The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/netinet6/ah_aesxcbcmac.c

Version: -  FREEBSD  -  FREEBSD-13-STABLE  -  FREEBSD-13-0  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  l41  -  OPENBSD  -  linux-2.6  -  MK84  -  PLAN9  -  xnu-8792 
SearchContext: -  none  -  3  -  10 

    1 /*      $NetBSD: ah_aesxcbcmac.c,v 1.1.2.1 2005/07/28 20:27:52 jdc Exp $        */
    2 /*      $KAME: ah_aesxcbcmac.c,v 1.7 2004/06/02 05:53:14 itojun Exp $   */
    3 
    4 /*
    5  * Copyright (C) 1995, 1996, 1997, 1998 and 2003 WIDE Project.
    6  * All rights reserved.
    7  *
    8  * Redistribution and use in source and binary forms, with or without
    9  * modification, are permitted provided that the following conditions
   10  * are met:
   11  * 1. Redistributions of source code must retain the above copyright
   12  *    notice, this list of conditions and the following disclaimer.
   13  * 2. Redistributions in binary form must reproduce the above copyright
   14  *    notice, this list of conditions and the following disclaimer in the
   15  *    documentation and/or other materials provided with the distribution.
   16  * 3. Neither the name of the project nor the names of its contributors
   17  *    may be used to endorse or promote products derived from this software
   18  *    without specific prior written permission.
   19  *
   20  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
   21  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   22  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   23  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
   24  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   25  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
   26  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   27  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   28  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
   29  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   30  * SUCH DAMAGE.
   31  */
   32 
   33 #include <sys/cdefs.h>
   34 __KERNEL_RCSID(0, "$NetBSD: ah_aesxcbcmac.c,v 1.1.2.1 2005/07/28 20:27:52 jdc Exp $");
   35 
   36 #include <sys/param.h>
   37 #include <sys/systm.h>
   38 #include <sys/socket.h>
   39 #include <sys/queue.h>
   40 #include <sys/syslog.h>
   41 #include <sys/mbuf.h>
   42 
   43 #include <net/if.h>
   44 #include <net/route.h>
   45 
   46 #include <netinet/in.h>
   47 
   48 #include <netinet6/ipsec.h>
   49 #include <netinet6/ah.h>
   50 #include <netinet6/ah_aesxcbcmac.h>
   51 
   52 #include <netkey/key.h>
   53 
   54 #include <crypto/rijndael/rijndael.h>
   55 
   56 #include <net/net_osdep.h>
   57 
   58 #define AES_BLOCKSIZE   16
   59 
   60 typedef struct {
   61         u_int8_t        e[AES_BLOCKSIZE];
   62         u_int8_t        buf[AES_BLOCKSIZE];
   63         size_t          buflen;
   64         u_int32_t       r_k1s[(RIJNDAEL_MAXNR+1)*4];
   65         u_int32_t       r_k2s[(RIJNDAEL_MAXNR+1)*4];
   66         u_int32_t       r_k3s[(RIJNDAEL_MAXNR+1)*4];
   67         int             r_nr; /* key-length-dependent number of rounds */
   68         u_int8_t        k2[AES_BLOCKSIZE];
   69         u_int8_t        k3[AES_BLOCKSIZE];
   70 } aesxcbc_ctx;
   71 
   72 int
   73 ah_aes_xcbc_mac_init(state, sav)
   74         struct ah_algorithm_state *state;
   75         struct secasvar *sav;
   76 {
   77         u_int8_t k1seed[AES_BLOCKSIZE] = { 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 };
   78         u_int8_t k2seed[AES_BLOCKSIZE] = { 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2 };
   79         u_int8_t k3seed[AES_BLOCKSIZE] = { 3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3 };
   80         u_int32_t r_ks[(RIJNDAEL_MAXNR+1)*4];
   81         aesxcbc_ctx *ctx;
   82         u_int8_t k1[AES_BLOCKSIZE];
   83 
   84         if (!state)
   85                 panic("ah_aes_xcbc_mac_init: what?");
   86 
   87         state->sav = sav;
   88         state->foo = (void *)malloc(sizeof(aesxcbc_ctx), M_TEMP, M_NOWAIT);
   89         if (!state->foo)
   90                 return ENOBUFS;
   91         bzero(state->foo, sizeof(aesxcbc_ctx));
   92 
   93         ctx = (aesxcbc_ctx *)state->foo;
   94 
   95         if ((ctx->r_nr = rijndaelKeySetupEnc(r_ks,
   96             (char *)_KEYBUF(sav->key_auth), AES_BLOCKSIZE * 8)) == 0)
   97                 return -1;
   98         rijndaelEncrypt(r_ks, ctx->r_nr, k1seed, k1);
   99         rijndaelEncrypt(r_ks, ctx->r_nr, k2seed, ctx->k2);
  100         rijndaelEncrypt(r_ks, ctx->r_nr, k3seed, ctx->k3);
  101         if (rijndaelKeySetupEnc(ctx->r_k1s, k1, AES_BLOCKSIZE * 8) == 0)
  102                 return -1;
  103         if (rijndaelKeySetupEnc(ctx->r_k2s, ctx->k2, AES_BLOCKSIZE * 8) == 0)
  104                 return -1;
  105         if (rijndaelKeySetupEnc(ctx->r_k3s, ctx->k3, AES_BLOCKSIZE * 8) == 0)
  106                 return -1;
  107 
  108         return 0;
  109 }
  110 
  111 void
  112 ah_aes_xcbc_mac_loop(state, addr, len)
  113         struct ah_algorithm_state *state;
  114         u_int8_t *addr;
  115         size_t len;
  116 {
  117         u_int8_t buf[AES_BLOCKSIZE];
  118         aesxcbc_ctx *ctx;
  119         u_int8_t *ep;
  120         int i;
  121 
  122         if (!state || !state->foo)
  123                 panic("ah_aes_xcbc_mac_loop: what?");
  124 
  125         ctx = (aesxcbc_ctx *)state->foo;
  126         ep = addr + len;
  127 
  128         if (ctx->buflen == sizeof(ctx->buf)) {
  129                 for (i = 0; i < sizeof(ctx->e); i++)
  130                         ctx->buf[i] ^= ctx->e[i];
  131                 rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, ctx->buf, ctx->e);
  132                 ctx->buflen = 0;
  133         }
  134         if (ctx->buflen + len < sizeof(ctx->buf)) {
  135                 bcopy(addr, ctx->buf + ctx->buflen, len);
  136                 ctx->buflen += len;
  137                 return;
  138         }
  139         if (ctx->buflen && ctx->buflen + len > sizeof(ctx->buf)) {
  140                 bcopy(addr, ctx->buf + ctx->buflen,
  141                     sizeof(ctx->buf) - ctx->buflen);
  142                 for (i = 0; i < sizeof(ctx->e); i++)
  143                         ctx->buf[i] ^= ctx->e[i];
  144                 rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, ctx->buf, ctx->e);
  145                 addr += sizeof(ctx->buf) - ctx->buflen;
  146                 ctx->buflen = 0;
  147         }
  148         /* due to the special processing for M[n], "=" case is not included */
  149         while (addr + AES_BLOCKSIZE < ep) {
  150                 bcopy(addr, buf, AES_BLOCKSIZE);
  151                 for (i = 0; i < sizeof(buf); i++)
  152                         buf[i] ^= ctx->e[i];
  153                 rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, buf, ctx->e);
  154                 addr += AES_BLOCKSIZE;
  155         }
  156         if (addr < ep) {
  157                 bcopy(addr, ctx->buf + ctx->buflen, ep - addr);
  158                 ctx->buflen += ep - addr;
  159         }
  160 }
  161 
  162 void
  163 ah_aes_xcbc_mac_result(state, addr, l)
  164         struct ah_algorithm_state *state;
  165         u_int8_t *addr;
  166         size_t l;
  167 {
  168         u_char digest[AES_BLOCKSIZE];
  169         aesxcbc_ctx *ctx;
  170         int i;
  171 
  172         ctx = (aesxcbc_ctx *)state->foo;
  173 
  174         if (ctx->buflen == sizeof(ctx->buf)) {
  175                 for (i = 0; i < sizeof(ctx->buf); i++) {
  176                         ctx->buf[i] ^= ctx->e[i];
  177                         ctx->buf[i] ^= ctx->k2[i];
  178                 }
  179                 rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, ctx->buf, digest);
  180         } else {
  181                 for (i = ctx->buflen; i < sizeof(ctx->buf); i++)
  182                         ctx->buf[i] = (i == ctx->buflen) ? 0x80 : 0x00;
  183                 for (i = 0; i < sizeof(ctx->buf); i++) {
  184                         ctx->buf[i] ^= ctx->e[i];
  185                         ctx->buf[i] ^= ctx->k3[i];
  186                 }
  187                 rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, ctx->buf, digest);
  188         }
  189 
  190         bcopy(digest, addr, sizeof(digest) > l ? l : sizeof(digest));
  191 
  192         free(state->foo, M_TEMP);
  193 }

Cache object: a6c591548f62b9291edf925cdb7fee84


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.