1/* $NetBSD: xform.c,v 1.31 2020/06/30 04:14:56 riastradh Exp $ */ 2/* $FreeBSD: src/sys/opencrypto/xform.c,v 1.1.2.1 2002/11/21 23:34:23 sam Exp $ */ 3/* $OpenBSD: xform.c,v 1.19 2002/08/16 22:47:25 dhartmei Exp $ */ 4 5/* 6 * The authors of this code are John Ioannidis (ji@tla.org), 7 * Angelos D. Keromytis (kermit@csd.uch.gr) and 8 * Niels Provos (provos@physnet.uni-hamburg.de). 9 * 10 * This code was written by John Ioannidis for BSD/OS in Athens, Greece, 11 * in November 1995. 12 * 13 * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996, 14 * by Angelos D. Keromytis. 15 * 16 * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis 17 * and Niels Provos. 18 * 19 * Additional features in 1999 by Angelos D. Keromytis. 20 * 21 * Copyright (C) 1995, 1996, 1997, 1998, 1999 by John Ioannidis, 22 * Angelos D. Keromytis and Niels Provos. 23 * 24 * Copyright (C) 2001, Angelos D. Keromytis. 25 * 26 * Permission to use, copy, and modify this software with or without fee 27 * is hereby granted, provided that this entire notice is included in 28 * all copies of any software which is or includes a copy or 29 * modification of this software. 30 * You may use this code under the GNU public license if you so wish. Please 31 * contribute changes back to the authors under this freer than GPL license 32 * so that we may further the use of strong encryption without limitations to 33 * all. 34 * 35 * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR 36 * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY 37 * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE 38 * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR 39 * PURPOSE. 40 */ 41 42#include <sys/cdefs.h> 43__KERNEL_RCSID(0, "$NetBSD: xform.c,v 1.31 2020/06/30 04:14:56 riastradh Exp $"); 44 45#include <sys/param.h> 46#include <sys/malloc.h> 47 48#include <opencrypto/cryptodev.h> 49#include <opencrypto/xform.h> 50 51MALLOC_DEFINE(M_XDATA, "xform", "xform data buffers"); 52 53const u_int8_t hmac_ipad_buffer[128] = { 54 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 55 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 56 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 57 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 58 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 59 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 60 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 61 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 62 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 63 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 64 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 65 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 66 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 67 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 68 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 69 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36 70}; 71 72const u_int8_t hmac_opad_buffer[128] = { 73 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 74 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 75 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 76 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 77 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 78 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 79 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 80 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 81 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 82 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 83 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 84 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 85 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 86 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 87 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 88 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C 89}; 90 91/* Encryption instances */ 92const struct enc_xform enc_xform_null = { 93 .type = CRYPTO_NULL_CBC, 94 .name = "NULL", 95 /* NB: blocksize of 4 is to generate a properly aligned ESP header */ 96 .blocksize = 4, 97 .ivsize = 0, 98 .minkey = 0, 99 .maxkey = 256, /* 2048 bits, max key */ 100}; 101 102const struct enc_xform enc_xform_des = { 103 .type = CRYPTO_DES_CBC, 104 .name = "DES", 105 .blocksize = 8, 106 .ivsize = 8, 107 .minkey = 8, 108 .maxkey = 8, 109}; 110 111const struct enc_xform enc_xform_3des = { 112 .type = CRYPTO_3DES_CBC, 113 .name = "3DES", 114 .blocksize = 8, 115 .ivsize = 8, 116 .minkey = 24, 117 .maxkey = 24, 118}; 119 120const struct enc_xform enc_xform_blf = { 121 .type = CRYPTO_BLF_CBC, 122 .name = "Blowfish", 123 .blocksize = 8, 124 .ivsize = 8, 125 .minkey = 5, 126 .maxkey = 56, /* 448 bits, max key */ 127}; 128 129const struct enc_xform enc_xform_cast5 = { 130 .type = CRYPTO_CAST_CBC, 131 .name = "CAST-128", 132 .blocksize = 8, 133 .ivsize = 8, 134 .minkey = 5, 135 .maxkey = 16, 136}; 137 138const struct enc_xform enc_xform_skipjack = { 139 .type = CRYPTO_SKIPJACK_CBC, 140 .name = "Skipjack", 141 .blocksize = 8, 142 .ivsize = 8, 143 .minkey = 10, 144 .maxkey = 10, 145}; 146 147const struct enc_xform enc_xform_aes = { 148 .type = CRYPTO_AES_CBC, 149 .name = "AES", 150 .blocksize = 16, 151 .ivsize = 16, 152 .minkey = 16, 153 .maxkey = 32, 154}; 155 156const struct enc_xform enc_xform_arc4 = { 157 .type = CRYPTO_ARC4, 158 .name = "ARC4", 159 .blocksize = 1, 160 .ivsize = 0, 161 .minkey = 1, 162 .maxkey = 32, 163}; 164 165const struct enc_xform enc_xform_camellia = { 166 .type = CRYPTO_CAMELLIA_CBC, 167 .name = "Camellia", 168 .blocksize = 16, 169 .ivsize = 16, 170 .minkey = 8, 171 .maxkey = 32, 172}; 173 174const struct enc_xform enc_xform_aes_ctr = { 175 .type = CRYPTO_AES_CTR, 176 .name = "AES-CTR", 177 .blocksize = 16, 178 .ivsize = 8, 179 .minkey = 16 + 4, 180 .maxkey = 32 + 4, 181}; 182 183const struct enc_xform enc_xform_aes_gcm = { 184 .type = CRYPTO_AES_GCM_16, 185 .name = "AES-GCM", 186 .blocksize = 4, /* ??? */ 187 .ivsize = 8, 188 .minkey = 16 + 4, 189 .maxkey = 32 + 4, 190}; 191 192const struct enc_xform enc_xform_aes_gmac = { 193 .type = CRYPTO_AES_GMAC, 194 .name = "AES-GMAC", 195 .blocksize = 4, /* ??? */ 196 .ivsize = 8, 197 .minkey = 16 + 4, 198 .maxkey = 32 + 4, 199}; 200 201/* Authentication instances */ 202const struct auth_hash auth_hash_null = { 203 .type = CRYPTO_NULL_HMAC, 204 .name = "NULL-HMAC", 205 .keysize = 0, 206 .hashsize = 0, 207 .authsize = 12, 208 .blocksize = 64, 209}; 210 211const struct auth_hash auth_hash_hmac_md5 = { 212 .type = CRYPTO_MD5_HMAC, 213 .name = "HMAC-MD5", 214 .keysize = 16, 215 .hashsize = 16, 216 .authsize = 16, 217 .blocksize = 64, 218}; 219 220const struct auth_hash auth_hash_hmac_sha1 = { 221 .type = CRYPTO_SHA1_HMAC, 222 .name = "HMAC-SHA1", 223 .keysize = 20, 224 .hashsize = 20, 225 .authsize = 20, 226 .blocksize = 64, 227}; 228 229const struct auth_hash auth_hash_hmac_ripemd_160 = { 230 .type = CRYPTO_RIPEMD160_HMAC, 231 .name = "HMAC-RIPEMD-160", 232 .keysize = 20, 233 .hashsize = 20, 234 .authsize = 20, 235 .blocksize = 64, 236}; 237 238const struct auth_hash auth_hash_hmac_md5_96 = { 239 .type = CRYPTO_MD5_HMAC_96, 240 .name = "HMAC-MD5-96", 241 .keysize = 16, 242 .hashsize = 16, 243 .authsize = 12, 244 .blocksize = 64, 245}; 246 247const struct auth_hash auth_hash_hmac_sha1_96 = { 248 .type = CRYPTO_SHA1_HMAC_96, 249 .name = "HMAC-SHA1-96", 250 .keysize = 20, 251 .hashsize = 20, 252 .authsize = 12, 253 .blocksize = 64, 254}; 255 256const struct auth_hash auth_hash_hmac_ripemd_160_96 = { 257 .type = CRYPTO_RIPEMD160_HMAC_96, 258 .name = "HMAC-RIPEMD-160", 259 .keysize = 20, 260 .hashsize = 20, 261 .authsize = 12, 262 .blocksize = 64, 263}; 264 265const struct auth_hash auth_hash_key_md5 = { 266 .type = CRYPTO_MD5_KPDK, 267 .name = "Keyed MD5", 268 .keysize = 0, 269 .hashsize = 16, 270 .authsize = 16, 271 .blocksize = 0, 272}; 273 274const struct auth_hash auth_hash_key_sha1 = { 275 .type = CRYPTO_SHA1_KPDK, 276 .name = "Keyed SHA1", 277 .keysize = 0, 278 .hashsize = 20, 279 .authsize = 20, 280 .blocksize = 0, 281}; 282 283const struct auth_hash auth_hash_md5 = { 284 .type = CRYPTO_MD5, 285 .name = "MD5", 286 .keysize = 0, 287 .hashsize = 16, 288 .authsize = 16, 289 .blocksize = 0, 290}; 291 292const struct auth_hash auth_hash_sha1 = { 293 .type = CRYPTO_SHA1, 294 .name = "SHA1", 295 .keysize = 0, 296 .hashsize = 20, 297 .authsize = 20, 298 .blocksize = 0, 299}; 300 301const struct auth_hash auth_hash_hmac_sha2_256 = { 302 .type = CRYPTO_SHA2_256_HMAC, 303 .name = "HMAC-SHA2", 304 .keysize = 32, 305 .hashsize = 32, 306 .authsize = 16, 307 .blocksize = 64, 308}; 309 310const struct auth_hash auth_hash_hmac_sha2_384 = { 311 .type = CRYPTO_SHA2_384_HMAC, 312 .name = "HMAC-SHA2-384", 313 .keysize = 48, 314 .hashsize = 48, 315 .authsize = 24, 316 .blocksize = 128, 317}; 318 319const struct auth_hash auth_hash_hmac_sha2_512 = { 320 .type = CRYPTO_SHA2_512_HMAC, 321 .name = "HMAC-SHA2-512", 322 .keysize = 64, 323 .hashsize = 64, 324 .authsize = 32, 325 .blocksize = 128, 326}; 327 328const struct auth_hash auth_hash_aes_xcbc_mac_96 = { 329 .type = CRYPTO_AES_XCBC_MAC_96, 330 .name = "AES-XCBC-MAC-96", 331 .keysize = 16, 332 .hashsize = 16, 333 .authsize = 12, 334 .blocksize = 0, 335}; 336 337const struct auth_hash auth_hash_gmac_aes_128 = { 338 .type = CRYPTO_AES_128_GMAC, 339 .name = "GMAC-AES-128", 340 .keysize = 16 + 4, 341 .hashsize = 16, 342 .authsize = 16, 343 .blocksize = 16, /* ??? */ 344}; 345 346const struct auth_hash auth_hash_gmac_aes_192 = { 347 .type = CRYPTO_AES_192_GMAC, 348 .name = "GMAC-AES-192", 349 .keysize = 24 + 4, 350 .hashsize = 16, 351 .authsize = 16, 352 .blocksize = 16, /* ??? */ 353}; 354 355const struct auth_hash auth_hash_gmac_aes_256 = { 356 .type = CRYPTO_AES_256_GMAC, 357 .name = "GMAC-AES-256", 358 .keysize = 32 + 4, 359 .hashsize = 16, 360 .authsize = 16, 361 .blocksize = 16, /* ??? */ 362}; 363 364/* Compression instance */ 365const struct comp_algo comp_algo_deflate = { 366 .type = CRYPTO_DEFLATE_COMP, 367 .name = "Deflate", 368 .minlen = 90, 369}; 370 371const struct comp_algo comp_algo_deflate_nogrow = { 372 .type = CRYPTO_DEFLATE_COMP_NOGROW, 373 .name = "Deflate", 374 .minlen = 90, 375}; 376 377const struct comp_algo comp_algo_gzip = { 378 .type = CRYPTO_GZIP_COMP, 379 .name = "GZIP", 380 .minlen = 90, 381}; 382