mirror of
https://github.com/freebsd/freebsd-src
synced 2024-09-19 16:23:29 +00:00
Add support for ESN in cryptosoft
This patch adds support for IPsec ESN (Extended Sequence Numbers) in encrypt and authenticate mode (eg. AES-CBC and SHA256) and combined mode (eg. AES-GCM). For encrypt and authenticate mode the ESN is stored in separate crp_esn buffer because the high-order 32 bits of the sequence number are appended after the Next Header (RFC 4303). For combined modes the high-order 32 bits of the sequence number [e.g. RFC 4106, Chapter 5 AAD Construction] are part of crp_aad (prepared by netipsec layer in case of ESN support enabled), therefore non visible diff around combined modes. Submitted by: Grzegorz Jaszczyk <jaz@semihalf.com> Patryk Duda <pdk@semihalf.com> Reviewed by: jhb Differential revision: https://reviews.freebsd.org/D22364 Obtained from: Semihalf Sponsored by: Stormshield
This commit is contained in:
parent
7e89ae49db
commit
6038018ab1
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=366753
|
@ -327,8 +327,8 @@ swcr_authcompute(struct swcr_session *ses, struct cryptop *crp)
|
|||
|
||||
axf = sw->sw_axf;
|
||||
|
||||
csp = crypto_get_params(crp->crp_session);
|
||||
if (crp->crp_auth_key != NULL) {
|
||||
csp = crypto_get_params(crp->crp_session);
|
||||
swcr_authprepare(axf, sw, crp->crp_auth_key,
|
||||
csp->csp_auth_klen);
|
||||
}
|
||||
|
@ -354,6 +354,9 @@ swcr_authcompute(struct swcr_session *ses, struct cryptop *crp)
|
|||
if (err)
|
||||
goto out;
|
||||
|
||||
if (csp->csp_flags & CSP_F_ESN)
|
||||
axf->Update(&ctx, crp->crp_esn, 4);
|
||||
|
||||
axf->Final(aalg, &ctx);
|
||||
if (sw->sw_octx != NULL) {
|
||||
bcopy(sw->sw_octx, &ctx, axf->ctxsize);
|
||||
|
@ -1235,12 +1238,12 @@ swcr_cipher_supported(const struct crypto_session_params *csp)
|
|||
return (true);
|
||||
}
|
||||
|
||||
#define SUPPORTED_SES (CSP_F_SEPARATE_OUTPUT | CSP_F_SEPARATE_AAD | CSP_F_ESN)
|
||||
|
||||
static int
|
||||
swcr_probesession(device_t dev, const struct crypto_session_params *csp)
|
||||
{
|
||||
|
||||
if ((csp->csp_flags & ~(CSP_F_SEPARATE_OUTPUT | CSP_F_SEPARATE_AAD)) !=
|
||||
0)
|
||||
if ((csp->csp_flags & ~(SUPPORTED_SES)) != 0)
|
||||
return (EINVAL);
|
||||
switch (csp->csp_mode) {
|
||||
case CSP_MODE_COMPRESS:
|
||||
|
|
Loading…
Reference in a new issue