Module Name: src
Committed By: drochner
Date: Tue May 24 19:10:12 UTC 2011
Modified Files:
src/sys/netipsec: xform_ah.c
src/sys/opencrypto: cryptodev.c cryptodev.h cryptosoft.c
cryptosoft_xform.c files.opencrypto xform.c xform.h
src/usr.bin/netstat: fast_ipsec.c
Added Files:
src/sys/opencrypto: aesxcbcmac.c aesxcbcmac.h
Log Message:
copy AES-XCBC-MAC support from KAME IPSEC to FAST_IPSEC
For this to fit, an API change in cryptosoft was adopted from OpenBSD
(addition of a "Setkey" method to hashes) which was done for GCM/GMAC
support there, so it might be useful in the future anyway.
tested against KAME IPSEC
AFAICT, FAST_IPSEC now supports as much as KAME.
To generate a diff of this commit:
cvs rdiff -u -r1.32 -r1.33 src/sys/netipsec/xform_ah.c
cvs rdiff -u -r0 -r1.1 src/sys/opencrypto/aesxcbcmac.c \
src/sys/opencrypto/aesxcbcmac.h
cvs rdiff -u -r1.62 -r1.63 src/sys/opencrypto/cryptodev.c
cvs rdiff -u -r1.22 -r1.23 src/sys/opencrypto/cryptodev.h \
src/sys/opencrypto/files.opencrypto
cvs rdiff -u -r1.35 -r1.36 src/sys/opencrypto/cryptosoft.c
cvs rdiff -u -r1.21 -r1.22 src/sys/opencrypto/cryptosoft_xform.c
cvs rdiff -u -r1.26 -r1.27 src/sys/opencrypto/xform.c
cvs rdiff -u -r1.17 -r1.18 src/sys/opencrypto/xform.h
cvs rdiff -u -r1.15 -r1.16 src/usr.bin/netstat/fast_ipsec.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netipsec/xform_ah.c
diff -u src/sys/netipsec/xform_ah.c:1.32 src/sys/netipsec/xform_ah.c:1.33
--- src/sys/netipsec/xform_ah.c:1.32 Fri May 6 21:48:46 2011
+++ src/sys/netipsec/xform_ah.c Tue May 24 19:10:08 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_ah.c,v 1.32 2011/05/06 21:48:46 drochner Exp $ */
+/* $NetBSD: xform_ah.c,v 1.33 2011/05/24 19:10:08 drochner Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_ah.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_ah.c,v 1.63 2001/06/26 06:18:58 angelos Exp $ */
/*
@@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.32 2011/05/06 21:48:46 drochner Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.33 2011/05/24 19:10:08 drochner Exp $");
#include "opt_inet.h"
#ifdef __FreeBSD__
@@ -147,6 +147,8 @@
return &auth_hash_hmac_sha2_384;
case SADB_X_AALG_SHA2_512:
return &auth_hash_hmac_sha2_512;
+ case SADB_X_AALG_AES_XCBC_MAC:
+ return &auth_hash_aes_xcbc_mac_96;
}
return NULL;
}
Index: src/sys/opencrypto/cryptodev.c
diff -u src/sys/opencrypto/cryptodev.c:1.62 src/sys/opencrypto/cryptodev.c:1.63
--- src/sys/opencrypto/cryptodev.c:1.62 Mon May 23 15:37:36 2011
+++ src/sys/opencrypto/cryptodev.c Tue May 24 19:10:09 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: cryptodev.c,v 1.62 2011/05/23 15:37:36 drochner Exp $ */
+/* $NetBSD: cryptodev.c,v 1.63 2011/05/24 19:10:09 drochner Exp $ */
/* $FreeBSD: src/sys/opencrypto/cryptodev.c,v 1.4.2.4 2003/06/03 00:09:02 sam Exp $ */
/* $OpenBSD: cryptodev.c,v 1.53 2002/07/10 22:21:30 mickey Exp $ */
@@ -64,7 +64,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: cryptodev.c,v 1.62 2011/05/23 15:37:36 drochner Exp $");
+__KERNEL_RCSID(0, "$NetBSD: cryptodev.c,v 1.63 2011/05/24 19:10:09 drochner Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -1595,6 +1595,9 @@
case CRYPTO_SHA1:
thash = &auth_hash_sha1;
break;
+ case CRYPTO_AES_XCBC_MAC_96:
+ thash = &auth_hash_aes_xcbc_mac_96;
+ break;
case CRYPTO_NULL_HMAC:
thash = &auth_hash_null;
break;
Index: src/sys/opencrypto/cryptodev.h
diff -u src/sys/opencrypto/cryptodev.h:1.22 src/sys/opencrypto/cryptodev.h:1.23
--- src/sys/opencrypto/cryptodev.h:1.22 Mon May 23 13:51:10 2011
+++ src/sys/opencrypto/cryptodev.h Tue May 24 19:10:09 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: cryptodev.h,v 1.22 2011/05/23 13:51:10 drochner Exp $ */
+/* $NetBSD: cryptodev.h,v 1.23 2011/05/24 19:10:09 drochner Exp $ */
/* $FreeBSD: src/sys/opencrypto/cryptodev.h,v 1.2.2.6 2003/07/02 17:04:50 sam Exp $ */
/* $OpenBSD: cryptodev.h,v 1.33 2002/07/17 23:52:39 art Exp $ */
@@ -139,7 +139,8 @@
#define CRYPTO_SHA2_512_HMAC 25
#define CRYPTO_CAMELLIA_CBC 26
#define CRYPTO_AES_CTR 27
-#define CRYPTO_ALGORITHM_MAX 27 /* Keep updated - see below */
+#define CRYPTO_AES_XCBC_MAC_96 28
+#define CRYPTO_ALGORITHM_MAX 28 /* Keep updated - see below */
/* Algorithm flags */
#define CRYPTO_ALG_FLAG_SUPPORTED 0x01 /* Algorithm is supported */
Index: src/sys/opencrypto/files.opencrypto
diff -u src/sys/opencrypto/files.opencrypto:1.22 src/sys/opencrypto/files.opencrypto:1.23
--- src/sys/opencrypto/files.opencrypto:1.22 Thu May 5 17:44:39 2011
+++ src/sys/opencrypto/files.opencrypto Tue May 24 19:10:11 2011
@@ -1,4 +1,4 @@
-# $NetBSD: files.opencrypto,v 1.22 2011/05/05 17:44:39 drochner Exp $
+# $NetBSD: files.opencrypto,v 1.23 2011/05/24 19:10:11 drochner Exp $
#
#
@@ -18,6 +18,7 @@
blowfish, des, cast128, rijndael, skipjack, camellia
file opencrypto/cryptosoft.c swcrypto
file opencrypto/deflate.c swcrypto # wrapper around zlib
+file opencrypto/aesxcbcmac.c swcrypto
# Pseudo-device for userspace access to opencrypto
# (and thus crypto hardware accelerators).
Index: src/sys/opencrypto/cryptosoft.c
diff -u src/sys/opencrypto/cryptosoft.c:1.35 src/sys/opencrypto/cryptosoft.c:1.36
--- src/sys/opencrypto/cryptosoft.c:1.35 Tue May 24 18:59:22 2011
+++ src/sys/opencrypto/cryptosoft.c Tue May 24 19:10:10 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: cryptosoft.c,v 1.35 2011/05/24 18:59:22 drochner Exp $ */
+/* $NetBSD: cryptosoft.c,v 1.36 2011/05/24 19:10:10 drochner Exp $ */
/* $FreeBSD: src/sys/opencrypto/cryptosoft.c,v 1.2.2.1 2002/11/21 23:34:23 sam Exp $ */
/* $OpenBSD: cryptosoft.c,v 1.35 2002/04/26 08:43:50 deraadt Exp $ */
@@ -24,7 +24,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: cryptosoft.c,v 1.35 2011/05/24 18:59:22 drochner Exp $");
+__KERNEL_RCSID(0, "$NetBSD: cryptosoft.c,v 1.36 2011/05/24 19:10:10 drochner Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -47,6 +47,7 @@
SHA256_CTX sha256ctx;
SHA384_CTX sha384ctx;
SHA512_CTX sha512ctx;
+ aesxcbc_ctx aesxcbcctx;
};
struct swcr_data **swcr_sessions = NULL;
@@ -536,6 +537,7 @@
case CRYPTO_NULL_HMAC:
case CRYPTO_MD5:
case CRYPTO_SHA1:
+ case CRYPTO_AES_XCBC_MAC_96:
axf->Final(aalg, &ctx);
break;
}
@@ -838,6 +840,20 @@
(*swd)->sw_axf = axf;
break;
+ case CRYPTO_AES_XCBC_MAC_96:
+ axf = &swcr_auth_hash_aes_xcbc_mac;
+ (*swd)->sw_ictx = malloc(axf->ctxsize,
+ M_CRYPTO_DATA, M_NOWAIT);
+ if ((*swd)->sw_ictx == NULL) {
+ swcr_freesession(NULL, i);
+ return ENOBUFS;
+ }
+ axf->Init((*swd)->sw_ictx);
+ axf->Setkey((*swd)->sw_ictx,
+ cri->cri_key, cri->cri_klen / 8);
+ (*swd)->sw_axf = axf;
+ break;
+
case CRYPTO_DEFLATE_COMP:
cxf = &swcr_comp_algo_deflate;
(*swd)->sw_cxf = cxf;
@@ -941,6 +957,7 @@
case CRYPTO_MD5:
case CRYPTO_SHA1:
+ case CRYPTO_AES_XCBC_MAC_96:
axf = swd->sw_axf;
if (swd->sw_ictx)
@@ -1046,6 +1063,7 @@
case CRYPTO_SHA1_KPDK:
case CRYPTO_MD5:
case CRYPTO_SHA1:
+ case CRYPTO_AES_XCBC_MAC_96:
if ((crp->crp_etype = swcr_authcompute(crp, crd, sw,
crp->crp_buf, type)) != 0)
goto done;
@@ -1108,6 +1126,7 @@
REGISTER(CRYPTO_SHA1_KPDK);
REGISTER(CRYPTO_MD5);
REGISTER(CRYPTO_SHA1);
+ REGISTER(CRYPTO_AES_XCBC_MAC_96);
REGISTER(CRYPTO_RIJNDAEL128_CBC);
REGISTER(CRYPTO_DEFLATE_COMP);
REGISTER(CRYPTO_DEFLATE_COMP_NOGROW);
Index: src/sys/opencrypto/cryptosoft_xform.c
diff -u src/sys/opencrypto/cryptosoft_xform.c:1.21 src/sys/opencrypto/cryptosoft_xform.c:1.22
--- src/sys/opencrypto/cryptosoft_xform.c:1.21 Tue May 24 18:59:22 2011
+++ src/sys/opencrypto/cryptosoft_xform.c Tue May 24 19:10:11 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: cryptosoft_xform.c,v 1.21 2011/05/24 18:59:22 drochner Exp $ */
+/* $NetBSD: cryptosoft_xform.c,v 1.22 2011/05/24 19:10:11 drochner Exp $ */
/* $FreeBSD: src/sys/opencrypto/xform.c,v 1.1.2.1 2002/11/21 23:34:23 sam Exp $ */
/* $OpenBSD: xform.c,v 1.19 2002/08/16 22:47:25 dhartmei Exp $ */
@@ -40,7 +40,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(1, "$NetBSD: cryptosoft_xform.c,v 1.21 2011/05/24 18:59:22 drochner Exp $");
+__KERNEL_RCSID(1, "$NetBSD: cryptosoft_xform.c,v 1.22 2011/05/24 19:10:11 drochner Exp $");
#include <crypto/blowfish/blowfish.h>
#include <crypto/cast128/cast128.h>
@@ -55,11 +55,13 @@
#include <sys/rmd160.h>
#include <sys/sha1.h>
#include <sys/sha2.h>
+#include <opencrypto/aesxcbcmac.h>
struct swcr_auth_hash {
const struct auth_hash *auth_hash;
int ctxsize;
void (*Init)(void *);
+ void (*Setkey)(void *, const uint8_t *, uint16_t);
int (*Update)(void *, const uint8_t *, uint16_t);
void (*Final)(uint8_t *, void *);
};
@@ -225,83 +227,90 @@
/* Authentication instances */
static const struct swcr_auth_hash swcr_auth_hash_null = {
&auth_hash_null, sizeof(int), /* NB: context isn't used */
- null_init, null_update, null_final
+ null_init, NULL, null_update, null_final
};
static const struct swcr_auth_hash swcr_auth_hash_hmac_md5 = {
&auth_hash_hmac_md5, sizeof(MD5_CTX),
- (void (*) (void *)) MD5Init, MD5Update_int,
+ (void (*) (void *)) MD5Init, NULL, MD5Update_int,
(void (*) (u_int8_t *, void *)) MD5Final
};
static const struct swcr_auth_hash swcr_auth_hash_hmac_sha1 = {
&auth_hash_hmac_sha1, sizeof(SHA1_CTX),
- SHA1Init_int, SHA1Update_int, SHA1Final_int
+ SHA1Init_int, NULL, SHA1Update_int, SHA1Final_int
};
static const struct swcr_auth_hash swcr_auth_hash_hmac_ripemd_160 = {
&auth_hash_hmac_ripemd_160, sizeof(RMD160_CTX),
- (void (*)(void *)) RMD160Init, RMD160Update_int,
+ (void (*)(void *)) RMD160Init, NULL, RMD160Update_int,
(void (*)(u_int8_t *, void *)) RMD160Final
};
static const struct swcr_auth_hash swcr_auth_hash_hmac_md5_96 = {
&auth_hash_hmac_md5_96, sizeof(MD5_CTX),
- (void (*) (void *)) MD5Init, MD5Update_int,
+ (void (*) (void *)) MD5Init, NULL, MD5Update_int,
(void (*) (u_int8_t *, void *)) MD5Final
};
static const struct swcr_auth_hash swcr_auth_hash_hmac_sha1_96 = {
&auth_hash_hmac_sha1_96, sizeof(SHA1_CTX),
- SHA1Init_int, SHA1Update_int, SHA1Final_int
+ SHA1Init_int, NULL, SHA1Update_int, SHA1Final_int
};
static const struct swcr_auth_hash swcr_auth_hash_hmac_ripemd_160_96 = {
&auth_hash_hmac_ripemd_160_96, sizeof(RMD160_CTX),
- (void (*)(void *)) RMD160Init, RMD160Update_int,
+ (void (*)(void *)) RMD160Init, NULL, RMD160Update_int,
(void (*)(u_int8_t *, void *)) RMD160Final
};
static const struct swcr_auth_hash swcr_auth_hash_key_md5 = {
&auth_hash_key_md5, sizeof(MD5_CTX),
- (void (*)(void *)) MD5Init, MD5Update_int,
+ (void (*)(void *)) MD5Init, NULL, MD5Update_int,
(void (*)(u_int8_t *, void *)) MD5Final
};
static const struct swcr_auth_hash swcr_auth_hash_key_sha1 = {
&auth_hash_key_sha1, sizeof(SHA1_CTX),
- SHA1Init_int, SHA1Update_int, SHA1Final_int
+ SHA1Init_int, NULL, SHA1Update_int, SHA1Final_int
};
static const struct swcr_auth_hash swcr_auth_hash_md5 = {
&auth_hash_md5, sizeof(MD5_CTX),
- (void (*) (void *)) MD5Init, MD5Update_int,
+ (void (*) (void *)) MD5Init, NULL, MD5Update_int,
(void (*) (u_int8_t *, void *)) MD5Final
};
static const struct swcr_auth_hash swcr_auth_hash_sha1 = {
&auth_hash_sha1, sizeof(SHA1_CTX),
- (void (*)(void *)) SHA1Init, SHA1Update_int,
+ (void (*)(void *)) SHA1Init, NULL, SHA1Update_int,
(void (*)(u_int8_t *, void *)) SHA1Final
};
static const struct swcr_auth_hash swcr_auth_hash_hmac_sha2_256 = {
&auth_hash_hmac_sha2_256, sizeof(SHA256_CTX),
- (void (*)(void *)) SHA256_Init, SHA256Update_int,
+ (void (*)(void *)) SHA256_Init, NULL, SHA256Update_int,
(void (*)(u_int8_t *, void *)) SHA256_Final
};
static const struct swcr_auth_hash swcr_auth_hash_hmac_sha2_384 = {
&auth_hash_hmac_sha2_384, sizeof(SHA384_CTX),
- (void (*)(void *)) SHA384_Init, SHA384Update_int,
+ (void (*)(void *)) SHA384_Init, NULL, SHA384Update_int,
(void (*)(u_int8_t *, void *)) SHA384_Final
};
static const struct swcr_auth_hash swcr_auth_hash_hmac_sha2_512 = {
&auth_hash_hmac_sha2_512, sizeof(SHA512_CTX),
- (void (*)(void *)) SHA512_Init, SHA512Update_int,
+ (void (*)(void *)) SHA512_Init, NULL, SHA512Update_int,
(void (*)(u_int8_t *, void *)) SHA512_Final
};
+static const struct swcr_auth_hash swcr_auth_hash_aes_xcbc_mac = {
+ &auth_hash_aes_xcbc_mac_96, sizeof(aesxcbc_ctx),
+ null_init,
+ (void (*)(void *, const u_int8_t *, u_int16_t))aes_xcbc_mac_init,
+ aes_xcbc_mac_loop, aes_xcbc_mac_result
+};
+
/* Compression instance */
static const struct swcr_comp_algo swcr_comp_algo_deflate = {
&comp_algo_deflate,
Index: src/sys/opencrypto/xform.c
diff -u src/sys/opencrypto/xform.c:1.26 src/sys/opencrypto/xform.c:1.27
--- src/sys/opencrypto/xform.c:1.26 Tue May 24 18:59:23 2011
+++ src/sys/opencrypto/xform.c Tue May 24 19:10:11 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: xform.c,v 1.26 2011/05/24 18:59:23 drochner Exp $ */
+/* $NetBSD: xform.c,v 1.27 2011/05/24 19:10:11 drochner Exp $ */
/* $FreeBSD: src/sys/opencrypto/xform.c,v 1.1.2.1 2002/11/21 23:34:23 sam Exp $ */
/* $OpenBSD: xform.c,v 1.19 2002/08/16 22:47:25 dhartmei Exp $ */
@@ -40,7 +40,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform.c,v 1.26 2011/05/24 18:59:23 drochner Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform.c,v 1.27 2011/05/24 19:10:11 drochner Exp $");
#include <sys/param.h>
#include <sys/malloc.h>
@@ -211,6 +211,11 @@
64, 64, 32, 128
};
+const struct auth_hash auth_hash_aes_xcbc_mac_96 = {
+ CRYPTO_AES_XCBC_MAC_96, "AES-XCBC-MAC-96",
+ 16, 16, 12, 0
+};
+
/* Compression instance */
const struct comp_algo comp_algo_deflate = {
CRYPTO_DEFLATE_COMP, "Deflate",
Index: src/sys/opencrypto/xform.h
diff -u src/sys/opencrypto/xform.h:1.17 src/sys/opencrypto/xform.h:1.18
--- src/sys/opencrypto/xform.h:1.17 Tue May 24 18:59:23 2011
+++ src/sys/opencrypto/xform.h Tue May 24 19:10:12 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: xform.h,v 1.17 2011/05/24 18:59:23 drochner Exp $ */
+/* $NetBSD: xform.h,v 1.18 2011/05/24 19:10:12 drochner Exp $ */
/* $FreeBSD: src/sys/opencrypto/xform.h,v 1.1.2.1 2002/11/21 23:34:23 sam Exp $ */
/* $OpenBSD: xform.h,v 1.10 2002/04/22 23:10:09 deraadt Exp $ */
@@ -80,6 +80,7 @@
extern const struct auth_hash auth_hash_hmac_sha2_256;
extern const struct auth_hash auth_hash_hmac_sha2_384;
extern const struct auth_hash auth_hash_hmac_sha2_512;
+extern const struct auth_hash auth_hash_aes_xcbc_mac_96;
extern const struct comp_algo comp_algo_deflate;
extern const struct comp_algo comp_algo_deflate_nogrow;
Index: src/usr.bin/netstat/fast_ipsec.c
diff -u src/usr.bin/netstat/fast_ipsec.c:1.15 src/usr.bin/netstat/fast_ipsec.c:1.16
--- src/usr.bin/netstat/fast_ipsec.c:1.15 Mon May 23 14:29:55 2011
+++ src/usr.bin/netstat/fast_ipsec.c Tue May 24 19:10:12 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: fast_ipsec.c,v 1.15 2011/05/23 14:29:55 drochner Exp $ */
+/* $NetBSD: fast_ipsec.c,v 1.16 2011/05/24 19:10:12 drochner Exp $ */
/* $FreeBSD: src/tools/tools/crypto/ipsecstats.c,v 1.1.4.1 2003/06/03 00:13:13 sam Exp $ */
/*-
@@ -33,7 +33,7 @@
#include <sys/cdefs.h>
#ifndef lint
#ifdef __NetBSD__
-__RCSID("$NetBSD: fast_ipsec.c,v 1.15 2011/05/23 14:29:55 drochner Exp $");
+__RCSID("$NetBSD: fast_ipsec.c,v 1.16 2011/05/24 19:10:12 drochner Exp $");
#endif
#endif /* not lint*/
@@ -117,6 +117,7 @@
{ SADB_X_AALG_SHA2_256, "hmac-sha2-256", },
{ SADB_X_AALG_SHA2_384, "hmac-sha2-384", },
{ SADB_X_AALG_SHA2_512, "hmac-sha2-512", },
+ { SADB_X_AALG_AES_XCBC_MAC, "aes-xcbc-mac", },
};
static const struct alg espalgs[] = {
{ SADB_EALG_NONE, "none", },
Added files:
Index: src/sys/opencrypto/aesxcbcmac.c
diff -u /dev/null src/sys/opencrypto/aesxcbcmac.c:1.1
--- /dev/null Tue May 24 19:10:12 2011
+++ src/sys/opencrypto/aesxcbcmac.c Tue May 24 19:10:08 2011
@@ -0,0 +1,141 @@
+/* $NetBSD: aesxcbcmac.c,v 1.1 2011/05/24 19:10:08 drochner Exp $ */
+
+/*
+ * Copyright (C) 1995, 1996, 1997, 1998 and 2003 WIDE Project.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the project nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <sys/cdefs.h>
+__KERNEL_RCSID(0, "$NetBSD: aesxcbcmac.c,v 1.1 2011/05/24 19:10:08 drochner Exp $");
+
+#include <sys/param.h>
+#include <sys/systm.h>
+#include <crypto/rijndael/rijndael.h>
+
+#include <opencrypto/aesxcbcmac.h>
+
+int
+aes_xcbc_mac_init(void *vctx, const u_int8_t *key, u_int16_t keylen)
+{
+ u_int8_t k1seed[AES_BLOCKSIZE] = { 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 };
+ u_int8_t k2seed[AES_BLOCKSIZE] = { 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2 };
+ u_int8_t k3seed[AES_BLOCKSIZE] = { 3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3 };
+ u_int32_t r_ks[(RIJNDAEL_MAXNR+1)*4];
+ aesxcbc_ctx *ctx;
+ u_int8_t k1[AES_BLOCKSIZE];
+
+ ctx = (aesxcbc_ctx *)vctx;
+ memset(ctx, 0, sizeof(aesxcbc_ctx));
+
+ if ((ctx->r_nr = rijndaelKeySetupEnc(r_ks, key, keylen * 8)) == 0)
+ return -1;
+ rijndaelEncrypt(r_ks, ctx->r_nr, k1seed, k1);
+ rijndaelEncrypt(r_ks, ctx->r_nr, k2seed, ctx->k2);
+ rijndaelEncrypt(r_ks, ctx->r_nr, k3seed, ctx->k3);
+ if (rijndaelKeySetupEnc(ctx->r_k1s, k1, AES_BLOCKSIZE * 8) == 0)
+ return -1;
+ if (rijndaelKeySetupEnc(ctx->r_k2s, ctx->k2, AES_BLOCKSIZE * 8) == 0)
+ return -1;
+ if (rijndaelKeySetupEnc(ctx->r_k3s, ctx->k3, AES_BLOCKSIZE * 8) == 0)
+ return -1;
+
+ return 0;
+}
+
+int
+aes_xcbc_mac_loop(void *vctx, const u_int8_t *addr, u_int16_t len)
+{
+ u_int8_t buf[AES_BLOCKSIZE];
+ aesxcbc_ctx *ctx;
+ const u_int8_t *ep;
+ int i;
+
+ ctx = (aesxcbc_ctx *)vctx;
+ ep = addr + len;
+
+ if (ctx->buflen == sizeof(ctx->buf)) {
+ for (i = 0; i < sizeof(ctx->e); i++)
+ ctx->buf[i] ^= ctx->e[i];
+ rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, ctx->buf, ctx->e);
+ ctx->buflen = 0;
+ }
+ if (ctx->buflen + len < sizeof(ctx->buf)) {
+ memcpy(ctx->buf + ctx->buflen, addr, len);
+ ctx->buflen += len;
+ return 0;
+ }
+ if (ctx->buflen && ctx->buflen + len > sizeof(ctx->buf)) {
+ memcpy(ctx->buf + ctx->buflen, addr,
+ sizeof(ctx->buf) - ctx->buflen);
+ for (i = 0; i < sizeof(ctx->e); i++)
+ ctx->buf[i] ^= ctx->e[i];
+ rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, ctx->buf, ctx->e);
+ addr += sizeof(ctx->buf) - ctx->buflen;
+ ctx->buflen = 0;
+ }
+ /* due to the special processing for M[n], "=" case is not included */
+ while (addr + AES_BLOCKSIZE < ep) {
+ memcpy(buf, addr, AES_BLOCKSIZE);
+ for (i = 0; i < sizeof(buf); i++)
+ buf[i] ^= ctx->e[i];
+ rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, buf, ctx->e);
+ addr += AES_BLOCKSIZE;
+ }
+ if (addr < ep) {
+ memcpy(ctx->buf + ctx->buflen, addr, ep - addr);
+ ctx->buflen += ep - addr;
+ }
+ return 0;
+}
+
+void
+aes_xcbc_mac_result(u_int8_t *addr, void *vctx)
+{
+ u_char digest[AES_BLOCKSIZE];
+ aesxcbc_ctx *ctx;
+ int i;
+
+ ctx = (aesxcbc_ctx *)vctx;
+
+ if (ctx->buflen == sizeof(ctx->buf)) {
+ for (i = 0; i < sizeof(ctx->buf); i++) {
+ ctx->buf[i] ^= ctx->e[i];
+ ctx->buf[i] ^= ctx->k2[i];
+ }
+ rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, ctx->buf, digest);
+ } else {
+ for (i = ctx->buflen; i < sizeof(ctx->buf); i++)
+ ctx->buf[i] = (i == ctx->buflen) ? 0x80 : 0x00;
+ for (i = 0; i < sizeof(ctx->buf); i++) {
+ ctx->buf[i] ^= ctx->e[i];
+ ctx->buf[i] ^= ctx->k3[i];
+ }
+ rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, ctx->buf, digest);
+ }
+
+ memcpy(addr, digest, sizeof(digest));
+}
Index: src/sys/opencrypto/aesxcbcmac.h
diff -u /dev/null src/sys/opencrypto/aesxcbcmac.h:1.1
--- /dev/null Tue May 24 19:10:12 2011
+++ src/sys/opencrypto/aesxcbcmac.h Tue May 24 19:10:09 2011
@@ -0,0 +1,21 @@
+/* $NetBSD: aesxcbcmac.h,v 1.1 2011/05/24 19:10:09 drochner Exp $ */
+
+#include <sys/types.h>
+
+#define AES_BLOCKSIZE 16
+
+typedef struct {
+ u_int8_t e[AES_BLOCKSIZE];
+ u_int8_t buf[AES_BLOCKSIZE];
+ size_t buflen;
+ u_int32_t r_k1s[(RIJNDAEL_MAXNR+1)*4];
+ u_int32_t r_k2s[(RIJNDAEL_MAXNR+1)*4];
+ u_int32_t r_k3s[(RIJNDAEL_MAXNR+1)*4];
+ int r_nr; /* key-length-dependent number of rounds */
+ u_int8_t k2[AES_BLOCKSIZE];
+ u_int8_t k3[AES_BLOCKSIZE];
+} aesxcbc_ctx;
+
+int aes_xcbc_mac_init(void *, const u_int8_t *, u_int16_t);
+int aes_xcbc_mac_loop(void *, const u_int8_t *, u_int16_t);
+void aes_xcbc_mac_result(u_int8_t *, void *);
