diff options
Diffstat (limited to 'sys/opencrypto')
-rw-r--r-- | sys/opencrypto/cryptodev.c | 27 | ||||
-rw-r--r-- | sys/opencrypto/cryptodev.h | 17 | ||||
-rw-r--r-- | sys/opencrypto/cryptosoft.c | 236 | ||||
-rw-r--r-- | sys/opencrypto/cryptosoft.h | 8 | ||||
-rw-r--r-- | sys/opencrypto/xform.c | 30 | ||||
-rw-r--r-- | sys/opencrypto/xform.h | 8 |
6 files changed, 194 insertions, 132 deletions
diff --git a/sys/opencrypto/cryptodev.c b/sys/opencrypto/cryptodev.c index 9c3490f..9c9ec29 100644 --- a/sys/opencrypto/cryptodev.c +++ b/sys/opencrypto/cryptodev.c @@ -190,25 +190,22 @@ cryptof_ioctl( case 0: break; case CRYPTO_MD5_HMAC: - thash = &auth_hash_hmac_md5_96; + thash = &auth_hash_hmac_md5; break; case CRYPTO_SHA1_HMAC: - thash = &auth_hash_hmac_sha1_96; + thash = &auth_hash_hmac_sha1; break; - case CRYPTO_SHA2_HMAC: - if (sop->mackeylen == auth_hash_hmac_sha2_256.keysize) - thash = &auth_hash_hmac_sha2_256; - else if (sop->mackeylen == auth_hash_hmac_sha2_384.keysize) - thash = &auth_hash_hmac_sha2_384; - else if (sop->mackeylen == auth_hash_hmac_sha2_512.keysize) - thash = &auth_hash_hmac_sha2_512; - else { - mtx_unlock(&Giant); - return (EINVAL); - } + case CRYPTO_SHA2_256_HMAC: + thash = &auth_hash_hmac_sha2_256; + break; + case CRYPTO_SHA2_384_HMAC: + thash = &auth_hash_hmac_sha2_384; + break; + case CRYPTO_SHA2_512_HMAC: + thash = &auth_hash_hmac_sha2_512; break; case CRYPTO_RIPEMD160_HMAC: - thash = &auth_hash_hmac_ripemd_160_96; + thash = &auth_hash_hmac_ripemd_160; break; #ifdef notdef case CRYPTO_MD5: @@ -471,7 +468,7 @@ cryptodev_op( goto bail; if (cop->mac && - (error = copyout(crp->crp_mac, cop->mac, cse->thash->authsize))) + (error = copyout(crp->crp_mac, cop->mac, cse->thash->hashsize))) goto bail; bail: diff --git a/sys/opencrypto/cryptodev.h b/sys/opencrypto/cryptodev.h index b1999d7..919a717 100644 --- a/sys/opencrypto/cryptodev.h +++ b/sys/opencrypto/cryptodev.h @@ -63,6 +63,7 @@ /* HMAC values */ #define HMAC_BLOCK_LEN 64 +#define HMAC_BLOCK_MAXLEN 128 #define HMAC_IPAD_VAL 0x36 #define HMAC_OPAD_VAL 0x5C @@ -94,11 +95,13 @@ #define CRYPTO_ARC4 12 #define CRYPTO_MD5 13 #define CRYPTO_SHA1 14 -#define CRYPTO_SHA2_HMAC 15 -#define CRYPTO_NULL_HMAC 16 -#define CRYPTO_NULL_CBC 17 -#define CRYPTO_DEFLATE_COMP 18 /* Deflate compression algorithm */ -#define CRYPTO_ALGORITHM_MAX 18 /* Keep updated - see below */ +#define CRYPTO_NULL_HMAC 15 +#define CRYPTO_NULL_CBC 16 +#define CRYPTO_DEFLATE_COMP 17 /* Deflate compression algorithm */ +#define CRYPTO_SHA2_256_HMAC 18 +#define CRYPTO_SHA2_384_HMAC 19 +#define CRYPTO_SHA2_512_HMAC 20 +#define CRYPTO_ALGORITHM_MAX 20 /* Keep updated - see below */ /* Algorithm flags */ #define CRYPTO_ALG_FLAG_SUPPORTED 0x01 /* Algorithm is supported */ @@ -209,6 +212,8 @@ struct cryptostats { struct cryptoini { int cri_alg; /* Algorithm to use */ int cri_klen; /* Key length, in bits */ + int cri_mlen; /* Number of bytes we want from the + entire hash. 0 means all. */ caddr_t cri_key; /* key to use */ u_int8_t cri_iv[EALG_MAX_BLOCK_LEN]; /* IV to use */ struct cryptoini *cri_next; @@ -384,6 +389,6 @@ extern void cuio_copydata(struct uio* uio, int off, int len, caddr_t cp); extern void cuio_copyback(struct uio* uio, int off, int len, caddr_t cp); extern struct iovec *cuio_getptr(struct uio *uio, int loc, int *off); extern int cuio_apply(struct uio *uio, int off, int len, - int (*f)(void *, void *, u_int), void *arg); + int (*f)(void *, void *, u_int), void *arg); #endif /* _KERNEL */ #endif /* _CRYPTO_CRYPTO_H_ */ diff --git a/sys/opencrypto/cryptosoft.c b/sys/opencrypto/cryptosoft.c index e41f0ce..215c676 100644 --- a/sys/opencrypto/cryptosoft.c +++ b/sys/opencrypto/cryptosoft.c @@ -45,39 +45,39 @@ __FBSDID("$FreeBSD$"); #include <opencrypto/cryptosoft.h> #include <opencrypto/xform.h> -u_int8_t hmac_ipad_buffer[64] = { - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36 -}; - -u_int8_t hmac_opad_buffer[64] = { - 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, - 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, - 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, - 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, - 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, - 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, - 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, - 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C -}; - +u_int8_t *hmac_ipad_buffer; +u_int8_t *hmac_opad_buffer; struct swcr_data **swcr_sessions = NULL; u_int32_t swcr_sesnum = 0; int32_t swcr_id = -1; -#define COPYBACK(x, a, b, c, d) \ - (x) == CRYPTO_BUF_MBUF ? m_copyback((struct mbuf *)a,b,c,d) \ - : cuio_copyback((struct uio *)a,b,c,d) -#define COPYDATA(x, a, b, c, d) \ - (x) == CRYPTO_BUF_MBUF ? m_copydata((struct mbuf *)a,b,c,d) \ - : cuio_copydata((struct uio *)a,b,c,d) +#define COPYBACK(type, buf, off, size, in) do { \ + switch (type) { \ + case CRYPTO_BUF_CONTIG: \ + bcopy(in, (u_char *)(buf) + (off), size); \ + break; \ + case CRYPTO_BUF_MBUF: \ + m_copyback((struct mbuf *)(buf), off, size, in); \ + break; \ + case CRYPTO_BUF_IOV: \ + cuio_copyback((struct uio *)(buf), off, size, in); \ + break; \ + } \ +} while (0) +#define COPYDATA(type, buf, off, size, out) do { \ + switch (type) { \ + case CRYPTO_BUF_CONTIG: \ + bcopy((u_char *)(buf) + (off), out, size); \ + break; \ + case CRYPTO_BUF_MBUF: \ + m_copydata((struct mbuf *)(buf), off, size, out); \ + break; \ + case CRYPTO_BUF_IOV: \ + cuio_copydata((struct uio *)(buf), off, size, out); \ + break; \ + } \ +} while (0) static int swcr_encdec(struct cryptodesc *, struct swcr_data *, caddr_t, int); static int swcr_authcompute(struct cryptop *crp, struct cryptodesc *crd, @@ -412,13 +412,60 @@ swcr_encdec(struct cryptodesc *crd, struct swcr_data *sw, caddr_t buf, } } - return 0; /* Done with iov encryption/decryption */ + return 0; /* Done with iovec encryption/decryption */ } /* Unreachable */ return EINVAL; } +static void +swcr_authprepare(struct auth_hash *axf, struct swcr_data *sw, u_char *key, + int klen) +{ + int k; + + klen /= 8; + + switch (axf->type) { + case CRYPTO_MD5_HMAC: + case CRYPTO_SHA1_HMAC: + case CRYPTO_SHA2_256_HMAC: + case CRYPTO_SHA2_384_HMAC: + case CRYPTO_SHA2_512_HMAC: + case CRYPTO_NULL_HMAC: + case CRYPTO_RIPEMD160_HMAC: + for (k = 0; k < klen; k++) + key[k] ^= HMAC_IPAD_VAL; + + axf->Init(sw->sw_ictx); + axf->Update(sw->sw_ictx, key, klen); + axf->Update(sw->sw_ictx, hmac_ipad_buffer, axf->blocksize - klen); + + for (k = 0; k < klen; k++) + key[k] ^= (HMAC_IPAD_VAL ^ HMAC_OPAD_VAL); + + axf->Init(sw->sw_octx); + axf->Update(sw->sw_octx, key, klen); + axf->Update(sw->sw_octx, hmac_opad_buffer, axf->blocksize - klen); + + for (k = 0; k < klen; k++) + key[k] ^= HMAC_OPAD_VAL; + break; + case CRYPTO_MD5_KPDK: + case CRYPTO_SHA1_KPDK: + sw->sw_klen = klen; + bcopy(key, sw->sw_octx, klen); + axf->Init(sw->sw_ictx); + axf->Update(sw->sw_ictx, key, klen); + axf->Final(NULL, sw->sw_ictx); + break; + default: + printf("%s: CRD_F_KEY_EXPLICIT flag given, but algorithm %d " + "doesn't use keys.\n", __func__, axf->type); + } +} + /* * Compute keyed-hash authenticator. */ @@ -436,6 +483,9 @@ swcr_authcompute(struct cryptop *crp, struct cryptodesc *crd, axf = sw->sw_axf; + if (crd->crd_flags & CRD_F_KEY_EXPLICIT) + swcr_authprepare(axf, sw, crd->crd_key, crd->crd_klen); + bcopy(sw->sw_ictx, &ctx, axf->ctxsize); switch (outtype) { @@ -450,6 +500,12 @@ swcr_authcompute(struct cryptop *crp, struct cryptodesc *crd, return err; break; case CRYPTO_BUF_IOV: + err = cuio_apply((struct uio *) buf, crd->crd_skip, crd->crd_len, + (int (*)(void *, void *, unsigned int)) axf->Update, + (caddr_t) &ctx); + if (err) + return err; + break; default: return EINVAL; } @@ -457,7 +513,9 @@ swcr_authcompute(struct cryptop *crp, struct cryptodesc *crd, switch (sw->sw_alg) { case CRYPTO_MD5_HMAC: case CRYPTO_SHA1_HMAC: - case CRYPTO_SHA2_HMAC: + case CRYPTO_SHA2_256_HMAC: + case CRYPTO_SHA2_384_HMAC: + case CRYPTO_SHA2_512_HMAC: case CRYPTO_RIPEMD160_HMAC: if (sw->sw_octx == NULL) return EINVAL; @@ -483,11 +541,8 @@ swcr_authcompute(struct cryptop *crp, struct cryptodesc *crd, } /* Inject the authentication data */ - if (outtype == CRYPTO_BUF_CONTIG) - bcopy(aalg, buf + crd->crd_inject, axf->authsize); - else - m_copyback((struct mbuf *) buf, crd->crd_inject, - axf->authsize, aalg); + COPYBACK(outtype, buf, crd->crd_inject, + sw->sw_mlen == 0 ? axf->hashsize : sw->sw_mlen, aalg); return 0; } @@ -578,7 +633,7 @@ swcr_newsession(void *arg, u_int32_t *sid, struct cryptoini *cri) struct enc_xform *txf; struct comp_algo *cxf; u_int32_t i; - int k, error; + int error; if (sid == NULL || cri == NULL) return EINVAL; @@ -652,38 +707,37 @@ swcr_newsession(void *arg, u_int32_t *sid, struct cryptoini *cri) txf = &enc_xform_null; goto enccommon; enccommon: - error = txf->setkey(&((*swd)->sw_kschedule), - cri->cri_key, cri->cri_klen / 8); - if (error) { - swcr_freesession(NULL, i); - return error; + if (cri->cri_key != NULL) { + error = txf->setkey(&((*swd)->sw_kschedule), + cri->cri_key, cri->cri_klen / 8); + if (error) { + swcr_freesession(NULL, i); + return error; + } } (*swd)->sw_exf = txf; break; case CRYPTO_MD5_HMAC: - axf = &auth_hash_hmac_md5_96; + axf = &auth_hash_hmac_md5; goto authcommon; case CRYPTO_SHA1_HMAC: - axf = &auth_hash_hmac_sha1_96; + axf = &auth_hash_hmac_sha1; goto authcommon; - case CRYPTO_SHA2_HMAC: - if (cri->cri_klen == 256) - axf = &auth_hash_hmac_sha2_256; - else if (cri->cri_klen == 384) - axf = &auth_hash_hmac_sha2_384; - else if (cri->cri_klen == 512) - axf = &auth_hash_hmac_sha2_512; - else { - swcr_freesession(NULL, i); - return EINVAL; - } + case CRYPTO_SHA2_256_HMAC: + axf = &auth_hash_hmac_sha2_256; + goto authcommon; + case CRYPTO_SHA2_384_HMAC: + axf = &auth_hash_hmac_sha2_384; + goto authcommon; + case CRYPTO_SHA2_512_HMAC: + axf = &auth_hash_hmac_sha2_512; goto authcommon; case CRYPTO_NULL_HMAC: axf = &auth_hash_null; goto authcommon; case CRYPTO_RIPEMD160_HMAC: - axf = &auth_hash_hmac_ripemd_160_96; + axf = &auth_hash_hmac_ripemd_160; authcommon: (*swd)->sw_ictx = malloc(axf->ctxsize, M_CRYPTO_DATA, M_NOWAIT); @@ -698,27 +752,13 @@ swcr_newsession(void *arg, u_int32_t *sid, struct cryptoini *cri) swcr_freesession(NULL, i); return ENOBUFS; } - - for (k = 0; k < cri->cri_klen / 8; k++) - cri->cri_key[k] ^= HMAC_IPAD_VAL; - - axf->Init((*swd)->sw_ictx); - axf->Update((*swd)->sw_ictx, cri->cri_key, - cri->cri_klen / 8); - axf->Update((*swd)->sw_ictx, hmac_ipad_buffer, - HMAC_BLOCK_LEN - (cri->cri_klen / 8)); - - for (k = 0; k < cri->cri_klen / 8; k++) - cri->cri_key[k] ^= (HMAC_IPAD_VAL ^ HMAC_OPAD_VAL); - - axf->Init((*swd)->sw_octx); - axf->Update((*swd)->sw_octx, cri->cri_key, - cri->cri_klen / 8); - axf->Update((*swd)->sw_octx, hmac_opad_buffer, - HMAC_BLOCK_LEN - (cri->cri_klen / 8)); - - for (k = 0; k < cri->cri_klen / 8; k++) - cri->cri_key[k] ^= HMAC_OPAD_VAL; + + if (cri->cri_key != NULL) { + swcr_authprepare(axf, *swd, cri->cri_key, + cri->cri_klen); + } + + (*swd)->sw_mlen = cri->cri_mlen; (*swd)->sw_axf = axf; break; @@ -736,20 +776,20 @@ swcr_newsession(void *arg, u_int32_t *sid, struct cryptoini *cri) return ENOBUFS; } - /* Store the key so we can "append" it to the payload */ - (*swd)->sw_octx = malloc(cri->cri_klen / 8, M_CRYPTO_DATA, - M_NOWAIT); + (*swd)->sw_octx = malloc(cri->cri_klen / 8, + M_CRYPTO_DATA, M_NOWAIT); if ((*swd)->sw_octx == NULL) { swcr_freesession(NULL, i); return ENOBUFS; } - - (*swd)->sw_klen = cri->cri_klen / 8; - bcopy(cri->cri_key, (*swd)->sw_octx, cri->cri_klen / 8); - axf->Init((*swd)->sw_ictx); - axf->Update((*swd)->sw_ictx, cri->cri_key, - cri->cri_klen / 8); - axf->Final(NULL, (*swd)->sw_ictx); + + /* Store the key so we can "append" it to the payload */ + if (cri->cri_key != NULL) { + swcr_authprepare(axf, *swd, cri->cri_key, + cri->cri_klen); + } + + (*swd)->sw_mlen = cri->cri_mlen; (*swd)->sw_axf = axf; break; #ifdef notdef @@ -768,6 +808,7 @@ swcr_newsession(void *arg, u_int32_t *sid, struct cryptoini *cri) } axf->Init((*swd)->sw_ictx); + (*swd)->sw_mlen = cri->cri_mlen; (*swd)->sw_axf = axf; break; #endif @@ -826,7 +867,9 @@ swcr_freesession(void *arg, u_int64_t tid) case CRYPTO_MD5_HMAC: case CRYPTO_SHA1_HMAC: - case CRYPTO_SHA2_HMAC: + case CRYPTO_SHA2_256_HMAC: + case CRYPTO_SHA2_384_HMAC: + case CRYPTO_SHA2_512_HMAC: case CRYPTO_RIPEMD160_HMAC: case CRYPTO_NULL_HMAC: axf = swd->sw_axf; @@ -945,7 +988,9 @@ swcr_process(void *arg, struct cryptop *crp, int hint) break; case CRYPTO_MD5_HMAC: case CRYPTO_SHA1_HMAC: - case CRYPTO_SHA2_HMAC: + case CRYPTO_SHA2_256_HMAC: + case CRYPTO_SHA2_384_HMAC: + case CRYPTO_SHA2_512_HMAC: case CRYPTO_RIPEMD160_HMAC: case CRYPTO_NULL_HMAC: case CRYPTO_MD5_KPDK: @@ -983,6 +1028,15 @@ done: static void swcr_init(void) { + u_int i; + + hmac_ipad_buffer = malloc(HMAC_BLOCK_MAXLEN, M_CRYPTO_DATA, M_WAITOK); + for (i = 0; i < HMAC_BLOCK_MAXLEN; i++) + hmac_ipad_buffer[i] = HMAC_IPAD_VAL; + hmac_opad_buffer = malloc(HMAC_BLOCK_MAXLEN, M_CRYPTO_DATA, M_WAITOK); + for (i = 0; i < HMAC_BLOCK_MAXLEN; i++) + hmac_opad_buffer[i] = HMAC_OPAD_VAL; + swcr_id = crypto_get_driverid(CRYPTOCAP_F_SOFTWARE | CRYPTOCAP_F_SYNC); if (swcr_id < 0) panic("Software crypto device cannot initialize!"); @@ -997,7 +1051,9 @@ swcr_init(void) REGISTER(CRYPTO_NULL_CBC); REGISTER(CRYPTO_MD5_HMAC); REGISTER(CRYPTO_SHA1_HMAC); - REGISTER(CRYPTO_SHA2_HMAC); + REGISTER(CRYPTO_SHA2_256_HMAC); + REGISTER(CRYPTO_SHA2_384_HMAC); + REGISTER(CRYPTO_SHA2_512_HMAC); REGISTER(CRYPTO_RIPEMD160_HMAC); REGISTER(CRYPTO_NULL_HMAC); REGISTER(CRYPTO_MD5_KPDK); @@ -1016,5 +1072,7 @@ swcr_uninit(void) if (swcr_sessions != NULL) FREE(swcr_sessions, M_CRYPTO_DATA); + free(hmac_ipad_buffer, M_CRYPTO_DATA); + free(hmac_opad_buffer, M_CRYPTO_DATA); } SYSUNINIT(cryptosoft_uninit, SI_SUB_PSEUDO, SI_ORDER_ANY, swcr_uninit, NULL); diff --git a/sys/opencrypto/cryptosoft.h b/sys/opencrypto/cryptosoft.h index bf13852..056e137 100644 --- a/sys/opencrypto/cryptosoft.h +++ b/sys/opencrypto/cryptosoft.h @@ -32,7 +32,8 @@ struct swcr_data { struct { u_int8_t *SW_ictx; u_int8_t *SW_octx; - u_int32_t SW_klen; + u_int16_t SW_klen; + u_int16_t SW_mlen; struct auth_hash *SW_axf; } SWCR_AUTH; struct { @@ -48,6 +49,7 @@ struct swcr_data { #define sw_ictx SWCR_UN.SWCR_AUTH.SW_ictx #define sw_octx SWCR_UN.SWCR_AUTH.SW_octx #define sw_klen SWCR_UN.SWCR_AUTH.SW_klen +#define sw_mlen SWCR_UN.SWCR_AUTH.SW_mlen #define sw_axf SWCR_UN.SWCR_AUTH.SW_axf #define sw_kschedule SWCR_UN.SWCR_ENC.SW_kschedule #define sw_exf SWCR_UN.SWCR_ENC.SW_exf @@ -58,8 +60,8 @@ struct swcr_data { }; #ifdef _KERNEL -extern u_int8_t hmac_ipad_buffer[64]; -extern u_int8_t hmac_opad_buffer[64]; +extern u_int8_t *hmac_ipad_buffer; +extern u_int8_t *hmac_opad_buffer; #endif /* _KERNEL */ #endif /* _CRYPTO_CRYPTO_H_ */ diff --git a/sys/opencrypto/xform.c b/sys/opencrypto/xform.c index a24d6da..72c4102 100644 --- a/sys/opencrypto/xform.c +++ b/sys/opencrypto/xform.c @@ -187,60 +187,60 @@ struct enc_xform enc_xform_arc4 = { /* Authentication instances */ struct auth_hash auth_hash_null = { CRYPTO_NULL_HMAC, "NULL-HMAC", - 0, 0, 12, sizeof(int), /* NB: context isn't used */ + 0, 16, 64, sizeof(int), /* NB: context isn't used */ null_init, null_update, null_final }; -struct auth_hash auth_hash_hmac_md5_96 = { +struct auth_hash auth_hash_hmac_md5 = { CRYPTO_MD5_HMAC, "HMAC-MD5", - 16, 16, 12, sizeof(MD5_CTX), + 16, 16, 64, sizeof(MD5_CTX), (void (*) (void *)) MD5Init, MD5Update_int, (void (*) (u_int8_t *, void *)) MD5Final }; -struct auth_hash auth_hash_hmac_sha1_96 = { +struct auth_hash auth_hash_hmac_sha1 = { CRYPTO_SHA1_HMAC, "HMAC-SHA1", - 20, 20, 12, sizeof(SHA1_CTX), + 20, 20, 64, sizeof(SHA1_CTX), SHA1Init_int, SHA1Update_int, SHA1Final_int }; -struct auth_hash auth_hash_hmac_ripemd_160_96 = { +struct auth_hash auth_hash_hmac_ripemd_160 = { CRYPTO_RIPEMD160_HMAC, "HMAC-RIPEMD-160", - 20, 20, 12, sizeof(RMD160_CTX), + 20, 20, 64, sizeof(RMD160_CTX), (void (*)(void *)) RMD160Init, RMD160Update_int, (void (*)(u_int8_t *, void *)) RMD160Final }; struct auth_hash auth_hash_key_md5 = { CRYPTO_MD5_KPDK, "Keyed MD5", - 0, 16, 12, sizeof(MD5_CTX), + 0, 16, 0, sizeof(MD5_CTX), (void (*)(void *)) MD5Init, MD5Update_int, (void (*)(u_int8_t *, void *)) MD5Final }; struct auth_hash auth_hash_key_sha1 = { CRYPTO_SHA1_KPDK, "Keyed SHA1", - 0, 20, 12, sizeof(SHA1_CTX), + 0, 20, 0, sizeof(SHA1_CTX), SHA1Init_int, SHA1Update_int, SHA1Final_int }; struct auth_hash auth_hash_hmac_sha2_256 = { - CRYPTO_SHA2_HMAC, "HMAC-SHA2", - 32, 32, 12, sizeof(SHA256_CTX), + CRYPTO_SHA2_256_HMAC, "HMAC-SHA2-256", + 32, 32, 64, sizeof(SHA256_CTX), (void (*)(void *)) SHA256_Init, SHA256Update_int, (void (*)(u_int8_t *, void *)) SHA256_Final }; struct auth_hash auth_hash_hmac_sha2_384 = { - CRYPTO_SHA2_HMAC, "HMAC-SHA2-384", - 48, 48, 12, sizeof(SHA384_CTX), + CRYPTO_SHA2_384_HMAC, "HMAC-SHA2-384", + 48, 48, 128, sizeof(SHA384_CTX), (void (*)(void *)) SHA384_Init, SHA384Update_int, (void (*)(u_int8_t *, void *)) SHA384_Final }; struct auth_hash auth_hash_hmac_sha2_512 = { - CRYPTO_SHA2_HMAC, "HMAC-SHA2-512", - 64, 64, 12, sizeof(SHA512_CTX), + CRYPTO_SHA2_512_HMAC, "HMAC-SHA2-512", + 64, 64, 128, sizeof(SHA512_CTX), (void (*)(void *)) SHA512_Init, SHA512Update_int, (void (*)(u_int8_t *, void *)) SHA512_Final }; diff --git a/sys/opencrypto/xform.h b/sys/opencrypto/xform.h index ae6665b..bdf16ac 100644 --- a/sys/opencrypto/xform.h +++ b/sys/opencrypto/xform.h @@ -36,7 +36,7 @@ struct auth_hash { char *name; u_int16_t keysize; u_int16_t hashsize; - u_int16_t authsize; + u_int16_t blocksize; u_int16_t ctxsize; void (*Init) (void *); int (*Update) (void *, u_int8_t *, u_int16_t); @@ -85,9 +85,9 @@ extern struct enc_xform enc_xform_arc4; extern struct auth_hash auth_hash_null; extern struct auth_hash auth_hash_key_md5; extern struct auth_hash auth_hash_key_sha1; -extern struct auth_hash auth_hash_hmac_md5_96; -extern struct auth_hash auth_hash_hmac_sha1_96; -extern struct auth_hash auth_hash_hmac_ripemd_160_96; +extern struct auth_hash auth_hash_hmac_md5; +extern struct auth_hash auth_hash_hmac_sha1; +extern struct auth_hash auth_hash_hmac_ripemd_160; extern struct auth_hash auth_hash_hmac_sha2_256; extern struct auth_hash auth_hash_hmac_sha2_384; extern struct auth_hash auth_hash_hmac_sha2_512; |