d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

- RIPEMD160 support

Browse Source 
- pass size arg to ah->result (avoid assuming result buffer size)

Obtained from:	KAME
This commit is contained in:
ume 2003-10-12 09:41:42 +00:00
parent 430e4069d3
commit 2da6bcd326
10 changed files with 200 additions and 206 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/libipsec/pfkey_dump.c
View File

@ -171,6 +171,9 @@ static struct val2str str_alg_auth[] = {
#endif
#ifdef SADB_X_AALG_SHA2_512
{ SADB_X_AALG_SHA2_512, "hmac-sha2-512", },
#endif
#ifdef SADB_X_AALG_RIPEMD160HMAC
{ SADB_X_AALG_RIPEMD160HMAC, "hmac-ripemd160", },
#endif
{ -1, NULL, },
};

2
sbin/setkey/setkey.8
View File

@ -549,6 +549,8 @@ hmac-sha2-384 384 ah: 96bit ICV (no document)
384 ah-old: 128bit ICV (no document)
hmac-sha2-512 512 ah: 96bit ICV (no document)
512 ah-old: 128bit ICV (no document)
hmac-ripemd160 160 ah: 96bit ICV (RFC2857)
ah-old: 128bit ICV (no document)
.Ed
.Pp
Followings are the list of encryption algorithms that can be used as

1
sbin/setkey/token.l
View File

@ -170,6 +170,7 @@ keyed-sha1 { PREPROC; yylval.num = SADB_X_AALG_SHA; return(ALG_AUTH); }
hmac-sha2-256 { PREPROC; yylval.num = SADB_X_AALG_SHA2_256; return(ALG_AUTH); }
hmac-sha2-384 { PREPROC; yylval.num = SADB_X_AALG_SHA2_384; return(ALG_AUTH); }
hmac-sha2-512 { PREPROC; yylval.num = SADB_X_AALG_SHA2_512; return(ALG_AUTH); }
hmac-ripemd160 { PREPROC; yylval.num = SADB_X_AALG_RIPEMD160HMAC; return(ALG_AUTH); }
null { PREPROC; yylval.num = SADB_X_AALG_NULL; return(ALG_AUTH); }
/* encryption alogorithm */

2
share/doc/IPv6/IMPLEMENTATION
View File

@ -1717,6 +1717,7 @@ Currently supported algorithms are:
keyed SHA1 with 128bit crypto checksum (no document)
HMAC MD5 with 128bit crypto checksum (rfc2085.txt)
HMAC SHA1 with 128bit crypto checksum (no document)
HMAC RIPEMD160 with 128bit crypto checksum (no document)
old IPsec ESP
null encryption (no document, similar to rfc2410.txt)
DES-CBC mode (rfc1829.txt)
@ -1729,6 +1730,7 @@ Currently supported algorithms are:
HMAC SHA2-256 with 96bit crypto checksum (no document)
HMAC SHA2-384 with 96bit crypto checksum (no document)
HMAC SHA2-512 with 96bit crypto checksum (no document)
HMAC RIPEMD160 with 96bit crypto checksum (RFC2857)
new IPsec ESP
null encryption (rfc2410.txt)
DES-CBC with derived IV

1
sys/conf/files
View File

@ -207,6 +207,7 @@ crypto/des/des_ecb.c optional ipsec ipsec_esp
crypto/des/des_setkey.c optional ipsec ipsec_esp
crypto/rijndael/rijndael-alg-fst.c optional ipsec ipsec_esp
crypto/rijndael/rijndael-api-fst.c optional ipsec ipsec_esp
crypto/ripemd160/rmd160.c optional ipsec
crypto/sha1.c optional ipsec
crypto/sha2/sha2.c optional ipsec
ddb/db_access.c optional ddb

2
sys/netinet6/ah.h
View File

@ -74,7 +74,7 @@ struct ah_algorithm {
const char *name;
int (*init) __P((struct ah_algorithm_state *, struct secasvar *));
void (*update) __P((struct ah_algorithm_state *, caddr_t, size_t));
void (*result) __P((struct ah_algorithm_state *, caddr_t));
void (*result) __P((struct ah_algorithm_state *, caddr_t, size_t));
};
#define AH_MAXSUMSIZE 16

390
sys/netinet6/ah_core.c
View File

@ -85,6 +85,8 @@
#include <sys/md5.h>
#include <crypto/sha1.h>
#include <crypto/sha2/sha2.h>
#include <crypto/ripemd160/rmd160.h>
#define RIPEMD160_RESULTLEN 20
#include <net/net_osdep.h>
@ -92,52 +94,60 @@
static int ah_sumsiz_1216 __P((struct secasvar *));
static int ah_sumsiz_zero __P((struct secasvar *));
static int ah_common_mature __P((struct secasvar *));
static int ah_none_mature __P((struct secasvar *));
static int ah_none_init __P((struct ah_algorithm_state *, struct secasvar *));
static void ah_none_loop __P((struct ah_algorithm_state *, caddr_t, size_t));
static void ah_none_result __P((struct ah_algorithm_state *, caddr_t));
static void ah_none_result __P((struct ah_algorithm_state *, caddr_t, size_t));
static int ah_keyed_md5_mature __P((struct secasvar *));
static int ah_keyed_md5_init __P((struct ah_algorithm_state *,
struct secasvar *));
static void ah_keyed_md5_loop __P((struct ah_algorithm_state *, caddr_t,
size_t));
static void ah_keyed_md5_result __P((struct ah_algorithm_state *, caddr_t));
static int ah_keyed_sha1_mature __P((struct secasvar *));
static void ah_keyed_md5_result __P((struct ah_algorithm_state *,
caddr_t, size_t));
static int ah_keyed_sha1_init __P((struct ah_algorithm_state *,
struct secasvar *));
static void ah_keyed_sha1_loop __P((struct ah_algorithm_state *, caddr_t,
size_t));
static void ah_keyed_sha1_result __P((struct ah_algorithm_state *, caddr_t));
static int ah_hmac_md5_mature __P((struct secasvar *));
static void ah_keyed_sha1_result __P((struct ah_algorithm_state *, caddr_t,
size_t));
static int ah_hmac_md5_init __P((struct ah_algorithm_state *,
struct secasvar *));
static void ah_hmac_md5_loop __P((struct ah_algorithm_state *, caddr_t,
size_t));
static void ah_hmac_md5_result __P((struct ah_algorithm_state *, caddr_t));
static int ah_hmac_sha1_mature __P((struct secasvar *));
static void ah_hmac_md5_result __P((struct ah_algorithm_state *,
caddr_t, size_t));
static int ah_hmac_sha1_init __P((struct ah_algorithm_state *,
struct secasvar *));
static void ah_hmac_sha1_loop __P((struct ah_algorithm_state *, caddr_t,
size_t));
static void ah_hmac_sha1_result __P((struct ah_algorithm_state *, caddr_t));
static int ah_hmac_sha2_256_mature __P((struct secasvar *));
static void ah_hmac_sha1_result __P((struct ah_algorithm_state *,
caddr_t, size_t));
static int ah_hmac_sha2_256_init __P((struct ah_algorithm_state *,
struct secasvar *));
static void ah_hmac_sha2_256_loop __P((struct ah_algorithm_state *, caddr_t,
size_t));
static void ah_hmac_sha2_256_result __P((struct ah_algorithm_state *, caddr_t));
static int ah_hmac_sha2_384_mature __P((struct secasvar *));
static void ah_hmac_sha2_256_result __P((struct ah_algorithm_state *,
caddr_t, size_t));
static int ah_hmac_sha2_384_init __P((struct ah_algorithm_state *,
struct secasvar *));
static void ah_hmac_sha2_384_loop __P((struct ah_algorithm_state *, caddr_t,
size_t));
static void ah_hmac_sha2_384_result __P((struct ah_algorithm_state *, caddr_t));
static int ah_hmac_sha2_512_mature __P((struct secasvar *));
static void ah_hmac_sha2_384_result __P((struct ah_algorithm_state *,
caddr_t, size_t));
static int ah_hmac_sha2_512_init __P((struct ah_algorithm_state *,
struct secasvar *));
static void ah_hmac_sha2_512_loop __P((struct ah_algorithm_state *, caddr_t,
size_t));
static void ah_hmac_sha2_512_result __P((struct ah_algorithm_state *, caddr_t));
static void ah_hmac_sha2_512_result __P((struct ah_algorithm_state *,
caddr_t, size_t));
static int ah_hmac_ripemd160_init __P((struct ah_algorithm_state *,
struct secasvar *));
static void ah_hmac_ripemd160_loop __P((struct ah_algorithm_state *, caddr_t,
size_t));
static void ah_hmac_ripemd160_result __P((struct ah_algorithm_state *,
caddr_t, size_t));
static void ah_update_mbuf __P((struct mbuf *, int, int,
const struct ah_algorithm *, struct ah_algorithm_state *));
@ -148,32 +158,36 @@ ah_algorithm_lookup(idx)
{
/* checksum algorithms */
static struct ah_algorithm ah_algorithms[] = {
{ ah_sumsiz_1216, ah_hmac_md5_mature, 128, 128, "hmac-md5",
{ ah_sumsiz_1216, ah_common_mature, 128, 128, "hmac-md5",
ah_hmac_md5_init, ah_hmac_md5_loop,
ah_hmac_md5_result, },
{ ah_sumsiz_1216, ah_hmac_sha1_mature, 160, 160, "hmac-sha1",
{ ah_sumsiz_1216, ah_common_mature, 160, 160, "hmac-sha1",
ah_hmac_sha1_init, ah_hmac_sha1_loop,
ah_hmac_sha1_result, },
{ ah_sumsiz_1216, ah_keyed_md5_mature, 128, 128, "keyed-md5",
ah_keyed_md5_init, ah_keyed_md5_loop,
ah_keyed_md5_result, },
{ ah_sumsiz_1216, ah_keyed_sha1_mature, 160, 160, "keyed-sha1",
{ ah_sumsiz_1216, ah_common_mature, 160, 160, "keyed-sha1",
ah_keyed_sha1_init, ah_keyed_sha1_loop,
ah_keyed_sha1_result, },
{ ah_sumsiz_zero, ah_none_mature, 0, 2048, "none",
ah_none_init, ah_none_loop, ah_none_result, },
{ ah_sumsiz_1216, ah_hmac_sha2_256_mature, 256, 256,
{ ah_sumsiz_1216, ah_common_mature, 256, 256,
"hmac-sha2-256",
ah_hmac_sha2_256_init, ah_hmac_sha2_256_loop,
ah_hmac_sha2_256_result, },
{ ah_sumsiz_1216, ah_hmac_sha2_384_mature, 384, 384,
{ ah_sumsiz_1216, ah_common_mature, 384, 384,
"hmac-sha2-384",
ah_hmac_sha2_384_init, ah_hmac_sha2_384_loop,
ah_hmac_sha2_384_result, },
{ ah_sumsiz_1216, ah_hmac_sha2_512_mature, 512, 512,
{ ah_sumsiz_1216, ah_common_mature, 512, 512,
"hmac-sha2-512",
ah_hmac_sha2_512_init, ah_hmac_sha2_512_loop,
ah_hmac_sha2_512_result, },
{ ah_sumsiz_1216, ah_common_mature, 160, 160,
"hmac-ripemd160",
ah_hmac_ripemd160_init, ah_hmac_ripemd160_loop,
ah_hmac_ripemd160_result, },
};
switch (idx) {
@ -193,6 +207,8 @@ ah_algorithm_lookup(idx)
return &ah_algorithms[6];
case SADB_X_AALG_SHA2_512:
return &ah_algorithms[7];
case SADB_X_AALG_RIPEMD160HMAC:
return &ah_algorithms[8];
default:
return NULL;
}
@ -220,6 +236,34 @@ ah_sumsiz_zero(sav)
return 0;
}
static int
ah_common_mature(sav)
struct secasvar *sav;
{
const struct ah_algorithm *algo;
if (!sav->key_auth) {
ipseclog((LOG_ERR, "ah_common_mature: no key is given.\n"));
return 1;
}
algo = ah_algorithm_lookup(sav->alg_auth);
if (!algo) {
ipseclog((LOG_ERR, "ah_common_mature: unsupported algorithm.\n"));
return 1;
}
if (sav->key_auth->sadb_key_bits < algo->keymin ||
algo->keymax < sav->key_auth->sadb_key_bits) {
ipseclog((LOG_ERR,
"ah_common_mature: invalid key length %d for %s.\n",
sav->key_auth->sadb_key_bits, algo->name));
return 1;
}
return 0;
}
static int
ah_none_mature(sav)
struct secasvar *sav;
@ -250,9 +294,10 @@ ah_none_loop(state, addr, len)
}
static void
ah_none_result(state, addr)
ah_none_result(state, addr, l)
struct ah_algorithm_state *state;
caddr_t addr;
size_t l;
{
}
@ -335,9 +380,10 @@ ah_keyed_md5_loop(state, addr, len)
}
static void
ah_keyed_md5_result(state, addr)
ah_keyed_md5_result(state, addr, l)
struct ah_algorithm_state *state;
caddr_t addr;
size_t l;
{
u_char digest[16];
@ -354,34 +400,6 @@ ah_keyed_md5_result(state, addr)
bcopy(&digest[0], (void *)addr, sizeof(digest));
}
static int
ah_keyed_sha1_mature(sav)
struct secasvar *sav;
{
const struct ah_algorithm *algo;
if (!sav->key_auth) {
ipseclog((LOG_ERR, "ah_keyed_sha1_mature: no key is given.\n"));
return 1;
}
algo = ah_algorithm_lookup(sav->alg_auth);
if (!algo) {
ipseclog((LOG_ERR, "ah_keyed_sha1_mature: unsupported algorithm.\n"));
return 1;
}
if (sav->key_auth->sadb_key_bits < algo->keymin
|| algo->keymax < sav->key_auth->sadb_key_bits) {
ipseclog((LOG_ERR,
"ah_keyed_sha1_mature: invalid key length %d.\n",
sav->key_auth->sadb_key_bits));
return 1;
}
return 0;
}
static int
ah_keyed_sha1_init(state, sav)
struct ah_algorithm_state *state;
@ -456,9 +474,10 @@ ah_keyed_sha1_loop(state, addr, len)
}
static void
ah_keyed_sha1_result(state, addr)
ah_keyed_sha1_result(state, addr, l)
struct ah_algorithm_state *state;
caddr_t addr;
size_t l;
{
u_char digest[SHA1_RESULTLEN]; /* SHA-1 generates 160 bits */
SHA1_CTX *ctxt;
@ -477,34 +496,6 @@ ah_keyed_sha1_result(state, addr)
free(state->foo, M_TEMP);
}
static int
ah_hmac_md5_mature(sav)
struct secasvar *sav;
{
const struct ah_algorithm *algo;
if (!sav->key_auth) {
ipseclog((LOG_ERR, "ah_hmac_md5_mature: no key is given.\n"));
return 1;
}
algo = ah_algorithm_lookup(sav->alg_auth);
if (!algo) {
ipseclog((LOG_ERR, "ah_hmac_md5_mature: unsupported algorithm.\n"));
return 1;
}
if (sav->key_auth->sadb_key_bits < algo->keymin
|| algo->keymax < sav->key_auth->sadb_key_bits) {
ipseclog((LOG_ERR,
"ah_hmac_md5_mature: invalid key length %d.\n",
sav->key_auth->sadb_key_bits));
return 1;
}
return 0;
}
static int
ah_hmac_md5_init(state, sav)
struct ah_algorithm_state *state;
@ -573,9 +564,10 @@ ah_hmac_md5_loop(state, addr, len)
}
static void
ah_hmac_md5_result(state, addr)
ah_hmac_md5_result(state, addr, l)
struct ah_algorithm_state *state;
caddr_t addr;
size_t l;
{
u_char digest[16];
u_char *ipad;
@ -601,34 +593,6 @@ ah_hmac_md5_result(state, addr)
free(state->foo, M_TEMP);
}
static int
ah_hmac_sha1_mature(sav)
struct secasvar *sav;
{
const struct ah_algorithm *algo;
if (!sav->key_auth) {
ipseclog((LOG_ERR, "ah_hmac_sha1_mature: no key is given.\n"));
return 1;
}
algo = ah_algorithm_lookup(sav->alg_auth);
if (!algo) {
ipseclog((LOG_ERR, "ah_hmac_sha1_mature: unsupported algorithm.\n"));
return 1;
}
if (sav->key_auth->sadb_key_bits < algo->keymin
|| algo->keymax < sav->key_auth->sadb_key_bits) {
ipseclog((LOG_ERR,
"ah_hmac_sha1_mature: invalid key length %d.\n",
sav->key_auth->sadb_key_bits));
return 1;
}
return 0;
}
static int
ah_hmac_sha1_init(state, sav)
struct ah_algorithm_state *state;
@ -699,9 +663,10 @@ ah_hmac_sha1_loop(state, addr, len)
}
static void
ah_hmac_sha1_result(state, addr)
ah_hmac_sha1_result(state, addr, l)
struct ah_algorithm_state *state;
caddr_t addr;
size_t l;
{
u_char digest[SHA1_RESULTLEN]; /* SHA-1 generates 160 bits */
u_char *ipad;
@ -727,36 +692,6 @@ ah_hmac_sha1_result(state, addr)
free(state->foo, M_TEMP);
}
static int
ah_hmac_sha2_256_mature(sav)
struct secasvar *sav;
{
const struct ah_algorithm *algo;
if (!sav->key_auth) {
ipseclog((LOG_ERR,
"ah_hmac_sha2_256_mature: no key is given.\n"));
return 1;
}
algo = ah_algorithm_lookup(sav->alg_auth);
if (!algo) {
ipseclog((LOG_ERR,
"ah_hmac_sha2_256_mature: unsupported algorithm.\n"));
return 1;
}
if (sav->key_auth->sadb_key_bits < algo->keymin ||
algo->keymax < sav->key_auth->sadb_key_bits) {
ipseclog((LOG_ERR,
"ah_hmac_sha2_256_mature: invalid key length %d.\n",
sav->key_auth->sadb_key_bits));
return 1;
}
return 0;
}
static int
ah_hmac_sha2_256_init(state, sav)
struct ah_algorithm_state *state;
@ -830,9 +765,10 @@ ah_hmac_sha2_256_loop(state, addr, len)
}
static void
ah_hmac_sha2_256_result(state, addr)
ah_hmac_sha2_256_result(state, addr, l)
struct ah_algorithm_state *state;
caddr_t addr;
size_t l;
{
u_char digest[SHA256_DIGEST_LENGTH];
u_char *ipad;
@ -859,36 +795,6 @@ ah_hmac_sha2_256_result(state, addr)
free(state->foo, M_TEMP);
}
static int
ah_hmac_sha2_384_mature(sav)
struct secasvar *sav;
{
const struct ah_algorithm *algo;
if (!sav->key_auth) {
ipseclog((LOG_ERR,
"ah_hmac_sha2_384_mature: no key is given.\n"));
return 1;
}
algo = ah_algorithm_lookup(sav->alg_auth);
if (!algo) {
ipseclog((LOG_ERR,
"ah_hmac_sha2_384_mature: unsupported algorithm.\n"));
return 1;
}
if (sav->key_auth->sadb_key_bits < algo->keymin ||
algo->keymax < sav->key_auth->sadb_key_bits) {
ipseclog((LOG_ERR,
"ah_hmac_sha2_384_mature: invalid key length %d.\n",
sav->key_auth->sadb_key_bits));
return 1;
}
return 0;
}
static int
ah_hmac_sha2_384_init(state, sav)
struct ah_algorithm_state *state;
@ -963,9 +869,10 @@ ah_hmac_sha2_384_loop(state, addr, len)
}
static void
ah_hmac_sha2_384_result(state, addr)
ah_hmac_sha2_384_result(state, addr, l)
struct ah_algorithm_state *state;
caddr_t addr;
size_t l;
{
u_char digest[SHA384_DIGEST_LENGTH];
u_char *ipad;
@ -992,36 +899,6 @@ ah_hmac_sha2_384_result(state, addr)
free(state->foo, M_TEMP);
}
static int
ah_hmac_sha2_512_mature(sav)
struct secasvar *sav;
{
const struct ah_algorithm *algo;
if (!sav->key_auth) {
ipseclog((LOG_ERR,
"ah_hmac_sha2_512_mature: no key is given.\n"));
return 1;
}
algo = ah_algorithm_lookup(sav->alg_auth);
if (!algo) {
ipseclog((LOG_ERR,
"ah_hmac_sha2_512_mature: unsupported algorithm.\n"));
return 1;
}
if (sav->key_auth->sadb_key_bits < algo->keymin ||
algo->keymax < sav->key_auth->sadb_key_bits) {
ipseclog((LOG_ERR,
"ah_hmac_sha2_512_mature: invalid key length %d.\n",
sav->key_auth->sadb_key_bits));
return 1;
}
return 0;
}
static int
ah_hmac_sha2_512_init(state, sav)
struct ah_algorithm_state *state;
@ -1096,9 +973,10 @@ ah_hmac_sha2_512_loop(state, addr, len)
}
static void
ah_hmac_sha2_512_result(state, addr)
ah_hmac_sha2_512_result(state, addr, l)
struct ah_algorithm_state *state;
caddr_t addr;
size_t l;
{
u_char digest[SHA512_DIGEST_LENGTH];
u_char *ipad;
@ -1125,6 +1003,110 @@ ah_hmac_sha2_512_result(state, addr)
free(state->foo, M_TEMP);
}
static int
ah_hmac_ripemd160_init(state, sav)
struct ah_algorithm_state *state;
struct secasvar *sav;
{
u_char *ipad;
u_char *opad;
RMD160_CTX *ctxt;
u_char tk[RIPEMD160_RESULTLEN];
u_char *key;
size_t keylen;
size_t i;
if (!state)
panic("ah_hmac_ripemd160_init: what?");
state->sav = sav;
state->foo = (void *)malloc(64 + 64 + sizeof(RMD160_CTX),
M_TEMP, M_NOWAIT);
if (!state->foo)
return ENOBUFS;
bzero(state->foo, 64 + 64 + sizeof(RMD160_CTX));
ipad = (u_char *)state->foo;
opad = (u_char *)(ipad + 64);
ctxt = (RMD160_CTX *)(opad + 64);
/* compress the key if necessery */
if (64 < _KEYLEN(state->sav->key_auth)) {
bzero(tk, sizeof(tk));
bzero(ctxt, sizeof(*ctxt));
RMD160Init(ctxt);
RMD160Update(ctxt, _KEYBUF(state->sav->key_auth),
_KEYLEN(state->sav->key_auth));
RMD160Final(&tk[0], ctxt);
key = &tk[0];
keylen = sizeof(tk) < 64 ? sizeof(tk) : 64;
} else {
key = _KEYBUF(state->sav->key_auth);
keylen = _KEYLEN(state->sav->key_auth);
}
bzero(ipad, 64);
bzero(opad, 64);
bcopy(key, ipad, keylen);
bcopy(key, opad, keylen);
for (i = 0; i < 64; i++) {
ipad[i] ^= 0x36;
opad[i] ^= 0x5c;
}
bzero(ctxt, sizeof(*ctxt));
RMD160Init(ctxt);
RMD160Update(ctxt, ipad, 64);
return 0;
}
static void
ah_hmac_ripemd160_loop(state, addr, len)
struct ah_algorithm_state *state;
caddr_t addr;
size_t len;
{
RMD160_CTX *ctxt;
if (!state || !state->foo)
panic("ah_hmac_ripemd160_loop: what?");
ctxt = (RMD160_CTX *)(((u_char *)state->foo) + 128);
RMD160Update(ctxt, (caddr_t)addr, (size_t)len);
}
static void
ah_hmac_ripemd160_result(state, addr, l)
struct ah_algorithm_state *state;
caddr_t addr;
size_t l;
{
u_char digest[RIPEMD160_RESULTLEN];
u_char *ipad;
u_char *opad;
RMD160_CTX *ctxt;
if (!state || !state->foo)
panic("ah_hmac_ripemd160_result: what?");
ipad = (u_char *)state->foo;
opad = (u_char *)(ipad + 64);
ctxt = (RMD160_CTX *)(opad + 64);
RMD160Final((caddr_t)digest, ctxt);
bzero(ctxt, sizeof(*ctxt));
RMD160Init(ctxt);
RMD160Update(ctxt, opad, 64);
RMD160Update(ctxt, (caddr_t)digest, sizeof(digest));
RMD160Final((caddr_t)digest, ctxt);
bcopy(digest, addr, sizeof(digest) > l ? l : sizeof(digest));
free(state->foo, M_TEMP);
}
/*------------------------------------------------------------*/
/*
@ -1401,7 +1383,7 @@ again:
goto fail;
}
(algo->result)(&algos, &sumbuf[0]);
(algo->result)(&algos, sumbuf, sizeof(sumbuf));
bcopy(&sumbuf[0], ahdat, (*algo->sumsiz)(sav));
if (n)
@ -1628,7 +1610,7 @@ ah6_calccksum(m, ahdat, len, algo, sav)
goto fail;
}
(algo->result)(&algos, &sumbuf[0]);
(algo->result)(&algos, sumbuf, sizeof(sumbuf));
bcopy(&sumbuf[0], ahdat, (*algo->sumsiz)(sav));
/* just in case */

2
sys/netinet6/esp_core.c
View File

@ -1122,7 +1122,7 @@ esp_auth(m0, skip, length, sav, sum)
break;
}
}
(*algo->result)(&s, sumbuf);
(*algo->result)(&s, sumbuf, sizeof(sumbuf));
bcopy(sumbuf, sum, siz); /* XXX */
return 0;

2
usr.sbin/setkey/setkey.8
View File

@ -549,6 +549,8 @@ hmac-sha2-384 384 ah: 96bit ICV (no document)
384 ah-old: 128bit ICV (no document)
hmac-sha2-512 512 ah: 96bit ICV (no document)
512 ah-old: 128bit ICV (no document)
hmac-ripemd160 160 ah: 96bit ICV (RFC2857)
ah-old: 128bit ICV (no document)
.Ed
.Pp
Followings are the list of encryption algorithms that can be used as

1
usr.sbin/setkey/token.l
View File

@ -170,6 +170,7 @@ keyed-sha1 { PREPROC; yylval.num = SADB_X_AALG_SHA; return(ALG_AUTH); }
hmac-sha2-256 { PREPROC; yylval.num = SADB_X_AALG_SHA2_256; return(ALG_AUTH); }
hmac-sha2-384 { PREPROC; yylval.num = SADB_X_AALG_SHA2_384; return(ALG_AUTH); }
hmac-sha2-512 { PREPROC; yylval.num = SADB_X_AALG_SHA2_512; return(ALG_AUTH); }
hmac-ripemd160 { PREPROC; yylval.num = SADB_X_AALG_RIPEMD160HMAC; return(ALG_AUTH); }
null { PREPROC; yylval.num = SADB_X_AALG_NULL; return(ALG_AUTH); }
/* encryption alogorithm */