Author: gnn
Date: Thu Jul 9 18:16:35 2015
New Revision: 285336
URL: https://svnweb.freebsd.org/changeset/base/285336
Log:
Add support for AES modes to IPSec. These modes work both in software only
mode and with hardware support on systems that have AESNI instructions.
Differential Revision: D2936
Reviewed by: jmg, eri, cognet
Sponsored by: Rubicon Communications (Netgate)
Modified:
head/sys/netipsec/xform_ah.c
head/sys/netipsec/xform_esp.c
head/sys/opencrypto/cryptodev.h
head/sys/opencrypto/xform.c
Modified: head/sys/netipsec/xform_ah.c
==============================================================================
--- head/sys/netipsec/xform_ah.c Thu Jul 9 17:45:08 2015
(r285335)
+++ head/sys/netipsec/xform_ah.c Thu Jul 9 18:16:35 2015
(r285336)
@@ -82,11 +82,11 @@
(((sav)->flags & SADB_X_EXT_OLD) ? \
sizeof (struct ah) : sizeof (struct ah) + sizeof (u_int32_t))
/*
- * Return authenticator size in bytes. The old protocol is known
- * to use a fixed 16-byte authenticator. The new algorithm use 12-byte
- * authenticator.
+ * Return authenticator size in bytes, based on a field in the
+ * algorithm descriptor.
*/
-#define AUTHSIZE(sav) ah_authsize(sav)
+#define AUTHSIZE(sav) \
+ ((sav->flags & SADB_X_EXT_OLD) ? 16 : (sav)->tdb_authalgxform->hashsize)
VNET_DEFINE(int, ah_enable) = 1; /* control flow of packets with AH */
VNET_DEFINE(int, ah_cleartos) = 1; /* clear ip_tos when doing AH calc */
@@ -112,27 +112,6 @@ static unsigned char ipseczeroes[256]; /
static int ah_input_cb(struct cryptop*);
static int ah_output_cb(struct cryptop*);
-static int
-ah_authsize(struct secasvar *sav)
-{
-
- IPSEC_ASSERT(sav != NULL, ("%s: sav == NULL", __func__));
-
- if (sav->flags & SADB_X_EXT_OLD)
- return 16;
-
- switch (sav->alg_auth) {
- case SADB_X_AALG_SHA2_256:
- return 16;
- case SADB_X_AALG_SHA2_384:
- return 24;
- case SADB_X_AALG_SHA2_512:
- return 32;
- default:
- return AH_HMAC_HASHLEN;
- }
- /* NOTREACHED */
-}
/*
* NB: this is public for use by the PF_KEY support.
*/
@@ -160,6 +139,12 @@ ah_algorithm_lookup(int alg)
return &auth_hash_hmac_sha2_384;
case SADB_X_AALG_SHA2_512:
return &auth_hash_hmac_sha2_512;
+ case SADB_X_AALG_AES128GMAC:
+ return &auth_hash_nist_gmac_aes_128;
+ case SADB_X_AALG_AES192GMAC:
+ return &auth_hash_nist_gmac_aes_192;
+ case SADB_X_AALG_AES256GMAC:
+ return &auth_hash_nist_gmac_aes_256;
}
return NULL;
}
Modified: head/sys/netipsec/xform_esp.c
==============================================================================
--- head/sys/netipsec/xform_esp.c Thu Jul 9 17:45:08 2015
(r285335)
+++ head/sys/netipsec/xform_esp.c Thu Jul 9 18:16:35 2015
(r285336)
@@ -121,6 +121,12 @@ esp_algorithm_lookup(int alg)
return &enc_xform_null;
case SADB_X_EALG_CAMELLIACBC:
return &enc_xform_camellia;
+ case SADB_X_EALG_AESCTR:
+ return &enc_xform_aes_icm;
+ case SADB_X_EALG_AESGCM16:
+ return &enc_xform_aes_nist_gcm;
+ case SADB_X_EALG_AESGMAC:
+ return &enc_xform_aes_nist_gmac;
}
return NULL;
}
@@ -198,7 +204,7 @@ esp_init(struct secasvar *sav, struct xf
* the ESP header will be processed incorrectly. The
* compromise is to force it to zero here.
*/
- sav->ivlen = (txform == &enc_xform_null ? 0 : txform->blocksize);
+ sav->ivlen = (txform == &enc_xform_null ? 0 : txform->ivsize);
sav->iv = (caddr_t) malloc(sav->ivlen, M_XDATA, M_WAITOK);
key_randomfill(sav->iv, sav->ivlen); /*XXX*/
@@ -215,11 +221,45 @@ esp_init(struct secasvar *sav, struct xf
sav->tdb_xform = xsp;
sav->tdb_encalgxform = txform;
+ /*
+ * Whenever AES-GCM is used for encryption, one
+ * of the AES authentication algorithms is chosen
+ * as well, based on the key size.
+ */
+ if (sav->alg_enc == SADB_X_EALG_AESGCM16) {
+ switch (keylen) {
+ case AES_128_HMAC_KEY_LEN:
+ sav->alg_auth = SADB_X_AALG_AES128GMAC;
+ sav->tdb_authalgxform = &auth_hash_nist_gmac_aes_128;
+ break;
+ case AES_192_HMAC_KEY_LEN:
+ sav->alg_auth = SADB_X_AALG_AES192GMAC;
+ sav->tdb_authalgxform = &auth_hash_nist_gmac_aes_192;
+ break;
+ case AES_256_HMAC_KEY_LEN:
+ sav->alg_auth = SADB_X_AALG_AES256GMAC;
+ sav->tdb_authalgxform = &auth_hash_nist_gmac_aes_256;
+ break;
+ default:
+ DPRINTF(("%s: invalid key length %u"
+ "for algorithm %s\n", __func__,
+ keylen, txform->name));
+ return EINVAL;
+ }
+ bzero(&cria, sizeof(cria));
+ cria.cri_alg = sav->tdb_authalgxform->type;
+ cria.cri_klen = _KEYBITS(sav->key_enc) + 4;
+ cria.cri_key = sav->key_enc->key_data;
+ }
+
/* Initialize crypto session. */
bzero(&crie, sizeof (crie));
crie.cri_alg = sav->tdb_encalgxform->type;
crie.cri_klen = _KEYBITS(sav->key_enc);
crie.cri_key = sav->key_enc->key_data;
+ if (sav->alg_enc == SADB_X_EALG_AESGCM16)
+ arc4rand(crie.cri_iv, sav->ivlen, 0);
+
/* XXX Rounds ? */
if (sav->tdb_authalgxform && sav->tdb_encalgxform) {
@@ -289,7 +329,6 @@ esp_input(struct mbuf *m, struct secasva
m_freem(m);
return EINVAL;
}
-
/* XXX don't pullup, just copy header */
IP6_EXTHDR_GET(esp, struct newesp *, m, skip, sizeof (struct newesp));
@@ -302,18 +341,7 @@ esp_input(struct mbuf *m, struct secasva
else
hlen = sizeof (struct newesp) + sav->ivlen;
/* Authenticator hash size */
- if (esph != NULL) {
- switch (esph->type) {
- case CRYPTO_SHA2_256_HMAC:
- case CRYPTO_SHA2_384_HMAC:
- case CRYPTO_SHA2_512_HMAC:
- alen = esph->hashsize/2;
- break;
- default:
- alen = AH_HMAC_HASHLEN;
- break;
- }
- }
+ alen = esph ? esph->hashsize : 0;
/*
* Verify payload length is multiple of encryption algorithm
@@ -325,13 +353,15 @@ esp_input(struct mbuf *m, struct secasva
*/
plen = m->m_pkthdr.len - (skip + hlen + alen);
if ((plen & (espx->blocksize - 1)) || (plen <= 0)) {
- DPRINTF(("%s: payload of %d octets not a multiple of %d octets,"
- " SA %s/%08lx\n", __func__,
- plen, espx->blocksize, ipsec_address(&sav->sah->saidx.dst,
- buf, sizeof(buf)), (u_long) ntohl(sav->spi)));
- ESPSTAT_INC(esps_badilen);
- m_freem(m);
- return EINVAL;
+ if (!espx || sav->alg_enc != SADB_X_EALG_AESGCM16) {
+ DPRINTF(("%s: payload of %d octets not a multiple of %d
octets,"
+ " SA %s/%08lx\n", __func__,
+ plen, espx->blocksize,
ipsec_address(&sav->sah->saidx.dst,
+ buf, sizeof(buf)), (u_long) ntohl(sav->spi)));
+ ESPSTAT_INC(esps_badilen);
+ m_freem(m);
+ return EINVAL;
+ }
}
/*
@@ -377,12 +407,20 @@ esp_input(struct mbuf *m, struct secasva
/* Authentication descriptor */
crda->crd_skip = skip;
- crda->crd_len = m->m_pkthdr.len - (skip + alen);
+ if (espx && espx->type == CRYPTO_AES_NIST_GCM_16)
+ crda->crd_len = hlen - sav->ivlen;
+ else
+ crda->crd_len = m->m_pkthdr.len - (skip + alen);
crda->crd_inject = m->m_pkthdr.len - alen;
crda->crd_alg = esph->type;
- crda->crd_key = sav->key_auth->key_data;
- crda->crd_klen = _KEYBITS(sav->key_auth);
+ if (espx && (espx->type == CRYPTO_AES_NIST_GCM_16)) {
+ crda->crd_key = sav->key_enc->key_data;
+ crda->crd_klen = _KEYBITS(sav->key_enc);
+ } else {
+ crda->crd_key = sav->key_auth->key_data;
+ crda->crd_klen = _KEYBITS(sav->key_auth);
+ }
/* Copy the authenticator */
m_copydata(m, m->m_pkthdr.len - alen, alen,
@@ -420,6 +458,9 @@ esp_input(struct mbuf *m, struct secasva
crde->crd_alg = espx->type;
crde->crd_key = sav->key_enc->key_data;
crde->crd_klen = _KEYBITS(sav->key_enc);
+ if (espx && (espx->type == CRYPTO_AES_NIST_GCM_16))
+ crde->crd_flags |= CRD_F_IV_EXPLICIT;
+
/* XXX Rounds ? */
return (crypto_dispatch(crp));
@@ -489,16 +530,7 @@ esp_input_cb(struct cryptop *crp)
/* If authentication was performed, check now. */
if (esph != NULL) {
- switch (esph->type) {
- case CRYPTO_SHA2_256_HMAC:
- case CRYPTO_SHA2_384_HMAC:
- case CRYPTO_SHA2_512_HMAC:
- alen = esph->hashsize/2;
- break;
- default:
- alen = AH_HMAC_HASHLEN;
- break;
- }
+ alen = esph->hashsize;
AHSTAT_INC(ahs_hist[sav->alg_auth]);
/* Copy the authenticator from the packet */
m_copydata(m, m->m_pkthdr.len - alen, alen, aalg);
@@ -663,22 +695,13 @@ esp_output(struct mbuf *m, struct ipsecr
* NB: The null encoding transform has a blocksize of 4
* so that headers are properly aligned.
*/
- blks = espx->blocksize; /* IV blocksize */
+ blks = espx->ivsize; /* IV blocksize */
/* XXX clamp padding length a la KAME??? */
padding = ((blks - ((rlen + 2) % blks)) % blks) + 2;
if (esph)
- switch (esph->type) {
- case CRYPTO_SHA2_256_HMAC:
- case CRYPTO_SHA2_384_HMAC:
- case CRYPTO_SHA2_512_HMAC:
- alen = esph->hashsize/2;
- break;
- default:
- alen = AH_HMAC_HASHLEN;
- break;
- }
+ alen = esph->hashsize;
else
alen = 0;
@@ -706,6 +729,8 @@ esp_output(struct mbuf *m, struct ipsecr
error = EPFNOSUPPORT;
goto bad;
}
+ DPRINTF(("%s: skip %d hlen %d rlen %d padding %d alen %d blksd %d\n",
+ __func__, skip, hlen, rlen, padding, alen, blks));
if (skip + hlen + rlen + padding + alen > maxpacketsize) {
DPRINTF(("%s: packet in SA %s/%08lx got too big "
"(len %u, max len %u)\n", __func__,
@@ -820,6 +845,8 @@ esp_output(struct mbuf *m, struct ipsecr
crde->crd_alg = espx->type;
crde->crd_key = sav->key_enc->key_data;
crde->crd_klen = _KEYBITS(sav->key_enc);
+ if (espx->type == CRYPTO_AES_NIST_GCM_16)
+ crde->crd_flags |= CRD_F_IV_EXPLICIT;
/* XXX Rounds ? */
} else
crda = crp->crp_desc;
@@ -854,13 +881,22 @@ esp_output(struct mbuf *m, struct ipsecr
if (esph) {
/* Authentication descriptor. */
crda->crd_skip = skip;
- crda->crd_len = m->m_pkthdr.len - (skip + alen);
+ if (espx && espx->type == CRYPTO_AES_NIST_GCM_16)
+ crda->crd_len = hlen - sav->ivlen;
+ else
+ crda->crd_len = m->m_pkthdr.len - (skip + alen);
crda->crd_inject = m->m_pkthdr.len - alen;
/* Authentication operation. */
crda->crd_alg = esph->type;
- crda->crd_key = sav->key_auth->key_data;
- crda->crd_klen = _KEYBITS(sav->key_auth);
+ if (espx && espx->type == CRYPTO_AES_NIST_GCM_16) {
+ crda->crd_key = sav->key_enc->key_data;
+ crda->crd_klen = _KEYBITS(sav->key_enc);
+ } else {
+ crda->crd_key = sav->key_auth->key_data;
+ crda->crd_klen = _KEYBITS(sav->key_auth);
+ }
+
}
return crypto_dispatch(crp);
@@ -953,6 +989,11 @@ esp_output_cb(struct cryptop *crp)
case CRYPTO_SHA2_512_HMAC:
alen = esph->hashsize/2;
break;
+ case CRYPTO_AES_128_GMAC:
+ case CRYPTO_AES_192_GMAC:
+ case CRYPTO_AES_256_GMAC:
+ alen = esph->hashsize;
+ break;
default:
alen = AH_HMAC_HASHLEN;
break;
Modified: head/sys/opencrypto/cryptodev.h
==============================================================================
--- head/sys/opencrypto/cryptodev.h Thu Jul 9 17:45:08 2015
(r285335)
+++ head/sys/opencrypto/cryptodev.h Thu Jul 9 18:16:35 2015
(r285336)
@@ -78,6 +78,7 @@
#define SHA2_512_HASH_LEN 64
#define MD5_KPDK_HASH_LEN 16
#define SHA1_KPDK_HASH_LEN 20
+#define AES_HASH_LEN 16
/* Maximum hash algorithm result length */
#define HASH_MAX_LEN SHA2_512_HASH_LEN /* Keep this updated
*/
@@ -86,28 +87,74 @@
#define MD5_HMAC_BLOCK_LEN 64
#define SHA1_HMAC_BLOCK_LEN 64
#define RIPEMD160_HMAC_BLOCK_LEN 64
-#define SHA2_256_HMAC_BLOCK_LEN 64
-#define SHA2_384_HMAC_BLOCK_LEN 128
-#define SHA2_512_HMAC_BLOCK_LEN 128
+#define SHA2_256_HMAC_BLOCK_LEN 64
+#define SHA2_384_HMAC_BLOCK_LEN 128
+#define SHA2_512_HMAC_BLOCK_LEN 128
/* Maximum HMAC block length */
-#define HMAC_MAX_BLOCK_LEN SHA2_512_HMAC_BLOCK_LEN /* Keep
this updated */
+#define HMAC_MAX_BLOCK_LEN SHA2_512_HMAC_BLOCK_LEN /* Keep this
updated */
#define HMAC_IPAD_VAL 0x36
#define HMAC_OPAD_VAL 0x5C
+/* HMAC Key Length */
+#define NULL_HMAC_KEY_LEN 0
+#define MD5_HMAC_KEY_LEN 16
+#define SHA1_HMAC_KEY_LEN 20
+#define RIPEMD160_HMAC_KEY_LEN 20
+#define SHA2_256_HMAC_KEY_LEN 32
+#define SHA2_384_HMAC_KEY_LEN 48
+#define SHA2_512_HMAC_KEY_LEN 64
+#define AES_128_HMAC_KEY_LEN 16
+#define AES_192_HMAC_KEY_LEN 24
+#define AES_256_HMAC_KEY_LEN 32
/* Encryption algorithm block sizes */
-#define NULL_BLOCK_LEN 4
-#define DES_BLOCK_LEN 8
-#define DES3_BLOCK_LEN 8
-#define BLOWFISH_BLOCK_LEN 8
-#define SKIPJACK_BLOCK_LEN 8
-#define CAST128_BLOCK_LEN 8
-#define RIJNDAEL128_BLOCK_LEN 16
-#define AES_BLOCK_LEN RIJNDAEL128_BLOCK_LEN
-#define CAMELLIA_BLOCK_LEN 16
-#define EALG_MAX_BLOCK_LEN AES_BLOCK_LEN /* Keep this updated */
+#define NULL_BLOCK_LEN 4
+#define DES_BLOCK_LEN 8
+#define DES3_BLOCK_LEN 8
+#define BLOWFISH_BLOCK_LEN 8
+#define SKIPJACK_BLOCK_LEN 8
+#define CAST128_BLOCK_LEN 8
+#define RIJNDAEL128_BLOCK_LEN 16
+#define AES_BLOCK_LEN 16
+#define AES_MIN_BLOCK_LEN 1
+#define ARC4_BLOCK_LEN 1
+#define CAMELLIA_BLOCK_LEN 16
+#define EALG_MAX_BLOCK_LEN AES_BLOCK_LEN /* Keep this updated */
+
+/* IV Lengths */
+
+#define ARC4_IV_LEN 1
+#define AES_IV_LEN 12
+#define AES_XTS_IV_LEN 8
+#define AES_XTS_ALPHA 0x87 /* GF(2^128) generator
polynomial */
+
+#define AES_CTR_NONCE_SIZE 4
+
+/* Min and Max Encryption Key Sizes */
+#define NULL_MIN_KEY 0
+#define NULL_MAX_KEY 256 /* 2048 bits, max key */
+#define DES_MIN_KEY 8
+#define DES_MAX_KEY DES_MIN_KEY
+#define TRIPLE_DES_MIN_KEY 24
+#define TRIPLE_DES_MAX_KEY TRIPLE_DES_MIN_KEY
+#define BLOWFISH_MIN_KEY 5
+#define BLOWFISH_MAX_KEY 56 /* 448 bits, max key */
+#define CAST_MIN_KEY 5
+#define CAST_MAX_KEY 16
+#define SKIPJACK_MIN_KEY 10
+#define SKIPJACK_MAX_KEY SKIPJACK_MIN_KEY
+#define RIJNDAEL_MIN_KEY 16
+#define RIJNDAEL_MAX_KEY 32
+#define AES_MIN_KEY 16
+#define AES_MAX_KEY 32
+#define AES_XTS_MIN_KEY 32
+#define AES_XTS_MAX_KEY 64
+#define ARC4_MIN_KEY 1
+#define ARC4_MAX_KEY 32
+#define CAMELLIA_MIN_KEY 8
+#define CAMELLIA_MAX_KEY 32
/* Maximum hash algorithm result length */
-#define AALG_MAX_RESULT_LEN 64 /* Keep this updated */
+#define AALG_MAX_RESULT_LEN 64 /* Keep this updated */
#define CRYPTO_ALGORITHM_MIN 1
#define CRYPTO_DES_CBC 1
@@ -141,7 +188,7 @@
#define CRYPTO_AES_256_NIST_GMAC 28 /* auth side */
#define CRYPTO_ALGORITHM_MAX 28 /* Keep updated - see below */
-#define CRYPTO_ALGO_VALID(x) ((x) >= CRYPTO_ALGORITHM_MIN && \
+#define CRYPTO_ALGO_VALID(x) ((x) >= CRYPTO_ALGORITHM_MIN && \
(x) <= CRYPTO_ALGORITHM_MAX)
/* Algorithm flags */
Modified: head/sys/opencrypto/xform.c
==============================================================================
--- head/sys/opencrypto/xform.c Thu Jul 9 17:45:08 2015 (r285335)
+++ head/sys/opencrypto/xform.c Thu Jul 9 18:16:35 2015 (r285336)
@@ -154,7 +154,7 @@ MALLOC_DEFINE(M_XDATA, "xform", "xform d
struct enc_xform enc_xform_null = {
CRYPTO_NULL_CBC, "NULL",
/* NB: blocksize of 4 is to generate a properly aligned ESP header */
- NULL_BLOCK_LEN, NULL_BLOCK_LEN, 0, 256, /* 2048 bits, max key */
+ NULL_BLOCK_LEN, NULL_BLOCK_LEN, NULL_MIN_KEY, NULL_MAX_KEY,
null_encrypt,
null_decrypt,
null_setkey,
@@ -164,7 +164,7 @@ struct enc_xform enc_xform_null = {
struct enc_xform enc_xform_des = {
CRYPTO_DES_CBC, "DES",
- DES_BLOCK_LEN, DES_BLOCK_LEN, 8, 8,
+ DES_BLOCK_LEN, DES_BLOCK_LEN, DES_MIN_KEY, DES_MAX_KEY,
des1_encrypt,
des1_decrypt,
des1_setkey,
@@ -174,7 +174,8 @@ struct enc_xform enc_xform_des = {
struct enc_xform enc_xform_3des = {
CRYPTO_3DES_CBC, "3DES",
- DES3_BLOCK_LEN, DES3_BLOCK_LEN, 24, 24,
+ DES3_BLOCK_LEN, DES3_BLOCK_LEN, TRIPLE_DES_MIN_KEY,
+ TRIPLE_DES_MAX_KEY,
des3_encrypt,
des3_decrypt,
des3_setkey,
@@ -184,7 +185,8 @@ struct enc_xform enc_xform_3des = {
struct enc_xform enc_xform_blf = {
CRYPTO_BLF_CBC, "Blowfish",
- BLOWFISH_BLOCK_LEN, BLOWFISH_BLOCK_LEN, 5, 56 /* 448 bits, max key */,
+ BLOWFISH_BLOCK_LEN, BLOWFISH_BLOCK_LEN, BLOWFISH_MIN_KEY,
+ BLOWFISH_MAX_KEY,
blf_encrypt,
blf_decrypt,
blf_setkey,
@@ -194,7 +196,7 @@ struct enc_xform enc_xform_blf = {
struct enc_xform enc_xform_cast5 = {
CRYPTO_CAST_CBC, "CAST-128",
- CAST128_BLOCK_LEN, CAST128_BLOCK_LEN, 5, 16,
+ CAST128_BLOCK_LEN, CAST128_BLOCK_LEN, CAST_MIN_KEY, CAST_MAX_KEY,
cast5_encrypt,
cast5_decrypt,
cast5_setkey,
@@ -204,7 +206,8 @@ struct enc_xform enc_xform_cast5 = {
struct enc_xform enc_xform_skipjack = {
CRYPTO_SKIPJACK_CBC, "Skipjack",
- SKIPJACK_BLOCK_LEN, SKIPJACK_BLOCK_LEN, 10, 10,
+ SKIPJACK_BLOCK_LEN, SKIPJACK_BLOCK_LEN, SKIPJACK_MIN_KEY,
+ SKIPJACK_MAX_KEY,
skipjack_encrypt,
skipjack_decrypt, skipjack_setkey,
skipjack_zerokey,
@@ -213,7 +216,8 @@ struct enc_xform enc_xform_skipjack = {
struct enc_xform enc_xform_rijndael128 = {
CRYPTO_RIJNDAEL128_CBC, "Rijndael-128/AES",
- RIJNDAEL128_BLOCK_LEN, RIJNDAEL128_BLOCK_LEN, 16, 32,
+ RIJNDAEL128_BLOCK_LEN, RIJNDAEL128_BLOCK_LEN, RIJNDAEL_MIN_KEY,
+ RIJNDAEL_MAX_KEY,
rijndael128_encrypt,
rijndael128_decrypt,
rijndael128_setkey,
@@ -223,7 +227,7 @@ struct enc_xform enc_xform_rijndael128 =
struct enc_xform enc_xform_aes_icm = {
CRYPTO_AES_ICM, "AES-ICM",
- RIJNDAEL128_BLOCK_LEN, RIJNDAEL128_BLOCK_LEN, 16, 32,
+ RIJNDAEL128_BLOCK_LEN, RIJNDAEL128_BLOCK_LEN, AES_MIN_KEY, AES_MAX_KEY,
aes_icm_crypt,
aes_icm_crypt,
aes_icm_setkey,
@@ -233,7 +237,7 @@ struct enc_xform enc_xform_aes_icm = {
struct enc_xform enc_xform_aes_nist_gcm = {
CRYPTO_AES_NIST_GCM_16, "AES-GCM",
- 1, 12, 16, 32,
+ AES_MIN_BLOCK_LEN, AES_IV_LEN, AES_MIN_KEY, AES_MAX_KEY,
aes_icm_crypt,
aes_icm_crypt,
aes_icm_setkey,
@@ -243,7 +247,7 @@ struct enc_xform enc_xform_aes_nist_gcm
struct enc_xform enc_xform_aes_nist_gmac = {
CRYPTO_AES_NIST_GMAC, "AES-GMAC",
- 1, 12, 16, 32,
+ AES_MIN_BLOCK_LEN, AES_IV_LEN, AES_MIN_KEY, AES_MAX_KEY,
NULL,
NULL,
NULL,
@@ -253,7 +257,7 @@ struct enc_xform enc_xform_aes_nist_gmac
struct enc_xform enc_xform_aes_xts = {
CRYPTO_AES_XTS, "AES-XTS",
- RIJNDAEL128_BLOCK_LEN, 8, 32, 64,
+ AES_MIN_BLOCK_LEN, AES_XTS_IV_LEN, AES_XTS_MIN_KEY, AES_XTS_MAX_KEY,
aes_xts_encrypt,
aes_xts_decrypt,
aes_xts_setkey,
@@ -263,7 +267,7 @@ struct enc_xform enc_xform_aes_xts = {
struct enc_xform enc_xform_arc4 = {
CRYPTO_ARC4, "ARC4",
- 1, 1, 1, 32,
+ ARC4_BLOCK_LEN, ARC4_IV_LEN, ARC4_MIN_KEY, ARC4_MAX_KEY,
NULL,
NULL,
NULL,
@@ -273,7 +277,8 @@ struct enc_xform enc_xform_arc4 = {
struct enc_xform enc_xform_camellia = {
CRYPTO_CAMELLIA_CBC, "Camellia",
- CAMELLIA_BLOCK_LEN, CAMELLIA_BLOCK_LEN, 8, 32,
+ CAMELLIA_BLOCK_LEN, CAMELLIA_BLOCK_LEN, CAMELLIA_MIN_KEY,
+ CAMELLIA_MAX_KEY,
cml_encrypt,
cml_decrypt,
cml_setkey,
@@ -284,67 +289,72 @@ struct enc_xform enc_xform_camellia = {
/* Authentication instances */
struct auth_hash auth_hash_null = { /* NB: context isn't used */
CRYPTO_NULL_HMAC, "NULL-HMAC",
- 0, NULL_HASH_LEN, sizeof(int), NULL_HMAC_BLOCK_LEN,
+ NULL_HMAC_KEY_LEN, NULL_HASH_LEN, sizeof(int), NULL_HMAC_BLOCK_LEN,
null_init, null_reinit, null_reinit, null_update, null_final
};
struct auth_hash auth_hash_hmac_md5 = {
CRYPTO_MD5_HMAC, "HMAC-MD5",
- 16, MD5_HASH_LEN, sizeof(MD5_CTX), MD5_HMAC_BLOCK_LEN,
+ MD5_HMAC_KEY_LEN, MD5_HASH_LEN, sizeof(MD5_CTX), MD5_HMAC_BLOCK_LEN,
(void (*) (void *)) MD5Init, NULL, NULL, MD5Update_int,
(void (*) (u_int8_t *, void *)) MD5Final
};
struct auth_hash auth_hash_hmac_sha1 = {
CRYPTO_SHA1_HMAC, "HMAC-SHA1",
- 20, SHA1_HASH_LEN, sizeof(SHA1_CTX), SHA1_HMAC_BLOCK_LEN,
+ SHA1_HMAC_KEY_LEN, SHA1_HASH_LEN, sizeof(SHA1_CTX), SHA1_HMAC_BLOCK_LEN,
SHA1Init_int, NULL, NULL, SHA1Update_int, SHA1Final_int
};
struct auth_hash auth_hash_hmac_ripemd_160 = {
CRYPTO_RIPEMD160_HMAC, "HMAC-RIPEMD-160",
- 20, RIPEMD160_HASH_LEN, sizeof(RMD160_CTX), RIPEMD160_HMAC_BLOCK_LEN,
+ RIPEMD160_HMAC_KEY_LEN, RIPEMD160_HASH_LEN, sizeof(RMD160_CTX),
+ RIPEMD160_HMAC_BLOCK_LEN,
(void (*)(void *)) RMD160Init, NULL, NULL, RMD160Update_int,
(void (*)(u_int8_t *, void *)) RMD160Final
};
struct auth_hash auth_hash_key_md5 = {
CRYPTO_MD5_KPDK, "Keyed MD5",
- 0, MD5_KPDK_HASH_LEN, sizeof(MD5_CTX), 0,
+ NULL_HMAC_KEY_LEN, MD5_KPDK_HASH_LEN, sizeof(MD5_CTX), 0,
(void (*)(void *)) MD5Init, NULL, NULL, MD5Update_int,
(void (*)(u_int8_t *, void *)) MD5Final
};
struct auth_hash auth_hash_key_sha1 = {
CRYPTO_SHA1_KPDK, "Keyed SHA1",
- 0, SHA1_KPDK_HASH_LEN, sizeof(SHA1_CTX), 0,
+ NULL_HMAC_KEY_LEN, SHA1_KPDK_HASH_LEN, sizeof(SHA1_CTX), 0,
SHA1Init_int, NULL, NULL, SHA1Update_int, SHA1Final_int
};
struct auth_hash auth_hash_hmac_sha2_256 = {
CRYPTO_SHA2_256_HMAC, "HMAC-SHA2-256",
- 32, SHA2_256_HASH_LEN, sizeof(SHA256_CTX), SHA2_256_HMAC_BLOCK_LEN,
+ SHA2_256_HMAC_KEY_LEN, SHA2_256_HASH_LEN, sizeof(SHA256_CTX),
+ SHA2_256_HMAC_BLOCK_LEN,
(void (*)(void *)) SHA256_Init, NULL, NULL, SHA256Update_int,
(void (*)(u_int8_t *, void *)) SHA256_Final
};
struct auth_hash auth_hash_hmac_sha2_384 = {
CRYPTO_SHA2_384_HMAC, "HMAC-SHA2-384",
- 48, SHA2_384_HASH_LEN, sizeof(SHA384_CTX), SHA2_384_HMAC_BLOCK_LEN,
+ SHA2_384_HMAC_KEY_LEN, SHA2_384_HASH_LEN, sizeof(SHA384_CTX),
+ SHA2_384_HMAC_BLOCK_LEN,
(void (*)(void *)) SHA384_Init, NULL, NULL, SHA384Update_int,
(void (*)(u_int8_t *, void *)) SHA384_Final
};
struct auth_hash auth_hash_hmac_sha2_512 = {
CRYPTO_SHA2_512_HMAC, "HMAC-SHA2-512",
- 64, SHA2_512_HASH_LEN, sizeof(SHA512_CTX), SHA2_512_HMAC_BLOCK_LEN,
+ SHA2_512_HMAC_KEY_LEN, SHA2_512_HASH_LEN, sizeof(SHA512_CTX),
+ SHA2_512_HMAC_BLOCK_LEN,
(void (*)(void *)) SHA512_Init, NULL, NULL, SHA512Update_int,
(void (*)(u_int8_t *, void *)) SHA512_Final
};
struct auth_hash auth_hash_nist_gmac_aes_128 = {
CRYPTO_AES_128_NIST_GMAC, "GMAC-AES-128",
- 16, 16, sizeof(struct aes_gmac_ctx), GMAC_BLOCK_LEN,
+ AES_128_HMAC_KEY_LEN, AES_HASH_LEN, sizeof(struct aes_gmac_ctx),
+ GMAC_BLOCK_LEN,
(void (*)(void *)) AES_GMAC_Init,
(void (*)(void *, const u_int8_t *, u_int16_t)) AES_GMAC_Setkey,
(void (*)(void *, const u_int8_t *, u_int16_t)) AES_GMAC_Reinit,
@@ -354,7 +364,8 @@ struct auth_hash auth_hash_nist_gmac_aes
struct auth_hash auth_hash_nist_gmac_aes_192 = {
CRYPTO_AES_192_NIST_GMAC, "GMAC-AES-192",
- 24, 16, sizeof(struct aes_gmac_ctx), GMAC_BLOCK_LEN,
+ AES_192_HMAC_KEY_LEN, AES_HASH_LEN, sizeof(struct aes_gmac_ctx),
+ GMAC_BLOCK_LEN,
(void (*)(void *)) AES_GMAC_Init,
(void (*)(void *, const u_int8_t *, u_int16_t)) AES_GMAC_Setkey,
(void (*)(void *, const u_int8_t *, u_int16_t)) AES_GMAC_Reinit,
@@ -364,7 +375,8 @@ struct auth_hash auth_hash_nist_gmac_aes
struct auth_hash auth_hash_nist_gmac_aes_256 = {
CRYPTO_AES_256_NIST_GMAC, "GMAC-AES-256",
- 32, 16, sizeof(struct aes_gmac_ctx), GMAC_BLOCK_LEN,
+ AES_256_HMAC_KEY_LEN, AES_HASH_LEN, sizeof(struct aes_gmac_ctx),
+ GMAC_BLOCK_LEN,
(void (*)(void *)) AES_GMAC_Init,
(void (*)(void *, const u_int8_t *, u_int16_t)) AES_GMAC_Setkey,
(void (*)(void *, const u_int8_t *, u_int16_t)) AES_GMAC_Reinit,
_______________________________________________
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
