MFC r274340:

Constify the AES code and propagate to consumers.  This allows us to
update the Fortuna code to use SHAd-256 as defined in FS&K.

Approved by:    so (self)

MFC r274341:

I just realized that the previous commit message makes no sense: the
first sentence should have read "Constify the AES and SHA-256 code and
wrappers".  This allows us to feed zero_region (which is const) to the
hash function during reseeding and thereby implement the FS&K version of
SHAd-256 instead of the older F&S version.

Approved by:    so (self)

TAG:	IPSEC-HEAD
Issue:	#4841

5 files changed, 24 insertions, 23 deletions

diff --git a/sys/crypto/rijndael/rijndael-api-fst.c b/sys/crypto/rijndael/rijndael-api-fst.c
index 187177b..24e5646 100644
--- a/sys/crypto/rijndael/rijndael-api-fst.c
+++ b/sys/crypto/rijndael/rijndael-api-fst.c
@@ -34,7 +34,8 @@ __FBSDID("$FreeBSD$");
 
 typedef u_int8_t	BYTE;
 
-int rijndael_makeKey(keyInstance *key, BYTE direction, int keyLen, char *keyMaterial) {
+int rijndael_makeKey(keyInstance *key, BYTE direction, int keyLen,
+	const char *keyMaterial) {
 	u_int8_t cipherKey[RIJNDAEL_MAXKB];
 
 	if (key == NULL) {
@@ -83,7 +84,7 @@ int rijndael_cipherInit(cipherInstance *cipher, BYTE mode, char *IV) {
 }
 
 int rijndael_blockEncrypt(cipherInstance *cipher, keyInstance *key,
-		BYTE *input, int inputLen, BYTE *outBuffer) {
+		const BYTE *input, int inputLen, BYTE *outBuffer) {
 	int i, k, numBlocks;
 	u_int8_t block[16], iv[4][4];
 
@@ -198,7 +199,7 @@ int rijndael_blockEncrypt(cipherInstance *cipher, keyInstance *key,
  * @return	length in octets (not bits) of the encrypted output buffer.
  */
 int rijndael_padEncrypt(cipherInstance *cipher, keyInstance *key,
-		BYTE *input, int inputOctets, BYTE *outBuffer) {
+		const BYTE *input, int inputOctets, BYTE *outBuffer) {
 	int i, numBlocks, padLen;
 	u_int8_t block[16], *iv, *cp;
 
@@ -261,7 +262,7 @@ int rijndael_padEncrypt(cipherInstance *cipher, keyInstance *key,
 }
 
 int rijndael_blockDecrypt(cipherInstance *cipher, keyInstance *key,
-		BYTE *input, int inputLen, BYTE *outBuffer) {
+		const BYTE *input, int inputLen, BYTE *outBuffer) {
 	int i, k, numBlocks;
 	u_int8_t block[16], iv[4][4];
 
@@ -360,7 +361,7 @@ int rijndael_blockDecrypt(cipherInstance *cipher, keyInstance *key,
 }
 
 int rijndael_padDecrypt(cipherInstance *cipher, keyInstance *key,
-		BYTE *input, int inputOctets, BYTE *outBuffer) {
+		const BYTE *input, int inputOctets, BYTE *outBuffer) {
 	int i, numBlocks, padLen;
 	u_int8_t block[16];
 	u_int32_t iv[4];
diff --git a/sys/crypto/rijndael/rijndael-api-fst.h b/sys/crypto/rijndael/rijndael-api-fst.h
index 122bf52..e5f596a 100644
--- a/sys/crypto/rijndael/rijndael-api-fst.h
+++ b/sys/crypto/rijndael/rijndael-api-fst.h
@@ -56,18 +56,18 @@ typedef struct {                    /* changed order of the components */
 
 /*  Function prototypes  */
 
-int rijndael_makeKey(keyInstance *, u_int8_t, int, char *);
+int rijndael_makeKey(keyInstance *, u_int8_t, int, const char *);
 
 int rijndael_cipherInit(cipherInstance *, u_int8_t, char *);
 
-int rijndael_blockEncrypt(cipherInstance *, keyInstance *, u_int8_t *, int,
-	u_int8_t *);
-int rijndael_padEncrypt(cipherInstance *, keyInstance *, u_int8_t *, int,
-	u_int8_t *);
+int rijndael_blockEncrypt(cipherInstance *, keyInstance *, const u_int8_t *,
+	int, u_int8_t *);
+int rijndael_padEncrypt(cipherInstance *, keyInstance *, const u_int8_t *,
+	int, u_int8_t *);
 
-int rijndael_blockDecrypt(cipherInstance *, keyInstance *, u_int8_t *, int,
-	u_int8_t *);
-int rijndael_padDecrypt(cipherInstance *, keyInstance *, u_int8_t *, int,
-	u_int8_t *);
+int rijndael_blockDecrypt(cipherInstance *, keyInstance *, const u_int8_t *,
+	int, u_int8_t *);
+int rijndael_padDecrypt(cipherInstance *, keyInstance *, const u_int8_t *,
+	int, u_int8_t *);
 
 #endif /*  __RIJNDAEL_API_FST_H */
diff --git a/sys/dev/random/hash.c b/sys/dev/random/hash.c
index cf0feaa..e37f090 100644
--- a/sys/dev/random/hash.c
+++ b/sys/dev/random/hash.c
@@ -45,7 +45,7 @@ randomdev_hash_init(struct randomdev_hash *context)
 
 /* Iterate the hash */
 void
-randomdev_hash_iterate(struct randomdev_hash *context, void *data, size_t size)
+randomdev_hash_iterate(struct randomdev_hash *context, const void *data, size_t size)
 {
 	SHA256_Update(&context->sha, data, size);
 }
@@ -64,7 +64,7 @@ randomdev_hash_finish(struct randomdev_hash *context, void *buf)
  * data. Use CBC mode for better avalanche.
  */
 void
-randomdev_encrypt_init(struct randomdev_key *context, void *data)
+randomdev_encrypt_init(struct randomdev_key *context, const void *data)
 {
 	rijndael_cipherInit(&context->cipher, MODE_CBC, NULL);
 	rijndael_makeKey(&context->key, DIR_ENCRYPT, KEYSIZE*8, data);
@@ -75,7 +75,7 @@ randomdev_encrypt_init(struct randomdev_key *context, void *data)
  * a multiple of BLOCKSIZE.
  */
 void
-randomdev_encrypt(struct randomdev_key *context, void *d_in, void *d_out, unsigned length)
+randomdev_encrypt(struct randomdev_key *context, const void *d_in, void *d_out, unsigned length)
 {
 	rijndael_blockEncrypt(&context->cipher, &context->key, d_in, length*8, d_out);
 }
diff --git a/sys/dev/random/hash.h b/sys/dev/random/hash.h
index 4e6a4a0..8655d88 100644
--- a/sys/dev/random/hash.h
+++ b/sys/dev/random/hash.h
@@ -42,9 +42,9 @@ struct randomdev_key {		/* Big! Make static! */
 };
 
 void randomdev_hash_init(struct randomdev_hash *);
-void randomdev_hash_iterate(struct randomdev_hash *, void *, size_t);
+void randomdev_hash_iterate(struct randomdev_hash *, const void *, size_t);
 void randomdev_hash_finish(struct randomdev_hash *, void *);
-void randomdev_encrypt_init(struct randomdev_key *, void *);
-void randomdev_encrypt(struct randomdev_key *context, void *, void *, unsigned);
+void randomdev_encrypt_init(struct randomdev_key *, const void *);
+void randomdev_encrypt(struct randomdev_key *context, const void *, void *, unsigned);
 
 #endif
diff --git a/sys/geom/bde/g_bde.h b/sys/geom/bde/g_bde.h
index 9332c6b..2f29fe3 100644
--- a/sys/geom/bde/g_bde.h
+++ b/sys/geom/bde/g_bde.h
@@ -182,7 +182,7 @@ AES_init(cipherInstance *ci)
 }
 
 static __inline void
-AES_makekey(keyInstance *ki, int dir, u_int len, void *key)
+AES_makekey(keyInstance *ki, int dir, u_int len, const void *key)
 {
 	int error;
 
@@ -191,7 +191,7 @@ AES_makekey(keyInstance *ki, int dir, u_int len, void *key)
 }
 
 static __inline void
-AES_encrypt(cipherInstance *ci, keyInstance *ki, void *in, void *out, u_int len)
+AES_encrypt(cipherInstance *ci, keyInstance *ki, const void *in, void *out, u_int len)
 {
 	int error;
 
@@ -200,7 +200,7 @@ AES_encrypt(cipherInstance *ci, keyInstance *ki, void *in, void *out, u_int len)
 }
 
 static __inline void
-AES_decrypt(cipherInstance *ci, keyInstance *ki, void *in, void *out, u_int len)
+AES_decrypt(cipherInstance *ci, keyInstance *ki, const void *in, void *out, u_int len)
 {
 	int error;