| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
1 | /* $NetBSD: xform_esp.c,v 1.94 2018/05/30 17:17:11 maxv Exp $ */ | | 1 | /* $NetBSD: xform_esp.c,v 1.95 2018/05/31 05:52:09 maxv Exp $ */ |
2 | /* $FreeBSD: xform_esp.c,v 1.2.2.1 2003/01/24 05:11:36 sam Exp $ */ | | 2 | /* $FreeBSD: xform_esp.c,v 1.2.2.1 2003/01/24 05:11:36 sam Exp $ */ |
3 | /* $OpenBSD: ip_esp.c,v 1.69 2001/06/26 06:18:59 angelos Exp $ */ | | 3 | /* $OpenBSD: ip_esp.c,v 1.69 2001/06/26 06:18:59 angelos Exp $ */ |
4 | | | 4 | |
5 | /* | | 5 | /* |
6 | * The authors of this code are John Ioannidis (ji@tla.org), | | 6 | * The authors of this code are John Ioannidis (ji@tla.org), |
7 | * Angelos D. Keromytis (kermit@csd.uch.gr) and | | 7 | * Angelos D. Keromytis (kermit@csd.uch.gr) and |
8 | * Niels Provos (provos@physnet.uni-hamburg.de). | | 8 | * Niels Provos (provos@physnet.uni-hamburg.de). |
9 | * | | 9 | * |
10 | * The original version of this code was written by John Ioannidis | | 10 | * The original version of this code was written by John Ioannidis |
11 | * for BSD/OS in Athens, Greece, in November 1995. | | 11 | * for BSD/OS in Athens, Greece, in November 1995. |
12 | * | | 12 | * |
13 | * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996, | | 13 | * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996, |
14 | * by Angelos D. Keromytis. | | 14 | * by Angelos D. Keromytis. |
| @@ -29,27 +29,27 @@ | | | @@ -29,27 +29,27 @@ |
29 | * You may use this code under the GNU public license if you so wish. Please | | 29 | * You may use this code under the GNU public license if you so wish. Please |
30 | * contribute changes back to the authors under this freer than GPL license | | 30 | * contribute changes back to the authors under this freer than GPL license |
31 | * so that we may further the use of strong encryption without limitations to | | 31 | * so that we may further the use of strong encryption without limitations to |
32 | * all. | | 32 | * all. |
33 | * | | 33 | * |
34 | * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR | | 34 | * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR |
35 | * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY | | 35 | * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY |
36 | * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE | | 36 | * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE |
37 | * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR | | 37 | * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR |
38 | * PURPOSE. | | 38 | * PURPOSE. |
39 | */ | | 39 | */ |
40 | | | 40 | |
41 | #include <sys/cdefs.h> | | 41 | #include <sys/cdefs.h> |
42 | __KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.94 2018/05/30 17:17:11 maxv Exp $"); | | 42 | __KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.95 2018/05/31 05:52:09 maxv Exp $"); |
43 | | | 43 | |
44 | #if defined(_KERNEL_OPT) | | 44 | #if defined(_KERNEL_OPT) |
45 | #include "opt_inet.h" | | 45 | #include "opt_inet.h" |
46 | #include "opt_ipsec.h" | | 46 | #include "opt_ipsec.h" |
47 | #endif | | 47 | #endif |
48 | | | 48 | |
49 | #include <sys/param.h> | | 49 | #include <sys/param.h> |
50 | #include <sys/systm.h> | | 50 | #include <sys/systm.h> |
51 | #include <sys/mbuf.h> | | 51 | #include <sys/mbuf.h> |
52 | #include <sys/socket.h> | | 52 | #include <sys/socket.h> |
53 | #include <sys/syslog.h> | | 53 | #include <sys/syslog.h> |
54 | #include <sys/kernel.h> | | 54 | #include <sys/kernel.h> |
55 | #include <sys/sysctl.h> | | 55 | #include <sys/sysctl.h> |
| @@ -233,27 +233,27 @@ esp_init(struct secasvar *sav, const str | | | @@ -233,27 +233,27 @@ esp_init(struct secasvar *sav, const str |
233 | break; | | 233 | break; |
234 | case 28: | | 234 | case 28: |
235 | sav->alg_auth = SADB_X_AALG_AES192GMAC; | | 235 | sav->alg_auth = SADB_X_AALG_AES192GMAC; |
236 | sav->tdb_authalgxform = &auth_hash_gmac_aes_192; | | 236 | sav->tdb_authalgxform = &auth_hash_gmac_aes_192; |
237 | break; | | 237 | break; |
238 | case 36: | | 238 | case 36: |
239 | sav->alg_auth = SADB_X_AALG_AES256GMAC; | | 239 | sav->alg_auth = SADB_X_AALG_AES256GMAC; |
240 | sav->tdb_authalgxform = &auth_hash_gmac_aes_256; | | 240 | sav->tdb_authalgxform = &auth_hash_gmac_aes_256; |
241 | break; | | 241 | break; |
242 | default: | | 242 | default: |
243 | DPRINTF(("%s: invalid key length %u, must be either of " | | 243 | DPRINTF(("%s: invalid key length %u, must be either of " |
244 | "20, 28 or 36\n", __func__, keylen)); | | 244 | "20, 28 or 36\n", __func__, keylen)); |
245 | return EINVAL; | | 245 | return EINVAL; |
246 | } | | 246 | } |
247 | | | 247 | |
248 | memset(&cria, 0, sizeof(cria)); | | 248 | memset(&cria, 0, sizeof(cria)); |
249 | cria.cri_alg = sav->tdb_authalgxform->type; | | 249 | cria.cri_alg = sav->tdb_authalgxform->type; |
250 | cria.cri_klen = _KEYBITS(sav->key_enc); | | 250 | cria.cri_klen = _KEYBITS(sav->key_enc); |
251 | cria.cri_key = _KEYBUF(sav->key_enc); | | 251 | cria.cri_key = _KEYBUF(sav->key_enc); |
252 | break; | | 252 | break; |
253 | default: | | 253 | default: |
254 | break; | | 254 | break; |
255 | } | | 255 | } |
256 | | | 256 | |
257 | /* Initialize crypto session. */ | | 257 | /* Initialize crypto session. */ |
258 | memset(&crie, 0, sizeof(crie)); | | 258 | memset(&crie, 0, sizeof(crie)); |
259 | crie.cri_alg = sav->tdb_encalgxform->type; | | 259 | crie.cri_alg = sav->tdb_encalgxform->type; |
| @@ -303,27 +303,27 @@ esp_zeroize(struct secasvar *sav) | | | @@ -303,27 +303,27 @@ esp_zeroize(struct secasvar *sav) |
303 | static int | | 303 | static int |
304 | esp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff) | | 304 | esp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff) |
305 | { | | 305 | { |
306 | const struct auth_hash *esph; | | 306 | const struct auth_hash *esph; |
307 | const struct enc_xform *espx; | | 307 | const struct enc_xform *espx; |
308 | struct tdb_crypto *tc; | | 308 | struct tdb_crypto *tc; |
309 | int plen, alen, hlen, error, stat = ESP_STAT_CRYPTO; | | 309 | int plen, alen, hlen, error, stat = ESP_STAT_CRYPTO; |
310 | struct newesp *esp; | | 310 | struct newesp *esp; |
311 | struct cryptodesc *crde; | | 311 | struct cryptodesc *crde; |
312 | struct cryptop *crp; | | 312 | struct cryptop *crp; |
313 | | | 313 | |
314 | KASSERT(sav != NULL); | | 314 | KASSERT(sav != NULL); |
315 | KASSERT(sav->tdb_encalgxform != NULL); | | 315 | KASSERT(sav->tdb_encalgxform != NULL); |
316 | KASSERTMSG((skip&3) == 0 && (m->m_pkthdr.len&3) == 0, | | 316 | KASSERTMSG((skip & 3) == 0 && (m->m_pkthdr.len & 3) == 0, |
317 | "misaligned packet, skip %u pkt len %u", | | 317 | "misaligned packet, skip %u pkt len %u", |
318 | skip, m->m_pkthdr.len); | | 318 | skip, m->m_pkthdr.len); |
319 | | | 319 | |
320 | /* XXX don't pullup, just copy header */ | | 320 | /* XXX don't pullup, just copy header */ |
321 | M_REGION_GET(esp, struct newesp *, m, skip, sizeof(struct newesp)); | | 321 | M_REGION_GET(esp, struct newesp *, m, skip, sizeof(struct newesp)); |
322 | if (esp == NULL) { | | 322 | if (esp == NULL) { |
323 | /* m already freed */ | | 323 | /* m already freed */ |
324 | return ENOBUFS; | | 324 | return ENOBUFS; |
325 | } | | 325 | } |
326 | | | 326 | |
327 | esph = sav->tdb_authalgxform; | | 327 | esph = sav->tdb_authalgxform; |
328 | espx = sav->tdb_encalgxform; | | 328 | espx = sav->tdb_encalgxform; |
329 | KASSERT(espx != NULL); | | 329 | KASSERT(espx != NULL); |
| @@ -359,27 +359,27 @@ esp_input(struct mbuf *m, struct secasva | | | @@ -359,27 +359,27 @@ esp_input(struct mbuf *m, struct secasva |
359 | /* | | 359 | /* |
360 | * Check sequence number. | | 360 | * Check sequence number. |
361 | */ | | 361 | */ |
362 | if (esph && sav->replay && !ipsec_chkreplay(ntohl(esp->esp_seq), sav)) { | | 362 | if (esph && sav->replay && !ipsec_chkreplay(ntohl(esp->esp_seq), sav)) { |
363 | char logbuf[IPSEC_LOGSASTRLEN]; | | 363 | char logbuf[IPSEC_LOGSASTRLEN]; |
364 | DPRINTF(("%s: packet replay check for %s\n", __func__, | | 364 | DPRINTF(("%s: packet replay check for %s\n", __func__, |
365 | ipsec_logsastr(sav, logbuf, sizeof(logbuf)))); | | 365 | ipsec_logsastr(sav, logbuf, sizeof(logbuf)))); |
366 | stat = ESP_STAT_REPLAY; | | 366 | stat = ESP_STAT_REPLAY; |
367 | error = EACCES; | | 367 | error = EACCES; |
368 | goto out; | | 368 | goto out; |
369 | } | | 369 | } |
370 | | | 370 | |
371 | /* Update the counters */ | | 371 | /* Update the counters */ |
372 | ESP_STATADD(ESP_STAT_IBYTES, m->m_pkthdr.len - skip - hlen - alen); | | 372 | ESP_STATADD(ESP_STAT_IBYTES, plen); |
373 | | | 373 | |
374 | /* Get crypto descriptors */ | | 374 | /* Get crypto descriptors */ |
375 | crp = crypto_getreq(esph ? 2 : 1); | | 375 | crp = crypto_getreq(esph ? 2 : 1); |
376 | if (crp == NULL) { | | 376 | if (crp == NULL) { |
377 | DPRINTF(("%s: failed to acquire crypto descriptors\n", | | 377 | DPRINTF(("%s: failed to acquire crypto descriptors\n", |
378 | __func__)); | | 378 | __func__)); |
379 | error = ENOBUFS; | | 379 | error = ENOBUFS; |
380 | goto out; | | 380 | goto out; |
381 | } | | 381 | } |
382 | | | 382 | |
383 | /* Get IPsec-specific opaque pointer */ | | 383 | /* Get IPsec-specific opaque pointer */ |
384 | size_t extra __diagused = esph == NULL ? 0 : alen; | | 384 | size_t extra __diagused = esph == NULL ? 0 : alen; |
385 | KASSERTMSG(sizeof(*tc) + extra <= esp_pool_item_size, | | 385 | KASSERTMSG(sizeof(*tc) + extra <= esp_pool_item_size, |
| @@ -479,35 +479,35 @@ esp_input(struct mbuf *m, struct secasva | | | @@ -479,35 +479,35 @@ esp_input(struct mbuf *m, struct secasva |
479 | return crypto_dispatch(crp); | | 479 | return crypto_dispatch(crp); |
480 | | | 480 | |
481 | out2: | | 481 | out2: |
482 | pool_cache_put(esp_tdb_crypto_pool_cache, tc); | | 482 | pool_cache_put(esp_tdb_crypto_pool_cache, tc); |
483 | out1: | | 483 | out1: |
484 | crypto_freereq(crp); | | 484 | crypto_freereq(crp); |
485 | out: | | 485 | out: |
486 | ESP_STATINC(stat); | | 486 | ESP_STATINC(stat); |
487 | m_freem(m); | | 487 | m_freem(m); |
488 | return error; | | 488 | return error; |
489 | } | | 489 | } |
490 | | | 490 | |
491 | #ifdef INET6 | | 491 | #ifdef INET6 |
492 | #define IPSEC_COMMON_INPUT_CB(m, sav, skip, protoff) do { \ | | 492 | #define IPSEC_COMMON_INPUT_CB(m, sav, skip, protoff) do { \ |
493 | if (saidx->dst.sa.sa_family == AF_INET6) { \ | | 493 | if (saidx->dst.sa.sa_family == AF_INET6) { \ |
494 | error = ipsec6_common_input_cb(m, sav, skip, protoff); \ | | 494 | error = ipsec6_common_input_cb(m, sav, skip, protoff); \ |
495 | } else { \ | | 495 | } else { \ |
496 | error = ipsec4_common_input_cb(m, sav, skip, protoff); \ | | 496 | error = ipsec4_common_input_cb(m, sav, skip, protoff); \ |
497 | } \ | | 497 | } \ |
498 | } while (0) | | 498 | } while (0) |
499 | #else | | 499 | #else |
500 | #define IPSEC_COMMON_INPUT_CB(m, sav, skip, protoff) \ | | 500 | #define IPSEC_COMMON_INPUT_CB(m, sav, skip, protoff) \ |
501 | (error = ipsec4_common_input_cb(m, sav, skip, protoff)) | | 501 | (error = ipsec4_common_input_cb(m, sav, skip, protoff)) |
502 | #endif | | 502 | #endif |
503 | | | 503 | |
504 | /* | | 504 | /* |
505 | * ESP input callback from the crypto driver. | | 505 | * ESP input callback from the crypto driver. |
506 | */ | | 506 | */ |
507 | static int | | 507 | static int |
508 | esp_input_cb(struct cryptop *crp) | | 508 | esp_input_cb(struct cryptop *crp) |
509 | { | | 509 | { |
510 | char buf[IPSEC_ADDRSTRLEN]; | | 510 | char buf[IPSEC_ADDRSTRLEN]; |
511 | uint8_t lastthree[3], aalg[AH_ALEN_MAX]; | | 511 | uint8_t lastthree[3], aalg[AH_ALEN_MAX]; |
512 | int hlen, skip, protoff, error; | | 512 | int hlen, skip, protoff, error; |
513 | struct mbuf *m; | | 513 | struct mbuf *m; |
| @@ -699,35 +699,33 @@ esp_output(struct mbuf *m, const struct | | | @@ -699,35 +699,33 @@ esp_output(struct mbuf *m, const struct |
699 | struct tdb_crypto *tc; | | 699 | struct tdb_crypto *tc; |
700 | struct secasindex *saidx; | | 700 | struct secasindex *saidx; |
701 | unsigned char *tail; | | 701 | unsigned char *tail; |
702 | uint8_t prot; | | 702 | uint8_t prot; |
703 | int error, maxpacketsize; | | 703 | int error, maxpacketsize; |
704 | struct esptail *esptail; | | 704 | struct esptail *esptail; |
705 | struct cryptodesc *crde, *crda; | | 705 | struct cryptodesc *crde, *crda; |
706 | struct cryptop *crp; | | 706 | struct cryptop *crp; |
707 | | | 707 | |
708 | esph = sav->tdb_authalgxform; | | 708 | esph = sav->tdb_authalgxform; |
709 | espx = sav->tdb_encalgxform; | | 709 | espx = sav->tdb_encalgxform; |
710 | KASSERT(espx != NULL); | | 710 | KASSERT(espx != NULL); |
711 | | | 711 | |
| | | 712 | /* Determine the ESP header length */ |
712 | if (sav->flags & SADB_X_EXT_OLD) | | 713 | if (sav->flags & SADB_X_EXT_OLD) |
713 | hlen = sizeof(struct esp) + sav->ivlen; | | 714 | hlen = sizeof(struct esp) + sav->ivlen; |
714 | else | | 715 | else |
715 | hlen = sizeof(struct newesp) + sav->ivlen; | | 716 | hlen = sizeof(struct newesp) + sav->ivlen; |
716 | | | 717 | /* Authenticator hash size */ |
717 | if (esph) | | 718 | alen = esph ? esph->authsize : 0; |
718 | alen = esph->authsize; | | | |
719 | else | | | |
720 | alen = 0; | | | |
721 | | | 719 | |
722 | /* | | 720 | /* |
723 | * NB: The null encoding transform has a blocksize of 4 | | 721 | * NB: The null encoding transform has a blocksize of 4 |
724 | * so that headers are properly aligned. | | 722 | * so that headers are properly aligned. |
725 | */ | | 723 | */ |
726 | blks = espx->blocksize; /* IV blocksize */ | | 724 | blks = espx->blocksize; /* IV blocksize */ |
727 | | | 725 | |
728 | /* Raw payload length. */ | | 726 | /* Raw payload length. */ |
729 | rlen = m->m_pkthdr.len - skip; | | 727 | rlen = m->m_pkthdr.len - skip; |
730 | | | 728 | |
731 | /* Encryption padding. */ | | 729 | /* Encryption padding. */ |
732 | padlen = ((blks - ((rlen + sizeof(struct esptail)) % blks)) % blks); | | 730 | padlen = ((blks - ((rlen + sizeof(struct esptail)) % blks)) % blks); |
733 | | | 731 | |