summaryrefslogtreecommitdiff
path: root/sys/crypto
AgeCommit message (Collapse)Author
2008-09-06match libc sha2(3) API changes for kernel; ok millert@Damien Miller
2008-08-12Implementation of the HMAC-MD5, HMAC-SHA1, HMAC-SHA256, AES-128-CMACDamien Bergamini
and AES Key Wrap algorithms. They will replace/extend the non-generic implementation in net80211. AES-128-CMAC tested by sobrado@ (AlphaServer 1200), naddy@ (alpha/sparc64) and sthen@ (sparc64, armish). HMAC-* reviewed by hshoexer@ ok and hints from djm@
2008-07-21gives this a chance to work on architectures with strict alignmentDamien Bergamini
constraints.
2008-06-25implement automatic time-based rekeying (every 10 minutes); ok deraadt@Damien Miller
2008-06-09Introduce a facility to generate unpredictable 32 bit numbers withDamien Miller
near maximal (2^32) cycle times. These are useful for network IDs in cases where there are negative consequences to ID prediction and/or reuse. Use the idgen32() functions to generate IPv6 IDs and NFS client/server XIDs. Pseudorandom permutation code in crypto/idgen.c based on public domain skip32.c from Greg Rose. feedback & ok thib@ deraadt@
2008-06-09add myself to copyrightDamien Miller
2008-06-09Implement the AES XTS mode of operation for the crypto(9) framework.Damien Miller
XTS is a "tweaked" AES mode that has properties that are desirable for block device encryption and it is specified in the IEEE P1619-2007 standard for this purpose. prodded by & ok hshoexer@
2008-06-09constify arguments in wrapper functions; the lower level functionsDamien Miller
were already done
2008-06-09rename arc4random_bytes => arc4random_buf to match libc's nicer name;Damien Miller
ok deraadt@
2007-11-28finish conversion to workq. remove list remnants, and put spl in the rightTed Unangst
places. handle the no workq case here. ok deraadt
2007-11-26typos; ok jmc@Martynas Venckus
sys/netinet/in_pcb.c and sys/net/bridgestp.c ok henning@ sys/dev/pci/bktr/* ok jakemsr@
2007-11-25convert crypto thread to workq. add WQ_DIRECTOK flag to workq.Ted Unangst
combined, this lets us use crypto before the thread is running and therefore cryptoraid can attach nice and early. ok/testing deraadt mbalmer marco
2007-11-14do not call crypto_done() on errors, since the drivers already do this.Markus Friedl
otherwise we call the callback twice; fixes panics on crypto errors as seen on reboot; ok hshoexer
2007-09-15fix error introduced by my previous commit:Hans-Joerg Hoexer
"MALLOC(*swd, ...)" vs. "swd = malloc(..." ok millert
2007-09-13Here too: Convert MALLOC/FREE to malloc/free and use M_ZERO where applicable.Hans-Joerg Hoexer
error spotting and ok krw@
2007-09-11Add __bounded__ attributes to prototypes.Damien Miller
Use (x & 0xff) rather than (x % 256) - compilers generate faster code. Add arc4_getbytes function to extract raw keystream ok markus@ tom@
2007-09-10Make the hmac ipad/opad globals "const" and fixup the crypto functionsHenric Jungheim
to match. ok deraadt@
2007-07-24add rc4_skip() function that can be used to discard bytes fromDamien Bergamini
the arc4 key stream. rc4_skip(ctx, len); is equivalent to: u_int8_t dummy[len]; rc4_crypt(ctx, dummy, dummy, len); except that is does not require storage space and that it saves some cpu cycles. ok deraadt@
2007-07-20unbreak landisk kernel sha1 by working around a compiler bug;Otto Moerbeek
also brings kernel sha1 more in line with userland; discussed with miod@ and millert@;
2007-05-27make the #defines in rijndael.h a bit more meaningfulTed Unangst
ok djm and with a hint from henning
2007-05-27make crp_buf a void *. caddr_t implies bufferness, it's not.Ted Unangst
ok deraadt jason
2007-04-10``it's'' -> ``its'' when the grammar gods require this change.Miod Vallat
2007-02-21Don't use arbitrary 128 bytes as size of the blf key array if we know exactlyAlexander von Gernler
how much blowfish takes at max, which is 72 bytes. Also define a constant for this in the include file, suggested by ray@. ok pedro@ thib@ tedu@
2007-02-19minimum blocksize for ESP is 32 bit, so adjust blocksize of NULLHans-Joerg Hoexer
encryption accordingly. Makes NULL encryption useable with ESP. Noticed by Martin Hedenfalk <martin.hedenfalk at gmail.com>. ok markus@
2006-12-29Avoid void * arithmetic, okay deraadt@, suggestions from millert@Pedro Martelletto
2006-11-19typo; from bret lambertJason McIntyre
ok pedro
2006-10-25pr5274 fix localhost dos with oversized valuesTed Unangst
ok deraadt
2006-05-31remove some silly casts. put spl calls after all declarations.Ted Unangst
put one splx in a better spot. make a variable size MALLOC use malloc. remove null test after malloc(M_WAITOK). add PR_NOWAIT flag to pool_get instead of 0. change callbacks to correct type. ok brad deraadt markus mickey
2006-03-23kill evil \r; from cedricMichael Shalayeff
2006-03-21Implementation of the Michael MIC as defined in IEEE 802.11i for TKIP.Reyk Floeter
The MIC generates a weak 64bit digest protected by an additional key. Obviously, this digest alg is required for future IEEE 802.11i/WPA support. test vectors passed on alpha amd64 mvme68k mvme88k sgi sparc sparc64 vax i386 ok djm@
2006-03-04splimp -> splvmBrad Smith
ok miod@
2005-08-18do not allow 0-length transforms; from freebsdTheo de Raadt
2005-06-13get rid of ifdef MSDOS, no binary changeHans-Joerg Hoexer
ok markus@
2005-05-25AESCTR support for ESP (RFC 3686); ok hshoexerMarkus Friedl
2005-05-10support NULL encryption for ESP; ok hshoexer, hoMarkus Friedl
2005-05-02simplify by using arc4random_bytes(), ok djm, hshoexerMarkus Friedl
2005-03-24major knfHans-Joerg Hoexer
fix spelling in comment, by rohee@ no binary change ok deraadt@
2005-03-24ansi and tiny knfHans-Joerg Hoexer
ok deraadt@
2004-12-21Don't use crypto thread for callbacks.Marco Pfatschbacher
This primarily improves IPsec performance when using crypto accelerators. With help from markus@, tested by wvdputte@. ok deraadt@, markus@
2004-12-20Allow the setkey function of a transform to fail, eg. when an insufficientHans-Joerg Hoexer
number of key bits is supplied. Only AES and DES/3DES might fail. ok and help markus@
2004-12-15minimum key length of aes is 128 bit, not 64.Hans-Joerg Hoexer
ok markus
2004-12-14indentation and some knf, no binary changeHans-Joerg Hoexer
ok + help markus
2004-06-26Ansification of defalte-/lsz-stubs.Hans-Joerg Hoexer
ok jfb@
2004-06-20In crypto_thread(), always save return value from splimp(). We were onlyAaron Campbell
storing it once on kernel startup. Scary. "holy crap" --deraadt. art@ ok Unclear if this was actually a problem in practice, but this doesn't hurt.
2004-05-07Replace RSA-derived md5 code with code derived from Colin Plumb's PD version.Todd C. Miller
This moves md5.c out of libkern and into sys/crypto where it belongs (as requested by markus@). Note that md5.c is still mandatory (dev/rnd.c uses it). Verified with IPsec + hmac-md5 and tcp md5sig. OK henning@ and hshoexer@
2004-05-03Rev 1.4 was bogus (committed from the wrong tree), this repairs it.Todd C. Miller
2004-05-03some minor KNFTodd C. Miller
2004-04-29The data pointer passed to the transform function may not be properlyTodd C. Miller
aligned so copy it in a way that a) is endian indepenent and b) does not rely on alignment. Problem found and solution tested by hshoexer@
2004-04-28Sync userland sha2.c with kernel. The SHAXXX_End and SHAXXX_Data functionsTodd C. Miller
have been removed; we provide these in userland but not in the kernel.
2004-04-28Some KNF, made bit count u_int64_t instead of u_int32_t (similar to libc).Hans-Joerg Hoexer
Added constants for buffer lengths. ok millert@