Change Details

This patch includes support for including ESN (IPSec Extended Sequence Number) when using AES-NI crypto driver. Both encrypt, authenticate and combined mode was implemented. Added CRD_F_ESN to supported flags where it was necessary

This patch adds support for IPSec ESN (Extended Sequence Numbers) in encrypt and authenticate mode (eg. AES-CBC and SHA256) and combined mode (eg. AES-GCM). For the encrypt and authenticate mode the ESN is stored in separate crp_esn buffer because the high-order 32 bits of the sequence number are appended after the Next Header (RFC 4303). For the combined modes the high-order 32 bits of the sequence number [e.g. RFC 4106, Chapter 5 AAD Construction] are part of crp_aad (prepared by netipsec layer in case of ESN support enabled), therefore non visible diff around combined modes.

This patch includeadds support for includingIPSec ESN (IPSec Extended Sequencee Numbers) in Number) when using AES-NI crypto driver. Both encrypt,encrypt and authenticate mode (eg. authenticate andAES-CBC and SHA256) and combined mode combined mode was implemented(eg. Added CRD_F_ESN to supported flags whereAES-GCM). For the encrypt and authenticate mode the ESN is stored in separate it was necessarycrp_esn buffer because the high-order 32 bits of the sequence number are appended after the Next Header (RFC 4303). For the combined modes the high-order 32 bits of the sequence number [e.g. RFC 4106, Chapter 5 AAD Construction] are part of crp_aad (prepared by netipsec layer in case of ESN support enabled), therefore non visible diff around combined modes.