opencrypto

Matthias Drochner Tue, 07 Jun 2011 08:58:23 -0700

Module Name:    src
Committed By:   drochner
Date:           Tue Jun  7 15:57:52 UTC 2011


Modified Files:
        src/sys/opencrypto: cryptosoft.c cryptosoft_xform.c

Log Message:
use a simple counter as IV for AES-GMAC as suggested in RFC4543


To generate a diff of this commit:
cvs rdiff -u -r1.37 -r1.38 src/sys/opencrypto/cryptosoft.c
cvs rdiff -u -r1.23 -r1.24 src/sys/opencrypto/cryptosoft_xform.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/opencrypto/cryptosoft.c
diff -u src/sys/opencrypto/cryptosoft.c:1.37 src/sys/opencrypto/cryptosoft.c:1.38
--- src/sys/opencrypto/cryptosoft.c:1.37	Thu May 26 21:50:03 2011
+++ src/sys/opencrypto/cryptosoft.c	Tue Jun  7 15:57:51 2011
@@ -1,4 +1,4 @@
-/*	$NetBSD: cryptosoft.c,v 1.37 2011/05/26 21:50:03 drochner Exp $ */
+/*	$NetBSD: cryptosoft.c,v 1.38 2011/06/07 15:57:51 drochner Exp $ */
 /*	$FreeBSD: src/sys/opencrypto/cryptosoft.c,v 1.2.2.1 2002/11/21 23:34:23 sam Exp $	*/
 /*	$OpenBSD: cryptosoft.c,v 1.35 2002/04/26 08:43:50 deraadt Exp $	*/
 
@@ -24,7 +24,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: cryptosoft.c,v 1.37 2011/05/26 21:50:03 drochner Exp $");
+__KERNEL_RCSID(0, "$NetBSD: cryptosoft.c,v 1.38 2011/06/07 15:57:51 drochner Exp $");
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -852,6 +852,9 @@
 		case CRYPTO_AES_GCM_16:
 			txf = &swcr_enc_xform_aes_gcm;
 			goto enccommon;
+		case CRYPTO_AES_GMAC:
+			txf = &swcr_enc_xform_aes_gmac;
+			goto enccommon;
 		case CRYPTO_NULL_CBC:
 			txf = &swcr_enc_xform_null;
 			goto enccommon;
@@ -865,11 +868,6 @@
 			(*swd)->sw_exf = txf;
 			break;
 
-		case CRYPTO_AES_GMAC:
-			txf = &swcr_enc_xform_aes_gmac;
-			(*swd)->sw_exf = txf;
-			break;
-
 		case CRYPTO_MD5_HMAC:
 			axf = &swcr_auth_hash_hmac_md5;
 			goto authcommon;
@@ -1070,6 +1068,7 @@
 		case CRYPTO_CAMELLIA_CBC:
 		case CRYPTO_AES_CTR:
 		case CRYPTO_AES_GCM_16:
+		case CRYPTO_AES_GMAC:
 		case CRYPTO_NULL_CBC:
 			txf = swd->sw_exf;
 
@@ -1077,9 +1076,6 @@
 				txf->zerokey(&(swd->sw_kschedule));
 			break;
 
-		case CRYPTO_AES_GMAC:
-			break;
-
 		case CRYPTO_MD5_HMAC:
 		case CRYPTO_MD5_HMAC_96:
 		case CRYPTO_SHA1_HMAC:

Index: src/sys/opencrypto/cryptosoft_xform.c
diff -u src/sys/opencrypto/cryptosoft_xform.c:1.23 src/sys/opencrypto/cryptosoft_xform.c:1.24
--- src/sys/opencrypto/cryptosoft_xform.c:1.23	Thu May 26 21:50:03 2011
+++ src/sys/opencrypto/cryptosoft_xform.c	Tue Jun  7 15:57:52 2011
@@ -1,4 +1,4 @@
-/*	$NetBSD: cryptosoft_xform.c,v 1.23 2011/05/26 21:50:03 drochner Exp $ */
+/*	$NetBSD: cryptosoft_xform.c,v 1.24 2011/06/07 15:57:52 drochner Exp $ */
 /*	$FreeBSD: src/sys/opencrypto/xform.c,v 1.1.2.1 2002/11/21 23:34:23 sam Exp $	*/
 /*	$OpenBSD: xform.c,v 1.19 2002/08/16 22:47:25 dhartmei Exp $	*/
 
@@ -40,7 +40,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(1, "$NetBSD: cryptosoft_xform.c,v 1.23 2011/05/26 21:50:03 drochner Exp $");
+__KERNEL_RCSID(1, "$NetBSD: cryptosoft_xform.c,v 1.24 2011/06/07 15:57:52 drochner Exp $");
 
 #include <crypto/blowfish/blowfish.h>
 #include <crypto/cast128/cast128.h>
@@ -96,6 +96,7 @@
 static  int rijndael128_setkey(u_int8_t **, const u_int8_t *, int);
 static  int cml_setkey(u_int8_t **, const u_int8_t *, int);
 static  int aes_ctr_setkey(u_int8_t **, const u_int8_t *, int);
+static	int aes_gmac_setkey(u_int8_t **, const u_int8_t *, int);
 static	void des1_encrypt(void *, u_int8_t *);
 static	void des3_encrypt(void *, u_int8_t *);
 static	void blf_encrypt(void *, u_int8_t *);
@@ -119,8 +120,10 @@
 static	void rijndael128_zerokey(u_int8_t **);
 static  void cml_zerokey(u_int8_t **);
 static  void aes_ctr_zerokey(u_int8_t **);
+static	void aes_gmac_zerokey(u_int8_t **);
 static  void aes_ctr_reinit(void *, const u_int8_t *, u_int8_t *);
 static  void aes_gcm_reinit(void *, const u_int8_t *, u_int8_t *);
+static	void aes_gmac_reinit(void *, const u_int8_t *, u_int8_t *);
 
 static	void null_init(void *);
 static	int null_update(void *, const u_int8_t *, u_int16_t);
@@ -231,9 +234,9 @@
 	&enc_xform_aes_gmac,
 	NULL,
 	NULL,
-	NULL,
-	NULL,
-	NULL
+	aes_gmac_setkey,
+	aes_gmac_zerokey,
+	aes_gmac_reinit
 };
 
 static const struct swcr_enc_xform swcr_enc_xform_camellia = {
@@ -788,6 +791,49 @@
 	ctx->ac_block[AESCTR_BLOCKSIZE - 1] = 1; /* GCM starts with 1 */
 }
 
+struct aes_gmac_ctx {
+	struct {
+		u_int64_t lastiv;
+	} ivgenctx;
+};
+
+int
+aes_gmac_setkey(u_int8_t **sched, const u_int8_t *key, int len)
+{
+	struct aes_gmac_ctx *ctx;
+
+	ctx = malloc(sizeof(struct aes_gmac_ctx), M_CRYPTO_DATA,
+		     M_NOWAIT|M_ZERO);
+	if (!ctx)
+		return ENOMEM;
+
+	/* random start value for simple counter */
+	arc4randbytes(&ctx->ivgenctx.lastiv, sizeof(ctx->ivgenctx.lastiv));
+	*sched = (void *)ctx;
+	return 0;
+}
+
+void
+aes_gmac_zerokey(u_int8_t **sched)
+{
+
+	free(*sched, M_CRYPTO_DATA);
+	*sched = NULL;
+}
+
+void
+aes_gmac_reinit(void *key, const u_int8_t *iv, u_int8_t *ivout)
+{
+	struct aes_gmac_ctx *ctx = key;
+
+	if (!iv) {
+		ctx->ivgenctx.lastiv++;
+		iv = (const u_int8_t *)&ctx->ivgenctx.lastiv;
+	}
+	if (ivout)
+		memcpy(ivout, iv, AESCTR_IVSIZE);
+}
+
 /*
  * And now for auth.
  */

CVS commit: src/sys/opencrypto

Reply via email to