From 92a7d254975db245c3320855515bffc1aebda9e4 Mon Sep 17 00:00:00 2001
From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Thu, 25 Jul 2013 18:30:49 +0100
Subject: [PATCH] transform: split out transform-common.h

To avoid too much duplication, some boilerplate and helpful code from
transport.c is now brought out into macros in transport-common.h.

It will be reused in the later commits introducing the EAX transform.

Also, rename transform.c to transform-cbcmac.c, etc.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
---
 Makefile.in                       |  3 +-
 README                            |  2 +-
 modules.c                         |  2 +-
 secnet.h                          |  2 +-
 transform.c => transform-cbcmac.c | 55 ++++++------------------------
 transform-common.h                | 56 +++++++++++++++++++++++++++++++
 6 files changed, 71 insertions(+), 49 deletions(-)
 rename transform.c => transform-cbcmac.c (89%)
 create mode 100644 transform-common.h

diff --git a/Makefile.in b/Makefile.in
index 3f15f01..401fbb8 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -53,7 +53,8 @@ mandir:=@mandir@
 TARGETS:=secnet
 
 OBJECTS:=secnet.o util.o conffile.yy.o conffile.tab.o conffile.o modules.o \
-	resolver.o random.o udp.o site.o transform.o netlink.o rsa.o dh.o \
+	resolver.o random.o udp.o site.o transform-cbcmac.o \
+	netlink.o rsa.o dh.o \
 	serpentbe.o md5.o version.o tun.o slip.o sha1.o ipaddr.o log.o \
 	process.o @LIBOBJS@ \
 	hackypar.o
diff --git a/README b/README
index 84bb392..93730e9 100644
--- a/README
+++ b/README
@@ -336,7 +336,7 @@ setup but more relaxed about using old keys.  These are noted with
 "mobile:", above, and apply whether the mobile peer is local or
 remote.
 
-** transform
+** transform-cbcmac
 
 Defines:
   serpent256-cbc (closure => transform closure)
diff --git a/modules.c b/modules.c
index 9b94e25..0290cd4 100644
--- a/modules.c
+++ b/modules.c
@@ -7,7 +7,7 @@ void init_builtin_modules(dict_t *dict)
     udp_module(dict);
     util_module(dict);
     site_module(dict);
-    transform_module(dict);
+    transform_cbcmac_module(dict);
     netlink_module(dict);
     rsa_module(dict);
     dh_module(dict);
diff --git a/secnet.h b/secnet.h
index 037ef80..dbca664 100644
--- a/secnet.h
+++ b/secnet.h
@@ -217,7 +217,7 @@ extern init_module random_module;
 extern init_module udp_module;
 extern init_module util_module;
 extern init_module site_module;
-extern init_module transform_module;
+extern init_module transform_cbcmac_module;
 extern init_module netlink_module;
 extern init_module rsa_module;
 extern init_module dh_module;
diff --git a/transform.c b/transform-cbcmac.c
similarity index 89%
rename from transform.c
rename to transform-cbcmac.c
index 281e667..1e8a5e9 100644
--- a/transform.c
+++ b/transform-cbcmac.c
@@ -36,6 +36,8 @@ struct transform_inst {
     bool_t keyed;
 };
 
+#include "transform-common.h"
+
 #define PKCS5_MASK 15
 
 static bool_t transform_setkey(void *sst, uint8_t *key, int32_t keylen)
@@ -67,12 +69,7 @@ static bool_t transform_setkey(void *sst, uint8_t *key, int32_t keylen)
     return True;
 }
 
-static bool_t transform_valid(void *sst)
-{
-    struct transform_inst *ti=sst;
-
-    return ti->keyed;
-}
+TRANSFORM_VALID;
 
 static void transform_delkey(void *sst)
 {
@@ -95,10 +92,7 @@ static uint32_t transform_forward(void *sst, struct buffer_if *buf,
     uint8_t *p, *n;
     int i;
 
-    if (!ti->keyed) {
-	*errmsg="transform unkeyed";
-	return 1;
-    }
+    KEYED_CHECK;
 
     /* Sequence number */
     buf_prepend_uint32(buf,ti->sendseq);
@@ -164,7 +158,7 @@ static uint32_t transform_reverse(void *sst, struct buffer_if *buf,
     uint8_t *padp;
     int padlen;
     int i;
-    uint32_t seqnum, skew;
+    uint32_t seqnum;
     uint8_t iv[16];
     uint8_t pct[16];
     uint8_t macplain[16];
@@ -172,10 +166,7 @@ static uint32_t transform_reverse(void *sst, struct buffer_if *buf,
     uint8_t *n;
     uint8_t *macexpected;
 
-    if (!ti->keyed) {
-	*errmsg="transform unkeyed";
-	return 1;
-    }
+    KEYED_CHECK;
 
     if (buf->size < 4 + 16 + 16) {
 	*errmsg="msg too short";
@@ -238,46 +229,20 @@ static uint32_t transform_reverse(void *sst, struct buffer_if *buf,
     /* Sequence number must be within max_skew of lastrecvseq; lastrecvseq
        is only allowed to increase. */
     seqnum=buf_unprepend_uint32(buf);
-    skew=seqnum-ti->lastrecvseq;
-    if (skew<0x8fffffff) {
-	/* Ok */
-	ti->lastrecvseq=seqnum;
-    } else if ((0-skew)<ti->max_skew) {
-	/* Ok */
-    } else {
-	/* Too much skew */
-	*errmsg="seqnum: too much skew";
-	return 2;
-    }
+    SEQNUM_CHECK(seqnum, ti->max_skew);
     
     return 0;
 }
 
-static void transform_destroy(void *sst)
-{
-    struct transform_inst *st=sst;
-
-    FILLZERO(*st); /* Destroy key material */
-    free(st);
-}
+TRANSFORM_DESTROY;
 
 static struct transform_inst_if *transform_create(void *sst)
 {
-    struct transform_inst *ti;
     struct transform *st=sst;
 
-    ti=safe_malloc(sizeof(*ti),"transform_create");
-    /* mlock XXX */
+    TRANSFORM_CREATE_CORE;
 
-    ti->ops.st=ti;
-    ti->ops.setkey=transform_setkey;
-    ti->ops.valid=transform_valid;
-    ti->ops.delkey=transform_delkey;
-    ti->ops.forwards=transform_forward;
-    ti->ops.reverse=transform_reverse;
-    ti->ops.destroy=transform_destroy;
     ti->max_skew=st->max_seq_skew;
-    ti->keyed=False;
 
     return &ti->ops;
 }
@@ -316,7 +281,7 @@ static list_t *transform_apply(closure_t *self, struct cloc loc,
     return new_closure(&st->cl);
 }
 
-void transform_module(dict_t *dict)
+void transform_cbcmac_module(dict_t *dict)
 {
     struct keyInstance k;
     uint8_t data[32];
diff --git a/transform-common.h b/transform-common.h
new file mode 100644
index 0000000..b3c70a8
--- /dev/null
+++ b/transform-common.h
@@ -0,0 +1,56 @@
+
+#ifndef TRANSFORM_COMMON_H
+#define TRANSFORM_COMMON_H
+
+#define KEYED_CHECK do{				\
+	if (!ti->keyed) {			\
+	    *errmsg="transform unkeyed";	\
+	    return 1;				\
+	}					\
+    }while(0)
+
+#define SEQNUM_CHECK(seqnum, max_skew) do{	\
+	uint32_t skew=seqnum-ti->lastrecvseq;	\
+	if (skew<0x8fffffff) {			\
+	    /* Ok */				\
+	    ti->lastrecvseq=seqnum;		\
+	} else if ((0-skew)<max_skew) {	\
+	    /* Ok */				\
+	} else {				\
+	    /* Too much skew */			\
+	    *errmsg="seqnum: too much skew";	\
+	    return 2;				\
+	}					\
+    }while(0)
+
+#define TRANSFORM_VALID				\
+    static bool_t transform_valid(void *sst)	\
+    {						\
+	struct transform_inst *ti=sst;		\
+						\
+	return ti->keyed;			\
+    }
+
+#define TRANSFORM_DESTROY				\
+    static void transform_destroy(void *sst)		\
+    {							\
+	struct transform_inst *st=sst;			\
+							\
+	FILLZERO(*st); /* Destroy key material */	\
+	free(st);					\
+    }
+
+#define TRANSFORM_CREATE_CORE				\
+	struct transform_inst *ti;			\
+	ti=safe_malloc(sizeof(*ti),"transform_create");	\
+	/* mlock XXX */					\
+	ti->ops.st=ti;					\
+	ti->ops.setkey=transform_setkey;		\
+	ti->ops.valid=transform_valid;			\
+	ti->ops.delkey=transform_delkey;		\
+	ti->ops.forwards=transform_forward;		\
+	ti->ops.reverse=transform_reverse;		\
+	ti->ops.destroy=transform_destroy;		\
+	ti->keyed=False;
+
+#endif /*TRANSFORM_COMMON_H*/
-- 
2.30.2