Add support for AES modes to IPSec. These modes work both in software only
mode and with hardware support on systems that have AESNI instructions. Differential Revision: D2936 Reviewed by: jmg, eri, cognet Sponsored by: Rubicon Communications (Netgate)
This commit is contained in:
George V. Neville-Neil
parent
bf1717e566
commit
16de9ac1b5
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=285336
@ -82,11 +82,11 @@
|
||||
(((sav)->flags & SADB_X_EXT_OLD) ? \
|
||||
sizeof (struct ah) : sizeof (struct ah) + sizeof (u_int32_t))
|
||||
/*
|
||||
* Return authenticator size in bytes. The old protocol is known
|
||||
* to use a fixed 16-byte authenticator. The new algorithm use 12-byte
|
||||
* authenticator.
|
||||
* Return authenticator size in bytes, based on a field in the
|
||||
* algorithm descriptor.
|
||||
*/
|
||||
#define AUTHSIZE(sav) ah_authsize(sav)
|
||||
#define AUTHSIZE(sav) \
|
||||
((sav->flags & SADB_X_EXT_OLD) ? 16 : (sav)->tdb_authalgxform->hashsize)
|
||||
|
||||
VNET_DEFINE(int, ah_enable) = 1; /* control flow of packets with AH */
|
||||
VNET_DEFINE(int, ah_cleartos) = 1; /* clear ip_tos when doing AH calc */
|
||||
@ -112,27 +112,6 @@ static unsigned char ipseczeroes[256]; /* larger than an ip6 extension hdr */
|
||||
static int ah_input_cb(struct cryptop*);
|
||||
static int ah_output_cb(struct cryptop*);
|
||||
|
||||
static int
|
||||
ah_authsize(struct secasvar *sav)
|
||||
{
|
||||
|
||||
IPSEC_ASSERT(sav != NULL, ("%s: sav == NULL", __func__));
|
||||
|
||||
if (sav->flags & SADB_X_EXT_OLD)
|
||||
return 16;
|
||||
|
||||
switch (sav->alg_auth) {
|
||||
case SADB_X_AALG_SHA2_256:
|
||||
return 16;
|
||||
case SADB_X_AALG_SHA2_384:
|
||||
return 24;
|
||||
case SADB_X_AALG_SHA2_512:
|
||||
return 32;
|
||||
default:
|
||||
return AH_HMAC_HASHLEN;
|
||||
}
|
||||
/* NOTREACHED */
|
||||
}
|
||||
/*
|
||||
* NB: this is public for use by the PF_KEY support.
|
||||
*/
|
||||
@ -160,6 +139,12 @@ ah_algorithm_lookup(int alg)
|
||||
return &auth_hash_hmac_sha2_384;
|
||||
case SADB_X_AALG_SHA2_512:
|
||||
return &auth_hash_hmac_sha2_512;
|
||||
case SADB_X_AALG_AES128GMAC:
|
||||
return &auth_hash_nist_gmac_aes_128;
|
||||
case SADB_X_AALG_AES192GMAC:
|
||||
return &auth_hash_nist_gmac_aes_192;
|
||||
case SADB_X_AALG_AES256GMAC:
|
||||
return &auth_hash_nist_gmac_aes_256;
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
|
||||
@ -121,6 +121,12 @@ esp_algorithm_lookup(int alg)
|
||||
return &enc_xform_null;
|
||||
case SADB_X_EALG_CAMELLIACBC:
|
||||
return &enc_xform_camellia;
|
||||
case SADB_X_EALG_AESCTR:
|
||||
return &enc_xform_aes_icm;
|
||||
case SADB_X_EALG_AESGCM16:
|
||||
return &enc_xform_aes_nist_gcm;
|
||||
case SADB_X_EALG_AESGMAC:
|
||||
return &enc_xform_aes_nist_gmac;
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
@ -198,7 +204,7 @@ esp_init(struct secasvar *sav, struct xformsw *xsp)
|
||||
* the ESP header will be processed incorrectly. The
|
||||
* compromise is to force it to zero here.
|
||||
*/
|
||||
sav->ivlen = (txform == &enc_xform_null ? 0 : txform->blocksize);
|
||||
sav->ivlen = (txform == &enc_xform_null ? 0 : txform->ivsize);
|
||||
sav->iv = (caddr_t) malloc(sav->ivlen, M_XDATA, M_WAITOK);
|
||||
key_randomfill(sav->iv, sav->ivlen); /*XXX*/
|
||||
|
||||
@ -215,11 +221,45 @@ esp_init(struct secasvar *sav, struct xformsw *xsp)
|
||||
sav->tdb_xform = xsp;
|
||||
sav->tdb_encalgxform = txform;
|
||||
|
||||
/*
|
||||
* Whenever AES-GCM is used for encryption, one
|
||||
* of the AES authentication algorithms is chosen
|
||||
* as well, based on the key size.
|
||||
*/
|
||||
if (sav->alg_enc == SADB_X_EALG_AESGCM16) {
|
||||
switch (keylen) {
|
||||
case AES_128_HMAC_KEY_LEN:
|
||||
sav->alg_auth = SADB_X_AALG_AES128GMAC;
|
||||
sav->tdb_authalgxform = &auth_hash_nist_gmac_aes_128;
|
||||
break;
|
||||
case AES_192_HMAC_KEY_LEN:
|
||||
sav->alg_auth = SADB_X_AALG_AES192GMAC;
|
||||
sav->tdb_authalgxform = &auth_hash_nist_gmac_aes_192;
|
||||
break;
|
||||
case AES_256_HMAC_KEY_LEN:
|
||||
sav->alg_auth = SADB_X_AALG_AES256GMAC;
|
||||
sav->tdb_authalgxform = &auth_hash_nist_gmac_aes_256;
|
||||
break;
|
||||
default:
|
||||
DPRINTF(("%s: invalid key length %u"
|
||||
"for algorithm %s\n", __func__,
|
||||
keylen, txform->name));
|
||||
return EINVAL;
|
||||
}
|
||||
bzero(&cria, sizeof(cria));
|
||||
cria.cri_alg = sav->tdb_authalgxform->type;
|
||||
cria.cri_klen = _KEYBITS(sav->key_enc) + 4;
|
||||
cria.cri_key = sav->key_enc->key_data;
|
||||
}
|
||||
|
||||
/* Initialize crypto session. */
|
||||
bzero(&crie, sizeof (crie));
|
||||
crie.cri_alg = sav->tdb_encalgxform->type;
|
||||
crie.cri_klen = _KEYBITS(sav->key_enc);
|
||||
crie.cri_key = sav->key_enc->key_data;
|
||||
if (sav->alg_enc == SADB_X_EALG_AESGCM16)
|
||||
arc4rand(crie.cri_iv, sav->ivlen, 0);
|
||||
|
||||
/* XXX Rounds ? */
|
||||
|
||||
if (sav->tdb_authalgxform && sav->tdb_encalgxform) {
|
||||
@ -289,7 +329,6 @@ esp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff)
|
||||
m_freem(m);
|
||||
return EINVAL;
|
||||
}
|
||||
|
||||
/* XXX don't pullup, just copy header */
|
||||
IP6_EXTHDR_GET(esp, struct newesp *, m, skip, sizeof (struct newesp));
|
||||
|
||||
@ -302,18 +341,7 @@ esp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff)
|
||||
else
|
||||
hlen = sizeof (struct newesp) + sav->ivlen;
|
||||
/* Authenticator hash size */
|
||||
if (esph != NULL) {
|
||||
switch (esph->type) {
|
||||
case CRYPTO_SHA2_256_HMAC:
|
||||
case CRYPTO_SHA2_384_HMAC:
|
||||
case CRYPTO_SHA2_512_HMAC:
|
||||
alen = esph->hashsize/2;
|
||||
break;
|
||||
default:
|
||||
alen = AH_HMAC_HASHLEN;
|
||||
break;
|
||||
}
|
||||
}
|
||||
alen = esph ? esph->hashsize : 0;
|
||||
|
||||
/*
|
||||
* Verify payload length is multiple of encryption algorithm
|
||||
@ -325,13 +353,15 @@ esp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff)
|
||||
*/
|
||||
plen = m->m_pkthdr.len - (skip + hlen + alen);
|
||||
if ((plen & (espx->blocksize - 1)) || (plen <= 0)) {
|
||||
DPRINTF(("%s: payload of %d octets not a multiple of %d octets,"
|
||||
" SA %s/%08lx\n", __func__,
|
||||
plen, espx->blocksize, ipsec_address(&sav->sah->saidx.dst,
|
||||
buf, sizeof(buf)), (u_long) ntohl(sav->spi)));
|
||||
ESPSTAT_INC(esps_badilen);
|
||||
m_freem(m);
|
||||
return EINVAL;
|
||||
if (!espx || sav->alg_enc != SADB_X_EALG_AESGCM16) {
|
||||
DPRINTF(("%s: payload of %d octets not a multiple of %d octets,"
|
||||
" SA %s/%08lx\n", __func__,
|
||||
plen, espx->blocksize, ipsec_address(&sav->sah->saidx.dst,
|
||||
buf, sizeof(buf)), (u_long) ntohl(sav->spi)));
|
||||
ESPSTAT_INC(esps_badilen);
|
||||
m_freem(m);
|
||||
return EINVAL;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
@ -377,12 +407,20 @@ esp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff)
|
||||
|
||||
/* Authentication descriptor */
|
||||
crda->crd_skip = skip;
|
||||
crda->crd_len = m->m_pkthdr.len - (skip + alen);
|
||||
if (espx && espx->type == CRYPTO_AES_NIST_GCM_16)
|
||||
crda->crd_len = hlen - sav->ivlen;
|
||||
else
|
||||
crda->crd_len = m->m_pkthdr.len - (skip + alen);
|
||||
crda->crd_inject = m->m_pkthdr.len - alen;
|
||||
|
||||
crda->crd_alg = esph->type;
|
||||
crda->crd_key = sav->key_auth->key_data;
|
||||
crda->crd_klen = _KEYBITS(sav->key_auth);
|
||||
if (espx && (espx->type == CRYPTO_AES_NIST_GCM_16)) {
|
||||
crda->crd_key = sav->key_enc->key_data;
|
||||
crda->crd_klen = _KEYBITS(sav->key_enc);
|
||||
} else {
|
||||
crda->crd_key = sav->key_auth->key_data;
|
||||
crda->crd_klen = _KEYBITS(sav->key_auth);
|
||||
}
|
||||
|
||||
/* Copy the authenticator */
|
||||
m_copydata(m, m->m_pkthdr.len - alen, alen,
|
||||
@ -420,6 +458,9 @@ esp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff)
|
||||
crde->crd_alg = espx->type;
|
||||
crde->crd_key = sav->key_enc->key_data;
|
||||
crde->crd_klen = _KEYBITS(sav->key_enc);
|
||||
if (espx && (espx->type == CRYPTO_AES_NIST_GCM_16))
|
||||
crde->crd_flags |= CRD_F_IV_EXPLICIT;
|
||||
|
||||
/* XXX Rounds ? */
|
||||
|
||||
return (crypto_dispatch(crp));
|
||||
@ -489,16 +530,7 @@ esp_input_cb(struct cryptop *crp)
|
||||
|
||||
/* If authentication was performed, check now. */
|
||||
if (esph != NULL) {
|
||||
switch (esph->type) {
|
||||
case CRYPTO_SHA2_256_HMAC:
|
||||
case CRYPTO_SHA2_384_HMAC:
|
||||
case CRYPTO_SHA2_512_HMAC:
|
||||
alen = esph->hashsize/2;
|
||||
break;
|
||||
default:
|
||||
alen = AH_HMAC_HASHLEN;
|
||||
break;
|
||||
}
|
||||
alen = esph->hashsize;
|
||||
AHSTAT_INC(ahs_hist[sav->alg_auth]);
|
||||
/* Copy the authenticator from the packet */
|
||||
m_copydata(m, m->m_pkthdr.len - alen, alen, aalg);
|
||||
@ -663,22 +695,13 @@ esp_output(struct mbuf *m, struct ipsecrequest *isr, struct mbuf **mp,
|
||||
* NB: The null encoding transform has a blocksize of 4
|
||||
* so that headers are properly aligned.
|
||||
*/
|
||||
blks = espx->blocksize; /* IV blocksize */
|
||||
blks = espx->ivsize; /* IV blocksize */
|
||||
|
||||
/* XXX clamp padding length a la KAME??? */
|
||||
padding = ((blks - ((rlen + 2) % blks)) % blks) + 2;
|
||||
|
||||
if (esph)
|
||||
switch (esph->type) {
|
||||
case CRYPTO_SHA2_256_HMAC:
|
||||
case CRYPTO_SHA2_384_HMAC:
|
||||
case CRYPTO_SHA2_512_HMAC:
|
||||
alen = esph->hashsize/2;
|
||||
break;
|
||||
default:
|
||||
alen = AH_HMAC_HASHLEN;
|
||||
break;
|
||||
}
|
||||
alen = esph->hashsize;
|
||||
else
|
||||
alen = 0;
|
||||
|
||||
@ -706,6 +729,8 @@ esp_output(struct mbuf *m, struct ipsecrequest *isr, struct mbuf **mp,
|
||||
error = EPFNOSUPPORT;
|
||||
goto bad;
|
||||
}
|
||||
DPRINTF(("%s: skip %d hlen %d rlen %d padding %d alen %d blksd %d\n",
|
||||
__func__, skip, hlen, rlen, padding, alen, blks));
|
||||
if (skip + hlen + rlen + padding + alen > maxpacketsize) {
|
||||
DPRINTF(("%s: packet in SA %s/%08lx got too big "
|
||||
"(len %u, max len %u)\n", __func__,
|
||||
@ -820,6 +845,8 @@ esp_output(struct mbuf *m, struct ipsecrequest *isr, struct mbuf **mp,
|
||||
crde->crd_alg = espx->type;
|
||||
crde->crd_key = sav->key_enc->key_data;
|
||||
crde->crd_klen = _KEYBITS(sav->key_enc);
|
||||
if (espx->type == CRYPTO_AES_NIST_GCM_16)
|
||||
crde->crd_flags |= CRD_F_IV_EXPLICIT;
|
||||
/* XXX Rounds ? */
|
||||
} else
|
||||
crda = crp->crp_desc;
|
||||
@ -854,13 +881,22 @@ esp_output(struct mbuf *m, struct ipsecrequest *isr, struct mbuf **mp,
|
||||
if (esph) {
|
||||
/* Authentication descriptor. */
|
||||
crda->crd_skip = skip;
|
||||
crda->crd_len = m->m_pkthdr.len - (skip + alen);
|
||||
if (espx && espx->type == CRYPTO_AES_NIST_GCM_16)
|
||||
crda->crd_len = hlen - sav->ivlen;
|
||||
else
|
||||
crda->crd_len = m->m_pkthdr.len - (skip + alen);
|
||||
crda->crd_inject = m->m_pkthdr.len - alen;
|
||||
|
||||
/* Authentication operation. */
|
||||
crda->crd_alg = esph->type;
|
||||
crda->crd_key = sav->key_auth->key_data;
|
||||
crda->crd_klen = _KEYBITS(sav->key_auth);
|
||||
if (espx && espx->type == CRYPTO_AES_NIST_GCM_16) {
|
||||
crda->crd_key = sav->key_enc->key_data;
|
||||
crda->crd_klen = _KEYBITS(sav->key_enc);
|
||||
} else {
|
||||
crda->crd_key = sav->key_auth->key_data;
|
||||
crda->crd_klen = _KEYBITS(sav->key_auth);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
return crypto_dispatch(crp);
|
||||
@ -953,6 +989,11 @@ esp_output_cb(struct cryptop *crp)
|
||||
case CRYPTO_SHA2_512_HMAC:
|
||||
alen = esph->hashsize/2;
|
||||
break;
|
||||
case CRYPTO_AES_128_GMAC:
|
||||
case CRYPTO_AES_192_GMAC:
|
||||
case CRYPTO_AES_256_GMAC:
|
||||
alen = esph->hashsize;
|
||||
break;
|
||||
default:
|
||||
alen = AH_HMAC_HASHLEN;
|
||||
break;
|
||||
|
||||
@ -78,6 +78,7 @@
|
||||
#define SHA2_512_HASH_LEN 64
|
||||
#define MD5_KPDK_HASH_LEN 16
|
||||
#define SHA1_KPDK_HASH_LEN 20
|
||||
#define AES_HASH_LEN 16
|
||||
/* Maximum hash algorithm result length */
|
||||
#define HASH_MAX_LEN SHA2_512_HASH_LEN /* Keep this updated */
|
||||
|
||||
@ -86,28 +87,74 @@
|
||||
#define MD5_HMAC_BLOCK_LEN 64
|
||||
#define SHA1_HMAC_BLOCK_LEN 64
|
||||
#define RIPEMD160_HMAC_BLOCK_LEN 64
|
||||
#define SHA2_256_HMAC_BLOCK_LEN 64
|
||||
#define SHA2_384_HMAC_BLOCK_LEN 128
|
||||
#define SHA2_512_HMAC_BLOCK_LEN 128
|
||||
#define SHA2_256_HMAC_BLOCK_LEN 64
|
||||
#define SHA2_384_HMAC_BLOCK_LEN 128
|
||||
#define SHA2_512_HMAC_BLOCK_LEN 128
|
||||
/* Maximum HMAC block length */
|
||||
#define HMAC_MAX_BLOCK_LEN SHA2_512_HMAC_BLOCK_LEN /* Keep this updated */
|
||||
#define HMAC_MAX_BLOCK_LEN SHA2_512_HMAC_BLOCK_LEN /* Keep this updated */
|
||||
#define HMAC_IPAD_VAL 0x36
|
||||
#define HMAC_OPAD_VAL 0x5C
|
||||
/* HMAC Key Length */
|
||||
#define NULL_HMAC_KEY_LEN 0
|
||||
#define MD5_HMAC_KEY_LEN 16
|
||||
#define SHA1_HMAC_KEY_LEN 20
|
||||
#define RIPEMD160_HMAC_KEY_LEN 20
|
||||
#define SHA2_256_HMAC_KEY_LEN 32
|
||||
#define SHA2_384_HMAC_KEY_LEN 48
|
||||
#define SHA2_512_HMAC_KEY_LEN 64
|
||||
#define AES_128_HMAC_KEY_LEN 16
|
||||
#define AES_192_HMAC_KEY_LEN 24
|
||||
#define AES_256_HMAC_KEY_LEN 32
|
||||
|
||||
/* Encryption algorithm block sizes */
|
||||
#define NULL_BLOCK_LEN 4
|
||||
#define DES_BLOCK_LEN 8
|
||||
#define DES3_BLOCK_LEN 8
|
||||
#define BLOWFISH_BLOCK_LEN 8
|
||||
#define SKIPJACK_BLOCK_LEN 8
|
||||
#define CAST128_BLOCK_LEN 8
|
||||
#define RIJNDAEL128_BLOCK_LEN 16
|
||||
#define AES_BLOCK_LEN RIJNDAEL128_BLOCK_LEN
|
||||
#define CAMELLIA_BLOCK_LEN 16
|
||||
#define EALG_MAX_BLOCK_LEN AES_BLOCK_LEN /* Keep this updated */
|
||||
#define NULL_BLOCK_LEN 4
|
||||
#define DES_BLOCK_LEN 8
|
||||
#define DES3_BLOCK_LEN 8
|
||||
#define BLOWFISH_BLOCK_LEN 8
|
||||
#define SKIPJACK_BLOCK_LEN 8
|
||||
#define CAST128_BLOCK_LEN 8
|
||||
#define RIJNDAEL128_BLOCK_LEN 16
|
||||
#define AES_BLOCK_LEN 16
|
||||
#define AES_MIN_BLOCK_LEN 1
|
||||
#define ARC4_BLOCK_LEN 1
|
||||
#define CAMELLIA_BLOCK_LEN 16
|
||||
#define EALG_MAX_BLOCK_LEN AES_BLOCK_LEN /* Keep this updated */
|
||||
|
||||
/* IV Lengths */
|
||||
|
||||
#define ARC4_IV_LEN 1
|
||||
#define AES_IV_LEN 12
|
||||
#define AES_XTS_IV_LEN 8
|
||||
#define AES_XTS_ALPHA 0x87 /* GF(2^128) generator polynomial */
|
||||
|
||||
#define AES_CTR_NONCE_SIZE 4
|
||||
|
||||
/* Min and Max Encryption Key Sizes */
|
||||
#define NULL_MIN_KEY 0
|
||||
#define NULL_MAX_KEY 256 /* 2048 bits, max key */
|
||||
#define DES_MIN_KEY 8
|
||||
#define DES_MAX_KEY DES_MIN_KEY
|
||||
#define TRIPLE_DES_MIN_KEY 24
|
||||
#define TRIPLE_DES_MAX_KEY TRIPLE_DES_MIN_KEY
|
||||
#define BLOWFISH_MIN_KEY 5
|
||||
#define BLOWFISH_MAX_KEY 56 /* 448 bits, max key */
|
||||
#define CAST_MIN_KEY 5
|
||||
#define CAST_MAX_KEY 16
|
||||
#define SKIPJACK_MIN_KEY 10
|
||||
#define SKIPJACK_MAX_KEY SKIPJACK_MIN_KEY
|
||||
#define RIJNDAEL_MIN_KEY 16
|
||||
#define RIJNDAEL_MAX_KEY 32
|
||||
#define AES_MIN_KEY 16
|
||||
#define AES_MAX_KEY 32
|
||||
#define AES_XTS_MIN_KEY 32
|
||||
#define AES_XTS_MAX_KEY 64
|
||||
#define ARC4_MIN_KEY 1
|
||||
#define ARC4_MAX_KEY 32
|
||||
#define CAMELLIA_MIN_KEY 8
|
||||
#define CAMELLIA_MAX_KEY 32
|
||||
|
||||
/* Maximum hash algorithm result length */
|
||||
#define AALG_MAX_RESULT_LEN 64 /* Keep this updated */
|
||||
#define AALG_MAX_RESULT_LEN 64 /* Keep this updated */
|
||||
|
||||
#define CRYPTO_ALGORITHM_MIN 1
|
||||
#define CRYPTO_DES_CBC 1
|
||||
@ -141,7 +188,7 @@
|
||||
#define CRYPTO_AES_256_NIST_GMAC 28 /* auth side */
|
||||
#define CRYPTO_ALGORITHM_MAX 28 /* Keep updated - see below */
|
||||
|
||||
#define CRYPTO_ALGO_VALID(x) ((x) >= CRYPTO_ALGORITHM_MIN && \
|
||||
#define CRYPTO_ALGO_VALID(x) ((x) >= CRYPTO_ALGORITHM_MIN && \
|
||||
(x) <= CRYPTO_ALGORITHM_MAX)
|
||||
|
||||
/* Algorithm flags */
|
||||
|
||||
@ -154,7 +154,7 @@ MALLOC_DEFINE(M_XDATA, "xform", "xform data buffers");
|
||||
struct enc_xform enc_xform_null = {
|
||||
CRYPTO_NULL_CBC, "NULL",
|
||||
/* NB: blocksize of 4 is to generate a properly aligned ESP header */
|
||||
NULL_BLOCK_LEN, NULL_BLOCK_LEN, 0, 256, /* 2048 bits, max key */
|
||||
NULL_BLOCK_LEN, NULL_BLOCK_LEN, NULL_MIN_KEY, NULL_MAX_KEY,
|
||||
null_encrypt,
|
||||
null_decrypt,
|
||||
null_setkey,
|
||||
@ -164,7 +164,7 @@ struct enc_xform enc_xform_null = {
|
||||
|
||||
struct enc_xform enc_xform_des = {
|
||||
CRYPTO_DES_CBC, "DES",
|
||||
DES_BLOCK_LEN, DES_BLOCK_LEN, 8, 8,
|
||||
DES_BLOCK_LEN, DES_BLOCK_LEN, DES_MIN_KEY, DES_MAX_KEY,
|
||||
des1_encrypt,
|
||||
des1_decrypt,
|
||||
des1_setkey,
|
||||
@ -174,7 +174,8 @@ struct enc_xform enc_xform_des = {
|
||||
|
||||
struct enc_xform enc_xform_3des = {
|
||||
CRYPTO_3DES_CBC, "3DES",
|
||||
DES3_BLOCK_LEN, DES3_BLOCK_LEN, 24, 24,
|
||||
DES3_BLOCK_LEN, DES3_BLOCK_LEN, TRIPLE_DES_MIN_KEY,
|
||||
TRIPLE_DES_MAX_KEY,
|
||||
des3_encrypt,
|
||||
des3_decrypt,
|
||||
des3_setkey,
|
||||
@ -184,7 +185,8 @@ struct enc_xform enc_xform_3des = {
|
||||
|
||||
struct enc_xform enc_xform_blf = {
|
||||
CRYPTO_BLF_CBC, "Blowfish",
|
||||
BLOWFISH_BLOCK_LEN, BLOWFISH_BLOCK_LEN, 5, 56 /* 448 bits, max key */,
|
||||
BLOWFISH_BLOCK_LEN, BLOWFISH_BLOCK_LEN, BLOWFISH_MIN_KEY,
|
||||
BLOWFISH_MAX_KEY,
|
||||
blf_encrypt,
|
||||
blf_decrypt,
|
||||
blf_setkey,
|
||||
@ -194,7 +196,7 @@ struct enc_xform enc_xform_blf = {
|
||||
|
||||
struct enc_xform enc_xform_cast5 = {
|
||||
CRYPTO_CAST_CBC, "CAST-128",
|
||||
CAST128_BLOCK_LEN, CAST128_BLOCK_LEN, 5, 16,
|
||||
CAST128_BLOCK_LEN, CAST128_BLOCK_LEN, CAST_MIN_KEY, CAST_MAX_KEY,
|
||||
cast5_encrypt,
|
||||
cast5_decrypt,
|
||||
cast5_setkey,
|
||||
@ -204,7 +206,8 @@ struct enc_xform enc_xform_cast5 = {
|
||||
|
||||
struct enc_xform enc_xform_skipjack = {
|
||||
CRYPTO_SKIPJACK_CBC, "Skipjack",
|
||||
SKIPJACK_BLOCK_LEN, SKIPJACK_BLOCK_LEN, 10, 10,
|
||||
SKIPJACK_BLOCK_LEN, SKIPJACK_BLOCK_LEN, SKIPJACK_MIN_KEY,
|
||||
SKIPJACK_MAX_KEY,
|
||||
skipjack_encrypt,
|
||||
skipjack_decrypt, skipjack_setkey,
|
||||
skipjack_zerokey,
|
||||
@ -213,7 +216,8 @@ struct enc_xform enc_xform_skipjack = {
|
||||
|
||||
struct enc_xform enc_xform_rijndael128 = {
|
||||
CRYPTO_RIJNDAEL128_CBC, "Rijndael-128/AES",
|
||||
RIJNDAEL128_BLOCK_LEN, RIJNDAEL128_BLOCK_LEN, 16, 32,
|
||||
RIJNDAEL128_BLOCK_LEN, RIJNDAEL128_BLOCK_LEN, RIJNDAEL_MIN_KEY,
|
||||
RIJNDAEL_MAX_KEY,
|
||||
rijndael128_encrypt,
|
||||
rijndael128_decrypt,
|
||||
rijndael128_setkey,
|
||||
@ -223,7 +227,7 @@ struct enc_xform enc_xform_rijndael128 = {
|
||||
|
||||
struct enc_xform enc_xform_aes_icm = {
|
||||
CRYPTO_AES_ICM, "AES-ICM",
|
||||
RIJNDAEL128_BLOCK_LEN, RIJNDAEL128_BLOCK_LEN, 16, 32,
|
||||
RIJNDAEL128_BLOCK_LEN, RIJNDAEL128_BLOCK_LEN, AES_MIN_KEY, AES_MAX_KEY,
|
||||
aes_icm_crypt,
|
||||
aes_icm_crypt,
|
||||
aes_icm_setkey,
|
||||
@ -233,7 +237,7 @@ struct enc_xform enc_xform_aes_icm = {
|
||||
|
||||
struct enc_xform enc_xform_aes_nist_gcm = {
|
||||
CRYPTO_AES_NIST_GCM_16, "AES-GCM",
|
||||
1, 12, 16, 32,
|
||||
AES_MIN_BLOCK_LEN, AES_IV_LEN, AES_MIN_KEY, AES_MAX_KEY,
|
||||
aes_icm_crypt,
|
||||
aes_icm_crypt,
|
||||
aes_icm_setkey,
|
||||
@ -243,7 +247,7 @@ struct enc_xform enc_xform_aes_nist_gcm = {
|
||||
|
||||
struct enc_xform enc_xform_aes_nist_gmac = {
|
||||
CRYPTO_AES_NIST_GMAC, "AES-GMAC",
|
||||
1, 12, 16, 32,
|
||||
AES_MIN_BLOCK_LEN, AES_IV_LEN, AES_MIN_KEY, AES_MAX_KEY,
|
||||
NULL,
|
||||
NULL,
|
||||
NULL,
|
||||
@ -253,7 +257,7 @@ struct enc_xform enc_xform_aes_nist_gmac = {
|
||||
|
||||
struct enc_xform enc_xform_aes_xts = {
|
||||
CRYPTO_AES_XTS, "AES-XTS",
|
||||
RIJNDAEL128_BLOCK_LEN, 8, 32, 64,
|
||||
AES_MIN_BLOCK_LEN, AES_XTS_IV_LEN, AES_XTS_MIN_KEY, AES_XTS_MAX_KEY,
|
||||
aes_xts_encrypt,
|
||||
aes_xts_decrypt,
|
||||
aes_xts_setkey,
|
||||
@ -263,7 +267,7 @@ struct enc_xform enc_xform_aes_xts = {
|
||||
|
||||
struct enc_xform enc_xform_arc4 = {
|
||||
CRYPTO_ARC4, "ARC4",
|
||||
1, 1, 1, 32,
|
||||
ARC4_BLOCK_LEN, ARC4_IV_LEN, ARC4_MIN_KEY, ARC4_MAX_KEY,
|
||||
NULL,
|
||||
NULL,
|
||||
NULL,
|
||||
@ -273,7 +277,8 @@ struct enc_xform enc_xform_arc4 = {
|
||||
|
||||
struct enc_xform enc_xform_camellia = {
|
||||
CRYPTO_CAMELLIA_CBC, "Camellia",
|
||||
CAMELLIA_BLOCK_LEN, CAMELLIA_BLOCK_LEN, 8, 32,
|
||||
CAMELLIA_BLOCK_LEN, CAMELLIA_BLOCK_LEN, CAMELLIA_MIN_KEY,
|
||||
CAMELLIA_MAX_KEY,
|
||||
cml_encrypt,
|
||||
cml_decrypt,
|
||||
cml_setkey,
|
||||
@ -284,67 +289,72 @@ struct enc_xform enc_xform_camellia = {
|
||||
/* Authentication instances */
|
||||
struct auth_hash auth_hash_null = { /* NB: context isn't used */
|
||||
CRYPTO_NULL_HMAC, "NULL-HMAC",
|
||||
0, NULL_HASH_LEN, sizeof(int), NULL_HMAC_BLOCK_LEN,
|
||||
NULL_HMAC_KEY_LEN, NULL_HASH_LEN, sizeof(int), NULL_HMAC_BLOCK_LEN,
|
||||
null_init, null_reinit, null_reinit, null_update, null_final
|
||||
};
|
||||
|
||||
struct auth_hash auth_hash_hmac_md5 = {
|
||||
CRYPTO_MD5_HMAC, "HMAC-MD5",
|
||||
16, MD5_HASH_LEN, sizeof(MD5_CTX), MD5_HMAC_BLOCK_LEN,
|
||||
MD5_HMAC_KEY_LEN, MD5_HASH_LEN, sizeof(MD5_CTX), MD5_HMAC_BLOCK_LEN,
|
||||
(void (*) (void *)) MD5Init, NULL, NULL, MD5Update_int,
|
||||
(void (*) (u_int8_t *, void *)) MD5Final
|
||||
};
|
||||
|
||||
struct auth_hash auth_hash_hmac_sha1 = {
|
||||
CRYPTO_SHA1_HMAC, "HMAC-SHA1",
|
||||
20, SHA1_HASH_LEN, sizeof(SHA1_CTX), SHA1_HMAC_BLOCK_LEN,
|
||||
SHA1_HMAC_KEY_LEN, SHA1_HASH_LEN, sizeof(SHA1_CTX), SHA1_HMAC_BLOCK_LEN,
|
||||
SHA1Init_int, NULL, NULL, SHA1Update_int, SHA1Final_int
|
||||
};
|
||||
|
||||
struct auth_hash auth_hash_hmac_ripemd_160 = {
|
||||
CRYPTO_RIPEMD160_HMAC, "HMAC-RIPEMD-160",
|
||||
20, RIPEMD160_HASH_LEN, sizeof(RMD160_CTX), RIPEMD160_HMAC_BLOCK_LEN,
|
||||
RIPEMD160_HMAC_KEY_LEN, RIPEMD160_HASH_LEN, sizeof(RMD160_CTX),
|
||||
RIPEMD160_HMAC_BLOCK_LEN,
|
||||
(void (*)(void *)) RMD160Init, NULL, NULL, RMD160Update_int,
|
||||
(void (*)(u_int8_t *, void *)) RMD160Final
|
||||
};
|
||||
|
||||
struct auth_hash auth_hash_key_md5 = {
|
||||
CRYPTO_MD5_KPDK, "Keyed MD5",
|
||||
0, MD5_KPDK_HASH_LEN, sizeof(MD5_CTX), 0,
|
||||
NULL_HMAC_KEY_LEN, MD5_KPDK_HASH_LEN, sizeof(MD5_CTX), 0,
|
||||
(void (*)(void *)) MD5Init, NULL, NULL, MD5Update_int,
|
||||
(void (*)(u_int8_t *, void *)) MD5Final
|
||||
};
|
||||
|
||||
struct auth_hash auth_hash_key_sha1 = {
|
||||
CRYPTO_SHA1_KPDK, "Keyed SHA1",
|
||||
0, SHA1_KPDK_HASH_LEN, sizeof(SHA1_CTX), 0,
|
||||
NULL_HMAC_KEY_LEN, SHA1_KPDK_HASH_LEN, sizeof(SHA1_CTX), 0,
|
||||
SHA1Init_int, NULL, NULL, SHA1Update_int, SHA1Final_int
|
||||
};
|
||||
|
||||
struct auth_hash auth_hash_hmac_sha2_256 = {
|
||||
CRYPTO_SHA2_256_HMAC, "HMAC-SHA2-256",
|
||||
32, SHA2_256_HASH_LEN, sizeof(SHA256_CTX), SHA2_256_HMAC_BLOCK_LEN,
|
||||
SHA2_256_HMAC_KEY_LEN, SHA2_256_HASH_LEN, sizeof(SHA256_CTX),
|
||||
SHA2_256_HMAC_BLOCK_LEN,
|
||||
(void (*)(void *)) SHA256_Init, NULL, NULL, SHA256Update_int,
|
||||
(void (*)(u_int8_t *, void *)) SHA256_Final
|
||||
};
|
||||
|
||||
struct auth_hash auth_hash_hmac_sha2_384 = {
|
||||
CRYPTO_SHA2_384_HMAC, "HMAC-SHA2-384",
|
||||
48, SHA2_384_HASH_LEN, sizeof(SHA384_CTX), SHA2_384_HMAC_BLOCK_LEN,
|
||||
SHA2_384_HMAC_KEY_LEN, SHA2_384_HASH_LEN, sizeof(SHA384_CTX),
|
||||
SHA2_384_HMAC_BLOCK_LEN,
|
||||
(void (*)(void *)) SHA384_Init, NULL, NULL, SHA384Update_int,
|
||||
(void (*)(u_int8_t *, void *)) SHA384_Final
|
||||
};
|
||||
|
||||
struct auth_hash auth_hash_hmac_sha2_512 = {
|
||||
CRYPTO_SHA2_512_HMAC, "HMAC-SHA2-512",
|
||||
64, SHA2_512_HASH_LEN, sizeof(SHA512_CTX), SHA2_512_HMAC_BLOCK_LEN,
|
||||
SHA2_512_HMAC_KEY_LEN, SHA2_512_HASH_LEN, sizeof(SHA512_CTX),
|
||||
SHA2_512_HMAC_BLOCK_LEN,
|
||||
(void (*)(void *)) SHA512_Init, NULL, NULL, SHA512Update_int,
|
||||
(void (*)(u_int8_t *, void *)) SHA512_Final
|
||||
};
|
||||
|
||||
struct auth_hash auth_hash_nist_gmac_aes_128 = {
|
||||
CRYPTO_AES_128_NIST_GMAC, "GMAC-AES-128",
|
||||
16, 16, sizeof(struct aes_gmac_ctx), GMAC_BLOCK_LEN,
|
||||
AES_128_HMAC_KEY_LEN, AES_HASH_LEN, sizeof(struct aes_gmac_ctx),
|
||||
GMAC_BLOCK_LEN,
|
||||
(void (*)(void *)) AES_GMAC_Init,
|
||||
(void (*)(void *, const u_int8_t *, u_int16_t)) AES_GMAC_Setkey,
|
||||
(void (*)(void *, const u_int8_t *, u_int16_t)) AES_GMAC_Reinit,
|
||||
@ -354,7 +364,8 @@ struct auth_hash auth_hash_nist_gmac_aes_128 = {
|
||||
|
||||
struct auth_hash auth_hash_nist_gmac_aes_192 = {
|
||||
CRYPTO_AES_192_NIST_GMAC, "GMAC-AES-192",
|
||||
24, 16, sizeof(struct aes_gmac_ctx), GMAC_BLOCK_LEN,
|
||||
AES_192_HMAC_KEY_LEN, AES_HASH_LEN, sizeof(struct aes_gmac_ctx),
|
||||
GMAC_BLOCK_LEN,
|
||||
(void (*)(void *)) AES_GMAC_Init,
|
||||
(void (*)(void *, const u_int8_t *, u_int16_t)) AES_GMAC_Setkey,
|
||||
(void (*)(void *, const u_int8_t *, u_int16_t)) AES_GMAC_Reinit,
|
||||
@ -364,7 +375,8 @@ struct auth_hash auth_hash_nist_gmac_aes_192 = {
|
||||
|
||||
struct auth_hash auth_hash_nist_gmac_aes_256 = {
|
||||
CRYPTO_AES_256_NIST_GMAC, "GMAC-AES-256",
|
||||
32, 16, sizeof(struct aes_gmac_ctx), GMAC_BLOCK_LEN,
|
||||
AES_256_HMAC_KEY_LEN, AES_HASH_LEN, sizeof(struct aes_gmac_ctx),
|
||||
GMAC_BLOCK_LEN,
|
||||
(void (*)(void *)) AES_GMAC_Init,
|
||||
(void (*)(void *, const u_int8_t *, u_int16_t)) AES_GMAC_Setkey,
|
||||
(void (*)(void *, const u_int8_t *, u_int16_t)) AES_GMAC_Reinit,
|
||||
|
||||
Loading…
Reference in New Issue
Block a user