Changeset View
Changeset View
Standalone View
Standalone View
sys/opencrypto/xform_aes_xts.c
| Show First 20 Lines • Show All 50 Lines • ▼ Show 20 Lines | |||||
| __FBSDID("$FreeBSD$"); | __FBSDID("$FreeBSD$"); | ||||
| #include <sys/types.h> | #include <sys/types.h> | ||||
| #include <opencrypto/xform_enc.h> | #include <opencrypto/xform_enc.h> | ||||
| static int aes_xts_setkey(void *, const uint8_t *, int); | static int aes_xts_setkey(void *, const uint8_t *, int); | ||||
| static void aes_xts_encrypt(void *, const uint8_t *, uint8_t *); | static void aes_xts_encrypt(void *, const uint8_t *, uint8_t *); | ||||
| static void aes_xts_decrypt(void *, const uint8_t *, uint8_t *); | static void aes_xts_decrypt(void *, const uint8_t *, uint8_t *); | ||||
| static void aes_xts_reinit(void *, const uint8_t *); | static void aes_xts_reinit(void *, const uint8_t *, size_t); | ||||
| /* Encryption instances */ | /* Encryption instances */ | ||||
| const struct enc_xform enc_xform_aes_xts = { | const struct enc_xform enc_xform_aes_xts = { | ||||
| .type = CRYPTO_AES_XTS, | .type = CRYPTO_AES_XTS, | ||||
| .name = "AES-XTS", | .name = "AES-XTS", | ||||
| .ctxsize = sizeof(struct aes_xts_ctx), | .ctxsize = sizeof(struct aes_xts_ctx), | ||||
| .blocksize = AES_BLOCK_LEN, | .blocksize = AES_BLOCK_LEN, | ||||
| .ivsize = AES_XTS_IV_LEN, | .ivsize = AES_XTS_IV_LEN, | ||||
| .minkey = AES_XTS_MIN_KEY, | .minkey = AES_XTS_MIN_KEY, | ||||
| .maxkey = AES_XTS_MAX_KEY, | .maxkey = AES_XTS_MAX_KEY, | ||||
| .encrypt = aes_xts_encrypt, | .encrypt = aes_xts_encrypt, | ||||
| .decrypt = aes_xts_decrypt, | .decrypt = aes_xts_decrypt, | ||||
| .setkey = aes_xts_setkey, | .setkey = aes_xts_setkey, | ||||
| .reinit = aes_xts_reinit | .reinit = aes_xts_reinit | ||||
| }; | }; | ||||
| /* | /* | ||||
| * Encryption wrapper routines. | * Encryption wrapper routines. | ||||
| */ | */ | ||||
| static void | static void | ||||
| aes_xts_reinit(void *key, const uint8_t *iv) | aes_xts_reinit(void *key, const uint8_t *iv, size_t ivlen) | ||||
markj: Ditto. | |||||
| { | { | ||||
| struct aes_xts_ctx *ctx = key; | struct aes_xts_ctx *ctx = key; | ||||
| uint64_t blocknum; | uint64_t blocknum; | ||||
| u_int i; | u_int i; | ||||
| KASSERT(ivlen == sizeof(blocknum), | |||||
| ("%s: invalid IV length", __func__)); | |||||
| /* | /* | ||||
| * Prepare tweak as E_k2(IV). IV is specified as LE representation | * Prepare tweak as E_k2(IV). IV is specified as LE representation | ||||
| * of a 64-bit block number which we allow to be passed in directly. | * of a 64-bit block number which we allow to be passed in directly. | ||||
| */ | */ | ||||
| bcopy(iv, &blocknum, AES_XTS_IVSIZE); | bcopy(iv, &blocknum, AES_XTS_IVSIZE); | ||||
Done Inline ActionsPerhaps assert that AES_XTS_IVSIZE == len? Here and elsewhere where we don't actually handle a variable length IV. (I know that CCM gets updated in a follow-up commit.) markj: Perhaps assert that AES_XTS_IVSIZE == len? Here and elsewhere where we don't actually handle a… | |||||
Done Inline ActionsI've actually added assertions to all of the reinit routines. jhb: I've actually added assertions to all of the reinit routines. | |||||
| for (i = 0; i < AES_XTS_IVSIZE; i++) { | for (i = 0; i < AES_XTS_IVSIZE; i++) { | ||||
| ctx->tweak[i] = blocknum & 0xff; | ctx->tweak[i] = blocknum & 0xff; | ||||
| blocknum >>= 8; | blocknum >>= 8; | ||||
| } | } | ||||
| /* Last 64 bits of IV are always zero */ | /* Last 64 bits of IV are always zero */ | ||||
| bzero(ctx->tweak + AES_XTS_IVSIZE, AES_XTS_IVSIZE); | bzero(ctx->tweak + AES_XTS_IVSIZE, AES_XTS_IVSIZE); | ||||
| rijndael_encrypt(&ctx->key2, ctx->tweak, ctx->tweak); | rijndael_encrypt(&ctx->key2, ctx->tweak, ctx->tweak); | ||||
| ▲ Show 20 Lines • Show All 59 Lines • Show Last 20 Lines | |||||
Ditto.