Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src-draft/trunk]: src/sys/opencrypto opencrypto: Switch from legacy rijndael...
details: https://anonhg.NetBSD.org/src-all/rev/0a5e234aa79d
branches: trunk
changeset: 935252:0a5e234aa79d
user: Taylor R Campbell <riastradh%NetBSD.org@localhost>
date: Sun Jun 14 19:59:13 2020 +0000
description:
opencrypto: Switch from legacy rijndael API to new aes API.
While here, apply various rijndael->aes renames, reduce the size
of aesxcbc_ctx by 480 bytes, and convert some malloc->kmem.
Leave in the symbol enc_xform_rijndael128 for now, though, so this
doesn't break any kernel ABI.
diffstat:
sys/opencrypto/aesxcbcmac.c | 44 +++++++-----
sys/opencrypto/aesxcbcmac.h | 9 +-
sys/opencrypto/cryptosoft.c | 39 +++++------
sys/opencrypto/cryptosoft_xform.c | 129 ++++++++++++++++++++++++-------------
sys/opencrypto/files.opencrypto | 2 +-
sys/opencrypto/gmac.c | 25 +++++-
sys/opencrypto/gmac.h | 4 +-
sys/opencrypto/xform.c | 4 +-
8 files changed, 157 insertions(+), 99 deletions(-)
diffs (truncated from 619 to 300 lines):
diff -r f893148784a7 -r 0a5e234aa79d sys/opencrypto/aesxcbcmac.c
--- a/sys/opencrypto/aesxcbcmac.c Sun Jun 14 19:57:23 2020 +0000
+++ b/sys/opencrypto/aesxcbcmac.c Sun Jun 14 19:59:13 2020 +0000
@@ -34,7 +34,8 @@
#include <sys/param.h>
#include <sys/systm.h>
-#include <crypto/rijndael/rijndael.h>
+
+#include <crypto/aes/aes.h>
#include <opencrypto/aesxcbcmac.h>
@@ -47,24 +48,31 @@
{ 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2 };
static const uint8_t k3seed[AES_BLOCKSIZE] =
{ 3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3 };
- u_int32_t r_ks[(RIJNDAEL_MAXNR+1)*4];
+ struct aesenc r_ks;
aesxcbc_ctx *ctx;
uint8_t k1[AES_BLOCKSIZE];
ctx = vctx;
memset(ctx, 0, sizeof(*ctx));
- if ((ctx->r_nr = rijndaelKeySetupEnc(r_ks, key, keylen * 8)) == 0)
- return -1;
- rijndaelEncrypt(r_ks, ctx->r_nr, k1seed, k1);
- rijndaelEncrypt(r_ks, ctx->r_nr, k2seed, ctx->k2);
- rijndaelEncrypt(r_ks, ctx->r_nr, k3seed, ctx->k3);
- if (rijndaelKeySetupEnc(ctx->r_k1s, k1, AES_BLOCKSIZE * 8) == 0)
- return -1;
- if (rijndaelKeySetupEnc(ctx->r_k2s, ctx->k2, AES_BLOCKSIZE * 8) == 0)
- return -1;
- if (rijndaelKeySetupEnc(ctx->r_k3s, ctx->k3, AES_BLOCKSIZE * 8) == 0)
- return -1;
+ switch (keylen) {
+ case 16:
+ ctx->r_nr = aes_setenckey128(&r_ks, key);
+ break;
+ case 24:
+ ctx->r_nr = aes_setenckey192(&r_ks, key);
+ break;
+ case 32:
+ ctx->r_nr = aes_setenckey256(&r_ks, key);
+ break;
+ }
+ aes_enc(&r_ks, k1seed, k1, ctx->r_nr);
+ aes_enc(&r_ks, k2seed, ctx->k2, ctx->r_nr);
+ aes_enc(&r_ks, k3seed, ctx->k3, ctx->r_nr);
+ aes_setenckey128(&ctx->r_k1s, k1);
+
+ explicit_memset(&r_ks, 0, sizeof(r_ks));
+ explicit_memset(k1, 0, sizeof(k1));
return 0;
}
@@ -83,7 +91,7 @@
if (ctx->buflen == sizeof(ctx->buf)) {
for (i = 0; i < sizeof(ctx->e); i++)
ctx->buf[i] ^= ctx->e[i];
- rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, ctx->buf, ctx->e);
+ aes_enc(&ctx->r_k1s, ctx->buf, ctx->e, ctx->r_nr);
ctx->buflen = 0;
}
if (ctx->buflen + len < sizeof(ctx->buf)) {
@@ -96,7 +104,7 @@
sizeof(ctx->buf) - ctx->buflen);
for (i = 0; i < sizeof(ctx->e); i++)
ctx->buf[i] ^= ctx->e[i];
- rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, ctx->buf, ctx->e);
+ aes_enc(&ctx->r_k1s, ctx->buf, ctx->e, ctx->r_nr);
addr += sizeof(ctx->buf) - ctx->buflen;
ctx->buflen = 0;
}
@@ -105,7 +113,7 @@
memcpy(buf, addr, AES_BLOCKSIZE);
for (i = 0; i < sizeof(buf); i++)
buf[i] ^= ctx->e[i];
- rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, buf, ctx->e);
+ aes_enc(&ctx->r_k1s, buf, ctx->e, ctx->r_nr);
addr += AES_BLOCKSIZE;
}
if (addr < ep) {
@@ -129,7 +137,7 @@
ctx->buf[i] ^= ctx->e[i];
ctx->buf[i] ^= ctx->k2[i];
}
- rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, ctx->buf, digest);
+ aes_enc(&ctx->r_k1s, ctx->buf, digest, ctx->r_nr);
} else {
for (i = ctx->buflen; i < sizeof(ctx->buf); i++)
ctx->buf[i] = (i == ctx->buflen) ? 0x80 : 0x00;
@@ -137,7 +145,7 @@
ctx->buf[i] ^= ctx->e[i];
ctx->buf[i] ^= ctx->k3[i];
}
- rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, ctx->buf, digest);
+ aes_enc(&ctx->r_k1s, ctx->buf, digest, ctx->r_nr);
}
memcpy(addr, digest, sizeof(digest));
diff -r f893148784a7 -r 0a5e234aa79d sys/opencrypto/aesxcbcmac.h
--- a/sys/opencrypto/aesxcbcmac.h Sun Jun 14 19:57:23 2020 +0000
+++ b/sys/opencrypto/aesxcbcmac.h Sun Jun 14 19:59:13 2020 +0000
@@ -1,5 +1,8 @@
/* $NetBSD: aesxcbcmac.h,v 1.1 2011/05/24 19:10:09 drochner Exp $ */
+#ifndef _OPENCRYPTO_AESXCBCMAC_H
+#define _OPENCRYPTO_AESXCBCMAC_H
+
#include <sys/types.h>
#define AES_BLOCKSIZE 16
@@ -8,9 +11,7 @@
u_int8_t e[AES_BLOCKSIZE];
u_int8_t buf[AES_BLOCKSIZE];
size_t buflen;
- u_int32_t r_k1s[(RIJNDAEL_MAXNR+1)*4];
- u_int32_t r_k2s[(RIJNDAEL_MAXNR+1)*4];
- u_int32_t r_k3s[(RIJNDAEL_MAXNR+1)*4];
+ struct aesenc r_k1s;
int r_nr; /* key-length-dependent number of rounds */
u_int8_t k2[AES_BLOCKSIZE];
u_int8_t k3[AES_BLOCKSIZE];
@@ -19,3 +20,5 @@
int aes_xcbc_mac_init(void *, const u_int8_t *, u_int16_t);
int aes_xcbc_mac_loop(void *, const u_int8_t *, u_int16_t);
void aes_xcbc_mac_result(u_int8_t *, void *);
+
+#endif /* _OPENCRYPTO_AESXCBCMAC_H */
diff -r f893148784a7 -r 0a5e234aa79d sys/opencrypto/cryptosoft.c
--- a/sys/opencrypto/cryptosoft.c Sun Jun 14 19:57:23 2020 +0000
+++ b/sys/opencrypto/cryptosoft.c Sun Jun 14 19:59:13 2020 +0000
@@ -831,8 +831,8 @@
case CRYPTO_SKIPJACK_CBC:
txf = &swcr_enc_xform_skipjack;
goto enccommon;
- case CRYPTO_RIJNDAEL128_CBC:
- txf = &swcr_enc_xform_rijndael128;
+ case CRYPTO_AES_CBC:
+ txf = &swcr_enc_xform_aes;
goto enccommon;
case CRYPTO_CAMELLIA_CBC:
txf = &swcr_enc_xform_camellia;
@@ -890,15 +890,13 @@
axf = &swcr_auth_hash_hmac_ripemd_160_96;
goto authcommon; /* leave this for safety */
authcommon:
- (*swd)->sw_ictx = malloc(axf->ctxsize,
- M_CRYPTO_DATA, M_NOWAIT);
+ (*swd)->sw_ictx = kmem_alloc(axf->ctxsize, KM_NOSLEEP);
if ((*swd)->sw_ictx == NULL) {
swcr_freesession(NULL, i);
return ENOBUFS;
}
- (*swd)->sw_octx = malloc(axf->ctxsize,
- M_CRYPTO_DATA, M_NOWAIT);
+ (*swd)->sw_octx = kmem_alloc(axf->ctxsize, KM_NOSLEEP);
if ((*swd)->sw_octx == NULL) {
swcr_freesession(NULL, i);
return ENOBUFS;
@@ -936,16 +934,15 @@
CTASSERT(SHA1_DIGEST_LENGTH >= MD5_DIGEST_LENGTH);
axf = &swcr_auth_hash_key_sha1;
auth2common:
- (*swd)->sw_ictx = malloc(axf->ctxsize,
- M_CRYPTO_DATA, M_NOWAIT);
+ (*swd)->sw_ictx = kmem_alloc(axf->ctxsize, KM_NOSLEEP);
if ((*swd)->sw_ictx == NULL) {
swcr_freesession(NULL, i);
return ENOBUFS;
}
/* Store the key so we can "append" it to the payload */
- (*swd)->sw_octx = malloc(cri->cri_klen / 8, M_CRYPTO_DATA,
- M_NOWAIT);
+ (*swd)->sw_octx = kmem_alloc(cri->cri_klen / 8,
+ KM_NOSLEEP);
if ((*swd)->sw_octx == NULL) {
swcr_freesession(NULL, i);
return ENOBUFS;
@@ -968,8 +965,7 @@
case CRYPTO_SHA1:
axf = &swcr_auth_hash_sha1;
auth3common:
- (*swd)->sw_ictx = malloc(axf->ctxsize,
- M_CRYPTO_DATA, M_NOWAIT);
+ (*swd)->sw_ictx = kmem_alloc(axf->ctxsize, KM_NOSLEEP);
if ((*swd)->sw_ictx == NULL) {
swcr_freesession(NULL, i);
return ENOBUFS;
@@ -991,8 +987,7 @@
case CRYPTO_AES_256_GMAC:
axf = &swcr_auth_hash_gmac_aes_256;
auth4common:
- (*swd)->sw_ictx = malloc(axf->ctxsize,
- M_CRYPTO_DATA, M_NOWAIT);
+ (*swd)->sw_ictx = kmem_alloc(axf->ctxsize, KM_NOSLEEP);
if ((*swd)->sw_ictx == NULL) {
swcr_freesession(NULL, i);
return ENOBUFS;
@@ -1057,7 +1052,7 @@
case CRYPTO_BLF_CBC:
case CRYPTO_CAST_CBC:
case CRYPTO_SKIPJACK_CBC:
- case CRYPTO_RIJNDAEL128_CBC:
+ case CRYPTO_AES_CBC:
case CRYPTO_CAMELLIA_CBC:
case CRYPTO_AES_CTR:
case CRYPTO_AES_GCM_16:
@@ -1083,11 +1078,11 @@
if (swd->sw_ictx) {
explicit_memset(swd->sw_ictx, 0, axf->ctxsize);
- free(swd->sw_ictx, M_CRYPTO_DATA);
+ kmem_free(swd->sw_ictx, axf->ctxsize);
}
if (swd->sw_octx) {
explicit_memset(swd->sw_octx, 0, axf->ctxsize);
- free(swd->sw_octx, M_CRYPTO_DATA);
+ kmem_free(swd->sw_octx, axf->ctxsize);
}
break;
@@ -1097,11 +1092,11 @@
if (swd->sw_ictx) {
explicit_memset(swd->sw_ictx, 0, axf->ctxsize);
- free(swd->sw_ictx, M_CRYPTO_DATA);
+ kmem_free(swd->sw_ictx, axf->ctxsize);
}
if (swd->sw_octx) {
explicit_memset(swd->sw_octx, 0, swd->sw_klen);
- free(swd->sw_octx, M_CRYPTO_DATA);
+ kmem_free(swd->sw_octx, axf->ctxsize);
}
break;
@@ -1115,7 +1110,7 @@
if (swd->sw_ictx) {
explicit_memset(swd->sw_ictx, 0, axf->ctxsize);
- free(swd->sw_ictx, M_CRYPTO_DATA);
+ kmem_free(swd->sw_ictx, axf->ctxsize);
}
break;
@@ -1193,7 +1188,7 @@
case CRYPTO_BLF_CBC:
case CRYPTO_CAST_CBC:
case CRYPTO_SKIPJACK_CBC:
- case CRYPTO_RIJNDAEL128_CBC:
+ case CRYPTO_AES_CBC:
case CRYPTO_CAMELLIA_CBC:
case CRYPTO_AES_CTR:
if ((crp->crp_etype = swcr_encdec(crd, sw,
@@ -1294,7 +1289,7 @@
REGISTER(CRYPTO_AES_128_GMAC);
REGISTER(CRYPTO_AES_192_GMAC);
REGISTER(CRYPTO_AES_256_GMAC);
- REGISTER(CRYPTO_RIJNDAEL128_CBC);
+ REGISTER(CRYPTO_AES_CBC);
REGISTER(CRYPTO_DEFLATE_COMP);
REGISTER(CRYPTO_DEFLATE_COMP_NOGROW);
REGISTER(CRYPTO_GZIP_COMP);
diff -r f893148784a7 -r 0a5e234aa79d sys/opencrypto/cryptosoft_xform.c
--- a/sys/opencrypto/cryptosoft_xform.c Sun Jun 14 19:57:23 2020 +0000
+++ b/sys/opencrypto/cryptosoft_xform.c Sun Jun 14 19:59:13 2020 +0000
@@ -42,21 +42,22 @@
#include <sys/cdefs.h>
__KERNEL_RCSID(1, "$NetBSD: cryptosoft_xform.c,v 1.28 2019/10/12 00:49:30 christos Exp $");
-#include <crypto/blowfish/blowfish.h>
-#include <crypto/cast128/cast128.h>
-#include <crypto/des/des.h>
-#include <crypto/rijndael/rijndael.h>
-#include <crypto/skipjack/skipjack.h>
-#include <crypto/camellia/camellia.h>
-
-#include <opencrypto/deflate.h>
-
+#include <sys/cprng.h>
+#include <sys/kmem.h>
#include <sys/md5.h>
#include <sys/rmd160.h>
#include <sys/sha1.h>
#include <sys/sha2.h>
-#include <sys/cprng.h>
+
+#include <crypto/aes/aes.h>
+#include <crypto/blowfish/blowfish.h>
+#include <crypto/camellia/camellia.h>
+#include <crypto/cast128/cast128.h>
+#include <crypto/des/des.h>
+#include <crypto/skipjack/skipjack.h>
+
#include <opencrypto/aesxcbcmac.h>
+#include <opencrypto/deflate.h>
Home |
Main Index |
Thread Index |
Old Index