summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--sys/conf/files4
-rw-r--r--sys/net/encap.c8
-rw-r--r--sys/net/encap.h8
-rw-r--r--sys/net/if_enc.c8
-rw-r--r--sys/netinet/ip_ah.c8
-rw-r--r--sys/netinet/ip_ah.h54
-rw-r--r--sys/netinet/ip_ah_new.c366
-rw-r--r--sys/netinet/ip_ah_old.c326
-rw-r--r--sys/netinet/ip_blf.c626
-rw-r--r--sys/netinet/ip_blf.h75
-rw-r--r--sys/netinet/ip_cast.c240
-rw-r--r--sys/netinet/ip_cast.h25
-rw-r--r--sys/netinet/ip_castsb.h544
-rw-r--r--sys/netinet/ip_esp.c8
-rw-r--r--sys/netinet/ip_esp.h73
-rw-r--r--sys/netinet/ip_esp_new.c542
-rw-r--r--sys/netinet/ip_esp_old.c210
-rw-r--r--sys/netinet/ip_ip4.c8
-rw-r--r--sys/netinet/ip_ip4.h8
-rw-r--r--sys/netinet/ip_ipsp.c16
-rw-r--r--sys/netinet/ip_ipsp.h12
21 files changed, 2170 insertions, 999 deletions
diff --git a/sys/conf/files b/sys/conf/files
index 39c55d6a5ba..b595021ec57 100644
--- a/sys/conf/files
+++ b/sys/conf/files
@@ -1,4 +1,4 @@
-# $OpenBSD: files,v 1.65 1997/10/06 20:19:37 deraadt Exp $
+# $OpenBSD: files,v 1.66 1997/11/04 09:10:50 provos Exp $
# $NetBSD: files,v 1.87 1996/05/19 17:17:50 jonathan Exp $
# @(#)files.newconf 7.5 (Berkeley) 5/10/93
@@ -311,6 +311,8 @@ file netinet/ip_esp_new.c inet & ipsec
file netinet/ip_ah_old.c inet & ipsec
file netinet/ip_ah_new.c inet & ipsec
file netinet/ip_sha1.c inet & ipsec
+file netinet/ip_blf.c inet & ipsec
+file netinet/ip_cast.c inet & ipsec
file netinet/libdeslite/ecb_enc.c inet & ipsec
file netinet/libdeslite/set_key.c inet & ipsec
file netinet/libdeslite/ecb3_enc.c inet & ipsec
diff --git a/sys/net/encap.c b/sys/net/encap.c
index 9a26959d593..8244e90caf4 100644
--- a/sys/net/encap.c
+++ b/sys/net/encap.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: encap.c,v 1.17 1997/10/02 02:31:01 deraadt Exp $ */
+/* $OpenBSD: encap.c,v 1.18 1997/11/04 09:10:53 provos Exp $ */
/*
* The author of this code is John Ioannidis, ji@tla.org,
@@ -9,7 +9,11 @@
* Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
* by Angelos D. Keromytis, kermit@forthnet.gr.
*
- * Copyright (C) 1995, 1996, 1997 by John Ioannidis and Angelos D. Keromytis.
+ * Additional transforms and features in 1997 by Angelos D. Keromytis and
+ * Niels Provos.
+ *
+ * Copyright (C) 1995, 1996, 1997 by John Ioannidis, Angelos D. Keromytis
+ * and Niels Provos.
*
* Permission to use, copy, and modify this software without fee
* is hereby granted, provided that this entire notice is included in
diff --git a/sys/net/encap.h b/sys/net/encap.h
index 4672ba0a2a3..35942e1d884 100644
--- a/sys/net/encap.h
+++ b/sys/net/encap.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: encap.h,v 1.10 1997/07/27 23:30:32 niklas Exp $ */
+/* $OpenBSD: encap.h,v 1.11 1997/11/04 09:10:54 provos Exp $ */
/*
* The author of this code is John Ioannidis, ji@tla.org,
@@ -9,7 +9,11 @@
* Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
* by Angelos D. Keromytis, kermit@forthnet.gr.
*
- * Copyright (C) 1995, 1996, 1997 by John Ioannidis and Angelos D. Keromytis.
+ * Additional transforms and features in 1997 by Angelos D. Keromytis and
+ * Niels Provos.
+ *
+ * Copyright (C) 1995, 1996, 1997 by John Ioannidis, Angelos D. Keromytis
+ * and Niels Provos.
*
* Permission to use, copy, and modify this software without fee
* is hereby granted, provided that this entire notice is included in
diff --git a/sys/net/if_enc.c b/sys/net/if_enc.c
index de2544fd9b8..6cd97361fc5 100644
--- a/sys/net/if_enc.c
+++ b/sys/net/if_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: if_enc.c,v 1.5 1997/07/11 23:37:53 provos Exp $ */
+/* $OpenBSD: if_enc.c,v 1.6 1997/11/04 09:10:55 provos Exp $ */
/*
* The author of this code is John Ioannidis, ji@tla.org,
@@ -9,7 +9,11 @@
* Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
* by Angelos D. Keromytis, kermit@forthnet.gr.
*
- * Copyright (C) 1995, 1996, 1997 by John Ioannidis and Angelos D. Keromytis.
+ * Additional transforms and features in 1997 by Angelos D. Keromytis and
+ * Niels Provos.
+ *
+ * Copyright (C) 1995, 1996, 1997 by John Ioannidis, Angelos D. Keromytis
+ * and Niels Provos.
*
* Permission to use, copy, and modify this software without fee
* is hereby granted, provided that this entire notice is included in
diff --git a/sys/netinet/ip_ah.c b/sys/netinet/ip_ah.c
index 8cf20865e54..89d968576ef 100644
--- a/sys/netinet/ip_ah.c
+++ b/sys/netinet/ip_ah.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_ah.c,v 1.12 1997/10/02 02:31:02 deraadt Exp $ */
+/* $OpenBSD: ip_ah.c,v 1.13 1997/11/04 09:10:58 provos Exp $ */
/*
* The author of this code is John Ioannidis, ji@tla.org,
@@ -9,7 +9,11 @@
* Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
* by Angelos D. Keromytis, kermit@forthnet.gr.
*
- * Copyright (C) 1995, 1996, 1997 by John Ioannidis and Angelos D. Keromytis.
+ * Additional transforms and features in 1997 by Angelos D. Keromytis and
+ * Niels Provos.
+ *
+ * Copyright (C) 1995, 1996, 1997 by John Ioannidis, Angelos D. Keromytis
+ * and Niels Provos.
*
* Permission to use, copy, and modify this software without fee
* is hereby granted, provided that this entire notice is included in
diff --git a/sys/netinet/ip_ah.h b/sys/netinet/ip_ah.h
index f6ca28ba85b..6f5fd764ed5 100644
--- a/sys/netinet/ip_ah.h
+++ b/sys/netinet/ip_ah.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_ah.h,v 1.9 1997/07/14 08:48:44 provos Exp $ */
+/* $OpenBSD: ip_ah.h,v 1.10 1997/11/04 09:10:59 provos Exp $ */
/*
* The author of this code is John Ioannidis, ji@tla.org,
@@ -9,7 +9,11 @@
* Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
* by Angelos D. Keromytis, kermit@forthnet.gr.
*
- * Copyright (C) 1995, 1996, 1997 by John Ioannidis and Angelos D. Keromytis.
+ * Additional transforms and features in 1997 by Angelos D. Keromytis and
+ * Niels Provos.
+ *
+ * Copyright (C) 1995, 1996, 1997 by John Ioannidis, Angelos D. Keromytis
+ * and Niels Provos.
*
* Permission to use, copy, and modify this software without fee
* is hereby granted, provided that this entire notice is included in
@@ -31,6 +35,16 @@
#include <sys/md5k.h>
#include <netinet/ip_sha1.h>
+struct ah_hash {
+ int type;
+ char *name;
+ u_int16_t hashsize;
+ u_int16_t ctxsize;
+ void (*Init)(void *);
+ void (*Update)(void *, u_int8_t *, u_int16_t);
+ void (*Final)(u_int8_t *, void *);
+};
+
struct ah_old
{
u_int8_t ah_nh; /* Next header (protocol) */
@@ -102,26 +116,23 @@ struct ah_new_xdata
int32_t amx_wnd;
u_int32_t amx_rpl; /* Replay counter */
u_int32_t amx_bitmap;
+ struct ah_hash *amx_hash;
union
{
- struct
- {
- MD5_CTX amx_ictx; /* Internal key+padding */
- MD5_CTX amx_octx; /* External key+padding */
- } MD5stuff;
-
- struct
- {
- SHA1_CTX amx_ictx;
- SHA1_CTX amx_octx;
- } SHA1stuff;
- } Hashes;
+ MD5_CTX amx_MD5_ictx; /* Internal key+padding */
+ SHA1_CTX amx_SHA1_ictx;
+ } amx_ictx;
+ union
+ {
+ MD5_CTX amx_MD5_octx; /* External key+padding */
+ SHA1_CTX amx_SHA1_octx;
+ } amx_octx;
};
-#define amx_md5_ictx Hashes.MD5stuff.amx_ictx
-#define amx_md5_octx Hashes.MD5stuff.amx_octx
-#define amx_sha1_ictx Hashes.SHA1stuff.amx_ictx
-#define amx_sha1_octx Hashes.SHA1stuff.amx_octx
+#define amx_md5_ictx amx_ictx.amx_MD5_ictx
+#define amx_md5_octx amx_octx.amx_MD5_octx
+#define amx_sha1_ictx amx_ictx.amx_SHA1_ictx
+#define amx_sha1_octx amx_octx.amx_SHA1_octx
#define AHMD5_ALEN 16 /* Size of MD5 digest */
#define AHSHA1_ALEN 20 /* Size of SHA-1 digest */
@@ -130,16 +141,17 @@ struct ah_old_xdata
{
u_int32_t amx_hash_algorithm;
u_int32_t amx_keylen; /* Key material length */
+ struct ah_hash *amx_hash;
union
{
MD5_CTX amx_MD5_ctx;
SHA1_CTX amx_SHA1_ctx;
- } Hashes;
+ } amx_ctx;
u_int8_t amx_key[1]; /* Key material */
};
-#define amx_md5_ctx Hashes.amx_MD5_ctx
-#define amx_sha1_ctx Hashes.amx_SHA1_ctx
+#define amx_md5_ctx amx_ctx.amx_MD5_ctx
+#define amx_sha1_ctx amx_ctx.amx_SHA1_ctx
struct ah_old_xencap
{
diff --git a/sys/netinet/ip_ah_new.c b/sys/netinet/ip_ah_new.c
index 55cc83a9713..4365075a1f5 100644
--- a/sys/netinet/ip_ah_new.c
+++ b/sys/netinet/ip_ah_new.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_ah_new.c,v 1.10 1997/10/02 02:31:03 deraadt Exp $ */
+/* $OpenBSD: ip_ah_new.c,v 1.11 1997/11/04 09:11:01 provos Exp $ */
/*
* The author of this code is John Ioannidis, ji@tla.org,
@@ -9,7 +9,11 @@
* Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
* by Angelos D. Keromytis, kermit@forthnet.gr.
*
- * Copyright (C) 1995, 1996, 1997 by John Ioannidis and Angelos D. Keromytis.
+ * Additional transforms and features in 1997 by Angelos D. Keromytis and
+ * Niels Provos.
+ *
+ * Copyright (C) 1995, 1996, 1997 by John Ioannidis, Angelos D. Keromytis
+ * and Niels Provos.
*
* Permission to use, copy, and modify this software without fee
* is hereby granted, provided that this entire notice is included in
@@ -63,6 +67,23 @@
extern void encap_sendnotify(int, struct tdb *);
+struct ah_hash ah_new_hash[] = {
+ { ALG_AUTH_MD5, "HMAC-MD5-96",
+ AH_MD5_ALEN,
+ sizeof(MD5_CTX),
+ (void (*)(void *))MD5Init,
+ (void (*)(void *, u_int8_t *, u_int16_t))MD5Update,
+ (void (*)(u_int8_t *, void *))MD5Final
+ },
+ { ALG_AUTH_SHA1, "HMAC-SHA1-96",
+ AH_SHA1_ALEN,
+ sizeof(SHA1_CTX),
+ (void (*)(void *))SHA1Init,
+ (void (*)(void *, u_int8_t *, u_int16_t))SHA1Update,
+ (void (*)(u_int8_t *, void *))SHA1Final
+ }
+};
+
/*
* ah_new_attach() is called from the transformation initialization code.
* It just returns.
@@ -89,6 +110,7 @@ ah_new_init(struct tdb *tdbp, struct xformsw *xsp, struct mbuf *m)
struct ah_new_xdata *xd;
struct ah_new_xencap txd;
struct encap_msghdr *em;
+ struct ah_hash *thash;
caddr_t buffer = NULL;
int blocklen, i;
@@ -115,24 +137,23 @@ ah_new_init(struct tdb *tdbp, struct xformsw *xsp, struct mbuf *m)
/* Just copy the standard fields */
m_copydata(m, EMT_SETSPI_FLEN, AH_NEW_XENCAP_LEN, (caddr_t) &txd);
- /* Check whether the hash algorithm is supposed */
- switch (txd.amx_hash_algorithm)
+ /* Check whether the hash algorithm is supported */
+ for (i=sizeof(ah_new_hash)/sizeof(struct ah_hash)-1; i >= 0; i--)
+ if (txd.amx_hash_algorithm == ah_new_hash[i].type)
+ break;
+ if (i < 0)
{
- case ALG_AUTH_MD5:
- case ALG_AUTH_SHA1:
+ if (encdebug)
+ log(LOG_WARNING, "ah_new_init(): unsupported authentication algorithm %d specified\n", txd.amx_hash_algorithm);
+ return EINVAL;
+ }
#ifdef ENCDEBUG
- if (encdebug)
- printf("ah_new_init(): initalized TDB with hash algorithm %d\n",
- txd.amx_hash_algorithm);
+ if (encdebug)
+ printf("ah_new_init(): initalized TDB with hash algorithm %d: %s\n",
+ txd.amx_hash_algorithm, ah_new_hash[i].name);
#endif /* ENCDEBUG */
- blocklen = HMAC_BLOCK_LEN;
- break;
-
- default:
- if (encdebug)
- log(LOG_WARNING, "ah_new_init(): unsupported authentication algorithm %d specified\n", txd.amx_hash_algorithm);
- return EINVAL;
- }
+ thash = &ah_new_hash[i];
+ blocklen = HMAC_BLOCK_LEN;
if (txd.amx_keylen + EMT_SETSPI_FLEN + AH_NEW_XENCAP_LEN != em->em_msglen)
{
@@ -173,32 +194,23 @@ ah_new_init(struct tdb *tdbp, struct xformsw *xsp, struct mbuf *m)
/* Copy the key to the buffer */
m_copydata(m, EMT_SETSPI_FLEN + AH_NEW_XENCAP_LEN, txd.amx_keylen, buffer);
+ xd->amx_hash = thash;
/* Shorten the key if necessary */
if (txd.amx_keylen > blocklen)
{
- switch (txd.amx_hash_algorithm)
- {
- case ALG_AUTH_MD5:
- MD5Init(&(xd->amx_md5_ictx));
- MD5Update(&(xd->amx_md5_ictx), buffer, txd.amx_keylen);
- bzero(buffer,
- (txd.amx_keylen < blocklen ? blocklen : txd.amx_keylen));
- MD5Final(buffer, &(xd->amx_md5_ictx));
- break;
-
- case ALG_AUTH_SHA1:
- SHA1Init(&(xd->amx_sha1_ictx));
- SHA1Update(&(xd->amx_sha1_ictx), buffer, txd.amx_keylen);
- bzero(buffer,
- (txd.amx_keylen < blocklen ? blocklen : txd.amx_keylen));
- SHA1Final(buffer, &(xd->amx_sha1_ictx));
- break;
- }
+ xd->amx_hash->Init(&(xd->amx_ictx));
+ xd->amx_hash->Update(&(xd->amx_ictx), buffer, txd.amx_keylen);
+ bzero(buffer,
+ (txd.amx_keylen < blocklen ? blocklen : txd.amx_keylen));
+ xd->amx_hash->Final(buffer, &(xd->amx_ictx));
}
/* Pointer to the transform */
tdbp->tdb_xform = xsp;
+ /* Pass name of auth algorithm for kernfs */
+ tdbp->tdb_authname = xd->amx_hash->name;
+
xd->amx_hash_algorithm = txd.amx_hash_algorithm;
xd->amx_rpl = AH_HMAC_INITIAL_RPL;
xd->amx_wnd = txd.amx_wnd;
@@ -208,34 +220,14 @@ ah_new_init(struct tdb *tdbp, struct xformsw *xsp, struct mbuf *m)
for (i = 0; i < blocklen; i++)
buffer[i] ^= HMAC_IPAD_VAL;
- switch (xd->amx_hash_algorithm)
- {
- case ALG_AUTH_MD5:
- MD5Init(&(xd->amx_md5_ictx));
- MD5Update(&(xd->amx_md5_ictx), buffer, blocklen);
- break;
-
- case ALG_AUTH_SHA1:
- SHA1Init(&(xd->amx_sha1_ictx));
- SHA1Update(&(xd->amx_sha1_ictx), buffer, blocklen);
- break;
- }
+ xd->amx_hash->Init(&(xd->amx_ictx));
+ xd->amx_hash->Update(&(xd->amx_ictx), buffer, blocklen);
for (i = 0; i < blocklen; i++)
buffer[i] ^= (HMAC_IPAD_VAL ^ HMAC_OPAD_VAL);
- switch (xd->amx_hash_algorithm)
- {
- case ALG_AUTH_MD5:
- MD5Init(&(xd->amx_md5_octx));
- MD5Update(&(xd->amx_md5_octx), buffer, blocklen);
- break;
-
- case ALG_AUTH_SHA1:
- SHA1Init(&(xd->amx_sha1_octx));
- SHA1Update(&(xd->amx_sha1_octx), buffer, blocklen);
- break;
- }
+ xd->amx_hash->Init(&(xd->amx_octx));
+ xd->amx_hash->Update(&(xd->amx_octx), buffer, blocklen);
bzero(buffer, blocklen); /* paranoid */
free(buffer, M_TEMP);
@@ -272,8 +264,10 @@ ah_new_input(struct mbuf *m, struct tdb *tdb)
int ohlen, len, count, off, errc;
u_int32_t btsx;
struct mbuf *m0;
- MD5_CTX md5ctx;
- SHA1_CTX sha1ctx;
+ union {
+ MD5_CTX md5ctx;
+ SHA1_CTX sha1ctx;
+ } ctx;
u_int8_t optval;
u_char buffer[40];
@@ -281,21 +275,6 @@ ah_new_input(struct mbuf *m, struct tdb *tdb)
xd = (struct ah_new_xdata *) tdb->tdb_xdata;
- switch (xd->amx_hash_algorithm)
- {
- case ALG_AUTH_MD5:
- case ALG_AUTH_SHA1:
- break;
-
- default:
- if (encdebug)
- log(LOG_ALERT,
- "ah_new_input(): unsupported algorithm %d in SA %x/%08x\n",
- xd->amx_hash_algorithm, tdb->tdb_dst, ntohl(tdb->tdb_spi));
- m_freem(m);
- return NULL;
- }
-
ohlen = sizeof(struct ip) + AH_NEW_FLENGTH;
rcvif = m->m_pkthdr.rcvif;
@@ -392,18 +371,8 @@ ah_new_input(struct mbuf *m, struct tdb *tdb)
ipo.ip_ttl = 0;
ipo.ip_sum = 0;
- switch (xd->amx_hash_algorithm)
- {
- case ALG_AUTH_MD5:
- md5ctx = xd->amx_md5_ictx;
- MD5Update(&md5ctx, (unsigned char *) &ipo, sizeof(struct ip));
- break;
-
- case ALG_AUTH_SHA1:
- sha1ctx = xd->amx_sha1_ictx;
- SHA1Update(&sha1ctx, (unsigned char *) &ipo, sizeof(struct ip));
- break;
- }
+ bcopy(&(xd->amx_ictx), &ctx, xd->amx_hash->ctxsize);
+ xd->amx_hash->Update(&ctx, (unsigned char *) &ipo, sizeof(struct ip));
/* Options */
if ((ip->ip_hl << 2) > sizeof(struct ip))
@@ -413,31 +382,13 @@ ah_new_input(struct mbuf *m, struct tdb *tdb)
switch (optval)
{
case IPOPT_EOL:
- switch (xd->amx_hash_algorithm)
- {
- case ALG_AUTH_MD5:
- MD5Update(&md5ctx, ipseczeroes, 1);
- break;
-
- case ALG_AUTH_SHA1:
- SHA1Update(&sha1ctx, ipseczeroes, 1);
- break;
- }
+ xd->amx_hash->Update(&ctx, ipseczeroes, 1);
off = ip->ip_hl << 2;
break;
case IPOPT_NOP:
- switch (xd->amx_hash_algorithm)
- {
- case ALG_AUTH_MD5:
- MD5Update(&md5ctx, ipseczeroes, 1);
- break;
-
- case ALG_AUTH_SHA1:
- SHA1Update(&sha1ctx, ipseczeroes, 1);
- break;
- }
+ xd->amx_hash->Update(&ctx, ipseczeroes, 1);
off++;
break;
@@ -447,16 +398,7 @@ ah_new_input(struct mbuf *m, struct tdb *tdb)
case 134:
optval = ((u_int8_t *) ip)[off + 1];
- switch (xd->amx_hash_algorithm)
- {
- case ALG_AUTH_MD5:
- MD5Update(&md5ctx, (u_int8_t *) ip + off, optval);
- break;
-
- case ALG_AUTH_SHA1:
- SHA1Update(&sha1ctx, (u_int8_t *) ip + off, optval);
- break;
- }
+ xd->amx_hash->Update(&ctx, (u_int8_t *) ip + off, optval);
off += optval;
break;
@@ -464,36 +406,16 @@ ah_new_input(struct mbuf *m, struct tdb *tdb)
default:
optval = ((u_int8_t *) ip)[off + 1];
- switch (xd->amx_hash_algorithm)
- {
- case ALG_AUTH_MD5:
- MD5Update(&md5ctx, ipseczeroes, optval);
- break;
-
- case ALG_AUTH_SHA1:
- SHA1Update(&sha1ctx, ipseczeroes, optval);
- break;
- }
+ xd->amx_hash->Update(&ctx, ipseczeroes, optval);
off += optval;
break;
}
}
- switch (xd->amx_hash_algorithm)
- {
- case ALG_AUTH_MD5:
- MD5Update(&md5ctx, (unsigned char *) ah, AH_NEW_FLENGTH -
- AH_HMAC_HASHLEN);
- MD5Update(&md5ctx, ipseczeroes, AH_HMAC_HASHLEN);
- break;
-
- case ALG_AUTH_SHA1:
- SHA1Update(&sha1ctx, (unsigned char *) ah, AH_NEW_FLENGTH -
- AH_HMAC_HASHLEN);
- SHA1Update(&sha1ctx, ipseczeroes, AH_HMAC_HASHLEN);
- break;
- }
+ xd->amx_hash->Update(&ctx, (unsigned char *) ah, AH_NEW_FLENGTH -
+ AH_HMAC_HASHLEN);
+ xd->amx_hash->Update(&ctx, ipseczeroes, AH_HMAC_HASHLEN);
/*
* Code shamelessly stolen from m_copydata
@@ -521,40 +443,18 @@ ah_new_input(struct mbuf *m, struct tdb *tdb)
count = min(m0->m_len - off, len);
- switch (xd->amx_hash_algorithm)
- {
- case ALG_AUTH_MD5:
- MD5Update(&md5ctx, mtod(m0, unsigned char *) + off, count);
- break;
-
- case ALG_AUTH_SHA1:
- SHA1Update(&sha1ctx, mtod(m0, unsigned char *) + off, count);
- break;
- }
+ xd->amx_hash->Update(&ctx, mtod(m0, unsigned char *) + off, count);
len -= count;
off = 0;
m0 = m0->m_next;
}
- switch (xd->amx_hash_algorithm)
- {
- case ALG_AUTH_MD5:
- MD5Final((unsigned char *) (aho->ah_data), &md5ctx);
- md5ctx = xd->amx_md5_octx;
- MD5Update(&md5ctx, (unsigned char *) (aho->ah_data),
- AH_MD5_ALEN);
- MD5Final((unsigned char *) (aho->ah_data), &md5ctx);
- break;
-
- case ALG_AUTH_SHA1:
- SHA1Final((unsigned char *) (aho->ah_data), &sha1ctx);
- sha1ctx = xd->amx_sha1_octx;
- SHA1Update(&sha1ctx, (unsigned char *) (aho->ah_data),
- AH_SHA1_ALEN);
- SHA1Final((unsigned char *) (aho->ah_data), &sha1ctx);
- break;
- }
+ xd->amx_hash->Final((unsigned char *) (aho->ah_data), &ctx);
+ bcopy(&(xd->amx_octx), &ctx, xd->amx_hash->ctxsize);
+ xd->amx_hash->Update(&ctx, (unsigned char *) (aho->ah_data),
+ xd->amx_hash->hashsize);
+ xd->amx_hash->Final((unsigned char *) (aho->ah_data), &ctx);
if (bcmp(aho->ah_data, ah->ah_data, AH_HMAC_HASHLEN))
{
@@ -650,8 +550,10 @@ ah_new_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
struct ah_new aho, *ah;
register int len, off, count;
register struct mbuf *m0;
- MD5_CTX md5ctx;
- SHA1_CTX sha1ctx;
+ union {
+ MD5_CTX md5ctx;
+ SHA1_CTX sha1ctx;
+ } ctx;
int ilen, ohlen;
u_int8_t optval;
u_char buffer[AH_ALEN_MAX], opts[40];
@@ -692,25 +594,11 @@ ah_new_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
m_copydata(m, sizeof(struct ip), (ip->ip_hl << 2) - sizeof(struct ip),
(caddr_t) opts);
- switch (xd->amx_hash_algorithm)
- {
- case ALG_AUTH_MD5:
- case ALG_AUTH_SHA1:
#ifdef ENCDEBUG
- if (encdebug)
- printf("ah_new_output(): using hash algorithm %d\n",
- xd->amx_hash_algorithm);
+ if (encdebug)
+ printf("ah_new_output(): using hash algorithm %s\n",
+ xd->amx_hash->name);
#endif /* ENCDEBUG */
- break;
-
- default:
- if (encdebug)
- log(LOG_ALERT,
- "ah_new_output(): unsupported algorithm %d in SA %x/%08x\n",
- xd->amx_hash_algorithm, tdb->tdb_dst, ntohl(tdb->tdb_spi));
- m_freem(m);
- return NULL;
- }
ilen = ntohs(ip->ip_len);
@@ -747,18 +635,8 @@ ah_new_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
aho.ah_rpl = htonl(xd->amx_rpl++);
- switch (xd->amx_hash_algorithm)
- {
- case ALG_AUTH_MD5:
- md5ctx = xd->amx_md5_ictx;
- MD5Update(&md5ctx, (unsigned char *) &ipo, sizeof(struct ip));
- break;
-
- case ALG_AUTH_SHA1:
- sha1ctx = xd->amx_sha1_ictx;
- SHA1Update(&sha1ctx, (unsigned char *) &ipo, sizeof(struct ip));
- break;
- }
+ bcopy(&(xd->amx_ictx), &ctx, xd->amx_hash->ctxsize);
+ xd->amx_hash->Update(&ctx, (unsigned char *) &ipo, sizeof(struct ip));
/* Options */
if ((ip->ip_hl << 2) > sizeof(struct ip))
@@ -768,31 +646,13 @@ ah_new_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
switch (optval)
{
case IPOPT_EOL:
- switch (xd->amx_hash_algorithm)
- {
- case ALG_AUTH_MD5:
- MD5Update(&md5ctx, ipseczeroes, 1);
- break;
-
- case ALG_AUTH_SHA1:
- SHA1Update(&sha1ctx, ipseczeroes, 1);
- break;
- }
+ xd->amx_hash->Update(&ctx, ipseczeroes, 1);
off = ip->ip_hl << 2;
break;
case IPOPT_NOP:
- switch (xd->amx_hash_algorithm)
- {
- case ALG_AUTH_MD5:
- MD5Update(&md5ctx, ipseczeroes, 1);
- break;
-
- case ALG_AUTH_SHA1:
- SHA1Update(&sha1ctx, ipseczeroes, 1);
- break;
- }
+ xd->amx_hash->Update(&ctx, ipseczeroes, 1);
off++;
break;
@@ -802,16 +662,7 @@ ah_new_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
case 134:
optval = ((u_int8_t *) ip)[off + 1];
- switch (xd->amx_hash_algorithm)
- {
- case ALG_AUTH_MD5:
- MD5Update(&md5ctx, (u_int8_t *) ip + off, optval);
- break;
-
- case ALG_AUTH_SHA1:
- SHA1Update(&sha1ctx, (u_int8_t *) ip + off, optval);
- break;
- }
+ xd->amx_hash->Update(&ctx, (u_int8_t *) ip + off, optval);
off += optval;
break;
@@ -819,32 +670,14 @@ ah_new_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
default:
optval = ((u_int8_t *) ip)[off + 1];
- switch (xd->amx_hash_algorithm)
- {
- case ALG_AUTH_MD5:
- MD5Update(&md5ctx, ipseczeroes, optval);
- break;
-
- case ALG_AUTH_SHA1:
- SHA1Update(&sha1ctx, ipseczeroes, optval);
- break;
- }
+ xd->amx_hash->Update(&ctx, ipseczeroes, optval);
off += optval;
break;
}
}
- switch (xd->amx_hash_algorithm)
- {
- case ALG_AUTH_MD5:
- MD5Update(&md5ctx, (unsigned char *) &aho, AH_NEW_FLENGTH);
- break;
-
- case ALG_AUTH_SHA1:
- SHA1Update(&sha1ctx, (unsigned char *) &aho, AH_NEW_FLENGTH);
- break;
- }
+ xd->amx_hash->Update(&ctx, (unsigned char *) &aho, AH_NEW_FLENGTH);
off = ip->ip_hl << 2;
@@ -861,16 +694,7 @@ ah_new_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
panic("ah_new_output(): m_copydata");
count = min(m0->m_len - off, len);
- switch (xd->amx_hash_algorithm)
- {
- case ALG_AUTH_MD5:
- MD5Update(&md5ctx, mtod(m0, unsigned char *) + off, count);
- break;
-
- case ALG_AUTH_SHA1:
- SHA1Update(&sha1ctx, mtod(m0, unsigned char *) + off, count);
- break;
- }
+ xd->amx_hash->Update(&ctx, mtod(m0, unsigned char *) + off, count);
len -= count;
off = 0;
@@ -912,22 +736,10 @@ ah_new_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
ah->ah_spi = aho.ah_spi;
ah->ah_rpl = aho.ah_rpl;
- switch (xd->amx_hash_algorithm)
- {
- case ALG_AUTH_MD5:
- MD5Final(buffer, &md5ctx);
- md5ctx = xd->amx_md5_octx;
- MD5Update(&md5ctx, buffer, AH_MD5_ALEN);
- MD5Final(buffer, &md5ctx);
- break;
-
- case ALG_AUTH_SHA1:
- SHA1Final(buffer, &sha1ctx);
- sha1ctx = xd->amx_sha1_octx;
- SHA1Update(&sha1ctx, buffer, AH_SHA1_ALEN);
- SHA1Final(buffer, &sha1ctx);
- break;
- }
+ xd->amx_hash->Final(buffer, &ctx);
+ bcopy(&(xd->amx_octx), &ctx, xd->amx_hash->ctxsize);
+ xd->amx_hash->Update(&ctx, buffer, xd->amx_hash->hashsize);
+ xd->amx_hash->Final(buffer, &ctx);
/* Restore the options */
m_copyback(m, sizeof(struct ip), (ip->ip_hl << 2) - sizeof(struct ip),
diff --git a/sys/netinet/ip_ah_old.c b/sys/netinet/ip_ah_old.c
index dcea2202f3f..f4e92fb9493 100644
--- a/sys/netinet/ip_ah_old.c
+++ b/sys/netinet/ip_ah_old.c
@@ -8,7 +8,11 @@
* Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
* by Angelos D. Keromytis, kermit@forthnet.gr.
*
- * Copyright (C) 1995, 1996, 1997 by John Ioannidis and Angelos D. Keromytis.
+ * Additional transforms and features in 1997 by Angelos D. Keromytis and
+ * Niels Provos.
+ *
+ * Copyright (C) 1995, 1996, 1997 by John Ioannidis, Angelos D. Keromytis
+ * and Niels Provos.
*
* Permission to use, copy, and modify this software without fee
* is hereby granted, provided that this entire notice is included in
@@ -61,6 +65,23 @@
extern void encap_sendnotify(int, struct tdb *);
+struct ah_hash ah_old_hash[] = {
+ { ALG_AUTH_MD5, "Keyed MD5",
+ AH_MD5_ALEN,
+ sizeof(MD5_CTX),
+ (void (*)(void *))MD5Init,
+ (void (*)(void *, u_int8_t *, u_int16_t))MD5Update,
+ (void (*)(u_int8_t *, void *))MD5Final
+ },
+ { ALG_AUTH_SHA1, "Keyed SHA1",
+ AH_SHA1_ALEN,
+ sizeof(SHA1_CTX),
+ (void (*)(void *))SHA1Init,
+ (void (*)(void *, u_int8_t *, u_int16_t))SHA1Update,
+ (void (*)(u_int8_t *, void *))SHA1Final
+ }
+};
+
/*
* ah_old_attach() is called from the transformation initialization code.
*/
@@ -86,6 +107,8 @@ ah_old_init(struct tdb *tdbp, struct xformsw *xsp, struct mbuf *m)
struct ah_old_xencap xenc;
struct ah_old_xdata *xd;
struct encap_msghdr *em;
+ struct ah_hash *thash;
+ int i;
if (m->m_len < ENCAP_MSG_FIXED_LEN)
{
@@ -111,23 +134,23 @@ ah_old_init(struct tdb *tdbp, struct xformsw *xsp, struct mbuf *m)
m_copydata(m, EMT_SETSPI_FLEN, AH_OLD_XENCAP_LEN, (caddr_t) &xenc);
/* Check whether the hash algorithm is supported */
- switch (xenc.amx_hash_algorithm)
+ for (i=sizeof(ah_old_hash)/sizeof(struct ah_hash)-1; i >= 0; i--)
+ if (xenc.amx_hash_algorithm == ah_old_hash[i].type)
+ break;
+ if (i < 0)
{
- case ALG_AUTH_MD5:
- case ALG_AUTH_SHA1:
+ if (encdebug)
+ log(LOG_WARNING, "ah_old_init(): unsupported authentication algorithm %d specified\n",
+ xenc.amx_hash_algorithm);
+ m_freem(m);
+ return EINVAL;
+ }
#ifdef ENCDEBUG
- if (encdebug)
- printf("ah_old_init(): initialized TDB with hash algorithm %d\n",
- xenc.amx_hash_algorithm);
+ if (encdebug)
+ printf("ah_old_init(): initalized TDB with hash algorithm %d: %s\n",
+ xenc.amx_hash_algorithm, ah_old_hash[i].name);
#endif /* ENCDEBUG */
- break;
-
- default:
- if (encdebug)
- log(LOG_WARNING, "ah_old_init(): unsupported authentication algorithm %d specified\n", xenc.amx_hash_algorithm);
- m_freem(m);
- return EINVAL;
- }
+ thash = &ah_old_hash[i];
if (xenc.amx_keylen + EMT_SETSPI_FLEN + AH_OLD_XENCAP_LEN != em->em_msglen)
{
@@ -156,26 +179,18 @@ ah_old_init(struct tdb *tdbp, struct xformsw *xsp, struct mbuf *m)
xd->amx_keylen = xenc.amx_keylen;
xd->amx_hash_algorithm = xenc.amx_hash_algorithm;
+ xd->amx_hash = thash;
+
+ /* Pass name of auth algorithm for kernfs */
+ tdbp->tdb_authname = xd->amx_hash->name;
/* Copy the key material */
m_copydata(m, EMT_SETSPI_FLEN + AH_OLD_XENCAP_LEN, xd->amx_keylen,
(caddr_t) xd->amx_key);
- /* Save us some time in processing */
- switch (xd->amx_hash_algorithm)
- {
- case ALG_AUTH_MD5:
- MD5Init(&(xd->amx_md5_ctx));
- MD5Update(&(xd->amx_md5_ctx), xd->amx_key, xd->amx_keylen);
- MD5Final(NULL, &(xd->amx_md5_ctx));
- break;
-
- case ALG_AUTH_SHA1:
- SHA1Init(&(xd->amx_sha1_ctx));
- SHA1Update(&(xd->amx_sha1_ctx), xd->amx_key, xd->amx_keylen);
- SHA1Final(NULL, &(xd->amx_sha1_ctx));
- break;
- }
+ xd->amx_hash->Init(&(xd->amx_ctx));
+ xd->amx_hash->Update(&(xd->amx_ctx), xd->amx_key, xd->amx_keylen);
+ xd->amx_hash->Final(NULL, &(xd->amx_ctx));
bzero(ipseczeroes, IPSEC_ZEROES_SIZE); /* paranoid */
@@ -211,8 +226,10 @@ ah_old_input(struct mbuf *m, struct tdb *tdb)
struct ifnet *rcvif;
int ohlen, len, count, off, alen;
struct mbuf *m0;
- MD5_CTX md5ctx;
- SHA1_CTX sha1ctx;
+ union {
+ MD5_CTX md5ctx;
+ SHA1_CTX sha1ctx;
+ } ctx;
u_int8_t optval;
u_char buffer[40];
@@ -220,24 +237,7 @@ ah_old_input(struct mbuf *m, struct tdb *tdb)
xd = (struct ah_old_xdata *) tdb->tdb_xdata;
- switch (xd->amx_hash_algorithm)
- {
- case ALG_AUTH_MD5:
- alen = AH_MD5_ALEN;
- break;
-
- case ALG_AUTH_SHA1:
- alen = AH_SHA1_ALEN;
- break;
-
- default:
- if (encdebug)
- log(LOG_ALERT,
- "ah_old_input(): unsupported algorithm %d in SA %x/%08x\n",
- xd->amx_hash_algorithm, tdb->tdb_dst, ntohl(tdb->tdb_spi));
- m_freem(m);
- return NULL;
- }
+ alen = xd->amx_hash->hashsize;
ohlen = sizeof(struct ip) + AH_OLD_FLENGTH + alen;
@@ -295,18 +295,8 @@ ah_old_input(struct mbuf *m, struct tdb *tdb)
ipo.ip_ttl = 0;
ipo.ip_sum = 0;
- switch (xd->amx_hash_algorithm)
- {
- case ALG_AUTH_MD5:
- md5ctx = xd->amx_md5_ctx;
- MD5Update(&md5ctx, (unsigned char *) &ipo, sizeof(struct ip));
- break;
-
- case ALG_AUTH_SHA1:
- sha1ctx = xd->amx_sha1_ctx;
- SHA1Update(&sha1ctx, (unsigned char *) &ipo, sizeof(struct ip));
- break;
- }
+ bcopy(&(xd->amx_ctx), &ctx, xd->amx_hash->ctxsize);
+ xd->amx_hash->Update(&ctx, (unsigned char *) &ipo, sizeof(struct ip));
/* Options */
if ((ip->ip_hl << 2) > sizeof(struct ip))
@@ -316,31 +306,13 @@ ah_old_input(struct mbuf *m, struct tdb *tdb)
switch (optval)
{
case IPOPT_EOL:
- switch (xd->amx_hash_algorithm)
- {
- case ALG_AUTH_MD5:
- MD5Update(&md5ctx, ipseczeroes, 1);
- break;
-
- case ALG_AUTH_SHA1:
- SHA1Update(&sha1ctx, ipseczeroes, 1);
- break;
- }
+ xd->amx_hash->Update(&ctx, ipseczeroes, 1);
off = ip->ip_hl << 2;
break;
case IPOPT_NOP:
- switch (xd->amx_hash_algorithm)
- {
- case ALG_AUTH_MD5:
- MD5Update(&md5ctx, ipseczeroes, 1);
- break;
-
- case ALG_AUTH_SHA1:
- SHA1Update(&sha1ctx, ipseczeroes, 1);
- break;
- }
+ xd->amx_hash->Update(&ctx, ipseczeroes, 1);
off++;
break;
@@ -350,16 +322,7 @@ ah_old_input(struct mbuf *m, struct tdb *tdb)
case 134:
optval = ((u_int8_t *) ip)[off + 1];
- switch (xd->amx_hash_algorithm)
- {
- case ALG_AUTH_MD5:
- MD5Update(&md5ctx, (u_int8_t *) ip + off, optval);
- break;
-
- case ALG_AUTH_SHA1:
- SHA1Update(&sha1ctx, (u_int8_t *) ip + off, optval);
- break;
- }
+ xd->amx_hash->Update(&ctx, (u_int8_t *) ip + off, optval);
off += optval;
break;
@@ -367,16 +330,7 @@ ah_old_input(struct mbuf *m, struct tdb *tdb)
default:
optval = ((u_int8_t *) ip)[off + 1];
- switch (xd->amx_hash_algorithm)
- {
- case ALG_AUTH_MD5:
- MD5Update(&md5ctx, ipseczeroes, optval);
- break;
-
- case ALG_AUTH_SHA1:
- SHA1Update(&sha1ctx, ipseczeroes, optval);
- break;
- }
+ xd->amx_hash->Update(&ctx, ipseczeroes, optval);
off += optval;
break;
@@ -384,18 +338,8 @@ ah_old_input(struct mbuf *m, struct tdb *tdb)
}
- switch (xd->amx_hash_algorithm)
- {
- case ALG_AUTH_MD5:
- MD5Update(&md5ctx, (unsigned char *) ah, AH_OLD_FLENGTH);
- MD5Update(&md5ctx, ipseczeroes, AH_MD5_ALEN);
- break;
-
- case ALG_AUTH_SHA1:
- SHA1Update(&sha1ctx, (unsigned char *) ah, AH_OLD_FLENGTH);
- SHA1Update(&sha1ctx, ipseczeroes, AH_SHA1_ALEN);
- break;
- }
+ xd->amx_hash->Update(&ctx, (unsigned char *) ah, AH_OLD_FLENGTH);
+ xd->amx_hash->Update(&ctx, ipseczeroes, AH_MD5_ALEN);
/*
* Code shamelessly stolen from m_copydata
@@ -423,33 +367,15 @@ ah_old_input(struct mbuf *m, struct tdb *tdb)
count = min(m0->m_len - off, len);
- switch (xd->amx_hash_algorithm)
- {
- case ALG_AUTH_MD5:
- MD5Update(&md5ctx, mtod(m0, unsigned char *) + off, count);
- break;
-
- case ALG_AUTH_SHA1:
- SHA1Update(&sha1ctx, mtod(m0, unsigned char *) + off, count);
- }
+ xd->amx_hash->Update(&ctx, mtod(m0, unsigned char *) + off, count);
len -= count;
off = 0;
m0 = m0->m_next;
}
- switch (xd->amx_hash_algorithm)
- {
- case ALG_AUTH_MD5:
- MD5Update(&md5ctx, (unsigned char *) xd->amx_key, xd->amx_keylen);
- MD5Final((unsigned char *) (aho->ah_data), &md5ctx);
- break;
-
- case ALG_AUTH_SHA1:
- SHA1Update(&sha1ctx, (unsigned char *) xd->amx_key, xd->amx_keylen);
- SHA1Final((unsigned char *) (aho->ah_data), &sha1ctx);
- break;
- }
+ xd->amx_hash->Update(&ctx, (unsigned char *) xd->amx_key, xd->amx_keylen);
+ xd->amx_hash->Final((unsigned char *) (aho->ah_data), &ctx);
if (bcmp(aho->ah_data, ah->ah_data, alen))
{
@@ -531,8 +457,10 @@ ah_old_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
struct ah_old *ah, aho;
register int len, off, count;
register struct mbuf *m0;
- MD5_CTX md5ctx;
- SHA1_CTX sha1ctx;
+ union {
+ MD5_CTX md5ctx;
+ SHA1_CTX sha1ctx;
+ } ctx;
int ilen, ohlen, alen;
u_int8_t optval;
u_char opts[40];
@@ -569,24 +497,7 @@ ah_old_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
ip = mtod(m, struct ip *);
}
- switch (xd->amx_hash_algorithm)
- {
- case ALG_AUTH_MD5:
- alen = AH_MD5_ALEN;
- break;
-
- case ALG_AUTH_SHA1:
- alen = AH_SHA1_ALEN;
- break;
-
- default:
- if (encdebug)
- log(LOG_ALERT,
- "ah_old_output(): unsupported algorithm %d in SA %x/%08x\n",
- xd->amx_hash_algorithm, tdb->tdb_dst, ntohl(tdb->tdb_spi));
- m_freem(m);
- return NULL;
- }
+ alen = xd->amx_hash->hashsize;
/* Save the options */
m_copydata(m, sizeof(struct ip), (ip->ip_hl << 2) - sizeof(struct ip),
@@ -613,18 +524,8 @@ ah_old_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
aho.ah_rv = 0;
aho.ah_spi = tdb->tdb_spi;
- switch (xd->amx_hash_algorithm)
- {
- case ALG_AUTH_MD5:
- md5ctx = xd->amx_md5_ctx;
- MD5Update(&md5ctx, (unsigned char *) &ipo, sizeof(struct ip));
- break;
-
- case ALG_AUTH_SHA1:
- sha1ctx = xd->amx_sha1_ctx;
- SHA1Update(&sha1ctx, (unsigned char *) &ipo, sizeof(struct ip));
- break;
- }
+ bcopy(&(xd->amx_ctx), &ctx, xd->amx_hash->ctxsize);
+ xd->amx_hash->Update(&ctx, (unsigned char *) &ipo, sizeof(struct ip));
/* Options */
if ((ip->ip_hl << 2) > sizeof(struct ip))
@@ -634,31 +535,13 @@ ah_old_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
switch (optval)
{
case IPOPT_EOL:
- switch (xd->amx_hash_algorithm)
- {
- case ALG_AUTH_MD5:
- MD5Update(&md5ctx, ipseczeroes, 1);
- break;
-
- case ALG_AUTH_SHA1:
- SHA1Update(&sha1ctx, ipseczeroes, 1);
- break;
- }
+ xd->amx_hash->Update(&ctx, ipseczeroes, 1);
off = ip->ip_hl << 2;
break;
case IPOPT_NOP:
- switch (xd->amx_hash_algorithm)
- {
- case ALG_AUTH_MD5:
- MD5Update(&md5ctx, ipseczeroes, 1);
- break;
-
- case ALG_AUTH_SHA1:
- SHA1Update(&sha1ctx, ipseczeroes, 1);
- break;
- }
+ xd->amx_hash->Update(&ctx, ipseczeroes, 1);
off++;
break;
@@ -668,16 +551,7 @@ ah_old_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
case 134:
optval = ((u_int8_t *) ip)[off + 1];
- switch (xd->amx_hash_algorithm)
- {
- case ALG_AUTH_MD5:
- MD5Update(&md5ctx, (u_int8_t *) ip + off, optval);
- break;
-
- case ALG_AUTH_SHA1:
- SHA1Update(&sha1ctx, (u_int8_t *) ip + off, optval);
- break;
- }
+ xd->amx_hash->Update(&ctx, (u_int8_t *) ip + off, optval);
off += optval;
break;
@@ -685,34 +559,15 @@ ah_old_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
default:
optval = ((u_int8_t *) ip)[off + 1];
- switch (xd->amx_hash_algorithm)
- {
- case ALG_AUTH_MD5:
- MD5Update(&md5ctx, ipseczeroes, optval);
- break;
-
- case ALG_AUTH_SHA1:
- SHA1Update(&sha1ctx, ipseczeroes, optval);
- break;
- }
+ xd->amx_hash->Update(&ctx, ipseczeroes, optval);
off += optval;
break;
}
}
- switch (xd->amx_hash_algorithm)
- {
- case ALG_AUTH_MD5:
- MD5Update(&md5ctx, (unsigned char *) &aho, AH_OLD_FLENGTH);
- MD5Update(&md5ctx, ipseczeroes, alen);
- break;
-
- case ALG_AUTH_SHA1:
- SHA1Update(&sha1ctx, (unsigned char *) &aho, AH_OLD_FLENGTH);
- SHA1Update(&sha1ctx, ipseczeroes, alen);
- break;
- }
+ xd->amx_hash->Update(&ctx, (unsigned char *) &aho, AH_OLD_FLENGTH);
+ xd->amx_hash->Update(&ctx, ipseczeroes, alen);
/* Skip the IP header and any options */
off = ip->ip_hl << 2;
@@ -730,32 +585,14 @@ ah_old_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
panic("ah_old_output(): m_copydata()");
count = min(m0->m_len - off, len);
- switch (xd->amx_hash_algorithm)
- {
- case ALG_AUTH_MD5:
- MD5Update(&md5ctx, mtod(m0, unsigned char *) + off, count);
- break;
-
- case ALG_AUTH_SHA1:
- SHA1Update(&sha1ctx, mtod(m0, unsigned char *) + off, count);
- break;
- }
+ xd->amx_hash->Update(&ctx, mtod(m0, unsigned char *) + off, count);
len -= count;
off = 0;
m0 = m0->m_next;
}
- switch (xd->amx_hash_algorithm)
- {
- case ALG_AUTH_MD5:
- MD5Update(&md5ctx, (unsigned char *) xd->amx_key, xd->amx_keylen);
- break;
-
- case ALG_AUTH_SHA1:
- SHA1Update(&sha1ctx, (unsigned char *) xd->amx_key, xd->amx_keylen);
- break;
- }
+ xd->amx_hash->Update(&ctx, (unsigned char *) xd->amx_key, xd->amx_keylen);
ipo.ip_tos = ip->ip_tos;
ipo.ip_id = ip->ip_id;
@@ -795,16 +632,7 @@ ah_old_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
m_copyback(m, sizeof(struct ip), (ip->ip_hl << 2) - sizeof(struct ip),
(caddr_t) opts);
- switch (xd->amx_hash_algorithm)
- {
- case ALG_AUTH_MD5:
- MD5Final(ah->ah_data, &md5ctx);
- break;
-
- case ALG_AUTH_SHA1:
- SHA1Final(ah->ah_data, &sha1ctx);
- break;
- }
+ xd->amx_hash->Final(ah->ah_data, &ctx);
*mp = m;
diff --git a/sys/netinet/ip_blf.c b/sys/netinet/ip_blf.c
new file mode 100644
index 00000000000..dbf5a858255
--- /dev/null
+++ b/sys/netinet/ip_blf.c
@@ -0,0 +1,626 @@
+/* $OpenBSD: ip_blf.c,v 1.1 1997/11/04 09:11:03 provos Exp $ */
+/*
+ * Blowfish block cipher for OpenBSD
+ * Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
+ * All rights reserved.
+ *
+ * Implementation advice by David Mazieres <dm@lcs.mit.edu>.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by Niels Provos.
+ * 4. The name of the author may not be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * This code is derived from section 14.3 and the given source
+ * in section V of Applied Cryptography, second edition.
+ * Blowfish is an unpatented fast block cipher designed by
+ * Bruce Schneier.
+ */
+
+#include <sys/param.h>
+#include <sys/systm.h>
+
+#include <netinet/ip_blf.h>
+
+#undef inline
+#ifdef __GNUC__
+#define inline __inline
+#else /* !__GNUC__ */
+#define inline
+#endif /* !__GNUC__ */
+
+static inline u_int32_t F __P((blf_ctx * bc, u_int32_t x));
+
+/* Function for Feistel Networks */
+
+static inline u_int32_t
+F(bc, x)
+ blf_ctx *bc;
+ u_int32_t x;
+{
+ u_int8_t a;
+ u_int8_t b;
+ u_int8_t c;
+ u_int8_t d;
+ u_int32_t y;
+
+ d = (u_int8_t) (x & 0xFF);
+ x >>= 8;
+ c = (u_int8_t) (x & 0xFF);
+ x >>= 8;
+ b = (u_int8_t) (x & 0xFF);
+ x >>= 8;
+ a = (u_int8_t) (x & 0xFF);
+
+ y = bc->S[0][a] + bc->S[1][b];
+ y = y ^ bc->S[2][c];
+ y = y + bc->S[3][d];
+
+ return y;
+}
+
+void
+Blowfish_encipher(c, xl, xr)
+ blf_ctx *c;
+ u_int32_t *xl;
+ u_int32_t *xr;
+{
+ u_int32_t Xl;
+ u_int32_t Xr;
+ u_int32_t temp;
+ u_int16_t i;
+
+ Xl = *xl;
+ Xr = *xr;
+
+ for (i = 0; i < BLF_N; i++) {
+ /* One round of a Feistel network */
+ Xl = Xl ^ c->P[i];
+ Xr = F(c, Xl) ^ Xr;
+
+ /* Swap Xl and Xr */
+ temp = Xl;
+ Xl = Xr;
+ Xr = temp;
+ }
+
+ /* End of Feistel Network, swap again */
+ temp = Xl;
+ Xl = Xr;
+ Xr = temp;
+
+ Xr = Xr ^ c->P[BLF_N];
+ Xl = Xl ^ c->P[BLF_N + 1];
+
+ *xl = Xl;
+ *xr = Xr;
+}
+
+void
+Blowfish_decipher(c, xl, xr)
+ blf_ctx *c;
+ u_int32_t *xl;
+ u_int32_t *xr;
+{
+ u_int32_t Xl;
+ u_int32_t Xr;
+ u_int32_t temp;
+ u_int16_t i;
+
+ Xl = *xl;
+ Xr = *xr;
+
+ for (i = BLF_N + 1; i > 1; i--) {
+ /* One round of a Feistel network */
+ Xl = Xl ^ c->P[i];
+ Xr = F(c, Xl) ^ Xr;
+
+ /* Swap Xl and Xr */
+ temp = Xl;
+ Xl = Xr;
+ Xr = temp;
+ }
+
+ /* End of Feistel Network, swap again */
+ temp = Xl;
+ Xl = Xr;
+ Xr = temp;
+
+ Xr = Xr ^ c->P[1];
+ Xl = Xl ^ c->P[0];
+
+ *xr = Xr;
+ *xl = Xl;
+}
+
+void
+Blowfish_initstate(c)
+ blf_ctx *c;
+{
+
+/* P-box and S-box tables initialized with digits of Pi */
+
+ const blf_ctx initstate =
+
+ { {
+ {
+ 0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7,
+ 0xb8e1afed, 0x6a267e96, 0xba7c9045, 0xf12c7f99,
+ 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16,
+ 0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e,
+ 0x0d95748f, 0x728eb658, 0x718bcd58, 0x82154aee,
+ 0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013,
+ 0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef,
+ 0x8e79dcb0, 0x603a180e, 0x6c9e0e8b, 0xb01e8a3e,
+ 0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60,
+ 0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440,
+ 0x55ca396a, 0x2aab10b6, 0xb4cc5c34, 0x1141e8ce,
+ 0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a,
+ 0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e,
+ 0xafd6ba33, 0x6c24cf5c, 0x7a325381, 0x28958677,
+ 0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193,
+ 0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032,
+ 0xef845d5d, 0xe98575b1, 0xdc262302, 0xeb651b88,
+ 0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239,
+ 0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e,
+ 0x21c66842, 0xf6e96c9a, 0x670c9c61, 0xabd388f0,
+ 0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3,
+ 0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98,
+ 0xa1f1651d, 0x39af0176, 0x66ca593e, 0x82430e88,
+ 0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe,
+ 0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6,
+ 0x4ed3aa62, 0x363f7706, 0x1bfedf72, 0x429b023d,
+ 0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b,
+ 0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7,
+ 0xe3fe501a, 0xb6794c3b, 0x976ce0bd, 0x04c006ba,
+ 0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463,
+ 0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f,
+ 0x6dfc511f, 0x9b30952c, 0xcc814544, 0xaf5ebd09,
+ 0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3,
+ 0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb,
+ 0x5579c0bd, 0x1a60320a, 0xd6a100c6, 0x402c7279,
+ 0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8,
+ 0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab,
+ 0x323db5fa, 0xfd238760, 0x53317b48, 0x3e00df82,
+ 0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db,
+ 0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573,
+ 0x695b27b0, 0xbbca58c8, 0xe1ffa35d, 0xb8f011a0,
+ 0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b,
+ 0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790,
+ 0xe1ddf2da, 0xa4cb7e33, 0x62fb1341, 0xcee4c6e8,
+ 0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4,
+ 0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0,
+ 0xd08ed1d0, 0xafc725e0, 0x8e3c5b2f, 0x8e7594b7,
+ 0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c,
+ 0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad,
+ 0x2f2f2218, 0xbe0e1777, 0xea752dfe, 0x8b021fa1,
+ 0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299,
+ 0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9,
+ 0x165fa266, 0x80957705, 0x93cc7314, 0x211a1477,
+ 0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf,
+ 0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49,
+ 0x00250e2d, 0x2071b35e, 0x226800bb, 0x57b8e0af,
+ 0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa,
+ 0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5,
+ 0x83260376, 0x6295cfa9, 0x11c81968, 0x4e734a41,
+ 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915,
+ 0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400,
+ 0x08ba6fb5, 0x571be91f, 0xf296ec6b, 0x2a0dd915,
+ 0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664,
+ 0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a},
+ {
+ 0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623,
+ 0xad6ea6b0, 0x49a7df7d, 0x9cee60b8, 0x8fedb266,
+ 0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1,
+ 0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e,
+ 0x3f54989a, 0x5b429d65, 0x6b8fe4d6, 0x99f73fd6,
+ 0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1,
+ 0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e,
+ 0x09686b3f, 0x3ebaefc9, 0x3c971814, 0x6b6a70a1,
+ 0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737,
+ 0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8,
+ 0xb03ada37, 0xf0500c0d, 0xf01c1f04, 0x0200b3ff,
+ 0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd,
+ 0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701,
+ 0x3ae5e581, 0x37c2dadc, 0xc8b57634, 0x9af3dda7,
+ 0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41,
+ 0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331,
+ 0x4e548b38, 0x4f6db908, 0x6f420d03, 0xf60a04bf,
+ 0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af,
+ 0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e,
+ 0x5512721f, 0x2e6b7124, 0x501adde6, 0x9f84cd87,
+ 0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c,
+ 0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2,
+ 0xef1c1847, 0x3215d908, 0xdd433b37, 0x24c2ba16,
+ 0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd,
+ 0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b,
+ 0x043556f1, 0xd7a3c76b, 0x3c11183b, 0x5924a509,
+ 0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e,
+ 0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3,
+ 0x771fe71c, 0x4e3d06fa, 0x2965dcb9, 0x99e71d0f,
+ 0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a,
+ 0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4,
+ 0xf2f74ea7, 0x361d2b3d, 0x1939260f, 0x19c27960,
+ 0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66,
+ 0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28,
+ 0xc332ddef, 0xbe6c5aa5, 0x65582185, 0x68ab9802,
+ 0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84,
+ 0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510,
+ 0x13cca830, 0xeb61bd96, 0x0334fe1e, 0xaa0363cf,
+ 0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14,
+ 0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e,
+ 0x648b1eaf, 0x19bdf0ca, 0xa02369b9, 0x655abb50,
+ 0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7,
+ 0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8,
+ 0xf837889a, 0x97e32d77, 0x11ed935f, 0x16681281,
+ 0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99,
+ 0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696,
+ 0xcdb30aeb, 0x532e3054, 0x8fd948e4, 0x6dbc3128,
+ 0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73,
+ 0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0,
+ 0x45eee2b6, 0xa3aaabea, 0xdb6c4f15, 0xfacb4fd0,
+ 0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105,
+ 0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250,
+ 0xcf62a1f2, 0x5b8d2646, 0xfc8883a0, 0xc1c7b6a3,
+ 0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285,
+ 0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00,
+ 0x58428d2a, 0x0c55f5ea, 0x1dadf43e, 0x233f7061,
+ 0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb,
+ 0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e,
+ 0xa6078084, 0x19f8509e, 0xe8efd855, 0x61d99735,
+ 0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc,
+ 0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9,
+ 0xdb73dbd3, 0x105588cd, 0x675fda79, 0xe3674340,
+ 0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20,
+ 0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7},
+ {
+ 0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934,
+ 0x411520f7, 0x7602d4f7, 0xbcf46b2e, 0xd4a20068,
+ 0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af,
+ 0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840,
+ 0x4d95fc1d, 0x96b591af, 0x70f4ddd3, 0x66a02f45,
+ 0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504,
+ 0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a,
+ 0x28507825, 0x530429f4, 0x0a2c86da, 0xe9b66dfb,
+ 0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee,
+ 0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6,
+ 0xaace1e7c, 0xd3375fec, 0xce78a399, 0x406b2a42,
+ 0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b,
+ 0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2,
+ 0x3a6efa74, 0xdd5b4332, 0x6841e7f7, 0xca7820fb,
+ 0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527,
+ 0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b,
+ 0x55a867bc, 0xa1159a58, 0xcca92963, 0x99e1db33,
+ 0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c,
+ 0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3,
+ 0x95c11548, 0xe4c66d22, 0x48c1133f, 0xc70f86dc,
+ 0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17,
+ 0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564,
+ 0x257b7834, 0x602a9c60, 0xdff8e8a3, 0x1f636c1b,
+ 0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115,
+ 0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922,
+ 0x85b2a20e, 0xe6ba0d99, 0xde720c8c, 0x2da2f728,
+ 0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0,
+ 0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e,
+ 0x0a476341, 0x992eff74, 0x3a6f6eab, 0xf4f8fd37,
+ 0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d,
+ 0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804,
+ 0xf1290dc7, 0xcc00ffa3, 0xb5390f92, 0x690fed0b,
+ 0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3,
+ 0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb,
+ 0x37392eb3, 0xcc115979, 0x8026e297, 0xf42e312d,
+ 0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c,
+ 0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350,
+ 0x1a6b1018, 0x11caedfa, 0x3d25bdd8, 0xe2e1c3c9,
+ 0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a,
+ 0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe,
+ 0x9dbc8057, 0xf0f7c086, 0x60787bf8, 0x6003604d,
+ 0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc,
+ 0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f,
+ 0x77a057be, 0xbde8ae24, 0x55464299, 0xbf582e61,
+ 0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2,
+ 0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9,
+ 0x7aeb2661, 0x8b1ddf84, 0x846a0e79, 0x915f95e2,
+ 0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c,
+ 0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e,
+ 0xb77f19b6, 0xe0a9dc09, 0x662d09a1, 0xc4324633,
+ 0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10,
+ 0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169,
+ 0xdcb7da83, 0x573906fe, 0xa1e2ce9b, 0x4fcd7f52,
+ 0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027,
+ 0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5,
+ 0xf0177a28, 0xc0f586e0, 0x006058aa, 0x30dc7d62,
+ 0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634,
+ 0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76,
+ 0x6f05e409, 0x4b7c0188, 0x39720a3d, 0x7c927c24,
+ 0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc,
+ 0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4,
+ 0x1e50ef5e, 0xb161e6f8, 0xa28514d9, 0x6c51133c,
+ 0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837,
+ 0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0},
+ {
+ 0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b,
+ 0x5cb0679e, 0x4fa33742, 0xd3822740, 0x99bc9bbe,
+ 0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b,
+ 0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4,
+ 0x5748ab2f, 0xbc946e79, 0xc6a376d2, 0x6549c2c8,
+ 0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6,
+ 0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304,
+ 0xa1fad5f0, 0x6a2d519a, 0x63ef8ce2, 0x9a86ee22,
+ 0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4,
+ 0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6,
+ 0x2826a2f9, 0xa73a3ae1, 0x4ba99586, 0xef5562e9,
+ 0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59,
+ 0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593,
+ 0xe990fd5a, 0x9e34d797, 0x2cf0b7d9, 0x022b8b51,
+ 0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28,
+ 0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c,
+ 0xe029ac71, 0xe019a5e6, 0x47b0acfd, 0xed93fa9b,
+ 0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28,
+ 0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c,
+ 0x15056dd4, 0x88f46dba, 0x03a16125, 0x0564f0bd,
+ 0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a,
+ 0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319,
+ 0x7533d928, 0xb155fdf5, 0x03563482, 0x8aba3cbb,
+ 0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f,
+ 0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991,
+ 0xea7a90c2, 0xfb3e7bce, 0x5121ce64, 0x774fbe32,
+ 0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680,
+ 0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166,
+ 0xb39a460a, 0x6445c0dd, 0x586cdecf, 0x1c20c8ae,
+ 0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb,
+ 0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5,
+ 0x72eacea8, 0xfa6484bb, 0x8d6612ae, 0xbf3c6f47,
+ 0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370,
+ 0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d,
+ 0x4040cb08, 0x4eb4e2cc, 0x34d2466a, 0x0115af84,
+ 0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048,
+ 0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8,
+ 0x611560b1, 0xe7933fdc, 0xbb3a792b, 0x344525bd,
+ 0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9,
+ 0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7,
+ 0x1a908749, 0xd44fbd9a, 0xd0dadecb, 0xd50ada38,
+ 0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f,
+ 0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c,
+ 0xbf97222c, 0x15e6fc2a, 0x0f91fc71, 0x9b941525,
+ 0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1,
+ 0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442,
+ 0xe0ec6e0e, 0x1698db3b, 0x4c98a0be, 0x3278e964,
+ 0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e,
+ 0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8,
+ 0xdf359f8d, 0x9b992f2e, 0xe60b6f47, 0x0fe3f11d,
+ 0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f,
+ 0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299,
+ 0xf523f357, 0xa6327623, 0x93a83531, 0x56cccd02,
+ 0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc,
+ 0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614,
+ 0xe6c6c7bd, 0x327a140a, 0x45e1d006, 0xc3f27b9a,
+ 0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6,
+ 0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b,
+ 0x53113ec0, 0x1640e3d3, 0x38abbd60, 0x2547adf0,
+ 0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060,
+ 0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e,
+ 0x1948c25c, 0x02fb8a8c, 0x01c36ae4, 0xd6ebe1f9,
+ 0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f,
+ 0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6}
+ },
+ {
+ 0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344,
+ 0xa4093822, 0x299f31d0, 0x082efa98, 0xec4e6c89,
+ 0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c,
+ 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917,
+ 0x9216d5d9, 0x8979fb1b
+ } };
+
+ *c = initstate;
+
+}
+
+#ifdef __STDC__
+u_int32_t
+Blowfish_stream2word(const u_int8_t *data, u_int16_t databytes, u_int16_t *current)
+#else
+u_int32_t
+Blowfish_stream2word(data, databytes, current)
+ const u_int8_t *data;
+ u_int16_t databytes;
+ u_int16_t *current;
+#endif
+{
+ u_int8_t i;
+ u_int16_t j;
+ u_int32_t temp;
+
+ temp = 0x00000000;
+ j = *current;
+
+ for (i = 0; i < 4; i++, j++) {
+ if (j >= databytes)
+ j = 0;
+ temp = (temp << 8) | data[j];
+ }
+
+ *current = j;
+ return temp;
+}
+
+#if __STDC__
+void
+Blowfish_expand0state(blf_ctx *c, const u_int8_t *key, u_int16_t keybytes)
+#else
+void
+Blowfish_expand0state(c, key, keybytes)
+ blf_ctx *c;
+ const u_int8_t *key;
+ u_int16_t keybytes;
+#endif
+{
+ u_int16_t i;
+ u_int16_t j;
+ u_int16_t k;
+ u_int32_t temp;
+ u_int32_t datal;
+ u_int32_t datar;
+
+ j = 0;
+ for (i = 0; i < BLF_N + 2; i++) {
+ /* Extract 4 int8 to 1 int32 from keystream */
+ temp = Blowfish_stream2word(key, keybytes, &j);
+ c->P[i] = c->P[i] ^ temp;
+ }
+
+ j = 0;
+ datal = 0x00000000;
+ datar = 0x00000000;
+ for (i = 0; i < BLF_N + 2; i += 2) {
+ Blowfish_encipher(c, &datal, &datar);
+
+ c->P[i] = datal;
+ c->P[i + 1] = datar;
+ }
+
+ for (i = 0; i < 4; i++) {
+ for (k = 0; k < 256; k += 2) {
+ Blowfish_encipher(c, &datal, &datar);
+
+ c->S[i][k] = datal;
+ c->S[i][k + 1] = datar;
+ }
+ }
+}
+
+
+#if __STDC__
+void
+Blowfish_expandstate(blf_ctx *c, const u_int8_t *data, u_int16_t databytes,
+ const u_int8_t *key, u_int16_t keybytes)
+#else
+void
+Blowfish_expandstate(c, data, databytes, key, keybytes)
+ blf_ctx *c;
+ const u_int8_t *data;
+ u_int16_t databytes;
+ const u_int8_t *key;
+ u_int16_t keybytes;
+#endif
+{
+ u_int16_t i;
+ u_int16_t j;
+ u_int16_t k;
+ u_int32_t temp;
+ u_int32_t datal;
+ u_int32_t datar;
+
+ j = 0;
+ for (i = 0; i < BLF_N + 2; i++) {
+ /* Extract 4 int8 to 1 int32 from keystream */
+ temp = Blowfish_stream2word(key, keybytes, &j);
+ c->P[i] = c->P[i] ^ temp;
+ }
+
+ j = 0;
+ datal = 0x00000000;
+ datar = 0x00000000;
+ for (i = 0; i < BLF_N + 2; i += 2) {
+ datal ^= Blowfish_stream2word(data, databytes, &j);
+ datar ^= Blowfish_stream2word(data, databytes, &j);
+ Blowfish_encipher(c, &datal, &datar);
+
+ c->P[i] = datal;
+ c->P[i + 1] = datar;
+ }
+
+ for (i = 0; i < 4; i++) {
+ for (k = 0; k < 256; k += 2) {
+ datal ^= Blowfish_stream2word(data, databytes, &j);
+ datar ^= Blowfish_stream2word(data, databytes, &j);
+ Blowfish_encipher(c, &datal, &datar);
+
+ c->S[i][k] = datal;
+ c->S[i][k + 1] = datar;
+ }
+ }
+
+}
+
+#if __STDC__
+void
+blf_key(blf_ctx *c, const u_int8_t *k, u_int16_t len)
+#else
+void
+blf_key(c, k, len)
+ blf_ctx *c;
+ const u_int8_t *k;
+ u_int16_t len;
+#endif
+{
+ /* Initalize S-boxes and subkeys with Pi */
+ Blowfish_initstate(c);
+
+ /* Transform S-boxes and subkeys with key */
+ Blowfish_expand0state(c, k, len);
+}
+
+#if __STDC__
+void
+blf_enc(blf_ctx *c, u_int32_t *data, u_int16_t blocks)
+#else
+void
+blf_enc(c, data, blocks)
+ blf_ctx *c;
+ u_int32_t *data;
+ u_int16_t blocks;
+#endif
+{
+ u_int32_t *d;
+ u_int16_t i;
+
+ d = data;
+ for (i = 0; i < blocks; i++) {
+ Blowfish_encipher(c, d, d + 1);
+ d += 2;
+ }
+}
+
+#if __STDC__
+void
+blf_dec(blf_ctx *c, u_int32_t *data, u_int16_t blocks)
+#else
+void
+blf_dec(c, data, blocks)
+ blf_ctx *c;
+ u_int32_t *data;
+ u_int16_t blocks;
+#endif
+{
+ u_int32_t *d;
+ u_int16_t i;
+
+ d = data;
+ for (i = 0; i < blocks; i++) {
+ Blowfish_decipher(c, d, d + 1);
+ d += 2;
+ }
+}
diff --git a/sys/netinet/ip_blf.h b/sys/netinet/ip_blf.h
new file mode 100644
index 00000000000..bcc50cfd025
--- /dev/null
+++ b/sys/netinet/ip_blf.h
@@ -0,0 +1,75 @@
+/* $OpenBSD: ip_blf.h,v 1.1 1997/11/04 09:11:04 provos Exp $ */
+/*
+ * Blowfish - a fast block cipher designed by Bruce Schneier
+ *
+ * Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by Niels Provos.
+ * 4. The name of the author may not be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef _BLF_H_
+#define _BLF_H_
+
+/* Schneier states the maximum key length to be 56 bytes.
+ * The way how the subkeys are initalized by the key up
+ * to (N+2)*4 i.e. 72 bytes are utilized.
+ * Warning: For normal blowfish encryption only 56 bytes
+ * of the key affect all cipherbits.
+ */
+
+#define BLF_N 16 /* Number of Subkeys */
+#define BLF_MAXKEYLEN ((BLF_N-2)*4) /* 448 bits */
+
+/* Blowfish context */
+typedef struct BlowfishContext {
+ u_int32_t S[4][256]; /* S-Boxes */
+ u_int32_t P[BLF_N + 2]; /* Subkeys */
+} blf_ctx;
+
+/* Raw access to customized Blowfish
+ * blf_key is just:
+ * Blowfish_initstate( state )
+ * Blowfish_expand0state( state, key, keylen )
+ */
+
+void Blowfish_encipher __P((blf_ctx *, u_int32_t *, u_int32_t *));
+void Blowfish_decipher __P((blf_ctx *, u_int32_t *, u_int32_t *));
+void Blowfish_initstate __P((blf_ctx *));
+void Blowfish_expand0state __P((blf_ctx *, const u_int8_t *, u_int16_t));
+void Blowfish_expandstate
+ __P((blf_ctx *, const u_int8_t *, u_int16_t, const u_int8_t *, u_int16_t));
+
+/* Standard Blowfish */
+
+void blf_key __P((blf_ctx *, const u_int8_t *, u_int16_t));
+void blf_enc __P((blf_ctx *, u_int32_t *, u_int16_t));
+void blf_dec __P((blf_ctx *, u_int32_t *, u_int16_t));
+
+/* Converts u_int8_t to u_int32_t */
+u_int32_t Blowfish_stream2word __P((const u_int8_t *, u_int16_t , u_int16_t *));
+
+#endif
diff --git a/sys/netinet/ip_cast.c b/sys/netinet/ip_cast.c
new file mode 100644
index 00000000000..0c6009c4267
--- /dev/null
+++ b/sys/netinet/ip_cast.c
@@ -0,0 +1,240 @@
+/* $OpenBSD: ip_cast.c,v 1.1 1997/11/04 09:11:05 provos Exp $ */
+/*
+ * CAST-128 in C
+ * Written by Steve Reid <sreid@sea-to-sky.net>
+ * 100% Public Domain - no warranty
+ * Released 1997.10.11
+ */
+
+#include <netinet/ip_cast.h>
+#include <netinet/ip_castsb.h>
+
+/* Macros to access 8-bit bytes out of a 32-bit word */
+#define U8a(x) ( (u8) (x>>24) )
+#define U8b(x) ( (u8) ((x>>16)&255) )
+#define U8c(x) ( (u8) ((x>>8)&255) )
+#define U8d(x) ( (u8) ((x)&255) )
+
+/* Circular left shift */
+#define ROL(x, n) ( ((x)<<(n)) | ((x)>>(32-(n))) )
+
+/* CAST-128 uses three different round functions */
+#define F1(l, r, i) \
+ t = ROL(key->xkey[i] + r, key->xkey[i+16]); \
+ l ^= ((cast_sbox1[U8a(t)] ^ cast_sbox2[U8b(t)]) - \
+ cast_sbox3[U8c(t)]) + cast_sbox4[U8d(t)];
+#define F2(l, r, i) \
+ t = ROL(key->xkey[i] ^ r, key->xkey[i+16]); \
+ l ^= ((cast_sbox1[U8a(t)] - cast_sbox2[U8b(t)]) + \
+ cast_sbox3[U8c(t)]) ^ cast_sbox4[U8d(t)];
+#define F3(l, r, i) \
+ t = ROL(key->xkey[i] - r, key->xkey[i+16]); \
+ l ^= ((cast_sbox1[U8a(t)] + cast_sbox2[U8b(t)]) ^ \
+ cast_sbox3[U8c(t)]) - cast_sbox4[U8d(t)];
+
+
+/***** Encryption Function *****/
+
+void cast_encrypt(cast_key* key, u8* inblock, u8* outblock)
+{
+u32 t, l, r;
+
+ /* Get inblock into l,r */
+ l = ((u32)inblock[0] << 24) | ((u32)inblock[1] << 16) |
+ ((u32)inblock[2] << 8) | (u32)inblock[3];
+ r = ((u32)inblock[4] << 24) | ((u32)inblock[5] << 16) |
+ ((u32)inblock[6] << 8) | (u32)inblock[7];
+ /* Do the work */
+ F1(l, r, 0);
+ F2(r, l, 1);
+ F3(l, r, 2);
+ F1(r, l, 3);
+ F2(l, r, 4);
+ F3(r, l, 5);
+ F1(l, r, 6);
+ F2(r, l, 7);
+ F3(l, r, 8);
+ F1(r, l, 9);
+ F2(l, r, 10);
+ F3(r, l, 11);
+ /* Only do full 16 rounds if key length > 80 bits */
+ if (key->rounds > 12) {
+ F1(l, r, 12);
+ F2(r, l, 13);
+ F3(l, r, 14);
+ F1(r, l, 15);
+ }
+ /* Put l,r into outblock */
+ outblock[0] = U8a(r);
+ outblock[1] = U8b(r);
+ outblock[2] = U8c(r);
+ outblock[3] = U8d(r);
+ outblock[4] = U8a(l);
+ outblock[5] = U8b(l);
+ outblock[6] = U8c(l);
+ outblock[7] = U8d(l);
+ /* Wipe clean */
+ t = l = r = 0;
+}
+
+
+/***** Decryption Function *****/
+
+void cast_decrypt(cast_key* key, u8* inblock, u8* outblock)
+{
+u32 t, l, r;
+
+ /* Get inblock into l,r */
+ r = ((u32)inblock[0] << 24) | ((u32)inblock[1] << 16) |
+ ((u32)inblock[2] << 8) | (u32)inblock[3];
+ l = ((u32)inblock[4] << 24) | ((u32)inblock[5] << 16) |
+ ((u32)inblock[6] << 8) | (u32)inblock[7];
+ /* Do the work */
+ /* Only do full 16 rounds if key length > 80 bits */
+ if (key->rounds > 12) {
+ F1(r, l, 15);
+ F3(l, r, 14);
+ F2(r, l, 13);
+ F1(l, r, 12);
+ }
+ F3(r, l, 11);
+ F2(l, r, 10);
+ F1(r, l, 9);
+ F3(l, r, 8);
+ F2(r, l, 7);
+ F1(l, r, 6);
+ F3(r, l, 5);
+ F2(l, r, 4);
+ F1(r, l, 3);
+ F3(l, r, 2);
+ F2(r, l, 1);
+ F1(l, r, 0);
+ /* Put l,r into outblock */
+ outblock[0] = U8a(l);
+ outblock[1] = U8b(l);
+ outblock[2] = U8c(l);
+ outblock[3] = U8d(l);
+ outblock[4] = U8a(r);
+ outblock[5] = U8b(r);
+ outblock[6] = U8c(r);
+ outblock[7] = U8d(r);
+ /* Wipe clean */
+ t = l = r = 0;
+}
+
+
+/***** Key Schedual *****/
+
+void cast_setkey(cast_key* key, u8* rawkey, int keybytes)
+{
+u32 t[4], z[4], x[4];
+int i;
+
+ /* Set number of rounds to 12 or 16, depending on key length */
+ key->rounds = (keybytes <= 10 ? 12 : 16);
+
+ /* Copy key to workspace x */
+ for (i = 0; i < 4; i++) {
+ x[i] = 0;
+ if ((i*4+0) < keybytes) x[i] = (u32)rawkey[i*4+0] << 24;
+ if ((i*4+1) < keybytes) x[i] |= (u32)rawkey[i*4+1] << 16;
+ if ((i*4+2) < keybytes) x[i] |= (u32)rawkey[i*4+2] << 8;
+ if ((i*4+3) < keybytes) x[i] |= (u32)rawkey[i*4+3];
+ }
+ /* Generate 32 subkeys, four at a time */
+ for (i = 0; i < 32; i+=4) {
+ switch (i & 4) {
+ case 0:
+ t[0] = z[0] = x[0] ^ cast_sbox5[U8b(x[3])] ^
+ cast_sbox6[U8d(x[3])] ^ cast_sbox7[U8a(x[3])] ^
+ cast_sbox8[U8c(x[3])] ^ cast_sbox7[U8a(x[2])];
+ t[1] = z[1] = x[2] ^ cast_sbox5[U8a(z[0])] ^
+ cast_sbox6[U8c(z[0])] ^ cast_sbox7[U8b(z[0])] ^
+ cast_sbox8[U8d(z[0])] ^ cast_sbox8[U8c(x[2])];
+ t[2] = z[2] = x[3] ^ cast_sbox5[U8d(z[1])] ^
+ cast_sbox6[U8c(z[1])] ^ cast_sbox7[U8b(z[1])] ^
+ cast_sbox8[U8a(z[1])] ^ cast_sbox5[U8b(x[2])];
+ t[3] = z[3] = x[1] ^ cast_sbox5[U8c(z[2])] ^
+ cast_sbox6[U8b(z[2])] ^ cast_sbox7[U8d(z[2])] ^
+ cast_sbox8[U8a(z[2])] ^ cast_sbox6[U8d(x[2])];
+ break;
+ case 4:
+ t[0] = x[0] = z[2] ^ cast_sbox5[U8b(z[1])] ^
+ cast_sbox6[U8d(z[1])] ^ cast_sbox7[U8a(z[1])] ^
+ cast_sbox8[U8c(z[1])] ^ cast_sbox7[U8a(z[0])];
+ t[1] = x[1] = z[0] ^ cast_sbox5[U8a(x[0])] ^
+ cast_sbox6[U8c(x[0])] ^ cast_sbox7[U8b(x[0])] ^
+ cast_sbox8[U8d(x[0])] ^ cast_sbox8[U8c(z[0])];
+ t[2] = x[2] = z[1] ^ cast_sbox5[U8d(x[1])] ^
+ cast_sbox6[U8c(x[1])] ^ cast_sbox7[U8b(x[1])] ^
+ cast_sbox8[U8a(x[1])] ^ cast_sbox5[U8b(z[0])];
+ t[3] = x[3] = z[3] ^ cast_sbox5[U8c(x[2])] ^
+ cast_sbox6[U8b(x[2])] ^ cast_sbox7[U8d(x[2])] ^
+ cast_sbox8[U8a(x[2])] ^ cast_sbox6[U8d(z[0])];
+ break;
+ }
+ switch (i & 12) {
+ case 0:
+ case 12:
+ key->xkey[i+0] = cast_sbox5[U8a(t[2])] ^ cast_sbox6[U8b(t[2])] ^
+ cast_sbox7[U8d(t[1])] ^ cast_sbox8[U8c(t[1])];
+ key->xkey[i+1] = cast_sbox5[U8c(t[2])] ^ cast_sbox6[U8d(t[2])] ^
+ cast_sbox7[U8b(t[1])] ^ cast_sbox8[U8a(t[1])];
+ key->xkey[i+2] = cast_sbox5[U8a(t[3])] ^ cast_sbox6[U8b(t[3])] ^
+ cast_sbox7[U8d(t[0])] ^ cast_sbox8[U8c(t[0])];
+ key->xkey[i+3] = cast_sbox5[U8c(t[3])] ^ cast_sbox6[U8d(t[3])] ^
+ cast_sbox7[U8b(t[0])] ^ cast_sbox8[U8a(t[0])];
+ break;
+ case 4:
+ case 8:
+ key->xkey[i+0] = cast_sbox5[U8d(t[0])] ^ cast_sbox6[U8c(t[0])] ^
+ cast_sbox7[U8a(t[3])] ^ cast_sbox8[U8b(t[3])];
+ key->xkey[i+1] = cast_sbox5[U8b(t[0])] ^ cast_sbox6[U8a(t[0])] ^
+ cast_sbox7[U8c(t[3])] ^ cast_sbox8[U8d(t[3])];
+ key->xkey[i+2] = cast_sbox5[U8d(t[1])] ^ cast_sbox6[U8c(t[1])] ^
+ cast_sbox7[U8a(t[2])] ^ cast_sbox8[U8b(t[2])];
+ key->xkey[i+3] = cast_sbox5[U8b(t[1])] ^ cast_sbox6[U8a(t[1])] ^
+ cast_sbox7[U8c(t[2])] ^ cast_sbox8[U8d(t[2])];
+ break;
+ }
+ switch (i & 12) {
+ case 0:
+ key->xkey[i+0] ^= cast_sbox5[U8c(z[0])];
+ key->xkey[i+1] ^= cast_sbox6[U8c(z[1])];
+ key->xkey[i+2] ^= cast_sbox7[U8b(z[2])];
+ key->xkey[i+3] ^= cast_sbox8[U8a(z[3])];
+ break;
+ case 4:
+ key->xkey[i+0] ^= cast_sbox5[U8a(x[2])];
+ key->xkey[i+1] ^= cast_sbox6[U8b(x[3])];
+ key->xkey[i+2] ^= cast_sbox7[U8d(x[0])];
+ key->xkey[i+3] ^= cast_sbox8[U8d(x[1])];
+ break;
+ case 8:
+ key->xkey[i+0] ^= cast_sbox5[U8b(z[2])];
+ key->xkey[i+1] ^= cast_sbox6[U8a(z[3])];
+ key->xkey[i+2] ^= cast_sbox7[U8c(z[0])];
+ key->xkey[i+3] ^= cast_sbox8[U8c(z[1])];
+ break;
+ case 12:
+ key->xkey[i+0] ^= cast_sbox5[U8d(x[0])];
+ key->xkey[i+1] ^= cast_sbox6[U8d(x[1])];
+ key->xkey[i+2] ^= cast_sbox7[U8a(x[2])];
+ key->xkey[i+3] ^= cast_sbox8[U8b(x[3])];
+ break;
+ }
+ if (i >= 16) {
+ key->xkey[i+0] &= 31;
+ key->xkey[i+1] &= 31;
+ key->xkey[i+2] &= 31;
+ key->xkey[i+3] &= 31;
+ }
+ }
+ /* Wipe clean */
+ for (i = 0; i < 4; i++) {
+ t[i] = x[i] = z[i] = 0;
+ }
+}
+
+/* Made in Canada */
+
diff --git a/sys/netinet/ip_cast.h b/sys/netinet/ip_cast.h
new file mode 100644
index 00000000000..215cc0193e3
--- /dev/null
+++ b/sys/netinet/ip_cast.h
@@ -0,0 +1,25 @@
+/* $OpenBSD: ip_cast.h,v 1.1 1997/11/04 09:11:06 provos Exp $ */
+/*
+ * CAST-128 in C
+ * Written by Steve Reid <sreid@sea-to-sky.net>
+ * 100% Public Domain - no warranty
+ * Released 1997.10.11
+ */
+
+#ifndef _CAST_H_
+#define _CAST_H_
+
+typedef unsigned char u8; /* 8-bit unsigned */
+typedef unsigned long u32; /* 32-bit unsigned */
+
+typedef struct {
+ u32 xkey[32]; /* Key, after expansion */
+ int rounds; /* Number of rounds to use, 12 or 16 */
+} cast_key;
+
+void cast_setkey(cast_key* key, u8* rawkey, int keybytes);
+void cast_encrypt(cast_key* key, u8* inblock, u8* outblock);
+void cast_decrypt(cast_key* key, u8* inblock, u8* outblock);
+
+#endif /* ifndef _CAST_H_ */
+
diff --git a/sys/netinet/ip_castsb.h b/sys/netinet/ip_castsb.h
new file mode 100644
index 00000000000..e4d51df8f82
--- /dev/null
+++ b/sys/netinet/ip_castsb.h
@@ -0,0 +1,544 @@
+/* $OpenBSD: ip_castsb.h,v 1.1 1997/11/04 09:11:07 provos Exp $ */
+/*
+ * CAST-128 in C
+ * Written by Steve Reid <sreid@sea-to-sky.net>
+ * 100% Public Domain - no warranty
+ * Released 1997.10.11
+ */
+
+static const u32 cast_sbox1[256] = {
+ 0x30FB40D4, 0x9FA0FF0B, 0x6BECCD2F, 0x3F258C7A,
+ 0x1E213F2F, 0x9C004DD3, 0x6003E540, 0xCF9FC949,
+ 0xBFD4AF27, 0x88BBBDB5, 0xE2034090, 0x98D09675,
+ 0x6E63A0E0, 0x15C361D2, 0xC2E7661D, 0x22D4FF8E,
+ 0x28683B6F, 0xC07FD059, 0xFF2379C8, 0x775F50E2,
+ 0x43C340D3, 0xDF2F8656, 0x887CA41A, 0xA2D2BD2D,
+ 0xA1C9E0D6, 0x346C4819, 0x61B76D87, 0x22540F2F,
+ 0x2ABE32E1, 0xAA54166B, 0x22568E3A, 0xA2D341D0,
+ 0x66DB40C8, 0xA784392F, 0x004DFF2F, 0x2DB9D2DE,
+ 0x97943FAC, 0x4A97C1D8, 0x527644B7, 0xB5F437A7,
+ 0xB82CBAEF, 0xD751D159, 0x6FF7F0ED, 0x5A097A1F,
+ 0x827B68D0, 0x90ECF52E, 0x22B0C054, 0xBC8E5935,
+ 0x4B6D2F7F, 0x50BB64A2, 0xD2664910, 0xBEE5812D,
+ 0xB7332290, 0xE93B159F, 0xB48EE411, 0x4BFF345D,
+ 0xFD45C240, 0xAD31973F, 0xC4F6D02E, 0x55FC8165,
+ 0xD5B1CAAD, 0xA1AC2DAE, 0xA2D4B76D, 0xC19B0C50,
+ 0x882240F2, 0x0C6E4F38, 0xA4E4BFD7, 0x4F5BA272,
+ 0x564C1D2F, 0xC59C5319, 0xB949E354, 0xB04669FE,
+ 0xB1B6AB8A, 0xC71358DD, 0x6385C545, 0x110F935D,
+ 0x57538AD5, 0x6A390493, 0xE63D37E0, 0x2A54F6B3,
+ 0x3A787D5F, 0x6276A0B5, 0x19A6FCDF, 0x7A42206A,
+ 0x29F9D4D5, 0xF61B1891, 0xBB72275E, 0xAA508167,
+ 0x38901091, 0xC6B505EB, 0x84C7CB8C, 0x2AD75A0F,
+ 0x874A1427, 0xA2D1936B, 0x2AD286AF, 0xAA56D291,
+ 0xD7894360, 0x425C750D, 0x93B39E26, 0x187184C9,
+ 0x6C00B32D, 0x73E2BB14, 0xA0BEBC3C, 0x54623779,
+ 0x64459EAB, 0x3F328B82, 0x7718CF82, 0x59A2CEA6,
+ 0x04EE002E, 0x89FE78E6, 0x3FAB0950, 0x325FF6C2,
+ 0x81383F05, 0x6963C5C8, 0x76CB5AD6, 0xD49974C9,
+ 0xCA180DCF, 0x380782D5, 0xC7FA5CF6, 0x8AC31511,
+ 0x35E79E13, 0x47DA91D0, 0xF40F9086, 0xA7E2419E,
+ 0x31366241, 0x051EF495, 0xAA573B04, 0x4A805D8D,
+ 0x548300D0, 0x00322A3C, 0xBF64CDDF, 0xBA57A68E,
+ 0x75C6372B, 0x50AFD341, 0xA7C13275, 0x915A0BF5,
+ 0x6B54BFAB, 0x2B0B1426, 0xAB4CC9D7, 0x449CCD82,
+ 0xF7FBF265, 0xAB85C5F3, 0x1B55DB94, 0xAAD4E324,
+ 0xCFA4BD3F, 0x2DEAA3E2, 0x9E204D02, 0xC8BD25AC,
+ 0xEADF55B3, 0xD5BD9E98, 0xE31231B2, 0x2AD5AD6C,
+ 0x954329DE, 0xADBE4528, 0xD8710F69, 0xAA51C90F,
+ 0xAA786BF6, 0x22513F1E, 0xAA51A79B, 0x2AD344CC,
+ 0x7B5A41F0, 0xD37CFBAD, 0x1B069505, 0x41ECE491,
+ 0xB4C332E6, 0x032268D4, 0xC9600ACC, 0xCE387E6D,
+ 0xBF6BB16C, 0x6A70FB78, 0x0D03D9C9, 0xD4DF39DE,
+ 0xE01063DA, 0x4736F464, 0x5AD328D8, 0xB347CC96,
+ 0x75BB0FC3, 0x98511BFB, 0x4FFBCC35, 0xB58BCF6A,
+ 0xE11F0ABC, 0xBFC5FE4A, 0xA70AEC10, 0xAC39570A,
+ 0x3F04442F, 0x6188B153, 0xE0397A2E, 0x5727CB79,
+ 0x9CEB418F, 0x1CACD68D, 0x2AD37C96, 0x0175CB9D,
+ 0xC69DFF09, 0xC75B65F0, 0xD9DB40D8, 0xEC0E7779,
+ 0x4744EAD4, 0xB11C3274, 0xDD24CB9E, 0x7E1C54BD,
+ 0xF01144F9, 0xD2240EB1, 0x9675B3FD, 0xA3AC3755,
+ 0xD47C27AF, 0x51C85F4D, 0x56907596, 0xA5BB15E6,
+ 0x580304F0, 0xCA042CF1, 0x011A37EA, 0x8DBFAADB,
+ 0x35BA3E4A, 0x3526FFA0, 0xC37B4D09, 0xBC306ED9,
+ 0x98A52666, 0x5648F725, 0xFF5E569D, 0x0CED63D0,
+ 0x7C63B2CF, 0x700B45E1, 0xD5EA50F1, 0x85A92872,
+ 0xAF1FBDA7, 0xD4234870, 0xA7870BF3, 0x2D3B4D79,
+ 0x42E04198, 0x0CD0EDE7, 0x26470DB8, 0xF881814C,
+ 0x474D6AD7, 0x7C0C5E5C, 0xD1231959, 0x381B7298,
+ 0xF5D2F4DB, 0xAB838653, 0x6E2F1E23, 0x83719C9E,
+ 0xBD91E046, 0x9A56456E, 0xDC39200C, 0x20C8C571,
+ 0x962BDA1C, 0xE1E696FF, 0xB141AB08, 0x7CCA89B9,
+ 0x1A69E783, 0x02CC4843, 0xA2F7C579, 0x429EF47D,
+ 0x427B169C, 0x5AC9F049, 0xDD8F0F00, 0x5C8165BF
+};
+
+static const u32 cast_sbox2[256] = {
+ 0x1F201094, 0xEF0BA75B, 0x69E3CF7E, 0x393F4380,
+ 0xFE61CF7A, 0xEEC5207A, 0x55889C94, 0x72FC0651,
+ 0xADA7EF79, 0x4E1D7235, 0xD55A63CE, 0xDE0436BA,
+ 0x99C430EF, 0x5F0C0794, 0x18DCDB7D, 0xA1D6EFF3,
+ 0xA0B52F7B, 0x59E83605, 0xEE15B094, 0xE9FFD909,
+ 0xDC440086, 0xEF944459, 0xBA83CCB3, 0xE0C3CDFB,
+ 0xD1DA4181, 0x3B092AB1, 0xF997F1C1, 0xA5E6CF7B,
+ 0x01420DDB, 0xE4E7EF5B, 0x25A1FF41, 0xE180F806,
+ 0x1FC41080, 0x179BEE7A, 0xD37AC6A9, 0xFE5830A4,
+ 0x98DE8B7F, 0x77E83F4E, 0x79929269, 0x24FA9F7B,
+ 0xE113C85B, 0xACC40083, 0xD7503525, 0xF7EA615F,
+ 0x62143154, 0x0D554B63, 0x5D681121, 0xC866C359,
+ 0x3D63CF73, 0xCEE234C0, 0xD4D87E87, 0x5C672B21,
+ 0x071F6181, 0x39F7627F, 0x361E3084, 0xE4EB573B,
+ 0x602F64A4, 0xD63ACD9C, 0x1BBC4635, 0x9E81032D,
+ 0x2701F50C, 0x99847AB4, 0xA0E3DF79, 0xBA6CF38C,
+ 0x10843094, 0x2537A95E, 0xF46F6FFE, 0xA1FF3B1F,
+ 0x208CFB6A, 0x8F458C74, 0xD9E0A227, 0x4EC73A34,
+ 0xFC884F69, 0x3E4DE8DF, 0xEF0E0088, 0x3559648D,
+ 0x8A45388C, 0x1D804366, 0x721D9BFD, 0xA58684BB,
+ 0xE8256333, 0x844E8212, 0x128D8098, 0xFED33FB4,
+ 0xCE280AE1, 0x27E19BA5, 0xD5A6C252, 0xE49754BD,
+ 0xC5D655DD, 0xEB667064, 0x77840B4D, 0xA1B6A801,
+ 0x84DB26A9, 0xE0B56714, 0x21F043B7, 0xE5D05860,
+ 0x54F03084, 0x066FF472, 0xA31AA153, 0xDADC4755,
+ 0xB5625DBF, 0x68561BE6, 0x83CA6B94, 0x2D6ED23B,
+ 0xECCF01DB, 0xA6D3D0BA, 0xB6803D5C, 0xAF77A709,
+ 0x33B4A34C, 0x397BC8D6, 0x5EE22B95, 0x5F0E5304,
+ 0x81ED6F61, 0x20E74364, 0xB45E1378, 0xDE18639B,
+ 0x881CA122, 0xB96726D1, 0x8049A7E8, 0x22B7DA7B,
+ 0x5E552D25, 0x5272D237, 0x79D2951C, 0xC60D894C,
+ 0x488CB402, 0x1BA4FE5B, 0xA4B09F6B, 0x1CA815CF,
+ 0xA20C3005, 0x8871DF63, 0xB9DE2FCB, 0x0CC6C9E9,
+ 0x0BEEFF53, 0xE3214517, 0xB4542835, 0x9F63293C,
+ 0xEE41E729, 0x6E1D2D7C, 0x50045286, 0x1E6685F3,
+ 0xF33401C6, 0x30A22C95, 0x31A70850, 0x60930F13,
+ 0x73F98417, 0xA1269859, 0xEC645C44, 0x52C877A9,
+ 0xCDFF33A6, 0xA02B1741, 0x7CBAD9A2, 0x2180036F,
+ 0x50D99C08, 0xCB3F4861, 0xC26BD765, 0x64A3F6AB,
+ 0x80342676, 0x25A75E7B, 0xE4E6D1FC, 0x20C710E6,
+ 0xCDF0B680, 0x17844D3B, 0x31EEF84D, 0x7E0824E4,
+ 0x2CCB49EB, 0x846A3BAE, 0x8FF77888, 0xEE5D60F6,
+ 0x7AF75673, 0x2FDD5CDB, 0xA11631C1, 0x30F66F43,
+ 0xB3FAEC54, 0x157FD7FA, 0xEF8579CC, 0xD152DE58,
+ 0xDB2FFD5E, 0x8F32CE19, 0x306AF97A, 0x02F03EF8,
+ 0x99319AD5, 0xC242FA0F, 0xA7E3EBB0, 0xC68E4906,
+ 0xB8DA230C, 0x80823028, 0xDCDEF3C8, 0xD35FB171,
+ 0x088A1BC8, 0xBEC0C560, 0x61A3C9E8, 0xBCA8F54D,
+ 0xC72FEFFA, 0x22822E99, 0x82C570B4, 0xD8D94E89,
+ 0x8B1C34BC, 0x301E16E6, 0x273BE979, 0xB0FFEAA6,
+ 0x61D9B8C6, 0x00B24869, 0xB7FFCE3F, 0x08DC283B,
+ 0x43DAF65A, 0xF7E19798, 0x7619B72F, 0x8F1C9BA4,
+ 0xDC8637A0, 0x16A7D3B1, 0x9FC393B7, 0xA7136EEB,
+ 0xC6BCC63E, 0x1A513742, 0xEF6828BC, 0x520365D6,
+ 0x2D6A77AB, 0x3527ED4B, 0x821FD216, 0x095C6E2E,
+ 0xDB92F2FB, 0x5EEA29CB, 0x145892F5, 0x91584F7F,
+ 0x5483697B, 0x2667A8CC, 0x85196048, 0x8C4BACEA,
+ 0x833860D4, 0x0D23E0F9, 0x6C387E8A, 0x0AE6D249,
+ 0xB284600C, 0xD835731D, 0xDCB1C647, 0xAC4C56EA,
+ 0x3EBD81B3, 0x230EABB0, 0x6438BC87, 0xF0B5B1FA,
+ 0x8F5EA2B3, 0xFC184642, 0x0A036B7A, 0x4FB089BD,
+ 0x649DA589, 0xA345415E, 0x5C038323, 0x3E5D3BB9,
+ 0x43D79572, 0x7E6DD07C, 0x06DFDF1E, 0x6C6CC4EF,
+ 0x7160A539, 0x73BFBE70, 0x83877605, 0x4523ECF1
+};
+
+static const u32 cast_sbox3[256] = {
+ 0x8DEFC240, 0x25FA5D9F, 0xEB903DBF, 0xE810C907,
+ 0x47607FFF, 0x369FE44B, 0x8C1FC644, 0xAECECA90,
+ 0xBEB1F9BF, 0xEEFBCAEA, 0xE8CF1950, 0x51DF07AE,
+ 0x920E8806, 0xF0AD0548, 0xE13C8D83, 0x927010D5,
+ 0x11107D9F, 0x07647DB9, 0xB2E3E4D4, 0x3D4F285E,
+ 0xB9AFA820, 0xFADE82E0, 0xA067268B, 0x8272792E,
+ 0x553FB2C0, 0x489AE22B, 0xD4EF9794, 0x125E3FBC,
+ 0x21FFFCEE, 0x825B1BFD, 0x9255C5ED, 0x1257A240,
+ 0x4E1A8302, 0xBAE07FFF, 0x528246E7, 0x8E57140E,
+ 0x3373F7BF, 0x8C9F8188, 0xA6FC4EE8, 0xC982B5A5,
+ 0xA8C01DB7, 0x579FC264, 0x67094F31, 0xF2BD3F5F,
+ 0x40FFF7C1, 0x1FB78DFC, 0x8E6BD2C1, 0x437BE59B,
+ 0x99B03DBF, 0xB5DBC64B, 0x638DC0E6, 0x55819D99,
+ 0xA197C81C, 0x4A012D6E, 0xC5884A28, 0xCCC36F71,
+ 0xB843C213, 0x6C0743F1, 0x8309893C, 0x0FEDDD5F,
+ 0x2F7FE850, 0xD7C07F7E, 0x02507FBF, 0x5AFB9A04,
+ 0xA747D2D0, 0x1651192E, 0xAF70BF3E, 0x58C31380,
+ 0x5F98302E, 0x727CC3C4, 0x0A0FB402, 0x0F7FEF82,
+ 0x8C96FDAD, 0x5D2C2AAE, 0x8EE99A49, 0x50DA88B8,
+ 0x8427F4A0, 0x1EAC5790, 0x796FB449, 0x8252DC15,
+ 0xEFBD7D9B, 0xA672597D, 0xADA840D8, 0x45F54504,
+ 0xFA5D7403, 0xE83EC305, 0x4F91751A, 0x925669C2,
+ 0x23EFE941, 0xA903F12E, 0x60270DF2, 0x0276E4B6,
+ 0x94FD6574, 0x927985B2, 0x8276DBCB, 0x02778176,
+ 0xF8AF918D, 0x4E48F79E, 0x8F616DDF, 0xE29D840E,
+ 0x842F7D83, 0x340CE5C8, 0x96BBB682, 0x93B4B148,
+ 0xEF303CAB, 0x984FAF28, 0x779FAF9B, 0x92DC560D,
+ 0x224D1E20, 0x8437AA88, 0x7D29DC96, 0x2756D3DC,
+ 0x8B907CEE, 0xB51FD240, 0xE7C07CE3, 0xE566B4A1,
+ 0xC3E9615E, 0x3CF8209D, 0x6094D1E3, 0xCD9CA341,
+ 0x5C76460E, 0x00EA983B, 0xD4D67881, 0xFD47572C,
+ 0xF76CEDD9, 0xBDA8229C, 0x127DADAA, 0x438A074E,
+ 0x1F97C090, 0x081BDB8A, 0x93A07EBE, 0xB938CA15,
+ 0x97B03CFF, 0x3DC2C0F8, 0x8D1AB2EC, 0x64380E51,
+ 0x68CC7BFB, 0xD90F2788, 0x12490181, 0x5DE5FFD4,
+ 0xDD7EF86A, 0x76A2E214, 0xB9A40368, 0x925D958F,
+ 0x4B39FFFA, 0xBA39AEE9, 0xA4FFD30B, 0xFAF7933B,
+ 0x6D498623, 0x193CBCFA, 0x27627545, 0x825CF47A,
+ 0x61BD8BA0, 0xD11E42D1, 0xCEAD04F4, 0x127EA392,
+ 0x10428DB7, 0x8272A972, 0x9270C4A8, 0x127DE50B,
+ 0x285BA1C8, 0x3C62F44F, 0x35C0EAA5, 0xE805D231,
+ 0x428929FB, 0xB4FCDF82, 0x4FB66A53, 0x0E7DC15B,
+ 0x1F081FAB, 0x108618AE, 0xFCFD086D, 0xF9FF2889,
+ 0x694BCC11, 0x236A5CAE, 0x12DECA4D, 0x2C3F8CC5,
+ 0xD2D02DFE, 0xF8EF5896, 0xE4CF52DA, 0x95155B67,
+ 0x494A488C, 0xB9B6A80C, 0x5C8F82BC, 0x89D36B45,
+ 0x3A609437, 0xEC00C9A9, 0x44715253, 0x0A874B49,
+ 0xD773BC40, 0x7C34671C, 0x02717EF6, 0x4FEB5536,
+ 0xA2D02FFF, 0xD2BF60C4, 0xD43F03C0, 0x50B4EF6D,
+ 0x07478CD1, 0x006E1888, 0xA2E53F55, 0xB9E6D4BC,
+ 0xA2048016, 0x97573833, 0xD7207D67, 0xDE0F8F3D,
+ 0x72F87B33, 0xABCC4F33, 0x7688C55D, 0x7B00A6B0,
+ 0x947B0001, 0x570075D2, 0xF9BB88F8, 0x8942019E,
+ 0x4264A5FF, 0x856302E0, 0x72DBD92B, 0xEE971B69,
+ 0x6EA22FDE, 0x5F08AE2B, 0xAF7A616D, 0xE5C98767,
+ 0xCF1FEBD2, 0x61EFC8C2, 0xF1AC2571, 0xCC8239C2,
+ 0x67214CB8, 0xB1E583D1, 0xB7DC3E62, 0x7F10BDCE,
+ 0xF90A5C38, 0x0FF0443D, 0x606E6DC6, 0x60543A49,
+ 0x5727C148, 0x2BE98A1D, 0x8AB41738, 0x20E1BE24,
+ 0xAF96DA0F, 0x68458425, 0x99833BE5, 0x600D457D,
+ 0x282F9350, 0x8334B362, 0xD91D1120, 0x2B6D8DA0,
+ 0x642B1E31, 0x9C305A00, 0x52BCE688, 0x1B03588A,
+ 0xF7BAEFD5, 0x4142ED9C, 0xA4315C11, 0x83323EC5,
+ 0xDFEF4636, 0xA133C501, 0xE9D3531C, 0xEE353783
+};
+
+static const u32 cast_sbox4[256] = {
+ 0x9DB30420, 0x1FB6E9DE, 0xA7BE7BEF, 0xD273A298,
+ 0x4A4F7BDB, 0x64AD8C57, 0x85510443, 0xFA020ED1,
+ 0x7E287AFF, 0xE60FB663, 0x095F35A1, 0x79EBF120,
+ 0xFD059D43, 0x6497B7B1, 0xF3641F63, 0x241E4ADF,
+ 0x28147F5F, 0x4FA2B8CD, 0xC9430040, 0x0CC32220,
+ 0xFDD30B30, 0xC0A5374F, 0x1D2D00D9, 0x24147B15,
+ 0xEE4D111A, 0x0FCA5167, 0x71FF904C, 0x2D195FFE,
+ 0x1A05645F, 0x0C13FEFE, 0x081B08CA, 0x05170121,
+ 0x80530100, 0xE83E5EFE, 0xAC9AF4F8, 0x7FE72701,
+ 0xD2B8EE5F, 0x06DF4261, 0xBB9E9B8A, 0x7293EA25,
+ 0xCE84FFDF, 0xF5718801, 0x3DD64B04, 0xA26F263B,
+ 0x7ED48400, 0x547EEBE6, 0x446D4CA0, 0x6CF3D6F5,
+ 0x2649ABDF, 0xAEA0C7F5, 0x36338CC1, 0x503F7E93,
+ 0xD3772061, 0x11B638E1, 0x72500E03, 0xF80EB2BB,
+ 0xABE0502E, 0xEC8D77DE, 0x57971E81, 0xE14F6746,
+ 0xC9335400, 0x6920318F, 0x081DBB99, 0xFFC304A5,
+ 0x4D351805, 0x7F3D5CE3, 0xA6C866C6, 0x5D5BCCA9,
+ 0xDAEC6FEA, 0x9F926F91, 0x9F46222F, 0x3991467D,
+ 0xA5BF6D8E, 0x1143C44F, 0x43958302, 0xD0214EEB,
+ 0x022083B8, 0x3FB6180C, 0x18F8931E, 0x281658E6,
+ 0x26486E3E, 0x8BD78A70, 0x7477E4C1, 0xB506E07C,
+ 0xF32D0A25, 0x79098B02, 0xE4EABB81, 0x28123B23,
+ 0x69DEAD38, 0x1574CA16, 0xDF871B62, 0x211C40B7,
+ 0xA51A9EF9, 0x0014377B, 0x041E8AC8, 0x09114003,
+ 0xBD59E4D2, 0xE3D156D5, 0x4FE876D5, 0x2F91A340,
+ 0x557BE8DE, 0x00EAE4A7, 0x0CE5C2EC, 0x4DB4BBA6,
+ 0xE756BDFF, 0xDD3369AC, 0xEC17B035, 0x06572327,
+ 0x99AFC8B0, 0x56C8C391, 0x6B65811C, 0x5E146119,
+ 0x6E85CB75, 0xBE07C002, 0xC2325577, 0x893FF4EC,
+ 0x5BBFC92D, 0xD0EC3B25, 0xB7801AB7, 0x8D6D3B24,
+ 0x20C763EF, 0xC366A5FC, 0x9C382880, 0x0ACE3205,
+ 0xAAC9548A, 0xECA1D7C7, 0x041AFA32, 0x1D16625A,
+ 0x6701902C, 0x9B757A54, 0x31D477F7, 0x9126B031,
+ 0x36CC6FDB, 0xC70B8B46, 0xD9E66A48, 0x56E55A79,
+ 0x026A4CEB, 0x52437EFF, 0x2F8F76B4, 0x0DF980A5,
+ 0x8674CDE3, 0xEDDA04EB, 0x17A9BE04, 0x2C18F4DF,
+ 0xB7747F9D, 0xAB2AF7B4, 0xEFC34D20, 0x2E096B7C,
+ 0x1741A254, 0xE5B6A035, 0x213D42F6, 0x2C1C7C26,
+ 0x61C2F50F, 0x6552DAF9, 0xD2C231F8, 0x25130F69,
+ 0xD8167FA2, 0x0418F2C8, 0x001A96A6, 0x0D1526AB,
+ 0x63315C21, 0x5E0A72EC, 0x49BAFEFD, 0x187908D9,
+ 0x8D0DBD86, 0x311170A7, 0x3E9B640C, 0xCC3E10D7,
+ 0xD5CAD3B6, 0x0CAEC388, 0xF73001E1, 0x6C728AFF,
+ 0x71EAE2A1, 0x1F9AF36E, 0xCFCBD12F, 0xC1DE8417,
+ 0xAC07BE6B, 0xCB44A1D8, 0x8B9B0F56, 0x013988C3,
+ 0xB1C52FCA, 0xB4BE31CD, 0xD8782806, 0x12A3A4E2,
+ 0x6F7DE532, 0x58FD7EB6, 0xD01EE900, 0x24ADFFC2,
+ 0xF4990FC5, 0x9711AAC5, 0x001D7B95, 0x82E5E7D2,
+ 0x109873F6, 0x00613096, 0xC32D9521, 0xADA121FF,
+ 0x29908415, 0x7FBB977F, 0xAF9EB3DB, 0x29C9ED2A,
+ 0x5CE2A465, 0xA730F32C, 0xD0AA3FE8, 0x8A5CC091,
+ 0xD49E2CE7, 0x0CE454A9, 0xD60ACD86, 0x015F1919,
+ 0x77079103, 0xDEA03AF6, 0x78A8565E, 0xDEE356DF,
+ 0x21F05CBE, 0x8B75E387, 0xB3C50651, 0xB8A5C3EF,
+ 0xD8EEB6D2, 0xE523BE77, 0xC2154529, 0x2F69EFDF,
+ 0xAFE67AFB, 0xF470C4B2, 0xF3E0EB5B, 0xD6CC9876,
+ 0x39E4460C, 0x1FDA8538, 0x1987832F, 0xCA007367,
+ 0xA99144F8, 0x296B299E, 0x492FC295, 0x9266BEAB,
+ 0xB5676E69, 0x9BD3DDDA, 0xDF7E052F, 0xDB25701C,
+ 0x1B5E51EE, 0xF65324E6, 0x6AFCE36C, 0x0316CC04,
+ 0x8644213E, 0xB7DC59D0, 0x7965291F, 0xCCD6FD43,
+ 0x41823979, 0x932BCDF6, 0xB657C34D, 0x4EDFD282,
+ 0x7AE5290C, 0x3CB9536B, 0x851E20FE, 0x9833557E,
+ 0x13ECF0B0, 0xD3FFB372, 0x3F85C5C1, 0x0AEF7ED2
+};
+
+static const u32 cast_sbox5[256] = {
+ 0x7EC90C04, 0x2C6E74B9, 0x9B0E66DF, 0xA6337911,
+ 0xB86A7FFF, 0x1DD358F5, 0x44DD9D44, 0x1731167F,
+ 0x08FBF1FA, 0xE7F511CC, 0xD2051B00, 0x735ABA00,
+ 0x2AB722D8, 0x386381CB, 0xACF6243A, 0x69BEFD7A,
+ 0xE6A2E77F, 0xF0C720CD, 0xC4494816, 0xCCF5C180,
+ 0x38851640, 0x15B0A848, 0xE68B18CB, 0x4CAADEFF,
+ 0x5F480A01, 0x0412B2AA, 0x259814FC, 0x41D0EFE2,
+ 0x4E40B48D, 0x248EB6FB, 0x8DBA1CFE, 0x41A99B02,
+ 0x1A550A04, 0xBA8F65CB, 0x7251F4E7, 0x95A51725,
+ 0xC106ECD7, 0x97A5980A, 0xC539B9AA, 0x4D79FE6A,
+ 0xF2F3F763, 0x68AF8040, 0xED0C9E56, 0x11B4958B,
+ 0xE1EB5A88, 0x8709E6B0, 0xD7E07156, 0x4E29FEA7,
+ 0x6366E52D, 0x02D1C000, 0xC4AC8E05, 0x9377F571,
+ 0x0C05372A, 0x578535F2, 0x2261BE02, 0xD642A0C9,
+ 0xDF13A280, 0x74B55BD2, 0x682199C0, 0xD421E5EC,
+ 0x53FB3CE8, 0xC8ADEDB3, 0x28A87FC9, 0x3D959981,
+ 0x5C1FF900, 0xFE38D399, 0x0C4EFF0B, 0x062407EA,
+ 0xAA2F4FB1, 0x4FB96976, 0x90C79505, 0xB0A8A774,
+ 0xEF55A1FF, 0xE59CA2C2, 0xA6B62D27, 0xE66A4263,
+ 0xDF65001F, 0x0EC50966, 0xDFDD55BC, 0x29DE0655,
+ 0x911E739A, 0x17AF8975, 0x32C7911C, 0x89F89468,
+ 0x0D01E980, 0x524755F4, 0x03B63CC9, 0x0CC844B2,
+ 0xBCF3F0AA, 0x87AC36E9, 0xE53A7426, 0x01B3D82B,
+ 0x1A9E7449, 0x64EE2D7E, 0xCDDBB1DA, 0x01C94910,
+ 0xB868BF80, 0x0D26F3FD, 0x9342EDE7, 0x04A5C284,
+ 0x636737B6, 0x50F5B616, 0xF24766E3, 0x8ECA36C1,
+ 0x136E05DB, 0xFEF18391, 0xFB887A37, 0xD6E7F7D4,
+ 0xC7FB7DC9, 0x3063FCDF, 0xB6F589DE, 0xEC2941DA,
+ 0x26E46695, 0xB7566419, 0xF654EFC5, 0xD08D58B7,
+ 0x48925401, 0xC1BACB7F, 0xE5FF550F, 0xB6083049,
+ 0x5BB5D0E8, 0x87D72E5A, 0xAB6A6EE1, 0x223A66CE,
+ 0xC62BF3CD, 0x9E0885F9, 0x68CB3E47, 0x086C010F,
+ 0xA21DE820, 0xD18B69DE, 0xF3F65777, 0xFA02C3F6,
+ 0x407EDAC3, 0xCBB3D550, 0x1793084D, 0xB0D70EBA,
+ 0x0AB378D5, 0xD951FB0C, 0xDED7DA56, 0x4124BBE4,
+ 0x94CA0B56, 0x0F5755D1, 0xE0E1E56E, 0x6184B5BE,
+ 0x580A249F, 0x94F74BC0, 0xE327888E, 0x9F7B5561,
+ 0xC3DC0280, 0x05687715, 0x646C6BD7, 0x44904DB3,
+ 0x66B4F0A3, 0xC0F1648A, 0x697ED5AF, 0x49E92FF6,
+ 0x309E374F, 0x2CB6356A, 0x85808573, 0x4991F840,
+ 0x76F0AE02, 0x083BE84D, 0x28421C9A, 0x44489406,
+ 0x736E4CB8, 0xC1092910, 0x8BC95FC6, 0x7D869CF4,
+ 0x134F616F, 0x2E77118D, 0xB31B2BE1, 0xAA90B472,
+ 0x3CA5D717, 0x7D161BBA, 0x9CAD9010, 0xAF462BA2,
+ 0x9FE459D2, 0x45D34559, 0xD9F2DA13, 0xDBC65487,
+ 0xF3E4F94E, 0x176D486F, 0x097C13EA, 0x631DA5C7,
+ 0x445F7382, 0x175683F4, 0xCDC66A97, 0x70BE0288,
+ 0xB3CDCF72, 0x6E5DD2F3, 0x20936079, 0x459B80A5,
+ 0xBE60E2DB, 0xA9C23101, 0xEBA5315C, 0x224E42F2,
+ 0x1C5C1572, 0xF6721B2C, 0x1AD2FFF3, 0x8C25404E,
+ 0x324ED72F, 0x4067B7FD, 0x0523138E, 0x5CA3BC78,
+ 0xDC0FD66E, 0x75922283, 0x784D6B17, 0x58EBB16E,
+ 0x44094F85, 0x3F481D87, 0xFCFEAE7B, 0x77B5FF76,
+ 0x8C2302BF, 0xAAF47556, 0x5F46B02A, 0x2B092801,
+ 0x3D38F5F7, 0x0CA81F36, 0x52AF4A8A, 0x66D5E7C0,
+ 0xDF3B0874, 0x95055110, 0x1B5AD7A8, 0xF61ED5AD,
+ 0x6CF6E479, 0x20758184, 0xD0CEFA65, 0x88F7BE58,
+ 0x4A046826, 0x0FF6F8F3, 0xA09C7F70, 0x5346ABA0,
+ 0x5CE96C28, 0xE176EDA3, 0x6BAC307F, 0x376829D2,
+ 0x85360FA9, 0x17E3FE2A, 0x24B79767, 0xF5A96B20,
+ 0xD6CD2595, 0x68FF1EBF, 0x7555442C, 0xF19F06BE,
+ 0xF9E0659A, 0xEEB9491D, 0x34010718, 0xBB30CAB8,
+ 0xE822FE15, 0x88570983, 0x750E6249, 0xDA627E55,
+ 0x5E76FFA8, 0xB1534546, 0x6D47DE08, 0xEFE9E7D4
+};
+
+static const u32 cast_sbox6[256] = {
+ 0xF6FA8F9D, 0x2CAC6CE1, 0x4CA34867, 0xE2337F7C,
+ 0x95DB08E7, 0x016843B4, 0xECED5CBC, 0x325553AC,
+ 0xBF9F0960, 0xDFA1E2ED, 0x83F0579D, 0x63ED86B9,
+ 0x1AB6A6B8, 0xDE5EBE39, 0xF38FF732, 0x8989B138,
+ 0x33F14961, 0xC01937BD, 0xF506C6DA, 0xE4625E7E,
+ 0xA308EA99, 0x4E23E33C, 0x79CBD7CC, 0x48A14367,
+ 0xA3149619, 0xFEC94BD5, 0xA114174A, 0xEAA01866,
+ 0xA084DB2D, 0x09A8486F, 0xA888614A, 0x2900AF98,
+ 0x01665991, 0xE1992863, 0xC8F30C60, 0x2E78EF3C,
+ 0xD0D51932, 0xCF0FEC14, 0xF7CA07D2, 0xD0A82072,
+ 0xFD41197E, 0x9305A6B0, 0xE86BE3DA, 0x74BED3CD,
+ 0x372DA53C, 0x4C7F4448, 0xDAB5D440, 0x6DBA0EC3,
+ 0x083919A7, 0x9FBAEED9, 0x49DBCFB0, 0x4E670C53,
+ 0x5C3D9C01, 0x64BDB941, 0x2C0E636A, 0xBA7DD9CD,
+ 0xEA6F7388, 0xE70BC762, 0x35F29ADB, 0x5C4CDD8D,
+ 0xF0D48D8C, 0xB88153E2, 0x08A19866, 0x1AE2EAC8,
+ 0x284CAF89, 0xAA928223, 0x9334BE53, 0x3B3A21BF,
+ 0x16434BE3, 0x9AEA3906, 0xEFE8C36E, 0xF890CDD9,
+ 0x80226DAE, 0xC340A4A3, 0xDF7E9C09, 0xA694A807,
+ 0x5B7C5ECC, 0x221DB3A6, 0x9A69A02F, 0x68818A54,
+ 0xCEB2296F, 0x53C0843A, 0xFE893655, 0x25BFE68A,
+ 0xB4628ABC, 0xCF222EBF, 0x25AC6F48, 0xA9A99387,
+ 0x53BDDB65, 0xE76FFBE7, 0xE967FD78, 0x0BA93563,
+ 0x8E342BC1, 0xE8A11BE9, 0x4980740D, 0xC8087DFC,
+ 0x8DE4BF99, 0xA11101A0, 0x7FD37975, 0xDA5A26C0,
+ 0xE81F994F, 0x9528CD89, 0xFD339FED, 0xB87834BF,
+ 0x5F04456D, 0x22258698, 0xC9C4C83B, 0x2DC156BE,
+ 0x4F628DAA, 0x57F55EC5, 0xE2220ABE, 0xD2916EBF,
+ 0x4EC75B95, 0x24F2C3C0, 0x42D15D99, 0xCD0D7FA0,
+ 0x7B6E27FF, 0xA8DC8AF0, 0x7345C106, 0xF41E232F,
+ 0x35162386, 0xE6EA8926, 0x3333B094, 0x157EC6F2,
+ 0x372B74AF, 0x692573E4, 0xE9A9D848, 0xF3160289,
+ 0x3A62EF1D, 0xA787E238, 0xF3A5F676, 0x74364853,
+ 0x20951063, 0x4576698D, 0xB6FAD407, 0x592AF950,
+ 0x36F73523, 0x4CFB6E87, 0x7DA4CEC0, 0x6C152DAA,
+ 0xCB0396A8, 0xC50DFE5D, 0xFCD707AB, 0x0921C42F,
+ 0x89DFF0BB, 0x5FE2BE78, 0x448F4F33, 0x754613C9,
+ 0x2B05D08D, 0x48B9D585, 0xDC049441, 0xC8098F9B,
+ 0x7DEDE786, 0xC39A3373, 0x42410005, 0x6A091751,
+ 0x0EF3C8A6, 0x890072D6, 0x28207682, 0xA9A9F7BE,
+ 0xBF32679D, 0xD45B5B75, 0xB353FD00, 0xCBB0E358,
+ 0x830F220A, 0x1F8FB214, 0xD372CF08, 0xCC3C4A13,
+ 0x8CF63166, 0x061C87BE, 0x88C98F88, 0x6062E397,
+ 0x47CF8E7A, 0xB6C85283, 0x3CC2ACFB, 0x3FC06976,
+ 0x4E8F0252, 0x64D8314D, 0xDA3870E3, 0x1E665459,
+ 0xC10908F0, 0x513021A5, 0x6C5B68B7, 0x822F8AA0,
+ 0x3007CD3E, 0x74719EEF, 0xDC872681, 0x073340D4,
+ 0x7E432FD9, 0x0C5EC241, 0x8809286C, 0xF592D891,
+ 0x08A930F6, 0x957EF305, 0xB7FBFFBD, 0xC266E96F,
+ 0x6FE4AC98, 0xB173ECC0, 0xBC60B42A, 0x953498DA,
+ 0xFBA1AE12, 0x2D4BD736, 0x0F25FAAB, 0xA4F3FCEB,
+ 0xE2969123, 0x257F0C3D, 0x9348AF49, 0x361400BC,
+ 0xE8816F4A, 0x3814F200, 0xA3F94043, 0x9C7A54C2,
+ 0xBC704F57, 0xDA41E7F9, 0xC25AD33A, 0x54F4A084,
+ 0xB17F5505, 0x59357CBE, 0xEDBD15C8, 0x7F97C5AB,
+ 0xBA5AC7B5, 0xB6F6DEAF, 0x3A479C3A, 0x5302DA25,
+ 0x653D7E6A, 0x54268D49, 0x51A477EA, 0x5017D55B,
+ 0xD7D25D88, 0x44136C76, 0x0404A8C8, 0xB8E5A121,
+ 0xB81A928A, 0x60ED5869, 0x97C55B96, 0xEAEC991B,
+ 0x29935913, 0x01FDB7F1, 0x088E8DFA, 0x9AB6F6F5,
+ 0x3B4CBF9F, 0x4A5DE3AB, 0xE6051D35, 0xA0E1D855,
+ 0xD36B4CF1, 0xF544EDEB, 0xB0E93524, 0xBEBB8FBD,
+ 0xA2D762CF, 0x49C92F54, 0x38B5F331, 0x7128A454,
+ 0x48392905, 0xA65B1DB8, 0x851C97BD, 0xD675CF2F
+};
+
+static const u32 cast_sbox7[256] = {
+ 0x85E04019, 0x332BF567, 0x662DBFFF, 0xCFC65693,
+ 0x2A8D7F6F, 0xAB9BC912, 0xDE6008A1, 0x2028DA1F,
+ 0x0227BCE7, 0x4D642916, 0x18FAC300, 0x50F18B82,
+ 0x2CB2CB11, 0xB232E75C, 0x4B3695F2, 0xB28707DE,
+ 0xA05FBCF6, 0xCD4181E9, 0xE150210C, 0xE24EF1BD,
+ 0xB168C381, 0xFDE4E789, 0x5C79B0D8, 0x1E8BFD43,
+ 0x4D495001, 0x38BE4341, 0x913CEE1D, 0x92A79C3F,
+ 0x089766BE, 0xBAEEADF4, 0x1286BECF, 0xB6EACB19,
+ 0x2660C200, 0x7565BDE4, 0x64241F7A, 0x8248DCA9,
+ 0xC3B3AD66, 0x28136086, 0x0BD8DFA8, 0x356D1CF2,
+ 0x107789BE, 0xB3B2E9CE, 0x0502AA8F, 0x0BC0351E,
+ 0x166BF52A, 0xEB12FF82, 0xE3486911, 0xD34D7516,
+ 0x4E7B3AFF, 0x5F43671B, 0x9CF6E037, 0x4981AC83,
+ 0x334266CE, 0x8C9341B7, 0xD0D854C0, 0xCB3A6C88,
+ 0x47BC2829, 0x4725BA37, 0xA66AD22B, 0x7AD61F1E,
+ 0x0C5CBAFA, 0x4437F107, 0xB6E79962, 0x42D2D816,
+ 0x0A961288, 0xE1A5C06E, 0x13749E67, 0x72FC081A,
+ 0xB1D139F7, 0xF9583745, 0xCF19DF58, 0xBEC3F756,
+ 0xC06EBA30, 0x07211B24, 0x45C28829, 0xC95E317F,
+ 0xBC8EC511, 0x38BC46E9, 0xC6E6FA14, 0xBAE8584A,
+ 0xAD4EBC46, 0x468F508B, 0x7829435F, 0xF124183B,
+ 0x821DBA9F, 0xAFF60FF4, 0xEA2C4E6D, 0x16E39264,
+ 0x92544A8B, 0x009B4FC3, 0xABA68CED, 0x9AC96F78,
+ 0x06A5B79A, 0xB2856E6E, 0x1AEC3CA9, 0xBE838688,
+ 0x0E0804E9, 0x55F1BE56, 0xE7E5363B, 0xB3A1F25D,
+ 0xF7DEBB85, 0x61FE033C, 0x16746233, 0x3C034C28,
+ 0xDA6D0C74, 0x79AAC56C, 0x3CE4E1AD, 0x51F0C802,
+ 0x98F8F35A, 0x1626A49F, 0xEED82B29, 0x1D382FE3,
+ 0x0C4FB99A, 0xBB325778, 0x3EC6D97B, 0x6E77A6A9,
+ 0xCB658B5C, 0xD45230C7, 0x2BD1408B, 0x60C03EB7,
+ 0xB9068D78, 0xA33754F4, 0xF430C87D, 0xC8A71302,
+ 0xB96D8C32, 0xEBD4E7BE, 0xBE8B9D2D, 0x7979FB06,
+ 0xE7225308, 0x8B75CF77, 0x11EF8DA4, 0xE083C858,
+ 0x8D6B786F, 0x5A6317A6, 0xFA5CF7A0, 0x5DDA0033,
+ 0xF28EBFB0, 0xF5B9C310, 0xA0EAC280, 0x08B9767A,
+ 0xA3D9D2B0, 0x79D34217, 0x021A718D, 0x9AC6336A,
+ 0x2711FD60, 0x438050E3, 0x069908A8, 0x3D7FEDC4,
+ 0x826D2BEF, 0x4EEB8476, 0x488DCF25, 0x36C9D566,
+ 0x28E74E41, 0xC2610ACA, 0x3D49A9CF, 0xBAE3B9DF,
+ 0xB65F8DE6, 0x92AEAF64, 0x3AC7D5E6, 0x9EA80509,
+ 0xF22B017D, 0xA4173F70, 0xDD1E16C3, 0x15E0D7F9,
+ 0x50B1B887, 0x2B9F4FD5, 0x625ABA82, 0x6A017962,
+ 0x2EC01B9C, 0x15488AA9, 0xD716E740, 0x40055A2C,
+ 0x93D29A22, 0xE32DBF9A, 0x058745B9, 0x3453DC1E,
+ 0xD699296E, 0x496CFF6F, 0x1C9F4986, 0xDFE2ED07,
+ 0xB87242D1, 0x19DE7EAE, 0x053E561A, 0x15AD6F8C,
+ 0x66626C1C, 0x7154C24C, 0xEA082B2A, 0x93EB2939,
+ 0x17DCB0F0, 0x58D4F2AE, 0x9EA294FB, 0x52CF564C,
+ 0x9883FE66, 0x2EC40581, 0x763953C3, 0x01D6692E,
+ 0xD3A0C108, 0xA1E7160E, 0xE4F2DFA6, 0x693ED285,
+ 0x74904698, 0x4C2B0EDD, 0x4F757656, 0x5D393378,
+ 0xA132234F, 0x3D321C5D, 0xC3F5E194, 0x4B269301,
+ 0xC79F022F, 0x3C997E7E, 0x5E4F9504, 0x3FFAFBBD,
+ 0x76F7AD0E, 0x296693F4, 0x3D1FCE6F, 0xC61E45BE,
+ 0xD3B5AB34, 0xF72BF9B7, 0x1B0434C0, 0x4E72B567,
+ 0x5592A33D, 0xB5229301, 0xCFD2A87F, 0x60AEB767,
+ 0x1814386B, 0x30BCC33D, 0x38A0C07D, 0xFD1606F2,
+ 0xC363519B, 0x589DD390, 0x5479F8E6, 0x1CB8D647,
+ 0x97FD61A9, 0xEA7759F4, 0x2D57539D, 0x569A58CF,
+ 0xE84E63AD, 0x462E1B78, 0x6580F87E, 0xF3817914,
+ 0x91DA55F4, 0x40A230F3, 0xD1988F35, 0xB6E318D2,
+ 0x3FFA50BC, 0x3D40F021, 0xC3C0BDAE, 0x4958C24C,
+ 0x518F36B2, 0x84B1D370, 0x0FEDCE83, 0x878DDADA,
+ 0xF2A279C7, 0x94E01BE8, 0x90716F4B, 0x954B8AA3
+};
+
+static const u32 cast_sbox8[256] = {
+ 0xE216300D, 0xBBDDFFFC, 0xA7EBDABD, 0x35648095,
+ 0x7789F8B7, 0xE6C1121B, 0x0E241600, 0x052CE8B5,
+ 0x11A9CFB0, 0xE5952F11, 0xECE7990A, 0x9386D174,
+ 0x2A42931C, 0x76E38111, 0xB12DEF3A, 0x37DDDDFC,
+ 0xDE9ADEB1, 0x0A0CC32C, 0xBE197029, 0x84A00940,
+ 0xBB243A0F, 0xB4D137CF, 0xB44E79F0, 0x049EEDFD,
+ 0x0B15A15D, 0x480D3168, 0x8BBBDE5A, 0x669DED42,
+ 0xC7ECE831, 0x3F8F95E7, 0x72DF191B, 0x7580330D,
+ 0x94074251, 0x5C7DCDFA, 0xABBE6D63, 0xAA402164,
+ 0xB301D40A, 0x02E7D1CA, 0x53571DAE, 0x7A3182A2,
+ 0x12A8DDEC, 0xFDAA335D, 0x176F43E8, 0x71FB46D4,
+ 0x38129022, 0xCE949AD4, 0xB84769AD, 0x965BD862,
+ 0x82F3D055, 0x66FB9767, 0x15B80B4E, 0x1D5B47A0,
+ 0x4CFDE06F, 0xC28EC4B8, 0x57E8726E, 0x647A78FC,
+ 0x99865D44, 0x608BD593, 0x6C200E03, 0x39DC5FF6,
+ 0x5D0B00A3, 0xAE63AFF2, 0x7E8BD632, 0x70108C0C,
+ 0xBBD35049, 0x2998DF04, 0x980CF42A, 0x9B6DF491,
+ 0x9E7EDD53, 0x06918548, 0x58CB7E07, 0x3B74EF2E,
+ 0x522FFFB1, 0xD24708CC, 0x1C7E27CD, 0xA4EB215B,
+ 0x3CF1D2E2, 0x19B47A38, 0x424F7618, 0x35856039,
+ 0x9D17DEE7, 0x27EB35E6, 0xC9AFF67B, 0x36BAF5B8,
+ 0x09C467CD, 0xC18910B1, 0xE11DBF7B, 0x06CD1AF8,
+ 0x7170C608, 0x2D5E3354, 0xD4DE495A, 0x64C6D006,
+ 0xBCC0C62C, 0x3DD00DB3, 0x708F8F34, 0x77D51B42,
+ 0x264F620F, 0x24B8D2BF, 0x15C1B79E, 0x46A52564,
+ 0xF8D7E54E, 0x3E378160, 0x7895CDA5, 0x859C15A5,
+ 0xE6459788, 0xC37BC75F, 0xDB07BA0C, 0x0676A3AB,
+ 0x7F229B1E, 0x31842E7B, 0x24259FD7, 0xF8BEF472,
+ 0x835FFCB8, 0x6DF4C1F2, 0x96F5B195, 0xFD0AF0FC,
+ 0xB0FE134C, 0xE2506D3D, 0x4F9B12EA, 0xF215F225,
+ 0xA223736F, 0x9FB4C428, 0x25D04979, 0x34C713F8,
+ 0xC4618187, 0xEA7A6E98, 0x7CD16EFC, 0x1436876C,
+ 0xF1544107, 0xBEDEEE14, 0x56E9AF27, 0xA04AA441,
+ 0x3CF7C899, 0x92ECBAE6, 0xDD67016D, 0x151682EB,
+ 0xA842EEDF, 0xFDBA60B4, 0xF1907B75, 0x20E3030F,
+ 0x24D8C29E, 0xE139673B, 0xEFA63FB8, 0x71873054,
+ 0xB6F2CF3B, 0x9F326442, 0xCB15A4CC, 0xB01A4504,
+ 0xF1E47D8D, 0x844A1BE5, 0xBAE7DFDC, 0x42CBDA70,
+ 0xCD7DAE0A, 0x57E85B7A, 0xD53F5AF6, 0x20CF4D8C,
+ 0xCEA4D428, 0x79D130A4, 0x3486EBFB, 0x33D3CDDC,
+ 0x77853B53, 0x37EFFCB5, 0xC5068778, 0xE580B3E6,
+ 0x4E68B8F4, 0xC5C8B37E, 0x0D809EA2, 0x398FEB7C,
+ 0x132A4F94, 0x43B7950E, 0x2FEE7D1C, 0x223613BD,
+ 0xDD06CAA2, 0x37DF932B, 0xC4248289, 0xACF3EBC3,
+ 0x5715F6B7, 0xEF3478DD, 0xF267616F, 0xC148CBE4,
+ 0x9052815E, 0x5E410FAB, 0xB48A2465, 0x2EDA7FA4,
+ 0xE87B40E4, 0xE98EA084, 0x5889E9E1, 0xEFD390FC,
+ 0xDD07D35B, 0xDB485694, 0x38D7E5B2, 0x57720101,
+ 0x730EDEBC, 0x5B643113, 0x94917E4F, 0x503C2FBA,
+ 0x646F1282, 0x7523D24A, 0xE0779695, 0xF9C17A8F,
+ 0x7A5B2121, 0xD187B896, 0x29263A4D, 0xBA510CDF,
+ 0x81F47C9F, 0xAD1163ED, 0xEA7B5965, 0x1A00726E,
+ 0x11403092, 0x00DA6D77, 0x4A0CDD61, 0xAD1F4603,
+ 0x605BDFB0, 0x9EEDC364, 0x22EBE6A8, 0xCEE7D28A,
+ 0xA0E736A0, 0x5564A6B9, 0x10853209, 0xC7EB8F37,
+ 0x2DE705CA, 0x8951570F, 0xDF09822B, 0xBD691A6C,
+ 0xAA12E4F2, 0x87451C0F, 0xE0F6A27A, 0x3ADA4819,
+ 0x4CF1764F, 0x0D771C2B, 0x67CDB156, 0x350D8384,
+ 0x5938FA0F, 0x42399EF3, 0x36997B07, 0x0E84093D,
+ 0x4AA93E61, 0x8360D87B, 0x1FA98B0C, 0x1149382C,
+ 0xE97625A5, 0x0614D1B7, 0x0E25244B, 0x0C768347,
+ 0x589E8D82, 0x0D2059D1, 0xA466BB1E, 0xF8DA0A82,
+ 0x04F19130, 0xBA6E4EC0, 0x99265164, 0x1EE7230D,
+ 0x50B2AD80, 0xEAEE6801, 0x8DB2A283, 0xEA8BF59E
+};
+
diff --git a/sys/netinet/ip_esp.c b/sys/netinet/ip_esp.c
index b349c04636d..3cb5ac1bd7d 100644
--- a/sys/netinet/ip_esp.c
+++ b/sys/netinet/ip_esp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_esp.c,v 1.12 1997/10/02 02:31:04 deraadt Exp $ */
+/* $OpenBSD: ip_esp.c,v 1.13 1997/11/04 09:11:09 provos Exp $ */
/*
* The author of this code is John Ioannidis, ji@tla.org,
@@ -9,7 +9,11 @@
* Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
* by Angelos D. Keromytis, kermit@forthnet.gr.
*
- * Copyright (C) 1995, 1996, 1997 by John Ioannidis and Angelos D. Keromytis.
+ * Additional transforms and features in 1997 by Angelos D. Keromytis and
+ * Niels Provos.
+ *
+ * Copyright (C) 1995, 1996, 1997 by John Ioannidis, Angelos D. Keromytis
+ * and Niels Provos.
*
* Permission to use, copy, and modify this software without fee
* is hereby granted, provided that this entire notice is included in
diff --git a/sys/netinet/ip_esp.h b/sys/netinet/ip_esp.h
index f43d489dd96..16c7c0b77b3 100644
--- a/sys/netinet/ip_esp.h
+++ b/sys/netinet/ip_esp.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_esp.h,v 1.13 1997/09/30 03:29:50 deraadt Exp $ */
+/* $OpenBSD: ip_esp.h,v 1.14 1997/11/04 09:11:10 provos Exp $ */
/*
* The author of this code is John Ioannidis, ji@tla.org,
@@ -9,7 +9,11 @@
* Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
* by Angelos D. Keromytis, kermit@forthnet.gr.
*
- * Copyright (C) 1995, 1996, 1997 by John Ioannidis and Angelos D. Keromytis.
+ * Additional transforms and features in 1997 by Angelos D. Keromytis and
+ * Niels Provos.
+ *
+ * Copyright (C) 1995, 1996, 1997 by John Ioannidis, Angelos D. Keromytis
+ * and Niels Provos.
*
* Permission to use, copy, and modify this software without fee
* is hereby granted, provided that this entire notice is included in
@@ -33,22 +37,50 @@
#endif
#include <netinet/ip_sha1.h>
+#include <netinet/ip_blf.h>
+#include <netinet/ip_cast.h>
/* IV lengths */
#define ESP_DES_IVS 8
#define ESP_3DES_IVS 8
+#define ESP_BLF_IVS 8
+#define ESP_CAST_IVS 8
#define ESP_MAX_IVS ESP_3DES_IVS
/* Block sizes -- it is assumed that they're powers of 2 */
#define ESP_DES_BLKS 8
#define ESP_3DES_BLKS 8
+#define ESP_BLF_BLKS 8
+#define ESP_CAST_BLKS 8
+
+#define ESP_MAX_BLKS ESP_3DES_BLKS
/* Various defines for the "new" ESP */
#define ESP_NEW_ALEN 12 /* 96bits authenticator */
#define ESP_NEW_IPAD_VAL 0x36
#define ESP_NEW_OPAD_VAL 0x5C
+struct esp_hash {
+ int type;
+ char *name;
+ u_int16_t hashsize;
+ u_int16_t ctxsize;
+ void (*Init)(void *);
+ void (*Update)(void *, u_int8_t *, u_int16_t);
+ void (*Final)(u_int8_t *, void *);
+};
+
+struct esp_xform {
+ int type;
+ char *name;
+ u_int16_t blocksize, ivsize;
+ u_int16_t minkey, maxkey;
+ u_int32_t ivmask; /* Or all possible modes, zero iv = 1 */
+ void (*encrypt)(void *, u_int8_t *);
+ void (*decrypt)(void *, u_int8_t *);
+};
+
struct esp_old
{
u_int32_t esp_spi; /* Security Parameters Index */
@@ -84,6 +116,7 @@ struct esp_old_xdata
{
u_int32_t edx_enc_algorithm;
int32_t edx_ivlen; /* 4 or 8 */
+ struct esp_xform *edx_xform;
union
{
u_int8_t Iv[ESP_3DES_IVS]; /* that's enough space */
@@ -117,7 +150,8 @@ struct esp_new_xencap
u_int32_t edx_enc_algorithm;
u_int32_t edx_hash_algorithm;
u_int32_t edx_ivlen; /* 0 or 8 */
- u_int32_t edx_keylen;
+ u_int16_t edx_confkeylen;
+ u_int16_t edx_authkeylen;
int32_t edx_wnd;
u_int32_t edx_flags;
u_int8_t edx_data[1]; /* IV + key material */
@@ -138,6 +172,8 @@ struct esp_new_xdata
u_int32_t edx_bitmap;
u_int32_t edx_flags;
u_int32_t edx_initial; /* initial replay value */
+ struct esp_hash *edx_hash;
+ struct esp_xform *edx_xform;
union
{
u_int8_t Iv[ESP_MAX_IVS]; /* that's enough space */
@@ -148,26 +184,27 @@ struct esp_new_xdata
{
u_int8_t Rk[3][8];
u_int32_t Eks[3][16][2];
+ blf_ctx Bks;
+ cast_key Cks;
}Xu;
union
{
- struct
- {
- MD5_CTX edx_ictx;
- MD5_CTX edx_octx;
- } MD5stuff;
- struct
- {
- SHA1_CTX edx_ictx;
- SHA1_CTX edx_octx;
- } SHA1stuff;
- } Hashes;
+ MD5_CTX edx_MD5_ictx;
+ SHA1_CTX edx_SHA1_ictx;
+ } edx_ictx;
+ union
+ {
+ MD5_CTX edx_MD5_octx;
+ SHA1_CTX edx_SHA1_octx;
+ } edx_octx;
};
-#define edx_md5_ictx Hashes.MD5stuff.edx_ictx
-#define edx_md5_octx Hashes.MD5stuff.edx_octx
-#define edx_sha1_ictx Hashes.SHA1stuff.edx_ictx
-#define edx_sha1_octx Hashes.SHA1stuff.edx_octx
+#define edx_bks Xu.Bks
+#define edx_cks Xu.Cks
+#define edx_md5_ictx edx_ictx.edx_MD5_ictx
+#define edx_md5_octx edx_octx.edx_MD5_octx
+#define edx_sha1_ictx edx_ictx.edx_SHA1_ictx
+#define edx_sha1_octx edx_octx.edx_SHA1_octx
#define ESP_OLD_FLENGTH 12
#define ESP_NEW_FLENGTH 16
diff --git a/sys/netinet/ip_esp_new.c b/sys/netinet/ip_esp_new.c
index 53fe1a8b454..b26e0e9c4da 100644
--- a/sys/netinet/ip_esp_new.c
+++ b/sys/netinet/ip_esp_new.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_esp_new.c,v 1.9 1997/10/02 02:31:04 deraadt Exp $ */
+/* $OpenBSD: ip_esp_new.c,v 1.10 1997/11/04 09:11:11 provos Exp $ */
/*
* The author of this code is John Ioannidis, ji@tla.org,
@@ -9,7 +9,11 @@
* Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
* by Angelos D. Keromytis, kermit@forthnet.gr.
*
- * Copyright (C) 1995, 1996, 1997 by John Ioannidis and Angelos D. Keromytis.
+ * Additional transforms and features in 1997 by Angelos D. Keromytis and
+ * Niels Provos.
+ *
+ * Copyright (C) 1995, 1996, 1997 by John Ioannidis, Angelos D. Keromytis
+ * and Niels Provos.
*
* Permission to use, copy, and modify this software without fee
* is hereby granted, provided that this entire notice is included in
@@ -66,6 +70,121 @@ extern void des_ecb3_encrypt(caddr_t, caddr_t, caddr_t, caddr_t, caddr_t, int);
extern void des_ecb_encrypt(caddr_t, caddr_t, caddr_t, int);
extern void des_set_key(caddr_t, caddr_t);
+static void des1_encrypt(void *, u_int8_t *);
+static void des3_encrypt(void *, u_int8_t *);
+static void blf_encrypt(void *, u_int8_t *);
+static void cast5_encrypt(void *, u_int8_t *);
+static void des1_decrypt(void *, u_int8_t *);
+static void des3_decrypt(void *, u_int8_t *);
+static void blf_decrypt(void *, u_int8_t *);
+static void cast5_decrypt(void *, u_int8_t *);
+
+struct esp_hash esp_new_hash[] = {
+ { ALG_AUTH_MD5, "HMAC-MD5-96",
+ AH_MD5_ALEN,
+ sizeof(MD5_CTX),
+ (void (*)(void *))MD5Init,
+ (void (*)(void *, u_int8_t *, u_int16_t))MD5Update,
+ (void (*)(u_int8_t *, void *))MD5Final
+ },
+ { ALG_AUTH_SHA1, "HMAC-SHA1-96",
+ AH_SHA1_ALEN,
+ sizeof(SHA1_CTX),
+ (void (*)(void *))SHA1Init,
+ (void (*)(void *, u_int8_t *, u_int16_t))SHA1Update,
+ (void (*)(u_int8_t *, void *))SHA1Final
+ }
+};
+
+struct esp_xform esp_new_xform[] = {
+ { ALG_ENC_DES, "Data Encryption Standard (DES)",
+ ESP_DES_BLKS, ESP_DES_IVS,
+ 8, 8, 8 | 1,
+ des1_encrypt,
+ des1_decrypt
+ },
+ { ALG_ENC_3DES, "Tripple DES (3DES)",
+ ESP_3DES_BLKS, ESP_3DES_IVS,
+ 24, 24, 8 | 1,
+ des3_encrypt,
+ des3_decrypt
+ },
+ { ALG_ENC_BLF, "Blowfish",
+ ESP_BLF_BLKS, ESP_BLF_IVS,
+ 5, BLF_MAXKEYLEN, 8,
+ blf_encrypt,
+ blf_decrypt
+ },
+ { ALG_ENC_CAST, "CAST",
+ ESP_CAST_BLKS, ESP_CAST_IVS,
+ 5, 16, 8,
+ cast5_encrypt,
+ cast5_decrypt
+ }
+};
+
+static void
+des1_encrypt(void *pxd, u_int8_t *blk)
+{
+ struct esp_new_xdata *xd = pxd;
+ des_ecb_encrypt(blk, blk, (caddr_t) (xd->edx_eks[0]), 1);
+}
+
+static void
+des1_decrypt(void *pxd, u_int8_t *blk)
+{
+ struct esp_new_xdata *xd = pxd;
+ des_ecb_encrypt(blk, blk, (caddr_t) (xd->edx_eks[0]), 0);
+}
+
+static void
+des3_encrypt(void *pxd, u_int8_t *blk)
+{
+ struct esp_new_xdata *xd = pxd;
+ des_ecb3_encrypt(blk, blk, (caddr_t) (xd->edx_eks[2]),
+ (caddr_t) (xd->edx_eks[1]),
+ (caddr_t) (xd->edx_eks[0]), 1);
+}
+
+static void
+des3_decrypt(void *pxd, u_int8_t *blk)
+{
+ struct esp_new_xdata *xd = pxd;
+ des_ecb3_encrypt(blk, blk, (caddr_t) (xd->edx_eks[2]),
+ (caddr_t) (xd->edx_eks[1]),
+ (caddr_t) (xd->edx_eks[0]), 0);
+}
+
+static void
+blf_encrypt(void *pxd, u_int8_t *blk)
+{
+ struct esp_new_xdata *xd = pxd;
+ Blowfish_encipher(&xd->edx_bks, (u_int32_t *)blk,
+ (u_int32_t *)(blk+4));
+}
+
+static void
+blf_decrypt(void *pxd, u_int8_t *blk)
+{
+ struct esp_new_xdata *xd = pxd;
+ Blowfish_decipher(&xd->edx_bks, (u_int32_t *)blk,
+ (u_int32_t *)(blk+4));
+}
+
+static void
+cast5_encrypt(void *pxd, u_int8_t *blk)
+{
+ struct esp_new_xdata *xd = pxd;
+ cast_encrypt(&xd->edx_cks, blk, blk);
+}
+
+static void
+cast5_decrypt(void *pxd, u_int8_t *blk)
+{
+ struct esp_new_xdata *xd = pxd;
+ cast_decrypt(&xd->edx_cks, blk, blk);
+}
+
/*
* esp_new_attach() is called from the transformation initialization code.
* It just returns.
@@ -93,9 +212,11 @@ esp_new_init(struct tdb *tdbp, struct xformsw *xsp, struct mbuf *m)
struct esp_new_xdata *xd;
struct esp_new_xencap txd;
struct encap_msghdr *em;
+ struct esp_xform *txform;
+ struct esp_hash *thash;
caddr_t buffer = NULL;
- int blocklen, i, enc_keylen, auth_keylen;
- u_int32_t rk[6];
+ int blocklen, i;
+ u_int32_t rk[14];
if (m->m_len < ENCAP_MSG_FIXED_LEN)
{
@@ -121,91 +242,73 @@ esp_new_init(struct tdb *tdbp, struct xformsw *xsp, struct mbuf *m)
m_copydata(m, EMT_SETSPI_FLEN, ESP_NEW_XENCAP_LEN, (caddr_t) &txd);
/* Check whether the encryption algorithm is supported */
- switch (txd.edx_enc_algorithm)
+ for (i=sizeof(esp_new_xform)/sizeof(struct esp_xform)-1; i >= 0; i--)
+ if (txd.edx_enc_algorithm == esp_new_xform[i].type)
+ break;
+ if (i < 0)
{
- case ALG_ENC_DES:
- case ALG_ENC_3DES:
+ if (encdebug)
+ log(LOG_WARNING, "esp_new_init(): unsupported encryption algorithm %d specified\n", txd.edx_enc_algorithm);
+ return EINVAL;
+ }
+
+ txform = &esp_new_xform[i];
#ifdef ENCDEBUG
- if (encdebug)
- printf("esp_new_init(): initialized TDB with enc algorithm %d\n",
- txd.edx_enc_algorithm);
+ if (encdebug)
+ printf("esp_new_init(): initialized TDB with enc algorithm %d: %s\n",
+ txd.edx_enc_algorithm, esp_new_xform[i].name);
#endif /* ENCDEBUG */
- break;
- default:
- if (encdebug)
- log(LOG_WARNING, "esp_new_init(): unsupported encryption algorithm %d specified\n", txd.edx_enc_algorithm);
+ /* Check whether the authentication algorithm is supported */
+ if (txd.edx_flags & ESP_NEW_FLAG_AUTH)
+ {
+ for (i=sizeof(esp_new_hash)/sizeof(struct esp_hash)-1; i >= 0; i--)
+ if (txd.edx_hash_algorithm == esp_new_hash[i].type)
+ break;
+ if (i < 0)
+ {
+ if (encdebug)
+ log(LOG_WARNING, "esp_new_init(): unsupported authentication algorithm %d specified\n", txd.edx_hash_algorithm);
return EINVAL;
- }
+ }
- /* Check whether the authentication algorithm is supported */
- if (txd.edx_flags & ESP_NEW_FLAG_AUTH)
- switch (txd.edx_hash_algorithm)
- {
- case ALG_AUTH_MD5:
- case ALG_AUTH_SHA1:
#ifdef ENCDEBUG
- if (encdebug)
- printf("esp_new_init(): initialized TDB with hash algorithm %d\n", txd.edx_hash_algorithm);
+ if (encdebug)
+ printf("esp_new_init(): initialized TDB with hash algorithm %d: %s\n",
+ txd.edx_hash_algorithm, esp_new_hash[i].name);
#endif /* ENCDEBUG */
- blocklen = HMAC_BLOCK_LEN;
- break;
-
- default:
- if (encdebug)
- log(LOG_WARNING, "esp_new_init(): unsupported authentication algorithm %d specified\n", txd.edx_enc_algorithm);
- return EINVAL;
+ blocklen = HMAC_BLOCK_LEN;
+ thash = &esp_new_hash[i];
}
- if (txd.edx_ivlen + txd.edx_keylen + EMT_SETSPI_FLEN + ESP_NEW_XENCAP_LEN
- != em->em_msglen)
+ if (txd.edx_ivlen + txd.edx_confkeylen + txd.edx_authkeylen +
+ EMT_SETSPI_FLEN + ESP_NEW_XENCAP_LEN != em->em_msglen)
{
if (encdebug)
log(LOG_WARNING, "esp_new_init(): message length (%d) doesn't match\n", em->em_msglen);
return EINVAL;
}
- switch (txd.edx_enc_algorithm)
+ /* Check the IV length */
+ if (((txd.edx_ivlen == 0) && !(txform->ivmask&1)) ||
+ ((txd.edx_ivlen != 0) && (
+ !(txd.edx_ivlen & txform->ivmask) ||
+ (txd.edx_ivlen & (txd.edx_ivlen-1)))))
{
- case ALG_ENC_DES:
- if ((txd.edx_ivlen != 0) && (txd.edx_ivlen != 8))
- {
- if (encdebug)
- log(LOG_WARNING, "esp_new_init(): unsupported IV length %d\n",
- txd.edx_ivlen);
- return EINVAL;
- }
-
- if (txd.edx_keylen < 8)
- {
- if (encdebug)
- log(LOG_WARNING, "esp_new_init(): bad key length\n",
- txd.edx_keylen);
- return EINVAL;
- }
-
- enc_keylen = 8;
- break;
+ if (encdebug)
+ log(LOG_WARNING, "esp_new_init(): unsupported IV length %d\n",
+ txd.edx_ivlen);
+ return EINVAL;
+ }
- case ALG_ENC_3DES:
- if ((txd.edx_ivlen != 0) && (txd.edx_ivlen != 8))
- {
- if (encdebug)
- log(LOG_WARNING, "esp_new_init(): unsupported IV length %d\n",
- txd.edx_ivlen);
- return EINVAL;
- }
-
- if (txd.edx_keylen < 24)
- {
- if (encdebug)
- log(LOG_WARNING, "esp_new_init(): bad key length\n",
- txd.edx_keylen);
- return EINVAL;
- }
-
- enc_keylen = 24;
- break;
+ /* Check the key length */
+ if (txd.edx_confkeylen < txform->minkey ||
+ txd.edx_confkeylen > txform->maxkey)
+ {
+ if (encdebug)
+ log(LOG_WARNING, "esp_new_init(): bad key length %d\n",
+ txd.edx_confkeylen);
+ return EINVAL;
}
MALLOC(tdbp->tdb_xdata, caddr_t, sizeof(struct esp_new_xdata),
@@ -231,6 +334,10 @@ esp_new_init(struct tdb *tdbp, struct xformsw *xsp, struct mbuf *m)
xd->edx_flags = txd.edx_flags;
xd->edx_hash_algorithm = txd.edx_hash_algorithm;
xd->edx_bitmap = 0;
+ xd->edx_xform = txform;
+
+ /* Pass name of enc algorithm for kernfs */
+ tdbp->tdb_confname = xd->edx_xform->name;
/* Replay counters are mandatory, even without auth */
xd->edx_rpl = AH_HMAC_INITIAL_RPL;
@@ -239,39 +346,43 @@ esp_new_init(struct tdb *tdbp, struct xformsw *xsp, struct mbuf *m)
m_copydata(m, EMT_SETSPI_FLEN + ESP_NEW_XENCAP_LEN, xd->edx_ivlen,
(caddr_t) xd->edx_iv);
+ /* Copy the key material */
+ m_copydata(m, EMT_SETSPI_FLEN + ESP_NEW_XENCAP_LEN + xd->edx_ivlen,
+ txd.edx_confkeylen, (caddr_t) rk);
switch (xd->edx_enc_algorithm)
{
case ALG_ENC_DES:
- /* Copy the key material */
- m_copydata(m, EMT_SETSPI_FLEN + ESP_NEW_XENCAP_LEN + xd->edx_ivlen,
- enc_keylen, (caddr_t) rk);
-
des_set_key((caddr_t) rk, (caddr_t) (xd->edx_eks[0]));
break;
case ALG_ENC_3DES:
- /* Copy the key material */
- m_copydata(m, EMT_SETSPI_FLEN + ESP_NEW_XENCAP_LEN + xd->edx_ivlen,
- enc_keylen, (caddr_t) rk);
-
des_set_key((caddr_t) rk, (caddr_t) (xd->edx_eks[0]));
des_set_key((caddr_t) (rk + 2), (caddr_t) (xd->edx_eks[1]));
des_set_key((caddr_t) (rk + 4), (caddr_t) (xd->edx_eks[2]));
break;
+ case ALG_ENC_BLF:
+ blf_key(&xd->edx_bks, (caddr_t) rk, txd.edx_confkeylen);
+ break;
+ case ALG_ENC_CAST:
+ cast_setkey(&xd->edx_cks, (caddr_t) rk, txd.edx_confkeylen);
+ break;
}
if (txd.edx_flags & ESP_NEW_FLAG_AUTH)
{
- auth_keylen = txd.edx_keylen - enc_keylen;
+ xd->edx_hash = thash;
+
+ /* Pass name of auth algorithm for kernfs */
+ tdbp->tdb_authname = xd->edx_hash->name;
#ifdef ENCDEBUG
if (encdebug)
printf("esp_new_init(): using %d bytes of authentication key\n",
- auth_keylen);
+ txd.edx_authkeylen);
#endif
MALLOC(buffer, caddr_t,
- auth_keylen < blocklen ? blocklen : auth_keylen,
+ txd.edx_authkeylen < blocklen ? blocklen : txd.edx_authkeylen,
M_TEMP, M_WAITOK);
if (buffer == NULL)
{
@@ -283,73 +394,41 @@ esp_new_init(struct tdb *tdbp, struct xformsw *xsp, struct mbuf *m)
return ENOBUFS;
}
- bzero(buffer, auth_keylen < blocklen ? blocklen : auth_keylen);
+ bzero(buffer, txd.edx_authkeylen < blocklen ?
+ blocklen : txd.edx_authkeylen);
/* Copy the key to the buffer */
m_copydata(m, EMT_SETSPI_FLEN + ESP_NEW_XENCAP_LEN + xd->edx_ivlen +
- enc_keylen, auth_keylen, buffer);
+ txd.edx_confkeylen, txd.edx_authkeylen, buffer);
/* Shorten the key if necessary */
- if (auth_keylen > blocklen)
+ if (txd.edx_authkeylen > blocklen)
{
- switch (xd->edx_hash_algorithm)
- {
- case ALG_AUTH_MD5:
- MD5Init(&(xd->edx_md5_ictx));
- MD5Update(&(xd->edx_md5_ictx), buffer, auth_keylen);
- bzero(buffer,
- auth_keylen < blocklen ? blocklen : auth_keylen);
- MD5Final(buffer, &(xd->edx_md5_ictx));
- break;
-
- case ALG_AUTH_SHA1:
- SHA1Init(&(xd->edx_sha1_ictx));
- SHA1Update(&(xd->edx_sha1_ictx), buffer, auth_keylen);
- bzero(buffer,
- auth_keylen < blocklen ? blocklen : auth_keylen);
- SHA1Final(buffer, &(xd->edx_sha1_ictx));
- break;
- }
+ xd->edx_hash->Init(&(xd->edx_ictx));
+ xd->edx_hash->Update(&(xd->edx_ictx), buffer, txd.edx_authkeylen);
+ bzero(buffer, txd.edx_authkeylen < blocklen ?
+ blocklen : txd.edx_authkeylen);
+ xd->edx_hash->Final(buffer, &(xd->edx_ictx));
}
/* Precompute the I and O pads of the HMAC */
for (i = 0; i < blocklen; i++)
buffer[i] ^= HMAC_IPAD_VAL;
- switch (xd->edx_hash_algorithm)
- {
- case ALG_AUTH_MD5:
- MD5Init(&(xd->edx_md5_ictx));
- MD5Update(&(xd->edx_md5_ictx), buffer, blocklen);
- break;
-
- case ALG_AUTH_SHA1:
- SHA1Init(&(xd->edx_sha1_ictx));
- SHA1Update(&(xd->edx_sha1_ictx), buffer, blocklen);
- break;
- }
+ xd->edx_hash->Init(&(xd->edx_ictx));
+ xd->edx_hash->Update(&(xd->edx_ictx), buffer, blocklen);
for (i = 0; i < blocklen; i++)
buffer[i] ^= (HMAC_IPAD_VAL ^ HMAC_OPAD_VAL);
- switch (xd->edx_hash_algorithm)
- {
- case ALG_AUTH_MD5:
- MD5Init(&(xd->edx_md5_octx));
- MD5Update(&(xd->edx_md5_octx), buffer, blocklen);
- break;
-
- case ALG_AUTH_SHA1:
- SHA1Init(&(xd->edx_sha1_octx));
- SHA1Update(&(xd->edx_sha1_octx), buffer, blocklen);
- break;
- }
+ xd->edx_hash->Init(&(xd->edx_octx));
+ xd->edx_hash->Update(&(xd->edx_octx), buffer, blocklen);
bzero(buffer, blocklen);
free(buffer, M_TEMP);
}
- bzero(rk, 6 * sizeof(u_int32_t)); /* paranoid */
+ bzero(rk, 14 * sizeof(u_int32_t)); /* paranoid */
bzero(ipseczeroes, IPSEC_ZEROES_SIZE); /* paranoid */
return 0;
@@ -372,7 +451,7 @@ esp_new_input(struct mbuf *m, struct tdb *tdb)
{
struct esp_new_xdata *xd;
struct ip *ip, ipo;
- u_char iv[ESP_3DES_IVS], niv[ESP_3DES_IVS], blk[ESP_3DES_BLKS], opts[40];
+ u_char iv[ESP_MAX_IVS], niv[ESP_MAX_IVS], blk[ESP_MAX_BLKS], opts[40];
u_char *idat, *odat;
struct esp_new *esp;
struct ifnet *rcvif;
@@ -380,47 +459,18 @@ esp_new_input(struct mbuf *m, struct tdb *tdb)
int count, off, errc;
u_int32_t btsx;
struct mbuf *mi, *mo;
- MD5_CTX md5ctx;
- SHA1_CTX sha1ctx;
+ union {
+ MD5_CTX md5ctx;
+ SHA1_CTX sha1ctx;
+ } ctx;
u_char buf[AH_ALEN_MAX], buf2[AH_ALEN_MAX];
xd = (struct esp_new_xdata *)tdb->tdb_xdata;
- switch (xd->edx_enc_algorithm)
- {
- case ALG_ENC_DES:
- blks = ESP_DES_BLKS;
- break;
-
- case ALG_ENC_3DES:
- blks = ESP_3DES_BLKS;
- break;
-
- default:
- if (encdebug)
- log(LOG_ALERT,
- "esp_new_input(): unsupported algorithm %d in SA %x/%08x\n",
- xd->edx_enc_algorithm, tdb->tdb_dst, ntohl(tdb->tdb_spi));
- m_freem(m);
- return NULL;
- }
+ blks = xd->edx_xform->blocksize;
if (xd->edx_flags & ESP_NEW_FLAG_AUTH)
- {
- switch (xd->edx_hash_algorithm)
- {
- case ALG_AUTH_MD5:
- case ALG_AUTH_SHA1:
- alen = AH_HMAC_HASHLEN;
- break;
-
- default:
- if (encdebug)
- log(LOG_ALERT, "esp_new_input(): unsupported algorithm %d in SA %x/%08x\n", xd->edx_hash_algorithm, tdb->tdb_dst, ntohl(tdb->tdb_spi));
- m_freem(m);
- return NULL;
- }
- }
+ alen = AH_HMAC_HASHLEN;
else
alen = 0;
@@ -514,16 +564,7 @@ esp_new_input(struct mbuf *m, struct tdb *tdb)
if (xd->edx_flags & ESP_NEW_FLAG_AUTH)
{
- switch (xd->edx_hash_algorithm)
- {
- case ALG_AUTH_MD5:
- md5ctx = xd->edx_md5_ictx;
- break;
-
- case ALG_AUTH_SHA1:
- sha1ctx = xd->edx_sha1_ictx;
- break;
- }
+ bcopy(&(xd->edx_ictx), &ctx, xd->edx_hash->ctxsize);
/* Auth covers SPI + SN + IV*/
oplen = plen + 2 * sizeof(u_int32_t) + xd->edx_ivlen;
@@ -537,19 +578,7 @@ esp_new_input(struct mbuf *m, struct tdb *tdb)
count = min(mo->m_len - off, oplen);
- switch (xd->edx_hash_algorithm)
- {
- case ALG_AUTH_MD5:
- MD5Update(&md5ctx, mtod(mo, unsigned char *) + off,
- count);
- break;
-
- case ALG_AUTH_SHA1:
- SHA1Update(&sha1ctx, mtod(mo, unsigned char *) + off,
- count);
- break;
- }
-
+ xd->edx_hash->Update(&ctx, mtod(mo, unsigned char *) + off, count);
oplen -= count;
if (oplen == 0)
{
@@ -581,22 +610,10 @@ esp_new_input(struct mbuf *m, struct tdb *tdb)
mo = mo->m_next;
}
- switch (xd->edx_hash_algorithm)
- {
- case ALG_AUTH_MD5:
- MD5Final(buf2, &md5ctx);
- md5ctx = xd->edx_md5_octx;
- MD5Update(&md5ctx, buf2, AH_MD5_ALEN);
- MD5Final(buf2, &md5ctx);
- break;
-
- case ALG_AUTH_SHA1:
- SHA1Final(buf2, &sha1ctx);
- sha1ctx = xd->edx_sha1_octx;
- SHA1Update(&sha1ctx, buf2, AH_SHA1_ALEN);
- SHA1Final(buf2, &sha1ctx);
- break;
- }
+ xd->edx_hash->Final(buf2, &ctx);
+ bcopy(&(xd->edx_octx), &ctx, xd->edx_hash->ctxsize);
+ xd->edx_hash->Update(&ctx, buf2, xd->edx_hash->hashsize);
+ xd->edx_hash->Final(buf2, &ctx);
if (bcmp(buf2, buf, AH_HMAC_HASHLEN))
{
@@ -668,18 +685,7 @@ esp_new_input(struct mbuf *m, struct tdb *tdb)
if (i == blks)
{
- switch (xd->edx_enc_algorithm)
- {
- case ALG_ENC_DES:
- des_ecb_encrypt(blk, blk, (caddr_t) (xd->edx_eks[0]), 0);
- break;
-
- case ALG_ENC_3DES:
- des_ecb3_encrypt(blk, blk, (caddr_t) (xd->edx_eks[2]),
- (caddr_t) (xd->edx_eks[1]),
- (caddr_t) (xd->edx_eks[0]), 0);
- break;
- }
+ xd->edx_xform->decrypt(xd, blk);
for (i=0; i<8; i++)
{
@@ -841,51 +847,24 @@ esp_new_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
struct mbuf *mi, *mo;
u_char *pad, *idat, *odat;
u_char iv[ESP_3DES_IVS], blk[ESP_3DES_IVS], auth[AH_ALEN_MAX], opts[40];
- MD5_CTX md5ctx;
- SHA1_CTX sha1ctx;
+ union {
+ MD5_CTX md5ctx;
+ SHA1_CTX sha1ctx;
+ } ctx;
int iphlen, blks, alen;
xd = (struct esp_new_xdata *) tdb->tdb_xdata;
- switch (xd->edx_enc_algorithm)
- {
- case ALG_ENC_DES:
- blks = ESP_DES_BLKS;
- break;
-
- case ALG_ENC_3DES:
- blks = ESP_3DES_BLKS;
- break;
-
- default:
- if (encdebug)
- log(LOG_ALERT,
- "esp_new_output(): unsupported algorithm %d in SA %x/%08x\n",
- xd->edx_enc_algorithm, tdb->tdb_dst, ntohl(tdb->tdb_spi));
- m_freem(m);
- return NULL;
- }
+ blks = xd->edx_xform->blocksize;
if (xd->edx_flags & ESP_NEW_FLAG_AUTH)
{
- switch (xd->edx_hash_algorithm)
- {
- case ALG_AUTH_MD5:
- case ALG_AUTH_SHA1:
- alen = AH_HMAC_HASHLEN;
+ alen = AH_HMAC_HASHLEN;
#ifdef ENCDEBUG
- if (encdebug)
- printf("esp_new_output(): using hash algorithm %d\n",
- xd->edx_hash_algorithm);
+ if (encdebug)
+ printf("esp_new_output(): using hash algorithm: %s\n",
+ xd->edx_hash->name);
#endif /* ENCDEBUG */
- break;
-
- default:
- if (encdebug)
- log(LOG_ALERT, "esp_new_output(): unsupported algorithm %d in SA %x/%08x\n", xd->edx_hash_algorithm, tdb->tdb_dst, ntohl(tdb->tdb_spi));
- m_freem(m);
- return NULL;
- }
}
else
alen = 0;
@@ -997,20 +976,9 @@ esp_new_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
/* Authenticate the esp header */
if (xd->edx_flags & ESP_NEW_FLAG_AUTH)
{
- switch (xd->edx_hash_algorithm)
- {
- case ALG_AUTH_MD5:
- md5ctx = xd->edx_md5_ictx;
- MD5Update(&md5ctx, (unsigned char *) &espo,
- 2 * sizeof(u_int32_t) + xd->edx_ivlen);
- break;
-
- case ALG_AUTH_SHA1:
- sha1ctx = xd->edx_sha1_ictx;
- SHA1Update(&sha1ctx, (unsigned char *) &espo,
- 2 * sizeof(u_int32_t) + xd->edx_ivlen);
- break;
- }
+ bcopy(&(xd->edx_ictx), &ctx, xd->edx_hash->ctxsize);
+ xd->edx_hash->Update(&ctx, (unsigned char *) &espo,
+ 2 * sizeof(u_int32_t) + xd->edx_ivlen);
}
/* Encrypt the payload */
@@ -1034,30 +1002,10 @@ esp_new_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
if (i == blks)
{
- switch (xd->edx_enc_algorithm)
- {
- case ALG_ENC_DES:
- des_ecb_encrypt(blk, blk, (caddr_t) (xd->edx_eks[0]), 1);
- break;
-
- case ALG_ENC_3DES:
- des_ecb3_encrypt(blk, blk, (caddr_t) (xd->edx_eks[0]),
- (caddr_t) (xd->edx_eks[1]),
- (caddr_t) (xd->edx_eks[2]), 1);
- break;
- }
+ xd->edx_xform->encrypt(xd, blk);
if (xd->edx_flags & ESP_NEW_FLAG_AUTH)
- switch (xd->edx_hash_algorithm)
- {
- case ALG_AUTH_MD5:
- MD5Update(&md5ctx, blk, blks);
- break;
-
- case ALG_AUTH_SHA1:
- SHA1Update(&sha1ctx, blk, blks);
- break;
- }
+ xd->edx_hash->Update(&ctx, blk, blks);
for (i = 0; i < blks; i++)
{
@@ -1084,22 +1032,10 @@ esp_new_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
/* Put in authentication data */
if (xd->edx_flags & ESP_NEW_FLAG_AUTH)
{
- switch (xd->edx_hash_algorithm)
- {
- case ALG_AUTH_MD5:
- MD5Final(auth, &md5ctx);
- md5ctx = xd->edx_md5_octx;
- MD5Update(&md5ctx, auth, AH_MD5_ALEN);
- MD5Final(auth, &md5ctx);
- break;
-
- case ALG_AUTH_SHA1:
- SHA1Final(auth, &sha1ctx);
- sha1ctx = xd->edx_sha1_octx;
- SHA1Update(&sha1ctx, auth, AH_SHA1_ALEN);
- SHA1Final(auth, &sha1ctx);
- break;
- }
+ xd->edx_hash->Final(auth, &ctx);
+ bcopy(&(xd->edx_octx), &ctx, xd->edx_hash->ctxsize);
+ xd->edx_hash->Update(&ctx, auth, xd->edx_hash->hashsize);
+ xd->edx_hash->Final(auth, &ctx);
/* Copy the final authenticator */
bcopy(auth, pad + padding, alen);
diff --git a/sys/netinet/ip_esp_old.c b/sys/netinet/ip_esp_old.c
index 633d9b880c0..07f89c937bf 100644
--- a/sys/netinet/ip_esp_old.c
+++ b/sys/netinet/ip_esp_old.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_esp_old.c,v 1.9 1997/10/02 02:31:05 deraadt Exp $ */
+/* $OpenBSD: ip_esp_old.c,v 1.10 1997/11/04 09:11:13 provos Exp $ */
/*
* The author of this code is John Ioannidis, ji@tla.org,
@@ -9,7 +9,11 @@
* Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
* by Angelos D. Keromytis, kermit@forthnet.gr.
*
- * Copyright (C) 1995, 1996, 1997 by John Ioannidis and Angelos D. Keromytis.
+ * Additional transforms and features in 1997 by Angelos D. Keromytis and
+ * Niels Provos.
+ *
+ * Copyright (C) 1995, 1996, 1997 by John Ioannidis, Angelos D. Keromytis
+ * and Niels Provos.
*
* Permission to use, copy, and modify this software without fee
* is hereby granted, provided that this entire notice is included in
@@ -67,6 +71,58 @@ extern void des_set_key(caddr_t, caddr_t);
extern encap_sendnotify(int, struct tdb *);
+static void des1_encrypt(void *, u_int8_t *);
+static void des3_encrypt(void *, u_int8_t *);
+static void des1_decrypt(void *, u_int8_t *);
+static void des3_decrypt(void *, u_int8_t *);
+
+struct esp_xform esp_old_xform[] = {
+ { ALG_ENC_DES, "Data Encryption Standard (DES)",
+ ESP_DES_BLKS, ESP_DES_IVS,
+ 8, 8, 8 | 4,
+ des1_encrypt,
+ des1_decrypt
+ },
+ { ALG_ENC_3DES, "Tripple DES (3DES)",
+ ESP_3DES_BLKS, ESP_3DES_IVS,
+ 24, 24, 8 | 4,
+ des3_encrypt,
+ des3_decrypt
+ }
+};
+
+static void
+des1_encrypt(void *pxd, u_int8_t *blk)
+{
+ struct esp_old_xdata *xd = pxd;
+ des_ecb_encrypt(blk, blk, (caddr_t) (xd->edx_eks[0]), 1);
+}
+
+static void
+des1_decrypt(void *pxd, u_int8_t *blk)
+{
+ struct esp_old_xdata *xd = pxd;
+ des_ecb_encrypt(blk, blk, (caddr_t) (xd->edx_eks[0]), 0);
+}
+
+static void
+des3_encrypt(void *pxd, u_int8_t *blk)
+{
+ struct esp_old_xdata *xd = pxd;
+ des_ecb3_encrypt(blk, blk, (caddr_t) (xd->edx_eks[2]),
+ (caddr_t) (xd->edx_eks[1]),
+ (caddr_t) (xd->edx_eks[0]), 1);
+}
+
+static void
+des3_decrypt(void *pxd, u_int8_t *blk)
+{
+ struct esp_old_xdata *xd = pxd;
+ des_ecb3_encrypt(blk, blk, (caddr_t) (xd->edx_eks[2]),
+ (caddr_t) (xd->edx_eks[1]),
+ (caddr_t) (xd->edx_eks[0]), 0);
+}
+
int
esp_old_attach()
{
@@ -89,7 +145,9 @@ esp_old_init(struct tdb *tdbp, struct xformsw *xsp, struct mbuf *m)
struct esp_old_xdata *xd;
struct esp_old_xencap xenc;
struct encap_msghdr *em;
+ struct esp_xform *txform;
u_int32_t rk[6];
+ int i;
if (m->m_len < ENCAP_MSG_FIXED_LEN)
{
@@ -115,22 +173,22 @@ esp_old_init(struct tdb *tdbp, struct xformsw *xsp, struct mbuf *m)
m_copydata(m, EMT_SETSPI_FLEN, ESP_OLD_XENCAP_LEN, (caddr_t) &xenc);
/* Check whether the encryption algorithm is supported */
- switch (xenc.edx_enc_algorithm)
+ for (i=sizeof(esp_old_xform)/sizeof(struct esp_xform)-1; i >= 0; i--)
+ if (xenc.edx_enc_algorithm == esp_old_xform[i].type)
+ break;
+ if (i < 0)
{
- case ALG_ENC_DES:
- case ALG_ENC_3DES:
+ if (encdebug)
+ log(LOG_WARNING, "esp_old_init(): unsupported encryption algorithm %d specified\n", xenc.edx_enc_algorithm);
+ return EINVAL;
+ }
+
+ txform = &esp_old_xform[i];
#ifdef ENCDEBUG
- if (encdebug)
- printf("esp_old_init(): initialized TDB with enc algorithm %d\n",
- xenc.edx_enc_algorithm);
+ if (encdebug)
+ printf("esp_old_init(): initialized TDB with enc algorithm %d: %s\n",
+ xenc.edx_enc_algorithm, esp_old_xform[i].name);
#endif /* ENCDEBUG */
- break;
-
- default:
- if (encdebug)
- log(LOG_WARNING, "esp_old_init(): unsupported encryption algorithm %d specified\n", xenc.edx_enc_algorithm);
- return EINVAL;
- }
if (xenc.edx_ivlen + xenc.edx_keylen + EMT_SETSPI_FLEN +
ESP_OLD_XENCAP_LEN != em->em_msglen)
@@ -140,45 +198,25 @@ esp_old_init(struct tdb *tdbp, struct xformsw *xsp, struct mbuf *m)
return EINVAL;
}
- switch (xenc.edx_enc_algorithm)
+ /* Check the IV length */
+ if (((xenc.edx_ivlen == 0) && !(txform->ivmask&1)) ||
+ ((xenc.edx_ivlen != 0) && (
+ !(xenc.edx_ivlen & txform->ivmask) ||
+ (xenc.edx_ivlen & (xenc.edx_ivlen-1)))))
{
- case ALG_ENC_DES:
- if ((xenc.edx_ivlen != 4) && (xenc.edx_ivlen != 8))
- {
- if (encdebug)
- log(LOG_WARNING, "esp_old_init(): unsupported IV length %d\n",
- xenc.edx_ivlen);
- return EINVAL;
- }
-
- if (xenc.edx_keylen != 8)
- {
- if (encdebug)
- log(LOG_WARNING, "esp_old_init(): bad key length\n",
- xenc.edx_keylen);
- return EINVAL;
- }
-
- break;
+ if (encdebug)
+ log(LOG_WARNING, "esp_old_init(): unsupported IV length %d\n",
+ xenc.edx_ivlen);
+ return EINVAL;
+ }
- case ALG_ENC_3DES:
- if ((xenc.edx_ivlen != 4) && (xenc.edx_ivlen != 8))
- {
- if (encdebug)
- log(LOG_WARNING, "esp_old_init(): unsupported IV length %d\n",
- xenc.edx_ivlen);
- return EINVAL;
- }
-
- if (xenc.edx_keylen != 24)
- {
- if (encdebug)
- log(LOG_WARNING, "esp_old_init(): bad key length\n",
- xenc.edx_keylen);
- return EINVAL;
- }
-
- break;
+ /* Check the key length */
+ if (xenc.edx_keylen < txform->minkey || xenc.edx_keylen > txform->maxkey)
+ {
+ if (encdebug)
+ log(LOG_WARNING, "esp_old_init(): bad key length %d\n",
+ xenc.edx_keylen);
+ return EINVAL;
}
MALLOC(tdbp->tdb_xdata, caddr_t, sizeof(struct esp_old_xdata),
@@ -199,8 +237,12 @@ esp_old_init(struct tdb *tdbp, struct xformsw *xsp, struct mbuf *m)
tdbp->tdb_xform = xsp;
xd->edx_ivlen = xenc.edx_ivlen;
+ xd->edx_xform = txform;
xd->edx_enc_algorithm = xenc.edx_enc_algorithm;
+ /* Pass name of enc algorithm for kernfs */
+ tdbp->tdb_confname = xd->edx_xform->name;
+
/* Copy the IV */
m_copydata(m, EMT_SETSPI_FLEN + ESP_OLD_XENCAP_LEN, xd->edx_ivlen,
(caddr_t) xd->edx_iv);
@@ -258,24 +300,7 @@ esp_old_input(struct mbuf *m, struct tdb *tdb)
xd = (struct esp_old_xdata *) tdb->tdb_xdata;
- switch (xd->edx_enc_algorithm)
- {
- case ALG_ENC_DES:
- blks = ESP_DES_BLKS;
- break;
-
- case ALG_ENC_3DES:
- blks = ESP_3DES_BLKS;
- break;
-
- default:
- if (encdebug)
- log(LOG_ALERT,
- "esp_old_input(): unsupported algorithm %d in SA %x/%08x\n",
- xd->edx_enc_algorithm, tdb->tdb_dst, ntohl(tdb->tdb_spi));
- m_freem(m);
- return NULL;
- }
+ blks = xd->edx_xform->blocksize;
rcvif = m->m_pkthdr.rcvif;
if (rcvif == NULL)
@@ -405,18 +430,7 @@ esp_old_input(struct mbuf *m, struct tdb *tdb)
if (i == blks)
{
- switch (xd->edx_enc_algorithm)
- {
- case ALG_ENC_DES:
- des_ecb_encrypt(blk, blk, (caddr_t) (xd->edx_eks[0]), 0);
- break;
-
- case ALG_ENC_3DES:
- des_ecb3_encrypt(blk, blk, (caddr_t) (xd->edx_eks[2]),
- (caddr_t) (xd->edx_eks[1]),
- (caddr_t) (xd->edx_eks[0]), 0);
- break;
- }
+ xd->edx_xform->decrypt(xd, blk);
for (i = 0; i < blks; i++)
{
@@ -539,24 +553,7 @@ esp_old_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
xd = (struct esp_old_xdata *) tdb->tdb_xdata;
- switch (xd->edx_enc_algorithm)
- {
- case ALG_ENC_DES:
- blks = ESP_DES_BLKS;
- break;
-
- case ALG_ENC_3DES:
- blks = ESP_3DES_BLKS;
- break;
-
- default:
- if (encdebug)
- log(LOG_ALERT,
- "esp_old_output(): unsupported algorithm %d in SA %x/%08x\n",
- xd->edx_enc_algorithm, tdb->tdb_dst, ntohl(tdb->tdb_spi));
- m_freem(m);
- return NULL;
- }
+ blks = xd->edx_xform->blocksize;
espstat.esps_output++;
@@ -670,18 +667,7 @@ esp_old_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
if (i == blks)
{
- switch (xd->edx_enc_algorithm)
- {
- case ALG_ENC_DES:
- des_ecb_encrypt(blk, blk, (caddr_t) (xd->edx_eks[0]), 1);
- break;
-
- case ALG_ENC_3DES:
- des_ecb3_encrypt(blk, blk, (caddr_t) (xd->edx_eks[0]),
- (caddr_t) (xd->edx_eks[1]),
- (caddr_t) (xd->edx_eks[2]), 1);
- break;
- }
+ xd->edx_xform->encrypt(xd, blk);
for (i = 0; i < blks; i++)
{
diff --git a/sys/netinet/ip_ip4.c b/sys/netinet/ip_ip4.c
index 69770687979..ae1d3f74419 100644
--- a/sys/netinet/ip_ip4.c
+++ b/sys/netinet/ip_ip4.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_ip4.c,v 1.14 1997/10/02 02:31:05 deraadt Exp $ */
+/* $OpenBSD: ip_ip4.c,v 1.15 1997/11/04 09:11:14 provos Exp $ */
/*
* The author of this code is John Ioannidis, ji@tla.org,
@@ -9,7 +9,11 @@
* Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
* by Angelos D. Keromytis, kermit@forthnet.gr.
*
- * Copyright (C) 1995, 1996, 1997 by John Ioannidis and Angelos D. Keromytis.
+ * Additional transforms and features in 1997 by Angelos D. Keromytis and
+ * Niels Provos.
+ *
+ * Copyright (C) 1995, 1996, 1997 by John Ioannidis, Angelos D. Keromytis
+ * and Niels Provos.
*
* Permission to use, copy, and modify this software without fee
* is hereby granted, provided that this entire notice is included in
diff --git a/sys/netinet/ip_ip4.h b/sys/netinet/ip_ip4.h
index ca5162b1c4c..1456aa12e8c 100644
--- a/sys/netinet/ip_ip4.h
+++ b/sys/netinet/ip_ip4.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_ip4.h,v 1.8 1997/07/14 08:48:47 provos Exp $ */
+/* $OpenBSD: ip_ip4.h,v 1.9 1997/11/04 09:11:15 provos Exp $ */
/*
* The author of this code is John Ioannidis, ji@tla.org,
@@ -9,7 +9,11 @@
* Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
* by Angelos D. Keromytis, kermit@forthnet.gr.
*
- * Copyright (C) 1995, 1996, 1997 by John Ioannidis and Angelos D. Keromytis.
+ * Additional transforms and features in 1997 by Angelos D. Keromytis and
+ * Niels Provos.
+ *
+ * Copyright (C) 1995, 1996, 1997 by John Ioannidis, Angelos D. Keromytis
+ * and Niels Provos.
*
* Permission to use, copy, and modify this software without fee
* is hereby granted, provided that this entire notice is included in
diff --git a/sys/netinet/ip_ipsp.c b/sys/netinet/ip_ipsp.c
index 22fc2f0b51e..d7aec220783 100644
--- a/sys/netinet/ip_ipsp.c
+++ b/sys/netinet/ip_ipsp.c
@@ -1,4 +1,5 @@
-/* $OpenBSD: ip_ipsp.c,v 1.22 1997/10/02 02:31:06 deraadt Exp $ */
+
+/* $OpenBSD: ip_ipsp.c,v 1.23 1997/11/04 09:11:15 provos Exp $ */
/*
* The author of this code is John Ioannidis, ji@tla.org,
@@ -9,7 +10,11 @@
* Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
* by Angelos D. Keromytis, kermit@forthnet.gr.
*
- * Copyright (C) 1995, 1996, 1997 by John Ioannidis and Angelos D. Keromytis.
+ * Additional transforms and features in 1997 by Angelos D. Keromytis and
+ * Niels Provos.
+ *
+ * Copyright (C) 1995, 1996, 1997 by John Ioannidis, Angelos D. Keromytis
+ * and Niels Provos.
*
* Permission to use, copy, and modify this software without fee
* is hereby granted, provided that this entire notice is included in
@@ -561,6 +566,13 @@ ipsp_kern(int off, char **bufp, int len)
else
l += sprintf(buffer + l, "\txform = <(null)>\n");
+ if (tdb->tdb_confname)
+ l += sprintf(buffer + l, "\t\tencryption = <%s>\n",
+ tdb->tdb_confname);
+ if (tdb->tdb_authname)
+ l += sprintf(buffer + l, "\t\tauthentication = <%s>\n",
+ tdb->tdb_authname);
+
l += sprintf(buffer + l, "\tOSrc = %s", inet_ntoa(tdb->tdb_osrc));
l += sprintf(buffer + l, " ODst = %s, TTL = %u\n",
diff --git a/sys/netinet/ip_ipsp.h b/sys/netinet/ip_ipsp.h
index db931990557..c1c2be2256d 100644
--- a/sys/netinet/ip_ipsp.h
+++ b/sys/netinet/ip_ipsp.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_ipsp.h,v 1.14 1997/07/27 23:30:37 niklas Exp $ */
+/* $OpenBSD: ip_ipsp.h,v 1.15 1997/11/04 09:11:17 provos Exp $ */
/*
* The author of this code is John Ioannidis, ji@tla.org,
@@ -9,7 +9,11 @@
* Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
* by Angelos D. Keromytis, kermit@forthnet.gr.
*
- * Copyright (C) 1995, 1996, 1997 by John Ioannidis and Angelos D. Keromytis.
+ * Additional transforms and features in 1997 by Angelos D. Keromytis and
+ * Niels Provos.
+ *
+ * Copyright (C) 1995, 1996, 1997 by John Ioannidis, Angelos D. Keromytis
+ * and Niels Provos.
*
* Permission to use, copy, and modify this software without fee
* is hereby granted, provided that this entire notice is included in
@@ -99,6 +103,8 @@ struct tdb /* tunnel descriptor block */
u_int8_t tdb_sproto; /* IPsec protocol */
u_int16_t tdb_satype; /* Alignment */
u_int32_t tdb_epoch; /* Used by the kernfs interface */
+ u_int8_t *tdb_confname; /* Used by the kernfs interface */
+ u_int8_t *tdb_authname; /* Used by the kernfs interface */
};
#define TDB_HASHMOD 257
@@ -128,6 +134,8 @@ struct xformsw
/* Supported encryption algorithms */
#define ALG_ENC_DES 1
#define ALG_ENC_3DES 2
+#define ALG_ENC_BLF 3
+#define ALG_ENC_CAST 4
#define XFT_AUTH 0x0001
#define XFT_CONF 0x0100
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-28 00:54:39 +0000