Date: Sun, 20 Jul 2008 21:39:55 +0200 From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: Patrick Lamaizi?re <patfbsd@davenulle.org> Cc: freebsd-hackers@freebsd.org Subject: Re: crypto(9) and maxoplen Message-ID: <20080720193955.GA2193@garage.freebsd.pl> In-Reply-To: <20080719005813.3a995c71@baby-jane-lamaiziere-net.local> References: <20080719005813.3a995c71@baby-jane-lamaiziere-net.local>
next in thread | previous in thread | raw e-mail | index | archive | help
--fdj2RfSjLxBAspz7 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Jul 19, 2008 at 12:58:13AM +0200, Patrick Lamaizi?re wrote: > Hello, >=20 > In the "opencrypto framework" the function crypto_register() has an > argument 'maxoplen'. >=20 > http://fxr.watson.org/fxr/source/opencrypto/crypto.c#L625 >=20 > Does somebody know what was the goal of this parameter? It is not used > by the framework. >=20 > The man page of crypto(9) says : > For each algorithm the driver supports, it must then call > crypto_register(). The first two arguments are the driver and algorithm > identifiers. The next two arguments specify the largest possible > operator length (in bits, important for public key operations) and > flags for this algorithm. >=20 > I'm asking if it can help for this problem: the glxsb driver can > perform AES-CBC algorithm only with 128 bits key and may be 'maxoplen' > was intended for this case.=20 >=20 > Without something to specify the key's length, the driver is selected > by the framework even with keys !=3D 128 bits. So it fails when the > session is opened. This prevents setkey/ipsec to work with key > length !=3D 128 bits if the driver is loaded. If I read code properly, there is currently no way for a driver to say to the opencrypto framework that only AES-CBC with 128bit key is supported. A driver can only state that it supports AES-CBC, that's all. As a workaround the driver should implement AES-CBC-192 and AES-CBC-256 in software. --=20 Pawel Jakub Dawidek http://www.wheel.pl pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! --fdj2RfSjLxBAspz7 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQFIg5SLForvXbEpPzQRAuEvAKCjES6hgBVSR/qJeVMOz0h0YiT3cwCg6+Wa gMkp5jnBTg6qASgC2kmkIoY= =+YiR -----END PGP SIGNATURE----- --fdj2RfSjLxBAspz7--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080720193955.GA2193>