summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTheo de Raadt <deraadt@cvs.openbsd.org>2001-06-16 22:17:51 +0000
committerTheo de Raadt <deraadt@cvs.openbsd.org>2001-06-16 22:17:51 +0000
commitfc1797c26959affbceb1bbecbad12b89f452a884 (patch)
tree291e7cbeb9eb76c82659bfef3b68dd79c600b254
parent27a945e715dc382fe6bf5356c21023a3c3693a3b (diff)
KNF
-rw-r--r--sys/crypto/crypto.c610
-rw-r--r--sys/crypto/crypto.h233
-rw-r--r--sys/crypto/cryptosoft.c1234
-rw-r--r--sys/crypto/cryptosoft.h67
-rw-r--r--sys/crypto/xform.c279
-rw-r--r--sys/crypto/xform.h49
6 files changed, 1174 insertions, 1298 deletions
diff --git a/sys/crypto/crypto.c b/sys/crypto/crypto.c
index 6957f799d19..203dc6688f0 100644
--- a/sys/crypto/crypto.c
+++ b/sys/crypto/crypto.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: crypto.c,v 1.18 2001/06/06 18:58:52 angelos Exp $ */
+/* $OpenBSD: crypto.c,v 1.19 2001/06/16 22:17:49 deraadt Exp $ */
/*
* The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
@@ -44,74 +44,71 @@ struct cryptop **crp_req_queue_tail = NULL;
int
crypto_newsession(u_int64_t *sid, struct cryptoini *cri, int hard)
{
- struct cryptoini *cr;
- u_int32_t hid, lid;
- int err, s;
+ struct cryptoini *cr;
+ u_int32_t hid, lid;
+ int err, s;
- if (crypto_drivers == NULL)
- return EINVAL;
+ if (crypto_drivers == NULL)
+ return EINVAL;
- s = splimp();
+ s = splimp();
- /*
- * The algorithm we use here is pretty stupid; just use the
- * first driver that supports all the algorithms we need.
- *
- * XXX We need more smarts here (in real life too, but that's
- * XXX another story altogether).
- */
+ /*
+ * The algorithm we use here is pretty stupid; just use the
+ * first driver that supports all the algorithms we need.
+ *
+ * XXX We need more smarts here (in real life too, but that's
+ * XXX another story altogether).
+ */
+
+ for (hid = 0; hid < crypto_drivers_num; hid++) {
+ /*
+ * If it's not initialized or has remaining sessions referencing
+ * it, skip.
+ */
+ if (crypto_drivers[hid].cc_newsession == NULL ||
+ (crypto_drivers[hid].cc_flags & CRYPTOCAP_F_CLEANUP))
+ continue;
+
+ /* hardware requested -- ignore software drivers */
+ if (hard &&
+ (crypto_drivers[hid].cc_flags & CRYPTOCAP_F_SOFTWARE))
+ continue;
+
+ /* See if all the algorithms are supported */
+ for (cr = cri; cr; cr = cr->cri_next)
+ if (crypto_drivers[hid].cc_alg[cr->cri_alg] == 0)
+ break;
+
+ /* Ok, all algorithms are supported */
+ if (cr == NULL)
+ break;
+ }
- for (hid = 0; hid < crypto_drivers_num; hid++)
- {
/*
- * If it's not initialized or has remaining sessions referencing
- * it, skip.
- */
- if ((crypto_drivers[hid].cc_newsession == NULL) ||
- (crypto_drivers[hid].cc_flags & CRYPTOCAP_F_CLEANUP))
- continue;
-
- /* hardware requested -- ignore software drivers */
- if (hard &&
- (crypto_drivers[hid].cc_flags & CRYPTOCAP_F_SOFTWARE))
- continue;
-
- /* See if all the algorithms are supported */
- for (cr = cri; cr; cr = cr->cri_next)
- if (crypto_drivers[hid].cc_alg[cr->cri_alg] == 0)
- break;
-
- /* Ok, all algorithms are supported */
- if (cr == NULL)
- break;
- }
-
- /*
- * Can't do everything in one session.
- *
- * XXX Fix this. We need to inject a "virtual" session layer right
- * XXX about here.
- */
-
- if (hid == crypto_drivers_num)
- {
+ * Can't do everything in one session.
+ *
+ * XXX Fix this. We need to inject a "virtual" session layer right
+ * XXX about here.
+ */
+
+ if (hid == crypto_drivers_num) {
+ splx(s);
+ return EINVAL;
+ }
+
+ /* Call the driver initialization routine */
+ lid = hid; /* Pass the driver ID */
+ err = crypto_drivers[hid].cc_newsession(&lid, cri);
+ if (err == 0) {
+ (*sid) = hid;
+ (*sid) <<= 32;
+ (*sid) |= (lid & 0xffffffff);
+ crypto_drivers[hid].cc_sessions++;
+ }
+
splx(s);
- return EINVAL;
- }
-
- /* Call the driver initialization routine */
- lid = hid; /* Pass the driver ID */
- err = crypto_drivers[hid].cc_newsession(&lid, cri);
- if (err == 0)
- {
- (*sid) = hid;
- (*sid) <<= 32;
- (*sid) |= (lid & 0xffffffff);
- crypto_drivers[hid].cc_sessions++;
- }
-
- splx(s);
- return err;
+ return err;
}
/*
@@ -121,37 +118,37 @@ crypto_newsession(u_int64_t *sid, struct cryptoini *cri, int hard)
int
crypto_freesession(u_int64_t sid)
{
- int err = 0, s;
- u_int32_t hid;
+ int err = 0, s;
+ u_int32_t hid;
- if (crypto_drivers == NULL)
- return EINVAL;
+ if (crypto_drivers == NULL)
+ return EINVAL;
- /* Determine two IDs */
- hid = (sid >> 32) & 0xffffffff;
+ /* Determine two IDs */
+ hid = (sid >> 32) & 0xffffffff;
- if (hid >= crypto_drivers_num)
- return ENOENT;
+ if (hid >= crypto_drivers_num)
+ return ENOENT;
- s = splimp();
+ s = splimp();
- if (crypto_drivers[hid].cc_sessions)
- crypto_drivers[hid].cc_sessions--;
+ if (crypto_drivers[hid].cc_sessions)
+ crypto_drivers[hid].cc_sessions--;
- /* Call the driver cleanup routine, if available */
- if (crypto_drivers[hid].cc_freesession)
- err = crypto_drivers[hid].cc_freesession(sid);
+ /* Call the driver cleanup routine, if available */
+ if (crypto_drivers[hid].cc_freesession)
+ err = crypto_drivers[hid].cc_freesession(sid);
- /*
- * If this was the last session of a driver marked as invalid, make
- * the entry available for reuse.
- */
- if ((crypto_drivers[hid].cc_flags & CRYPTOCAP_F_CLEANUP) &&
- (crypto_drivers[hid].cc_sessions == 0))
- bzero(&crypto_drivers[hid], sizeof(struct cryptocap));
+ /*
+ * If this was the last session of a driver marked as invalid,
+ * make the entry available for reuse.
+ */
+ if ((crypto_drivers[hid].cc_flags & CRYPTOCAP_F_CLEANUP) &&
+ crypto_drivers[hid].cc_sessions == 0)
+ bzero(&crypto_drivers[hid], sizeof(struct cryptocap));
- splx(s);
- return err;
+ splx(s);
+ return err;
}
/*
@@ -160,69 +157,65 @@ crypto_freesession(u_int64_t sid)
int32_t
crypto_get_driverid(void)
{
- struct cryptocap *newdrv;
- int i, s = splimp();
-
- if (crypto_drivers_num == 0)
- {
- crypto_drivers_num = CRYPTO_DRIVERS_INITIAL;
- crypto_drivers = malloc(crypto_drivers_num * sizeof(struct cryptocap),
- M_CRYPTO_DATA, M_NOWAIT);
- if (crypto_drivers == NULL)
- {
- splx(s);
- crypto_drivers_num = 0;
- return -1;
+ struct cryptocap *newdrv;
+ int i, s = splimp();
+
+ if (crypto_drivers_num == 0) {
+ crypto_drivers_num = CRYPTO_DRIVERS_INITIAL;
+ crypto_drivers = malloc(crypto_drivers_num *
+ sizeof(struct cryptocap), M_CRYPTO_DATA, M_NOWAIT);
+ if (crypto_drivers == NULL) {
+ splx(s);
+ crypto_drivers_num = 0;
+ return -1;
+ }
+
+ bzero(crypto_drivers, crypto_drivers_num *
+ sizeof(struct cryptocap));
}
- bzero(crypto_drivers, crypto_drivers_num * sizeof(struct cryptocap));
- }
-
- for (i = 0; i < crypto_drivers_num; i++)
- if ((crypto_drivers[i].cc_process == NULL) &&
- !(crypto_drivers[i].cc_flags & CRYPTOCAP_F_CLEANUP) &&
- (crypto_drivers[i].cc_sessions == 0))
- {
- crypto_drivers[i].cc_sessions = 1; /* Mark */
- splx(s);
- return i;
- }
-
- /* Out of entries, allocate some more */
- if (i == crypto_drivers_num)
- {
- /* Be careful about wrap-around */
- if (2 * crypto_drivers_num <= crypto_drivers_num)
- {
- splx(s);
- return -1;
+ for (i = 0; i < crypto_drivers_num; i++) {
+ if (crypto_drivers[i].cc_process == NULL &&
+ !(crypto_drivers[i].cc_flags & CRYPTOCAP_F_CLEANUP) &&
+ crypto_drivers[i].cc_sessions == 0) {
+ crypto_drivers[i].cc_sessions = 1; /* Mark */
+ splx(s);
+ return i;
+ }
}
- newdrv = malloc(2 * crypto_drivers_num * sizeof(struct cryptocap),
- M_CRYPTO_DATA, M_NOWAIT);
- if (newdrv == NULL)
- {
- splx(s);
- return -1;
+ /* Out of entries, allocate some more */
+ if (i == crypto_drivers_num) {
+ /* Be careful about wrap-around */
+ if (2 * crypto_drivers_num <= crypto_drivers_num) {
+ splx(s);
+ return -1;
+ }
+
+ newdrv = malloc(2 * crypto_drivers_num * sizeof(struct cryptocap),
+ M_CRYPTO_DATA, M_NOWAIT);
+ if (newdrv == NULL) {
+ splx(s);
+ return -1;
+ }
+
+ bcopy(crypto_drivers, newdrv,
+ crypto_drivers_num * sizeof(struct cryptocap));
+ bzero(&newdrv[crypto_drivers_num],
+ crypto_drivers_num * sizeof(struct cryptocap));
+
+ newdrv[i].cc_sessions = 1; /* Mark */
+ crypto_drivers_num *= 2;
+
+ free(crypto_drivers, M_CRYPTO_DATA);
+ crypto_drivers = newdrv;
+ splx(s);
+ return i;
}
- bcopy(crypto_drivers, newdrv,
- crypto_drivers_num * sizeof(struct cryptocap));
- bzero(&newdrv[crypto_drivers_num],
- crypto_drivers_num * sizeof(struct cryptocap));
-
- newdrv[i].cc_sessions = 1; /* Mark */
- crypto_drivers_num *= 2;
-
- free(crypto_drivers, M_CRYPTO_DATA);
- crypto_drivers = newdrv;
+ /* Shouldn't really get here... */
splx(s);
- return i;
- }
-
- /* Shouldn't really get here... */
- splx(s);
- return -1;
+ return -1;
}
/*
@@ -234,32 +227,31 @@ crypto_register(u_int32_t driverid, int alg,
int (*newses)(u_int32_t *, struct cryptoini *),
int (*freeses)(u_int64_t), int (*process)(struct cryptop *))
{
- int s;
-
- if ((driverid >= crypto_drivers_num) || (alg <= 0) ||
- (alg > CRYPTO_ALGORITHM_MAX) || (crypto_drivers == NULL))
- return EINVAL;
+ int s;
- s = splimp();
+ if (driverid >= crypto_drivers_num || alg <= 0 ||
+ alg > CRYPTO_ALGORITHM_MAX || crypto_drivers == NULL)
+ return EINVAL;
- /*
- * XXX Do some performance testing to determine placing.
- * XXX We probably need an auxiliary data structure that describes
- * XXX relative performances.
- */
+ s = splimp();
- crypto_drivers[driverid].cc_alg[alg] = 1;
-
- if (crypto_drivers[driverid].cc_process == NULL)
- {
- crypto_drivers[driverid].cc_newsession = newses;
- crypto_drivers[driverid].cc_process = process;
- crypto_drivers[driverid].cc_freesession = freeses;
- crypto_drivers[driverid].cc_sessions = 0; /* Unmark */
- }
+ /*
+ * XXX Do some performance testing to determine placing.
+ * XXX We probably need an auxiliary data structure that describes
+ * XXX relative performances.
+ */
+
+ crypto_drivers[driverid].cc_alg[alg] = 1;
+
+ if (crypto_drivers[driverid].cc_process == NULL) {
+ crypto_drivers[driverid].cc_newsession = newses;
+ crypto_drivers[driverid].cc_process = process;
+ crypto_drivers[driverid].cc_freesession = freeses;
+ crypto_drivers[driverid].cc_sessions = 0; /* Unmark */
+ }
- splx(s);
- return 0;
+ splx(s);
+ return 0;
}
/*
@@ -271,40 +263,35 @@ crypto_register(u_int32_t driverid, int alg,
int
crypto_unregister(u_int32_t driverid, int alg)
{
- int i, s = splimp();
- u_int32_t ses;
-
- /* Sanity checks */
- if ((driverid >= crypto_drivers_num) || (alg <= 0) ||
- (alg > CRYPTO_ALGORITHM_MAX) || (crypto_drivers == NULL) ||
- (crypto_drivers[driverid].cc_alg[alg] == 0))
- {
- splx(s);
- return EINVAL;
- }
-
- crypto_drivers[driverid].cc_alg[alg] = 0;
-
- /* Was this the last algorithm ? */
- for (i = 1; i <= CRYPTO_ALGORITHM_MAX; i++)
- if (crypto_drivers[driverid].cc_alg[i] != 0)
- break;
-
- if (i == CRYPTO_ALGORITHM_MAX + 1)
- {
- ses = crypto_drivers[driverid].cc_sessions;
- bzero(&crypto_drivers[driverid], sizeof(struct cryptocap));
-
- if (ses != 0)
- {
- /* If there are pending sessions, just mark as invalid */
- crypto_drivers[driverid].cc_flags |= CRYPTOCAP_F_CLEANUP;
- crypto_drivers[driverid].cc_sessions = ses;
+ int i, s = splimp();
+ u_int32_t ses;
+
+ /* Sanity checks */
+ if (driverid >= crypto_drivers_num || alg <= 0 ||
+ alg > CRYPTO_ALGORITHM_MAX || crypto_drivers == NULL ||
+ crypto_drivers[driverid].cc_alg[alg] == 0) {
+ splx(s);
+ return EINVAL;
}
- }
- splx(s);
- return 0;
+ crypto_drivers[driverid].cc_alg[alg] = 0;
+
+ /* Was this the last algorithm ? */
+ for (i = 1; i <= CRYPTO_ALGORITHM_MAX; i++)
+ if (crypto_drivers[driverid].cc_alg[i] != 0)
+ break;
+
+ if (i == CRYPTO_ALGORITHM_MAX + 1) {
+ ses = crypto_drivers[driverid].cc_sessions;
+ bzero(&crypto_drivers[driverid], sizeof(struct cryptocap));
+ if (ses != 0) {
+ /* If there are pending sessions, just mark as invalid */
+ crypto_drivers[driverid].cc_flags |= CRYPTOCAP_F_CLEANUP;
+ crypto_drivers[driverid].cc_sessions = ses;
+ }
+ }
+ splx(s);
+ return 0;
}
/*
@@ -313,22 +300,19 @@ crypto_unregister(u_int32_t driverid, int alg)
int
crypto_dispatch(struct cryptop *crp)
{
- int s = splimp();
-
- if (crp_req_queue == NULL) {
- crp_req_queue = crp;
- crp_req_queue_tail = &(crp->crp_next);
- splx(s);
-
- wakeup((caddr_t) &crp_req_queue);
- }
- else
- {
- *crp_req_queue_tail = crp;
- crp_req_queue_tail = &(crp->crp_next);
- splx(s);
- }
- return 0;
+ int s = splimp();
+
+ if (crp_req_queue == NULL) {
+ crp_req_queue = crp;
+ crp_req_queue_tail = &(crp->crp_next);
+ splx(s);
+ wakeup((caddr_t) &crp_req_queue);
+ } else {
+ *crp_req_queue_tail = crp;
+ crp_req_queue_tail = &(crp->crp_next);
+ splx(s);
+ }
+ return 0;
}
/*
@@ -337,56 +321,52 @@ crypto_dispatch(struct cryptop *crp)
int
crypto_invoke(struct cryptop *crp)
{
- struct cryptodesc *crd;
- u_int64_t nid;
- u_int32_t hid;
-
- /* Sanity checks */
- if ((crp == NULL) || (crp->crp_callback == NULL))
- return EINVAL;
-
- if ((crp->crp_desc == NULL) || (crypto_drivers == NULL))
- {
- crp->crp_etype = EINVAL;
- crypto_done(crp);
- return 0;
- }
+ struct cryptodesc *crd;
+ u_int64_t nid;
+ u_int32_t hid;
+
+ /* Sanity checks */
+ if (crp == NULL || crp->crp_callback == NULL)
+ return EINVAL;
+
+ if (crp->crp_desc == NULL || crypto_drivers == NULL) {
+ crp->crp_etype = EINVAL;
+ crypto_done(crp);
+ return 0;
+ }
- hid = (crp->crp_sid >> 32) & 0xffffffff;
+ hid = (crp->crp_sid >> 32) & 0xffffffff;
+ if (hid >= crypto_drivers_num) {
+ /* Migrate session */
+ for (crd = crp->crp_desc; crd->crd_next; crd = crd->crd_next)
+ crd->CRD_INI.cri_next = &(crd->crd_next->CRD_INI);
- if (hid >= crypto_drivers_num)
- {
- /* Migrate session */
- for (crd = crp->crp_desc; crd->crd_next; crd = crd->crd_next)
- crd->CRD_INI.cri_next = &(crd->crd_next->CRD_INI);
+ if (crypto_newsession(&nid, &(crp->crp_desc->CRD_INI), 0) == 0)
+ crp->crp_sid = nid;
- if (crypto_newsession(&nid, &(crp->crp_desc->CRD_INI), 0) == 0)
- crp->crp_sid = nid;
+ crp->crp_etype = EAGAIN;
+ crypto_done(crp);
+ return 0;
+ }
- crp->crp_etype = EAGAIN;
- crypto_done(crp);
- return 0;
- }
+ if (crypto_drivers[hid].cc_flags & CRYPTOCAP_F_CLEANUP)
+ crypto_freesession(crp->crp_sid);
- if (crypto_drivers[hid].cc_flags & CRYPTOCAP_F_CLEANUP)
- crypto_freesession(crp->crp_sid);
+ if (crypto_drivers[hid].cc_process == NULL) {
+ /* Migrate session */
+ for (crd = crp->crp_desc; crd->crd_next; crd = crd->crd_next)
+ crd->CRD_INI.cri_next = &(crd->crd_next->CRD_INI);
- if (crypto_drivers[hid].cc_process == NULL)
- {
- /* Migrate session */
- for (crd = crp->crp_desc; crd->crd_next; crd = crd->crd_next)
- crd->CRD_INI.cri_next = &(crd->crd_next->CRD_INI);
+ if (crypto_newsession(&nid, &(crp->crp_desc->CRD_INI), 0) == 0)
+ crp->crp_sid = nid;
- if (crypto_newsession(&nid, &(crp->crp_desc->CRD_INI), 0) == 0)
- crp->crp_sid = nid;
+ crp->crp_etype = EAGAIN;
+ crypto_done(crp);
+ return 0;
+ }
- crp->crp_etype = EAGAIN;
- crypto_done(crp);
+ crypto_drivers[hid].cc_process(crp);
return 0;
- }
-
- crypto_drivers[hid].cc_process(crp);
- return 0;
}
/*
@@ -395,22 +375,21 @@ crypto_invoke(struct cryptop *crp)
void
crypto_freereq(struct cryptop *crp)
{
- struct cryptodesc *crd;
- int s;
+ struct cryptodesc *crd;
+ int s;
- if (crp == NULL)
- return;
+ if (crp == NULL)
+ return;
- s = splimp();
+ s = splimp();
- while ((crd = crp->crp_desc) != NULL)
- {
- crp->crp_desc = crd->crd_next;
- pool_put(&cryptodesc_pool, crd);
- }
+ while ((crd = crp->crp_desc) != NULL) {
+ crp->crp_desc = crd->crd_next;
+ pool_put(&cryptodesc_pool, crd);
+ }
- pool_put(&cryptop_pool, crp);
- splx(s);
+ pool_put(&cryptop_pool, crp);
+ splx(s);
}
/*
@@ -419,46 +398,40 @@ crypto_freereq(struct cryptop *crp)
struct cryptop *
crypto_getreq(int num)
{
- struct cryptodesc *crd;
- struct cryptop *crp;
- int s = splimp();
-
- if (crypto_pool_initialized == 0)
- {
- pool_init(&cryptop_pool, sizeof(struct cryptop), 0, 0, PR_FREEHEADER,
- "cryptop", 0, NULL, NULL, M_CRYPTO_OPS);
-
- pool_init(&cryptodesc_pool, sizeof(struct cryptodesc), 0, 0,
- PR_FREEHEADER, "cryptodesc", 0, NULL, NULL, M_CRYPTO_OPS);
- crypto_pool_initialized = 1;
- }
-
- crp = pool_get(&cryptop_pool, 0);
- if (crp == NULL)
- {
- splx(s);
- return NULL;
- }
-
- bzero(crp, sizeof(struct cryptop));
-
- while (num--)
- {
- crd = pool_get(&cryptodesc_pool, 0);
- if (crd == NULL)
- {
- splx(s);
- crypto_freereq(crp);
- return NULL;
+ struct cryptodesc *crd;
+ struct cryptop *crp;
+ int s = splimp();
+
+ if (crypto_pool_initialized == 0) {
+ pool_init(&cryptop_pool, sizeof(struct cryptop), 0, 0,
+ PR_FREEHEADER, "cryptop", 0, NULL, NULL, M_CRYPTO_OPS);
+ pool_init(&cryptodesc_pool, sizeof(struct cryptodesc), 0, 0,
+ PR_FREEHEADER, "cryptodesc", 0, NULL, NULL, M_CRYPTO_OPS);
+ crypto_pool_initialized = 1;
}
- bzero(crd, sizeof(struct cryptodesc));
- crd->crd_next = crp->crp_desc;
- crp->crp_desc = crd;
- }
+ crp = pool_get(&cryptop_pool, 0);
+ if (crp == NULL) {
+ splx(s);
+ return NULL;
+ }
+ bzero(crp, sizeof(struct cryptop));
+
+ while (num--) {
+ crd = pool_get(&cryptodesc_pool, 0);
+ if (crd == NULL) {
+ splx(s);
+ crypto_freereq(crp);
+ return NULL;
+ }
+
+ bzero(crd, sizeof(struct cryptodesc));
+ crd->crd_next = crp->crp_desc;
+ crp->crp_desc = crd;
+ }
- splx(s);
- return crp;
+ splx(s);
+ return crp;
}
/*
@@ -467,25 +440,22 @@ crypto_getreq(int num)
void
crypto_thread(void)
{
- struct cryptop *crp;
- int s;
-
- s = splimp();
-
- for (;;)
- {
- crp = crp_req_queue;
- if (crp == NULL) /* No work to do */
- {
- (void) tsleep(&crp_req_queue, PLOCK, "crypto_wait", 0);
- continue;
- }
+ struct cryptop *crp;
+ int s;
- /* Remove from the queue */
- crp_req_queue = crp->crp_next;
+ s = splimp();
- crypto_invoke(crp);
- }
+ for (;;) {
+ crp = crp_req_queue;
+ if (crp == NULL) {
+ (void) tsleep(&crp_req_queue, PLOCK, "crypto_wait", 0);
+ continue;
+ }
+
+ /* Remove from the queue */
+ crp_req_queue = crp->crp_next;
+ crypto_invoke(crp);
+ }
}
/*
@@ -494,5 +464,5 @@ crypto_thread(void)
void
crypto_done(struct cryptop *crp)
{
- crp->crp_callback(crp);
+ crp->crp_callback(crp);
}
diff --git a/sys/crypto/crypto.h b/sys/crypto/crypto.h
index f6151234416..46eb89a47f7 100644
--- a/sys/crypto/crypto.h
+++ b/sys/crypto/crypto.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: crypto.h,v 1.19 2001/06/06 18:58:53 angelos Exp $ */
+/* $OpenBSD: crypto.h,v 1.20 2001/06/16 22:17:49 deraadt Exp $ */
/*
* The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
@@ -25,155 +25,138 @@
#define _CRYPTO_CRYPTO_H_
/* Some initial values */
-#define CRYPTO_DRIVERS_INITIAL 4
-#define CRYPTO_SW_SESSIONS 32
+#define CRYPTO_DRIVERS_INITIAL 4
+#define CRYPTO_SW_SESSIONS 32
/* HMAC values */
#define HMAC_BLOCK_LEN 64
-#define HMAC_IPAD_VAL 0x36
-#define HMAC_OPAD_VAL 0x5C
+#define HMAC_IPAD_VAL 0x36
+#define HMAC_OPAD_VAL 0x5C
/* Encryption algorithm block sizes */
-#define DES_BLOCK_LEN 8
-#define DES3_BLOCK_LEN 8
-#define BLOWFISH_BLOCK_LEN 8
-#define SKIPJACK_BLOCK_LEN 8
-#define CAST128_BLOCK_LEN 8
-#define RIJNDAEL128_BLOCK_LEN 16
-#define EALG_MAX_BLOCK_LEN 16 /* Keep this updated */
+#define DES_BLOCK_LEN 8
+#define DES3_BLOCK_LEN 8
+#define BLOWFISH_BLOCK_LEN 8
+#define SKIPJACK_BLOCK_LEN 8
+#define CAST128_BLOCK_LEN 8
+#define RIJNDAEL128_BLOCK_LEN 16
+#define EALG_MAX_BLOCK_LEN 16 /* Keep this updated */
/* Maximum hash algorithm result length */
-#define AALG_MAX_RESULT_LEN 20 /* Keep this updated */
-
-#define CRYPTO_DES_CBC 1
-#define CRYPTO_3DES_CBC 2
-#define CRYPTO_BLF_CBC 3
-#define CRYPTO_CAST_CBC 4
-#define CRYPTO_SKIPJACK_CBC 5
-#define CRYPTO_MD5_HMAC 6
-#define CRYPTO_SHA1_HMAC 7
-#define CRYPTO_RIPEMD160_HMAC 8
-#define CRYPTO_MD5_KPDK 9
-#define CRYPTO_SHA1_KPDK 10
-#define CRYPTO_RIJNDAEL128_CBC 11 /* 128 bit blocksize */
-#define CRYPTO_AES_CBC 11 /* 128 bit blocksize -- the same as above */
-
-#define CRYPTO_ALGORITHM_MAX 11 /* Keep this updated */
+#define AALG_MAX_RESULT_LEN 20 /* Keep this updated */
+
+#define CRYPTO_DES_CBC 1
+#define CRYPTO_3DES_CBC 2
+#define CRYPTO_BLF_CBC 3
+#define CRYPTO_CAST_CBC 4
+#define CRYPTO_SKIPJACK_CBC 5
+#define CRYPTO_MD5_HMAC 6
+#define CRYPTO_SHA1_HMAC 7
+#define CRYPTO_RIPEMD160_HMAC 8
+#define CRYPTO_MD5_KPDK 9
+#define CRYPTO_SHA1_KPDK 10
+#define CRYPTO_RIJNDAEL128_CBC 11 /* 128 bit blocksize */
+#define CRYPTO_AES_CBC 11 /* 128 bit blocksize -- the same as above */
+
+#define CRYPTO_ALGORITHM_MAX 11 /* Keep this updated */
/* Standard initialization structure beginning */
-struct cryptoini
-{
- int cri_alg; /* Algorithm to use */
- int cri_klen; /* Key length, in bits */
- int cri_rnd; /* Algorithm rounds, where relevant */
- caddr_t cri_key; /* key to use */
- u_int8_t cri_iv[EALG_MAX_BLOCK_LEN]; /* IV to use */
- struct cryptoini *cri_next;
+struct cryptoini {
+ int cri_alg; /* Algorithm to use */
+ int cri_klen; /* Key length, in bits */
+ int cri_rnd; /* Algorithm rounds, where relevant */
+ caddr_t cri_key; /* key to use */
+ u_int8_t cri_iv[EALG_MAX_BLOCK_LEN]; /* IV to use */
+ struct cryptoini *cri_next;
};
/* Describe boundaries of a single crypto operation */
-struct cryptodesc
-{
- int crd_skip; /* How many bytes to ignore from start */
- int crd_len; /* How many bytes to process */
- int crd_inject; /* Where to inject results, if applicable */
- int crd_flags;
-
-#define CRD_F_ENCRYPT 0x1 /* Set when doing encryption */
-#define CRD_F_IV_PRESENT 0x2 /* When encrypting, IV is already in
- place, so don't copy. */
-#define CRD_F_IV_EXPLICIT 0x4 /* IV explicitly provided */
-
- struct cryptoini CRD_INI; /* Initialization/context data */
-#define crd_iv CRD_INI.cri_iv
-#define crd_key CRD_INI.cri_key
-#define crd_rnd CRD_INI.cri_rnd
-#define crd_alg CRD_INI.cri_alg
-#define crd_klen CRD_INI.cri_klen
-
- struct cryptodesc *crd_next;
+struct cryptodesc {
+ int crd_skip; /* How many bytes to ignore from start */
+ int crd_len; /* How many bytes to process */
+ int crd_inject; /* Where to inject results, if applicable */
+ int crd_flags;
+
+#define CRD_F_ENCRYPT 0x1 /* Set when doing encryption */
+#define CRD_F_IV_PRESENT 0x2 /* When encrypting, IV is already in
+ place, so don't copy. */
+#define CRD_F_IV_EXPLICIT 0x4 /* IV explicitly provided */
+
+ struct cryptoini CRD_INI; /* Initialization/context data */
+#define crd_iv CRD_INI.cri_iv
+#define crd_key CRD_INI.cri_key
+#define crd_rnd CRD_INI.cri_rnd
+#define crd_alg CRD_INI.cri_alg
+#define crd_klen CRD_INI.cri_klen
+
+ struct cryptodesc *crd_next;
};
/* Structure describing complete operation */
-struct cryptop
-{
- u_int64_t crp_sid; /* Session ID */
- int crp_ilen; /* Input data total length */
- int crp_olen; /* Result total length (unused for now) */
- int crp_alloctype; /* Type of buf to allocate if needed */
-
- int crp_etype; /* Error type (zero means no error).
- * All error codes except EAGAIN
- * indicate possible data corruption (as in,
- * the data have been touched). On all
- * errors, the crp_sid may have changed
- * (reset to a new one), so the caller
- * should always check and use the new
- * value on future requests.
- */
- int crp_flags;
-
-#define CRYPTO_F_IMBUF 0x0001 /* Input/output are mbuf chains, otherwise contig */
-#define CRYPTO_F_IOV 0x0002 /* Input/output are uio */
-#define CRYPTO_F_REL 0x0004 /* Must return data in same place */
-
- caddr_t crp_buf; /* Data to be processed */
-
- caddr_t crp_opaque;/* Opaque pointer, passed along */
-
- struct cryptodesc *crp_desc; /* Linked list of processing descriptors */
-
- int (*crp_callback) (struct cryptop *); /* Callback function */
-
- struct cryptop *crp_next;
-
- caddr_t crp_iv;
- caddr_t crp_mac;
- int crp_mac_trunc_len;
-
+struct cryptop {
+ u_int64_t crp_sid; /* Session ID */
+ int crp_ilen; /* Input data total length */
+ int crp_olen; /* Result total length (unused for now) */
+ int crp_alloctype; /* Type of buf to allocate if needed */
+
+ int crp_etype; /*
+ * Error type (zero means no error).
+ * All error codes except EAGAIN
+ * indicate possible data corruption (as in,
+ * the data have been touched). On all
+ * errors, the crp_sid may have changed
+ * (reset to a new one), so the caller
+ * should always check and use the new
+ * value on future requests.
+ */
+ int crp_flags;
+
+#define CRYPTO_F_IMBUF 0x0001 /* Input/output are mbuf chains, otherwise contig */
+#define CRYPTO_F_IOV 0x0002 /* Input/output are uio */
+#define CRYPTO_F_REL 0x0004 /* Must return data in same place */
+
+ caddr_t crp_buf; /* Data to be processed */
+ caddr_t crp_opaque; /* Opaque pointer, passed along */
+ struct cryptodesc *crp_desc; /* Linked list of processing descriptors */
+ int (*crp_callback)(struct cryptop *); /* Callback function */
+ struct cryptop *crp_next;
+ caddr_t crp_iv;
+ caddr_t crp_mac;
+ int crp_mac_trunc_len;
};
-#define CRYPTO_BUF_CONTIG 0x1
-#define CRYPTO_BUF_MBUF 0x2
+#define CRYPTO_BUF_CONTIG 0x1
+#define CRYPTO_BUF_MBUF 0x2
-#define CRYPTO_OP_DECRYPT 0x0
-#define CRYPTO_OP_ENCRYPT 0x1
+#define CRYPTO_OP_DECRYPT 0x0
+#define CRYPTO_OP_ENCRYPT 0x1
/* Crypto capabilities structure */
-struct cryptocap
-{
- u_int32_t cc_sessions;
-
- u_int8_t cc_alg[CRYPTO_ALGORITHM_MAX + 1]; /* Supported */
- u_int8_t cc_flags;
+struct cryptocap {
+ u_int32_t cc_sessions;
+ u_int8_t cc_alg[CRYPTO_ALGORITHM_MAX + 1]; /* Supported */
+ u_int8_t cc_flags;
#define CRYPTOCAP_F_CLEANUP 0x1
#define CRYPTOCAP_F_SOFTWARE 0x02
- int (*cc_newsession) (u_int32_t *, struct cryptoini *);
- int (*cc_process) (struct cryptop *);
- int (*cc_freesession) (u_int64_t);
+ int (*cc_newsession) (u_int32_t *, struct cryptoini *);
+ int (*cc_process) (struct cryptop *);
+ int (*cc_freesession) (u_int64_t);
};
-#if 0
-struct criov {
- int niov;
- struct iovec iov[IOV_MAX];
-};
-#endif
-
#ifdef _KERNEL
-extern int crypto_newsession(u_int64_t *, struct cryptoini *, int);
-extern int crypto_freesession(u_int64_t);
-extern int crypto_dispatch(struct cryptop *);
-extern int crypto_register(u_int32_t, int,
- int (*)(u_int32_t *, struct cryptoini *), int (*)(u_int64_t),
- int (*)(struct cryptop *));
-extern int crypto_unregister(u_int32_t, int);
-extern int32_t crypto_get_driverid(void);
-extern void crypto_thread(void);
-extern int crypto_invoke(struct cryptop *);
-extern void crypto_done(struct cryptop *);
+int crypto_newsession(u_int64_t *, struct cryptoini *, int);
+int crypto_freesession(u_int64_t);
+int crypto_dispatch(struct cryptop *);
+int crypto_register(u_int32_t, int,
+ int (*)(u_int32_t *, struct cryptoini *), int (*)(u_int64_t),
+ int (*)(struct cryptop *));
+int crypto_unregister(u_int32_t, int);
+int32_t crypto_get_driverid(void);
+void crypto_thread(void);
+int crypto_invoke(struct cryptop *);
+void crypto_done(struct cryptop *);
struct mbuf;
int mbuf2pages __P((struct mbuf *, int *, long *, int *, int, int *));
@@ -181,7 +164,7 @@ int iov2pages __P((struct uio *, int *, long *, int *, int, int *));
void cuio_copydata __P((struct uio *, int, int, caddr_t));
void cuio_copyback __P((struct uio *, int, int, caddr_t));
-extern struct cryptop *crypto_getreq(int);
-extern void crypto_freereq(struct cryptop *);
+struct cryptop *crypto_getreq(int);
+void crypto_freereq(struct cryptop *);
#endif /* _KERNEL */
#endif /* _CRYPTO_CRYPTO_H_ */
diff --git a/sys/crypto/cryptosoft.c b/sys/crypto/cryptosoft.c
index 150b38708e0..009a96df8b6 100644
--- a/sys/crypto/cryptosoft.c
+++ b/sys/crypto/cryptosoft.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cryptosoft.c,v 1.21 2001/06/06 04:37:07 angelos Exp $ */
+/* $OpenBSD: cryptosoft.c,v 1.22 2001/06/16 22:17:49 deraadt Exp $ */
/*
* The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
@@ -39,24 +39,26 @@
#include <crypto/xform.h>
u_int8_t hmac_ipad_buffer[64] = {
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36 };
+ 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+ 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+ 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+ 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+ 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+ 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+ 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+ 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36
+};
u_int8_t hmac_opad_buffer[64] = {
- 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
- 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
- 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
- 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
- 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
- 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
- 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
- 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C };
+ 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
+ 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
+ 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
+ 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
+ 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
+ 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
+ 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
+ 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C
+};
struct swcr_data **swcr_sessions = NULL;
@@ -68,241 +70,229 @@ int32_t swcr_id = -1;
*/
int
swcr_encdec(struct cryptodesc *crd, struct swcr_data *sw, caddr_t buf,
- int outtype)
+ int outtype)
{
- unsigned char iv[EALG_MAX_BLOCK_LEN], blk[EALG_MAX_BLOCK_LEN], *idat;
- unsigned char *ivp, piv[EALG_MAX_BLOCK_LEN];
- struct enc_xform *exf;
- int i, k, j, blks;
- struct mbuf *m;
-
- exf = sw->sw_exf;
- blks = exf->blocksize;
-
- /* Check for non-padded data */
- if (crd->crd_len % blks)
- return EINVAL;
-
- if (outtype == CRYPTO_BUF_CONTIG)
- {
- if (crd->crd_flags & CRD_F_ENCRYPT)
- {
- /* IV explicitly provided ? */
- if (crd->crd_flags & CRD_F_IV_EXPLICIT)
- bcopy(crd->crd_iv, sw->sw_iv, blks);
-
- if (!(crd->crd_flags & CRD_F_IV_PRESENT))
- bcopy(sw->sw_iv, buf + crd->crd_inject, blks);
-
- for (i = crd->crd_skip;
- i < crd->crd_skip + crd->crd_len;
- i += blks)
- {
- /* XOR with the IV/previous block, as appropriate. */
- if (i == crd->crd_skip)
- for (k = 0; k < blks; k++)
- buf[i + k] ^= sw->sw_iv[k];
- else
- for (k = 0; k < blks; k++)
- buf[i + k] ^= buf[i + k - blks];
-
- exf->encrypt(sw->sw_kschedule, buf + i);
- }
-
- /* Keep the last block */
- bcopy(buf + crd->crd_len - blks, sw->sw_iv, blks);
- }
- else /* Decrypt */
- {
- /* IV explicitly provided ? */
- if (crd->crd_flags & CRD_F_IV_EXPLICIT)
- bcopy(crd->crd_iv, sw->sw_iv, blks);
- else /* IV preceeds data */
- bcopy(buf + crd->crd_inject, sw->sw_iv, blks);
-
- /*
- * Start at the end, so we don't need to keep the encrypted
- * block as the IV for the next block.
- */
- for (i = crd->crd_skip + crd->crd_len - blks;
- i >= crd->crd_skip;
- i -= blks)
- {
- exf->decrypt(sw->sw_kschedule, buf + i);
-
- /* XOR with the IV/previous block, as appropriate */
- if (i == crd->crd_skip)
- for (k = 0; k < blks; k++)
- buf[i + k] ^= sw->sw_iv[k];
- else
- for (k = 0; k < blks; k++)
- buf[i + k] ^= buf[i + k - blks];
- }
- }
-
- return 0; /* Done with contiguous buffer encryption/decryption */
- }
- else /* mbuf */
- {
- m = (struct mbuf *) buf;
-
- /* Initialize the IV */
- if (crd->crd_flags & CRD_F_ENCRYPT)
- {
- /* IV explicitly provided ? */
- if (crd->crd_flags & CRD_F_IV_EXPLICIT)
- bcopy(crd->crd_iv, iv, blks);
- else
- bcopy(sw->sw_iv, iv, blks); /* Use IV from context */
-
- /* Do we need to write the IV */
- if (!(crd->crd_flags & CRD_F_IV_PRESENT))
- m_copyback(m, crd->crd_inject, blks, iv);
- }
- else /* Decryption */
- {
- /* IV explicitly provided ? */
- if (crd->crd_flags & CRD_F_IV_EXPLICIT)
- bcopy(crd->crd_iv, iv, blks);
- else
- m_copydata(m, crd->crd_inject, blks, iv); /* Get IV off mbuf */
- }
-
- ivp = iv;
-
- /* Find beginning of data */
- m = m_getptr(m, crd->crd_skip, &k);
- if (m == NULL)
- return EINVAL;
+ unsigned char iv[EALG_MAX_BLOCK_LEN], blk[EALG_MAX_BLOCK_LEN], *idat;
+ unsigned char *ivp, piv[EALG_MAX_BLOCK_LEN];
+ struct enc_xform *exf;
+ int i, k, j, blks;
+ struct mbuf *m;
- i = crd->crd_len;
+ exf = sw->sw_exf;
+ blks = exf->blocksize;
- while (i > 0)
- {
- /*
- * If there's insufficient data at the end of an mbuf, we have
- * to do some copying.
- */
- if ((m->m_len < k + blks) && (m->m_len != k))
- {
- m_copydata(m, k, blks, blk);
-
- /* Actual encryption/decryption */
- if (crd->crd_flags & CRD_F_ENCRYPT)
- {
- /* XOR with previous block */
- for (j = 0; j < blks; j++)
- blk[j] ^= ivp[j];
-
- exf->encrypt(sw->sw_kschedule, blk);
+ /* Check for non-padded data */
+ if (crd->crd_len % blks)
+ return EINVAL;
- /* Keep encrypted block for XOR'ing with next block */
- bcopy(blk, iv, blks);
- ivp = iv;
+ if (outtype == CRYPTO_BUF_CONTIG) {
+ if (crd->crd_flags & CRD_F_ENCRYPT) {
+ /* IV explicitly provided ? */
+ if (crd->crd_flags & CRD_F_IV_EXPLICIT)
+ bcopy(crd->crd_iv, sw->sw_iv, blks);
+
+ if (!(crd->crd_flags & CRD_F_IV_PRESENT))
+ bcopy(sw->sw_iv, buf + crd->crd_inject, blks);
+
+ for (i = crd->crd_skip;
+ i < crd->crd_skip + crd->crd_len; i += blks) {
+ /* XOR with the IV/previous block, as appropriate. */
+ if (i == crd->crd_skip)
+ for (k = 0; k < blks; k++)
+ buf[i + k] ^= sw->sw_iv[k];
+ else
+ for (k = 0; k < blks; k++)
+ buf[i + k] ^= buf[i + k - blks];
+ exf->encrypt(sw->sw_kschedule, buf + i);
+ }
+
+ /* Keep the last block */
+ bcopy(buf + crd->crd_len - blks, sw->sw_iv, blks);
+
+ } else { /* Decrypt */
+ /* IV explicitly provided ? */
+ if (crd->crd_flags & CRD_F_IV_EXPLICIT)
+ bcopy(crd->crd_iv, sw->sw_iv, blks);
+ else /* IV preceeds data */
+ bcopy(buf + crd->crd_inject, sw->sw_iv, blks);
+
+ /*
+ * Start at the end, so we don't need to keep the encrypted
+ * block as the IV for the next block.
+ */
+ for (i = crd->crd_skip + crd->crd_len - blks;
+ i >= crd->crd_skip; i -= blks) {
+ exf->decrypt(sw->sw_kschedule, buf + i);
+
+ /* XOR with the IV/previous block, as appropriate */
+ if (i == crd->crd_skip)
+ for (k = 0; k < blks; k++)
+ buf[i + k] ^= sw->sw_iv[k];
+ else
+ for (k = 0; k < blks; k++)
+ buf[i + k] ^= buf[i + k - blks];
+ }
}
- else /* decrypt */
- {
- /* Keep encrypted block for XOR'ing with next block */
- if (ivp == iv)
- bcopy(blk, piv, blks);
- else
- bcopy(blk, iv, blks);
-
- exf->decrypt(sw->sw_kschedule, blk);
-
- /* XOR with previous block */
- for (j = 0; j < blks; j++)
- blk[j] ^= ivp[j];
-
- if (ivp == iv)
- bcopy(piv, iv, blks);
- else
- ivp = iv;
+ return 0;
+ } else {
+ m = (struct mbuf *) buf;
+
+ /* Initialize the IV */
+ if (crd->crd_flags & CRD_F_ENCRYPT) {
+ /* IV explicitly provided ? */
+ if (crd->crd_flags & CRD_F_IV_EXPLICIT)
+ bcopy(crd->crd_iv, iv, blks);
+ else {
+ /* Use IV from context */
+ bcopy(sw->sw_iv, iv, blks);
+ }
+
+ /* Do we need to write the IV */
+ if (!(crd->crd_flags & CRD_F_IV_PRESENT))
+ m_copyback(m, crd->crd_inject, blks, iv);
+
+ } else { /* Decryption */
+ /* IV explicitly provided ? */
+ if (crd->crd_flags & CRD_F_IV_EXPLICIT)
+ bcopy(crd->crd_iv, iv, blks);
+ else {
+ /* Get IV off mbuf */
+ m_copydata(m, crd->crd_inject, blks, iv);
+ }
}
- /* Copy back decrypted block */
- m_copyback(m, k, blks, blk);
+ ivp = iv;
- /* Advance pointer */
- m = m_getptr(m, k + blks, &k);
+ /* Find beginning of data */
+ m = m_getptr(m, crd->crd_skip, &k);
if (m == NULL)
- return EINVAL;
-
- i -= blks;
-
- /* Could be done... */
- if (i == 0)
- break;
- }
-
- /* Skip possibly empty mbufs */
- if (k == m->m_len)
- {
- for (m = m->m_next; m && m->m_len == 0; m = m->m_next)
- ;
-
- k = 0;
- }
-
- /* Sanity check */
- if (m == NULL)
- return EINVAL;
-
- /*
- * Warning: idat may point to garbage here, but we only use it
- * in the while() loop, only if there are indeed enough data.
- */
- idat = mtod(m, unsigned char *) + k;
+ return EINVAL;
+
+ i = crd->crd_len;
+
+ while (i > 0) {
+ /*
+ * If there's insufficient data at the end of
+ * an mbuf, we have to do some copying.
+ */
+ if (m->m_len < k + blks && m->m_len != k) {
+ m_copydata(m, k, blks, blk);
+
+ /* Actual encryption/decryption */
+ if (crd->crd_flags & CRD_F_ENCRYPT) {
+ /* XOR with previous block */
+ for (j = 0; j < blks; j++)
+ blk[j] ^= ivp[j];
+
+ exf->encrypt(sw->sw_kschedule, blk);
+
+ /*
+ * Keep encrypted block for XOR'ing
+ * with next block
+ */
+ bcopy(blk, iv, blks);
+ ivp = iv;
+ } else { /* decrypt */
+ /*
+ * Keep encrypted block for XOR'ing
+ * with next block
+ */
+ if (ivp == iv)
+ bcopy(blk, piv, blks);
+ else
+ bcopy(blk, iv, blks);
+
+ exf->decrypt(sw->sw_kschedule, blk);
+
+ /* XOR with previous block */
+ for (j = 0; j < blks; j++)
+ blk[j] ^= ivp[j];
+
+ if (ivp == iv)
+ bcopy(piv, iv, blks);
+ else
+ ivp = iv;
+ }
+
+ /* Copy back decrypted block */
+ m_copyback(m, k, blks, blk);
+
+ /* Advance pointer */
+ m = m_getptr(m, k + blks, &k);
+ if (m == NULL)
+ return EINVAL;
+
+ i -= blks;
+
+ /* Could be done... */
+ if (i == 0)
+ break;
+ }
+
+ /* Skip possibly empty mbufs */
+ if (k == m->m_len) {
+ for (m = m->m_next; m && m->m_len == 0;
+ m = m->m_next)
+ ;
+ k = 0;
+ }
+
+ /* Sanity check */
+ if (m == NULL)
+ return EINVAL;
+
+ /*
+ * Warning: idat may point to garbage here, but
+ * we only use it in the while() loop, only if
+ * there are indeed enough data.
+ */
+ idat = mtod(m, unsigned char *) + k;
+
+ while (m->m_len >= k + blks && i > 0) {
+ if (crd->crd_flags & CRD_F_ENCRYPT) {
+ /* XOR with previous block/IV */
+ for (j = 0; j < blks; j++)
+ idat[j] ^= ivp[j];
+
+ exf->encrypt(sw->sw_kschedule, idat);
+ ivp = idat;
+ } else { /* decrypt */
+ /*
+ * Keep encrypted block to be used
+ * in next block's processing.
+ */
+ if (ivp == iv)
+ bcopy(idat, piv, blks);
+ else
+ bcopy(idat, iv, blks);
+
+ exf->decrypt(sw->sw_kschedule, idat);
+
+ /* XOR with previous block/IV */
+ for (j = 0; j < blks; j++)
+ idat[j] ^= ivp[j];
+
+ if (ivp == iv)
+ bcopy(piv, iv, blks);
+ else
+ ivp = iv;
+ }
+
+ idat += blks;
+ k += blks;
+ i -= blks;
+ }
+ }
- while ((m->m_len >= k + blks) && (i > 0))
- {
+ /* Keep the last block */
if (crd->crd_flags & CRD_F_ENCRYPT)
- {
- /* XOR with previous block/IV */
- for (j = 0; j < blks; j++)
- idat[j] ^= ivp[j];
-
- exf->encrypt(sw->sw_kschedule, idat);
- ivp = idat;
- }
- else /* decrypt */
- {
- /*
- * Keep encrypted block to be used in next block's
- * processing.
- */
- if (ivp == iv)
- bcopy(idat, piv, blks);
- else
- bcopy(idat, iv, blks);
-
- exf->decrypt(sw->sw_kschedule, idat);
-
- /* XOR with previous block/IV */
- for (j = 0; j < blks; j++)
- idat[j] ^= ivp[j];
-
- if (ivp == iv)
- bcopy(piv, iv, blks);
- else
- ivp = iv;
- }
+ bcopy(ivp, sw->sw_iv, blks);
- idat += blks;
- k += blks;
- i -= blks;
- }
+ return 0; /* Done with mbuf encryption/decryption */
}
- /* Keep the last block */
- if (crd->crd_flags & CRD_F_ENCRYPT)
- bcopy(ivp, sw->sw_iv, blks);
-
- return 0; /* Done with mbuf encryption/decryption */
- }
-
- /* Unreachable */
- return EINVAL;
+ /* Unreachable */
+ return EINVAL;
}
/*
@@ -310,63 +300,60 @@ swcr_encdec(struct cryptodesc *crd, struct swcr_data *sw, caddr_t buf,
*/
int
swcr_authcompute(struct cryptodesc *crd, struct swcr_data *sw,
- caddr_t buf, int outtype)
+ caddr_t buf, int outtype)
{
- unsigned char aalg[AALG_MAX_RESULT_LEN];
- struct auth_hash *axf;
- union authctx ctx;
- int err;
-
- if (sw->sw_ictx == 0)
- return EINVAL;
-
- axf = sw->sw_axf;
-
- bcopy(sw->sw_ictx, &ctx, axf->ctxsize);
-
- if (outtype == CRYPTO_BUF_CONTIG)
- axf->Update(&ctx, buf + crd->crd_skip, crd->crd_len);
- else
- {
- err = m_apply((struct mbuf *) buf, crd->crd_skip,
- crd->crd_len,
- (int (*)(caddr_t, caddr_t, unsigned int)) axf->Update,
- (caddr_t) &ctx);
- if (err)
- return err;
- }
-
- switch (sw->sw_alg)
- {
+ unsigned char aalg[AALG_MAX_RESULT_LEN];
+ struct auth_hash *axf;
+ union authctx ctx;
+ int err;
+
+ if (sw->sw_ictx == 0)
+ return EINVAL;
+
+ axf = sw->sw_axf;
+
+ bcopy(sw->sw_ictx, &ctx, axf->ctxsize);
+
+ if (outtype == CRYPTO_BUF_CONTIG)
+ axf->Update(&ctx, buf + crd->crd_skip, crd->crd_len);
+ else {
+ err = m_apply((struct mbuf *) buf, crd->crd_skip, crd->crd_len,
+ (int (*)(caddr_t, caddr_t, unsigned int)) axf->Update,
+ (caddr_t) &ctx);
+ if (err)
+ return err;
+ }
+
+ switch (sw->sw_alg) {
case CRYPTO_MD5_HMAC:
case CRYPTO_SHA1_HMAC:
case CRYPTO_RIPEMD160_HMAC:
- if (sw->sw_octx == NULL)
- return EINVAL;
-
- axf->Final(aalg, &ctx);
- bcopy(sw->sw_octx, &ctx, axf->ctxsize);
- axf->Update(&ctx, aalg, axf->hashsize);
- axf->Final(aalg, &ctx);
- break;
-
- case CRYPTO_MD5_KPDK:
- case CRYPTO_SHA1_KPDK:
- if (sw->sw_octx == NULL)
- return EINVAL;
-
- axf->Update(&ctx, sw->sw_octx, sw->sw_klen);
- axf->Final(aalg, &ctx);
- break;
- }
-
- /* Inject the authentication data */
- if (outtype == CRYPTO_BUF_CONTIG)
- bcopy(aalg, buf + crd->crd_inject, axf->authsize);
- else
- m_copyback((struct mbuf *) buf, crd->crd_inject, axf->authsize, aalg);
-
- return 0;
+ if (sw->sw_octx == NULL)
+ return EINVAL;
+
+ axf->Final(aalg, &ctx);
+ bcopy(sw->sw_octx, &ctx, axf->ctxsize);
+ axf->Update(&ctx, aalg, axf->hashsize);
+ axf->Final(aalg, &ctx);
+ break;
+
+ case CRYPTO_MD5_KPDK:
+ case CRYPTO_SHA1_KPDK:
+ if (sw->sw_octx == NULL)
+ return EINVAL;
+
+ axf->Update(&ctx, sw->sw_octx, sw->sw_klen);
+ axf->Final(aalg, &ctx);
+ break;
+ }
+
+ /* Inject the authentication data */
+ if (outtype == CRYPTO_BUF_CONTIG)
+ bcopy(aalg, buf + crd->crd_inject, axf->authsize);
+ else
+ m_copyback((struct mbuf *) buf, crd->crd_inject,
+ axf->authsize, aalg);
+ return 0;
}
/*
@@ -375,212 +362,181 @@ swcr_authcompute(struct cryptodesc *crd, struct swcr_data *sw,
int
swcr_newsession(u_int32_t *sid, struct cryptoini *cri)
{
- struct swcr_data **swd;
- struct auth_hash *axf;
- struct enc_xform *txf;
- u_int32_t i;
- int k;
-
- if ((sid == NULL) || (cri == NULL))
- return EINVAL;
-
- if (swcr_sessions)
- for (i = 1; i < swcr_sesnum; i++)
- if (swcr_sessions[i] == NULL)
- break;
-
- if ((swcr_sessions == NULL) || (i == swcr_sesnum))
- {
- if (swcr_sessions == NULL)
- {
- i = 1; /* We leave swcr_sessions[0] empty */
- swcr_sesnum = CRYPTO_SW_SESSIONS;
- }
- else
- swcr_sesnum *= 2;
-
- swd = malloc(swcr_sesnum * sizeof(struct swcr_data *),
- M_CRYPTO_DATA, M_NOWAIT);
- if (swd == NULL)
- {
- /* Reset session number */
- if (swcr_sesnum == CRYPTO_SW_SESSIONS)
- swcr_sesnum = 0;
- else
- swcr_sesnum /= 2;
-
- return ENOBUFS;
- }
+ struct swcr_data **swd;
+ struct auth_hash *axf;
+ struct enc_xform *txf;
+ u_int32_t i;
+ int k;
- bzero(swd, swcr_sesnum * sizeof(struct swcr_data *));
-
- /* Copy existing sessions */
- if (swcr_sessions)
- {
- bcopy(swcr_sessions, swd,
- (swcr_sesnum / 2) * sizeof(struct swcr_data *));
- free(swcr_sessions, M_CRYPTO_DATA);
- }
-
- swcr_sessions = swd;
- }
-
- swd = &swcr_sessions[i];
- *sid = i;
+ if (sid == NULL || cri == NULL)
+ return EINVAL;
- while (cri)
- {
- MALLOC(*swd, struct swcr_data *, sizeof(struct swcr_data),
- M_CRYPTO_DATA, M_NOWAIT);
- if (*swd == NULL)
- {
- swcr_freesession(i);
- return ENOBUFS;
+ if (swcr_sessions) {
+ for (i = 1; i < swcr_sesnum; i++)
+ if (swcr_sessions[i] == NULL)
+ break;
}
- bzero(*swd, sizeof(struct swcr_data));
-
- switch (cri->cri_alg)
- {
- case CRYPTO_DES_CBC:
- txf = &enc_xform_des;
- goto enccommon;
-
- case CRYPTO_3DES_CBC:
- txf = &enc_xform_3des;
- goto enccommon;
-
- case CRYPTO_BLF_CBC:
- txf = &enc_xform_blf;
- goto enccommon;
-
- case CRYPTO_CAST_CBC:
- txf = &enc_xform_cast5;
- goto enccommon;
-
- case CRYPTO_SKIPJACK_CBC:
- txf = &enc_xform_skipjack;
- goto enccommon;
-
- case CRYPTO_RIJNDAEL128_CBC:
- txf = &enc_xform_rijndael128;
- goto enccommon;
-
- enccommon:
- txf->setkey(&((*swd)->sw_kschedule), cri->cri_key,
- cri->cri_klen / 8);
- (*swd)->sw_iv = malloc(txf->blocksize, M_CRYPTO_DATA,
- M_NOWAIT);
- if ((*swd)->sw_iv == NULL)
- {
- swcr_freesession(i);
- return ENOBUFS;
+ if (swcr_sessions == NULL || i == swcr_sesnum) {
+ if (swcr_sessions == NULL) {
+ i = 1; /* We leave swcr_sessions[0] empty */
+ swcr_sesnum = CRYPTO_SW_SESSIONS;
+ } else
+ swcr_sesnum *= 2;
+
+ swd = malloc(swcr_sesnum * sizeof(struct swcr_data *),
+ M_CRYPTO_DATA, M_NOWAIT);
+ if (swd == NULL) {
+ /* Reset session number */
+ if (swcr_sesnum == CRYPTO_SW_SESSIONS)
+ swcr_sesnum = 0;
+ else
+ swcr_sesnum /= 2;
+ return ENOBUFS;
}
- (*swd)->sw_exf = txf;
+ bzero(swd, swcr_sesnum * sizeof(struct swcr_data *));
- get_random_bytes((*swd)->sw_iv, txf->blocksize);
- break;
-
- case CRYPTO_MD5_HMAC:
- axf = &auth_hash_hmac_md5_96;
- goto authcommon;
-
- case CRYPTO_SHA1_HMAC:
- axf = &auth_hash_hmac_sha1_96;
- goto authcommon;
-
- case CRYPTO_RIPEMD160_HMAC:
- axf = &auth_hash_hmac_ripemd_160_96;
-
- authcommon:
- (*swd)->sw_ictx = malloc(axf->ctxsize, M_CRYPTO_DATA,
- M_NOWAIT);
- if ((*swd)->sw_ictx == NULL)
- {
- swcr_freesession(i);
- return ENOBUFS;
+ /* Copy existing sessions */
+ if (swcr_sessions) {
+ bcopy(swcr_sessions, swd,
+ (swcr_sesnum / 2) * sizeof(struct swcr_data *));
+ free(swcr_sessions, M_CRYPTO_DATA);
}
- (*swd)->sw_octx = malloc(axf->ctxsize, M_CRYPTO_DATA,
- M_NOWAIT);
- if ((*swd)->sw_octx == NULL)
- {
- swcr_freesession(i);
- return ENOBUFS;
- }
+ swcr_sessions = swd;
+ }
- for (k = 0; k < cri->cri_klen / 8; k++)
- cri->cri_key[k] ^= HMAC_IPAD_VAL;
+ swd = &swcr_sessions[i];
+ *sid = i;
- axf->Init((*swd)->sw_ictx);
- axf->Update((*swd)->sw_ictx, cri->cri_key,
+ while (cri) {
+ MALLOC(*swd, struct swcr_data *, sizeof(struct swcr_data),
+ M_CRYPTO_DATA, M_NOWAIT);
+ if (*swd == NULL) {
+ swcr_freesession(i);
+ return ENOBUFS;
+ }
+ bzero(*swd, sizeof(struct swcr_data));
+
+ switch (cri->cri_alg) {
+ case CRYPTO_DES_CBC:
+ txf = &enc_xform_des;
+ goto enccommon;
+ case CRYPTO_3DES_CBC:
+ txf = &enc_xform_3des;
+ goto enccommon;
+ case CRYPTO_BLF_CBC:
+ txf = &enc_xform_blf;
+ goto enccommon;
+ case CRYPTO_CAST_CBC:
+ txf = &enc_xform_cast5;
+ goto enccommon;
+ case CRYPTO_SKIPJACK_CBC:
+ txf = &enc_xform_skipjack;
+ goto enccommon;
+ case CRYPTO_RIJNDAEL128_CBC:
+ txf = &enc_xform_rijndael128;
+ goto enccommon;
+ enccommon:
+ txf->setkey(&((*swd)->sw_kschedule), cri->cri_key,
+ cri->cri_klen / 8);
+ (*swd)->sw_iv = malloc(txf->blocksize, M_CRYPTO_DATA, M_NOWAIT);
+ if ((*swd)->sw_iv == NULL) {
+ swcr_freesession(i);
+ return ENOBUFS;
+ }
+ (*swd)->sw_exf = txf;
+ get_random_bytes((*swd)->sw_iv, txf->blocksize);
+ break;
+
+ case CRYPTO_MD5_HMAC:
+ axf = &auth_hash_hmac_md5_96;
+ goto authcommon;
+ case CRYPTO_SHA1_HMAC:
+ axf = &auth_hash_hmac_sha1_96;
+ goto authcommon;
+ case CRYPTO_RIPEMD160_HMAC:
+ axf = &auth_hash_hmac_ripemd_160_96;
+ authcommon:
+ (*swd)->sw_ictx = malloc(axf->ctxsize, M_CRYPTO_DATA,
+ M_NOWAIT);
+ if ((*swd)->sw_ictx == NULL) {
+ swcr_freesession(i);
+ return ENOBUFS;
+ }
+
+ (*swd)->sw_octx = malloc(axf->ctxsize, M_CRYPTO_DATA,
+ M_NOWAIT);
+ if ((*swd)->sw_octx == NULL) {
+ swcr_freesession(i);
+ return ENOBUFS;
+ }
+
+ for (k = 0; k < cri->cri_klen / 8; k++)
+ cri->cri_key[k] ^= HMAC_IPAD_VAL;
+
+ axf->Init((*swd)->sw_ictx);
+ axf->Update((*swd)->sw_ictx, cri->cri_key,
cri->cri_klen / 8);
- axf->Update((*swd)->sw_ictx, hmac_ipad_buffer,
+ axf->Update((*swd)->sw_ictx, hmac_ipad_buffer,
HMAC_BLOCK_LEN - (cri->cri_klen / 8));
-
- for (k = 0; k < cri->cri_klen / 8; k++)
- cri->cri_key[k] ^= (HMAC_IPAD_VAL ^ HMAC_OPAD_VAL);
-
- axf->Init((*swd)->sw_octx);
- axf->Update((*swd)->sw_octx, cri->cri_key,
+
+ for (k = 0; k < cri->cri_klen / 8; k++)
+ cri->cri_key[k] ^= (HMAC_IPAD_VAL ^ HMAC_OPAD_VAL);
+
+ axf->Init((*swd)->sw_octx);
+ axf->Update((*swd)->sw_octx, cri->cri_key,
cri->cri_klen / 8);
- axf->Update((*swd)->sw_octx, hmac_opad_buffer,
+ axf->Update((*swd)->sw_octx, hmac_opad_buffer,
HMAC_BLOCK_LEN - (cri->cri_klen / 8));
-
- for (k = 0; k < cri->cri_klen / 8; k++)
- cri->cri_key[k] ^= HMAC_OPAD_VAL;
-
- (*swd)->sw_axf = axf;
- break;
-
- case CRYPTO_MD5_KPDK:
- axf = &auth_hash_key_md5;
- goto auth2common;
-
- case CRYPTO_SHA1_KPDK:
- axf = &auth_hash_key_sha1;
-
- auth2common:
- (*swd)->sw_ictx = malloc(axf->ctxsize, M_CRYPTO_DATA,
- M_NOWAIT);
- if ((*swd)->sw_ictx == NULL)
- {
- swcr_freesession(i);
- return ENOBUFS;
- }
-
- /* Store the key so we can "append" it to the payload */
- (*swd)->sw_octx = malloc(cri->cri_klen / 8, M_CRYPTO_DATA,
- M_NOWAIT);
- if ((*swd)->sw_octx == NULL)
- {
- swcr_freesession(i);
- return ENOBUFS;
- }
-
- (*swd)->sw_klen = cri->cri_klen / 8;
- bcopy(cri->cri_key, (*swd)->sw_octx, cri->cri_klen / 8);
-
- axf->Init((*swd)->sw_ictx);
- axf->Update((*swd)->sw_ictx, cri->cri_key,
+
+ for (k = 0; k < cri->cri_klen / 8; k++)
+ cri->cri_key[k] ^= HMAC_OPAD_VAL;
+ (*swd)->sw_axf = axf;
+ break;
+
+ case CRYPTO_MD5_KPDK:
+ axf = &auth_hash_key_md5;
+ goto auth2common;
+
+ case CRYPTO_SHA1_KPDK:
+ axf = &auth_hash_key_sha1;
+ auth2common:
+ (*swd)->sw_ictx = malloc(axf->ctxsize, M_CRYPTO_DATA,
+ M_NOWAIT);
+ if ((*swd)->sw_ictx == NULL) {
+ swcr_freesession(i);
+ return ENOBUFS;
+ }
+
+ /* Store the key so we can "append" it to the payload */
+ (*swd)->sw_octx = malloc(cri->cri_klen / 8, M_CRYPTO_DATA,
+ M_NOWAIT);
+ if ((*swd)->sw_octx == NULL) {
+ swcr_freesession(i);
+ return ENOBUFS;
+ }
+
+ (*swd)->sw_klen = cri->cri_klen / 8;
+ bcopy(cri->cri_key, (*swd)->sw_octx, cri->cri_klen / 8);
+ axf->Init((*swd)->sw_ictx);
+ axf->Update((*swd)->sw_ictx, cri->cri_key,
cri->cri_klen / 8);
- axf->Final(NULL, (*swd)->sw_ictx);
-
- (*swd)->sw_axf = axf;
- break;
-
- default:
- swcr_freesession(i);
- return EINVAL;
+ axf->Final(NULL, (*swd)->sw_ictx);
+ (*swd)->sw_axf = axf;
+ break;
+
+ default:
+ swcr_freesession(i);
+ return EINVAL;
+ }
+
+ (*swd)->sw_alg = cri->cri_alg;
+ cri = cri->cri_next;
+ swd = &((*swd)->sw_next);
}
-
- (*swd)->sw_alg = cri->cri_alg;
- cri = cri->cri_next;
- swd = &((*swd)->sw_next);
- }
-
- return 0;
+ return 0;
}
/*
@@ -589,80 +545,70 @@ swcr_newsession(u_int32_t *sid, struct cryptoini *cri)
int
swcr_freesession(u_int64_t tid)
{
- struct swcr_data *swd;
- struct enc_xform *txf;
- struct auth_hash *axf;
- u_int32_t sid = ((u_int32_t) tid) & 0xffffffff;
-
- if ((sid > swcr_sesnum) || (swcr_sessions == NULL) ||
- (swcr_sessions[sid] == NULL))
- return EINVAL;
-
- /* Silently accept and return */
- if (sid == 0)
- return 0;
-
- while ((swd = swcr_sessions[sid]) != NULL)
- {
- swcr_sessions[sid] = swd->sw_next;
-
- switch (swd->sw_alg)
- {
- case CRYPTO_DES_CBC:
- case CRYPTO_3DES_CBC:
- case CRYPTO_BLF_CBC:
- case CRYPTO_CAST_CBC:
- case CRYPTO_SKIPJACK_CBC:
- case CRYPTO_RIJNDAEL128_CBC:
- txf = swd->sw_exf;
-
- if (swd->sw_kschedule)
- txf->zerokey(&(swd->sw_kschedule));
-
- if (swd->sw_iv)
- free(swd->sw_iv, M_CRYPTO_DATA);
- break;
+ struct swcr_data *swd;
+ struct enc_xform *txf;
+ struct auth_hash *axf;
+ u_int32_t sid = ((u_int32_t) tid) & 0xffffffff;
- case CRYPTO_MD5_HMAC:
- case CRYPTO_SHA1_HMAC:
- case CRYPTO_RIPEMD160_HMAC:
- axf = swd->sw_axf;
-
- if (swd->sw_ictx)
- {
- bzero(swd->sw_ictx, axf->ctxsize);
- free(swd->sw_ictx, M_CRYPTO_DATA);
- }
-
- if (swd->sw_octx)
- {
- bzero(swd->sw_octx, axf->ctxsize);
- free(swd->sw_octx, M_CRYPTO_DATA);
- }
- break;
-
- case CRYPTO_MD5_KPDK:
- case CRYPTO_SHA1_KPDK:
- axf = swd->sw_axf;
+ if (sid > swcr_sesnum || swcr_sessions == NULL ||
+ swcr_sessions[sid] == NULL)
+ return EINVAL;
- if (swd->sw_ictx)
- {
- bzero(swd->sw_ictx, axf->ctxsize);
- free(swd->sw_ictx, M_CRYPTO_DATA);
+ /* Silently accept and return */
+ if (sid == 0)
+ return 0;
+
+ while ((swd = swcr_sessions[sid]) != NULL) {
+ swcr_sessions[sid] = swd->sw_next;
+
+ switch (swd->sw_alg) {
+ case CRYPTO_DES_CBC:
+ case CRYPTO_3DES_CBC:
+ case CRYPTO_BLF_CBC:
+ case CRYPTO_CAST_CBC:
+ case CRYPTO_SKIPJACK_CBC:
+ case CRYPTO_RIJNDAEL128_CBC:
+ txf = swd->sw_exf;
+
+ if (swd->sw_kschedule)
+ txf->zerokey(&(swd->sw_kschedule));
+ if (swd->sw_iv)
+ free(swd->sw_iv, M_CRYPTO_DATA);
+ break;
+
+ case CRYPTO_MD5_HMAC:
+ case CRYPTO_SHA1_HMAC:
+ case CRYPTO_RIPEMD160_HMAC:
+ axf = swd->sw_axf;
+
+ if (swd->sw_ictx) {
+ bzero(swd->sw_ictx, axf->ctxsize);
+ free(swd->sw_ictx, M_CRYPTO_DATA);
+ }
+ if (swd->sw_octx) {
+ bzero(swd->sw_octx, axf->ctxsize);
+ free(swd->sw_octx, M_CRYPTO_DATA);
+ }
+ break;
+
+ case CRYPTO_MD5_KPDK:
+ case CRYPTO_SHA1_KPDK:
+ axf = swd->sw_axf;
+
+ if (swd->sw_ictx) {
+ bzero(swd->sw_ictx, axf->ctxsize);
+ free(swd->sw_ictx, M_CRYPTO_DATA);
+ }
+ if (swd->sw_octx) {
+ bzero(swd->sw_octx, swd->sw_klen);
+ free(swd->sw_octx, M_CRYPTO_DATA);
+ }
+ break;
}
- if (swd->sw_octx)
- {
- bzero(swd->sw_octx, swd->sw_klen);
- free(swd->sw_octx, M_CRYPTO_DATA);
- }
- break;
+ FREE(swd, M_CRYPTO_DATA);
}
-
- FREE(swd, M_CRYPTO_DATA);
- }
-
- return 0;
+ return 0;
}
/*
@@ -671,90 +617,85 @@ swcr_freesession(u_int64_t tid)
int
swcr_process(struct cryptop *crp)
{
- struct cryptodesc *crd;
- struct swcr_data *sw;
- u_int32_t lid;
- int type;
-
- /* Sanity check */
- if (crp == NULL)
- return EINVAL;
-
- if ((crp->crp_desc == NULL) || (crp->crp_buf == NULL))
- {
- crp->crp_etype = EINVAL;
- goto done;
- }
-
- lid = crp->crp_sid & 0xffffffff;
- if ((lid >= swcr_sesnum) || (lid == 0) || (swcr_sessions[lid] == NULL))
- {
- crp->crp_etype = ENOENT;
- goto done;
- }
-
- if (crp->crp_flags & CRYPTO_F_IMBUF)
- type = CRYPTO_BUF_MBUF;
- else
- type = CRYPTO_BUF_CONTIG;
-
- /* Go through crypto descriptors, processing as we go */
- for (crd = crp->crp_desc; crd; crd = crd->crd_next)
- {
- /*
- * Find the crypto context.
- *
- * XXX Note that the logic here prevents us from having
- * XXX the same algorithm multiple times in a session
- * XXX (or rather, we can but it won't give us the right
- * XXX results). To do that, we'd need some way of differentiating
- * XXX between the various instances of an algorithm (so we can
- * XXX locate the correct crypto context).
- */
- for (sw = swcr_sessions[lid];
- sw && sw->sw_alg != crd->crd_alg;
- sw = sw->sw_next)
- ;
-
- /* No such context ? */
- if (sw == NULL)
- {
- crp->crp_etype = EINVAL;
- goto done;
- }
-
- switch (sw->sw_alg)
- {
- case CRYPTO_DES_CBC:
- case CRYPTO_3DES_CBC:
- case CRYPTO_BLF_CBC:
- case CRYPTO_CAST_CBC:
- case CRYPTO_SKIPJACK_CBC:
- case CRYPTO_RIJNDAEL128_CBC:
- if ((crp->crp_etype = swcr_encdec(crd, sw, crp->crp_buf,
- type)) != 0)
- goto done;
- break;
+ struct cryptodesc *crd;
+ struct swcr_data *sw;
+ u_int32_t lid;
+ int type;
- case CRYPTO_MD5_HMAC:
- case CRYPTO_SHA1_HMAC:
- case CRYPTO_RIPEMD160_HMAC:
- case CRYPTO_MD5_KPDK:
- case CRYPTO_SHA1_KPDK:
- if ((crp->crp_etype = swcr_authcompute(crd, sw, crp->crp_buf,
- type)) != 0)
- goto done;
- break;
+ /* Sanity check */
+ if (crp == NULL)
+ return EINVAL;
- default: /* Unknown/unsupported algorithm */
+ if (crp->crp_desc == NULL || crp->crp_buf == NULL) {
crp->crp_etype = EINVAL;
goto done;
}
- }
- done:
- crypto_done(crp);
- return 0;
+ lid = crp->crp_sid & 0xffffffff;
+ if (lid >= swcr_sesnum || lid == 0 || swcr_sessions[lid] == NULL) {
+ crp->crp_etype = ENOENT;
+ goto done;
+ }
+
+ if (crp->crp_flags & CRYPTO_F_IMBUF)
+ type = CRYPTO_BUF_MBUF;
+ else
+ type = CRYPTO_BUF_CONTIG;
+
+ /* Go through crypto descriptors, processing as we go */
+ for (crd = crp->crp_desc; crd; crd = crd->crd_next) {
+ /*
+ * Find the crypto context.
+ *
+ * XXX Note that the logic here prevents us from having
+ * XXX the same algorithm multiple times in a session
+ * XXX (or rather, we can but it won't give us the right
+ * XXX results). To do that, we'd need some way of differentiating
+ * XXX between the various instances of an algorithm (so we can
+ * XXX locate the correct crypto context).
+ */
+ for (sw = swcr_sessions[lid];
+ sw && sw->sw_alg != crd->crd_alg;
+ sw = sw->sw_next)
+ ;
+
+ /* No such context ? */
+ if (sw == NULL) {
+ crp->crp_etype = EINVAL;
+ goto done;
+ }
+
+ switch (sw->sw_alg) {
+ case CRYPTO_DES_CBC:
+ case CRYPTO_3DES_CBC:
+ case CRYPTO_BLF_CBC:
+ case CRYPTO_CAST_CBC:
+ case CRYPTO_SKIPJACK_CBC:
+ case CRYPTO_RIJNDAEL128_CBC:
+ if ((crp->crp_etype = swcr_encdec(crd, sw,
+ crp->crp_buf, type)) != 0)
+ goto done;
+ break;
+ case CRYPTO_MD5_HMAC:
+ case CRYPTO_SHA1_HMAC:
+ case CRYPTO_RIPEMD160_HMAC:
+ case CRYPTO_MD5_KPDK:
+ case CRYPTO_SHA1_KPDK:
+ if ((crp->crp_etype = swcr_authcompute(crd, sw,
+ crp->crp_buf, type)) != 0)
+ goto done;
+ break;
+
+ default:
+ /* Unknown/unsupported algorithm */
+ crp->crp_etype = EINVAL;
+ goto done;
+ }
+ }
+
+done:
+ crypto_done(crp);
+ return 0;
}
/*
@@ -763,24 +704,23 @@ swcr_process(struct cryptop *crp)
void
swcr_init(void)
{
- swcr_id = crypto_get_driverid();
- if (swcr_id >= 0)
- {
- crypto_register(swcr_id, CRYPTO_DES_CBC, swcr_newsession,
- swcr_freesession, swcr_process);
- crypto_register(swcr_id, CRYPTO_3DES_CBC, NULL, NULL, NULL);
- crypto_register(swcr_id, CRYPTO_BLF_CBC, NULL, NULL, NULL);
- crypto_register(swcr_id, CRYPTO_CAST_CBC, NULL, NULL, NULL);
- crypto_register(swcr_id, CRYPTO_SKIPJACK_CBC, NULL, NULL, NULL);
- crypto_register(swcr_id, CRYPTO_MD5_HMAC, NULL, NULL, NULL);
- crypto_register(swcr_id, CRYPTO_SHA1_HMAC, NULL, NULL, NULL);
- crypto_register(swcr_id, CRYPTO_RIPEMD160_HMAC, NULL, NULL, NULL);
- crypto_register(swcr_id, CRYPTO_MD5_KPDK, NULL, NULL, NULL);
- crypto_register(swcr_id, CRYPTO_SHA1_KPDK, NULL, NULL, NULL);
- crypto_register(swcr_id, CRYPTO_RIJNDAEL128_CBC, NULL, NULL, NULL);
- return;
- }
-
- /* This should never happen */
- panic("Software crypto device cannot initialize!");
+ swcr_id = crypto_get_driverid();
+ if (swcr_id >= 0) {
+ crypto_register(swcr_id, CRYPTO_DES_CBC, swcr_newsession,
+ swcr_freesession, swcr_process);
+ crypto_register(swcr_id, CRYPTO_3DES_CBC, NULL, NULL, NULL);
+ crypto_register(swcr_id, CRYPTO_BLF_CBC, NULL, NULL, NULL);
+ crypto_register(swcr_id, CRYPTO_CAST_CBC, NULL, NULL, NULL);
+ crypto_register(swcr_id, CRYPTO_SKIPJACK_CBC, NULL, NULL, NULL);
+ crypto_register(swcr_id, CRYPTO_MD5_HMAC, NULL, NULL, NULL);
+ crypto_register(swcr_id, CRYPTO_SHA1_HMAC, NULL, NULL, NULL);
+ crypto_register(swcr_id, CRYPTO_RIPEMD160_HMAC, NULL, NULL, NULL);
+ crypto_register(swcr_id, CRYPTO_MD5_KPDK, NULL, NULL, NULL);
+ crypto_register(swcr_id, CRYPTO_SHA1_KPDK, NULL, NULL, NULL);
+ crypto_register(swcr_id, CRYPTO_RIJNDAEL128_CBC, NULL, NULL, NULL);
+ return;
+ }
+
+ /* This should never happen */
+ panic("Software crypto device cannot initialize!");
}
diff --git a/sys/crypto/cryptosoft.h b/sys/crypto/cryptosoft.h
index 861e3bddc14..992df98c6ef 100644
--- a/sys/crypto/cryptosoft.h
+++ b/sys/crypto/cryptosoft.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: cryptosoft.h,v 1.4 2001/05/13 16:52:33 jason Exp $ */
+/* $OpenBSD: cryptosoft.h,v 1.5 2001/06/16 22:17:50 deraadt Exp $ */
/*
* The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
@@ -25,49 +25,44 @@
#define _CRYPTO_CRYPTOSOFT_H_
/* Software session entry */
-struct swcr_data
-{
- int sw_alg; /* Algorithm */
- union
- {
- struct
- {
- u_int8_t *SW_ictx;
- u_int8_t *SW_octx;
- u_int32_t SW_klen;
- struct auth_hash *SW_axf;
- } SWCR_AUTH;
+struct swcr_data {
+ int sw_alg; /* Algorithm */
+ union {
+ struct {
+ u_int8_t *SW_ictx;
+ u_int8_t *SW_octx;
+ u_int32_t SW_klen;
+ struct auth_hash *SW_axf;
+ } SWCR_AUTH;
+ struct {
+ u_int8_t *SW_kschedule;
+ u_int8_t *SW_iv;
+ struct enc_xform *SW_exf;
+ } SWCR_ENC;
+ } SWCR_UN;
- struct
- {
- u_int8_t *SW_kschedule;
- u_int8_t *SW_iv;
- struct enc_xform *SW_exf;
- } SWCR_ENC;
- } SWCR_UN;
+#define sw_ictx SWCR_UN.SWCR_AUTH.SW_ictx
+#define sw_octx SWCR_UN.SWCR_AUTH.SW_octx
+#define sw_klen SWCR_UN.SWCR_AUTH.SW_klen
+#define sw_axf SWCR_UN.SWCR_AUTH.SW_axf
+#define sw_kschedule SWCR_UN.SWCR_ENC.SW_kschedule
+#define sw_iv SWCR_UN.SWCR_ENC.SW_iv
+#define sw_exf SWCR_UN.SWCR_ENC.SW_exf
-#define sw_ictx SWCR_UN.SWCR_AUTH.SW_ictx
-#define sw_octx SWCR_UN.SWCR_AUTH.SW_octx
-#define sw_klen SWCR_UN.SWCR_AUTH.SW_klen
-#define sw_axf SWCR_UN.SWCR_AUTH.SW_axf
-#define sw_kschedule SWCR_UN.SWCR_ENC.SW_kschedule
-#define sw_iv SWCR_UN.SWCR_ENC.SW_iv
-#define sw_exf SWCR_UN.SWCR_ENC.SW_exf
-
- struct swcr_data *sw_next;
+ struct swcr_data *sw_next;
};
#ifdef _KERNEL
extern u_int8_t hmac_ipad_buffer[64];
extern u_int8_t hmac_opad_buffer[64];
-extern int swcr_encdec(struct cryptodesc *, struct swcr_data *, caddr_t, int);
-extern int swcr_authcompute(struct cryptodesc *, struct swcr_data *,
- caddr_t, int);
-extern int swcr_process(struct cryptop *);
-extern int swcr_newsession(u_int32_t *, struct cryptoini *);
-extern int swcr_freesession(u_int64_t);
-extern void swcr_init(void);
+int swcr_encdec(struct cryptodesc *, struct swcr_data *, caddr_t, int);
+int swcr_authcompute(struct cryptodesc *, struct swcr_data *,
+ caddr_t, int);
+int swcr_process(struct cryptop *);
+int swcr_newsession(u_int32_t *, struct cryptoini *);
+int swcr_freesession(u_int64_t);
+void swcr_init(void);
#endif /* _KERNEL */
#endif /* _CRYPTO_CRYPTO_H_ */
diff --git a/sys/crypto/xform.c b/sys/crypto/xform.c
index c18901c64b5..8b2a4ae33f6 100644
--- a/sys/crypto/xform.c
+++ b/sys/crypto/xform.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: xform.c,v 1.6 2001/06/13 13:43:34 angelos Exp $ */
+/* $OpenBSD: xform.c,v 1.7 2001/06/16 22:17:50 deraadt Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
@@ -88,105 +88,94 @@ int SHA1Update_int(void *, u_int8_t *, u_int16_t);
int RMD160Update_int(void *, u_int8_t *, u_int16_t);
/* Encryption instances */
-struct enc_xform enc_xform_des =
-{
- CRYPTO_DES_CBC, "DES",
- 8, 8, 8,
- des1_encrypt,
- des1_decrypt,
- des1_setkey,
- des1_zerokey,
+struct enc_xform enc_xform_des = {
+ CRYPTO_DES_CBC, "DES",
+ 8, 8, 8,
+ des1_encrypt,
+ des1_decrypt,
+ des1_setkey,
+ des1_zerokey,
};
-struct enc_xform enc_xform_3des =
-{
- CRYPTO_3DES_CBC, "3DES",
- 8, 24, 24,
- des3_encrypt,
- des3_decrypt,
- des3_setkey,
- des3_zerokey
+struct enc_xform enc_xform_3des = {
+ CRYPTO_3DES_CBC, "3DES",
+ 8, 24, 24,
+ des3_encrypt,
+ des3_decrypt,
+ des3_setkey,
+ des3_zerokey
};
-struct enc_xform enc_xform_blf =
-{
- CRYPTO_BLF_CBC, "Blowfish",
- 8, 5, 56 /* 448 bits, max key */,
- blf_encrypt,
- blf_decrypt,
- blf_setkey,
- blf_zerokey
+struct enc_xform enc_xform_blf = {
+ CRYPTO_BLF_CBC, "Blowfish",
+ 8, 5, 56 /* 448 bits, max key */,
+ blf_encrypt,
+ blf_decrypt,
+ blf_setkey,
+ blf_zerokey
};
-struct enc_xform enc_xform_cast5 =
-{
- CRYPTO_CAST_CBC, "CAST-128",
- 8, 5, 16,
- cast5_encrypt,
- cast5_decrypt,
- cast5_setkey,
- cast5_zerokey
+struct enc_xform enc_xform_cast5 = {
+ CRYPTO_CAST_CBC, "CAST-128",
+ 8, 5, 16,
+ cast5_encrypt,
+ cast5_decrypt,
+ cast5_setkey,
+ cast5_zerokey
};
-struct enc_xform enc_xform_skipjack =
-{
- CRYPTO_SKIPJACK_CBC, "Skipjack",
- 8, 10, 10,
- skipjack_encrypt,
- skipjack_decrypt,
- skipjack_setkey,
- skipjack_zerokey
+struct enc_xform enc_xform_skipjack = {
+ CRYPTO_SKIPJACK_CBC, "Skipjack",
+ 8, 10, 10,
+ skipjack_encrypt,
+ skipjack_decrypt,
+ skipjack_setkey,
+ skipjack_zerokey
};
-struct enc_xform enc_xform_rijndael128 =
-{
- CRYPTO_RIJNDAEL128_CBC, "Rijndael-128/AES",
- 16, 8, 32,
- rijndael128_encrypt,
- rijndael128_decrypt,
- rijndael128_setkey,
- rijndael128_zerokey,
+struct enc_xform enc_xform_rijndael128 = {
+ CRYPTO_RIJNDAEL128_CBC, "Rijndael-128/AES",
+ 16, 8, 32,
+ rijndael128_encrypt,
+ rijndael128_decrypt,
+ rijndael128_setkey,
+ rijndael128_zerokey,
};
/* Authentication instances */
-struct auth_hash auth_hash_hmac_md5_96 =
-{
- CRYPTO_MD5_HMAC, "HMAC-MD5",
- 16, 16, 12, sizeof(MD5_CTX),
- (void (*) (void *)) MD5Init, MD5Update_int,
- (void (*) (u_int8_t *, void *)) MD5Final
+struct auth_hash auth_hash_hmac_md5_96 = {
+ CRYPTO_MD5_HMAC, "HMAC-MD5",
+ 16, 16, 12, sizeof(MD5_CTX),
+ (void (*) (void *)) MD5Init, MD5Update_int,
+ (void (*) (u_int8_t *, void *)) MD5Final
};
-struct auth_hash auth_hash_hmac_sha1_96 =
-{
- CRYPTO_SHA1_HMAC, "HMAC-SHA1",
- 20, 20, 12, sizeof(SHA1_CTX),
- (void (*) (void *)) SHA1Init, SHA1Update_int,
- (void (*) (u_int8_t *, void *)) SHA1Final
+struct auth_hash auth_hash_hmac_sha1_96 = {
+ CRYPTO_SHA1_HMAC, "HMAC-SHA1",
+ 20, 20, 12, sizeof(SHA1_CTX),
+ (void (*) (void *)) SHA1Init, SHA1Update_int,
+ (void (*) (u_int8_t *, void *)) SHA1Final
};
-struct auth_hash auth_hash_hmac_ripemd_160_96 =
-{
- CRYPTO_RIPEMD160_HMAC, "HMAC-RIPEMD-160",
- 20, 20, 12, sizeof(RMD160_CTX),
- (void (*)(void *)) RMD160Init, RMD160Update_int,
- (void (*)(u_int8_t *, void *)) RMD160Final
+struct auth_hash auth_hash_hmac_ripemd_160_96 = {
+ CRYPTO_RIPEMD160_HMAC, "HMAC-RIPEMD-160",
+ 20, 20, 12, sizeof(RMD160_CTX),
+ (void (*)(void *)) RMD160Init, RMD160Update_int,
+ (void (*)(u_int8_t *, void *)) RMD160Final
};
-struct auth_hash auth_hash_key_md5 =
-{
- CRYPTO_MD5_KPDK, "Keyed MD5",
- 0, 16, 16, sizeof(MD5_CTX),
- (void (*)(void *)) MD5Init, MD5Update_int,
- (void (*)(u_int8_t *, void *)) MD5Final
+struct auth_hash auth_hash_key_md5 = {
+ CRYPTO_MD5_KPDK, "Keyed MD5",
+ 0, 16, 16, sizeof(MD5_CTX),
+ (void (*)(void *)) MD5Init, MD5Update_int,
+ (void (*)(u_int8_t *, void *)) MD5Final
};
-struct auth_hash auth_hash_key_sha1 =
-{
- CRYPTO_SHA1_KPDK, "Keyed SHA1",
- 0, 20, 20, sizeof(SHA1_CTX),
- (void (*)(void *)) SHA1Init, SHA1Update_int,
- (void (*)(u_int8_t *, void *)) SHA1Final
+struct auth_hash auth_hash_key_sha1 = {
+ CRYPTO_SHA1_KPDK, "Keyed SHA1",
+ 0, 20, 20, sizeof(SHA1_CTX),
+ (void (*)(void *)) SHA1Init, SHA1Update_int,
+ (void (*)(u_int8_t *, void *)) SHA1Final
};
/*
@@ -195,183 +184,183 @@ struct auth_hash auth_hash_key_sha1 =
void
des1_encrypt(caddr_t key, u_int8_t *blk)
{
- des_ecb_encrypt(blk, blk, key, 1);
+ des_ecb_encrypt(blk, blk, key, 1);
}
void
des1_decrypt(caddr_t key, u_int8_t *blk)
{
- des_ecb_encrypt(blk, blk, key, 0);
+ des_ecb_encrypt(blk, blk, key, 0);
}
void
des1_setkey(u_int8_t **sched, u_int8_t *key, int len)
{
- MALLOC(*sched, u_int8_t *, 128, M_CRYPTO_DATA, M_WAITOK);
- bzero(*sched, 128);
- des_set_key(key, *sched);
+ MALLOC(*sched, u_int8_t *, 128, M_CRYPTO_DATA, M_WAITOK);
+ bzero(*sched, 128);
+ des_set_key(key, *sched);
}
void
des1_zerokey(u_int8_t **sched)
{
- bzero(*sched, 128);
- FREE(*sched, M_CRYPTO_DATA);
- *sched = NULL;
+ bzero(*sched, 128);
+ FREE(*sched, M_CRYPTO_DATA);
+ *sched = NULL;
}
void
des3_encrypt(caddr_t key, u_int8_t *blk)
{
- des_ecb3_encrypt(blk, blk, key, key + 128, key + 256, 1);
+ des_ecb3_encrypt(blk, blk, key, key + 128, key + 256, 1);
}
void
des3_decrypt(caddr_t key, u_int8_t *blk)
{
- des_ecb3_encrypt(blk, blk, key + 256, key + 128, key, 0);
+ des_ecb3_encrypt(blk, blk, key + 256, key + 128, key, 0);
}
void
des3_setkey(u_int8_t **sched, u_int8_t *key, int len)
{
- MALLOC(*sched, u_int8_t *, 384, M_CRYPTO_DATA, M_WAITOK);
- bzero(*sched, 384);
- des_set_key(key, *sched);
- des_set_key(key + 8, *sched + 128);
- des_set_key(key + 16, *sched + 256);
+ MALLOC(*sched, u_int8_t *, 384, M_CRYPTO_DATA, M_WAITOK);
+ bzero(*sched, 384);
+ des_set_key(key, *sched);
+ des_set_key(key + 8, *sched + 128);
+ des_set_key(key + 16, *sched + 256);
}
void
des3_zerokey(u_int8_t **sched)
{
- bzero(*sched, 384);
- FREE(*sched, M_CRYPTO_DATA);
- *sched = NULL;
+ bzero(*sched, 384);
+ FREE(*sched, M_CRYPTO_DATA);
+ *sched = NULL;
}
void
blf_encrypt(caddr_t key, u_int8_t *blk)
{
- blf_ecb_encrypt((blf_ctx *) key, blk, 8);
+ blf_ecb_encrypt((blf_ctx *) key, blk, 8);
}
void
blf_decrypt(caddr_t key, u_int8_t *blk)
{
- blf_ecb_decrypt((blf_ctx *) key, blk, 8);
+ blf_ecb_decrypt((blf_ctx *) key, blk, 8);
}
void
blf_setkey(u_int8_t **sched, u_int8_t *key, int len)
{
- MALLOC(*sched, u_int8_t *, sizeof(blf_ctx), M_CRYPTO_DATA, M_WAITOK);
- bzero(*sched, sizeof(blf_ctx));
- blf_key((blf_ctx *)*sched, key, len);
+ MALLOC(*sched, u_int8_t *, sizeof(blf_ctx), M_CRYPTO_DATA, M_WAITOK);
+ bzero(*sched, sizeof(blf_ctx));
+ blf_key((blf_ctx *)*sched, key, len);
}
void
blf_zerokey(u_int8_t **sched)
{
- bzero(*sched, sizeof(blf_ctx));
- FREE(*sched, M_CRYPTO_DATA);
- *sched = NULL;
+ bzero(*sched, sizeof(blf_ctx));
+ FREE(*sched, M_CRYPTO_DATA);
+ *sched = NULL;
}
void
cast5_encrypt(caddr_t key, u_int8_t *blk)
{
- cast_encrypt((cast_key *) key, blk, blk);
+ cast_encrypt((cast_key *) key, blk, blk);
}
void
cast5_decrypt(caddr_t key, u_int8_t *blk)
{
- cast_decrypt((cast_key *) key, blk, blk);
+ cast_decrypt((cast_key *) key, blk, blk);
}
void
cast5_setkey(u_int8_t **sched, u_int8_t *key, int len)
{
- MALLOC(*sched, u_int8_t *, sizeof(blf_ctx), M_CRYPTO_DATA, M_WAITOK);
- bzero(*sched, sizeof(blf_ctx));
- cast_setkey((cast_key *)*sched, key, len);
+ MALLOC(*sched, u_int8_t *, sizeof(blf_ctx), M_CRYPTO_DATA, M_WAITOK);
+ bzero(*sched, sizeof(blf_ctx));
+ cast_setkey((cast_key *)*sched, key, len);
}
void
cast5_zerokey(u_int8_t **sched)
{
- bzero(*sched, sizeof(cast_key));
- FREE(*sched, M_CRYPTO_DATA);
- *sched = NULL;
+ bzero(*sched, sizeof(cast_key));
+ FREE(*sched, M_CRYPTO_DATA);
+ *sched = NULL;
}
void
skipjack_encrypt(caddr_t key, u_int8_t *blk)
{
- skipjack_forwards(blk, blk, (u_int8_t **) key);
+ skipjack_forwards(blk, blk, (u_int8_t **) key);
}
void
skipjack_decrypt(caddr_t key, u_int8_t *blk)
{
- skipjack_backwards(blk, blk, (u_int8_t **) key);
+ skipjack_backwards(blk, blk, (u_int8_t **) key);
}
void
skipjack_setkey(u_int8_t **sched, u_int8_t *key, int len)
{
- MALLOC(*sched, u_int8_t *, 10 * sizeof(u_int8_t *), M_CRYPTO_DATA,
- M_WAITOK);
- bzero(*sched, 10 * sizeof(u_int8_t *));
- subkey_table_gen(key, (u_int8_t **) *sched);
+ MALLOC(*sched, u_int8_t *, 10 * sizeof(u_int8_t *), M_CRYPTO_DATA,
+ M_WAITOK);
+ bzero(*sched, 10 * sizeof(u_int8_t *));
+ subkey_table_gen(key, (u_int8_t **) *sched);
}
void
skipjack_zerokey(u_int8_t **sched)
{
- int k;
+ int k;
- for (k = 0; k < 10; k++)
- if (((u_int8_t **)(*sched))[k])
- {
- bzero(((u_int8_t **)(*sched))[k], 0x100);
- FREE(((u_int8_t **)(*sched))[k], M_CRYPTO_DATA);
+ for (k = 0; k < 10; k++) {
+ if (((u_int8_t **)(*sched))[k]) {
+ bzero(((u_int8_t **)(*sched))[k], 0x100);
+ FREE(((u_int8_t **)(*sched))[k], M_CRYPTO_DATA);
+ }
}
- bzero(*sched, 10 * sizeof(u_int8_t *));
- FREE(*sched, M_CRYPTO_DATA);
- *sched = NULL;
+ bzero(*sched, 10 * sizeof(u_int8_t *));
+ FREE(*sched, M_CRYPTO_DATA);
+ *sched = NULL;
}
void
rijndael128_encrypt(caddr_t key, u_int8_t *blk)
{
- rijndael_encrypt((rijndael_ctx *) key, (u4byte *) blk, (u4byte *) blk);
+ rijndael_encrypt((rijndael_ctx *) key, (u4byte *) blk, (u4byte *) blk);
}
void
rijndael128_decrypt(caddr_t key, u_int8_t *blk)
{
- rijndael_decrypt(((rijndael_ctx *) key) + 1, (u4byte *) blk,
- (u4byte *) blk);
+ rijndael_decrypt(((rijndael_ctx *) key) + 1, (u4byte *) blk,
+ (u4byte *) blk);
}
void
rijndael128_setkey(u_int8_t **sched, u_int8_t *key, int len)
{
- MALLOC(*sched, u_int8_t *, 2 * sizeof(rijndael_ctx), M_CRYPTO_DATA,
- M_WAITOK);
- bzero(*sched, 2 * sizeof(rijndael_ctx));
- rijndael_set_key((rijndael_ctx *) *sched, (u4byte *) key, len * 8, 1);
- rijndael_set_key(((rijndael_ctx *) *sched) + 1, (u4byte *) key, len * 8, 0);
+ MALLOC(*sched, u_int8_t *, 2 * sizeof(rijndael_ctx), M_CRYPTO_DATA,
+ M_WAITOK);
+ bzero(*sched, 2 * sizeof(rijndael_ctx));
+ rijndael_set_key((rijndael_ctx *) *sched, (u4byte *) key, len * 8, 1);
+ rijndael_set_key(((rijndael_ctx *) *sched) + 1, (u4byte *) key, len * 8, 0);
}
void
rijndael128_zerokey(u_int8_t **sched)
{
- bzero(*sched, 2 * sizeof(rijndael_ctx));
- FREE(*sched, M_CRYPTO_DATA);
- *sched = NULL;
+ bzero(*sched, 2 * sizeof(rijndael_ctx));
+ FREE(*sched, M_CRYPTO_DATA);
+ *sched = NULL;
}
/*
@@ -381,21 +370,21 @@ rijndael128_zerokey(u_int8_t **sched)
int
RMD160Update_int(void *ctx, u_int8_t *buf, u_int16_t len)
{
- RMD160Update(ctx, buf, len);
- return 0;
+ RMD160Update(ctx, buf, len);
+ return 0;
}
int
MD5Update_int(void *ctx, u_int8_t *buf, u_int16_t len)
{
- MD5Update(ctx, buf, len);
- return 0;
+ MD5Update(ctx, buf, len);
+ return 0;
}
int
SHA1Update_int(void *ctx, u_int8_t *buf, u_int16_t len)
{
- SHA1Update(ctx, buf, len);
- return 0;
+ SHA1Update(ctx, buf, len);
+ return 0;
}
diff --git a/sys/crypto/xform.h b/sys/crypto/xform.h
index dc86f5788e0..3c1803fbc5c 100644
--- a/sys/crypto/xform.h
+++ b/sys/crypto/xform.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: xform.h,v 1.4 2001/06/13 13:43:35 angelos Exp $ */
+/* $OpenBSD: xform.h,v 1.5 2001/06/16 22:17:50 deraadt Exp $ */
/*
* The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
@@ -29,35 +29,33 @@
#include <crypto/rmd160.h>
/* Declarations */
-struct auth_hash
-{
- int type;
- char *name;
- u_int16_t keysize;
- u_int16_t hashsize;
- u_int16_t authsize;
- u_int16_t ctxsize;
- void (*Init) (void *);
- int (*Update) (void *, u_int8_t *, u_int16_t);
- void (*Final) (u_int8_t *, void *);
+struct auth_hash {
+ int type;
+ char *name;
+ u_int16_t keysize;
+ u_int16_t hashsize;
+ u_int16_t authsize;
+ u_int16_t ctxsize;
+ void (*Init) (void *);
+ int (*Update) (void *, u_int8_t *, u_int16_t);
+ void (*Final) (u_int8_t *, void *);
};
-struct enc_xform
-{
- int type;
- char *name;
- u_int16_t blocksize;
- u_int16_t minkey, maxkey;
- void (*encrypt) (caddr_t, u_int8_t *);
- void (*decrypt) (caddr_t, u_int8_t *);
- void (*setkey) (u_int8_t **, u_int8_t *, int len);
- void (*zerokey) (u_int8_t **);
+struct enc_xform {
+ int type;
+ char *name;
+ u_int16_t blocksize;
+ u_int16_t minkey, maxkey;
+ void (*encrypt) (caddr_t, u_int8_t *);
+ void (*decrypt) (caddr_t, u_int8_t *);
+ void (*setkey) (u_int8_t **, u_int8_t *, int len);
+ void (*zerokey) (u_int8_t **);
};
union authctx {
- MD5_CTX md5ctx;
- SHA1_CTX sha1ctx;
- RMD160_CTX rmd160ctx;
+ MD5_CTX md5ctx;
+ SHA1_CTX sha1ctx;
+ RMD160_CTX rmd160ctx;
};
extern struct enc_xform enc_xform_des;
@@ -72,4 +70,5 @@ extern struct auth_hash auth_hash_key_sha1;
extern struct auth_hash auth_hash_hmac_md5_96;
extern struct auth_hash auth_hash_hmac_sha1_96;
extern struct auth_hash auth_hash_hmac_ripemd_160_96;
+
#endif /* _CRYPTO_XFORM_H_ */