Date: Fri, 3 Jul 2015 20:09:15 +0000 (UTC) From: "George V. Neville-Neil" <gnn@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r285108 - in head: lib/libipsec sbin/setkey sys/net usr.bin/netstat Message-ID: <201507032009.t63K9FW1015338@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: gnn Date: Fri Jul 3 20:09:14 2015 New Revision: 285108 URL: https://svnweb.freebsd.org/changeset/base/285108 Log: New AES modes for IPSec, user space components. Update setkey and libipsec to understand aes-gcm-16 as an encryption method. A partial commit of the work in review D2936. Submitted by: eri Reviewed by: jmg MFC after: 2 weeks Sponsored by: Rubicon Communications (Netgate) Modified: head/lib/libipsec/pfkey_dump.c head/sbin/setkey/setkey.8 head/sbin/setkey/token.l head/sys/net/pfkeyv2.h head/usr.bin/netstat/ipsec.c Modified: head/lib/libipsec/pfkey_dump.c ============================================================================== --- head/lib/libipsec/pfkey_dump.c Fri Jul 3 19:01:38 2015 (r285107) +++ head/lib/libipsec/pfkey_dump.c Fri Jul 3 20:09:14 2015 (r285108) @@ -187,6 +187,9 @@ static struct val2str str_alg_enc[] = { #ifdef SADB_X_EALG_AESCTR { SADB_X_EALG_AESCTR, "aes-ctr", }, #endif +#ifdef SADB_X_EALG_AESGCM16 + { SADB_X_EALG_AESGCM16, "aes-gcm-16", }, +#endif #ifdef SADB_X_EALG_CAMELLIACBC { SADB_X_EALG_CAMELLIACBC, "camellia-cbc", }, #endif Modified: head/sbin/setkey/setkey.8 ============================================================================== --- head/sbin/setkey/setkey.8 Fri Jul 3 19:01:38 2015 (r285107) +++ head/sbin/setkey/setkey.8 Fri Jul 3 20:09:14 2015 (r285108) @@ -627,11 +627,12 @@ des-deriv 64 ipsec-ciph-des-derived-01 3des-deriv 192 no document rijndael-cbc 128/192/256 rfc3602 aes-ctr 160/224/288 draft-ietf-ipsec-ciph-aes-ctr-03 +aes-gcm-16 160/224/288 rfc4106 camellia-cbc 128/192/256 rfc4312 .Ed .Pp Note that the first 128/192/256 bits of a key for -.Li aes-ctr +.Li aes-ctr or aes-gcm-16 will be used as AES key, and remaining 32 bits will be used as nonce. .Pp The following are the list of compression algorithms that can be used Modified: head/sbin/setkey/token.l ============================================================================== --- head/sbin/setkey/token.l Fri Jul 3 19:01:38 2015 (r285107) +++ head/sbin/setkey/token.l Fri Jul 3 20:09:14 2015 (r285108) @@ -168,6 +168,7 @@ tcp { yylval.num = 0; return(PR_TCP); } <S_ENCALG>rijndael-cbc { yylval.num = SADB_X_EALG_RIJNDAELCBC; BEGIN INITIAL; return(ALG_ENC); } <S_ENCALG>aes-ctr { yylval.num = SADB_X_EALG_AESCTR; BEGIN INITIAL; return(ALG_ENC); } <S_ENCALG>camellia-cbc { yylval.num = SADB_X_EALG_CAMELLIACBC; BEGIN INITIAL; return(ALG_ENC); } +<S_ENCALG>aes-gcm-16 { yylval.num = SADB_X_EALG_AESGCM16; BEGIN INITIAL; return(ALG_ENC); } /* compression algorithms */ {hyphen}C { return(F_COMP); } Modified: head/sys/net/pfkeyv2.h ============================================================================== --- head/sys/net/pfkeyv2.h Fri Jul 3 19:01:38 2015 (r285107) +++ head/sys/net/pfkeyv2.h Fri Jul 3 20:09:14 2015 (r285108) @@ -343,6 +343,9 @@ struct sadb_x_nat_t_frag { #define SADB_X_AALG_SHA2_512 7 #define SADB_X_AALG_RIPEMD160HMAC 8 #define SADB_X_AALG_AES_XCBC_MAC 9 /* draft-ietf-ipsec-ciph-aes-xcbc-mac-04 */ +#define SADB_X_AALG_AES128GMAC 11 /* RFC4543 + Errata1821 */ +#define SADB_X_AALG_AES192GMAC 12 +#define SADB_X_AALG_AES256GMAC 13 /* private allocations should use 249-255 (RFC2407) */ #define SADB_X_AALG_MD5 249 /* Keyed MD5 */ #define SADB_X_AALG_SHA 250 /* Keyed SHA */ @@ -360,8 +363,12 @@ struct sadb_x_nat_t_frag { #define SADB_X_EALG_BLOWFISHCBC 7 #define SADB_X_EALG_RIJNDAELCBC 12 #define SADB_X_EALG_AES 12 +#define SADB_X_EALG_AESGCM8 18 /* RFC4106 */ +#define SADB_X_EALG_AESGCM12 19 +#define SADB_X_EALG_AESGCM16 20 /* private allocations - based on RFC4312/IANA assignment */ #define SADB_X_EALG_CAMELLIACBC 22 +#define SADB_X_EALG_AESGMAC 23 /* RFC4543 + Errata1821 */ /* private allocations should use 249-255 (RFC2407) */ #define SADB_X_EALG_SKIPJACK 249 /*250*/ /* for IPSEC */ #define SADB_X_EALG_AESCTR 250 /*249*/ /* draft-ietf-ipsec-ciph-aes-ctr-03 */ Modified: head/usr.bin/netstat/ipsec.c ============================================================================== --- head/usr.bin/netstat/ipsec.c Fri Jul 3 19:01:38 2015 (r285107) +++ head/usr.bin/netstat/ipsec.c Fri Jul 3 20:09:14 2015 (r285108) @@ -157,6 +157,9 @@ static struct val2str ipsec_espnames[] = #ifdef SADB_X_EALG_AESCTR { SADB_X_EALG_AESCTR, "aes-ctr", }, #endif +#ifdef SADB_X_EALG_AESGCM16 + { SADB_X_EALG_AESGCM16, "aes-gcm-16", }, +#endif { -1, NULL }, };
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201507032009.t63K9FW1015338>