/*
- * Copyright (c) 2008 Apple Inc. All rights reserved.
+ * Copyright (c) 2008-2016 Apple Inc. All rights reserved.
*
* @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- *
+ *
* This file contains Original Code and/or Modifications of Original Code
* as defined in and that are subject to the Apple Public Source License
* Version 2.0 (the 'License'). You may not use this file except in
* unlawful or unlicensed copies of an Apple operating system, or to
* circumvent, violate, or enable the circumvention or violation of, any
* terms of an Apple operating system software license agreement.
- *
+ *
* Please obtain a copy of the License at
* http://www.opensource.apple.com/apsl/ and read it before using this file.
- *
+ *
* The Original Code and all software distributed under the License are
* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
* Please see the License for the specific language governing rights and
* limitations under the License.
- *
+ *
* @APPLE_OSREFERENCE_LICENSE_HEADER_END@
*/
#include <netkey/keydb.h>
#include <libkern/crypto/md5.h>
#include <libkern/crypto/sha1.h>
-#include <crypto/sha2/sha2.h>
+#include <libkern/crypto/sha2.h>
#include <net/net_osdep.h>
static int ah_hmac_sha1_init(struct ah_algorithm_state *, struct secasvar *);
static void ah_hmac_sha1_loop(struct ah_algorithm_state *, caddr_t, size_t);
static void ah_hmac_sha1_result(struct ah_algorithm_state *, caddr_t, size_t);
-#if ALLCRYPTO
+#if AH_ALL_CRYPTO
static int ah_sumsiz_sha2_256(struct secasvar *);
static int ah_hmac_sha2_256_mature(struct secasvar *);
static int ah_hmac_sha2_256_init(struct ah_algorithm_state *,
struct secasvar *);
static void ah_hmac_sha2_512_loop(struct ah_algorithm_state *, caddr_t, size_t);
static void ah_hmac_sha2_512_result(struct ah_algorithm_state *, caddr_t, size_t);
-#endif /* ALLCRYPTO */
+#endif /* AH_ALL_CRYPTO */
static void ah_update_mbuf(struct mbuf *, int, int,
const struct ah_algorithm *, struct ah_algorithm_state *);
const struct ah_algorithm *
-ah_algorithm_lookup(idx)
- int idx;
+ah_algorithm_lookup(int idx)
{
/* checksum algorithms */
static struct ah_algorithm hmac_md5 =
static struct ah_algorithm ah_none =
{ ah_sumsiz_zero, ah_none_mature, 0, 2048, "none",
ah_none_init, ah_none_loop, ah_none_result, };
-#if ALLCRYPTO
+#if AH_ALL_CRYPTO
static struct ah_algorithm hmac_sha2_256 =
{ ah_sumsiz_sha2_256, ah_hmac_sha2_256_mature, 256, 256,
"hmac-sha2-256",
"hmac-sha2-512",
ah_hmac_sha2_512_init, ah_hmac_sha2_512_loop,
ah_hmac_sha2_512_result, };
-#endif /* ALLCRYPTO */
+#endif /* AH_ALL_CRYPTO */
switch (idx) {
case SADB_AALG_MD5HMAC:
return &keyed_sha1;
case SADB_X_AALG_NULL:
return &ah_none;
-#if ALLCRYPTO
+#if AH_ALL_CRYPTO
case SADB_X_AALG_SHA2_256:
return &hmac_sha2_256;
case SADB_X_AALG_SHA2_384:
return &hmac_sha2_384;
case SADB_X_AALG_SHA2_512:
return &hmac_sha2_512;
-#endif /* ALLCRYPTO */
+#endif /* AH_ALL_CRYPTO */
default:
return NULL;
}
static int
-ah_sumsiz_1216(sav)
- struct secasvar *sav;
+ah_sumsiz_1216(struct secasvar *sav)
{
if (!sav)
return -1;
}
static int
-ah_sumsiz_zero(sav)
- struct secasvar *sav;
+ah_sumsiz_zero(struct secasvar *sav)
{
if (!sav)
return -1;
}
static int
-ah_none_mature(sav)
- struct secasvar *sav;
+ah_none_mature(struct secasvar *sav)
{
if (sav->sah->saidx.proto == IPPROTO_AH) {
ipseclog((LOG_ERR,
}
static int
-ah_keyed_md5_init(state, sav)
- struct ah_algorithm_state *state;
- struct secasvar *sav;
+ah_keyed_md5_init(struct ah_algorithm_state *state, struct secasvar *sav)
{
size_t padlen;
size_t keybitlen;
- u_int8_t buf[32];
+ u_int8_t buf[32] __attribute__((aligned(4)));
if (!state)
panic("ah_keyed_md5_init: what?");
}
static void
-ah_keyed_md5_loop(state, addr, len)
- struct ah_algorithm_state *state;
- caddr_t addr;
- size_t len;
+ah_keyed_md5_loop(struct ah_algorithm_state *state, caddr_t addr, size_t len)
{
if (!state)
panic("ah_keyed_md5_loop: what?");
}
static void
-ah_keyed_md5_result(state, addr, l)
- struct ah_algorithm_state *state;
- caddr_t addr;
- size_t l;
+ah_keyed_md5_result(struct ah_algorithm_state *state, caddr_t addr, size_t l)
{
- u_char digest[16];
+ u_char digest[16] __attribute__((aligned(4)));
if (!state)
panic("ah_keyed_md5_result: what?");
}
static int
-ah_keyed_sha1_mature(sav)
- struct secasvar *sav;
+ah_keyed_sha1_mature(struct secasvar *sav)
{
const struct ah_algorithm *algo;
}
static int
-ah_keyed_sha1_init(state, sav)
- struct ah_algorithm_state *state;
- struct secasvar *sav;
+ah_keyed_sha1_init(struct ah_algorithm_state *state, struct secasvar *sav)
{
SHA1_CTX *ctxt;
size_t padlen;
size_t keybitlen;
- u_int8_t buf[32];
+ u_int8_t buf[32] __attribute__((aligned(4)));
if (!state)
panic("ah_keyed_sha1_init: what?");
}
static void
-ah_keyed_sha1_loop(state, addr, len)
- struct ah_algorithm_state *state;
- caddr_t addr;
- size_t len;
+ah_keyed_sha1_loop(struct ah_algorithm_state *state, caddr_t addr, size_t len)
{
SHA1_CTX *ctxt;
}
static void
-ah_keyed_sha1_result(state, addr, l)
- struct ah_algorithm_state *state;
- caddr_t addr;
- size_t l;
+ah_keyed_sha1_result(struct ah_algorithm_state *state, caddr_t addr, size_t l)
{
- u_char digest[SHA1_RESULTLEN]; /* SHA-1 generates 160 bits */
+ u_char digest[SHA1_RESULTLEN] __attribute__((aligned(4))); /* SHA-1 generates 160 bits */
SHA1_CTX *ctxt;
if (!state || !state->foo)
}
static int
-ah_hmac_md5_mature(sav)
- struct secasvar *sav;
+ah_hmac_md5_mature(struct secasvar *sav)
{
const struct ah_algorithm *algo;
}
static int
-ah_hmac_md5_init(state, sav)
- struct ah_algorithm_state *state;
- struct secasvar *sav;
+ah_hmac_md5_init(struct ah_algorithm_state *state, struct secasvar *sav)
{
u_char *ipad;
u_char *opad;
- u_char tk[16];
+ u_char tk[16] __attribute__((aligned(4)));
u_char *key;
size_t keylen;
size_t i;
ipad = (u_char *)state->foo;
opad = (u_char *)(ipad + 64);
- ctxt = (MD5_CTX *)(opad + 64);
+ ctxt = (MD5_CTX *)(void *)(opad + 64);
/* compress the key if necessery */
if (64 < _KEYLEN(state->sav->key_auth)) {
}
static void
-ah_hmac_md5_loop(state, addr, len)
- struct ah_algorithm_state *state;
- caddr_t addr;
- size_t len;
+ah_hmac_md5_loop(struct ah_algorithm_state *state, caddr_t addr, size_t len)
{
MD5_CTX *ctxt;
if (!state || !state->foo)
panic("ah_hmac_md5_loop: what?");
- ctxt = (MD5_CTX *)(((caddr_t)state->foo) + 128);
+ ctxt = (MD5_CTX *)(void *)(((caddr_t)state->foo) + 128);
MD5Update(ctxt, addr, len);
}
static void
-ah_hmac_md5_result(state, addr, l)
- struct ah_algorithm_state *state;
- caddr_t addr;
- size_t l;
+ah_hmac_md5_result(struct ah_algorithm_state *state, caddr_t addr, size_t l)
{
- u_char digest[16];
+ u_char digest[16] __attribute__((aligned(4)));
u_char *ipad;
u_char *opad;
MD5_CTX *ctxt;
ipad = (u_char *)state->foo;
opad = (u_char *)(ipad + 64);
- ctxt = (MD5_CTX *)(opad + 64);
+ ctxt = (MD5_CTX *)(void *)(opad + 64);
MD5Final(&digest[0], ctxt);
}
static int
-ah_hmac_sha1_mature(sav)
- struct secasvar *sav;
+ah_hmac_sha1_mature(struct secasvar *sav)
{
const struct ah_algorithm *algo;
}
static int
-ah_hmac_sha1_init(state, sav)
- struct ah_algorithm_state *state;
- struct secasvar *sav;
+ah_hmac_sha1_init(struct ah_algorithm_state *state, struct secasvar *sav)
{
u_char *ipad;
u_char *opad;
SHA1_CTX *ctxt;
- u_char tk[SHA1_RESULTLEN]; /* SHA-1 generates 160 bits */
+ u_char tk[SHA1_RESULTLEN] __attribute__((aligned(4))); /* SHA-1 generates 160 bits */
u_char *key;
size_t keylen;
size_t i;
ipad = (u_char *)state->foo;
opad = (u_char *)(ipad + 64);
- ctxt = (SHA1_CTX *)(opad + 64);
+ ctxt = (SHA1_CTX *)(void *)(opad + 64);
/* compress the key if necessery */
if (64 < _KEYLEN(state->sav->key_auth)) {
}
static void
-ah_hmac_sha1_loop(state, addr, len)
- struct ah_algorithm_state *state;
- caddr_t addr;
- size_t len;
+ah_hmac_sha1_loop(struct ah_algorithm_state *state, caddr_t addr, size_t len)
{
SHA1_CTX *ctxt;
if (!state || !state->foo)
panic("ah_hmac_sha1_loop: what?");
- ctxt = (SHA1_CTX *)(((u_char *)state->foo) + 128);
+ ctxt = (SHA1_CTX *)(void *)(((u_char *)state->foo) + 128);
SHA1Update(ctxt, (caddr_t)addr, (size_t)len);
}
static void
-ah_hmac_sha1_result(state, addr, l)
- struct ah_algorithm_state *state;
- caddr_t addr;
- size_t l;
+ah_hmac_sha1_result(struct ah_algorithm_state *state, caddr_t addr, size_t l)
{
- u_char digest[SHA1_RESULTLEN]; /* SHA-1 generates 160 bits */
+ u_char digest[SHA1_RESULTLEN] __attribute__((aligned(4))); /* SHA-1 generates 160 bits */
u_char *ipad;
u_char *opad;
SHA1_CTX *ctxt;
ipad = (u_char *)state->foo;
opad = (u_char *)(ipad + 64);
- ctxt = (SHA1_CTX *)(opad + 64);
+ ctxt = (SHA1_CTX *)(void *)(opad + 64);
SHA1Final((caddr_t)&digest[0], ctxt);
FREE(state->foo, M_TEMP);
}
-#if ALLCRYPTO
+#if AH_ALL_CRYPTO
static int
-ah_sumsiz_sha2_256(sav)
- struct secasvar *sav;
+ah_sumsiz_sha2_256(struct secasvar *sav)
{
if (!sav)
return -1;
}
static int
-ah_hmac_sha2_256_mature(sav)
- struct secasvar *sav;
+ah_hmac_sha2_256_mature(struct secasvar *sav)
{
const struct ah_algorithm *algo;
}
static int
-ah_hmac_sha2_256_init(state, sav)
- struct ah_algorithm_state *state;
- struct secasvar *sav;
+ah_hmac_sha2_256_init(struct ah_algorithm_state *state, struct secasvar *sav)
{
u_char *ipad;
u_char *opad;
SHA256_CTX *ctxt;
- u_char tk[SHA256_DIGEST_LENGTH];
+ u_char tk[SHA256_DIGEST_LENGTH] __attribute__((aligned(4)));
u_char *key;
size_t keylen;
size_t i;
ipad = (u_char *)state->foo;
opad = (u_char *)(ipad + 64);
- ctxt = (SHA256_CTX *)(opad + 64);
+ ctxt = (SHA256_CTX *)(void *)(opad + 64);
/* compress the key if necessery */
if (64 < _KEYLEN(state->sav->key_auth)) {
}
static void
-ah_hmac_sha2_256_loop(state, addr, len)
- struct ah_algorithm_state *state;
- caddr_t addr;
- size_t len;
+ah_hmac_sha2_256_loop(struct ah_algorithm_state *state,
+ caddr_t addr,
+ size_t len)
{
SHA256_CTX *ctxt;
if (!state || !state->foo)
panic("ah_hmac_sha2_256_loop: what?");
- ctxt = (SHA256_CTX *)(((u_char *)state->foo) + 128);
+ ctxt = (SHA256_CTX *)(void *)(((u_char *)state->foo) + 128);
SHA256_Update(ctxt, (const u_int8_t *)addr, (size_t)len);
}
static void
-ah_hmac_sha2_256_result(state, addr, l)
- struct ah_algorithm_state *state;
- caddr_t addr;
- size_t l;
+ah_hmac_sha2_256_result(struct ah_algorithm_state *state,
+ caddr_t addr,
+ size_t l)
{
- u_char digest[SHA256_DIGEST_LENGTH];
+ u_char digest[SHA256_DIGEST_LENGTH] __attribute__((aligned(4)));
u_char *ipad;
u_char *opad;
SHA256_CTX *ctxt;
ipad = (u_char *)state->foo;
opad = (u_char *)(ipad + 64);
- ctxt = (SHA256_CTX *)(opad + 64);
+ ctxt = (SHA256_CTX *)(void *)(opad + 64);
SHA256_Final((u_int8_t *)digest, ctxt);
}
static int
-ah_sumsiz_sha2_384(sav)
- struct secasvar *sav;
+ah_sumsiz_sha2_384(struct secasvar *sav)
{
if (!sav)
return -1;
}
static int
-ah_hmac_sha2_384_mature(sav)
- struct secasvar *sav;
+ah_hmac_sha2_384_mature(struct secasvar *sav)
{
const struct ah_algorithm *algo;
}
static int
-ah_hmac_sha2_384_init(state, sav)
- struct ah_algorithm_state *state;
- struct secasvar *sav;
+ah_hmac_sha2_384_init(struct ah_algorithm_state *state, struct secasvar *sav)
{
u_char *ipad;
u_char *opad;
SHA384_CTX *ctxt;
- u_char tk[SHA384_DIGEST_LENGTH];
+ u_char tk[SHA384_DIGEST_LENGTH] __attribute__((aligned(4)));
u_char *key;
size_t keylen;
size_t i;
state->sav = sav;
state->foo = (void *)_MALLOC(128 + 128 + sizeof(SHA384_CTX),
- M_TEMP, M_NOWAIT);
+ M_TEMP, M_NOWAIT | M_ZERO);
if (!state->foo)
return ENOBUFS;
- bzero(state->foo, 128 + 128 + sizeof(SHA384_CTX));
ipad = (u_char *)state->foo;
opad = (u_char *)(ipad + 128);
- ctxt = (SHA384_CTX *)(opad + 128);
+ ctxt = (SHA384_CTX *)(void *)(opad + 128);
/* compress the key if necessery */
if (128 < _KEYLEN(state->sav->key_auth)) {
}
static void
-ah_hmac_sha2_384_loop(state, addr, len)
- struct ah_algorithm_state *state;
- caddr_t addr;
- size_t len;
+ah_hmac_sha2_384_loop(struct ah_algorithm_state *state,
+ caddr_t addr,
+ size_t len)
{
SHA384_CTX *ctxt;
if (!state || !state->foo)
panic("ah_hmac_sha2_384_loop: what?");
- ctxt = (SHA384_CTX *)(((u_char *)state->foo) + 256);
+ ctxt = (SHA384_CTX *)(void *)(((u_char *)state->foo) + 256);
SHA384_Update(ctxt, (const u_int8_t *)addr, (size_t)len);
}
static void
-ah_hmac_sha2_384_result(state, addr, l)
- struct ah_algorithm_state *state;
- caddr_t addr;
- size_t l;
+ah_hmac_sha2_384_result(struct ah_algorithm_state *state,
+ caddr_t addr,
+ size_t l)
{
u_char digest[SHA384_DIGEST_LENGTH];
u_char *ipad;
ipad = (u_char *)state->foo;
opad = (u_char *)(ipad + 128);
- ctxt = (SHA384_CTX *)(opad + 128);
+ ctxt = (SHA384_CTX *)(void *)(opad + 128);
SHA384_Final((u_int8_t *)digest, ctxt);
}
static int
-ah_sumsiz_sha2_512(sav)
- struct secasvar *sav;
+ah_sumsiz_sha2_512(struct secasvar *sav)
{
if (!sav)
return -1;
}
static int
-ah_hmac_sha2_512_mature(sav)
- struct secasvar *sav;
+ah_hmac_sha2_512_mature(struct secasvar *sav)
{
const struct ah_algorithm *algo;
}
static int
-ah_hmac_sha2_512_init(state, sav)
- struct ah_algorithm_state *state;
- struct secasvar *sav;
+ah_hmac_sha2_512_init(struct ah_algorithm_state *state, struct secasvar *sav)
{
u_char *ipad;
u_char *opad;
SHA512_CTX *ctxt;
- u_char tk[SHA512_DIGEST_LENGTH];
+ u_char tk[SHA512_DIGEST_LENGTH] __attribute__((aligned(4)));
u_char *key;
size_t keylen;
size_t i;
state->sav = sav;
state->foo = (void *)_MALLOC(128 + 128 + sizeof(SHA512_CTX),
- M_TEMP, M_NOWAIT);
+ M_TEMP, M_NOWAIT | M_ZERO);
if (!state->foo)
return ENOBUFS;
- bzero(state->foo, 128 + 128 + sizeof(SHA512_CTX));
ipad = (u_char *)state->foo;
opad = (u_char *)(ipad + 128);
- ctxt = (SHA512_CTX *)(opad + 128);
+ ctxt = (SHA512_CTX *)(void *)(opad + 128);
/* compress the key if necessery */
if (128 < _KEYLEN(state->sav->key_auth)) {
}
static void
-ah_hmac_sha2_512_loop(state, addr, len)
- struct ah_algorithm_state *state;
- caddr_t addr;
- size_t len;
+ah_hmac_sha2_512_loop(struct ah_algorithm_state *state,
+ caddr_t addr,
+ size_t len)
{
SHA512_CTX *ctxt;
if (!state || !state->foo)
panic("ah_hmac_sha2_512_loop: what?");
- ctxt = (SHA512_CTX *)(((u_char *)state->foo) + 256);
+ ctxt = (SHA512_CTX *)(void *)(((u_char *)state->foo) + 256);
SHA512_Update(ctxt, (const u_int8_t *) addr, (size_t)len);
}
static void
-ah_hmac_sha2_512_result(state, addr, l)
- struct ah_algorithm_state *state;
- caddr_t addr;
- size_t l;
+ah_hmac_sha2_512_result(struct ah_algorithm_state *state,
+ caddr_t addr,
+ size_t l)
{
- u_char digest[SHA512_DIGEST_LENGTH];
+ u_char digest[SHA512_DIGEST_LENGTH] __attribute__((aligned(4)));
u_char *ipad;
u_char *opad;
SHA512_CTX *ctxt;
ipad = (u_char *)state->foo;
opad = (u_char *)(ipad + 128);
- ctxt = (SHA512_CTX *)(opad + 128);
+ ctxt = (SHA512_CTX *)(void *)(opad + 128);
SHA512_Final((u_int8_t *)digest, ctxt);
FREE(state->foo, M_TEMP);
}
-#endif /* ALLCRYPTO */
+#endif /* AH_ALL_CRYPTO */
/*------------------------------------------------------------*/
* go generate the checksum.
*/
static void
-ah_update_mbuf(m, off, len, algo, algos)
- struct mbuf *m;
- int off;
- int len;
- const struct ah_algorithm *algo;
- struct ah_algorithm_state *algos;
+ah_update_mbuf(struct mbuf *m,int off, int len,
+ const struct ah_algorithm *algo,
+ struct ah_algorithm_state *algos)
{
struct mbuf *n;
int tlen;
* Don't use m_copy(), it will try to share cluster mbuf by using refcnt.
*/
int
-ah4_calccksum(m, ahdat, len, algo, sav)
- struct mbuf *m;
- caddr_t ahdat;
- size_t len;
- const struct ah_algorithm *algo;
- struct secasvar *sav;
+ah4_calccksum(struct mbuf *m, caddr_t ahdat, size_t len,
+ const struct ah_algorithm *algo, struct secasvar *sav)
{
int off;
int hdrtype;
size_t advancewidth;
struct ah_algorithm_state algos;
- u_char sumbuf[AH_MAXSUMSIZE];
+ u_char sumbuf[AH_MAXSUMSIZE] __attribute__((aligned(4)));
int error = 0;
int ahseen;
struct mbuf *n = NULL;
* Don't use m_copy(), it will try to share cluster mbuf by using refcnt.
*/
int
-ah6_calccksum(m, ahdat, len, algo, sav)
- struct mbuf *m;
- caddr_t ahdat;
- size_t len;
- const struct ah_algorithm *algo;
- struct secasvar *sav;
+ah6_calccksum(struct mbuf *m, caddr_t ahdat, size_t len,
+ const struct ah_algorithm *algo, struct secasvar *sav)
{
int newoff, off;
int proto, nxt;
int error;
int ahseen;
struct ah_algorithm_state algos;
- u_char sumbuf[AH_MAXSUMSIZE];
+ u_char sumbuf[AH_MAXSUMSIZE] __attribute__((aligned(4)));
if ((m->m_flags & M_PKTHDR) == 0)
return EINVAL;
projects / apple / xnu.git / blobdiff