2 * ipsec_alg AES cipher stubs
4 * Author: JuanJo Ciarlante <jjo-ipsec@mendoza.gov.ar>
6 * $Id: ipsec_alg_aes.c,v 1.2 2004-08-02 03:42:17 gerg Exp $
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by the
10 * Free Software Foundation; either version 2 of the License, or (at your
11 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
13 * This program is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
15 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
19 #include <linux/config.h>
20 #include <linux/version.h>
23 * special case: ipsec core modular with this static algo inside:
24 * must avoid MODULE magic for this file
26 #if CONFIG_IPSEC_MODULE && CONFIG_IPSEC_ALG_AES
30 #include <linux/module.h>
31 #include <linux/init.h>
33 #include <linux/kernel.h> /* printk() */
34 #include <linux/errno.h> /* error codes */
35 #include <linux/types.h> /* size_t */
36 #include <linux/string.h>
38 /* Check if __exit is defined, if not null it */
43 /* Low freeswan header coupling */
44 #include "ipsec_alg.h"
45 #include "libaes/aes_cbc.h"
47 #define CONFIG_IPSEC_ALG_AES_MAC 1
49 #define AES_CONTEXT_T aes_context
50 MODULE_AUTHOR("JuanJo Ciarlante <jjo-ipsec@mendoza.gov.ar>");
52 MODULE_PARM(debug, "i");
54 MODULE_PARM(test, "i");
55 static int keyminbits=0;
56 MODULE_PARM(keyminbits, "i");
57 static int keymaxbits=0;
58 MODULE_PARM(keymaxbits, "i");
60 #if CONFIG_IPSEC_ALG_AES_MAC
61 #include "libaes/aes_xcbc_mac.h"
64 * Not IANA number yet (draft-ietf-ipsec-ciph-aes-xcbc-mac-00.txt),
65 * force user to pass an id
68 MODULE_PARM(auth_id, "i");
71 #define ESP_AES 12 /* truely _constant_ :) */
74 #define ESP_AES_KEY_SZ_MIN 16 /* 128 bit secret key */
75 #define ESP_AES_KEY_SZ_MAX 32 /* 256 bit secret key */
76 #define ESP_AES_CBC_BLK_LEN 16 /* AES-CBC block size */
78 static int _aes_set_key(__u8 * key_e, const __u8 * key, int keysize) {
80 AES_CONTEXT_T *ctx=(AES_CONTEXT_T*)key_e;
81 ret=AES_set_key(ctx, key, keysize)!=0? 0: -EINVAL;
83 printk(KERN_DEBUG "klips_debug:_aes_set_key:"
84 "ret=%d key_e=%p key=%p keysize=%d\n",
85 ret, key_e, key, keysize);
88 static int _aes_cbc_encrypt(__u8 * key_e, __u8 * in, __u8 * out, int ilen, const __u8 * iv, int encrypt) {
89 AES_CONTEXT_T *ctx=(AES_CONTEXT_T*)key_e;
91 printk(KERN_DEBUG "klips_debug:_aes_cbc_encrypt:"
92 "key_e=%p in=%p out=%p ilen=%d iv=%p encrypt=%d\n",
93 key_e, in, out, ilen, iv, encrypt);
94 return AES_cbc_encrypt(ctx, in, out, ilen, iv, encrypt);
96 #if CONFIG_IPSEC_ALG_AES_MAC
97 static int _aes_mac_set_key(__u8 * key_a, const __u8 * key, int keylen) {
98 aes_context_mac *ctxm=(aes_context_mac *)key_a;
99 return AES_xcbc_mac_set_key(ctxm, key, keylen)? 0 : -EINVAL;
101 static int _aes_mac_hash(__u8 * key_a, const __u8 * dat, int len, __u8 * hash, int hashlen) {
104 aes_context_mac *ctxm=(aes_context_mac *)key_a;
105 ret=AES_xcbc_mac_hash(ctxm, dat, len, hash_buf);
106 memcpy(hash, hash_buf, hashlen);
109 static struct ipsec_alg_auth ipsec_alg_AES_MAC = {
110 ixt_version: IPSEC_ALG_VERSION,
111 ixt_module: THIS_MODULE,
112 ixt_refcnt: ATOMIC_INIT(0),
113 ixt_alg_type: IPSEC_ALG_TYPE_AUTH,
116 ixt_blocksize: ESP_AES_CBC_BLK_LEN,
117 ixt_keyminbits: ESP_AES_KEY_SZ_MIN*8,
118 ixt_keymaxbits: ESP_AES_KEY_SZ_MAX*8,
119 ixt_a_keylen: ESP_AES_KEY_SZ_MAX,
120 ixt_a_ctx_size: sizeof(aes_context_mac),
121 ixt_a_hmac_set_key: _aes_mac_set_key,
122 ixt_a_hmac_hash:_aes_mac_hash,
124 #endif /* CONFIG_IPSEC_ALG_AES_MAC */
125 static struct ipsec_alg_enc ipsec_alg_AES = {
126 ixt_version: IPSEC_ALG_VERSION,
127 ixt_module: THIS_MODULE,
128 ixt_refcnt: ATOMIC_INIT(0),
129 ixt_alg_type: IPSEC_ALG_TYPE_ENCRYPT,
132 ixt_blocksize: ESP_AES_CBC_BLK_LEN,
133 ixt_keyminbits: ESP_AES_KEY_SZ_MIN*8,
134 ixt_keymaxbits: ESP_AES_KEY_SZ_MAX*8,
135 ixt_e_keylen: ESP_AES_KEY_SZ_MAX,
136 ixt_e_ctx_size: sizeof(AES_CONTEXT_T),
137 ixt_e_set_key: _aes_set_key,
138 ixt_e_cbc_encrypt:_aes_cbc_encrypt,
141 IPSEC_ALG_MODULE_INIT( ipsec_aes_init )
145 ipsec_alg_AES.ixt_keyminbits=keyminbits;
147 ipsec_alg_AES.ixt_keymaxbits=keymaxbits;
148 if (keymaxbits*8>ipsec_alg_AES.ixt_keymaxbits)
149 ipsec_alg_AES.ixt_e_keylen=keymaxbits*8;
151 ret=register_ipsec_alg_enc(&ipsec_alg_AES);
152 printk("%s(alg_type=%d alg_id=%d name=%s): ret=%d\n",
154 ipsec_alg_AES.ixt_alg_type,
155 ipsec_alg_AES.ixt_alg_id,
156 ipsec_alg_AES.ixt_name,
158 if (ret==0 && test) {
159 test_ret=ipsec_alg_test(
160 ipsec_alg_AES.ixt_alg_type,
161 ipsec_alg_AES.ixt_alg_id,
163 printk("%s(alg_type=%d alg_id=%d): test_ret=%d\n",
165 ipsec_alg_AES.ixt_alg_type,
166 ipsec_alg_AES.ixt_alg_id,
169 #if CONFIG_IPSEC_ALG_AES_MAC
172 ipsec_alg_AES_MAC.ixt_alg_id=auth_id;
173 ret=register_ipsec_alg_auth(&ipsec_alg_AES_MAC);
174 printk("%s(alg_type=%d alg_id=%d name=%s): ret=%d\n",
176 ipsec_alg_AES_MAC.ixt_alg_type,
177 ipsec_alg_AES_MAC.ixt_alg_id,
178 ipsec_alg_AES_MAC.ixt_name,
180 if (ret==0 && test) {
181 test_ret=ipsec_alg_test(
182 ipsec_alg_AES_MAC.ixt_alg_type,
183 ipsec_alg_AES_MAC.ixt_alg_id,
185 printk("%s(alg_type=%d alg_id=%d): test_ret=%d\n",
187 ipsec_alg_AES_MAC.ixt_alg_type,
188 ipsec_alg_AES_MAC.ixt_alg_id,
192 printk(KERN_DEBUG "klips_debug: experimental ipsec_alg_AES_MAC not registered [Ok] (auth_id=%d)\n", auth_id);
194 #endif /* CONFIG_IPSEC_ALG_AES_MAC */
197 IPSEC_ALG_MODULE_EXIT( ipsec_aes_fini )
199 #if CONFIG_IPSEC_ALG_AES_MAC
200 if (auth_id) unregister_ipsec_alg_auth(&ipsec_alg_AES_MAC);
201 #endif /* CONFIG_IPSEC_ALG_AES_MAC */
202 unregister_ipsec_alg_enc(&ipsec_alg_AES);
205 #ifdef MODULE_LICENSE
206 MODULE_LICENSE("GPL");