OS-6525 SADB_ACQUIRE proposals don't include mechanism salt length

Reviewed by: Dan McDonald <danmcd@joyent.com>
Reviewed by: Tim Kordas <tim.kordas@joyent.com>
Approved by: Dan McDonald <danmcd@joyent.com>

4 files changed, 24 insertions, 16 deletions

diff --git a/usr/src/lib/libipsecutil/common/ipsec_util.c b/usr/src/lib/libipsecutil/common/ipsec_util.c
index b983e75e37..017259967c 100644
--- a/usr/src/lib/libipsecutil/common/ipsec_util.c
+++ b/usr/src/lib/libipsecutil/common/ipsec_util.c
@@ -23,7 +23,7 @@
  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  * Copyright 2012 Milan Juri. All rights reserved.
- * Copyright 2017 Joyent, Inc.
+ * Copyright 2018 Joyent, Inc.
  */
 
 #include <unistd.h>
@@ -2387,9 +2387,10 @@ print_prop(FILE *file, char *prefix, struct sadb_prop *prop)
 			    "Encryption = "));
 			(void) dump_ealg(combs[i].sadb_comb_encrypt, file);
 			(void) fprintf(file, dgettext(TEXT_DOMAIN,
-			    "  minbits=%u, maxbits=%u.\n%s "),
+			    "  minbits=%u, maxbits=%u, saltbits=%u.\n%s "),
 			    combs[i].sadb_comb_encrypt_minbits,
-			    combs[i].sadb_comb_encrypt_maxbits, prefix);
+			    combs[i].sadb_comb_encrypt_maxbits,
+			    combs[i].sadb_x_comb_encrypt_saltbits, prefix);
 		}
 
 		(void) fprintf(file, dgettext(TEXT_DOMAIN, "HARD: "));
@@ -2520,7 +2521,7 @@ print_eprop(FILE *file, char *prefix, struct sadb_prop *eprop)
 			    "  minbits=%u, maxbits=%u, saltbits=%u\n"),
 			    algdesc->sadb_x_algdesc_minbits,
 			    algdesc->sadb_x_algdesc_maxbits,
-			    algdesc->sadb_x_algdesc_reserved);
+			    algdesc->sadb_x_algdesc_saltbits);
 
 			sofar = (uint64_t *)(++algdesc);
 		}
diff --git a/usr/src/man/man7p/pf_key.7p b/usr/src/man/man7p/pf_key.7p
index 2e092973d2..453dc81aa0 100644
--- a/usr/src/man/man7p/pf_key.7p
+++ b/usr/src/man/man7p/pf_key.7p
@@ -1,9 +1,10 @@
 '\" te
 .\" Copyright (C) 2008, Sun Microsystems, Inc. All Rights Reserved
+.\" Copyright 2018, Joyent, Inc.
 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
 .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
 .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
-.TH PF_KEY 7P "May 6, 2008"
+.TH PF_KEY 7P "Jan 12, 2018"
 .SH NAME
 pf_key \- Security association database interface
 .SH SYNOPSIS
@@ -288,7 +289,9 @@ struct sadb_comb {
     uint16_t sadb_comb_auth_maxbits;
     uint16_t sadb_comb_encrypt_minbits;
     uint16_t sadb_comb_encrypt_maxbits;
-    uint32_t sadb_comb_reserved;
+    uint8_t sadb_x_comb_encrypt_saltbits;
+    uint8_t sadb_x_comb_reserved;
+    uint16_t sadb_comb_reserved;
     uint32_t sadb_comb_soft_allocations;
     uint32_t sadb_comb_hard_allocations;
     uint64_t sadb_comb_soft_bytes;
@@ -328,7 +331,7 @@ struct sadb_x_algdesc {
     uint8_t sadb_x_algdesc_satype;  /* ESP, AH, etc. */
     uint8_t sadb_x_algdesc_algtype; /* AUTH, CRYPT, COMPRESS */
     uint8_t sadb_x_algdesc_alg;     /* DES, 3DES, MD5, etc. */
-    uint8_t sadb_x_algdesc_reserved;
+    uint8_t sadb_x_algdesc_saltbits;
     uint16_t sadb_x_algdesc_minbits;        /* Bit strengths. */
     uint16_t sadb_x_algdesc_maxbits;
    };
diff --git a/usr/src/uts/common/inet/ip/sadb.c b/usr/src/uts/common/inet/ip/sadb.c
index a45f69c19e..40d5078526 100644
--- a/usr/src/uts/common/inet/ip/sadb.c
+++ b/usr/src/uts/common/inet/ip/sadb.c
@@ -22,7 +22,7 @@
  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  * Copyright (c) 2012 Nexenta Systems, Inc. All rights reserved.
- * Copyright (c) 2017 Joyent, Inc.
+ * Copyright (c) 2018 Joyent, Inc.
  */
 
 #include <sys/types.h>
@@ -5126,7 +5126,7 @@ sadb_acquire_prop(ipsec_action_t *ap, netstack_t *ns, boolean_t do_esp)
 	sadb_comb_t *comb;
 	ipsec_action_t *walker;
 	int ncombs, allocsize, ealgid, aalgid, aminbits, amaxbits, eminbits,
-	    emaxbits, replay;
+	    emaxbits, esaltlen, replay;
 	uint64_t softbytes, hardbytes, softaddtime, hardaddtime, softusetime,
 	    hardusetime;
 	uint64_t kmc = 0;
@@ -5254,13 +5254,14 @@ sadb_acquire_prop(ipsec_action_t *ap, netstack_t *ns, boolean_t do_esp)
 		}
 
 		if (ealg == NULL) {
-			ealgid = eminbits = emaxbits = 0;
+			ealgid = eminbits = emaxbits = esaltlen = 0;
 		} else {
 			ealgid = ealg->alg_id;
 			eminbits =
 			    MAX(prot->ipp_espe_minbits, ealg->alg_ef_minbits);
 			emaxbits =
 			    MIN(prot->ipp_espe_maxbits, ealg->alg_ef_maxbits);
+			esaltlen = ealg->alg_saltlen;
 		}
 
 		if (aalg == NULL) {
@@ -5278,6 +5279,7 @@ sadb_acquire_prop(ipsec_action_t *ap, netstack_t *ns, boolean_t do_esp)
 		comb->sadb_comb_encrypt = ealgid;
 		comb->sadb_comb_encrypt_minbits = eminbits;
 		comb->sadb_comb_encrypt_maxbits = emaxbits;
+		comb->sadb_x_comb_encrypt_saltbits = SADB_8TO1(esaltlen);
 		comb->sadb_comb_auth = aalgid;
 		comb->sadb_comb_auth_minbits = aminbits;
 		comb->sadb_comb_auth_maxbits = amaxbits;
@@ -5941,7 +5943,7 @@ sadb_new_algdesc(uint8_t *start, uint8_t *limit,
 		maxbits = algp->alg_ef_maxbits;
 	rw_exit(&ipss->ipsec_alg_lock);
 
-	algdesc->sadb_x_algdesc_reserved = SADB_8TO1(algp->alg_saltlen);
+	algdesc->sadb_x_algdesc_saltbits = SADB_8TO1(algp->alg_saltlen);
 	algdesc->sadb_x_algdesc_satype = satype;
 	algdesc->sadb_x_algdesc_algtype = algtype;
 	algdesc->sadb_x_algdesc_alg = alg;
diff --git a/usr/src/uts/common/net/pfkeyv2.h b/usr/src/uts/common/net/pfkeyv2.h
index 909c73414a..df8d72c58c 100644
--- a/usr/src/uts/common/net/pfkeyv2.h
+++ b/usr/src/uts/common/net/pfkeyv2.h
@@ -23,7 +23,7 @@
  * Use is subject to license terms.
  */
 /*
- * Copyright 2017 Joyent, Inc.
+ * Copyright 2018 Joyent, Inc.
  */
 
 #ifndef	_NET_PFKEYV2_H
@@ -290,7 +290,9 @@ typedef struct sadb_comb {
 	uint16_t sadb_comb_auth_maxbits;
 	uint16_t sadb_comb_encrypt_minbits;	/* Bit strengths for encrypt */
 	uint16_t sadb_comb_encrypt_maxbits;
-	uint32_t sadb_comb_reserved;
+	uint8_t sadb_x_comb_encrypt_saltbits;
+	uint8_t sadb_x_comb_reserved;
+	uint16_t sadb_comb_reserved;
 	uint32_t sadb_comb_soft_allocations;	/* Lifetime proposals for */
 	uint32_t sadb_comb_hard_allocations;	/* this combination. */
 	uint64_t sadb_comb_soft_bytes;
@@ -340,7 +342,7 @@ typedef struct sadb_x_algdesc {
 			uint8_t sadb_x_algdesc_usatype;	/* ESP, AH, etc. */
 			uint8_t sadb_x_algdesc_ualgtype; /* AUTH, CRYPT, COMP */
 			uint8_t sadb_x_algdesc_ualg;	/* 3DES, MD5, etc. */
-			uint8_t sadb_x_algdesc_ureserved;
+			uint8_t sadb_x_algdesc_usaltbits;
 			uint16_t sadb_x_algdesc_uminbits; /* Bit strengths. */
 			uint16_t sadb_x_algdesc_umaxbits;
 		} sadb_x_algdesc_actual;
@@ -352,8 +354,8 @@ typedef struct sadb_x_algdesc {
 	sadb_x_algdesc_u.sadb_x_algdesc_actual.sadb_x_algdesc_ualgtype
 #define	sadb_x_algdesc_alg \
 	sadb_x_algdesc_u.sadb_x_algdesc_actual.sadb_x_algdesc_ualg
-#define	sadb_x_algdesc_reserved \
-	sadb_x_algdesc_u.sadb_x_algdesc_actual.sadb_x_algdesc_ureserved
+#define	sadb_x_algdesc_saltbits \
+	sadb_x_algdesc_u.sadb_x_algdesc_actual.sadb_x_algdesc_usaltbits
 #define	sadb_x_algdesc_minbits \
 	sadb_x_algdesc_u.sadb_x_algdesc_actual.sadb_x_algdesc_uminbits
 #define	sadb_x_algdesc_maxbits \