1 /* $FreeBSD: src/sys/netinet6/esp_core.c,v 1.23.2.1 2007/12/07 08:45:28 gnn Exp $ */
2 /* $KAME: esp_core.c,v 1.50 2000/11/02 12:27:38 itojun Exp $ */
5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of the project nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include "opt_inet6.h"
36 #include <sys/param.h>
37 #include <sys/systm.h>
38 #include <sys/malloc.h>
40 #include <sys/domain.h>
41 #include <sys/protosw.h>
42 #include <sys/socket.h>
43 #include <sys/errno.h>
45 #include <sys/syslog.h>
48 #include <net/route.h>
50 #include <netinet/in.h>
51 #include <netinet/in_var.h>
53 #include <netinet/ip6.h>
54 #include <netinet6/ip6_var.h>
55 #include <netinet/icmp6.h>
58 #include <netinet6/ipsec.h>
60 #include <netinet6/ipsec6.h>
62 #include <netinet6/ah.h>
64 #include <netinet6/ah6.h>
66 #include <netinet6/esp.h>
68 #include <netinet6/esp6.h>
70 #include <netinet6/esp_rijndael.h>
71 #include <netinet6/esp_camellia.h>
72 #include <netinet6/esp_aesctr.h>
73 #include <net/pfkeyv2.h>
74 #include <netproto/key/keydb.h>
75 #include <netproto/key/key.h>
77 #include <crypto/des/des.h>
78 #include <crypto/blowfish/blowfish.h>
80 #include <opencrypto/cast.h>
81 #define cast128_key cast_key
82 #define cast128_setkey(key, rawkey, keybytes) \
83 cast_setkey((key), (rawkey), (keybytes))
84 #define cast128_encrypt(key, inblock, outblock) \
85 cast_encrypt((key), (inblock), (outblock))
86 #define cast128_decrypt(key, inblock, outblock) \
87 cast_decrypt((key), (inblock), (outblock))
89 #include <net/net_osdep.h>
91 static int esp_null_mature (struct secasvar *);
92 static int esp_null_decrypt (struct mbuf *, size_t,
93 struct secasvar *, const struct esp_algorithm *, int);
94 static int esp_null_encrypt (struct mbuf *, size_t, size_t,
95 struct secasvar *, const struct esp_algorithm *, int);
96 static int esp_descbc_mature (struct secasvar *);
97 static int esp_descbc_ivlen (const struct esp_algorithm *,
99 static int esp_des_schedule (const struct esp_algorithm *,
101 static size_t esp_des_schedlen (const struct esp_algorithm *);
102 static int esp_des_blockdecrypt (const struct esp_algorithm *,
103 struct secasvar *, u_int8_t *, u_int8_t *);
104 static int esp_des_blockencrypt (const struct esp_algorithm *,
105 struct secasvar *, u_int8_t *, u_int8_t *);
106 static int esp_cbc_mature (struct secasvar *);
107 static int esp_blowfish_schedule (const struct esp_algorithm *,
109 static size_t esp_blowfish_schedlen (const struct esp_algorithm *);
110 static int esp_blowfish_blockdecrypt (const struct esp_algorithm *,
111 struct secasvar *, u_int8_t *, u_int8_t *);
112 static int esp_blowfish_blockencrypt (const struct esp_algorithm *,
113 struct secasvar *, u_int8_t *, u_int8_t *);
114 static int esp_cast128_schedule (const struct esp_algorithm *,
116 static size_t esp_cast128_schedlen (const struct esp_algorithm *);
117 static int esp_cast128_blockdecrypt (const struct esp_algorithm *,
118 struct secasvar *, u_int8_t *, u_int8_t *);
119 static int esp_cast128_blockencrypt (const struct esp_algorithm *,
120 struct secasvar *, u_int8_t *, u_int8_t *);
121 static int esp_3des_schedule (const struct esp_algorithm *,
123 static size_t esp_3des_schedlen (const struct esp_algorithm *);
124 static int esp_3des_blockdecrypt (const struct esp_algorithm *,
125 struct secasvar *, u_int8_t *, u_int8_t *);
126 static int esp_3des_blockencrypt (const struct esp_algorithm *,
127 struct secasvar *, u_int8_t *, u_int8_t *);
128 static int esp_common_ivlen (const struct esp_algorithm *,
130 static int esp_cbc_decrypt (struct mbuf *, size_t,
131 struct secasvar *, const struct esp_algorithm *, int);
132 static int esp_cbc_encrypt (struct mbuf *, size_t, size_t,
133 struct secasvar *, const struct esp_algorithm *, int);
137 static const struct esp_algorithm esp_algorithms[] = {
138 { 8, -1, esp_descbc_mature, 64, 64, esp_des_schedlen,
140 esp_descbc_ivlen, esp_cbc_decrypt,
141 esp_cbc_encrypt, esp_des_schedule,
142 esp_des_blockdecrypt, esp_des_blockencrypt, },
143 { 8, 8, esp_cbc_mature, 192, 192, esp_3des_schedlen,
145 esp_common_ivlen, esp_cbc_decrypt,
146 esp_cbc_encrypt, esp_3des_schedule,
147 esp_3des_blockdecrypt, esp_3des_blockencrypt, },
148 { 1, 0, esp_null_mature, 0, 2048, NULL, "null",
149 esp_common_ivlen, esp_null_decrypt,
150 esp_null_encrypt, NULL, },
151 { 8, 8, esp_cbc_mature, 40, 448, esp_blowfish_schedlen, "blowfish-cbc",
152 esp_common_ivlen, esp_cbc_decrypt,
153 esp_cbc_encrypt, esp_blowfish_schedule,
154 esp_blowfish_blockdecrypt, esp_blowfish_blockencrypt, },
155 { 8, 8, esp_cbc_mature, 40, 128, esp_cast128_schedlen,
157 esp_common_ivlen, esp_cbc_decrypt,
158 esp_cbc_encrypt, esp_cast128_schedule,
159 esp_cast128_blockdecrypt, esp_cast128_blockencrypt, },
160 { 16, 16, esp_cbc_mature, 128, 256, esp_rijndael_schedlen,
162 esp_common_ivlen, esp_cbc_decrypt,
163 esp_cbc_encrypt, esp_rijndael_schedule,
164 esp_rijndael_blockdecrypt, esp_rijndael_blockencrypt },
165 { 16, 8, esp_aesctr_mature, 160, 288, esp_aesctr_schedlen, "aes-ctr",
166 esp_common_ivlen, esp_aesctr_decrypt,
167 esp_aesctr_encrypt, esp_aesctr_schedule },
168 { 16, 16, esp_cbc_mature, 128, 256, esp_camellia_schedlen,
170 esp_common_ivlen, esp_cbc_decrypt,
171 esp_cbc_encrypt, esp_camellia_schedule,
172 esp_camellia_blockdecrypt, esp_camellia_blockencrypt },
175 const struct esp_algorithm *
176 esp_algorithm_lookup(int idx)
180 case SADB_EALG_DESCBC:
181 return &esp_algorithms[0];
182 case SADB_EALG_3DESCBC:
183 return &esp_algorithms[1];
185 return &esp_algorithms[2];
186 case SADB_X_EALG_BLOWFISHCBC:
187 return &esp_algorithms[3];
188 case SADB_X_EALG_CAST128CBC:
189 return &esp_algorithms[4];
190 case SADB_X_EALG_RIJNDAELCBC:
191 return &esp_algorithms[5];
192 case SADB_X_EALG_AESCTR:
193 return &esp_algorithms[6];
194 case SADB_X_EALG_CAMELLIACBC:
195 return &esp_algorithms[7];
208 for (idx = 0; idx < NELEM(esp_algorithms);
210 if (esp_algorithms[idx].ivlenval > ivlen)
211 ivlen = esp_algorithms[idx].ivlenval;
217 esp_schedule(const struct esp_algorithm *algo, struct secasvar *sav)
221 /* check for key length */
222 if (_KEYBITS(sav->key_enc) < algo->keymin ||
223 _KEYBITS(sav->key_enc) > algo->keymax) {
225 "esp_schedule %s: unsupported key length %d: "
226 "needs %d to %d bits\n", algo->name, _KEYBITS(sav->key_enc),
227 algo->keymin, algo->keymax));
231 /* already allocated */
232 if (sav->sched && sav->schedlen != 0)
234 /* no schedule necessary */
235 if (!algo->schedule || !algo->schedlen)
238 sav->schedlen = (*algo->schedlen)(algo);
239 sav->sched = kmalloc(sav->schedlen, M_SECA, M_NOWAIT);
245 error = (*algo->schedule)(algo, sav);
247 ipseclog((LOG_ERR, "esp_schedule %s: error %d\n",
249 bzero(sav->sched, sav->schedlen);
250 kfree(sav->sched, M_SECA);
258 esp_null_mature(struct secasvar *sav)
261 /* anything is okay */
266 esp_null_decrypt(struct mbuf *m,
267 size_t off, /* offset to ESP header */
268 struct secasvar *sav, const struct esp_algorithm *algo,
272 return 0; /* do nothing */
276 esp_null_encrypt(struct mbuf *m,
277 size_t off, /* offset to ESP header */
278 size_t plen, struct secasvar *sav,
279 const struct esp_algorithm *algo, int ivlen)
282 return 0; /* do nothing */
286 esp_descbc_mature(struct secasvar *sav)
288 const struct esp_algorithm *algo;
290 if (!(sav->flags & SADB_X_EXT_OLD) && (sav->flags & SADB_X_EXT_IV4B)) {
291 ipseclog((LOG_ERR, "esp_cbc_mature: "
292 "algorithm incompatible with 4 octets IV length\n"));
297 ipseclog((LOG_ERR, "esp_descbc_mature: no key is given.\n"));
301 algo = esp_algorithm_lookup(sav->alg_enc);
304 "esp_descbc_mature: unsupported algorithm.\n"));
308 if (_KEYBITS(sav->key_enc) < algo->keymin ||
309 _KEYBITS(sav->key_enc) > algo->keymax) {
311 "esp_descbc_mature: invalid key length %d.\n",
312 _KEYBITS(sav->key_enc)));
317 if (des_is_weak_key((des_cblock *)_KEYBUF(sav->key_enc))) {
319 "esp_descbc_mature: weak key was passed.\n"));
327 esp_descbc_ivlen(const struct esp_algorithm *algo, struct secasvar *sav)
332 if ((sav->flags & SADB_X_EXT_OLD) && (sav->flags & SADB_X_EXT_IV4B))
334 if (!(sav->flags & SADB_X_EXT_OLD) && (sav->flags & SADB_X_EXT_DERIV))
340 esp_des_schedlen(const struct esp_algorithm *algo)
343 return sizeof(des_key_schedule);
347 esp_des_schedule(const struct esp_algorithm *algo, struct secasvar *sav)
350 if (des_key_sched((des_cblock *)_KEYBUF(sav->key_enc),
351 *(des_key_schedule *)sav->sched))
358 esp_des_blockdecrypt(const struct esp_algorithm *algo, struct secasvar *sav,
359 u_int8_t *s, u_int8_t *d)
362 /* assumption: d has a good alignment */
363 bcopy(s, d, sizeof(DES_LONG) * 2);
364 des_ecb_encrypt((des_cblock *)d, (des_cblock *)d,
365 *(des_key_schedule *)sav->sched, DES_DECRYPT);
370 esp_des_blockencrypt(const struct esp_algorithm *algo, struct secasvar *sav,
371 u_int8_t *s, u_int8_t *d)
374 /* assumption: d has a good alignment */
375 bcopy(s, d, sizeof(DES_LONG) * 2);
376 des_ecb_encrypt((des_cblock *)d, (des_cblock *)d,
377 *(des_key_schedule *)sav->sched, DES_ENCRYPT);
382 esp_cbc_mature(struct secasvar *sav)
385 const struct esp_algorithm *algo;
387 if (sav->flags & SADB_X_EXT_OLD) {
389 "esp_cbc_mature: algorithm incompatible with esp-old\n"));
392 if (sav->flags & SADB_X_EXT_DERIV) {
394 "esp_cbc_mature: algorithm incompatible with derived\n"));
399 ipseclog((LOG_ERR, "esp_cbc_mature: no key is given.\n"));
403 algo = esp_algorithm_lookup(sav->alg_enc);
406 "esp_cbc_mature: unsupported algorithm %d\n",
411 keylen = sav->key_enc->sadb_key_bits;
412 if (keylen < algo->keymin || algo->keymax < keylen) {
414 "esp_cbc_mature %s: invalid key length %d.\n",
415 algo->name, sav->key_enc->sadb_key_bits));
418 switch (sav->alg_enc) {
419 case SADB_EALG_3DESCBC:
421 if (des_is_weak_key((des_cblock *)_KEYBUF(sav->key_enc)) ||
422 des_is_weak_key((des_cblock *)(_KEYBUF(sav->key_enc) + 8)) ||
423 des_is_weak_key((des_cblock *)(_KEYBUF(sav->key_enc) + 16))) {
425 "esp_cbc_mature %s: weak key was passed.\n",
430 case SADB_X_EALG_BLOWFISHCBC:
431 case SADB_X_EALG_CAST128CBC:
433 case SADB_X_EALG_RIJNDAELCBC:
434 case SADB_X_EALG_CAMELLIACBC:
435 /* allows specific key sizes only */
436 if (!(keylen == 128 || keylen == 192 || keylen == 256)) {
438 "esp_cbc_mature %s: invalid key length %d.\n",
439 algo->name, keylen));
449 esp_blowfish_schedlen(const struct esp_algorithm *algo)
452 return sizeof(BF_KEY);
456 esp_blowfish_schedule(const struct esp_algorithm *algo, struct secasvar *sav)
459 BF_set_key((BF_KEY *)sav->sched, _KEYLEN(sav->key_enc),
460 _KEYBUF(sav->key_enc));
465 esp_blowfish_blockdecrypt(const struct esp_algorithm *algo,
466 struct secasvar *sav, u_int8_t *s, u_int8_t *d)
469 BF_ecb_encrypt(s, d, (BF_KEY *)sav->sched, 0);
474 esp_blowfish_blockencrypt(const struct esp_algorithm *algo,
475 struct secasvar *sav, u_int8_t *s, u_int8_t *d)
478 BF_ecb_encrypt(s, d, (BF_KEY *)sav->sched, 1);
483 esp_cast128_schedlen(const struct esp_algorithm *algo)
486 return sizeof(cast128_key);
490 esp_cast128_schedule(const struct esp_algorithm *algo, struct secasvar *sav)
493 cast128_setkey((cast128_key *)sav->sched, _KEYBUF(sav->key_enc),
494 _KEYLEN(sav->key_enc));
499 esp_cast128_blockdecrypt(const struct esp_algorithm *algo,
500 struct secasvar *sav, u_int8_t *s, u_int8_t *d)
503 cast128_decrypt((cast128_key *)sav->sched, s, d);
508 esp_cast128_blockencrypt(const struct esp_algorithm *algo, struct secasvar *sav,
509 u_int8_t *s, u_int8_t *d)
512 cast128_encrypt((cast128_key *)sav->sched, s, d);
517 esp_3des_schedlen(const struct esp_algorithm *algo)
520 return sizeof(des_key_schedule) * 3;
524 esp_3des_schedule(const struct esp_algorithm *algo, struct secasvar *sav)
531 p = (des_key_schedule *)sav->sched;
532 k = _KEYBUF(sav->key_enc);
533 for (i = 0; i < 3; i++) {
534 error = des_key_sched((des_cblock *)(k + 8 * i), p[i]);
542 esp_3des_blockdecrypt(const struct esp_algorithm *algo, struct secasvar *sav,
543 u_int8_t *s, u_int8_t *d)
547 /* assumption: d has a good alignment */
548 p = (des_key_schedule *)sav->sched;
549 bcopy(s, d, sizeof(DES_LONG) * 2);
550 des_ecb3_encrypt((des_cblock *)d, (des_cblock *)d,
551 p[0], p[1], p[2], DES_DECRYPT);
556 esp_3des_blockencrypt(const struct esp_algorithm *algo, struct secasvar *sav,
557 u_int8_t *s, u_int8_t *d)
561 /* assumption: d has a good alignment */
562 p = (des_key_schedule *)sav->sched;
563 bcopy(s, d, sizeof(DES_LONG) * 2);
564 des_ecb3_encrypt((des_cblock *)d, (des_cblock *)d,
565 p[0], p[1], p[2], DES_ENCRYPT);
570 esp_common_ivlen(const struct esp_algorithm *algo, struct secasvar *sav)
574 panic("esp_common_ivlen: unknown algorithm");
575 return algo->ivlenval;
579 esp_cbc_decrypt(struct mbuf *m, size_t off, struct secasvar *sav,
580 const struct esp_algorithm *algo, int ivlen)
583 struct mbuf *d, *d0, *dp;
584 int soff, doff; /* offset from the head of chain, to head of this mbuf */
585 int sn, dn; /* offset from the head of the mbuf, to meat */
586 size_t ivoff, bodyoff;
587 u_int8_t iv[MAXIVLEN], *ivp;
588 u_int8_t sbuf[MAXIVLEN], *sp;
595 if (ivlen != sav->ivlen || ivlen > sizeof(iv)) {
596 ipseclog((LOG_ERR, "esp_cbc_decrypt %s: "
597 "unsupported ivlen %d\n", algo->name, ivlen));
602 /* assumes blocklen == padbound */
603 blocklen = algo->padbound;
606 if (blocklen > sizeof(iv)) {
607 ipseclog((LOG_ERR, "esp_cbc_decrypt %s: "
608 "unsupported blocklen %d\n", algo->name, blocklen));
614 if (sav->flags & SADB_X_EXT_OLD) {
616 ivoff = off + sizeof(struct esp);
617 bodyoff = off + sizeof(struct esp) + ivlen;
620 if (sav->flags & SADB_X_EXT_DERIV) {
622 * draft-ietf-ipsec-ciph-des-derived-00.txt
623 * uses sequence number field as IV field.
625 ivoff = off + sizeof(struct esp);
626 bodyoff = off + sizeof(struct esp) + sizeof(u_int32_t);
627 ivlen = sizeof(u_int32_t);
629 ivoff = off + sizeof(struct newesp);
630 bodyoff = off + sizeof(struct newesp) + ivlen;
635 m_copydata(m, ivoff, ivlen, (caddr_t)iv);
638 if (ivlen == blocklen)
640 else if (ivlen == 4 && blocklen == 8) {
641 bcopy(&iv[0], &iv[4], 4);
647 ipseclog((LOG_ERR, "esp_cbc_encrypt %s: "
648 "unsupported ivlen/blocklen: %d %d\n",
649 algo->name, ivlen, blocklen));
654 if (m->m_pkthdr.len < bodyoff) {
655 ipseclog((LOG_ERR, "esp_cbc_decrypt %s: bad len %d/%lu\n",
656 algo->name, m->m_pkthdr.len, (unsigned long)bodyoff));
660 if ((m->m_pkthdr.len - bodyoff) % blocklen) {
661 ipseclog((LOG_ERR, "esp_cbc_decrypt %s: "
662 "payload length must be multiple of %d\n",
663 algo->name, blocklen));
670 soff = doff = sn = dn = 0;
674 while (soff < bodyoff) {
675 if (soff + s->m_len >= bodyoff) {
686 /* skip over empty mbuf */
687 while (s && s->m_len == 0)
690 while (soff < m->m_pkthdr.len) {
692 if (sn + blocklen <= s->m_len) {
693 /* body is continuous */
694 sp = mtod(s, u_int8_t *) + sn;
696 /* body is non-continuous */
697 m_copydata(s, sn, blocklen, sbuf);
702 if (!d || dn + blocklen > d->m_len) {
705 i = m->m_pkthdr.len - (soff + sn);
706 d = m_getb(i, M_NOWAIT, MT_DATA, 0);
718 d->m_len = rounddown(M_TRAILINGSPACE(d), blocklen);
725 (*algo->blockdecrypt)(algo, sav, sp, mtod(d, u_int8_t *) + dn);
729 q = mtod(d, u_int8_t *) + dn;
730 for (i = 0; i < blocklen; i++)
735 bcopy(sbuf, iv, blocklen);
743 /* find the next source block */
744 while (s && sn >= s->m_len) {
750 /* skip over empty mbuf */
751 while (s && s->m_len == 0)
755 m_freem(scut->m_next);
756 scut->m_len = scutoff;
760 bzero(iv, sizeof(iv));
761 bzero(sbuf, sizeof(sbuf));
767 esp_cbc_encrypt(struct mbuf *m, size_t off, size_t plen, struct secasvar *sav,
768 const struct esp_algorithm *algo, int ivlen)
771 struct mbuf *d, *d0, *dp;
772 int soff, doff; /* offset from the head of chain, to head of this mbuf */
773 int sn, dn; /* offset from the head of the mbuf, to meat */
774 size_t ivoff, bodyoff;
775 u_int8_t iv[MAXIVLEN], *ivp;
776 u_int8_t sbuf[MAXIVLEN], *sp;
784 if (ivlen != sav->ivlen || ivlen > sizeof(iv)) {
785 ipseclog((LOG_ERR, "esp_cbc_encrypt %s: "
786 "unsupported ivlen %d\n", algo->name, ivlen));
791 /* assumes blocklen == padbound */
792 blocklen = algo->padbound;
795 if (blocklen > sizeof(iv)) {
796 ipseclog((LOG_ERR, "esp_cbc_encrypt %s: "
797 "unsupported blocklen %d\n", algo->name, blocklen));
803 if (sav->flags & SADB_X_EXT_OLD) {
805 ivoff = off + sizeof(struct esp);
806 bodyoff = off + sizeof(struct esp) + ivlen;
810 if (sav->flags & SADB_X_EXT_DERIV) {
812 * draft-ietf-ipsec-ciph-des-derived-00.txt
813 * uses sequence number field as IV field.
815 ivoff = off + sizeof(struct esp);
816 bodyoff = off + sizeof(struct esp) + sizeof(u_int32_t);
817 ivlen = sizeof(u_int32_t);
820 ivoff = off + sizeof(struct newesp);
821 bodyoff = off + sizeof(struct newesp) + ivlen;
826 /* put iv into the packet. if we are in derived mode, use seqno. */
828 m_copydata(m, ivoff, ivlen, (caddr_t)iv);
830 bcopy(sav->iv, iv, ivlen);
831 /* maybe it is better to overwrite dest, not source */
832 m_copyback(m, ivoff, ivlen, (caddr_t)iv);
836 if (ivlen == blocklen)
838 else if (ivlen == 4 && blocklen == 8) {
839 bcopy(&iv[0], &iv[4], 4);
845 ipseclog((LOG_ERR, "esp_cbc_encrypt %s: "
846 "unsupported ivlen/blocklen: %d %d\n",
847 algo->name, ivlen, blocklen));
852 if (m->m_pkthdr.len < bodyoff) {
853 ipseclog((LOG_ERR, "esp_cbc_encrypt %s: bad len %d/%lu\n",
854 algo->name, m->m_pkthdr.len, (unsigned long)bodyoff));
858 if ((m->m_pkthdr.len - bodyoff) % blocklen) {
859 ipseclog((LOG_ERR, "esp_cbc_encrypt %s: "
860 "payload length must be multiple of %lu\n",
861 algo->name, (unsigned long)algo->padbound));
868 soff = doff = sn = dn = 0;
872 while (soff < bodyoff) {
873 if (soff + s->m_len >= bodyoff) {
884 /* skip over empty mbuf */
885 while (s && s->m_len == 0)
888 while (soff < m->m_pkthdr.len) {
890 if (sn + blocklen <= s->m_len) {
891 /* body is continuous */
892 sp = mtod(s, u_int8_t *) + sn;
894 /* body is non-continuous */
895 m_copydata(s, sn, blocklen, (caddr_t)sbuf);
900 if (!d || dn + blocklen > d->m_len) {
903 i = m->m_pkthdr.len - (soff + sn);
904 d = m_getb(i, M_NOWAIT, MT_DATA, 0);
916 d->m_len = rounddown(M_TRAILINGSPACE(d), blocklen);
925 for (i = 0; i < blocklen; i++)
929 (*algo->blockencrypt)(algo, sav, sp, mtod(d, u_int8_t *) + dn);
932 ivp = mtod(d, u_int8_t *) + dn;
937 /* find the next source block */
938 while (s && sn >= s->m_len) {
944 /* skip over empty mbuf */
945 while (s && s->m_len == 0)
949 m_freem(scut->m_next);
950 scut->m_len = scutoff;
954 bzero(iv, sizeof(iv));
955 bzero(sbuf, sizeof(sbuf));
962 /*------------------------------------------------------------*/
964 /* does not free m0 on error */
966 esp_auth(struct mbuf *m0,
967 size_t skip, /* offset to ESP header */
968 size_t length, /* payload length */
969 struct secasvar *sav, u_char *sum)
973 struct ah_algorithm_state s;
974 u_char sumbuf[AH_MAXSUMSIZE];
975 const struct ah_algorithm *algo;
980 if (m0->m_pkthdr.len < skip) {
981 ipseclog((LOG_DEBUG, "esp_auth: mbuf length < skip\n"));
984 if (m0->m_pkthdr.len < skip + length) {
986 "esp_auth: mbuf length < skip + length\n"));
990 * length of esp part (excluding authentication data) must be 4n,
991 * since nexthdr must be at offset 4n+3.
994 ipseclog((LOG_ERR, "esp_auth: length is not multiple of 4\n"));
998 ipseclog((LOG_DEBUG, "esp_auth: NULL SA passed\n"));
1001 algo = ah_algorithm_lookup(sav->alg_auth);
1004 "esp_auth: bad ESP auth algorithm passed: %d\n",
1012 siz = (((*algo->sumsiz)(sav) + 3) & ~(4 - 1));
1013 if (sizeof(sumbuf) < siz) {
1014 ipseclog((LOG_DEBUG,
1015 "esp_auth: AH_MAXSUMSIZE is too small: siz=%lu\n",
1020 /* skip the header */
1023 panic("mbuf chain?");
1024 if (m->m_len <= skip) {
1034 error = (*algo->init)(&s, sav);
1038 while (0 < length) {
1040 panic("mbuf chain?");
1042 if (m->m_len - off < length) {
1043 (*algo->update)(&s, mtod(m, u_char *) + off,
1045 length -= m->m_len - off;
1049 (*algo->update)(&s, mtod(m, u_char *) + off, length);
1053 (*algo->result)(&s, sumbuf);
1054 bcopy(sumbuf, sum, siz); /* XXX */