Add comments trying to explain what bad things happen here, i.e.

how hashed MD5/SHA are implemented, abusing Final() for padding and sw_octx to transport the key from the beginning to the end. Enlightened about what was going on here by: cperciva Reviewed by: cperciva MFC After: 3 days X-MFC with: r187826 PR: kern/126468
svn path=/head/; revision=201898
2010-01-09 15:43:47 +00:00 · 2010-01-09 15:43:47 +00:00 · 77680d964f · 2020-12-20 02:59:44 +00:00
commit 77680d964f
parent f1727e425a
1 changed files with 18 additions and 1 deletions
--- a/sys/opencrypto/cryptosoft.c
+++ b/sys/opencrypto/cryptosoft.c
@ -434,7 +434,16 @@ swcr_authprepare(struct auth_hash *axf, struct swcr_data *sw, u_char *key,
 	case CRYPTO_MD5_KPDK:
 	case CRYPTO_SHA1_KPDK:
 	{
-		/* We need a buffer that can hold an md5 and a sha1 result. */
+		/* 
+		 * We need a buffer that can hold an md5 and a sha1 result
+		 * just to throw it away.
+		 * What we do here is the initial part of:
+		 *   ALGO( key, keyfill, .. )
+		 * adding the key to sw_ictx and abusing Final() to get the
+		 * "keyfill" padding.
+		 * In addition we abuse the sw_octx to save the key to have
+		 * it to be able to append it at the end in swcr_authcompute().
+		 */
 		u_char buf[SHA1_RESULTLEN];

 		sw->sw_klen = klen;
@ -495,9 +504,17 @@ swcr_authcompute(struct cryptodesc *crd, struct swcr_data *sw, caddr_t buf,

 	case CRYPTO_MD5_KPDK:
 	case CRYPTO_SHA1_KPDK:
+		/* If we have no key saved, return error. */
 		if (sw->sw_octx == NULL)
 			return EINVAL;

+		/*
+		 * Add the trailing copy of the key (see comment in
+		 * swcr_authprepare()) after the data:
+		 *   ALGO( .., key, algofill )
+		 * and let Final() do the proper, natural "algofill"
+		 * padding.
+		 */
 		axf->Update(&ctx, sw->sw_octx, sw->sw_klen);
 		axf->Final(aalg, &ctx);
 		break;