Changeset View
Changeset View
Standalone View
Standalone View
sys/opencrypto/xform_aes_xts.c
Show First 20 Lines • Show All 50 Lines • ▼ Show 20 Lines | |||||
__FBSDID("$FreeBSD$"); | __FBSDID("$FreeBSD$"); | ||||
#include <sys/types.h> | #include <sys/types.h> | ||||
#include <opencrypto/xform_enc.h> | #include <opencrypto/xform_enc.h> | ||||
static int aes_xts_setkey(void *, const uint8_t *, int); | static int aes_xts_setkey(void *, const uint8_t *, int); | ||||
static void aes_xts_encrypt(void *, const uint8_t *, uint8_t *); | static void aes_xts_encrypt(void *, const uint8_t *, uint8_t *); | ||||
static void aes_xts_decrypt(void *, const uint8_t *, uint8_t *); | static void aes_xts_decrypt(void *, const uint8_t *, uint8_t *); | ||||
static void aes_xts_reinit(void *, const uint8_t *); | static void aes_xts_reinit(void *, const uint8_t *, size_t); | ||||
/* Encryption instances */ | /* Encryption instances */ | ||||
const struct enc_xform enc_xform_aes_xts = { | const struct enc_xform enc_xform_aes_xts = { | ||||
.type = CRYPTO_AES_XTS, | .type = CRYPTO_AES_XTS, | ||||
.name = "AES-XTS", | .name = "AES-XTS", | ||||
.ctxsize = sizeof(struct aes_xts_ctx), | .ctxsize = sizeof(struct aes_xts_ctx), | ||||
.blocksize = AES_BLOCK_LEN, | .blocksize = AES_BLOCK_LEN, | ||||
.ivsize = AES_XTS_IV_LEN, | .ivsize = AES_XTS_IV_LEN, | ||||
.minkey = AES_XTS_MIN_KEY, | .minkey = AES_XTS_MIN_KEY, | ||||
.maxkey = AES_XTS_MAX_KEY, | .maxkey = AES_XTS_MAX_KEY, | ||||
.encrypt = aes_xts_encrypt, | .encrypt = aes_xts_encrypt, | ||||
.decrypt = aes_xts_decrypt, | .decrypt = aes_xts_decrypt, | ||||
.setkey = aes_xts_setkey, | .setkey = aes_xts_setkey, | ||||
.reinit = aes_xts_reinit | .reinit = aes_xts_reinit | ||||
}; | }; | ||||
/* | /* | ||||
* Encryption wrapper routines. | * Encryption wrapper routines. | ||||
*/ | */ | ||||
static void | static void | ||||
aes_xts_reinit(void *key, const uint8_t *iv) | aes_xts_reinit(void *key, const uint8_t *iv, size_t ivlen) | ||||
markj: Ditto. | |||||
{ | { | ||||
struct aes_xts_ctx *ctx = key; | struct aes_xts_ctx *ctx = key; | ||||
uint64_t blocknum; | uint64_t blocknum; | ||||
u_int i; | u_int i; | ||||
KASSERT(ivlen == sizeof(blocknum), | |||||
("%s: invalid IV length", __func__)); | |||||
/* | /* | ||||
* Prepare tweak as E_k2(IV). IV is specified as LE representation | * Prepare tweak as E_k2(IV). IV is specified as LE representation | ||||
* of a 64-bit block number which we allow to be passed in directly. | * of a 64-bit block number which we allow to be passed in directly. | ||||
*/ | */ | ||||
bcopy(iv, &blocknum, AES_XTS_IVSIZE); | bcopy(iv, &blocknum, AES_XTS_IVSIZE); | ||||
Done Inline ActionsPerhaps assert that AES_XTS_IVSIZE == len? Here and elsewhere where we don't actually handle a variable length IV. (I know that CCM gets updated in a follow-up commit.) markj: Perhaps assert that AES_XTS_IVSIZE == len? Here and elsewhere where we don't actually handle a… | |||||
Done Inline ActionsI've actually added assertions to all of the reinit routines. jhb: I've actually added assertions to all of the reinit routines. | |||||
for (i = 0; i < AES_XTS_IVSIZE; i++) { | for (i = 0; i < AES_XTS_IVSIZE; i++) { | ||||
ctx->tweak[i] = blocknum & 0xff; | ctx->tweak[i] = blocknum & 0xff; | ||||
blocknum >>= 8; | blocknum >>= 8; | ||||
} | } | ||||
/* Last 64 bits of IV are always zero */ | /* Last 64 bits of IV are always zero */ | ||||
bzero(ctx->tweak + AES_XTS_IVSIZE, AES_XTS_IVSIZE); | bzero(ctx->tweak + AES_XTS_IVSIZE, AES_XTS_IVSIZE); | ||||
rijndael_encrypt(&ctx->key2, ctx->tweak, ctx->tweak); | rijndael_encrypt(&ctx->key2, ctx->tweak, ctx->tweak); | ||||
▲ Show 20 Lines • Show All 59 Lines • Show Last 20 Lines |
Ditto.