Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 31 Jul 2015 23:40:19 +0000 (UTC)
From:      "George V. Neville-Neil" <gnn@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r286143 - head/sbin/setkey
Message-ID:  <201507312340.t6VNeJ1e092273@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: gnn
Date: Fri Jul 31 23:40:18 2015
New Revision: 286143
URL: https://svnweb.freebsd.org/changeset/base/286143

Log:
  Add support for keys that include 4 byte SALT values,
  including GCM and ICM/CTR modes for AES.
  
  Reviewed by:	jmg
  MFC after:	1 week
  Sponsored by:	Rubicon Communications (Netgate)

Modified:
  head/sbin/setkey/parse.y
  head/sbin/setkey/token.l

Modified: head/sbin/setkey/parse.y
==============================================================================
--- head/sbin/setkey/parse.y	Fri Jul 31 21:43:27 2015	(r286142)
+++ head/sbin/setkey/parse.y	Fri Jul 31 23:40:18 2015	(r286143)
@@ -100,6 +100,7 @@ extern void yyerror(const char *);
 %token F_EXT EXTENSION NOCYCLICSEQ
 %token ALG_AUTH ALG_AUTH_NOKEY
 %token ALG_ENC ALG_ENC_NOKEY ALG_ENC_DESDERIV ALG_ENC_DES32IV ALG_ENC_OLD
+%token ALG_ENC_SALT
 %token ALG_COMP
 %token F_LIFETIME_HARD F_LIFETIME_SOFT
 %token DECSTRING QUOTEDSTRING HEXSTRING STRING ANY
@@ -111,6 +112,7 @@ extern void yyerror(const char *);
 
 %type <num> prefix protocol_spec upper_spec
 %type <num> ALG_ENC ALG_ENC_DESDERIV ALG_ENC_DES32IV ALG_ENC_OLD ALG_ENC_NOKEY
+%type <num> ALG_ENC_SALT
 %type <num> ALG_AUTH ALG_AUTH_NOKEY
 %type <num> ALG_COMP
 %type <num> PR_ESP PR_AH PR_IPCOMP PR_TCP
@@ -402,6 +404,27 @@ enc_alg
 				return -1;
 			}
 		}
+	|	ALG_ENC_SALT key_string
+		{
+			if ($1 < 0) {
+				yyerror("unsupported algorithm");
+				return -1;
+			}
+			p_alg_enc = $1;
+
+			p_key_enc_len = $2.len;
+
+			p_key_enc = $2.buf;
+			/*
+			 * Salted keys include a 4 byte value that is
+			 * not part of the key.
+			 */
+			if (ipsec_check_keylen(SADB_EXT_SUPPORTED_ENCRYPT,
+			    p_alg_enc, PFKEY_UNUNIT64(p_key_enc_len - 4)) < 0) {
+				yyerror(ipsec_strerror());
+				return -1;
+			}
+		}
 	;
 
 auth_alg

Modified: head/sbin/setkey/token.l
==============================================================================
--- head/sbin/setkey/token.l	Fri Jul 31 21:43:27 2015	(r286142)
+++ head/sbin/setkey/token.l	Fri Jul 31 23:40:18 2015	(r286143)
@@ -166,9 +166,9 @@ tcp		{ yylval.num = 0; return(PR_TCP); }
 <S_ENCALG>des-deriv	{ yylval.num = SADB_EALG_DESCBC; BEGIN INITIAL; return(ALG_ENC_DESDERIV); }
 <S_ENCALG>des-32iv	{ yylval.num = SADB_EALG_DESCBC; BEGIN INITIAL; return(ALG_ENC_DES32IV); }
 <S_ENCALG>rijndael-cbc	{ yylval.num = SADB_X_EALG_RIJNDAELCBC; BEGIN INITIAL; return(ALG_ENC); }
-<S_ENCALG>aes-ctr	{ yylval.num = SADB_X_EALG_AESCTR; BEGIN INITIAL; return(ALG_ENC); }
+<S_ENCALG>aes-ctr	{ yylval.num = SADB_X_EALG_AESCTR; BEGIN INITIAL; return(ALG_ENC_SALT); }
 <S_ENCALG>camellia-cbc	{ yylval.num = SADB_X_EALG_CAMELLIACBC; BEGIN INITIAL; return(ALG_ENC); }
-<S_ENCALG>aes-gcm-16	{ yylval.num = SADB_X_EALG_AESGCM16; BEGIN INITIAL; return(ALG_ENC); }
+<S_ENCALG>aes-gcm-16	{ yylval.num = SADB_X_EALG_AESGCM16; BEGIN INITIAL; return(ALG_ENC_SALT); }
 
 	/* compression algorithms */
 {hyphen}C	{ return(F_COMP); }



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201507312340.t6VNeJ1e092273>