DragonFly BSD
DragonFly kernel List (threaded) for 2012-07
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

AES GCM/GMAC


From: Chris Rogers <crogers122@xxxxxxxxx>
Date: Tue, 17 Jul 2012 11:29:33 -0400

--e89a8ff1bf64a8054e04c50836de
Content-Type: text/plain; charset=ISO-8859-1

All,

In your AES GCM implementation, you have the following lines of code in
cryptosoft.c, in fucntion swcr_combined():

*******
  for (crd = crp->crp_desc; crd; crd = crd->crd_next) {
for (sw = swcr_sessions[crp->crp_sid & 0xffffffff];
     sw && sw->sw_alg != crd->crd_alg;
     sw = sw->sw_next)
;
if (sw == NULL)
return (EINVAL);

switch (sw->sw_alg) {
case CRYPTO_AES_GCM_16:
case CRYPTO_AES_GMAC:
swe = sw;
crde = crd;
exf = swe->sw_exf;
ivlen = exf->blocksize;
break;
case CRYPTO_AES_128_GMAC:
case CRYPTO_AES_192_GMAC:
case CRYPTO_AES_256_GMAC:
swa = sw;
crda = crd;
axf = swa->sw_axf;
if (swa->sw_ictx == 0)
return (EINVAL);
bcopy(swa->sw_ictx, &ctx, axf->ctxsize);
blksz = axf->blocksize;
break;
default:
return (EINVAL);
}
}


if (crde == NULL || crda == NULL)
return (EINVAL);

*******

My understanding of GCM and GMAC was that GMAC was an authentication only
variant of GCM, and thus they were mutually exclusive.  But, it looks like
the rest of the function will never execute if GMAC isn't chosen as the
mode of encryption.  Does this mean that GCM uses GMAC as part of its
standard encryption process, or is the encryption for GCM only implemented
somewhere else?  Any help on this matter would be greatly appreciated.

Chris

--e89a8ff1bf64a8054e04c50836de
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

All,<div><br></div><div>In your AES GCM implementation, you have the follow=
ing lines of code in cryptosoft.c, in fucntion swcr_combined():</div><div><=
br></div><div>*******</div><div>=A0=A0for (crd =3D crp-&gt;crp_desc; crd; c=
rd =3D crd-&gt;crd_next) {</div>
<div><span class=3D"Apple-tab-span" style=3D"white-space:pre">		</span>for =
(sw =3D swcr_sessions[crp-&gt;crp_sid &amp; 0xffffffff];</div><div><span cl=
ass=3D"Apple-tab-span" style=3D"white-space:pre">		</span> =A0 =A0 sw &amp;=
&amp; sw-&gt;sw_alg !=3D crd-&gt;crd_alg;</div>
<div><span class=3D"Apple-tab-span" style=3D"white-space:pre">		</span> =A0=
 =A0 sw =3D sw-&gt;sw_next)</div><div><span class=3D"Apple-tab-span" style=
=3D"white-space:pre">			</span>;</div><div><span class=3D"Apple-tab-span" s=
tyle=3D"white-space:pre">		</span>if (sw =3D=3D NULL)</div>
<div><span class=3D"Apple-tab-span" style=3D"white-space:pre">			</span>ret=
urn (EINVAL);</div><div><br></div><div><span class=3D"Apple-tab-span" style=
=3D"white-space:pre">		</span>switch (sw-&gt;sw_alg) {</div><div><span clas=
s=3D"Apple-tab-span" style=3D"white-space:pre">		</span>case CRYPTO_AES_GCM=
_16:</div>
<div><span class=3D"Apple-tab-span" style=3D"white-space:pre">		</span>case=
 CRYPTO_AES_GMAC:</div><div><span class=3D"Apple-tab-span" style=3D"white-s=
pace:pre">			</span>swe =3D sw;</div><div><span class=3D"Apple-tab-span" st=
yle=3D"white-space:pre">			</span>crde =3D crd;</div>
<div><span class=3D"Apple-tab-span" style=3D"white-space:pre">			</span>exf=
 =3D swe-&gt;sw_exf;</div><div><span class=3D"Apple-tab-span" style=3D"whit=
e-space:pre">			</span>ivlen =3D exf-&gt;blocksize;</div><div><span class=
=3D"Apple-tab-span" style=3D"white-space:pre">			</span>break;</div>
<div><span class=3D"Apple-tab-span" style=3D"white-space:pre">		</span>case=
 CRYPTO_AES_128_GMAC:</div><div><span class=3D"Apple-tab-span" style=3D"whi=
te-space:pre">		</span>case CRYPTO_AES_192_GMAC:</div><div><span class=3D"A=
pple-tab-span" style=3D"white-space:pre">		</span>case CRYPTO_AES_256_GMAC:=
</div>
<div><span class=3D"Apple-tab-span" style=3D"white-space:pre">			</span>swa=
 =3D sw;</div><div><span class=3D"Apple-tab-span" style=3D"white-space:pre"=
>			</span>crda =3D crd;</div><div><span class=3D"Apple-tab-span" style=3D"=
white-space:pre">			</span>axf =3D swa-&gt;sw_axf;</div>
<div><span class=3D"Apple-tab-span" style=3D"white-space:pre">			</span>if =
(swa-&gt;sw_ictx =3D=3D 0)</div><div><span class=3D"Apple-tab-span" style=
=3D"white-space:pre">				</span>return (EINVAL);</div><div><span class=3D"A=
pple-tab-span" style=3D"white-space:pre">			</span>bcopy(swa-&gt;sw_ictx, &=
amp;ctx, axf-&gt;ctxsize);</div>
<div><span class=3D"Apple-tab-span" style=3D"white-space:pre">			</span>blk=
sz =3D axf-&gt;blocksize;</div><div><span class=3D"Apple-tab-span" style=3D=
"white-space:pre">			</span>break;</div><div><span class=3D"Apple-tab-span"=
 style=3D"white-space:pre">		</span>default:</div>
<div><span class=3D"Apple-tab-span" style=3D"white-space:pre">			</span>ret=
urn (EINVAL);</div><div><span class=3D"Apple-tab-span" style=3D"white-space=
:pre">		</span>}</div><div><span class=3D"Apple-tab-span" style=3D"white-sp=
ace:pre">	</span>}</div>
<div><br></div><div><div><br></div><div><span class=3D"Apple-tab-span" styl=
e=3D"white-space:pre">	</span>if (crde =3D=3D NULL || crda =3D=3D NULL)</di=
v><div><span class=3D"Apple-tab-span" style=3D"white-space:pre">		</span>re=
turn (EINVAL);</div>
</div><div><br></div><div>*******</div><div><br></div><div>My understanding=
 of GCM and GMAC was that GMAC was an authentication only variant of GCM, a=
nd thus they were mutually exclusive. =A0But, it looks like the rest of the=
 function will never execute if GMAC isn&#39;t chosen as the mode of encryp=
tion. =A0Does this mean that GCM uses GMAC as part of its standard encrypti=
on process, or is the encryption for GCM only implemented somewhere else? =
=A0Any help on this matter would be greatly appreciated.</div>
<div><br></div><div>Chris</div>

--e89a8ff1bf64a8054e04c50836de--



[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]