Latest version. No changes since the last one, except for the
fixed CRYPTO_ALGORITHM_MAX. OK to commit? :)
Index: conf/files
===================================================================
RCS file: /home/cvs/src/sys/conf/files,v
retrieving revision 1.499
diff -u -p -u -p -r1.499 files
--- conf/files 31 Jul 2010 08:33:19 -0000 1.499
+++ conf/files 3 Aug 2010 17:42:09 -0000
@@ -897,6 +897,7 @@ file crypto/arc4.c
file crypto/michael.c wlan
file crypto/cmac.c wlan
file crypto/hmac.c wlan | (softraid & crypto)
+file crypto/gmac.c (inet & ipsec) | crypto
file crypto/key_wrap.c wlan
file crypto/idgen.c inet6 | nfsclient | nfsserver
file netatalk/aarp.c netatalk
Index: crypto/cryptodev.c
===================================================================
RCS file: /home/cvs/src/sys/crypto/cryptodev.c,v
retrieving revision 1.73
diff -u -p -u -p -r1.73 cryptodev.c
--- crypto/cryptodev.c 21 Jul 2010 18:44:01 -0000 1.73
+++ crypto/cryptodev.c 26 Jul 2010 11:26:07 -0000
@@ -178,6 +178,9 @@ cryptof_ioctl(struct file *fp, u_long cm
case CRYPTO_AES_XTS:
txform = &enc_xform_aes_xts;
break;
+ case CRYPTO_AES_GCM_16:
+ txform = &enc_xform_aes_gcm;
+ break;
case CRYPTO_ARC4:
txform = &enc_xform_arc4;
break;
Index: crypto/cryptodev.h
===================================================================
RCS file: /home/cvs/src/sys/crypto/cryptodev.h,v
retrieving revision 1.51
diff -u -p -u -p -r1.51 cryptodev.h
--- crypto/cryptodev.h 23 Jun 2010 09:26:32 -0000 1.51
+++ crypto/cryptodev.h 24 Aug 2010 09:19:42 -0000
@@ -105,7 +105,12 @@
#define CRYPTO_SHA2_512_HMAC 20
#define CRYPTO_AES_CTR 21
#define CRYPTO_AES_XTS 22
-#define CRYPTO_ALGORITHM_MAX 22 /* Keep updated */
+#define CRYPTO_AES_GCM_16 23
+#define CRYPTO_AES_128_GMAC 24
+#define CRYPTO_AES_192_GMAC 25
+#define CRYPTO_AES_256_GMAC 26
+#define CRYPTO_AES_GMAC 27
+#define CRYPTO_ALGORITHM_MAX 27 /* Keep updated */
/* Algorithm flags */
#define CRYPTO_ALG_FLAG_SUPPORTED 0x01 /* Algorithm is supported
*/
Index: crypto/cryptosoft.c
===================================================================
RCS file: /home/cvs/src/sys/crypto/cryptosoft.c,v
retrieving revision 1.54
diff -u -p -u -p -r1.54 cryptosoft.c
--- crypto/cryptosoft.c 2 Jul 2010 02:40:15 -0000 1.54
+++ crypto/cryptosoft.c 23 Aug 2010 09:36:01 -0000
@@ -492,6 +492,149 @@ swcr_authcompute(struct cryptop *crp, st
}
/*
+ * Apply a combined encryption-authentication transformation
+ */
+int
+swcr_combined(struct cryptop *crp)
+{
+ uint32_t blkbuf[howmany(EALG_MAX_BLOCK_LEN, sizeof(uint32_t))];
+ u_char *blk = (u_char *)blkbuf;
+ u_char aalg[AALG_MAX_RESULT_LEN];
+ u_char iv[EALG_MAX_BLOCK_LEN];
+ union authctx ctx;
+ struct cryptodesc *crd, *crda = NULL, *crde = NULL;
+ struct swcr_data *sw, *swa, *swe;
+ struct auth_hash *axf = NULL;
+ struct enc_xform *exf = NULL;
+ struct mbuf *m = NULL;
+ struct uio *uio = NULL;
+ caddr_t buf = (caddr_t)crp->crp_buf;
+ uint32_t *blkp;
+ int i, blksz, ivlen, outtype, len;
+
+ for (crd = crp->crp_desc; crd; crd = crd->crd_next) {
+ for (sw = swcr_sessions[crp->crp_sid & 0xffffffff];
+ sw && sw->sw_alg != crd->crd_alg;
+ sw = sw->sw_next)
+ ;
+ if (sw == NULL)
+ return (EINVAL);
+
+ switch (sw->sw_alg) {
+ case CRYPTO_AES_GCM_16:
+ case CRYPTO_AES_GMAC:
+ swe = sw;
+ crde = crd;
+ exf = swe->sw_exf;
+ ivlen = exf->ivsize;
+ break;
+ case CRYPTO_AES_128_GMAC:
+ case CRYPTO_AES_192_GMAC:
+ case CRYPTO_AES_256_GMAC:
+ swa = sw;
+ crda = crd;
+ axf = swa->sw_axf;
+ if (swa->sw_ictx == 0)
+ return (EINVAL);
+ bcopy(swa->sw_ictx, &ctx, axf->ctxsize);
+ blksz = axf->blocksize;
+ break;
+ default:
+ return (EINVAL);
+ }
+ }
+ if (crde == NULL || crda == NULL)
+ return (EINVAL);
+
+ if (crp->crp_flags & CRYPTO_F_IMBUF) {
+ outtype = CRYPTO_BUF_MBUF;
+ m = (struct mbuf *)buf;
+ } else {
+ outtype = CRYPTO_BUF_IOV;
+ uio = (struct uio *)buf;
+ }
+
+ /* Initialize the IV */
+ if (crde->crd_flags & CRD_F_ENCRYPT) {
+ /* IV explicitly provided ? */
+ if (crde->crd_flags & CRD_F_IV_EXPLICIT)
+ bcopy(crde->crd_iv, iv, ivlen);
+ else
+ arc4random_buf(iv, ivlen);
+
+ /* Do we need to write the IV */
+ if (!(crde->crd_flags & CRD_F_IV_PRESENT)) {
+ COPYBACK(outtype, buf, crde->crd_inject, ivlen, iv);
+ }
+
+ } else { /* Decryption */
+ /* IV explicitly provided ? */
+ if (crde->crd_flags & CRD_F_IV_EXPLICIT)
+ bcopy(crde->crd_iv, iv, ivlen);
+ else {
+ /* Get IV off buf */
+ COPYDATA(outtype, buf, crde->crd_inject, ivlen, iv);
+ }
+ }
+
+ /* Supply MAC with IV */
+ if (axf->Reinit)
+ axf->Reinit(&ctx, iv, ivlen);
+
+ /* Supply MAC with AAD */
+ for (i = 0; i < crda->crd_len; i += blksz) {
+ len = MIN(crda->crd_len - i, blksz);
+ COPYDATA(outtype, buf, crda->crd_skip + i, len, blk);
+ axf->Update(&ctx, blk, len);
+ }
+
+ if (exf->reinit)
+ exf->reinit(swe->sw_kschedule, iv);
+
+ /* Do encryption/decryption with MAC */
+ for (i = 0; i < crde->crd_len; i += blksz) {
+ len = MIN(crde->crd_len - i, blksz);
+ if (len < blksz)
+ bzero(blk, blksz);
+ COPYDATA(outtype, buf, crde->crd_skip + i, len, blk);
+ if (crde->crd_flags & CRD_F_ENCRYPT) {
+ exf->encrypt(swe->sw_kschedule, blk);
+ axf->Update(&ctx, blk, len);
+ } else {
+ axf->Update(&ctx, blk, len);
+ exf->decrypt(swe->sw_kschedule, blk);
+ }
+ COPYBACK(outtype, buf, crde->crd_skip + i, len, blk);
+ }
+
+ /* Do any required special finalization */
+ switch (crda->crd_alg) {
+ case CRYPTO_AES_128_GMAC:
+ case CRYPTO_AES_192_GMAC:
+ case CRYPTO_AES_256_GMAC:
+ /* length block */
+ bzero(blk, blksz);
+ blkp = (uint32_t *)blk + 1;
+ *blkp = htobe32(crda->crd_len * 8);
+ blkp = (uint32_t *)blk + 3;
+ *blkp = htobe32(crde->crd_len * 8);
+ axf->Update(&ctx, blk, blksz);
+ break;
+ }
+
+ /* Finalize MAC */
+ axf->Final(aalg, &ctx);
+
+ /* Inject the authentication data */
+ if (outtype == CRYPTO_BUF_MBUF)
+ COPYBACK(outtype, buf, crda->crd_inject, axf->authsize, aalg);
+ else
+ bcopy(aalg, crp->crp_mac, axf->authsize);
+
+ return (0);
+}
+
+/*
* Apply a compression/decompression algorithm
*/
int
@@ -653,6 +796,13 @@ swcr_newsession(u_int32_t *sid, struct c
case CRYPTO_AES_XTS:
txf = &enc_xform_aes_xts;
goto enccommon;
+ case CRYPTO_AES_GCM_16:
+ txf = &enc_xform_aes_gcm;
+ goto enccommon;
+ case CRYPTO_AES_GMAC:
+ txf = &enc_xform_aes_gmac;
+ (*swd)->sw_exf = txf;
+ break;
case CRYPTO_NULL:
txf = &enc_xform_null;
goto enccommon;
@@ -769,6 +919,29 @@ swcr_newsession(u_int32_t *sid, struct c
(*swd)->sw_axf = axf;
break;
+ case CRYPTO_AES_128_GMAC:
+ axf = &auth_hash_gmac_aes_128;
+ goto auth4common;
+
+ case CRYPTO_AES_192_GMAC:
+ axf = &auth_hash_gmac_aes_192;
+ goto auth4common;
+
+ case CRYPTO_AES_256_GMAC:
+ axf = &auth_hash_gmac_aes_256;
+ auth4common:
+ (*swd)->sw_ictx = malloc(axf->ctxsize, M_CRYPTO_DATA,
+ M_NOWAIT);
+ if ((*swd)->sw_ictx == NULL) {
+ swcr_freesession(i);
+ return ENOBUFS;
+ }
+ axf->Init((*swd)->sw_ictx);
+ axf->Setkey((*swd)->sw_ictx, cri->cri_key,
+ cri->cri_klen / 8);
+ (*swd)->sw_axf = axf;
+ break;
+
case CRYPTO_DEFLATE_COMP:
cxf = &comp_algo_deflate;
(*swd)->sw_cxf = cxf;
@@ -816,6 +989,8 @@ swcr_freesession(u_int64_t tid)
case CRYPTO_RIJNDAEL128_CBC:
case CRYPTO_AES_CTR:
case CRYPTO_AES_XTS:
+ case CRYPTO_AES_GCM_16:
+ case CRYPTO_AES_GMAC:
case CRYPTO_NULL:
txf = swd->sw_exf;
@@ -855,6 +1030,9 @@ swcr_freesession(u_int64_t tid)
}
break;
+ case CRYPTO_AES_128_GMAC:
+ case CRYPTO_AES_192_GMAC:
+ case CRYPTO_AES_256_GMAC:
case CRYPTO_MD5:
case CRYPTO_SHA1:
axf = swd->sw_axf;
@@ -953,6 +1131,14 @@ swcr_process(struct cryptop *crp)
goto done;
break;
+ case CRYPTO_AES_GCM_16:
+ case CRYPTO_AES_GMAC:
+ case CRYPTO_AES_128_GMAC:
+ case CRYPTO_AES_192_GMAC:
+ case CRYPTO_AES_256_GMAC:
+ crp->crp_etype = swcr_combined(crp);
+ goto done;
+
case CRYPTO_DEFLATE_COMP:
if ((crp->crp_etype = swcr_compdec(crd, sw,
crp->crp_buf, type)) != 0)
@@ -1006,11 +1192,16 @@ swcr_init(void)
algs[CRYPTO_RIJNDAEL128_CBC] = CRYPTO_ALG_FLAG_SUPPORTED;
algs[CRYPTO_AES_CTR] = CRYPTO_ALG_FLAG_SUPPORTED;
algs[CRYPTO_AES_XTS] = CRYPTO_ALG_FLAG_SUPPORTED;
+ algs[CRYPTO_AES_GCM_16] = CRYPTO_ALG_FLAG_SUPPORTED;
+ algs[CRYPTO_AES_GMAC] = CRYPTO_ALG_FLAG_SUPPORTED;
algs[CRYPTO_DEFLATE_COMP] = CRYPTO_ALG_FLAG_SUPPORTED;
algs[CRYPTO_NULL] = CRYPTO_ALG_FLAG_SUPPORTED;
algs[CRYPTO_SHA2_256_HMAC] = CRYPTO_ALG_FLAG_SUPPORTED;
algs[CRYPTO_SHA2_384_HMAC] = CRYPTO_ALG_FLAG_SUPPORTED;
algs[CRYPTO_SHA2_512_HMAC] = CRYPTO_ALG_FLAG_SUPPORTED;
+ algs[CRYPTO_AES_128_GMAC] = CRYPTO_ALG_FLAG_SUPPORTED;
+ algs[CRYPTO_AES_192_GMAC] = CRYPTO_ALG_FLAG_SUPPORTED;
+ algs[CRYPTO_AES_256_GMAC] = CRYPTO_ALG_FLAG_SUPPORTED;
crypto_register(swcr_id, algs, swcr_newsession,
swcr_freesession, swcr_process);
Index: crypto/cryptosoft.h
===================================================================
RCS file: /home/cvs/src/sys/crypto/cryptosoft.h,v
retrieving revision 1.12
diff -u -p -u -p -r1.12 cryptosoft.h
--- crypto/cryptosoft.h 10 Jan 2010 12:43:07 -0000 1.12
+++ crypto/cryptosoft.h 27 Jul 2010 13:34:13 -0000
@@ -63,6 +63,7 @@ extern const u_int8_t hmac_opad_buffer[H
int swcr_encdec(struct cryptodesc *, struct swcr_data *, caddr_t, int);
int swcr_authcompute(struct cryptop *, struct cryptodesc *, struct
swcr_data *,
caddr_t, int);
+int swcr_combined(struct cryptop *);
int swcr_compdec(struct cryptodesc *, struct swcr_data *, caddr_t, int);
int swcr_process(struct cryptop *);
int swcr_newsession(u_int32_t *, struct cryptoini *);
Index: crypto/gmac.c
===================================================================
RCS file: crypto/gmac.c
diff -N crypto/gmac.c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ crypto/gmac.c 20 Aug 2010 15:40:29 -0000
@@ -0,0 +1,158 @@
+/* $OpenBSD$ */
+
+/*
+ * Copyright (c) 2010 Mike Belopuhov <[email protected]>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * This code implements the Message Authentication part of the
+ * Galois/Counter Mode (as being described in the RFC 4543) using
+ * the AES cipher. FIPS SP 800-38D describes the algorithm details.
+ */
+
+#include <sys/param.h>
+#include <sys/systm.h>
+
+#include <crypto/rijndael.h>
+#include <crypto/gmac.h>
+
+void ghash_gfmul(uint32_t *, uint32_t *, uint32_t *);
+void ghash_update(GHASH_CTX *, uint8_t *, size_t);
+
+/* Computes a block multiplication in the GF(2^128) */
+void
+ghash_gfmul(uint32_t *X, uint32_t *Y, uint32_t *product)
+{
+ uint32_t v[4];
+ uint32_t z[4] = { 0, 0, 0, 0};
+ uint8_t *x = (uint8_t *)X;
+ uint32_t mul;
+ int i;
+
+ v[0] = betoh32(Y[0]);
+ v[1] = betoh32(Y[1]);
+ v[2] = betoh32(Y[2]);
+ v[3] = betoh32(Y[3]);
+
+ for (i = 0; i < GMAC_BLOCK_LEN * 8; i++) {
+ /* update Z */
+ if (x[i >> 3] & (1 << (~i & 7))) {
+ z[0] ^= v[0];
+ z[1] ^= v[1];
+ z[2] ^= v[2];
+ z[3] ^= v[3];
+ } /* else: we preserve old values */
+
+ /* update V */
+ mul = v[3] & 1;
+ v[3] = (v[2] << 31) | (v[3] >> 1);
+ v[2] = (v[1] << 31) | (v[2] >> 1);
+ v[1] = (v[0] << 31) | (v[1] >> 1);
+ v[0] = (v[0] >> 1) ^ (0xe1000000 * mul);
+ }
+
+ product[0] = htobe32(z[0]);
+ product[1] = htobe32(z[1]);
+ product[2] = htobe32(z[2]);
+ product[3] = htobe32(z[3]);
+}
+
+void
+ghash_update(GHASH_CTX *ctx, uint8_t *X, size_t len)
+{
+ uint32_t *x = (uint32_t *)X;
+ uint32_t *s = (uint32_t *)ctx->S;
+ uint32_t *y = (uint32_t *)ctx->Z;
+ int i;
+
+ for (i = 0; i < len / GMAC_BLOCK_LEN; i++) {
+ s[0] = y[0] ^ x[0];
+ s[1] = y[1] ^ x[1];
+ s[2] = y[2] ^ x[2];
+ s[3] = y[3] ^ x[3];
+
+ ghash_gfmul((uint32_t *)ctx->S, (uint32_t *)ctx->H,
+ (uint32_t *)ctx->S);
+
+ y = s;
+ x += 4;
+ }
+
+ bcopy(ctx->S, ctx->Z, GMAC_BLOCK_LEN);
+}
+
+/* defines from xform.c */
+#define AES_GCM_SALTSIZE 4
+#define AES_GCM_IVSIZE 8
+
+void
+AES_GMAC_Init(AES_GMAC_CTX *ctx)
+{
+ bzero(ctx->ghash.H, GMAC_BLOCK_LEN);
+ bzero(ctx->ghash.S, GMAC_BLOCK_LEN);
+ bzero(ctx->ghash.Z, GMAC_BLOCK_LEN);
+ bzero(ctx->J, GMAC_BLOCK_LEN);
+}
+
+void
+AES_GMAC_Setkey(AES_GMAC_CTX *ctx, const uint8_t *key, uint16_t klen)
+{
+ ctx->rounds = rijndaelKeySetupEnc(ctx->K, (u_char *)key,
+ (klen - AES_GCM_SALTSIZE) * 8);
+ /* copy out salt to the counter block */
+ bcopy(key + klen - AES_GCM_SALTSIZE, ctx->J, AES_GCM_SALTSIZE);
+ /* prepare a hash subkey */
+ rijndaelEncrypt(ctx->K, ctx->rounds, ctx->ghash.H, ctx->ghash.H);
+}
+
+void
+AES_GMAC_Reinit(AES_GMAC_CTX *ctx, const uint8_t *iv, uint16_t ivlen)
+{
+ /* copy out IV to the counter block */
+ bcopy(iv, ctx->J + AES_GCM_SALTSIZE, ivlen);
+}
+
+int
+AES_GMAC_Update(AES_GMAC_CTX *ctx, const uint8_t *data, uint16_t len)
+{
+ uint32_t blk[4] = { 0, 0, 0, 0 };
+ int plen;
+
+ if (len > 0) {
+ plen = len % GMAC_BLOCK_LEN;
+ if (len >= GMAC_BLOCK_LEN)
+ ghash_update(&ctx->ghash, (uint8_t *)data, len - plen);
+ if (plen) {
+ bcopy((uint8_t *)data + (len - plen), (uint8_t *)blk,
+ plen);
+ ghash_update(&ctx->ghash, (uint8_t *)blk,
+ GMAC_BLOCK_LEN);
+ }
+ }
+ return (0);
+}
+
+void
+AES_GMAC_Final(uint8_t digest[GMAC_DIGEST_LEN], AES_GMAC_CTX *ctx)
+{
+ uint8_t keystream[GMAC_BLOCK_LEN];
+ int i;
+
+ /* do one round of GCTR */
+ ctx->J[GMAC_BLOCK_LEN - 1] = 1;
+ rijndaelEncrypt(ctx->K, ctx->rounds, ctx->J, keystream);
+ for (i = 0; i < GMAC_DIGEST_LEN; i++)
+ digest[i] = ctx->ghash.S[i] ^ keystream[i];
+}
Index: crypto/gmac.h
===================================================================
RCS file: crypto/gmac.h
diff -N crypto/gmac.h
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ crypto/gmac.h 20 Aug 2010 13:04:59 -0000
@@ -0,0 +1,50 @@
+/* $OpenBSD$ */
+
+/*
+ * Copyright (c) 2010 Mike Belopuhov <[email protected]>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef _GMAC_H_
+#define _GMAC_H_
+
+#include <crypto/rijndael.h>
+
+#define GMAC_BLOCK_LEN 16
+#define GMAC_DIGEST_LEN 16
+
+typedef struct _GHASH_CTX {
+ uint8_t H[GMAC_BLOCK_LEN]; /* hash subkey */
+ uint8_t S[GMAC_BLOCK_LEN]; /* state */
+ uint8_t Z[GMAC_BLOCK_LEN]; /* initial state */
+} GHASH_CTX;
+
+typedef struct _AES_GMAC_CTX {
+ GHASH_CTX ghash;
+ uint32_t K[4*(AES_MAXROUNDS + 1)];
+ uint8_t J[GMAC_BLOCK_LEN]; /* counter block */
+ int rounds;
+} AES_GMAC_CTX;
+
+#include <sys/cdefs.h>
+
+__BEGIN_DECLS
+void AES_GMAC_Init(AES_GMAC_CTX *);
+void AES_GMAC_Setkey(AES_GMAC_CTX *, const uint8_t *, uint16_t);
+void AES_GMAC_Reinit(AES_GMAC_CTX *, const uint8_t *, uint16_t);
+int AES_GMAC_Update(AES_GMAC_CTX *, const uint8_t *, uint16_t);
+void AES_GMAC_Final(uint8_t [GMAC_DIGEST_LEN], AES_GMAC_CTX *);
+__END_DECLS
+
+#endif /* _GMAC_H_ */
Index: crypto/xform.c
===================================================================
RCS file: /home/cvs/src/sys/crypto/xform.c,v
retrieving revision 1.38
diff -u -p -u -p -r1.38 xform.c
--- crypto/xform.c 20 Apr 2010 22:05:41 -0000 1.38
+++ crypto/xform.c 20 Aug 2010 19:07:03 -0000
@@ -60,6 +60,7 @@
#include <crypto/cryptodev.h>
#include <crypto/xform.h>
#include <crypto/deflate.h>
+#include <crypto/gmac.h>
extern void des_ecb3_encrypt(caddr_t, caddr_t, caddr_t, caddr_t, caddr_t, int);
extern void des_ecb_encrypt(caddr_t, caddr_t, caddr_t, int);
@@ -107,6 +108,7 @@ void null_zerokey(u_int8_t **);
void aes_ctr_reinit(caddr_t, u_int8_t *);
void aes_xts_reinit(caddr_t, u_int8_t *);
+void aes_gcm_reinit(caddr_t, u_int8_t *);
int MD5Update_int(void *, const u_int8_t *, u_int16_t);
int SHA1Update_int(void *, const u_int8_t *, u_int16_t);
@@ -194,6 +196,26 @@ struct enc_xform enc_xform_aes_ctr = {
aes_ctr_reinit
};
+struct enc_xform enc_xform_aes_gcm = {
+ CRYPTO_AES_GCM_16, "AES-GCM",
+ 1, 8, 16+4, 32+4,
+ aes_ctr_crypt,
+ aes_ctr_crypt,
+ aes_ctr_setkey,
+ aes_ctr_zerokey,
+ aes_gcm_reinit
+};
+
+struct enc_xform enc_xform_aes_gmac = {
+ CRYPTO_AES_GMAC, "AES-GMAC",
+ 1, 8, 16+4, 32+4,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL
+};
+
struct enc_xform enc_xform_aes_xts = {
CRYPTO_AES_XTS, "AES-XTS",
16, 8, 32, 64,
@@ -228,70 +250,110 @@ struct enc_xform enc_xform_null = {
struct auth_hash auth_hash_hmac_md5_96 = {
CRYPTO_MD5_HMAC, "HMAC-MD5",
16, 16, 12, sizeof(MD5_CTX), HMAC_MD5_BLOCK_LEN,
- (void (*) (void *)) MD5Init, MD5Update_int,
+ (void (*) (void *)) MD5Init, NULL, NULL,
+ MD5Update_int,
(void (*) (u_int8_t *, void *)) MD5Final
};
struct auth_hash auth_hash_hmac_sha1_96 = {
CRYPTO_SHA1_HMAC, "HMAC-SHA1",
20, 20, 12, sizeof(SHA1_CTX), HMAC_SHA1_BLOCK_LEN,
- (void (*) (void *)) SHA1Init, SHA1Update_int,
+ (void (*) (void *)) SHA1Init, NULL, NULL,
+ SHA1Update_int,
(void (*) (u_int8_t *, void *)) SHA1Final
};
struct auth_hash auth_hash_hmac_ripemd_160_96 = {
CRYPTO_RIPEMD160_HMAC, "HMAC-RIPEMD-160",
20, 20, 12, sizeof(RMD160_CTX), HMAC_RIPEMD160_BLOCK_LEN,
- (void (*)(void *)) RMD160Init, RMD160Update_int,
+ (void (*)(void *)) RMD160Init, NULL, NULL,
+ RMD160Update_int,
(void (*)(u_int8_t *, void *)) RMD160Final
};
struct auth_hash auth_hash_hmac_sha2_256_128 = {
CRYPTO_SHA2_256_HMAC, "HMAC-SHA2-256",
32, 32, 16, sizeof(SHA2_CTX), HMAC_SHA2_256_BLOCK_LEN,
- (void (*)(void *)) SHA256Init, SHA256Update_int,
+ (void (*)(void *)) SHA256Init, NULL, NULL,
+ SHA256Update_int,
(void (*)(u_int8_t *, void *)) SHA256Final
};
struct auth_hash auth_hash_hmac_sha2_384_192 = {
CRYPTO_SHA2_384_HMAC, "HMAC-SHA2-384",
48, 48, 24, sizeof(SHA2_CTX), HMAC_SHA2_384_BLOCK_LEN,
- (void (*)(void *)) SHA384Init, SHA384Update_int,
+ (void (*)(void *)) SHA384Init, NULL, NULL,
+ SHA384Update_int,
(void (*)(u_int8_t *, void *)) SHA384Final
};
struct auth_hash auth_hash_hmac_sha2_512_256 = {
CRYPTO_SHA2_512_HMAC, "HMAC-SHA2-512",
64, 64, 32, sizeof(SHA2_CTX), HMAC_SHA2_512_BLOCK_LEN,
- (void (*)(void *)) SHA512Init, SHA512Update_int,
+ (void (*)(void *)) SHA512Init, NULL, NULL,
+ SHA512Update_int,
(void (*)(u_int8_t *, void *)) SHA512Final
};
+struct auth_hash auth_hash_gmac_aes_128 = {
+ CRYPTO_AES_128_GMAC, "GMAC-AES-128",
+ 16+4, 16, 16, sizeof(AES_GMAC_CTX), GMAC_BLOCK_LEN,
+ (void (*)(void *)) AES_GMAC_Init,
+ (void (*)(void *, const u_int8_t *, u_int16_t)) AES_GMAC_Setkey,
+ (void (*)(void *, const u_int8_t *, u_int16_t)) AES_GMAC_Reinit,
+ (int (*)(void *, const u_int8_t *, u_int16_t)) AES_GMAC_Update,
+ (void (*)(u_int8_t *, void *)) AES_GMAC_Final
+};
+
+struct auth_hash auth_hash_gmac_aes_192 = {
+ CRYPTO_AES_192_GMAC, "GMAC-AES-192",
+ 24+4, 16, 16, sizeof(AES_GMAC_CTX), GMAC_BLOCK_LEN,
+ (void (*)(void *)) AES_GMAC_Init,
+ (void (*)(void *, const u_int8_t *, u_int16_t)) AES_GMAC_Setkey,
+ (void (*)(void *, const u_int8_t *, u_int16_t)) AES_GMAC_Reinit,
+ (int (*)(void *, const u_int8_t *, u_int16_t)) AES_GMAC_Update,
+ (void (*)(u_int8_t *, void *)) AES_GMAC_Final
+};
+
+struct auth_hash auth_hash_gmac_aes_256 = {
+ CRYPTO_AES_256_GMAC, "GMAC-AES-256",
+ 32+4, 16, 16, sizeof(AES_GMAC_CTX), GMAC_BLOCK_LEN,
+ (void (*)(void *)) AES_GMAC_Init,
+ (void (*)(void *, const u_int8_t *, u_int16_t)) AES_GMAC_Setkey,
+ (void (*)(void *, const u_int8_t *, u_int16_t)) AES_GMAC_Reinit,
+ (int (*)(void *, const u_int8_t *, u_int16_t)) AES_GMAC_Update,
+ (void (*)(u_int8_t *, void *)) AES_GMAC_Final
+};
+
struct auth_hash auth_hash_key_md5 = {
CRYPTO_MD5_KPDK, "Keyed MD5",
0, 16, 16, sizeof(MD5_CTX), 0,
- (void (*)(void *)) MD5Init, MD5Update_int,
+ (void (*)(void *)) MD5Init, NULL, NULL,
+ MD5Update_int,
(void (*)(u_int8_t *, void *)) MD5Final
};
struct auth_hash auth_hash_key_sha1 = {
CRYPTO_SHA1_KPDK, "Keyed SHA1",
0, 20, 20, sizeof(SHA1_CTX), 0,
- (void (*)(void *)) SHA1Init, SHA1Update_int,
+ (void (*)(void *)) SHA1Init, NULL, NULL,
+ SHA1Update_int,
(void (*)(u_int8_t *, void *)) SHA1Final
};
struct auth_hash auth_hash_md5 = {
CRYPTO_MD5, "MD5",
0, 16, 16, sizeof(MD5_CTX), 0,
- (void (*) (void *)) MD5Init, MD5Update_int,
+ (void (*) (void *)) MD5Init, NULL, NULL,
+ MD5Update_int,
(void (*) (u_int8_t *, void *)) MD5Final
};
struct auth_hash auth_hash_sha1 = {
CRYPTO_SHA1, "SHA1",
0, 20, 20, sizeof(SHA1_CTX), 0,
- (void (*)(void *)) SHA1Init, SHA1Update_int,
+ (void (*)(void *)) SHA1Init, NULL, NULL,
+ SHA1Update_int,
(void (*)(u_int8_t *, void *)) SHA1Final
};
@@ -552,6 +614,19 @@ aes_ctr_reinit(caddr_t key, u_int8_t *iv
}
void
+aes_gcm_reinit(caddr_t key, u_int8_t *iv)
+{
+ struct aes_ctr_ctx *ctx;
+
+ ctx = (struct aes_ctr_ctx *)key;
+ bcopy(iv, ctx->ac_block + AESCTR_NONCESIZE, AESCTR_IVSIZE);
+
+ /* reset counter */
+ bzero(ctx->ac_block + AESCTR_NONCESIZE + AESCTR_IVSIZE, 4);
+ ctx->ac_block[AESCTR_BLOCKSIZE - 1] = 1; /* GCM starts with 1 */
+}
+
+void
aes_ctr_crypt(caddr_t key, u_int8_t *data)
{
struct aes_ctr_ctx *ctx;
@@ -743,6 +818,7 @@ SHA512Update_int(void *ctx, const u_int8
SHA512Update(ctx, buf, len);
return 0;
}
+
/*
* And compression
Index: crypto/xform.h
===================================================================
RCS file: /home/cvs/src/sys/crypto/xform.h,v
retrieving revision 1.20
diff -u -p -u -p -r1.20 xform.h
--- crypto/xform.h 10 Jan 2010 12:43:07 -0000 1.20
+++ crypto/xform.h 3 Aug 2010 16:24:48 -0000
@@ -28,6 +28,7 @@
#include <crypto/sha1.h>
#include <crypto/rmd160.h>
#include <crypto/sha2.h>
+#include <crypto/gmac.h>
/* Declarations */
struct auth_hash {
@@ -39,6 +40,8 @@ struct auth_hash {
u_int16_t ctxsize;
u_int16_t blocksize;
void (*Init) (void *);
+ void (*Setkey) (void *, const u_int8_t *, u_int16_t);
+ void (*Reinit) (void *, const u_int8_t *, u_int16_t);
int (*Update) (void *, const u_int8_t *, u_int16_t);
void (*Final) (u_int8_t *, void *);
};
@@ -68,6 +71,7 @@ union authctx {
SHA1_CTX sha1ctx;
RMD160_CTX rmd160ctx;
SHA2_CTX sha2_ctx;
+ AES_GMAC_CTX aes_gmac_ctx;
};
extern struct enc_xform enc_xform_des;
@@ -77,6 +81,8 @@ extern struct enc_xform enc_xform_cast5;
extern struct enc_xform enc_xform_skipjack;
extern struct enc_xform enc_xform_rijndael128;
extern struct enc_xform enc_xform_aes_ctr;
+extern struct enc_xform enc_xform_aes_gcm;
+extern struct enc_xform enc_xform_aes_gmac;
extern struct enc_xform enc_xform_aes_xts;
extern struct enc_xform enc_xform_arc4;
extern struct enc_xform enc_xform_null;
@@ -91,6 +97,9 @@ extern struct auth_hash auth_hash_hmac_r
extern struct auth_hash auth_hash_hmac_sha2_256_128;
extern struct auth_hash auth_hash_hmac_sha2_384_192;
extern struct auth_hash auth_hash_hmac_sha2_512_256;
+extern struct auth_hash auth_hash_gmac_aes_128;
+extern struct auth_hash auth_hash_gmac_aes_192;
+extern struct auth_hash auth_hash_gmac_aes_256;
extern struct comp_algo comp_algo_deflate;
extern struct comp_algo comp_algo_lzs;
