Changeset View
Changeset View
Standalone View
Standalone View
sys/opencrypto/xform_aes_icm.c
Show First 20 Lines • Show All 60 Lines • ▼ Show 20 Lines | |||||
struct aes_ccm_ctx { | struct aes_ccm_ctx { | ||||
struct aes_icm_ctx cipher; | struct aes_icm_ctx cipher; | ||||
struct aes_cbc_mac_ctx cbc_mac; | struct aes_cbc_mac_ctx cbc_mac; | ||||
}; | }; | ||||
static int aes_icm_setkey(void *, const uint8_t *, int); | static int aes_icm_setkey(void *, const uint8_t *, int); | ||||
static void aes_icm_crypt(void *, const uint8_t *, uint8_t *); | static void aes_icm_crypt(void *, const uint8_t *, uint8_t *); | ||||
static void aes_icm_crypt_multi(void *, const uint8_t *, uint8_t *, size_t); | |||||
static void aes_icm_crypt_last(void *, const uint8_t *, uint8_t *, size_t); | static void aes_icm_crypt_last(void *, const uint8_t *, uint8_t *, size_t); | ||||
static void aes_icm_reinit(void *, const uint8_t *, size_t); | static void aes_icm_reinit(void *, const uint8_t *, size_t); | ||||
static int aes_gcm_setkey(void *, const uint8_t *, int); | static int aes_gcm_setkey(void *, const uint8_t *, int); | ||||
static void aes_gcm_reinit(void *, const uint8_t *, size_t); | static void aes_gcm_reinit(void *, const uint8_t *, size_t); | ||||
static int aes_gcm_update(void *, const void *, u_int); | static int aes_gcm_update(void *, const void *, u_int); | ||||
static void aes_gcm_final(uint8_t *, void *); | static void aes_gcm_final(uint8_t *, void *); | ||||
static int aes_ccm_setkey(void *, const uint8_t *, int); | static int aes_ccm_setkey(void *, const uint8_t *, int); | ||||
static void aes_ccm_reinit(void *, const uint8_t *, size_t); | static void aes_ccm_reinit(void *, const uint8_t *, size_t); | ||||
static int aes_ccm_update(void *, const void *, u_int); | static int aes_ccm_update(void *, const void *, u_int); | ||||
static void aes_ccm_final(uint8_t *, void *); | static void aes_ccm_final(uint8_t *, void *); | ||||
/* Encryption instances */ | /* Encryption instances */ | ||||
const struct enc_xform enc_xform_aes_icm = { | const struct enc_xform enc_xform_aes_icm = { | ||||
.type = CRYPTO_AES_ICM, | .type = CRYPTO_AES_ICM, | ||||
.name = "AES-ICM", | .name = "AES-ICM", | ||||
.ctxsize = sizeof(struct aes_icm_ctx), | .ctxsize = sizeof(struct aes_icm_ctx), | ||||
.blocksize = 1, | .blocksize = 1, | ||||
.native_blocksize = AES_BLOCK_LEN, | .native_blocksize = AES_BLOCK_LEN, | ||||
.ivsize = AES_BLOCK_LEN, | .ivsize = AES_BLOCK_LEN, | ||||
.minkey = AES_MIN_KEY, | .minkey = AES_MIN_KEY, | ||||
.maxkey = AES_MAX_KEY, | .maxkey = AES_MAX_KEY, | ||||
.encrypt = aes_icm_crypt, | |||||
.decrypt = aes_icm_crypt, | |||||
.setkey = aes_icm_setkey, | .setkey = aes_icm_setkey, | ||||
.reinit = aes_icm_reinit, | .reinit = aes_icm_reinit, | ||||
.encrypt = aes_icm_crypt, | |||||
.decrypt = aes_icm_crypt, | |||||
.encrypt_multi = aes_icm_crypt_multi, | |||||
.decrypt_multi = aes_icm_crypt_multi, | |||||
.encrypt_last = aes_icm_crypt_last, | .encrypt_last = aes_icm_crypt_last, | ||||
.decrypt_last = aes_icm_crypt_last, | .decrypt_last = aes_icm_crypt_last, | ||||
}; | }; | ||||
const struct enc_xform enc_xform_aes_nist_gcm = { | const struct enc_xform enc_xform_aes_nist_gcm = { | ||||
.type = CRYPTO_AES_NIST_GCM_16, | .type = CRYPTO_AES_NIST_GCM_16, | ||||
.name = "AES-GCM", | .name = "AES-GCM", | ||||
.ctxsize = sizeof(struct aes_gcm_ctx), | .ctxsize = sizeof(struct aes_gcm_ctx), | ||||
.blocksize = 1, | .blocksize = 1, | ||||
.native_blocksize = AES_BLOCK_LEN, | .native_blocksize = AES_BLOCK_LEN, | ||||
.ivsize = AES_GCM_IV_LEN, | .ivsize = AES_GCM_IV_LEN, | ||||
.minkey = AES_MIN_KEY, | .minkey = AES_MIN_KEY, | ||||
.maxkey = AES_MAX_KEY, | .maxkey = AES_MAX_KEY, | ||||
.macsize = AES_GMAC_HASH_LEN, | .macsize = AES_GMAC_HASH_LEN, | ||||
.encrypt = aes_icm_crypt, | |||||
.decrypt = aes_icm_crypt, | |||||
.setkey = aes_gcm_setkey, | .setkey = aes_gcm_setkey, | ||||
.reinit = aes_gcm_reinit, | .reinit = aes_gcm_reinit, | ||||
.encrypt = aes_icm_crypt, | |||||
.decrypt = aes_icm_crypt, | |||||
.encrypt_multi = aes_icm_crypt_multi, | |||||
.decrypt_multi = aes_icm_crypt_multi, | |||||
.encrypt_last = aes_icm_crypt_last, | .encrypt_last = aes_icm_crypt_last, | ||||
.decrypt_last = aes_icm_crypt_last, | .decrypt_last = aes_icm_crypt_last, | ||||
.update = aes_gcm_update, | .update = aes_gcm_update, | ||||
.final = aes_gcm_final, | .final = aes_gcm_final, | ||||
}; | }; | ||||
const struct enc_xform enc_xform_ccm = { | const struct enc_xform enc_xform_ccm = { | ||||
.type = CRYPTO_AES_CCM_16, | .type = CRYPTO_AES_CCM_16, | ||||
.name = "AES-CCM", | .name = "AES-CCM", | ||||
.ctxsize = sizeof(struct aes_ccm_ctx), | .ctxsize = sizeof(struct aes_ccm_ctx), | ||||
.blocksize = 1, | .blocksize = 1, | ||||
.native_blocksize = AES_BLOCK_LEN, | .native_blocksize = AES_BLOCK_LEN, | ||||
.ivsize = AES_CCM_IV_LEN, | .ivsize = AES_CCM_IV_LEN, | ||||
.minkey = AES_MIN_KEY, .maxkey = AES_MAX_KEY, | .minkey = AES_MIN_KEY, .maxkey = AES_MAX_KEY, | ||||
.macsize = AES_CBC_MAC_HASH_LEN, | .macsize = AES_CBC_MAC_HASH_LEN, | ||||
.encrypt = aes_icm_crypt, | |||||
.decrypt = aes_icm_crypt, | |||||
.setkey = aes_ccm_setkey, | .setkey = aes_ccm_setkey, | ||||
.reinit = aes_ccm_reinit, | .reinit = aes_ccm_reinit, | ||||
.encrypt = aes_icm_crypt, | |||||
.decrypt = aes_icm_crypt, | |||||
.encrypt_multi = aes_icm_crypt_multi, | |||||
.decrypt_multi = aes_icm_crypt_multi, | |||||
.encrypt_last = aes_icm_crypt_last, | .encrypt_last = aes_icm_crypt_last, | ||||
.decrypt_last = aes_icm_crypt_last, | .decrypt_last = aes_icm_crypt_last, | ||||
.update = aes_ccm_update, | .update = aes_ccm_update, | ||||
.final = aes_ccm_final, | .final = aes_ccm_final, | ||||
}; | }; | ||||
/* | /* | ||||
* Encryption wrapper routines. | * Encryption wrapper routines. | ||||
▲ Show 20 Lines • Show All 51 Lines • ▼ Show 20 Lines | aes_icm_crypt(void *key, const uint8_t *in, uint8_t *out) | ||||
ctx = key; | ctx = key; | ||||
aes_icm_crypt_last(key, in, out, AESICM_BLOCKSIZE); | aes_icm_crypt_last(key, in, out, AESICM_BLOCKSIZE); | ||||
/* increment counter */ | /* increment counter */ | ||||
for (i = AESICM_BLOCKSIZE - 1; | for (i = AESICM_BLOCKSIZE - 1; | ||||
i >= 0; i--) | i >= 0; i--) | ||||
if (++ctx->ac_block[i]) /* continue on overflow */ | if (++ctx->ac_block[i]) /* continue on overflow */ | ||||
break; | break; | ||||
} | |||||
static void | |||||
aes_icm_crypt_multi(void *key, const uint8_t *in, uint8_t *out, size_t len) | |||||
{ | |||||
struct aes_icm_ctx *ctx = key; | |||||
uint8_t keystream[AESICM_BLOCKSIZE]; | |||||
int i; | |||||
markj: I would add the same assertion here. For a stream cipher in particular I might naively assume… | |||||
KASSERT(len % AESICM_BLOCKSIZE == 0, ("%s: invalid length", __func__)); | |||||
while (len > 0) { | |||||
rijndaelEncrypt(ctx->ac_ek, ctx->ac_nr, ctx->ac_block, keystream); | |||||
for (i = 0; i < AESICM_BLOCKSIZE; i++) | |||||
out[i] = in[i] ^ keystream[i]; | |||||
/* increment counter */ | |||||
for (i = AESICM_BLOCKSIZE - 1; i >= 0; i--) | |||||
if (++ctx->ac_block[i]) /* continue on overflow */ | |||||
break; | |||||
out += AESICM_BLOCKSIZE; | |||||
in += AESICM_BLOCKSIZE; | |||||
len -= AESICM_BLOCKSIZE; | |||||
Done Inline ActionsThis function uses both AES_BLOCK_LEN and AESICM_BLOCKSIZE, but I suspect they should all be the latter if just for consistency. markj: This function uses both AES_BLOCK_LEN and AESICM_BLOCKSIZE, but I suspect they should all be… | |||||
} | |||||
explicit_bzero(keystream, sizeof(keystream)); | |||||
} | } | ||||
static void | static void | ||||
aes_icm_crypt_last(void *key, const uint8_t *in, uint8_t *out, size_t len) | aes_icm_crypt_last(void *key, const uint8_t *in, uint8_t *out, size_t len) | ||||
{ | { | ||||
struct aes_icm_ctx *ctx; | struct aes_icm_ctx *ctx; | ||||
uint8_t keystream[AESICM_BLOCKSIZE]; | uint8_t keystream[AESICM_BLOCKSIZE]; | ||||
int i; | int i; | ||||
▲ Show 20 Lines • Show All 80 Lines • Show Last 20 Lines |
I would add the same assertion here. For a stream cipher in particular I might naively assume, ignoring code comments, that len need not be a multiple of the AES block length.