diff 1999/0612/ip/esp.c

plan 9 kernel history: overview | file list | diff list

1999/0612/ip/esp.c (diff list | history)

1999/0608/sys/src/9/ip/esp.c:98,103 – 1999/0612/sys/src/9/ip/esp.c:98,105 (short | long | prev | next)
1999/0316
static char *setalg(Espcb *ecb, char **f, int n, Algorithm *alg); static void nullespinit(Espcb*, char*, uchar *key, int keylen); static void nullahinit(Espcb*, char*, uchar *key, int keylen);

1999/0612
static void shaahinit(Espcb*, char*, uchar *key, int keylen); static void md5ahinit(Espcb*, char*, uchar *key, int keylen);

1999/0316
static void desespinit(Espcb *ecb, char *name, uchar *k, int n); static Algorithm espalg[] =

1999/0608/sys/src/9/ip/esp.c:110,115 – 1999/0612/sys/src/9/ip/esp.c:112,119
1999/0316
static Algorithm ahalg[] = { "null", 0, nullahinit,

1999/0612
"hmac_sha_96", 128, shaahinit, "hmac_md5_96", 128, md5ahinit,

1999/0316
nil, 0, nil, };

1999/0608/sys/src/9/ip/esp.c:263,269 – 1999/0612/sys/src/9/ip/esp.c:267,272
1999/0316
ecb->cipher(ecb, bp->rp+EsphdrSize, payload+pad+EsptailSize); auth = bp->rp + EsphdrSize + payload + pad + EsptailSize; ~~ecb->auth(ecb, bp->rp+IphdrSize, (EsphdrSize-IphdrSize)+payload+pad+EsptailSize, auth);~~ // fill in head hnputl(eh->espspi, ecb->spi);

1999/0608/sys/src/9/ip/esp.c:274,279 – 1999/0612/sys/src/9/ip/esp.c:277,284
1999/0316
eh->frag[0] = 0; eh->frag[1] = 0;

1999/0612
ecb->auth(ecb, bp->rp+IphdrSize, (EsphdrSize-IphdrSize)+payload+pad+EsptailSize, auth);

1999/0316
qunlock(c); //print("esp: pass down: %uld\n", BLEN(bp)); ipoput(c->p->f, bp, 0, c->ttl);

1999/0608/sys/src/9/ip/esp.c:338,343 – 1999/0612/sys/src/9/ip/esp.c:343,349
1999/0316
auth = bp->wp - ecb->ahlen; if(!ecb->auth(ecb, eh->espspi, auth-eh->espspi, auth)) { qunlock(esp);

1999/0612
print("esp: bad auth %I -> %I!%ld\n", raddr, laddr, spi);

1999/0316
netlog(f, Logesp, "esp: bad auth %I -> %I!%d\n", raddr, laddr, spi); freeb(bp);

1999/0608/sys/src/9/ip/esp.c:558,563 – 1999/0612/sys/src/9/ip/esp.c:564,672
1999/0316
ecb->ahblklen = 1; ecb->ahlen = 0; ecb->auth = nullauth;

1999/0612
} void hmac_sha(uchar hash[SHAdlen], uchar *t, long tlen, uchar *key, long klen) { uchar ipad[65], opad[65]; int i; DigestState *digest; uchar innerhash[SHAdlen]; for(i=0; i<64; i++){ ipad[i] = 0x36; opad[i] = 0x5c; } ipad[64] = opad[64] = 0; for(i=0; i<klen; i++){ ipad[i] ^= key[i]; opad[i] ^= key[i]; } digest = sha(ipad, 64, nil, nil); sha(t, tlen, innerhash, digest); digest = sha(opad, 64, nil, nil); sha(innerhash, SHAdlen, hash, digest); } static int shaauth(Espcb *ecb, uchar *t, int tlen, uchar *auth) { uchar hash[SHAdlen]; int r; memset(hash, 0, SHAdlen); hmac_sha(hash, t, tlen, (uchar*)ecb->ahstate, 16); r = memcmp(auth, hash, ecb->ahlen) == 0; memmove(auth, hash, ecb->ahlen); return r; } static void shaahinit(Espcb *ecb, char *name, uchar *key, int klen) { if(klen != 128) panic("shaahinit: bad keylen"); klen >>= 8; // convert to bytes ecb->ahalg = name; ecb->ahblklen = 1; ecb->ahlen = 12; ecb->auth = shaauth; ecb->ahstate = smalloc(klen); memmove(ecb->ahstate, key, klen); } void hmac_md5(uchar hash[MD5dlen], uchar *t, long tlen, uchar *key, long klen) { uchar ipad[65], opad[65]; int i; DigestState *digest; uchar innerhash[MD5dlen]; for(i=0; i<64; i++){ ipad[i] = 0x36; opad[i] = 0x5c; } ipad[64] = opad[64] = 0; for(i=0; i<klen; i++){ ipad[i] ^= key[i]; opad[i] ^= key[i]; } digest = md5(ipad, 64, nil, nil); md5(t, tlen, innerhash, digest); digest = md5(opad, 64, nil, nil); md5(innerhash, MD5dlen, hash, digest); } static int md5auth(Espcb *ecb, uchar *t, int tlen, uchar *auth) { uchar hash[MD5dlen]; int r; memset(hash, 0, MD5dlen); hmac_md5(hash, t, tlen, (uchar*)ecb->ahstate, 16); r = memcmp(auth, hash, ecb->ahlen) == 0; memmove(auth, hash, ecb->ahlen); return r; } static void md5ahinit(Espcb *ecb, char *name, uchar *key, int klen) { if(klen != 128) panic("md5ahinit: bad keylen"); klen >>= 3; // convert to bytes ecb->ahalg = name; ecb->ahblklen = 1; ecb->ahlen = 12; ecb->auth = md5auth; ecb->ahstate = smalloc(klen); memmove(ecb->ahstate, key, klen);

1999/0316
} static int


`1999/0608/sys/src/9/ip/esp.c:98,103 – 1999/0612/sys/src/9/ip/esp.c:98,105` (short \| long \| prev \| next)
1999/0316		static char setalg(Espcb ecb, char *f, int n, Algorithm alg); static void nullespinit(Espcb, char, uchar key, int keylen); static void nullahinit(Espcb, char, uchar key, int keylen);
1999/0612		static void shaahinit(Espcb, char, uchar key, int keylen); static void md5ahinit(Espcb, char, uchar key, int keylen);
1999/0316		static void desespinit(Espcb ecb, char name, uchar *k, int n); static Algorithm espalg[] =
`1999/0608/sys/src/9/ip/esp.c:110,115 – 1999/0612/sys/src/9/ip/esp.c:112,119`
1999/0316		static Algorithm ahalg[] = { "null", 0, nullahinit,
1999/0612		"hmac_sha_96", 128, shaahinit, "hmac_md5_96", 128, md5ahinit,
1999/0316		nil, 0, nil, };
`1999/0608/sys/src/9/ip/esp.c:263,269 – 1999/0612/sys/src/9/ip/esp.c:267,272`
1999/0316		ecb->cipher(ecb, bp->rp+EsphdrSize, payload+pad+EsptailSize); auth = bp->rp + EsphdrSize + payload + pad + EsptailSize; ~~ecb->auth(ecb, bp->rp+IphdrSize, (EsphdrSize-IphdrSize)+payload+pad+EsptailSize, auth);~~ // fill in head hnputl(eh->espspi, ecb->spi);
`1999/0608/sys/src/9/ip/esp.c:274,279 – 1999/0612/sys/src/9/ip/esp.c:277,284`
1999/0316		eh->frag[0] = 0; eh->frag[1] = 0;
1999/0612		ecb->auth(ecb, bp->rp+IphdrSize, (EsphdrSize-IphdrSize)+payload+pad+EsptailSize, auth);
1999/0316		qunlock(c); //print("esp: pass down: %uld\n", BLEN(bp)); ipoput(c->p->f, bp, 0, c->ttl);
`1999/0608/sys/src/9/ip/esp.c:338,343 – 1999/0612/sys/src/9/ip/esp.c:343,349`
1999/0316		auth = bp->wp - ecb->ahlen; if(!ecb->auth(ecb, eh->espspi, auth-eh->espspi, auth)) { qunlock(esp);
1999/0612		print("esp: bad auth %I -> %I!%ld\n", raddr, laddr, spi);
1999/0316		netlog(f, Logesp, "esp: bad auth %I -> %I!%d\n", raddr, laddr, spi); freeb(bp);
`1999/0608/sys/src/9/ip/esp.c:558,563 – 1999/0612/sys/src/9/ip/esp.c:564,672`
1999/0316		ecb->ahblklen = 1; ecb->ahlen = 0; ecb->auth = nullauth;
1999/0612		} void hmac_sha(uchar hash[SHAdlen], uchar t, long tlen, uchar key, long klen) { uchar ipad[65], opad[65]; int i; DigestState digest; uchar innerhash[SHAdlen]; for(i=0; i<64; i++){ ipad[i] = 0x36; opad[i] = 0x5c; } ipad[64] = opad[64] = 0; for(i=0; i<klen; i++){ ipad[i] ^= key[i]; opad[i] ^= key[i]; } digest = sha(ipad, 64, nil, nil); sha(t, tlen, innerhash, digest); digest = sha(opad, 64, nil, nil); sha(innerhash, SHAdlen, hash, digest); } static int shaauth(Espcb ecb, uchar t, int tlen, uchar auth) { uchar hash[SHAdlen]; int r; memset(hash, 0, SHAdlen); hmac_sha(hash, t, tlen, (uchar)ecb->ahstate, 16); r = memcmp(auth, hash, ecb->ahlen) == 0; memmove(auth, hash, ecb->ahlen); return r; } static void shaahinit(Espcb ecb, char name, uchar key, int klen) { if(klen != 128) panic("shaahinit: bad keylen"); klen >>= 8; // convert to bytes ecb->ahalg = name; ecb->ahblklen = 1; ecb->ahlen = 12; ecb->auth = shaauth; ecb->ahstate = smalloc(klen); memmove(ecb->ahstate, key, klen); } void hmac_md5(uchar hash[MD5dlen], uchar t, long tlen, uchar key, long klen) { uchar ipad[65], opad[65]; int i; DigestState digest; uchar innerhash[MD5dlen]; for(i=0; i<64; i++){ ipad[i] = 0x36; opad[i] = 0x5c; } ipad[64] = opad[64] = 0; for(i=0; i<klen; i++){ ipad[i] ^= key[i]; opad[i] ^= key[i]; } digest = md5(ipad, 64, nil, nil); md5(t, tlen, innerhash, digest); digest = md5(opad, 64, nil, nil); md5(innerhash, MD5dlen, hash, digest); } static int md5auth(Espcb ecb, uchar t, int tlen, uchar auth) { uchar hash[MD5dlen]; int r; memset(hash, 0, MD5dlen); hmac_md5(hash, t, tlen, (uchar)ecb->ahstate, 16); r = memcmp(auth, hash, ecb->ahlen) == 0; memmove(auth, hash, ecb->ahlen); return r; } static void md5ahinit(Espcb ecb, char name, uchar key, int klen) { if(klen != 128) panic("md5ahinit: bad keylen"); klen >>= 3; // convert to bytes ecb->ahalg = name; ecb->ahblklen = 1; ecb->ahlen = 12; ecb->auth = md5auth; ecb->ahstate = smalloc(klen); memmove(ecb->ahstate, key, klen);
1999/0316		} static int