📄 sec2_algo.c
字号:
}
/* 认证算法参数长度检查 */
if ((auth->inLen > MPC190_MAX_DATA_SIZE)
|| ((algoType == DRV_IPSEC_DES_HMAC_MD5_ENCRYPT) && (auth->outLen > DRV_IPSEC_MD5_DIG_LEN))
|| ((algoType == DRV_IPSEC_DES_HMAC_SHA_ENCRYPT) && (auth->outLen > DRV_IPSEC_SHA_DIG_LEN))
|| ((algoType == DRV_IPSEC_3DES_HMAC_MD5_ENCRYPT) && (auth->outLen > DRV_IPSEC_MD5_DIG_LEN))
|| ((algoType == DRV_IPSEC_3DES_HMAC_SHA_ENCRYPT) && (auth->outLen > DRV_IPSEC_SHA_DIG_LEN)))
{
DRV_IPSEC_DBG("drv_sec2_des_hmac_crypt: auth length error!\n");
return SEC2_ERROR;
}
#endif
/* 算法类型检查和获得相应描述符标识 */
#if DRIVER_IPSEC_DBG
switch(algoType)
{
case DRV_IPSEC_DES_HMAC_MD5_ENCRYPT: /* DES + MD5 */
hashLen = DRV_IPSEC_MD5_DIG_LEN;
dpdOpId = DPD_IPSEC_CBC_SDES_ENCRYPT_MD5_PAD;
break;
case DRV_IPSEC_DES_HMAC_SHA_ENCRYPT: /* DES + SHA1 */
hashLen = DRV_IPSEC_SHA_DIG_LEN;
dpdOpId = DPD_IPSEC_CBC_SDES_ENCRYPT_SHA_PAD;
break;
#if 0
case DRV_IPSEC_DES_HMAC_SHA256_ENCRYPT: /* DES + SHA256 */
hashLen = DRV_IPSEC_SHA256_DIG_LEN;
dpdOpId = DPD_IPSEC_CBC_SDES_ENCRYPT_SHA256_PAD;
break;
#endif
case DRV_IPSEC_3DES_HMAC_MD5_ENCRYPT: /* 3DES + MD5 */
hashLen = DRV_IPSEC_MD5_DIG_LEN;
dpdOpId = DPD_IPSEC_CBC_TDES_ENCRYPT_MD5_PAD;
break;
case DRV_IPSEC_3DES_HMAC_SHA_ENCRYPT: /* 3DES + SHA1 */
hashLen = DRV_IPSEC_SHA_DIG_LEN;
dpdOpId = DPD_IPSEC_CBC_TDES_ENCRYPT_SHA_PAD;
break;
#if 0
case DRV_IPSEC_3DES_HMAC_SHA256_ENCRYPT: /* 3DES + SHA256 */
hashLen = DRV_IPSEC_SHA256_DIG_LEN;
dpdOpId = DPD_IPSEC_CBC_TDES_ENCRYPT_SHA256_PAD;
break;
#endif
case DRV_IPSEC_DES_HMAC_MD5_DECRYPT: /* DES + MD5 */
hashLen = DRV_IPSEC_MD5_DIG_LEN;
dpdOpId = DPD_IPSEC_CBC_SDES_DECRYPT_MD5_PAD;
break;
case DRV_IPSEC_DES_HMAC_SHA_DECRYPT: /* DES + SHA1 */
hashLen = DRV_IPSEC_SHA_DIG_LEN;
dpdOpId = DPD_IPSEC_CBC_SDES_DECRYPT_SHA_PAD;
break;
#if 0
case DRV_IPSEC_DES_HMAC_SHA256_DECRYPT: /* DES + SHA256 */
hashLen = DRV_IPSEC_SHA256_DIG_LEN;
dpdOpId = DPD_IPSEC_CBC_SDES_DECRYPT_SHA256_PAD;
break;
#endif
case DRV_IPSEC_3DES_HMAC_MD5_DECRYPT: /* 3DES + MD5 */
hashLen = DRV_IPSEC_MD5_DIG_LEN;
dpdOpId = DPD_IPSEC_CBC_TDES_DECRYPT_MD5_PAD;
break;
case DRV_IPSEC_3DES_HMAC_SHA_DECRYPT: /* 3DES + SHA1 */
hashLen = DRV_IPSEC_SHA_DIG_LEN;
dpdOpId = DPD_IPSEC_CBC_TDES_DECRYPT_SHA_PAD;
break;
#if 0
case DRV_IPSEC_3DES_HMAC_SHA256_DECRYPT: /* 3DES + SHA256 */
hashLen = DRV_IPSEC_SHA256_DIG_LEN;
dpdOpId = DPD_IPSEC_CBC_TDES_DECRYPT_SHA256_PAD;
break;
#endif
default:
DRV_IPSEC_DBG("drv_sec2_des_hmac_crypt: algoType error!\n");
return SEC2_ERROR;
}
#else
if((inType != ESP_ALGO_TYPE) && (inType != IKE_ALGO_TYPE))
{
DRV_IPSEC_DBG("drv_sec2_des_hmac_crypt: algoType error!\n");
return SEC2_ERROR;
}
if(inType == ESP_ALGO_TYPE)
{
switch(algoid)
{
case ALGO_ESP_OUTPUT_DES_MD5: /* DES + MD5 */
hashLen = DRV_IPSEC_MD5_DIG_LEN;
dpdOpId = DPD_IPSEC_CBC_SDES_ENCRYPT_MD5_PAD;
break;
case ALGO_ESP_OUTPUT_DES_SHA: /* DES + SHA1 */
hashLen = DRV_IPSEC_SHA_DIG_LEN;
dpdOpId = DPD_IPSEC_CBC_SDES_ENCRYPT_SHA_PAD;
break;
#if 0
case ALGO_ESP_OUTPUT_DES_SHA256: /* DES + SHA256 */
hashLen = DRV_IPSEC_SHA256_DIG_LEN;
dpdOpId = DPD_IPSEC_CBC_SDES_ENCRYPT_SHA256_PAD;
break;
#endif
case ALGO_ESP_OUTPUT_3DES_MD5: /* 3DES + MD5 */
hashLen = DRV_IPSEC_MD5_DIG_LEN;
dpdOpId = DPD_IPSEC_CBC_TDES_ENCRYPT_MD5_PAD;
break;
case ALGO_ESP_OUTPUT_3DES_SHA: /* 3DES + SHA1 */
hashLen = DRV_IPSEC_SHA_DIG_LEN;
dpdOpId = DPD_IPSEC_CBC_TDES_ENCRYPT_SHA_PAD;
break;
#if 0
case ALGO_ESP_OUTPUT_3DES_SHA256: /* 3DES + SHA256 */
hashLen = DRV_IPSEC_SHA256_DIG_LEN;
dpdOpId = DPD_IPSEC_CBC_TDES_ENCRYPT_SHA256_PAD;
break;
#endif
case ALGO_ESP_INPUT_DES_MD5: /* DES + MD5 */
hashLen = DRV_IPSEC_MD5_DIG_LEN;
dpdOpId = DPD_IPSEC_CBC_SDES_DECRYPT_MD5_PAD;
break;
case ALGO_ESP_INPUT_DES_SHA: /* DES + SHA1 */
hashLen = DRV_IPSEC_SHA_DIG_LEN;
dpdOpId = DPD_IPSEC_CBC_SDES_DECRYPT_SHA_PAD;
break;
#if 0
case ALGO_ESP_INPUT_DES_SHA256: /* DES + SHA256 */
hashLen = DRV_IPSEC_SHA256_DIG_LEN;
dpdOpId = DPD_IPSEC_CBC_SDES_DECRYPT_SHA256_PAD;
break;
#endif
case ALGO_ESP_INPUT_3DES_MD5: /* 3DES + MD5 */
hashLen = DRV_IPSEC_MD5_DIG_LEN;
dpdOpId = DPD_IPSEC_CBC_TDES_DECRYPT_MD5_PAD;
break;
case ALGO_ESP_INPUT_3DES_SHA: /* 3DES + SHA1 */
hashLen = DRV_IPSEC_SHA_DIG_LEN;
dpdOpId = DPD_IPSEC_CBC_TDES_DECRYPT_SHA_PAD;
break;
#if 0
case ALGO_ESP_INPUT_3DES_SHA256: /* 3DES + SHA256 */
hashLen = DRV_IPSEC_SHA256_DIG_LEN;
dpdOpId = DPD_IPSEC_CBC_TDES_DECRYPT_SHA256_PAD;
#endif
default:
DRV_IPSEC_DBG("drv_sec2_des_hmac_encrypt: algoType error!\n");
return SEC2_ERROR;
}
}
#endif
/**************** 分配上下文内存 ****************/
ctx = (DRV_SEC2_CONTEXT*)SEC2_GETBUF(sizeof(DRV_SEC2_CONTEXT));
if (NULL == ctx)
{
DRV_IPSEC_DBG("drv_sec2_des_hmac_crypt: malloc DRV_SEC2_CONTEXT failed!\n");
return SEC2_ERROR;
}
ctx->msg = msg; /* 平台传入的算法消息 */
/**************** 分配描述符内存 ****************/
dpdReqLen = sizeof(IPSEC_CBC_REQ) ;
ctx->dpdReqMem= (UINT8*)SEC2_GETBUF(dpdReqLen);
if (NULL == ctx->dpdReqMem)
{
DRV_IPSEC_DBG("drv_sec2_des_hmac_crypt: malloc ctx->dpdReqMem failed!\n");
drv_sec2_free_context(ctx);
return SEC2_ERROR;
}
ipsecReq = (IPSEC_CBC_REQ*) (ctx->dpdReqMem);
/**************** 描述符填充: DPD_IPSEC_CBC_SDES_ENCRYPT_SHA_PAD ****************/
ipsecReq->opId = dpdOpId; /*IPSEC操作符*/
ipsecReq->channel = 0;
ipsecReq->notify = (PSEC_NOTIFY_ROUTINE)drv_sec2_callback;
ipsecReq->pNotifyCtx = ctx;
ipsecReq->notify_on_error = (PSEC_NOTIFY_ON_ERROR_ROUTINE)drv_sec2_error_callback;
ipsecReq->ctxNotifyOnErr.request = ctx;
ipsecReq->status = 0;
ipsecReq->nextReq = NULL;
ipsecReq->hashKeyBytes = auth->keyLen;
ipsecReq->cryptCtxInBytes = crypt->ivlen;
ipsecReq->cryptKeyBytes = crypt->keyLen;
ipsecReq->hashInDataBytes = auth->inLen - crypt->inLen;
ipsecReq->inDataBytes = crypt->inLen;
ipsecReq->hashDataOutBytes = hashLen;
ipsecReq->hashKeyData = auth->key;
ipsecReq->cryptCtxInData = crypt->iv;
ipsecReq->cryptKeyData = crypt->key;
ipsecReq->hashInData = auth->inData;
ipsecReq->inData = crypt->inData;
#if DRIVER_IPSEC_DBG
if((algoType == DRV_IPSEC_DES_HMAC_MD5_ENCRYPT)
|| (algoType == DRV_IPSEC_DES_HMAC_SHA_ENCRYPT)
|| (algoType == DRV_IPSEC_DES_HMAC_SHA256_ENCRYPT)
|| (algoType == DRV_IPSEC_3DES_HMAC_MD5_ENCRYPT)
|| (algoType == DRV_IPSEC_3DES_HMAC_SHA_ENCRYPT)
|| (algoType == DRV_IPSEC_3DES_HMAC_SHA256_ENCRYPT))
{
ipsecReq->cryptDataOut = drv_ipsec_out_internalSec2;
ipsecReq->hashDataOut = drv_ipsec_out_internalSec2_hmac;
}
else
{
ipsecReq->cryptDataOut = ipsec_onlytest;
ipsecReq->hashDataOut = ipsec_onlytest_hmac;
}
#else
ipsecReq->cryptDataOut = crypt->outData;
ipsecReq->hashDataOut = auth->outData;
#endif
/**************** 下发硬件处理 ****************/
ipsec_status = (UINT32)SEC2_ioctl(IOCTL_PROC_REQ, ipsecReq);
if (SEC2_SUCCESS != ipsec_status)
{
DRV_IPSEC_DBG("drv_sec2_des_hmac: Ioctl failed!\n");
drv_sec2_free_context(ctx);
}
return ipsec_status;
}
/**************************************************************************
* 函数名称:drv_sec2_aes_hmac_crypt
* 功能描述:实现了DES和AES加密,MD5/SHA认证的HMAC 算法,用于协议认证
* 需要满足 (1) 输入处理数据长度<= 2048 byte
* (2)输出数据长度MD5 <= 16 byte, SHA <= 20 byte
* 顺序是先认证后解密
* 输入参数:algoid --算法标识
* arg_in --mux传入参数
* 输出参数:SEC2_ioctl,下发硬件模块
* 返 回 值:成功返回SEC2_SUCCESS,错误返回SEC2_ERROR或者下层返回的错误码
* 其它说明:8349或8541内置加密核适配模块
* 修改日期 版本号 修改人 修改内容
* -----------------------------------------------
* 2006-7-12 V1.0 陈晓 创建
**************************************************************************/
int drv_sec2_aes_hmac_crypt(DRV_IPSEC_ALGO_TYPE algoType, VOID *arg_in)
{
UINT32 hashLen =0; /* HASH 算法产生的消息摘要长度 */
UINT32 dpdReqLen; /* 描述符字节长度 */
UINT32 dpdOpId = 0; /* 描述符标识符 */
int ipsec_status = SEC2_ERROR;
IPSEC_CBC_REQ *ipsecReq = (IPSEC_CBC_REQ *)NULL;
DRV_SEC2_CONTEXT *ctx = (DRV_SEC2_CONTEXT *)NULL; /* 上下文结构 */
algo_msg_crypt_t *crypt = (algo_msg_crypt_t *)NULL;
algo_msg_hmac_t *auth = (algo_msg_hmac_t *)NULL;
void* msg = NULL;
UINT32 algoid = 0;
UINT32 inType = 0;
DRV_LNDEC_ALG_REQ_PARA *in_param = (DRV_LNDEC_ALG_REQ_PARA *)NULL;
/**************** 参数合法性检查和赋值 ****************/
in_param = (DRV_LNDEC_ALG_REQ_PARA*)arg_in;
algoid = in_param->algoid;
inType = in_param->algotype;
if (NULL != in_param->data)
{
msg = in_param->data;
}
else
{
DRV_IPSEC_DBG("drv_sec2_aes_hmac_crypt: msg == NULL!\n");
return SEC2_ERROR;
}
if(NULL != (algo_msg_crypt_t*)in_param->crypt)
{
crypt = (algo_msg_crypt_t*)in_param->crypt;
}
else
{
DRV_IPSEC_DBG("drv_sec2_aes_hmac_crypt: in param crypt null!\n");
return SEC2_ERROR;
}
if(NULL != (algo_msg_hmac_t*)in_param->auth)
{
auth = (algo_msg_hmac_t*)in_param->auth;
}
else
{
DRV_IPSEC_DBG("drv_sec2_aes_hmac_crypt: in param auth null!\n");
return SEC2_ERROR;
}
if ( (NULL == crypt->inData)|| (NULL == crypt->key) || (NULL == crypt->iv) || (NULL == crypt->outData)
|| (NULL == auth) || (NULL == auth->inData) || (NULL == auth->key) || (NULL == auth->outData))
{
DRV_IPSEC_DBG("drv_sec2_aes_hmac_crypt: algoid or auth or crypt error!\n");
return SEC2_ERROR;
}
/****************** 加密算法参数长度检查 ********************/
if (!ChkAesKeyLen(crypt->keyLen)||!ChkAesIvLen(crypt->ivlen))
{
DRV_IPSEC_DBG("drv_sec2_aes_hmac_crypt: crypt length error!\n");
return SEC2_ERROR;
}
/* 认证算法参数长度检查 */
#if DRIVER_IPSEC_DBG
if ((auth->inLen > MPC190_MAX_DATA_SIZE)
|| ((algoType == DRV_IPSEC_AES_HMAC_MD5_ENCRYPT) && (auth->outLen > DRV_IPSEC_MD5_DIG_LEN))
|| ((algoType == DRV_IPSEC_AES_HMAC_SHA_ENCRYPT) && (auth->outLen > DRV_IPSEC_SHA_DIG_LEN))
|| ((algoType == DRV_IPSEC_AES_HMAC_SHA256_ENCRYPT) && (auth->outLen > DRV_IPSEC_SHA256_DIG_LEN)))
{
DRV_IPSEC_DBG("drv_sec2_aes_hmac_crypt: auth length error!\n");
return SEC2_ERROR;
}
#endif
/************* 算法类型检查和获得相应描述符标识 ***********/
#if DRIVER_IPSEC_DBG
switch(algoType)
{
case DRV_IPSEC_AES_HMAC_MD5_ENCRYPT: /* DES + MD5 */
hashLen = DRV_IPSEC_MD5_DIG_LEN;
dpdOpId = DPD_IPSEC_AES_CBC_ENCRYPT_MD5_APAD;
break;
case DRV_IPSEC_AES_HMAC_SHA_ENCRYPT: /* DES + SHA1 */
hashLen = DRV_IPSEC_SHA_DIG_LEN;
dpdOpId = DPD_IPSEC_AES_CBC_ENCRYPT_SHA_APAD;
break;
#if 0
case DRV_IPSEC_AES_HMAC_SHA256_ENCRYPT: /* DES + SHA256 */
hashLen = DRV_IPSEC_SHA256_DIG_LEN;
dpdOpId = DPD_IPSEC_AES_CBC_ENCRYPT_SHA256_APAD;
break;
#endif
case DRV_IPSEC_AES_HMAC_MD5_DECRYPT: /* DES + MD5 */
hashLen = DRV_IPSEC_MD5_DIG_LEN;
dpdOpId = DPD_IPSEC_AES_CBC_DECRYPT_MD5_APAD;
break;
case DRV_IPSEC_AES_HMAC_SHA_DECRYPT: /* DES + SHA1 */
hashLen = DRV_IPSEC_SHA_DIG_LEN;
dpdOpId = DPD_IPSEC_AES_CBC_DECRYPT_SHA_APAD;
break;
#if 0
case DRV_IPSEC_AES_HMA⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -