svn commit: r285336 - in head/sys: netipsec opencrypto
George Neville-Neil
gnn at neville-neil.com
Thu Jul 9 21:05:49 UTC 2015
Should have also pointed out that the original version of this patch
comes from pfsense and Ermal (eri@).
Best,
George
On 9 Jul 2015, at 14:16, George V. Neville-Neil wrote:
> Author: gnn
> Date: Thu Jul 9 18:16:35 2015
> New Revision: 285336
> URL: https://svnweb.freebsd.org/changeset/base/285336
>
> Log:
> Add support for AES modes to IPSec. These modes work both in software
> only
> mode and with hardware support on systems that have AESNI
> instructions.
>
> Differential Revision: D2936
> Reviewed by: jmg, eri, cognet
> Sponsored by: Rubicon Communications (Netgate)
>
> Modified:
> head/sys/netipsec/xform_ah.c
> head/sys/netipsec/xform_esp.c
> head/sys/opencrypto/cryptodev.h
> head/sys/opencrypto/xform.c
>
> Modified: head/sys/netipsec/xform_ah.c
> ==============================================================================
> --- head/sys/netipsec/xform_ah.c Thu Jul 9 17:45:08 2015 (r285335)
> +++ head/sys/netipsec/xform_ah.c Thu Jul 9 18:16:35 2015 (r285336)
> @@ -82,11 +82,11 @@
> (((sav)->flags & SADB_X_EXT_OLD) ? \
> sizeof (struct ah) : sizeof (struct ah) + sizeof (u_int32_t))
> /*
> - * Return authenticator size in bytes. The old protocol is known
> - * to use a fixed 16-byte authenticator. The new algorithm use
> 12-byte
> - * authenticator.
> + * Return authenticator size in bytes, based on a field in the
> + * algorithm descriptor.
> */
> -#define AUTHSIZE(sav) ah_authsize(sav)
> +#define AUTHSIZE(sav) \
> + ((sav->flags & SADB_X_EXT_OLD) ? 16 :
> (sav)->tdb_authalgxform->hashsize)
>
> VNET_DEFINE(int, ah_enable) = 1; /* control flow of packets with AH */
> VNET_DEFINE(int, ah_cleartos) = 1; /* clear ip_tos when doing AH calc
> */
> @@ -112,27 +112,6 @@ static unsigned char ipseczeroes[256]; /
> static int ah_input_cb(struct cryptop*);
> static int ah_output_cb(struct cryptop*);
>
> -static int
> -ah_authsize(struct secasvar *sav)
> -{
> -
> - IPSEC_ASSERT(sav != NULL, ("%s: sav == NULL", __func__));
> -
> - if (sav->flags & SADB_X_EXT_OLD)
> - return 16;
> -
> - switch (sav->alg_auth) {
> - case SADB_X_AALG_SHA2_256:
> - return 16;
> - case SADB_X_AALG_SHA2_384:
> - return 24;
> - case SADB_X_AALG_SHA2_512:
> - return 32;
> - default:
> - return AH_HMAC_HASHLEN;
> - }
> - /* NOTREACHED */
> -}
> /*
> * NB: this is public for use by the PF_KEY support.
> */
> @@ -160,6 +139,12 @@ ah_algorithm_lookup(int alg)
> return &auth_hash_hmac_sha2_384;
> case SADB_X_AALG_SHA2_512:
> return &auth_hash_hmac_sha2_512;
> + case SADB_X_AALG_AES128GMAC:
> + return &auth_hash_nist_gmac_aes_128;
> + case SADB_X_AALG_AES192GMAC:
> + return &auth_hash_nist_gmac_aes_192;
> + case SADB_X_AALG_AES256GMAC:
> + return &auth_hash_nist_gmac_aes_256;
> }
> return NULL;
> }
>
> Modified: head/sys/netipsec/xform_esp.c
> ==============================================================================
> --- head/sys/netipsec/xform_esp.c Thu Jul 9 17:45:08 2015 (r285335)
> +++ head/sys/netipsec/xform_esp.c Thu Jul 9 18:16:35 2015 (r285336)
> @@ -121,6 +121,12 @@ esp_algorithm_lookup(int alg)
> return &enc_xform_null;
> case SADB_X_EALG_CAMELLIACBC:
> return &enc_xform_camellia;
> + case SADB_X_EALG_AESCTR:
> + return &enc_xform_aes_icm;
> + case SADB_X_EALG_AESGCM16:
> + return &enc_xform_aes_nist_gcm;
> + case SADB_X_EALG_AESGMAC:
> + return &enc_xform_aes_nist_gmac;
> }
> return NULL;
> }
> @@ -198,7 +204,7 @@ esp_init(struct secasvar *sav, struct xf
> * the ESP header will be processed incorrectly. The
> * compromise is to force it to zero here.
> */
> - sav->ivlen = (txform == &enc_xform_null ? 0 : txform->blocksize);
> + sav->ivlen = (txform == &enc_xform_null ? 0 : txform->ivsize);
> sav->iv = (caddr_t) malloc(sav->ivlen, M_XDATA, M_WAITOK);
> key_randomfill(sav->iv, sav->ivlen); /*XXX*/
>
> @@ -215,11 +221,45 @@ esp_init(struct secasvar *sav, struct xf
> sav->tdb_xform = xsp;
> sav->tdb_encalgxform = txform;
>
> + /*
> + * Whenever AES-GCM is used for encryption, one
> + * of the AES authentication algorithms is chosen
> + * as well, based on the key size.
> + */
> + if (sav->alg_enc == SADB_X_EALG_AESGCM16) {
> + switch (keylen) {
> + case AES_128_HMAC_KEY_LEN:
> + sav->alg_auth = SADB_X_AALG_AES128GMAC;
> + sav->tdb_authalgxform = &auth_hash_nist_gmac_aes_128;
> + break;
> + case AES_192_HMAC_KEY_LEN:
> + sav->alg_auth = SADB_X_AALG_AES192GMAC;
> + sav->tdb_authalgxform = &auth_hash_nist_gmac_aes_192;
> + break;
> + case AES_256_HMAC_KEY_LEN:
> + sav->alg_auth = SADB_X_AALG_AES256GMAC;
> + sav->tdb_authalgxform = &auth_hash_nist_gmac_aes_256;
> + break;
> + default:
> + DPRINTF(("%s: invalid key length %u"
> + "for algorithm %s\n", __func__,
> + keylen, txform->name));
> + return EINVAL;
> + }
> + bzero(&cria, sizeof(cria));
> + cria.cri_alg = sav->tdb_authalgxform->type;
> + cria.cri_klen = _KEYBITS(sav->key_enc) + 4;
> + cria.cri_key = sav->key_enc->key_data;
> + }
> +
> /* Initialize crypto session. */
> bzero(&crie, sizeof (crie));
> crie.cri_alg = sav->tdb_encalgxform->type;
> crie.cri_klen = _KEYBITS(sav->key_enc);
> crie.cri_key = sav->key_enc->key_data;
> + if (sav->alg_enc == SADB_X_EALG_AESGCM16)
> + arc4rand(crie.cri_iv, sav->ivlen, 0);
> +
> /* XXX Rounds ? */
>
> if (sav->tdb_authalgxform && sav->tdb_encalgxform) {
> @@ -289,7 +329,6 @@ esp_input(struct mbuf *m, struct secasva
> m_freem(m);
> return EINVAL;
> }
> -
> /* XXX don't pullup, just copy header */
> IP6_EXTHDR_GET(esp, struct newesp *, m, skip, sizeof (struct
> newesp));
>
> @@ -302,18 +341,7 @@ esp_input(struct mbuf *m, struct secasva
> else
> hlen = sizeof (struct newesp) + sav->ivlen;
> /* Authenticator hash size */
> - if (esph != NULL) {
> - switch (esph->type) {
> - case CRYPTO_SHA2_256_HMAC:
> - case CRYPTO_SHA2_384_HMAC:
> - case CRYPTO_SHA2_512_HMAC:
> - alen = esph->hashsize/2;
> - break;
> - default:
> - alen = AH_HMAC_HASHLEN;
> - break;
> - }
> - }
> + alen = esph ? esph->hashsize : 0;
>
> /*
> * Verify payload length is multiple of encryption algorithm
> @@ -325,13 +353,15 @@ esp_input(struct mbuf *m, struct secasva
> */
> plen = m->m_pkthdr.len - (skip + hlen + alen);
> if ((plen & (espx->blocksize - 1)) || (plen <= 0)) {
> - DPRINTF(("%s: payload of %d octets not a multiple of %d octets,"
> - " SA %s/%08lx\n", __func__,
> - plen, espx->blocksize, ipsec_address(&sav->sah->saidx.dst,
> - buf, sizeof(buf)), (u_long) ntohl(sav->spi)));
> - ESPSTAT_INC(esps_badilen);
> - m_freem(m);
> - return EINVAL;
> + if (!espx || sav->alg_enc != SADB_X_EALG_AESGCM16) {
> + DPRINTF(("%s: payload of %d octets not a multiple of %d octets,"
> + " SA %s/%08lx\n", __func__,
> + plen, espx->blocksize, ipsec_address(&sav->sah->saidx.dst,
> + buf, sizeof(buf)), (u_long) ntohl(sav->spi)));
> + ESPSTAT_INC(esps_badilen);
> + m_freem(m);
> + return EINVAL;
> + }
> }
>
> /*
> @@ -377,12 +407,20 @@ esp_input(struct mbuf *m, struct secasva
>
> /* Authentication descriptor */
> crda->crd_skip = skip;
> - crda->crd_len = m->m_pkthdr.len - (skip + alen);
> + if (espx && espx->type == CRYPTO_AES_NIST_GCM_16)
> + crda->crd_len = hlen - sav->ivlen;
> + else
> + crda->crd_len = m->m_pkthdr.len - (skip + alen);
> crda->crd_inject = m->m_pkthdr.len - alen;
>
> crda->crd_alg = esph->type;
> - crda->crd_key = sav->key_auth->key_data;
> - crda->crd_klen = _KEYBITS(sav->key_auth);
> + if (espx && (espx->type == CRYPTO_AES_NIST_GCM_16)) {
> + crda->crd_key = sav->key_enc->key_data;
> + crda->crd_klen = _KEYBITS(sav->key_enc);
> + } else {
> + crda->crd_key = sav->key_auth->key_data;
> + crda->crd_klen = _KEYBITS(sav->key_auth);
> + }
>
> /* Copy the authenticator */
> m_copydata(m, m->m_pkthdr.len - alen, alen,
> @@ -420,6 +458,9 @@ esp_input(struct mbuf *m, struct secasva
> crde->crd_alg = espx->type;
> crde->crd_key = sav->key_enc->key_data;
> crde->crd_klen = _KEYBITS(sav->key_enc);
> + if (espx && (espx->type == CRYPTO_AES_NIST_GCM_16))
> + crde->crd_flags |= CRD_F_IV_EXPLICIT;
> +
> /* XXX Rounds ? */
>
> return (crypto_dispatch(crp));
> @@ -489,16 +530,7 @@ esp_input_cb(struct cryptop *crp)
>
> /* If authentication was performed, check now. */
> if (esph != NULL) {
> - switch (esph->type) {
> - case CRYPTO_SHA2_256_HMAC:
> - case CRYPTO_SHA2_384_HMAC:
> - case CRYPTO_SHA2_512_HMAC:
> - alen = esph->hashsize/2;
> - break;
> - default:
> - alen = AH_HMAC_HASHLEN;
> - break;
> - }
> + alen = esph->hashsize;
> AHSTAT_INC(ahs_hist[sav->alg_auth]);
> /* Copy the authenticator from the packet */
> m_copydata(m, m->m_pkthdr.len - alen, alen, aalg);
> @@ -663,22 +695,13 @@ esp_output(struct mbuf *m, struct ipsecr
> * NB: The null encoding transform has a blocksize of 4
> * so that headers are properly aligned.
> */
> - blks = espx->blocksize; /* IV blocksize */
> + blks = espx->ivsize; /* IV blocksize */
>
> /* XXX clamp padding length a la KAME??? */
> padding = ((blks - ((rlen + 2) % blks)) % blks) + 2;
>
> if (esph)
> - switch (esph->type) {
> - case CRYPTO_SHA2_256_HMAC:
> - case CRYPTO_SHA2_384_HMAC:
> - case CRYPTO_SHA2_512_HMAC:
> - alen = esph->hashsize/2;
> - break;
> - default:
> - alen = AH_HMAC_HASHLEN;
> - break;
> - }
> + alen = esph->hashsize;
> else
> alen = 0;
>
> @@ -706,6 +729,8 @@ esp_output(struct mbuf *m, struct ipsecr
> error = EPFNOSUPPORT;
> goto bad;
> }
> + DPRINTF(("%s: skip %d hlen %d rlen %d padding %d alen %d blksd
> %d\n",
> + __func__, skip, hlen, rlen, padding, alen, blks));
> if (skip + hlen + rlen + padding + alen > maxpacketsize) {
> DPRINTF(("%s: packet in SA %s/%08lx got too big "
> "(len %u, max len %u)\n", __func__,
> @@ -820,6 +845,8 @@ esp_output(struct mbuf *m, struct ipsecr
> crde->crd_alg = espx->type;
> crde->crd_key = sav->key_enc->key_data;
> crde->crd_klen = _KEYBITS(sav->key_enc);
> + if (espx->type == CRYPTO_AES_NIST_GCM_16)
> + crde->crd_flags |= CRD_F_IV_EXPLICIT;
> /* XXX Rounds ? */
> } else
> crda = crp->crp_desc;
> @@ -854,13 +881,22 @@ esp_output(struct mbuf *m, struct ipsecr
> if (esph) {
> /* Authentication descriptor. */
> crda->crd_skip = skip;
> - crda->crd_len = m->m_pkthdr.len - (skip + alen);
> + if (espx && espx->type == CRYPTO_AES_NIST_GCM_16)
> + crda->crd_len = hlen - sav->ivlen;
> + else
> + crda->crd_len = m->m_pkthdr.len - (skip + alen);
> crda->crd_inject = m->m_pkthdr.len - alen;
>
> /* Authentication operation. */
> crda->crd_alg = esph->type;
> - crda->crd_key = sav->key_auth->key_data;
> - crda->crd_klen = _KEYBITS(sav->key_auth);
> + if (espx && espx->type == CRYPTO_AES_NIST_GCM_16) {
> + crda->crd_key = sav->key_enc->key_data;
> + crda->crd_klen = _KEYBITS(sav->key_enc);
> + } else {
> + crda->crd_key = sav->key_auth->key_data;
> + crda->crd_klen = _KEYBITS(sav->key_auth);
> + }
> +
> }
>
> return crypto_dispatch(crp);
> @@ -953,6 +989,11 @@ esp_output_cb(struct cryptop *crp)
> case CRYPTO_SHA2_512_HMAC:
> alen = esph->hashsize/2;
> break;
> + case CRYPTO_AES_128_GMAC:
> + case CRYPTO_AES_192_GMAC:
> + case CRYPTO_AES_256_GMAC:
> + alen = esph->hashsize;
> + break;
> default:
> alen = AH_HMAC_HASHLEN;
> break;
>
> Modified: head/sys/opencrypto/cryptodev.h
> ==============================================================================
> --- head/sys/opencrypto/cryptodev.h Thu Jul 9 17:45:08 2015 (r285335)
> +++ head/sys/opencrypto/cryptodev.h Thu Jul 9 18:16:35 2015 (r285336)
> @@ -78,6 +78,7 @@
> #define SHA2_512_HASH_LEN 64
> #define MD5_KPDK_HASH_LEN 16
> #define SHA1_KPDK_HASH_LEN 20
> +#define AES_HASH_LEN 16
> /* Maximum hash algorithm result length */
> #define HASH_MAX_LEN SHA2_512_HASH_LEN /* Keep this updated */
>
> @@ -86,28 +87,74 @@
> #define MD5_HMAC_BLOCK_LEN 64
> #define SHA1_HMAC_BLOCK_LEN 64
> #define RIPEMD160_HMAC_BLOCK_LEN 64
> -#define SHA2_256_HMAC_BLOCK_LEN 64
> -#define SHA2_384_HMAC_BLOCK_LEN 128
> -#define SHA2_512_HMAC_BLOCK_LEN 128
> +#define SHA2_256_HMAC_BLOCK_LEN 64
> +#define SHA2_384_HMAC_BLOCK_LEN 128
> +#define SHA2_512_HMAC_BLOCK_LEN 128
> /* Maximum HMAC block length */
> -#define HMAC_MAX_BLOCK_LEN SHA2_512_HMAC_BLOCK_LEN /* Keep this
> updated */
> +#define HMAC_MAX_BLOCK_LEN SHA2_512_HMAC_BLOCK_LEN /* Keep this
> updated */
> #define HMAC_IPAD_VAL 0x36
> #define HMAC_OPAD_VAL 0x5C
> +/* HMAC Key Length */
> +#define NULL_HMAC_KEY_LEN 0
> +#define MD5_HMAC_KEY_LEN 16
> +#define SHA1_HMAC_KEY_LEN 20
> +#define RIPEMD160_HMAC_KEY_LEN 20
> +#define SHA2_256_HMAC_KEY_LEN 32
> +#define SHA2_384_HMAC_KEY_LEN 48
> +#define SHA2_512_HMAC_KEY_LEN 64
> +#define AES_128_HMAC_KEY_LEN 16
> +#define AES_192_HMAC_KEY_LEN 24
> +#define AES_256_HMAC_KEY_LEN 32
>
> /* Encryption algorithm block sizes */
> -#define NULL_BLOCK_LEN 4
> -#define DES_BLOCK_LEN 8
> -#define DES3_BLOCK_LEN 8
> -#define BLOWFISH_BLOCK_LEN 8
> -#define SKIPJACK_BLOCK_LEN 8
> -#define CAST128_BLOCK_LEN 8
> -#define RIJNDAEL128_BLOCK_LEN 16
> -#define AES_BLOCK_LEN RIJNDAEL128_BLOCK_LEN
> -#define CAMELLIA_BLOCK_LEN 16
> -#define EALG_MAX_BLOCK_LEN AES_BLOCK_LEN /* Keep this updated */
> +#define NULL_BLOCK_LEN 4
> +#define DES_BLOCK_LEN 8
> +#define DES3_BLOCK_LEN 8
> +#define BLOWFISH_BLOCK_LEN 8
> +#define SKIPJACK_BLOCK_LEN 8
> +#define CAST128_BLOCK_LEN 8
> +#define RIJNDAEL128_BLOCK_LEN 16
> +#define AES_BLOCK_LEN 16
> +#define AES_MIN_BLOCK_LEN 1
> +#define ARC4_BLOCK_LEN 1
> +#define CAMELLIA_BLOCK_LEN 16
> +#define EALG_MAX_BLOCK_LEN AES_BLOCK_LEN /* Keep this updated */
> +
> +/* IV Lengths */
> +
> +#define ARC4_IV_LEN 1
> +#define AES_IV_LEN 12
> +#define AES_XTS_IV_LEN 8
> +#define AES_XTS_ALPHA 0x87 /* GF(2^128) generator polynomial */
> +
> +#define AES_CTR_NONCE_SIZE 4
> +
> +/* Min and Max Encryption Key Sizes */
> +#define NULL_MIN_KEY 0
> +#define NULL_MAX_KEY 256 /* 2048 bits, max key */
> +#define DES_MIN_KEY 8
> +#define DES_MAX_KEY DES_MIN_KEY
> +#define TRIPLE_DES_MIN_KEY 24
> +#define TRIPLE_DES_MAX_KEY TRIPLE_DES_MIN_KEY
> +#define BLOWFISH_MIN_KEY 5
> +#define BLOWFISH_MAX_KEY 56 /* 448 bits, max key */
> +#define CAST_MIN_KEY 5
> +#define CAST_MAX_KEY 16
> +#define SKIPJACK_MIN_KEY 10
> +#define SKIPJACK_MAX_KEY SKIPJACK_MIN_KEY
> +#define RIJNDAEL_MIN_KEY 16
> +#define RIJNDAEL_MAX_KEY 32
> +#define AES_MIN_KEY 16
> +#define AES_MAX_KEY 32
> +#define AES_XTS_MIN_KEY 32
> +#define AES_XTS_MAX_KEY 64
> +#define ARC4_MIN_KEY 1
> +#define ARC4_MAX_KEY 32
> +#define CAMELLIA_MIN_KEY 8
> +#define CAMELLIA_MAX_KEY 32
>
> /* Maximum hash algorithm result length */
> -#define AALG_MAX_RESULT_LEN 64 /* Keep this updated */
> +#define AALG_MAX_RESULT_LEN 64 /* Keep this updated */
>
> #define CRYPTO_ALGORITHM_MIN 1
> #define CRYPTO_DES_CBC 1
> @@ -141,7 +188,7 @@
> #define CRYPTO_AES_256_NIST_GMAC 28 /* auth side */
> #define CRYPTO_ALGORITHM_MAX 28 /* Keep updated - see below */
>
> -#define CRYPTO_ALGO_VALID(x) ((x) >= CRYPTO_ALGORITHM_MIN && \
> +#define CRYPTO_ALGO_VALID(x) ((x) >= CRYPTO_ALGORITHM_MIN && \
> (x) <= CRYPTO_ALGORITHM_MAX)
>
> /* Algorithm flags */
>
> Modified: head/sys/opencrypto/xform.c
> ==============================================================================
> --- head/sys/opencrypto/xform.c Thu Jul 9 17:45:08 2015 (r285335)
> +++ head/sys/opencrypto/xform.c Thu Jul 9 18:16:35 2015 (r285336)
> @@ -154,7 +154,7 @@ MALLOC_DEFINE(M_XDATA, "xform", "xform d
> struct enc_xform enc_xform_null = {
> CRYPTO_NULL_CBC, "NULL",
> /* NB: blocksize of 4 is to generate a properly aligned ESP header */
> - NULL_BLOCK_LEN, NULL_BLOCK_LEN, 0, 256, /* 2048 bits, max key */
> + NULL_BLOCK_LEN, NULL_BLOCK_LEN, NULL_MIN_KEY, NULL_MAX_KEY,
> null_encrypt,
> null_decrypt,
> null_setkey,
> @@ -164,7 +164,7 @@ struct enc_xform enc_xform_null = {
>
> struct enc_xform enc_xform_des = {
> CRYPTO_DES_CBC, "DES",
> - DES_BLOCK_LEN, DES_BLOCK_LEN, 8, 8,
> + DES_BLOCK_LEN, DES_BLOCK_LEN, DES_MIN_KEY, DES_MAX_KEY,
> des1_encrypt,
> des1_decrypt,
> des1_setkey,
> @@ -174,7 +174,8 @@ struct enc_xform enc_xform_des = {
>
> struct enc_xform enc_xform_3des = {
> CRYPTO_3DES_CBC, "3DES",
> - DES3_BLOCK_LEN, DES3_BLOCK_LEN, 24, 24,
> + DES3_BLOCK_LEN, DES3_BLOCK_LEN, TRIPLE_DES_MIN_KEY,
> + TRIPLE_DES_MAX_KEY,
> des3_encrypt,
> des3_decrypt,
> des3_setkey,
> @@ -184,7 +185,8 @@ struct enc_xform enc_xform_3des = {
>
> struct enc_xform enc_xform_blf = {
> CRYPTO_BLF_CBC, "Blowfish",
> - BLOWFISH_BLOCK_LEN, BLOWFISH_BLOCK_LEN, 5, 56 /* 448 bits, max key
> */,
> + BLOWFISH_BLOCK_LEN, BLOWFISH_BLOCK_LEN, BLOWFISH_MIN_KEY,
> + BLOWFISH_MAX_KEY,
> blf_encrypt,
> blf_decrypt,
> blf_setkey,
> @@ -194,7 +196,7 @@ struct enc_xform enc_xform_blf = {
>
> struct enc_xform enc_xform_cast5 = {
> CRYPTO_CAST_CBC, "CAST-128",
> - CAST128_BLOCK_LEN, CAST128_BLOCK_LEN, 5, 16,
> + CAST128_BLOCK_LEN, CAST128_BLOCK_LEN, CAST_MIN_KEY, CAST_MAX_KEY,
> cast5_encrypt,
> cast5_decrypt,
> cast5_setkey,
> @@ -204,7 +206,8 @@ struct enc_xform enc_xform_cast5 = {
>
> struct enc_xform enc_xform_skipjack = {
> CRYPTO_SKIPJACK_CBC, "Skipjack",
> - SKIPJACK_BLOCK_LEN, SKIPJACK_BLOCK_LEN, 10, 10,
> + SKIPJACK_BLOCK_LEN, SKIPJACK_BLOCK_LEN, SKIPJACK_MIN_KEY,
> + SKIPJACK_MAX_KEY,
> skipjack_encrypt,
> skipjack_decrypt, skipjack_setkey,
> skipjack_zerokey,
> @@ -213,7 +216,8 @@ struct enc_xform enc_xform_skipjack = {
>
> struct enc_xform enc_xform_rijndael128 = {
> CRYPTO_RIJNDAEL128_CBC, "Rijndael-128/AES",
> - RIJNDAEL128_BLOCK_LEN, RIJNDAEL128_BLOCK_LEN, 16, 32,
> + RIJNDAEL128_BLOCK_LEN, RIJNDAEL128_BLOCK_LEN, RIJNDAEL_MIN_KEY,
> + RIJNDAEL_MAX_KEY,
> rijndael128_encrypt,
> rijndael128_decrypt,
> rijndael128_setkey,
> @@ -223,7 +227,7 @@ struct enc_xform enc_xform_rijndael128 =
>
> struct enc_xform enc_xform_aes_icm = {
> CRYPTO_AES_ICM, "AES-ICM",
> - RIJNDAEL128_BLOCK_LEN, RIJNDAEL128_BLOCK_LEN, 16, 32,
> + RIJNDAEL128_BLOCK_LEN, RIJNDAEL128_BLOCK_LEN, AES_MIN_KEY,
> AES_MAX_KEY,
> aes_icm_crypt,
> aes_icm_crypt,
> aes_icm_setkey,
> @@ -233,7 +237,7 @@ struct enc_xform enc_xform_aes_icm = {
>
> struct enc_xform enc_xform_aes_nist_gcm = {
> CRYPTO_AES_NIST_GCM_16, "AES-GCM",
> - 1, 12, 16, 32,
> + AES_MIN_BLOCK_LEN, AES_IV_LEN, AES_MIN_KEY, AES_MAX_KEY,
> aes_icm_crypt,
> aes_icm_crypt,
> aes_icm_setkey,
> @@ -243,7 +247,7 @@ struct enc_xform enc_xform_aes_nist_gcm
>
> struct enc_xform enc_xform_aes_nist_gmac = {
> CRYPTO_AES_NIST_GMAC, "AES-GMAC",
> - 1, 12, 16, 32,
> + AES_MIN_BLOCK_LEN, AES_IV_LEN, AES_MIN_KEY, AES_MAX_KEY,
> NULL,
> NULL,
> NULL,
> @@ -253,7 +257,7 @@ struct enc_xform enc_xform_aes_nist_gmac
>
> struct enc_xform enc_xform_aes_xts = {
> CRYPTO_AES_XTS, "AES-XTS",
> - RIJNDAEL128_BLOCK_LEN, 8, 32, 64,
> + AES_MIN_BLOCK_LEN, AES_XTS_IV_LEN, AES_XTS_MIN_KEY, AES_XTS_MAX_KEY,
> aes_xts_encrypt,
> aes_xts_decrypt,
> aes_xts_setkey,
> @@ -263,7 +267,7 @@ struct enc_xform enc_xform_aes_xts = {
>
> struct enc_xform enc_xform_arc4 = {
> CRYPTO_ARC4, "ARC4",
> - 1, 1, 1, 32,
> + ARC4_BLOCK_LEN, ARC4_IV_LEN, ARC4_MIN_KEY, ARC4_MAX_KEY,
> NULL,
> NULL,
> NULL,
> @@ -273,7 +277,8 @@ struct enc_xform enc_xform_arc4 = {
>
> struct enc_xform enc_xform_camellia = {
> CRYPTO_CAMELLIA_CBC, "Camellia",
> - CAMELLIA_BLOCK_LEN, CAMELLIA_BLOCK_LEN, 8, 32,
> + CAMELLIA_BLOCK_LEN, CAMELLIA_BLOCK_LEN, CAMELLIA_MIN_KEY,
> + CAMELLIA_MAX_KEY,
> cml_encrypt,
> cml_decrypt,
> cml_setkey,
> @@ -284,67 +289,72 @@ struct enc_xform enc_xform_camellia = {
> /* Authentication instances */
> struct auth_hash auth_hash_null = { /* NB: context isn't used */
> CRYPTO_NULL_HMAC, "NULL-HMAC",
> - 0, NULL_HASH_LEN, sizeof(int), NULL_HMAC_BLOCK_LEN,
> + NULL_HMAC_KEY_LEN, NULL_HASH_LEN, sizeof(int), NULL_HMAC_BLOCK_LEN,
> null_init, null_reinit, null_reinit, null_update, null_final
> };
>
> struct auth_hash auth_hash_hmac_md5 = {
> CRYPTO_MD5_HMAC, "HMAC-MD5",
> - 16, MD5_HASH_LEN, sizeof(MD5_CTX), MD5_HMAC_BLOCK_LEN,
> + MD5_HMAC_KEY_LEN, MD5_HASH_LEN, sizeof(MD5_CTX), MD5_HMAC_BLOCK_LEN,
> (void (*) (void *)) MD5Init, NULL, NULL, MD5Update_int,
> (void (*) (u_int8_t *, void *)) MD5Final
> };
>
> struct auth_hash auth_hash_hmac_sha1 = {
> CRYPTO_SHA1_HMAC, "HMAC-SHA1",
> - 20, SHA1_HASH_LEN, sizeof(SHA1_CTX), SHA1_HMAC_BLOCK_LEN,
> + SHA1_HMAC_KEY_LEN, SHA1_HASH_LEN, sizeof(SHA1_CTX),
> SHA1_HMAC_BLOCK_LEN,
> SHA1Init_int, NULL, NULL, SHA1Update_int, SHA1Final_int
> };
>
> struct auth_hash auth_hash_hmac_ripemd_160 = {
> CRYPTO_RIPEMD160_HMAC, "HMAC-RIPEMD-160",
> - 20, RIPEMD160_HASH_LEN, sizeof(RMD160_CTX),
> RIPEMD160_HMAC_BLOCK_LEN,
> + RIPEMD160_HMAC_KEY_LEN, RIPEMD160_HASH_LEN, sizeof(RMD160_CTX),
> + RIPEMD160_HMAC_BLOCK_LEN,
> (void (*)(void *)) RMD160Init, NULL, NULL, RMD160Update_int,
> (void (*)(u_int8_t *, void *)) RMD160Final
> };
>
> struct auth_hash auth_hash_key_md5 = {
> CRYPTO_MD5_KPDK, "Keyed MD5",
> - 0, MD5_KPDK_HASH_LEN, sizeof(MD5_CTX), 0,
> + NULL_HMAC_KEY_LEN, MD5_KPDK_HASH_LEN, sizeof(MD5_CTX), 0,
> (void (*)(void *)) MD5Init, NULL, NULL, MD5Update_int,
> (void (*)(u_int8_t *, void *)) MD5Final
> };
>
> struct auth_hash auth_hash_key_sha1 = {
> CRYPTO_SHA1_KPDK, "Keyed SHA1",
> - 0, SHA1_KPDK_HASH_LEN, sizeof(SHA1_CTX), 0,
> + NULL_HMAC_KEY_LEN, SHA1_KPDK_HASH_LEN, sizeof(SHA1_CTX), 0,
> SHA1Init_int, NULL, NULL, SHA1Update_int, SHA1Final_int
> };
>
> struct auth_hash auth_hash_hmac_sha2_256 = {
> CRYPTO_SHA2_256_HMAC, "HMAC-SHA2-256",
> - 32, SHA2_256_HASH_LEN, sizeof(SHA256_CTX), SHA2_256_HMAC_BLOCK_LEN,
> + SHA2_256_HMAC_KEY_LEN, SHA2_256_HASH_LEN, sizeof(SHA256_CTX),
> + SHA2_256_HMAC_BLOCK_LEN,
> (void (*)(void *)) SHA256_Init, NULL, NULL, SHA256Update_int,
> (void (*)(u_int8_t *, void *)) SHA256_Final
> };
>
> struct auth_hash auth_hash_hmac_sha2_384 = {
> CRYPTO_SHA2_384_HMAC, "HMAC-SHA2-384",
> - 48, SHA2_384_HASH_LEN, sizeof(SHA384_CTX), SHA2_384_HMAC_BLOCK_LEN,
> + SHA2_384_HMAC_KEY_LEN, SHA2_384_HASH_LEN, sizeof(SHA384_CTX),
> + SHA2_384_HMAC_BLOCK_LEN,
> (void (*)(void *)) SHA384_Init, NULL, NULL, SHA384Update_int,
> (void (*)(u_int8_t *, void *)) SHA384_Final
> };
>
> struct auth_hash auth_hash_hmac_sha2_512 = {
> CRYPTO_SHA2_512_HMAC, "HMAC-SHA2-512",
> - 64, SHA2_512_HASH_LEN, sizeof(SHA512_CTX), SHA2_512_HMAC_BLOCK_LEN,
> + SHA2_512_HMAC_KEY_LEN, SHA2_512_HASH_LEN, sizeof(SHA512_CTX),
> + SHA2_512_HMAC_BLOCK_LEN,
> (void (*)(void *)) SHA512_Init, NULL, NULL, SHA512Update_int,
> (void (*)(u_int8_t *, void *)) SHA512_Final
> };
>
> struct auth_hash auth_hash_nist_gmac_aes_128 = {
> CRYPTO_AES_128_NIST_GMAC, "GMAC-AES-128",
> - 16, 16, sizeof(struct aes_gmac_ctx), GMAC_BLOCK_LEN,
> + AES_128_HMAC_KEY_LEN, AES_HASH_LEN, sizeof(struct aes_gmac_ctx),
> + GMAC_BLOCK_LEN,
> (void (*)(void *)) AES_GMAC_Init,
> (void (*)(void *, const u_int8_t *, u_int16_t)) AES_GMAC_Setkey,
> (void (*)(void *, const u_int8_t *, u_int16_t)) AES_GMAC_Reinit,
> @@ -354,7 +364,8 @@ struct auth_hash auth_hash_nist_gmac_aes
>
> struct auth_hash auth_hash_nist_gmac_aes_192 = {
> CRYPTO_AES_192_NIST_GMAC, "GMAC-AES-192",
> - 24, 16, sizeof(struct aes_gmac_ctx), GMAC_BLOCK_LEN,
> + AES_192_HMAC_KEY_LEN, AES_HASH_LEN, sizeof(struct aes_gmac_ctx),
> + GMAC_BLOCK_LEN,
> (void (*)(void *)) AES_GMAC_Init,
> (void (*)(void *, const u_int8_t *, u_int16_t)) AES_GMAC_Setkey,
> (void (*)(void *, const u_int8_t *, u_int16_t)) AES_GMAC_Reinit,
> @@ -364,7 +375,8 @@ struct auth_hash auth_hash_nist_gmac_aes
>
> struct auth_hash auth_hash_nist_gmac_aes_256 = {
> CRYPTO_AES_256_NIST_GMAC, "GMAC-AES-256",
> - 32, 16, sizeof(struct aes_gmac_ctx), GMAC_BLOCK_LEN,
> + AES_256_HMAC_KEY_LEN, AES_HASH_LEN, sizeof(struct aes_gmac_ctx),
> + GMAC_BLOCK_LEN,
> (void (*)(void *)) AES_GMAC_Init,
> (void (*)(void *, const u_int8_t *, u_int16_t)) AES_GMAC_Setkey,
> (void (*)(void *, const u_int8_t *, u_int16_t)) AES_GMAC_Reinit,
More information about the svn-src-all
mailing list