summaryrefslogtreecommitdiffstats
path: root/sys/opencrypto
diff options
context:
space:
mode:
Diffstat (limited to 'sys/opencrypto')
-rw-r--r--sys/opencrypto/cryptodev.c27
-rw-r--r--sys/opencrypto/cryptodev.h17
-rw-r--r--sys/opencrypto/cryptosoft.c236
-rw-r--r--sys/opencrypto/cryptosoft.h8
-rw-r--r--sys/opencrypto/xform.c30
-rw-r--r--sys/opencrypto/xform.h8
6 files changed, 194 insertions, 132 deletions
diff --git a/sys/opencrypto/cryptodev.c b/sys/opencrypto/cryptodev.c
index 9c3490f..9c9ec29 100644
--- a/sys/opencrypto/cryptodev.c
+++ b/sys/opencrypto/cryptodev.c
@@ -190,25 +190,22 @@ cryptof_ioctl(
case 0:
break;
case CRYPTO_MD5_HMAC:
- thash = &auth_hash_hmac_md5_96;
+ thash = &auth_hash_hmac_md5;
break;
case CRYPTO_SHA1_HMAC:
- thash = &auth_hash_hmac_sha1_96;
+ thash = &auth_hash_hmac_sha1;
break;
- case CRYPTO_SHA2_HMAC:
- if (sop->mackeylen == auth_hash_hmac_sha2_256.keysize)
- thash = &auth_hash_hmac_sha2_256;
- else if (sop->mackeylen == auth_hash_hmac_sha2_384.keysize)
- thash = &auth_hash_hmac_sha2_384;
- else if (sop->mackeylen == auth_hash_hmac_sha2_512.keysize)
- thash = &auth_hash_hmac_sha2_512;
- else {
- mtx_unlock(&Giant);
- return (EINVAL);
- }
+ case CRYPTO_SHA2_256_HMAC:
+ thash = &auth_hash_hmac_sha2_256;
+ break;
+ case CRYPTO_SHA2_384_HMAC:
+ thash = &auth_hash_hmac_sha2_384;
+ break;
+ case CRYPTO_SHA2_512_HMAC:
+ thash = &auth_hash_hmac_sha2_512;
break;
case CRYPTO_RIPEMD160_HMAC:
- thash = &auth_hash_hmac_ripemd_160_96;
+ thash = &auth_hash_hmac_ripemd_160;
break;
#ifdef notdef
case CRYPTO_MD5:
@@ -471,7 +468,7 @@ cryptodev_op(
goto bail;
if (cop->mac &&
- (error = copyout(crp->crp_mac, cop->mac, cse->thash->authsize)))
+ (error = copyout(crp->crp_mac, cop->mac, cse->thash->hashsize)))
goto bail;
bail:
diff --git a/sys/opencrypto/cryptodev.h b/sys/opencrypto/cryptodev.h
index b1999d7..919a717 100644
--- a/sys/opencrypto/cryptodev.h
+++ b/sys/opencrypto/cryptodev.h
@@ -63,6 +63,7 @@
/* HMAC values */
#define HMAC_BLOCK_LEN 64
+#define HMAC_BLOCK_MAXLEN 128
#define HMAC_IPAD_VAL 0x36
#define HMAC_OPAD_VAL 0x5C
@@ -94,11 +95,13 @@
#define CRYPTO_ARC4 12
#define CRYPTO_MD5 13
#define CRYPTO_SHA1 14
-#define CRYPTO_SHA2_HMAC 15
-#define CRYPTO_NULL_HMAC 16
-#define CRYPTO_NULL_CBC 17
-#define CRYPTO_DEFLATE_COMP 18 /* Deflate compression algorithm */
-#define CRYPTO_ALGORITHM_MAX 18 /* Keep updated - see below */
+#define CRYPTO_NULL_HMAC 15
+#define CRYPTO_NULL_CBC 16
+#define CRYPTO_DEFLATE_COMP 17 /* Deflate compression algorithm */
+#define CRYPTO_SHA2_256_HMAC 18
+#define CRYPTO_SHA2_384_HMAC 19
+#define CRYPTO_SHA2_512_HMAC 20
+#define CRYPTO_ALGORITHM_MAX 20 /* Keep updated - see below */
/* Algorithm flags */
#define CRYPTO_ALG_FLAG_SUPPORTED 0x01 /* Algorithm is supported */
@@ -209,6 +212,8 @@ struct cryptostats {
struct cryptoini {
int cri_alg; /* Algorithm to use */
int cri_klen; /* Key length, in bits */
+ int cri_mlen; /* Number of bytes we want from the
+ entire hash. 0 means all. */
caddr_t cri_key; /* key to use */
u_int8_t cri_iv[EALG_MAX_BLOCK_LEN]; /* IV to use */
struct cryptoini *cri_next;
@@ -384,6 +389,6 @@ extern void cuio_copydata(struct uio* uio, int off, int len, caddr_t cp);
extern void cuio_copyback(struct uio* uio, int off, int len, caddr_t cp);
extern struct iovec *cuio_getptr(struct uio *uio, int loc, int *off);
extern int cuio_apply(struct uio *uio, int off, int len,
- int (*f)(void *, void *, u_int), void *arg);
+ int (*f)(void *, void *, u_int), void *arg);
#endif /* _KERNEL */
#endif /* _CRYPTO_CRYPTO_H_ */
diff --git a/sys/opencrypto/cryptosoft.c b/sys/opencrypto/cryptosoft.c
index e41f0ce..215c676 100644
--- a/sys/opencrypto/cryptosoft.c
+++ b/sys/opencrypto/cryptosoft.c
@@ -45,39 +45,39 @@ __FBSDID("$FreeBSD$");
#include <opencrypto/cryptosoft.h>
#include <opencrypto/xform.h>
-u_int8_t hmac_ipad_buffer[64] = {
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36
-};
-
-u_int8_t hmac_opad_buffer[64] = {
- 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
- 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
- 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
- 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
- 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
- 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
- 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
- 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C
-};
-
+u_int8_t *hmac_ipad_buffer;
+u_int8_t *hmac_opad_buffer;
struct swcr_data **swcr_sessions = NULL;
u_int32_t swcr_sesnum = 0;
int32_t swcr_id = -1;
-#define COPYBACK(x, a, b, c, d) \
- (x) == CRYPTO_BUF_MBUF ? m_copyback((struct mbuf *)a,b,c,d) \
- : cuio_copyback((struct uio *)a,b,c,d)
-#define COPYDATA(x, a, b, c, d) \
- (x) == CRYPTO_BUF_MBUF ? m_copydata((struct mbuf *)a,b,c,d) \
- : cuio_copydata((struct uio *)a,b,c,d)
+#define COPYBACK(type, buf, off, size, in) do { \
+ switch (type) { \
+ case CRYPTO_BUF_CONTIG: \
+ bcopy(in, (u_char *)(buf) + (off), size); \
+ break; \
+ case CRYPTO_BUF_MBUF: \
+ m_copyback((struct mbuf *)(buf), off, size, in); \
+ break; \
+ case CRYPTO_BUF_IOV: \
+ cuio_copyback((struct uio *)(buf), off, size, in); \
+ break; \
+ } \
+} while (0)
+#define COPYDATA(type, buf, off, size, out) do { \
+ switch (type) { \
+ case CRYPTO_BUF_CONTIG: \
+ bcopy((u_char *)(buf) + (off), out, size); \
+ break; \
+ case CRYPTO_BUF_MBUF: \
+ m_copydata((struct mbuf *)(buf), off, size, out); \
+ break; \
+ case CRYPTO_BUF_IOV: \
+ cuio_copydata((struct uio *)(buf), off, size, out); \
+ break; \
+ } \
+} while (0)
static int swcr_encdec(struct cryptodesc *, struct swcr_data *, caddr_t, int);
static int swcr_authcompute(struct cryptop *crp, struct cryptodesc *crd,
@@ -412,13 +412,60 @@ swcr_encdec(struct cryptodesc *crd, struct swcr_data *sw, caddr_t buf,
}
}
- return 0; /* Done with iov encryption/decryption */
+ return 0; /* Done with iovec encryption/decryption */
}
/* Unreachable */
return EINVAL;
}
+static void
+swcr_authprepare(struct auth_hash *axf, struct swcr_data *sw, u_char *key,
+ int klen)
+{
+ int k;
+
+ klen /= 8;
+
+ switch (axf->type) {
+ case CRYPTO_MD5_HMAC:
+ case CRYPTO_SHA1_HMAC:
+ case CRYPTO_SHA2_256_HMAC:
+ case CRYPTO_SHA2_384_HMAC:
+ case CRYPTO_SHA2_512_HMAC:
+ case CRYPTO_NULL_HMAC:
+ case CRYPTO_RIPEMD160_HMAC:
+ for (k = 0; k < klen; k++)
+ key[k] ^= HMAC_IPAD_VAL;
+
+ axf->Init(sw->sw_ictx);
+ axf->Update(sw->sw_ictx, key, klen);
+ axf->Update(sw->sw_ictx, hmac_ipad_buffer, axf->blocksize - klen);
+
+ for (k = 0; k < klen; k++)
+ key[k] ^= (HMAC_IPAD_VAL ^ HMAC_OPAD_VAL);
+
+ axf->Init(sw->sw_octx);
+ axf->Update(sw->sw_octx, key, klen);
+ axf->Update(sw->sw_octx, hmac_opad_buffer, axf->blocksize - klen);
+
+ for (k = 0; k < klen; k++)
+ key[k] ^= HMAC_OPAD_VAL;
+ break;
+ case CRYPTO_MD5_KPDK:
+ case CRYPTO_SHA1_KPDK:
+ sw->sw_klen = klen;
+ bcopy(key, sw->sw_octx, klen);
+ axf->Init(sw->sw_ictx);
+ axf->Update(sw->sw_ictx, key, klen);
+ axf->Final(NULL, sw->sw_ictx);
+ break;
+ default:
+ printf("%s: CRD_F_KEY_EXPLICIT flag given, but algorithm %d "
+ "doesn't use keys.\n", __func__, axf->type);
+ }
+}
+
/*
* Compute keyed-hash authenticator.
*/
@@ -436,6 +483,9 @@ swcr_authcompute(struct cryptop *crp, struct cryptodesc *crd,
axf = sw->sw_axf;
+ if (crd->crd_flags & CRD_F_KEY_EXPLICIT)
+ swcr_authprepare(axf, sw, crd->crd_key, crd->crd_klen);
+
bcopy(sw->sw_ictx, &ctx, axf->ctxsize);
switch (outtype) {
@@ -450,6 +500,12 @@ swcr_authcompute(struct cryptop *crp, struct cryptodesc *crd,
return err;
break;
case CRYPTO_BUF_IOV:
+ err = cuio_apply((struct uio *) buf, crd->crd_skip, crd->crd_len,
+ (int (*)(void *, void *, unsigned int)) axf->Update,
+ (caddr_t) &ctx);
+ if (err)
+ return err;
+ break;
default:
return EINVAL;
}
@@ -457,7 +513,9 @@ swcr_authcompute(struct cryptop *crp, struct cryptodesc *crd,
switch (sw->sw_alg) {
case CRYPTO_MD5_HMAC:
case CRYPTO_SHA1_HMAC:
- case CRYPTO_SHA2_HMAC:
+ case CRYPTO_SHA2_256_HMAC:
+ case CRYPTO_SHA2_384_HMAC:
+ case CRYPTO_SHA2_512_HMAC:
case CRYPTO_RIPEMD160_HMAC:
if (sw->sw_octx == NULL)
return EINVAL;
@@ -483,11 +541,8 @@ swcr_authcompute(struct cryptop *crp, struct cryptodesc *crd,
}
/* Inject the authentication data */
- if (outtype == CRYPTO_BUF_CONTIG)
- bcopy(aalg, buf + crd->crd_inject, axf->authsize);
- else
- m_copyback((struct mbuf *) buf, crd->crd_inject,
- axf->authsize, aalg);
+ COPYBACK(outtype, buf, crd->crd_inject,
+ sw->sw_mlen == 0 ? axf->hashsize : sw->sw_mlen, aalg);
return 0;
}
@@ -578,7 +633,7 @@ swcr_newsession(void *arg, u_int32_t *sid, struct cryptoini *cri)
struct enc_xform *txf;
struct comp_algo *cxf;
u_int32_t i;
- int k, error;
+ int error;
if (sid == NULL || cri == NULL)
return EINVAL;
@@ -652,38 +707,37 @@ swcr_newsession(void *arg, u_int32_t *sid, struct cryptoini *cri)
txf = &enc_xform_null;
goto enccommon;
enccommon:
- error = txf->setkey(&((*swd)->sw_kschedule),
- cri->cri_key, cri->cri_klen / 8);
- if (error) {
- swcr_freesession(NULL, i);
- return error;
+ if (cri->cri_key != NULL) {
+ error = txf->setkey(&((*swd)->sw_kschedule),
+ cri->cri_key, cri->cri_klen / 8);
+ if (error) {
+ swcr_freesession(NULL, i);
+ return error;
+ }
}
(*swd)->sw_exf = txf;
break;
case CRYPTO_MD5_HMAC:
- axf = &auth_hash_hmac_md5_96;
+ axf = &auth_hash_hmac_md5;
goto authcommon;
case CRYPTO_SHA1_HMAC:
- axf = &auth_hash_hmac_sha1_96;
+ axf = &auth_hash_hmac_sha1;
goto authcommon;
- case CRYPTO_SHA2_HMAC:
- if (cri->cri_klen == 256)
- axf = &auth_hash_hmac_sha2_256;
- else if (cri->cri_klen == 384)
- axf = &auth_hash_hmac_sha2_384;
- else if (cri->cri_klen == 512)
- axf = &auth_hash_hmac_sha2_512;
- else {
- swcr_freesession(NULL, i);
- return EINVAL;
- }
+ case CRYPTO_SHA2_256_HMAC:
+ axf = &auth_hash_hmac_sha2_256;
+ goto authcommon;
+ case CRYPTO_SHA2_384_HMAC:
+ axf = &auth_hash_hmac_sha2_384;
+ goto authcommon;
+ case CRYPTO_SHA2_512_HMAC:
+ axf = &auth_hash_hmac_sha2_512;
goto authcommon;
case CRYPTO_NULL_HMAC:
axf = &auth_hash_null;
goto authcommon;
case CRYPTO_RIPEMD160_HMAC:
- axf = &auth_hash_hmac_ripemd_160_96;
+ axf = &auth_hash_hmac_ripemd_160;
authcommon:
(*swd)->sw_ictx = malloc(axf->ctxsize, M_CRYPTO_DATA,
M_NOWAIT);
@@ -698,27 +752,13 @@ swcr_newsession(void *arg, u_int32_t *sid, struct cryptoini *cri)
swcr_freesession(NULL, i);
return ENOBUFS;
}
-
- for (k = 0; k < cri->cri_klen / 8; k++)
- cri->cri_key[k] ^= HMAC_IPAD_VAL;
-
- axf->Init((*swd)->sw_ictx);
- axf->Update((*swd)->sw_ictx, cri->cri_key,
- cri->cri_klen / 8);
- axf->Update((*swd)->sw_ictx, hmac_ipad_buffer,
- HMAC_BLOCK_LEN - (cri->cri_klen / 8));
-
- for (k = 0; k < cri->cri_klen / 8; k++)
- cri->cri_key[k] ^= (HMAC_IPAD_VAL ^ HMAC_OPAD_VAL);
-
- axf->Init((*swd)->sw_octx);
- axf->Update((*swd)->sw_octx, cri->cri_key,
- cri->cri_klen / 8);
- axf->Update((*swd)->sw_octx, hmac_opad_buffer,
- HMAC_BLOCK_LEN - (cri->cri_klen / 8));
-
- for (k = 0; k < cri->cri_klen / 8; k++)
- cri->cri_key[k] ^= HMAC_OPAD_VAL;
+
+ if (cri->cri_key != NULL) {
+ swcr_authprepare(axf, *swd, cri->cri_key,
+ cri->cri_klen);
+ }
+
+ (*swd)->sw_mlen = cri->cri_mlen;
(*swd)->sw_axf = axf;
break;
@@ -736,20 +776,20 @@ swcr_newsession(void *arg, u_int32_t *sid, struct cryptoini *cri)
return ENOBUFS;
}
- /* Store the key so we can "append" it to the payload */
- (*swd)->sw_octx = malloc(cri->cri_klen / 8, M_CRYPTO_DATA,
- M_NOWAIT);
+ (*swd)->sw_octx = malloc(cri->cri_klen / 8,
+ M_CRYPTO_DATA, M_NOWAIT);
if ((*swd)->sw_octx == NULL) {
swcr_freesession(NULL, i);
return ENOBUFS;
}
-
- (*swd)->sw_klen = cri->cri_klen / 8;
- bcopy(cri->cri_key, (*swd)->sw_octx, cri->cri_klen / 8);
- axf->Init((*swd)->sw_ictx);
- axf->Update((*swd)->sw_ictx, cri->cri_key,
- cri->cri_klen / 8);
- axf->Final(NULL, (*swd)->sw_ictx);
+
+ /* Store the key so we can "append" it to the payload */
+ if (cri->cri_key != NULL) {
+ swcr_authprepare(axf, *swd, cri->cri_key,
+ cri->cri_klen);
+ }
+
+ (*swd)->sw_mlen = cri->cri_mlen;
(*swd)->sw_axf = axf;
break;
#ifdef notdef
@@ -768,6 +808,7 @@ swcr_newsession(void *arg, u_int32_t *sid, struct cryptoini *cri)
}
axf->Init((*swd)->sw_ictx);
+ (*swd)->sw_mlen = cri->cri_mlen;
(*swd)->sw_axf = axf;
break;
#endif
@@ -826,7 +867,9 @@ swcr_freesession(void *arg, u_int64_t tid)
case CRYPTO_MD5_HMAC:
case CRYPTO_SHA1_HMAC:
- case CRYPTO_SHA2_HMAC:
+ case CRYPTO_SHA2_256_HMAC:
+ case CRYPTO_SHA2_384_HMAC:
+ case CRYPTO_SHA2_512_HMAC:
case CRYPTO_RIPEMD160_HMAC:
case CRYPTO_NULL_HMAC:
axf = swd->sw_axf;
@@ -945,7 +988,9 @@ swcr_process(void *arg, struct cryptop *crp, int hint)
break;
case CRYPTO_MD5_HMAC:
case CRYPTO_SHA1_HMAC:
- case CRYPTO_SHA2_HMAC:
+ case CRYPTO_SHA2_256_HMAC:
+ case CRYPTO_SHA2_384_HMAC:
+ case CRYPTO_SHA2_512_HMAC:
case CRYPTO_RIPEMD160_HMAC:
case CRYPTO_NULL_HMAC:
case CRYPTO_MD5_KPDK:
@@ -983,6 +1028,15 @@ done:
static void
swcr_init(void)
{
+ u_int i;
+
+ hmac_ipad_buffer = malloc(HMAC_BLOCK_MAXLEN, M_CRYPTO_DATA, M_WAITOK);
+ for (i = 0; i < HMAC_BLOCK_MAXLEN; i++)
+ hmac_ipad_buffer[i] = HMAC_IPAD_VAL;
+ hmac_opad_buffer = malloc(HMAC_BLOCK_MAXLEN, M_CRYPTO_DATA, M_WAITOK);
+ for (i = 0; i < HMAC_BLOCK_MAXLEN; i++)
+ hmac_opad_buffer[i] = HMAC_OPAD_VAL;
+
swcr_id = crypto_get_driverid(CRYPTOCAP_F_SOFTWARE | CRYPTOCAP_F_SYNC);
if (swcr_id < 0)
panic("Software crypto device cannot initialize!");
@@ -997,7 +1051,9 @@ swcr_init(void)
REGISTER(CRYPTO_NULL_CBC);
REGISTER(CRYPTO_MD5_HMAC);
REGISTER(CRYPTO_SHA1_HMAC);
- REGISTER(CRYPTO_SHA2_HMAC);
+ REGISTER(CRYPTO_SHA2_256_HMAC);
+ REGISTER(CRYPTO_SHA2_384_HMAC);
+ REGISTER(CRYPTO_SHA2_512_HMAC);
REGISTER(CRYPTO_RIPEMD160_HMAC);
REGISTER(CRYPTO_NULL_HMAC);
REGISTER(CRYPTO_MD5_KPDK);
@@ -1016,5 +1072,7 @@ swcr_uninit(void)
if (swcr_sessions != NULL)
FREE(swcr_sessions, M_CRYPTO_DATA);
+ free(hmac_ipad_buffer, M_CRYPTO_DATA);
+ free(hmac_opad_buffer, M_CRYPTO_DATA);
}
SYSUNINIT(cryptosoft_uninit, SI_SUB_PSEUDO, SI_ORDER_ANY, swcr_uninit, NULL);
diff --git a/sys/opencrypto/cryptosoft.h b/sys/opencrypto/cryptosoft.h
index bf13852..056e137 100644
--- a/sys/opencrypto/cryptosoft.h
+++ b/sys/opencrypto/cryptosoft.h
@@ -32,7 +32,8 @@ struct swcr_data {
struct {
u_int8_t *SW_ictx;
u_int8_t *SW_octx;
- u_int32_t SW_klen;
+ u_int16_t SW_klen;
+ u_int16_t SW_mlen;
struct auth_hash *SW_axf;
} SWCR_AUTH;
struct {
@@ -48,6 +49,7 @@ struct swcr_data {
#define sw_ictx SWCR_UN.SWCR_AUTH.SW_ictx
#define sw_octx SWCR_UN.SWCR_AUTH.SW_octx
#define sw_klen SWCR_UN.SWCR_AUTH.SW_klen
+#define sw_mlen SWCR_UN.SWCR_AUTH.SW_mlen
#define sw_axf SWCR_UN.SWCR_AUTH.SW_axf
#define sw_kschedule SWCR_UN.SWCR_ENC.SW_kschedule
#define sw_exf SWCR_UN.SWCR_ENC.SW_exf
@@ -58,8 +60,8 @@ struct swcr_data {
};
#ifdef _KERNEL
-extern u_int8_t hmac_ipad_buffer[64];
-extern u_int8_t hmac_opad_buffer[64];
+extern u_int8_t *hmac_ipad_buffer;
+extern u_int8_t *hmac_opad_buffer;
#endif /* _KERNEL */
#endif /* _CRYPTO_CRYPTO_H_ */
diff --git a/sys/opencrypto/xform.c b/sys/opencrypto/xform.c
index a24d6da..72c4102 100644
--- a/sys/opencrypto/xform.c
+++ b/sys/opencrypto/xform.c
@@ -187,60 +187,60 @@ struct enc_xform enc_xform_arc4 = {
/* Authentication instances */
struct auth_hash auth_hash_null = {
CRYPTO_NULL_HMAC, "NULL-HMAC",
- 0, 0, 12, sizeof(int), /* NB: context isn't used */
+ 0, 16, 64, sizeof(int), /* NB: context isn't used */
null_init, null_update, null_final
};
-struct auth_hash auth_hash_hmac_md5_96 = {
+struct auth_hash auth_hash_hmac_md5 = {
CRYPTO_MD5_HMAC, "HMAC-MD5",
- 16, 16, 12, sizeof(MD5_CTX),
+ 16, 16, 64, sizeof(MD5_CTX),
(void (*) (void *)) MD5Init, MD5Update_int,
(void (*) (u_int8_t *, void *)) MD5Final
};
-struct auth_hash auth_hash_hmac_sha1_96 = {
+struct auth_hash auth_hash_hmac_sha1 = {
CRYPTO_SHA1_HMAC, "HMAC-SHA1",
- 20, 20, 12, sizeof(SHA1_CTX),
+ 20, 20, 64, sizeof(SHA1_CTX),
SHA1Init_int, SHA1Update_int, SHA1Final_int
};
-struct auth_hash auth_hash_hmac_ripemd_160_96 = {
+struct auth_hash auth_hash_hmac_ripemd_160 = {
CRYPTO_RIPEMD160_HMAC, "HMAC-RIPEMD-160",
- 20, 20, 12, sizeof(RMD160_CTX),
+ 20, 20, 64, sizeof(RMD160_CTX),
(void (*)(void *)) RMD160Init, RMD160Update_int,
(void (*)(u_int8_t *, void *)) RMD160Final
};
struct auth_hash auth_hash_key_md5 = {
CRYPTO_MD5_KPDK, "Keyed MD5",
- 0, 16, 12, sizeof(MD5_CTX),
+ 0, 16, 0, sizeof(MD5_CTX),
(void (*)(void *)) MD5Init, MD5Update_int,
(void (*)(u_int8_t *, void *)) MD5Final
};
struct auth_hash auth_hash_key_sha1 = {
CRYPTO_SHA1_KPDK, "Keyed SHA1",
- 0, 20, 12, sizeof(SHA1_CTX),
+ 0, 20, 0, sizeof(SHA1_CTX),
SHA1Init_int, SHA1Update_int, SHA1Final_int
};
struct auth_hash auth_hash_hmac_sha2_256 = {
- CRYPTO_SHA2_HMAC, "HMAC-SHA2",
- 32, 32, 12, sizeof(SHA256_CTX),
+ CRYPTO_SHA2_256_HMAC, "HMAC-SHA2-256",
+ 32, 32, 64, sizeof(SHA256_CTX),
(void (*)(void *)) SHA256_Init, SHA256Update_int,
(void (*)(u_int8_t *, void *)) SHA256_Final
};
struct auth_hash auth_hash_hmac_sha2_384 = {
- CRYPTO_SHA2_HMAC, "HMAC-SHA2-384",
- 48, 48, 12, sizeof(SHA384_CTX),
+ CRYPTO_SHA2_384_HMAC, "HMAC-SHA2-384",
+ 48, 48, 128, sizeof(SHA384_CTX),
(void (*)(void *)) SHA384_Init, SHA384Update_int,
(void (*)(u_int8_t *, void *)) SHA384_Final
};
struct auth_hash auth_hash_hmac_sha2_512 = {
- CRYPTO_SHA2_HMAC, "HMAC-SHA2-512",
- 64, 64, 12, sizeof(SHA512_CTX),
+ CRYPTO_SHA2_512_HMAC, "HMAC-SHA2-512",
+ 64, 64, 128, sizeof(SHA512_CTX),
(void (*)(void *)) SHA512_Init, SHA512Update_int,
(void (*)(u_int8_t *, void *)) SHA512_Final
};
diff --git a/sys/opencrypto/xform.h b/sys/opencrypto/xform.h
index ae6665b..bdf16ac 100644
--- a/sys/opencrypto/xform.h
+++ b/sys/opencrypto/xform.h
@@ -36,7 +36,7 @@ struct auth_hash {
char *name;
u_int16_t keysize;
u_int16_t hashsize;
- u_int16_t authsize;
+ u_int16_t blocksize;
u_int16_t ctxsize;
void (*Init) (void *);
int (*Update) (void *, u_int8_t *, u_int16_t);
@@ -85,9 +85,9 @@ extern struct enc_xform enc_xform_arc4;
extern struct auth_hash auth_hash_null;
extern struct auth_hash auth_hash_key_md5;
extern struct auth_hash auth_hash_key_sha1;
-extern struct auth_hash auth_hash_hmac_md5_96;
-extern struct auth_hash auth_hash_hmac_sha1_96;
-extern struct auth_hash auth_hash_hmac_ripemd_160_96;
+extern struct auth_hash auth_hash_hmac_md5;
+extern struct auth_hash auth_hash_hmac_sha1;
+extern struct auth_hash auth_hash_hmac_ripemd_160;
extern struct auth_hash auth_hash_hmac_sha2_256;
extern struct auth_hash auth_hash_hmac_sha2_384;
extern struct auth_hash auth_hash_hmac_sha2_512;
OpenPOWER on IntegriCloud