diff options
author | Luiz Otavio O Souza <luiz@netgate.com> | 2015-09-15 12:29:33 -0500 |
---|---|---|
committer | Luiz Otavio O Souza <luiz@netgate.com> | 2015-10-20 11:32:36 -0500 |
commit | 2d697711142c82967bd7d519bf253f9462bbc573 (patch) | |
tree | 829204069a08e1d22b3ccd5704b9da7e07bb0935 /sys/opencrypto/xform.c | |
parent | 8debb5ec1f7f108a317cc2c7624198ba2eb03469 (diff) | |
download | FreeBSD-src-2d697711142c82967bd7d519bf253f9462bbc573.zip FreeBSD-src-2d697711142c82967bd7d519bf253f9462bbc573.tar.gz |
Revert AESNI patches.
Revert "Importing pfSense patch aesgcm.soft.1.patch"
This reverts commit 46e99a8858f1c843c1774e472c11d422ca2163ae.
TAG: IPSEC-HEAD
Issue: #4841
Diffstat (limited to 'sys/opencrypto/xform.c')
-rw-r--r-- | sys/opencrypto/xform.c | 267 |
1 files changed, 57 insertions, 210 deletions
diff --git a/sys/opencrypto/xform.c b/sys/opencrypto/xform.c index faa9c4a..bfb061b 100644 --- a/sys/opencrypto/xform.c +++ b/sys/opencrypto/xform.c @@ -63,7 +63,6 @@ __FBSDID("$FreeBSD$"); #include <opencrypto/deflate.h> #include <opencrypto/rmd160.h> #include <opencrypto/skipjack.h> -#include <opencrypto/gmac.h> #include <sys/md5.h> @@ -77,7 +76,6 @@ static int blf_setkey(u_int8_t **, u_int8_t *, int); static int cast5_setkey(u_int8_t **, u_int8_t *, int); static int skipjack_setkey(u_int8_t **, u_int8_t *, int); static int rijndael128_setkey(u_int8_t **, u_int8_t *, int); -static int aes_ctr_setkey(u_int8_t **, u_int8_t *, int); static int aes_xts_setkey(u_int8_t **, u_int8_t *, int); static int cml_setkey(u_int8_t **, u_int8_t *, int); @@ -101,8 +99,6 @@ static void rijndael128_decrypt(caddr_t, u_int8_t *); static void aes_xts_decrypt(caddr_t, u_int8_t *); static void cml_decrypt(caddr_t, u_int8_t *); -static void aes_ctr_crypt(caddr_t, u_int8_t *); - static void null_zerokey(u_int8_t **); static void des1_zerokey(u_int8_t **); static void des3_zerokey(u_int8_t **); @@ -110,148 +106,103 @@ static void blf_zerokey(u_int8_t **); static void cast5_zerokey(u_int8_t **); static void skipjack_zerokey(u_int8_t **); static void rijndael128_zerokey(u_int8_t **); -static void aes_ctr_zerokey(u_int8_t **); static void aes_xts_zerokey(u_int8_t **); static void cml_zerokey(u_int8_t **); -static void aes_ctr_reinit(caddr_t, u_int8_t *); static void aes_xts_reinit(caddr_t, u_int8_t *); -static void aes_gcm_reinit(caddr_t, u_int8_t *); static void null_init(void *); -static void null_reinit(void *ctx, const u_int8_t *buf, u_int16_t len); -static int null_update(void *, const u_int8_t *, u_int16_t); +static int null_update(void *, u_int8_t *, u_int16_t); static void null_final(u_int8_t *, void *); -static int MD5Update_int(void *, const u_int8_t *, u_int16_t); +static int MD5Update_int(void *, u_int8_t *, u_int16_t); static void SHA1Init_int(void *); -static int SHA1Update_int(void *, const u_int8_t *, u_int16_t); +static int SHA1Update_int(void *, u_int8_t *, u_int16_t); static void SHA1Final_int(u_int8_t *, void *); -static int RMD160Update_int(void *, const u_int8_t *, u_int16_t); -static int SHA256Update_int(void *, const u_int8_t *, u_int16_t); -static int SHA384Update_int(void *, const u_int8_t *, u_int16_t); -static int SHA512Update_int(void *, const u_int8_t *, u_int16_t); +static int RMD160Update_int(void *, u_int8_t *, u_int16_t); +static int SHA256Update_int(void *, u_int8_t *, u_int16_t); +static int SHA384Update_int(void *, u_int8_t *, u_int16_t); +static int SHA512Update_int(void *, u_int8_t *, u_int16_t); static u_int32_t deflate_compress(u_int8_t *, u_int32_t, u_int8_t **); static u_int32_t deflate_decompress(u_int8_t *, u_int32_t, u_int8_t **); -struct aes_ctr_ctx { - u_int32_t ac_ek[4*(RIJNDAEL_MAXNR + 1)]; - /* - * ac_block is initalized to: [ NONCE : IV : CNTR ] - * Where NONCE is the last four bytes of the key. - * IV is provided by user. - * CNTR is initalized to 0 for CTR and 1 for GCM. - */ - u_int8_t ac_block[AESCTR_BLOCKSIZE]; - int ac_nr; -}; - MALLOC_DEFINE(M_XDATA, "xform", "xform data buffers"); /* Encryption instances */ struct enc_xform enc_xform_null = { CRYPTO_NULL_CBC, "NULL", /* NB: blocksize of 4 is to generate a properly aligned ESP header */ - NULL_BLOCK_LEN, 0, 0, 256, /* 2048 bits, max key */ + NULL_BLOCK_LEN, 0, 256, /* 2048 bits, max key */ null_encrypt, null_decrypt, null_setkey, null_zerokey, - NULL, + NULL }; struct enc_xform enc_xform_des = { CRYPTO_DES_CBC, "DES", - DES_BLOCK_LEN, DES_BLOCK_LEN, 8, 8, + DES_BLOCK_LEN, 8, 8, des1_encrypt, des1_decrypt, des1_setkey, des1_zerokey, - NULL, + NULL }; struct enc_xform enc_xform_3des = { CRYPTO_3DES_CBC, "3DES", - DES3_BLOCK_LEN, DES3_BLOCK_LEN, 24, 24, + DES3_BLOCK_LEN, 24, 24, des3_encrypt, des3_decrypt, des3_setkey, des3_zerokey, - NULL, + NULL }; struct enc_xform enc_xform_blf = { CRYPTO_BLF_CBC, "Blowfish", - BLOWFISH_BLOCK_LEN, BLOWFISH_BLOCK_LEN, 5, 56 /* 448 bits, max key */, + BLOWFISH_BLOCK_LEN, 5, 56 /* 448 bits, max key */, blf_encrypt, blf_decrypt, blf_setkey, blf_zerokey, - NULL, + NULL }; struct enc_xform enc_xform_cast5 = { CRYPTO_CAST_CBC, "CAST-128", - CAST128_BLOCK_LEN, CAST128_BLOCK_LEN, 5, 16, + CAST128_BLOCK_LEN, 5, 16, cast5_encrypt, cast5_decrypt, cast5_setkey, cast5_zerokey, - NULL, + NULL }; struct enc_xform enc_xform_skipjack = { CRYPTO_SKIPJACK_CBC, "Skipjack", - SKIPJACK_BLOCK_LEN, SKIPJACK_BLOCK_LEN, 10, 10, + SKIPJACK_BLOCK_LEN, 10, 10, skipjack_encrypt, - skipjack_decrypt, skipjack_setkey, + skipjack_decrypt, + skipjack_setkey, skipjack_zerokey, - NULL, + NULL }; struct enc_xform enc_xform_rijndael128 = { CRYPTO_RIJNDAEL128_CBC, "Rijndael-128/AES", - RIJNDAEL128_BLOCK_LEN, 16, 8, 32, + RIJNDAEL128_BLOCK_LEN, 8, 32, rijndael128_encrypt, rijndael128_decrypt, rijndael128_setkey, rijndael128_zerokey, - NULL, -}; - -struct enc_xform enc_xform_aes_ctr = { - CRYPTO_AES_CTR, "AES-CTR", - AESCTR_BLOCKSIZE, AESCTR_IVSIZE, 8+AESCTR_NONCESIZE, 32+AESCTR_NONCESIZE, - aes_ctr_crypt, - aes_ctr_crypt, - aes_ctr_setkey, - rijndael128_zerokey, - aes_ctr_reinit, -}; - -struct enc_xform enc_xform_aes_gcm = { - CRYPTO_AES_RFC4106_GCM_16, "AES-GCM", - RIJNDAEL128_BLOCK_LEN, AESCTR_IVSIZE, 16+AESCTR_NONCESIZE, 32+AESCTR_NONCESIZE, - aes_ctr_crypt, - aes_ctr_crypt, - aes_ctr_setkey, - aes_ctr_zerokey, - aes_gcm_reinit, -}; - -struct enc_xform enc_xform_aes_gmac = { - CRYPTO_AES_GMAC, "AES-GMAC", - RIJNDAEL128_BLOCK_LEN, 8, 16+4, 32+4, - NULL, - NULL, - NULL, - NULL, - NULL, + NULL }; struct enc_xform enc_xform_aes_xts = { CRYPTO_AES_XTS, "AES-XTS", - RIJNDAEL128_BLOCK_LEN, 8, 32, 64, + RIJNDAEL128_BLOCK_LEN, 32, 64, aes_xts_encrypt, aes_xts_decrypt, aes_xts_setkey, @@ -261,115 +212,85 @@ struct enc_xform enc_xform_aes_xts = { struct enc_xform enc_xform_arc4 = { CRYPTO_ARC4, "ARC4", - 1, 1, 1, 32, - NULL, + 1, 1, 32, NULL, NULL, NULL, NULL, + NULL }; struct enc_xform enc_xform_camellia = { CRYPTO_CAMELLIA_CBC, "Camellia", - CAMELLIA_BLOCK_LEN, CAMELLIA_BLOCK_LEN, 8, 32, + CAMELLIA_BLOCK_LEN, 8, 32, cml_encrypt, cml_decrypt, cml_setkey, cml_zerokey, - NULL, + NULL }; /* Authentication instances */ -struct auth_hash auth_hash_null = { /* NB: context isn't used */ +struct auth_hash auth_hash_null = { CRYPTO_NULL_HMAC, "NULL-HMAC", - 0, NULL_HASH_LEN, 12, sizeof(int), NULL_HMAC_BLOCK_LEN, - null_init, null_reinit, null_reinit, null_update, null_final + 0, NULL_HASH_LEN, NULL_HMAC_BLOCK_LEN, sizeof(int), /* NB: context isn't used */ + null_init, null_update, null_final }; struct auth_hash auth_hash_hmac_md5 = { CRYPTO_MD5_HMAC, "HMAC-MD5", - 16, MD5_HASH_LEN, 12, sizeof(MD5_CTX), MD5_HMAC_BLOCK_LEN, - (void (*) (void *)) MD5Init, NULL, NULL, MD5Update_int, + 16, MD5_HASH_LEN, MD5_HMAC_BLOCK_LEN, sizeof(MD5_CTX), + (void (*) (void *)) MD5Init, MD5Update_int, (void (*) (u_int8_t *, void *)) MD5Final }; struct auth_hash auth_hash_hmac_sha1 = { CRYPTO_SHA1_HMAC, "HMAC-SHA1", - 20, SHA1_HASH_LEN, 12, sizeof(SHA1_CTX), SHA1_HMAC_BLOCK_LEN, - SHA1Init_int, NULL, NULL, SHA1Update_int, SHA1Final_int + 20, SHA1_HASH_LEN, SHA1_HMAC_BLOCK_LEN, sizeof(SHA1_CTX), + SHA1Init_int, SHA1Update_int, SHA1Final_int }; struct auth_hash auth_hash_hmac_ripemd_160 = { CRYPTO_RIPEMD160_HMAC, "HMAC-RIPEMD-160", - 20, RIPEMD160_HASH_LEN, 12, sizeof(RMD160_CTX), RIPEMD160_HMAC_BLOCK_LEN, - (void (*)(void *)) RMD160Init, NULL, NULL, RMD160Update_int, + 20, RIPEMD160_HASH_LEN, RIPEMD160_HMAC_BLOCK_LEN, sizeof(RMD160_CTX), + (void (*)(void *)) RMD160Init, RMD160Update_int, (void (*)(u_int8_t *, void *)) RMD160Final }; struct auth_hash auth_hash_key_md5 = { CRYPTO_MD5_KPDK, "Keyed MD5", - 0, MD5_KPDK_HASH_LEN, MD5_KPDK_HASH_LEN, sizeof(MD5_CTX), 0, - (void (*)(void *)) MD5Init, NULL, NULL, MD5Update_int, + 0, MD5_KPDK_HASH_LEN, 0, sizeof(MD5_CTX), + (void (*)(void *)) MD5Init, MD5Update_int, (void (*)(u_int8_t *, void *)) MD5Final }; struct auth_hash auth_hash_key_sha1 = { CRYPTO_SHA1_KPDK, "Keyed SHA1", - 0, SHA1_KPDK_HASH_LEN, SHA1_KPDK_HASH_LEN, sizeof(SHA1_CTX), 0, - SHA1Init_int, NULL, NULL, SHA1Update_int, SHA1Final_int + 0, SHA1_KPDK_HASH_LEN, 0, sizeof(SHA1_CTX), + SHA1Init_int, SHA1Update_int, SHA1Final_int }; struct auth_hash auth_hash_hmac_sha2_256 = { CRYPTO_SHA2_256_HMAC, "HMAC-SHA2-256", - 32, SHA2_256_HASH_LEN, 16, sizeof(SHA256_CTX), SHA2_256_HMAC_BLOCK_LEN, - (void (*)(void *)) SHA256_Init, NULL, NULL, SHA256Update_int, + 32, SHA2_256_HASH_LEN, SHA2_256_HMAC_BLOCK_LEN, sizeof(SHA256_CTX), + (void (*)(void *)) SHA256_Init, SHA256Update_int, (void (*)(u_int8_t *, void *)) SHA256_Final }; struct auth_hash auth_hash_hmac_sha2_384 = { CRYPTO_SHA2_384_HMAC, "HMAC-SHA2-384", - 48, SHA2_384_HASH_LEN, 24, sizeof(SHA384_CTX), SHA2_384_HMAC_BLOCK_LEN, - (void (*)(void *)) SHA384_Init, NULL, NULL, SHA384Update_int, + 48, SHA2_384_HASH_LEN, SHA2_384_HMAC_BLOCK_LEN, sizeof(SHA384_CTX), + (void (*)(void *)) SHA384_Init, SHA384Update_int, (void (*)(u_int8_t *, void *)) SHA384_Final }; struct auth_hash auth_hash_hmac_sha2_512 = { CRYPTO_SHA2_512_HMAC, "HMAC-SHA2-512", - 64, SHA2_512_HASH_LEN, 32, sizeof(SHA512_CTX), SHA2_512_HMAC_BLOCK_LEN, - (void (*)(void *)) SHA512_Init, NULL, NULL, SHA512Update_int, + 64, SHA2_512_HASH_LEN, SHA2_512_HMAC_BLOCK_LEN, sizeof(SHA512_CTX), + (void (*)(void *)) SHA512_Init, SHA512Update_int, (void (*)(u_int8_t *, void *)) SHA512_Final }; -struct auth_hash auth_hash_gmac_aes_128 = { - CRYPTO_AES_128_GMAC, "GMAC-AES-128", - 16+4, 16, GMAC_DIGEST_LEN, sizeof(AES_GMAC_CTX), GMAC_BLOCK_LEN, - (void (*)(void *)) AES_GMAC_Init, - (void (*)(void *, const u_int8_t *, u_int16_t)) AES_GMAC_Setkey, - (void (*)(void *, const u_int8_t *, u_int16_t)) AES_GMAC_Reinit, - (int (*)(void *, const u_int8_t *, u_int16_t)) AES_GMAC_Update, - (void (*)(u_int8_t *, void *)) AES_GMAC_Final -}; - -struct auth_hash auth_hash_gmac_aes_192 = { - CRYPTO_AES_192_GMAC, "GMAC-AES-192", - 24+4, 16, GMAC_DIGEST_LEN, sizeof(AES_GMAC_CTX), GMAC_BLOCK_LEN, - (void (*)(void *)) AES_GMAC_Init, - (void (*)(void *, const u_int8_t *, u_int16_t)) AES_GMAC_Setkey, - (void (*)(void *, const u_int8_t *, u_int16_t)) AES_GMAC_Reinit, - (int (*)(void *, const u_int8_t *, u_int16_t)) AES_GMAC_Update, - (void (*)(u_int8_t *, void *)) AES_GMAC_Final -}; - -struct auth_hash auth_hash_gmac_aes_256 = { - CRYPTO_AES_256_GMAC, "GMAC-AES-256", - 32+4, 16, GMAC_DIGEST_LEN, sizeof(AES_GMAC_CTX), GMAC_BLOCK_LEN, - (void (*)(void *)) AES_GMAC_Init, - (void (*)(void *, const u_int8_t *, u_int16_t)) AES_GMAC_Setkey, - (void (*)(void *, const u_int8_t *, u_int16_t)) AES_GMAC_Reinit, - (int (*)(void *, const u_int8_t *, u_int16_t)) AES_GMAC_Update, - (void (*)(u_int8_t *, void *)) AES_GMAC_Final -}; - /* Compression instance */ struct comp_algo comp_algo_deflate = { CRYPTO_DEFLATE_COMP, "Deflate", @@ -658,78 +579,9 @@ rijndael128_zerokey(u_int8_t **sched) *sched = NULL; } -void -aes_ctr_reinit(caddr_t key, u_int8_t *iv) -{ - struct aes_ctr_ctx *ctx; - - ctx = (struct aes_ctr_ctx *)key; - bcopy(iv, ctx->ac_block + AESCTR_NONCESIZE, AESCTR_IVSIZE); - - /* reset counter */ - bzero(ctx->ac_block + AESCTR_NONCESIZE + AESCTR_IVSIZE, 4); -} - -void -aes_gcm_reinit(caddr_t key, u_int8_t *iv) -{ - struct aes_ctr_ctx *ctx; - - aes_ctr_reinit(key, iv); - - ctx = (struct aes_ctr_ctx *)key; - ctx->ac_block[AESCTR_BLOCKSIZE - 1] = 1; /* GCM starts with 1 */ -} - -void -aes_ctr_crypt(caddr_t key, u_int8_t *data) -{ - struct aes_ctr_ctx *ctx; - u_int8_t keystream[AESCTR_BLOCKSIZE]; - int i; - - ctx = (struct aes_ctr_ctx *)key; - /* increment counter */ - for (i = AESCTR_BLOCKSIZE - 1; - i >= AESCTR_NONCESIZE + AESCTR_IVSIZE; i--) - if (++ctx->ac_block[i]) /* continue on overflow */ - break; - rijndaelEncrypt(ctx->ac_ek, ctx->ac_nr, ctx->ac_block, keystream); - for (i = 0; i < AESCTR_BLOCKSIZE; i++) - data[i] ^= keystream[i]; - bzero(keystream, sizeof(keystream)); -} - -int -aes_ctr_setkey(u_int8_t **sched, u_int8_t *key, int len) -{ - struct aes_ctr_ctx *ctx; - - if (len < AESCTR_NONCESIZE) - return EINVAL; - - *sched = malloc(sizeof(struct aes_ctr_ctx), M_CRYPTO_DATA, - M_NOWAIT | M_ZERO); - if (*sched == NULL) - return ENOMEM; - - ctx = (struct aes_ctr_ctx *)*sched; - ctx->ac_nr = rijndaelKeySetupEnc(ctx->ac_ek, (u_char *)key, - (len - AESCTR_NONCESIZE) * 8); - if (ctx->ac_nr == 0) - return EINVAL; - bcopy(key + len - AESCTR_NONCESIZE, ctx->ac_block, AESCTR_NONCESIZE); - return 0; -} - -void -aes_ctr_zerokey(u_int8_t **sched) -{ - - bzero(*sched, sizeof(struct aes_ctr_ctx)); - free(*sched, M_CRYPTO_DATA); - *sched = NULL; -} +#define AES_XTS_BLOCKSIZE 16 +#define AES_XTS_IVSIZE 8 +#define AES_XTS_ALPHA 0x87 /* GF(2^128) generator polynomial */ struct aes_xts_ctx { rijndael_ctx key1; @@ -876,13 +728,8 @@ null_init(void *ctx) { } -static void -null_reinit(void *ctx, const u_int8_t *buf, u_int16_t len) -{ -} - static int -null_update(void *ctx, const u_int8_t *buf, u_int16_t len) +null_update(void *ctx, u_int8_t *buf, u_int16_t len) { return 0; } @@ -895,14 +742,14 @@ null_final(u_int8_t *buf, void *ctx) } static int -RMD160Update_int(void *ctx, const u_int8_t *buf, u_int16_t len) +RMD160Update_int(void *ctx, u_int8_t *buf, u_int16_t len) { RMD160Update(ctx, buf, len); return 0; } static int -MD5Update_int(void *ctx, const u_int8_t *buf, u_int16_t len) +MD5Update_int(void *ctx, u_int8_t *buf, u_int16_t len) { MD5Update(ctx, buf, len); return 0; @@ -915,7 +762,7 @@ SHA1Init_int(void *ctx) } static int -SHA1Update_int(void *ctx, const u_int8_t *buf, u_int16_t len) +SHA1Update_int(void *ctx, u_int8_t *buf, u_int16_t len) { SHA1Update(ctx, buf, len); return 0; @@ -928,21 +775,21 @@ SHA1Final_int(u_int8_t *blk, void *ctx) } static int -SHA256Update_int(void *ctx, const u_int8_t *buf, u_int16_t len) +SHA256Update_int(void *ctx, u_int8_t *buf, u_int16_t len) { SHA256_Update(ctx, buf, len); return 0; } static int -SHA384Update_int(void *ctx, const u_int8_t *buf, u_int16_t len) +SHA384Update_int(void *ctx, u_int8_t *buf, u_int16_t len) { SHA384_Update(ctx, buf, len); return 0; } static int -SHA512Update_int(void *ctx, const u_int8_t *buf, u_int16_t len) +SHA512Update_int(void *ctx, u_int8_t *buf, u_int16_t len) { SHA512_Update(ctx, buf, len); return 0; |