From de6eb61f223f42561d16e68abda785fd9bb28730 Mon Sep 17 00:00:00 2001 From: jordan Date: Wed, 22 Apr 2026 10:30:29 -0500 Subject: [PATCH 1/2] esp: fix error return in esp_check_icv_hmac. --- src/wolfesp.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/wolfesp.c b/src/wolfesp.c index eb310765..d31a0ad4 100644 --- a/src/wolfesp.c +++ b/src/wolfesp.c @@ -1160,6 +1160,9 @@ esp_check_icv_hmac(const wolfIP_esp_sa * esp_sa, uint8_t * esp_data, /* compare the first N bits depending on truncation type. */ rc = esp_const_memcmp(icv, hash, esp_sa->icv_len); + if (rc) { + rc = -1; + } return rc; } @@ -1649,7 +1652,7 @@ esp_transport_wrap(struct wolfIP_ip_packet *ip, uint16_t * ip_len) } if (esp_sa->icv_len) { - int err = 0; + int err = 0; switch (esp_sa->auth) { case ESP_AUTH_MD5_RFC2403: @@ -1664,7 +1667,6 @@ esp_transport_wrap(struct wolfIP_ip_packet *ip, uint16_t * ip_len) if (err == 0) { memcpy(icv, hash, esp_sa->icv_len); } - } break; #if defined(WOLFSSL_AESGCM_STREAM) From 2d110a07223de56a8bc87d414e8a133d0056e1b0 Mon Sep 17 00:00:00 2001 From: jordan Date: Wed, 22 Apr 2026 11:52:16 -0500 Subject: [PATCH 2/2] esp: esp_transport_wrap refactor, and test cleanup. --- Makefile | 3 +- src/test/esp/esp_server.c | 15 +++++--- src/test/esp/test_esp.c | 72 ++++++++++++++++++++++----------------- src/test/unit/unit_esp.c | 41 ---------------------- src/wolfesp.c | 10 +++--- 5 files changed, 58 insertions(+), 83 deletions(-) diff --git a/Makefile b/Makefile index dba9ac8b..39037f86 100644 --- a/Makefile +++ b/Makefile @@ -4,7 +4,8 @@ CFLAGS+=-g -ggdb -Wdeclaration-after-statement EXTRA_CFLAGS?= CFLAGS+=$(EXTRA_CFLAGS) LDFLAGS+=-pthread -# additional debug flags: +# debug flags: +# CFLAGS+=-DDEBUG # CFLAGS+=-DDEBUG_TAP # CFLAGS+=-DDEBUG_ETH # CFLAGS+=-DDEBUG_IP diff --git a/src/test/esp/esp_server.c b/src/test/esp/esp_server.c index 9c4665bc..8c666d89 100644 --- a/src/test/esp/esp_server.c +++ b/src/test/esp/esp_server.c @@ -80,8 +80,8 @@ int main(int argc, char * argv[]) } switch (esp_mode) { - #if defined(WOLFSSL_AESGCM_STREAM) case 0: + #if defined(WOLFSSL_AESGCM_STREAM) err = wolfIP_esp_sa_new_gcm(1, in_sa_gcm, atoip4(HOST_STACK_IP), atoip4(WOLFIP_IP), ESP_ENC_GCM_RFC4106, in_enc_key, sizeof(in_enc_key)); @@ -91,8 +91,11 @@ int main(int argc, char * argv[]) atoip4(HOST_STACK_IP), ESP_ENC_GCM_RFC4106, out_enc_key, sizeof(out_enc_key)); if (err) { return err; } - break; + #else + printf("error: gcm stream not built in\n"); + err = -1; #endif /* WOLFSSL_AESGCM_STREAM */ + break; case 1: err = wolfIP_esp_sa_new_cbc_hmac(1, in_sa_cbc, atoip4(HOST_STACK_IP), atoip4(WOLFIP_IP), @@ -110,8 +113,8 @@ int main(int argc, char * argv[]) ESP_ICVLEN_HMAC_128); if (err) { return err; } break; - #ifndef NO_DES3 case 2: + #ifndef NO_DES3 err = wolfIP_esp_sa_new_des3_hmac(1, in_sa_des3, atoip4(HOST_STACK_IP), atoip4(WOLFIP_IP), in_enc_key, ESP_AUTH_SHA256_RFC4868, @@ -125,8 +128,11 @@ int main(int argc, char * argv[]) out_auth_key, sizeof(out_auth_key), ESP_ICVLEN_HMAC_128); if (err) { return err; } - break; + #else + printf("error: des3 not built in\n"); + err = -1; #endif /* !NO_DES3 */ + break; case 3: err = wolfIP_esp_sa_new_gcm(1, in_sa_gmac, atoip4(HOST_STACK_IP), atoip4(WOLFIP_IP), ESP_ENC_GCM_RFC4543, @@ -143,6 +149,7 @@ int main(int argc, char * argv[]) break; } } + if (err) { return err; } // Create a socket if ((server_fd = socket(AF_INET, type, 0)) < 0) { diff --git a/src/test/esp/test_esp.c b/src/test/esp/test_esp.c index b92ccdc0..4e2f0b0e 100644 --- a/src/test/esp/test_esp.c +++ b/src/test/esp/test_esp.c @@ -532,38 +532,10 @@ int main(int argc, char **argv) } } - wolfIP_init_static(&s); - tapdev = wolfIP_getdev(s); - if (!tapdev) { - perror("wolfIP_getdev"); - return 1; - } - - inet_aton(HOST_STACK_IP, &host_stack_ip); - if (tap_init(tapdev, "wtcp0", host_stack_ip.s_addr) < 0) { - perror("tap init"); - return 2; - } - { -#if !defined(__FreeBSD__) && !defined(__APPLE__) - char cmd[128]; - snprintf(cmd, sizeof(cmd), "tcpdump -i %s -w test.pcap &", - tapdev->ifname); - system(cmd); -#else - (void)tapdev; -#endif - } - - wolfIP_ipconfig_set(s, atoip4(WOLFIP_IP), atoip4("255.255.255.0"), - atoip4(HOST_STACK_IP)); - printf("IP: manually configured\n"); - inet_pton(AF_INET, WOLFIP_IP, &srv_ip); - if (!disable_ipsec) { switch (mode) { - #if defined(WOLFSSL_AESGCM_STREAM) case 0: + #if defined(WOLFSSL_AESGCM_STREAM) err = wolfIP_esp_sa_new_gcm(1, in_sa_gcm, atoip4(HOST_STACK_IP), atoip4(WOLFIP_IP), ESP_ENC_GCM_RFC4106, in_enc_key, sizeof(in_enc_key)); @@ -573,8 +545,11 @@ int main(int argc, char **argv) atoip4(HOST_STACK_IP), ESP_ENC_GCM_RFC4106, out_enc_key, sizeof(out_enc_key)); if (err) { return err; } - break; + #else + printf("error: gcm stream not built in\n"); + err = -1; #endif /* WOLFSSL_AESGCM_STREAM */ + break; case 1: err = wolfIP_esp_sa_new_cbc_hmac(1, in_sa_cbc, atoip4(HOST_STACK_IP), atoip4(WOLFIP_IP), @@ -592,8 +567,8 @@ int main(int argc, char **argv) ESP_ICVLEN_HMAC_128); if (err) { return err; } break; - #ifndef NO_DES3 case 2: + #ifndef NO_DES3 err = wolfIP_esp_sa_new_des3_hmac(1, in_sa_des3, atoip4(HOST_STACK_IP), atoip4(WOLFIP_IP), in_enc_key, ESP_AUTH_SHA256_RFC4868, @@ -607,8 +582,11 @@ int main(int argc, char **argv) out_auth_key, sizeof(out_auth_key), ESP_ICVLEN_HMAC_128); if (err) { return err; } - break; + #else + printf("error: des3 not built in\n"); + err = -1; #endif /* !NO_DES3 */ + break; case 3: err = wolfIP_esp_sa_new_gcm(1, in_sa_gmac, atoip4(HOST_STACK_IP), atoip4(WOLFIP_IP), ESP_ENC_GCM_RFC4543, @@ -625,6 +603,36 @@ int main(int argc, char **argv) break; } } + if (err) { return err; } + + /* init wolfip now. */ + wolfIP_init_static(&s); + tapdev = wolfIP_getdev(s); + if (!tapdev) { + perror("wolfIP_getdev"); + return 1; + } + + inet_aton(HOST_STACK_IP, &host_stack_ip); + if (tap_init(tapdev, "wtcp0", host_stack_ip.s_addr) < 0) { + perror("tap init"); + return 2; + } + { +#if !defined(__FreeBSD__) && !defined(__APPLE__) + char cmd[128]; + snprintf(cmd, sizeof(cmd), "tcpdump -i %s -w test.pcap &", + tapdev->ifname); + system(cmd); +#else + (void)tapdev; +#endif + } + + wolfIP_ipconfig_set(s, atoip4(WOLFIP_IP), atoip4("255.255.255.0"), + atoip4(HOST_STACK_IP)); + printf("IP: manually configured\n"); + inet_pton(AF_INET, WOLFIP_IP, &srv_ip); /* Server side test */ test_wolfip_echoserver(s, srv_ip); diff --git a/src/test/unit/unit_esp.c b/src/test/unit/unit_esp.c index b04996d2..1bbdc9ee 100644 --- a/src/test/unit/unit_esp.c +++ b/src/test/unit/unit_esp.c @@ -937,13 +937,7 @@ static void do_roundtrip_cbc_hmac(uint8_t *enc_key, uint8_t enc_key_len, /* --- Wrap --- */ ret = esp_transport_wrap(ip, &ip_len); ck_assert_int_eq(ret, 0); - - /* esp_send normally fixes these up; we must do it manually. */ frame_len = (uint32_t)ip_len + ETH_HEADER_LEN; - ip->proto = 0x32U; /* IP proto = ESP */ - ip->len = ee16(ip_len); - ip->csum = 0U; - iphdr_set_checksum(ip); /* --- Unwrap --- */ ret = esp_transport_unwrap(ip, &frame_len); @@ -1047,12 +1041,7 @@ START_TEST(test_roundtrip_des3_sha256) ret = esp_transport_wrap(ip, &ip_len); ck_assert_int_eq(ret, 0); - frame_len = (uint32_t)ip_len + ETH_HEADER_LEN; - ip->proto = 0x32U; - ip->len = ee16(ip_len); - ip->csum = 0U; - iphdr_set_checksum(ip); ret = esp_transport_unwrap(ip, &frame_len); ck_assert_int_eq(ret, 0); @@ -1099,12 +1088,7 @@ START_TEST(test_roundtrip_aes_gcm_rfc4106) ret = esp_transport_wrap(ip, &ip_len); ck_assert_int_eq(ret, 0); - frame_len = (uint32_t)ip_len + ETH_HEADER_LEN; - ip->proto = 0x32U; - ip->len = ee16(ip_len); - ip->csum = 0U; - iphdr_set_checksum(ip); ret = esp_transport_unwrap(ip, &frame_len); ck_assert_int_eq(ret, 0); @@ -1149,12 +1133,7 @@ START_TEST(test_roundtrip_aes_gmac_rfc4543) ret = esp_transport_wrap(ip, &ip_len); ck_assert_int_eq(ret, 0); - frame_len = (uint32_t)ip_len + ETH_HEADER_LEN; - ip->proto = 0x32U; - ip->len = ee16(ip_len); - ip->csum = 0U; - iphdr_set_checksum(ip); ret = esp_transport_unwrap(ip, &frame_len); ck_assert_int_eq(ret, 0); @@ -1204,12 +1183,7 @@ static void do_icv_tamper(void) ret = esp_transport_wrap(ip, &ip_len); ck_assert_int_eq(ret, 0); - frame_len = (uint32_t)ip_len + ETH_HEADER_LEN; - ip->proto = 0x32U; - ip->len = ee16(ip_len); - ip->csum = 0U; - iphdr_set_checksum(ip); /* esp_len = ip_len - IP_HEADER_LEN. The ICV occupies the last * ESP_ICVLEN_HMAC_128 (16) bytes of ip->data[0..esp_len-1]. */ @@ -1264,12 +1238,7 @@ START_TEST(test_ciphertext_tamper_cbc_sha256) ret = esp_transport_wrap(ip, &ip_len); ck_assert_int_eq(ret, 0); - frame_len = (uint32_t)ip_len + ETH_HEADER_LEN; - ip->proto = 0x32U; - ip->len = ee16(ip_len); - ip->csum = 0U; - iphdr_set_checksum(ip); ip->data[ct_offset] ^= 0x01U; /* single bit flip in ciphertext */ @@ -1364,12 +1333,7 @@ START_TEST(test_ip_recv_esp_transport_delivers_udp_payload) ret = esp_transport_wrap(ip, &ip_len); ck_assert_int_eq(ret, 0); - frame_len = (uint32_t)ip_len + ETH_HEADER_LEN; - ip->proto = 0x32U; - ip->len = ee16(ip_len); - ip->csum = 0U; - iphdr_set_checksum(ip); ip_recv(&s, 0, ip, frame_len); @@ -1413,12 +1377,7 @@ START_TEST(test_ip_recv_esp_transport_unwrap_failure_drops_packet) ret = esp_transport_wrap(ip, &ip_len); ck_assert_int_eq(ret, 0); - frame_len = (uint32_t)ip_len + ETH_HEADER_LEN; - ip->proto = 0x32U; - ip->len = ee16(ip_len); - ip->csum = 0U; - iphdr_set_checksum(ip); esp_len = frame_len - ETH_HEADER_LEN - IP_HEADER_LEN; ip->data[esp_len - 1U] ^= 0xFFU; diff --git a/src/wolfesp.c b/src/wolfesp.c index d31a0ad4..b51c28d0 100644 --- a/src/wolfesp.c +++ b/src/wolfesp.c @@ -1694,6 +1694,11 @@ esp_transport_wrap(struct wolfIP_ip_packet *ip, uint16_t * ip_len) wolfIP_print_esp(esp_sa, ip->data, payload_len, pad_len, ip->proto); #endif /* DEBUG_ESP */ + /* update len, set proto to ESP 0x32 (50), recalculate iphdr checksum. */ + ip->len = ee16(*ip_len); + ip->proto = 0x32; + ip->csum = 0; + iphdr_set_checksum(ip); return 0; } @@ -1739,11 +1744,6 @@ esp_send(struct wolfIP_ll_dev * ll_dev, const struct wolfIP_ip_packet *ip, return esp_rc; } - /* update len, set proto to ESP 0x32 (50), recalculate iphdr checksum. */ - esp->len = ee16(ip_final_len); - esp->proto = 0x32; - esp->csum = 0; - iphdr_set_checksum(esp); /* send it */ ll_dev->send(ll_dev, esp, ip_final_len + ETH_HEADER_LEN); return 0;