diff options
author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2001-06-16 22:17:51 +0000 |
---|---|---|
committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2001-06-16 22:17:51 +0000 |
commit | fc1797c26959affbceb1bbecbad12b89f452a884 (patch) | |
tree | 291e7cbeb9eb76c82659bfef3b68dd79c600b254 | |
parent | 27a945e715dc382fe6bf5356c21023a3c3693a3b (diff) |
KNF
-rw-r--r-- | sys/crypto/crypto.c | 610 | ||||
-rw-r--r-- | sys/crypto/crypto.h | 233 | ||||
-rw-r--r-- | sys/crypto/cryptosoft.c | 1234 | ||||
-rw-r--r-- | sys/crypto/cryptosoft.h | 67 | ||||
-rw-r--r-- | sys/crypto/xform.c | 279 | ||||
-rw-r--r-- | sys/crypto/xform.h | 49 |
6 files changed, 1174 insertions, 1298 deletions
diff --git a/sys/crypto/crypto.c b/sys/crypto/crypto.c index 6957f799d19..203dc6688f0 100644 --- a/sys/crypto/crypto.c +++ b/sys/crypto/crypto.c @@ -1,4 +1,4 @@ -/* $OpenBSD: crypto.c,v 1.18 2001/06/06 18:58:52 angelos Exp $ */ +/* $OpenBSD: crypto.c,v 1.19 2001/06/16 22:17:49 deraadt Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) @@ -44,74 +44,71 @@ struct cryptop **crp_req_queue_tail = NULL; int crypto_newsession(u_int64_t *sid, struct cryptoini *cri, int hard) { - struct cryptoini *cr; - u_int32_t hid, lid; - int err, s; + struct cryptoini *cr; + u_int32_t hid, lid; + int err, s; - if (crypto_drivers == NULL) - return EINVAL; + if (crypto_drivers == NULL) + return EINVAL; - s = splimp(); + s = splimp(); - /* - * The algorithm we use here is pretty stupid; just use the - * first driver that supports all the algorithms we need. - * - * XXX We need more smarts here (in real life too, but that's - * XXX another story altogether). - */ + /* + * The algorithm we use here is pretty stupid; just use the + * first driver that supports all the algorithms we need. + * + * XXX We need more smarts here (in real life too, but that's + * XXX another story altogether). + */ + + for (hid = 0; hid < crypto_drivers_num; hid++) { + /* + * If it's not initialized or has remaining sessions referencing + * it, skip. + */ + if (crypto_drivers[hid].cc_newsession == NULL || + (crypto_drivers[hid].cc_flags & CRYPTOCAP_F_CLEANUP)) + continue; + + /* hardware requested -- ignore software drivers */ + if (hard && + (crypto_drivers[hid].cc_flags & CRYPTOCAP_F_SOFTWARE)) + continue; + + /* See if all the algorithms are supported */ + for (cr = cri; cr; cr = cr->cri_next) + if (crypto_drivers[hid].cc_alg[cr->cri_alg] == 0) + break; + + /* Ok, all algorithms are supported */ + if (cr == NULL) + break; + } - for (hid = 0; hid < crypto_drivers_num; hid++) - { /* - * If it's not initialized or has remaining sessions referencing - * it, skip. - */ - if ((crypto_drivers[hid].cc_newsession == NULL) || - (crypto_drivers[hid].cc_flags & CRYPTOCAP_F_CLEANUP)) - continue; - - /* hardware requested -- ignore software drivers */ - if (hard && - (crypto_drivers[hid].cc_flags & CRYPTOCAP_F_SOFTWARE)) - continue; - - /* See if all the algorithms are supported */ - for (cr = cri; cr; cr = cr->cri_next) - if (crypto_drivers[hid].cc_alg[cr->cri_alg] == 0) - break; - - /* Ok, all algorithms are supported */ - if (cr == NULL) - break; - } - - /* - * Can't do everything in one session. - * - * XXX Fix this. We need to inject a "virtual" session layer right - * XXX about here. - */ - - if (hid == crypto_drivers_num) - { + * Can't do everything in one session. + * + * XXX Fix this. We need to inject a "virtual" session layer right + * XXX about here. + */ + + if (hid == crypto_drivers_num) { + splx(s); + return EINVAL; + } + + /* Call the driver initialization routine */ + lid = hid; /* Pass the driver ID */ + err = crypto_drivers[hid].cc_newsession(&lid, cri); + if (err == 0) { + (*sid) = hid; + (*sid) <<= 32; + (*sid) |= (lid & 0xffffffff); + crypto_drivers[hid].cc_sessions++; + } + splx(s); - return EINVAL; - } - - /* Call the driver initialization routine */ - lid = hid; /* Pass the driver ID */ - err = crypto_drivers[hid].cc_newsession(&lid, cri); - if (err == 0) - { - (*sid) = hid; - (*sid) <<= 32; - (*sid) |= (lid & 0xffffffff); - crypto_drivers[hid].cc_sessions++; - } - - splx(s); - return err; + return err; } /* @@ -121,37 +118,37 @@ crypto_newsession(u_int64_t *sid, struct cryptoini *cri, int hard) int crypto_freesession(u_int64_t sid) { - int err = 0, s; - u_int32_t hid; + int err = 0, s; + u_int32_t hid; - if (crypto_drivers == NULL) - return EINVAL; + if (crypto_drivers == NULL) + return EINVAL; - /* Determine two IDs */ - hid = (sid >> 32) & 0xffffffff; + /* Determine two IDs */ + hid = (sid >> 32) & 0xffffffff; - if (hid >= crypto_drivers_num) - return ENOENT; + if (hid >= crypto_drivers_num) + return ENOENT; - s = splimp(); + s = splimp(); - if (crypto_drivers[hid].cc_sessions) - crypto_drivers[hid].cc_sessions--; + if (crypto_drivers[hid].cc_sessions) + crypto_drivers[hid].cc_sessions--; - /* Call the driver cleanup routine, if available */ - if (crypto_drivers[hid].cc_freesession) - err = crypto_drivers[hid].cc_freesession(sid); + /* Call the driver cleanup routine, if available */ + if (crypto_drivers[hid].cc_freesession) + err = crypto_drivers[hid].cc_freesession(sid); - /* - * If this was the last session of a driver marked as invalid, make - * the entry available for reuse. - */ - if ((crypto_drivers[hid].cc_flags & CRYPTOCAP_F_CLEANUP) && - (crypto_drivers[hid].cc_sessions == 0)) - bzero(&crypto_drivers[hid], sizeof(struct cryptocap)); + /* + * If this was the last session of a driver marked as invalid, + * make the entry available for reuse. + */ + if ((crypto_drivers[hid].cc_flags & CRYPTOCAP_F_CLEANUP) && + crypto_drivers[hid].cc_sessions == 0) + bzero(&crypto_drivers[hid], sizeof(struct cryptocap)); - splx(s); - return err; + splx(s); + return err; } /* @@ -160,69 +157,65 @@ crypto_freesession(u_int64_t sid) int32_t crypto_get_driverid(void) { - struct cryptocap *newdrv; - int i, s = splimp(); - - if (crypto_drivers_num == 0) - { - crypto_drivers_num = CRYPTO_DRIVERS_INITIAL; - crypto_drivers = malloc(crypto_drivers_num * sizeof(struct cryptocap), - M_CRYPTO_DATA, M_NOWAIT); - if (crypto_drivers == NULL) - { - splx(s); - crypto_drivers_num = 0; - return -1; + struct cryptocap *newdrv; + int i, s = splimp(); + + if (crypto_drivers_num == 0) { + crypto_drivers_num = CRYPTO_DRIVERS_INITIAL; + crypto_drivers = malloc(crypto_drivers_num * + sizeof(struct cryptocap), M_CRYPTO_DATA, M_NOWAIT); + if (crypto_drivers == NULL) { + splx(s); + crypto_drivers_num = 0; + return -1; + } + + bzero(crypto_drivers, crypto_drivers_num * + sizeof(struct cryptocap)); } - bzero(crypto_drivers, crypto_drivers_num * sizeof(struct cryptocap)); - } - - for (i = 0; i < crypto_drivers_num; i++) - if ((crypto_drivers[i].cc_process == NULL) && - !(crypto_drivers[i].cc_flags & CRYPTOCAP_F_CLEANUP) && - (crypto_drivers[i].cc_sessions == 0)) - { - crypto_drivers[i].cc_sessions = 1; /* Mark */ - splx(s); - return i; - } - - /* Out of entries, allocate some more */ - if (i == crypto_drivers_num) - { - /* Be careful about wrap-around */ - if (2 * crypto_drivers_num <= crypto_drivers_num) - { - splx(s); - return -1; + for (i = 0; i < crypto_drivers_num; i++) { + if (crypto_drivers[i].cc_process == NULL && + !(crypto_drivers[i].cc_flags & CRYPTOCAP_F_CLEANUP) && + crypto_drivers[i].cc_sessions == 0) { + crypto_drivers[i].cc_sessions = 1; /* Mark */ + splx(s); + return i; + } } - newdrv = malloc(2 * crypto_drivers_num * sizeof(struct cryptocap), - M_CRYPTO_DATA, M_NOWAIT); - if (newdrv == NULL) - { - splx(s); - return -1; + /* Out of entries, allocate some more */ + if (i == crypto_drivers_num) { + /* Be careful about wrap-around */ + if (2 * crypto_drivers_num <= crypto_drivers_num) { + splx(s); + return -1; + } + + newdrv = malloc(2 * crypto_drivers_num * sizeof(struct cryptocap), + M_CRYPTO_DATA, M_NOWAIT); + if (newdrv == NULL) { + splx(s); + return -1; + } + + bcopy(crypto_drivers, newdrv, + crypto_drivers_num * sizeof(struct cryptocap)); + bzero(&newdrv[crypto_drivers_num], + crypto_drivers_num * sizeof(struct cryptocap)); + + newdrv[i].cc_sessions = 1; /* Mark */ + crypto_drivers_num *= 2; + + free(crypto_drivers, M_CRYPTO_DATA); + crypto_drivers = newdrv; + splx(s); + return i; } - bcopy(crypto_drivers, newdrv, - crypto_drivers_num * sizeof(struct cryptocap)); - bzero(&newdrv[crypto_drivers_num], - crypto_drivers_num * sizeof(struct cryptocap)); - - newdrv[i].cc_sessions = 1; /* Mark */ - crypto_drivers_num *= 2; - - free(crypto_drivers, M_CRYPTO_DATA); - crypto_drivers = newdrv; + /* Shouldn't really get here... */ splx(s); - return i; - } - - /* Shouldn't really get here... */ - splx(s); - return -1; + return -1; } /* @@ -234,32 +227,31 @@ crypto_register(u_int32_t driverid, int alg, int (*newses)(u_int32_t *, struct cryptoini *), int (*freeses)(u_int64_t), int (*process)(struct cryptop *)) { - int s; - - if ((driverid >= crypto_drivers_num) || (alg <= 0) || - (alg > CRYPTO_ALGORITHM_MAX) || (crypto_drivers == NULL)) - return EINVAL; + int s; - s = splimp(); + if (driverid >= crypto_drivers_num || alg <= 0 || + alg > CRYPTO_ALGORITHM_MAX || crypto_drivers == NULL) + return EINVAL; - /* - * XXX Do some performance testing to determine placing. - * XXX We probably need an auxiliary data structure that describes - * XXX relative performances. - */ + s = splimp(); - crypto_drivers[driverid].cc_alg[alg] = 1; - - if (crypto_drivers[driverid].cc_process == NULL) - { - crypto_drivers[driverid].cc_newsession = newses; - crypto_drivers[driverid].cc_process = process; - crypto_drivers[driverid].cc_freesession = freeses; - crypto_drivers[driverid].cc_sessions = 0; /* Unmark */ - } + /* + * XXX Do some performance testing to determine placing. + * XXX We probably need an auxiliary data structure that describes + * XXX relative performances. + */ + + crypto_drivers[driverid].cc_alg[alg] = 1; + + if (crypto_drivers[driverid].cc_process == NULL) { + crypto_drivers[driverid].cc_newsession = newses; + crypto_drivers[driverid].cc_process = process; + crypto_drivers[driverid].cc_freesession = freeses; + crypto_drivers[driverid].cc_sessions = 0; /* Unmark */ + } - splx(s); - return 0; + splx(s); + return 0; } /* @@ -271,40 +263,35 @@ crypto_register(u_int32_t driverid, int alg, int crypto_unregister(u_int32_t driverid, int alg) { - int i, s = splimp(); - u_int32_t ses; - - /* Sanity checks */ - if ((driverid >= crypto_drivers_num) || (alg <= 0) || - (alg > CRYPTO_ALGORITHM_MAX) || (crypto_drivers == NULL) || - (crypto_drivers[driverid].cc_alg[alg] == 0)) - { - splx(s); - return EINVAL; - } - - crypto_drivers[driverid].cc_alg[alg] = 0; - - /* Was this the last algorithm ? */ - for (i = 1; i <= CRYPTO_ALGORITHM_MAX; i++) - if (crypto_drivers[driverid].cc_alg[i] != 0) - break; - - if (i == CRYPTO_ALGORITHM_MAX + 1) - { - ses = crypto_drivers[driverid].cc_sessions; - bzero(&crypto_drivers[driverid], sizeof(struct cryptocap)); - - if (ses != 0) - { - /* If there are pending sessions, just mark as invalid */ - crypto_drivers[driverid].cc_flags |= CRYPTOCAP_F_CLEANUP; - crypto_drivers[driverid].cc_sessions = ses; + int i, s = splimp(); + u_int32_t ses; + + /* Sanity checks */ + if (driverid >= crypto_drivers_num || alg <= 0 || + alg > CRYPTO_ALGORITHM_MAX || crypto_drivers == NULL || + crypto_drivers[driverid].cc_alg[alg] == 0) { + splx(s); + return EINVAL; } - } - splx(s); - return 0; + crypto_drivers[driverid].cc_alg[alg] = 0; + + /* Was this the last algorithm ? */ + for (i = 1; i <= CRYPTO_ALGORITHM_MAX; i++) + if (crypto_drivers[driverid].cc_alg[i] != 0) + break; + + if (i == CRYPTO_ALGORITHM_MAX + 1) { + ses = crypto_drivers[driverid].cc_sessions; + bzero(&crypto_drivers[driverid], sizeof(struct cryptocap)); + if (ses != 0) { + /* If there are pending sessions, just mark as invalid */ + crypto_drivers[driverid].cc_flags |= CRYPTOCAP_F_CLEANUP; + crypto_drivers[driverid].cc_sessions = ses; + } + } + splx(s); + return 0; } /* @@ -313,22 +300,19 @@ crypto_unregister(u_int32_t driverid, int alg) int crypto_dispatch(struct cryptop *crp) { - int s = splimp(); - - if (crp_req_queue == NULL) { - crp_req_queue = crp; - crp_req_queue_tail = &(crp->crp_next); - splx(s); - - wakeup((caddr_t) &crp_req_queue); - } - else - { - *crp_req_queue_tail = crp; - crp_req_queue_tail = &(crp->crp_next); - splx(s); - } - return 0; + int s = splimp(); + + if (crp_req_queue == NULL) { + crp_req_queue = crp; + crp_req_queue_tail = &(crp->crp_next); + splx(s); + wakeup((caddr_t) &crp_req_queue); + } else { + *crp_req_queue_tail = crp; + crp_req_queue_tail = &(crp->crp_next); + splx(s); + } + return 0; } /* @@ -337,56 +321,52 @@ crypto_dispatch(struct cryptop *crp) int crypto_invoke(struct cryptop *crp) { - struct cryptodesc *crd; - u_int64_t nid; - u_int32_t hid; - - /* Sanity checks */ - if ((crp == NULL) || (crp->crp_callback == NULL)) - return EINVAL; - - if ((crp->crp_desc == NULL) || (crypto_drivers == NULL)) - { - crp->crp_etype = EINVAL; - crypto_done(crp); - return 0; - } + struct cryptodesc *crd; + u_int64_t nid; + u_int32_t hid; + + /* Sanity checks */ + if (crp == NULL || crp->crp_callback == NULL) + return EINVAL; + + if (crp->crp_desc == NULL || crypto_drivers == NULL) { + crp->crp_etype = EINVAL; + crypto_done(crp); + return 0; + } - hid = (crp->crp_sid >> 32) & 0xffffffff; + hid = (crp->crp_sid >> 32) & 0xffffffff; + if (hid >= crypto_drivers_num) { + /* Migrate session */ + for (crd = crp->crp_desc; crd->crd_next; crd = crd->crd_next) + crd->CRD_INI.cri_next = &(crd->crd_next->CRD_INI); - if (hid >= crypto_drivers_num) - { - /* Migrate session */ - for (crd = crp->crp_desc; crd->crd_next; crd = crd->crd_next) - crd->CRD_INI.cri_next = &(crd->crd_next->CRD_INI); + if (crypto_newsession(&nid, &(crp->crp_desc->CRD_INI), 0) == 0) + crp->crp_sid = nid; - if (crypto_newsession(&nid, &(crp->crp_desc->CRD_INI), 0) == 0) - crp->crp_sid = nid; + crp->crp_etype = EAGAIN; + crypto_done(crp); + return 0; + } - crp->crp_etype = EAGAIN; - crypto_done(crp); - return 0; - } + if (crypto_drivers[hid].cc_flags & CRYPTOCAP_F_CLEANUP) + crypto_freesession(crp->crp_sid); - if (crypto_drivers[hid].cc_flags & CRYPTOCAP_F_CLEANUP) - crypto_freesession(crp->crp_sid); + if (crypto_drivers[hid].cc_process == NULL) { + /* Migrate session */ + for (crd = crp->crp_desc; crd->crd_next; crd = crd->crd_next) + crd->CRD_INI.cri_next = &(crd->crd_next->CRD_INI); - if (crypto_drivers[hid].cc_process == NULL) - { - /* Migrate session */ - for (crd = crp->crp_desc; crd->crd_next; crd = crd->crd_next) - crd->CRD_INI.cri_next = &(crd->crd_next->CRD_INI); + if (crypto_newsession(&nid, &(crp->crp_desc->CRD_INI), 0) == 0) + crp->crp_sid = nid; - if (crypto_newsession(&nid, &(crp->crp_desc->CRD_INI), 0) == 0) - crp->crp_sid = nid; + crp->crp_etype = EAGAIN; + crypto_done(crp); + return 0; + } - crp->crp_etype = EAGAIN; - crypto_done(crp); + crypto_drivers[hid].cc_process(crp); return 0; - } - - crypto_drivers[hid].cc_process(crp); - return 0; } /* @@ -395,22 +375,21 @@ crypto_invoke(struct cryptop *crp) void crypto_freereq(struct cryptop *crp) { - struct cryptodesc *crd; - int s; + struct cryptodesc *crd; + int s; - if (crp == NULL) - return; + if (crp == NULL) + return; - s = splimp(); + s = splimp(); - while ((crd = crp->crp_desc) != NULL) - { - crp->crp_desc = crd->crd_next; - pool_put(&cryptodesc_pool, crd); - } + while ((crd = crp->crp_desc) != NULL) { + crp->crp_desc = crd->crd_next; + pool_put(&cryptodesc_pool, crd); + } - pool_put(&cryptop_pool, crp); - splx(s); + pool_put(&cryptop_pool, crp); + splx(s); } /* @@ -419,46 +398,40 @@ crypto_freereq(struct cryptop *crp) struct cryptop * crypto_getreq(int num) { - struct cryptodesc *crd; - struct cryptop *crp; - int s = splimp(); - - if (crypto_pool_initialized == 0) - { - pool_init(&cryptop_pool, sizeof(struct cryptop), 0, 0, PR_FREEHEADER, - "cryptop", 0, NULL, NULL, M_CRYPTO_OPS); - - pool_init(&cryptodesc_pool, sizeof(struct cryptodesc), 0, 0, - PR_FREEHEADER, "cryptodesc", 0, NULL, NULL, M_CRYPTO_OPS); - crypto_pool_initialized = 1; - } - - crp = pool_get(&cryptop_pool, 0); - if (crp == NULL) - { - splx(s); - return NULL; - } - - bzero(crp, sizeof(struct cryptop)); - - while (num--) - { - crd = pool_get(&cryptodesc_pool, 0); - if (crd == NULL) - { - splx(s); - crypto_freereq(crp); - return NULL; + struct cryptodesc *crd; + struct cryptop *crp; + int s = splimp(); + + if (crypto_pool_initialized == 0) { + pool_init(&cryptop_pool, sizeof(struct cryptop), 0, 0, + PR_FREEHEADER, "cryptop", 0, NULL, NULL, M_CRYPTO_OPS); + pool_init(&cryptodesc_pool, sizeof(struct cryptodesc), 0, 0, + PR_FREEHEADER, "cryptodesc", 0, NULL, NULL, M_CRYPTO_OPS); + crypto_pool_initialized = 1; } - bzero(crd, sizeof(struct cryptodesc)); - crd->crd_next = crp->crp_desc; - crp->crp_desc = crd; - } + crp = pool_get(&cryptop_pool, 0); + if (crp == NULL) { + splx(s); + return NULL; + } + bzero(crp, sizeof(struct cryptop)); + + while (num--) { + crd = pool_get(&cryptodesc_pool, 0); + if (crd == NULL) { + splx(s); + crypto_freereq(crp); + return NULL; + } + + bzero(crd, sizeof(struct cryptodesc)); + crd->crd_next = crp->crp_desc; + crp->crp_desc = crd; + } - splx(s); - return crp; + splx(s); + return crp; } /* @@ -467,25 +440,22 @@ crypto_getreq(int num) void crypto_thread(void) { - struct cryptop *crp; - int s; - - s = splimp(); - - for (;;) - { - crp = crp_req_queue; - if (crp == NULL) /* No work to do */ - { - (void) tsleep(&crp_req_queue, PLOCK, "crypto_wait", 0); - continue; - } + struct cryptop *crp; + int s; - /* Remove from the queue */ - crp_req_queue = crp->crp_next; + s = splimp(); - crypto_invoke(crp); - } + for (;;) { + crp = crp_req_queue; + if (crp == NULL) { + (void) tsleep(&crp_req_queue, PLOCK, "crypto_wait", 0); + continue; + } + + /* Remove from the queue */ + crp_req_queue = crp->crp_next; + crypto_invoke(crp); + } } /* @@ -494,5 +464,5 @@ crypto_thread(void) void crypto_done(struct cryptop *crp) { - crp->crp_callback(crp); + crp->crp_callback(crp); } diff --git a/sys/crypto/crypto.h b/sys/crypto/crypto.h index f6151234416..46eb89a47f7 100644 --- a/sys/crypto/crypto.h +++ b/sys/crypto/crypto.h @@ -1,4 +1,4 @@ -/* $OpenBSD: crypto.h,v 1.19 2001/06/06 18:58:53 angelos Exp $ */ +/* $OpenBSD: crypto.h,v 1.20 2001/06/16 22:17:49 deraadt Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) @@ -25,155 +25,138 @@ #define _CRYPTO_CRYPTO_H_ /* Some initial values */ -#define CRYPTO_DRIVERS_INITIAL 4 -#define CRYPTO_SW_SESSIONS 32 +#define CRYPTO_DRIVERS_INITIAL 4 +#define CRYPTO_SW_SESSIONS 32 /* HMAC values */ #define HMAC_BLOCK_LEN 64 -#define HMAC_IPAD_VAL 0x36 -#define HMAC_OPAD_VAL 0x5C +#define HMAC_IPAD_VAL 0x36 +#define HMAC_OPAD_VAL 0x5C /* Encryption algorithm block sizes */ -#define DES_BLOCK_LEN 8 -#define DES3_BLOCK_LEN 8 -#define BLOWFISH_BLOCK_LEN 8 -#define SKIPJACK_BLOCK_LEN 8 -#define CAST128_BLOCK_LEN 8 -#define RIJNDAEL128_BLOCK_LEN 16 -#define EALG_MAX_BLOCK_LEN 16 /* Keep this updated */ +#define DES_BLOCK_LEN 8 +#define DES3_BLOCK_LEN 8 +#define BLOWFISH_BLOCK_LEN 8 +#define SKIPJACK_BLOCK_LEN 8 +#define CAST128_BLOCK_LEN 8 +#define RIJNDAEL128_BLOCK_LEN 16 +#define EALG_MAX_BLOCK_LEN 16 /* Keep this updated */ /* Maximum hash algorithm result length */ -#define AALG_MAX_RESULT_LEN 20 /* Keep this updated */ - -#define CRYPTO_DES_CBC 1 -#define CRYPTO_3DES_CBC 2 -#define CRYPTO_BLF_CBC 3 -#define CRYPTO_CAST_CBC 4 -#define CRYPTO_SKIPJACK_CBC 5 -#define CRYPTO_MD5_HMAC 6 -#define CRYPTO_SHA1_HMAC 7 -#define CRYPTO_RIPEMD160_HMAC 8 -#define CRYPTO_MD5_KPDK 9 -#define CRYPTO_SHA1_KPDK 10 -#define CRYPTO_RIJNDAEL128_CBC 11 /* 128 bit blocksize */ -#define CRYPTO_AES_CBC 11 /* 128 bit blocksize -- the same as above */ - -#define CRYPTO_ALGORITHM_MAX 11 /* Keep this updated */ +#define AALG_MAX_RESULT_LEN 20 /* Keep this updated */ + +#define CRYPTO_DES_CBC 1 +#define CRYPTO_3DES_CBC 2 +#define CRYPTO_BLF_CBC 3 +#define CRYPTO_CAST_CBC 4 +#define CRYPTO_SKIPJACK_CBC 5 +#define CRYPTO_MD5_HMAC 6 +#define CRYPTO_SHA1_HMAC 7 +#define CRYPTO_RIPEMD160_HMAC 8 +#define CRYPTO_MD5_KPDK 9 +#define CRYPTO_SHA1_KPDK 10 +#define CRYPTO_RIJNDAEL128_CBC 11 /* 128 bit blocksize */ +#define CRYPTO_AES_CBC 11 /* 128 bit blocksize -- the same as above */ + +#define CRYPTO_ALGORITHM_MAX 11 /* Keep this updated */ /* Standard initialization structure beginning */ -struct cryptoini -{ - int cri_alg; /* Algorithm to use */ - int cri_klen; /* Key length, in bits */ - int cri_rnd; /* Algorithm rounds, where relevant */ - caddr_t cri_key; /* key to use */ - u_int8_t cri_iv[EALG_MAX_BLOCK_LEN]; /* IV to use */ - struct cryptoini *cri_next; +struct cryptoini { + int cri_alg; /* Algorithm to use */ + int cri_klen; /* Key length, in bits */ + int cri_rnd; /* Algorithm rounds, where relevant */ + caddr_t cri_key; /* key to use */ + u_int8_t cri_iv[EALG_MAX_BLOCK_LEN]; /* IV to use */ + struct cryptoini *cri_next; }; /* Describe boundaries of a single crypto operation */ -struct cryptodesc -{ - int crd_skip; /* How many bytes to ignore from start */ - int crd_len; /* How many bytes to process */ - int crd_inject; /* Where to inject results, if applicable */ - int crd_flags; - -#define CRD_F_ENCRYPT 0x1 /* Set when doing encryption */ -#define CRD_F_IV_PRESENT 0x2 /* When encrypting, IV is already in - place, so don't copy. */ -#define CRD_F_IV_EXPLICIT 0x4 /* IV explicitly provided */ - - struct cryptoini CRD_INI; /* Initialization/context data */ -#define crd_iv CRD_INI.cri_iv -#define crd_key CRD_INI.cri_key -#define crd_rnd CRD_INI.cri_rnd -#define crd_alg CRD_INI.cri_alg -#define crd_klen CRD_INI.cri_klen - - struct cryptodesc *crd_next; +struct cryptodesc { + int crd_skip; /* How many bytes to ignore from start */ + int crd_len; /* How many bytes to process */ + int crd_inject; /* Where to inject results, if applicable */ + int crd_flags; + +#define CRD_F_ENCRYPT 0x1 /* Set when doing encryption */ +#define CRD_F_IV_PRESENT 0x2 /* When encrypting, IV is already in + place, so don't copy. */ +#define CRD_F_IV_EXPLICIT 0x4 /* IV explicitly provided */ + + struct cryptoini CRD_INI; /* Initialization/context data */ +#define crd_iv CRD_INI.cri_iv +#define crd_key CRD_INI.cri_key +#define crd_rnd CRD_INI.cri_rnd +#define crd_alg CRD_INI.cri_alg +#define crd_klen CRD_INI.cri_klen + + struct cryptodesc *crd_next; }; /* Structure describing complete operation */ -struct cryptop -{ - u_int64_t crp_sid; /* Session ID */ - int crp_ilen; /* Input data total length */ - int crp_olen; /* Result total length (unused for now) */ - int crp_alloctype; /* Type of buf to allocate if needed */ - - int crp_etype; /* Error type (zero means no error). - * All error codes except EAGAIN - * indicate possible data corruption (as in, - * the data have been touched). On all - * errors, the crp_sid may have changed - * (reset to a new one), so the caller - * should always check and use the new - * value on future requests. - */ - int crp_flags; - -#define CRYPTO_F_IMBUF 0x0001 /* Input/output are mbuf chains, otherwise contig */ -#define CRYPTO_F_IOV 0x0002 /* Input/output are uio */ -#define CRYPTO_F_REL 0x0004 /* Must return data in same place */ - - caddr_t crp_buf; /* Data to be processed */ - - caddr_t crp_opaque;/* Opaque pointer, passed along */ - - struct cryptodesc *crp_desc; /* Linked list of processing descriptors */ - - int (*crp_callback) (struct cryptop *); /* Callback function */ - - struct cryptop *crp_next; - - caddr_t crp_iv; - caddr_t crp_mac; - int crp_mac_trunc_len; - +struct cryptop { + u_int64_t crp_sid; /* Session ID */ + int crp_ilen; /* Input data total length */ + int crp_olen; /* Result total length (unused for now) */ + int crp_alloctype; /* Type of buf to allocate if needed */ + + int crp_etype; /* + * Error type (zero means no error). + * All error codes except EAGAIN + * indicate possible data corruption (as in, + * the data have been touched). On all + * errors, the crp_sid may have changed + * (reset to a new one), so the caller + * should always check and use the new + * value on future requests. + */ + int crp_flags; + +#define CRYPTO_F_IMBUF 0x0001 /* Input/output are mbuf chains, otherwise contig */ +#define CRYPTO_F_IOV 0x0002 /* Input/output are uio */ +#define CRYPTO_F_REL 0x0004 /* Must return data in same place */ + + caddr_t crp_buf; /* Data to be processed */ + caddr_t crp_opaque; /* Opaque pointer, passed along */ + struct cryptodesc *crp_desc; /* Linked list of processing descriptors */ + int (*crp_callback)(struct cryptop *); /* Callback function */ + struct cryptop *crp_next; + caddr_t crp_iv; + caddr_t crp_mac; + int crp_mac_trunc_len; }; -#define CRYPTO_BUF_CONTIG 0x1 -#define CRYPTO_BUF_MBUF 0x2 +#define CRYPTO_BUF_CONTIG 0x1 +#define CRYPTO_BUF_MBUF 0x2 -#define CRYPTO_OP_DECRYPT 0x0 -#define CRYPTO_OP_ENCRYPT 0x1 +#define CRYPTO_OP_DECRYPT 0x0 +#define CRYPTO_OP_ENCRYPT 0x1 /* Crypto capabilities structure */ -struct cryptocap -{ - u_int32_t cc_sessions; - - u_int8_t cc_alg[CRYPTO_ALGORITHM_MAX + 1]; /* Supported */ - u_int8_t cc_flags; +struct cryptocap { + u_int32_t cc_sessions; + u_int8_t cc_alg[CRYPTO_ALGORITHM_MAX + 1]; /* Supported */ + u_int8_t cc_flags; #define CRYPTOCAP_F_CLEANUP 0x1 #define CRYPTOCAP_F_SOFTWARE 0x02 - int (*cc_newsession) (u_int32_t *, struct cryptoini *); - int (*cc_process) (struct cryptop *); - int (*cc_freesession) (u_int64_t); + int (*cc_newsession) (u_int32_t *, struct cryptoini *); + int (*cc_process) (struct cryptop *); + int (*cc_freesession) (u_int64_t); }; -#if 0 -struct criov { - int niov; - struct iovec iov[IOV_MAX]; -}; -#endif - #ifdef _KERNEL -extern int crypto_newsession(u_int64_t *, struct cryptoini *, int); -extern int crypto_freesession(u_int64_t); -extern int crypto_dispatch(struct cryptop *); -extern int crypto_register(u_int32_t, int, - int (*)(u_int32_t *, struct cryptoini *), int (*)(u_int64_t), - int (*)(struct cryptop *)); -extern int crypto_unregister(u_int32_t, int); -extern int32_t crypto_get_driverid(void); -extern void crypto_thread(void); -extern int crypto_invoke(struct cryptop *); -extern void crypto_done(struct cryptop *); +int crypto_newsession(u_int64_t *, struct cryptoini *, int); +int crypto_freesession(u_int64_t); +int crypto_dispatch(struct cryptop *); +int crypto_register(u_int32_t, int, + int (*)(u_int32_t *, struct cryptoini *), int (*)(u_int64_t), + int (*)(struct cryptop *)); +int crypto_unregister(u_int32_t, int); +int32_t crypto_get_driverid(void); +void crypto_thread(void); +int crypto_invoke(struct cryptop *); +void crypto_done(struct cryptop *); struct mbuf; int mbuf2pages __P((struct mbuf *, int *, long *, int *, int, int *)); @@ -181,7 +164,7 @@ int iov2pages __P((struct uio *, int *, long *, int *, int, int *)); void cuio_copydata __P((struct uio *, int, int, caddr_t)); void cuio_copyback __P((struct uio *, int, int, caddr_t)); -extern struct cryptop *crypto_getreq(int); -extern void crypto_freereq(struct cryptop *); +struct cryptop *crypto_getreq(int); +void crypto_freereq(struct cryptop *); #endif /* _KERNEL */ #endif /* _CRYPTO_CRYPTO_H_ */ diff --git a/sys/crypto/cryptosoft.c b/sys/crypto/cryptosoft.c index 150b38708e0..009a96df8b6 100644 --- a/sys/crypto/cryptosoft.c +++ b/sys/crypto/cryptosoft.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cryptosoft.c,v 1.21 2001/06/06 04:37:07 angelos Exp $ */ +/* $OpenBSD: cryptosoft.c,v 1.22 2001/06/16 22:17:49 deraadt Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) @@ -39,24 +39,26 @@ #include <crypto/xform.h> u_int8_t hmac_ipad_buffer[64] = { - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36 }; + 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, + 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, + 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, + 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, + 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, + 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, + 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, + 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36 +}; u_int8_t hmac_opad_buffer[64] = { - 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, - 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, - 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, - 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, - 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, - 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, - 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, - 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C }; + 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, + 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, + 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, + 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, + 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, + 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, + 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, + 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C +}; struct swcr_data **swcr_sessions = NULL; @@ -68,241 +70,229 @@ int32_t swcr_id = -1; */ int swcr_encdec(struct cryptodesc *crd, struct swcr_data *sw, caddr_t buf, - int outtype) + int outtype) { - unsigned char iv[EALG_MAX_BLOCK_LEN], blk[EALG_MAX_BLOCK_LEN], *idat; - unsigned char *ivp, piv[EALG_MAX_BLOCK_LEN]; - struct enc_xform *exf; - int i, k, j, blks; - struct mbuf *m; - - exf = sw->sw_exf; - blks = exf->blocksize; - - /* Check for non-padded data */ - if (crd->crd_len % blks) - return EINVAL; - - if (outtype == CRYPTO_BUF_CONTIG) - { - if (crd->crd_flags & CRD_F_ENCRYPT) - { - /* IV explicitly provided ? */ - if (crd->crd_flags & CRD_F_IV_EXPLICIT) - bcopy(crd->crd_iv, sw->sw_iv, blks); - - if (!(crd->crd_flags & CRD_F_IV_PRESENT)) - bcopy(sw->sw_iv, buf + crd->crd_inject, blks); - - for (i = crd->crd_skip; - i < crd->crd_skip + crd->crd_len; - i += blks) - { - /* XOR with the IV/previous block, as appropriate. */ - if (i == crd->crd_skip) - for (k = 0; k < blks; k++) - buf[i + k] ^= sw->sw_iv[k]; - else - for (k = 0; k < blks; k++) - buf[i + k] ^= buf[i + k - blks]; - - exf->encrypt(sw->sw_kschedule, buf + i); - } - - /* Keep the last block */ - bcopy(buf + crd->crd_len - blks, sw->sw_iv, blks); - } - else /* Decrypt */ - { - /* IV explicitly provided ? */ - if (crd->crd_flags & CRD_F_IV_EXPLICIT) - bcopy(crd->crd_iv, sw->sw_iv, blks); - else /* IV preceeds data */ - bcopy(buf + crd->crd_inject, sw->sw_iv, blks); - - /* - * Start at the end, so we don't need to keep the encrypted - * block as the IV for the next block. - */ - for (i = crd->crd_skip + crd->crd_len - blks; - i >= crd->crd_skip; - i -= blks) - { - exf->decrypt(sw->sw_kschedule, buf + i); - - /* XOR with the IV/previous block, as appropriate */ - if (i == crd->crd_skip) - for (k = 0; k < blks; k++) - buf[i + k] ^= sw->sw_iv[k]; - else - for (k = 0; k < blks; k++) - buf[i + k] ^= buf[i + k - blks]; - } - } - - return 0; /* Done with contiguous buffer encryption/decryption */ - } - else /* mbuf */ - { - m = (struct mbuf *) buf; - - /* Initialize the IV */ - if (crd->crd_flags & CRD_F_ENCRYPT) - { - /* IV explicitly provided ? */ - if (crd->crd_flags & CRD_F_IV_EXPLICIT) - bcopy(crd->crd_iv, iv, blks); - else - bcopy(sw->sw_iv, iv, blks); /* Use IV from context */ - - /* Do we need to write the IV */ - if (!(crd->crd_flags & CRD_F_IV_PRESENT)) - m_copyback(m, crd->crd_inject, blks, iv); - } - else /* Decryption */ - { - /* IV explicitly provided ? */ - if (crd->crd_flags & CRD_F_IV_EXPLICIT) - bcopy(crd->crd_iv, iv, blks); - else - m_copydata(m, crd->crd_inject, blks, iv); /* Get IV off mbuf */ - } - - ivp = iv; - - /* Find beginning of data */ - m = m_getptr(m, crd->crd_skip, &k); - if (m == NULL) - return EINVAL; + unsigned char iv[EALG_MAX_BLOCK_LEN], blk[EALG_MAX_BLOCK_LEN], *idat; + unsigned char *ivp, piv[EALG_MAX_BLOCK_LEN]; + struct enc_xform *exf; + int i, k, j, blks; + struct mbuf *m; - i = crd->crd_len; + exf = sw->sw_exf; + blks = exf->blocksize; - while (i > 0) - { - /* - * If there's insufficient data at the end of an mbuf, we have - * to do some copying. - */ - if ((m->m_len < k + blks) && (m->m_len != k)) - { - m_copydata(m, k, blks, blk); - - /* Actual encryption/decryption */ - if (crd->crd_flags & CRD_F_ENCRYPT) - { - /* XOR with previous block */ - for (j = 0; j < blks; j++) - blk[j] ^= ivp[j]; - - exf->encrypt(sw->sw_kschedule, blk); + /* Check for non-padded data */ + if (crd->crd_len % blks) + return EINVAL; - /* Keep encrypted block for XOR'ing with next block */ - bcopy(blk, iv, blks); - ivp = iv; + if (outtype == CRYPTO_BUF_CONTIG) { + if (crd->crd_flags & CRD_F_ENCRYPT) { + /* IV explicitly provided ? */ + if (crd->crd_flags & CRD_F_IV_EXPLICIT) + bcopy(crd->crd_iv, sw->sw_iv, blks); + + if (!(crd->crd_flags & CRD_F_IV_PRESENT)) + bcopy(sw->sw_iv, buf + crd->crd_inject, blks); + + for (i = crd->crd_skip; + i < crd->crd_skip + crd->crd_len; i += blks) { + /* XOR with the IV/previous block, as appropriate. */ + if (i == crd->crd_skip) + for (k = 0; k < blks; k++) + buf[i + k] ^= sw->sw_iv[k]; + else + for (k = 0; k < blks; k++) + buf[i + k] ^= buf[i + k - blks]; + exf->encrypt(sw->sw_kschedule, buf + i); + } + + /* Keep the last block */ + bcopy(buf + crd->crd_len - blks, sw->sw_iv, blks); + + } else { /* Decrypt */ + /* IV explicitly provided ? */ + if (crd->crd_flags & CRD_F_IV_EXPLICIT) + bcopy(crd->crd_iv, sw->sw_iv, blks); + else /* IV preceeds data */ + bcopy(buf + crd->crd_inject, sw->sw_iv, blks); + + /* + * Start at the end, so we don't need to keep the encrypted + * block as the IV for the next block. + */ + for (i = crd->crd_skip + crd->crd_len - blks; + i >= crd->crd_skip; i -= blks) { + exf->decrypt(sw->sw_kschedule, buf + i); + + /* XOR with the IV/previous block, as appropriate */ + if (i == crd->crd_skip) + for (k = 0; k < blks; k++) + buf[i + k] ^= sw->sw_iv[k]; + else + for (k = 0; k < blks; k++) + buf[i + k] ^= buf[i + k - blks]; + } } - else /* decrypt */ - { - /* Keep encrypted block for XOR'ing with next block */ - if (ivp == iv) - bcopy(blk, piv, blks); - else - bcopy(blk, iv, blks); - - exf->decrypt(sw->sw_kschedule, blk); - - /* XOR with previous block */ - for (j = 0; j < blks; j++) - blk[j] ^= ivp[j]; - - if (ivp == iv) - bcopy(piv, iv, blks); - else - ivp = iv; + return 0; + } else { + m = (struct mbuf *) buf; + + /* Initialize the IV */ + if (crd->crd_flags & CRD_F_ENCRYPT) { + /* IV explicitly provided ? */ + if (crd->crd_flags & CRD_F_IV_EXPLICIT) + bcopy(crd->crd_iv, iv, blks); + else { + /* Use IV from context */ + bcopy(sw->sw_iv, iv, blks); + } + + /* Do we need to write the IV */ + if (!(crd->crd_flags & CRD_F_IV_PRESENT)) + m_copyback(m, crd->crd_inject, blks, iv); + + } else { /* Decryption */ + /* IV explicitly provided ? */ + if (crd->crd_flags & CRD_F_IV_EXPLICIT) + bcopy(crd->crd_iv, iv, blks); + else { + /* Get IV off mbuf */ + m_copydata(m, crd->crd_inject, blks, iv); + } } - /* Copy back decrypted block */ - m_copyback(m, k, blks, blk); + ivp = iv; - /* Advance pointer */ - m = m_getptr(m, k + blks, &k); + /* Find beginning of data */ + m = m_getptr(m, crd->crd_skip, &k); if (m == NULL) - return EINVAL; - - i -= blks; - - /* Could be done... */ - if (i == 0) - break; - } - - /* Skip possibly empty mbufs */ - if (k == m->m_len) - { - for (m = m->m_next; m && m->m_len == 0; m = m->m_next) - ; - - k = 0; - } - - /* Sanity check */ - if (m == NULL) - return EINVAL; - - /* - * Warning: idat may point to garbage here, but we only use it - * in the while() loop, only if there are indeed enough data. - */ - idat = mtod(m, unsigned char *) + k; + return EINVAL; + + i = crd->crd_len; + + while (i > 0) { + /* + * If there's insufficient data at the end of + * an mbuf, we have to do some copying. + */ + if (m->m_len < k + blks && m->m_len != k) { + m_copydata(m, k, blks, blk); + + /* Actual encryption/decryption */ + if (crd->crd_flags & CRD_F_ENCRYPT) { + /* XOR with previous block */ + for (j = 0; j < blks; j++) + blk[j] ^= ivp[j]; + + exf->encrypt(sw->sw_kschedule, blk); + + /* + * Keep encrypted block for XOR'ing + * with next block + */ + bcopy(blk, iv, blks); + ivp = iv; + } else { /* decrypt */ + /* + * Keep encrypted block for XOR'ing + * with next block + */ + if (ivp == iv) + bcopy(blk, piv, blks); + else + bcopy(blk, iv, blks); + + exf->decrypt(sw->sw_kschedule, blk); + + /* XOR with previous block */ + for (j = 0; j < blks; j++) + blk[j] ^= ivp[j]; + + if (ivp == iv) + bcopy(piv, iv, blks); + else + ivp = iv; + } + + /* Copy back decrypted block */ + m_copyback(m, k, blks, blk); + + /* Advance pointer */ + m = m_getptr(m, k + blks, &k); + if (m == NULL) + return EINVAL; + + i -= blks; + + /* Could be done... */ + if (i == 0) + break; + } + + /* Skip possibly empty mbufs */ + if (k == m->m_len) { + for (m = m->m_next; m && m->m_len == 0; + m = m->m_next) + ; + k = 0; + } + + /* Sanity check */ + if (m == NULL) + return EINVAL; + + /* + * Warning: idat may point to garbage here, but + * we only use it in the while() loop, only if + * there are indeed enough data. + */ + idat = mtod(m, unsigned char *) + k; + + while (m->m_len >= k + blks && i > 0) { + if (crd->crd_flags & CRD_F_ENCRYPT) { + /* XOR with previous block/IV */ + for (j = 0; j < blks; j++) + idat[j] ^= ivp[j]; + + exf->encrypt(sw->sw_kschedule, idat); + ivp = idat; + } else { /* decrypt */ + /* + * Keep encrypted block to be used + * in next block's processing. + */ + if (ivp == iv) + bcopy(idat, piv, blks); + else + bcopy(idat, iv, blks); + + exf->decrypt(sw->sw_kschedule, idat); + + /* XOR with previous block/IV */ + for (j = 0; j < blks; j++) + idat[j] ^= ivp[j]; + + if (ivp == iv) + bcopy(piv, iv, blks); + else + ivp = iv; + } + + idat += blks; + k += blks; + i -= blks; + } + } - while ((m->m_len >= k + blks) && (i > 0)) - { + /* Keep the last block */ if (crd->crd_flags & CRD_F_ENCRYPT) - { - /* XOR with previous block/IV */ - for (j = 0; j < blks; j++) - idat[j] ^= ivp[j]; - - exf->encrypt(sw->sw_kschedule, idat); - ivp = idat; - } - else /* decrypt */ - { - /* - * Keep encrypted block to be used in next block's - * processing. - */ - if (ivp == iv) - bcopy(idat, piv, blks); - else - bcopy(idat, iv, blks); - - exf->decrypt(sw->sw_kschedule, idat); - - /* XOR with previous block/IV */ - for (j = 0; j < blks; j++) - idat[j] ^= ivp[j]; - - if (ivp == iv) - bcopy(piv, iv, blks); - else - ivp = iv; - } + bcopy(ivp, sw->sw_iv, blks); - idat += blks; - k += blks; - i -= blks; - } + return 0; /* Done with mbuf encryption/decryption */ } - /* Keep the last block */ - if (crd->crd_flags & CRD_F_ENCRYPT) - bcopy(ivp, sw->sw_iv, blks); - - return 0; /* Done with mbuf encryption/decryption */ - } - - /* Unreachable */ - return EINVAL; + /* Unreachable */ + return EINVAL; } /* @@ -310,63 +300,60 @@ swcr_encdec(struct cryptodesc *crd, struct swcr_data *sw, caddr_t buf, */ int swcr_authcompute(struct cryptodesc *crd, struct swcr_data *sw, - caddr_t buf, int outtype) + caddr_t buf, int outtype) { - unsigned char aalg[AALG_MAX_RESULT_LEN]; - struct auth_hash *axf; - union authctx ctx; - int err; - - if (sw->sw_ictx == 0) - return EINVAL; - - axf = sw->sw_axf; - - bcopy(sw->sw_ictx, &ctx, axf->ctxsize); - - if (outtype == CRYPTO_BUF_CONTIG) - axf->Update(&ctx, buf + crd->crd_skip, crd->crd_len); - else - { - err = m_apply((struct mbuf *) buf, crd->crd_skip, - crd->crd_len, - (int (*)(caddr_t, caddr_t, unsigned int)) axf->Update, - (caddr_t) &ctx); - if (err) - return err; - } - - switch (sw->sw_alg) - { + unsigned char aalg[AALG_MAX_RESULT_LEN]; + struct auth_hash *axf; + union authctx ctx; + int err; + + if (sw->sw_ictx == 0) + return EINVAL; + + axf = sw->sw_axf; + + bcopy(sw->sw_ictx, &ctx, axf->ctxsize); + + if (outtype == CRYPTO_BUF_CONTIG) + axf->Update(&ctx, buf + crd->crd_skip, crd->crd_len); + else { + err = m_apply((struct mbuf *) buf, crd->crd_skip, crd->crd_len, + (int (*)(caddr_t, caddr_t, unsigned int)) axf->Update, + (caddr_t) &ctx); + if (err) + return err; + } + + switch (sw->sw_alg) { case CRYPTO_MD5_HMAC: case CRYPTO_SHA1_HMAC: case CRYPTO_RIPEMD160_HMAC: - if (sw->sw_octx == NULL) - return EINVAL; - - axf->Final(aalg, &ctx); - bcopy(sw->sw_octx, &ctx, axf->ctxsize); - axf->Update(&ctx, aalg, axf->hashsize); - axf->Final(aalg, &ctx); - break; - - case CRYPTO_MD5_KPDK: - case CRYPTO_SHA1_KPDK: - if (sw->sw_octx == NULL) - return EINVAL; - - axf->Update(&ctx, sw->sw_octx, sw->sw_klen); - axf->Final(aalg, &ctx); - break; - } - - /* Inject the authentication data */ - if (outtype == CRYPTO_BUF_CONTIG) - bcopy(aalg, buf + crd->crd_inject, axf->authsize); - else - m_copyback((struct mbuf *) buf, crd->crd_inject, axf->authsize, aalg); - - return 0; + if (sw->sw_octx == NULL) + return EINVAL; + + axf->Final(aalg, &ctx); + bcopy(sw->sw_octx, &ctx, axf->ctxsize); + axf->Update(&ctx, aalg, axf->hashsize); + axf->Final(aalg, &ctx); + break; + + case CRYPTO_MD5_KPDK: + case CRYPTO_SHA1_KPDK: + if (sw->sw_octx == NULL) + return EINVAL; + + axf->Update(&ctx, sw->sw_octx, sw->sw_klen); + axf->Final(aalg, &ctx); + break; + } + + /* Inject the authentication data */ + if (outtype == CRYPTO_BUF_CONTIG) + bcopy(aalg, buf + crd->crd_inject, axf->authsize); + else + m_copyback((struct mbuf *) buf, crd->crd_inject, + axf->authsize, aalg); + return 0; } /* @@ -375,212 +362,181 @@ swcr_authcompute(struct cryptodesc *crd, struct swcr_data *sw, int swcr_newsession(u_int32_t *sid, struct cryptoini *cri) { - struct swcr_data **swd; - struct auth_hash *axf; - struct enc_xform *txf; - u_int32_t i; - int k; - - if ((sid == NULL) || (cri == NULL)) - return EINVAL; - - if (swcr_sessions) - for (i = 1; i < swcr_sesnum; i++) - if (swcr_sessions[i] == NULL) - break; - - if ((swcr_sessions == NULL) || (i == swcr_sesnum)) - { - if (swcr_sessions == NULL) - { - i = 1; /* We leave swcr_sessions[0] empty */ - swcr_sesnum = CRYPTO_SW_SESSIONS; - } - else - swcr_sesnum *= 2; - - swd = malloc(swcr_sesnum * sizeof(struct swcr_data *), - M_CRYPTO_DATA, M_NOWAIT); - if (swd == NULL) - { - /* Reset session number */ - if (swcr_sesnum == CRYPTO_SW_SESSIONS) - swcr_sesnum = 0; - else - swcr_sesnum /= 2; - - return ENOBUFS; - } + struct swcr_data **swd; + struct auth_hash *axf; + struct enc_xform *txf; + u_int32_t i; + int k; - bzero(swd, swcr_sesnum * sizeof(struct swcr_data *)); - - /* Copy existing sessions */ - if (swcr_sessions) - { - bcopy(swcr_sessions, swd, - (swcr_sesnum / 2) * sizeof(struct swcr_data *)); - free(swcr_sessions, M_CRYPTO_DATA); - } - - swcr_sessions = swd; - } - - swd = &swcr_sessions[i]; - *sid = i; + if (sid == NULL || cri == NULL) + return EINVAL; - while (cri) - { - MALLOC(*swd, struct swcr_data *, sizeof(struct swcr_data), - M_CRYPTO_DATA, M_NOWAIT); - if (*swd == NULL) - { - swcr_freesession(i); - return ENOBUFS; + if (swcr_sessions) { + for (i = 1; i < swcr_sesnum; i++) + if (swcr_sessions[i] == NULL) + break; } - bzero(*swd, sizeof(struct swcr_data)); - - switch (cri->cri_alg) - { - case CRYPTO_DES_CBC: - txf = &enc_xform_des; - goto enccommon; - - case CRYPTO_3DES_CBC: - txf = &enc_xform_3des; - goto enccommon; - - case CRYPTO_BLF_CBC: - txf = &enc_xform_blf; - goto enccommon; - - case CRYPTO_CAST_CBC: - txf = &enc_xform_cast5; - goto enccommon; - - case CRYPTO_SKIPJACK_CBC: - txf = &enc_xform_skipjack; - goto enccommon; - - case CRYPTO_RIJNDAEL128_CBC: - txf = &enc_xform_rijndael128; - goto enccommon; - - enccommon: - txf->setkey(&((*swd)->sw_kschedule), cri->cri_key, - cri->cri_klen / 8); - (*swd)->sw_iv = malloc(txf->blocksize, M_CRYPTO_DATA, - M_NOWAIT); - if ((*swd)->sw_iv == NULL) - { - swcr_freesession(i); - return ENOBUFS; + if (swcr_sessions == NULL || i == swcr_sesnum) { + if (swcr_sessions == NULL) { + i = 1; /* We leave swcr_sessions[0] empty */ + swcr_sesnum = CRYPTO_SW_SESSIONS; + } else + swcr_sesnum *= 2; + + swd = malloc(swcr_sesnum * sizeof(struct swcr_data *), + M_CRYPTO_DATA, M_NOWAIT); + if (swd == NULL) { + /* Reset session number */ + if (swcr_sesnum == CRYPTO_SW_SESSIONS) + swcr_sesnum = 0; + else + swcr_sesnum /= 2; + return ENOBUFS; } - (*swd)->sw_exf = txf; + bzero(swd, swcr_sesnum * sizeof(struct swcr_data *)); - get_random_bytes((*swd)->sw_iv, txf->blocksize); - break; - - case CRYPTO_MD5_HMAC: - axf = &auth_hash_hmac_md5_96; - goto authcommon; - - case CRYPTO_SHA1_HMAC: - axf = &auth_hash_hmac_sha1_96; - goto authcommon; - - case CRYPTO_RIPEMD160_HMAC: - axf = &auth_hash_hmac_ripemd_160_96; - - authcommon: - (*swd)->sw_ictx = malloc(axf->ctxsize, M_CRYPTO_DATA, - M_NOWAIT); - if ((*swd)->sw_ictx == NULL) - { - swcr_freesession(i); - return ENOBUFS; + /* Copy existing sessions */ + if (swcr_sessions) { + bcopy(swcr_sessions, swd, + (swcr_sesnum / 2) * sizeof(struct swcr_data *)); + free(swcr_sessions, M_CRYPTO_DATA); } - (*swd)->sw_octx = malloc(axf->ctxsize, M_CRYPTO_DATA, - M_NOWAIT); - if ((*swd)->sw_octx == NULL) - { - swcr_freesession(i); - return ENOBUFS; - } + swcr_sessions = swd; + } - for (k = 0; k < cri->cri_klen / 8; k++) - cri->cri_key[k] ^= HMAC_IPAD_VAL; + swd = &swcr_sessions[i]; + *sid = i; - axf->Init((*swd)->sw_ictx); - axf->Update((*swd)->sw_ictx, cri->cri_key, + while (cri) { + MALLOC(*swd, struct swcr_data *, sizeof(struct swcr_data), + M_CRYPTO_DATA, M_NOWAIT); + if (*swd == NULL) { + swcr_freesession(i); + return ENOBUFS; + } + bzero(*swd, sizeof(struct swcr_data)); + + switch (cri->cri_alg) { + case CRYPTO_DES_CBC: + txf = &enc_xform_des; + goto enccommon; + case CRYPTO_3DES_CBC: + txf = &enc_xform_3des; + goto enccommon; + case CRYPTO_BLF_CBC: + txf = &enc_xform_blf; + goto enccommon; + case CRYPTO_CAST_CBC: + txf = &enc_xform_cast5; + goto enccommon; + case CRYPTO_SKIPJACK_CBC: + txf = &enc_xform_skipjack; + goto enccommon; + case CRYPTO_RIJNDAEL128_CBC: + txf = &enc_xform_rijndael128; + goto enccommon; + enccommon: + txf->setkey(&((*swd)->sw_kschedule), cri->cri_key, + cri->cri_klen / 8); + (*swd)->sw_iv = malloc(txf->blocksize, M_CRYPTO_DATA, M_NOWAIT); + if ((*swd)->sw_iv == NULL) { + swcr_freesession(i); + return ENOBUFS; + } + (*swd)->sw_exf = txf; + get_random_bytes((*swd)->sw_iv, txf->blocksize); + break; + + case CRYPTO_MD5_HMAC: + axf = &auth_hash_hmac_md5_96; + goto authcommon; + case CRYPTO_SHA1_HMAC: + axf = &auth_hash_hmac_sha1_96; + goto authcommon; + case CRYPTO_RIPEMD160_HMAC: + axf = &auth_hash_hmac_ripemd_160_96; + authcommon: + (*swd)->sw_ictx = malloc(axf->ctxsize, M_CRYPTO_DATA, + M_NOWAIT); + if ((*swd)->sw_ictx == NULL) { + swcr_freesession(i); + return ENOBUFS; + } + + (*swd)->sw_octx = malloc(axf->ctxsize, M_CRYPTO_DATA, + M_NOWAIT); + if ((*swd)->sw_octx == NULL) { + swcr_freesession(i); + return ENOBUFS; + } + + for (k = 0; k < cri->cri_klen / 8; k++) + cri->cri_key[k] ^= HMAC_IPAD_VAL; + + axf->Init((*swd)->sw_ictx); + axf->Update((*swd)->sw_ictx, cri->cri_key, cri->cri_klen / 8); - axf->Update((*swd)->sw_ictx, hmac_ipad_buffer, + axf->Update((*swd)->sw_ictx, hmac_ipad_buffer, HMAC_BLOCK_LEN - (cri->cri_klen / 8)); - - for (k = 0; k < cri->cri_klen / 8; k++) - cri->cri_key[k] ^= (HMAC_IPAD_VAL ^ HMAC_OPAD_VAL); - - axf->Init((*swd)->sw_octx); - axf->Update((*swd)->sw_octx, cri->cri_key, + + for (k = 0; k < cri->cri_klen / 8; k++) + cri->cri_key[k] ^= (HMAC_IPAD_VAL ^ HMAC_OPAD_VAL); + + axf->Init((*swd)->sw_octx); + axf->Update((*swd)->sw_octx, cri->cri_key, cri->cri_klen / 8); - axf->Update((*swd)->sw_octx, hmac_opad_buffer, + axf->Update((*swd)->sw_octx, hmac_opad_buffer, HMAC_BLOCK_LEN - (cri->cri_klen / 8)); - - for (k = 0; k < cri->cri_klen / 8; k++) - cri->cri_key[k] ^= HMAC_OPAD_VAL; - - (*swd)->sw_axf = axf; - break; - - case CRYPTO_MD5_KPDK: - axf = &auth_hash_key_md5; - goto auth2common; - - case CRYPTO_SHA1_KPDK: - axf = &auth_hash_key_sha1; - - auth2common: - (*swd)->sw_ictx = malloc(axf->ctxsize, M_CRYPTO_DATA, - M_NOWAIT); - if ((*swd)->sw_ictx == NULL) - { - swcr_freesession(i); - return ENOBUFS; - } - - /* Store the key so we can "append" it to the payload */ - (*swd)->sw_octx = malloc(cri->cri_klen / 8, M_CRYPTO_DATA, - M_NOWAIT); - if ((*swd)->sw_octx == NULL) - { - swcr_freesession(i); - return ENOBUFS; - } - - (*swd)->sw_klen = cri->cri_klen / 8; - bcopy(cri->cri_key, (*swd)->sw_octx, cri->cri_klen / 8); - - axf->Init((*swd)->sw_ictx); - axf->Update((*swd)->sw_ictx, cri->cri_key, + + for (k = 0; k < cri->cri_klen / 8; k++) + cri->cri_key[k] ^= HMAC_OPAD_VAL; + (*swd)->sw_axf = axf; + break; + + case CRYPTO_MD5_KPDK: + axf = &auth_hash_key_md5; + goto auth2common; + + case CRYPTO_SHA1_KPDK: + axf = &auth_hash_key_sha1; + auth2common: + (*swd)->sw_ictx = malloc(axf->ctxsize, M_CRYPTO_DATA, + M_NOWAIT); + if ((*swd)->sw_ictx == NULL) { + swcr_freesession(i); + return ENOBUFS; + } + + /* Store the key so we can "append" it to the payload */ + (*swd)->sw_octx = malloc(cri->cri_klen / 8, M_CRYPTO_DATA, + M_NOWAIT); + if ((*swd)->sw_octx == NULL) { + swcr_freesession(i); + return ENOBUFS; + } + + (*swd)->sw_klen = cri->cri_klen / 8; + bcopy(cri->cri_key, (*swd)->sw_octx, cri->cri_klen / 8); + axf->Init((*swd)->sw_ictx); + axf->Update((*swd)->sw_ictx, cri->cri_key, cri->cri_klen / 8); - axf->Final(NULL, (*swd)->sw_ictx); - - (*swd)->sw_axf = axf; - break; - - default: - swcr_freesession(i); - return EINVAL; + axf->Final(NULL, (*swd)->sw_ictx); + (*swd)->sw_axf = axf; + break; + + default: + swcr_freesession(i); + return EINVAL; + } + + (*swd)->sw_alg = cri->cri_alg; + cri = cri->cri_next; + swd = &((*swd)->sw_next); } - - (*swd)->sw_alg = cri->cri_alg; - cri = cri->cri_next; - swd = &((*swd)->sw_next); - } - - return 0; + return 0; } /* @@ -589,80 +545,70 @@ swcr_newsession(u_int32_t *sid, struct cryptoini *cri) int swcr_freesession(u_int64_t tid) { - struct swcr_data *swd; - struct enc_xform *txf; - struct auth_hash *axf; - u_int32_t sid = ((u_int32_t) tid) & 0xffffffff; - - if ((sid > swcr_sesnum) || (swcr_sessions == NULL) || - (swcr_sessions[sid] == NULL)) - return EINVAL; - - /* Silently accept and return */ - if (sid == 0) - return 0; - - while ((swd = swcr_sessions[sid]) != NULL) - { - swcr_sessions[sid] = swd->sw_next; - - switch (swd->sw_alg) - { - case CRYPTO_DES_CBC: - case CRYPTO_3DES_CBC: - case CRYPTO_BLF_CBC: - case CRYPTO_CAST_CBC: - case CRYPTO_SKIPJACK_CBC: - case CRYPTO_RIJNDAEL128_CBC: - txf = swd->sw_exf; - - if (swd->sw_kschedule) - txf->zerokey(&(swd->sw_kschedule)); - - if (swd->sw_iv) - free(swd->sw_iv, M_CRYPTO_DATA); - break; + struct swcr_data *swd; + struct enc_xform *txf; + struct auth_hash *axf; + u_int32_t sid = ((u_int32_t) tid) & 0xffffffff; - case CRYPTO_MD5_HMAC: - case CRYPTO_SHA1_HMAC: - case CRYPTO_RIPEMD160_HMAC: - axf = swd->sw_axf; - - if (swd->sw_ictx) - { - bzero(swd->sw_ictx, axf->ctxsize); - free(swd->sw_ictx, M_CRYPTO_DATA); - } - - if (swd->sw_octx) - { - bzero(swd->sw_octx, axf->ctxsize); - free(swd->sw_octx, M_CRYPTO_DATA); - } - break; - - case CRYPTO_MD5_KPDK: - case CRYPTO_SHA1_KPDK: - axf = swd->sw_axf; + if (sid > swcr_sesnum || swcr_sessions == NULL || + swcr_sessions[sid] == NULL) + return EINVAL; - if (swd->sw_ictx) - { - bzero(swd->sw_ictx, axf->ctxsize); - free(swd->sw_ictx, M_CRYPTO_DATA); + /* Silently accept and return */ + if (sid == 0) + return 0; + + while ((swd = swcr_sessions[sid]) != NULL) { + swcr_sessions[sid] = swd->sw_next; + + switch (swd->sw_alg) { + case CRYPTO_DES_CBC: + case CRYPTO_3DES_CBC: + case CRYPTO_BLF_CBC: + case CRYPTO_CAST_CBC: + case CRYPTO_SKIPJACK_CBC: + case CRYPTO_RIJNDAEL128_CBC: + txf = swd->sw_exf; + + if (swd->sw_kschedule) + txf->zerokey(&(swd->sw_kschedule)); + if (swd->sw_iv) + free(swd->sw_iv, M_CRYPTO_DATA); + break; + + case CRYPTO_MD5_HMAC: + case CRYPTO_SHA1_HMAC: + case CRYPTO_RIPEMD160_HMAC: + axf = swd->sw_axf; + + if (swd->sw_ictx) { + bzero(swd->sw_ictx, axf->ctxsize); + free(swd->sw_ictx, M_CRYPTO_DATA); + } + if (swd->sw_octx) { + bzero(swd->sw_octx, axf->ctxsize); + free(swd->sw_octx, M_CRYPTO_DATA); + } + break; + + case CRYPTO_MD5_KPDK: + case CRYPTO_SHA1_KPDK: + axf = swd->sw_axf; + + if (swd->sw_ictx) { + bzero(swd->sw_ictx, axf->ctxsize); + free(swd->sw_ictx, M_CRYPTO_DATA); + } + if (swd->sw_octx) { + bzero(swd->sw_octx, swd->sw_klen); + free(swd->sw_octx, M_CRYPTO_DATA); + } + break; } - if (swd->sw_octx) - { - bzero(swd->sw_octx, swd->sw_klen); - free(swd->sw_octx, M_CRYPTO_DATA); - } - break; + FREE(swd, M_CRYPTO_DATA); } - - FREE(swd, M_CRYPTO_DATA); - } - - return 0; + return 0; } /* @@ -671,90 +617,85 @@ swcr_freesession(u_int64_t tid) int swcr_process(struct cryptop *crp) { - struct cryptodesc *crd; - struct swcr_data *sw; - u_int32_t lid; - int type; - - /* Sanity check */ - if (crp == NULL) - return EINVAL; - - if ((crp->crp_desc == NULL) || (crp->crp_buf == NULL)) - { - crp->crp_etype = EINVAL; - goto done; - } - - lid = crp->crp_sid & 0xffffffff; - if ((lid >= swcr_sesnum) || (lid == 0) || (swcr_sessions[lid] == NULL)) - { - crp->crp_etype = ENOENT; - goto done; - } - - if (crp->crp_flags & CRYPTO_F_IMBUF) - type = CRYPTO_BUF_MBUF; - else - type = CRYPTO_BUF_CONTIG; - - /* Go through crypto descriptors, processing as we go */ - for (crd = crp->crp_desc; crd; crd = crd->crd_next) - { - /* - * Find the crypto context. - * - * XXX Note that the logic here prevents us from having - * XXX the same algorithm multiple times in a session - * XXX (or rather, we can but it won't give us the right - * XXX results). To do that, we'd need some way of differentiating - * XXX between the various instances of an algorithm (so we can - * XXX locate the correct crypto context). - */ - for (sw = swcr_sessions[lid]; - sw && sw->sw_alg != crd->crd_alg; - sw = sw->sw_next) - ; - - /* No such context ? */ - if (sw == NULL) - { - crp->crp_etype = EINVAL; - goto done; - } - - switch (sw->sw_alg) - { - case CRYPTO_DES_CBC: - case CRYPTO_3DES_CBC: - case CRYPTO_BLF_CBC: - case CRYPTO_CAST_CBC: - case CRYPTO_SKIPJACK_CBC: - case CRYPTO_RIJNDAEL128_CBC: - if ((crp->crp_etype = swcr_encdec(crd, sw, crp->crp_buf, - type)) != 0) - goto done; - break; + struct cryptodesc *crd; + struct swcr_data *sw; + u_int32_t lid; + int type; - case CRYPTO_MD5_HMAC: - case CRYPTO_SHA1_HMAC: - case CRYPTO_RIPEMD160_HMAC: - case CRYPTO_MD5_KPDK: - case CRYPTO_SHA1_KPDK: - if ((crp->crp_etype = swcr_authcompute(crd, sw, crp->crp_buf, - type)) != 0) - goto done; - break; + /* Sanity check */ + if (crp == NULL) + return EINVAL; - default: /* Unknown/unsupported algorithm */ + if (crp->crp_desc == NULL || crp->crp_buf == NULL) { crp->crp_etype = EINVAL; goto done; } - } - done: - crypto_done(crp); - return 0; + lid = crp->crp_sid & 0xffffffff; + if (lid >= swcr_sesnum || lid == 0 || swcr_sessions[lid] == NULL) { + crp->crp_etype = ENOENT; + goto done; + } + + if (crp->crp_flags & CRYPTO_F_IMBUF) + type = CRYPTO_BUF_MBUF; + else + type = CRYPTO_BUF_CONTIG; + + /* Go through crypto descriptors, processing as we go */ + for (crd = crp->crp_desc; crd; crd = crd->crd_next) { + /* + * Find the crypto context. + * + * XXX Note that the logic here prevents us from having + * XXX the same algorithm multiple times in a session + * XXX (or rather, we can but it won't give us the right + * XXX results). To do that, we'd need some way of differentiating + * XXX between the various instances of an algorithm (so we can + * XXX locate the correct crypto context). + */ + for (sw = swcr_sessions[lid]; + sw && sw->sw_alg != crd->crd_alg; + sw = sw->sw_next) + ; + + /* No such context ? */ + if (sw == NULL) { + crp->crp_etype = EINVAL; + goto done; + } + + switch (sw->sw_alg) { + case CRYPTO_DES_CBC: + case CRYPTO_3DES_CBC: + case CRYPTO_BLF_CBC: + case CRYPTO_CAST_CBC: + case CRYPTO_SKIPJACK_CBC: + case CRYPTO_RIJNDAEL128_CBC: + if ((crp->crp_etype = swcr_encdec(crd, sw, + crp->crp_buf, type)) != 0) + goto done; + break; + case CRYPTO_MD5_HMAC: + case CRYPTO_SHA1_HMAC: + case CRYPTO_RIPEMD160_HMAC: + case CRYPTO_MD5_KPDK: + case CRYPTO_SHA1_KPDK: + if ((crp->crp_etype = swcr_authcompute(crd, sw, + crp->crp_buf, type)) != 0) + goto done; + break; + + default: + /* Unknown/unsupported algorithm */ + crp->crp_etype = EINVAL; + goto done; + } + } + +done: + crypto_done(crp); + return 0; } /* @@ -763,24 +704,23 @@ swcr_process(struct cryptop *crp) void swcr_init(void) { - swcr_id = crypto_get_driverid(); - if (swcr_id >= 0) - { - crypto_register(swcr_id, CRYPTO_DES_CBC, swcr_newsession, - swcr_freesession, swcr_process); - crypto_register(swcr_id, CRYPTO_3DES_CBC, NULL, NULL, NULL); - crypto_register(swcr_id, CRYPTO_BLF_CBC, NULL, NULL, NULL); - crypto_register(swcr_id, CRYPTO_CAST_CBC, NULL, NULL, NULL); - crypto_register(swcr_id, CRYPTO_SKIPJACK_CBC, NULL, NULL, NULL); - crypto_register(swcr_id, CRYPTO_MD5_HMAC, NULL, NULL, NULL); - crypto_register(swcr_id, CRYPTO_SHA1_HMAC, NULL, NULL, NULL); - crypto_register(swcr_id, CRYPTO_RIPEMD160_HMAC, NULL, NULL, NULL); - crypto_register(swcr_id, CRYPTO_MD5_KPDK, NULL, NULL, NULL); - crypto_register(swcr_id, CRYPTO_SHA1_KPDK, NULL, NULL, NULL); - crypto_register(swcr_id, CRYPTO_RIJNDAEL128_CBC, NULL, NULL, NULL); - return; - } - - /* This should never happen */ - panic("Software crypto device cannot initialize!"); + swcr_id = crypto_get_driverid(); + if (swcr_id >= 0) { + crypto_register(swcr_id, CRYPTO_DES_CBC, swcr_newsession, + swcr_freesession, swcr_process); + crypto_register(swcr_id, CRYPTO_3DES_CBC, NULL, NULL, NULL); + crypto_register(swcr_id, CRYPTO_BLF_CBC, NULL, NULL, NULL); + crypto_register(swcr_id, CRYPTO_CAST_CBC, NULL, NULL, NULL); + crypto_register(swcr_id, CRYPTO_SKIPJACK_CBC, NULL, NULL, NULL); + crypto_register(swcr_id, CRYPTO_MD5_HMAC, NULL, NULL, NULL); + crypto_register(swcr_id, CRYPTO_SHA1_HMAC, NULL, NULL, NULL); + crypto_register(swcr_id, CRYPTO_RIPEMD160_HMAC, NULL, NULL, NULL); + crypto_register(swcr_id, CRYPTO_MD5_KPDK, NULL, NULL, NULL); + crypto_register(swcr_id, CRYPTO_SHA1_KPDK, NULL, NULL, NULL); + crypto_register(swcr_id, CRYPTO_RIJNDAEL128_CBC, NULL, NULL, NULL); + return; + } + + /* This should never happen */ + panic("Software crypto device cannot initialize!"); } diff --git a/sys/crypto/cryptosoft.h b/sys/crypto/cryptosoft.h index 861e3bddc14..992df98c6ef 100644 --- a/sys/crypto/cryptosoft.h +++ b/sys/crypto/cryptosoft.h @@ -1,4 +1,4 @@ -/* $OpenBSD: cryptosoft.h,v 1.4 2001/05/13 16:52:33 jason Exp $ */ +/* $OpenBSD: cryptosoft.h,v 1.5 2001/06/16 22:17:50 deraadt Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) @@ -25,49 +25,44 @@ #define _CRYPTO_CRYPTOSOFT_H_ /* Software session entry */ -struct swcr_data -{ - int sw_alg; /* Algorithm */ - union - { - struct - { - u_int8_t *SW_ictx; - u_int8_t *SW_octx; - u_int32_t SW_klen; - struct auth_hash *SW_axf; - } SWCR_AUTH; +struct swcr_data { + int sw_alg; /* Algorithm */ + union { + struct { + u_int8_t *SW_ictx; + u_int8_t *SW_octx; + u_int32_t SW_klen; + struct auth_hash *SW_axf; + } SWCR_AUTH; + struct { + u_int8_t *SW_kschedule; + u_int8_t *SW_iv; + struct enc_xform *SW_exf; + } SWCR_ENC; + } SWCR_UN; - struct - { - u_int8_t *SW_kschedule; - u_int8_t *SW_iv; - struct enc_xform *SW_exf; - } SWCR_ENC; - } SWCR_UN; +#define sw_ictx SWCR_UN.SWCR_AUTH.SW_ictx +#define sw_octx SWCR_UN.SWCR_AUTH.SW_octx +#define sw_klen SWCR_UN.SWCR_AUTH.SW_klen +#define sw_axf SWCR_UN.SWCR_AUTH.SW_axf +#define sw_kschedule SWCR_UN.SWCR_ENC.SW_kschedule +#define sw_iv SWCR_UN.SWCR_ENC.SW_iv +#define sw_exf SWCR_UN.SWCR_ENC.SW_exf -#define sw_ictx SWCR_UN.SWCR_AUTH.SW_ictx -#define sw_octx SWCR_UN.SWCR_AUTH.SW_octx -#define sw_klen SWCR_UN.SWCR_AUTH.SW_klen -#define sw_axf SWCR_UN.SWCR_AUTH.SW_axf -#define sw_kschedule SWCR_UN.SWCR_ENC.SW_kschedule -#define sw_iv SWCR_UN.SWCR_ENC.SW_iv -#define sw_exf SWCR_UN.SWCR_ENC.SW_exf - - struct swcr_data *sw_next; + struct swcr_data *sw_next; }; #ifdef _KERNEL extern u_int8_t hmac_ipad_buffer[64]; extern u_int8_t hmac_opad_buffer[64]; -extern int swcr_encdec(struct cryptodesc *, struct swcr_data *, caddr_t, int); -extern int swcr_authcompute(struct cryptodesc *, struct swcr_data *, - caddr_t, int); -extern int swcr_process(struct cryptop *); -extern int swcr_newsession(u_int32_t *, struct cryptoini *); -extern int swcr_freesession(u_int64_t); -extern void swcr_init(void); +int swcr_encdec(struct cryptodesc *, struct swcr_data *, caddr_t, int); +int swcr_authcompute(struct cryptodesc *, struct swcr_data *, + caddr_t, int); +int swcr_process(struct cryptop *); +int swcr_newsession(u_int32_t *, struct cryptoini *); +int swcr_freesession(u_int64_t); +void swcr_init(void); #endif /* _KERNEL */ #endif /* _CRYPTO_CRYPTO_H_ */ diff --git a/sys/crypto/xform.c b/sys/crypto/xform.c index c18901c64b5..8b2a4ae33f6 100644 --- a/sys/crypto/xform.c +++ b/sys/crypto/xform.c @@ -1,4 +1,4 @@ -/* $OpenBSD: xform.c,v 1.6 2001/06/13 13:43:34 angelos Exp $ */ +/* $OpenBSD: xform.c,v 1.7 2001/06/16 22:17:50 deraadt Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), @@ -88,105 +88,94 @@ int SHA1Update_int(void *, u_int8_t *, u_int16_t); int RMD160Update_int(void *, u_int8_t *, u_int16_t); /* Encryption instances */ -struct enc_xform enc_xform_des = -{ - CRYPTO_DES_CBC, "DES", - 8, 8, 8, - des1_encrypt, - des1_decrypt, - des1_setkey, - des1_zerokey, +struct enc_xform enc_xform_des = { + CRYPTO_DES_CBC, "DES", + 8, 8, 8, + des1_encrypt, + des1_decrypt, + des1_setkey, + des1_zerokey, }; -struct enc_xform enc_xform_3des = -{ - CRYPTO_3DES_CBC, "3DES", - 8, 24, 24, - des3_encrypt, - des3_decrypt, - des3_setkey, - des3_zerokey +struct enc_xform enc_xform_3des = { + CRYPTO_3DES_CBC, "3DES", + 8, 24, 24, + des3_encrypt, + des3_decrypt, + des3_setkey, + des3_zerokey }; -struct enc_xform enc_xform_blf = -{ - CRYPTO_BLF_CBC, "Blowfish", - 8, 5, 56 /* 448 bits, max key */, - blf_encrypt, - blf_decrypt, - blf_setkey, - blf_zerokey +struct enc_xform enc_xform_blf = { + CRYPTO_BLF_CBC, "Blowfish", + 8, 5, 56 /* 448 bits, max key */, + blf_encrypt, + blf_decrypt, + blf_setkey, + blf_zerokey }; -struct enc_xform enc_xform_cast5 = -{ - CRYPTO_CAST_CBC, "CAST-128", - 8, 5, 16, - cast5_encrypt, - cast5_decrypt, - cast5_setkey, - cast5_zerokey +struct enc_xform enc_xform_cast5 = { + CRYPTO_CAST_CBC, "CAST-128", + 8, 5, 16, + cast5_encrypt, + cast5_decrypt, + cast5_setkey, + cast5_zerokey }; -struct enc_xform enc_xform_skipjack = -{ - CRYPTO_SKIPJACK_CBC, "Skipjack", - 8, 10, 10, - skipjack_encrypt, - skipjack_decrypt, - skipjack_setkey, - skipjack_zerokey +struct enc_xform enc_xform_skipjack = { + CRYPTO_SKIPJACK_CBC, "Skipjack", + 8, 10, 10, + skipjack_encrypt, + skipjack_decrypt, + skipjack_setkey, + skipjack_zerokey }; -struct enc_xform enc_xform_rijndael128 = -{ - CRYPTO_RIJNDAEL128_CBC, "Rijndael-128/AES", - 16, 8, 32, - rijndael128_encrypt, - rijndael128_decrypt, - rijndael128_setkey, - rijndael128_zerokey, +struct enc_xform enc_xform_rijndael128 = { + CRYPTO_RIJNDAEL128_CBC, "Rijndael-128/AES", + 16, 8, 32, + rijndael128_encrypt, + rijndael128_decrypt, + rijndael128_setkey, + rijndael128_zerokey, }; /* Authentication instances */ -struct auth_hash auth_hash_hmac_md5_96 = -{ - CRYPTO_MD5_HMAC, "HMAC-MD5", - 16, 16, 12, sizeof(MD5_CTX), - (void (*) (void *)) MD5Init, MD5Update_int, - (void (*) (u_int8_t *, void *)) MD5Final +struct auth_hash auth_hash_hmac_md5_96 = { + CRYPTO_MD5_HMAC, "HMAC-MD5", + 16, 16, 12, sizeof(MD5_CTX), + (void (*) (void *)) MD5Init, MD5Update_int, + (void (*) (u_int8_t *, void *)) MD5Final }; -struct auth_hash auth_hash_hmac_sha1_96 = -{ - CRYPTO_SHA1_HMAC, "HMAC-SHA1", - 20, 20, 12, sizeof(SHA1_CTX), - (void (*) (void *)) SHA1Init, SHA1Update_int, - (void (*) (u_int8_t *, void *)) SHA1Final +struct auth_hash auth_hash_hmac_sha1_96 = { + CRYPTO_SHA1_HMAC, "HMAC-SHA1", + 20, 20, 12, sizeof(SHA1_CTX), + (void (*) (void *)) SHA1Init, SHA1Update_int, + (void (*) (u_int8_t *, void *)) SHA1Final }; -struct auth_hash auth_hash_hmac_ripemd_160_96 = -{ - CRYPTO_RIPEMD160_HMAC, "HMAC-RIPEMD-160", - 20, 20, 12, sizeof(RMD160_CTX), - (void (*)(void *)) RMD160Init, RMD160Update_int, - (void (*)(u_int8_t *, void *)) RMD160Final +struct auth_hash auth_hash_hmac_ripemd_160_96 = { + CRYPTO_RIPEMD160_HMAC, "HMAC-RIPEMD-160", + 20, 20, 12, sizeof(RMD160_CTX), + (void (*)(void *)) RMD160Init, RMD160Update_int, + (void (*)(u_int8_t *, void *)) RMD160Final }; -struct auth_hash auth_hash_key_md5 = -{ - CRYPTO_MD5_KPDK, "Keyed MD5", - 0, 16, 16, sizeof(MD5_CTX), - (void (*)(void *)) MD5Init, MD5Update_int, - (void (*)(u_int8_t *, void *)) MD5Final +struct auth_hash auth_hash_key_md5 = { + CRYPTO_MD5_KPDK, "Keyed MD5", + 0, 16, 16, sizeof(MD5_CTX), + (void (*)(void *)) MD5Init, MD5Update_int, + (void (*)(u_int8_t *, void *)) MD5Final }; -struct auth_hash auth_hash_key_sha1 = -{ - CRYPTO_SHA1_KPDK, "Keyed SHA1", - 0, 20, 20, sizeof(SHA1_CTX), - (void (*)(void *)) SHA1Init, SHA1Update_int, - (void (*)(u_int8_t *, void *)) SHA1Final +struct auth_hash auth_hash_key_sha1 = { + CRYPTO_SHA1_KPDK, "Keyed SHA1", + 0, 20, 20, sizeof(SHA1_CTX), + (void (*)(void *)) SHA1Init, SHA1Update_int, + (void (*)(u_int8_t *, void *)) SHA1Final }; /* @@ -195,183 +184,183 @@ struct auth_hash auth_hash_key_sha1 = void des1_encrypt(caddr_t key, u_int8_t *blk) { - des_ecb_encrypt(blk, blk, key, 1); + des_ecb_encrypt(blk, blk, key, 1); } void des1_decrypt(caddr_t key, u_int8_t *blk) { - des_ecb_encrypt(blk, blk, key, 0); + des_ecb_encrypt(blk, blk, key, 0); } void des1_setkey(u_int8_t **sched, u_int8_t *key, int len) { - MALLOC(*sched, u_int8_t *, 128, M_CRYPTO_DATA, M_WAITOK); - bzero(*sched, 128); - des_set_key(key, *sched); + MALLOC(*sched, u_int8_t *, 128, M_CRYPTO_DATA, M_WAITOK); + bzero(*sched, 128); + des_set_key(key, *sched); } void des1_zerokey(u_int8_t **sched) { - bzero(*sched, 128); - FREE(*sched, M_CRYPTO_DATA); - *sched = NULL; + bzero(*sched, 128); + FREE(*sched, M_CRYPTO_DATA); + *sched = NULL; } void des3_encrypt(caddr_t key, u_int8_t *blk) { - des_ecb3_encrypt(blk, blk, key, key + 128, key + 256, 1); + des_ecb3_encrypt(blk, blk, key, key + 128, key + 256, 1); } void des3_decrypt(caddr_t key, u_int8_t *blk) { - des_ecb3_encrypt(blk, blk, key + 256, key + 128, key, 0); + des_ecb3_encrypt(blk, blk, key + 256, key + 128, key, 0); } void des3_setkey(u_int8_t **sched, u_int8_t *key, int len) { - MALLOC(*sched, u_int8_t *, 384, M_CRYPTO_DATA, M_WAITOK); - bzero(*sched, 384); - des_set_key(key, *sched); - des_set_key(key + 8, *sched + 128); - des_set_key(key + 16, *sched + 256); + MALLOC(*sched, u_int8_t *, 384, M_CRYPTO_DATA, M_WAITOK); + bzero(*sched, 384); + des_set_key(key, *sched); + des_set_key(key + 8, *sched + 128); + des_set_key(key + 16, *sched + 256); } void des3_zerokey(u_int8_t **sched) { - bzero(*sched, 384); - FREE(*sched, M_CRYPTO_DATA); - *sched = NULL; + bzero(*sched, 384); + FREE(*sched, M_CRYPTO_DATA); + *sched = NULL; } void blf_encrypt(caddr_t key, u_int8_t *blk) { - blf_ecb_encrypt((blf_ctx *) key, blk, 8); + blf_ecb_encrypt((blf_ctx *) key, blk, 8); } void blf_decrypt(caddr_t key, u_int8_t *blk) { - blf_ecb_decrypt((blf_ctx *) key, blk, 8); + blf_ecb_decrypt((blf_ctx *) key, blk, 8); } void blf_setkey(u_int8_t **sched, u_int8_t *key, int len) { - MALLOC(*sched, u_int8_t *, sizeof(blf_ctx), M_CRYPTO_DATA, M_WAITOK); - bzero(*sched, sizeof(blf_ctx)); - blf_key((blf_ctx *)*sched, key, len); + MALLOC(*sched, u_int8_t *, sizeof(blf_ctx), M_CRYPTO_DATA, M_WAITOK); + bzero(*sched, sizeof(blf_ctx)); + blf_key((blf_ctx *)*sched, key, len); } void blf_zerokey(u_int8_t **sched) { - bzero(*sched, sizeof(blf_ctx)); - FREE(*sched, M_CRYPTO_DATA); - *sched = NULL; + bzero(*sched, sizeof(blf_ctx)); + FREE(*sched, M_CRYPTO_DATA); + *sched = NULL; } void cast5_encrypt(caddr_t key, u_int8_t *blk) { - cast_encrypt((cast_key *) key, blk, blk); + cast_encrypt((cast_key *) key, blk, blk); } void cast5_decrypt(caddr_t key, u_int8_t *blk) { - cast_decrypt((cast_key *) key, blk, blk); + cast_decrypt((cast_key *) key, blk, blk); } void cast5_setkey(u_int8_t **sched, u_int8_t *key, int len) { - MALLOC(*sched, u_int8_t *, sizeof(blf_ctx), M_CRYPTO_DATA, M_WAITOK); - bzero(*sched, sizeof(blf_ctx)); - cast_setkey((cast_key *)*sched, key, len); + MALLOC(*sched, u_int8_t *, sizeof(blf_ctx), M_CRYPTO_DATA, M_WAITOK); + bzero(*sched, sizeof(blf_ctx)); + cast_setkey((cast_key *)*sched, key, len); } void cast5_zerokey(u_int8_t **sched) { - bzero(*sched, sizeof(cast_key)); - FREE(*sched, M_CRYPTO_DATA); - *sched = NULL; + bzero(*sched, sizeof(cast_key)); + FREE(*sched, M_CRYPTO_DATA); + *sched = NULL; } void skipjack_encrypt(caddr_t key, u_int8_t *blk) { - skipjack_forwards(blk, blk, (u_int8_t **) key); + skipjack_forwards(blk, blk, (u_int8_t **) key); } void skipjack_decrypt(caddr_t key, u_int8_t *blk) { - skipjack_backwards(blk, blk, (u_int8_t **) key); + skipjack_backwards(blk, blk, (u_int8_t **) key); } void skipjack_setkey(u_int8_t **sched, u_int8_t *key, int len) { - MALLOC(*sched, u_int8_t *, 10 * sizeof(u_int8_t *), M_CRYPTO_DATA, - M_WAITOK); - bzero(*sched, 10 * sizeof(u_int8_t *)); - subkey_table_gen(key, (u_int8_t **) *sched); + MALLOC(*sched, u_int8_t *, 10 * sizeof(u_int8_t *), M_CRYPTO_DATA, + M_WAITOK); + bzero(*sched, 10 * sizeof(u_int8_t *)); + subkey_table_gen(key, (u_int8_t **) *sched); } void skipjack_zerokey(u_int8_t **sched) { - int k; + int k; - for (k = 0; k < 10; k++) - if (((u_int8_t **)(*sched))[k]) - { - bzero(((u_int8_t **)(*sched))[k], 0x100); - FREE(((u_int8_t **)(*sched))[k], M_CRYPTO_DATA); + for (k = 0; k < 10; k++) { + if (((u_int8_t **)(*sched))[k]) { + bzero(((u_int8_t **)(*sched))[k], 0x100); + FREE(((u_int8_t **)(*sched))[k], M_CRYPTO_DATA); + } } - bzero(*sched, 10 * sizeof(u_int8_t *)); - FREE(*sched, M_CRYPTO_DATA); - *sched = NULL; + bzero(*sched, 10 * sizeof(u_int8_t *)); + FREE(*sched, M_CRYPTO_DATA); + *sched = NULL; } void rijndael128_encrypt(caddr_t key, u_int8_t *blk) { - rijndael_encrypt((rijndael_ctx *) key, (u4byte *) blk, (u4byte *) blk); + rijndael_encrypt((rijndael_ctx *) key, (u4byte *) blk, (u4byte *) blk); } void rijndael128_decrypt(caddr_t key, u_int8_t *blk) { - rijndael_decrypt(((rijndael_ctx *) key) + 1, (u4byte *) blk, - (u4byte *) blk); + rijndael_decrypt(((rijndael_ctx *) key) + 1, (u4byte *) blk, + (u4byte *) blk); } void rijndael128_setkey(u_int8_t **sched, u_int8_t *key, int len) { - MALLOC(*sched, u_int8_t *, 2 * sizeof(rijndael_ctx), M_CRYPTO_DATA, - M_WAITOK); - bzero(*sched, 2 * sizeof(rijndael_ctx)); - rijndael_set_key((rijndael_ctx *) *sched, (u4byte *) key, len * 8, 1); - rijndael_set_key(((rijndael_ctx *) *sched) + 1, (u4byte *) key, len * 8, 0); + MALLOC(*sched, u_int8_t *, 2 * sizeof(rijndael_ctx), M_CRYPTO_DATA, + M_WAITOK); + bzero(*sched, 2 * sizeof(rijndael_ctx)); + rijndael_set_key((rijndael_ctx *) *sched, (u4byte *) key, len * 8, 1); + rijndael_set_key(((rijndael_ctx *) *sched) + 1, (u4byte *) key, len * 8, 0); } void rijndael128_zerokey(u_int8_t **sched) { - bzero(*sched, 2 * sizeof(rijndael_ctx)); - FREE(*sched, M_CRYPTO_DATA); - *sched = NULL; + bzero(*sched, 2 * sizeof(rijndael_ctx)); + FREE(*sched, M_CRYPTO_DATA); + *sched = NULL; } /* @@ -381,21 +370,21 @@ rijndael128_zerokey(u_int8_t **sched) int RMD160Update_int(void *ctx, u_int8_t *buf, u_int16_t len) { - RMD160Update(ctx, buf, len); - return 0; + RMD160Update(ctx, buf, len); + return 0; } int MD5Update_int(void *ctx, u_int8_t *buf, u_int16_t len) { - MD5Update(ctx, buf, len); - return 0; + MD5Update(ctx, buf, len); + return 0; } int SHA1Update_int(void *ctx, u_int8_t *buf, u_int16_t len) { - SHA1Update(ctx, buf, len); - return 0; + SHA1Update(ctx, buf, len); + return 0; } diff --git a/sys/crypto/xform.h b/sys/crypto/xform.h index dc86f5788e0..3c1803fbc5c 100644 --- a/sys/crypto/xform.h +++ b/sys/crypto/xform.h @@ -1,4 +1,4 @@ -/* $OpenBSD: xform.h,v 1.4 2001/06/13 13:43:35 angelos Exp $ */ +/* $OpenBSD: xform.h,v 1.5 2001/06/16 22:17:50 deraadt Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) @@ -29,35 +29,33 @@ #include <crypto/rmd160.h> /* Declarations */ -struct auth_hash -{ - int type; - char *name; - u_int16_t keysize; - u_int16_t hashsize; - u_int16_t authsize; - u_int16_t ctxsize; - void (*Init) (void *); - int (*Update) (void *, u_int8_t *, u_int16_t); - void (*Final) (u_int8_t *, void *); +struct auth_hash { + int type; + char *name; + u_int16_t keysize; + u_int16_t hashsize; + u_int16_t authsize; + u_int16_t ctxsize; + void (*Init) (void *); + int (*Update) (void *, u_int8_t *, u_int16_t); + void (*Final) (u_int8_t *, void *); }; -struct enc_xform -{ - int type; - char *name; - u_int16_t blocksize; - u_int16_t minkey, maxkey; - void (*encrypt) (caddr_t, u_int8_t *); - void (*decrypt) (caddr_t, u_int8_t *); - void (*setkey) (u_int8_t **, u_int8_t *, int len); - void (*zerokey) (u_int8_t **); +struct enc_xform { + int type; + char *name; + u_int16_t blocksize; + u_int16_t minkey, maxkey; + void (*encrypt) (caddr_t, u_int8_t *); + void (*decrypt) (caddr_t, u_int8_t *); + void (*setkey) (u_int8_t **, u_int8_t *, int len); + void (*zerokey) (u_int8_t **); }; union authctx { - MD5_CTX md5ctx; - SHA1_CTX sha1ctx; - RMD160_CTX rmd160ctx; + MD5_CTX md5ctx; + SHA1_CTX sha1ctx; + RMD160_CTX rmd160ctx; }; extern struct enc_xform enc_xform_des; @@ -72,4 +70,5 @@ extern struct auth_hash auth_hash_key_sha1; extern struct auth_hash auth_hash_hmac_md5_96; extern struct auth_hash auth_hash_hmac_sha1_96; extern struct auth_hash auth_hash_hmac_ripemd_160_96; + #endif /* _CRYPTO_XFORM_H_ */ |