esp.c 19 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940
  1. /*
  2. * Encapsulating Security Payload for IPsec for IPv4, rfc1827.
  3. * currently only implements tunnel mode.
  4. * TODO: update to match rfc4303.
  5. */
  6. #include "u.h"
  7. #include "../port/lib.h"
  8. #include "mem.h"
  9. #include "dat.h"
  10. #include "fns.h"
  11. #include "../port/error.h"
  12. #include "ip.h"
  13. #include "ipv6.h"
  14. #include "libsec.h"
  15. typedef struct Esphdr Esphdr;
  16. typedef struct Esp4hdr Esp4hdr;
  17. typedef struct Esp6hdr Esp6hdr;
  18. typedef struct Esptail Esptail;
  19. typedef struct Userhdr Userhdr;
  20. typedef struct Esppriv Esppriv;
  21. typedef struct Espcb Espcb;
  22. typedef struct Algorithm Algorithm;
  23. enum
  24. {
  25. IP_ESPPROTO = 50, /* IP v4 and v6 protocol number */
  26. Esp4hdrlen = IP4HDR + 8,
  27. Esp6hdrlen = IP6HDR + 8,
  28. Esptaillen = 2, /* does not include pad or auth data */
  29. Userhdrlen = 4, /* user-visible header size - if enabled */
  30. };
  31. struct Esphdr
  32. {
  33. uchar espspi[4]; /* Security parameter index */
  34. uchar espseq[4]; /* Sequence number */
  35. };
  36. /*
  37. * tunnel-mode layout: IP | ESP | TCP/UDP | user data.
  38. * transport-mode layout is: ESP | IP | TCP/UDP | user data.
  39. */
  40. struct Esp4hdr
  41. {
  42. /* ipv4 header */
  43. uchar vihl; /* Version and header length */
  44. uchar tos; /* Type of service */
  45. uchar length[2]; /* packet length */
  46. uchar id[2]; /* Identification */
  47. uchar frag[2]; /* Fragment information */
  48. uchar Unused;
  49. uchar espproto; /* Protocol */
  50. uchar espplen[2]; /* Header plus data length */
  51. uchar espsrc[4]; /* Ip source */
  52. uchar espdst[4]; /* Ip destination */
  53. Esphdr;
  54. };
  55. /* tunnel-mode layout */
  56. struct Esp6hdr
  57. {
  58. Ip6hdr;
  59. Esphdr;
  60. };
  61. struct Esptail
  62. {
  63. uchar pad;
  64. uchar nexthdr;
  65. };
  66. /* header as seen by the user */
  67. struct Userhdr
  68. {
  69. uchar nexthdr; /* next protocol */
  70. uchar unused[3];
  71. };
  72. struct Esppriv
  73. {
  74. ulong in;
  75. ulong inerrors;
  76. };
  77. /*
  78. * protocol specific part of Conv
  79. */
  80. struct Espcb
  81. {
  82. int incoming;
  83. int header; /* user user level header */
  84. ulong spi;
  85. ulong seq; /* last seq sent */
  86. ulong window; /* for replay attacks */
  87. char *espalg;
  88. void *espstate; /* other state for esp */
  89. int espivlen; /* in bytes */
  90. int espblklen;
  91. int (*cipher)(Espcb*, uchar *buf, int len);
  92. char *ahalg;
  93. void *ahstate; /* other state for esp */
  94. int ahlen; /* auth data length in bytes */
  95. int ahblklen;
  96. int (*auth)(Espcb*, uchar *buf, int len, uchar *hash);
  97. };
  98. struct Algorithm
  99. {
  100. char *name;
  101. int keylen; /* in bits */
  102. void (*init)(Espcb*, char* name, uchar *key, int keylen);
  103. };
  104. static Conv* convlookup(Proto *esp, ulong spi);
  105. static char *setalg(Espcb *ecb, char **f, int n, Algorithm *alg);
  106. static void espkick(void *x);
  107. static void nullespinit(Espcb*, char*, uchar *key, int keylen);
  108. static void desespinit(Espcb *ecb, char *name, uchar *k, int n);
  109. static void nullahinit(Espcb*, char*, uchar *key, int keylen);
  110. static void shaahinit(Espcb*, char*, uchar *key, int keylen);
  111. static void md5ahinit(Espcb*, char*, uchar *key, int keylen);
  112. static Algorithm espalg[] =
  113. {
  114. "null", 0, nullespinit,
  115. // "des3_cbc", 192, des3espinit, /* rfc2451 */
  116. // "aes_128_cbc", 128, aescbcespinit, /* rfc3602 */
  117. // "aes_ctr", 128, aesctrespinit, /* rfc3686 */
  118. "des_56_cbc", 64, desespinit, /* rfc2405, deprecated */
  119. // "rc4_128", 128, rc4espinit, /* gone in rfc4305 */
  120. nil, 0, nil,
  121. };
  122. static Algorithm ahalg[] =
  123. {
  124. "null", 0, nullahinit,
  125. "hmac_sha1_96", 128, shaahinit, /* rfc2404 */
  126. // "aes_xcbc_mac_96", 128, aesahinit, /* rfc3566 */
  127. "hmac_md5_96", 128, md5ahinit, /* rfc2403 */
  128. nil, 0, nil,
  129. };
  130. static char*
  131. espconnect(Conv *c, char **argv, int argc)
  132. {
  133. char *p, *pp;
  134. char *e = nil;
  135. ulong spi;
  136. Espcb *ecb = (Espcb*)c->ptcl;
  137. switch(argc) {
  138. default:
  139. e = "bad args to connect";
  140. break;
  141. case 2:
  142. p = strchr(argv[1], '!');
  143. if(p == nil){
  144. e = "malformed address";
  145. break;
  146. }
  147. *p++ = 0;
  148. parseip(c->raddr, argv[1]);
  149. findlocalip(c->p->f, c->laddr, c->raddr);
  150. ecb->incoming = 0;
  151. ecb->seq = 0;
  152. if(strcmp(p, "*") == 0) {
  153. qlock(c->p);
  154. for(;;) {
  155. spi = nrand(1<<16) + 256;
  156. if(convlookup(c->p, spi) == nil)
  157. break;
  158. }
  159. qunlock(c->p);
  160. ecb->spi = spi;
  161. ecb->incoming = 1;
  162. qhangup(c->wq, nil);
  163. } else {
  164. spi = strtoul(p, &pp, 10);
  165. if(pp == p) {
  166. e = "malformed address";
  167. break;
  168. }
  169. ecb->spi = spi;
  170. qhangup(c->rq, nil);
  171. }
  172. nullespinit(ecb, "null", nil, 0);
  173. nullahinit(ecb, "null", nil, 0);
  174. }
  175. Fsconnected(c, e);
  176. return e;
  177. }
  178. static int
  179. espstate(Conv *c, char *state, int n)
  180. {
  181. return snprint(state, n, "%s", c->inuse?"Open\n":"Closed\n");
  182. }
  183. static void
  184. espcreate(Conv *c)
  185. {
  186. c->rq = qopen(64*1024, Qmsg, 0, 0);
  187. c->wq = qopen(64*1024, Qkick, espkick, c);
  188. }
  189. static void
  190. espclose(Conv *c)
  191. {
  192. Espcb *ecb;
  193. qclose(c->rq);
  194. qclose(c->wq);
  195. qclose(c->eq);
  196. ipmove(c->laddr, IPnoaddr);
  197. ipmove(c->raddr, IPnoaddr);
  198. ecb = (Espcb*)c->ptcl;
  199. free(ecb->espstate);
  200. free(ecb->ahstate);
  201. memset(ecb, 0, sizeof(Espcb));
  202. }
  203. static int
  204. ipvers(Conv *c)
  205. {
  206. if((memcmp(c->raddr, v4prefix, IPv4off) == 0 &&
  207. memcmp(c->laddr, v4prefix, IPv4off) == 0) ||
  208. ipcmp(c->raddr, IPnoaddr) == 0)
  209. return V4;
  210. else
  211. return V6;
  212. }
  213. static void
  214. espkick(void *x)
  215. {
  216. Conv *c = x;
  217. Esp4hdr *eh4;
  218. Esp6hdr *eh6;
  219. Esptail *et;
  220. Userhdr *uh;
  221. Espcb *ecb;
  222. Block *bp;
  223. int nexthdr, payload, pad, align, version, hdrlen, iphdrlen;
  224. uchar *auth;
  225. version = ipvers(c);
  226. iphdrlen = version == V4? IP4HDR: IP6HDR;
  227. hdrlen = version == V4? Esp4hdrlen: Esp6hdrlen;
  228. bp = qget(c->wq);
  229. if(bp == nil)
  230. return;
  231. qlock(c);
  232. ecb = c->ptcl;
  233. if(ecb->header) {
  234. /* make sure the message has a User header */
  235. bp = pullupblock(bp, Userhdrlen);
  236. if(bp == nil) {
  237. qunlock(c);
  238. return;
  239. }
  240. uh = (Userhdr*)bp->rp;
  241. nexthdr = uh->nexthdr;
  242. bp->rp += Userhdrlen;
  243. } else {
  244. nexthdr = 0; /* what should this be? */
  245. }
  246. payload = BLEN(bp) + ecb->espivlen;
  247. /* Make space to fit ip header */
  248. bp = padblock(bp, hdrlen + ecb->espivlen);
  249. align = 4;
  250. if(ecb->espblklen > align)
  251. align = ecb->espblklen;
  252. if(align % ecb->ahblklen != 0)
  253. panic("espkick: ahblklen is important after all");
  254. pad = (align-1) - (payload + Esptaillen-1)%align;
  255. /*
  256. * Make space for tail
  257. * this is done by calling padblock with a negative size
  258. * Padblock does not change bp->wp!
  259. */
  260. bp = padblock(bp, -(pad+Esptaillen+ecb->ahlen));
  261. bp->wp += pad+Esptaillen+ecb->ahlen;
  262. eh4 = (Esp4hdr *)bp->rp;
  263. eh6 = (Esp6hdr *)bp->rp;
  264. et = (Esptail*)(bp->rp + hdrlen + payload + pad);
  265. /* fill in tail */
  266. et->pad = pad;
  267. et->nexthdr = nexthdr;
  268. ecb->cipher(ecb, bp->rp + hdrlen, payload + pad + Esptaillen);
  269. auth = bp->rp + hdrlen + payload + pad + Esptaillen;
  270. /* fill in head */
  271. if (version == V4) {
  272. eh4->vihl = IP_VER4;
  273. hnputl(eh4->espspi, ecb->spi);
  274. hnputl(eh4->espseq, ++ecb->seq);
  275. v6tov4(eh4->espsrc, c->laddr);
  276. v6tov4(eh4->espdst, c->raddr);
  277. eh4->espproto = IP_ESPPROTO;
  278. eh4->frag[0] = 0;
  279. eh4->frag[1] = 0;
  280. } else {
  281. eh6->vcf[0] = IP_VER6;
  282. hnputl(eh6->espspi, ecb->spi);
  283. hnputl(eh6->espseq, ++ecb->seq);
  284. ipmove(eh6->src, c->laddr);
  285. ipmove(eh6->dst, c->raddr);
  286. eh6->proto = IP_ESPPROTO;
  287. }
  288. ecb->auth(ecb, bp->rp + iphdrlen, (hdrlen - iphdrlen) +
  289. payload + pad + Esptaillen, auth);
  290. qunlock(c);
  291. /* print("esp: pass down: %uld\n", BLEN(bp)); */
  292. if (version == V4)
  293. ipoput4(c->p->f, bp, 0, c->ttl, c->tos, c);
  294. else
  295. ipoput6(c->p->f, bp, 0, c->ttl, c->tos, c);
  296. }
  297. void
  298. espiput(Proto *esp, Ipifc*, Block *bp)
  299. {
  300. Esp4hdr *eh4;
  301. Esp6hdr *eh6;
  302. Esptail *et;
  303. Userhdr *uh;
  304. Conv *c;
  305. Espcb *ecb;
  306. uchar raddr[IPaddrlen], laddr[IPaddrlen];
  307. Fs *f;
  308. uchar *auth, *espspi;
  309. ulong spi;
  310. int payload, nexthdr, version, hdrlen;
  311. f = esp->f;
  312. if (bp == nil || BLEN(bp) == 0) {
  313. /* get enough to identify the IP version */
  314. bp = pullupblock(bp, IP4HDR);
  315. if(bp == nil) {
  316. netlog(f, Logesp, "esp: short packet\n");
  317. return;
  318. }
  319. }
  320. eh4 = (Esp4hdr*)bp->rp;
  321. version = ((eh4->vihl & 0xf0) == IP_VER4? V4: V6);
  322. hdrlen = version == V4? Esp4hdrlen: Esp6hdrlen;
  323. bp = pullupblock(bp, hdrlen + Esptaillen);
  324. if(bp == nil) {
  325. netlog(f, Logesp, "esp: short packet\n");
  326. return;
  327. }
  328. if (version == V4) {
  329. eh4 = (Esp4hdr*)bp->rp;
  330. spi = nhgetl(eh4->espspi);
  331. v4tov6(raddr, eh4->espsrc);
  332. v4tov6(laddr, eh4->espdst);
  333. } else {
  334. eh6 = (Esp6hdr*)bp->rp;
  335. spi = nhgetl(eh6->espspi);
  336. ipmove(raddr, eh6->src);
  337. ipmove(laddr, eh6->dst);
  338. }
  339. qlock(esp);
  340. /* Look for a conversation structure for this port */
  341. c = convlookup(esp, spi);
  342. if(c == nil) {
  343. qunlock(esp);
  344. netlog(f, Logesp, "esp: no conv %I -> %I!%d\n", raddr,
  345. laddr, spi);
  346. icmpnoconv(f, bp);
  347. freeblist(bp);
  348. return;
  349. }
  350. qlock(c);
  351. qunlock(esp);
  352. ecb = c->ptcl;
  353. /* too hard to do decryption/authentication on block lists */
  354. if(bp->next)
  355. bp = concatblock(bp);
  356. if(BLEN(bp) < hdrlen + ecb->espivlen + Esptaillen + ecb->ahlen) {
  357. qunlock(c);
  358. netlog(f, Logesp, "esp: short block %I -> %I!%d\n", raddr,
  359. laddr, spi);
  360. freeb(bp);
  361. return;
  362. }
  363. auth = bp->wp - ecb->ahlen;
  364. espspi = version == V4? ((Esp4hdr*)bp->rp)->espspi:
  365. ((Esp6hdr*)bp->rp)->espspi;
  366. if(!ecb->auth(ecb, espspi, auth - espspi, auth)) {
  367. qunlock(c);
  368. print("esp: bad auth %I -> %I!%ld\n", raddr, laddr, spi);
  369. netlog(f, Logesp, "esp: bad auth %I -> %I!%d\n", raddr,
  370. laddr, spi);
  371. freeb(bp);
  372. return;
  373. }
  374. payload = BLEN(bp) - hdrlen - ecb->ahlen;
  375. if(payload <= 0 || payload % 4 != 0 || payload % ecb->espblklen != 0) {
  376. qunlock(c);
  377. netlog(f, Logesp, "esp: bad length %I -> %I!%d payload=%d BLEN=%d\n",
  378. raddr, laddr, spi, payload, BLEN(bp));
  379. freeb(bp);
  380. return;
  381. }
  382. if(!ecb->cipher(ecb, bp->rp + hdrlen, payload)) {
  383. qunlock(c);
  384. print("esp: cipher failed %I -> %I!%ld: %s\n", raddr, laddr, spi, up->errstr);
  385. netlog(f, Logesp, "esp: cipher failed %I -> %I!%d: %s\n", raddr,
  386. laddr, spi, up->errstr);
  387. freeb(bp);
  388. return;
  389. }
  390. payload -= Esptaillen;
  391. et = (Esptail*)(bp->rp + hdrlen + payload);
  392. payload -= et->pad + ecb->espivlen;
  393. nexthdr = et->nexthdr;
  394. if(payload <= 0) {
  395. qunlock(c);
  396. netlog(f, Logesp, "esp: short packet after decrypt %I -> %I!%d\n",
  397. raddr, laddr, spi);
  398. freeb(bp);
  399. return;
  400. }
  401. /* trim packet */
  402. bp->rp += hdrlen + ecb->espivlen;
  403. bp->wp = bp->rp + payload;
  404. if(ecb->header) {
  405. /* assume Userhdrlen < Esp4hdrlen < Esp6hdrlen */
  406. bp->rp -= Userhdrlen;
  407. uh = (Userhdr*)bp->rp;
  408. memset(uh, 0, Userhdrlen);
  409. uh->nexthdr = nexthdr;
  410. }
  411. if(qfull(c->rq)){
  412. netlog(f, Logesp, "esp: qfull %I -> %I.%uld\n", raddr,
  413. laddr, spi);
  414. freeblist(bp);
  415. }else {
  416. // print("esp: pass up: %uld\n", BLEN(bp));
  417. qpass(c->rq, bp);
  418. }
  419. qunlock(c);
  420. }
  421. char*
  422. espctl(Conv *c, char **f, int n)
  423. {
  424. Espcb *ecb = c->ptcl;
  425. char *e = nil;
  426. if(strcmp(f[0], "esp") == 0)
  427. e = setalg(ecb, f, n, espalg);
  428. else if(strcmp(f[0], "ah") == 0)
  429. e = setalg(ecb, f, n, ahalg);
  430. else if(strcmp(f[0], "header") == 0)
  431. ecb->header = 1;
  432. else if(strcmp(f[0], "noheader") == 0)
  433. ecb->header = 0;
  434. else
  435. e = "unknown control request";
  436. return e;
  437. }
  438. void
  439. espadvise(Proto *esp, Block *bp, char *msg)
  440. {
  441. Esp4hdr *h;
  442. Conv *c;
  443. ulong spi;
  444. h = (Esp4hdr*)(bp->rp);
  445. spi = nhgets(h->espspi);
  446. qlock(esp);
  447. c = convlookup(esp, spi);
  448. if(c != nil) {
  449. qhangup(c->rq, msg);
  450. qhangup(c->wq, msg);
  451. }
  452. qunlock(esp);
  453. freeblist(bp);
  454. }
  455. int
  456. espstats(Proto *esp, char *buf, int len)
  457. {
  458. Esppriv *upriv;
  459. upriv = esp->priv;
  460. return snprint(buf, len, "%lud %lud\n",
  461. upriv->in,
  462. upriv->inerrors);
  463. }
  464. static int
  465. esplocal(Conv *c, char *buf, int len)
  466. {
  467. Espcb *ecb = c->ptcl;
  468. int n;
  469. qlock(c);
  470. if(ecb->incoming)
  471. n = snprint(buf, len, "%I!%uld\n", c->laddr, ecb->spi);
  472. else
  473. n = snprint(buf, len, "%I\n", c->laddr);
  474. qunlock(c);
  475. return n;
  476. }
  477. static int
  478. espremote(Conv *c, char *buf, int len)
  479. {
  480. Espcb *ecb = c->ptcl;
  481. int n;
  482. qlock(c);
  483. if(ecb->incoming)
  484. n = snprint(buf, len, "%I\n", c->raddr);
  485. else
  486. n = snprint(buf, len, "%I!%uld\n", c->raddr, ecb->spi);
  487. qunlock(c);
  488. return n;
  489. }
  490. static Conv*
  491. convlookup(Proto *esp, ulong spi)
  492. {
  493. Conv *c, **p;
  494. Espcb *ecb;
  495. for(p=esp->conv; *p; p++){
  496. c = *p;
  497. ecb = c->ptcl;
  498. if(ecb->incoming && ecb->spi == spi)
  499. return c;
  500. }
  501. return nil;
  502. }
  503. static char *
  504. setalg(Espcb *ecb, char **f, int n, Algorithm *alg)
  505. {
  506. uchar *key;
  507. int c, i, nbyte, nchar;
  508. if(n < 2)
  509. return "bad format";
  510. for(; alg->name; alg++)
  511. if(strcmp(f[1], alg->name) == 0)
  512. break;
  513. if(alg->name == nil)
  514. return "unknown algorithm";
  515. if(n != 3)
  516. return "bad format";
  517. nbyte = (alg->keylen + 7) >> 3;
  518. nchar = strlen(f[2]);
  519. for(i=0; i<nchar; i++) {
  520. c = f[2][i];
  521. if(c >= '0' && c <= '9')
  522. f[2][i] -= '0';
  523. else if(c >= 'a' && c <= 'f')
  524. f[2][i] -= 'a'-10;
  525. else if(c >= 'A' && c <= 'F')
  526. f[2][i] -= 'A'-10;
  527. else
  528. return "bad character in key";
  529. }
  530. key = smalloc(nbyte);
  531. for(i=0; i<nchar && i*2<nbyte; i++) {
  532. c = f[2][nchar-i-1];
  533. if(i&1)
  534. c <<= 4;
  535. key[i>>1] |= c;
  536. }
  537. alg->init(ecb, alg->name, key, alg->keylen);
  538. free(key);
  539. return nil;
  540. }
  541. static int
  542. nullcipher(Espcb*, uchar*, int)
  543. {
  544. return 1;
  545. }
  546. static void
  547. nullespinit(Espcb *ecb, char *name, uchar*, int)
  548. {
  549. ecb->espalg = name;
  550. ecb->espblklen = 1;
  551. ecb->espivlen = 0;
  552. ecb->cipher = nullcipher;
  553. }
  554. static int
  555. nullauth(Espcb*, uchar*, int, uchar*)
  556. {
  557. return 1;
  558. }
  559. static void
  560. nullahinit(Espcb *ecb, char *name, uchar*, int)
  561. {
  562. ecb->ahalg = name;
  563. ecb->ahblklen = 1;
  564. ecb->ahlen = 0;
  565. ecb->auth = nullauth;
  566. }
  567. void
  568. seanq_hmac_sha1(uchar hash[SHA1dlen], uchar *t, long tlen, uchar *key, long klen)
  569. {
  570. uchar ipad[65], opad[65];
  571. int i;
  572. DigestState *digest;
  573. uchar innerhash[SHA1dlen];
  574. for(i=0; i<64; i++){
  575. ipad[i] = 0x36;
  576. opad[i] = 0x5c;
  577. }
  578. ipad[64] = opad[64] = 0;
  579. for(i=0; i<klen; i++){
  580. ipad[i] ^= key[i];
  581. opad[i] ^= key[i];
  582. }
  583. digest = sha1(ipad, 64, nil, nil);
  584. sha1(t, tlen, innerhash, digest);
  585. digest = sha1(opad, 64, nil, nil);
  586. sha1(innerhash, SHA1dlen, hash, digest);
  587. }
  588. static int
  589. shaauth(Espcb *ecb, uchar *t, int tlen, uchar *auth)
  590. {
  591. uchar hash[SHA1dlen];
  592. int r;
  593. memset(hash, 0, SHA1dlen);
  594. seanq_hmac_sha1(hash, t, tlen, (uchar*)ecb->ahstate, 16);
  595. r = memcmp(auth, hash, ecb->ahlen) == 0;
  596. memmove(auth, hash, ecb->ahlen);
  597. return r;
  598. }
  599. static void
  600. shaahinit(Espcb *ecb, char *name, uchar *key, int klen)
  601. {
  602. if(klen != 128)
  603. panic("shaahinit: bad keylen");
  604. klen >>= 8; /* convert to bytes */
  605. ecb->ahalg = name;
  606. ecb->ahblklen = 1;
  607. ecb->ahlen = 12;
  608. ecb->auth = shaauth;
  609. ecb->ahstate = smalloc(klen);
  610. memmove(ecb->ahstate, key, klen);
  611. }
  612. void
  613. seanq_hmac_md5(uchar hash[MD5dlen], uchar *t, long tlen, uchar *key, long klen)
  614. {
  615. uchar ipad[65], opad[65];
  616. int i;
  617. DigestState *digest;
  618. uchar innerhash[MD5dlen];
  619. for(i=0; i<64; i++){
  620. ipad[i] = 0x36;
  621. opad[i] = 0x5c;
  622. }
  623. ipad[64] = opad[64] = 0;
  624. for(i=0; i<klen; i++){
  625. ipad[i] ^= key[i];
  626. opad[i] ^= key[i];
  627. }
  628. digest = md5(ipad, 64, nil, nil);
  629. md5(t, tlen, innerhash, digest);
  630. digest = md5(opad, 64, nil, nil);
  631. md5(innerhash, MD5dlen, hash, digest);
  632. }
  633. static int
  634. md5auth(Espcb *ecb, uchar *t, int tlen, uchar *auth)
  635. {
  636. uchar hash[MD5dlen];
  637. int r;
  638. memset(hash, 0, MD5dlen);
  639. seanq_hmac_md5(hash, t, tlen, (uchar*)ecb->ahstate, 16);
  640. r = memcmp(auth, hash, ecb->ahlen) == 0;
  641. memmove(auth, hash, ecb->ahlen);
  642. return r;
  643. }
  644. static void
  645. md5ahinit(Espcb *ecb, char *name, uchar *key, int klen)
  646. {
  647. if(klen != 128)
  648. panic("md5ahinit: bad keylen");
  649. klen >>= 3; /* convert to bytes */
  650. ecb->ahalg = name;
  651. ecb->ahblklen = 1;
  652. ecb->ahlen = 12;
  653. ecb->auth = md5auth;
  654. ecb->ahstate = smalloc(klen);
  655. memmove(ecb->ahstate, key, klen);
  656. }
  657. static int
  658. descipher(Espcb *ecb, uchar *p, int n)
  659. {
  660. uchar tmp[8];
  661. uchar *pp, *tp, *ip, *eip, *ep;
  662. DESstate *ds = ecb->espstate;
  663. ep = p + n;
  664. if(ecb->incoming) {
  665. memmove(ds->ivec, p, 8);
  666. p += 8;
  667. while(p < ep){
  668. memmove(tmp, p, 8);
  669. block_cipher(ds->expanded, p, 1);
  670. tp = tmp;
  671. ip = ds->ivec;
  672. for(eip = ip+8; ip < eip; ){
  673. *p++ ^= *ip;
  674. *ip++ = *tp++;
  675. }
  676. }
  677. } else {
  678. memmove(p, ds->ivec, 8);
  679. for(p += 8; p < ep; p += 8){
  680. pp = p;
  681. ip = ds->ivec;
  682. for(eip = ip+8; ip < eip; )
  683. *pp++ ^= *ip++;
  684. block_cipher(ds->expanded, p, 0);
  685. memmove(ds->ivec, p, 8);
  686. }
  687. }
  688. return 1;
  689. }
  690. static void
  691. desespinit(Espcb *ecb, char *name, uchar *k, int n)
  692. {
  693. uchar key[8], ivec[8];
  694. int i;
  695. /* bits to bytes */
  696. n = (n+7)>>3;
  697. if(n > 8)
  698. n = 8;
  699. memset(key, 0, sizeof(key));
  700. memmove(key, k, n);
  701. for(i=0; i<8; i++)
  702. ivec[i] = nrand(256);
  703. ecb->espalg = name;
  704. ecb->espblklen = 8;
  705. ecb->espivlen = 8;
  706. ecb->cipher = descipher;
  707. ecb->espstate = smalloc(sizeof(DESstate));
  708. setupDESstate(ecb->espstate, key, ivec);
  709. }
  710. void
  711. espinit(Fs *fs)
  712. {
  713. Proto *esp;
  714. esp = smalloc(sizeof(Proto));
  715. esp->priv = smalloc(sizeof(Esppriv));
  716. esp->name = "esp";
  717. esp->connect = espconnect;
  718. esp->announce = nil;
  719. esp->ctl = espctl;
  720. esp->state = espstate;
  721. esp->create = espcreate;
  722. esp->close = espclose;
  723. esp->rcv = espiput;
  724. esp->advise = espadvise;
  725. esp->stats = espstats;
  726. esp->local = esplocal;
  727. esp->remote = espremote;
  728. esp->ipproto = IP_ESPPROTO;
  729. esp->nc = Nchans;
  730. esp->ptclsize = sizeof(Espcb);
  731. Fsproto(fs, esp);
  732. }
  733. #ifdef notdef
  734. enum {
  735. RC4forward= 10*1024*1024, /* maximum skip forward */
  736. RC4back = 100*1024, /* maximum look back */
  737. };
  738. typedef struct Esprc4 Esprc4;
  739. struct Esprc4
  740. {
  741. ulong cseq; /* current byte sequence number */
  742. RC4state current;
  743. int ovalid; /* old is valid */
  744. ulong lgseq; /* last good sequence */
  745. ulong oseq; /* old byte sequence number */
  746. RC4state old;
  747. };
  748. static void rc4espinit(Espcb *ecb, char *name, uchar *k, int n);
  749. static int
  750. rc4cipher(Espcb *ecb, uchar *p, int n)
  751. {
  752. Esprc4 *esprc4;
  753. RC4state tmpstate;
  754. ulong seq;
  755. long d, dd;
  756. if(n < 4)
  757. return 0;
  758. esprc4 = ecb->espstate;
  759. if(ecb->incoming) {
  760. seq = nhgetl(p);
  761. p += 4;
  762. n -= 4;
  763. d = seq-esprc4->cseq;
  764. if(d == 0) {
  765. rc4(&esprc4->current, p, n);
  766. esprc4->cseq += n;
  767. if(esprc4->ovalid) {
  768. dd = esprc4->cseq - esprc4->lgseq;
  769. if(dd > RC4back)
  770. esprc4->ovalid = 0;
  771. }
  772. } else if(d > 0) {
  773. print("esp rc4cipher: missing packet: %uld %ld\n", seq, d); /* this link is hosed */
  774. if(d > RC4forward) {
  775. strcpy(up->errstr, "rc4cipher: skipped too much");
  776. return 0;
  777. }
  778. esprc4->lgseq = seq;
  779. if(!esprc4->ovalid) {
  780. esprc4->ovalid = 1;
  781. esprc4->oseq = esprc4->cseq;
  782. memmove(&esprc4->old, &esprc4->current,
  783. sizeof(RC4state));
  784. }
  785. rc4skip(&esprc4->current, d);
  786. rc4(&esprc4->current, p, n);
  787. esprc4->cseq = seq+n;
  788. } else {
  789. print("esp rc4cipher: reordered packet: %uld %ld\n", seq, d);
  790. dd = seq - esprc4->oseq;
  791. if(!esprc4->ovalid || -d > RC4back || dd < 0) {
  792. strcpy(up->errstr, "rc4cipher: too far back");
  793. return 0;
  794. }
  795. memmove(&tmpstate, &esprc4->old, sizeof(RC4state));
  796. rc4skip(&tmpstate, dd);
  797. rc4(&tmpstate, p, n);
  798. return 1;
  799. }
  800. /* move old state up */
  801. if(esprc4->ovalid) {
  802. dd = esprc4->cseq - RC4back - esprc4->oseq;
  803. if(dd > 0) {
  804. rc4skip(&esprc4->old, dd);
  805. esprc4->oseq += dd;
  806. }
  807. }
  808. } else {
  809. hnputl(p, esprc4->cseq);
  810. p += 4;
  811. n -= 4;
  812. rc4(&esprc4->current, p, n);
  813. esprc4->cseq += n;
  814. }
  815. return 1;
  816. }
  817. static void
  818. rc4espinit(Espcb *ecb, char *name, uchar *k, int n)
  819. {
  820. Esprc4 *esprc4;
  821. /* bits to bytes */
  822. n = (n+7)>>3;
  823. esprc4 = smalloc(sizeof(Esprc4));
  824. memset(esprc4, 0, sizeof(Esprc4));
  825. setupRC4state(&esprc4->current, k, n);
  826. ecb->espalg = name;
  827. ecb->espblklen = 4;
  828. ecb->espivlen = 4;
  829. ecb->cipher = rc4cipher;
  830. ecb->espstate = esprc4;
  831. }
  832. #endif