Home | History | Annotate | Download | only in netipsec

Lines Matching defs:sav

91 #define HDRSIZE(sav) \
92 	(((sav)->flags & SADB_X_EXT_OLD) ? \
99 #define	AUTHSIZE(sav) \
100 	((sav->flags & SADB_X_EXT_OLD) ? 16 : (sav)->tdb_authalgxform->authsize)
152 ah_authsiz(const struct secasvar *sav)
156 	if (sav == NULL) {
160 	size = AUTHSIZE(sav);
165 ah_hdrsiz(const struct secasvar *sav)
169 	if (sav != NULL) {
172 		KASSERT(sav->tdb_authalgxform != NULL);
178 		if (sav->sah->saidx.dst.sa.sa_family == AF_INET6) {
182 		rplen = HDRSIZE(sav);
183 		authsize = AUTHSIZE(sav);
196 ah_init0(struct secasvar *sav, const struct xformsw *xsp,
202 	thash = ah_algorithm_lookup(sav->alg_auth);
205 		    sav->alg_auth);
214 	if (((sav->flags&SADB_X_EXT_OLD) == 0) ^ (sav->replay != NULL)) {
217 		    (sav->flags & SADB_X_EXT_OLD) ? "old" : "new",
218 		    sav->replay == NULL ? "without" : "with");
221 	if (sav->key_auth == NULL) {
226 	keylen = _KEYLEN(sav->key_auth);
234 	sav->tdb_xform = xsp;
235 	sav->tdb_authalgxform = thash;
239 	cria->cri_alg = sav->tdb_authalgxform->type;
240 	cria->cri_klen = _KEYBITS(sav->key_auth);
241 	cria->cri_key = _KEYBUF(sav->key_auth);
250 ah_init(struct secasvar *sav, const struct xformsw *xsp)
255 	error = ah_init0(sav, xsp, &cria);
257 		error = crypto_newsession(&sav->tdb_cryptoid,
268 ah_zeroize(struct secasvar *sav)
271 	if (sav->key_auth) {
272 		explicit_memset(_KEYBUF(sav->key_auth), 0,
273 		    _KEYLEN(sav->key_auth));
276 	crypto_freesession(sav->tdb_cryptoid);
277 	sav->tdb_cryptoid = 0;
278 	sav->tdb_authalgxform = NULL;
279 	sav->tdb_xform = NULL;
525 ah_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff)
536 	KASSERT(sav != NULL);
537 	KASSERT(sav->key_auth != NULL);
538 	KASSERT(sav->tdb_authalgxform != NULL);
541 	rplen = HDRSIZE(sav);
553 	if (sav->replay && !ipsec_chkreplay(ntohl(ah->ah_seq), sav)) {
556 		    ipsec_logsastr(sav, buf, sizeof(buf)));
564 	ahx = sav->tdb_authalgxform;
565 	authsize = AUTHSIZE(sav);
566 	ahsize = ah_hdrsiz(sav);
572 		    ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
573 		    (u_long) ntohl(sav->spi));
583 		    ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
584 		    (u_long) ntohl(sav->spi));
610 	crda->crd_key = _KEYBUF(sav->key_auth);
611 	crda->crd_klen = _KEYBITS(sav->key_auth);
648 	error = ah_massage_headers(&m, sav->sah->saidx.dst.sa.sa_family,
662 	if (__predict_false(sav->state == SADB_SASTATE_DEAD)) {
668 	KEY_SA_REF(sav);
677 	crp->crp_sid = sav->tdb_cryptoid;
681 	tc->tc_spi = sav->spi;
682 	tc->tc_dst = sav->sah->saidx.dst;
683 	tc->tc_proto = sav->sah->saidx.proto;
687 	tc->tc_sav = sav;
712 #define	IPSEC_COMMON_INPUT_CB(m, sav, skip, protoff) do {		     \
714 		(void)ipsec6_common_input_cb(m, sav, skip, protoff);	     \
716 		(void)ipsec4_common_input_cb(m, sav, skip, protoff);	     \
720 #define	IPSEC_COMMON_INPUT_CB(m, sav, skip, protoff)			     \
721 	((void)ipsec4_common_input_cb(m, sav, skip, protoff))
735 	struct secasvar *sav;
753 	sav = tc->tc_sav;
754 	saidx = &sav->sah->saidx;
760 	rplen = HDRSIZE(sav);
761 	authsize = AUTHSIZE(sav);
762 	ahsize = ah_hdrsiz(sav);
772 		if (sav->tdb_cryptoid != 0)
773 			sav->tdb_cryptoid = crp->crp_sid;
779 		AH_STATINC(AH_STAT_HIST + ah_stats[sav->alg_auth]);
801 		    (u_long) ntohl(sav->spi),
832 	if (sav->replay) {
837 		if (ipsec_updatereplay(ntohl(seq), sav)) {
849 		    (u_long) ntohl(sav->spi));
855 	IPSEC_COMMON_INPUT_CB(m, sav, skip, protoff);
857 	KEY_SA_UNREF(&sav);
862 	if (sav)
863 		KEY_SA_UNREF(&sav);
881 ah_output(struct mbuf *m, const struct ipsecrequest *isr, struct secasvar *sav,
897 	KASSERT(sav != NULL);
898 	KASSERT(sav->tdb_authalgxform != NULL);
899 	ahx = sav->tdb_authalgxform;
904 	rplen = HDRSIZE(sav);
905 	authsize = AUTHSIZE(sav);
906 	ahsize = ah_hdrsiz(sav);
909 	switch (sav->sah->saidx.dst.sa.sa_family) {
925 		    sav->sah->saidx.dst.sa.sa_family,
926 		    ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
927 		    (u_long) ntohl(sav->spi));
935 		    ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
936 		    (u_long) ntohl(sav->spi),
949 		    ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
950 		    (u_long) ntohl(sav->spi));
961 		    ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
962 		    (u_long) ntohl(sav->spi));
978 	ah->ah_spi = sav->spi;
988 	if (sav->replay) {
989 		if (sav->replay->count == ~0 &&
990 		    (sav->flags & SADB_X_EXT_CYCSEQ) == 0) {
992 			    ipsec_address(&sav->sah->saidx.dst, buf,
993 			    sizeof(buf)), (u_long) ntohl(sav->spi));
1002 			sav->replay->count++;
1003 		ah->ah_seq = htonl(sav->replay->count);
1023 	crda->crd_key = _KEYBUF(sav->key_auth);
1024 	crda->crd_klen = _KEYBITS(sav->key_auth);
1065 	error = ah_massage_headers(&m, sav->sah->saidx.dst.sa.sa_family,
1079 	    sav->state == SADB_SASTATE_DEAD)) {
1086 	KEY_SA_REF(sav);
1095 	crp->crp_sid = sav->tdb_cryptoid;
1100 	tc->tc_spi = sav->spi;
1101 	tc->tc_dst = sav->sah->saidx.dst;
1102 	tc->tc_proto = sav->sah->saidx.proto;
1106 	tc->tc_sav = sav;
1132 	struct secasvar *sav;
1151 	sav = tc->tc_sav;
1155 		if (sav->tdb_cryptoid != 0)
1156 			sav->tdb_cryptoid = crp->crp_sid;
1163 	AH_STATINC(AH_STAT_HIST + ah_stats[sav->alg_auth]);
1188 		alen = AUTHSIZE(sav);
1194 	(void)ipsec_process_done(m, isr, sav, flags);
1195 	KEY_SA_UNREF(&sav);
1200 	if (sav)
1201 		KEY_SA_UNREF(&sav);