[Bug 263379] [regression] [ipsec] compatibility broken between stable/12 and stable/13 opencrypto in AEAD mode

From: <bugzilla-noreply_at_freebsd.org>
Date: Sun, 17 Apr 2022 18:44:59 UTC

            Bug ID: 263379
           Summary: [regression] [ipsec] compatibility broken between
                    stable/12 and stable/13 opencrypto in AEAD mode
           Product: Base System
           Version: 13.1-STABLE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: kern
          Assignee: jhb@FreeBSD.org
          Reporter: eugen@freebsd.org
                CC: net@FreeBSD.org
             Flags: mfc-stable13?


Assume we have the following in the /etc/ipsec.conf:

add esp 7888 -m transport
  -E aes-gcm-16 "3#&*f738@?>=_fOH<D30z%WV&*^>@0D+n1{c"
  -A hmac-sha2-512

Exact key values do not matter but their lenght do matter.
"/sbin/setkey -f /etc/ipsec.conf" parses this just fine for both of stable/12
and stable/13 and sends a message over a socket to the kernel to add new SA.

stable/12 kernel accepts it (and then it works)
but stable/13 of 17 April 2022 rejects with EINVAL.

Note that stock stable/13 kernel accepts it if you change hmac-sha2-512 to
hmac-sha2-256 and halve the length of the key.

Here is some preliminary and incomplete patch for stable/13 opencrypto that
makes stable/13 to accept this and install new SA:

Still, the patch does not solve the problem completely as ESP packets sent from
patched stable/13 system get dropped by stable/12 increasing error counter
"packets dropped; no transform" in the output of "netstat -sp esp".

Note again, that stable/12 system has another stable/12 peer with same
configuration and encrypted traffic flows just fine. There is no IKE daemon in
the picture intentionally, to simplify debugging.

You are receiving this mail because:
You are on the CC list for the bug.