svn commit: r285526 - head/sys/opencrypto

John-Mark Gurney jmg at FreeBSD.org
Tue Jul 14 07:45:20 UTC 2015 

Author: jmg
Date: Tue Jul 14 07:45:18 2015
New Revision: 285526
URL: https://svnweb.freebsd.org/changeset/base/285526

Log:
  Fix XTS, and name things a bit better...
  
  Though confusing, GCM using ICM_BLOCK_LEN, but ICM does not is
  correct...  GCM is built on ICM, but uses a function other than
  swcr_encdec...  swcr_encdec cannot handle partial blocks which is
  why it must still use AES_BLOCK_LEN and is why XTS was broken by the
  commit...
  
  Thanks to the tests for helping sure I didn't break GCM w/ an earlier
  patch...
  
  I did run the tests w/o this patch, and need to figure out why they
  did not fail, clearly more tests are needed...
  
  Prodded by:	peter

Modified:
  head/sys/opencrypto/cryptodev.h
  head/sys/opencrypto/xform.c

Modified: head/sys/opencrypto/cryptodev.h
==============================================================================
--- head/sys/opencrypto/cryptodev.h	Tue Jul 14 06:34:57 2015	(r285525)
+++ head/sys/opencrypto/cryptodev.h	Tue Jul 14 07:45:18 2015	(r285526)
@@ -115,7 +115,7 @@
 #define	CAST128_BLOCK_LEN	8
 #define	RIJNDAEL128_BLOCK_LEN	16
 #define	AES_BLOCK_LEN		16
-#define	AES_MIN_BLOCK_LEN	1
+#define	AES_ICM_BLOCK_LEN	1
 #define	ARC4_BLOCK_LEN		1
 #define	CAMELLIA_BLOCK_LEN	16
 #define	EALG_MAX_BLOCK_LEN	AES_BLOCK_LEN /* Keep this updated */
@@ -123,12 +123,10 @@
 /* IV Lengths */
 
 #define	ARC4_IV_LEN		1
-#define	AES_IV_LEN		12
+#define	AES_GCM_IV_LEN		12
 #define	AES_XTS_IV_LEN		8
 #define	AES_XTS_ALPHA		0x87	/* GF(2^128) generator polynomial */
 
-#define AES_CTR_NONCE_SIZE	4
-
 /* Min and Max Encryption Key Sizes */
 #define	NULL_MIN_KEY		0
 #define	NULL_MAX_KEY		256 /* 2048 bits, max key */
@@ -144,10 +142,10 @@
 #define	SKIPJACK_MAX_KEY	SKIPJACK_MIN_KEY
 #define	RIJNDAEL_MIN_KEY	16
 #define	RIJNDAEL_MAX_KEY	32
-#define	AES_MIN_KEY		16
-#define	AES_MAX_KEY		32
-#define	AES_XTS_MIN_KEY		32
-#define	AES_XTS_MAX_KEY		64
+#define	AES_MIN_KEY		RIJNDAEL_MIN_KEY
+#define	AES_MAX_KEY		RIJNDAEL_MAX_KEY
+#define	AES_XTS_MIN_KEY		(2 * AES_MIN_KEY)
+#define	AES_XTS_MAX_KEY		(2 * AES_MAX_KEY)
 #define	ARC4_MIN_KEY		1
 #define	ARC4_MAX_KEY		32
 #define	CAMELLIA_MIN_KEY	8

Modified: head/sys/opencrypto/xform.c
==============================================================================
--- head/sys/opencrypto/xform.c	Tue Jul 14 06:34:57 2015	(r285525)
+++ head/sys/opencrypto/xform.c	Tue Jul 14 07:45:18 2015	(r285526)
@@ -227,7 +227,7 @@ struct enc_xform enc_xform_rijndael128 =
 
 struct enc_xform enc_xform_aes_icm = {
 	CRYPTO_AES_ICM, "AES-ICM",
-	RIJNDAEL128_BLOCK_LEN, RIJNDAEL128_BLOCK_LEN, AES_MIN_KEY, AES_MAX_KEY,
+	AES_BLOCK_LEN, AES_BLOCK_LEN, AES_MIN_KEY, AES_MAX_KEY,
 	aes_icm_crypt,
 	aes_icm_crypt,
 	aes_icm_setkey,
@@ -237,7 +237,7 @@ struct enc_xform enc_xform_aes_icm = {
 
 struct enc_xform enc_xform_aes_nist_gcm = {
 	CRYPTO_AES_NIST_GCM_16, "AES-GCM",
-	AES_MIN_BLOCK_LEN, AES_IV_LEN, AES_MIN_KEY, AES_MAX_KEY,
+	AES_ICM_BLOCK_LEN, AES_GCM_IV_LEN, AES_MIN_KEY, AES_MAX_KEY,
 	aes_icm_crypt,
 	aes_icm_crypt,
 	aes_icm_setkey,
@@ -247,7 +247,7 @@ struct enc_xform enc_xform_aes_nist_gcm 
 
 struct enc_xform enc_xform_aes_nist_gmac = {
 	CRYPTO_AES_NIST_GMAC, "AES-GMAC",
-	AES_MIN_BLOCK_LEN, AES_IV_LEN, AES_MIN_KEY, AES_MAX_KEY,
+	AES_ICM_BLOCK_LEN, AES_GCM_IV_LEN, AES_MIN_KEY, AES_MAX_KEY,
 	NULL,
 	NULL,
 	NULL,
@@ -257,7 +257,7 @@ struct enc_xform enc_xform_aes_nist_gmac
 
 struct enc_xform enc_xform_aes_xts = {
 	CRYPTO_AES_XTS, "AES-XTS",
-	AES_MIN_BLOCK_LEN, AES_XTS_IV_LEN, AES_XTS_MIN_KEY, AES_XTS_MAX_KEY,
+	AES_BLOCK_LEN, AES_XTS_IV_LEN, AES_XTS_MIN_KEY, AES_XTS_MAX_KEY,
 	aes_xts_encrypt,
 	aes_xts_decrypt,
 	aes_xts_setkey,

More information about the svn-src-all mailing list