1 /* $FreeBSD: src/sys/netinet6/esp_core.c,v 1.1.2.4 2002/03/26 10:12:29 ume Exp $ */
2 /* $KAME: esp_core.c,v 1.50 2000/11/02 12:27:38 itojun Exp $ */
5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of the project nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include "opt_inet6.h"
36 #include <sys/param.h>
37 #include <sys/systm.h>
38 #include <sys/malloc.h>
40 #include <sys/domain.h>
41 #include <sys/protosw.h>
42 #include <sys/socket.h>
43 #include <sys/errno.h>
45 #include <sys/syslog.h>
48 #include <net/route.h>
50 #include <netinet/in.h>
51 #include <netinet/in_var.h>
53 #include <netinet/ip6.h>
54 #include <netinet6/ip6_var.h>
55 #include <netinet/icmp6.h>
58 #include <netinet6/ipsec.h>
60 #include <netinet6/ipsec6.h>
62 #include <netinet6/ah.h>
64 #include <netinet6/ah6.h>
66 #include <netinet6/esp.h>
68 #include <netinet6/esp6.h>
70 #include <netinet6/esp_rijndael.h>
71 #include <net/pfkeyv2.h>
72 #include <netkey/keydb.h>
73 #include <netkey/key.h>
74 #include <crypto/des/des.h>
75 #include <crypto/blowfish/blowfish.h>
76 #include <crypto/cast128/cast128.h>
78 #include <net/net_osdep.h>
80 static int esp_null_mature __P((struct secasvar *));
81 static int esp_null_decrypt __P((struct mbuf *, size_t,
82 struct secasvar *, const struct esp_algorithm *, int));
83 static int esp_null_encrypt __P((struct mbuf *, size_t, size_t,
84 struct secasvar *, const struct esp_algorithm *, int));
85 static int esp_descbc_mature __P((struct secasvar *));
86 static int esp_descbc_ivlen __P((const struct esp_algorithm *,
88 static int esp_des_schedule __P((const struct esp_algorithm *,
90 static int esp_des_schedlen __P((const struct esp_algorithm *));
91 static int esp_des_blockdecrypt __P((const struct esp_algorithm *,
92 struct secasvar *, u_int8_t *, u_int8_t *));
93 static int esp_des_blockencrypt __P((const struct esp_algorithm *,
94 struct secasvar *, u_int8_t *, u_int8_t *));
95 static int esp_cbc_mature __P((struct secasvar *));
96 static int esp_blowfish_schedule __P((const struct esp_algorithm *,
98 static int esp_blowfish_schedlen __P((const struct esp_algorithm *));
99 static int esp_blowfish_blockdecrypt __P((const struct esp_algorithm *,
100 struct secasvar *, u_int8_t *, u_int8_t *));
101 static int esp_blowfish_blockencrypt __P((const struct esp_algorithm *,
102 struct secasvar *, u_int8_t *, u_int8_t *));
103 static int esp_cast128_schedule __P((const struct esp_algorithm *,
105 static int esp_cast128_schedlen __P((const struct esp_algorithm *));
106 static int esp_cast128_blockdecrypt __P((const struct esp_algorithm *,
107 struct secasvar *, u_int8_t *, u_int8_t *));
108 static int esp_cast128_blockencrypt __P((const struct esp_algorithm *,
109 struct secasvar *, u_int8_t *, u_int8_t *));
110 static int esp_3des_schedule __P((const struct esp_algorithm *,
112 static int esp_3des_schedlen __P((const struct esp_algorithm *));
113 static int esp_3des_blockdecrypt __P((const struct esp_algorithm *,
114 struct secasvar *, u_int8_t *, u_int8_t *));
115 static int esp_3des_blockencrypt __P((const struct esp_algorithm *,
116 struct secasvar *, u_int8_t *, u_int8_t *));
117 static int esp_common_ivlen __P((const struct esp_algorithm *,
119 static int esp_cbc_decrypt __P((struct mbuf *, size_t,
120 struct secasvar *, const struct esp_algorithm *, int));
121 static int esp_cbc_encrypt __P((struct mbuf *, size_t, size_t,
122 struct secasvar *, const struct esp_algorithm *, int));
126 static const struct esp_algorithm esp_algorithms[] = {
127 { 8, -1, esp_descbc_mature, 64, 64, esp_des_schedlen,
129 esp_descbc_ivlen, esp_cbc_decrypt,
130 esp_cbc_encrypt, esp_des_schedule,
131 esp_des_blockdecrypt, esp_des_blockencrypt, },
132 { 8, 8, esp_cbc_mature, 192, 192, esp_3des_schedlen,
134 esp_common_ivlen, esp_cbc_decrypt,
135 esp_cbc_encrypt, esp_3des_schedule,
136 esp_3des_blockdecrypt, esp_3des_blockencrypt, },
137 { 1, 0, esp_null_mature, 0, 2048, 0, "null",
138 esp_common_ivlen, esp_null_decrypt,
139 esp_null_encrypt, NULL, },
140 { 8, 8, esp_cbc_mature, 40, 448, esp_blowfish_schedlen, "blowfish-cbc",
141 esp_common_ivlen, esp_cbc_decrypt,
142 esp_cbc_encrypt, esp_blowfish_schedule,
143 esp_blowfish_blockdecrypt, esp_blowfish_blockencrypt, },
144 { 8, 8, esp_cbc_mature, 40, 128, esp_cast128_schedlen,
146 esp_common_ivlen, esp_cbc_decrypt,
147 esp_cbc_encrypt, esp_cast128_schedule,
148 esp_cast128_blockdecrypt, esp_cast128_blockencrypt, },
149 { 16, 16, esp_cbc_mature, 128, 256, esp_rijndael_schedlen,
151 esp_common_ivlen, esp_cbc_decrypt,
152 esp_cbc_encrypt, esp_rijndael_schedule,
153 esp_rijndael_blockdecrypt, esp_rijndael_blockencrypt },
156 const struct esp_algorithm *
157 esp_algorithm_lookup(idx)
162 case SADB_EALG_DESCBC:
163 return &esp_algorithms[0];
164 case SADB_EALG_3DESCBC:
165 return &esp_algorithms[1];
167 return &esp_algorithms[2];
168 case SADB_X_EALG_BLOWFISHCBC:
169 return &esp_algorithms[3];
170 case SADB_X_EALG_CAST128CBC:
171 return &esp_algorithms[4];
172 case SADB_X_EALG_RIJNDAELCBC:
173 return &esp_algorithms[5];
186 for (idx = 0; idx < sizeof(esp_algorithms)/sizeof(esp_algorithms[0]);
188 if (esp_algorithms[idx].ivlenval > ivlen)
189 ivlen = esp_algorithms[idx].ivlenval;
196 esp_schedule(algo, sav)
197 const struct esp_algorithm *algo;
198 struct secasvar *sav;
202 /* check for key length */
203 if (_KEYBITS(sav->key_enc) < algo->keymin ||
204 _KEYBITS(sav->key_enc) > algo->keymax) {
206 "esp_schedule %s: unsupported key length %d: "
207 "needs %d to %d bits\n", algo->name, _KEYBITS(sav->key_enc),
208 algo->keymin, algo->keymax));
212 /* already allocated */
213 if (sav->sched && sav->schedlen != 0)
215 /* no schedule necessary */
216 if (!algo->schedule || !algo->schedlen)
219 sav->schedlen = (*algo->schedlen)(algo);
220 if (sav->schedlen < 0)
222 sav->sched = malloc(sav->schedlen, M_SECA, M_DONTWAIT);
228 error = (*algo->schedule)(algo, sav);
230 ipseclog((LOG_ERR, "esp_schedule %s: error %d\n",
232 free(sav->sched, M_SECA);
241 struct secasvar *sav;
244 /* anything is okay */
249 esp_null_decrypt(m, off, sav, algo, ivlen)
251 size_t off; /* offset to ESP header */
252 struct secasvar *sav;
253 const struct esp_algorithm *algo;
257 return 0; /* do nothing */
261 esp_null_encrypt(m, off, plen, sav, algo, ivlen)
263 size_t off; /* offset to ESP header */
264 size_t plen; /* payload length (to be encrypted) */
265 struct secasvar *sav;
266 const struct esp_algorithm *algo;
270 return 0; /* do nothing */
274 esp_descbc_mature(sav)
275 struct secasvar *sav;
277 const struct esp_algorithm *algo;
279 if (!(sav->flags & SADB_X_EXT_OLD) && (sav->flags & SADB_X_EXT_IV4B)) {
280 ipseclog((LOG_ERR, "esp_cbc_mature: "
281 "algorithm incompatible with 4 octets IV length\n"));
286 ipseclog((LOG_ERR, "esp_descbc_mature: no key is given.\n"));
290 algo = esp_algorithm_lookup(sav->alg_enc);
293 "esp_descbc_mature: unsupported algorithm.\n"));
297 if (_KEYBITS(sav->key_enc) < algo->keymin ||
298 _KEYBITS(sav->key_enc) > algo->keymax) {
300 "esp_descbc_mature: invalid key length %d.\n",
301 _KEYBITS(sav->key_enc)));
306 if (des_is_weak_key((des_cblock *)_KEYBUF(sav->key_enc))) {
308 "esp_descbc_mature: weak key was passed.\n"));
316 esp_descbc_ivlen(algo, sav)
317 const struct esp_algorithm *algo;
318 struct secasvar *sav;
323 if ((sav->flags & SADB_X_EXT_OLD) && (sav->flags & SADB_X_EXT_IV4B))
325 if (!(sav->flags & SADB_X_EXT_OLD) && (sav->flags & SADB_X_EXT_DERIV))
331 esp_des_schedlen(algo)
332 const struct esp_algorithm *algo;
335 return sizeof(des_key_schedule);
339 esp_des_schedule(algo, sav)
340 const struct esp_algorithm *algo;
341 struct secasvar *sav;
344 if (des_key_sched((des_cblock *)_KEYBUF(sav->key_enc),
345 *(des_key_schedule *)sav->sched))
352 esp_des_blockdecrypt(algo, sav, s, d)
353 const struct esp_algorithm *algo;
354 struct secasvar *sav;
359 /* assumption: d has a good alignment */
360 bcopy(s, d, sizeof(DES_LONG) * 2);
361 des_ecb_encrypt((des_cblock *)d, (des_cblock *)d,
362 *(des_key_schedule *)sav->sched, DES_DECRYPT);
367 esp_des_blockencrypt(algo, sav, s, d)
368 const struct esp_algorithm *algo;
369 struct secasvar *sav;
374 /* assumption: d has a good alignment */
375 bcopy(s, d, sizeof(DES_LONG) * 2);
376 des_ecb_encrypt((des_cblock *)d, (des_cblock *)d,
377 *(des_key_schedule *)sav->sched, DES_ENCRYPT);
383 struct secasvar *sav;
386 const struct esp_algorithm *algo;
388 if (sav->flags & SADB_X_EXT_OLD) {
390 "esp_cbc_mature: algorithm incompatible with esp-old\n"));
393 if (sav->flags & SADB_X_EXT_DERIV) {
395 "esp_cbc_mature: algorithm incompatible with derived\n"));
400 ipseclog((LOG_ERR, "esp_cbc_mature: no key is given.\n"));
404 algo = esp_algorithm_lookup(sav->alg_enc);
407 "esp_cbc_mature %s: unsupported algorithm.\n", algo->name));
411 keylen = sav->key_enc->sadb_key_bits;
412 if (keylen < algo->keymin || algo->keymax < keylen) {
414 "esp_cbc_mature %s: invalid key length %d.\n",
415 algo->name, sav->key_enc->sadb_key_bits));
418 switch (sav->alg_enc) {
419 case SADB_EALG_3DESCBC:
421 if (des_is_weak_key((des_cblock *)_KEYBUF(sav->key_enc)) ||
422 des_is_weak_key((des_cblock *)(_KEYBUF(sav->key_enc) + 8)) ||
423 des_is_weak_key((des_cblock *)(_KEYBUF(sav->key_enc) + 16))) {
425 "esp_cbc_mature %s: weak key was passed.\n",
430 case SADB_X_EALG_BLOWFISHCBC:
431 case SADB_X_EALG_CAST128CBC:
433 case SADB_X_EALG_RIJNDAELCBC:
434 /* allows specific key sizes only */
435 if (!(keylen == 128 || keylen == 192 || keylen == 256)) {
437 "esp_cbc_mature %s: invalid key length %d.\n",
438 algo->name, keylen));
448 esp_blowfish_schedlen(algo)
449 const struct esp_algorithm *algo;
452 return sizeof(BF_KEY);
456 esp_blowfish_schedule(algo, sav)
457 const struct esp_algorithm *algo;
458 struct secasvar *sav;
461 BF_set_key((BF_KEY *)sav->sched, _KEYLEN(sav->key_enc),
462 _KEYBUF(sav->key_enc));
467 esp_blowfish_blockdecrypt(algo, sav, s, d)
468 const struct esp_algorithm *algo;
469 struct secasvar *sav;
473 /* HOLY COW! BF_decrypt() takes values in host byteorder */
476 bcopy(s, t, sizeof(t));
479 BF_decrypt(t, (BF_KEY *)sav->sched);
482 bcopy(t, d, sizeof(t));
487 esp_blowfish_blockencrypt(algo, sav, s, d)
488 const struct esp_algorithm *algo;
489 struct secasvar *sav;
493 /* HOLY COW! BF_encrypt() takes values in host byteorder */
496 bcopy(s, t, sizeof(t));
499 BF_encrypt(t, (BF_KEY *)sav->sched);
502 bcopy(t, d, sizeof(t));
507 esp_cast128_schedlen(algo)
508 const struct esp_algorithm *algo;
511 return sizeof(u_int32_t) * 32;
515 esp_cast128_schedule(algo, sav)
516 const struct esp_algorithm *algo;
517 struct secasvar *sav;
520 set_cast128_subkey((u_int32_t *)sav->sched, _KEYBUF(sav->key_enc),
521 _KEYLEN(sav->key_enc));
526 esp_cast128_blockdecrypt(algo, sav, s, d)
527 const struct esp_algorithm *algo;
528 struct secasvar *sav;
533 if (_KEYLEN(sav->key_enc) <= 80 / 8)
534 cast128_decrypt_round12(d, s, (u_int32_t *)sav->sched);
536 cast128_decrypt_round16(d, s, (u_int32_t *)sav->sched);
541 esp_cast128_blockencrypt(algo, sav, s, d)
542 const struct esp_algorithm *algo;
543 struct secasvar *sav;
548 if (_KEYLEN(sav->key_enc) <= 80 / 8)
549 cast128_encrypt_round12(d, s, (u_int32_t *)sav->sched);
551 cast128_encrypt_round16(d, s, (u_int32_t *)sav->sched);
556 esp_3des_schedlen(algo)
557 const struct esp_algorithm *algo;
560 return sizeof(des_key_schedule) * 3;
564 esp_3des_schedule(algo, sav)
565 const struct esp_algorithm *algo;
566 struct secasvar *sav;
573 p = (des_key_schedule *)sav->sched;
574 k = _KEYBUF(sav->key_enc);
575 for (i = 0; i < 3; i++) {
576 error = des_key_sched((des_cblock *)(k + 8 * i), p[i]);
584 esp_3des_blockdecrypt(algo, sav, s, d)
585 const struct esp_algorithm *algo;
586 struct secasvar *sav;
592 /* assumption: d has a good alignment */
593 p = (des_key_schedule *)sav->sched;
594 bcopy(s, d, sizeof(DES_LONG) * 2);
595 des_ecb3_encrypt((des_cblock *)d, (des_cblock *)d,
596 p[0], p[1], p[2], DES_DECRYPT);
601 esp_3des_blockencrypt(algo, sav, s, d)
602 const struct esp_algorithm *algo;
603 struct secasvar *sav;
609 /* assumption: d has a good alignment */
610 p = (des_key_schedule *)sav->sched;
611 bcopy(s, d, sizeof(DES_LONG) * 2);
612 des_ecb3_encrypt((des_cblock *)d, (des_cblock *)d,
613 p[0], p[1], p[2], DES_ENCRYPT);
618 esp_common_ivlen(algo, sav)
619 const struct esp_algorithm *algo;
620 struct secasvar *sav;
624 panic("esp_common_ivlen: unknown algorithm");
625 return algo->ivlenval;
629 esp_cbc_decrypt(m, off, sav, algo, ivlen)
632 struct secasvar *sav;
633 const struct esp_algorithm *algo;
637 struct mbuf *d, *d0, *dp;
638 int soff, doff; /* offset from the head of chain, to head of this mbuf */
639 int sn, dn; /* offset from the head of the mbuf, to meat */
640 size_t ivoff, bodyoff;
641 u_int8_t iv[MAXIVLEN], *ivp;
642 u_int8_t sbuf[MAXIVLEN], *sp;
650 if (ivlen != sav->ivlen || ivlen > sizeof(iv)) {
651 ipseclog((LOG_ERR, "esp_cbc_decrypt %s: "
652 "unsupported ivlen %d\n", algo->name, ivlen));
657 /* assumes blocklen == padbound */
658 blocklen = algo->padbound;
661 if (blocklen > sizeof(iv)) {
662 ipseclog((LOG_ERR, "esp_cbc_decrypt %s: "
663 "unsupported blocklen %d\n", algo->name, blocklen));
669 if (sav->flags & SADB_X_EXT_OLD) {
671 ivoff = off + sizeof(struct esp);
672 bodyoff = off + sizeof(struct esp) + ivlen;
676 if (sav->flags & SADB_X_EXT_DERIV) {
678 * draft-ietf-ipsec-ciph-des-derived-00.txt
679 * uses sequence number field as IV field.
681 ivoff = off + sizeof(struct esp);
682 bodyoff = off + sizeof(struct esp) + sizeof(u_int32_t);
683 ivlen = sizeof(u_int32_t);
686 ivoff = off + sizeof(struct newesp);
687 bodyoff = off + sizeof(struct newesp) + ivlen;
693 m_copydata(m, ivoff, ivlen, iv);
696 if (ivlen == blocklen)
698 else if (ivlen == 4 && blocklen == 8) {
699 bcopy(&iv[0], &iv[4], 4);
705 ipseclog((LOG_ERR, "esp_cbc_encrypt %s: "
706 "unsupported ivlen/blocklen: %d %d\n",
707 algo->name, ivlen, blocklen));
712 if (m->m_pkthdr.len < bodyoff) {
713 ipseclog((LOG_ERR, "esp_cbc_decrypt %s: bad len %d/%lu\n",
714 algo->name, m->m_pkthdr.len, (unsigned long)bodyoff));
718 if ((m->m_pkthdr.len - bodyoff) % blocklen) {
719 ipseclog((LOG_ERR, "esp_cbc_decrypt %s: "
720 "payload length must be multiple of %d\n",
721 algo->name, blocklen));
728 soff = doff = sn = dn = 0;
732 while (soff < bodyoff) {
733 if (soff + s->m_len > bodyoff) {
744 /* skip over empty mbuf */
745 while (s && s->m_len == 0)
748 while (soff < m->m_pkthdr.len) {
750 if (sn + blocklen <= s->m_len) {
751 /* body is continuous */
752 sp = mtod(s, u_int8_t *) + sn;
754 /* body is non-continuous */
755 m_copydata(s, sn, blocklen, sbuf);
760 if (!d || dn + blocklen > d->m_len) {
763 MGET(d, M_DONTWAIT, MT_DATA);
764 i = m->m_pkthdr.len - (soff + sn);
766 MCLGET(d, M_DONTWAIT);
767 if ((d->m_flags & M_EXT) == 0) {
783 d->m_len = (M_TRAILINGSPACE(d) / blocklen) * blocklen;
790 (*algo->blockdecrypt)(algo, sav, sp, mtod(d, u_int8_t *) + dn);
794 q = mtod(d, u_int8_t *) + dn;
795 for (i = 0; i < blocklen; i++)
800 bcopy(sbuf, iv, blocklen);
808 /* find the next source block */
809 while (s && sn >= s->m_len) {
815 /* skip over empty mbuf */
816 while (s && s->m_len == 0)
820 m_freem(scut->m_next);
821 scut->m_len = scutoff;
825 bzero(iv, sizeof(iv));
826 bzero(sbuf, sizeof(sbuf));
832 esp_cbc_encrypt(m, off, plen, sav, algo, ivlen)
836 struct secasvar *sav;
837 const struct esp_algorithm *algo;
841 struct mbuf *d, *d0, *dp;
842 int soff, doff; /* offset from the head of chain, to head of this mbuf */
843 int sn, dn; /* offset from the head of the mbuf, to meat */
844 size_t ivoff, bodyoff;
845 u_int8_t iv[MAXIVLEN], *ivp;
846 u_int8_t sbuf[MAXIVLEN], *sp;
854 if (ivlen != sav->ivlen || ivlen > sizeof(iv)) {
855 ipseclog((LOG_ERR, "esp_cbc_encrypt %s: "
856 "unsupported ivlen %d\n", algo->name, ivlen));
861 /* assumes blocklen == padbound */
862 blocklen = algo->padbound;
865 if (blocklen > sizeof(iv)) {
866 ipseclog((LOG_ERR, "esp_cbc_encrypt %s: "
867 "unsupported blocklen %d\n", algo->name, blocklen));
873 if (sav->flags & SADB_X_EXT_OLD) {
875 ivoff = off + sizeof(struct esp);
876 bodyoff = off + sizeof(struct esp) + ivlen;
880 if (sav->flags & SADB_X_EXT_DERIV) {
882 * draft-ietf-ipsec-ciph-des-derived-00.txt
883 * uses sequence number field as IV field.
885 ivoff = off + sizeof(struct esp);
886 bodyoff = off + sizeof(struct esp) + sizeof(u_int32_t);
887 ivlen = sizeof(u_int32_t);
890 ivoff = off + sizeof(struct newesp);
891 bodyoff = off + sizeof(struct newesp) + ivlen;
896 /* put iv into the packet. if we are in derived mode, use seqno. */
898 m_copydata(m, ivoff, ivlen, iv);
900 bcopy(sav->iv, iv, ivlen);
901 /* maybe it is better to overwrite dest, not source */
902 m_copyback(m, ivoff, ivlen, iv);
906 if (ivlen == blocklen)
908 else if (ivlen == 4 && blocklen == 8) {
909 bcopy(&iv[0], &iv[4], 4);
915 ipseclog((LOG_ERR, "esp_cbc_encrypt %s: "
916 "unsupported ivlen/blocklen: %d %d\n",
917 algo->name, ivlen, blocklen));
922 if (m->m_pkthdr.len < bodyoff) {
923 ipseclog((LOG_ERR, "esp_cbc_encrypt %s: bad len %d/%lu\n",
924 algo->name, m->m_pkthdr.len, (unsigned long)bodyoff));
928 if ((m->m_pkthdr.len - bodyoff) % blocklen) {
929 ipseclog((LOG_ERR, "esp_cbc_encrypt %s: "
930 "payload length must be multiple of %lu\n",
931 algo->name, (unsigned long)algo->padbound));
938 soff = doff = sn = dn = 0;
942 while (soff < bodyoff) {
943 if (soff + s->m_len > bodyoff) {
954 /* skip over empty mbuf */
955 while (s && s->m_len == 0)
958 while (soff < m->m_pkthdr.len) {
960 if (sn + blocklen <= s->m_len) {
961 /* body is continuous */
962 sp = mtod(s, u_int8_t *) + sn;
964 /* body is non-continuous */
965 m_copydata(s, sn, blocklen, sbuf);
970 if (!d || dn + blocklen > d->m_len) {
973 MGET(d, M_DONTWAIT, MT_DATA);
974 i = m->m_pkthdr.len - (soff + sn);
976 MCLGET(d, M_DONTWAIT);
977 if ((d->m_flags & M_EXT) == 0) {
993 d->m_len = (M_TRAILINGSPACE(d) / blocklen) * blocklen;
1002 for (i = 0; i < blocklen; i++)
1006 (*algo->blockencrypt)(algo, sav, sp, mtod(d, u_int8_t *) + dn);
1009 ivp = mtod(d, u_int8_t *) + dn;
1014 /* find the next source block */
1015 while (s && sn >= s->m_len) {
1021 /* skip over empty mbuf */
1022 while (s && s->m_len == 0)
1026 m_freem(scut->m_next);
1027 scut->m_len = scutoff;
1031 bzero(iv, sizeof(iv));
1032 bzero(sbuf, sizeof(sbuf));
1034 key_sa_stir_iv(sav);
1039 /*------------------------------------------------------------*/
1041 /* does not free m0 on error */
1043 esp_auth(m0, skip, length, sav, sum)
1045 size_t skip; /* offset to ESP header */
1046 size_t length; /* payload length */
1047 struct secasvar *sav;
1052 struct ah_algorithm_state s;
1053 u_char sumbuf[AH_MAXSUMSIZE];
1054 const struct ah_algorithm *algo;
1059 if (m0->m_pkthdr.len < skip) {
1060 ipseclog((LOG_DEBUG, "esp_auth: mbuf length < skip\n"));
1063 if (m0->m_pkthdr.len < skip + length) {
1064 ipseclog((LOG_DEBUG,
1065 "esp_auth: mbuf length < skip + length\n"));
1069 * length of esp part (excluding authentication data) must be 4n,
1070 * since nexthdr must be at offset 4n+3.
1073 ipseclog((LOG_ERR, "esp_auth: length is not multiple of 4\n"));
1077 ipseclog((LOG_DEBUG, "esp_auth: NULL SA passed\n"));
1080 algo = ah_algorithm_lookup(sav->alg_auth);
1083 "esp_auth: bad ESP auth algorithm passed: %d\n",
1091 siz = (((*algo->sumsiz)(sav) + 3) & ~(4 - 1));
1092 if (sizeof(sumbuf) < siz) {
1093 ipseclog((LOG_DEBUG,
1094 "esp_auth: AH_MAXSUMSIZE is too small: siz=%lu\n",
1099 /* skip the header */
1102 panic("mbuf chain?");
1103 if (m->m_len <= skip) {
1113 error = (*algo->init)(&s, sav);
1117 while (0 < length) {
1119 panic("mbuf chain?");
1121 if (m->m_len - off < length) {
1122 (*algo->update)(&s, mtod(m, u_char *) + off,
1124 length -= m->m_len - off;
1128 (*algo->update)(&s, mtod(m, u_char *) + off, length);
1132 (*algo->result)(&s, sumbuf);
1133 bcopy(sumbuf, sum, siz); /* XXX */