Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/netinet6/ah_aesxcbcmac.c
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /* $KAME: ah_aesxcbcmac.c,v 1.6 2003/07/22 02:30:54 itojun Exp $ */ 2 3 /* 4 * Copyright (C) 1995, 1996, 1997, 1998 and 2003 WIDE Project. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. Neither the name of the project nor the names of its contributors 16 * may be used to endorse or promote products derived from this software 17 * without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. 30 * 31 * $FreeBSD: releng/5.2/sys/netinet6/ah_aesxcbcmac.c 121062 2003-10-13 04:56:04Z ume $ 32 */ 33 34 #include <sys/param.h> 35 #include <sys/systm.h> 36 #include <sys/socket.h> 37 #include <sys/queue.h> 38 #include <sys/malloc.h> 39 #include <sys/syslog.h> 40 #include <sys/mbuf.h> 41 42 #include <net/if.h> 43 #include <net/route.h> 44 45 #include <netinet/in.h> 46 47 #include <netinet6/ipsec.h> 48 #include <netinet6/ah.h> 49 #include <netinet6/ah_aesxcbcmac.h> 50 51 #include <netkey/key.h> 52 53 #include <crypto/rijndael/rijndael.h> 54 55 #include <net/net_osdep.h> 56 57 #define AES_BLOCKSIZE 16 58 59 typedef struct { 60 u_int8_t e[AES_BLOCKSIZE]; 61 u_int8_t buf[AES_BLOCKSIZE]; 62 size_t buflen; 63 u_int32_t r_k1s[(RIJNDAEL_MAXNR+1)*4]; 64 u_int32_t r_k2s[(RIJNDAEL_MAXNR+1)*4]; 65 u_int32_t r_k3s[(RIJNDAEL_MAXNR+1)*4]; 66 int r_nr; /* key-length-dependent number of rounds */ 67 u_int8_t k2[AES_BLOCKSIZE]; 68 u_int8_t k3[AES_BLOCKSIZE]; 69 } aesxcbc_ctx; 70 71 int 72 ah_aes_xcbc_mac_init(state, sav) 73 struct ah_algorithm_state *state; 74 struct secasvar *sav; 75 { 76 u_int8_t k1seed[AES_BLOCKSIZE] = { 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 }; 77 u_int8_t k2seed[AES_BLOCKSIZE] = { 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2 }; 78 u_int8_t k3seed[AES_BLOCKSIZE] = { 3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3 }; 79 u_int32_t r_ks[(RIJNDAEL_MAXNR+1)*4]; 80 aesxcbc_ctx *ctx; 81 82 if (!state) 83 panic("ah_aes_xcbc_mac_init: what?"); 84 85 state->sav = sav; 86 state->foo = (void *)malloc(sizeof(aesxcbc_ctx), M_TEMP, M_NOWAIT); 87 if (!state->foo) 88 return ENOBUFS; 89 bzero(state->foo, sizeof(aesxcbc_ctx)); 90 91 ctx = (aesxcbc_ctx *)state->foo; 92 93 if ((ctx->r_nr = rijndaelKeySetupEnc(r_ks, 94 (char *)_KEYBUF(sav->key_auth), AES_BLOCKSIZE * 8)) == 0) 95 return -1; 96 if (rijndaelKeySetupEnc(ctx->r_k1s, k1seed, AES_BLOCKSIZE * 8) == 0) 97 return -1; 98 if (rijndaelKeySetupEnc(ctx->r_k2s, k2seed, AES_BLOCKSIZE * 8) == 0) 99 return -1; 100 if (rijndaelKeySetupEnc(ctx->r_k3s, k3seed, AES_BLOCKSIZE * 8) == 0) 101 return -1; 102 rijndaelEncrypt(r_ks, ctx->r_nr, k2seed, ctx->k2); 103 rijndaelEncrypt(r_ks, ctx->r_nr, k3seed, ctx->k3); 104 105 return 0; 106 } 107 108 void 109 ah_aes_xcbc_mac_loop(state, addr, len) 110 struct ah_algorithm_state *state; 111 u_int8_t *addr; 112 size_t len; 113 { 114 u_int8_t buf[AES_BLOCKSIZE]; 115 aesxcbc_ctx *ctx; 116 u_int8_t *ep; 117 int i; 118 119 if (!state || !state->foo) 120 panic("ah_aes_xcbc_mac_loop: what?"); 121 122 ctx = (aesxcbc_ctx *)state->foo; 123 ep = addr + len; 124 125 if (ctx->buflen == sizeof(ctx->buf)) { 126 for (i = 0; i < sizeof(ctx->e); i++) 127 ctx->buf[i] ^= ctx->e[i]; 128 rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, ctx->buf, ctx->e); 129 ctx->buflen = 0; 130 } 131 if (ctx->buflen + len < sizeof(ctx->buf)) { 132 bcopy(addr, ctx->buf + ctx->buflen, len); 133 ctx->buflen += len; 134 return; 135 } 136 if (ctx->buflen && ctx->buflen + len > sizeof(ctx->buf)) { 137 bcopy(addr, ctx->buf + ctx->buflen, 138 sizeof(ctx->buf) - ctx->buflen); 139 for (i = 0; i < sizeof(ctx->e); i++) 140 ctx->buf[i] ^= ctx->e[i]; 141 rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, ctx->buf, ctx->e); 142 addr += sizeof(ctx->buf) - ctx->buflen; 143 ctx->buflen = 0; 144 } 145 /* due to the special processing for M[n], "=" case is not included */ 146 while (addr + AES_BLOCKSIZE < ep) { 147 bcopy(addr, buf, AES_BLOCKSIZE); 148 for (i = 0; i < sizeof(buf); i++) 149 buf[i] ^= ctx->e[i]; 150 rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, buf, ctx->e); 151 addr += AES_BLOCKSIZE; 152 } 153 if (addr < ep) { 154 bcopy(addr, ctx->buf, ep - addr); 155 ctx->buflen = ep - addr; 156 } 157 } 158 159 void 160 ah_aes_xcbc_mac_result(state, addr, l) 161 struct ah_algorithm_state *state; 162 u_int8_t *addr; 163 size_t l; 164 { 165 u_char digest[AES_BLOCKSIZE]; 166 aesxcbc_ctx *ctx; 167 int i; 168 169 ctx = (aesxcbc_ctx *)state->foo; 170 171 if (ctx->buflen == sizeof(ctx->buf)) { 172 for (i = 0; i < sizeof(ctx->buf); i++) { 173 ctx->buf[i] ^= ctx->e[i]; 174 ctx->buf[i] ^= ctx->k2[i]; 175 } 176 rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, ctx->buf, digest); 177 } else { 178 for (i = ctx->buflen; i < sizeof(ctx->buf); i++) 179 ctx->buf[i] = (i == ctx->buflen) ? 0x80 : 0x00; 180 for (i = 0; i < sizeof(ctx->buf); i++) { 181 ctx->buf[i] ^= ctx->e[i]; 182 ctx->buf[i] ^= ctx->k3[i]; 183 } 184 rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, ctx->buf, digest); 185 } 186 187 bcopy(digest, addr, sizeof(digest) > l ? l : sizeof(digest)); 188 189 free(state->foo, M_TEMP); 190 }
Cache object: d7a5e6358912bd4d3f7966af132f6299
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]