pass aesni_ctr_enc an initial counter block instead of an initialization vector

2 files changed, 21 insertions, 18 deletions

diff --git a/sys/arch/amd64/amd64/aes_intel.S b/sys/arch/amd64/amd64/aes_intel.S
index 6b3c9897aeb..f958913fec5 100644
--- a/sys/arch/amd64/amd64/aes_intel.S
+++ b/sys/arch/amd64/amd64/aes_intel.S
@@ -1,4 +1,4 @@
-/*	$OpenBSD: aes_intel.S,v 1.2 2010/07/22 12:47:40 thib Exp $	*/
+/*	$OpenBSD: aes_intel.S,v 1.3 2010/11/10 17:05:39 mikeb Exp $	*/
 
 /*
  * Implement AES algorithm in Intel AES-NI instructions.
@@ -66,13 +66,13 @@
 #define BSWAP_MASK	%xmm10
 #define CTR		%xmm11
 #define INC		%xmm12
-#define NONCE		%xmm13
 
 #define KEYP		%rdi
 #define OUTP		%rsi
 #define INP		%rdx
 #define LEN		%rcx
 #define IVP		%r8
+#define ICBP		%r8
 #define KLEN		%r9d
 #define T1		%r10
 #define TKEYP		T1
@@ -772,22 +772,22 @@ ENTRY(aesni_cbc_dec)
  * _aesni_inc_init:	internal ABI
  *	setup registers used by _aesni_inc
  * input:
- *	IV
+ *	ICB
  * output:
- *	CTR:		== IV, in little endian
+ *	CTR:		== CTR, in little endian
+ *	IV:		== IV, in big endian
  *	TCTR_LOW:	== lower dword of CTR
  *	INC:		== 1, in little endian
  *	BSWAP_MASK	== endian swapping mask
  */
 _aesni_inc_init:
-	movaps .Lbswap_mask, BSWAP_MASK
-	movaps IV, CTR
-	pslldq $4, CTR
-	por NONCE, CTR
-	pshufb BSWAP_MASK, CTR
-	mov $1, TCTR_LOW
-	movd TCTR_LOW, INC
-	movd CTR, TCTR_LOW
+	movdqa	CTR, IV
+	pslldq	$8, IV
+	movdqu	.Lbswap_mask, BSWAP_MASK
+	pshufb	BSWAP_MASK, CTR
+	mov	$1, TCTR_LOW
+	movd	TCTR_LOW, INC
+	movd	CTR, TCTR_LOW
 	ret
 
 /*
@@ -819,14 +819,13 @@ _aesni_inc:
 
 /*
  * void aesni_ctr_enc(struct aesni_sess *ses, uint8_t *dst, uint8_t *src,
- *     size_t len, uint8_t *iv)
+ *     size_t len, uint8_t *icb)
  */
 ENTRY(aesni_ctr_enc)
 	cmp $16, LEN
 	jb .Lctr_enc_just_ret
 	mov 480(KEYP), KLEN
-	movd 484(KEYP), NONCE
-	movq (IVP), IV
+	movdqu (ICBP), CTR
 	call _aesni_inc_init
 	cmp $64, LEN
 	jb .Lctr_enc_loop1
diff --git a/sys/arch/amd64/amd64/aesni.c b/sys/arch/amd64/amd64/aesni.c
index b698bac4928..d3ce982f480 100644
--- a/sys/arch/amd64/amd64/aesni.c
+++ b/sys/arch/amd64/amd64/aesni.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: aesni.c,v 1.9 2010/09/07 15:51:00 mikeb Exp $	*/
+/*	$OpenBSD: aesni.c,v 1.10 2010/11/10 17:05:39 mikeb Exp $	*/
 /*-
  * Copyright (c) 2003 Jason Wright
  * Copyright (c) 2003, 2004 Theo de Raadt
@@ -77,7 +77,7 @@ extern void aesni_cbc_dec(struct aesni_sess *ses, uint8_t *dst,
 
 /* assembler-assisted CTR mode */
 extern void aesni_ctr_enc(struct aesni_sess *ses, uint8_t *dst,
-	    uint8_t *src, size_t len, uint8_t *iv);
+	    uint8_t *src, size_t len, uint8_t *icb);
 
 void	aesni_setup(void);
 int	aesni_newsession(u_int32_t *, struct cryptoini *);
@@ -314,6 +314,7 @@ aesni_encdec(struct cryptop *crp, struct cryptodesc *crd,
     struct aesni_sess *ses)
 {
 	uint8_t iv[EALG_MAX_BLOCK_LEN];
+	uint8_t icb[EALG_MAX_BLOCK_LEN];
 	uint8_t *buf = aesni_sc->sc_buf;
 	int ivlen = 0;
 	int err = 0;
@@ -396,7 +397,10 @@ aesni_encdec(struct cryptop *crp, struct cryptodesc *crd,
 		else
 			aesni_cbc_dec(ses, buf, buf, crd->crd_len, iv);
 	} else if (crd->crd_alg == CRYPTO_AES_CTR) {
-		aesni_ctr_enc(ses, buf, buf, crd->crd_len, iv);
+		bzero(icb, sizeof(icb));
+		bcopy(ses->ses_nonce, icb, AESCTR_NONCESIZE);
+		bcopy(iv, icb + AESCTR_NONCESIZE, AESCTR_IVSIZE);
+		aesni_ctr_enc(ses, buf, buf, crd->crd_len, icb);
 	}
 	fpu_kernel_exit();