d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

enable aes-xcbc-mac and aes-ctr, again.

Browse Source
This commit is contained in:
ume 2003-11-10 10:39:14 +00:00
parent acf177087d
commit 13591e26f2
6 changed files with 10 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
sbin/setkey/setkey.8
View File

@ -583,8 +583,8 @@ hmac-sha2-512 512 ah: 96bit ICV (no document)
512 ah-old: 128bit ICV (no document)
hmac-ripemd160 160 ah: 96bit ICV (RFC2857)
ah-old: 128bit ICV (no document)
.\"aes-xcbc-mac 128 ah: 96bit ICV (RFC3566)
.\" 128 ah-old: 128bit ICV (no document)
aes-xcbc-mac 128 ah: 96bit ICV (RFC3566)
128 ah-old: 128bit ICV (no document)
.Ed
.Pp
Followings are the list of encryption algorithms that can be used as
@ -605,7 +605,7 @@ cast128-cbc 40 to 128 rfc2451
des-deriv 64 ipsec-ciph-des-derived-01
3des-deriv 192 no document
rijndael-cbc 128/192/256 rfc3602
.\"aes-ctr 160/224/288 draft-ietf-ipsec-ciph-aes-ctr-03
aes-ctr 160/224/288 draft-ietf-ipsec-ciph-aes-ctr-03
.Ed
.Pp
Note that the first 128 bits of a key for

6
sys/conf/files
View File

@ -208,7 +208,7 @@ crypto/des/des_ecb.c optional ipsec ipsec_esp
crypto/des/des_setkey.c optional ipsec ipsec_esp
crypto/rijndael/rijndael-alg-fst.c optional ipsec
crypto/rijndael/rijndael-api-fst.c optional ipsec
opencrypto/rmd160.c optional ipsec
opencrypto/rmd160.c optional ipsec
crypto/sha1.c optional ipsec
crypto/sha2/sha2.c optional ipsec
ddb/db_access.c optional ddb
@ -1462,12 +1462,12 @@ netinet/tcp_syncache.c optional inet
netinet/tcp_timer.c optional inet
netinet/tcp_usrreq.c optional inet
netinet/udp_usrreq.c optional inet
#netinet6/ah_aesxcbcmac.c optional ipsec
netinet6/ah_aesxcbcmac.c optional ipsec
netinet6/ah_core.c optional ipsec
netinet6/ah_input.c optional ipsec
netinet6/ah_output.c optional ipsec
netinet6/dest6.c optional inet6
#netinet6/esp_aesctr.c optional ipsec ipsec_esp
netinet6/esp_aesctr.c optional ipsec ipsec_esp
netinet6/esp_core.c optional ipsec ipsec_esp
netinet6/esp_input.c optional ipsec ipsec_esp
netinet6/esp_output.c optional ipsec ipsec_esp

4
sys/netinet6/ah_core.c
View File

@ -189,12 +189,10 @@ ah_algorithm_lookup(idx)
"hmac-ripemd160",
ah_hmac_ripemd160_init, ah_hmac_ripemd160_loop,
ah_hmac_ripemd160_result, },
#ifdef ENABLE_AES_XCBC_MAC
{ ah_sumsiz_1216, ah_common_mature, 128, 128,
"aes-xcbc-mac",
ah_aes_xcbc_mac_init, ah_aes_xcbc_mac_loop,
ah_aes_xcbc_mac_result, },
#endif
};
switch (idx) {
@ -216,10 +214,8 @@ ah_algorithm_lookup(idx)
return &ah_algorithms[7];
case SADB_X_AALG_RIPEMD160HMAC:
return &ah_algorithms[8];
#ifdef ENABLE_AES_XCBC_MAC
case SADB_X_AALG_AES_XCBC_MAC:
return &ah_algorithms[9];
#endif
default:
return NULL;
}

4
sys/netinet6/esp_core.c
View File

@ -153,11 +153,9 @@ static const struct esp_algorithm esp_algorithms[] = {
esp_common_ivlen, esp_cbc_decrypt,
esp_cbc_encrypt, esp_rijndael_schedule,
esp_rijndael_blockdecrypt, esp_rijndael_blockencrypt },
#ifdef ENABLE_EALG_AESCTR
{ 16, 8, esp_aesctr_mature, 160, 288, esp_aesctr_schedlen, "aes-ctr",
esp_common_ivlen, esp_aesctr_decrypt,
esp_aesctr_encrypt, esp_aesctr_schedule },
#endif
};
const struct esp_algorithm *
@ -178,10 +176,8 @@ esp_algorithm_lookup(idx)
return &esp_algorithms[4];
case SADB_X_EALG_RIJNDAELCBC:
return &esp_algorithms[5];
#ifdef ENABLE_EALG_AESCTR
case SADB_X_EALG_AESCTR:
return &esp_algorithms[6];
#endif
default:
return NULL;
}

2
sys/netinet6/esp_rijndael.h
View File

@ -1,5 +1,5 @@
/* $FreeBSD$ */
/* $KAME: esp_rijndael.h,v 1.1 2000/09/20 18:15:22 itojun Exp $ */
/* $KAME: esp_rijndael.h,v 1.2 2003/01/20 00:55:27 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.

6
usr.sbin/setkey/setkey.8
View File

@ -583,8 +583,8 @@ hmac-sha2-512 512 ah: 96bit ICV (no document)
512 ah-old: 128bit ICV (no document)
hmac-ripemd160 160 ah: 96bit ICV (RFC2857)
ah-old: 128bit ICV (no document)
.\"aes-xcbc-mac 128 ah: 96bit ICV (RFC3566)
.\" 128 ah-old: 128bit ICV (no document)
aes-xcbc-mac 128 ah: 96bit ICV (RFC3566)
128 ah-old: 128bit ICV (no document)
.Ed
.Pp
Followings are the list of encryption algorithms that can be used as
@ -605,7 +605,7 @@ cast128-cbc 40 to 128 rfc2451
des-deriv 64 ipsec-ciph-des-derived-01
3des-deriv 192 no document
rijndael-cbc 128/192/256 rfc3602
.\"aes-ctr 160/224/288 draft-ietf-ipsec-ciph-aes-ctr-03
aes-ctr 160/224/288 draft-ietf-ipsec-ciph-aes-ctr-03
.Ed
.Pp
Note that the first 128 bits of a key for