Initial import of RFC 2385 (TCP-MD5) digest support.

This is the second of two commits; bring in the userland support to finish.

Teach libipsec and setkey about the tcp-md5 class of security associations,
thus allowing administrators to add per-host keys to the SADB for use by
the tcpsignature_compute() function.

Document that a single SPI must be used until such time as the code which
adds support to the SPD to specify flows for tcp-md5 treatment is suitable
for production.

Sponsored by:	sentex.net

lib/libipsec/ipsec_dump_policy.c

@@ -196,6 +196,8 @@ ipsec_dump_ipsecrequest(buf, len, xisr, bound)
 	case IPPROTO_IPCOMP:
 		proto = "ipcomp";
 		break;
+	case IPPROTO_TCP:
+		proto = "tcp";
 	default:
 		__ipsec_errcode = EIPSEC_INVAL_PROTO;
 		return NULL;

lib/libipsec/pfkey.c

@@ -79,12 +79,13 @@ static caddr_t pfkey_setsadbxsa2(caddr_t, caddr_t, u_int32_t, u_int32_t);
 /*
  * make and search supported algorithm structure.
  */
-static struct sadb_supported *ipsec_supported[] = { NULL, NULL, NULL, };
+static struct sadb_supported *ipsec_supported[] = { NULL, NULL, NULL, NULL };
 
 static int supported_map[] = {
 	SADB_SATYPE_AH,
 	SADB_SATYPE_ESP,
 	SADB_X_SATYPE_IPCOMP,
+	SADB_X_SATYPE_TCPSIGNATURE
 };
 
 static int
@@ -1169,6 +1170,16 @@ pfkey_send_x1(so, type, satype, mode, src, dst, spi, reqid, wsize,
 			return -1;
 		}
 		break;
+	case SADB_X_SATYPE_TCPSIGNATURE:
+		if (e_type != SADB_EALG_NONE) {
+			__ipsec_errcode = EIPSEC_INVAL_ALGS;
+			return -1;
+		}
+		if (a_type != SADB_X_AALG_TCP_MD5) {
+			__ipsec_errcode = EIPSEC_INVAL_ALGS;
+			return -1;
+		}
+		break;
 	default:
 		__ipsec_errcode = EIPSEC_INVAL_SATYPE;
 		return -1;
@@ -1379,6 +1390,7 @@ pfkey_send_x3(so, type, satype)
 		case SADB_SATYPE_AH:
 		case SADB_SATYPE_ESP:
 		case SADB_X_SATYPE_IPCOMP:
+		case SADB_X_SATYPE_TCPSIGNATURE:
 			break;
 		default:
 			__ipsec_errcode = EIPSEC_INVAL_SATYPE;
@@ -1838,6 +1850,7 @@ pfkey_check(mhp)
 	case SADB_SATYPE_ESP:
 	case SADB_SATYPE_AH:
 	case SADB_X_SATYPE_IPCOMP:
+	case SADB_X_SATYPE_TCPSIGNATURE:
 		switch (msg->sadb_msg_type) {
 		case SADB_X_SPDADD:
 		case SADB_X_SPDDELETE:

lib/libipsec/pfkey_dump.c

@@ -126,6 +126,8 @@ static char *str_satype[] = {
 	"ripv2",
 	"mip",
 	"ipcomp",
+	"policy",
+	"tcp"
 };
 
 static char *str_mode[] = {
@@ -148,6 +150,7 @@ static struct val2str str_alg_auth[] = {
 	{ SADB_X_AALG_MD5, "md5", },
 	{ SADB_X_AALG_SHA, "sha", },
 	{ SADB_X_AALG_NULL, "null", },
+	{ SADB_X_AALG_TCP_MD5, "tcp-md5", },
 #ifdef SADB_X_AALG_SHA2_256
 	{ SADB_X_AALG_SHA2_256, "hmac-sha2-256", },
 #endif

lib/libipsec/policy_token.l

@@ -97,6 +97,7 @@ entrust		{ yylval.num = IPSEC_POLICY_ENTRUST; return(ACTION); }
 esp		{ yylval.num = IPPROTO_ESP; return(PROTOCOL); }
 ah		{ yylval.num = IPPROTO_AH; return(PROTOCOL); }
 ipcomp		{ yylval.num = IPPROTO_IPCOMP; return(PROTOCOL); }
+tcp		{ yylval.num = IPPROTO_TCP; return(PROTOCOL); }
 
 transport	{ yylval.num = IPSEC_MODE_TRANSPORT; return(MODE); }
 tunnel		{ yylval.num = IPSEC_MODE_TUNNEL; return(MODE); }

sbin/setkey/parse.y

@@ -94,7 +94,7 @@ extern void yyerror __P((const char *));
 
 %token EOT SLASH BLCL ELCL
 %token ADD GET DELETE DELETEALL FLUSH DUMP
-%token PR_ESP PR_AH PR_IPCOMP
+%token PR_ESP PR_AH PR_IPCOMP PR_TCP
 %token F_PROTOCOL F_AUTH F_ENC F_REPLAY F_COMP F_RAWCPI
 %token F_MODE MODE F_REQID
 %token F_EXT EXTENSION NOCYCLICSEQ
@@ -113,7 +113,7 @@ extern void yyerror __P((const char *));
 %type <num> ALG_ENC ALG_ENC_DESDERIV ALG_ENC_DES32IV ALG_ENC_OLD ALG_ENC_NOKEY
 %type <num> ALG_AUTH ALG_AUTH_NOKEY
 %type <num> ALG_COMP
-%type <num> PR_ESP PR_AH PR_IPCOMP
+%type <num> PR_ESP PR_AH PR_IPCOMP PR_TCP
 %type <num> EXTENSION MODE
 %type <ulnum> DECSTRING
 %type <val> PL_REQUESTS portstr key_string
@@ -250,8 +250,12 @@ protocol_spec
 		{
 			$$ = SADB_X_SATYPE_IPCOMP;
 		}
+	|	PR_TCP
+		{
+			$$ = SADB_X_SATYPE_TCPSIGNATURE;
+		}
 	;
-	
+
 spi
 	:	DECSTRING { p_spi = $1; }
 	|	HEXSTRING
@@ -400,7 +404,12 @@ auth_alg
 
 			p_key_auth_len = $2.len;
 			p_key_auth = $2.buf;
-			if (ipsec_check_keylen(SADB_EXT_SUPPORTED_AUTH,
+
+			if (p_alg_auth == SADB_X_AALG_TCP_MD5) {
+				if ((p_key_auth_len < 1) || (p_key_auth_len >
+				    80))
+					return -1;
+			} else if (ipsec_check_keylen(SADB_EXT_SUPPORTED_AUTH,
 			    p_alg_auth, PFKEY_UNUNIT64(p_key_auth_len)) < 0) {
 				yyerror(ipsec_strerror());
 				return -1;

sbin/setkey/setkey.8

@@ -252,6 +252,8 @@ AH based on rfc2402
 AH based on rfc1826
 .It Li ipcomp
 IPComp
+.It Li tcp
+TCP-MD5 based on rfc2385
 .El
 .\"
 .Pp
@@ -265,6 +267,8 @@ must be a decimal number, or a hexadecimal number with
 prefix.
 SPI values between 0 and 255 are reserved for future use by IANA
 and they cannot be used.
+TCP-MD5 associations must use 0x1000 and therefore only have per-host
+granularity at this time.
 .\"
 .Pp
 .It Ar extensions
@@ -585,6 +589,7 @@ hmac-ripemd160	160		ah: 96bit ICV (RFC2857)
 				ah-old: 128bit ICV (no document)
 aes-xcbc-mac	128		ah: 96bit ICV (RFC3566)
 		128		ah-old: 128bit ICV (no document)
+tcp-md5		8 to 640	tcp: rfc2385
 .Ed
 .Pp
 Followings are the list of encryption algorithms that can be used as
@@ -649,6 +654,8 @@ dump esp ;
 spdadd 10.0.11.41/32[21] 10.0.11.33/32[any] any
 	-P out ipsec esp/tunnel/192.168.0.1-192.168.1.2/require ;
 
+add 10.1.10.34 10.1.10.36 tcp 0x1000 -A tcp-md5 "TCP-MD5 BGP secret" ;
+
 .Ed
 .\"
 .Sh SEE ALSO

sbin/setkey/token.l

@@ -139,6 +139,7 @@ esp		{ yylval.num = 0; return(PR_ESP); }
 ah-old		{ yylval.num = 1; return(PR_AH); }
 esp-old		{ yylval.num = 1; return(PR_ESP); }
 ipcomp		{ yylval.num = 0; return(PR_IPCOMP); }
+tcp		{ yylval.num = 0; return(PR_TCP); }
 
 	/* authentication alogorithm */
 {hyphen}A	{ BEGIN S_AUTHALG; return(F_AUTH); }
@@ -151,6 +152,7 @@ ipcomp		{ yylval.num = 0; return(PR_IPCOMP); }
 <S_AUTHALG>hmac-sha2-512 { yylval.num = SADB_X_AALG_SHA2_512; BEGIN INITIAL; return(ALG_AUTH); }
 <S_AUTHALG>hmac-ripemd160 { yylval.num = SADB_X_AALG_RIPEMD160HMAC; BEGIN INITIAL; return(ALG_AUTH); }
 <S_AUTHALG>aes-xcbc-mac { yylval.num = SADB_X_AALG_AES_XCBC_MAC; BEGIN INITIAL; return(ALG_AUTH); }
+<S_AUTHALG>tcp-md5	{ yylval.num = SADB_X_AALG_TCP_MD5; BEGIN INITIAL; return(ALG_AUTH); }
 <S_AUTHALG>null { yylval.num = SADB_X_AALG_NULL; BEGIN INITIAL; return(ALG_AUTH_NOKEY); }
 
 	/* encryption alogorithm */

usr.sbin/setkey/parse.y

@@ -94,7 +94,7 @@ extern void yyerror __P((const char *));
 
 %token EOT SLASH BLCL ELCL
 %token ADD GET DELETE DELETEALL FLUSH DUMP
-%token PR_ESP PR_AH PR_IPCOMP
+%token PR_ESP PR_AH PR_IPCOMP PR_TCP
 %token F_PROTOCOL F_AUTH F_ENC F_REPLAY F_COMP F_RAWCPI
 %token F_MODE MODE F_REQID
 %token F_EXT EXTENSION NOCYCLICSEQ
@@ -113,7 +113,7 @@ extern void yyerror __P((const char *));
 %type <num> ALG_ENC ALG_ENC_DESDERIV ALG_ENC_DES32IV ALG_ENC_OLD ALG_ENC_NOKEY
 %type <num> ALG_AUTH ALG_AUTH_NOKEY
 %type <num> ALG_COMP
-%type <num> PR_ESP PR_AH PR_IPCOMP
+%type <num> PR_ESP PR_AH PR_IPCOMP PR_TCP
 %type <num> EXTENSION MODE
 %type <ulnum> DECSTRING
 %type <val> PL_REQUESTS portstr key_string
@@ -250,8 +250,12 @@ protocol_spec
 		{
 			$$ = SADB_X_SATYPE_IPCOMP;
 		}
+	|	PR_TCP
+		{
+			$$ = SADB_X_SATYPE_TCPSIGNATURE;
+		}
 	;
-	
+
 spi
 	:	DECSTRING { p_spi = $1; }
 	|	HEXSTRING
@@ -400,7 +404,12 @@ auth_alg
 
 			p_key_auth_len = $2.len;
 			p_key_auth = $2.buf;
-			if (ipsec_check_keylen(SADB_EXT_SUPPORTED_AUTH,
+
+			if (p_alg_auth == SADB_X_AALG_TCP_MD5) {
+				if ((p_key_auth_len < 1) || (p_key_auth_len >
+				    80))
+					return -1;
+			} else if (ipsec_check_keylen(SADB_EXT_SUPPORTED_AUTH,
 			    p_alg_auth, PFKEY_UNUNIT64(p_key_auth_len)) < 0) {
 				yyerror(ipsec_strerror());
 				return -1;

usr.sbin/setkey/setkey.8

@@ -252,6 +252,8 @@ AH based on rfc2402
 AH based on rfc1826
 .It Li ipcomp
 IPComp
+.It Li tcp
+TCP-MD5 based on rfc2385
 .El
 .\"
 .Pp
@@ -265,6 +267,8 @@ must be a decimal number, or a hexadecimal number with
 prefix.
 SPI values between 0 and 255 are reserved for future use by IANA
 and they cannot be used.
+TCP-MD5 associations must use 0x1000 and therefore only have per-host
+granularity at this time.
 .\"
 .Pp
 .It Ar extensions
@@ -585,6 +589,7 @@ hmac-ripemd160	160		ah: 96bit ICV (RFC2857)
 				ah-old: 128bit ICV (no document)
 aes-xcbc-mac	128		ah: 96bit ICV (RFC3566)
 		128		ah-old: 128bit ICV (no document)
+tcp-md5		8 to 640	tcp: rfc2385
 .Ed
 .Pp
 Followings are the list of encryption algorithms that can be used as
@@ -649,6 +654,8 @@ dump esp ;
 spdadd 10.0.11.41/32[21] 10.0.11.33/32[any] any
 	-P out ipsec esp/tunnel/192.168.0.1-192.168.1.2/require ;
 
+add 10.1.10.34 10.1.10.36 tcp 0x1000 -A tcp-md5 "TCP-MD5 BGP secret" ;
+
 .Ed
 .\"
 .Sh SEE ALSO

usr.sbin/setkey/token.l

@@ -139,6 +139,7 @@ esp		{ yylval.num = 0; return(PR_ESP); }
 ah-old		{ yylval.num = 1; return(PR_AH); }
 esp-old		{ yylval.num = 1; return(PR_ESP); }
 ipcomp		{ yylval.num = 0; return(PR_IPCOMP); }
+tcp		{ yylval.num = 0; return(PR_TCP); }
 
 	/* authentication alogorithm */
 {hyphen}A	{ BEGIN S_AUTHALG; return(F_AUTH); }
@@ -151,6 +152,7 @@ ipcomp		{ yylval.num = 0; return(PR_IPCOMP); }
 <S_AUTHALG>hmac-sha2-512 { yylval.num = SADB_X_AALG_SHA2_512; BEGIN INITIAL; return(ALG_AUTH); }
 <S_AUTHALG>hmac-ripemd160 { yylval.num = SADB_X_AALG_RIPEMD160HMAC; BEGIN INITIAL; return(ALG_AUTH); }
 <S_AUTHALG>aes-xcbc-mac { yylval.num = SADB_X_AALG_AES_XCBC_MAC; BEGIN INITIAL; return(ALG_AUTH); }
+<S_AUTHALG>tcp-md5	{ yylval.num = SADB_X_AALG_TCP_MD5; BEGIN INITIAL; return(ALG_AUTH); }
 <S_AUTHALG>null { yylval.num = SADB_X_AALG_NULL; BEGIN INITIAL; return(ALG_AUTH_NOKEY); }
 
 	/* encryption alogorithm */