Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/sys/opencrypto use a simple counter as IV for AES-GMAC as su...

details:   https://anonhg.NetBSD.org/src/rev/6663ebd8e79b
branches:  trunk
changeset: 765839:6663ebd8e79b
user:      drochner <drochner%NetBSD.org@localhost>
date:      Tue Jun 07 15:57:51 2011 +0000

description:
use a simple counter as IV for AES-GMAC as suggested in RFC4543

diffstat:

 sys/opencrypto/cryptosoft.c       |  16 ++++------
 sys/opencrypto/cryptosoft_xform.c |  56 +++++++++++++++++++++++++++++++++++---
 2 files changed, 57 insertions(+), 15 deletions(-)

diffs (158 lines):

diff -r b56cef8c8899 -r 6663ebd8e79b sys/opencrypto/cryptosoft.c
--- a/sys/opencrypto/cryptosoft.c       Tue Jun 07 15:54:57 2011 +0000
+++ b/sys/opencrypto/cryptosoft.c       Tue Jun 07 15:57:51 2011 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: cryptosoft.c,v 1.37 2011/05/26 21:50:03 drochner Exp $ */
+/*     $NetBSD: cryptosoft.c,v 1.38 2011/06/07 15:57:51 drochner Exp $ */
 /*     $FreeBSD: src/sys/opencrypto/cryptosoft.c,v 1.2.2.1 2002/11/21 23:34:23 sam Exp $       */
 /*     $OpenBSD: cryptosoft.c,v 1.35 2002/04/26 08:43:50 deraadt Exp $ */
 
@@ -24,7 +24,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: cryptosoft.c,v 1.37 2011/05/26 21:50:03 drochner Exp $");
+__KERNEL_RCSID(0, "$NetBSD: cryptosoft.c,v 1.38 2011/06/07 15:57:51 drochner Exp $");
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -852,6 +852,9 @@
                case CRYPTO_AES_GCM_16:
                        txf = &swcr_enc_xform_aes_gcm;
                        goto enccommon;
+               case CRYPTO_AES_GMAC:
+                       txf = &swcr_enc_xform_aes_gmac;
+                       goto enccommon;
                case CRYPTO_NULL_CBC:
                        txf = &swcr_enc_xform_null;
                        goto enccommon;
@@ -865,11 +868,6 @@
                        (*swd)->sw_exf = txf;
                        break;
 
-               case CRYPTO_AES_GMAC:
-                       txf = &swcr_enc_xform_aes_gmac;
-                       (*swd)->sw_exf = txf;
-                       break;
-
                case CRYPTO_MD5_HMAC:
                        axf = &swcr_auth_hash_hmac_md5;
                        goto authcommon;
@@ -1070,6 +1068,7 @@
                case CRYPTO_CAMELLIA_CBC:
                case CRYPTO_AES_CTR:
                case CRYPTO_AES_GCM_16:
+               case CRYPTO_AES_GMAC:
                case CRYPTO_NULL_CBC:
                        txf = swd->sw_exf;
 
@@ -1077,9 +1076,6 @@
                                txf->zerokey(&(swd->sw_kschedule));
                        break;
 
-               case CRYPTO_AES_GMAC:
-                       break;
-
                case CRYPTO_MD5_HMAC:
                case CRYPTO_MD5_HMAC_96:
                case CRYPTO_SHA1_HMAC:
diff -r b56cef8c8899 -r 6663ebd8e79b sys/opencrypto/cryptosoft_xform.c
--- a/sys/opencrypto/cryptosoft_xform.c Tue Jun 07 15:54:57 2011 +0000
+++ b/sys/opencrypto/cryptosoft_xform.c Tue Jun 07 15:57:51 2011 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: cryptosoft_xform.c,v 1.23 2011/05/26 21:50:03 drochner Exp $ */
+/*     $NetBSD: cryptosoft_xform.c,v 1.24 2011/06/07 15:57:52 drochner Exp $ */
 /*     $FreeBSD: src/sys/opencrypto/xform.c,v 1.1.2.1 2002/11/21 23:34:23 sam Exp $    */
 /*     $OpenBSD: xform.c,v 1.19 2002/08/16 22:47:25 dhartmei Exp $     */
 
@@ -40,7 +40,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(1, "$NetBSD: cryptosoft_xform.c,v 1.23 2011/05/26 21:50:03 drochner Exp $");
+__KERNEL_RCSID(1, "$NetBSD: cryptosoft_xform.c,v 1.24 2011/06/07 15:57:52 drochner Exp $");
 
 #include <crypto/blowfish/blowfish.h>
 #include <crypto/cast128/cast128.h>
@@ -96,6 +96,7 @@
 static  int rijndael128_setkey(u_int8_t **, const u_int8_t *, int);
 static  int cml_setkey(u_int8_t **, const u_int8_t *, int);
 static  int aes_ctr_setkey(u_int8_t **, const u_int8_t *, int);
+static int aes_gmac_setkey(u_int8_t **, const u_int8_t *, int);
 static void des1_encrypt(void *, u_int8_t *);
 static void des3_encrypt(void *, u_int8_t *);
 static void blf_encrypt(void *, u_int8_t *);
@@ -119,8 +120,10 @@
 static void rijndael128_zerokey(u_int8_t **);
 static  void cml_zerokey(u_int8_t **);
 static  void aes_ctr_zerokey(u_int8_t **);
+static void aes_gmac_zerokey(u_int8_t **);
 static  void aes_ctr_reinit(void *, const u_int8_t *, u_int8_t *);
 static  void aes_gcm_reinit(void *, const u_int8_t *, u_int8_t *);
+static void aes_gmac_reinit(void *, const u_int8_t *, u_int8_t *);
 
 static void null_init(void *);
 static int null_update(void *, const u_int8_t *, u_int16_t);
@@ -231,9 +234,9 @@
        &enc_xform_aes_gmac,
        NULL,
        NULL,
-       NULL,
-       NULL,
-       NULL
+       aes_gmac_setkey,
+       aes_gmac_zerokey,
+       aes_gmac_reinit
 };
 
 static const struct swcr_enc_xform swcr_enc_xform_camellia = {
@@ -788,6 +791,49 @@
        ctx->ac_block[AESCTR_BLOCKSIZE - 1] = 1; /* GCM starts with 1 */
 }
 
+struct aes_gmac_ctx {
+       struct {
+               u_int64_t lastiv;
+       } ivgenctx;
+};
+
+int
+aes_gmac_setkey(u_int8_t **sched, const u_int8_t *key, int len)
+{
+       struct aes_gmac_ctx *ctx;
+
+       ctx = malloc(sizeof(struct aes_gmac_ctx), M_CRYPTO_DATA,
+                    M_NOWAIT|M_ZERO);
+       if (!ctx)
+               return ENOMEM;
+
+       /* random start value for simple counter */
+       arc4randbytes(&ctx->ivgenctx.lastiv, sizeof(ctx->ivgenctx.lastiv));
+       *sched = (void *)ctx;
+       return 0;
+}
+
+void
+aes_gmac_zerokey(u_int8_t **sched)
+{
+
+       free(*sched, M_CRYPTO_DATA);
+       *sched = NULL;
+}
+
+void
+aes_gmac_reinit(void *key, const u_int8_t *iv, u_int8_t *ivout)
+{
+       struct aes_gmac_ctx *ctx = key;
+
+       if (!iv) {
+               ctx->ivgenctx.lastiv++;
+               iv = (const u_int8_t *)&ctx->ivgenctx.lastiv;
+       }
+       if (ivout)
+               memcpy(ivout, iv, AESCTR_IVSIZE);
+}
+
 /*
  * And now for auth.
  */
Home | Main Index | Thread Index | Old Index