summaryrefslogtreecommitdiffstats
path: root/sys/opencrypto/xform.c
Commit message (Collapse)AuthorAgeFilesLines
* Retire the MALLOC and FREE macros. They are an abomination unto style(9).des2008-10-231-14/+14
| | | | MFC after: 3 months
* Integrate the Camellia Block Cipher. For more information see RFC 4132gnn2007-05-091-0/+53
| | | | | | | and its bibliography. Submitted by: Tomoyuki Okazaki <okazaki at kick dot gr dot jp> MFC after: 1 month
* Use newly added defines instead of magic values.pjd2006-06-041-16/+16
|
* - Fix a very old bug in HMAC/SHA{384,512}. When HMAC is using SHA384pjd2006-05-171-15/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | or SHA512, the blocksize is 128 bytes, not 64 bytes as anywhere else. The bug also exists in NetBSD, OpenBSD and various other independed implementations I look at. - We cannot decide which hash function to use for HMAC based on the key length, because any HMAC function can use any key length. To fix it split CRYPTO_SHA2_HMAC into three algorithm: CRYPTO_SHA2_256_HMAC, CRYPTO_SHA2_384_HMAC and CRYPTO_SHA2_512_HMAC. Those names are consistent with OpenBSD's naming. - Remove authsize field from auth_hash structure. - Allow consumer to define size of hash he wants to receive. This allows to use HMAC not only for IPsec, where 96 bits MAC is requested. The size of requested MAC is defined at newsession time in the cri_mlen field - when 0, entire MAC will be returned. - Add swcr_authprepare() function which prepares authentication key. - Allow to provide key for every authentication operation, not only at newsession time by honoring CRD_F_KEY_EXPLICIT flag. - Make giving key at newsession time optional - don't try to operate on it if its NULL. - Extend COPYBACK()/COPYDATA() macros to handle CRYPTO_BUF_CONTIG buffer type as well. - Accept CRYPTO_BUF_IOV buffer type in swcr_authcompute() as we have cuio_apply() now. - 16 bits for key length (SW_klen) is more than enough. Reviewed by: sam
* Check key size for rijndael, as invalid key size can lead to kernel panic.pjd2005-08-161-0/+2
| | | | | | | | | It checked other algorithms against this bug and it seems they aren't affected. Reported by: Mike Tancsa <mike@sentex.net> PR: i386/84860 Reviewed by: phk, cperciva(x2)
* just use crypto/rijndael, and nuke opencrypto/rindael.[ch].ume2005-03-111-1/+1
| | | | | | the two became almost identical since latest KAME merge. Discussed with: sam
* - use 1/2 space for rijndael context in ipsecume2005-03-111-6/+5
| | | | | | | | - rijndael_set_key() always sets up full context - rijndaelKeySetupDec() gets back original protoype Reviewed by: sam Obtained from: OpenBSD
* /* -> /*- for license, minor formatting changesimp2005-01-071-1/+1
|
* Use __FBSDID().obrien2003-06-111-1/+3
|
* In-kernel crypto framework derived from openbsd. This facility providessam2002-10-041-0/+629
a consistent interface to h/w and s/w crypto algorithms for use by the kernel and (for h/w at least) by user-mode apps. Access for user-level code is through a /dev/crypto device that'll eventually be used by openssl to (potentially) accelerate many applications. Coming soon is an IPsec that makes use of this service to accelerate ESP, AH, and IPCOMP protocols. Included here is the "core" crypto support, /dev/crypto driver, various crypto algorithms that are not already present in the KAME crypto area, and support routines used by crypto device drivers. Obtained from: openbsd
OpenPOWER on IntegriCloud