From owner-svn-src-head@freebsd.org  Fri Oct 16 11:06:34 2020
Return-Path: <owner-svn-src-head@freebsd.org>
Delivered-To: svn-src-head@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id DEB84430D9F;
 Fri, 16 Oct 2020 11:06:34 +0000 (UTC) (envelope-from mw@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4CCNd65VWSz4mft;
 Fri, 16 Oct 2020 11:06:34 +0000 (UTC) (envelope-from mw@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id A0357F72C;
 Fri, 16 Oct 2020 11:06:34 +0000 (UTC) (envelope-from mw@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 09GB6Y1V061326;
 Fri, 16 Oct 2020 11:06:34 GMT (envelope-from mw@FreeBSD.org)
Received: (from mw@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id 09GB6X7d061322;
 Fri, 16 Oct 2020 11:06:33 GMT (envelope-from mw@FreeBSD.org)
Message-Id: <202010161106.09GB6X7d061322@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: mw set sender to mw@FreeBSD.org
 using -f
From: Marcin Wojtas <mw@FreeBSD.org>
Date: Fri, 16 Oct 2020 11:06:33 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r366752 - in head: share/man/man9 sys/opencrypto
X-SVN-Group: head
X-SVN-Commit-Author: mw
X-SVN-Commit-Paths: in head: share/man/man9 sys/opencrypto
X-SVN-Commit-Revision: 366752
X-SVN-Commit-Repository: base
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.33
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Oct 2020 11:06:34 -0000

Author: mw
Date: Fri Oct 16 11:06:33 2020
New Revision: 366752
URL: https://svnweb.freebsd.org/changeset/base/366752

Log:
  Prepare crypto framework for IPsec ESN support
  
  This permits requests (netipsec ESP and AH protocol) to provide the
  IPsec ESN (Extended Sequence Numbers) in a separate buffer.
  
  As with separate output buffer and separate AAD buffer not all drivers
  support this feature. Consumer must request use of this feature via new
  session flag.
  
  Submitted by:           Grzegorz Jaszczyk <jaz@semihalf.com>
                          Patryk Duda <pdk@semihalf.com>
  Reviewed by:            jhb
  Differential revision:  https://reviews.freebsd.org/D24838
  Obtained from:          Semihalf
  Sponsored by:           Stormshield

Modified:
  head/share/man/man9/crypto_request.9
  head/share/man/man9/crypto_session.9
  head/sys/opencrypto/crypto.c
  head/sys/opencrypto/cryptodev.h

Modified: head/share/man/man9/crypto_request.9
==============================================================================
--- head/share/man/man9/crypto_request.9	Fri Oct 16 11:01:21 2020	(r366751)
+++ head/share/man/man9/crypto_request.9	Fri Oct 16 11:06:33 2020	(r366752)
@@ -302,6 +302,24 @@ as a single buffer pointed to by
 In either case,
 .Fa crp_aad_length
 always indicates the amount of AAD in bytes.
+.Ss Request ESN
+IPsec requests may optionally include Extended Sequence Numbers (ESN).
+ESN may either be supplied in
+.Fa crp_esn
+or as part of the AAD pointed to by
+.Fa crp_aad .
+.Pp
+If the ESN is stored in
+.Fa crp_esn ,
+.Dv CSP_F_ESN
+should be set in
+.Fa csp_flags .
+This use case is dedicated for encrypt and authenticate mode, since the
+high-order 32 bits of the sequence number are appended after the Next Header
+(RFC 4303).
+.Pp
+AEAD modes supply the ESN in a separate AAD buffer (see e.g. RFC 4106, Chapter 5
+AAD Construction).
 .Ss Request IV and/or Nonce
 Some cryptographic operations require an IV or nonce as an input.
 An IV may be stored either in the IV region of the data buffer or in

Modified: head/share/man/man9/crypto_session.9
==============================================================================
--- head/share/man/man9/crypto_session.9	Fri Oct 16 11:01:21 2020	(r366751)
+++ head/share/man/man9/crypto_session.9	Fri Oct 16 11:06:33 2020	(r366752)
@@ -201,6 +201,15 @@ Sessions with this flag set permit requests with AAD p
 a region of the input buffer or in a single, virtually-contiguous buffer.
 Sessions without this flag only permit requests with AAD passed in as
 a region in the input buffer.
+.It Dv CSP_F_ESN
+Support requests that use a separate buffer for IPsec ESN (Extended Sequence
+Numbers).
+.Pp
+Sessions with this flag set permit requests with IPsec ESN passed in special
+buffer.
+It is required for IPsec ESN support of encrypt and authenticate mode where
+the high-order 32 bits of the sequence number are appended after the Next
+Header (RFC 4303).
 .El
 .It Fa csp_ivlen
 If either the cipher or authentication algorithms require an explicit

Modified: head/sys/opencrypto/crypto.c
==============================================================================
--- head/sys/opencrypto/crypto.c	Fri Oct 16 11:01:21 2020	(r366751)
+++ head/sys/opencrypto/crypto.c	Fri Oct 16 11:06:33 2020	(r366752)
@@ -743,6 +743,8 @@ alg_is_aead(int alg)
 	return (alg_type(alg) == ALG_AEAD);
 }
 
+#define SUPPORTED_SES (CSP_F_SEPARATE_OUTPUT | CSP_F_SEPARATE_AAD | CSP_F_ESN)
+
 /* Various sanity checks on crypto session parameters. */
 static bool
 check_csp(const struct crypto_session_params *csp)
@@ -750,8 +752,7 @@ check_csp(const struct crypto_session_params *csp)
 	struct auth_hash *axf;
 
 	/* Mode-independent checks. */
-	if ((csp->csp_flags & ~(CSP_F_SEPARATE_OUTPUT | CSP_F_SEPARATE_AAD)) !=
-	    0)
+	if ((csp->csp_flags & ~(SUPPORTED_SES)) != 0)
 		return (false);
 	if (csp->csp_ivlen < 0 || csp->csp_cipher_klen < 0 ||
 	    csp->csp_auth_klen < 0 || csp->csp_auth_mlen < 0)

Modified: head/sys/opencrypto/cryptodev.h
==============================================================================
--- head/sys/opencrypto/cryptodev.h	Fri Oct 16 11:01:21 2020	(r366751)
+++ head/sys/opencrypto/cryptodev.h	Fri Oct 16 11:06:33 2020	(r366752)
@@ -377,6 +377,7 @@ struct crypto_session_params {
 
 #define	CSP_F_SEPARATE_OUTPUT	0x0001	/* Requests can use separate output */
 #define	CSP_F_SEPARATE_AAD	0x0002	/* Requests can use separate AAD */
+#define CSP_F_ESN		0x0004  /* Requests can use seperate ESN field */ 
 
 	int		csp_ivlen;	/* IV length in bytes. */
 
@@ -485,6 +486,8 @@ struct cryptop {
 	void		*crp_aad;	/* AAD buffer. */
 	int		crp_aad_start;	/* Location of AAD. */
 	int		crp_aad_length;	/* 0 => no AAD. */
+	uint8_t		crp_esn[4];	/* high-order ESN */
+
 	int		crp_iv_start;	/* Location of IV.  IV length is from
 					 * the session.
 					 */