Differential D33529 Diff 101326 sys/opencrypto/xform_aes_icm.c

Changeset View

Standalone View

sys/opencrypto/xform_aes_icm.c

Show First 20 Lines • Show All 60 Lines • ▼ Show 20 Lines

struct aes_ccm_ctx {		struct aes_ccm_ctx {
struct aes_icm_ctx cipher;		struct aes_icm_ctx cipher;
struct aes_cbc_mac_ctx cbc_mac;		struct aes_cbc_mac_ctx cbc_mac;
};		};

static int aes_icm_setkey(void , const uint8_t , int);		static int aes_icm_setkey(void , const uint8_t , int);
static void aes_icm_crypt(void , const uint8_t , uint8_t *);		static void aes_icm_crypt(void , const uint8_t , uint8_t *);
		static void aes_icm_crypt_multi(void , const uint8_t , uint8_t *, size_t);
static void aes_icm_crypt_last(void , const uint8_t , uint8_t *, size_t);		static void aes_icm_crypt_last(void , const uint8_t , uint8_t *, size_t);
static void aes_icm_reinit(void , const uint8_t , size_t);		static void aes_icm_reinit(void , const uint8_t , size_t);
static int aes_gcm_setkey(void , const uint8_t , int);		static int aes_gcm_setkey(void , const uint8_t , int);
static void aes_gcm_reinit(void , const uint8_t , size_t);		static void aes_gcm_reinit(void , const uint8_t , size_t);
static int aes_gcm_update(void , const void , u_int);		static int aes_gcm_update(void , const void , u_int);
static void aes_gcm_final(uint8_t , void );		static void aes_gcm_final(uint8_t , void );
static int aes_ccm_setkey(void , const uint8_t , int);		static int aes_ccm_setkey(void , const uint8_t , int);
static void aes_ccm_reinit(void , const uint8_t , size_t);		static void aes_ccm_reinit(void , const uint8_t , size_t);
static int aes_ccm_update(void , const void , u_int);		static int aes_ccm_update(void , const void , u_int);
static void aes_ccm_final(uint8_t , void );		static void aes_ccm_final(uint8_t , void );

/* Encryption instances */		/* Encryption instances */
const struct enc_xform enc_xform_aes_icm = {		const struct enc_xform enc_xform_aes_icm = {
.type = CRYPTO_AES_ICM,		.type = CRYPTO_AES_ICM,
.name = "AES-ICM",		.name = "AES-ICM",
.ctxsize = sizeof(struct aes_icm_ctx),		.ctxsize = sizeof(struct aes_icm_ctx),
.blocksize = 1,		.blocksize = 1,
.native_blocksize = AES_BLOCK_LEN,		.native_blocksize = AES_BLOCK_LEN,
.ivsize = AES_BLOCK_LEN,		.ivsize = AES_BLOCK_LEN,
.minkey = AES_MIN_KEY,		.minkey = AES_MIN_KEY,
.maxkey = AES_MAX_KEY,		.maxkey = AES_MAX_KEY,
.encrypt = aes_icm_crypt,
.decrypt = aes_icm_crypt,
.setkey = aes_icm_setkey,		.setkey = aes_icm_setkey,
.reinit = aes_icm_reinit,		.reinit = aes_icm_reinit,
		.encrypt = aes_icm_crypt,
		.decrypt = aes_icm_crypt,
		.encrypt_multi = aes_icm_crypt_multi,
		.decrypt_multi = aes_icm_crypt_multi,
.encrypt_last = aes_icm_crypt_last,		.encrypt_last = aes_icm_crypt_last,
.decrypt_last = aes_icm_crypt_last,		.decrypt_last = aes_icm_crypt_last,
};		};

const struct enc_xform enc_xform_aes_nist_gcm = {		const struct enc_xform enc_xform_aes_nist_gcm = {
.type = CRYPTO_AES_NIST_GCM_16,		.type = CRYPTO_AES_NIST_GCM_16,
.name = "AES-GCM",		.name = "AES-GCM",
.ctxsize = sizeof(struct aes_gcm_ctx),		.ctxsize = sizeof(struct aes_gcm_ctx),
.blocksize = 1,		.blocksize = 1,
.native_blocksize = AES_BLOCK_LEN,		.native_blocksize = AES_BLOCK_LEN,
.ivsize = AES_GCM_IV_LEN,		.ivsize = AES_GCM_IV_LEN,
.minkey = AES_MIN_KEY,		.minkey = AES_MIN_KEY,
.maxkey = AES_MAX_KEY,		.maxkey = AES_MAX_KEY,
.macsize = AES_GMAC_HASH_LEN,		.macsize = AES_GMAC_HASH_LEN,
.encrypt = aes_icm_crypt,
.decrypt = aes_icm_crypt,
.setkey = aes_gcm_setkey,		.setkey = aes_gcm_setkey,
.reinit = aes_gcm_reinit,		.reinit = aes_gcm_reinit,
		.encrypt = aes_icm_crypt,
		.decrypt = aes_icm_crypt,
		.encrypt_multi = aes_icm_crypt_multi,
		.decrypt_multi = aes_icm_crypt_multi,
.encrypt_last = aes_icm_crypt_last,		.encrypt_last = aes_icm_crypt_last,
.decrypt_last = aes_icm_crypt_last,		.decrypt_last = aes_icm_crypt_last,
.update = aes_gcm_update,		.update = aes_gcm_update,
.final = aes_gcm_final,		.final = aes_gcm_final,
};		};

const struct enc_xform enc_xform_ccm = {		const struct enc_xform enc_xform_ccm = {
.type = CRYPTO_AES_CCM_16,		.type = CRYPTO_AES_CCM_16,
.name = "AES-CCM",		.name = "AES-CCM",
.ctxsize = sizeof(struct aes_ccm_ctx),		.ctxsize = sizeof(struct aes_ccm_ctx),
.blocksize = 1,		.blocksize = 1,
.native_blocksize = AES_BLOCK_LEN,		.native_blocksize = AES_BLOCK_LEN,
.ivsize = AES_CCM_IV_LEN,		.ivsize = AES_CCM_IV_LEN,
.minkey = AES_MIN_KEY, .maxkey = AES_MAX_KEY,		.minkey = AES_MIN_KEY, .maxkey = AES_MAX_KEY,
.macsize = AES_CBC_MAC_HASH_LEN,		.macsize = AES_CBC_MAC_HASH_LEN,
.encrypt = aes_icm_crypt,
.decrypt = aes_icm_crypt,
.setkey = aes_ccm_setkey,		.setkey = aes_ccm_setkey,
.reinit = aes_ccm_reinit,		.reinit = aes_ccm_reinit,
		.encrypt = aes_icm_crypt,
		.decrypt = aes_icm_crypt,
		.encrypt_multi = aes_icm_crypt_multi,
		.decrypt_multi = aes_icm_crypt_multi,
.encrypt_last = aes_icm_crypt_last,		.encrypt_last = aes_icm_crypt_last,
.decrypt_last = aes_icm_crypt_last,		.decrypt_last = aes_icm_crypt_last,
.update = aes_ccm_update,		.update = aes_ccm_update,
.final = aes_ccm_final,		.final = aes_ccm_final,
};		};

/*		/*
* Encryption wrapper routines.		* Encryption wrapper routines.
▲ Show 20 Lines • Show All 51 Lines • ▼ Show 20 Lines	aes_icm_crypt(void key, const uint8_t in, uint8_t *out)
ctx = key;		ctx = key;
aes_icm_crypt_last(key, in, out, AESICM_BLOCKSIZE);		aes_icm_crypt_last(key, in, out, AESICM_BLOCKSIZE);

/* increment counter */		/* increment counter */
for (i = AESICM_BLOCKSIZE - 1;		for (i = AESICM_BLOCKSIZE - 1;
i >= 0; i--)		i >= 0; i--)
if (++ctx->ac_block[i]) /* continue on overflow */		if (++ctx->ac_block[i]) /* continue on overflow */
break;		break;
		}

		static void
		aes_icm_crypt_multi(void key, const uint8_t in, uint8_t *out, size_t len)
		{
		struct aes_icm_ctx *ctx = key;
		uint8_t keystream[AESICM_BLOCKSIZE];
		int i;

		markjUnsubmitted Not Done Inline Actions I would add the same assertion here. For a stream cipher in particular I might naively assume, ignoring code comments, that `len` need not be a multiple of the AES block length. markj: I would add the same assertion here. For a stream cipher in particular I might naively assume…
		KASSERT(len % AESICM_BLOCKSIZE == 0, ("%s: invalid length", __func__));
		while (len > 0) {
		rijndaelEncrypt(ctx->ac_ek, ctx->ac_nr, ctx->ac_block, keystream);
		for (i = 0; i < AESICM_BLOCKSIZE; i++)
		out[i] = in[i] ^ keystream[i];

		/* increment counter */
		for (i = AESICM_BLOCKSIZE - 1; i >= 0; i--)
		if (++ctx->ac_block[i]) /* continue on overflow */
		break;

		out += AESICM_BLOCKSIZE;
		in += AESICM_BLOCKSIZE;
		len -= AESICM_BLOCKSIZE;
		markjUnsubmitted Done Inline Actions This function uses both AES_BLOCK_LEN and AESICM_BLOCKSIZE, but I suspect they should all be the latter if just for consistency. markj: This function uses both AES_BLOCK_LEN and AESICM_BLOCKSIZE, but I suspect they should all be…
		}
		explicit_bzero(keystream, sizeof(keystream));
}		}

static void		static void
aes_icm_crypt_last(void key, const uint8_t in, uint8_t *out, size_t len)		aes_icm_crypt_last(void key, const uint8_t in, uint8_t *out, size_t len)
{		{
struct aes_icm_ctx *ctx;		struct aes_icm_ctx *ctx;
uint8_t keystream[AESICM_BLOCKSIZE];		uint8_t keystream[AESICM_BLOCKSIZE];
int i;		int i;
▲ Show 20 Lines • Show All 80 Lines • Show Last 20 Lines