📄 ipsec_xform.c
字号:
(__u32)ntohl(*(((__u32 *)ed->ame_key)+2)), (__u32)ntohl(*(((__u32 *)ed->ame_key)+3))); tdbp->tdb_key_bits_a = ed->ame_klen; tdbp->tdb_auth_bits = ed->ame_alen * 8; if(ed->ame_ooowin > 64) { KLIPS_PRINT(debug_ah, "klips_debug:tdb_init: " "replay window size: %d -- must be 0 <= size <= 64\n", ed->ame_ooowin); SENDERR(EINVAL); } tdbp->tdb_replaywin = ed->ame_ooowin; tdbp->tdb_replaywin_lastseq = tdbp->tdb_replaywin_bitmap = 0; if((tdbp->tdb_key_a = (caddr_t) kmalloc((tdbp->tdb_key_a_size = sizeof(struct md5_ctx)), GFP_ATOMIC)) == NULL) { SENDERR(ENOMEM); } for (i = 0; i < ed->ame_klen; i++) { kb[i] = ed->ame_key[i] ^ HMAC_IPAD; } for (; i < AHMD596_BLKLEN; i++) { kb[i] = HMAC_IPAD; } ictx = &(((struct md5_ctx*)(tdbp->tdb_key_a))->ictx); MD5Init(ictx); MD5Update(ictx, kb, AHMD596_BLKLEN); for (i = 0; i < AHMD596_BLKLEN; i++) kb[i] ^= (HMAC_IPAD ^ HMAC_OPAD); octx = &(((struct md5_ctx*)(tdbp->tdb_key_a))->octx); MD5Init(octx); MD5Update(octx, kb, AHMD596_BLKLEN); KLIPS_PRINT(debug_ah, "klips_debug:tdb_init: " "MD5 ictx=0x%08x %08x %08x %08x octx=0x%08x %08x %08x %08x\n", ((__u32*)ictx)[0], ((__u32*)ictx)[1], ((__u32*)ictx)[2], ((__u32*)ictx)[3], ((__u32*)octx)[0], ((__u32*)octx)[1], ((__u32*)octx)[2], ((__u32*)octx)[3] ); /* zero key buffer -- paranoid */ memset(kb, 0, sizeof(kb)); memset((caddr_t)&(ed->ame_key), 0, ed->ame_klen); } break;# endif /* CONFIG_IPSEC_AUTH_HMAC_MD5 */# ifdef CONFIG_IPSEC_AUTH_HMAC_SHA1 case XF_AHHMACSHA1: { struct ahhmacsha1_edata *ed; unsigned char kb[AHSHA196_BLKLEN]; SHA1_CTX *ictx; SHA1_CTX *octx; ed = (struct ahhmacsha1_edata *)em->em_dat; tdbp->tdb_authalg = AH_SHA; tdbp->tdb_encalg = ESP_NONE; if (em->em_msglen - EMT_SETSPI_FLEN > sizeof (struct ahhmacsha1_edata)) SENDERR(EINVAL); if (ed->ame_klen != AHSHA196_KLEN) { KLIPS_PRINT(debug_ah, "klips_debug:tdb_init: " "incorrect key size: %d -- must be %d octets (bytes)\n", ed->ame_klen, AHSHA196_KLEN); SENDERR(EINVAL); } if (ed->ame_alen != AHSHA196_ALEN) { KLIPS_PRINT(debug_ah, "klips_debug:tdb_init: " "authenticator size: %d -- must be %d octets (bytes)\n", ed->ame_alen, AHSHA196_ALEN); SENDERR(EINVAL); } KLIPS_PRINT(debug_ah, "klips_debug:tdb_init: " "hmac sha1-96 key is 0x%08x %08x %08x %08x\n", (__u32)ntohl(*(((__u32 *)ed->ame_key)+0)), (__u32)ntohl(*(((__u32 *)ed->ame_key)+1)), (__u32)ntohl(*(((__u32 *)ed->ame_key)+2)), (__u32)ntohl(*(((__u32 *)ed->ame_key)+3))); tdbp->tdb_key_bits_a = ed->ame_klen; tdbp->tdb_auth_bits = ed->ame_alen * 8; if(ed->ame_ooowin > 64) { KLIPS_PRINT(debug_ah, "klips_debug:tdb_init: " "replay window size: %d -- must be 0 <= size <= 64\n", ed->ame_ooowin); SENDERR(EINVAL); } tdbp->tdb_replaywin = ed->ame_ooowin; tdbp->tdb_replaywin_lastseq = tdbp->tdb_replaywin_bitmap = 0; if((tdbp->tdb_key_a = (caddr_t) kmalloc((tdbp->tdb_key_a_size = (__u16)sizeof(struct sha1_ctx)), GFP_ATOMIC)) == NULL) { SENDERR(ENOMEM); } for (i = 0; i < ed->ame_klen; i++) kb[i] = ed->ame_key[i] ^ HMAC_IPAD; for (; i < AHSHA196_BLKLEN; i++) kb[i] = HMAC_IPAD; ictx = &(((struct sha1_ctx*)(tdbp->tdb_key_a))->ictx); SHA1Init(ictx); SHA1Update(ictx, kb, AHSHA196_BLKLEN); for (i = 0; i < AHSHA196_BLKLEN; i++) kb[i] ^= (HMAC_IPAD ^ HMAC_OPAD); octx = &(((struct sha1_ctx*)(tdbp->tdb_key_a))->octx); SHA1Init(octx); SHA1Update(octx, kb, AHSHA196_BLKLEN); KLIPS_PRINT(debug_ah, "klips_debug:tdb_init: " "SHA1 ictx=0x%08x %08x %08x %08x octx=0x%08x %08x %08x %08x\n", ((__u32*)ictx)[0], ((__u32*)ictx)[1], ((__u32*)ictx)[2], ((__u32*)ictx)[3], ((__u32*)octx)[0], ((__u32*)octx)[1], ((__u32*)octx)[2], ((__u32*)octx)[3] ); /* zero key buffer -- paranoid */ memset(kb, 0, sizeof(kb)); memset((caddr_t)&(ed->ame_key), 0, ed->ame_klen); } break;# endif /* CONFIG_IPSEC_AUTH_HMAC_SHA1 */#endif /* CONFIG_IPSEC_AH */#ifdef CONFIG_IPSEC_ESP#ifdef CONFIG_IPSEC_ENC_3DES case XF_ESP3DES:#ifdef CONFIG_IPSEC_AUTH_HMAC_MD5 case XF_ESP3DESMD596:#endif /* CONFIG_IPSEC_AUTH_HMAC_MD5 */#ifdef CONFIG_IPSEC_AUTH_HMAC_SHA1 case XF_ESP3DESSHA196:#endif /* CONFIG_IPSEC_AUTH_HMAC_SHA1 */#endif /* CONFIG_IPSEC_ENC_3DES */ { struct espblkrply_edata *ed; unsigned char kb[AHMD596_BLKLEN]; ed = (struct espblkrply_edata *)em->em_dat; KLIPS_PRINT(debug_esp, "klips_debug:tdb_init: " "netlink data:" " eklen=%d" " aklen=%d" " flags=%d" " ooowin=%d.\n", ed->eme_klen, ed->ame_klen, ed->eme_flags, ed->eme_ooowin); if(ed->eme_ooowin > 64) { KLIPS_PRINT(debug_esp, "klips_debug:tdb_init: " "replay window size: %d -- must be 0 <= size <= 64\n", ed->eme_ooowin); SENDERR(EINVAL); } tdbp->tdb_replaywin = ed->eme_ooowin; switch(alg) { case XF_ESP3DES: case XF_ESP3DESMD596: case XF_ESP3DESSHA196: if((tdbp->tdb_iv = (caddr_t) kmalloc((tdbp->tdb_iv_size = EMT_ESPDES_IV_SZ), GFP_ATOMIC)) == NULL) { SENDERR(ENOMEM); } get_random_bytes((void *)tdbp->tdb_iv, EMT_ESPDES_IV_SZ); tdbp->tdb_iv_bits = tdbp->tdb_iv_size * 8; break; default: } switch(alg) {#ifdef CONFIG_IPSEC_ENC_3DES case XF_ESP3DES: case XF_ESP3DESMD596: case XF_ESP3DESSHA196: tdbp->tdb_encalg = ESP_3DES; if (ed->eme_klen != EMT_ESP3DES_KEY_SZ) { KLIPS_PRINT(debug_esp, "klips_debug:tdb_init: " "incorrect encryption key size: %d -- must be %d octets (bytes)\n", ed->eme_klen, EMT_ESP3DES_KEY_SZ); SENDERR(EINVAL); } tdbp->tdb_key_bits_e = ed->eme_klen; if((tdbp->tdb_key_e = (caddr_t) kmalloc((tdbp->tdb_key_e_size = 3 * sizeof(struct des_eks)), GFP_ATOMIC)) == NULL) { SENDERR(ENOMEM); } for(i = 0; i < 3; i++) {#if 0 KLIPS_PRINT(debug_esp, "klips_debug:tdb_init: " "3des key %d/3 is 0x%08lx%08lx\n", i + 1, ntohl(*((__u32 *)ed->eme_key + i * 2)), ntohl(*((__u32 *)ed->eme_key + i * 2 + 1)));#endif error = des_set_key((caddr_t)(ed->eme_key) + EMT_ESPDES_KEY_SZ * i, (caddr_t)&((struct des_eks*)(tdbp->tdb_key_e))[i]); if (error == -1) printk("klips_debug:tdb_init: " "parity error in des key %d/3\n", i + 1); else if (error == -2) printk("klips_debug:tdb_init: " "illegal weak des key %d/3\n", i + 1); if (error) { memset(tdbp->tdb_key_e, 0, 3 * sizeof(struct des_eks)); kfree(tdbp->tdb_key_e); SENDERR(EINVAL); } } break;#endif /* CONFIG_IPSEC_ENC_3DES */ default: tdbp->tdb_encalg = ESP_NULL; } switch(alg) {#ifdef CONFIG_IPSEC_AUTH_HMAC_MD5 case XF_ESP3DESMD596: case XF_ESPNULLMD596: { MD5_CTX *ictx; MD5_CTX *octx; tdbp->tdb_authalg = AH_MD5; if (ed->ame_klen != AHMD596_KLEN) { KLIPS_PRINT(debug_esp, "klips_debug:tdb_init: " "incorrect authorisation key size: %d -- must be %d octets (bytes)\n", ed->ame_klen, AHMD596_KLEN); SENDERR(EINVAL); } tdbp->tdb_key_bits_a = ed->ame_klen; tdbp->tdb_auth_bits = ed->ame_klen * 8; if((tdbp->tdb_key_a = (caddr_t) kmalloc((tdbp->tdb_key_a_size = sizeof(struct md5_ctx)), GFP_ATOMIC)) == NULL) { SENDERR(ENOMEM); } KLIPS_PRINT(debug_esp, "klips_debug:tdb_init: " "hmac md5-96 key is 0x%08x %08x %08x %08x\n", (__u32)ntohl(*(((__u32 *)ed->ame_key)+0)), (__u32)ntohl(*(((__u32 *)ed->ame_key)+1)), (__u32)ntohl(*(((__u32 *)ed->ame_key)+2)), (__u32)ntohl(*(((__u32 *)ed->ame_key)+3))); for (i=0; i< AHMD596_KLEN; i++) kb[i] = (*(((unsigned char *)(ed->ame_key)) + i)) ^ HMAC_IPAD; /* * HMAC_key is now contained in the first 128 bits of kb. * Pad with zeroes and XOR with HMAC_IPAD to create the inner context */ for (; i<AHMD596_BLKLEN; i++) { kb[i] = HMAC_IPAD; } ictx = &(((struct md5_ctx*)(tdbp->tdb_key_a))->ictx); MD5Init(ictx); MD5Update(ictx, kb, AHMD596_BLKLEN); for (i=0; i<AHMD596_BLKLEN; i++) { kb[i] ^= (HMAC_IPAD ^ HMAC_OPAD); } octx = &(((struct md5_ctx*)(tdbp->tdb_key_a))->octx); MD5Init(octx); MD5Update(octx, kb, AHMD596_BLKLEN); KLIPS_PRINT(debug_esp, "klips_debug:tdb_init: " "MD5 ictx=0x%08x %08x %08x %08x octx=0x%08x %08x %08x %08x\n", ((__u32*)ictx)[0], ((__u32*)ictx)[1], ((__u32*)ictx)[2], ((__u32*)ictx)[3], ((__u32*)octx)[0], ((__u32*)octx)[1], ((__u32*)octx)[2], ((__u32*)octx)[3] ); memset(kb, 0, sizeof(kb)); /* paranoid */ memset((caddr_t)&(ed->eme_key), 0, ed->eme_klen); memset((caddr_t)&(ed->ame_key), 0, ed->ame_klen); break; }#endif /* CONFIG_IPSEC_AUTH_HMAC_MD5 */#ifdef CONFIG_IPSEC_AUTH_HMAC_SHA1 case XF_ESPNULLSHA196: case XF_ESP3DESSHA196: { SHA1_CTX *ictx; SHA1_CTX *octx; tdbp->tdb_authalg = AH_SHA; if (ed->ame_klen != AHSHA196_KLEN) { KLIPS_PRINT(debug_esp, "klips_debug:tdb_init: " "incorrect authorisation key size: %d -- must be %d octets (bytes)\n", ed->ame_klen, AHSHA196_KLEN); SENDERR(EINVAL); } tdbp->tdb_key_bits_a = ed->ame_klen; tdbp->tdb_auth_bits = ed->ame_klen * 8; if((tdbp->tdb_key_a = (caddr_t) kmalloc((tdbp->tdb_key_a_size = sizeof(struct sha1_ctx)), GFP_ATOMIC)) == NULL) { SENDERR(ENOMEM); } KLIPS_PRINT(debug_esp, "klips_debug:tdb_init: " "hmac sha1-96 key is 0x%08x %08x %08x %08x\n", (__u32)ntohl(*(((__u32 *)ed->ame_key)+0)), (__u32)ntohl(*(((__u32 *)ed->ame_key)+1)), (__u32)ntohl(*(((__u32 *)ed->ame_key)+2)), (__u32)ntohl(*(((__u32 *)ed->ame_key)+3))); for (i=0; i< AHSHA196_KLEN; i++) kb[i] = (*(((unsigned char *)(ed->ame_key)) + i)) ^ HMAC_IPAD; /* * HMAC_key is now contained in the first 128 bits of kb. * Pad with zeroes and XOR with HMAC_IPAD to create the inner context */ for (; i<AHSHA196_BLKLEN; i++) kb[i] = HMAC_IPAD; ictx = &(((struct sha1_ctx*)(tdbp->tdb_key_a))->ictx); SHA1Init(ictx); SHA1Update(ictx, kb, AHSHA196_BLKLEN); for (i=0; i<AHSHA196_BLKLEN; i++) kb[i] ^= (HMAC_IPAD ^ HMAC_OPAD); octx = &(((struct sha1_ctx*)(tdbp->tdb_key_a))->octx); SHA1Init(octx); SHA1Update(octx, kb, AHSHA196_BLKLEN); KLIPS_PRINT(debug_esp, "klips_debug:tdb_init: " "SHA1 ictx=0x%08x %08x %08x %08x octx=0x%08x %08x %08x %08x\n", ((__u32*)ictx)[0], ((__u32*)ictx)[1], ((__u32*)ictx)[2], ((__u32*)ictx)[3], ((__u32*)octx)[0], ((__u32*)octx)[1], ((__u32*)octx)[2], ((__u32*)octx)[3] ); memset(kb, 0, sizeof(kb)); /* paranoid */ memset((caddr_t)&(ed->eme_key), 0, ed->eme_klen); memset((caddr_t)&(ed->ame_key), 0, ed->ame_klen); break; }#endif /* CONFIG_IPSEC_AUTH_HMAC_SHA1 */ case XF_ESP3DES: tdbp->tdb_authalg = AH_NONE; break; default: } } break;#endif /* !CONFIG_IPSEC_ESP */ default: KLIPS_PRINT(debug_xform, "klips_debug:tdb_init: " "alg=%d not configured\n", alg); SENDERR(ESOCKTNOSUPPORT);⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -