diff --git a/sys/crypto/aesni/aesni.h b/sys/crypto/aesni/aesni.h index 0231d572fc78..c1b95c7d6162 100644 --- a/sys/crypto/aesni/aesni.h +++ b/sys/crypto/aesni/aesni.h @@ -57,7 +57,7 @@ struct aesni_session { uint8_t dec_schedule[AES_SCHED_LEN] __aligned(16); uint8_t xts_schedule[AES_SCHED_LEN] __aligned(16); /* Same as the SHA256 Blocksize. */ - uint8_t hmac_key[SHA1_HMAC_BLOCK_LEN] __aligned(16); + uint8_t hmac_key[SHA1_BLOCK_LEN] __aligned(16); int algo; int rounds; /* uint8_t *ses_ictx; */ diff --git a/sys/crypto/ccp/ccp.h b/sys/crypto/ccp/ccp.h index 26aeca4aab94..57959258132a 100644 --- a/sys/crypto/ccp/ccp.h +++ b/sys/crypto/ccp/ccp.h @@ -35,7 +35,7 @@ * SHA3-224 is the next largest block size, at 1152 bits. However, crypto(4) * doesn't support any SHA3 hash, so SHA2 is the constraint: */ -#define CCP_HASH_MAX_BLOCK_SIZE (SHA2_512_HMAC_BLOCK_LEN) +#define CCP_HASH_MAX_BLOCK_SIZE (SHA2_512_BLOCK_LEN) #define CCP_AES_MAX_KEY_LEN (AES_XTS_MAX_KEY) #define CCP_MAX_CRYPTO_IV_LEN 32 /* GCM IV + GHASH context */ diff --git a/sys/crypto/via/padlock_hash.c b/sys/crypto/via/padlock_hash.c index e7d82c8567ac..d6c9940208e2 100644 --- a/sys/crypto/via/padlock_hash.c +++ b/sys/crypto/via/padlock_hash.c @@ -83,10 +83,10 @@ static void padlock_sha256_final(uint8_t *hash, struct padlock_sha_ctx *ctx); static struct auth_hash padlock_hmac_sha1 = { .type = CRYPTO_SHA1_HMAC, .name = "HMAC-SHA1", - .keysize = SHA1_HMAC_BLOCK_LEN, + .keysize = SHA1_BLOCK_LEN, .hashsize = SHA1_HASH_LEN, .ctxsize = sizeof(struct padlock_sha_ctx), - .blocksize = SHA1_HMAC_BLOCK_LEN, + .blocksize = SHA1_BLOCK_LEN, .Init = (void (*)(void *))padlock_sha_init, .Update = (int (*)(void *, const uint8_t *, uint16_t))padlock_sha_update, .Final = (void (*)(uint8_t *, void *))padlock_sha1_final, @@ -95,10 +95,10 @@ static struct auth_hash padlock_hmac_sha1 = { static struct auth_hash padlock_hmac_sha256 = { .type = CRYPTO_SHA2_256_HMAC, .name = "HMAC-SHA2-256", - .keysize = SHA2_256_HMAC_BLOCK_LEN, + .keysize = SHA2_256_BLOCK_LEN, .hashsize = SHA2_256_HASH_LEN, .ctxsize = sizeof(struct padlock_sha_ctx), - .blocksize = SHA2_256_HMAC_BLOCK_LEN, + .blocksize = SHA2_256_BLOCK_LEN, .Init = (void (*)(void *))padlock_sha_init, .Update = (int (*)(void *, const uint8_t *, uint16_t))padlock_sha_update, .Final = (void (*)(uint8_t *, void *))padlock_sha256_final, diff --git a/sys/dev/cesa/cesa.c b/sys/dev/cesa/cesa.c index 92b3afb52d01..21508d70c7f7 100644 --- a/sys/dev/cesa/cesa.c +++ b/sys/dev/cesa/cesa.c @@ -471,26 +471,26 @@ cesa_set_mkey(struct cesa_session *cs, int alg, const uint8_t *mkey, int mklen) switch (alg) { case CRYPTO_MD5_HMAC: MD5Init(&md5ctx); - MD5Update(&md5ctx, ipad, MD5_HMAC_BLOCK_LEN); + MD5Update(&md5ctx, ipad, MD5_BLOCK_LEN); memcpy(hin, md5ctx.state, sizeof(md5ctx.state)); MD5Init(&md5ctx); - MD5Update(&md5ctx, opad, MD5_HMAC_BLOCK_LEN); + MD5Update(&md5ctx, opad, MD5_BLOCK_LEN); memcpy(hout, md5ctx.state, sizeof(md5ctx.state)); break; case CRYPTO_SHA1_HMAC: SHA1Init(&sha1ctx); - SHA1Update(&sha1ctx, ipad, SHA1_HMAC_BLOCK_LEN); + SHA1Update(&sha1ctx, ipad, SHA1_BLOCK_LEN); memcpy(hin, sha1ctx.h.b32, sizeof(sha1ctx.h.b32)); SHA1Init(&sha1ctx); - SHA1Update(&sha1ctx, opad, SHA1_HMAC_BLOCK_LEN); + SHA1Update(&sha1ctx, opad, SHA1_BLOCK_LEN); memcpy(hout, sha1ctx.h.b32, sizeof(sha1ctx.h.b32)); break; case CRYPTO_SHA2_256_HMAC: SHA256_Init(&sha256ctx); - SHA256_Update(&sha256ctx, ipad, SHA2_256_HMAC_BLOCK_LEN); + SHA256_Update(&sha256ctx, ipad, SHA2_256_BLOCK_LEN); memcpy(hin, sha256ctx.state, sizeof(sha256ctx.state)); SHA256_Init(&sha256ctx); - SHA256_Update(&sha256ctx, opad, SHA2_256_HMAC_BLOCK_LEN); + SHA256_Update(&sha256ctx, opad, SHA2_256_BLOCK_LEN); memcpy(hout, sha256ctx.state, sizeof(sha256ctx.state)); break; default: @@ -1684,7 +1684,7 @@ cesa_newsession(device_t dev, uint32_t *sidp, struct cryptoini *cri) cs->cs_config |= CESA_CSHD_MD5; break; case CRYPTO_MD5_HMAC: - cs->cs_mblen = MD5_HMAC_BLOCK_LEN; + cs->cs_mblen = MD5_BLOCK_LEN; cs->cs_hlen = (mac->cri_mlen == 0) ? MD5_HASH_LEN : mac->cri_mlen; cs->cs_config |= CESA_CSHD_MD5_HMAC; @@ -1698,7 +1698,7 @@ cesa_newsession(device_t dev, uint32_t *sidp, struct cryptoini *cri) cs->cs_config |= CESA_CSHD_SHA1; break; case CRYPTO_SHA1_HMAC: - cs->cs_mblen = SHA1_HMAC_BLOCK_LEN; + cs->cs_mblen = SHA1_BLOCK_LEN; cs->cs_hlen = (mac->cri_mlen == 0) ? SHA1_HASH_LEN : mac->cri_mlen; cs->cs_config |= CESA_CSHD_SHA1_HMAC; @@ -1706,7 +1706,7 @@ cesa_newsession(device_t dev, uint32_t *sidp, struct cryptoini *cri) cs->cs_config |= CESA_CSHD_96_BIT_HMAC; break; case CRYPTO_SHA2_256_HMAC: - cs->cs_mblen = SHA2_256_HMAC_BLOCK_LEN; + cs->cs_mblen = SHA2_256_BLOCK_LEN; cs->cs_hlen = (mac->cri_mlen == 0) ? SHA2_256_HASH_LEN : mac->cri_mlen; cs->cs_config |= CESA_CSHD_SHA2_256_HMAC; diff --git a/sys/dev/safe/safe.c b/sys/dev/safe/safe.c index 02bb75fa16be..83b22d8d89ee 100644 --- a/sys/dev/safe/safe.c +++ b/sys/dev/safe/safe.c @@ -655,13 +655,13 @@ safe_setup_mackey(struct safe_session *ses, int algo, caddr_t key, int klen) if (algo == CRYPTO_MD5_HMAC) { MD5Init(&md5ctx); MD5Update(&md5ctx, key, klen); - MD5Update(&md5ctx, hmac_ipad_buffer, MD5_HMAC_BLOCK_LEN - klen); + MD5Update(&md5ctx, hmac_ipad_buffer, MD5_BLOCK_LEN - klen); bcopy(md5ctx.state, ses->ses_hminner, sizeof(md5ctx.state)); } else { SHA1Init(&sha1ctx); SHA1Update(&sha1ctx, key, klen); SHA1Update(&sha1ctx, hmac_ipad_buffer, - SHA1_HMAC_BLOCK_LEN - klen); + SHA1_BLOCK_LEN - klen); bcopy(sha1ctx.h.b32, ses->ses_hminner, sizeof(sha1ctx.h.b32)); } @@ -671,13 +671,13 @@ safe_setup_mackey(struct safe_session *ses, int algo, caddr_t key, int klen) if (algo == CRYPTO_MD5_HMAC) { MD5Init(&md5ctx); MD5Update(&md5ctx, key, klen); - MD5Update(&md5ctx, hmac_opad_buffer, MD5_HMAC_BLOCK_LEN - klen); + MD5Update(&md5ctx, hmac_opad_buffer, MD5_BLOCK_LEN - klen); bcopy(md5ctx.state, ses->ses_hmouter, sizeof(md5ctx.state)); } else { SHA1Init(&sha1ctx); SHA1Update(&sha1ctx, key, klen); SHA1Update(&sha1ctx, hmac_opad_buffer, - SHA1_HMAC_BLOCK_LEN - klen); + SHA1_BLOCK_LEN - klen); bcopy(sha1ctx.h.b32, ses->ses_hmouter, sizeof(sha1ctx.h.b32)); } diff --git a/sys/dev/ubsec/ubsec.c b/sys/dev/ubsec/ubsec.c index 94c7b0506045..9078ffd9911e 100644 --- a/sys/dev/ubsec/ubsec.c +++ b/sys/dev/ubsec/ubsec.c @@ -859,13 +859,13 @@ ubsec_setup_mackey(struct ubsec_session *ses, int algo, caddr_t key, int klen) if (algo == CRYPTO_MD5_HMAC) { MD5Init(&md5ctx); MD5Update(&md5ctx, key, klen); - MD5Update(&md5ctx, hmac_ipad_buffer, MD5_HMAC_BLOCK_LEN - klen); + MD5Update(&md5ctx, hmac_ipad_buffer, MD5_BLOCK_LEN - klen); bcopy(md5ctx.state, ses->ses_hminner, sizeof(md5ctx.state)); } else { SHA1Init(&sha1ctx); SHA1Update(&sha1ctx, key, klen); SHA1Update(&sha1ctx, hmac_ipad_buffer, - SHA1_HMAC_BLOCK_LEN - klen); + SHA1_BLOCK_LEN - klen); bcopy(sha1ctx.h.b32, ses->ses_hminner, sizeof(sha1ctx.h.b32)); } @@ -875,13 +875,13 @@ ubsec_setup_mackey(struct ubsec_session *ses, int algo, caddr_t key, int klen) if (algo == CRYPTO_MD5_HMAC) { MD5Init(&md5ctx); MD5Update(&md5ctx, key, klen); - MD5Update(&md5ctx, hmac_opad_buffer, MD5_HMAC_BLOCK_LEN - klen); + MD5Update(&md5ctx, hmac_opad_buffer, MD5_BLOCK_LEN - klen); bcopy(md5ctx.state, ses->ses_hmouter, sizeof(md5ctx.state)); } else { SHA1Init(&sha1ctx); SHA1Update(&sha1ctx, key, klen); SHA1Update(&sha1ctx, hmac_opad_buffer, - SHA1_HMAC_BLOCK_LEN - klen); + SHA1_BLOCK_LEN - klen); bcopy(sha1ctx.h.b32, ses->ses_hmouter, sizeof(sha1ctx.h.b32)); } diff --git a/sys/opencrypto/cryptodev.h b/sys/opencrypto/cryptodev.h index 654225410fe9..18a8b22e7ab3 100644 --- a/sys/opencrypto/cryptodev.h +++ b/sys/opencrypto/cryptodev.h @@ -83,16 +83,17 @@ /* Maximum hash algorithm result length */ #define HASH_MAX_LEN SHA2_512_HASH_LEN /* Keep this updated */ +#define MD5_BLOCK_LEN 64 +#define SHA1_BLOCK_LEN 64 +#define RIPEMD160_BLOCK_LEN 64 +#define SHA2_256_BLOCK_LEN 64 +#define SHA2_384_BLOCK_LEN 128 +#define SHA2_512_BLOCK_LEN 128 + /* HMAC values */ #define NULL_HMAC_BLOCK_LEN 64 -#define MD5_HMAC_BLOCK_LEN 64 -#define SHA1_HMAC_BLOCK_LEN 64 -#define RIPEMD160_HMAC_BLOCK_LEN 64 -#define SHA2_256_HMAC_BLOCK_LEN 64 -#define SHA2_384_HMAC_BLOCK_LEN 128 -#define SHA2_512_HMAC_BLOCK_LEN 128 /* Maximum HMAC block length */ -#define HMAC_MAX_BLOCK_LEN SHA2_512_HMAC_BLOCK_LEN /* Keep this updated */ +#define HMAC_MAX_BLOCK_LEN SHA2_512_BLOCK_LEN /* Keep this updated */ #define HMAC_IPAD_VAL 0x36 #define HMAC_OPAD_VAL 0x5C /* HMAC Key Length */ diff --git a/sys/opencrypto/xform_md5.c b/sys/opencrypto/xform_md5.c index 47dfc75c5b54..5611ee397251 100644 --- a/sys/opencrypto/xform_md5.c +++ b/sys/opencrypto/xform_md5.c @@ -59,10 +59,10 @@ static int MD5Update_int(void *, const u_int8_t *, u_int16_t); struct auth_hash auth_hash_hmac_md5 = { .type = CRYPTO_MD5_HMAC, .name = "HMAC-MD5", - .keysize = MD5_HMAC_BLOCK_LEN, + .keysize = MD5_BLOCK_LEN, .hashsize = MD5_HASH_LEN, .ctxsize = sizeof(MD5_CTX), - .blocksize = MD5_HMAC_BLOCK_LEN, + .blocksize = MD5_BLOCK_LEN, .Init = (void (*) (void *)) MD5Init, .Update = MD5Update_int, .Final = (void (*) (u_int8_t *, void *)) MD5Final, diff --git a/sys/opencrypto/xform_rmd160.c b/sys/opencrypto/xform_rmd160.c index ee344e803102..98297308e024 100644 --- a/sys/opencrypto/xform_rmd160.c +++ b/sys/opencrypto/xform_rmd160.c @@ -59,10 +59,10 @@ static int RMD160Update_int(void *, const u_int8_t *, u_int16_t); struct auth_hash auth_hash_hmac_ripemd_160 = { .type = CRYPTO_RIPEMD160_HMAC, .name = "HMAC-RIPEMD-160", - .keysize = RIPEMD160_HMAC_BLOCK_LEN, + .keysize = RIPEMD160_BLOCK_LEN, .hashsize = RIPEMD160_HASH_LEN, .ctxsize = sizeof(RMD160_CTX), - .blocksize = RIPEMD160_HMAC_BLOCK_LEN, + .blocksize = RIPEMD160_BLOCK_LEN, .Init = (void (*)(void *)) RMD160Init, .Update = RMD160Update_int, .Final = (void (*)(u_int8_t *, void *)) RMD160Final, diff --git a/sys/opencrypto/xform_sha1.c b/sys/opencrypto/xform_sha1.c index 974dfb8a7e25..e5d71bbfe877 100644 --- a/sys/opencrypto/xform_sha1.c +++ b/sys/opencrypto/xform_sha1.c @@ -61,10 +61,10 @@ static void SHA1Final_int(u_int8_t *, void *); struct auth_hash auth_hash_hmac_sha1 = { .type = CRYPTO_SHA1_HMAC, .name = "HMAC-SHA1", - .keysize = SHA1_HMAC_BLOCK_LEN, + .keysize = SHA1_BLOCK_LEN, .hashsize = SHA1_HASH_LEN, .ctxsize = sizeof(SHA1_CTX), - .blocksize = SHA1_HMAC_BLOCK_LEN, + .blocksize = SHA1_BLOCK_LEN, .Init = SHA1Init_int, .Update = SHA1Update_int, .Final = SHA1Final_int, diff --git a/sys/opencrypto/xform_sha2.c b/sys/opencrypto/xform_sha2.c index 7844b8ff8a16..2f4d60d85677 100644 --- a/sys/opencrypto/xform_sha2.c +++ b/sys/opencrypto/xform_sha2.c @@ -63,10 +63,10 @@ static int SHA512Update_int(void *, const u_int8_t *, u_int16_t); struct auth_hash auth_hash_hmac_sha2_256 = { .type = CRYPTO_SHA2_256_HMAC, .name = "HMAC-SHA2-256", - .keysize = SHA2_256_HMAC_BLOCK_LEN, + .keysize = SHA2_256_BLOCK_LEN, .hashsize = SHA2_256_HASH_LEN, .ctxsize = sizeof(SHA256_CTX), - .blocksize = SHA2_256_HMAC_BLOCK_LEN, + .blocksize = SHA2_256_BLOCK_LEN, .Init = (void (*)(void *)) SHA256_Init, .Update = SHA256Update_int, .Final = (void (*)(u_int8_t *, void *)) SHA256_Final, @@ -75,10 +75,10 @@ struct auth_hash auth_hash_hmac_sha2_256 = { struct auth_hash auth_hash_hmac_sha2_384 = { .type = CRYPTO_SHA2_384_HMAC, .name = "HMAC-SHA2-384", - .keysize = SHA2_384_HMAC_BLOCK_LEN, + .keysize = SHA2_384_BLOCK_LEN, .hashsize = SHA2_384_HASH_LEN, .ctxsize = sizeof(SHA384_CTX), - .blocksize = SHA2_384_HMAC_BLOCK_LEN, + .blocksize = SHA2_384_BLOCK_LEN, .Init = (void (*)(void *)) SHA384_Init, .Update = SHA384Update_int, .Final = (void (*)(u_int8_t *, void *)) SHA384_Final, @@ -87,10 +87,10 @@ struct auth_hash auth_hash_hmac_sha2_384 = { struct auth_hash auth_hash_hmac_sha2_512 = { .type = CRYPTO_SHA2_512_HMAC, .name = "HMAC-SHA2-512", - .keysize = SHA2_512_HMAC_BLOCK_LEN, + .keysize = SHA2_512_BLOCK_LEN, .hashsize = SHA2_512_HASH_LEN, .ctxsize = sizeof(SHA512_CTX), - .blocksize = SHA2_512_HMAC_BLOCK_LEN, + .blocksize = SHA2_512_BLOCK_LEN, .Init = (void (*)(void *)) SHA512_Init, .Update = SHA512Update_int, .Final = (void (*)(u_int8_t *, void *)) SHA512_Final,