TARGETS:=secnet
OBJECTS:=secnet.o util.o conffile.yy.o conffile.tab.o conffile.o modules.o \
- resolver.o random.o udp.o site.o transform.o netlink.o rsa.o dh.o \
+ resolver.o random.o udp.o site.o transform-cbcmac.o \
+ netlink.o rsa.o dh.o \
serpentbe.o md5.o version.o tun.o slip.o sha1.o ipaddr.o log.o \
process.o @LIBOBJS@ \
hackypar.o
"mobile:", above, and apply whether the mobile peer is local or
remote.
-** transform
+** transform-cbcmac
Defines:
serpent256-cbc (closure => transform closure)
udp_module(dict);
util_module(dict);
site_module(dict);
- transform_module(dict);
+ transform_cbcmac_module(dict);
netlink_module(dict);
rsa_module(dict);
dh_module(dict);
extern init_module udp_module;
extern init_module util_module;
extern init_module site_module;
-extern init_module transform_module;
+extern init_module transform_cbcmac_module;
extern init_module netlink_module;
extern init_module rsa_module;
extern init_module dh_module;
bool_t keyed;
};
+#include "transform-common.h"
+
#define PKCS5_MASK 15
static bool_t transform_setkey(void *sst, uint8_t *key, int32_t keylen)
return True;
}
-static bool_t transform_valid(void *sst)
-{
- struct transform_inst *ti=sst;
-
- return ti->keyed;
-}
+TRANSFORM_VALID;
static void transform_delkey(void *sst)
{
uint8_t *p, *n;
int i;
- if (!ti->keyed) {
- *errmsg="transform unkeyed";
- return 1;
- }
+ KEYED_CHECK;
/* Sequence number */
buf_prepend_uint32(buf,ti->sendseq);
uint8_t *padp;
int padlen;
int i;
- uint32_t seqnum, skew;
+ uint32_t seqnum;
uint8_t iv[16];
uint8_t pct[16];
uint8_t macplain[16];
uint8_t *n;
uint8_t *macexpected;
- if (!ti->keyed) {
- *errmsg="transform unkeyed";
- return 1;
- }
+ KEYED_CHECK;
if (buf->size < 4 + 16 + 16) {
*errmsg="msg too short";
/* Sequence number must be within max_skew of lastrecvseq; lastrecvseq
is only allowed to increase. */
seqnum=buf_unprepend_uint32(buf);
- skew=seqnum-ti->lastrecvseq;
- if (skew<0x8fffffff) {
- /* Ok */
- ti->lastrecvseq=seqnum;
- } else if ((0-skew)<ti->max_skew) {
- /* Ok */
- } else {
- /* Too much skew */
- *errmsg="seqnum: too much skew";
- return 2;
- }
+ SEQNUM_CHECK(seqnum, ti->max_skew);
return 0;
}
-static void transform_destroy(void *sst)
-{
- struct transform_inst *st=sst;
-
- FILLZERO(*st); /* Destroy key material */
- free(st);
-}
+TRANSFORM_DESTROY;
static struct transform_inst_if *transform_create(void *sst)
{
- struct transform_inst *ti;
struct transform *st=sst;
- ti=safe_malloc(sizeof(*ti),"transform_create");
- /* mlock XXX */
+ TRANSFORM_CREATE_CORE;
- ti->ops.st=ti;
- ti->ops.setkey=transform_setkey;
- ti->ops.valid=transform_valid;
- ti->ops.delkey=transform_delkey;
- ti->ops.forwards=transform_forward;
- ti->ops.reverse=transform_reverse;
- ti->ops.destroy=transform_destroy;
ti->max_skew=st->max_seq_skew;
- ti->keyed=False;
return &ti->ops;
}
return new_closure(&st->cl);
}
-void transform_module(dict_t *dict)
+void transform_cbcmac_module(dict_t *dict)
{
struct keyInstance k;
uint8_t data[32];
--- /dev/null
+
+#ifndef TRANSFORM_COMMON_H
+#define TRANSFORM_COMMON_H
+
+#define KEYED_CHECK do{ \
+ if (!ti->keyed) { \
+ *errmsg="transform unkeyed"; \
+ return 1; \
+ } \
+ }while(0)
+
+#define SEQNUM_CHECK(seqnum, max_skew) do{ \
+ uint32_t skew=seqnum-ti->lastrecvseq; \
+ if (skew<0x8fffffff) { \
+ /* Ok */ \
+ ti->lastrecvseq=seqnum; \
+ } else if ((0-skew)<max_skew) { \
+ /* Ok */ \
+ } else { \
+ /* Too much skew */ \
+ *errmsg="seqnum: too much skew"; \
+ return 2; \
+ } \
+ }while(0)
+
+#define TRANSFORM_VALID \
+ static bool_t transform_valid(void *sst) \
+ { \
+ struct transform_inst *ti=sst; \
+ \
+ return ti->keyed; \
+ }
+
+#define TRANSFORM_DESTROY \
+ static void transform_destroy(void *sst) \
+ { \
+ struct transform_inst *st=sst; \
+ \
+ FILLZERO(*st); /* Destroy key material */ \
+ free(st); \
+ }
+
+#define TRANSFORM_CREATE_CORE \
+ struct transform_inst *ti; \
+ ti=safe_malloc(sizeof(*ti),"transform_create"); \
+ /* mlock XXX */ \
+ ti->ops.st=ti; \
+ ti->ops.setkey=transform_setkey; \
+ ti->ops.valid=transform_valid; \
+ ti->ops.delkey=transform_delkey; \
+ ti->ops.forwards=transform_forward; \
+ ti->ops.reverse=transform_reverse; \
+ ti->ops.destroy=transform_destroy; \
+ ti->keyed=False;
+
+#endif /*TRANSFORM_COMMON_H*/