Commit Graph

33 Commits

Author SHA1 Message Date
thorpej 7b613a568e Use BF_ecb_encrypt() instead of using BF_encrypt()/BF_decrypt()
directly.  Reviewed by itojun.
2003-08-27 00:08:31 +00:00
thorpej 6de9ce0437 Move the opencrypto CAST-128 implementation to crypto/cast128, removing
the old one.  Rename the functions/structures from cast_* to cast128_*.
Adapt the KAME IPsec to use the new CAST-128 code, which has a simpler
API and smaller footprint.
2003-08-26 16:37:36 +00:00
itojun 1270423572 add AH/ESP algorithms: hmac-ripemd160 (AH), AES XCBC MAC (AH),
AES counter mode (ESP)
2003-07-25 10:00:49 +00:00
itojun 0d84200c22 clear scheduled key before freeing, for safety 2003-07-22 08:54:27 +00:00
itojun 409ba7efc4 cosmetic 2003-07-22 03:21:21 +00:00
itojun 0445f65670 avoid assuming result buffer size in AH logic. sync w/kame 2003-07-20 18:01:41 +00:00
itojun 92a1800c4d due to previous type change, sav->schedlen never go negative. sync w/kame 2003-07-20 17:17:20 +00:00
itojun d1931d3717 change ESP xx_schedlen() return type to size_t. sync w/kame 2003-07-20 03:24:03 +00:00
itojun 8808abb7b8 correct pointer signedness mixups. sync w/kame 2002-09-11 03:45:44 +00:00
itojun 68e52f0ace use correct padding boundary, to correctly estimate ESP header size.
problem found by Arto Selonen <arto@selonen.org>
2002-08-09 06:38:12 +00:00
itojun b05ff066a7 whitespace cleanup 2002-06-09 14:43:10 +00:00
itojun fc5800e3fd whitespace cleanup 2002-06-08 20:06:44 +00:00
itojun 2ff9b43758 sync blowfish function prototype between i386 assembly and C.
From: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
2002-02-27 01:32:17 +00:00
itojun a225c3930f whitespace/costmetic sync w/kame 2001-12-21 08:54:52 +00:00
itojun f8321e02a6 fix cast128 with shorter key length. sync with kame 2001-11-27 11:19:36 +00:00
lukem 4f2ad95259 add RCSIDs 2001-11-13 00:56:55 +00:00
itojun 99d25b4e8a reduce diff with kame. whitespace changes only. 2001-10-15 03:55:37 +00:00
itojun 080d73b4a3 minor style 2001-09-10 03:08:18 +00:00
tls 3d4146e21f Add asm versions of blowfish and des transforms for i386.
This also involved updating the in-kernel DES functions to correspond
to the versions in our in-tree OpenSSL, because the des_SPtrans table
has changed; the asm code will not work with the old permutation table!

C and i386 asm code for the DES, 3DES, and Blowfish CBC modes is also
included; it is not currently built as the ESP processing in esp_core.c
splits the CBC operation and the cipher transform apart.  Hopefully that
will be fixed as there is a substantial performance improvement to be had
from doing so.  It will remain necessary to use the C version of the
Blowfish CBC function on some i386 machines, however, as the asm version
uses bswapl, which ony 486 and later processors have.  The DES CBC code
doesn't have this problem.

Finally, change esp_core.c to use the ecb3_encrypt function instead of
calling ecb_encrypt three times; this improves performance a bit, in
particular in the asm case.
2001-09-09 11:00:59 +00:00
itojun 731744bcc2 avoid possible align issue 2000-11-02 12:28:45 +00:00
itojun 9b55c15642 [13]des fix for big endian machines. from: shigeru@iij.ad.jp 2000-11-02 12:25:01 +00:00
itojun a6f9652adf always use rnd(4) for IPsec random number source. avoid random(9).
if there's no rnd(4), random(9) will be used with one-time warning printf(9).

XXX not sure how good rnd_extract_data(RND_EXTRACT_ANY) is, under entropy-
starvation situation
2000-10-05 04:49:17 +00:00
itojun dabed37e1c correct merge failure in key size validation. 2000-10-02 23:49:02 +00:00
itojun e9536f86fa add ESP rijndael logic. yet to be usable (until algorithm # is assigned) 2000-10-02 17:21:24 +00:00
itojun 78f9775c35 do not hardcode maximum IV length. 2000-09-26 08:37:38 +00:00
itojun 303fcdf765 repair blowfish-cbc. BF_encrypt() takes value in host byteorder, yuck!
(no effect to 1.5 branch)
2000-09-18 21:57:35 +00:00
itojun 65fbdbe744 repair DES on LP64. past code did not interoperate with non-LP64, due to
incorrect computed results.
remove unnecessary #ifdef/#define.  sync with kame.
2000-08-31 07:33:04 +00:00
itojun 58c93e23cf LP64 fix (cast to u_long when printing size_t) 2000-08-30 14:58:33 +00:00
itojun 2af85c262b improve code sharing for esp_schedule(). add some diagnostics cases
for esp_cbc_{en,de}crypt().  sync with kame.
2000-08-29 11:32:21 +00:00
itojun bb8d535cc5 use per-block cipher function + esp_cbc_{de,en}crypt. do not use
cbc-over-mbuf functions in sys/crypto.

the change should make it much easier to switch crypto function to
machine-dependent ones (like assembly code under sys/arch/i386/crypto?).
also it should be much easier to import AES algorithms.

XXX: it looks that past blowfish-cbc code was buggy.  i ran some test pattern,
and new blowfish-cbc code looks more correct.  there's no interoperability
between the old code (before the commit) and the new code (after the commit).

XXX: need serious interop tests before move it into 1.5 branch
2000-08-29 09:08:42 +00:00
itojun 411ff12b27 pre-compute and cache intermediate crypto key. suggestion from sommerfeld,
sync with kame.

loopback, blowfish-cbc transport mode, 128bit key
before: 86588496 bytes received in 00:42 (1.94 MB/s)
after: 86588496 bytes received in 00:31 (2.58 MB/s)
2000-07-23 05:23:04 +00:00
itojun 65d37eff7f correct RFC2367 PF_KEY conformance (SADB_[AE]ALG_xx values and namespaces).
sync from kame.

WARNING: need recompilation of setkey(8) and pkgsrc/security/racoon.
(no ipsec-ready netbsd was released as official release)
2000-07-18 14:56:42 +00:00
thorpej 1b8ede9f7c Import IPsec ESP from netbsd-cryptosrc-intl. 2000-06-14 19:39:42 +00:00