[dragonfly.git] / sys / netinet6 / esp_output.c

/*	$FreeBSD: src/sys/netinet6/esp_output.c,v 1.1.2.4 2003/05/06 06:46:58 suz Exp $	*/
/*	$DragonFly: src/sys/netinet6/esp_output.c,v 1.6 2004/06/02 14:43:01 eirikn Exp $	*/
/*	$KAME: esp_output.c,v 1.44 2001/07/26 06:53:15 jinmei Exp $	*/

/*
 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. Neither the name of the project nor the names of its contributors
 *    may be used to endorse or promote products derived from this software
 *    without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */

#include "opt_inet.h"
#include "opt_inet6.h"

/*
 * RFC1827/2406 Encapsulated Security Payload.
 */

#include <sys/param.h>
#include <sys/systm.h>
#include <sys/mbuf.h>
#include <sys/domain.h>
#include <sys/protosw.h>
#include <sys/socket.h>
#include <sys/socketvar.h>
#include <sys/errno.h>
#include <sys/time.h>
#include <sys/syslog.h>

#include <net/if.h>
#include <net/route.h>

#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netinet/in_var.h>

#ifdef INET6
#include <netinet/ip6.h>
#include <netinet6/ip6_var.h>
#include <netinet/icmp6.h>
#endif

#include <netinet6/ipsec.h>
#ifdef INET6
#include <netinet6/ipsec6.h>
#endif
#include <netinet6/ah.h>
#ifdef INET6
#include <netinet6/ah6.h>
#endif
#include <netinet6/esp.h>
#ifdef INET6
#include <netinet6/esp6.h>
#endif
#include <netproto/key/key.h>
#include <netproto/key/keydb.h>

#include <net/net_osdep.h>

static int esp_output (struct mbuf *, u_char *, struct mbuf *,
	struct ipsecrequest *, int);

/*
 * compute ESP header size.
 */
size_t
esp_hdrsiz(struct ipsecrequest *isr)
{
	struct secasvar *sav;
	const struct esp_algorithm *algo;
	const struct ah_algorithm *aalgo;
	size_t ivlen;
	size_t authlen;
	size_t hdrsiz;

	/* sanity check */
	if (isr == NULL)
		panic("esp_hdrsiz: NULL was passed.");

	sav = isr->sav;

	if (isr->saidx.proto != IPPROTO_ESP)
		panic("unsupported mode passed to esp_hdrsiz");

	if (sav == NULL)
		goto estimate;
	if (sav->state != SADB_SASTATE_MATURE
	 && sav->state != SADB_SASTATE_DYING)
		goto estimate;

	/* we need transport mode ESP. */
	algo = esp_algorithm_lookup(sav->alg_enc);
	if (!algo)
		goto estimate;
	ivlen = sav->ivlen;
	if (ivlen < 0)
		goto estimate;

	/*
	 * XXX
	 * right now we don't calcurate the padding size.  simply
	 * treat the padding size as constant, for simplicity.
	 *
	 * XXX variable size padding support
	 */
	if (sav->flags & SADB_X_EXT_OLD) {
		/* RFC 1827 */
		hdrsiz = sizeof(struct esp) + ivlen + 9;
	} else {
		/* RFC 2406 */
		aalgo = ah_algorithm_lookup(sav->alg_auth);
		if (aalgo && sav->replay && sav->key_auth)
			authlen = (aalgo->sumsiz)(sav);
		else
			authlen = 0;
		hdrsiz = sizeof(struct newesp) + ivlen + 9 + authlen;
	}

	return hdrsiz;

   estimate:
	/*
	 * ASSUMING:
	 *	sizeof(struct newesp) > sizeof(struct esp).
	 *	esp_max_ivlen() = max ivlen for CBC mode
	 *	9 = (maximum padding length without random padding length)
	 *	   + (Pad Length field) + (Next Header field).
	 *	16 = maximum ICV we support.
	 */
	return sizeof(struct newesp) + esp_max_ivlen() + 9 + 16;
}

/*
 * Modify the packet so that the payload is encrypted.
 * The mbuf (m) must start with IPv4 or IPv6 header.
 * On failure, free the given mbuf and return NULL.
 *
 * on invocation:
 *	m   nexthdrp md
 *	v   v        v
 *	IP ......... payload
 * during the encryption:
 *	m   nexthdrp mprev md
 *	v   v        v     v
 *	IP ............... esp iv payload pad padlen nxthdr
 *	                   <--><-><------><--------------->
 *	                   esplen plen    extendsiz
 *	                       ivlen
 *	                   <-----> esphlen
 *	<-> hlen
 *	<-----------------> espoff
 */
static int
esp_output(struct mbuf *m, u_char *nexthdrp, struct mbuf *md,
	   struct ipsecrequest *isr, int af)
{
	struct mbuf *n;
	struct mbuf *mprev;
	struct esp *esp;
	struct esptail *esptail;
	struct secasvar *sav = isr->sav;
	const struct esp_algorithm *algo;
	u_int32_t spi;
	u_int8_t nxt = 0;
	size_t plen;	/* payload length to be encrypted */
	size_t espoff;
	int ivlen;
	int afnumber;
	size_t extendsiz;
	int error = 0;
	struct ipsecstat *stat;

	switch (af) {
#ifdef INET
	case AF_INET:
		afnumber = 4;
		stat = &ipsecstat;
		break;
#endif
#ifdef INET6
	case AF_INET6:
		afnumber = 6;
		stat = &ipsec6stat;
		break;
#endif
	default:
		ipseclog((LOG_ERR, "esp_output: unsupported af %d\n", af));
		return 0;	/* no change at all */
	}

	/* some sanity check */
	if ((sav->flags & SADB_X_EXT_OLD) == 0 && !sav->replay) {
		switch (af) {
#ifdef INET
		case AF_INET:
		    {
			struct ip *ip;

			ip = mtod(m, struct ip *);
			ipseclog((LOG_DEBUG, "esp4_output: internal error: "
				"sav->replay is null: %x->%x, SPI=%u\n",
				(u_int32_t)ntohl(ip->ip_src.s_addr),
				(u_int32_t)ntohl(ip->ip_dst.s_addr),
				(u_int32_t)ntohl(sav->spi)));
			ipsecstat.out_inval++;
			break;
		    }
#endif /* INET */
#ifdef INET6
		case AF_INET6:
			ipseclog((LOG_DEBUG, "esp6_output: internal error: "
				"sav->replay is null: SPI=%u\n",
				(u_int32_t)ntohl(sav->spi)));
			ipsec6stat.out_inval++;
			break;
#endif /* INET6 */
		default:
			panic("esp_output: should not reach here");
		}
		m_freem(m);
		return EINVAL;
	}

	algo = esp_algorithm_lookup(sav->alg_enc);
	if (!algo) {
		ipseclog((LOG_ERR, "esp_output: unsupported algorithm: "
		    "SPI=%u\n", (u_int32_t)ntohl(sav->spi)));
		m_freem(m);
		return EINVAL;
	}
	spi = sav->spi;
	ivlen = sav->ivlen;
	/* should be okey */
	if (ivlen < 0) {
		panic("invalid ivlen");
	}

    {
	/*
	 * insert ESP header.
	 * XXX inserts ESP header right after IPv4 header.  should
	 * chase the header chain.
	 * XXX sequential number
	 */
#ifdef INET
	struct ip *ip = NULL;
#endif
#ifdef INET6
	struct ip6_hdr *ip6 = NULL;
#endif
	size_t esplen;	/* sizeof(struct esp/newesp) */
	size_t esphlen;	/* sizeof(struct esp/newesp) + ivlen */
	size_t hlen = 0;	/* ip header len */

	if (sav->flags & SADB_X_EXT_OLD) {
		/* RFC 1827 */
		esplen = sizeof(struct esp);
	} else {
		/* RFC 2406 */
		if (sav->flags & SADB_X_EXT_DERIV)
			esplen = sizeof(struct esp);
		else
			esplen = sizeof(struct newesp);
	}
	esphlen = esplen + ivlen;

	for (mprev = m; mprev && mprev->m_next != md; mprev = mprev->m_next)
		;
	if (mprev == NULL || mprev->m_next != md) {
		ipseclog((LOG_DEBUG, "esp%d_output: md is not in chain\n",
		    afnumber));
		m_freem(m);
		return EINVAL;
	}

	plen = 0;
	for (n = md; n; n = n->m_next)
		plen += n->m_len;

	switch (af) {
#ifdef INET
	case AF_INET:
		ip = mtod(m, struct ip *);
#ifdef _IP_VHL
		hlen = IP_VHL_HL(ip->ip_vhl) << 2;
#else
		hlen = ip->ip_hl << 2;
#endif
		break;
#endif
#ifdef INET6
	case AF_INET6:
		ip6 = mtod(m, struct ip6_hdr *);
		hlen = sizeof(*ip6);
		break;
#endif
	}

	/* make the packet over-writable */
	mprev->m_next = NULL;
	if ((md = ipsec_copypkt(md)) == NULL) {
		m_freem(m);
		error = ENOBUFS;
		goto fail;
	}
	mprev->m_next = md;

	espoff = m->m_pkthdr.len - plen;

	/*
	 * grow the mbuf to accomodate ESP header.
	 * before: IP ... payload
	 * after:  IP ... ESP IV payload
	 */
	if (M_LEADINGSPACE(md) < esphlen || (md->m_flags & M_EXT) != 0) {
		MGET(n, MB_DONTWAIT, MT_DATA);
		if (!n) {
			m_freem(m);
			error = ENOBUFS;
			goto fail;
		}
		n->m_len = esphlen;
		mprev->m_next = n;
		n->m_next = md;
		m->m_pkthdr.len += esphlen;
		esp = mtod(n, struct esp *);
	} else {
		md->m_len += esphlen;
		md->m_data -= esphlen;
		m->m_pkthdr.len += esphlen;
		esp = mtod(md, struct esp *);
	}
	
	nxt = *nexthdrp;
	*nexthdrp = IPPROTO_ESP;
	switch (af) {
#ifdef INET
	case AF_INET:
		if (esphlen < (IP_MAXPACKET - ntohs(ip->ip_len)))
			ip->ip_len = htons(ntohs(ip->ip_len) + esphlen);
		else {
			ipseclog((LOG_ERR,
			    "IPv4 ESP output: size exceeds limit\n"));
			ipsecstat.out_inval++;
			m_freem(m);
			error = EMSGSIZE;
			goto fail;
		}
		break;
#endif
#ifdef INET6
	case AF_INET6:
		/* total packet length will be computed in ip6_output() */
		break;
#endif
	}
    }

	/* initialize esp header. */
	esp->esp_spi = spi;
	if ((sav->flags & SADB_X_EXT_OLD) == 0) {
		struct newesp *nesp;
		nesp = (struct newesp *)esp;
		if (sav->replay->count == ~0) {
			if ((sav->flags & SADB_X_EXT_CYCSEQ) == 0) {
				/* XXX Is it noisy ? */
				ipseclog((LOG_WARNING,
				    "replay counter overflowed. %s\n",
				    ipsec_logsastr(sav)));
				stat->out_inval++;
				m_freem(m);
				return EINVAL;
			}
		}
		sav->replay->count++;
		/*
		 * XXX sequence number must not be cycled, if the SA is
		 * installed by IKE daemon.
		 */
		nesp->esp_seq = htonl(sav->replay->count);
	}

    {
	/*
	 * find the last mbuf. make some room for ESP trailer.
	 */
#ifdef INET
	struct ip *ip = NULL;
#endif
	size_t padbound;
	u_char *extend;
	int i;
	int randpadmax;

	if (algo->padbound)
		padbound = algo->padbound;
	else
		padbound = 4;
	/* ESP packet, including nxthdr field, must be length of 4n */
	if (padbound < 4)
		padbound = 4;
	
	extendsiz = padbound - (plen % padbound);
	if (extendsiz == 1)
		extendsiz = padbound + 1;

	/* random padding */
	switch (af) {
#ifdef INET
	case AF_INET:
		randpadmax = ip4_esp_randpad;
		break;
#endif
#ifdef INET6
	case AF_INET6:
		randpadmax = ip6_esp_randpad;
		break;
#endif
	default:
		randpadmax = -1;
		break;
	}
	if (randpadmax < 0 || plen + extendsiz >= randpadmax)
		;
	else {
		int n;

		/* round */
		randpadmax = (randpadmax / padbound) * padbound;
		n = (randpadmax - plen + extendsiz) / padbound;

		if (n > 0)
			n = (random() % n) * padbound;
		else
			n = 0;

		/*
		 * make sure we do not pad too much.
		 * MLEN limitation comes from the trailer attachment
		 * code below.
		 * 256 limitation comes from sequential padding.
		 * also, the 1-octet length field in ESP trailer imposes
		 * limitation (but is less strict than sequential padding
		 * as length field do not count the last 2 octets).
		 */
		if (extendsiz + n <= MLEN && extendsiz + n < 256)
			extendsiz += n;
	}

#ifdef DIAGNOSTIC
	if (extendsiz > MLEN || extendsiz >= 256)
		panic("extendsiz too big in esp_output");
#endif

	n = m;
	while (n->m_next)
		n = n->m_next;

	/*
	 * if M_EXT, the external mbuf data may be shared among
	 * two consequtive TCP packets, and it may be unsafe to use the
	 * trailing space.
	 */
	if (!(n->m_flags & M_EXT) && extendsiz < M_TRAILINGSPACE(n)) {
		extend = mtod(n, u_char *) + n->m_len;
		n->m_len += extendsiz;
		m->m_pkthdr.len += extendsiz;
	} else {
		struct mbuf *nn;

		MGET(nn, MB_DONTWAIT, MT_DATA);
		if (!nn) {
			ipseclog((LOG_DEBUG, "esp%d_output: can't alloc mbuf",
			    afnumber));
			m_freem(m);
			error = ENOBUFS;
			goto fail;
		}
		extend = mtod(nn, u_char *);
		nn->m_len = extendsiz;
		nn->m_next = NULL;
		n->m_next = nn;
		n = nn;
		m->m_pkthdr.len += extendsiz;
	}
	switch (sav->flags & SADB_X_EXT_PMASK) {
	case SADB_X_EXT_PRAND:
		key_randomfill(extend, extendsiz);
		break;
	case SADB_X_EXT_PZERO:
		bzero(extend, extendsiz);
		break;
	case SADB_X_EXT_PSEQ:
		for (i = 0; i < extendsiz; i++)
			extend[i] = (i + 1) & 0xff;
		break;
	}

	/* initialize esp trailer. */
	esptail = (struct esptail *)
		(mtod(n, u_int8_t *) + n->m_len - sizeof(struct esptail));
	esptail->esp_nxt = nxt;
	esptail->esp_padlen = extendsiz - 2;

	/* modify IP header (for ESP header part only) */
	switch (af) {
#ifdef INET
	case AF_INET:
		ip = mtod(m, struct ip *);
		if (extendsiz < (IP_MAXPACKET - ntohs(ip->ip_len)))
			ip->ip_len = htons(ntohs(ip->ip_len) + extendsiz);
		else {
			ipseclog((LOG_ERR,
			    "IPv4 ESP output: size exceeds limit\n"));
			ipsecstat.out_inval++;
			m_freem(m);
			error = EMSGSIZE;
			goto fail;
		}
		break;
#endif
#ifdef INET6
	case AF_INET6:
		/* total packet length will be computed in ip6_output() */
		break;
#endif
	}
    }

	/*
	 * pre-compute and cache intermediate key
	 */
	error = esp_schedule(algo, sav);
	if (error) {
		m_freem(m);
		stat->out_inval++;
		goto fail;
	}

	/*
	 * encrypt the packet, based on security association
	 * and the algorithm specified.
	 */
	if (!algo->encrypt)
		panic("internal error: no encrypt function");
	if ((*algo->encrypt)(m, espoff, plen + extendsiz, sav, algo, ivlen)) {
		/* m is already freed */
		ipseclog((LOG_ERR, "packet encryption failure\n"));
		stat->out_inval++;
		error = EINVAL;
		goto fail;
	}

	/*
	 * calculate ICV if required.
	 */
	if (!sav->replay)
		goto noantireplay;
	if (!sav->key_auth)
		goto noantireplay;
	if (sav->key_auth == SADB_AALG_NONE)
		goto noantireplay;

    {
	const struct ah_algorithm *aalgo;
	u_char authbuf[AH_MAXSUMSIZE];
	struct mbuf *n;
	u_char *p;
	size_t siz;
#ifdef INET
	struct ip *ip;
#endif

	aalgo = ah_algorithm_lookup(sav->alg_auth);
	if (!aalgo)
		goto noantireplay;
	siz = ((aalgo->sumsiz)(sav) + 3) & ~(4 - 1);
	if (AH_MAXSUMSIZE < siz)
		panic("assertion failed for AH_MAXSUMSIZE");

	if (esp_auth(m, espoff, m->m_pkthdr.len - espoff, sav, authbuf)) {
		ipseclog((LOG_ERR, "ESP checksum generation failure\n"));
		m_freem(m);
		error = EINVAL;
		stat->out_inval++;
		goto fail;
	}

	n = m;
	while (n->m_next)
		n = n->m_next;

	if (!(n->m_flags & M_EXT) && siz < M_TRAILINGSPACE(n)) { /* XXX */
		n->m_len += siz;
		m->m_pkthdr.len += siz;
		p = mtod(n, u_char *) + n->m_len - siz;
	} else {
		struct mbuf *nn;

		MGET(nn, MB_DONTWAIT, MT_DATA);
		if (!nn) {
			ipseclog((LOG_DEBUG, "can't alloc mbuf in esp%d_output",
			    afnumber));
			m_freem(m);
			error = ENOBUFS;
			goto fail;
		}
		nn->m_len = siz;
		nn->m_next = NULL;
		n->m_next = nn;
		n = nn;
		m->m_pkthdr.len += siz;
		p = mtod(nn, u_char *);
	}
	bcopy(authbuf, p, siz);

	/* modify IP header (for ESP header part only) */
	switch (af) {
#ifdef INET
	case AF_INET:
		ip = mtod(m, struct ip *);
		if (siz < (IP_MAXPACKET - ntohs(ip->ip_len)))
			ip->ip_len = htons(ntohs(ip->ip_len) + siz);
		else {
			ipseclog((LOG_ERR,
			    "IPv4 ESP output: size exceeds limit\n"));
			ipsecstat.out_inval++;
			m_freem(m);
			error = EMSGSIZE;
			goto fail;
		}
		break;
#endif
#ifdef INET6
	case AF_INET6:
		/* total packet length will be computed in ip6_output() */
		break;
#endif
	}
    }

noantireplay:
	if (!m) {
		ipseclog((LOG_ERR,
		    "NULL mbuf after encryption in esp%d_output", afnumber));
	} else
		stat->out_success++;
	stat->out_esphist[sav->alg_enc]++;
	key_sa_recordxfer(sav, m);
	return 0;

fail:
#if 1
	return error;
#else
	panic("something bad in esp_output");
#endif
}

#ifdef INET
int
esp4_output(struct mbuf *m, struct ipsecrequest *isr)
{
	struct ip *ip;
	if (m->m_len < sizeof(struct ip)) {
		ipseclog((LOG_DEBUG, "esp4_output: first mbuf too short\n"));
		m_freem(m);
		return 0;
	}
	ip = mtod(m, struct ip *);
	/* XXX assumes that m->m_next points to payload */
	return esp_output(m, &ip->ip_p, m->m_next, isr, AF_INET);
}
#endif /* INET */

#ifdef INET6
int
esp6_output(struct mbuf *m, u_char *nexthdrp, struct mbuf *md,
	    struct ipsecrequest *isr)
{
	if (m->m_len < sizeof(struct ip6_hdr)) {
		ipseclog((LOG_DEBUG, "esp6_output: first mbuf too short\n"));
		m_freem(m);
		return 0;
	}
	return esp_output(m, nexthdrp, md, isr, AF_INET6);
}
#endif /* INET6 */
Commit	Line	Data
984263bc	1	/* $FreeBSD: src/sys/netinet6/esp_output.c,v 1.1.2.4 2003/05/06 06:46:58 suz Exp $ */
74f1caca	2	/* $DragonFly: src/sys/netinet6/esp_output.c,v 1.6 2004/06/02 14:43:01 eirikn Exp $ */
984263bc MD	3	/* $KAME: esp_output.c,v 1.44 2001/07/26 06:53:15 jinmei Exp $ */
	4
	5	/*
	6	* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
	7	* All rights reserved.
	8	*
	9	* Redistribution and use in source and binary forms, with or without
	10	* modification, are permitted provided that the following conditions
	11	* are met:
	12	* 1. Redistributions of source code must retain the above copyright
	13	* notice, this list of conditions and the following disclaimer.
	14	* 2. Redistributions in binary form must reproduce the above copyright
	15	* notice, this list of conditions and the following disclaimer in the
	16	* documentation and/or other materials provided with the distribution.
	17	* 3. Neither the name of the project nor the names of its contributors
	18	* may be used to endorse or promote products derived from this software
	19	* without specific prior written permission.
	20	*
	21	* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
	22	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	23	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	24	* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
	25	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	26	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	27	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	28	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	29	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	30	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	31	* SUCH DAMAGE.
	32	*/
	33
	34	#include "opt_inet.h"
	35	#include "opt_inet6.h"
	36
	37	/*
	38	* RFC1827/2406 Encapsulated Security Payload.
	39	*/
	40
	41	#include <sys/param.h>
	42	#include <sys/systm.h>
	43	#include <sys/mbuf.h>
	44	#include <sys/domain.h>
	45	#include <sys/protosw.h>
	46	#include <sys/socket.h>
	47	#include <sys/socketvar.h>
	48	#include <sys/errno.h>
	49	#include <sys/time.h>
	50	#include <sys/syslog.h>
	51
	52	#include <net/if.h>
	53	#include <net/route.h>
	54
	55	#include <netinet/in.h>
	56	#include <netinet/in_systm.h>
	57	#include <netinet/ip.h>
	58	#include <netinet/in_var.h>
	59
	60	#ifdef INET6
	61	#include <netinet/ip6.h>
	62	#include <netinet6/ip6_var.h>
	63	#include <netinet/icmp6.h>
	64	#endif
	65
	66	#include <netinet6/ipsec.h>
67	#ifdef INET6
68	#include <netinet6/ipsec6.h>
69	#endif
70	#include <netinet6/ah.h>
71	#ifdef INET6
72	#include <netinet6/ah6.h>
73	#endif
74	#include <netinet6/esp.h>
75	#ifdef INET6
76	#include <netinet6/esp6.h>
77	#endif
d2438d69 MD	78	#include <netproto/key/key.h>
d2438d69 MD	79	#include <netproto/key/keydb.h>
984263bc MD	80
	81	#include <net/net_osdep.h>
	82
56d702cc RG	83	static int esp_output (struct mbuf , u_char , struct mbuf *,
56d702cc RG	84	struct ipsecrequest *, int);
984263bc MD	85
	86	/*
	87	* compute ESP header size.
	88	*/
	89	size_t
122ebd49	90	esp_hdrsiz(struct ipsecrequest *isr)
984263bc MD	91	{
	92	struct secasvar *sav;
	93	const struct esp_algorithm *algo;
	94	const struct ah_algorithm *aalgo;
	95	size_t ivlen;
	96	size_t authlen;
	97	size_t hdrsiz;
	98
	99	/* sanity check */
	100	if (isr == NULL)
	101	panic("esp_hdrsiz: NULL was passed.");
	102
	103	sav = isr->sav;
	104
	105	if (isr->saidx.proto != IPPROTO_ESP)
	106	panic("unsupported mode passed to esp_hdrsiz");
	107
	108	if (sav == NULL)
	109	goto estimate;
	110	if (sav->state != SADB_SASTATE_MATURE
	111	&& sav->state != SADB_SASTATE_DYING)
	112	goto estimate;
	113
	114	/* we need transport mode ESP. */
	115	algo = esp_algorithm_lookup(sav->alg_enc);
	116	if (!algo)
	117	goto estimate;
	118	ivlen = sav->ivlen;
	119	if (ivlen < 0)
	120	goto estimate;
	121
	122	/*
	123	* XXX
	124	* right now we don't calcurate the padding size. simply
	125	* treat the padding size as constant, for simplicity.
	126	*
	127	* XXX variable size padding support
	128	*/
	129	if (sav->flags & SADB_X_EXT_OLD) {
	130	/* RFC 1827 */
	131	hdrsiz = sizeof(struct esp) + ivlen + 9;
	132	} else {
	133	/* RFC 2406 */
	134	aalgo = ah_algorithm_lookup(sav->alg_auth);
	135	if (aalgo && sav->replay && sav->key_auth)
	136	authlen = (aalgo->sumsiz)(sav);
	137	else
	138	authlen = 0;
	139	hdrsiz = sizeof(struct newesp) + ivlen + 9 + authlen;
	140	}
	141
	142	return hdrsiz;
	143
	144	estimate:
	145	/*
	146	* ASSUMING:
	147	* sizeof(struct newesp) > sizeof(struct esp).
	148	* esp_max_ivlen() = max ivlen for CBC mode
	149	* 9 = (maximum padding length without random padding length)
	150	* + (Pad Length field) + (Next Header field).
	151	* 16 = maximum ICV we support.
	152	*/
	153	return sizeof(struct newesp) + esp_max_ivlen() + 9 + 16;
	154	}
155
156	/*
157	* Modify the packet so that the payload is encrypted.
158	* The mbuf (m) must start with IPv4 or IPv6 header.
159	* On failure, free the given mbuf and return NULL.
160	*
161	* on invocation:
162	* m nexthdrp md
163	* v v v
164	* IP ......... payload
165	* during the encryption:
166	* m nexthdrp mprev md
167	* v v v v
168	* IP ............... esp iv payload pad padlen nxthdr
169	* <--><-><------><--------------->
170	* esplen plen extendsiz
171	* ivlen
172	* <-----> esphlen
173	* <-> hlen
174	* <-----------------> espoff
175	*/
176	static int
122ebd49 CP	177	esp_output(struct mbuf m, u_char nexthdrp, struct mbuf *md,
122ebd49 CP	178	struct ipsecrequest *isr, int af)
984263bc MD	179	{
	180	struct mbuf *n;
	181	struct mbuf *mprev;
	182	struct esp *esp;
	183	struct esptail *esptail;
	184	struct secasvar *sav = isr->sav;
	185	const struct esp_algorithm *algo;
	186	u_int32_t spi;
	187	u_int8_t nxt = 0;
	188	size_t plen; /* payload length to be encrypted */
	189	size_t espoff;
	190	int ivlen;
	191	int afnumber;
	192	size_t extendsiz;
	193	int error = 0;
	194	struct ipsecstat *stat;
	195
	196	switch (af) {
	197	#ifdef INET
	198	case AF_INET:
	199	afnumber = 4;
	200	stat = &ipsecstat;
	201	break;
	202	#endif
	203	#ifdef INET6
	204	case AF_INET6:
	205	afnumber = 6;
	206	stat = &ipsec6stat;
	207	break;
	208	#endif
	209	default:
	210	ipseclog((LOG_ERR, "esp_output: unsupported af %d\n", af));
	211	return 0; /* no change at all */
	212	}
	213
	214	/* some sanity check */
	215	if ((sav->flags & SADB_X_EXT_OLD) == 0 && !sav->replay) {
	216	switch (af) {
	217	#ifdef INET
	218	case AF_INET:
	219	{
	220	struct ip *ip;
	221
	222	ip = mtod(m, struct ip *);
	223	ipseclog((LOG_DEBUG, "esp4_output: internal error: "
	224	"sav->replay is null: %x->%x, SPI=%u\n",
	225	(u_int32_t)ntohl(ip->ip_src.s_addr),
	226	(u_int32_t)ntohl(ip->ip_dst.s_addr),
	227	(u_int32_t)ntohl(sav->spi)));
	228	ipsecstat.out_inval++;
	229	break;
	230	}
	231	#endif /* INET */
	232	#ifdef INET6
	233	case AF_INET6:
	234	ipseclog((LOG_DEBUG, "esp6_output: internal error: "
	235	"sav->replay is null: SPI=%u\n",
	236	(u_int32_t)ntohl(sav->spi)));
	237	ipsec6stat.out_inval++;
	238	break;
	239	#endif /* INET6 */
	240	default:
	241	panic("esp_output: should not reach here");
	242	}
243	m_freem(m);
244	return EINVAL;
245	}
246
247	algo = esp_algorithm_lookup(sav->alg_enc);
248	if (!algo) {
249	ipseclog((LOG_ERR, "esp_output: unsupported algorithm: "
250	"SPI=%u\n", (u_int32_t)ntohl(sav->spi)));
251	m_freem(m);
252	return EINVAL;
253	}
254	spi = sav->spi;
255	ivlen = sav->ivlen;
256	/* should be okey */
257	if (ivlen < 0) {
258	panic("invalid ivlen");
259	}
260
261	{
262	/*
263	* insert ESP header.
264	* XXX inserts ESP header right after IPv4 header. should
265	* chase the header chain.
266	* XXX sequential number
267	*/
268	#ifdef INET
269	struct ip *ip = NULL;
270	#endif
271	#ifdef INET6
272	struct ip6_hdr *ip6 = NULL;
273	#endif
274	size_t esplen; /* sizeof(struct esp/newesp) */
275	size_t esphlen; /* sizeof(struct esp/newesp) + ivlen */
276	size_t hlen = 0; /* ip header len */
277
278	if (sav->flags & SADB_X_EXT_OLD) {
279	/* RFC 1827 */
280	esplen = sizeof(struct esp);
281	} else {
282	/* RFC 2406 */
283	if (sav->flags & SADB_X_EXT_DERIV)
284	esplen = sizeof(struct esp);
285	else
286	esplen = sizeof(struct newesp);
287	}
288	esphlen = esplen + ivlen;
289
290	for (mprev = m; mprev && mprev->m_next != md; mprev = mprev->m_next)
291	;
292	if (mprev == NULL \|\| mprev->m_next != md) {
293	ipseclog((LOG_DEBUG, "esp%d_output: md is not in chain\n",
294	afnumber));
295	m_freem(m);
296	return EINVAL;
297	}
298
299	plen = 0;
300	for (n = md; n; n = n->m_next)
301	plen += n->m_len;
302
303	switch (af) {
304	#ifdef INET
305	case AF_INET:
306	ip = mtod(m, struct ip *);
307	#ifdef _IP_VHL
308	hlen = IP_VHL_HL(ip->ip_vhl) << 2;
309	#else
310	hlen = ip->ip_hl << 2;
311	#endif
312	break;
313	#endif
314	#ifdef INET6
315	case AF_INET6:
316	ip6 = mtod(m, struct ip6_hdr *);
317	hlen = sizeof(*ip6);
318	break;
319	#endif
320	}
321
322	/* make the packet over-writable */
323	mprev->m_next = NULL;
324	if ((md = ipsec_copypkt(md)) == NULL) {
325	m_freem(m);
326	error = ENOBUFS;
327	goto fail;
328	}
329	mprev->m_next = md;
330
331	espoff = m->m_pkthdr.len - plen;
332
333	/*
334	* grow the mbuf to accomodate ESP header.
335	* before: IP ... payload
336	* after: IP ... ESP IV payload
337	*/
338	if (M_LEADINGSPACE(md) < esphlen \|\| (md->m_flags & M_EXT) != 0) {
74f1caca	339	MGET(n, MB_DONTWAIT, MT_DATA);
984263bc MD	340	if (!n) {
	341	m_freem(m);
	342	error = ENOBUFS;
	343	goto fail;
	344	}
	345	n->m_len = esphlen;
	346	mprev->m_next = n;
	347	n->m_next = md;
	348	m->m_pkthdr.len += esphlen;
	349	esp = mtod(n, struct esp *);
	350	} else {
	351	md->m_len += esphlen;
	352	md->m_data -= esphlen;
	353	m->m_pkthdr.len += esphlen;
	354	esp = mtod(md, struct esp *);
	355	}
	356
	357	nxt = *nexthdrp;
	358	*nexthdrp = IPPROTO_ESP;
	359	switch (af) {
	360	#ifdef INET
	361	case AF_INET:
	362	if (esphlen < (IP_MAXPACKET - ntohs(ip->ip_len)))
	363	ip->ip_len = htons(ntohs(ip->ip_len) + esphlen);
	364	else {
	365	ipseclog((LOG_ERR,
	366	"IPv4 ESP output: size exceeds limit\n"));
	367	ipsecstat.out_inval++;
	368	m_freem(m);
	369	error = EMSGSIZE;
	370	goto fail;
	371	}
	372	break;
	373	#endif
	374	#ifdef INET6
	375	case AF_INET6:
	376	/* total packet length will be computed in ip6_output() */
	377	break;
	378	#endif
	379	}
	380	}
	381
	382	/* initialize esp header. */
	383	esp->esp_spi = spi;
	384	if ((sav->flags & SADB_X_EXT_OLD) == 0) {
	385	struct newesp *nesp;
	386	nesp = (struct newesp *)esp;
	387	if (sav->replay->count == ~0) {
	388	if ((sav->flags & SADB_X_EXT_CYCSEQ) == 0) {
	389	/* XXX Is it noisy ? */
	390	ipseclog((LOG_WARNING,
	391	"replay counter overflowed. %s\n",
	392	ipsec_logsastr(sav)));
	393	stat->out_inval++;
	394	m_freem(m);
	395	return EINVAL;
	396	}
	397	}
	398	sav->replay->count++;
	399	/*
	400	* XXX sequence number must not be cycled, if the SA is
	401	* installed by IKE daemon.
	402	*/
	403	nesp->esp_seq = htonl(sav->replay->count);
404	}
405
406	{
407	/*
408	* find the last mbuf. make some room for ESP trailer.
409	*/
410	#ifdef INET
411	struct ip *ip = NULL;
412	#endif
413	size_t padbound;
414	u_char *extend;
415	int i;
416	int randpadmax;
417
418	if (algo->padbound)
419	padbound = algo->padbound;
420	else
421	padbound = 4;
422	/* ESP packet, including nxthdr field, must be length of 4n */
423	if (padbound < 4)
424	padbound = 4;
425
426	extendsiz = padbound - (plen % padbound);
427	if (extendsiz == 1)
428	extendsiz = padbound + 1;
429
430	/* random padding */
431	switch (af) {
432	#ifdef INET
433	case AF_INET:
434	randpadmax = ip4_esp_randpad;
435	break;
436	#endif
437	#ifdef INET6
438	case AF_INET6:
439	randpadmax = ip6_esp_randpad;
440	break;
441	#endif
442	default:
443	randpadmax = -1;
444	break;
445	}
446	if (randpadmax < 0 \|\| plen + extendsiz >= randpadmax)
447	;
448	else {
449	int n;
450
451	/* round */
452	randpadmax = (randpadmax / padbound) * padbound;
453	n = (randpadmax - plen + extendsiz) / padbound;
454
455	if (n > 0)
456	n = (random() % n) * padbound;
457	else
458	n = 0;
459
460	/*
461	* make sure we do not pad too much.
462	* MLEN limitation comes from the trailer attachment
463	* code below.
464	* 256 limitation comes from sequential padding.
465	* also, the 1-octet length field in ESP trailer imposes
466	* limitation (but is less strict than sequential padding
467	* as length field do not count the last 2 octets).
468	*/
469	if (extendsiz + n <= MLEN && extendsiz + n < 256)
470	extendsiz += n;
471	}
472
473	#ifdef DIAGNOSTIC
474	if (extendsiz > MLEN \|\| extendsiz >= 256)
475	panic("extendsiz too big in esp_output");
476	#endif
477
478	n = m;
479	while (n->m_next)
480	n = n->m_next;
481
482	/*
483	* if M_EXT, the external mbuf data may be shared among
484	* two consequtive TCP packets, and it may be unsafe to use the
485	* trailing space.
486	*/
487	if (!(n->m_flags & M_EXT) && extendsiz < M_TRAILINGSPACE(n)) {
488	extend = mtod(n, u_char *) + n->m_len;
489	n->m_len += extendsiz;
490	m->m_pkthdr.len += extendsiz;
491	} else {
492	struct mbuf *nn;
493
74f1caca	494	MGET(nn, MB_DONTWAIT, MT_DATA);
984263bc MD	495	if (!nn) {
	496	ipseclog((LOG_DEBUG, "esp%d_output: can't alloc mbuf",
	497	afnumber));
	498	m_freem(m);
	499	error = ENOBUFS;
	500	goto fail;
	501	}
	502	extend = mtod(nn, u_char *);
	503	nn->m_len = extendsiz;
	504	nn->m_next = NULL;
	505	n->m_next = nn;
	506	n = nn;
	507	m->m_pkthdr.len += extendsiz;
	508	}
	509	switch (sav->flags & SADB_X_EXT_PMASK) {
	510	case SADB_X_EXT_PRAND:
	511	key_randomfill(extend, extendsiz);
	512	break;
	513	case SADB_X_EXT_PZERO:
	514	bzero(extend, extendsiz);
	515	break;
	516	case SADB_X_EXT_PSEQ:
	517	for (i = 0; i < extendsiz; i++)
	518	extend[i] = (i + 1) & 0xff;
	519	break;
	520	}
	521
	522	/* initialize esp trailer. */
	523	esptail = (struct esptail *)
	524	(mtod(n, u_int8_t *) + n->m_len - sizeof(struct esptail));
	525	esptail->esp_nxt = nxt;
	526	esptail->esp_padlen = extendsiz - 2;
	527
	528	/* modify IP header (for ESP header part only) */
	529	switch (af) {
	530	#ifdef INET
	531	case AF_INET:
	532	ip = mtod(m, struct ip *);
	533	if (extendsiz < (IP_MAXPACKET - ntohs(ip->ip_len)))
	534	ip->ip_len = htons(ntohs(ip->ip_len) + extendsiz);
	535	else {
	536	ipseclog((LOG_ERR,
	537	"IPv4 ESP output: size exceeds limit\n"));
	538	ipsecstat.out_inval++;
	539	m_freem(m);
	540	error = EMSGSIZE;
	541	goto fail;
	542	}
	543	break;
	544	#endif
	545	#ifdef INET6
	546	case AF_INET6:
	547	/* total packet length will be computed in ip6_output() */
	548	break;
	549	#endif
	550	}
	551	}
	552
	553	/*
	554	* pre-compute and cache intermediate key
	555	*/
	556	error = esp_schedule(algo, sav);
	557	if (error) {
	558	m_freem(m);
559	stat->out_inval++;
560	goto fail;
561	}
562
563	/*
564	* encrypt the packet, based on security association
565	* and the algorithm specified.
566	*/
567	if (!algo->encrypt)
568	panic("internal error: no encrypt function");
569	if ((*algo->encrypt)(m, espoff, plen + extendsiz, sav, algo, ivlen)) {
570	/* m is already freed */
571	ipseclog((LOG_ERR, "packet encryption failure\n"));
572	stat->out_inval++;
573	error = EINVAL;
574	goto fail;
575	}
576
577	/*
578	* calculate ICV if required.
579	*/
580	if (!sav->replay)
581	goto noantireplay;
582	if (!sav->key_auth)
583	goto noantireplay;
584	if (sav->key_auth == SADB_AALG_NONE)
585	goto noantireplay;
586
587	{
588	const struct ah_algorithm *aalgo;
589	u_char authbuf[AH_MAXSUMSIZE];
590	struct mbuf *n;
591	u_char *p;
592	size_t siz;
593	#ifdef INET
594	struct ip *ip;
595	#endif
596
597	aalgo = ah_algorithm_lookup(sav->alg_auth);
598	if (!aalgo)
599	goto noantireplay;
600	siz = ((aalgo->sumsiz)(sav) + 3) & ~(4 - 1);
601	if (AH_MAXSUMSIZE < siz)
602	panic("assertion failed for AH_MAXSUMSIZE");
603
604	if (esp_auth(m, espoff, m->m_pkthdr.len - espoff, sav, authbuf)) {
605	ipseclog((LOG_ERR, "ESP checksum generation failure\n"));
606	m_freem(m);
607	error = EINVAL;
608	stat->out_inval++;
609	goto fail;
610	}
611
612	n = m;
613	while (n->m_next)
614	n = n->m_next;
615
616	if (!(n->m_flags & M_EXT) && siz < M_TRAILINGSPACE(n)) { /* XXX */
617	n->m_len += siz;
618	m->m_pkthdr.len += siz;
619	p = mtod(n, u_char *) + n->m_len - siz;
620	} else {
621	struct mbuf *nn;
622
74f1caca	623	MGET(nn, MB_DONTWAIT, MT_DATA);
984263bc MD	624	if (!nn) {
	625	ipseclog((LOG_DEBUG, "can't alloc mbuf in esp%d_output",
	626	afnumber));
	627	m_freem(m);
	628	error = ENOBUFS;
	629	goto fail;
	630	}
	631	nn->m_len = siz;
	632	nn->m_next = NULL;
	633	n->m_next = nn;
	634	n = nn;
	635	m->m_pkthdr.len += siz;
	636	p = mtod(nn, u_char *);
	637	}
	638	bcopy(authbuf, p, siz);
	639
	640	/* modify IP header (for ESP header part only) */
	641	switch (af) {
	642	#ifdef INET
	643	case AF_INET:
	644	ip = mtod(m, struct ip *);
	645	if (siz < (IP_MAXPACKET - ntohs(ip->ip_len)))
	646	ip->ip_len = htons(ntohs(ip->ip_len) + siz);
	647	else {
	648	ipseclog((LOG_ERR,
	649	"IPv4 ESP output: size exceeds limit\n"));
	650	ipsecstat.out_inval++;
	651	m_freem(m);
	652	error = EMSGSIZE;
	653	goto fail;
	654	}
	655	break;
	656	#endif
	657	#ifdef INET6
	658	case AF_INET6:
	659	/* total packet length will be computed in ip6_output() */
	660	break;
	661	#endif
	662	}
	663	}
	664
	665	noantireplay:
	666	if (!m) {
	667	ipseclog((LOG_ERR,
	668	"NULL mbuf after encryption in esp%d_output", afnumber));
	669	} else
	670	stat->out_success++;
	671	stat->out_esphist[sav->alg_enc]++;
	672	key_sa_recordxfer(sav, m);
	673	return 0;
	674
	675	fail:
	676	#if 1
	677	return error;
	678	#else
	679	panic("something bad in esp_output");
	680	#endif
	681	}
	682
	683	#ifdef INET
	684	int
122ebd49	685	esp4_output(struct mbuf m, struct ipsecrequest isr)
984263bc MD	686	{
	687	struct ip *ip;
	688	if (m->m_len < sizeof(struct ip)) {
	689	ipseclog((LOG_DEBUG, "esp4_output: first mbuf too short\n"));
	690	m_freem(m);
	691	return 0;
	692	}
	693	ip = mtod(m, struct ip *);
	694	/* XXX assumes that m->m_next points to payload */
	695	return esp_output(m, &ip->ip_p, m->m_next, isr, AF_INET);
	696	}
	697	#endif /* INET */
	698
	699	#ifdef INET6
	700	int
122ebd49 CP	701	esp6_output(struct mbuf m, u_char nexthdrp, struct mbuf *md,
122ebd49 CP	702	struct ipsecrequest *isr)
984263bc MD	703	{
	704	if (m->m_len < sizeof(struct ip6_hdr)) {
	705	ipseclog((LOG_DEBUG, "esp6_output: first mbuf too short\n"));
	706	m_freem(m);
	707	return 0;
	708	}
	709	return esp_output(m, nexthdrp, md, isr, AF_INET6);
	710	}
	711	#endif /* INET6 */