/* Required key length in bytes */
#define REQUIRED_KEYLEN ((512+64+32)/8)
+#include "transform-common.h"
+
struct transform_params {
- uint32_t max_seq_skew;
+ SEQNUM_PARAMS_FIELDS;
};
struct transform {
struct keyInstance mackey;
uint32_t cryptiv;
uint32_t maciv;
- uint32_t sendseq;
- uint32_t lastrecvseq;
- bool_t keyed;
+ SEQNUM_KEYED_FIELDS;
};
-#include "transform-common.h"
-
#define PKCS5_MASK 15
static bool_t transform_setkey(void *sst, uint8_t *key, int32_t keylen,
serpentbe_makekey(&ti->mackey,256,key+32);
ti->cryptiv=get_uint32(key+64);
ti->maciv=get_uint32(key+68);
- ti->sendseq=get_uint32(key+72);
- ti->lastrecvseq=ti->sendseq;
- ti->keyed=True;
+ uint32_t firstseq=get_uint32(key+72);
+ SEQNUM_KEYED_INIT(firstseq,firstseq);
return True;
}
/* Sequence number must be within max_skew of lastrecvseq; lastrecvseq
is only allowed to increase. */
seqnum=buf_unprepend_uint32(buf);
- SEQNUM_CHECK(seqnum, ti->p.max_seq_skew);
+ SEQNUM_CHECK(seqnum, &ti->p);
return 0;
}
cfgfatal(loc,"userv-ipif","parameter must be a dictionary\n");
dict=item->data.dict;
- st->p.max_seq_skew=dict_read_number(dict, "max-sequence-skew",
- False, "serpent-cbc256", loc, 10);
+
+ SEQNUM_PARAMS_INIT(dict,&st->p,"serpent-cbc256",loc);
SET_CAPAB_TRANSFORMNUM(CAPAB_TRANSFORMNUM_SERPENT256CBC);
} \
}while(0)
-#define SEQNUM_CHECK(seqnum, max_skew) do{ \
- uint32_t skew=seqnum-ti->lastrecvseq; \
- if (skew<0x8fffffff) { \
- /* Ok */ \
- ti->lastrecvseq=seqnum; \
- } else if ((0-skew)<max_skew) { \
- /* Ok */ \
- } else { \
- /* Too much skew */ \
- *errmsg="seqnum: too much skew"; \
- return 2; \
- } \
+#define SEQNUM_CHECK(seqnum, p) do{ \
+ uint32_t skew=seqnum-ti->lastrecvseq; \
+ if (skew<0x8fffffff) { \
+ /* Ok */ \
+ ti->lastrecvseq=seqnum; \
+ } else if ((0-skew)<(p)->max_seq_skew) { \
+ /* Ok */ \
+ } else { \
+ /* Too much skew */ \
+ *errmsg="seqnum: too much skew"; \
+ return 2; \
+ } \
}while(0)
+#define SEQNUM_KEYED_FIELDS \
+ uint32_t sendseq; \
+ uint32_t lastrecvseq; \
+ bool_t keyed
+
+#define SEQNUM_KEYED_INIT(initlastrecvseq,initsendseq) \
+ (ti->lastrecvseq=(initlastrecvseq), \
+ ti->sendseq=(initsendseq), \
+ ti->keyed=True)
+
#define TRANSFORM_VALID \
static bool_t transform_valid(void *sst) \
{ \
#define SET_CAPAB_TRANSFORMNUM(def) do{ \
st->ops.capab_transformnum=dict_read_number(dict, "capab-num", \
- False, "transform", loc, def); \
+ False, "transform", loc, (def)); \
if (st->ops.capab_transformnum > CAPAB_TRANSFORMNUM_MAX) \
cfgfatal(loc,"transform","capab-num out of range 0..%d\n", \
CAPAB_TRANSFORMNUM_MAX); \
ti->ops.destroy=transform_destroy; \
ti->keyed=False;
+#define SEQNUM_PARAMS_FIELDS \
+ uint32_t max_seq_skew
+
+#define SEQNUM_PARAMS_INIT(dict,p,desc,loc) \
+ (p)->max_seq_skew=dict_read_number((dict), "max-sequence-skew", \
+ False, (desc), (loc), 10);
+
+
#endif /*TRANSFORM_COMMON_H*/
#define SEQLEN 4
struct transform_params {
- uint32_t max_seq_skew, tag_length, padding_mask;
+ SEQNUM_PARAMS_FIELDS;
+ uint32_t tag_length, padding_mask;
};
struct transform {
struct transform_inst {
struct transform_inst_if ops;
struct transform_params p;
- unsigned keyed:1;
/* remaining valid iff keyed */
unsigned direction:1;
- uint32_t sendseq;
- uint32_t lastrecvseq;
+ SEQNUM_KEYED_FIELDS;
struct keyInstance key;
uint8_t info_b[BLOCK_SIZE], info_p[BLOCK_SIZE];
};
TEAX_DEBUG(hash_out+32,8);
ti->direction=direction;
- ti->sendseq=get_uint32(hash_out+32+direction*4);
- ti->lastrecvseq=get_uint32(hash_out+32+!direction*4);
serpent_makekey(&ti->key, 32*8, hash_out);
eax_setup(ti);
- ti->keyed=True;
+ SEQNUM_KEYED_INIT(get_uint32(hash_out+32+!direction*4),
+ get_uint32(hash_out+32+direction*4));
return True;
}
size_t padlen = *padp;
if (!buf_unappend(buf,padlen-1)) goto too_short;
- SEQNUM_CHECK(seqnum, ti->p.max_seq_skew);
+ SEQNUM_CHECK(seqnum, &ti->p);
TEAX_DEBUG(buf->start,buf->size);
SET_CAPAB_TRANSFORMNUM(CAPAB_TRANSFORMNUM_EAXSERPENT);
- st->p.max_seq_skew=dict_read_number(dict, "max-sequence-skew",
- False, "eax-serpent", loc, 10);
+ SEQNUM_PARAMS_INIT(dict,&st->p,"eax-serpent",loc);
st->p.tag_length=dict_read_number(dict, "tag-length-bytes",
False, "eax-serpent", loc, 128/8);