summaryrefslogtreecommitdiff
path: root/mac.c
diff options
context:
space:
mode:
authorDarren Tucker <dtucker@zip.com.au>2007-06-05 18:30:18 +1000
committerDarren Tucker <dtucker@zip.com.au>2007-06-05 18:30:18 +1000
commit5f3d5be52f02d2d149cc11ec4a511d022444d2b1 (patch)
treede550fe7966f77cc548a1d4029ceaef4774cce4c /mac.c
parent7b21cb5bdc6d0e587f646397b6c6f6ef87505e0b (diff)
- djm@cvs.openbsd.org 2007/06/05 06:52:37
[kex.c monitor_wrap.c packet.c mac.h kex.h mac.c] Preserve MAC ctx between packets, saving 2xhash calls per-packet. Yields around a 12-16% end-to-end speedup for arcfour256/hmac-md5 patch from markus@ tested dtucker@ and myself, ok markus@ and me (I'm committing at his request)
Diffstat (limited to 'mac.c')
-rw-r--r--mac.c36
1 files changed, 23 insertions, 13 deletions
diff --git a/mac.c b/mac.c
index e5d5bfa88..6a5fd4766 100644
--- a/mac.c
+++ b/mac.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: mac.c,v 1.12 2006/08/03 03:34:42 deraadt Exp $ */ 1/* $OpenBSD: mac.c,v 1.13 2007/06/05 06:52:37 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2001 Markus Friedl. All rights reserved.
4 * 4 *
@@ -57,7 +57,7 @@ struct {
57}; 57};
58 58
59int 59int
60mac_init(Mac *mac, char *name) 60mac_setup(Mac *mac, char *name)
61{ 61{
62 int i, evp_len; 62 int i, evp_len;
63 63
@@ -71,34 +71,44 @@ mac_init(Mac *mac, char *name)
71 if (macs[i].truncatebits != 0) 71 if (macs[i].truncatebits != 0)
72 mac->mac_len = macs[i].truncatebits/8; 72 mac->mac_len = macs[i].truncatebits/8;
73 } 73 }
74 debug2("mac_init: found %s", name); 74 debug2("mac_setup: found %s", name);
75 return (0); 75 return (0);
76 } 76 }
77 } 77 }
78 debug2("mac_init: unknown %s", name); 78 debug2("mac_setup: unknown %s", name);
79 return (-1); 79 return (-1);
80} 80}
81 81
82void
83mac_init(Mac *mac)
84{
85 if (mac->key == NULL)
86 fatal("mac_init: no key");
87 HMAC_Init(&mac->ctx, mac->key, mac->key_len, mac->md);
88}
89
82u_char * 90u_char *
83mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen) 91mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen)
84{ 92{
85 HMAC_CTX c;
86 static u_char m[EVP_MAX_MD_SIZE]; 93 static u_char m[EVP_MAX_MD_SIZE];
87 u_char b[4]; 94 u_char b[4];
88 95
89 if (mac->key == NULL)
90 fatal("mac_compute: no key");
91 if (mac->mac_len > sizeof(m)) 96 if (mac->mac_len > sizeof(m))
92 fatal("mac_compute: mac too long"); 97 fatal("mac_compute: mac too long");
93 HMAC_Init(&c, mac->key, mac->key_len, mac->md);
94 put_u32(b, seqno); 98 put_u32(b, seqno);
95 HMAC_Update(&c, b, sizeof(b)); 99 HMAC_Init(&mac->ctx, NULL, 0, NULL); /* reset HMAC context */
96 HMAC_Update(&c, data, datalen); 100 HMAC_Update(&mac->ctx, b, sizeof(b));
97 HMAC_Final(&c, m, NULL); 101 HMAC_Update(&mac->ctx, data, datalen);
98 HMAC_cleanup(&c); 102 HMAC_Final(&mac->ctx, m, NULL);
99 return (m); 103 return (m);
100} 104}
101 105
106void
107mac_clear(Mac *mac)
108{
109 HMAC_cleanup(&mac->ctx);
110}
111
102/* XXX copied from ciphers_valid */ 112/* XXX copied from ciphers_valid */
103#define MAC_SEP "," 113#define MAC_SEP ","
104int 114int
@@ -111,7 +121,7 @@ mac_valid(const char *names)
111 maclist = cp = xstrdup(names); 121 maclist = cp = xstrdup(names);
112 for ((p = strsep(&cp, MAC_SEP)); p && *p != '\0'; 122 for ((p = strsep(&cp, MAC_SEP)); p && *p != '\0';
113 (p = strsep(&cp, MAC_SEP))) { 123 (p = strsep(&cp, MAC_SEP))) {
114 if (mac_init(NULL, p) < 0) { 124 if (mac_setup(NULL, p) < 0) {
115 debug("bad mac %s [%s]", p, names); 125 debug("bad mac %s [%s]", p, names);
116 xfree(maclist); 126 xfree(maclist);
117 return (0); 127 return (0);
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-01 00:13:57 +0000