diff options
author | Luiz Otavio O Souza <luiz@netgate.com> | 2015-09-15 17:09:29 -0500 |
---|---|---|
committer | Luiz Otavio O Souza <luiz@netgate.com> | 2015-10-20 12:08:01 -0500 |
commit | 0b2903bf0a54225395eaa6386172183e8c494c13 (patch) | |
tree | 34e82908b547abacb088ec292e56375867fbb75a /sys/netipsec/xform_ah.c | |
parent | cd53262b45411c25d857d59695cb0cdd619c7649 (diff) | |
download | FreeBSD-src-0b2903bf0a54225395eaa6386172183e8c494c13.zip FreeBSD-src-0b2903bf0a54225395eaa6386172183e8c494c13.tar.gz |
MFC r285336:
Add support for AES modes to IPSec. These modes work both in software only
mode and with hardware support on systems that have AESNI instructions.
Differential Revision: D2936
Reviewed by: jmg, eri, cognet
Sponsored by: Rubicon Communications (Netgate)
TAG: IPSEC-HEAD
Issue: #4841
Diffstat (limited to 'sys/netipsec/xform_ah.c')
-rw-r--r-- | sys/netipsec/xform_ah.c | 35 |
1 files changed, 10 insertions, 25 deletions
diff --git a/sys/netipsec/xform_ah.c b/sys/netipsec/xform_ah.c index 5274ea2..4feb851 100644 --- a/sys/netipsec/xform_ah.c +++ b/sys/netipsec/xform_ah.c @@ -80,11 +80,11 @@ (((sav)->flags & SADB_X_EXT_OLD) ? \ sizeof (struct ah) : sizeof (struct ah) + sizeof (u_int32_t)) /* - * Return authenticator size in bytes. The old protocol is known - * to use a fixed 16-byte authenticator. The new algorithm use 12-byte - * authenticator. + * Return authenticator size in bytes, based on a field in the + * algorithm descriptor. */ -#define AUTHSIZE(sav) ah_authsize(sav) +#define AUTHSIZE(sav) \ + ((sav->flags & SADB_X_EXT_OLD) ? 16 : (sav)->tdb_authalgxform->hashsize) VNET_DEFINE(int, ah_enable) = 1; /* control flow of packets with AH */ VNET_DEFINE(int, ah_cleartos) = 1; /* clear ip_tos when doing AH calc */ @@ -110,27 +110,6 @@ static unsigned char ipseczeroes[256]; /* larger than an ip6 extension hdr */ static int ah_input_cb(struct cryptop*); static int ah_output_cb(struct cryptop*); -static int -ah_authsize(struct secasvar *sav) -{ - - IPSEC_ASSERT(sav != NULL, ("%s: sav == NULL", __func__)); - - if (sav->flags & SADB_X_EXT_OLD) - return 16; - - switch (sav->alg_auth) { - case SADB_X_AALG_SHA2_256: - return 16; - case SADB_X_AALG_SHA2_384: - return 24; - case SADB_X_AALG_SHA2_512: - return 32; - default: - return AH_HMAC_HASHLEN; - } - /* NOTREACHED */ -} /* * NB: this is public for use by the PF_KEY support. */ @@ -158,6 +137,12 @@ ah_algorithm_lookup(int alg) return &auth_hash_hmac_sha2_384; case SADB_X_AALG_SHA2_512: return &auth_hash_hmac_sha2_512; + case SADB_X_AALG_AES128GMAC: + return &auth_hash_nist_gmac_aes_128; + case SADB_X_AALG_AES192GMAC: + return &auth_hash_nist_gmac_aes_192; + case SADB_X_AALG_AES256GMAC: + return &auth_hash_nist_gmac_aes_256; } return NULL; } |