Honor cri_mlen value.

Reviewed by: sam Tested on: hifn(4), ubsec(4) Compile-tested: safe(4)
svn path=/head/; revision=158705
2006-05-17 18:34:26 +00:00 · 2006-05-17 18:34:26 +00:00 · af65c53afd · 2020-12-20 02:59:44 +00:00
commit af65c53afd
parent 80e35494cc
6 changed files with 46 additions and 13 deletions
--- a/sys/dev/hifn/hifn7751.c
+++ b/sys/dev/hifn/hifn7751.c
@ -2344,6 +2344,19 @@ hifn_newsession(void *arg, u_int32_t *sidp, struct cryptoini *cri)
 			if (mac)
 				return (EINVAL);
 			mac = 1;
+			ses->hs_mlen = c->cri_mlen;
+			if (ses->hs_mlen == 0) {
+				switch (c->cri_alg) {
+				case CRYPTO_MD5:
+				case CRYPTO_MD5_HMAC:
+					ses->hs_mlen = 16;
+					break;
+				case CRYPTO_SHA1:
+				case CRYPTO_SHA1_HMAC:
+					ses->hs_mlen = 20;
+					break;
+				}
+			}
 			break;
 		case CRYPTO_DES_CBC:
 		case CRYPTO_3DES_CBC:
@ -2809,16 +2822,13 @@ hifn_callback(struct hifn_softc *sc, struct hifn_command *cmd, u_int8_t *macbuf)
 		for (crd = crp->crp_desc; crd; crd = crd->crd_next) {
                        int len;

-                        if (crd->crd_alg == CRYPTO_MD5)
-				len = 16;
-                        else if (crd->crd_alg == CRYPTO_SHA1)
-				len = 20;
-                        else if (crd->crd_alg == CRYPTO_MD5_HMAC ||
-                            crd->crd_alg == CRYPTO_SHA1_HMAC)
-				len = 12;
-                        else
+			if (crd->crd_alg != CRYPTO_MD5 &&
+			    crd->crd_alg != CRYPTO_SHA1 &&
+			    crd->crd_alg != CRYPTO_MD5_HMAC &&
+			    crd->crd_alg != CRYPTO_SHA1_HMAC) {
 				continue;
-
+			}
+			len = cmd->softc->sc_sessions[cmd->session_num].hs_mlen;
 			if (crp->crp_flags & CRYPTO_F_IMBUF)
 				m_copyback((struct mbuf *)crp->crp_buf,
                                   crd->crd_inject, len, macbuf);
--- a/sys/dev/hifn/hifn7751var.h
+++ b/sys/dev/hifn/hifn7751var.h
@ -112,6 +112,7 @@ struct hifn_dma {

 struct hifn_session {
 	int hs_used;
+	int hs_mlen;
 	u_int8_t hs_iv[HIFN_MAX_IV_LENGTH];
 };

--- a/sys/dev/safe/safe.c
+++ b/sys/dev/safe/safe.c
@ -746,6 +746,14 @@ safe_newsession(void *arg, u_int32_t *sidp, struct cryptoini *cri)
 	}

 	if (macini) {
+		ses->ses_mlen = macini->cri_mlen;
+		if (ses->ses_mlen == 0) {
+			if (macini->cri_alg == CRYPTO_MD5_HMAC)
+				ses->ses_mlen = MD5_DIGEST_LENGTH;
+			else
+				ses->ses_mlen = SHA1_RESULTLEN;
+		}
+
 		for (i = 0; i < macini->cri_klen / 8; i++)
 			macini->cri_key[i] ^= HMAC_IPAD_VAL;

@ -1580,11 +1588,13 @@ safe_callback(struct safe_softc *sc, struct safe_ringentry *re)
 			}
 			if (crp->crp_flags & CRYPTO_F_IMBUF) {
 				m_copyback((struct mbuf *)crp->crp_buf,
-					crd->crd_inject, 12,
+					crd->crd_inject,
+					sc->sc_sessions[re->re_sesn].ses_mlen,
 					(caddr_t)re->re_sastate.sa_saved_indigest);
 			} else if (crp->crp_flags & CRYPTO_F_IOV && crp->crp_mac) {
 				bcopy((caddr_t)re->re_sastate.sa_saved_indigest,
-					crp->crp_mac, 12);
+					crp->crp_mac,
+					sc->sc_sessions[re->re_sesn].ses_mlen);
 			}
 			break;
 		}
--- a/sys/dev/safe/safevar.h
+++ b/sys/dev/safe/safevar.h
@ -138,6 +138,7 @@ struct safe_session {
 	u_int32_t	ses_used;
 	u_int32_t	ses_klen;		/* key length in bits */
 	u_int32_t	ses_key[8];		/* DES/3DES/AES key */
+	u_int32_t	ses_mlen;		/* hmac length in bytes */
 	u_int32_t	ses_hminner[5];		/* hmac inner state */
 	u_int32_t	ses_hmouter[5];		/* hmac outer state */
 	u_int32_t	ses_iv[4];		/* DES/3DES/AES iv */
--- a/sys/dev/ubsec/ubsec.c
+++ b/sys/dev/ubsec/ubsec.c
@ -917,6 +917,14 @@ ubsec_newsession(void *arg, u_int32_t *sidp, struct cryptoini *cri)
 	}

 	if (macini) {
+		ses->ses_mlen = macini->cri_mlen;
+		if (ses->ses_mlen == 0) {
+			if (macini->cri_alg == CRYPTO_MD5_HMAC)
+				ses->ses_mlen = MD5_DIGEST_LENGTH;
+			else
+				ses->ses_mlen = SHA1_RESULTLEN;
+		}
+
 		for (i = 0; i < macini->cri_klen / 8; i++)
 			macini->cri_key[i] ^= HMAC_IPAD_VAL;

@ -1604,11 +1612,13 @@ ubsec_callback(struct ubsec_softc *sc, struct ubsec_q *q)
 			continue;
 		if (crp->crp_flags & CRYPTO_F_IMBUF)
 			m_copyback((struct mbuf *)crp->crp_buf,
-			    crd->crd_inject, 12,
+			    crd->crd_inject,
+			    sc->sc_sessions[q->q_sesn].ses_mlen,
 			    (caddr_t)dmap->d_dma->d_macbuf);
 		else if (crp->crp_flags & CRYPTO_F_IOV && crp->crp_mac)
 			bcopy((caddr_t)dmap->d_dma->d_macbuf,
-			    crp->crp_mac, 12);
+			    crp->crp_mac,
+			    sc->sc_sessions[q->q_sesn].ses_mlen);
 		break;
 	}
 	mtx_lock(&sc->sc_freeqlock);
--- a/sys/dev/ubsec/ubsecvar.h
+++ b/sys/dev/ubsec/ubsecvar.h
@ -218,6 +218,7 @@ struct ubsec_softc {
 struct ubsec_session {
 	u_int32_t	ses_used;
 	u_int32_t	ses_deskey[6];		/* 3DES key */
+	u_int32_t	ses_mlen;		/* hmac length */
 	u_int32_t	ses_hminner[5];		/* hmac inner state */
 	u_int32_t	ses_hmouter[5];		/* hmac outer state */
 	u_int32_t	ses_iv[2];		/* [3]DES iv */