int
aesni_cipher_setup(struct aesni_session *ses, struct cryptoini *encini)
{
struct thread *td;
int error;
switch (encini->cri_klen) {
case 128:
ses->rounds = AES128_ROUNDS;
break;
case 192:
ses->rounds = AES192_ROUNDS;
break;
case 256:
ses->rounds = AES256_ROUNDS;
break;
default:
return (EINVAL);
}
td = curthread;
error = fpu_kern_enter(td, &ses->fpu_ctx, FPU_KERN_NORMAL);
if (error == 0) {
aesni_set_enckey(encini->cri_key, ses->enc_schedule,
ses->rounds);
aesni_set_deckey(ses->enc_schedule, ses->dec_schedule,
ses->rounds);
arc4rand(ses->iv, sizeof(ses->iv), 0);
fpu_kern_leave(td, &ses->fpu_ctx);
}
return (error);
}
int
aesni_cipher_setup_common(struct aesni_session *ses, const uint8_t *key,
int keylen)
{
int decsched;
decsched = 1;
switch (ses->algo) {
case CRYPTO_AES_ICM:
case CRYPTO_AES_NIST_GCM_16:
decsched = 0;
/* FALLTHROUGH */
case CRYPTO_AES_CBC:
switch (keylen) {
case 128:
ses->rounds = AES128_ROUNDS;
break;
case 192:
ses->rounds = AES192_ROUNDS;
break;
case 256:
ses->rounds = AES256_ROUNDS;
break;
default:
CRYPTDEB("invalid CBC/ICM/GCM key length");
return (EINVAL);
}
break;
case CRYPTO_AES_XTS:
switch (keylen) {
case 256:
ses->rounds = AES128_ROUNDS;
break;
case 512:
ses->rounds = AES256_ROUNDS;
break;
default:
CRYPTDEB("invalid XTS key length");
return (EINVAL);
}
break;
default:
return (EINVAL);
}
aesni_set_enckey(key, ses->enc_schedule, ses->rounds);
if (decsched)
aesni_set_deckey(ses->enc_schedule, ses->dec_schedule,
ses->rounds);
if (ses->algo == CRYPTO_AES_XTS)
aesni_set_enckey(key + keylen / 16, ses->xts_schedule,
ses->rounds);
return (0);
}
int
aesni_cipher_setup_common(struct aesni_session *ses, const uint8_t *key,
int keylen)
{
switch (ses->algo) {
case CRYPTO_AES_CBC:
switch (keylen) {
case 128:
ses->rounds = AES128_ROUNDS;
break;
case 192:
ses->rounds = AES192_ROUNDS;
break;
case 256:
ses->rounds = AES256_ROUNDS;
break;
default:
return (EINVAL);
}
break;
case CRYPTO_AES_XTS:
switch (keylen) {
case 256:
ses->rounds = AES128_ROUNDS;
break;
case 512:
ses->rounds = AES256_ROUNDS;
break;
default:
return (EINVAL);
}
break;
default:
return (EINVAL);
}
aesni_set_enckey(key, ses->enc_schedule, ses->rounds);
aesni_set_deckey(ses->enc_schedule, ses->dec_schedule, ses->rounds);
if (ses->algo == CRYPTO_AES_CBC)
arc4rand(ses->iv, sizeof(ses->iv), 0);
else /* if (ses->algo == CRYPTO_AES_XTS) */ {
aesni_set_enckey(key + keylen / 16, ses->xts_schedule,
ses->rounds);
}
return (0);
}
static int
pefs_aesni_keysetup(const struct pefs_session *xses,
struct pefs_ctx *xctx, const uint8_t *key, uint32_t keybits)
{
const struct pefs_aesni_ses *ses = &xses->o.ps_aesni;
struct pefs_aesni_ctx *ctx = &xctx->o.pctx_aesni;
struct fpu_kern_ctx *tmpctx = NULL;
switch (keybits) {
case 128:
ctx->rounds = AES128_ROUNDS;
break;
case 192:
ctx->rounds = AES192_ROUNDS;
break;
case 256:
ctx->rounds = AES256_ROUNDS;
break;
default:
printf("pefs: AESNI: invalid key length: %d", keybits);
return (EINVAL);
}
if (ses->fpu_saved < 0) {
tmpctx = fpu_kern_alloc_ctx(FPU_KERN_NORMAL);
if (tmpctx == NULL)
return (ENOMEM);
fpu_kern_enter(curthread, tmpctx, FPU_KERN_NORMAL);
}
aesni_set_enckey(key, ctx->enc_schedule, ctx->rounds);
aesni_set_deckey(ctx->enc_schedule, ctx->dec_schedule, ctx->rounds);
rijndael_set_key(&ctx->sw, key, keybits);
if (tmpctx != NULL) {
fpu_kern_leave(curthread, tmpctx);
fpu_kern_free_ctx(tmpctx);
}
return (0);
}
