archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
2.0 GiB
Tree: daad8a087a
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'daad8a087a'
${ noResults }
windows-xp/Source/XPSP1/NT/net/tcpip/driver/ipsec/sys/esp.c

732 lines
21 KiB
Raw Normal View History

Add source files
4 years ago
  1. /*++
  3. Copyright (c) 1997-2001 Microsoft Corporation
  5. Module Name:
  7. esp.c
  9. Abstract:
  11. This module contains the code to create/verify the ESP headers.
  13. Author:
  15. Sanjay Anand (SanjayAn) 2-January-1997
  16. ChunYe
  18. Environment:
  20. Kernel mode
  22. Revision History:
  24. --*/
  27. #include "precomp.h"
  30. #ifndef _TEST_PERF
  31. CONFID_ALGO conf_algorithms[] = {
  32. { esp_nullinit, esp_nullencrypt, esp_nulldecrypt, DES_BLOCKLEN},
  33. { esp_desinit, esp_desencrypt, esp_desdecrypt, DES_BLOCKLEN},
  34. { esp_desinit, esp_desencrypt, esp_desdecrypt, DES_BLOCKLEN},
  35. { esp_3_desinit, esp_3_desencrypt, esp_3_desdecrypt, DES_BLOCKLEN},
  36. };
  37. #else
  38. CONFID_ALGO conf_algorithms[] = {
  39. { esp_nullinit, esp_nullencrypt, esp_nulldecrypt, DES_BLOCKLEN},
  40. { esp_nullinit, esp_nullencrypt, esp_nulldecrypt, DES_BLOCKLEN},
  41. { esp_nullinit, esp_nullencrypt, esp_nulldecrypt, DES_BLOCKLEN},
  42. { esp_nullinit, esp_nullencrypt, esp_nulldecrypt, DES_BLOCKLEN},
  43. };
  44. #endif
  47. VOID
  48. esp_nullinit (
  49. IN PVOID pState,
  50. IN PUCHAR pKey
  51. )
  52. {
  53. return;
  54. }
  57. VOID
  58. esp_nullencrypt (
  59. PVOID pState,
  60. PUCHAR pOut,
  61. PUCHAR pIn,
  62. PUCHAR pIV
  63. )
  64. {
  65. RtlCopyMemory(pOut, pIn, DES_BLOCKLEN);
  67. return;
  68. }
  71. VOID
  72. esp_nulldecrypt (
  73. PVOID pState,
  74. PUCHAR pOut,
  75. PUCHAR pIn,
  76. PUCHAR pIV
  77. )
  78. {
  79. return;
  80. }
  83. VOID
  84. esp_desinit (
  85. IN PVOID pState,
  86. IN PUCHAR pKey
  87. )
  88. {
  89. DESTable *Table = &((PCONF_STATE_BUFFER)pState)->desTable;
  91. IPSEC_DES_KEY(Table, pKey);
  92. }
  95. VOID
  96. esp_desencrypt (
  97. PVOID pState,
  98. PUCHAR pOut,
  99. PUCHAR pIn,
  100. PUCHAR pIV
  101. )
  102. {
  103. DESTable *Table = &((PCONF_STATE_BUFFER)pState)->desTable;
  105. IPSEC_CBC(IPSEC_DES_ALGO,
  106. pOut,
  107. pIn, // pChunk,
  108. Table,
  109. ENCRYPT,
  110. pIV);
  111. }
  114. VOID
  115. esp_desdecrypt (
  116. PVOID pState,
  117. PUCHAR pOut,
  118. PUCHAR pIn,
  119. PUCHAR pIV
  120. )
  121. {
  122. DESTable *Table = &((PCONF_STATE_BUFFER)pState)->desTable;
  124. IPSEC_CBC(IPSEC_DES_ALGO,
  125. pOut,
  126. pIn, // pChunk,
  127. Table,
  128. DECRYPT,
  129. pIV);
  130. }
  133. VOID
  134. esp_3_desinit (
  135. IN PVOID pState,
  136. IN PUCHAR pKey
  137. )
  138. {
  139. DES3TABLE *Table = &((PCONF_STATE_BUFFER)pState)->des3Table;
  141. IPSEC_3DES_KEY(Table, pKey);
  142. }
  145. VOID
  146. esp_3_desencrypt (
  147. PVOID pState,
  148. PUCHAR pOut,
  149. PUCHAR pIn,
  150. PUCHAR pIV
  151. )
  152. {
  153. DES3TABLE *Table = &((PCONF_STATE_BUFFER)pState)->des3Table;
  155. IPSEC_CBC(IPSEC_3DES_ALGO,
  156. pOut,
  157. pIn, // pChunk,
  158. Table,
  159. ENCRYPT,
  160. pIV);
  161. }
  164. VOID
  165. esp_3_desdecrypt (
  166. PVOID pState,
  167. PUCHAR pOut,
  168. PUCHAR pIn,
  169. PUCHAR pIV
  170. )
  171. {
  172. DES3TABLE *Table = &((PCONF_STATE_BUFFER)pState)->des3Table;
  174. IPSEC_CBC(IPSEC_3DES_ALGO,
  175. pOut,
  176. pIn, // pChunk,
  177. Table,
  178. DECRYPT,
  179. pIV);
  180. }
  183. IPRcvBuf *
  184. CopyToRcvBuf(
  185. IN IPRcvBuf *DestBuf,
  186. IN PUCHAR SrcBuf,
  187. IN ULONG Size,
  188. IN PULONG StartOffset
  189. )
  190. /*++
  192. Copy a flat buffer to an IPRcvBuf chain.
  194. A utility function to copy a flat buffer to an NDIS buffer chain. We
  195. assume that the NDIS_BUFFER chain is big enough to hold the copy amount;
  196. in a debug build we'll debugcheck if this isn't true. We return a pointer
  197. to the buffer where we stopped copying, and an offset into that buffer.
  198. This is useful for copying in pieces into the chain.
  200. Input:
  202. DestBuf - Destination IPRcvBuf chain.
  203. SrcBuf - Src flat buffer.
  204. Size - Size in bytes to copy.
  205. StartOffset - Pointer to start of offset into first buffer in
  206. chain. Filled in on return with the offset to
  207. copy into next.
  209. Returns:
  211. Pointer to next buffer in chain to copy into.
  213. --*/
  214. {
  215. UINT CopySize;
  216. UCHAR *DestPtr;
  217. UINT DestSize;
  218. UINT Offset = *StartOffset;
  219. UCHAR *VirtualAddress;
  220. UINT Length;
  222. if (DestBuf == NULL || SrcBuf == NULL) {
  223. ASSERT(FALSE);
  224. return NULL;
  225. }
  227. IPSecQueryRcvBuf(DestBuf, &VirtualAddress, &Length);
  228. ASSERT(Length >= Offset);
  229. DestPtr = VirtualAddress + Offset;
  230. DestSize = Length - Offset;
  232. for (;;) {
  233. CopySize = MIN(Size, DestSize);
  234. RtlCopyMemory(DestPtr, SrcBuf, CopySize);
  236. DestPtr += CopySize;
  237. SrcBuf += CopySize;
  239. if ((Size -= CopySize) == 0)
  240. break;
  242. if ((DestSize -= CopySize) == 0) {
  243. DestBuf = IPSEC_BUFFER_LINKAGE(DestBuf);
  245. if (DestBuf == NULL) {
  246. ASSERT(FALSE);
  247. break;
  248. }
  250. IPSecQueryRcvBuf(DestBuf, &VirtualAddress, &Length);
  252. DestPtr = VirtualAddress;
  253. DestSize = Length;
  254. }
  255. }
  257. *StartOffset = (ULONG)(DestPtr - VirtualAddress);
  259. return DestBuf;
  261. }
  264. NTSTATUS
  265. IPSecEncryptBuffer(
  266. IN PVOID pData,
  267. IN PNDIS_BUFFER *ppNewMdl,
  268. IN PSA_TABLE_ENTRY pSA,
  269. IN PNDIS_BUFFER pPadBuf,
  270. OUT PULONG pPadLen,
  271. IN ULONG PayloadType,
  272. IN ULONG Index,
  273. IN PUCHAR feedback
  274. )
  275. {
  276. CONF_STATE_BUFFER Key;
  277. PCONFID_ALGO pConfAlgo;
  278. UCHAR scratch[MAX_BLOCKLEN]; // scratch buffer for the encrypt
  279. UCHAR scratch1[MAX_BLOCKLEN]; // scratch buffer for the encrypt
  280. PUCHAR pDest=NULL;
  281. PNDIS_BUFFER pEncryptMdl;
  282. ULONG len;
  283. ULONG blockLen;
  284. NTSTATUS status;
  286. IPSEC_DEBUG(ESP, ("Entering IPSecEncryptBuffer: pData: %lx\n", pData));
  288. if (pSA->CONF_ALGO(Index) > NUM_CONF_ALGOS) {
  289. ASSERT(FALSE);
  290. return STATUS_INVALID_PARAMETER;
  291. }
  293. pConfAlgo = &(conf_algorithms[pSA->CONF_ALGO(Index)]);
  294. blockLen = pConfAlgo->blocklen;
  296. //
  297. // set up the state buffer
  298. //
  299. pConfAlgo->init((PVOID)&Key, pSA->CONF_KEY(Index));
  301. IPSEC_DEBUG(HUGHES, ("pConfAlgo: %lx, blockLen: %lx IV: %lx-%lx\n", pConfAlgo, blockLen, *(PULONG)&feedback[0], *(PULONG)&feedback[4]));
  303. if (*ppNewMdl == NULL) {
  304. //
  305. // We should not encrypt in place: so we alloc a new buffer
  306. // Count up the total size and allocate the new buffer.
  307. // use that buffer as the dest of the encrypt.
  308. //
  309. IPSEC_GET_TOTAL_LEN(pData, &len);
  310. #if DBG
  311. if ((len % 8) != 0) {
  312. DbgPrint("Length not kosher: pData: %lx, len: %d, pPadBuf: %lx, pPadLen: %d\n", pData, len, pPadBuf, pPadLen);
  313. DbgBreakPoint();
  314. }
  315. #endif
  316. IPSecAllocateBuffer(&status, &pEncryptMdl, &pDest, len, IPSEC_TAG_ESP);
  318. if (!NT_SUCCESS(status)) {
  319. NTSTATUS ntstatus;
  320. //ASSERT(FALSE);
  321. IPSEC_DEBUG(ESP, ("Failed to alloc. encrypt MDL\n"));
  322. return status;
  323. }
  325. IPSEC_DEBUG(ESP, ("Alloc. MDL: %lx, pDest: %lx, len: %d, pData: %lx\n", pEncryptMdl, pDest, len, pData));
  326. } else {
  327. ASSERT(FALSE);
  328. IPSecQueryNdisBuf(*ppNewMdl, &pDest, &len);
  329. pEncryptMdl = *ppNewMdl;
  330. }
  332. //
  333. // Now, send 64 bit (8 octet) chunks to CBC. We need to make sure
  334. // that the data is divided on contiguous 8 byte boundaries across
  335. // different buffers.
  336. //
  337. {
  338. PNDIS_BUFFER pBuf = (PNDIS_BUFFER)pData;
  339. ULONG bytesDone = 0;
  340. ULONG bytesLeft;
  341. PUCHAR pChunk;
  343. while (pBuf) {
  345. IPSecQueryNdisBuf(pBuf, &pChunk, &bytesLeft);
  347. pChunk += bytesDone;
  348. bytesLeft -= bytesDone;
  350. IPSEC_DEBUG(ESP, ("ESP: pChunk: %lx, bytesLeft: %d, bytesDone: %d\n", pChunk, bytesLeft, bytesDone));
  352. bytesDone = 0;
  354. while (bytesLeft >= blockLen) {
  355. //
  356. // Create the cipher.
  357. //
  358. pConfAlgo->encrypt( (PVOID)&Key,
  359. pDest,
  360. pChunk,
  361. feedback);
  363. pChunk += blockLen;
  364. bytesLeft -= blockLen;
  365. pDest += blockLen;
  366. }
  368. //
  369. // Check here if we need to collate blocks
  370. //
  371. if (NDIS_BUFFER_LINKAGE(pBuf) != NULL) {
  372. PUCHAR pNextChunk;
  373. ULONG nextSize;
  375. //
  376. // If some left over from prev. buffer, collate with next
  377. // block
  378. //
  379. if (bytesLeft) {
  380. ULONG offset = bytesLeft; // offset into scratch
  381. ULONG bytesToCollect = blockLen - bytesLeft; // # of bytes to collect from next few MDLs
  382. IPSEC_DEBUG(ESP, ("ESP: pChunk: %lx, bytesLeft: %d\n", pChunk, bytesLeft));
  384. ASSERT(bytesLeft < blockLen);
  386. //
  387. // Copy into a scratch buffer
  388. //
  389. RtlCopyMemory( scratch,
  390. pChunk,
  391. bytesLeft);
  393. do {
  394. ASSERT(NDIS_BUFFER_LINKAGE(pBuf));
  395. IPSecQueryNdisBuf(NDIS_BUFFER_LINKAGE(pBuf), &pNextChunk, &nextSize);
  397. if (nextSize >= (blockLen - offset)) {
  398. RtlCopyMemory( scratch+offset,
  399. pNextChunk,
  400. blockLen - offset);
  401. bytesDone = blockLen - offset;
  403. bytesToCollect -= (blockLen - offset);
  404. ASSERT(bytesToCollect == 0);
  405. } else {
  406. IPSEC_DEBUG(ESP, ("special case, offset: %d, bytesLeft: %d, nextSize: %d, pNextChunk: %lx\n",
  407. offset, bytesLeft, nextSize, pNextChunk));
  409. RtlCopyMemory( scratch+offset,
  410. pNextChunk,
  411. nextSize);
  413. bytesToCollect -= nextSize;
  414. ASSERT(bytesToCollect);
  416. offset += nextSize;
  417. ASSERT(offset < blockLen);
  419. ASSERT(bytesDone == 0);
  420. pBuf = NDIS_BUFFER_LINKAGE(pBuf);
  421. }
  422. } while (bytesToCollect);
  424. pConfAlgo->encrypt( (PVOID)&Key,
  425. pDest,
  426. scratch,
  427. feedback);
  429. pDest += blockLen;
  430. }
  431. } else {
  432. PUCHAR pPad;
  433. ULONG padLen;
  434. ULONG bufLen;
  436. //
  437. // End of the chain; pad with length and type to 8 byte boundary
  438. //
  439. ASSERT(bytesLeft < blockLen);
  441. // if ((pSA->sa_eOperation == HUGHES_TRANSPORT) ||
  442. // (pSA->sa_eOperation == HUGHES_TUNNEL)) {
  444. //
  445. // since only hughes is done now, this shd be always true.
  446. //
  447. if (TRUE) {
  448. ASSERT(bytesLeft == 0);
  450. //
  451. // DONE: break out
  452. //
  453. break;
  454. }
  455. }
  456. pBuf = NDIS_BUFFER_LINKAGE(pBuf);
  457. }
  459. //
  460. // save IV for next encrypt cycle
  461. //
  462. RtlCopyMemory( pSA->sa_iv[Index],
  463. feedback,
  464. pSA->sa_ivlen);
  466. IPSEC_DEBUG(HUGHES, ("IV: %lx-%lx\n", *(PULONG)&feedback[0], *(PULONG)&feedback[4]));
  467. }
  468. #if DBG
  469. {
  470. ULONG totalLen;
  472. IPSEC_GET_TOTAL_LEN(pEncryptMdl, &totalLen);
  473. ASSERT((totalLen % 8) == 0);
  474. IPSEC_DEBUG(ESP, ("total len: %lx\n", totalLen));
  475. }
  476. #endif
  477. IPSEC_DEBUG(ESP, ("Exiting IPSecEncryptBuffer\n"));
  479. *ppNewMdl = pEncryptMdl;
  481. return STATUS_SUCCESS;
  482. }
  485. NTSTATUS
  486. IPSecDecryptBuffer(
  487. IN PVOID pData,
  488. IN PSA_TABLE_ENTRY pSA,
  489. OUT PUCHAR pPadLen,
  490. OUT PUCHAR pPayloadType,
  491. IN ULONG Index
  492. )
  493. {
  494. CONF_STATE_BUFFER Key;
  495. PCONFID_ALGO pConfAlgo;
  496. UCHAR feedback[MAX_BLOCKLEN];
  497. UCHAR scratch[MAX_BLOCKLEN]; // scratch buffer for the encrypt
  498. UCHAR scratch1[MAX_BLOCKLEN]; // scratch buffer for the encrypt
  499. LONG Len;
  500. UCHAR padLen;
  501. UCHAR payloadType;
  502. LONG hdrLen;
  503. IPHeader UNALIGNED *pIPH;
  504. ESP UNALIGNED *pEsp;
  505. PUCHAR savePtr;
  506. LONG espLen = sizeof(ESP) + pSA->sa_ivlen + pSA->sa_ReplayLen;
  507. LONG blockLen;
  509. if (pSA->CONF_ALGO(Index) > NUM_CONF_ALGOS) {
  510. return STATUS_INVALID_PARAMETER;
  511. }
  513. pConfAlgo = &(conf_algorithms[pSA->CONF_ALGO(Index)]);
  514. blockLen = pConfAlgo->blocklen;
  516. //
  517. // set up the state buffer
  518. //
  519. pConfAlgo->init((PVOID)&Key, pSA->CONF_KEY(Index));
  521. IPSecQueryRcvBuf(pData, (PUCHAR)&pEsp, &Len);
  523. //
  524. // Init the CBC feedback from the IV in the packet
  525. //
  526. // Actually if the sa_ivlen is 0, use the pSA one
  527. //
  528. if (pSA->sa_ivlen) {
  529. RtlCopyMemory( feedback,
  530. ((PUCHAR)(pEsp + 1) + pSA->sa_ReplayLen),
  531. pSA->sa_ivlen);
  532. IPSEC_DEBUG(ESP, ("IV: %lx-%lx\n", *(PULONG)&feedback[0], *(PULONG)&feedback[4]));
  533. } else {
  534. RtlCopyMemory( feedback,
  535. pSA->sa_iv[Index],
  536. DES_BLOCKLEN);
  537. }
  539. //
  540. // Bump the current pointer to after the ESP header
  541. //
  542. ((IPRcvBuf *)pData)->ipr_size -= espLen;
  543. savePtr = ((IPRcvBuf *)pData)->ipr_buffer;
  545. ((IPRcvBuf *)pData)->ipr_buffer = savePtr + espLen;
  547. //
  548. // Now, send 64 bit (8 octet) chunks to CBC. We need to make sure
  549. // that the data is divided on contiguous 8 byte boundaries across
  550. // different buffers.
  551. // NOTE: the algo below assumes that there are a minimum of 8 bytes
  552. // per buffer in the chain.
  553. //
  554. {
  555. IPRcvBuf *pBuf = (IPRcvBuf *)pData;
  556. LONG bytesDone = 0;
  557. LONG bytesLeft;
  558. LONG saveBytesLeft;
  559. PUCHAR pChunk;
  560. PUCHAR pSaveChunk;
  562. while (pBuf) {
  564. if (IPSEC_BUFFER_LEN(pBuf) == 0) {
  565. pBuf = IPSEC_BUFFER_LINKAGE(pBuf);
  566. continue;
  567. }
  569. IPSecQueryRcvBuf(pBuf, &pSaveChunk, &saveBytesLeft);
  571. bytesLeft = saveBytesLeft - bytesDone;
  572. pChunk = pSaveChunk + bytesDone;
  574. IPSEC_DEBUG(ESP, ("ESP: 1.pChunk: %lx, bytesLeft: %d, bytesDone: %d\n", pChunk, bytesLeft, bytesDone));
  575. bytesDone = 0;
  577. while (bytesLeft >= blockLen) {
  579. //
  580. // Decrypt the cipher.
  581. //
  582. pConfAlgo->decrypt( (PVOID)&Key,
  583. pChunk,
  584. pChunk,
  585. feedback);
  587. pChunk += blockLen;
  588. bytesLeft -= blockLen;
  589. }
  591. IPSEC_DEBUG(ESP, ("ESP: 2.pChunk: %lx, bytesLeft: %d, bytesDone: %d\n", pChunk, bytesLeft, bytesDone));
  593. //
  594. // Check here if we need to collate blocks
  595. //
  596. if (IPSEC_BUFFER_LINKAGE(pBuf) != NULL) {
  597. PUCHAR pNextChunk;
  598. LONG nextSize;
  600. if (IPSEC_BUFFER_LEN(IPSEC_BUFFER_LINKAGE(pBuf)) == 0) {
  601. pBuf = IPSEC_BUFFER_LINKAGE(pBuf);
  602. }
  604. //
  605. // If some left over from prev. buffer, collate with next
  606. // block
  607. //
  608. if (bytesLeft) {
  609. LONG offset = bytesLeft;
  610. IPSEC_DEBUG(ESP, ("ESP: 3.pChunk: %lx, bytesLeft: %d, bytesDone: %d\n", pChunk, bytesLeft, bytesDone));
  612. ASSERT(bytesLeft < blockLen);
  614. //
  615. // Copy into a scratch buffer
  616. //
  617. RtlCopyMemory( scratch,
  618. pChunk,
  619. bytesLeft);
  621. IPSecQueryRcvBuf(IPSEC_BUFFER_LINKAGE(pBuf), &pNextChunk, &nextSize);
  623. if (nextSize >= (blockLen - bytesLeft)) {
  624. //
  625. // Copy remaining bytes into scratch
  626. //
  627. RtlCopyMemory( scratch+bytesLeft,
  628. pNextChunk,
  629. blockLen - bytesLeft);
  631. pConfAlgo->decrypt( (PVOID)&Key,
  632. scratch,
  633. scratch,
  634. feedback);
  636. //
  637. // Copy cipher back into the payload
  638. //
  639. RtlCopyMemory( pChunk,
  640. scratch,
  641. bytesLeft);
  643. RtlCopyMemory( pNextChunk,
  644. scratch+bytesLeft,
  645. blockLen - bytesLeft);
  647. bytesDone = blockLen - bytesLeft;
  648. } else {
  649. //
  650. // Ugh! Collect the remaining bytes from the chain and redistribute them
  651. // after the decryption.
  652. //
  653. LONG bytesToCollect = blockLen - bytesLeft; // # of bytes to collect from next few MDLs
  654. IPRcvBuf *pFirstBuf = IPSEC_BUFFER_LINKAGE(pBuf); // to know where to start the distribution post decryption
  656. do {
  657. ASSERT(IPSEC_BUFFER_LINKAGE(pBuf));
  658. IPSecQueryRcvBuf(IPSEC_BUFFER_LINKAGE(pBuf), &pNextChunk, &nextSize);
  660. if (nextSize >= (blockLen - offset)) {
  661. RtlCopyMemory( scratch+offset,
  662. pNextChunk,
  663. blockLen - offset);
  664. bytesDone = blockLen - offset;
  666. bytesToCollect -= (blockLen - offset);
  667. ASSERT(bytesToCollect == 0);
  668. } else {
  669. IPSEC_DEBUG(ESP, ("special case, offset: %d, bytesLeft: %d, nextSize: %d, pNextChunk: %lx\n",
  670. offset, bytesLeft, nextSize, pNextChunk));
  672. RtlCopyMemory( scratch+offset,
  673. pNextChunk,
  674. nextSize);
  676. bytesToCollect -= nextSize;
  677. ASSERT(bytesToCollect);
  679. offset += nextSize;
  680. ASSERT(offset < blockLen);
  682. ASSERT(bytesDone == 0);
  683. pBuf = IPSEC_BUFFER_LINKAGE(pBuf);
  684. }
  685. } while (bytesToCollect);
  687. pConfAlgo->decrypt( (PVOID)&Key,
  688. scratch,
  689. scratch,
  690. feedback);
  691. //
  692. // Now distribute the bytes back to the MDLs
  693. //
  694. RtlCopyMemory( pChunk,
  695. scratch,
  696. bytesLeft);
  698. pBuf = CopyToRcvBuf(pFirstBuf,
  699. scratch+bytesLeft,
  700. blockLen - bytesLeft,
  701. &bytesDone);
  702. continue;
  704. }
  705. }
  706. } else {
  707. //
  708. // end of chain.
  709. // should never come here with bytes left over since the
  710. // sender should pad to 8 byte boundary.
  711. //
  712. ASSERT(bytesLeft == 0);
  714. IPSEC_DEBUG(ESP, ("ESP: 4.pChunk: %lx, saveBytesLeft: %d, bytesDone: %d\n", pChunk, saveBytesLeft, bytesDone));
  716. IPSEC_DEBUG(ESP, ("ESP: HUGHES: will remove pad later\n"));
  717. break;
  718. }
  720. pBuf = (IPRcvBuf *)IPSEC_BUFFER_LINKAGE(pBuf);
  721. }
  722. }
  724. //
  725. // Restore the first MDL
  726. //
  727. ((IPRcvBuf *)pData)->ipr_size += espLen;
  728. ((IPRcvBuf *)pData)->ipr_buffer = savePtr;
  730. return STATUS_SUCCESS;
  731. }