X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/2d21ac55c334faf3a56e5634905ed6987fc787d4..3e170ce000f1506b7b5d2c5c7faec85ceabb573d:/bsd/netinet6/esp_core.c diff --git a/bsd/netinet6/esp_core.c b/bsd/netinet6/esp_core.c index bd51351c9..90c01fe19 100644 --- a/bsd/netinet6/esp_core.c +++ b/bsd/netinet6/esp_core.c @@ -1,3 +1,31 @@ +/* + * Copyright (c) 2008 Apple Inc. All rights reserved. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ + */ + /* $FreeBSD: src/sys/netinet6/esp_core.c,v 1.1.2.4 2002/03/26 10:12:29 ume Exp $ */ /* $KAME: esp_core.c,v 1.50 2000/11/02 12:27:38 itojun Exp $ */ @@ -73,9 +101,7 @@ #include #include #include -#include -#include -#include +#include #include @@ -83,6 +109,7 @@ #define DBG_LAYER_BEG NETDBG_CODE(DBG_NETIPSEC, 1) #define DBG_LAYER_END NETDBG_CODE(DBG_NETIPSEC, 3) #define DBG_FNC_ESPAUTH NETDBG_CODE(DBG_NETIPSEC, (8 << 8)) +#define MAX_SBUF_LEN 2000 extern lck_mtx_t *sadb_mutex; @@ -102,22 +129,6 @@ static int esp_des_blockdecrypt(const struct esp_algorithm *, static int esp_des_blockencrypt(const struct esp_algorithm *, struct secasvar *, u_int8_t *, u_int8_t *); static int esp_cbc_mature(struct secasvar *); -#if ALLCRYPTO -static int esp_blowfish_schedule(const struct esp_algorithm *, - struct secasvar *); -static int esp_blowfish_schedlen(const struct esp_algorithm *); -static int esp_blowfish_blockdecrypt(const struct esp_algorithm *, - struct secasvar *, u_int8_t *, u_int8_t *); -static int esp_blowfish_blockencrypt(const struct esp_algorithm *, - struct secasvar *, u_int8_t *, u_int8_t *); -static int esp_cast128_schedule(const struct esp_algorithm *, - struct secasvar *); -static int esp_cast128_schedlen(const struct esp_algorithm *); -static int esp_cast128_blockdecrypt(const struct esp_algorithm *, - struct secasvar *, u_int8_t *, u_int8_t *); -static int esp_cast128_blockencrypt(const struct esp_algorithm *, - struct secasvar *, u_int8_t *, u_int8_t *); -#endif /* ALLCRYPTO */ static int esp_3des_schedule(const struct esp_algorithm *, struct secasvar *); static int esp_3des_schedlen(const struct esp_algorithm *); @@ -131,61 +142,60 @@ static int esp_cbc_decrypt(struct mbuf *, size_t, struct secasvar *, const struct esp_algorithm *, int); static int esp_cbc_encrypt(struct mbuf *, size_t, size_t, struct secasvar *, const struct esp_algorithm *, int); +static int esp_gcm_mature(struct secasvar *); #define MAXIVLEN 16 +#define ESP_AESGCM_KEYLEN128 160 // 16-bytes key + 4 bytes salt +#define ESP_AESGCM_KEYLEN192 224 // 24-bytes key + 4 bytes salt +#define ESP_AESGCM_KEYLEN256 288 // 32-bytes key + 4 bytes salt + static const struct esp_algorithm des_cbc = { 8, -1, esp_descbc_mature, 64, 64, esp_des_schedlen, "des-cbc", esp_descbc_ivlen, esp_cbc_decrypt, esp_cbc_encrypt, esp_des_schedule, - esp_des_blockdecrypt, esp_des_blockencrypt, }; + esp_des_blockdecrypt, esp_des_blockencrypt, + 0, 0, 0 }; static const struct esp_algorithm des3_cbc = { 8, 8, esp_cbc_mature, 192, 192, esp_3des_schedlen, "3des-cbc", esp_common_ivlen, esp_cbc_decrypt, esp_cbc_encrypt, esp_3des_schedule, - esp_3des_blockdecrypt, esp_3des_blockencrypt, }; + esp_3des_blockdecrypt, esp_3des_blockencrypt, + 0, 0, 0 }; static const struct esp_algorithm null_esp = { 1, 0, esp_null_mature, 0, 2048, 0, "null", esp_common_ivlen, esp_null_decrypt, - esp_null_encrypt, NULL, NULL, NULL }; -#if ALLCRYPTO -static const struct esp_algorithm blowfish_cbc = - { 8, 8, esp_cbc_mature, 40, 448, esp_blowfish_schedlen, "blowfish-cbc", - esp_common_ivlen, esp_cbc_decrypt, - esp_cbc_encrypt, esp_blowfish_schedule, - esp_blowfish_blockdecrypt, esp_blowfish_blockencrypt, }; -static const struct esp_algorithm cast128_cbc = - { 8, 8, esp_cbc_mature, 40, 128, esp_cast128_schedlen, - "cast128-cbc", - esp_common_ivlen, esp_cbc_decrypt, - esp_cbc_encrypt, esp_cast128_schedule, - esp_cast128_blockdecrypt, esp_cast128_blockencrypt, }; -#endif /* ALLCRYPTO */ + esp_null_encrypt, NULL, NULL, NULL, + 0, 0, 0 }; static const struct esp_algorithm aes_cbc = { 16, 16, esp_cbc_mature, 128, 256, esp_aes_schedlen, "aes-cbc", esp_common_ivlen, esp_cbc_decrypt_aes, esp_cbc_encrypt_aes, esp_aes_schedule, - 0, 0 }; + 0, 0, + 0, 0, 0 }; +static const struct esp_algorithm aes_gcm = + { 4, 8, esp_gcm_mature, ESP_AESGCM_KEYLEN128, ESP_AESGCM_KEYLEN256, esp_gcm_schedlen, + "aes-gcm", + esp_common_ivlen, esp_gcm_decrypt_aes, + esp_gcm_encrypt_aes, esp_gcm_schedule, + 0, 0, + 16, esp_gcm_decrypt_finalize, esp_gcm_encrypt_finalize}; static const struct esp_algorithm *esp_algorithms[] = { &des_cbc, &des3_cbc, &null_esp, -#if ALLCRYPTO - &blowfish_cbc, - &cast128_cbc, -#endif /* ALLCRYPTO */ - &aes_cbc + &aes_cbc, + &aes_gcm, }; const struct esp_algorithm * esp_algorithm_lookup(idx) int idx; { - switch (idx) { case SADB_EALG_DESCBC: return &des_cbc; @@ -193,14 +203,10 @@ esp_algorithm_lookup(idx) return &des3_cbc; case SADB_EALG_NULL: return &null_esp; -#if ALLCRYPTO - case SADB_X_EALG_BLOWFISHCBC: - return &blowfish_cbc; - case SADB_X_EALG_CAST128CBC: - return &cast128_cbc; -#endif /* ALLCRYPTO */ case SADB_X_EALG_RIJNDAELCBC: return &aes_cbc; + case SADB_X_EALG_AES_GCM: + return &aes_gcm; default: return NULL; } @@ -250,9 +256,9 @@ esp_schedule(algo, sav) lck_mtx_unlock(sadb_mutex); return 0; } - + sav->schedlen = (*algo->schedlen)(algo); - if (sav->schedlen < 0) { + if ((signed) sav->schedlen < 0) { lck_mtx_unlock(sadb_mutex); return EINVAL; } @@ -373,8 +379,7 @@ static int esp_des_schedlen( __unused const struct esp_algorithm *algo) { - - return sizeof(des_key_schedule); + return sizeof(des_ecb_key_schedule); } static int @@ -384,8 +389,8 @@ esp_des_schedule( { lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED); - if (des_key_sched((des_cblock *)_KEYBUF(sav->key_enc), - *(des_key_schedule *)sav->sched)) + if (des_ecb_key_sched((des_cblock *)_KEYBUF(sav->key_enc), + (des_ecb_key_schedule *)sav->sched)) return EINVAL; else return 0; @@ -398,11 +403,10 @@ esp_des_blockdecrypt( u_int8_t *s, u_int8_t *d) { - /* assumption: d has a good alignment */ bcopy(s, d, sizeof(DES_LONG) * 2); des_ecb_encrypt((des_cblock *)d, (des_cblock *)d, - *(des_key_schedule *)sav->sched, DES_DECRYPT); + (des_ecb_key_schedule *)sav->sched, DES_DECRYPT); return 0; } @@ -413,11 +417,10 @@ esp_des_blockencrypt( u_int8_t *s, u_int8_t *d) { - /* assumption: d has a good alignment */ bcopy(s, d, sizeof(DES_LONG) * 2); des_ecb_encrypt((des_cblock *)d, (des_cblock *)d, - *(des_key_schedule *)sav->sched, DES_ENCRYPT); + (des_ecb_key_schedule *)sav->sched, DES_ENCRYPT); return 0; } @@ -447,7 +450,7 @@ esp_cbc_mature(sav) algo = esp_algorithm_lookup(sav->alg_enc); if (!algo) { ipseclog((LOG_ERR, - "esp_cbc_mature %s: unsupported algorithm.\n", algo->name)); + "esp_cbc_mature: unsupported algorithm.\n")); return 1; } @@ -470,9 +473,6 @@ esp_cbc_mature(sav) return 1; } break; - case SADB_X_EALG_BLOWFISHCBC: - case SADB_X_EALG_CAST128CBC: - break; case SADB_X_EALG_RIJNDAELCBC: /* allows specific key sizes only */ if (!(keylen == 128 || keylen == 192 || keylen == 256)) { @@ -487,123 +487,68 @@ esp_cbc_mature(sav) return 0; } -#if ALLCRYPTO static int -esp_blowfish_schedlen( - __unused const struct esp_algorithm *algo) -{ - - return sizeof(BF_KEY); -} - -static int -esp_blowfish_schedule( - __unused const struct esp_algorithm *algo, - struct secasvar *sav) -{ - - lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED); - BF_set_key((BF_KEY *)sav->sched, _KEYLEN(sav->key_enc), - _KEYBUF(sav->key_enc)); - return 0; -} - -static int -esp_blowfish_blockdecrypt( - __unused const struct esp_algorithm *algo, - struct secasvar *sav, - u_int8_t *s, - u_int8_t *d) -{ - /* HOLY COW! BF_decrypt() takes values in host byteorder */ - BF_LONG t[2]; - - bcopy(s, t, sizeof(t)); - t[0] = ntohl(t[0]); - t[1] = ntohl(t[1]); - BF_decrypt(t, (BF_KEY *)sav->sched); - t[0] = htonl(t[0]); - t[1] = htonl(t[1]); - bcopy(t, d, sizeof(t)); - return 0; -} - -static int -esp_blowfish_blockencrypt( - __unused const struct esp_algorithm *algo, - struct secasvar *sav, - u_int8_t *s, - u_int8_t *d) -{ - /* HOLY COW! BF_encrypt() takes values in host byteorder */ - BF_LONG t[2]; - - bcopy(s, t, sizeof(t)); - t[0] = ntohl(t[0]); - t[1] = ntohl(t[1]); - BF_encrypt(t, (BF_KEY *)sav->sched); - t[0] = htonl(t[0]); - t[1] = htonl(t[1]); - bcopy(t, d, sizeof(t)); - return 0; -} - -static int -esp_cast128_schedlen( - __unused const struct esp_algorithm *algo) +esp_gcm_mature(sav) + struct secasvar *sav; { + int keylen; + const struct esp_algorithm *algo; - return sizeof(u_int32_t) * 32; -} - -static int -esp_cast128_schedule( - __unused const struct esp_algorithm *algo, - struct secasvar *sav) -{ - lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED); - set_cast128_subkey((u_int32_t *)sav->sched, _KEYBUF(sav->key_enc), - _KEYLEN(sav->key_enc)); - return 0; -} + if (sav->flags & SADB_X_EXT_OLD) { + ipseclog((LOG_ERR, + "esp_gcm_mature: algorithm incompatible with esp-old\n")); + return 1; + } + if (sav->flags & SADB_X_EXT_DERIV) { + ipseclog((LOG_ERR, + "esp_gcm_mature: algorithm incompatible with derived\n")); + return 1; + } -static int -esp_cast128_blockdecrypt( - __unused const struct esp_algorithm *algo, - struct secasvar *sav, - u_int8_t *s, - u_int8_t *d) -{ + if (!sav->key_enc) { + ipseclog((LOG_ERR, "esp_gcm_mature: no key is given.\n")); + return 1; + } - if (_KEYLEN(sav->key_enc) <= 80 / 8) - cast128_decrypt_round12(d, s, (u_int32_t *)sav->sched); - else - cast128_decrypt_round16(d, s, (u_int32_t *)sav->sched); - return 0; -} + algo = esp_algorithm_lookup(sav->alg_enc); + if (!algo) { + ipseclog((LOG_ERR, + "esp_gcm_mature: unsupported algorithm.\n")); + return 1; + } -static int -esp_cast128_blockencrypt( - __unused const struct esp_algorithm *algo, - struct secasvar *sav, - u_int8_t *s, - u_int8_t *d) -{ + keylen = sav->key_enc->sadb_key_bits; + if (keylen < algo->keymin || algo->keymax < keylen) { + ipseclog((LOG_ERR, + "esp_gcm_mature %s: invalid key length %d.\n", + algo->name, sav->key_enc->sadb_key_bits)); + return 1; + } + switch (sav->alg_enc) { + case SADB_X_EALG_AES_GCM: + /* allows specific key sizes only */ + if (!(keylen == ESP_AESGCM_KEYLEN128 || keylen == ESP_AESGCM_KEYLEN192 || keylen == ESP_AESGCM_KEYLEN256)) { + ipseclog((LOG_ERR, + "esp_gcm_mature %s: invalid key length %d.\n", + algo->name, keylen)); + return 1; + } + break; + default: + ipseclog((LOG_ERR, + "esp_gcm_mature %s: invalid algo %d.\n", sav->alg_enc)); + return 1; + } - if (_KEYLEN(sav->key_enc) <= 80 / 8) - cast128_encrypt_round12(d, s, (u_int32_t *)sav->sched); - else - cast128_encrypt_round16(d, s, (u_int32_t *)sav->sched); return 0; } -#endif /* ALLCRYPTO */ static int esp_3des_schedlen( __unused const struct esp_algorithm *algo) { - return sizeof(des_key_schedule) * 3; + return sizeof(des3_ecb_key_schedule); } static int @@ -611,20 +556,13 @@ esp_3des_schedule( __unused const struct esp_algorithm *algo, struct secasvar *sav) { - int error; - des_key_schedule *p; - int i; - char *k; - lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED); - p = (des_key_schedule *)sav->sched; - k = _KEYBUF(sav->key_enc); - for (i = 0; i < 3; i++) { - error = des_key_sched((des_cblock *)(k + 8 * i), p[i]); - if (error) - return EINVAL; - } - return 0; + + if (des3_ecb_key_sched((des_cblock *)_KEYBUF(sav->key_enc), + (des3_ecb_key_schedule *)sav->sched)) + return EINVAL; + else + return 0; } static int @@ -634,13 +572,10 @@ esp_3des_blockdecrypt( u_int8_t *s, u_int8_t *d) { - des_key_schedule *p; - /* assumption: d has a good alignment */ - p = (des_key_schedule *)sav->sched; bcopy(s, d, sizeof(DES_LONG) * 2); - des_ecb3_encrypt((des_cblock *)d, (des_cblock *)d, - p[0], p[1], p[2], DES_DECRYPT); + des3_ecb_encrypt((des_cblock *)d, (des_cblock *)d, + (des3_ecb_key_schedule *)sav->sched, DES_DECRYPT); return 0; } @@ -651,13 +586,10 @@ esp_3des_blockencrypt( u_int8_t *s, u_int8_t *d) { - des_key_schedule *p; - /* assumption: d has a good alignment */ - p = (des_key_schedule *)sav->sched; bcopy(s, d, sizeof(DES_LONG) * 2); - des_ecb3_encrypt((des_cblock *)d, (des_cblock *)d, - p[0], p[1], p[2], DES_ENCRYPT); + des3_ecb_encrypt((des_cblock *)d, (des_cblock *)d, + (des3_ecb_key_schedule *)sav->sched, DES_ENCRYPT); return 0; } @@ -685,12 +617,12 @@ esp_cbc_decrypt(m, off, sav, algo, ivlen) int soff, doff; /* offset from the head of chain, to head of this mbuf */ int sn, dn; /* offset from the head of the mbuf, to meat */ size_t ivoff, bodyoff; - u_int8_t iv[MAXIVLEN], *ivp; - u_int8_t sbuf[MAXIVLEN], *sp; + u_int8_t iv[MAXIVLEN] __attribute__((aligned(4))), *ivp; + u_int8_t *sbuf = NULL, *sp, *sp_unaligned; u_int8_t *p, *q; struct mbuf *scut; int scutoff; - int i; + int i, result = 0; int blocklen; int derived; @@ -737,7 +669,7 @@ esp_cbc_decrypt(m, off, sav, algo, ivlen) } /* grab iv */ - m_copydata(m, ivoff, ivlen, iv); + m_copydata(m, ivoff, ivlen, (caddr_t) iv); /* extend iv */ if (ivlen == blocklen) @@ -758,7 +690,7 @@ esp_cbc_decrypt(m, off, sav, algo, ivlen) if (m->m_pkthdr.len < bodyoff) { ipseclog((LOG_ERR, "esp_cbc_decrypt %s: bad len %d/%lu\n", - algo->name, m->m_pkthdr.len, (unsigned long)bodyoff)); + algo->name, m->m_pkthdr.len, (u_int32_t)bodyoff)); m_freem(m); return EINVAL; } @@ -792,6 +724,10 @@ esp_cbc_decrypt(m, off, sav, algo, ivlen) while (s && s->m_len == 0) s = s->m_next; + // Allocate blocksized buffer for unaligned or non-contiguous access + sbuf = (u_int8_t *)_MALLOC(blocklen, M_SECA, M_DONTWAIT); + if (sbuf == NULL) + return ENOBUFS; while (soff < m->m_pkthdr.len) { /* source */ if (sn + blocklen <= s->m_len) { @@ -799,7 +735,7 @@ esp_cbc_decrypt(m, off, sav, algo, ivlen) sp = mtod(s, u_int8_t *) + sn; } else { /* body is non-continuous */ - m_copydata(s, sn, blocklen, sbuf); + m_copydata(s, sn, blocklen, (caddr_t) sbuf); sp = sbuf; } @@ -820,12 +756,19 @@ esp_cbc_decrypt(m, off, sav, algo, ivlen) m_freem(m); if (d0) m_freem(d0); - return ENOBUFS; + result = ENOBUFS; + goto end; } if (!d0) d0 = d; if (dp) dp->m_next = d; + + // try to make mbuf data aligned + if (!IPSEC_IS_P2ALIGNED(d->m_data)) { + m_adj(d, IPSEC_GET_P2UNALIGNED_OFS(d->m_data)); + } + d->m_len = 0; d->m_len = (M_TRAILINGSPACE(d) / blocklen) * blocklen; if (d->m_len > i) @@ -834,8 +777,22 @@ esp_cbc_decrypt(m, off, sav, algo, ivlen) } /* decrypt */ + // check input pointer alignment and use a separate aligned buffer (if sp is unaligned on 4-byte boundary). + if (IPSEC_IS_P2ALIGNED(sp)) { + sp_unaligned = NULL; + } else { + sp_unaligned = sp; + sp = sbuf; + memcpy(sp, sp_unaligned, blocklen); + } + // no need to check output pointer alignment (*algo->blockdecrypt)(algo, sav, sp, mtod(d, u_int8_t *) + dn); + // update unaligned pointers + if (!IPSEC_IS_P2ALIGNED(sp_unaligned)) { + sp = sp_unaligned; + } + /* xor */ p = ivp ? ivp : iv; q = mtod(d, u_int8_t *) + dn; @@ -866,9 +823,11 @@ esp_cbc_decrypt(m, off, sav, algo, ivlen) /* just in case */ bzero(iv, sizeof(iv)); - bzero(sbuf, sizeof(sbuf)); - - return 0; + bzero(sbuf, blocklen); +end: + if (sbuf != NULL) + FREE(sbuf, M_SECA); + return result; } static int @@ -885,12 +844,12 @@ esp_cbc_encrypt( int soff, doff; /* offset from the head of chain, to head of this mbuf */ int sn, dn; /* offset from the head of the mbuf, to meat */ size_t ivoff, bodyoff; - u_int8_t iv[MAXIVLEN], *ivp; - u_int8_t sbuf[MAXIVLEN], *sp; + u_int8_t iv[MAXIVLEN] __attribute__((aligned(4))), *ivp; + u_int8_t *sbuf = NULL, *sp, *sp_unaligned; u_int8_t *p, *q; struct mbuf *scut; int scutoff; - int i; + int i, result = 0; int blocklen; int derived; @@ -938,11 +897,11 @@ esp_cbc_encrypt( /* put iv into the packet. if we are in derived mode, use seqno. */ if (derived) - m_copydata(m, ivoff, ivlen, iv); + m_copydata(m, ivoff, ivlen, (caddr_t) iv); else { bcopy(sav->iv, iv, ivlen); /* maybe it is better to overwrite dest, not source */ - m_copyback(m, ivoff, ivlen, iv); + m_copyback(m, ivoff, ivlen, (caddr_t) iv); } /* extend iv */ @@ -964,14 +923,14 @@ esp_cbc_encrypt( if (m->m_pkthdr.len < bodyoff) { ipseclog((LOG_ERR, "esp_cbc_encrypt %s: bad len %d/%lu\n", - algo->name, m->m_pkthdr.len, (unsigned long)bodyoff)); + algo->name, m->m_pkthdr.len, (u_int32_t)bodyoff)); m_freem(m); return EINVAL; } if ((m->m_pkthdr.len - bodyoff) % blocklen) { ipseclog((LOG_ERR, "esp_cbc_encrypt %s: " "payload length must be multiple of %lu\n", - algo->name, (unsigned long)algo->padbound)); + algo->name, (u_int32_t)algo->padbound)); m_freem(m); return EINVAL; } @@ -998,6 +957,10 @@ esp_cbc_encrypt( while (s && s->m_len == 0) s = s->m_next; + // Allocate blocksized buffer for unaligned or non-contiguous access + sbuf = (u_int8_t *)_MALLOC(blocklen, M_SECA, M_DONTWAIT); + if (sbuf == NULL) + return ENOBUFS; while (soff < m->m_pkthdr.len) { /* source */ if (sn + blocklen <= s->m_len) { @@ -1005,7 +968,7 @@ esp_cbc_encrypt( sp = mtod(s, u_int8_t *) + sn; } else { /* body is non-continuous */ - m_copydata(s, sn, blocklen, sbuf); + m_copydata(s, sn, blocklen, (caddr_t) sbuf); sp = sbuf; } @@ -1026,12 +989,19 @@ esp_cbc_encrypt( m_freem(m); if (d0) m_freem(d0); - return ENOBUFS; + result = ENOBUFS; + goto end; } if (!d0) d0 = d; if (dp) dp->m_next = d; + + // try to make mbuf data aligned + if (!IPSEC_IS_P2ALIGNED(d->m_data)) { + m_adj(d, IPSEC_GET_P2UNALIGNED_OFS(d->m_data)); + } + d->m_len = 0; d->m_len = (M_TRAILINGSPACE(d) / blocklen) * blocklen; if (d->m_len > i) @@ -1046,8 +1016,22 @@ esp_cbc_encrypt( q[i] ^= p[i]; /* encrypt */ + // check input pointer alignment and use a separate aligned buffer (if sp is not aligned on 4-byte boundary). + if (IPSEC_IS_P2ALIGNED(sp)) { + sp_unaligned = NULL; + } else { + sp_unaligned = sp; + sp = sbuf; + memcpy(sp, sp_unaligned, blocklen); + } + // no need to check output pointer alignment (*algo->blockencrypt)(algo, sav, sp, mtod(d, u_int8_t *) + dn); + // update unaligned pointers + if (!IPSEC_IS_P2ALIGNED(sp_unaligned)) { + sp = sp_unaligned; + } + /* next iv */ ivp = mtod(d, u_int8_t *) + dn; @@ -1068,11 +1052,13 @@ esp_cbc_encrypt( /* just in case */ bzero(iv, sizeof(iv)); - bzero(sbuf, sizeof(sbuf)); + bzero(sbuf, blocklen); key_sa_stir_iv(sav); - - return 0; +end: + if (sbuf != NULL) + FREE(sbuf, M_SECA); + return result; } /*------------------------------------------------------------*/ @@ -1089,7 +1075,7 @@ esp_auth(m0, skip, length, sav, sum) struct mbuf *m; size_t off; struct ah_algorithm_state s; - u_char sumbuf[AH_MAXSUMSIZE]; + u_char sumbuf[AH_MAXSUMSIZE] __attribute__((aligned(4))); const struct ah_algorithm *algo; size_t siz; int error; @@ -1136,7 +1122,7 @@ esp_auth(m0, skip, length, sav, sum) if (sizeof(sumbuf) < siz) { ipseclog((LOG_DEBUG, "esp_auth: AH_MAXSUMSIZE is too small: siz=%lu\n", - (u_long)siz)); + (u_int32_t)siz)); KERNEL_DEBUG(DBG_FNC_ESPAUTH | DBG_FUNC_END, 4,0,0,0,0); return EINVAL; } @@ -1165,17 +1151,17 @@ esp_auth(m0, skip, length, sav, sum) panic("mbuf chain?"); if (m->m_len - off < length) { - (*algo->update)(&s, mtod(m, u_char *) + off, + (*algo->update)(&s, (caddr_t)(mtod(m, u_char *) + off), m->m_len - off); length -= m->m_len - off; m = m->m_next; off = 0; } else { - (*algo->update)(&s, mtod(m, u_char *) + off, length); + (*algo->update)(&s, (caddr_t)(mtod(m, u_char *) + off), length); break; } } - (*algo->result)(&s, sumbuf); + (*algo->result)(&s, (caddr_t) sumbuf, sizeof(sumbuf)); bcopy(sumbuf, sum, siz); /*XXX*/ KERNEL_DEBUG(DBG_FNC_ESPAUTH | DBG_FUNC_END, 6,0,0,0,0); return 0;