Changeset View
Changeset View
Standalone View
Standalone View
head/sys/netipsec/xform_esp.c
| Show First 20 Lines • Show All 88 Lines • ▼ Show 20 Lines | |||||
| SYSCTL_DECL(_net_inet_esp); | SYSCTL_DECL(_net_inet_esp); | ||||
| SYSCTL_INT(_net_inet_esp, OID_AUTO, esp_enable, | SYSCTL_INT(_net_inet_esp, OID_AUTO, esp_enable, | ||||
| CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(esp_enable), 0, ""); | CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(esp_enable), 0, ""); | ||||
| SYSCTL_VNET_PCPUSTAT(_net_inet_esp, IPSECCTL_STATS, stats, | SYSCTL_VNET_PCPUSTAT(_net_inet_esp, IPSECCTL_STATS, stats, | ||||
| struct espstat, espstat, | struct espstat, espstat, | ||||
| "ESP statistics (struct espstat, netipsec/esp_var.h"); | "ESP statistics (struct espstat, netipsec/esp_var.h"); | ||||
| static struct timeval deswarn, blfwarn, castwarn, camelliawarn, tdeswarn; | |||||
| static int esp_input_cb(struct cryptop *op); | static int esp_input_cb(struct cryptop *op); | ||||
| static int esp_output_cb(struct cryptop *crp); | static int esp_output_cb(struct cryptop *crp); | ||||
| size_t | size_t | ||||
| esp_hdrsiz(struct secasvar *sav) | esp_hdrsiz(struct secasvar *sav) | ||||
| { | { | ||||
| size_t size; | size_t size; | ||||
| ▲ Show 20 Lines • Show All 45 Lines • ▼ Show 20 Lines | DPRINTF(("%s: no encoding key for %s algorithm\n", | ||||
| __func__, txform->name)); | __func__, txform->name)); | ||||
| return EINVAL; | return EINVAL; | ||||
| } | } | ||||
| if ((sav->flags & (SADB_X_EXT_OLD | SADB_X_EXT_IV4B)) == | if ((sav->flags & (SADB_X_EXT_OLD | SADB_X_EXT_IV4B)) == | ||||
| SADB_X_EXT_IV4B) { | SADB_X_EXT_IV4B) { | ||||
| DPRINTF(("%s: 4-byte IV not supported with protocol\n", | DPRINTF(("%s: 4-byte IV not supported with protocol\n", | ||||
| __func__)); | __func__)); | ||||
| return EINVAL; | return EINVAL; | ||||
| } | |||||
| switch (sav->alg_enc) { | |||||
| case SADB_EALG_DESCBC: | |||||
| if (ratecheck(&deswarn, &ipsec_warn_interval)) | |||||
| gone_in(13, "DES cipher for IPsec"); | |||||
| break; | |||||
| case SADB_EALG_3DESCBC: | |||||
| if (ratecheck(&tdeswarn, &ipsec_warn_interval)) | |||||
| gone_in(13, "3DES cipher for IPsec"); | |||||
| break; | |||||
| case SADB_X_EALG_BLOWFISHCBC: | |||||
| if (ratecheck(&blfwarn, &ipsec_warn_interval)) | |||||
| gone_in(13, "Blowfish cipher for IPsec"); | |||||
| break; | |||||
| case SADB_X_EALG_CAST128CBC: | |||||
| if (ratecheck(&castwarn, &ipsec_warn_interval)) | |||||
| gone_in(13, "CAST cipher for IPsec"); | |||||
| break; | |||||
| case SADB_X_EALG_CAMELLIACBC: | |||||
| if (ratecheck(&camelliawarn, &ipsec_warn_interval)) | |||||
| gone_in(13, "Camellia cipher for IPsec"); | |||||
| break; | |||||
| } | } | ||||
| /* subtract off the salt, RFC4106, 8.1 and RFC3686, 5.1 */ | /* subtract off the salt, RFC4106, 8.1 and RFC3686, 5.1 */ | ||||
| keylen = _KEYLEN(sav->key_enc) - SAV_ISCTRORGCM(sav) * 4; | keylen = _KEYLEN(sav->key_enc) - SAV_ISCTRORGCM(sav) * 4; | ||||
| if (txform->minkey > keylen || keylen > txform->maxkey) { | if (txform->minkey > keylen || keylen > txform->maxkey) { | ||||
| DPRINTF(("%s: invalid key length %u, must be in the range " | DPRINTF(("%s: invalid key length %u, must be in the range " | ||||
| "[%u..%u] for algorithm %s\n", __func__, | "[%u..%u] for algorithm %s\n", __func__, | ||||
| keylen, txform->minkey, txform->maxkey, | keylen, txform->minkey, txform->maxkey, | ||||
| ▲ Show 20 Lines • Show All 802 Lines • Show Last 20 Lines | |||||