1 /* $FreeBSD: src/sys/netinet6/esp_output.c,v 1.1.2.4 2003/05/06 06:46:58 suz Exp $ */
2 /* $KAME: esp_output.c,v 1.44 2001/07/26 06:53:15 jinmei Exp $ */
5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of the project nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include "opt_inet6.h"
37 * RFC1827/2406 Encapsulated Security Payload.
40 #include <sys/param.h>
41 #include <sys/systm.h>
43 #include <sys/domain.h>
44 #include <sys/protosw.h>
45 #include <sys/socket.h>
46 #include <sys/socketvar.h>
47 #include <sys/errno.h>
49 #include <sys/syslog.h>
52 #include <net/route.h>
54 #include <netinet/in.h>
55 #include <netinet/in_systm.h>
56 #include <netinet/ip.h>
57 #include <netinet/in_var.h>
60 #include <netinet/ip6.h>
61 #include <netinet6/ip6_var.h>
62 #include <netinet/icmp6.h>
65 #include <netinet6/ipsec.h>
67 #include <netinet6/ipsec6.h>
69 #include <netinet6/ah.h>
71 #include <netinet6/ah6.h>
73 #include <netinet6/esp.h>
75 #include <netinet6/esp6.h>
77 #include <netproto/key/key.h>
78 #include <netproto/key/keydb.h>
80 #include <net/net_osdep.h>
82 static int esp_output (struct mbuf
*, u_char
*, struct mbuf
*,
83 struct ipsecrequest
*, int);
86 * compute ESP header size.
89 esp_hdrsiz(struct ipsecrequest
*isr
)
92 const struct esp_algorithm
*algo
;
93 const struct ah_algorithm
*aalgo
;
100 panic("esp_hdrsiz: NULL was passed.");
104 if (isr
->saidx
.proto
!= IPPROTO_ESP
)
105 panic("unsupported mode passed to esp_hdrsiz");
109 if (sav
->state
!= SADB_SASTATE_MATURE
&&
110 sav
->state
!= SADB_SASTATE_DYING
)
113 /* we need transport mode ESP. */
114 algo
= esp_algorithm_lookup(sav
->alg_enc
);
123 * right now we don't calcurate the padding size. simply
124 * treat the padding size as constant, for simplicity.
126 * XXX variable size padding support
128 if (sav
->flags
& SADB_X_EXT_OLD
) {
130 hdrsiz
= sizeof(struct esp
) + ivlen
+ 9;
133 aalgo
= ah_algorithm_lookup(sav
->alg_auth
);
134 if (aalgo
&& sav
->replay
&& sav
->key_auth
)
135 authlen
= (aalgo
->sumsiz
)(sav
);
138 hdrsiz
= sizeof(struct newesp
) + ivlen
+ 9 + authlen
;
146 * sizeof(struct newesp) > sizeof(struct esp).
147 * esp_max_ivlen() = max ivlen for CBC mode
148 * 9 = (maximum padding length without random padding length)
149 * + (Pad Length field) + (Next Header field).
150 * 16 = maximum ICV we support.
152 return sizeof(struct newesp
) + esp_max_ivlen() + 9 + 16;
156 * Modify the packet so that the payload is encrypted.
157 * The mbuf (m) must start with IPv4 or IPv6 header.
158 * On failure, free the given mbuf and return NULL.
163 * IP ......... payload
164 * during the encryption:
165 * m nexthdrp mprev md
167 * IP ............... esp iv payload pad padlen nxthdr
168 * <--><-><------><--------------->
169 * esplen plen extendsiz
173 * <-----------------> espoff
176 esp_output(struct mbuf
*m
, u_char
*nexthdrp
, struct mbuf
*md
,
177 struct ipsecrequest
*isr
, int af
)
182 struct esptail
*esptail
;
183 struct secasvar
*sav
= isr
->sav
;
184 const struct esp_algorithm
*algo
;
187 size_t plen
; /* payload length to be encrypted */
193 struct ipsecstat
*stat
;
209 ipseclog((LOG_ERR
, "esp_output: unsupported af %d\n", af
));
210 return 0; /* no change at all */
213 /* some sanity check */
214 if ((sav
->flags
& SADB_X_EXT_OLD
) == 0 && !sav
->replay
) {
221 ip
= mtod(m
, struct ip
*);
222 ipseclog((LOG_DEBUG
, "esp4_output: internal error: "
223 "sav->replay is null: %x->%x, SPI=%u\n",
224 (u_int32_t
)ntohl(ip
->ip_src
.s_addr
),
225 (u_int32_t
)ntohl(ip
->ip_dst
.s_addr
),
226 (u_int32_t
)ntohl(sav
->spi
)));
227 ipsecstat
.out_inval
++;
233 ipseclog((LOG_DEBUG
, "esp6_output: internal error: "
234 "sav->replay is null: SPI=%u\n",
235 (u_int32_t
)ntohl(sav
->spi
)));
236 ipsec6stat
.out_inval
++;
240 panic("esp_output: should not reach here");
246 algo
= esp_algorithm_lookup(sav
->alg_enc
);
248 ipseclog((LOG_ERR
, "esp_output: unsupported algorithm: "
249 "SPI=%u\n", (u_int32_t
)ntohl(sav
->spi
)));
257 panic("invalid ivlen");
263 * XXX inserts ESP header right after IPv4 header. should
264 * chase the header chain.
265 * XXX sequential number
268 struct ip
*ip
= NULL
;
270 size_t esplen
; /* sizeof(struct esp/newesp) */
271 size_t esphlen
; /* sizeof(struct esp/newesp) + ivlen */
273 if (sav
->flags
& SADB_X_EXT_OLD
) {
275 esplen
= sizeof(struct esp
);
278 if (sav
->flags
& SADB_X_EXT_DERIV
)
279 esplen
= sizeof(struct esp
);
281 esplen
= sizeof(struct newesp
);
283 esphlen
= esplen
+ ivlen
;
285 for (mprev
= m
; mprev
&& mprev
->m_next
!= md
; mprev
= mprev
->m_next
)
287 if (mprev
== NULL
|| mprev
->m_next
!= md
) {
288 ipseclog((LOG_DEBUG
, "esp%d_output: md is not in chain\n",
295 for (n
= md
; n
; n
= n
->m_next
)
301 ip
= mtod(m
, struct ip
*);
310 /* make the packet over-writable */
311 mprev
->m_next
= NULL
;
312 if ((md
= ipsec_copypkt(md
)) == NULL
) {
319 espoff
= m
->m_pkthdr
.len
- plen
;
322 * grow the mbuf to accomodate ESP header.
323 * before: IP ... payload
324 * after: IP ... ESP IV payload
326 if (M_LEADINGSPACE(md
) < esphlen
|| (md
->m_flags
& M_EXT
)) {
327 MGET(n
, M_NOWAIT
, MT_DATA
);
336 m
->m_pkthdr
.len
+= esphlen
;
337 esp
= mtod(n
, struct esp
*);
339 md
->m_len
+= esphlen
;
340 md
->m_data
-= esphlen
;
341 m
->m_pkthdr
.len
+= esphlen
;
342 esp
= mtod(md
, struct esp
*);
346 *nexthdrp
= IPPROTO_ESP
;
350 if (esphlen
< (IP_MAXPACKET
- ntohs(ip
->ip_len
)))
351 ip
->ip_len
= htons(ntohs(ip
->ip_len
) + esphlen
);
354 "IPv4 ESP output: size exceeds limit\n"));
355 ipsecstat
.out_inval
++;
364 /* total packet length will be computed in ip6_output() */
370 /* initialize esp header. */
372 if ((sav
->flags
& SADB_X_EXT_OLD
) == 0) {
374 nesp
= (struct newesp
*)esp
;
375 if (sav
->replay
->count
== ~0) {
376 if ((sav
->flags
& SADB_X_EXT_CYCSEQ
) == 0) {
377 /* XXX Is it noisy ? */
378 ipseclog((LOG_WARNING
,
379 "replay counter overflowed. %s\n",
380 ipsec_logsastr(sav
)));
386 sav
->replay
->count
++;
388 * XXX sequence number must not be cycled, if the SA is
389 * installed by IKE daemon.
391 nesp
->esp_seq
= htonl(sav
->replay
->count
& 0xffffffff);
396 * find the last mbuf. make some room for ESP trailer.
399 struct ip
*ip
= NULL
;
407 padbound
= algo
->padbound
;
410 /* ESP packet, including nxthdr field, must be length of 4n */
414 extendsiz
= padbound
- (plen
% padbound
);
416 extendsiz
= padbound
+ 1;
422 randpadmax
= ip4_esp_randpad
;
427 randpadmax
= ip6_esp_randpad
;
434 if (randpadmax
< 0 || plen
+ extendsiz
>= randpadmax
)
440 randpadmax
= (randpadmax
/ padbound
) * padbound
;
441 n
= (randpadmax
- plen
+ extendsiz
) / padbound
;
444 n
= (krandom() % n
) * padbound
;
449 * make sure we do not pad too much.
450 * MLEN limitation comes from the trailer attachment
452 * 256 limitation comes from sequential padding.
453 * also, the 1-octet length field in ESP trailer imposes
454 * limitation (but is less strict than sequential padding
455 * as length field do not count the last 2 octets).
457 if (extendsiz
+ n
<= MLEN
&& extendsiz
+ n
< 256)
462 if (extendsiz
> MLEN
|| extendsiz
>= 256)
463 panic("extendsiz too big in esp_output");
471 * if M_EXT, the external mbuf data may be shared among
472 * two consequtive TCP packets, and it may be unsafe to use the
475 if (!(n
->m_flags
& M_EXT
) && extendsiz
< M_TRAILINGSPACE(n
)) {
476 extend
= mtod(n
, u_char
*) + n
->m_len
;
477 n
->m_len
+= extendsiz
;
478 m
->m_pkthdr
.len
+= extendsiz
;
482 MGET(nn
, M_NOWAIT
, MT_DATA
);
484 ipseclog((LOG_DEBUG
, "esp%d_output: can't alloc mbuf",
490 extend
= mtod(nn
, u_char
*);
491 nn
->m_len
= extendsiz
;
495 m
->m_pkthdr
.len
+= extendsiz
;
497 switch (sav
->flags
& SADB_X_EXT_PMASK
) {
498 case SADB_X_EXT_PRAND
:
499 key_randomfill(extend
, extendsiz
);
501 case SADB_X_EXT_PZERO
:
502 bzero(extend
, extendsiz
);
504 case SADB_X_EXT_PSEQ
:
505 for (i
= 0; i
< extendsiz
; i
++)
506 extend
[i
] = (i
+ 1) & 0xff;
510 /* initialize esp trailer. */
511 esptail
= (struct esptail
*)
512 (mtod(n
, u_int8_t
*) + n
->m_len
- sizeof(struct esptail
));
513 esptail
->esp_nxt
= nxt
;
514 esptail
->esp_padlen
= extendsiz
- 2;
516 /* modify IP header (for ESP header part only) */
520 ip
= mtod(m
, struct ip
*);
521 if (extendsiz
< (IP_MAXPACKET
- ntohs(ip
->ip_len
)))
522 ip
->ip_len
= htons(ntohs(ip
->ip_len
) + extendsiz
);
525 "IPv4 ESP output: size exceeds limit\n"));
526 ipsecstat
.out_inval
++;
535 /* total packet length will be computed in ip6_output() */
542 * pre-compute and cache intermediate key
544 error
= esp_schedule(algo
, sav
);
552 * encrypt the packet, based on security association
553 * and the algorithm specified.
556 panic("internal error: no encrypt function");
557 if ((*algo
->encrypt
)(m
, espoff
, plen
+ extendsiz
, sav
, algo
, ivlen
)) {
558 /* m is already freed */
559 ipseclog((LOG_ERR
, "packet encryption failure\n"));
566 * calculate ICV if required.
572 if (sav
->alg_auth
== SADB_AALG_NONE
)
576 const struct ah_algorithm
*aalgo
;
577 u_char authbuf
[AH_MAXSUMSIZE
];
585 aalgo
= ah_algorithm_lookup(sav
->alg_auth
);
588 siz
= ((aalgo
->sumsiz
)(sav
) + 3) & ~(4 - 1);
589 if (AH_MAXSUMSIZE
< siz
)
590 panic("assertion failed for AH_MAXSUMSIZE");
592 if (esp_auth(m
, espoff
, m
->m_pkthdr
.len
- espoff
, sav
, authbuf
)) {
593 ipseclog((LOG_ERR
, "ESP checksum generation failure\n"));
604 if (!(n
->m_flags
& M_EXT
) && siz
< M_TRAILINGSPACE(n
)) { /* XXX */
606 m
->m_pkthdr
.len
+= siz
;
607 p
= mtod(n
, u_char
*) + n
->m_len
- siz
;
611 MGET(nn
, M_NOWAIT
, MT_DATA
);
613 ipseclog((LOG_DEBUG
, "can't alloc mbuf in esp%d_output",
623 m
->m_pkthdr
.len
+= siz
;
624 p
= mtod(nn
, u_char
*);
626 bcopy(authbuf
, p
, siz
);
628 /* modify IP header (for ESP header part only) */
632 ip
= mtod(m
, struct ip
*);
633 if (siz
< (IP_MAXPACKET
- ntohs(ip
->ip_len
)))
634 ip
->ip_len
= htons(ntohs(ip
->ip_len
) + siz
);
637 "IPv4 ESP output: size exceeds limit\n"));
638 ipsecstat
.out_inval
++;
647 /* total packet length will be computed in ip6_output() */
656 "NULL mbuf after encryption in esp%d_output", afnumber
));
659 stat
->out_esphist
[sav
->alg_enc
]++;
660 key_sa_recordxfer(sav
, m
);
667 panic("something bad in esp_output");
673 esp4_output(struct mbuf
*m
, struct ipsecrequest
*isr
)
676 if (m
->m_len
< sizeof(struct ip
)) {
677 ipseclog((LOG_DEBUG
, "esp4_output: first mbuf too short\n"));
681 ip
= mtod(m
, struct ip
*);
682 /* XXX assumes that m->m_next points to payload */
683 return esp_output(m
, &ip
->ip_p
, m
->m_next
, isr
, AF_INET
);
689 esp6_output(struct mbuf
*m
, u_char
*nexthdrp
, struct mbuf
*md
,
690 struct ipsecrequest
*isr
)
692 if (m
->m_len
< sizeof(struct ip6_hdr
)) {
693 ipseclog((LOG_DEBUG
, "esp6_output: first mbuf too short\n"));
697 return esp_output(m
, nexthdrp
, md
, isr
, AF_INET6
);