]>
Commit | Line | Data |
---|---|---|
1 | /* | |
2 | * Copyright (c) 2008-2016 Apple Inc. All rights reserved. | |
3 | * | |
4 | * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ | |
5 | * | |
6 | * This file contains Original Code and/or Modifications of Original Code | |
7 | * as defined in and that are subject to the Apple Public Source License | |
8 | * Version 2.0 (the 'License'). You may not use this file except in | |
9 | * compliance with the License. The rights granted to you under the License | |
10 | * may not be used to create, or enable the creation or redistribution of, | |
11 | * unlawful or unlicensed copies of an Apple operating system, or to | |
12 | * circumvent, violate, or enable the circumvention or violation of, any | |
13 | * terms of an Apple operating system software license agreement. | |
14 | * | |
15 | * Please obtain a copy of the License at | |
16 | * http://www.opensource.apple.com/apsl/ and read it before using this file. | |
17 | * | |
18 | * The Original Code and all software distributed under the License are | |
19 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER | |
20 | * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, | |
21 | * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, | |
22 | * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. | |
23 | * Please see the License for the specific language governing rights and | |
24 | * limitations under the License. | |
25 | * | |
26 | * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ | |
27 | */ | |
28 | ||
29 | /* $FreeBSD: src/sys/netinet6/esp_core.c,v 1.1.2.4 2002/03/26 10:12:29 ume Exp $ */ | |
30 | /* $KAME: esp_core.c,v 1.50 2000/11/02 12:27:38 itojun Exp $ */ | |
31 | ||
32 | /* | |
33 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. | |
34 | * All rights reserved. | |
35 | * | |
36 | * Redistribution and use in source and binary forms, with or without | |
37 | * modification, are permitted provided that the following conditions | |
38 | * are met: | |
39 | * 1. Redistributions of source code must retain the above copyright | |
40 | * notice, this list of conditions and the following disclaimer. | |
41 | * 2. Redistributions in binary form must reproduce the above copyright | |
42 | * notice, this list of conditions and the following disclaimer in the | |
43 | * documentation and/or other materials provided with the distribution. | |
44 | * 3. Neither the name of the project nor the names of its contributors | |
45 | * may be used to endorse or promote products derived from this software | |
46 | * without specific prior written permission. | |
47 | * | |
48 | * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND | |
49 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
50 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
51 | * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE | |
52 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
53 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
54 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
55 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
56 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
57 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
58 | * SUCH DAMAGE. | |
59 | */ | |
60 | ||
61 | #define _IP_VHL | |
62 | ||
63 | #include <sys/param.h> | |
64 | #include <sys/systm.h> | |
65 | #include <sys/malloc.h> | |
66 | #include <sys/mbuf.h> | |
67 | #include <sys/domain.h> | |
68 | #include <sys/protosw.h> | |
69 | #include <sys/socket.h> | |
70 | #include <sys/errno.h> | |
71 | #include <sys/time.h> | |
72 | #include <sys/kernel.h> | |
73 | #include <sys/syslog.h> | |
74 | ||
75 | #include <kern/locks.h> | |
76 | ||
77 | #include <net/if.h> | |
78 | #include <net/route.h> | |
79 | ||
80 | #include <netinet/in.h> | |
81 | #include <netinet/in_var.h> | |
82 | #if INET6 | |
83 | #include <netinet/ip6.h> | |
84 | #include <netinet6/ip6_var.h> | |
85 | #include <netinet/icmp6.h> | |
86 | #endif | |
87 | ||
88 | #include <netinet6/ipsec.h> | |
89 | #if INET6 | |
90 | #include <netinet6/ipsec6.h> | |
91 | #endif | |
92 | #include <netinet6/ah.h> | |
93 | #if INET6 | |
94 | #include <netinet6/ah6.h> | |
95 | #endif | |
96 | #include <netinet6/esp.h> | |
97 | #if INET6 | |
98 | #include <netinet6/esp6.h> | |
99 | #endif | |
100 | #include <netinet6/esp_rijndael.h> | |
101 | #include <net/pfkeyv2.h> | |
102 | #include <netkey/keydb.h> | |
103 | #include <netkey/key.h> | |
104 | #include <libkern/crypto/des.h> | |
105 | ||
106 | #include <net/net_osdep.h> | |
107 | ||
108 | #include <sys/kdebug.h> | |
109 | #define DBG_LAYER_BEG NETDBG_CODE(DBG_NETIPSEC, 1) | |
110 | #define DBG_LAYER_END NETDBG_CODE(DBG_NETIPSEC, 3) | |
111 | #define DBG_FNC_ESPAUTH NETDBG_CODE(DBG_NETIPSEC, (8 << 8)) | |
112 | #define MAX_SBUF_LEN 2000 | |
113 | ||
114 | extern lck_mtx_t *sadb_mutex; | |
115 | ||
116 | static int esp_null_mature(struct secasvar *); | |
117 | static int esp_null_decrypt(struct mbuf *, size_t, | |
118 | struct secasvar *, const struct esp_algorithm *, int); | |
119 | static int esp_null_encrypt(struct mbuf *, size_t, size_t, | |
120 | struct secasvar *, const struct esp_algorithm *, int); | |
121 | static int esp_descbc_mature(struct secasvar *); | |
122 | static int esp_descbc_ivlen(const struct esp_algorithm *, | |
123 | struct secasvar *); | |
124 | static int esp_des_schedule(const struct esp_algorithm *, | |
125 | struct secasvar *); | |
126 | static int esp_des_schedlen(const struct esp_algorithm *); | |
127 | static int esp_des_blockdecrypt(const struct esp_algorithm *, | |
128 | struct secasvar *, u_int8_t *, u_int8_t *); | |
129 | static int esp_des_blockencrypt(const struct esp_algorithm *, | |
130 | struct secasvar *, u_int8_t *, u_int8_t *); | |
131 | static int esp_cbc_mature(struct secasvar *); | |
132 | static int esp_3des_schedule(const struct esp_algorithm *, | |
133 | struct secasvar *); | |
134 | static int esp_3des_schedlen(const struct esp_algorithm *); | |
135 | static int esp_3des_blockdecrypt(const struct esp_algorithm *, | |
136 | struct secasvar *, u_int8_t *, u_int8_t *); | |
137 | static int esp_3des_blockencrypt(const struct esp_algorithm *, | |
138 | struct secasvar *, u_int8_t *, u_int8_t *); | |
139 | static int esp_common_ivlen(const struct esp_algorithm *, | |
140 | struct secasvar *); | |
141 | static int esp_cbc_decrypt(struct mbuf *, size_t, | |
142 | struct secasvar *, const struct esp_algorithm *, int); | |
143 | static int esp_cbc_encrypt(struct mbuf *, size_t, size_t, | |
144 | struct secasvar *, const struct esp_algorithm *, int); | |
145 | static int esp_gcm_mature(struct secasvar *); | |
146 | ||
147 | #define MAXIVLEN 16 | |
148 | ||
149 | #define ESP_AESGCM_KEYLEN128 160 // 16-bytes key + 4 bytes salt | |
150 | #define ESP_AESGCM_KEYLEN192 224 // 24-bytes key + 4 bytes salt | |
151 | #define ESP_AESGCM_KEYLEN256 288 // 32-bytes key + 4 bytes salt | |
152 | ||
153 | static const struct esp_algorithm des_cbc = | |
154 | { 8, -1, esp_descbc_mature, 64, 64, esp_des_schedlen, | |
155 | "des-cbc", | |
156 | esp_descbc_ivlen, esp_cbc_decrypt, | |
157 | esp_cbc_encrypt, esp_des_schedule, | |
158 | esp_des_blockdecrypt, esp_des_blockencrypt, | |
159 | 0, 0, 0 }; | |
160 | static const struct esp_algorithm des3_cbc = | |
161 | { 8, 8, esp_cbc_mature, 192, 192, esp_3des_schedlen, | |
162 | "3des-cbc", | |
163 | esp_common_ivlen, esp_cbc_decrypt, | |
164 | esp_cbc_encrypt, esp_3des_schedule, | |
165 | esp_3des_blockdecrypt, esp_3des_blockencrypt, | |
166 | 0, 0, 0 }; | |
167 | static const struct esp_algorithm null_esp = | |
168 | { 1, 0, esp_null_mature, 0, 2048, 0, "null", | |
169 | esp_common_ivlen, esp_null_decrypt, | |
170 | esp_null_encrypt, NULL, NULL, NULL, | |
171 | 0, 0, 0 }; | |
172 | static const struct esp_algorithm aes_cbc = | |
173 | { 16, 16, esp_cbc_mature, 128, 256, esp_aes_schedlen, | |
174 | "aes-cbc", | |
175 | esp_common_ivlen, esp_cbc_decrypt_aes, | |
176 | esp_cbc_encrypt_aes, esp_aes_schedule, | |
177 | 0, 0, | |
178 | 0, 0, 0 }; | |
179 | static const struct esp_algorithm aes_gcm = | |
180 | { 4, 8, esp_gcm_mature, ESP_AESGCM_KEYLEN128, ESP_AESGCM_KEYLEN256, esp_gcm_schedlen, | |
181 | "aes-gcm", | |
182 | esp_common_ivlen, esp_gcm_decrypt_aes, | |
183 | esp_gcm_encrypt_aes, esp_gcm_schedule, | |
184 | 0, 0, | |
185 | 16, esp_gcm_decrypt_finalize, esp_gcm_encrypt_finalize}; | |
186 | ||
187 | static const struct esp_algorithm *esp_algorithms[] = { | |
188 | &des_cbc, | |
189 | &des3_cbc, | |
190 | &null_esp, | |
191 | &aes_cbc, | |
192 | &aes_gcm, | |
193 | }; | |
194 | ||
195 | const struct esp_algorithm * | |
196 | esp_algorithm_lookup(int idx) | |
197 | { | |
198 | switch (idx) { | |
199 | case SADB_EALG_DESCBC: | |
200 | return &des_cbc; | |
201 | case SADB_EALG_3DESCBC: | |
202 | return &des3_cbc; | |
203 | case SADB_EALG_NULL: | |
204 | return &null_esp; | |
205 | case SADB_X_EALG_RIJNDAELCBC: | |
206 | return &aes_cbc; | |
207 | case SADB_X_EALG_AES_GCM: | |
208 | return &aes_gcm; | |
209 | default: | |
210 | return NULL; | |
211 | } | |
212 | } | |
213 | ||
214 | int | |
215 | esp_max_ivlen(void) | |
216 | { | |
217 | int idx; | |
218 | int ivlen; | |
219 | ||
220 | ivlen = 0; | |
221 | for (idx = 0; idx < sizeof(esp_algorithms)/sizeof(esp_algorithms[0]); | |
222 | idx++) { | |
223 | if (esp_algorithms[idx]->ivlenval > ivlen) | |
224 | ivlen = esp_algorithms[idx]->ivlenval; | |
225 | } | |
226 | ||
227 | return ivlen; | |
228 | } | |
229 | ||
230 | int | |
231 | esp_schedule(const struct esp_algorithm *algo, struct secasvar *sav) | |
232 | { | |
233 | int error; | |
234 | ||
235 | /* check for key length */ | |
236 | if (_KEYBITS(sav->key_enc) < algo->keymin || | |
237 | _KEYBITS(sav->key_enc) > algo->keymax) { | |
238 | ipseclog((LOG_ERR, | |
239 | "esp_schedule %s: unsupported key length %d: " | |
240 | "needs %d to %d bits\n", algo->name, _KEYBITS(sav->key_enc), | |
241 | algo->keymin, algo->keymax)); | |
242 | return EINVAL; | |
243 | } | |
244 | ||
245 | lck_mtx_lock(sadb_mutex); | |
246 | /* already allocated */ | |
247 | if (sav->sched && sav->schedlen != 0) { | |
248 | lck_mtx_unlock(sadb_mutex); | |
249 | return 0; | |
250 | } | |
251 | /* no schedule necessary */ | |
252 | if (!algo->schedule || !algo->schedlen) { | |
253 | lck_mtx_unlock(sadb_mutex); | |
254 | return 0; | |
255 | } | |
256 | ||
257 | sav->schedlen = (*algo->schedlen)(algo); | |
258 | if ((signed) sav->schedlen < 0) { | |
259 | lck_mtx_unlock(sadb_mutex); | |
260 | return EINVAL; | |
261 | } | |
262 | ||
263 | //#### that malloc should be replaced by a saved buffer... | |
264 | sav->sched = _MALLOC(sav->schedlen, M_SECA, M_DONTWAIT); | |
265 | if (!sav->sched) { | |
266 | sav->schedlen = 0; | |
267 | lck_mtx_unlock(sadb_mutex); | |
268 | return ENOBUFS; | |
269 | } | |
270 | ||
271 | error = (*algo->schedule)(algo, sav); | |
272 | if (error) { | |
273 | ipseclog((LOG_ERR, "esp_schedule %s: error %d\n", | |
274 | algo->name, error)); | |
275 | bzero(sav->sched, sav->schedlen); | |
276 | FREE(sav->sched, M_SECA); | |
277 | sav->sched = NULL; | |
278 | sav->schedlen = 0; | |
279 | } | |
280 | lck_mtx_unlock(sadb_mutex); | |
281 | return error; | |
282 | } | |
283 | ||
284 | static int | |
285 | esp_null_mature( | |
286 | __unused struct secasvar *sav) | |
287 | { | |
288 | ||
289 | /* anything is okay */ | |
290 | return 0; | |
291 | } | |
292 | ||
293 | static int | |
294 | esp_null_decrypt( | |
295 | __unused struct mbuf *m, | |
296 | __unused size_t off, /* offset to ESP header */ | |
297 | __unused struct secasvar *sav, | |
298 | __unused const struct esp_algorithm *algo, | |
299 | __unused int ivlen) | |
300 | { | |
301 | ||
302 | return 0; /* do nothing */ | |
303 | } | |
304 | ||
305 | static int | |
306 | esp_null_encrypt( | |
307 | __unused struct mbuf *m, | |
308 | __unused size_t off, /* offset to ESP header */ | |
309 | __unused size_t plen, /* payload length (to be encrypted) */ | |
310 | __unused struct secasvar *sav, | |
311 | __unused const struct esp_algorithm *algo, | |
312 | __unused int ivlen) | |
313 | { | |
314 | ||
315 | return 0; /* do nothing */ | |
316 | } | |
317 | ||
318 | static int | |
319 | esp_descbc_mature(struct secasvar *sav) | |
320 | { | |
321 | const struct esp_algorithm *algo; | |
322 | ||
323 | if (!(sav->flags & SADB_X_EXT_OLD) && (sav->flags & SADB_X_EXT_IV4B)) { | |
324 | ipseclog((LOG_ERR, "esp_cbc_mature: " | |
325 | "algorithm incompatible with 4 octets IV length\n")); | |
326 | return 1; | |
327 | } | |
328 | ||
329 | if (!sav->key_enc) { | |
330 | ipseclog((LOG_ERR, "esp_descbc_mature: no key is given.\n")); | |
331 | return 1; | |
332 | } | |
333 | ||
334 | algo = esp_algorithm_lookup(sav->alg_enc); | |
335 | if (!algo) { | |
336 | ipseclog((LOG_ERR, | |
337 | "esp_descbc_mature: unsupported algorithm.\n")); | |
338 | return 1; | |
339 | } | |
340 | ||
341 | if (_KEYBITS(sav->key_enc) < algo->keymin || | |
342 | _KEYBITS(sav->key_enc) > algo->keymax) { | |
343 | ipseclog((LOG_ERR, | |
344 | "esp_descbc_mature: invalid key length %d.\n", | |
345 | _KEYBITS(sav->key_enc))); | |
346 | return 1; | |
347 | } | |
348 | ||
349 | /* weak key check */ | |
350 | if (des_is_weak_key((des_cblock *)_KEYBUF(sav->key_enc))) { | |
351 | ipseclog((LOG_ERR, | |
352 | "esp_descbc_mature: weak key was passed.\n")); | |
353 | return 1; | |
354 | } | |
355 | ||
356 | return 0; | |
357 | } | |
358 | ||
359 | static int | |
360 | esp_descbc_ivlen( | |
361 | __unused const struct esp_algorithm *algo, | |
362 | struct secasvar *sav) | |
363 | { | |
364 | ||
365 | if (!sav) | |
366 | return 8; | |
367 | if ((sav->flags & SADB_X_EXT_OLD) && (sav->flags & SADB_X_EXT_IV4B)) | |
368 | return 4; | |
369 | if (!(sav->flags & SADB_X_EXT_OLD) && (sav->flags & SADB_X_EXT_DERIV)) | |
370 | return 4; | |
371 | return 8; | |
372 | } | |
373 | ||
374 | static int | |
375 | esp_des_schedlen( | |
376 | __unused const struct esp_algorithm *algo) | |
377 | { | |
378 | return sizeof(des_ecb_key_schedule); | |
379 | } | |
380 | ||
381 | static int | |
382 | esp_des_schedule( | |
383 | __unused const struct esp_algorithm *algo, | |
384 | struct secasvar *sav) | |
385 | { | |
386 | ||
387 | lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED); | |
388 | if (des_ecb_key_sched((des_cblock *)_KEYBUF(sav->key_enc), | |
389 | (des_ecb_key_schedule *)sav->sched)) | |
390 | return EINVAL; | |
391 | else | |
392 | return 0; | |
393 | } | |
394 | ||
395 | static int | |
396 | esp_des_blockdecrypt( | |
397 | __unused const struct esp_algorithm *algo, | |
398 | struct secasvar *sav, | |
399 | u_int8_t *s, | |
400 | u_int8_t *d) | |
401 | { | |
402 | /* assumption: d has a good alignment */ | |
403 | bcopy(s, d, sizeof(DES_LONG) * 2); | |
404 | des_ecb_encrypt((des_cblock *)d, (des_cblock *)d, | |
405 | (des_ecb_key_schedule *)sav->sched, DES_DECRYPT); | |
406 | return 0; | |
407 | } | |
408 | ||
409 | static int | |
410 | esp_des_blockencrypt( | |
411 | __unused const struct esp_algorithm *algo, | |
412 | struct secasvar *sav, | |
413 | u_int8_t *s, | |
414 | u_int8_t *d) | |
415 | { | |
416 | /* assumption: d has a good alignment */ | |
417 | bcopy(s, d, sizeof(DES_LONG) * 2); | |
418 | des_ecb_encrypt((des_cblock *)d, (des_cblock *)d, | |
419 | (des_ecb_key_schedule *)sav->sched, DES_ENCRYPT); | |
420 | return 0; | |
421 | } | |
422 | ||
423 | static int | |
424 | esp_cbc_mature(struct secasvar *sav) | |
425 | { | |
426 | int keylen; | |
427 | const struct esp_algorithm *algo; | |
428 | ||
429 | if (sav->flags & SADB_X_EXT_OLD) { | |
430 | ipseclog((LOG_ERR, | |
431 | "esp_cbc_mature: algorithm incompatible with esp-old\n")); | |
432 | return 1; | |
433 | } | |
434 | if (sav->flags & SADB_X_EXT_DERIV) { | |
435 | ipseclog((LOG_ERR, | |
436 | "esp_cbc_mature: algorithm incompatible with derived\n")); | |
437 | return 1; | |
438 | } | |
439 | ||
440 | if (!sav->key_enc) { | |
441 | ipseclog((LOG_ERR, "esp_cbc_mature: no key is given.\n")); | |
442 | return 1; | |
443 | } | |
444 | ||
445 | algo = esp_algorithm_lookup(sav->alg_enc); | |
446 | if (!algo) { | |
447 | ipseclog((LOG_ERR, | |
448 | "esp_cbc_mature: unsupported algorithm.\n")); | |
449 | return 1; | |
450 | } | |
451 | ||
452 | keylen = sav->key_enc->sadb_key_bits; | |
453 | if (keylen < algo->keymin || algo->keymax < keylen) { | |
454 | ipseclog((LOG_ERR, | |
455 | "esp_cbc_mature %s: invalid key length %d.\n", | |
456 | algo->name, sav->key_enc->sadb_key_bits)); | |
457 | return 1; | |
458 | } | |
459 | switch (sav->alg_enc) { | |
460 | case SADB_EALG_3DESCBC: | |
461 | /* weak key check */ | |
462 | if (des_is_weak_key((des_cblock *)_KEYBUF(sav->key_enc)) || | |
463 | des_is_weak_key((des_cblock *)(_KEYBUF(sav->key_enc) + 8)) || | |
464 | des_is_weak_key((des_cblock *)(_KEYBUF(sav->key_enc) + 16))) { | |
465 | ipseclog((LOG_ERR, | |
466 | "esp_cbc_mature %s: weak key was passed.\n", | |
467 | algo->name)); | |
468 | return 1; | |
469 | } | |
470 | break; | |
471 | case SADB_X_EALG_RIJNDAELCBC: | |
472 | /* allows specific key sizes only */ | |
473 | if (!(keylen == 128 || keylen == 192 || keylen == 256)) { | |
474 | ipseclog((LOG_ERR, | |
475 | "esp_cbc_mature %s: invalid key length %d.\n", | |
476 | algo->name, keylen)); | |
477 | return 1; | |
478 | } | |
479 | break; | |
480 | } | |
481 | ||
482 | return 0; | |
483 | } | |
484 | ||
485 | static int | |
486 | esp_gcm_mature(struct secasvar *sav) | |
487 | { | |
488 | int keylen; | |
489 | const struct esp_algorithm *algo; | |
490 | ||
491 | if (sav->flags & SADB_X_EXT_OLD) { | |
492 | ipseclog((LOG_ERR, | |
493 | "esp_gcm_mature: algorithm incompatible with esp-old\n")); | |
494 | return 1; | |
495 | } | |
496 | if (sav->flags & SADB_X_EXT_DERIV) { | |
497 | ipseclog((LOG_ERR, | |
498 | "esp_gcm_mature: algorithm incompatible with derived\n")); | |
499 | return 1; | |
500 | } | |
501 | ||
502 | if (!sav->key_enc) { | |
503 | ipseclog((LOG_ERR, "esp_gcm_mature: no key is given.\n")); | |
504 | return 1; | |
505 | } | |
506 | ||
507 | algo = esp_algorithm_lookup(sav->alg_enc); | |
508 | if (!algo) { | |
509 | ipseclog((LOG_ERR, | |
510 | "esp_gcm_mature: unsupported algorithm.\n")); | |
511 | return 1; | |
512 | } | |
513 | ||
514 | keylen = sav->key_enc->sadb_key_bits; | |
515 | if (keylen < algo->keymin || algo->keymax < keylen) { | |
516 | ipseclog((LOG_ERR, | |
517 | "esp_gcm_mature %s: invalid key length %d.\n", | |
518 | algo->name, sav->key_enc->sadb_key_bits)); | |
519 | return 1; | |
520 | } | |
521 | switch (sav->alg_enc) { | |
522 | case SADB_X_EALG_AES_GCM: | |
523 | /* allows specific key sizes only */ | |
524 | if (!(keylen == ESP_AESGCM_KEYLEN128 || keylen == ESP_AESGCM_KEYLEN192 || keylen == ESP_AESGCM_KEYLEN256)) { | |
525 | ipseclog((LOG_ERR, | |
526 | "esp_gcm_mature %s: invalid key length %d.\n", | |
527 | algo->name, keylen)); | |
528 | return 1; | |
529 | } | |
530 | break; | |
531 | default: | |
532 | ipseclog((LOG_ERR, | |
533 | "esp_gcm_mature %s: invalid algo %d.\n", sav->alg_enc)); | |
534 | return 1; | |
535 | } | |
536 | ||
537 | return 0; | |
538 | } | |
539 | ||
540 | static int | |
541 | esp_3des_schedlen( | |
542 | __unused const struct esp_algorithm *algo) | |
543 | { | |
544 | ||
545 | return sizeof(des3_ecb_key_schedule); | |
546 | } | |
547 | ||
548 | static int | |
549 | esp_3des_schedule( | |
550 | __unused const struct esp_algorithm *algo, | |
551 | struct secasvar *sav) | |
552 | { | |
553 | lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED); | |
554 | ||
555 | if (des3_ecb_key_sched((des_cblock *)_KEYBUF(sav->key_enc), | |
556 | (des3_ecb_key_schedule *)sav->sched)) | |
557 | return EINVAL; | |
558 | else | |
559 | return 0; | |
560 | } | |
561 | ||
562 | static int | |
563 | esp_3des_blockdecrypt( | |
564 | __unused const struct esp_algorithm *algo, | |
565 | struct secasvar *sav, | |
566 | u_int8_t *s, | |
567 | u_int8_t *d) | |
568 | { | |
569 | /* assumption: d has a good alignment */ | |
570 | bcopy(s, d, sizeof(DES_LONG) * 2); | |
571 | des3_ecb_encrypt((des_cblock *)d, (des_cblock *)d, | |
572 | (des3_ecb_key_schedule *)sav->sched, DES_DECRYPT); | |
573 | return 0; | |
574 | } | |
575 | ||
576 | static int | |
577 | esp_3des_blockencrypt( | |
578 | __unused const struct esp_algorithm *algo, | |
579 | struct secasvar *sav, | |
580 | u_int8_t *s, | |
581 | u_int8_t *d) | |
582 | { | |
583 | /* assumption: d has a good alignment */ | |
584 | bcopy(s, d, sizeof(DES_LONG) * 2); | |
585 | des3_ecb_encrypt((des_cblock *)d, (des_cblock *)d, | |
586 | (des3_ecb_key_schedule *)sav->sched, DES_ENCRYPT); | |
587 | return 0; | |
588 | } | |
589 | ||
590 | static int | |
591 | esp_common_ivlen( | |
592 | const struct esp_algorithm *algo, | |
593 | __unused struct secasvar *sav) | |
594 | { | |
595 | ||
596 | if (!algo) | |
597 | panic("esp_common_ivlen: unknown algorithm"); | |
598 | return algo->ivlenval; | |
599 | } | |
600 | ||
601 | static int | |
602 | esp_cbc_decrypt(struct mbuf *m, size_t off, struct secasvar *sav, | |
603 | const struct esp_algorithm *algo, int ivlen) | |
604 | { | |
605 | struct mbuf *s; | |
606 | struct mbuf *d, *d0, *dp; | |
607 | int soff, doff; /* offset from the head of chain, to head of this mbuf */ | |
608 | int sn, dn; /* offset from the head of the mbuf, to meat */ | |
609 | size_t ivoff, bodyoff; | |
610 | u_int8_t iv[MAXIVLEN] __attribute__((aligned(4))), *ivp; | |
611 | u_int8_t *sbuf = NULL, *sp, *sp_unaligned; | |
612 | u_int8_t *p, *q; | |
613 | struct mbuf *scut; | |
614 | int scutoff; | |
615 | int i, result = 0; | |
616 | int blocklen; | |
617 | int derived; | |
618 | ||
619 | if (ivlen != sav->ivlen || ivlen > sizeof(iv)) { | |
620 | ipseclog((LOG_ERR, "esp_cbc_decrypt %s: " | |
621 | "unsupported ivlen %d\n", algo->name, ivlen)); | |
622 | m_freem(m); | |
623 | return EINVAL; | |
624 | } | |
625 | ||
626 | /* assumes blocklen == padbound */ | |
627 | blocklen = algo->padbound; | |
628 | ||
629 | #if DIAGNOSTIC | |
630 | if (blocklen > sizeof(iv)) { | |
631 | ipseclog((LOG_ERR, "esp_cbc_decrypt %s: " | |
632 | "unsupported blocklen %d\n", algo->name, blocklen)); | |
633 | m_freem(m); | |
634 | return EINVAL; | |
635 | } | |
636 | #endif | |
637 | ||
638 | if (sav->flags & SADB_X_EXT_OLD) { | |
639 | /* RFC 1827 */ | |
640 | ivoff = off + sizeof(struct esp); | |
641 | bodyoff = off + sizeof(struct esp) + ivlen; | |
642 | derived = 0; | |
643 | } else { | |
644 | /* RFC 2406 */ | |
645 | if (sav->flags & SADB_X_EXT_DERIV) { | |
646 | /* | |
647 | * draft-ietf-ipsec-ciph-des-derived-00.txt | |
648 | * uses sequence number field as IV field. | |
649 | */ | |
650 | ivoff = off + sizeof(struct esp); | |
651 | bodyoff = off + sizeof(struct esp) + sizeof(u_int32_t); | |
652 | ivlen = sizeof(u_int32_t); | |
653 | derived = 1; | |
654 | } else { | |
655 | ivoff = off + sizeof(struct newesp); | |
656 | bodyoff = off + sizeof(struct newesp) + ivlen; | |
657 | derived = 0; | |
658 | } | |
659 | } | |
660 | ||
661 | /* grab iv */ | |
662 | m_copydata(m, ivoff, ivlen, (caddr_t) iv); | |
663 | ||
664 | /* extend iv */ | |
665 | if (ivlen == blocklen) | |
666 | ; | |
667 | else if (ivlen == 4 && blocklen == 8) { | |
668 | bcopy(&iv[0], &iv[4], 4); | |
669 | iv[4] ^= 0xff; | |
670 | iv[5] ^= 0xff; | |
671 | iv[6] ^= 0xff; | |
672 | iv[7] ^= 0xff; | |
673 | } else { | |
674 | ipseclog((LOG_ERR, "esp_cbc_encrypt %s: " | |
675 | "unsupported ivlen/blocklen: %d %d\n", | |
676 | algo->name, ivlen, blocklen)); | |
677 | m_freem(m); | |
678 | return EINVAL; | |
679 | } | |
680 | ||
681 | if (m->m_pkthdr.len < bodyoff) { | |
682 | ipseclog((LOG_ERR, "esp_cbc_decrypt %s: bad len %d/%lu\n", | |
683 | algo->name, m->m_pkthdr.len, (u_int32_t)bodyoff)); | |
684 | m_freem(m); | |
685 | return EINVAL; | |
686 | } | |
687 | if ((m->m_pkthdr.len - bodyoff) % blocklen) { | |
688 | ipseclog((LOG_ERR, "esp_cbc_decrypt %s: " | |
689 | "payload length must be multiple of %d\n", | |
690 | algo->name, blocklen)); | |
691 | m_freem(m); | |
692 | return EINVAL; | |
693 | } | |
694 | ||
695 | s = m; | |
696 | d = d0 = dp = NULL; | |
697 | soff = doff = sn = dn = 0; | |
698 | ivp = sp = NULL; | |
699 | ||
700 | /* skip bodyoff */ | |
701 | while (soff < bodyoff) { | |
702 | if (soff + s->m_len > bodyoff) { | |
703 | sn = bodyoff - soff; | |
704 | break; | |
705 | } | |
706 | ||
707 | soff += s->m_len; | |
708 | s = s->m_next; | |
709 | } | |
710 | scut = s; | |
711 | scutoff = sn; | |
712 | ||
713 | /* skip over empty mbuf */ | |
714 | while (s && s->m_len == 0) | |
715 | s = s->m_next; | |
716 | ||
717 | // Allocate blocksized buffer for unaligned or non-contiguous access | |
718 | sbuf = (u_int8_t *)_MALLOC(blocklen, M_SECA, M_DONTWAIT); | |
719 | if (sbuf == NULL) | |
720 | return ENOBUFS; | |
721 | while (soff < m->m_pkthdr.len) { | |
722 | /* source */ | |
723 | if (sn + blocklen <= s->m_len) { | |
724 | /* body is continuous */ | |
725 | sp = mtod(s, u_int8_t *) + sn; | |
726 | } else { | |
727 | /* body is non-continuous */ | |
728 | m_copydata(s, sn, blocklen, (caddr_t) sbuf); | |
729 | sp = sbuf; | |
730 | } | |
731 | ||
732 | /* destination */ | |
733 | if (!d || dn + blocklen > d->m_len) { | |
734 | if (d) | |
735 | dp = d; | |
736 | MGET(d, M_DONTWAIT, MT_DATA); | |
737 | i = m->m_pkthdr.len - (soff + sn); | |
738 | if (d && i > MLEN) { | |
739 | MCLGET(d, M_DONTWAIT); | |
740 | if ((d->m_flags & M_EXT) == 0) { | |
741 | m_free(d); | |
742 | d = NULL; | |
743 | } | |
744 | } | |
745 | if (!d) { | |
746 | m_freem(m); | |
747 | if (d0) | |
748 | m_freem(d0); | |
749 | result = ENOBUFS; | |
750 | goto end; | |
751 | } | |
752 | if (!d0) | |
753 | d0 = d; | |
754 | if (dp) | |
755 | dp->m_next = d; | |
756 | ||
757 | // try to make mbuf data aligned | |
758 | if (!IPSEC_IS_P2ALIGNED(d->m_data)) { | |
759 | m_adj(d, IPSEC_GET_P2UNALIGNED_OFS(d->m_data)); | |
760 | } | |
761 | ||
762 | d->m_len = 0; | |
763 | d->m_len = (M_TRAILINGSPACE(d) / blocklen) * blocklen; | |
764 | if (d->m_len > i) | |
765 | d->m_len = i; | |
766 | dn = 0; | |
767 | } | |
768 | ||
769 | /* decrypt */ | |
770 | // check input pointer alignment and use a separate aligned buffer (if sp is unaligned on 4-byte boundary). | |
771 | if (IPSEC_IS_P2ALIGNED(sp)) { | |
772 | sp_unaligned = NULL; | |
773 | } else { | |
774 | sp_unaligned = sp; | |
775 | sp = sbuf; | |
776 | memcpy(sp, sp_unaligned, blocklen); | |
777 | } | |
778 | // no need to check output pointer alignment | |
779 | (*algo->blockdecrypt)(algo, sav, sp, mtod(d, u_int8_t *) + dn); | |
780 | ||
781 | // update unaligned pointers | |
782 | if (!IPSEC_IS_P2ALIGNED(sp_unaligned)) { | |
783 | sp = sp_unaligned; | |
784 | } | |
785 | ||
786 | /* xor */ | |
787 | p = ivp ? ivp : iv; | |
788 | q = mtod(d, u_int8_t *) + dn; | |
789 | for (i = 0; i < blocklen; i++) | |
790 | q[i] ^= p[i]; | |
791 | ||
792 | /* next iv */ | |
793 | if (sp == sbuf) { | |
794 | bcopy(sbuf, iv, blocklen); | |
795 | ivp = NULL; | |
796 | } else | |
797 | ivp = sp; | |
798 | ||
799 | sn += blocklen; | |
800 | dn += blocklen; | |
801 | ||
802 | /* find the next source block */ | |
803 | while (s && sn >= s->m_len) { | |
804 | sn -= s->m_len; | |
805 | soff += s->m_len; | |
806 | s = s->m_next; | |
807 | } | |
808 | } | |
809 | ||
810 | m_freem(scut->m_next); | |
811 | scut->m_len = scutoff; | |
812 | scut->m_next = d0; | |
813 | ||
814 | /* just in case */ | |
815 | bzero(iv, sizeof(iv)); | |
816 | bzero(sbuf, blocklen); | |
817 | end: | |
818 | if (sbuf != NULL) | |
819 | FREE(sbuf, M_SECA); | |
820 | return result; | |
821 | } | |
822 | ||
823 | static int | |
824 | esp_cbc_encrypt( | |
825 | struct mbuf *m, | |
826 | size_t off, | |
827 | __unused size_t plen, | |
828 | struct secasvar *sav, | |
829 | const struct esp_algorithm *algo, | |
830 | int ivlen) | |
831 | { | |
832 | struct mbuf *s; | |
833 | struct mbuf *d, *d0, *dp; | |
834 | int soff, doff; /* offset from the head of chain, to head of this mbuf */ | |
835 | int sn, dn; /* offset from the head of the mbuf, to meat */ | |
836 | size_t ivoff, bodyoff; | |
837 | u_int8_t iv[MAXIVLEN] __attribute__((aligned(4))), *ivp; | |
838 | u_int8_t *sbuf = NULL, *sp, *sp_unaligned; | |
839 | u_int8_t *p, *q; | |
840 | struct mbuf *scut; | |
841 | int scutoff; | |
842 | int i, result = 0; | |
843 | int blocklen; | |
844 | int derived; | |
845 | ||
846 | if (ivlen != sav->ivlen || ivlen > sizeof(iv)) { | |
847 | ipseclog((LOG_ERR, "esp_cbc_encrypt %s: " | |
848 | "unsupported ivlen %d\n", algo->name, ivlen)); | |
849 | m_freem(m); | |
850 | return EINVAL; | |
851 | } | |
852 | ||
853 | /* assumes blocklen == padbound */ | |
854 | blocklen = algo->padbound; | |
855 | ||
856 | #if DIAGNOSTIC | |
857 | if (blocklen > sizeof(iv)) { | |
858 | ipseclog((LOG_ERR, "esp_cbc_encrypt %s: " | |
859 | "unsupported blocklen %d\n", algo->name, blocklen)); | |
860 | m_freem(m); | |
861 | return EINVAL; | |
862 | } | |
863 | #endif | |
864 | ||
865 | if (sav->flags & SADB_X_EXT_OLD) { | |
866 | /* RFC 1827 */ | |
867 | ivoff = off + sizeof(struct esp); | |
868 | bodyoff = off + sizeof(struct esp) + ivlen; | |
869 | derived = 0; | |
870 | } else { | |
871 | /* RFC 2406 */ | |
872 | if (sav->flags & SADB_X_EXT_DERIV) { | |
873 | /* | |
874 | * draft-ietf-ipsec-ciph-des-derived-00.txt | |
875 | * uses sequence number field as IV field. | |
876 | */ | |
877 | ivoff = off + sizeof(struct esp); | |
878 | bodyoff = off + sizeof(struct esp) + sizeof(u_int32_t); | |
879 | ivlen = sizeof(u_int32_t); | |
880 | derived = 1; | |
881 | } else { | |
882 | ivoff = off + sizeof(struct newesp); | |
883 | bodyoff = off + sizeof(struct newesp) + ivlen; | |
884 | derived = 0; | |
885 | } | |
886 | } | |
887 | ||
888 | /* put iv into the packet. if we are in derived mode, use seqno. */ | |
889 | if (derived) | |
890 | m_copydata(m, ivoff, ivlen, (caddr_t) iv); | |
891 | else { | |
892 | bcopy(sav->iv, iv, ivlen); | |
893 | /* maybe it is better to overwrite dest, not source */ | |
894 | m_copyback(m, ivoff, ivlen, (caddr_t) iv); | |
895 | } | |
896 | ||
897 | /* extend iv */ | |
898 | if (ivlen == blocklen) | |
899 | ; | |
900 | else if (ivlen == 4 && blocklen == 8) { | |
901 | bcopy(&iv[0], &iv[4], 4); | |
902 | iv[4] ^= 0xff; | |
903 | iv[5] ^= 0xff; | |
904 | iv[6] ^= 0xff; | |
905 | iv[7] ^= 0xff; | |
906 | } else { | |
907 | ipseclog((LOG_ERR, "esp_cbc_encrypt %s: " | |
908 | "unsupported ivlen/blocklen: %d %d\n", | |
909 | algo->name, ivlen, blocklen)); | |
910 | m_freem(m); | |
911 | return EINVAL; | |
912 | } | |
913 | ||
914 | if (m->m_pkthdr.len < bodyoff) { | |
915 | ipseclog((LOG_ERR, "esp_cbc_encrypt %s: bad len %d/%lu\n", | |
916 | algo->name, m->m_pkthdr.len, (u_int32_t)bodyoff)); | |
917 | m_freem(m); | |
918 | return EINVAL; | |
919 | } | |
920 | if ((m->m_pkthdr.len - bodyoff) % blocklen) { | |
921 | ipseclog((LOG_ERR, "esp_cbc_encrypt %s: " | |
922 | "payload length must be multiple of %lu\n", | |
923 | algo->name, (u_int32_t)algo->padbound)); | |
924 | m_freem(m); | |
925 | return EINVAL; | |
926 | } | |
927 | ||
928 | s = m; | |
929 | d = d0 = dp = NULL; | |
930 | soff = doff = sn = dn = 0; | |
931 | ivp = sp = NULL; | |
932 | ||
933 | /* skip bodyoff */ | |
934 | while (soff < bodyoff) { | |
935 | if (soff + s->m_len > bodyoff) { | |
936 | sn = bodyoff - soff; | |
937 | break; | |
938 | } | |
939 | ||
940 | soff += s->m_len; | |
941 | s = s->m_next; | |
942 | } | |
943 | scut = s; | |
944 | scutoff = sn; | |
945 | ||
946 | /* skip over empty mbuf */ | |
947 | while (s && s->m_len == 0) | |
948 | s = s->m_next; | |
949 | ||
950 | // Allocate blocksized buffer for unaligned or non-contiguous access | |
951 | sbuf = (u_int8_t *)_MALLOC(blocklen, M_SECA, M_DONTWAIT); | |
952 | if (sbuf == NULL) | |
953 | return ENOBUFS; | |
954 | while (soff < m->m_pkthdr.len) { | |
955 | /* source */ | |
956 | if (sn + blocklen <= s->m_len) { | |
957 | /* body is continuous */ | |
958 | sp = mtod(s, u_int8_t *) + sn; | |
959 | } else { | |
960 | /* body is non-continuous */ | |
961 | m_copydata(s, sn, blocklen, (caddr_t) sbuf); | |
962 | sp = sbuf; | |
963 | } | |
964 | ||
965 | /* destination */ | |
966 | if (!d || dn + blocklen > d->m_len) { | |
967 | if (d) | |
968 | dp = d; | |
969 | MGET(d, M_DONTWAIT, MT_DATA); | |
970 | i = m->m_pkthdr.len - (soff + sn); | |
971 | if (d && i > MLEN) { | |
972 | MCLGET(d, M_DONTWAIT); | |
973 | if ((d->m_flags & M_EXT) == 0) { | |
974 | m_free(d); | |
975 | d = NULL; | |
976 | } | |
977 | } | |
978 | if (!d) { | |
979 | m_freem(m); | |
980 | if (d0) | |
981 | m_freem(d0); | |
982 | result = ENOBUFS; | |
983 | goto end; | |
984 | } | |
985 | if (!d0) | |
986 | d0 = d; | |
987 | if (dp) | |
988 | dp->m_next = d; | |
989 | ||
990 | // try to make mbuf data aligned | |
991 | if (!IPSEC_IS_P2ALIGNED(d->m_data)) { | |
992 | m_adj(d, IPSEC_GET_P2UNALIGNED_OFS(d->m_data)); | |
993 | } | |
994 | ||
995 | d->m_len = 0; | |
996 | d->m_len = (M_TRAILINGSPACE(d) / blocklen) * blocklen; | |
997 | if (d->m_len > i) | |
998 | d->m_len = i; | |
999 | dn = 0; | |
1000 | } | |
1001 | ||
1002 | /* xor */ | |
1003 | p = ivp ? ivp : iv; | |
1004 | q = sp; | |
1005 | for (i = 0; i < blocklen; i++) | |
1006 | q[i] ^= p[i]; | |
1007 | ||
1008 | /* encrypt */ | |
1009 | // check input pointer alignment and use a separate aligned buffer (if sp is not aligned on 4-byte boundary). | |
1010 | if (IPSEC_IS_P2ALIGNED(sp)) { | |
1011 | sp_unaligned = NULL; | |
1012 | } else { | |
1013 | sp_unaligned = sp; | |
1014 | sp = sbuf; | |
1015 | memcpy(sp, sp_unaligned, blocklen); | |
1016 | } | |
1017 | // no need to check output pointer alignment | |
1018 | (*algo->blockencrypt)(algo, sav, sp, mtod(d, u_int8_t *) + dn); | |
1019 | ||
1020 | // update unaligned pointers | |
1021 | if (!IPSEC_IS_P2ALIGNED(sp_unaligned)) { | |
1022 | sp = sp_unaligned; | |
1023 | } | |
1024 | ||
1025 | /* next iv */ | |
1026 | ivp = mtod(d, u_int8_t *) + dn; | |
1027 | ||
1028 | sn += blocklen; | |
1029 | dn += blocklen; | |
1030 | ||
1031 | /* find the next source block */ | |
1032 | while (s && sn >= s->m_len) { | |
1033 | sn -= s->m_len; | |
1034 | soff += s->m_len; | |
1035 | s = s->m_next; | |
1036 | } | |
1037 | } | |
1038 | ||
1039 | m_freem(scut->m_next); | |
1040 | scut->m_len = scutoff; | |
1041 | scut->m_next = d0; | |
1042 | ||
1043 | /* just in case */ | |
1044 | bzero(iv, sizeof(iv)); | |
1045 | bzero(sbuf, blocklen); | |
1046 | ||
1047 | key_sa_stir_iv(sav); | |
1048 | end: | |
1049 | if (sbuf != NULL) | |
1050 | FREE(sbuf, M_SECA); | |
1051 | return result; | |
1052 | } | |
1053 | ||
1054 | /*------------------------------------------------------------*/ | |
1055 | ||
1056 | /* does not free m0 on error */ | |
1057 | int | |
1058 | esp_auth( | |
1059 | struct mbuf *m0, | |
1060 | size_t skip, /* offset to ESP header */ | |
1061 | size_t length, /* payload length */ | |
1062 | struct secasvar *sav, | |
1063 | u_char *sum) | |
1064 | { | |
1065 | struct mbuf *m; | |
1066 | size_t off; | |
1067 | struct ah_algorithm_state s; | |
1068 | u_char sumbuf[AH_MAXSUMSIZE] __attribute__((aligned(4))); | |
1069 | const struct ah_algorithm *algo; | |
1070 | size_t siz; | |
1071 | int error; | |
1072 | ||
1073 | /* sanity checks */ | |
1074 | if (m0->m_pkthdr.len < skip) { | |
1075 | ipseclog((LOG_DEBUG, "esp_auth: mbuf length < skip\n")); | |
1076 | return EINVAL; | |
1077 | } | |
1078 | if (m0->m_pkthdr.len < skip + length) { | |
1079 | ipseclog((LOG_DEBUG, | |
1080 | "esp_auth: mbuf length < skip + length\n")); | |
1081 | return EINVAL; | |
1082 | } | |
1083 | ||
1084 | KERNEL_DEBUG(DBG_FNC_ESPAUTH | DBG_FUNC_START, skip,length,0,0,0); | |
1085 | /* | |
1086 | * length of esp part (excluding authentication data) must be 4n, | |
1087 | * since nexthdr must be at offset 4n+3. | |
1088 | */ | |
1089 | if (length % 4) { | |
1090 | ipseclog((LOG_ERR, "esp_auth: length is not multiple of 4\n")); | |
1091 | KERNEL_DEBUG(DBG_FNC_ESPAUTH | DBG_FUNC_END, 1,0,0,0,0); | |
1092 | return EINVAL; | |
1093 | } | |
1094 | if (!sav) { | |
1095 | ipseclog((LOG_DEBUG, "esp_auth: NULL SA passed\n")); | |
1096 | KERNEL_DEBUG(DBG_FNC_ESPAUTH | DBG_FUNC_END, 2,0,0,0,0); | |
1097 | return EINVAL; | |
1098 | } | |
1099 | algo = ah_algorithm_lookup(sav->alg_auth); | |
1100 | if (!algo) { | |
1101 | ipseclog((LOG_ERR, | |
1102 | "esp_auth: bad ESP auth algorithm passed: %d\n", | |
1103 | sav->alg_auth)); | |
1104 | KERNEL_DEBUG(DBG_FNC_ESPAUTH | DBG_FUNC_END, 3,0,0,0,0); | |
1105 | return EINVAL; | |
1106 | } | |
1107 | ||
1108 | m = m0; | |
1109 | off = 0; | |
1110 | ||
1111 | siz = (((*algo->sumsiz)(sav) + 3) & ~(4 - 1)); | |
1112 | if (sizeof(sumbuf) < siz) { | |
1113 | ipseclog((LOG_DEBUG, | |
1114 | "esp_auth: AH_MAXSUMSIZE is too small: siz=%lu\n", | |
1115 | (u_int32_t)siz)); | |
1116 | KERNEL_DEBUG(DBG_FNC_ESPAUTH | DBG_FUNC_END, 4,0,0,0,0); | |
1117 | return EINVAL; | |
1118 | } | |
1119 | ||
1120 | /* skip the header */ | |
1121 | while (skip) { | |
1122 | if (!m) | |
1123 | panic("mbuf chain?"); | |
1124 | if (m->m_len <= skip) { | |
1125 | skip -= m->m_len; | |
1126 | m = m->m_next; | |
1127 | off = 0; | |
1128 | } else { | |
1129 | off = skip; | |
1130 | skip = 0; | |
1131 | } | |
1132 | } | |
1133 | ||
1134 | error = (*algo->init)(&s, sav); | |
1135 | if (error) { | |
1136 | KERNEL_DEBUG(DBG_FNC_ESPAUTH | DBG_FUNC_END, 5,0,0,0,0); | |
1137 | return error; | |
1138 | } | |
1139 | while (0 < length) { | |
1140 | if (!m) | |
1141 | panic("mbuf chain?"); | |
1142 | ||
1143 | if (m->m_len - off < length) { | |
1144 | (*algo->update)(&s, (caddr_t)(mtod(m, u_char *) + off), | |
1145 | m->m_len - off); | |
1146 | length -= m->m_len - off; | |
1147 | m = m->m_next; | |
1148 | off = 0; | |
1149 | } else { | |
1150 | (*algo->update)(&s, (caddr_t)(mtod(m, u_char *) + off), length); | |
1151 | break; | |
1152 | } | |
1153 | } | |
1154 | (*algo->result)(&s, (caddr_t) sumbuf, sizeof(sumbuf)); | |
1155 | bcopy(sumbuf, sum, siz); /*XXX*/ | |
1156 | KERNEL_DEBUG(DBG_FNC_ESPAUTH | DBG_FUNC_END, 6,0,0,0,0); | |
1157 | return 0; | |
1158 | } |