The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)

[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/opencrypto/xform_aes_icm.c

Version: -  FREEBSD  -  FREEBSD-13-STABLE  -  FREEBSD-13-0  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  l41  -  OPENBSD  -  linux-2.6  -  MK84  -  PLAN9  -  xnu-8792 
SearchContext: -  none  -  3  -  10  
    1 /*      $OpenBSD: xform.c,v 1.16 2001/08/28 12:20:43 ben Exp $  */
    2 /*-
    3  * The authors of this code are John Ioannidis (ji@tla.org),
    4  * Angelos D. Keromytis (kermit@csd.uch.gr),
    5  * Niels Provos (provos@physnet.uni-hamburg.de) and
    6  * Damien Miller (djm@mindrot.org).
    7  *
    8  * This code was written by John Ioannidis for BSD/OS in Athens, Greece,
    9  * in November 1995.
   10  *
   11  * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
   12  * by Angelos D. Keromytis.
   13  *
   14  * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis
   15  * and Niels Provos.
   16  *
   17  * Additional features in 1999 by Angelos D. Keromytis.
   18  *
   19  * AES XTS implementation in 2008 by Damien Miller
   20  *
   21  * Copyright (C) 1995, 1996, 1997, 1998, 1999 by John Ioannidis,
   22  * Angelos D. Keromytis and Niels Provos.
   23  *
   24  * Copyright (C) 2001, Angelos D. Keromytis.
   25  *
   26  * Copyright (C) 2008, Damien Miller
   27  * Copyright (c) 2014 The FreeBSD Foundation
   28  * All rights reserved.
   29  *
   30  * Portions of this software were developed by John-Mark Gurney
   31  * under sponsorship of the FreeBSD Foundation and
   32  * Rubicon Communications, LLC (Netgate).
   33  *
   34  * Permission to use, copy, and modify this software with or without fee
   35  * is hereby granted, provided that this entire notice is included in
   36  * all copies of any software which is or includes a copy or
   37  * modification of this software.
   38  * You may use this code under the GNU public license if you so wish. Please
   39  * contribute changes back to the authors under this freer than GPL license
   40  * so that we may further the use of strong encryption without limitations to
   41  * all.
   42  *
   43  * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
   44  * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
   45  * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
   46  * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
   47  * PURPOSE.
   48  */
   49 
   50 #include <sys/cdefs.h>
   51 __FBSDID("$FreeBSD$");
   52 
   53 #include <opencrypto/xform_enc.h>
   54 
   55 static  int aes_icm_setkey(u_int8_t **, u_int8_t *, int);
   56 static  void aes_icm_crypt(caddr_t, u_int8_t *);
   57 static  void aes_icm_zerokey(u_int8_t **);
   58 static  void aes_icm_reinit(caddr_t, u_int8_t *);
   59 static  void aes_gcm_reinit(caddr_t, u_int8_t *);
   60 static  void aes_ccm_reinit(caddr_t, u_int8_t *);
   61 
   62 /* Encryption instances */
   63 struct enc_xform enc_xform_aes_icm = {
   64         CRYPTO_AES_ICM, "AES-ICM",
   65         AES_BLOCK_LEN, AES_BLOCK_LEN, AES_MIN_KEY, AES_MAX_KEY,
   66         aes_icm_crypt,
   67         aes_icm_crypt,
   68         aes_icm_setkey,
   69         aes_icm_zerokey,
   70         aes_icm_reinit,
   71 };
   72 
   73 struct enc_xform enc_xform_aes_nist_gcm = {
   74         CRYPTO_AES_NIST_GCM_16, "AES-GCM",
   75         AES_ICM_BLOCK_LEN, AES_GCM_IV_LEN, AES_MIN_KEY, AES_MAX_KEY,
   76         aes_icm_crypt,
   77         aes_icm_crypt,
   78         aes_icm_setkey,
   79         aes_icm_zerokey,
   80         aes_gcm_reinit,
   81 };
   82 
   83 struct enc_xform enc_xform_ccm = {
   84         .type = CRYPTO_AES_CCM_16,
   85         .name = "AES-CCM",
   86         .blocksize = AES_ICM_BLOCK_LEN, .ivsize = AES_CCM_IV_LEN,
   87         .minkey = AES_MIN_KEY, .maxkey = AES_MAX_KEY,
   88         .encrypt = aes_icm_crypt,
   89         .decrypt = aes_icm_crypt,
   90         .setkey = aes_icm_setkey,
   91         .zerokey = aes_icm_zerokey,
   92         .reinit = aes_ccm_reinit,
   93 };
   94 
   95 /*
   96  * Encryption wrapper routines.
   97  */
   98 static void
   99 aes_icm_reinit(caddr_t key, u_int8_t *iv)
  100 {
  101         struct aes_icm_ctx *ctx;
  102 
  103         ctx = (struct aes_icm_ctx *)key;
  104         bcopy(iv, ctx->ac_block, AESICM_BLOCKSIZE);
  105 }
  106 
  107 static void
  108 aes_gcm_reinit(caddr_t key, u_int8_t *iv)
  109 {
  110         struct aes_icm_ctx *ctx;
  111 
  112         aes_icm_reinit(key, iv);
  113 
  114         ctx = (struct aes_icm_ctx *)key;
  115         /* GCM starts with 2 as counter 1 is used for final xor of tag. */
  116         bzero(&ctx->ac_block[AESICM_BLOCKSIZE - 4], 4);
  117         ctx->ac_block[AESICM_BLOCKSIZE - 1] = 2;
  118 }
  119 
  120 static void
  121 aes_ccm_reinit(caddr_t key, u_int8_t *iv)
  122 {
  123         struct aes_icm_ctx *ctx;
  124 
  125         ctx = (struct aes_icm_ctx*)key;
  126 
  127         /* CCM has flags, then the IV, then the counter, which starts at 1 */
  128         bzero(ctx->ac_block, sizeof(ctx->ac_block));
  129         /* 3 bytes for length field; this gives a nonce of 12 bytes */
  130         ctx->ac_block[0] = (15 - AES_CCM_IV_LEN) - 1;
  131         bcopy(iv, ctx->ac_block+1, AES_CCM_IV_LEN);
  132         ctx->ac_block[AESICM_BLOCKSIZE - 1] = 1;
  133 }
  134 
  135 static void
  136 aes_icm_crypt(caddr_t key, u_int8_t *data)
  137 {
  138         struct aes_icm_ctx *ctx;
  139         u_int8_t keystream[AESICM_BLOCKSIZE];
  140         int i;
  141 
  142         ctx = (struct aes_icm_ctx *)key;
  143         rijndaelEncrypt(ctx->ac_ek, ctx->ac_nr, ctx->ac_block, keystream);
  144         for (i = 0; i < AESICM_BLOCKSIZE; i++)
  145                 data[i] ^= keystream[i];
  146         explicit_bzero(keystream, sizeof(keystream));
  147 
  148         /* increment counter */
  149         for (i = AESICM_BLOCKSIZE - 1;
  150              i >= 0; i--)
  151                 if (++ctx->ac_block[i])   /* continue on overflow */
  152                         break;
  153 }
  154 
  155 static int
  156 aes_icm_setkey(u_int8_t **sched, u_int8_t *key, int len)
  157 {
  158         struct aes_icm_ctx *ctx;
  159 
  160         if (len != 16 && len != 24 && len != 32)
  161                 return EINVAL;
  162 
  163         *sched = KMALLOC(sizeof(struct aes_icm_ctx), M_CRYPTO_DATA,
  164             M_NOWAIT | M_ZERO);
  165         if (*sched == NULL)
  166                 return ENOMEM;
  167 
  168         ctx = (struct aes_icm_ctx *)*sched;
  169         ctx->ac_nr = rijndaelKeySetupEnc(ctx->ac_ek, (u_char *)key, len * 8);
  170         return 0;
  171 }
  172 
  173 static void
  174 aes_icm_zerokey(u_int8_t **sched)
  175 {
  176 
  177         bzero(*sched, sizeof(struct aes_icm_ctx));
  178         KFREE(*sched, M_CRYPTO_DATA);
  179         *sched = NULL;
  180 }

Cache object: f3e4b7a8809aafeda2c2aed51ae06d24

[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.