📄 ah_core.c
字号:
key = _KEYBUF(state->sav->key_auth);
keylen = _KEYLEN(state->sav->key_auth);
}
bzero(ipad, 64);
bzero(opad, 64);
bcopy(key, ipad, keylen);
bcopy(key, opad, keylen);
for (i = 0; i < 64; i++) {
ipad[i] ^= 0x36;
opad[i] ^= 0x5c;
}
MD5Init(ctxt);
MD5Update(ctxt, ipad, 64);
return 0;
}
static void
ah_hmac_md5_loop(state, addr, len)
struct ah_algorithm_state *state;
caddr_t addr;
size_t len;
{
MD5_CTX *ctxt;
if (!state || !state->foo)
panic("ah_hmac_md5_loop: what?");
ctxt = (MD5_CTX *)(((caddr_t)state->foo) + 128);
MD5Update(ctxt, addr, len);
}
static void
ah_hmac_md5_result(state, addr)
struct ah_algorithm_state *state;
caddr_t addr;
{
u_char digest[16];
u_char *ipad;
u_char *opad;
MD5_CTX *ctxt;
if (!state || !state->foo)
panic("ah_hmac_md5_result: what?");
ipad = (u_char *)state->foo;
opad = (u_char *)(ipad + 64);
ctxt = (MD5_CTX *)(opad + 64);
MD5Final(&digest[0], ctxt);
MD5Init(ctxt);
MD5Update(ctxt, opad, 64);
MD5Update(ctxt, &digest[0], sizeof(digest));
MD5Final(&digest[0], ctxt);
bcopy(&digest[0], (void *)addr, HMACSIZE);
free(state->foo, M_TEMP);
}
static int
ah_hmac_sha1_mature(sav)
struct secasvar *sav;
{
const struct ah_algorithm *algo;
if (!sav->key_auth) {
ipseclog((LOG_ERR, "ah_hmac_sha1_mature: no key is given.\n"));
return 1;
}
algo = ah_algorithm_lookup(sav->alg_auth);
if (!algo) {
ipseclog((LOG_ERR, "ah_hmac_sha1_mature: unsupported algorithm.\n"));
return 1;
}
if (sav->key_auth->sadb_key_bits < algo->keymin
|| algo->keymax < sav->key_auth->sadb_key_bits) {
ipseclog((LOG_ERR,
"ah_hmac_sha1_mature: invalid key length %d.\n",
sav->key_auth->sadb_key_bits));
return 1;
}
return 0;
}
static int
ah_hmac_sha1_init(state, sav)
struct ah_algorithm_state *state;
struct secasvar *sav;
{
u_char *ipad;
u_char *opad;
SHA1_CTX *ctxt;
u_char tk[SHA1_RESULTLEN]; /* SHA-1 generates 160 bits */
u_char *key;
size_t keylen;
size_t i;
if (!state)
panic("ah_hmac_sha1_init: what?");
state->sav = sav;
state->foo = (void *)malloc(64 + 64 + sizeof(SHA1_CTX),
M_TEMP, M_NOWAIT);
if (!state->foo)
return ENOBUFS;
ipad = (u_char *)state->foo;
opad = (u_char *)(ipad + 64);
ctxt = (SHA1_CTX *)(opad + 64);
/* compress the key if necessery */
if (64 < _KEYLEN(state->sav->key_auth)) {
SHA1Init(ctxt);
SHA1Update(ctxt, _KEYBUF(state->sav->key_auth),
_KEYLEN(state->sav->key_auth));
SHA1Final(&tk[0], ctxt);
key = &tk[0];
keylen = SHA1_RESULTLEN;
} else {
key = _KEYBUF(state->sav->key_auth);
keylen = _KEYLEN(state->sav->key_auth);
}
bzero(ipad, 64);
bzero(opad, 64);
bcopy(key, ipad, keylen);
bcopy(key, opad, keylen);
for (i = 0; i < 64; i++) {
ipad[i] ^= 0x36;
opad[i] ^= 0x5c;
}
SHA1Init(ctxt);
SHA1Update(ctxt, ipad, 64);
return 0;
}
static void
ah_hmac_sha1_loop(state, addr, len)
struct ah_algorithm_state *state;
caddr_t addr;
size_t len;
{
SHA1_CTX *ctxt;
if (!state || !state->foo)
panic("ah_hmac_sha1_loop: what?");
ctxt = (SHA1_CTX *)(((u_char *)state->foo) + 128);
SHA1Update(ctxt, (caddr_t)addr, (size_t)len);
}
static void
ah_hmac_sha1_result(state, addr)
struct ah_algorithm_state *state;
caddr_t addr;
{
u_char digest[SHA1_RESULTLEN]; /* SHA-1 generates 160 bits */
u_char *ipad;
u_char *opad;
SHA1_CTX *ctxt;
if (!state || !state->foo)
panic("ah_hmac_sha1_result: what?");
ipad = (u_char *)state->foo;
opad = (u_char *)(ipad + 64);
ctxt = (SHA1_CTX *)(opad + 64);
SHA1Final((caddr_t)&digest[0], ctxt);
SHA1Init(ctxt);
SHA1Update(ctxt, opad, 64);
SHA1Update(ctxt, (caddr_t)&digest[0], sizeof(digest));
SHA1Final((caddr_t)&digest[0], ctxt);
bcopy(&digest[0], (void *)addr, HMACSIZE);
free(state->foo, M_TEMP);
}
static int
ah_hmac_sha2_256_mature(sav)
struct secasvar *sav;
{
const struct ah_algorithm *algo;
if (!sav->key_auth) {
ipseclog((LOG_ERR,
"ah_hmac_sha2_256_mature: no key is given.\n"));
return 1;
}
algo = ah_algorithm_lookup(sav->alg_auth);
if (!algo) {
ipseclog((LOG_ERR,
"ah_hmac_sha2_256_mature: unsupported algorithm.\n"));
return 1;
}
if (sav->key_auth->sadb_key_bits < algo->keymin ||
algo->keymax < sav->key_auth->sadb_key_bits) {
ipseclog((LOG_ERR,
"ah_hmac_sha2_256_mature: invalid key length %d.\n",
sav->key_auth->sadb_key_bits));
return 1;
}
return 0;
}
static int
ah_hmac_sha2_256_init(state, sav)
struct ah_algorithm_state *state;
struct secasvar *sav;
{
u_char *ipad;
u_char *opad;
SHA256_CTX *ctxt;
u_char tk[SHA256_DIGEST_LENGTH];
u_char *key;
size_t keylen;
size_t i;
if (!state)
panic("ah_hmac_sha2_256_init: what?");
state->sav = sav;
state->foo = (void *)malloc(64 + 64 + sizeof(SHA256_CTX),
M_TEMP, M_NOWAIT);
if (!state->foo)
return ENOBUFS;
ipad = (u_char *)state->foo;
opad = (u_char *)(ipad + 64);
ctxt = (SHA256_CTX *)(opad + 64);
/* compress the key if necessery */
if (64 < _KEYLEN(state->sav->key_auth)) {
bzero(tk, sizeof(tk));
bzero(ctxt, sizeof(*ctxt));
SHA256_Init(ctxt);
SHA256_Update(ctxt, _KEYBUF(state->sav->key_auth),
_KEYLEN(state->sav->key_auth));
SHA256_Final(&tk[0], ctxt);
key = &tk[0];
keylen = sizeof(tk) < 64 ? sizeof(tk) : 64;
} else {
key = _KEYBUF(state->sav->key_auth);
keylen = _KEYLEN(state->sav->key_auth);
}
bzero(ipad, 64);
bzero(opad, 64);
bcopy(key, ipad, keylen);
bcopy(key, opad, keylen);
for (i = 0; i < 64; i++) {
ipad[i] ^= 0x36;
opad[i] ^= 0x5c;
}
bzero(ctxt, sizeof(*ctxt));
SHA256_Init(ctxt);
SHA256_Update(ctxt, ipad, 64);
return 0;
}
static void
ah_hmac_sha2_256_loop(state, addr, len)
struct ah_algorithm_state *state;
caddr_t addr;
size_t len;
{
SHA256_CTX *ctxt;
if (!state || !state->foo)
panic("ah_hmac_sha2_256_loop: what?");
ctxt = (SHA256_CTX *)(((u_char *)state->foo) + 128);
SHA256_Update(ctxt, (caddr_t)addr, (size_t)len);
}
static void
ah_hmac_sha2_256_result(state, addr)
struct ah_algorithm_state *state;
caddr_t addr;
{
u_char digest[SHA256_DIGEST_LENGTH];
u_char *ipad;
u_char *opad;
SHA256_CTX *ctxt;
if (!state || !state->foo)
panic("ah_hmac_sha2_256_result: what?");
ipad = (u_char *)state->foo;
opad = (u_char *)(ipad + 64);
ctxt = (SHA256_CTX *)(opad + 64);
SHA256_Final((caddr_t)&digest[0], ctxt);
bzero(ctxt, sizeof(*ctxt));
SHA256_Init(ctxt);
SHA256_Update(ctxt, opad, 64);
SHA256_Update(ctxt, (caddr_t)&digest[0], sizeof(digest));
SHA256_Final((caddr_t)&digest[0], ctxt);
bcopy(&digest[0], (void *)addr, HMACSIZE);
free(state->foo, M_TEMP);
}
static int
ah_hmac_sha2_384_mature(sav)
struct secasvar *sav;
{
const struct ah_algorithm *algo;
if (!sav->key_auth) {
ipseclog((LOG_ERR,
"ah_hmac_sha2_384_mature: no key is given.\n"));
return 1;
}
algo = ah_algorithm_lookup(sav->alg_auth);
if (!algo) {
ipseclog((LOG_ERR,
"ah_hmac_sha2_384_mature: unsupported algorithm.\n"));
return 1;
}
if (sav->key_auth->sadb_key_bits < algo->keymin ||
algo->keymax < sav->key_auth->sadb_key_bits) {
ipseclog((LOG_ERR,
"ah_hmac_sha2_384_mature: invalid key length %d.\n",
sav->key_auth->sadb_key_bits));
return 1;
}
return 0;
}
static int
ah_hmac_sha2_384_init(state, sav)
struct ah_algorithm_state *state;
struct secasvar *sav;
{
u_char *ipad;
u_char *opad;
SHA384_CTX *ctxt;
u_char tk[SHA384_DIGEST_LENGTH];
u_char *key;
size_t keylen;
size_t i;
if (!state)
panic("ah_hmac_sha2_384_init: what?");
state->sav = sav;
state->foo = (void *)malloc(64 + 64 + sizeof(SHA384_CTX),
M_TEMP, M_NOWAIT);
if (!state->foo)
return ENOBUFS;
bzero(state->foo, 64 + 64 + sizeof(SHA384_CTX));
ipad = (u_char *)state->foo;
opad = (u_char *)(ipad + 64);
ctxt = (SHA384_CTX *)(opad + 64);
/* compress the key if necessery */
if (64 < _KEYLEN(state->sav->key_auth)) {
bzero(tk, sizeof(tk));
bzero(ctxt, sizeof(*ctxt));
SHA384_Init(ctxt);
SHA384_Update(ctxt, _KEYBUF(state->sav->key_auth),
_KEYLEN(state->sav->key_auth));
SHA384_Final(&tk[0], ctxt);
key = &tk[0];
keylen = sizeof(tk) < 64 ? sizeof(tk) : 64;
} else {
key = _KEYBUF(state->sav->key_auth);
keylen = _KEYLEN(state->sav->key_auth);
}
bzero(ipad, 64);
bzero(opad, 64);
bcopy(key, ipad, keylen);
bcopy(key, opad, keylen);
for (i = 0; i < 64; i++) {
ipad[i] ^= 0x36;
opad[i] ^= 0x5c;
}
bzero(ctxt, sizeof(*ctxt));
SHA384_Init(ctxt);
SHA384_Update(ctxt, ipad, 64);
return 0;
}
static void
ah_hmac_sha2_384_loop(state, addr, len)
struct ah_algorithm_state *state;
caddr_t addr;
size_t len;
{
SHA384_CTX *ctxt;
if (!state || !state->foo)
panic("ah_hmac_sha2_384_loop: what?");
ctxt = (SHA384_CTX *)(((u_char *)state->foo) + 128);
SHA384_Update(ctxt, (caddr_t)addr, (size_t)len);
}
static void
ah_hmac_sha2_384_result(state, addr)
struct ah_algorithm_state *state;
caddr_t addr;
{
u_char digest[SHA384_DIGEST_LENGTH];
u_char *ipad;
u_char *opad;
SHA384_CTX *ctxt;
if (!state || !state->foo)
panic("ah_hmac_sha2_384_result: what?");
ipad = (u_char *)state->foo;
opad = (u_char *)(ipad + 64);
ctxt = (SHA384_CTX *)(opad + 64);
SHA384_Final((caddr_t)&digest[0], ctxt);
bzero(ctxt, sizeof(*ctxt));
SHA384_Init(ctxt);
SHA384_Update(ctxt, opad, 64);
SHA384_Update(ctxt, (caddr_t)&digest[0], sizeof(digest));
SHA384_Final((caddr_t)&digest[0], ctxt);
bcopy(&digest[0], (void *)addr, HMACSIZE);
free(state->foo, M_TEMP);
}
static int
ah_hmac_sha2_512_mature(sav)
struct secasvar *sav;
{
const struct ah_algorithm *algo;
if (!sav->key_auth) {
ipseclog((LOG_ERR,
"ah_hmac_sha2_512_mature: no key is given.\n"));
return 1;
}
algo = ah_algorithm_lookup(sav->alg_auth);
if (!algo) {
ipseclog((LOG_ERR,
"ah_hmac_sha2_512_mature: unsupported algorithm.\n"));
return 1;
}
if (sav->key_auth->sadb_key_bits < algo->keymin ||
algo->keymax < sav->key_auth->sadb_key_bits) {
ipseclog((LOG_ERR,
"ah_hmac_sha2_512_mature: invalid key length %d.\n",
sav->key_auth->sadb_key_bits));
return 1;
}
return 0;
}
static int
ah_hmac_sha2_512_init(state, sav)
struct ah_algorithm_state *state;
struct secasvar *sav;
{
u_char *ipad;
u_char *opad;
SHA512_CTX *ctxt;
u_char tk[SHA512_DIGEST_LENGTH];
u_char *key;
size_t keylen;
size_t i;
if (!state)
panic("ah_hmac_sha2_512_init: what?");
state->sav = sav;
state->foo = (void *)malloc(64 + 64 + sizeof(SHA512_CTX),
M_TEMP, M_NOWAIT);
if (!state->foo)
return ENOBUFS;
bzero(state->foo, 64 + 64 + sizeof(SHA512_CTX));
ipad = (u_char *)state->foo;
opad = (u_char *)(ipad + 64);
ctxt = (SHA512_CTX *)(opad + 64);
/* compress the key if necessery */
if (64 < _KEYLEN(state->sav->key_auth)) {
bzero(tk, sizeof(tk));
bzero(ctxt, sizeof(*ctxt));
SHA512_Init(ctxt);
SHA512_Update(ctxt, _KEYBUF(state->sav->key_auth),
_KEYLEN(state->sav->key_auth));
SHA512_Final(&tk[0], ctxt);
key = &tk[0];
keylen = sizeof(tk) < 64 ? sizeof(tk) : 64;
} else {
key = _KEYBUF(state->sav->key_auth);
keylen = _KEYLEN(state->sav->key_auth);
}
bzero(ipad, 64);
bzero(opad, 64);
bcopy(key, ipad, keylen);
bcopy(key, opad, keylen);
for (i = 0; i < 64; i++) {
ipad[i] ^= 0x36;
opad[i] ^= 0x5c;
}
bzero(ctxt, sizeof(*ctxt));
SHA512_Init(ctxt);
SHA512_Update(ctxt, ipad, 64);
return 0;
}
static void
ah_hmac_sha2_512_loop(state, addr, len)
struct ah_algorithm_state *state;
caddr_t addr;
size_t len;
{
SHA512_CTX *ctxt;
if (!state || !state->foo)
panic("ah_hmac_sha2_512_loop: what?");
ctxt = (SHA512_CTX *)(((u_char *)state->foo) + 128);
SHA512_Update(ctxt, (caddr_t)addr, (size_t)len);
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -