xform_sha2.c revision 213068
1104476Ssam/* $OpenBSD: xform.c,v 1.16 2001/08/28 12:20:43 ben Exp $ */ 2139825Simp/*- 3104476Ssam * The authors of this code are John Ioannidis (ji@tla.org), 4104476Ssam * Angelos D. Keromytis (kermit@csd.uch.gr) and 5104476Ssam * Niels Provos (provos@physnet.uni-hamburg.de). 6104476Ssam * 7104476Ssam * This code was written by John Ioannidis for BSD/OS in Athens, Greece, 8104476Ssam * in November 1995. 9104476Ssam * 10104476Ssam * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996, 11104476Ssam * by Angelos D. Keromytis. 12104476Ssam * 13104476Ssam * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis 14104476Ssam * and Niels Provos. 15104476Ssam * 16104476Ssam * Additional features in 1999 by Angelos D. Keromytis. 17104476Ssam * 18104476Ssam * Copyright (C) 1995, 1996, 1997, 1998, 1999 by John Ioannidis, 19104476Ssam * Angelos D. Keromytis and Niels Provos. 20104476Ssam * 21104476Ssam * Copyright (C) 2001, Angelos D. Keromytis. 22104476Ssam * 23104476Ssam * Permission to use, copy, and modify this software with or without fee 24104476Ssam * is hereby granted, provided that this entire notice is included in 25104476Ssam * all copies of any software which is or includes a copy or 26104476Ssam * modification of this software. 27104476Ssam * You may use this code under the GNU public license if you so wish. Please 28104476Ssam * contribute changes back to the authors under this freer than GPL license 29104476Ssam * so that we may further the use of strong encryption without limitations to 30104476Ssam * all. 31104476Ssam * 32104476Ssam * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR 33104476Ssam * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY 34104476Ssam * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE 35104476Ssam * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR 36104476Ssam * PURPOSE. 37104476Ssam */ 38104476Ssam 39116191Sobrien#include <sys/cdefs.h> 40116191Sobrien__FBSDID("$FreeBSD: head/sys/opencrypto/xform.c 213068 2010-09-23 11:52:32Z pjd $"); 41116191Sobrien 42104476Ssam#include <sys/param.h> 43104476Ssam#include <sys/systm.h> 44104476Ssam#include <sys/malloc.h> 45104476Ssam#include <sys/sysctl.h> 46104476Ssam#include <sys/errno.h> 47104476Ssam#include <sys/time.h> 48104476Ssam#include <sys/kernel.h> 49104476Ssam#include <machine/cpu.h> 50104476Ssam 51104476Ssam#include <crypto/blowfish/blowfish.h> 52104476Ssam#include <crypto/des/des.h> 53143423Sume#include <crypto/rijndael/rijndael.h> 54169425Sgnn#include <crypto/camellia/camellia.h> 55104476Ssam#include <crypto/sha1.h> 56104476Ssam 57104476Ssam#include <opencrypto/cast.h> 58104476Ssam#include <opencrypto/deflate.h> 59104476Ssam#include <opencrypto/rmd160.h> 60104476Ssam#include <opencrypto/skipjack.h> 61104476Ssam 62104476Ssam#include <sys/md5.h> 63104476Ssam 64104476Ssam#include <opencrypto/cryptodev.h> 65104476Ssam#include <opencrypto/xform.h> 66104476Ssam 67213068Spjdstatic int null_setkey(u_int8_t **, u_int8_t *, int); 68104476Ssamstatic int des1_setkey(u_int8_t **, u_int8_t *, int); 69104476Ssamstatic int des3_setkey(u_int8_t **, u_int8_t *, int); 70104476Ssamstatic int blf_setkey(u_int8_t **, u_int8_t *, int); 71104476Ssamstatic int cast5_setkey(u_int8_t **, u_int8_t *, int); 72104476Ssamstatic int skipjack_setkey(u_int8_t **, u_int8_t *, int); 73104476Ssamstatic int rijndael128_setkey(u_int8_t **, u_int8_t *, int); 74213068Spjdstatic int aes_xts_setkey(u_int8_t **, u_int8_t *, int); 75169425Sgnnstatic int cml_setkey(u_int8_t **, u_int8_t *, int); 76213068Spjd 77213068Spjdstatic void null_encrypt(caddr_t, u_int8_t *); 78104476Ssamstatic void des1_encrypt(caddr_t, u_int8_t *); 79104476Ssamstatic void des3_encrypt(caddr_t, u_int8_t *); 80104476Ssamstatic void blf_encrypt(caddr_t, u_int8_t *); 81104476Ssamstatic void cast5_encrypt(caddr_t, u_int8_t *); 82104476Ssamstatic void skipjack_encrypt(caddr_t, u_int8_t *); 83104476Ssamstatic void rijndael128_encrypt(caddr_t, u_int8_t *); 84213068Spjdstatic void aes_xts_encrypt(caddr_t, u_int8_t *); 85169425Sgnnstatic void cml_encrypt(caddr_t, u_int8_t *); 86213068Spjd 87213068Spjdstatic void null_decrypt(caddr_t, u_int8_t *); 88104476Ssamstatic void des1_decrypt(caddr_t, u_int8_t *); 89104476Ssamstatic void des3_decrypt(caddr_t, u_int8_t *); 90104476Ssamstatic void blf_decrypt(caddr_t, u_int8_t *); 91104476Ssamstatic void cast5_decrypt(caddr_t, u_int8_t *); 92104476Ssamstatic void skipjack_decrypt(caddr_t, u_int8_t *); 93104476Ssamstatic void rijndael128_decrypt(caddr_t, u_int8_t *); 94213068Spjdstatic void aes_xts_decrypt(caddr_t, u_int8_t *); 95169425Sgnnstatic void cml_decrypt(caddr_t, u_int8_t *); 96213068Spjd 97213068Spjdstatic void null_zerokey(u_int8_t **); 98104476Ssamstatic void des1_zerokey(u_int8_t **); 99104476Ssamstatic void des3_zerokey(u_int8_t **); 100104476Ssamstatic void blf_zerokey(u_int8_t **); 101104476Ssamstatic void cast5_zerokey(u_int8_t **); 102104476Ssamstatic void skipjack_zerokey(u_int8_t **); 103104476Ssamstatic void rijndael128_zerokey(u_int8_t **); 104213068Spjdstatic void aes_xts_zerokey(u_int8_t **); 105169425Sgnnstatic void cml_zerokey(u_int8_t **); 106104476Ssam 107213068Spjdstatic void aes_xts_reinit(caddr_t, u_int8_t *); 108213068Spjd 109104476Ssamstatic void null_init(void *); 110104476Ssamstatic int null_update(void *, u_int8_t *, u_int16_t); 111104476Ssamstatic void null_final(u_int8_t *, void *); 112104476Ssamstatic int MD5Update_int(void *, u_int8_t *, u_int16_t); 113104476Ssamstatic void SHA1Init_int(void *); 114104476Ssamstatic int SHA1Update_int(void *, u_int8_t *, u_int16_t); 115104476Ssamstatic void SHA1Final_int(u_int8_t *, void *); 116104476Ssamstatic int RMD160Update_int(void *, u_int8_t *, u_int16_t); 117104476Ssamstatic int SHA256Update_int(void *, u_int8_t *, u_int16_t); 118104476Ssamstatic int SHA384Update_int(void *, u_int8_t *, u_int16_t); 119104476Ssamstatic int SHA512Update_int(void *, u_int8_t *, u_int16_t); 120104476Ssam 121104476Ssamstatic u_int32_t deflate_compress(u_int8_t *, u_int32_t, u_int8_t **); 122104476Ssamstatic u_int32_t deflate_decompress(u_int8_t *, u_int32_t, u_int8_t **); 123104476Ssam 124104476SsamMALLOC_DEFINE(M_XDATA, "xform", "xform data buffers"); 125104476Ssam 126104476Ssam/* Encryption instances */ 127104476Ssamstruct enc_xform enc_xform_null = { 128104476Ssam CRYPTO_NULL_CBC, "NULL", 129104476Ssam /* NB: blocksize of 4 is to generate a properly aligned ESP header */ 130159235Spjd NULL_BLOCK_LEN, 0, 256, /* 2048 bits, max key */ 131104476Ssam null_encrypt, 132104476Ssam null_decrypt, 133104476Ssam null_setkey, 134104476Ssam null_zerokey, 135213068Spjd NULL 136104476Ssam}; 137104476Ssam 138104476Ssamstruct enc_xform enc_xform_des = { 139104476Ssam CRYPTO_DES_CBC, "DES", 140159235Spjd DES_BLOCK_LEN, 8, 8, 141104476Ssam des1_encrypt, 142104476Ssam des1_decrypt, 143104476Ssam des1_setkey, 144104476Ssam des1_zerokey, 145213068Spjd NULL 146104476Ssam}; 147104476Ssam 148104476Ssamstruct enc_xform enc_xform_3des = { 149104476Ssam CRYPTO_3DES_CBC, "3DES", 150159235Spjd DES3_BLOCK_LEN, 24, 24, 151104476Ssam des3_encrypt, 152104476Ssam des3_decrypt, 153104476Ssam des3_setkey, 154213068Spjd des3_zerokey, 155213068Spjd NULL 156104476Ssam}; 157104476Ssam 158104476Ssamstruct enc_xform enc_xform_blf = { 159104476Ssam CRYPTO_BLF_CBC, "Blowfish", 160159235Spjd BLOWFISH_BLOCK_LEN, 5, 56 /* 448 bits, max key */, 161104476Ssam blf_encrypt, 162104476Ssam blf_decrypt, 163104476Ssam blf_setkey, 164213068Spjd blf_zerokey, 165213068Spjd NULL 166104476Ssam}; 167104476Ssam 168104476Ssamstruct enc_xform enc_xform_cast5 = { 169104476Ssam CRYPTO_CAST_CBC, "CAST-128", 170159235Spjd CAST128_BLOCK_LEN, 5, 16, 171104476Ssam cast5_encrypt, 172104476Ssam cast5_decrypt, 173104476Ssam cast5_setkey, 174213068Spjd cast5_zerokey, 175213068Spjd NULL 176104476Ssam}; 177104476Ssam 178104476Ssamstruct enc_xform enc_xform_skipjack = { 179104476Ssam CRYPTO_SKIPJACK_CBC, "Skipjack", 180159235Spjd SKIPJACK_BLOCK_LEN, 10, 10, 181104476Ssam skipjack_encrypt, 182104476Ssam skipjack_decrypt, 183104476Ssam skipjack_setkey, 184213068Spjd skipjack_zerokey, 185213068Spjd NULL 186104476Ssam}; 187104476Ssam 188104476Ssamstruct enc_xform enc_xform_rijndael128 = { 189104476Ssam CRYPTO_RIJNDAEL128_CBC, "Rijndael-128/AES", 190159235Spjd RIJNDAEL128_BLOCK_LEN, 8, 32, 191104476Ssam rijndael128_encrypt, 192104476Ssam rijndael128_decrypt, 193104476Ssam rijndael128_setkey, 194104476Ssam rijndael128_zerokey, 195213068Spjd NULL 196104476Ssam}; 197104476Ssam 198213068Spjdstruct enc_xform enc_xform_aes_xts = { 199213068Spjd CRYPTO_AES_XTS, "AES-XTS", 200213068Spjd RIJNDAEL128_BLOCK_LEN, 32, 64, 201213068Spjd aes_xts_encrypt, 202213068Spjd aes_xts_decrypt, 203213068Spjd aes_xts_setkey, 204213068Spjd aes_xts_zerokey, 205213068Spjd aes_xts_reinit 206213068Spjd}; 207213068Spjd 208104476Ssamstruct enc_xform enc_xform_arc4 = { 209104476Ssam CRYPTO_ARC4, "ARC4", 210104476Ssam 1, 1, 32, 211104476Ssam NULL, 212104476Ssam NULL, 213104476Ssam NULL, 214104476Ssam NULL, 215213068Spjd NULL 216104476Ssam}; 217104476Ssam 218169425Sgnnstruct enc_xform enc_xform_camellia = { 219169425Sgnn CRYPTO_CAMELLIA_CBC, "Camellia", 220169425Sgnn CAMELLIA_BLOCK_LEN, 8, 32, 221169425Sgnn cml_encrypt, 222169425Sgnn cml_decrypt, 223169425Sgnn cml_setkey, 224169425Sgnn cml_zerokey, 225213068Spjd NULL 226169425Sgnn}; 227169425Sgnn 228104476Ssam/* Authentication instances */ 229104476Ssamstruct auth_hash auth_hash_null = { 230104476Ssam CRYPTO_NULL_HMAC, "NULL-HMAC", 231159235Spjd 0, NULL_HASH_LEN, NULL_HMAC_BLOCK_LEN, sizeof(int), /* NB: context isn't used */ 232104476Ssam null_init, null_update, null_final 233104476Ssam}; 234104476Ssam 235158703Spjdstruct auth_hash auth_hash_hmac_md5 = { 236104476Ssam CRYPTO_MD5_HMAC, "HMAC-MD5", 237159235Spjd 16, MD5_HASH_LEN, MD5_HMAC_BLOCK_LEN, sizeof(MD5_CTX), 238104476Ssam (void (*) (void *)) MD5Init, MD5Update_int, 239104476Ssam (void (*) (u_int8_t *, void *)) MD5Final 240104476Ssam}; 241104476Ssam 242158703Spjdstruct auth_hash auth_hash_hmac_sha1 = { 243104476Ssam CRYPTO_SHA1_HMAC, "HMAC-SHA1", 244159235Spjd 20, SHA1_HASH_LEN, SHA1_HMAC_BLOCK_LEN, sizeof(SHA1_CTX), 245104476Ssam SHA1Init_int, SHA1Update_int, SHA1Final_int 246104476Ssam}; 247104476Ssam 248158703Spjdstruct auth_hash auth_hash_hmac_ripemd_160 = { 249104476Ssam CRYPTO_RIPEMD160_HMAC, "HMAC-RIPEMD-160", 250159235Spjd 20, RIPEMD160_HASH_LEN, RIPEMD160_HMAC_BLOCK_LEN, sizeof(RMD160_CTX), 251104476Ssam (void (*)(void *)) RMD160Init, RMD160Update_int, 252104476Ssam (void (*)(u_int8_t *, void *)) RMD160Final 253104476Ssam}; 254104476Ssam 255104476Ssamstruct auth_hash auth_hash_key_md5 = { 256213065Spjd CRYPTO_MD5_KPDK, "Keyed MD5", 257159235Spjd 0, MD5_KPDK_HASH_LEN, 0, sizeof(MD5_CTX), 258104476Ssam (void (*)(void *)) MD5Init, MD5Update_int, 259104476Ssam (void (*)(u_int8_t *, void *)) MD5Final 260104476Ssam}; 261104476Ssam 262104476Ssamstruct auth_hash auth_hash_key_sha1 = { 263104476Ssam CRYPTO_SHA1_KPDK, "Keyed SHA1", 264159235Spjd 0, SHA1_KPDK_HASH_LEN, 0, sizeof(SHA1_CTX), 265104476Ssam SHA1Init_int, SHA1Update_int, SHA1Final_int 266104476Ssam}; 267104476Ssam 268104476Ssamstruct auth_hash auth_hash_hmac_sha2_256 = { 269158703Spjd CRYPTO_SHA2_256_HMAC, "HMAC-SHA2-256", 270159235Spjd 32, SHA2_256_HASH_LEN, SHA2_256_HMAC_BLOCK_LEN, sizeof(SHA256_CTX), 271104476Ssam (void (*)(void *)) SHA256_Init, SHA256Update_int, 272104476Ssam (void (*)(u_int8_t *, void *)) SHA256_Final 273104476Ssam}; 274104476Ssam 275104476Ssamstruct auth_hash auth_hash_hmac_sha2_384 = { 276158703Spjd CRYPTO_SHA2_384_HMAC, "HMAC-SHA2-384", 277159235Spjd 48, SHA2_384_HASH_LEN, SHA2_384_HMAC_BLOCK_LEN, sizeof(SHA384_CTX), 278104476Ssam (void (*)(void *)) SHA384_Init, SHA384Update_int, 279104476Ssam (void (*)(u_int8_t *, void *)) SHA384_Final 280104476Ssam}; 281104476Ssam 282104476Ssamstruct auth_hash auth_hash_hmac_sha2_512 = { 283158703Spjd CRYPTO_SHA2_512_HMAC, "HMAC-SHA2-512", 284159235Spjd 64, SHA2_512_HASH_LEN, SHA2_512_HMAC_BLOCK_LEN, sizeof(SHA512_CTX), 285104476Ssam (void (*)(void *)) SHA512_Init, SHA512Update_int, 286104476Ssam (void (*)(u_int8_t *, void *)) SHA512_Final 287104476Ssam}; 288104476Ssam 289104476Ssam/* Compression instance */ 290104476Ssamstruct comp_algo comp_algo_deflate = { 291104476Ssam CRYPTO_DEFLATE_COMP, "Deflate", 292104476Ssam 90, deflate_compress, 293104476Ssam deflate_decompress 294104476Ssam}; 295104476Ssam 296104476Ssam/* 297104476Ssam * Encryption wrapper routines. 298104476Ssam */ 299104476Ssamstatic void 300104476Ssamnull_encrypt(caddr_t key, u_int8_t *blk) 301104476Ssam{ 302104476Ssam} 303104476Ssamstatic void 304104476Ssamnull_decrypt(caddr_t key, u_int8_t *blk) 305104476Ssam{ 306104476Ssam} 307104476Ssamstatic int 308104476Ssamnull_setkey(u_int8_t **sched, u_int8_t *key, int len) 309104476Ssam{ 310104476Ssam *sched = NULL; 311104476Ssam return 0; 312104476Ssam} 313104476Ssamstatic void 314104476Ssamnull_zerokey(u_int8_t **sched) 315104476Ssam{ 316104476Ssam *sched = NULL; 317104476Ssam} 318104476Ssam 319104476Ssamstatic void 320104476Ssamdes1_encrypt(caddr_t key, u_int8_t *blk) 321104476Ssam{ 322104476Ssam des_cblock *cb = (des_cblock *) blk; 323104476Ssam des_key_schedule *p = (des_key_schedule *) key; 324104476Ssam 325104476Ssam des_ecb_encrypt(cb, cb, p[0], DES_ENCRYPT); 326104476Ssam} 327104476Ssam 328104476Ssamstatic void 329104476Ssamdes1_decrypt(caddr_t key, u_int8_t *blk) 330104476Ssam{ 331104476Ssam des_cblock *cb = (des_cblock *) blk; 332104476Ssam des_key_schedule *p = (des_key_schedule *) key; 333104476Ssam 334104476Ssam des_ecb_encrypt(cb, cb, p[0], DES_DECRYPT); 335104476Ssam} 336104476Ssam 337104476Ssamstatic int 338104476Ssamdes1_setkey(u_int8_t **sched, u_int8_t *key, int len) 339104476Ssam{ 340104476Ssam des_key_schedule *p; 341104476Ssam int err; 342104476Ssam 343184205Sdes p = malloc(sizeof (des_key_schedule), 344104476Ssam M_CRYPTO_DATA, M_NOWAIT|M_ZERO); 345104476Ssam if (p != NULL) { 346104476Ssam des_set_key((des_cblock *) key, p[0]); 347104476Ssam err = 0; 348104476Ssam } else 349104476Ssam err = ENOMEM; 350104476Ssam *sched = (u_int8_t *) p; 351104476Ssam return err; 352104476Ssam} 353104476Ssam 354104476Ssamstatic void 355104476Ssamdes1_zerokey(u_int8_t **sched) 356104476Ssam{ 357104476Ssam bzero(*sched, sizeof (des_key_schedule)); 358184205Sdes free(*sched, M_CRYPTO_DATA); 359104476Ssam *sched = NULL; 360104476Ssam} 361104476Ssam 362104476Ssamstatic void 363104476Ssamdes3_encrypt(caddr_t key, u_int8_t *blk) 364104476Ssam{ 365104476Ssam des_cblock *cb = (des_cblock *) blk; 366104476Ssam des_key_schedule *p = (des_key_schedule *) key; 367104476Ssam 368104476Ssam des_ecb3_encrypt(cb, cb, p[0], p[1], p[2], DES_ENCRYPT); 369104476Ssam} 370104476Ssam 371104476Ssamstatic void 372104476Ssamdes3_decrypt(caddr_t key, u_int8_t *blk) 373104476Ssam{ 374104476Ssam des_cblock *cb = (des_cblock *) blk; 375104476Ssam des_key_schedule *p = (des_key_schedule *) key; 376104476Ssam 377104476Ssam des_ecb3_encrypt(cb, cb, p[0], p[1], p[2], DES_DECRYPT); 378104476Ssam} 379104476Ssam 380104476Ssamstatic int 381104476Ssamdes3_setkey(u_int8_t **sched, u_int8_t *key, int len) 382104476Ssam{ 383104476Ssam des_key_schedule *p; 384104476Ssam int err; 385104476Ssam 386184205Sdes p = malloc(3*sizeof (des_key_schedule), 387104476Ssam M_CRYPTO_DATA, M_NOWAIT|M_ZERO); 388104476Ssam if (p != NULL) { 389104476Ssam des_set_key((des_cblock *)(key + 0), p[0]); 390104476Ssam des_set_key((des_cblock *)(key + 8), p[1]); 391104476Ssam des_set_key((des_cblock *)(key + 16), p[2]); 392104476Ssam err = 0; 393104476Ssam } else 394104476Ssam err = ENOMEM; 395104476Ssam *sched = (u_int8_t *) p; 396104476Ssam return err; 397104476Ssam} 398104476Ssam 399104476Ssamstatic void 400104476Ssamdes3_zerokey(u_int8_t **sched) 401104476Ssam{ 402104476Ssam bzero(*sched, 3*sizeof (des_key_schedule)); 403184205Sdes free(*sched, M_CRYPTO_DATA); 404104476Ssam *sched = NULL; 405104476Ssam} 406104476Ssam 407104476Ssamstatic void 408104476Ssamblf_encrypt(caddr_t key, u_int8_t *blk) 409104476Ssam{ 410104476Ssam BF_LONG t[2]; 411104476Ssam 412104476Ssam memcpy(t, blk, sizeof (t)); 413104476Ssam t[0] = ntohl(t[0]); 414104476Ssam t[1] = ntohl(t[1]); 415104476Ssam /* NB: BF_encrypt expects the block in host order! */ 416104476Ssam BF_encrypt(t, (BF_KEY *) key); 417104476Ssam t[0] = htonl(t[0]); 418104476Ssam t[1] = htonl(t[1]); 419104476Ssam memcpy(blk, t, sizeof (t)); 420104476Ssam} 421104476Ssam 422104476Ssamstatic void 423104476Ssamblf_decrypt(caddr_t key, u_int8_t *blk) 424104476Ssam{ 425104476Ssam BF_LONG t[2]; 426104476Ssam 427104476Ssam memcpy(t, blk, sizeof (t)); 428104476Ssam t[0] = ntohl(t[0]); 429104476Ssam t[1] = ntohl(t[1]); 430104476Ssam /* NB: BF_decrypt expects the block in host order! */ 431104476Ssam BF_decrypt(t, (BF_KEY *) key); 432104476Ssam t[0] = htonl(t[0]); 433104476Ssam t[1] = htonl(t[1]); 434104476Ssam memcpy(blk, t, sizeof (t)); 435104476Ssam} 436104476Ssam 437104476Ssamstatic int 438104476Ssamblf_setkey(u_int8_t **sched, u_int8_t *key, int len) 439104476Ssam{ 440104476Ssam int err; 441104476Ssam 442184205Sdes *sched = malloc(sizeof(BF_KEY), 443104476Ssam M_CRYPTO_DATA, M_NOWAIT|M_ZERO); 444104476Ssam if (*sched != NULL) { 445104476Ssam BF_set_key((BF_KEY *) *sched, len, key); 446104476Ssam err = 0; 447104476Ssam } else 448104476Ssam err = ENOMEM; 449104476Ssam return err; 450104476Ssam} 451104476Ssam 452104476Ssamstatic void 453104476Ssamblf_zerokey(u_int8_t **sched) 454104476Ssam{ 455104476Ssam bzero(*sched, sizeof(BF_KEY)); 456184205Sdes free(*sched, M_CRYPTO_DATA); 457104476Ssam *sched = NULL; 458104476Ssam} 459104476Ssam 460104476Ssamstatic void 461104476Ssamcast5_encrypt(caddr_t key, u_int8_t *blk) 462104476Ssam{ 463104476Ssam cast_encrypt((cast_key *) key, blk, blk); 464104476Ssam} 465104476Ssam 466104476Ssamstatic void 467104476Ssamcast5_decrypt(caddr_t key, u_int8_t *blk) 468104476Ssam{ 469104476Ssam cast_decrypt((cast_key *) key, blk, blk); 470104476Ssam} 471104476Ssam 472104476Ssamstatic int 473104476Ssamcast5_setkey(u_int8_t **sched, u_int8_t *key, int len) 474104476Ssam{ 475104476Ssam int err; 476104476Ssam 477184205Sdes *sched = malloc(sizeof(cast_key), M_CRYPTO_DATA, M_NOWAIT|M_ZERO); 478104476Ssam if (*sched != NULL) { 479104476Ssam cast_setkey((cast_key *)*sched, key, len); 480104476Ssam err = 0; 481104476Ssam } else 482104476Ssam err = ENOMEM; 483104476Ssam return err; 484104476Ssam} 485104476Ssam 486104476Ssamstatic void 487104476Ssamcast5_zerokey(u_int8_t **sched) 488104476Ssam{ 489104476Ssam bzero(*sched, sizeof(cast_key)); 490184205Sdes free(*sched, M_CRYPTO_DATA); 491104476Ssam *sched = NULL; 492104476Ssam} 493104476Ssam 494104476Ssamstatic void 495104476Ssamskipjack_encrypt(caddr_t key, u_int8_t *blk) 496104476Ssam{ 497104476Ssam skipjack_forwards(blk, blk, (u_int8_t **) key); 498104476Ssam} 499104476Ssam 500104476Ssamstatic void 501104476Ssamskipjack_decrypt(caddr_t key, u_int8_t *blk) 502104476Ssam{ 503104476Ssam skipjack_backwards(blk, blk, (u_int8_t **) key); 504104476Ssam} 505104476Ssam 506104476Ssamstatic int 507104476Ssamskipjack_setkey(u_int8_t **sched, u_int8_t *key, int len) 508104476Ssam{ 509104476Ssam int err; 510104476Ssam 511104476Ssam /* NB: allocate all the memory that's needed at once */ 512184205Sdes *sched = malloc(10 * (sizeof(u_int8_t *) + 0x100), 513104476Ssam M_CRYPTO_DATA, M_NOWAIT|M_ZERO); 514104476Ssam if (*sched != NULL) { 515104476Ssam u_int8_t** key_tables = (u_int8_t**) *sched; 516104476Ssam u_int8_t* table = (u_int8_t*) &key_tables[10]; 517104476Ssam int k; 518104476Ssam 519104476Ssam for (k = 0; k < 10; k++) { 520104476Ssam key_tables[k] = table; 521104476Ssam table += 0x100; 522104476Ssam } 523104476Ssam subkey_table_gen(key, (u_int8_t **) *sched); 524104476Ssam err = 0; 525104476Ssam } else 526104476Ssam err = ENOMEM; 527104476Ssam return err; 528104476Ssam} 529104476Ssam 530104476Ssamstatic void 531104476Ssamskipjack_zerokey(u_int8_t **sched) 532104476Ssam{ 533104476Ssam bzero(*sched, 10 * (sizeof(u_int8_t *) + 0x100)); 534184205Sdes free(*sched, M_CRYPTO_DATA); 535104476Ssam *sched = NULL; 536104476Ssam} 537104476Ssam 538104476Ssamstatic void 539104476Ssamrijndael128_encrypt(caddr_t key, u_int8_t *blk) 540104476Ssam{ 541104476Ssam rijndael_encrypt((rijndael_ctx *) key, (u_char *) blk, (u_char *) blk); 542104476Ssam} 543104476Ssam 544104476Ssamstatic void 545104476Ssamrijndael128_decrypt(caddr_t key, u_int8_t *blk) 546104476Ssam{ 547143408Sume rijndael_decrypt(((rijndael_ctx *) key), (u_char *) blk, 548104476Ssam (u_char *) blk); 549104476Ssam} 550104476Ssam 551104476Ssamstatic int 552104476Ssamrijndael128_setkey(u_int8_t **sched, u_int8_t *key, int len) 553104476Ssam{ 554104476Ssam int err; 555104476Ssam 556149143Spjd if (len != 16 && len != 24 && len != 32) 557149143Spjd return (EINVAL); 558184205Sdes *sched = malloc(sizeof(rijndael_ctx), M_CRYPTO_DATA, 559104476Ssam M_NOWAIT|M_ZERO); 560104476Ssam if (*sched != NULL) { 561143408Sume rijndael_set_key((rijndael_ctx *) *sched, (u_char *) key, 562143408Sume len * 8); 563104476Ssam err = 0; 564104476Ssam } else 565104476Ssam err = ENOMEM; 566104476Ssam return err; 567104476Ssam} 568104476Ssam 569104476Ssamstatic void 570104476Ssamrijndael128_zerokey(u_int8_t **sched) 571104476Ssam{ 572143408Sume bzero(*sched, sizeof(rijndael_ctx)); 573184205Sdes free(*sched, M_CRYPTO_DATA); 574104476Ssam *sched = NULL; 575104476Ssam} 576104476Ssam 577213068Spjd#define AES_XTS_BLOCKSIZE 16 578213068Spjd#define AES_XTS_IVSIZE 8 579213068Spjd#define AES_XTS_ALPHA 0x87 /* GF(2^128) generator polynomial */ 580213068Spjd 581213068Spjdstruct aes_xts_ctx { 582213068Spjd rijndael_ctx key1; 583213068Spjd rijndael_ctx key2; 584213068Spjd u_int8_t tweak[AES_XTS_BLOCKSIZE]; 585213068Spjd}; 586213068Spjd 587213068Spjdvoid 588213068Spjdaes_xts_reinit(caddr_t key, u_int8_t *iv) 589213068Spjd{ 590213068Spjd struct aes_xts_ctx *ctx = (struct aes_xts_ctx *)key; 591213068Spjd u_int64_t blocknum; 592213068Spjd u_int i; 593213068Spjd 594213068Spjd /* 595213068Spjd * Prepare tweak as E_k2(IV). IV is specified as LE representation 596213068Spjd * of a 64-bit block number which we allow to be passed in directly. 597213068Spjd */ 598213068Spjd bcopy(iv, &blocknum, AES_XTS_IVSIZE); 599213068Spjd for (i = 0; i < AES_XTS_IVSIZE; i++) { 600213068Spjd ctx->tweak[i] = blocknum & 0xff; 601213068Spjd blocknum >>= 8; 602213068Spjd } 603213068Spjd /* Last 64 bits of IV are always zero */ 604213068Spjd bzero(ctx->tweak + AES_XTS_IVSIZE, AES_XTS_IVSIZE); 605213068Spjd 606213068Spjd rijndael_encrypt(&ctx->key2, ctx->tweak, ctx->tweak); 607213068Spjd} 608213068Spjd 609169425Sgnnstatic void 610213068Spjdaes_xts_crypt(struct aes_xts_ctx *ctx, u_int8_t *data, u_int do_encrypt) 611213068Spjd{ 612213068Spjd u_int8_t block[AES_XTS_BLOCKSIZE]; 613213068Spjd u_int i, carry_in, carry_out; 614213068Spjd 615213068Spjd for (i = 0; i < AES_XTS_BLOCKSIZE; i++) 616213068Spjd block[i] = data[i] ^ ctx->tweak[i]; 617213068Spjd 618213068Spjd if (do_encrypt) 619213068Spjd rijndael_encrypt(&ctx->key1, block, data); 620213068Spjd else 621213068Spjd rijndael_decrypt(&ctx->key1, block, data); 622213068Spjd 623213068Spjd for (i = 0; i < AES_XTS_BLOCKSIZE; i++) 624213068Spjd data[i] ^= ctx->tweak[i]; 625213068Spjd 626213068Spjd /* Exponentiate tweak */ 627213068Spjd carry_in = 0; 628213068Spjd for (i = 0; i < AES_XTS_BLOCKSIZE; i++) { 629213068Spjd carry_out = ctx->tweak[i] & 0x80; 630213068Spjd ctx->tweak[i] = (ctx->tweak[i] << 1) | (carry_in ? 1 : 0); 631213068Spjd carry_in = carry_out; 632213068Spjd } 633213068Spjd if (carry_in) 634213068Spjd ctx->tweak[0] ^= AES_XTS_ALPHA; 635213068Spjd bzero(block, sizeof(block)); 636213068Spjd} 637213068Spjd 638213068Spjdvoid 639213068Spjdaes_xts_encrypt(caddr_t key, u_int8_t *data) 640213068Spjd{ 641213068Spjd aes_xts_crypt((struct aes_xts_ctx *)key, data, 1); 642213068Spjd} 643213068Spjd 644213068Spjdvoid 645213068Spjdaes_xts_decrypt(caddr_t key, u_int8_t *data) 646213068Spjd{ 647213068Spjd aes_xts_crypt((struct aes_xts_ctx *)key, data, 0); 648213068Spjd} 649213068Spjd 650213068Spjdint 651213068Spjdaes_xts_setkey(u_int8_t **sched, u_int8_t *key, int len) 652213068Spjd{ 653213068Spjd struct aes_xts_ctx *ctx; 654213068Spjd 655213068Spjd if (len != 32 && len != 64) 656213068Spjd return EINVAL; 657213068Spjd 658213068Spjd *sched = malloc(sizeof(struct aes_xts_ctx), M_CRYPTO_DATA, 659213068Spjd M_NOWAIT | M_ZERO); 660213068Spjd if (*sched == NULL) 661213068Spjd return ENOMEM; 662213068Spjd ctx = (struct aes_xts_ctx *)*sched; 663213068Spjd 664213068Spjd rijndael_set_key(&ctx->key1, key, len * 4); 665213068Spjd rijndael_set_key(&ctx->key2, key + (len / 2), len * 4); 666213068Spjd 667213068Spjd return 0; 668213068Spjd} 669213068Spjd 670213068Spjdvoid 671213068Spjdaes_xts_zerokey(u_int8_t **sched) 672213068Spjd{ 673213068Spjd bzero(*sched, sizeof(struct aes_xts_ctx)); 674213068Spjd free(*sched, M_CRYPTO_DATA); 675213068Spjd *sched = NULL; 676213068Spjd} 677213068Spjd 678213068Spjdstatic void 679169425Sgnncml_encrypt(caddr_t key, u_int8_t *blk) 680169425Sgnn{ 681169425Sgnn camellia_encrypt((camellia_ctx *) key, (u_char *) blk, (u_char *) blk); 682169425Sgnn} 683169425Sgnn 684169425Sgnnstatic void 685169425Sgnncml_decrypt(caddr_t key, u_int8_t *blk) 686169425Sgnn{ 687169425Sgnn camellia_decrypt(((camellia_ctx *) key), (u_char *) blk, 688169425Sgnn (u_char *) blk); 689169425Sgnn} 690169425Sgnn 691169425Sgnnstatic int 692169425Sgnncml_setkey(u_int8_t **sched, u_int8_t *key, int len) 693169425Sgnn{ 694169425Sgnn int err; 695169425Sgnn 696169425Sgnn if (len != 16 && len != 24 && len != 32) 697169425Sgnn return (EINVAL); 698184205Sdes *sched = malloc(sizeof(camellia_ctx), M_CRYPTO_DATA, 699169425Sgnn M_NOWAIT|M_ZERO); 700169425Sgnn if (*sched != NULL) { 701169425Sgnn camellia_set_key((camellia_ctx *) *sched, (u_char *) key, 702169425Sgnn len * 8); 703169425Sgnn err = 0; 704169425Sgnn } else 705169425Sgnn err = ENOMEM; 706169425Sgnn return err; 707169425Sgnn} 708169425Sgnn 709169425Sgnnstatic void 710169425Sgnncml_zerokey(u_int8_t **sched) 711169425Sgnn{ 712169425Sgnn bzero(*sched, sizeof(camellia_ctx)); 713184205Sdes free(*sched, M_CRYPTO_DATA); 714169425Sgnn *sched = NULL; 715169425Sgnn} 716169425Sgnn 717104476Ssam/* 718104476Ssam * And now for auth. 719104476Ssam */ 720104476Ssam 721104476Ssamstatic void 722104476Ssamnull_init(void *ctx) 723104476Ssam{ 724104476Ssam} 725104476Ssam 726104476Ssamstatic int 727104476Ssamnull_update(void *ctx, u_int8_t *buf, u_int16_t len) 728104476Ssam{ 729104476Ssam return 0; 730104476Ssam} 731104476Ssam 732104476Ssamstatic void 733104476Ssamnull_final(u_int8_t *buf, void *ctx) 734104476Ssam{ 735104476Ssam if (buf != (u_int8_t *) 0) 736104476Ssam bzero(buf, 12); 737104476Ssam} 738104476Ssam 739104476Ssamstatic int 740104476SsamRMD160Update_int(void *ctx, u_int8_t *buf, u_int16_t len) 741104476Ssam{ 742104476Ssam RMD160Update(ctx, buf, len); 743104476Ssam return 0; 744104476Ssam} 745104476Ssam 746104476Ssamstatic int 747104476SsamMD5Update_int(void *ctx, u_int8_t *buf, u_int16_t len) 748104476Ssam{ 749104476Ssam MD5Update(ctx, buf, len); 750104476Ssam return 0; 751104476Ssam} 752104476Ssam 753104476Ssamstatic void 754104476SsamSHA1Init_int(void *ctx) 755104476Ssam{ 756104476Ssam SHA1Init(ctx); 757104476Ssam} 758104476Ssam 759104476Ssamstatic int 760104476SsamSHA1Update_int(void *ctx, u_int8_t *buf, u_int16_t len) 761104476Ssam{ 762104476Ssam SHA1Update(ctx, buf, len); 763104476Ssam return 0; 764104476Ssam} 765104476Ssam 766104476Ssamstatic void 767104476SsamSHA1Final_int(u_int8_t *blk, void *ctx) 768104476Ssam{ 769104476Ssam SHA1Final(blk, ctx); 770104476Ssam} 771104476Ssam 772104476Ssamstatic int 773104476SsamSHA256Update_int(void *ctx, u_int8_t *buf, u_int16_t len) 774104476Ssam{ 775104476Ssam SHA256_Update(ctx, buf, len); 776104476Ssam return 0; 777104476Ssam} 778104476Ssam 779104476Ssamstatic int 780104476SsamSHA384Update_int(void *ctx, u_int8_t *buf, u_int16_t len) 781104476Ssam{ 782104476Ssam SHA384_Update(ctx, buf, len); 783104476Ssam return 0; 784104476Ssam} 785104476Ssam 786104476Ssamstatic int 787104476SsamSHA512Update_int(void *ctx, u_int8_t *buf, u_int16_t len) 788104476Ssam{ 789104476Ssam SHA512_Update(ctx, buf, len); 790104476Ssam return 0; 791104476Ssam} 792104476Ssam 793104476Ssam/* 794104476Ssam * And compression 795104476Ssam */ 796104476Ssam 797104476Ssamstatic u_int32_t 798104476Ssamdeflate_compress(data, size, out) 799104476Ssam u_int8_t *data; 800104476Ssam u_int32_t size; 801104476Ssam u_int8_t **out; 802104476Ssam{ 803104476Ssam return deflate_global(data, size, 0, out); 804104476Ssam} 805104476Ssam 806104476Ssamstatic u_int32_t 807104476Ssamdeflate_decompress(data, size, out) 808104476Ssam u_int8_t *data; 809104476Ssam u_int32_t size; 810104476Ssam u_int8_t **out; 811104476Ssam{ 812104476Ssam return deflate_global(data, size, 1, out); 813104476Ssam} 814