Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src-draft/trunk]: src/sys/opencrypto opencrypto: Switch from legacy rijndael...



details:   https://anonhg.NetBSD.org/src-all/rev/92e455c4ccb7
branches:  trunk
changeset: 934712:92e455c4ccb7
user:      Taylor R Campbell <riastradh%NetBSD.org@localhost>
date:      Sun Jun 14 19:59:13 2020 +0000

description:
opencrypto: Switch from legacy rijndael API to new aes API.

While here, apply various rijndael->aes renames, and reduce the size
of aesxcbc_ctx by 480 bytes.

Leave in the symbol enc_xform_rijndael128 for now, though, so this
doesn't break any kernel ABI.

diffstat:

 sys/opencrypto/aesxcbcmac.c       |   44 ++++++++-----
 sys/opencrypto/aesxcbcmac.h       |    9 +-
 sys/opencrypto/cryptosoft.c       |   10 +-
 sys/opencrypto/cryptosoft_xform.c |  123 +++++++++++++++++++++++++------------
 sys/opencrypto/files.opencrypto   |    2 +-
 sys/opencrypto/gmac.c             |   24 +++++-
 sys/opencrypto/gmac.h             |    4 +-
 sys/opencrypto/xform.c            |    4 +-
 8 files changed, 141 insertions(+), 79 deletions(-)

diffs (truncated from 502 to 300 lines):

diff -r fa5d0e837b12 -r 92e455c4ccb7 sys/opencrypto/aesxcbcmac.c
--- a/sys/opencrypto/aesxcbcmac.c       Sun Jun 14 19:57:23 2020 +0000
+++ b/sys/opencrypto/aesxcbcmac.c       Sun Jun 14 19:59:13 2020 +0000
@@ -34,7 +34,8 @@
 
 #include <sys/param.h>
 #include <sys/systm.h>
-#include <crypto/rijndael/rijndael.h>
+
+#include <crypto/aes/aes.h>
 
 #include <opencrypto/aesxcbcmac.h>
 
@@ -47,24 +48,31 @@
            { 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2 };
        static const uint8_t k3seed[AES_BLOCKSIZE] =
            { 3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3 };
-       u_int32_t r_ks[(RIJNDAEL_MAXNR+1)*4];
+       struct aesenc r_ks;
        aesxcbc_ctx *ctx;
        uint8_t k1[AES_BLOCKSIZE];
 
        ctx = vctx;
        memset(ctx, 0, sizeof(*ctx));
 
-       if ((ctx->r_nr = rijndaelKeySetupEnc(r_ks, key, keylen * 8)) == 0)
-               return -1;
-       rijndaelEncrypt(r_ks, ctx->r_nr, k1seed, k1);
-       rijndaelEncrypt(r_ks, ctx->r_nr, k2seed, ctx->k2);
-       rijndaelEncrypt(r_ks, ctx->r_nr, k3seed, ctx->k3);
-       if (rijndaelKeySetupEnc(ctx->r_k1s, k1, AES_BLOCKSIZE * 8) == 0)
-               return -1;
-       if (rijndaelKeySetupEnc(ctx->r_k2s, ctx->k2, AES_BLOCKSIZE * 8) == 0)
-               return -1;
-       if (rijndaelKeySetupEnc(ctx->r_k3s, ctx->k3, AES_BLOCKSIZE * 8) == 0)
-               return -1;
+       switch (keylen) {
+       case 16:
+               ctx->r_nr = aes_setenckey128(&r_ks, key);
+               break;
+       case 24:
+               ctx->r_nr = aes_setenckey192(&r_ks, key);
+               break;
+       case 32:
+               ctx->r_nr = aes_setenckey256(&r_ks, key);
+               break;
+       }
+       aes_enc(&r_ks, k1seed, k1, ctx->r_nr);
+       aes_enc(&r_ks, k2seed, ctx->k2, ctx->r_nr);
+       aes_enc(&r_ks, k3seed, ctx->k3, ctx->r_nr);
+       aes_setenckey128(&ctx->r_k1s, k1);
+
+       explicit_memset(&r_ks, 0, sizeof(r_ks));
+       explicit_memset(k1, 0, sizeof(k1));
 
        return 0;
 }
@@ -83,7 +91,7 @@
        if (ctx->buflen == sizeof(ctx->buf)) {
                for (i = 0; i < sizeof(ctx->e); i++)
                        ctx->buf[i] ^= ctx->e[i];
-               rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, ctx->buf, ctx->e);
+               aes_enc(&ctx->r_k1s, ctx->buf, ctx->e, ctx->r_nr);
                ctx->buflen = 0;
        }
        if (ctx->buflen + len < sizeof(ctx->buf)) {
@@ -96,7 +104,7 @@
                    sizeof(ctx->buf) - ctx->buflen);
                for (i = 0; i < sizeof(ctx->e); i++)
                        ctx->buf[i] ^= ctx->e[i];
-               rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, ctx->buf, ctx->e);
+               aes_enc(&ctx->r_k1s, ctx->buf, ctx->e, ctx->r_nr);
                addr += sizeof(ctx->buf) - ctx->buflen;
                ctx->buflen = 0;
        }
@@ -105,7 +113,7 @@
                memcpy(buf, addr, AES_BLOCKSIZE);
                for (i = 0; i < sizeof(buf); i++)
                        buf[i] ^= ctx->e[i];
-               rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, buf, ctx->e);
+               aes_enc(&ctx->r_k1s, buf, ctx->e, ctx->r_nr);
                addr += AES_BLOCKSIZE;
        }
        if (addr < ep) {
@@ -129,7 +137,7 @@
                        ctx->buf[i] ^= ctx->e[i];
                        ctx->buf[i] ^= ctx->k2[i];
                }
-               rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, ctx->buf, digest);
+               aes_enc(&ctx->r_k1s, ctx->buf, digest, ctx->r_nr);
        } else {
                for (i = ctx->buflen; i < sizeof(ctx->buf); i++)
                        ctx->buf[i] = (i == ctx->buflen) ? 0x80 : 0x00;
@@ -137,7 +145,7 @@
                        ctx->buf[i] ^= ctx->e[i];
                        ctx->buf[i] ^= ctx->k3[i];
                }
-               rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, ctx->buf, digest);
+               aes_enc(&ctx->r_k1s, ctx->buf, digest, ctx->r_nr);
        }
 
        memcpy(addr, digest, sizeof(digest));
diff -r fa5d0e837b12 -r 92e455c4ccb7 sys/opencrypto/aesxcbcmac.h
--- a/sys/opencrypto/aesxcbcmac.h       Sun Jun 14 19:57:23 2020 +0000
+++ b/sys/opencrypto/aesxcbcmac.h       Sun Jun 14 19:59:13 2020 +0000
@@ -1,5 +1,8 @@
 /* $NetBSD: aesxcbcmac.h,v 1.1 2011/05/24 19:10:09 drochner Exp $ */
 
+#ifndef        _OPENCRYPTO_AESXCBCMAC_H
+#define        _OPENCRYPTO_AESXCBCMAC_H
+
 #include <sys/types.h>
 
 #define AES_BLOCKSIZE   16
@@ -8,9 +11,7 @@
        u_int8_t        e[AES_BLOCKSIZE];
        u_int8_t        buf[AES_BLOCKSIZE];
        size_t          buflen;
-       u_int32_t       r_k1s[(RIJNDAEL_MAXNR+1)*4];
-       u_int32_t       r_k2s[(RIJNDAEL_MAXNR+1)*4];
-       u_int32_t       r_k3s[(RIJNDAEL_MAXNR+1)*4];
+       struct aesenc   r_k1s;
        int             r_nr; /* key-length-dependent number of rounds */
        u_int8_t        k2[AES_BLOCKSIZE];
        u_int8_t        k3[AES_BLOCKSIZE];
@@ -19,3 +20,5 @@
 int aes_xcbc_mac_init(void *, const u_int8_t *, u_int16_t);
 int aes_xcbc_mac_loop(void *, const u_int8_t *, u_int16_t);
 void aes_xcbc_mac_result(u_int8_t *, void *);
+
+#endif /* _OPENCRYPTO_AESXCBCMAC_H */
diff -r fa5d0e837b12 -r 92e455c4ccb7 sys/opencrypto/cryptosoft.c
--- a/sys/opencrypto/cryptosoft.c       Sun Jun 14 19:57:23 2020 +0000
+++ b/sys/opencrypto/cryptosoft.c       Sun Jun 14 19:59:13 2020 +0000
@@ -831,8 +831,8 @@
                case CRYPTO_SKIPJACK_CBC:
                        txf = &swcr_enc_xform_skipjack;
                        goto enccommon;
-               case CRYPTO_RIJNDAEL128_CBC:
-                       txf = &swcr_enc_xform_rijndael128;
+               case CRYPTO_AES_CBC:
+                       txf = &swcr_enc_xform_aes;
                        goto enccommon;
                case CRYPTO_CAMELLIA_CBC:
                        txf = &swcr_enc_xform_camellia;
@@ -1057,7 +1057,7 @@
                case CRYPTO_BLF_CBC:
                case CRYPTO_CAST_CBC:
                case CRYPTO_SKIPJACK_CBC:
-               case CRYPTO_RIJNDAEL128_CBC:
+               case CRYPTO_AES_CBC:
                case CRYPTO_CAMELLIA_CBC:
                case CRYPTO_AES_CTR:
                case CRYPTO_AES_GCM_16:
@@ -1193,7 +1193,7 @@
                case CRYPTO_BLF_CBC:
                case CRYPTO_CAST_CBC:
                case CRYPTO_SKIPJACK_CBC:
-               case CRYPTO_RIJNDAEL128_CBC:
+               case CRYPTO_AES_CBC:
                case CRYPTO_CAMELLIA_CBC:
                case CRYPTO_AES_CTR:
                        if ((crp->crp_etype = swcr_encdec(crd, sw,
@@ -1294,7 +1294,7 @@
        REGISTER(CRYPTO_AES_128_GMAC);
        REGISTER(CRYPTO_AES_192_GMAC);
        REGISTER(CRYPTO_AES_256_GMAC);
-       REGISTER(CRYPTO_RIJNDAEL128_CBC);
+       REGISTER(CRYPTO_AES_CBC);
        REGISTER(CRYPTO_DEFLATE_COMP);
        REGISTER(CRYPTO_DEFLATE_COMP_NOGROW);
        REGISTER(CRYPTO_GZIP_COMP);
diff -r fa5d0e837b12 -r 92e455c4ccb7 sys/opencrypto/cryptosoft_xform.c
--- a/sys/opencrypto/cryptosoft_xform.c Sun Jun 14 19:57:23 2020 +0000
+++ b/sys/opencrypto/cryptosoft_xform.c Sun Jun 14 19:59:13 2020 +0000
@@ -42,21 +42,22 @@
 #include <sys/cdefs.h>
 __KERNEL_RCSID(1, "$NetBSD: cryptosoft_xform.c,v 1.28 2019/10/12 00:49:30 christos Exp $");
 
-#include <crypto/blowfish/blowfish.h>
-#include <crypto/cast128/cast128.h>
-#include <crypto/des/des.h>
-#include <crypto/rijndael/rijndael.h>
-#include <crypto/skipjack/skipjack.h>
-#include <crypto/camellia/camellia.h>
-
-#include <opencrypto/deflate.h>
-
+#include <sys/cprng.h>
+#include <sys/kmem.h>
 #include <sys/md5.h>
 #include <sys/rmd160.h>
 #include <sys/sha1.h>
 #include <sys/sha2.h>
-#include <sys/cprng.h>
+
+#include <crypto/aes/aes.h>
+#include <crypto/blowfish/blowfish.h>
+#include <crypto/camellia/camellia.h>
+#include <crypto/cast128/cast128.h>
+#include <crypto/des/des.h>
+#include <crypto/skipjack/skipjack.h>
+
 #include <opencrypto/aesxcbcmac.h>
+#include <opencrypto/deflate.h>
 #include <opencrypto/gmac.h>
 
 struct swcr_auth_hash {
@@ -94,7 +95,7 @@
 static int blf_setkey(u_int8_t **, const u_int8_t *, int);
 static int cast5_setkey(u_int8_t **, const u_int8_t *, int);
 static  int skipjack_setkey(u_int8_t **, const u_int8_t *, int);
-static  int rijndael128_setkey(u_int8_t **, const u_int8_t *, int);
+static  int aes_setkey(u_int8_t **, const u_int8_t *, int);
 static  int cml_setkey(u_int8_t **, const u_int8_t *, int);
 static  int aes_ctr_setkey(u_int8_t **, const u_int8_t *, int);
 static int aes_gmac_setkey(u_int8_t **, const u_int8_t *, int);
@@ -103,14 +104,14 @@
 static void blf_encrypt(void *, u_int8_t *);
 static void cast5_encrypt(void *, u_int8_t *);
 static void skipjack_encrypt(void *, u_int8_t *);
-static void rijndael128_encrypt(void *, u_int8_t *);
+static void aes_encrypt(void *, u_int8_t *);
 static  void cml_encrypt(void *, u_int8_t *);
 static void des1_decrypt(void *, u_int8_t *);
 static void des3_decrypt(void *, u_int8_t *);
 static void blf_decrypt(void *, u_int8_t *);
 static void cast5_decrypt(void *, u_int8_t *);
 static void skipjack_decrypt(void *, u_int8_t *);
-static void rijndael128_decrypt(void *, u_int8_t *);
+static void aes_decrypt(void *, u_int8_t *);
 static  void cml_decrypt(void *, u_int8_t *);
 static  void aes_ctr_crypt(void *, u_int8_t *);
 static void des1_zerokey(u_int8_t **);
@@ -118,7 +119,7 @@
 static void blf_zerokey(u_int8_t **);
 static void cast5_zerokey(u_int8_t **);
 static void skipjack_zerokey(u_int8_t **);
-static void rijndael128_zerokey(u_int8_t **);
+static void aes_zerokey(u_int8_t **);
 static  void cml_zerokey(u_int8_t **);
 static  void aes_ctr_zerokey(u_int8_t **);
 static void aes_gmac_zerokey(u_int8_t **);
@@ -204,12 +205,12 @@
        NULL
 };
 
-static const struct swcr_enc_xform swcr_enc_xform_rijndael128 = {
+static const struct swcr_enc_xform swcr_enc_xform_aes = {
        &enc_xform_rijndael128,
-       rijndael128_encrypt,
-       rijndael128_decrypt,
-       rijndael128_setkey,
-       rijndael128_zerokey,
+       aes_encrypt,
+       aes_decrypt,
+       aes_setkey,
+       aes_zerokey,
        NULL
 };
 
@@ -599,38 +600,68 @@
        *sched = NULL;
 }
 
+struct aes_ctx {
+       struct aesenc   enc;
+       struct aesdec   dec;
+       uint32_t        nr;
+};
+
 static void
-rijndael128_encrypt(void *key, u_int8_t *blk)
+aes_encrypt(void *key, u_int8_t *blk)
 {
-       rijndael_encrypt((rijndael_ctx *) key, (u_char *) blk, (u_char *) blk);
+       struct aes_ctx *ctx = key;
+
+       aes_enc(&ctx->enc, blk, blk, ctx->nr);
 }
 
 static void
-rijndael128_decrypt(void *key, u_int8_t *blk)
+aes_decrypt(void *key, u_int8_t *blk)
 {
-       rijndael_decrypt((rijndael_ctx *) key, (u_char *) blk,
-           (u_char *) blk);
+       struct aes_ctx *ctx = key;
+
+       aes_dec(&ctx->dec, blk, blk, ctx->nr);
 }
 
 static int
-rijndael128_setkey(u_int8_t **sched, const u_int8_t *key, int len)
+aes_setkey(u_int8_t **sched, const u_int8_t *key, int len)
 {
+       struct aes_ctx *ctx;
 
        if (len != 16 && len != 24 && len != 32)
                return EINVAL;



Home | Main Index | Thread Index | Old Index