Mon Sep 26 14:50:54 2016 UTC ()
From Alexander Nasonov:
- Make constants static: Shrinks code and data size.
- Avoid overflow in limit calculation.
- Use uint8_t instead of u_char to match types
While here:
- Remove unnecessary casts
- s/u_int8_t/uint8_t/g


(christos)
diff -r1.1 -r1.2 src/sys/opencrypto/aesxcbcmac.c
cvs diff -r1.1 -r1.2 src/sys/opencrypto/aesxcbcmac.c (expand / switch to unified diff)

--- src/sys/opencrypto/aesxcbcmac.c 2011/05/24 19:10:08 1.1
+++ src/sys/opencrypto/aesxcbcmac.c 2016/09/26 14:50:54 1.2
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1/* $NetBSD: aesxcbcmac.c,v 1.1 2011/05/24 19:10:08 drochner Exp $ */ 1/* $NetBSD: aesxcbcmac.c,v 1.2 2016/09/26 14:50:54 christos Exp $ */
2 2
3/* 3/*
4 * Copyright (C) 1995, 1996, 1997, 1998 and 2003 WIDE Project. 4 * Copyright (C) 1995, 1996, 1997, 1998 and 2003 WIDE Project.
5 * All rights reserved. 5 * All rights reserved.
6 * 6 *
7 * Redistribution and use in source and binary forms, with or without 7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions 8 * modification, are permitted provided that the following conditions
9 * are met: 9 * are met:
10 * 1. Redistributions of source code must retain the above copyright 10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer. 11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright 12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the 13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution. 14 * documentation and/or other materials provided with the distribution.
@@ -20,116 +20,119 @@ @@ -20,116 +20,119 @@
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE. 29 * SUCH DAMAGE.
30 */ 30 */
31 31
32#include <sys/cdefs.h> 32#include <sys/cdefs.h>
33__KERNEL_RCSID(0, "$NetBSD: aesxcbcmac.c,v 1.1 2011/05/24 19:10:08 drochner Exp $"); 33__KERNEL_RCSID(0, "$NetBSD: aesxcbcmac.c,v 1.2 2016/09/26 14:50:54 christos Exp $");
34 34
35#include <sys/param.h> 35#include <sys/param.h>
36#include <sys/systm.h> 36#include <sys/systm.h>
37#include <crypto/rijndael/rijndael.h> 37#include <crypto/rijndael/rijndael.h>
38 38
39#include <opencrypto/aesxcbcmac.h> 39#include <opencrypto/aesxcbcmac.h>
40 40
41int 41int
42aes_xcbc_mac_init(void *vctx, const u_int8_t *key, u_int16_t keylen) 42aes_xcbc_mac_init(void *vctx, const uint8_t *key, u_int16_t keylen)
43{ 43{
44 u_int8_t k1seed[AES_BLOCKSIZE] = { 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 }; 44 static const uint8_t k1seed[AES_BLOCKSIZE] =
45 u_int8_t k2seed[AES_BLOCKSIZE] = { 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2 }; 45 { 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 };
46 u_int8_t k3seed[AES_BLOCKSIZE] = { 3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3 }; 46 static const uint8_t k2seed[AES_BLOCKSIZE] =
 47 { 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2 };
 48 static const uint8_t k3seed[AES_BLOCKSIZE] =
 49 { 3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3 };
47 u_int32_t r_ks[(RIJNDAEL_MAXNR+1)*4]; 50 u_int32_t r_ks[(RIJNDAEL_MAXNR+1)*4];
48 aesxcbc_ctx *ctx; 51 aesxcbc_ctx *ctx;
49 u_int8_t k1[AES_BLOCKSIZE]; 52 uint8_t k1[AES_BLOCKSIZE];
50 53
51 ctx = (aesxcbc_ctx *)vctx; 54 ctx = vctx;
52 memset(ctx, 0, sizeof(aesxcbc_ctx)); 55 memset(ctx, 0, sizeof(*ctx));
53 56
54 if ((ctx->r_nr = rijndaelKeySetupEnc(r_ks, key, keylen * 8)) == 0) 57 if ((ctx->r_nr = rijndaelKeySetupEnc(r_ks, key, keylen * 8)) == 0)
55 return -1; 58 return -1;
56 rijndaelEncrypt(r_ks, ctx->r_nr, k1seed, k1); 59 rijndaelEncrypt(r_ks, ctx->r_nr, k1seed, k1);
57 rijndaelEncrypt(r_ks, ctx->r_nr, k2seed, ctx->k2); 60 rijndaelEncrypt(r_ks, ctx->r_nr, k2seed, ctx->k2);
58 rijndaelEncrypt(r_ks, ctx->r_nr, k3seed, ctx->k3); 61 rijndaelEncrypt(r_ks, ctx->r_nr, k3seed, ctx->k3);
59 if (rijndaelKeySetupEnc(ctx->r_k1s, k1, AES_BLOCKSIZE * 8) == 0) 62 if (rijndaelKeySetupEnc(ctx->r_k1s, k1, AES_BLOCKSIZE * 8) == 0)
60 return -1; 63 return -1;
61 if (rijndaelKeySetupEnc(ctx->r_k2s, ctx->k2, AES_BLOCKSIZE * 8) == 0) 64 if (rijndaelKeySetupEnc(ctx->r_k2s, ctx->k2, AES_BLOCKSIZE * 8) == 0)
62 return -1; 65 return -1;
63 if (rijndaelKeySetupEnc(ctx->r_k3s, ctx->k3, AES_BLOCKSIZE * 8) == 0) 66 if (rijndaelKeySetupEnc(ctx->r_k3s, ctx->k3, AES_BLOCKSIZE * 8) == 0)
64 return -1; 67 return -1;
65 68
66 return 0; 69 return 0;
67} 70}
68 71
69int 72int
70aes_xcbc_mac_loop(void *vctx, const u_int8_t *addr, u_int16_t len) 73aes_xcbc_mac_loop(void *vctx, const uint8_t *addr, u_int16_t len)
71{ 74{
72 u_int8_t buf[AES_BLOCKSIZE]; 75 uint8_t buf[AES_BLOCKSIZE];
73 aesxcbc_ctx *ctx; 76 aesxcbc_ctx *ctx;
74 const u_int8_t *ep; 77 const uint8_t *ep;
75 int i; 78 int i;
76 79
77 ctx = (aesxcbc_ctx *)vctx; 80 ctx = vctx;
78 ep = addr + len; 81 ep = addr + len;
79 82
80 if (ctx->buflen == sizeof(ctx->buf)) { 83 if (ctx->buflen == sizeof(ctx->buf)) {
81 for (i = 0; i < sizeof(ctx->e); i++) 84 for (i = 0; i < sizeof(ctx->e); i++)
82 ctx->buf[i] ^= ctx->e[i]; 85 ctx->buf[i] ^= ctx->e[i];
83 rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, ctx->buf, ctx->e); 86 rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, ctx->buf, ctx->e);
84 ctx->buflen = 0; 87 ctx->buflen = 0;
85 } 88 }
86 if (ctx->buflen + len < sizeof(ctx->buf)) { 89 if (ctx->buflen + len < sizeof(ctx->buf)) {
87 memcpy(ctx->buf + ctx->buflen, addr, len); 90 memcpy(ctx->buf + ctx->buflen, addr, len);
88 ctx->buflen += len; 91 ctx->buflen += len;
89 return 0; 92 return 0;
90 } 93 }
91 if (ctx->buflen && ctx->buflen + len > sizeof(ctx->buf)) { 94 if (ctx->buflen && ctx->buflen + len > sizeof(ctx->buf)) {
92 memcpy(ctx->buf + ctx->buflen, addr, 95 memcpy(ctx->buf + ctx->buflen, addr,
93 sizeof(ctx->buf) - ctx->buflen); 96 sizeof(ctx->buf) - ctx->buflen);
94 for (i = 0; i < sizeof(ctx->e); i++) 97 for (i = 0; i < sizeof(ctx->e); i++)
95 ctx->buf[i] ^= ctx->e[i]; 98 ctx->buf[i] ^= ctx->e[i];
96 rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, ctx->buf, ctx->e); 99 rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, ctx->buf, ctx->e);
97 addr += sizeof(ctx->buf) - ctx->buflen; 100 addr += sizeof(ctx->buf) - ctx->buflen;
98 ctx->buflen = 0; 101 ctx->buflen = 0;
99 } 102 }
100 /* due to the special processing for M[n], "=" case is not included */ 103 /* due to the special processing for M[n], "=" case is not included */
101 while (addr + AES_BLOCKSIZE < ep) { 104 while (ep - addr > AES_BLOCKSIZE) {
102 memcpy(buf, addr, AES_BLOCKSIZE); 105 memcpy(buf, addr, AES_BLOCKSIZE);
103 for (i = 0; i < sizeof(buf); i++) 106 for (i = 0; i < sizeof(buf); i++)
104 buf[i] ^= ctx->e[i]; 107 buf[i] ^= ctx->e[i];
105 rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, buf, ctx->e); 108 rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, buf, ctx->e);
106 addr += AES_BLOCKSIZE; 109 addr += AES_BLOCKSIZE;
107 } 110 }
108 if (addr < ep) { 111 if (addr < ep) {
109 memcpy(ctx->buf + ctx->buflen, addr, ep - addr); 112 memcpy(ctx->buf + ctx->buflen, addr, ep - addr);
110 ctx->buflen += ep - addr; 113 ctx->buflen += ep - addr;
111 } 114 }
112 return 0; 115 return 0;
113} 116}
114 117
115void 118void
116aes_xcbc_mac_result(u_int8_t *addr, void *vctx) 119aes_xcbc_mac_result(uint8_t *addr, void *vctx)
117{ 120{
118 u_char digest[AES_BLOCKSIZE]; 121 uint8_t digest[AES_BLOCKSIZE];
119 aesxcbc_ctx *ctx; 122 aesxcbc_ctx *ctx;
120 int i; 123 int i;
121 124
122 ctx = (aesxcbc_ctx *)vctx; 125 ctx = vctx;
123 126
124 if (ctx->buflen == sizeof(ctx->buf)) { 127 if (ctx->buflen == sizeof(ctx->buf)) {
125 for (i = 0; i < sizeof(ctx->buf); i++) { 128 for (i = 0; i < sizeof(ctx->buf); i++) {
126 ctx->buf[i] ^= ctx->e[i]; 129 ctx->buf[i] ^= ctx->e[i];
127 ctx->buf[i] ^= ctx->k2[i]; 130 ctx->buf[i] ^= ctx->k2[i];
128 } 131 }
129 rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, ctx->buf, digest); 132 rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, ctx->buf, digest);
130 } else { 133 } else {
131 for (i = ctx->buflen; i < sizeof(ctx->buf); i++) 134 for (i = ctx->buflen; i < sizeof(ctx->buf); i++)
132 ctx->buf[i] = (i == ctx->buflen) ? 0x80 : 0x00; 135 ctx->buf[i] = (i == ctx->buflen) ? 0x80 : 0x00;
133 for (i = 0; i < sizeof(ctx->buf); i++) { 136 for (i = 0; i < sizeof(ctx->buf); i++) {
134 ctx->buf[i] ^= ctx->e[i]; 137 ctx->buf[i] ^= ctx->e[i];
135 ctx->buf[i] ^= ctx->k3[i]; 138 ctx->buf[i] ^= ctx->k3[i];