1 /* $NetBSD: cryptosoft_xform.c,v 1.8.20.1 2009/05/03 17:24:45 snj Exp $ */
2 /* $FreeBSD: src/sys/opencrypto/xform.c,v 1.1.2.1 2002/11/21 23:34:23 sam Exp $ */
3 /* $OpenBSD: xform.c,v 1.19 2002/08/16 22:47:25 dhartmei Exp $ */
4
5 /*
6 * The authors of this code are John Ioannidis (ji@tla.org),
7 * Angelos D. Keromytis (kermit@csd.uch.gr) and
8 * Niels Provos (provos@physnet.uni-hamburg.de).
9 *
10 * This code was written by John Ioannidis for BSD/OS in Athens, Greece,
11 * in November 1995.
12 *
13 * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
14 * by Angelos D. Keromytis.
15 *
16 * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis
17 * and Niels Provos.
18 *
19 * Additional features in 1999 by Angelos D. Keromytis.
20 *
21 * Copyright (C) 1995, 1996, 1997, 1998, 1999 by John Ioannidis,
22 * Angelos D. Keromytis and Niels Provos.
23 *
24 * Copyright (C) 2001, Angelos D. Keromytis.
25 *
26 * Permission to use, copy, and modify this software with or without fee
27 * is hereby granted, provided that this entire notice is included in
28 * all copies of any software which is or includes a copy or
29 * modification of this software.
30 * You may use this code under the GNU public license if you so wish. Please
31 * contribute changes back to the authors under this freer than GPL license
32 * so that we may further the use of strong encryption without limitations to
33 * all.
34 *
35 * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
36 * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
37 * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
38 * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
39 * PURPOSE.
40 */
41
42 #include <sys/cdefs.h>
43 __KERNEL_RCSID(1, "$NetBSD: cryptosoft_xform.c,v 1.8.20.1 2009/05/03 17:24:45 snj Exp $");
44
45 #include <crypto/blowfish/blowfish.h>
46 #include <crypto/cast128/cast128.h>
47 #include <crypto/des/des.h>
48 #include <crypto/rijndael/rijndael.h>
49 #include <crypto/skipjack/skipjack.h>
50
51 #include <opencrypto/deflate.h>
52
53 #include <sys/md5.h>
54 #include <sys/rmd160.h>
55 #include <sys/sha1.h>
56
57 struct swcr_auth_hash {
58 struct auth_hash *auth_hash;
59 void (*Init)(void *);
60 int (*Update)(void *, const uint8_t *, uint16_t);
61 void (*Final)(uint8_t *, void *);
62 };
63
64 struct swcr_enc_xform {
65 struct enc_xform *enc_xform;
66 void (*encrypt)(void *, uint8_t *);
67 void (*decrypt)(void *, uint8_t *);
68 int (*setkey)(uint8_t **, const uint8_t *, int len);
69 void (*zerokey)(uint8_t **);
70 };
71
72 struct swcr_comp_algo {
73 struct comp_algo *comp_algo;
74 uint32_t (*compress)(uint8_t *, uint32_t, uint8_t **);
75 uint32_t (*decompress)(uint8_t *, uint32_t, uint8_t **);
76 };
77
78 static void null_encrypt(void *, u_int8_t *);
79 static void null_decrypt(void *, u_int8_t *);
80 static int null_setkey(u_int8_t **, const u_int8_t *, int);
81 static void null_zerokey(u_int8_t **);
82
83 static int des1_setkey(u_int8_t **, const u_int8_t *, int);
84 static int des3_setkey(u_int8_t **, const u_int8_t *, int);
85 static int blf_setkey(u_int8_t **, const u_int8_t *, int);
86 static int cast5_setkey(u_int8_t **, const u_int8_t *, int);
87 static int skipjack_setkey(u_int8_t **, const u_int8_t *, int);
88 static int rijndael128_setkey(u_int8_t **, const u_int8_t *, int);
89 static void des1_encrypt(void *, u_int8_t *);
90 static void des3_encrypt(void *, u_int8_t *);
91 static void blf_encrypt(void *, u_int8_t *);
92 static void cast5_encrypt(void *, u_int8_t *);
93 static void skipjack_encrypt(void *, u_int8_t *);
94 static void rijndael128_encrypt(void *, u_int8_t *);
95 static void des1_decrypt(void *, u_int8_t *);
96 static void des3_decrypt(void *, u_int8_t *);
97 static void blf_decrypt(void *, u_int8_t *);
98 static void cast5_decrypt(void *, u_int8_t *);
99 static void skipjack_decrypt(void *, u_int8_t *);
100 static void rijndael128_decrypt(void *, u_int8_t *);
101 static void des1_zerokey(u_int8_t **);
102 static void des3_zerokey(u_int8_t **);
103 static void blf_zerokey(u_int8_t **);
104 static void cast5_zerokey(u_int8_t **);
105 static void skipjack_zerokey(u_int8_t **);
106 static void rijndael128_zerokey(u_int8_t **);
107
108 static void null_init(void *);
109 static int null_update(void *, const u_int8_t *, u_int16_t);
110 static void null_final(u_int8_t *, void *);
111
112 static int MD5Update_int(void *, const u_int8_t *, u_int16_t);
113 static void SHA1Init_int(void *);
114 static int SHA1Update_int(void *, const u_int8_t *, u_int16_t);
115 static void SHA1Final_int(u_int8_t *, void *);
116
117
118 static int RMD160Update_int(void *, const u_int8_t *, u_int16_t);
119 static int SHA1Update_int(void *, const u_int8_t *, u_int16_t);
120 static void SHA1Final_int(u_int8_t *, void *);
121 static int RMD160Update_int(void *, const u_int8_t *, u_int16_t);
122 static int SHA256Update_int(void *, const u_int8_t *, u_int16_t);
123 static int SHA384Update_int(void *, const u_int8_t *, u_int16_t);
124 static int SHA512Update_int(void *, const u_int8_t *, u_int16_t);
125
126 static u_int32_t deflate_compress(u_int8_t *, u_int32_t, u_int8_t **);
127 static u_int32_t deflate_decompress(u_int8_t *, u_int32_t, u_int8_t **);
128 static u_int32_t gzip_compress(u_int8_t *, u_int32_t, u_int8_t **);
129 static u_int32_t gzip_decompress(u_int8_t *, u_int32_t, u_int8_t **);
130
131 /* Encryption instances */
132 static const struct swcr_enc_xform swcr_enc_xform_null = {
133 &enc_xform_null,
134 null_encrypt,
135 null_decrypt,
136 null_setkey,
137 null_zerokey,
138 };
139
140 static const struct swcr_enc_xform swcr_enc_xform_des = {
141 &enc_xform_des,
142 des1_encrypt,
143 des1_decrypt,
144 des1_setkey,
145 des1_zerokey,
146 };
147
148 static const struct swcr_enc_xform swcr_enc_xform_3des = {
149 &enc_xform_3des,
150 des3_encrypt,
151 des3_decrypt,
152 des3_setkey,
153 des3_zerokey
154 };
155
156 static const struct swcr_enc_xform swcr_enc_xform_blf = {
157 &enc_xform_blf,
158 blf_encrypt,
159 blf_decrypt,
160 blf_setkey,
161 blf_zerokey
162 };
163
164 static const struct swcr_enc_xform swcr_enc_xform_cast5 = {
165 &enc_xform_cast5,
166 cast5_encrypt,
167 cast5_decrypt,
168 cast5_setkey,
169 cast5_zerokey
170 };
171
172 static const struct swcr_enc_xform swcr_enc_xform_skipjack = {
173 &enc_xform_skipjack,
174 skipjack_encrypt,
175 skipjack_decrypt,
176 skipjack_setkey,
177 skipjack_zerokey
178 };
179
180 static const struct swcr_enc_xform swcr_enc_xform_rijndael128 = {
181 &enc_xform_rijndael128,
182 rijndael128_encrypt,
183 rijndael128_decrypt,
184 rijndael128_setkey,
185 rijndael128_zerokey,
186 };
187
188 static const struct swcr_enc_xform swcr_enc_xform_arc4 = {
189 &enc_xform_arc4,
190 NULL,
191 NULL,
192 NULL,
193 NULL,
194 };
195
196 /* Authentication instances */
197 static const struct swcr_auth_hash swcr_auth_hash_null = {
198 &auth_hash_null,
199 null_init, null_update, null_final
200 };
201
202 static const struct swcr_auth_hash swcr_auth_hash_hmac_md5 = {
203 &auth_hash_hmac_md5,
204 (void (*) (void *)) MD5Init, MD5Update_int,
205 (void (*) (u_int8_t *, void *)) MD5Final
206 };
207
208 static const struct swcr_auth_hash swcr_auth_hash_hmac_sha1 = {
209 &auth_hash_hmac_sha1,
210 SHA1Init_int, SHA1Update_int, SHA1Final_int
211 };
212
213 static const struct swcr_auth_hash swcr_auth_hash_hmac_ripemd_160 = {
214 &auth_hash_hmac_ripemd_160,
215 (void (*)(void *)) RMD160Init, RMD160Update_int,
216 (void (*)(u_int8_t *, void *)) RMD160Final
217 };
218 static const struct swcr_auth_hash swcr_auth_hash_hmac_md5_96 = {
219 &auth_hash_hmac_md5_96,
220 (void (*) (void *)) MD5Init, MD5Update_int,
221 (void (*) (u_int8_t *, void *)) MD5Final
222 };
223
224 static const struct swcr_auth_hash swcr_auth_hash_hmac_sha1_96 = {
225 &auth_hash_hmac_sha1_96,
226 SHA1Init_int, SHA1Update_int, SHA1Final_int
227 };
228
229 static const struct swcr_auth_hash swcr_auth_hash_hmac_ripemd_160_96 = {
230 &auth_hash_hmac_ripemd_160_96,
231 (void (*)(void *)) RMD160Init, RMD160Update_int,
232 (void (*)(u_int8_t *, void *)) RMD160Final
233 };
234
235 static const struct swcr_auth_hash swcr_auth_hash_key_md5 = {
236 &auth_hash_key_md5,
237 (void (*)(void *)) MD5Init, MD5Update_int,
238 (void (*)(u_int8_t *, void *)) MD5Final
239 };
240
241 static const struct swcr_auth_hash swcr_auth_hash_key_sha1 = {
242 &auth_hash_key_sha1,
243 SHA1Init_int, SHA1Update_int, SHA1Final_int
244 };
245
246 static const struct swcr_auth_hash swcr_auth_hash_md5 = {
247 &auth_hash_md5,
248 (void (*) (void *)) MD5Init, MD5Update_int,
249 (void (*) (u_int8_t *, void *)) MD5Final
250 };
251
252 static const struct swcr_auth_hash swcr_auth_hash_sha1 = {
253 &auth_hash_sha1,
254 (void (*)(void *)) SHA1Init, SHA1Update_int,
255 (void (*)(u_int8_t *, void *)) SHA1Final
256 };
257
258 static const struct swcr_auth_hash swcr_auth_hash_hmac_sha2_256 = {
259 &auth_hash_hmac_sha2_256,
260 (void (*)(void *)) SHA256_Init, SHA256Update_int,
261 (void (*)(u_int8_t *, void *)) SHA256_Final
262 };
263
264 static const struct swcr_auth_hash swcr_auth_hash_hmac_sha2_384 = {
265 &auth_hash_hmac_sha2_384,
266 (void (*)(void *)) SHA384_Init, SHA384Update_int,
267 (void (*)(u_int8_t *, void *)) SHA384_Final
268 };
269
270 static const struct swcr_auth_hash swcr_auth_hash_hmac_sha2_512 = {
271 &auth_hash_hmac_sha2_384,
272 (void (*)(void *)) SHA512_Init, SHA512Update_int,
273 (void (*)(u_int8_t *, void *)) SHA512_Final
274 };
275
276 /* Compression instance */
277 static const struct swcr_comp_algo swcr_comp_algo_deflate = {
278 &comp_algo_deflate,
279 deflate_compress,
280 deflate_decompress
281 };
282
283 static const struct swcr_comp_algo swcr_comp_algo_gzip = {
284 &comp_algo_deflate,
285 gzip_compress,
286 gzip_decompress
287 };
288
289 /*
290 * Encryption wrapper routines.
291 */
292 static void
293 null_encrypt(void *key, u_int8_t *blk)
294 {
295 }
296 static void
297 null_decrypt(void *key, u_int8_t *blk)
298 {
299 }
300 static int
301 null_setkey(u_int8_t **sched, const u_int8_t *key, int len)
302 {
303 *sched = NULL;
304 return 0;
305 }
306 static void
307 null_zerokey(u_int8_t **sched)
308 {
309 *sched = NULL;
310 }
311
312 static void
313 des1_encrypt(void *key, u_int8_t *blk)
314 {
315 des_cblock *cb = (des_cblock *) blk;
316 des_key_schedule *p = (des_key_schedule *) key;
317
318 des_ecb_encrypt(cb, cb, p[0], DES_ENCRYPT);
319 }
320
321 static void
322 des1_decrypt(void *key, u_int8_t *blk)
323 {
324 des_cblock *cb = (des_cblock *) blk;
325 des_key_schedule *p = (des_key_schedule *) key;
326
327 des_ecb_encrypt(cb, cb, p[0], DES_DECRYPT);
328 }
329
330 static int
331 des1_setkey(u_int8_t **sched, const u_int8_t *key, int len)
332 {
333 des_key_schedule *p;
334 int err;
335
336 MALLOC(p, des_key_schedule *, sizeof (des_key_schedule),
337 M_CRYPTO_DATA, M_NOWAIT|M_ZERO);
338 if (p != NULL) {
339 des_set_key((des_cblock *)__UNCONST(key), p[0]);
340 err = 0;
341 } else
342 err = ENOMEM;
343 *sched = (u_int8_t *) p;
344 return err;
345 }
346
347 static void
348 des1_zerokey(u_int8_t **sched)
349 {
350 bzero(*sched, sizeof (des_key_schedule));
351 FREE(*sched, M_CRYPTO_DATA);
352 *sched = NULL;
353 }
354
355 static void
356 des3_encrypt(void *key, u_int8_t *blk)
357 {
358 des_cblock *cb = (des_cblock *) blk;
359 des_key_schedule *p = (des_key_schedule *) key;
360
361 des_ecb3_encrypt(cb, cb, p[0], p[1], p[2], DES_ENCRYPT);
362 }
363
364 static void
365 des3_decrypt(void *key, u_int8_t *blk)
366 {
367 des_cblock *cb = (des_cblock *) blk;
368 des_key_schedule *p = (des_key_schedule *) key;
369
370 des_ecb3_encrypt(cb, cb, p[0], p[1], p[2], DES_DECRYPT);
371 }
372
373 static int
374 des3_setkey(u_int8_t **sched, const u_int8_t *key, int len)
375 {
376 des_key_schedule *p;
377 int err;
378
379 MALLOC(p, des_key_schedule *, 3*sizeof (des_key_schedule),
380 M_CRYPTO_DATA, M_NOWAIT|M_ZERO);
381 if (p != NULL) {
382 des_set_key((des_cblock *)__UNCONST(key + 0), p[0]);
383 des_set_key((des_cblock *)__UNCONST(key + 8), p[1]);
384 des_set_key((des_cblock *)__UNCONST(key + 16), p[2]);
385 err = 0;
386 } else
387 err = ENOMEM;
388 *sched = (u_int8_t *) p;
389 return err;
390 }
391
392 static void
393 des3_zerokey(u_int8_t **sched)
394 {
395 bzero(*sched, 3*sizeof (des_key_schedule));
396 FREE(*sched, M_CRYPTO_DATA);
397 *sched = NULL;
398 }
399
400 static void
401 blf_encrypt(void *key, u_int8_t *blk)
402 {
403
404 BF_ecb_encrypt(blk, blk, (BF_KEY *)key, 1);
405 }
406
407 static void
408 blf_decrypt(void *key, u_int8_t *blk)
409 {
410
411 BF_ecb_encrypt(blk, blk, (BF_KEY *)key, 0);
412 }
413
414 static int
415 blf_setkey(u_int8_t **sched, const u_int8_t *key, int len)
416 {
417 int err;
418
419 MALLOC(*sched, u_int8_t *, sizeof(BF_KEY),
420 M_CRYPTO_DATA, M_NOWAIT|M_ZERO);
421 if (*sched != NULL) {
422 BF_set_key((BF_KEY *) *sched, len, key);
423 err = 0;
424 } else
425 err = ENOMEM;
426 return err;
427 }
428
429 static void
430 blf_zerokey(u_int8_t **sched)
431 {
432 bzero(*sched, sizeof(BF_KEY));
433 FREE(*sched, M_CRYPTO_DATA);
434 *sched = NULL;
435 }
436
437 static void
438 cast5_encrypt(void *key, u_int8_t *blk)
439 {
440 cast128_encrypt((cast128_key *) key, blk, blk);
441 }
442
443 static void
444 cast5_decrypt(void *key, u_int8_t *blk)
445 {
446 cast128_decrypt((cast128_key *) key, blk, blk);
447 }
448
449 static int
450 cast5_setkey(u_int8_t **sched, const u_int8_t *key, int len)
451 {
452 int err;
453
454 MALLOC(*sched, u_int8_t *, sizeof(cast128_key), M_CRYPTO_DATA,
455 M_NOWAIT|M_ZERO);
456 if (*sched != NULL) {
457 cast128_setkey((cast128_key *)*sched, key, len);
458 err = 0;
459 } else
460 err = ENOMEM;
461 return err;
462 }
463
464 static void
465 cast5_zerokey(u_int8_t **sched)
466 {
467 bzero(*sched, sizeof(cast128_key));
468 FREE(*sched, M_CRYPTO_DATA);
469 *sched = NULL;
470 }
471
472 static void
473 skipjack_encrypt(void *key, u_int8_t *blk)
474 {
475 skipjack_forwards(blk, blk, (u_int8_t **) key);
476 }
477
478 static void
479 skipjack_decrypt(void *key, u_int8_t *blk)
480 {
481 skipjack_backwards(blk, blk, (u_int8_t **) key);
482 }
483
484 static int
485 skipjack_setkey(u_int8_t **sched, const u_int8_t *key, int len)
486 {
487 int err;
488
489 /* NB: allocate all the memory that's needed at once */
490 /* XXX assumes bytes are aligned on sizeof(u_char) == 1 boundaries.
491 * Will this break a pdp-10, Cray-1, or GE-645 port?
492 */
493 MALLOC(*sched, u_int8_t *, 10 * (sizeof(u_int8_t *) + 0x100),
494 M_CRYPTO_DATA, M_NOWAIT|M_ZERO);
495
496 if (*sched != NULL) {
497
498 u_int8_t** key_tables = (u_int8_t**) *sched;
499 u_int8_t* table = (u_int8_t*) &key_tables[10];
500 int k;
501
502 for (k = 0; k < 10; k++) {
503 key_tables[k] = table;
504 table += 0x100;
505 }
506 subkey_table_gen(key, (u_int8_t **) *sched);
507 err = 0;
508 } else
509 err = ENOMEM;
510 return err;
511 }
512
513 static void
514 skipjack_zerokey(u_int8_t **sched)
515 {
516 bzero(*sched, 10 * (sizeof(u_int8_t *) + 0x100));
517 FREE(*sched, M_CRYPTO_DATA);
518 *sched = NULL;
519 }
520
521 static void
522 rijndael128_encrypt(void *key, u_int8_t *blk)
523 {
524 rijndael_encrypt((rijndael_ctx *) key, (u_char *) blk, (u_char *) blk);
525 }
526
527 static void
528 rijndael128_decrypt(void *key, u_int8_t *blk)
529 {
530 rijndael_decrypt((rijndael_ctx *) key, (u_char *) blk,
531 (u_char *) blk);
532 }
533
534 static int
535 rijndael128_setkey(u_int8_t **sched, const u_int8_t *key, int len)
536 {
537 int err;
538
539 MALLOC(*sched, u_int8_t *, sizeof(rijndael_ctx), M_CRYPTO_DATA,
540 M_NOWAIT|M_ZERO);
541 if (*sched != NULL) {
542 rijndael_set_key((rijndael_ctx *) *sched, key, len * 8);
543 err = 0;
544 } else
545 err = ENOMEM;
546 return err;
547 }
548
549 static void
550 rijndael128_zerokey(u_int8_t **sched)
551 {
552 bzero(*sched, sizeof(rijndael_ctx));
553 FREE(*sched, M_CRYPTO_DATA);
554 *sched = NULL;
555 }
556
557 /*
558 * And now for auth.
559 */
560
561 static void
562 null_init(void *ctx)
563 {
564 }
565
566 static int
567 null_update(void *ctx, const u_int8_t *buf,
568 u_int16_t len)
569 {
570 return 0;
571 }
572
573 static void
574 null_final(u_int8_t *buf, void *ctx)
575 {
576 if (buf != (u_int8_t *) 0)
577 bzero(buf, 12);
578 }
579
580 static int
581 RMD160Update_int(void *ctx, const u_int8_t *buf, u_int16_t len)
582 {
583 RMD160Update(ctx, buf, len);
584 return 0;
585 }
586
587 static int
588 MD5Update_int(void *ctx, const u_int8_t *buf, u_int16_t len)
589 {
590 MD5Update(ctx, buf, len);
591 return 0;
592 }
593
594 static void
595 SHA1Init_int(void *ctx)
596 {
597 SHA1Init(ctx);
598 }
599
600 static int
601 SHA1Update_int(void *ctx, const u_int8_t *buf, u_int16_t len)
602 {
603 SHA1Update(ctx, buf, len);
604 return 0;
605 }
606
607 static void
608 SHA1Final_int(u_int8_t *blk, void *ctx)
609 {
610 SHA1Final(blk, ctx);
611 }
612
613 static int
614 SHA256Update_int(void *ctx, const u_int8_t *buf, u_int16_t len)
615 {
616 SHA256_Update(ctx, buf, len);
617 return 0;
618 }
619
620 static int
621 SHA384Update_int(void *ctx, const u_int8_t *buf, u_int16_t len)
622 {
623 SHA384_Update(ctx, buf, len);
624 return 0;
625 }
626
627 static int
628 SHA512Update_int(void *ctx, const u_int8_t *buf, u_int16_t len)
629 {
630 SHA512_Update(ctx, buf, len);
631 return 0;
632 }
633
634 /*
635 * And compression
636 */
637
638 static u_int32_t
639 deflate_compress(data, size, out)
640 u_int8_t *data;
641 u_int32_t size;
642 u_int8_t **out;
643 {
644 return deflate_global(data, size, 0, out);
645 }
646
647 static u_int32_t
648 deflate_decompress(data, size, out)
649 u_int8_t *data;
650 u_int32_t size;
651 u_int8_t **out;
652 {
653 return deflate_global(data, size, 1, out);
654 }
655
656 static u_int32_t
657 gzip_compress(u_int8_t *data, u_int32_t size, u_int8_t **out)
658 {
659 return gzip_global(data, size, 0, out);
660 }
661
662 static u_int32_t
663 gzip_decompress(u_int8_t *data, u_int32_t size, u_int8_t **out)
664 {
665 return gzip_global(data, size, 1, out);
666 }
Cache object: 6d5461baeb75a3782726c22b41be0dfe
|