Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-1-5]: src/sys pullup from main trunc (approved by releng-1-5)
details: https://anonhg.NetBSD.org/src/rev/cf4a40cbf209
branches: netbsd-1-5
changeset: 488697:cf4a40cbf209
user: itojun <itojun%NetBSD.org@localhost>
date: Tue Jul 25 04:24:45 2000 +0000
description:
pullup from main trunc (approved by releng-1-5)
correct RFC2367 PF_KEY conformance (SADB_[AE]ALG_xx values and namespaces).
sync from kame.
WARNING: need recompilation of setkey(8) and pkgsrc/security/racoon.
(no ipsec-ready netbsd was released as official release, so binary backward
compatibility is less big issue)
(sys/netinet6/esp.h only, 1.10 -> 1.11)
wrap kernel function prototype by #ifdef _KERNEL.
--- revisions pulled up:
1.6 -> 1.7 syssrc/sys/net/pfkeyv2.h
1.10 -> 1.11 syssrc/sys/netinet6/ah.h
1.10 -> 1.11 syssrc/sys/netinet6/ah_output.c
1.19 -> 1.20 syssrc/sys/netinet6/ah_core.c
1.15 -> 1.16 syssrc/sys/netinet6/ah_input.c
1.8 -> 1.9 syssrc/sys/netinet6/esp.h
1.10 -> 1.11 syssrc/sys/netinet6/esp.h
1.1 -> 1.2 syssrc/sys/netinet6/esp_core.c
1.1 -> 1.2 syssrc/sys/netinet6/esp_input.c
1.2 -> 1.3 syssrc/sys/netinet6/esp_output.c
1.26 -> 1.27 syssrc/sys/netkey/key.c
diffstat:
sys/net/pfkeyv2.h | 43 ++++++-----
sys/netinet6/ah.h | 17 +---
sys/netinet6/ah_core.c | 100 ++++++++++++++++++++--------
sys/netinet6/ah_input.c | 24 +++---
sys/netinet6/ah_output.c | 36 +++++++--
sys/netinet6/esp.h | 19 ++--
sys/netinet6/esp_core.c | 159 ++++++++++++++++++++++++++++-----------------
sys/netinet6/esp_input.c | 46 +++++++------
sys/netinet6/esp_output.c | 48 ++++++++-----
sys/netkey/key.c | 113 ++++++++++++++++----------------
10 files changed, 357 insertions(+), 248 deletions(-)
diffs (truncated from 1361 to 300 lines):
diff -r 98cc3a3f942b -r cf4a40cbf209 sys/net/pfkeyv2.h
--- a/sys/net/pfkeyv2.h Tue Jul 25 04:19:42 2000 +0000
+++ b/sys/net/pfkeyv2.h Tue Jul 25 04:24:45 2000 +0000
@@ -1,5 +1,5 @@
-/* $NetBSD: pfkeyv2.h,v 1.5.2.1 2000/07/01 23:45:20 itojun Exp $ */
-/* $KAME: pfkeyv2.h,v 1.17 2000/06/22 08:38:33 sakane Exp $ */
+/* $NetBSD: pfkeyv2.h,v 1.5.2.2 2000/07/25 04:24:45 itojun Exp $ */
+/* $KAME: pfkeyv2.h,v 1.18 2000/07/15 16:07:47 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -298,26 +298,29 @@
#define SADB_SAFLAGS_PFS 1
-#define SADB_AALG_NONE 0
-#define SADB_AALG_MD5HMAC 1 /* 2 */
-#define SADB_AALG_SHA1HMAC 2 /* 3 */
-#define SADB_AALG_MD5 3 /* Keyed MD5 */
-#define SADB_AALG_SHA 4 /* Keyed SHA */
-#define SADB_AALG_NULL 5 /* null authentication */
-#define SADB_AALG_MAX 6
+/* RFC2367 numbers - meets RFC2407 */
+#define SADB_AALG_NONE 0
+#define SADB_AALG_MD5HMAC 2
+#define SADB_AALG_SHA1HMAC 3
+#define SADB_AALG_MAX 251
+/* private allocations should use 249-255 (RFC2407) */
+#define SADB_X_AALG_MD5 249 /* Keyed MD5 */
+#define SADB_X_AALG_SHA 250 /* Keyed SHA */
+#define SADB_X_AALG_NULL 251 /* null authentication */
-#define SADB_EALG_NONE 0
-#define SADB_EALG_DESCBC 1 /* 2 */
-#define SADB_EALG_3DESCBC 2 /* 3 */
-#define SADB_EALG_NULL 3 /* 11 */
-#define SADB_EALG_BLOWFISHCBC 4
-#define SADB_EALG_CAST128CBC 5
-#if 0
-#define SADB_EALG_RC5CBC 6
-#define SADB_EALG_MAX 7
-#else
-#define SADB_EALG_MAX 6
+/* RFC2367 numbers - meets RFC2407 */
+#define SADB_EALG_NONE 0
+#define SADB_EALG_DESCBC 2
+#define SADB_EALG_3DESCBC 3
+#define SADB_EALG_NULL 11
+#define SADB_EALG_MAX 11
+/* private allocations - based on RFC2407 */
+#if 0 /*disabled due to possible patent issue*/
+#define SADB_X_EALG_RC5CBC 4
#endif
+#define SADB_X_EALG_CAST128CBC 6
+#define SADB_X_EALG_BLOWFISHCBC 7
+/* private allocations should use 249-255 (RFC2407) */
#if 1 /*nonstandard */
#define SADB_X_CALG_NONE 0
diff -r 98cc3a3f942b -r cf4a40cbf209 sys/netinet6/ah.h
--- a/sys/netinet6/ah.h Tue Jul 25 04:19:42 2000 +0000
+++ b/sys/netinet6/ah.h Tue Jul 25 04:24:45 2000 +0000
@@ -1,5 +1,5 @@
-/* $NetBSD: ah.h,v 1.10 2000/06/14 11:27:35 itojun Exp $ */
-/* $KAME: ah.h,v 1.9 2000/06/14 11:14:03 itojun Exp $ */
+/* $NetBSD: ah.h,v 1.10.2.1 2000/07/25 04:24:46 itojun Exp $ */
+/* $KAME: ah.h,v 1.11 2000/07/15 16:07:47 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -41,7 +41,7 @@
#include "opt_inet.h"
#endif
-#include <netkey/keydb.h> /* for struct secasvar */
+struct secasvar;
struct ah {
u_int8_t ah_nxt; /* Next Header */
@@ -79,12 +79,7 @@
#define AH_MAXSUMSIZE 16
#ifdef _KERNEL
-extern struct ah_algorithm ah_algorithms[];
-
-struct inpcb;
-#ifdef INET6
-struct in6pcb;
-#endif
+extern const struct ah_algorithm *ah_algorithm_lookup __P((int));
/* cksum routines */
extern int ah_hdrlen __P((struct secasvar *));
@@ -93,14 +88,14 @@
extern void ah4_input __P((struct mbuf *, ...));
extern int ah4_output __P((struct mbuf *, struct ipsecrequest *));
extern int ah4_calccksum __P((struct mbuf *, caddr_t, size_t,
- struct ah_algorithm *, struct secasvar *));
+ const struct ah_algorithm *, struct secasvar *));
#ifdef INET6
extern int ah6_input __P((struct mbuf **, int *, int));
extern int ah6_output __P((struct mbuf *, u_char *, struct mbuf *,
struct ipsecrequest *));
extern int ah6_calccksum __P((struct mbuf *, caddr_t, size_t,
- struct ah_algorithm *, struct secasvar *));
+ const struct ah_algorithm *, struct secasvar *));
#endif /* INET6 */
#endif /*_KERNEL*/
diff -r 98cc3a3f942b -r cf4a40cbf209 sys/netinet6/ah_core.c
--- a/sys/netinet6/ah_core.c Tue Jul 25 04:19:42 2000 +0000
+++ b/sys/netinet6/ah_core.c Tue Jul 25 04:24:45 2000 +0000
@@ -1,5 +1,5 @@
-/* $NetBSD: ah_core.c,v 1.19 2000/06/14 11:27:35 itojun Exp $ */
-/* $KAME: ah_core.c,v 1.35 2000/06/14 11:14:03 itojun Exp $ */
+/* $NetBSD: ah_core.c,v 1.19.2.1 2000/07/25 04:24:46 itojun Exp $ */
+/* $KAME: ah_core.c,v 1.36 2000/07/15 16:07:48 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -96,8 +96,7 @@
static int ah_sumsiz_1216 __P((struct secasvar *));
static int ah_sumsiz_zero __P((struct secasvar *));
static int ah_none_mature __P((struct secasvar *));
-static int ah_none_init __P((struct ah_algorithm_state *,
- struct secasvar *));
+static int ah_none_init __P((struct ah_algorithm_state *, struct secasvar *));
static void ah_none_loop __P((struct ah_algorithm_state *, caddr_t, size_t));
static void ah_none_result __P((struct ah_algorithm_state *, caddr_t));
static int ah_keyed_md5_mature __P((struct secasvar *));
@@ -125,24 +124,47 @@
size_t));
static void ah_hmac_sha1_result __P((struct ah_algorithm_state *, caddr_t));
-static void ah_update_mbuf __P((struct mbuf *, int, int, struct ah_algorithm *,
- struct ah_algorithm_state *));
+static void ah_update_mbuf __P((struct mbuf *, int, int,
+ const struct ah_algorithm *, struct ah_algorithm_state *));
-/* checksum algorithms */
-/* NOTE: The order depends on SADB_AALG_x in net/pfkeyv2.h */
-struct ah_algorithm ah_algorithms[] = {
- { 0, 0, 0, 0, 0, 0, },
- { ah_sumsiz_1216, ah_hmac_md5_mature, 128, 128, "hmac-md5",
- ah_hmac_md5_init, ah_hmac_md5_loop, ah_hmac_md5_result, },
- { ah_sumsiz_1216, ah_hmac_sha1_mature, 160, 160, "hmac-sha1",
- ah_hmac_sha1_init, ah_hmac_sha1_loop, ah_hmac_sha1_result, },
- { ah_sumsiz_1216, ah_keyed_md5_mature, 128, 128, "keyed-md5",
- ah_keyed_md5_init, ah_keyed_md5_loop, ah_keyed_md5_result, },
- { ah_sumsiz_1216, ah_keyed_sha1_mature, 160, 160, "keyed-sha1",
- ah_keyed_sha1_init, ah_keyed_sha1_loop, ah_keyed_sha1_result, },
- { ah_sumsiz_zero, ah_none_mature, 0, 2048, "none",
- ah_none_init, ah_none_loop, ah_none_result, },
-};
+const struct ah_algorithm *
+ah_algorithm_lookup(idx)
+ int idx;
+{
+ /* checksum algorithms */
+ static struct ah_algorithm ah_algorithms[] = {
+ { ah_sumsiz_1216, ah_hmac_md5_mature, 128, 128, "hmac-md5",
+ ah_hmac_md5_init, ah_hmac_md5_loop,
+ ah_hmac_md5_result, },
+ { ah_sumsiz_1216, ah_hmac_sha1_mature, 160, 160, "hmac-sha1",
+ ah_hmac_sha1_init, ah_hmac_sha1_loop,
+ ah_hmac_sha1_result, },
+ { ah_sumsiz_1216, ah_keyed_md5_mature, 128, 128, "keyed-md5",
+ ah_keyed_md5_init, ah_keyed_md5_loop,
+ ah_keyed_md5_result, },
+ { ah_sumsiz_1216, ah_keyed_sha1_mature, 160, 160, "keyed-sha1",
+ ah_keyed_sha1_init, ah_keyed_sha1_loop,
+ ah_keyed_sha1_result, },
+ { ah_sumsiz_zero, ah_none_mature, 0, 2048, "none",
+ ah_none_init, ah_none_loop, ah_none_result, },
+ };
+
+ switch (idx) {
+ case SADB_AALG_MD5HMAC:
+ return &ah_algorithms[0];
+ case SADB_AALG_SHA1HMAC:
+ return &ah_algorithms[1];
+ case SADB_X_AALG_MD5:
+ return &ah_algorithms[2];
+ case SADB_X_AALG_SHA:
+ return &ah_algorithms[3];
+ case SADB_X_AALG_NULL:
+ return &ah_algorithms[4];
+ default:
+ return NULL;
+ }
+}
+
static int
ah_sumsiz_1216(sav)
@@ -303,13 +325,19 @@
ah_keyed_sha1_mature(sav)
struct secasvar *sav;
{
- struct ah_algorithm *algo;
+ const struct ah_algorithm *algo;
if (!sav->key_auth) {
ipseclog((LOG_ERR, "ah_keyed_sha1_mature: no key is given.\n"));
return 1;
}
- algo = &ah_algorithms[sav->alg_auth];
+
+ algo = ah_algorithm_lookup(sav->alg_auth);
+ if (!algo) {
+ ipseclog((LOG_ERR, "ah_keyed_sha1_mature: unsupported algorithm.\n"));
+ return 1;
+ }
+
if (sav->key_auth->sadb_key_bits < algo->keymin
|| algo->keymax < sav->key_auth->sadb_key_bits) {
ipseclog((LOG_ERR,
@@ -420,13 +448,19 @@
ah_hmac_md5_mature(sav)
struct secasvar *sav;
{
- struct ah_algorithm *algo;
+ const struct ah_algorithm *algo;
if (!sav->key_auth) {
ipseclog((LOG_ERR, "ah_hmac_md5_mature: no key is given.\n"));
return 1;
}
- algo = &ah_algorithms[sav->alg_auth];
+
+ algo = ah_algorithm_lookup(sav->alg_auth);
+ if (!algo) {
+ ipseclog((LOG_ERR, "ah_hmac_md5_mature: unsupported algorithm.\n"));
+ return 1;
+ }
+
if (sav->key_auth->sadb_key_bits < algo->keymin
|| algo->keymax < sav->key_auth->sadb_key_bits) {
ipseclog((LOG_ERR,
@@ -538,13 +572,19 @@
ah_hmac_sha1_mature(sav)
struct secasvar *sav;
{
- struct ah_algorithm *algo;
+ const struct ah_algorithm *algo;
if (!sav->key_auth) {
ipseclog((LOG_ERR, "ah_hmac_sha1_mature: no key is given.\n"));
return 1;
}
- algo = &ah_algorithms[sav->alg_auth];
+
+ algo = ah_algorithm_lookup(sav->alg_auth);
+ if (!algo) {
+ ipseclog((LOG_ERR, "ah_hmac_sha1_mature: unsupported algorithm.\n"));
+ return 1;
+ }
+
if (sav->key_auth->sadb_key_bits < algo->keymin
|| algo->keymax < sav->key_auth->sadb_key_bits) {
ipseclog((LOG_ERR,
@@ -664,7 +704,7 @@
struct mbuf *m;
int off;
int len;
- struct ah_algorithm *algo;
+ const struct ah_algorithm *algo;
struct ah_algorithm_state *algos;
{
struct mbuf *n;
@@ -713,7 +753,7 @@
struct mbuf *m;
caddr_t ahdat;
size_t len;
- struct ah_algorithm *algo;
+ const struct ah_algorithm *algo;
struct secasvar *sav;
{
int off;
@@ -933,7 +973,7 @@
struct mbuf *m;
caddr_t ahdat;
size_t len;
- struct ah_algorithm *algo;
+ const struct ah_algorithm *algo;
struct secasvar *sav;
{
int newoff, off;
diff -r 98cc3a3f942b -r cf4a40cbf209 sys/netinet6/ah_input.c
--- a/sys/netinet6/ah_input.c Tue Jul 25 04:19:42 2000 +0000
+++ b/sys/netinet6/ah_input.c Tue Jul 25 04:24:45 2000 +0000
@@ -1,5 +1,5 @@
-/* $NetBSD: ah_input.c,v 1.15 2000/06/02 18:20:16 itojun Exp $ */
-/* $KAME: ah_input.c,v 1.29 2000/05/29 08:33:53 itojun Exp $ */
+/* $NetBSD: ah_input.c,v 1.15.2.1 2000/07/25 04:24:47 itojun Exp $ */
+/* $KAME: ah_input.c,v 1.30 2000/07/15 16:07:48 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
Home |
Main Index |
Thread Index |
Old Index