Module Name: src
Committed By: riastradh
Date: Mon Jun 29 23:34:48 UTC 2020
Modified Files:
src/sys/opencrypto: aesxcbcmac.c aesxcbcmac.h cryptosoft.c
cryptosoft_xform.c files.opencrypto gmac.c gmac.h xform.c
Log Message:
opencrypto: Switch from legacy rijndael API to new aes API.
While here, apply various rijndael->aes renames, reduce the size
of aesxcbc_ctx by 480 bytes, and convert some malloc->kmem.
Leave in the symbol enc_xform_rijndael128 for now, though, so this
doesn't break any kernel ABI.
To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 src/sys/opencrypto/aesxcbcmac.c \
src/sys/opencrypto/gmac.h
cvs rdiff -u -r1.1 -r1.2 src/sys/opencrypto/aesxcbcmac.h
cvs rdiff -u -r1.55 -r1.56 src/sys/opencrypto/cryptosoft.c
cvs rdiff -u -r1.28 -r1.29 src/sys/opencrypto/cryptosoft_xform.c
cvs rdiff -u -r1.29 -r1.30 src/sys/opencrypto/files.opencrypto \
src/sys/opencrypto/xform.c
cvs rdiff -u -r1.3 -r1.4 src/sys/opencrypto/gmac.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/opencrypto/aesxcbcmac.c
diff -u src/sys/opencrypto/aesxcbcmac.c:1.2 src/sys/opencrypto/aesxcbcmac.c:1.3
--- src/sys/opencrypto/aesxcbcmac.c:1.2 Mon Sep 26 14:50:54 2016
+++ src/sys/opencrypto/aesxcbcmac.c Mon Jun 29 23:34:48 2020
@@ -1,4 +1,4 @@
-/* $NetBSD: aesxcbcmac.c,v 1.2 2016/09/26 14:50:54 christos Exp $ */
+/* $NetBSD: aesxcbcmac.c,v 1.3 2020/06/29 23:34:48 riastradh Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, 1998 and 2003 WIDE Project.
@@ -30,11 +30,12 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: aesxcbcmac.c,v 1.2 2016/09/26 14:50:54 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: aesxcbcmac.c,v 1.3 2020/06/29 23:34:48 riastradh Exp $");
#include <sys/param.h>
#include <sys/systm.h>
-#include <crypto/rijndael/rijndael.h>
+
+#include <crypto/aes/aes.h>
#include <opencrypto/aesxcbcmac.h>
@@ -47,24 +48,31 @@ aes_xcbc_mac_init(void *vctx, const uint
{ 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2 };
static const uint8_t k3seed[AES_BLOCKSIZE] =
{ 3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3 };
- u_int32_t r_ks[(RIJNDAEL_MAXNR+1)*4];
+ struct aesenc r_ks;
aesxcbc_ctx *ctx;
uint8_t k1[AES_BLOCKSIZE];
ctx = vctx;
memset(ctx, 0, sizeof(*ctx));
- if ((ctx->r_nr = rijndaelKeySetupEnc(r_ks, key, keylen * 8)) == 0)
- return -1;
- rijndaelEncrypt(r_ks, ctx->r_nr, k1seed, k1);
- rijndaelEncrypt(r_ks, ctx->r_nr, k2seed, ctx->k2);
- rijndaelEncrypt(r_ks, ctx->r_nr, k3seed, ctx->k3);
- if (rijndaelKeySetupEnc(ctx->r_k1s, k1, AES_BLOCKSIZE * 8) == 0)
- return -1;
- if (rijndaelKeySetupEnc(ctx->r_k2s, ctx->k2, AES_BLOCKSIZE * 8) == 0)
- return -1;
- if (rijndaelKeySetupEnc(ctx->r_k3s, ctx->k3, AES_BLOCKSIZE * 8) == 0)
- return -1;
+ switch (keylen) {
+ case 16:
+ ctx->r_nr = aes_setenckey128(&r_ks, key);
+ break;
+ case 24:
+ ctx->r_nr = aes_setenckey192(&r_ks, key);
+ break;
+ case 32:
+ ctx->r_nr = aes_setenckey256(&r_ks, key);
+ break;
+ }
+ aes_enc(&r_ks, k1seed, k1, ctx->r_nr);
+ aes_enc(&r_ks, k2seed, ctx->k2, ctx->r_nr);
+ aes_enc(&r_ks, k3seed, ctx->k3, ctx->r_nr);
+ aes_setenckey128(&ctx->r_k1s, k1);
+
+ explicit_memset(&r_ks, 0, sizeof(r_ks));
+ explicit_memset(k1, 0, sizeof(k1));
return 0;
}
@@ -83,7 +91,7 @@ aes_xcbc_mac_loop(void *vctx, const uint
if (ctx->buflen == sizeof(ctx->buf)) {
for (i = 0; i < sizeof(ctx->e); i++)
ctx->buf[i] ^= ctx->e[i];
- rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, ctx->buf, ctx->e);
+ aes_enc(&ctx->r_k1s, ctx->buf, ctx->e, ctx->r_nr);
ctx->buflen = 0;
}
if (ctx->buflen + len < sizeof(ctx->buf)) {
@@ -96,7 +104,7 @@ aes_xcbc_mac_loop(void *vctx, const uint
sizeof(ctx->buf) - ctx->buflen);
for (i = 0; i < sizeof(ctx->e); i++)
ctx->buf[i] ^= ctx->e[i];
- rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, ctx->buf, ctx->e);
+ aes_enc(&ctx->r_k1s, ctx->buf, ctx->e, ctx->r_nr);
addr += sizeof(ctx->buf) - ctx->buflen;
ctx->buflen = 0;
}
@@ -105,7 +113,7 @@ aes_xcbc_mac_loop(void *vctx, const uint
memcpy(buf, addr, AES_BLOCKSIZE);
for (i = 0; i < sizeof(buf); i++)
buf[i] ^= ctx->e[i];
- rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, buf, ctx->e);
+ aes_enc(&ctx->r_k1s, buf, ctx->e, ctx->r_nr);
addr += AES_BLOCKSIZE;
}
if (addr < ep) {
@@ -129,7 +137,7 @@ aes_xcbc_mac_result(uint8_t *addr, void
ctx->buf[i] ^= ctx->e[i];
ctx->buf[i] ^= ctx->k2[i];
}
- rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, ctx->buf, digest);
+ aes_enc(&ctx->r_k1s, ctx->buf, digest, ctx->r_nr);
} else {
for (i = ctx->buflen; i < sizeof(ctx->buf); i++)
ctx->buf[i] = (i == ctx->buflen) ? 0x80 : 0x00;
@@ -137,7 +145,7 @@ aes_xcbc_mac_result(uint8_t *addr, void
ctx->buf[i] ^= ctx->e[i];
ctx->buf[i] ^= ctx->k3[i];
}
- rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, ctx->buf, digest);
+ aes_enc(&ctx->r_k1s, ctx->buf, digest, ctx->r_nr);
}
memcpy(addr, digest, sizeof(digest));
Index: src/sys/opencrypto/gmac.h
diff -u src/sys/opencrypto/gmac.h:1.2 src/sys/opencrypto/gmac.h:1.3
--- src/sys/opencrypto/gmac.h:1.2 Thu Jun 9 14:47:42 2011
+++ src/sys/opencrypto/gmac.h Mon Jun 29 23:34:48 2020
@@ -1,4 +1,4 @@
-/* $NetBSD: gmac.h,v 1.2 2011/06/09 14:47:42 drochner Exp $ */
+/* $NetBSD: gmac.h,v 1.3 2020/06/29 23:34:48 riastradh Exp $ */
/* OpenBSD: gmac.h,v 1.1 2010/09/22 11:54:23 mikeb Exp */
/*
@@ -20,7 +20,7 @@
#ifndef _GMAC_H_
#define _GMAC_H_
-#include <crypto/rijndael/rijndael.h>
+#include <crypto/aes/aes.h>
#define GMAC_BLOCK_LEN 16
#define GMAC_DIGEST_LEN 16
@@ -41,7 +41,7 @@ typedef struct _GHASH_CTX {
typedef struct _AES_GMAC_CTX {
GHASH_CTX ghash;
- uint32_t K[4*(RIJNDAEL_MAXNR + 1)];
+ struct aesenc K;
uint8_t J[GMAC_BLOCK_LEN]; /* counter block */
int rounds;
} AES_GMAC_CTX;
Index: src/sys/opencrypto/aesxcbcmac.h
diff -u src/sys/opencrypto/aesxcbcmac.h:1.1 src/sys/opencrypto/aesxcbcmac.h:1.2
--- src/sys/opencrypto/aesxcbcmac.h:1.1 Tue May 24 19:10:09 2011
+++ src/sys/opencrypto/aesxcbcmac.h Mon Jun 29 23:34:48 2020
@@ -1,4 +1,7 @@
-/* $NetBSD: aesxcbcmac.h,v 1.1 2011/05/24 19:10:09 drochner Exp $ */
+/* $NetBSD: aesxcbcmac.h,v 1.2 2020/06/29 23:34:48 riastradh Exp $ */
+
+#ifndef _OPENCRYPTO_AESXCBCMAC_H
+#define _OPENCRYPTO_AESXCBCMAC_H
#include <sys/types.h>
@@ -8,9 +11,7 @@ typedef struct {
u_int8_t e[AES_BLOCKSIZE];
u_int8_t buf[AES_BLOCKSIZE];
size_t buflen;
- u_int32_t r_k1s[(RIJNDAEL_MAXNR+1)*4];
- u_int32_t r_k2s[(RIJNDAEL_MAXNR+1)*4];
- u_int32_t r_k3s[(RIJNDAEL_MAXNR+1)*4];
+ struct aesenc r_k1s;
int r_nr; /* key-length-dependent number of rounds */
u_int8_t k2[AES_BLOCKSIZE];
u_int8_t k3[AES_BLOCKSIZE];
@@ -19,3 +20,5 @@ typedef struct {
int aes_xcbc_mac_init(void *, const u_int8_t *, u_int16_t);
int aes_xcbc_mac_loop(void *, const u_int8_t *, u_int16_t);
void aes_xcbc_mac_result(u_int8_t *, void *);
+
+#endif /* _OPENCRYPTO_AESXCBCMAC_H */
Index: src/sys/opencrypto/cryptosoft.c
diff -u src/sys/opencrypto/cryptosoft.c:1.55 src/sys/opencrypto/cryptosoft.c:1.56
--- src/sys/opencrypto/cryptosoft.c:1.55 Sun Jun 14 23:23:55 2020
+++ src/sys/opencrypto/cryptosoft.c Mon Jun 29 23:34:48 2020
@@ -1,4 +1,4 @@
-/* $NetBSD: cryptosoft.c,v 1.55 2020/06/14 23:23:55 riastradh Exp $ */
+/* $NetBSD: cryptosoft.c,v 1.56 2020/06/29 23:34:48 riastradh Exp $ */
/* $FreeBSD: src/sys/opencrypto/cryptosoft.c,v 1.2.2.1 2002/11/21 23:34:23 sam Exp $ */
/* $OpenBSD: cryptosoft.c,v 1.35 2002/04/26 08:43:50 deraadt Exp $ */
@@ -24,7 +24,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: cryptosoft.c,v 1.55 2020/06/14 23:23:55 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: cryptosoft.c,v 1.56 2020/06/29 23:34:48 riastradh Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -831,8 +831,8 @@ swcr_newsession(void *arg, u_int32_t *si
case CRYPTO_SKIPJACK_CBC:
txf = &swcr_enc_xform_skipjack;
goto enccommon;
- case CRYPTO_RIJNDAEL128_CBC:
- txf = &swcr_enc_xform_rijndael128;
+ case CRYPTO_AES_CBC:
+ txf = &swcr_enc_xform_aes;
goto enccommon;
case CRYPTO_CAMELLIA_CBC:
txf = &swcr_enc_xform_camellia;
@@ -890,15 +890,13 @@ swcr_newsession(void *arg, u_int32_t *si
axf = &swcr_auth_hash_hmac_ripemd_160_96;
goto authcommon; /* leave this for safety */
authcommon:
- (*swd)->sw_ictx = malloc(axf->ctxsize,
- M_CRYPTO_DATA, M_NOWAIT);
+ (*swd)->sw_ictx = kmem_alloc(axf->ctxsize, KM_NOSLEEP);
if ((*swd)->sw_ictx == NULL) {
swcr_freesession(NULL, i);
return ENOBUFS;
}
- (*swd)->sw_octx = malloc(axf->ctxsize,
- M_CRYPTO_DATA, M_NOWAIT);
+ (*swd)->sw_octx = kmem_alloc(axf->ctxsize, KM_NOSLEEP);
if ((*swd)->sw_octx == NULL) {
swcr_freesession(NULL, i);
return ENOBUFS;
@@ -936,16 +934,15 @@ swcr_newsession(void *arg, u_int32_t *si
CTASSERT(SHA1_DIGEST_LENGTH >= MD5_DIGEST_LENGTH);
axf = &swcr_auth_hash_key_sha1;
auth2common:
- (*swd)->sw_ictx = malloc(axf->ctxsize,
- M_CRYPTO_DATA, M_NOWAIT);
+ (*swd)->sw_ictx = kmem_alloc(axf->ctxsize, KM_NOSLEEP);
if ((*swd)->sw_ictx == NULL) {
swcr_freesession(NULL, i);
return ENOBUFS;
}
/* Store the key so we can "append" it to the payload */
- (*swd)->sw_octx = malloc(cri->cri_klen / 8, M_CRYPTO_DATA,
- M_NOWAIT);
+ (*swd)->sw_octx = kmem_alloc(cri->cri_klen / 8,
+ KM_NOSLEEP);
if ((*swd)->sw_octx == NULL) {
swcr_freesession(NULL, i);
return ENOBUFS;
@@ -968,8 +965,7 @@ swcr_newsession(void *arg, u_int32_t *si
case CRYPTO_SHA1:
axf = &swcr_auth_hash_sha1;
auth3common:
- (*swd)->sw_ictx = malloc(axf->ctxsize,
- M_CRYPTO_DATA, M_NOWAIT);
+ (*swd)->sw_ictx = kmem_alloc(axf->ctxsize, KM_NOSLEEP);
if ((*swd)->sw_ictx == NULL) {
swcr_freesession(NULL, i);
return ENOBUFS;
@@ -991,8 +987,7 @@ swcr_newsession(void *arg, u_int32_t *si
case CRYPTO_AES_256_GMAC:
axf = &swcr_auth_hash_gmac_aes_256;
auth4common:
- (*swd)->sw_ictx = malloc(axf->ctxsize,
- M_CRYPTO_DATA, M_NOWAIT);
+ (*swd)->sw_ictx = kmem_alloc(axf->ctxsize, KM_NOSLEEP);
if ((*swd)->sw_ictx == NULL) {
swcr_freesession(NULL, i);
return ENOBUFS;
@@ -1057,7 +1052,7 @@ swcr_freesession(void *arg, u_int64_t ti
case CRYPTO_BLF_CBC:
case CRYPTO_CAST_CBC:
case CRYPTO_SKIPJACK_CBC:
- case CRYPTO_RIJNDAEL128_CBC:
+ case CRYPTO_AES_CBC:
case CRYPTO_CAMELLIA_CBC:
case CRYPTO_AES_CTR:
case CRYPTO_AES_GCM_16:
@@ -1083,11 +1078,11 @@ swcr_freesession(void *arg, u_int64_t ti
if (swd->sw_ictx) {
explicit_memset(swd->sw_ictx, 0, axf->ctxsize);
- free(swd->sw_ictx, M_CRYPTO_DATA);
+ kmem_free(swd->sw_ictx, axf->ctxsize);
}
if (swd->sw_octx) {
explicit_memset(swd->sw_octx, 0, axf->ctxsize);
- free(swd->sw_octx, M_CRYPTO_DATA);
+ kmem_free(swd->sw_octx, axf->ctxsize);
}
break;
@@ -1097,11 +1092,11 @@ swcr_freesession(void *arg, u_int64_t ti
if (swd->sw_ictx) {
explicit_memset(swd->sw_ictx, 0, axf->ctxsize);
- free(swd->sw_ictx, M_CRYPTO_DATA);
+ kmem_free(swd->sw_ictx, axf->ctxsize);
}
if (swd->sw_octx) {
explicit_memset(swd->sw_octx, 0, swd->sw_klen);
- free(swd->sw_octx, M_CRYPTO_DATA);
+ kmem_free(swd->sw_octx, axf->ctxsize);
}
break;
@@ -1115,7 +1110,7 @@ swcr_freesession(void *arg, u_int64_t ti
if (swd->sw_ictx) {
explicit_memset(swd->sw_ictx, 0, axf->ctxsize);
- free(swd->sw_ictx, M_CRYPTO_DATA);
+ kmem_free(swd->sw_ictx, axf->ctxsize);
}
break;
@@ -1193,7 +1188,7 @@ swcr_process(void *arg, struct cryptop *
case CRYPTO_BLF_CBC:
case CRYPTO_CAST_CBC:
case CRYPTO_SKIPJACK_CBC:
- case CRYPTO_RIJNDAEL128_CBC:
+ case CRYPTO_AES_CBC:
case CRYPTO_CAMELLIA_CBC:
case CRYPTO_AES_CTR:
if ((crp->crp_etype = swcr_encdec(crd, sw,
@@ -1294,7 +1289,7 @@ swcr_init(void)
REGISTER(CRYPTO_AES_128_GMAC);
REGISTER(CRYPTO_AES_192_GMAC);
REGISTER(CRYPTO_AES_256_GMAC);
- REGISTER(CRYPTO_RIJNDAEL128_CBC);
+ REGISTER(CRYPTO_AES_CBC);
REGISTER(CRYPTO_DEFLATE_COMP);
REGISTER(CRYPTO_DEFLATE_COMP_NOGROW);
REGISTER(CRYPTO_GZIP_COMP);
Index: src/sys/opencrypto/cryptosoft_xform.c
diff -u src/sys/opencrypto/cryptosoft_xform.c:1.28 src/sys/opencrypto/cryptosoft_xform.c:1.29
--- src/sys/opencrypto/cryptosoft_xform.c:1.28 Sat Oct 12 00:49:30 2019
+++ src/sys/opencrypto/cryptosoft_xform.c Mon Jun 29 23:34:48 2020
@@ -1,4 +1,4 @@
-/* $NetBSD: cryptosoft_xform.c,v 1.28 2019/10/12 00:49:30 christos Exp $ */
+/* $NetBSD: cryptosoft_xform.c,v 1.29 2020/06/29 23:34:48 riastradh Exp $ */
/* $FreeBSD: src/sys/opencrypto/xform.c,v 1.1.2.1 2002/11/21 23:34:23 sam Exp $ */
/* $OpenBSD: xform.c,v 1.19 2002/08/16 22:47:25 dhartmei Exp $ */
@@ -40,23 +40,24 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(1, "$NetBSD: cryptosoft_xform.c,v 1.28 2019/10/12 00:49:30 christos Exp $");
+__KERNEL_RCSID(1, "$NetBSD: cryptosoft_xform.c,v 1.29 2020/06/29 23:34:48 riastradh Exp $");
+#include <sys/cprng.h>
+#include <sys/kmem.h>
+#include <sys/md5.h>
+#include <sys/rmd160.h>
+#include <sys/sha1.h>
+#include <sys/sha2.h>
+
+#include <crypto/aes/aes.h>
#include <crypto/blowfish/blowfish.h>
+#include <crypto/camellia/camellia.h>
#include <crypto/cast128/cast128.h>
#include <crypto/des/des.h>
-#include <crypto/rijndael/rijndael.h>
#include <crypto/skipjack/skipjack.h>
-#include <crypto/camellia/camellia.h>
-#include <opencrypto/deflate.h>
-
-#include <sys/md5.h>
-#include <sys/rmd160.h>
-#include <sys/sha1.h>
-#include <sys/sha2.h>
-#include <sys/cprng.h>
#include <opencrypto/aesxcbcmac.h>
+#include <opencrypto/deflate.h>
#include <opencrypto/gmac.h>
struct swcr_auth_hash {
@@ -94,7 +95,7 @@ static int des3_setkey(u_int8_t **, cons
static int blf_setkey(u_int8_t **, const u_int8_t *, int);
static int cast5_setkey(u_int8_t **, const u_int8_t *, int);
static int skipjack_setkey(u_int8_t **, const u_int8_t *, int);
-static int rijndael128_setkey(u_int8_t **, const u_int8_t *, int);
+static int aes_setkey(u_int8_t **, const u_int8_t *, int);
static int cml_setkey(u_int8_t **, const u_int8_t *, int);
static int aes_ctr_setkey(u_int8_t **, const u_int8_t *, int);
static int aes_gmac_setkey(u_int8_t **, const u_int8_t *, int);
@@ -103,14 +104,14 @@ static void des3_encrypt(void *, u_int8_
static void blf_encrypt(void *, u_int8_t *);
static void cast5_encrypt(void *, u_int8_t *);
static void skipjack_encrypt(void *, u_int8_t *);
-static void rijndael128_encrypt(void *, u_int8_t *);
+static void aes_encrypt(void *, u_int8_t *);
static void cml_encrypt(void *, u_int8_t *);
static void des1_decrypt(void *, u_int8_t *);
static void des3_decrypt(void *, u_int8_t *);
static void blf_decrypt(void *, u_int8_t *);
static void cast5_decrypt(void *, u_int8_t *);
static void skipjack_decrypt(void *, u_int8_t *);
-static void rijndael128_decrypt(void *, u_int8_t *);
+static void aes_decrypt(void *, u_int8_t *);
static void cml_decrypt(void *, u_int8_t *);
static void aes_ctr_crypt(void *, u_int8_t *);
static void des1_zerokey(u_int8_t **);
@@ -118,7 +119,7 @@ static void des3_zerokey(u_int8_t **);
static void blf_zerokey(u_int8_t **);
static void cast5_zerokey(u_int8_t **);
static void skipjack_zerokey(u_int8_t **);
-static void rijndael128_zerokey(u_int8_t **);
+static void aes_zerokey(u_int8_t **);
static void cml_zerokey(u_int8_t **);
static void aes_ctr_zerokey(u_int8_t **);
static void aes_gmac_zerokey(u_int8_t **);
@@ -204,12 +205,12 @@ static const struct swcr_enc_xform swcr_
NULL
};
-static const struct swcr_enc_xform swcr_enc_xform_rijndael128 = {
+static const struct swcr_enc_xform swcr_enc_xform_aes = {
&enc_xform_rijndael128,
- rijndael128_encrypt,
- rijndael128_decrypt,
- rijndael128_setkey,
- rijndael128_zerokey,
+ aes_encrypt,
+ aes_decrypt,
+ aes_setkey,
+ aes_zerokey,
NULL
};
@@ -599,38 +600,68 @@ skipjack_zerokey(u_int8_t **sched)
*sched = NULL;
}
+struct aes_ctx {
+ struct aesenc enc;
+ struct aesdec dec;
+ uint32_t nr;
+};
+
static void
-rijndael128_encrypt(void *key, u_int8_t *blk)
+aes_encrypt(void *key, u_int8_t *blk)
{
- rijndael_encrypt((rijndael_ctx *) key, (u_char *) blk, (u_char *) blk);
+ struct aes_ctx *ctx = key;
+
+ aes_enc(&ctx->enc, blk, blk, ctx->nr);
}
static void
-rijndael128_decrypt(void *key, u_int8_t *blk)
+aes_decrypt(void *key, u_int8_t *blk)
{
- rijndael_decrypt((rijndael_ctx *) key, (u_char *) blk,
- (u_char *) blk);
+ struct aes_ctx *ctx = key;
+
+ aes_dec(&ctx->dec, blk, blk, ctx->nr);
}
static int
-rijndael128_setkey(u_int8_t **sched, const u_int8_t *key, int len)
+aes_setkey(u_int8_t **sched, const u_int8_t *key, int len)
{
+ struct aes_ctx *ctx;
if (len != 16 && len != 24 && len != 32)
return EINVAL;
- *sched = malloc(sizeof(rijndael_ctx), M_CRYPTO_DATA,
- M_NOWAIT|M_ZERO);
- if (*sched == NULL)
+ ctx = kmem_zalloc(sizeof(*ctx), KM_NOSLEEP);
+ if (ctx == NULL)
return ENOMEM;
- rijndael_set_key((rijndael_ctx *) *sched, key, len * 8);
+
+ switch (len) {
+ case 16:
+ aes_setenckey128(&ctx->enc, key);
+ aes_setdeckey128(&ctx->dec, key);
+ ctx->nr = AES_128_NROUNDS;
+ break;
+ case 24:
+ aes_setenckey192(&ctx->enc, key);
+ aes_setdeckey192(&ctx->dec, key);
+ ctx->nr = AES_192_NROUNDS;
+ break;
+ case 32:
+ aes_setenckey256(&ctx->enc, key);
+ aes_setdeckey256(&ctx->dec, key);
+ ctx->nr = AES_256_NROUNDS;
+ break;
+ }
+
+ *sched = (void *)ctx;
return 0;
}
static void
-rijndael128_zerokey(u_int8_t **sched)
+aes_zerokey(u_int8_t **sched)
{
- memset(*sched, 0, sizeof(rijndael_ctx));
- free(*sched, M_CRYPTO_DATA);
+ struct aes_ctx *ctx = (void *)*sched;
+
+ explicit_memset(ctx, 0, sizeof(*ctx));
+ kmem_free(ctx, sizeof(*ctx));
*sched = NULL;
}
@@ -678,7 +709,7 @@ cml_zerokey(u_int8_t **sched)
struct aes_ctr_ctx {
/* need only encryption half */
- u_int32_t ac_ek[4*(RIJNDAEL_MAXNR + 1)];
+ struct aesenc ac_ek;
u_int8_t ac_block[AESCTR_BLOCKSIZE];
int ac_nr;
struct {
@@ -699,10 +730,10 @@ aes_ctr_crypt(void *key, u_int8_t *blk)
i >= AESCTR_NONCESIZE + AESCTR_IVSIZE; i--)
if (++ctx->ac_block[i]) /* continue on overflow */
break;
- rijndaelEncrypt(ctx->ac_ek, ctx->ac_nr, ctx->ac_block, keystream);
+ aes_enc(&ctx->ac_ek, ctx->ac_block, keystream, ctx->ac_nr);
for (i = 0; i < AESCTR_BLOCKSIZE; i++)
blk[i] ^= keystream[i];
- memset(keystream, 0, sizeof(keystream));
+ explicit_memset(keystream, 0, sizeof(keystream));
}
int
@@ -713,13 +744,20 @@ aes_ctr_setkey(u_int8_t **sched, const u
if (len < AESCTR_NONCESIZE)
return EINVAL;
- ctx = malloc(sizeof(struct aes_ctr_ctx), M_CRYPTO_DATA,
- M_NOWAIT|M_ZERO);
+ ctx = kmem_zalloc(sizeof(*ctx), KM_NOSLEEP);
if (!ctx)
return ENOMEM;
- ctx->ac_nr = rijndaelKeySetupEnc(ctx->ac_ek, (const u_char *)key,
- (len - AESCTR_NONCESIZE) * 8);
- if (!ctx->ac_nr) { /* wrong key len */
+ switch (len) {
+ case 16 + AESCTR_NONCESIZE:
+ ctx->ac_nr = aes_setenckey128(&ctx->ac_ek, key);
+ break;
+ case 24 + AESCTR_NONCESIZE:
+ ctx->ac_nr = aes_setenckey192(&ctx->ac_ek, key);
+ break;
+ case 32 + AESCTR_NONCESIZE:
+ ctx->ac_nr = aes_setenckey256(&ctx->ac_ek, key);
+ break;
+ default:
aes_ctr_zerokey((u_int8_t **)&ctx);
return EINVAL;
}
@@ -733,9 +771,10 @@ aes_ctr_setkey(u_int8_t **sched, const u
void
aes_ctr_zerokey(u_int8_t **sched)
{
+ struct aes_ctr_ctx *ctx = (void *)*sched;
- memset(*sched, 0, sizeof(struct aes_ctr_ctx));
- free(*sched, M_CRYPTO_DATA);
+ explicit_memset(ctx, 0, sizeof(*ctx));
+ kmem_free(ctx, sizeof(*ctx));
*sched = NULL;
}
@@ -783,8 +822,7 @@ aes_gmac_setkey(u_int8_t **sched, const
{
struct aes_gmac_ctx *ctx;
- ctx = malloc(sizeof(struct aes_gmac_ctx), M_CRYPTO_DATA,
- M_NOWAIT|M_ZERO);
+ ctx = kmem_zalloc(sizeof(*ctx), KM_NOSLEEP);
if (!ctx)
return ENOMEM;
@@ -797,8 +835,9 @@ aes_gmac_setkey(u_int8_t **sched, const
void
aes_gmac_zerokey(u_int8_t **sched)
{
+ struct aes_gmac_ctx *ctx = (void *)*sched;
- free(*sched, M_CRYPTO_DATA);
+ kmem_free(ctx, sizeof(*ctx));
*sched = NULL;
}
Index: src/sys/opencrypto/files.opencrypto
diff -u src/sys/opencrypto/files.opencrypto:1.29 src/sys/opencrypto/files.opencrypto:1.30
--- src/sys/opencrypto/files.opencrypto:1.29 Wed Apr 22 09:15:40 2020
+++ src/sys/opencrypto/files.opencrypto Mon Jun 29 23:34:48 2020
@@ -1,4 +1,4 @@
-# $NetBSD: files.opencrypto,v 1.29 2020/04/22 09:15:40 rin Exp $
+# $NetBSD: files.opencrypto,v 1.30 2020/06/29 23:34:48 riastradh Exp $
#
#
@@ -7,7 +7,7 @@
# that use the opencrypto framework, should list opencrypto as a dependency
# to pull in the framework.
-define opencrypto: rijndael
+define opencrypto: aes
file opencrypto/criov.c opencrypto
file opencrypto/xform.c opencrypto
file opencrypto/crypto.c opencrypto
Index: src/sys/opencrypto/xform.c
diff -u src/sys/opencrypto/xform.c:1.29 src/sys/opencrypto/xform.c:1.30
--- src/sys/opencrypto/xform.c:1.29 Thu Jul 6 08:27:07 2017
+++ src/sys/opencrypto/xform.c Mon Jun 29 23:34:48 2020
@@ -1,4 +1,4 @@
-/* $NetBSD: xform.c,v 1.29 2017/07/06 08:27:07 ozaki-r Exp $ */
+/* $NetBSD: xform.c,v 1.30 2020/06/29 23:34:48 riastradh Exp $ */
/* $FreeBSD: src/sys/opencrypto/xform.c,v 1.1.2.1 2002/11/21 23:34:23 sam Exp $ */
/* $OpenBSD: xform.c,v 1.19 2002/08/16 22:47:25 dhartmei Exp $ */
@@ -40,7 +40,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform.c,v 1.29 2017/07/06 08:27:07 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform.c,v 1.30 2020/06/29 23:34:48 riastradh Exp $");
#include <sys/param.h>
#include <sys/malloc.h>
@@ -145,8 +145,8 @@ const struct enc_xform enc_xform_skipjac
};
const struct enc_xform enc_xform_rijndael128 = {
- .type = CRYPTO_RIJNDAEL128_CBC,
- .name = "Rijndael-128/AES",
+ .type = CRYPTO_AES_CBC,
+ .name = "AES",
.blocksize = 16,
.ivsize = 16,
.minkey = 16,
Index: src/sys/opencrypto/gmac.c
diff -u src/sys/opencrypto/gmac.c:1.3 src/sys/opencrypto/gmac.c:1.4
--- src/sys/opencrypto/gmac.c:1.3 Thu Jun 9 14:47:42 2011
+++ src/sys/opencrypto/gmac.c Mon Jun 29 23:34:48 2020
@@ -1,4 +1,4 @@
-/* $NetBSD: gmac.c,v 1.3 2011/06/09 14:47:42 drochner Exp $ */
+/* $NetBSD: gmac.c,v 1.4 2020/06/29 23:34:48 riastradh Exp $ */
/* OpenBSD: gmac.c,v 1.3 2011/01/11 15:44:23 deraadt Exp */
/*
@@ -26,7 +26,8 @@
#include <sys/param.h>
#include <sys/systm.h>
-#include <crypto/rijndael/rijndael.h>
+#include <crypto/aes/aes.h>
+
#include <opencrypto/gmac.h>
void ghash_gfmul(const GMAC_INT *, const GMAC_INT *, GMAC_INT *);
@@ -114,13 +115,25 @@ AES_GMAC_Setkey(AES_GMAC_CTX *ctx, const
{
int i;
- ctx->rounds = rijndaelKeySetupEnc(ctx->K, (const u_char *)key,
- (klen - AESCTR_NONCESIZE) * 8);
+ switch (klen) {
+ case 16 + AESCTR_NONCESIZE:
+ ctx->rounds = aes_setenckey128(&ctx->K, key);
+ break;
+ case 24 + AESCTR_NONCESIZE:
+ ctx->rounds = aes_setenckey192(&ctx->K, key);
+ break;
+ case 32 + AESCTR_NONCESIZE:
+ ctx->rounds = aes_setenckey256(&ctx->K, key);
+ break;
+ default:
+ panic("invalid AES_GMAC_Setkey length in bytes: %u",
+ (unsigned)klen);
+ }
/* copy out salt to the counter block */
memcpy(ctx->J, key + klen - AESCTR_NONCESIZE, AESCTR_NONCESIZE);
/* prepare a hash subkey */
- rijndaelEncrypt(ctx->K, ctx->rounds, (void *)ctx->ghash.H,
- (void *)ctx->ghash.H);
+ aes_enc(&ctx->K, (const void *)ctx->ghash.H, (void *)ctx->ghash.H,
+ ctx->rounds);
#if GMAC_INTLEN == 8
for (i = 0; i < 2; i++)
ctx->ghash.H[i] = be64toh(ctx->ghash.H[i]);
@@ -163,7 +176,7 @@ AES_GMAC_Final(uint8_t digest[GMAC_DIGES
/* do one round of GCTR */
ctx->J[GMAC_BLOCK_LEN - 1] = 1;
- rijndaelEncrypt(ctx->K, ctx->rounds, ctx->J, keystream);
+ aes_enc(&ctx->K, ctx->J, keystream, ctx->rounds);
k = keystream;
d = digest;
#if GMAC_INTLEN == 8
