X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/91447636331957f3d9b5ca5b508f07c526b0074d..7ee9d059c4eecf68ae4f8b0fb99ae2471eda79af:/bsd/netinet6/esp_rijndael.c diff --git a/bsd/netinet6/esp_rijndael.c b/bsd/netinet6/esp_rijndael.c index f2ebe936d..0f3ce7c27 100644 --- a/bsd/netinet6/esp_rijndael.c +++ b/bsd/netinet6/esp_rijndael.c @@ -1,3 +1,31 @@ +/* + * Copyright (c) 2008 Apple Inc. All rights reserved. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ + */ + /* $FreeBSD: src/sys/netinet6/esp_rijndael.c,v 1.1.2.1 2001/07/03 11:01:50 ume Exp $ */ /* $KAME: esp_rijndael.c,v 1.4 2001/03/02 05:53:05 itojun Exp $ */ @@ -48,6 +76,8 @@ #include +#include + #include #define AES_BLOCKLEN 16 @@ -55,23 +85,24 @@ extern lck_mtx_t *sadb_mutex; int -esp_aes_schedlen(algo) - const struct esp_algorithm *algo; +esp_aes_schedlen( + __unused const struct esp_algorithm *algo) { return sizeof(aes_ctx); } int -esp_aes_schedule(algo, sav) - const struct esp_algorithm *algo; - struct secasvar *sav; +esp_aes_schedule( + __unused const struct esp_algorithm *algo, + struct secasvar *sav) { + + lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED); aes_ctx *ctx = (aes_ctx*)sav->sched; - gen_tabs(); - aes_decrypt_key(_KEYBUF(sav->key_enc), _KEYLEN(sav->key_enc), &ctx->decrypt); - aes_encrypt_key(_KEYBUF(sav->key_enc), _KEYLEN(sav->key_enc), &ctx->encrypt); + aes_decrypt_key((const unsigned char *) _KEYBUF(sav->key_enc), _KEYLEN(sav->key_enc), &ctx->decrypt); + aes_encrypt_key((const unsigned char *) _KEYBUF(sav->key_enc), _KEYLEN(sav->key_enc), &ctx->encrypt); return 0; } @@ -143,7 +174,7 @@ esp_cbc_decrypt_aes(m, off, sav, algo, ivlen) if (m->m_pkthdr.len < bodyoff) { ipseclog((LOG_ERR, "esp_cbc_decrypt %s: bad len %d/%lu\n", - algo->name, m->m_pkthdr.len, (unsigned long)bodyoff)); + algo->name, m->m_pkthdr.len, (u_int32_t)bodyoff)); m_freem(m); return EINVAL; } @@ -156,9 +187,8 @@ esp_cbc_decrypt_aes(m, off, sav, algo, ivlen) } /* grab iv */ - m_copydata(m, ivoff, ivlen, iv); + m_copydata(m, ivoff, ivlen, (caddr_t) iv); - lck_mtx_unlock(sadb_mutex); s = m; soff = sn = dn = 0; d = d0 = dp = NULL; @@ -190,7 +220,7 @@ esp_cbc_decrypt_aes(m, off, sav, algo, ivlen) len -= len % AES_BLOCKLEN; // full blocks only } else { /* body is non-continuous */ - m_copydata(s, sn, AES_BLOCKLEN, sbuf); + m_copydata(s, sn, AES_BLOCKLEN, (caddr_t) sbuf); sp = sbuf; len = AES_BLOCKLEN; // 1 block only in sbuf } @@ -204,15 +234,17 @@ esp_cbc_decrypt_aes(m, off, sav, algo, ivlen) if (d && i > MLEN) { MCLGET(d, M_DONTWAIT); if ((d->m_flags & M_EXT) == 0) { - m_free(d); - d = NULL; + d = m_mbigget(d, M_DONTWAIT); + if ((d->m_flags & M_EXT) == 0) { + m_free(d); + d = NULL; + } } } if (!d) { m_freem(m); if (d0) m_freem(d0); - lck_mtx_lock(sadb_mutex); return ENOBUFS; } if (!d0) @@ -259,23 +291,22 @@ esp_cbc_decrypt_aes(m, off, sav, algo, ivlen) /* just in case */ bzero(iv, sizeof(iv)); bzero(sbuf, sizeof(sbuf)); - lck_mtx_lock(sadb_mutex); return 0; } int -esp_cbc_encrypt_aes(m, off, plen, sav, algo, ivlen) - struct mbuf *m; - size_t off; - size_t plen; - struct secasvar *sav; - const struct esp_algorithm *algo; - int ivlen; +esp_cbc_encrypt_aes( + struct mbuf *m, + size_t off, + __unused size_t plen, + struct secasvar *sav, + const struct esp_algorithm *algo, + int ivlen) { struct mbuf *s; struct mbuf *d, *d0, *dp; - int soff, doff; /* offset from the head of chain, to head of this mbuf */ + int soff; /* offset from the head of chain, to head of this mbuf */ int sn, dn; /* offset from the head of the mbuf, to meat */ size_t ivoff, bodyoff; u_int8_t *ivp, *dptr; @@ -302,11 +333,11 @@ esp_cbc_encrypt_aes(m, off, plen, sav, algo, ivlen) /* put iv into the packet */ m_copyback(m, ivoff, ivlen, sav->iv); - ivp = sav->iv; + ivp = (u_int8_t *) sav->iv; if (m->m_pkthdr.len < bodyoff) { ipseclog((LOG_ERR, "esp_cbc_encrypt %s: bad len %d/%lu\n", - algo->name, m->m_pkthdr.len, (unsigned long)bodyoff)); + algo->name, m->m_pkthdr.len, (u_int32_t)bodyoff)); m_freem(m); return EINVAL; } @@ -317,7 +348,6 @@ esp_cbc_encrypt_aes(m, off, plen, sav, algo, ivlen) m_freem(m); return EINVAL; } - lck_mtx_unlock(sadb_mutex); s = m; soff = sn = dn = 0; @@ -350,7 +380,7 @@ esp_cbc_encrypt_aes(m, off, plen, sav, algo, ivlen) len -= len % AES_BLOCKLEN; // full blocks only } else { /* body is non-continuous */ - m_copydata(s, sn, AES_BLOCKLEN, sbuf); + m_copydata(s, sn, AES_BLOCKLEN, (caddr_t) sbuf); sp = sbuf; len = AES_BLOCKLEN; // 1 block only in sbuf } @@ -364,15 +394,17 @@ esp_cbc_encrypt_aes(m, off, plen, sav, algo, ivlen) if (d && i > MLEN) { MCLGET(d, M_DONTWAIT); if ((d->m_flags & M_EXT) == 0) { - m_free(d); - d = NULL; + d = m_mbigget(d, M_DONTWAIT); + if ((d->m_flags & M_EXT) == 0) { + m_free(d); + d = NULL; + } } } if (!d) { m_freem(m); if (d0) m_freem(d0); - lck_mtx_lock(sadb_mutex); return ENOBUFS; } if (!d0) @@ -419,7 +451,6 @@ esp_cbc_encrypt_aes(m, off, plen, sav, algo, ivlen) /* just in case */ bzero(sbuf, sizeof(sbuf)); - lck_mtx_lock(sadb_mutex); key_sa_stir_iv(sav); return 0;