Lines Matching defs:sav
137 esp_hdrsiz(const struct secasvar *sav)
141 if (sav != NULL) {
143 KASSERT(sav->tdb_encalgxform != NULL);
152 if (sav->flags & SADB_X_EXT_OLD)
156 size += sav->tdb_encalgxform->ivsize + 9 +
160 if (sav->tdb_authalgxform != NULL && sav->replay)
161 size += ah_authsiz(sav);
180 esp_init(struct secasvar *sav, const struct xformsw *xsp)
187 txform = esp_algorithm_lookup(sav->alg_enc);
190 sav->alg_enc);
193 if (sav->key_enc == NULL) {
198 if ((sav->flags&(SADB_X_EXT_OLD|SADB_X_EXT_IV4B)) == SADB_X_EXT_IV4B) {
202 keylen = _KEYLEN(sav->key_enc);
210 sav->ivlen = txform->ivsize;
215 if (sav->alg_auth != 0) {
216 error = ah_init0(sav, xsp, &cria);
222 sav->tdb_xform = xsp;
223 sav->tdb_encalgxform = txform;
225 switch (sav->alg_enc) {
230 sav->alg_auth = SADB_X_AALG_AES128GMAC;
231 sav->tdb_authalgxform = &auth_hash_gmac_aes_128;
234 sav->alg_auth = SADB_X_AALG_AES192GMAC;
235 sav->tdb_authalgxform = &auth_hash_gmac_aes_192;
238 sav->alg_auth = SADB_X_AALG_AES256GMAC;
239 sav->tdb_authalgxform = &auth_hash_gmac_aes_256;
248 cria.cri_alg = sav->tdb_authalgxform->type;
249 cria.cri_klen = _KEYBITS(sav->key_enc);
250 cria.cri_key = _KEYBUF(sav->key_enc);
258 crie.cri_alg = sav->tdb_encalgxform->type;
259 crie.cri_klen = _KEYBITS(sav->key_enc);
260 crie.cri_key = _KEYBUF(sav->key_enc);
263 if (sav->tdb_authalgxform && sav->tdb_encalgxform) {
267 } else if (sav->tdb_encalgxform) {
269 } else if (sav->tdb_authalgxform) {
277 return crypto_newsession(&sav->tdb_cryptoid, cr, crypto_support);
284 esp_zeroize(struct secasvar *sav)
287 ah_zeroize(sav);
289 if (sav->key_enc) {
290 explicit_memset(_KEYBUF(sav->key_enc), 0,
291 _KEYLEN(sav->key_enc));
293 sav->tdb_encalgxform = NULL;
294 sav->tdb_xform = NULL;
301 esp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff)
311 KASSERT(sav != NULL);
312 KASSERT(sav->tdb_encalgxform != NULL);
328 esph = sav->tdb_authalgxform;
329 espx = sav->tdb_encalgxform;
333 if (sav->flags & SADB_X_EXT_OLD)
334 hlen = sizeof(struct esp) + sav->ivlen;
336 hlen = sizeof(struct newesp) + sav->ivlen;
353 ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
354 (u_long) ntohl(sav->spi));
363 if (esph && sav->replay && !ipsec_chkreplay(ntohl(esp->esp_seq), sav)) {
366 ipsec_logsastr(sav, logbuf, sizeof(logbuf)));
410 crda->crd_len = hlen - sav->ivlen;
418 crda->crd_key = _KEYBUF(sav->key_enc);
419 crda->crd_klen = _KEYBITS(sav->key_enc);
421 crda->crd_key = _KEYBUF(sav->key_auth);
422 crda->crd_klen = _KEYBITS(sav->key_auth);
440 if (__predict_false(sav->state == SADB_SASTATE_DEAD)) {
446 KEY_SA_REF(sav);
455 crp->crp_sid = sav->tdb_cryptoid;
459 tc->tc_spi = sav->spi;
460 tc->tc_dst = sav->sah->saidx.dst;
461 tc->tc_proto = sav->sah->saidx.proto;
464 tc->tc_sav = sav;
473 crde->crd_inject = skip + hlen - sav->ivlen;
475 crde->crd_key = _KEYBUF(sav->key_enc);
476 crde->crd_klen = _KEYBITS(sav->key_enc);
493 #define IPSEC_COMMON_INPUT_CB(m, sav, skip, protoff) do { \
495 (void)ipsec6_common_input_cb(m, sav, skip, protoff); \
497 (void)ipsec4_common_input_cb(m, sav, skip, protoff); \
501 #define IPSEC_COMMON_INPUT_CB(m, sav, skip, protoff) \
502 ((void)ipsec4_common_input_cb(m, sav, skip, protoff))
517 struct secasvar *sav;
532 sav = tc->tc_sav;
533 saidx = &sav->sah->saidx;
538 esph = sav->tdb_authalgxform;
543 if (sav->tdb_cryptoid != 0)
544 sav->tdb_cryptoid = crp->crp_sid;
551 ESP_STATINC(ESP_STAT_HIST + esp_stats[sav->alg_enc]);
560 AH_STATINC(AH_STAT_HIST + ah_stats[sav->alg_auth]);
572 sizeof(buf)), (u_long) ntohl(sav->spi));
595 if (sav->replay) {
600 if (ipsec_updatereplay(ntohl(seq), sav)) {
603 ipsec_logsastr(sav, logbuf, sizeof(logbuf)));
610 if (sav->flags & SADB_X_EXT_OLD)
611 hlen = sizeof(struct esp) + sav->ivlen;
613 hlen = sizeof(struct newesp) + sav->ivlen;
619 ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
620 (u_long) ntohl(sav->spi));
633 sav->sah->saidx.dst, buf, sizeof(buf)),
634 (u_long) ntohl(sav->spi));
639 if ((sav->flags & SADB_X_EXT_PMASK) != SADB_X_EXT_PRAND) {
644 ipsec_address(&sav->sah->saidx.dst, buf,
645 sizeof(buf)), (u_long) ntohl(sav->spi));
658 IPSEC_COMMON_INPUT_CB(m, sav, skip, protoff);
660 KEY_SA_UNREF(&sav);
664 if (sav)
665 KEY_SA_UNREF(&sav);
678 esp_output(struct mbuf *m, const struct ipsecrequest *isr, struct secasvar *sav,
695 esph = sav->tdb_authalgxform;
696 espx = sav->tdb_encalgxform;
700 if (sav->flags & SADB_X_EXT_OLD)
701 hlen = sizeof(struct esp) + sav->ivlen;
703 hlen = sizeof(struct newesp) + sav->ivlen;
724 saidx = &sav->sah->saidx;
741 (u_long)ntohl(sav->spi));
750 (u_long) ntohl(sav->spi),
764 (u_long) ntohl(sav->spi));
776 (u_long) ntohl(sav->spi));
783 memcpy(mtod(mo, char *) + roff, &sav->spi, sizeof(uint32_t));
784 if (sav->replay) {
790 replay = htonl(sav->replay->count);
793 replay = htonl(atomic_inc_32_nv(&sav->replay->count));
806 (u_long) ntohl(sav->spi));
815 switch (sav->flags & SADB_X_EXT_PMASK) {
858 crde->crd_inject = skip + hlen - sav->ivlen;
860 crde->crd_key = _KEYBUF(sav->key_enc);
861 crde->crd_klen = _KEYBITS(sav->key_enc);
881 sav->state == SADB_SASTATE_DEAD)) {
890 KEY_SA_REF(sav);
896 tc->tc_spi = sav->spi;
900 tc->tc_sav = sav;
908 crp->crp_sid = sav->tdb_cryptoid;
914 crda->crd_len = hlen - sav->ivlen;
923 crda->crd_key = _KEYBUF(sav->key_enc);
924 crda->crd_klen = _KEYBITS(sav->key_enc);
926 crda->crd_key = _KEYBUF(sav->key_auth);
927 crda->crd_klen = _KEYBITS(sav->key_auth);
947 struct secasvar *sav;
959 sav = tc->tc_sav;
964 if (sav->tdb_cryptoid != 0)
965 sav->tdb_cryptoid = crp->crp_sid;
972 ESP_STATINC(ESP_STAT_HIST + esp_stats[sav->alg_enc]);
973 if (sav->tdb_authalgxform != NULL)
974 AH_STATINC(AH_STAT_HIST + ah_stats[sav->alg_auth]);
991 esph = sav->tdb_authalgxform;
1000 (void)ipsec_process_done(m, isr, sav, flags);
1001 KEY_SA_UNREF(&sav);
1007 if (sav)
1008 KEY_SA_UNREF(&sav);
Indexes created Wed Oct 01 12:09:54 GMT 2025