From: Ian Jackson Date: Sat, 27 Sep 2014 23:27:19 +0000 (+0100) Subject: transform: Break out SEQNUM_KEYED_FIELDS and SEQNUM_PARAMS_FIELDS X-Git-Tag: base.ipv6-polypath-fixes.v1~31 X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=secnet.git;a=commitdiff_plain;h=35d30aa38d4c9a2af028fd93adcebc6dba3a9a84 transform: Break out SEQNUM_KEYED_FIELDS and SEQNUM_PARAMS_FIELDS And provide initialiser macros SEQNUM_KEYED_INIT and SEQNUM_PARAMS_INIT. No functional change. Signed-off-by: Ian Jackson --- diff --git a/transform-cbcmac.c b/transform-cbcmac.c index 724a59e..02cbd4c 100644 --- a/transform-cbcmac.c +++ b/transform-cbcmac.c @@ -18,8 +18,10 @@ /* Required key length in bytes */ #define REQUIRED_KEYLEN ((512+64+32)/8) +#include "transform-common.h" + struct transform_params { - uint32_t max_seq_skew; + SEQNUM_PARAMS_FIELDS; }; struct transform { @@ -35,13 +37,9 @@ struct transform_inst { struct keyInstance mackey; uint32_t cryptiv; uint32_t maciv; - uint32_t sendseq; - uint32_t lastrecvseq; - bool_t keyed; + SEQNUM_KEYED_FIELDS; }; -#include "transform-common.h" - #define PKCS5_MASK 15 static bool_t transform_setkey(void *sst, uint8_t *key, int32_t keylen, @@ -67,9 +65,8 @@ static bool_t transform_setkey(void *sst, uint8_t *key, int32_t keylen, serpentbe_makekey(&ti->mackey,256,key+32); ti->cryptiv=get_uint32(key+64); ti->maciv=get_uint32(key+68); - ti->sendseq=get_uint32(key+72); - ti->lastrecvseq=ti->sendseq; - ti->keyed=True; + uint32_t firstseq=get_uint32(key+72); + SEQNUM_KEYED_INIT(firstseq,firstseq); return True; } @@ -234,7 +231,7 @@ static uint32_t transform_reverse(void *sst, struct buffer_if *buf, /* Sequence number must be within max_skew of lastrecvseq; lastrecvseq is only allowed to increase. */ seqnum=buf_unprepend_uint32(buf); - SEQNUM_CHECK(seqnum, ti->p.max_seq_skew); + SEQNUM_CHECK(seqnum, &ti->p); return 0; } @@ -279,8 +276,8 @@ static list_t *transform_apply(closure_t *self, struct cloc loc, cfgfatal(loc,"userv-ipif","parameter must be a dictionary\n"); dict=item->data.dict; - st->p.max_seq_skew=dict_read_number(dict, "max-sequence-skew", - False, "serpent-cbc256", loc, 10); + + SEQNUM_PARAMS_INIT(dict,&st->p,"serpent-cbc256",loc); SET_CAPAB_TRANSFORMNUM(CAPAB_TRANSFORMNUM_SERPENT256CBC); diff --git a/transform-common.h b/transform-common.h index 24ab8dc..496ea46 100644 --- a/transform-common.h +++ b/transform-common.h @@ -11,20 +11,30 @@ } \ }while(0) -#define SEQNUM_CHECK(seqnum, max_skew) do{ \ - uint32_t skew=seqnum-ti->lastrecvseq; \ - if (skew<0x8fffffff) { \ - /* Ok */ \ - ti->lastrecvseq=seqnum; \ - } else if ((0-skew)lastrecvseq; \ + if (skew<0x8fffffff) { \ + /* Ok */ \ + ti->lastrecvseq=seqnum; \ + } else if ((0-skew)<(p)->max_seq_skew) { \ + /* Ok */ \ + } else { \ + /* Too much skew */ \ + *errmsg="seqnum: too much skew"; \ + return 2; \ + } \ }while(0) +#define SEQNUM_KEYED_FIELDS \ + uint32_t sendseq; \ + uint32_t lastrecvseq; \ + bool_t keyed + +#define SEQNUM_KEYED_INIT(initlastrecvseq,initsendseq) \ + (ti->lastrecvseq=(initlastrecvseq), \ + ti->sendseq=(initsendseq), \ + ti->keyed=True) + #define TRANSFORM_VALID \ static bool_t transform_valid(void *sst) \ { \ @@ -44,7 +54,7 @@ #define SET_CAPAB_TRANSFORMNUM(def) do{ \ st->ops.capab_transformnum=dict_read_number(dict, "capab-num", \ - False, "transform", loc, def); \ + False, "transform", loc, (def)); \ if (st->ops.capab_transformnum > CAPAB_TRANSFORMNUM_MAX) \ cfgfatal(loc,"transform","capab-num out of range 0..%d\n", \ CAPAB_TRANSFORMNUM_MAX); \ @@ -63,4 +73,12 @@ ti->ops.destroy=transform_destroy; \ ti->keyed=False; +#define SEQNUM_PARAMS_FIELDS \ + uint32_t max_seq_skew + +#define SEQNUM_PARAMS_INIT(dict,p,desc,loc) \ + (p)->max_seq_skew=dict_read_number((dict), "max-sequence-skew", \ + False, (desc), (loc), 10); + + #endif /*TRANSFORM_COMMON_H*/ diff --git a/transform-eax.c b/transform-eax.c index 46dc879..d1ff1be 100644 --- a/transform-eax.c +++ b/transform-eax.c @@ -55,7 +55,8 @@ #define SEQLEN 4 struct transform_params { - uint32_t max_seq_skew, tag_length, padding_mask; + SEQNUM_PARAMS_FIELDS; + uint32_t tag_length, padding_mask; }; struct transform { @@ -67,11 +68,9 @@ struct transform { struct transform_inst { struct transform_inst_if ops; struct transform_params p; - unsigned keyed:1; /* remaining valid iff keyed */ unsigned direction:1; - uint32_t sendseq; - uint32_t lastrecvseq; + SEQNUM_KEYED_FIELDS; struct keyInstance key; uint8_t info_b[BLOCK_SIZE], info_p[BLOCK_SIZE]; }; @@ -127,11 +126,10 @@ static bool_t transform_setkey(void *sst, uint8_t *key, int32_t keylen, TEAX_DEBUG(hash_out+32,8); ti->direction=direction; - ti->sendseq=get_uint32(hash_out+32+direction*4); - ti->lastrecvseq=get_uint32(hash_out+32+!direction*4); serpent_makekey(&ti->key, 32*8, hash_out); eax_setup(ti); - ti->keyed=True; + SEQNUM_KEYED_INIT(get_uint32(hash_out+32+!direction*4), + get_uint32(hash_out+32+direction*4)); return True; } @@ -231,7 +229,7 @@ static uint32_t transform_reverse(void *sst, struct buffer_if *buf, size_t padlen = *padp; if (!buf_unappend(buf,padlen-1)) goto too_short; - SEQNUM_CHECK(seqnum, ti->p.max_seq_skew); + SEQNUM_CHECK(seqnum, &ti->p); TEAX_DEBUG(buf->start,buf->size); @@ -275,8 +273,7 @@ static list_t *transform_apply(closure_t *self, struct cloc loc, SET_CAPAB_TRANSFORMNUM(CAPAB_TRANSFORMNUM_EAXSERPENT); - st->p.max_seq_skew=dict_read_number(dict, "max-sequence-skew", - False, "eax-serpent", loc, 10); + SEQNUM_PARAMS_INIT(dict,&st->p,"eax-serpent",loc); st->p.tag_length=dict_read_number(dict, "tag-length-bytes", False, "eax-serpent", loc, 128/8);