| cryptosoft.c (26d292d3e2fc0b7883d246f7a0834aa802be4ef5) | cryptosoft.c (9b774dc0c586235e3f742dd487fd79e9fa90eedb) |
|---|---|
| 1/* $OpenBSD: cryptosoft.c,v 1.35 2002/04/26 08:43:50 deraadt Exp $ */ 2 3/*- 4 * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) 5 * Copyright (c) 2002-2006 Sam Leffler, Errno Consulting 6 * 7 * This code was written by Angelos D. Keromytis in Athens, Greece, in 8 * February 2000. Network Security Technologies Inc. (NSTI) kindly --- 321 unchanged lines hidden (view full) --- 330 if (crp->crp_auth_key != NULL) { 331 csp = crypto_get_params(crp->crp_session); 332 swcr_authprepare(axf, sw, crp->crp_auth_key, 333 csp->csp_auth_klen); 334 } 335 336 bcopy(sw->sw_ictx, &ctx, axf->ctxsize); 337 | 1/* $OpenBSD: cryptosoft.c,v 1.35 2002/04/26 08:43:50 deraadt Exp $ */ 2 3/*- 4 * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) 5 * Copyright (c) 2002-2006 Sam Leffler, Errno Consulting 6 * 7 * This code was written by Angelos D. Keromytis in Athens, Greece, in 8 * February 2000. Network Security Technologies Inc. (NSTI) kindly --- 321 unchanged lines hidden (view full) --- 330 if (crp->crp_auth_key != NULL) { 331 csp = crypto_get_params(crp->crp_session); 332 swcr_authprepare(axf, sw, crp->crp_auth_key, 333 csp->csp_auth_klen); 334 } 335 336 bcopy(sw->sw_ictx, &ctx, axf->ctxsize); 337 |
| 338 err = crypto_apply(crp, crp->crp_aad_start, crp->crp_aad_length, 339 axf->Update, &ctx); | 338 if (crp->crp_aad != NULL) 339 err = axf->Update(&ctx, crp->crp_aad, crp->crp_aad_length); 340 else 341 err = crypto_apply(crp, crp->crp_aad_start, crp->crp_aad_length, 342 axf->Update, &ctx); |
| 340 if (err) 341 return err; 342 343 if (CRYPTO_HAS_OUTPUT_BUFFER(crp) && 344 CRYPTO_OP_IS_ENCRYPT(crp->crp_op)) 345 err = crypto_apply_buf(&crp->crp_obuf, 346 crp->crp_payload_output_start, crp->crp_payload_length, 347 axf->Update, &ctx); --- 150 unchanged lines hidden (view full) --- 498 499 swa = &ses->swcr_auth; 500 axf = swa->sw_axf; 501 502 bcopy(swa->sw_ictx, &ctx, axf->ctxsize); 503 blksz = GMAC_BLOCK_LEN; 504 KASSERT(axf->blocksize == blksz, ("%s: axf block size mismatch", 505 __func__)); | 343 if (err) 344 return err; 345 346 if (CRYPTO_HAS_OUTPUT_BUFFER(crp) && 347 CRYPTO_OP_IS_ENCRYPT(crp->crp_op)) 348 err = crypto_apply_buf(&crp->crp_obuf, 349 crp->crp_payload_output_start, crp->crp_payload_length, 350 axf->Update, &ctx); --- 150 unchanged lines hidden (view full) --- 501 502 swa = &ses->swcr_auth; 503 axf = swa->sw_axf; 504 505 bcopy(swa->sw_ictx, &ctx, axf->ctxsize); 506 blksz = GMAC_BLOCK_LEN; 507 KASSERT(axf->blocksize == blksz, ("%s: axf block size mismatch", 508 __func__)); |
| 506 | 509 |
| 507 swe = &ses->swcr_encdec; 508 exf = swe->sw_exf; 509 KASSERT(axf->blocksize == exf->native_blocksize, 510 ("%s: blocksize mismatch", __func__)); 511 512 if ((crp->crp_flags & CRYPTO_F_IV_SEPARATE) == 0) 513 return (EINVAL); 514 515 /* Initialize the IV */ 516 ivlen = AES_GCM_IV_LEN; 517 bcopy(crp->crp_iv, iv, ivlen); 518 519 /* Supply MAC with IV */ 520 axf->Reinit(&ctx, iv, ivlen); 521 522 /* Supply MAC with AAD */ | 510 swe = &ses->swcr_encdec; 511 exf = swe->sw_exf; 512 KASSERT(axf->blocksize == exf->native_blocksize, 513 ("%s: blocksize mismatch", __func__)); 514 515 if ((crp->crp_flags & CRYPTO_F_IV_SEPARATE) == 0) 516 return (EINVAL); 517 518 /* Initialize the IV */ 519 ivlen = AES_GCM_IV_LEN; 520 bcopy(crp->crp_iv, iv, ivlen); 521 522 /* Supply MAC with IV */ 523 axf->Reinit(&ctx, iv, ivlen); 524 525 /* Supply MAC with AAD */ |
| 523 crypto_cursor_init(&cc_in, &crp->crp_buf); 524 crypto_cursor_advance(&cc_in, crp->crp_aad_start); 525 for (resid = crp->crp_aad_length; resid >= blksz; resid -= len) { 526 len = crypto_cursor_seglen(&cc_in); 527 if (len >= blksz) { 528 inblk = crypto_cursor_segbase(&cc_in); 529 len = rounddown(MIN(len, resid), blksz); 530 crypto_cursor_advance(&cc_in, len); 531 } else { 532 len = blksz; 533 crypto_cursor_copydata(&cc_in, len, blk); 534 inblk = blk; | 526 if (crp->crp_aad != NULL) { 527 len = rounddown(crp->crp_aad_length, blksz); 528 if (len != 0) 529 axf->Update(&ctx, crp->crp_aad, len); 530 if (crp->crp_aad_length != len) { 531 memset(blk, 0, blksz); 532 memcpy(blk, (char *)crp->crp_aad + len, 533 crp->crp_aad_length - len); 534 axf->Update(&ctx, blk, blksz); |
| 535 } | 535 } |
| 536 axf->Update(&ctx, inblk, len); | 536 } else { 537 crypto_cursor_init(&cc_in, &crp->crp_buf); 538 crypto_cursor_advance(&cc_in, crp->crp_aad_start); 539 for (resid = crp->crp_aad_length; resid >= blksz; 540 resid -= len) { 541 len = crypto_cursor_seglen(&cc_in); 542 if (len >= blksz) { 543 inblk = crypto_cursor_segbase(&cc_in); 544 len = rounddown(MIN(len, resid), blksz); 545 crypto_cursor_advance(&cc_in, len); 546 } else { 547 len = blksz; 548 crypto_cursor_copydata(&cc_in, len, blk); 549 inblk = blk; 550 } 551 axf->Update(&ctx, inblk, len); 552 } 553 if (resid > 0) { 554 memset(blk, 0, blksz); 555 crypto_cursor_copydata(&cc_in, resid, blk); 556 axf->Update(&ctx, blk, blksz); 557 } |
| 537 } | 558 } |
| 538 if (resid > 0) { 539 memset(blk, 0, blksz); 540 crypto_cursor_copydata(&cc_in, resid, blk); 541 axf->Update(&ctx, blk, blksz); 542 } | |
| 543 544 exf->reinit(swe->sw_kschedule, iv); 545 546 /* Do encryption with MAC */ 547 crypto_cursor_init(&cc_in, &crp->crp_buf); 548 crypto_cursor_advance(&cc_in, crp->crp_payload_start); 549 if (CRYPTO_HAS_OUTPUT_BUFFER(crp)) { 550 crypto_cursor_init(&cc_out, &crp->crp_obuf); --- 51 unchanged lines hidden (view full) --- 602 crypto_copydata(crp, crp->crp_digest_start, swa->sw_mlen, tag2); 603 604 r = timingsafe_bcmp(tag, tag2, swa->sw_mlen); 605 explicit_bzero(tag2, sizeof(tag2)); 606 if (r != 0) { 607 error = EBADMSG; 608 goto out; 609 } | 559 560 exf->reinit(swe->sw_kschedule, iv); 561 562 /* Do encryption with MAC */ 563 crypto_cursor_init(&cc_in, &crp->crp_buf); 564 crypto_cursor_advance(&cc_in, crp->crp_payload_start); 565 if (CRYPTO_HAS_OUTPUT_BUFFER(crp)) { 566 crypto_cursor_init(&cc_out, &crp->crp_obuf); --- 51 unchanged lines hidden (view full) --- 618 crypto_copydata(crp, crp->crp_digest_start, swa->sw_mlen, tag2); 619 620 r = timingsafe_bcmp(tag, tag2, swa->sw_mlen); 621 explicit_bzero(tag2, sizeof(tag2)); 622 if (r != 0) { 623 error = EBADMSG; 624 goto out; 625 } |
| 610 | 626 |
| 611 /* tag matches, decrypt data */ 612 crypto_cursor_init(&cc_in, &crp->crp_buf); 613 crypto_cursor_advance(&cc_in, crp->crp_payload_start); 614 for (resid = crp->crp_payload_length; resid > blksz; 615 resid -= blksz) { 616 if (crypto_cursor_seglen(&cc_in) < blksz) { 617 crypto_cursor_copydata(&cc_in, blksz, blk); 618 inblk = blk; --- 51 unchanged lines hidden (view full) --- 670 /* 671 * AES CCM-CBC-MAC needs to know the length of both the auth 672 * data and payload data before doing the auth computation. 673 */ 674 ctx.aes_cbc_mac_ctx.authDataLength = crp->crp_payload_length; 675 ctx.aes_cbc_mac_ctx.cryptDataLength = 0; 676 677 axf->Reinit(&ctx, iv, ivlen); | 627 /* tag matches, decrypt data */ 628 crypto_cursor_init(&cc_in, &crp->crp_buf); 629 crypto_cursor_advance(&cc_in, crp->crp_payload_start); 630 for (resid = crp->crp_payload_length; resid > blksz; 631 resid -= blksz) { 632 if (crypto_cursor_seglen(&cc_in) < blksz) { 633 crypto_cursor_copydata(&cc_in, blksz, blk); 634 inblk = blk; --- 51 unchanged lines hidden (view full) --- 686 /* 687 * AES CCM-CBC-MAC needs to know the length of both the auth 688 * data and payload data before doing the auth computation. 689 */ 690 ctx.aes_cbc_mac_ctx.authDataLength = crp->crp_payload_length; 691 ctx.aes_cbc_mac_ctx.cryptDataLength = 0; 692 693 axf->Reinit(&ctx, iv, ivlen); |
| 678 error = crypto_apply(crp, crp->crp_payload_start, 679 crp->crp_payload_length, axf->Update, &ctx); | 694 if (crp->crp_aad != NULL) 695 error = axf->Update(&ctx, crp->crp_aad, crp->crp_aad_length); 696 else 697 error = crypto_apply(crp, crp->crp_payload_start, 698 crp->crp_payload_length, axf->Update, &ctx); |
| 680 if (error) 681 return (error); 682 683 /* Finalize MAC */ 684 axf->Final(tag, &ctx); 685 686 if (crp->crp_op & CRYPTO_OP_VERIFY_DIGEST) { 687 u_char tag2[AES_CBC_MAC_HASH_LEN]; --- 31 unchanged lines hidden (view full) --- 719 720 swa = &ses->swcr_auth; 721 axf = swa->sw_axf; 722 723 bcopy(swa->sw_ictx, &ctx, axf->ctxsize); 724 blksz = AES_BLOCK_LEN; 725 KASSERT(axf->blocksize == blksz, ("%s: axf block size mismatch", 726 __func__)); | 699 if (error) 700 return (error); 701 702 /* Finalize MAC */ 703 axf->Final(tag, &ctx); 704 705 if (crp->crp_op & CRYPTO_OP_VERIFY_DIGEST) { 706 u_char tag2[AES_CBC_MAC_HASH_LEN]; --- 31 unchanged lines hidden (view full) --- 738 739 swa = &ses->swcr_auth; 740 axf = swa->sw_axf; 741 742 bcopy(swa->sw_ictx, &ctx, axf->ctxsize); 743 blksz = AES_BLOCK_LEN; 744 KASSERT(axf->blocksize == blksz, ("%s: axf block size mismatch", 745 __func__)); |
| 727 | 746 |
| 728 swe = &ses->swcr_encdec; 729 exf = swe->sw_exf; 730 KASSERT(axf->blocksize == exf->native_blocksize, 731 ("%s: blocksize mismatch", __func__)); 732 733 if ((crp->crp_flags & CRYPTO_F_IV_SEPARATE) == 0) 734 return (EINVAL); 735 --- 7 unchanged lines hidden (view full) --- 743 */ 744 ctx.aes_cbc_mac_ctx.authDataLength = crp->crp_aad_length; 745 ctx.aes_cbc_mac_ctx.cryptDataLength = crp->crp_payload_length; 746 747 /* Supply MAC with IV */ 748 axf->Reinit(&ctx, iv, ivlen); 749 750 /* Supply MAC with AAD */ | 747 swe = &ses->swcr_encdec; 748 exf = swe->sw_exf; 749 KASSERT(axf->blocksize == exf->native_blocksize, 750 ("%s: blocksize mismatch", __func__)); 751 752 if ((crp->crp_flags & CRYPTO_F_IV_SEPARATE) == 0) 753 return (EINVAL); 754 --- 7 unchanged lines hidden (view full) --- 762 */ 763 ctx.aes_cbc_mac_ctx.authDataLength = crp->crp_aad_length; 764 ctx.aes_cbc_mac_ctx.cryptDataLength = crp->crp_payload_length; 765 766 /* Supply MAC with IV */ 767 axf->Reinit(&ctx, iv, ivlen); 768 769 /* Supply MAC with AAD */ |
| 751 error = crypto_apply(crp, crp->crp_aad_start, crp->crp_aad_length, 752 axf->Update, &ctx); | 770 if (crp->crp_aad != NULL) 771 error = axf->Update(&ctx, crp->crp_aad, crp->crp_aad_length); 772 else 773 error = crypto_apply(crp, crp->crp_aad_start, 774 crp->crp_aad_length, axf->Update, &ctx); |
| 753 if (error) 754 return (error); 755 756 exf->reinit(swe->sw_kschedule, iv); 757 758 /* Do encryption/decryption with MAC */ 759 crypto_cursor_init(&cc_in, &crp->crp_buf); 760 crypto_cursor_advance(&cc_in, crp->crp_payload_start); --- 247 unchanged lines hidden (view full) --- 1008 return (EINVAL); 1009 if (csp->csp_auth_mlen == 0) 1010 swa->sw_mlen = axf->hashsize; 1011 else 1012 swa->sw_mlen = csp->csp_auth_mlen; 1013 swa->sw_ictx = malloc(axf->ctxsize, M_CRYPTO_DATA, M_NOWAIT); 1014 if (swa->sw_ictx == NULL) 1015 return (ENOBUFS); | 775 if (error) 776 return (error); 777 778 exf->reinit(swe->sw_kschedule, iv); 779 780 /* Do encryption/decryption with MAC */ 781 crypto_cursor_init(&cc_in, &crp->crp_buf); 782 crypto_cursor_advance(&cc_in, crp->crp_payload_start); --- 247 unchanged lines hidden (view full) --- 1030 return (EINVAL); 1031 if (csp->csp_auth_mlen == 0) 1032 swa->sw_mlen = axf->hashsize; 1033 else 1034 swa->sw_mlen = csp->csp_auth_mlen; 1035 swa->sw_ictx = malloc(axf->ctxsize, M_CRYPTO_DATA, M_NOWAIT); 1036 if (swa->sw_ictx == NULL) 1037 return (ENOBUFS); |
| 1016 | 1038 |
| 1017 switch (csp->csp_auth_alg) { 1018 case CRYPTO_SHA1_HMAC: 1019 case CRYPTO_SHA2_224_HMAC: 1020 case CRYPTO_SHA2_256_HMAC: 1021 case CRYPTO_SHA2_384_HMAC: 1022 case CRYPTO_SHA2_512_HMAC: 1023 case CRYPTO_NULL_HMAC: 1024 case CRYPTO_RIPEMD160_HMAC: --- 206 unchanged lines hidden (view full) --- 1231 return (false); 1232 return (true); 1233} 1234 1235static int 1236swcr_probesession(device_t dev, const struct crypto_session_params *csp) 1237{ 1238 | 1039 switch (csp->csp_auth_alg) { 1040 case CRYPTO_SHA1_HMAC: 1041 case CRYPTO_SHA2_224_HMAC: 1042 case CRYPTO_SHA2_256_HMAC: 1043 case CRYPTO_SHA2_384_HMAC: 1044 case CRYPTO_SHA2_512_HMAC: 1045 case CRYPTO_NULL_HMAC: 1046 case CRYPTO_RIPEMD160_HMAC: --- 206 unchanged lines hidden (view full) --- 1253 return (false); 1254 return (true); 1255} 1256 1257static int 1258swcr_probesession(device_t dev, const struct crypto_session_params *csp) 1259{ 1260 |
| 1239 if ((csp->csp_flags & ~(CSP_F_SEPARATE_OUTPUT)) != 0) | 1261 if ((csp->csp_flags & ~(CSP_F_SEPARATE_OUTPUT | CSP_F_SEPARATE_AAD)) != 1262 0) |
| 1240 return (EINVAL); 1241 switch (csp->csp_mode) { 1242 case CSP_MODE_COMPRESS: 1243 switch (csp->csp_cipher_alg) { 1244 case CRYPTO_DEFLATE_COMP: 1245 break; 1246 default: 1247 return (EINVAL); --- 271 unchanged lines hidden --- | 1263 return (EINVAL); 1264 switch (csp->csp_mode) { 1265 case CSP_MODE_COMPRESS: 1266 switch (csp->csp_cipher_alg) { 1267 case CRYPTO_DEFLATE_COMP: 1268 break; 1269 default: 1270 return (EINVAL); --- 271 unchanged lines hidden --- |