pre-compute and cache intermediate crypto key. suggestion from sommerfeld,

sync with kame.

loopback, blowfish-cbc transport mode, 128bit key
before: 86588496 bytes received in 00:42 (1.94 MB/s)
after: 86588496 bytes received in 00:31 (2.58 MB/s)
This commit is contained in:
itojun 2000-07-23 05:23:04 +00:00
parent ca777cb72c
commit 411ff12b27
7 changed files with 336 additions and 315 deletions

View File

@ -1,5 +1,5 @@
/* $NetBSD: ah.h,v 1.11 2000/07/18 14:56:42 itojun Exp $ */
/* $KAME: ah.h,v 1.11 2000/07/15 16:07:47 itojun Exp $ */
/* $NetBSD: ah.h,v 1.12 2000/07/23 05:23:04 itojun Exp $ */
/* $KAME: ah.h,v 1.12 2000/07/20 17:41:01 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@ -41,8 +41,6 @@
#include "opt_inet.h"
#endif
struct secasvar;
struct ah {
u_int8_t ah_nxt; /* Next Header */
u_int8_t ah_len; /* Length of data, in 32bit */
@ -60,6 +58,9 @@ struct newah {
/* variable size, 32bit bound*/ /* Authentication data */
};
#ifdef _KERNEL
struct secasvar;
struct ah_algorithm_state {
struct secasvar *sav;
void* foo; /*per algorithm data - maybe*/
@ -78,7 +79,6 @@ struct ah_algorithm {
#define AH_MAXSUMSIZE 16
#ifdef _KERNEL
extern const struct ah_algorithm *ah_algorithm_lookup __P((int));
/* cksum routines */

View File

@ -1,5 +1,5 @@
/* $NetBSD: esp.h,v 1.9 2000/07/18 14:56:42 itojun Exp $ */
/* $KAME: esp.h,v 1.9 2000/07/15 16:07:48 itojun Exp $ */
/* $NetBSD: esp.h,v 1.10 2000/07/23 05:23:04 itojun Exp $ */
/* $KAME: esp.h,v 1.10 2000/07/20 17:41:01 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@ -41,8 +41,6 @@
#include "opt_inet.h"
#endif
struct secasvar;
struct esp {
u_int32_t esp_spi; /* ESP */
/*variable size, 32bit bound*/ /* Initialization Vector */
@ -71,26 +69,25 @@ struct esptail {
/*variable size, 32bit bound*/ /* Authentication data (new IPsec)*/
};
struct esp_algorithm_state {
struct secasvar *sav;
void* foo; /*per algorithm data - maybe*/
};
#ifdef _KERNEL
struct secasvar;
/* XXX yet to be defined */
struct esp_algorithm {
size_t padbound; /* pad boundary, in byte */
int (*mature) __P((struct secasvar *));
int keymin; /* in bits */
int keymax; /* in bits */
size_t schedlen;
const char *name;
int (*ivlen) __P((struct secasvar *));
int (*decrypt) __P((struct mbuf *, size_t,
struct secasvar *, const struct esp_algorithm *, int));
int (*encrypt) __P((struct mbuf *, size_t, size_t,
struct secasvar *, const struct esp_algorithm *, int));
/* not supposed to be called directly */
int (*schedule) __P((const struct esp_algorithm *, struct secasvar *));
};
#ifdef _KERNEL
extern const struct esp_algorithm *esp_algorithm_lookup __P((int));
/* crypt routines */
@ -105,6 +102,7 @@ extern int esp6_input __P((struct mbuf **, int *, int));
#endif /* INET6 */
#endif /*_KERNEL*/
extern int esp_schedule __P((const struct esp_algorithm *, struct secasvar *));
extern int esp_auth __P((struct mbuf *, size_t, size_t,
struct secasvar *, u_char *));

View File

@ -1,5 +1,5 @@
/* $NetBSD: esp_core.c,v 1.2 2000/07/18 14:56:42 itojun Exp $ */
/* $KAME: esp_core.c,v 1.18 2000/07/16 08:44:24 itojun Exp $ */
/* $NetBSD: esp_core.c,v 1.3 2000/07/23 05:23:04 itojun Exp $ */
/* $KAME: esp_core.c,v 1.20 2000/07/21 02:42:12 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@ -69,6 +69,8 @@
#include <net/net_osdep.h>
static int esp_crypto_sanity __P((const struct esp_algorithm *,
struct secasvar *, int));
static int esp_null_mature __P((struct secasvar *));
static int esp_null_ivlen __P((struct secasvar *));
static int esp_null_decrypt __P((struct mbuf *, size_t,
@ -81,28 +83,38 @@ static int esp_descbc_decrypt __P((struct mbuf *, size_t,
struct secasvar *, const struct esp_algorithm *, int));
static int esp_descbc_encrypt __P((struct mbuf *, size_t, size_t,
struct secasvar *, const struct esp_algorithm *, int));
static int esp_descbc_schedule __P((const struct esp_algorithm *,
struct secasvar *));
static int esp_cbc_mature __P((struct secasvar *));
static int esp_blowfish_cbc_decrypt __P((struct mbuf *, size_t,
struct secasvar *, const struct esp_algorithm *, int));
static int esp_blowfish_cbc_encrypt __P((struct mbuf *, size_t,
size_t, struct secasvar *, const struct esp_algorithm *, int));
static int esp_blowfish_cbc_schedule __P((const struct esp_algorithm *,
struct secasvar *));
static int esp_blowfish_cbc_ivlen __P((struct secasvar *));
static int esp_cast128cbc_ivlen __P((struct secasvar *));
static int esp_cast128cbc_decrypt __P((struct mbuf *, size_t,
struct secasvar *, const struct esp_algorithm *, int));
static int esp_cast128cbc_encrypt __P((struct mbuf *, size_t, size_t,
struct secasvar *, const struct esp_algorithm *, int));
static int esp_cast128cbc_schedule __P((const struct esp_algorithm *,
struct secasvar *));
static int esp_3descbc_ivlen __P((struct secasvar *));
static int esp_3descbc_decrypt __P((struct mbuf *, size_t,
struct secasvar *, const struct esp_algorithm *, int));
static int esp_3descbc_encrypt __P((struct mbuf *, size_t, size_t,
struct secasvar *, const struct esp_algorithm *, int));
static int esp_3descbc_schedule __P((const struct esp_algorithm *,
struct secasvar *));
#ifdef SADB_X_EALG_RC5CBC
static int esp_rc5cbc_ivlen __P((struct secasvar *));
static int esp_rc5cbc_decrypt __P((struct mbuf *, size_t,
struct secasvar *, const struct esp_algorithm *, int));
static int esp_rc5cbc_encrypt __P((struct mbuf *, size_t, size_t,
struct secasvar *, const struct esp_algorithm *, int));
static int esp_rc5cbc_schedule __P((const struct esp_algorithm *,
struct secasvar *));
#endif
static void esp_increment_iv __P((struct secasvar *));
static caddr_t mbuf_find_offset __P((struct mbuf *, size_t, size_t));
@ -112,26 +124,31 @@ esp_algorithm_lookup(idx)
int idx;
{
static struct esp_algorithm esp_algorithms[] = {
{ 8, esp_descbc_mature, 64, 64, "des-cbc",
{ 8, esp_descbc_mature, 64, 64, sizeof(des_key_schedule),
"des-cbc",
esp_descbc_ivlen, esp_descbc_decrypt,
esp_descbc_encrypt, },
{ 8, esp_cbc_mature, 192, 192, "3des-cbc",
esp_descbc_encrypt, esp_descbc_schedule, },
{ 8, esp_cbc_mature, 192, 192, sizeof(des_key_schedule) * 3,
"3des-cbc",
esp_3descbc_ivlen, esp_3descbc_decrypt,
esp_3descbc_encrypt, },
{ 1, esp_null_mature, 0, 2048, "null",
esp_null_ivlen, esp_null_decrypt, esp_null_encrypt, },
{ 8, esp_cbc_mature, 40, 448, "blowfish-cbc",
esp_3descbc_encrypt, esp_3descbc_schedule, },
{ 1, esp_null_mature, 0, 2048, 0, "null",
esp_null_ivlen, esp_null_decrypt,
esp_null_encrypt, NULL, },
{ 8, esp_cbc_mature, 40, 448, sizeof(BF_KEY), "blowfish-cbc",
esp_blowfish_cbc_ivlen, esp_blowfish_cbc_decrypt,
esp_blowfish_cbc_encrypt, },
{ 8, esp_cbc_mature, 40, 128, "cast128-cbc",
esp_blowfish_cbc_encrypt, esp_blowfish_cbc_schedule, },
{ 8, esp_cbc_mature, 40, 128, sizeof(u_int32_t) * 32,
"cast128-cbc",
esp_cast128cbc_ivlen, esp_cast128cbc_decrypt,
esp_cast128cbc_encrypt, },
esp_cast128cbc_encrypt, esp_cast128cbc_schedule, },
#ifdef SADB_X_EALG_RC5CBC
{ 8, esp_cbc_mature, 40, 2040, "rc5-cbc",
{ 8, esp_cbc_mature, 40, 2040, sizeof(RC5_WORD) * 34, "rc5-cbc",
esp_rc5cbc_ivlen, esp_rc5cbc_decrypt,
esp_rc5cbc_encrypt, },
esp_rc5cbc_encrypt, esp_rc5cbc_schedule, },
#else
{ 8, NULL, 40, 2040, "rc5-cbc dummy", NULL, NULL, NULL, },
{ 8, NULL, 40, 2040, 0, "rc5-cbc dummy",
NULL, NULL, NULL, NULL, },
#endif
};
@ -155,6 +172,52 @@ esp_algorithm_lookup(idx)
}
}
int
esp_schedule(algo, sav)
const struct esp_algorithm *algo;
struct secasvar *sav;
{
if (_KEYBITS(sav->key_enc) < algo->keymin ||
_KEYBITS(sav->key_enc) > algo->keymax) {
ipseclog((LOG_ERR,
"esp_schedule %s: unsupported key length %d: "
"needs %d to %d bits\n", algo->name, _KEYBITS(sav->key_enc),
algo->keymin, algo->keymax));
return EINVAL;
}
if (!algo->schedule || algo->schedlen == 0)
return 0;
if (!sav->sched || sav->schedlen != algo->schedlen)
panic("invalid sav->schedlen in esp_schedule");
return (*algo->schedule)(algo, sav);
}
/*
* default sanity check for algo->{de,en}crypt
*/
static int
esp_crypto_sanity(algo, sav, ivlen)
const struct esp_algorithm *algo;
struct secasvar *sav;
int ivlen;
{
if (sav->ivlen != ivlen) {
ipseclog((LOG_ERR, "esp_decrypt %s: bad ivlen %d/%d\n",
algo->name, ivlen, sav->ivlen));
return EINVAL;
}
if (!sav->sched || sav->schedlen != algo->schedlen) {
ipseclog((LOG_ERR,
"esp_decrypt %s: no intermediate key\n", algo->name));
return EINVAL;
}
return 0;
}
/*
* mbuf assumption: foo_encrypt() assumes that IV part is placed in a single
* mbuf, not across multiple mbufs.
@ -164,6 +227,7 @@ static int
esp_null_mature(sav)
struct secasvar *sav;
{
/* anything is okay */
return 0;
}
@ -172,6 +236,7 @@ static int
esp_null_ivlen(sav)
struct secasvar *sav;
{
return 0;
}
@ -183,6 +248,7 @@ esp_null_decrypt(m, off, sav, algo, ivlen)
const struct esp_algorithm *algo;
int ivlen;
{
return 0; /* do nothing */
}
@ -195,6 +261,7 @@ esp_null_encrypt(m, off, plen, sav, algo, ivlen)
const struct esp_algorithm *algo;
int ivlen;
{
return 0; /* do nothing */
}
@ -222,8 +289,8 @@ esp_descbc_mature(sav)
return 1;
}
if (_KEYBITS(sav->key_enc) < algo->keymin
|| algo->keymax < _KEYBITS(sav->key_enc)) {
if (_KEYBITS(sav->key_enc) < algo->keymin ||
_KEYBITS(sav->key_enc) > algo->keymax) {
ipseclog((LOG_ERR,
"esp_descbc_mature: invalid key length %d.\n",
_KEYBITS(sav->key_enc)));
@ -244,13 +311,14 @@ static int
esp_descbc_ivlen(sav)
struct secasvar *sav;
{
if (sav && (sav->flags & SADB_X_EXT_OLD) && (sav->flags & SADB_X_EXT_IV4B))
return 4;
if (sav && !(sav->flags & SADB_X_EXT_OLD) && (sav->flags & SADB_X_EXT_DERIV))
return 4;
else
if (!sav)
return 8;
if ((sav->flags & SADB_X_EXT_OLD) && (sav->flags & SADB_X_EXT_IV4B))
return 4;
if (!(sav->flags & SADB_X_EXT_OLD) && (sav->flags & SADB_X_EXT_DERIV))
return 4;
return 8;
}
static int
@ -271,17 +339,9 @@ esp_descbc_decrypt(m, off, sav, algo, ivlen)
derived = 0;
/* sanity check */
if (ivlen != sav->ivlen) {
ipseclog((LOG_ERR, "esp_descbc_decrypt: bad ivlen %d/%d\n",
ivlen, sav->ivlen));
return EINVAL;
}
if (_KEYBITS(sav->key_enc) < algo->keymin
|| algo->keymax < _KEYBITS(sav->key_enc)) {
ipseclog((LOG_ERR, "esp_descbc_decrypt: bad keylen %d\n",
_KEYBITS(sav->key_enc)));
return EINVAL;
}
error = esp_crypto_sanity(algo, sav, ivlen);
if (error)
return error;
if (sav->flags & SADB_X_EXT_OLD) {
/* RFC 1827 */
@ -336,23 +396,8 @@ esp_descbc_decrypt(m, off, sav, algo, ivlen)
return EINVAL;
}
{
int deserr;
des_key_schedule ks;
deserr = des_key_sched((C_Block *)_KEYBUF(sav->key_enc), ks);
if (deserr != 0) {
ipseclog((LOG_ERR,
"esp_descbc_decrypt: key error %d\n", deserr));
return EINVAL;
}
error = des_cbc_encrypt(m, bodyoff, plen, ks, (C_Block *)iv,
DES_DECRYPT);
/* for safety */
bzero(&ks, sizeof(des_key_schedule));
}
error = des_cbc_encrypt(m, bodyoff, plen,
*(des_key_schedule *)sav->sched, (C_Block *)iv, DES_DECRYPT);
/* for safety */
bzero(&tiv[0], sizeof(tiv));
@ -384,24 +429,15 @@ esp_descbc_encrypt(m, off, plen, sav, algo, ivlen)
"payload length must be multiple of 8\n"));
return EINVAL;
}
if (sav->ivlen != ivlen) {
ipseclog((LOG_ERR, "esp_descbc_encrypt: bad ivlen %d/%d\n",
ivlen, sav->ivlen));
return EINVAL;
}
if (_KEYBITS(sav->key_enc) < algo->keymin
|| algo->keymax < _KEYBITS(sav->key_enc)) {
ipseclog((LOG_ERR, "esp_descbc_encrypt: bad keylen %d\n",
_KEYBITS(sav->key_enc)));
return EINVAL;
}
error = esp_crypto_sanity(algo, sav, ivlen);
if (error)
return error;
if (sav->flags & SADB_X_EXT_OLD) {
/* RFC 1827 */
/*
* draft-ietf-ipsec-ciph-des-derived-00.txt
* uses sequence number field as IV field.
* This draft has been deleted, see above.
*/
ivoff = off + sizeof(struct esp);
bodyoff = off + sizeof(struct esp) + ivlen;
@ -412,7 +448,6 @@ esp_descbc_encrypt(m, off, plen, sav, algo, ivlen)
/*
* draft-ietf-ipsec-ciph-des-derived-00.txt
* uses sequence number field as IV field.
* This draft has been deleted, see above.
*/
ivoff = off + sizeof(struct esp);
bodyoff = off + sizeof(struct esp) + sizeof(u_int32_t);
@ -457,23 +492,8 @@ esp_descbc_encrypt(m, off, plen, sav, algo, ivlen)
return EINVAL;
}
{
int deserr;
des_key_schedule ks;
deserr = des_key_sched((C_Block *)_KEYBUF(sav->key_enc), ks);
if (deserr != 0) {
ipseclog((LOG_ERR,
"esp_descbc_encrypt: key error %d\n", deserr));
return EINVAL;
}
error = des_cbc_encrypt(m, bodyoff, plen, ks, (C_Block *)iv,
DES_ENCRYPT);
/* for safety */
bzero(&ks, sizeof(des_key_schedule));
}
error = des_cbc_encrypt(m, bodyoff, plen,
*(des_key_schedule *)sav->sched, (C_Block *)iv, DES_ENCRYPT);
esp_increment_iv(sav);
@ -483,6 +503,19 @@ esp_descbc_encrypt(m, off, plen, sav, algo, ivlen)
return error;
}
static int
esp_descbc_schedule(algo, sav)
const struct esp_algorithm *algo;
struct secasvar *sav;
{
if (des_key_sched((C_Block *)_KEYBUF(sav->key_enc),
*(des_key_schedule *)sav->sched))
return EINVAL;
else
return 0;
}
static int
esp_cbc_mature(sav)
struct secasvar *sav;
@ -502,22 +535,22 @@ esp_cbc_mature(sav)
}
if (!sav->key_enc) {
ipseclog((LOG_ERR,
"esp_cbc_mature: no key is given.\n"));
ipseclog((LOG_ERR, "esp_cbc_mature: no key is given.\n"));
return 1;
}
algo = esp_algorithm_lookup(sav->alg_enc);
if (!algo) {
ipseclog((LOG_ERR,
"esp_cbc_mature: unsupported algorithm.\n"));
"esp_cbc_mature %s: unsupported algorithm.\n", algo->name));
return 1;
}
keylen = sav->key_enc->sadb_key_bits;
if (keylen < algo->keymin || algo->keymax < keylen) {
ipseclog((LOG_ERR, "esp_cbc_mature: invalid key length %d.\n",
sav->key_enc->sadb_key_bits));
ipseclog((LOG_ERR,
"esp_cbc_mature %s: invalid key length %d.\n",
algo->name, sav->key_enc->sadb_key_bits));
return 1;
}
switch (sav->alg_enc) {
@ -527,7 +560,8 @@ esp_cbc_mature(sav)
|| des_is_weak_key((C_Block *)(_KEYBUF(sav->key_enc) + 8))
|| des_is_weak_key((C_Block *)(_KEYBUF(sav->key_enc) + 16))) {
ipseclog((LOG_ERR,
"esp_cbc_mature: weak key was passed.\n"));
"esp_cbc_mature %s: weak key was passed.\n",
algo->name));
return 1;
}
break;
@ -555,25 +589,9 @@ esp_blowfish_cbc_decrypt(m, off, sav, algo, ivlen)
u_int8_t *iv;
u_int8_t tiv[8];
size_t plen;
static BF_KEY key; /* made static to avoid kernel stack overflow */
int s;
int error;
/* sanity check */
if (sav->ivlen != ivlen) {
ipseclog((LOG_ERR,
"esp_blowfish_cbc_decrypt: bad ivlen %d/%d\n",
ivlen, sav->ivlen));
return EINVAL;
}
if (_KEYBITS(sav->key_enc) < algo->keymin
|| algo->keymax < _KEYBITS(sav->key_enc)) {
ipseclog((LOG_ERR,
"esp_blowfish_cbc_decrypt: unsupported key length %d: "
"need %d to %d bits\n", _KEYBITS(sav->key_enc),
algo->keymin, algo->keymax));
return EINVAL;
}
if (sav->flags & SADB_X_EXT_OLD) {
ipseclog((LOG_ERR,
"esp_blowfish_cbc_decrypt: unsupported ESP version\n"));
@ -584,6 +602,9 @@ esp_blowfish_cbc_decrypt(m, off, sav, algo, ivlen)
"esp_blowfish_cbc_decrypt: unsupported ivlen %d\n", ivlen));
return EINVAL;
}
error = esp_crypto_sanity(algo, sav, ivlen);
if (error)
return error;
ivoff = off + sizeof(struct newesp);
bodyoff = off + sizeof(struct newesp) + ivlen;
@ -602,15 +623,8 @@ esp_blowfish_cbc_decrypt(m, off, sav, algo, ivlen)
return EINVAL;
}
s = splsoftnet(); /* XXX correct? */
BF_set_key(&key, _KEYBITS(sav->key_enc) / 8, _KEYBUF(sav->key_enc));
error = BF_cbc_encrypt_m(m, bodyoff, plen, &key, iv, BF_DECRYPT);
/* for safety */
bzero(&key, sizeof(BF_KEY));
splx(s);
error = BF_cbc_encrypt_m(m, bodyoff, plen, (BF_KEY *)sav->sched, iv,
BF_DECRYPT);
/* for safety */
bzero(&tiv[0], sizeof(tiv));
@ -630,8 +644,6 @@ esp_blowfish_cbc_encrypt(m, off, plen, sav, algo, ivlen)
size_t ivoff;
size_t bodyoff;
u_int8_t *iv;
static BF_KEY key; /* made static to avoid kernel stack overflow */
int s;
int error;
/* sanity check */
@ -640,20 +652,6 @@ esp_blowfish_cbc_encrypt(m, off, plen, sav, algo, ivlen)
"payload length must be multiple of 8\n"));
return EINVAL;
}
if (sav->ivlen != ivlen) {
ipseclog((LOG_ERR,
"esp_blowfish_cbc_encrypt: bad ivlen %d/%d\n",
ivlen, sav->ivlen));
return EINVAL;
}
if (_KEYBITS(sav->key_enc) < algo->keymin
|| algo->keymax < _KEYBITS(sav->key_enc)) {
ipseclog((LOG_ERR,
"esp_blowfish_cbc_encrypt: unsupported key length %d: "
"need %d to %d bits\n", _KEYBITS(sav->key_enc),
algo->keymin, algo->keymax));
return EINVAL;
}
if (sav->flags & SADB_X_EXT_OLD) {
ipseclog((LOG_ERR,
"esp_blowfish_cbc_encrypt: unsupported ESP version\n"));
@ -664,6 +662,9 @@ esp_blowfish_cbc_encrypt(m, off, plen, sav, algo, ivlen)
"esp_blowfish_cbc_encrypt: unsupported ivlen %d\n", ivlen));
return EINVAL;
}
error = esp_crypto_sanity(algo, sav, ivlen);
if (error)
return error;
ivoff = off + sizeof(struct newesp);
bodyoff = off + sizeof(struct newesp) + ivlen;
@ -676,25 +677,30 @@ esp_blowfish_cbc_encrypt(m, off, plen, sav, algo, ivlen)
bcopy((caddr_t)sav->iv, (caddr_t)iv, ivlen);
s = splsoftnet(); /* XXX correct? */
BF_set_key(&key, _KEYBITS(sav->key_enc) / 8, _KEYBUF(sav->key_enc));
error = BF_cbc_encrypt_m(m, bodyoff, plen, &key, iv, BF_ENCRYPT);
/* for safety */
bzero(&key, sizeof(BF_KEY));
splx(s);
error = BF_cbc_encrypt_m(m, bodyoff, plen, (BF_KEY *)sav->sched, iv,
BF_ENCRYPT);
esp_increment_iv(sav);
return error;
}
static int
esp_blowfish_cbc_schedule(algo, sav)
const struct esp_algorithm *algo;
struct secasvar *sav;
{
BF_set_key((BF_KEY *)sav->sched, _KEYLEN(sav->key_enc),
_KEYBUF(sav->key_enc));
return 0;
}
static int
esp_blowfish_cbc_ivlen(sav)
struct secasvar *sav;
{
return 8;
}
@ -702,6 +708,7 @@ static int
esp_cast128cbc_ivlen(sav)
struct secasvar *sav;
{
return 8;
}
@ -720,16 +727,11 @@ esp_cast128cbc_decrypt(m, off, sav, algo, ivlen)
int error;
/* sanity check */
if (ivlen != sav->ivlen) {
ipseclog((LOG_ERR, "esp_cast128cbc_decrypt: bad ivlen %d/%d\n",
ivlen, sav->ivlen));
return EINVAL;
}
if (_KEYBITS(sav->key_enc) < algo->keymin
|| _KEYBITS(sav->key_enc) > algo->keymax) {
if (_KEYBITS(sav->key_enc) < algo->keymin ||
_KEYBITS(sav->key_enc) > algo->keymax) {
ipseclog((LOG_ERR,
"esp_cast128cbc_decrypt: unsupported key length %d: "
"need %d to %d bits\n", _KEYBITS(sav->key_enc),
"needs %d to %d bits\n", _KEYBITS(sav->key_enc),
algo->keymin, algo->keymax));
return EINVAL;
}
@ -743,6 +745,9 @@ esp_cast128cbc_decrypt(m, off, sav, algo, ivlen)
"esp_cast128cbc_decrypt: unsupported ivlen %d\n", ivlen));
return EINVAL;
}
error = esp_crypto_sanity(algo, sav, ivlen);
if (error)
return error;
ivoff = off + sizeof(struct newesp);
bodyoff = off + sizeof(struct newesp) + ivlen;
@ -764,21 +769,8 @@ esp_cast128cbc_decrypt(m, off, sav, algo, ivlen)
}
/* decrypt */
{
u_int8_t key[16];
u_int32_t subkey[32];
bzero(key, sizeof(key));
bcopy(_KEYBUF(sav->key_enc), key, _KEYLEN(sav->key_enc));
set_cast128_subkey(subkey, key);
error = cast128_cbc_process(m, bodyoff, plen, subkey, iv,
_KEYBITS(sav->key_enc) / 8, CAST128_DECRYPT);
/* for safety */
bzero(subkey, sizeof(subkey));
bzero(key, sizeof(key));
}
error = cast128_cbc_process(m, bodyoff, plen, (u_int32_t *)sav->sched,
iv, _KEYLEN(sav->key_enc), CAST128_DECRYPT);
return error;
}
@ -803,13 +795,8 @@ esp_cast128cbc_encrypt(m, off, plen, sav, algo, ivlen)
"payload length must be multiple of 8\n"));
return EINVAL;
}
if (sav->ivlen != ivlen) {
ipseclog((LOG_ERR, "esp_cast128cbc_encrypt: bad ivlen %d/%d\n",
ivlen, sav->ivlen));
return EINVAL;
}
if (_KEYBITS(sav->key_enc) < algo->keymin
|| _KEYBITS(sav->key_enc) > algo->keymax) {
if (_KEYBITS(sav->key_enc) < algo->keymin ||
_KEYBITS(sav->key_enc) > algo->keymax) {
ipseclog((LOG_ERR,
"esp_cast128cbc_encrypt: unsupported key length %d: "
"needs %d to %d bits\n", _KEYBITS(sav->key_enc),
@ -826,6 +813,9 @@ esp_cast128cbc_encrypt(m, off, plen, sav, algo, ivlen)
"esp_cast128cbc_encrypt: unsupported ivlen %d\n", ivlen));
return EINVAL;
}
error = esp_crypto_sanity(algo, sav, ivlen);
if (error)
return error;
ivoff = off + sizeof(struct newesp);
bodyoff = off + sizeof(struct newesp) + ivlen;
@ -839,31 +829,29 @@ esp_cast128cbc_encrypt(m, off, plen, sav, algo, ivlen)
bcopy(sav->iv, iv, ivlen);
/* encrypt */
{
u_int8_t key[16];
u_int32_t subkey[32];
bzero(key, sizeof(key));
bcopy(_KEYBUF(sav->key_enc), key, _KEYLEN(sav->key_enc));
set_cast128_subkey(subkey, key);
error = cast128_cbc_process(m, bodyoff, plen, subkey, iv,
_KEYBITS(sav->key_enc) / 8, CAST128_ENCRYPT);
/* for safety */
bzero(subkey, sizeof(subkey));
bzero(key, sizeof(key));
}
error = cast128_cbc_process(m, bodyoff, plen, (u_int32_t *)sav->sched,
iv, _KEYLEN(sav->key_enc), CAST128_ENCRYPT);
esp_increment_iv(sav);
return error;
}
static int
esp_cast128cbc_schedule(algo, sav)
const struct esp_algorithm *algo;
struct secasvar *sav;
{
set_cast128_subkey((u_int32_t *)sav->sched, _KEYBUF(sav->key_enc));
return 0;
}
static int
esp_3descbc_ivlen(sav)
struct secasvar *sav;
{
return 8;
}
@ -880,19 +868,9 @@ esp_3descbc_decrypt(m, off, sav, algo, ivlen)
u_int8_t *iv;
size_t plen;
u_int8_t tiv[8];
int error;
/* sanity check */
if (ivlen != sav->ivlen) {
ipseclog((LOG_ERR, "esp_3descbc_decrypt: bad ivlen %d/%d\n",
ivlen, sav->ivlen));
return EINVAL;
}
if (_KEYBITS(sav->key_enc) < algo->keymin
|| algo->keymax < _KEYBITS(sav->key_enc)) {
ipseclog((LOG_ERR, "esp_3descbc_decrypt: bad keylen %d\n",
_KEYBITS(sav->key_enc)));
return EINVAL;
}
if (sav->flags & SADB_X_EXT_OLD) {
ipseclog((LOG_ERR,
"esp_3descbc_decrypt: unsupported ESP version\n"));
@ -903,6 +881,9 @@ esp_3descbc_decrypt(m, off, sav, algo, ivlen)
"esp_3descbc_decrypt: unsupported ivlen %d\n", ivlen));
return EINVAL;
}
error = esp_crypto_sanity(algo, sav, ivlen);
if (error)
return error;
ivoff = off + sizeof(struct newesp);
bodyoff = off + sizeof(struct newesp) + ivlen;
@ -923,24 +904,8 @@ esp_3descbc_decrypt(m, off, sav, algo, ivlen)
}
/* decrypt packet */
{
int deserr[3];
des_key_schedule ks[3];
deserr[0] = des_key_sched((C_Block *)_KEYBUF(sav->key_enc),ks[0]);
deserr[1] = des_key_sched((C_Block *)(_KEYBUF(sav->key_enc) + 8), ks[1]);
deserr[2] = des_key_sched((C_Block *)(_KEYBUF(sav->key_enc) + 16), ks[2]);
if ((deserr[0] != 0) || (deserr[1] != 0) || (deserr[2] != 0)) {
ipseclog((LOG_ERR, "esp_3descbc_decrypt: key error %d/%d/%d\n",
deserr[0], deserr[1], deserr[2]));
return EINVAL;
}
des_3cbc_process(m, bodyoff, plen, ks, (C_Block *)iv, DES_DECRYPT);
/* for safety */
bzero(ks[0], sizeof(des_key_schedule)*3);
}
des_3cbc_process(m, bodyoff, plen, (des_key_schedule *)sav->sched,
(C_Block *)iv, DES_DECRYPT);
/* for safety */
bzero(&tiv[0], sizeof(tiv));
@ -960,6 +925,7 @@ esp_3descbc_encrypt(m, off, plen, sav, algo, ivlen)
size_t ivoff;
size_t bodyoff;
u_int8_t *iv;
int error;
/* sanity check */
if (plen % 8) {
@ -967,17 +933,6 @@ esp_3descbc_encrypt(m, off, plen, sav, algo, ivlen)
"payload length must be multiple of 8\n"));
return EINVAL;
}
if (sav->ivlen != ivlen) {
ipseclog((LOG_ERR, "esp_3descbc_encrypt: bad ivlen %d/%d\n",
ivlen, sav->ivlen));
return EINVAL;
}
if (_KEYBITS(sav->key_enc) < algo->keymin
|| algo->keymax < _KEYBITS(sav->key_enc)) {
ipseclog((LOG_ERR, "esp_3descbc_encrypt: bad keylen %d\n",
_KEYBITS(sav->key_enc)));
return EINVAL;
}
if (sav->flags & SADB_X_EXT_OLD) {
ipseclog((LOG_ERR,
"esp_3descbc_encrypt: unsupported ESP version\n"));
@ -988,6 +943,9 @@ esp_3descbc_encrypt(m, off, plen, sav, algo, ivlen)
"esp_3descbc_encrypt: unsupported ivlen %d\n", ivlen));
return EINVAL;
}
error = esp_crypto_sanity(algo, sav, ivlen);
if (error)
return error;
ivoff = off + sizeof(struct newesp);
bodyoff = off + sizeof(struct newesp) + ivlen;
@ -1001,35 +959,40 @@ esp_3descbc_encrypt(m, off, plen, sav, algo, ivlen)
bcopy((caddr_t)sav->iv, (caddr_t)iv, ivlen);
/* encrypt packet */
{
int deserr[3];
des_key_schedule ks[3];
deserr[0] = des_key_sched((C_Block *)_KEYBUF(sav->key_enc), ks[0]);
deserr[1] = des_key_sched((C_Block *)(_KEYBUF(sav->key_enc) + 8), ks[1]);
deserr[2] = des_key_sched((C_Block *)(_KEYBUF(sav->key_enc) + 16), ks[2]);
if ((deserr[0] != 0) || (deserr[1] != 0) || (deserr[2] != 0)) {
ipseclog((LOG_ERR, "esp_3descbc_encrypt: key error %d/%d/%d\n",
deserr[0], deserr[1], deserr[2]));
return EINVAL;
}
des_3cbc_process(m, bodyoff, plen, ks, (C_Block *)iv, DES_ENCRYPT);
/* for safety */
bzero(ks[0], sizeof(des_key_schedule)*3);
}
des_3cbc_process(m, bodyoff, plen, (des_key_schedule *)sav->sched,
(C_Block *)iv, DES_ENCRYPT);
esp_increment_iv(sav);
return 0;
}
static int
esp_3descbc_schedule(algo, sav)
const struct esp_algorithm *algo;
struct secasvar *sav;
{
int error;
des_key_schedule *p;
int i;
char *k;
p = (des_key_schedule *)sav->sched;
k = _KEYBUF(sav->key_enc);
for (i = 0; i < 3; i++) {
error = des_key_sched((C_Block *)(k + 8 * i), p[i]);
if (error)
return EINVAL;
}
return 0;
}
#ifdef SADB_X_EALG_RC5CBC
static int
esp_rc5cbc_ivlen(sav)
struct secasvar *sav;
{
return 8;
}
@ -1048,17 +1011,6 @@ esp_rc5cbc_decrypt(m, off, sav, algo, ivlen)
int error;
/* sanity check */
if (sav->ivlen != ivlen) {
ipseclog((LOG_ERR, "esp_rc5cbc_decrypt: bad ivlen %d/%d\n",
ivlen, sav->ivlen));
return EINVAL;
}
if ((_KEYBITS(sav->key_enc) < 40) || (_KEYBITS(sav->key_enc) > 2040)) {
ipseclog((LOG_ERR,
"esp_rc5cbc_decrypt: unsupported key length %d: "
"need 40 to 2040 bit\n", _KEYBITS(sav->key_enc)));
return EINVAL;
}
if (sav->flags & SADB_X_EXT_OLD) {
ipseclog((LOG_ERR,
"esp_rc5cbc_decrypt: unsupported ESP version\n"));
@ -1069,6 +1021,9 @@ esp_rc5cbc_decrypt(m, off, sav, algo, ivlen)
ivlen));
return EINVAL;
}
error = esp_crypto_sanity(algo, sav, ivlen);
if (error)
return error;
ivoff = off + sizeof(struct newesp);
bodyoff = off + sizeof(struct newesp) + ivlen;
@ -1090,16 +1045,8 @@ esp_rc5cbc_decrypt(m, off, sav, algo, ivlen)
}
/* decrypt */
{
RC5_WORD e_key[34];
set_rc5_expandkey(e_key, _KEYBUF(sav->key_enc),
_KEYBITS(sav->key_enc) / 8, 16);
error = rc5_cbc_process(m, bodyoff, plen, e_key, iv, RC5_DECRYPT);
/* for safety */
bzero(e_key, sizeof(e_key));
}
error = rc5_cbc_process(m, bodyoff, plen, (RC5_WORD *)sav->sched, iv,
RC5_DECRYPT);
return error;
}
@ -1124,19 +1071,6 @@ esp_rc5cbc_encrypt(m, off, plen, sav, algo, ivlen)
"payload length must be multiple of 8\n"));
return EINVAL;
}
if (sav->ivlen != ivlen) {
ipseclog((LOG_ERR, "esp_rc5cbc_encrypt: bad ivlen %d/%d\n",
ivlen, sav->ivlen));
return EINVAL;
}
if (_KEYBITS(sav->key_enc) < algo->keymin
|| _KEYBITS(sav->key_enc) > algo->keymax) {
ipseclog((LOG_ERR,
"esp_rc5cbc_encrypt: unsupported key length %d: "
"need %d to %d bits\n", _KEYBITS(sav->key_enc),
algo->keymin, algo->keymax));
return EINVAL;
}
if (sav->flags & SADB_X_EXT_OLD) {
ipseclog((LOG_ERR,
"esp_rc5cbc_encrypt: unsupported ESP version\n"));
@ -1147,6 +1081,9 @@ esp_rc5cbc_encrypt(m, off, plen, sav, algo, ivlen)
ivlen));
return EINVAL;
}
error = esp_crypto_sanity(algo, sav, ivlen);
if (error)
return error;
ivoff = off + sizeof(struct newesp);
bodyoff = off + sizeof(struct newesp) + ivlen;
@ -1160,21 +1097,24 @@ esp_rc5cbc_encrypt(m, off, plen, sav, algo, ivlen)
bcopy(sav->iv, iv, ivlen);
/* encrypt */
{
RC5_WORD e_key[34];
set_rc5_expandkey(e_key, _KEYBUF(sav->key_enc),
_KEYBITS(sav->key_enc) / 8, 16);
error = rc5_cbc_process(m, bodyoff, plen, e_key, iv, RC5_ENCRYPT);
/* for safety */
bzero(e_key, sizeof(e_key));
}
error = rc5_cbc_process(m, bodyoff, plen, (RC5_WORD *)sav->sched, iv,
RC5_ENCRYPT);
esp_increment_iv(sav);
return error;
}
static int
esp_rc5cbc_schedule(algo, sav)
const struct esp_algorithm *algo;
struct secasvar *sav;
{
set_rc5_expandkey((RC5_WORD *)sav->sched, _KEYBUF(sav->key_enc),
_KEYLEN(sav->key_enc), 16);
return 0;
}
#endif
/*
@ -1214,8 +1154,8 @@ mbuf_find_offset(m, off, len)
cnt += n->m_len;
continue;
}
if (cnt <= off && off < cnt + n->m_len
&& cnt <= off + len && off + len <= cnt + n->m_len) {
if (cnt <= off && off < cnt + n->m_len &&
cnt <= off + len && off + len <= cnt + n->m_len) {
return mtod(n, caddr_t) + off - cnt;
} else
return (caddr_t)NULL;

View File

@ -1,5 +1,5 @@
/* $NetBSD: esp_input.c,v 1.2 2000/07/18 14:56:43 itojun Exp $ */
/* $KAME: esp_input.c,v 1.26 2000/07/15 16:07:48 itojun Exp $ */
/* $NetBSD: esp_input.c,v 1.3 2000/07/23 05:23:04 itojun Exp $ */
/* $KAME: esp_input.c,v 1.27 2000/07/20 17:41:01 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@ -80,9 +80,6 @@
#define IPLEN_FLIPPED
#ifdef INET
extern struct protosw inetsw[];
extern u_char ip_protox[];
#define ESPMAXLEN \
(sizeof(struct esp) < sizeof(struct newesp) \
? sizeof(struct newesp) : sizeof(struct esp))
@ -291,7 +288,26 @@ noreplaycheck:
}
}
{
/*
* XXX pre-compute and cache intermediate key
*/
if (!sav->sched && sav->schedlen == 0) {
if (algo->schedule && algo->schedlen) {
sav->sched = malloc(algo->schedlen, M_SECA, M_DONTWAIT);
sav->schedlen = algo->schedlen;
if (sav->sched == NULL ||
esp_schedule(algo, sav) != 0) {
if (sav->sched) {
free(sav->sched, M_SECA);
sav->sched = NULL;
}
sav->schedlen = 0;
ipsecstat.in_inval++;
goto bad;
}
}
}
/*
* decrypt the packet.
*/
@ -306,7 +322,6 @@ noreplaycheck:
ipsecstat.in_esphist[sav->alg_enc]++;
m->m_flags |= M_DECRYPTED;
}
/*
* find the trailer of the ESP.
@ -634,6 +649,26 @@ noreplaycheck:
#endif
ip6 = mtod(m, struct ip6_hdr *); /*set it again just in case*/
/*
* XXX pre-compute and cache intermediate key
*/
if (!sav->sched && sav->schedlen == 0) {
if (algo->schedule && algo->schedlen) {
sav->sched = malloc(algo->schedlen, M_SECA, M_DONTWAIT);
sav->schedlen = algo->schedlen;
if (sav->sched == NULL ||
esp_schedule(algo, sav) != 0) {
if (sav->sched) {
free(sav->sched, M_SECA);
sav->sched = NULL;
}
sav->schedlen = 0;
ipsec6stat.in_inval++;
goto bad;
}
}
}
/*
* decrypt the packet.
*/

View File

@ -1,5 +1,5 @@
/* $NetBSD: esp_output.c,v 1.3 2000/07/18 14:56:43 itojun Exp $ */
/* $KAME: esp_output.c,v 1.23 2000/07/15 16:07:48 itojun Exp $ */
/* $NetBSD: esp_output.c,v 1.4 2000/07/23 05:23:04 itojun Exp $ */
/* $KAME: esp_output.c,v 1.24 2000/07/20 17:41:01 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@ -495,6 +495,40 @@ esp_output(m, nexthdrp, md, isr, af)
}
}
/*
* XXX pre-compute and cache intermediate key
*/
if (!sav->sched && sav->schedlen == 0) {
if (algo->schedule && algo->schedlen) {
sav->sched = malloc(algo->schedlen, M_SECA,
M_DONTWAIT);
sav->schedlen = algo->schedlen;
if (sav->sched == NULL ||
esp_schedule(algo, sav) != 0) {
if (sav->sched) {
free(sav->sched, M_SECA);
sav->sched = NULL;
}
sav->schedlen = 0;
m_freem(m);
switch (af) {
#ifdef INET
case AF_INET:
ipsecstat.out_inval++;
break;
#endif
#ifdef INET6
case AF_INET6:
ipsec6stat.out_inval++;
break;
#endif
}
error = EINVAL;
goto fail;
}
}
}
/*
* encrypt the packet, based on security association
* and the algorithm specified.

View File

@ -1,5 +1,5 @@
/* $NetBSD: key.c,v 1.27 2000/07/18 14:56:43 itojun Exp $ */
/* $KAME: key.c,v 1.142 2000/07/17 01:42:39 itojun Exp $ */
/* $NetBSD: key.c,v 1.28 2000/07/23 05:23:05 itojun Exp $ */
/* $KAME: key.c,v 1.143 2000/07/20 17:41:01 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@ -2471,10 +2471,18 @@ key_delsav(sav)
if (__LIST_CHAINED(sav))
LIST_REMOVE(sav, chain);
if (sav->key_auth != NULL)
if (sav->key_auth != NULL) {
bzero(_KEYBUF(sav->key_auth), _KEYLEN(sav->key_auth));
KFREE(sav->key_auth);
if (sav->key_enc != NULL)
}
if (sav->key_enc != NULL) {
bzero(_KEYBUF(sav->key_enc), _KEYLEN(sav->key_enc));
KFREE(sav->key_enc);
}
if (sav->sched) {
bzero(sav->sched, sav->schedlen);
KFREE(sav->sched);
}
if (sav->replay != NULL)
keydb_delsecreplay(sav->replay);
if (sav->lft_c != NULL)
@ -2624,6 +2632,8 @@ key_setsaval(sav, m, mhp)
sav->replay = NULL;
sav->key_auth = NULL;
sav->key_enc = NULL;
sav->sched = NULL;
sav->schedlen = 0;
sav->iv = NULL;
sav->lft_c = NULL;
sav->lft_h = NULL;
@ -2891,6 +2901,8 @@ key_setsaval(sav, m, mhp)
KFREE(sav->key_auth);
if (sav->key_enc != NULL)
KFREE(sav->key_enc);
if (sav->sched)
KFREE(sav->sched);
if (sav->iv != NULL)
KFREE(sav->iv);
if (sav->lft_c != NULL)

View File

@ -1,5 +1,5 @@
/* $NetBSD: keydb.h,v 1.6 2000/06/15 12:37:10 itojun Exp $ */
/* $KAME: keydb.h,v 1.11 2000/06/15 12:20:50 sakane Exp $ */
/* $NetBSD: keydb.h,v 1.7 2000/07/23 05:23:05 itojun Exp $ */
/* $KAME: keydb.h,v 1.12 2000/07/20 17:41:02 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@ -87,6 +87,8 @@ struct secasvar {
caddr_t misc2;
caddr_t misc3;
#endif
void *sched; /* intermediate encryption key */
size_t schedlen;
struct secreplay *replay; /* replay prevention */
u_int32_t tick; /* for lifetime */