chiark / gitweb /
transform: split out transform-common.h
authorIan Jackson <ijackson@chiark.greenend.org.uk>
Thu, 25 Jul 2013 17:30:49 +0000 (18:30 +0100)
committerIan Jackson <ijackson@chiark.greenend.org.uk>
Thu, 25 Jul 2013 17:30:49 +0000 (18:30 +0100)
To avoid too much duplication, some boilerplate and helpful code from
transport.c is now brought out into macros in transport-common.h.

It will be reused in the later commits introducing the EAX transform.

Also, rename transform.c to transform-cbcmac.c, etc.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Makefile.in
README
modules.c
secnet.h
transform-cbcmac.c [moved from transform.c with 89% similarity]
transform-common.h [new file with mode: 0644]

index 3f15f01..401fbb8 100644 (file)
@@ -53,7 +53,8 @@ mandir:=@mandir@
 TARGETS:=secnet
 
 OBJECTS:=secnet.o util.o conffile.yy.o conffile.tab.o conffile.o modules.o \
-       resolver.o random.o udp.o site.o transform.o netlink.o rsa.o dh.o \
+       resolver.o random.o udp.o site.o transform-cbcmac.o \
+       netlink.o rsa.o dh.o \
        serpentbe.o md5.o version.o tun.o slip.o sha1.o ipaddr.o log.o \
        process.o @LIBOBJS@ \
        hackypar.o
diff --git a/README b/README
index 84bb392..93730e9 100644 (file)
--- a/README
+++ b/README
@@ -336,7 +336,7 @@ setup but more relaxed about using old keys.  These are noted with
 "mobile:", above, and apply whether the mobile peer is local or
 remote.
 
-** transform
+** transform-cbcmac
 
 Defines:
   serpent256-cbc (closure => transform closure)
index 9b94e25..0290cd4 100644 (file)
--- a/modules.c
+++ b/modules.c
@@ -7,7 +7,7 @@ void init_builtin_modules(dict_t *dict)
     udp_module(dict);
     util_module(dict);
     site_module(dict);
-    transform_module(dict);
+    transform_cbcmac_module(dict);
     netlink_module(dict);
     rsa_module(dict);
     dh_module(dict);
index 037ef80..dbca664 100644 (file)
--- a/secnet.h
+++ b/secnet.h
@@ -217,7 +217,7 @@ extern init_module random_module;
 extern init_module udp_module;
 extern init_module util_module;
 extern init_module site_module;
-extern init_module transform_module;
+extern init_module transform_cbcmac_module;
 extern init_module netlink_module;
 extern init_module rsa_module;
 extern init_module dh_module;
similarity index 89%
rename from transform.c
rename to transform-cbcmac.c
index 281e667..1e8a5e9 100644 (file)
@@ -36,6 +36,8 @@ struct transform_inst {
     bool_t keyed;
 };
 
+#include "transform-common.h"
+
 #define PKCS5_MASK 15
 
 static bool_t transform_setkey(void *sst, uint8_t *key, int32_t keylen)
@@ -67,12 +69,7 @@ static bool_t transform_setkey(void *sst, uint8_t *key, int32_t keylen)
     return True;
 }
 
-static bool_t transform_valid(void *sst)
-{
-    struct transform_inst *ti=sst;
-
-    return ti->keyed;
-}
+TRANSFORM_VALID;
 
 static void transform_delkey(void *sst)
 {
@@ -95,10 +92,7 @@ static uint32_t transform_forward(void *sst, struct buffer_if *buf,
     uint8_t *p, *n;
     int i;
 
-    if (!ti->keyed) {
-       *errmsg="transform unkeyed";
-       return 1;
-    }
+    KEYED_CHECK;
 
     /* Sequence number */
     buf_prepend_uint32(buf,ti->sendseq);
@@ -164,7 +158,7 @@ static uint32_t transform_reverse(void *sst, struct buffer_if *buf,
     uint8_t *padp;
     int padlen;
     int i;
-    uint32_t seqnum, skew;
+    uint32_t seqnum;
     uint8_t iv[16];
     uint8_t pct[16];
     uint8_t macplain[16];
@@ -172,10 +166,7 @@ static uint32_t transform_reverse(void *sst, struct buffer_if *buf,
     uint8_t *n;
     uint8_t *macexpected;
 
-    if (!ti->keyed) {
-       *errmsg="transform unkeyed";
-       return 1;
-    }
+    KEYED_CHECK;
 
     if (buf->size < 4 + 16 + 16) {
        *errmsg="msg too short";
@@ -238,46 +229,20 @@ static uint32_t transform_reverse(void *sst, struct buffer_if *buf,
     /* Sequence number must be within max_skew of lastrecvseq; lastrecvseq
        is only allowed to increase. */
     seqnum=buf_unprepend_uint32(buf);
-    skew=seqnum-ti->lastrecvseq;
-    if (skew<0x8fffffff) {
-       /* Ok */
-       ti->lastrecvseq=seqnum;
-    } else if ((0-skew)<ti->max_skew) {
-       /* Ok */
-    } else {
-       /* Too much skew */
-       *errmsg="seqnum: too much skew";
-       return 2;
-    }
+    SEQNUM_CHECK(seqnum, ti->max_skew);
     
     return 0;
 }
 
-static void transform_destroy(void *sst)
-{
-    struct transform_inst *st=sst;
-
-    FILLZERO(*st); /* Destroy key material */
-    free(st);
-}
+TRANSFORM_DESTROY;
 
 static struct transform_inst_if *transform_create(void *sst)
 {
-    struct transform_inst *ti;
     struct transform *st=sst;
 
-    ti=safe_malloc(sizeof(*ti),"transform_create");
-    /* mlock XXX */
+    TRANSFORM_CREATE_CORE;
 
-    ti->ops.st=ti;
-    ti->ops.setkey=transform_setkey;
-    ti->ops.valid=transform_valid;
-    ti->ops.delkey=transform_delkey;
-    ti->ops.forwards=transform_forward;
-    ti->ops.reverse=transform_reverse;
-    ti->ops.destroy=transform_destroy;
     ti->max_skew=st->max_seq_skew;
-    ti->keyed=False;
 
     return &ti->ops;
 }
@@ -316,7 +281,7 @@ static list_t *transform_apply(closure_t *self, struct cloc loc,
     return new_closure(&st->cl);
 }
 
-void transform_module(dict_t *dict)
+void transform_cbcmac_module(dict_t *dict)
 {
     struct keyInstance k;
     uint8_t data[32];
diff --git a/transform-common.h b/transform-common.h
new file mode 100644 (file)
index 0000000..b3c70a8
--- /dev/null
@@ -0,0 +1,56 @@
+
+#ifndef TRANSFORM_COMMON_H
+#define TRANSFORM_COMMON_H
+
+#define KEYED_CHECK do{                                \
+       if (!ti->keyed) {                       \
+           *errmsg="transform unkeyed";        \
+           return 1;                           \
+       }                                       \
+    }while(0)
+
+#define SEQNUM_CHECK(seqnum, max_skew) do{     \
+       uint32_t skew=seqnum-ti->lastrecvseq;   \
+       if (skew<0x8fffffff) {                  \
+           /* Ok */                            \
+           ti->lastrecvseq=seqnum;             \
+       } else if ((0-skew)<max_skew) { \
+           /* Ok */                            \
+       } else {                                \
+           /* Too much skew */                 \
+           *errmsg="seqnum: too much skew";    \
+           return 2;                           \
+       }                                       \
+    }while(0)
+
+#define TRANSFORM_VALID                                \
+    static bool_t transform_valid(void *sst)   \
+    {                                          \
+       struct transform_inst *ti=sst;          \
+                                               \
+       return ti->keyed;                       \
+    }
+
+#define TRANSFORM_DESTROY                              \
+    static void transform_destroy(void *sst)           \
+    {                                                  \
+       struct transform_inst *st=sst;                  \
+                                                       \
+       FILLZERO(*st); /* Destroy key material */       \
+       free(st);                                       \
+    }
+
+#define TRANSFORM_CREATE_CORE                          \
+       struct transform_inst *ti;                      \
+       ti=safe_malloc(sizeof(*ti),"transform_create"); \
+       /* mlock XXX */                                 \
+       ti->ops.st=ti;                                  \
+       ti->ops.setkey=transform_setkey;                \
+       ti->ops.valid=transform_valid;                  \
+       ti->ops.delkey=transform_delkey;                \
+       ti->ops.forwards=transform_forward;             \
+       ti->ops.reverse=transform_reverse;              \
+       ti->ops.destroy=transform_destroy;              \
+       ti->keyed=False;
+
+#endif /*TRANSFORM_COMMON_H*/