summaryrefslogtreecommitdiff
path: root/sys
diff options
context:
space:
mode:
authorAngelos D. Keromytis <angelos@cvs.openbsd.org>2000-07-21 00:02:21 +0000
committerAngelos D. Keromytis <angelos@cvs.openbsd.org>2000-07-21 00:02:21 +0000
commit65179d54dc7206f8dc98f35eda26dd65e3966a73 (patch)
tree60e0286c27c3d48f21900a3b6c514caf13e37de2 /sys
parent2d5d7ec3d169de14c7d96bd66b306492b400e959 (diff)
Fix KPDK mode (based on patch provided by lob@netstream.se)
Diffstat (limited to 'sys')
-rw-r--r--sys/crypto/cryptosoft.c49
-rw-r--r--sys/crypto/cryptosoft.h2
2 files changed, 42 insertions, 9 deletions
diff --git a/sys/crypto/cryptosoft.c b/sys/crypto/cryptosoft.c
index b0c7bc6d99d..12107709ae8 100644
--- a/sys/crypto/cryptosoft.c
+++ b/sys/crypto/cryptosoft.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cryptosoft.c,v 1.12 2000/06/20 05:40:38 angelos Exp $ */
+/* $OpenBSD: cryptosoft.c,v 1.13 2000/07/21 00:02:20 angelos Exp $ */
/*
* The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
@@ -325,10 +325,7 @@ swcr_authcompute(struct cryptodesc *crd, struct swcr_data *sw,
bcopy(sw->sw_ictx, &ctx, axf->ctxsize);
if (outtype == CRYPTO_BUF_CONTIG)
- {
- axf->Update(&ctx, buf + crd->crd_skip, crd->crd_len);
- axf->Final(aalg, &ctx);
- }
+ axf->Update(&ctx, buf + crd->crd_skip, crd->crd_len);
else
{
err = m_apply((struct mbuf *) buf, crd->crd_skip,
@@ -337,11 +334,8 @@ swcr_authcompute(struct cryptodesc *crd, struct swcr_data *sw,
(caddr_t) &ctx);
if (err)
return err;
-
- axf->Final(aalg, &ctx);
}
- /* HMAC processing */
switch (sw->sw_alg)
{
case CRYPTO_MD5_HMAC96:
@@ -350,10 +344,20 @@ swcr_authcompute(struct cryptodesc *crd, struct swcr_data *sw,
if (sw->sw_octx == NULL)
return EINVAL;
+ axf->Final(aalg, &ctx);
bcopy(sw->sw_octx, &ctx, axf->ctxsize);
axf->Update(&ctx, aalg, axf->hashsize);
axf->Final(aalg, &ctx);
break;
+
+ case CRYPTO_MD5_KPDK:
+ case CRYPTO_SHA1_KPDK:
+ if (sw->sw_octx == NULL)
+ return EINVAL;
+
+ axf->Update(&ctx, sw->sw_octx, sw->sw_klen);
+ axf->Final(aalg, &ctx);
+ break;
}
/* Inject the authentication data */
@@ -541,6 +545,18 @@ swcr_newsession(u_int32_t *sid, struct cryptoini *cri)
return ENOBUFS;
}
+ /* Store the key so we can "append" it to the payload */
+ MALLOC((*swd)->sw_octx, u_int8_t *, cri->cri_klen / 8,
+ M_XDATA, M_NOWAIT);
+ if ((*swd)->sw_octx == NULL)
+ {
+ swcr_freesession(i);
+ return ENOBUFS;
+ }
+
+ (*swd)->sw_klen = cri->cri_klen / 8;
+ bcopy(cri->cri_key, (*swd)->sw_octx, cri->cri_klen / 8);
+
axf->Init((*swd)->sw_ictx);
axf->Update((*swd)->sw_ictx, cri->cri_key,
cri->cri_klen / 8);
@@ -604,6 +620,21 @@ swcr_freesession(u_int64_t tid)
case CRYPTO_MD5_HMAC96:
case CRYPTO_SHA1_HMAC96:
case CRYPTO_RIPEMD160_HMAC96:
+ axf = swd->sw_axf;
+
+ if (swd->sw_ictx)
+ {
+ bzero(swd->sw_ictx, axf->ctxsize);
+ FREE(swd->sw_ictx, M_XDATA);
+ }
+
+ if (swd->sw_octx)
+ {
+ bzero(swd->sw_octx, axf->ctxsize);
+ FREE(swd->sw_octx, M_XDATA);
+ }
+ break;
+
case CRYPTO_MD5_KPDK:
case CRYPTO_SHA1_KPDK:
axf = swd->sw_axf;
@@ -616,7 +647,7 @@ swcr_freesession(u_int64_t tid)
if (swd->sw_octx)
{
- bzero(swd->sw_octx, axf->ctxsize);
+ bzero(swd->sw_octx, swd->sw_klen);
FREE(swd->sw_octx, M_XDATA);
}
break;
diff --git a/sys/crypto/cryptosoft.h b/sys/crypto/cryptosoft.h
index 7741f7d1339..d43419c508e 100644
--- a/sys/crypto/cryptosoft.h
+++ b/sys/crypto/cryptosoft.h
@@ -32,6 +32,7 @@ struct swcr_data
{
u_int8_t *SW_ictx;
u_int8_t *SW_octx;
+ u_int32_t SW_klen;
struct auth_hash *SW_axf;
} SWCR_AUTH;
@@ -45,6 +46,7 @@ struct swcr_data
#define sw_ictx SWCR_UN.SWCR_AUTH.SW_ictx
#define sw_octx SWCR_UN.SWCR_AUTH.SW_octx
+#define sw_klen SWCR_UN.SWCR_AUTH.SW_klen
#define sw_axf SWCR_UN.SWCR_AUTH.SW_axf
#define sw_kschedule SWCR_UN.SWCR_ENC.SW_kschedule
#define sw_iv SWCR_UN.SWCR_ENC.SW_iv