1 | /* $NetBSD: cryptosoft_xform.c,v 1.27 2014/11/27 20:30:21 christos Exp $ */ |
2 | /* $FreeBSD: src/sys/opencrypto/xform.c,v 1.1.2.1 2002/11/21 23:34:23 sam Exp $ */ |
3 | /* $OpenBSD: xform.c,v 1.19 2002/08/16 22:47:25 dhartmei Exp $ */ |
4 | |
5 | /* |
6 | * The authors of this code are John Ioannidis (ji@tla.org), |
7 | * Angelos D. Keromytis (kermit@csd.uch.gr) and |
8 | * Niels Provos (provos@physnet.uni-hamburg.de). |
9 | * |
10 | * This code was written by John Ioannidis for BSD/OS in Athens, Greece, |
11 | * in November 1995. |
12 | * |
13 | * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996, |
14 | * by Angelos D. Keromytis. |
15 | * |
16 | * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis |
17 | * and Niels Provos. |
18 | * |
19 | * Additional features in 1999 by Angelos D. Keromytis. |
20 | * |
21 | * Copyright (C) 1995, 1996, 1997, 1998, 1999 by John Ioannidis, |
22 | * Angelos D. Keromytis and Niels Provos. |
23 | * |
24 | * Copyright (C) 2001, Angelos D. Keromytis. |
25 | * |
26 | * Permission to use, copy, and modify this software with or without fee |
27 | * is hereby granted, provided that this entire notice is included in |
28 | * all copies of any software which is or includes a copy or |
29 | * modification of this software. |
30 | * You may use this code under the GNU public license if you so wish. Please |
31 | * contribute changes back to the authors under this freer than GPL license |
32 | * so that we may further the use of strong encryption without limitations to |
33 | * all. |
34 | * |
35 | * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR |
36 | * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY |
37 | * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE |
38 | * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR |
39 | * PURPOSE. |
40 | */ |
41 | |
42 | #include <sys/cdefs.h> |
43 | __KERNEL_RCSID(1, "$NetBSD: cryptosoft_xform.c,v 1.27 2014/11/27 20:30:21 christos Exp $" ); |
44 | |
45 | #include <crypto/blowfish/blowfish.h> |
46 | #include <crypto/cast128/cast128.h> |
47 | #include <crypto/des/des.h> |
48 | #include <crypto/rijndael/rijndael.h> |
49 | #include <crypto/skipjack/skipjack.h> |
50 | #include <crypto/camellia/camellia.h> |
51 | |
52 | #include <opencrypto/deflate.h> |
53 | |
54 | #include <sys/md5.h> |
55 | #include <sys/rmd160.h> |
56 | #include <sys/sha1.h> |
57 | #include <sys/sha2.h> |
58 | #include <sys/cprng.h> |
59 | #include <opencrypto/aesxcbcmac.h> |
60 | #include <opencrypto/gmac.h> |
61 | |
62 | struct swcr_auth_hash { |
63 | const struct auth_hash *auth_hash; |
64 | int ctxsize; |
65 | void (*Init)(void *); |
66 | void (*Setkey)(void *, const uint8_t *, uint16_t); |
67 | void (*Reinit)(void *, const uint8_t *, uint16_t); |
68 | int (*Update)(void *, const uint8_t *, uint16_t); |
69 | void (*Final)(uint8_t *, void *); |
70 | }; |
71 | |
72 | struct swcr_enc_xform { |
73 | const struct enc_xform *enc_xform; |
74 | void (*encrypt)(void *, uint8_t *); |
75 | void (*decrypt)(void *, uint8_t *); |
76 | int (*setkey)(uint8_t **, const uint8_t *, int); |
77 | void (*zerokey)(uint8_t **); |
78 | void (*reinit)(void *, const uint8_t *, uint8_t *); |
79 | }; |
80 | |
81 | struct swcr_comp_algo { |
82 | const struct comp_algo *unused_comp_algo; |
83 | uint32_t (*compress)(uint8_t *, uint32_t, uint8_t **); |
84 | uint32_t (*decompress)(uint8_t *, uint32_t, uint8_t **, int); |
85 | }; |
86 | |
87 | static void null_encrypt(void *, u_int8_t *); |
88 | static void null_decrypt(void *, u_int8_t *); |
89 | static int null_setkey(u_int8_t **, const u_int8_t *, int); |
90 | static void null_zerokey(u_int8_t **); |
91 | |
92 | static int des1_setkey(u_int8_t **, const u_int8_t *, int); |
93 | static int des3_setkey(u_int8_t **, const u_int8_t *, int); |
94 | static int blf_setkey(u_int8_t **, const u_int8_t *, int); |
95 | static int cast5_setkey(u_int8_t **, const u_int8_t *, int); |
96 | static int skipjack_setkey(u_int8_t **, const u_int8_t *, int); |
97 | static int rijndael128_setkey(u_int8_t **, const u_int8_t *, int); |
98 | static int cml_setkey(u_int8_t **, const u_int8_t *, int); |
99 | static int aes_ctr_setkey(u_int8_t **, const u_int8_t *, int); |
100 | static int aes_gmac_setkey(u_int8_t **, const u_int8_t *, int); |
101 | static void des1_encrypt(void *, u_int8_t *); |
102 | static void des3_encrypt(void *, u_int8_t *); |
103 | static void blf_encrypt(void *, u_int8_t *); |
104 | static void cast5_encrypt(void *, u_int8_t *); |
105 | static void skipjack_encrypt(void *, u_int8_t *); |
106 | static void rijndael128_encrypt(void *, u_int8_t *); |
107 | static void cml_encrypt(void *, u_int8_t *); |
108 | static void des1_decrypt(void *, u_int8_t *); |
109 | static void des3_decrypt(void *, u_int8_t *); |
110 | static void blf_decrypt(void *, u_int8_t *); |
111 | static void cast5_decrypt(void *, u_int8_t *); |
112 | static void skipjack_decrypt(void *, u_int8_t *); |
113 | static void rijndael128_decrypt(void *, u_int8_t *); |
114 | static void cml_decrypt(void *, u_int8_t *); |
115 | static void aes_ctr_crypt(void *, u_int8_t *); |
116 | static void des1_zerokey(u_int8_t **); |
117 | static void des3_zerokey(u_int8_t **); |
118 | static void blf_zerokey(u_int8_t **); |
119 | static void cast5_zerokey(u_int8_t **); |
120 | static void skipjack_zerokey(u_int8_t **); |
121 | static void rijndael128_zerokey(u_int8_t **); |
122 | static void cml_zerokey(u_int8_t **); |
123 | static void aes_ctr_zerokey(u_int8_t **); |
124 | static void aes_gmac_zerokey(u_int8_t **); |
125 | static void aes_ctr_reinit(void *, const u_int8_t *, u_int8_t *); |
126 | static void aes_gcm_reinit(void *, const u_int8_t *, u_int8_t *); |
127 | static void aes_gmac_reinit(void *, const u_int8_t *, u_int8_t *); |
128 | |
129 | static void null_init(void *); |
130 | static int null_update(void *, const u_int8_t *, u_int16_t); |
131 | static void null_final(u_int8_t *, void *); |
132 | |
133 | static int MD5Update_int(void *, const u_int8_t *, u_int16_t); |
134 | static void SHA1Init_int(void *); |
135 | static int SHA1Update_int(void *, const u_int8_t *, u_int16_t); |
136 | static void SHA1Final_int(u_int8_t *, void *); |
137 | |
138 | |
139 | static int RMD160Update_int(void *, const u_int8_t *, u_int16_t); |
140 | static int SHA1Update_int(void *, const u_int8_t *, u_int16_t); |
141 | static void SHA1Final_int(u_int8_t *, void *); |
142 | static int RMD160Update_int(void *, const u_int8_t *, u_int16_t); |
143 | static int SHA256Update_int(void *, const u_int8_t *, u_int16_t); |
144 | static int SHA384Update_int(void *, const u_int8_t *, u_int16_t); |
145 | static int SHA512Update_int(void *, const u_int8_t *, u_int16_t); |
146 | |
147 | static u_int32_t deflate_compress(u_int8_t *, u_int32_t, u_int8_t **); |
148 | static u_int32_t deflate_decompress(u_int8_t *, u_int32_t, u_int8_t **, int); |
149 | static u_int32_t gzip_compress(u_int8_t *, u_int32_t, u_int8_t **); |
150 | static u_int32_t gzip_decompress(u_int8_t *, u_int32_t, u_int8_t **, int); |
151 | |
152 | /* Encryption instances */ |
153 | static const struct swcr_enc_xform swcr_enc_xform_null = { |
154 | &enc_xform_null, |
155 | null_encrypt, |
156 | null_decrypt, |
157 | null_setkey, |
158 | null_zerokey, |
159 | NULL |
160 | }; |
161 | |
162 | static const struct swcr_enc_xform swcr_enc_xform_des = { |
163 | &enc_xform_des, |
164 | des1_encrypt, |
165 | des1_decrypt, |
166 | des1_setkey, |
167 | des1_zerokey, |
168 | NULL |
169 | }; |
170 | |
171 | static const struct swcr_enc_xform swcr_enc_xform_3des = { |
172 | &enc_xform_3des, |
173 | des3_encrypt, |
174 | des3_decrypt, |
175 | des3_setkey, |
176 | des3_zerokey, |
177 | NULL |
178 | }; |
179 | |
180 | static const struct swcr_enc_xform swcr_enc_xform_blf = { |
181 | &enc_xform_blf, |
182 | blf_encrypt, |
183 | blf_decrypt, |
184 | blf_setkey, |
185 | blf_zerokey, |
186 | NULL |
187 | }; |
188 | |
189 | static const struct swcr_enc_xform swcr_enc_xform_cast5 = { |
190 | &enc_xform_cast5, |
191 | cast5_encrypt, |
192 | cast5_decrypt, |
193 | cast5_setkey, |
194 | cast5_zerokey, |
195 | NULL |
196 | }; |
197 | |
198 | static const struct swcr_enc_xform swcr_enc_xform_skipjack = { |
199 | &enc_xform_skipjack, |
200 | skipjack_encrypt, |
201 | skipjack_decrypt, |
202 | skipjack_setkey, |
203 | skipjack_zerokey, |
204 | NULL |
205 | }; |
206 | |
207 | static const struct swcr_enc_xform swcr_enc_xform_rijndael128 = { |
208 | &enc_xform_rijndael128, |
209 | rijndael128_encrypt, |
210 | rijndael128_decrypt, |
211 | rijndael128_setkey, |
212 | rijndael128_zerokey, |
213 | NULL |
214 | }; |
215 | |
216 | static const struct swcr_enc_xform swcr_enc_xform_aes_ctr = { |
217 | &enc_xform_aes_ctr, |
218 | aes_ctr_crypt, |
219 | aes_ctr_crypt, |
220 | aes_ctr_setkey, |
221 | aes_ctr_zerokey, |
222 | aes_ctr_reinit |
223 | }; |
224 | |
225 | static const struct swcr_enc_xform swcr_enc_xform_aes_gcm = { |
226 | &enc_xform_aes_gcm, |
227 | aes_ctr_crypt, |
228 | aes_ctr_crypt, |
229 | aes_ctr_setkey, |
230 | aes_ctr_zerokey, |
231 | aes_gcm_reinit |
232 | }; |
233 | |
234 | static const struct swcr_enc_xform swcr_enc_xform_aes_gmac = { |
235 | &enc_xform_aes_gmac, |
236 | NULL, |
237 | NULL, |
238 | aes_gmac_setkey, |
239 | aes_gmac_zerokey, |
240 | aes_gmac_reinit |
241 | }; |
242 | |
243 | static const struct swcr_enc_xform swcr_enc_xform_camellia = { |
244 | &enc_xform_camellia, |
245 | cml_encrypt, |
246 | cml_decrypt, |
247 | cml_setkey, |
248 | cml_zerokey, |
249 | NULL |
250 | }; |
251 | |
252 | /* Authentication instances */ |
253 | static const struct swcr_auth_hash swcr_auth_hash_null = { |
254 | &auth_hash_null, sizeof(int), /* NB: context isn't used */ |
255 | null_init, NULL, NULL, null_update, null_final |
256 | }; |
257 | |
258 | static const struct swcr_auth_hash swcr_auth_hash_hmac_md5 = { |
259 | &auth_hash_hmac_md5, sizeof(MD5_CTX), |
260 | (void (*) (void *)) MD5Init, NULL, NULL, MD5Update_int, |
261 | (void (*) (u_int8_t *, void *)) MD5Final |
262 | }; |
263 | |
264 | static const struct swcr_auth_hash swcr_auth_hash_hmac_sha1 = { |
265 | &auth_hash_hmac_sha1, sizeof(SHA1_CTX), |
266 | SHA1Init_int, NULL, NULL, SHA1Update_int, SHA1Final_int |
267 | }; |
268 | |
269 | static const struct swcr_auth_hash swcr_auth_hash_hmac_ripemd_160 = { |
270 | &auth_hash_hmac_ripemd_160, sizeof(RMD160_CTX), |
271 | (void (*)(void *)) RMD160Init, NULL, NULL, RMD160Update_int, |
272 | (void (*)(u_int8_t *, void *)) RMD160Final |
273 | }; |
274 | static const struct swcr_auth_hash swcr_auth_hash_hmac_md5_96 = { |
275 | &auth_hash_hmac_md5_96, sizeof(MD5_CTX), |
276 | (void (*) (void *)) MD5Init, NULL, NULL, MD5Update_int, |
277 | (void (*) (u_int8_t *, void *)) MD5Final |
278 | }; |
279 | |
280 | static const struct swcr_auth_hash swcr_auth_hash_hmac_sha1_96 = { |
281 | &auth_hash_hmac_sha1_96, sizeof(SHA1_CTX), |
282 | SHA1Init_int, NULL, NULL, SHA1Update_int, SHA1Final_int |
283 | }; |
284 | |
285 | static const struct swcr_auth_hash swcr_auth_hash_hmac_ripemd_160_96 = { |
286 | &auth_hash_hmac_ripemd_160_96, sizeof(RMD160_CTX), |
287 | (void (*)(void *)) RMD160Init, NULL, NULL, RMD160Update_int, |
288 | (void (*)(u_int8_t *, void *)) RMD160Final |
289 | }; |
290 | |
291 | static const struct swcr_auth_hash swcr_auth_hash_key_md5 = { |
292 | &auth_hash_key_md5, sizeof(MD5_CTX), |
293 | (void (*)(void *)) MD5Init, NULL, NULL, MD5Update_int, |
294 | (void (*)(u_int8_t *, void *)) MD5Final |
295 | }; |
296 | |
297 | static const struct swcr_auth_hash swcr_auth_hash_key_sha1 = { |
298 | &auth_hash_key_sha1, sizeof(SHA1_CTX), |
299 | SHA1Init_int, NULL, NULL, SHA1Update_int, SHA1Final_int |
300 | }; |
301 | |
302 | static const struct swcr_auth_hash swcr_auth_hash_md5 = { |
303 | &auth_hash_md5, sizeof(MD5_CTX), |
304 | (void (*) (void *)) MD5Init, NULL, NULL, MD5Update_int, |
305 | (void (*) (u_int8_t *, void *)) MD5Final |
306 | }; |
307 | |
308 | static const struct swcr_auth_hash swcr_auth_hash_sha1 = { |
309 | &auth_hash_sha1, sizeof(SHA1_CTX), |
310 | (void (*)(void *)) SHA1Init, NULL, NULL, SHA1Update_int, |
311 | (void (*)(u_int8_t *, void *)) SHA1Final |
312 | }; |
313 | |
314 | static const struct swcr_auth_hash swcr_auth_hash_hmac_sha2_256 = { |
315 | &auth_hash_hmac_sha2_256, sizeof(SHA256_CTX), |
316 | (void (*)(void *)) SHA256_Init, NULL, NULL, SHA256Update_int, |
317 | (void (*)(u_int8_t *, void *)) SHA256_Final |
318 | }; |
319 | |
320 | static const struct swcr_auth_hash swcr_auth_hash_hmac_sha2_384 = { |
321 | &auth_hash_hmac_sha2_384, sizeof(SHA384_CTX), |
322 | (void (*)(void *)) SHA384_Init, NULL, NULL, SHA384Update_int, |
323 | (void (*)(u_int8_t *, void *)) SHA384_Final |
324 | }; |
325 | |
326 | static const struct swcr_auth_hash swcr_auth_hash_hmac_sha2_512 = { |
327 | &auth_hash_hmac_sha2_512, sizeof(SHA512_CTX), |
328 | (void (*)(void *)) SHA512_Init, NULL, NULL, SHA512Update_int, |
329 | (void (*)(u_int8_t *, void *)) SHA512_Final |
330 | }; |
331 | |
332 | static const struct swcr_auth_hash swcr_auth_hash_aes_xcbc_mac = { |
333 | &auth_hash_aes_xcbc_mac_96, sizeof(aesxcbc_ctx), |
334 | null_init, |
335 | (void (*)(void *, const u_int8_t *, u_int16_t))aes_xcbc_mac_init, |
336 | NULL, aes_xcbc_mac_loop, aes_xcbc_mac_result |
337 | }; |
338 | |
339 | static const struct swcr_auth_hash swcr_auth_hash_gmac_aes_128 = { |
340 | &auth_hash_gmac_aes_128, sizeof(AES_GMAC_CTX), |
341 | (void (*)(void *))AES_GMAC_Init, |
342 | (void (*)(void *, const u_int8_t *, u_int16_t))AES_GMAC_Setkey, |
343 | (void (*)(void *, const u_int8_t *, u_int16_t))AES_GMAC_Reinit, |
344 | (int (*)(void *, const u_int8_t *, u_int16_t))AES_GMAC_Update, |
345 | (void (*)(u_int8_t *, void *))AES_GMAC_Final |
346 | }; |
347 | |
348 | static const struct swcr_auth_hash swcr_auth_hash_gmac_aes_192 = { |
349 | &auth_hash_gmac_aes_192, sizeof(AES_GMAC_CTX), |
350 | (void (*)(void *))AES_GMAC_Init, |
351 | (void (*)(void *, const u_int8_t *, u_int16_t))AES_GMAC_Setkey, |
352 | (void (*)(void *, const u_int8_t *, u_int16_t))AES_GMAC_Reinit, |
353 | (int (*)(void *, const u_int8_t *, u_int16_t))AES_GMAC_Update, |
354 | (void (*)(u_int8_t *, void *))AES_GMAC_Final |
355 | }; |
356 | |
357 | static const struct swcr_auth_hash swcr_auth_hash_gmac_aes_256 = { |
358 | &auth_hash_gmac_aes_256, sizeof(AES_GMAC_CTX), |
359 | (void (*)(void *))AES_GMAC_Init, |
360 | (void (*)(void *, const u_int8_t *, u_int16_t))AES_GMAC_Setkey, |
361 | (void (*)(void *, const u_int8_t *, u_int16_t))AES_GMAC_Reinit, |
362 | (int (*)(void *, const u_int8_t *, u_int16_t))AES_GMAC_Update, |
363 | (void (*)(u_int8_t *, void *))AES_GMAC_Final |
364 | }; |
365 | |
366 | /* Compression instance */ |
367 | static const struct swcr_comp_algo swcr_comp_algo_deflate = { |
368 | &comp_algo_deflate, |
369 | deflate_compress, |
370 | deflate_decompress |
371 | }; |
372 | |
373 | static const struct swcr_comp_algo swcr_comp_algo_deflate_nogrow = { |
374 | &comp_algo_deflate_nogrow, |
375 | deflate_compress, |
376 | deflate_decompress |
377 | }; |
378 | |
379 | static const struct swcr_comp_algo swcr_comp_algo_gzip = { |
380 | &comp_algo_deflate, |
381 | gzip_compress, |
382 | gzip_decompress |
383 | }; |
384 | |
385 | /* |
386 | * Encryption wrapper routines. |
387 | */ |
388 | static void |
389 | null_encrypt(void *key, u_int8_t *blk) |
390 | { |
391 | } |
392 | static void |
393 | null_decrypt(void *key, u_int8_t *blk) |
394 | { |
395 | } |
396 | static int |
397 | null_setkey(u_int8_t **sched, const u_int8_t *key, int len) |
398 | { |
399 | *sched = NULL; |
400 | return 0; |
401 | } |
402 | static void |
403 | null_zerokey(u_int8_t **sched) |
404 | { |
405 | *sched = NULL; |
406 | } |
407 | |
408 | static void |
409 | des1_encrypt(void *key, u_int8_t *blk) |
410 | { |
411 | des_cblock *cb = (des_cblock *) blk; |
412 | des_key_schedule *p = (des_key_schedule *) key; |
413 | |
414 | des_ecb_encrypt(cb, cb, p[0], DES_ENCRYPT); |
415 | } |
416 | |
417 | static void |
418 | des1_decrypt(void *key, u_int8_t *blk) |
419 | { |
420 | des_cblock *cb = (des_cblock *) blk; |
421 | des_key_schedule *p = (des_key_schedule *) key; |
422 | |
423 | des_ecb_encrypt(cb, cb, p[0], DES_DECRYPT); |
424 | } |
425 | |
426 | static int |
427 | des1_setkey(u_int8_t **sched, const u_int8_t *key, int len) |
428 | { |
429 | des_key_schedule *p; |
430 | |
431 | p = malloc(sizeof (des_key_schedule), |
432 | M_CRYPTO_DATA, M_NOWAIT|M_ZERO); |
433 | *sched = (u_int8_t *) p; |
434 | if (p == NULL) |
435 | return ENOMEM; |
436 | des_set_key((des_cblock *)__UNCONST(key), p[0]); |
437 | return 0; |
438 | } |
439 | |
440 | static void |
441 | des1_zerokey(u_int8_t **sched) |
442 | { |
443 | memset(*sched, 0, sizeof (des_key_schedule)); |
444 | free(*sched, M_CRYPTO_DATA); |
445 | *sched = NULL; |
446 | } |
447 | |
448 | static void |
449 | des3_encrypt(void *key, u_int8_t *blk) |
450 | { |
451 | des_cblock *cb = (des_cblock *) blk; |
452 | des_key_schedule *p = (des_key_schedule *) key; |
453 | |
454 | des_ecb3_encrypt(cb, cb, p[0], p[1], p[2], DES_ENCRYPT); |
455 | } |
456 | |
457 | static void |
458 | des3_decrypt(void *key, u_int8_t *blk) |
459 | { |
460 | des_cblock *cb = (des_cblock *) blk; |
461 | des_key_schedule *p = (des_key_schedule *) key; |
462 | |
463 | des_ecb3_encrypt(cb, cb, p[0], p[1], p[2], DES_DECRYPT); |
464 | } |
465 | |
466 | static int |
467 | des3_setkey(u_int8_t **sched, const u_int8_t *key, int len) |
468 | { |
469 | des_key_schedule *p; |
470 | |
471 | p = malloc(3*sizeof (des_key_schedule), |
472 | M_CRYPTO_DATA, M_NOWAIT|M_ZERO); |
473 | *sched = (u_int8_t *) p; |
474 | if (p == NULL) |
475 | return ENOMEM; |
476 | des_set_key((des_cblock *)__UNCONST(key + 0), p[0]); |
477 | des_set_key((des_cblock *)__UNCONST(key + 8), p[1]); |
478 | des_set_key((des_cblock *)__UNCONST(key + 16), p[2]); |
479 | return 0; |
480 | } |
481 | |
482 | static void |
483 | des3_zerokey(u_int8_t **sched) |
484 | { |
485 | memset(*sched, 0, 3*sizeof (des_key_schedule)); |
486 | free(*sched, M_CRYPTO_DATA); |
487 | *sched = NULL; |
488 | } |
489 | |
490 | static void |
491 | blf_encrypt(void *key, u_int8_t *blk) |
492 | { |
493 | |
494 | BF_ecb_encrypt(blk, blk, (BF_KEY *)key, 1); |
495 | } |
496 | |
497 | static void |
498 | blf_decrypt(void *key, u_int8_t *blk) |
499 | { |
500 | |
501 | BF_ecb_encrypt(blk, blk, (BF_KEY *)key, 0); |
502 | } |
503 | |
504 | static int |
505 | blf_setkey(u_int8_t **sched, const u_int8_t *key, int len) |
506 | { |
507 | |
508 | *sched = malloc(sizeof(BF_KEY), |
509 | M_CRYPTO_DATA, M_NOWAIT|M_ZERO); |
510 | if (*sched == NULL) |
511 | return ENOMEM; |
512 | BF_set_key((BF_KEY *) *sched, len, key); |
513 | return 0; |
514 | } |
515 | |
516 | static void |
517 | blf_zerokey(u_int8_t **sched) |
518 | { |
519 | memset(*sched, 0, sizeof(BF_KEY)); |
520 | free(*sched, M_CRYPTO_DATA); |
521 | *sched = NULL; |
522 | } |
523 | |
524 | static void |
525 | cast5_encrypt(void *key, u_int8_t *blk) |
526 | { |
527 | cast128_encrypt((cast128_key *) key, blk, blk); |
528 | } |
529 | |
530 | static void |
531 | cast5_decrypt(void *key, u_int8_t *blk) |
532 | { |
533 | cast128_decrypt((cast128_key *) key, blk, blk); |
534 | } |
535 | |
536 | static int |
537 | cast5_setkey(u_int8_t **sched, const u_int8_t *key, int len) |
538 | { |
539 | |
540 | *sched = malloc(sizeof(cast128_key), M_CRYPTO_DATA, |
541 | M_NOWAIT|M_ZERO); |
542 | if (*sched == NULL) |
543 | return ENOMEM; |
544 | cast128_setkey((cast128_key *)*sched, key, len); |
545 | return 0; |
546 | } |
547 | |
548 | static void |
549 | cast5_zerokey(u_int8_t **sched) |
550 | { |
551 | memset(*sched, 0, sizeof(cast128_key)); |
552 | free(*sched, M_CRYPTO_DATA); |
553 | *sched = NULL; |
554 | } |
555 | |
556 | static void |
557 | skipjack_encrypt(void *key, u_int8_t *blk) |
558 | { |
559 | skipjack_forwards(blk, blk, (u_int8_t **) key); |
560 | } |
561 | |
562 | static void |
563 | skipjack_decrypt(void *key, u_int8_t *blk) |
564 | { |
565 | skipjack_backwards(blk, blk, (u_int8_t **) key); |
566 | } |
567 | |
568 | static int |
569 | skipjack_setkey(u_int8_t **sched, const u_int8_t *key, int len) |
570 | { |
571 | |
572 | /* NB: allocate all the memory that's needed at once */ |
573 | /* XXX assumes bytes are aligned on sizeof(u_char) == 1 boundaries. |
574 | * Will this break a pdp-10, Cray-1, or GE-645 port? |
575 | */ |
576 | *sched = malloc(10 * (sizeof(u_int8_t *) + 0x100), |
577 | M_CRYPTO_DATA, M_NOWAIT|M_ZERO); |
578 | |
579 | if (*sched == NULL) |
580 | return ENOMEM; |
581 | |
582 | u_int8_t** key_tables = (u_int8_t**) *sched; |
583 | u_int8_t* table = (u_int8_t*) &key_tables[10]; |
584 | int k; |
585 | |
586 | for (k = 0; k < 10; k++) { |
587 | key_tables[k] = table; |
588 | table += 0x100; |
589 | } |
590 | subkey_table_gen(key, (u_int8_t **) *sched); |
591 | return 0; |
592 | } |
593 | |
594 | static void |
595 | skipjack_zerokey(u_int8_t **sched) |
596 | { |
597 | memset(*sched, 0, 10 * (sizeof(u_int8_t *) + 0x100)); |
598 | free(*sched, M_CRYPTO_DATA); |
599 | *sched = NULL; |
600 | } |
601 | |
602 | static void |
603 | rijndael128_encrypt(void *key, u_int8_t *blk) |
604 | { |
605 | rijndael_encrypt((rijndael_ctx *) key, (u_char *) blk, (u_char *) blk); |
606 | } |
607 | |
608 | static void |
609 | rijndael128_decrypt(void *key, u_int8_t *blk) |
610 | { |
611 | rijndael_decrypt((rijndael_ctx *) key, (u_char *) blk, |
612 | (u_char *) blk); |
613 | } |
614 | |
615 | static int |
616 | rijndael128_setkey(u_int8_t **sched, const u_int8_t *key, int len) |
617 | { |
618 | |
619 | if (len != 16 && len != 24 && len != 32) |
620 | return EINVAL; |
621 | *sched = malloc(sizeof(rijndael_ctx), M_CRYPTO_DATA, |
622 | M_NOWAIT|M_ZERO); |
623 | if (*sched == NULL) |
624 | return ENOMEM; |
625 | rijndael_set_key((rijndael_ctx *) *sched, key, len * 8); |
626 | return 0; |
627 | } |
628 | |
629 | static void |
630 | rijndael128_zerokey(u_int8_t **sched) |
631 | { |
632 | memset(*sched, 0, sizeof(rijndael_ctx)); |
633 | free(*sched, M_CRYPTO_DATA); |
634 | *sched = NULL; |
635 | } |
636 | |
637 | static void |
638 | cml_encrypt(void *key, u_int8_t *blk) |
639 | { |
640 | |
641 | camellia_encrypt(key, blk, blk); |
642 | } |
643 | |
644 | static void |
645 | cml_decrypt(void *key, u_int8_t *blk) |
646 | { |
647 | |
648 | camellia_decrypt(key, blk, blk); |
649 | } |
650 | |
651 | static int |
652 | cml_setkey(u_int8_t **sched, const u_int8_t *key, int len) |
653 | { |
654 | |
655 | if (len != 16 && len != 24 && len != 32) |
656 | return (EINVAL); |
657 | *sched = malloc(sizeof(camellia_ctx), M_CRYPTO_DATA, |
658 | M_NOWAIT|M_ZERO); |
659 | if (*sched == NULL) |
660 | return ENOMEM; |
661 | |
662 | camellia_set_key((camellia_ctx *) *sched, key, len * 8); |
663 | return 0; |
664 | } |
665 | |
666 | static void |
667 | cml_zerokey(u_int8_t **sched) |
668 | { |
669 | |
670 | memset(*sched, 0, sizeof(camellia_ctx)); |
671 | free(*sched, M_CRYPTO_DATA); |
672 | *sched = NULL; |
673 | } |
674 | |
675 | #define AESCTR_NONCESIZE 4 |
676 | #define AESCTR_IVSIZE 8 |
677 | #define AESCTR_BLOCKSIZE 16 |
678 | |
679 | struct aes_ctr_ctx { |
680 | /* need only encryption half */ |
681 | u_int32_t ac_ek[4*(RIJNDAEL_MAXNR + 1)]; |
682 | u_int8_t ac_block[AESCTR_BLOCKSIZE]; |
683 | int ac_nr; |
684 | struct { |
685 | u_int64_t lastiv; |
686 | } ivgenctx; |
687 | }; |
688 | |
689 | static void |
690 | aes_ctr_crypt(void *key, u_int8_t *blk) |
691 | { |
692 | struct aes_ctr_ctx *ctx; |
693 | u_int8_t keystream[AESCTR_BLOCKSIZE]; |
694 | int i; |
695 | |
696 | ctx = key; |
697 | /* increment counter */ |
698 | for (i = AESCTR_BLOCKSIZE - 1; |
699 | i >= AESCTR_NONCESIZE + AESCTR_IVSIZE; i--) |
700 | if (++ctx->ac_block[i]) /* continue on overflow */ |
701 | break; |
702 | rijndaelEncrypt(ctx->ac_ek, ctx->ac_nr, ctx->ac_block, keystream); |
703 | for (i = 0; i < AESCTR_BLOCKSIZE; i++) |
704 | blk[i] ^= keystream[i]; |
705 | memset(keystream, 0, sizeof(keystream)); |
706 | } |
707 | |
708 | int |
709 | aes_ctr_setkey(u_int8_t **sched, const u_int8_t *key, int len) |
710 | { |
711 | struct aes_ctr_ctx *ctx; |
712 | |
713 | if (len < AESCTR_NONCESIZE) |
714 | return EINVAL; |
715 | |
716 | ctx = malloc(sizeof(struct aes_ctr_ctx), M_CRYPTO_DATA, |
717 | M_NOWAIT|M_ZERO); |
718 | if (!ctx) |
719 | return ENOMEM; |
720 | ctx->ac_nr = rijndaelKeySetupEnc(ctx->ac_ek, (const u_char *)key, |
721 | (len - AESCTR_NONCESIZE) * 8); |
722 | if (!ctx->ac_nr) { /* wrong key len */ |
723 | aes_ctr_zerokey((u_int8_t **)&ctx); |
724 | return EINVAL; |
725 | } |
726 | memcpy(ctx->ac_block, key + len - AESCTR_NONCESIZE, AESCTR_NONCESIZE); |
727 | /* random start value for simple counter */ |
728 | cprng_fast(&ctx->ivgenctx.lastiv, sizeof(ctx->ivgenctx.lastiv)); |
729 | *sched = (void *)ctx; |
730 | return 0; |
731 | } |
732 | |
733 | void |
734 | aes_ctr_zerokey(u_int8_t **sched) |
735 | { |
736 | |
737 | memset(*sched, 0, sizeof(struct aes_ctr_ctx)); |
738 | free(*sched, M_CRYPTO_DATA); |
739 | *sched = NULL; |
740 | } |
741 | |
742 | void |
743 | aes_ctr_reinit(void *key, const u_int8_t *iv, u_int8_t *ivout) |
744 | { |
745 | struct aes_ctr_ctx *ctx = key; |
746 | |
747 | if (!iv) { |
748 | ctx->ivgenctx.lastiv++; |
749 | iv = (const u_int8_t *)&ctx->ivgenctx.lastiv; |
750 | } |
751 | if (ivout) |
752 | memcpy(ivout, iv, AESCTR_IVSIZE); |
753 | memcpy(ctx->ac_block + AESCTR_NONCESIZE, iv, AESCTR_IVSIZE); |
754 | /* reset counter */ |
755 | memset(ctx->ac_block + AESCTR_NONCESIZE + AESCTR_IVSIZE, 0, 4); |
756 | } |
757 | |
758 | void |
759 | aes_gcm_reinit(void *key, const u_int8_t *iv, u_int8_t *ivout) |
760 | { |
761 | struct aes_ctr_ctx *ctx = key; |
762 | |
763 | if (!iv) { |
764 | ctx->ivgenctx.lastiv++; |
765 | iv = (const u_int8_t *)&ctx->ivgenctx.lastiv; |
766 | } |
767 | if (ivout) |
768 | memcpy(ivout, iv, AESCTR_IVSIZE); |
769 | memcpy(ctx->ac_block + AESCTR_NONCESIZE, iv, AESCTR_IVSIZE); |
770 | /* reset counter */ |
771 | memset(ctx->ac_block + AESCTR_NONCESIZE + AESCTR_IVSIZE, 0, 4); |
772 | ctx->ac_block[AESCTR_BLOCKSIZE - 1] = 1; /* GCM starts with 1 */ |
773 | } |
774 | |
775 | struct aes_gmac_ctx { |
776 | struct { |
777 | u_int64_t lastiv; |
778 | } ivgenctx; |
779 | }; |
780 | |
781 | int |
782 | aes_gmac_setkey(u_int8_t **sched, const u_int8_t *key, int len) |
783 | { |
784 | struct aes_gmac_ctx *ctx; |
785 | |
786 | ctx = malloc(sizeof(struct aes_gmac_ctx), M_CRYPTO_DATA, |
787 | M_NOWAIT|M_ZERO); |
788 | if (!ctx) |
789 | return ENOMEM; |
790 | |
791 | /* random start value for simple counter */ |
792 | cprng_fast(&ctx->ivgenctx.lastiv, sizeof(ctx->ivgenctx.lastiv)); |
793 | *sched = (void *)ctx; |
794 | return 0; |
795 | } |
796 | |
797 | void |
798 | aes_gmac_zerokey(u_int8_t **sched) |
799 | { |
800 | |
801 | free(*sched, M_CRYPTO_DATA); |
802 | *sched = NULL; |
803 | } |
804 | |
805 | void |
806 | aes_gmac_reinit(void *key, const u_int8_t *iv, u_int8_t *ivout) |
807 | { |
808 | struct aes_gmac_ctx *ctx = key; |
809 | |
810 | if (!iv) { |
811 | ctx->ivgenctx.lastiv++; |
812 | iv = (const u_int8_t *)&ctx->ivgenctx.lastiv; |
813 | } |
814 | if (ivout) |
815 | memcpy(ivout, iv, AESCTR_IVSIZE); |
816 | } |
817 | |
818 | /* |
819 | * And now for auth. |
820 | */ |
821 | |
822 | static void |
823 | null_init(void *ctx) |
824 | { |
825 | } |
826 | |
827 | static int |
828 | null_update(void *ctx, const u_int8_t *buf, |
829 | u_int16_t len) |
830 | { |
831 | return 0; |
832 | } |
833 | |
834 | static void |
835 | null_final(u_int8_t *buf, void *ctx) |
836 | { |
837 | if (buf != (u_int8_t *) 0) |
838 | memset(buf, 0, 12); |
839 | } |
840 | |
841 | static int |
842 | RMD160Update_int(void *ctx, const u_int8_t *buf, u_int16_t len) |
843 | { |
844 | RMD160Update(ctx, buf, len); |
845 | return 0; |
846 | } |
847 | |
848 | static int |
849 | MD5Update_int(void *ctx, const u_int8_t *buf, u_int16_t len) |
850 | { |
851 | MD5Update(ctx, buf, len); |
852 | return 0; |
853 | } |
854 | |
855 | static void |
856 | SHA1Init_int(void *ctx) |
857 | { |
858 | SHA1Init(ctx); |
859 | } |
860 | |
861 | static int |
862 | SHA1Update_int(void *ctx, const u_int8_t *buf, u_int16_t len) |
863 | { |
864 | SHA1Update(ctx, buf, len); |
865 | return 0; |
866 | } |
867 | |
868 | static void |
869 | SHA1Final_int(u_int8_t *blk, void *ctx) |
870 | { |
871 | SHA1Final(blk, ctx); |
872 | } |
873 | |
874 | static int |
875 | SHA256Update_int(void *ctx, const u_int8_t *buf, u_int16_t len) |
876 | { |
877 | SHA256_Update(ctx, buf, len); |
878 | return 0; |
879 | } |
880 | |
881 | static int |
882 | SHA384Update_int(void *ctx, const u_int8_t *buf, u_int16_t len) |
883 | { |
884 | SHA384_Update(ctx, buf, len); |
885 | return 0; |
886 | } |
887 | |
888 | static int |
889 | SHA512Update_int(void *ctx, const u_int8_t *buf, u_int16_t len) |
890 | { |
891 | SHA512_Update(ctx, buf, len); |
892 | return 0; |
893 | } |
894 | |
895 | /* |
896 | * And compression |
897 | */ |
898 | |
899 | static u_int32_t |
900 | deflate_compress(u_int8_t *data, u_int32_t size, u_int8_t **out) |
901 | { |
902 | return deflate_global(data, size, 0, out, 0); |
903 | } |
904 | |
905 | static u_int32_t |
906 | deflate_decompress(u_int8_t *data, u_int32_t size, u_int8_t **out, |
907 | int size_hint) |
908 | { |
909 | return deflate_global(data, size, 1, out, size_hint); |
910 | } |
911 | |
912 | static u_int32_t |
913 | gzip_compress(u_int8_t *data, u_int32_t size, u_int8_t **out) |
914 | { |
915 | return gzip_global(data, size, 0, out, 0); |
916 | } |
917 | |
918 | static u_int32_t |
919 | gzip_decompress(u_int8_t *data, u_int32_t size, u_int8_t **out, |
920 | int size_hint) |
921 | { |
922 | return gzip_global(data, size, 1, out, size_hint); |
923 | } |
924 | |