summaryrefslogtreecommitdiff
path: root/sys
diff options
context:
space:
mode:
Diffstat (limited to 'sys')
-rw-r--r--sys/crypto/crypto.h7
-rw-r--r--sys/crypto/cryptosoft.c70
2 files changed, 28 insertions, 49 deletions
diff --git a/sys/crypto/crypto.h b/sys/crypto/crypto.h
index ef11a18ec3e..f4515fb6abb 100644
--- a/sys/crypto/crypto.h
+++ b/sys/crypto/crypto.h
@@ -66,6 +66,7 @@ struct cryptoini
int cri_klen; /* Key length, in bits */
int cri_rnd; /* Algorithm rounds, where relevant */
caddr_t cri_key; /* key to use */
+ u_int8_t cri_iv[EALG_MAX_BLOCK_LEN]; /* IV to use */
struct cryptoini *cri_next;
};
@@ -78,10 +79,12 @@ struct cryptodesc
int crd_flags;
#define CRD_F_ENCRYPT 0x1 /* Set when doing encryption */
-#define CRD_F_HALFIV 0x2
-#define CRD_F_IV_PRESENT 0x4 /* Used/sensible only when encrypting */
+#define CRD_F_IV_PRESENT 0x2 /* When encrypting, IV is already in
+ place, so don't copy. */
+#define CRD_F_IV_EXPLICIT 0x4 /* IV explicitly provided */
struct cryptoini CRD_INI; /* Initialization/context data */
+#define crd_iv CRD_INI.cri_iv
#define crd_key CRD_INI.cri_key
#define crd_rnd CRD_INI.cri_rnd
#define crd_alg CRD_INI.cri_alg
diff --git a/sys/crypto/cryptosoft.c b/sys/crypto/cryptosoft.c
index ec291177422..5091ea61b15 100644
--- a/sys/crypto/cryptosoft.c
+++ b/sys/crypto/cryptosoft.c
@@ -85,25 +85,12 @@ swcr_encdec(struct cryptodesc *crd, struct swcr_data *sw, caddr_t buf,
{
if (crd->crd_flags & CRD_F_ENCRYPT)
{
- /* Inject IV */
- if (crd->crd_flags & CRD_F_HALFIV)
- {
- if (crd->crd_flags & CRD_F_IV_PRESENT)
- bcopy(buf + crd->crd_inject, sw->sw_iv, blks / 2);
-
- /* "Cook" half-IV */
- for (k = 0; k < blks / 2; k++)
- sw->sw_iv[(blks / 2) + k] = ~sw->sw_iv[k];
+ /* IV explicitly provided ? */
+ if (crd->crd_flags & CRD_F_IV_EXPLICIT)
+ bcopy(crd->crd_iv, sw->sw_iv, blks);
- bcopy(sw->sw_iv, buf + crd->crd_inject, blks / 2);
- }
- else
- {
- if (crd->crd_flags & CRD_F_IV_PRESENT)
- bcopy(buf + crd->crd_inject, sw->sw_iv, blks);
- else
- bcopy(sw->sw_iv, buf + crd->crd_inject, blks);
- }
+ if (!(crd->crd_flags & CRD_F_IV_PRESENT))
+ bcopy(sw->sw_iv, buf + crd->crd_inject, blks);
for (i = crd->crd_skip;
i < crd->crd_skip + crd->crd_len;
@@ -125,13 +112,11 @@ swcr_encdec(struct cryptodesc *crd, struct swcr_data *sw, caddr_t buf,
}
else /* Decrypt */
{
- /* Copy the IV off the buffer */
- bcopy(buf + crd->crd_inject, sw->sw_iv, blks);
-
- /* "Cook" half-IV */
- if (crd->crd_flags & CRD_F_HALFIV)
- for (k = 0; k < blks / 2; k++)
- sw->sw_iv[(blks / 2) + k] = ~sw->sw_iv[k];
+ /* IV explicitly provided ? */
+ if (crd->crd_flags & CRD_F_IV_EXPLICIT)
+ bcopy(crd->crd_iv, sw->sw_iv, blks);
+ else /* IV preceeds data */
+ bcopy(buf + crd->crd_inject, sw->sw_iv, blks);
/*
* Start at the end, so we don't need to keep the encrypted
@@ -162,32 +147,23 @@ swcr_encdec(struct cryptodesc *crd, struct swcr_data *sw, caddr_t buf,
/* Initialize the IV */
if (crd->crd_flags & CRD_F_ENCRYPT)
{
- if (crd->crd_flags & CRD_F_IV_PRESENT)
- m_copydata(m, crd->crd_inject, blks, iv);
+ /* IV explicitly provided ? */
+ if (crd->crd_flags & CRD_F_IV_EXPLICIT)
+ bcopy(crd->crd_iv, iv, blks);
else
- bcopy(sw->sw_iv, iv, blks);
+ bcopy(sw->sw_iv, iv, blks); /* Use IV from context */
- /* "Cook" half-IV */
- if (crd->crd_flags & CRD_F_HALFIV)
- {
- for (k = 0; k < blks / 2; k++)
- iv[(blks / 2) + k] = ~iv[k];
-
- if (!(crd->crd_flags & CRD_F_IV_PRESENT))
- m_copyback(m, crd->crd_inject, blks / 2, iv);
- }
- else
- if (!(crd->crd_flags & CRD_F_IV_PRESENT))
- m_copyback(m, crd->crd_inject, blks, iv);
+ /* Do we need to write the IV */
+ if (!(crd->crd_flags & CRD_F_IV_PRESENT))
+ m_copyback(m, crd->crd_inject, blks, iv);
}
- else
+ else /* Decryption */
{
- m_copydata(m, crd->crd_inject, blks, iv); /* Get IV off mbuf */
-
- /* "Cook" half-IV */
- if (crd->crd_flags & CRD_F_HALFIV)
- for (k = 0; k < blks / 2; k++)
- iv[(blks / 2) + k] = ~iv[k];
+ /* IV explicitly provided ? */
+ if (crd->crd_flags & CRD_F_IV_EXPLICIT)
+ bcopy(crd->crd_iv, iv, blks);
+ else
+ m_copydata(m, crd->crd_inject, blks, iv); /* Get IV off mbuf */
}
ivp = iv;