Date: Thu, 09 Jul 2015 17:05:37 -0400 From: "George Neville-Neil" <gnn@neville-neil.com> To: "George V. Neville-Neil" <gnn@FreeBSD.org> Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r285336 - in head/sys: netipsec opencrypto Message-ID: <DC2D9D6C-80FB-404E-82EA-ADCB72E6141C@neville-neil.com> In-Reply-To: <201507091816.t69IGawf097288@repo.freebsd.org> References: <201507091816.t69IGawf097288@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Should have also pointed out that the original version of this patch comes from pfsense and Ermal (eri@). Best, George On 9 Jul 2015, at 14:16, George V. Neville-Neil wrote: > Author: gnn > Date: Thu Jul 9 18:16:35 2015 > New Revision: 285336 > URL: https://svnweb.freebsd.org/changeset/base/285336 > > Log: > Add support for AES modes to IPSec. These modes work both in software > only > mode and with hardware support on systems that have AESNI > instructions. > > Differential Revision: D2936 > Reviewed by: jmg, eri, cognet > Sponsored by: Rubicon Communications (Netgate) > > Modified: > head/sys/netipsec/xform_ah.c > head/sys/netipsec/xform_esp.c > head/sys/opencrypto/cryptodev.h > head/sys/opencrypto/xform.c > > Modified: head/sys/netipsec/xform_ah.c > ============================================================================== > --- head/sys/netipsec/xform_ah.c Thu Jul 9 17:45:08 2015 (r285335) > +++ head/sys/netipsec/xform_ah.c Thu Jul 9 18:16:35 2015 (r285336) > @@ -82,11 +82,11 @@ > (((sav)->flags & SADB_X_EXT_OLD) ? \ > sizeof (struct ah) : sizeof (struct ah) + sizeof (u_int32_t)) > /* > - * Return authenticator size in bytes. The old protocol is known > - * to use a fixed 16-byte authenticator. The new algorithm use > 12-byte > - * authenticator. > + * Return authenticator size in bytes, based on a field in the > + * algorithm descriptor. > */ > -#define AUTHSIZE(sav) ah_authsize(sav) > +#define AUTHSIZE(sav) \ > + ((sav->flags & SADB_X_EXT_OLD) ? 16 : > (sav)->tdb_authalgxform->hashsize) > > VNET_DEFINE(int, ah_enable) = 1; /* control flow of packets with AH */ > VNET_DEFINE(int, ah_cleartos) = 1; /* clear ip_tos when doing AH calc > */ > @@ -112,27 +112,6 @@ static unsigned char ipseczeroes[256]; / > static int ah_input_cb(struct cryptop*); > static int ah_output_cb(struct cryptop*); > > -static int > -ah_authsize(struct secasvar *sav) > -{ > - > - IPSEC_ASSERT(sav != NULL, ("%s: sav == NULL", __func__)); > - > - if (sav->flags & SADB_X_EXT_OLD) > - return 16; > - > - switch (sav->alg_auth) { > - case SADB_X_AALG_SHA2_256: > - return 16; > - case SADB_X_AALG_SHA2_384: > - return 24; > - case SADB_X_AALG_SHA2_512: > - return 32; > - default: > - return AH_HMAC_HASHLEN; > - } > - /* NOTREACHED */ > -} > /* > * NB: this is public for use by the PF_KEY support. > */ > @@ -160,6 +139,12 @@ ah_algorithm_lookup(int alg) > return &auth_hash_hmac_sha2_384; > case SADB_X_AALG_SHA2_512: > return &auth_hash_hmac_sha2_512; > + case SADB_X_AALG_AES128GMAC: > + return &auth_hash_nist_gmac_aes_128; > + case SADB_X_AALG_AES192GMAC: > + return &auth_hash_nist_gmac_aes_192; > + case SADB_X_AALG_AES256GMAC: > + return &auth_hash_nist_gmac_aes_256; > } > return NULL; > } > > Modified: head/sys/netipsec/xform_esp.c > ============================================================================== > --- head/sys/netipsec/xform_esp.c Thu Jul 9 17:45:08 2015 (r285335) > +++ head/sys/netipsec/xform_esp.c Thu Jul 9 18:16:35 2015 (r285336) > @@ -121,6 +121,12 @@ esp_algorithm_lookup(int alg) > return &enc_xform_null; > case SADB_X_EALG_CAMELLIACBC: > return &enc_xform_camellia; > + case SADB_X_EALG_AESCTR: > + return &enc_xform_aes_icm; > + case SADB_X_EALG_AESGCM16: > + return &enc_xform_aes_nist_gcm; > + case SADB_X_EALG_AESGMAC: > + return &enc_xform_aes_nist_gmac; > } > return NULL; > } > @@ -198,7 +204,7 @@ esp_init(struct secasvar *sav, struct xf > * the ESP header will be processed incorrectly. The > * compromise is to force it to zero here. > */ > - sav->ivlen = (txform == &enc_xform_null ? 0 : txform->blocksize); > + sav->ivlen = (txform == &enc_xform_null ? 0 : txform->ivsize); > sav->iv = (caddr_t) malloc(sav->ivlen, M_XDATA, M_WAITOK); > key_randomfill(sav->iv, sav->ivlen); /*XXX*/ > > @@ -215,11 +221,45 @@ esp_init(struct secasvar *sav, struct xf > sav->tdb_xform = xsp; > sav->tdb_encalgxform = txform; > > + /* > + * Whenever AES-GCM is used for encryption, one > + * of the AES authentication algorithms is chosen > + * as well, based on the key size. > + */ > + if (sav->alg_enc == SADB_X_EALG_AESGCM16) { > + switch (keylen) { > + case AES_128_HMAC_KEY_LEN: > + sav->alg_auth = SADB_X_AALG_AES128GMAC; > + sav->tdb_authalgxform = &auth_hash_nist_gmac_aes_128; > + break; > + case AES_192_HMAC_KEY_LEN: > + sav->alg_auth = SADB_X_AALG_AES192GMAC; > + sav->tdb_authalgxform = &auth_hash_nist_gmac_aes_192; > + break; > + case AES_256_HMAC_KEY_LEN: > + sav->alg_auth = SADB_X_AALG_AES256GMAC; > + sav->tdb_authalgxform = &auth_hash_nist_gmac_aes_256; > + break; > + default: > + DPRINTF(("%s: invalid key length %u" > + "for algorithm %s\n", __func__, > + keylen, txform->name)); > + return EINVAL; > + } > + bzero(&cria, sizeof(cria)); > + cria.cri_alg = sav->tdb_authalgxform->type; > + cria.cri_klen = _KEYBITS(sav->key_enc) + 4; > + cria.cri_key = sav->key_enc->key_data; > + } > + > /* Initialize crypto session. */ > bzero(&crie, sizeof (crie)); > crie.cri_alg = sav->tdb_encalgxform->type; > crie.cri_klen = _KEYBITS(sav->key_enc); > crie.cri_key = sav->key_enc->key_data; > + if (sav->alg_enc == SADB_X_EALG_AESGCM16) > + arc4rand(crie.cri_iv, sav->ivlen, 0); > + > /* XXX Rounds ? */ > > if (sav->tdb_authalgxform && sav->tdb_encalgxform) { > @@ -289,7 +329,6 @@ esp_input(struct mbuf *m, struct secasva > m_freem(m); > return EINVAL; > } > - > /* XXX don't pullup, just copy header */ > IP6_EXTHDR_GET(esp, struct newesp *, m, skip, sizeof (struct > newesp)); > > @@ -302,18 +341,7 @@ esp_input(struct mbuf *m, struct secasva > else > hlen = sizeof (struct newesp) + sav->ivlen; > /* Authenticator hash size */ > - if (esph != NULL) { > - switch (esph->type) { > - case CRYPTO_SHA2_256_HMAC: > - case CRYPTO_SHA2_384_HMAC: > - case CRYPTO_SHA2_512_HMAC: > - alen = esph->hashsize/2; > - break; > - default: > - alen = AH_HMAC_HASHLEN; > - break; > - } > - } > + alen = esph ? esph->hashsize : 0; > > /* > * Verify payload length is multiple of encryption algorithm > @@ -325,13 +353,15 @@ esp_input(struct mbuf *m, struct secasva > */ > plen = m->m_pkthdr.len - (skip + hlen + alen); > if ((plen & (espx->blocksize - 1)) || (plen <= 0)) { > - DPRINTF(("%s: payload of %d octets not a multiple of %d octets," > - " SA %s/%08lx\n", __func__, > - plen, espx->blocksize, ipsec_address(&sav->sah->saidx.dst, > - buf, sizeof(buf)), (u_long) ntohl(sav->spi))); > - ESPSTAT_INC(esps_badilen); > - m_freem(m); > - return EINVAL; > + if (!espx || sav->alg_enc != SADB_X_EALG_AESGCM16) { > + DPRINTF(("%s: payload of %d octets not a multiple of %d octets," > + " SA %s/%08lx\n", __func__, > + plen, espx->blocksize, ipsec_address(&sav->sah->saidx.dst, > + buf, sizeof(buf)), (u_long) ntohl(sav->spi))); > + ESPSTAT_INC(esps_badilen); > + m_freem(m); > + return EINVAL; > + } > } > > /* > @@ -377,12 +407,20 @@ esp_input(struct mbuf *m, struct secasva > > /* Authentication descriptor */ > crda->crd_skip = skip; > - crda->crd_len = m->m_pkthdr.len - (skip + alen); > + if (espx && espx->type == CRYPTO_AES_NIST_GCM_16) > + crda->crd_len = hlen - sav->ivlen; > + else > + crda->crd_len = m->m_pkthdr.len - (skip + alen); > crda->crd_inject = m->m_pkthdr.len - alen; > > crda->crd_alg = esph->type; > - crda->crd_key = sav->key_auth->key_data; > - crda->crd_klen = _KEYBITS(sav->key_auth); > + if (espx && (espx->type == CRYPTO_AES_NIST_GCM_16)) { > + crda->crd_key = sav->key_enc->key_data; > + crda->crd_klen = _KEYBITS(sav->key_enc); > + } else { > + crda->crd_key = sav->key_auth->key_data; > + crda->crd_klen = _KEYBITS(sav->key_auth); > + } > > /* Copy the authenticator */ > m_copydata(m, m->m_pkthdr.len - alen, alen, > @@ -420,6 +458,9 @@ esp_input(struct mbuf *m, struct secasva > crde->crd_alg = espx->type; > crde->crd_key = sav->key_enc->key_data; > crde->crd_klen = _KEYBITS(sav->key_enc); > + if (espx && (espx->type == CRYPTO_AES_NIST_GCM_16)) > + crde->crd_flags |= CRD_F_IV_EXPLICIT; > + > /* XXX Rounds ? */ > > return (crypto_dispatch(crp)); > @@ -489,16 +530,7 @@ esp_input_cb(struct cryptop *crp) > > /* If authentication was performed, check now. */ > if (esph != NULL) { > - switch (esph->type) { > - case CRYPTO_SHA2_256_HMAC: > - case CRYPTO_SHA2_384_HMAC: > - case CRYPTO_SHA2_512_HMAC: > - alen = esph->hashsize/2; > - break; > - default: > - alen = AH_HMAC_HASHLEN; > - break; > - } > + alen = esph->hashsize; > AHSTAT_INC(ahs_hist[sav->alg_auth]); > /* Copy the authenticator from the packet */ > m_copydata(m, m->m_pkthdr.len - alen, alen, aalg); > @@ -663,22 +695,13 @@ esp_output(struct mbuf *m, struct ipsecr > * NB: The null encoding transform has a blocksize of 4 > * so that headers are properly aligned. > */ > - blks = espx->blocksize; /* IV blocksize */ > + blks = espx->ivsize; /* IV blocksize */ > > /* XXX clamp padding length a la KAME??? */ > padding = ((blks - ((rlen + 2) % blks)) % blks) + 2; > > if (esph) > - switch (esph->type) { > - case CRYPTO_SHA2_256_HMAC: > - case CRYPTO_SHA2_384_HMAC: > - case CRYPTO_SHA2_512_HMAC: > - alen = esph->hashsize/2; > - break; > - default: > - alen = AH_HMAC_HASHLEN; > - break; > - } > + alen = esph->hashsize; > else > alen = 0; > > @@ -706,6 +729,8 @@ esp_output(struct mbuf *m, struct ipsecr > error = EPFNOSUPPORT; > goto bad; > } > + DPRINTF(("%s: skip %d hlen %d rlen %d padding %d alen %d blksd > %d\n", > + __func__, skip, hlen, rlen, padding, alen, blks)); > if (skip + hlen + rlen + padding + alen > maxpacketsize) { > DPRINTF(("%s: packet in SA %s/%08lx got too big " > "(len %u, max len %u)\n", __func__, > @@ -820,6 +845,8 @@ esp_output(struct mbuf *m, struct ipsecr > crde->crd_alg = espx->type; > crde->crd_key = sav->key_enc->key_data; > crde->crd_klen = _KEYBITS(sav->key_enc); > + if (espx->type == CRYPTO_AES_NIST_GCM_16) > + crde->crd_flags |= CRD_F_IV_EXPLICIT; > /* XXX Rounds ? */ > } else > crda = crp->crp_desc; > @@ -854,13 +881,22 @@ esp_output(struct mbuf *m, struct ipsecr > if (esph) { > /* Authentication descriptor. */ > crda->crd_skip = skip; > - crda->crd_len = m->m_pkthdr.len - (skip + alen); > + if (espx && espx->type == CRYPTO_AES_NIST_GCM_16) > + crda->crd_len = hlen - sav->ivlen; > + else > + crda->crd_len = m->m_pkthdr.len - (skip + alen); > crda->crd_inject = m->m_pkthdr.len - alen; > > /* Authentication operation. */ > crda->crd_alg = esph->type; > - crda->crd_key = sav->key_auth->key_data; > - crda->crd_klen = _KEYBITS(sav->key_auth); > + if (espx && espx->type == CRYPTO_AES_NIST_GCM_16) { > + crda->crd_key = sav->key_enc->key_data; > + crda->crd_klen = _KEYBITS(sav->key_enc); > + } else { > + crda->crd_key = sav->key_auth->key_data; > + crda->crd_klen = _KEYBITS(sav->key_auth); > + } > + > } > > return crypto_dispatch(crp); > @@ -953,6 +989,11 @@ esp_output_cb(struct cryptop *crp) > case CRYPTO_SHA2_512_HMAC: > alen = esph->hashsize/2; > break; > + case CRYPTO_AES_128_GMAC: > + case CRYPTO_AES_192_GMAC: > + case CRYPTO_AES_256_GMAC: > + alen = esph->hashsize; > + break; > default: > alen = AH_HMAC_HASHLEN; > break; > > Modified: head/sys/opencrypto/cryptodev.h > ============================================================================== > --- head/sys/opencrypto/cryptodev.h Thu Jul 9 17:45:08 2015 (r285335) > +++ head/sys/opencrypto/cryptodev.h Thu Jul 9 18:16:35 2015 (r285336) > @@ -78,6 +78,7 @@ > #define SHA2_512_HASH_LEN 64 > #define MD5_KPDK_HASH_LEN 16 > #define SHA1_KPDK_HASH_LEN 20 > +#define AES_HASH_LEN 16 > /* Maximum hash algorithm result length */ > #define HASH_MAX_LEN SHA2_512_HASH_LEN /* Keep this updated */ > > @@ -86,28 +87,74 @@ > #define MD5_HMAC_BLOCK_LEN 64 > #define SHA1_HMAC_BLOCK_LEN 64 > #define RIPEMD160_HMAC_BLOCK_LEN 64 > -#define SHA2_256_HMAC_BLOCK_LEN 64 > -#define SHA2_384_HMAC_BLOCK_LEN 128 > -#define SHA2_512_HMAC_BLOCK_LEN 128 > +#define SHA2_256_HMAC_BLOCK_LEN 64 > +#define SHA2_384_HMAC_BLOCK_LEN 128 > +#define SHA2_512_HMAC_BLOCK_LEN 128 > /* Maximum HMAC block length */ > -#define HMAC_MAX_BLOCK_LEN SHA2_512_HMAC_BLOCK_LEN /* Keep this > updated */ > +#define HMAC_MAX_BLOCK_LEN SHA2_512_HMAC_BLOCK_LEN /* Keep this > updated */ > #define HMAC_IPAD_VAL 0x36 > #define HMAC_OPAD_VAL 0x5C > +/* HMAC Key Length */ > +#define NULL_HMAC_KEY_LEN 0 > +#define MD5_HMAC_KEY_LEN 16 > +#define SHA1_HMAC_KEY_LEN 20 > +#define RIPEMD160_HMAC_KEY_LEN 20 > +#define SHA2_256_HMAC_KEY_LEN 32 > +#define SHA2_384_HMAC_KEY_LEN 48 > +#define SHA2_512_HMAC_KEY_LEN 64 > +#define AES_128_HMAC_KEY_LEN 16 > +#define AES_192_HMAC_KEY_LEN 24 > +#define AES_256_HMAC_KEY_LEN 32 > > /* Encryption algorithm block sizes */ > -#define NULL_BLOCK_LEN 4 > -#define DES_BLOCK_LEN 8 > -#define DES3_BLOCK_LEN 8 > -#define BLOWFISH_BLOCK_LEN 8 > -#define SKIPJACK_BLOCK_LEN 8 > -#define CAST128_BLOCK_LEN 8 > -#define RIJNDAEL128_BLOCK_LEN 16 > -#define AES_BLOCK_LEN RIJNDAEL128_BLOCK_LEN > -#define CAMELLIA_BLOCK_LEN 16 > -#define EALG_MAX_BLOCK_LEN AES_BLOCK_LEN /* Keep this updated */ > +#define NULL_BLOCK_LEN 4 > +#define DES_BLOCK_LEN 8 > +#define DES3_BLOCK_LEN 8 > +#define BLOWFISH_BLOCK_LEN 8 > +#define SKIPJACK_BLOCK_LEN 8 > +#define CAST128_BLOCK_LEN 8 > +#define RIJNDAEL128_BLOCK_LEN 16 > +#define AES_BLOCK_LEN 16 > +#define AES_MIN_BLOCK_LEN 1 > +#define ARC4_BLOCK_LEN 1 > +#define CAMELLIA_BLOCK_LEN 16 > +#define EALG_MAX_BLOCK_LEN AES_BLOCK_LEN /* Keep this updated */ > + > +/* IV Lengths */ > + > +#define ARC4_IV_LEN 1 > +#define AES_IV_LEN 12 > +#define AES_XTS_IV_LEN 8 > +#define AES_XTS_ALPHA 0x87 /* GF(2^128) generator polynomial */ > + > +#define AES_CTR_NONCE_SIZE 4 > + > +/* Min and Max Encryption Key Sizes */ > +#define NULL_MIN_KEY 0 > +#define NULL_MAX_KEY 256 /* 2048 bits, max key */ > +#define DES_MIN_KEY 8 > +#define DES_MAX_KEY DES_MIN_KEY > +#define TRIPLE_DES_MIN_KEY 24 > +#define TRIPLE_DES_MAX_KEY TRIPLE_DES_MIN_KEY > +#define BLOWFISH_MIN_KEY 5 > +#define BLOWFISH_MAX_KEY 56 /* 448 bits, max key */ > +#define CAST_MIN_KEY 5 > +#define CAST_MAX_KEY 16 > +#define SKIPJACK_MIN_KEY 10 > +#define SKIPJACK_MAX_KEY SKIPJACK_MIN_KEY > +#define RIJNDAEL_MIN_KEY 16 > +#define RIJNDAEL_MAX_KEY 32 > +#define AES_MIN_KEY 16 > +#define AES_MAX_KEY 32 > +#define AES_XTS_MIN_KEY 32 > +#define AES_XTS_MAX_KEY 64 > +#define ARC4_MIN_KEY 1 > +#define ARC4_MAX_KEY 32 > +#define CAMELLIA_MIN_KEY 8 > +#define CAMELLIA_MAX_KEY 32 > > /* Maximum hash algorithm result length */ > -#define AALG_MAX_RESULT_LEN 64 /* Keep this updated */ > +#define AALG_MAX_RESULT_LEN 64 /* Keep this updated */ > > #define CRYPTO_ALGORITHM_MIN 1 > #define CRYPTO_DES_CBC 1 > @@ -141,7 +188,7 @@ > #define CRYPTO_AES_256_NIST_GMAC 28 /* auth side */ > #define CRYPTO_ALGORITHM_MAX 28 /* Keep updated - see below */ > > -#define CRYPTO_ALGO_VALID(x) ((x) >= CRYPTO_ALGORITHM_MIN && \ > +#define CRYPTO_ALGO_VALID(x) ((x) >= CRYPTO_ALGORITHM_MIN && \ > (x) <= CRYPTO_ALGORITHM_MAX) > > /* Algorithm flags */ > > Modified: head/sys/opencrypto/xform.c > ============================================================================== > --- head/sys/opencrypto/xform.c Thu Jul 9 17:45:08 2015 (r285335) > +++ head/sys/opencrypto/xform.c Thu Jul 9 18:16:35 2015 (r285336) > @@ -154,7 +154,7 @@ MALLOC_DEFINE(M_XDATA, "xform", "xform d > struct enc_xform enc_xform_null = { > CRYPTO_NULL_CBC, "NULL", > /* NB: blocksize of 4 is to generate a properly aligned ESP header */ > - NULL_BLOCK_LEN, NULL_BLOCK_LEN, 0, 256, /* 2048 bits, max key */ > + NULL_BLOCK_LEN, NULL_BLOCK_LEN, NULL_MIN_KEY, NULL_MAX_KEY, > null_encrypt, > null_decrypt, > null_setkey, > @@ -164,7 +164,7 @@ struct enc_xform enc_xform_null = { > > struct enc_xform enc_xform_des = { > CRYPTO_DES_CBC, "DES", > - DES_BLOCK_LEN, DES_BLOCK_LEN, 8, 8, > + DES_BLOCK_LEN, DES_BLOCK_LEN, DES_MIN_KEY, DES_MAX_KEY, > des1_encrypt, > des1_decrypt, > des1_setkey, > @@ -174,7 +174,8 @@ struct enc_xform enc_xform_des = { > > struct enc_xform enc_xform_3des = { > CRYPTO_3DES_CBC, "3DES", > - DES3_BLOCK_LEN, DES3_BLOCK_LEN, 24, 24, > + DES3_BLOCK_LEN, DES3_BLOCK_LEN, TRIPLE_DES_MIN_KEY, > + TRIPLE_DES_MAX_KEY, > des3_encrypt, > des3_decrypt, > des3_setkey, > @@ -184,7 +185,8 @@ struct enc_xform enc_xform_3des = { > > struct enc_xform enc_xform_blf = { > CRYPTO_BLF_CBC, "Blowfish", > - BLOWFISH_BLOCK_LEN, BLOWFISH_BLOCK_LEN, 5, 56 /* 448 bits, max key > */, > + BLOWFISH_BLOCK_LEN, BLOWFISH_BLOCK_LEN, BLOWFISH_MIN_KEY, > + BLOWFISH_MAX_KEY, > blf_encrypt, > blf_decrypt, > blf_setkey, > @@ -194,7 +196,7 @@ struct enc_xform enc_xform_blf = { > > struct enc_xform enc_xform_cast5 = { > CRYPTO_CAST_CBC, "CAST-128", > - CAST128_BLOCK_LEN, CAST128_BLOCK_LEN, 5, 16, > + CAST128_BLOCK_LEN, CAST128_BLOCK_LEN, CAST_MIN_KEY, CAST_MAX_KEY, > cast5_encrypt, > cast5_decrypt, > cast5_setkey, > @@ -204,7 +206,8 @@ struct enc_xform enc_xform_cast5 = { > > struct enc_xform enc_xform_skipjack = { > CRYPTO_SKIPJACK_CBC, "Skipjack", > - SKIPJACK_BLOCK_LEN, SKIPJACK_BLOCK_LEN, 10, 10, > + SKIPJACK_BLOCK_LEN, SKIPJACK_BLOCK_LEN, SKIPJACK_MIN_KEY, > + SKIPJACK_MAX_KEY, > skipjack_encrypt, > skipjack_decrypt, skipjack_setkey, > skipjack_zerokey, > @@ -213,7 +216,8 @@ struct enc_xform enc_xform_skipjack = { > > struct enc_xform enc_xform_rijndael128 = { > CRYPTO_RIJNDAEL128_CBC, "Rijndael-128/AES", > - RIJNDAEL128_BLOCK_LEN, RIJNDAEL128_BLOCK_LEN, 16, 32, > + RIJNDAEL128_BLOCK_LEN, RIJNDAEL128_BLOCK_LEN, RIJNDAEL_MIN_KEY, > + RIJNDAEL_MAX_KEY, > rijndael128_encrypt, > rijndael128_decrypt, > rijndael128_setkey, > @@ -223,7 +227,7 @@ struct enc_xform enc_xform_rijndael128 = > > struct enc_xform enc_xform_aes_icm = { > CRYPTO_AES_ICM, "AES-ICM", > - RIJNDAEL128_BLOCK_LEN, RIJNDAEL128_BLOCK_LEN, 16, 32, > + RIJNDAEL128_BLOCK_LEN, RIJNDAEL128_BLOCK_LEN, AES_MIN_KEY, > AES_MAX_KEY, > aes_icm_crypt, > aes_icm_crypt, > aes_icm_setkey, > @@ -233,7 +237,7 @@ struct enc_xform enc_xform_aes_icm = { > > struct enc_xform enc_xform_aes_nist_gcm = { > CRYPTO_AES_NIST_GCM_16, "AES-GCM", > - 1, 12, 16, 32, > + AES_MIN_BLOCK_LEN, AES_IV_LEN, AES_MIN_KEY, AES_MAX_KEY, > aes_icm_crypt, > aes_icm_crypt, > aes_icm_setkey, > @@ -243,7 +247,7 @@ struct enc_xform enc_xform_aes_nist_gcm > > struct enc_xform enc_xform_aes_nist_gmac = { > CRYPTO_AES_NIST_GMAC, "AES-GMAC", > - 1, 12, 16, 32, > + AES_MIN_BLOCK_LEN, AES_IV_LEN, AES_MIN_KEY, AES_MAX_KEY, > NULL, > NULL, > NULL, > @@ -253,7 +257,7 @@ struct enc_xform enc_xform_aes_nist_gmac > > struct enc_xform enc_xform_aes_xts = { > CRYPTO_AES_XTS, "AES-XTS", > - RIJNDAEL128_BLOCK_LEN, 8, 32, 64, > + AES_MIN_BLOCK_LEN, AES_XTS_IV_LEN, AES_XTS_MIN_KEY, AES_XTS_MAX_KEY, > aes_xts_encrypt, > aes_xts_decrypt, > aes_xts_setkey, > @@ -263,7 +267,7 @@ struct enc_xform enc_xform_aes_xts = { > > struct enc_xform enc_xform_arc4 = { > CRYPTO_ARC4, "ARC4", > - 1, 1, 1, 32, > + ARC4_BLOCK_LEN, ARC4_IV_LEN, ARC4_MIN_KEY, ARC4_MAX_KEY, > NULL, > NULL, > NULL, > @@ -273,7 +277,8 @@ struct enc_xform enc_xform_arc4 = { > > struct enc_xform enc_xform_camellia = { > CRYPTO_CAMELLIA_CBC, "Camellia", > - CAMELLIA_BLOCK_LEN, CAMELLIA_BLOCK_LEN, 8, 32, > + CAMELLIA_BLOCK_LEN, CAMELLIA_BLOCK_LEN, CAMELLIA_MIN_KEY, > + CAMELLIA_MAX_KEY, > cml_encrypt, > cml_decrypt, > cml_setkey, > @@ -284,67 +289,72 @@ struct enc_xform enc_xform_camellia = { > /* Authentication instances */ > struct auth_hash auth_hash_null = { /* NB: context isn't used */ > CRYPTO_NULL_HMAC, "NULL-HMAC", > - 0, NULL_HASH_LEN, sizeof(int), NULL_HMAC_BLOCK_LEN, > + NULL_HMAC_KEY_LEN, NULL_HASH_LEN, sizeof(int), NULL_HMAC_BLOCK_LEN, > null_init, null_reinit, null_reinit, null_update, null_final > }; > > struct auth_hash auth_hash_hmac_md5 = { > CRYPTO_MD5_HMAC, "HMAC-MD5", > - 16, MD5_HASH_LEN, sizeof(MD5_CTX), MD5_HMAC_BLOCK_LEN, > + MD5_HMAC_KEY_LEN, MD5_HASH_LEN, sizeof(MD5_CTX), MD5_HMAC_BLOCK_LEN, > (void (*) (void *)) MD5Init, NULL, NULL, MD5Update_int, > (void (*) (u_int8_t *, void *)) MD5Final > }; > > struct auth_hash auth_hash_hmac_sha1 = { > CRYPTO_SHA1_HMAC, "HMAC-SHA1", > - 20, SHA1_HASH_LEN, sizeof(SHA1_CTX), SHA1_HMAC_BLOCK_LEN, > + SHA1_HMAC_KEY_LEN, SHA1_HASH_LEN, sizeof(SHA1_CTX), > SHA1_HMAC_BLOCK_LEN, > SHA1Init_int, NULL, NULL, SHA1Update_int, SHA1Final_int > }; > > struct auth_hash auth_hash_hmac_ripemd_160 = { > CRYPTO_RIPEMD160_HMAC, "HMAC-RIPEMD-160", > - 20, RIPEMD160_HASH_LEN, sizeof(RMD160_CTX), > RIPEMD160_HMAC_BLOCK_LEN, > + RIPEMD160_HMAC_KEY_LEN, RIPEMD160_HASH_LEN, sizeof(RMD160_CTX), > + RIPEMD160_HMAC_BLOCK_LEN, > (void (*)(void *)) RMD160Init, NULL, NULL, RMD160Update_int, > (void (*)(u_int8_t *, void *)) RMD160Final > }; > > struct auth_hash auth_hash_key_md5 = { > CRYPTO_MD5_KPDK, "Keyed MD5", > - 0, MD5_KPDK_HASH_LEN, sizeof(MD5_CTX), 0, > + NULL_HMAC_KEY_LEN, MD5_KPDK_HASH_LEN, sizeof(MD5_CTX), 0, > (void (*)(void *)) MD5Init, NULL, NULL, MD5Update_int, > (void (*)(u_int8_t *, void *)) MD5Final > }; > > struct auth_hash auth_hash_key_sha1 = { > CRYPTO_SHA1_KPDK, "Keyed SHA1", > - 0, SHA1_KPDK_HASH_LEN, sizeof(SHA1_CTX), 0, > + NULL_HMAC_KEY_LEN, SHA1_KPDK_HASH_LEN, sizeof(SHA1_CTX), 0, > SHA1Init_int, NULL, NULL, SHA1Update_int, SHA1Final_int > }; > > struct auth_hash auth_hash_hmac_sha2_256 = { > CRYPTO_SHA2_256_HMAC, "HMAC-SHA2-256", > - 32, SHA2_256_HASH_LEN, sizeof(SHA256_CTX), SHA2_256_HMAC_BLOCK_LEN, > + SHA2_256_HMAC_KEY_LEN, SHA2_256_HASH_LEN, sizeof(SHA256_CTX), > + SHA2_256_HMAC_BLOCK_LEN, > (void (*)(void *)) SHA256_Init, NULL, NULL, SHA256Update_int, > (void (*)(u_int8_t *, void *)) SHA256_Final > }; > > struct auth_hash auth_hash_hmac_sha2_384 = { > CRYPTO_SHA2_384_HMAC, "HMAC-SHA2-384", > - 48, SHA2_384_HASH_LEN, sizeof(SHA384_CTX), SHA2_384_HMAC_BLOCK_LEN, > + SHA2_384_HMAC_KEY_LEN, SHA2_384_HASH_LEN, sizeof(SHA384_CTX), > + SHA2_384_HMAC_BLOCK_LEN, > (void (*)(void *)) SHA384_Init, NULL, NULL, SHA384Update_int, > (void (*)(u_int8_t *, void *)) SHA384_Final > }; > > struct auth_hash auth_hash_hmac_sha2_512 = { > CRYPTO_SHA2_512_HMAC, "HMAC-SHA2-512", > - 64, SHA2_512_HASH_LEN, sizeof(SHA512_CTX), SHA2_512_HMAC_BLOCK_LEN, > + SHA2_512_HMAC_KEY_LEN, SHA2_512_HASH_LEN, sizeof(SHA512_CTX), > + SHA2_512_HMAC_BLOCK_LEN, > (void (*)(void *)) SHA512_Init, NULL, NULL, SHA512Update_int, > (void (*)(u_int8_t *, void *)) SHA512_Final > }; > > struct auth_hash auth_hash_nist_gmac_aes_128 = { > CRYPTO_AES_128_NIST_GMAC, "GMAC-AES-128", > - 16, 16, sizeof(struct aes_gmac_ctx), GMAC_BLOCK_LEN, > + AES_128_HMAC_KEY_LEN, AES_HASH_LEN, sizeof(struct aes_gmac_ctx), > + GMAC_BLOCK_LEN, > (void (*)(void *)) AES_GMAC_Init, > (void (*)(void *, const u_int8_t *, u_int16_t)) AES_GMAC_Setkey, > (void (*)(void *, const u_int8_t *, u_int16_t)) AES_GMAC_Reinit, > @@ -354,7 +364,8 @@ struct auth_hash auth_hash_nist_gmac_aes > > struct auth_hash auth_hash_nist_gmac_aes_192 = { > CRYPTO_AES_192_NIST_GMAC, "GMAC-AES-192", > - 24, 16, sizeof(struct aes_gmac_ctx), GMAC_BLOCK_LEN, > + AES_192_HMAC_KEY_LEN, AES_HASH_LEN, sizeof(struct aes_gmac_ctx), > + GMAC_BLOCK_LEN, > (void (*)(void *)) AES_GMAC_Init, > (void (*)(void *, const u_int8_t *, u_int16_t)) AES_GMAC_Setkey, > (void (*)(void *, const u_int8_t *, u_int16_t)) AES_GMAC_Reinit, > @@ -364,7 +375,8 @@ struct auth_hash auth_hash_nist_gmac_aes > > struct auth_hash auth_hash_nist_gmac_aes_256 = { > CRYPTO_AES_256_NIST_GMAC, "GMAC-AES-256", > - 32, 16, sizeof(struct aes_gmac_ctx), GMAC_BLOCK_LEN, > + AES_256_HMAC_KEY_LEN, AES_HASH_LEN, sizeof(struct aes_gmac_ctx), > + GMAC_BLOCK_LEN, > (void (*)(void *)) AES_GMAC_Init, > (void (*)(void *, const u_int8_t *, u_int16_t)) AES_GMAC_Setkey, > (void (*)(void *, const u_int8_t *, u_int16_t)) AES_GMAC_Reinit,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?DC2D9D6C-80FB-404E-82EA-ADCB72E6141C>