copy AES-XCBC-MAC support from KAME IPSEC to FAST_IPSEC

For this to fit, an API change in cryptosoft was adopted from OpenBSD
(addition of a "Setkey" method to hashes) which was done for GCM/GMAC
support there, so it might be useful in the future anyway.
tested against KAME IPSEC
AFAICT, FAST_IPSEC now supports as much as KAME.

sys/netipsec/xform_ah.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: xform_ah.c,v 1.32 2011/05/06 21:48:46 drochner Exp $	*/
+/*	$NetBSD: xform_ah.c,v 1.33 2011/05/24 19:10:08 drochner Exp $	*/
 /*	$FreeBSD: src/sys/netipsec/xform_ah.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $	*/
 /*	$OpenBSD: ip_ah.c,v 1.63 2001/06/26 06:18:58 angelos Exp $ */
 /*
@@ -39,7 +39,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.32 2011/05/06 21:48:46 drochner Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.33 2011/05/24 19:10:08 drochner Exp $");
 
 #include "opt_inet.h"
 #ifdef __FreeBSD__
@@ -147,6 +147,8 @@ ah_algorithm_lookup(int alg)
 		return &auth_hash_hmac_sha2_384;
 	case SADB_X_AALG_SHA2_512:
 		return &auth_hash_hmac_sha2_512;
+	case SADB_X_AALG_AES_XCBC_MAC:
+		return &auth_hash_aes_xcbc_mac_96;
 	}
 	return NULL;
 }

sys/opencrypto/aesxcbcmac.c

@@ -0,0 +1,141 @@
+/* $NetBSD: aesxcbcmac.c,v 1.1 2011/05/24 19:10:08 drochner Exp $ */
+
+/*
+ * Copyright (C) 1995, 1996, 1997, 1998 and 2003 WIDE Project.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the project nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <sys/cdefs.h>
+__KERNEL_RCSID(0, "$NetBSD: aesxcbcmac.c,v 1.1 2011/05/24 19:10:08 drochner Exp $");
+
+#include <sys/param.h>
+#include <sys/systm.h>
+#include <crypto/rijndael/rijndael.h>
+
+#include <opencrypto/aesxcbcmac.h>
+
+int
+aes_xcbc_mac_init(void *vctx, const u_int8_t *key, u_int16_t keylen)
+{
+	u_int8_t k1seed[AES_BLOCKSIZE] = { 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 };
+	u_int8_t k2seed[AES_BLOCKSIZE] = { 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2 };
+	u_int8_t k3seed[AES_BLOCKSIZE] = { 3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3 };
+	u_int32_t r_ks[(RIJNDAEL_MAXNR+1)*4];
+	aesxcbc_ctx *ctx;
+	u_int8_t k1[AES_BLOCKSIZE];
+
+	ctx = (aesxcbc_ctx *)vctx;
+	memset(ctx, 0, sizeof(aesxcbc_ctx));
+
+	if ((ctx->r_nr = rijndaelKeySetupEnc(r_ks, key, keylen * 8)) == 0)
+		return -1;
+	rijndaelEncrypt(r_ks, ctx->r_nr, k1seed, k1);
+	rijndaelEncrypt(r_ks, ctx->r_nr, k2seed, ctx->k2);
+	rijndaelEncrypt(r_ks, ctx->r_nr, k3seed, ctx->k3);
+	if (rijndaelKeySetupEnc(ctx->r_k1s, k1, AES_BLOCKSIZE * 8) == 0)
+		return -1;
+	if (rijndaelKeySetupEnc(ctx->r_k2s, ctx->k2, AES_BLOCKSIZE * 8) == 0)
+		return -1;
+	if (rijndaelKeySetupEnc(ctx->r_k3s, ctx->k3, AES_BLOCKSIZE * 8) == 0)
+		return -1;
+
+	return 0;
+}
+
+int
+aes_xcbc_mac_loop(void *vctx, const u_int8_t *addr, u_int16_t len)
+{
+	u_int8_t buf[AES_BLOCKSIZE];
+	aesxcbc_ctx *ctx;
+	const u_int8_t *ep;
+	int i;
+
+	ctx = (aesxcbc_ctx *)vctx;
+	ep = addr + len;
+
+	if (ctx->buflen == sizeof(ctx->buf)) {
+		for (i = 0; i < sizeof(ctx->e); i++)
+			ctx->buf[i] ^= ctx->e[i];
+		rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, ctx->buf, ctx->e);
+		ctx->buflen = 0;
+	}
+	if (ctx->buflen + len < sizeof(ctx->buf)) {
+		memcpy(ctx->buf + ctx->buflen, addr, len);
+		ctx->buflen += len;
+		return 0;
+	}
+	if (ctx->buflen && ctx->buflen + len > sizeof(ctx->buf)) {
+		memcpy(ctx->buf + ctx->buflen, addr,
+		    sizeof(ctx->buf) - ctx->buflen);
+		for (i = 0; i < sizeof(ctx->e); i++)
+			ctx->buf[i] ^= ctx->e[i];
+		rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, ctx->buf, ctx->e);
+		addr += sizeof(ctx->buf) - ctx->buflen;
+		ctx->buflen = 0;
+	}
+	/* due to the special processing for M[n], "=" case is not included */
+	while (addr + AES_BLOCKSIZE < ep) {
+		memcpy(buf, addr, AES_BLOCKSIZE);
+		for (i = 0; i < sizeof(buf); i++)
+			buf[i] ^= ctx->e[i];
+		rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, buf, ctx->e);
+		addr += AES_BLOCKSIZE;
+	}
+	if (addr < ep) {
+		memcpy(ctx->buf + ctx->buflen, addr, ep - addr);
+		ctx->buflen += ep - addr;
+	}
+	return 0;
+}
+
+void
+aes_xcbc_mac_result(u_int8_t *addr, void *vctx)
+{
+	u_char digest[AES_BLOCKSIZE];
+	aesxcbc_ctx *ctx;
+	int i;
+
+	ctx = (aesxcbc_ctx *)vctx;
+
+	if (ctx->buflen == sizeof(ctx->buf)) {
+		for (i = 0; i < sizeof(ctx->buf); i++) {
+			ctx->buf[i] ^= ctx->e[i];
+			ctx->buf[i] ^= ctx->k2[i];
+		}
+		rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, ctx->buf, digest);
+	} else {
+		for (i = ctx->buflen; i < sizeof(ctx->buf); i++)
+			ctx->buf[i] = (i == ctx->buflen) ? 0x80 : 0x00;
+		for (i = 0; i < sizeof(ctx->buf); i++) {
+			ctx->buf[i] ^= ctx->e[i];
+			ctx->buf[i] ^= ctx->k3[i];
+		}
+		rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, ctx->buf, digest);
+	}
+
+	memcpy(addr, digest, sizeof(digest));
+}

sys/opencrypto/aesxcbcmac.h

@@ -0,0 +1,21 @@
+/* $NetBSD: aesxcbcmac.h,v 1.1 2011/05/24 19:10:09 drochner Exp $ */
+
+#include <sys/types.h>
+
+#define AES_BLOCKSIZE   16
+
+typedef struct {
+	u_int8_t	e[AES_BLOCKSIZE];
+	u_int8_t	buf[AES_BLOCKSIZE];
+	size_t		buflen;
+	u_int32_t	r_k1s[(RIJNDAEL_MAXNR+1)*4];
+	u_int32_t	r_k2s[(RIJNDAEL_MAXNR+1)*4];
+	u_int32_t	r_k3s[(RIJNDAEL_MAXNR+1)*4];
+	int		r_nr; /* key-length-dependent number of rounds */
+	u_int8_t	k2[AES_BLOCKSIZE];
+	u_int8_t	k3[AES_BLOCKSIZE];
+} aesxcbc_ctx;
+
+int aes_xcbc_mac_init(void *, const u_int8_t *, u_int16_t);
+int aes_xcbc_mac_loop(void *, const u_int8_t *, u_int16_t);
+void aes_xcbc_mac_result(u_int8_t *, void *);

sys/opencrypto/cryptodev.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: cryptodev.c,v 1.62 2011/05/23 15:37:36 drochner Exp $ */
+/*	$NetBSD: cryptodev.c,v 1.63 2011/05/24 19:10:09 drochner Exp $ */
 /*	$FreeBSD: src/sys/opencrypto/cryptodev.c,v 1.4.2.4 2003/06/03 00:09:02 sam Exp $	*/
 /*	$OpenBSD: cryptodev.c,v 1.53 2002/07/10 22:21:30 mickey Exp $	*/
 
@@ -64,7 +64,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: cryptodev.c,v 1.62 2011/05/23 15:37:36 drochner Exp $");
+__KERNEL_RCSID(0, "$NetBSD: cryptodev.c,v 1.63 2011/05/24 19:10:09 drochner Exp $");
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -1595,6 +1595,9 @@ cryptodev_session(struct fcrypt *fcr, struct session_op *sop)
 	case CRYPTO_SHA1:
 		thash = &auth_hash_sha1;
 		break;
+	case CRYPTO_AES_XCBC_MAC_96:
+		thash = &auth_hash_aes_xcbc_mac_96;
+		break;
 	case CRYPTO_NULL_HMAC:
 		thash = &auth_hash_null;
 		break;

sys/opencrypto/cryptodev.h

@@ -1,4 +1,4 @@
-/*	$NetBSD: cryptodev.h,v 1.22 2011/05/23 13:51:10 drochner Exp $ */
+/*	$NetBSD: cryptodev.h,v 1.23 2011/05/24 19:10:09 drochner Exp $ */
 /*	$FreeBSD: src/sys/opencrypto/cryptodev.h,v 1.2.2.6 2003/07/02 17:04:50 sam Exp $	*/
 /*	$OpenBSD: cryptodev.h,v 1.33 2002/07/17 23:52:39 art Exp $	*/
 
@@ -139,7 +139,8 @@
 #define CRYPTO_SHA2_512_HMAC	25
 #define CRYPTO_CAMELLIA_CBC	26
 #define CRYPTO_AES_CTR		27
-#define CRYPTO_ALGORITHM_MAX	27 /* Keep updated - see below */
+#define CRYPTO_AES_XCBC_MAC_96	28
+#define CRYPTO_ALGORITHM_MAX	28 /* Keep updated - see below */
 
 /* Algorithm flags */
 #define	CRYPTO_ALG_FLAG_SUPPORTED	0x01 /* Algorithm is supported */

sys/opencrypto/cryptosoft.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: cryptosoft.c,v 1.35 2011/05/24 18:59:22 drochner Exp $ */
+/*	$NetBSD: cryptosoft.c,v 1.36 2011/05/24 19:10:10 drochner Exp $ */
 /*	$FreeBSD: src/sys/opencrypto/cryptosoft.c,v 1.2.2.1 2002/11/21 23:34:23 sam Exp $	*/
 /*	$OpenBSD: cryptosoft.c,v 1.35 2002/04/26 08:43:50 deraadt Exp $	*/
 
@@ -24,7 +24,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: cryptosoft.c,v 1.35 2011/05/24 18:59:22 drochner Exp $");
+__KERNEL_RCSID(0, "$NetBSD: cryptosoft.c,v 1.36 2011/05/24 19:10:10 drochner Exp $");
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -47,6 +47,7 @@ union authctx {
 	SHA256_CTX sha256ctx;
 	SHA384_CTX sha384ctx;
 	SHA512_CTX sha512ctx;
+	aesxcbc_ctx aesxcbcctx;
 };
 
 struct swcr_data **swcr_sessions = NULL;
@@ -536,6 +537,7 @@ swcr_authcompute(struct cryptop *crp, struct cryptodesc *crd,
 	case CRYPTO_NULL_HMAC:
 	case CRYPTO_MD5:
 	case CRYPTO_SHA1:
+	case CRYPTO_AES_XCBC_MAC_96:
 		axf->Final(aalg, &ctx);
 		break;
 	}
@@ -838,6 +840,20 @@ swcr_newsession(void *arg, u_int32_t *sid, struct cryptoini *cri)
 			(*swd)->sw_axf = axf;
 			break;
 
+		case CRYPTO_AES_XCBC_MAC_96:
+			axf = &swcr_auth_hash_aes_xcbc_mac;
+			(*swd)->sw_ictx = malloc(axf->ctxsize,
+			    M_CRYPTO_DATA, M_NOWAIT);
+			if ((*swd)->sw_ictx == NULL) {
+				swcr_freesession(NULL, i);
+				return ENOBUFS;
+			}
+			axf->Init((*swd)->sw_ictx);
+			axf->Setkey((*swd)->sw_ictx,
+				cri->cri_key, cri->cri_klen / 8);
+			(*swd)->sw_axf = axf;
+			break;
+
 		case CRYPTO_DEFLATE_COMP:
 			cxf = &swcr_comp_algo_deflate;
 			(*swd)->sw_cxf = cxf;
@@ -941,6 +957,7 @@ swcr_freesession(void *arg, u_int64_t tid)
 
 		case CRYPTO_MD5:
 		case CRYPTO_SHA1:
+		case CRYPTO_AES_XCBC_MAC_96:
 			axf = swd->sw_axf;
 
 			if (swd->sw_ictx)
@@ -1046,6 +1063,7 @@ swcr_process(void *arg, struct cryptop *crp, int hint)
 		case CRYPTO_SHA1_KPDK:
 		case CRYPTO_MD5:
 		case CRYPTO_SHA1:
+		case CRYPTO_AES_XCBC_MAC_96:
 			if ((crp->crp_etype = swcr_authcompute(crp, crd, sw,
 			    crp->crp_buf, type)) != 0)
 				goto done;
@@ -1108,6 +1126,7 @@ swcr_init(void)
 	REGISTER(CRYPTO_SHA1_KPDK);
 	REGISTER(CRYPTO_MD5);
 	REGISTER(CRYPTO_SHA1);
+	REGISTER(CRYPTO_AES_XCBC_MAC_96);
 	REGISTER(CRYPTO_RIJNDAEL128_CBC);
 	REGISTER(CRYPTO_DEFLATE_COMP);
 	REGISTER(CRYPTO_DEFLATE_COMP_NOGROW);

sys/opencrypto/cryptosoft_xform.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: cryptosoft_xform.c,v 1.21 2011/05/24 18:59:22 drochner Exp $ */
+/*	$NetBSD: cryptosoft_xform.c,v 1.22 2011/05/24 19:10:11 drochner Exp $ */
 /*	$FreeBSD: src/sys/opencrypto/xform.c,v 1.1.2.1 2002/11/21 23:34:23 sam Exp $	*/
 /*	$OpenBSD: xform.c,v 1.19 2002/08/16 22:47:25 dhartmei Exp $	*/
 
@@ -40,7 +40,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(1, "$NetBSD: cryptosoft_xform.c,v 1.21 2011/05/24 18:59:22 drochner Exp $");
+__KERNEL_RCSID(1, "$NetBSD: cryptosoft_xform.c,v 1.22 2011/05/24 19:10:11 drochner Exp $");
 
 #include <crypto/blowfish/blowfish.h>
 #include <crypto/cast128/cast128.h>
@@ -55,11 +55,13 @@ __KERNEL_RCSID(1, "$NetBSD: cryptosoft_xform.c,v 1.21 2011/05/24 18:59:22 drochn
 #include <sys/rmd160.h>
 #include <sys/sha1.h>
 #include <sys/sha2.h>
+#include <opencrypto/aesxcbcmac.h>
 
 struct swcr_auth_hash {
 	const struct auth_hash *auth_hash;
 	int ctxsize;
 	void (*Init)(void *);
+	void (*Setkey)(void *, const uint8_t *, uint16_t);
 	int  (*Update)(void *, const uint8_t *, uint16_t);
 	void (*Final)(uint8_t *, void *);
 };
@@ -225,83 +227,90 @@ static const struct swcr_enc_xform swcr_enc_xform_camellia = {
 /* Authentication instances */
 static const struct swcr_auth_hash swcr_auth_hash_null = {
 	&auth_hash_null, sizeof(int), /* NB: context isn't used */
-	null_init, null_update, null_final
+	null_init, NULL, null_update, null_final
 };
 
 static const struct swcr_auth_hash swcr_auth_hash_hmac_md5 = {
 	&auth_hash_hmac_md5, sizeof(MD5_CTX),
-	(void (*) (void *)) MD5Init, MD5Update_int,
+	(void (*) (void *)) MD5Init, NULL, MD5Update_int,
 	(void (*) (u_int8_t *, void *)) MD5Final
 };
 
 static const struct swcr_auth_hash swcr_auth_hash_hmac_sha1 = {
 	&auth_hash_hmac_sha1, sizeof(SHA1_CTX),
-	SHA1Init_int, SHA1Update_int, SHA1Final_int
+	SHA1Init_int, NULL, SHA1Update_int, SHA1Final_int
 };
 
 static const struct swcr_auth_hash swcr_auth_hash_hmac_ripemd_160 = {
 	&auth_hash_hmac_ripemd_160, sizeof(RMD160_CTX),
-	(void (*)(void *)) RMD160Init, RMD160Update_int,
+	(void (*)(void *)) RMD160Init, NULL, RMD160Update_int,
 	(void (*)(u_int8_t *, void *)) RMD160Final
 };
 static const struct swcr_auth_hash swcr_auth_hash_hmac_md5_96 = {
 	&auth_hash_hmac_md5_96, sizeof(MD5_CTX),
-	(void (*) (void *)) MD5Init, MD5Update_int,
+	(void (*) (void *)) MD5Init, NULL, MD5Update_int,
 	(void (*) (u_int8_t *, void *)) MD5Final
 };
 
 static const struct swcr_auth_hash swcr_auth_hash_hmac_sha1_96 = {
 	&auth_hash_hmac_sha1_96, sizeof(SHA1_CTX),
-	SHA1Init_int, SHA1Update_int, SHA1Final_int
+	SHA1Init_int, NULL, SHA1Update_int, SHA1Final_int
 };
 
 static const struct swcr_auth_hash swcr_auth_hash_hmac_ripemd_160_96 = {
 	&auth_hash_hmac_ripemd_160_96, sizeof(RMD160_CTX),
-	(void (*)(void *)) RMD160Init, RMD160Update_int,
+	(void (*)(void *)) RMD160Init, NULL, RMD160Update_int,
 	(void (*)(u_int8_t *, void *)) RMD160Final
 };
 
 static const struct swcr_auth_hash swcr_auth_hash_key_md5 = {
 	&auth_hash_key_md5, sizeof(MD5_CTX),
-	(void (*)(void *)) MD5Init, MD5Update_int,
+	(void (*)(void *)) MD5Init, NULL, MD5Update_int,
 	(void (*)(u_int8_t *, void *)) MD5Final
 };
 
 static const struct swcr_auth_hash swcr_auth_hash_key_sha1 = {
 	&auth_hash_key_sha1, sizeof(SHA1_CTX),
-	SHA1Init_int, SHA1Update_int, SHA1Final_int
+	SHA1Init_int, NULL, SHA1Update_int, SHA1Final_int
 };
 
 static const struct swcr_auth_hash swcr_auth_hash_md5 = {
 	&auth_hash_md5, sizeof(MD5_CTX),
-	(void (*) (void *)) MD5Init, MD5Update_int,
+	(void (*) (void *)) MD5Init, NULL, MD5Update_int,
 	(void (*) (u_int8_t *, void *)) MD5Final
 };
 
 static const struct swcr_auth_hash swcr_auth_hash_sha1 = {
 	&auth_hash_sha1, sizeof(SHA1_CTX),
-	(void (*)(void *)) SHA1Init, SHA1Update_int,
+	(void (*)(void *)) SHA1Init, NULL, SHA1Update_int,
 	(void (*)(u_int8_t *, void *)) SHA1Final
 };
 
 static const struct swcr_auth_hash swcr_auth_hash_hmac_sha2_256 = {
 	&auth_hash_hmac_sha2_256, sizeof(SHA256_CTX),
-	(void (*)(void *)) SHA256_Init, SHA256Update_int,
+	(void (*)(void *)) SHA256_Init, NULL, SHA256Update_int,
 	(void (*)(u_int8_t *, void *)) SHA256_Final
 };
 
 static const struct swcr_auth_hash swcr_auth_hash_hmac_sha2_384 = {
 	&auth_hash_hmac_sha2_384, sizeof(SHA384_CTX),
-	(void (*)(void *)) SHA384_Init, SHA384Update_int,
+	(void (*)(void *)) SHA384_Init, NULL, SHA384Update_int,
 	(void (*)(u_int8_t *, void *)) SHA384_Final
 };
 
 static const struct swcr_auth_hash swcr_auth_hash_hmac_sha2_512 = {
 	&auth_hash_hmac_sha2_512, sizeof(SHA512_CTX),
-	(void (*)(void *)) SHA512_Init, SHA512Update_int,
+	(void (*)(void *)) SHA512_Init, NULL, SHA512Update_int,
 	(void (*)(u_int8_t *, void *)) SHA512_Final
 };
 
+static const struct swcr_auth_hash swcr_auth_hash_aes_xcbc_mac = {
+	&auth_hash_aes_xcbc_mac_96, sizeof(aesxcbc_ctx),
+	null_init,
+	(void (*)(void *, const u_int8_t *, u_int16_t))aes_xcbc_mac_init,
+	aes_xcbc_mac_loop, aes_xcbc_mac_result
+};
+
 /* Compression instance */
 static const struct swcr_comp_algo swcr_comp_algo_deflate = {
 	&comp_algo_deflate,

sys/opencrypto/files.opencrypto

@@ -1,4 +1,4 @@
-#	$NetBSD: files.opencrypto,v 1.22 2011/05/05 17:44:39 drochner Exp $
+#	$NetBSD: files.opencrypto,v 1.23 2011/05/24 19:10:11 drochner Exp $
 #
 #
 
@@ -18,6 +18,7 @@ defpseudo swcrypto: opencrypto,
 		blowfish, des, cast128, rijndael, skipjack, camellia
 file	opencrypto/cryptosoft.c		swcrypto
 file	opencrypto/deflate.c		swcrypto	# wrapper around zlib
+file	opencrypto/aesxcbcmac.c		swcrypto
 
 # Pseudo-device for userspace access to opencrypto
 # (and thus crypto hardware accelerators).

sys/opencrypto/xform.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: xform.c,v 1.26 2011/05/24 18:59:23 drochner Exp $ */
+/*	$NetBSD: xform.c,v 1.27 2011/05/24 19:10:11 drochner Exp $ */
 /*	$FreeBSD: src/sys/opencrypto/xform.c,v 1.1.2.1 2002/11/21 23:34:23 sam Exp $	*/
 /*	$OpenBSD: xform.c,v 1.19 2002/08/16 22:47:25 dhartmei Exp $	*/
 
@@ -40,7 +40,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform.c,v 1.26 2011/05/24 18:59:23 drochner Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform.c,v 1.27 2011/05/24 19:10:11 drochner Exp $");
 
 #include <sys/param.h>
 #include <sys/malloc.h>
@@ -211,6 +211,11 @@ const struct auth_hash auth_hash_hmac_sha2_512 = {
 	64, 64, 32, 128
 };
 
+const struct auth_hash auth_hash_aes_xcbc_mac_96 = {
+	CRYPTO_AES_XCBC_MAC_96, "AES-XCBC-MAC-96",
+	16, 16, 12, 0
+};
+
 /* Compression instance */
 const struct comp_algo comp_algo_deflate = {
 	CRYPTO_DEFLATE_COMP, "Deflate",

sys/opencrypto/xform.h

@@ -1,4 +1,4 @@
-/*	$NetBSD: xform.h,v 1.17 2011/05/24 18:59:23 drochner Exp $ */
+/*	$NetBSD: xform.h,v 1.18 2011/05/24 19:10:12 drochner Exp $ */
 /*	$FreeBSD: src/sys/opencrypto/xform.h,v 1.1.2.1 2002/11/21 23:34:23 sam Exp $	*/
 /*	$OpenBSD: xform.h,v 1.10 2002/04/22 23:10:09 deraadt Exp $	*/
 
@@ -80,6 +80,7 @@ extern const struct auth_hash auth_hash_hmac_ripemd_160_96;
 extern const struct auth_hash auth_hash_hmac_sha2_256;
 extern const struct auth_hash auth_hash_hmac_sha2_384;
 extern const struct auth_hash auth_hash_hmac_sha2_512;
+extern const struct auth_hash auth_hash_aes_xcbc_mac_96;
 
 extern const struct comp_algo comp_algo_deflate;
 extern const struct comp_algo comp_algo_deflate_nogrow;

usr.bin/netstat/fast_ipsec.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: fast_ipsec.c,v 1.15 2011/05/23 14:29:55 drochner Exp $ */
+/*	$NetBSD: fast_ipsec.c,v 1.16 2011/05/24 19:10:12 drochner Exp $ */
 /* 	$FreeBSD: src/tools/tools/crypto/ipsecstats.c,v 1.1.4.1 2003/06/03 00:13:13 sam Exp $ */
 
 /*-
@@ -33,7 +33,7 @@
 #include <sys/cdefs.h>
 #ifndef lint
 #ifdef __NetBSD__
-__RCSID("$NetBSD: fast_ipsec.c,v 1.15 2011/05/23 14:29:55 drochner Exp $");
+__RCSID("$NetBSD: fast_ipsec.c,v 1.16 2011/05/24 19:10:12 drochner Exp $");
 #endif
 #endif /* not lint*/
 
@@ -117,6 +117,7 @@ static const struct alg aalgs[] = {
 	{ SADB_X_AALG_SHA2_256,	"hmac-sha2-256", },
 	{ SADB_X_AALG_SHA2_384,	"hmac-sha2-384", },
 	{ SADB_X_AALG_SHA2_512,	"hmac-sha2-512", },
+	{ SADB_X_AALG_AES_XCBC_MAC, "aes-xcbc-mac", },
 };
 static const struct alg espalgs[] = {
 	{ SADB_EALG_NONE,	"none", },