xform_gmac.c revision 213068
1/* $OpenBSD: xform.c,v 1.16 2001/08/28 12:20:43 ben Exp $ */ 2/*- 3 * The authors of this code are John Ioannidis (ji@tla.org), 4 * Angelos D. Keromytis (kermit@csd.uch.gr) and 5 * Niels Provos (provos@physnet.uni-hamburg.de). 6 * 7 * This code was written by John Ioannidis for BSD/OS in Athens, Greece, 8 * in November 1995. 9 * 10 * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996, 11 * by Angelos D. Keromytis. 12 * 13 * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis 14 * and Niels Provos. 15 * 16 * Additional features in 1999 by Angelos D. Keromytis. 17 * 18 * Copyright (C) 1995, 1996, 1997, 1998, 1999 by John Ioannidis, 19 * Angelos D. Keromytis and Niels Provos. 20 * 21 * Copyright (C) 2001, Angelos D. Keromytis. 22 * 23 * Permission to use, copy, and modify this software with or without fee 24 * is hereby granted, provided that this entire notice is included in 25 * all copies of any software which is or includes a copy or 26 * modification of this software. 27 * You may use this code under the GNU public license if you so wish. Please 28 * contribute changes back to the authors under this freer than GPL license 29 * so that we may further the use of strong encryption without limitations to 30 * all. 31 * 32 * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR 33 * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY 34 * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE 35 * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR 36 * PURPOSE. 37 */ 38 39#include <sys/cdefs.h> 40__FBSDID("$FreeBSD: head/sys/opencrypto/xform.c 213068 2010-09-23 11:52:32Z pjd $"); 41 42#include <sys/param.h> 43#include <sys/systm.h> 44#include <sys/malloc.h> 45#include <sys/sysctl.h> 46#include <sys/errno.h> 47#include <sys/time.h> 48#include <sys/kernel.h> 49#include <machine/cpu.h> 50 51#include <crypto/blowfish/blowfish.h> 52#include <crypto/des/des.h> 53#include <crypto/rijndael/rijndael.h> 54#include <crypto/camellia/camellia.h> 55#include <crypto/sha1.h> 56 57#include <opencrypto/cast.h> 58#include <opencrypto/deflate.h> 59#include <opencrypto/rmd160.h> 60#include <opencrypto/skipjack.h> 61 62#include <sys/md5.h> 63 64#include <opencrypto/cryptodev.h> 65#include <opencrypto/xform.h> 66 67static int null_setkey(u_int8_t **, u_int8_t *, int); 68static int des1_setkey(u_int8_t **, u_int8_t *, int); 69static int des3_setkey(u_int8_t **, u_int8_t *, int); 70static int blf_setkey(u_int8_t **, u_int8_t *, int); 71static int cast5_setkey(u_int8_t **, u_int8_t *, int); 72static int skipjack_setkey(u_int8_t **, u_int8_t *, int); 73static int rijndael128_setkey(u_int8_t **, u_int8_t *, int); 74static int aes_xts_setkey(u_int8_t **, u_int8_t *, int); 75static int cml_setkey(u_int8_t **, u_int8_t *, int); 76 77static void null_encrypt(caddr_t, u_int8_t *); 78static void des1_encrypt(caddr_t, u_int8_t *); 79static void des3_encrypt(caddr_t, u_int8_t *); 80static void blf_encrypt(caddr_t, u_int8_t *); 81static void cast5_encrypt(caddr_t, u_int8_t *); 82static void skipjack_encrypt(caddr_t, u_int8_t *); 83static void rijndael128_encrypt(caddr_t, u_int8_t *); 84static void aes_xts_encrypt(caddr_t, u_int8_t *); 85static void cml_encrypt(caddr_t, u_int8_t *); 86 87static void null_decrypt(caddr_t, u_int8_t *); 88static void des1_decrypt(caddr_t, u_int8_t *); 89static void des3_decrypt(caddr_t, u_int8_t *); 90static void blf_decrypt(caddr_t, u_int8_t *); 91static void cast5_decrypt(caddr_t, u_int8_t *); 92static void skipjack_decrypt(caddr_t, u_int8_t *); 93static void rijndael128_decrypt(caddr_t, u_int8_t *); 94static void aes_xts_decrypt(caddr_t, u_int8_t *); 95static void cml_decrypt(caddr_t, u_int8_t *); 96 97static void null_zerokey(u_int8_t **); 98static void des1_zerokey(u_int8_t **); 99static void des3_zerokey(u_int8_t **); 100static void blf_zerokey(u_int8_t **); 101static void cast5_zerokey(u_int8_t **); 102static void skipjack_zerokey(u_int8_t **); 103static void rijndael128_zerokey(u_int8_t **); 104static void aes_xts_zerokey(u_int8_t **); 105static void cml_zerokey(u_int8_t **); 106 107static void aes_xts_reinit(caddr_t, u_int8_t *); 108 109static void null_init(void *); 110static int null_update(void *, u_int8_t *, u_int16_t); 111static void null_final(u_int8_t *, void *); 112static int MD5Update_int(void *, u_int8_t *, u_int16_t); 113static void SHA1Init_int(void *); 114static int SHA1Update_int(void *, u_int8_t *, u_int16_t); 115static void SHA1Final_int(u_int8_t *, void *); 116static int RMD160Update_int(void *, u_int8_t *, u_int16_t); 117static int SHA256Update_int(void *, u_int8_t *, u_int16_t); 118static int SHA384Update_int(void *, u_int8_t *, u_int16_t); 119static int SHA512Update_int(void *, u_int8_t *, u_int16_t); 120 121static u_int32_t deflate_compress(u_int8_t *, u_int32_t, u_int8_t **); 122static u_int32_t deflate_decompress(u_int8_t *, u_int32_t, u_int8_t **); 123 124MALLOC_DEFINE(M_XDATA, "xform", "xform data buffers"); 125 126/* Encryption instances */ 127struct enc_xform enc_xform_null = { 128 CRYPTO_NULL_CBC, "NULL", 129 /* NB: blocksize of 4 is to generate a properly aligned ESP header */ 130 NULL_BLOCK_LEN, 0, 256, /* 2048 bits, max key */ 131 null_encrypt, 132 null_decrypt, 133 null_setkey, 134 null_zerokey, 135 NULL 136}; 137 138struct enc_xform enc_xform_des = { 139 CRYPTO_DES_CBC, "DES", 140 DES_BLOCK_LEN, 8, 8, 141 des1_encrypt, 142 des1_decrypt, 143 des1_setkey, 144 des1_zerokey, 145 NULL 146}; 147 148struct enc_xform enc_xform_3des = { 149 CRYPTO_3DES_CBC, "3DES", 150 DES3_BLOCK_LEN, 24, 24, 151 des3_encrypt, 152 des3_decrypt, 153 des3_setkey, 154 des3_zerokey, 155 NULL 156}; 157 158struct enc_xform enc_xform_blf = { 159 CRYPTO_BLF_CBC, "Blowfish", 160 BLOWFISH_BLOCK_LEN, 5, 56 /* 448 bits, max key */, 161 blf_encrypt, 162 blf_decrypt, 163 blf_setkey, 164 blf_zerokey, 165 NULL 166}; 167 168struct enc_xform enc_xform_cast5 = { 169 CRYPTO_CAST_CBC, "CAST-128", 170 CAST128_BLOCK_LEN, 5, 16, 171 cast5_encrypt, 172 cast5_decrypt, 173 cast5_setkey, 174 cast5_zerokey, 175 NULL 176}; 177 178struct enc_xform enc_xform_skipjack = { 179 CRYPTO_SKIPJACK_CBC, "Skipjack", 180 SKIPJACK_BLOCK_LEN, 10, 10, 181 skipjack_encrypt, 182 skipjack_decrypt, 183 skipjack_setkey, 184 skipjack_zerokey, 185 NULL 186}; 187 188struct enc_xform enc_xform_rijndael128 = { 189 CRYPTO_RIJNDAEL128_CBC, "Rijndael-128/AES", 190 RIJNDAEL128_BLOCK_LEN, 8, 32, 191 rijndael128_encrypt, 192 rijndael128_decrypt, 193 rijndael128_setkey, 194 rijndael128_zerokey, 195 NULL 196}; 197 198struct enc_xform enc_xform_aes_xts = { 199 CRYPTO_AES_XTS, "AES-XTS", 200 RIJNDAEL128_BLOCK_LEN, 32, 64, 201 aes_xts_encrypt, 202 aes_xts_decrypt, 203 aes_xts_setkey, 204 aes_xts_zerokey, 205 aes_xts_reinit 206}; 207 208struct enc_xform enc_xform_arc4 = { 209 CRYPTO_ARC4, "ARC4", 210 1, 1, 32, 211 NULL, 212 NULL, 213 NULL, 214 NULL, 215 NULL 216}; 217 218struct enc_xform enc_xform_camellia = { 219 CRYPTO_CAMELLIA_CBC, "Camellia", 220 CAMELLIA_BLOCK_LEN, 8, 32, 221 cml_encrypt, 222 cml_decrypt, 223 cml_setkey, 224 cml_zerokey, 225 NULL 226}; 227 228/* Authentication instances */ 229struct auth_hash auth_hash_null = { 230 CRYPTO_NULL_HMAC, "NULL-HMAC", 231 0, NULL_HASH_LEN, NULL_HMAC_BLOCK_LEN, sizeof(int), /* NB: context isn't used */ 232 null_init, null_update, null_final 233}; 234 235struct auth_hash auth_hash_hmac_md5 = { 236 CRYPTO_MD5_HMAC, "HMAC-MD5", 237 16, MD5_HASH_LEN, MD5_HMAC_BLOCK_LEN, sizeof(MD5_CTX), 238 (void (*) (void *)) MD5Init, MD5Update_int, 239 (void (*) (u_int8_t *, void *)) MD5Final 240}; 241 242struct auth_hash auth_hash_hmac_sha1 = { 243 CRYPTO_SHA1_HMAC, "HMAC-SHA1", 244 20, SHA1_HASH_LEN, SHA1_HMAC_BLOCK_LEN, sizeof(SHA1_CTX), 245 SHA1Init_int, SHA1Update_int, SHA1Final_int 246}; 247 248struct auth_hash auth_hash_hmac_ripemd_160 = { 249 CRYPTO_RIPEMD160_HMAC, "HMAC-RIPEMD-160", 250 20, RIPEMD160_HASH_LEN, RIPEMD160_HMAC_BLOCK_LEN, sizeof(RMD160_CTX), 251 (void (*)(void *)) RMD160Init, RMD160Update_int, 252 (void (*)(u_int8_t *, void *)) RMD160Final 253}; 254 255struct auth_hash auth_hash_key_md5 = { 256 CRYPTO_MD5_KPDK, "Keyed MD5", 257 0, MD5_KPDK_HASH_LEN, 0, sizeof(MD5_CTX), 258 (void (*)(void *)) MD5Init, MD5Update_int, 259 (void (*)(u_int8_t *, void *)) MD5Final 260}; 261 262struct auth_hash auth_hash_key_sha1 = { 263 CRYPTO_SHA1_KPDK, "Keyed SHA1", 264 0, SHA1_KPDK_HASH_LEN, 0, sizeof(SHA1_CTX), 265 SHA1Init_int, SHA1Update_int, SHA1Final_int 266}; 267 268struct auth_hash auth_hash_hmac_sha2_256 = { 269 CRYPTO_SHA2_256_HMAC, "HMAC-SHA2-256", 270 32, SHA2_256_HASH_LEN, SHA2_256_HMAC_BLOCK_LEN, sizeof(SHA256_CTX), 271 (void (*)(void *)) SHA256_Init, SHA256Update_int, 272 (void (*)(u_int8_t *, void *)) SHA256_Final 273}; 274 275struct auth_hash auth_hash_hmac_sha2_384 = { 276 CRYPTO_SHA2_384_HMAC, "HMAC-SHA2-384", 277 48, SHA2_384_HASH_LEN, SHA2_384_HMAC_BLOCK_LEN, sizeof(SHA384_CTX), 278 (void (*)(void *)) SHA384_Init, SHA384Update_int, 279 (void (*)(u_int8_t *, void *)) SHA384_Final 280}; 281 282struct auth_hash auth_hash_hmac_sha2_512 = { 283 CRYPTO_SHA2_512_HMAC, "HMAC-SHA2-512", 284 64, SHA2_512_HASH_LEN, SHA2_512_HMAC_BLOCK_LEN, sizeof(SHA512_CTX), 285 (void (*)(void *)) SHA512_Init, SHA512Update_int, 286 (void (*)(u_int8_t *, void *)) SHA512_Final 287}; 288 289/* Compression instance */ 290struct comp_algo comp_algo_deflate = { 291 CRYPTO_DEFLATE_COMP, "Deflate", 292 90, deflate_compress, 293 deflate_decompress 294}; 295 296/* 297 * Encryption wrapper routines. 298 */ 299static void 300null_encrypt(caddr_t key, u_int8_t *blk) 301{ 302} 303static void 304null_decrypt(caddr_t key, u_int8_t *blk) 305{ 306} 307static int 308null_setkey(u_int8_t **sched, u_int8_t *key, int len) 309{ 310 *sched = NULL; 311 return 0; 312} 313static void 314null_zerokey(u_int8_t **sched) 315{ 316 *sched = NULL; 317} 318 319static void 320des1_encrypt(caddr_t key, u_int8_t *blk) 321{ 322 des_cblock *cb = (des_cblock *) blk; 323 des_key_schedule *p = (des_key_schedule *) key; 324 325 des_ecb_encrypt(cb, cb, p[0], DES_ENCRYPT); 326} 327 328static void 329des1_decrypt(caddr_t key, u_int8_t *blk) 330{ 331 des_cblock *cb = (des_cblock *) blk; 332 des_key_schedule *p = (des_key_schedule *) key; 333 334 des_ecb_encrypt(cb, cb, p[0], DES_DECRYPT); 335} 336 337static int 338des1_setkey(u_int8_t **sched, u_int8_t *key, int len) 339{ 340 des_key_schedule *p; 341 int err; 342 343 p = malloc(sizeof (des_key_schedule), 344 M_CRYPTO_DATA, M_NOWAIT|M_ZERO); 345 if (p != NULL) { 346 des_set_key((des_cblock *) key, p[0]); 347 err = 0; 348 } else 349 err = ENOMEM; 350 *sched = (u_int8_t *) p; 351 return err; 352} 353 354static void 355des1_zerokey(u_int8_t **sched) 356{ 357 bzero(*sched, sizeof (des_key_schedule)); 358 free(*sched, M_CRYPTO_DATA); 359 *sched = NULL; 360} 361 362static void 363des3_encrypt(caddr_t key, u_int8_t *blk) 364{ 365 des_cblock *cb = (des_cblock *) blk; 366 des_key_schedule *p = (des_key_schedule *) key; 367 368 des_ecb3_encrypt(cb, cb, p[0], p[1], p[2], DES_ENCRYPT); 369} 370 371static void 372des3_decrypt(caddr_t key, u_int8_t *blk) 373{ 374 des_cblock *cb = (des_cblock *) blk; 375 des_key_schedule *p = (des_key_schedule *) key; 376 377 des_ecb3_encrypt(cb, cb, p[0], p[1], p[2], DES_DECRYPT); 378} 379 380static int 381des3_setkey(u_int8_t **sched, u_int8_t *key, int len) 382{ 383 des_key_schedule *p; 384 int err; 385 386 p = malloc(3*sizeof (des_key_schedule), 387 M_CRYPTO_DATA, M_NOWAIT|M_ZERO); 388 if (p != NULL) { 389 des_set_key((des_cblock *)(key + 0), p[0]); 390 des_set_key((des_cblock *)(key + 8), p[1]); 391 des_set_key((des_cblock *)(key + 16), p[2]); 392 err = 0; 393 } else 394 err = ENOMEM; 395 *sched = (u_int8_t *) p; 396 return err; 397} 398 399static void 400des3_zerokey(u_int8_t **sched) 401{ 402 bzero(*sched, 3*sizeof (des_key_schedule)); 403 free(*sched, M_CRYPTO_DATA); 404 *sched = NULL; 405} 406 407static void 408blf_encrypt(caddr_t key, u_int8_t *blk) 409{ 410 BF_LONG t[2]; 411 412 memcpy(t, blk, sizeof (t)); 413 t[0] = ntohl(t[0]); 414 t[1] = ntohl(t[1]); 415 /* NB: BF_encrypt expects the block in host order! */ 416 BF_encrypt(t, (BF_KEY *) key); 417 t[0] = htonl(t[0]); 418 t[1] = htonl(t[1]); 419 memcpy(blk, t, sizeof (t)); 420} 421 422static void 423blf_decrypt(caddr_t key, u_int8_t *blk) 424{ 425 BF_LONG t[2]; 426 427 memcpy(t, blk, sizeof (t)); 428 t[0] = ntohl(t[0]); 429 t[1] = ntohl(t[1]); 430 /* NB: BF_decrypt expects the block in host order! */ 431 BF_decrypt(t, (BF_KEY *) key); 432 t[0] = htonl(t[0]); 433 t[1] = htonl(t[1]); 434 memcpy(blk, t, sizeof (t)); 435} 436 437static int 438blf_setkey(u_int8_t **sched, u_int8_t *key, int len) 439{ 440 int err; 441 442 *sched = malloc(sizeof(BF_KEY), 443 M_CRYPTO_DATA, M_NOWAIT|M_ZERO); 444 if (*sched != NULL) { 445 BF_set_key((BF_KEY *) *sched, len, key); 446 err = 0; 447 } else 448 err = ENOMEM; 449 return err; 450} 451 452static void 453blf_zerokey(u_int8_t **sched) 454{ 455 bzero(*sched, sizeof(BF_KEY)); 456 free(*sched, M_CRYPTO_DATA); 457 *sched = NULL; 458} 459 460static void 461cast5_encrypt(caddr_t key, u_int8_t *blk) 462{ 463 cast_encrypt((cast_key *) key, blk, blk); 464} 465 466static void 467cast5_decrypt(caddr_t key, u_int8_t *blk) 468{ 469 cast_decrypt((cast_key *) key, blk, blk); 470} 471 472static int 473cast5_setkey(u_int8_t **sched, u_int8_t *key, int len) 474{ 475 int err; 476 477 *sched = malloc(sizeof(cast_key), M_CRYPTO_DATA, M_NOWAIT|M_ZERO); 478 if (*sched != NULL) { 479 cast_setkey((cast_key *)*sched, key, len); 480 err = 0; 481 } else 482 err = ENOMEM; 483 return err; 484} 485 486static void 487cast5_zerokey(u_int8_t **sched) 488{ 489 bzero(*sched, sizeof(cast_key)); 490 free(*sched, M_CRYPTO_DATA); 491 *sched = NULL; 492} 493 494static void 495skipjack_encrypt(caddr_t key, u_int8_t *blk) 496{ 497 skipjack_forwards(blk, blk, (u_int8_t **) key); 498} 499 500static void 501skipjack_decrypt(caddr_t key, u_int8_t *blk) 502{ 503 skipjack_backwards(blk, blk, (u_int8_t **) key); 504} 505 506static int 507skipjack_setkey(u_int8_t **sched, u_int8_t *key, int len) 508{ 509 int err; 510 511 /* NB: allocate all the memory that's needed at once */ 512 *sched = malloc(10 * (sizeof(u_int8_t *) + 0x100), 513 M_CRYPTO_DATA, M_NOWAIT|M_ZERO); 514 if (*sched != NULL) { 515 u_int8_t** key_tables = (u_int8_t**) *sched; 516 u_int8_t* table = (u_int8_t*) &key_tables[10]; 517 int k; 518 519 for (k = 0; k < 10; k++) { 520 key_tables[k] = table; 521 table += 0x100; 522 } 523 subkey_table_gen(key, (u_int8_t **) *sched); 524 err = 0; 525 } else 526 err = ENOMEM; 527 return err; 528} 529 530static void 531skipjack_zerokey(u_int8_t **sched) 532{ 533 bzero(*sched, 10 * (sizeof(u_int8_t *) + 0x100)); 534 free(*sched, M_CRYPTO_DATA); 535 *sched = NULL; 536} 537 538static void 539rijndael128_encrypt(caddr_t key, u_int8_t *blk) 540{ 541 rijndael_encrypt((rijndael_ctx *) key, (u_char *) blk, (u_char *) blk); 542} 543 544static void 545rijndael128_decrypt(caddr_t key, u_int8_t *blk) 546{ 547 rijndael_decrypt(((rijndael_ctx *) key), (u_char *) blk, 548 (u_char *) blk); 549} 550 551static int 552rijndael128_setkey(u_int8_t **sched, u_int8_t *key, int len) 553{ 554 int err; 555 556 if (len != 16 && len != 24 && len != 32) 557 return (EINVAL); 558 *sched = malloc(sizeof(rijndael_ctx), M_CRYPTO_DATA, 559 M_NOWAIT|M_ZERO); 560 if (*sched != NULL) { 561 rijndael_set_key((rijndael_ctx *) *sched, (u_char *) key, 562 len * 8); 563 err = 0; 564 } else 565 err = ENOMEM; 566 return err; 567} 568 569static void 570rijndael128_zerokey(u_int8_t **sched) 571{ 572 bzero(*sched, sizeof(rijndael_ctx)); 573 free(*sched, M_CRYPTO_DATA); 574 *sched = NULL; 575} 576 577#define AES_XTS_BLOCKSIZE 16 578#define AES_XTS_IVSIZE 8 579#define AES_XTS_ALPHA 0x87 /* GF(2^128) generator polynomial */ 580 581struct aes_xts_ctx { 582 rijndael_ctx key1; 583 rijndael_ctx key2; 584 u_int8_t tweak[AES_XTS_BLOCKSIZE]; 585}; 586 587void 588aes_xts_reinit(caddr_t key, u_int8_t *iv) 589{ 590 struct aes_xts_ctx *ctx = (struct aes_xts_ctx *)key; 591 u_int64_t blocknum; 592 u_int i; 593 594 /* 595 * Prepare tweak as E_k2(IV). IV is specified as LE representation 596 * of a 64-bit block number which we allow to be passed in directly. 597 */ 598 bcopy(iv, &blocknum, AES_XTS_IVSIZE); 599 for (i = 0; i < AES_XTS_IVSIZE; i++) { 600 ctx->tweak[i] = blocknum & 0xff; 601 blocknum >>= 8; 602 } 603 /* Last 64 bits of IV are always zero */ 604 bzero(ctx->tweak + AES_XTS_IVSIZE, AES_XTS_IVSIZE); 605 606 rijndael_encrypt(&ctx->key2, ctx->tweak, ctx->tweak); 607} 608 609static void 610aes_xts_crypt(struct aes_xts_ctx *ctx, u_int8_t *data, u_int do_encrypt) 611{ 612 u_int8_t block[AES_XTS_BLOCKSIZE]; 613 u_int i, carry_in, carry_out; 614 615 for (i = 0; i < AES_XTS_BLOCKSIZE; i++) 616 block[i] = data[i] ^ ctx->tweak[i]; 617 618 if (do_encrypt) 619 rijndael_encrypt(&ctx->key1, block, data); 620 else 621 rijndael_decrypt(&ctx->key1, block, data); 622 623 for (i = 0; i < AES_XTS_BLOCKSIZE; i++) 624 data[i] ^= ctx->tweak[i]; 625 626 /* Exponentiate tweak */ 627 carry_in = 0; 628 for (i = 0; i < AES_XTS_BLOCKSIZE; i++) { 629 carry_out = ctx->tweak[i] & 0x80; 630 ctx->tweak[i] = (ctx->tweak[i] << 1) | (carry_in ? 1 : 0); 631 carry_in = carry_out; 632 } 633 if (carry_in) 634 ctx->tweak[0] ^= AES_XTS_ALPHA; 635 bzero(block, sizeof(block)); 636} 637 638void 639aes_xts_encrypt(caddr_t key, u_int8_t *data) 640{ 641 aes_xts_crypt((struct aes_xts_ctx *)key, data, 1); 642} 643 644void 645aes_xts_decrypt(caddr_t key, u_int8_t *data) 646{ 647 aes_xts_crypt((struct aes_xts_ctx *)key, data, 0); 648} 649 650int 651aes_xts_setkey(u_int8_t **sched, u_int8_t *key, int len) 652{ 653 struct aes_xts_ctx *ctx; 654 655 if (len != 32 && len != 64) 656 return EINVAL; 657 658 *sched = malloc(sizeof(struct aes_xts_ctx), M_CRYPTO_DATA, 659 M_NOWAIT | M_ZERO); 660 if (*sched == NULL) 661 return ENOMEM; 662 ctx = (struct aes_xts_ctx *)*sched; 663 664 rijndael_set_key(&ctx->key1, key, len * 4); 665 rijndael_set_key(&ctx->key2, key + (len / 2), len * 4); 666 667 return 0; 668} 669 670void 671aes_xts_zerokey(u_int8_t **sched) 672{ 673 bzero(*sched, sizeof(struct aes_xts_ctx)); 674 free(*sched, M_CRYPTO_DATA); 675 *sched = NULL; 676} 677 678static void 679cml_encrypt(caddr_t key, u_int8_t *blk) 680{ 681 camellia_encrypt((camellia_ctx *) key, (u_char *) blk, (u_char *) blk); 682} 683 684static void 685cml_decrypt(caddr_t key, u_int8_t *blk) 686{ 687 camellia_decrypt(((camellia_ctx *) key), (u_char *) blk, 688 (u_char *) blk); 689} 690 691static int 692cml_setkey(u_int8_t **sched, u_int8_t *key, int len) 693{ 694 int err; 695 696 if (len != 16 && len != 24 && len != 32) 697 return (EINVAL); 698 *sched = malloc(sizeof(camellia_ctx), M_CRYPTO_DATA, 699 M_NOWAIT|M_ZERO); 700 if (*sched != NULL) { 701 camellia_set_key((camellia_ctx *) *sched, (u_char *) key, 702 len * 8); 703 err = 0; 704 } else 705 err = ENOMEM; 706 return err; 707} 708 709static void 710cml_zerokey(u_int8_t **sched) 711{ 712 bzero(*sched, sizeof(camellia_ctx)); 713 free(*sched, M_CRYPTO_DATA); 714 *sched = NULL; 715} 716 717/* 718 * And now for auth. 719 */ 720 721static void 722null_init(void *ctx) 723{ 724} 725 726static int 727null_update(void *ctx, u_int8_t *buf, u_int16_t len) 728{ 729 return 0; 730} 731 732static void 733null_final(u_int8_t *buf, void *ctx) 734{ 735 if (buf != (u_int8_t *) 0) 736 bzero(buf, 12); 737} 738 739static int 740RMD160Update_int(void *ctx, u_int8_t *buf, u_int16_t len) 741{ 742 RMD160Update(ctx, buf, len); 743 return 0; 744} 745 746static int 747MD5Update_int(void *ctx, u_int8_t *buf, u_int16_t len) 748{ 749 MD5Update(ctx, buf, len); 750 return 0; 751} 752 753static void 754SHA1Init_int(void *ctx) 755{ 756 SHA1Init(ctx); 757} 758 759static int 760SHA1Update_int(void *ctx, u_int8_t *buf, u_int16_t len) 761{ 762 SHA1Update(ctx, buf, len); 763 return 0; 764} 765 766static void 767SHA1Final_int(u_int8_t *blk, void *ctx) 768{ 769 SHA1Final(blk, ctx); 770} 771 772static int 773SHA256Update_int(void *ctx, u_int8_t *buf, u_int16_t len) 774{ 775 SHA256_Update(ctx, buf, len); 776 return 0; 777} 778 779static int 780SHA384Update_int(void *ctx, u_int8_t *buf, u_int16_t len) 781{ 782 SHA384_Update(ctx, buf, len); 783 return 0; 784} 785 786static int 787SHA512Update_int(void *ctx, u_int8_t *buf, u_int16_t len) 788{ 789 SHA512_Update(ctx, buf, len); 790 return 0; 791} 792 793/* 794 * And compression 795 */ 796 797static u_int32_t 798deflate_compress(data, size, out) 799 u_int8_t *data; 800 u_int32_t size; 801 u_int8_t **out; 802{ 803 return deflate_global(data, size, 0, out); 804} 805 806static u_int32_t 807deflate_decompress(data, size, out) 808 u_int8_t *data; 809 u_int32_t size; 810 u_int8_t **out; 811{ 812 return deflate_global(data, size, 1, out); 813} 814