From f6c4bc3b919724edb6a0280f64a82a9cb792e712 Mon Sep 17 00:00:00 2001 From: Pawel Jakub Dawidek Date: Wed, 17 May 2006 18:24:17 +0000 Subject: [PATCH] - Fix a very old bug in HMAC/SHA{384,512}. When HMAC is using SHA384 or SHA512, the blocksize is 128 bytes, not 64 bytes as anywhere else. The bug also exists in NetBSD, OpenBSD and various other independed implementations I look at. - We cannot decide which hash function to use for HMAC based on the key length, because any HMAC function can use any key length. To fix it split CRYPTO_SHA2_HMAC into three algorithm: CRYPTO_SHA2_256_HMAC, CRYPTO_SHA2_384_HMAC and CRYPTO_SHA2_512_HMAC. Those names are consistent with OpenBSD's naming. - Remove authsize field from auth_hash structure. - Allow consumer to define size of hash he wants to receive. This allows to use HMAC not only for IPsec, where 96 bits MAC is requested. The size of requested MAC is defined at newsession time in the cri_mlen field - when 0, entire MAC will be returned. - Add swcr_authprepare() function which prepares authentication key. - Allow to provide key for every authentication operation, not only at newsession time by honoring CRD_F_KEY_EXPLICIT flag. - Make giving key at newsession time optional - don't try to operate on it if its NULL. - Extend COPYBACK()/COPYDATA() macros to handle CRYPTO_BUF_CONTIG buffer type as well. - Accept CRYPTO_BUF_IOV buffer type in swcr_authcompute() as we have cuio_apply() now. - 16 bits for key length (SW_klen) is more than enough. Reviewed by: sam --- sys/opencrypto/cryptodev.c | 27 ++--- sys/opencrypto/cryptodev.h | 17 ++- sys/opencrypto/cryptosoft.c | 236 ++++++++++++++++++++++-------------- sys/opencrypto/cryptosoft.h | 8 +- sys/opencrypto/xform.c | 30 ++--- sys/opencrypto/xform.h | 8 +- 6 files changed, 194 insertions(+), 132 deletions(-) diff --git a/sys/opencrypto/cryptodev.c b/sys/opencrypto/cryptodev.c index 9c3490fe9fd3..9c9ec291abf5 100644 --- a/sys/opencrypto/cryptodev.c +++ b/sys/opencrypto/cryptodev.c @@ -190,25 +190,22 @@ cryptof_ioctl( case 0: break; case CRYPTO_MD5_HMAC: - thash = &auth_hash_hmac_md5_96; + thash = &auth_hash_hmac_md5; break; case CRYPTO_SHA1_HMAC: - thash = &auth_hash_hmac_sha1_96; + thash = &auth_hash_hmac_sha1; break; - case CRYPTO_SHA2_HMAC: - if (sop->mackeylen == auth_hash_hmac_sha2_256.keysize) - thash = &auth_hash_hmac_sha2_256; - else if (sop->mackeylen == auth_hash_hmac_sha2_384.keysize) - thash = &auth_hash_hmac_sha2_384; - else if (sop->mackeylen == auth_hash_hmac_sha2_512.keysize) - thash = &auth_hash_hmac_sha2_512; - else { - mtx_unlock(&Giant); - return (EINVAL); - } + case CRYPTO_SHA2_256_HMAC: + thash = &auth_hash_hmac_sha2_256; + break; + case CRYPTO_SHA2_384_HMAC: + thash = &auth_hash_hmac_sha2_384; + break; + case CRYPTO_SHA2_512_HMAC: + thash = &auth_hash_hmac_sha2_512; break; case CRYPTO_RIPEMD160_HMAC: - thash = &auth_hash_hmac_ripemd_160_96; + thash = &auth_hash_hmac_ripemd_160; break; #ifdef notdef case CRYPTO_MD5: @@ -471,7 +468,7 @@ cryptodev_op( goto bail; if (cop->mac && - (error = copyout(crp->crp_mac, cop->mac, cse->thash->authsize))) + (error = copyout(crp->crp_mac, cop->mac, cse->thash->hashsize))) goto bail; bail: diff --git a/sys/opencrypto/cryptodev.h b/sys/opencrypto/cryptodev.h index b1999d736be4..919a7171347e 100644 --- a/sys/opencrypto/cryptodev.h +++ b/sys/opencrypto/cryptodev.h @@ -63,6 +63,7 @@ /* HMAC values */ #define HMAC_BLOCK_LEN 64 +#define HMAC_BLOCK_MAXLEN 128 #define HMAC_IPAD_VAL 0x36 #define HMAC_OPAD_VAL 0x5C @@ -94,11 +95,13 @@ #define CRYPTO_ARC4 12 #define CRYPTO_MD5 13 #define CRYPTO_SHA1 14 -#define CRYPTO_SHA2_HMAC 15 -#define CRYPTO_NULL_HMAC 16 -#define CRYPTO_NULL_CBC 17 -#define CRYPTO_DEFLATE_COMP 18 /* Deflate compression algorithm */ -#define CRYPTO_ALGORITHM_MAX 18 /* Keep updated - see below */ +#define CRYPTO_NULL_HMAC 15 +#define CRYPTO_NULL_CBC 16 +#define CRYPTO_DEFLATE_COMP 17 /* Deflate compression algorithm */ +#define CRYPTO_SHA2_256_HMAC 18 +#define CRYPTO_SHA2_384_HMAC 19 +#define CRYPTO_SHA2_512_HMAC 20 +#define CRYPTO_ALGORITHM_MAX 20 /* Keep updated - see below */ /* Algorithm flags */ #define CRYPTO_ALG_FLAG_SUPPORTED 0x01 /* Algorithm is supported */ @@ -209,6 +212,8 @@ struct cryptostats { struct cryptoini { int cri_alg; /* Algorithm to use */ int cri_klen; /* Key length, in bits */ + int cri_mlen; /* Number of bytes we want from the + entire hash. 0 means all. */ caddr_t cri_key; /* key to use */ u_int8_t cri_iv[EALG_MAX_BLOCK_LEN]; /* IV to use */ struct cryptoini *cri_next; @@ -384,6 +389,6 @@ extern void cuio_copydata(struct uio* uio, int off, int len, caddr_t cp); extern void cuio_copyback(struct uio* uio, int off, int len, caddr_t cp); extern struct iovec *cuio_getptr(struct uio *uio, int loc, int *off); extern int cuio_apply(struct uio *uio, int off, int len, - int (*f)(void *, void *, u_int), void *arg); + int (*f)(void *, void *, u_int), void *arg); #endif /* _KERNEL */ #endif /* _CRYPTO_CRYPTO_H_ */ diff --git a/sys/opencrypto/cryptosoft.c b/sys/opencrypto/cryptosoft.c index e41f0cecd4f4..215c676cb489 100644 --- a/sys/opencrypto/cryptosoft.c +++ b/sys/opencrypto/cryptosoft.c @@ -45,39 +45,39 @@ __FBSDID("$FreeBSD$"); #include #include -u_int8_t hmac_ipad_buffer[64] = { - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36 -}; - -u_int8_t hmac_opad_buffer[64] = { - 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, - 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, - 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, - 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, - 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, - 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, - 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, - 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C -}; - +u_int8_t *hmac_ipad_buffer; +u_int8_t *hmac_opad_buffer; struct swcr_data **swcr_sessions = NULL; u_int32_t swcr_sesnum = 0; int32_t swcr_id = -1; -#define COPYBACK(x, a, b, c, d) \ - (x) == CRYPTO_BUF_MBUF ? m_copyback((struct mbuf *)a,b,c,d) \ - : cuio_copyback((struct uio *)a,b,c,d) -#define COPYDATA(x, a, b, c, d) \ - (x) == CRYPTO_BUF_MBUF ? m_copydata((struct mbuf *)a,b,c,d) \ - : cuio_copydata((struct uio *)a,b,c,d) +#define COPYBACK(type, buf, off, size, in) do { \ + switch (type) { \ + case CRYPTO_BUF_CONTIG: \ + bcopy(in, (u_char *)(buf) + (off), size); \ + break; \ + case CRYPTO_BUF_MBUF: \ + m_copyback((struct mbuf *)(buf), off, size, in); \ + break; \ + case CRYPTO_BUF_IOV: \ + cuio_copyback((struct uio *)(buf), off, size, in); \ + break; \ + } \ +} while (0) +#define COPYDATA(type, buf, off, size, out) do { \ + switch (type) { \ + case CRYPTO_BUF_CONTIG: \ + bcopy((u_char *)(buf) + (off), out, size); \ + break; \ + case CRYPTO_BUF_MBUF: \ + m_copydata((struct mbuf *)(buf), off, size, out); \ + break; \ + case CRYPTO_BUF_IOV: \ + cuio_copydata((struct uio *)(buf), off, size, out); \ + break; \ + } \ +} while (0) static int swcr_encdec(struct cryptodesc *, struct swcr_data *, caddr_t, int); static int swcr_authcompute(struct cryptop *crp, struct cryptodesc *crd, @@ -412,13 +412,60 @@ swcr_encdec(struct cryptodesc *crd, struct swcr_data *sw, caddr_t buf, } } - return 0; /* Done with iov encryption/decryption */ + return 0; /* Done with iovec encryption/decryption */ } /* Unreachable */ return EINVAL; } +static void +swcr_authprepare(struct auth_hash *axf, struct swcr_data *sw, u_char *key, + int klen) +{ + int k; + + klen /= 8; + + switch (axf->type) { + case CRYPTO_MD5_HMAC: + case CRYPTO_SHA1_HMAC: + case CRYPTO_SHA2_256_HMAC: + case CRYPTO_SHA2_384_HMAC: + case CRYPTO_SHA2_512_HMAC: + case CRYPTO_NULL_HMAC: + case CRYPTO_RIPEMD160_HMAC: + for (k = 0; k < klen; k++) + key[k] ^= HMAC_IPAD_VAL; + + axf->Init(sw->sw_ictx); + axf->Update(sw->sw_ictx, key, klen); + axf->Update(sw->sw_ictx, hmac_ipad_buffer, axf->blocksize - klen); + + for (k = 0; k < klen; k++) + key[k] ^= (HMAC_IPAD_VAL ^ HMAC_OPAD_VAL); + + axf->Init(sw->sw_octx); + axf->Update(sw->sw_octx, key, klen); + axf->Update(sw->sw_octx, hmac_opad_buffer, axf->blocksize - klen); + + for (k = 0; k < klen; k++) + key[k] ^= HMAC_OPAD_VAL; + break; + case CRYPTO_MD5_KPDK: + case CRYPTO_SHA1_KPDK: + sw->sw_klen = klen; + bcopy(key, sw->sw_octx, klen); + axf->Init(sw->sw_ictx); + axf->Update(sw->sw_ictx, key, klen); + axf->Final(NULL, sw->sw_ictx); + break; + default: + printf("%s: CRD_F_KEY_EXPLICIT flag given, but algorithm %d " + "doesn't use keys.\n", __func__, axf->type); + } +} + /* * Compute keyed-hash authenticator. */ @@ -436,6 +483,9 @@ swcr_authcompute(struct cryptop *crp, struct cryptodesc *crd, axf = sw->sw_axf; + if (crd->crd_flags & CRD_F_KEY_EXPLICIT) + swcr_authprepare(axf, sw, crd->crd_key, crd->crd_klen); + bcopy(sw->sw_ictx, &ctx, axf->ctxsize); switch (outtype) { @@ -450,6 +500,12 @@ swcr_authcompute(struct cryptop *crp, struct cryptodesc *crd, return err; break; case CRYPTO_BUF_IOV: + err = cuio_apply((struct uio *) buf, crd->crd_skip, crd->crd_len, + (int (*)(void *, void *, unsigned int)) axf->Update, + (caddr_t) &ctx); + if (err) + return err; + break; default: return EINVAL; } @@ -457,7 +513,9 @@ swcr_authcompute(struct cryptop *crp, struct cryptodesc *crd, switch (sw->sw_alg) { case CRYPTO_MD5_HMAC: case CRYPTO_SHA1_HMAC: - case CRYPTO_SHA2_HMAC: + case CRYPTO_SHA2_256_HMAC: + case CRYPTO_SHA2_384_HMAC: + case CRYPTO_SHA2_512_HMAC: case CRYPTO_RIPEMD160_HMAC: if (sw->sw_octx == NULL) return EINVAL; @@ -483,11 +541,8 @@ swcr_authcompute(struct cryptop *crp, struct cryptodesc *crd, } /* Inject the authentication data */ - if (outtype == CRYPTO_BUF_CONTIG) - bcopy(aalg, buf + crd->crd_inject, axf->authsize); - else - m_copyback((struct mbuf *) buf, crd->crd_inject, - axf->authsize, aalg); + COPYBACK(outtype, buf, crd->crd_inject, + sw->sw_mlen == 0 ? axf->hashsize : sw->sw_mlen, aalg); return 0; } @@ -578,7 +633,7 @@ swcr_newsession(void *arg, u_int32_t *sid, struct cryptoini *cri) struct enc_xform *txf; struct comp_algo *cxf; u_int32_t i; - int k, error; + int error; if (sid == NULL || cri == NULL) return EINVAL; @@ -652,38 +707,37 @@ swcr_newsession(void *arg, u_int32_t *sid, struct cryptoini *cri) txf = &enc_xform_null; goto enccommon; enccommon: - error = txf->setkey(&((*swd)->sw_kschedule), - cri->cri_key, cri->cri_klen / 8); - if (error) { - swcr_freesession(NULL, i); - return error; + if (cri->cri_key != NULL) { + error = txf->setkey(&((*swd)->sw_kschedule), + cri->cri_key, cri->cri_klen / 8); + if (error) { + swcr_freesession(NULL, i); + return error; + } } (*swd)->sw_exf = txf; break; case CRYPTO_MD5_HMAC: - axf = &auth_hash_hmac_md5_96; + axf = &auth_hash_hmac_md5; goto authcommon; case CRYPTO_SHA1_HMAC: - axf = &auth_hash_hmac_sha1_96; + axf = &auth_hash_hmac_sha1; goto authcommon; - case CRYPTO_SHA2_HMAC: - if (cri->cri_klen == 256) - axf = &auth_hash_hmac_sha2_256; - else if (cri->cri_klen == 384) - axf = &auth_hash_hmac_sha2_384; - else if (cri->cri_klen == 512) - axf = &auth_hash_hmac_sha2_512; - else { - swcr_freesession(NULL, i); - return EINVAL; - } + case CRYPTO_SHA2_256_HMAC: + axf = &auth_hash_hmac_sha2_256; + goto authcommon; + case CRYPTO_SHA2_384_HMAC: + axf = &auth_hash_hmac_sha2_384; + goto authcommon; + case CRYPTO_SHA2_512_HMAC: + axf = &auth_hash_hmac_sha2_512; goto authcommon; case CRYPTO_NULL_HMAC: axf = &auth_hash_null; goto authcommon; case CRYPTO_RIPEMD160_HMAC: - axf = &auth_hash_hmac_ripemd_160_96; + axf = &auth_hash_hmac_ripemd_160; authcommon: (*swd)->sw_ictx = malloc(axf->ctxsize, M_CRYPTO_DATA, M_NOWAIT); @@ -698,27 +752,13 @@ swcr_newsession(void *arg, u_int32_t *sid, struct cryptoini *cri) swcr_freesession(NULL, i); return ENOBUFS; } - - for (k = 0; k < cri->cri_klen / 8; k++) - cri->cri_key[k] ^= HMAC_IPAD_VAL; - - axf->Init((*swd)->sw_ictx); - axf->Update((*swd)->sw_ictx, cri->cri_key, - cri->cri_klen / 8); - axf->Update((*swd)->sw_ictx, hmac_ipad_buffer, - HMAC_BLOCK_LEN - (cri->cri_klen / 8)); - - for (k = 0; k < cri->cri_klen / 8; k++) - cri->cri_key[k] ^= (HMAC_IPAD_VAL ^ HMAC_OPAD_VAL); - - axf->Init((*swd)->sw_octx); - axf->Update((*swd)->sw_octx, cri->cri_key, - cri->cri_klen / 8); - axf->Update((*swd)->sw_octx, hmac_opad_buffer, - HMAC_BLOCK_LEN - (cri->cri_klen / 8)); - - for (k = 0; k < cri->cri_klen / 8; k++) - cri->cri_key[k] ^= HMAC_OPAD_VAL; + + if (cri->cri_key != NULL) { + swcr_authprepare(axf, *swd, cri->cri_key, + cri->cri_klen); + } + + (*swd)->sw_mlen = cri->cri_mlen; (*swd)->sw_axf = axf; break; @@ -736,20 +776,20 @@ swcr_newsession(void *arg, u_int32_t *sid, struct cryptoini *cri) return ENOBUFS; } - /* Store the key so we can "append" it to the payload */ - (*swd)->sw_octx = malloc(cri->cri_klen / 8, M_CRYPTO_DATA, - M_NOWAIT); + (*swd)->sw_octx = malloc(cri->cri_klen / 8, + M_CRYPTO_DATA, M_NOWAIT); if ((*swd)->sw_octx == NULL) { swcr_freesession(NULL, i); return ENOBUFS; } - - (*swd)->sw_klen = cri->cri_klen / 8; - bcopy(cri->cri_key, (*swd)->sw_octx, cri->cri_klen / 8); - axf->Init((*swd)->sw_ictx); - axf->Update((*swd)->sw_ictx, cri->cri_key, - cri->cri_klen / 8); - axf->Final(NULL, (*swd)->sw_ictx); + + /* Store the key so we can "append" it to the payload */ + if (cri->cri_key != NULL) { + swcr_authprepare(axf, *swd, cri->cri_key, + cri->cri_klen); + } + + (*swd)->sw_mlen = cri->cri_mlen; (*swd)->sw_axf = axf; break; #ifdef notdef @@ -768,6 +808,7 @@ swcr_newsession(void *arg, u_int32_t *sid, struct cryptoini *cri) } axf->Init((*swd)->sw_ictx); + (*swd)->sw_mlen = cri->cri_mlen; (*swd)->sw_axf = axf; break; #endif @@ -826,7 +867,9 @@ swcr_freesession(void *arg, u_int64_t tid) case CRYPTO_MD5_HMAC: case CRYPTO_SHA1_HMAC: - case CRYPTO_SHA2_HMAC: + case CRYPTO_SHA2_256_HMAC: + case CRYPTO_SHA2_384_HMAC: + case CRYPTO_SHA2_512_HMAC: case CRYPTO_RIPEMD160_HMAC: case CRYPTO_NULL_HMAC: axf = swd->sw_axf; @@ -945,7 +988,9 @@ swcr_process(void *arg, struct cryptop *crp, int hint) break; case CRYPTO_MD5_HMAC: case CRYPTO_SHA1_HMAC: - case CRYPTO_SHA2_HMAC: + case CRYPTO_SHA2_256_HMAC: + case CRYPTO_SHA2_384_HMAC: + case CRYPTO_SHA2_512_HMAC: case CRYPTO_RIPEMD160_HMAC: case CRYPTO_NULL_HMAC: case CRYPTO_MD5_KPDK: @@ -983,6 +1028,15 @@ swcr_process(void *arg, struct cryptop *crp, int hint) static void swcr_init(void) { + u_int i; + + hmac_ipad_buffer = malloc(HMAC_BLOCK_MAXLEN, M_CRYPTO_DATA, M_WAITOK); + for (i = 0; i < HMAC_BLOCK_MAXLEN; i++) + hmac_ipad_buffer[i] = HMAC_IPAD_VAL; + hmac_opad_buffer = malloc(HMAC_BLOCK_MAXLEN, M_CRYPTO_DATA, M_WAITOK); + for (i = 0; i < HMAC_BLOCK_MAXLEN; i++) + hmac_opad_buffer[i] = HMAC_OPAD_VAL; + swcr_id = crypto_get_driverid(CRYPTOCAP_F_SOFTWARE | CRYPTOCAP_F_SYNC); if (swcr_id < 0) panic("Software crypto device cannot initialize!"); @@ -997,7 +1051,9 @@ swcr_init(void) REGISTER(CRYPTO_NULL_CBC); REGISTER(CRYPTO_MD5_HMAC); REGISTER(CRYPTO_SHA1_HMAC); - REGISTER(CRYPTO_SHA2_HMAC); + REGISTER(CRYPTO_SHA2_256_HMAC); + REGISTER(CRYPTO_SHA2_384_HMAC); + REGISTER(CRYPTO_SHA2_512_HMAC); REGISTER(CRYPTO_RIPEMD160_HMAC); REGISTER(CRYPTO_NULL_HMAC); REGISTER(CRYPTO_MD5_KPDK); @@ -1016,5 +1072,7 @@ swcr_uninit(void) if (swcr_sessions != NULL) FREE(swcr_sessions, M_CRYPTO_DATA); + free(hmac_ipad_buffer, M_CRYPTO_DATA); + free(hmac_opad_buffer, M_CRYPTO_DATA); } SYSUNINIT(cryptosoft_uninit, SI_SUB_PSEUDO, SI_ORDER_ANY, swcr_uninit, NULL); diff --git a/sys/opencrypto/cryptosoft.h b/sys/opencrypto/cryptosoft.h index bf1385252819..056e1373f018 100644 --- a/sys/opencrypto/cryptosoft.h +++ b/sys/opencrypto/cryptosoft.h @@ -32,7 +32,8 @@ struct swcr_data { struct { u_int8_t *SW_ictx; u_int8_t *SW_octx; - u_int32_t SW_klen; + u_int16_t SW_klen; + u_int16_t SW_mlen; struct auth_hash *SW_axf; } SWCR_AUTH; struct { @@ -48,6 +49,7 @@ struct swcr_data { #define sw_ictx SWCR_UN.SWCR_AUTH.SW_ictx #define sw_octx SWCR_UN.SWCR_AUTH.SW_octx #define sw_klen SWCR_UN.SWCR_AUTH.SW_klen +#define sw_mlen SWCR_UN.SWCR_AUTH.SW_mlen #define sw_axf SWCR_UN.SWCR_AUTH.SW_axf #define sw_kschedule SWCR_UN.SWCR_ENC.SW_kschedule #define sw_exf SWCR_UN.SWCR_ENC.SW_exf @@ -58,8 +60,8 @@ struct swcr_data { }; #ifdef _KERNEL -extern u_int8_t hmac_ipad_buffer[64]; -extern u_int8_t hmac_opad_buffer[64]; +extern u_int8_t *hmac_ipad_buffer; +extern u_int8_t *hmac_opad_buffer; #endif /* _KERNEL */ #endif /* _CRYPTO_CRYPTO_H_ */ diff --git a/sys/opencrypto/xform.c b/sys/opencrypto/xform.c index a24d6da2106f..72c41029331e 100644 --- a/sys/opencrypto/xform.c +++ b/sys/opencrypto/xform.c @@ -187,60 +187,60 @@ struct enc_xform enc_xform_arc4 = { /* Authentication instances */ struct auth_hash auth_hash_null = { CRYPTO_NULL_HMAC, "NULL-HMAC", - 0, 0, 12, sizeof(int), /* NB: context isn't used */ + 0, 16, 64, sizeof(int), /* NB: context isn't used */ null_init, null_update, null_final }; -struct auth_hash auth_hash_hmac_md5_96 = { +struct auth_hash auth_hash_hmac_md5 = { CRYPTO_MD5_HMAC, "HMAC-MD5", - 16, 16, 12, sizeof(MD5_CTX), + 16, 16, 64, sizeof(MD5_CTX), (void (*) (void *)) MD5Init, MD5Update_int, (void (*) (u_int8_t *, void *)) MD5Final }; -struct auth_hash auth_hash_hmac_sha1_96 = { +struct auth_hash auth_hash_hmac_sha1 = { CRYPTO_SHA1_HMAC, "HMAC-SHA1", - 20, 20, 12, sizeof(SHA1_CTX), + 20, 20, 64, sizeof(SHA1_CTX), SHA1Init_int, SHA1Update_int, SHA1Final_int }; -struct auth_hash auth_hash_hmac_ripemd_160_96 = { +struct auth_hash auth_hash_hmac_ripemd_160 = { CRYPTO_RIPEMD160_HMAC, "HMAC-RIPEMD-160", - 20, 20, 12, sizeof(RMD160_CTX), + 20, 20, 64, sizeof(RMD160_CTX), (void (*)(void *)) RMD160Init, RMD160Update_int, (void (*)(u_int8_t *, void *)) RMD160Final }; struct auth_hash auth_hash_key_md5 = { CRYPTO_MD5_KPDK, "Keyed MD5", - 0, 16, 12, sizeof(MD5_CTX), + 0, 16, 0, sizeof(MD5_CTX), (void (*)(void *)) MD5Init, MD5Update_int, (void (*)(u_int8_t *, void *)) MD5Final }; struct auth_hash auth_hash_key_sha1 = { CRYPTO_SHA1_KPDK, "Keyed SHA1", - 0, 20, 12, sizeof(SHA1_CTX), + 0, 20, 0, sizeof(SHA1_CTX), SHA1Init_int, SHA1Update_int, SHA1Final_int }; struct auth_hash auth_hash_hmac_sha2_256 = { - CRYPTO_SHA2_HMAC, "HMAC-SHA2", - 32, 32, 12, sizeof(SHA256_CTX), + CRYPTO_SHA2_256_HMAC, "HMAC-SHA2-256", + 32, 32, 64, sizeof(SHA256_CTX), (void (*)(void *)) SHA256_Init, SHA256Update_int, (void (*)(u_int8_t *, void *)) SHA256_Final }; struct auth_hash auth_hash_hmac_sha2_384 = { - CRYPTO_SHA2_HMAC, "HMAC-SHA2-384", - 48, 48, 12, sizeof(SHA384_CTX), + CRYPTO_SHA2_384_HMAC, "HMAC-SHA2-384", + 48, 48, 128, sizeof(SHA384_CTX), (void (*)(void *)) SHA384_Init, SHA384Update_int, (void (*)(u_int8_t *, void *)) SHA384_Final }; struct auth_hash auth_hash_hmac_sha2_512 = { - CRYPTO_SHA2_HMAC, "HMAC-SHA2-512", - 64, 64, 12, sizeof(SHA512_CTX), + CRYPTO_SHA2_512_HMAC, "HMAC-SHA2-512", + 64, 64, 128, sizeof(SHA512_CTX), (void (*)(void *)) SHA512_Init, SHA512Update_int, (void (*)(u_int8_t *, void *)) SHA512_Final }; diff --git a/sys/opencrypto/xform.h b/sys/opencrypto/xform.h index ae6665be7393..bdf16ac7bea7 100644 --- a/sys/opencrypto/xform.h +++ b/sys/opencrypto/xform.h @@ -36,7 +36,7 @@ struct auth_hash { char *name; u_int16_t keysize; u_int16_t hashsize; - u_int16_t authsize; + u_int16_t blocksize; u_int16_t ctxsize; void (*Init) (void *); int (*Update) (void *, u_int8_t *, u_int16_t); @@ -85,9 +85,9 @@ extern struct enc_xform enc_xform_arc4; extern struct auth_hash auth_hash_null; extern struct auth_hash auth_hash_key_md5; extern struct auth_hash auth_hash_key_sha1; -extern struct auth_hash auth_hash_hmac_md5_96; -extern struct auth_hash auth_hash_hmac_sha1_96; -extern struct auth_hash auth_hash_hmac_ripemd_160_96; +extern struct auth_hash auth_hash_hmac_md5; +extern struct auth_hash auth_hash_hmac_sha1; +extern struct auth_hash auth_hash_hmac_ripemd_160; extern struct auth_hash auth_hash_hmac_sha2_256; extern struct auth_hash auth_hash_hmac_sha2_384; extern struct auth_hash auth_hash_hmac_sha2_512;