1 /* $FreeBSD: src/sys/netinet6/esp_core.c,v 1.1.2.4 2002/03/26 10:12:29 ume Exp $ */
2 /* $DragonFly: src/sys/netinet6/esp_core.c,v 1.5 2003/08/23 11:02:45 rob Exp $ */
3 /* $KAME: esp_core.c,v 1.50 2000/11/02 12:27:38 itojun Exp $ */
6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the project nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 #include "opt_inet6.h"
37 #include <sys/param.h>
38 #include <sys/systm.h>
39 #include <sys/malloc.h>
41 #include <sys/domain.h>
42 #include <sys/protosw.h>
43 #include <sys/socket.h>
44 #include <sys/errno.h>
46 #include <sys/syslog.h>
49 #include <net/route.h>
51 #include <netinet/in.h>
52 #include <netinet/in_var.h>
54 #include <netinet/ip6.h>
55 #include <netinet6/ip6_var.h>
56 #include <netinet/icmp6.h>
59 #include <netinet6/ipsec.h>
61 #include <netinet6/ipsec6.h>
63 #include <netinet6/ah.h>
65 #include <netinet6/ah6.h>
67 #include <netinet6/esp.h>
69 #include <netinet6/esp6.h>
71 #include <netinet6/esp_rijndael.h>
72 #include <net/pfkeyv2.h>
73 #include <netproto/key/keydb.h>
74 #include <netproto/key/key.h>
75 #include <crypto/des/des.h>
76 #include <crypto/blowfish/blowfish.h>
77 #include <crypto/cast128/cast128.h>
79 #include <net/net_osdep.h>
81 static int esp_null_mature (struct secasvar *);
82 static int esp_null_decrypt (struct mbuf *, size_t,
83 struct secasvar *, const struct esp_algorithm *, int);
84 static int esp_null_encrypt (struct mbuf *, size_t, size_t,
85 struct secasvar *, const struct esp_algorithm *, int);
86 static int esp_descbc_mature (struct secasvar *);
87 static int esp_descbc_ivlen (const struct esp_algorithm *,
89 static int esp_des_schedule (const struct esp_algorithm *,
91 static int esp_des_schedlen (const struct esp_algorithm *);
92 static int esp_des_blockdecrypt (const struct esp_algorithm *,
93 struct secasvar *, u_int8_t *, u_int8_t *);
94 static int esp_des_blockencrypt (const struct esp_algorithm *,
95 struct secasvar *, u_int8_t *, u_int8_t *);
96 static int esp_cbc_mature (struct secasvar *);
97 static int esp_blowfish_schedule (const struct esp_algorithm *,
99 static int esp_blowfish_schedlen (const struct esp_algorithm *);
100 static int esp_blowfish_blockdecrypt (const struct esp_algorithm *,
101 struct secasvar *, u_int8_t *, u_int8_t *);
102 static int esp_blowfish_blockencrypt (const struct esp_algorithm *,
103 struct secasvar *, u_int8_t *, u_int8_t *);
104 static int esp_cast128_schedule (const struct esp_algorithm *,
106 static int esp_cast128_schedlen (const struct esp_algorithm *);
107 static int esp_cast128_blockdecrypt (const struct esp_algorithm *,
108 struct secasvar *, u_int8_t *, u_int8_t *);
109 static int esp_cast128_blockencrypt (const struct esp_algorithm *,
110 struct secasvar *, u_int8_t *, u_int8_t *);
111 static int esp_3des_schedule (const struct esp_algorithm *,
113 static int esp_3des_schedlen (const struct esp_algorithm *);
114 static int esp_3des_blockdecrypt (const struct esp_algorithm *,
115 struct secasvar *, u_int8_t *, u_int8_t *);
116 static int esp_3des_blockencrypt (const struct esp_algorithm *,
117 struct secasvar *, u_int8_t *, u_int8_t *);
118 static int esp_common_ivlen (const struct esp_algorithm *,
120 static int esp_cbc_decrypt (struct mbuf *, size_t,
121 struct secasvar *, const struct esp_algorithm *, int);
122 static int esp_cbc_encrypt (struct mbuf *, size_t, size_t,
123 struct secasvar *, const struct esp_algorithm *, int);
127 static const struct esp_algorithm esp_algorithms[] = {
128 { 8, -1, esp_descbc_mature, 64, 64, esp_des_schedlen,
130 esp_descbc_ivlen, esp_cbc_decrypt,
131 esp_cbc_encrypt, esp_des_schedule,
132 esp_des_blockdecrypt, esp_des_blockencrypt, },
133 { 8, 8, esp_cbc_mature, 192, 192, esp_3des_schedlen,
135 esp_common_ivlen, esp_cbc_decrypt,
136 esp_cbc_encrypt, esp_3des_schedule,
137 esp_3des_blockdecrypt, esp_3des_blockencrypt, },
138 { 1, 0, esp_null_mature, 0, 2048, 0, "null",
139 esp_common_ivlen, esp_null_decrypt,
140 esp_null_encrypt, NULL, },
141 { 8, 8, esp_cbc_mature, 40, 448, esp_blowfish_schedlen, "blowfish-cbc",
142 esp_common_ivlen, esp_cbc_decrypt,
143 esp_cbc_encrypt, esp_blowfish_schedule,
144 esp_blowfish_blockdecrypt, esp_blowfish_blockencrypt, },
145 { 8, 8, esp_cbc_mature, 40, 128, esp_cast128_schedlen,
147 esp_common_ivlen, esp_cbc_decrypt,
148 esp_cbc_encrypt, esp_cast128_schedule,
149 esp_cast128_blockdecrypt, esp_cast128_blockencrypt, },
150 { 16, 16, esp_cbc_mature, 128, 256, esp_rijndael_schedlen,
152 esp_common_ivlen, esp_cbc_decrypt,
153 esp_cbc_encrypt, esp_rijndael_schedule,
154 esp_rijndael_blockdecrypt, esp_rijndael_blockencrypt },
157 const struct esp_algorithm *
158 esp_algorithm_lookup(idx)
163 case SADB_EALG_DESCBC:
164 return &esp_algorithms[0];
165 case SADB_EALG_3DESCBC:
166 return &esp_algorithms[1];
168 return &esp_algorithms[2];
169 case SADB_X_EALG_BLOWFISHCBC:
170 return &esp_algorithms[3];
171 case SADB_X_EALG_CAST128CBC:
172 return &esp_algorithms[4];
173 case SADB_X_EALG_RIJNDAELCBC:
174 return &esp_algorithms[5];
187 for (idx = 0; idx < sizeof(esp_algorithms)/sizeof(esp_algorithms[0]);
189 if (esp_algorithms[idx].ivlenval > ivlen)
190 ivlen = esp_algorithms[idx].ivlenval;
197 esp_schedule(algo, sav)
198 const struct esp_algorithm *algo;
199 struct secasvar *sav;
203 /* check for key length */
204 if (_KEYBITS(sav->key_enc) < algo->keymin ||
205 _KEYBITS(sav->key_enc) > algo->keymax) {
207 "esp_schedule %s: unsupported key length %d: "
208 "needs %d to %d bits\n", algo->name, _KEYBITS(sav->key_enc),
209 algo->keymin, algo->keymax));
213 /* already allocated */
214 if (sav->sched && sav->schedlen != 0)
216 /* no schedule necessary */
217 if (!algo->schedule || !algo->schedlen)
220 sav->schedlen = (*algo->schedlen)(algo);
221 if (sav->schedlen < 0)
223 sav->sched = malloc(sav->schedlen, M_SECA, M_NOWAIT);
229 error = (*algo->schedule)(algo, sav);
231 ipseclog((LOG_ERR, "esp_schedule %s: error %d\n",
233 free(sav->sched, M_SECA);
242 struct secasvar *sav;
245 /* anything is okay */
250 esp_null_decrypt(m, off, sav, algo, ivlen)
252 size_t off; /* offset to ESP header */
253 struct secasvar *sav;
254 const struct esp_algorithm *algo;
258 return 0; /* do nothing */
262 esp_null_encrypt(m, off, plen, sav, algo, ivlen)
264 size_t off; /* offset to ESP header */
265 size_t plen; /* payload length (to be encrypted) */
266 struct secasvar *sav;
267 const struct esp_algorithm *algo;
271 return 0; /* do nothing */
275 esp_descbc_mature(sav)
276 struct secasvar *sav;
278 const struct esp_algorithm *algo;
280 if (!(sav->flags & SADB_X_EXT_OLD) && (sav->flags & SADB_X_EXT_IV4B)) {
281 ipseclog((LOG_ERR, "esp_cbc_mature: "
282 "algorithm incompatible with 4 octets IV length\n"));
287 ipseclog((LOG_ERR, "esp_descbc_mature: no key is given.\n"));
291 algo = esp_algorithm_lookup(sav->alg_enc);
294 "esp_descbc_mature: unsupported algorithm.\n"));
298 if (_KEYBITS(sav->key_enc) < algo->keymin ||
299 _KEYBITS(sav->key_enc) > algo->keymax) {
301 "esp_descbc_mature: invalid key length %d.\n",
302 _KEYBITS(sav->key_enc)));
307 if (des_is_weak_key((des_cblock *)_KEYBUF(sav->key_enc))) {
309 "esp_descbc_mature: weak key was passed.\n"));
317 esp_descbc_ivlen(algo, sav)
318 const struct esp_algorithm *algo;
319 struct secasvar *sav;
324 if ((sav->flags & SADB_X_EXT_OLD) && (sav->flags & SADB_X_EXT_IV4B))
326 if (!(sav->flags & SADB_X_EXT_OLD) && (sav->flags & SADB_X_EXT_DERIV))
332 esp_des_schedlen(algo)
333 const struct esp_algorithm *algo;
336 return sizeof(des_key_schedule);
340 esp_des_schedule(algo, sav)
341 const struct esp_algorithm *algo;
342 struct secasvar *sav;
345 if (des_key_sched((des_cblock *)_KEYBUF(sav->key_enc),
346 *(des_key_schedule *)sav->sched))
353 esp_des_blockdecrypt(algo, sav, s, d)
354 const struct esp_algorithm *algo;
355 struct secasvar *sav;
360 /* assumption: d has a good alignment */
361 bcopy(s, d, sizeof(DES_LONG) * 2);
362 des_ecb_encrypt((des_cblock *)d, (des_cblock *)d,
363 *(des_key_schedule *)sav->sched, DES_DECRYPT);
368 esp_des_blockencrypt(algo, sav, s, d)
369 const struct esp_algorithm *algo;
370 struct secasvar *sav;
375 /* assumption: d has a good alignment */
376 bcopy(s, d, sizeof(DES_LONG) * 2);
377 des_ecb_encrypt((des_cblock *)d, (des_cblock *)d,
378 *(des_key_schedule *)sav->sched, DES_ENCRYPT);
384 struct secasvar *sav;
387 const struct esp_algorithm *algo;
389 if (sav->flags & SADB_X_EXT_OLD) {
391 "esp_cbc_mature: algorithm incompatible with esp-old\n"));
394 if (sav->flags & SADB_X_EXT_DERIV) {
396 "esp_cbc_mature: algorithm incompatible with derived\n"));
401 ipseclog((LOG_ERR, "esp_cbc_mature: no key is given.\n"));
405 algo = esp_algorithm_lookup(sav->alg_enc);
408 "esp_cbc_mature %s: unsupported algorithm.\n", algo->name));
412 keylen = sav->key_enc->sadb_key_bits;
413 if (keylen < algo->keymin || algo->keymax < keylen) {
415 "esp_cbc_mature %s: invalid key length %d.\n",
416 algo->name, sav->key_enc->sadb_key_bits));
419 switch (sav->alg_enc) {
420 case SADB_EALG_3DESCBC:
422 if (des_is_weak_key((des_cblock *)_KEYBUF(sav->key_enc)) ||
423 des_is_weak_key((des_cblock *)(_KEYBUF(sav->key_enc) + 8)) ||
424 des_is_weak_key((des_cblock *)(_KEYBUF(sav->key_enc) + 16))) {
426 "esp_cbc_mature %s: weak key was passed.\n",
431 case SADB_X_EALG_BLOWFISHCBC:
432 case SADB_X_EALG_CAST128CBC:
434 case SADB_X_EALG_RIJNDAELCBC:
435 /* allows specific key sizes only */
436 if (!(keylen == 128 || keylen == 192 || keylen == 256)) {
438 "esp_cbc_mature %s: invalid key length %d.\n",
439 algo->name, keylen));
449 esp_blowfish_schedlen(algo)
450 const struct esp_algorithm *algo;
453 return sizeof(BF_KEY);
457 esp_blowfish_schedule(algo, sav)
458 const struct esp_algorithm *algo;
459 struct secasvar *sav;
462 BF_set_key((BF_KEY *)sav->sched, _KEYLEN(sav->key_enc),
463 _KEYBUF(sav->key_enc));
468 esp_blowfish_blockdecrypt(algo, sav, s, d)
469 const struct esp_algorithm *algo;
470 struct secasvar *sav;
474 /* HOLY COW! BF_decrypt() takes values in host byteorder */
477 bcopy(s, t, sizeof(t));
480 BF_decrypt(t, (BF_KEY *)sav->sched);
483 bcopy(t, d, sizeof(t));
488 esp_blowfish_blockencrypt(algo, sav, s, d)
489 const struct esp_algorithm *algo;
490 struct secasvar *sav;
494 /* HOLY COW! BF_encrypt() takes values in host byteorder */
497 bcopy(s, t, sizeof(t));
500 BF_encrypt(t, (BF_KEY *)sav->sched);
503 bcopy(t, d, sizeof(t));
508 esp_cast128_schedlen(algo)
509 const struct esp_algorithm *algo;
512 return sizeof(u_int32_t) * 32;
516 esp_cast128_schedule(algo, sav)
517 const struct esp_algorithm *algo;
518 struct secasvar *sav;
521 set_cast128_subkey((u_int32_t *)sav->sched, _KEYBUF(sav->key_enc),
522 _KEYLEN(sav->key_enc));
527 esp_cast128_blockdecrypt(algo, sav, s, d)
528 const struct esp_algorithm *algo;
529 struct secasvar *sav;
534 if (_KEYLEN(sav->key_enc) <= 80 / 8)
535 cast128_decrypt_round12(d, s, (u_int32_t *)sav->sched);
537 cast128_decrypt_round16(d, s, (u_int32_t *)sav->sched);
542 esp_cast128_blockencrypt(algo, sav, s, d)
543 const struct esp_algorithm *algo;
544 struct secasvar *sav;
549 if (_KEYLEN(sav->key_enc) <= 80 / 8)
550 cast128_encrypt_round12(d, s, (u_int32_t *)sav->sched);
552 cast128_encrypt_round16(d, s, (u_int32_t *)sav->sched);
557 esp_3des_schedlen(algo)
558 const struct esp_algorithm *algo;
561 return sizeof(des_key_schedule) * 3;
565 esp_3des_schedule(algo, sav)
566 const struct esp_algorithm *algo;
567 struct secasvar *sav;
574 p = (des_key_schedule *)sav->sched;
575 k = _KEYBUF(sav->key_enc);
576 for (i = 0; i < 3; i++) {
577 error = des_key_sched((des_cblock *)(k + 8 * i), p[i]);
585 esp_3des_blockdecrypt(algo, sav, s, d)
586 const struct esp_algorithm *algo;
587 struct secasvar *sav;
593 /* assumption: d has a good alignment */
594 p = (des_key_schedule *)sav->sched;
595 bcopy(s, d, sizeof(DES_LONG) * 2);
596 des_ecb3_encrypt((des_cblock *)d, (des_cblock *)d,
597 p[0], p[1], p[2], DES_DECRYPT);
602 esp_3des_blockencrypt(algo, sav, s, d)
603 const struct esp_algorithm *algo;
604 struct secasvar *sav;
610 /* assumption: d has a good alignment */
611 p = (des_key_schedule *)sav->sched;
612 bcopy(s, d, sizeof(DES_LONG) * 2);
613 des_ecb3_encrypt((des_cblock *)d, (des_cblock *)d,
614 p[0], p[1], p[2], DES_ENCRYPT);
619 esp_common_ivlen(algo, sav)
620 const struct esp_algorithm *algo;
621 struct secasvar *sav;
625 panic("esp_common_ivlen: unknown algorithm");
626 return algo->ivlenval;
630 esp_cbc_decrypt(m, off, sav, algo, ivlen)
633 struct secasvar *sav;
634 const struct esp_algorithm *algo;
638 struct mbuf *d, *d0, *dp;
639 int soff, doff; /* offset from the head of chain, to head of this mbuf */
640 int sn, dn; /* offset from the head of the mbuf, to meat */
641 size_t ivoff, bodyoff;
642 u_int8_t iv[MAXIVLEN], *ivp;
643 u_int8_t sbuf[MAXIVLEN], *sp;
651 if (ivlen != sav->ivlen || ivlen > sizeof(iv)) {
652 ipseclog((LOG_ERR, "esp_cbc_decrypt %s: "
653 "unsupported ivlen %d\n", algo->name, ivlen));
658 /* assumes blocklen == padbound */
659 blocklen = algo->padbound;
662 if (blocklen > sizeof(iv)) {
663 ipseclog((LOG_ERR, "esp_cbc_decrypt %s: "
664 "unsupported blocklen %d\n", algo->name, blocklen));
670 if (sav->flags & SADB_X_EXT_OLD) {
672 ivoff = off + sizeof(struct esp);
673 bodyoff = off + sizeof(struct esp) + ivlen;
677 if (sav->flags & SADB_X_EXT_DERIV) {
679 * draft-ietf-ipsec-ciph-des-derived-00.txt
680 * uses sequence number field as IV field.
682 ivoff = off + sizeof(struct esp);
683 bodyoff = off + sizeof(struct esp) + sizeof(u_int32_t);
684 ivlen = sizeof(u_int32_t);
687 ivoff = off + sizeof(struct newesp);
688 bodyoff = off + sizeof(struct newesp) + ivlen;
694 m_copydata(m, ivoff, ivlen, iv);
697 if (ivlen == blocklen)
699 else if (ivlen == 4 && blocklen == 8) {
700 bcopy(&iv[0], &iv[4], 4);
706 ipseclog((LOG_ERR, "esp_cbc_encrypt %s: "
707 "unsupported ivlen/blocklen: %d %d\n",
708 algo->name, ivlen, blocklen));
713 if (m->m_pkthdr.len < bodyoff) {
714 ipseclog((LOG_ERR, "esp_cbc_decrypt %s: bad len %d/%lu\n",
715 algo->name, m->m_pkthdr.len, (unsigned long)bodyoff));
719 if ((m->m_pkthdr.len - bodyoff) % blocklen) {
720 ipseclog((LOG_ERR, "esp_cbc_decrypt %s: "
721 "payload length must be multiple of %d\n",
722 algo->name, blocklen));
729 soff = doff = sn = dn = 0;
733 while (soff < bodyoff) {
734 if (soff + s->m_len > bodyoff) {
745 /* skip over empty mbuf */
746 while (s && s->m_len == 0)
749 while (soff < m->m_pkthdr.len) {
751 if (sn + blocklen <= s->m_len) {
752 /* body is continuous */
753 sp = mtod(s, u_int8_t *) + sn;
755 /* body is non-continuous */
756 m_copydata(s, sn, blocklen, sbuf);
761 if (!d || dn + blocklen > d->m_len) {
764 MGET(d, M_DONTWAIT, MT_DATA);
765 i = m->m_pkthdr.len - (soff + sn);
767 MCLGET(d, M_DONTWAIT);
768 if ((d->m_flags & M_EXT) == 0) {
784 d->m_len = (M_TRAILINGSPACE(d) / blocklen) * blocklen;
791 (*algo->blockdecrypt)(algo, sav, sp, mtod(d, u_int8_t *) + dn);
795 q = mtod(d, u_int8_t *) + dn;
796 for (i = 0; i < blocklen; i++)
801 bcopy(sbuf, iv, blocklen);
809 /* find the next source block */
810 while (s && sn >= s->m_len) {
816 /* skip over empty mbuf */
817 while (s && s->m_len == 0)
821 m_freem(scut->m_next);
822 scut->m_len = scutoff;
826 bzero(iv, sizeof(iv));
827 bzero(sbuf, sizeof(sbuf));
833 esp_cbc_encrypt(m, off, plen, sav, algo, ivlen)
837 struct secasvar *sav;
838 const struct esp_algorithm *algo;
842 struct mbuf *d, *d0, *dp;
843 int soff, doff; /* offset from the head of chain, to head of this mbuf */
844 int sn, dn; /* offset from the head of the mbuf, to meat */
845 size_t ivoff, bodyoff;
846 u_int8_t iv[MAXIVLEN], *ivp;
847 u_int8_t sbuf[MAXIVLEN], *sp;
855 if (ivlen != sav->ivlen || ivlen > sizeof(iv)) {
856 ipseclog((LOG_ERR, "esp_cbc_encrypt %s: "
857 "unsupported ivlen %d\n", algo->name, ivlen));
862 /* assumes blocklen == padbound */
863 blocklen = algo->padbound;
866 if (blocklen > sizeof(iv)) {
867 ipseclog((LOG_ERR, "esp_cbc_encrypt %s: "
868 "unsupported blocklen %d\n", algo->name, blocklen));
874 if (sav->flags & SADB_X_EXT_OLD) {
876 ivoff = off + sizeof(struct esp);
877 bodyoff = off + sizeof(struct esp) + ivlen;
881 if (sav->flags & SADB_X_EXT_DERIV) {
883 * draft-ietf-ipsec-ciph-des-derived-00.txt
884 * uses sequence number field as IV field.
886 ivoff = off + sizeof(struct esp);
887 bodyoff = off + sizeof(struct esp) + sizeof(u_int32_t);
888 ivlen = sizeof(u_int32_t);
891 ivoff = off + sizeof(struct newesp);
892 bodyoff = off + sizeof(struct newesp) + ivlen;
897 /* put iv into the packet. if we are in derived mode, use seqno. */
899 m_copydata(m, ivoff, ivlen, iv);
901 bcopy(sav->iv, iv, ivlen);
902 /* maybe it is better to overwrite dest, not source */
903 m_copyback(m, ivoff, ivlen, iv);
907 if (ivlen == blocklen)
909 else if (ivlen == 4 && blocklen == 8) {
910 bcopy(&iv[0], &iv[4], 4);
916 ipseclog((LOG_ERR, "esp_cbc_encrypt %s: "
917 "unsupported ivlen/blocklen: %d %d\n",
918 algo->name, ivlen, blocklen));
923 if (m->m_pkthdr.len < bodyoff) {
924 ipseclog((LOG_ERR, "esp_cbc_encrypt %s: bad len %d/%lu\n",
925 algo->name, m->m_pkthdr.len, (unsigned long)bodyoff));
929 if ((m->m_pkthdr.len - bodyoff) % blocklen) {
930 ipseclog((LOG_ERR, "esp_cbc_encrypt %s: "
931 "payload length must be multiple of %lu\n",
932 algo->name, (unsigned long)algo->padbound));
939 soff = doff = sn = dn = 0;
943 while (soff < bodyoff) {
944 if (soff + s->m_len > bodyoff) {
955 /* skip over empty mbuf */
956 while (s && s->m_len == 0)
959 while (soff < m->m_pkthdr.len) {
961 if (sn + blocklen <= s->m_len) {
962 /* body is continuous */
963 sp = mtod(s, u_int8_t *) + sn;
965 /* body is non-continuous */
966 m_copydata(s, sn, blocklen, sbuf);
971 if (!d || dn + blocklen > d->m_len) {
974 MGET(d, M_DONTWAIT, MT_DATA);
975 i = m->m_pkthdr.len - (soff + sn);
977 MCLGET(d, M_DONTWAIT);
978 if ((d->m_flags & M_EXT) == 0) {
994 d->m_len = (M_TRAILINGSPACE(d) / blocklen) * blocklen;
1003 for (i = 0; i < blocklen; i++)
1007 (*algo->blockencrypt)(algo, sav, sp, mtod(d, u_int8_t *) + dn);
1010 ivp = mtod(d, u_int8_t *) + dn;
1015 /* find the next source block */
1016 while (s && sn >= s->m_len) {
1022 /* skip over empty mbuf */
1023 while (s && s->m_len == 0)
1027 m_freem(scut->m_next);
1028 scut->m_len = scutoff;
1032 bzero(iv, sizeof(iv));
1033 bzero(sbuf, sizeof(sbuf));
1035 key_sa_stir_iv(sav);
1040 /*------------------------------------------------------------*/
1042 /* does not free m0 on error */
1044 esp_auth(m0, skip, length, sav, sum)
1046 size_t skip; /* offset to ESP header */
1047 size_t length; /* payload length */
1048 struct secasvar *sav;
1053 struct ah_algorithm_state s;
1054 u_char sumbuf[AH_MAXSUMSIZE];
1055 const struct ah_algorithm *algo;
1060 if (m0->m_pkthdr.len < skip) {
1061 ipseclog((LOG_DEBUG, "esp_auth: mbuf length < skip\n"));
1064 if (m0->m_pkthdr.len < skip + length) {
1065 ipseclog((LOG_DEBUG,
1066 "esp_auth: mbuf length < skip + length\n"));
1070 * length of esp part (excluding authentication data) must be 4n,
1071 * since nexthdr must be at offset 4n+3.
1074 ipseclog((LOG_ERR, "esp_auth: length is not multiple of 4\n"));
1078 ipseclog((LOG_DEBUG, "esp_auth: NULL SA passed\n"));
1081 algo = ah_algorithm_lookup(sav->alg_auth);
1084 "esp_auth: bad ESP auth algorithm passed: %d\n",
1092 siz = (((*algo->sumsiz)(sav) + 3) & ~(4 - 1));
1093 if (sizeof(sumbuf) < siz) {
1094 ipseclog((LOG_DEBUG,
1095 "esp_auth: AH_MAXSUMSIZE is too small: siz=%lu\n",
1100 /* skip the header */
1103 panic("mbuf chain?");
1104 if (m->m_len <= skip) {
1114 error = (*algo->init)(&s, sav);
1118 while (0 < length) {
1120 panic("mbuf chain?");
1122 if (m->m_len - off < length) {
1123 (*algo->update)(&s, mtod(m, u_char *) + off,
1125 length -= m->m_len - off;
1129 (*algo->update)(&s, mtod(m, u_char *) + off, length);
1133 (*algo->result)(&s, sumbuf);
1134 bcopy(sumbuf, sum, siz); /* XXX */