From nobody Wed Nov 2 19:17:49 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4N2c9C27KLz4gj1K; Wed, 2 Nov 2022 19:17:51 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4N2c9C1Fxcz4CSf; Wed, 2 Nov 2022 19:17:51 +0000 (UTC) (envelope-from jhb@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1667416671; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=tsc9JeFjt27Fez0khJkB7ts6zV6IJ2MGr1jLSHuqzKg=; b=wrxsRmzwOrbfJhjp88rq9PjGq6smvazu01KdNnNP0bGovzFICW2TrDgrnk6d+N7TWY0wHA pztfr9Dep6qJh6a/WeEHX/dHvKa9QKk0voXHcnLmEItmln4xdEYNklFnck+AA8MpG8CJsO /XEJ2pOnB8HIaMPLVhe9oQjyLIxGS7OmIFilk1WsoJIY5c+noJ/avV/QPKD5mItp7g2QN7 XKsm2qwSR7fjlEzBkf10E+voU0it/X/V8OVZyj3cgTpCgNkoiBVKEyisXYsurH9vi3d7Gd F7zEhgogDzHQ4UWs382d5a01sp6v97OtFqz2z7rtA8XkIpYsMNwVcHQJTbxIww== Received: from [10.0.1.4] (ralph.baldwin.cx [66.234.199.215]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: jhb) by smtp.freebsd.org (Postfix) with ESMTPSA id 4N2c9B3xLKz1RrW; Wed, 2 Nov 2022 19:17:50 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Message-ID: <580620b9-5a11-4437-75f9-8dc2dc839007@FreeBSD.org> Date: Wed, 2 Nov 2022 12:17:49 -0700 List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Thunderbird/102.3.1 Content-Language: en-US To: Kristof Provost , src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org References: <202211021421.2A2ELuBA032661@gitrepo.freebsd.org> From: John Baldwin Subject: Re: git: 9f8f3a8e9ad4 - main - ipsec: add support for CHACHA20POLY1305 In-Reply-To: <202211021421.2A2ELuBA032661@gitrepo.freebsd.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1667416671; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=tsc9JeFjt27Fez0khJkB7ts6zV6IJ2MGr1jLSHuqzKg=; b=iQy3iqQdY+zC438Ue+06L4Ppz0chijwWPJzrnBe34uF4ktPUElkhxypAYKAbszOqVVu/M8 TcDD08SCYJIqNWuvE8aHlFnjQlKA57sj6ArvpXIK04DOWQyw1HyV5SOH5oHuB89aj3BwSv Iovts057Gs6MdAf/dt5OfANHVYcJ9yiXT7d62UoY90AQxoFYxSPCgWY4PQE5wDG1RDB9Ww Zwc2PpPTDpW2W63hn1oCl9V7vql61F509EPDysNS/lHl6ApqB/pPpRwuIpByMDHSCcS4Ux 1bsyyBxM0I1iot6aTGMKZwuYg0v4ybZdFQJADctEW4G5usP7SIdiWLpRZQxCsA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1667416671; a=rsa-sha256; cv=none; b=Z9r+BUYPUjDD/n3uKJMLu2/mTEdNq/L+oDviixdZ5lsKGM1ljPaT4iw3pYCMB6CmPVnWF9 aiy1nOZQg48LwiwNhpNijijmiKzsv5hqTmSzRAPM4j4usuoWjmoCL7T33Cx/4W4IDxzEes JsbiL3QFvS19R3fZK8M6WbtH1YGUlAtcZ8A+p+PGHosZcvqUrml91JzYeujPGYbS9or3B/ YeGg7Xf8JPgkvIjuPcy3YP3PdbpQyFHemPTmg+cMvb8nwiGszG85X5nsGZ2jWdGCwMy2wk l+mLD5N7BK1iQ8I2v9r0OukVkO7WEguwY6jOapfVX1gdZdyX17FG+oIO4B873A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N On 11/2/22 7:21 AM, Kristof Provost wrote: > The branch main has been updated by kp: > > URL: https://cgit.FreeBSD.org/src/commit/?id=9f8f3a8e9ad4fbdcdfd14eb4d3977e587ab41341 > > commit 9f8f3a8e9ad4fbdcdfd14eb4d3977e587ab41341 > Author: Kristof Provost > AuthorDate: 2022-10-18 16:31:02 +0000 > Commit: Kristof Provost > CommitDate: 2022-11-02 13:19:04 +0000 > > ipsec: add support for CHACHA20POLY1305 > > Based on a patch by ae@. > > Reviewed by: gbe (man page), pauamma (man page) > Sponsored by: Rubicon Communications, LLC ("Netgate") > Differential Revision: https://reviews.freebsd.org/D37180 > --- > lib/libipsec/pfkey_dump.c | 6 ++++++ > sbin/setkey/setkey.8 | 4 +++- > sbin/setkey/token.l | 2 ++ > sys/net/pfkeyv2.h | 2 ++ > sys/netipsec/key.c | 2 ++ > sys/netipsec/keydb.h | 2 ++ > sys/netipsec/xform_ah.c | 1 + > sys/netipsec/xform_esp.c | 23 +++++++++++++++-------- > 8 files changed, 33 insertions(+), 9 deletions(-) > > diff --git a/sys/netipsec/keydb.h b/sys/netipsec/keydb.h > index a2da0da613e2..4e55a9abc34b 100644 > --- a/sys/netipsec/keydb.h > +++ b/sys/netipsec/keydb.h > @@ -200,6 +200,8 @@ struct secasvar { > (_sav)->alg_enc == SADB_X_EALG_AESGCM12 || \ > (_sav)->alg_enc == SADB_X_EALG_AESGCM16) > #define SAV_ISCTR(_sav) ((_sav)->alg_enc == SADB_X_EALG_AESCTR) > +#define SAV_ISCHACHA(_sav) \ > + ((_sav)->alg_enc == SADB_X_EALG_CHACHA20POLY1305) > #define SAV_ISCTRORGCM(_sav) (SAV_ISCTR((_sav)) || SAV_ISGCM((_sav))) > > #define IPSEC_SEQH_SHIFT 32 > diff --git a/sys/netipsec/xform_ah.c b/sys/netipsec/xform_ah.c > index 2600a49ebcdf..a504225ab929 100644 > --- a/sys/netipsec/xform_ah.c > +++ b/sys/netipsec/xform_ah.c > @@ -131,6 +131,7 @@ xform_ah_authsize(const struct auth_hash *esph) > alen = esph->hashsize / 2; /* RFC4868 2.3 */ > break; > > + case CRYPTO_POLY1305: > case CRYPTO_AES_NIST_GMAC: > alen = esph->hashsize; > break; > diff --git a/sys/netipsec/xform_esp.c b/sys/netipsec/xform_esp.c > index 4a94960fd2e1..4ae081ae7f2a 100644 > --- a/sys/netipsec/xform_esp.c > +++ b/sys/netipsec/xform_esp.c > @@ -169,7 +169,8 @@ esp_init(struct secasvar *sav, struct xformsw *xsp) > } > > /* subtract off the salt, RFC4106, 8.1 and RFC3686, 5.1 */ > - keylen = _KEYLEN(sav->key_enc) - SAV_ISCTRORGCM(sav) * 4; > + keylen = _KEYLEN(sav->key_enc) - SAV_ISCTRORGCM(sav) * 4 - > + SAV_ISCHACHA(sav) * 4;> if (txform->minkey > keylen || keylen > txform->maxkey) { > DPRINTF(("%s: invalid key length %u, must be in the range " > "[%u..%u] for algorithm %s\n", __func__, > @@ -178,7 +179,7 @@ esp_init(struct secasvar *sav, struct xformsw *xsp) > return EINVAL; > } > > - if (SAV_ISCTRORGCM(sav)) > + if (SAV_ISCTRORGCM(sav) || SAV_ISCHACHA(sav)) > sav->ivlen = 8; /* RFC4106 3.1 and RFC3686 3.1 */ > else > sav->ivlen = txform->ivsize; > @@ -226,6 +227,12 @@ esp_init(struct secasvar *sav, struct xformsw *xsp) > csp.csp_mode = CSP_MODE_AEAD; > if (sav->flags & SADB_X_SAFLAGS_ESN) > csp.csp_flags |= CSP_F_SEPARATE_AAD; > + } else if (sav->alg_enc == SADB_X_EALG_CHACHA20POLY1305) { > + sav->alg_auth = SADB_X_AALG_CHACHA20POLY1305; > + sav->tdb_authalgxform = &auth_hash_poly1305; > + csp.csp_mode = CSP_MODE_AEAD; > + if (sav->flags & SADB_X_SAFLAGS_ESN) > + csp.csp_flags |= CSP_F_SEPARATE_AAD; > } else if (sav->alg_auth != 0) { > csp.csp_mode = CSP_MODE_ETA; > if (sav->flags & SADB_X_SAFLAGS_ESN) > @@ -238,7 +245,7 @@ esp_init(struct secasvar *sav, struct xformsw *xsp) > if (csp.csp_cipher_alg != CRYPTO_NULL_CBC) { > csp.csp_cipher_key = sav->key_enc->key_data; > csp.csp_cipher_klen = _KEYBITS(sav->key_enc) / 8 - > - SAV_ISCTRORGCM(sav) * 4; > + SAV_ISCTRORGCM(sav) * 4 - SAV_ISCHACHA(sav) * 4; > }; > csp.csp_ivlen = txform->ivsize; > > @@ -368,7 +375,7 @@ esp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff) > > if (esph != NULL) { > crp->crp_op = CRYPTO_OP_VERIFY_DIGEST; > - if (SAV_ISGCM(sav)) > + if (SAV_ISGCM(sav) || SAV_ISCHACHA(sav)) > crp->crp_aad_length = 8; /* RFC4106 5, SPI + SN */ > else > crp->crp_aad_length = hlen; > @@ -428,7 +435,7 @@ esp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff) > crp->crp_payload_length = m->m_pkthdr.len - (skip + hlen + alen); > > /* Generate or read cipher IV. */ > - if (SAV_ISCTRORGCM(sav)) { > + if (SAV_ISCTRORGCM(sav) || SAV_ISCHACHA(sav)) { > ivp = &crp->crp_iv[0]; > > /* > @@ -811,7 +818,7 @@ esp_output(struct mbuf *m, struct secpolicy *sp, struct secasvar *sav, > SECREPLAY_UNLOCK(sav->replay); > } > cryptoid = sav->tdb_cryptoid; > - if (SAV_ISCTRORGCM(sav)) > + if (SAV_ISCTRORGCM(sav) || SAV_ISCHACHA(sav)) > cntr = sav->cntr++; > SECASVAR_RUNLOCK(sav); > > @@ -878,7 +885,7 @@ esp_output(struct mbuf *m, struct secpolicy *sp, struct secasvar *sav, > > /* Generate cipher and ESP IVs. */ > ivp = &crp->crp_iv[0]; > - if (SAV_ISCTRORGCM(sav)) { > + if (SAV_ISCTRORGCM(sav) || SAV_ISCHACHA(sav)) { > /* > * See comment in esp_input() for details on the > * cipher IV. A simple per-SA counter stored in > @@ -914,7 +921,7 @@ esp_output(struct mbuf *m, struct secpolicy *sp, struct secasvar *sav, > if (esph) { > /* Authentication descriptor. */ > crp->crp_op |= CRYPTO_OP_COMPUTE_DIGEST; > - if (SAV_ISGCM(sav)) > + if (SAV_ISGCM(sav) || SAV_ISCHACHA(sav)) > crp->crp_aad_length = 8; /* RFC4106 5, SPI + SN */ > else > crp->crp_aad_length = hlen; For some of these conditionals, I wonder if we want a SAV_IS_AEAD() that is true for both GCM and CHACHA20. We might then have a 'SAV_IS_AEAD_OR_CTR()' for the cases that are also true for AES-CTR (or just spell it out as separate conditions as you did in a few places above). That is, I suspect that many of these things aren't specific to the ciphers in the RFCs but are generic to any AEAD ciphersuite for IPsec. -- John Baldwin