int cri_klen; /* Key length, in bits */
int cri_rnd; /* Algorithm rounds, where relevant */
caddr_t cri_key; /* key to use */
+ u_int8_t cri_iv[EALG_MAX_BLOCK_LEN]; /* IV to use */
struct cryptoini *cri_next;
};
int crd_flags;
#define CRD_F_ENCRYPT 0x1 /* Set when doing encryption */
-#define CRD_F_HALFIV 0x2
-#define CRD_F_IV_PRESENT 0x4 /* Used/sensible only when encrypting */
+#define CRD_F_IV_PRESENT 0x2 /* When encrypting, IV is already in
+ place, so don't copy. */
+#define CRD_F_IV_EXPLICIT 0x4 /* IV explicitly provided */
struct cryptoini CRD_INI; /* Initialization/context data */
+#define crd_iv CRD_INI.cri_iv
#define crd_key CRD_INI.cri_key
#define crd_rnd CRD_INI.cri_rnd
#define crd_alg CRD_INI.cri_alg
{
if (crd->crd_flags & CRD_F_ENCRYPT)
{
- /* Inject IV */
- if (crd->crd_flags & CRD_F_HALFIV)
- {
- if (crd->crd_flags & CRD_F_IV_PRESENT)
- bcopy(buf + crd->crd_inject, sw->sw_iv, blks / 2);
-
- /* "Cook" half-IV */
- for (k = 0; k < blks / 2; k++)
- sw->sw_iv[(blks / 2) + k] = ~sw->sw_iv[k];
+ /* IV explicitly provided ? */
+ if (crd->crd_flags & CRD_F_IV_EXPLICIT)
+ bcopy(crd->crd_iv, sw->sw_iv, blks);
- bcopy(sw->sw_iv, buf + crd->crd_inject, blks / 2);
- }
- else
- {
- if (crd->crd_flags & CRD_F_IV_PRESENT)
- bcopy(buf + crd->crd_inject, sw->sw_iv, blks);
- else
- bcopy(sw->sw_iv, buf + crd->crd_inject, blks);
- }
+ if (!(crd->crd_flags & CRD_F_IV_PRESENT))
+ bcopy(sw->sw_iv, buf + crd->crd_inject, blks);
for (i = crd->crd_skip;
i < crd->crd_skip + crd->crd_len;
}
else /* Decrypt */
{
- /* Copy the IV off the buffer */
- bcopy(buf + crd->crd_inject, sw->sw_iv, blks);
-
- /* "Cook" half-IV */
- if (crd->crd_flags & CRD_F_HALFIV)
- for (k = 0; k < blks / 2; k++)
- sw->sw_iv[(blks / 2) + k] = ~sw->sw_iv[k];
+ /* IV explicitly provided ? */
+ if (crd->crd_flags & CRD_F_IV_EXPLICIT)
+ bcopy(crd->crd_iv, sw->sw_iv, blks);
+ else /* IV preceeds data */
+ bcopy(buf + crd->crd_inject, sw->sw_iv, blks);
/*
* Start at the end, so we don't need to keep the encrypted
/* Initialize the IV */
if (crd->crd_flags & CRD_F_ENCRYPT)
{
- if (crd->crd_flags & CRD_F_IV_PRESENT)
- m_copydata(m, crd->crd_inject, blks, iv);
+ /* IV explicitly provided ? */
+ if (crd->crd_flags & CRD_F_IV_EXPLICIT)
+ bcopy(crd->crd_iv, iv, blks);
else
- bcopy(sw->sw_iv, iv, blks);
+ bcopy(sw->sw_iv, iv, blks); /* Use IV from context */
- /* "Cook" half-IV */
- if (crd->crd_flags & CRD_F_HALFIV)
- {
- for (k = 0; k < blks / 2; k++)
- iv[(blks / 2) + k] = ~iv[k];
-
- if (!(crd->crd_flags & CRD_F_IV_PRESENT))
- m_copyback(m, crd->crd_inject, blks / 2, iv);
- }
- else
- if (!(crd->crd_flags & CRD_F_IV_PRESENT))
- m_copyback(m, crd->crd_inject, blks, iv);
+ /* Do we need to write the IV */
+ if (!(crd->crd_flags & CRD_F_IV_PRESENT))
+ m_copyback(m, crd->crd_inject, blks, iv);
}
- else
+ else /* Decryption */
{
- m_copydata(m, crd->crd_inject, blks, iv); /* Get IV off mbuf */
-
- /* "Cook" half-IV */
- if (crd->crd_flags & CRD_F_HALFIV)
- for (k = 0; k < blks / 2; k++)
- iv[(blks / 2) + k] = ~iv[k];
+ /* IV explicitly provided ? */
+ if (crd->crd_flags & CRD_F_IV_EXPLICIT)
+ bcopy(crd->crd_iv, iv, blks);
+ else
+ m_copydata(m, crd->crd_inject, blks, iv); /* Get IV off mbuf */
}
ivp = iv;
projects / openbsd / commitdiff