diff options
| author | Pawel Jakub Dawidek <pjd@FreeBSD.org> | 2006-05-17 18:30:28 +0000 |
|---|---|---|
| committer | Pawel Jakub Dawidek <pjd@FreeBSD.org> | 2006-05-17 18:30:28 +0000 |
| commit | 80e35494cc95f545abadfa78f1fd25e65d1f69f3 (patch) | |
| tree | 58e6a6e8a06d3307bbc2445fb72ca6d69f08d60f /sys/netipsec | |
| parent | f6c4bc3b919724edb6a0280f64a82a9cb792e712 (diff) | |
| download | src-80e35494cc95f545abadfa78f1fd25e65d1f69f3.tar.gz src-80e35494cc95f545abadfa78f1fd25e65d1f69f3.zip | |
- The authsize field from auth_hash structure was removed.
- Define that we want to receive only 96 bits of HMAC.
- Names of the structues have no longer _96 suffix.
Reviewed by: sam
Notes
Notes:
svn path=/head/; revision=158704
Diffstat (limited to 'sys/netipsec')
| -rw-r--r-- | sys/netipsec/xform_ah.c | 13 | ||||
| -rw-r--r-- | sys/netipsec/xform_esp.c | 8 |
2 files changed, 11 insertions, 10 deletions
diff --git a/sys/netipsec/xform_ah.c b/sys/netipsec/xform_ah.c index 24320ce66c41..6114908279d7 100644 --- a/sys/netipsec/xform_ah.c +++ b/sys/netipsec/xform_ah.c @@ -81,11 +81,11 @@ sizeof (struct ah) : sizeof (struct ah) + sizeof (u_int32_t)) /* * Return authenticator size in bytes. The old protocol is known - * to use a fixed 16-byte authenticator. The new algorithm gets - * this size from the xform but is (currently) always 12. + * to use a fixed 16-byte authenticator. The new algorithm use 12-byte + * authenticator. */ #define AUTHSIZE(sav) \ - ((sav->flags & SADB_X_EXT_OLD) ? 16 : (sav)->tdb_authalgxform->authsize) + ((sav->flags & SADB_X_EXT_OLD) ? 16 : AH_HMAC_HASHLEN) int ah_enable = 1; /* control flow of packets with AH */ int ah_cleartos = 1; /* clear ip_tos when doing AH calc */ @@ -116,11 +116,11 @@ ah_algorithm_lookup(int alg) case SADB_X_AALG_NULL: return &auth_hash_null; case SADB_AALG_MD5HMAC: - return &auth_hash_hmac_md5_96; + return &auth_hash_hmac_md5; case SADB_AALG_SHA1HMAC: - return &auth_hash_hmac_sha1_96; + return &auth_hash_hmac_sha1; case SADB_X_AALG_RIPEMD160HMAC: - return &auth_hash_hmac_ripemd_160_96; + return &auth_hash_hmac_ripemd_160; case SADB_X_AALG_MD5: return &auth_hash_key_md5; case SADB_X_AALG_SHA: @@ -202,6 +202,7 @@ ah_init0(struct secasvar *sav, struct xformsw *xsp, struct cryptoini *cria) cria->cri_alg = sav->tdb_authalgxform->type; cria->cri_klen = _KEYBITS(sav->key_auth); cria->cri_key = sav->key_auth->key_data; + cria->cri_mlen = AUTHSIZE(sav); return 0; } diff --git a/sys/netipsec/xform_esp.c b/sys/netipsec/xform_esp.c index cd9c3129e5c5..fad3547b8f23 100644 --- a/sys/netipsec/xform_esp.c +++ b/sys/netipsec/xform_esp.c @@ -528,13 +528,13 @@ esp_input_cb(struct cryptop *crp) ahstat.ahs_hist[sav->alg_auth]++; if (mtag == NULL) { /* Copy the authenticator from the packet */ - m_copydata(m, m->m_pkthdr.len - esph->authsize, - esph->authsize, aalg); + m_copydata(m, m->m_pkthdr.len - AH_HMAC_HASHLEN, + AH_HMAC_HASHLEN, aalg); ptr = (caddr_t) (tc + 1); /* Verify authenticator */ - if (bcmp(ptr, aalg, esph->authsize) != 0) { + if (bcmp(ptr, aalg, AH_HMAC_HASHLEN) != 0) { DPRINTF(("%s: " "authentication hash mismatch for packet in SA %s/%08lx\n", __func__, @@ -547,7 +547,7 @@ esp_input_cb(struct cryptop *crp) } /* Remove trailing authenticator */ - m_adj(m, -(esph->authsize)); + m_adj(m, -AH_HMAC_HASHLEN); } /* Release the crypto descriptors */ |