Date: Thu, 11 Apr 2013 15:38:11 -0700 From: Adrian Chadd <adrian@freebsd.org> To: Andre Oppermann <andre@freebsd.org> Cc: src-committers@freebsd.org, svn-src-user@freebsd.org Subject: Re: svn commit: r249365 - in user/andre/tcp-ao/sys: conf crypto crypto/cmac crypto/hmac crypto/rijndael Message-ID: <CAJ-Vmo=yjY=hrJabjcHnR%2BA5bzHyWXC%2BYsU4bzC2BDY88T79=w@mail.gmail.com> In-Reply-To: <201304111555.r3BFtq0g019604@svn.freebsd.org> References: <201304111555.r3BFtq0g019604@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Are you planning on making TCP-AO compile time optional? Adrian On 11 April 2013 08:55, Andre Oppermann <andre@freebsd.org> wrote: > Author: andre > Date: Thu Apr 11 15:55:52 2013 > New Revision: 249365 > URL: http://svnweb.freebsd.org/changeset/base/249365 > > Log: > Adjust the HMAC and CMAC functions to the FreeBSD environment > and include them into the kernel build in preparation for use > in the TCP-AO code. > > Note that we do not have explicit_bzero() so the compiler may > optimize away the bzero() to wipe out key storage on the stack > before returning. > > Sponsored by: Juniper Networks > > Modified: > user/andre/tcp-ao/sys/conf/files > user/andre/tcp-ao/sys/crypto/cmac/cmac.c > user/andre/tcp-ao/sys/crypto/cmac/cmac.h > user/andre/tcp-ao/sys/crypto/hmac/hmac.c > user/andre/tcp-ao/sys/crypto/hmac/hmac.h > user/andre/tcp-ao/sys/crypto/rijndael/rijndael-api.c > user/andre/tcp-ao/sys/crypto/rijndael/rijndael.h > user/andre/tcp-ao/sys/crypto/sha1.h > > Modified: user/andre/tcp-ao/sys/conf/files > ============================================================================== > --- user/andre/tcp-ao/sys/conf/files Thu Apr 11 14:45:43 2013 (r249364) > +++ user/andre/tcp-ao/sys/conf/files Thu Apr 11 15:55:52 2013 (r249365) > @@ -541,8 +541,8 @@ crypto/sha1.c optional carp | crypto | > netgraph_mppc_encryption | sctp > crypto/sha2/sha2.c optional crypto | geom_bde | ipsec | random | \ > sctp | zfs > -crypto/cmac/cmac.c optional crypto | netinet | netinet6 > -crypto/hmac/hmac.c optional crypto | netinet | netinet6 > +crypto/cmac/cmac.c optional inet | inet6 > +crypto/hmac/hmac.c optional inet | inet6 > ddb/db_access.c optional ddb > ddb/db_break.c optional ddb > ddb/db_capture.c optional ddb > @@ -3116,6 +3116,7 @@ netinet/tcp_timer.c optional inet | ine > netinet/tcp_timewait.c optional inet | inet6 > netinet/tcp_usrreq.c optional inet | inet6 > netinet/udp_usrreq.c optional inet | inet6 > +netinet/tcp_ao.c optional inet | inet6 > netinet/libalias/alias.c optional libalias inet | netgraph_nat inet > netinet/libalias/alias_db.c optional libalias inet | netgraph_nat inet > netinet/libalias/alias_mod.c optional libalias | netgraph_nat > > Modified: user/andre/tcp-ao/sys/crypto/cmac/cmac.c > ============================================================================== > --- user/andre/tcp-ao/sys/crypto/cmac/cmac.c Thu Apr 11 14:45:43 2013 (r249364) > +++ user/andre/tcp-ao/sys/crypto/cmac/cmac.c Thu Apr 11 15:55:52 2013 (r249365) > @@ -24,8 +24,10 @@ > #include <sys/param.h> > #include <sys/systm.h> > > -#include <crypto/rijndael.h> > -#include <crypto/cmac.h> > +#include <crypto/rijndael/rijndael.h> > +#include <crypto/cmac/cmac.h> > + > +#define explicit_bzero(a, b) bzero(a, b) > > #define LSHIFT(v, r) do { \ > int i; \ > > Modified: user/andre/tcp-ao/sys/crypto/cmac/cmac.h > ============================================================================== > --- user/andre/tcp-ao/sys/crypto/cmac/cmac.h Thu Apr 11 14:45:43 2013 (r249364) > +++ user/andre/tcp-ao/sys/crypto/cmac/cmac.h Thu Apr 11 15:55:52 2013 (r249365) > @@ -19,6 +19,10 @@ > #ifndef _CMAC_H_ > #define _CMAC_H_ > > +#ifndef _RIJNDAEL_H_ > +#include <crypto/rijndael/rijndael.h> > +#endif > + > #define AES_CMAC_KEY_LENGTH 16 > #define AES_CMAC_DIGEST_LENGTH 16 > > > Modified: user/andre/tcp-ao/sys/crypto/hmac/hmac.c > ============================================================================== > --- user/andre/tcp-ao/sys/crypto/hmac/hmac.c Thu Apr 11 14:45:43 2013 (r249364) > +++ user/andre/tcp-ao/sys/crypto/hmac/hmac.c Thu Apr 11 15:55:52 2013 (r249365) > @@ -24,10 +24,12 @@ > #include <sys/param.h> > #include <sys/systm.h> > > -#include <crypto/md5.h> > +#include <sys/md5.h> > #include <crypto/sha1.h> > -#include <crypto/sha2.h> > -#include <crypto/hmac.h> > +#include <crypto/sha2/sha2.h> > +#include <crypto/hmac/hmac.h> > + > +#define explicit_bzero(a, b) bzero(a, b) > > void > HMAC_MD5_Init(HMAC_MD5_CTX *ctx, const u_int8_t *key, u_int key_len) > @@ -144,9 +146,9 @@ HMAC_SHA256_Init(HMAC_SHA256_CTX *ctx, c > int i; > > if (key_len > SHA256_BLOCK_LENGTH) { > - SHA256Init(&ctx->ctx); > - SHA256Update(&ctx->ctx, key, key_len); > - SHA256Final(ctx->key, &ctx->ctx); > + SHA256_Init(&ctx->ctx); > + SHA256_Update(&ctx->ctx, key, key_len); > + SHA256_Final(ctx->key, &ctx->ctx); > ctx->key_len = SHA256_DIGEST_LENGTH; > } else { > bcopy(key, ctx->key, key_len); > @@ -158,8 +160,8 @@ HMAC_SHA256_Init(HMAC_SHA256_CTX *ctx, c > for (i = 0; i < SHA256_BLOCK_LENGTH; i++) > k_ipad[i] ^= 0x36; > > - SHA256Init(&ctx->ctx); > - SHA256Update(&ctx->ctx, k_ipad, SHA256_BLOCK_LENGTH); > + SHA256_Init(&ctx->ctx); > + SHA256_Update(&ctx->ctx, k_ipad, SHA256_BLOCK_LENGTH); > > explicit_bzero(k_ipad, sizeof k_ipad); > } > @@ -167,7 +169,7 @@ HMAC_SHA256_Init(HMAC_SHA256_CTX *ctx, c > void > HMAC_SHA256_Update(HMAC_SHA256_CTX *ctx, const u_int8_t *data, u_int len) > { > - SHA256Update(&ctx->ctx, data, len); > + SHA256_Update(&ctx->ctx, data, len); > } > > void > @@ -176,17 +178,17 @@ HMAC_SHA256_Final(u_int8_t digest[SHA256 > u_int8_t k_opad[SHA256_BLOCK_LENGTH]; > int i; > > - SHA256Final(digest, &ctx->ctx); > + SHA256_Final(digest, &ctx->ctx); > > bzero(k_opad, SHA256_BLOCK_LENGTH); > bcopy(ctx->key, k_opad, ctx->key_len); > for (i = 0; i < SHA256_BLOCK_LENGTH; i++) > k_opad[i] ^= 0x5c; > > - SHA256Init(&ctx->ctx); > - SHA256Update(&ctx->ctx, k_opad, SHA256_BLOCK_LENGTH); > - SHA256Update(&ctx->ctx, digest, SHA256_DIGEST_LENGTH); > - SHA256Final(digest, &ctx->ctx); > + SHA256_Init(&ctx->ctx); > + SHA256_Update(&ctx->ctx, k_opad, SHA256_BLOCK_LENGTH); > + SHA256_Update(&ctx->ctx, digest, SHA256_DIGEST_LENGTH); > + SHA256_Final(digest, &ctx->ctx); > > explicit_bzero(k_opad, sizeof k_opad); > } > > Modified: user/andre/tcp-ao/sys/crypto/hmac/hmac.h > ============================================================================== > --- user/andre/tcp-ao/sys/crypto/hmac/hmac.h Thu Apr 11 14:45:43 2013 (r249364) > +++ user/andre/tcp-ao/sys/crypto/hmac/hmac.h Thu Apr 11 15:55:52 2013 (r249365) > @@ -19,6 +19,10 @@ > #ifndef _HMAC_H_ > #define _HMAC_H_ > > +#include <sys/md5.h> > +#include <crypto/sha1.h> > +#include <crypto/sha2/sha2.h> > + > typedef struct _HMAC_MD5_CTX { > MD5_CTX ctx; > u_int8_t key[MD5_BLOCK_LENGTH]; > @@ -32,7 +36,7 @@ typedef struct _HMAC_SHA1_CTX { > } HMAC_SHA1_CTX; > > typedef struct _HMAC_SHA256_CTX { > - SHA2_CTX ctx; > + SHA256_CTX ctx; > u_int8_t key[SHA256_BLOCK_LENGTH]; > u_int key_len; > } HMAC_SHA256_CTX; > > Modified: user/andre/tcp-ao/sys/crypto/rijndael/rijndael-api.c > ============================================================================== > --- user/andre/tcp-ao/sys/crypto/rijndael/rijndael-api.c Thu Apr 11 14:45:43 2013 (r249364) > +++ user/andre/tcp-ao/sys/crypto/rijndael/rijndael-api.c Thu Apr 11 15:55:52 2013 (r249365) > @@ -45,6 +45,13 @@ rijndael_set_key(rijndael_ctx *ctx, cons > } > > void > +rijndael_set_key_enc_only(rijndael_ctx *ctx, const u_char *key, int bits) > +{ > + > + ctx->Nr = rijndaelKeySetupEnc(ctx->ek, key, bits); > +} > + > +void > rijndael_decrypt(const rijndael_ctx *ctx, const u_char *src, u_char *dst) > { > > > Modified: user/andre/tcp-ao/sys/crypto/rijndael/rijndael.h > ============================================================================== > --- user/andre/tcp-ao/sys/crypto/rijndael/rijndael.h Thu Apr 11 14:45:43 2013 (r249364) > +++ user/andre/tcp-ao/sys/crypto/rijndael/rijndael.h Thu Apr 11 15:55:52 2013 (r249365) > @@ -42,6 +42,7 @@ typedef struct { > } rijndael_ctx; > > void rijndael_set_key(rijndael_ctx *, const u_char *, int); > +void rijndael_set_key_enc_only(rijndael_ctx *, const u_char *, int); > void rijndael_decrypt(const rijndael_ctx *, const u_char *, u_char *); > void rijndael_encrypt(const rijndael_ctx *, const u_char *, u_char *); > > > Modified: user/andre/tcp-ao/sys/crypto/sha1.h > ============================================================================== > --- user/andre/tcp-ao/sys/crypto/sha1.h Thu Apr 11 14:45:43 2013 (r249364) > +++ user/andre/tcp-ao/sys/crypto/sha1.h Thu Apr 11 15:55:52 2013 (r249365) > @@ -68,5 +68,7 @@ typedef struct sha1_ctxt SHA1_CTX; > #endif /* _KERNEL */ > > #define SHA1_RESULTLEN (160/8) > +#define SHA1_BLOCK_LENGTH 64 > +#define SHA1_DIGEST_LENGTH SHA1_RESULTLEN > > #endif /*_NETINET6_SHA1_H_*/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAJ-Vmo=yjY=hrJabjcHnR%2BA5bzHyWXC%2BYsU4bzC2BDY88T79=w>