diff options
| author | ume <ume@FreeBSD.org> | 2003-10-13 04:54:51 +0000 |
|---|---|---|
| committer | ume <ume@FreeBSD.org> | 2003-10-13 04:54:51 +0000 |
| commit | de427fb9bf859dba8d46c603bb55c53de06758e7 (patch) | |
| tree | 999648f57f1025fa3716e3e1db4fac3f0c0cdebb | |
| parent | 08298e8fb559f422d14c7dc553d78f04eb9f2eba (diff) | |
| download | FreeBSD-src-de427fb9bf859dba8d46c603bb55c53de06758e7.zip FreeBSD-src-de427fb9bf859dba8d46c603bb55c53de06758e7.tar.gz | |
- support AES XCBC MAC for AH
- correct SADB_X_AALG_RIPEMD160HMAC to 8
Obtained from: KAME
| -rw-r--r-- | lib/libipsec/pfkey_dump.c | 3 | ||||
| -rw-r--r-- | sbin/setkey/setkey.8 | 2 | ||||
| -rw-r--r-- | sbin/setkey/token.l | 1 | ||||
| -rw-r--r-- | sys/conf/files | 5 | ||||
| -rw-r--r-- | sys/net/pfkeyv2.h | 3 | ||||
| -rw-r--r-- | sys/netinet6/ah_core.c | 7 | ||||
| -rw-r--r-- | usr.sbin/setkey/setkey.8 | 2 | ||||
| -rw-r--r-- | usr.sbin/setkey/token.l | 1 |
8 files changed, 21 insertions, 3 deletions
diff --git a/lib/libipsec/pfkey_dump.c b/lib/libipsec/pfkey_dump.c index 67e6256..b2cddf2 100644 --- a/lib/libipsec/pfkey_dump.c +++ b/lib/libipsec/pfkey_dump.c @@ -175,6 +175,9 @@ static struct val2str str_alg_auth[] = { #ifdef SADB_X_AALG_RIPEMD160HMAC { SADB_X_AALG_RIPEMD160HMAC, "hmac-ripemd160", }, #endif +#ifdef SADB_X_AALG_AES_XCBC_MAC + { SADB_X_AALG_AES_XCBC_MAC, "aes-xcbc-mac", }, +#endif { -1, NULL, }, }; diff --git a/sbin/setkey/setkey.8 b/sbin/setkey/setkey.8 index d11a6ad..680803b 100644 --- a/sbin/setkey/setkey.8 +++ b/sbin/setkey/setkey.8 @@ -551,6 +551,8 @@ hmac-sha2-512 512 ah: 96bit ICV (no document) 512 ah-old: 128bit ICV (no document) hmac-ripemd160 160 ah: 96bit ICV (RFC2857) ah-old: 128bit ICV (no document) +aes-xcbc-mac 128 ah: 96bit ICV (RFC3566) + 128 ah-old: 128bit ICV (no document) .Ed .Pp Followings are the list of encryption algorithms that can be used as diff --git a/sbin/setkey/token.l b/sbin/setkey/token.l index eed5190..312df4c 100644 --- a/sbin/setkey/token.l +++ b/sbin/setkey/token.l @@ -171,6 +171,7 @@ hmac-sha2-256 { PREPROC; yylval.num = SADB_X_AALG_SHA2_256; return(ALG_AUTH); } hmac-sha2-384 { PREPROC; yylval.num = SADB_X_AALG_SHA2_384; return(ALG_AUTH); } hmac-sha2-512 { PREPROC; yylval.num = SADB_X_AALG_SHA2_512; return(ALG_AUTH); } hmac-ripemd160 { PREPROC; yylval.num = SADB_X_AALG_RIPEMD160HMAC; return(ALG_AUTH); } +aes-xcbc-mac { PREPROC; yylval.num = SADB_X_AALG_AES_XCBC_MAC; return(ALG_AUTH); } null { PREPROC; yylval.num = SADB_X_AALG_NULL; return(ALG_AUTH); } /* encryption alogorithm */ diff --git a/sys/conf/files b/sys/conf/files index e99e529..84a88f5 100644 --- a/sys/conf/files +++ b/sys/conf/files @@ -205,8 +205,8 @@ crypto/blowfish/bf_skey.c optional ipsec ipsec_esp crypto/cast128/cast128.c optional ipsec ipsec_esp crypto/des/des_ecb.c optional ipsec ipsec_esp crypto/des/des_setkey.c optional ipsec ipsec_esp -crypto/rijndael/rijndael-alg-fst.c optional ipsec ipsec_esp -crypto/rijndael/rijndael-api-fst.c optional ipsec ipsec_esp +crypto/rijndael/rijndael-alg-fst.c optional ipsec +crypto/rijndael/rijndael-api-fst.c optional ipsec opencrypto/rmd160.c optional ipsec crypto/sha1.c optional ipsec crypto/sha2/sha2.c optional ipsec @@ -1436,6 +1436,7 @@ netinet/tcp_syncache.c optional inet netinet/tcp_timer.c optional inet netinet/tcp_usrreq.c optional inet netinet/udp_usrreq.c optional inet +netinet6/ah_aesxcbcmac.c optional ipsec netinet6/ah_core.c optional ipsec netinet6/ah_input.c optional ipsec netinet6/ah_output.c optional ipsec diff --git a/sys/net/pfkeyv2.h b/sys/net/pfkeyv2.h index 506cc44..6fa8a2d 100644 --- a/sys/net/pfkeyv2.h +++ b/sys/net/pfkeyv2.h @@ -307,7 +307,8 @@ struct sadb_x_ipsecrequest { #define SADB_X_AALG_SHA2_256 5 #define SADB_X_AALG_SHA2_384 6 #define SADB_X_AALG_SHA2_512 7 -#define SADB_X_AALG_RIPEMD160HMAC 9 /*8*/ +#define SADB_X_AALG_RIPEMD160HMAC 8 +#define SADB_X_AALG_AES_XCBC_MAC 9 /* draft-ietf-ipsec-ciph-aes-xcbc-mac-04 */ /* private allocations should use 249-255 (RFC2407) */ #define SADB_X_AALG_MD5 249 /* Keyed MD5 */ #define SADB_X_AALG_SHA 250 /* Keyed SHA */ diff --git a/sys/netinet6/ah_core.c b/sys/netinet6/ah_core.c index ce3cbcd..ef5a491 100644 --- a/sys/netinet6/ah_core.c +++ b/sys/netinet6/ah_core.c @@ -74,6 +74,7 @@ #ifdef INET6 #include <netinet6/ah6.h> #endif +#include <netinet6/ah_aesxcbcmac.h> #ifdef IPSEC_ESP #include <netinet6/esp.h> #ifdef INET6 @@ -188,6 +189,10 @@ ah_algorithm_lookup(idx) "hmac-ripemd160", ah_hmac_ripemd160_init, ah_hmac_ripemd160_loop, ah_hmac_ripemd160_result, }, + { ah_sumsiz_1216, ah_common_mature, 128, 128, + "aes-xcbc-mac", + ah_aes_xcbc_mac_init, ah_aes_xcbc_mac_loop, + ah_aes_xcbc_mac_result, }, }; switch (idx) { @@ -209,6 +214,8 @@ ah_algorithm_lookup(idx) return &ah_algorithms[7]; case SADB_X_AALG_RIPEMD160HMAC: return &ah_algorithms[8]; + case SADB_X_AALG_AES_XCBC_MAC: + return &ah_algorithms[9]; default: return NULL; } diff --git a/usr.sbin/setkey/setkey.8 b/usr.sbin/setkey/setkey.8 index d11a6ad..680803b 100644 --- a/usr.sbin/setkey/setkey.8 +++ b/usr.sbin/setkey/setkey.8 @@ -551,6 +551,8 @@ hmac-sha2-512 512 ah: 96bit ICV (no document) 512 ah-old: 128bit ICV (no document) hmac-ripemd160 160 ah: 96bit ICV (RFC2857) ah-old: 128bit ICV (no document) +aes-xcbc-mac 128 ah: 96bit ICV (RFC3566) + 128 ah-old: 128bit ICV (no document) .Ed .Pp Followings are the list of encryption algorithms that can be used as diff --git a/usr.sbin/setkey/token.l b/usr.sbin/setkey/token.l index eed5190..312df4c 100644 --- a/usr.sbin/setkey/token.l +++ b/usr.sbin/setkey/token.l @@ -171,6 +171,7 @@ hmac-sha2-256 { PREPROC; yylval.num = SADB_X_AALG_SHA2_256; return(ALG_AUTH); } hmac-sha2-384 { PREPROC; yylval.num = SADB_X_AALG_SHA2_384; return(ALG_AUTH); } hmac-sha2-512 { PREPROC; yylval.num = SADB_X_AALG_SHA2_512; return(ALG_AUTH); } hmac-ripemd160 { PREPROC; yylval.num = SADB_X_AALG_RIPEMD160HMAC; return(ALG_AUTH); } +aes-xcbc-mac { PREPROC; yylval.num = SADB_X_AALG_AES_XCBC_MAC; return(ALG_AUTH); } null { PREPROC; yylval.num = SADB_X_AALG_NULL; return(ALG_AUTH); } /* encryption alogorithm */ |
