diff options
| author | deraadt <> | 2004-02-03 23:44:47 +0000 |
|---|---|---|
| committer | deraadt <> | 2004-02-03 23:44:47 +0000 |
| commit | 9237b96b4b1795a66946df726fe5d1f0af5380ad (patch) | |
| tree | 78d64ed974f11f79e0f61f67090c0231c479bace | |
| parent | 1ba14a455dca5aaaef6b0e94a5488fbfee768297 (diff) | |
| download | openbsd-9237b96b4b1795a66946df726fe5d1f0af5380ad.tar.gz openbsd-9237b96b4b1795a66946df726fe5d1f0af5380ad.tar.bz2 openbsd-9237b96b4b1795a66946df726fe5d1f0af5380ad.zip | |
OK, this time the AES soft keys work with ssh and such. I spent over 3
hours learning that OpenSSL's internal functions for AES extended keys
generate screwy byte order swapped data..
| -rw-r--r-- | src/lib/libcrypto/engine/hw_cryptodev.c | 79 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/engine/hw_cryptodev.c | 79 |
2 files changed, 126 insertions, 32 deletions
diff --git a/src/lib/libcrypto/engine/hw_cryptodev.c b/src/lib/libcrypto/engine/hw_cryptodev.c index 4959c67e92..b1eb38325d 100644 --- a/src/lib/libcrypto/engine/hw_cryptodev.c +++ b/src/lib/libcrypto/engine/hw_cryptodev.c | |||
| @@ -55,6 +55,8 @@ ENGINE_load_cryptodev(void) | |||
| 55 | #include <crypto/cryptodev.h> | 55 | #include <crypto/cryptodev.h> |
| 56 | #include <sys/ioctl.h> | 56 | #include <sys/ioctl.h> |
| 57 | 57 | ||
| 58 | #include <ssl/aes.h> | ||
| 59 | |||
| 58 | #include <errno.h> | 60 | #include <errno.h> |
| 59 | #include <stdio.h> | 61 | #include <stdio.h> |
| 60 | #include <unistd.h> | 62 | #include <unistd.h> |
| @@ -68,7 +70,7 @@ ENGINE_load_cryptodev(void) | |||
| 68 | #include <sys/sysctl.h> | 70 | #include <sys/sysctl.h> |
| 69 | #include <machine/cpu.h> | 71 | #include <machine/cpu.h> |
| 70 | #include <machine/specialreg.h> | 72 | #include <machine/specialreg.h> |
| 71 | static void check_viac3aes(void); | 73 | static int check_viac3aes(void); |
| 72 | #endif | 74 | #endif |
| 73 | 75 | ||
| 74 | struct dev_crypto_state { | 76 | struct dev_crypto_state { |
| @@ -259,7 +261,26 @@ get_cryptodev_ciphers(const int **cnids) | |||
| 259 | * On i386, always check for the VIA C3 AES instructions; | 261 | * On i386, always check for the VIA C3 AES instructions; |
| 260 | * even if /dev/crypto is disabled. | 262 | * even if /dev/crypto is disabled. |
| 261 | */ | 263 | */ |
| 262 | check_viac3aes(); | 264 | if (check_viac3aes() == 1) { |
| 265 | int have_NID_aes_128_cbc = 0; | ||
| 266 | int have_NID_aes_192_cbc = 0; | ||
| 267 | int have_NID_aes_256_cbc = 0; | ||
| 268 | |||
| 269 | for (i = 0; i < count; i++) { | ||
| 270 | if (nids[i] == NID_aes_128_cbc) | ||
| 271 | have_NID_aes_128_cbc = 1; | ||
| 272 | if (nids[i] == NID_aes_192_cbc) | ||
| 273 | have_NID_aes_192_cbc = 1; | ||
| 274 | if (nids[i] == NID_aes_256_cbc) | ||
| 275 | have_NID_aes_256_cbc = 1; | ||
| 276 | } | ||
| 277 | if (!have_NID_aes_128_cbc) | ||
| 278 | nids[count++] = NID_aes_128_cbc; | ||
| 279 | if (!have_NID_aes_192_cbc) | ||
| 280 | nids[count++] = NID_aes_192_cbc; | ||
| 281 | if (!have_NID_aes_256_cbc) | ||
| 282 | nids[count++] = NID_aes_256_cbc; | ||
| 283 | } | ||
| 263 | #endif | 284 | #endif |
| 264 | 285 | ||
| 265 | if (count > 0) | 286 | if (count > 0) |
| @@ -575,8 +596,8 @@ EVP_CIPHER cryptodev_aes_256_cbc = { | |||
| 575 | 596 | ||
| 576 | #if defined(__i386__) | 597 | #if defined(__i386__) |
| 577 | 598 | ||
| 578 | volatile static void | 599 | static inline void |
| 579 | viac3_crypto(int *cw, const void *src, void *dst, void *key, int rep, | 600 | viac3_xcrypt_cbc(int *cw, const void *src, void *dst, void *key, int rep, |
| 580 | void *iv) | 601 | void *iv) |
| 581 | { | 602 | { |
| 582 | #ifdef notdef | 603 | #ifdef notdef |
| @@ -632,9 +653,9 @@ xcrypt_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | |||
| 632 | useout = spare; | 653 | useout = spare; |
| 633 | } | 654 | } |
| 634 | 655 | ||
| 635 | cw[0] = C3_CRYPT_CWLO_ALG_AES | C3_CRYPT_CWLO_KEYGEN_HW | | 656 | cw[0] = C3_CRYPT_CWLO_ALG_AES | C3_CRYPT_CWLO_KEYGEN_SW | |
| 636 | C3_CRYPT_CWLO_NORMAL | | 657 | C3_CRYPT_CWLO_NORMAL; |
| 637 | ctx->encrypt ? C3_CRYPT_CWLO_ENCRYPT : C3_CRYPT_CWLO_DECRYPT; | 658 | cw[0] |= ctx->encrypt ? C3_CRYPT_CWLO_ENCRYPT : C3_CRYPT_CWLO_DECRYPT; |
| 638 | cw[1] = cw[2] = cw[3] = 0; | 659 | cw[1] = cw[2] = cw[3] = 0; |
| 639 | 660 | ||
| 640 | switch (ctx->key_len * 8) { | 661 | switch (ctx->key_len * 8) { |
| @@ -663,7 +684,7 @@ xcrypt_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | |||
| 663 | ivp = ivs; | 684 | ivp = ivs; |
| 664 | } | 685 | } |
| 665 | 686 | ||
| 666 | viac3_crypto(cw, usein, useout, ctx->cipher_data, inl / 16, ivp); | 687 | viac3_xcrypt_cbc(cw, usein, useout, ctx->cipher_data, inl / 16, ivp); |
| 667 | 688 | ||
| 668 | if (ISUNALIGNED(out)) { | 689 | if (ISUNALIGNED(out)) { |
| 669 | bcopy(spare, out, inl); | 690 | bcopy(spare, out, inl); |
| @@ -687,18 +708,43 @@ static int | |||
| 687 | xcrypt_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | 708 | xcrypt_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, |
| 688 | const unsigned char *iv, int enc) | 709 | const unsigned char *iv, int enc) |
| 689 | { | 710 | { |
| 690 | bcopy(key, ctx->cipher_data, ctx->key_len); | 711 | AES_KEY *k = ctx->cipher_data; |
| 712 | u_long *kk = (u_long *)key; | ||
| 713 | int i; | ||
| 714 | |||
| 715 | bzero(k, sizeof *k); | ||
| 716 | #ifdef notdef | ||
| 717 | for (i = 0; i < ctx->key_len / 4; i++) | ||
| 718 | printf("%08x ", kk[i]); | ||
| 719 | printf("\n"); | ||
| 720 | #endif | ||
| 721 | |||
| 722 | if (enc) | ||
| 723 | AES_set_encrypt_key(key, ctx->key_len * 8, k); | ||
| 724 | else | ||
| 725 | AES_set_decrypt_key(key, ctx->key_len * 8, k); | ||
| 726 | |||
| 727 | /* Damn OpenSSL byte swaps the expanded key!! */ | ||
| 728 | for (i = 0; i < 4 * (AES_MAXNR + 1); i++) | ||
| 729 | k->rd_key[i] = htonl(k->rd_key[i]); | ||
| 730 | |||
| 731 | #ifdef notdef | ||
| 732 | for (i = 0; i < 4 * (AES_MAXNR + 1); i++) | ||
| 733 | printf("%08x ", k->rd_key[i]); | ||
| 734 | printf("\n"); | ||
| 735 | #endif | ||
| 736 | |||
| 691 | return (1); | 737 | return (1); |
| 692 | } | 738 | } |
| 693 | 739 | ||
| 694 | static int | 740 | static int |
| 695 | xcrypt_cleanup(EVP_CIPHER_CTX *ctx) | 741 | xcrypt_cleanup(EVP_CIPHER_CTX *ctx) |
| 696 | { | 742 | { |
| 697 | bzero(ctx->cipher_data, ctx->key_len); | 743 | bzero(ctx->cipher_data, ctx->cipher->ctx_size); |
| 698 | return (1); | 744 | return (1); |
| 699 | } | 745 | } |
| 700 | 746 | ||
| 701 | static void | 747 | static int |
| 702 | check_viac3aes(void) | 748 | check_viac3aes(void) |
| 703 | { | 749 | { |
| 704 | int mib[2] = { CTL_MACHDEP, CPU_XCRYPT }, value; | 750 | int mib[2] = { CTL_MACHDEP, CPU_XCRYPT }, value; |
| @@ -706,24 +752,25 @@ check_viac3aes(void) | |||
| 706 | 752 | ||
| 707 | if (sysctl(mib, sizeof(mib)/sizeof(mib[0]), &value, &size, | 753 | if (sysctl(mib, sizeof(mib)/sizeof(mib[0]), &value, &size, |
| 708 | NULL, 0) < 0) | 754 | NULL, 0) < 0) |
| 709 | return; | 755 | return (0); |
| 710 | if (value == 0) | 756 | if (value == 0) |
| 711 | return; | 757 | return (0); |
| 712 | 758 | ||
| 713 | cryptodev_aes_128_cbc.init = xcrypt_init_key; | 759 | cryptodev_aes_128_cbc.init = xcrypt_init_key; |
| 714 | cryptodev_aes_128_cbc.do_cipher = xcrypt_cipher; | 760 | cryptodev_aes_128_cbc.do_cipher = xcrypt_cipher; |
| 715 | cryptodev_aes_128_cbc.cleanup = xcrypt_cleanup; | 761 | cryptodev_aes_128_cbc.cleanup = xcrypt_cleanup; |
| 716 | cryptodev_aes_128_cbc.ctx_size = 128; | 762 | cryptodev_aes_128_cbc.ctx_size = sizeof(AES_KEY); |
| 717 | 763 | ||
| 718 | cryptodev_aes_192_cbc.init = xcrypt_init_key; | 764 | cryptodev_aes_192_cbc.init = xcrypt_init_key; |
| 719 | cryptodev_aes_192_cbc.do_cipher = xcrypt_cipher; | 765 | cryptodev_aes_192_cbc.do_cipher = xcrypt_cipher; |
| 720 | cryptodev_aes_192_cbc.cleanup = xcrypt_cleanup; | 766 | cryptodev_aes_192_cbc.cleanup = xcrypt_cleanup; |
| 721 | cryptodev_aes_192_cbc.ctx_size = 128; | 767 | cryptodev_aes_192_cbc.ctx_size = sizeof(AES_KEY); |
| 722 | 768 | ||
| 723 | cryptodev_aes_256_cbc.init = xcrypt_init_key; | 769 | cryptodev_aes_256_cbc.init = xcrypt_init_key; |
| 724 | cryptodev_aes_256_cbc.do_cipher = xcrypt_cipher; | 770 | cryptodev_aes_256_cbc.do_cipher = xcrypt_cipher; |
| 725 | cryptodev_aes_256_cbc.cleanup = xcrypt_cleanup; | 771 | cryptodev_aes_256_cbc.cleanup = xcrypt_cleanup; |
| 726 | cryptodev_aes_256_cbc.ctx_size = 128; | 772 | cryptodev_aes_256_cbc.ctx_size = sizeof(AES_KEY); |
| 773 | return (1); | ||
| 727 | } | 774 | } |
| 728 | #endif /* __i386__ */ | 775 | #endif /* __i386__ */ |
| 729 | 776 | ||
diff --git a/src/lib/libssl/src/crypto/engine/hw_cryptodev.c b/src/lib/libssl/src/crypto/engine/hw_cryptodev.c index 4959c67e92..b1eb38325d 100644 --- a/src/lib/libssl/src/crypto/engine/hw_cryptodev.c +++ b/src/lib/libssl/src/crypto/engine/hw_cryptodev.c | |||
| @@ -55,6 +55,8 @@ ENGINE_load_cryptodev(void) | |||
| 55 | #include <crypto/cryptodev.h> | 55 | #include <crypto/cryptodev.h> |
| 56 | #include <sys/ioctl.h> | 56 | #include <sys/ioctl.h> |
| 57 | 57 | ||
| 58 | #include <ssl/aes.h> | ||
| 59 | |||
| 58 | #include <errno.h> | 60 | #include <errno.h> |
| 59 | #include <stdio.h> | 61 | #include <stdio.h> |
| 60 | #include <unistd.h> | 62 | #include <unistd.h> |
| @@ -68,7 +70,7 @@ ENGINE_load_cryptodev(void) | |||
| 68 | #include <sys/sysctl.h> | 70 | #include <sys/sysctl.h> |
| 69 | #include <machine/cpu.h> | 71 | #include <machine/cpu.h> |
| 70 | #include <machine/specialreg.h> | 72 | #include <machine/specialreg.h> |
| 71 | static void check_viac3aes(void); | 73 | static int check_viac3aes(void); |
| 72 | #endif | 74 | #endif |
| 73 | 75 | ||
| 74 | struct dev_crypto_state { | 76 | struct dev_crypto_state { |
| @@ -259,7 +261,26 @@ get_cryptodev_ciphers(const int **cnids) | |||
| 259 | * On i386, always check for the VIA C3 AES instructions; | 261 | * On i386, always check for the VIA C3 AES instructions; |
| 260 | * even if /dev/crypto is disabled. | 262 | * even if /dev/crypto is disabled. |
| 261 | */ | 263 | */ |
| 262 | check_viac3aes(); | 264 | if (check_viac3aes() == 1) { |
| 265 | int have_NID_aes_128_cbc = 0; | ||
| 266 | int have_NID_aes_192_cbc = 0; | ||
| 267 | int have_NID_aes_256_cbc = 0; | ||
| 268 | |||
| 269 | for (i = 0; i < count; i++) { | ||
| 270 | if (nids[i] == NID_aes_128_cbc) | ||
| 271 | have_NID_aes_128_cbc = 1; | ||
| 272 | if (nids[i] == NID_aes_192_cbc) | ||
| 273 | have_NID_aes_192_cbc = 1; | ||
| 274 | if (nids[i] == NID_aes_256_cbc) | ||
| 275 | have_NID_aes_256_cbc = 1; | ||
| 276 | } | ||
| 277 | if (!have_NID_aes_128_cbc) | ||
| 278 | nids[count++] = NID_aes_128_cbc; | ||
| 279 | if (!have_NID_aes_192_cbc) | ||
| 280 | nids[count++] = NID_aes_192_cbc; | ||
| 281 | if (!have_NID_aes_256_cbc) | ||
| 282 | nids[count++] = NID_aes_256_cbc; | ||
| 283 | } | ||
| 263 | #endif | 284 | #endif |
| 264 | 285 | ||
| 265 | if (count > 0) | 286 | if (count > 0) |
| @@ -575,8 +596,8 @@ EVP_CIPHER cryptodev_aes_256_cbc = { | |||
| 575 | 596 | ||
| 576 | #if defined(__i386__) | 597 | #if defined(__i386__) |
| 577 | 598 | ||
| 578 | volatile static void | 599 | static inline void |
| 579 | viac3_crypto(int *cw, const void *src, void *dst, void *key, int rep, | 600 | viac3_xcrypt_cbc(int *cw, const void *src, void *dst, void *key, int rep, |
| 580 | void *iv) | 601 | void *iv) |
| 581 | { | 602 | { |
| 582 | #ifdef notdef | 603 | #ifdef notdef |
| @@ -632,9 +653,9 @@ xcrypt_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | |||
| 632 | useout = spare; | 653 | useout = spare; |
| 633 | } | 654 | } |
| 634 | 655 | ||
| 635 | cw[0] = C3_CRYPT_CWLO_ALG_AES | C3_CRYPT_CWLO_KEYGEN_HW | | 656 | cw[0] = C3_CRYPT_CWLO_ALG_AES | C3_CRYPT_CWLO_KEYGEN_SW | |
| 636 | C3_CRYPT_CWLO_NORMAL | | 657 | C3_CRYPT_CWLO_NORMAL; |
| 637 | ctx->encrypt ? C3_CRYPT_CWLO_ENCRYPT : C3_CRYPT_CWLO_DECRYPT; | 658 | cw[0] |= ctx->encrypt ? C3_CRYPT_CWLO_ENCRYPT : C3_CRYPT_CWLO_DECRYPT; |
| 638 | cw[1] = cw[2] = cw[3] = 0; | 659 | cw[1] = cw[2] = cw[3] = 0; |
| 639 | 660 | ||
| 640 | switch (ctx->key_len * 8) { | 661 | switch (ctx->key_len * 8) { |
| @@ -663,7 +684,7 @@ xcrypt_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | |||
| 663 | ivp = ivs; | 684 | ivp = ivs; |
| 664 | } | 685 | } |
| 665 | 686 | ||
| 666 | viac3_crypto(cw, usein, useout, ctx->cipher_data, inl / 16, ivp); | 687 | viac3_xcrypt_cbc(cw, usein, useout, ctx->cipher_data, inl / 16, ivp); |
| 667 | 688 | ||
| 668 | if (ISUNALIGNED(out)) { | 689 | if (ISUNALIGNED(out)) { |
| 669 | bcopy(spare, out, inl); | 690 | bcopy(spare, out, inl); |
| @@ -687,18 +708,43 @@ static int | |||
| 687 | xcrypt_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | 708 | xcrypt_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, |
| 688 | const unsigned char *iv, int enc) | 709 | const unsigned char *iv, int enc) |
| 689 | { | 710 | { |
| 690 | bcopy(key, ctx->cipher_data, ctx->key_len); | 711 | AES_KEY *k = ctx->cipher_data; |
| 712 | u_long *kk = (u_long *)key; | ||
| 713 | int i; | ||
| 714 | |||
| 715 | bzero(k, sizeof *k); | ||
| 716 | #ifdef notdef | ||
| 717 | for (i = 0; i < ctx->key_len / 4; i++) | ||
| 718 | printf("%08x ", kk[i]); | ||
| 719 | printf("\n"); | ||
| 720 | #endif | ||
| 721 | |||
| 722 | if (enc) | ||
| 723 | AES_set_encrypt_key(key, ctx->key_len * 8, k); | ||
| 724 | else | ||
| 725 | AES_set_decrypt_key(key, ctx->key_len * 8, k); | ||
| 726 | |||
| 727 | /* Damn OpenSSL byte swaps the expanded key!! */ | ||
| 728 | for (i = 0; i < 4 * (AES_MAXNR + 1); i++) | ||
| 729 | k->rd_key[i] = htonl(k->rd_key[i]); | ||
| 730 | |||
| 731 | #ifdef notdef | ||
| 732 | for (i = 0; i < 4 * (AES_MAXNR + 1); i++) | ||
| 733 | printf("%08x ", k->rd_key[i]); | ||
| 734 | printf("\n"); | ||
| 735 | #endif | ||
| 736 | |||
| 691 | return (1); | 737 | return (1); |
| 692 | } | 738 | } |
| 693 | 739 | ||
| 694 | static int | 740 | static int |
| 695 | xcrypt_cleanup(EVP_CIPHER_CTX *ctx) | 741 | xcrypt_cleanup(EVP_CIPHER_CTX *ctx) |
| 696 | { | 742 | { |
| 697 | bzero(ctx->cipher_data, ctx->key_len); | 743 | bzero(ctx->cipher_data, ctx->cipher->ctx_size); |
| 698 | return (1); | 744 | return (1); |
| 699 | } | 745 | } |
| 700 | 746 | ||
| 701 | static void | 747 | static int |
| 702 | check_viac3aes(void) | 748 | check_viac3aes(void) |
| 703 | { | 749 | { |
| 704 | int mib[2] = { CTL_MACHDEP, CPU_XCRYPT }, value; | 750 | int mib[2] = { CTL_MACHDEP, CPU_XCRYPT }, value; |
| @@ -706,24 +752,25 @@ check_viac3aes(void) | |||
| 706 | 752 | ||
| 707 | if (sysctl(mib, sizeof(mib)/sizeof(mib[0]), &value, &size, | 753 | if (sysctl(mib, sizeof(mib)/sizeof(mib[0]), &value, &size, |
| 708 | NULL, 0) < 0) | 754 | NULL, 0) < 0) |
| 709 | return; | 755 | return (0); |
| 710 | if (value == 0) | 756 | if (value == 0) |
| 711 | return; | 757 | return (0); |
| 712 | 758 | ||
| 713 | cryptodev_aes_128_cbc.init = xcrypt_init_key; | 759 | cryptodev_aes_128_cbc.init = xcrypt_init_key; |
| 714 | cryptodev_aes_128_cbc.do_cipher = xcrypt_cipher; | 760 | cryptodev_aes_128_cbc.do_cipher = xcrypt_cipher; |
| 715 | cryptodev_aes_128_cbc.cleanup = xcrypt_cleanup; | 761 | cryptodev_aes_128_cbc.cleanup = xcrypt_cleanup; |
| 716 | cryptodev_aes_128_cbc.ctx_size = 128; | 762 | cryptodev_aes_128_cbc.ctx_size = sizeof(AES_KEY); |
| 717 | 763 | ||
| 718 | cryptodev_aes_192_cbc.init = xcrypt_init_key; | 764 | cryptodev_aes_192_cbc.init = xcrypt_init_key; |
| 719 | cryptodev_aes_192_cbc.do_cipher = xcrypt_cipher; | 765 | cryptodev_aes_192_cbc.do_cipher = xcrypt_cipher; |
| 720 | cryptodev_aes_192_cbc.cleanup = xcrypt_cleanup; | 766 | cryptodev_aes_192_cbc.cleanup = xcrypt_cleanup; |
| 721 | cryptodev_aes_192_cbc.ctx_size = 128; | 767 | cryptodev_aes_192_cbc.ctx_size = sizeof(AES_KEY); |
| 722 | 768 | ||
| 723 | cryptodev_aes_256_cbc.init = xcrypt_init_key; | 769 | cryptodev_aes_256_cbc.init = xcrypt_init_key; |
| 724 | cryptodev_aes_256_cbc.do_cipher = xcrypt_cipher; | 770 | cryptodev_aes_256_cbc.do_cipher = xcrypt_cipher; |
| 725 | cryptodev_aes_256_cbc.cleanup = xcrypt_cleanup; | 771 | cryptodev_aes_256_cbc.cleanup = xcrypt_cleanup; |
| 726 | cryptodev_aes_256_cbc.ctx_size = 128; | 772 | cryptodev_aes_256_cbc.ctx_size = sizeof(AES_KEY); |
| 773 | return (1); | ||
| 727 | } | 774 | } |
| 728 | #endif /* __i386__ */ | 775 | #endif /* __i386__ */ |
| 729 | 776 | ||