OK?
---
sys/net/pfkeyv2.h | 6 ++++--
sys/net/pfkeyv2_convert.c | 8 ++++++++
sys/netinet/ip_esp.c | 20 ++++++++++++++++++--
3 files changed, 30 insertions(+), 4 deletions(-)
diff --git sys/net/pfkeyv2.h sys/net/pfkeyv2.h
index 3d08bd3..97d95e2 100644
--- sys/net/pfkeyv2.h
+++ sys/net/pfkeyv2.h
@@ -291,11 +291,12 @@ struct sadb_x_tap {
#define SADB_X_AALG_SHA2_512 7
#define SADB_X_AALG_RIPEMD160HMAC 8
#define SADB_X_AALG_AES128GMAC 9
#define SADB_X_AALG_AES192GMAC 10
#define SADB_X_AALG_AES256GMAC 11
-#define SADB_AALG_MAX 11
+#define SADB_X_AALG_CHACHA20POLY1305 12
+#define SADB_AALG_MAX 12
#define SADB_EALG_NONE 0
#define SADB_X_EALG_DES_IV64 1
#define SADB_EALG_DESCBC 2
#define SADB_EALG_3DESCBC 3
@@ -311,11 +312,12 @@ struct sadb_x_tap {
#define SADB_X_EALG_AESCTR 13
#define SADB_X_EALG_AESGCM8 18
#define SADB_X_EALG_AESGCM12 19
#define SADB_X_EALG_AESGCM16 20
#define SADB_X_EALG_AESGMAC 21
-#define SADB_EALG_MAX 21
+#define SADB_X_EALG_CHACHA20POLY1305 22
+#define SADB_EALG_MAX 22
#define SADB_X_CALG_NONE 0
#define SADB_X_CALG_OUI 1
#define SADB_X_CALG_DEFLATE 2
#define SADB_X_CALG_LZS 3
diff --git sys/net/pfkeyv2_convert.c sys/net/pfkeyv2_convert.c
index 3502316..4306189 100644
--- sys/net/pfkeyv2_convert.c
+++ sys/net/pfkeyv2_convert.c
@@ -213,10 +213,14 @@ export_sa(void **p, struct tdb *tdb)
break;
case CRYPTO_AES_256_GMAC:
sadb_sa->sadb_sa_auth = SADB_X_AALG_AES256GMAC;
break;
+
+ case CRYPTO_CHACHA20_POLY1305_MAC:
+ sadb_sa->sadb_sa_auth = SADB_X_AALG_CHACHA20POLY1305;
+ break;
}
}
if (tdb->tdb_encalgxform) {
switch (tdb->tdb_encalgxform->type) {
@@ -253,10 +257,14 @@ export_sa(void **p, struct tdb *tdb)
break;
case CRYPTO_BLF_CBC:
sadb_sa->sadb_sa_encrypt = SADB_X_EALG_BLF;
break;
+
+ case CRYPTO_CHACHA20_POLY1305:
+ sadb_sa->sadb_sa_encrypt = SADB_X_EALG_CHACHA20POLY1305;
+ break;
}
}
if (tdb->tdb_flags & TDBF_PFS)
sadb_sa->sadb_sa_flags |= SADB_SAFLAGS_PFS;
diff --git sys/netinet/ip_esp.c sys/netinet/ip_esp.c
index 8cc172e..2e57c7c 100644
--- sys/netinet/ip_esp.c
+++ sys/netinet/ip_esp.c
@@ -133,10 +133,14 @@ esp_init(struct tdb *tdbp, struct xformsw *xsp, struct
ipsecinit *ii)
case SADB_X_EALG_AESGMAC:
txform = &enc_xform_aes_gmac;
break;
+ case SADB_X_EALG_CHACHA20POLY1305:
+ txform = &enc_xform_chacha20_poly1305;
+ break;
+
case SADB_X_EALG_BLF:
txform = &enc_xform_blf;
break;
case SADB_X_EALG_CAST:
@@ -176,10 +180,14 @@ esp_init(struct tdb *tdbp, struct xformsw *xsp, struct
ipsecinit *ii)
ii->ii_authalg = SADB_X_AALG_AES256GMAC;
break;
}
ii->ii_authkeylen = ii->ii_enckeylen;
ii->ii_authkey = ii->ii_enckey;
+ } else if (ii->ii_encalg == SADB_X_EALG_CHACHA20POLY1305) {
+ ii->ii_authalg = SADB_X_AALG_CHACHA20POLY1305;
+ ii->ii_authkeylen = ii->ii_enckeylen;
+ ii->ii_authkey = ii->ii_enckey;
}
tdbp->tdb_encalgxform = txform;
DPRINTF(("esp_init(): initialized TDB with enc algorithm %s\n",
@@ -224,10 +232,14 @@ esp_init(struct tdb *tdbp, struct xformsw *xsp, struct
ipsecinit *ii)
case SADB_X_AALG_AES256GMAC:
thash = &auth_hash_gmac_aes_256;
break;
+ case SADB_X_AALG_CHACHA20POLY1305:
+ thash = &auth_hash_chacha20_poly1305;
+ break;
+
default:
DPRINTF(("esp_init(): unsupported authentication "
"algorithm %d specified\n", ii->ii_authalg));
return EINVAL;
}
@@ -468,11 +480,13 @@ esp_input(struct mbuf *m, struct tdb *tdb, int skip, int
protoff)
esn = htonl(esn);
bcopy(&esn, crda->crd_esn, 4);
crda->crd_flags |= CRD_F_ESN;
}
- if (espx && espx->type == CRYPTO_AES_GCM_16)
+ if (espx &&
+ (espx->type == CRYPTO_AES_GCM_16 ||
+ espx->type == CRYPTO_CHACHA20_POLY1305))
crda->crd_len = hlen - tdb->tdb_ivlen;
else
crda->crd_len = m->m_pkthdr.len - (skip + alen);
/* Copy the authenticator */
@@ -1023,11 +1037,13 @@ esp_output(struct mbuf *m, struct tdb *tdb, struct mbuf
**mp, int skip,
esn = htonl((u_int32_t)(tdb->tdb_rpl >> 32));
bcopy(&esn, crda->crd_esn, 4);
crda->crd_flags |= CRD_F_ESN;
}
- if (espx && espx->type == CRYPTO_AES_GCM_16)
+ if (espx &&
+ (espx->type == CRYPTO_AES_GCM_16 ||
+ espx->type == CRYPTO_CHACHA20_POLY1305))
crda->crd_len = hlen - tdb->tdb_ivlen;
else
crda->crd_len = m->m_pkthdr.len - (skip + alen);
}
--
2.6.2
