Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

AES XCBC MAC (for AH) 

AES counter mode (for ESP)
This commit is contained in:
itojun 2003-07-25 09:48:17 +00:00
parent 1b39a0b938
commit 4fc37746bf
4 changed files with 736 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

191
sys/netinet6/ah_aesxcbcmac.c Normal file
View File

@ -0,0 +1,191 @@
/* $NetBSD: ah_aesxcbcmac.c,v 1.1 2003/07/25 09:48:17 itojun Exp $ */
/* $KAME: ah_aesxcbcmac.c,v 1.2 2003/07/20 00:29:37 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, 1998 and 2003 WIDE Project.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the project nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: ah_aesxcbcmac.c,v 1.1 2003/07/25 09:48:17 itojun Exp $");
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/socket.h>
#include <sys/queue.h>
#include <sys/syslog.h>
#include <sys/mbuf.h>
#include <net/if.h>
#include <net/route.h>
#include <netinet/in.h>
#include <netinet6/ipsec.h>
#include <netinet6/ah.h>
#include <netinet6/ah_aesxcbcmac.h>
#include <netkey/key.h>
#include <crypto/rijndael/rijndael.h>
#include <net/net_osdep.h>
#define AES_BLOCKSIZE 16
typedef struct {
u_int8_t e[AES_BLOCKSIZE];
u_int8_t buf[AES_BLOCKSIZE];
size_t buflen;
u_int32_t r_k1s[(RIJNDAEL_MAXNR+1)*4];
u_int32_t r_k2s[(RIJNDAEL_MAXNR+1)*4];
u_int32_t r_k3s[(RIJNDAEL_MAXNR+1)*4];
int r_nr; /* key-length-dependent number of rounds */
u_int8_t k2[AES_BLOCKSIZE];
u_int8_t k3[AES_BLOCKSIZE];
} aesxcbc_ctx;
int
ah_aes_xcbc_mac_init(state, sav)
struct ah_algorithm_state *state;
struct secasvar *sav;
{
u_int8_t k1seed[AES_BLOCKSIZE] = { 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 };
u_int8_t k2seed[AES_BLOCKSIZE] = { 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2 };
u_int8_t k3seed[AES_BLOCKSIZE] = { 3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3 };
u_int32_t r_ks[(RIJNDAEL_MAXNR+1)*4];
aesxcbc_ctx *ctx;
if (!state)
panic("ah_aes_xcbc_mac_init: what?");
state->sav = sav;
state->foo = (void *)malloc(sizeof(aesxcbc_ctx), M_TEMP, M_NOWAIT);
if (!state->foo)
return ENOBUFS;
bzero(state->foo, sizeof(aesxcbc_ctx));
ctx = (aesxcbc_ctx *)state->foo;
if ((ctx->r_nr = rijndaelKeySetupEnc(r_ks,
(char *)_KEYBUF(sav->key_auth), AES_BLOCKSIZE * 8)) == 0)
return -1;
if (rijndaelKeySetupEnc(ctx->r_k1s, k1seed, AES_BLOCKSIZE * 8) == 0)
return -1;
if (rijndaelKeySetupEnc(ctx->r_k2s, k2seed, AES_BLOCKSIZE * 8) == 0)
return -1;
if (rijndaelKeySetupEnc(ctx->r_k3s, k3seed, AES_BLOCKSIZE * 8) == 0)
return -1;
rijndaelEncrypt(r_ks, ctx->r_nr, k2seed, ctx->k2);
rijndaelEncrypt(r_ks, ctx->r_nr, k3seed, ctx->k3);
return 0;
}
void
ah_aes_xcbc_mac_loop(state, addr, len)
struct ah_algorithm_state *state;
u_int8_t *addr;
size_t len;
{
u_int8_t buf[AES_BLOCKSIZE];
aesxcbc_ctx *ctx;
u_int8_t *ep;
int i;
if (!state || !state->foo)
panic("ah_aes_xcbc_mac_loop: what?");
ctx = (aesxcbc_ctx *)state->foo;
ep = addr + len;
if (ctx->buflen == sizeof(ctx->buf)) {
for (i = 0; i < sizeof(ctx->e); i++)
ctx->buf[i] ^= ctx->e[i];
rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, ctx->buf, ctx->e);
ctx->buflen = 0;
}
if (ctx->buflen + len < sizeof(ctx->buf)) {
bcopy(addr, ctx->buf + ctx->buflen, len);
ctx->buflen += len;
return;
}
if (ctx->buflen && ctx->buflen + len > sizeof(ctx->buf)) {
bcopy(addr, ctx->buf + ctx->buflen,
sizeof(ctx->buf) - ctx->buflen);
for (i = 0; i < sizeof(ctx->e); i++)
ctx->buf[i] ^= ctx->e[i];
rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, ctx->buf, ctx->e);
addr += sizeof(ctx->buf) - ctx->buflen;
ctx->buflen = 0;
}
/* due to the special processing for M[n], "=" case is not included */
while (addr + AES_BLOCKSIZE < ep) {
bcopy(addr, buf, AES_BLOCKSIZE);
for (i = 0; i < sizeof(buf); i++)
buf[i] ^= ctx->e[i];
rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, buf, ctx->e);
addr += AES_BLOCKSIZE;
}
if (addr < ep) {
bcopy(addr, ctx->buf, ep - addr);
ctx->buflen = ep - addr;
}
}
void
ah_aes_xcbc_mac_result(state, addr, l)
struct ah_algorithm_state *state;
u_int8_t *addr;
size_t l;
{
u_char digest[AES_BLOCKSIZE];
aesxcbc_ctx *ctx;
int i;
ctx = (aesxcbc_ctx *)state->foo;
if (ctx->buflen == sizeof(ctx->buf)) {
for (i = 0; i < sizeof(ctx->buf); i++) {
ctx->buf[i] ^= ctx->e[i];
ctx->buf[i] ^= ctx->k2[i];
}
rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, ctx->buf, digest);
} else {
for (i = ctx->buflen; i < sizeof(ctx->buf); i++)
ctx->buf[i] = (i == ctx->buflen) ? 0x80 : 0x00;
for (i = 0; i < sizeof(ctx->buf); i++) {
ctx->buf[i] ^= ctx->e[i];
ctx->buf[i] ^= ctx->k3[i];
}
rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, ctx->buf, digest);
}
bcopy(digest, addr, sizeof(digest) > l ? l : sizeof(digest));
free(state->foo, M_TEMP);
}

39
sys/netinet6/ah_aesxcbcmac.h Normal file
View File

@ -0,0 +1,39 @@
/* $NetBSD: ah_aesxcbcmac.h,v 1.1 2003/07/25 09:48:18 itojun Exp $ */
/* $KAME: ah_aesxcbcmac.h,v 1.2 2003/07/20 00:29:37 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, 1998 and 2003 WIDE Project.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the project nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
extern int ah_aes_xcbc_mac_init __P((struct ah_algorithm_state *,
struct secasvar *));
extern void ah_aes_xcbc_mac_loop __P((struct ah_algorithm_state *, u_int8_t *,
size_t));
extern void ah_aes_xcbc_mac_result __P((struct ah_algorithm_state *,
u_int8_t *, size_t));

465
sys/netinet6/esp_aesctr.c Normal file
View File

@ -0,0 +1,465 @@
/* $NetBSD: esp_aesctr.c,v 1.1 2003/07/25 09:48:18 itojun Exp $ */
/* $KAME: esp_aesctr.c,v 1.2 2003/07/20 00:29:37 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, 1998 and 2003 WIDE Project.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the project nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: esp_aesctr.c,v 1.1 2003/07/25 09:48:18 itojun Exp $");
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/socket.h>
#include <sys/queue.h>
#include <sys/syslog.h>
#include <sys/mbuf.h>
#include <net/if.h>
#include <net/route.h>
#include <netinet/in.h>
#include <netinet6/ipsec.h>
#include <netinet6/esp.h>
#include <netinet6/esp_aesctr.h>
#include <netkey/key.h>
#include <crypto/rijndael/rijndael.h>
#include <net/net_osdep.h>
#define AES_BLOCKSIZE 16
#define NONCESIZE 4
union cblock {
struct {
u_int8_t nonce[4];
u_int8_t iv[16];
u_int32_t ctr;
} v __attribute__((__packed__));
u_int8_t cblock[16];
};
typedef struct {
u_int32_t r_ek[(RIJNDAEL_MAXNR+1)*4];
int r_nr; /* key-length-dependent number of rounds */
} aesctr_ctx;
int
esp_aesctr_mature(sav)
struct secasvar *sav;
{
int keylen;
const struct esp_algorithm *algo;
algo = esp_algorithm_lookup(sav->alg_enc);
if (!algo) {
ipseclog((LOG_ERR,
"esp_aeesctr_mature %s: unsupported algorithm.\n",
algo->name));
return 1;
}
keylen = sav->key_enc->sadb_key_bits;
if (keylen < algo->keymin || algo->keymax < keylen) {
ipseclog((LOG_ERR,
"esp_aesctr_mature %s: invalid key length %d.\n",
algo->name, sav->key_enc->sadb_key_bits));
return 1;
}
/* rijndael key + nonce */
if (!(keylen == 128 + 32 || keylen == 192 + 32 || keylen == 256 + 32)) {
ipseclog((LOG_ERR,
"esp_aesctr_mature %s: invalid key length %d.\n",
algo->name, keylen));
return 1;
}
return 0;
}
size_t
esp_aesctr_schedlen(algo)
const struct esp_algorithm *algo;
{
return sizeof(aesctr_ctx);
}
int
esp_aesctr_schedule(algo, sav)
const struct esp_algorithm *algo;
struct secasvar *sav;
{
aesctr_ctx *ctx;
int keylen;
/* SA key = AES key + nonce */
keylen = _KEYLEN(sav->key_enc) * 8 - NONCESIZE * 8;
ctx = (aesctr_ctx *)sav->sched;
if ((ctx->r_nr = rijndaelKeySetupEnc(ctx->r_ek,
(char *)_KEYBUF(sav->key_enc), keylen)) == 0)
return -1;
return 0;
}
int
esp_aesctr_decrypt(m, off, sav, algo, ivlen)
struct mbuf *m;
size_t off;
struct secasvar *sav;
const struct esp_algorithm *algo;
int ivlen;
{
struct mbuf *s;
struct mbuf *d, *d0 = NULL, *dp;
int soff, doff; /* offset from the head of chain, to head of this mbuf */
int sn, dn; /* offset from the head of the mbuf, to meat */
size_t ivoff, bodyoff;
union cblock cblock;
u_int8_t keystream[AES_BLOCKSIZE], *nonce;
u_int32_t ctr;
u_int8_t *ivp;
u_int8_t sbuf[AES_BLOCKSIZE], *sp, *dst;
struct mbuf *scut;
int scutoff;
int i;
int blocklen;
aesctr_ctx *ctx;
if (ivlen != sav->ivlen) {
ipseclog((LOG_ERR, "esp_aesctr_decrypt %s: "
"unsupported ivlen %d\n", algo->name, ivlen));
goto fail;
}
/* assumes blocklen == padbound */
blocklen = algo->padbound;
ivoff = off + sizeof(struct newesp);
bodyoff = off + sizeof(struct newesp) + ivlen;
/* setup counter block */
nonce = _KEYBUF(sav->key_enc) + _KEYLEN(sav->key_enc) - NONCESIZE;
bcopy(nonce, cblock.v.nonce, NONCESIZE);
m_copydata(m, ivoff, ivlen, cblock.v.iv);
ctr = 1;
if (m->m_pkthdr.len < bodyoff) {
ipseclog((LOG_ERR, "esp_aesctr_decrypt %s: bad len %d/%lu\n",
algo->name, m->m_pkthdr.len, (unsigned long)bodyoff));
goto fail;
}
if ((m->m_pkthdr.len - bodyoff) % blocklen) {
ipseclog((LOG_ERR, "esp_aesctr_decrypt %s: "
"payload length must be multiple of %d\n",
algo->name, blocklen));
goto fail;
}
s = m;
d = d0 = dp = NULL;
soff = doff = sn = dn = 0;
ivp = sp = NULL;
/* skip bodyoff */
while (soff < bodyoff) {
if (soff + s->m_len > bodyoff) {
sn = bodyoff - soff;
break;
}
soff += s->m_len;
s = s->m_next;
}
scut = s;
scutoff = sn;
/* skip over empty mbuf */
while (s && s->m_len == 0)
s = s->m_next;
while (soff < m->m_pkthdr.len) {
/* source */
if (sn + blocklen <= s->m_len) {
/* body is continuous */
sp = mtod(s, u_int8_t *) + sn;
} else {
/* body is non-continuous */
m_copydata(s, sn, blocklen, (caddr_t)sbuf);
sp = sbuf;
}
/* destination */
if (!d || dn + blocklen > d->m_len) {
if (d)
dp = d;
MGET(d, M_DONTWAIT, MT_DATA);
i = m->m_pkthdr.len - (soff + sn);
if (d && i > MLEN) {
MCLGET(d, M_DONTWAIT);
if ((d->m_flags & M_EXT) == 0) {
m_free(d);
d = NULL;
}
}
if (!d) {
goto nomem;
}
if (!d0)
d0 = d;
if (dp)
dp->m_next = d;
d->m_len = 0;
d->m_len = (M_TRAILINGSPACE(d) / blocklen) * blocklen;
if (d->m_len > i)
d->m_len = i;
dn = 0;
}
/* put counter into counter block */
cblock.v.ctr = htonl(ctr);
/* setup keystream */
ctx = (aesctr_ctx *)sav->sched;
rijndaelEncrypt(ctx->r_ek, ctx->r_nr, cblock.cblock, keystream);
bcopy(sp, mtod(d, u_int8_t *) + dn, blocklen);
dst = mtod(d, u_int8_t *) + dn;
for (i = 0; i < blocklen; i++)
dst[i] ^= keystream[i];
ctr++;
sn += blocklen;
dn += blocklen;
/* find the next source block */
while (s && sn >= s->m_len) {
sn -= s->m_len;
soff += s->m_len;
s = s->m_next;
}
/* skip over empty mbuf */
while (s && s->m_len == 0)
s = s->m_next;
}
m_freem(scut->m_next);
scut->m_len = scutoff;
scut->m_next = d0;
/* just in case */
bzero(&cblock, sizeof(cblock));
bzero(keystream, sizeof(keystream));
return 0;
fail:
m_freem(m);
if (d0)
m_freem(d0);
return EINVAL;
nomem:
m_freem(m);
if (d0)
m_freem(d0);
return ENOBUFS;
}
int
esp_aesctr_encrypt(m, off, plen, sav, algo, ivlen)
struct mbuf *m;
size_t off;
size_t plen;
struct secasvar *sav;
const struct esp_algorithm *algo;
int ivlen;
{
struct mbuf *s;
struct mbuf *d, *d0, *dp;
int soff, doff; /* offset from the head of chain, to head of this mbuf */
int sn, dn; /* offset from the head of the mbuf, to meat */
size_t ivoff, bodyoff;
union cblock cblock;
u_int8_t keystream[AES_BLOCKSIZE], *nonce;
u_int32_t ctr;
u_int8_t sbuf[AES_BLOCKSIZE], *sp, *dst;
struct mbuf *scut;
int scutoff;
int i;
int blocklen;
aesctr_ctx *ctx;
if (ivlen != sav->ivlen) {
ipseclog((LOG_ERR, "esp_aesctr_encrypt %s: "
"unsupported ivlen %d\n", algo->name, ivlen));
m_freem(m);
return EINVAL;
}
/* assumes blocklen == padbound */
blocklen = algo->padbound;
ivoff = off + sizeof(struct newesp);
bodyoff = off + sizeof(struct newesp) + ivlen;
/* put iv into the packet. */
/* maybe it is better to overwrite dest, not source */
m_copyback(m, ivoff, ivlen, sav->iv);
/* setup counter block */
nonce = _KEYBUF(sav->key_enc) + _KEYLEN(sav->key_enc) - NONCESIZE;
bcopy(nonce, cblock.v.nonce, NONCESIZE);
m_copydata(m, ivoff, ivlen, cblock.v.iv);
ctr = 1;
if (m->m_pkthdr.len < bodyoff) {
ipseclog((LOG_ERR, "esp_aesctr_encrypt %s: bad len %d/%lu\n",
algo->name, m->m_pkthdr.len, (unsigned long)bodyoff));
m_freem(m);
return EINVAL;
}
if ((m->m_pkthdr.len - bodyoff) % blocklen) {
ipseclog((LOG_ERR, "esp_aesctr_encrypt %s: "
"payload length must be multiple of %lu\n",
algo->name, (unsigned long)algo->padbound));
m_freem(m);
return EINVAL;
}
s = m;
d = d0 = dp = NULL;
soff = doff = sn = dn = 0;
sp = NULL;
/* skip bodyoff */
while (soff < bodyoff) {
if (soff + s->m_len > bodyoff) {
sn = bodyoff - soff;
break;
}
soff += s->m_len;
s = s->m_next;
}
scut = s;
scutoff = sn;
/* skip over empty mbuf */
while (s && s->m_len == 0)
s = s->m_next;
while (soff < m->m_pkthdr.len) {
/* source */
if (sn + blocklen <= s->m_len) {
/* body is continuous */
sp = mtod(s, u_int8_t *) + sn;
} else {
/* body is non-continuous */
m_copydata(s, sn, blocklen, (caddr_t)sbuf);
sp = sbuf;
}
/* destination */
if (!d || dn + blocklen > d->m_len) {
if (d)
dp = d;
MGET(d, M_DONTWAIT, MT_DATA);
i = m->m_pkthdr.len - (soff + sn);
if (d && i > MLEN) {
MCLGET(d, M_DONTWAIT);
if ((d->m_flags & M_EXT) == 0) {
m_free(d);
d = NULL;
}
}
if (!d) {
m_freem(m);
if (d0)
m_freem(d0);
return ENOBUFS;
}
if (!d0)
d0 = d;
if (dp)
dp->m_next = d;
d->m_len = 0;
d->m_len = (M_TRAILINGSPACE(d) / blocklen) * blocklen;
if (d->m_len > i)
d->m_len = i;
dn = 0;
}
/* put counter into counter block */
cblock.v.ctr = htonl(ctr);
/* setup keystream */
ctx = (aesctr_ctx *)sav->sched;
rijndaelEncrypt(ctx->r_ek, ctx->r_nr, cblock.cblock, keystream);
bcopy(sp, mtod(d, u_int8_t *) + dn, blocklen);
dst = mtod(d, u_int8_t *) + dn;
for (i = 0; i < blocklen; i++)
dst[i] ^= keystream[i];
ctr++;
sn += blocklen;
dn += blocklen;
/* find the next source block */
while (s && sn >= s->m_len) {
sn -= s->m_len;
soff += s->m_len;
s = s->m_next;
}
/* skip over empty mbuf */
while (s && s->m_len == 0)
s = s->m_next;
}
m_freem(scut->m_next);
scut->m_len = scutoff;
scut->m_next = d0;
/* just in case */
bzero(&cblock, sizeof(cblock));
bzero(keystream, sizeof(keystream));
key_sa_stir_iv(sav);
return 0;
}

41
sys/netinet6/esp_aesctr.h Normal file
View File

@ -0,0 +1,41 @@
/* $NetBSD: esp_aesctr.h,v 1.1 2003/07/25 09:48:19 itojun Exp $ */
/* $KAME: esp_aesctr.h,v 1.2 2003/07/20 00:29:38 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, 1998 and 2003 WIDE Project.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the project nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
extern int esp_aesctr_mature __P((struct secasvar *));
extern size_t esp_aesctr_schedlen __P((const struct esp_algorithm *));
extern int esp_aesctr_schedule __P((const struct esp_algorithm *,
struct secasvar *));
extern int esp_aesctr_decrypt __P((struct mbuf *, size_t,
struct secasvar *, const struct esp_algorithm *, int));
extern int esp_aesctr_encrypt __P((struct mbuf *, size_t, size_t,
struct secasvar *, const struct esp_algorithm *, int));