Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src copy AES-XCBC-MAC support from KAME IPSEC to FAST_IPSEC
details: https://anonhg.NetBSD.org/src/rev/319549692b38
branches: trunk
changeset: 765383:319549692b38
user: drochner <drochner%NetBSD.org@localhost>
date: Tue May 24 19:10:08 2011 +0000
description:
copy AES-XCBC-MAC support from KAME IPSEC to FAST_IPSEC
For this to fit, an API change in cryptosoft was adopted from OpenBSD
(addition of a "Setkey" method to hashes) which was done for GCM/GMAC
support there, so it might be useful in the future anyway.
tested against KAME IPSEC
AFAICT, FAST_IPSEC now supports as much as KAME.
diffstat:
sys/netipsec/xform_ah.c | 6 +-
sys/opencrypto/aesxcbcmac.c | 141 ++++++++++++++++++++++++++++++++++++++
sys/opencrypto/aesxcbcmac.h | 21 +++++
sys/opencrypto/cryptodev.c | 7 +-
sys/opencrypto/cryptodev.h | 5 +-
sys/opencrypto/cryptosoft.c | 23 +++++-
sys/opencrypto/cryptosoft_xform.c | 41 ++++++----
sys/opencrypto/files.opencrypto | 3 +-
sys/opencrypto/xform.c | 9 +-
sys/opencrypto/xform.h | 3 +-
usr.bin/netstat/fast_ipsec.c | 5 +-
11 files changed, 234 insertions(+), 30 deletions(-)
diffs (truncated from 550 to 300 lines):
diff -r 9f37bc51ea74 -r 319549692b38 sys/netipsec/xform_ah.c
--- a/sys/netipsec/xform_ah.c Tue May 24 18:59:21 2011 +0000
+++ b/sys/netipsec/xform_ah.c Tue May 24 19:10:08 2011 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_ah.c,v 1.32 2011/05/06 21:48:46 drochner Exp $ */
+/* $NetBSD: xform_ah.c,v 1.33 2011/05/24 19:10:08 drochner Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_ah.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_ah.c,v 1.63 2001/06/26 06:18:58 angelos Exp $ */
/*
@@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.32 2011/05/06 21:48:46 drochner Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.33 2011/05/24 19:10:08 drochner Exp $");
#include "opt_inet.h"
#ifdef __FreeBSD__
@@ -147,6 +147,8 @@
return &auth_hash_hmac_sha2_384;
case SADB_X_AALG_SHA2_512:
return &auth_hash_hmac_sha2_512;
+ case SADB_X_AALG_AES_XCBC_MAC:
+ return &auth_hash_aes_xcbc_mac_96;
}
return NULL;
}
diff -r 9f37bc51ea74 -r 319549692b38 sys/opencrypto/aesxcbcmac.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/sys/opencrypto/aesxcbcmac.c Tue May 24 19:10:08 2011 +0000
@@ -0,0 +1,141 @@
+/* $NetBSD: aesxcbcmac.c,v 1.1 2011/05/24 19:10:08 drochner Exp $ */
+
+/*
+ * Copyright (C) 1995, 1996, 1997, 1998 and 2003 WIDE Project.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the project nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <sys/cdefs.h>
+__KERNEL_RCSID(0, "$NetBSD: aesxcbcmac.c,v 1.1 2011/05/24 19:10:08 drochner Exp $");
+
+#include <sys/param.h>
+#include <sys/systm.h>
+#include <crypto/rijndael/rijndael.h>
+
+#include <opencrypto/aesxcbcmac.h>
+
+int
+aes_xcbc_mac_init(void *vctx, const u_int8_t *key, u_int16_t keylen)
+{
+ u_int8_t k1seed[AES_BLOCKSIZE] = { 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 };
+ u_int8_t k2seed[AES_BLOCKSIZE] = { 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2 };
+ u_int8_t k3seed[AES_BLOCKSIZE] = { 3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3 };
+ u_int32_t r_ks[(RIJNDAEL_MAXNR+1)*4];
+ aesxcbc_ctx *ctx;
+ u_int8_t k1[AES_BLOCKSIZE];
+
+ ctx = (aesxcbc_ctx *)vctx;
+ memset(ctx, 0, sizeof(aesxcbc_ctx));
+
+ if ((ctx->r_nr = rijndaelKeySetupEnc(r_ks, key, keylen * 8)) == 0)
+ return -1;
+ rijndaelEncrypt(r_ks, ctx->r_nr, k1seed, k1);
+ rijndaelEncrypt(r_ks, ctx->r_nr, k2seed, ctx->k2);
+ rijndaelEncrypt(r_ks, ctx->r_nr, k3seed, ctx->k3);
+ if (rijndaelKeySetupEnc(ctx->r_k1s, k1, AES_BLOCKSIZE * 8) == 0)
+ return -1;
+ if (rijndaelKeySetupEnc(ctx->r_k2s, ctx->k2, AES_BLOCKSIZE * 8) == 0)
+ return -1;
+ if (rijndaelKeySetupEnc(ctx->r_k3s, ctx->k3, AES_BLOCKSIZE * 8) == 0)
+ return -1;
+
+ return 0;
+}
+
+int
+aes_xcbc_mac_loop(void *vctx, const u_int8_t *addr, u_int16_t len)
+{
+ u_int8_t buf[AES_BLOCKSIZE];
+ aesxcbc_ctx *ctx;
+ const u_int8_t *ep;
+ int i;
+
+ ctx = (aesxcbc_ctx *)vctx;
+ ep = addr + len;
+
+ if (ctx->buflen == sizeof(ctx->buf)) {
+ for (i = 0; i < sizeof(ctx->e); i++)
+ ctx->buf[i] ^= ctx->e[i];
+ rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, ctx->buf, ctx->e);
+ ctx->buflen = 0;
+ }
+ if (ctx->buflen + len < sizeof(ctx->buf)) {
+ memcpy(ctx->buf + ctx->buflen, addr, len);
+ ctx->buflen += len;
+ return 0;
+ }
+ if (ctx->buflen && ctx->buflen + len > sizeof(ctx->buf)) {
+ memcpy(ctx->buf + ctx->buflen, addr,
+ sizeof(ctx->buf) - ctx->buflen);
+ for (i = 0; i < sizeof(ctx->e); i++)
+ ctx->buf[i] ^= ctx->e[i];
+ rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, ctx->buf, ctx->e);
+ addr += sizeof(ctx->buf) - ctx->buflen;
+ ctx->buflen = 0;
+ }
+ /* due to the special processing for M[n], "=" case is not included */
+ while (addr + AES_BLOCKSIZE < ep) {
+ memcpy(buf, addr, AES_BLOCKSIZE);
+ for (i = 0; i < sizeof(buf); i++)
+ buf[i] ^= ctx->e[i];
+ rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, buf, ctx->e);
+ addr += AES_BLOCKSIZE;
+ }
+ if (addr < ep) {
+ memcpy(ctx->buf + ctx->buflen, addr, ep - addr);
+ ctx->buflen += ep - addr;
+ }
+ return 0;
+}
+
+void
+aes_xcbc_mac_result(u_int8_t *addr, void *vctx)
+{
+ u_char digest[AES_BLOCKSIZE];
+ aesxcbc_ctx *ctx;
+ int i;
+
+ ctx = (aesxcbc_ctx *)vctx;
+
+ if (ctx->buflen == sizeof(ctx->buf)) {
+ for (i = 0; i < sizeof(ctx->buf); i++) {
+ ctx->buf[i] ^= ctx->e[i];
+ ctx->buf[i] ^= ctx->k2[i];
+ }
+ rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, ctx->buf, digest);
+ } else {
+ for (i = ctx->buflen; i < sizeof(ctx->buf); i++)
+ ctx->buf[i] = (i == ctx->buflen) ? 0x80 : 0x00;
+ for (i = 0; i < sizeof(ctx->buf); i++) {
+ ctx->buf[i] ^= ctx->e[i];
+ ctx->buf[i] ^= ctx->k3[i];
+ }
+ rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, ctx->buf, digest);
+ }
+
+ memcpy(addr, digest, sizeof(digest));
+}
diff -r 9f37bc51ea74 -r 319549692b38 sys/opencrypto/aesxcbcmac.h
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/sys/opencrypto/aesxcbcmac.h Tue May 24 19:10:08 2011 +0000
@@ -0,0 +1,21 @@
+/* $NetBSD: aesxcbcmac.h,v 1.1 2011/05/24 19:10:09 drochner Exp $ */
+
+#include <sys/types.h>
+
+#define AES_BLOCKSIZE 16
+
+typedef struct {
+ u_int8_t e[AES_BLOCKSIZE];
+ u_int8_t buf[AES_BLOCKSIZE];
+ size_t buflen;
+ u_int32_t r_k1s[(RIJNDAEL_MAXNR+1)*4];
+ u_int32_t r_k2s[(RIJNDAEL_MAXNR+1)*4];
+ u_int32_t r_k3s[(RIJNDAEL_MAXNR+1)*4];
+ int r_nr; /* key-length-dependent number of rounds */
+ u_int8_t k2[AES_BLOCKSIZE];
+ u_int8_t k3[AES_BLOCKSIZE];
+} aesxcbc_ctx;
+
+int aes_xcbc_mac_init(void *, const u_int8_t *, u_int16_t);
+int aes_xcbc_mac_loop(void *, const u_int8_t *, u_int16_t);
+void aes_xcbc_mac_result(u_int8_t *, void *);
diff -r 9f37bc51ea74 -r 319549692b38 sys/opencrypto/cryptodev.c
--- a/sys/opencrypto/cryptodev.c Tue May 24 18:59:21 2011 +0000
+++ b/sys/opencrypto/cryptodev.c Tue May 24 19:10:08 2011 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: cryptodev.c,v 1.62 2011/05/23 15:37:36 drochner Exp $ */
+/* $NetBSD: cryptodev.c,v 1.63 2011/05/24 19:10:09 drochner Exp $ */
/* $FreeBSD: src/sys/opencrypto/cryptodev.c,v 1.4.2.4 2003/06/03 00:09:02 sam Exp $ */
/* $OpenBSD: cryptodev.c,v 1.53 2002/07/10 22:21:30 mickey Exp $ */
@@ -64,7 +64,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: cryptodev.c,v 1.62 2011/05/23 15:37:36 drochner Exp $");
+__KERNEL_RCSID(0, "$NetBSD: cryptodev.c,v 1.63 2011/05/24 19:10:09 drochner Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -1595,6 +1595,9 @@
case CRYPTO_SHA1:
thash = &auth_hash_sha1;
break;
+ case CRYPTO_AES_XCBC_MAC_96:
+ thash = &auth_hash_aes_xcbc_mac_96;
+ break;
case CRYPTO_NULL_HMAC:
thash = &auth_hash_null;
break;
diff -r 9f37bc51ea74 -r 319549692b38 sys/opencrypto/cryptodev.h
--- a/sys/opencrypto/cryptodev.h Tue May 24 18:59:21 2011 +0000
+++ b/sys/opencrypto/cryptodev.h Tue May 24 19:10:08 2011 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: cryptodev.h,v 1.22 2011/05/23 13:51:10 drochner Exp $ */
+/* $NetBSD: cryptodev.h,v 1.23 2011/05/24 19:10:09 drochner Exp $ */
/* $FreeBSD: src/sys/opencrypto/cryptodev.h,v 1.2.2.6 2003/07/02 17:04:50 sam Exp $ */
/* $OpenBSD: cryptodev.h,v 1.33 2002/07/17 23:52:39 art Exp $ */
@@ -139,7 +139,8 @@
#define CRYPTO_SHA2_512_HMAC 25
#define CRYPTO_CAMELLIA_CBC 26
#define CRYPTO_AES_CTR 27
-#define CRYPTO_ALGORITHM_MAX 27 /* Keep updated - see below */
+#define CRYPTO_AES_XCBC_MAC_96 28
+#define CRYPTO_ALGORITHM_MAX 28 /* Keep updated - see below */
/* Algorithm flags */
#define CRYPTO_ALG_FLAG_SUPPORTED 0x01 /* Algorithm is supported */
diff -r 9f37bc51ea74 -r 319549692b38 sys/opencrypto/cryptosoft.c
--- a/sys/opencrypto/cryptosoft.c Tue May 24 18:59:21 2011 +0000
+++ b/sys/opencrypto/cryptosoft.c Tue May 24 19:10:08 2011 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: cryptosoft.c,v 1.35 2011/05/24 18:59:22 drochner Exp $ */
+/* $NetBSD: cryptosoft.c,v 1.36 2011/05/24 19:10:10 drochner Exp $ */
/* $FreeBSD: src/sys/opencrypto/cryptosoft.c,v 1.2.2.1 2002/11/21 23:34:23 sam Exp $ */
/* $OpenBSD: cryptosoft.c,v 1.35 2002/04/26 08:43:50 deraadt Exp $ */
@@ -24,7 +24,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: cryptosoft.c,v 1.35 2011/05/24 18:59:22 drochner Exp $");
+__KERNEL_RCSID(0, "$NetBSD: cryptosoft.c,v 1.36 2011/05/24 19:10:10 drochner Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -47,6 +47,7 @@
SHA256_CTX sha256ctx;
SHA384_CTX sha384ctx;
SHA512_CTX sha512ctx;
+ aesxcbc_ctx aesxcbcctx;
};
struct swcr_data **swcr_sessions = NULL;
@@ -536,6 +537,7 @@
case CRYPTO_NULL_HMAC:
case CRYPTO_MD5:
case CRYPTO_SHA1:
+ case CRYPTO_AES_XCBC_MAC_96:
axf->Final(aalg, &ctx);
break;
}
@@ -838,6 +840,20 @@
(*swd)->sw_axf = axf;
break;
+ case CRYPTO_AES_XCBC_MAC_96:
+ axf = &swcr_auth_hash_aes_xcbc_mac;
+ (*swd)->sw_ictx = malloc(axf->ctxsize,
+ M_CRYPTO_DATA, M_NOWAIT);
+ if ((*swd)->sw_ictx == NULL) {
+ swcr_freesession(NULL, i);
+ return ENOBUFS;
+ }
+ axf->Init((*swd)->sw_ictx);
+ axf->Setkey((*swd)->sw_ictx,
+ cri->cri_key, cri->cri_klen / 8);
+ (*swd)->sw_axf = axf;
+ break;
+
case CRYPTO_DEFLATE_COMP:
cxf = &swcr_comp_algo_deflate;
(*swd)->sw_cxf = cxf;
@@ -941,6 +957,7 @@
Home |
Main Index |
Thread Index |
Old Index