Changeset View
Changeset View
Standalone View
Standalone View
sys/opencrypto/cryptosoft.c
Show First 20 Lines • Show All 636 Lines • ▼ Show 20 Lines | |||||
} | } | ||||
static int | static int | ||||
swcr_ccm_cbc_mac(struct swcr_session *ses, struct cryptop *crp) | swcr_ccm_cbc_mac(struct swcr_session *ses, struct cryptop *crp) | ||||
{ | { | ||||
u_char tag[AES_CBC_MAC_HASH_LEN]; | u_char tag[AES_CBC_MAC_HASH_LEN]; | ||||
u_char iv[AES_BLOCK_LEN]; | u_char iv[AES_BLOCK_LEN]; | ||||
union authctx ctx; | union authctx ctx; | ||||
const struct crypto_session_params *csp; | |||||
struct swcr_auth *swa; | struct swcr_auth *swa; | ||||
const struct auth_hash *axf; | const struct auth_hash *axf; | ||||
int error, ivlen; | int error, ivlen; | ||||
csp = crypto_get_params(crp->crp_session); | |||||
swa = &ses->swcr_auth; | swa = &ses->swcr_auth; | ||||
axf = swa->sw_axf; | axf = swa->sw_axf; | ||||
bcopy(swa->sw_ictx, &ctx, axf->ctxsize); | bcopy(swa->sw_ictx, &ctx, axf->ctxsize); | ||||
/* Initialize the IV */ | /* Initialize the IV */ | ||||
ivlen = AES_CCM_IV_LEN; | ivlen = csp->csp_ivlen; | ||||
crypto_read_iv(crp, iv); | crypto_read_iv(crp, iv); | ||||
/* | /* | ||||
* AES CCM-CBC-MAC needs to know the length of both the auth | * AES CCM-CBC-MAC needs to know the length of both the auth | ||||
* data and payload data before doing the auth computation. | * data and payload data before doing the auth computation. | ||||
*/ | */ | ||||
ctx.aes_cbc_mac_ctx.authDataLength = crp->crp_payload_length; | ctx.aes_cbc_mac_ctx.authDataLength = crp->crp_payload_length; | ||||
ctx.aes_cbc_mac_ctx.cryptDataLength = 0; | ctx.aes_cbc_mac_ctx.cryptDataLength = 0; | ||||
Show All 25 Lines | swcr_ccm_cbc_mac(struct swcr_session *ses, struct cryptop *crp) | ||||
explicit_bzero(tag, sizeof(tag)); | explicit_bzero(tag, sizeof(tag)); | ||||
explicit_bzero(iv, sizeof(iv)); | explicit_bzero(iv, sizeof(iv)); | ||||
return (error); | return (error); | ||||
} | } | ||||
static int | static int | ||||
swcr_ccm(struct swcr_session *ses, struct cryptop *crp) | swcr_ccm(struct swcr_session *ses, struct cryptop *crp) | ||||
{ | { | ||||
const struct crypto_session_params *csp; | |||||
uint32_t blkbuf[howmany(AES_BLOCK_LEN, sizeof(uint32_t))]; | uint32_t blkbuf[howmany(AES_BLOCK_LEN, sizeof(uint32_t))]; | ||||
u_char *blk = (u_char *)blkbuf; | u_char *blk = (u_char *)blkbuf; | ||||
u_char tag[AES_CBC_MAC_HASH_LEN]; | u_char tag[AES_CBC_MAC_HASH_LEN]; | ||||
struct crypto_buffer_cursor cc_in, cc_out; | struct crypto_buffer_cursor cc_in, cc_out; | ||||
const u_char *inblk; | const u_char *inblk; | ||||
u_char *outblk; | u_char *outblk; | ||||
union authctx ctx; | union authctx ctx; | ||||
struct swcr_auth *swa; | struct swcr_auth *swa; | ||||
struct swcr_encdec *swe; | struct swcr_encdec *swe; | ||||
const struct auth_hash *axf; | const struct auth_hash *axf; | ||||
const struct enc_xform *exf; | const struct enc_xform *exf; | ||||
size_t len; | size_t len; | ||||
int blksz, error, ivlen, r, resid; | int blksz, error, ivlen, r, resid; | ||||
csp = crypto_get_params(crp->crp_session); | |||||
swa = &ses->swcr_auth; | swa = &ses->swcr_auth; | ||||
axf = swa->sw_axf; | axf = swa->sw_axf; | ||||
bcopy(swa->sw_ictx, &ctx, axf->ctxsize); | bcopy(swa->sw_ictx, &ctx, axf->ctxsize); | ||||
blksz = AES_BLOCK_LEN; | blksz = AES_BLOCK_LEN; | ||||
KASSERT(axf->blocksize == blksz, ("%s: axf block size mismatch", | KASSERT(axf->blocksize == blksz, ("%s: axf block size mismatch", | ||||
__func__)); | __func__)); | ||||
swe = &ses->swcr_encdec; | swe = &ses->swcr_encdec; | ||||
exf = swe->sw_exf; | exf = swe->sw_exf; | ||||
KASSERT(axf->blocksize == exf->native_blocksize, | KASSERT(axf->blocksize == exf->native_blocksize, | ||||
("%s: blocksize mismatch", __func__)); | ("%s: blocksize mismatch", __func__)); | ||||
if (crp->crp_payload_length > ccm_max_payload_length(csp)) | |||||
return (EMSGSIZE); | |||||
if ((crp->crp_flags & CRYPTO_F_IV_SEPARATE) == 0) | if ((crp->crp_flags & CRYPTO_F_IV_SEPARATE) == 0) | ||||
return (EINVAL); | return (EINVAL); | ||||
ivlen = AES_CCM_IV_LEN; | ivlen = csp->csp_ivlen; | ||||
/* | /* | ||||
* AES CCM-CBC-MAC needs to know the length of both the auth | * AES CCM-CBC-MAC needs to know the length of both the auth | ||||
* data and payload data before doing the auth computation. | * data and payload data before doing the auth computation. | ||||
*/ | */ | ||||
ctx.aes_cbc_mac_ctx.authDataLength = crp->crp_aad_length; | ctx.aes_cbc_mac_ctx.authDataLength = crp->crp_aad_length; | ||||
ctx.aes_cbc_mac_ctx.cryptDataLength = crp->crp_payload_length; | ctx.aes_cbc_mac_ctx.cryptDataLength = crp->crp_payload_length; | ||||
▲ Show 20 Lines • Show All 389 Lines • ▼ Show 20 Lines | swcr_setup_cipher(struct swcr_session *ses, | ||||
const struct crypto_session_params *csp) | const struct crypto_session_params *csp) | ||||
{ | { | ||||
struct swcr_encdec *swe; | struct swcr_encdec *swe; | ||||
const struct enc_xform *txf; | const struct enc_xform *txf; | ||||
int error; | int error; | ||||
swe = &ses->swcr_encdec; | swe = &ses->swcr_encdec; | ||||
txf = crypto_cipher(csp); | txf = crypto_cipher(csp); | ||||
MPASS(txf->ivsize == csp->csp_ivlen); | |||||
if (txf->ctxsize != 0) { | if (txf->ctxsize != 0) { | ||||
swe->sw_kschedule = malloc(txf->ctxsize, M_CRYPTO_DATA, | swe->sw_kschedule = malloc(txf->ctxsize, M_CRYPTO_DATA, | ||||
M_NOWAIT); | M_NOWAIT); | ||||
if (swe->sw_kschedule == NULL) | if (swe->sw_kschedule == NULL) | ||||
return (ENOMEM); | return (ENOMEM); | ||||
} | } | ||||
if (csp->csp_cipher_key != NULL) { | if (csp->csp_cipher_key != NULL) { | ||||
error = txf->setkey(swe->sw_kschedule, | error = txf->setkey(swe->sw_kschedule, | ||||
▲ Show 20 Lines • Show All 135 Lines • ▼ Show 20 Lines | |||||
static int | static int | ||||
swcr_setup_ccm(struct swcr_session *ses, | swcr_setup_ccm(struct swcr_session *ses, | ||||
const struct crypto_session_params *csp) | const struct crypto_session_params *csp) | ||||
{ | { | ||||
struct swcr_auth *swa; | struct swcr_auth *swa; | ||||
const struct auth_hash *axf; | const struct auth_hash *axf; | ||||
if (csp->csp_ivlen != AES_CCM_IV_LEN) | |||||
return (EINVAL); | |||||
/* First, setup the auth side. */ | /* First, setup the auth side. */ | ||||
swa = &ses->swcr_auth; | swa = &ses->swcr_auth; | ||||
switch (csp->csp_cipher_klen * 8) { | switch (csp->csp_cipher_klen * 8) { | ||||
case 128: | case 128: | ||||
axf = &auth_hash_ccm_cbc_mac_128; | axf = &auth_hash_ccm_cbc_mac_128; | ||||
break; | break; | ||||
case 192: | case 192: | ||||
axf = &auth_hash_ccm_cbc_mac_192; | axf = &auth_hash_ccm_cbc_mac_192; | ||||
▲ Show 20 Lines • Show All 90 Lines • ▼ Show 20 Lines | case CRYPTO_AES_CCM_CBC_MAC: | ||||
case 128: | case 128: | ||||
case 192: | case 192: | ||||
case 256: | case 256: | ||||
break; | break; | ||||
default: | default: | ||||
return (false); | return (false); | ||||
} | } | ||||
if (csp->csp_auth_key == NULL) | if (csp->csp_auth_key == NULL) | ||||
return (false); | |||||
if (csp->csp_ivlen != AES_CCM_IV_LEN) | |||||
return (false); | return (false); | ||||
break; | break; | ||||
} | } | ||||
return (true); | return (true); | ||||
} | } | ||||
static bool | static bool | ||||
swcr_cipher_supported(const struct crypto_session_params *csp) | swcr_cipher_supported(const struct crypto_session_params *csp) | ||||
▲ Show 20 Lines • Show All 295 Lines • Show Last 20 Lines |