22#define WOLFESP_SRC
33
44#include "wolfesp.h"
5+ static uint8_t esp_iv_len_from_enc (esp_enc_t enc );
56
6- static WC_RNG wc_rng ;
7- static volatile int rng_inited = 0 ;
7+ static WC_RNG wc_rng ;
8+ static volatile int rng_inited = 0 ;
9+ static struct wolfIP_esp_sa * in_sa_list = NULL ;
10+ static struct wolfIP_esp_sa * out_sa_list = NULL ;
11+ static uint16_t in_sa_num = 0 ;
12+ static uint16_t out_sa_num = 0 ;
813
914int
1015wolfIP_esp_init (void )
@@ -25,11 +30,6 @@ wolfIP_esp_init(void)
2530 return err ;
2631}
2732
28- static struct wolfIP_esp_sa * in_sa_list = NULL ;
29- static struct wolfIP_esp_sa * out_sa_list = NULL ;
30- static uint16_t in_sa_num = 0 ;
31- static uint16_t out_sa_num = 0 ;
32-
3333void
3434wolfIP_esp_load_sa_list (struct wolfIP_esp_sa * sa_list , uint16_t num , int in )
3535{
@@ -111,15 +111,18 @@ static void wolfIP_print_esp(const struct wolfIP_esp_sa * esp_sa,
111111 const uint8_t * payload = esp_data + ESP_SPI_LEN + ESP_SEQ_LEN ;
112112 const uint8_t * iv = NULL ;
113113 const uint8_t * icv = NULL ;
114+ uint8_t iv_len = 0 ;
114115 const uint8_t * padding = NULL ;
115116 uint32_t payload_len = esp_len - ESP_SPI_LEN - ESP_SEQ_LEN
116117 - pad_len - ESP_PADDING_LEN
117118 - ESP_NEXT_HEADER_LEN ;
118119
119- if (esp_sa -> iv_len ) {
120+ iv_len = esp_iv_len_from_enc (esp_sa -> enc );
121+
122+ if (iv_len ) {
120123 iv = payload ;
121- payload += esp_sa -> iv_len ;
122- payload_len -= esp_sa -> iv_len ;
124+ payload += iv_len ;
125+ payload_len -= iv_len ;
123126 }
124127
125128 if (esp_sa -> icv_len ) {
@@ -143,7 +146,7 @@ static void wolfIP_print_esp(const struct wolfIP_esp_sa * esp_sa,
143146 * ESP payload (includes IV).
144147 * */
145148 if (iv ) {
146- esp_print_field ("iv" , iv , esp_sa -> iv_len );
149+ esp_print_field ("iv" , iv , iv_len );
147150 }
148151
149152 esp_print_field ("payload" , payload , payload_len );
@@ -194,6 +197,30 @@ esp_block_len_from_enc(esp_enc_t enc)
194197 return block_len ;
195198}
196199
200+ static uint8_t
201+ esp_iv_len_from_enc (esp_enc_t enc )
202+ {
203+ uint8_t iv_len = 0 ;
204+
205+ switch (enc ) {
206+ case ESP_ENC_CBC_AES :
207+ iv_len = ESP_CBC_RFC3602_IV_LEN ;
208+ break ;
209+
210+ case ESP_ENC_GCM_RFC4106 :
211+ case ESP_ENC_GCM_RFC4543 :
212+ iv_len = ESP_GCM_RFC4106_IV_LEN ;
213+ break ;
214+
215+ case ESP_ENC_NONE :
216+ default :
217+ iv_len = 0 ;
218+ break ;
219+ }
220+
221+ return iv_len ;
222+ }
223+
197224/*
198225 * esp_data covers from start of ESP header to end of ESP trailer, but does not
199226 * include the ESP ICV after trailer.
@@ -311,7 +338,7 @@ esp_aes_rfc3602_dec(const struct wolfIP_esp_sa * esp_sa, uint8_t * esp_data,
311338 Aes cbc_dec ;
312339 int ret = -1 ;
313340 uint8_t icv_len = esp_sa -> icv_len ;
314- uint8_t iv_len = esp_sa -> iv_len ;
341+ uint8_t iv_len = ESP_CBC_RFC3602_IV_LEN ;
315342 uint8_t * enc_payload = NULL ;
316343 uint8_t * iv = NULL ;
317344 uint16_t enc_len = 0 ;
@@ -365,7 +392,7 @@ esp_aes_rfc3602_enc(const struct wolfIP_esp_sa * esp_sa, uint8_t * esp_data,
365392 Aes cbc_enc ;
366393 int ret = -1 ;
367394 uint8_t icv_len = esp_sa -> icv_len ;
368- uint8_t iv_len = esp_sa -> iv_len ;
395+ uint8_t iv_len = ESP_CBC_RFC3602_IV_LEN ;
369396 uint8_t * enc_payload = NULL ;
370397 uint8_t * iv = NULL ;
371398 uint16_t enc_len = 0 ;
@@ -437,7 +464,7 @@ esp_aes_rfc4106_dec(const struct wolfIP_esp_sa * esp_sa, uint8_t * esp_data,
437464 int err = -1 ;
438465 uint8_t * icv = NULL ;
439466 uint8_t icv_len = esp_sa -> icv_len ;
440- uint8_t iv_len = esp_sa -> iv_len ;
467+ uint8_t iv_len = ESP_GCM_RFC4106_IV_LEN ;
441468 uint8_t * enc_payload = NULL ;
442469 uint8_t * iv = NULL ;
443470 uint16_t enc_len = 0 ;
@@ -514,7 +541,7 @@ esp_aes_rfc4106_enc(const struct wolfIP_esp_sa * esp_sa, uint8_t * esp_data,
514541 int err = -1 ;
515542 uint8_t * icv = NULL ;
516543 uint8_t icv_len = esp_sa -> icv_len ;
517- uint8_t iv_len = esp_sa -> iv_len ;
544+ uint8_t iv_len = ESP_GCM_RFC4106_IV_LEN ;
518545 uint8_t * enc_payload = NULL ;
519546 uint8_t * iv = NULL ;
520547 uint16_t enc_len = 0 ;
@@ -674,6 +701,7 @@ esp_transport_unwrap(struct wolfIP *s, struct wolfIP_ip_packet *ip,
674701 uint32_t esp_len = 0 ;
675702 uint8_t pad_len = 0 ;
676703 uint8_t nxt_hdr = 0 ;
704+ uint8_t iv_len = 0 ;
677705
678706 memset (spi , 0 , sizeof (spi ));
679707
@@ -722,11 +750,13 @@ esp_transport_unwrap(struct wolfIP *s, struct wolfIP_ip_packet *ip,
722750 return -1 ;
723751 }
724752
753+ iv_len = esp_iv_len_from_enc (esp_sa -> enc );
754+
725755 {
726756 /* calculate min expected length based on the security association. */
727757 uint32_t min_len = 0 ;
728758
729- min_len = (ESP_SPI_LEN + ESP_SEQ_LEN + esp_sa -> iv_len +
759+ min_len = (ESP_SPI_LEN + ESP_SEQ_LEN + iv_len +
730760 ESP_PADDING_LEN + ESP_NEXT_HEADER_LEN + esp_sa -> icv_len );
731761
732762 if (esp_len < min_len ) {
@@ -761,7 +791,7 @@ esp_transport_unwrap(struct wolfIP *s, struct wolfIP_ip_packet *ip,
761791 }
762792 }
763793
764- if (esp_sa -> iv_len != 0 ) {
794+ if (iv_len != 0 ) {
765795 /* Decrypt the payload in place. */
766796 int err = -1 ;
767797
@@ -800,12 +830,12 @@ esp_transport_unwrap(struct wolfIP *s, struct wolfIP_ip_packet *ip,
800830 #endif /* WOLFIP_DEBUG_ESP */
801831
802832 /* move ip payload forward to hide ESP header (SPI, SEQ, IV). */
803- memmove (ip -> data , ip -> data + ESP_SPI_LEN + ESP_SEQ_LEN + esp_sa -> iv_len ,
804- esp_len - (ESP_SPI_LEN + ESP_SEQ_LEN + esp_sa -> iv_len ));
833+ memmove (ip -> data , ip -> data + ESP_SPI_LEN + ESP_SEQ_LEN + iv_len ,
834+ esp_len - (ESP_SPI_LEN + ESP_SEQ_LEN + iv_len ));
805835
806836 /* subtract ESP header from frame_len and ip.len. */
807- * frame_len = * frame_len - (esp_sa -> iv_len + ESP_SPI_LEN + ESP_SEQ_LEN );
808- ip -> len = ee16 (ip -> len ) - (esp_sa -> iv_len + ESP_SPI_LEN + ESP_SEQ_LEN );
837+ * frame_len = * frame_len - (iv_len + ESP_SPI_LEN + ESP_SEQ_LEN );
838+ ip -> len = ee16 (ip -> len ) - (iv_len + ESP_SPI_LEN + ESP_SEQ_LEN );
809839
810840 /* subtract ESP trailer from frame_len and ip.len. */
811841 * frame_len = * frame_len - (pad_len + ESP_PADDING_LEN +
@@ -856,6 +886,7 @@ esp_transport_wrap(struct wolfIP_ip_packet *ip, uint16_t * ip_len)
856886 uint32_t seq_n = 0 ; /* sequence num in network order */
857887 uint16_t icv_offset = 0 ;
858888 struct wolfIP_esp_sa * esp_sa = NULL ;
889+ uint8_t iv_len = 0 ;
859890
860891 /* TODO: priority, tcp/udp port-filtering? currently this grabs
861892 * the first dst match. */
@@ -881,13 +912,10 @@ esp_transport_wrap(struct wolfIP_ip_packet *ip, uint16_t * ip_len)
881912 return 0 ;
882913 }
883914
884- #if 0
885- /* return early, do nothing. */
886- return 0 ;
887- #endif
915+ iv_len = esp_iv_len_from_enc (esp_sa -> enc );
888916
889917 /* move ip payload back to make room for ESP header (SPI, SEQ) + IV. */
890- memmove (ip -> data + ESP_SPI_LEN + ESP_SEQ_LEN + esp_sa -> iv_len ,
918+ memmove (ip -> data + ESP_SPI_LEN + ESP_SEQ_LEN + iv_len ,
891919 ip -> data , orig_payload_len );
892920
893921 /* Copy in SPI and sequence number fields. */
@@ -899,9 +927,9 @@ esp_transport_wrap(struct wolfIP_ip_packet *ip, uint16_t * ip_len)
899927 memcpy (payload , & seq_n , sizeof (seq_n ));
900928 payload += ESP_SEQ_LEN ;
901929
902- if (esp_sa -> iv_len ) {
930+ if (iv_len ) {
903931 /* skip iv field, will generate later. */
904- payload += esp_sa -> iv_len ;
932+ payload += iv_len ;
905933 }
906934
907935 block_len = esp_block_len_from_enc (esp_sa -> enc );
@@ -910,7 +938,7 @@ esp_transport_wrap(struct wolfIP_ip_packet *ip, uint16_t * ip_len)
910938 /* Block cipher. Calculate padding and encrypted length, then
911939 * icv_offset. */
912940 uint32_t enc_len = 0 ;
913- enc_len = esp_sa -> iv_len + orig_payload_len + pad_len
941+ enc_len = iv_len + orig_payload_len + pad_len
914942 + ESP_PADDING_LEN + ESP_NEXT_HEADER_LEN ;
915943
916944 /* Determine padding. This needs to be flexible for
@@ -919,13 +947,13 @@ esp_transport_wrap(struct wolfIP_ip_packet *ip, uint16_t * ip_len)
919947 pad_len = block_len - (enc_len % block_len );
920948 }
921949
922- icv_offset = ESP_SPI_LEN + ESP_SEQ_LEN + esp_sa -> iv_len
950+ icv_offset = ESP_SPI_LEN + ESP_SEQ_LEN + iv_len
923951 + orig_payload_len + pad_len + ESP_PADDING_LEN
924952 + ESP_NEXT_HEADER_LEN ;
925953 }
926954 else {
927955 /* Stream cipher or auth-only. Calculate the icv offset directly. */
928- icv_offset = ESP_SPI_LEN + ESP_SEQ_LEN + esp_sa -> iv_len
956+ icv_offset = ESP_SPI_LEN + ESP_SEQ_LEN + iv_len
929957 + orig_payload_len + pad_len + ESP_PADDING_LEN
930958 + ESP_NEXT_HEADER_LEN ;
931959
@@ -957,12 +985,12 @@ esp_transport_wrap(struct wolfIP_ip_packet *ip, uint16_t * ip_len)
957985
958986 /* calculate final esp payload length. */
959987 payload_len = orig_ip_len - IP_HEADER_LEN ;
960- payload_len += ESP_SPI_LEN + ESP_SEQ_LEN + esp_sa -> iv_len +
988+ payload_len += ESP_SPI_LEN + ESP_SEQ_LEN + iv_len +
961989 pad_len + ESP_PADDING_LEN + ESP_NEXT_HEADER_LEN +
962990 esp_sa -> icv_len ;
963991
964992 /* encrypt from payload to end of ESP trailer. */
965- if (esp_sa -> iv_len ) {
993+ if (iv_len ) {
966994 int err = -1 ;
967995
968996 switch (esp_sa -> enc ) {
0 commit comments