esp_core.c

eCos/RedBoot for勤研ARM AnywhereII(4510) 含全部源代码

//==========================================================================
//
//      src/sys/netinet6/esp_core.c
//
//==========================================================================
//####BSDCOPYRIGHTBEGIN####
//
// -------------------------------------------
//
// Portions of this software may have been derived from OpenBSD, 
// FreeBSD or other sources, and are covered by the appropriate
// copyright disclaimers included herein.
//
// Portions created by Red Hat are
// Copyright (C) 2002 Red Hat, Inc. All Rights Reserved.
//
// -------------------------------------------
//
//####BSDCOPYRIGHTEND####
//==========================================================================

/*	$KAME: esp_core.c,v 1.54 2001/12/07 07:07:08 itojun Exp $	*/

/*
 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. Neither the name of the project nor the names of its contributors
 *    may be used to endorse or promote products derived from this software
 *    without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */

#include <sys/param.h>
#include <sys/malloc.h>
#include <sys/mbuf.h>
#include <sys/domain.h>
#include <sys/protosw.h>
#include <sys/socket.h>
#include <sys/errno.h>
#include <sys/time.h>

#include <net/if.h>
#include <net/route.h>

#include <netinet/in.h>
#include <netinet/in_var.h>
#ifdef INET6
#include <netinet/ip6.h>
#include <netinet6/ip6_var.h>
#include <netinet/icmp6.h>
#endif

#include <netinet6/ipsec.h>
#include <netinet6/ah.h>
#include <netinet6/esp.h>
#include <netinet6/esp_twofish.h>
#include <netinet6/esp_rijndael.h>
#include <net/pfkeyv2.h>
#include <netkey/keydb.h>
#include <netkey/key.h>
#include <crypto/des/des.h>
#include <crypto/blowfish/blowfish.h>
#include <crypto/cast128/cast128.h>

static int esp_null_mature __P((struct secasvar *));
static int esp_null_decrypt __P((struct mbuf *, size_t,
	struct secasvar *, const struct esp_algorithm *, int));
static int esp_null_encrypt __P((struct mbuf *, size_t, size_t,
	struct secasvar *, const struct esp_algorithm *, int));
static int esp_descbc_mature __P((struct secasvar *));
static int esp_descbc_ivlen __P((const struct esp_algorithm *,
	struct secasvar *));
static int esp_des_schedule __P((const struct esp_algorithm *,
	struct secasvar *));
static int esp_des_schedlen __P((const struct esp_algorithm *));
static int esp_des_blockdecrypt __P((const struct esp_algorithm *,
	struct secasvar *, u_int8_t *, u_int8_t *));
static int esp_des_blockencrypt __P((const struct esp_algorithm *,
	struct secasvar *, u_int8_t *, u_int8_t *));
static int esp_cbc_mature __P((struct secasvar *));
static int esp_blowfish_schedule __P((const struct esp_algorithm *,
	struct secasvar *));
static int esp_blowfish_schedlen __P((const struct esp_algorithm *));
static int esp_blowfish_blockdecrypt __P((const struct esp_algorithm *,
	struct secasvar *, u_int8_t *, u_int8_t *));
static int esp_blowfish_blockencrypt __P((const struct esp_algorithm *,
	struct secasvar *, u_int8_t *, u_int8_t *));
static int esp_cast128_schedule __P((const struct esp_algorithm *,
	struct secasvar *));
static int esp_cast128_schedlen __P((const struct esp_algorithm *));
static int esp_cast128_blockdecrypt __P((const struct esp_algorithm *,
	struct secasvar *, u_int8_t *, u_int8_t *));
static int esp_cast128_blockencrypt __P((const struct esp_algorithm *,
	struct secasvar *, u_int8_t *, u_int8_t *));
static int esp_3des_schedule __P((const struct esp_algorithm *,
	struct secasvar *));
static int esp_3des_schedlen __P((const struct esp_algorithm *));
static int esp_3des_blockdecrypt __P((const struct esp_algorithm *,
	struct secasvar *, u_int8_t *, u_int8_t *));
static int esp_3des_blockencrypt __P((const struct esp_algorithm *,
	struct secasvar *, u_int8_t *, u_int8_t *));
static int esp_common_ivlen __P((const struct esp_algorithm *,
	struct secasvar *));
static int esp_cbc_decrypt __P((struct mbuf *, size_t,
	struct secasvar *, const struct esp_algorithm *, int));
static int esp_cbc_encrypt __P((struct mbuf *, size_t, size_t,
	struct secasvar *, const struct esp_algorithm *, int));

#define MAXIVLEN	16

static const struct esp_algorithm esp_algorithms[] = {
	{ 8, -1, esp_descbc_mature, 64, 64, esp_des_schedlen,
		"des-cbc",
		esp_descbc_ivlen, esp_cbc_decrypt,
		esp_cbc_encrypt, esp_des_schedule,
		esp_des_blockdecrypt, esp_des_blockencrypt, },
	{ 8, 8, esp_cbc_mature, 192, 192, esp_3des_schedlen,
		"3des-cbc",
		esp_common_ivlen, esp_cbc_decrypt,
		esp_cbc_encrypt, esp_3des_schedule,
		esp_3des_blockdecrypt, esp_3des_blockencrypt, },
	{ 1, 0, esp_null_mature, 0, 2048, 0, "null",
		esp_common_ivlen, esp_null_decrypt,
		esp_null_encrypt, NULL, },
	{ 8, 8, esp_cbc_mature, 40, 448, esp_blowfish_schedlen, "blowfish-cbc",
		esp_common_ivlen, esp_cbc_decrypt,
		esp_cbc_encrypt, esp_blowfish_schedule,
		esp_blowfish_blockdecrypt, esp_blowfish_blockencrypt, },
	{ 8, 8, esp_cbc_mature, 40, 128, esp_cast128_schedlen,
		"cast128-cbc",
		esp_common_ivlen, esp_cbc_decrypt,
		esp_cbc_encrypt, esp_cast128_schedule,
		esp_cast128_blockdecrypt, esp_cast128_blockencrypt, },
	{ 16, 16, esp_cbc_mature, 128, 256, esp_rijndael_schedlen,
		"rijndael-cbc",
		esp_common_ivlen, esp_cbc_decrypt,
		esp_cbc_encrypt, esp_rijndael_schedule,
		esp_rijndael_blockdecrypt, esp_rijndael_blockencrypt },
	{ 16, 16, esp_cbc_mature, 128, 256, esp_twofish_schedlen,
		"twofish-cbc",
		esp_common_ivlen, esp_cbc_decrypt,
		esp_cbc_encrypt, esp_twofish_schedule,
		esp_twofish_blockdecrypt, esp_twofish_blockencrypt },
};

const struct esp_algorithm *
esp_algorithm_lookup(idx)
	int idx;
{

	switch (idx) {
	case SADB_EALG_DESCBC:
		return &esp_algorithms[0];
	case SADB_EALG_3DESCBC:
		return &esp_algorithms[1];
	case SADB_EALG_NULL:
		return &esp_algorithms[2];
	case SADB_X_EALG_BLOWFISHCBC:
		return &esp_algorithms[3];
	case SADB_X_EALG_CAST128CBC:
		return &esp_algorithms[4];
	case SADB_X_EALG_RIJNDAELCBC:
		return &esp_algorithms[5];
	case SADB_X_EALG_TWOFISHCBC:
		return &esp_algorithms[6];
	default:
		return NULL;
	}
}

int
esp_max_ivlen()
{
	int idx;
	int ivlen;

	ivlen = 0;
	for (idx = 0; idx < sizeof(esp_algorithms)/sizeof(esp_algorithms[0]);
	     idx++) {
		if (esp_algorithms[idx].ivlenval > ivlen)
			ivlen = esp_algorithms[idx].ivlenval;
	}

	return ivlen;
}

int
esp_schedule(algo, sav)
	const struct esp_algorithm *algo;
	struct secasvar *sav;
{
	int error;

	/* check for key length */
	if (_KEYBITS(sav->key_enc) < algo->keymin ||
	    _KEYBITS(sav->key_enc) > algo->keymax) {
		ipseclog((LOG_ERR,
		    "esp_schedule %s: unsupported key length %d: "
		    "needs %d to %d bits\n", algo->name, _KEYBITS(sav->key_enc),
		    algo->keymin, algo->keymax));
		return EINVAL;
	}

	/* already allocated */
	if (sav->sched && sav->schedlen != 0)
		return 0;
	/* no schedule necessary */
	if (!algo->schedule || !algo->schedlen)
		return 0;

	sav->schedlen = (*algo->schedlen)(algo);
	if (sav->schedlen < 0)
		return EINVAL;
	sav->sched = malloc(sav->schedlen, M_SECA, M_DONTWAIT);
	if (!sav->sched) {
		sav->schedlen = 0;
		return ENOBUFS;
	}

	error = (*algo->schedule)(algo, sav);
	if (error) {
		ipseclog((LOG_ERR, "esp_schedule %s: error %d\n",
		    algo->name, error));
		free(sav->sched, M_SECA);
		sav->sched = NULL;
		sav->schedlen = 0;
	}
	return error;
}

static int
esp_null_mature(sav)
	struct secasvar *sav;
{

	/* anything is okay */
	return 0;
}

static int
esp_null_decrypt(m, off, sav, algo, ivlen)
	struct mbuf *m;
	size_t off;		/* offset to ESP header */
	struct secasvar *sav;
	const struct esp_algorithm *algo;
	int ivlen;
{

	return 0; /* do nothing */
}

static int
esp_null_encrypt(m, off, plen, sav, algo, ivlen)
	struct mbuf *m;
	size_t off;	/* offset to ESP header */
	size_t plen;	/* payload length (to be encrypted) */
	struct secasvar *sav;
	const struct esp_algorithm *algo;
	int ivlen;
{

	return 0; /* do nothing */
}

static int
esp_descbc_mature(sav)
	struct secasvar *sav;
{
	const struct esp_algorithm *algo;

	if (!(sav->flags & SADB_X_EXT_OLD) && (sav->flags & SADB_X_EXT_IV4B)) {
		ipseclog((LOG_ERR, "esp_cbc_mature: "
		    "algorithm incompatible with 4 octets IV length\n"));
		return 1;
	}

	if (!sav->key_enc) {
		ipseclog((LOG_ERR, "esp_descbc_mature: no key is given.\n"));
		return 1;
	}

	algo = esp_algorithm_lookup(sav->alg_enc);
	if (!algo) {
		ipseclog((LOG_ERR,
		    "esp_descbc_mature: unsupported algorithm.\n"));
		return 1;
	}

	if (_KEYBITS(sav->key_enc) < algo->keymin ||
	    _KEYBITS(sav->key_enc) > algo->keymax) {
		ipseclog((LOG_ERR,
		    "esp_descbc_mature: invalid key length %d.\n",
		    _KEYBITS(sav->key_enc)));
		return 1;
	}

	/* weak key check */
	if (des_is_weak_key((des_cblock *)_KEYBUF(sav->key_enc))) {
		ipseclog((LOG_ERR,
		    "esp_descbc_mature: weak key was passed.\n"));
		return 1;
	}

	return 0;
}

static int
esp_descbc_ivlen(algo, sav)
	const struct esp_algorithm *algo;
	struct secasvar *sav;
{

	if (!sav)
		return 8;
	if ((sav->flags & SADB_X_EXT_OLD) && (sav->flags & SADB_X_EXT_IV4B))
		return 4;
	if (!(sav->flags & SADB_X_EXT_OLD) && (sav->flags & SADB_X_EXT_DERIV))
		return 4;
	return 8;
}

static int
esp_des_schedlen(algo)
	const struct esp_algorithm *algo;
{

	return sizeof(des_key_schedule);
}

static int
esp_des_schedule(algo, sav)
	const struct esp_algorithm *algo;
	struct secasvar *sav;
{

	if (des_key_sched((des_cblock *)_KEYBUF(sav->key_enc),
	    *(des_key_schedule *)sav->sched))
		return EINVAL;
	else
		return 0;
}

static int
esp_des_blockdecrypt(algo, sav, s, d)
	const struct esp_algorithm *algo;
	struct secasvar *sav;
	u_int8_t *s;
	u_int8_t *d;
{

	/* assumption: d has a good alignment */
	bcopy(s, d, sizeof(DES_LONG) * 2);
	des_ecb_encrypt((des_cblock *)d, (des_cblock *)d,
	    *(des_key_schedule *)sav->sched, DES_DECRYPT);
	return 0;
}

static int
esp_des_blockencrypt(algo, sav, s, d)
	const struct esp_algorithm *algo;
	struct secasvar *sav;
	u_int8_t *s;
	u_int8_t *d;
{

	/* assumption: d has a good alignment */
	bcopy(s, d, sizeof(DES_LONG) * 2);
	des_ecb_encrypt((des_cblock *)d, (des_cblock *)d,
	    *(des_key_schedule *)sav->sched, DES_ENCRYPT);
	return 0;
}

static int
esp_cbc_mature(sav)
	struct secasvar *sav;
{
	int keylen;
	const struct esp_algorithm *algo;

	if (sav->flags & SADB_X_EXT_OLD) {
		ipseclog((LOG_ERR,
		    "esp_cbc_mature: algorithm incompatible with esp-old\n"));
		return 1;
	}
	if (sav->flags & SADB_X_EXT_DERIV) {
		ipseclog((LOG_ERR,
		    "esp_cbc_mature: algorithm incompatible with derived\n"));
		return 1;
	}

	if (!sav->key_enc) {
		ipseclog((LOG_ERR, "esp_cbc_mature: no key is given.\n"));
		return 1;
	}

	algo = esp_algorithm_lookup(sav->alg_enc);
	if (!algo) {
		ipseclog((LOG_ERR,
		    "esp_cbc_mature %s: unsupported algorithm.\n", algo->name));
		return 1;
	}

	keylen = sav->key_enc->sadb_key_bits;
	if (keylen < algo->keymin || algo->keymax < keylen) {
		ipseclog((LOG_ERR,
		    "esp_cbc_mature %s: invalid key length %d.\n",
		    algo->name, sav->key_enc->sadb_key_bits));
		return 1;
	}
	switch (sav->alg_enc) {
	case SADB_EALG_3DESCBC:
		/* weak key check */
		if (des_is_weak_key((des_cblock *)_KEYBUF(sav->key_enc)) ||
		    des_is_weak_key((des_cblock *)(_KEYBUF(sav->key_enc) + 8)) ||
		    des_is_weak_key((des_cblock *)(_KEYBUF(sav->key_enc) + 16))) {
			ipseclog((LOG_ERR,
			    "esp_cbc_mature %s: weak key was passed.\n",
			    algo->name));
			return 1;
		}
		break;
	case SADB_X_EALG_BLOWFISHCBC:
	case SADB_X_EALG_CAST128CBC:
	case SADB_X_EALG_TWOFISHCBC:
		break;
	case SADB_X_EALG_RIJNDAELCBC:
		/* allows specific key sizes only */
		if (!(keylen == 128 || keylen == 192 || keylen == 256)) {
			ipseclog((LOG_ERR,
			    "esp_cbc_mature %s: invalid key length %d.\n",
			    algo->name, keylen));
			return 1;
		}
		break;
	}

	return 0;
}

static int
esp_blowfish_schedlen(algo)
	const struct esp_algorithm *algo;
{

	return sizeof(BF_KEY);
}

static int
esp_blowfish_schedule(algo, sav)
	const struct esp_algorithm *algo;
	struct secasvar *sav;
{

	BF_set_key((BF_KEY *)sav->sched, _KEYLEN(sav->key_enc),
	    _KEYBUF(sav->key_enc));
	return 0;
}

static int
esp_blowfish_blockdecrypt(algo, sav, s, d)
	const struct esp_algorithm *algo;
	struct secasvar *sav;
	u_int8_t *s;
	u_int8_t *d;
{
	/* HOLY COW!  BF_encrypt() takes values in host byteorder */
	BF_LONG t[2];

	bcopy(s, t, sizeof(t));
	t[0] = ntohl(t[0]);
	t[1] = ntohl(t[1]);
	BF_encrypt(t, (BF_KEY *)sav->sched, BF_DECRYPT);
	t[0] = htonl(t[0]);
	t[1] = htonl(t[1]);
	bcopy(t, d, sizeof(t));
	return 0;
}

static int
esp_blowfish_blockencrypt(algo, sav, s, d)
	const struct esp_algorithm *algo;
	struct secasvar *sav;
	u_int8_t *s;
	u_int8_t *d;
{
	/* HOLY COW!  BF_encrypt() takes values in host byteorder */
	BF_LONG t[2];

	bcopy(s, t, sizeof(t));
	t[0] = ntohl(t[0]);
	t[1] = ntohl(t[1]);
	BF_encrypt(t, (BF_KEY *)sav->sched, BF_ENCRYPT);
	t[0] = htonl(t[0]);
	t[1] = htonl(t[1]);
	bcopy(t, d, sizeof(t));
	return 0;
}

static int
esp_cast128_schedlen(algo)
	const struct esp_algorithm *algo;
{

	return sizeof(u_int32_t) * 32;
}

static int
esp_cast128_schedule(algo, sav)
	const struct esp_algorithm *algo;
	struct secasvar *sav;
{

	set_cast128_subkey((u_int32_t *)sav->sched, _KEYBUF(sav->key_enc),
		_KEYLEN(sav->key_enc));
	return 0;
}

static int
esp_cast128_blockdecrypt(algo, sav, s, d)
	const struct esp_algorithm *algo;
	struct secasvar *sav;
	u_int8_t *s;
	u_int8_t *d;
{

	if (_KEYLEN(sav->key_enc) <= 80 / 8)
		cast128_decrypt_round12(d, s, (u_int32_t *)sav->sched);
	else
		cast128_decrypt_round16(d, s, (u_int32_t *)sav->sched);
	return 0;
}

static int
esp_cast128_blockencrypt(algo, sav, s, d)
	const struct esp_algorithm *algo;
	struct secasvar *sav;
	u_int8_t *s;
	u_int8_t *d;
{

	if (_KEYLEN(sav->key_enc) <= 80 / 8)
		cast128_encrypt_round12(d, s, (u_int32_t *)sav->sched);
	else
		cast128_encrypt_round16(d, s, (u_int32_t *)sav->sched);
	return 0;
}

static int
esp_3des_schedlen(algo)
	const struct esp_algorithm *algo;
{

	return sizeof(des_key_schedule) * 3;
}