Home Explore Help
Register Sign In
rozhuk.im
/
freebsd
Watch 1
Star 0
Fork 0
Files
Branch: main
Branches Tags
freebsd
/
sys
/
opencrypto
/
gmac.c

gmac.c 3.5 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132 
  1. /*-
    2. 

  2.  * Copyright (c) 2014 The FreeBSD Foundation
    3. 

  3.  * All rights reserved.
    4. 

  4.  *
    5. 

  5.  * This software was developed by John-Mark Gurney under
    6. 

  6.  * the sponsorship of the FreeBSD Foundation and
    7. 

  7.  * Rubicon Communications, LLC (Netgate).
    8. 

  8.  * Redistribution and use in source and binary forms, with or without
    9. 

  9.  * modification, are permitted provided that the following conditions
    10. 

  10.  * are met:
    11. 

  11.  * 1.  Redistributions of source code must retain the above copyright
    12. 

  12.  *     notice, this list of conditions and the following disclaimer.
    13. 

  13.  * 2.  Redistributions in binary form must reproduce the above copyright
    14. 

  14.  *     notice, this list of conditions and the following disclaimer in the
    15. 

  15.  *     documentation and/or other materials provided with the distribution.
    16. 

  16.  *
    17. 

  17.  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
    18. 

  18.  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
    19. 

  19.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
    20. 

  20.  * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
    21. 

  21.  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
    22. 

  22.  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
    23. 

  23.  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
    24. 

  24.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
    25. 

  25.  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
    26. 

  26.  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
    27. 

  27.  * SUCH DAMAGE.
    28. 

  28.  *
    29. 

  29.  *	$FreeBSD$
    30. 

  30.  *
    31. 

  31.  */
    32. 

  32. 

  33. #include <sys/types.h>
    34. 

  34. #include <sys/systm.h>
    35. 

  35. #include <opencrypto/gfmult.h>
    36. 

  36. #include <opencrypto/gmac.h>
    37. 

  37. 

  38. void
    39. 

  39. AES_GMAC_Init(void *ctx)
    40. 

  40. {
    41. 

  41. 	struct aes_gmac_ctx *agc;
    42. 

  42. 

  43. 	agc = ctx;
    44. 

  44. 	bzero(agc, sizeof *agc);
    45. 

  45. }
    46. 

  46. 

  47. void
    48. 

  48. AES_GMAC_Setkey(void *ctx, const uint8_t *key, u_int klen)
    49. 

  49. {
    50. 

  50. 	struct aes_gmac_ctx *agc;
    51. 

  51. 	const uint8_t zeros[GMAC_BLOCK_LEN] = {};
    52. 

  52. 	struct gf128 h;
    53. 

  53. 	uint8_t hbuf[GMAC_BLOCK_LEN];
    54. 

  54. 

  55. 	agc = ctx;
    56. 

  56. 	agc->rounds = rijndaelKeySetupEnc(agc->keysched, key, klen * 8);
    57. 

  57. 

  58. 	rijndaelEncrypt(agc->keysched, agc->rounds, zeros, hbuf);
    59. 

  59. 

  60. 	h = gf128_read(hbuf);
    61. 

  61. 	gf128_genmultable4(h, &agc->ghashtbl);
    62. 

  62. 

  63. 	explicit_bzero(&h, sizeof h);
    64. 

  64. 	explicit_bzero(hbuf, sizeof hbuf);
    65. 

  65. }
    66. 

  66. 

  67. void
    68. 

  68. AES_GMAC_Reinit(void *ctx, const uint8_t *iv, u_int ivlen)
    69. 

  69. {
    70. 

  70. 	struct aes_gmac_ctx *agc;
    71. 

  71. 

  72. 	agc = ctx;
    73. 

  73. 	KASSERT(ivlen <= sizeof agc->counter, ("passed ivlen too large!"));
    74. 

  74. 	bcopy(iv, agc->counter, ivlen);
    75. 

  75. }
    76. 

  76. 

  77. int
    78. 

  78. AES_GMAC_Update(void *ctx, const void *vdata, u_int len)
    79. 

  79. {
    80. 

  80. 	struct aes_gmac_ctx *agc;
    81. 

  81. 	const uint8_t *data;
    82. 

  82. 	struct gf128 v;
    83. 

  83. 	uint8_t buf[GMAC_BLOCK_LEN] = {};
    84. 

  84. 	int i;
    85. 

  85. 

  86. 	agc = ctx;
    87. 

  87. 	data = vdata;
    88. 

  88. 	v = agc->hash;
    89. 

  89. 

  90. 	while (len > 0) {
    91. 

  91. 		if (len >= 4*GMAC_BLOCK_LEN) {
    92. 

  92. 			i = 4*GMAC_BLOCK_LEN;
    93. 

  93. 			v = gf128_mul4b(v, data, &agc->ghashtbl);
    94. 

  94. 		} else if (len >= GMAC_BLOCK_LEN) {
    95. 

  95. 			i = GMAC_BLOCK_LEN;
    96. 

  96. 			v = gf128_add(v, gf128_read(data));
    97. 

  97. 			v = gf128_mul(v, &agc->ghashtbl.tbls[0]);
    98. 

  98. 		} else {
    99. 

  99. 			i = len;
    100. 

  100. 			bcopy(data, buf, i);
    101. 

  101. 			v = gf128_add(v, gf128_read(&buf[0]));
    102. 

  102. 			v = gf128_mul(v, &agc->ghashtbl.tbls[0]);
    103. 

  103. 			explicit_bzero(buf, sizeof buf);
    104. 

  104. 		}
    105. 

  105. 		len -= i;
    106. 

  106. 		data += i;
    107. 

  107. 	}
    108. 

  108. 

  109. 	agc->hash = v;
    110. 

  110. 	explicit_bzero(&v, sizeof v);
    111. 

  111. 

  112. 	return (0);
    113. 

  113. }
    114. 

  114. 

  115. void
    116. 

  116. AES_GMAC_Final(uint8_t *digest, void *ctx)
    117. 

  117. {
    118. 

  118. 	struct aes_gmac_ctx *agc;
    119. 

  119. 	uint8_t enccntr[GMAC_BLOCK_LEN];
    120. 

  120. 	struct gf128 a;
    121. 

  121. 

  122. 	/* XXX - zero additional bytes? */
    123. 

  123. 	agc = ctx;
    124. 

  124. 	agc->counter[GMAC_BLOCK_LEN - 1] = 1;
    125. 

  125. 

  126. 	rijndaelEncrypt(agc->keysched, agc->rounds, agc->counter, enccntr);
    127. 

  127. 	a = gf128_add(agc->hash, gf128_read(enccntr));
    128. 

  128. 	gf128_write(a, digest);
    129. 

  129. 

  130. 	explicit_bzero(enccntr, sizeof enccntr);
    131. 

  131. }
    132. 

  132.