- support AES XCBC MAC for AH
- correct SADB_X_AALG_RIPEMD160HMAC to 8 Obtained from: KAME
This commit is contained in:
parent
7f75c38230
commit
c65ee7c758
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=121061
@ -174,6 +174,9 @@ static struct val2str str_alg_auth[] = {
|
|||||||
#endif
|
#endif
|
||||||
#ifdef SADB_X_AALG_RIPEMD160HMAC
|
#ifdef SADB_X_AALG_RIPEMD160HMAC
|
||||||
{ SADB_X_AALG_RIPEMD160HMAC, "hmac-ripemd160", },
|
{ SADB_X_AALG_RIPEMD160HMAC, "hmac-ripemd160", },
|
||||||
|
#endif
|
||||||
|
#ifdef SADB_X_AALG_AES_XCBC_MAC
|
||||||
|
{ SADB_X_AALG_AES_XCBC_MAC, "aes-xcbc-mac", },
|
||||||
#endif
|
#endif
|
||||||
{ -1, NULL, },
|
{ -1, NULL, },
|
||||||
};
|
};
|
||||||
|
@ -551,6 +551,8 @@ hmac-sha2-512 512 ah: 96bit ICV (no document)
|
|||||||
512 ah-old: 128bit ICV (no document)
|
512 ah-old: 128bit ICV (no document)
|
||||||
hmac-ripemd160 160 ah: 96bit ICV (RFC2857)
|
hmac-ripemd160 160 ah: 96bit ICV (RFC2857)
|
||||||
ah-old: 128bit ICV (no document)
|
ah-old: 128bit ICV (no document)
|
||||||
|
aes-xcbc-mac 128 ah: 96bit ICV (RFC3566)
|
||||||
|
128 ah-old: 128bit ICV (no document)
|
||||||
.Ed
|
.Ed
|
||||||
.Pp
|
.Pp
|
||||||
Followings are the list of encryption algorithms that can be used as
|
Followings are the list of encryption algorithms that can be used as
|
||||||
|
@ -171,6 +171,7 @@ hmac-sha2-256 { PREPROC; yylval.num = SADB_X_AALG_SHA2_256; return(ALG_AUTH); }
|
|||||||
hmac-sha2-384 { PREPROC; yylval.num = SADB_X_AALG_SHA2_384; return(ALG_AUTH); }
|
hmac-sha2-384 { PREPROC; yylval.num = SADB_X_AALG_SHA2_384; return(ALG_AUTH); }
|
||||||
hmac-sha2-512 { PREPROC; yylval.num = SADB_X_AALG_SHA2_512; return(ALG_AUTH); }
|
hmac-sha2-512 { PREPROC; yylval.num = SADB_X_AALG_SHA2_512; return(ALG_AUTH); }
|
||||||
hmac-ripemd160 { PREPROC; yylval.num = SADB_X_AALG_RIPEMD160HMAC; return(ALG_AUTH); }
|
hmac-ripemd160 { PREPROC; yylval.num = SADB_X_AALG_RIPEMD160HMAC; return(ALG_AUTH); }
|
||||||
|
aes-xcbc-mac { PREPROC; yylval.num = SADB_X_AALG_AES_XCBC_MAC; return(ALG_AUTH); }
|
||||||
null { PREPROC; yylval.num = SADB_X_AALG_NULL; return(ALG_AUTH); }
|
null { PREPROC; yylval.num = SADB_X_AALG_NULL; return(ALG_AUTH); }
|
||||||
|
|
||||||
/* encryption alogorithm */
|
/* encryption alogorithm */
|
||||||
|
@ -205,8 +205,8 @@ crypto/blowfish/bf_skey.c optional ipsec ipsec_esp
|
|||||||
crypto/cast128/cast128.c optional ipsec ipsec_esp
|
crypto/cast128/cast128.c optional ipsec ipsec_esp
|
||||||
crypto/des/des_ecb.c optional ipsec ipsec_esp
|
crypto/des/des_ecb.c optional ipsec ipsec_esp
|
||||||
crypto/des/des_setkey.c optional ipsec ipsec_esp
|
crypto/des/des_setkey.c optional ipsec ipsec_esp
|
||||||
crypto/rijndael/rijndael-alg-fst.c optional ipsec ipsec_esp
|
crypto/rijndael/rijndael-alg-fst.c optional ipsec
|
||||||
crypto/rijndael/rijndael-api-fst.c optional ipsec ipsec_esp
|
crypto/rijndael/rijndael-api-fst.c optional ipsec
|
||||||
opencrypto/rmd160.c optional ipsec
|
opencrypto/rmd160.c optional ipsec
|
||||||
crypto/sha1.c optional ipsec
|
crypto/sha1.c optional ipsec
|
||||||
crypto/sha2/sha2.c optional ipsec
|
crypto/sha2/sha2.c optional ipsec
|
||||||
@ -1436,6 +1436,7 @@ netinet/tcp_syncache.c optional inet
|
|||||||
netinet/tcp_timer.c optional inet
|
netinet/tcp_timer.c optional inet
|
||||||
netinet/tcp_usrreq.c optional inet
|
netinet/tcp_usrreq.c optional inet
|
||||||
netinet/udp_usrreq.c optional inet
|
netinet/udp_usrreq.c optional inet
|
||||||
|
netinet6/ah_aesxcbcmac.c optional ipsec
|
||||||
netinet6/ah_core.c optional ipsec
|
netinet6/ah_core.c optional ipsec
|
||||||
netinet6/ah_input.c optional ipsec
|
netinet6/ah_input.c optional ipsec
|
||||||
netinet6/ah_output.c optional ipsec
|
netinet6/ah_output.c optional ipsec
|
||||||
|
@ -307,7 +307,8 @@ struct sadb_x_ipsecrequest {
|
|||||||
#define SADB_X_AALG_SHA2_256 5
|
#define SADB_X_AALG_SHA2_256 5
|
||||||
#define SADB_X_AALG_SHA2_384 6
|
#define SADB_X_AALG_SHA2_384 6
|
||||||
#define SADB_X_AALG_SHA2_512 7
|
#define SADB_X_AALG_SHA2_512 7
|
||||||
#define SADB_X_AALG_RIPEMD160HMAC 9 /*8*/
|
#define SADB_X_AALG_RIPEMD160HMAC 8
|
||||||
|
#define SADB_X_AALG_AES_XCBC_MAC 9 /* draft-ietf-ipsec-ciph-aes-xcbc-mac-04 */
|
||||||
/* private allocations should use 249-255 (RFC2407) */
|
/* private allocations should use 249-255 (RFC2407) */
|
||||||
#define SADB_X_AALG_MD5 249 /* Keyed MD5 */
|
#define SADB_X_AALG_MD5 249 /* Keyed MD5 */
|
||||||
#define SADB_X_AALG_SHA 250 /* Keyed SHA */
|
#define SADB_X_AALG_SHA 250 /* Keyed SHA */
|
||||||
|
@ -74,6 +74,7 @@
|
|||||||
#ifdef INET6
|
#ifdef INET6
|
||||||
#include <netinet6/ah6.h>
|
#include <netinet6/ah6.h>
|
||||||
#endif
|
#endif
|
||||||
|
#include <netinet6/ah_aesxcbcmac.h>
|
||||||
#ifdef IPSEC_ESP
|
#ifdef IPSEC_ESP
|
||||||
#include <netinet6/esp.h>
|
#include <netinet6/esp.h>
|
||||||
#ifdef INET6
|
#ifdef INET6
|
||||||
@ -188,6 +189,10 @@ ah_algorithm_lookup(idx)
|
|||||||
"hmac-ripemd160",
|
"hmac-ripemd160",
|
||||||
ah_hmac_ripemd160_init, ah_hmac_ripemd160_loop,
|
ah_hmac_ripemd160_init, ah_hmac_ripemd160_loop,
|
||||||
ah_hmac_ripemd160_result, },
|
ah_hmac_ripemd160_result, },
|
||||||
|
{ ah_sumsiz_1216, ah_common_mature, 128, 128,
|
||||||
|
"aes-xcbc-mac",
|
||||||
|
ah_aes_xcbc_mac_init, ah_aes_xcbc_mac_loop,
|
||||||
|
ah_aes_xcbc_mac_result, },
|
||||||
};
|
};
|
||||||
|
|
||||||
switch (idx) {
|
switch (idx) {
|
||||||
@ -209,6 +214,8 @@ ah_algorithm_lookup(idx)
|
|||||||
return &ah_algorithms[7];
|
return &ah_algorithms[7];
|
||||||
case SADB_X_AALG_RIPEMD160HMAC:
|
case SADB_X_AALG_RIPEMD160HMAC:
|
||||||
return &ah_algorithms[8];
|
return &ah_algorithms[8];
|
||||||
|
case SADB_X_AALG_AES_XCBC_MAC:
|
||||||
|
return &ah_algorithms[9];
|
||||||
default:
|
default:
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
@ -551,6 +551,8 @@ hmac-sha2-512 512 ah: 96bit ICV (no document)
|
|||||||
512 ah-old: 128bit ICV (no document)
|
512 ah-old: 128bit ICV (no document)
|
||||||
hmac-ripemd160 160 ah: 96bit ICV (RFC2857)
|
hmac-ripemd160 160 ah: 96bit ICV (RFC2857)
|
||||||
ah-old: 128bit ICV (no document)
|
ah-old: 128bit ICV (no document)
|
||||||
|
aes-xcbc-mac 128 ah: 96bit ICV (RFC3566)
|
||||||
|
128 ah-old: 128bit ICV (no document)
|
||||||
.Ed
|
.Ed
|
||||||
.Pp
|
.Pp
|
||||||
Followings are the list of encryption algorithms that can be used as
|
Followings are the list of encryption algorithms that can be used as
|
||||||
|
@ -171,6 +171,7 @@ hmac-sha2-256 { PREPROC; yylval.num = SADB_X_AALG_SHA2_256; return(ALG_AUTH); }
|
|||||||
hmac-sha2-384 { PREPROC; yylval.num = SADB_X_AALG_SHA2_384; return(ALG_AUTH); }
|
hmac-sha2-384 { PREPROC; yylval.num = SADB_X_AALG_SHA2_384; return(ALG_AUTH); }
|
||||||
hmac-sha2-512 { PREPROC; yylval.num = SADB_X_AALG_SHA2_512; return(ALG_AUTH); }
|
hmac-sha2-512 { PREPROC; yylval.num = SADB_X_AALG_SHA2_512; return(ALG_AUTH); }
|
||||||
hmac-ripemd160 { PREPROC; yylval.num = SADB_X_AALG_RIPEMD160HMAC; return(ALG_AUTH); }
|
hmac-ripemd160 { PREPROC; yylval.num = SADB_X_AALG_RIPEMD160HMAC; return(ALG_AUTH); }
|
||||||
|
aes-xcbc-mac { PREPROC; yylval.num = SADB_X_AALG_AES_XCBC_MAC; return(ALG_AUTH); }
|
||||||
null { PREPROC; yylval.num = SADB_X_AALG_NULL; return(ALG_AUTH); }
|
null { PREPROC; yylval.num = SADB_X_AALG_NULL; return(ALG_AUTH); }
|
||||||
|
|
||||||
/* encryption alogorithm */
|
/* encryption alogorithm */
|
||||||
|
Loading…
Reference in New Issue
Block a user