Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src-draft/trunk]: src/sys/opencrypto opencrypto: Switch from legacy rijndael...



details:   https://anonhg.NetBSD.org/src-all/rev/0f28688b875b
branches:  trunk
changeset: 934940:0f28688b875b
user:      Taylor R Campbell <riastradh%NetBSD.org@localhost>
date:      Sun Jun 14 19:59:13 2020 +0000

description:
opencrypto: Switch from legacy rijndael API to new aes API.

While here, apply various rijndael->aes renames, reduce the size
of aesxcbc_ctx by 480 bytes, and convert some malloc->kmem.

Leave in the symbol enc_xform_rijndael128 for now, though, so this
doesn't break any kernel ABI.

diffstat:

 sys/opencrypto/aesxcbcmac.c       |   44 +++++++-----
 sys/opencrypto/aesxcbcmac.h       |    9 +-
 sys/opencrypto/cryptosoft.c       |   39 +++++------
 sys/opencrypto/cryptosoft_xform.c |  129 ++++++++++++++++++++++++-------------
 sys/opencrypto/files.opencrypto   |    2 +-
 sys/opencrypto/gmac.c             |   25 +++++-
 sys/opencrypto/gmac.h             |    4 +-
 sys/opencrypto/xform.c            |    4 +-
 8 files changed, 157 insertions(+), 99 deletions(-)

diffs (truncated from 619 to 300 lines):

diff -r 7579fc09a016 -r 0f28688b875b sys/opencrypto/aesxcbcmac.c
--- a/sys/opencrypto/aesxcbcmac.c       Sun Jun 14 19:57:23 2020 +0000
+++ b/sys/opencrypto/aesxcbcmac.c       Sun Jun 14 19:59:13 2020 +0000
@@ -34,7 +34,8 @@
 
 #include <sys/param.h>
 #include <sys/systm.h>
-#include <crypto/rijndael/rijndael.h>
+
+#include <crypto/aes/aes.h>
 
 #include <opencrypto/aesxcbcmac.h>
 
@@ -47,24 +48,31 @@
            { 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2 };
        static const uint8_t k3seed[AES_BLOCKSIZE] =
            { 3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3 };
-       u_int32_t r_ks[(RIJNDAEL_MAXNR+1)*4];
+       struct aesenc r_ks;
        aesxcbc_ctx *ctx;
        uint8_t k1[AES_BLOCKSIZE];
 
        ctx = vctx;
        memset(ctx, 0, sizeof(*ctx));
 
-       if ((ctx->r_nr = rijndaelKeySetupEnc(r_ks, key, keylen * 8)) == 0)
-               return -1;
-       rijndaelEncrypt(r_ks, ctx->r_nr, k1seed, k1);
-       rijndaelEncrypt(r_ks, ctx->r_nr, k2seed, ctx->k2);
-       rijndaelEncrypt(r_ks, ctx->r_nr, k3seed, ctx->k3);
-       if (rijndaelKeySetupEnc(ctx->r_k1s, k1, AES_BLOCKSIZE * 8) == 0)
-               return -1;
-       if (rijndaelKeySetupEnc(ctx->r_k2s, ctx->k2, AES_BLOCKSIZE * 8) == 0)
-               return -1;
-       if (rijndaelKeySetupEnc(ctx->r_k3s, ctx->k3, AES_BLOCKSIZE * 8) == 0)
-               return -1;
+       switch (keylen) {
+       case 16:
+               ctx->r_nr = aes_setenckey128(&r_ks, key);
+               break;
+       case 24:
+               ctx->r_nr = aes_setenckey192(&r_ks, key);
+               break;
+       case 32:
+               ctx->r_nr = aes_setenckey256(&r_ks, key);
+               break;
+       }
+       aes_enc(&r_ks, k1seed, k1, ctx->r_nr);
+       aes_enc(&r_ks, k2seed, ctx->k2, ctx->r_nr);
+       aes_enc(&r_ks, k3seed, ctx->k3, ctx->r_nr);
+       aes_setenckey128(&ctx->r_k1s, k1);
+
+       explicit_memset(&r_ks, 0, sizeof(r_ks));
+       explicit_memset(k1, 0, sizeof(k1));
 
        return 0;
 }
@@ -83,7 +91,7 @@
        if (ctx->buflen == sizeof(ctx->buf)) {
                for (i = 0; i < sizeof(ctx->e); i++)
                        ctx->buf[i] ^= ctx->e[i];
-               rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, ctx->buf, ctx->e);
+               aes_enc(&ctx->r_k1s, ctx->buf, ctx->e, ctx->r_nr);
                ctx->buflen = 0;
        }
        if (ctx->buflen + len < sizeof(ctx->buf)) {
@@ -96,7 +104,7 @@
                    sizeof(ctx->buf) - ctx->buflen);
                for (i = 0; i < sizeof(ctx->e); i++)
                        ctx->buf[i] ^= ctx->e[i];
-               rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, ctx->buf, ctx->e);
+               aes_enc(&ctx->r_k1s, ctx->buf, ctx->e, ctx->r_nr);
                addr += sizeof(ctx->buf) - ctx->buflen;
                ctx->buflen = 0;
        }
@@ -105,7 +113,7 @@
                memcpy(buf, addr, AES_BLOCKSIZE);
                for (i = 0; i < sizeof(buf); i++)
                        buf[i] ^= ctx->e[i];
-               rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, buf, ctx->e);
+               aes_enc(&ctx->r_k1s, buf, ctx->e, ctx->r_nr);
                addr += AES_BLOCKSIZE;
        }
        if (addr < ep) {
@@ -129,7 +137,7 @@
                        ctx->buf[i] ^= ctx->e[i];
                        ctx->buf[i] ^= ctx->k2[i];
                }
-               rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, ctx->buf, digest);
+               aes_enc(&ctx->r_k1s, ctx->buf, digest, ctx->r_nr);
        } else {
                for (i = ctx->buflen; i < sizeof(ctx->buf); i++)
                        ctx->buf[i] = (i == ctx->buflen) ? 0x80 : 0x00;
@@ -137,7 +145,7 @@
                        ctx->buf[i] ^= ctx->e[i];
                        ctx->buf[i] ^= ctx->k3[i];
                }
-               rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, ctx->buf, digest);
+               aes_enc(&ctx->r_k1s, ctx->buf, digest, ctx->r_nr);
        }
 
        memcpy(addr, digest, sizeof(digest));
diff -r 7579fc09a016 -r 0f28688b875b sys/opencrypto/aesxcbcmac.h
--- a/sys/opencrypto/aesxcbcmac.h       Sun Jun 14 19:57:23 2020 +0000
+++ b/sys/opencrypto/aesxcbcmac.h       Sun Jun 14 19:59:13 2020 +0000
@@ -1,5 +1,8 @@
 /* $NetBSD: aesxcbcmac.h,v 1.1 2011/05/24 19:10:09 drochner Exp $ */
 
+#ifndef        _OPENCRYPTO_AESXCBCMAC_H
+#define        _OPENCRYPTO_AESXCBCMAC_H
+
 #include <sys/types.h>
 
 #define AES_BLOCKSIZE   16
@@ -8,9 +11,7 @@
        u_int8_t        e[AES_BLOCKSIZE];
        u_int8_t        buf[AES_BLOCKSIZE];
        size_t          buflen;
-       u_int32_t       r_k1s[(RIJNDAEL_MAXNR+1)*4];
-       u_int32_t       r_k2s[(RIJNDAEL_MAXNR+1)*4];
-       u_int32_t       r_k3s[(RIJNDAEL_MAXNR+1)*4];
+       struct aesenc   r_k1s;
        int             r_nr; /* key-length-dependent number of rounds */
        u_int8_t        k2[AES_BLOCKSIZE];
        u_int8_t        k3[AES_BLOCKSIZE];
@@ -19,3 +20,5 @@
 int aes_xcbc_mac_init(void *, const u_int8_t *, u_int16_t);
 int aes_xcbc_mac_loop(void *, const u_int8_t *, u_int16_t);
 void aes_xcbc_mac_result(u_int8_t *, void *);
+
+#endif /* _OPENCRYPTO_AESXCBCMAC_H */
diff -r 7579fc09a016 -r 0f28688b875b sys/opencrypto/cryptosoft.c
--- a/sys/opencrypto/cryptosoft.c       Sun Jun 14 19:57:23 2020 +0000
+++ b/sys/opencrypto/cryptosoft.c       Sun Jun 14 19:59:13 2020 +0000
@@ -831,8 +831,8 @@
                case CRYPTO_SKIPJACK_CBC:
                        txf = &swcr_enc_xform_skipjack;
                        goto enccommon;
-               case CRYPTO_RIJNDAEL128_CBC:
-                       txf = &swcr_enc_xform_rijndael128;
+               case CRYPTO_AES_CBC:
+                       txf = &swcr_enc_xform_aes;
                        goto enccommon;
                case CRYPTO_CAMELLIA_CBC:
                        txf = &swcr_enc_xform_camellia;
@@ -890,15 +890,13 @@
                        axf = &swcr_auth_hash_hmac_ripemd_160_96;
                        goto authcommon;        /* leave this for safety */
                authcommon:
-                       (*swd)->sw_ictx = malloc(axf->ctxsize,
-                           M_CRYPTO_DATA, M_NOWAIT);
+                       (*swd)->sw_ictx = kmem_alloc(axf->ctxsize, KM_NOSLEEP);
                        if ((*swd)->sw_ictx == NULL) {
                                swcr_freesession(NULL, i);
                                return ENOBUFS;
                        }
 
-                       (*swd)->sw_octx = malloc(axf->ctxsize,
-                           M_CRYPTO_DATA, M_NOWAIT);
+                       (*swd)->sw_octx = kmem_alloc(axf->ctxsize, KM_NOSLEEP);
                        if ((*swd)->sw_octx == NULL) {
                                swcr_freesession(NULL, i);
                                return ENOBUFS;
@@ -936,16 +934,15 @@
                        CTASSERT(SHA1_DIGEST_LENGTH >= MD5_DIGEST_LENGTH);
                        axf = &swcr_auth_hash_key_sha1;
                auth2common:
-                       (*swd)->sw_ictx = malloc(axf->ctxsize,
-                           M_CRYPTO_DATA, M_NOWAIT);
+                       (*swd)->sw_ictx = kmem_alloc(axf->ctxsize, KM_NOSLEEP);
                        if ((*swd)->sw_ictx == NULL) {
                                swcr_freesession(NULL, i);
                                return ENOBUFS;
                        }
 
                        /* Store the key so we can "append" it to the payload */
-                       (*swd)->sw_octx = malloc(cri->cri_klen / 8, M_CRYPTO_DATA,
-                           M_NOWAIT);
+                       (*swd)->sw_octx = kmem_alloc(cri->cri_klen / 8,
+                           KM_NOSLEEP);
                        if ((*swd)->sw_octx == NULL) {
                                swcr_freesession(NULL, i);
                                return ENOBUFS;
@@ -968,8 +965,7 @@
                case CRYPTO_SHA1:
                        axf = &swcr_auth_hash_sha1;
                auth3common:
-                       (*swd)->sw_ictx = malloc(axf->ctxsize,
-                           M_CRYPTO_DATA, M_NOWAIT);
+                       (*swd)->sw_ictx = kmem_alloc(axf->ctxsize, KM_NOSLEEP);
                        if ((*swd)->sw_ictx == NULL) {
                                swcr_freesession(NULL, i);
                                return ENOBUFS;
@@ -991,8 +987,7 @@
                case CRYPTO_AES_256_GMAC:
                        axf = &swcr_auth_hash_gmac_aes_256;
                auth4common:
-                       (*swd)->sw_ictx = malloc(axf->ctxsize,
-                           M_CRYPTO_DATA, M_NOWAIT);
+                       (*swd)->sw_ictx = kmem_alloc(axf->ctxsize, KM_NOSLEEP);
                        if ((*swd)->sw_ictx == NULL) {
                                swcr_freesession(NULL, i);
                                return ENOBUFS;
@@ -1057,7 +1052,7 @@
                case CRYPTO_BLF_CBC:
                case CRYPTO_CAST_CBC:
                case CRYPTO_SKIPJACK_CBC:
-               case CRYPTO_RIJNDAEL128_CBC:
+               case CRYPTO_AES_CBC:
                case CRYPTO_CAMELLIA_CBC:
                case CRYPTO_AES_CTR:
                case CRYPTO_AES_GCM_16:
@@ -1083,11 +1078,11 @@
 
                        if (swd->sw_ictx) {
                                explicit_memset(swd->sw_ictx, 0, axf->ctxsize);
-                               free(swd->sw_ictx, M_CRYPTO_DATA);
+                               kmem_free(swd->sw_ictx, axf->ctxsize);
                        }
                        if (swd->sw_octx) {
                                explicit_memset(swd->sw_octx, 0, axf->ctxsize);
-                               free(swd->sw_octx, M_CRYPTO_DATA);
+                               kmem_free(swd->sw_octx, axf->ctxsize);
                        }
                        break;
 
@@ -1097,11 +1092,11 @@
 
                        if (swd->sw_ictx) {
                                explicit_memset(swd->sw_ictx, 0, axf->ctxsize);
-                               free(swd->sw_ictx, M_CRYPTO_DATA);
+                               kmem_free(swd->sw_ictx, axf->ctxsize);
                        }
                        if (swd->sw_octx) {
                                explicit_memset(swd->sw_octx, 0, swd->sw_klen);
-                               free(swd->sw_octx, M_CRYPTO_DATA);
+                               kmem_free(swd->sw_octx, axf->ctxsize);
                        }
                        break;
 
@@ -1115,7 +1110,7 @@
 
                        if (swd->sw_ictx) {
                                explicit_memset(swd->sw_ictx, 0, axf->ctxsize);
-                               free(swd->sw_ictx, M_CRYPTO_DATA);
+                               kmem_free(swd->sw_ictx, axf->ctxsize);
                        }
                        break;
 
@@ -1193,7 +1188,7 @@
                case CRYPTO_BLF_CBC:
                case CRYPTO_CAST_CBC:
                case CRYPTO_SKIPJACK_CBC:
-               case CRYPTO_RIJNDAEL128_CBC:
+               case CRYPTO_AES_CBC:
                case CRYPTO_CAMELLIA_CBC:
                case CRYPTO_AES_CTR:
                        if ((crp->crp_etype = swcr_encdec(crd, sw,
@@ -1294,7 +1289,7 @@
        REGISTER(CRYPTO_AES_128_GMAC);
        REGISTER(CRYPTO_AES_192_GMAC);
        REGISTER(CRYPTO_AES_256_GMAC);
-       REGISTER(CRYPTO_RIJNDAEL128_CBC);
+       REGISTER(CRYPTO_AES_CBC);
        REGISTER(CRYPTO_DEFLATE_COMP);
        REGISTER(CRYPTO_DEFLATE_COMP_NOGROW);
        REGISTER(CRYPTO_GZIP_COMP);
diff -r 7579fc09a016 -r 0f28688b875b sys/opencrypto/cryptosoft_xform.c
--- a/sys/opencrypto/cryptosoft_xform.c Sun Jun 14 19:57:23 2020 +0000
+++ b/sys/opencrypto/cryptosoft_xform.c Sun Jun 14 19:59:13 2020 +0000
@@ -42,21 +42,22 @@
 #include <sys/cdefs.h>
 __KERNEL_RCSID(1, "$NetBSD: cryptosoft_xform.c,v 1.28 2019/10/12 00:49:30 christos Exp $");
 
-#include <crypto/blowfish/blowfish.h>
-#include <crypto/cast128/cast128.h>
-#include <crypto/des/des.h>
-#include <crypto/rijndael/rijndael.h>
-#include <crypto/skipjack/skipjack.h>
-#include <crypto/camellia/camellia.h>
-
-#include <opencrypto/deflate.h>
-
+#include <sys/cprng.h>
+#include <sys/kmem.h>
 #include <sys/md5.h>
 #include <sys/rmd160.h>
 #include <sys/sha1.h>
 #include <sys/sha2.h>
-#include <sys/cprng.h>
+
+#include <crypto/aes/aes.h>
+#include <crypto/blowfish/blowfish.h>
+#include <crypto/camellia/camellia.h>
+#include <crypto/cast128/cast128.h>
+#include <crypto/des/des.h>
+#include <crypto/skipjack/skipjack.h>
+
 #include <opencrypto/aesxcbcmac.h>
+#include <opencrypto/deflate.h>



Home | Main Index | Thread Index | Old Index