The same transform is used for inbound and outbound packets.
The transform should know which direction these packets are flowing
in; that (a) allows a transform to reject packets which are "looping
back" so to speak, and (b) makes it easier for a transform to generate
unique nonces.
This will be used by the forthcoming EAX transform. It is combined
with the sequence number (the same values of which are used by both
ends) to make the nonce, which must be unique across the single shared
key, ie unique across both flows.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
also depend on internal factors (eg. time) and keep internal
state. A struct transform_if only represents a particular type of
transformation; instances of the transformation (eg. with
also depend on internal factors (eg. time) and keep internal
state. A struct transform_if only represents a particular type of
transformation; instances of the transformation (eg. with
- particular key material) have a different C type. */
+ particular key material) have a different C type. The same
+ secret key will be used in opposite directions between a pair of
+ secnets; one of these pairs will get direction==False, the other True. */
typedef struct transform_inst_if *transform_createinstance_fn(void *st);
typedef struct transform_inst_if *transform_createinstance_fn(void *st);
-typedef bool_t transform_setkey_fn(void *st, uint8_t *key, int32_t keylen);
+typedef bool_t transform_setkey_fn(void *st, uint8_t *key, int32_t keylen,
+ bool_t direction);
typedef bool_t transform_valid_fn(void *st); /* 0: no key; 1: ok */
typedef void transform_delkey_fn(void *st);
typedef void transform_destroyinstance_fn(void *st);
typedef bool_t transform_valid_fn(void *st); /* 0: no key; 1: ok */
typedef void transform_delkey_fn(void *st);
typedef void transform_destroyinstance_fn(void *st);
/* Set up the transform */
st->new_transform->setkey(st->new_transform->st,st->sharedsecret,
/* Set up the transform */
st->new_transform->setkey(st->new_transform->st,st->sharedsecret,
+ st->sharedsecretlen,st->setup_priority);
st->sharedsecret,st->sharedsecretlen);
/* Set up the transform */
st->new_transform->setkey(st->new_transform->st,st->sharedsecret,
st->sharedsecret,st->sharedsecretlen);
/* Set up the transform */
st->new_transform->setkey(st->new_transform->st,st->sharedsecret,
+ st->sharedsecretlen,st->setup_priority);
-static bool_t transform_setkey(void *sst, uint8_t *key, int32_t keylen)
+static bool_t transform_setkey(void *sst, uint8_t *key, int32_t keylen,
+ bool_t direction)
{
struct transform_inst *ti=sst;
{
struct transform_inst *ti=sst;