Module Name: src Committed By: drochner Date: Mon May 23 13:51:10 UTC 2011
Modified Files: src/sys/opencrypto: cryptodev.c cryptodev.h cryptosoft.c cryptosoft_xform.c xform.c xform.h Log Message: add an AES-CTR xform, from OpenBSD To generate a diff of this commit: cvs rdiff -u -r1.58 -r1.59 src/sys/opencrypto/cryptodev.c cvs rdiff -u -r1.21 -r1.22 src/sys/opencrypto/cryptodev.h cvs rdiff -u -r1.32 -r1.33 src/sys/opencrypto/cryptosoft.c cvs rdiff -u -r1.17 -r1.18 src/sys/opencrypto/cryptosoft_xform.c cvs rdiff -u -r1.24 -r1.25 src/sys/opencrypto/xform.c cvs rdiff -u -r1.15 -r1.16 src/sys/opencrypto/xform.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/opencrypto/cryptodev.c diff -u src/sys/opencrypto/cryptodev.c:1.58 src/sys/opencrypto/cryptodev.c:1.59 --- src/sys/opencrypto/cryptodev.c:1.58 Mon May 23 13:46:54 2011 +++ src/sys/opencrypto/cryptodev.c Mon May 23 13:51:10 2011 @@ -1,4 +1,4 @@ -/* $NetBSD: cryptodev.c,v 1.58 2011/05/23 13:46:54 drochner Exp $ */ +/* $NetBSD: cryptodev.c,v 1.59 2011/05/23 13:51:10 drochner Exp $ */ /* $FreeBSD: src/sys/opencrypto/cryptodev.c,v 1.4.2.4 2003/06/03 00:09:02 sam Exp $ */ /* $OpenBSD: cryptodev.c,v 1.53 2002/07/10 22:21:30 mickey Exp $ */ @@ -64,7 +64,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: cryptodev.c,v 1.58 2011/05/23 13:46:54 drochner Exp $"); +__KERNEL_RCSID(0, "$NetBSD: cryptodev.c,v 1.59 2011/05/23 13:51:10 drochner Exp $"); #include <sys/param.h> #include <sys/systm.h> @@ -1521,6 +1521,9 @@ case CRYPTO_AES_CBC: txform = &enc_xform_rijndael128; break; + case CRYPTO_AES_CTR: + txform = &enc_xform_aes_ctr; + break; case CRYPTO_NULL_CBC: txform = &enc_xform_null; break; Index: src/sys/opencrypto/cryptodev.h diff -u src/sys/opencrypto/cryptodev.h:1.21 src/sys/opencrypto/cryptodev.h:1.22 --- src/sys/opencrypto/cryptodev.h:1.21 Mon May 16 10:18:52 2011 +++ src/sys/opencrypto/cryptodev.h Mon May 23 13:51:10 2011 @@ -1,4 +1,4 @@ -/* $NetBSD: cryptodev.h,v 1.21 2011/05/16 10:18:52 drochner Exp $ */ +/* $NetBSD: cryptodev.h,v 1.22 2011/05/23 13:51:10 drochner Exp $ */ /* $FreeBSD: src/sys/opencrypto/cryptodev.h,v 1.2.2.6 2003/07/02 17:04:50 sam Exp $ */ /* $OpenBSD: cryptodev.h,v 1.33 2002/07/17 23:52:39 art Exp $ */ @@ -138,7 +138,8 @@ #define CRYPTO_SHA2_384_HMAC 24 #define CRYPTO_SHA2_512_HMAC 25 #define CRYPTO_CAMELLIA_CBC 26 -#define CRYPTO_ALGORITHM_MAX 26 /* Keep updated - see below */ +#define CRYPTO_AES_CTR 27 +#define CRYPTO_ALGORITHM_MAX 27 /* Keep updated - see below */ /* Algorithm flags */ #define CRYPTO_ALG_FLAG_SUPPORTED 0x01 /* Algorithm is supported */ Index: src/sys/opencrypto/cryptosoft.c diff -u src/sys/opencrypto/cryptosoft.c:1.32 src/sys/opencrypto/cryptosoft.c:1.33 --- src/sys/opencrypto/cryptosoft.c:1.32 Mon May 23 13:46:54 2011 +++ src/sys/opencrypto/cryptosoft.c Mon May 23 13:51:10 2011 @@ -1,4 +1,4 @@ -/* $NetBSD: cryptosoft.c,v 1.32 2011/05/23 13:46:54 drochner Exp $ */ +/* $NetBSD: cryptosoft.c,v 1.33 2011/05/23 13:51:10 drochner Exp $ */ /* $FreeBSD: src/sys/opencrypto/cryptosoft.c,v 1.2.2.1 2002/11/21 23:34:23 sam Exp $ */ /* $OpenBSD: cryptosoft.c,v 1.35 2002/04/26 08:43:50 deraadt Exp $ */ @@ -24,7 +24,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: cryptosoft.c,v 1.32 2011/05/23 13:46:54 drochner Exp $"); +__KERNEL_RCSID(0, "$NetBSD: cryptosoft.c,v 1.33 2011/05/23 13:51:10 drochner Exp $"); #include <sys/param.h> #include <sys/systm.h> @@ -702,6 +702,9 @@ case CRYPTO_CAMELLIA_CBC: txf = &swcr_enc_xform_camellia; goto enccommon; + case CRYPTO_AES_CTR: + txf = &swcr_enc_xform_aes_ctr; + goto enccommon; case CRYPTO_NULL_CBC: txf = &swcr_enc_xform_null; goto enccommon; @@ -889,6 +892,7 @@ case CRYPTO_SKIPJACK_CBC: case CRYPTO_RIJNDAEL128_CBC: case CRYPTO_CAMELLIA_CBC: + case CRYPTO_AES_CTR: case CRYPTO_NULL_CBC: txf = swd->sw_exf; @@ -1017,6 +1021,7 @@ case CRYPTO_SKIPJACK_CBC: case CRYPTO_RIJNDAEL128_CBC: case CRYPTO_CAMELLIA_CBC: + case CRYPTO_AES_CTR: if ((crp->crp_etype = swcr_encdec(crd, sw, crp->crp_buf, type)) != 0) goto done; @@ -1084,6 +1089,7 @@ REGISTER(CRYPTO_CAST_CBC); REGISTER(CRYPTO_SKIPJACK_CBC); REGISTER(CRYPTO_CAMELLIA_CBC); + REGISTER(CRYPTO_AES_CTR); REGISTER(CRYPTO_NULL_CBC); REGISTER(CRYPTO_MD5_HMAC); REGISTER(CRYPTO_MD5_HMAC_96); Index: src/sys/opencrypto/cryptosoft_xform.c diff -u src/sys/opencrypto/cryptosoft_xform.c:1.17 src/sys/opencrypto/cryptosoft_xform.c:1.18 --- src/sys/opencrypto/cryptosoft_xform.c:1.17 Mon May 23 13:46:54 2011 +++ src/sys/opencrypto/cryptosoft_xform.c Mon May 23 13:51:10 2011 @@ -1,4 +1,4 @@ -/* $NetBSD: cryptosoft_xform.c,v 1.17 2011/05/23 13:46:54 drochner Exp $ */ +/* $NetBSD: cryptosoft_xform.c,v 1.18 2011/05/23 13:51:10 drochner Exp $ */ /* $FreeBSD: src/sys/opencrypto/xform.c,v 1.1.2.1 2002/11/21 23:34:23 sam Exp $ */ /* $OpenBSD: xform.c,v 1.19 2002/08/16 22:47:25 dhartmei Exp $ */ @@ -40,7 +40,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(1, "$NetBSD: cryptosoft_xform.c,v 1.17 2011/05/23 13:46:54 drochner Exp $"); +__KERNEL_RCSID(1, "$NetBSD: cryptosoft_xform.c,v 1.18 2011/05/23 13:51:10 drochner Exp $"); #include <crypto/blowfish/blowfish.h> #include <crypto/cast128/cast128.h> @@ -89,6 +89,7 @@ static int skipjack_setkey(u_int8_t **, const u_int8_t *, int); static int rijndael128_setkey(u_int8_t **, const u_int8_t *, int); static int cml_setkey(u_int8_t **, const u_int8_t *, int); +static int aes_ctr_setkey(u_int8_t **, const u_int8_t *, int); static void des1_encrypt(void *, u_int8_t *); static void des3_encrypt(void *, u_int8_t *); static void blf_encrypt(void *, u_int8_t *); @@ -103,6 +104,7 @@ static void skipjack_decrypt(void *, u_int8_t *); static void rijndael128_decrypt(void *, u_int8_t *); static void cml_decrypt(void *, u_int8_t *); +static void aes_ctr_crypt(void *, u_int8_t *); static void des1_zerokey(u_int8_t **); static void des3_zerokey(u_int8_t **); static void blf_zerokey(u_int8_t **); @@ -110,6 +112,8 @@ static void skipjack_zerokey(u_int8_t **); static void rijndael128_zerokey(u_int8_t **); static void cml_zerokey(u_int8_t **); +static void aes_ctr_zerokey(u_int8_t **); +static void aes_ctr_reinit(void *, const u_int8_t *); static void null_init(void *); static int null_update(void *, const u_int8_t *, u_int16_t); @@ -198,6 +202,15 @@ NULL }; +static const struct swcr_enc_xform swcr_enc_xform_aes_ctr = { + &enc_xform_aes_ctr, + aes_ctr_crypt, + aes_ctr_crypt, + aes_ctr_setkey, + aes_ctr_zerokey, + aes_ctr_reinit +}; + static const struct swcr_enc_xform swcr_enc_xform_arc4 = { &enc_xform_arc4, NULL, @@ -625,6 +638,78 @@ *sched = NULL; } +#define AESCTR_NONCESIZE 4 +#define AESCTR_IVSIZE 8 +#define AESCTR_BLOCKSIZE 16 + +struct aes_ctr_ctx { + /* need only encryption half */ + u_int32_t ac_ek[4*(RIJNDAEL_MAXNR + 1)]; + u_int8_t ac_block[AESCTR_BLOCKSIZE]; + int ac_nr; +}; + +static void +aes_ctr_crypt(void *key, u_int8_t *blk) +{ + struct aes_ctr_ctx *ctx; + u_int8_t keystream[AESCTR_BLOCKSIZE]; + int i; + + ctx = key; + /* increment counter */ + for (i = AESCTR_BLOCKSIZE - 1; + i >= AESCTR_NONCESIZE + AESCTR_IVSIZE; i--) + if (++ctx->ac_block[i]) /* continue on overflow */ + break; + rijndaelEncrypt(ctx->ac_ek, ctx->ac_nr, ctx->ac_block, keystream); + for (i = 0; i < AESCTR_BLOCKSIZE; i++) + blk[i] ^= keystream[i]; + memset(keystream, 0, sizeof(keystream)); +} + +int +aes_ctr_setkey(u_int8_t **sched, const u_int8_t *key, int len) +{ + struct aes_ctr_ctx *ctx; + + if (len < AESCTR_NONCESIZE) + return EINVAL; + + ctx = malloc(sizeof(struct aes_ctr_ctx), M_CRYPTO_DATA, + M_NOWAIT|M_ZERO); + if (!ctx) + return ENOMEM; + ctx->ac_nr = rijndaelKeySetupEnc(ctx->ac_ek, (const u_char *)key, + (len - AESCTR_NONCESIZE) * 8); + if (!ctx->ac_nr) { /* wrong key len */ + aes_ctr_zerokey((u_int8_t **)&ctx); + return EINVAL; + } + memcpy(ctx->ac_block, key + len - AESCTR_NONCESIZE, AESCTR_NONCESIZE); + *sched = (void *)ctx; + return 0; +} + +void +aes_ctr_zerokey(u_int8_t **sched) +{ + + memset(*sched, 0, sizeof(struct aes_ctr_ctx)); + free(*sched, M_CRYPTO_DATA); + *sched = NULL; +} + +void +aes_ctr_reinit(void *key, const u_int8_t *iv) +{ + struct aes_ctr_ctx *ctx = key; + + memcpy(ctx->ac_block + AESCTR_NONCESIZE, iv, AESCTR_IVSIZE); + /* reset counter */ + memset(ctx->ac_block + AESCTR_NONCESIZE + AESCTR_IVSIZE, 0, 4); +} + /* * And now for auth. */ Index: src/sys/opencrypto/xform.c diff -u src/sys/opencrypto/xform.c:1.24 src/sys/opencrypto/xform.c:1.25 --- src/sys/opencrypto/xform.c:1.24 Mon May 23 13:46:54 2011 +++ src/sys/opencrypto/xform.c Mon May 23 13:51:10 2011 @@ -1,4 +1,4 @@ -/* $NetBSD: xform.c,v 1.24 2011/05/23 13:46:54 drochner Exp $ */ +/* $NetBSD: xform.c,v 1.25 2011/05/23 13:51:10 drochner Exp $ */ /* $FreeBSD: src/sys/opencrypto/xform.c,v 1.1.2.1 2002/11/21 23:34:23 sam Exp $ */ /* $OpenBSD: xform.c,v 1.19 2002/08/16 22:47:25 dhartmei Exp $ */ @@ -40,7 +40,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: xform.c,v 1.24 2011/05/23 13:46:54 drochner Exp $"); +__KERNEL_RCSID(0, "$NetBSD: xform.c,v 1.25 2011/05/23 13:51:10 drochner Exp $"); #include <sys/param.h> #include <sys/malloc.h> @@ -135,6 +135,11 @@ 16, 16, 8, 32 }; +const struct enc_xform enc_xform_aes_ctr = { + CRYPTO_AES_CTR, "AES-CTR", + 16, 8, 16+4, 32+4 +}; + /* Authentication instances */ const struct auth_hash auth_hash_null = { CRYPTO_NULL_HMAC, "NULL-HMAC", Index: src/sys/opencrypto/xform.h diff -u src/sys/opencrypto/xform.h:1.15 src/sys/opencrypto/xform.h:1.16 --- src/sys/opencrypto/xform.h:1.15 Mon May 23 13:46:54 2011 +++ src/sys/opencrypto/xform.h Mon May 23 13:51:10 2011 @@ -1,4 +1,4 @@ -/* $NetBSD: xform.h,v 1.15 2011/05/23 13:46:54 drochner Exp $ */ +/* $NetBSD: xform.h,v 1.16 2011/05/23 13:51:10 drochner Exp $ */ /* $FreeBSD: src/sys/opencrypto/xform.h,v 1.1.2.1 2002/11/21 23:34:23 sam Exp $ */ /* $OpenBSD: xform.h,v 1.10 2002/04/22 23:10:09 deraadt Exp $ */ @@ -70,6 +70,7 @@ extern const struct enc_xform enc_xform_rijndael128; extern const struct enc_xform enc_xform_arc4; extern const struct enc_xform enc_xform_camellia; +extern const struct enc_xform enc_xform_aes_ctr; extern const struct auth_hash auth_hash_null; extern const struct auth_hash auth_hash_md5;