diff options
| author | Thordur I. Bjornsson <thib@cvs.openbsd.org> | 2010-07-22 12:47:41 +0000 |
|---|---|---|
| committer | Thordur I. Bjornsson <thib@cvs.openbsd.org> | 2010-07-22 12:47:41 +0000 |
| commit | c0eaabc4ba86c46830c37cb4404e2cb45b25e0c4 (patch) | |
| tree | 2476dfc2147cb969d2c62cf83ea8632b7c476d5c /sys | |
| parent | 38330b34c0075cb10bbf547792b6d64cd4c1f4b5 (diff) | |
Fixes for AES CTR mode from mikeb:
o Fix up counter increment for buffers larger then 64 bytes, by
calling the increment routine before loading the IV into the
encryption routine input register.
o In aesni_encdec() regenerate the IV for every new request.
Also use nice defines instead of magic constants for the size
of ses_iv.
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/arch/amd64/amd64/aes_intel.S | 10 | ||||
| -rw-r--r-- | sys/arch/amd64/amd64/aesni.c | 36 |
2 files changed, 26 insertions, 20 deletions
diff --git a/sys/arch/amd64/amd64/aes_intel.S b/sys/arch/amd64/amd64/aes_intel.S index 9747b8d93e9..6b3c9897aeb 100644 --- a/sys/arch/amd64/amd64/aes_intel.S +++ b/sys/arch/amd64/amd64/aes_intel.S @@ -1,4 +1,4 @@ -/* $OpenBSD: aes_intel.S,v 1.1 2010/06/29 21:34:11 thib Exp $ */ +/* $OpenBSD: aes_intel.S,v 1.2 2010/07/22 12:47:40 thib Exp $ */ /* * Implement AES algorithm in Intel AES-NI instructions. @@ -832,17 +832,17 @@ ENTRY(aesni_ctr_enc) jb .Lctr_enc_loop1 .align 4 .Lctr_enc_loop4: - movaps IV, STATE1 call _aesni_inc + movaps IV, STATE1 movups (INP), IN1 - movaps IV, STATE2 call _aesni_inc + movaps IV, STATE2 movups 0x10(INP), IN2 - movaps IV, STATE3 call _aesni_inc + movaps IV, STATE3 movups 0x20(INP), IN3 - movaps IV, STATE4 call _aesni_inc + movaps IV, STATE4 movups 0x30(INP), IN4 call _aesni_enc4 pxor IN1, STATE1 diff --git a/sys/arch/amd64/amd64/aesni.c b/sys/arch/amd64/amd64/aesni.c index fa74f041c76..bb84d680e54 100644 --- a/sys/arch/amd64/amd64/aesni.c +++ b/sys/arch/amd64/amd64/aesni.c @@ -1,4 +1,4 @@ -/* $OpenBSD: aesni.c,v 1.7 2010/07/08 08:15:18 thib Exp $ */ +/* $OpenBSD: aesni.c,v 1.8 2010/07/22 12:47:40 thib Exp $ */ /*- * Copyright (c) 2003 Jason Wright * Copyright (c) 2003, 2004 Theo de Raadt @@ -46,7 +46,7 @@ struct aesni_sess { uint32_t ses_dkey[4 * (AES_MAXROUNDS + 1)]; uint32_t ses_klen; uint8_t ses_nonce[AESCTR_NONCESIZE]; - uint8_t ses_iv[16]; + uint8_t ses_iv[EALG_MAX_BLOCK_LEN]; int ses_sid; int ses_used; struct swcr_data *ses_swd; @@ -411,19 +411,25 @@ aesni_encdec(struct cryptop *crp, struct cryptodesc *crd, else bcopy(buf, crp->crp_buf + crd->crd_skip, crd->crd_len); - /* Copy out last block for use as next session IV for CBC */ - if (crd->crd_alg == CRYPTO_AES_CBC && crd->crd_flags & CRD_F_ENCRYPT) { - if (crp->crp_flags & CRYPTO_F_IMBUF) - m_copydata((struct mbuf *)crp->crp_buf, - crd->crd_skip + crd->crd_len - ivlen, ivlen, - ses->ses_iv); - else if (crp->crp_flags & CRYPTO_F_IOV) - cuio_copydata((struct uio *)crp->crp_buf, - crd->crd_skip + crd->crd_len - ivlen, ivlen, - ses->ses_iv); - else - bcopy(crp->crp_buf + crd->crd_skip + - crd->crd_len - ivlen, ses->ses_iv, ivlen); + /* + * Copy out last block for use as next session IV for CBC, + * generate new IV for CTR. + */ + if (crd->crd_flags & CRD_F_ENCRYPT) { + if (crd->crd_alg == CRYPTO_AES_CBC) { + if (crp->crp_flags & CRYPTO_F_IMBUF) + m_copydata((struct mbuf *)crp->crp_buf, + crd->crd_skip + crd->crd_len - ivlen, ivlen, + ses->ses_iv); + else if (crp->crp_flags & CRYPTO_F_IOV) + cuio_copydata((struct uio *)crp->crp_buf, + crd->crd_skip + crd->crd_len - ivlen, ivlen, + ses->ses_iv); + else + bcopy(crp->crp_buf + crd->crd_skip + + crd->crd_len - ivlen, ses->ses_iv, ivlen); + } else if (crd->crd_alg == CRYPTO_AES_CTR) + arc4random_buf(ses->ses_iv, ivlen); } out: |