- support AES XCBC MAC for AH
- correct SADB_X_AALG_RIPEMD160HMAC to 8 Obtained from: KAME
This commit is contained in:
Hajimu UMEMOTO
parent
7f75c38230
commit
c65ee7c758
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=121061
@ -174,6 +174,9 @@ static struct val2str str_alg_auth[] = {
|
||||
#endif
|
||||
#ifdef SADB_X_AALG_RIPEMD160HMAC
|
||||
{ SADB_X_AALG_RIPEMD160HMAC, "hmac-ripemd160", },
|
||||
#endif
|
||||
#ifdef SADB_X_AALG_AES_XCBC_MAC
|
||||
{ SADB_X_AALG_AES_XCBC_MAC, "aes-xcbc-mac", },
|
||||
#endif
|
||||
{ -1, NULL, },
|
||||
};
|
||||
|
||||
@ -551,6 +551,8 @@ hmac-sha2-512 512 ah: 96bit ICV (no document)
|
||||
512 ah-old: 128bit ICV (no document)
|
||||
hmac-ripemd160 160 ah: 96bit ICV (RFC2857)
|
||||
ah-old: 128bit ICV (no document)
|
||||
aes-xcbc-mac 128 ah: 96bit ICV (RFC3566)
|
||||
128 ah-old: 128bit ICV (no document)
|
||||
.Ed
|
||||
.Pp
|
||||
Followings are the list of encryption algorithms that can be used as
|
||||
|
||||
@ -171,6 +171,7 @@ hmac-sha2-256 { PREPROC; yylval.num = SADB_X_AALG_SHA2_256; return(ALG_AUTH); }
|
||||
hmac-sha2-384 { PREPROC; yylval.num = SADB_X_AALG_SHA2_384; return(ALG_AUTH); }
|
||||
hmac-sha2-512 { PREPROC; yylval.num = SADB_X_AALG_SHA2_512; return(ALG_AUTH); }
|
||||
hmac-ripemd160 { PREPROC; yylval.num = SADB_X_AALG_RIPEMD160HMAC; return(ALG_AUTH); }
|
||||
aes-xcbc-mac { PREPROC; yylval.num = SADB_X_AALG_AES_XCBC_MAC; return(ALG_AUTH); }
|
||||
null { PREPROC; yylval.num = SADB_X_AALG_NULL; return(ALG_AUTH); }
|
||||
|
||||
/* encryption alogorithm */
|
||||
|
||||
@ -205,8 +205,8 @@ crypto/blowfish/bf_skey.c optional ipsec ipsec_esp
|
||||
crypto/cast128/cast128.c optional ipsec ipsec_esp
|
||||
crypto/des/des_ecb.c optional ipsec ipsec_esp
|
||||
crypto/des/des_setkey.c optional ipsec ipsec_esp
|
||||
crypto/rijndael/rijndael-alg-fst.c optional ipsec ipsec_esp
|
||||
crypto/rijndael/rijndael-api-fst.c optional ipsec ipsec_esp
|
||||
crypto/rijndael/rijndael-alg-fst.c optional ipsec
|
||||
crypto/rijndael/rijndael-api-fst.c optional ipsec
|
||||
opencrypto/rmd160.c optional ipsec
|
||||
crypto/sha1.c optional ipsec
|
||||
crypto/sha2/sha2.c optional ipsec
|
||||
@ -1436,6 +1436,7 @@ netinet/tcp_syncache.c optional inet
|
||||
netinet/tcp_timer.c optional inet
|
||||
netinet/tcp_usrreq.c optional inet
|
||||
netinet/udp_usrreq.c optional inet
|
||||
netinet6/ah_aesxcbcmac.c optional ipsec
|
||||
netinet6/ah_core.c optional ipsec
|
||||
netinet6/ah_input.c optional ipsec
|
||||
netinet6/ah_output.c optional ipsec
|
||||
|
||||
@ -307,7 +307,8 @@ struct sadb_x_ipsecrequest {
|
||||
#define SADB_X_AALG_SHA2_256 5
|
||||
#define SADB_X_AALG_SHA2_384 6
|
||||
#define SADB_X_AALG_SHA2_512 7
|
||||
#define SADB_X_AALG_RIPEMD160HMAC 9 /*8*/
|
||||
#define SADB_X_AALG_RIPEMD160HMAC 8
|
||||
#define SADB_X_AALG_AES_XCBC_MAC 9 /* draft-ietf-ipsec-ciph-aes-xcbc-mac-04 */
|
||||
/* private allocations should use 249-255 (RFC2407) */
|
||||
#define SADB_X_AALG_MD5 249 /* Keyed MD5 */
|
||||
#define SADB_X_AALG_SHA 250 /* Keyed SHA */
|
||||
|
||||
@ -74,6 +74,7 @@
|
||||
#ifdef INET6
|
||||
#include <netinet6/ah6.h>
|
||||
#endif
|
||||
#include <netinet6/ah_aesxcbcmac.h>
|
||||
#ifdef IPSEC_ESP
|
||||
#include <netinet6/esp.h>
|
||||
#ifdef INET6
|
||||
@ -188,6 +189,10 @@ ah_algorithm_lookup(idx)
|
||||
"hmac-ripemd160",
|
||||
ah_hmac_ripemd160_init, ah_hmac_ripemd160_loop,
|
||||
ah_hmac_ripemd160_result, },
|
||||
{ ah_sumsiz_1216, ah_common_mature, 128, 128,
|
||||
"aes-xcbc-mac",
|
||||
ah_aes_xcbc_mac_init, ah_aes_xcbc_mac_loop,
|
||||
ah_aes_xcbc_mac_result, },
|
||||
};
|
||||
|
||||
switch (idx) {
|
||||
@ -209,6 +214,8 @@ ah_algorithm_lookup(idx)
|
||||
return &ah_algorithms[7];
|
||||
case SADB_X_AALG_RIPEMD160HMAC:
|
||||
return &ah_algorithms[8];
|
||||
case SADB_X_AALG_AES_XCBC_MAC:
|
||||
return &ah_algorithms[9];
|
||||
default:
|
||||
return NULL;
|
||||
}
|
||||
|
||||
@ -551,6 +551,8 @@ hmac-sha2-512 512 ah: 96bit ICV (no document)
|
||||
512 ah-old: 128bit ICV (no document)
|
||||
hmac-ripemd160 160 ah: 96bit ICV (RFC2857)
|
||||
ah-old: 128bit ICV (no document)
|
||||
aes-xcbc-mac 128 ah: 96bit ICV (RFC3566)
|
||||
128 ah-old: 128bit ICV (no document)
|
||||
.Ed
|
||||
.Pp
|
||||
Followings are the list of encryption algorithms that can be used as
|
||||
|
||||
@ -171,6 +171,7 @@ hmac-sha2-256 { PREPROC; yylval.num = SADB_X_AALG_SHA2_256; return(ALG_AUTH); }
|
||||
hmac-sha2-384 { PREPROC; yylval.num = SADB_X_AALG_SHA2_384; return(ALG_AUTH); }
|
||||
hmac-sha2-512 { PREPROC; yylval.num = SADB_X_AALG_SHA2_512; return(ALG_AUTH); }
|
||||
hmac-ripemd160 { PREPROC; yylval.num = SADB_X_AALG_RIPEMD160HMAC; return(ALG_AUTH); }
|
||||
aes-xcbc-mac { PREPROC; yylval.num = SADB_X_AALG_AES_XCBC_MAC; return(ALG_AUTH); }
|
||||
null { PREPROC; yylval.num = SADB_X_AALG_NULL; return(ALG_AUTH); }
|
||||
|
||||
/* encryption alogorithm */
|
||||
|
||||
Loading…
Reference in New Issue
Block a user