inbound aes cbc decryption working.

philljj · philljj · commit 1216dcd76b73 · 2025-09-21T01:01:46.000-05:00
diff --git a/src/wolfesp.c b/src/wolfesp.c
@@ -342,6 +342,79 @@ esp_const_memcmp(const uint8_t * vec_a, const uint8_t * vec_b, uint32_t len)
     return sum;
 }
 
+/**
+ * Get the encryption length for an ESP payload.
+ * */
+#define esp_enc_len(esp_len, iv_len, icv_len) \
+        (esp_len) - ESP_SPI_LEN - ESP_SEQ_LEN \
+        - (iv_len) - (icv_len)
+
+/**
+ * Get pointer to raw encryption ESP IV, skipping ESP header.
+ * */
+#define esp_enc_iv(data, iv_len) \
+        (data) + ESP_SPI_LEN + ESP_SEQ_LEN
+
+/**
+ * Get pointer to raw encryption ESP payload, skipping ESP header and IV.
+ * */
+#define esp_enc_payload(data, iv_len) \
+        (data) + ESP_SPI_LEN + ESP_SEQ_LEN + (iv_len)
+
+static int
+esp_aes_rfc3602_dec(const struct wolfIP_esp_sa * esp_sa, uint8_t * esp_data,
+                    uint32_t esp_len)
+{
+    Aes       cbc_dec;
+    int       ret = -1;
+    uint8_t   icv_len = esp_sa->icv_len;
+    uint8_t   iv_len = esp_sa->iv_len;
+    uint8_t * enc_payload = NULL;
+    uint8_t * iv = NULL;
+    uint16_t  enc_len = 0;
+    uint8_t   inited = 0;
+
+    #ifdef WOLFIP_DEBUG_ESP
+    printf("info: aes cbc dec\n");
+    #endif /* WOLFIP_DEBUG_ESP */
+
+    enc_len = esp_enc_len(esp_len, iv_len, icv_len);
+    enc_payload = esp_enc_payload(esp_data, iv_len);
+    iv = esp_enc_iv(esp_data, iv_len);
+
+    ret = wc_AesInit(&cbc_dec, NULL, INVALID_DEVID);
+
+    if (ret != 0) {
+        printf("error: wc_AesInit returned: %d\n", ret);
+        goto aes_dec_out;
+    }
+
+    inited = 1;
+    ret = wc_AesSetKey(&cbc_dec, esp_sa->enc_key, esp_sa->enc_key_len,
+                       iv, AES_DECRYPTION);
+
+    if (ret != 0) {
+        printf("error: wc_AesSetKey returned: %d\n", ret);
+        goto aes_dec_out;
+    }
+
+    /* decrypt in place. */
+    ret = wc_AesCbcDecrypt(&cbc_dec, enc_payload, enc_payload, enc_len);
+
+    if (ret != 0) {
+        printf("error: wc_AesCbcDecrypt returned: %d\n", ret);
+        goto aes_dec_out;
+    }
+
+aes_dec_out:
+    if (inited) {
+        wc_AesFree(&cbc_dec);
+        inited = 0;
+    }
+
+    return ret;
+}
+
 /**
  * esp_data covers from start of ESP header to end of ESP trailer, but does not
  * include the ESP ICV after trailer.
@@ -482,6 +555,31 @@ static int esp_unwrap(struct wolfIP *s, struct wolfIP_ip_packet *ip,
         }
     }
 
+    if (esp_sa->iv_len != 0) {
+        /* Decrypt the payload in place. */
+        int err = -1;
+
+        switch(esp_sa->enc) {
+        case ESP_ENC_CBC_AES:
+            err = esp_aes_rfc3602_dec(esp_sa, ip->data, esp_len);
+            break;
+
+        case ESP_ENC_NONE:
+        default:
+            printf("error: decrypt: invalid enc: %d\n", esp_sa->enc);
+            err = -1;
+            break;
+        }
+
+        if (err) {
+            printf("error: esp_decrypt(%02x) returned: %d\n", esp_sa->enc, err);
+            return -1;
+        }
+
+        /* Payload is now decrypted. We can now parse
+         * the ESP trailer for next header and padding. */
+    }
+
     /* icv check good, now finish unwrapping esp packet. */
     pad_len = *(ip->data + esp_len - esp_sa->icv_len - ESP_NEXT_HEADER_LEN
                 - ESP_PADDING_LEN);
