The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/netipsec/xform_ah.c

Version: -  FREEBSD  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-2  -  FREEBSD-11-1  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-4  -  FREEBSD-10-3  -  FREEBSD-10-2  -  FREEBSD-10-1  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-3  -  FREEBSD-9-2  -  FREEBSD-9-1  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-4  -  FREEBSD-8-3  -  FREEBSD-8-2  -  FREEBSD-8-1  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-4  -  FREEBSD-7-3  -  FREEBSD-7-2  -  FREEBSD-7-1  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-4  -  FREEBSD-6-3  -  FREEBSD-6-2  -  FREEBSD-6-1  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-5  -  FREEBSD-5-4  -  FREEBSD-5-3  -  FREEBSD-5-2  -  FREEBSD-5-1  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  linux-2.6  -  linux-2.4.22  -  MK83  -  MK84  -  PLAN9  -  DFBSD  -  NETBSD  -  NETBSD5  -  NETBSD4  -  NETBSD3  -  NETBSD20  -  OPENBSD  -  xnu-517  -  xnu-792  -  xnu-792.6.70  -  xnu-1228  -  xnu-1456.1.26  -  xnu-1699.24.8  -  xnu-2050.18.24  -  OPENSOLARIS  -  minix-3-1-1 
SearchContext: -  none  -  3  -  10 

    1 /*      $FreeBSD: stable/12/sys/netipsec/xform_ah.c 351358 2019-08-21 22:42:08Z jhb $   */
    2 /*      $OpenBSD: ip_ah.c,v 1.63 2001/06/26 06:18:58 angelos Exp $ */
    3 /*-
    4  * The authors of this code are John Ioannidis (ji@tla.org),
    5  * Angelos D. Keromytis (kermit@csd.uch.gr) and
    6  * Niels Provos (provos@physnet.uni-hamburg.de).
    7  *
    8  * The original version of this code was written by John Ioannidis
    9  * for BSD/OS in Athens, Greece, in November 1995.
   10  *
   11  * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
   12  * by Angelos D. Keromytis.
   13  *
   14  * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis
   15  * and Niels Provos.
   16  *
   17  * Additional features in 1999 by Angelos D. Keromytis and Niklas Hallqvist.
   18  *
   19  * Copyright (c) 1995, 1996, 1997, 1998, 1999 by John Ioannidis,
   20  * Angelos D. Keromytis and Niels Provos.
   21  * Copyright (c) 1999 Niklas Hallqvist.
   22  * Copyright (c) 2001 Angelos D. Keromytis.
   23  *
   24  * Permission to use, copy, and modify this software with or without fee
   25  * is hereby granted, provided that this entire notice is included in
   26  * all copies of any software which is or includes a copy or
   27  * modification of this software.
   28  * You may use this code under the GNU public license if you so wish. Please
   29  * contribute changes back to the authors under this freer than GPL license
   30  * so that we may further the use of strong encryption without limitations to
   31  * all.
   32  *
   33  * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
   34  * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
   35  * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
   36  * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
   37  * PURPOSE.
   38  */
   39 #include "opt_inet.h"
   40 #include "opt_inet6.h"
   41 
   42 #include <sys/param.h>
   43 #include <sys/systm.h>
   44 #include <sys/mbuf.h>
   45 #include <sys/socket.h>
   46 #include <sys/syslog.h>
   47 #include <sys/kernel.h>
   48 #include <sys/lock.h>
   49 #include <sys/mutex.h>
   50 #include <sys/sysctl.h>
   51 
   52 #include <net/if.h>
   53 #include <net/vnet.h>
   54 
   55 #include <netinet/in.h>
   56 #include <netinet/in_systm.h>
   57 #include <netinet/ip.h>
   58 #include <netinet/ip_ecn.h>
   59 #include <netinet/ip6.h>
   60 
   61 #include <netipsec/ipsec.h>
   62 #include <netipsec/ah.h>
   63 #include <netipsec/ah_var.h>
   64 #include <netipsec/xform.h>
   65 
   66 #ifdef INET6
   67 #include <netinet6/ip6_var.h>
   68 #include <netipsec/ipsec6.h>
   69 #include <netinet6/ip6_ecn.h>
   70 #endif
   71 
   72 #include <netipsec/key.h>
   73 #include <netipsec/key_debug.h>
   74 
   75 #include <opencrypto/cryptodev.h>
   76 
   77 /*
   78  * Return header size in bytes.  The old protocol did not support
   79  * the replay counter; the new protocol always includes the counter.
   80  */
   81 #define HDRSIZE(sav) \
   82         (((sav)->flags & SADB_X_EXT_OLD) ? \
   83                 sizeof (struct ah) : sizeof (struct ah) + sizeof (u_int32_t))
   84 /* 
   85  * Return authenticator size in bytes, based on a field in the
   86  * algorithm descriptor.
   87  */
   88 #define AUTHSIZE(sav)   ((sav->flags & SADB_X_EXT_OLD) ? 16 :   \
   89                          xform_ah_authsize((sav)->tdb_authalgxform))
   90 
   91 VNET_DEFINE(int, ah_enable) = 1;        /* control flow of packets with AH */
   92 VNET_DEFINE(int, ah_cleartos) = 1;      /* clear ip_tos when doing AH calc */
   93 VNET_PCPUSTAT_DEFINE(struct ahstat, ahstat);
   94 VNET_PCPUSTAT_SYSINIT(ahstat);
   95 
   96 #ifdef VIMAGE
   97 VNET_PCPUSTAT_SYSUNINIT(ahstat);
   98 #endif /* VIMAGE */
   99 
  100 #ifdef INET
  101 SYSCTL_DECL(_net_inet_ah);
  102 SYSCTL_INT(_net_inet_ah, OID_AUTO, ah_enable,
  103         CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ah_enable), 0, "");
  104 SYSCTL_INT(_net_inet_ah, OID_AUTO, ah_cleartos,
  105         CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ah_cleartos), 0, "");
  106 SYSCTL_VNET_PCPUSTAT(_net_inet_ah, IPSECCTL_STATS, stats, struct ahstat,
  107     ahstat, "AH statistics (struct ahstat, netipsec/ah_var.h)");
  108 #endif
  109 
  110 static unsigned char ipseczeroes[256];  /* larger than an ip6 extension hdr */
  111 static struct timeval md5warn, ripewarn, kpdkmd5warn, kpdksha1warn;
  112 
  113 static int ah_input_cb(struct cryptop*);
  114 static int ah_output_cb(struct cryptop*);
  115 
  116 int
  117 xform_ah_authsize(const struct auth_hash *esph)
  118 {
  119         int alen;
  120 
  121         if (esph == NULL)
  122                 return 0;
  123 
  124         switch (esph->type) {
  125         case CRYPTO_SHA2_256_HMAC:
  126         case CRYPTO_SHA2_384_HMAC:
  127         case CRYPTO_SHA2_512_HMAC:
  128                 alen = esph->hashsize / 2;      /* RFC4868 2.3 */
  129                 break;
  130 
  131         case CRYPTO_AES_128_NIST_GMAC:
  132         case CRYPTO_AES_192_NIST_GMAC:
  133         case CRYPTO_AES_256_NIST_GMAC:
  134                 alen = esph->hashsize;
  135                 break;
  136 
  137         default:
  138                 alen = AH_HMAC_HASHLEN;
  139                 break;
  140         }
  141 
  142         return alen;
  143 }
  144 
  145 size_t
  146 ah_hdrsiz(struct secasvar *sav)
  147 {
  148         size_t size;
  149 
  150         if (sav != NULL) {
  151                 int authsize, rplen, align;
  152 
  153                 IPSEC_ASSERT(sav->tdb_authalgxform != NULL, ("null xform"));
  154                 /*XXX not right for null algorithm--does it matter??*/
  155 
  156                 /* RFC4302: use the correct alignment. */
  157                 align = sizeof(uint32_t);
  158 #ifdef INET6
  159                 if (sav->sah->saidx.dst.sa.sa_family == AF_INET6) {
  160                         align = sizeof(uint64_t);
  161                 }
  162 #endif
  163                 rplen = HDRSIZE(sav);
  164                 authsize = AUTHSIZE(sav);
  165                 size = roundup(rplen + authsize, align);
  166         } else {
  167                 /* default guess */
  168                 size = sizeof (struct ah) + sizeof (u_int32_t) + 16;
  169         }
  170         return size;
  171 }
  172 
  173 /*
  174  * NB: public for use by esp_init.
  175  */
  176 int
  177 ah_init0(struct secasvar *sav, struct xformsw *xsp, struct cryptoini *cria)
  178 {
  179         const struct auth_hash *thash;
  180         int keylen;
  181 
  182         thash = auth_algorithm_lookup(sav->alg_auth);
  183         if (thash == NULL) {
  184                 DPRINTF(("%s: unsupported authentication algorithm %u\n",
  185                         __func__, sav->alg_auth));
  186                 return EINVAL;
  187         }
  188 
  189         switch (sav->alg_auth) {
  190         case SADB_AALG_MD5HMAC:
  191                 if (ratecheck(&md5warn, &ipsec_warn_interval))
  192                         gone_in(13, "MD5-HMAC authenticator for IPsec");
  193                 break;
  194         case SADB_X_AALG_RIPEMD160HMAC:
  195                 if (ratecheck(&ripewarn, &ipsec_warn_interval))
  196                         gone_in(13, "RIPEMD160-HMAC authenticator for IPsec");
  197                 break;
  198         case SADB_X_AALG_MD5:
  199                 if (ratecheck(&kpdkmd5warn, &ipsec_warn_interval))
  200                         gone_in(13, "Keyed-MD5 authenticator for IPsec");
  201                 break;
  202         case SADB_X_AALG_SHA:
  203                 if (ratecheck(&kpdksha1warn, &ipsec_warn_interval))
  204                         gone_in(13, "Keyed-SHA1 authenticator for IPsec");
  205                 break;
  206         }
  207 
  208         /*
  209          * Verify the replay state block allocation is consistent with
  210          * the protocol type.  We check here so we can make assumptions
  211          * later during protocol processing.
  212          */
  213         /* NB: replay state is setup elsewhere (sigh) */
  214         if (((sav->flags&SADB_X_EXT_OLD) == 0) ^ (sav->replay != NULL)) {
  215                 DPRINTF(("%s: replay state block inconsistency, "
  216                         "%s algorithm %s replay state\n", __func__,
  217                         (sav->flags & SADB_X_EXT_OLD) ? "old" : "new",
  218                         sav->replay == NULL ? "without" : "with"));
  219                 return EINVAL;
  220         }
  221         if (sav->key_auth == NULL) {
  222                 DPRINTF(("%s: no authentication key for %s algorithm\n",
  223                         __func__, thash->name));
  224                 return EINVAL;
  225         }
  226         keylen = _KEYLEN(sav->key_auth);
  227         if (keylen > thash->keysize && thash->keysize != 0) {
  228                 DPRINTF(("%s: invalid keylength %d, algorithm %s requires "
  229                         "keysize less than %d\n", __func__,
  230                          keylen, thash->name, thash->keysize));
  231                 return EINVAL;
  232         }
  233 
  234         sav->tdb_xform = xsp;
  235         sav->tdb_authalgxform = thash;
  236 
  237         /* Initialize crypto session. */
  238         bzero(cria, sizeof (*cria));
  239         cria->cri_alg = sav->tdb_authalgxform->type;
  240         cria->cri_klen = _KEYBITS(sav->key_auth);
  241         cria->cri_key = sav->key_auth->key_data;
  242         cria->cri_mlen = AUTHSIZE(sav);
  243 
  244         return 0;
  245 }
  246 
  247 /*
  248  * ah_init() is called when an SPI is being set up.
  249  */
  250 static int
  251 ah_init(struct secasvar *sav, struct xformsw *xsp)
  252 {
  253         struct cryptoini cria;
  254         int error;
  255 
  256         error = ah_init0(sav, xsp, &cria);
  257         return error ? error :
  258                  crypto_newsession(&sav->tdb_cryptoid, &cria, V_crypto_support);
  259 }
  260 
  261 /*
  262  * Paranoia.
  263  *
  264  * NB: public for use by esp_zeroize (XXX).
  265  */
  266 int
  267 ah_zeroize(struct secasvar *sav)
  268 {
  269 
  270         if (sav->key_auth)
  271                 bzero(sav->key_auth->key_data, _KEYLEN(sav->key_auth));
  272 
  273         crypto_freesession(sav->tdb_cryptoid);
  274         sav->tdb_cryptoid = NULL;
  275         sav->tdb_authalgxform = NULL;
  276         sav->tdb_xform = NULL;
  277         return 0;
  278 }
  279 
  280 /*
  281  * Massage IPv4/IPv6 headers for AH processing.
  282  */
  283 static int
  284 ah_massage_headers(struct mbuf **m0, int proto, int skip, int alg, int out)
  285 {
  286         struct mbuf *m = *m0;
  287         unsigned char *ptr;
  288         int off, count;
  289 
  290 #ifdef INET
  291         struct ip *ip;
  292 #endif /* INET */
  293 
  294 #ifdef INET6
  295         struct ip6_ext *ip6e;
  296         struct ip6_hdr ip6;
  297         int ad, alloc, nxt, noff;
  298 #endif /* INET6 */
  299 
  300         switch (proto) {
  301 #ifdef INET
  302         case AF_INET:
  303                 /*
  304                  * This is the least painful way of dealing with IPv4 header
  305                  * and option processing -- just make sure they're in
  306                  * contiguous memory.
  307                  */
  308                 *m0 = m = m_pullup(m, skip);
  309                 if (m == NULL) {
  310                         DPRINTF(("%s: m_pullup failed\n", __func__));
  311                         return ENOBUFS;
  312                 }
  313 
  314                 /* Fix the IP header */
  315                 ip = mtod(m, struct ip *);
  316                 if (V_ah_cleartos)
  317                         ip->ip_tos = 0;
  318                 ip->ip_ttl = 0;
  319                 ip->ip_sum = 0;
  320 
  321                 if (alg == CRYPTO_MD5_KPDK || alg == CRYPTO_SHA1_KPDK)
  322                         ip->ip_off &= htons(IP_DF);
  323                 else
  324                         ip->ip_off = htons(0);
  325 
  326                 ptr = mtod(m, unsigned char *);
  327 
  328                 /* IPv4 option processing */
  329                 for (off = sizeof(struct ip); off < skip;) {
  330                         if (ptr[off] == IPOPT_EOL || ptr[off] == IPOPT_NOP ||
  331                             off + 1 < skip)
  332                                 ;
  333                         else {
  334                                 DPRINTF(("%s: illegal IPv4 option length for "
  335                                         "option %d\n", __func__, ptr[off]));
  336 
  337                                 m_freem(m);
  338                                 return EINVAL;
  339                         }
  340 
  341                         switch (ptr[off]) {
  342                         case IPOPT_EOL:
  343                                 off = skip;  /* End the loop. */
  344                                 break;
  345 
  346                         case IPOPT_NOP:
  347                                 off++;
  348                                 break;
  349 
  350                         case IPOPT_SECURITY:    /* 0x82 */
  351                         case 0x85:      /* Extended security. */
  352                         case 0x86:      /* Commercial security. */
  353                         case 0x94:      /* Router alert */
  354                         case 0x95:      /* RFC1770 */
  355                                 /* Sanity check for option length. */
  356                                 if (ptr[off + 1] < 2) {
  357                                         DPRINTF(("%s: illegal IPv4 option "
  358                                                 "length for option %d\n",
  359                                                 __func__, ptr[off]));
  360 
  361                                         m_freem(m);
  362                                         return EINVAL;
  363                                 }
  364 
  365                                 off += ptr[off + 1];
  366                                 break;
  367 
  368                         case IPOPT_LSRR:
  369                         case IPOPT_SSRR:
  370                                 /* Sanity check for option length. */
  371                                 if (ptr[off + 1] < 2) {
  372                                         DPRINTF(("%s: illegal IPv4 option "
  373                                                 "length for option %d\n",
  374                                                 __func__, ptr[off]));
  375 
  376                                         m_freem(m);
  377                                         return EINVAL;
  378                                 }
  379 
  380                                 /*
  381                                  * On output, if we have either of the
  382                                  * source routing options, we should
  383                                  * swap the destination address of the
  384                                  * IP header with the last address
  385                                  * specified in the option, as that is
  386                                  * what the destination's IP header
  387                                  * will look like.
  388                                  */
  389                                 if (out)
  390                                         bcopy(ptr + off + ptr[off + 1] -
  391                                             sizeof(struct in_addr),
  392                                             &(ip->ip_dst), sizeof(struct in_addr));
  393 
  394                                 /* Fall through */
  395                         default:
  396                                 /* Sanity check for option length. */
  397                                 if (ptr[off + 1] < 2) {
  398                                         DPRINTF(("%s: illegal IPv4 option "
  399                                                 "length for option %d\n",
  400                                                 __func__, ptr[off]));
  401                                         m_freem(m);
  402                                         return EINVAL;
  403                                 }
  404 
  405                                 /* Zeroize all other options. */
  406                                 count = ptr[off + 1];
  407                                 bcopy(ipseczeroes, ptr + off, count);
  408                                 off += count;
  409                                 break;
  410                         }
  411 
  412                         /* Sanity check. */
  413                         if (off > skip) {
  414                                 DPRINTF(("%s: malformed IPv4 options header\n",
  415                                         __func__));
  416 
  417                                 m_freem(m);
  418                                 return EINVAL;
  419                         }
  420                 }
  421 
  422                 break;
  423 #endif /* INET */
  424 
  425 #ifdef INET6
  426         case AF_INET6:  /* Ugly... */
  427                 /* Copy and "cook" the IPv6 header. */
  428                 m_copydata(m, 0, sizeof(ip6), (caddr_t) &ip6);
  429 
  430                 /* We don't do IPv6 Jumbograms. */
  431                 if (ip6.ip6_plen == 0) {
  432                         DPRINTF(("%s: unsupported IPv6 jumbogram\n", __func__));
  433                         m_freem(m);
  434                         return EMSGSIZE;
  435                 }
  436 
  437                 ip6.ip6_flow = 0;
  438                 ip6.ip6_hlim = 0;
  439                 ip6.ip6_vfc &= ~IPV6_VERSION_MASK;
  440                 ip6.ip6_vfc |= IPV6_VERSION;
  441 
  442                 /* Scoped address handling. */
  443                 if (IN6_IS_SCOPE_LINKLOCAL(&ip6.ip6_src))
  444                         ip6.ip6_src.s6_addr16[1] = 0;
  445                 if (IN6_IS_SCOPE_LINKLOCAL(&ip6.ip6_dst))
  446                         ip6.ip6_dst.s6_addr16[1] = 0;
  447 
  448                 /* Done with IPv6 header. */
  449                 m_copyback(m, 0, sizeof(struct ip6_hdr), (caddr_t) &ip6);
  450 
  451                 /* Let's deal with the remaining headers (if any). */
  452                 if (skip - sizeof(struct ip6_hdr) > 0) {
  453                         if (m->m_len <= skip) {
  454                                 ptr = (unsigned char *) malloc(
  455                                     skip - sizeof(struct ip6_hdr),
  456                                     M_XDATA, M_NOWAIT);
  457                                 if (ptr == NULL) {
  458                                         DPRINTF(("%s: failed to allocate memory"
  459                                                 "for IPv6 headers\n",__func__));
  460                                         m_freem(m);
  461                                         return ENOBUFS;
  462                                 }
  463 
  464                                 /*
  465                                  * Copy all the protocol headers after
  466                                  * the IPv6 header.
  467                                  */
  468                                 m_copydata(m, sizeof(struct ip6_hdr),
  469                                     skip - sizeof(struct ip6_hdr), ptr);
  470                                 alloc = 1;
  471                         } else {
  472                                 /* No need to allocate memory. */
  473                                 ptr = mtod(m, unsigned char *) +
  474                                     sizeof(struct ip6_hdr);
  475                                 alloc = 0;
  476                         }
  477                 } else
  478                         break;
  479 
  480                 nxt = ip6.ip6_nxt & 0xff; /* Next header type. */
  481 
  482                 for (off = 0; off < skip - sizeof(struct ip6_hdr);)
  483                         switch (nxt) {
  484                         case IPPROTO_HOPOPTS:
  485                         case IPPROTO_DSTOPTS:
  486                                 ip6e = (struct ip6_ext *)(ptr + off);
  487                                 noff = off + ((ip6e->ip6e_len + 1) << 3);
  488 
  489                                 /* Sanity check. */
  490                                 if (noff > skip - sizeof(struct ip6_hdr))
  491                                         goto error6;
  492 
  493                                 /*
  494                                  * Zero out mutable options.
  495                                  */
  496                                 for (count = off + sizeof(struct ip6_ext);
  497                                      count < noff;) {
  498                                         if (ptr[count] == IP6OPT_PAD1) {
  499                                                 count++;
  500                                                 continue; /* Skip padding. */
  501                                         }
  502 
  503                                         ad = ptr[count + 1] + 2;
  504                                         if (count + ad > noff)
  505                                                 goto error6;
  506 
  507                                         if (ptr[count] & IP6OPT_MUTABLE)
  508                                                 memset(ptr + count, 0, ad);
  509                                         count += ad;
  510                                 }
  511 
  512                                 if (count != noff)
  513                                         goto error6;
  514 
  515                                 /* Advance. */
  516                                 off += ((ip6e->ip6e_len + 1) << 3);
  517                                 nxt = ip6e->ip6e_nxt;
  518                                 break;
  519 
  520                         case IPPROTO_ROUTING:
  521                                 /*
  522                                  * Always include routing headers in
  523                                  * computation.
  524                                  */
  525                                 ip6e = (struct ip6_ext *) (ptr + off);
  526                                 off += ((ip6e->ip6e_len + 1) << 3);
  527                                 nxt = ip6e->ip6e_nxt;
  528                                 break;
  529 
  530                         default:
  531                                 DPRINTF(("%s: unexpected IPv6 header type %d",
  532                                         __func__, off));
  533 error6:
  534                                 if (alloc)
  535                                         free(ptr, M_XDATA);
  536                                 m_freem(m);
  537                                 return EINVAL;
  538                         }
  539 
  540                 /* Copyback and free, if we allocated. */
  541                 if (alloc) {
  542                         m_copyback(m, sizeof(struct ip6_hdr),
  543                             skip - sizeof(struct ip6_hdr), ptr);
  544                         free(ptr, M_XDATA);
  545                 }
  546 
  547                 break;
  548 #endif /* INET6 */
  549         }
  550 
  551         return 0;
  552 }
  553 
  554 /*
  555  * ah_input() gets called to verify that an input packet
  556  * passes authentication.
  557  */
  558 static int
  559 ah_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff)
  560 {
  561         IPSEC_DEBUG_DECLARE(char buf[128]);
  562         const struct auth_hash *ahx;
  563         struct cryptodesc *crda;
  564         struct cryptop *crp;
  565         struct xform_data *xd;
  566         struct newah *ah;
  567         crypto_session_t cryptoid;
  568         int hl, rplen, authsize, ahsize, error;
  569 
  570         IPSEC_ASSERT(sav != NULL, ("null SA"));
  571         IPSEC_ASSERT(sav->key_auth != NULL, ("null authentication key"));
  572         IPSEC_ASSERT(sav->tdb_authalgxform != NULL,
  573                 ("null authentication xform"));
  574 
  575         /* Figure out header size. */
  576         rplen = HDRSIZE(sav);
  577 
  578         /* XXX don't pullup, just copy header */
  579         IP6_EXTHDR_GET(ah, struct newah *, m, skip, rplen);
  580         if (ah == NULL) {
  581                 DPRINTF(("ah_input: cannot pullup header\n"));
  582                 AHSTAT_INC(ahs_hdrops);         /*XXX*/
  583                 error = ENOBUFS;
  584                 goto bad;
  585         }
  586 
  587         /* Check replay window, if applicable. */
  588         SECASVAR_LOCK(sav);
  589         if (sav->replay != NULL && sav->replay->wsize != 0 &&
  590             ipsec_chkreplay(ntohl(ah->ah_seq), sav) == 0) {
  591                 SECASVAR_UNLOCK(sav);
  592                 AHSTAT_INC(ahs_replay);
  593                 DPRINTF(("%s: packet replay failure: %s\n", __func__,
  594                     ipsec_sa2str(sav, buf, sizeof(buf))));
  595                 error = EACCES;
  596                 goto bad;
  597         }
  598         cryptoid = sav->tdb_cryptoid;
  599         SECASVAR_UNLOCK(sav);
  600 
  601         /* Verify AH header length. */
  602         hl = sizeof(struct ah) + (ah->ah_len * sizeof (u_int32_t));
  603         ahx = sav->tdb_authalgxform;
  604         authsize = AUTHSIZE(sav);
  605         ahsize = ah_hdrsiz(sav);
  606         if (hl != ahsize) {
  607                 DPRINTF(("%s: bad authenticator length %u (expecting %lu)"
  608                     " for packet in SA %s/%08lx\n", __func__, hl,
  609                     (u_long)ahsize,
  610                     ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
  611                     (u_long) ntohl(sav->spi)));
  612                 AHSTAT_INC(ahs_badauthl);
  613                 error = EACCES;
  614                 goto bad;
  615         }
  616         if (skip + ahsize > m->m_pkthdr.len) {
  617                 DPRINTF(("%s: bad mbuf length %u (expecting %lu)"
  618                     " for packet in SA %s/%08lx\n", __func__,
  619                     m->m_pkthdr.len, (u_long)(skip + ahsize),
  620                     ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
  621                     (u_long) ntohl(sav->spi)));
  622                 AHSTAT_INC(ahs_badauthl);
  623                 error = EACCES;
  624                 goto bad;
  625         }
  626         AHSTAT_ADD(ahs_ibytes, m->m_pkthdr.len - skip - hl);
  627 
  628         /* Get crypto descriptors. */
  629         crp = crypto_getreq(1);
  630         if (crp == NULL) {
  631                 DPRINTF(("%s: failed to acquire crypto descriptor\n",
  632                     __func__));
  633                 AHSTAT_INC(ahs_crypto);
  634                 error = ENOBUFS;
  635                 goto bad;
  636         }
  637 
  638         crda = crp->crp_desc;
  639         IPSEC_ASSERT(crda != NULL, ("null crypto descriptor"));
  640 
  641         crda->crd_skip = 0;
  642         crda->crd_len = m->m_pkthdr.len;
  643         crda->crd_inject = skip + rplen;
  644 
  645         /* Authentication operation. */
  646         crda->crd_alg = ahx->type;
  647         crda->crd_klen = _KEYBITS(sav->key_auth);
  648         crda->crd_key = sav->key_auth->key_data;
  649 
  650         /* Allocate IPsec-specific opaque crypto info. */
  651         xd = malloc(sizeof(*xd) + skip + rplen + authsize, M_XDATA,
  652             M_NOWAIT | M_ZERO);
  653         if (xd == NULL) {
  654                 DPRINTF(("%s: failed to allocate xform_data\n", __func__));
  655                 AHSTAT_INC(ahs_crypto);
  656                 crypto_freereq(crp);
  657                 error = ENOBUFS;
  658                 goto bad;
  659         }
  660 
  661         /*
  662          * Save the authenticator, the skipped portion of the packet,
  663          * and the AH header.
  664          */
  665         m_copydata(m, 0, skip + rplen + authsize, (caddr_t)(xd + 1));
  666 
  667         /* Zeroize the authenticator on the packet. */
  668         m_copyback(m, skip + rplen, authsize, ipseczeroes);
  669 
  670         /* Save ah_nxt, since ah pointer can become invalid after "massage" */
  671         hl = ah->ah_nxt;
  672 
  673         /* "Massage" the packet headers for crypto processing. */
  674         error = ah_massage_headers(&m, sav->sah->saidx.dst.sa.sa_family,
  675             skip, ahx->type, 0);
  676         if (error != 0) {
  677                 /* NB: mbuf is free'd by ah_massage_headers */
  678                 AHSTAT_INC(ahs_hdrops);
  679                 free(xd, M_XDATA);
  680                 crypto_freereq(crp);
  681                 key_freesav(&sav);
  682                 return (error);
  683         }
  684 
  685         /* Crypto operation descriptor. */
  686         crp->crp_ilen = m->m_pkthdr.len; /* Total input length. */
  687         crp->crp_flags = CRYPTO_F_IMBUF | CRYPTO_F_CBIFSYNC;
  688         if (V_async_crypto)
  689                 crp->crp_flags |= CRYPTO_F_ASYNC | CRYPTO_F_ASYNC_KEEPORDER;
  690         crp->crp_buf = (caddr_t) m;
  691         crp->crp_callback = ah_input_cb;
  692         crp->crp_session = cryptoid;
  693         crp->crp_opaque = (caddr_t) xd;
  694 
  695         /* These are passed as-is to the callback. */
  696         xd->sav = sav;
  697         xd->nxt = hl;
  698         xd->protoff = protoff;
  699         xd->skip = skip;
  700         xd->cryptoid = cryptoid;
  701         xd->vnet = curvnet;
  702         return (crypto_dispatch(crp));
  703 bad:
  704         m_freem(m);
  705         key_freesav(&sav);
  706         return (error);
  707 }
  708 
  709 /*
  710  * AH input callback from the crypto driver.
  711  */
  712 static int
  713 ah_input_cb(struct cryptop *crp)
  714 {
  715         IPSEC_DEBUG_DECLARE(char buf[IPSEC_ADDRSTRLEN]);
  716         unsigned char calc[AH_ALEN_MAX];
  717         struct mbuf *m;
  718         struct xform_data *xd;
  719         struct secasvar *sav;
  720         struct secasindex *saidx;
  721         caddr_t ptr;
  722         crypto_session_t cryptoid;
  723         int authsize, rplen, ahsize, error, skip, protoff;
  724         uint8_t nxt;
  725 
  726         m = (struct mbuf *) crp->crp_buf;
  727         xd = (struct xform_data *) crp->crp_opaque;
  728         CURVNET_SET(xd->vnet);
  729         sav = xd->sav;
  730         skip = xd->skip;
  731         nxt = xd->nxt;
  732         protoff = xd->protoff;
  733         cryptoid = xd->cryptoid;
  734         saidx = &sav->sah->saidx;
  735         IPSEC_ASSERT(saidx->dst.sa.sa_family == AF_INET ||
  736                 saidx->dst.sa.sa_family == AF_INET6,
  737                 ("unexpected protocol family %u", saidx->dst.sa.sa_family));
  738 
  739         /* Check for crypto errors. */
  740         if (crp->crp_etype) {
  741                 if (crp->crp_etype == EAGAIN) {
  742                         /* Reset the session ID */
  743                         if (ipsec_updateid(sav, &crp->crp_session, &cryptoid) != 0)
  744                                 crypto_freesession(cryptoid);
  745                         xd->cryptoid = crp->crp_session;
  746                         CURVNET_RESTORE();
  747                         return (crypto_dispatch(crp));
  748                 }
  749                 AHSTAT_INC(ahs_noxform);
  750                 DPRINTF(("%s: crypto error %d\n", __func__, crp->crp_etype));
  751                 error = crp->crp_etype;
  752                 goto bad;
  753         } else {
  754                 AHSTAT_INC(ahs_hist[sav->alg_auth]);
  755                 crypto_freereq(crp);            /* No longer needed. */
  756                 crp = NULL;
  757         }
  758 
  759         /* Shouldn't happen... */
  760         if (m == NULL) {
  761                 AHSTAT_INC(ahs_crypto);
  762                 DPRINTF(("%s: bogus returned buffer from crypto\n", __func__));
  763                 error = EINVAL;
  764                 goto bad;
  765         }
  766 
  767         /* Figure out header size. */
  768         rplen = HDRSIZE(sav);
  769         authsize = AUTHSIZE(sav);
  770         ahsize = ah_hdrsiz(sav);
  771 
  772         /* Copy authenticator off the packet. */
  773         m_copydata(m, skip + rplen, authsize, calc);
  774 
  775         /* Verify authenticator. */
  776         ptr = (caddr_t) (xd + 1);
  777         if (timingsafe_bcmp(ptr + skip + rplen, calc, authsize)) {
  778                 DPRINTF(("%s: authentication hash mismatch for packet "
  779                     "in SA %s/%08lx\n", __func__,
  780                     ipsec_address(&saidx->dst, buf, sizeof(buf)),
  781                     (u_long) ntohl(sav->spi)));
  782                 AHSTAT_INC(ahs_badauth);
  783                 error = EACCES;
  784                 goto bad;
  785         }
  786         /* Fix the Next Protocol field. */
  787         ((uint8_t *) ptr)[protoff] = nxt;
  788 
  789         /* Copyback the saved (uncooked) network headers. */
  790         m_copyback(m, 0, skip, ptr);
  791         free(xd, M_XDATA), xd = NULL;                   /* No longer needed */
  792 
  793         /*
  794          * Header is now authenticated.
  795          */
  796         m->m_flags |= M_AUTHIPHDR|M_AUTHIPDGM;
  797 
  798         /*
  799          * Update replay sequence number, if appropriate.
  800          */
  801         if (sav->replay) {
  802                 u_int32_t seq;
  803 
  804                 m_copydata(m, skip + offsetof(struct newah, ah_seq),
  805                            sizeof (seq), (caddr_t) &seq);
  806                 SECASVAR_LOCK(sav);
  807                 if (ipsec_updatereplay(ntohl(seq), sav)) {
  808                         SECASVAR_UNLOCK(sav);
  809                         AHSTAT_INC(ahs_replay);
  810                         error = EACCES;
  811                         goto bad;
  812                 }
  813                 SECASVAR_UNLOCK(sav);
  814         }
  815 
  816         /*
  817          * Remove the AH header and authenticator from the mbuf.
  818          */
  819         error = m_striphdr(m, skip, ahsize);
  820         if (error) {
  821                 DPRINTF(("%s: mangled mbuf chain for SA %s/%08lx\n", __func__,
  822                     ipsec_address(&saidx->dst, buf, sizeof(buf)),
  823                     (u_long) ntohl(sav->spi)));
  824                 AHSTAT_INC(ahs_hdrops);
  825                 goto bad;
  826         }
  827 
  828         switch (saidx->dst.sa.sa_family) {
  829 #ifdef INET6
  830         case AF_INET6:
  831                 error = ipsec6_common_input_cb(m, sav, skip, protoff);
  832                 break;
  833 #endif
  834 #ifdef INET
  835         case AF_INET:
  836                 error = ipsec4_common_input_cb(m, sav, skip, protoff);
  837                 break;
  838 #endif
  839         default:
  840                 panic("%s: Unexpected address family: %d saidx=%p", __func__,
  841                     saidx->dst.sa.sa_family, saidx);
  842         }
  843         CURVNET_RESTORE();
  844         return error;
  845 bad:
  846         CURVNET_RESTORE();
  847         if (sav)
  848                 key_freesav(&sav);
  849         if (m != NULL)
  850                 m_freem(m);
  851         if (xd != NULL)
  852                 free(xd, M_XDATA);
  853         if (crp != NULL)
  854                 crypto_freereq(crp);
  855         return error;
  856 }
  857 
  858 /*
  859  * AH output routine, called by ipsec[46]_perform_request().
  860  */
  861 static int
  862 ah_output(struct mbuf *m, struct secpolicy *sp, struct secasvar *sav,
  863     u_int idx, int skip, int protoff)
  864 {
  865         IPSEC_DEBUG_DECLARE(char buf[IPSEC_ADDRSTRLEN]);
  866         const struct auth_hash *ahx;
  867         struct cryptodesc *crda;
  868         struct xform_data *xd;
  869         struct mbuf *mi;
  870         struct cryptop *crp;
  871         struct newah *ah;
  872         crypto_session_t cryptoid;
  873         uint16_t iplen;
  874         int error, rplen, authsize, ahsize, maxpacketsize, roff;
  875         uint8_t prot;
  876 
  877         IPSEC_ASSERT(sav != NULL, ("null SA"));
  878         ahx = sav->tdb_authalgxform;
  879         IPSEC_ASSERT(ahx != NULL, ("null authentication xform"));
  880 
  881         AHSTAT_INC(ahs_output);
  882 
  883         /* Figure out header size. */
  884         rplen = HDRSIZE(sav);
  885         authsize = AUTHSIZE(sav);
  886         ahsize = ah_hdrsiz(sav);
  887 
  888         /* Check for maximum packet size violations. */
  889         switch (sav->sah->saidx.dst.sa.sa_family) {
  890 #ifdef INET
  891         case AF_INET:
  892                 maxpacketsize = IP_MAXPACKET;
  893                 break;
  894 #endif /* INET */
  895 #ifdef INET6
  896         case AF_INET6:
  897                 maxpacketsize = IPV6_MAXPACKET;
  898                 break;
  899 #endif /* INET6 */
  900         default:
  901                 DPRINTF(("%s: unknown/unsupported protocol family %u, "
  902                     "SA %s/%08lx\n", __func__,
  903                     sav->sah->saidx.dst.sa.sa_family,
  904                     ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
  905                     (u_long) ntohl(sav->spi)));
  906                 AHSTAT_INC(ahs_nopf);
  907                 error = EPFNOSUPPORT;
  908                 goto bad;
  909         }
  910         if (ahsize + m->m_pkthdr.len > maxpacketsize) {
  911                 DPRINTF(("%s: packet in SA %s/%08lx got too big "
  912                     "(len %u, max len %u)\n", __func__,
  913                     ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
  914                     (u_long) ntohl(sav->spi),
  915                     ahsize + m->m_pkthdr.len, maxpacketsize));
  916                 AHSTAT_INC(ahs_toobig);
  917                 error = EMSGSIZE;
  918                 goto bad;
  919         }
  920 
  921         /* Update the counters. */
  922         AHSTAT_ADD(ahs_obytes, m->m_pkthdr.len - skip);
  923 
  924         m = m_unshare(m, M_NOWAIT);
  925         if (m == NULL) {
  926                 DPRINTF(("%s: cannot clone mbuf chain, SA %s/%08lx\n", __func__,
  927                     ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
  928                     (u_long) ntohl(sav->spi)));
  929                 AHSTAT_INC(ahs_hdrops);
  930                 error = ENOBUFS;
  931                 goto bad;
  932         }
  933 
  934         /* Inject AH header. */
  935         mi = m_makespace(m, skip, ahsize, &roff);
  936         if (mi == NULL) {
  937                 DPRINTF(("%s: failed to inject %u byte AH header for SA "
  938                     "%s/%08lx\n", __func__, ahsize,
  939                     ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
  940                     (u_long) ntohl(sav->spi)));
  941                 AHSTAT_INC(ahs_hdrops);         /*XXX differs from openbsd */
  942                 error = ENOBUFS;
  943                 goto bad;
  944         }
  945 
  946         /*
  947          * The AH header is guaranteed by m_makespace() to be in
  948          * contiguous memory, at roff bytes offset into the returned mbuf.
  949          */
  950         ah = (struct newah *)(mtod(mi, caddr_t) + roff);
  951 
  952         /* Initialize the AH header. */
  953         m_copydata(m, protoff, sizeof(u_int8_t), (caddr_t) &ah->ah_nxt);
  954         ah->ah_len = (ahsize - sizeof(struct ah)) / sizeof(u_int32_t);
  955         ah->ah_reserve = 0;
  956         ah->ah_spi = sav->spi;
  957 
  958         /* Zeroize authenticator. */
  959         m_copyback(m, skip + rplen, authsize, ipseczeroes);
  960 
  961         /* Zeroize padding */
  962         m_copyback(m, skip + rplen + authsize, ahsize - (rplen + authsize),
  963             ipseczeroes);
  964 
  965         /* Insert packet replay counter, as requested.  */
  966         SECASVAR_LOCK(sav);
  967         if (sav->replay) {
  968                 if (sav->replay->count == ~0 &&
  969                     (sav->flags & SADB_X_EXT_CYCSEQ) == 0) {
  970                         SECASVAR_UNLOCK(sav);
  971                         DPRINTF(("%s: replay counter wrapped for SA %s/%08lx\n",
  972                             __func__, ipsec_address(&sav->sah->saidx.dst, buf,
  973                             sizeof(buf)), (u_long) ntohl(sav->spi)));
  974                         AHSTAT_INC(ahs_wrap);
  975                         error = EACCES;
  976                         goto bad;
  977                 }
  978 #ifdef REGRESSION
  979                 /* Emulate replay attack when ipsec_replay is TRUE. */
  980                 if (!V_ipsec_replay)
  981 #endif
  982                         sav->replay->count++;
  983                 ah->ah_seq = htonl(sav->replay->count);
  984         }
  985         cryptoid = sav->tdb_cryptoid;
  986         SECASVAR_UNLOCK(sav);
  987 
  988         /* Get crypto descriptors. */
  989         crp = crypto_getreq(1);
  990         if (crp == NULL) {
  991                 DPRINTF(("%s: failed to acquire crypto descriptors\n",
  992                         __func__));
  993                 AHSTAT_INC(ahs_crypto);
  994                 error = ENOBUFS;
  995                 goto bad;
  996         }
  997 
  998         crda = crp->crp_desc;
  999         crda->crd_skip = 0;
 1000         crda->crd_inject = skip + rplen;
 1001         crda->crd_len = m->m_pkthdr.len;
 1002 
 1003         /* Authentication operation. */
 1004         crda->crd_alg = ahx->type;
 1005         crda->crd_key = sav->key_auth->key_data;
 1006         crda->crd_klen = _KEYBITS(sav->key_auth);
 1007 
 1008         /* Allocate IPsec-specific opaque crypto info. */
 1009         xd =  malloc(sizeof(struct xform_data) + skip, M_XDATA,
 1010             M_NOWAIT | M_ZERO);
 1011         if (xd == NULL) {
 1012                 crypto_freereq(crp);
 1013                 DPRINTF(("%s: failed to allocate xform_data\n", __func__));
 1014                 AHSTAT_INC(ahs_crypto);
 1015                 error = ENOBUFS;
 1016                 goto bad;
 1017         }
 1018 
 1019         /* Save the skipped portion of the packet. */
 1020         m_copydata(m, 0, skip, (caddr_t) (xd + 1));
 1021 
 1022         /*
 1023          * Fix IP header length on the header used for
 1024          * authentication. We don't need to fix the original
 1025          * header length as it will be fixed by our caller.
 1026          */
 1027         switch (sav->sah->saidx.dst.sa.sa_family) {
 1028 #ifdef INET
 1029         case AF_INET:
 1030                 bcopy(((caddr_t)(xd + 1)) +
 1031                     offsetof(struct ip, ip_len),
 1032                     (caddr_t) &iplen, sizeof(u_int16_t));
 1033                 iplen = htons(ntohs(iplen) + ahsize);
 1034                 m_copyback(m, offsetof(struct ip, ip_len),
 1035                     sizeof(u_int16_t), (caddr_t) &iplen);
 1036                 break;
 1037 #endif /* INET */
 1038 
 1039 #ifdef INET6
 1040         case AF_INET6:
 1041                 bcopy(((caddr_t)(xd + 1)) +
 1042                     offsetof(struct ip6_hdr, ip6_plen),
 1043                     (caddr_t) &iplen, sizeof(uint16_t));
 1044                 iplen = htons(ntohs(iplen) + ahsize);
 1045                 m_copyback(m, offsetof(struct ip6_hdr, ip6_plen),
 1046                     sizeof(uint16_t), (caddr_t) &iplen);
 1047                 break;
 1048 #endif /* INET6 */
 1049         }
 1050 
 1051         /* Fix the Next Header field in saved header. */
 1052         ((uint8_t *) (xd + 1))[protoff] = IPPROTO_AH;
 1053 
 1054         /* Update the Next Protocol field in the IP header. */
 1055         prot = IPPROTO_AH;
 1056         m_copyback(m, protoff, sizeof(uint8_t), (caddr_t) &prot);
 1057 
 1058         /* "Massage" the packet headers for crypto processing. */
 1059         error = ah_massage_headers(&m, sav->sah->saidx.dst.sa.sa_family,
 1060                         skip, ahx->type, 1);
 1061         if (error != 0) {
 1062                 m = NULL;       /* mbuf was free'd by ah_massage_headers. */
 1063                 free(xd, M_XDATA);
 1064                 crypto_freereq(crp);
 1065                 goto bad;
 1066         }
 1067 
 1068         /* Crypto operation descriptor. */
 1069         crp->crp_ilen = m->m_pkthdr.len; /* Total input length. */
 1070         crp->crp_flags = CRYPTO_F_IMBUF | CRYPTO_F_CBIFSYNC;
 1071         if (V_async_crypto)
 1072                 crp->crp_flags |= CRYPTO_F_ASYNC | CRYPTO_F_ASYNC_KEEPORDER;
 1073         crp->crp_buf = (caddr_t) m;
 1074         crp->crp_callback = ah_output_cb;
 1075         crp->crp_session = cryptoid;
 1076         crp->crp_opaque = (caddr_t) xd;
 1077 
 1078         /* These are passed as-is to the callback. */
 1079         xd->sp = sp;
 1080         xd->sav = sav;
 1081         xd->skip = skip;
 1082         xd->idx = idx;
 1083         xd->cryptoid = cryptoid;
 1084         xd->vnet = curvnet;
 1085 
 1086         return crypto_dispatch(crp);
 1087 bad:
 1088         if (m)
 1089                 m_freem(m);
 1090         key_freesav(&sav);
 1091         key_freesp(&sp);
 1092         return (error);
 1093 }
 1094 
 1095 /*
 1096  * AH output callback from the crypto driver.
 1097  */
 1098 static int
 1099 ah_output_cb(struct cryptop *crp)
 1100 {
 1101         struct xform_data *xd;
 1102         struct secpolicy *sp;
 1103         struct secasvar *sav;
 1104         struct mbuf *m;
 1105         crypto_session_t cryptoid;
 1106         caddr_t ptr;
 1107         u_int idx;
 1108         int skip, error;
 1109 
 1110         m = (struct mbuf *) crp->crp_buf;
 1111         xd = (struct xform_data *) crp->crp_opaque;
 1112         CURVNET_SET(xd->vnet);
 1113         sp = xd->sp;
 1114         sav = xd->sav;
 1115         skip = xd->skip;
 1116         idx = xd->idx;
 1117         cryptoid = xd->cryptoid;
 1118         ptr = (caddr_t) (xd + 1);
 1119 
 1120         /* Check for crypto errors. */
 1121         if (crp->crp_etype) {
 1122                 if (crp->crp_etype == EAGAIN) {
 1123                         /* Reset the session ID */
 1124                         if (ipsec_updateid(sav, &crp->crp_session, &cryptoid) != 0)
 1125                                 crypto_freesession(cryptoid);
 1126                         xd->cryptoid = crp->crp_session;
 1127                         CURVNET_RESTORE();
 1128                         return (crypto_dispatch(crp));
 1129                 }
 1130                 AHSTAT_INC(ahs_noxform);
 1131                 DPRINTF(("%s: crypto error %d\n", __func__, crp->crp_etype));
 1132                 error = crp->crp_etype;
 1133                 m_freem(m);
 1134                 goto bad;
 1135         }
 1136 
 1137         /* Shouldn't happen... */
 1138         if (m == NULL) {
 1139                 AHSTAT_INC(ahs_crypto);
 1140                 DPRINTF(("%s: bogus returned buffer from crypto\n", __func__));
 1141                 error = EINVAL;
 1142                 goto bad;
 1143         }
 1144         /*
 1145          * Copy original headers (with the new protocol number) back
 1146          * in place.
 1147          */
 1148         m_copyback(m, 0, skip, ptr);
 1149 
 1150         free(xd, M_XDATA);
 1151         crypto_freereq(crp);
 1152         AHSTAT_INC(ahs_hist[sav->alg_auth]);
 1153 #ifdef REGRESSION
 1154         /* Emulate man-in-the-middle attack when ipsec_integrity is TRUE. */
 1155         if (V_ipsec_integrity) {
 1156                 int alen;
 1157 
 1158                 /*
 1159                  * Corrupt HMAC if we want to test integrity verification of
 1160                  * the other side.
 1161                  */
 1162                 alen = AUTHSIZE(sav);
 1163                 m_copyback(m, m->m_pkthdr.len - alen, alen, ipseczeroes);
 1164         }
 1165 #endif
 1166 
 1167         /* NB: m is reclaimed by ipsec_process_done. */
 1168         error = ipsec_process_done(m, sp, sav, idx);
 1169         CURVNET_RESTORE();
 1170         return (error);
 1171 bad:
 1172         CURVNET_RESTORE();
 1173         free(xd, M_XDATA);
 1174         crypto_freereq(crp);
 1175         key_freesav(&sav);
 1176         key_freesp(&sp);
 1177         return (error);
 1178 }
 1179 
 1180 static struct xformsw ah_xformsw = {
 1181         .xf_type =      XF_AH,
 1182         .xf_name =      "IPsec AH",
 1183         .xf_init =      ah_init,
 1184         .xf_zeroize =   ah_zeroize,
 1185         .xf_input =     ah_input,
 1186         .xf_output =    ah_output,
 1187 };
 1188 
 1189 SYSINIT(ah_xform_init, SI_SUB_PROTO_DOMAIN, SI_ORDER_MIDDLE,
 1190     xform_attach, &ah_xformsw);
 1191 SYSUNINIT(ah_xform_uninit, SI_SUB_PROTO_DOMAIN, SI_ORDER_MIDDLE,
 1192     xform_detach, &ah_xformsw);

Cache object: dbbea24145c9b59ae79db1c27f2da435


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.