110 esp_hdrsiz(struct secasvar *sav)  in esp_hdrsiz()  argument
114 	if (sav != NULL) {  in esp_hdrsiz()
116 		IPSEC_ASSERT(sav->tdb_encalgxform != NULL,  in esp_hdrsiz()
118 		if (sav->flags & SADB_X_EXT_OLD)  in esp_hdrsiz()
122 		size += sav->tdb_encalgxform->blocksize + 9;  in esp_hdrsiz()
124 		if (sav->tdb_authalgxform != NULL && sav->replay)  in esp_hdrsiz()
125 			size += ah_hdrsiz(sav);  in esp_hdrsiz()
144 esp_init(struct secasvar *sav, struct xformsw *xsp)  in esp_init()  argument
151 	txform = enc_algorithm_lookup(sav->alg_enc);  in esp_init()
154 			__func__, sav->alg_enc));  in esp_init()
157 	if (sav->key_enc == NULL) {  in esp_init()
162 	if ((sav->flags & (SADB_X_EXT_OLD | SADB_X_EXT_IV4B)) ==  in esp_init()
170 	keylen = _KEYLEN(sav->key_enc) - SAV_ISCTRORGCM(sav) * 4 -  in esp_init()
171 	    SAV_ISCHACHA(sav) * 4;  in esp_init()
180 	if (SAV_ISCTRORGCM(sav) || SAV_ISCHACHA(sav))  in esp_init()
181 		sav->ivlen = 8;	/* RFC4106 3.1 and RFC3686 3.1 */  in esp_init()
183 		sav->ivlen = txform->ivsize;  in esp_init()
190 	if (sav->alg_auth != 0) {  in esp_init()
191 		error = ah_init0(sav, xsp, &csp);  in esp_init()
197 	sav->tdb_xform = xsp;  in esp_init()
198 	sav->tdb_encalgxform = txform;  in esp_init()
205 	if (sav->alg_enc == SADB_X_EALG_AESGCM16) {  in esp_init()
208 			sav->alg_auth = SADB_X_AALG_AES128GMAC;  in esp_init()
209 			sav->tdb_authalgxform = &auth_hash_nist_gmac_aes_128;  in esp_init()
212 			sav->alg_auth = SADB_X_AALG_AES192GMAC;  in esp_init()
213 			sav->tdb_authalgxform = &auth_hash_nist_gmac_aes_192;  in esp_init()
216 			sav->alg_auth = SADB_X_AALG_AES256GMAC;  in esp_init()
217 			sav->tdb_authalgxform = &auth_hash_nist_gmac_aes_256;  in esp_init()
226 		if (sav->flags & SADB_X_SAFLAGS_ESN)  in esp_init()
228 	} else if (sav->alg_enc == SADB_X_EALG_CHACHA20POLY1305) {  in esp_init()
229 		sav->alg_auth = SADB_X_AALG_CHACHA20POLY1305;  in esp_init()
230 		sav->tdb_authalgxform = &auth_hash_poly1305;  in esp_init()
232 		if (sav->flags & SADB_X_SAFLAGS_ESN)  in esp_init()
234 	} else if (sav->alg_auth != 0) {  in esp_init()
236 		if (sav->flags & SADB_X_SAFLAGS_ESN)  in esp_init()
242 	csp.csp_cipher_alg = sav->tdb_encalgxform->type;  in esp_init()
244 		csp.csp_cipher_key = sav->key_enc->key_data;  in esp_init()
245 		csp.csp_cipher_klen = _KEYBITS(sav->key_enc) / 8 -  in esp_init()
246 		    SAV_ISCTRORGCM(sav) * 4 - SAV_ISCHACHA(sav) * 4;  in esp_init()
250 	error = crypto_newsession(&sav->tdb_cryptoid, &csp, V_crypto_support);  in esp_init()
255 esp_cleanup(struct secasvar *sav)  in esp_cleanup()  argument
258 	crypto_freesession(sav->tdb_cryptoid);  in esp_cleanup()
259 	sav->tdb_cryptoid = NULL;  in esp_cleanup()
260 	sav->tdb_authalgxform = NULL;  in esp_cleanup()
261 	sav->tdb_encalgxform = NULL;  in esp_cleanup()
268 esp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff)  in esp_input()  argument
284 	IPSEC_ASSERT(sav != NULL, ("null SA"));  in esp_input()
285 	IPSEC_ASSERT(sav->tdb_encalgxform != NULL, ("null encoding xform"));  in esp_input()
307 	esph = sav->tdb_authalgxform;  in esp_input()
308 	espx = sav->tdb_encalgxform;  in esp_input()
311 	if (sav->flags & SADB_X_EXT_OLD)  in esp_input()
312 		hlen = sizeof (struct esp) + sav->ivlen;  in esp_input()
314 		hlen = sizeof (struct newesp) + sav->ivlen;  in esp_input()
330 		    ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),  in esp_input()
331 		    (u_long)ntohl(sav->spi)));  in esp_input()
339 	SECASVAR_RLOCK(sav);  in esp_input()
340 	if (esph != NULL && sav->replay != NULL && sav->replay->wsize != 0) {  in esp_input()
341 		if (ipsec_chkreplay(ntohl(esp->esp_seq), &seqh, sav) == 0) {  in esp_input()
342 			SECASVAR_RUNLOCK(sav);  in esp_input()
344 			    ipsec_sa2str(sav, buf, sizeof(buf))));  in esp_input()
351 	cryptoid = sav->tdb_cryptoid;  in esp_input()
352 	SECASVAR_RUNLOCK(sav);  in esp_input()
376 		if (SAV_ISGCM(sav) || SAV_ISCHACHA(sav))  in esp_input()
383 		    (sav->replay != NULL) && (sav->replay->wsize != 0)) {  in esp_input()
411 			   sav->replay != NULL && sav->replay->wsize != 0)  in esp_input()
424 	xd->sav = sav;  in esp_input()
436 	if (SAV_ISCTRORGCM(sav) || SAV_ISCHACHA(sav)) {  in esp_input()
461 		memcpy(ivp, sav->key_enc->key_data +  in esp_input()
462 		    _KEYLEN(sav->key_enc) - 4, 4);  in esp_input()
463 		m_copydata(m, skip + hlen - sav->ivlen, sav->ivlen, &ivp[4]);  in esp_input()
464 		if (SAV_ISCTR(sav)) {  in esp_input()
465 			be32enc(&ivp[sav->ivlen + 4], 1);  in esp_input()
468 	} else if (sav->ivlen != 0)  in esp_input()
469 		crp->crp_iv_start = skip + hlen - sav->ivlen;  in esp_input()
484 	key_freesav(&sav);  in esp_input()
499 	struct secasvar *sav;  in esp_input_cb()  local
509 	sav = xd->sav;  in esp_input_cb()
510 	if (sav->state >= SADB_SASTATE_DEAD) {  in esp_input_cb()
512 		DPRINTF(("%s: dead SA %p spi %#x\n", __func__, sav, sav->spi));  in esp_input_cb()
520 	saidx = &sav->sah->saidx;  in esp_input_cb()
521 	esph = sav->tdb_authalgxform;  in esp_input_cb()
527 			if (ipsec_updateid(sav, &crp->crp_session, &cryptoid) != 0)  in esp_input_cb()
551 	ESPSTAT_INC2(esps_hist, sav->alg_enc);  in esp_input_cb()
556 		AHSTAT_INC2(ahs_hist, sav->alg_auth);  in esp_input_cb()
561 			    (u_long) ntohl(sav->spi)));  in esp_input_cb()
584 	if (sav->replay) {  in esp_input_cb()
589 		SECASVAR_RLOCK(sav);  in esp_input_cb()
590 		if (ipsec_updatereplay(ntohl(seq), sav)) {  in esp_input_cb()
591 			SECASVAR_RUNLOCK(sav);  in esp_input_cb()
593 			    ipsec_sa2str(sav, buf, sizeof(buf))));  in esp_input_cb()
598 		SECASVAR_RUNLOCK(sav);  in esp_input_cb()
602 	if (sav->flags & SADB_X_EXT_OLD)  in esp_input_cb()
603 		hlen = sizeof (struct esp) + sav->ivlen;  in esp_input_cb()
605 		hlen = sizeof (struct newesp) + sav->ivlen;  in esp_input_cb()
612 		    ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),  in esp_input_cb()
613 		    (u_long) ntohl(sav->spi)));  in esp_input_cb()
626 		    ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),  in esp_input_cb()
627 		    (u_long) ntohl(sav->spi)));  in esp_input_cb()
633 	if ((sav->flags & SADB_X_EXT_PMASK) != SADB_X_EXT_PRAND) {  in esp_input_cb()
638 			    &sav->sah->saidx.dst, buf, sizeof(buf)),  in esp_input_cb()
639 			    (u_long) ntohl(sav->spi)));  in esp_input_cb()
661 		error = ipsec6_common_input_cb(m, sav, skip, protoff);  in esp_input_cb()
666 		error = ipsec4_common_input_cb(m, sav, skip, protoff);  in esp_input_cb()
676 	if (sav != NULL)  in esp_input_cb()
677 		key_freesav(&sav);  in esp_input_cb()
693 esp_output(struct mbuf *m, struct secpolicy *sp, struct secasvar *sav,  in esp_output()  argument
715 	IPSEC_ASSERT(sav != NULL, ("null SA"));  in esp_output()
716 	esph = sav->tdb_authalgxform;  in esp_output()
717 	espx = sav->tdb_encalgxform;  in esp_output()
720 	if (sav->flags & SADB_X_EXT_OLD)  in esp_output()
721 		hlen = sizeof (struct esp) + sav->ivlen;  in esp_output()
723 		hlen = sizeof (struct newesp) + sav->ivlen;  in esp_output()
732 	if (SAV_ISCTR(sav) && V_esp_ctr_compatibility)  in esp_output()
744 	saidx = &sav->sah->saidx;  in esp_output()
761 			buf, sizeof(buf)), (u_long) ntohl(sav->spi)));  in esp_output()
773 		    (u_long) ntohl(sav->spi),  in esp_output()
787 		    (u_long) ntohl(sav->spi)));  in esp_output()
798 		    sizeof(buf)), (u_long) ntohl(sav->spi)));  in esp_output()
805 	bcopy((caddr_t) &sav->spi, mtod(mo, caddr_t) + roff,  in esp_output()
807 	SECASVAR_RLOCK(sav);  in esp_output()
808 	if (sav->replay) {  in esp_output()
811 		SECREPLAY_LOCK(sav->replay);  in esp_output()
816 			sav->replay->count++;  in esp_output()
817 		replay = htonl((uint32_t)sav->replay->count);  in esp_output()
822 		seqh = htonl((uint32_t)(sav->replay->count >> IPSEC_SEQH_SHIFT));  in esp_output()
823 		SECREPLAY_UNLOCK(sav->replay);  in esp_output()
825 	cryptoid = sav->tdb_cryptoid;  in esp_output()
826 	if (SAV_ISCTRORGCM(sav) || SAV_ISCHACHA(sav))  in esp_output()
827 		cntr = sav->cntr++;  in esp_output()
828 	SECASVAR_RUNLOCK(sav);  in esp_output()
838 		    (u_long) ntohl(sav->spi)));  in esp_output()
848 	switch (sav->flags & SADB_X_EXT_PMASK) {  in esp_output()
893 	if (SAV_ISCTRORGCM(sav) || SAV_ISCHACHA(sav)) {  in esp_output()
899 		memcpy(ivp, sav->key_enc->key_data +  in esp_output()
900 		    _KEYLEN(sav->key_enc) - 4, 4);  in esp_output()
902 		if (SAV_ISCTR(sav)) {  in esp_output()
903 			be32enc(&ivp[sav->ivlen + 4], 1);  in esp_output()
905 		m_copyback(m, skip + hlen - sav->ivlen, sav->ivlen, &ivp[4]);  in esp_output()
907 	} else if (sav->ivlen != 0) {  in esp_output()
908 		arc4rand(ivp, sav->ivlen, 0);  in esp_output()
909 		crp->crp_iv_start = skip + hlen - sav->ivlen;  in esp_output()
910 		m_copyback(m, crp->crp_iv_start, sav->ivlen, ivp);  in esp_output()
915 	xd->sav = sav;  in esp_output()
929 		if (SAV_ISGCM(sav) || SAV_ISCHACHA(sav))  in esp_output()
936 		    sav->replay != NULL) {  in esp_output()
963 		if (csp->csp_flags & CSP_F_ESN && sav->replay != NULL)  in esp_output()
983 	key_freesav(&sav);  in esp_output()
995 	struct secasvar *sav;  in esp_output_cb()  local
1005 	sav = xd->sav;  in esp_output_cb()
1013 			if (ipsec_updateid(sav, &crp->crp_session, &cryptoid) != 0)  in esp_output_cb()
1036 	ESPSTAT_INC2(esps_hist, sav->alg_enc);  in esp_output_cb()
1037 	if (sav->tdb_authalgxform != NULL)  in esp_output_cb()
1038 		AHSTAT_INC2(ahs_hist, sav->alg_auth);  in esp_output_cb()
1050 		esph = sav->tdb_authalgxform;  in esp_output_cb()
1062 	error = ipsec_process_done(m, sp, sav, idx);  in esp_output_cb()
1069 	key_freesav(&sav);  in esp_output_cb()