21 */ | |
55883 | + | |
55884 | +#include <net/ip.h> | |
55885 | + | |
55886 | +#include <openswan.h> | |
55887 | + | |
55888 | +#include "openswan/radij.h" | |
55889 | +#include "openswan/ipsec_encap.h" | |
55890 | +#include "openswan/ipsec_radij.h" | |
55891 | + | |
55892 | +int maj_keylen; | |
55893 | +struct radij_mask *rj_mkfreelist; | |
55894 | +struct radij_node_head *mask_rjhead; | |
55895 | +static int gotOddMasks; | |
55896 | +static char *maskedKey; | |
55897 | +static char *rj_zeroes, *rj_ones; | |
55898 | + | |
55899 | +#define rj_masktop (mask_rjhead->rnh_treetop) | |
55900 | +#ifdef Bcmp | |
55901 | +# undef Bcmp | |
55902 | +#endif /* Bcmp */ | |
55903 | +#define Bcmp(a, b, l) (l == 0 ? 0 : memcmp((caddr_t)(b), (caddr_t)(a), (size_t)l)) | |
55904 | +/* | |
55905 | + * The data structure for the keys is a radix tree with one way | |
55906 | + * branching removed. The index rj_b at an internal node n represents a bit | |
55907 | + * position to be tested. The tree is arranged so that all descendants | |
55908 | + * of a node n have keys whose bits all agree up to position rj_b - 1. | |
55909 | + * (We say the index of n is rj_b.) | |
55910 | + * | |
55911 | + * There is at least one descendant which has a one bit at position rj_b, | |
55912 | + * and at least one with a zero there. | |
55913 | + * | |
55914 | + * A route is determined by a pair of key and mask. We require that the | |
55915 | + * bit-wise logical and of the key and mask to be the key. | |
55916 | + * We define the index of a route to associated with the mask to be | |
55917 | + * the first bit number in the mask where 0 occurs (with bit number 0 | |
55918 | + * representing the highest order bit). | |
55919 | + * | |
55920 | + * We say a mask is normal if every bit is 0, past the index of the mask. | |
55921 | + * If a node n has a descendant (k, m) with index(m) == index(n) == rj_b, | |
55922 | + * and m is a normal mask, then the route applies to every descendant of n. | |
55923 | + * If the index(m) < rj_b, this implies the trailing last few bits of k | |
55924 | + * before bit b are all 0, (and hence consequently true of every descendant | |
55925 | + * of n), so the route applies to all descendants of the node as well. | |
55926 | + * | |
55927 | + * The present version of the code makes no use of normal routes, | |
55928 | + * but similar logic shows that a non-normal mask m such that | |
55929 | + * index(m) <= index(n) could potentially apply to many children of n. | |
55930 | + * Thus, for each non-host route, we attach its mask to a list at an internal | |
55931 | + * node as high in the tree as we can go. | |
55932 | + */ | |
55933 | + | |
55934 | +struct radij_node * | |
55935 | +rj_search(v_arg, head) | |
55936 | + void *v_arg; | |
55937 | + struct radij_node *head; | |
55938 | +{ | |
55939 | + register struct radij_node *x; | |
55940 | + register caddr_t v; | |
55941 | + | |
55942 | + for (x = head, v = v_arg; x->rj_b >= 0;) { | |
55943 | + if (x->rj_bmask & v[x->rj_off]) | |
55944 | + x = x->rj_r; | |
55945 | + else | |
55946 | + x = x->rj_l; | |
55947 | + } | |
55948 | + return (x); | |
55949 | +}; | |
55950 | + | |
55951 | +struct radij_node * | |
55952 | +rj_search_m(v_arg, head, m_arg) | |
55953 | + struct radij_node *head; | |
55954 | + void *v_arg, *m_arg; | |
55955 | +{ | |
55956 | + register struct radij_node *x; | |
55957 | + register caddr_t v = v_arg, m = m_arg; | |
55958 | + | |
55959 | + for (x = head; x->rj_b >= 0;) { | |
55960 | + if ((x->rj_bmask & m[x->rj_off]) && | |
55961 | + (x->rj_bmask & v[x->rj_off])) | |
55962 | + x = x->rj_r; | |
55963 | + else | |
55964 | + x = x->rj_l; | |
55965 | + } | |
55966 | + return x; | |
55967 | +}; | |
55968 | + | |
55969 | +int | |
55970 | +rj_refines(m_arg, n_arg) | |
55971 | + void *m_arg, *n_arg; | |
55972 | +{ | |
55973 | + register caddr_t m = m_arg, n = n_arg; | |
55974 | + register caddr_t lim, lim2 = lim = n + *(u_char *)n; | |
55975 | + int longer = (*(u_char *)n++) - (int)(*(u_char *)m++); | |
55976 | + int masks_are_equal = 1; | |
55977 | + | |
55978 | + if (longer > 0) | |
55979 | + lim -= longer; | |
55980 | + while (n < lim) { | |
55981 | + if (*n & ~(*m)) | |
55982 | + return 0; | |
55983 | + if (*n++ != *m++) | |
55984 | + masks_are_equal = 0; | |
55985 | + | |
55986 | + } | |
55987 | + while (n < lim2) | |
55988 | + if (*n++) | |
55989 | + return 0; | |
55990 | + if (masks_are_equal && (longer < 0)) | |
55991 | + for (lim2 = m - longer; m < lim2; ) | |
55992 | + if (*m++) | |
55993 | + return 1; | |
55994 | + return (!masks_are_equal); | |
55995 | +} | |
55996 | + | |
55997 | + | |
55998 | +struct radij_node * | |
55999 | +rj_match(v_arg, head) | |
56000 | + void *v_arg; | |
56001 | + struct radij_node_head *head; | |
56002 | +{ | |
56003 | + caddr_t v = v_arg; | |
56004 | + register struct radij_node *t = head->rnh_treetop, *x; | |
56005 | + register caddr_t cp = v, cp2, cp3; | |
56006 | + caddr_t cplim, mstart; | |
56007 | + struct radij_node *saved_t, *top = t; | |
56008 | + int off = t->rj_off, vlen = *(u_char *)cp, matched_off; | |
56009 | + | |
56010 | + /* | |
56011 | + * Open code rj_search(v, top) to avoid overhead of extra | |
56012 | + * subroutine call. | |
56013 | + */ | |
56014 | + for (; t->rj_b >= 0; ) { | |
56015 | + if (t->rj_bmask & cp[t->rj_off]) | |
56016 | + t = t->rj_r; | |
56017 | + else | |
56018 | + t = t->rj_l; | |
56019 | + } | |
56020 | + /* | |
56021 | + * See if we match exactly as a host destination | |
56022 | + */ | |
56023 | + KLIPS_PRINT(debug_radij, | |
56024 | + "klips_debug:rj_match: " | |
56025 | + "* See if we match exactly as a host destination\n"); | |
56026 | + | |
56027 | + cp += off; cp2 = t->rj_key + off; cplim = v + vlen; | |
56028 | + for (; cp < cplim; cp++, cp2++) | |
56029 | + if (*cp != *cp2) | |
56030 | + goto on1; | |
56031 | + /* | |
56032 | + * This extra grot is in case we are explicitly asked | |
56033 | + * to look up the default. Ugh! | |
56034 | + */ | |
56035 | + if ((t->rj_flags & RJF_ROOT) && t->rj_dupedkey) | |
56036 | + t = t->rj_dupedkey; | |
56037 | + return t; | |
56038 | +on1: | |
56039 | + matched_off = cp - v; | |
56040 | + saved_t = t; | |
56041 | + KLIPS_PRINT(debug_radij, | |
56042 | + "klips_debug:rj_match: " | |
56043 | + "** try to match a leaf, t=0p%p\n", t); | |
56044 | + do { | |
56045 | + if (t->rj_mask) { | |
56046 | + /* | |
56047 | + * Even if we don't match exactly as a hosts; | |
56048 | + * we may match if the leaf we wound up at is | |
56049 | + * a route to a net. | |
56050 | + */ | |
56051 | + cp3 = matched_off + t->rj_mask; | |
56052 | + cp2 = matched_off + t->rj_key; | |
56053 | + for (; cp < cplim; cp++) | |
56054 | + if ((*cp2++ ^ *cp) & *cp3++) | |
56055 | + break; | |
56056 | + if (cp == cplim) | |
56057 | + return t; | |
56058 | + cp = matched_off + v; | |
56059 | + } | |
56060 | + } while ((t = t->rj_dupedkey)); | |
56061 | + t = saved_t; | |
56062 | + /* start searching up the tree */ | |
56063 | + KLIPS_PRINT(debug_radij, | |
56064 | + "klips_debug:rj_match: " | |
56065 | + "*** start searching up the tree, t=0p%p\n", | |
56066 | + t); | |
56067 | + do { | |
56068 | + register struct radij_mask *m; | |
56069 | + | |
56070 | + t = t->rj_p; | |
56071 | + KLIPS_PRINT(debug_radij, | |
56072 | + "klips_debug:rj_match: " | |
56073 | + "**** t=0p%p\n", | |
56074 | + t); | |
56075 | + if ((m = t->rj_mklist)) { | |
56076 | + /* | |
56077 | + * After doing measurements here, it may | |
56078 | + * turn out to be faster to open code | |
56079 | + * rj_search_m here instead of always | |
56080 | + * copying and masking. | |
56081 | + */ | |
56082 | + /* off = min(t->rj_off, matched_off); */ | |
56083 | + off = t->rj_off; | |
56084 | + if (matched_off < off) | |
56085 | + off = matched_off; | |
56086 | + mstart = maskedKey + off; | |
56087 | + do { | |
56088 | + cp2 = mstart; | |
56089 | + cp3 = m->rm_mask + off; | |
56090 | + KLIPS_PRINT(debug_radij, | |
56091 | + "klips_debug:rj_match: " | |
56092 | + "***** cp2=0p%p cp3=0p%p\n", | |
56093 | + cp2, cp3); | |
56094 | + for (cp = v + off; cp < cplim;) | |
56095 | + *cp2++ = *cp++ & *cp3++; | |
56096 | + x = rj_search(maskedKey, t); | |
56097 | + while (x && x->rj_mask != m->rm_mask) | |
56098 | + x = x->rj_dupedkey; | |
56099 | + if (x && | |
56100 | + (Bcmp(mstart, x->rj_key + off, | |
56101 | + vlen - off) == 0)) | |
56102 | + return x; | |
56103 | + } while ((m = m->rm_mklist)); | |
56104 | + } | |
56105 | + } while (t != top); | |
56106 | + KLIPS_PRINT(debug_radij, | |
56107 | + "klips_debug:rj_match: " | |
56108 | + "***** not found.\n"); | |
56109 | + return 0; | |
56110 | +}; | |
56111 | + | |
56112 | +#ifdef RJ_DEBUG | |
56113 | +int rj_nodenum; | |
56114 | +struct radij_node *rj_clist; | |
56115 | +int rj_saveinfo; | |
56116 | +DEBUG_NO_STATIC void traverse(struct radij_node *); | |
56117 | +#ifdef RJ_DEBUG2 | |
56118 | +int rj_debug = 1; | |
56119 | +#else | |
56120 | +int rj_debug = 0; | |
56121 | +#endif /* RJ_DEBUG2 */ | |
56122 | +#endif /* RJ_DEBUG */ | |
56123 | + | |
56124 | +struct radij_node * | |
56125 | +rj_newpair(v, b, nodes) | |
56126 | + void *v; | |
56127 | + int b; | |
56128 | + struct radij_node nodes[2]; | |
56129 | +{ | |
56130 | + register struct radij_node *tt = nodes, *t = tt + 1; | |
56131 | + t->rj_b = b; t->rj_bmask = 0x80 >> (b & 7); | |
56132 | + t->rj_l = tt; t->rj_off = b >> 3; | |
56133 | + tt->rj_b = -1; tt->rj_key = (caddr_t)v; tt->rj_p = t; | |
56134 | + tt->rj_flags = t->rj_flags = RJF_ACTIVE; | |
56135 | +#ifdef RJ_DEBUG | |
56136 | + tt->rj_info = rj_nodenum++; t->rj_info = rj_nodenum++; | |
56137 | + tt->rj_twin = t; tt->rj_ybro = rj_clist; rj_clist = tt; | |
56138 | +#endif /* RJ_DEBUG */ | |
56139 | + return t; | |
56140 | +} | |
56141 | + | |
56142 | +struct radij_node * | |
56143 | +rj_insert(v_arg, head, dupentry, nodes) | |
56144 | + void *v_arg; | |
56145 | + struct radij_node_head *head; | |
56146 | + int *dupentry; | |
56147 | + struct radij_node nodes[2]; | |
56148 | +{ | |
56149 | + caddr_t v = v_arg; | |
56150 | + struct radij_node *top = head->rnh_treetop; | |
56151 | + int head_off = top->rj_off, vlen = (int)*((u_char *)v); | |
56152 | + register struct radij_node *t = rj_search(v_arg, top); | |
56153 | + register caddr_t cp = v + head_off; | |
56154 | + register int b; | |
56155 | + struct radij_node *tt; | |
56156 | + /* | |
56157 | + *find first bit at which v and t->rj_key differ | |
56158 | + */ | |
56159 | + { | |
56160 | + register caddr_t cp2 = t->rj_key + head_off; | |
56161 | + register int cmp_res; | |
56162 | + caddr_t cplim = v + vlen; | |
56163 | + | |
56164 | + while (cp < cplim) | |
56165 | + if (*cp2++ != *cp++) | |
56166 | + goto on1; | |
56167 | + *dupentry = 1; | |
56168 | + return t; | |
56169 | +on1: | |
56170 | + *dupentry = 0; | |
56171 | + cmp_res = (cp[-1] ^ cp2[-1]) & 0xff; | |
56172 | + for (b = (cp - v) << 3; cmp_res; b--) | |
56173 | + cmp_res >>= 1; | |
56174 | + } | |
56175 | + { | |
56176 | + register struct radij_node *p, *x = top; | |
56177 | + cp = v; | |
56178 | + do { | |
56179 | + p = x; | |
56180 | + if (cp[x->rj_off] & x->rj_bmask) | |
56181 | + x = x->rj_r; | |
56182 | + else x = x->rj_l; | |
56183 | + } while (b > (unsigned) x->rj_b); /* x->rj_b < b && x->rj_b >= 0 */ | |
56184 | +#ifdef RJ_DEBUG | |
56185 | + if (rj_debug) | |
56186 | + printk("klips_debug:rj_insert: Going In:\n"), traverse(p); | |
56187 | +#endif /* RJ_DEBUG */ | |
56188 | + t = rj_newpair(v_arg, b, nodes); tt = t->rj_l; | |
56189 | + if ((cp[p->rj_off] & p->rj_bmask) == 0) | |
56190 | + p->rj_l = t; | |
56191 | + else | |
56192 | + p->rj_r = t; | |
56193 | + x->rj_p = t; t->rj_p = p; /* frees x, p as temp vars below */ | |
56194 | + if ((cp[t->rj_off] & t->rj_bmask) == 0) { | |
56195 | + t->rj_r = x; | |
56196 | + } else { | |
56197 | + t->rj_r = tt; t->rj_l = x; | |
56198 | + } | |
56199 | +#ifdef RJ_DEBUG | |
56200 | + if (rj_debug) | |
56201 | + printk("klips_debug:rj_insert: Coming out:\n"), traverse(p); | |
56202 | +#endif /* RJ_DEBUG */ | |
56203 | + } | |
56204 | + return (tt); | |
56205 | +} | |
56206 | + | |
56207 | +struct radij_node * | |
56208 | +rj_addmask(n_arg, search, skip) | |
56209 | + int search, skip; | |
56210 | + void *n_arg; | |
56211 | +{ | |
56212 | + caddr_t netmask = (caddr_t)n_arg; | |
56213 | + register struct radij_node *x; | |
56214 | + register caddr_t cp, cplim; | |
56215 | + register int b, mlen, j; | |
56216 | + int maskduplicated; | |
56217 | + | |
56218 | + mlen = *(u_char *)netmask; | |
56219 | + if (search) { | |
56220 | + x = rj_search(netmask, rj_masktop); | |
56221 | + mlen = *(u_char *)netmask; | |
56222 | + if (Bcmp(netmask, x->rj_key, mlen) == 0) | |
56223 | + return (x); | |
56224 | + } | |
56225 | + R_Malloc(x, struct radij_node *, maj_keylen + 2 * sizeof (*x)); | |
56226 | + if (x == 0) | |
56227 | + return (0); | |
56228 | + Bzero(x, maj_keylen + 2 * sizeof (*x)); | |
56229 | + cp = (caddr_t)(x + 2); | |
56230 | + Bcopy(netmask, cp, mlen); | |
56231 | + netmask = cp; | |
56232 | + x = rj_insert(netmask, mask_rjhead, &maskduplicated, x); | |
56233 | + /* | |
56234 | + * Calculate index of mask. | |
56235 | + */ | |
56236 | + cplim = netmask + mlen; | |
56237 | + for (cp = netmask + skip; cp < cplim; cp++) | |
56238 | + if (*(u_char *)cp != 0xff) | |
56239 | + break; | |
56240 | + b = (cp - netmask) << 3; | |
56241 | + if (cp != cplim) { | |
56242 | + if (*cp != 0) { | |
56243 | + gotOddMasks = 1; | |
56244 | + for (j = 0x80; j; b++, j >>= 1) | |
56245 | + if ((j & *cp) == 0) | |
56246 | + break; | |
56247 | + } | |
56248 | + } | |
56249 | + x->rj_b = -1 - b; | |
56250 | + return (x); | |
56251 | +} | |
56252 | + | |
56253 | +#if 0 | |
56254 | +struct radij_node * | |
56255 | +#endif | |
56256 | +int | |
56257 | +rj_addroute(v_arg, n_arg, head, treenodes) | |
56258 | + void *v_arg, *n_arg; | |
56259 | + struct radij_node_head *head; | |
56260 | + struct radij_node treenodes[2]; | |
56261 | +{ | |
56262 | + caddr_t v = (caddr_t)v_arg, netmask = (caddr_t)n_arg; | |
56263 | + register struct radij_node *t, *x=NULL, *tt; | |
56264 | + struct radij_node *saved_tt, *top = head->rnh_treetop; | |
56265 | + short b = 0, b_leaf; | |
56266 | + int mlen, keyduplicated; | |
56267 | + caddr_t cplim; | |
56268 | + struct radij_mask *m, **mp; | |
56269 | + | |
56270 | + /* | |
56271 | + * In dealing with non-contiguous masks, there may be | |
56272 | + * many different routes which have the same mask. | |
56273 | + * We will find it useful to have a unique pointer to | |
56274 | + * the mask to speed avoiding duplicate references at | |
56275 | + * nodes and possibly save time in calculating indices. | |
56276 | + */ | |
56277 | + if (netmask) { | |
56278 | + x = rj_search(netmask, rj_masktop); | |
56279 | + mlen = *(u_char *)netmask; | |
56280 | + if (Bcmp(netmask, x->rj_key, mlen) != 0) { | |
56281 | + x = rj_addmask(netmask, 0, top->rj_off); | |
56282 | + if (x == 0) | |
56283 | + return -ENOMEM; /* (0) rgb */ | |
56284 | + } | |
56285 | + netmask = x->rj_key; | |
56286 | + b = -1 - x->rj_b; | |
56287 | + } | |
56288 | + /* | |
56289 | + * Deal with duplicated keys: attach node to previous instance | |
56290 | + */ | |
56291 | + saved_tt = tt = rj_insert(v, head, &keyduplicated, treenodes); | |
56292 | +#ifdef RJ_DEBUG | |
56293 | + printk("addkey: duplicated: %d\n", keyduplicated); | |
56294 | +#endif | |
56295 | + if (keyduplicated) { | |
56296 | + do { | |
56297 | + if (tt->rj_mask == netmask) | |
56298 | + return -EEXIST; /* -ENXIO; (0) rgb */ | |
56299 | + t = tt; | |
56300 | + if (netmask == 0 || | |
56301 | + (tt->rj_mask && rj_refines(netmask, tt->rj_mask))) | |
56302 | + break; | |
56303 | + } while ((tt = tt->rj_dupedkey)); | |
56304 | + /* | |
56305 | + * If the mask is not duplicated, we wouldn't | |
56306 | + * find it among possible duplicate key entries | |
56307 | + * anyway, so the above test doesn't hurt. | |
56308 | + * | |
56309 | + * We sort the masks for a duplicated key the same way as | |
56310 | + * in a masklist -- most specific to least specific. | |
56311 | + * This may require the unfortunate nuisance of relocating | |
56312 | + * the head of the list. | |
56313 | + */ | |
56314 | + if (tt && t == saved_tt) { | |
56315 | + struct radij_node *xx = x; | |
56316 | + /* link in at head of list */ | |
56317 | + (tt = treenodes)->rj_dupedkey = t; | |
56318 | + tt->rj_flags = t->rj_flags; | |
56319 | + tt->rj_p = x = t->rj_p; | |
56320 | + if (x->rj_l == t) x->rj_l = tt; else x->rj_r = tt; | |
56321 | + saved_tt = tt; x = xx; | |
56322 | + } else { | |
56323 | + (tt = treenodes)->rj_dupedkey = t->rj_dupedkey; | |
56324 | + t->rj_dupedkey = tt; | |
56325 | + } | |
56326 | +#ifdef RJ_DEBUG | |
56327 | + t=tt+1; tt->rj_info = rj_nodenum++; t->rj_info = rj_nodenum++; | |
56328 | + tt->rj_twin = t; tt->rj_ybro = rj_clist; rj_clist = tt; | |
56329 | +#endif /* RJ_DEBUG */ | |
56330 | + t = saved_tt; | |
56331 | + tt->rj_key = (caddr_t) v; | |
56332 | + tt->rj_b = -1; | |
56333 | + tt->rj_flags = t->rj_flags & ~RJF_ROOT; | |
56334 | + } | |
56335 | + /* | |
56336 | + * Put mask in tree. | |
56337 | + */ | |
56338 | + if (netmask) { | |
56339 | + tt->rj_mask = netmask; | |
56340 | + tt->rj_b = x->rj_b; | |
56341 | + } | |
56342 | + t = saved_tt->rj_p; | |
56343 | + b_leaf = -1 - t->rj_b; | |
56344 | + if (t->rj_r == saved_tt) x = t->rj_l; else x = t->rj_r; | |
56345 | + /* Promote general routes from below */ | |
56346 | + if (x->rj_b < 0) { | |
56347 | + if (x->rj_mask && (x->rj_b >= b_leaf) && x->rj_mklist == 0) { | |
56348 | + MKGet(m); | |
56349 | + if (m) { | |
56350 | + Bzero(m, sizeof *m); | |
56351 | + m->rm_b = x->rj_b; | |
56352 | + m->rm_mask = x->rj_mask; | |
56353 | + x->rj_mklist = t->rj_mklist = m; | |
56354 | + } | |
56355 | + } | |
56356 | + } else if (x->rj_mklist) { | |
56357 | + /* | |
56358 | + * Skip over masks whose index is > that of new node | |
56359 | + */ | |
56360 | + for (mp = &x->rj_mklist; (m = *mp); mp = &m->rm_mklist) | |
56361 | + if (m->rm_b >= b_leaf) | |
56362 | + break; | |
56363 | + t->rj_mklist = m; *mp = 0; | |
56364 | + } | |
56365 | + /* Add new route to highest possible ancestor's list */ | |
56366 | + if ((netmask == 0) || (b > t->rj_b )) { | |
56367 | +#ifdef RJ_DEBUG | |
56368 | + printk("klips:radij.c: netmask = %p or b(%d)>t->rjb(%d)\n", netmask, b, t->rj_b); | |
56369 | +#endif | |
56370 | + return 0; /* tt rgb */ /* can't lift at all */ | |
56371 | + } | |
56372 | + b_leaf = tt->rj_b; | |
56373 | + do { | |
56374 | + x = t; | |
56375 | + t = t->rj_p; | |
56376 | + } while (b <= t->rj_b && x != top); | |
56377 | + /* | |
56378 | + * Search through routes associated with node to | |
56379 | + * insert new route according to index. | |
56380 | + * For nodes of equal index, place more specific | |
56381 | + * masks first. | |
56382 | + */ | |
56383 | + cplim = netmask + mlen; | |
56384 | + for (mp = &x->rj_mklist; (m = *mp); mp = &m->rm_mklist) { | |
56385 | + if (m->rm_b < b_leaf) | |
56386 | + continue; | |
56387 | + if (m->rm_b > b_leaf) | |
56388 | + break; | |
56389 | + if (m->rm_mask == netmask) { | |
56390 | + m->rm_refs++; | |
56391 | + tt->rj_mklist = m; | |
56392 | +#ifdef RJ_DEBUG | |
56393 | + printk("klips:radij.c: m->rm_mask %p == netmask\n", netmask); | |
56394 | +#endif | |
56395 | + return 0; /* tt rgb */ | |
56396 | + } | |
56397 | + if (rj_refines(netmask, m->rm_mask)) | |
56398 | + break; | |
56399 | + } | |
56400 | + MKGet(m); | |
56401 | + if (m == 0) { | |
56402 | + printk("klips_debug:rj_addroute: " | |
56403 | + "Mask for route not entered\n"); | |
56404 | + return 0; /* (tt) rgb */ | |
56405 | + } | |
56406 | + Bzero(m, sizeof *m); | |
56407 | + m->rm_b = b_leaf; | |
56408 | + m->rm_mask = netmask; | |
56409 | + m->rm_mklist = *mp; | |
56410 | + *mp = m; | |
56411 | + tt->rj_mklist = m; | |
56412 | +#ifdef RJ_DEBUG | |
56413 | + printk("klips:radij.c: addroute done\n"); | |
56414 | +#endif | |
56415 | + return 0; /* tt rgb */ | |
56416 | +} | |
56417 | + | |
56418 | +int | |
56419 | +rj_delete(v_arg, netmask_arg, head, node) | |
56420 | + void *v_arg, *netmask_arg; | |
56421 | + struct radij_node_head *head; | |
56422 | + struct radij_node **node; | |
56423 | +{ | |
56424 | + register struct radij_node *t, *p, *x, *tt; | |
56425 | + struct radij_mask *m, *saved_m, **mp; | |
56426 | + struct radij_node *dupedkey, *saved_tt, *top; | |
56427 | + caddr_t v, netmask; | |
56428 | + int b, head_off, vlen; | |
56429 | + | |
56430 | + v = v_arg; | |
56431 | + netmask = netmask_arg; | |
56432 | + x = head->rnh_treetop; | |
56433 | + tt = rj_search(v, x); | |
56434 | + head_off = x->rj_off; | |
56435 | + vlen = *(u_char *)v; | |
56436 | + saved_tt = tt; | |
56437 | + top = x; | |
56438 | + if (tt == 0 || | |
56439 | + Bcmp(v + head_off, tt->rj_key + head_off, vlen - head_off)) | |
56440 | + return -EFAULT; /* (0) rgb */ | |
56441 | + /* | |
56442 | + * Delete our route from mask lists. | |
56443 | + */ | |
56444 | + if ((dupedkey = tt->rj_dupedkey)) { | |
56445 | + if (netmask) | |
56446 | + netmask = rj_search(netmask, rj_masktop)->rj_key; | |
56447 | + while (tt->rj_mask != netmask) | |
56448 | + if ((tt = tt->rj_dupedkey) == 0) | |
56449 | + return -ENOENT; /* -ENXIO; (0) rgb */ | |
56450 | + } | |
56451 | + if (tt->rj_mask == 0 || (saved_m = m = tt->rj_mklist) == 0) | |
56452 | + goto on1; | |
56453 | + if (m->rm_mask != tt->rj_mask) { | |
56454 | + printk("klips_debug:rj_delete: " | |
56455 | + "inconsistent annotation\n"); | |
56456 | + goto on1; | |
56457 | + } | |
56458 | + if (--m->rm_refs >= 0) | |
56459 | + goto on1; | |
56460 | + b = -1 - tt->rj_b; | |
56461 | + t = saved_tt->rj_p; | |
56462 | + if (b > t->rj_b) | |
56463 | + goto on1; /* Wasn't lifted at all */ | |
56464 | + do { | |
56465 | + x = t; | |
56466 | + t = t->rj_p; | |
56467 | + } while (b <= t->rj_b && x != top); | |
56468 | + for (mp = &x->rj_mklist; (m = *mp); mp = &m->rm_mklist) | |
56469 | + if (m == saved_m) { | |
56470 | + *mp = m->rm_mklist; | |
56471 | + MKFree(m); | |
56472 | + break; | |
56473 | + } | |
56474 | + if (m == 0) | |
56475 | + printk("klips_debug:rj_delete: " | |
56476 | + "couldn't find our annotation\n"); | |
56477 | +on1: | |
56478 | + /* | |
56479 | + * Eliminate us from tree | |
56480 | + */ | |
56481 | + if (tt->rj_flags & RJF_ROOT) | |
56482 | + return -EFAULT; /* (0) rgb */ | |
56483 | +#ifdef RJ_DEBUG | |
56484 | + /* Get us out of the creation list */ | |
56485 | + for (t = rj_clist; t && t->rj_ybro != tt; t = t->rj_ybro) {} | |
56486 | + if (t) t->rj_ybro = tt->rj_ybro; | |
56487 | +#endif /* RJ_DEBUG */ | |
56488 | + t = tt->rj_p; | |
56489 | + if (dupedkey) { | |
56490 | + if (tt == saved_tt) { | |
56491 | + x = dupedkey; x->rj_p = t; | |
56492 | + if (t->rj_l == tt) t->rj_l = x; else t->rj_r = x; | |
56493 | + } else { | |
56494 | + for (x = p = saved_tt; p && p->rj_dupedkey != tt;) | |
56495 | + p = p->rj_dupedkey; | |
56496 | + if (p) p->rj_dupedkey = tt->rj_dupedkey; | |
56497 | + else printk("klips_debug:rj_delete: " | |
56498 | + "couldn't find node that we started with\n"); | |
56499 | + } | |
56500 | + t = tt + 1; | |
56501 | + if (t->rj_flags & RJF_ACTIVE) { | |
56502 | +#ifndef RJ_DEBUG | |
56503 | + *++x = *t; p = t->rj_p; | |
56504 | +#else | |
56505 | + b = t->rj_info; *++x = *t; t->rj_info = b; p = t->rj_p; | |
56506 | +#endif /* RJ_DEBUG */ | |
56507 | + if (p->rj_l == t) p->rj_l = x; else p->rj_r = x; | |
56508 | + x->rj_l->rj_p = x; x->rj_r->rj_p = x; | |
56509 | + } | |
56510 | + goto out; | |
56511 | + } | |
56512 | + if (t->rj_l == tt) x = t->rj_r; else x = t->rj_l; | |
56513 | + p = t->rj_p; | |
56514 | + if (p->rj_r == t) p->rj_r = x; else p->rj_l = x; | |
56515 | + x->rj_p = p; | |
56516 | + /* | |
56517 | + * Demote routes attached to us. | |
56518 | + */ | |
56519 | + if (t->rj_mklist) { | |
56520 | + if (x->rj_b >= 0) { | |
56521 | + for (mp = &x->rj_mklist; (m = *mp);) | |
56522 | + mp = &m->rm_mklist; | |
56523 | + *mp = t->rj_mklist; | |
56524 | + } else { | |
56525 | + for (m = t->rj_mklist; m;) { | |
56526 | + struct radij_mask *mm = m->rm_mklist; | |
56527 | + if (m == x->rj_mklist && (--(m->rm_refs) < 0)) { | |
56528 | + x->rj_mklist = 0; | |
56529 | + MKFree(m); | |
56530 | + } else | |
56531 | + printk("klips_debug:rj_delete: " | |
56532 | + "Orphaned Mask 0p%p at 0p%p\n", m, x); | |
56533 | + m = mm; | |
56534 | + } | |
56535 | + } | |
56536 | + } | |
56537 | + /* | |
56538 | + * We may be holding an active internal node in the tree. | |
56539 | + */ | |
56540 | + x = tt + 1; | |
56541 | + if (t != x) { | |
56542 | +#ifndef RJ_DEBUG | |
56543 | + *t = *x; | |
56544 | +#else | |
56545 | + b = t->rj_info; *t = *x; t->rj_info = b; | |
56546 | +#endif /* RJ_DEBUG */ | |
56547 | + t->rj_l->rj_p = t; t->rj_r->rj_p = t; | |
56548 | + p = x->rj_p; | |
56549 | + if (p->rj_l == x) p->rj_l = t; else p->rj_r = t; | |
56550 | + } | |
56551 | +out: | |
56552 | + tt->rj_flags &= ~RJF_ACTIVE; | |
56553 | + tt[1].rj_flags &= ~RJF_ACTIVE; | |
56554 | + *node = tt; | |
56555 | + return 0; /* (tt) rgb */ | |
56556 | +} | |
56557 | + | |
56558 | +int | |
56559 | +rj_walktree(h, f, w) | |
56560 | + struct radij_node_head *h; | |
56561 | + register int (*f)(struct radij_node *,void *); | |
56562 | + void *w; | |
56563 | +{ | |
56564 | + int error; | |
56565 | + struct radij_node *base, *next; | |
56566 | + register struct radij_node *rn; | |
56567 | + | |
56568 | + if(!h || !f /* || !w */) { | |
56569 | + return -ENODATA; | |
56570 | + } | |
56571 | + | |
56572 | + rn = h->rnh_treetop; | |
56573 | + /* | |
56574 | + * This gets complicated because we may delete the node | |
56575 | + * while applying the function f to it, so we need to calculate | |
56576 | + * the successor node in advance. | |
56577 | + */ | |
56578 | + /* First time through node, go left */ | |
56579 | + while (rn->rj_b >= 0) | |
56580 | + rn = rn->rj_l; | |
56581 | + for (;;) { | |
56582 | +#ifdef CONFIG_KLIPS_DEBUG | |
56583 | + if(debug_radij) { | |
56584 | + printk("klips_debug:rj_walktree: " | |
56585 | + "for: rn=0p%p rj_b=%d rj_flags=%x", | |
56586 | + rn, | |
56587 | + rn->rj_b, | |
56588 | + rn->rj_flags); | |
56589 | + rn->rj_b >= 0 ? | |
56590 | + printk(" node off=%x\n", | |
56591 | + rn->rj_off) : | |
56592 | + printk(" leaf key = %08x->%08x\n", | |
56593 | + (u_int)ntohl(((struct sockaddr_encap *)rn->rj_key)->sen_ip_src.s_addr), | |
56594 | + (u_int)ntohl(((struct sockaddr_encap *)rn->rj_key)->sen_ip_dst.s_addr)) | |
56595 | + ; | |
56596 | + } | |
56597 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
56598 | + base = rn; | |
56599 | + /* If at right child go back up, otherwise, go right */ | |
56600 | + while (rn->rj_p->rj_r == rn && (rn->rj_flags & RJF_ROOT) == 0) | |
56601 | + rn = rn->rj_p; | |
56602 | + /* Find the next *leaf* since next node might vanish, too */ | |
56603 | + for (rn = rn->rj_p->rj_r; rn->rj_b >= 0;) | |
56604 | + rn = rn->rj_l; | |
56605 | + next = rn; | |
56606 | +#ifdef CONFIG_KLIPS_DEBUG | |
56607 | + if(debug_radij) { | |
56608 | + printk("klips_debug:rj_walktree: " | |
56609 | + "processing leaves, rn=0p%p rj_b=%d rj_flags=%x", | |
56610 | + rn, | |
56611 | + rn->rj_b, | |
56612 | + rn->rj_flags); | |
56613 | + rn->rj_b >= 0 ? | |
56614 | + printk(" node off=%x\n", | |
56615 | + rn->rj_off) : | |
56616 | + printk(" leaf key = %08x->%08x\n", | |
56617 | + (u_int)ntohl(((struct sockaddr_encap *)rn->rj_key)->sen_ip_src.s_addr), | |
56618 | + (u_int)ntohl(((struct sockaddr_encap *)rn->rj_key)->sen_ip_dst.s_addr)) | |
56619 | + ; | |
56620 | + } | |
56621 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
56622 | + /* Process leaves */ | |
56623 | + while ((rn = base)) { | |
56624 | + base = rn->rj_dupedkey; | |
56625 | +#ifdef CONFIG_KLIPS_DEBUG | |
56626 | + if(debug_radij) { | |
56627 | + printk("klips_debug:rj_walktree: " | |
56628 | + "while: base=0p%p rn=0p%p rj_b=%d rj_flags=%x", | |
56629 | + base, | |
56630 | + rn, | |
56631 | + rn->rj_b, | |
56632 | + rn->rj_flags); | |
56633 | + rn->rj_b >= 0 ? | |
56634 | + printk(" node off=%x\n", | |
56635 | + rn->rj_off) : | |
56636 | + printk(" leaf key = %08x->%08x\n", | |
56637 | + (u_int)ntohl(((struct sockaddr_encap *)rn->rj_key)->sen_ip_src.s_addr), | |
56638 | + (u_int)ntohl(((struct sockaddr_encap *)rn->rj_key)->sen_ip_dst.s_addr)) | |
56639 | + ; | |
56640 | + } | |
56641 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
56642 | + if (!(rn->rj_flags & RJF_ROOT) && (error = (*f)(rn, w))) | |
56643 | + return (-error); | |
56644 | + } | |
56645 | + rn = next; | |
56646 | + if (rn->rj_flags & RJF_ROOT) | |
56647 | + return (0); | |
56648 | + } | |
56649 | + /* NOTREACHED */ | |
56650 | +} | |
56651 | + | |
56652 | +int | |
56653 | +rj_inithead(head, off) | |
56654 | + void **head; | |
56655 | + int off; | |
56656 | +{ | |
56657 | + register struct radij_node_head *rnh; | |
56658 | + register struct radij_node *t, *tt, *ttt; | |
56659 | + if (*head) | |
56660 | + return (1); | |
56661 | + R_Malloc(rnh, struct radij_node_head *, sizeof (*rnh)); | |
56662 | + if (rnh == NULL) | |
56663 | + return (0); | |
56664 | + Bzero(rnh, sizeof (*rnh)); | |
56665 | + *head = rnh; | |
56666 | + t = rj_newpair(rj_zeroes, off, rnh->rnh_nodes); | |
56667 | + ttt = rnh->rnh_nodes + 2; | |
56668 | + t->rj_r = ttt; | |
56669 | + t->rj_p = t; | |
56670 | + tt = t->rj_l; | |
56671 | + tt->rj_flags = t->rj_flags = RJF_ROOT | RJF_ACTIVE; | |
56672 | + tt->rj_b = -1 - off; | |
56673 | + *ttt = *tt; | |
56674 | + ttt->rj_key = rj_ones; | |
56675 | + rnh->rnh_addaddr = rj_addroute; | |
56676 | + rnh->rnh_deladdr = rj_delete; | |
56677 | + rnh->rnh_matchaddr = rj_match; | |
56678 | + rnh->rnh_walktree = rj_walktree; | |
56679 | + rnh->rnh_treetop = t; | |
56680 | + return (1); | |
56681 | +} | |
56682 | + | |
56683 | +void | |
56684 | +rj_init() | |
56685 | +{ | |
56686 | + char *cp, *cplim; | |
56687 | + | |
56688 | + if (maj_keylen == 0) { | |
56689 | + printk("klips_debug:rj_init: " | |
56690 | + "radij functions require maj_keylen be set\n"); | |
56691 | + return; | |
56692 | + } | |
56693 | + R_Malloc(rj_zeroes, char *, 3 * maj_keylen); | |
56694 | + if (rj_zeroes == NULL) | |
56695 | + panic("rj_init"); | |
56696 | + Bzero(rj_zeroes, 3 * maj_keylen); | |
56697 | + rj_ones = cp = rj_zeroes + maj_keylen; | |
56698 | + maskedKey = cplim = rj_ones + maj_keylen; | |
56699 | + while (cp < cplim) | |
56700 | + *cp++ = -1; | |
56701 | + if (rj_inithead((void **)&mask_rjhead, 0) == 0) | |
56702 | + panic("rj_init 2"); | |
56703 | +} | |
56704 | + | |
56705 | +void | |
56706 | +rj_preorder(struct radij_node *rn, int l) | |
56707 | +{ | |
56708 | + int i; | |
56709 | + | |
56710 | + if (rn == NULL){ | |
56711 | + printk("klips_debug:rj_preorder: " | |
56712 | + "NULL pointer\n"); | |
56713 | + return; | |
56714 | + } | |
56715 | + | |
56716 | + if (rn->rj_b >= 0){ | |
56717 | + rj_preorder(rn->rj_l, l+1); | |
56718 | + rj_preorder(rn->rj_r, l+1); | |
56719 | + printk("klips_debug:"); | |
56720 | + for (i=0; i<l; i++) | |
56721 | + printk("*"); | |
56722 | + printk(" off = %d\n", | |
56723 | + rn->rj_off); | |
56724 | + } else { | |
56725 | + printk("klips_debug:"); | |
56726 | + for (i=0; i<l; i++) | |
56727 | + printk("@"); | |
56728 | + printk(" flags = %x", | |
56729 | + (u_int)rn->rj_flags); | |
56730 | + if (rn->rj_flags & RJF_ACTIVE) { | |
56731 | + printk(" @key=0p%p", | |
56732 | + rn->rj_key); | |
56733 | + printk(" key = %08x->%08x", | |
56734 | + (u_int)ntohl(((struct sockaddr_encap *)rn->rj_key)->sen_ip_src.s_addr), | |
56735 | + (u_int)ntohl(((struct sockaddr_encap *)rn->rj_key)->sen_ip_dst.s_addr)); | |
56736 | + printk(" @mask=0p%p", | |
56737 | + rn->rj_mask); | |
56738 | + if (rn->rj_mask) | |
56739 | + printk(" mask = %08x->%08x", | |
56740 | + (u_int)ntohl(((struct sockaddr_encap *)rn->rj_mask)->sen_ip_src.s_addr), | |
56741 | + (u_int)ntohl(((struct sockaddr_encap *)rn->rj_mask)->sen_ip_dst.s_addr)); | |
56742 | + if (rn->rj_dupedkey) | |
56743 | + printk(" dupedkey = 0p%p", | |
56744 | + rn->rj_dupedkey); | |
56745 | + } | |
56746 | + printk("\n"); | |
56747 | + } | |
56748 | +} | |
56749 | + | |
56750 | +#ifdef RJ_DEBUG | |
56751 | +DEBUG_NO_STATIC void traverse(struct radij_node *p) | |
56752 | +{ | |
56753 | + rj_preorder(p, 0); | |
56754 | +} | |
56755 | +#endif /* RJ_DEBUG */ | |
56756 | + | |
56757 | +void | |
56758 | +rj_dumptrees(void) | |
56759 | +{ | |
56760 | + rj_preorder(rnh->rnh_treetop, 0); | |
56761 | +} | |
56762 | + | |
56763 | +void | |
56764 | +rj_free_mkfreelist(void) | |
56765 | +{ | |
56766 | + struct radij_mask *mknp, *mknp2; | |
56767 | + | |
56768 | + mknp = rj_mkfreelist; | |
56769 | + while(mknp) | |
56770 | + { | |
56771 | + mknp2 = mknp; | |
56772 | + mknp = mknp->rm_mklist; | |
56773 | + kfree(mknp2); | |
56774 | + } | |
56775 | +} | |
56776 | + | |
56777 | +int | |
56778 | +radijcleartree(void) | |
56779 | +{ | |
56780 | + return rj_walktree(rnh, ipsec_rj_walker_delete, NULL); | |
56781 | +} | |
56782 | + | |
56783 | +int | |
56784 | +radijcleanup(void) | |
56785 | +{ | |
56786 | + int error = 0; | |
56787 | + | |
56788 | + error = radijcleartree(); | |
56789 | + | |
56790 | + rj_free_mkfreelist(); | |
56791 | + | |
56792 | +/* rj_walktree(mask_rjhead, ipsec_rj_walker_delete, NULL); */ | |
56793 | + if(mask_rjhead) { | |
56794 | + kfree(mask_rjhead); | |
56795 | + } | |
56796 | + | |
56797 | + if(rj_zeroes) { | |
56798 | + kfree(rj_zeroes); | |
56799 | + } | |
56800 | + | |
56801 | + if(rnh) { | |
56802 | + kfree(rnh); | |
56803 | + } | |
56804 | + | |
56805 | + return error; | |
56806 | +} | |
56807 | + | |
56808 | +/* | |
56809 | + * $Log: radij.c,v $ | |
56810 | + * Revision 1.48.2.1 2006/10/06 21:39:27 paul | |
56811 | + * Fix for 2.6.18+ only include linux/config.h if AUTOCONF_INCLUDED is not | |
56812 | + * set. This is defined through autoconf.h which is included through the | |
56813 | + * linux kernel build macros. | |
56814 | + * | |
56815 | + * Revision 1.48 2005/04/29 05:10:22 mcr | |
56816 | + * removed from extraenous includes to make unit testing easier. | |
56817 | + * | |
56818 | + * Revision 1.47 2004/07/10 19:11:18 mcr | |
56819 | + * CONFIG_IPSEC -> CONFIG_KLIPS. | |
56820 | + * | |
56821 | + * Revision 1.46 2004/04/06 02:49:26 mcr | |
56822 | + * pullup of algo code from alg-branch. | |
56823 | + * | |
56824 | + * Revision 1.45 2003/10/31 02:27:55 mcr | |
56825 | + * pulled up port-selector patches and sa_id elimination. | |
56826 | + * | |
56827 | + * Revision 1.44.30.1 2003/10/29 01:30:41 mcr | |
56828 | + * elimited "struct sa_id". | |
56829 | + * | |
56830 | + * Revision 1.44 2002/07/24 18:44:54 rgb | |
56831 | + * Type fiddling to tame ia64 compiler. | |
56832 | + * | |
56833 | + * Revision 1.43 2002/05/23 07:14:11 rgb | |
56834 | + * Cleaned up %p variants to 0p%p for test suite cleanup. | |
56835 | + * | |
56836 | + * Revision 1.42 2002/04/24 07:55:32 mcr | |
56837 | + * #include patches and Makefiles for post-reorg compilation. | |
56838 | + * | |
56839 | + * Revision 1.41 2002/04/24 07:36:35 mcr | |
56840 | + * Moved from ./klips/net/ipsec/radij.c,v | |
56841 | + * | |
56842 | + * Revision 1.40 2002/01/29 17:17:58 mcr | |
56843 | + * moved include of ipsec_param.h to after include of linux/kernel.h | |
56844 | + * otherwise, it seems that some option that is set in ipsec_param.h | |
56845 | + * screws up something subtle in the include path to kernel.h, and | |
56846 | + * it complains on the snprintf() prototype. | |
56847 | + * | |
56848 | + * Revision 1.39 2002/01/29 04:00:55 mcr | |
56849 | + * more excise of kversions.h header. | |
56850 | + * | |
56851 | + * Revision 1.38 2002/01/29 02:13:19 mcr | |
56852 | + * introduction of ipsec_kversion.h means that include of | |
56853 | + * ipsec_param.h must preceed any decisions about what files to | |
56854 | + * include to deal with differences in kernel source. | |
56855 | + * | |
56856 | + * Revision 1.37 2001/10/18 04:45:23 rgb | |
56857 | + * 2.4.9 kernel deprecates linux/malloc.h in favour of linux/slab.h, | |
56858 | + * lib/freeswan.h version macros moved to lib/kversions.h. | |
56859 | + * Other compiler directive cleanups. | |
56860 | + * | |
56861 | + * Revision 1.36 2001/08/22 13:43:51 henry | |
56862 | + * eliminate the single use of min() to avoid problems with Linus changing it | |
56863 | + * | |
56864 | + * Revision 1.35 2001/06/15 04:57:29 rgb | |
56865 | + * Clarified error return codes. | |
56866 | + * Changed mask add already exists to EEXIST. | |
56867 | + * Changed mask delete did not exist to ENOENT. | |
56868 | + * | |
56869 | + * Revision 1.34 2001/05/03 19:44:26 rgb | |
56870 | + * Fix sign of error return codes for rj_addroute(). | |
56871 | + * | |
56872 | + * Revision 1.33 2001/02/27 22:24:56 rgb | |
56873 | + * Re-formatting debug output (line-splitting, joining, 1arg/line). | |
56874 | + * Check for satoa() return codes. | |
56875 | + * | |
56876 | + * Revision 1.32 2001/02/27 06:23:15 rgb | |
56877 | + * Debug line splitting. | |
56878 | + * | |
56879 | + * Revision 1.31 2000/11/06 04:35:21 rgb | |
56880 | + * Clear table *before* releasing other items in radijcleanup. | |
56881 | + * | |
56882 | + * Revision 1.30 2000/09/20 04:07:40 rgb | |
56883 | + * Changed static functions to DEBUG_NO_STATIC to reveal function names in | |
56884 | + * oopsen. | |
56885 | + * | |
56886 | + * Revision 1.29 2000/09/12 03:25:02 rgb | |
56887 | + * Moved radij_c_version printing to ipsec_version_get_info(). | |
56888 | + * | |
56889 | + * Revision 1.28 2000/09/08 19:12:56 rgb | |
56890 | + * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG. | |
56891 | + * | |
56892 | + * Revision 1.27 2000/07/28 14:58:32 rgb | |
56893 | + * Changed kfree_s to kfree, eliminating extra arg to fix 2.4.0-test5. | |
56894 | + * | |
56895 | + * Revision 1.26 2000/05/10 23:11:37 rgb | |
56896 | + * Comment out most of the startup version information. | |
56897 | + * | |
56898 | + * Revision 1.25 2000/01/21 06:21:47 rgb | |
56899 | + * Change return codes to negative on error. | |
56900 | + * | |
56901 | + * Revision 1.24 1999/11/18 04:09:20 rgb | |
56902 | + * Replaced all kernel version macros to shorter, readable form. | |
56903 | + * | |
56904 | + * Revision 1.23 1999/11/17 15:53:41 rgb | |
56905 | + * Changed all occurrences of #include "../../../lib/freeswan.h" | |
56906 | + * to #include <freeswan.h> which works due to -Ilibfreeswan in the | |
56907 | + * klips/net/ipsec/Makefile. | |
56908 | + * | |
56909 | + * Revision 1.22 1999/10/15 22:17:28 rgb | |
56910 | + * Modify radijcleanup() to call radijcleartree(). | |
56911 | + * | |
56912 | + * Revision 1.21 1999/10/08 18:37:34 rgb | |
56913 | + * Fix end-of-line spacing to sate whining PHMs. | |
56914 | + * | |
56915 | + * Revision 1.20 1999/10/01 15:44:54 rgb | |
56916 | + * Move spinlock header include to 2.1> scope. | |
56917 | + * | |
56918 | + * Revision 1.19 1999/10/01 08:35:52 rgb | |
56919 | + * Add spinlock include to shut up compiler for 2.0.38. | |
56920 | + * | |
56921 | + * Revision 1.18 1999/09/23 18:02:52 rgb | |
56922 | + * De-alarm the search failure message so it doesn't sound so grave. | |
56923 | + * | |
56924 | + * Revision 1.17 1999/05/25 21:26:01 rgb | |
56925 | + * Fix rj_walktree() sanity checking bug. | |
56926 | + * | |
56927 | + * Revision 1.16 1999/05/09 03:25:38 rgb | |
56928 | + * Fix bug introduced by 2.2 quick-and-dirty patch. | |
56929 | + * | |
56930 | + * Revision 1.15 1999/05/05 22:02:33 rgb | |
56931 | + * Add a quick and dirty port to 2.2 kernels by Marc Boucher <marc@mbsi.ca>. | |
56932 | + * | |
56933 | + * Revision 1.14 1999/04/29 15:24:15 rgb | |
56934 | + * Add sanity checking for null pointer arguments. | |
56935 | + * Standardise an error return method. | |
56936 | + * | |
56937 | + * Revision 1.13 1999/04/11 00:29:02 henry | |
56938 | + * GPL boilerplate | |
56939 | + * | |
56940 | + * Revision 1.12 1999/04/06 04:54:28 rgb | |
56941 | + * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes | |
56942 | + * patch shell fixes. | |
56943 | + * | |
56944 | + * Revision 1.11 1999/02/17 16:52:53 rgb | |
56945 | + * Convert DEBUG_IPSEC to KLIPS_PRINT | |
56946 | + * Clean out unused cruft. | |
56947 | + * | |
56948 | + * Revision 1.10 1999/01/22 06:30:05 rgb | |
56949 | + * Cruft clean-out. | |
56950 | + * 64-bit clean-up. | |
56951 | + * | |
56952 | + * Revision 1.9 1998/12/01 13:22:04 rgb | |
56953 | + * Added support for debug printing of version info. | |
56954 | + * | |
56955 | + * Revision 1.8 1998/11/30 13:22:55 rgb | |
56956 | + * Rationalised all the klips kernel file headers. They are much shorter | |
56957 | + * now and won't conflict under RH5.2. | |
56958 | + * | |
56959 | + * Revision 1.7 1998/10/25 02:43:26 rgb | |
56960 | + * Change return type on rj_addroute and rj_delete and add and argument | |
56961 | + * to the latter to be able to transmit more infomation about errors. | |
56962 | + * | |
56963 | + * Revision 1.6 1998/10/19 14:30:06 rgb | |
56964 | + * Added inclusion of freeswan.h. | |
56965 | + * | |
56966 | + * Revision 1.5 1998/10/09 04:33:27 rgb | |
56967 | + * Added 'klips_debug' prefix to all klips printk debug statements. | |
56968 | + * Fixed output formatting slightly. | |
56969 | + * | |
56970 | + * Revision 1.4 1998/07/28 00:06:59 rgb | |
56971 | + * Add debug detail to tree traversing. | |
56972 | + * | |
56973 | + * Revision 1.3 1998/07/14 18:07:58 rgb | |
56974 | + * Add a routine to clear the eroute tree. | |
56975 | + * | |
56976 | + * Revision 1.2 1998/06/25 20:03:22 rgb | |
56977 | + * Cleanup #endif comments. Debug output for rj_init. | |
56978 | + * | |
56979 | + * Revision 1.1 1998/06/18 21:30:22 henry | |
56980 | + * move sources from klips/src to klips/net/ipsec to keep stupid kernel | |
56981 | + * build scripts happier about symlinks | |
56982 | + * | |
56983 | + * Revision 1.8 1998/05/25 20:34:15 rgb | |
56984 | + * Remove temporary ipsec_walk, rj_deltree and rj_delnodes functions. | |
56985 | + * | |
56986 | + * Rename ipsec_rj_walker (ipsec_walk) to ipsec_rj_walker_procprint and | |
56987 | + * add ipsec_rj_walker_delete. | |
56988 | + * | |
56989 | + * Recover memory for eroute table on unload of module. | |
56990 | + * | |
56991 | + * Revision 1.7 1998/05/21 12:58:58 rgb | |
56992 | + * Moved 'extern' definitions to ipsec_radij.h to support /proc 3k limit fix. | |
56993 | + * | |
56994 | + * Revision 1.6 1998/04/23 20:57:29 rgb | |
56995 | + * Cleaned up compiler warnings for unused debugging functions. | |
56996 | + * | |
56997 | + * Revision 1.5 1998/04/22 16:51:38 rgb | |
56998 | + * Tidy up radij debug code from recent rash of modifications to debug code. | |
56999 | + * | |
57000 | + * Revision 1.4 1998/04/21 21:28:56 rgb | |
57001 | + * Rearrange debug switches to change on the fly debug output from user | |
57002 | + * space. Only kernel changes checked in at this time. radij.c was also | |
57003 | + * changed to temporarily remove buggy debugging code in rj_delete causing | |
57004 | + * an OOPS and hence, netlink device open errors. | |
57005 | + * | |
57006 | + * Revision 1.3 1998/04/14 17:30:37 rgb | |
57007 | + * Fix up compiling errors for radij tree memory reclamation. | |
57008 | + * | |
57009 | + * Revision 1.2 1998/04/12 22:03:25 rgb | |
57010 | + * Updated ESP-3DES-HMAC-MD5-96, | |
57011 | + * ESP-DES-HMAC-MD5-96, | |
57012 | + * AH-HMAC-MD5-96, | |
57013 | + * AH-HMAC-SHA1-96 since Henry started freeswan cvs repository | |
57014 | + * from old standards (RFC182[5-9] to new (as of March 1998) drafts. | |
57015 | + * | |
57016 | + * Fixed eroute references in /proc/net/ipsec*. | |
57017 | + * | |
57018 | + * Started to patch module unloading memory leaks in ipsec_netlink and | |
57019 | + * radij tree unloading. | |
57020 | + * | |
57021 | + * Revision 1.1 1998/04/09 03:06:15 henry | |
57022 | + * sources moved up from linux/net/ipsec | |
57023 | + * | |
57024 | + * Revision 1.1.1.1 1998/04/08 05:35:03 henry | |
57025 | + * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8 | |
57026 | + * | |
57027 | + * Revision 0.4 1997/01/15 01:28:15 ji | |
57028 | + * No changes. | |
57029 | + * | |
57030 | + * Revision 0.3 1996/11/20 14:39:04 ji | |
57031 | + * Minor cleanups. | |
57032 | + * Rationalized debugging code. | |
57033 | + * | |
57034 | + * Revision 0.2 1996/11/02 00:18:33 ji | |
57035 | + * First limited release. | |
57036 | + * | |
57037 | + * | |
57038 | + */ | |
57039 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
57040 | +++ linux/net/ipsec/rangetoa.c Mon Feb 9 13:51:03 2004 | |
57041 | @@ -0,0 +1,60 @@ | |
57042 | +/* | |
57043 | + * convert binary form of address range to ASCII | |
57044 | + * Copyright (C) 1998, 1999 Henry Spencer. | |
57045 | + * | |
57046 | + * This library is free software; you can redistribute it and/or modify it | |
57047 | + * under the terms of the GNU Library General Public License as published by | |
57048 | + * the Free Software Foundation; either version 2 of the License, or (at your | |
57049 | + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. | |
57050 | + * | |
57051 | + * This library is distributed in the hope that it will be useful, but | |
57052 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
57053 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public | |
57054 | + * License for more details. | |
57055 | + * | |
57056 | + * RCSID $Id: rangetoa.c,v 1.9 2004/07/10 07:48:37 mcr Exp $ | |
57057 | + */ | |
57058 | +#include "openswan.h" | |
57059 | + | |
57060 | +/* | |
57061 | + - rangetoa - convert address range to ASCII | |
57062 | + */ | |
57063 | +size_t /* space needed for full conversion */ | |
57064 | +rangetoa(addrs, format, dst, dstlen) | |
57065 | +struct in_addr addrs[2]; | |
57066 | +int format; /* character */ | |
57067 | +char *dst; /* need not be valid if dstlen is 0 */ | |
57068 | +size_t dstlen; | |
57069 | +{ | |
57070 | + size_t len; | |
57071 | + size_t rest; | |
57072 | + int n; | |
57073 | + char *p; | |
57074 | + | |
57075 | + switch (format) { | |
57076 | + case 0: | |
57077 | + break; | |
57078 | + default: | |
57079 | + return 0; | |
57080 | + break; | |
57081 | + } | |
57082 | + | |
57083 | + len = addrtoa(addrs[0], 0, dst, dstlen); | |
57084 | + if (len < dstlen) | |
57085 | + for (p = dst + len - 1, n = 3; len < dstlen && n > 0; | |
57086 | + p++, len++, n--) | |
57087 | + *p = '.'; | |
57088 | + else | |
57089 | + p = NULL; | |
57090 | + if (len < dstlen) | |
57091 | + rest = dstlen - len; | |
57092 | + else { | |
57093 | + if (dstlen > 0) | |
57094 | + *(dst + dstlen - 1) = '\0'; | |
57095 | + rest = 0; | |
57096 | + } | |
57097 | + | |
57098 | + len += addrtoa(addrs[1], 0, p, rest); | |
57099 | + | |
57100 | + return len; | |
57101 | +} | |
57102 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
57103 | +++ linux/net/ipsec/satot.c Mon Feb 9 13:51:03 2004 | |
57104 | @@ -0,0 +1,133 @@ | |
57105 | +/* | |
57106 | + * convert from binary form of SA ID to text | |
57107 | + * Copyright (C) 2000, 2001 Henry Spencer. | |
57108 | + * | |
57109 | + * This library is free software; you can redistribute it and/or modify it | |
57110 | + * under the terms of the GNU Library General Public License as published by | |
57111 | + * the Free Software Foundation; either version 2 of the License, or (at your | |
57112 | + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. | |
57113 | + * | |
57114 | + * This library is distributed in the hope that it will be useful, but | |
57115 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
57116 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public | |
57117 | + * License for more details. | |
57118 | + * | |
57119 | + * RCSID $Id: satot.c,v 1.13 2004/07/10 07:48:37 mcr Exp $ | |
57120 | + */ | |
57121 | +#include "openswan.h" | |
57122 | + | |
57123 | +static struct typename { | |
57124 | + char type; | |
57125 | + char *name; | |
57126 | +} typenames[] = { | |
57127 | + { SA_AH, "ah" }, | |
57128 | + { SA_ESP, "esp" }, | |
57129 | + { SA_IPIP, "tun" }, | |
57130 | + { SA_COMP, "comp" }, | |
57131 | + { SA_INT, "int" }, | |
57132 | + { 0, NULL } | |
57133 | +}; | |
57134 | + | |
57135 | +/* | |
57136 | + - satot - convert SA to text "ah507@1.2.3.4" | |
57137 | + */ | |
57138 | +size_t /* space needed for full conversion */ | |
57139 | +satot(sa, format, dst, dstlen) | |
57140 | +const ip_said *sa; | |
57141 | +int format; /* character */ | |
57142 | +char *dst; /* need not be valid if dstlen is 0 */ | |
57143 | +size_t dstlen; | |
57144 | +{ | |
57145 | + size_t len = 0; /* 0 means "not recognized yet" */ | |
57146 | + int base; | |
57147 | + int showversion; /* use delimiter to show IP version? */ | |
57148 | + struct typename *tn; | |
57149 | + char *p; | |
57150 | + char *pre; | |
57151 | + char buf[10+1+ULTOT_BUF+ADDRTOT_BUF]; | |
57152 | + char unk[10]; | |
57153 | + | |
57154 | + switch (format) { | |
57155 | + case 0: | |
57156 | + base = 16; | |
57157 | + showversion = 1; | |
57158 | + break; | |
57159 | + case 'f': | |
57160 | + base = 17; | |
57161 | + showversion = 1; | |
57162 | + break; | |
57163 | + case 'x': | |
57164 | + base = 'x'; | |
57165 | + showversion = 0; | |
57166 | + break; | |
57167 | + case 'd': | |
57168 | + base = 10; | |
57169 | + showversion = 0; | |
57170 | + break; | |
57171 | + default: | |
57172 | + return 0; | |
57173 | + break; | |
57174 | + } | |
57175 | + | |
57176 | + memset(buf, 0, sizeof(buf)); | |
57177 | + | |
57178 | + pre = NULL; | |
57179 | + for (tn = typenames; tn->name != NULL; tn++) | |
57180 | + if (sa->proto == tn->type) { | |
57181 | + pre = tn->name; | |
57182 | + break; /* NOTE BREAK OUT */ | |
57183 | + } | |
57184 | + if (pre == NULL) { /* unknown protocol */ | |
57185 | + strcpy(unk, "unk"); | |
57186 | + (void) ultot((unsigned char)sa->proto, 10, unk+strlen(unk), | |
57187 | + sizeof(unk)-strlen(unk)); | |
57188 | + pre = unk; | |
57189 | + } | |
57190 | + | |
57191 | + if (strcmp(pre, PASSTHROUGHTYPE) == 0 && | |
57192 | + sa->spi == PASSTHROUGHSPI && | |
57193 | + isunspecaddr(&sa->dst)) { | |
57194 | + strcpy(buf, (addrtypeof(&sa->dst) == AF_INET) ? | |
57195 | + PASSTHROUGH4NAME : | |
57196 | + PASSTHROUGH6NAME); | |
57197 | + len = strlen(buf); | |
57198 | + } | |
57199 | + | |
57200 | + if (sa->proto == SA_INT) { | |
57201 | + switch (ntohl(sa->spi)) { | |
57202 | + case SPI_PASS: p = "%pass"; break; | |
57203 | + case SPI_DROP: p = "%drop"; break; | |
57204 | + case SPI_REJECT: p = "%reject"; break; | |
57205 | + case SPI_HOLD: p = "%hold"; break; | |
57206 | + case SPI_TRAP: p = "%trap"; break; | |
57207 | + case SPI_TRAPSUBNET: p = "%trapsubnet"; break; | |
57208 | + default: p = NULL; break; | |
57209 | + } | |
57210 | + if (p != NULL) { | |
57211 | + strcpy(buf, p); | |
57212 | + len = strlen(buf); | |
57213 | + } | |
57214 | + } | |
57215 | + | |
57216 | + if (len == 0) { /* general case needed */ | |
57217 | + strcpy(buf, pre); | |
57218 | + len = strlen(buf); | |
57219 | + if (showversion) { | |
57220 | + *(buf+len) = (addrtypeof(&sa->dst) == AF_INET) ? '.' : | |
57221 | + ':'; | |
57222 | + len++; | |
57223 | + *(buf+len) = '\0'; | |
57224 | + } | |
57225 | + len += ultot(ntohl(sa->spi), base, buf+len, sizeof(buf)-len); | |
57226 | + *(buf+len-1) = '@'; | |
57227 | + len += addrtot(&sa->dst, 0, buf+len, sizeof(buf)-len); | |
57228 | + *(buf+len) = '\0'; | |
57229 | + } | |
57230 | + | |
57231 | + if (dst != NULL) { | |
57232 | + if (len > dstlen) | |
57233 | + *(buf+dstlen-1) = '\0'; | |
57234 | + strcpy(dst, buf); | |
57235 | + } | |
57236 | + return len; | |
57237 | +} | |
57238 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
57239 | +++ linux/net/ipsec/subnetof.c Mon Feb 9 13:51:03 2004 | |
57240 | @@ -0,0 +1,59 @@ | |
57241 | +/* | |
57242 | + * minor network-address manipulation utilities | |
57243 | + * Copyright (C) 1998, 1999 Henry Spencer. | |
57244 | + * | |
57245 | + * This library is free software; you can redistribute it and/or modify it | |
57246 | + * under the terms of the GNU Library General Public License as published by | |
57247 | + * the Free Software Foundation; either version 2 of the License, or (at your | |
57248 | + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. | |
57249 | + * | |
57250 | + * This library is distributed in the hope that it will be useful, but | |
57251 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
57252 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public | |
57253 | + * License for more details. | |
57254 | + * | |
57255 | + * RCSID $Id: subnetof.c,v 1.8 2004/07/10 07:48:37 mcr Exp $ | |
57256 | + */ | |
57257 | +#include "openswan.h" | |
57258 | + | |
57259 | +/* | |
57260 | + - subnetof - given address and mask, return subnet part | |
57261 | + */ | |
57262 | +struct in_addr | |
57263 | +subnetof(addr, mask) | |
57264 | +struct in_addr addr; | |
57265 | +struct in_addr mask; | |
57266 | +{ | |
57267 | + struct in_addr result; | |
57268 | + | |
57269 | + result.s_addr = addr.s_addr & mask.s_addr; | |
57270 | + return result; | |
57271 | +} | |
57272 | + | |
57273 | +/* | |
57274 | + - hostof - given address and mask, return host part | |
57275 | + */ | |
57276 | +struct in_addr | |
57277 | +hostof(addr, mask) | |
57278 | +struct in_addr addr; | |
57279 | +struct in_addr mask; | |
57280 | +{ | |
57281 | + struct in_addr result; | |
57282 | + | |
57283 | + result.s_addr = addr.s_addr & ~mask.s_addr; | |
57284 | + return result; | |
57285 | +} | |
57286 | + | |
57287 | +/* | |
57288 | + - broadcastof - given (network) address and mask, return broadcast address | |
57289 | + */ | |
57290 | +struct in_addr | |
57291 | +broadcastof(addr, mask) | |
57292 | +struct in_addr addr; | |
57293 | +struct in_addr mask; | |
57294 | +{ | |
57295 | + struct in_addr result; | |
57296 | + | |
57297 | + result.s_addr = addr.s_addr | ~mask.s_addr; | |
57298 | + return result; | |
57299 | +} | |
57300 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
57301 | +++ linux/net/ipsec/subnettoa.c Mon Feb 9 13:51:03 2004 | |
57302 | @@ -0,0 +1,61 @@ | |
57303 | +/* | |
57304 | + * convert binary form of subnet description to ASCII | |
57305 | + * Copyright (C) 1998, 1999 Henry Spencer. | |
57306 | + * | |
57307 | + * This library is free software; you can redistribute it and/or modify it | |
57308 | + * under the terms of the GNU Library General Public License as published by | |
57309 | + * the Free Software Foundation; either version 2 of the License, or (at your | |
57310 | + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. | |
57311 | + * | |
57312 | + * This library is distributed in the hope that it will be useful, but | |
57313 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
57314 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public | |
57315 | + * License for more details. | |
57316 | + * | |
57317 | + * RCSID $Id: subnettoa.c,v 1.11 2004/07/10 07:48:37 mcr Exp $ | |
57318 | + */ | |
57319 | +#include "openswan.h" | |
57320 | + | |
57321 | +/* | |
57322 | + - subnettoa - convert address and mask to ASCII "addr/mask" | |
57323 | + * Output expresses the mask as a bit count if possible, else dotted decimal. | |
57324 | + */ | |
57325 | +size_t /* space needed for full conversion */ | |
57326 | +subnettoa(addr, mask, format, dst, dstlen) | |
57327 | +struct in_addr addr; | |
57328 | +struct in_addr mask; | |
57329 | +int format; /* character */ | |
57330 | +char *dst; /* need not be valid if dstlen is 0 */ | |
57331 | +size_t dstlen; | |
57332 | +{ | |
57333 | + size_t len; | |
57334 | + size_t rest; | |
57335 | + int n; | |
57336 | + char *p; | |
57337 | + | |
57338 | + switch (format) { | |
57339 | + case 0: | |
57340 | + break; | |
57341 | + default: | |
57342 | + return 0; | |
57343 | + break; | |
57344 | + } | |
57345 | + | |
57346 | + len = addrtoa(addr, 0, dst, dstlen); | |
57347 | + if (len < dstlen) { | |
57348 | + dst[len - 1] = '/'; | |
57349 | + p = dst + len; | |
57350 | + rest = dstlen - len; | |
57351 | + } else { | |
57352 | + p = NULL; | |
57353 | + rest = 0; | |
57354 | + } | |
57355 | + | |
57356 | + n = masktobits(mask); | |
57357 | + if (n >= 0) | |
57358 | + len += ultoa((unsigned long)n, 10, p, rest); | |
57359 | + else | |
57360 | + len += addrtoa(mask, 0, p, rest); | |
57361 | + | |
57362 | + return len; | |
57363 | +} | |
57364 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
57365 | +++ linux/net/ipsec/sysctl_net_ipsec.c Mon Feb 9 13:51:03 2004 | |
57366 | @@ -0,0 +1,199 @@ | |
57367 | +/* | |
57368 | + * sysctl interface to net IPSEC subsystem. | |
57369 | + * Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs. | |
57370 | + * | |
57371 | + * This program is free software; you can redistribute it and/or modify it | |
57372 | + * under the terms of the GNU General Public License as published by the | |
57373 | + * Free Software Foundation; either version 2 of the License, or (at your | |
57374 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
57375 | + * | |
57376 | + * This program is distributed in the hope that it will be useful, but | |
57377 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
57378 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
57379 | + * for more details. | |
57380 | + * | |
57381 | + * RCSID $Id: sysctl_net_ipsec.c,v 1.17 2004/07/10 19:11:18 mcr Exp $ | |
57382 | + */ | |
57383 | + | |
57384 | +/* -*- linux-c -*- | |
57385 | + * | |
57386 | + * Initiated April 3, 1998, Richard Guy Briggs <rgb@conscoop.ottawa.on.ca> | |
57387 | + */ | |
57388 | + | |
57389 | +#include <linux/mm.h> | |
57390 | +#include <linux/sysctl.h> | |
57391 | + | |
57392 | +#include "openswan/ipsec_param.h" | |
57393 | + | |
57394 | +#ifdef CONFIG_SYSCTL | |
57395 | + | |
57396 | +#define NET_IPSEC 2112 /* Random number */ | |
57397 | +#ifdef CONFIG_KLIPS_DEBUG | |
57398 | +extern int debug_ah; | |
57399 | +extern int debug_esp; | |
57400 | +extern int debug_tunnel; | |
57401 | +extern int debug_eroute; | |
57402 | +extern int debug_spi; | |
57403 | +extern int debug_radij; | |
57404 | +extern int debug_netlink; | |
57405 | +extern int debug_xform; | |
57406 | +extern int debug_rcv; | |
57407 | +extern int debug_pfkey; | |
57408 | +extern int sysctl_ipsec_debug_verbose; | |
57409 | +#ifdef CONFIG_KLIPS_IPCOMP | |
57410 | +extern int sysctl_ipsec_debug_ipcomp; | |
57411 | +#endif /* CONFIG_KLIPS_IPCOMP */ | |
57412 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
57413 | + | |
57414 | +extern int sysctl_ipsec_icmp; | |
57415 | +extern int sysctl_ipsec_inbound_policy_check; | |
57416 | +extern int sysctl_ipsec_tos; | |
57417 | +int sysctl_ipsec_regress_pfkey_lossage; | |
57418 | + | |
57419 | +enum { | |
57420 | +#ifdef CONFIG_KLIPS_DEBUG | |
57421 | + NET_IPSEC_DEBUG_AH=1, | |
57422 | + NET_IPSEC_DEBUG_ESP=2, | |
57423 | + NET_IPSEC_DEBUG_TUNNEL=3, | |
57424 | + NET_IPSEC_DEBUG_EROUTE=4, | |
57425 | + NET_IPSEC_DEBUG_SPI=5, | |
57426 | + NET_IPSEC_DEBUG_RADIJ=6, | |
57427 | + NET_IPSEC_DEBUG_NETLINK=7, | |
57428 | + NET_IPSEC_DEBUG_XFORM=8, | |
57429 | + NET_IPSEC_DEBUG_RCV=9, | |
57430 | + NET_IPSEC_DEBUG_PFKEY=10, | |
57431 | + NET_IPSEC_DEBUG_VERBOSE=11, | |
57432 | + NET_IPSEC_DEBUG_IPCOMP=12, | |
57433 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
57434 | + NET_IPSEC_ICMP=13, | |
57435 | + NET_IPSEC_INBOUND_POLICY_CHECK=14, | |
57436 | + NET_IPSEC_TOS=15, | |
57437 | + NET_IPSEC_REGRESS_PFKEY_LOSSAGE=16, | |
57438 | +}; | |
57439 | + | |
57440 | +static ctl_table ipsec_table[] = { | |
57441 | +#ifdef CONFIG_KLIPS_DEBUG | |
57442 | + { NET_IPSEC_DEBUG_AH, "debug_ah", &debug_ah, | |
57443 | + sizeof(int), 0644, NULL, &proc_dointvec}, | |
57444 | + { NET_IPSEC_DEBUG_ESP, "debug_esp", &debug_esp, | |
57445 | + sizeof(int), 0644, NULL, &proc_dointvec}, | |
57446 | + { NET_IPSEC_DEBUG_TUNNEL, "debug_tunnel", &debug_tunnel, | |
57447 | + sizeof(int), 0644, NULL, &proc_dointvec}, | |
57448 | + { NET_IPSEC_DEBUG_EROUTE, "debug_eroute", &debug_eroute, | |
57449 | + sizeof(int), 0644, NULL, &proc_dointvec}, | |
57450 | + { NET_IPSEC_DEBUG_SPI, "debug_spi", &debug_spi, | |
57451 | + sizeof(int), 0644, NULL, &proc_dointvec}, | |
57452 | + { NET_IPSEC_DEBUG_RADIJ, "debug_radij", &debug_radij, | |
57453 | + sizeof(int), 0644, NULL, &proc_dointvec}, | |
57454 | + { NET_IPSEC_DEBUG_NETLINK, "debug_netlink", &debug_netlink, | |
57455 | + sizeof(int), 0644, NULL, &proc_dointvec}, | |
57456 | + { NET_IPSEC_DEBUG_XFORM, "debug_xform", &debug_xform, | |
57457 | + sizeof(int), 0644, NULL, &proc_dointvec}, | |
57458 | + { NET_IPSEC_DEBUG_RCV, "debug_rcv", &debug_rcv, | |
57459 | + sizeof(int), 0644, NULL, &proc_dointvec}, | |
57460 | + { NET_IPSEC_DEBUG_PFKEY, "debug_pfkey", &debug_pfkey, | |
57461 | + sizeof(int), 0644, NULL, &proc_dointvec}, | |
57462 | + { NET_IPSEC_DEBUG_VERBOSE, "debug_verbose",&sysctl_ipsec_debug_verbose, | |
57463 | + sizeof(int), 0644, NULL, &proc_dointvec}, | |
57464 | +#ifdef CONFIG_KLIPS_IPCOMP | |
57465 | + { NET_IPSEC_DEBUG_IPCOMP, "debug_ipcomp", &sysctl_ipsec_debug_ipcomp, | |
57466 | + sizeof(int), 0644, NULL, &proc_dointvec}, | |
57467 | +#endif /* CONFIG_KLIPS_IPCOMP */ | |
57468 | + | |
57469 | +#ifdef CONFIG_KLIPS_REGRESS | |
57470 | + { NET_IPSEC_REGRESS_PFKEY_LOSSAGE, "pfkey_lossage", | |
57471 | + &sysctl_ipsec_regress_pfkey_lossage, | |
57472 | + sizeof(int), 0644, NULL, &proc_dointvec}, | |
57473 | +#endif /* CONFIG_KLIPS_REGRESS */ | |
57474 | + | |
57475 | +#endif /* CONFIG_KLIPS_DEBUG */ | |
57476 | + { NET_IPSEC_ICMP, "icmp", &sysctl_ipsec_icmp, | |
57477 | + sizeof(int), 0644, NULL, &proc_dointvec}, | |
57478 | + { NET_IPSEC_INBOUND_POLICY_CHECK, "inbound_policy_check", &sysctl_ipsec_inbound_policy_check, | |
57479 | + sizeof(int), 0644, NULL, &proc_dointvec}, | |
57480 | + { NET_IPSEC_TOS, "tos", &sysctl_ipsec_tos, | |
57481 | + sizeof(int), 0644, NULL, &proc_dointvec}, | |
57482 | + {0} | |
57483 | +}; | |
57484 | + | |
57485 | +static ctl_table ipsec_net_table[] = { | |
57486 | + { NET_IPSEC, "ipsec", NULL, 0, 0555, ipsec_table }, | |
57487 | + { 0 } | |
57488 | +}; | |
57489 | + | |
57490 | +static ctl_table ipsec_root_table[] = { | |
57491 | + { CTL_NET, "net", NULL, 0, 0555, ipsec_net_table }, | |
57492 | + { 0 } | |
57493 | +}; | |
57494 | + | |
57495 | +static struct ctl_table_header *ipsec_table_header; | |
57496 | + | |
57497 | +int ipsec_sysctl_register(void) | |
57498 | +{ | |
57499 | + ipsec_table_header = register_sysctl_table(ipsec_root_table, 0); | |
57500 | + if (!ipsec_table_header) { | |
57501 | + return -ENOMEM; | |
57502 | + } | |
57503 | + return 0; | |
57504 | +} | |
57505 | + | |
57506 | +void ipsec_sysctl_unregister(void) | |
57507 | +{ | |
57508 | + unregister_sysctl_table(ipsec_table_header); | |
57509 | +} | |
57510 | + | |
57511 | +#endif /* CONFIG_SYSCTL */ | |
57512 | + | |
57513 | +/* | |
57514 | + * $Log: sysctl_net_ipsec.c,v $ | |
57515 | + * Revision 1.17 2004/07/10 19:11:18 mcr | |
57516 | + * CONFIG_IPSEC -> CONFIG_KLIPS. | |
57517 | + * | |
57518 | + * Revision 1.16 2004/04/06 02:49:26 mcr | |
57519 | + * pullup of algo code from alg-branch. | |
57520 | + * | |
57521 | + * Revision 1.15 2002/04/24 07:55:32 mcr | |
57522 | + * #include patches and Makefiles for post-reorg compilation. | |
57523 | + * | |
57524 | + * Revision 1.14 2002/04/24 07:36:35 mcr | |
57525 | + * Moved from ./klips/net/ipsec/sysctl_net_ipsec.c,v | |
57526 | + * | |
57527 | + * Revision 1.13 2002/01/12 02:58:32 mcr | |
57528 | + * first regression test causes acquire messages to be lost | |
57529 | + * 100% of the time. This is to help testing of pluto. | |
57530 | + * | |
57531 | + * Revision 1.12 2001/06/14 19:35:13 rgb | |
57532 | + * Update copyright date. | |
57533 | + * | |
57534 | + * Revision 1.11 2001/02/26 19:58:13 rgb | |
57535 | + * Drop sysctl_ipsec_{no_eroute_pass,opportunistic}, replaced by magic SAs. | |
57536 | + * | |
57537 | + * Revision 1.10 2000/09/16 01:50:15 rgb | |
57538 | + * Protect sysctl_ipsec_debug_ipcomp with compiler defines too so that the | |
57539 | + * linker won't blame rj_delete() for missing symbols. ;-> Damn statics... | |
57540 | + * | |
57541 | + * Revision 1.9 2000/09/15 23:17:51 rgb | |
57542 | + * Moved stuff around to compile with debug off. | |
57543 | + * | |
57544 | + * Revision 1.8 2000/09/15 11:37:02 rgb | |
57545 | + * Merge in heavily modified Svenning Soerensen's <svenning@post5.tele.dk> | |
57546 | + * IPCOMP zlib deflate code. | |
57547 | + * | |
57548 | + * Revision 1.7 2000/09/15 07:37:15 rgb | |
57549 | + * Munged silly log comment that was causing a warning. | |
57550 | + * | |
57551 | + * Revision 1.6 2000/09/15 04:58:23 rgb | |
57552 | + * Added tos runtime switch. | |
57553 | + * Removed 'sysctl_ipsec_' prefix from /proc/sys/net/ipsec/ filenames. | |
57554 | + * | |
57555 | + * Revision 1.5 2000/09/12 03:25:28 rgb | |
57556 | + * Filled in and implemented sysctl. | |
57557 | + * | |
57558 | + * Revision 1.4 1999/04/11 00:29:03 henry | |
57559 | + * GPL boilerplate | |
57560 | + * | |
57561 | + * Revision 1.3 1999/04/06 04:54:29 rgb | |
57562 | + * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes | |
57563 | + * patch shell fixes. | |
57564 | + * | |
57565 | + */ | |
57566 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
57567 | +++ linux/net/ipsec/trees.c Mon Feb 9 13:51:03 2004 | |
57568 | @@ -0,0 +1,1214 @@ | |
57569 | +/* trees.c -- output deflated data using Huffman coding | |
57570 | + * Copyright (C) 1995-2002 Jean-loup Gailly | |
57571 | + * For conditions of distribution and use, see copyright notice in zlib.h | |
57572 | + */ | |
57573 | + | |
57574 | +/* | |
57575 | + * ALGORITHM | |
57576 | + * | |
57577 | + * The "deflation" process uses several Huffman trees. The more | |
57578 | + * common source values are represented by shorter bit sequences. | |
57579 | + * | |
57580 | + * Each code tree is stored in a compressed form which is itself | |
57581 | + * a Huffman encoding of the lengths of all the code strings (in | |
57582 | + * ascending order by source values). The actual code strings are | |
57583 | + * reconstructed from the lengths in the inflate process, as described | |
57584 | + * in the deflate specification. | |
57585 | + * | |
57586 | + * REFERENCES | |
57587 | + * | |
57588 | + * Deutsch, L.P.,"'Deflate' Compressed Data Format Specification". | |
57589 | + * Available in ftp.uu.net:/pub/archiving/zip/doc/deflate-1.1.doc | |
57590 | + * | |
57591 | + * Storer, James A. | |
57592 | + * Data Compression: Methods and Theory, pp. 49-50. | |
57593 | + * Computer Science Press, 1988. ISBN 0-7167-8156-5. | |
57594 | + * | |
57595 | + * Sedgewick, R. | |
57596 | + * Algorithms, p290. | |
57597 | + * Addison-Wesley, 1983. ISBN 0-201-06672-6. | |
57598 | + */ | |
57599 | + | |
57600 | +/* @(#) $Id: trees.c,v 1.4 2004/07/10 07:48:39 mcr Exp $ */ | |
57601 | + | |
57602 | +/* #define GEN_TREES_H */ | |
57603 | + | |
57604 | +#include "deflate.h" | |
57605 | + | |
57606 | +#ifdef DEBUG | |
57607 | +# include <ctype.h> | |
57608 | +#endif | |
57609 | + | |
57610 | +/* =========================================================================== | |
57611 | + * Constants | |
57612 | + */ | |
57613 | + | |
57614 | +#define MAX_BL_BITS 7 | |
57615 | +/* Bit length codes must not exceed MAX_BL_BITS bits */ | |
57616 | + | |
57617 | +#define END_BLOCK 256 | |
57618 | +/* end of block literal code */ | |
57619 | + | |
57620 | +#define REP_3_6 16 | |
57621 | +/* repeat previous bit length 3-6 times (2 bits of repeat count) */ | |
57622 | + | |
57623 | +#define REPZ_3_10 17 | |
57624 | +/* repeat a zero length 3-10 times (3 bits of repeat count) */ | |
57625 | + | |
57626 | +#define REPZ_11_138 18 | |
57627 | +/* repeat a zero length 11-138 times (7 bits of repeat count) */ | |
57628 | + | |
57629 | +local const int extra_lbits[LENGTH_CODES] /* extra bits for each length code */ | |
57630 | + = {0,0,0,0,0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3,4,4,4,4,5,5,5,5,0}; | |
57631 | + | |
57632 | +local const int extra_dbits[D_CODES] /* extra bits for each distance code */ | |
57633 | + = {0,0,0,0,1,1,2,2,3,3,4,4,5,5,6,6,7,7,8,8,9,9,10,10,11,11,12,12,13,13}; | |
57634 | + | |
57635 | +local const int extra_blbits[BL_CODES]/* extra bits for each bit length code */ | |
57636 | + = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,3,7}; | |
57637 | + | |
57638 | +local const uch bl_order[BL_CODES] | |
57639 | + = {16,17,18,0,8,7,9,6,10,5,11,4,12,3,13,2,14,1,15}; | |
57640 | +/* The lengths of the bit length codes are sent in order of decreasing | |
57641 | + * probability, to avoid transmitting the lengths for unused bit length codes. | |
57642 | + */ | |
57643 | + | |
57644 | +#define Buf_size (8 * 2*sizeof(char)) | |
57645 | +/* Number of bits used within bi_buf. (bi_buf might be implemented on | |
57646 | + * more than 16 bits on some systems.) | |
57647 | + */ | |
57648 | + | |
57649 | +/* =========================================================================== | |
57650 | + * Local data. These are initialized only once. | |
57651 | + */ | |
57652 | + | |
57653 | +#define DIST_CODE_LEN 512 /* see definition of array dist_code below */ | |
57654 | + | |
57655 | +#if defined(GEN_TREES_H) || !defined(STDC) | |
57656 | +/* non ANSI compilers may not accept trees.h */ | |
57657 | + | |
57658 | +local ct_data static_ltree[L_CODES+2]; | |
57659 | +/* The static literal tree. Since the bit lengths are imposed, there is no | |
57660 | + * need for the L_CODES extra codes used during heap construction. However | |
57661 | + * The codes 286 and 287 are needed to build a canonical tree (see _tr_init | |
57662 | + * below). | |
57663 | + */ | |
57664 | + | |
57665 | +local ct_data static_dtree[D_CODES]; | |
57666 | +/* The static distance tree. (Actually a trivial tree since all codes use | |
57667 | + * 5 bits.) | |
57668 | + */ | |
57669 | + | |
57670 | +uch _dist_code[DIST_CODE_LEN]; | |
57671 | +/* Distance codes. The first 256 values correspond to the distances | |
57672 | + * 3 .. 258, the last 256 values correspond to the top 8 bits of | |
57673 | + * the 15 bit distances. | |
57674 | + */ | |
57675 | + | |
57676 | +uch _length_code[MAX_MATCH-MIN_MATCH+1]; | |
57677 | +/* length code for each normalized match length (0 == MIN_MATCH) */ | |
57678 | + | |
57679 | +local int base_length[LENGTH_CODES]; | |
57680 | +/* First normalized length for each code (0 = MIN_MATCH) */ | |
57681 | + | |
57682 | +local int base_dist[D_CODES]; | |
57683 | +/* First normalized distance for each code (0 = distance of 1) */ | |
57684 | + | |
57685 | +#else | |
57686 | +# include "trees.h" | |
57687 | +#endif /* GEN_TREES_H */ | |
57688 | + | |
57689 | +struct static_tree_desc_s { | |
57690 | + const ct_data *static_tree; /* static tree or NULL */ | |
57691 | + const intf *extra_bits; /* extra bits for each code or NULL */ | |
57692 | + int extra_base; /* base index for extra_bits */ | |
57693 | + int elems; /* max number of elements in the tree */ | |
57694 | + int max_length; /* max bit length for the codes */ | |
57695 | +}; | |
57696 | + | |
57697 | +local static_tree_desc static_l_desc = | |
57698 | +{static_ltree, extra_lbits, LITERALS+1, L_CODES, MAX_BITS}; | |
57699 | + | |
57700 | +local static_tree_desc static_d_desc = | |
57701 | +{static_dtree, extra_dbits, 0, D_CODES, MAX_BITS}; | |
57702 | + | |
57703 | +local static_tree_desc static_bl_desc = | |
57704 | +{(const ct_data *)0, extra_blbits, 0, BL_CODES, MAX_BL_BITS}; | |
57705 | + | |
57706 | +/* =========================================================================== | |
57707 | + * Local (static) routines in this file. | |
57708 | + */ | |
57709 | + | |
57710 | +local void tr_static_init OF((void)); | |
57711 | +local void init_block OF((deflate_state *s)); | |
57712 | +local void pqdownheap OF((deflate_state *s, ct_data *tree, int k)); | |
57713 | +local void gen_bitlen OF((deflate_state *s, tree_desc *desc)); | |
57714 | +local void gen_codes OF((ct_data *tree, int max_code, ushf *bl_count)); | |
57715 | +local void build_tree OF((deflate_state *s, tree_desc *desc)); | |
57716 | +local void scan_tree OF((deflate_state *s, ct_data *tree, int max_code)); | |
57717 | +local void send_tree OF((deflate_state *s, ct_data *tree, int max_code)); | |
57718 | +local int build_bl_tree OF((deflate_state *s)); | |
57719 | +local void send_all_trees OF((deflate_state *s, int lcodes, int dcodes, | |
57720 | + int blcodes)); | |
57721 | +local void compress_block OF((deflate_state *s, const ct_data *ltree, | |
57722 | + const ct_data *dtree)); | |
57723 | +local void set_data_type OF((deflate_state *s)); | |
57724 | +local unsigned bi_reverse OF((unsigned value, int length)); | |
57725 | +local void bi_windup OF((deflate_state *s)); | |
57726 | +local void bi_flush OF((deflate_state *s)); | |
57727 | +local void copy_block OF((deflate_state *s, charf *buf, unsigned len, | |
57728 | + int header)); | |
57729 | + | |
57730 | +#ifdef GEN_TREES_H | |
57731 | +local void gen_trees_header OF((void)); | |
57732 | +#endif | |
57733 | + | |
57734 | +#ifndef DEBUG | |
57735 | +# define send_code(s, c, tree) send_bits(s, tree[c].Code, tree[c].Len) | |
57736 | + /* Send a code of the given tree. c and tree must not have side effects */ | |
57737 | + | |
57738 | +#else /* DEBUG */ | |
57739 | +# define send_code(s, c, tree) \ | |
57740 | + { if (z_verbose>2) fprintf(stderr,"\ncd %3d ",(c)); \ | |
57741 | + send_bits(s, tree[c].Code, tree[c].Len); } | |
57742 | +#endif | |
57743 | + | |
57744 | +/* =========================================================================== | |
57745 | + * Output a short LSB first on the stream. | |
57746 | + * IN assertion: there is enough room in pendingBuf. | |
57747 | + */ | |
57748 | +#define put_short(s, w) { \ | |
57749 | + put_byte(s, (uch)((w) & 0xff)); \ | |
57750 | + put_byte(s, (uch)((ush)(w) >> 8)); \ | |
57751 | +} | |
57752 | + | |
57753 | +/* =========================================================================== | |
57754 | + * Send a value on a given number of bits. | |
57755 | + * IN assertion: length <= 16 and value fits in length bits. | |
57756 | + */ | |
57757 | +#ifdef DEBUG | |
57758 | +local void send_bits OF((deflate_state *s, int value, int length)); | |
57759 | + | |
57760 | +local void send_bits(s, value, length) | |
57761 | + deflate_state *s; | |
57762 | + int value; /* value to send */ | |
57763 | + int length; /* number of bits */ | |
57764 | +{ | |
57765 | + Tracevv((stderr," l %2d v %4x ", length, value)); | |
57766 | + Assert(length > 0 && length <= 15, "invalid length"); | |
57767 | + s->bits_sent += (ulg)length; | |
57768 | + | |
57769 | + /* If not enough room in bi_buf, use (valid) bits from bi_buf and | |
57770 | + * (16 - bi_valid) bits from value, leaving (width - (16-bi_valid)) | |
57771 | + * unused bits in value. | |
57772 | + */ | |
57773 | + if (s->bi_valid > (int)Buf_size - length) { | |
57774 | + s->bi_buf |= (value << s->bi_valid); | |
57775 | + put_short(s, s->bi_buf); | |
57776 | + s->bi_buf = (ush)value >> (Buf_size - s->bi_valid); | |
57777 | + s->bi_valid += length - Buf_size; | |
57778 | + } else { | |
57779 | + s->bi_buf |= value << s->bi_valid; | |
57780 | + s->bi_valid += length; | |
57781 | + } | |
57782 | +} | |
57783 | +#else /* !DEBUG */ | |
57784 | + | |
57785 | +#define send_bits(s, value, length) \ | |
57786 | +{ int len = length;\ | |
57787 | + if (s->bi_valid > (int)Buf_size - len) {\ | |
57788 | + int val = value;\ | |
57789 | + s->bi_buf |= (val << s->bi_valid);\ | |
57790 | + put_short(s, s->bi_buf);\ | |
57791 | + s->bi_buf = (ush)val >> (Buf_size - s->bi_valid);\ | |
57792 | + s->bi_valid += len - Buf_size;\ | |
57793 | + } else {\ | |
57794 | + s->bi_buf |= (value) << s->bi_valid;\ | |
57795 | + s->bi_valid += len;\ | |
57796 | + }\ | |
57797 | +} | |
57798 | +#endif /* DEBUG */ | |
57799 | + | |
57800 | + | |
57801 | +#define MAX(a,b) (a >= b ? a : b) | |
57802 | +/* the arguments must not have side effects */ | |
57803 | + | |
57804 | +/* =========================================================================== | |
57805 | + * Initialize the various 'constant' tables. | |
57806 | + */ | |
57807 | +local void tr_static_init() | |
57808 | +{ | |
57809 | +#if defined(GEN_TREES_H) || !defined(STDC) | |
57810 | + static int static_init_done = 0; | |
57811 | + int n; /* iterates over tree elements */ | |
57812 | + int bits; /* bit counter */ | |
57813 | + int length; /* length value */ | |
57814 | + int code; /* code value */ | |
57815 | + int dist; /* distance index */ | |
57816 | + ush bl_count[MAX_BITS+1]; | |
57817 | + /* number of codes at each bit length for an optimal tree */ | |
57818 | + | |
57819 | + if (static_init_done) return; | |
57820 | + | |
57821 | + /* For some embedded targets, global variables are not initialized: */ | |
57822 | + static_l_desc.static_tree = static_ltree; | |
57823 | + static_l_desc.extra_bits = extra_lbits; | |
57824 | + static_d_desc.static_tree = static_dtree; | |
57825 | + static_d_desc.extra_bits = extra_dbits; | |
57826 | + static_bl_desc.extra_bits = extra_blbits; | |
57827 | + | |
57828 | + /* Initialize the mapping length (0..255) -> length code (0..28) */ | |
57829 | + length = 0; | |
57830 | + for (code = 0; code < LENGTH_CODES-1; code++) { | |
57831 | + base_length[code] = length; | |
57832 | + for (n = 0; n < (1<<extra_lbits[code]); n++) { | |
57833 | + _length_code[length++] = (uch)code; | |
57834 | + } | |
57835 | + } | |
57836 | + Assert (length == 256, "tr_static_init: length != 256"); | |
57837 | + /* Note that the length 255 (match length 258) can be represented | |
57838 | + * in two different ways: code 284 + 5 bits or code 285, so we | |
57839 | + * overwrite length_code[255] to use the best encoding: | |
57840 | + */ | |
57841 | + _length_code[length-1] = (uch)code; | |
57842 | + | |
57843 | + /* Initialize the mapping dist (0..32K) -> dist code (0..29) */ | |
57844 | + dist = 0; | |
57845 | + for (code = 0 ; code < 16; code++) { | |
57846 | + base_dist[code] = dist; | |
57847 | + for (n = 0; n < (1<<extra_dbits[code]); n++) { | |
57848 | + _dist_code[dist++] = (uch)code; | |
57849 | + } | |
57850 | + } | |
57851 | + Assert (dist == 256, "tr_static_init: dist != 256"); | |
57852 | + dist >>= 7; /* from now on, all distances are divided by 128 */ | |
57853 | + for ( ; code < D_CODES; code++) { | |
57854 | + base_dist[code] = dist << 7; | |
57855 | + for (n = 0; n < (1<<(extra_dbits[code]-7)); n++) { | |
57856 | + _dist_code[256 + dist++] = (uch)code; | |
57857 | + } | |
57858 | + } | |
57859 | + Assert (dist == 256, "tr_static_init: 256+dist != 512"); | |
57860 | + | |
57861 | + /* Construct the codes of the static literal tree */ | |
57862 | + for (bits = 0; bits <= MAX_BITS; bits++) bl_count[bits] = 0; | |
57863 | + n = 0; | |
57864 | + while (n <= 143) static_ltree[n++].Len = 8, bl_count[8]++; | |
57865 | + while (n <= 255) static_ltree[n++].Len = 9, bl_count[9]++; | |
57866 | + while (n <= 279) static_ltree[n++].Len = 7, bl_count[7]++; | |
57867 | + while (n <= 287) static_ltree[n++].Len = 8, bl_count[8]++; | |
57868 | + /* Codes 286 and 287 do not exist, but we must include them in the | |
57869 | + * tree construction to get a canonical Huffman tree (longest code | |
57870 | + * all ones) | |
57871 | + */ | |
57872 | + gen_codes((ct_data *)static_ltree, L_CODES+1, bl_count); | |
57873 | + | |
57874 | + /* The static distance tree is trivial: */ | |
57875 | + for (n = 0; n < D_CODES; n++) { | |
57876 | + static_dtree[n].Len = 5; | |
57877 | + static_dtree[n].Code = bi_reverse((unsigned)n, 5); | |
57878 | + } | |
57879 | + static_init_done = 1; | |
57880 | + | |
57881 | +# ifdef GEN_TREES_H | |
57882 | + gen_trees_header(); | |
57883 | +# endif | |
57884 | +#endif /* defined(GEN_TREES_H) || !defined(STDC) */ | |
57885 | +} | |
57886 | + | |
57887 | +/* =========================================================================== | |
57888 | + * Genererate the file trees.h describing the static trees. | |
57889 | + */ | |
57890 | +#ifdef GEN_TREES_H | |
57891 | +# ifndef DEBUG | |
57892 | +# include <stdio.h> | |
57893 | +# endif | |
57894 | + | |
57895 | +# define SEPARATOR(i, last, width) \ | |
57896 | + ((i) == (last)? "\n};\n\n" : \ | |
57897 | + ((i) % (width) == (width)-1 ? ",\n" : ", ")) | |
57898 | + | |
57899 | +void gen_trees_header() | |
57900 | +{ | |
57901 | + FILE *header = fopen("trees.h", "w"); | |
57902 | + int i; | |
57903 | + | |
57904 | + Assert (header != NULL, "Can't open trees.h"); | |
57905 | + fprintf(header, | |
57906 | + "/* header created automatically with -DGEN_TREES_H */\n\n"); | |
57907 | + | |
57908 | + fprintf(header, "local const ct_data static_ltree[L_CODES+2] = {\n"); | |
57909 | + for (i = 0; i < L_CODES+2; i++) { | |
57910 | + fprintf(header, "{{%3u},{%3u}}%s", static_ltree[i].Code, | |
57911 | + static_ltree[i].Len, SEPARATOR(i, L_CODES+1, 5)); | |
57912 | + } | |
57913 | + | |
57914 | + fprintf(header, "local const ct_data static_dtree[D_CODES] = {\n"); | |
57915 | + for (i = 0; i < D_CODES; i++) { | |
57916 | + fprintf(header, "{{%2u},{%2u}}%s", static_dtree[i].Code, | |
57917 | + static_dtree[i].Len, SEPARATOR(i, D_CODES-1, 5)); | |
57918 | + } | |
57919 | + | |
57920 | + fprintf(header, "const uch _dist_code[DIST_CODE_LEN] = {\n"); | |
57921 | + for (i = 0; i < DIST_CODE_LEN; i++) { | |
57922 | + fprintf(header, "%2u%s", _dist_code[i], | |
57923 | + SEPARATOR(i, DIST_CODE_LEN-1, 20)); | |
57924 | + } | |
57925 | + | |
57926 | + fprintf(header, "const uch _length_code[MAX_MATCH-MIN_MATCH+1]= {\n"); | |
57927 | + for (i = 0; i < MAX_MATCH-MIN_MATCH+1; i++) { | |
57928 | + fprintf(header, "%2u%s", _length_code[i], | |
57929 | + SEPARATOR(i, MAX_MATCH-MIN_MATCH, 20)); | |
57930 | + } | |
57931 | + | |
57932 | + fprintf(header, "local const int base_length[LENGTH_CODES] = {\n"); | |
57933 | + for (i = 0; i < LENGTH_CODES; i++) { | |
57934 | + fprintf(header, "%1u%s", base_length[i], | |
57935 | + SEPARATOR(i, LENGTH_CODES-1, 20)); | |
57936 | + } | |
57937 | + | |
57938 | + fprintf(header, "local const int base_dist[D_CODES] = {\n"); | |
57939 | + for (i = 0; i < D_CODES; i++) { | |
57940 | + fprintf(header, "%5u%s", base_dist[i], | |
57941 | + SEPARATOR(i, D_CODES-1, 10)); | |
57942 | + } | |
57943 | + | |
57944 | + fclose(header); | |
57945 | +} | |
57946 | +#endif /* GEN_TREES_H */ | |
57947 | + | |
57948 | +/* =========================================================================== | |
57949 | + * Initialize the tree data structures for a new zlib stream. | |
57950 | + */ | |
57951 | +void _tr_init(s) | |
57952 | + deflate_state *s; | |
57953 | +{ | |
57954 | + tr_static_init(); | |
57955 | + | |
57956 | + s->l_desc.dyn_tree = s->dyn_ltree; | |
57957 | + s->l_desc.stat_desc = &static_l_desc; | |
57958 | + | |
57959 | + s->d_desc.dyn_tree = s->dyn_dtree; | |
57960 | + s->d_desc.stat_desc = &static_d_desc; | |
57961 | + | |
57962 | + s->bl_desc.dyn_tree = s->bl_tree; | |
57963 | + s->bl_desc.stat_desc = &static_bl_desc; | |
57964 | + | |
57965 | + s->bi_buf = 0; | |
57966 | + s->bi_valid = 0; | |
57967 | + s->last_eob_len = 8; /* enough lookahead for inflate */ | |
57968 | +#ifdef DEBUG | |
57969 | + s->compressed_len = 0L; | |
57970 | + s->bits_sent = 0L; | |
57971 | +#endif | |
57972 | + | |
57973 | + /* Initialize the first block of the first file: */ | |
57974 | + init_block(s); | |
57975 | +} | |
57976 | + | |
57977 | +/* =========================================================================== | |
57978 | + * Initialize a new block. | |
57979 | + */ | |
57980 | +local void init_block(s) | |
57981 | + deflate_state *s; | |
57982 | +{ | |
57983 | + int n; /* iterates over tree elements */ | |
57984 | + | |
57985 | + /* Initialize the trees. */ | |
57986 | + for (n = 0; n < L_CODES; n++) s->dyn_ltree[n].Freq = 0; | |
57987 | + for (n = 0; n < D_CODES; n++) s->dyn_dtree[n].Freq = 0; | |
57988 | + for (n = 0; n < BL_CODES; n++) s->bl_tree[n].Freq = 0; | |
57989 | + | |
57990 | + s->dyn_ltree[END_BLOCK].Freq = 1; | |
57991 | + s->opt_len = s->static_len = 0L; | |
57992 | + s->last_lit = s->matches = 0; | |
57993 | +} | |
57994 | + | |
57995 | +#define SMALLEST 1 | |
57996 | +/* Index within the heap array of least frequent node in the Huffman tree */ | |
57997 | + | |
57998 | + | |
57999 | +/* =========================================================================== | |
58000 | + * Remove the smallest element from the heap and recreate the heap with | |
58001 | + * one less element. Updates heap and heap_len. | |
58002 | + */ | |
58003 | +#define pqremove(s, tree, top) \ | |
58004 | +{\ | |
58005 | + top = s->heap[SMALLEST]; \ | |
58006 | + s->heap[SMALLEST] = s->heap[s->heap_len--]; \ | |
58007 | + pqdownheap(s, tree, SMALLEST); \ | |
58008 | +} | |
58009 | + | |
58010 | +/* =========================================================================== | |
58011 | + * Compares to subtrees, using the tree depth as tie breaker when | |
58012 | + * the subtrees have equal frequency. This minimizes the worst case length. | |
58013 | + */ | |
58014 | +#define smaller(tree, n, m, depth) \ | |
58015 | + (tree[n].Freq < tree[m].Freq || \ | |
58016 | + (tree[n].Freq == tree[m].Freq && depth[n] <= depth[m])) | |
58017 | + | |
58018 | +/* =========================================================================== | |
58019 | + * Restore the heap property by moving down the tree starting at node k, | |
58020 | + * exchanging a node with the smallest of its two sons if necessary, stopping | |
58021 | + * when the heap property is re-established (each father smaller than its | |
58022 | + * two sons). | |
58023 | + */ | |
58024 | +local void pqdownheap(s, tree, k) | |
58025 | + deflate_state *s; | |
58026 | + ct_data *tree; /* the tree to restore */ | |
58027 | + int k; /* node to move down */ | |
58028 | +{ | |
58029 | + int v = s->heap[k]; | |
58030 | + int j = k << 1; /* left son of k */ | |
58031 | + while (j <= s->heap_len) { | |
58032 | + /* Set j to the smallest of the two sons: */ | |
58033 | + if (j < s->heap_len && | |
58034 | + smaller(tree, s->heap[j+1], s->heap[j], s->depth)) { | |
58035 | + j++; | |
58036 | + } | |
58037 | + /* Exit if v is smaller than both sons */ | |
58038 | + if (smaller(tree, v, s->heap[j], s->depth)) break; | |
58039 | + | |
58040 | + /* Exchange v with the smallest son */ | |
58041 | + s->heap[k] = s->heap[j]; k = j; | |
58042 | + | |
58043 | + /* And continue down the tree, setting j to the left son of k */ | |
58044 | + j <<= 1; | |
58045 | + } | |
58046 | + s->heap[k] = v; | |
58047 | +} | |
58048 | + | |
58049 | +/* =========================================================================== | |
58050 | + * Compute the optimal bit lengths for a tree and update the total bit length | |
58051 | + * for the current block. | |
58052 | + * IN assertion: the fields freq and dad are set, heap[heap_max] and | |
58053 | + * above are the tree nodes sorted by increasing frequency. | |
58054 | + * OUT assertions: the field len is set to the optimal bit length, the | |
58055 | + * array bl_count contains the frequencies for each bit length. | |
58056 | + * The length opt_len is updated; static_len is also updated if stree is | |
58057 | + * not null. | |
58058 | + */ | |
58059 | +local void gen_bitlen(s, desc) | |
58060 | + deflate_state *s; | |
58061 | + tree_desc *desc; /* the tree descriptor */ | |
58062 | +{ | |
58063 | + ct_data *tree = desc->dyn_tree; | |
58064 | + int max_code = desc->max_code; | |
58065 | + const ct_data *stree = desc->stat_desc->static_tree; | |
58066 | + const intf *extra = desc->stat_desc->extra_bits; | |
58067 | + int base = desc->stat_desc->extra_base; | |
58068 | + int max_length = desc->stat_desc->max_length; | |
58069 | + int h; /* heap index */ | |
58070 | + int n, m; /* iterate over the tree elements */ | |
58071 | + int bits; /* bit length */ | |
58072 | + int xbits; /* extra bits */ | |
58073 | + ush f; /* frequency */ | |
58074 | + int overflow = 0; /* number of elements with bit length too large */ | |
58075 | + | |
58076 | + for (bits = 0; bits <= MAX_BITS; bits++) s->bl_count[bits] = 0; | |
58077 | + | |
58078 | + /* In a first pass, compute the optimal bit lengths (which may | |
58079 | + * overflow in the case of the bit length tree). | |
58080 | + */ | |
58081 | + tree[s->heap[s->heap_max]].Len = 0; /* root of the heap */ | |
58082 | + | |
58083 | + for (h = s->heap_max+1; h < HEAP_SIZE; h++) { | |
58084 | + n = s->heap[h]; | |
58085 | + bits = tree[tree[n].Dad].Len + 1; | |
58086 | + if (bits > max_length) bits = max_length, overflow++; | |
58087 | + tree[n].Len = (ush)bits; | |
58088 | + /* We overwrite tree[n].Dad which is no longer needed */ | |
58089 | + | |
58090 | + if (n > max_code) continue; /* not a leaf node */ | |
58091 | + | |
58092 | + s->bl_count[bits]++; | |
58093 | + xbits = 0; | |
58094 | + if (n >= base) xbits = extra[n-base]; | |
58095 | + f = tree[n].Freq; | |
58096 | + s->opt_len += (ulg)f * (bits + xbits); | |
58097 | + if (stree) s->static_len += (ulg)f * (stree[n].Len + xbits); | |
58098 | + } | |
58099 | + if (overflow == 0) return; | |
58100 | + | |
58101 | + Trace((stderr,"\nbit length overflow\n")); | |
58102 | + /* This happens for example on obj2 and pic of the Calgary corpus */ | |
58103 | + | |
58104 | + /* Find the first bit length which could increase: */ | |
58105 | + do { | |
58106 | + bits = max_length-1; | |
58107 | + while (s->bl_count[bits] == 0) bits--; | |
58108 | + s->bl_count[bits]--; /* move one leaf down the tree */ | |
58109 | + s->bl_count[bits+1] += 2; /* move one overflow item as its brother */ | |
58110 | + s->bl_count[max_length]--; | |
58111 | + /* The brother of the overflow item also moves one step up, | |
58112 | + * but this does not affect bl_count[max_length] | |
58113 | + */ | |
58114 | + overflow -= 2; | |
58115 | + } while (overflow > 0); | |
58116 | + | |
58117 | + /* Now recompute all bit lengths, scanning in increasing frequency. | |
58118 | + * h is still equal to HEAP_SIZE. (It is simpler to reconstruct all | |
58119 | + * lengths instead of fixing only the wrong ones. This idea is taken | |
58120 | + * from 'ar' written by Haruhiko Okumura.) | |
58121 | + */ | |
58122 | + for (bits = max_length; bits != 0; bits--) { | |
58123 | + n = s->bl_count[bits]; | |
58124 | + while (n != 0) { | |
58125 | + m = s->heap[--h]; | |
58126 | + if (m > max_code) continue; | |
58127 | + if (tree[m].Len != (unsigned) bits) { | |
58128 | + Trace((stderr,"code %d bits %d->%d\n", m, tree[m].Len, bits)); | |
58129 | + s->opt_len += ((long)bits - (long)tree[m].Len) | |
58130 | + *(long)tree[m].Freq; | |
58131 | + tree[m].Len = (ush)bits; | |
58132 | + } | |
58133 | + n--; | |
58134 | + } | |
58135 | + } | |
58136 | +} | |
58137 | + | |
58138 | +/* =========================================================================== | |
58139 | + * Generate the codes for a given tree and bit counts (which need not be | |
58140 | + * optimal). | |
58141 | + * IN assertion: the array bl_count contains the bit length statistics for | |
58142 | + * the given tree and the field len is set for all tree elements. | |
58143 | + * OUT assertion: the field code is set for all tree elements of non | |
58144 | + * zero code length. | |
58145 | + */ | |
58146 | +local void gen_codes (tree, max_code, bl_count) | |
58147 | + ct_data *tree; /* the tree to decorate */ | |
58148 | + int max_code; /* largest code with non zero frequency */ | |
58149 | + ushf *bl_count; /* number of codes at each bit length */ | |
58150 | +{ | |
58151 | + ush next_code[MAX_BITS+1]; /* next code value for each bit length */ | |
58152 | + ush code = 0; /* running code value */ | |
58153 | + int bits; /* bit index */ | |
58154 | + int n; /* code index */ | |
58155 | + | |
58156 | + /* The distribution counts are first used to generate the code values | |
58157 | + * without bit reversal. | |
58158 | + */ | |
58159 | + for (bits = 1; bits <= MAX_BITS; bits++) { | |
58160 | + next_code[bits] = code = (code + bl_count[bits-1]) << 1; | |
58161 | + } | |
58162 | + /* Check that the bit counts in bl_count are consistent. The last code | |
58163 | + * must be all ones. | |
58164 | + */ | |
58165 | + Assert (code + bl_count[MAX_BITS]-1 == (1<<MAX_BITS)-1, | |
58166 | + "inconsistent bit counts"); | |
58167 | + Tracev((stderr,"\ngen_codes: max_code %d ", max_code)); | |
58168 | + | |
58169 | + for (n = 0; n <= max_code; n++) { | |
58170 | + int len = tree[n].Len; | |
58171 | + if (len == 0) continue; | |
58172 | + /* Now reverse the bits */ | |
58173 | + tree[n].Code = bi_reverse(next_code[len]++, len); | |
58174 | + | |
58175 | + Tracecv(tree != static_ltree, (stderr,"\nn %3d %c l %2d c %4x (%x) ", | |
58176 | + n, (isgraph(n) ? n : ' '), len, tree[n].Code, next_code[len]-1)); | |
58177 | + } | |
58178 | +} | |
58179 | + | |
58180 | +/* =========================================================================== | |
58181 | + * Construct one Huffman tree and assigns the code bit strings and lengths. | |
58182 | + * Update the total bit length for the current block. | |
58183 | + * IN assertion: the field freq is set for all tree elements. | |
58184 | + * OUT assertions: the fields len and code are set to the optimal bit length | |
58185 | + * and corresponding code. The length opt_len is updated; static_len is | |
58186 | + * also updated if stree is not null. The field max_code is set. | |
58187 | + */ | |
58188 | +local void build_tree(s, desc) | |
58189 | + deflate_state *s; | |
58190 | + tree_desc *desc; /* the tree descriptor */ | |
58191 | +{ | |
58192 | + ct_data *tree = desc->dyn_tree; | |
58193 | + const ct_data *stree = desc->stat_desc->static_tree; | |
58194 | + int elems = desc->stat_desc->elems; | |
58195 | + int n, m; /* iterate over heap elements */ | |
58196 | + int max_code = -1; /* largest code with non zero frequency */ | |
58197 | + int node; /* new node being created */ | |
58198 | + | |
58199 | + /* Construct the initial heap, with least frequent element in | |
58200 | + * heap[SMALLEST]. The sons of heap[n] are heap[2*n] and heap[2*n+1]. | |
58201 | + * heap[0] is not used. | |
58202 | + */ | |
58203 | + s->heap_len = 0, s->heap_max = HEAP_SIZE; | |
58204 | + | |
58205 | + for (n = 0; n < elems; n++) { | |
58206 | + if (tree[n].Freq != 0) { | |
58207 | + s->heap[++(s->heap_len)] = max_code = n; | |
58208 | + s->depth[n] = 0; | |
58209 | + } else { | |
58210 | + tree[n].Len = 0; | |
58211 | + } | |
58212 | + } | |
58213 | + | |
58214 | + /* The pkzip format requires that at least one distance code exists, | |
58215 | + * and that at least one bit should be sent even if there is only one | |
58216 | + * possible code. So to avoid special checks later on we force at least | |
58217 | + * two codes of non zero frequency. | |
58218 | + */ | |
58219 | + while (s->heap_len < 2) { | |
58220 | + node = s->heap[++(s->heap_len)] = (max_code < 2 ? ++max_code : 0); | |
58221 | + tree[node].Freq = 1; | |
58222 | + s->depth[node] = 0; | |
58223 | + s->opt_len--; if (stree) s->static_len -= stree[node].Len; | |
58224 | + /* node is 0 or 1 so it does not have extra bits */ | |
58225 | + } | |
58226 | + desc->max_code = max_code; | |
58227 | + | |
58228 | + /* The elements heap[heap_len/2+1 .. heap_len] are leaves of the tree, | |
58229 | + * establish sub-heaps of increasing lengths: | |
58230 | + */ | |
58231 | + for (n = s->heap_len/2; n >= 1; n--) pqdownheap(s, tree, n); | |
58232 | + | |
58233 | + /* Construct the Huffman tree by repeatedly combining the least two | |
58234 | + * frequent nodes. | |
58235 | + */ | |
58236 | + node = elems; /* next internal node of the tree */ | |
58237 | + do { | |
58238 | + pqremove(s, tree, n); /* n = node of least frequency */ | |
58239 | + m = s->heap[SMALLEST]; /* m = node of next least frequency */ | |
58240 | + | |
58241 | + s->heap[--(s->heap_max)] = n; /* keep the nodes sorted by frequency */ | |
58242 | + s->heap[--(s->heap_max)] = m; | |
58243 | + | |
58244 | + /* Create a new node father of n and m */ | |
58245 | + tree[node].Freq = tree[n].Freq + tree[m].Freq; | |
58246 | + s->depth[node] = (uch) (MAX(s->depth[n], s->depth[m]) + 1); | |
58247 | + tree[n].Dad = tree[m].Dad = (ush)node; | |
58248 | +#ifdef DUMP_BL_TREE | |
58249 | + if (tree == s->bl_tree) { | |
58250 | + fprintf(stderr,"\nnode %d(%d), sons %d(%d) %d(%d)", | |
58251 | + node, tree[node].Freq, n, tree[n].Freq, m, tree[m].Freq); | |
58252 | + } | |
58253 | +#endif | |
58254 | + /* and insert the new node in the heap */ | |
58255 | + s->heap[SMALLEST] = node++; | |
58256 | + pqdownheap(s, tree, SMALLEST); | |
58257 | + | |
58258 | + } while (s->heap_len >= 2); | |
58259 | + | |
58260 | + s->heap[--(s->heap_max)] = s->heap[SMALLEST]; | |
58261 | + | |
58262 | + /* At this point, the fields freq and dad are set. We can now | |
58263 | + * generate the bit lengths. | |
58264 | + */ | |
58265 | + gen_bitlen(s, (tree_desc *)desc); | |
58266 | + | |
58267 | + /* The field len is now set, we can generate the bit codes */ | |
58268 | + gen_codes ((ct_data *)tree, max_code, s->bl_count); | |
58269 | +} | |
58270 | + | |
58271 | +/* =========================================================================== | |
58272 | + * Scan a literal or distance tree to determine the frequencies of the codes | |
58273 | + * in the bit length tree. | |
58274 | + */ | |
58275 | +local void scan_tree (s, tree, max_code) | |
58276 | + deflate_state *s; | |
58277 | + ct_data *tree; /* the tree to be scanned */ | |
58278 | + int max_code; /* and its largest code of non zero frequency */ | |
58279 | +{ | |
58280 | + int n; /* iterates over all tree elements */ | |
58281 | + int prevlen = -1; /* last emitted length */ | |
58282 | + int curlen; /* length of current code */ | |
58283 | + int nextlen = tree[0].Len; /* length of next code */ | |
58284 | + int count = 0; /* repeat count of the current code */ | |
58285 | + int max_count = 7; /* max repeat count */ | |
58286 | + int min_count = 4; /* min repeat count */ | |
58287 | + | |
58288 | + if (nextlen == 0) max_count = 138, min_count = 3; | |
58289 | + tree[max_code+1].Len = (ush)0xffff; /* guard */ | |
58290 | + | |
58291 | + for (n = 0; n <= max_code; n++) { | |
58292 | + curlen = nextlen; nextlen = tree[n+1].Len; | |
58293 | + if (++count < max_count && curlen == nextlen) { | |
58294 | + continue; | |
58295 | + } else if (count < min_count) { | |
58296 | + s->bl_tree[curlen].Freq += count; | |
58297 | + } else if (curlen != 0) { | |
58298 | + if (curlen != prevlen) s->bl_tree[curlen].Freq++; | |
58299 | + s->bl_tree[REP_3_6].Freq++; | |
58300 | + } else if (count <= 10) { | |
58301 | + s->bl_tree[REPZ_3_10].Freq++; | |
58302 | + } else { | |
58303 | + s->bl_tree[REPZ_11_138].Freq++; | |
58304 | + } | |
58305 | + count = 0; prevlen = curlen; | |
58306 | + if (nextlen == 0) { | |
58307 | + max_count = 138, min_count = 3; | |
58308 | + } else if (curlen == nextlen) { | |
58309 | + max_count = 6, min_count = 3; | |
58310 | + } else { | |
58311 | + max_count = 7, min_count = 4; | |
58312 | + } | |
58313 | + } | |
58314 | +} | |
58315 | + | |
58316 | +/* =========================================================================== | |
58317 | + * Send a literal or distance tree in compressed form, using the codes in | |
58318 | + * bl_tree. | |
58319 | + */ | |
58320 | +local void send_tree (s, tree, max_code) | |
58321 | + deflate_state *s; | |
58322 | + ct_data *tree; /* the tree to be scanned */ | |
58323 | + int max_code; /* and its largest code of non zero frequency */ | |
58324 | +{ | |
58325 | + int n; /* iterates over all tree elements */ | |
58326 | + int prevlen = -1; /* last emitted length */ | |
58327 | + int curlen; /* length of current code */ | |
58328 | + int nextlen = tree[0].Len; /* length of next code */ | |
58329 | + int count = 0; /* repeat count of the current code */ | |
58330 | + int max_count = 7; /* max repeat count */ | |
58331 | + int min_count = 4; /* min repeat count */ | |
58332 | + | |
58333 | + /* tree[max_code+1].Len = -1; */ /* guard already set */ | |
58334 | + if (nextlen == 0) max_count = 138, min_count = 3; | |
58335 | + | |
58336 | + for (n = 0; n <= max_code; n++) { | |
58337 | + curlen = nextlen; nextlen = tree[n+1].Len; | |
58338 | + if (++count < max_count && curlen == nextlen) { | |
58339 | + continue; | |
58340 | + } else if (count < min_count) { | |
58341 | + do { send_code(s, curlen, s->bl_tree); } while (--count != 0); | |
58342 | + | |
58343 | + } else if (curlen != 0) { | |
58344 | + if (curlen != prevlen) { | |
58345 | + send_code(s, curlen, s->bl_tree); count--; | |
58346 | + } | |
58347 | + Assert(count >= 3 && count <= 6, " 3_6?"); | |
58348 | + send_code(s, REP_3_6, s->bl_tree); send_bits(s, count-3, 2); | |
58349 | + | |
58350 | + } else if (count <= 10) { | |
58351 | + send_code(s, REPZ_3_10, s->bl_tree); send_bits(s, count-3, 3); | |
58352 | + | |
58353 | + } else { | |
58354 | + send_code(s, REPZ_11_138, s->bl_tree); send_bits(s, count-11, 7); | |
58355 | + } | |
58356 | + count = 0; prevlen = curlen; | |
58357 | + if (nextlen == 0) { | |
58358 | + max_count = 138, min_count = 3; | |
58359 | + } else if (curlen == nextlen) { | |
58360 | + max_count = 6, min_count = 3; | |
58361 | + } else { | |
58362 | + max_count = 7, min_count = 4; | |
58363 | + } | |
58364 | + } | |
58365 | +} | |
58366 | + | |
58367 | +/* =========================================================================== | |
58368 | + * Construct the Huffman tree for the bit lengths and return the index in | |
58369 | + * bl_order of the last bit length code to send. | |
58370 | + */ | |
58371 | +local int build_bl_tree(s) | |
58372 | + deflate_state *s; | |
58373 | +{ | |
58374 | + int max_blindex; /* index of last bit length code of non zero freq */ | |
58375 | + | |
58376 | + /* Determine the bit length frequencies for literal and distance trees */ | |
58377 | + scan_tree(s, (ct_data *)s->dyn_ltree, s->l_desc.max_code); | |
58378 | + scan_tree(s, (ct_data *)s->dyn_dtree, s->d_desc.max_code); | |
58379 | + | |
58380 | + /* Build the bit length tree: */ | |
58381 | + build_tree(s, (tree_desc *)(&(s->bl_desc))); | |
58382 | + /* opt_len now includes the length of the tree representations, except | |
58383 | + * the lengths of the bit lengths codes and the 5+5+4 bits for the counts. | |
58384 | + */ | |
58385 | + | |
58386 | + /* Determine the number of bit length codes to send. The pkzip format | |
58387 | + * requires that at least 4 bit length codes be sent. (appnote.txt says | |
58388 | + * 3 but the actual value used is 4.) | |
58389 | + */ | |
58390 | + for (max_blindex = BL_CODES-1; max_blindex >= 3; max_blindex--) { | |
58391 | + if (s->bl_tree[bl_order[max_blindex]].Len != 0) break; | |
58392 | + } | |
58393 | + /* Update opt_len to include the bit length tree and counts */ | |
58394 | + s->opt_len += 3*(max_blindex+1) + 5+5+4; | |
58395 | + Tracev((stderr, "\ndyn trees: dyn %ld, stat %ld", | |
58396 | + s->opt_len, s->static_len)); | |
58397 | + | |
58398 | + return max_blindex; | |
58399 | +} | |
58400 | + | |
58401 | +/* =========================================================================== | |
58402 | + * Send the header for a block using dynamic Huffman trees: the counts, the | |
58403 | + * lengths of the bit length codes, the literal tree and the distance tree. | |
58404 | + * IN assertion: lcodes >= 257, dcodes >= 1, blcodes >= 4. | |
58405 | + */ | |
58406 | +local void send_all_trees(s, lcodes, dcodes, blcodes) | |
58407 | + deflate_state *s; | |
58408 | + int lcodes, dcodes, blcodes; /* number of codes for each tree */ | |
58409 | +{ | |
58410 | + int rank; /* index in bl_order */ | |
58411 | + | |
58412 | + Assert (lcodes >= 257 && dcodes >= 1 && blcodes >= 4, "not enough codes"); | |
58413 | + Assert (lcodes <= L_CODES && dcodes <= D_CODES && blcodes <= BL_CODES, | |
58414 | + "too many codes"); | |
58415 | + Tracev((stderr, "\nbl counts: ")); | |
58416 | + send_bits(s, lcodes-257, 5); /* not +255 as stated in appnote.txt */ | |
58417 | + send_bits(s, dcodes-1, 5); | |
58418 | + send_bits(s, blcodes-4, 4); /* not -3 as stated in appnote.txt */ | |
58419 | + for (rank = 0; rank < blcodes; rank++) { | |
58420 | + Tracev((stderr, "\nbl code %2d ", bl_order[rank])); | |
58421 | + send_bits(s, s->bl_tree[bl_order[rank]].Len, 3); | |
58422 | + } | |
58423 | + Tracev((stderr, "\nbl tree: sent %ld", s->bits_sent)); | |
58424 | + | |
58425 | + send_tree(s, (ct_data *)s->dyn_ltree, lcodes-1); /* literal tree */ | |
58426 | + Tracev((stderr, "\nlit tree: sent %ld", s->bits_sent)); | |
58427 | + | |
58428 | + send_tree(s, (ct_data *)s->dyn_dtree, dcodes-1); /* distance tree */ | |
58429 | + Tracev((stderr, "\ndist tree: sent %ld", s->bits_sent)); | |
58430 | +} | |
58431 | + | |
58432 | +/* =========================================================================== | |
58433 | + * Send a stored block | |
58434 | + */ | |
58435 | +void _tr_stored_block(s, buf, stored_len, eof) | |
58436 | + deflate_state *s; | |
58437 | + charf *buf; /* input block */ | |
58438 | + ulg stored_len; /* length of input block */ | |
58439 | + int eof; /* true if this is the last block for a file */ | |
58440 | +{ | |
58441 | + send_bits(s, (STORED_BLOCK<<1)+eof, 3); /* send block type */ | |
58442 | +#ifdef DEBUG | |
58443 | + s->compressed_len = (s->compressed_len + 3 + 7) & (ulg)~7L; | |
58444 | + s->compressed_len += (stored_len + 4) << 3; | |
58445 | +#endif | |
58446 | + copy_block(s, buf, (unsigned)stored_len, 1); /* with header */ | |
58447 | +} | |
58448 | + | |
58449 | +/* =========================================================================== | |
58450 | + * Send one empty static block to give enough lookahead for inflate. | |
58451 | + * This takes 10 bits, of which 7 may remain in the bit buffer. | |
58452 | + * The current inflate code requires 9 bits of lookahead. If the | |
58453 | + * last two codes for the previous block (real code plus EOB) were coded | |
58454 | + * on 5 bits or less, inflate may have only 5+3 bits of lookahead to decode | |
58455 | + * the last real code. In this case we send two empty static blocks instead | |
58456 | + * of one. (There are no problems if the previous block is stored or fixed.) | |
58457 | + * To simplify the code, we assume the worst case of last real code encoded | |
58458 | + * on one bit only. | |
58459 | + */ | |
58460 | +void _tr_align(s) | |
58461 | + deflate_state *s; | |
58462 | +{ | |
58463 | + send_bits(s, STATIC_TREES<<1, 3); | |
58464 | + send_code(s, END_BLOCK, static_ltree); | |
58465 | +#ifdef DEBUG | |
58466 | + s->compressed_len += 10L; /* 3 for block type, 7 for EOB */ | |
58467 | +#endif | |
58468 | + bi_flush(s); | |
58469 | + /* Of the 10 bits for the empty block, we have already sent | |
58470 | + * (10 - bi_valid) bits. The lookahead for the last real code (before | |
58471 | + * the EOB of the previous block) was thus at least one plus the length | |
58472 | + * of the EOB plus what we have just sent of the empty static block. | |
58473 | + */ | |
58474 | + if (1 + s->last_eob_len + 10 - s->bi_valid < 9) { | |
58475 | + send_bits(s, STATIC_TREES<<1, 3); | |
58476 | + send_code(s, END_BLOCK, static_ltree); | |
58477 | +#ifdef DEBUG | |
58478 | + s->compressed_len += 10L; | |
58479 | +#endif | |
58480 | + bi_flush(s); | |
58481 | + } | |
58482 | + s->last_eob_len = 7; | |
58483 | +} | |
58484 | + | |
58485 | +/* =========================================================================== | |
58486 | + * Determine the best encoding for the current block: dynamic trees, static | |
58487 | + * trees or store, and output the encoded block to the zip file. | |
58488 | + */ | |
58489 | +void _tr_flush_block(s, buf, stored_len, eof) | |
58490 | + deflate_state *s; | |
58491 | + charf *buf; /* input block, or NULL if too old */ | |
58492 | + ulg stored_len; /* length of input block */ | |
58493 | + int eof; /* true if this is the last block for a file */ | |
58494 | +{ | |
58495 | + ulg opt_lenb, static_lenb; /* opt_len and static_len in bytes */ | |
58496 | + int max_blindex = 0; /* index of last bit length code of non zero freq */ | |
58497 | + | |
58498 | + /* Build the Huffman trees unless a stored block is forced */ | |
58499 | + if (s->level > 0) { | |
58500 | + | |
58501 | + /* Check if the file is ascii or binary */ | |
58502 | + if (s->data_type == Z_UNKNOWN) set_data_type(s); | |
58503 | + | |
58504 | + /* Construct the literal and distance trees */ | |
58505 | + build_tree(s, (tree_desc *)(&(s->l_desc))); | |
58506 | + Tracev((stderr, "\nlit data: dyn %ld, stat %ld", s->opt_len, | |
58507 | + s->static_len)); | |
58508 | + | |
58509 | + build_tree(s, (tree_desc *)(&(s->d_desc))); | |
58510 | + Tracev((stderr, "\ndist data: dyn %ld, stat %ld", s->opt_len, | |
58511 | + s->static_len)); | |
58512 | + /* At this point, opt_len and static_len are the total bit lengths of | |
58513 | + * the compressed block data, excluding the tree representations. | |
58514 | + */ | |
58515 | + | |
58516 | + /* Build the bit length tree for the above two trees, and get the index | |
58517 | + * in bl_order of the last bit length code to send. | |
58518 | + */ | |
58519 | + max_blindex = build_bl_tree(s); | |
58520 | + | |
58521 | + /* Determine the best encoding. Compute first the block length in bytes*/ | |
58522 | + opt_lenb = (s->opt_len+3+7)>>3; | |
58523 | + static_lenb = (s->static_len+3+7)>>3; | |
58524 | + | |
58525 | + Tracev((stderr, "\nopt %lu(%lu) stat %lu(%lu) stored %lu lit %u ", | |
58526 | + opt_lenb, s->opt_len, static_lenb, s->static_len, stored_len, | |
58527 | + s->last_lit)); | |
58528 | + | |
58529 | + if (static_lenb <= opt_lenb) opt_lenb = static_lenb; | |
58530 | + | |
58531 | + } else { | |
58532 | + Assert(buf != (char*)0, "lost buf"); | |
58533 | + opt_lenb = static_lenb = stored_len + 5; /* force a stored block */ | |
58534 | + } | |
58535 | + | |
58536 | +#ifdef FORCE_STORED | |
58537 | + if (buf != (char*)0) { /* force stored block */ | |
58538 | +#else | |
58539 | + if (stored_len+4 <= opt_lenb && buf != (char*)0) { | |
58540 | + /* 4: two words for the lengths */ | |
58541 | +#endif | |
58542 | + /* The test buf != NULL is only necessary if LIT_BUFSIZE > WSIZE. | |
58543 | + * Otherwise we can't have processed more than WSIZE input bytes since | |
58544 | + * the last block flush, because compression would have been | |
58545 | + * successful. If LIT_BUFSIZE <= WSIZE, it is never too late to | |
58546 | + * transform a block into a stored block. | |
58547 | + */ | |
58548 | + _tr_stored_block(s, buf, stored_len, eof); | |
58549 | + | |
58550 | +#ifdef FORCE_STATIC | |
58551 | + } else if (static_lenb >= 0) { /* force static trees */ | |
58552 | +#else | |
58553 | + } else if (static_lenb == opt_lenb) { | |
58554 | +#endif | |
58555 | + send_bits(s, (STATIC_TREES<<1)+eof, 3); | |
58556 | + compress_block(s, static_ltree, static_dtree); | |
58557 | +#ifdef DEBUG | |
58558 | + s->compressed_len += 3 + s->static_len; | |
58559 | +#endif | |
58560 | + } else { | |
58561 | + send_bits(s, (DYN_TREES<<1)+eof, 3); | |
58562 | + send_all_trees(s, s->l_desc.max_code+1, s->d_desc.max_code+1, | |
58563 | + max_blindex+1); | |
58564 | + compress_block(s, s->dyn_ltree, s->dyn_dtree); | |
58565 | +#ifdef DEBUG | |
58566 | + s->compressed_len += 3 + s->opt_len; | |
58567 | +#endif | |
58568 | + } | |
58569 | + Assert (s->compressed_len == s->bits_sent, "bad compressed size"); | |
58570 | + /* The above check is made mod 2^32, for files larger than 512 MB | |
58571 | + * and uLong implemented on 32 bits. | |
58572 | + */ | |
58573 | + init_block(s); | |
58574 | + | |
58575 | + if (eof) { | |
58576 | + bi_windup(s); | |
58577 | +#ifdef DEBUG | |
58578 | + s->compressed_len += 7; /* align on byte boundary */ | |
58579 | +#endif | |
58580 | + } | |
58581 | + Tracev((stderr,"\ncomprlen %lu(%lu) ", s->compressed_len>>3, | |
58582 | + s->compressed_len-7*eof)); | |
58583 | +} | |
58584 | + | |
58585 | +/* =========================================================================== | |
58586 | + * Save the match info and tally the frequency counts. Return true if | |
58587 | + * the current block must be flushed. | |
58588 | + */ | |
58589 | +int _tr_tally (s, dist, lc) | |
58590 | + deflate_state *s; | |
58591 | + unsigned dist; /* distance of matched string */ | |
58592 | + unsigned lc; /* match length-MIN_MATCH or unmatched char (if dist==0) */ | |
58593 | +{ | |
58594 | + s->d_buf[s->last_lit] = (ush)dist; | |
58595 | + s->l_buf[s->last_lit++] = (uch)lc; | |
58596 | + if (dist == 0) { | |
58597 | + /* lc is the unmatched char */ | |
58598 | + s->dyn_ltree[lc].Freq++; | |
58599 | + } else { | |
58600 | + s->matches++; | |
58601 | + /* Here, lc is the match length - MIN_MATCH */ | |
58602 | + dist--; /* dist = match distance - 1 */ | |
58603 | + Assert((ush)dist < (ush)MAX_DIST(s) && | |
58604 | + (ush)lc <= (ush)(MAX_MATCH-MIN_MATCH) && | |
58605 | + (ush)d_code(dist) < (ush)D_CODES, "_tr_tally: bad match"); | |
58606 | + | |
58607 | + s->dyn_ltree[_length_code[lc]+LITERALS+1].Freq++; | |
58608 | + s->dyn_dtree[d_code(dist)].Freq++; | |
58609 | + } | |
58610 | + | |
58611 | +#ifdef TRUNCATE_BLOCK | |
58612 | + /* Try to guess if it is profitable to stop the current block here */ | |
58613 | + if ((s->last_lit & 0x1fff) == 0 && s->level > 2) { | |
58614 | + /* Compute an upper bound for the compressed length */ | |
58615 | + ulg out_length = (ulg)s->last_lit*8L; | |
58616 | + ulg in_length = (ulg)((long)s->strstart - s->block_start); | |
58617 | + int dcode; | |
58618 | + for (dcode = 0; dcode < D_CODES; dcode++) { | |
58619 | + out_length += (ulg)s->dyn_dtree[dcode].Freq * | |
58620 | + (5L+extra_dbits[dcode]); | |
58621 | + } | |
58622 | + out_length >>= 3; | |
58623 | + Tracev((stderr,"\nlast_lit %u, in %ld, out ~%ld(%ld%%) ", | |
58624 | + s->last_lit, in_length, out_length, | |
58625 | + 100L - out_length*100L/in_length)); | |
58626 | + if (s->matches < s->last_lit/2 && out_length < in_length/2) return 1; | |
58627 | + } | |
58628 | +#endif | |
58629 | + return (s->last_lit == s->lit_bufsize-1); | |
58630 | + /* We avoid equality with lit_bufsize because of wraparound at 64K | |
58631 | + * on 16 bit machines and because stored blocks are restricted to | |
58632 | + * 64K-1 bytes. | |
58633 | + */ | |
58634 | +} | |
58635 | + | |
58636 | +/* =========================================================================== | |
58637 | + * Send the block data compressed using the given Huffman trees | |
58638 | + */ | |
58639 | +local void compress_block(s, ltree, dtree) | |
58640 | + deflate_state *s; | |
58641 | + const ct_data *ltree; /* literal tree */ | |
58642 | + const ct_data *dtree; /* distance tree */ | |
58643 | +{ | |
58644 | + unsigned dist; /* distance of matched string */ | |
58645 | + int lc; /* match length or unmatched char (if dist == 0) */ | |
58646 | + unsigned lx = 0; /* running index in l_buf */ | |
58647 | + unsigned code; /* the code to send */ | |
58648 | + int extra; /* number of extra bits to send */ | |
58649 | + | |
58650 | + if (s->last_lit != 0) do { | |
58651 | + dist = s->d_buf[lx]; | |
58652 | + lc = s->l_buf[lx++]; | |
58653 | + if (dist == 0) { | |
58654 | + send_code(s, lc, ltree); /* send a literal byte */ | |
58655 | + Tracecv(isgraph(lc), (stderr," '%c' ", lc)); | |
58656 | + } else { | |
58657 | + /* Here, lc is the match length - MIN_MATCH */ | |
58658 | + code = _length_code[lc]; | |
58659 | + send_code(s, code+LITERALS+1, ltree); /* send the length code */ | |
58660 | + extra = extra_lbits[code]; | |
58661 | + if (extra != 0) { | |
58662 | + lc -= base_length[code]; | |
58663 | + send_bits(s, lc, extra); /* send the extra length bits */ | |
58664 | + } | |
58665 | + dist--; /* dist is now the match distance - 1 */ | |
58666 | + code = d_code(dist); | |
58667 | + Assert (code < D_CODES, "bad d_code"); | |
58668 | + | |
58669 | + send_code(s, code, dtree); /* send the distance code */ | |
58670 | + extra = extra_dbits[code]; | |
58671 | + if (extra != 0) { | |
58672 | + dist -= base_dist[code]; | |
58673 | + send_bits(s, dist, extra); /* send the extra distance bits */ | |
58674 | + } | |
58675 | + } /* literal or match pair ? */ | |
58676 | + | |
58677 | + /* Check that the overlay between pending_buf and d_buf+l_buf is ok: */ | |
58678 | + Assert(s->pending < s->lit_bufsize + 2*lx, "pendingBuf overflow"); | |
58679 | + | |
58680 | + } while (lx < s->last_lit); | |
58681 | + | |
58682 | + send_code(s, END_BLOCK, ltree); | |
58683 | + s->last_eob_len = ltree[END_BLOCK].Len; | |
58684 | +} | |
58685 | + | |
58686 | +/* =========================================================================== | |
58687 | + * Set the data type to ASCII or BINARY, using a crude approximation: | |
58688 | + * binary if more than 20% of the bytes are <= 6 or >= 128, ascii otherwise. | |
58689 | + * IN assertion: the fields freq of dyn_ltree are set and the total of all | |
58690 | + * frequencies does not exceed 64K (to fit in an int on 16 bit machines). | |
58691 | + */ | |
58692 | +local void set_data_type(s) | |
58693 | + deflate_state *s; | |
58694 | +{ | |
58695 | + int n = 0; | |
58696 | + unsigned ascii_freq = 0; | |
58697 | + unsigned bin_freq = 0; | |
58698 | + while (n < 7) bin_freq += s->dyn_ltree[n++].Freq; | |
58699 | + while (n < 128) ascii_freq += s->dyn_ltree[n++].Freq; | |
58700 | + while (n < LITERALS) bin_freq += s->dyn_ltree[n++].Freq; | |
58701 | + s->data_type = (Byte)(bin_freq > (ascii_freq >> 2) ? Z_BINARY : Z_ASCII); | |
58702 | +} | |
58703 | + | |
58704 | +/* =========================================================================== | |
58705 | + * Reverse the first len bits of a code, using straightforward code (a faster | |
58706 | + * method would use a table) | |
58707 | + * IN assertion: 1 <= len <= 15 | |
58708 | + */ | |
58709 | +local unsigned bi_reverse(code, len) | |
58710 | + unsigned code; /* the value to invert */ | |
58711 | + int len; /* its bit length */ | |
58712 | +{ | |
58713 | + register unsigned res = 0; | |
58714 | + do { | |
58715 | + res |= code & 1; | |
58716 | + code >>= 1, res <<= 1; | |
58717 | + } while (--len > 0); | |
58718 | + return res >> 1; | |
58719 | +} | |
58720 | + | |
58721 | +/* =========================================================================== | |
58722 | + * Flush the bit buffer, keeping at most 7 bits in it. | |
58723 | + */ | |
58724 | +local void bi_flush(s) | |
58725 | + deflate_state *s; | |
58726 | +{ | |
58727 | + if (s->bi_valid == 16) { | |
58728 | + put_short(s, s->bi_buf); | |
58729 | + s->bi_buf = 0; | |
58730 | + s->bi_valid = 0; | |
58731 | + } else if (s->bi_valid >= 8) { | |
58732 | + put_byte(s, (Byte)s->bi_buf); | |
58733 | + s->bi_buf >>= 8; | |
58734 | + s->bi_valid -= 8; | |
58735 | + } | |
58736 | +} | |
58737 | + | |
58738 | +/* =========================================================================== | |
58739 | + * Flush the bit buffer and align the output on a byte boundary | |
58740 | + */ | |
58741 | +local void bi_windup(s) | |
58742 | + deflate_state *s; | |
58743 | +{ | |
58744 | + if (s->bi_valid > 8) { | |
58745 | + put_short(s, s->bi_buf); | |
58746 | + } else if (s->bi_valid > 0) { | |
58747 | + put_byte(s, (Byte)s->bi_buf); | |
58748 | + } | |
58749 | + s->bi_buf = 0; | |
58750 | + s->bi_valid = 0; | |
58751 | +#ifdef DEBUG | |
58752 | + s->bits_sent = (s->bits_sent+7) & ~7; | |
58753 | +#endif | |
58754 | +} | |
58755 | + | |
58756 | +/* =========================================================================== | |
58757 | + * Copy a stored block, storing first the length and its | |
58758 | + * one's complement if requested. | |
58759 | + */ | |
58760 | +local void copy_block(s, buf, len, header) | |
58761 | + deflate_state *s; | |
58762 | + charf *buf; /* the input data */ | |
58763 | + unsigned len; /* its length */ | |
58764 | + int header; /* true if block header must be written */ | |
58765 | +{ | |
58766 | + bi_windup(s); /* align on byte boundary */ | |
58767 | + s->last_eob_len = 8; /* enough lookahead for inflate */ | |
58768 | + | |
58769 | + if (header) { | |
58770 | + put_short(s, (ush)len); | |
58771 | + put_short(s, (ush)~len); | |
58772 | +#ifdef DEBUG | |
58773 | + s->bits_sent += 2*16; | |
58774 | +#endif | |
58775 | + } | |
58776 | +#ifdef DEBUG | |
58777 | + s->bits_sent += (ulg)len<<3; | |
58778 | +#endif | |
58779 | + while (len--) { | |
58780 | + put_byte(s, *buf++); | |
58781 | + } | |
58782 | +} | |
58783 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
58784 | +++ linux/net/ipsec/trees.h Mon Feb 9 13:51:03 2004 | |
58785 | @@ -0,0 +1,128 @@ | |
58786 | +/* header created automatically with -DGEN_TREES_H */ | |
58787 | + | |
58788 | +local const ct_data static_ltree[L_CODES+2] = { | |
58789 | +{{ 12},{ 8}}, {{140},{ 8}}, {{ 76},{ 8}}, {{204},{ 8}}, {{ 44},{ 8}}, | |
58790 | +{{172},{ 8}}, {{108},{ 8}}, {{236},{ 8}}, {{ 28},{ 8}}, {{156},{ 8}}, | |
58791 | +{{ 92},{ 8}}, {{220},{ 8}}, {{ 60},{ 8}}, {{188},{ 8}}, {{124},{ 8}}, | |
58792 | +{{252},{ 8}}, {{ 2},{ 8}}, {{130},{ 8}}, {{ 66},{ 8}}, {{194},{ 8}}, | |
58793 | +{{ 34},{ 8}}, {{162},{ 8}}, {{ 98},{ 8}}, {{226},{ 8}}, {{ 18},{ 8}}, | |
58794 | +{{146},{ 8}}, {{ 82},{ 8}}, {{210},{ 8}}, {{ 50},{ 8}}, {{178},{ 8}}, | |
58795 | +{{114},{ 8}}, {{242},{ 8}}, {{ 10},{ 8}}, {{138},{ 8}}, {{ 74},{ 8}}, | |
58796 | +{{202},{ 8}}, {{ 42},{ 8}}, {{170},{ 8}}, {{106},{ 8}}, {{234},{ 8}}, | |
58797 | +{{ 26},{ 8}}, {{154},{ 8}}, {{ 90},{ 8}}, {{218},{ 8}}, {{ 58},{ 8}}, | |
58798 | +{{186},{ 8}}, {{122},{ 8}}, {{250},{ 8}}, {{ 6},{ 8}}, {{134},{ 8}}, | |
58799 | +{{ 70},{ 8}}, {{198},{ 8}}, {{ 38},{ 8}}, {{166},{ 8}}, {{102},{ 8}}, | |
58800 | +{{230},{ 8}}, {{ 22},{ 8}}, {{150},{ 8}}, {{ 86},{ 8}}, {{214},{ 8}}, | |
58801 | +{{ 54},{ 8}}, {{182},{ 8}}, {{118},{ 8}}, {{246},{ 8}}, {{ 14},{ 8}}, | |
58802 | +{{142},{ 8}}, {{ 78},{ 8}}, {{206},{ 8}}, {{ 46},{ 8}}, {{174},{ 8}}, | |
58803 | +{{110},{ 8}}, {{238},{ 8}}, {{ 30},{ 8}}, {{158},{ 8}}, {{ 94},{ 8}}, | |
58804 | +{{222},{ 8}}, {{ 62},{ 8}}, {{190},{ 8}}, {{126},{ 8}}, {{254},{ 8}}, | |
58805 | +{{ 1},{ 8}}, {{129},{ 8}}, {{ 65},{ 8}}, {{193},{ 8}}, {{ 33},{ 8}}, | |
58806 | +{{161},{ 8}}, {{ 97},{ 8}}, {{225},{ 8}}, {{ 17},{ 8}}, {{145},{ 8}}, | |
58807 | +{{ 81},{ 8}}, {{209},{ 8}}, {{ 49},{ 8}}, {{177},{ 8}}, {{113},{ 8}}, | |
58808 | +{{241},{ 8}}, {{ 9},{ 8}}, {{137},{ 8}}, {{ 73},{ 8}}, {{201},{ 8}}, | |
58809 | +{{ 41},{ 8}}, {{169},{ 8}}, {{105},{ 8}}, {{233},{ 8}}, {{ 25},{ 8}}, | |
58810 | +{{153},{ 8}}, {{ 89},{ 8}}, {{217},{ 8}}, {{ 57},{ 8}}, {{185},{ 8}}, | |
58811 | +{{121},{ 8}}, {{249},{ 8}}, {{ 5},{ 8}}, {{133},{ 8}}, {{ 69},{ 8}}, | |
58812 | +{{197},{ 8}}, {{ 37},{ 8}}, {{165},{ 8}}, {{101},{ 8}}, {{229},{ 8}}, | |
58813 | +{{ 21},{ 8}}, {{149},{ 8}}, {{ 85},{ 8}}, {{213},{ 8}}, {{ 53},{ 8}}, | |
58814 | +{{181},{ 8}}, {{117},{ 8}}, {{245},{ 8}}, {{ 13},{ 8}}, {{141},{ 8}}, | |
58815 | +{{ 77},{ 8}}, {{205},{ 8}}, {{ 45},{ 8}}, {{173},{ 8}}, {{109},{ 8}}, | |
58816 | +{{237},{ 8}}, {{ 29},{ 8}}, {{157},{ 8}}, {{ 93},{ 8}}, {{221},{ 8}}, | |
58817 | +{{ 61},{ 8}}, {{189},{ 8}}, {{125},{ 8}}, {{253},{ 8}}, {{ 19},{ 9}}, | |
58818 | +{{275},{ 9}}, {{147},{ 9}}, {{403},{ 9}}, {{ 83},{ 9}}, {{339},{ 9}}, | |
58819 | +{{211},{ 9}}, {{467},{ 9}}, {{ 51},{ 9}}, {{307},{ 9}}, {{179},{ 9}}, | |
58820 | +{{435},{ 9}}, {{115},{ 9}}, {{371},{ 9}}, {{243},{ 9}}, {{499},{ 9}}, | |
58821 | +{{ 11},{ 9}}, {{267},{ 9}}, {{139},{ 9}}, {{395},{ 9}}, {{ 75},{ 9}}, | |
58822 | +{{331},{ 9}}, {{203},{ 9}}, {{459},{ 9}}, {{ 43},{ 9}}, {{299},{ 9}}, | |
58823 | +{{171},{ 9}}, {{427},{ 9}}, {{107},{ 9}}, {{363},{ 9}}, {{235},{ 9}}, | |
58824 | +{{491},{ 9}}, {{ 27},{ 9}}, {{283},{ 9}}, {{155},{ 9}}, {{411},{ 9}}, | |
58825 | +{{ 91},{ 9}}, {{347},{ 9}}, {{219},{ 9}}, {{475},{ 9}}, {{ 59},{ 9}}, | |
58826 | +{{315},{ 9}}, {{187},{ 9}}, {{443},{ 9}}, {{123},{ 9}}, {{379},{ 9}}, | |
58827 | +{{251},{ 9}}, {{507},{ 9}}, {{ 7},{ 9}}, {{263},{ 9}}, {{135},{ 9}}, | |
58828 | +{{391},{ 9}}, {{ 71},{ 9}}, {{327},{ 9}}, {{199},{ 9}}, {{455},{ 9}}, | |
58829 | +{{ 39},{ 9}}, {{295},{ 9}}, {{167},{ 9}}, {{423},{ 9}}, {{103},{ 9}}, | |
58830 | +{{359},{ 9}}, {{231},{ 9}}, {{487},{ 9}}, {{ 23},{ 9}}, {{279},{ 9}}, | |
58831 | +{{151},{ 9}}, {{407},{ 9}}, {{ 87},{ 9}}, {{343},{ 9}}, {{215},{ 9}}, | |
58832 | +{{471},{ 9}}, {{ 55},{ 9}}, {{311},{ 9}}, {{183},{ 9}}, {{439},{ 9}}, | |
58833 | +{{119},{ 9}}, {{375},{ 9}}, {{247},{ 9}}, {{503},{ 9}}, {{ 15},{ 9}}, | |
58834 | +{{271},{ 9}}, {{143},{ 9}}, {{399},{ 9}}, {{ 79},{ 9}}, {{335},{ 9}}, | |
58835 | +{{207},{ 9}}, {{463},{ 9}}, {{ 47},{ 9}}, {{303},{ 9}}, {{175},{ 9}}, | |
58836 | +{{431},{ 9}}, {{111},{ 9}}, {{367},{ 9}}, {{239},{ 9}}, {{495},{ 9}}, | |
58837 | +{{ 31},{ 9}}, {{287},{ 9}}, {{159},{ 9}}, {{415},{ 9}}, {{ 95},{ 9}}, | |
58838 | +{{351},{ 9}}, {{223},{ 9}}, {{479},{ 9}}, {{ 63},{ 9}}, {{319},{ 9}}, | |
58839 | +{{191},{ 9}}, {{447},{ 9}}, {{127},{ 9}}, {{383},{ 9}}, {{255},{ 9}}, | |
58840 | +{{511},{ 9}}, {{ 0},{ 7}}, {{ 64},{ 7}}, {{ 32},{ 7}}, {{ 96},{ 7}}, | |
58841 | +{{ 16},{ 7}}, {{ 80},{ 7}}, {{ 48},{ 7}}, {{112},{ 7}}, {{ 8},{ 7}}, | |
58842 | +{{ 72},{ 7}}, {{ 40},{ 7}}, {{104},{ 7}}, {{ 24},{ 7}}, {{ 88},{ 7}}, | |
58843 | +{{ 56},{ 7}}, {{120},{ 7}}, {{ 4},{ 7}}, {{ 68},{ 7}}, {{ 36},{ 7}}, | |
58844 | +{{100},{ 7}}, {{ 20},{ 7}}, {{ 84},{ 7}}, {{ 52},{ 7}}, {{116},{ 7}}, | |
58845 | +{{ 3},{ 8}}, {{131},{ 8}}, {{ 67},{ 8}}, {{195},{ 8}}, {{ 35},{ 8}}, | |
58846 | +{{163},{ 8}}, {{ 99},{ 8}}, {{227},{ 8}} | |
58847 | +}; | |
58848 | + | |
58849 | +local const ct_data static_dtree[D_CODES] = { | |
58850 | +{{ 0},{ 5}}, {{16},{ 5}}, {{ 8},{ 5}}, {{24},{ 5}}, {{ 4},{ 5}}, | |
58851 | +{{20},{ 5}}, {{12},{ 5}}, {{28},{ 5}}, {{ 2},{ 5}}, {{18},{ 5}}, | |
58852 | +{{10},{ 5}}, {{26},{ 5}}, {{ 6},{ 5}}, {{22},{ 5}}, {{14},{ 5}}, | |
58853 | +{{30},{ 5}}, {{ 1},{ 5}}, {{17},{ 5}}, {{ 9},{ 5}}, {{25},{ 5}}, | |
58854 | +{{ 5},{ 5}}, {{21},{ 5}}, {{13},{ 5}}, {{29},{ 5}}, {{ 3},{ 5}}, | |
58855 | +{{19},{ 5}}, {{11},{ 5}}, {{27},{ 5}}, {{ 7},{ 5}}, {{23},{ 5}} | |
58856 | +}; | |
58857 | + | |
58858 | +const uch _dist_code[DIST_CODE_LEN] = { | |
58859 | + 0, 1, 2, 3, 4, 4, 5, 5, 6, 6, 6, 6, 7, 7, 7, 7, 8, 8, 8, 8, | |
58860 | + 8, 8, 8, 8, 9, 9, 9, 9, 9, 9, 9, 9, 10, 10, 10, 10, 10, 10, 10, 10, | |
58861 | +10, 10, 10, 10, 10, 10, 10, 10, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, | |
58862 | +11, 11, 11, 11, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, | |
58863 | +12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 13, 13, 13, 13, | |
58864 | +13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, | |
58865 | +13, 13, 13, 13, 13, 13, 13, 13, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, | |
58866 | +14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, | |
58867 | +14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, | |
58868 | +14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 15, 15, 15, 15, 15, 15, 15, 15, | |
58869 | +15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, | |
58870 | +15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, | |
58871 | +15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 0, 0, 16, 17, | |
58872 | +18, 18, 19, 19, 20, 20, 20, 20, 21, 21, 21, 21, 22, 22, 22, 22, 22, 22, 22, 22, | |
58873 | +23, 23, 23, 23, 23, 23, 23, 23, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, | |
58874 | +24, 24, 24, 24, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, | |
58875 | +26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, | |
58876 | +26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 27, 27, 27, 27, 27, 27, 27, 27, | |
58877 | +27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, | |
58878 | +27, 27, 27, 27, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, | |
58879 | +28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, | |
58880 | +28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, | |
58881 | +28, 28, 28, 28, 28, 28, 28, 28, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, | |
58882 | +29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, | |
58883 | +29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, | |
58884 | +29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29 | |
58885 | +}; | |
58886 | + | |
58887 | +const uch _length_code[MAX_MATCH-MIN_MATCH+1]= { | |
58888 | + 0, 1, 2, 3, 4, 5, 6, 7, 8, 8, 9, 9, 10, 10, 11, 11, 12, 12, 12, 12, | |
58889 | +13, 13, 13, 13, 14, 14, 14, 14, 15, 15, 15, 15, 16, 16, 16, 16, 16, 16, 16, 16, | |
58890 | +17, 17, 17, 17, 17, 17, 17, 17, 18, 18, 18, 18, 18, 18, 18, 18, 19, 19, 19, 19, | |
58891 | +19, 19, 19, 19, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, | |
58892 | +21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 22, 22, 22, 22, | |
58893 | +22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 23, 23, 23, 23, 23, 23, 23, 23, | |
58894 | +23, 23, 23, 23, 23, 23, 23, 23, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, | |
58895 | +24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, | |
58896 | +25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, | |
58897 | +25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 26, 26, 26, 26, 26, 26, 26, 26, | |
58898 | +26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, | |
58899 | +26, 26, 26, 26, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, | |
58900 | +27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 28 | |
58901 | +}; | |
58902 | + | |
58903 | +local const int base_length[LENGTH_CODES] = { | |
58904 | +0, 1, 2, 3, 4, 5, 6, 7, 8, 10, 12, 14, 16, 20, 24, 28, 32, 40, 48, 56, | |
58905 | +64, 80, 96, 112, 128, 160, 192, 224, 0 | |
58906 | +}; | |
58907 | + | |
58908 | +local const int base_dist[D_CODES] = { | |
58909 | + 0, 1, 2, 3, 4, 6, 8, 12, 16, 24, | |
58910 | + 32, 48, 64, 96, 128, 192, 256, 384, 512, 768, | |
58911 | + 1024, 1536, 2048, 3072, 4096, 6144, 8192, 12288, 16384, 24576 | |
58912 | +}; | |
58913 | + | |
58914 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
58915 | +++ linux/net/ipsec/ultoa.c Mon Feb 9 13:51:03 2004 | |
58916 | @@ -0,0 +1,66 @@ | |
58917 | +/* | |
58918 | + * convert unsigned long to ASCII | |
58919 | + * Copyright (C) 1998, 1999 Henry Spencer. | |
58920 | + * | |
58921 | + * This library is free software; you can redistribute it and/or modify it | |
58922 | + * under the terms of the GNU Library General Public License as published by | |
58923 | + * the Free Software Foundation; either version 2 of the License, or (at your | |
58924 | + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. | |
58925 | + * | |
58926 | + * This library is distributed in the hope that it will be useful, but | |
58927 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
58928 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public | |
58929 | + * License for more details. | |
58930 | + * | |
58931 | + * RCSID $Id: ultoa.c,v 1.10 2004/07/10 07:48:37 mcr Exp $ | |
58932 | + */ | |
58933 | +#include "openswan.h" | |
58934 | + | |
58935 | +/* | |
58936 | + - ultoa - convert unsigned long to decimal ASCII | |
58937 | + */ | |
58938 | +size_t /* length required for full conversion */ | |
58939 | +ultoa(n, base, dst, dstlen) | |
58940 | +unsigned long n; | |
58941 | +int base; | |
58942 | +char *dst; /* need not be valid if dstlen is 0 */ | |
58943 | +size_t dstlen; | |
58944 | +{ | |
58945 | + char buf[3*sizeof(unsigned long) + 1]; | |
58946 | + char *bufend = buf + sizeof(buf); | |
58947 | + size_t len; | |
58948 | + char *p; | |
58949 | + static char hex[] = "0123456789abcdef"; | |
58950 | + | |
58951 | + p = bufend; | |
58952 | + *--p = '\0'; | |
58953 | + if (base == 10) { | |
58954 | + do { | |
58955 | + *--p = n%10 + '0'; | |
58956 | + n /= 10; | |
58957 | + } while (n != 0); | |
58958 | + } else if (base == 16) { | |
58959 | + do { | |
58960 | + *--p = hex[n&0xf]; | |
58961 | + n >>= 4; | |
58962 | + } while (n != 0); | |
58963 | + *--p = 'x'; | |
58964 | + *--p = '0'; | |
58965 | + } else if (base == 8) { | |
58966 | + do { | |
58967 | + *--p = (n&07) + '0'; | |
58968 | + n >>= 3; | |
58969 | + } while (n != 0); | |
58970 | + *--p = '0'; | |
58971 | + } else | |
58972 | + *--p = '?'; | |
58973 | + | |
58974 | + len = bufend - p; | |
58975 | + | |
58976 | + if (dstlen > 0) { | |
58977 | + if (len > dstlen) | |
58978 | + *(p + dstlen - 1) = '\0'; | |
58979 | + strcpy(dst, p); | |
58980 | + } | |
58981 | + return len; | |
58982 | +} | |
58983 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
58984 | +++ linux/net/ipsec/ultot.c Mon Feb 9 13:51:03 2004 | |
58985 | @@ -0,0 +1,82 @@ | |
58986 | +/* | |
58987 | + * convert unsigned long to text | |
58988 | + * Copyright (C) 2000 Henry Spencer. | |
58989 | + * | |
58990 | + * This library is free software; you can redistribute it and/or modify it | |
58991 | + * under the terms of the GNU Library General Public License as published by | |
58992 | + * the Free Software Foundation; either version 2 of the License, or (at your | |
58993 | + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. | |
58994 | + * | |
58995 | + * This library is distributed in the hope that it will be useful, but | |
58996 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
58997 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public | |
58998 | + * License for more details. | |
58999 | + * | |
59000 | + * RCSID $Id: ultot.c,v 1.5 2004/07/10 07:48:37 mcr Exp $ | |
59001 | + */ | |
59002 | +#include "openswan.h" | |
59003 | + | |
59004 | +/* | |
59005 | + - ultot - convert unsigned long to text | |
59006 | + */ | |
59007 | +size_t /* length required for full conversion */ | |
59008 | +ultot(n, base, dst, dstlen) | |
59009 | +unsigned long n; | |
59010 | +int base; | |
59011 | +char *dst; /* need not be valid if dstlen is 0 */ | |
59012 | +size_t dstlen; | |
59013 | +{ | |
59014 | + char buf[3*sizeof(unsigned long) + 1]; | |
59015 | + char *bufend = buf + sizeof(buf); | |
59016 | + size_t len; | |
59017 | + char *p; | |
59018 | + static char hex[] = "0123456789abcdef"; | |
59019 | +# define HEX32 (32/4) | |
59020 | + | |
59021 | + p = bufend; | |
59022 | + *--p = '\0'; | |
59023 | + switch (base) { | |
59024 | + case 10: | |
59025 | + case 'd': | |
59026 | + do { | |
59027 | + *--p = n%10 + '0'; | |
59028 | + n /= 10; | |
59029 | + } while (n != 0); | |
59030 | + break; | |
59031 | + case 16: | |
59032 | + case 17: | |
59033 | + case 'x': | |
59034 | + do { | |
59035 | + *--p = hex[n&0xf]; | |
59036 | + n >>= 4; | |
59037 | + } while (n != 0); | |
59038 | + if (base == 17) | |
59039 | + while (bufend - p < HEX32 + 1) | |
59040 | + *--p = '0'; | |
59041 | + if (base == 'x') { | |
59042 | + *--p = 'x'; | |
59043 | + *--p = '0'; | |
59044 | + } | |
59045 | + break; | |
59046 | + case 8: | |
59047 | + case 'o': | |
59048 | + do { | |
59049 | + *--p = (n&07) + '0'; | |
59050 | + n >>= 3; | |
59051 | + } while (n != 0); | |
59052 | + if (base == 'o') | |
59053 | + *--p = '0'; | |
59054 | + break; | |
59055 | + default: | |
59056 | + return 0; | |
59057 | + break; | |
59058 | + } | |
59059 | + | |
59060 | + len = bufend - p; | |
59061 | + if (dstlen > 0) { | |
59062 | + if (len > dstlen) | |
59063 | + *(p + dstlen - 1) = '\0'; | |
59064 | + strcpy(dst, p); | |
59065 | + } | |
59066 | + return len; | |
59067 | +} | |
59068 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
59069 | +++ linux/net/ipsec/version.c Mon Feb 9 13:51:03 2004 | |
59070 | @@ -0,0 +1,44 @@ | |
59071 | +/* | |
59072 | + * return IPsec version information | |
59073 | + * Copyright (C) 2001 Henry Spencer. | |
59074 | + * | |
59075 | + * This library is free software; you can redistribute it and/or modify it | |
59076 | + * under the terms of the GNU Library General Public License as published by | |
59077 | + * the Free Software Foundation; either version 2 of the License, or (at your | |
59078 | + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. | |
59079 | + * | |
59080 | + * This library is distributed in the hope that it will be useful, but | |
59081 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
59082 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public | |
59083 | + * License for more details. | |
59084 | + * | |
59085 | + * RCSID $Id: version.in.c,v 1.2 2004/04/14 05:09:46 ken Exp $ | |
59086 | + */ | |
59087 | + | |
59088 | +#ifdef __KERNEL__ | |
59089 | +#include <linux/netdevice.h> | |
59090 | +#endif | |
59091 | + | |
59092 | +#include "openswan.h" | |
59093 | + | |
59094 | +#define V "2.4.8rc1" /* substituted in by Makefile */ | |
59095 | +static const char openswan_number[] = V; | |
59096 | +static const char openswan_string[] = "Openswan " V; | |
59097 | + | |
59098 | +/* | |
59099 | + - ipsec_version_code - return IPsec version number/code, as string | |
59100 | + */ | |
59101 | +const char * | |
59102 | +ipsec_version_code() | |
59103 | +{ | |
59104 | + return openswan_number; | |
59105 | +} | |
59106 | + | |
59107 | +/* | |
59108 | + - ipsec_version_string - return full version string | |
59109 | + */ | |
59110 | +const char * | |
59111 | +ipsec_version_string() | |
59112 | +{ | |
59113 | + return openswan_string; | |
59114 | +} | |
59115 | --- /dev/null Tue Mar 11 13:02:56 2003 | |
59116 | +++ linux/net/ipsec/zutil.c Mon Feb 9 13:51:03 2004 | |
59117 | @@ -0,0 +1,227 @@ | |
59118 | +/* zutil.c -- target dependent utility functions for the compression library | |
59119 | + * Copyright (C) 1995-2002 Jean-loup Gailly. | |
59120 | + * For conditions of distribution and use, see copyright notice in zlib.h | |
59121 | + */ | |
59122 | + | |
59123 | +/* @(#) $Id: zutil.c,v 1.5 2004/07/10 07:48:40 mcr Exp $ */ | |
59124 | + | |
59125 | +#include <zlib/zutil.h> | |
59126 | + | |
59127 | +#define MY_ZCALLOC | |
59128 | + | |
59129 | +struct internal_state {int dummy;}; /* for buggy compilers */ | |
59130 | + | |
59131 | +#ifndef STDC | |
59132 | +extern void exit OF((int)); | |
59133 | +#endif | |
59134 | + | |
59135 | +const char *z_errmsg[10] = { | |
59136 | +"need dictionary", /* Z_NEED_DICT 2 */ | |
59137 | +"stream end", /* Z_STREAM_END 1 */ | |
59138 | +"", /* Z_OK 0 */ | |
59139 | +"file error", /* Z_ERRNO (-1) */ | |
59140 | +"stream error", /* Z_STREAM_ERROR (-2) */ | |
59141 | +"data error", /* Z_DATA_ERROR (-3) */ | |
59142 | +"insufficient memory", /* Z_MEM_ERROR (-4) */ | |
59143 | +"buffer error", /* Z_BUF_ERROR (-5) */ | |
59144 | +"incompatible version",/* Z_VERSION_ERROR (-6) */ | |
59145 | +""}; | |
59146 | + | |
59147 | + | |
59148 | +const char * ZEXPORT zlibVersion() | |
59149 | +{ | |
59150 | + return ZLIB_VERSION; | |
59151 | +} | |
59152 | + | |
59153 | +#ifdef DEBUG | |
59154 | + | |
59155 | +# ifndef verbose | |
59156 | +# define verbose 0 | |
59157 | +# endif | |
59158 | +int z_verbose = verbose; | |
59159 | + | |
59160 | +void z_error (m) | |
59161 | + char *m; | |
59162 | +{ | |
59163 | + fprintf(stderr, "%s\n", m); | |
59164 | + exit(1); | |
59165 | +} | |
59166 | +#endif | |
59167 | + | |
59168 | +/* exported to allow conversion of error code to string for compress() and | |
59169 | + * uncompress() | |
59170 | + */ | |
59171 | +const char * ZEXPORT zError(err) | |
59172 | + int err; | |
59173 | +{ | |
59174 | + return ERR_MSG(err); | |
59175 | +} | |
59176 | + | |
59177 | + | |
59178 | +#ifndef HAVE_MEMCPY | |
59179 | + | |
59180 | +void zmemcpy(dest, source, len) | |
59181 | + Bytef* dest; | |
59182 | + const Bytef* source; | |
59183 | + uInt len; | |
59184 | +{ | |
59185 | + if (len == 0) return; | |
59186 | + do { | |
59187 | + *dest++ = *source++; /* ??? to be unrolled */ | |
59188 | + } while (--len != 0); | |
59189 | +} | |
59190 | + | |
59191 | +int zmemcmp(s1, s2, len) | |
59192 | + const Bytef* s1; | |
59193 | + const Bytef* s2; | |
59194 | + uInt len; | |
59195 | +{ | |
59196 | + uInt j; | |
59197 | + | |
59198 | + for (j = 0; j < len; j++) { | |
59199 | + if (s1[j] != s2[j]) return 2*(s1[j] > s2[j])-1; | |
59200 | + } | |
59201 | + return 0; | |
59202 | +} | |
59203 | + | |
59204 | +void zmemzero(dest, len) | |
59205 | + Bytef* dest; | |
59206 | + uInt len; | |
59207 | +{ | |
59208 | + if (len == 0) return; | |
59209 | + do { | |
59210 | + *dest++ = 0; /* ??? to be unrolled */ | |
59211 | + } while (--len != 0); | |
59212 | +} | |
59213 | +#endif | |
59214 | + | |
59215 | +#ifdef __TURBOC__ | |
59216 | +#if (defined( __BORLANDC__) || !defined(SMALL_MEDIUM)) && !defined(__32BIT__) | |
59217 | +/* Small and medium model in Turbo C are for now limited to near allocation | |
59218 | + * with reduced MAX_WBITS and MAX_MEM_LEVEL | |
59219 | + */ | |
59220 | +# define MY_ZCALLOC | |
59221 | + | |
59222 | +/* Turbo C malloc() does not allow dynamic allocation of 64K bytes | |
59223 | + * and farmalloc(64K) returns a pointer with an offset of 8, so we | |
59224 | + * must fix the pointer. Warning: the pointer must be put back to its | |
59225 | + * original form in order to free it, use zcfree(). | |
59226 | + */ | |
59227 | + | |
59228 | +#define MAX_PTR 10 | |
59229 | +/* 10*64K = 640K */ | |
59230 | + | |
59231 | +local int next_ptr = 0; | |
59232 | + | |
59233 | +typedef struct ptr_table_s { | |
59234 | + voidpf org_ptr; | |
59235 | + voidpf new_ptr; | |
59236 | +} ptr_table; | |
59237 | + | |
59238 | +local ptr_table table[MAX_PTR]; | |
59239 | +/* This table is used to remember the original form of pointers | |
59240 | + * to large buffers (64K). Such pointers are normalized with a zero offset. | |
59241 | + * Since MSDOS is not a preemptive multitasking OS, this table is not | |
59242 | + * protected from concurrent access. This hack doesn't work anyway on | |
59243 | + * a protected system like OS/2. Use Microsoft C instead. | |
59244 | + */ | |
59245 | + | |
59246 | +voidpf zcalloc (voidpf opaque, unsigned items, unsigned size) | |
59247 | +{ | |
59248 | + voidpf buf = opaque; /* just to make some compilers happy */ | |
59249 | + ulg bsize = (ulg)items*size; | |
59250 | + | |
59251 | + /* If we allocate less than 65520 bytes, we assume that farmalloc | |
59252 | + * will return a usable pointer which doesn't have to be normalized. | |
59253 | + */ | |
59254 | + if (bsize < 65520L) { | |
59255 | + buf = farmalloc(bsize); | |
59256 | + if (*(ush*)&buf != 0) return buf; | |
59257 | + } else { | |
59258 | + buf = farmalloc(bsize + 16L); | |
59259 | + } | |
59260 | + if (buf == NULL || next_ptr >= MAX_PTR) return NULL; | |
59261 | + table[next_ptr].org_ptr = buf; | |
59262 | + | |
59263 | + /* Normalize the pointer to seg:0 */ | |
59264 | + *((ush*)&buf+1) += ((ush)((uch*)buf-0) + 15) >> 4; | |
59265 | + *(ush*)&buf = 0; | |
59266 | + table[next_ptr++].new_ptr = buf; | |
59267 | + return buf; | |
59268 | +} | |
59269 | + | |
59270 | +void zcfree (voidpf opaque, voidpf ptr) | |
59271 | +{ | |
59272 | + int n; | |
59273 | + if (*(ush*)&ptr != 0) { /* object < 64K */ | |
59274 | + farfree(ptr); | |
59275 | + return; | |
59276 | + } | |
59277 | + /* Find the original pointer */ | |
59278 | + for (n = 0; n < next_ptr; n++) { | |
59279 | + if (ptr != table[n].new_ptr) continue; | |
59280 | + | |
59281 | + farfree(table[n].org_ptr); | |
59282 | + while (++n < next_ptr) { | |
59283 | + table[n-1] = table[n]; | |
59284 | + } | |
59285 | + next_ptr--; | |
59286 | + return; | |
59287 | + } | |
59288 | + ptr = opaque; /* just to make some compilers happy */ | |
59289 | + Assert(0, "zcfree: ptr not found"); | |
59290 | +} | |
59291 | +#endif | |
59292 | +#endif /* __TURBOC__ */ | |
59293 | + | |
59294 | + | |
59295 | +#if defined(M_I86) && !defined(__32BIT__) | |
59296 | +/* Microsoft C in 16-bit mode */ | |
59297 | + | |
59298 | +# define MY_ZCALLOC | |
59299 | + | |
59300 | +#if (!defined(_MSC_VER) || (_MSC_VER <= 600)) | |
59301 | +# define _halloc halloc | |
59302 | +# define _hfree hfree | |
59303 | +#endif | |
59304 | + | |
59305 | +voidpf zcalloc (voidpf opaque, unsigned items, unsigned size) | |
59306 | +{ | |
59307 | + if (opaque) opaque = 0; /* to make compiler happy */ | |
59308 | + return _halloc((long)items, size); | |
59309 | +} | |
59310 | + | |
59311 | +void zcfree (voidpf opaque, voidpf ptr) | |
59312 | +{ | |
59313 | + if (opaque) opaque = 0; /* to make compiler happy */ | |
59314 | + _hfree(ptr); | |
59315 | +} | |
59316 | + | |
59317 | +#endif /* MSC */ | |
59318 | + | |
59319 | + | |
59320 | +#ifndef MY_ZCALLOC /* Any system without a special alloc function */ | |
59321 | + | |
59322 | +#ifndef STDC | |
59323 | +extern voidp calloc OF((uInt items, uInt size)); | |
59324 | +extern void free OF((voidpf ptr)); | |
59325 | +#endif | |
59326 | + | |
59327 | +voidpf zcalloc (opaque, items, size) | |
59328 | + voidpf opaque; | |
59329 | + unsigned items; | |
59330 | + unsigned size; | |
59331 | +{ | |
59332 | + if (opaque) items += size - size; /* make compiler happy */ | |
59333 | + return (voidpf)calloc(items, size); | |
59334 | +} | |
59335 | + | |
59336 | +void zcfree (opaque, ptr) | |
59337 | + voidpf opaque; | |
59338 | + voidpf ptr; | |
59339 | +{ | |
59340 | + free(ptr); | |
59341 | + if (opaque) return; /* make compiler happy */ | |
59342 | +} | |
59343 | + | |
59344 | +#endif /* MY_ZCALLOC */ | |
59345 | --- swan26/net/ipv4/af_inet.c.orig Wed Jun 16 01:18:58 2004 | |
59346 | +++ swan26/net/ipv4/af_inet.c Fri Aug 13 23:09:27 2004 | |
59347 | @@ -1169,6 +1169,18 @@ | |
59348 | #if defined(CONFIG_IP_MROUTE) | |
59349 | ip_mr_init(); | |
59350 | #endif | |
59351 | + | |
59352 | +#if defined(CONFIG_KLIPS) | |
59353 | + { | |
59354 | + extern int ipsec_klips_init(void); | |
59355 | + /* | |
59356 | + * Initialise AF_INET ESP and AH protocol support including | |
59357 | + * e-routing and SA tables | |
59358 | + */ | |
59359 | + ipsec_klips_init(); | |
59360 | + } | |
59361 | +#endif /* CONFIG_IPSEC */ | |
59362 | + | |
59363 | /* | |
59364 | * Initialise per-cpu ipv4 mibs | |
59365 | */ | |
59366 | --- /dev/null Fri May 10 13:59:54 2002 | |
59367 | +++ linux/net/ipsec/Makefile.ver Sun Jul 28 22:10:40 2002 | |
59368 | @@ -0,0 +1 @@ | |
59369 | +IPSECVERSION=2.4.8rc1 |