From b6fae284eb800cd7c6cc70f9662379c0946e56b3 Mon Sep 17 00:00:00 2001 From: mikeb Date: Tue, 2 May 2017 17:07:06 +0000 Subject: [PATCH] Switch 802.11 crypto over to the new AES OK stsp@ --- sys/crypto/cmac.c | 14 +++++----- sys/crypto/cmac.h | 4 +-- sys/crypto/key_wrap.c | 12 ++++----- sys/crypto/key_wrap.h | 4 +-- sys/net80211/ieee80211_crypto.c | 4 +-- sys/net80211/ieee80211_crypto_bip.c | 4 +-- sys/net80211/ieee80211_crypto_ccmp.c | 38 ++++++++++++++-------------- 7 files changed, 40 insertions(+), 40 deletions(-) diff --git a/sys/crypto/cmac.c b/sys/crypto/cmac.c index 366f30f5749..97ad3fc22c2 100644 --- a/sys/crypto/cmac.c +++ b/sys/crypto/cmac.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cmac.c,v 1.2 2011/01/11 15:42:05 deraadt Exp $ */ +/* $OpenBSD: cmac.c,v 1.3 2017/05/02 17:07:06 mikeb Exp $ */ /*- * Copyright (c) 2008 Damien Bergamini @@ -24,7 +24,7 @@ #include #include -#include +#include #include #define LSHIFT(v, r) do { \ @@ -50,7 +50,7 @@ AES_CMAC_Init(AES_CMAC_CTX *ctx) void AES_CMAC_SetKey(AES_CMAC_CTX *ctx, const u_int8_t key[AES_CMAC_KEY_LENGTH]) { - rijndael_set_key_enc_only(&ctx->rijndael, key, 128); + AES_Setkey(&ctx->aesctx, key, 16); } void @@ -65,13 +65,13 @@ AES_CMAC_Update(AES_CMAC_CTX *ctx, const u_int8_t *data, u_int len) if (ctx->M_n < 16 || len == mlen) return; XOR(ctx->M_last, ctx->X); - rijndael_encrypt(&ctx->rijndael, ctx->X, ctx->X); + AES_Encrypt(&ctx->aesctx, ctx->X, ctx->X); data += mlen; len -= mlen; } while (len > 16) { /* not last block */ XOR(data, ctx->X); - rijndael_encrypt(&ctx->rijndael, ctx->X, ctx->X); + AES_Encrypt(&ctx->aesctx, ctx->X, ctx->X); data += 16; len -= 16; } @@ -87,7 +87,7 @@ AES_CMAC_Final(u_int8_t digest[AES_CMAC_DIGEST_LENGTH], AES_CMAC_CTX *ctx) /* generate subkey K1 */ memset(K, 0, sizeof K); - rijndael_encrypt(&ctx->rijndael, K, K); + AES_Encrypt(&ctx->aesctx, K, K); if (K[0] & 0x80) { LSHIFT(K, K); @@ -114,7 +114,7 @@ AES_CMAC_Final(u_int8_t digest[AES_CMAC_DIGEST_LENGTH], AES_CMAC_CTX *ctx) XOR(K, ctx->M_last); } XOR(ctx->M_last, ctx->X); - rijndael_encrypt(&ctx->rijndael, ctx->X, digest); + AES_Encrypt(&ctx->aesctx, ctx->X, digest); explicit_bzero(K, sizeof K); } diff --git a/sys/crypto/cmac.h b/sys/crypto/cmac.h index de0ec840d42..b497835fcf7 100644 --- a/sys/crypto/cmac.h +++ b/sys/crypto/cmac.h @@ -1,4 +1,4 @@ -/* $OpenBSD: cmac.h,v 1.2 2012/12/05 23:20:15 deraadt Exp $ */ +/* $OpenBSD: cmac.h,v 1.3 2017/05/02 17:07:06 mikeb Exp $ */ /*- * Copyright (c) 2008 Damien Bergamini @@ -23,7 +23,7 @@ #define AES_CMAC_DIGEST_LENGTH 16 typedef struct _AES_CMAC_CTX { - rijndael_ctx rijndael; + AES_CTX aesctx; u_int8_t X[16]; u_int8_t M_last[16]; u_int M_n; diff --git a/sys/crypto/key_wrap.c b/sys/crypto/key_wrap.c index 26c197eebbc..adbc11bc545 100644 --- a/sys/crypto/key_wrap.c +++ b/sys/crypto/key_wrap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: key_wrap.c,v 1.4 2013/06/11 18:45:08 deraadt Exp $ */ +/* $OpenBSD: key_wrap.c,v 1.5 2017/05/02 17:07:06 mikeb Exp $ */ /*- * Copyright (c) 2008 Damien Bergamini @@ -23,7 +23,7 @@ #include #include -#include +#include #include static const u_int8_t IV[8] = @@ -32,14 +32,14 @@ static const u_int8_t IV[8] = void aes_key_wrap_set_key(aes_key_wrap_ctx *ctx, const u_int8_t *K, size_t K_len) { - rijndael_set_key(&ctx->ctx, K, K_len * NBBY); + AES_Setkey(&ctx->ctx, K, K_len); } void aes_key_wrap_set_key_wrap_only(aes_key_wrap_ctx *ctx, const u_int8_t *K, size_t K_len) { - rijndael_set_key_enc_only(&ctx->ctx, K, K_len * NBBY); + AES_Setkey(&ctx->ctx, K, K_len); } void @@ -61,7 +61,7 @@ aes_key_wrap(aes_key_wrap_ctx *ctx, const u_int8_t *P, size_t n, u_int8_t *C) memcpy(&B[0], A, 8); memcpy(&B[1], R, 8); /* B = AES(K, B) */ - rijndael_encrypt(&ctx->ctx, (caddr_t)B, (caddr_t)B); + AES_Encrypt(&ctx->ctx, (caddr_t)B, (caddr_t)B); /* MSB(64, B) = MSB(64, B) ^ t */ B[0] ^= htobe64(t); /* A = MSB(64, B) */ @@ -96,7 +96,7 @@ aes_key_unwrap(aes_key_wrap_ctx *ctx, const u_int8_t *C, u_int8_t *P, size_t n) /* B = MSB(64, B) | R[i] */ memcpy(&B[1], R, 8); /* B = AES-1(K, B) */ - rijndael_decrypt(&ctx->ctx, (caddr_t)B, (caddr_t)B); + AES_Decrypt(&ctx->ctx, (caddr_t)B, (caddr_t)B); /* A = MSB(64, B) */ memcpy(A, &B[0], 8); /* R[i] = LSB(64, B) */ diff --git a/sys/crypto/key_wrap.h b/sys/crypto/key_wrap.h index f91ce5f4c06..06aff916d4a 100644 --- a/sys/crypto/key_wrap.h +++ b/sys/crypto/key_wrap.h @@ -1,4 +1,4 @@ -/* $OpenBSD: key_wrap.h,v 1.2 2012/12/05 23:20:15 deraadt Exp $ */ +/* $OpenBSD: key_wrap.h,v 1.3 2017/05/02 17:07:06 mikeb Exp $ */ /*- * Copyright (c) 2008 Damien Bergamini @@ -20,7 +20,7 @@ #define _KEY_WRAP_H_ typedef struct _aes_key_wrap_ctx { - rijndael_ctx ctx; + AES_CTX ctx; } aes_key_wrap_ctx; __BEGIN_DECLS diff --git a/sys/net80211/ieee80211_crypto.c b/sys/net80211/ieee80211_crypto.c index 2c5406128e5..c534bf6dc29 100644 --- a/sys/net80211/ieee80211_crypto.c +++ b/sys/net80211/ieee80211_crypto.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ieee80211_crypto.c,v 1.69 2017/03/23 04:10:10 tb Exp $ */ +/* $OpenBSD: ieee80211_crypto.c,v 1.70 2017/05/02 17:07:06 mikeb Exp $ */ /*- * Copyright (c) 2008 Damien Bergamini @@ -42,7 +42,7 @@ #include #include #include -#include +#include #include #include diff --git a/sys/net80211/ieee80211_crypto_bip.c b/sys/net80211/ieee80211_crypto_bip.c index 307c05b1bce..8dc83a8a7c8 100644 --- a/sys/net80211/ieee80211_crypto_bip.c +++ b/sys/net80211/ieee80211_crypto_bip.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ieee80211_crypto_bip.c,v 1.8 2017/03/23 04:10:10 tb Exp $ */ +/* $OpenBSD: ieee80211_crypto_bip.c,v 1.9 2017/05/02 17:07:06 mikeb Exp $ */ /*- * Copyright (c) 2008 Damien Bergamini @@ -40,7 +40,7 @@ #include #include -#include +#include #include /* BIP software crypto context */ diff --git a/sys/net80211/ieee80211_crypto_ccmp.c b/sys/net80211/ieee80211_crypto_ccmp.c index acd60a6da2e..a7e913a8ab1 100644 --- a/sys/net80211/ieee80211_crypto_ccmp.c +++ b/sys/net80211/ieee80211_crypto_ccmp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ieee80211_crypto_ccmp.c,v 1.19 2017/03/23 04:10:10 tb Exp $ */ +/* $OpenBSD: ieee80211_crypto_ccmp.c,v 1.20 2017/05/02 17:07:06 mikeb Exp $ */ /*- * Copyright (c) 2008 Damien Bergamini @@ -39,11 +39,11 @@ #include #include -#include +#include /* CCMP software crypto context */ struct ieee80211_ccmp_ctx { - rijndael_ctx rijndael; + AES_CTX aesctx; }; /* @@ -58,7 +58,7 @@ ieee80211_ccmp_set_key(struct ieee80211com *ic, struct ieee80211_key *k) ctx = malloc(sizeof(*ctx), M_DEVBUF, M_NOWAIT | M_ZERO); if (ctx == NULL) return ENOMEM; - rijndael_set_key_enc_only(&ctx->rijndael, k->k_key, 128); + AES_Setkey(&ctx->aesctx, k->k_key, 16); k->k_priv = ctx; return 0; } @@ -78,7 +78,7 @@ ieee80211_ccmp_delete_key(struct ieee80211com *ic, struct ieee80211_key *k) * CCMP uses the following CCM parameters: M = 8, L = 2 */ static void -ieee80211_ccmp_phase1(rijndael_ctx *ctx, const struct ieee80211_frame *wh, +ieee80211_ccmp_phase1(AES_CTX *ctx, const struct ieee80211_frame *wh, u_int64_t pn, int lm, u_int8_t b[16], u_int8_t a[16], u_int8_t s0[16]) { u_int8_t auth[32], nonce[13]; @@ -146,20 +146,20 @@ ieee80211_ccmp_phase1(rijndael_ctx *ctx, const struct ieee80211_frame *wh, memcpy(&b[1], nonce, 13); b[14] = lm >> 8; b[15] = lm & 0xff; - rijndael_encrypt(ctx, b, b); + AES_Encrypt(ctx, b, b); for (i = 0; i < 16; i++) b[i] ^= auth[i]; - rijndael_encrypt(ctx, b, b); + AES_Encrypt(ctx, b, b); for (i = 0; i < 16; i++) b[i] ^= auth[16 + i]; - rijndael_encrypt(ctx, b, b); + AES_Encrypt(ctx, b, b); /* construct S_0 */ a[ 0] = 1; /* Flags = L' = (L-1) */ memcpy(&a[1], nonce, 13); a[14] = a[15] = 0; - rijndael_encrypt(ctx, a, s0); + AES_Encrypt(ctx, a, s0); } struct mbuf * @@ -210,14 +210,14 @@ ieee80211_ccmp_encrypt(struct ieee80211com *ic, struct mbuf *m0, ivp[7] = k->k_tsc >> 40; /* PN5 */ /* construct initial B, A and S_0 blocks */ - ieee80211_ccmp_phase1(&ctx->rijndael, wh, k->k_tsc, + ieee80211_ccmp_phase1(&ctx->aesctx, wh, k->k_tsc, m0->m_pkthdr.len - hdrlen, b, a, s0); /* construct S_1 */ ctr = 1; a[14] = ctr >> 8; a[15] = ctr & 0xff; - rijndael_encrypt(&ctx->rijndael, a, s); + AES_Encrypt(&ctx->aesctx, a, s); /* encrypt frame body and compute MIC */ j = 0; @@ -260,12 +260,12 @@ ieee80211_ccmp_encrypt(struct ieee80211com *ic, struct mbuf *m0, if (++j < 16) continue; /* we have a full block, encrypt MIC */ - rijndael_encrypt(&ctx->rijndael, b, b); + AES_Encrypt(&ctx->aesctx, b, b); /* construct a new S_ctr block */ ctr++; a[14] = ctr >> 8; a[15] = ctr & 0xff; - rijndael_encrypt(&ctx->rijndael, a, s); + AES_Encrypt(&ctx->aesctx, a, s); j = 0; } @@ -274,7 +274,7 @@ ieee80211_ccmp_encrypt(struct ieee80211com *ic, struct mbuf *m0, left -= len; } if (j != 0) /* partial block, encrypt MIC */ - rijndael_encrypt(&ctx->rijndael, b, b); + AES_Encrypt(&ctx->aesctx, b, b); /* reserve trailing space for MIC */ if (M_TRAILINGSPACE(n) < IEEE80211_CCMP_MICLEN) { @@ -370,7 +370,7 @@ ieee80211_ccmp_decrypt(struct ieee80211com *ic, struct mbuf *m0, n0->m_len = n0->m_pkthdr.len; /* construct initial B, A and S_0 blocks */ - ieee80211_ccmp_phase1(&ctx->rijndael, wh, pn, + ieee80211_ccmp_phase1(&ctx->aesctx, wh, pn, n0->m_pkthdr.len - hdrlen, b, a, s0); /* copy 802.11 header and clear protected bit */ @@ -382,7 +382,7 @@ ieee80211_ccmp_decrypt(struct ieee80211com *ic, struct mbuf *m0, ctr = 1; a[14] = ctr >> 8; a[15] = ctr & 0xff; - rijndael_encrypt(&ctx->rijndael, a, s); + AES_Encrypt(&ctx->aesctx, a, s); /* decrypt frame body and compute MIC */ j = 0; @@ -425,12 +425,12 @@ ieee80211_ccmp_decrypt(struct ieee80211com *ic, struct mbuf *m0, if (++j < 16) continue; /* we have a full block, encrypt MIC */ - rijndael_encrypt(&ctx->rijndael, b, b); + AES_Encrypt(&ctx->aesctx, b, b); /* construct a new S_ctr block */ ctr++; a[14] = ctr >> 8; a[15] = ctr & 0xff; - rijndael_encrypt(&ctx->rijndael, a, s); + AES_Encrypt(&ctx->aesctx, a, s); j = 0; } @@ -439,7 +439,7 @@ ieee80211_ccmp_decrypt(struct ieee80211com *ic, struct mbuf *m0, left -= len; } if (j != 0) /* partial block, encrypt MIC */ - rijndael_encrypt(&ctx->rijndael, b, b); + AES_Encrypt(&ctx->aesctx, b, b); /* finalize MIC, U := T XOR first-M-bytes( S_0 ) */ for (i = 0; i < IEEE80211_CCMP_MICLEN; i++) -- 2.20.1