Support for use of AES-GCM-16 (as AESGCM) and ENCR_NULL_AUTH_AES_GMAC

(as AESGMAC) ciphers in the ISAKMP Phase 2 (aka Quick Mode).

Thoroughly tested by me and naddy.  Works fine with Linux.

Requires updated pfkeyv2.h include file.

ok naddy

7 files changed, 59 insertions, 17 deletions

diff --git a/sbin/isakmpd/conf.c b/sbin/isakmpd/conf.c
index a448b66cdf4..64787787da1 100644
--- a/sbin/isakmpd/conf.c
+++ b/sbin/isakmpd/conf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: conf.c,v 1.98 2010/08/04 18:09:45 deraadt Exp $	 */
+/* $OpenBSD: conf.c,v 1.99 2010/09/22 13:45:15 mikeb Exp $	 */
 /* $EOM: conf.c,v 1.48 2000/12/04 02:04:29 angelos Exp $	 */
 
 /*
@@ -402,6 +402,11 @@ conf_load_defaults_qm(int tr, char *qme, char *qmh, char *dhg, char *qme_p,
 	if (pfs == 0 && strcmp(dhg_p, ""))
 		return;
 
+	/* For GCM no additional authentication must be specified */
+	if (proto == 0 && strcmp(qmh, "NONE") != 0 &&
+	    (strcmp(qme, "AES_GCM_16") == 0 || strcmp(qme, "AES_GMAC") == 0))
+		return;
+
 	snprintf(tmp, sizeof tmp, "QM-%s%s%s%s%s%s", PROTO(proto),
 	    MODE_p(mode), qme_p, qmh_p, PFS(pfs), dhg_p);
 
@@ -428,13 +433,19 @@ conf_load_defaults_qm(int tr, char *qme, char *qmh, char *dhg, char *qme_p,
 	if (strcmp(qme ,"BLOWFISH") == 0)
 		conf_set(tr, sect, "KEY_LENGTH", CONF_DFLT_VAL_BLF_KEYLEN, 0,
 			 1);
-	else if (strcmp(qme_p ,"-AES-128") == 0)
+	else if (strcmp(qme_p, "-AES-128") == 0 ||
+	    strcmp(qme_p, "-AESGCM-128") == 0 ||
+	    strcmp(qme_p, "-AESGMAC-128") == 0)
 		conf_set(tr, sect, "KEY_LENGTH", "128,128:128", 0, 1);
-	else if (strcmp(qme_p ,"-AES-192") == 0)
+	else if (strcmp(qme_p, "-AES-192") == 0 ||
+	    strcmp(qme_p, "-AESGCM-192") == 0 ||
+	    strcmp(qme_p, "-AESGMAC-192") == 0)
 		conf_set(tr, sect, "KEY_LENGTH", "192,192:192", 0, 1);
-        else if (strcmp(qme_p ,"-AES-256") == 0)
-                conf_set(tr, sect, "KEY_LENGTH", "256,256:256", 0, 1);
-	else if (strcmp(qme ,"AES") == 0)
+	else if (strcmp(qme_p, "-AES-256") == 0 ||
+	    strcmp(qme_p, "-AESGCM-256") == 0 ||
+	    strcmp(qme_p, "-AESGMAC-256") == 0)
+		conf_set(tr, sect, "KEY_LENGTH", "256,256:256", 0, 1);
+	else if	(strcmp(qme, "AES") == 0)
 		conf_set(tr, sect, "KEY_LENGTH", CONF_DFLT_VAL_AES_KEYLEN, 0,
 			 1);
 
@@ -472,9 +483,13 @@ conf_load_defaults(int tr)
 	char	*dhgroup_p[] = {"", "-GRP1", "-GRP2", "-GRP5", "-GRP14",
 		    "-GRP15", 0};
 	char	*qm_enc[] = {"DES", "3DES", "CAST", "BLOWFISH", "AES",
-		    "AES", "AES", "AES", "AES_128_CTR", "NULL", "NONE", 0};
+		    "AES", "AES", "AES", "AES_128_CTR", "AES_GCM_16",
+		    "AES_GCM_16", "AES_GCM_16", "AES_GMAC", "AES_GMAC",
+		    "AES_GMAC", "NULL", "NONE", 0};
 	char	*qm_enc_p[] = {"-DES", "-3DES", "-CAST", "-BLF", "-AES",
-		    "-AES-128", "-AES-192", "-AES-256", "-AESCTR", "-NULL",
+		    "-AES-128", "-AES-192", "-AES-256", "-AESCTR",
+		    "-AESGCM-128", "-AESGCM-192", "-AESGCM-256",
+		    "-AESGMAC-128", "-AESGMAC-192", "-AESGMAC-256", "-NULL",
 		    "", 0};
 	char	*qm_hash[] = {"HMAC_MD5", "HMAC_SHA", "HMAC_RIPEMD",
 		    "HMAC_SHA2_256", "HMAC_SHA2_384", "HMAC_SHA2_512", "NONE",
diff --git a/sbin/isakmpd/ipsec.c b/sbin/isakmpd/ipsec.c
index 8107474b929..a248121f028 100644
--- a/sbin/isakmpd/ipsec.c
+++ b/sbin/isakmpd/ipsec.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ipsec.c,v 1.135 2010/06/29 19:50:16 reyk Exp $	 */
+/* $OpenBSD: ipsec.c,v 1.136 2010/09/22 13:45:15 mikeb Exp $	 */
 /* $EOM: ipsec.c,v 1.143 2000/12/11 23:57:42 niklas Exp $	 */
 
 /*
@@ -975,7 +975,7 @@ ipsec_validate_transform_id(u_int8_t proto, u_int8_t transform_id)
 		    transform_id > IPSEC_AH_RIPEMD ? -1 : 0;
 	case IPSEC_PROTO_IPSEC_ESP:
 		return transform_id < IPSEC_ESP_DES_IV64 ||
-		    (transform_id > IPSEC_ESP_AES_128_CTR &&
+		    (transform_id > IPSEC_ESP_AES_GMAC &&
 		    transform_id < IPSEC_ESP_AES_MARS) ||
 		    transform_id > IPSEC_ESP_AES_TWOFISH ? -1 : 0;
 	case IPSEC_PROTO_IPCOMP:
@@ -1788,6 +1788,11 @@ ipsec_esp_enckeylength(struct proto *proto)
 		return iproto->keylen / 8;
 	case IPSEC_ESP_AES_128_CTR:
 		return 20;
+	case IPSEC_ESP_AES_GCM_16:
+	case IPSEC_ESP_AES_GMAC:
+		if (!iproto->keylen)
+			return 20;
+		return iproto->keylen / 8 + 4;
 	case IPSEC_ESP_AES:
 		if (!iproto->keylen)
 			return 16;
diff --git a/sbin/isakmpd/ipsec_num.cst b/sbin/isakmpd/ipsec_num.cst
index bd62b04e9fc..ccd8c72c734 100644
--- a/sbin/isakmpd/ipsec_num.cst
+++ b/sbin/isakmpd/ipsec_num.cst
@@ -1,4 +1,4 @@
-#	$OpenBSD: ipsec_num.cst,v 1.16 2005/06/14 10:50:47 hshoexer Exp $
+#	$OpenBSD: ipsec_num.cst,v 1.17 2010/09/22 13:45:16 mikeb Exp $
 #	$EOM: ipsec_num.cst,v 1.5 2000/10/13 17:56:52 angelos Exp $
 
 #
@@ -235,6 +235,8 @@ IPSEC_ESP
   NULL					11
   AES					12
   AES_128_CTR				13
+  AES_GCM_16				20
+  AES_GMAC				23
   AES_MARS				249
   AES_RC6				250
   AES_RIJNDAEL				251
diff --git a/sbin/isakmpd/isakmpd.conf.5 b/sbin/isakmpd/isakmpd.conf.5
index 5dd337e79bd..9a832c62049 100644
--- a/sbin/isakmpd/isakmpd.conf.5
+++ b/sbin/isakmpd/isakmpd.conf.5
@@ -1,4 +1,4 @@
-.\" $OpenBSD: isakmpd.conf.5,v 1.126 2010/06/07 08:38:09 jmc Exp $
+.\" $OpenBSD: isakmpd.conf.5,v 1.127 2010/09/22 13:45:16 mikeb Exp $
 .\" $EOM: isakmpd.conf.5,v 1.57 2000/12/21 14:43:17 ho Exp $
 .\"
 .\" Copyright (c) 1998, 1999, 2000 Niklas Hallqvist.  All rights reserved.
@@ -28,7 +28,7 @@
 .\"
 .\" Manual page, using -mandoc macros
 .\"
-.Dd $Mdocdate: June 7 2010 $
+.Dd $Mdocdate: September 22 2010 $
 .Dt ISAKMPD.CONF 5
 .Os
 .Sh NAME
@@ -141,7 +141,9 @@ where:
 .It Ns { Ns Ar proto Ns }
 is either ESP or AH
 .It Ns { Ns Ar cipher Ns }
-is either DES, 3DES, CAST, BLF, AES, AES-128, AES-192, AES-256, AESCTR, or NULL
+is either DES, 3DES, CAST, BLF, AES, AES-128, AES-192, AES-256, AESCTR,
+AESGCM-128, AESGCM-192, AESGCM-256, AESGMAC-128, AESGMAC-192, AESGMAC-256
+or NULL
 .It Ns { Ns Ar hash Ns }
 is either MD5, SHA, RIPEMD, or SHA2-{256,384,512}
 .It Ns { Ns Ar group Ns }
diff --git a/sbin/isakmpd/pf_key_v2.c b/sbin/isakmpd/pf_key_v2.c
index fc7b970a455..ffca011c4a6 100644
--- a/sbin/isakmpd/pf_key_v2.c
+++ b/sbin/isakmpd/pf_key_v2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf_key_v2.c,v 1.185 2009/01/28 17:57:15 hshoexer Exp $  */
+/* $OpenBSD: pf_key_v2.c,v 1.186 2010/09/22 13:45:16 mikeb Exp $  */
 /* $EOM: pf_key_v2.c,v 1.79 2000/12/12 00:33:19 niklas Exp $	 */
 
 /*
@@ -939,6 +939,14 @@ pf_key_v2_set_spi(struct sa *sa, struct proto *proto, int incoming,
 			ssa.sadb_sa_encrypt = SADB_X_EALG_AESCTR;
 			break;
 
+		case IPSEC_ESP_AES_GCM_16:
+			ssa.sadb_sa_encrypt = SADB_X_EALG_AESGCM16;
+			break;
+
+		case IPSEC_ESP_AES_GMAC:
+			ssa.sadb_sa_encrypt = SADB_X_EALG_AESGMAC;
+			break;
+
 		case IPSEC_ESP_CAST:
 			ssa.sadb_sa_encrypt = SADB_X_EALG_CAST;
 			break;
diff --git a/sbin/isakmpd/policy.c b/sbin/isakmpd/policy.c
index 2c25faedf26..190385801ec 100644
--- a/sbin/isakmpd/policy.c
+++ b/sbin/isakmpd/policy.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: policy.c,v 1.91 2007/08/05 09:43:09 tom Exp $	 */
+/* $OpenBSD: policy.c,v 1.92 2010/09/22 13:45:16 mikeb Exp $	 */
 /* $EOM: policy.c,v 1.49 2000/10/24 13:33:39 niklas Exp $ */
 
 /*
@@ -297,6 +297,8 @@ policy_callback(char *name)
 
 				case IPSEC_ESP_AES:
 				case IPSEC_ESP_AES_128_CTR:
+				case IPSEC_ESP_AES_GCM_16:
+				case IPSEC_ESP_AES_GMAC:
 					esp_enc_alg = "aes";
 					break;
 
diff --git a/sbin/isakmpd/sa.c b/sbin/isakmpd/sa.c
index 0bdcb2c4bb5..9daa6ef9cb3 100644
--- a/sbin/isakmpd/sa.c
+++ b/sbin/isakmpd/sa.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sa.c,v 1.113 2007/09/02 15:19:24 deraadt Exp $	 */
+/* $OpenBSD: sa.c,v 1.114 2010/09/22 13:45:16 mikeb Exp $	 */
 /* $EOM: sa.c,v 1.112 2000/12/12 00:22:52 niklas Exp $	 */
 
 /*
@@ -519,6 +519,14 @@ report_proto(FILE *fd, struct proto *proto)
 			fprintf(fd, "AES-128 (CTR)\n");
 			break;
 
+		case IPSEC_ESP_AES_GCM_16:
+			fprintf(fd, "AES (GCM)\n");
+			break;
+
+		case IPSEC_ESP_AES_GMAC:
+			fprintf(fd, "AES (GMAC)\n");
+			break;
+
 		case IPSEC_ESP_CAST:
 			fprintf(fd, "Cast-128\n");
 			break;