X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/fe8ab488e9161c46dd9885d58fc52996dc0249ff..HEAD:/bsd/netinet6/esp_core.c diff --git a/bsd/netinet6/esp_core.c b/bsd/netinet6/esp_core.c index b5236fdd7..a7e767e2e 100644 --- a/bsd/netinet6/esp_core.c +++ b/bsd/netinet6/esp_core.c @@ -1,8 +1,8 @@ /* - * Copyright (c) 2008 Apple Inc. All rights reserved. + * Copyright (c) 2008-2019 Apple Inc. All rights reserved. * * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ - * + * * This file contains Original Code and/or Modifications of Original Code * as defined in and that are subject to the Apple Public Source License * Version 2.0 (the 'License'). You may not use this file except in @@ -11,10 +11,10 @@ * unlawful or unlicensed copies of an Apple operating system, or to * circumvent, violate, or enable the circumvention or violation of, any * terms of an Apple operating system software license agreement. - * + * * Please obtain a copy of the License at * http://www.opensource.apple.com/apsl/ and read it before using this file. - * + * * The Original Code and all software distributed under the License are * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, @@ -22,7 +22,7 @@ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. * Please see the License for the specific language governing rights and * limitations under the License. - * + * * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ @@ -79,25 +79,18 @@ #include #include -#if INET6 #include #include #include -#endif #include -#if INET6 #include -#endif #include -#if INET6 #include -#endif #include -#if INET6 #include -#endif #include +#include #include #include #include @@ -106,78 +99,176 @@ #include #include -#define DBG_LAYER_BEG NETDBG_CODE(DBG_NETIPSEC, 1) -#define DBG_LAYER_END NETDBG_CODE(DBG_NETIPSEC, 3) -#define DBG_FNC_ESPAUTH NETDBG_CODE(DBG_NETIPSEC, (8 << 8)) +#define DBG_LAYER_BEG NETDBG_CODE(DBG_NETIPSEC, 1) +#define DBG_LAYER_END NETDBG_CODE(DBG_NETIPSEC, 3) +#define DBG_FNC_ESPAUTH NETDBG_CODE(DBG_NETIPSEC, (8 << 8)) #define MAX_SBUF_LEN 2000 extern lck_mtx_t *sadb_mutex; +os_log_t esp_mpkl_log_object = NULL; static int esp_null_mature(struct secasvar *); static int esp_null_decrypt(struct mbuf *, size_t, - struct secasvar *, const struct esp_algorithm *, int); + struct secasvar *, const struct esp_algorithm *, int); static int esp_null_encrypt(struct mbuf *, size_t, size_t, - struct secasvar *, const struct esp_algorithm *, int); + struct secasvar *, const struct esp_algorithm *, int); static int esp_descbc_mature(struct secasvar *); static int esp_descbc_ivlen(const struct esp_algorithm *, - struct secasvar *); + struct secasvar *); static int esp_des_schedule(const struct esp_algorithm *, - struct secasvar *); -static int esp_des_schedlen(const struct esp_algorithm *); + struct secasvar *); +static size_t esp_des_schedlen(const struct esp_algorithm *); static int esp_des_blockdecrypt(const struct esp_algorithm *, - struct secasvar *, u_int8_t *, u_int8_t *); + struct secasvar *, u_int8_t *, u_int8_t *); static int esp_des_blockencrypt(const struct esp_algorithm *, - struct secasvar *, u_int8_t *, u_int8_t *); + struct secasvar *, u_int8_t *, u_int8_t *); static int esp_cbc_mature(struct secasvar *); static int esp_3des_schedule(const struct esp_algorithm *, - struct secasvar *); -static int esp_3des_schedlen(const struct esp_algorithm *); + struct secasvar *); +static size_t esp_3des_schedlen(const struct esp_algorithm *); static int esp_3des_blockdecrypt(const struct esp_algorithm *, - struct secasvar *, u_int8_t *, u_int8_t *); + struct secasvar *, u_int8_t *, u_int8_t *); static int esp_3des_blockencrypt(const struct esp_algorithm *, - struct secasvar *, u_int8_t *, u_int8_t *); + struct secasvar *, u_int8_t *, u_int8_t *); static int esp_common_ivlen(const struct esp_algorithm *, - struct secasvar *); + struct secasvar *); static int esp_cbc_decrypt(struct mbuf *, size_t, - struct secasvar *, const struct esp_algorithm *, int); + struct secasvar *, const struct esp_algorithm *, int); static int esp_cbc_encrypt(struct mbuf *, size_t, size_t, - struct secasvar *, const struct esp_algorithm *, int); - -#define MAXIVLEN 16 - -static const struct esp_algorithm des_cbc = - { 8, -1, esp_descbc_mature, 64, 64, esp_des_schedlen, - "des-cbc", - esp_descbc_ivlen, esp_cbc_decrypt, - esp_cbc_encrypt, esp_des_schedule, - esp_des_blockdecrypt, esp_des_blockencrypt, }; -static const struct esp_algorithm des3_cbc = - { 8, 8, esp_cbc_mature, 192, 192, esp_3des_schedlen, - "3des-cbc", - esp_common_ivlen, esp_cbc_decrypt, - esp_cbc_encrypt, esp_3des_schedule, - esp_3des_blockdecrypt, esp_3des_blockencrypt, }; -static const struct esp_algorithm null_esp = - { 1, 0, esp_null_mature, 0, 2048, 0, "null", - esp_common_ivlen, esp_null_decrypt, - esp_null_encrypt, NULL, NULL, NULL }; -static const struct esp_algorithm aes_cbc = - { 16, 16, esp_cbc_mature, 128, 256, esp_aes_schedlen, - "aes-cbc", - esp_common_ivlen, esp_cbc_decrypt_aes, - esp_cbc_encrypt_aes, esp_aes_schedule, - 0, 0 }; + struct secasvar *, const struct esp_algorithm *, int); +static int esp_gcm_mature(struct secasvar *); + +#define MAXIVLEN 16 + +#define ESP_AESGCM_KEYLEN128 160 // 16-bytes key + 4 bytes salt +#define ESP_AESGCM_KEYLEN192 224 // 24-bytes key + 4 bytes salt +#define ESP_AESGCM_KEYLEN256 288 // 32-bytes key + 4 bytes salt + +static const struct esp_algorithm des_cbc = { + .padbound = 8, + .ivlenval = -1, + .mature = esp_descbc_mature, + .keymin = 64, + .keymax = 64, + .schedlen = esp_des_schedlen, + .name = "des-cbc", + .ivlen = esp_descbc_ivlen, + .decrypt = esp_cbc_decrypt, + .encrypt = esp_cbc_encrypt, + .schedule = esp_des_schedule, + .blockdecrypt = esp_des_blockdecrypt, + .blockencrypt = esp_des_blockencrypt, + .icvlen = 0, + .finalizedecrypt = NULL, + .finalizeencrypt = NULL +}; + +static const struct esp_algorithm des3_cbc = { + .padbound = 8, + .ivlenval = 8, + .mature = esp_cbc_mature, + .keymin = 192, + .keymax = 192, + .schedlen = esp_3des_schedlen, + .name = "3des-cbc", + .ivlen = esp_common_ivlen, + .decrypt = esp_cbc_decrypt, + .encrypt = esp_cbc_encrypt, + .schedule = esp_3des_schedule, + .blockdecrypt = esp_3des_blockdecrypt, + .blockencrypt = esp_3des_blockencrypt, + .icvlen = 0, + .finalizedecrypt = NULL, + .finalizeencrypt = NULL +}; + +static const struct esp_algorithm null_esp = { + .padbound = 1, + .ivlenval = 0, + .mature = esp_null_mature, + .keymin = 0, + .keymax = 2048, + .schedlen = NULL, + .name = "null", + .ivlen = esp_common_ivlen, + .decrypt = esp_null_decrypt, + .encrypt = esp_null_encrypt, + .schedule = NULL, + .blockdecrypt = NULL, + .blockencrypt = NULL, + .icvlen = 0, + .finalizedecrypt = NULL, + .finalizeencrypt = NULL +}; + +static const struct esp_algorithm aes_cbc = { + .padbound = 16, + .ivlenval = 16, + .mature = esp_cbc_mature, + .keymin = 128, + .keymax = 256, + .schedlen = esp_aes_schedlen, + .name = "aes-cbc", + .ivlen = esp_common_ivlen, + .decrypt = esp_cbc_decrypt_aes, + .encrypt = esp_cbc_encrypt_aes, + .schedule = esp_aes_schedule, + .blockdecrypt = NULL, + .blockencrypt = NULL, + .icvlen = 0, + .finalizedecrypt = NULL, + .finalizeencrypt = NULL +}; + +static const struct esp_algorithm aes_gcm = { + .padbound = 4, + .ivlenval = 8, + .mature = esp_gcm_mature, + .keymin = ESP_AESGCM_KEYLEN128, + .keymax = ESP_AESGCM_KEYLEN256, + .schedlen = esp_gcm_schedlen, + .name = "aes-gcm", + .ivlen = esp_common_ivlen, + .decrypt = esp_gcm_decrypt_aes, + .encrypt = esp_gcm_encrypt_aes, + .schedule = esp_gcm_schedule, + .blockdecrypt = NULL, + .blockencrypt = NULL, + .icvlen = 16, + .finalizedecrypt = esp_gcm_decrypt_finalize, + .finalizeencrypt = esp_gcm_encrypt_finalize +}; + +static const struct esp_algorithm chacha_poly = { + .padbound = ESP_CHACHAPOLY_PAD_BOUND, + .ivlenval = ESP_CHACHAPOLY_IV_LEN, + .mature = esp_chachapoly_mature, + .keymin = ESP_CHACHAPOLY_KEYBITS_WITH_SALT, + .keymax = ESP_CHACHAPOLY_KEYBITS_WITH_SALT, + .schedlen = esp_chachapoly_schedlen, + .name = "chacha-poly", + .ivlen = esp_chachapoly_ivlen, + .decrypt = esp_chachapoly_decrypt, + .encrypt = esp_chachapoly_encrypt, + .schedule = esp_chachapoly_schedule, + .blockdecrypt = NULL, + .blockencrypt = NULL, + .icvlen = ESP_CHACHAPOLY_ICV_LEN, + .finalizedecrypt = esp_chachapoly_decrypt_finalize, + .finalizeencrypt = esp_chachapoly_encrypt_finalize +}; static const struct esp_algorithm *esp_algorithms[] = { &des_cbc, &des3_cbc, &null_esp, - &aes_cbc + &aes_cbc, + &aes_gcm, + &chacha_poly, }; const struct esp_algorithm * -esp_algorithm_lookup(idx) - int idx; +esp_algorithm_lookup(int idx) { switch (idx) { case SADB_EALG_DESCBC: @@ -188,31 +279,34 @@ esp_algorithm_lookup(idx) return &null_esp; case SADB_X_EALG_RIJNDAELCBC: return &aes_cbc; + case SADB_X_EALG_AES_GCM: + return &aes_gcm; + case SADB_X_EALG_CHACHA20POLY1305: + return &chacha_poly; default: return NULL; } } int -esp_max_ivlen() +esp_max_ivlen(void) { int idx; int ivlen; ivlen = 0; - for (idx = 0; idx < sizeof(esp_algorithms)/sizeof(esp_algorithms[0]); - idx++) { - if (esp_algorithms[idx]->ivlenval > ivlen) + for (idx = 0; idx < sizeof(esp_algorithms) / sizeof(esp_algorithms[0]); + idx++) { + if (esp_algorithms[idx]->ivlenval > ivlen) { ivlen = esp_algorithms[idx]->ivlenval; + } } return ivlen; } int -esp_schedule(algo, sav) - const struct esp_algorithm *algo; - struct secasvar *sav; +esp_schedule(const struct esp_algorithm *algo, struct secasvar *sav) { int error; @@ -232,12 +326,24 @@ esp_schedule(algo, sav) lck_mtx_unlock(sadb_mutex); return 0; } + + /* prevent disallowed implicit IV */ + if (((sav->flags & SADB_X_EXT_IIV) != 0) && + (sav->alg_enc != SADB_X_EALG_AES_GCM) && + (sav->alg_enc != SADB_X_EALG_CHACHA20POLY1305)) { + ipseclog((LOG_ERR, + "esp_schedule %s: implicit IV not allowed\n", + algo->name)); + lck_mtx_unlock(sadb_mutex); + return EINVAL; + } + /* no schedule necessary */ if (!algo->schedule || !algo->schedlen) { lck_mtx_unlock(sadb_mutex); return 0; } - + sav->schedlen = (*algo->schedlen)(algo); if ((signed) sav->schedlen < 0) { lck_mtx_unlock(sadb_mutex); @@ -269,7 +375,6 @@ static int esp_null_mature( __unused struct secasvar *sav) { - /* anything is okay */ return 0; } @@ -277,31 +382,28 @@ esp_null_mature( static int esp_null_decrypt( __unused struct mbuf *m, - __unused size_t off, /* offset to ESP header */ + __unused size_t off, /* offset to ESP header */ __unused struct secasvar *sav, __unused const struct esp_algorithm *algo, __unused int ivlen) { - return 0; /* do nothing */ } static int esp_null_encrypt( __unused struct mbuf *m, - __unused size_t off, /* offset to ESP header */ - __unused size_t plen, /* payload length (to be encrypted) */ + __unused size_t off, /* offset to ESP header */ + __unused size_t plen, /* payload length (to be encrypted) */ __unused struct secasvar *sav, __unused const struct esp_algorithm *algo, __unused int ivlen) { - return 0; /* do nothing */ } static int -esp_descbc_mature(sav) - struct secasvar *sav; +esp_descbc_mature(struct secasvar *sav) { const struct esp_algorithm *algo; @@ -346,17 +448,19 @@ esp_descbc_ivlen( __unused const struct esp_algorithm *algo, struct secasvar *sav) { - - if (!sav) + if (!sav) { return 8; - if ((sav->flags & SADB_X_EXT_OLD) && (sav->flags & SADB_X_EXT_IV4B)) + } + if ((sav->flags & SADB_X_EXT_OLD) && (sav->flags & SADB_X_EXT_IV4B)) { return 4; - if (!(sav->flags & SADB_X_EXT_OLD) && (sav->flags & SADB_X_EXT_DERIV)) + } + if (!(sav->flags & SADB_X_EXT_OLD) && (sav->flags & SADB_X_EXT_DERIV)) { return 4; + } return 8; } -static int +static size_t esp_des_schedlen( __unused const struct esp_algorithm *algo) { @@ -368,13 +472,13 @@ esp_des_schedule( __unused const struct esp_algorithm *algo, struct secasvar *sav) { - - lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED); + LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_OWNED); if (des_ecb_key_sched((des_cblock *)_KEYBUF(sav->key_enc), - (des_ecb_key_schedule *)sav->sched)) + (des_ecb_key_schedule *)sav->sched)) { return EINVAL; - else + } else { return 0; + } } static int @@ -386,9 +490,8 @@ esp_des_blockdecrypt( { /* assumption: d has a good alignment */ bcopy(s, d, sizeof(DES_LONG) * 2); - des_ecb_encrypt((des_cblock *)d, (des_cblock *)d, - (des_ecb_key_schedule *)sav->sched, DES_DECRYPT); - return 0; + return des_ecb_encrypt((des_cblock *)d, (des_cblock *)d, + (des_ecb_key_schedule *)sav->sched, DES_DECRYPT); } static int @@ -400,14 +503,12 @@ esp_des_blockencrypt( { /* assumption: d has a good alignment */ bcopy(s, d, sizeof(DES_LONG) * 2); - des_ecb_encrypt((des_cblock *)d, (des_cblock *)d, - (des_ecb_key_schedule *)sav->sched, DES_ENCRYPT); - return 0; + return des_ecb_encrypt((des_cblock *)d, (des_cblock *)d, + (des_ecb_key_schedule *)sav->sched, DES_ENCRYPT); } static int -esp_cbc_mature(sav) - struct secasvar *sav; +esp_cbc_mature(struct secasvar *sav) { int keylen; const struct esp_algorithm *algo; @@ -469,10 +570,69 @@ esp_cbc_mature(sav) } static int +esp_gcm_mature(struct secasvar *sav) +{ + int keylen; + const struct esp_algorithm *algo; + + if (sav->flags & SADB_X_EXT_OLD) { + ipseclog((LOG_ERR, + "esp_gcm_mature: algorithm incompatible with esp-old\n")); + return 1; + } + if (sav->flags & SADB_X_EXT_DERIV) { + ipseclog((LOG_ERR, + "esp_gcm_mature: algorithm incompatible with derived\n")); + return 1; + } + if (sav->flags & SADB_X_EXT_IIV) { + ipseclog((LOG_ERR, + "esp_gcm_mature: implicit IV not currently implemented\n")); + return 1; + } + + if (!sav->key_enc) { + ipseclog((LOG_ERR, "esp_gcm_mature: no key is given.\n")); + return 1; + } + + algo = esp_algorithm_lookup(sav->alg_enc); + if (!algo) { + ipseclog((LOG_ERR, + "esp_gcm_mature: unsupported algorithm.\n")); + return 1; + } + + keylen = sav->key_enc->sadb_key_bits; + if (keylen < algo->keymin || algo->keymax < keylen) { + ipseclog((LOG_ERR, + "esp_gcm_mature %s: invalid key length %d.\n", + algo->name, sav->key_enc->sadb_key_bits)); + return 1; + } + switch (sav->alg_enc) { + case SADB_X_EALG_AES_GCM: + /* allows specific key sizes only */ + if (!(keylen == ESP_AESGCM_KEYLEN128 || keylen == ESP_AESGCM_KEYLEN192 || keylen == ESP_AESGCM_KEYLEN256)) { + ipseclog((LOG_ERR, + "esp_gcm_mature %s: invalid key length %d.\n", + algo->name, keylen)); + return 1; + } + break; + default: + ipseclog((LOG_ERR, + "esp_gcm_mature %s: invalid algo %d.\n", algo->name, sav->alg_enc)); + return 1; + } + + return 0; +} + +static size_t esp_3des_schedlen( __unused const struct esp_algorithm *algo) { - return sizeof(des3_ecb_key_schedule); } @@ -481,13 +641,14 @@ esp_3des_schedule( __unused const struct esp_algorithm *algo, struct secasvar *sav) { - lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED); + LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_OWNED); if (des3_ecb_key_sched((des_cblock *)_KEYBUF(sav->key_enc), - (des3_ecb_key_schedule *)sav->sched)) + (des3_ecb_key_schedule *)sav->sched)) { return EINVAL; - else + } else { return 0; + } } static int @@ -499,9 +660,8 @@ esp_3des_blockdecrypt( { /* assumption: d has a good alignment */ bcopy(s, d, sizeof(DES_LONG) * 2); - des3_ecb_encrypt((des_cblock *)d, (des_cblock *)d, - (des3_ecb_key_schedule *)sav->sched, DES_DECRYPT); - return 0; + return des3_ecb_encrypt((des_cblock *)d, (des_cblock *)d, + (des3_ecb_key_schedule *)sav->sched, DES_DECRYPT); } static int @@ -513,9 +673,8 @@ esp_3des_blockencrypt( { /* assumption: d has a good alignment */ bcopy(s, d, sizeof(DES_LONG) * 2); - des3_ecb_encrypt((des_cblock *)d, (des_cblock *)d, - (des3_ecb_key_schedule *)sav->sched, DES_ENCRYPT); - return 0; + return des3_ecb_encrypt((des_cblock *)d, (des_cblock *)d, + (des3_ecb_key_schedule *)sav->sched, DES_ENCRYPT); } static int @@ -523,24 +682,20 @@ esp_common_ivlen( const struct esp_algorithm *algo, __unused struct secasvar *sav) { - - if (!algo) + if (!algo) { panic("esp_common_ivlen: unknown algorithm"); + } return algo->ivlenval; } static int -esp_cbc_decrypt(m, off, sav, algo, ivlen) - struct mbuf *m; - size_t off; - struct secasvar *sav; - const struct esp_algorithm *algo; - int ivlen; +esp_cbc_decrypt(struct mbuf *m, size_t off, struct secasvar *sav, + const struct esp_algorithm *algo, int ivlen) { struct mbuf *s; struct mbuf *d, *d0, *dp; - int soff, doff; /* offset from the head of chain, to head of this mbuf */ - int sn, dn; /* offset from the head of the mbuf, to meat */ + int soff, doff; /* offset from the head of chain, to head of this mbuf */ + int sn, dn; /* offset from the head of the mbuf, to meat */ size_t ivoff, bodyoff; u_int8_t iv[MAXIVLEN] __attribute__((aligned(4))), *ivp; u_int8_t *sbuf = NULL, *sp, *sp_unaligned; @@ -593,13 +748,14 @@ esp_cbc_decrypt(m, off, sav, algo, ivlen) } } + VERIFY(ivoff <= INT_MAX); /* grab iv */ - m_copydata(m, ivoff, ivlen, (caddr_t) iv); + m_copydata(m, (int)ivoff, ivlen, (caddr_t) iv); /* extend iv */ - if (ivlen == blocklen) + if (ivlen == blocklen) { ; - else if (ivlen == 4 && blocklen == 8) { + } else if (ivlen == 4 && blocklen == 8) { bcopy(&iv[0], &iv[4], 4); iv[4] ^= 0xff; iv[5] ^= 0xff; @@ -614,7 +770,7 @@ esp_cbc_decrypt(m, off, sav, algo, ivlen) } if (m->m_pkthdr.len < bodyoff) { - ipseclog((LOG_ERR, "esp_cbc_decrypt %s: bad len %d/%lu\n", + ipseclog((LOG_ERR, "esp_cbc_decrypt %s: bad len %d/%u\n", algo->name, m->m_pkthdr.len, (u_int32_t)bodyoff)); m_freem(m); return EINVAL; @@ -635,7 +791,7 @@ esp_cbc_decrypt(m, off, sav, algo, ivlen) /* skip bodyoff */ while (soff < bodyoff) { if (soff + s->m_len > bodyoff) { - sn = bodyoff - soff; + sn = (int)(bodyoff - soff); break; } @@ -646,13 +802,15 @@ esp_cbc_decrypt(m, off, sav, algo, ivlen) scutoff = sn; /* skip over empty mbuf */ - while (s && s->m_len == 0) + while (s && s->m_len == 0) { s = s->m_next; + } // Allocate blocksized buffer for unaligned or non-contiguous access sbuf = (u_int8_t *)_MALLOC(blocklen, M_SECA, M_DONTWAIT); - if (sbuf == NULL) + if (sbuf == NULL) { return ENOBUFS; + } while (soff < m->m_pkthdr.len) { /* source */ if (sn + blocklen <= s->m_len) { @@ -666,8 +824,9 @@ esp_cbc_decrypt(m, off, sav, algo, ivlen) /* destination */ if (!d || dn + blocklen > d->m_len) { - if (d) + if (d) { dp = d; + } MGET(d, M_DONTWAIT, MT_DATA); i = m->m_pkthdr.len - (soff + sn); if (d && i > MLEN) { @@ -679,15 +838,18 @@ esp_cbc_decrypt(m, off, sav, algo, ivlen) } if (!d) { m_freem(m); - if (d0) + if (d0) { m_freem(d0); + } result = ENOBUFS; goto end; } - if (!d0) + if (!d0) { d0 = d; - if (dp) + } + if (dp) { dp->m_next = d; + } // try to make mbuf data aligned if (!IPSEC_IS_P2ALIGNED(d->m_data)) { @@ -695,9 +857,10 @@ esp_cbc_decrypt(m, off, sav, algo, ivlen) } d->m_len = 0; - d->m_len = (M_TRAILINGSPACE(d) / blocklen) * blocklen; - if (d->m_len > i) + d->m_len = (int)((M_TRAILINGSPACE(d) / blocklen) * blocklen); + if (d->m_len > i) { d->m_len = i; + } dn = 0; } @@ -721,15 +884,17 @@ esp_cbc_decrypt(m, off, sav, algo, ivlen) /* xor */ p = ivp ? ivp : iv; q = mtod(d, u_int8_t *) + dn; - for (i = 0; i < blocklen; i++) + for (i = 0; i < blocklen; i++) { q[i] ^= p[i]; + } /* next iv */ if (sp == sbuf) { bcopy(sbuf, iv, blocklen); ivp = NULL; - } else + } else { ivp = sp; + } sn += blocklen; dn += blocklen; @@ -750,8 +915,9 @@ esp_cbc_decrypt(m, off, sav, algo, ivlen) bzero(iv, sizeof(iv)); bzero(sbuf, blocklen); end: - if (sbuf != NULL) + if (sbuf != NULL) { FREE(sbuf, M_SECA); + } return result; } @@ -766,8 +932,8 @@ esp_cbc_encrypt( { struct mbuf *s; struct mbuf *d, *d0, *dp; - int soff, doff; /* offset from the head of chain, to head of this mbuf */ - int sn, dn; /* offset from the head of the mbuf, to meat */ + int soff, doff; /* offset from the head of chain, to head of this mbuf */ + int sn, dn; /* offset from the head of the mbuf, to meat */ size_t ivoff, bodyoff; u_int8_t iv[MAXIVLEN] __attribute__((aligned(4))), *ivp; u_int8_t *sbuf = NULL, *sp, *sp_unaligned; @@ -820,19 +986,21 @@ esp_cbc_encrypt( } } + VERIFY(ivoff <= INT_MAX); + /* put iv into the packet. if we are in derived mode, use seqno. */ - if (derived) - m_copydata(m, ivoff, ivlen, (caddr_t) iv); - else { + if (derived) { + m_copydata(m, (int)ivoff, ivlen, (caddr_t) iv); + } else { bcopy(sav->iv, iv, ivlen); /* maybe it is better to overwrite dest, not source */ - m_copyback(m, ivoff, ivlen, (caddr_t) iv); + m_copyback(m, (int)ivoff, ivlen, (caddr_t) iv); } /* extend iv */ - if (ivlen == blocklen) + if (ivlen == blocklen) { ; - else if (ivlen == 4 && blocklen == 8) { + } else if (ivlen == 4 && blocklen == 8) { bcopy(&iv[0], &iv[4], 4); iv[4] ^= 0xff; iv[5] ^= 0xff; @@ -847,14 +1015,14 @@ esp_cbc_encrypt( } if (m->m_pkthdr.len < bodyoff) { - ipseclog((LOG_ERR, "esp_cbc_encrypt %s: bad len %d/%lu\n", + ipseclog((LOG_ERR, "esp_cbc_encrypt %s: bad len %d/%u\n", algo->name, m->m_pkthdr.len, (u_int32_t)bodyoff)); m_freem(m); return EINVAL; } if ((m->m_pkthdr.len - bodyoff) % blocklen) { ipseclog((LOG_ERR, "esp_cbc_encrypt %s: " - "payload length must be multiple of %lu\n", + "payload length must be multiple of %u\n", algo->name, (u_int32_t)algo->padbound)); m_freem(m); return EINVAL; @@ -868,7 +1036,7 @@ esp_cbc_encrypt( /* skip bodyoff */ while (soff < bodyoff) { if (soff + s->m_len > bodyoff) { - sn = bodyoff - soff; + sn = (int)(bodyoff - soff); break; } @@ -879,13 +1047,15 @@ esp_cbc_encrypt( scutoff = sn; /* skip over empty mbuf */ - while (s && s->m_len == 0) + while (s && s->m_len == 0) { s = s->m_next; + } // Allocate blocksized buffer for unaligned or non-contiguous access - sbuf = (u_int8_t *)_MALLOC(blocklen, M_SECA, M_DONTWAIT); - if (sbuf == NULL) - return ENOBUFS; + sbuf = (u_int8_t *)_MALLOC(blocklen, M_SECA, M_DONTWAIT); + if (sbuf == NULL) { + return ENOBUFS; + } while (soff < m->m_pkthdr.len) { /* source */ if (sn + blocklen <= s->m_len) { @@ -899,8 +1069,9 @@ esp_cbc_encrypt( /* destination */ if (!d || dn + blocklen > d->m_len) { - if (d) + if (d) { dp = d; + } MGET(d, M_DONTWAIT, MT_DATA); i = m->m_pkthdr.len - (soff + sn); if (d && i > MLEN) { @@ -912,15 +1083,18 @@ esp_cbc_encrypt( } if (!d) { m_freem(m); - if (d0) + if (d0) { m_freem(d0); + } result = ENOBUFS; goto end; } - if (!d0) + if (!d0) { d0 = d; - if (dp) + } + if (dp) { dp->m_next = d; + } // try to make mbuf data aligned if (!IPSEC_IS_P2ALIGNED(d->m_data)) { @@ -928,17 +1102,19 @@ esp_cbc_encrypt( } d->m_len = 0; - d->m_len = (M_TRAILINGSPACE(d) / blocklen) * blocklen; - if (d->m_len > i) + d->m_len = (int)((M_TRAILINGSPACE(d) / blocklen) * blocklen); + if (d->m_len > i) { d->m_len = i; + } dn = 0; } /* xor */ p = ivp ? ivp : iv; q = sp; - for (i = 0; i < blocklen; i++) + for (i = 0; i < blocklen; i++) { q[i] ^= p[i]; + } /* encrypt */ // check input pointer alignment and use a separate aligned buffer (if sp is not aligned on 4-byte boundary). @@ -981,8 +1157,9 @@ esp_cbc_encrypt( key_sa_stir_iv(sav); end: - if (sbuf != NULL) + if (sbuf != NULL) { FREE(sbuf, M_SECA); + } return result; } @@ -990,12 +1167,12 @@ end: /* does not free m0 on error */ int -esp_auth(m0, skip, length, sav, sum) - struct mbuf *m0; - size_t skip; /* offset to ESP header */ - size_t length; /* payload length */ - struct secasvar *sav; - u_char *sum; +esp_auth( + struct mbuf *m0, + size_t skip, /* offset to ESP header */ + size_t length, /* payload length */ + struct secasvar *sav, + u_char *sum) { struct mbuf *m; size_t off; @@ -1016,19 +1193,19 @@ esp_auth(m0, skip, length, sav, sum) return EINVAL; } - KERNEL_DEBUG(DBG_FNC_ESPAUTH | DBG_FUNC_START, skip,length,0,0,0); + KERNEL_DEBUG(DBG_FNC_ESPAUTH | DBG_FUNC_START, skip, length, 0, 0, 0); /* * length of esp part (excluding authentication data) must be 4n, * since nexthdr must be at offset 4n+3. */ if (length % 4) { ipseclog((LOG_ERR, "esp_auth: length is not multiple of 4\n")); - KERNEL_DEBUG(DBG_FNC_ESPAUTH | DBG_FUNC_END, 1,0,0,0,0); + KERNEL_DEBUG(DBG_FNC_ESPAUTH | DBG_FUNC_END, 1, 0, 0, 0, 0); return EINVAL; } if (!sav) { ipseclog((LOG_DEBUG, "esp_auth: NULL SA passed\n")); - KERNEL_DEBUG(DBG_FNC_ESPAUTH | DBG_FUNC_END, 2,0,0,0,0); + KERNEL_DEBUG(DBG_FNC_ESPAUTH | DBG_FUNC_END, 2, 0, 0, 0, 0); return EINVAL; } algo = ah_algorithm_lookup(sav->alg_auth); @@ -1036,7 +1213,7 @@ esp_auth(m0, skip, length, sav, sum) ipseclog((LOG_ERR, "esp_auth: bad ESP auth algorithm passed: %d\n", sav->alg_auth)); - KERNEL_DEBUG(DBG_FNC_ESPAUTH | DBG_FUNC_END, 3,0,0,0,0); + KERNEL_DEBUG(DBG_FNC_ESPAUTH | DBG_FUNC_END, 3, 0, 0, 0, 0); return EINVAL; } @@ -1046,16 +1223,17 @@ esp_auth(m0, skip, length, sav, sum) siz = (((*algo->sumsiz)(sav) + 3) & ~(4 - 1)); if (sizeof(sumbuf) < siz) { ipseclog((LOG_DEBUG, - "esp_auth: AH_MAXSUMSIZE is too small: siz=%lu\n", + "esp_auth: AH_MAXSUMSIZE is too small: siz=%u\n", (u_int32_t)siz)); - KERNEL_DEBUG(DBG_FNC_ESPAUTH | DBG_FUNC_END, 4,0,0,0,0); + KERNEL_DEBUG(DBG_FNC_ESPAUTH | DBG_FUNC_END, 4, 0, 0, 0, 0); return EINVAL; } /* skip the header */ while (skip) { - if (!m) + if (!m) { panic("mbuf chain?"); + } if (m->m_len <= skip) { skip -= m->m_len; m = m->m_next; @@ -1068,16 +1246,17 @@ esp_auth(m0, skip, length, sav, sum) error = (*algo->init)(&s, sav); if (error) { - KERNEL_DEBUG(DBG_FNC_ESPAUTH | DBG_FUNC_END, 5,0,0,0,0); + KERNEL_DEBUG(DBG_FNC_ESPAUTH | DBG_FUNC_END, 5, 0, 0, 0, 0); return error; } while (0 < length) { - if (!m) + if (!m) { panic("mbuf chain?"); + } if (m->m_len - off < length) { (*algo->update)(&s, (caddr_t)(mtod(m, u_char *) + off), - m->m_len - off); + m->m_len - off); length -= m->m_len - off; m = m->m_next; off = 0; @@ -1087,7 +1266,26 @@ esp_auth(m0, skip, length, sav, sum) } } (*algo->result)(&s, (caddr_t) sumbuf, sizeof(sumbuf)); - bcopy(sumbuf, sum, siz); /*XXX*/ - KERNEL_DEBUG(DBG_FNC_ESPAUTH | DBG_FUNC_END, 6,0,0,0,0); + bcopy(sumbuf, sum, siz); /*XXX*/ + KERNEL_DEBUG(DBG_FNC_ESPAUTH | DBG_FUNC_END, 6, 0, 0, 0, 0); return 0; } + +void +esp_init(void) +{ + static int esp_initialized = 0; + + if (esp_initialized) { + return; + } + + esp_initialized = 1; + + esp_mpkl_log_object = MPKL_CREATE_LOGOBJECT("com.apple.xnu.esp"); + if (esp_mpkl_log_object == NULL) { + panic("MPKL_CREATE_LOGOBJECT for ESP failed"); + } + + return; +}