From a40be31edbc6d9620de2a37f4e8b5010fe887cdd Mon Sep 17 00:00:00 2001 From: Hajimu UMEMOTO Date: Fri, 11 Mar 2005 12:45:09 +0000 Subject: [PATCH] - use 1/2 space for rijndael context in ipsec - rijndael_set_key() always sets up full context - rijndaelKeySetupDec() gets back original protoype Reviewed by: sam Obtained from: OpenBSD --- sys/opencrypto/rijndael.c | 24 +++++++----------------- sys/opencrypto/rijndael.h | 4 ++-- sys/opencrypto/xform.c | 11 +++++------ 3 files changed, 14 insertions(+), 25 deletions(-) diff --git a/sys/opencrypto/rijndael.c b/sys/opencrypto/rijndael.c index 9a686c0fa2dc..b9ac210f7412 100644 --- a/sys/opencrypto/rijndael.c +++ b/sys/opencrypto/rijndael.c @@ -809,17 +809,13 @@ static int rijndaelKeySetupEnc(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int * @return the number of rounds for the given cipher key size. */ static int -rijndaelKeySetupDec(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int keyBits, - int have_encrypt) { +rijndaelKeySetupDec(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int keyBits) { int Nr, i, j; u32 temp; - if (have_encrypt) { - Nr = have_encrypt; - } else { - /* expand the cipher key: */ - Nr = rijndaelKeySetupEnc(rk, cipherKey, keyBits); - } + /* expand the cipher key: */ + Nr = rijndaelKeySetupEnc(rk, cipherKey, keyBits); + /* invert the order of the round keys: */ for (i = 0, j = 4*Nr; i < j; i += 4, j -= 4) { temp = rk[i ]; rk[i ] = rk[j ]; rk[j ] = temp; @@ -1217,17 +1213,11 @@ static void rijndaelDecrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 ct[16 } void -rijndael_set_key(rijndael_ctx *ctx, u_char *key, int bits, int encrypt) +rijndael_set_key(rijndael_ctx *ctx, u_char *key, int bits) { ctx->Nr = rijndaelKeySetupEnc(ctx->ek, key, bits); - if (encrypt) { - ctx->decrypt = 0; - memset(ctx->dk, 0, sizeof(ctx->dk)); - } else { - ctx->decrypt = 1; - memcpy(ctx->dk, ctx->ek, sizeof(ctx->dk)); - rijndaelKeySetupDec(ctx->dk, key, bits, ctx->Nr); - } + rijndaelKeySetupDec(ctx->dk, key, bits); + ctx->enc_only = 0; } void diff --git a/sys/opencrypto/rijndael.h b/sys/opencrypto/rijndael.h index 0c3664b1c8c5..e5e026d3f0e6 100644 --- a/sys/opencrypto/rijndael.h +++ b/sys/opencrypto/rijndael.h @@ -39,13 +39,13 @@ typedef unsigned int u32; /* The structure for key information */ typedef struct { - int decrypt; + int enc_only; /* context contains only encrypt schedule */ int Nr; /* key-length-dependent number of rounds */ u32 ek[4*(MAXNR + 1)]; /* encrypt key schedule */ u32 dk[4*(MAXNR + 1)]; /* decrypt key schedule */ } rijndael_ctx; -void rijndael_set_key(rijndael_ctx *, u_char *, int, int); +void rijndael_set_key(rijndael_ctx *, u_char *, int); void rijndael_decrypt(rijndael_ctx *, u_char *, u_char *); void rijndael_encrypt(rijndael_ctx *, u_char *, u_char *); diff --git a/sys/opencrypto/xform.c b/sys/opencrypto/xform.c index 87d9b99d2057..f6282284af23 100644 --- a/sys/opencrypto/xform.c +++ b/sys/opencrypto/xform.c @@ -503,7 +503,7 @@ rijndael128_encrypt(caddr_t key, u_int8_t *blk) static void rijndael128_decrypt(caddr_t key, u_int8_t *blk) { - rijndael_decrypt(((rijndael_ctx *) key) + 1, (u_char *) blk, + rijndael_decrypt(((rijndael_ctx *) key), (u_char *) blk, (u_char *) blk); } @@ -512,12 +512,11 @@ rijndael128_setkey(u_int8_t **sched, u_int8_t *key, int len) { int err; - MALLOC(*sched, u_int8_t *, 2 * sizeof(rijndael_ctx), M_CRYPTO_DATA, + MALLOC(*sched, u_int8_t *, sizeof(rijndael_ctx), M_CRYPTO_DATA, M_NOWAIT|M_ZERO); if (*sched != NULL) { - rijndael_set_key((rijndael_ctx *) *sched, (u_char *) key, len * 8, 1); - rijndael_set_key(((rijndael_ctx *) *sched) + 1, (u_char *) key, - len * 8, 0); + rijndael_set_key((rijndael_ctx *) *sched, (u_char *) key, + len * 8); err = 0; } else err = ENOMEM; @@ -527,7 +526,7 @@ rijndael128_setkey(u_int8_t **sched, u_int8_t *key, int len) static void rijndael128_zerokey(u_int8_t **sched) { - bzero(*sched, 2 * sizeof(rijndael_ctx)); + bzero(*sched, sizeof(rijndael_ctx)); FREE(*sched, M_CRYPTO_DATA); *sched = NULL; }