d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
4d36d1fd59
freebsd-dev/sys/netipsec
History
Marcin Wojtas 4d36d1fd59 Add support for IPsec ESN and pass relevant information to crypto layer 
Implement support for including IPsec ESN (Extended Sequence Number) to
both encrypt and authenticate mode (eg. AES-CBC and SHA256) and combined
mode (eg. AES-GCM). Both ESP and AH protocols are updated. Additionally
pass relevant information about ESN to crypto layer.

For the ETA mode the ESN is stored in separate crp_esn buffer because
the high-order 32 bits of the sequence number are appended after the
Next Header (RFC 4303).

For the AEAD modes the high-order 32 bits of the sequence number
[e.g.  RFC 4106, Chapter 5 AAD Construction] are included as part of
crp_aad (SPI + ESN (32 high order bits) + Seq nr (32 low order bits)).

Submitted by:           Grzegorz Jaszczyk <jaz@semihalf.com>
                        Patryk Duda <pdk@semihalf.com>
Reviewed by:            jhb, gnn
Differential revision:  https://reviews.freebsd.org/D22369
Obtained from:          Semihalf
Sponsored by:           Stormshield
2020-10-16 11:25:45 +00:00
..
ah_var.h
ah.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
esp_var.h
esp.h net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
ipcomp_var.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
ipcomp.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
ipsec6.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
ipsec_input.c net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
ipsec_mbuf.c Consistently include opt_ipsec.h for consumers of <netipsec/ipsec.h>. 2020-05-29 19:22:40 +00:00
ipsec_mod.c
ipsec_output.c net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
ipsec_pcb.c net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
ipsec_support.h
ipsec.c Implement anti-replay algorithm with ESN support 2020-10-16 11:24:12 +00:00
ipsec.h Implement anti-replay algorithm with ESN support 2020-10-16 11:24:12 +00:00
key_debug.c Implement anti-replay algorithm with ESN support 2020-10-16 11:24:12 +00:00
key_debug.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
key_var.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
key.c net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
key.h Replace read_random(9) with more appropriate arc4rand(9) KPIs 2019-04-04 01:02:50 +00:00
keydb.h Add support for IPsec ESN and pass relevant information to crypto layer 2020-10-16 11:25:45 +00:00
keysock.c Mark more nodes as CTLFLAG_MPSAFE or CTLFLAG_NEEDGIANT (17 of many) 2020-02-26 14:26:36 +00:00
keysock.h Remove obsoleted and unused key_sendup() function. 2018-03-11 18:03:55 +00:00
subr_ipsec.c Fix witness warning in xform_init(). 2018-09-26 14:47:51 +00:00
udpencap.c net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
xform_ah.c Add support for IPsec ESN and pass relevant information to crypto layer 2020-10-16 11:25:45 +00:00
xform_esp.c Add support for IPsec ESN and pass relevant information to crypto layer 2020-10-16 11:25:45 +00:00
xform_ipcomp.c Simplify IPsec transform-specific teardown. 2020-06-25 23:59:16 +00:00
xform_tcp.c Simplify IPsec transform-specific teardown. 2020-06-25 23:59:16 +00:00
xform.h Simplify IPsec transform-specific teardown. 2020-06-25 23:59:16 +00:00