- djm@cvs.openbsd.org 2013/07/22 05:00:17

[umac.c]
     make MAC key, data to be hashed and nonce for final hash const;
     checked with -Wcast-qual
This commit is contained in:
Damien Miller 2013-07-25 11:55:20 +10:00
parent c8669a8cd2
commit c331dbd222
2 changed files with 35 additions and 31 deletions

View File

@ -3,6 +3,10 @@
- djm@cvs.openbsd.org 2013/07/20 22:20:42 - djm@cvs.openbsd.org 2013/07/20 22:20:42
[krl.c] [krl.c]
fix verification error in (as-yet usused) KRL signature checking path fix verification error in (as-yet usused) KRL signature checking path
- djm@cvs.openbsd.org 2013/07/22 05:00:17
[umac.c]
make MAC key, data to be hashed and nonce for final hash const;
checked with -Wcast-qual
20130720 20130720
- (djm) OpenBSD CVS Sync - (djm) OpenBSD CVS Sync

62
umac.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: umac.c,v 1.6 2013/07/20 01:43:46 djm Exp $ */ /* $OpenBSD: umac.c,v 1.7 2013/07/22 05:00:17 djm Exp $ */
/* ----------------------------------------------------------------------- /* -----------------------------------------------------------------------
* *
* umac.c -- C Implementation UMAC Message Authentication * umac.c -- C Implementation UMAC Message Authentication
@ -132,13 +132,13 @@ typedef unsigned int UWORD; /* Register */
/* ---------------------------------------------------------------------- */ /* ---------------------------------------------------------------------- */
#if HAVE_SWAP32 #if HAVE_SWAP32
#define LOAD_UINT32_REVERSED(p) (swap32(*(UINT32 *)(p))) #define LOAD_UINT32_REVERSED(p) (swap32(*(const UINT32 *)(p)))
#define STORE_UINT32_REVERSED(p,v) (*(UINT32 *)(p) = swap32(v)) #define STORE_UINT32_REVERSED(p,v) (*(UINT32 *)(p) = swap32(v))
#else /* HAVE_SWAP32 */ #else /* HAVE_SWAP32 */
static UINT32 LOAD_UINT32_REVERSED(void *ptr) static UINT32 LOAD_UINT32_REVERSED(const void *ptr)
{ {
UINT32 temp = *(UINT32 *)ptr; UINT32 temp = *(const UINT32 *)ptr;
temp = (temp >> 24) | ((temp & 0x00FF0000) >> 8 ) temp = (temp >> 24) | ((temp & 0x00FF0000) >> 8 )
| ((temp & 0x0000FF00) << 8 ) | (temp << 24); | ((temp & 0x0000FF00) << 8 ) | (temp << 24);
return (UINT32)temp; return (UINT32)temp;
@ -159,7 +159,7 @@ static void STORE_UINT32_REVERSED(void *ptr, UINT32 x)
*/ */
#if (__LITTLE_ENDIAN__) #if (__LITTLE_ENDIAN__)
#define LOAD_UINT32_LITTLE(ptr) (*(UINT32 *)(ptr)) #define LOAD_UINT32_LITTLE(ptr) (*(const UINT32 *)(ptr))
#define STORE_UINT32_BIG(ptr,x) STORE_UINT32_REVERSED(ptr,x) #define STORE_UINT32_BIG(ptr,x) STORE_UINT32_REVERSED(ptr,x)
#else #else
#define LOAD_UINT32_LITTLE(ptr) LOAD_UINT32_REVERSED(ptr) #define LOAD_UINT32_LITTLE(ptr) LOAD_UINT32_REVERSED(ptr)
@ -184,7 +184,7 @@ typedef AES_KEY aes_int_key[1];
#define aes_encryption(in,out,int_key) \ #define aes_encryption(in,out,int_key) \
AES_encrypt((u_char *)(in),(u_char *)(out),(AES_KEY *)int_key) AES_encrypt((u_char *)(in),(u_char *)(out),(AES_KEY *)int_key)
#define aes_key_setup(key,int_key) \ #define aes_key_setup(key,int_key) \
AES_set_encrypt_key((u_char *)(key),UMAC_KEY_LEN*8,int_key) AES_set_encrypt_key((const u_char *)(key),UMAC_KEY_LEN*8,int_key)
/* The user-supplied UMAC key is stretched using AES in a counter /* The user-supplied UMAC key is stretched using AES in a counter
* mode to supply all random bits needed by UMAC. The kdf function takes * mode to supply all random bits needed by UMAC. The kdf function takes
@ -240,7 +240,7 @@ static void pdf_init(pdf_ctx *pc, aes_int_key prf_key)
aes_encryption(pc->nonce, pc->cache, pc->prf_key); aes_encryption(pc->nonce, pc->cache, pc->prf_key);
} }
static void pdf_gen_xor(pdf_ctx *pc, UINT8 nonce[8], UINT8 buf[8]) static void pdf_gen_xor(pdf_ctx *pc, const UINT8 nonce[8], UINT8 buf[8])
{ {
/* 'ndx' indicates that we'll be using the 0th or 1st eight bytes /* 'ndx' indicates that we'll be using the 0th or 1st eight bytes
* of the AES output. If last time around we returned the ndx-1st * of the AES output. If last time around we returned the ndx-1st
@ -261,13 +261,13 @@ static void pdf_gen_xor(pdf_ctx *pc, UINT8 nonce[8], UINT8 buf[8])
#if LOW_BIT_MASK != 0 #if LOW_BIT_MASK != 0
int ndx = nonce[7] & LOW_BIT_MASK; int ndx = nonce[7] & LOW_BIT_MASK;
#endif #endif
*(UINT32 *)t.tmp_nonce_lo = ((UINT32 *)nonce)[1]; *(UINT32 *)t.tmp_nonce_lo = ((const UINT32 *)nonce)[1];
t.tmp_nonce_lo[3] &= ~LOW_BIT_MASK; /* zero last bit */ t.tmp_nonce_lo[3] &= ~LOW_BIT_MASK; /* zero last bit */
if ( (((UINT32 *)t.tmp_nonce_lo)[0] != ((UINT32 *)pc->nonce)[1]) || if ( (((UINT32 *)t.tmp_nonce_lo)[0] != ((UINT32 *)pc->nonce)[1]) ||
(((UINT32 *)nonce)[0] != ((UINT32 *)pc->nonce)[0]) ) (((const UINT32 *)nonce)[0] != ((UINT32 *)pc->nonce)[0]) )
{ {
((UINT32 *)pc->nonce)[0] = ((UINT32 *)nonce)[0]; ((UINT32 *)pc->nonce)[0] = ((const UINT32 *)nonce)[0];
((UINT32 *)pc->nonce)[1] = ((UINT32 *)t.tmp_nonce_lo)[0]; ((UINT32 *)pc->nonce)[1] = ((UINT32 *)t.tmp_nonce_lo)[0];
aes_encryption(pc->nonce, pc->cache, pc->prf_key); aes_encryption(pc->nonce, pc->cache, pc->prf_key);
} }
@ -335,7 +335,7 @@ typedef struct {
#if (UMAC_OUTPUT_LEN == 4) #if (UMAC_OUTPUT_LEN == 4)
static void nh_aux(void *kp, void *dp, void *hp, UINT32 dlen) static void nh_aux(void *kp, const void *dp, void *hp, UINT32 dlen)
/* NH hashing primitive. Previous (partial) hash result is loaded and /* NH hashing primitive. Previous (partial) hash result is loaded and
* then stored via hp pointer. The length of the data pointed at by "dp", * then stored via hp pointer. The length of the data pointed at by "dp",
* "dlen", is guaranteed to be divisible by L1_PAD_BOUNDARY (32). Key * "dlen", is guaranteed to be divisible by L1_PAD_BOUNDARY (32). Key
@ -345,7 +345,7 @@ static void nh_aux(void *kp, void *dp, void *hp, UINT32 dlen)
UINT64 h; UINT64 h;
UWORD c = dlen / 32; UWORD c = dlen / 32;
UINT32 *k = (UINT32 *)kp; UINT32 *k = (UINT32 *)kp;
UINT32 *d = (UINT32 *)dp; const UINT32 *d = (const UINT32 *)dp;
UINT32 d0,d1,d2,d3,d4,d5,d6,d7; UINT32 d0,d1,d2,d3,d4,d5,d6,d7;
UINT32 k0,k1,k2,k3,k4,k5,k6,k7; UINT32 k0,k1,k2,k3,k4,k5,k6,k7;
@ -370,7 +370,7 @@ static void nh_aux(void *kp, void *dp, void *hp, UINT32 dlen)
#elif (UMAC_OUTPUT_LEN == 8) #elif (UMAC_OUTPUT_LEN == 8)
static void nh_aux(void *kp, void *dp, void *hp, UINT32 dlen) static void nh_aux(void *kp, const void *dp, void *hp, UINT32 dlen)
/* Same as previous nh_aux, but two streams are handled in one pass, /* Same as previous nh_aux, but two streams are handled in one pass,
* reading and writing 16 bytes of hash-state per call. * reading and writing 16 bytes of hash-state per call.
*/ */
@ -378,7 +378,7 @@ static void nh_aux(void *kp, void *dp, void *hp, UINT32 dlen)
UINT64 h1,h2; UINT64 h1,h2;
UWORD c = dlen / 32; UWORD c = dlen / 32;
UINT32 *k = (UINT32 *)kp; UINT32 *k = (UINT32 *)kp;
UINT32 *d = (UINT32 *)dp; const UINT32 *d = (const UINT32 *)dp;
UINT32 d0,d1,d2,d3,d4,d5,d6,d7; UINT32 d0,d1,d2,d3,d4,d5,d6,d7;
UINT32 k0,k1,k2,k3,k4,k5,k6,k7, UINT32 k0,k1,k2,k3,k4,k5,k6,k7,
k8,k9,k10,k11; k8,k9,k10,k11;
@ -417,7 +417,7 @@ static void nh_aux(void *kp, void *dp, void *hp, UINT32 dlen)
#elif (UMAC_OUTPUT_LEN == 12) #elif (UMAC_OUTPUT_LEN == 12)
static void nh_aux(void *kp, void *dp, void *hp, UINT32 dlen) static void nh_aux(void *kp, const void *dp, void *hp, UINT32 dlen)
/* Same as previous nh_aux, but two streams are handled in one pass, /* Same as previous nh_aux, but two streams are handled in one pass,
* reading and writing 24 bytes of hash-state per call. * reading and writing 24 bytes of hash-state per call.
*/ */
@ -425,7 +425,7 @@ static void nh_aux(void *kp, void *dp, void *hp, UINT32 dlen)
UINT64 h1,h2,h3; UINT64 h1,h2,h3;
UWORD c = dlen / 32; UWORD c = dlen / 32;
UINT32 *k = (UINT32 *)kp; UINT32 *k = (UINT32 *)kp;
UINT32 *d = (UINT32 *)dp; const UINT32 *d = (const UINT32 *)dp;
UINT32 d0,d1,d2,d3,d4,d5,d6,d7; UINT32 d0,d1,d2,d3,d4,d5,d6,d7;
UINT32 k0,k1,k2,k3,k4,k5,k6,k7, UINT32 k0,k1,k2,k3,k4,k5,k6,k7,
k8,k9,k10,k11,k12,k13,k14,k15; k8,k9,k10,k11,k12,k13,k14,k15;
@ -472,7 +472,7 @@ static void nh_aux(void *kp, void *dp, void *hp, UINT32 dlen)
#elif (UMAC_OUTPUT_LEN == 16) #elif (UMAC_OUTPUT_LEN == 16)
static void nh_aux(void *kp, void *dp, void *hp, UINT32 dlen) static void nh_aux(void *kp, const void *dp, void *hp, UINT32 dlen)
/* Same as previous nh_aux, but two streams are handled in one pass, /* Same as previous nh_aux, but two streams are handled in one pass,
* reading and writing 24 bytes of hash-state per call. * reading and writing 24 bytes of hash-state per call.
*/ */
@ -480,7 +480,7 @@ static void nh_aux(void *kp, void *dp, void *hp, UINT32 dlen)
UINT64 h1,h2,h3,h4; UINT64 h1,h2,h3,h4;
UWORD c = dlen / 32; UWORD c = dlen / 32;
UINT32 *k = (UINT32 *)kp; UINT32 *k = (UINT32 *)kp;
UINT32 *d = (UINT32 *)dp; const UINT32 *d = (const UINT32 *)dp;
UINT32 d0,d1,d2,d3,d4,d5,d6,d7; UINT32 d0,d1,d2,d3,d4,d5,d6,d7;
UINT32 k0,k1,k2,k3,k4,k5,k6,k7, UINT32 k0,k1,k2,k3,k4,k5,k6,k7,
k8,k9,k10,k11,k12,k13,k14,k15, k8,k9,k10,k11,k12,k13,k14,k15,
@ -541,7 +541,7 @@ static void nh_aux(void *kp, void *dp, void *hp, UINT32 dlen)
/* ---------------------------------------------------------------------- */ /* ---------------------------------------------------------------------- */
static void nh_transform(nh_ctx *hc, UINT8 *buf, UINT32 nbytes) static void nh_transform(nh_ctx *hc, const UINT8 *buf, UINT32 nbytes)
/* This function is a wrapper for the primitive NH hash functions. It takes /* This function is a wrapper for the primitive NH hash functions. It takes
* as argument "hc" the current hash context and a buffer which must be a * as argument "hc" the current hash context and a buffer which must be a
* multiple of L1_PAD_BOUNDARY. The key passed to nh_aux is offset * multiple of L1_PAD_BOUNDARY. The key passed to nh_aux is offset
@ -616,7 +616,7 @@ static void nh_init(nh_ctx *hc, aes_int_key prf_key)
/* ---------------------------------------------------------------------- */ /* ---------------------------------------------------------------------- */
static void nh_update(nh_ctx *hc, UINT8 *buf, UINT32 nbytes) static void nh_update(nh_ctx *hc, const UINT8 *buf, UINT32 nbytes)
/* Incorporate nbytes of data into a nh_ctx, buffer whatever is not an */ /* Incorporate nbytes of data into a nh_ctx, buffer whatever is not an */
/* even multiple of HASH_BUF_BYTES. */ /* even multiple of HASH_BUF_BYTES. */
{ {
@ -711,7 +711,7 @@ static void nh_final(nh_ctx *hc, UINT8 *result)
/* ---------------------------------------------------------------------- */ /* ---------------------------------------------------------------------- */
static void nh(nh_ctx *hc, UINT8 *buf, UINT32 padded_len, static void nh(nh_ctx *hc, const UINT8 *buf, UINT32 padded_len,
UINT32 unpadded_len, UINT8 *result) UINT32 unpadded_len, UINT8 *result)
/* All-in-one nh_update() and nh_final() equivalent. /* All-in-one nh_update() and nh_final() equivalent.
* Assumes that padded_len is divisible by L1_PAD_BOUNDARY and result is * Assumes that padded_len is divisible by L1_PAD_BOUNDARY and result is
@ -1049,7 +1049,7 @@ static int uhash_free(uhash_ctx_t ctx)
#endif #endif
/* ---------------------------------------------------------------------- */ /* ---------------------------------------------------------------------- */
static int uhash_update(uhash_ctx_t ctx, u_char *input, long len) static int uhash_update(uhash_ctx_t ctx, const u_char *input, long len)
/* Given len bytes of data, we parse it into L1_KEY_LEN chunks and /* Given len bytes of data, we parse it into L1_KEY_LEN chunks and
* hash each one with NH, calling the polyhash on each NH output. * hash each one with NH, calling the polyhash on each NH output.
*/ */
@ -1059,7 +1059,7 @@ static int uhash_update(uhash_ctx_t ctx, u_char *input, long len)
UINT8 *nh_result = (UINT8 *)&result_buf; UINT8 *nh_result = (UINT8 *)&result_buf;
if (ctx->msg_len + len <= L1_KEY_LEN) { if (ctx->msg_len + len <= L1_KEY_LEN) {
nh_update(&ctx->hash, (UINT8 *)input, len); nh_update(&ctx->hash, (const UINT8 *)input, len);
ctx->msg_len += len; ctx->msg_len += len;
} else { } else {
@ -1074,7 +1074,7 @@ static int uhash_update(uhash_ctx_t ctx, u_char *input, long len)
/* bytes to complete the current nh_block. */ /* bytes to complete the current nh_block. */
if (bytes_hashed) { if (bytes_hashed) {
bytes_remaining = (L1_KEY_LEN - bytes_hashed); bytes_remaining = (L1_KEY_LEN - bytes_hashed);
nh_update(&ctx->hash, (UINT8 *)input, bytes_remaining); nh_update(&ctx->hash, (const UINT8 *)input, bytes_remaining);
nh_final(&ctx->hash, nh_result); nh_final(&ctx->hash, nh_result);
ctx->msg_len += bytes_remaining; ctx->msg_len += bytes_remaining;
poly_hash(ctx,(UINT32 *)nh_result); poly_hash(ctx,(UINT32 *)nh_result);
@ -1084,7 +1084,7 @@ static int uhash_update(uhash_ctx_t ctx, u_char *input, long len)
/* Hash directly from input stream if enough bytes */ /* Hash directly from input stream if enough bytes */
while (len >= L1_KEY_LEN) { while (len >= L1_KEY_LEN) {
nh(&ctx->hash, (UINT8 *)input, L1_KEY_LEN, nh(&ctx->hash, (const UINT8 *)input, L1_KEY_LEN,
L1_KEY_LEN, nh_result); L1_KEY_LEN, nh_result);
ctx->msg_len += L1_KEY_LEN; ctx->msg_len += L1_KEY_LEN;
len -= L1_KEY_LEN; len -= L1_KEY_LEN;
@ -1095,7 +1095,7 @@ static int uhash_update(uhash_ctx_t ctx, u_char *input, long len)
/* pass remaining < L1_KEY_LEN bytes of input data to NH */ /* pass remaining < L1_KEY_LEN bytes of input data to NH */
if (len) { if (len) {
nh_update(&ctx->hash, (UINT8 *)input, len); nh_update(&ctx->hash, (const UINT8 *)input, len);
ctx->msg_len += len; ctx->msg_len += len;
} }
} }
@ -1218,7 +1218,7 @@ int umac_delete(struct umac_ctx *ctx)
/* ---------------------------------------------------------------------- */ /* ---------------------------------------------------------------------- */
struct umac_ctx *umac_new(u_char key[]) struct umac_ctx *umac_new(const u_char key[])
/* Dynamically allocate a umac_ctx struct, initialize variables, /* Dynamically allocate a umac_ctx struct, initialize variables,
* generate subkeys from key. Align to 16-byte boundary. * generate subkeys from key. Align to 16-byte boundary.
*/ */
@ -1235,7 +1235,7 @@ struct umac_ctx *umac_new(u_char key[])
ctx = (struct umac_ctx *)((u_char *)ctx + bytes_to_add); ctx = (struct umac_ctx *)((u_char *)ctx + bytes_to_add);
} }
ctx->free_ptr = octx; ctx->free_ptr = octx;
aes_key_setup(key,prf_key); aes_key_setup(key, prf_key);
pdf_init(&ctx->pdf, prf_key); pdf_init(&ctx->pdf, prf_key);
uhash_init(&ctx->hash, prf_key); uhash_init(&ctx->hash, prf_key);
} }
@ -1245,18 +1245,18 @@ struct umac_ctx *umac_new(u_char key[])
/* ---------------------------------------------------------------------- */ /* ---------------------------------------------------------------------- */
int umac_final(struct umac_ctx *ctx, u_char tag[], u_char nonce[8]) int umac_final(struct umac_ctx *ctx, u_char tag[], const u_char nonce[8])
/* Incorporate any pending data, pad, and generate tag */ /* Incorporate any pending data, pad, and generate tag */
{ {
uhash_final(&ctx->hash, (u_char *)tag); uhash_final(&ctx->hash, (u_char *)tag);
pdf_gen_xor(&ctx->pdf, (UINT8 *)nonce, (UINT8 *)tag); pdf_gen_xor(&ctx->pdf, (const UINT8 *)nonce, (UINT8 *)tag);
return (1); return (1);
} }
/* ---------------------------------------------------------------------- */ /* ---------------------------------------------------------------------- */
int umac_update(struct umac_ctx *ctx, u_char *input, long len) int umac_update(struct umac_ctx *ctx, const u_char *input, long len)
/* Given len bytes of data, we parse it into L1_KEY_LEN chunks and */ /* Given len bytes of data, we parse it into L1_KEY_LEN chunks and */
/* hash each one, calling the PDF on the hashed output whenever the hash- */ /* hash each one, calling the PDF on the hashed output whenever the hash- */
/* output buffer is full. */ /* output buffer is full. */