Changeset View
Changeset View
Standalone View
Standalone View
head/sys/netipsec/xform_esp.c
Show First 20 Lines • Show All 391 Lines • ▼ Show 20 Lines | esp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff) | ||||
crp->crp_sid = cryptoid; | crp->crp_sid = cryptoid; | ||||
crp->crp_opaque = (caddr_t) xd; | crp->crp_opaque = (caddr_t) xd; | ||||
/* These are passed as-is to the callback */ | /* These are passed as-is to the callback */ | ||||
xd->sav = sav; | xd->sav = sav; | ||||
xd->protoff = protoff; | xd->protoff = protoff; | ||||
xd->skip = skip; | xd->skip = skip; | ||||
xd->cryptoid = cryptoid; | xd->cryptoid = cryptoid; | ||||
xd->vnet = curvnet; | |||||
/* Decryption descriptor */ | /* Decryption descriptor */ | ||||
IPSEC_ASSERT(crde != NULL, ("null esp crypto descriptor")); | IPSEC_ASSERT(crde != NULL, ("null esp crypto descriptor")); | ||||
crde->crd_skip = skip + hlen; | crde->crd_skip = skip + hlen; | ||||
crde->crd_len = m->m_pkthdr.len - (skip + hlen + alen); | crde->crd_len = m->m_pkthdr.len - (skip + hlen + alen); | ||||
crde->crd_inject = skip + hlen - sav->ivlen; | crde->crd_inject = skip + hlen - sav->ivlen; | ||||
if (SAV_ISCTRORGCM(sav)) { | if (SAV_ISCTRORGCM(sav)) { | ||||
▲ Show 20 Lines • Show All 42 Lines • ▼ Show 20 Lines | esp_input_cb(struct cryptop *crp) | ||||
uint64_t cryptoid; | uint64_t cryptoid; | ||||
int hlen, skip, protoff, error, alen; | int hlen, skip, protoff, error, alen; | ||||
crd = crp->crp_desc; | crd = crp->crp_desc; | ||||
IPSEC_ASSERT(crd != NULL, ("null crypto descriptor!")); | IPSEC_ASSERT(crd != NULL, ("null crypto descriptor!")); | ||||
m = (struct mbuf *) crp->crp_buf; | m = (struct mbuf *) crp->crp_buf; | ||||
xd = (struct xform_data *) crp->crp_opaque; | xd = (struct xform_data *) crp->crp_opaque; | ||||
CURVNET_SET(xd->vnet); | |||||
sav = xd->sav; | sav = xd->sav; | ||||
skip = xd->skip; | skip = xd->skip; | ||||
protoff = xd->protoff; | protoff = xd->protoff; | ||||
cryptoid = xd->cryptoid; | cryptoid = xd->cryptoid; | ||||
saidx = &sav->sah->saidx; | saidx = &sav->sah->saidx; | ||||
esph = sav->tdb_authalgxform; | esph = sav->tdb_authalgxform; | ||||
/* Check for crypto errors */ | /* Check for crypto errors */ | ||||
if (crp->crp_etype) { | if (crp->crp_etype) { | ||||
if (crp->crp_etype == EAGAIN) { | if (crp->crp_etype == EAGAIN) { | ||||
/* Reset the session ID */ | /* Reset the session ID */ | ||||
if (ipsec_updateid(sav, &crp->crp_sid, &cryptoid) != 0) | if (ipsec_updateid(sav, &crp->crp_sid, &cryptoid) != 0) | ||||
crypto_freesession(cryptoid); | crypto_freesession(cryptoid); | ||||
xd->cryptoid = crp->crp_sid; | xd->cryptoid = crp->crp_sid; | ||||
CURVNET_RESTORE(); | |||||
return (crypto_dispatch(crp)); | return (crypto_dispatch(crp)); | ||||
} | } | ||||
ESPSTAT_INC(esps_noxform); | ESPSTAT_INC(esps_noxform); | ||||
DPRINTF(("%s: crypto error %d\n", __func__, crp->crp_etype)); | DPRINTF(("%s: crypto error %d\n", __func__, crp->crp_etype)); | ||||
error = crp->crp_etype; | error = crp->crp_etype; | ||||
goto bad; | goto bad; | ||||
} | } | ||||
▲ Show 20 Lines • Show All 118 Lines • ▼ Show 20 Lines | #ifdef INET | ||||
case AF_INET: | case AF_INET: | ||||
error = ipsec4_common_input_cb(m, sav, skip, protoff); | error = ipsec4_common_input_cb(m, sav, skip, protoff); | ||||
break; | break; | ||||
#endif | #endif | ||||
default: | default: | ||||
panic("%s: Unexpected address family: %d saidx=%p", __func__, | panic("%s: Unexpected address family: %d saidx=%p", __func__, | ||||
saidx->dst.sa.sa_family, saidx); | saidx->dst.sa.sa_family, saidx); | ||||
} | } | ||||
CURVNET_RESTORE(); | |||||
return error; | return error; | ||||
bad: | bad: | ||||
CURVNET_RESTORE(); | |||||
if (sav != NULL) | if (sav != NULL) | ||||
key_freesav(&sav); | key_freesav(&sav); | ||||
if (m != NULL) | if (m != NULL) | ||||
m_freem(m); | m_freem(m); | ||||
if (xd != NULL) | if (xd != NULL) | ||||
free(xd, M_XDATA); | free(xd, M_XDATA); | ||||
if (crp != NULL) | if (crp != NULL) | ||||
crypto_freereq(crp); | crypto_freereq(crp); | ||||
▲ Show 20 Lines • Show All 216 Lines • ▼ Show 20 Lines | if (SAV_ISCTRORGCM(sav)) { | ||||
crde->crd_flags |= CRD_F_IV_EXPLICIT|CRD_F_IV_PRESENT; | crde->crd_flags |= CRD_F_IV_EXPLICIT|CRD_F_IV_PRESENT; | ||||
} | } | ||||
/* Callback parameters */ | /* Callback parameters */ | ||||
xd->sp = sp; | xd->sp = sp; | ||||
xd->sav = sav; | xd->sav = sav; | ||||
xd->idx = idx; | xd->idx = idx; | ||||
xd->cryptoid = cryptoid; | xd->cryptoid = cryptoid; | ||||
xd->vnet = curvnet; | |||||
/* Crypto operation descriptor. */ | /* Crypto operation descriptor. */ | ||||
crp->crp_ilen = m->m_pkthdr.len; /* Total input length. */ | crp->crp_ilen = m->m_pkthdr.len; /* Total input length. */ | ||||
crp->crp_flags = CRYPTO_F_IMBUF | CRYPTO_F_CBIFSYNC; | crp->crp_flags = CRYPTO_F_IMBUF | CRYPTO_F_CBIFSYNC; | ||||
if (V_async_crypto) | if (V_async_crypto) | ||||
crp->crp_flags |= CRYPTO_F_ASYNC | CRYPTO_F_ASYNC_KEEPORDER; | crp->crp_flags |= CRYPTO_F_ASYNC | CRYPTO_F_ASYNC_KEEPORDER; | ||||
crp->crp_buf = (caddr_t) m; | crp->crp_buf = (caddr_t) m; | ||||
crp->crp_callback = esp_output_cb; | crp->crp_callback = esp_output_cb; | ||||
Show All 29 Lines | esp_output_cb(struct cryptop *crp) | ||||
struct secpolicy *sp; | struct secpolicy *sp; | ||||
struct secasvar *sav; | struct secasvar *sav; | ||||
struct mbuf *m; | struct mbuf *m; | ||||
uint64_t cryptoid; | uint64_t cryptoid; | ||||
u_int idx; | u_int idx; | ||||
int error; | int error; | ||||
xd = (struct xform_data *) crp->crp_opaque; | xd = (struct xform_data *) crp->crp_opaque; | ||||
CURVNET_SET(xd->vnet); | |||||
m = (struct mbuf *) crp->crp_buf; | m = (struct mbuf *) crp->crp_buf; | ||||
sp = xd->sp; | sp = xd->sp; | ||||
sav = xd->sav; | sav = xd->sav; | ||||
idx = xd->idx; | idx = xd->idx; | ||||
cryptoid = xd->cryptoid; | cryptoid = xd->cryptoid; | ||||
/* Check for crypto errors. */ | /* Check for crypto errors. */ | ||||
if (crp->crp_etype) { | if (crp->crp_etype) { | ||||
if (crp->crp_etype == EAGAIN) { | if (crp->crp_etype == EAGAIN) { | ||||
/* Reset the session ID */ | /* Reset the session ID */ | ||||
if (ipsec_updateid(sav, &crp->crp_sid, &cryptoid) != 0) | if (ipsec_updateid(sav, &crp->crp_sid, &cryptoid) != 0) | ||||
crypto_freesession(cryptoid); | crypto_freesession(cryptoid); | ||||
xd->cryptoid = crp->crp_sid; | xd->cryptoid = crp->crp_sid; | ||||
CURVNET_RESTORE(); | |||||
return (crypto_dispatch(crp)); | return (crypto_dispatch(crp)); | ||||
} | } | ||||
ESPSTAT_INC(esps_noxform); | ESPSTAT_INC(esps_noxform); | ||||
DPRINTF(("%s: crypto error %d\n", __func__, crp->crp_etype)); | DPRINTF(("%s: crypto error %d\n", __func__, crp->crp_etype)); | ||||
error = crp->crp_etype; | error = crp->crp_etype; | ||||
m_freem(m); | m_freem(m); | ||||
goto bad; | goto bad; | ||||
} | } | ||||
Show All 29 Lines | if (esph != NULL) { | ||||
m_copyback(m, m->m_pkthdr.len - alen, | m_copyback(m, m->m_pkthdr.len - alen, | ||||
alen, ipseczeroes); | alen, ipseczeroes); | ||||
} | } | ||||
} | } | ||||
#endif | #endif | ||||
/* NB: m is reclaimed by ipsec_process_done. */ | /* NB: m is reclaimed by ipsec_process_done. */ | ||||
error = ipsec_process_done(m, sp, sav, idx); | error = ipsec_process_done(m, sp, sav, idx); | ||||
CURVNET_RESTORE(); | |||||
return (error); | return (error); | ||||
bad: | bad: | ||||
CURVNET_RESTORE(); | |||||
free(xd, M_XDATA); | free(xd, M_XDATA); | ||||
crypto_freereq(crp); | crypto_freereq(crp); | ||||
key_freesav(&sav); | key_freesav(&sav); | ||||
key_freesp(&sp); | key_freesp(&sp); | ||||
return (error); | return (error); | ||||
} | } | ||||
static struct xformsw esp_xformsw = { | static struct xformsw esp_xformsw = { | ||||
Show All 12 Lines |