12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112 |
- /*
- * Encapsulating Security Payload for IPsec for IPv4, rfc1827.
- * extended to IPv6.
- * rfc2104 defines hmac computation.
- * currently only implements tunnel mode.
- * TODO: verify aes algorithms;
- * transport mode (host-to-host)
- */
- #include "u.h"
- #include "../port/lib.h"
- #include "mem.h"
- #include "dat.h"
- #include "fns.h"
- #include "../port/error.h"
- #include "ip.h"
- #include "ipv6.h"
- #include "libsec.h"
- #define BITS2BYTES(bi) (((bi) + BI2BY - 1) / BI2BY)
- #define BYTES2BITS(by) ((by) * BI2BY)
- typedef struct Algorithm Algorithm;
- typedef struct Esp4hdr Esp4hdr;
- typedef struct Esp6hdr Esp6hdr;
- typedef struct Espcb Espcb;
- typedef struct Esphdr Esphdr;
- typedef struct Esppriv Esppriv;
- typedef struct Esptail Esptail;
- typedef struct Userhdr Userhdr;
- enum {
- Encrypt,
- Decrypt,
- IP_ESPPROTO = 50, /* IP v4 and v6 protocol number */
- Esp4hdrlen = IP4HDR + 8,
- Esp6hdrlen = IP6HDR + 8,
- Esptaillen = 2, /* does not include pad or auth data */
- Userhdrlen = 4, /* user-visible header size - if enabled */
- Desblk = BITS2BYTES(64),
- Des3keysz = BITS2BYTES(192),
- Aesblk = BITS2BYTES(128),
- Aeskeysz = BITS2BYTES(128),
- };
- struct Esphdr
- {
- uchar espspi[4]; /* Security parameter index */
- uchar espseq[4]; /* Sequence number */
- uchar payload[];
- };
- /*
- * tunnel-mode (network-to-network, etc.) layout is:
- * new IP hdrs | ESP hdr |
- * enc { orig IP hdrs | TCP/UDP hdr | user data | ESP trailer } | ESP ICV
- *
- * transport-mode (host-to-host) layout would be:
- * orig IP hdrs | ESP hdr |
- * enc { TCP/UDP hdr | user data | ESP trailer } | ESP ICV
- */
- struct Esp4hdr
- {
- /* ipv4 header */
- uchar vihl; /* Version and header length */
- uchar tos; /* Type of service */
- uchar length[2]; /* packet length */
- uchar id[2]; /* Identification */
- uchar frag[2]; /* Fragment information */
- uchar Unused;
- uchar espproto; /* Protocol */
- uchar espplen[2]; /* Header plus data length */
- uchar espsrc[4]; /* Ip source */
- uchar espdst[4]; /* Ip destination */
- Esphdr;
- };
- /* tunnel-mode layout */
- struct Esp6hdr
- {
- IPV6HDR;
- Esphdr;
- };
- struct Esptail
- {
- uchar pad;
- uchar nexthdr;
- };
- /* IP-version-dependent data */
- typedef struct Versdep Versdep;
- struct Versdep
- {
- ulong version;
- ulong iphdrlen;
- ulong hdrlen; /* iphdrlen + esp hdr len */
- ulong spi;
- uchar laddr[IPaddrlen];
- uchar raddr[IPaddrlen];
- };
- /* header as seen by the user */
- struct Userhdr
- {
- uchar nexthdr; /* next protocol */
- uchar unused[3];
- };
- struct Esppriv
- {
- uvlong in;
- ulong inerrors;
- };
- /*
- * protocol specific part of Conv
- */
- struct Espcb
- {
- int incoming;
- int header; /* user-level header */
- ulong spi;
- ulong seq; /* last seq sent */
- ulong window; /* for replay attacks */
- char *espalg;
- void *espstate; /* other state for esp */
- int espivlen; /* in bytes */
- int espblklen;
- int (*cipher)(Espcb*, uchar *buf, int len);
- char *ahalg;
- void *ahstate; /* other state for esp */
- int ahlen; /* auth data length in bytes */
- int ahblklen;
- int (*auth)(Espcb*, uchar *buf, int len, uchar *hash);
- DigestState *ds;
- };
- struct Algorithm
- {
- char *name;
- int keylen; /* in bits */
- void (*init)(Espcb*, char* name, uchar *key, unsigned keylen);
- };
- static Conv* convlookup(Proto *esp, ulong spi);
- static char *setalg(Espcb *ecb, char **f, int n, Algorithm *alg);
- static void espkick(void *x);
- static void nullespinit(Espcb*, char*, uchar *key, unsigned keylen);
- static void des3espinit(Espcb*, char*, uchar *key, unsigned keylen);
- static void aescbcespinit(Espcb*, char*, uchar *key, unsigned keylen);
- static void aesctrespinit(Espcb*, char*, uchar *key, unsigned keylen);
- static void desespinit(Espcb *ecb, char *name, uchar *k, unsigned n);
- static void nullahinit(Espcb*, char*, uchar *key, unsigned keylen);
- static void shaahinit(Espcb*, char*, uchar *key, unsigned keylen);
- static void aesahinit(Espcb*, char*, uchar *key, unsigned keylen);
- static void md5ahinit(Espcb*, char*, uchar *key, unsigned keylen);
- static Algorithm espalg[] =
- {
- "null", 0, nullespinit,
- "des3_cbc", 192, des3espinit, /* new rfc2451, des-ede3 */
- "aes_128_cbc", 128, aescbcespinit, /* new rfc3602 */
- "aes_ctr", 128, aesctrespinit, /* new rfc3686 */
- "des_56_cbc", 64, desespinit, /* rfc2405, deprecated */
- /* rc4 was never required, was used in original bandt */
- // "rc4_128", 128, rc4espinit,
- nil, 0, nil,
- };
- static Algorithm ahalg[] =
- {
- "null", 0, nullahinit,
- "hmac_sha1_96", 128, shaahinit, /* rfc2404 */
- "aes_xcbc_mac_96", 128, aesahinit, /* new rfc3566 */
- "hmac_md5_96", 128, md5ahinit, /* rfc2403 */
- nil, 0, nil,
- };
- static char*
- espconnect(Conv *c, char **argv, int argc)
- {
- char *p, *pp, *e = nil;
- ulong spi;
- Espcb *ecb = (Espcb*)c->ptcl;
- switch(argc) {
- default:
- e = "bad args to connect";
- break;
- case 2:
- p = strchr(argv[1], '!');
- if(p == nil){
- e = "malformed address";
- break;
- }
- *p++ = 0;
- if (parseip(c->raddr, argv[1]) == -1) {
- e = Ebadip;
- break;
- }
- findlocalip(c->p->f, c->laddr, c->raddr);
- ecb->incoming = 0;
- ecb->seq = 0;
- if(strcmp(p, "*") == 0) {
- qlock(c->p);
- for(;;) {
- spi = nrand(1<<16) + 256;
- if(convlookup(c->p, spi) == nil)
- break;
- }
- qunlock(c->p);
- ecb->spi = spi;
- ecb->incoming = 1;
- qhangup(c->wq, nil);
- } else {
- spi = strtoul(p, &pp, 10);
- if(pp == p) {
- e = "malformed address";
- break;
- }
- ecb->spi = spi;
- qhangup(c->rq, nil);
- }
- nullespinit(ecb, "null", nil, 0);
- nullahinit(ecb, "null", nil, 0);
- }
- Fsconnected(c, e);
- return e;
- }
- static int
- espstate(Conv *c, char *state, int n)
- {
- return snprint(state, n, "%s", c->inuse?"Open\n":"Closed\n");
- }
- static void
- espcreate(Conv *c)
- {
- c->rq = qopen(64*1024, Qmsg, 0, 0);
- c->wq = qopen(64*1024, Qkick, espkick, c);
- }
- static void
- espclose(Conv *c)
- {
- Espcb *ecb;
- qclose(c->rq);
- qclose(c->wq);
- qclose(c->eq);
- ipmove(c->laddr, IPnoaddr);
- ipmove(c->raddr, IPnoaddr);
- ecb = (Espcb*)c->ptcl;
- free(ecb->espstate);
- free(ecb->ahstate);
- memset(ecb, 0, sizeof(Espcb));
- }
- static int
- convipvers(Conv *c)
- {
- if((memcmp(c->raddr, v4prefix, IPv4off) == 0 &&
- memcmp(c->laddr, v4prefix, IPv4off) == 0) ||
- ipcmp(c->raddr, IPnoaddr) == 0)
- return V4;
- else
- return V6;
- }
- static int
- pktipvers(Fs *f, Block **bpp)
- {
- if (*bpp == nil || BLEN(*bpp) == 0) {
- /* get enough to identify the IP version */
- *bpp = pullupblock(*bpp, IP4HDR);
- if(*bpp == nil) {
- netlog(f, Logesp, "esp: short packet\n");
- return 0;
- }
- }
- return (((Esp4hdr*)(*bpp)->rp)->vihl & 0xf0) == IP_VER4? V4: V6;
- }
- static void
- getverslens(int version, Versdep *vp)
- {
- vp->version = version;
- switch(vp->version) {
- case V4:
- vp->iphdrlen = IP4HDR;
- vp->hdrlen = Esp4hdrlen;
- break;
- case V6:
- vp->iphdrlen = IP6HDR;
- vp->hdrlen = Esp6hdrlen;
- break;
- default:
- panic("esp: getverslens version %d wrong", version);
- }
- }
- static void
- getpktspiaddrs(uchar *pkt, Versdep *vp)
- {
- Esp4hdr *eh4;
- Esp6hdr *eh6;
- switch(vp->version) {
- case V4:
- eh4 = (Esp4hdr*)pkt;
- v4tov6(vp->raddr, eh4->espsrc);
- v4tov6(vp->laddr, eh4->espdst);
- vp->spi = nhgetl(eh4->espspi);
- break;
- case V6:
- eh6 = (Esp6hdr*)pkt;
- ipmove(vp->raddr, eh6->src);
- ipmove(vp->laddr, eh6->dst);
- vp->spi = nhgetl(eh6->espspi);
- break;
- default:
- panic("esp: getpktspiaddrs vp->version %ld wrong", vp->version);
- }
- }
- /*
- * encapsulate next IP packet on x's write queue in IP/ESP packet
- * and initiate output of the result.
- */
- static void
- espkick(void *x)
- {
- int nexthdr, payload, pad, align;
- uchar *auth;
- Block *bp;
- Conv *c = x;
- Esp4hdr *eh4;
- Esp6hdr *eh6;
- Espcb *ecb;
- Esptail *et;
- Userhdr *uh;
- Versdep vers;
- getverslens(convipvers(c), &vers);
- bp = qget(c->wq);
- if(bp == nil)
- return;
- qlock(c);
- ecb = c->ptcl;
- if(ecb->header) {
- /* make sure the message has a User header */
- bp = pullupblock(bp, Userhdrlen);
- if(bp == nil) {
- qunlock(c);
- return;
- }
- uh = (Userhdr*)bp->rp;
- nexthdr = uh->nexthdr;
- bp->rp += Userhdrlen;
- } else {
- nexthdr = 0; /* what should this be? */
- }
- payload = BLEN(bp) + ecb->espivlen;
- /* Make space to fit ip header */
- bp = padblock(bp, vers.hdrlen + ecb->espivlen);
- getpktspiaddrs(bp->rp, &vers);
- align = 4;
- if(ecb->espblklen > align)
- align = ecb->espblklen;
- if(align % ecb->ahblklen != 0)
- panic("espkick: ahblklen is important after all");
- pad = (align-1) - (payload + Esptaillen-1)%align;
- /*
- * Make space for tail
- * this is done by calling padblock with a negative size
- * Padblock does not change bp->wp!
- */
- bp = padblock(bp, -(pad+Esptaillen+ecb->ahlen));
- bp->wp += pad+Esptaillen+ecb->ahlen;
- et = (Esptail*)(bp->rp + vers.hdrlen + payload + pad);
- /* fill in tail */
- et->pad = pad;
- et->nexthdr = nexthdr;
- /* encrypt the payload */
- ecb->cipher(ecb, bp->rp + vers.hdrlen, payload + pad + Esptaillen);
- auth = bp->rp + vers.hdrlen + payload + pad + Esptaillen;
- /* fill in head; construct a new IP header and an ESP header */
- if (vers.version == V4) {
- eh4 = (Esp4hdr *)bp->rp;
- eh4->vihl = IP_VER4;
- v6tov4(eh4->espsrc, c->laddr);
- v6tov4(eh4->espdst, c->raddr);
- eh4->espproto = IP_ESPPROTO;
- eh4->frag[0] = 0;
- eh4->frag[1] = 0;
- hnputl(eh4->espspi, ecb->spi);
- hnputl(eh4->espseq, ++ecb->seq);
- } else {
- eh6 = (Esp6hdr *)bp->rp;
- eh6->vcf[0] = IP_VER6;
- ipmove(eh6->src, c->laddr);
- ipmove(eh6->dst, c->raddr);
- eh6->proto = IP_ESPPROTO;
- hnputl(eh6->espspi, ecb->spi);
- hnputl(eh6->espseq, ++ecb->seq);
- }
- /* compute secure hash */
- ecb->auth(ecb, bp->rp + vers.iphdrlen, (vers.hdrlen - vers.iphdrlen) +
- payload + pad + Esptaillen, auth);
- qunlock(c);
- /* print("esp: pass down: %uld\n", BLEN(bp)); */
- if (vers.version == V4)
- ipoput4(c->p->f, bp, 0, c->ttl, c->tos, c);
- else
- ipoput6(c->p->f, bp, 0, c->ttl, c->tos, c);
- }
- /*
- * decapsulate IP packet from IP/ESP packet in bp and
- * pass the result up the spi's Conv's read queue.
- */
- void
- espiput(Proto *esp, Ipifc*, Block *bp)
- {
- int payload, nexthdr;
- uchar *auth, *espspi;
- Conv *c;
- Espcb *ecb;
- Esptail *et;
- Fs *f;
- Userhdr *uh;
- Versdep vers;
- f = esp->f;
- getverslens(pktipvers(f, &bp), &vers);
- bp = pullupblock(bp, vers.hdrlen + Esptaillen);
- if(bp == nil) {
- netlog(f, Logesp, "esp: short packet\n");
- return;
- }
- getpktspiaddrs(bp->rp, &vers);
- qlock(esp);
- /* Look for a conversation structure for this port */
- c = convlookup(esp, vers.spi);
- if(c == nil) {
- qunlock(esp);
- netlog(f, Logesp, "esp: no conv %I -> %I!%lud\n", vers.raddr,
- vers.laddr, vers.spi);
- icmpnoconv(f, bp);
- freeblist(bp);
- return;
- }
- qlock(c);
- qunlock(esp);
- ecb = c->ptcl;
- /* too hard to do decryption/authentication on block lists */
- if(bp->next)
- bp = concatblock(bp);
- if(BLEN(bp) < vers.hdrlen + ecb->espivlen + Esptaillen + ecb->ahlen) {
- qunlock(c);
- netlog(f, Logesp, "esp: short block %I -> %I!%lud\n", vers.raddr,
- vers.laddr, vers.spi);
- freeb(bp);
- return;
- }
- auth = bp->wp - ecb->ahlen;
- espspi = vers.version == V4? ((Esp4hdr*)bp->rp)->espspi:
- ((Esp6hdr*)bp->rp)->espspi;
- /* compute secure hash and authenticate */
- if(!ecb->auth(ecb, espspi, auth - espspi, auth)) {
- qunlock(c);
- print("esp: bad auth %I -> %I!%ld\n", vers.raddr, vers.laddr, vers.spi);
- netlog(f, Logesp, "esp: bad auth %I -> %I!%lud\n", vers.raddr,
- vers.laddr, vers.spi);
- freeb(bp);
- return;
- }
- payload = BLEN(bp) - vers.hdrlen - ecb->ahlen;
- if(payload <= 0 || payload % 4 != 0 || payload % ecb->espblklen != 0) {
- qunlock(c);
- netlog(f, Logesp, "esp: bad length %I -> %I!%lud payload=%d BLEN=%lud\n",
- vers.raddr, vers.laddr, vers.spi, payload, BLEN(bp));
- freeb(bp);
- return;
- }
- /* decrypt payload */
- if(!ecb->cipher(ecb, bp->rp + vers.hdrlen, payload)) {
- qunlock(c);
- print("esp: cipher failed %I -> %I!%ld: %s\n", vers.raddr, vers.laddr, vers.spi, up->errstr);
- netlog(f, Logesp, "esp: cipher failed %I -> %I!%lud: %s\n",
- vers.raddr, vers.laddr, vers.spi, up->errstr);
- freeb(bp);
- return;
- }
- payload -= Esptaillen;
- et = (Esptail*)(bp->rp + vers.hdrlen + payload);
- payload -= et->pad + ecb->espivlen;
- nexthdr = et->nexthdr;
- if(payload <= 0) {
- qunlock(c);
- netlog(f, Logesp, "esp: short packet after decrypt %I -> %I!%lud\n",
- vers.raddr, vers.laddr, vers.spi);
- freeb(bp);
- return;
- }
- /* trim packet */
- bp->rp += vers.hdrlen + ecb->espivlen; /* toss original IP & ESP hdrs */
- bp->wp = bp->rp + payload;
- if(ecb->header) {
- /* assume Userhdrlen < Esp4hdrlen < Esp6hdrlen */
- bp->rp -= Userhdrlen;
- uh = (Userhdr*)bp->rp;
- memset(uh, 0, Userhdrlen);
- uh->nexthdr = nexthdr;
- }
- /* ingress filtering here? */
- if(qfull(c->rq)){
- netlog(f, Logesp, "esp: qfull %I -> %I.%uld\n", vers.raddr,
- vers.laddr, vers.spi);
- freeblist(bp);
- }else {
- // print("esp: pass up: %uld\n", BLEN(bp));
- qpass(c->rq, bp); /* pass packet up the read queue */
- }
- qunlock(c);
- }
- char*
- espctl(Conv *c, char **f, int n)
- {
- Espcb *ecb = c->ptcl;
- char *e = nil;
- if(strcmp(f[0], "esp") == 0)
- e = setalg(ecb, f, n, espalg);
- else if(strcmp(f[0], "ah") == 0)
- e = setalg(ecb, f, n, ahalg);
- else if(strcmp(f[0], "header") == 0)
- ecb->header = 1;
- else if(strcmp(f[0], "noheader") == 0)
- ecb->header = 0;
- else
- e = "unknown control request";
- return e;
- }
- /* called from icmp(v6) for unreachable hosts, time exceeded, etc. */
- void
- espadvise(Proto *esp, Block *bp, char *msg)
- {
- Conv *c;
- Versdep vers;
- getverslens(pktipvers(esp->f, &bp), &vers);
- getpktspiaddrs(bp->rp, &vers);
- qlock(esp);
- c = convlookup(esp, vers.spi);
- if(c != nil) {
- qhangup(c->rq, msg);
- qhangup(c->wq, msg);
- }
- qunlock(esp);
- freeblist(bp);
- }
- int
- espstats(Proto *esp, char *buf, int len)
- {
- Esppriv *upriv;
- upriv = esp->priv;
- return snprint(buf, len, "%llud %lud\n",
- upriv->in,
- upriv->inerrors);
- }
- static int
- esplocal(Conv *c, char *buf, int len)
- {
- Espcb *ecb = c->ptcl;
- int n;
- qlock(c);
- if(ecb->incoming)
- n = snprint(buf, len, "%I!%uld\n", c->laddr, ecb->spi);
- else
- n = snprint(buf, len, "%I\n", c->laddr);
- qunlock(c);
- return n;
- }
- static int
- espremote(Conv *c, char *buf, int len)
- {
- Espcb *ecb = c->ptcl;
- int n;
- qlock(c);
- if(ecb->incoming)
- n = snprint(buf, len, "%I\n", c->raddr);
- else
- n = snprint(buf, len, "%I!%uld\n", c->raddr, ecb->spi);
- qunlock(c);
- return n;
- }
- static Conv*
- convlookup(Proto *esp, ulong spi)
- {
- Conv *c, **p;
- Espcb *ecb;
- for(p=esp->conv; *p; p++){
- c = *p;
- ecb = c->ptcl;
- if(ecb->incoming && ecb->spi == spi)
- return c;
- }
- return nil;
- }
- static char *
- setalg(Espcb *ecb, char **f, int n, Algorithm *alg)
- {
- uchar *key;
- int c, nbyte, nchar;
- uint i;
- if(n < 2 || n > 3)
- return "bad format";
- for(; alg->name; alg++)
- if(strcmp(f[1], alg->name) == 0)
- break;
- if(alg->name == nil)
- return "unknown algorithm";
- nbyte = (alg->keylen + 7) >> 3;
- if (n == 2)
- nchar = 0;
- else
- nchar = strlen(f[2]);
- if(nchar != 2 * nbyte) /* TODO: maybe < is ok */
- return "key not required length";
- /* convert hex digits from ascii, in place */
- for(i=0; i<nchar; i++) {
- c = f[2][i];
- if(c >= '0' && c <= '9')
- f[2][i] -= '0';
- else if(c >= 'a' && c <= 'f')
- f[2][i] -= 'a'-10;
- else if(c >= 'A' && c <= 'F')
- f[2][i] -= 'A'-10;
- else
- return "non-hex character in key";
- }
- /* collapse hex digits into complete bytes in reverse order in key */
- key = smalloc(nbyte);
- for(i = 0; i < nchar && i/2 < nbyte; i++) {
- c = f[2][nchar-i-1];
- if(i&1)
- c <<= 4;
- key[i/2] |= c;
- }
- alg->init(ecb, alg->name, key, alg->keylen);
- free(key);
- return nil;
- }
- /*
- * null encryption
- */
- static int
- nullcipher(Espcb*, uchar*, int)
- {
- return 1;
- }
- static void
- nullespinit(Espcb *ecb, char *name, uchar*, unsigned)
- {
- ecb->espalg = name;
- ecb->espblklen = 1;
- ecb->espivlen = 0;
- ecb->cipher = nullcipher;
- }
- static int
- nullauth(Espcb*, uchar*, int, uchar*)
- {
- return 1;
- }
- static void
- nullahinit(Espcb *ecb, char *name, uchar*, unsigned)
- {
- ecb->ahalg = name;
- ecb->ahblklen = 1;
- ecb->ahlen = 0;
- ecb->auth = nullauth;
- }
- /*
- * sha1
- */
- static void
- seanq_hmac_sha1(uchar hash[SHA1dlen], uchar *t, long tlen, uchar *key, long klen)
- {
- int i;
- uchar ipad[Hmacblksz+1], opad[Hmacblksz+1], innerhash[SHA1dlen];
- DigestState *digest;
- memset(ipad, 0x36, Hmacblksz);
- memset(opad, 0x5c, Hmacblksz);
- ipad[Hmacblksz] = opad[Hmacblksz] = 0;
- for(i = 0; i < klen; i++){
- ipad[i] ^= key[i];
- opad[i] ^= key[i];
- }
- digest = sha1(ipad, Hmacblksz, nil, nil);
- sha1(t, tlen, innerhash, digest);
- digest = sha1(opad, Hmacblksz, nil, nil);
- sha1(innerhash, SHA1dlen, hash, digest);
- }
- static int
- shaauth(Espcb *ecb, uchar *t, int tlen, uchar *auth)
- {
- int r;
- uchar hash[SHA1dlen];
- memset(hash, 0, SHA1dlen);
- seanq_hmac_sha1(hash, t, tlen, (uchar*)ecb->ahstate, BITS2BYTES(128));
- r = memcmp(auth, hash, ecb->ahlen) == 0;
- memmove(auth, hash, ecb->ahlen);
- return r;
- }
- static void
- shaahinit(Espcb *ecb, char *name, uchar *key, unsigned klen)
- {
- if(klen != 128)
- panic("shaahinit: bad keylen");
- klen /= BI2BY;
- ecb->ahalg = name;
- ecb->ahblklen = 1;
- ecb->ahlen = BITS2BYTES(96);
- ecb->auth = shaauth;
- ecb->ahstate = smalloc(klen);
- memmove(ecb->ahstate, key, klen);
- }
- /*
- * aes
- */
- /* ah_aes_xcbc_mac_96, rfc3566 */
- static int
- aesahauth(Espcb *ecb, uchar *t, int tlen, uchar *auth)
- {
- int r;
- uchar hash[AESdlen];
- memset(hash, 0, AESdlen);
- ecb->ds = hmac_aes(t, tlen, (uchar*)ecb->ahstate, BITS2BYTES(96), hash,
- ecb->ds);
- r = memcmp(auth, hash, ecb->ahlen) == 0;
- memmove(auth, hash, ecb->ahlen);
- return r;
- }
- static void
- aesahinit(Espcb *ecb, char *name, uchar *key, unsigned klen)
- {
- if(klen != 128)
- panic("aesahinit: keylen not 128");
- klen /= BI2BY;
- ecb->ahalg = name;
- ecb->ahblklen = 1;
- ecb->ahlen = BITS2BYTES(96);
- ecb->auth = aesahauth;
- ecb->ahstate = smalloc(klen);
- memmove(ecb->ahstate, key, klen);
- }
- static int
- aescbccipher(Espcb *ecb, uchar *p, int n) /* 128-bit blocks */
- {
- uchar tmp[AESbsize], q[AESbsize];
- uchar *pp, *tp, *ip, *eip, *ep;
- AESstate *ds = ecb->espstate;
- ep = p + n;
- if(ecb->incoming) {
- memmove(ds->ivec, p, AESbsize);
- p += AESbsize;
- while(p < ep){
- memmove(tmp, p, AESbsize);
- aes_decrypt(ds->dkey, ds->rounds, p, q);
- memmove(p, q, AESbsize);
- tp = tmp;
- ip = ds->ivec;
- for(eip = ip + AESbsize; ip < eip; ){
- *p++ ^= *ip;
- *ip++ = *tp++;
- }
- }
- } else {
- memmove(p, ds->ivec, AESbsize);
- for(p += AESbsize; p < ep; p += AESbsize){
- pp = p;
- ip = ds->ivec;
- for(eip = ip + AESbsize; ip < eip; )
- *pp++ ^= *ip++;
- aes_encrypt(ds->ekey, ds->rounds, p, q);
- memmove(ds->ivec, q, AESbsize);
- memmove(p, q, AESbsize);
- }
- }
- return 1;
- }
- static void
- aescbcespinit(Espcb *ecb, char *name, uchar *k, unsigned n)
- {
- uchar key[Aeskeysz], ivec[Aeskeysz];
- int i;
- n = BITS2BYTES(n);
- if(n > Aeskeysz)
- n = Aeskeysz;
- memset(key, 0, sizeof(key));
- memmove(key, k, n);
- for(i = 0; i < Aeskeysz; i++)
- ivec[i] = nrand(256);
- ecb->espalg = name;
- ecb->espblklen = Aesblk;
- ecb->espivlen = Aesblk;
- ecb->cipher = aescbccipher;
- ecb->espstate = smalloc(sizeof(AESstate));
- setupAESstate(ecb->espstate, key, n /* keybytes */, ivec);
- }
- static int
- aesctrcipher(Espcb *ecb, uchar *p, int n) /* 128-bit blocks */
- {
- uchar tmp[AESbsize], q[AESbsize];
- uchar *pp, *tp, *ip, *eip, *ep;
- AESstate *ds = ecb->espstate;
- ep = p + n;
- if(ecb->incoming) {
- memmove(ds->ivec, p, AESbsize);
- p += AESbsize;
- while(p < ep){
- memmove(tmp, p, AESbsize);
- aes_decrypt(ds->dkey, ds->rounds, p, q);
- memmove(p, q, AESbsize);
- tp = tmp;
- ip = ds->ivec;
- for(eip = ip + AESbsize; ip < eip; ){
- *p++ ^= *ip;
- *ip++ = *tp++;
- }
- }
- } else {
- memmove(p, ds->ivec, AESbsize);
- for(p += AESbsize; p < ep; p += AESbsize){
- pp = p;
- ip = ds->ivec;
- for(eip = ip + AESbsize; ip < eip; )
- *pp++ ^= *ip++;
- aes_encrypt(ds->ekey, ds->rounds, p, q);
- memmove(ds->ivec, q, AESbsize);
- memmove(p, q, AESbsize);
- }
- }
- return 1;
- }
- static void
- aesctrespinit(Espcb *ecb, char *name, uchar *k, unsigned n)
- {
- uchar key[Aesblk], ivec[Aesblk];
- int i;
- n = BITS2BYTES(n);
- if(n > Aeskeysz)
- n = Aeskeysz;
- memset(key, 0, sizeof(key));
- memmove(key, k, n);
- for(i = 0; i < Aesblk; i++)
- ivec[i] = nrand(256);
- ecb->espalg = name;
- ecb->espblklen = Aesblk;
- ecb->espivlen = Aesblk;
- ecb->cipher = aesctrcipher;
- ecb->espstate = smalloc(sizeof(AESstate));
- setupAESstate(ecb->espstate, key, n /* keybytes */, ivec);
- }
- /*
- * md5
- */
- static void
- seanq_hmac_md5(uchar hash[MD5dlen], uchar *t, long tlen, uchar *key, long klen)
- {
- int i;
- uchar ipad[Hmacblksz+1], opad[Hmacblksz+1], innerhash[MD5dlen];
- DigestState *digest;
- memset(ipad, 0x36, Hmacblksz);
- memset(opad, 0x5c, Hmacblksz);
- ipad[Hmacblksz] = opad[Hmacblksz] = 0;
- for(i = 0; i < klen; i++){
- ipad[i] ^= key[i];
- opad[i] ^= key[i];
- }
- digest = md5(ipad, Hmacblksz, nil, nil);
- md5(t, tlen, innerhash, digest);
- digest = md5(opad, Hmacblksz, nil, nil);
- md5(innerhash, MD5dlen, hash, digest);
- }
- static int
- md5auth(Espcb *ecb, uchar *t, int tlen, uchar *auth)
- {
- uchar hash[MD5dlen];
- int r;
- memset(hash, 0, MD5dlen);
- seanq_hmac_md5(hash, t, tlen, (uchar*)ecb->ahstate, BITS2BYTES(128));
- r = memcmp(auth, hash, ecb->ahlen) == 0;
- memmove(auth, hash, ecb->ahlen);
- return r;
- }
- static void
- md5ahinit(Espcb *ecb, char *name, uchar *key, unsigned klen)
- {
- if(klen != 128)
- panic("md5ahinit: bad keylen");
- klen = BITS2BYTES(klen);
- ecb->ahalg = name;
- ecb->ahblklen = 1;
- ecb->ahlen = BITS2BYTES(96);
- ecb->auth = md5auth;
- ecb->ahstate = smalloc(klen);
- memmove(ecb->ahstate, key, klen);
- }
- /*
- * des, single and triple
- */
- static int
- descipher(Espcb *ecb, uchar *p, int n)
- {
- DESstate *ds = ecb->espstate;
- if(ecb->incoming) {
- memmove(ds->ivec, p, Desblk);
- desCBCdecrypt(p + Desblk, n - Desblk, ds);
- } else {
- memmove(p, ds->ivec, Desblk);
- desCBCencrypt(p + Desblk, n - Desblk, ds);
- }
- return 1;
- }
- static int
- des3cipher(Espcb *ecb, uchar *p, int n)
- {
- DES3state *ds = ecb->espstate;
- if(ecb->incoming) {
- memmove(ds->ivec, p, Desblk);
- des3CBCdecrypt(p + Desblk, n - Desblk, ds);
- } else {
- memmove(p, ds->ivec, Desblk);
- des3CBCencrypt(p + Desblk, n - Desblk, ds);
- }
- return 1;
- }
- static void
- desespinit(Espcb *ecb, char *name, uchar *k, unsigned n)
- {
- uchar key[Desblk], ivec[Desblk];
- int i;
- n = BITS2BYTES(n);
- if(n > Desblk)
- n = Desblk;
- memset(key, 0, sizeof(key));
- memmove(key, k, n);
- for(i = 0; i < Desblk; i++)
- ivec[i] = nrand(256);
- ecb->espalg = name;
- ecb->espblklen = Desblk;
- ecb->espivlen = Desblk;
- ecb->cipher = descipher;
- ecb->espstate = smalloc(sizeof(DESstate));
- setupDESstate(ecb->espstate, key, ivec);
- }
- static void
- des3espinit(Espcb *ecb, char *name, uchar *k, unsigned n)
- {
- uchar key[3][Desblk], ivec[Desblk];
- int i;
- n = BITS2BYTES(n);
- if(n > Des3keysz)
- n = Des3keysz;
- memset(key, 0, sizeof(key));
- memmove(key, k, n);
- for(i = 0; i < Desblk; i++)
- ivec[i] = nrand(256);
- ecb->espalg = name;
- ecb->espblklen = Desblk;
- ecb->espivlen = Desblk;
- ecb->cipher = des3cipher;
- ecb->espstate = smalloc(sizeof(DES3state));
- setupDES3state(ecb->espstate, key, ivec);
- }
- /*
- * interfacing to devip
- */
- void
- espinit(Fs *fs)
- {
- Proto *esp;
- esp = smalloc(sizeof(Proto));
- esp->priv = smalloc(sizeof(Esppriv));
- esp->name = "esp";
- esp->connect = espconnect;
- esp->announce = nil;
- esp->ctl = espctl;
- esp->state = espstate;
- esp->create = espcreate;
- esp->close = espclose;
- esp->rcv = espiput;
- esp->advise = espadvise;
- esp->stats = espstats;
- esp->local = esplocal;
- esp->remote = espremote;
- esp->ipproto = IP_ESPPROTO;
- esp->nc = Nchans;
- esp->ptclsize = sizeof(Espcb);
- Fsproto(fs, esp);
- }
|