HomeFreeBSD
Diffusion FreeBSD src repository - subversion rS366753

Add support for ESN in cryptosoft
rS366753
Actions

Description

Add support for ESN in cryptosoft

This patch adds support for IPsec ESN (Extended Sequence Numbers) in
encrypt and authenticate mode (eg. AES-CBC and SHA256) and combined mode
(eg. AES-GCM).

For encrypt and authenticate mode the ESN is stored in separate crp_esn
buffer because the high-order 32 bits of the sequence number are
appended after the Next Header (RFC 4303).

For combined modes the high-order 32 bits of the sequence number [e.g.
RFC 4106, Chapter 5 AAD Construction] are part of crp_aad (prepared by
netipsec layer in case of ESN support enabled), therefore non visible
diff around combined modes.

Submitted by: Grzegorz Jaszczyk <jaz@semihalf.com>

Patryk Duda <pdk@semihalf.com>

Reviewed by: jhb
Differential revision: https://reviews.freebsd.org/D22364
Obtained from: Semihalf
Sponsored by: Stormshield

Details

Provenance
mwAuthored on
Reviewer
jhb
Differential Revision
D22364: Add support for ESN in cryptosoft
Parents
rS366752: Prepare crypto framework for IPsec ESN support
Branches
Unknown
Tags
Unknown

Changes (1)

PathSize
head/
sys/
opencrypto/

rS366753

View Options

head/sys/opencrypto/cryptosoft.c

Loading...