1 /* $NetBSD: print-ah.c,v 1.4 1996/05/20 00:41:16 fvdl Exp $ */ 2 3 /* 4 * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994 5 * The Regents of the University of California. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that: (1) source code distributions 9 * retain the above copyright notice and this paragraph in its entirety, (2) 10 * distributions including binary code include the above copyright notice and 11 * this paragraph in its entirety in the documentation or other materials 12 * provided with the distribution, and (3) all advertising materials mentioning 13 * features or use of this software display the following acknowledgement: 14 * ``This product includes software developed by the University of California, 15 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 16 * the University nor the names of its contributors may be used to endorse 17 * or promote products derived from this software without specific prior 18 * written permission. 19 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 20 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 21 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 22 */ 23 24 /* \summary: IPSEC Encapsulating Security Payload (ESP) printer */ 25 26 #ifdef HAVE_CONFIG_H 27 #include "config.h" 28 #endif 29 30 #include <netdissect-stdinc.h> 31 32 #include <string.h> 33 #include <stdlib.h> 34 35 /* Any code in this file that depends on HAVE_LIBCRYPTO depends on 36 * HAVE_OPENSSL_EVP_H too. Undefining the former when the latter isn't defined 37 * is the simplest way of handling the dependency. 38 */ 39 #ifdef HAVE_LIBCRYPTO 40 #ifdef HAVE_OPENSSL_EVP_H 41 #include <openssl/evp.h> 42 #else 43 #undef HAVE_LIBCRYPTO 44 #endif 45 #endif 46 47 #include "netdissect.h" 48 #include "strtoaddr.h" 49 #include "extract.h" 50 51 #include "ascii_strcasecmp.h" 52 53 #include "ip.h" 54 #include "ip6.h" 55 56 /* 57 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 58 * All rights reserved. 59 * 60 * Redistribution and use in source and binary forms, with or without 61 * modification, are permitted provided that the following conditions 62 * are met: 63 * 1. Redistributions of source code must retain the above copyright 64 * notice, this list of conditions and the following disclaimer. 65 * 2. Redistributions in binary form must reproduce the above copyright 66 * notice, this list of conditions and the following disclaimer in the 67 * documentation and/or other materials provided with the distribution. 68 * 3. Neither the name of the project nor the names of its contributors 69 * may be used to endorse or promote products derived from this software 70 * without specific prior written permission. 71 * 72 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 73 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 74 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 75 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 76 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 77 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 78 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 79 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 80 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 81 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 82 * SUCH DAMAGE. 83 */ 84 85 /* 86 * RFC1827/2406 Encapsulated Security Payload. 87 */ 88 89 struct newesp { 90 uint32_t esp_spi; /* ESP */ 91 uint32_t esp_seq; /* Sequence number */ 92 /*variable size*/ /* (IV and) Payload data */ 93 /*variable size*/ /* padding */ 94 /*8bit*/ /* pad size */ 95 /*8bit*/ /* next header */ 96 /*8bit*/ /* next header */ 97 /*variable size, 32bit bound*/ /* Authentication data */ 98 }; 99 100 #ifdef HAVE_LIBCRYPTO 101 union inaddr_u { 102 struct in_addr in4; 103 struct in6_addr in6; 104 }; 105 struct sa_list { 106 struct sa_list *next; 107 u_int daddr_version; 108 union inaddr_u daddr; 109 uint32_t spi; /* if == 0, then IKEv2 */ 110 int initiator; 111 u_char spii[8]; /* for IKEv2 */ 112 u_char spir[8]; 113 const EVP_CIPHER *evp; 114 int ivlen; 115 int authlen; 116 u_char authsecret[256]; 117 int authsecret_len; 118 u_char secret[256]; /* is that big enough for all secrets? */ 119 int secretlen; 120 }; 121 122 #ifndef HAVE_EVP_CIPHER_CTX_NEW 123 /* 124 * Allocate an EVP_CIPHER_CTX. 125 * Used if we have an older version of OpenSSL that doesn't provide 126 * routines to allocate and free them. 127 */ 128 static EVP_CIPHER_CTX * 129 EVP_CIPHER_CTX_new(void) 130 { 131 EVP_CIPHER_CTX *ctx; 132 133 ctx = malloc(sizeof(*ctx)); 134 if (ctx == NULL) 135 return (NULL); 136 memset(ctx, 0, sizeof(*ctx)); 137 return (ctx); 138 } 139 140 static void 141 EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx) 142 { 143 EVP_CIPHER_CTX_cleanup(ctx); 144 free(ctx); 145 } 146 #endif 147 148 #ifdef HAVE_EVP_CIPHERINIT_EX 149 /* 150 * Initialize the cipher by calling EVP_CipherInit_ex(), because 151 * calling EVP_CipherInit() will reset the cipher context, clearing 152 * the cipher, so calling it twice, with the second call having a 153 * null cipher, will clear the already-set cipher. EVP_CipherInit_ex(), 154 * however, won't reset the cipher context, so you can use it to specify 155 * the IV oin a second call after a first call to EVP_CipherInit_ex() 156 * to set the cipher and the key. 157 * 158 * XXX - is there some reason why we need to make two calls? 159 */ 160 static int 161 set_cipher_parameters(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, 162 const unsigned char *key, 163 const unsigned char *iv, int enc) 164 { 165 return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, enc); 166 } 167 #else 168 /* 169 * Initialize the cipher by calling EVP_CipherInit(), because we don't 170 * have EVP_CipherInit_ex(); we rely on it not trashing the context. 171 */ 172 static int 173 set_cipher_parameters(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, 174 const unsigned char *key, 175 const unsigned char *iv, int enc) 176 { 177 return EVP_CipherInit(ctx, cipher, key, iv, enc); 178 } 179 #endif 180 181 /* 182 * this will adjust ndo_packetp and ndo_snapend to new buffer! 183 */ 184 USES_APPLE_DEPRECATED_API 185 int esp_print_decrypt_buffer_by_ikev2(netdissect_options *ndo, 186 int initiator, 187 u_char spii[8], u_char spir[8], 188 const u_char *buf, const u_char *end) 189 { 190 struct sa_list *sa; 191 const u_char *iv; 192 unsigned int len; 193 EVP_CIPHER_CTX *ctx; 194 unsigned int block_size, output_buffer_size; 195 u_char *output_buffer; 196 197 /* initiator arg is any non-zero value */ 198 if(initiator) initiator=1; 199 200 /* see if we can find the SA, and if so, decode it */ 201 for (sa = ndo->ndo_sa_list_head; sa != NULL; sa = sa->next) { 202 if (sa->spi == 0 203 && initiator == sa->initiator 204 && memcmp(spii, sa->spii, 8) == 0 205 && memcmp(spir, sa->spir, 8) == 0) 206 break; 207 } 208 209 if(sa == NULL) return 0; 210 if(sa->evp == NULL) return 0; 211 212 /* 213 * remove authenticator, and see if we still have something to 214 * work with 215 */ 216 end = end - sa->authlen; 217 iv = buf; 218 buf = buf + sa->ivlen; 219 len = end-buf; 220 221 if(end <= buf) return 0; 222 223 ctx = EVP_CIPHER_CTX_new(); 224 if (ctx == NULL) 225 return 0; 226 if (set_cipher_parameters(ctx, sa->evp, sa->secret, NULL, 0) < 0) 227 (*ndo->ndo_warning)(ndo, "espkey init failed"); 228 set_cipher_parameters(ctx, NULL, NULL, iv, 0); 229 /* 230 * Allocate a buffer for the decrypted data. 231 * The output buffer must be separate from the input buffer, and 232 * its size must be a multiple of the cipher block size. 233 */ 234 block_size = (unsigned int)EVP_CIPHER_CTX_block_size(ctx); 235 output_buffer_size = len + (block_size - len % block_size); 236 output_buffer = (u_char *)malloc(output_buffer_size); 237 if (output_buffer == NULL) { 238 (*ndo->ndo_warning)(ndo, "can't allocate memory for decryption buffer"); 239 EVP_CIPHER_CTX_free(ctx); 240 return 0; 241 } 242 EVP_Cipher(ctx, output_buffer, buf, len); 243 EVP_CIPHER_CTX_free(ctx); 244 245 /* 246 * XXX - of course this is wrong, because buf is a const buffer, 247 * but changing this would require a more complicated fix. 248 */ 249 memcpy(__DECONST(u_char *, buf), output_buffer, len); 250 free(output_buffer); 251 252 ndo->ndo_packetp = buf; 253 ndo->ndo_snapend = end; 254 255 return 1; 256 } 257 USES_APPLE_RST 258 259 static void esp_print_addsa(netdissect_options *ndo, 260 struct sa_list *sa, int sa_def) 261 { 262 /* copy the "sa" */ 263 264 struct sa_list *nsa; 265 266 nsa = (struct sa_list *)malloc(sizeof(struct sa_list)); 267 if (nsa == NULL) 268 (*ndo->ndo_error)(ndo, "ran out of memory to allocate sa structure"); 269 270 *nsa = *sa; 271 272 if (sa_def) 273 ndo->ndo_sa_default = nsa; 274 275 nsa->next = ndo->ndo_sa_list_head; 276 ndo->ndo_sa_list_head = nsa; 277 } 278 279 280 static u_int hexdigit(netdissect_options *ndo, char hex) 281 { 282 if (hex >= '0' && hex <= '9') 283 return (hex - '0'); 284 else if (hex >= 'A' && hex <= 'F') 285 return (hex - 'A' + 10); 286 else if (hex >= 'a' && hex <= 'f') 287 return (hex - 'a' + 10); 288 else { 289 (*ndo->ndo_error)(ndo, "invalid hex digit %c in espsecret\n", hex); 290 return 0; 291 } 292 } 293 294 static u_int hex2byte(netdissect_options *ndo, char *hexstring) 295 { 296 u_int byte; 297 298 byte = (hexdigit(ndo, hexstring[0]) << 4) + hexdigit(ndo, hexstring[1]); 299 return byte; 300 } 301 302 /* 303 * returns size of binary, 0 on failure. 304 */ 305 static 306 int espprint_decode_hex(netdissect_options *ndo, 307 u_char *binbuf, unsigned int binbuf_len, 308 char *hex) 309 { 310 unsigned int len; 311 int i; 312 313 len = strlen(hex) / 2; 314 315 if (len > binbuf_len) { 316 (*ndo->ndo_warning)(ndo, "secret is too big: %d\n", len); 317 return 0; 318 } 319 320 i = 0; 321 while (hex[0] != '\0' && hex[1]!='\0') { 322 binbuf[i] = hex2byte(ndo, hex); 323 hex += 2; 324 i++; 325 } 326 327 return i; 328 } 329 330 /* 331 * decode the form: SPINUM@IP <tab> ALGONAME:0xsecret 332 */ 333 334 USES_APPLE_DEPRECATED_API 335 static int 336 espprint_decode_encalgo(netdissect_options *ndo, 337 char *decode, struct sa_list *sa) 338 { 339 size_t i; 340 const EVP_CIPHER *evp; 341 int authlen = 0; 342 char *colon, *p; 343 344 colon = strchr(decode, ':'); 345 if (colon == NULL) { 346 (*ndo->ndo_warning)(ndo, "failed to decode espsecret: %s\n", decode); 347 return 0; 348 } 349 *colon = '\0'; 350 351 if (strlen(decode) > strlen("-hmac96") && 352 !strcmp(decode + strlen(decode) - strlen("-hmac96"), 353 "-hmac96")) { 354 p = strstr(decode, "-hmac96"); 355 *p = '\0'; 356 authlen = 12; 357 } 358 if (strlen(decode) > strlen("-cbc") && 359 !strcmp(decode + strlen(decode) - strlen("-cbc"), "-cbc")) { 360 p = strstr(decode, "-cbc"); 361 *p = '\0'; 362 } 363 evp = EVP_get_cipherbyname(decode); 364 365 if (!evp) { 366 (*ndo->ndo_warning)(ndo, "failed to find cipher algo %s\n", decode); 367 sa->evp = NULL; 368 sa->authlen = 0; 369 sa->ivlen = 0; 370 return 0; 371 } 372 373 sa->evp = evp; 374 sa->authlen = authlen; 375 sa->ivlen = EVP_CIPHER_iv_length(evp); 376 377 colon++; 378 if (colon[0] == '0' && colon[1] == 'x') { 379 /* decode some hex! */ 380 381 colon += 2; 382 sa->secretlen = espprint_decode_hex(ndo, sa->secret, sizeof(sa->secret), colon); 383 if(sa->secretlen == 0) return 0; 384 } else { 385 i = strlen(colon); 386 387 if (i < sizeof(sa->secret)) { 388 memcpy(sa->secret, colon, i); 389 sa->secretlen = i; 390 } else { 391 memcpy(sa->secret, colon, sizeof(sa->secret)); 392 sa->secretlen = sizeof(sa->secret); 393 } 394 } 395 396 return 1; 397 } 398 USES_APPLE_RST 399 400 /* 401 * for the moment, ignore the auth algorith, just hard code the authenticator 402 * length. Need to research how openssl looks up HMAC stuff. 403 */ 404 static int 405 espprint_decode_authalgo(netdissect_options *ndo, 406 char *decode, struct sa_list *sa) 407 { 408 char *colon; 409 410 colon = strchr(decode, ':'); 411 if (colon == NULL) { 412 (*ndo->ndo_warning)(ndo, "failed to decode espsecret: %s\n", decode); 413 return 0; 414 } 415 *colon = '\0'; 416 417 if(ascii_strcasecmp(colon,"sha1") == 0 || 418 ascii_strcasecmp(colon,"md5") == 0) { 419 sa->authlen = 12; 420 } 421 return 1; 422 } 423 424 static void esp_print_decode_ikeline(netdissect_options *ndo, char *line, 425 const char *file, int lineno) 426 { 427 /* it's an IKEv2 secret, store it instead */ 428 struct sa_list sa1; 429 430 char *init; 431 char *icookie, *rcookie; 432 int ilen, rlen; 433 char *authkey; 434 char *enckey; 435 436 init = strsep(&line, " \t"); 437 icookie = strsep(&line, " \t"); 438 rcookie = strsep(&line, " \t"); 439 authkey = strsep(&line, " \t"); 440 enckey = strsep(&line, " \t"); 441 442 /* if any fields are missing */ 443 if(!init || !icookie || !rcookie || !authkey || !enckey) { 444 (*ndo->ndo_warning)(ndo, "print_esp: failed to find all fields for ikev2 at %s:%u", 445 file, lineno); 446 447 return; 448 } 449 450 ilen = strlen(icookie); 451 rlen = strlen(rcookie); 452 453 if((init[0]!='I' && init[0]!='R') 454 || icookie[0]!='0' || icookie[1]!='x' 455 || rcookie[0]!='0' || rcookie[1]!='x' 456 || ilen!=18 457 || rlen!=18) { 458 (*ndo->ndo_warning)(ndo, "print_esp: line %s:%u improperly formatted.", 459 file, lineno); 460 461 (*ndo->ndo_warning)(ndo, "init=%s icookie=%s(%u) rcookie=%s(%u)", 462 init, icookie, ilen, rcookie, rlen); 463 464 return; 465 } 466 467 sa1.spi = 0; 468 sa1.initiator = (init[0] == 'I'); 469 if(espprint_decode_hex(ndo, sa1.spii, sizeof(sa1.spii), icookie+2)!=8) 470 return; 471 472 if(espprint_decode_hex(ndo, sa1.spir, sizeof(sa1.spir), rcookie+2)!=8) 473 return; 474 475 if(!espprint_decode_encalgo(ndo, enckey, &sa1)) return; 476 477 if(!espprint_decode_authalgo(ndo, authkey, &sa1)) return; 478 479 esp_print_addsa(ndo, &sa1, FALSE); 480 } 481 482 /* 483 * 484 * special form: file /name 485 * causes us to go read from this file instead. 486 * 487 */ 488 static void esp_print_decode_onesecret(netdissect_options *ndo, char *line, 489 const char *file, int lineno) 490 { 491 struct sa_list sa1; 492 int sa_def; 493 494 char *spikey; 495 char *decode; 496 497 spikey = strsep(&line, " \t"); 498 sa_def = 0; 499 memset(&sa1, 0, sizeof(struct sa_list)); 500 501 /* if there is only one token, then it is an algo:key token */ 502 if (line == NULL) { 503 decode = spikey; 504 spikey = NULL; 505 /* sa1.daddr.version = 0; */ 506 /* memset(&sa1.daddr, 0, sizeof(sa1.daddr)); */ 507 /* sa1.spi = 0; */ 508 sa_def = 1; 509 } else 510 decode = line; 511 512 if (spikey && ascii_strcasecmp(spikey, "file") == 0) { 513 /* open file and read it */ 514 FILE *secretfile; 515 char fileline[1024]; 516 int subfile_lineno=0; 517 char *nl; 518 char *filename = line; 519 520 secretfile = fopen(filename, FOPEN_READ_TXT); 521 if (secretfile == NULL) { 522 (*ndo->ndo_error)(ndo, "print_esp: can't open %s: %s\n", 523 filename, strerror(errno)); 524 return; 525 } 526 527 while (fgets(fileline, sizeof(fileline)-1, secretfile) != NULL) { 528 subfile_lineno++; 529 /* remove newline from the line */ 530 nl = strchr(fileline, '\n'); 531 if (nl) 532 *nl = '\0'; 533 if (fileline[0] == '#') continue; 534 if (fileline[0] == '\0') continue; 535 536 esp_print_decode_onesecret(ndo, fileline, filename, subfile_lineno); 537 } 538 fclose(secretfile); 539 540 return; 541 } 542 543 if (spikey && ascii_strcasecmp(spikey, "ikev2") == 0) { 544 esp_print_decode_ikeline(ndo, line, file, lineno); 545 return; 546 } 547 548 if (spikey) { 549 550 char *spistr, *foo; 551 uint32_t spino; 552 553 spistr = strsep(&spikey, "@"); 554 555 spino = strtoul(spistr, &foo, 0); 556 if (spistr == foo || !spikey) { 557 (*ndo->ndo_warning)(ndo, "print_esp: failed to decode spi# %s\n", foo); 558 return; 559 } 560 561 sa1.spi = spino; 562 563 if (strtoaddr6(spikey, &sa1.daddr.in6) == 1) { 564 sa1.daddr_version = 6; 565 } else if (strtoaddr(spikey, &sa1.daddr.in4) == 1) { 566 sa1.daddr_version = 4; 567 } else { 568 (*ndo->ndo_warning)(ndo, "print_esp: can not decode IP# %s\n", spikey); 569 return; 570 } 571 } 572 573 if (decode) { 574 /* skip any blank spaces */ 575 while (isspace((unsigned char)*decode)) 576 decode++; 577 578 if(!espprint_decode_encalgo(ndo, decode, &sa1)) { 579 return; 580 } 581 } 582 583 esp_print_addsa(ndo, &sa1, sa_def); 584 } 585 586 USES_APPLE_DEPRECATED_API 587 static void esp_init(netdissect_options *ndo _U_) 588 { 589 /* 590 * 0.9.6 doesn't appear to define OPENSSL_API_COMPAT, so 591 * we check whether it's undefined or it's less than the 592 * value for 1.1.0. 593 */ 594 #if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < 0x10100000L 595 OpenSSL_add_all_algorithms(); 596 #endif 597 EVP_add_cipher_alias(SN_des_ede3_cbc, "3des"); 598 } 599 USES_APPLE_RST 600 601 void esp_print_decodesecret(netdissect_options *ndo) 602 { 603 char *line; 604 char *p; 605 static int initialized = 0; 606 607 if (!initialized) { 608 esp_init(ndo); 609 initialized = 1; 610 } 611 612 p = ndo->ndo_espsecret; 613 614 while (p && p[0] != '\0') { 615 /* pick out the first line or first thing until a comma */ 616 if ((line = strsep(&p, "\n,")) == NULL) { 617 line = p; 618 p = NULL; 619 } 620 621 esp_print_decode_onesecret(ndo, line, "cmdline", 0); 622 } 623 624 ndo->ndo_espsecret = NULL; 625 } 626 627 #endif 628 629 #ifdef HAVE_LIBCRYPTO 630 USES_APPLE_DEPRECATED_API 631 #endif 632 int 633 esp_print(netdissect_options *ndo, 634 const u_char *bp, const int length, const u_char *bp2 635 #ifndef HAVE_LIBCRYPTO 636 _U_ 637 #endif 638 , 639 int *nhdr 640 #ifndef HAVE_LIBCRYPTO 641 _U_ 642 #endif 643 , 644 int *padlen 645 #ifndef HAVE_LIBCRYPTO 646 _U_ 647 #endif 648 ) 649 { 650 register const struct newesp *esp; 651 register const u_char *ep; 652 #ifdef HAVE_LIBCRYPTO 653 const struct ip *ip; 654 struct sa_list *sa = NULL; 655 const struct ip6_hdr *ip6 = NULL; 656 int advance; 657 int len; 658 u_char *secret; 659 int ivlen = 0; 660 const u_char *ivoff; 661 const u_char *p; 662 EVP_CIPHER_CTX *ctx; 663 unsigned int block_size, output_buffer_size; 664 u_char *output_buffer; 665 #endif 666 667 esp = (const struct newesp *)bp; 668 669 #ifdef HAVE_LIBCRYPTO 670 secret = NULL; 671 advance = 0; 672 #endif 673 674 #if 0 675 /* keep secret out of a register */ 676 p = (u_char *)&secret; 677 #endif 678 679 /* 'ep' points to the end of available data. */ 680 ep = ndo->ndo_snapend; 681 682 if ((const u_char *)(esp + 1) >= ep) { 683 ND_PRINT((ndo, "[|ESP]")); 684 goto fail; 685 } 686 ND_PRINT((ndo, "ESP(spi=0x%08x", EXTRACT_32BITS(&esp->esp_spi))); 687 ND_PRINT((ndo, ",seq=0x%x)", EXTRACT_32BITS(&esp->esp_seq))); 688 ND_PRINT((ndo, ", length %u", length)); 689 690 #ifndef HAVE_LIBCRYPTO 691 goto fail; 692 #else 693 /* initiailize SAs */ 694 if (ndo->ndo_sa_list_head == NULL) { 695 if (!ndo->ndo_espsecret) 696 goto fail; 697 698 esp_print_decodesecret(ndo); 699 } 700 701 if (ndo->ndo_sa_list_head == NULL) 702 goto fail; 703 704 ip = (const struct ip *)bp2; 705 switch (IP_V(ip)) { 706 case 6: 707 ip6 = (const struct ip6_hdr *)bp2; 708 /* we do not attempt to decrypt jumbograms */ 709 if (!EXTRACT_16BITS(&ip6->ip6_plen)) 710 goto fail; 711 /* if we can't get nexthdr, we do not need to decrypt it */ 712 len = sizeof(struct ip6_hdr) + EXTRACT_16BITS(&ip6->ip6_plen); 713 714 /* see if we can find the SA, and if so, decode it */ 715 for (sa = ndo->ndo_sa_list_head; sa != NULL; sa = sa->next) { 716 if (sa->spi == EXTRACT_32BITS(&esp->esp_spi) && 717 sa->daddr_version == 6 && 718 UNALIGNED_MEMCMP(&sa->daddr.in6, &ip6->ip6_dst, 719 sizeof(struct in6_addr)) == 0) { 720 break; 721 } 722 } 723 break; 724 case 4: 725 /* nexthdr & padding are in the last fragment */ 726 if (EXTRACT_16BITS(&ip->ip_off) & IP_MF) 727 goto fail; 728 len = EXTRACT_16BITS(&ip->ip_len); 729 730 /* see if we can find the SA, and if so, decode it */ 731 for (sa = ndo->ndo_sa_list_head; sa != NULL; sa = sa->next) { 732 if (sa->spi == EXTRACT_32BITS(&esp->esp_spi) && 733 sa->daddr_version == 4 && 734 UNALIGNED_MEMCMP(&sa->daddr.in4, &ip->ip_dst, 735 sizeof(struct in_addr)) == 0) { 736 break; 737 } 738 } 739 break; 740 default: 741 goto fail; 742 } 743 744 /* if we didn't find the specific one, then look for 745 * an unspecified one. 746 */ 747 if (sa == NULL) 748 sa = ndo->ndo_sa_default; 749 750 /* if not found fail */ 751 if (sa == NULL) 752 goto fail; 753 754 /* if we can't get nexthdr, we do not need to decrypt it */ 755 if (ep - bp2 < len) 756 goto fail; 757 if (ep - bp2 > len) { 758 /* FCS included at end of frame (NetBSD 1.6 or later) */ 759 ep = bp2 + len; 760 } 761 762 /* pointer to the IV, if there is one */ 763 ivoff = (const u_char *)(esp + 1) + 0; 764 /* length of the IV, if there is one; 0, if there isn't */ 765 ivlen = sa->ivlen; 766 secret = sa->secret; 767 ep = ep - sa->authlen; 768 769 if (sa->evp) { 770 ctx = EVP_CIPHER_CTX_new(); 771 if (ctx != NULL) { 772 if (set_cipher_parameters(ctx, sa->evp, secret, NULL, 0) < 0) 773 (*ndo->ndo_warning)(ndo, "espkey init failed"); 774 775 p = ivoff; 776 set_cipher_parameters(ctx, NULL, NULL, p, 0); 777 len = ep - (p + ivlen); 778 779 /* 780 * Allocate a buffer for the decrypted data. 781 * The output buffer must be separate from the 782 * input buffer, and its size must be a multiple 783 * of the cipher block size. 784 */ 785 block_size = (unsigned int)EVP_CIPHER_CTX_block_size(ctx); 786 output_buffer_size = len + (block_size - len % block_size); 787 output_buffer = (u_char *)malloc(output_buffer_size); 788 if (output_buffer == NULL) { 789 (*ndo->ndo_warning)(ndo, "can't allocate memory for decryption buffer"); 790 EVP_CIPHER_CTX_free(ctx); 791 return -1; 792 } 793 794 EVP_Cipher(ctx, output_buffer, p + ivlen, len); 795 EVP_CIPHER_CTX_free(ctx); 796 /* 797 * XXX - of course this is wrong, because buf is a 798 * const buffer, but changing this would require a 799 * more complicated fix. 800 */ 801 memcpy(__DECONST(u_char *, p + ivlen), output_buffer, len); 802 free(output_buffer); 803 advance = ivoff - (const u_char *)esp + ivlen; 804 } else 805 advance = sizeof(struct newesp); 806 } else 807 advance = sizeof(struct newesp); 808 809 /* sanity check for pad length */ 810 if (ep - bp < *(ep - 2)) 811 goto fail; 812 813 if (padlen) 814 *padlen = *(ep - 2) + 2; 815 816 if (nhdr) 817 *nhdr = *(ep - 1); 818 819 ND_PRINT((ndo, ": ")); 820 return advance; 821 #endif 822 823 fail: 824 return -1; 825 } 826 #ifdef HAVE_LIBCRYPTO 827 USES_APPLE_RST 828 #endif 829 830 /* 831 * Local Variables: 832 * c-style: whitesmith 833 * c-basic-offset: 8 834 * End: 835 */ 836