#include <sys/param.h>
#include <sys/systm.h>
#include <sys/socket.h>
#include <sys/queue.h>
#include <sys/syslog.h>
#include <sys/mbuf.h>
#include <kern/locks.h>
#include <net/if.h>
#include <net/route.h>
#include <netinet6/ipsec.h>
#include <netinet6/esp.h>
#include <netinet6/esp_rijndael.h>
#include <crypto/aes/aes.h>
#include <net/net_osdep.h>
#define AES_BLOCKLEN 16
extern lck_mtx_t *sadb_mutex;
int
esp_aes_schedlen(algo)
const struct esp_algorithm *algo;
{
return sizeof(aes_ctx);
}
int
esp_aes_schedule(algo, sav)
const struct esp_algorithm *algo;
struct secasvar *sav;
{
aes_ctx *ctx = (aes_ctx*)sav->sched;
gen_tabs();
aes_decrypt_key(_KEYBUF(sav->key_enc), _KEYLEN(sav->key_enc), &ctx->decrypt);
aes_encrypt_key(_KEYBUF(sav->key_enc), _KEYLEN(sav->key_enc), &ctx->encrypt);
return 0;
}
int
esp_cbc_decrypt_aes(m, off, sav, algo, ivlen)
struct mbuf *m;
size_t off;
struct secasvar *sav;
const struct esp_algorithm *algo;
int ivlen;
{
struct mbuf *s;
struct mbuf *d, *d0, *dp;
int soff;
int sn, dn;
size_t ivoff, bodyoff;
u_int8_t iv[AES_BLOCKLEN], *dptr;
u_int8_t sbuf[AES_BLOCKLEN], *sp;
struct mbuf *scut;
int scutoff;
int i, len;
if (ivlen != AES_BLOCKLEN) {
ipseclog((LOG_ERR, "esp_cbc_decrypt %s: "
"unsupported ivlen %d\n", algo->name, ivlen));
m_freem(m);
return EINVAL;
}
if (sav->flags & SADB_X_EXT_OLD) {
ivoff = off + sizeof(struct esp);
bodyoff = off + sizeof(struct esp) + ivlen;
} else {
ivoff = off + sizeof(struct newesp);
bodyoff = off + sizeof(struct newesp) + ivlen;
}
if (m->m_pkthdr.len < bodyoff) {
ipseclog((LOG_ERR, "esp_cbc_decrypt %s: bad len %d/%lu\n",
algo->name, m->m_pkthdr.len, (unsigned long)bodyoff));
m_freem(m);
return EINVAL;
}
if ((m->m_pkthdr.len - bodyoff) % AES_BLOCKLEN) {
ipseclog((LOG_ERR, "esp_cbc_decrypt %s: "
"payload length must be multiple of %d\n",
algo->name, AES_BLOCKLEN));
m_freem(m);
return EINVAL;
}
m_copydata(m, ivoff, ivlen, iv);
lck_mtx_unlock(sadb_mutex);
s = m;
soff = sn = dn = 0;
d = d0 = dp = NULL;
sp = dptr = NULL;
while (soff < bodyoff) {
if (soff + s->m_len > bodyoff) {
sn = bodyoff - soff;
break;
}
soff += s->m_len;
s = s->m_next;
}
scut = s;
scutoff = sn;
while (s && s->m_len == 0)
s = s->m_next;
while (soff < m->m_pkthdr.len) {
if (sn + AES_BLOCKLEN <= s->m_len) {
sp = mtod(s, u_int8_t *) + sn;
len = s->m_len - sn;
len -= len % AES_BLOCKLEN; } else {
m_copydata(s, sn, AES_BLOCKLEN, sbuf);
sp = sbuf;
len = AES_BLOCKLEN; }
if (!d || dn + AES_BLOCKLEN > d->m_len) {
if (d)
dp = d;
MGET(d, M_DONTWAIT, MT_DATA);
i = m->m_pkthdr.len - (soff + sn);
if (d && i > MLEN) {
MCLGET(d, M_DONTWAIT);
if ((d->m_flags & M_EXT) == 0) {
m_free(d);
d = NULL;
}
}
if (!d) {
m_freem(m);
if (d0)
m_freem(d0);
lck_mtx_lock(sadb_mutex);
return ENOBUFS;
}
if (!d0)
d0 = d;
if (dp)
dp->m_next = d;
d->m_len = M_TRAILINGSPACE(d);
d->m_len -= d->m_len % AES_BLOCKLEN;
if (d->m_len > i)
d->m_len = i;
dptr = mtod(d, u_int8_t *);
dn = 0;
}
if (len > d->m_len - dn)
len = d->m_len - dn;
aes_decrypt_cbc(sp, iv, len >> 4, dptr + dn,
(aes_decrypt_ctx*)(&(((aes_ctx*)sav->sched)->decrypt)));
sn += len;
dn += len;
bcopy(sp + len - AES_BLOCKLEN, iv, AES_BLOCKLEN);
while (s && sn >= s->m_len) {
sn -= s->m_len;
soff += s->m_len;
s = s->m_next;
}
}
m_freem(scut->m_next);
scut->m_len = scutoff;
scut->m_next = d0;
bzero(iv, sizeof(iv));
bzero(sbuf, sizeof(sbuf));
lck_mtx_lock(sadb_mutex);
return 0;
}
int
esp_cbc_encrypt_aes(m, off, plen, sav, algo, ivlen)
struct mbuf *m;
size_t off;
size_t plen;
struct secasvar *sav;
const struct esp_algorithm *algo;
int ivlen;
{
struct mbuf *s;
struct mbuf *d, *d0, *dp;
int soff, doff;
int sn, dn;
size_t ivoff, bodyoff;
u_int8_t *ivp, *dptr;
u_int8_t sbuf[AES_BLOCKLEN], *sp;
struct mbuf *scut;
int scutoff;
int i, len;
if (ivlen != AES_BLOCKLEN) {
ipseclog((LOG_ERR, "esp_cbc_encrypt %s: "
"unsupported ivlen %d\n", algo->name, ivlen));
m_freem(m);
return EINVAL;
}
if (sav->flags & SADB_X_EXT_OLD) {
ivoff = off + sizeof(struct esp);
bodyoff = off + sizeof(struct esp) + ivlen;
} else {
ivoff = off + sizeof(struct newesp);
bodyoff = off + sizeof(struct newesp) + ivlen;
}
m_copyback(m, ivoff, ivlen, sav->iv);
ivp = sav->iv;
if (m->m_pkthdr.len < bodyoff) {
ipseclog((LOG_ERR, "esp_cbc_encrypt %s: bad len %d/%lu\n",
algo->name, m->m_pkthdr.len, (unsigned long)bodyoff));
m_freem(m);
return EINVAL;
}
if ((m->m_pkthdr.len - bodyoff) % AES_BLOCKLEN) {
ipseclog((LOG_ERR, "esp_cbc_encrypt %s: "
"payload length must be multiple of %lu\n",
algo->name, AES_BLOCKLEN));
m_freem(m);
return EINVAL;
}
lck_mtx_unlock(sadb_mutex);
s = m;
soff = sn = dn = 0;
d = d0 = dp = NULL;
sp = dptr = NULL;
while (soff < bodyoff) {
if (soff + s->m_len > bodyoff) {
sn = bodyoff - soff;
break;
}
soff += s->m_len;
s = s->m_next;
}
scut = s;
scutoff = sn;
while (s && s->m_len == 0)
s = s->m_next;
while (soff < m->m_pkthdr.len) {
if (sn + AES_BLOCKLEN <= s->m_len) {
sp = mtod(s, u_int8_t *) + sn;
len = s->m_len - sn;
len -= len % AES_BLOCKLEN; } else {
m_copydata(s, sn, AES_BLOCKLEN, sbuf);
sp = sbuf;
len = AES_BLOCKLEN; }
if (!d || dn + AES_BLOCKLEN > d->m_len) {
if (d)
dp = d;
MGET(d, M_DONTWAIT, MT_DATA);
i = m->m_pkthdr.len - (soff + sn);
if (d && i > MLEN) {
MCLGET(d, M_DONTWAIT);
if ((d->m_flags & M_EXT) == 0) {
m_free(d);
d = NULL;
}
}
if (!d) {
m_freem(m);
if (d0)
m_freem(d0);
lck_mtx_lock(sadb_mutex);
return ENOBUFS;
}
if (!d0)
d0 = d;
if (dp)
dp->m_next = d;
d->m_len = M_TRAILINGSPACE(d);
d->m_len -= d->m_len % AES_BLOCKLEN;
if (d->m_len > i)
d->m_len = i;
dptr = mtod(d, u_int8_t *);
dn = 0;
}
if (len > d->m_len - dn)
len = d->m_len - dn;
aes_encrypt_cbc(sp, ivp, len >> 4, dptr + dn,
(aes_encrypt_ctx*)(&(((aes_ctx*)sav->sched)->encrypt)));
sn += len;
dn += len;
ivp = dptr + dn - AES_BLOCKLEN;
while (s && sn >= s->m_len) {
sn -= s->m_len;
soff += s->m_len;
s = s->m_next;
}
}
m_freem(scut->m_next);
scut->m_len = scutoff;
scut->m_next = d0;
bzero(sbuf, sizeof(sbuf));
lck_mtx_lock(sadb_mutex);
key_sa_stir_iv(sav);
return 0;
}