Add support for ESN in AES-NI crypto driver

This patch adds support for IPsec ESN (Extended Sequence Numbers) in encrypt and authenticate mode (eg. AES-CBC and SHA256) and combined mode (eg. AES-GCM). For the encrypt and authenticate mode the ESN is stored in separate crp_esn buffer because the high-order 32 bits of the sequence number are appended after the Next Header (RFC 4303). For the combined modes the high-order 32 bits of the sequence number [e.g. RFC 4106, Chapter 5 AAD Construction] are part of crp_aad (prepared by netipsec layer in case of ESN support enabled), therefore non visible diff around combined modes. Submitted by: Grzegorz Jaszczyk <jaz@semihalf.com> Patryk Duda <pdk@semihalf.com> Reviewed by: jhb Differential revision: https://reviews.freebsd.org/D22365 Obtained from: Semihalf Sponsored by: Stormshield
svn path=/head/; revision=366754
2020-10-16 11:21:56 +00:00 · 2020-10-16 11:21:56 +00:00 · efac54cb2f · 2020-12-20 02:59:44 +00:00
commit efac54cb2f
parent 6038018ab1
1 changed files with 7 additions and 2 deletions
--- a/sys/crypto/aesni/aesni.c
+++ b/sys/crypto/aesni/aesni.c
@ -249,14 +249,15 @@ aesni_cipher_supported(struct aesni_softc *sc,
 	}
 }

+#define SUPPORTED_SES (CSP_F_SEPARATE_OUTPUT | CSP_F_SEPARATE_AAD | CSP_F_ESN)
+
 static int
 aesni_probesession(device_t dev, const struct crypto_session_params *csp)
 {
 	struct aesni_softc *sc;

 	sc = device_get_softc(dev);
-	if ((csp->csp_flags & ~(CSP_F_SEPARATE_OUTPUT | CSP_F_SEPARATE_AAD)) !=
-	    0)
+	if ((csp->csp_flags & ~(SUPPORTED_SES)) != 0)
 		return (EINVAL);
 	switch (csp->csp_mode) {
 	case CSP_MODE_DIGEST:
@ -864,6 +865,10 @@ aesni_cipher_mac(struct aesni_session *ses, struct cryptop *crp,
 		else
 			crypto_apply(crp, crp->crp_payload_start,
 			    crp->crp_payload_length, ses->hash_update, &sctx);
+
+		if (csp->csp_flags & CSP_F_ESN)
+			ses->hash_update(&sctx, crp->crp_esn, 4);
+
 		ses->hash_finalize(res, &sctx);

 		/* Outer hash: (K ^ OPAD) || inner hash */