search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Including errno.h and still declaring errno is BROKEN.
[dragonfly/netmp.git] / sys / netinet6 / esp_core.c
blobe3e8d4acdbcb1e9e9a8724e41807219e28aba198
1 /* $FreeBSD: src/sys/netinet6/esp_core.c,v 1.1.2.4 2002/03/26 10:12:29 ume Exp $ */
2 /* $DragonFly: src/sys/netinet6/esp_core.c,v 1.7 2004/06/02 14:43:01 eirikn Exp $ */
3 /* $KAME: esp_core.c,v 1.50 2000/11/02 12:27:38 itojun Exp $ */
4
5 /*
6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the project nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "opt_inet.h"
35 #include "opt_inet6.h"
36
37 #include <sys/param.h>
38 #include <sys/systm.h>
39 #include <sys/malloc.h>
40 #include <sys/mbuf.h>
41 #include <sys/domain.h>
42 #include <sys/protosw.h>
43 #include <sys/socket.h>
44 #include <sys/errno.h>
45 #include <sys/time.h>
46 #include <sys/syslog.h>
47
48 #include <net/if.h>
49 #include <net/route.h>
50
51 #include <netinet/in.h>
52 #include <netinet/in_var.h>
53 #ifdef INET6
54 #include <netinet/ip6.h>
55 #include <netinet6/ip6_var.h>
56 #include <netinet/icmp6.h>
57 #endif
58
59 #include <netinet6/ipsec.h>
60 #ifdef INET6
61 #include <netinet6/ipsec6.h>
62 #endif
63 #include <netinet6/ah.h>
64 #ifdef INET6
65 #include <netinet6/ah6.h>
66 #endif
67 #include <netinet6/esp.h>
68 #ifdef INET6
69 #include <netinet6/esp6.h>
70 #endif
71 #include <netinet6/esp_rijndael.h>
72 #include <net/pfkeyv2.h>
73 #include <netproto/key/keydb.h>
74 #include <netproto/key/key.h>
75 #include <crypto/des/des.h>
76 #include <crypto/blowfish/blowfish.h>
77 #include <crypto/cast128/cast128.h>
78
79 #include <net/net_osdep.h>
80
81 static int esp_null_mature (struct secasvar *);
82 static int esp_null_decrypt (struct mbuf *, size_t,
83 struct secasvar *, const struct esp_algorithm *, int);
84 static int esp_null_encrypt (struct mbuf *, size_t, size_t,
85 struct secasvar *, const struct esp_algorithm *, int);
86 static int esp_descbc_mature (struct secasvar *);
87 static int esp_descbc_ivlen (const struct esp_algorithm *,
88 struct secasvar *);
89 static int esp_des_schedule (const struct esp_algorithm *,
90 struct secasvar *);
91 static int esp_des_schedlen (const struct esp_algorithm *);
92 static int esp_des_blockdecrypt (const struct esp_algorithm *,
93 struct secasvar *, u_int8_t *, u_int8_t *);
94 static int esp_des_blockencrypt (const struct esp_algorithm *,
95 struct secasvar *, u_int8_t *, u_int8_t *);
96 static int esp_cbc_mature (struct secasvar *);
97 static int esp_blowfish_schedule (const struct esp_algorithm *,
98 struct secasvar *);
99 static int esp_blowfish_schedlen (const struct esp_algorithm *);
100 static int esp_blowfish_blockdecrypt (const struct esp_algorithm *,
101 struct secasvar *, u_int8_t *, u_int8_t *);
102 static int esp_blowfish_blockencrypt (const struct esp_algorithm *,
103 struct secasvar *, u_int8_t *, u_int8_t *);
104 static int esp_cast128_schedule (const struct esp_algorithm *,
105 struct secasvar *);
106 static int esp_cast128_schedlen (const struct esp_algorithm *);
107 static int esp_cast128_blockdecrypt (const struct esp_algorithm *,
108 struct secasvar *, u_int8_t *, u_int8_t *);
109 static int esp_cast128_blockencrypt (const struct esp_algorithm *,
110 struct secasvar *, u_int8_t *, u_int8_t *);
111 static int esp_3des_schedule (const struct esp_algorithm *,
112 struct secasvar *);
113 static int esp_3des_schedlen (const struct esp_algorithm *);
114 static int esp_3des_blockdecrypt (const struct esp_algorithm *,
115 struct secasvar *, u_int8_t *, u_int8_t *);
116 static int esp_3des_blockencrypt (const struct esp_algorithm *,
117 struct secasvar *, u_int8_t *, u_int8_t *);
118 static int esp_common_ivlen (const struct esp_algorithm *,
119 struct secasvar *);
120 static int esp_cbc_decrypt (struct mbuf *, size_t,
121 struct secasvar *, const struct esp_algorithm *, int);
122 static int esp_cbc_encrypt (struct mbuf *, size_t, size_t,
123 struct secasvar *, const struct esp_algorithm *, int);
124
125 #define MAXIVLEN 16
126
127 static const struct esp_algorithm esp_algorithms[] = {
128 { 8, -1, esp_descbc_mature, 64, 64, esp_des_schedlen,
129 "des-cbc",
130 esp_descbc_ivlen, esp_cbc_decrypt,
131 esp_cbc_encrypt, esp_des_schedule,
132 esp_des_blockdecrypt, esp_des_blockencrypt, },
133 { 8, 8, esp_cbc_mature, 192, 192, esp_3des_schedlen,
134 "3des-cbc",
135 esp_common_ivlen, esp_cbc_decrypt,
136 esp_cbc_encrypt, esp_3des_schedule,
137 esp_3des_blockdecrypt, esp_3des_blockencrypt, },
138 { 1, 0, esp_null_mature, 0, 2048, 0, "null",
139 esp_common_ivlen, esp_null_decrypt,
140 esp_null_encrypt, NULL, },
141 { 8, 8, esp_cbc_mature, 40, 448, esp_blowfish_schedlen, "blowfish-cbc",
142 esp_common_ivlen, esp_cbc_decrypt,
143 esp_cbc_encrypt, esp_blowfish_schedule,
144 esp_blowfish_blockdecrypt, esp_blowfish_blockencrypt, },
145 { 8, 8, esp_cbc_mature, 40, 128, esp_cast128_schedlen,
146 "cast128-cbc",
147 esp_common_ivlen, esp_cbc_decrypt,
148 esp_cbc_encrypt, esp_cast128_schedule,
149 esp_cast128_blockdecrypt, esp_cast128_blockencrypt, },
150 { 16, 16, esp_cbc_mature, 128, 256, esp_rijndael_schedlen,
151 "rijndael-cbc",
152 esp_common_ivlen, esp_cbc_decrypt,
153 esp_cbc_encrypt, esp_rijndael_schedule,
154 esp_rijndael_blockdecrypt, esp_rijndael_blockencrypt },
155 };
156
157 const struct esp_algorithm *
158 esp_algorithm_lookup(int idx)
159 {
160
161 switch (idx) {
162 case SADB_EALG_DESCBC:
163 return &esp_algorithms[0];
164 case SADB_EALG_3DESCBC:
165 return &esp_algorithms[1];
166 case SADB_EALG_NULL:
167 return &esp_algorithms[2];
168 case SADB_X_EALG_BLOWFISHCBC:
169 return &esp_algorithms[3];
170 case SADB_X_EALG_CAST128CBC:
171 return &esp_algorithms[4];
172 case SADB_X_EALG_RIJNDAELCBC:
173 return &esp_algorithms[5];
174 default:
175 return NULL;
176 }
177 }
178
179 int
180 esp_max_ivlen(void)
181 {
182 int idx;
183 int ivlen;
184
185 ivlen = 0;
186 for (idx = 0; idx < sizeof(esp_algorithms)/sizeof(esp_algorithms[0]);
187 idx++) {
188 if (esp_algorithms[idx].ivlenval > ivlen)
189 ivlen = esp_algorithms[idx].ivlenval;
190 }
191
192 return ivlen;
193 }
194
195 int
196 esp_schedule(const struct esp_algorithm *algo, struct secasvar *sav)
197 {
198 int error;
199
200 /* check for key length */
201 if (_KEYBITS(sav->key_enc) < algo->keymin ||
202 _KEYBITS(sav->key_enc) > algo->keymax) {
203 ipseclog((LOG_ERR,
204 "esp_schedule %s: unsupported key length %d: "
205 "needs %d to %d bits\n", algo->name, _KEYBITS(sav->key_enc),
206 algo->keymin, algo->keymax));
207 return EINVAL;
208 }
209
210 /* already allocated */
211 if (sav->sched && sav->schedlen != 0)
212 return 0;
213 /* no schedule necessary */
214 if (!algo->schedule || !algo->schedlen)
215 return 0;
216
217 sav->schedlen = (*algo->schedlen)(algo);
218 if (sav->schedlen < 0)
219 return EINVAL;
220 sav->sched = malloc(sav->schedlen, M_SECA, M_NOWAIT);
221 if (!sav->sched) {
222 sav->schedlen = 0;
223 return ENOBUFS;
224 }
225
226 error = (*algo->schedule)(algo, sav);
227 if (error) {
228 ipseclog((LOG_ERR, "esp_schedule %s: error %d\n",
229 algo->name, error));
230 free(sav->sched, M_SECA);
231 sav->sched = NULL;
232 sav->schedlen = 0;
233 }
234 return error;
235 }
236
237 static int
238 esp_null_mature(struct secasvar *sav)
239 {
240
241 /* anything is okay */
242 return 0;
243 }
244
245 static int
246 esp_null_decrypt(struct mbuf *m,
247 size_t off, /* offset to ESP header */
248 struct secasvar *sav, const struct esp_algorithm *algo,
249 int ivlen)
250 {
251
252 return 0; /* do nothing */
253 }
254
255 static int
256 esp_null_encrypt(struct mbuf *m,
257 size_t off, /* offset to ESP header */
258 size_t plen, struct secasvar *sav,
259 const struct esp_algorithm *algo, int ivlen)
260 {
261
262 return 0; /* do nothing */
263 }
264
265 static int
266 esp_descbc_mature(struct secasvar *sav)
267 {
268 const struct esp_algorithm *algo;
269
270 if (!(sav->flags & SADB_X_EXT_OLD) && (sav->flags & SADB_X_EXT_IV4B)) {
271 ipseclog((LOG_ERR, "esp_cbc_mature: "
272 "algorithm incompatible with 4 octets IV length\n"));
273 return 1;
274 }
275
276 if (!sav->key_enc) {
277 ipseclog((LOG_ERR, "esp_descbc_mature: no key is given.\n"));
278 return 1;
279 }
280
281 algo = esp_algorithm_lookup(sav->alg_enc);
282 if (!algo) {
283 ipseclog((LOG_ERR,
284 "esp_descbc_mature: unsupported algorithm.\n"));
285 return 1;
286 }
287
288 if (_KEYBITS(sav->key_enc) < algo->keymin ||
289 _KEYBITS(sav->key_enc) > algo->keymax) {
290 ipseclog((LOG_ERR,
291 "esp_descbc_mature: invalid key length %d.\n",
292 _KEYBITS(sav->key_enc)));
293 return 1;
294 }
295
296 /* weak key check */
297 if (des_is_weak_key((des_cblock *)_KEYBUF(sav->key_enc))) {
298 ipseclog((LOG_ERR,
299 "esp_descbc_mature: weak key was passed.\n"));
300 return 1;
301 }
302
303 return 0;
304 }
305
306 static int
307 esp_descbc_ivlen(const struct esp_algorithm *algo, struct secasvar *sav)
308 {
309
310 if (!sav)
311 return 8;
312 if ((sav->flags & SADB_X_EXT_OLD) && (sav->flags & SADB_X_EXT_IV4B))
313 return 4;
314 if (!(sav->flags & SADB_X_EXT_OLD) && (sav->flags & SADB_X_EXT_DERIV))
315 return 4;
316 return 8;
317 }
318
319 static int
320 esp_des_schedlen(const struct esp_algorithm *algo)
321 {
322
323 return sizeof(des_key_schedule);
324 }
325
326 static int
327 esp_des_schedule(const struct esp_algorithm *algo, struct secasvar *sav)
328 {
329
330 if (des_key_sched((des_cblock *)_KEYBUF(sav->key_enc),
331 *(des_key_schedule *)sav->sched))
332 return EINVAL;
333 else
334 return 0;
335 }
336
337 static int
338 esp_des_blockdecrypt(const struct esp_algorithm *algo, struct secasvar *sav,
339 u_int8_t *s, u_int8_t *d)
340 {
341
342 /* assumption: d has a good alignment */
343 bcopy(s, d, sizeof(DES_LONG) * 2);
344 des_ecb_encrypt((des_cblock *)d, (des_cblock *)d,
345 *(des_key_schedule *)sav->sched, DES_DECRYPT);
346 return 0;
347 }
348
349 static int
350 esp_des_blockencrypt(const struct esp_algorithm *algo, struct secasvar *sav,
351 u_int8_t *s, u_int8_t *d)
352 {
353
354 /* assumption: d has a good alignment */
355 bcopy(s, d, sizeof(DES_LONG) * 2);
356 des_ecb_encrypt((des_cblock *)d, (des_cblock *)d,
357 *(des_key_schedule *)sav->sched, DES_ENCRYPT);
358 return 0;
359 }
360
361 static int
362 esp_cbc_mature(struct secasvar *sav)
363 {
364 int keylen;
365 const struct esp_algorithm *algo;
366
367 if (sav->flags & SADB_X_EXT_OLD) {
368 ipseclog((LOG_ERR,
369 "esp_cbc_mature: algorithm incompatible with esp-old\n"));
370 return 1;
371 }
372 if (sav->flags & SADB_X_EXT_DERIV) {
373 ipseclog((LOG_ERR,
374 "esp_cbc_mature: algorithm incompatible with derived\n"));
375 return 1;
376 }
377
378 if (!sav->key_enc) {
379 ipseclog((LOG_ERR, "esp_cbc_mature: no key is given.\n"));
380 return 1;
381 }
382
383 algo = esp_algorithm_lookup(sav->alg_enc);
384 if (!algo) {
385 ipseclog((LOG_ERR,
386 "esp_cbc_mature %s: unsupported algorithm.\n", algo->name));
387 return 1;
388 }
389
390 keylen = sav->key_enc->sadb_key_bits;
391 if (keylen < algo->keymin || algo->keymax < keylen) {
392 ipseclog((LOG_ERR,
393 "esp_cbc_mature %s: invalid key length %d.\n",
394 algo->name, sav->key_enc->sadb_key_bits));
395 return 1;
396 }
397 switch (sav->alg_enc) {
398 case SADB_EALG_3DESCBC:
399 /* weak key check */
400 if (des_is_weak_key((des_cblock *)_KEYBUF(sav->key_enc)) ||
401 des_is_weak_key((des_cblock *)(_KEYBUF(sav->key_enc) + 8)) ||
402 des_is_weak_key((des_cblock *)(_KEYBUF(sav->key_enc) + 16))) {
403 ipseclog((LOG_ERR,
404 "esp_cbc_mature %s: weak key was passed.\n",
405 algo->name));
406 return 1;
407 }
408 break;
409 case SADB_X_EALG_BLOWFISHCBC:
410 case SADB_X_EALG_CAST128CBC:
411 break;
412 case SADB_X_EALG_RIJNDAELCBC:
413 /* allows specific key sizes only */
414 if (!(keylen == 128 || keylen == 192 || keylen == 256)) {
415 ipseclog((LOG_ERR,
416 "esp_cbc_mature %s: invalid key length %d.\n",
417 algo->name, keylen));
418 return 1;
419 }
420 break;
421 }
422
423 return 0;
424 }
425
426 static int
427 esp_blowfish_schedlen(const struct esp_algorithm *algo)
428 {
429
430 return sizeof(BF_KEY);
431 }
432
433 static int
434 esp_blowfish_schedule(const struct esp_algorithm *algo, struct secasvar *sav)
435 {
436
437 BF_set_key((BF_KEY *)sav->sched, _KEYLEN(sav->key_enc),
438 _KEYBUF(sav->key_enc));
439 return 0;
440 }
441
442 static int
443 esp_blowfish_blockdecrypt(const struct esp_algorithm *algo,
444 struct secasvar *sav, u_int8_t *s, u_int8_t *d)
445 {
446 /* HOLY COW! BF_decrypt() takes values in host byteorder */
447 BF_LONG t[2];
448
449 bcopy(s, t, sizeof(t));
450 t[0] = ntohl(t[0]);
451 t[1] = ntohl(t[1]);
452 BF_decrypt(t, (BF_KEY *)sav->sched);
453 t[0] = htonl(t[0]);
454 t[1] = htonl(t[1]);
455 bcopy(t, d, sizeof(t));
456 return 0;
457 }
458
459 static int
460 esp_blowfish_blockencrypt(const struct esp_algorithm *algo,
461 struct secasvar *sav, u_int8_t *s, u_int8_t *d)
462 {
463 /* HOLY COW! BF_encrypt() takes values in host byteorder */
464 BF_LONG t[2];
465
466 bcopy(s, t, sizeof(t));
467 t[0] = ntohl(t[0]);
468 t[1] = ntohl(t[1]);
469 BF_encrypt(t, (BF_KEY *)sav->sched);
470 t[0] = htonl(t[0]);
471 t[1] = htonl(t[1]);
472 bcopy(t, d, sizeof(t));
473 return 0;
474 }
475
476 static int
477 esp_cast128_schedlen(const struct esp_algorithm *algo)
478 {
479
480 return sizeof(u_int32_t) * 32;
481 }
482
483 static int
484 esp_cast128_schedule(const struct esp_algorithm *algo, struct secasvar *sav)
485 {
486
487 set_cast128_subkey((u_int32_t *)sav->sched, _KEYBUF(sav->key_enc),
488 _KEYLEN(sav->key_enc));
489 return 0;
490 }
491
492 static int
493 esp_cast128_blockdecrypt(const struct esp_algorithm *algo,
494 struct secasvar *sav, u_int8_t *s, u_int8_t *d)
495 {
496
497 if (_KEYLEN(sav->key_enc) <= 80 / 8)
498 cast128_decrypt_round12(d, s, (u_int32_t *)sav->sched);
499 else
500 cast128_decrypt_round16(d, s, (u_int32_t *)sav->sched);
501 return 0;
502 }
503
504 static int
505 esp_cast128_blockencrypt(const struct esp_algorithm *algo, struct secasvar *sav,
506 u_int8_t *s, u_int8_t *d)
507 {
508
509 if (_KEYLEN(sav->key_enc) <= 80 / 8)
510 cast128_encrypt_round12(d, s, (u_int32_t *)sav->sched);
511 else
512 cast128_encrypt_round16(d, s, (u_int32_t *)sav->sched);
513 return 0;
514 }
515
516 static int
517 esp_3des_schedlen(const struct esp_algorithm *algo)
518 {
519
520 return sizeof(des_key_schedule) * 3;
521 }
522
523 static int
524 esp_3des_schedule(const struct esp_algorithm *algo, struct secasvar *sav)
525 {
526 int error;
527 des_key_schedule *p;
528 int i;
529 char *k;
530
531 p = (des_key_schedule *)sav->sched;
532 k = _KEYBUF(sav->key_enc);
533 for (i = 0; i < 3; i++) {
534 error = des_key_sched((des_cblock *)(k + 8 * i), p[i]);
535 if (error)
536 return EINVAL;
537 }
538 return 0;
539 }
540
541 static int
542 esp_3des_blockdecrypt(const struct esp_algorithm *algo, struct secasvar *sav,
543 u_int8_t *s, u_int8_t *d)
544 {
545 des_key_schedule *p;
546
547 /* assumption: d has a good alignment */
548 p = (des_key_schedule *)sav->sched;
549 bcopy(s, d, sizeof(DES_LONG) * 2);
550 des_ecb3_encrypt((des_cblock *)d, (des_cblock *)d,
551 p[0], p[1], p[2], DES_DECRYPT);
552 return 0;
553 }
554
555 static int
556 esp_3des_blockencrypt(const struct esp_algorithm *algo, struct secasvar *sav,
557 u_int8_t *s, u_int8_t *d)
558 {
559 des_key_schedule *p;
560
561 /* assumption: d has a good alignment */
562 p = (des_key_schedule *)sav->sched;
563 bcopy(s, d, sizeof(DES_LONG) * 2);
564 des_ecb3_encrypt((des_cblock *)d, (des_cblock *)d,
565 p[0], p[1], p[2], DES_ENCRYPT);
566 return 0;
567 }
568
569 static int
570 esp_common_ivlen(const struct esp_algorithm *algo, struct secasvar *sav)
571 {
572
573 if (!algo)
574 panic("esp_common_ivlen: unknown algorithm");
575 return algo->ivlenval;
576 }
577
578 static int
579 esp_cbc_decrypt(struct mbuf *m, size_t off, struct secasvar *sav,
580 const struct esp_algorithm *algo, int ivlen)
581 {
582 struct mbuf *s;
583 struct mbuf *d, *d0, *dp;
584 int soff, doff; /* offset from the head of chain, to head of this mbuf */
585 int sn, dn; /* offset from the head of the mbuf, to meat */
586 size_t ivoff, bodyoff;
587 u_int8_t iv[MAXIVLEN], *ivp;
588 u_int8_t sbuf[MAXIVLEN], *sp;
589 u_int8_t *p, *q;
590 struct mbuf *scut;
591 int scutoff;
592 int i;
593 int blocklen;
594 int derived;
595
596 if (ivlen != sav->ivlen || ivlen > sizeof(iv)) {
597 ipseclog((LOG_ERR, "esp_cbc_decrypt %s: "
598 "unsupported ivlen %d\n", algo->name, ivlen));
599 m_freem(m);
600 return EINVAL;
601 }
602
603 /* assumes blocklen == padbound */
604 blocklen = algo->padbound;
605
606 #ifdef DIAGNOSTIC
607 if (blocklen > sizeof(iv)) {
608 ipseclog((LOG_ERR, "esp_cbc_decrypt %s: "
609 "unsupported blocklen %d\n", algo->name, blocklen));
610 m_freem(m);
611 return EINVAL;
612 }
613 #endif
614
615 if (sav->flags & SADB_X_EXT_OLD) {
616 /* RFC 1827 */
617 ivoff = off + sizeof(struct esp);
618 bodyoff = off + sizeof(struct esp) + ivlen;
619 derived = 0;
620 } else {
621 /* RFC 2406 */
622 if (sav->flags & SADB_X_EXT_DERIV) {
623 /*
624 * draft-ietf-ipsec-ciph-des-derived-00.txt
625 * uses sequence number field as IV field.
626 */
627 ivoff = off + sizeof(struct esp);
628 bodyoff = off + sizeof(struct esp) + sizeof(u_int32_t);
629 ivlen = sizeof(u_int32_t);
630 derived = 1;
631 } else {
632 ivoff = off + sizeof(struct newesp);
633 bodyoff = off + sizeof(struct newesp) + ivlen;
634 derived = 0;
635 }
636 }
637
638 /* grab iv */
639 m_copydata(m, ivoff, ivlen, iv);
640
641 /* extend iv */
642 if (ivlen == blocklen)
643 ;
644 else if (ivlen == 4 && blocklen == 8) {
645 bcopy(&iv[0], &iv[4], 4);
646 iv[4] ^= 0xff;
647 iv[5] ^= 0xff;
648 iv[6] ^= 0xff;
649 iv[7] ^= 0xff;
650 } else {
651 ipseclog((LOG_ERR, "esp_cbc_encrypt %s: "
652 "unsupported ivlen/blocklen: %d %d\n",
653 algo->name, ivlen, blocklen));
654 m_freem(m);
655 return EINVAL;
656 }
657
658 if (m->m_pkthdr.len < bodyoff) {
659 ipseclog((LOG_ERR, "esp_cbc_decrypt %s: bad len %d/%lu\n",
660 algo->name, m->m_pkthdr.len, (unsigned long)bodyoff));
661 m_freem(m);
662 return EINVAL;
663 }
664 if ((m->m_pkthdr.len - bodyoff) % blocklen) {
665 ipseclog((LOG_ERR, "esp_cbc_decrypt %s: "
666 "payload length must be multiple of %d\n",
667 algo->name, blocklen));
668 m_freem(m);
669 return EINVAL;
670 }
671
672 s = m;
673 d = d0 = dp = NULL;
674 soff = doff = sn = dn = 0;
675 ivp = sp = NULL;
676
677 /* skip bodyoff */
678 while (soff < bodyoff) {
679 if (soff + s->m_len > bodyoff) {
680 sn = bodyoff - soff;
681 break;
682 }
683
684 soff += s->m_len;
685 s = s->m_next;
686 }
687 scut = s;
688 scutoff = sn;
689
690 /* skip over empty mbuf */
691 while (s && s->m_len == 0)
692 s = s->m_next;
693
694 while (soff < m->m_pkthdr.len) {
695 /* source */
696 if (sn + blocklen <= s->m_len) {
697 /* body is continuous */
698 sp = mtod(s, u_int8_t *) + sn;
699 } else {
700 /* body is non-continuous */
701 m_copydata(s, sn, blocklen, sbuf);
702 sp = sbuf;
703 }
704
705 /* destination */
706 if (!d || dn + blocklen > d->m_len) {
707 if (d)
708 dp = d;
709 MGET(d, MB_DONTWAIT, MT_DATA);
710 i = m->m_pkthdr.len - (soff + sn);
711 if (d && i > MLEN) {
712 MCLGET(d, MB_DONTWAIT);
713 if ((d->m_flags & M_EXT) == 0) {
714 m_free(d);
715 d = NULL;
716 }
717 }
718 if (!d) {
719 m_freem(m);
720 if (d0)
721 m_freem(d0);
722 return ENOBUFS;
723 }
724 if (!d0)
725 d0 = d;
726 if (dp)
727 dp->m_next = d;
728 d->m_len = 0;
729 d->m_len = (M_TRAILINGSPACE(d) / blocklen) * blocklen;
730 if (d->m_len > i)
731 d->m_len = i;
732 dn = 0;
733 }
734
735 /* decrypt */
736 (*algo->blockdecrypt)(algo, sav, sp, mtod(d, u_int8_t *) + dn);
737
738 /* xor */
739 p = ivp ? ivp : iv;
740 q = mtod(d, u_int8_t *) + dn;
741 for (i = 0; i < blocklen; i++)
742 q[i] ^= p[i];
743
744 /* next iv */
745 if (sp == sbuf) {
746 bcopy(sbuf, iv, blocklen);
747 ivp = NULL;
748 } else
749 ivp = sp;
750
751 sn += blocklen;
752 dn += blocklen;
753
754 /* find the next source block */
755 while (s && sn >= s->m_len) {
756 sn -= s->m_len;
757 soff += s->m_len;
758 s = s->m_next;
759 }
760
761 /* skip over empty mbuf */
762 while (s && s->m_len == 0)
763 s = s->m_next;
764 }
765
766 m_freem(scut->m_next);
767 scut->m_len = scutoff;
768 scut->m_next = d0;
769
770 /* just in case */
771 bzero(iv, sizeof(iv));
772 bzero(sbuf, sizeof(sbuf));
773
774 return 0;
775 }
776
777 static int
778 esp_cbc_encrypt(struct mbuf *m, size_t off, size_t plen, struct secasvar *sav,
779 const struct esp_algorithm *algo, int ivlen)
780 {
781 struct mbuf *s;
782 struct mbuf *d, *d0, *dp;
783 int soff, doff; /* offset from the head of chain, to head of this mbuf */
784 int sn, dn; /* offset from the head of the mbuf, to meat */
785 size_t ivoff, bodyoff;
786 u_int8_t iv[MAXIVLEN], *ivp;
787 u_int8_t sbuf[MAXIVLEN], *sp;
788 u_int8_t *p, *q;
789 struct mbuf *scut;
790 int scutoff;
791 int i;
792 int blocklen;
793 int derived;
794
795 if (ivlen != sav->ivlen || ivlen > sizeof(iv)) {
796 ipseclog((LOG_ERR, "esp_cbc_encrypt %s: "
797 "unsupported ivlen %d\n", algo->name, ivlen));
798 m_freem(m);
799 return EINVAL;
800 }
801
802 /* assumes blocklen == padbound */
803 blocklen = algo->padbound;
804
805 #ifdef DIAGNOSTIC
806 if (blocklen > sizeof(iv)) {
807 ipseclog((LOG_ERR, "esp_cbc_encrypt %s: "
808 "unsupported blocklen %d\n", algo->name, blocklen));
809 m_freem(m);
810 return EINVAL;
811 }
812 #endif
813
814 if (sav->flags & SADB_X_EXT_OLD) {
815 /* RFC 1827 */
816 ivoff = off + sizeof(struct esp);
817 bodyoff = off + sizeof(struct esp) + ivlen;
818 derived = 0;
819 } else {
820 /* RFC 2406 */
821 if (sav->flags & SADB_X_EXT_DERIV) {
822 /*
823 * draft-ietf-ipsec-ciph-des-derived-00.txt
824 * uses sequence number field as IV field.
825 */
826 ivoff = off + sizeof(struct esp);
827 bodyoff = off + sizeof(struct esp) + sizeof(u_int32_t);
828 ivlen = sizeof(u_int32_t);
829 derived = 1;
830 } else {
831 ivoff = off + sizeof(struct newesp);
832 bodyoff = off + sizeof(struct newesp) + ivlen;
833 derived = 0;
834 }
835 }
836
837 /* put iv into the packet. if we are in derived mode, use seqno. */
838 if (derived)
839 m_copydata(m, ivoff, ivlen, iv);
840 else {
841 bcopy(sav->iv, iv, ivlen);
842 /* maybe it is better to overwrite dest, not source */
843 m_copyback(m, ivoff, ivlen, iv);
844 }
845
846 /* extend iv */
847 if (ivlen == blocklen)
848 ;
849 else if (ivlen == 4 && blocklen == 8) {
850 bcopy(&iv[0], &iv[4], 4);
851 iv[4] ^= 0xff;
852 iv[5] ^= 0xff;
853 iv[6] ^= 0xff;
854 iv[7] ^= 0xff;
855 } else {
856 ipseclog((LOG_ERR, "esp_cbc_encrypt %s: "
857 "unsupported ivlen/blocklen: %d %d\n",
858 algo->name, ivlen, blocklen));
859 m_freem(m);
860 return EINVAL;
861 }
862
863 if (m->m_pkthdr.len < bodyoff) {
864 ipseclog((LOG_ERR, "esp_cbc_encrypt %s: bad len %d/%lu\n",
865 algo->name, m->m_pkthdr.len, (unsigned long)bodyoff));
866 m_freem(m);
867 return EINVAL;
868 }
869 if ((m->m_pkthdr.len - bodyoff) % blocklen) {
870 ipseclog((LOG_ERR, "esp_cbc_encrypt %s: "
871 "payload length must be multiple of %lu\n",
872 algo->name, (unsigned long)algo->padbound));
873 m_freem(m);
874 return EINVAL;
875 }
876
877 s = m;
878 d = d0 = dp = NULL;
879 soff = doff = sn = dn = 0;
880 ivp = sp = NULL;
881
882 /* skip bodyoff */
883 while (soff < bodyoff) {
884 if (soff + s->m_len > bodyoff) {
885 sn = bodyoff - soff;
886 break;
887 }
888
889 soff += s->m_len;
890 s = s->m_next;
891 }
892 scut = s;
893 scutoff = sn;
894
895 /* skip over empty mbuf */
896 while (s && s->m_len == 0)
897 s = s->m_next;
898
899 while (soff < m->m_pkthdr.len) {
900 /* source */
901 if (sn + blocklen <= s->m_len) {
902 /* body is continuous */
903 sp = mtod(s, u_int8_t *) + sn;
904 } else {
905 /* body is non-continuous */
906 m_copydata(s, sn, blocklen, sbuf);
907 sp = sbuf;
908 }
909
910 /* destination */
911 if (!d || dn + blocklen > d->m_len) {
912 if (d)
913 dp = d;
914 MGET(d, MB_DONTWAIT, MT_DATA);
915 i = m->m_pkthdr.len - (soff + sn);
916 if (d && i > MLEN) {
917 MCLGET(d, MB_DONTWAIT);
918 if ((d->m_flags & M_EXT) == 0) {
919 m_free(d);
920 d = NULL;
921 }
922 }
923 if (!d) {
924 m_freem(m);
925 if (d0)
926 m_freem(d0);
927 return ENOBUFS;
928 }
929 if (!d0)
930 d0 = d;
931 if (dp)
932 dp->m_next = d;
933 d->m_len = 0;
934 d->m_len = (M_TRAILINGSPACE(d) / blocklen) * blocklen;
935 if (d->m_len > i)
936 d->m_len = i;
937 dn = 0;
938 }
939
940 /* xor */
941 p = ivp ? ivp : iv;
942 q = sp;
943 for (i = 0; i < blocklen; i++)
944 q[i] ^= p[i];
945
946 /* encrypt */
947 (*algo->blockencrypt)(algo, sav, sp, mtod(d, u_int8_t *) + dn);
948
949 /* next iv */
950 ivp = mtod(d, u_int8_t *) + dn;
951
952 sn += blocklen;
953 dn += blocklen;
954
955 /* find the next source block */
956 while (s && sn >= s->m_len) {
957 sn -= s->m_len;
958 soff += s->m_len;
959 s = s->m_next;
960 }
961
962 /* skip over empty mbuf */
963 while (s && s->m_len == 0)
964 s = s->m_next;
965 }
966
967 m_freem(scut->m_next);
968 scut->m_len = scutoff;
969 scut->m_next = d0;
970
971 /* just in case */
972 bzero(iv, sizeof(iv));
973 bzero(sbuf, sizeof(sbuf));
974
975 key_sa_stir_iv(sav);
976
977 return 0;
978 }
979
980 /*------------------------------------------------------------*/
981
982 /* does not free m0 on error */
983 int
984 esp_auth(struct mbuf *m0,
985 size_t skip, /* offset to ESP header */
986 size_t length, /* payload length */
987 struct secasvar *sav, u_char *sum)
988 {
989 struct mbuf *m;
990 size_t off;
991 struct ah_algorithm_state s;
992 u_char sumbuf[AH_MAXSUMSIZE];
993 const struct ah_algorithm *algo;
994 size_t siz;
995 int error;
996
997 /* sanity checks */
998 if (m0->m_pkthdr.len < skip) {
999 ipseclog((LOG_DEBUG, "esp_auth: mbuf length < skip\n"));
1000 return EINVAL;
1001 }
1002 if (m0->m_pkthdr.len < skip + length) {
1003 ipseclog((LOG_DEBUG,
1004 "esp_auth: mbuf length < skip + length\n"));
1005 return EINVAL;
1006 }
1007 /*
1008 * length of esp part (excluding authentication data) must be 4n,
1009 * since nexthdr must be at offset 4n+3.
1010 */
1011 if (length % 4) {
1012 ipseclog((LOG_ERR, "esp_auth: length is not multiple of 4\n"));
1013 return EINVAL;
1014 }
1015 if (!sav) {
1016 ipseclog((LOG_DEBUG, "esp_auth: NULL SA passed\n"));
1017 return EINVAL;
1018 }
1019 algo = ah_algorithm_lookup(sav->alg_auth);
1020 if (!algo) {
1021 ipseclog((LOG_ERR,
1022 "esp_auth: bad ESP auth algorithm passed: %d\n",
1023 sav->alg_auth));
1024 return EINVAL;
1025 }
1026
1027 m = m0;
1028 off = 0;
1029
1030 siz = (((*algo->sumsiz)(sav) + 3) & ~(4 - 1));
1031 if (sizeof(sumbuf) < siz) {
1032 ipseclog((LOG_DEBUG,
1033 "esp_auth: AH_MAXSUMSIZE is too small: siz=%lu\n",
1034 (u_long)siz));
1035 return EINVAL;
1036 }
1037
1038 /* skip the header */
1039 while (skip) {
1040 if (!m)
1041 panic("mbuf chain?");
1042 if (m->m_len <= skip) {
1043 skip -= m->m_len;
1044 m = m->m_next;
1045 off = 0;
1046 } else {
1047 off = skip;
1048 skip = 0;
1049 }
1050 }
1051
1052 error = (*algo->init)(&s, sav);
1053 if (error)
1054 return error;
1055
1056 while (0 < length) {
1057 if (!m)
1058 panic("mbuf chain?");
1059
1060 if (m->m_len - off < length) {
1061 (*algo->update)(&s, mtod(m, u_char *) + off,
1062 m->m_len - off);
1063 length -= m->m_len - off;
1064 m = m->m_next;
1065 off = 0;
1066 } else {
1067 (*algo->update)(&s, mtod(m, u_char *) + off, length);
1068 break;
1069 }
1070 }
1071 (*algo->result)(&s, sumbuf);
1072 bcopy(sumbuf, sum, siz); /* XXX */
1073
1074 return 0;
1075 }
MP support for (parts of) the network stack