From d223d7cb85c1f2f705da547a0134b949655abe6a Mon Sep 17 00:00:00 2001 From: mikeb Date: Tue, 2 May 2017 11:44:32 +0000 Subject: [PATCH] Switch OCF and IPsec over to the new AES ok djm --- sys/crypto/cryptosoft.c | 10 ++++---- sys/crypto/gmac.c | 11 ++++---- sys/crypto/gmac.h | 7 +++-- sys/crypto/xform.c | 57 +++++++++++++++++++---------------------- sys/crypto/xform.h | 4 +-- sys/netinet/ip_esp.c | 4 +-- 6 files changed, 44 insertions(+), 49 deletions(-) diff --git a/sys/crypto/cryptosoft.c b/sys/crypto/cryptosoft.c index 315210c5407..2372fe95682 100644 --- a/sys/crypto/cryptosoft.c +++ b/sys/crypto/cryptosoft.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cryptosoft.c,v 1.82 2017/02/07 17:25:46 patrick Exp $ */ +/* $OpenBSD: cryptosoft.c,v 1.83 2017/05/02 11:44:32 mikeb Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) @@ -795,8 +795,8 @@ swcr_newsession(u_int32_t *sid, struct cryptoini *cri) case CRYPTO_CAST_CBC: txf = &enc_xform_cast5; goto enccommon; - case CRYPTO_RIJNDAEL128_CBC: - txf = &enc_xform_rijndael128; + case CRYPTO_AES_CBC: + txf = &enc_xform_aes; goto enccommon; case CRYPTO_AES_CTR: txf = &enc_xform_aes_ctr; @@ -960,7 +960,7 @@ swcr_freesession(u_int64_t tid) case CRYPTO_3DES_CBC: case CRYPTO_BLF_CBC: case CRYPTO_CAST_CBC: - case CRYPTO_RIJNDAEL128_CBC: + case CRYPTO_AES_CBC: case CRYPTO_AES_CTR: case CRYPTO_AES_XTS: case CRYPTO_AES_GCM_16: @@ -1144,7 +1144,7 @@ swcr_init(void) algs[CRYPTO_MD5_HMAC] = CRYPTO_ALG_FLAG_SUPPORTED; algs[CRYPTO_SHA1_HMAC] = CRYPTO_ALG_FLAG_SUPPORTED; algs[CRYPTO_RIPEMD160_HMAC] = CRYPTO_ALG_FLAG_SUPPORTED; - algs[CRYPTO_RIJNDAEL128_CBC] = CRYPTO_ALG_FLAG_SUPPORTED; + algs[CRYPTO_AES_CBC] = CRYPTO_ALG_FLAG_SUPPORTED; algs[CRYPTO_AES_CTR] = CRYPTO_ALG_FLAG_SUPPORTED; algs[CRYPTO_AES_XTS] = CRYPTO_ALG_FLAG_SUPPORTED; algs[CRYPTO_AES_GCM_16] = CRYPTO_ALG_FLAG_SUPPORTED; diff --git a/sys/crypto/gmac.c b/sys/crypto/gmac.c index 33843d08fbe..c69a3e45468 100644 --- a/sys/crypto/gmac.c +++ b/sys/crypto/gmac.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gmac.c,v 1.9 2016/09/19 18:09:40 tedu Exp $ */ +/* $OpenBSD: gmac.c,v 1.10 2017/05/02 11:44:32 mikeb Exp $ */ /* * Copyright (c) 2010 Mike Belopuhov @@ -25,7 +25,7 @@ #include #include -#include +#include #include void ghash_gfmul(uint32_t *, uint32_t *, uint32_t *); @@ -114,12 +114,11 @@ AES_GMAC_Setkey(void *xctx, const uint8_t *key, uint16_t klen) { AES_GMAC_CTX *ctx = xctx; - ctx->rounds = rijndaelKeySetupEnc(ctx->K, (u_char *)key, - (klen - AESCTR_NONCESIZE) * 8); + AES_Setkey(&ctx->K, key, klen - AESCTR_NONCESIZE); /* copy out salt to the counter block */ bcopy(key + klen - AESCTR_NONCESIZE, ctx->J, AESCTR_NONCESIZE); /* prepare a hash subkey */ - rijndaelEncrypt(ctx->K, ctx->rounds, ctx->ghash.H, ctx->ghash.H); + AES_Encrypt(&ctx->K, ctx->ghash.H, ctx->ghash.H); } void @@ -162,7 +161,7 @@ AES_GMAC_Final(uint8_t digest[GMAC_DIGEST_LEN], void *xctx) /* do one round of GCTR */ ctx->J[GMAC_BLOCK_LEN - 1] = 1; - rijndaelEncrypt(ctx->K, ctx->rounds, ctx->J, keystream); + AES_Encrypt(&ctx->K, ctx->J, keystream); for (i = 0; i < GMAC_DIGEST_LEN; i++) digest[i] = ctx->ghash.S[i] ^ keystream[i]; explicit_bzero(keystream, sizeof(keystream)); diff --git a/sys/crypto/gmac.h b/sys/crypto/gmac.h index bae2c80864d..7ebc53a3e4b 100644 --- a/sys/crypto/gmac.h +++ b/sys/crypto/gmac.h @@ -1,4 +1,4 @@ -/* $OpenBSD: gmac.h,v 1.5 2015/11/07 17:46:49 mikeb Exp $ */ +/* $OpenBSD: gmac.h,v 1.6 2017/05/02 11:44:32 mikeb Exp $ */ /* * Copyright (c) 2010 Mike Belopuhov @@ -19,7 +19,7 @@ #ifndef _GMAC_H_ #define _GMAC_H_ -#include +#include #define GMAC_BLOCK_LEN 16 #define GMAC_DIGEST_LEN 16 @@ -32,9 +32,8 @@ typedef struct _GHASH_CTX { typedef struct _AES_GMAC_CTX { GHASH_CTX ghash; - uint32_t K[4*(AES_MAXROUNDS + 1)]; + AES_CTX K; uint8_t J[GMAC_BLOCK_LEN]; /* counter block */ - int rounds; } AES_GMAC_CTX; __BEGIN_DECLS diff --git a/sys/crypto/xform.c b/sys/crypto/xform.c index 0a4ddbb3ffd..0579345f4f1 100644 --- a/sys/crypto/xform.c +++ b/sys/crypto/xform.c @@ -1,4 +1,4 @@ -/* $OpenBSD: xform.c,v 1.55 2016/09/19 18:09:40 tedu Exp $ */ +/* $OpenBSD: xform.c,v 1.56 2017/05/02 11:44:32 mikeb Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr), @@ -59,7 +59,7 @@ #include #include #include -#include +#include #include #include #include @@ -71,7 +71,7 @@ int des_set_key(void *, caddr_t); int des3_setkey(void *, u_int8_t *, int); int blf_setkey(void *, u_int8_t *, int); int cast5_setkey(void *, u_int8_t *, int); -int rijndael128_setkey(void *, u_int8_t *, int); +int aes_setkey(void *, u_int8_t *, int); int aes_ctr_setkey(void *, u_int8_t *, int); int aes_xts_setkey(void *, u_int8_t *, int); int null_setkey(void *, u_int8_t *, int); @@ -79,14 +79,14 @@ int null_setkey(void *, u_int8_t *, int); void des3_encrypt(caddr_t, u_int8_t *); void blf_encrypt(caddr_t, u_int8_t *); void cast5_encrypt(caddr_t, u_int8_t *); -void rijndael128_encrypt(caddr_t, u_int8_t *); +void aes_encrypt(caddr_t, u_int8_t *); void null_encrypt(caddr_t, u_int8_t *); void aes_xts_encrypt(caddr_t, u_int8_t *); void des3_decrypt(caddr_t, u_int8_t *); void blf_decrypt(caddr_t, u_int8_t *); void cast5_decrypt(caddr_t, u_int8_t *); -void rijndael128_decrypt(caddr_t, u_int8_t *); +void aes_decrypt(caddr_t, u_int8_t *); void null_decrypt(caddr_t, u_int8_t *); void aes_xts_decrypt(caddr_t, u_int8_t *); @@ -112,9 +112,8 @@ u_int32_t lzs_dummy(u_int8_t *, u_int32_t, u_int8_t **); #define AESCTR_BLOCKSIZE 16 struct aes_ctr_ctx { - u_int32_t ac_ek[4*(AES_MAXROUNDS + 1)]; + AES_CTX ac_key; u_int8_t ac_block[AESCTR_BLOCKSIZE]; - int ac_nr; }; #define AES_XTS_BLOCKSIZE 16 @@ -122,8 +121,8 @@ struct aes_ctr_ctx { #define AES_XTS_ALPHA 0x87 /* GF(2^128) generator polynomial */ struct aes_xts_ctx { - rijndael_ctx key1; - rijndael_ctx key2; + AES_CTX key1; + AES_CTX key2; u_int8_t tweak[AES_XTS_BLOCKSIZE]; }; @@ -160,13 +159,13 @@ struct enc_xform enc_xform_cast5 = { NULL }; -struct enc_xform enc_xform_rijndael128 = { - CRYPTO_RIJNDAEL128_CBC, "Rijndael-128/AES", +struct enc_xform enc_xform_aes = { + CRYPTO_AES_CBC, "AES", 16, 16, 16, 32, - sizeof(rijndael_ctx), - rijndael128_encrypt, - rijndael128_decrypt, - rijndael128_setkey, + sizeof(AES_CTX), + aes_encrypt, + aes_decrypt, + aes_setkey, NULL }; @@ -402,21 +401,21 @@ cast5_setkey(void *sched, u_int8_t *key, int len) } void -rijndael128_encrypt(caddr_t key, u_int8_t *blk) +aes_encrypt(caddr_t key, u_int8_t *blk) { - rijndael_encrypt((rijndael_ctx *) key, (u_char *) blk, (u_char *) blk); + AES_Encrypt((AES_CTX *)key, blk, blk); } void -rijndael128_decrypt(caddr_t key, u_int8_t *blk) +aes_decrypt(caddr_t key, u_int8_t *blk) { - rijndael_decrypt((rijndael_ctx *) key, (u_char *) blk, (u_char *) blk); + AES_Decrypt((AES_CTX *)key, blk, blk); } int -rijndael128_setkey(void *sched, u_int8_t *key, int len) +aes_setkey(void *sched, u_int8_t *key, int len) { - return rijndael_set_key((rijndael_ctx *)sched, (u_char *)key, len * 8); + return AES_Setkey((AES_CTX *)sched, key, len); } void @@ -457,7 +456,7 @@ aes_ctr_crypt(caddr_t key, u_int8_t *data) i >= AESCTR_NONCESIZE + AESCTR_IVSIZE; i--) if (++ctx->ac_block[i]) /* continue on overflow */ break; - rijndaelEncrypt(ctx->ac_ek, ctx->ac_nr, ctx->ac_block, keystream); + AES_Encrypt(&ctx->ac_key, ctx->ac_block, keystream); for (i = 0; i < AESCTR_BLOCKSIZE; i++) data[i] ^= keystream[i]; explicit_bzero(keystream, sizeof(keystream)); @@ -472,9 +471,7 @@ aes_ctr_setkey(void *sched, u_int8_t *key, int len) return -1; ctx = (struct aes_ctr_ctx *)sched; - ctx->ac_nr = rijndaelKeySetupEnc(ctx->ac_ek, (u_char *)key, - (len - AESCTR_NONCESIZE) * 8); - if (ctx->ac_nr == 0) + if (AES_Setkey(&ctx->ac_key, key, len - AESCTR_NONCESIZE) != 0) return -1; bcopy(key + len - AESCTR_NONCESIZE, ctx->ac_block, AESCTR_NONCESIZE); return 0; @@ -499,7 +496,7 @@ aes_xts_reinit(caddr_t key, u_int8_t *iv) /* Last 64 bits of IV are always zero */ bzero(ctx->tweak + AES_XTS_IVSIZE, AES_XTS_IVSIZE); - rijndael_encrypt(&ctx->key2, ctx->tweak, ctx->tweak); + AES_Encrypt(&ctx->key2, ctx->tweak, ctx->tweak); } void @@ -512,9 +509,9 @@ aes_xts_crypt(struct aes_xts_ctx *ctx, u_int8_t *data, u_int do_encrypt) block[i] = data[i] ^ ctx->tweak[i]; if (do_encrypt) - rijndael_encrypt(&ctx->key1, block, data); + AES_Encrypt(&ctx->key1, block, data); else - rijndael_decrypt(&ctx->key1, block, data); + AES_Decrypt(&ctx->key1, block, data); for (i = 0; i < AES_XTS_BLOCKSIZE; i++) data[i] ^= ctx->tweak[i]; @@ -553,8 +550,8 @@ aes_xts_setkey(void *sched, u_int8_t *key, int len) ctx = (struct aes_xts_ctx *)sched; - rijndael_set_key(&ctx->key1, key, len * 4); - rijndael_set_key(&ctx->key2, key + (len / 2), len * 4); + AES_Setkey(&ctx->key1, key, len / 2); + AES_Setkey(&ctx->key2, key + (len / 2), len / 2); return 0; } diff --git a/sys/crypto/xform.h b/sys/crypto/xform.h index 33d479d06bc..7e3e5913dd4 100644 --- a/sys/crypto/xform.h +++ b/sys/crypto/xform.h @@ -1,4 +1,4 @@ -/* $OpenBSD: xform.h,v 1.28 2015/12/10 21:00:51 naddy Exp $ */ +/* $OpenBSD: xform.h,v 1.29 2017/05/02 11:44:32 mikeb Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) @@ -79,7 +79,7 @@ union authctx { extern struct enc_xform enc_xform_3des; extern struct enc_xform enc_xform_blf; extern struct enc_xform enc_xform_cast5; -extern struct enc_xform enc_xform_rijndael128; +extern struct enc_xform enc_xform_aes; extern struct enc_xform enc_xform_aes_ctr; extern struct enc_xform enc_xform_aes_gcm; extern struct enc_xform enc_xform_aes_gmac; diff --git a/sys/netinet/ip_esp.c b/sys/netinet/ip_esp.c index 4d8f385dc55..06f92524be7 100644 --- a/sys/netinet/ip_esp.c +++ b/sys/netinet/ip_esp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_esp.c,v 1.147 2017/04/06 17:36:18 dhill Exp $ */ +/* $OpenBSD: ip_esp.c,v 1.148 2017/05/02 11:44:32 mikeb Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -116,7 +116,7 @@ esp_init(struct tdb *tdbp, struct xformsw *xsp, struct ipsecinit *ii) break; case SADB_X_EALG_AES: - txform = &enc_xform_rijndael128; + txform = &enc_xform_aes; break; case SADB_X_EALG_AESCTR: -- 2.20.1