summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--lib/libipsec/pfkey_dump.c3
-rw-r--r--sbin/setkey/setkey.82
-rw-r--r--sbin/setkey/token.l1
-rw-r--r--sys/conf/files5
-rw-r--r--sys/net/pfkeyv2.h3
-rw-r--r--sys/netinet6/ah_core.c7
-rw-r--r--usr.sbin/setkey/setkey.82
-rw-r--r--usr.sbin/setkey/token.l1
8 files changed, 21 insertions, 3 deletions
diff --git a/lib/libipsec/pfkey_dump.c b/lib/libipsec/pfkey_dump.c
index 67e6256..b2cddf2 100644
--- a/lib/libipsec/pfkey_dump.c
+++ b/lib/libipsec/pfkey_dump.c
@@ -175,6 +175,9 @@ static struct val2str str_alg_auth[] = {
#ifdef SADB_X_AALG_RIPEMD160HMAC
{ SADB_X_AALG_RIPEMD160HMAC, "hmac-ripemd160", },
#endif
+#ifdef SADB_X_AALG_AES_XCBC_MAC
+ { SADB_X_AALG_AES_XCBC_MAC, "aes-xcbc-mac", },
+#endif
{ -1, NULL, },
};
diff --git a/sbin/setkey/setkey.8 b/sbin/setkey/setkey.8
index d11a6ad..680803b 100644
--- a/sbin/setkey/setkey.8
+++ b/sbin/setkey/setkey.8
@@ -551,6 +551,8 @@ hmac-sha2-512 512 ah: 96bit ICV (no document)
512 ah-old: 128bit ICV (no document)
hmac-ripemd160 160 ah: 96bit ICV (RFC2857)
ah-old: 128bit ICV (no document)
+aes-xcbc-mac 128 ah: 96bit ICV (RFC3566)
+ 128 ah-old: 128bit ICV (no document)
.Ed
.Pp
Followings are the list of encryption algorithms that can be used as
diff --git a/sbin/setkey/token.l b/sbin/setkey/token.l
index eed5190..312df4c 100644
--- a/sbin/setkey/token.l
+++ b/sbin/setkey/token.l
@@ -171,6 +171,7 @@ hmac-sha2-256 { PREPROC; yylval.num = SADB_X_AALG_SHA2_256; return(ALG_AUTH); }
hmac-sha2-384 { PREPROC; yylval.num = SADB_X_AALG_SHA2_384; return(ALG_AUTH); }
hmac-sha2-512 { PREPROC; yylval.num = SADB_X_AALG_SHA2_512; return(ALG_AUTH); }
hmac-ripemd160 { PREPROC; yylval.num = SADB_X_AALG_RIPEMD160HMAC; return(ALG_AUTH); }
+aes-xcbc-mac { PREPROC; yylval.num = SADB_X_AALG_AES_XCBC_MAC; return(ALG_AUTH); }
null { PREPROC; yylval.num = SADB_X_AALG_NULL; return(ALG_AUTH); }
/* encryption alogorithm */
diff --git a/sys/conf/files b/sys/conf/files
index e99e529..84a88f5 100644
--- a/sys/conf/files
+++ b/sys/conf/files
@@ -205,8 +205,8 @@ crypto/blowfish/bf_skey.c optional ipsec ipsec_esp
crypto/cast128/cast128.c optional ipsec ipsec_esp
crypto/des/des_ecb.c optional ipsec ipsec_esp
crypto/des/des_setkey.c optional ipsec ipsec_esp
-crypto/rijndael/rijndael-alg-fst.c optional ipsec ipsec_esp
-crypto/rijndael/rijndael-api-fst.c optional ipsec ipsec_esp
+crypto/rijndael/rijndael-alg-fst.c optional ipsec
+crypto/rijndael/rijndael-api-fst.c optional ipsec
opencrypto/rmd160.c optional ipsec
crypto/sha1.c optional ipsec
crypto/sha2/sha2.c optional ipsec
@@ -1436,6 +1436,7 @@ netinet/tcp_syncache.c optional inet
netinet/tcp_timer.c optional inet
netinet/tcp_usrreq.c optional inet
netinet/udp_usrreq.c optional inet
+netinet6/ah_aesxcbcmac.c optional ipsec
netinet6/ah_core.c optional ipsec
netinet6/ah_input.c optional ipsec
netinet6/ah_output.c optional ipsec
diff --git a/sys/net/pfkeyv2.h b/sys/net/pfkeyv2.h
index 506cc44..6fa8a2d 100644
--- a/sys/net/pfkeyv2.h
+++ b/sys/net/pfkeyv2.h
@@ -307,7 +307,8 @@ struct sadb_x_ipsecrequest {
#define SADB_X_AALG_SHA2_256 5
#define SADB_X_AALG_SHA2_384 6
#define SADB_X_AALG_SHA2_512 7
-#define SADB_X_AALG_RIPEMD160HMAC 9 /*8*/
+#define SADB_X_AALG_RIPEMD160HMAC 8
+#define SADB_X_AALG_AES_XCBC_MAC 9 /* draft-ietf-ipsec-ciph-aes-xcbc-mac-04 */
/* private allocations should use 249-255 (RFC2407) */
#define SADB_X_AALG_MD5 249 /* Keyed MD5 */
#define SADB_X_AALG_SHA 250 /* Keyed SHA */
diff --git a/sys/netinet6/ah_core.c b/sys/netinet6/ah_core.c
index ce3cbcd..ef5a491 100644
--- a/sys/netinet6/ah_core.c
+++ b/sys/netinet6/ah_core.c
@@ -74,6 +74,7 @@
#ifdef INET6
#include <netinet6/ah6.h>
#endif
+#include <netinet6/ah_aesxcbcmac.h>
#ifdef IPSEC_ESP
#include <netinet6/esp.h>
#ifdef INET6
@@ -188,6 +189,10 @@ ah_algorithm_lookup(idx)
"hmac-ripemd160",
ah_hmac_ripemd160_init, ah_hmac_ripemd160_loop,
ah_hmac_ripemd160_result, },
+ { ah_sumsiz_1216, ah_common_mature, 128, 128,
+ "aes-xcbc-mac",
+ ah_aes_xcbc_mac_init, ah_aes_xcbc_mac_loop,
+ ah_aes_xcbc_mac_result, },
};
switch (idx) {
@@ -209,6 +214,8 @@ ah_algorithm_lookup(idx)
return &ah_algorithms[7];
case SADB_X_AALG_RIPEMD160HMAC:
return &ah_algorithms[8];
+ case SADB_X_AALG_AES_XCBC_MAC:
+ return &ah_algorithms[9];
default:
return NULL;
}
diff --git a/usr.sbin/setkey/setkey.8 b/usr.sbin/setkey/setkey.8
index d11a6ad..680803b 100644
--- a/usr.sbin/setkey/setkey.8
+++ b/usr.sbin/setkey/setkey.8
@@ -551,6 +551,8 @@ hmac-sha2-512 512 ah: 96bit ICV (no document)
512 ah-old: 128bit ICV (no document)
hmac-ripemd160 160 ah: 96bit ICV (RFC2857)
ah-old: 128bit ICV (no document)
+aes-xcbc-mac 128 ah: 96bit ICV (RFC3566)
+ 128 ah-old: 128bit ICV (no document)
.Ed
.Pp
Followings are the list of encryption algorithms that can be used as
diff --git a/usr.sbin/setkey/token.l b/usr.sbin/setkey/token.l
index eed5190..312df4c 100644
--- a/usr.sbin/setkey/token.l
+++ b/usr.sbin/setkey/token.l
@@ -171,6 +171,7 @@ hmac-sha2-256 { PREPROC; yylval.num = SADB_X_AALG_SHA2_256; return(ALG_AUTH); }
hmac-sha2-384 { PREPROC; yylval.num = SADB_X_AALG_SHA2_384; return(ALG_AUTH); }
hmac-sha2-512 { PREPROC; yylval.num = SADB_X_AALG_SHA2_512; return(ALG_AUTH); }
hmac-ripemd160 { PREPROC; yylval.num = SADB_X_AALG_RIPEMD160HMAC; return(ALG_AUTH); }
+aes-xcbc-mac { PREPROC; yylval.num = SADB_X_AALG_AES_XCBC_MAC; return(ALG_AUTH); }
null { PREPROC; yylval.num = SADB_X_AALG_NULL; return(ALG_AUTH); }
/* encryption alogorithm */
OpenPOWER on IntegriCloud