Introduce two new sysctls:

net.inet.ipsec.test_replay - When set to 1, IPsec will send packets with
	the same sequence number. This allows to verify if the other side
	has proper replay attacks detection.

net.inet.ipsec.test_integrity - When set 1, IPsec will send packets with
	corrupted HMAC. This allows to verify if the other side properly
	detects modified packets.

I used the first one to discover that we don't have proper replay attacks
detection in ESP (in fast_ipsec(4)).

1 files changed, 15 insertions, 1 deletions

diff --git a/sys/netipsec/xform_ah.c b/sys/netipsec/xform_ah.c
index e3da578..cd23fe3 100644
--- a/sys/netipsec/xform_ah.c
+++ b/sys/netipsec/xform_ah.c
@@ -998,7 +998,9 @@ ah_output(
 			error = EINVAL;
 			goto bad;
 		}
-		sav->replay->count++;
+		/* Emulate replay attack when ipsec_replay is TRUE. */
+		if (!ipsec_replay)
+			sav->replay->count++;
 		ah->ah_seq = htonl(sav->replay->count);
 	}
 
@@ -1178,6 +1180,18 @@ ah_output_cb(struct cryptop *crp)
 	free(tc, M_XDATA);
 	crypto_freereq(crp);
 
+	/* Emulate man-in-the-middle attack when ipsec_integrity is TRUE. */
+	if (ipsec_integrity) {
+		int alen;
+
+		/*
+		 * Corrupt HMAC if we want to test integrity verification of
+		 * the other side.
+		 */
+		alen = AUTHSIZE(sav);
+		m_copyback(m, m->m_pkthdr.len - alen, alen, ipseczeroes);
+	}
+
 	/* NB: m is reclaimed by ipsec_process_done. */
 	err = ipsec_process_done(m, isr);
 	KEY_FREESAV(&sav);