From 7e89ae49db749715b17ae2358cc60b6e74fed69f Mon Sep 17 00:00:00 2001 From: Marcin Wojtas Date: Fri, 16 Oct 2020 11:06:33 +0000 Subject: [PATCH] Prepare crypto framework for IPsec ESN support This permits requests (netipsec ESP and AH protocol) to provide the IPsec ESN (Extended Sequence Numbers) in a separate buffer. As with separate output buffer and separate AAD buffer not all drivers support this feature. Consumer must request use of this feature via new session flag. Submitted by: Grzegorz Jaszczyk Patryk Duda Reviewed by: jhb Differential revision: https://reviews.freebsd.org/D24838 Obtained from: Semihalf Sponsored by: Stormshield --- share/man/man9/crypto_request.9 | 18 ++++++++++++++++++ share/man/man9/crypto_session.9 | 9 +++++++++ sys/opencrypto/crypto.c | 5 +++-- sys/opencrypto/cryptodev.h | 3 +++ 4 files changed, 33 insertions(+), 2 deletions(-) diff --git a/share/man/man9/crypto_request.9 b/share/man/man9/crypto_request.9 index 8ba075b06cf..6253e49dfb3 100644 --- a/share/man/man9/crypto_request.9 +++ b/share/man/man9/crypto_request.9 @@ -302,6 +302,24 @@ as a single buffer pointed to by In either case, .Fa crp_aad_length always indicates the amount of AAD in bytes. +.Ss Request ESN +IPsec requests may optionally include Extended Sequence Numbers (ESN). +ESN may either be supplied in +.Fa crp_esn +or as part of the AAD pointed to by +.Fa crp_aad . +.Pp +If the ESN is stored in +.Fa crp_esn , +.Dv CSP_F_ESN +should be set in +.Fa csp_flags . +This use case is dedicated for encrypt and authenticate mode, since the +high-order 32 bits of the sequence number are appended after the Next Header +(RFC 4303). +.Pp +AEAD modes supply the ESN in a separate AAD buffer (see e.g. RFC 4106, Chapter 5 +AAD Construction). .Ss Request IV and/or Nonce Some cryptographic operations require an IV or nonce as an input. An IV may be stored either in the IV region of the data buffer or in diff --git a/share/man/man9/crypto_session.9 b/share/man/man9/crypto_session.9 index c370039a51d..78bc5e73665 100644 --- a/share/man/man9/crypto_session.9 +++ b/share/man/man9/crypto_session.9 @@ -201,6 +201,15 @@ Sessions with this flag set permit requests with AAD passed in either in a region of the input buffer or in a single, virtually-contiguous buffer. Sessions without this flag only permit requests with AAD passed in as a region in the input buffer. +.It Dv CSP_F_ESN +Support requests that use a separate buffer for IPsec ESN (Extended Sequence +Numbers). +.Pp +Sessions with this flag set permit requests with IPsec ESN passed in special +buffer. +It is required for IPsec ESN support of encrypt and authenticate mode where +the high-order 32 bits of the sequence number are appended after the Next +Header (RFC 4303). .El .It Fa csp_ivlen If either the cipher or authentication algorithms require an explicit diff --git a/sys/opencrypto/crypto.c b/sys/opencrypto/crypto.c index b4e0f06f358..dd20e64df4f 100644 --- a/sys/opencrypto/crypto.c +++ b/sys/opencrypto/crypto.c @@ -743,6 +743,8 @@ alg_is_aead(int alg) return (alg_type(alg) == ALG_AEAD); } +#define SUPPORTED_SES (CSP_F_SEPARATE_OUTPUT | CSP_F_SEPARATE_AAD | CSP_F_ESN) + /* Various sanity checks on crypto session parameters. */ static bool check_csp(const struct crypto_session_params *csp) @@ -750,8 +752,7 @@ check_csp(const struct crypto_session_params *csp) struct auth_hash *axf; /* Mode-independent checks. */ - if ((csp->csp_flags & ~(CSP_F_SEPARATE_OUTPUT | CSP_F_SEPARATE_AAD)) != - 0) + if ((csp->csp_flags & ~(SUPPORTED_SES)) != 0) return (false); if (csp->csp_ivlen < 0 || csp->csp_cipher_klen < 0 || csp->csp_auth_klen < 0 || csp->csp_auth_mlen < 0) diff --git a/sys/opencrypto/cryptodev.h b/sys/opencrypto/cryptodev.h index 2f2963edcb5..de85fff925a 100644 --- a/sys/opencrypto/cryptodev.h +++ b/sys/opencrypto/cryptodev.h @@ -377,6 +377,7 @@ struct crypto_session_params { #define CSP_F_SEPARATE_OUTPUT 0x0001 /* Requests can use separate output */ #define CSP_F_SEPARATE_AAD 0x0002 /* Requests can use separate AAD */ +#define CSP_F_ESN 0x0004 /* Requests can use seperate ESN field */ int csp_ivlen; /* IV length in bytes. */ @@ -485,6 +486,8 @@ struct cryptop { void *crp_aad; /* AAD buffer. */ int crp_aad_start; /* Location of AAD. */ int crp_aad_length; /* 0 => no AAD. */ + uint8_t crp_esn[4]; /* high-order ESN */ + int crp_iv_start; /* Location of IV. IV length is from * the session. */