ipsec openswan 内核(klips)算法管理分析

《Klips 算法管理解析》

目录

1 前言 ...............................................................................................................................1

2 相关数据结构类型.......................................................................................................1

2.1 算法基础结构类型 .................................................................................................1

2.1.1 ipsec_alg_supported ..........................................................................................1

2.1.2 ipsec_alg ............................................................................................................1

2.2 加解密算法结构类型 .............................................................................................2

2.2.1 ipsec_alg_enc.....................................................................................................2

4.1 注册接口 .................................................................................................................8

4.1.1 register_ipsec_alg()............................................................................................8

4.1.1.1 ipsec_alg_insert()........................................................................................................10

4.1.1.2 pfkey_list_insert_supported() .....................................................................................11

5 算法注销过程 .............................................................................................................12

5.1 注销接口 ...............................................................................................................12

5.1.1 unregister_ipsec_alg()......................................................................................13

5.1.1.1 ipsec_alg_delete() .......................................................................................................14

5.1.1.2 pfkey_list_remove_supported() ..................................................................................14

6 算法的使用 .................................................................................................................15

6.2.1 ipsec_rcv() .......................................................................................................30

6.2.1.1 ipsec_rsm()..................................................................................................................32

6.2.1.1.1 ipsec_rcv_init().......................................................................................................36

6.2.1.1.2 ipsec_rcv_decap_init() ...........................................................................................42

6.2.1.1.3 ipsec_rcv_decap_lookup()......................................................................................44

6.2.1.1.3.1 ipsec_rcv_esp_checks()....................................................................................45

6.2.1.1.4 ipsec_rcv_auth_init()..............................................................................................46

6.2.1.1.5 ipsec_rcv_auth_decap()..........................................................................................50

6.2.1.1.5.1 ipsec_rcv_esp_decrypt_setup() ........................................................................55

6.2.1.1.6 ipsec_rcv_auth_calc() ............................................................................................56

6.2.1.1.9 ipsec_rcv_decap_cont()..........................................................................................64

6.2.1.1.10 ipsec_rcv_cleanup()..............................................................................................68

6.2.1.1.11 ipsec_rcv_complete() ............................................................................................71

6.3 与加密过程的关系 ...............................................................................................73

6.3.1 ipsec_tunnel_start_xmit() ................................................................................75

6.3.1.1 ipsec_xsm().................................................................................................................77

6.3.1.1.1 ipsec_xmit_init1() ...................................................................................................80

6.3.1.1.2 ipsec_xmit_init2() ...................................................................................................81

6.3.1.1.3 ipsec_xmit_encap_init()..........................................................................................83

6.3.1.1.4 ipsec_xmit_encap_select()......................................................................................86

6.3.1.1.8.1.1 ipsec_xmit_send()......................................................................................96

7 算法实现接口分析.....................................................................................................99

7.1 加解密 ...................................................................................................................99

7.1.1 _aes_set_key() ...............................................................................................100

7.1.1.1 AES_set_key() ..........................................................................................................100

7.1.1.1.1 aes_set_key() ........................................................................................................101

7.1.2 _aes_cbc_encrypt() ........................................................................................103

7.1.2.1 AES_cbc_encrypt()...................................................................................................104

7.2.2.1 AES_xcbc_mac_hash().............................................................................................111

*/

ipsec_alg_hash_table中管理：

#define IPSEC_ALG_HASHSZ 16 /* must be power of 2, even 2^0=1 */