From owner-freebsd-hackers@FreeBSD.ORG Sun Jul 20 20:10:22 2008 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1B516106567B for ; Sun, 20 Jul 2008 20:10:22 +0000 (UTC) (envelope-from pjd@garage.freebsd.pl) Received: from mail.garage.freebsd.pl (chello087206045140.chello.pl [87.206.45.140]) by mx1.freebsd.org (Postfix) with ESMTP id 7ED8D8FC0A for ; Sun, 20 Jul 2008 20:10:21 +0000 (UTC) (envelope-from pjd@garage.freebsd.pl) Received: by mail.garage.freebsd.pl (Postfix, from userid 65534) id 656E945CD8; Sun, 20 Jul 2008 21:40:03 +0200 (CEST) Received: from localhost (chello087206045140.chello.pl [87.206.45.140]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.garage.freebsd.pl (Postfix) with ESMTP id D234245C9F; Sun, 20 Jul 2008 21:39:56 +0200 (CEST) Date: Sun, 20 Jul 2008 21:39:55 +0200 From: Pawel Jakub Dawidek To: Patrick Lamaizi?re Message-ID: <20080720193955.GA2193@garage.freebsd.pl> References: <20080719005813.3a995c71@baby-jane-lamaiziere-net.local> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="fdj2RfSjLxBAspz7" Content-Disposition: inline In-Reply-To: <20080719005813.3a995c71@baby-jane-lamaiziere-net.local> User-Agent: Mutt/1.4.2.3i X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc X-OS: FreeBSD 8.0-CURRENT i386 X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on mail.garage.freebsd.pl X-Spam-Level: X-Spam-Status: No, score=-2.6 required=3.0 tests=BAYES_00 autolearn=ham version=3.0.4 Cc: freebsd-hackers@freebsd.org Subject: Re: crypto(9) and maxoplen X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Jul 2008 20:10:22 -0000 --fdj2RfSjLxBAspz7 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Jul 19, 2008 at 12:58:13AM +0200, Patrick Lamaizi?re wrote: > Hello, >=20 > In the "opencrypto framework" the function crypto_register() has an > argument 'maxoplen'. >=20 > http://fxr.watson.org/fxr/source/opencrypto/crypto.c#L625 >=20 > Does somebody know what was the goal of this parameter? It is not used > by the framework. >=20 > The man page of crypto(9) says : > For each algorithm the driver supports, it must then call > crypto_register(). The first two arguments are the driver and algorithm > identifiers. The next two arguments specify the largest possible > operator length (in bits, important for public key operations) and > flags for this algorithm. >=20 > I'm asking if it can help for this problem: the glxsb driver can > perform AES-CBC algorithm only with 128 bits key and may be 'maxoplen' > was intended for this case.=20 >=20 > Without something to specify the key's length, the driver is selected > by the framework even with keys !=3D 128 bits. So it fails when the > session is opened. This prevents setkey/ipsec to work with key > length !=3D 128 bits if the driver is loaded. If I read code properly, there is currently no way for a driver to say to the opencrypto framework that only AES-CBC with 128bit key is supported. A driver can only state that it supports AES-CBC, that's all. As a workaround the driver should implement AES-CBC-192 and AES-CBC-256 in software. --=20 Pawel Jakub Dawidek http://www.wheel.pl pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! --fdj2RfSjLxBAspz7 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQFIg5SLForvXbEpPzQRAuEvAKCjES6hgBVSR/qJeVMOz0h0YiT3cwCg6+Wa gMkp5jnBTg6qASgC2kmkIoY= =+YiR -----END PGP SIGNATURE----- --fdj2RfSjLxBAspz7--