]> git.saurik.com Git - apple/xnu.git/blob - bsd/netinet6/esp_rijndael.c
projects / apple / xnu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
xnu-2782.1.97.tar.gz
[apple/xnu.git] / bsd / netinet6 / esp_rijndael.c
1 /*
2 * Copyright (c) 2008 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28
29 /* $FreeBSD: src/sys/netinet6/esp_rijndael.c,v 1.1.2.1 2001/07/03 11:01:50 ume Exp $ */
30 /* $KAME: esp_rijndael.c,v 1.4 2001/03/02 05:53:05 itojun Exp $ */
31
32 /*
33 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
34 * All rights reserved.
35 *
36 * Redistribution and use in source and binary forms, with or without
37 * modification, are permitted provided that the following conditions
38 * are met:
39 * 1. Redistributions of source code must retain the above copyright
40 * notice, this list of conditions and the following disclaimer.
41 * 2. Redistributions in binary form must reproduce the above copyright
42 * notice, this list of conditions and the following disclaimer in the
43 * documentation and/or other materials provided with the distribution.
44 * 3. Neither the name of the project nor the names of its contributors
45 * may be used to endorse or promote products derived from this software
46 * without specific prior written permission.
47 *
48 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
49 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
50 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
51 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
52 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
53 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
54 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
55 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
56 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
57 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
58 * SUCH DAMAGE.
59 */
60
61 #include <sys/param.h>
62 #include <sys/systm.h>
63 #include <sys/socket.h>
64 #include <sys/queue.h>
65 #include <sys/syslog.h>
66 #include <sys/mbuf.h>
67 #include <sys/mcache.h>
68
69 #include <kern/locks.h>
70
71 #include <net/if.h>
72 #include <net/route.h>
73
74 #include <netinet6/ipsec.h>
75 #include <netinet6/esp.h>
76 #include <netinet6/esp_rijndael.h>
77
78 #include <libkern/crypto/aes.h>
79
80 #include <netkey/key.h>
81
82 #include <net/net_osdep.h>
83
84 #define MAX_REALIGN_LEN 2000
85 #define AES_BLOCKLEN 16
86
87 extern lck_mtx_t *sadb_mutex;
88
89 int
90 esp_aes_schedlen(
91 __unused const struct esp_algorithm *algo)
92 {
93
94 return sizeof(aes_ctx);
95 }
96
97 int
98 esp_aes_schedule(
99 __unused const struct esp_algorithm *algo,
100 struct secasvar *sav)
101 {
102
103 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
104 aes_ctx *ctx = (aes_ctx*)sav->sched;
105
106 aes_decrypt_key((const unsigned char *) _KEYBUF(sav->key_enc), _KEYLEN(sav->key_enc), &ctx->decrypt);
107 aes_encrypt_key((const unsigned char *) _KEYBUF(sav->key_enc), _KEYLEN(sav->key_enc), &ctx->encrypt);
108
109 return 0;
110 }
111
112
113 /* The following 2 functions decrypt or encrypt the contents of
114 * the mbuf chain passed in keeping the IP and ESP header's in place,
115 * along with the IV.
116 * The code attempts to call the crypto code with the largest chunk
117 * of data it can based on the amount of source data in
118 * the current source mbuf and the space remaining in the current
119 * destination mbuf. The crypto code requires data to be a multiples
120 * of 16 bytes. A separate buffer is used when a 16 byte block spans
121 * mbufs.
122 *
123 * m = mbuf chain
124 * off = offset to ESP header
125 *
126 * local vars for source:
127 * soff = offset from beginning of the chain to the head of the
128 * current mbuf.
129 * scut = last mbuf that contains headers to be retained
130 * scutoff = offset to end of the headers in scut
131 * s = the current mbuf
132 * sn = current offset to data in s (next source data to process)
133 *
134 * local vars for dest:
135 * d0 = head of chain
136 * d = current mbuf
137 * dn = current offset in d (next location to store result)
138 */
139
140
141 int
142 esp_cbc_decrypt_aes(m, off, sav, algo, ivlen)
143 struct mbuf *m;
144 size_t off;
145 struct secasvar *sav;
146 const struct esp_algorithm *algo;
147 int ivlen;
148 {
149 struct mbuf *s;
150 struct mbuf *d, *d0, *dp;
151 int soff; /* offset from the head of chain, to head of this mbuf */
152 int sn, dn; /* offset from the head of the mbuf, to meat */
153 size_t ivoff, bodyoff;
154 u_int8_t iv[AES_BLOCKLEN] __attribute__((aligned(4))), *dptr;
155 u_int8_t sbuf[AES_BLOCKLEN] __attribute__((aligned(4))), *sp, *sp_unaligned, *sp_aligned = NULL;
156 struct mbuf *scut;
157 int scutoff;
158 int i, len;
159
160
161 if (ivlen != AES_BLOCKLEN) {
162 ipseclog((LOG_ERR, "esp_cbc_decrypt %s: "
163 "unsupported ivlen %d\n", algo->name, ivlen));
164 m_freem(m);
165 return EINVAL;
166 }
167
168 if (sav->flags & SADB_X_EXT_OLD) {
169 /* RFC 1827 */
170 ivoff = off + sizeof(struct esp);
171 bodyoff = off + sizeof(struct esp) + ivlen;
172 } else {
173 ivoff = off + sizeof(struct newesp);
174 bodyoff = off + sizeof(struct newesp) + ivlen;
175 }
176
177 if (m->m_pkthdr.len < bodyoff) {
178 ipseclog((LOG_ERR, "esp_cbc_decrypt %s: bad len %d/%lu\n",
179 algo->name, m->m_pkthdr.len, (u_int32_t)bodyoff));
180 m_freem(m);
181 return EINVAL;
182 }
183 if ((m->m_pkthdr.len - bodyoff) % AES_BLOCKLEN) {
184 ipseclog((LOG_ERR, "esp_cbc_decrypt %s: "
185 "payload length must be multiple of %d\n",
186 algo->name, AES_BLOCKLEN));
187 m_freem(m);
188 return EINVAL;
189 }
190
191 /* grab iv */
192 m_copydata(m, ivoff, ivlen, (caddr_t) iv);
193
194 s = m;
195 soff = sn = dn = 0;
196 d = d0 = dp = NULL;
197 sp = dptr = NULL;
198
199 /* skip header/IV offset */
200 while (soff < bodyoff) {
201 if (soff + s->m_len > bodyoff) {
202 sn = bodyoff - soff;
203 break;
204 }
205
206 soff += s->m_len;
207 s = s->m_next;
208 }
209 scut = s;
210 scutoff = sn;
211
212 /* skip over empty mbuf */
213 while (s && s->m_len == 0)
214 s = s->m_next;
215
216 while (soff < m->m_pkthdr.len) {
217 /* source */
218 if (sn + AES_BLOCKLEN <= s->m_len) {
219 /* body is continuous */
220 sp = mtod(s, u_int8_t *) + sn;
221 len = s->m_len - sn;
222 len -= len % AES_BLOCKLEN; // full blocks only
223 } else {
224 /* body is non-continuous */
225 m_copydata(s, sn, AES_BLOCKLEN, (caddr_t) sbuf);
226 sp = sbuf;
227 len = AES_BLOCKLEN; // 1 block only in sbuf
228 }
229
230 /* destination */
231 if (!d || dn + AES_BLOCKLEN > d->m_len) {
232 if (d)
233 dp = d;
234 MGET(d, M_DONTWAIT, MT_DATA);
235 i = m->m_pkthdr.len - (soff + sn);
236 if (d && i > MLEN) {
237 MCLGET(d, M_DONTWAIT);
238 if ((d->m_flags & M_EXT) == 0) {
239 d = m_mbigget(d, M_DONTWAIT);
240 if ((d->m_flags & M_EXT) == 0) {
241 m_free(d);
242 d = NULL;
243 }
244 }
245 }
246 if (!d) {
247 m_freem(m);
248 if (d0)
249 m_freem(d0);
250 return ENOBUFS;
251 }
252 if (!d0)
253 d0 = d;
254 if (dp)
255 dp->m_next = d;
256
257 // try to make mbuf data aligned
258 if (!IPSEC_IS_P2ALIGNED(d->m_data)) {
259 m_adj(d, IPSEC_GET_P2UNALIGNED_OFS(d->m_data));
260 }
261
262 d->m_len = M_TRAILINGSPACE(d);
263 d->m_len -= d->m_len % AES_BLOCKLEN;
264 if (d->m_len > i)
265 d->m_len = i;
266 dptr = mtod(d, u_int8_t *);
267 dn = 0;
268 }
269
270 /* adjust len if greater than space available in dest */
271 if (len > d->m_len - dn)
272 len = d->m_len - dn;
273
274 /* decrypt */
275 // check input pointer alignment and use a separate aligned buffer (if sp is unaligned on 4-byte boundary).
276 if (IPSEC_IS_P2ALIGNED(sp)) {
277 sp_unaligned = NULL;
278 } else {
279 sp_unaligned = sp;
280 if (len > MAX_REALIGN_LEN) {
281 return ENOBUFS;
282 }
283 if (sp_aligned == NULL) {
284 sp_aligned = (u_int8_t *)_MALLOC(MAX_REALIGN_LEN, M_SECA, M_DONTWAIT);
285 if (sp_aligned == NULL)
286 return ENOMEM;
287 }
288 sp = sp_aligned;
289 memcpy(sp, sp_unaligned, len);
290 }
291 // no need to check output pointer alignment
292 aes_decrypt_cbc(sp, iv, len >> 4, dptr + dn,
293 (aes_decrypt_ctx*)(&(((aes_ctx*)sav->sched)->decrypt)));
294
295 // update unaligned pointers
296 if (!IPSEC_IS_P2ALIGNED(sp_unaligned)) {
297 sp = sp_unaligned;
298 }
299
300 /* udpate offsets */
301 sn += len;
302 dn += len;
303
304 // next iv
305 bcopy(sp + len - AES_BLOCKLEN, iv, AES_BLOCKLEN);
306
307 /* find the next source block */
308 while (s && sn >= s->m_len) {
309 sn -= s->m_len;
310 soff += s->m_len;
311 s = s->m_next;
312 }
313
314 }
315
316 /* free un-needed source mbufs and add dest mbufs to chain */
317 m_freem(scut->m_next);
318 scut->m_len = scutoff;
319 scut->m_next = d0;
320
321 // free memory
322 if (sp_aligned != NULL) {
323 FREE(sp_aligned, M_SECA);
324 sp_aligned = NULL;
325 }
326
327 /* just in case */
328 bzero(iv, sizeof(iv));
329 bzero(sbuf, sizeof(sbuf));
330
331 return 0;
332 }
333
334 int
335 esp_cbc_encrypt_aes(
336 struct mbuf *m,
337 size_t off,
338 __unused size_t plen,
339 struct secasvar *sav,
340 const struct esp_algorithm *algo,
341 int ivlen)
342 {
343 struct mbuf *s;
344 struct mbuf *d, *d0, *dp;
345 int soff; /* offset from the head of chain, to head of this mbuf */
346 int sn, dn; /* offset from the head of the mbuf, to meat */
347 size_t ivoff, bodyoff;
348 u_int8_t *ivp, *dptr, *ivp_unaligned;
349 u_int8_t sbuf[AES_BLOCKLEN] __attribute__((aligned(4))), *sp, *sp_unaligned, *sp_aligned = NULL;
350 u_int8_t ivp_aligned_buf[AES_BLOCKLEN] __attribute__((aligned(4)));
351 struct mbuf *scut;
352 int scutoff;
353 int i, len;
354
355 if (ivlen != AES_BLOCKLEN) {
356 ipseclog((LOG_ERR, "esp_cbc_encrypt %s: "
357 "unsupported ivlen %d\n", algo->name, ivlen));
358 m_freem(m);
359 return EINVAL;
360 }
361
362 if (sav->flags & SADB_X_EXT_OLD) {
363 /* RFC 1827 */
364 ivoff = off + sizeof(struct esp);
365 bodyoff = off + sizeof(struct esp) + ivlen;
366 } else {
367 ivoff = off + sizeof(struct newesp);
368 bodyoff = off + sizeof(struct newesp) + ivlen;
369 }
370
371 /* put iv into the packet */
372 m_copyback(m, ivoff, ivlen, sav->iv);
373 ivp = (u_int8_t *) sav->iv;
374
375 if (m->m_pkthdr.len < bodyoff) {
376 ipseclog((LOG_ERR, "esp_cbc_encrypt %s: bad len %d/%lu\n",
377 algo->name, m->m_pkthdr.len, (u_int32_t)bodyoff));
378 m_freem(m);
379 return EINVAL;
380 }
381 if ((m->m_pkthdr.len - bodyoff) % AES_BLOCKLEN) {
382 ipseclog((LOG_ERR, "esp_cbc_encrypt %s: "
383 "payload length must be multiple of %lu\n",
384 algo->name, AES_BLOCKLEN));
385 m_freem(m);
386 return EINVAL;
387 }
388
389 s = m;
390 soff = sn = dn = 0;
391 d = d0 = dp = NULL;
392 sp = dptr = NULL;
393
394 /* skip headers/IV */
395 while (soff < bodyoff) {
396 if (soff + s->m_len > bodyoff) {
397 sn = bodyoff - soff;
398 break;
399 }
400
401 soff += s->m_len;
402 s = s->m_next;
403 }
404 scut = s;
405 scutoff = sn;
406
407 /* skip over empty mbuf */
408 while (s && s->m_len == 0)
409 s = s->m_next;
410
411 while (soff < m->m_pkthdr.len) {
412 /* source */
413 if (sn + AES_BLOCKLEN <= s->m_len) {
414 /* body is continuous */
415 sp = mtod(s, u_int8_t *) + sn;
416 len = s->m_len - sn;
417 len -= len % AES_BLOCKLEN; // full blocks only
418 } else {
419 /* body is non-continuous */
420 m_copydata(s, sn, AES_BLOCKLEN, (caddr_t) sbuf);
421 sp = sbuf;
422 len = AES_BLOCKLEN; // 1 block only in sbuf
423 }
424
425 /* destination */
426 if (!d || dn + AES_BLOCKLEN > d->m_len) {
427 if (d)
428 dp = d;
429 MGET(d, M_DONTWAIT, MT_DATA);
430 i = m->m_pkthdr.len - (soff + sn);
431 if (d && i > MLEN) {
432 MCLGET(d, M_DONTWAIT);
433 if ((d->m_flags & M_EXT) == 0) {
434 d = m_mbigget(d, M_DONTWAIT);
435 if ((d->m_flags & M_EXT) == 0) {
436 m_free(d);
437 d = NULL;
438 }
439 }
440 }
441 if (!d) {
442 m_freem(m);
443 if (d0)
444 m_freem(d0);
445 return ENOBUFS;
446 }
447 if (!d0)
448 d0 = d;
449 if (dp)
450 dp->m_next = d;
451
452 // try to make mbuf data aligned
453 if (!IPSEC_IS_P2ALIGNED(d->m_data)) {
454 m_adj(d, IPSEC_GET_P2UNALIGNED_OFS(d->m_data));
455 }
456
457 d->m_len = M_TRAILINGSPACE(d);
458 d->m_len -= d->m_len % AES_BLOCKLEN;
459 if (d->m_len > i)
460 d->m_len = i;
461 dptr = mtod(d, u_int8_t *);
462 dn = 0;
463 }
464
465 /* adjust len if greater than space available */
466 if (len > d->m_len - dn)
467 len = d->m_len - dn;
468
469 /* encrypt */
470 // check input pointer alignment and use a separate aligned buffer (if sp is not aligned on 4-byte boundary).
471 if (IPSEC_IS_P2ALIGNED(sp)) {
472 sp_unaligned = NULL;
473 } else {
474 sp_unaligned = sp;
475 if (len > MAX_REALIGN_LEN) {
476 return ENOBUFS;
477 }
478 if (sp_aligned == NULL) {
479 sp_aligned = (u_int8_t *)_MALLOC(MAX_REALIGN_LEN, M_SECA, M_DONTWAIT);
480 if (sp_aligned == NULL)
481 return ENOMEM;
482 }
483 sp = sp_aligned;
484 memcpy(sp, sp_unaligned, len);
485 }
486 // check ivp pointer alignment and use a separate aligned buffer (if ivp is not aligned on 4-byte boundary).
487 if (IPSEC_IS_P2ALIGNED(ivp)) {
488 ivp_unaligned = NULL;
489 } else {
490 ivp_unaligned = ivp;
491 ivp = ivp_aligned_buf;
492 memcpy(ivp, ivp_unaligned, AES_BLOCKLEN);
493 }
494 // no need to check output pointer alignment
495 aes_encrypt_cbc(sp, ivp, len >> 4, dptr + dn,
496 (aes_encrypt_ctx*)(&(((aes_ctx*)sav->sched)->encrypt)));
497
498 // update unaligned pointers
499 if (!IPSEC_IS_P2ALIGNED(sp_unaligned)) {
500 sp = sp_unaligned;
501 }
502 if (!IPSEC_IS_P2ALIGNED(ivp_unaligned)) {
503 ivp = ivp_unaligned;
504 }
505
506 /* update offsets */
507 sn += len;
508 dn += len;
509
510 /* next iv */
511 ivp = dptr + dn - AES_BLOCKLEN; // last block encrypted
512
513 /* find the next source block and skip empty mbufs */
514 while (s && sn >= s->m_len) {
515 sn -= s->m_len;
516 soff += s->m_len;
517 s = s->m_next;
518 }
519 }
520
521 /* free un-needed source mbufs and add dest mbufs to chain */
522 m_freem(scut->m_next);
523 scut->m_len = scutoff;
524 scut->m_next = d0;
525
526 // free memory
527 if (sp_aligned != NULL) {
528 FREE(sp_aligned, M_SECA);
529 sp_aligned = NULL;
530 }
531
532 /* just in case */
533 bzero(sbuf, sizeof(sbuf));
534 key_sa_stir_iv(sav);
535
536 return 0;
537 }
mirror of XNU