Mercurial > illumos > illumos-gate
changeset 9364:9b35afaf55dc
6594036 {MD5,SHA[12]} HMAC mechanisms have incorrect key size unit
author | Vladimir Kotal <Vladimir.Kotal@Sun.COM> |
---|---|
date | Tue, 14 Apr 2009 10:32:33 +0200 |
parents | a64cc7e5e86d |
children | 7838a22eccd6 |
files | usr/src/uts/common/crypto/io/dprov.c usr/src/uts/common/crypto/io/md5_mod.c usr/src/uts/common/crypto/io/sha1_mod.c usr/src/uts/common/crypto/io/sha2_mod.c usr/src/uts/common/sys/sha2.h |
diffstat | 5 files changed, 46 insertions(+), 47 deletions(-) [+] |
line wrap: on
line diff
--- a/usr/src/uts/common/crypto/io/dprov.c Mon Apr 13 23:01:54 2009 -0700 +++ b/usr/src/uts/common/crypto/io/dprov.c Tue Apr 14 10:32:33 2009 +0200 @@ -268,13 +268,13 @@ */ #define MD5_DIGEST_LEN 16 /* MD5 digest size */ #define MD5_HMAC_BLOCK_SIZE 64 /* MD5-HMAC block size */ -#define MD5_HMAC_MIN_KEY_LEN 8 /* MD5-HMAC min key length in bits */ -#define MD5_HMAC_MAX_KEY_LEN INT_MAX /* MD5-HMAC max key length in bits */ +#define MD5_HMAC_MIN_KEY_LEN 1 /* MD5-HMAC min key length in bytes */ +#define MD5_HMAC_MAX_KEY_LEN INT_MAX /* MD5-HMAC max key length in bytes */ #define SHA1_DIGEST_LEN 20 /* SHA1 digest size */ #define SHA1_HMAC_BLOCK_SIZE 64 /* SHA1-HMAC block size */ -#define SHA1_HMAC_MIN_KEY_LEN 8 /* SHA1-HMAC min key length in bits */ -#define SHA1_HMAC_MAX_KEY_LEN INT_MAX /* SHA1-HMAC max key length in bits */ +#define SHA1_HMAC_MIN_KEY_LEN 1 /* SHA1-HMAC min key length in bytes */ +#define SHA1_HMAC_MAX_KEY_LEN INT_MAX /* SHA1-HMAC max key length in bytes */ #define DES_KEY_LEN 8 /* DES key length in bytes */ #define DES3_KEY_LEN 24 /* DES3 key length in bytes */ @@ -329,7 +329,7 @@ CRYPTO_FG_ENCRYPT_MAC | CRYPTO_FG_MAC_DECRYPT | CRYPTO_FG_ENCRYPT_MAC_ATOMIC | CRYPTO_FG_MAC_DECRYPT_ATOMIC, MD5_HMAC_MIN_KEY_LEN, MD5_HMAC_MAX_KEY_LEN, - CRYPTO_KEYSIZE_UNIT_IN_BITS}, + CRYPTO_KEYSIZE_UNIT_IN_BYTES}, /* MD5-HMAC GENERAL */ {SUN_CKM_MD5_HMAC_GENERAL, MD5_HMAC_GEN_MECH_INFO_TYPE, CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC | @@ -338,7 +338,7 @@ CRYPTO_FG_ENCRYPT_MAC | CRYPTO_FG_MAC_DECRYPT | CRYPTO_FG_ENCRYPT_MAC_ATOMIC | CRYPTO_FG_MAC_DECRYPT_ATOMIC, MD5_HMAC_MIN_KEY_LEN, MD5_HMAC_MAX_KEY_LEN, - CRYPTO_KEYSIZE_UNIT_IN_BITS}, + CRYPTO_KEYSIZE_UNIT_IN_BYTES}, /* SHA1 */ {SUN_CKM_SHA1, SHA1_MECH_INFO_TYPE, CRYPTO_FG_DIGEST | CRYPTO_FG_DIGEST_ATOMIC, 0, 0, @@ -351,7 +351,7 @@ CRYPTO_FG_ENCRYPT_MAC | CRYPTO_FG_MAC_DECRYPT | CRYPTO_FG_ENCRYPT_MAC_ATOMIC | CRYPTO_FG_MAC_DECRYPT_ATOMIC, SHA1_HMAC_MIN_KEY_LEN, SHA1_HMAC_MAX_KEY_LEN, - CRYPTO_KEYSIZE_UNIT_IN_BITS}, + CRYPTO_KEYSIZE_UNIT_IN_BYTES}, /* SHA1-HMAC GENERAL */ {SUN_CKM_SHA1_HMAC_GENERAL, SHA1_HMAC_GEN_MECH_INFO_TYPE, CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC | @@ -360,7 +360,7 @@ CRYPTO_FG_ENCRYPT_MAC | CRYPTO_FG_MAC_DECRYPT | CRYPTO_FG_ENCRYPT_MAC_ATOMIC | CRYPTO_FG_MAC_DECRYPT_ATOMIC, SHA1_HMAC_MIN_KEY_LEN, SHA1_HMAC_MAX_KEY_LEN, - CRYPTO_KEYSIZE_UNIT_IN_BITS}, + CRYPTO_KEYSIZE_UNIT_IN_BYTES}, /* SHA256 */ {SUN_CKM_SHA256, SHA256_MECH_INFO_TYPE, CRYPTO_FG_DIGEST | CRYPTO_FG_DIGEST_ATOMIC, 0, 0, @@ -373,7 +373,7 @@ CRYPTO_FG_ENCRYPT_MAC | CRYPTO_FG_MAC_DECRYPT | CRYPTO_FG_ENCRYPT_MAC_ATOMIC | CRYPTO_FG_MAC_DECRYPT_ATOMIC, SHA2_HMAC_MIN_KEY_LEN, SHA2_HMAC_MAX_KEY_LEN, - CRYPTO_KEYSIZE_UNIT_IN_BITS}, + CRYPTO_KEYSIZE_UNIT_IN_BYTES}, /* SHA256-HMAC GENERAL */ {SUN_CKM_SHA256_HMAC_GENERAL, SHA256_HMAC_GEN_MECH_INFO_TYPE, CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC | @@ -382,7 +382,7 @@ CRYPTO_FG_ENCRYPT_MAC | CRYPTO_FG_MAC_DECRYPT | CRYPTO_FG_ENCRYPT_MAC_ATOMIC | CRYPTO_FG_MAC_DECRYPT_ATOMIC, SHA2_HMAC_MIN_KEY_LEN, SHA2_HMAC_MAX_KEY_LEN, - CRYPTO_KEYSIZE_UNIT_IN_BITS}, + CRYPTO_KEYSIZE_UNIT_IN_BYTES}, /* SHA384 */ {SUN_CKM_SHA384, SHA384_MECH_INFO_TYPE, CRYPTO_FG_DIGEST | CRYPTO_FG_DIGEST_ATOMIC, 0, 0, @@ -395,7 +395,7 @@ CRYPTO_FG_ENCRYPT_MAC | CRYPTO_FG_MAC_DECRYPT | CRYPTO_FG_ENCRYPT_MAC_ATOMIC | CRYPTO_FG_MAC_DECRYPT_ATOMIC, SHA2_HMAC_MIN_KEY_LEN, SHA2_HMAC_MAX_KEY_LEN, - CRYPTO_KEYSIZE_UNIT_IN_BITS}, + CRYPTO_KEYSIZE_UNIT_IN_BYTES}, /* SHA384-HMAC GENERAL */ {SUN_CKM_SHA384_HMAC_GENERAL, SHA384_HMAC_GEN_MECH_INFO_TYPE, CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC | @@ -404,7 +404,7 @@ CRYPTO_FG_ENCRYPT_MAC | CRYPTO_FG_MAC_DECRYPT | CRYPTO_FG_ENCRYPT_MAC_ATOMIC | CRYPTO_FG_MAC_DECRYPT_ATOMIC, SHA2_HMAC_MIN_KEY_LEN, SHA2_HMAC_MAX_KEY_LEN, - CRYPTO_KEYSIZE_UNIT_IN_BITS}, + CRYPTO_KEYSIZE_UNIT_IN_BYTES}, /* SHA512 */ {SUN_CKM_SHA512, SHA512_MECH_INFO_TYPE, CRYPTO_FG_DIGEST | CRYPTO_FG_DIGEST_ATOMIC, 0, 0, @@ -417,7 +417,7 @@ CRYPTO_FG_ENCRYPT_MAC | CRYPTO_FG_MAC_DECRYPT | CRYPTO_FG_ENCRYPT_MAC_ATOMIC | CRYPTO_FG_MAC_DECRYPT_ATOMIC, SHA2_HMAC_MIN_KEY_LEN, SHA2_HMAC_MAX_KEY_LEN, - CRYPTO_KEYSIZE_UNIT_IN_BITS}, + CRYPTO_KEYSIZE_UNIT_IN_BYTES}, /* SHA512-HMAC GENERAL */ {SUN_CKM_SHA512_HMAC_GENERAL, SHA512_HMAC_GEN_MECH_INFO_TYPE, CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC | @@ -426,7 +426,7 @@ CRYPTO_FG_ENCRYPT_MAC | CRYPTO_FG_MAC_DECRYPT | CRYPTO_FG_ENCRYPT_MAC_ATOMIC | CRYPTO_FG_MAC_DECRYPT_ATOMIC, SHA2_HMAC_MIN_KEY_LEN, SHA2_HMAC_MAX_KEY_LEN, - CRYPTO_KEYSIZE_UNIT_IN_BITS}, + CRYPTO_KEYSIZE_UNIT_IN_BYTES}, /* DES-CBC */ {SUN_CKM_DES_CBC, DES_CBC_MECH_INFO_TYPE, CRYPTO_FG_ENCRYPT | CRYPTO_FG_DECRYPT | CRYPTO_FG_ENCRYPT_MAC |
--- a/usr/src/uts/common/crypto/io/md5_mod.c Mon Apr 13 23:01:54 2009 -0700 +++ b/usr/src/uts/common/crypto/io/md5_mod.c Tue Apr 14 10:32:33 2009 +0200 @@ -20,10 +20,9 @@ */ /* - * Copyright 2007 Sun Microsystems, Inc. All rights reserved. + * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ -#pragma ident "%Z%%M% %I% %E% SMI" /* * In kernel module, the md5 module is created with two modlinkages: @@ -82,8 +81,8 @@ #define MD5_DIGEST_LENGTH 16 /* MD5 digest length in bytes */ #define MD5_HMAC_BLOCK_SIZE 64 /* MD5 block size */ -#define MD5_HMAC_MIN_KEY_LEN 8 /* MD5-HMAC min key length in bits */ -#define MD5_HMAC_MAX_KEY_LEN INT_MAX /* MD5-HMAC max key length in bits */ +#define MD5_HMAC_MIN_KEY_LEN 1 /* MD5-HMAC min key length in bytes */ +#define MD5_HMAC_MAX_KEY_LEN INT_MAX /* MD5-HMAC max key length in bytes */ #define MD5_HMAC_INTS_PER_BLOCK (MD5_HMAC_BLOCK_SIZE/sizeof (uint32_t)) /* @@ -141,12 +140,12 @@ {SUN_CKM_MD5_HMAC, MD5_HMAC_MECH_INFO_TYPE, CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC, MD5_HMAC_MIN_KEY_LEN, MD5_HMAC_MAX_KEY_LEN, - CRYPTO_KEYSIZE_UNIT_IN_BITS}, + CRYPTO_KEYSIZE_UNIT_IN_BYTES}, /* MD5-HMAC GENERAL */ {SUN_CKM_MD5_HMAC_GENERAL, MD5_HMAC_GEN_MECH_INFO_TYPE, CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC, MD5_HMAC_MIN_KEY_LEN, MD5_HMAC_MAX_KEY_LEN, - CRYPTO_KEYSIZE_UNIT_IN_BITS} + CRYPTO_KEYSIZE_UNIT_IN_BYTES} }; static void md5_provider_status(crypto_provider_handle_t, uint_t *);
--- a/usr/src/uts/common/crypto/io/sha1_mod.c Mon Apr 13 23:01:54 2009 -0700 +++ b/usr/src/uts/common/crypto/io/sha1_mod.c Tue Apr 14 10:32:33 2009 +0200 @@ -20,12 +20,10 @@ */ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ -#pragma ident "%Z%%M% %I% %E% SMI" - #include <sys/modctl.h> #include <sys/cmn_err.h> #include <sys/note.h> @@ -72,8 +70,8 @@ #define SHA1_DIGEST_LENGTH 20 /* SHA1 digest length in bytes */ #define SHA1_HMAC_BLOCK_SIZE 64 /* SHA1-HMAC block size */ -#define SHA1_HMAC_MIN_KEY_LEN 8 /* SHA1-HMAC min key length in bits */ -#define SHA1_HMAC_MAX_KEY_LEN INT_MAX /* SHA1-HMAC max key length in bits */ +#define SHA1_HMAC_MIN_KEY_LEN 1 /* SHA1-HMAC min key length in bytes */ +#define SHA1_HMAC_MAX_KEY_LEN INT_MAX /* SHA1-HMAC max key length in bytes */ #define SHA1_HMAC_INTS_PER_BLOCK (SHA1_HMAC_BLOCK_SIZE/sizeof (uint32_t)) /* @@ -131,12 +129,12 @@ {SUN_CKM_SHA1_HMAC, SHA1_HMAC_MECH_INFO_TYPE, CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC, SHA1_HMAC_MIN_KEY_LEN, SHA1_HMAC_MAX_KEY_LEN, - CRYPTO_KEYSIZE_UNIT_IN_BITS}, + CRYPTO_KEYSIZE_UNIT_IN_BYTES}, /* SHA1-HMAC GENERAL */ {SUN_CKM_SHA1_HMAC_GENERAL, SHA1_HMAC_GEN_MECH_INFO_TYPE, CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC, SHA1_HMAC_MIN_KEY_LEN, SHA1_HMAC_MAX_KEY_LEN, - CRYPTO_KEYSIZE_UNIT_IN_BITS} + CRYPTO_KEYSIZE_UNIT_IN_BYTES} }; static void sha1_provider_status(crypto_provider_handle_t, uint_t *); @@ -310,7 +308,8 @@ */ for (vec_idx = 0; vec_idx < data->cd_uio->uio_iovcnt && offset >= data->cd_uio->uio_iov[vec_idx].iov_len; - offset -= data->cd_uio->uio_iov[vec_idx++].iov_len); + offset -= data->cd_uio->uio_iov[vec_idx++].iov_len) + ; if (vec_idx == data->cd_uio->uio_iovcnt) { /* * The caller specified an offset that is larger than the @@ -371,7 +370,8 @@ */ for (vec_idx = 0; offset >= digest->cd_uio->uio_iov[vec_idx].iov_len && vec_idx < digest->cd_uio->uio_iovcnt; - offset -= digest->cd_uio->uio_iov[vec_idx++].iov_len); + offset -= digest->cd_uio->uio_iov[vec_idx++].iov_len) + ; if (vec_idx == digest->cd_uio->uio_iovcnt) { /* * The caller specified an offset that is @@ -458,7 +458,8 @@ * Jump to the first mblk_t containing data to be digested. */ for (mp = data->cd_mp; mp != NULL && offset >= MBLKL(mp); - offset -= MBLKL(mp), mp = mp->b_cont); + offset -= MBLKL(mp), mp = mp->b_cont) + ; if (mp == NULL) { /* * The caller specified an offset that is larger than the @@ -508,7 +509,8 @@ * Jump to the first mblk_t that will be used to store the digest. */ for (mp = digest->cd_mp; mp != NULL && offset >= MBLKL(mp); - offset -= MBLKL(mp), mp = mp->b_cont); + offset -= MBLKL(mp), mp = mp->b_cont) + ; if (mp == NULL) { /* * The caller specified an offset that is larger than the @@ -1306,7 +1308,8 @@ for (vec_idx = 0; offset >= mac->cd_uio->uio_iov[vec_idx].iov_len && vec_idx < mac->cd_uio->uio_iovcnt; - offset -= mac->cd_uio->uio_iov[vec_idx++].iov_len); + offset -= mac->cd_uio->uio_iov[vec_idx++].iov_len) + ; if (vec_idx == mac->cd_uio->uio_iovcnt) { /* * The caller specified an offset that is @@ -1346,7 +1349,8 @@ /* jump to the first mblk_t containing the expected digest */ for (mp = mac->cd_mp; mp != NULL && offset >= MBLKL(mp); - offset -= MBLKL(mp), mp = mp->b_cont); + offset -= MBLKL(mp), mp = mp->b_cont) + ; if (mp == NULL) { /* * The caller specified an offset that is larger than
--- a/usr/src/uts/common/crypto/io/sha2_mod.c Mon Apr 13 23:01:54 2009 -0700 +++ b/usr/src/uts/common/crypto/io/sha2_mod.c Tue Apr 14 10:32:33 2009 +0200 @@ -20,12 +20,10 @@ */ /* - * Copyright 2008 Sun Microsystems, Inc. All rights reserved. + * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ -#pragma ident "%Z%%M% %I% %E% SMI" - #include <sys/modctl.h> #include <sys/cmn_err.h> #include <sys/crypto/common.h> @@ -118,12 +116,12 @@ {SUN_CKM_SHA256_HMAC, SHA256_HMAC_MECH_INFO_TYPE, CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC, SHA2_HMAC_MIN_KEY_LEN, SHA2_HMAC_MAX_KEY_LEN, - CRYPTO_KEYSIZE_UNIT_IN_BITS}, + CRYPTO_KEYSIZE_UNIT_IN_BYTES}, /* SHA256-HMAC GENERAL */ {SUN_CKM_SHA256_HMAC_GENERAL, SHA256_HMAC_GEN_MECH_INFO_TYPE, CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC, SHA2_HMAC_MIN_KEY_LEN, SHA2_HMAC_MAX_KEY_LEN, - CRYPTO_KEYSIZE_UNIT_IN_BITS}, + CRYPTO_KEYSIZE_UNIT_IN_BYTES}, /* SHA384 */ {SUN_CKM_SHA384, SHA384_MECH_INFO_TYPE, CRYPTO_FG_DIGEST | CRYPTO_FG_DIGEST_ATOMIC, @@ -132,12 +130,12 @@ {SUN_CKM_SHA384_HMAC, SHA384_HMAC_MECH_INFO_TYPE, CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC, SHA2_HMAC_MIN_KEY_LEN, SHA2_HMAC_MAX_KEY_LEN, - CRYPTO_KEYSIZE_UNIT_IN_BITS}, + CRYPTO_KEYSIZE_UNIT_IN_BYTES}, /* SHA384-HMAC GENERAL */ {SUN_CKM_SHA384_HMAC_GENERAL, SHA384_HMAC_GEN_MECH_INFO_TYPE, CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC, SHA2_HMAC_MIN_KEY_LEN, SHA2_HMAC_MAX_KEY_LEN, - CRYPTO_KEYSIZE_UNIT_IN_BITS}, + CRYPTO_KEYSIZE_UNIT_IN_BYTES}, /* SHA512 */ {SUN_CKM_SHA512, SHA512_MECH_INFO_TYPE, CRYPTO_FG_DIGEST | CRYPTO_FG_DIGEST_ATOMIC, @@ -146,12 +144,12 @@ {SUN_CKM_SHA512_HMAC, SHA512_HMAC_MECH_INFO_TYPE, CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC, SHA2_HMAC_MIN_KEY_LEN, SHA2_HMAC_MAX_KEY_LEN, - CRYPTO_KEYSIZE_UNIT_IN_BITS}, + CRYPTO_KEYSIZE_UNIT_IN_BYTES}, /* SHA512-HMAC GENERAL */ {SUN_CKM_SHA512_HMAC_GENERAL, SHA512_HMAC_GEN_MECH_INFO_TYPE, CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC, SHA2_HMAC_MIN_KEY_LEN, SHA2_HMAC_MAX_KEY_LEN, - CRYPTO_KEYSIZE_UNIT_IN_BITS} + CRYPTO_KEYSIZE_UNIT_IN_BYTES} }; static void sha2_provider_status(crypto_provider_handle_t, uint_t *);
--- a/usr/src/uts/common/sys/sha2.h Mon Apr 13 23:01:54 2009 -0700 +++ b/usr/src/uts/common/sys/sha2.h Tue Apr 14 10:32:33 2009 +0200 @@ -19,23 +19,21 @@ * CDDL HEADER END */ /* - * Copyright 2008 Sun Microsystems, Inc. All rights reserved. + * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ #ifndef _SYS_SHA2_H #define _SYS_SHA2_H -#pragma ident "%Z%%M% %I% %E% SMI" - #include <sys/types.h> /* for uint_* */ #ifdef __cplusplus extern "C" { #endif -#define SHA2_HMAC_MIN_KEY_LEN 8 /* SHA2-HMAC min key length in bits */ -#define SHA2_HMAC_MAX_KEY_LEN INT_MAX /* SHA2-HMAC max key length in bits */ +#define SHA2_HMAC_MIN_KEY_LEN 1 /* SHA2-HMAC min key length in bytes */ +#define SHA2_HMAC_MAX_KEY_LEN INT_MAX /* SHA2-HMAC max key length in bytes */ #define SHA256_DIGEST_LENGTH 32 /* SHA256 digest length in bytes */ #define SHA384_DIGEST_LENGTH 48 /* SHA384 digest length in bytes */