xform_ah.c revision 1.79 1 1.79 ozaki /* $NetBSD: xform_ah.c,v 1.79 2018/02/15 04:27:24 ozaki-r Exp $ */
2 1.1 jonathan /* $FreeBSD: src/sys/netipsec/xform_ah.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
3 1.1 jonathan /* $OpenBSD: ip_ah.c,v 1.63 2001/06/26 06:18:58 angelos Exp $ */
4 1.1 jonathan /*
5 1.1 jonathan * The authors of this code are John Ioannidis (ji (at) tla.org),
6 1.1 jonathan * Angelos D. Keromytis (kermit (at) csd.uch.gr) and
7 1.1 jonathan * Niels Provos (provos (at) physnet.uni-hamburg.de).
8 1.1 jonathan *
9 1.1 jonathan * The original version of this code was written by John Ioannidis
10 1.1 jonathan * for BSD/OS in Athens, Greece, in November 1995.
11 1.1 jonathan *
12 1.1 jonathan * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
13 1.1 jonathan * by Angelos D. Keromytis.
14 1.1 jonathan *
15 1.1 jonathan * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis
16 1.1 jonathan * and Niels Provos.
17 1.1 jonathan *
18 1.1 jonathan * Additional features in 1999 by Angelos D. Keromytis and Niklas Hallqvist.
19 1.1 jonathan *
20 1.1 jonathan * Copyright (c) 1995, 1996, 1997, 1998, 1999 by John Ioannidis,
21 1.1 jonathan * Angelos D. Keromytis and Niels Provos.
22 1.1 jonathan * Copyright (c) 1999 Niklas Hallqvist.
23 1.1 jonathan * Copyright (c) 2001 Angelos D. Keromytis.
24 1.1 jonathan *
25 1.1 jonathan * Permission to use, copy, and modify this software with or without fee
26 1.1 jonathan * is hereby granted, provided that this entire notice is included in
27 1.1 jonathan * all copies of any software which is or includes a copy or
28 1.1 jonathan * modification of this software.
29 1.1 jonathan * You may use this code under the GNU public license if you so wish. Please
30 1.1 jonathan * contribute changes back to the authors under this freer than GPL license
31 1.1 jonathan * so that we may further the use of strong encryption without limitations to
32 1.1 jonathan * all.
33 1.1 jonathan *
34 1.1 jonathan * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
35 1.1 jonathan * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
36 1.1 jonathan * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
37 1.1 jonathan * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
38 1.1 jonathan * PURPOSE.
39 1.1 jonathan */
40 1.1 jonathan
41 1.1 jonathan #include <sys/cdefs.h>
42 1.79 ozaki __KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.79 2018/02/15 04:27:24 ozaki-r Exp $");
43 1.1 jonathan
44 1.45 ozaki #if defined(_KERNEL_OPT)
45 1.1 jonathan #include "opt_inet.h"
46 1.44 ozaki #include "opt_ipsec.h"
47 1.45 ozaki #endif
48 1.1 jonathan
49 1.1 jonathan #include <sys/param.h>
50 1.1 jonathan #include <sys/systm.h>
51 1.1 jonathan #include <sys/mbuf.h>
52 1.1 jonathan #include <sys/socket.h>
53 1.1 jonathan #include <sys/syslog.h>
54 1.1 jonathan #include <sys/kernel.h>
55 1.1 jonathan #include <sys/sysctl.h>
56 1.68 ozaki #include <sys/pool.h>
57 1.70 ozaki #include <sys/pserialize.h>
58 1.79 ozaki #include <sys/kmem.h>
59 1.1 jonathan
60 1.1 jonathan #include <net/if.h>
61 1.1 jonathan
62 1.1 jonathan #include <netinet/in.h>
63 1.1 jonathan #include <netinet/in_systm.h>
64 1.1 jonathan #include <netinet/ip.h>
65 1.1 jonathan #include <netinet/ip_ecn.h>
66 1.68 ozaki #include <netinet/ip_var.h>
67 1.1 jonathan #include <netinet/ip6.h>
68 1.1 jonathan
69 1.1 jonathan #include <net/route.h>
70 1.1 jonathan #include <netipsec/ipsec.h>
71 1.21 thorpej #include <netipsec/ipsec_private.h>
72 1.1 jonathan #include <netipsec/ah.h>
73 1.1 jonathan #include <netipsec/ah_var.h>
74 1.1 jonathan #include <netipsec/xform.h>
75 1.1 jonathan
76 1.1 jonathan #ifdef INET6
77 1.1 jonathan #include <netinet6/ip6_var.h>
78 1.34 drochner #include <netinet6/scope6_var.h>
79 1.1 jonathan #include <netipsec/ipsec6.h>
80 1.1 jonathan #endif
81 1.1 jonathan
82 1.4 tls #include <netipsec/key.h>
83 1.4 tls #include <netipsec/key_debug.h>
84 1.1 jonathan
85 1.1 jonathan #include <opencrypto/cryptodev.h>
86 1.1 jonathan
87 1.1 jonathan /*
88 1.1 jonathan * Return header size in bytes. The old protocol did not support
89 1.1 jonathan * the replay counter; the new protocol always includes the counter.
90 1.1 jonathan */
91 1.1 jonathan #define HDRSIZE(sav) \
92 1.1 jonathan (((sav)->flags & SADB_X_EXT_OLD) ? \
93 1.50 christos sizeof(struct ah) : sizeof(struct ah) + sizeof(uint32_t))
94 1.8 perry /*
95 1.1 jonathan * Return authenticator size in bytes. The old protocol is known
96 1.1 jonathan * to use a fixed 16-byte authenticator. The new algorithm gets
97 1.1 jonathan * this size from the xform but is (currently) always 12.
98 1.1 jonathan */
99 1.1 jonathan #define AUTHSIZE(sav) \
100 1.1 jonathan ((sav->flags & SADB_X_EXT_OLD) ? 16 : (sav)->tdb_authalgxform->authsize)
101 1.1 jonathan
102 1.21 thorpej percpu_t *ahstat_percpu;
103 1.21 thorpej
104 1.1 jonathan int ah_enable = 1; /* control flow of packets with AH */
105 1.16 degroote int ip4_ah_cleartos = 1; /* clear ip_tos when doing AH calc */
106 1.1 jonathan
107 1.1 jonathan #ifdef __FreeBSD__
108 1.1 jonathan SYSCTL_DECL(_net_inet_ah);
109 1.1 jonathan SYSCTL_INT(_net_inet_ah, OID_AUTO,
110 1.1 jonathan ah_enable, CTLFLAG_RW, &ah_enable, 0, "");
111 1.1 jonathan SYSCTL_INT(_net_inet_ah, OID_AUTO,
112 1.16 degroote ah_cleartos, CTLFLAG_RW, &ip4_ah_cleartos, 0, "");
113 1.1 jonathan SYSCTL_STRUCT(_net_inet_ah, IPSECCTL_STATS,
114 1.1 jonathan stats, CTLFLAG_RD, &ahstat, ahstat, "");
115 1.1 jonathan
116 1.4 tls #endif /* __FreeBSD__ */
117 1.1 jonathan
118 1.1 jonathan static unsigned char ipseczeroes[256]; /* larger than an ip6 extension hdr */
119 1.1 jonathan
120 1.68 ozaki int ah_max_authsize; /* max authsize over all algorithms */
121 1.62 ozaki
122 1.50 christos static int ah_input_cb(struct cryptop *);
123 1.50 christos static int ah_output_cb(struct cryptop *);
124 1.1 jonathan
125 1.47 christos const uint8_t ah_stats[256] = { SADB_AALG_STATS_INIT };
126 1.47 christos
127 1.73 ozaki static pool_cache_t ah_tdb_crypto_pool_cache;
128 1.68 ozaki static size_t ah_pool_item_size;
129 1.68 ozaki
130 1.1 jonathan /*
131 1.1 jonathan * NB: this is public for use by the PF_KEY support.
132 1.1 jonathan */
133 1.31 drochner const struct auth_hash *
134 1.1 jonathan ah_algorithm_lookup(int alg)
135 1.1 jonathan {
136 1.46 ozaki
137 1.1 jonathan switch (alg) {
138 1.1 jonathan case SADB_X_AALG_NULL:
139 1.1 jonathan return &auth_hash_null;
140 1.1 jonathan case SADB_AALG_MD5HMAC:
141 1.1 jonathan return &auth_hash_hmac_md5_96;
142 1.1 jonathan case SADB_AALG_SHA1HMAC:
143 1.1 jonathan return &auth_hash_hmac_sha1_96;
144 1.1 jonathan case SADB_X_AALG_RIPEMD160HMAC:
145 1.1 jonathan return &auth_hash_hmac_ripemd_160_96;
146 1.1 jonathan case SADB_X_AALG_MD5:
147 1.1 jonathan return &auth_hash_key_md5;
148 1.1 jonathan case SADB_X_AALG_SHA:
149 1.1 jonathan return &auth_hash_key_sha1;
150 1.1 jonathan case SADB_X_AALG_SHA2_256:
151 1.1 jonathan return &auth_hash_hmac_sha2_256;
152 1.1 jonathan case SADB_X_AALG_SHA2_384:
153 1.1 jonathan return &auth_hash_hmac_sha2_384;
154 1.1 jonathan case SADB_X_AALG_SHA2_512:
155 1.1 jonathan return &auth_hash_hmac_sha2_512;
156 1.33 drochner case SADB_X_AALG_AES_XCBC_MAC:
157 1.33 drochner return &auth_hash_aes_xcbc_mac_96;
158 1.1 jonathan }
159 1.1 jonathan return NULL;
160 1.1 jonathan }
161 1.1 jonathan
162 1.1 jonathan size_t
163 1.31 drochner ah_hdrsiz(const struct secasvar *sav)
164 1.1 jonathan {
165 1.1 jonathan size_t size;
166 1.1 jonathan
167 1.1 jonathan if (sav != NULL) {
168 1.1 jonathan int authsize;
169 1.52 ozaki KASSERT(sav->tdb_authalgxform != NULL);
170 1.1 jonathan /*XXX not right for null algorithm--does it matter??*/
171 1.1 jonathan authsize = AUTHSIZE(sav);
172 1.50 christos size = roundup(authsize, sizeof(uint32_t)) + HDRSIZE(sav);
173 1.1 jonathan } else {
174 1.1 jonathan /* default guess */
175 1.62 ozaki size = sizeof(struct ah) + sizeof(uint32_t) + ah_max_authsize;
176 1.1 jonathan }
177 1.1 jonathan return size;
178 1.1 jonathan }
179 1.1 jonathan
180 1.1 jonathan /*
181 1.1 jonathan * NB: public for use by esp_init.
182 1.1 jonathan */
183 1.1 jonathan int
184 1.31 drochner ah_init0(struct secasvar *sav, const struct xformsw *xsp,
185 1.31 drochner struct cryptoini *cria)
186 1.1 jonathan {
187 1.31 drochner const struct auth_hash *thash;
188 1.1 jonathan int keylen;
189 1.1 jonathan
190 1.1 jonathan thash = ah_algorithm_lookup(sav->alg_auth);
191 1.1 jonathan if (thash == NULL) {
192 1.48 christos DPRINTF(("%s: unsupported authentication algorithm %u\n",
193 1.48 christos __func__, sav->alg_auth));
194 1.1 jonathan return EINVAL;
195 1.1 jonathan }
196 1.1 jonathan /*
197 1.1 jonathan * Verify the replay state block allocation is consistent with
198 1.1 jonathan * the protocol type. We check here so we can make assumptions
199 1.1 jonathan * later during protocol processing.
200 1.1 jonathan */
201 1.1 jonathan /* NB: replay state is setup elsewhere (sigh) */
202 1.1 jonathan if (((sav->flags&SADB_X_EXT_OLD) == 0) ^ (sav->replay != NULL)) {
203 1.48 christos DPRINTF(("%s: replay state block inconsistency, "
204 1.48 christos "%s algorithm %s replay state\n", __func__,
205 1.1 jonathan (sav->flags & SADB_X_EXT_OLD) ? "old" : "new",
206 1.1 jonathan sav->replay == NULL ? "without" : "with"));
207 1.1 jonathan return EINVAL;
208 1.1 jonathan }
209 1.1 jonathan if (sav->key_auth == NULL) {
210 1.48 christos DPRINTF(("%s: no authentication key for %s algorithm\n",
211 1.48 christos __func__, thash->name));
212 1.1 jonathan return EINVAL;
213 1.1 jonathan }
214 1.1 jonathan keylen = _KEYLEN(sav->key_auth);
215 1.1 jonathan if (keylen != thash->keysize && thash->keysize != 0) {
216 1.48 christos DPRINTF(("%s: invalid keylength %d, algorithm %s requires "
217 1.48 christos "keysize %d\n", __func__,
218 1.1 jonathan keylen, thash->name, thash->keysize));
219 1.1 jonathan return EINVAL;
220 1.1 jonathan }
221 1.1 jonathan
222 1.1 jonathan sav->tdb_xform = xsp;
223 1.1 jonathan sav->tdb_authalgxform = thash;
224 1.1 jonathan
225 1.1 jonathan /* Initialize crypto session. */
226 1.50 christos memset(cria, 0, sizeof(*cria));
227 1.1 jonathan cria->cri_alg = sav->tdb_authalgxform->type;
228 1.1 jonathan cria->cri_klen = _KEYBITS(sav->key_auth);
229 1.1 jonathan cria->cri_key = _KEYBUF(sav->key_auth);
230 1.1 jonathan
231 1.1 jonathan return 0;
232 1.1 jonathan }
233 1.1 jonathan
234 1.1 jonathan /*
235 1.1 jonathan * ah_init() is called when an SPI is being set up.
236 1.1 jonathan */
237 1.1 jonathan static int
238 1.31 drochner ah_init(struct secasvar *sav, const struct xformsw *xsp)
239 1.1 jonathan {
240 1.1 jonathan struct cryptoini cria;
241 1.1 jonathan int error;
242 1.1 jonathan
243 1.1 jonathan error = ah_init0(sav, xsp, &cria);
244 1.32 drochner if (!error)
245 1.20 tls error = crypto_newsession(&sav->tdb_cryptoid,
246 1.20 tls &cria, crypto_support);
247 1.20 tls return error;
248 1.1 jonathan }
249 1.1 jonathan
250 1.1 jonathan /*
251 1.1 jonathan * Paranoia.
252 1.1 jonathan *
253 1.1 jonathan * NB: public for use by esp_zeroize (XXX).
254 1.1 jonathan */
255 1.1 jonathan int
256 1.1 jonathan ah_zeroize(struct secasvar *sav)
257 1.1 jonathan {
258 1.1 jonathan int err;
259 1.1 jonathan
260 1.58 ozaki if (sav->key_auth) {
261 1.58 ozaki explicit_memset(_KEYBUF(sav->key_auth), 0,
262 1.58 ozaki _KEYLEN(sav->key_auth));
263 1.58 ozaki }
264 1.1 jonathan
265 1.1 jonathan err = crypto_freesession(sav->tdb_cryptoid);
266 1.1 jonathan sav->tdb_cryptoid = 0;
267 1.1 jonathan sav->tdb_authalgxform = NULL;
268 1.1 jonathan sav->tdb_xform = NULL;
269 1.1 jonathan return err;
270 1.1 jonathan }
271 1.1 jonathan
272 1.1 jonathan /*
273 1.1 jonathan * Massage IPv4/IPv6 headers for AH processing.
274 1.1 jonathan */
275 1.1 jonathan static int
276 1.1 jonathan ah_massage_headers(struct mbuf **m0, int proto, int skip, int alg, int out)
277 1.1 jonathan {
278 1.1 jonathan struct mbuf *m = *m0;
279 1.1 jonathan unsigned char *ptr;
280 1.1 jonathan int off, count;
281 1.1 jonathan
282 1.1 jonathan #ifdef INET
283 1.1 jonathan struct ip *ip;
284 1.1 jonathan #endif /* INET */
285 1.1 jonathan
286 1.1 jonathan #ifdef INET6
287 1.1 jonathan struct ip6_ext *ip6e;
288 1.1 jonathan struct ip6_hdr ip6;
289 1.50 christos struct ip6_rthdr *rh;
290 1.34 drochner int alloc, ad, nxt;
291 1.1 jonathan #endif /* INET6 */
292 1.1 jonathan
293 1.1 jonathan switch (proto) {
294 1.1 jonathan #ifdef INET
295 1.1 jonathan case AF_INET:
296 1.1 jonathan /*
297 1.1 jonathan * This is the least painful way of dealing with IPv4 header
298 1.1 jonathan * and option processing -- just make sure they're in
299 1.1 jonathan * contiguous memory.
300 1.1 jonathan */
301 1.1 jonathan *m0 = m = m_pullup(m, skip);
302 1.1 jonathan if (m == NULL) {
303 1.48 christos DPRINTF(("%s: m_pullup failed\n", __func__));
304 1.1 jonathan return ENOBUFS;
305 1.1 jonathan }
306 1.1 jonathan
307 1.1 jonathan /* Fix the IP header */
308 1.1 jonathan ip = mtod(m, struct ip *);
309 1.16 degroote if (ip4_ah_cleartos)
310 1.1 jonathan ip->ip_tos = 0;
311 1.1 jonathan ip->ip_ttl = 0;
312 1.1 jonathan ip->ip_sum = 0;
313 1.17 degroote ip->ip_off = htons(ntohs(ip->ip_off) & ip4_ah_offsetmask);
314 1.1 jonathan
315 1.1 jonathan /*
316 1.7 jonathan * On FreeBSD, ip_off and ip_len assumed in host endian;
317 1.7 jonathan * they are converted (if necessary) by ip_input().
318 1.7 jonathan * On NetBSD, ip_off and ip_len are in network byte order.
319 1.7 jonathan * They must be massaged back to network byte order
320 1.7 jonathan * before verifying the HMAC. Moreover, on FreeBSD,
321 1.7 jonathan * we should add `skip' back into the massaged ip_len
322 1.7 jonathan * (presumably ip_input() deducted it before we got here?)
323 1.7 jonathan * whereas on NetBSD, we should not.
324 1.1 jonathan */
325 1.1 jonathan if (!out) {
326 1.51 ozaki uint16_t inlen = ntohs(ip->ip_len);
327 1.1 jonathan
328 1.7 jonathan ip->ip_len = htons(inlen);
329 1.1 jonathan
330 1.1 jonathan if (alg == CRYPTO_MD5_KPDK || alg == CRYPTO_SHA1_KPDK)
331 1.53 ozaki ip->ip_off &= htons(IP_DF);
332 1.1 jonathan else
333 1.1 jonathan ip->ip_off = 0;
334 1.1 jonathan } else {
335 1.1 jonathan if (alg == CRYPTO_MD5_KPDK || alg == CRYPTO_SHA1_KPDK)
336 1.53 ozaki ip->ip_off &= htons(IP_DF);
337 1.1 jonathan else
338 1.1 jonathan ip->ip_off = 0;
339 1.1 jonathan }
340 1.1 jonathan
341 1.35 drochner ptr = mtod(m, unsigned char *);
342 1.1 jonathan
343 1.1 jonathan /* IPv4 option processing */
344 1.1 jonathan for (off = sizeof(struct ip); off < skip;) {
345 1.1 jonathan if (ptr[off] == IPOPT_EOL || ptr[off] == IPOPT_NOP ||
346 1.1 jonathan off + 1 < skip)
347 1.1 jonathan ;
348 1.1 jonathan else {
349 1.48 christos DPRINTF(("%s: illegal IPv4 option length for "
350 1.48 christos "option %d\n", __func__, ptr[off]));
351 1.1 jonathan
352 1.1 jonathan m_freem(m);
353 1.1 jonathan return EINVAL;
354 1.1 jonathan }
355 1.1 jonathan
356 1.1 jonathan switch (ptr[off]) {
357 1.1 jonathan case IPOPT_EOL:
358 1.1 jonathan off = skip; /* End the loop. */
359 1.1 jonathan break;
360 1.1 jonathan
361 1.1 jonathan case IPOPT_NOP:
362 1.1 jonathan off++;
363 1.1 jonathan break;
364 1.1 jonathan
365 1.1 jonathan case IPOPT_SECURITY: /* 0x82 */
366 1.1 jonathan case 0x85: /* Extended security. */
367 1.1 jonathan case 0x86: /* Commercial security. */
368 1.1 jonathan case 0x94: /* Router alert */
369 1.1 jonathan case 0x95: /* RFC1770 */
370 1.1 jonathan /* Sanity check for option length. */
371 1.1 jonathan if (ptr[off + 1] < 2) {
372 1.48 christos DPRINTF(("%s: illegal IPv4 option "
373 1.48 christos "length for option %d\n", __func__,
374 1.48 christos ptr[off]));
375 1.1 jonathan
376 1.1 jonathan m_freem(m);
377 1.1 jonathan return EINVAL;
378 1.1 jonathan }
379 1.1 jonathan
380 1.1 jonathan off += ptr[off + 1];
381 1.1 jonathan break;
382 1.1 jonathan
383 1.1 jonathan case IPOPT_LSRR:
384 1.1 jonathan case IPOPT_SSRR:
385 1.1 jonathan /* Sanity check for option length. */
386 1.1 jonathan if (ptr[off + 1] < 2) {
387 1.48 christos DPRINTF(("%s: illegal IPv4 option "
388 1.48 christos "length for option %d\n", __func__,
389 1.48 christos ptr[off]));
390 1.1 jonathan
391 1.1 jonathan m_freem(m);
392 1.1 jonathan return EINVAL;
393 1.1 jonathan }
394 1.1 jonathan
395 1.1 jonathan /*
396 1.1 jonathan * On output, if we have either of the
397 1.1 jonathan * source routing options, we should
398 1.1 jonathan * swap the destination address of the
399 1.1 jonathan * IP header with the last address
400 1.1 jonathan * specified in the option, as that is
401 1.1 jonathan * what the destination's IP header
402 1.1 jonathan * will look like.
403 1.1 jonathan */
404 1.1 jonathan if (out)
405 1.50 christos memcpy(&ip->ip_dst,
406 1.50 christos ptr + off + ptr[off + 1] -
407 1.1 jonathan sizeof(struct in_addr),
408 1.50 christos sizeof(struct in_addr));
409 1.1 jonathan
410 1.1 jonathan /* Fall through */
411 1.1 jonathan default:
412 1.1 jonathan /* Sanity check for option length. */
413 1.1 jonathan if (ptr[off + 1] < 2) {
414 1.48 christos DPRINTF(("%s: illegal IPv4 option "
415 1.48 christos "length for option %d\n", __func__,
416 1.48 christos ptr[off]));
417 1.1 jonathan m_freem(m);
418 1.1 jonathan return EINVAL;
419 1.1 jonathan }
420 1.1 jonathan
421 1.1 jonathan /* Zeroize all other options. */
422 1.1 jonathan count = ptr[off + 1];
423 1.75 maxv memcpy(ptr + off, ipseczeroes, count);
424 1.1 jonathan off += count;
425 1.1 jonathan break;
426 1.1 jonathan }
427 1.1 jonathan
428 1.1 jonathan /* Sanity check. */
429 1.1 jonathan if (off > skip) {
430 1.48 christos DPRINTF(("%s: malformed IPv4 options header\n",
431 1.48 christos __func__));
432 1.1 jonathan
433 1.1 jonathan m_freem(m);
434 1.1 jonathan return EINVAL;
435 1.1 jonathan }
436 1.1 jonathan }
437 1.1 jonathan
438 1.1 jonathan break;
439 1.1 jonathan #endif /* INET */
440 1.1 jonathan
441 1.1 jonathan #ifdef INET6
442 1.1 jonathan case AF_INET6: /* Ugly... */
443 1.1 jonathan /* Copy and "cook" the IPv6 header. */
444 1.15 degroote m_copydata(m, 0, sizeof(ip6), &ip6);
445 1.1 jonathan
446 1.1 jonathan /* We don't do IPv6 Jumbograms. */
447 1.1 jonathan if (ip6.ip6_plen == 0) {
448 1.48 christos DPRINTF(("%s: unsupported IPv6 jumbogram\n", __func__));
449 1.1 jonathan m_freem(m);
450 1.1 jonathan return EMSGSIZE;
451 1.1 jonathan }
452 1.1 jonathan
453 1.1 jonathan ip6.ip6_flow = 0;
454 1.1 jonathan ip6.ip6_hlim = 0;
455 1.1 jonathan ip6.ip6_vfc &= ~IPV6_VERSION_MASK;
456 1.1 jonathan ip6.ip6_vfc |= IPV6_VERSION;
457 1.1 jonathan
458 1.1 jonathan /* Scoped address handling. */
459 1.1 jonathan if (IN6_IS_SCOPE_LINKLOCAL(&ip6.ip6_src))
460 1.1 jonathan ip6.ip6_src.s6_addr16[1] = 0;
461 1.1 jonathan if (IN6_IS_SCOPE_LINKLOCAL(&ip6.ip6_dst))
462 1.1 jonathan ip6.ip6_dst.s6_addr16[1] = 0;
463 1.1 jonathan
464 1.1 jonathan /* Done with IPv6 header. */
465 1.15 degroote m_copyback(m, 0, sizeof(struct ip6_hdr), &ip6);
466 1.1 jonathan
467 1.1 jonathan /* Let's deal with the remaining headers (if any). */
468 1.1 jonathan if (skip - sizeof(struct ip6_hdr) > 0) {
469 1.1 jonathan if (m->m_len <= skip) {
470 1.50 christos ptr = malloc(skip - sizeof(struct ip6_hdr),
471 1.1 jonathan M_XDATA, M_NOWAIT);
472 1.1 jonathan if (ptr == NULL) {
473 1.48 christos DPRINTF(("%s: failed to allocate "
474 1.48 christos "memory for IPv6 headers\n",
475 1.48 christos __func__));
476 1.1 jonathan m_freem(m);
477 1.1 jonathan return ENOBUFS;
478 1.1 jonathan }
479 1.1 jonathan
480 1.1 jonathan /*
481 1.1 jonathan * Copy all the protocol headers after
482 1.1 jonathan * the IPv6 header.
483 1.1 jonathan */
484 1.1 jonathan m_copydata(m, sizeof(struct ip6_hdr),
485 1.1 jonathan skip - sizeof(struct ip6_hdr), ptr);
486 1.1 jonathan alloc = 1;
487 1.1 jonathan } else {
488 1.1 jonathan /* No need to allocate memory. */
489 1.1 jonathan ptr = mtod(m, unsigned char *) +
490 1.1 jonathan sizeof(struct ip6_hdr);
491 1.1 jonathan alloc = 0;
492 1.1 jonathan }
493 1.1 jonathan } else
494 1.1 jonathan break;
495 1.1 jonathan
496 1.34 drochner nxt = ip6.ip6_nxt & 0xff; /* Next header type. */
497 1.1 jonathan
498 1.77 maxv for (off = 0; off < skip - sizeof(struct ip6_hdr);) {
499 1.77 maxv int noff;
500 1.77 maxv
501 1.34 drochner switch (nxt) {
502 1.1 jonathan case IPPROTO_HOPOPTS:
503 1.1 jonathan case IPPROTO_DSTOPTS:
504 1.77 maxv ip6e = (struct ip6_ext *)(ptr + off);
505 1.77 maxv noff = off + ((ip6e->ip6e_len + 1) << 3);
506 1.77 maxv
507 1.77 maxv /* Sanity check. */
508 1.77 maxv if (noff > skip - sizeof(struct ip6_hdr)) {
509 1.77 maxv goto error6;
510 1.77 maxv }
511 1.1 jonathan
512 1.1 jonathan /*
513 1.77 maxv * Zero out mutable options.
514 1.1 jonathan */
515 1.34 drochner for (count = off + sizeof(struct ip6_ext);
516 1.77 maxv count < noff;) {
517 1.1 jonathan if (ptr[count] == IP6OPT_PAD1) {
518 1.1 jonathan count++;
519 1.77 maxv continue;
520 1.1 jonathan }
521 1.1 jonathan
522 1.77 maxv ad = ptr[count + 1] + 2;
523 1.77 maxv
524 1.77 maxv if (count + ad > noff) {
525 1.77 maxv goto error6;
526 1.1 jonathan }
527 1.1 jonathan
528 1.77 maxv if (ptr[count] & IP6OPT_MUTABLE) {
529 1.77 maxv memset(ptr + count, 0, ad);
530 1.77 maxv }
531 1.1 jonathan
532 1.1 jonathan count += ad;
533 1.77 maxv }
534 1.1 jonathan
535 1.77 maxv if (count != noff) {
536 1.77 maxv goto error6;
537 1.1 jonathan }
538 1.1 jonathan
539 1.1 jonathan /* Advance. */
540 1.34 drochner off += ((ip6e->ip6e_len + 1) << 3);
541 1.34 drochner nxt = ip6e->ip6e_nxt;
542 1.1 jonathan break;
543 1.1 jonathan
544 1.1 jonathan case IPPROTO_ROUTING:
545 1.1 jonathan /*
546 1.1 jonathan * Always include routing headers in
547 1.1 jonathan * computation.
548 1.1 jonathan */
549 1.50 christos ip6e = (struct ip6_ext *) (ptr + off);
550 1.50 christos rh = (struct ip6_rthdr *)(ptr + off);
551 1.50 christos /*
552 1.50 christos * must adjust content to make it look like
553 1.50 christos * its final form (as seen at the final
554 1.50 christos * destination).
555 1.50 christos * we only know how to massage type 0 routing
556 1.50 christos * header.
557 1.50 christos */
558 1.50 christos if (out && rh->ip6r_type == IPV6_RTHDR_TYPE_0) {
559 1.50 christos struct ip6_rthdr0 *rh0;
560 1.50 christos struct in6_addr *addr, finaldst;
561 1.50 christos int i;
562 1.50 christos
563 1.50 christos rh0 = (struct ip6_rthdr0 *)rh;
564 1.50 christos addr = (struct in6_addr *)(rh0 + 1);
565 1.50 christos
566 1.50 christos for (i = 0; i < rh0->ip6r0_segleft; i++)
567 1.50 christos in6_clearscope(&addr[i]);
568 1.50 christos
569 1.50 christos finaldst = addr[rh0->ip6r0_segleft - 1];
570 1.50 christos memmove(&addr[1], &addr[0],
571 1.50 christos sizeof(struct in6_addr) *
572 1.50 christos (rh0->ip6r0_segleft - 1));
573 1.50 christos
574 1.50 christos m_copydata(m, 0, sizeof(ip6), &ip6);
575 1.50 christos addr[0] = ip6.ip6_dst;
576 1.50 christos ip6.ip6_dst = finaldst;
577 1.50 christos m_copyback(m, 0, sizeof(ip6), &ip6);
578 1.34 drochner
579 1.50 christos rh0->ip6r0_segleft = 0;
580 1.50 christos }
581 1.34 drochner
582 1.50 christos /* advance */
583 1.50 christos off += ((ip6e->ip6e_len + 1) << 3);
584 1.50 christos nxt = ip6e->ip6e_nxt;
585 1.50 christos break;
586 1.1 jonathan
587 1.1 jonathan default:
588 1.48 christos DPRINTF(("%s: unexpected IPv6 header type %d\n",
589 1.48 christos __func__, off));
590 1.77 maxv error6:
591 1.1 jonathan if (alloc)
592 1.22 cegger free(ptr, M_XDATA);
593 1.1 jonathan m_freem(m);
594 1.1 jonathan return EINVAL;
595 1.1 jonathan }
596 1.77 maxv }
597 1.1 jonathan
598 1.1 jonathan /* Copyback and free, if we allocated. */
599 1.1 jonathan if (alloc) {
600 1.1 jonathan m_copyback(m, sizeof(struct ip6_hdr),
601 1.1 jonathan skip - sizeof(struct ip6_hdr), ptr);
602 1.1 jonathan free(ptr, M_XDATA);
603 1.1 jonathan }
604 1.1 jonathan
605 1.1 jonathan break;
606 1.1 jonathan #endif /* INET6 */
607 1.1 jonathan }
608 1.1 jonathan
609 1.1 jonathan return 0;
610 1.1 jonathan }
611 1.1 jonathan
612 1.1 jonathan /*
613 1.1 jonathan * ah_input() gets called to verify that an input packet
614 1.1 jonathan * passes authentication.
615 1.1 jonathan */
616 1.1 jonathan static int
617 1.60 ozaki ah_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff)
618 1.1 jonathan {
619 1.31 drochner const struct auth_hash *ahx;
620 1.67 ozaki struct tdb_crypto *tc = NULL;
621 1.1 jonathan struct newah *ah;
622 1.67 ozaki int hl, rplen, authsize, error, stat = AH_STAT_HDROPS;
623 1.1 jonathan struct cryptodesc *crda;
624 1.67 ozaki struct cryptop *crp = NULL;
625 1.79 ozaki bool pool_used;
626 1.1 jonathan
627 1.50 christos IPSEC_SPLASSERT_SOFTNET(__func__);
628 1.1 jonathan
629 1.52 ozaki KASSERT(sav != NULL);
630 1.52 ozaki KASSERT(sav->key_auth != NULL);
631 1.52 ozaki KASSERT(sav->tdb_authalgxform != NULL);
632 1.1 jonathan
633 1.1 jonathan /* Figure out header size. */
634 1.1 jonathan rplen = HDRSIZE(sav);
635 1.1 jonathan
636 1.1 jonathan /* XXX don't pullup, just copy header */
637 1.1 jonathan IP6_EXTHDR_GET(ah, struct newah *, m, skip, rplen);
638 1.1 jonathan if (ah == NULL) {
639 1.48 christos DPRINTF(("%s: cannot pullup header\n", __func__));
640 1.67 ozaki error = ENOBUFS;
641 1.67 ozaki stat = AH_STAT_HDROPS; /*XXX*/
642 1.67 ozaki goto bad;
643 1.1 jonathan }
644 1.1 jonathan
645 1.1 jonathan /* Check replay window, if applicable. */
646 1.1 jonathan if (sav->replay && !ipsec_chkreplay(ntohl(ah->ah_seq), sav)) {
647 1.54 ryo char buf[IPSEC_LOGSASTRLEN];
648 1.48 christos DPRINTF(("%s: packet replay failure: %s\n", __func__,
649 1.54 ryo ipsec_logsastr(sav, buf, sizeof(buf))));
650 1.67 ozaki stat = AH_STAT_REPLAY;
651 1.67 ozaki error = ENOBUFS;
652 1.67 ozaki goto bad;
653 1.1 jonathan }
654 1.1 jonathan
655 1.1 jonathan /* Verify AH header length. */
656 1.50 christos hl = ah->ah_len * sizeof(uint32_t);
657 1.1 jonathan ahx = sav->tdb_authalgxform;
658 1.1 jonathan authsize = AUTHSIZE(sav);
659 1.50 christos if (hl != authsize + rplen - sizeof(struct ah)) {
660 1.54 ryo char buf[IPSEC_ADDRSTRLEN];
661 1.48 christos DPRINTF(("%s: bad authenticator length %u (expecting %lu)"
662 1.48 christos " for packet in SA %s/%08lx\n", __func__,
663 1.50 christos hl, (u_long) (authsize + rplen - sizeof(struct ah)),
664 1.54 ryo ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
665 1.1 jonathan (u_long) ntohl(sav->spi)));
666 1.67 ozaki stat = AH_STAT_BADAUTHL;
667 1.67 ozaki error = EACCES;
668 1.67 ozaki goto bad;
669 1.1 jonathan }
670 1.21 thorpej AH_STATADD(AH_STAT_IBYTES, m->m_pkthdr.len - skip - hl);
671 1.1 jonathan
672 1.1 jonathan /* Get crypto descriptors. */
673 1.1 jonathan crp = crypto_getreq(1);
674 1.1 jonathan if (crp == NULL) {
675 1.48 christos DPRINTF(("%s: failed to acquire crypto descriptor\n", __func__));
676 1.67 ozaki stat = AH_STAT_CRYPTO;
677 1.67 ozaki error = ENOBUFS;
678 1.67 ozaki goto bad;
679 1.1 jonathan }
680 1.1 jonathan
681 1.1 jonathan crda = crp->crp_desc;
682 1.52 ozaki KASSERT(crda != NULL);
683 1.1 jonathan
684 1.1 jonathan crda->crd_skip = 0;
685 1.1 jonathan crda->crd_len = m->m_pkthdr.len;
686 1.1 jonathan crda->crd_inject = skip + rplen;
687 1.1 jonathan
688 1.1 jonathan /* Authentication operation. */
689 1.1 jonathan crda->crd_alg = ahx->type;
690 1.1 jonathan crda->crd_key = _KEYBUF(sav->key_auth);
691 1.1 jonathan crda->crd_klen = _KEYBITS(sav->key_auth);
692 1.1 jonathan
693 1.1 jonathan /* Allocate IPsec-specific opaque crypto info. */
694 1.49 christos size_t size = sizeof(*tc);
695 1.49 christos size_t extra = skip + rplen + authsize;
696 1.56 ozaki size += extra;
697 1.49 christos
698 1.79 ozaki if (__predict_true(size <= ah_pool_item_size)) {
699 1.79 ozaki tc = pool_cache_get(ah_tdb_crypto_pool_cache, PR_NOWAIT);
700 1.79 ozaki pool_used = true;
701 1.79 ozaki } else {
702 1.79 ozaki /* size can exceed on IPv6 packets with large options. */
703 1.79 ozaki tc = kmem_intr_zalloc(size, KM_NOSLEEP);
704 1.79 ozaki pool_used = false;
705 1.79 ozaki }
706 1.1 jonathan if (tc == NULL) {
707 1.48 christos DPRINTF(("%s: failed to allocate tdb_crypto\n", __func__));
708 1.67 ozaki stat = AH_STAT_CRYPTO;
709 1.67 ozaki error = ENOBUFS;
710 1.67 ozaki goto bad;
711 1.1 jonathan }
712 1.1 jonathan
713 1.49 christos error = m_makewritable(&m, 0, extra, M_NOWAIT);
714 1.36 drochner if (error) {
715 1.66 ozaki DPRINTF(("%s: failed to m_makewritable\n", __func__));
716 1.67 ozaki goto bad;
717 1.36 drochner }
718 1.36 drochner
719 1.56 ozaki /*
720 1.56 ozaki * Save the authenticator, the skipped portion of the packet,
721 1.56 ozaki * and the AH header.
722 1.56 ozaki */
723 1.56 ozaki m_copydata(m, 0, extra, (tc + 1));
724 1.56 ozaki /* Zeroize the authenticator on the packet. */
725 1.56 ozaki m_copyback(m, skip + rplen, authsize, ipseczeroes);
726 1.56 ozaki
727 1.56 ozaki /* "Massage" the packet headers for crypto processing. */
728 1.56 ozaki error = ah_massage_headers(&m, sav->sah->saidx.dst.sa.sa_family,
729 1.56 ozaki skip, ahx->type, 0);
730 1.56 ozaki if (error != 0) {
731 1.56 ozaki /* NB: mbuf is free'd by ah_massage_headers */
732 1.67 ozaki m = NULL;
733 1.67 ozaki goto bad;
734 1.1 jonathan }
735 1.1 jonathan
736 1.72 ozaki {
737 1.72 ozaki int s = pserialize_read_enter();
738 1.72 ozaki
739 1.72 ozaki /*
740 1.72 ozaki * Take another reference to the SA for opencrypto callback.
741 1.72 ozaki */
742 1.72 ozaki if (__predict_false(sav->state == SADB_SASTATE_DEAD)) {
743 1.72 ozaki pserialize_read_exit(s);
744 1.72 ozaki stat = AH_STAT_NOTDB;
745 1.72 ozaki error = ENOENT;
746 1.72 ozaki goto bad;
747 1.72 ozaki }
748 1.72 ozaki KEY_SA_REF(sav);
749 1.72 ozaki pserialize_read_exit(s);
750 1.72 ozaki }
751 1.72 ozaki
752 1.1 jonathan /* Crypto operation descriptor. */
753 1.1 jonathan crp->crp_ilen = m->m_pkthdr.len; /* Total input length. */
754 1.1 jonathan crp->crp_flags = CRYPTO_F_IMBUF;
755 1.15 degroote crp->crp_buf = m;
756 1.1 jonathan crp->crp_callback = ah_input_cb;
757 1.1 jonathan crp->crp_sid = sav->tdb_cryptoid;
758 1.15 degroote crp->crp_opaque = tc;
759 1.1 jonathan
760 1.1 jonathan /* These are passed as-is to the callback. */
761 1.1 jonathan tc->tc_spi = sav->spi;
762 1.1 jonathan tc->tc_dst = sav->sah->saidx.dst;
763 1.1 jonathan tc->tc_proto = sav->sah->saidx.proto;
764 1.1 jonathan tc->tc_nxt = ah->ah_nxt;
765 1.1 jonathan tc->tc_protoff = protoff;
766 1.1 jonathan tc->tc_skip = skip;
767 1.60 ozaki tc->tc_sav = sav;
768 1.1 jonathan
769 1.56 ozaki DPRINTF(("%s: hash over %d bytes, skip %d: "
770 1.56 ozaki "crda len %d skip %d inject %d\n", __func__,
771 1.1 jonathan crp->crp_ilen, tc->tc_skip,
772 1.1 jonathan crda->crd_len, crda->crd_skip, crda->crd_inject));
773 1.1 jonathan
774 1.56 ozaki return crypto_dispatch(crp);
775 1.67 ozaki
776 1.67 ozaki bad:
777 1.79 ozaki if (tc != NULL) {
778 1.79 ozaki if (__predict_true(pool_used))
779 1.79 ozaki pool_cache_put(ah_tdb_crypto_pool_cache, tc);
780 1.79 ozaki else
781 1.79 ozaki kmem_intr_free(tc, size);
782 1.79 ozaki }
783 1.67 ozaki if (crp != NULL)
784 1.67 ozaki crypto_freereq(crp);
785 1.67 ozaki if (m != NULL)
786 1.67 ozaki m_freem(m);
787 1.67 ozaki AH_STATINC(stat);
788 1.67 ozaki return error;
789 1.1 jonathan }
790 1.1 jonathan
791 1.1 jonathan #ifdef INET6
792 1.56 ozaki #define IPSEC_COMMON_INPUT_CB(m, sav, skip, protoff) do { \
793 1.1 jonathan if (saidx->dst.sa.sa_family == AF_INET6) { \
794 1.56 ozaki error = ipsec6_common_input_cb(m, sav, skip, protoff); \
795 1.1 jonathan } else { \
796 1.56 ozaki error = ipsec4_common_input_cb(m, sav, skip, protoff); \
797 1.1 jonathan } \
798 1.1 jonathan } while (0)
799 1.1 jonathan #else
800 1.56 ozaki #define IPSEC_COMMON_INPUT_CB(m, sav, skip, protoff) \
801 1.56 ozaki (error = ipsec4_common_input_cb(m, sav, skip, protoff))
802 1.1 jonathan #endif
803 1.1 jonathan
804 1.1 jonathan /*
805 1.1 jonathan * AH input callback from the crypto driver.
806 1.1 jonathan */
807 1.1 jonathan static int
808 1.1 jonathan ah_input_cb(struct cryptop *crp)
809 1.1 jonathan {
810 1.54 ryo char buf[IPSEC_ADDRSTRLEN];
811 1.1 jonathan int rplen, error, skip, protoff;
812 1.1 jonathan unsigned char calc[AH_ALEN_MAX];
813 1.1 jonathan struct mbuf *m;
814 1.1 jonathan struct tdb_crypto *tc;
815 1.1 jonathan struct secasvar *sav;
816 1.1 jonathan struct secasindex *saidx;
817 1.50 christos uint8_t nxt;
818 1.14 degroote char *ptr;
819 1.69 ozaki int authsize;
820 1.50 christos uint16_t dport;
821 1.50 christos uint16_t sport;
822 1.79 ozaki bool pool_used;
823 1.79 ozaki size_t size;
824 1.69 ozaki IPSEC_DECLARE_LOCK_VARIABLE;
825 1.1 jonathan
826 1.52 ozaki KASSERT(crp->crp_opaque != NULL);
827 1.50 christos tc = crp->crp_opaque;
828 1.1 jonathan skip = tc->tc_skip;
829 1.1 jonathan nxt = tc->tc_nxt;
830 1.1 jonathan protoff = tc->tc_protoff;
831 1.50 christos m = crp->crp_buf;
832 1.1 jonathan
833 1.18 degroote
834 1.18 degroote /* find the source port for NAT-T */
835 1.39 christos nat_t_ports_get(m, &dport, &sport);
836 1.18 degroote
837 1.69 ozaki IPSEC_ACQUIRE_GLOBAL_LOCKS();
838 1.1 jonathan
839 1.60 ozaki sav = tc->tc_sav;
840 1.1 jonathan saidx = &sav->sah->saidx;
841 1.52 ozaki KASSERTMSG(saidx->dst.sa.sa_family == AF_INET ||
842 1.52 ozaki saidx->dst.sa.sa_family == AF_INET6,
843 1.52 ozaki "unexpected protocol family %u", saidx->dst.sa.sa_family);
844 1.1 jonathan
845 1.79 ozaki /* Figure out header size. */
846 1.79 ozaki rplen = HDRSIZE(sav);
847 1.79 ozaki authsize = AUTHSIZE(sav);
848 1.79 ozaki
849 1.79 ozaki size = sizeof(*tc) + skip + rplen + authsize;
850 1.79 ozaki if (__predict_true(size <= ah_pool_item_size))
851 1.79 ozaki pool_used = true;
852 1.79 ozaki else
853 1.79 ozaki pool_used = false;
854 1.79 ozaki
855 1.1 jonathan /* Check for crypto errors. */
856 1.1 jonathan if (crp->crp_etype) {
857 1.1 jonathan if (sav->tdb_cryptoid != 0)
858 1.1 jonathan sav->tdb_cryptoid = crp->crp_sid;
859 1.1 jonathan
860 1.27 drochner if (crp->crp_etype == EAGAIN) {
861 1.69 ozaki IPSEC_RELEASE_GLOBAL_LOCKS();
862 1.1 jonathan return crypto_dispatch(crp);
863 1.27 drochner }
864 1.1 jonathan
865 1.21 thorpej AH_STATINC(AH_STAT_NOXFORM);
866 1.48 christos DPRINTF(("%s: crypto error %d\n", __func__, crp->crp_etype));
867 1.1 jonathan error = crp->crp_etype;
868 1.1 jonathan goto bad;
869 1.1 jonathan } else {
870 1.47 christos AH_STATINC(AH_STAT_HIST + ah_stats[sav->alg_auth]);
871 1.1 jonathan crypto_freereq(crp); /* No longer needed. */
872 1.1 jonathan crp = NULL;
873 1.1 jonathan }
874 1.1 jonathan
875 1.1 jonathan if (ipsec_debug)
876 1.43 ozaki memset(calc, 0, sizeof(calc));
877 1.1 jonathan
878 1.1 jonathan /* Copy authenticator off the packet. */
879 1.1 jonathan m_copydata(m, skip + rplen, authsize, calc);
880 1.1 jonathan
881 1.56 ozaki ptr = (char *)(tc + 1);
882 1.56 ozaki const uint8_t *pppp = ptr + skip + rplen;
883 1.56 ozaki
884 1.56 ozaki /* Verify authenticator. */
885 1.56 ozaki if (!consttime_memequal(pppp, calc, authsize)) {
886 1.56 ozaki DPRINTF(("%s: authentication hash mismatch " \
887 1.56 ozaki "over %d bytes " \
888 1.56 ozaki "for packet in SA %s/%08lx:\n" \
889 1.56 ozaki "%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x, " \
890 1.56 ozaki "%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x\n",
891 1.56 ozaki __func__, authsize,
892 1.56 ozaki ipsec_address(&saidx->dst, buf, sizeof(buf)),
893 1.56 ozaki (u_long) ntohl(sav->spi),
894 1.56 ozaki calc[0], calc[1], calc[2], calc[3],
895 1.56 ozaki calc[4], calc[5], calc[6], calc[7],
896 1.56 ozaki calc[8], calc[9], calc[10], calc[11],
897 1.56 ozaki pppp[0], pppp[1], pppp[2], pppp[3],
898 1.56 ozaki pppp[4], pppp[5], pppp[6], pppp[7],
899 1.56 ozaki pppp[8], pppp[9], pppp[10], pppp[11]
900 1.56 ozaki ));
901 1.56 ozaki AH_STATINC(AH_STAT_BADAUTH);
902 1.56 ozaki error = EACCES;
903 1.56 ozaki goto bad;
904 1.56 ozaki }
905 1.1 jonathan
906 1.56 ozaki /* Fix the Next Protocol field. */
907 1.56 ozaki ptr[protoff] = nxt;
908 1.1 jonathan
909 1.56 ozaki /* Copyback the saved (uncooked) network headers. */
910 1.56 ozaki m_copyback(m, 0, skip, ptr);
911 1.1 jonathan
912 1.79 ozaki if (__predict_true(pool_used))
913 1.79 ozaki pool_cache_put(ah_tdb_crypto_pool_cache, tc);
914 1.79 ozaki else
915 1.79 ozaki kmem_intr_free(tc, size);
916 1.68 ozaki tc = NULL;
917 1.1 jonathan
918 1.1 jonathan /*
919 1.1 jonathan * Header is now authenticated.
920 1.1 jonathan */
921 1.1 jonathan m->m_flags |= M_AUTHIPHDR|M_AUTHIPDGM;
922 1.1 jonathan
923 1.1 jonathan /*
924 1.1 jonathan * Update replay sequence number, if appropriate.
925 1.1 jonathan */
926 1.1 jonathan if (sav->replay) {
927 1.50 christos uint32_t seq;
928 1.1 jonathan
929 1.1 jonathan m_copydata(m, skip + offsetof(struct newah, ah_seq),
930 1.50 christos sizeof(seq), &seq);
931 1.1 jonathan if (ipsec_updatereplay(ntohl(seq), sav)) {
932 1.21 thorpej AH_STATINC(AH_STAT_REPLAY);
933 1.1 jonathan error = ENOBUFS; /*XXX as above*/
934 1.1 jonathan goto bad;
935 1.1 jonathan }
936 1.1 jonathan }
937 1.1 jonathan
938 1.1 jonathan /*
939 1.1 jonathan * Remove the AH header and authenticator from the mbuf.
940 1.1 jonathan */
941 1.1 jonathan error = m_striphdr(m, skip, rplen + authsize);
942 1.1 jonathan if (error) {
943 1.48 christos DPRINTF(("%s: mangled mbuf chain for SA %s/%08lx\n", __func__,
944 1.54 ryo ipsec_address(&saidx->dst, buf, sizeof(buf)),
945 1.54 ryo (u_long) ntohl(sav->spi)));
946 1.1 jonathan
947 1.21 thorpej AH_STATINC(AH_STAT_HDROPS);
948 1.1 jonathan goto bad;
949 1.1 jonathan }
950 1.1 jonathan
951 1.56 ozaki IPSEC_COMMON_INPUT_CB(m, sav, skip, protoff);
952 1.1 jonathan
953 1.71 ozaki KEY_SA_UNREF(&sav);
954 1.69 ozaki IPSEC_RELEASE_GLOBAL_LOCKS();
955 1.1 jonathan return error;
956 1.1 jonathan bad:
957 1.1 jonathan if (sav)
958 1.71 ozaki KEY_SA_UNREF(&sav);
959 1.69 ozaki IPSEC_RELEASE_GLOBAL_LOCKS();
960 1.1 jonathan if (m != NULL)
961 1.1 jonathan m_freem(m);
962 1.79 ozaki if (tc != NULL) {
963 1.79 ozaki if (pool_used)
964 1.79 ozaki pool_cache_put(ah_tdb_crypto_pool_cache, tc);
965 1.79 ozaki else
966 1.79 ozaki kmem_intr_free(tc, size);
967 1.79 ozaki }
968 1.1 jonathan if (crp != NULL)
969 1.1 jonathan crypto_freereq(crp);
970 1.1 jonathan return error;
971 1.1 jonathan }
972 1.1 jonathan
973 1.1 jonathan /*
974 1.1 jonathan * AH output routine, called by ipsec[46]_process_packet().
975 1.1 jonathan */
976 1.1 jonathan static int
977 1.1 jonathan ah_output(
978 1.11 christos struct mbuf *m,
979 1.74 ozaki const struct ipsecrequest *isr,
980 1.61 ozaki struct secasvar *sav,
981 1.12 christos struct mbuf **mp,
982 1.11 christos int skip,
983 1.11 christos int protoff
984 1.11 christos )
985 1.1 jonathan {
986 1.54 ryo char buf[IPSEC_ADDRSTRLEN];
987 1.31 drochner const struct auth_hash *ahx;
988 1.1 jonathan struct cryptodesc *crda;
989 1.1 jonathan struct tdb_crypto *tc;
990 1.1 jonathan struct mbuf *mi;
991 1.1 jonathan struct cryptop *crp;
992 1.49 christos uint16_t iplen;
993 1.1 jonathan int error, rplen, authsize, maxpacketsize, roff;
994 1.49 christos uint8_t prot;
995 1.1 jonathan struct newah *ah;
996 1.1 jonathan
997 1.50 christos IPSEC_SPLASSERT_SOFTNET(__func__);
998 1.1 jonathan
999 1.52 ozaki KASSERT(sav != NULL);
1000 1.52 ozaki KASSERT(sav->tdb_authalgxform != NULL);
1001 1.1 jonathan ahx = sav->tdb_authalgxform;
1002 1.1 jonathan
1003 1.21 thorpej AH_STATINC(AH_STAT_OUTPUT);
1004 1.1 jonathan
1005 1.1 jonathan /* Figure out header size. */
1006 1.1 jonathan rplen = HDRSIZE(sav);
1007 1.1 jonathan
1008 1.49 christos size_t ipoffs;
1009 1.1 jonathan /* Check for maximum packet size violations. */
1010 1.1 jonathan switch (sav->sah->saidx.dst.sa.sa_family) {
1011 1.1 jonathan #ifdef INET
1012 1.1 jonathan case AF_INET:
1013 1.1 jonathan maxpacketsize = IP_MAXPACKET;
1014 1.49 christos ipoffs = offsetof(struct ip, ip_len);
1015 1.1 jonathan break;
1016 1.1 jonathan #endif /* INET */
1017 1.1 jonathan #ifdef INET6
1018 1.1 jonathan case AF_INET6:
1019 1.1 jonathan maxpacketsize = IPV6_MAXPACKET;
1020 1.49 christos ipoffs = offsetof(struct ip6_hdr, ip6_plen);
1021 1.1 jonathan break;
1022 1.1 jonathan #endif /* INET6 */
1023 1.1 jonathan default:
1024 1.48 christos DPRINTF(("%s: unknown/unsupported protocol "
1025 1.48 christos "family %u, SA %s/%08lx\n", __func__,
1026 1.1 jonathan sav->sah->saidx.dst.sa.sa_family,
1027 1.54 ryo ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
1028 1.1 jonathan (u_long) ntohl(sav->spi)));
1029 1.21 thorpej AH_STATINC(AH_STAT_NOPF);
1030 1.1 jonathan error = EPFNOSUPPORT;
1031 1.1 jonathan goto bad;
1032 1.1 jonathan }
1033 1.1 jonathan authsize = AUTHSIZE(sav);
1034 1.1 jonathan if (rplen + authsize + m->m_pkthdr.len > maxpacketsize) {
1035 1.48 christos DPRINTF(("%s: packet in SA %s/%08lx got too big "
1036 1.48 christos "(len %u, max len %u)\n", __func__,
1037 1.54 ryo ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
1038 1.1 jonathan (u_long) ntohl(sav->spi),
1039 1.1 jonathan rplen + authsize + m->m_pkthdr.len, maxpacketsize));
1040 1.21 thorpej AH_STATINC(AH_STAT_TOOBIG);
1041 1.1 jonathan error = EMSGSIZE;
1042 1.1 jonathan goto bad;
1043 1.1 jonathan }
1044 1.1 jonathan
1045 1.1 jonathan /* Update the counters. */
1046 1.21 thorpej AH_STATADD(AH_STAT_OBYTES, m->m_pkthdr.len - skip);
1047 1.1 jonathan
1048 1.1 jonathan m = m_clone(m);
1049 1.1 jonathan if (m == NULL) {
1050 1.48 christos DPRINTF(("%s: cannot clone mbuf chain, SA %s/%08lx\n", __func__,
1051 1.54 ryo ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
1052 1.1 jonathan (u_long) ntohl(sav->spi)));
1053 1.21 thorpej AH_STATINC(AH_STAT_HDROPS);
1054 1.1 jonathan error = ENOBUFS;
1055 1.1 jonathan goto bad;
1056 1.1 jonathan }
1057 1.1 jonathan
1058 1.1 jonathan /* Inject AH header. */
1059 1.1 jonathan mi = m_makespace(m, skip, rplen + authsize, &roff);
1060 1.1 jonathan if (mi == NULL) {
1061 1.48 christos DPRINTF(("%s: failed to inject %u byte AH header for SA "
1062 1.48 christos "%s/%08lx\n", __func__,
1063 1.1 jonathan rplen + authsize,
1064 1.54 ryo ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
1065 1.1 jonathan (u_long) ntohl(sav->spi)));
1066 1.21 thorpej AH_STATINC(AH_STAT_HDROPS); /*XXX differs from openbsd */
1067 1.1 jonathan error = ENOBUFS;
1068 1.1 jonathan goto bad;
1069 1.1 jonathan }
1070 1.1 jonathan
1071 1.1 jonathan /*
1072 1.1 jonathan * The AH header is guaranteed by m_makespace() to be in
1073 1.1 jonathan * contiguous memory, at roff bytes offset into the returned mbuf.
1074 1.1 jonathan */
1075 1.14 degroote ah = (struct newah *)(mtod(mi, char *) + roff);
1076 1.1 jonathan
1077 1.1 jonathan /* Initialize the AH header. */
1078 1.50 christos m_copydata(m, protoff, sizeof(uint8_t), &ah->ah_nxt);
1079 1.50 christos ah->ah_len = (rplen + authsize - sizeof(struct ah)) / sizeof(uint32_t);
1080 1.1 jonathan ah->ah_reserve = 0;
1081 1.1 jonathan ah->ah_spi = sav->spi;
1082 1.1 jonathan
1083 1.1 jonathan /* Zeroize authenticator. */
1084 1.1 jonathan m_copyback(m, skip + rplen, authsize, ipseczeroes);
1085 1.1 jonathan
1086 1.1 jonathan /* Insert packet replay counter, as requested. */
1087 1.1 jonathan if (sav->replay) {
1088 1.1 jonathan if (sav->replay->count == ~0 &&
1089 1.1 jonathan (sav->flags & SADB_X_EXT_CYCSEQ) == 0) {
1090 1.48 christos DPRINTF(("%s: replay counter wrapped for SA %s/%08lx\n",
1091 1.54 ryo __func__, ipsec_address(&sav->sah->saidx.dst, buf,
1092 1.54 ryo sizeof(buf)), (u_long) ntohl(sav->spi)));
1093 1.21 thorpej AH_STATINC(AH_STAT_WRAP);
1094 1.1 jonathan error = EINVAL;
1095 1.1 jonathan goto bad;
1096 1.1 jonathan }
1097 1.10 rpaulo #ifdef IPSEC_DEBUG
1098 1.10 rpaulo /* Emulate replay attack when ipsec_replay is TRUE. */
1099 1.10 rpaulo if (!ipsec_replay)
1100 1.10 rpaulo #endif
1101 1.10 rpaulo sav->replay->count++;
1102 1.1 jonathan ah->ah_seq = htonl(sav->replay->count);
1103 1.1 jonathan }
1104 1.1 jonathan
1105 1.1 jonathan /* Get crypto descriptors. */
1106 1.1 jonathan crp = crypto_getreq(1);
1107 1.1 jonathan if (crp == NULL) {
1108 1.48 christos DPRINTF(("%s: failed to acquire crypto descriptors\n",
1109 1.48 christos __func__));
1110 1.21 thorpej AH_STATINC(AH_STAT_CRYPTO);
1111 1.1 jonathan error = ENOBUFS;
1112 1.1 jonathan goto bad;
1113 1.1 jonathan }
1114 1.1 jonathan
1115 1.1 jonathan crda = crp->crp_desc;
1116 1.1 jonathan
1117 1.1 jonathan crda->crd_skip = 0;
1118 1.1 jonathan crda->crd_inject = skip + rplen;
1119 1.1 jonathan crda->crd_len = m->m_pkthdr.len;
1120 1.1 jonathan
1121 1.1 jonathan /* Authentication operation. */
1122 1.1 jonathan crda->crd_alg = ahx->type;
1123 1.1 jonathan crda->crd_key = _KEYBUF(sav->key_auth);
1124 1.1 jonathan crda->crd_klen = _KEYBITS(sav->key_auth);
1125 1.1 jonathan
1126 1.1 jonathan /* Allocate IPsec-specific opaque crypto info. */
1127 1.73 ozaki tc = pool_cache_get(ah_tdb_crypto_pool_cache, PR_NOWAIT);
1128 1.1 jonathan if (tc == NULL) {
1129 1.1 jonathan crypto_freereq(crp);
1130 1.48 christos DPRINTF(("%s: failed to allocate tdb_crypto\n", __func__));
1131 1.21 thorpej AH_STATINC(AH_STAT_CRYPTO);
1132 1.1 jonathan error = ENOBUFS;
1133 1.1 jonathan goto bad;
1134 1.1 jonathan }
1135 1.1 jonathan
1136 1.49 christos uint8_t *pext = (char *)(tc + 1);
1137 1.1 jonathan /* Save the skipped portion of the packet. */
1138 1.49 christos m_copydata(m, 0, skip, pext);
1139 1.1 jonathan
1140 1.1 jonathan /*
1141 1.1 jonathan * Fix IP header length on the header used for
1142 1.1 jonathan * authentication. We don't need to fix the original
1143 1.1 jonathan * header length as it will be fixed by our caller.
1144 1.1 jonathan */
1145 1.49 christos memcpy(&iplen, pext + ipoffs, sizeof(iplen));
1146 1.49 christos iplen = htons(ntohs(iplen) + rplen + authsize);
1147 1.49 christos m_copyback(m, ipoffs, sizeof(iplen), &iplen);
1148 1.1 jonathan
1149 1.1 jonathan /* Fix the Next Header field in saved header. */
1150 1.49 christos pext[protoff] = IPPROTO_AH;
1151 1.1 jonathan
1152 1.1 jonathan /* Update the Next Protocol field in the IP header. */
1153 1.1 jonathan prot = IPPROTO_AH;
1154 1.49 christos m_copyback(m, protoff, sizeof(prot), &prot);
1155 1.1 jonathan
1156 1.1 jonathan /* "Massage" the packet headers for crypto processing. */
1157 1.1 jonathan error = ah_massage_headers(&m, sav->sah->saidx.dst.sa.sa_family,
1158 1.49 christos skip, ahx->type, 1);
1159 1.1 jonathan if (error != 0) {
1160 1.1 jonathan m = NULL; /* mbuf was free'd by ah_massage_headers. */
1161 1.73 ozaki pool_cache_put(ah_tdb_crypto_pool_cache, tc);
1162 1.1 jonathan crypto_freereq(crp);
1163 1.1 jonathan goto bad;
1164 1.1 jonathan }
1165 1.1 jonathan
1166 1.70 ozaki {
1167 1.70 ozaki int s = pserialize_read_enter();
1168 1.70 ozaki
1169 1.72 ozaki /*
1170 1.72 ozaki * Take another reference to the SP and the SA for opencrypto callback.
1171 1.72 ozaki */
1172 1.72 ozaki if (__predict_false(isr->sp->state == IPSEC_SPSTATE_DEAD ||
1173 1.72 ozaki sav->state == SADB_SASTATE_DEAD)) {
1174 1.70 ozaki pserialize_read_exit(s);
1175 1.73 ozaki pool_cache_put(ah_tdb_crypto_pool_cache, tc);
1176 1.70 ozaki crypto_freereq(crp);
1177 1.70 ozaki AH_STATINC(AH_STAT_NOTDB);
1178 1.70 ozaki error = ENOENT;
1179 1.70 ozaki goto bad;
1180 1.70 ozaki }
1181 1.70 ozaki KEY_SP_REF(isr->sp);
1182 1.72 ozaki KEY_SA_REF(sav);
1183 1.70 ozaki pserialize_read_exit(s);
1184 1.70 ozaki }
1185 1.70 ozaki
1186 1.1 jonathan /* Crypto operation descriptor. */
1187 1.1 jonathan crp->crp_ilen = m->m_pkthdr.len; /* Total input length. */
1188 1.1 jonathan crp->crp_flags = CRYPTO_F_IMBUF;
1189 1.15 degroote crp->crp_buf = m;
1190 1.1 jonathan crp->crp_callback = ah_output_cb;
1191 1.1 jonathan crp->crp_sid = sav->tdb_cryptoid;
1192 1.15 degroote crp->crp_opaque = tc;
1193 1.1 jonathan
1194 1.1 jonathan /* These are passed as-is to the callback. */
1195 1.1 jonathan tc->tc_isr = isr;
1196 1.1 jonathan tc->tc_spi = sav->spi;
1197 1.1 jonathan tc->tc_dst = sav->sah->saidx.dst;
1198 1.1 jonathan tc->tc_proto = sav->sah->saidx.proto;
1199 1.1 jonathan tc->tc_skip = skip;
1200 1.1 jonathan tc->tc_protoff = protoff;
1201 1.60 ozaki tc->tc_sav = sav;
1202 1.1 jonathan
1203 1.1 jonathan return crypto_dispatch(crp);
1204 1.1 jonathan bad:
1205 1.1 jonathan if (m)
1206 1.1 jonathan m_freem(m);
1207 1.1 jonathan return (error);
1208 1.1 jonathan }
1209 1.1 jonathan
1210 1.1 jonathan /*
1211 1.1 jonathan * AH output callback from the crypto driver.
1212 1.1 jonathan */
1213 1.1 jonathan static int
1214 1.1 jonathan ah_output_cb(struct cryptop *crp)
1215 1.1 jonathan {
1216 1.42 mrg int skip, error;
1217 1.1 jonathan struct tdb_crypto *tc;
1218 1.74 ozaki const struct ipsecrequest *isr;
1219 1.1 jonathan struct secasvar *sav;
1220 1.1 jonathan struct mbuf *m;
1221 1.13 christos void *ptr;
1222 1.69 ozaki int err;
1223 1.69 ozaki IPSEC_DECLARE_LOCK_VARIABLE;
1224 1.1 jonathan
1225 1.52 ozaki KASSERT(crp->crp_opaque != NULL);
1226 1.50 christos tc = crp->crp_opaque;
1227 1.1 jonathan skip = tc->tc_skip;
1228 1.15 degroote ptr = (tc + 1);
1229 1.50 christos m = crp->crp_buf;
1230 1.1 jonathan
1231 1.69 ozaki IPSEC_ACQUIRE_GLOBAL_LOCKS();
1232 1.1 jonathan
1233 1.1 jonathan isr = tc->tc_isr;
1234 1.60 ozaki sav = tc->tc_sav;
1235 1.1 jonathan
1236 1.1 jonathan /* Check for crypto errors. */
1237 1.1 jonathan if (crp->crp_etype) {
1238 1.1 jonathan if (sav->tdb_cryptoid != 0)
1239 1.1 jonathan sav->tdb_cryptoid = crp->crp_sid;
1240 1.1 jonathan
1241 1.1 jonathan if (crp->crp_etype == EAGAIN) {
1242 1.69 ozaki IPSEC_RELEASE_GLOBAL_LOCKS();
1243 1.1 jonathan return crypto_dispatch(crp);
1244 1.1 jonathan }
1245 1.1 jonathan
1246 1.21 thorpej AH_STATINC(AH_STAT_NOXFORM);
1247 1.48 christos DPRINTF(("%s: crypto error %d\n", __func__, crp->crp_etype));
1248 1.1 jonathan error = crp->crp_etype;
1249 1.1 jonathan goto bad;
1250 1.1 jonathan }
1251 1.1 jonathan
1252 1.47 christos AH_STATINC(AH_STAT_HIST + ah_stats[sav->alg_auth]);
1253 1.1 jonathan
1254 1.1 jonathan /*
1255 1.1 jonathan * Copy original headers (with the new protocol number) back
1256 1.1 jonathan * in place.
1257 1.1 jonathan */
1258 1.1 jonathan m_copyback(m, 0, skip, ptr);
1259 1.1 jonathan
1260 1.1 jonathan /* No longer needed. */
1261 1.73 ozaki pool_cache_put(ah_tdb_crypto_pool_cache, tc);
1262 1.1 jonathan crypto_freereq(crp);
1263 1.1 jonathan
1264 1.10 rpaulo #ifdef IPSEC_DEBUG
1265 1.10 rpaulo /* Emulate man-in-the-middle attack when ipsec_integrity is TRUE. */
1266 1.10 rpaulo if (ipsec_integrity) {
1267 1.10 rpaulo int alen;
1268 1.10 rpaulo
1269 1.10 rpaulo /*
1270 1.10 rpaulo * Corrupt HMAC if we want to test integrity verification of
1271 1.10 rpaulo * the other side.
1272 1.10 rpaulo */
1273 1.10 rpaulo alen = AUTHSIZE(sav);
1274 1.10 rpaulo m_copyback(m, m->m_pkthdr.len - alen, alen, ipseczeroes);
1275 1.10 rpaulo }
1276 1.10 rpaulo #endif
1277 1.10 rpaulo
1278 1.1 jonathan /* NB: m is reclaimed by ipsec_process_done. */
1279 1.61 ozaki err = ipsec_process_done(m, isr, sav);
1280 1.71 ozaki KEY_SA_UNREF(&sav);
1281 1.70 ozaki KEY_SP_UNREF(&isr->sp);
1282 1.69 ozaki IPSEC_RELEASE_GLOBAL_LOCKS();
1283 1.1 jonathan return err;
1284 1.1 jonathan bad:
1285 1.1 jonathan if (sav)
1286 1.71 ozaki KEY_SA_UNREF(&sav);
1287 1.70 ozaki KEY_SP_UNREF(&isr->sp);
1288 1.69 ozaki IPSEC_RELEASE_GLOBAL_LOCKS();
1289 1.1 jonathan if (m)
1290 1.1 jonathan m_freem(m);
1291 1.73 ozaki pool_cache_put(ah_tdb_crypto_pool_cache, tc);
1292 1.1 jonathan crypto_freereq(crp);
1293 1.1 jonathan return error;
1294 1.1 jonathan }
1295 1.1 jonathan
1296 1.1 jonathan static struct xformsw ah_xformsw = {
1297 1.55 ozaki .xf_type = XF_AH,
1298 1.55 ozaki .xf_flags = XFT_AUTH,
1299 1.55 ozaki .xf_name = "IPsec AH",
1300 1.55 ozaki .xf_init = ah_init,
1301 1.55 ozaki .xf_zeroize = ah_zeroize,
1302 1.55 ozaki .xf_input = ah_input,
1303 1.55 ozaki .xf_output = ah_output,
1304 1.55 ozaki .xf_next = NULL,
1305 1.1 jonathan };
1306 1.1 jonathan
1307 1.53 ozaki void
1308 1.1 jonathan ah_attach(void)
1309 1.1 jonathan {
1310 1.21 thorpej ahstat_percpu = percpu_alloc(sizeof(uint64_t) * AH_NSTATS);
1311 1.62 ozaki
1312 1.62 ozaki #define MAXAUTHSIZE(name) \
1313 1.62 ozaki if ((auth_hash_ ## name).authsize > ah_max_authsize) \
1314 1.62 ozaki ah_max_authsize = (auth_hash_ ## name).authsize
1315 1.62 ozaki
1316 1.62 ozaki ah_max_authsize = 0;
1317 1.62 ozaki MAXAUTHSIZE(null);
1318 1.62 ozaki MAXAUTHSIZE(md5);
1319 1.62 ozaki MAXAUTHSIZE(sha1);
1320 1.62 ozaki MAXAUTHSIZE(key_md5);
1321 1.62 ozaki MAXAUTHSIZE(key_sha1);
1322 1.62 ozaki MAXAUTHSIZE(hmac_md5);
1323 1.62 ozaki MAXAUTHSIZE(hmac_sha1);
1324 1.62 ozaki MAXAUTHSIZE(hmac_ripemd_160);
1325 1.62 ozaki MAXAUTHSIZE(hmac_md5_96);
1326 1.62 ozaki MAXAUTHSIZE(hmac_sha1_96);
1327 1.62 ozaki MAXAUTHSIZE(hmac_ripemd_160_96);
1328 1.62 ozaki MAXAUTHSIZE(hmac_sha2_256);
1329 1.62 ozaki MAXAUTHSIZE(hmac_sha2_384);
1330 1.62 ozaki MAXAUTHSIZE(hmac_sha2_512);
1331 1.62 ozaki MAXAUTHSIZE(aes_xcbc_mac_96);
1332 1.62 ozaki MAXAUTHSIZE(gmac_aes_128);
1333 1.62 ozaki MAXAUTHSIZE(gmac_aes_192);
1334 1.62 ozaki MAXAUTHSIZE(gmac_aes_256);
1335 1.62 ozaki IPSECLOG(LOG_DEBUG, "ah_max_authsize=%d\n", ah_max_authsize);
1336 1.62 ozaki
1337 1.62 ozaki #undef MAXAUTHSIZE
1338 1.62 ozaki
1339 1.68 ozaki ah_pool_item_size = sizeof(struct tdb_crypto) +
1340 1.68 ozaki sizeof(struct ip) + MAX_IPOPTLEN +
1341 1.68 ozaki sizeof(struct ah) + sizeof(uint32_t) + ah_max_authsize;
1342 1.73 ozaki ah_tdb_crypto_pool_cache = pool_cache_init(ah_pool_item_size,
1343 1.73 ozaki coherency_unit, 0, 0, "ah_tdb_crypto", NULL, IPL_SOFTNET,
1344 1.73 ozaki NULL, NULL, NULL);
1345 1.68 ozaki
1346 1.1 jonathan xform_register(&ah_xformsw);
1347 1.1 jonathan }
1348