remove final low-level crypto knowledge from base ipsec code

5 files changed, 60 insertions, 77 deletions

diff --git a/sys/netinet/ip_ah_new.c b/sys/netinet/ip_ah_new.c
index 5c9078c53fc..d82bfe2c26b 100644
--- a/sys/netinet/ip_ah_new.c
+++ b/sys/netinet/ip_ah_new.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip_ah_new.c,v 1.26 1999/05/16 21:48:31 niklas Exp $	*/
+/*	$OpenBSD: ip_ah_new.c,v 1.27 1999/06/30 17:23:59 deraadt Exp $	*/
 
 /*
  * The authors of this code are John Ioannidis (ji@tla.org),
@@ -77,28 +77,14 @@
 #define DPRINTF(x)
 #endif
 
-struct auth_hash ah_new_hash[] = {
-     { SADB_AALG_MD5HMAC96, "HMAC-MD5-96", 
-       MD5HMAC96_KEYSIZE, AH_MD5_ALEN,
-       sizeof(MD5_CTX),
-       (void (*)(void *)) MD5Init, 
-       (void (*)(void *, u_int8_t *, u_int16_t)) MD5Update, 
-       (void (*)(u_int8_t *, void *)) MD5Final 
-     },
-     { SADB_AALG_SHA1HMAC96, "HMAC-SHA1-96",
-       SHA1HMAC96_KEYSIZE, AH_SHA1_ALEN,
-       sizeof(SHA1_CTX),
-       (void (*)(void *)) SHA1Init, 
-       (void (*)(void *, u_int8_t *, u_int16_t)) SHA1Update, 
-       (void (*)(u_int8_t *, void *)) SHA1Final 
-     },
-     { SADB_AALG_X_RIPEMD160HMAC96, "HMAC-RIPEMD-160-96",
-       RIPEMD160HMAC96_KEYSIZE, AH_RMD160_ALEN,
-       sizeof(RMD160_CTX),
-       (void (*)(void *)) RMD160Init, 
-       (void (*)(void *, u_int8_t *, u_int16_t)) RMD160Update, 
-       (void (*)(u_int8_t *, void *)) RMD160Final 
-     }
+extern struct auth_hash auth_hash_hmac_md5_96;
+extern struct auth_hash auth_hash_hmac_sha1_96;
+extern struct auth_hash auth_hash_hmac_ripemd_160_96;
+
+struct auth_hash *ah_new_hash[] = {
+    &auth_hash_hmac_md5_96,
+    &auth_hash_hmac_sha1_96,
+    &auth_hash_hmac_ripemd_160_96
 };
 
 /*
@@ -122,9 +108,8 @@ ah_new_init(struct tdb *tdbp, struct xformsw *xsp, struct ipsecinit *ii)
     struct auth_hash *thash = NULL;
     int i;
 
-    for (i = sizeof(ah_new_hash) / sizeof(struct auth_hash) - 1;
-	 i >= 0; i--) 
-      if (ii->ii_authalg == ah_new_hash[i].type)
+    for (i = sizeof(ah_new_hash) / sizeof(ah_new_hash[0]) - 1; i >= 0; i--)
+      if (ii->ii_authalg == ah_new_hash[i]->type)
 	break;
 
     if (i < 0) 
@@ -133,7 +118,7 @@ ah_new_init(struct tdb *tdbp, struct xformsw *xsp, struct ipsecinit *ii)
 	return EINVAL;
     }
 
-    thash = &ah_new_hash[i];
+    thash = ah_new_hash[i];
 
     if (ii->ii_authkeylen != thash->keysize)
     {
@@ -214,11 +199,7 @@ ah_new_input(struct mbuf *m, struct tdb *tdb)
     int ohlen, len, count, off, errc;
     u_int32_t btsx;
     struct mbuf *m0;
-    union {
-	 MD5_CTX md5ctx; 
-	 SHA1_CTX sha1ctx;
-	 RMD160_CTX rmd160ctx;
-    } ctx;
+    union authctx ctx;
     u_int8_t optval;
     u_char buffer[40];
 
@@ -458,11 +439,7 @@ ah_new_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
     struct ip *ip, ipo;
     struct ah_new aho, *ah;
     register int len, off, count, ilen;
-    union {
-	 MD5_CTX md5ctx;
-	 SHA1_CTX sha1ctx;
-	 RMD160_CTX rmd160ctx;
-    } ctx;
+    union authctx ctx;
     u_int8_t optval;
     u_char opts[40];
 
diff --git a/sys/netinet/ip_ah_old.c b/sys/netinet/ip_ah_old.c
index f087c8b26ae..b209b73e272 100644
--- a/sys/netinet/ip_ah_old.c
+++ b/sys/netinet/ip_ah_old.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip_ah_old.c,v 1.23 1999/05/16 21:48:32 niklas Exp $	*/
+/*	$OpenBSD: ip_ah_old.c,v 1.24 1999/06/30 17:23:59 deraadt Exp $	*/
 
 /*
  * The authors of this code are John Ioannidis (ji@tla.org),
@@ -77,21 +77,12 @@
 #define DPRINTF(x)
 #endif
 
-struct auth_hash ah_old_hash[] = {
-     { SADB_AALG_X_MD5, "Keyed MD5", 
-       0, AH_MD5_ALEN,
-       sizeof(MD5_CTX),
-       (void (*)(void *))MD5Init, 
-       (void (*)(void *, u_int8_t *, u_int16_t))MD5Update, 
-       (void (*)(u_int8_t *, void *))MD5Final 
-     },
-     { SADB_AALG_X_SHA1, "Keyed SHA1",
-       0, AH_SHA1_ALEN,
-       sizeof(SHA1_CTX),
-       (void (*)(void *))SHA1Init, 
-       (void (*)(void *, u_int8_t *, u_int16_t))SHA1Update, 
-       (void (*)(u_int8_t *, void *))SHA1Final 
-     }
+extern struct auth_hash auth_hash_key_md5;
+extern struct auth_hash auth_hash_key_sha1;
+
+struct auth_hash *ah_old_hash[] = {
+    &auth_hash_key_md5,
+    &auth_hash_key_sha1,
 };
 
 /*
@@ -115,8 +106,8 @@ ah_old_init(struct tdb *tdbp, struct xformsw *xsp, struct ipsecinit *ii)
     int i;
 
     /* Check whether the hash algorithm is supported */
-    for (i = sizeof(ah_old_hash) / sizeof(struct auth_hash) - 1; i >= 0; i--) 
-      if (ii->ii_authalg == ah_old_hash[i].type)
+    for (i = sizeof(ah_old_hash) / sizeof(ah_old_hash[0]) - 1; i >= 0; i--)
+      if (ii->ii_authalg == ah_old_hash[i]->type)
 	      break;
 
     if (i < 0) 
@@ -125,7 +116,7 @@ ah_old_init(struct tdb *tdbp, struct xformsw *xsp, struct ipsecinit *ii)
 	return EINVAL;
     }
 
-    thash = &ah_old_hash[i];
+    thash = ah_old_hash[i];
 
     DPRINTF(("ah_old_init(): initalized TDB with hash algorithm %s\n",
 	     thash->name));
@@ -189,10 +180,7 @@ ah_old_input(struct mbuf *m, struct tdb *tdb)
     struct ah_old *ah, *aho;
     int ohlen, len, count, off, alen;
     struct mbuf *m0;
-    union {
-	 MD5_CTX md5ctx; 
-	 SHA1_CTX sha1ctx;
-    } ctx;
+    union authctx_old ctx;
     u_int8_t optval;
     u_char buffer[40];
 
@@ -395,10 +383,7 @@ ah_old_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
     struct ah_old *ah, aho;
     register int len, off, count;
     register struct mbuf *m0;
-    union {
-	 MD5_CTX md5ctx;
-	 SHA1_CTX sha1ctx;
-    } ctx;
+    union authctx_old ctx;
     int ilen, ohlen, alen;
     u_int8_t optval;
     u_char opts[40];
diff --git a/sys/netinet/ip_esp_new.c b/sys/netinet/ip_esp_new.c
index cc0a46e31e0..804af86d094 100644
--- a/sys/netinet/ip_esp_new.c
+++ b/sys/netinet/ip_esp_new.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip_esp_new.c,v 1.44 1999/06/18 07:24:03 deraadt Exp $	*/
+/*	$OpenBSD: ip_esp_new.c,v 1.45 1999/06/30 17:23:59 deraadt Exp $	*/
 
 /*
  * The authors of this code are John Ioannidis (ji@tla.org),
@@ -259,11 +259,7 @@ esp_new_input(struct mbuf *m, struct tdb *tdb)
     struct esp_new *esp;
     struct ip *ip, ipo;
     u_int32_t btsx;
-    union {
-	 MD5_CTX md5ctx;
-	 SHA1_CTX sha1ctx;
-	 RMD160_CTX rmd160ctx;
-    } ctx;
+    union authctx ctx;
     u_char buf[AH_ALEN_MAX], buf2[AH_ALEN_MAX];
 
     blks = espx->blocksize;
@@ -597,11 +593,7 @@ esp_new_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
     struct mbuf *mi, *mo = (struct mbuf *) NULL;
     u_char *pad, *idat, *odat, *ivp;
     u_char iv[ESP_MAX_IVS], blk[ESP_MAX_BLKS], auth[AH_ALEN_MAX], opts[40];
-    union {
-	 MD5_CTX md5ctx;
-	 SHA1_CTX sha1ctx;
-	 RMD160_CTX rmd160ctx;
-    } ctx;
+    union authctx ctx;
     int iphlen, blks, alen;
     
     blks = espx->blocksize;
diff --git a/sys/netinet/ip_ipsp.h b/sys/netinet/ip_ipsp.h
index f4b77e8093d..02e861e3594 100644
--- a/sys/netinet/ip_ipsp.h
+++ b/sys/netinet/ip_ipsp.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip_ipsp.h,v 1.36 1999/06/18 07:24:07 deraadt Exp $	*/
+/*	$OpenBSD: ip_ipsp.h,v 1.37 1999/06/30 17:23:59 deraadt Exp $	*/
 
 /*
  * The authors of this code are John Ioannidis (ji@tla.org),
@@ -287,6 +287,17 @@ struct tdb				/* tunnel descriptor block */
     TAILQ_HEAD(tdb_inp_head, inpcb) tdb_inp;
 };
 
+union authctx_old {
+    MD5_CTX md5ctx;
+    SHA1_CTX sha1ctx;
+};
+
+union authctx {
+    MD5_CTX md5ctx;
+    SHA1_CTX sha1ctx;
+    RMD160_CTX rmd160ctx;
+};
+
 struct tdb_ident {
     u_int32_t spi;
     union sockaddr_union dst;
diff --git a/sys/netinet/ip_xform.c b/sys/netinet/ip_xform.c
index eca4f0327e5..c4c382261f1 100644
--- a/sys/netinet/ip_xform.c
+++ b/sys/netinet/ip_xform.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip_xform.c,v 1.1 1999/06/18 07:24:08 deraadt Exp $	*/
+/*	$OpenBSD: ip_xform.c,v 1.2 1999/06/30 17:23:59 deraadt Exp $	*/
 
 /*
  * The authors of this code are John Ioannidis (ji@tla.org),
@@ -321,3 +321,21 @@ struct auth_hash auth_hash_hmac_ripemd_160_96 = {
     (void (*)(void *, u_int8_t *, u_int16_t)) RMD160Update,
     (void (*)(u_int8_t *, void *)) RMD160Final
 };
+
+struct auth_hash auth_hash_key_md5 = {
+    SADB_AALG_X_MD5, "Keyed MD5", 
+    0, AH_MD5_ALEN,
+    sizeof(MD5_CTX),
+    (void (*)(void *))MD5Init, 
+    (void (*)(void *, u_int8_t *, u_int16_t))MD5Update, 
+    (void (*)(u_int8_t *, void *))MD5Final 
+};
+
+struct auth_hash auth_hash_key_sha1 = {
+    SADB_AALG_X_SHA1, "Keyed SHA1",
+    0, AH_SHA1_ALEN,
+    sizeof(SHA1_CTX),
+    (void (*)(void *))SHA1Init, 
+    (void (*)(void *, u_int8_t *, u_int16_t))SHA1Update, 
+    (void (*)(u_int8_t *, void *))SHA1Final 
+};