Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src copy AES-XCBC-MAC support from KAME IPSEC to FAST_IPSEC



details:   https://anonhg.NetBSD.org/src/rev/319549692b38
branches:  trunk
changeset: 765383:319549692b38
user:      drochner <drochner%NetBSD.org@localhost>
date:      Tue May 24 19:10:08 2011 +0000

description:
copy AES-XCBC-MAC support from KAME IPSEC to FAST_IPSEC
For this to fit, an API change in cryptosoft was adopted from OpenBSD
(addition of a "Setkey" method to hashes) which was done for GCM/GMAC
support there, so it might be useful in the future anyway.
tested against KAME IPSEC
AFAICT, FAST_IPSEC now supports as much as KAME.

diffstat:

 sys/netipsec/xform_ah.c           |    6 +-
 sys/opencrypto/aesxcbcmac.c       |  141 ++++++++++++++++++++++++++++++++++++++
 sys/opencrypto/aesxcbcmac.h       |   21 +++++
 sys/opencrypto/cryptodev.c        |    7 +-
 sys/opencrypto/cryptodev.h        |    5 +-
 sys/opencrypto/cryptosoft.c       |   23 +++++-
 sys/opencrypto/cryptosoft_xform.c |   41 ++++++----
 sys/opencrypto/files.opencrypto   |    3 +-
 sys/opencrypto/xform.c            |    9 +-
 sys/opencrypto/xform.h            |    3 +-
 usr.bin/netstat/fast_ipsec.c      |    5 +-
 11 files changed, 234 insertions(+), 30 deletions(-)

diffs (truncated from 550 to 300 lines):

diff -r 9f37bc51ea74 -r 319549692b38 sys/netipsec/xform_ah.c
--- a/sys/netipsec/xform_ah.c   Tue May 24 18:59:21 2011 +0000
+++ b/sys/netipsec/xform_ah.c   Tue May 24 19:10:08 2011 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: xform_ah.c,v 1.32 2011/05/06 21:48:46 drochner Exp $   */
+/*     $NetBSD: xform_ah.c,v 1.33 2011/05/24 19:10:08 drochner Exp $   */
 /*     $FreeBSD: src/sys/netipsec/xform_ah.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $   */
 /*     $OpenBSD: ip_ah.c,v 1.63 2001/06/26 06:18:58 angelos Exp $ */
 /*
@@ -39,7 +39,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.32 2011/05/06 21:48:46 drochner Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.33 2011/05/24 19:10:08 drochner Exp $");
 
 #include "opt_inet.h"
 #ifdef __FreeBSD__
@@ -147,6 +147,8 @@
                return &auth_hash_hmac_sha2_384;
        case SADB_X_AALG_SHA2_512:
                return &auth_hash_hmac_sha2_512;
+       case SADB_X_AALG_AES_XCBC_MAC:
+               return &auth_hash_aes_xcbc_mac_96;
        }
        return NULL;
 }
diff -r 9f37bc51ea74 -r 319549692b38 sys/opencrypto/aesxcbcmac.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/sys/opencrypto/aesxcbcmac.c       Tue May 24 19:10:08 2011 +0000
@@ -0,0 +1,141 @@
+/* $NetBSD: aesxcbcmac.c,v 1.1 2011/05/24 19:10:08 drochner Exp $ */
+
+/*
+ * Copyright (C) 1995, 1996, 1997, 1998 and 2003 WIDE Project.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the project nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <sys/cdefs.h>
+__KERNEL_RCSID(0, "$NetBSD: aesxcbcmac.c,v 1.1 2011/05/24 19:10:08 drochner Exp $");
+
+#include <sys/param.h>
+#include <sys/systm.h>
+#include <crypto/rijndael/rijndael.h>
+
+#include <opencrypto/aesxcbcmac.h>
+
+int
+aes_xcbc_mac_init(void *vctx, const u_int8_t *key, u_int16_t keylen)
+{
+       u_int8_t k1seed[AES_BLOCKSIZE] = { 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 };
+       u_int8_t k2seed[AES_BLOCKSIZE] = { 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2 };
+       u_int8_t k3seed[AES_BLOCKSIZE] = { 3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3 };
+       u_int32_t r_ks[(RIJNDAEL_MAXNR+1)*4];
+       aesxcbc_ctx *ctx;
+       u_int8_t k1[AES_BLOCKSIZE];
+
+       ctx = (aesxcbc_ctx *)vctx;
+       memset(ctx, 0, sizeof(aesxcbc_ctx));
+
+       if ((ctx->r_nr = rijndaelKeySetupEnc(r_ks, key, keylen * 8)) == 0)
+               return -1;
+       rijndaelEncrypt(r_ks, ctx->r_nr, k1seed, k1);
+       rijndaelEncrypt(r_ks, ctx->r_nr, k2seed, ctx->k2);
+       rijndaelEncrypt(r_ks, ctx->r_nr, k3seed, ctx->k3);
+       if (rijndaelKeySetupEnc(ctx->r_k1s, k1, AES_BLOCKSIZE * 8) == 0)
+               return -1;
+       if (rijndaelKeySetupEnc(ctx->r_k2s, ctx->k2, AES_BLOCKSIZE * 8) == 0)
+               return -1;
+       if (rijndaelKeySetupEnc(ctx->r_k3s, ctx->k3, AES_BLOCKSIZE * 8) == 0)
+               return -1;
+
+       return 0;
+}
+
+int
+aes_xcbc_mac_loop(void *vctx, const u_int8_t *addr, u_int16_t len)
+{
+       u_int8_t buf[AES_BLOCKSIZE];
+       aesxcbc_ctx *ctx;
+       const u_int8_t *ep;
+       int i;
+
+       ctx = (aesxcbc_ctx *)vctx;
+       ep = addr + len;
+
+       if (ctx->buflen == sizeof(ctx->buf)) {
+               for (i = 0; i < sizeof(ctx->e); i++)
+                       ctx->buf[i] ^= ctx->e[i];
+               rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, ctx->buf, ctx->e);
+               ctx->buflen = 0;
+       }
+       if (ctx->buflen + len < sizeof(ctx->buf)) {
+               memcpy(ctx->buf + ctx->buflen, addr, len);
+               ctx->buflen += len;
+               return 0;
+       }
+       if (ctx->buflen && ctx->buflen + len > sizeof(ctx->buf)) {
+               memcpy(ctx->buf + ctx->buflen, addr,
+                   sizeof(ctx->buf) - ctx->buflen);
+               for (i = 0; i < sizeof(ctx->e); i++)
+                       ctx->buf[i] ^= ctx->e[i];
+               rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, ctx->buf, ctx->e);
+               addr += sizeof(ctx->buf) - ctx->buflen;
+               ctx->buflen = 0;
+       }
+       /* due to the special processing for M[n], "=" case is not included */
+       while (addr + AES_BLOCKSIZE < ep) {
+               memcpy(buf, addr, AES_BLOCKSIZE);
+               for (i = 0; i < sizeof(buf); i++)
+                       buf[i] ^= ctx->e[i];
+               rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, buf, ctx->e);
+               addr += AES_BLOCKSIZE;
+       }
+       if (addr < ep) {
+               memcpy(ctx->buf + ctx->buflen, addr, ep - addr);
+               ctx->buflen += ep - addr;
+       }
+       return 0;
+}
+
+void
+aes_xcbc_mac_result(u_int8_t *addr, void *vctx)
+{
+       u_char digest[AES_BLOCKSIZE];
+       aesxcbc_ctx *ctx;
+       int i;
+
+       ctx = (aesxcbc_ctx *)vctx;
+
+       if (ctx->buflen == sizeof(ctx->buf)) {
+               for (i = 0; i < sizeof(ctx->buf); i++) {
+                       ctx->buf[i] ^= ctx->e[i];
+                       ctx->buf[i] ^= ctx->k2[i];
+               }
+               rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, ctx->buf, digest);
+       } else {
+               for (i = ctx->buflen; i < sizeof(ctx->buf); i++)
+                       ctx->buf[i] = (i == ctx->buflen) ? 0x80 : 0x00;
+               for (i = 0; i < sizeof(ctx->buf); i++) {
+                       ctx->buf[i] ^= ctx->e[i];
+                       ctx->buf[i] ^= ctx->k3[i];
+               }
+               rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, ctx->buf, digest);
+       }
+
+       memcpy(addr, digest, sizeof(digest));
+}
diff -r 9f37bc51ea74 -r 319549692b38 sys/opencrypto/aesxcbcmac.h
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/sys/opencrypto/aesxcbcmac.h       Tue May 24 19:10:08 2011 +0000
@@ -0,0 +1,21 @@
+/* $NetBSD: aesxcbcmac.h,v 1.1 2011/05/24 19:10:09 drochner Exp $ */
+
+#include <sys/types.h>
+
+#define AES_BLOCKSIZE   16
+
+typedef struct {
+       u_int8_t        e[AES_BLOCKSIZE];
+       u_int8_t        buf[AES_BLOCKSIZE];
+       size_t          buflen;
+       u_int32_t       r_k1s[(RIJNDAEL_MAXNR+1)*4];
+       u_int32_t       r_k2s[(RIJNDAEL_MAXNR+1)*4];
+       u_int32_t       r_k3s[(RIJNDAEL_MAXNR+1)*4];
+       int             r_nr; /* key-length-dependent number of rounds */
+       u_int8_t        k2[AES_BLOCKSIZE];
+       u_int8_t        k3[AES_BLOCKSIZE];
+} aesxcbc_ctx;
+
+int aes_xcbc_mac_init(void *, const u_int8_t *, u_int16_t);
+int aes_xcbc_mac_loop(void *, const u_int8_t *, u_int16_t);
+void aes_xcbc_mac_result(u_int8_t *, void *);
diff -r 9f37bc51ea74 -r 319549692b38 sys/opencrypto/cryptodev.c
--- a/sys/opencrypto/cryptodev.c        Tue May 24 18:59:21 2011 +0000
+++ b/sys/opencrypto/cryptodev.c        Tue May 24 19:10:08 2011 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: cryptodev.c,v 1.62 2011/05/23 15:37:36 drochner Exp $ */
+/*     $NetBSD: cryptodev.c,v 1.63 2011/05/24 19:10:09 drochner Exp $ */
 /*     $FreeBSD: src/sys/opencrypto/cryptodev.c,v 1.4.2.4 2003/06/03 00:09:02 sam Exp $        */
 /*     $OpenBSD: cryptodev.c,v 1.53 2002/07/10 22:21:30 mickey Exp $   */
 
@@ -64,7 +64,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: cryptodev.c,v 1.62 2011/05/23 15:37:36 drochner Exp $");
+__KERNEL_RCSID(0, "$NetBSD: cryptodev.c,v 1.63 2011/05/24 19:10:09 drochner Exp $");
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -1595,6 +1595,9 @@
        case CRYPTO_SHA1:
                thash = &auth_hash_sha1;
                break;
+       case CRYPTO_AES_XCBC_MAC_96:
+               thash = &auth_hash_aes_xcbc_mac_96;
+               break;
        case CRYPTO_NULL_HMAC:
                thash = &auth_hash_null;
                break;
diff -r 9f37bc51ea74 -r 319549692b38 sys/opencrypto/cryptodev.h
--- a/sys/opencrypto/cryptodev.h        Tue May 24 18:59:21 2011 +0000
+++ b/sys/opencrypto/cryptodev.h        Tue May 24 19:10:08 2011 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: cryptodev.h,v 1.22 2011/05/23 13:51:10 drochner Exp $ */
+/*     $NetBSD: cryptodev.h,v 1.23 2011/05/24 19:10:09 drochner Exp $ */
 /*     $FreeBSD: src/sys/opencrypto/cryptodev.h,v 1.2.2.6 2003/07/02 17:04:50 sam Exp $        */
 /*     $OpenBSD: cryptodev.h,v 1.33 2002/07/17 23:52:39 art Exp $      */
 
@@ -139,7 +139,8 @@
 #define CRYPTO_SHA2_512_HMAC   25
 #define CRYPTO_CAMELLIA_CBC    26
 #define CRYPTO_AES_CTR         27
-#define CRYPTO_ALGORITHM_MAX   27 /* Keep updated - see below */
+#define CRYPTO_AES_XCBC_MAC_96 28
+#define CRYPTO_ALGORITHM_MAX   28 /* Keep updated - see below */
 
 /* Algorithm flags */
 #define        CRYPTO_ALG_FLAG_SUPPORTED       0x01 /* Algorithm is supported */
diff -r 9f37bc51ea74 -r 319549692b38 sys/opencrypto/cryptosoft.c
--- a/sys/opencrypto/cryptosoft.c       Tue May 24 18:59:21 2011 +0000
+++ b/sys/opencrypto/cryptosoft.c       Tue May 24 19:10:08 2011 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: cryptosoft.c,v 1.35 2011/05/24 18:59:22 drochner Exp $ */
+/*     $NetBSD: cryptosoft.c,v 1.36 2011/05/24 19:10:10 drochner Exp $ */
 /*     $FreeBSD: src/sys/opencrypto/cryptosoft.c,v 1.2.2.1 2002/11/21 23:34:23 sam Exp $       */
 /*     $OpenBSD: cryptosoft.c,v 1.35 2002/04/26 08:43:50 deraadt Exp $ */
 
@@ -24,7 +24,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: cryptosoft.c,v 1.35 2011/05/24 18:59:22 drochner Exp $");
+__KERNEL_RCSID(0, "$NetBSD: cryptosoft.c,v 1.36 2011/05/24 19:10:10 drochner Exp $");
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -47,6 +47,7 @@
        SHA256_CTX sha256ctx;
        SHA384_CTX sha384ctx;
        SHA512_CTX sha512ctx;
+       aesxcbc_ctx aesxcbcctx;
 };
 
 struct swcr_data **swcr_sessions = NULL;
@@ -536,6 +537,7 @@
        case CRYPTO_NULL_HMAC:
        case CRYPTO_MD5:
        case CRYPTO_SHA1:
+       case CRYPTO_AES_XCBC_MAC_96:
                axf->Final(aalg, &ctx);
                break;
        }
@@ -838,6 +840,20 @@
                        (*swd)->sw_axf = axf;
                        break;
 
+               case CRYPTO_AES_XCBC_MAC_96:
+                       axf = &swcr_auth_hash_aes_xcbc_mac;
+                       (*swd)->sw_ictx = malloc(axf->ctxsize,
+                           M_CRYPTO_DATA, M_NOWAIT);
+                       if ((*swd)->sw_ictx == NULL) {
+                               swcr_freesession(NULL, i);
+                               return ENOBUFS;
+                       }
+                       axf->Init((*swd)->sw_ictx);
+                       axf->Setkey((*swd)->sw_ictx,
+                               cri->cri_key, cri->cri_klen / 8);
+                       (*swd)->sw_axf = axf;
+                       break;
+
                case CRYPTO_DEFLATE_COMP:
                        cxf = &swcr_comp_algo_deflate;
                        (*swd)->sw_cxf = cxf;
@@ -941,6 +957,7 @@



Home | Main Index | Thread Index | Old Index