1 /* $NetBSD: cryptosoft_xform.c,v 1.4 2006/11/16 01:33:51 christos Exp $ */
2 /* $FreeBSD: src/sys/opencrypto/xform.c,v 1.1.2.1 2002/11/21 23:34:23 sam Exp $ */
3 /* $OpenBSD: xform.c,v 1.19 2002/08/16 22:47:25 dhartmei Exp $ */
4
5 /*
6 * The authors of this code are John Ioannidis (ji@tla.org),
7 * Angelos D. Keromytis (kermit@csd.uch.gr) and
8 * Niels Provos (provos@physnet.uni-hamburg.de).
9 *
10 * This code was written by John Ioannidis for BSD/OS in Athens, Greece,
11 * in November 1995.
12 *
13 * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
14 * by Angelos D. Keromytis.
15 *
16 * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis
17 * and Niels Provos.
18 *
19 * Additional features in 1999 by Angelos D. Keromytis.
20 *
21 * Copyright (C) 1995, 1996, 1997, 1998, 1999 by John Ioannidis,
22 * Angelos D. Keromytis and Niels Provos.
23 *
24 * Copyright (C) 2001, Angelos D. Keromytis.
25 *
26 * Permission to use, copy, and modify this software with or without fee
27 * is hereby granted, provided that this entire notice is included in
28 * all copies of any software which is or includes a copy or
29 * modification of this software.
30 * You may use this code under the GNU public license if you so wish. Please
31 * contribute changes back to the authors under this freer than GPL license
32 * so that we may further the use of strong encryption without limitations to
33 * all.
34 *
35 * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
36 * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
37 * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
38 * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
39 * PURPOSE.
40 */
41
42 #include <sys/cdefs.h>
43 __KERNEL_RCSID(1, "$NetBSD: cryptosoft_xform.c,v 1.4 2006/11/16 01:33:51 christos Exp $");
44
45 #include <crypto/blowfish/blowfish.h>
46 #include <crypto/cast128/cast128.h>
47 #include <crypto/des/des.h>
48 #include <crypto/rijndael/rijndael.h>
49 #include <crypto/skipjack/skipjack.h>
50
51 #include <opencrypto/deflate.h>
52
53 #include <sys/md5.h>
54 #include <sys/rmd160.h>
55 #include <sys/sha1.h>
56
57 struct swcr_auth_hash {
58 struct auth_hash *auth_hash;
59 void (*Init)(void *);
60 int (*Update)(void *, const uint8_t *, uint16_t);
61 void (*Final)(uint8_t *, void *);
62 };
63
64 struct swcr_enc_xform {
65 struct enc_xform *enc_xform;
66 void (*encrypt)(caddr_t, uint8_t *);
67 void (*decrypt)(caddr_t, uint8_t *);
68 int (*setkey)(uint8_t **, const uint8_t *, int len);
69 void (*zerokey)(uint8_t **);
70 };
71
72 struct swcr_comp_algo {
73 struct comp_algo *comp_algo;
74 uint32_t (*compress)(uint8_t *, uint32_t, uint8_t **);
75 uint32_t (*decompress)(uint8_t *, uint32_t, uint8_t **);
76 };
77
78 static void null_encrypt(caddr_t, u_int8_t *);
79 static void null_decrypt(caddr_t, u_int8_t *);
80 static int null_setkey(u_int8_t **, const u_int8_t *, int);
81 static void null_zerokey(u_int8_t **);
82
83 static int des1_setkey(u_int8_t **, const u_int8_t *, int);
84 static int des3_setkey(u_int8_t **, const u_int8_t *, int);
85 static int blf_setkey(u_int8_t **, const u_int8_t *, int);
86 static int cast5_setkey(u_int8_t **, const u_int8_t *, int);
87 static int skipjack_setkey(u_int8_t **, const u_int8_t *, int);
88 static int rijndael128_setkey(u_int8_t **, const u_int8_t *, int);
89 static void des1_encrypt(caddr_t, u_int8_t *);
90 static void des3_encrypt(caddr_t, u_int8_t *);
91 static void blf_encrypt(caddr_t, u_int8_t *);
92 static void cast5_encrypt(caddr_t, u_int8_t *);
93 static void skipjack_encrypt(caddr_t, u_int8_t *);
94 static void rijndael128_encrypt(caddr_t, u_int8_t *);
95 static void des1_decrypt(caddr_t, u_int8_t *);
96 static void des3_decrypt(caddr_t, u_int8_t *);
97 static void blf_decrypt(caddr_t, u_int8_t *);
98 static void cast5_decrypt(caddr_t, u_int8_t *);
99 static void skipjack_decrypt(caddr_t, u_int8_t *);
100 static void rijndael128_decrypt(caddr_t, u_int8_t *);
101 static void des1_zerokey(u_int8_t **);
102 static void des3_zerokey(u_int8_t **);
103 static void blf_zerokey(u_int8_t **);
104 static void cast5_zerokey(u_int8_t **);
105 static void skipjack_zerokey(u_int8_t **);
106 static void rijndael128_zerokey(u_int8_t **);
107
108 static void null_init(void *);
109 static int null_update(void *, const u_int8_t *, u_int16_t);
110 static void null_final(u_int8_t *, void *);
111
112 static int MD5Update_int(void *, const u_int8_t *, u_int16_t);
113 static void SHA1Init_int(void *);
114 static int SHA1Update_int(void *, const u_int8_t *, u_int16_t);
115 static void SHA1Final_int(u_int8_t *, void *);
116
117
118 static int RMD160Update_int(void *, const u_int8_t *, u_int16_t);
119 static int SHA1Update_int(void *, const u_int8_t *, u_int16_t);
120 static void SHA1Final_int(u_int8_t *, void *);
121 static int RMD160Update_int(void *, const u_int8_t *, u_int16_t);
122 static int SHA256Update_int(void *, const u_int8_t *, u_int16_t);
123 static int SHA384Update_int(void *, const u_int8_t *, u_int16_t);
124 static int SHA512Update_int(void *, const u_int8_t *, u_int16_t);
125
126 static u_int32_t deflate_compress(u_int8_t *, u_int32_t, u_int8_t **);
127 static u_int32_t deflate_decompress(u_int8_t *, u_int32_t, u_int8_t **);
128
129 /* Encryption instances */
130 static const struct swcr_enc_xform swcr_enc_xform_null = {
131 &enc_xform_null,
132 null_encrypt,
133 null_decrypt,
134 null_setkey,
135 null_zerokey,
136 };
137
138 static const struct swcr_enc_xform swcr_enc_xform_des = {
139 &enc_xform_des,
140 des1_encrypt,
141 des1_decrypt,
142 des1_setkey,
143 des1_zerokey,
144 };
145
146 static const struct swcr_enc_xform swcr_enc_xform_3des = {
147 &enc_xform_3des,
148 des3_encrypt,
149 des3_decrypt,
150 des3_setkey,
151 des3_zerokey
152 };
153
154 static const struct swcr_enc_xform swcr_enc_xform_blf = {
155 &enc_xform_blf,
156 blf_encrypt,
157 blf_decrypt,
158 blf_setkey,
159 blf_zerokey
160 };
161
162 static const struct swcr_enc_xform swcr_enc_xform_cast5 = {
163 &enc_xform_cast5,
164 cast5_encrypt,
165 cast5_decrypt,
166 cast5_setkey,
167 cast5_zerokey
168 };
169
170 static const struct swcr_enc_xform swcr_enc_xform_skipjack = {
171 &enc_xform_skipjack,
172 skipjack_encrypt,
173 skipjack_decrypt,
174 skipjack_setkey,
175 skipjack_zerokey
176 };
177
178 static const struct swcr_enc_xform swcr_enc_xform_rijndael128 = {
179 &enc_xform_rijndael128,
180 rijndael128_encrypt,
181 rijndael128_decrypt,
182 rijndael128_setkey,
183 rijndael128_zerokey,
184 };
185
186 static const struct swcr_enc_xform swcr_enc_xform_arc4 = {
187 &enc_xform_arc4,
188 NULL,
189 NULL,
190 NULL,
191 NULL,
192 };
193
194 /* Authentication instances */
195 static const struct swcr_auth_hash swcr_auth_hash_null = {
196 &auth_hash_null,
197 null_init, null_update, null_final
198 };
199
200 static const struct swcr_auth_hash swcr_auth_hash_hmac_md5_96 = {
201 &auth_hash_hmac_md5_96,
202 (void (*) (void *)) MD5Init, MD5Update_int,
203 (void (*) (u_int8_t *, void *)) MD5Final
204 };
205
206 static const struct swcr_auth_hash swcr_auth_hash_hmac_sha1_96 = {
207 &auth_hash_hmac_sha1_96,
208 SHA1Init_int, SHA1Update_int, SHA1Final_int
209 };
210
211 static const struct swcr_auth_hash swcr_auth_hash_hmac_ripemd_160_96 = {
212 &auth_hash_hmac_ripemd_160_96,
213 (void (*)(void *)) RMD160Init, RMD160Update_int,
214 (void (*)(u_int8_t *, void *)) RMD160Final
215 };
216
217 static const struct swcr_auth_hash swcr_auth_hash_key_md5 = {
218 &auth_hash_key_md5,
219 (void (*)(void *)) MD5Init, MD5Update_int,
220 (void (*)(u_int8_t *, void *)) MD5Final
221 };
222
223 static const struct swcr_auth_hash swcr_auth_hash_key_sha1 = {
224 &auth_hash_key_sha1,
225 SHA1Init_int, SHA1Update_int, SHA1Final_int
226 };
227
228 static const struct swcr_auth_hash swcr_auth_hash_md5 = {
229 &auth_hash_md5,
230 (void (*) (void *)) MD5Init, MD5Update_int,
231 (void (*) (u_int8_t *, void *)) MD5Final
232 };
233
234 static const struct swcr_auth_hash swcr_auth_hash_sha1 = {
235 &auth_hash_sha1,
236 (void (*)(void *)) SHA1Init, SHA1Update_int,
237 (void (*)(u_int8_t *, void *)) SHA1Final
238 };
239
240 static const struct swcr_auth_hash swcr_auth_hash_hmac_sha2_256 = {
241 &auth_hash_hmac_sha2_256,
242 (void (*)(void *)) SHA256_Init, SHA256Update_int,
243 (void (*)(u_int8_t *, void *)) SHA256_Final
244 };
245
246 static const struct swcr_auth_hash swcr_auth_hash_hmac_sha2_384 = {
247 &auth_hash_hmac_sha2_384,
248 (void (*)(void *)) SHA384_Init, SHA384Update_int,
249 (void (*)(u_int8_t *, void *)) SHA384_Final
250 };
251
252 static const struct swcr_auth_hash swcr_auth_hash_hmac_sha2_512 = {
253 &auth_hash_hmac_sha2_384,
254 (void (*)(void *)) SHA512_Init, SHA512Update_int,
255 (void (*)(u_int8_t *, void *)) SHA512_Final
256 };
257
258 /* Compression instance */
259 static const struct swcr_comp_algo swcr_comp_algo_deflate = {
260 &comp_algo_deflate,
261 deflate_compress,
262 deflate_decompress
263 };
264
265 /*
266 * Encryption wrapper routines.
267 */
268 static void
269 null_encrypt(caddr_t key, u_int8_t *blk)
270 {
271 }
272 static void
273 null_decrypt(caddr_t key, u_int8_t *blk)
274 {
275 }
276 static int
277 null_setkey(u_int8_t **sched, const u_int8_t *key, int len)
278 {
279 *sched = NULL;
280 return 0;
281 }
282 static void
283 null_zerokey(u_int8_t **sched)
284 {
285 *sched = NULL;
286 }
287
288 static void
289 des1_encrypt(caddr_t key, u_int8_t *blk)
290 {
291 des_cblock *cb = (des_cblock *) blk;
292 des_key_schedule *p = (des_key_schedule *) key;
293
294 des_ecb_encrypt(cb, cb, p[0], DES_ENCRYPT);
295 }
296
297 static void
298 des1_decrypt(caddr_t key, u_int8_t *blk)
299 {
300 des_cblock *cb = (des_cblock *) blk;
301 des_key_schedule *p = (des_key_schedule *) key;
302
303 des_ecb_encrypt(cb, cb, p[0], DES_DECRYPT);
304 }
305
306 static int
307 des1_setkey(u_int8_t **sched, const u_int8_t *key, int len)
308 {
309 des_key_schedule *p;
310 int err;
311
312 MALLOC(p, des_key_schedule *, sizeof (des_key_schedule),
313 M_CRYPTO_DATA, M_NOWAIT);
314 if (p != NULL) {
315 bzero(p, sizeof(des_key_schedule));
316 des_set_key((des_cblock *)__UNCONST(key), p[0]);
317 err = 0;
318 } else
319 err = ENOMEM;
320 *sched = (u_int8_t *) p;
321 return err;
322 }
323
324 static void
325 des1_zerokey(u_int8_t **sched)
326 {
327 bzero(*sched, sizeof (des_key_schedule));
328 FREE(*sched, M_CRYPTO_DATA);
329 *sched = NULL;
330 }
331
332 static void
333 des3_encrypt(caddr_t key, u_int8_t *blk)
334 {
335 des_cblock *cb = (des_cblock *) blk;
336 des_key_schedule *p = (des_key_schedule *) key;
337
338 des_ecb3_encrypt(cb, cb, p[0], p[1], p[2], DES_ENCRYPT);
339 }
340
341 static void
342 des3_decrypt(caddr_t key, u_int8_t *blk)
343 {
344 des_cblock *cb = (des_cblock *) blk;
345 des_key_schedule *p = (des_key_schedule *) key;
346
347 des_ecb3_encrypt(cb, cb, p[0], p[1], p[2], DES_DECRYPT);
348 }
349
350 static int
351 des3_setkey(u_int8_t **sched, const u_int8_t *key, int len)
352 {
353 des_key_schedule *p;
354 int err;
355
356 MALLOC(p, des_key_schedule *, 3*sizeof (des_key_schedule),
357 M_CRYPTO_DATA, M_NOWAIT);
358 if (p != NULL) {
359 bzero(p, 3*sizeof(des_key_schedule));
360 des_set_key((des_cblock *)__UNCONST(key + 0), p[0]);
361 des_set_key((des_cblock *)__UNCONST(key + 8), p[1]);
362 des_set_key((des_cblock *)__UNCONST(key + 16), p[2]);
363 err = 0;
364 } else
365 err = ENOMEM;
366 *sched = (u_int8_t *) p;
367 return err;
368 }
369
370 static void
371 des3_zerokey(u_int8_t **sched)
372 {
373 bzero(*sched, 3*sizeof (des_key_schedule));
374 FREE(*sched, M_CRYPTO_DATA);
375 *sched = NULL;
376 }
377
378 static void
379 blf_encrypt(caddr_t key, u_int8_t *blk)
380 {
381
382 #if defined(__NetBSD__)
383 BF_ecb_encrypt(blk, blk, (BF_KEY *)key, 1);
384 #else
385 blf_ecb_encrypt((blf_ctx *) key, blk, 8);
386 #endif
387 }
388
389 static void
390 blf_decrypt(caddr_t key, u_int8_t *blk)
391 {
392
393 #if defined(__NetBSD__)
394 BF_ecb_encrypt(blk, blk, (BF_KEY *)key, 0);
395 #else
396 blf_ecb_decrypt((blf_ctx *) key, blk, 8);
397 #endif
398 }
399
400 static int
401 blf_setkey(u_int8_t **sched, const u_int8_t *key, int len)
402 {
403 int err;
404
405 #if defined(__FreeBSD__) || defined(__NetBSD__)
406 #define BLF_SIZ sizeof(BF_KEY)
407 #else
408 #define BLF_SIZ sizeof(blf_ctx)
409 #endif
410
411 MALLOC(*sched, u_int8_t *, BLF_SIZ,
412 M_CRYPTO_DATA, M_NOWAIT);
413 if (*sched != NULL) {
414 bzero(*sched, BLF_SIZ);
415 #if defined(__FreeBSD__) || defined(__NetBSD__)
416 BF_set_key((BF_KEY *) *sched, len, key);
417 #else
418 blf_key((blf_ctx *)*sched, key, len);
419 #endif
420 err = 0;
421 } else
422 err = ENOMEM;
423 return err;
424 }
425
426 static void
427 blf_zerokey(u_int8_t **sched)
428 {
429 bzero(*sched, BLF_SIZ);
430 FREE(*sched, M_CRYPTO_DATA);
431 *sched = NULL;
432 }
433
434 static void
435 cast5_encrypt(caddr_t key, u_int8_t *blk)
436 {
437 cast128_encrypt((cast128_key *) key, blk, blk);
438 }
439
440 static void
441 cast5_decrypt(caddr_t key, u_int8_t *blk)
442 {
443 cast128_decrypt((cast128_key *) key, blk, blk);
444 }
445
446 static int
447 cast5_setkey(u_int8_t **sched, const u_int8_t *key, int len)
448 {
449 int err;
450
451 MALLOC(*sched, u_int8_t *, sizeof(cast128_key), M_CRYPTO_DATA,
452 M_NOWAIT);
453 if (*sched != NULL) {
454 bzero(*sched, sizeof(cast128_key));
455 cast128_setkey((cast128_key *)*sched, key, len);
456 err = 0;
457 } else
458 err = ENOMEM;
459 return err;
460 }
461
462 static void
463 cast5_zerokey(u_int8_t **sched)
464 {
465 bzero(*sched, sizeof(cast128_key));
466 FREE(*sched, M_CRYPTO_DATA);
467 *sched = NULL;
468 }
469
470 static void
471 skipjack_encrypt(caddr_t key, u_int8_t *blk)
472 {
473 skipjack_forwards(blk, blk, (u_int8_t **) key);
474 }
475
476 static void
477 skipjack_decrypt(caddr_t key, u_int8_t *blk)
478 {
479 skipjack_backwards(blk, blk, (u_int8_t **) key);
480 }
481
482 static int
483 skipjack_setkey(u_int8_t **sched, const u_int8_t *key, int len)
484 {
485 int err;
486
487 /* NB: allocate all the memory that's needed at once */
488 /* XXX assumes bytes are aligned on sizeof(u_char) == 1 boundaries.
489 * Will this break a pdp-10, Cray-1, or GE-645 port?
490 */
491 MALLOC(*sched, u_int8_t *, 10 * (sizeof(u_int8_t *) + 0x100),
492 M_CRYPTO_DATA, M_NOWAIT);
493
494 if (*sched != NULL) {
495
496 u_int8_t** key_tables = (u_int8_t**) *sched;
497 u_int8_t* table = (u_int8_t*) &key_tables[10];
498 int k;
499
500 bzero(*sched, 10 * sizeof(u_int8_t *)+0x100);
501
502 for (k = 0; k < 10; k++) {
503 key_tables[k] = table;
504 table += 0x100;
505 }
506 subkey_table_gen(key, (u_int8_t **) *sched);
507 err = 0;
508 } else
509 err = ENOMEM;
510 return err;
511 }
512
513 static void
514 skipjack_zerokey(u_int8_t **sched)
515 {
516 bzero(*sched, 10 * (sizeof(u_int8_t *) + 0x100));
517 FREE(*sched, M_CRYPTO_DATA);
518 *sched = NULL;
519 }
520
521 static void
522 rijndael128_encrypt(caddr_t key, u_int8_t *blk)
523 {
524 rijndael_encrypt((rijndael_ctx *) key, (u_char *) blk, (u_char *) blk);
525 }
526
527 static void
528 rijndael128_decrypt(caddr_t key, u_int8_t *blk)
529 {
530 rijndael_decrypt((rijndael_ctx *) key, (u_char *) blk,
531 (u_char *) blk);
532 }
533
534 static int
535 rijndael128_setkey(u_int8_t **sched, const u_int8_t *key, int len)
536 {
537 int err;
538
539 MALLOC(*sched, u_int8_t *, sizeof(rijndael_ctx), M_CRYPTO_DATA,
540 M_WAITOK);
541 if (*sched != NULL) {
542 bzero(*sched, sizeof(rijndael_ctx));
543 rijndael_set_key((rijndael_ctx *) *sched, key, len * 8);
544 err = 0;
545 } else
546 err = ENOMEM;
547 return err;
548 }
549
550 static void
551 rijndael128_zerokey(u_int8_t **sched)
552 {
553 bzero(*sched, sizeof(rijndael_ctx));
554 FREE(*sched, M_CRYPTO_DATA);
555 *sched = NULL;
556 }
557
558 /*
559 * And now for auth.
560 */
561
562 static void
563 null_init(void *ctx)
564 {
565 }
566
567 static int
568 null_update(void *ctx, const u_int8_t *buf,
569 u_int16_t len)
570 {
571 return 0;
572 }
573
574 static void
575 null_final(u_int8_t *buf, void *ctx)
576 {
577 if (buf != (u_int8_t *) 0)
578 bzero(buf, 12);
579 }
580
581 static int
582 RMD160Update_int(void *ctx, const u_int8_t *buf, u_int16_t len)
583 {
584 RMD160Update(ctx, buf, len);
585 return 0;
586 }
587
588 static int
589 MD5Update_int(void *ctx, const u_int8_t *buf, u_int16_t len)
590 {
591 MD5Update(ctx, buf, len);
592 return 0;
593 }
594
595 static void
596 SHA1Init_int(void *ctx)
597 {
598 SHA1Init(ctx);
599 }
600
601 static int
602 SHA1Update_int(void *ctx, const u_int8_t *buf, u_int16_t len)
603 {
604 SHA1Update(ctx, buf, len);
605 return 0;
606 }
607
608 static void
609 SHA1Final_int(u_int8_t *blk, void *ctx)
610 {
611 SHA1Final(blk, ctx);
612 }
613
614 static int
615 SHA256Update_int(void *ctx, const u_int8_t *buf, u_int16_t len)
616 {
617 SHA256_Update(ctx, buf, len);
618 return 0;
619 }
620
621 static int
622 SHA384Update_int(void *ctx, const u_int8_t *buf, u_int16_t len)
623 {
624 SHA384_Update(ctx, buf, len);
625 return 0;
626 }
627
628 static int
629 SHA512Update_int(void *ctx, const u_int8_t *buf, u_int16_t len)
630 {
631 SHA512_Update(ctx, buf, len);
632 return 0;
633 }
634
635 /*
636 * And compression
637 */
638
639 static u_int32_t
640 deflate_compress(data, size, out)
641 u_int8_t *data;
642 u_int32_t size;
643 u_int8_t **out;
644 {
645 return deflate_global(data, size, 0, out);
646 }
647
648 static u_int32_t
649 deflate_decompress(data, size, out)
650 u_int8_t *data;
651 u_int32_t size;
652 u_int8_t **out;
653 {
654 return deflate_global(data, size, 1, out);
655 }
Cache object: adef09f89b5a8a5b9ea6d8b1076e146b
|