- Fix a very old bug in HMAC/SHA{384,512}. When HMAC is using SHA384

  or SHA512, the blocksize is 128 bytes, not 64 bytes as anywhere else.
  The bug also exists in NetBSD, OpenBSD and various other independed
  implementations I look at.
- We cannot decide which hash function to use for HMAC based on the key
  length, because any HMAC function can use any key length.
  To fix it split CRYPTO_SHA2_HMAC into three algorithm:
  CRYPTO_SHA2_256_HMAC, CRYPTO_SHA2_384_HMAC and CRYPTO_SHA2_512_HMAC.
  Those names are consistent with OpenBSD's naming.
- Remove authsize field from auth_hash structure.
- Allow consumer to define size of hash he wants to receive.
  This allows to use HMAC not only for IPsec, where 96 bits MAC is requested.
  The size of requested MAC is defined at newsession time in the cri_mlen
  field - when 0, entire MAC will be returned.
- Add swcr_authprepare() function which prepares authentication key.
- Allow to provide key for every authentication operation, not only at
  newsession time by honoring CRD_F_KEY_EXPLICIT flag.
- Make giving key at newsession time optional - don't try to operate on it
  if its NULL.
- Extend COPYBACK()/COPYDATA() macros to handle CRYPTO_BUF_CONTIG buffer
  type as well.
- Accept CRYPTO_BUF_IOV buffer type in swcr_authcompute() as we have
  cuio_apply() now.
- 16 bits for key length (SW_klen) is more than enough.

Reviewed by:	sam

1 files changed, 15 insertions, 15 deletions

diff --git a/sys/opencrypto/xform.c b/sys/opencrypto/xform.c
index a24d6da..72c4102 100644
--- a/sys/opencrypto/xform.c
+++ b/sys/opencrypto/xform.c
@@ -187,60 +187,60 @@ struct enc_xform enc_xform_arc4 = {
 /* Authentication instances */
 struct auth_hash auth_hash_null = {
 	CRYPTO_NULL_HMAC, "NULL-HMAC",
-	0, 0, 12, sizeof(int),			/* NB: context isn't used */
+	0, 16, 64, sizeof(int),			/* NB: context isn't used */
 	null_init, null_update, null_final
 };
 
-struct auth_hash auth_hash_hmac_md5_96 = {
+struct auth_hash auth_hash_hmac_md5 = {
 	CRYPTO_MD5_HMAC, "HMAC-MD5",
-	16, 16, 12, sizeof(MD5_CTX),
+	16, 16, 64, sizeof(MD5_CTX),
 	(void (*) (void *)) MD5Init, MD5Update_int,
 	(void (*) (u_int8_t *, void *)) MD5Final
 };
 
-struct auth_hash auth_hash_hmac_sha1_96 = {
+struct auth_hash auth_hash_hmac_sha1 = {
 	CRYPTO_SHA1_HMAC, "HMAC-SHA1",
-	20, 20, 12, sizeof(SHA1_CTX),
+	20, 20, 64, sizeof(SHA1_CTX),
 	SHA1Init_int, SHA1Update_int, SHA1Final_int
 };
 
-struct auth_hash auth_hash_hmac_ripemd_160_96 = {
+struct auth_hash auth_hash_hmac_ripemd_160 = {
 	CRYPTO_RIPEMD160_HMAC, "HMAC-RIPEMD-160",
-	20, 20, 12, sizeof(RMD160_CTX),
+	20, 20, 64, sizeof(RMD160_CTX),
 	(void (*)(void *)) RMD160Init, RMD160Update_int,
 	(void (*)(u_int8_t *, void *)) RMD160Final
 };
 
 struct auth_hash auth_hash_key_md5 = {
 	CRYPTO_MD5_KPDK, "Keyed MD5", 
-	0, 16, 12, sizeof(MD5_CTX),
+	0, 16, 0, sizeof(MD5_CTX),
 	(void (*)(void *)) MD5Init, MD5Update_int,
 	(void (*)(u_int8_t *, void *)) MD5Final
 };
 
 struct auth_hash auth_hash_key_sha1 = {
 	CRYPTO_SHA1_KPDK, "Keyed SHA1",
-	0, 20, 12, sizeof(SHA1_CTX),
+	0, 20, 0, sizeof(SHA1_CTX),
 	SHA1Init_int, SHA1Update_int, SHA1Final_int
 };
 
 struct auth_hash auth_hash_hmac_sha2_256 = {
-	CRYPTO_SHA2_HMAC, "HMAC-SHA2",
-	32, 32, 12, sizeof(SHA256_CTX),
+	CRYPTO_SHA2_256_HMAC, "HMAC-SHA2-256",
+	32, 32, 64, sizeof(SHA256_CTX),
 	(void (*)(void *)) SHA256_Init, SHA256Update_int,
 	(void (*)(u_int8_t *, void *)) SHA256_Final
 };
 
 struct auth_hash auth_hash_hmac_sha2_384 = {
-	CRYPTO_SHA2_HMAC, "HMAC-SHA2-384",
-	48, 48, 12, sizeof(SHA384_CTX),
+	CRYPTO_SHA2_384_HMAC, "HMAC-SHA2-384",
+	48, 48, 128, sizeof(SHA384_CTX),
 	(void (*)(void *)) SHA384_Init, SHA384Update_int,
 	(void (*)(u_int8_t *, void *)) SHA384_Final
 };
 
 struct auth_hash auth_hash_hmac_sha2_512 = {
-	CRYPTO_SHA2_HMAC, "HMAC-SHA2-512",
-	64, 64, 12, sizeof(SHA512_CTX),
+	CRYPTO_SHA2_512_HMAC, "HMAC-SHA2-512",
+	64, 64, 128, sizeof(SHA512_CTX),
 	(void (*)(void *)) SHA512_Init, SHA512Update_int,
 	(void (*)(u_int8_t *, void *)) SHA512_Final
 };