Differential D14763 Diff 40506 head/sys/netipsec/xform_esp.c

Changeset View

Standalone View

head/sys/netipsec/xform_esp.c

Show First 20 Lines • Show All 391 Lines • ▼ Show 20 Lines	esp_input(struct mbuf m, struct secasvar sav, int skip, int protoff)
crp->crp_sid = cryptoid;		crp->crp_sid = cryptoid;
crp->crp_opaque = (caddr_t) xd;		crp->crp_opaque = (caddr_t) xd;

/* These are passed as-is to the callback */		/* These are passed as-is to the callback */
xd->sav = sav;		xd->sav = sav;
xd->protoff = protoff;		xd->protoff = protoff;
xd->skip = skip;		xd->skip = skip;
xd->cryptoid = cryptoid;		xd->cryptoid = cryptoid;
		xd->vnet = curvnet;

/* Decryption descriptor */		/* Decryption descriptor */
IPSEC_ASSERT(crde != NULL, ("null esp crypto descriptor"));		IPSEC_ASSERT(crde != NULL, ("null esp crypto descriptor"));
crde->crd_skip = skip + hlen;		crde->crd_skip = skip + hlen;
crde->crd_len = m->m_pkthdr.len - (skip + hlen + alen);		crde->crd_len = m->m_pkthdr.len - (skip + hlen + alen);
crde->crd_inject = skip + hlen - sav->ivlen;		crde->crd_inject = skip + hlen - sav->ivlen;

if (SAV_ISCTRORGCM(sav)) {		if (SAV_ISCTRORGCM(sav)) {
▲ Show 20 Lines • Show All 42 Lines • ▼ Show 20 Lines	esp_input_cb(struct cryptop *crp)
uint64_t cryptoid;		uint64_t cryptoid;
int hlen, skip, protoff, error, alen;		int hlen, skip, protoff, error, alen;

crd = crp->crp_desc;		crd = crp->crp_desc;
IPSEC_ASSERT(crd != NULL, ("null crypto descriptor!"));		IPSEC_ASSERT(crd != NULL, ("null crypto descriptor!"));

m = (struct mbuf *) crp->crp_buf;		m = (struct mbuf *) crp->crp_buf;
xd = (struct xform_data *) crp->crp_opaque;		xd = (struct xform_data *) crp->crp_opaque;
		CURVNET_SET(xd->vnet);
sav = xd->sav;		sav = xd->sav;
skip = xd->skip;		skip = xd->skip;
protoff = xd->protoff;		protoff = xd->protoff;
cryptoid = xd->cryptoid;		cryptoid = xd->cryptoid;
saidx = &sav->sah->saidx;		saidx = &sav->sah->saidx;
esph = sav->tdb_authalgxform;		esph = sav->tdb_authalgxform;

/* Check for crypto errors */		/* Check for crypto errors */
if (crp->crp_etype) {		if (crp->crp_etype) {
if (crp->crp_etype == EAGAIN) {		if (crp->crp_etype == EAGAIN) {
/* Reset the session ID */		/* Reset the session ID */
if (ipsec_updateid(sav, &crp->crp_sid, &cryptoid) != 0)		if (ipsec_updateid(sav, &crp->crp_sid, &cryptoid) != 0)
crypto_freesession(cryptoid);		crypto_freesession(cryptoid);
xd->cryptoid = crp->crp_sid;		xd->cryptoid = crp->crp_sid;
		CURVNET_RESTORE();
return (crypto_dispatch(crp));		return (crypto_dispatch(crp));
}		}
ESPSTAT_INC(esps_noxform);		ESPSTAT_INC(esps_noxform);
DPRINTF(("%s: crypto error %d\n", __func__, crp->crp_etype));		DPRINTF(("%s: crypto error %d\n", __func__, crp->crp_etype));
error = crp->crp_etype;		error = crp->crp_etype;
goto bad;		goto bad;
}		}

▲ Show 20 Lines • Show All 118 Lines • ▼ Show 20 Lines	#ifdef INET
case AF_INET:		case AF_INET:
error = ipsec4_common_input_cb(m, sav, skip, protoff);		error = ipsec4_common_input_cb(m, sav, skip, protoff);
break;		break;
#endif		#endif
default:		default:
panic("%s: Unexpected address family: %d saidx=%p", __func__,		panic("%s: Unexpected address family: %d saidx=%p", __func__,
saidx->dst.sa.sa_family, saidx);		saidx->dst.sa.sa_family, saidx);
}		}
		CURVNET_RESTORE();
return error;		return error;
bad:		bad:
		CURVNET_RESTORE();
if (sav != NULL)		if (sav != NULL)
key_freesav(&sav);		key_freesav(&sav);
if (m != NULL)		if (m != NULL)
m_freem(m);		m_freem(m);
if (xd != NULL)		if (xd != NULL)
free(xd, M_XDATA);		free(xd, M_XDATA);
if (crp != NULL)		if (crp != NULL)
crypto_freereq(crp);		crypto_freereq(crp);
▲ Show 20 Lines • Show All 216 Lines • ▼ Show 20 Lines	if (SAV_ISCTRORGCM(sav)) {
crde->crd_flags \|= CRD_F_IV_EXPLICIT\|CRD_F_IV_PRESENT;		crde->crd_flags \|= CRD_F_IV_EXPLICIT\|CRD_F_IV_PRESENT;
}		}

/* Callback parameters */		/* Callback parameters */
xd->sp = sp;		xd->sp = sp;
xd->sav = sav;		xd->sav = sav;
xd->idx = idx;		xd->idx = idx;
xd->cryptoid = cryptoid;		xd->cryptoid = cryptoid;
		xd->vnet = curvnet;

/* Crypto operation descriptor. */		/* Crypto operation descriptor. */
crp->crp_ilen = m->m_pkthdr.len; /* Total input length. */		crp->crp_ilen = m->m_pkthdr.len; /* Total input length. */
crp->crp_flags = CRYPTO_F_IMBUF \| CRYPTO_F_CBIFSYNC;		crp->crp_flags = CRYPTO_F_IMBUF \| CRYPTO_F_CBIFSYNC;
if (V_async_crypto)		if (V_async_crypto)
crp->crp_flags \|= CRYPTO_F_ASYNC \| CRYPTO_F_ASYNC_KEEPORDER;		crp->crp_flags \|= CRYPTO_F_ASYNC \| CRYPTO_F_ASYNC_KEEPORDER;
crp->crp_buf = (caddr_t) m;		crp->crp_buf = (caddr_t) m;
crp->crp_callback = esp_output_cb;		crp->crp_callback = esp_output_cb;
Show All 29 Lines	esp_output_cb(struct cryptop *crp)
struct secpolicy *sp;		struct secpolicy *sp;
struct secasvar *sav;		struct secasvar *sav;
struct mbuf *m;		struct mbuf *m;
uint64_t cryptoid;		uint64_t cryptoid;
u_int idx;		u_int idx;
int error;		int error;

xd = (struct xform_data *) crp->crp_opaque;		xd = (struct xform_data *) crp->crp_opaque;
		CURVNET_SET(xd->vnet);
m = (struct mbuf *) crp->crp_buf;		m = (struct mbuf *) crp->crp_buf;
sp = xd->sp;		sp = xd->sp;
sav = xd->sav;		sav = xd->sav;
idx = xd->idx;		idx = xd->idx;
cryptoid = xd->cryptoid;		cryptoid = xd->cryptoid;

/* Check for crypto errors. */		/* Check for crypto errors. */
if (crp->crp_etype) {		if (crp->crp_etype) {
if (crp->crp_etype == EAGAIN) {		if (crp->crp_etype == EAGAIN) {
/* Reset the session ID */		/* Reset the session ID */
if (ipsec_updateid(sav, &crp->crp_sid, &cryptoid) != 0)		if (ipsec_updateid(sav, &crp->crp_sid, &cryptoid) != 0)
crypto_freesession(cryptoid);		crypto_freesession(cryptoid);
xd->cryptoid = crp->crp_sid;		xd->cryptoid = crp->crp_sid;
		CURVNET_RESTORE();
return (crypto_dispatch(crp));		return (crypto_dispatch(crp));
}		}
ESPSTAT_INC(esps_noxform);		ESPSTAT_INC(esps_noxform);
DPRINTF(("%s: crypto error %d\n", __func__, crp->crp_etype));		DPRINTF(("%s: crypto error %d\n", __func__, crp->crp_etype));
error = crp->crp_etype;		error = crp->crp_etype;
m_freem(m);		m_freem(m);
goto bad;		goto bad;
}		}
Show All 29 Lines	if (esph != NULL) {
m_copyback(m, m->m_pkthdr.len - alen,		m_copyback(m, m->m_pkthdr.len - alen,
alen, ipseczeroes);		alen, ipseczeroes);
}		}
}		}
#endif		#endif

/* NB: m is reclaimed by ipsec_process_done. */		/* NB: m is reclaimed by ipsec_process_done. */
error = ipsec_process_done(m, sp, sav, idx);		error = ipsec_process_done(m, sp, sav, idx);
		CURVNET_RESTORE();
return (error);		return (error);
bad:		bad:
		CURVNET_RESTORE();
free(xd, M_XDATA);		free(xd, M_XDATA);
crypto_freereq(crp);		crypto_freereq(crp);
key_freesav(&sav);		key_freesav(&sav);
key_freesp(&sp);		key_freesp(&sp);
return (error);		return (error);
}		}

static struct xformsw esp_xformsw = {		static struct xformsw esp_xformsw = {
Show All 12 Lines