enckey
unsigned char *enckey = NULL, *cek = NULL;
enckey = rek->encryptedKey->data;
if (!cms_kek_cipher(&cek, &ceklen, enckey, enckeylen, ri->d.kari, 0))
unsigned char *enckey;
if (!cms_kek_cipher(&enckey, &enckeylen, ec->key, ec->keylen,
ASN1_STRING_set0(rek->encryptedKey, enckey, enckeylen);
if (rp->enckey) {
free(rp->enckey->data);
free(rp->enckey);
if (r->enckey && (opts & IPSECCTL_OPT_SHOWKEY)) {
ipsecctl_print_key(r->enckey);
struct ipsec_key *enckey;
r->enckey = copykey(rule->enckey);
struct ipsec_key *authkey, struct ipsec_key *enckey, u_int8_t tmode)
if (!enckey && xfs->encxf != &encxfs[ENCXF_NULL]) {
if (enckey) {
if (enckey->len < xfs->encxf->keymin) {
"minimum %zu bits", enckey->len * 8,
if (xfs->encxf->keymax < enckey->len) {
"maximum %zu bits", enckey->len * 8,
struct ipsec_transforms *xfs, struct ipsec_key *authkey, struct ipsec_key *enckey)
if (validate_sa(spi, satype, xfs, authkey, enckey, tmode) == 0)
r->enckey = enckey;
struct ipsec_key *enckey)
if (validate_sa(spi, rule->satype, rule->xfs, authkey, enckey,
reverse->enckey = enckey;
struct ipsec_key *enckey, char *bundle)
} else if (spi != 0 || authkey || enckey) {
revr = reverse_sa(r, spi, authkey, enckey);
struct ipsec_key enckey, authkey;
bzero(&enckey, sizeof enckey);
parse_key(extensions[SADB_EXT_KEY_ENCRYPT], &enckey);
r.enckey = &enckey;
switch (r.enckey->len) {
switch (r.enckey->len) {
switch (r.enckey->len) {
switch (r.enckey->len) {
bzero(&enckey, sizeof enckey);
r->xfs, r->authkey, r->enckey, r->tmode);
struct ipsec_key *enckey, u_int8_t tmode)
if (action == SADB_ADD && !authkey && !enckey && satype !=
if (enckey) {
((enckey->len + 7) / 8) * 8) / 8;
sa_enckey.sadb_key_bits = 8 * enckey->len;
if (enckey) {
iov[iov_cnt].iov_base = enckey->data;
iov[iov_cnt].iov_len = ((enckey->len + 7) / 8) * 8;
struct enckey enckey;
uint8_t xorkey[sizeof(enckey.seckey)];
crypto_sign_ed25519_keypair(pubkey.pubkey, enckey.seckey);
SHA512Update(&ctx, enckey.seckey, sizeof(enckey.seckey));
memcpy(enckey.pkalg, PKALG, 2);
memcpy(enckey.kdfalg, KDFALG, 2);
enckey.kdfrounds = htonl(rounds);
memcpy(enckey.keynum, keynum, KEYNUMLEN);
arc4random_buf(enckey.salt, sizeof(enckey.salt));
kdf(enckey.salt, sizeof(enckey.salt), rounds, 1, 1, xorkey, sizeof(xorkey));
memcpy(enckey.checksum, digest, sizeof(enckey.checksum));
for (i = 0; i < sizeof(enckey.seckey); i++)
enckey.seckey[i] ^= xorkey[i];
writekeyfile(seckeyfile, commentbuf, &enckey,
sizeof(enckey), O_EXCL, 0600);
explicit_bzero(&enckey, sizeof(enckey));
struct enckey enckey;
uint8_t xorkey[sizeof(enckey.seckey)];
readb64file(seckeyfile, &enckey, sizeof(enckey), comment);
if (memcmp(enckey.kdfalg, KDFALG, 2) != 0)
rounds = ntohl(enckey.kdfrounds);
kdf(enckey.salt, sizeof(enckey.salt), rounds, strcmp(msgfile, "-") != 0,
for (i = 0; i < sizeof(enckey.seckey); i++)
enckey.seckey[i] ^= xorkey[i];
SHA512Update(&ctx, enckey.seckey, sizeof(enckey.seckey));
if (memcmp(enckey.checksum, digest, sizeof(enckey.checksum)) != 0)
signmsg(enckey.seckey, msg, msglen, sig.sig);
memcpy(sig.keynum, enckey.keynum, KEYNUMLEN);
explicit_bzero(&enckey, sizeof(enckey));