Changeset View
Changeset View
Standalone View
Standalone View
sys/opencrypto/cryptosoft.c
| Show First 20 Lines • Show All 636 Lines • ▼ Show 20 Lines | |||||
| } | } | ||||
| static int | static int | ||||
| swcr_ccm_cbc_mac(struct swcr_session *ses, struct cryptop *crp) | swcr_ccm_cbc_mac(struct swcr_session *ses, struct cryptop *crp) | ||||
| { | { | ||||
| u_char tag[AES_CBC_MAC_HASH_LEN]; | u_char tag[AES_CBC_MAC_HASH_LEN]; | ||||
| u_char iv[AES_BLOCK_LEN]; | u_char iv[AES_BLOCK_LEN]; | ||||
| union authctx ctx; | union authctx ctx; | ||||
| const struct crypto_session_params *csp; | |||||
| struct swcr_auth *swa; | struct swcr_auth *swa; | ||||
| const struct auth_hash *axf; | const struct auth_hash *axf; | ||||
| int error, ivlen; | int error, ivlen; | ||||
| csp = crypto_get_params(crp->crp_session); | |||||
| swa = &ses->swcr_auth; | swa = &ses->swcr_auth; | ||||
| axf = swa->sw_axf; | axf = swa->sw_axf; | ||||
| bcopy(swa->sw_ictx, &ctx, axf->ctxsize); | bcopy(swa->sw_ictx, &ctx, axf->ctxsize); | ||||
| /* Initialize the IV */ | /* Initialize the IV */ | ||||
| ivlen = AES_CCM_IV_LEN; | ivlen = csp->csp_ivlen; | ||||
| crypto_read_iv(crp, iv); | crypto_read_iv(crp, iv); | ||||
| /* | /* | ||||
| * AES CCM-CBC-MAC needs to know the length of both the auth | * AES CCM-CBC-MAC needs to know the length of both the auth | ||||
| * data and payload data before doing the auth computation. | * data and payload data before doing the auth computation. | ||||
| */ | */ | ||||
| ctx.aes_cbc_mac_ctx.authDataLength = crp->crp_payload_length; | ctx.aes_cbc_mac_ctx.authDataLength = crp->crp_payload_length; | ||||
| ctx.aes_cbc_mac_ctx.cryptDataLength = 0; | ctx.aes_cbc_mac_ctx.cryptDataLength = 0; | ||||
| Show All 25 Lines | swcr_ccm_cbc_mac(struct swcr_session *ses, struct cryptop *crp) | ||||
| explicit_bzero(tag, sizeof(tag)); | explicit_bzero(tag, sizeof(tag)); | ||||
| explicit_bzero(iv, sizeof(iv)); | explicit_bzero(iv, sizeof(iv)); | ||||
| return (error); | return (error); | ||||
| } | } | ||||
| static int | static int | ||||
| swcr_ccm(struct swcr_session *ses, struct cryptop *crp) | swcr_ccm(struct swcr_session *ses, struct cryptop *crp) | ||||
| { | { | ||||
| const struct crypto_session_params *csp; | |||||
| uint32_t blkbuf[howmany(AES_BLOCK_LEN, sizeof(uint32_t))]; | uint32_t blkbuf[howmany(AES_BLOCK_LEN, sizeof(uint32_t))]; | ||||
| u_char *blk = (u_char *)blkbuf; | u_char *blk = (u_char *)blkbuf; | ||||
| u_char tag[AES_CBC_MAC_HASH_LEN]; | u_char tag[AES_CBC_MAC_HASH_LEN]; | ||||
| struct crypto_buffer_cursor cc_in, cc_out; | struct crypto_buffer_cursor cc_in, cc_out; | ||||
| const u_char *inblk; | const u_char *inblk; | ||||
| u_char *outblk; | u_char *outblk; | ||||
| union authctx ctx; | union authctx ctx; | ||||
| struct swcr_auth *swa; | struct swcr_auth *swa; | ||||
| struct swcr_encdec *swe; | struct swcr_encdec *swe; | ||||
| const struct auth_hash *axf; | const struct auth_hash *axf; | ||||
| const struct enc_xform *exf; | const struct enc_xform *exf; | ||||
| size_t len; | size_t len; | ||||
| int blksz, error, ivlen, r, resid; | int blksz, error, ivlen, r, resid; | ||||
| csp = crypto_get_params(crp->crp_session); | |||||
| swa = &ses->swcr_auth; | swa = &ses->swcr_auth; | ||||
| axf = swa->sw_axf; | axf = swa->sw_axf; | ||||
| bcopy(swa->sw_ictx, &ctx, axf->ctxsize); | bcopy(swa->sw_ictx, &ctx, axf->ctxsize); | ||||
| blksz = AES_BLOCK_LEN; | blksz = AES_BLOCK_LEN; | ||||
| KASSERT(axf->blocksize == blksz, ("%s: axf block size mismatch", | KASSERT(axf->blocksize == blksz, ("%s: axf block size mismatch", | ||||
| __func__)); | __func__)); | ||||
| swe = &ses->swcr_encdec; | swe = &ses->swcr_encdec; | ||||
| exf = swe->sw_exf; | exf = swe->sw_exf; | ||||
| KASSERT(axf->blocksize == exf->native_blocksize, | KASSERT(axf->blocksize == exf->native_blocksize, | ||||
| ("%s: blocksize mismatch", __func__)); | ("%s: blocksize mismatch", __func__)); | ||||
| if (crp->crp_payload_length > ccm_max_payload_length(csp)) | |||||
| return (EMSGSIZE); | |||||
| if ((crp->crp_flags & CRYPTO_F_IV_SEPARATE) == 0) | if ((crp->crp_flags & CRYPTO_F_IV_SEPARATE) == 0) | ||||
| return (EINVAL); | return (EINVAL); | ||||
| ivlen = AES_CCM_IV_LEN; | ivlen = csp->csp_ivlen; | ||||
| /* | /* | ||||
| * AES CCM-CBC-MAC needs to know the length of both the auth | * AES CCM-CBC-MAC needs to know the length of both the auth | ||||
| * data and payload data before doing the auth computation. | * data and payload data before doing the auth computation. | ||||
| */ | */ | ||||
| ctx.aes_cbc_mac_ctx.authDataLength = crp->crp_aad_length; | ctx.aes_cbc_mac_ctx.authDataLength = crp->crp_aad_length; | ||||
| ctx.aes_cbc_mac_ctx.cryptDataLength = crp->crp_payload_length; | ctx.aes_cbc_mac_ctx.cryptDataLength = crp->crp_payload_length; | ||||
| ▲ Show 20 Lines • Show All 389 Lines • ▼ Show 20 Lines | swcr_setup_cipher(struct swcr_session *ses, | ||||
| const struct crypto_session_params *csp) | const struct crypto_session_params *csp) | ||||
| { | { | ||||
| struct swcr_encdec *swe; | struct swcr_encdec *swe; | ||||
| const struct enc_xform *txf; | const struct enc_xform *txf; | ||||
| int error; | int error; | ||||
| swe = &ses->swcr_encdec; | swe = &ses->swcr_encdec; | ||||
| txf = crypto_cipher(csp); | txf = crypto_cipher(csp); | ||||
| MPASS(txf->ivsize == csp->csp_ivlen); | |||||
| if (txf->ctxsize != 0) { | if (txf->ctxsize != 0) { | ||||
| swe->sw_kschedule = malloc(txf->ctxsize, M_CRYPTO_DATA, | swe->sw_kschedule = malloc(txf->ctxsize, M_CRYPTO_DATA, | ||||
| M_NOWAIT); | M_NOWAIT); | ||||
| if (swe->sw_kschedule == NULL) | if (swe->sw_kschedule == NULL) | ||||
| return (ENOMEM); | return (ENOMEM); | ||||
| } | } | ||||
| if (csp->csp_cipher_key != NULL) { | if (csp->csp_cipher_key != NULL) { | ||||
| error = txf->setkey(swe->sw_kschedule, | error = txf->setkey(swe->sw_kschedule, | ||||
| ▲ Show 20 Lines • Show All 135 Lines • ▼ Show 20 Lines | |||||
| static int | static int | ||||
| swcr_setup_ccm(struct swcr_session *ses, | swcr_setup_ccm(struct swcr_session *ses, | ||||
| const struct crypto_session_params *csp) | const struct crypto_session_params *csp) | ||||
| { | { | ||||
| struct swcr_auth *swa; | struct swcr_auth *swa; | ||||
| const struct auth_hash *axf; | const struct auth_hash *axf; | ||||
| if (csp->csp_ivlen != AES_CCM_IV_LEN) | |||||
| return (EINVAL); | |||||
| /* First, setup the auth side. */ | /* First, setup the auth side. */ | ||||
| swa = &ses->swcr_auth; | swa = &ses->swcr_auth; | ||||
| switch (csp->csp_cipher_klen * 8) { | switch (csp->csp_cipher_klen * 8) { | ||||
| case 128: | case 128: | ||||
| axf = &auth_hash_ccm_cbc_mac_128; | axf = &auth_hash_ccm_cbc_mac_128; | ||||
| break; | break; | ||||
| case 192: | case 192: | ||||
| axf = &auth_hash_ccm_cbc_mac_192; | axf = &auth_hash_ccm_cbc_mac_192; | ||||
| ▲ Show 20 Lines • Show All 90 Lines • ▼ Show 20 Lines | case CRYPTO_AES_CCM_CBC_MAC: | ||||
| case 128: | case 128: | ||||
| case 192: | case 192: | ||||
| case 256: | case 256: | ||||
| break; | break; | ||||
| default: | default: | ||||
| return (false); | return (false); | ||||
| } | } | ||||
| if (csp->csp_auth_key == NULL) | if (csp->csp_auth_key == NULL) | ||||
| return (false); | |||||
| if (csp->csp_ivlen != AES_CCM_IV_LEN) | |||||
| return (false); | return (false); | ||||
| break; | break; | ||||
| } | } | ||||
| return (true); | return (true); | ||||
| } | } | ||||
| static bool | static bool | ||||
| swcr_cipher_supported(const struct crypto_session_params *csp) | swcr_cipher_supported(const struct crypto_session_params *csp) | ||||
| ▲ Show 20 Lines • Show All 295 Lines • Show Last 20 Lines | |||||