| Age | Commit message (Collapse) | Author |
|---|
|
rather than requiring each algorithm to provide their own memory handling.
This matches the interface already provided by cryptosoft for
authentication algorithms and removes the need for zerokey functions.
ok mikeb@
|
|
There's not much use for the declassified cipher from the 80's
with a questionable license these days. According to the FIPS
drafts, Skipjack reaches its EOL in December 2010.
The libc portion will be removed after the ports hackathon.
djm and thib agree, no objections from deraadt
Thanks to jsg for digging up FIPS drafts.
|
|
described in FIPS SP 800-38D.
This implementation supports 16 byte authentication tag only,
splitting transformation into two parts: encryption and
authentication. Encryption is handled by the existing
AES-CTR implementation, while authentication requires new
AES_GMAC hash function.
Additional routine is added to the software crypto driver
to deal with peculiarities of a combined authentication-
encryption transformation.
With suggestions from reyk, naddy and toby.
|
|
(1) use correct (message) block size of 128 byte (instead of 64
bytes) for HMAC-SHA512/384 (RFC4634).
(2) RFC4868 specifies that HMAC-SHA-{256,384,512} is truncated to
nnn/2 bits, while we still use 96 bits. 96 bits have been
specified in draft-ietf-ipsec-ciph-sha-256-00 while
draft-ietf-ipsec-ciph-sha-256-01 changed it to 128 bits.
WARNING: this change makes IPsec with SHA-256 (the default)
incompatible with older OpenBSD versions and other IPsec-implementations
that share this bug.
ok+tests naddy, fries; requested by reyk/deraadt
|
|
|
|
XTS is a "tweaked" AES mode that has properties that are desirable
for block device encryption and it is specified in the IEEE
P1619-2007 standard for this purpose.
prodded by & ok hshoexer@
|
|
to match.
ok deraadt@
|
|
|
|
number of key bits is supplied.
Only AES and DES/3DES might fail.
ok and help markus@
|
|
This moves md5.c out of libkern and into sys/crypto where it belongs (as
requested by markus@). Note that md5.c is still mandatory (dev/rnd.c uses it).
Verified with IPsec + hmac-md5 and tcp md5sig. OK henning@ and hshoexer@
|
|
|
|
|
|
bandwidth of the kernel API). It's only available from userland and
then only if kern.cryptodevallowsoft=1.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Hacking at OpenBSD Crypto 2000 :-)
|
|
idea is to support various cryptographic hardware accelerators (which
may be (detachable) cards, secondary/tertiary/etc processors,
software crypto, etc). Supports session migration between crypto
devices. What it doesn't (yet) support:
- multiple instances of the same algorithm used in the same session
- use of multiple crypto drivers in the same session
- asymmetric crypto
No support for a userland device yet.
IPsec code path modified to allow for asynchronous cryptography
(callbacks used in both input and output processing). Some unrelated
code simplification done in the process (especially for AH).
Development of this code kindly supported by Network Security
Technologies (NSTI). The code was writen mostly in Greece, and is
being committed from Montreal.
|
