Changeset View
Changeset View
Standalone View
Standalone View
head/sys/kgssapi/krb5/kcrypto_aes.c
Show All 37 Lines | |||||
#include <kgssapi/gssapi.h> | #include <kgssapi/gssapi.h> | ||||
#include <kgssapi/gssapi_impl.h> | #include <kgssapi/gssapi_impl.h> | ||||
#include "kcrypto.h" | #include "kcrypto.h" | ||||
struct aes_state { | struct aes_state { | ||||
struct mtx as_lock; | struct mtx as_lock; | ||||
uint64_t as_session; | uint64_t as_session_aes; | ||||
uint64_t as_session_sha1; | |||||
}; | }; | ||||
static void | static void | ||||
aes_init(struct krb5_key_state *ks) | aes_init(struct krb5_key_state *ks) | ||||
{ | { | ||||
struct aes_state *as; | struct aes_state *as; | ||||
as = malloc(sizeof(struct aes_state), M_GSSAPI, M_WAITOK|M_ZERO); | as = malloc(sizeof(struct aes_state), M_GSSAPI, M_WAITOK|M_ZERO); | ||||
mtx_init(&as->as_lock, "gss aes lock", NULL, MTX_DEF); | mtx_init(&as->as_lock, "gss aes lock", NULL, MTX_DEF); | ||||
ks->ks_priv = as; | ks->ks_priv = as; | ||||
} | } | ||||
static void | static void | ||||
aes_destroy(struct krb5_key_state *ks) | aes_destroy(struct krb5_key_state *ks) | ||||
{ | { | ||||
struct aes_state *as = ks->ks_priv; | struct aes_state *as = ks->ks_priv; | ||||
if (as->as_session) | if (as->as_session_aes != 0) | ||||
crypto_freesession(as->as_session); | crypto_freesession(as->as_session_aes); | ||||
if (as->as_session_sha1 != 0) | |||||
crypto_freesession(as->as_session_sha1); | |||||
mtx_destroy(&as->as_lock); | mtx_destroy(&as->as_lock); | ||||
free(ks->ks_priv, M_GSSAPI); | free(ks->ks_priv, M_GSSAPI); | ||||
} | } | ||||
static void | static void | ||||
aes_set_key(struct krb5_key_state *ks, const void *in) | aes_set_key(struct krb5_key_state *ks, const void *in) | ||||
{ | { | ||||
void *kp = ks->ks_key; | void *kp = ks->ks_key; | ||||
struct aes_state *as = ks->ks_priv; | struct aes_state *as = ks->ks_priv; | ||||
struct cryptoini cri[2]; | struct cryptoini cri; | ||||
if (kp != in) | if (kp != in) | ||||
bcopy(in, kp, ks->ks_class->ec_keylen); | bcopy(in, kp, ks->ks_class->ec_keylen); | ||||
if (as->as_session) | if (as->as_session_aes != 0) | ||||
crypto_freesession(as->as_session); | crypto_freesession(as->as_session_aes); | ||||
if (as->as_session_sha1 != 0) | |||||
crypto_freesession(as->as_session_sha1); | |||||
bzero(cri, sizeof(cri)); | |||||
/* | /* | ||||
* We only want the first 96 bits of the HMAC. | * We only want the first 96 bits of the HMAC. | ||||
*/ | */ | ||||
cri[0].cri_alg = CRYPTO_SHA1_HMAC; | bzero(&cri, sizeof(cri)); | ||||
cri[0].cri_klen = ks->ks_class->ec_keybits; | cri.cri_alg = CRYPTO_SHA1_HMAC; | ||||
cri[0].cri_mlen = 12; | cri.cri_klen = ks->ks_class->ec_keybits; | ||||
cri[0].cri_key = ks->ks_key; | cri.cri_mlen = 12; | ||||
cri[0].cri_next = &cri[1]; | cri.cri_key = ks->ks_key; | ||||
cri.cri_next = NULL; | |||||
crypto_newsession(&as->as_session_sha1, &cri, | |||||
CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE); | |||||
cri[1].cri_alg = CRYPTO_AES_CBC; | bzero(&cri, sizeof(cri)); | ||||
cri[1].cri_klen = ks->ks_class->ec_keybits; | cri.cri_alg = CRYPTO_AES_CBC; | ||||
cri[1].cri_mlen = 0; | cri.cri_klen = ks->ks_class->ec_keybits; | ||||
cri[1].cri_key = ks->ks_key; | cri.cri_mlen = 0; | ||||
cri[1].cri_next = NULL; | cri.cri_key = ks->ks_key; | ||||
cri.cri_next = NULL; | |||||
crypto_newsession(&as->as_session, cri, | crypto_newsession(&as->as_session_aes, &cri, | ||||
CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE); | CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE); | ||||
} | } | ||||
static void | static void | ||||
aes_random_to_key(struct krb5_key_state *ks, const void *in) | aes_random_to_key(struct krb5_key_state *ks, const void *in) | ||||
{ | { | ||||
aes_set_key(ks, in); | aes_set_key(ks, in); | ||||
} | } | ||||
static int | static int | ||||
aes_crypto_cb(struct cryptop *crp) | aes_crypto_cb(struct cryptop *crp) | ||||
{ | { | ||||
int error; | int error; | ||||
struct aes_state *as = (struct aes_state *) crp->crp_opaque; | struct aes_state *as = (struct aes_state *) crp->crp_opaque; | ||||
if (CRYPTO_SESID2CAPS(as->as_session) & CRYPTOCAP_F_SYNC) | if (CRYPTO_SESID2CAPS(crp->crp_sid) & CRYPTOCAP_F_SYNC) | ||||
return (0); | return (0); | ||||
error = crp->crp_etype; | error = crp->crp_etype; | ||||
if (error == EAGAIN) | if (error == EAGAIN) | ||||
error = crypto_dispatch(crp); | error = crypto_dispatch(crp); | ||||
mtx_lock(&as->as_lock); | mtx_lock(&as->as_lock); | ||||
if (error || (crp->crp_flags & CRYPTO_F_DONE)) | if (error || (crp->crp_flags & CRYPTO_F_DONE)) | ||||
wakeup(crp); | wakeup(crp); | ||||
Show All 20 Lines | aes_encrypt_1(const struct krb5_key_state *ks, int buftype, void *buf, | ||||
if (ivec) { | if (ivec) { | ||||
bcopy(ivec, crd->crd_iv, 16); | bcopy(ivec, crd->crd_iv, 16); | ||||
} else { | } else { | ||||
bzero(crd->crd_iv, 16); | bzero(crd->crd_iv, 16); | ||||
} | } | ||||
crd->crd_next = NULL; | crd->crd_next = NULL; | ||||
crd->crd_alg = CRYPTO_AES_CBC; | crd->crd_alg = CRYPTO_AES_CBC; | ||||
crp->crp_sid = as->as_session; | crp->crp_sid = as->as_session_aes; | ||||
crp->crp_flags = buftype | CRYPTO_F_CBIFSYNC; | crp->crp_flags = buftype | CRYPTO_F_CBIFSYNC; | ||||
crp->crp_buf = buf; | crp->crp_buf = buf; | ||||
crp->crp_opaque = (void *) as; | crp->crp_opaque = (void *) as; | ||||
crp->crp_callback = aes_crypto_cb; | crp->crp_callback = aes_crypto_cb; | ||||
error = crypto_dispatch(crp); | error = crypto_dispatch(crp); | ||||
if ((CRYPTO_SESID2CAPS(as->as_session) & CRYPTOCAP_F_SYNC) == 0) { | if ((CRYPTO_SESID2CAPS(as->as_session_aes) & CRYPTOCAP_F_SYNC) == 0) { | ||||
mtx_lock(&as->as_lock); | mtx_lock(&as->as_lock); | ||||
if (!error && !(crp->crp_flags & CRYPTO_F_DONE)) | if (!error && !(crp->crp_flags & CRYPTO_F_DONE)) | ||||
error = msleep(crp, &as->as_lock, 0, "gssaes", 0); | error = msleep(crp, &as->as_lock, 0, "gssaes", 0); | ||||
mtx_unlock(&as->as_lock); | mtx_unlock(&as->as_lock); | ||||
} | } | ||||
crypto_freereq(crp); | crypto_freereq(crp); | ||||
} | } | ||||
▲ Show 20 Lines • Show All 150 Lines • ▼ Show 20 Lines | aes_checksum(const struct krb5_key_state *ks, int usage, | ||||
crd->crd_skip = skip; | crd->crd_skip = skip; | ||||
crd->crd_len = inlen; | crd->crd_len = inlen; | ||||
crd->crd_inject = skip + inlen; | crd->crd_inject = skip + inlen; | ||||
crd->crd_flags = 0; | crd->crd_flags = 0; | ||||
crd->crd_next = NULL; | crd->crd_next = NULL; | ||||
crd->crd_alg = CRYPTO_SHA1_HMAC; | crd->crd_alg = CRYPTO_SHA1_HMAC; | ||||
crp->crp_sid = as->as_session; | crp->crp_sid = as->as_session_sha1; | ||||
crp->crp_ilen = inlen; | crp->crp_ilen = inlen; | ||||
crp->crp_olen = 12; | crp->crp_olen = 12; | ||||
crp->crp_etype = 0; | crp->crp_etype = 0; | ||||
crp->crp_flags = CRYPTO_F_IMBUF | CRYPTO_F_CBIFSYNC; | crp->crp_flags = CRYPTO_F_IMBUF | CRYPTO_F_CBIFSYNC; | ||||
crp->crp_buf = (void *) inout; | crp->crp_buf = (void *) inout; | ||||
crp->crp_opaque = (void *) as; | crp->crp_opaque = (void *) as; | ||||
crp->crp_callback = aes_crypto_cb; | crp->crp_callback = aes_crypto_cb; | ||||
error = crypto_dispatch(crp); | error = crypto_dispatch(crp); | ||||
if ((CRYPTO_SESID2CAPS(as->as_session) & CRYPTOCAP_F_SYNC) == 0) { | if ((CRYPTO_SESID2CAPS(as->as_session_sha1) & CRYPTOCAP_F_SYNC) == 0) { | ||||
mtx_lock(&as->as_lock); | mtx_lock(&as->as_lock); | ||||
if (!error && !(crp->crp_flags & CRYPTO_F_DONE)) | if (!error && !(crp->crp_flags & CRYPTO_F_DONE)) | ||||
error = msleep(crp, &as->as_lock, 0, "gssaes", 0); | error = msleep(crp, &as->as_lock, 0, "gssaes", 0); | ||||
mtx_unlock(&as->as_lock); | mtx_unlock(&as->as_lock); | ||||
} | } | ||||
crypto_freereq(crp); | crypto_freereq(crp); | ||||
} | } | ||||
Show All 36 Lines |