Page MenuHomeFreeBSD

Add support for including ESN in AES-NI crypto driver
ClosedPublic

Authored by jaz_semihalf.com on Nov 14 2019, 12:24 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Dec 6, 3:25 PM
Unknown Object (File)
Nov 5 2024, 2:45 PM
Unknown Object (File)
Oct 14 2024, 5:05 PM
Unknown Object (File)
Oct 14 2024, 1:20 PM
Unknown Object (File)
Oct 4 2024, 12:36 PM
Unknown Object (File)
Oct 2 2024, 10:52 AM
Unknown Object (File)
Oct 1 2024, 4:15 AM
Unknown Object (File)
Oct 1 2024, 4:11 AM
Subscribers

Details

Summary

This patch adds support for IPSec ESN (Extended Sequence Numbers) in
encrypt and authenticate mode (eg. AES-CBC and SHA256) and combined mode
(eg. AES-GCM).

For the encrypt and authenticate mode the ESN is stored in separate
crp_esn buffer because the high-order 32 bits of the sequence number are
appended after the Next Header (RFC 4303).

For the combined modes the high-order 32 bits of the sequence number
[e.g. RFC 4106, Chapter 5 AAD Construction] are part of crp_aad
(prepared by netipsec layer in case of ESN support enabled), therefore
non visible diff around combined modes.

Diff Detail

Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

jaz_semihalf.com updated this revision to Diff 71770.

Align to new OCF

sys/crypto/aesni/aesni.c
256

I'd probably just leave this spelled out in probesession.

873

Woo, nice it was this easy to add!

This revision is now accepted and ready to land.Sep 24 2020, 10:18 PM
This revision was automatically updated to reflect the committed changes.