AES_Setkey takes key length in bytes rather than bits which makes
it a bit simpler.
---
sys/crypto/cryptosoft.c | 8 +++----
sys/crypto/gmac.c | 9 ++++----
sys/crypto/gmac.h | 5 ++---
sys/crypto/xform.c | 55 +++++++++++++++++++++++--------------------------
sys/crypto/xform.h | 2 +-
sys/netinet/ip_esp.c | 2 +-
6 files changed, 38 insertions(+), 43 deletions(-)
diff --git sys/crypto/cryptosoft.c sys/crypto/cryptosoft.c
index 315210c5407..bdc5602f6fe 100644
--- sys/crypto/cryptosoft.c
+++ sys/crypto/cryptosoft.c
@@ -793,12 +793,12 @@ swcr_newsession(u_int32_t *sid, struct cryptoini *cri)
txf = &enc_xform_blf;
goto enccommon;
case CRYPTO_CAST_CBC:
txf = &enc_xform_cast5;
goto enccommon;
- case CRYPTO_RIJNDAEL128_CBC:
- txf = &enc_xform_rijndael128;
+ case CRYPTO_AES_CBC:
+ txf = &enc_xform_aes;
goto enccommon;
case CRYPTO_AES_CTR:
txf = &enc_xform_aes_ctr;
goto enccommon;
case CRYPTO_AES_XTS:
@@ -958,11 +958,11 @@ swcr_freesession(u_int64_t tid)
switch (swd->sw_alg) {
case CRYPTO_3DES_CBC:
case CRYPTO_BLF_CBC:
case CRYPTO_CAST_CBC:
- case CRYPTO_RIJNDAEL128_CBC:
+ case CRYPTO_AES_CBC:
case CRYPTO_AES_CTR:
case CRYPTO_AES_XTS:
case CRYPTO_AES_GCM_16:
case CRYPTO_AES_GMAC:
case CRYPTO_CHACHA20_POLY1305:
@@ -1142,11 +1142,11 @@ swcr_init(void)
algs[CRYPTO_BLF_CBC] = CRYPTO_ALG_FLAG_SUPPORTED;
algs[CRYPTO_CAST_CBC] = CRYPTO_ALG_FLAG_SUPPORTED;
algs[CRYPTO_MD5_HMAC] = CRYPTO_ALG_FLAG_SUPPORTED;
algs[CRYPTO_SHA1_HMAC] = CRYPTO_ALG_FLAG_SUPPORTED;
algs[CRYPTO_RIPEMD160_HMAC] = CRYPTO_ALG_FLAG_SUPPORTED;
- algs[CRYPTO_RIJNDAEL128_CBC] = CRYPTO_ALG_FLAG_SUPPORTED;
+ algs[CRYPTO_AES_CBC] = CRYPTO_ALG_FLAG_SUPPORTED;
algs[CRYPTO_AES_CTR] = CRYPTO_ALG_FLAG_SUPPORTED;
algs[CRYPTO_AES_XTS] = CRYPTO_ALG_FLAG_SUPPORTED;
algs[CRYPTO_AES_GCM_16] = CRYPTO_ALG_FLAG_SUPPORTED;
algs[CRYPTO_AES_GMAC] = CRYPTO_ALG_FLAG_SUPPORTED;
algs[CRYPTO_DEFLATE_COMP] = CRYPTO_ALG_FLAG_SUPPORTED;
diff --git sys/crypto/gmac.c sys/crypto/gmac.c
index 33843d08fbe..765f8404178 100644
--- sys/crypto/gmac.c
+++ sys/crypto/gmac.c
@@ -23,11 +23,11 @@
*/
#include <sys/param.h>
#include <sys/systm.h>
-#include <crypto/rijndael.h>
+#include <crypto/aes.h>
#include <crypto/gmac.h>
void ghash_gfmul(uint32_t *, uint32_t *, uint32_t *);
void ghash_update_mi(GHASH_CTX *, uint8_t *, size_t);
@@ -112,16 +112,15 @@ AES_GMAC_Init(void *xctx)
void
AES_GMAC_Setkey(void *xctx, const uint8_t *key, uint16_t klen)
{
AES_GMAC_CTX *ctx = xctx;
- ctx->rounds = rijndaelKeySetupEnc(ctx->K, (u_char *)key,
- (klen - AESCTR_NONCESIZE) * 8);
+ AES_Setkey(&ctx->K, key, klen - AESCTR_NONCESIZE);
/* copy out salt to the counter block */
bcopy(key + klen - AESCTR_NONCESIZE, ctx->J, AESCTR_NONCESIZE);
/* prepare a hash subkey */
- rijndaelEncrypt(ctx->K, ctx->rounds, ctx->ghash.H, ctx->ghash.H);
+ AES_Encrypt(&ctx->K, ctx->ghash.H, ctx->ghash.H);
}
void
AES_GMAC_Reinit(void *xctx, const uint8_t *iv, uint16_t ivlen)
{
@@ -160,10 +159,10 @@ AES_GMAC_Final(uint8_t digest[GMAC_DIGEST_LEN], void
*xctx)
uint8_t keystream[GMAC_BLOCK_LEN];
int i;
/* do one round of GCTR */
ctx->J[GMAC_BLOCK_LEN - 1] = 1;
- rijndaelEncrypt(ctx->K, ctx->rounds, ctx->J, keystream);
+ AES_Encrypt(&ctx->K, ctx->J, keystream);
for (i = 0; i < GMAC_DIGEST_LEN; i++)
digest[i] = ctx->ghash.S[i] ^ keystream[i];
explicit_bzero(keystream, sizeof(keystream));
}
diff --git sys/crypto/gmac.h sys/crypto/gmac.h
index bae2c80864d..63e1988701e 100644
--- sys/crypto/gmac.h
+++ sys/crypto/gmac.h
@@ -17,11 +17,11 @@
*/
#ifndef _GMAC_H_
#define _GMAC_H_
-#include <crypto/rijndael.h>
+#include <crypto/aes.h>
#define GMAC_BLOCK_LEN 16
#define GMAC_DIGEST_LEN 16
typedef struct _GHASH_CTX {
@@ -30,13 +30,12 @@ typedef struct _GHASH_CTX {
uint8_t Z[GMAC_BLOCK_LEN]; /* initial state */
} GHASH_CTX;
typedef struct _AES_GMAC_CTX {
GHASH_CTX ghash;
- uint32_t K[4*(AES_MAXROUNDS + 1)];
+ AES_CTX K;
uint8_t J[GMAC_BLOCK_LEN]; /* counter block */
- int rounds;
} AES_GMAC_CTX;
__BEGIN_DECLS
extern void (*ghash_update)(GHASH_CTX *, uint8_t *, size_t);
diff --git sys/crypto/xform.c sys/crypto/xform.c
index 0a4ddbb3ffd..70d460f3f58 100644
--- sys/crypto/xform.c
+++ sys/crypto/xform.c
@@ -57,11 +57,11 @@
#include <crypto/sha1.h>
#include <crypto/sha2.h>
#include <crypto/rmd160.h>
#include <crypto/blf.h>
#include <crypto/cast.h>
-#include <crypto/rijndael.h>
+#include <crypto/aes.h>
#include <crypto/cryptodev.h>
#include <crypto/xform.h>
#include <crypto/gmac.h>
#include <crypto/chachapoly.h>
@@ -69,26 +69,26 @@ extern void des_ecb3_encrypt(caddr_t, caddr_t, caddr_t,
caddr_t, caddr_t, int);
int des_set_key(void *, caddr_t);
int des3_setkey(void *, u_int8_t *, int);
int blf_setkey(void *, u_int8_t *, int);
int cast5_setkey(void *, u_int8_t *, int);
-int rijndael128_setkey(void *, u_int8_t *, int);
+int aes_setkey(void *, u_int8_t *, int);
int aes_ctr_setkey(void *, u_int8_t *, int);
int aes_xts_setkey(void *, u_int8_t *, int);
int null_setkey(void *, u_int8_t *, int);
void des3_encrypt(caddr_t, u_int8_t *);
void blf_encrypt(caddr_t, u_int8_t *);
void cast5_encrypt(caddr_t, u_int8_t *);
-void rijndael128_encrypt(caddr_t, u_int8_t *);
+void aes_encrypt(caddr_t, u_int8_t *);
void null_encrypt(caddr_t, u_int8_t *);
void aes_xts_encrypt(caddr_t, u_int8_t *);
void des3_decrypt(caddr_t, u_int8_t *);
void blf_decrypt(caddr_t, u_int8_t *);
void cast5_decrypt(caddr_t, u_int8_t *);
-void rijndael128_decrypt(caddr_t, u_int8_t *);
+void aes_decrypt(caddr_t, u_int8_t *);
void null_decrypt(caddr_t, u_int8_t *);
void aes_xts_decrypt(caddr_t, u_int8_t *);
void aes_ctr_crypt(caddr_t, u_int8_t *);
@@ -110,22 +110,21 @@ u_int32_t lzs_dummy(u_int8_t *, u_int32_t, u_int8_t **);
#define AESCTR_NONCESIZE 4
#define AESCTR_IVSIZE 8
#define AESCTR_BLOCKSIZE 16
struct aes_ctr_ctx {
- u_int32_t ac_ek[4*(AES_MAXROUNDS + 1)];
+ AES_CTX ac_key;
u_int8_t ac_block[AESCTR_BLOCKSIZE];
- int ac_nr;
};
#define AES_XTS_BLOCKSIZE 16
#define AES_XTS_IVSIZE 8
#define AES_XTS_ALPHA 0x87 /* GF(2^128) generator polynomial */
struct aes_xts_ctx {
- rijndael_ctx key1;
- rijndael_ctx key2;
+ AES_CTX key1;
+ AES_CTX key2;
u_int8_t tweak[AES_XTS_BLOCKSIZE];
};
/* Helper */
void aes_xts_crypt(struct aes_xts_ctx *, u_int8_t *, u_int);
@@ -158,17 +157,17 @@ struct enc_xform enc_xform_cast5 = {
cast5_decrypt,
cast5_setkey,
NULL
};
-struct enc_xform enc_xform_rijndael128 = {
- CRYPTO_RIJNDAEL128_CBC, "Rijndael-128/AES",
+struct enc_xform enc_xform_aes = {
+ CRYPTO_AES_CBC, "AES",
16, 16, 16, 32,
- sizeof(rijndael_ctx),
- rijndael128_encrypt,
- rijndael128_decrypt,
- rijndael128_setkey,
+ sizeof(AES_CTX),
+ aes_encrypt,
+ aes_decrypt,
+ aes_setkey,
NULL
};
struct enc_xform enc_xform_aes_ctr = {
CRYPTO_AES_CTR, "AES-CTR",
@@ -400,25 +399,25 @@ cast5_setkey(void *sched, u_int8_t *key, int len)
return 0;
}
void
-rijndael128_encrypt(caddr_t key, u_int8_t *blk)
+aes_encrypt(caddr_t key, u_int8_t *blk)
{
- rijndael_encrypt((rijndael_ctx *) key, (u_char *) blk, (u_char *) blk);
+ AES_Encrypt((AES_CTX *)key, blk, blk);
}
void
-rijndael128_decrypt(caddr_t key, u_int8_t *blk)
+aes_decrypt(caddr_t key, u_int8_t *blk)
{
- rijndael_decrypt((rijndael_ctx *) key, (u_char *) blk, (u_char *) blk);
+ AES_Decrypt((AES_CTX *)key, blk, blk);
}
int
-rijndael128_setkey(void *sched, u_int8_t *key, int len)
+aes_setkey(void *sched, u_int8_t *key, int len)
{
- return rijndael_set_key((rijndael_ctx *)sched, (u_char *)key, len * 8);
+ return AES_Setkey((AES_CTX *)sched, key, len);
}
void
aes_ctr_reinit(caddr_t key, u_int8_t *iv)
{
@@ -455,11 +454,11 @@ aes_ctr_crypt(caddr_t key, u_int8_t *data)
/* increment counter */
for (i = AESCTR_BLOCKSIZE - 1;
i >= AESCTR_NONCESIZE + AESCTR_IVSIZE; i--)
if (++ctx->ac_block[i]) /* continue on overflow */
break;
- rijndaelEncrypt(ctx->ac_ek, ctx->ac_nr, ctx->ac_block, keystream);
+ AES_Encrypt(&ctx->ac_key, ctx->ac_block, keystream);
for (i = 0; i < AESCTR_BLOCKSIZE; i++)
data[i] ^= keystream[i];
explicit_bzero(keystream, sizeof(keystream));
}
@@ -470,13 +469,11 @@ aes_ctr_setkey(void *sched, u_int8_t *key, int len)
if (len < AESCTR_NONCESIZE)
return -1;
ctx = (struct aes_ctr_ctx *)sched;
- ctx->ac_nr = rijndaelKeySetupEnc(ctx->ac_ek, (u_char *)key,
- (len - AESCTR_NONCESIZE) * 8);
- if (ctx->ac_nr == 0)
+ if (AES_Setkey(&ctx->ac_key, key, len - AESCTR_NONCESIZE) != 0)
return -1;
bcopy(key + len - AESCTR_NONCESIZE, ctx->ac_block, AESCTR_NONCESIZE);
return 0;
}
@@ -497,11 +494,11 @@ aes_xts_reinit(caddr_t key, u_int8_t *iv)
blocknum >>= 8;
}
/* Last 64 bits of IV are always zero */
bzero(ctx->tweak + AES_XTS_IVSIZE, AES_XTS_IVSIZE);
- rijndael_encrypt(&ctx->key2, ctx->tweak, ctx->tweak);
+ AES_Encrypt(&ctx->key2, ctx->tweak, ctx->tweak);
}
void
aes_xts_crypt(struct aes_xts_ctx *ctx, u_int8_t *data, u_int do_encrypt)
{
@@ -510,13 +507,13 @@ aes_xts_crypt(struct aes_xts_ctx *ctx, u_int8_t *data,
u_int do_encrypt)
for (i = 0; i < AES_XTS_BLOCKSIZE; i++)
block[i] = data[i] ^ ctx->tweak[i];
if (do_encrypt)
- rijndael_encrypt(&ctx->key1, block, data);
+ AES_Encrypt(&ctx->key1, block, data);
else
- rijndael_decrypt(&ctx->key1, block, data);
+ AES_Decrypt(&ctx->key1, block, data);
for (i = 0; i < AES_XTS_BLOCKSIZE; i++)
data[i] ^= ctx->tweak[i];
/* Exponentiate tweak */
@@ -551,12 +548,12 @@ aes_xts_setkey(void *sched, u_int8_t *key, int len)
if (len != 32 && len != 64)
return -1;
ctx = (struct aes_xts_ctx *)sched;
- rijndael_set_key(&ctx->key1, key, len * 4);
- rijndael_set_key(&ctx->key2, key + (len / 2), len * 4);
+ AES_Setkey(&ctx->key1, key, len / 2);
+ AES_Setkey(&ctx->key2, key + (len / 2), len / 2);
return 0;
}
/*
diff --git sys/crypto/xform.h sys/crypto/xform.h
index 33d479d06bc..694c06e8e77 100644
--- sys/crypto/xform.h
+++ sys/crypto/xform.h
@@ -77,11 +77,11 @@ union authctx {
};
extern struct enc_xform enc_xform_3des;
extern struct enc_xform enc_xform_blf;
extern struct enc_xform enc_xform_cast5;
-extern struct enc_xform enc_xform_rijndael128;
+extern struct enc_xform enc_xform_aes;
extern struct enc_xform enc_xform_aes_ctr;
extern struct enc_xform enc_xform_aes_gcm;
extern struct enc_xform enc_xform_aes_gmac;
extern struct enc_xform enc_xform_aes_xts;
extern struct enc_xform enc_xform_chacha20_poly1305;
diff --git sys/netinet/ip_esp.c sys/netinet/ip_esp.c
index 4d8f385dc55..82e07812d92 100644
--- sys/netinet/ip_esp.c
+++ sys/netinet/ip_esp.c
@@ -114,11 +114,11 @@ esp_init(struct tdb *tdbp, struct xformsw *xsp, struct
ipsecinit *ii)
case SADB_EALG_3DESCBC:
txform = &enc_xform_3des;
break;
case SADB_X_EALG_AES:
- txform = &enc_xform_rijndael128;
+ txform = &enc_xform_aes;
break;
case SADB_X_EALG_AESCTR:
txform = &enc_xform_aes_ctr;
break;
--
2.12.2
