Page MenuHomeFreeBSD
Files F107959126

D24855.diff
No OneTemporary
Actions

D24855.diff
View Options

Index: head/sys/crypto/chacha20/chacha-sw.c
===================================================================
--- head/sys/crypto/chacha20/chacha-sw.c
+++ head/sys/crypto/chacha20/chacha-sw.c
@@ -7,63 +7,42 @@
#include <opencrypto/xform_enc.h>
static int
-chacha20_xform_setkey(u_int8_t **sched, const u_int8_t *key, int len)
+chacha20_xform_setkey(void *ctx, const uint8_t *key, int len)
{
- struct chacha_ctx *ctx;
if (len != CHACHA_MINKEYLEN && len != 32)
return (EINVAL);
- ctx = malloc(sizeof(*ctx), M_CRYPTO_DATA, M_NOWAIT | M_ZERO);
- *sched = (void *)ctx;
- if (ctx == NULL)
- return (ENOMEM);
-
chacha_keysetup(ctx, key, len * 8);
return (0);
}
static void
-chacha20_xform_reinit(caddr_t key, const u_int8_t *iv)
+chacha20_xform_reinit(void *ctx, const u_int8_t *iv)
{
- struct chacha_ctx *ctx;
- ctx = (void *)key;
chacha_ivsetup(ctx, iv + 8, iv);
}
static void
-chacha20_xform_zerokey(u_int8_t **sched)
+chacha20_xform_crypt(void *ctx, const uint8_t *in, uint8_t *out)
{
- struct chacha_ctx *ctx;
- ctx = (void *)*sched;
- explicit_bzero(ctx, sizeof(*ctx));
- free(ctx, M_CRYPTO_DATA);
- *sched = NULL;
+ chacha_encrypt_bytes(ctx, in, out, 1);
}
static void
-chacha20_xform_crypt(caddr_t cctx, u_int8_t *bytes)
+chacha20_xform_crypt_multi(void *ctx, const uint8_t *in, uint8_t *out,
+ size_t len)
{
- struct chacha_ctx *ctx;
- ctx = (void *)cctx;
- chacha_encrypt_bytes(ctx, bytes, bytes, 1);
+ chacha_encrypt_bytes(ctx, in, out, len);
}
-static void
-chacha20_xform_crypt_multi(void *vctx, uint8_t *bytes, size_t len)
-{
- struct chacha_ctx *ctx;
-
- ctx = vctx;
- chacha_encrypt_bytes(ctx, bytes, bytes, len);
-}
-
struct enc_xform enc_xform_chacha20 = {
.type = CRYPTO_CHACHA20,
.name = "chacha20",
+ .ctxsize = sizeof(struct chacha_ctx),
.blocksize = 1,
.ivsize = CHACHA_NONCELEN + CHACHA_CTRLEN,
.minkey = CHACHA_MINKEYLEN,
@@ -71,7 +50,6 @@
.encrypt = chacha20_xform_crypt,
.decrypt = chacha20_xform_crypt,
.setkey = chacha20_xform_setkey,
- .zerokey = chacha20_xform_zerokey,
.reinit = chacha20_xform_reinit,
.encrypt_multi = chacha20_xform_crypt_multi,
.decrypt_multi = chacha20_xform_crypt_multi,
Index: head/sys/dev/cxgbe/crypto/t4_crypto.c
===================================================================
--- head/sys/dev/cxgbe/crypto/t4_crypto.c
+++ head/sys/dev/cxgbe/crypto/t4_crypto.c
@@ -1354,8 +1354,7 @@
{
struct auth_hash *axf;
struct enc_xform *exf;
- void *auth_ctx;
- uint8_t *kschedule;
+ void *auth_ctx, *kschedule;
char block[GMAC_BLOCK_LEN];
char digest[GMAC_DIGEST_LEN];
char iv[AES_BLOCK_LEN];
@@ -1389,7 +1388,12 @@
/* Initialize the cipher. */
exf = &enc_xform_aes_nist_gcm;
- error = exf->setkey(&kschedule, s->blkcipher.enckey,
+ kschedule = malloc(exf->ctxsize, M_CCR, M_NOWAIT);
+ if (kschedule == NULL) {
+ error = ENOMEM;
+ goto out;
+ }
+ error = exf->setkey(kschedule, s->blkcipher.enckey,
s->blkcipher.key_len);
if (error)
goto out;
@@ -1423,7 +1427,7 @@
crypto_copydata(crp, crp->crp_payload_start + i, len, block);
bzero(block + len, sizeof(block) - len);
if (CRYPTO_OP_IS_ENCRYPT(crp->crp_op)) {
- exf->encrypt(kschedule, block);
+ exf->encrypt(kschedule, block, block);
axf->Update(auth_ctx, block, len);
crypto_copyback(crp, crp->crp_payload_start + i, len,
block);
@@ -1462,7 +1466,7 @@
crypto_copydata(crp, crp->crp_payload_start + i,
len, block);
bzero(block + len, sizeof(block) - len);
- exf->decrypt(kschedule, block);
+ exf->decrypt(kschedule, block, block);
crypto_copyback(crp, crp->crp_payload_start + i,
len, block);
}
@@ -1470,12 +1474,9 @@
error = EBADMSG;
}
- exf->zerokey(&kschedule);
out:
- if (auth_ctx != NULL) {
- memset(auth_ctx, 0, axf->ctxsize);
- free(auth_ctx, M_CCR);
- }
+ zfree(kschedule, M_CCR);
+ zfree(auth_ctx, M_CCR);
crp->crp_etype = error;
crypto_done(crp);
}
@@ -1810,7 +1811,7 @@
struct auth_hash *axf;
struct enc_xform *exf;
union authctx *auth_ctx;
- uint8_t *kschedule;
+ void *kschedule;
char block[CCM_CBC_BLOCK_LEN];
char digest[AES_CBC_MAC_HASH_LEN];
char iv[AES_CCM_IV_LEN];
@@ -1844,7 +1845,12 @@
/* Initialize the cipher. */
exf = &enc_xform_ccm;
- error = exf->setkey(&kschedule, s->blkcipher.enckey,
+ kschedule = malloc(exf->ctxsize, M_CCR, M_NOWAIT);
+ if (kschedule == NULL) {
+ error = ENOMEM;
+ goto out;
+ }
+ error = exf->setkey(kschedule, s->blkcipher.enckey,
s->blkcipher.key_len);
if (error)
goto out;
@@ -1876,11 +1882,11 @@
bzero(block + len, sizeof(block) - len);
if (CRYPTO_OP_IS_ENCRYPT(crp->crp_op)) {
axf->Update(auth_ctx, block, len);
- exf->encrypt(kschedule, block);
+ exf->encrypt(kschedule, block, block);
crypto_copyback(crp, crp->crp_payload_start + i, len,
block);
} else {
- exf->decrypt(kschedule, block);
+ exf->decrypt(kschedule, block, block);
axf->Update(auth_ctx, block, len);
}
}
@@ -1910,7 +1916,7 @@
crypto_copydata(crp, crp->crp_payload_start + i,
len, block);
bzero(block + len, sizeof(block) - len);
- exf->decrypt(kschedule, block);
+ exf->decrypt(kschedule, block, block);
crypto_copyback(crp, crp->crp_payload_start + i,
len, block);
}
@@ -1918,12 +1924,9 @@
error = EBADMSG;
}
- exf->zerokey(&kschedule);
out:
- if (auth_ctx != NULL) {
- memset(auth_ctx, 0, axf->ctxsize);
- free(auth_ctx, M_CCR);
- }
+ zfree(kschedule, M_CCR);
+ zfree(auth_ctx, M_CCR);
crp->crp_etype = error;
crypto_done(crp);
}
Index: head/sys/opencrypto/cryptosoft.c
===================================================================
--- head/sys/opencrypto/cryptosoft.c
+++ head/sys/opencrypto/cryptosoft.c
@@ -65,7 +65,7 @@
};
struct swcr_encdec {
- uint8_t *sw_kschedule;
+ void *sw_kschedule;
struct enc_xform *sw_exf;
};
@@ -131,11 +131,8 @@
crypto_read_iv(crp, iv);
if (crp->crp_cipher_key != NULL) {
- if (sw->sw_kschedule)
- exf->zerokey(&(sw->sw_kschedule));
-
csp = crypto_get_params(crp->crp_session);
- error = exf->setkey(&sw->sw_kschedule,
+ error = exf->setkey(sw->sw_kschedule,
crp->crp_cipher_key, csp->csp_cipher_klen);
if (error)
return (error);
@@ -197,10 +194,10 @@
/* Actual encryption/decryption */
if (exf->reinit) {
if (encrypting) {
- exf->encrypt(sw->sw_kschedule,
+ exf->encrypt(sw->sw_kschedule, blk,
blk);
} else {
- exf->decrypt(sw->sw_kschedule,
+ exf->decrypt(sw->sw_kschedule, blk,
blk);
}
} else if (encrypting) {
@@ -208,7 +205,7 @@
for (j = 0; j < blks; j++)
blk[j] ^= ivp[j];
- exf->encrypt(sw->sw_kschedule, blk);
+ exf->encrypt(sw->sw_kschedule, blk, blk);
/*
* Keep encrypted block for XOR'ing
@@ -224,7 +221,7 @@
nivp = (ivp == iv) ? iv2 : iv;
bcopy(blk, nivp, blks);
- exf->decrypt(sw->sw_kschedule, blk);
+ exf->decrypt(sw->sw_kschedule, blk, blk);
/* XOR with previous block */
for (j = 0; j < blks; j++)
@@ -264,25 +261,25 @@
if (exf->reinit) {
if (encrypting && exf->encrypt_multi == NULL)
exf->encrypt(sw->sw_kschedule,
- idat);
+ idat, idat);
else if (encrypting) {
nb = rounddown(rem, blks);
exf->encrypt_multi(sw->sw_kschedule,
- idat, nb);
+ idat, idat, nb);
} else if (exf->decrypt_multi == NULL)
exf->decrypt(sw->sw_kschedule,
- idat);
+ idat, idat);
else {
nb = rounddown(rem, blks);
exf->decrypt_multi(sw->sw_kschedule,
- idat, nb);
+ idat, idat, nb);
}
} else if (encrypting) {
/* XOR with previous block/IV */
for (j = 0; j < blks; j++)
idat[j] ^= ivp[j];
- exf->encrypt(sw->sw_kschedule, idat);
+ exf->encrypt(sw->sw_kschedule, idat, idat);
ivp = idat;
} else { /* decrypt */
/*
@@ -292,7 +289,7 @@
nivp = (ivp == iv) ? iv2 : iv;
bcopy(idat, nivp, blks);
- exf->decrypt(sw->sw_kschedule, idat);
+ exf->decrypt(sw->sw_kschedule, idat, idat);
/* XOR with previous block/IV */
for (j = 0; j < blks; j++)
@@ -543,7 +540,7 @@
bzero(blk, blksz);
crypto_copydata(crp, crp->crp_payload_start + i, len, blk);
if (CRYPTO_OP_IS_ENCRYPT(crp->crp_op)) {
- exf->encrypt(swe->sw_kschedule, blk);
+ exf->encrypt(swe->sw_kschedule, blk, blk);
axf->Update(&ctx, blk, len);
crypto_copyback(crp, crp->crp_payload_start + i, len,
blk);
@@ -579,7 +576,7 @@
bzero(blk, blksz);
crypto_copydata(crp, crp->crp_payload_start + i, len,
blk);
- exf->decrypt(swe->sw_kschedule, blk);
+ exf->decrypt(swe->sw_kschedule, blk, blk);
crypto_copyback(crp, crp->crp_payload_start + i, len,
blk);
}
@@ -704,7 +701,7 @@
crypto_copydata(crp, crp->crp_payload_start + i, len, blk);
if (CRYPTO_OP_IS_ENCRYPT(crp->crp_op)) {
axf->Update(&ctx, blk, len);
- exf->encrypt(swe->sw_kschedule, blk);
+ exf->encrypt(swe->sw_kschedule, blk, blk);
crypto_copyback(crp, crp->crp_payload_start + i, len,
blk);
} else {
@@ -716,7 +713,7 @@
* the tag and a second time after the tag is
* verified.
*/
- exf->decrypt(swe->sw_kschedule, blk);
+ exf->decrypt(swe->sw_kschedule, blk, blk);
axf->Update(&ctx, blk, len);
}
}
@@ -741,7 +738,7 @@
bzero(blk, blksz);
crypto_copydata(crp, crp->crp_payload_start + i, len,
blk);
- exf->decrypt(swe->sw_kschedule, blk);
+ exf->decrypt(swe->sw_kschedule, blk, blk);
crypto_copyback(crp, crp->crp_payload_start + i, len,
blk);
}
@@ -854,7 +851,7 @@
}
static int
-swcr_setup_encdec(struct swcr_session *ses,
+swcr_setup_cipher(struct swcr_session *ses,
const struct crypto_session_params *csp)
{
struct swcr_encdec *swe;
@@ -864,8 +861,14 @@
swe = &ses->swcr_encdec;
txf = crypto_cipher(csp);
MPASS(txf->ivsize == csp->csp_ivlen);
+ if (txf->ctxsize != 0) {
+ swe->sw_kschedule = malloc(txf->ctxsize, M_CRYPTO_DATA,
+ M_NOWAIT);
+ if (swe->sw_kschedule == NULL)
+ return (ENOMEM);
+ }
if (csp->csp_cipher_key != NULL) {
- error = txf->setkey(&swe->sw_kschedule,
+ error = txf->setkey(swe->sw_kschedule,
csp->csp_cipher_key, csp->csp_cipher_klen);
if (error)
return (error);
@@ -962,11 +965,8 @@
swcr_setup_gcm(struct swcr_session *ses,
const struct crypto_session_params *csp)
{
- struct swcr_encdec *swe;
struct swcr_auth *swa;
- struct enc_xform *txf;
struct auth_hash *axf;
- int error;
if (csp->csp_ivlen != AES_GCM_IV_LEN)
return (EINVAL);
@@ -1002,28 +1002,15 @@
csp->csp_cipher_klen);
/* Second, setup the cipher side. */
- swe = &ses->swcr_encdec;
- txf = &enc_xform_aes_nist_gcm;
- if (csp->csp_cipher_key != NULL) {
- error = txf->setkey(&swe->sw_kschedule,
- csp->csp_cipher_key, csp->csp_cipher_klen);
- if (error)
- return (error);
- }
- swe->sw_exf = txf;
-
- return (0);
+ return (swcr_setup_cipher(ses, csp));
}
static int
swcr_setup_ccm(struct swcr_session *ses,
const struct crypto_session_params *csp)
{
- struct swcr_encdec *swe;
struct swcr_auth *swa;
- struct enc_xform *txf;
struct auth_hash *axf;
- int error;
if (csp->csp_ivlen != AES_CCM_IV_LEN)
return (EINVAL);
@@ -1059,17 +1046,7 @@
csp->csp_cipher_klen);
/* Second, setup the cipher side. */
- swe = &ses->swcr_encdec;
- txf = &enc_xform_ccm;
- if (csp->csp_cipher_key != NULL) {
- error = txf->setkey(&swe->sw_kschedule,
- csp->csp_cipher_key, csp->csp_cipher_klen);
- if (error)
- return (error);
- }
- swe->sw_exf = txf;
-
- return (0);
+ return (swcr_setup_cipher(ses, csp));
}
static bool
@@ -1246,7 +1223,7 @@
panic("bad cipher algo");
#endif
default:
- error = swcr_setup_encdec(ses, csp);
+ error = swcr_setup_cipher(ses, csp);
if (error == 0)
ses->swcr_process = swcr_encdec;
}
@@ -1295,7 +1272,7 @@
break;
}
- error = swcr_setup_encdec(ses, csp);
+ error = swcr_setup_cipher(ses, csp);
if (error == 0)
ses->swcr_process = swcr_eta;
break;
@@ -1313,18 +1290,13 @@
{
struct swcr_session *ses;
struct swcr_auth *swa;
- struct enc_xform *txf;
struct auth_hash *axf;
ses = crypto_get_driver_session(cses);
mtx_destroy(&ses->swcr_lock);
- txf = ses->swcr_encdec.sw_exf;
- if (txf != NULL) {
- if (ses->swcr_encdec.sw_kschedule != NULL)
- txf->zerokey(&(ses->swcr_encdec.sw_kschedule));
- }
+ zfree(ses->swcr_encdec.sw_kschedule, M_CRYPTO_DATA);
axf = ses->swcr_auth.sw_axf;
if (axf != NULL) {
Index: head/sys/opencrypto/xform_aes_icm.c
===================================================================
--- head/sys/opencrypto/xform_aes_icm.c
+++ head/sys/opencrypto/xform_aes_icm.c
@@ -52,43 +52,50 @@
#include <opencrypto/xform_enc.h>
-static int aes_icm_setkey(u_int8_t **, const u_int8_t *, int);
-static void aes_icm_crypt(caddr_t, u_int8_t *);
-static void aes_icm_zerokey(u_int8_t **);
-static void aes_icm_reinit(caddr_t, const u_int8_t *);
-static void aes_gcm_reinit(caddr_t, const u_int8_t *);
-static void aes_ccm_reinit(caddr_t, const u_int8_t *);
+static int aes_icm_setkey(void *, const uint8_t *, int);
+static void aes_icm_crypt(void *, const uint8_t *, uint8_t *);
+static void aes_icm_reinit(void *, const uint8_t *);
+static void aes_gcm_reinit(void *, const uint8_t *);
+static void aes_ccm_reinit(void *, const uint8_t *);
/* Encryption instances */
struct enc_xform enc_xform_aes_icm = {
- CRYPTO_AES_ICM, "AES-ICM",
- AES_BLOCK_LEN, AES_BLOCK_LEN, AES_MIN_KEY, AES_MAX_KEY,
- aes_icm_crypt,
- aes_icm_crypt,
- aes_icm_setkey,
- aes_icm_zerokey,
- aes_icm_reinit,
+ .type = CRYPTO_AES_ICM,
+ .name = "AES-ICM",
+ .ctxsize = sizeof(struct aes_icm_ctx),
+ .blocksize = AES_BLOCK_LEN,
+ .ivsize = AES_BLOCK_LEN,
+ .minkey = AES_MIN_KEY,
+ .maxkey = AES_MAX_KEY,
+ .encrypt = aes_icm_crypt,
+ .decrypt = aes_icm_crypt,
+ .setkey = aes_icm_setkey,
+ .reinit = aes_icm_reinit,
};
struct enc_xform enc_xform_aes_nist_gcm = {
- CRYPTO_AES_NIST_GCM_16, "AES-GCM",
- AES_ICM_BLOCK_LEN, AES_GCM_IV_LEN, AES_MIN_KEY, AES_MAX_KEY,
- aes_icm_crypt,
- aes_icm_crypt,
- aes_icm_setkey,
- aes_icm_zerokey,
- aes_gcm_reinit,
+ .type = CRYPTO_AES_NIST_GCM_16,
+ .name = "AES-GCM",
+ .ctxsize = sizeof(struct aes_icm_ctx),
+ .blocksize = AES_ICM_BLOCK_LEN,
+ .ivsize = AES_GCM_IV_LEN,
+ .minkey = AES_MIN_KEY,
+ .maxkey = AES_MAX_KEY,
+ .encrypt = aes_icm_crypt,
+ .decrypt = aes_icm_crypt,
+ .setkey = aes_icm_setkey,
+ .reinit = aes_gcm_reinit,
};
struct enc_xform enc_xform_ccm = {
.type = CRYPTO_AES_CCM_16,
.name = "AES-CCM",
+ .ctxsize = sizeof(struct aes_icm_ctx),
.blocksize = AES_ICM_BLOCK_LEN, .ivsize = AES_CCM_IV_LEN,
.minkey = AES_MIN_KEY, .maxkey = AES_MAX_KEY,
.encrypt = aes_icm_crypt,
.decrypt = aes_icm_crypt,
.setkey = aes_icm_setkey,
- .zerokey = aes_icm_zerokey,
.reinit = aes_ccm_reinit,
};
@@ -96,33 +103,33 @@
* Encryption wrapper routines.
*/
static void
-aes_icm_reinit(caddr_t key, const u_int8_t *iv)
+aes_icm_reinit(void *key, const uint8_t *iv)
{
struct aes_icm_ctx *ctx;
- ctx = (struct aes_icm_ctx *)key;
+ ctx = key;
bcopy(iv, ctx->ac_block, AESICM_BLOCKSIZE);
}
static void
-aes_gcm_reinit(caddr_t key, const u_int8_t *iv)
+aes_gcm_reinit(void *key, const uint8_t *iv)
{
struct aes_icm_ctx *ctx;
aes_icm_reinit(key, iv);
- ctx = (struct aes_icm_ctx *)key;
+ ctx = key;
/* GCM starts with 2 as counter 1 is used for final xor of tag. */
bzero(&ctx->ac_block[AESICM_BLOCKSIZE - 4], 4);
ctx->ac_block[AESICM_BLOCKSIZE - 1] = 2;
}
static void
-aes_ccm_reinit(caddr_t key, const u_int8_t *iv)
+aes_ccm_reinit(void *key, const uint8_t *iv)
{
struct aes_icm_ctx *ctx;
- ctx = (struct aes_icm_ctx*)key;
+ ctx = key;
/* CCM has flags, then the IV, then the counter, which starts at 1 */
bzero(ctx->ac_block, sizeof(ctx->ac_block));
@@ -133,16 +140,16 @@
}
static void
-aes_icm_crypt(caddr_t key, u_int8_t *data)
+aes_icm_crypt(void *key, const uint8_t *in, uint8_t *out)
{
struct aes_icm_ctx *ctx;
- u_int8_t keystream[AESICM_BLOCKSIZE];
+ uint8_t keystream[AESICM_BLOCKSIZE];
int i;
- ctx = (struct aes_icm_ctx *)key;
+ ctx = key;
rijndaelEncrypt(ctx->ac_ek, ctx->ac_nr, ctx->ac_block, keystream);
for (i = 0; i < AESICM_BLOCKSIZE; i++)
- data[i] ^= keystream[i];
+ out[i] = in[i] ^ keystream[i];
explicit_bzero(keystream, sizeof(keystream));
/* increment counter */
@@ -153,28 +160,14 @@
}
static int
-aes_icm_setkey(u_int8_t **sched, const u_int8_t *key, int len)
+aes_icm_setkey(void *sched, const uint8_t *key, int len)
{
struct aes_icm_ctx *ctx;
if (len != 16 && len != 24 && len != 32)
- return EINVAL;
+ return (EINVAL);
- *sched = KMALLOC(sizeof(struct aes_icm_ctx), M_CRYPTO_DATA,
- M_NOWAIT | M_ZERO);
- if (*sched == NULL)
- return ENOMEM;
-
- ctx = (struct aes_icm_ctx *)*sched;
+ ctx = sched;
ctx->ac_nr = rijndaelKeySetupEnc(ctx->ac_ek, key, len * 8);
- return 0;
-}
-
-static void
-aes_icm_zerokey(u_int8_t **sched)
-{
-
- bzero(*sched, sizeof(struct aes_icm_ctx));
- KFREE(*sched, M_CRYPTO_DATA);
- *sched = NULL;
+ return (0);
}
Index: head/sys/opencrypto/xform_aes_xts.c
===================================================================
--- head/sys/opencrypto/xform_aes_xts.c
+++ head/sys/opencrypto/xform_aes_xts.c
@@ -52,31 +52,34 @@
#include <opencrypto/xform_enc.h>
-static int aes_xts_setkey(u_int8_t **, const u_int8_t *, int);
-static void aes_xts_encrypt(caddr_t, u_int8_t *);
-static void aes_xts_decrypt(caddr_t, u_int8_t *);
-static void aes_xts_zerokey(u_int8_t **);
-static void aes_xts_reinit(caddr_t, const u_int8_t *);
+static int aes_xts_setkey(void *, const uint8_t *, int);
+static void aes_xts_encrypt(void *, const uint8_t *, uint8_t *);
+static void aes_xts_decrypt(void *, const uint8_t *, uint8_t *);
+static void aes_xts_reinit(void *, const uint8_t *);
/* Encryption instances */
struct enc_xform enc_xform_aes_xts = {
- CRYPTO_AES_XTS, "AES-XTS",
- AES_BLOCK_LEN, AES_XTS_IV_LEN, AES_XTS_MIN_KEY, AES_XTS_MAX_KEY,
- aes_xts_encrypt,
- aes_xts_decrypt,
- aes_xts_setkey,
- aes_xts_zerokey,
- aes_xts_reinit
+ .type = CRYPTO_AES_XTS,
+ .name = "AES-XTS",
+ .ctxsize = sizeof(struct aes_xts_ctx),
+ .blocksize = AES_BLOCK_LEN,
+ .ivsize = AES_XTS_IV_LEN,
+ .minkey = AES_XTS_MIN_KEY,
+ .maxkey = AES_XTS_MAX_KEY,
+ .encrypt = aes_xts_encrypt,
+ .decrypt = aes_xts_decrypt,
+ .setkey = aes_xts_setkey,
+ .reinit = aes_xts_reinit
};
/*
* Encryption wrapper routines.
*/
static void
-aes_xts_reinit(caddr_t key, const u_int8_t *iv)
+aes_xts_reinit(void *key, const uint8_t *iv)
{
- struct aes_xts_ctx *ctx = (struct aes_xts_ctx *)key;
- u_int64_t blocknum;
+ struct aes_xts_ctx *ctx = key;
+ uint64_t blocknum;
u_int i;
/*
@@ -95,21 +98,22 @@
}
static void
-aes_xts_crypt(struct aes_xts_ctx *ctx, u_int8_t *data, u_int do_encrypt)
+aes_xts_crypt(struct aes_xts_ctx *ctx, const uint8_t *in, uint8_t *out,
+ u_int do_encrypt)
{
- u_int8_t block[AES_XTS_BLOCKSIZE];
+ uint8_t block[AES_XTS_BLOCKSIZE];
u_int i, carry_in, carry_out;
for (i = 0; i < AES_XTS_BLOCKSIZE; i++)
- block[i] = data[i] ^ ctx->tweak[i];
+ block[i] = in[i] ^ ctx->tweak[i];
if (do_encrypt)
- rijndael_encrypt(&ctx->key1, block, data);
+ rijndael_encrypt(&ctx->key1, block, out);
else
- rijndael_decrypt(&ctx->key1, block, data);
+ rijndael_decrypt(&ctx->key1, block, out);
for (i = 0; i < AES_XTS_BLOCKSIZE; i++)
- data[i] ^= ctx->tweak[i];
+ out[i] ^= ctx->tweak[i];
/* Exponentiate tweak */
carry_in = 0;
@@ -120,45 +124,33 @@
}
if (carry_in)
ctx->tweak[0] ^= AES_XTS_ALPHA;
- bzero(block, sizeof(block));
+ explicit_bzero(block, sizeof(block));
}
static void
-aes_xts_encrypt(caddr_t key, u_int8_t *data)
+aes_xts_encrypt(void *key, const uint8_t *in, uint8_t *out)
{
- aes_xts_crypt((struct aes_xts_ctx *)key, data, 1);
+ aes_xts_crypt(key, in, out, 1);
}
static void
-aes_xts_decrypt(caddr_t key, u_int8_t *data)
+aes_xts_decrypt(void *key, const uint8_t *in, uint8_t *out)
{
- aes_xts_crypt((struct aes_xts_ctx *)key, data, 0);
+ aes_xts_crypt(key, in, out, 0);
}
static int
-aes_xts_setkey(u_int8_t **sched, const u_int8_t *key, int len)
+aes_xts_setkey(void *sched, const uint8_t *key, int len)
{
struct aes_xts_ctx *ctx;
if (len != 32 && len != 64)
- return EINVAL;
+ return (EINVAL);
- *sched = KMALLOC(sizeof(struct aes_xts_ctx), M_CRYPTO_DATA,
- M_NOWAIT | M_ZERO);
- if (*sched == NULL)
- return ENOMEM;
- ctx = (struct aes_xts_ctx *)*sched;
+ ctx = sched;
rijndael_set_key(&ctx->key1, key, len * 4);
rijndael_set_key(&ctx->key2, key + (len / 2), len * 4);
- return 0;
-}
-
-static void
-aes_xts_zerokey(u_int8_t **sched)
-{
- bzero(*sched, sizeof(struct aes_xts_ctx));
- KFREE(*sched, M_CRYPTO_DATA);
- *sched = NULL;
+ return (0);
}
Index: head/sys/opencrypto/xform_auth.h
===================================================================
--- head/sys/opencrypto/xform_auth.h
+++ head/sys/opencrypto/xform_auth.h
@@ -44,7 +44,6 @@
#include <opencrypto/cbc_mac.h>
#include <opencrypto/cryptodev.h>
-#include <opencrypto/xform_userland.h>
/* XXX use a define common with other hash stuff ! */
#define AH_ALEN_MAX 64 /* max authenticator hash length */
Index: head/sys/opencrypto/xform_cml.c
===================================================================
--- head/sys/opencrypto/xform_cml.c
+++ head/sys/opencrypto/xform_cml.c
@@ -53,61 +53,46 @@
#include <crypto/camellia/camellia.h>
#include <opencrypto/xform_enc.h>
-static int cml_setkey(u_int8_t **, const u_int8_t *, int);
-static void cml_encrypt(caddr_t, u_int8_t *);
-static void cml_decrypt(caddr_t, u_int8_t *);
-static void cml_zerokey(u_int8_t **);
+static int cml_setkey(void *, const uint8_t *, int);
+static void cml_encrypt(void *, const uint8_t *, uint8_t *);
+static void cml_decrypt(void *, const uint8_t *, uint8_t *);
/* Encryption instances */
struct enc_xform enc_xform_camellia = {
- CRYPTO_CAMELLIA_CBC, "Camellia",
- CAMELLIA_BLOCK_LEN, CAMELLIA_BLOCK_LEN, CAMELLIA_MIN_KEY,
- CAMELLIA_MAX_KEY,
- cml_encrypt,
- cml_decrypt,
- cml_setkey,
- cml_zerokey,
- NULL,
+ .type = CRYPTO_CAMELLIA_CBC,
+ .name = "Camellia-CBC",
+ .ctxsize = sizeof(camellia_ctx),
+ .blocksize = CAMELLIA_BLOCK_LEN,
+ .ivsize = CAMELLIA_BLOCK_LEN,
+ .minkey = CAMELLIA_MIN_KEY,
+ .maxkey = CAMELLIA_MAX_KEY,
+ .encrypt = cml_encrypt,
+ .decrypt = cml_decrypt,
+ .setkey = cml_setkey,
};
/*
* Encryption wrapper routines.
*/
static void
-cml_encrypt(caddr_t key, u_int8_t *blk)
+cml_encrypt(void *ctx, const uint8_t *in, uint8_t *out)
{
- camellia_encrypt((camellia_ctx *) key, (u_char *) blk, (u_char *) blk);
+ camellia_encrypt(ctx, in, out);
}
static void
-cml_decrypt(caddr_t key, u_int8_t *blk)
+cml_decrypt(void *ctx, const uint8_t *in, uint8_t *out)
{
- camellia_decrypt(((camellia_ctx *) key), (u_char *) blk,
- (u_char *) blk);
+ camellia_decrypt(ctx, in, out);
}
static int
-cml_setkey(u_int8_t **sched, const u_int8_t *key, int len)
+cml_setkey(void *ctx, const uint8_t *key, int len)
{
- int err;
if (len != 16 && len != 24 && len != 32)
return (EINVAL);
- *sched = KMALLOC(sizeof(camellia_ctx), M_CRYPTO_DATA,
- M_NOWAIT|M_ZERO);
- if (*sched != NULL) {
- camellia_set_key((camellia_ctx *) *sched, key,
- len * 8);
- err = 0;
- } else
- err = ENOMEM;
- return err;
-}
-static void
-cml_zerokey(u_int8_t **sched)
-{
- bzero(*sched, sizeof(camellia_ctx));
- KFREE(*sched, M_CRYPTO_DATA);
- *sched = NULL;
+ camellia_set_key(ctx, key, len * 8);
+ return (0);
}
Index: head/sys/opencrypto/xform_comp.h
===================================================================
--- head/sys/opencrypto/xform_comp.h
+++ head/sys/opencrypto/xform_comp.h
@@ -36,7 +36,6 @@
#include <opencrypto/deflate.h>
#include <opencrypto/cryptodev.h>
-#include <opencrypto/xform_userland.h>
/* Declarations */
struct comp_algo {
Index: head/sys/opencrypto/xform_enc.h
===================================================================
--- head/sys/opencrypto/xform_enc.h
+++ head/sys/opencrypto/xform_enc.h
@@ -36,7 +36,6 @@
#include <crypto/rijndael/rijndael.h>
#include <crypto/camellia/camellia.h>
#include <opencrypto/cryptodev.h>
-#include <opencrypto/xform_userland.h>
#define AESICM_BLOCKSIZE AES_BLOCK_LEN
#define AES_XTS_BLOCKSIZE 16
@@ -47,22 +46,22 @@
struct enc_xform {
int type;
char *name;
+ size_t ctxsize;
u_int16_t blocksize; /* Required input block size -- 1 for stream ciphers. */
u_int16_t ivsize;
u_int16_t minkey, maxkey;
- void (*encrypt) (caddr_t, u_int8_t *);
- void (*decrypt) (caddr_t, u_int8_t *);
- int (*setkey) (u_int8_t **, const u_int8_t *, int len);
- void (*zerokey) (u_int8_t **);
- void (*reinit) (caddr_t, const u_int8_t *);
+ void (*encrypt) (void *, const uint8_t *, uint8_t *);
+ void (*decrypt) (void *, const uint8_t *, uint8_t *);
+ int (*setkey) (void *, const uint8_t *, int len);
+ void (*reinit) (void *, const u_int8_t *);
/*
* Encrypt/decrypt 1+ blocks of input -- total size is 'len' bytes.
* Len is guaranteed to be a multiple of the defined 'blocksize'.
* Optional interface -- most useful for stream ciphers with a small
* blocksize (1).
*/
- void (*encrypt_multi) (void *, uint8_t *, size_t len);
- void (*decrypt_multi) (void *, uint8_t *, size_t len);
+ void (*encrypt_multi) (void *, const uint8_t *, uint8_t *, size_t len);
+ void (*decrypt_multi) (void *, const uint8_t *, uint8_t *, size_t len);
};
Index: head/sys/opencrypto/xform_gmac.c
===================================================================
--- head/sys/opencrypto/xform_gmac.c
+++ head/sys/opencrypto/xform_gmac.c
@@ -55,13 +55,12 @@
/* Encryption instances */
struct enc_xform enc_xform_aes_nist_gmac = {
- CRYPTO_AES_NIST_GMAC, "AES-GMAC",
- AES_ICM_BLOCK_LEN, AES_GCM_IV_LEN, AES_MIN_KEY, AES_MAX_KEY,
- NULL,
- NULL,
- NULL,
- NULL,
- NULL,
+ .type = CRYPTO_AES_NIST_GMAC,
+ .name = "AES-GMAC",
+ .blocksize = AES_ICM_BLOCK_LEN,
+ .ivsize = AES_GCM_IV_LEN,
+ .minkey = AES_MIN_KEY,
+ .maxkey = AES_MAX_KEY,
};
/* Authentication instances */
Index: head/sys/opencrypto/xform_null.c
===================================================================
--- head/sys/opencrypto/xform_null.c
+++ head/sys/opencrypto/xform_null.c
@@ -53,10 +53,8 @@
#include <opencrypto/xform_auth.h>
#include <opencrypto/xform_enc.h>
-static int null_setkey(u_int8_t **, const u_int8_t *, int);
-static void null_encrypt(caddr_t, u_int8_t *);
-static void null_decrypt(caddr_t, u_int8_t *);
-static void null_zerokey(u_int8_t **);
+static int null_setkey(void *, const u_int8_t *, int);
+static void null_crypt(void *, const uint8_t *, uint8_t *);
static void null_init(void *);
static void null_reinit(void *ctx, const u_int8_t *buf, u_int16_t len);
@@ -65,14 +63,16 @@
/* Encryption instances */
struct enc_xform enc_xform_null = {
- CRYPTO_NULL_CBC, "NULL",
+ .type = CRYPTO_NULL_CBC,
+ .name = "NULL",
/* NB: blocksize of 4 is to generate a properly aligned ESP header */
- NULL_BLOCK_LEN, 0, NULL_MIN_KEY, NULL_MAX_KEY,
- null_encrypt,
- null_decrypt,
- null_setkey,
- null_zerokey,
- NULL,
+ .blocksize = NULL_BLOCK_LEN,
+ .ivsize = 0,
+ .minkey = NULL_MIN_KEY,
+ .maxkey = NULL_MAX_KEY,
+ .encrypt = null_crypt,
+ .decrypt = null_crypt,
+ .setkey = null_setkey,
};
/* Authentication instances */
@@ -94,26 +94,14 @@
* Encryption wrapper routines.
*/
static void
-null_encrypt(caddr_t key, u_int8_t *blk)
+null_crypt(void *key, const uint8_t *in, uint8_t *out)
{
}
-static void
-null_decrypt(caddr_t key, u_int8_t *blk)
-{
-}
-
static int
-null_setkey(u_int8_t **sched, const u_int8_t *key, int len)
+null_setkey(void *sched, const uint8_t *key, int len)
{
- *sched = NULL;
- return 0;
-}
-
-static void
-null_zerokey(u_int8_t **sched)
-{
- *sched = NULL;
+ return (0);
}
/*
Index: head/sys/opencrypto/xform_rijndael.c
===================================================================
--- head/sys/opencrypto/xform_rijndael.c
+++ head/sys/opencrypto/xform_rijndael.c
@@ -53,61 +53,46 @@
#include <crypto/rijndael/rijndael.h>
#include <opencrypto/xform_enc.h>
-static int rijndael128_setkey(u_int8_t **, const u_int8_t *, int);
-static void rijndael128_encrypt(caddr_t, u_int8_t *);
-static void rijndael128_decrypt(caddr_t, u_int8_t *);
-static void rijndael128_zerokey(u_int8_t **);
+static int rijndael128_setkey(void *, const u_int8_t *, int);
+static void rijndael128_encrypt(void *, const uint8_t *, uint8_t *);
+static void rijndael128_decrypt(void *, const uint8_t *, uint8_t *);
/* Encryption instances */
struct enc_xform enc_xform_rijndael128 = {
- CRYPTO_RIJNDAEL128_CBC, "Rijndael-128/AES",
- RIJNDAEL128_BLOCK_LEN, RIJNDAEL128_BLOCK_LEN, RIJNDAEL_MIN_KEY,
- RIJNDAEL_MAX_KEY,
- rijndael128_encrypt,
- rijndael128_decrypt,
- rijndael128_setkey,
- rijndael128_zerokey,
- NULL,
+ .type = CRYPTO_RIJNDAEL128_CBC,
+ .name = "Rijndael-128/AES",
+ .ctxsize = sizeof(rijndael_ctx),
+ .blocksize = RIJNDAEL128_BLOCK_LEN,
+ .ivsize = RIJNDAEL128_BLOCK_LEN,
+ .minkey = RIJNDAEL_MIN_KEY,
+ .maxkey = RIJNDAEL_MAX_KEY,
+ .encrypt = rijndael128_encrypt,
+ .decrypt = rijndael128_decrypt,
+ .setkey = rijndael128_setkey,
};
/*
* Encryption wrapper routines.
*/
static void
-rijndael128_encrypt(caddr_t key, u_int8_t *blk)
+rijndael128_encrypt(void *key, const uint8_t *in, uint8_t *out)
{
- rijndael_encrypt((rijndael_ctx *) key, (u_char *) blk, (u_char *) blk);
+ rijndael_encrypt(key, in, out);
}
static void
-rijndael128_decrypt(caddr_t key, u_int8_t *blk)
+rijndael128_decrypt(void *key, const uint8_t *in, uint8_t *out)
{
- rijndael_decrypt(((rijndael_ctx *) key), (u_char *) blk,
- (u_char *) blk);
+ rijndael_decrypt(key, in, out);
}
static int
-rijndael128_setkey(u_int8_t **sched, const u_int8_t *key, int len)
+rijndael128_setkey(void *sched, const uint8_t *key, int len)
{
- int err;
if (len != 16 && len != 24 && len != 32)
return (EINVAL);
- *sched = KMALLOC(sizeof(rijndael_ctx), M_CRYPTO_DATA,
- M_NOWAIT|M_ZERO);
- if (*sched != NULL) {
- rijndael_set_key((rijndael_ctx *) *sched, key,
- len * 8);
- err = 0;
- } else
- err = ENOMEM;
- return err;
-}
-static void
-rijndael128_zerokey(u_int8_t **sched)
-{
- bzero(*sched, sizeof(rijndael_ctx));
- KFREE(*sched, M_CRYPTO_DATA);
- *sched = NULL;
+ rijndael_set_key(sched, key, len * 8);
+ return (0);
}
Index: head/sys/opencrypto/xform_userland.h
===================================================================
--- head/sys/opencrypto/xform_userland.h
+++ head/sys/opencrypto/xform_userland.h
@@ -1,48 +0,0 @@
-/*-
- * Copyright (c) 2015 Allan Jude <allanjude@FreeBSD.org>
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * $FreeBSD$
- */
-
-#ifndef _CRYPTO_XFORM_USERLAND_H_
-#define _CRYPTO_XFORM_USERLAND_H_
-
-#ifdef _KERNEL
-#include <sys/systm.h>
-#define KMALLOC(size, type, flags) malloc(size, type, flags)
-#define KFREE(ptr, type) free(ptr, type)
-#else /* not _KERNEL */
-#ifdef _STANDALONE
-#include <stand.h>
-#else /* !_STAND */
-#include <stdlib.h>
-#include <string.h>
-#endif /* _STAND */
-#define KMALLOC(size, type, flags) malloc(size)
-#define KFREE(ptr, type) free(ptr)
-#endif /* _KERNEL */
-
-
-#endif /* _CRYPTO_XFORM_USERLAND_H_ */

File Metadata

Mime Type
text/plain
Expires
Mon, Jan 20, 11:14 PM (17 h, 46 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
15988227
Default Alt Text
D24855.diff (31 KB)

Event Timeline