Changeset View
Changeset View
Standalone View
Standalone View
head/sys/kgssapi/krb5/kcrypto_aes.c
| Show All 37 Lines | |||||
| #include <kgssapi/gssapi.h> | #include <kgssapi/gssapi.h> | ||||
| #include <kgssapi/gssapi_impl.h> | #include <kgssapi/gssapi_impl.h> | ||||
| #include "kcrypto.h" | #include "kcrypto.h" | ||||
| struct aes_state { | struct aes_state { | ||||
| struct mtx as_lock; | struct mtx as_lock; | ||||
| uint64_t as_session; | uint64_t as_session_aes; | ||||
| uint64_t as_session_sha1; | |||||
| }; | }; | ||||
| static void | static void | ||||
| aes_init(struct krb5_key_state *ks) | aes_init(struct krb5_key_state *ks) | ||||
| { | { | ||||
| struct aes_state *as; | struct aes_state *as; | ||||
| as = malloc(sizeof(struct aes_state), M_GSSAPI, M_WAITOK|M_ZERO); | as = malloc(sizeof(struct aes_state), M_GSSAPI, M_WAITOK|M_ZERO); | ||||
| mtx_init(&as->as_lock, "gss aes lock", NULL, MTX_DEF); | mtx_init(&as->as_lock, "gss aes lock", NULL, MTX_DEF); | ||||
| ks->ks_priv = as; | ks->ks_priv = as; | ||||
| } | } | ||||
| static void | static void | ||||
| aes_destroy(struct krb5_key_state *ks) | aes_destroy(struct krb5_key_state *ks) | ||||
| { | { | ||||
| struct aes_state *as = ks->ks_priv; | struct aes_state *as = ks->ks_priv; | ||||
| if (as->as_session) | if (as->as_session_aes != 0) | ||||
| crypto_freesession(as->as_session); | crypto_freesession(as->as_session_aes); | ||||
| if (as->as_session_sha1 != 0) | |||||
| crypto_freesession(as->as_session_sha1); | |||||
| mtx_destroy(&as->as_lock); | mtx_destroy(&as->as_lock); | ||||
| free(ks->ks_priv, M_GSSAPI); | free(ks->ks_priv, M_GSSAPI); | ||||
| } | } | ||||
| static void | static void | ||||
| aes_set_key(struct krb5_key_state *ks, const void *in) | aes_set_key(struct krb5_key_state *ks, const void *in) | ||||
| { | { | ||||
| void *kp = ks->ks_key; | void *kp = ks->ks_key; | ||||
| struct aes_state *as = ks->ks_priv; | struct aes_state *as = ks->ks_priv; | ||||
| struct cryptoini cri[2]; | struct cryptoini cri; | ||||
| if (kp != in) | if (kp != in) | ||||
| bcopy(in, kp, ks->ks_class->ec_keylen); | bcopy(in, kp, ks->ks_class->ec_keylen); | ||||
| if (as->as_session) | if (as->as_session_aes != 0) | ||||
| crypto_freesession(as->as_session); | crypto_freesession(as->as_session_aes); | ||||
| if (as->as_session_sha1 != 0) | |||||
| crypto_freesession(as->as_session_sha1); | |||||
| bzero(cri, sizeof(cri)); | |||||
| /* | /* | ||||
| * We only want the first 96 bits of the HMAC. | * We only want the first 96 bits of the HMAC. | ||||
| */ | */ | ||||
| cri[0].cri_alg = CRYPTO_SHA1_HMAC; | bzero(&cri, sizeof(cri)); | ||||
| cri[0].cri_klen = ks->ks_class->ec_keybits; | cri.cri_alg = CRYPTO_SHA1_HMAC; | ||||
| cri[0].cri_mlen = 12; | cri.cri_klen = ks->ks_class->ec_keybits; | ||||
| cri[0].cri_key = ks->ks_key; | cri.cri_mlen = 12; | ||||
| cri[0].cri_next = &cri[1]; | cri.cri_key = ks->ks_key; | ||||
| cri.cri_next = NULL; | |||||
| crypto_newsession(&as->as_session_sha1, &cri, | |||||
| CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE); | |||||
| cri[1].cri_alg = CRYPTO_AES_CBC; | bzero(&cri, sizeof(cri)); | ||||
| cri[1].cri_klen = ks->ks_class->ec_keybits; | cri.cri_alg = CRYPTO_AES_CBC; | ||||
| cri[1].cri_mlen = 0; | cri.cri_klen = ks->ks_class->ec_keybits; | ||||
| cri[1].cri_key = ks->ks_key; | cri.cri_mlen = 0; | ||||
| cri[1].cri_next = NULL; | cri.cri_key = ks->ks_key; | ||||
| cri.cri_next = NULL; | |||||
| crypto_newsession(&as->as_session, cri, | crypto_newsession(&as->as_session_aes, &cri, | ||||
| CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE); | CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE); | ||||
| } | } | ||||
| static void | static void | ||||
| aes_random_to_key(struct krb5_key_state *ks, const void *in) | aes_random_to_key(struct krb5_key_state *ks, const void *in) | ||||
| { | { | ||||
| aes_set_key(ks, in); | aes_set_key(ks, in); | ||||
| } | } | ||||
| static int | static int | ||||
| aes_crypto_cb(struct cryptop *crp) | aes_crypto_cb(struct cryptop *crp) | ||||
| { | { | ||||
| int error; | int error; | ||||
| struct aes_state *as = (struct aes_state *) crp->crp_opaque; | struct aes_state *as = (struct aes_state *) crp->crp_opaque; | ||||
| if (CRYPTO_SESID2CAPS(as->as_session) & CRYPTOCAP_F_SYNC) | if (CRYPTO_SESID2CAPS(crp->crp_sid) & CRYPTOCAP_F_SYNC) | ||||
| return (0); | return (0); | ||||
| error = crp->crp_etype; | error = crp->crp_etype; | ||||
| if (error == EAGAIN) | if (error == EAGAIN) | ||||
| error = crypto_dispatch(crp); | error = crypto_dispatch(crp); | ||||
| mtx_lock(&as->as_lock); | mtx_lock(&as->as_lock); | ||||
| if (error || (crp->crp_flags & CRYPTO_F_DONE)) | if (error || (crp->crp_flags & CRYPTO_F_DONE)) | ||||
| wakeup(crp); | wakeup(crp); | ||||
| Show All 20 Lines | aes_encrypt_1(const struct krb5_key_state *ks, int buftype, void *buf, | ||||
| if (ivec) { | if (ivec) { | ||||
| bcopy(ivec, crd->crd_iv, 16); | bcopy(ivec, crd->crd_iv, 16); | ||||
| } else { | } else { | ||||
| bzero(crd->crd_iv, 16); | bzero(crd->crd_iv, 16); | ||||
| } | } | ||||
| crd->crd_next = NULL; | crd->crd_next = NULL; | ||||
| crd->crd_alg = CRYPTO_AES_CBC; | crd->crd_alg = CRYPTO_AES_CBC; | ||||
| crp->crp_sid = as->as_session; | crp->crp_sid = as->as_session_aes; | ||||
| crp->crp_flags = buftype | CRYPTO_F_CBIFSYNC; | crp->crp_flags = buftype | CRYPTO_F_CBIFSYNC; | ||||
| crp->crp_buf = buf; | crp->crp_buf = buf; | ||||
| crp->crp_opaque = (void *) as; | crp->crp_opaque = (void *) as; | ||||
| crp->crp_callback = aes_crypto_cb; | crp->crp_callback = aes_crypto_cb; | ||||
| error = crypto_dispatch(crp); | error = crypto_dispatch(crp); | ||||
| if ((CRYPTO_SESID2CAPS(as->as_session) & CRYPTOCAP_F_SYNC) == 0) { | if ((CRYPTO_SESID2CAPS(as->as_session_aes) & CRYPTOCAP_F_SYNC) == 0) { | ||||
| mtx_lock(&as->as_lock); | mtx_lock(&as->as_lock); | ||||
| if (!error && !(crp->crp_flags & CRYPTO_F_DONE)) | if (!error && !(crp->crp_flags & CRYPTO_F_DONE)) | ||||
| error = msleep(crp, &as->as_lock, 0, "gssaes", 0); | error = msleep(crp, &as->as_lock, 0, "gssaes", 0); | ||||
| mtx_unlock(&as->as_lock); | mtx_unlock(&as->as_lock); | ||||
| } | } | ||||
| crypto_freereq(crp); | crypto_freereq(crp); | ||||
| } | } | ||||
| ▲ Show 20 Lines • Show All 150 Lines • ▼ Show 20 Lines | aes_checksum(const struct krb5_key_state *ks, int usage, | ||||
| crd->crd_skip = skip; | crd->crd_skip = skip; | ||||
| crd->crd_len = inlen; | crd->crd_len = inlen; | ||||
| crd->crd_inject = skip + inlen; | crd->crd_inject = skip + inlen; | ||||
| crd->crd_flags = 0; | crd->crd_flags = 0; | ||||
| crd->crd_next = NULL; | crd->crd_next = NULL; | ||||
| crd->crd_alg = CRYPTO_SHA1_HMAC; | crd->crd_alg = CRYPTO_SHA1_HMAC; | ||||
| crp->crp_sid = as->as_session; | crp->crp_sid = as->as_session_sha1; | ||||
| crp->crp_ilen = inlen; | crp->crp_ilen = inlen; | ||||
| crp->crp_olen = 12; | crp->crp_olen = 12; | ||||
| crp->crp_etype = 0; | crp->crp_etype = 0; | ||||
| crp->crp_flags = CRYPTO_F_IMBUF | CRYPTO_F_CBIFSYNC; | crp->crp_flags = CRYPTO_F_IMBUF | CRYPTO_F_CBIFSYNC; | ||||
| crp->crp_buf = (void *) inout; | crp->crp_buf = (void *) inout; | ||||
| crp->crp_opaque = (void *) as; | crp->crp_opaque = (void *) as; | ||||
| crp->crp_callback = aes_crypto_cb; | crp->crp_callback = aes_crypto_cb; | ||||
| error = crypto_dispatch(crp); | error = crypto_dispatch(crp); | ||||
| if ((CRYPTO_SESID2CAPS(as->as_session) & CRYPTOCAP_F_SYNC) == 0) { | if ((CRYPTO_SESID2CAPS(as->as_session_sha1) & CRYPTOCAP_F_SYNC) == 0) { | ||||
| mtx_lock(&as->as_lock); | mtx_lock(&as->as_lock); | ||||
| if (!error && !(crp->crp_flags & CRYPTO_F_DONE)) | if (!error && !(crp->crp_flags & CRYPTO_F_DONE)) | ||||
| error = msleep(crp, &as->as_lock, 0, "gssaes", 0); | error = msleep(crp, &as->as_lock, 0, "gssaes", 0); | ||||
| mtx_unlock(&as->as_lock); | mtx_unlock(&as->as_lock); | ||||
| } | } | ||||
| crypto_freereq(crp); | crypto_freereq(crp); | ||||
| } | } | ||||
| Show All 36 Lines | |||||